service/ec2: updates to pass semgrep rule prefer-aws-go-sdk-pointer-conversion-assignment

.semgrep.yml

@@ -45,8 +45,6 @@ rules:
     paths:
       include:
         - internal/service
-      exclude:
-        - internal/service/ec2
     patterns:
       - pattern: '$LHS = *$RHS'
       - pattern-not: '*$LHS2 = *$RHS'

internal/service/ec2/ec2_eip.go

@@ -281,7 +281,7 @@ func resourceEIPRead(d *schema.ResourceData, meta interface{}) error {
 		d.Set("network_interface", "")
 	}
 
-	region := *conn.Config.Region
+	region := aws.StringValue(conn.Config.Region)
 	d.Set("private_ip", address.PrivateIpAddress)
 	if address.PrivateIpAddress != nil {
 		d.Set("private_dns", fmt.Sprintf("ip-%s.%s", ConvertIPToDashIP(*address.PrivateIpAddress), RegionalPrivateDNSSuffix(region)))

internal/service/ec2/ec2_instance.go

@@ -999,12 +999,12 @@ func resourceInstanceRead(d *schema.ResourceData, meta interface{}) error {
 	var secondaryPrivateIPs []string
 	var ipv6Addresses []string
 	if len(instance.NetworkInterfaces) > 0 {
-		var primaryNetworkInterface ec2.InstanceNetworkInterface
+		var primaryNetworkInterface *ec2.InstanceNetworkInterface
 		var networkInterfaces []map[string]interface{}
 		for _, iNi := range instance.NetworkInterfaces {
 			ni := make(map[string]interface{})
 			if aws.Int64Value(iNi.Attachment.DeviceIndex) == 0 {
-				primaryNetworkInterface = *iNi
+				primaryNetworkInterface = iNi
 			}
 			// If the attached network device is inside our configuration, refresh state with values found.
 			// Otherwise, assume the network device was attached via an outside resource.
@@ -1029,27 +1029,29 @@ func resourceInstanceRead(d *schema.ResourceData, meta interface{}) error {
 		// Set primary network interface details
 		// If an instance is shutting down, network interfaces are detached, and attributes may be nil,
 		// need to protect against nil pointer dereferences
-		if primaryNetworkInterface.SubnetId != nil {
-			d.Set("subnet_id", primaryNetworkInterface.SubnetId)
-		}
-		if primaryNetworkInterface.NetworkInterfaceId != nil {
-			d.Set("primary_network_interface_id", primaryNetworkInterface.NetworkInterfaceId)
-		}
-		d.Set("ipv6_address_count", len(primaryNetworkInterface.Ipv6Addresses))
-		if primaryNetworkInterface.SourceDestCheck != nil {
-			d.Set("source_dest_check", primaryNetworkInterface.SourceDestCheck)
-		}
+		if primaryNetworkInterface != nil {
+			if primaryNetworkInterface.SubnetId != nil {
+				d.Set("subnet_id", primaryNetworkInterface.SubnetId)
+			}
+			if primaryNetworkInterface.NetworkInterfaceId != nil {
+				d.Set("primary_network_interface_id", primaryNetworkInterface.NetworkInterfaceId)
+			}
+			d.Set("ipv6_address_count", len(primaryNetworkInterface.Ipv6Addresses))
+			if primaryNetworkInterface.SourceDestCheck != nil {
+				d.Set("source_dest_check", primaryNetworkInterface.SourceDestCheck)
+			}
 
-		d.Set("associate_public_ip_address", primaryNetworkInterface.Association != nil)
+			d.Set("associate_public_ip_address", primaryNetworkInterface.Association != nil)
 
-		for _, address := range primaryNetworkInterface.PrivateIpAddresses {
-			if !aws.BoolValue(address.Primary) {
-				secondaryPrivateIPs = append(secondaryPrivateIPs, aws.StringValue(address.PrivateIpAddress))
+			for _, address := range primaryNetworkInterface.PrivateIpAddresses {
+				if !aws.BoolValue(address.Primary) {
+					secondaryPrivateIPs = append(secondaryPrivateIPs, aws.StringValue(address.PrivateIpAddress))
+				}
 			}
-		}
 
-		for _, address := range primaryNetworkInterface.Ipv6Addresses {
-			ipv6Addresses = append(ipv6Addresses, aws.StringValue(address.Ipv6Address))
+			for _, address := range primaryNetworkInterface.Ipv6Addresses {
+				ipv6Addresses = append(ipv6Addresses, aws.StringValue(address.Ipv6Address))
+			}
 		}
 
 	} else {
@@ -1357,15 +1359,15 @@ func resourceInstanceUpdate(d *schema.ResourceData, meta interface{}) error {
 			return fmt.Errorf("reading EC2 Instance (%s): %w", d.Id(), err)
 		}
 
