Skip to content

Commit

Permalink
Merge pull request #404 from cloudskiff/fix/awsRouteExpander
Browse files Browse the repository at this point in the history 
Fix false positive on aws_route resources
  • Loading branch information
@sundowndev
sundowndev authored Apr 7, 2021
2 parents 589c908 + 0e001f2 commit 07b7712
Show file tree
Hide file tree
Showing 2 changed files with 171 additions and 4 deletions.
30 changes: 26 additions & 4 deletions pkg/middlewares/aws_route_table_expander.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -56,9 +56,9 @@ func (m AwsRouteTableExpander) Execute(remoteResources, resourcesFromState *[]re

var err error
if isDefault {
err = m.handleDefaultTable(defaultTable, &newList)
err = m.handleDefaultTable(defaultTable, &newList, *resourcesFromState)
} else {
err = m.handleTable(table, &newList)
err = m.handleTable(table, &newList, *resourcesFromState)
}

if err != nil {
Expand All @@ -69,7 +69,7 @@ func (m AwsRouteTableExpander) Execute(remoteResources, resourcesFromState *[]re
return nil
}

func (m *AwsRouteTableExpander) handleTable(table *aws.AwsRouteTable, results *[]resource.Resource) error {
func (m *AwsRouteTableExpander) handleTable(table *aws.AwsRouteTable, results *[]resource.Resource, resourcesFromState []resource.Resource) error {
if table.Route == nil ||
len(*table.Route) < 1 {
return nil
Expand All @@ -80,6 +80,12 @@ func (m *AwsRouteTableExpander) handleTable(table *aws.AwsRouteTable, results *[
m.alerter.SendAlert(aws.AwsRouteTableResourceType, newInvalidRouteAlert(aws.AwsRouteTableResourceType, table.Id))
continue
}

// Don't expand if the route already exists as a dedicated resource
if m.routeExists(routeId, resourcesFromState) {
continue
}

newRouteFromTable := &aws.AwsRoute{
DestinationCidrBlock: route.CidrBlock,
DestinationIpv6CidrBlock: route.Ipv6CidrBlock,
Expand Down Expand Up @@ -114,7 +120,7 @@ func (m *AwsRouteTableExpander) handleTable(table *aws.AwsRouteTable, results *[
return nil
}

func (m *AwsRouteTableExpander) handleDefaultTable(table *aws.AwsDefaultRouteTable, results *[]resource.Resource) error {
func (m *AwsRouteTableExpander) handleDefaultTable(table *aws.AwsDefaultRouteTable, results *[]resource.Resource, resourcesFromState []resource.Resource) error {
if table.Route == nil ||
len(*table.Route) < 1 {
return nil
Expand All @@ -125,6 +131,12 @@ func (m *AwsRouteTableExpander) handleDefaultTable(table *aws.AwsDefaultRouteTab
m.alerter.SendAlert(aws.AwsDefaultRouteTableResourceType, newInvalidRouteAlert(aws.AwsDefaultRouteTableResourceType, table.Id))
continue
}

// Don't expand if the route already exists as a dedicated resource
if m.routeExists(routeId, resourcesFromState) {
continue
}

newRouteFromTable := &aws.AwsRoute{
DestinationCidrBlock: route.CidrBlock,
DestinationIpv6CidrBlock: route.Ipv6CidrBlock,
Expand Down Expand Up @@ -157,3 +169,13 @@ func (m *AwsRouteTableExpander) handleDefaultTable(table *aws.AwsDefaultRouteTab

return nil
}

func (m *AwsRouteTableExpander) routeExists(routeId string, resourcesFromState []resource.Resource) bool {
for _, res := range resourcesFromState {
if res.TerraformType() == aws.AwsRouteResourceType && res.TerraformId() == routeId {
return true
}
}

