Documentation
¶
Index ¶
- type AwsApiGatewayApiExpander
- type AwsApiGatewayDeploymentExpander
- type AwsApiGatewayDomainNamesReconciler
- type AwsApiGatewayResourceExpander
- type AwsApiGatewayRestApiPolicyExpander
- type AwsBucketPolicyExpander
- type AwsConsoleApiGatewayGatewayResponse
- type AwsDefaultApiGatewayAccount
- type AwsDefaultInternetGateway
- type AwsDefaultInternetGatewayRoute
- type AwsDefaultNetworkACL
- type AwsDefaultNetworkACLRule
- type AwsDefaultRoute
- type AwsDefaultRouteTable
- type AwsDefaultSQSQueuePolicy
- type AwsDefaultSecurityGroupRule
- type AwsDefaultSubnet
- type AwsDefaultVPC
- type AwsDefaults
- type AwsInstanceBlockDeviceResourceMapper
- type AwsInstanceEIP
- type AwsNatGatewayEipAssoc
- type AwsNetworkACLExpander
- type AwsRDSClusterInstanceExpander
- type AwsRoleManagedPolicyExpander
- type AwsRouteTableExpander
- type AwsSNSTopicPolicyExpander
- type AwsSQSQueuePolicyExpander
- type AzurermRouteExpander
- type AzurermSubnetExpander
- type Chain
- type EipAssociationExpander
- type GoogleDefaultIAMMember
- type GoogleIAMBindingTransformer
- type GoogleLegacyBucketIAMMember
- type GoogleStorageBucketIAMPolicyTransformer
- type IamPolicyAttachmentExpander
- type IamPolicyAttachmentTransformer
- type Middleware
- type OpenAPIAwsExtensions
- type OpenAPIAwsMethodExtensions
- type Route53DefaultZoneRecordSanitizer
- type Route53RecordIDReconcilier
- type S3BucketAcl
- type TagsAllManager
- type VPCDefaultSecurityGroupSanitizer
- type VPCSecurityGroupRuleSanitizer
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type AwsApiGatewayApiExpander ¶ added in v0.19.0
type AwsApiGatewayApiExpander struct {
// contains filtered or unexported fields
}
Explodes the body attribute of api gateway apis v1|v2 to dedicated resources as per Terraform documentations (https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/api_gateway_rest_api) (https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/apigatewayv2_api)
func NewAwsApiGatewayApiExpander ¶ added in v0.19.0
func NewAwsApiGatewayApiExpander(resourceFactory resource.ResourceFactory) AwsApiGatewayApiExpander
type AwsApiGatewayDeploymentExpander ¶
type AwsApiGatewayDeploymentExpander struct {
// contains filtered or unexported fields
}
Create a aws_api_gateway_stage resource from a aws_api_gateway_deployment resource and ignore the latter resource since we don't support it
func NewAwsApiGatewayDeploymentExpander ¶
func NewAwsApiGatewayDeploymentExpander(resourceFactory resource.ResourceFactory) AwsApiGatewayDeploymentExpander
type AwsApiGatewayDomainNamesReconciler ¶ added in v0.19.0
type AwsApiGatewayDomainNamesReconciler struct{}
Used to reconcile API Gateway domain names (v1 and v2) from both remote and state resources because v1|v2 AWS SDK list endpoints return all domain names without distinction
func NewAwsApiGatewayDomainNamesReconciler ¶ added in v0.19.0
func NewAwsApiGatewayDomainNamesReconciler() AwsApiGatewayDomainNamesReconciler
type AwsApiGatewayResourceExpander ¶
type AwsApiGatewayResourceExpander struct {
// contains filtered or unexported fields
}
Explodes api gateway default resource found in aws_api_gateway_rest_api.root_resource_id from state resources to dedicated resources
func NewAwsApiGatewayResourceExpander ¶
func NewAwsApiGatewayResourceExpander(resourceFactory resource.ResourceFactory) AwsApiGatewayResourceExpander
type AwsApiGatewayRestApiPolicyExpander ¶
type AwsApiGatewayRestApiPolicyExpander struct {
// contains filtered or unexported fields
}
Explodes policy found in aws_api_gateway_rest_api.policy from state resources to dedicated resources
func NewAwsApiGatewayRestApiPolicyExpander ¶
func NewAwsApiGatewayRestApiPolicyExpander(resourceFactory resource.ResourceFactory) AwsApiGatewayRestApiPolicyExpander
type AwsBucketPolicyExpander ¶
type AwsBucketPolicyExpander struct {
// contains filtered or unexported fields
}
Explodes policy found in aws_s3_bucket.policy from state resources to dedicated resources
func NewAwsBucketPolicyExpander ¶
func NewAwsBucketPolicyExpander(resourceFactory resource.ResourceFactory) AwsBucketPolicyExpander
type AwsConsoleApiGatewayGatewayResponse ¶
type AwsConsoleApiGatewayGatewayResponse struct{}
Each API Gateway rest API has by design all the gateway responses available to edit in the console which result in useless noises (e.g. lots of unmanaged resources) by driftctl. This middleware ignores all console responses if not managed by IAC.