-		var primaryInterface ec2.InstanceNetworkInterface
+		var primaryInterface *ec2.InstanceNetworkInterface
 		for _, ni := range instance.NetworkInterfaces {
 			if aws.Int64Value(ni.Attachment.DeviceIndex) == 0 {
-				primaryInterface = *ni
+				primaryInterface = ni
 			}
 		}
 
 		if d.HasChange("secondary_private_ips") {
-			if primaryInterface.NetworkInterfaceId == nil {
+			if primaryInterface == nil || primaryInterface.NetworkInterfaceId == nil {
 				return fmt.Errorf("Failed to update secondary_private_ips on %q, which does not contain a primary network interface",
 					d.Id())
 			}

internal/service/ec2/ec2_spot_datafeed_subscription.go

@@ -72,7 +72,7 @@ func resourceSpotDataFeedSubscriptionRead(d *schema.ResourceData, meta interface
 		return fmt.Errorf("error describing Spot Datafeed Subscription (%s): %w", d.Id(), err)
 	}
 
-	if resp == nil {
+	if resp == nil || resp.SpotDatafeedSubscription == nil {
 		if d.IsNewResource() {
 			return fmt.Errorf("error describing Spot Datafeed Subscription (%s): empty output after creation", d.Id())
 		}
@@ -81,7 +81,7 @@ func resourceSpotDataFeedSubscriptionRead(d *schema.ResourceData, meta interface
 		return nil
 	}
 
-	subscription := *resp.SpotDatafeedSubscription
+	subscription := resp.SpotDatafeedSubscription
 	d.Set("bucket", subscription.Bucket)
 	d.Set("prefix", subscription.Prefix)
 

internal/service/ec2/ec2_spot_instance_request.go

@@ -231,7 +231,7 @@ func resourceSpotInstanceRequestCreate(d *schema.ResourceData, meta interface{})
 			"Expected response with length 1, got: %s", resp)
 	}
 
-	sir := *resp.SpotInstanceRequests[0]
+	sir := resp.SpotInstanceRequests[0]
 	d.SetId(aws.StringValue(sir.SpotInstanceRequestId))
 
 	if d.Get("wait_for_fulfillment").(bool) {
@@ -425,9 +425,7 @@ func resourceSpotInstanceRequestDelete(d *schema.ResourceData, meta interface{})
 
 // SpotInstanceStateRefreshFunc returns a resource.StateRefreshFunc that is used to watch
 // an EC2 spot instance request
-func SpotInstanceStateRefreshFunc(
-	conn *ec2.EC2, sir ec2.SpotInstanceRequest) resource.StateRefreshFunc {
-
+func SpotInstanceStateRefreshFunc(conn *ec2.EC2, sir *ec2.SpotInstanceRequest) resource.StateRefreshFunc {
 	return func() (interface{}, string, error) {
 		resp, err := conn.DescribeSpotInstanceRequests(&ec2.DescribeSpotInstanceRequestsInput{
 			SpotInstanceRequestIds: []*string{sir.SpotInstanceRequestId},

internal/service/ec2/flex.go

@@ -13,7 +13,7 @@ import (
 func FlattenGroupIdentifiers(dtos []*ec2.GroupIdentifier) []string {
 	ids := make([]string, 0, len(dtos))
 	for _, v := range dtos {
-		group_id := *v.GroupId
+		group_id := aws.StringValue(v.GroupId)
 		ids = append(ids, group_id)
 	}
 	return ids

internal/service/ec2/vpc_route_table_data_source.go

@@ -279,47 +279,47 @@ func dataSourceRoutesRead(conn *ec2.EC2, ec2Routes []*ec2.Route) []map[string]in
 		m := make(map[string]interface{})
 
 		if r.DestinationCidrBlock != nil {
-			m["cidr_block"] = *r.DestinationCidrBlock
+			m["cidr_block"] = aws.StringValue(r.DestinationCidrBlock)
 		}
 		if r.DestinationIpv6CidrBlock != nil {
-			m["ipv6_cidr_block"] = *r.DestinationIpv6CidrBlock
+			m["ipv6_cidr_block"] = aws.StringValue(r.DestinationIpv6CidrBlock)
 		}
 		if r.DestinationPrefixListId != nil {
-			m["destination_prefix_list_id"] = *r.DestinationPrefixListId
+			m["destination_prefix_list_id"] = aws.StringValue(r.DestinationPrefixListId)
 		}
 		if r.CarrierGatewayId != nil {
-			m["carrier_gateway_id"] = *r.CarrierGatewayId
+			m["carrier_gateway_id"] = aws.StringValue(r.CarrierGatewayId)
 		}
 		if r.CoreNetworkArn != nil {
-			m["core_network_arn"] = *r.CoreNetworkArn
+			m["core_network_arn"] = aws.StringValue(r.CoreNetworkArn)
 		}
 		if r.EgressOnlyInternetGatewayId != nil {
-			m["egress_only_gateway_id"] = *r.EgressOnlyInternetGatewayId
+			m["egress_only_gateway_id"] = aws.StringValue(r.EgressOnlyInternetGatewayId)
 		}
 		if r.GatewayId != nil {
 			if strings.HasPrefix(*r.GatewayId, "vpce-") {
-				m["vpc_endpoint_id"] = *r.GatewayId
+				m["vpc_endpoint_id"] = aws.StringValue(r.GatewayId)
 			} else {
-				m["gateway_id"] = *r.GatewayId
+				m["gateway_id"] = aws.StringValue(r.GatewayId)
 			}
 		}
 		if r.NatGatewayId != nil {
-			m["nat_gateway_id"] = *r.NatGatewayId
+			m["nat_gateway_id"] = aws.StringValue(r.NatGatewayId)
 		}
 		if r.LocalGatewayId != nil {
-			m["local_gateway_id"] = *r.LocalGatewayId
+			m["local_gateway_id"] = aws.StringValue(r.LocalGatewayId)
 		}
 		if r.InstanceId != nil {
-			m["instance_id"] = *r.InstanceId
+			m["instance_id"] = aws.StringValue(r.InstanceId)
 		}
 		if r.TransitGatewayId != nil {
-			m["transit_gateway_id"] = *r.TransitGatewayId
+			m["transit_gateway_id"] = aws.StringValue(r.TransitGatewayId)
 		}
 		if r.VpcPeeringConnectionId != nil {
-			m["vpc_peering_connection_id"] = *r.VpcPeeringConnectionId
+			m["vpc_peering_connection_id"] = aws.StringValue(r.VpcPeeringConnectionId)
 		}
 		if r.NetworkInterfaceId != nil {
-			m["network_interface_id"] = *r.NetworkInterfaceId
+			m["network_interface_id"] = aws.StringValue(r.NetworkInterfaceId)
 		}
 