return false
}
145 changes: 145 additions & 0 deletions pkg/middlewares/aws_route_table_expander_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -187,6 +187,151 @@ func TestAwsRouteTableExpander_Execute(t *testing.T) {
},
},
},
{
"test routes are expanded from default route tables except when they already exist",
[]resource.Resource{
&resource2.FakeResource{
Id: "fake_resource",
},
&aws.AwsRoute{
Id: "r-default_route_table_from_state2750132062",
RouteTableId: awssdk.String("default_route_table_from_state"),
DestinationIpv6CidrBlock: awssdk.String("::/0"),
GatewayId: awssdk.String("igw-07b7844a8fd17a638"),
Origin: awssdk.String("CreateRoute"),
State: awssdk.String("active"),
DestinationPrefixListId: awssdk.String(""),
InstanceOwnerId: awssdk.String(""),
},
&aws.AwsDefaultRouteTable{
Id: "default_route_table_from_state",
Route: &[]struct {
CidrBlock *string `cty:"cidr_block"`
EgressOnlyGatewayId *string `cty:"egress_only_gateway_id"`
GatewayId *string `cty:"gateway_id"`
InstanceId *string `cty:"instance_id"`
Ipv6CidrBlock *string `cty:"ipv6_cidr_block"`
NatGatewayId *string `cty:"nat_gateway_id"`
NetworkInterfaceId *string `cty:"network_interface_id"`
TransitGatewayId *string `cty:"transit_gateway_id"`
VpcEndpointId *string `cty:"vpc_endpoint_id"`
VpcPeeringConnectionId *string `cty:"vpc_peering_connection_id"`
}{
{
CidrBlock: awssdk.String("0.0.0.0/0"),
GatewayId: awssdk.String("igw-07b7844a8fd17a638"),
VpcEndpointId: awssdk.String(""),
},
{
GatewayId: awssdk.String("igw-07b7844a8fd17a638"),
Ipv6CidrBlock: awssdk.String("::/0"),
},
},
},
},
[]resource.Resource{
&resource2.FakeResource{
Id: "fake_resource",
},
&aws.AwsDefaultRouteTable{
Id: "default_route_table_from_state",
Route: nil,
},
&aws.AwsRoute{
Id: "r-default_route_table_from_state1080289494",
RouteTableId: awssdk.String("default_route_table_from_state"),
DestinationCidrBlock: awssdk.String("0.0.0.0/0"),
GatewayId: awssdk.String("igw-07b7844a8fd17a638"),
Origin: awssdk.String("CreateRoute"),
State: awssdk.String("active"),
DestinationPrefixListId: awssdk.String(""),
InstanceOwnerId: awssdk.String(""),
},
&aws.AwsRoute{
Id: "r-default_route_table_from_state2750132062",
RouteTableId: awssdk.String("default_route_table_from_state"),
DestinationIpv6CidrBlock: awssdk.String("::/0"),
GatewayId: awssdk.String("igw-07b7844a8fd17a638"),
Origin: awssdk.String("CreateRoute"),
State: awssdk.String("active"),
DestinationPrefixListId: awssdk.String(""),
InstanceOwnerId: awssdk.String(""),
},
},
},
{
"test routes are expanded except when they already exist",
[]resource.Resource{
&resource2.FakeResource{
Id: "fake_resource",
},
&aws.AwsRoute{
Id: "r-table_from_state1080289494",
RouteTableId: awssdk.String("table_from_state"),
DestinationCidrBlock: awssdk.String("0.0.0.0/0"),
GatewayId: awssdk.String("igw-07b7844a8fd17a638"),
Origin: awssdk.String("CreateRoute"),
State: awssdk.String("active"),
DestinationPrefixListId: awssdk.String(""),
InstanceOwnerId: awssdk.String(""),
},
&aws.AwsRouteTable{
Id: "table_from_state",
Route: &[]struct {
CidrBlock *string `cty:"cidr_block"`
EgressOnlyGatewayId *string `cty:"egress_only_gateway_id"`
GatewayId *string `cty:"gateway_id"`
InstanceId *string `cty:"instance_id"`
Ipv6CidrBlock *string `cty:"ipv6_cidr_block"`
LocalGatewayId *string `cty:"local_gateway_id"`
NatGatewayId *string `cty:"nat_gateway_id"`
NetworkInterfaceId *string `cty:"network_interface_id"`
TransitGatewayId *string `cty:"transit_gateway_id"`
VpcEndpointId *string `cty:"vpc_endpoint_id"`
VpcPeeringConnectionId *string `cty:"vpc_peering_connection_id"`
}{
{
CidrBlock: awssdk.String("0.0.0.0/0"),
GatewayId: awssdk.String("igw-07b7844a8fd17a638"),
VpcEndpointId: awssdk.String(""),
},
{
GatewayId: awssdk.String("igw-07b7844a8fd17a638"),
Ipv6CidrBlock: awssdk.String("::/0"),
},
},
},
},
[]resource.Resource{
&resource2.FakeResource{
Id: "fake_resource",
},
&aws.AwsRouteTable{
Id: "table_from_state",
Route: nil,
},
&aws.AwsRoute{
Id: "r-table_from_state1080289494",
RouteTableId: awssdk.String("table_from_state"),
DestinationCidrBlock: awssdk.String("0.0.0.0/0"),
GatewayId: awssdk.String("igw-07b7844a8fd17a638"),
Origin: awssdk.String("CreateRoute"),
State: awssdk.String("active"),
DestinationPrefixListId: awssdk.String(""),
InstanceOwnerId: awssdk.String(""),
},
&aws.AwsRoute{
Id: "r-table_from_state2750132062",
RouteTableId: awssdk.String("table_from_state"),
DestinationIpv6CidrBlock: awssdk.String("::/0"),
GatewayId: awssdk.String("igw-07b7844a8fd17a638"),
Origin: awssdk.String("CreateRoute"),
State: awssdk.String("active"),
DestinationPrefixListId: awssdk.String(""),
InstanceOwnerId: awssdk.String(""),
},
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
Expand Down

0 comments on commit 07b7712

Please sign in to comment.