From 9556ea360901e80b9da67bcd806dae7907346e61 Mon Sep 17 00:00:00 2001 From: Martin Guibert Date: Fri, 5 Aug 2022 16:50:48 +0200 Subject: [PATCH] fea: transform alert from enum lib into diagnostic --- enumeration/alerter/alert.go | 15 +++++- enumeration/diagnostic.go | 12 ----- enumeration/diagnostic/diagnostic.go | 54 +++++++++++++++++++ enumeration/enum.go | 3 +- enumeration/enumerator/cloud_enumerator.go | 11 ++-- enumeration/refresh.go | 3 +- enumeration/remote/alerts/alerts.go | 19 ++++++- .../aws/sns_topic_subscription_enumerator.go | 4 ++ pkg/analyser/analyzer.go | 8 +++ pkg/iac/terraform/state/alerts.go | 10 +++- 10 files changed, 118 insertions(+), 21 deletions(-) delete mode 100644 enumeration/diagnostic.go create mode 100644 enumeration/diagnostic/diagnostic.go diff --git a/enumeration/alerter/alert.go b/enumeration/alerter/alert.go index 5cb121ac5..32ce075a2 100644 --- a/enumeration/alerter/alert.go +++ b/enumeration/alerter/alert.go @@ -1,12 +1,17 @@ package alerter -import "encoding/json" +import ( + "encoding/json" + + "github.com/snyk/driftctl/enumeration/resource" +) type Alerts map[string][]Alert type Alert interface { Message() string ShouldIgnoreResource() bool + Resource() *resource.Resource } type FakeAlert struct { @@ -22,6 +27,10 @@ func (f *FakeAlert) ShouldIgnoreResource() bool { return f.IgnoreResource } +func (f *FakeAlert) Resource() *resource.Resource { + return nil +} + type SerializableAlert struct { Alert } @@ -38,6 +47,10 @@ func (u *SerializedAlert) ShouldIgnoreResource() bool { return false } +func (s *SerializedAlert) Resource() *resource.Resource { + return nil +} + func (s *SerializableAlert) UnmarshalJSON(bytes []byte) error { var res SerializedAlert diff --git a/enumeration/diagnostic.go b/enumeration/diagnostic.go deleted file mode 100644 index 2e6771f87..000000000 --- a/enumeration/diagnostic.go +++ /dev/null @@ -1,12 +0,0 @@ -package enumeration - -import "github.com/snyk/driftctl/enumeration/resource" - -type Diagnostic interface { - Code() string - Message() string - ResourceType() string - Resource() *resource.Resource -} - -type Diagnostics []Diagnostic diff --git a/enumeration/diagnostic/diagnostic.go b/enumeration/diagnostic/diagnostic.go new file mode 100644 index 000000000..fd9ded421 --- /dev/null +++ b/enumeration/diagnostic/diagnostic.go @@ -0,0 +1,54 @@ +package diagnostic + +import ( + "github.com/snyk/driftctl/enumeration/alerter" + "github.com/snyk/driftctl/enumeration/remote/alerts" + "github.com/snyk/driftctl/enumeration/resource" +) + +type Diagnostic interface { + Code() string + Message() string + ResourceType() string + Resource() *resource.Resource +} + +type diagnosticImpl struct { + alert alerter.Alert +} + +func (d *diagnosticImpl) Code() string { + if _, ok := d.alert.(*alerts.RemoteAccessDeniedAlert); ok { + return "ACCESS_DENIED" + } + return "NOT_IMPLEMENTED" +} + +func (d *diagnosticImpl) Message() string { + return d.alert.Message() +} + +func (d *diagnosticImpl) ResourceType() string { + ty := "" + if d.Resource() != nil { + ty = d.Resource().ResourceType() + } + return ty +} + +func (d *diagnosticImpl) Resource() *resource.Resource { + return d.alert.Resource() +} + +type Diagnostics []Diagnostic + +func FromAlerts(alertMap alerter.Alerts) Diagnostics { + var results Diagnostics + for _, v := range alertMap { + for _, alert := range v { + diag := &diagnosticImpl{alert} + results = append(results, diag) + } + } + return results +} diff --git a/enumeration/enum.go b/enumeration/enum.go index 3b5c48d4b..5da037bee 100644 --- a/enumeration/enum.go +++ b/enumeration/enum.go @@ -3,6 +3,7 @@ package enumeration import ( "time" + "github.com/snyk/driftctl/enumeration/diagnostic" "github.com/snyk/driftctl/enumeration/resource" ) @@ -24,7 +25,7 @@ type EnumerateOutput struct { // If the diagnostic is associated with a resource type, the ResourceType() // call will indicate which type. If associated with a resource, the Resource() // call will indicate which resource. - Diagnostics Diagnostics + Diagnostics diagnostic.Diagnostics } type Enumerator interface { diff --git a/enumeration/enumerator/cloud_enumerator.go b/enumeration/enumerator/cloud_enumerator.go index 0aebd85ac..1e720ca7d 100644 --- a/enumeration/enumerator/cloud_enumerator.go +++ b/enumeration/enumerator/cloud_enumerator.go @@ -6,10 +6,10 @@ import ( "os" "sync" - "github.com/snyk/driftctl/enumeration" - "github.com/sirupsen/logrus" + "github.com/snyk/driftctl/enumeration" "github.com/snyk/driftctl/enumeration/alerter" + "github.com/snyk/driftctl/enumeration/diagnostic" "github.com/snyk/driftctl/enumeration/parallel" "github.com/snyk/driftctl/enumeration/remote" "github.com/snyk/driftctl/enumeration/remote/common" @@ -135,10 +135,12 @@ func (e *CloudEnumerator) Enumerate(input *enumeration.EnumerateInput) (*enumera mapRes := mapByType(results) + diagnostics := diagnostic.FromAlerts(e.alerter.Alerts()) + return &enumeration.EnumerateOutput{ Resources: mapRes, Timings: nil, - Diagnostics: nil, + Diagnostics: diagnostics, }, nil } @@ -170,10 +172,11 @@ func (e *CloudEnumerator) Refresh(input *enumeration.RefreshInput) (*enumeration } mapRes := mapByType(results) + diagnostics := diagnostic.FromAlerts(e.alerter.Alerts()) return &enumeration.RefreshOutput{ Resources: mapRes, - Diagnostics: nil, + Diagnostics: diagnostics, }, nil } diff --git a/enumeration/refresh.go b/enumeration/refresh.go index d3b5b9e27..216ae410d 100644 --- a/enumeration/refresh.go +++ b/enumeration/refresh.go @@ -2,6 +2,7 @@ package enumeration import ( "github.com/hashicorp/terraform/terraform" + "github.com/snyk/driftctl/enumeration/diagnostic" "github.com/snyk/driftctl/enumeration/resource" ) @@ -12,7 +13,7 @@ type RefreshInput struct { type RefreshOutput struct { Resources map[string][]*resource.Resource - Diagnostics Diagnostics + Diagnostics diagnostic.Diagnostics } type GetSchemasOutput struct { diff --git a/enumeration/remote/alerts/alerts.go b/enumeration/remote/alerts/alerts.go index 180369aaf..1e3ebc4f4 100644 --- a/enumeration/remote/alerts/alerts.go +++ b/enumeration/remote/alerts/alerts.go @@ -2,10 +2,12 @@ package alerts import ( "fmt" + "strings" "github.com/snyk/driftctl/enumeration/alerter" "github.com/snyk/driftctl/enumeration/remote/common" remoteerror "github.com/snyk/driftctl/enumeration/remote/error" + "github.com/snyk/driftctl/enumeration/resource" "github.com/sirupsen/logrus" ) @@ -21,6 +23,7 @@ type RemoteAccessDeniedAlert struct { message string provider string scanningPhase ScanningPhase + resource *resource.Resource } func NewRemoteAccessDeniedAlert(provider string, scanErr *remoteerror.ResourceScanningError, scanningPhase ScanningPhase) *RemoteAccessDeniedAlert { @@ -47,7 +50,17 @@ func NewRemoteAccessDeniedAlert(provider string, scanErr *remoteerror.ResourceSc scanErr.RootCause().Error(), ) } - return &RemoteAccessDeniedAlert{message, provider, scanningPhase} + + var relatedResource *resource.Resource + resourceFQDNSSplit := strings.SplitN(scanErr.Resource(), ".", 2) + if len(resourceFQDNSSplit) == 2 { + relatedResource = &resource.Resource{ + Id: resourceFQDNSSplit[1], + Type: resourceFQDNSSplit[0], + } + } + + return &RemoteAccessDeniedAlert{message, provider, scanningPhase, relatedResource} } func (e *RemoteAccessDeniedAlert) Message() string { @@ -58,6 +71,10 @@ func (e *RemoteAccessDeniedAlert) ShouldIgnoreResource() bool { return true } +func (e *RemoteAccessDeniedAlert) Resource() *resource.Resource { + return e.resource +} + func (e *RemoteAccessDeniedAlert) GetProviderMessage() string { var message string if e.scanningPhase == DetailsFetchingPhase { diff --git a/enumeration/remote/aws/sns_topic_subscription_enumerator.go b/enumeration/remote/aws/sns_topic_subscription_enumerator.go index 8fdd3c4f6..ee64eae71 100644 --- a/enumeration/remote/aws/sns_topic_subscription_enumerator.go +++ b/enumeration/remote/aws/sns_topic_subscription_enumerator.go @@ -33,6 +33,10 @@ func (p *wrongArnTopicAlert) ShouldIgnoreResource() bool { return false } +func (p *wrongArnTopicAlert) Resource() *resource.Resource { + return nil +} + type SNSTopicSubscriptionEnumerator struct { repository repository.SNSRepository factory resource.ResourceFactory diff --git a/pkg/analyser/analyzer.go b/pkg/analyser/analyzer.go index d26f45763..fae7a2615 100644 --- a/pkg/analyser/analyzer.go +++ b/pkg/analyser/analyzer.go @@ -23,6 +23,10 @@ func (u *UnmanagedSecurityGroupRulesAlert) ShouldIgnoreResource() bool { return false } +func (u *UnmanagedSecurityGroupRulesAlert) Resource() *resource.Resource { + return nil +} + type ComputedDiffAlert struct{} func NewComputedDiffAlert() *ComputedDiffAlert { @@ -37,6 +41,10 @@ func (c *ComputedDiffAlert) ShouldIgnoreResource() bool { return false } +func (c *ComputedDiffAlert) Resource() *resource.Resource { + return nil +} + type AnalyzerOptions struct { Deep bool `json:"deep"` OnlyManaged bool `json:"only_managed"` diff --git a/pkg/iac/terraform/state/alerts.go b/pkg/iac/terraform/state/alerts.go index c23f9135b..e50b56971 100644 --- a/pkg/iac/terraform/state/alerts.go +++ b/pkg/iac/terraform/state/alerts.go @@ -1,6 +1,10 @@ package state -import "fmt" +import ( + "fmt" + + "github.com/snyk/driftctl/enumeration/resource" +) type StateReadingAlert struct { key string @@ -18,3 +22,7 @@ func (s *StateReadingAlert) Message() string { func (s *StateReadingAlert) ShouldIgnoreResource() bool { return false } + +func (s *StateReadingAlert) Resource() *resource.Resource { + return nil +}