 		routes = append(routes, m)
@@ -333,16 +333,16 @@ func dataSourceAssociationsRead(ec2Assocations []*ec2.RouteTableAssociation) []m
 	for _, a := range ec2Assocations {
 
 		m := make(map[string]interface{})
-		m["route_table_id"] = *a.RouteTableId
-		m["route_table_association_id"] = *a.RouteTableAssociationId
+		m["route_table_id"] = aws.StringValue(a.RouteTableId)
+		m["route_table_association_id"] = aws.StringValue(a.RouteTableAssociationId)
 		// GH[11134]
 		if a.SubnetId != nil {
-			m["subnet_id"] = *a.SubnetId
+			m["subnet_id"] = aws.StringValue(a.SubnetId)
 		}
 		if a.GatewayId != nil {
-			m["gateway_id"] = *a.GatewayId
+			m["gateway_id"] = aws.StringValue(a.GatewayId)
 		}
-		m["main"] = *a.Main
+		m["main"] = aws.BoolValue(a.Main)
 		associations = append(associations, m)
 	}
 	return associations

internal/service/ec2/vpc_security_group.go

@@ -1400,18 +1400,18 @@ func deleteLingeringLambdaENIs(conn *ec2.EC2, filterName, resourceId string, tim
 func initSecurityGroupRule(ruleMap map[string]map[string]interface{}, perm *ec2.IpPermission, desc string) map[string]interface{} {
 	var fromPort, toPort int64
 	if v := perm.FromPort; v != nil {
-		fromPort = *v
+		fromPort = aws.Int64Value(v)
 	}
 	if v := perm.ToPort; v != nil {
-		toPort = *v
+		toPort = aws.Int64Value(v)
 	}
 	k := fmt.Sprintf("%s-%d-%d-%s", *perm.IpProtocol, fromPort, toPort, desc)
 	rule, ok := ruleMap[k]
 	if !ok {
 		rule = make(map[string]interface{})
 		ruleMap[k] = rule
 	}
-	rule["protocol"] = *perm.IpProtocol
+	rule["protocol"] = aws.StringValue(perm.IpProtocol)
 	rule["from_port"] = fromPort
 	rule["to_port"] = toPort
 	if desc != "" {

internal/service/ec2/vpc_security_group_rule.go

@@ -529,7 +529,7 @@ func IPPermissionIDHash(sg_id, ruleType string, ip *ec2.IpPermission) string {
 	if len(ip.IpRanges) > 0 {
 		s := make([]string, len(ip.IpRanges))
 		for i, r := range ip.IpRanges {
-			s[i] = *r.CidrIp
+			s[i] = aws.StringValue(r.CidrIp)
 		}
 		sort.Strings(s)
 
@@ -541,7 +541,7 @@ func IPPermissionIDHash(sg_id, ruleType string, ip *ec2.IpPermission) string {
 	if len(ip.Ipv6Ranges) > 0 {
 		s := make([]string, len(ip.Ipv6Ranges))
 		for i, r := range ip.Ipv6Ranges {
-			s[i] = *r.CidrIpv6
+			s[i] = aws.StringValue(r.CidrIpv6)
 		}
 		sort.Strings(s)
 
@@ -553,7 +553,7 @@ func IPPermissionIDHash(sg_id, ruleType string, ip *ec2.IpPermission) string {
 	if len(ip.PrefixListIds) > 0 {
 		s := make([]string, len(ip.PrefixListIds))
 		for i, pl := range ip.PrefixListIds {
-			s[i] = *pl.PrefixListId
+			s[i] = aws.StringValue(pl.PrefixListId)
 		}
 		sort.Strings(s)