func NewAwsConsoleApiGatewayGatewayResponse ¶
func NewAwsConsoleApiGatewayGatewayResponse() AwsConsoleApiGatewayGatewayResponse
type AwsDefaultApiGatewayAccount ¶ added in v0.19.0
type AwsDefaultApiGatewayAccount struct{}
AwsDefaultApiGatewayAccount is a middleware that ignores the default API Gateway account resource in the current region.
func NewAwsDefaultApiGatewayAccount ¶ added in v0.19.0
func NewAwsDefaultApiGatewayAccount() AwsDefaultApiGatewayAccount
type AwsDefaultInternetGateway ¶
type AwsDefaultInternetGateway struct{}
Each default vpc has an internet gateway attached that should not be seen as unmanaged if not managed by IaC This middleware ignores default internet gateway from unmanaged resources if not managed by IaC
func NewAwsDefaultInternetGateway ¶
func NewAwsDefaultInternetGateway() AwsDefaultInternetGateway
type AwsDefaultInternetGatewayRoute ¶
type AwsDefaultInternetGatewayRoute struct{}
Each region has a default vpc which has an internet gateway attached and thus the route table of this same vpc has a default route (0.0.0.0/0) that should not be seen as unmanaged if not managed by IaC This middleware ignores the above route from unmanaged resources if not managed by IaC
func NewAwsDefaultInternetGatewayRoute ¶
func NewAwsDefaultInternetGatewayRoute() AwsDefaultInternetGatewayRoute
type AwsDefaultNetworkACL ¶
type AwsDefaultNetworkACL struct{}
Default network ACL should not be shown as unmanaged as they are present by default This middleware ignores default network ACL from unmanaged resources if they are not managed by IaC
func NewAwsDefaultNetworkACL ¶
func NewAwsDefaultNetworkACL() AwsDefaultNetworkACL
type AwsDefaultNetworkACLRule ¶
type AwsDefaultNetworkACLRule struct{}
Default network acl rules should not be shown as unmanaged as they are present by default This middleware ignores default network acl rules from unmanaged resources if they are not managed by IaC
func NewAwsDefaultNetworkACLRule ¶
func NewAwsDefaultNetworkACLRule() AwsDefaultNetworkACLRule
type AwsDefaultRoute ¶
type AwsDefaultRoute struct{}
Default routes should not be shown as unmanaged as they are present by default This middleware ignores default routes from unmanaged resources if they are not managed by IaC
func NewAwsDefaultRoute ¶
func NewAwsDefaultRoute() AwsDefaultRoute
type AwsDefaultRouteTable ¶
type AwsDefaultRouteTable struct{}
Default route table should not be shown as unmanaged as they are present by default This middleware ignores default route table from unmanaged resources if they are not managed by IaC
func NewAwsDefaultRouteTable ¶
func NewAwsDefaultRouteTable() AwsDefaultRouteTable
type AwsDefaultSQSQueuePolicy ¶
type AwsDefaultSQSQueuePolicy struct{}
SQS queues from AWS have a weird behaviour when we fetch them. By default they have a Policy attached with only an ID "arn:aws:sqs:eu-west-3:XXXXXXXXXXXX:foobar/SQSDefaultPolicy" but on fetch the SDK return an empty policy (e.g. policy = ""). We need to ignore those policy from unmanaged resources if they are not managed by IaC.
func NewAwsDefaultSQSQueuePolicy ¶
func NewAwsDefaultSQSQueuePolicy() AwsDefaultSQSQueuePolicy
type AwsDefaultSecurityGroupRule ¶
type AwsDefaultSecurityGroupRule struct{}
Remove default security group rules of the default security group from remote resources
func NewAwsDefaultSecurityGroupRule ¶
func NewAwsDefaultSecurityGroupRule() AwsDefaultSecurityGroupRule
type AwsDefaultSubnet ¶
type AwsDefaultSubnet struct{}
Default subnet should not be shown as unmanaged as they are present by default This middleware ignores default subnet from unmanaged resources if they are not managed by IaC
func NewAwsDefaultSubnet ¶
func NewAwsDefaultSubnet() AwsDefaultSubnet
type AwsDefaultVPC ¶
type AwsDefaultVPC struct{}
Default VPC should not be shown as unmanaged as they are present by default This middleware ignores default VPC from unmanaged resources if they are not managed by IaC
func NewAwsDefaultVPC ¶
func NewAwsDefaultVPC() AwsDefaultVPC
type AwsDefaults ¶
type AwsDefaults struct{}
AwsDefaults represents service-linked AWS resources When scanning a AWS account, some users may see irrelevant results about default AWS roles or role policies. We ignore these resources by default when strict mode is disabled.
func NewAwsDefaults ¶
func NewAwsDefaults() AwsDefaults
type AwsInstanceBlockDeviceResourceMapper ¶
type AwsInstanceBlockDeviceResourceMapper struct {
// contains filtered or unexported fields
}
Remove root_block_device from aws_instance resources and create dedicated aws_ebs_volume resources
func NewAwsInstanceBlockDeviceResourceMapper ¶
func NewAwsInstanceBlockDeviceResourceMapper(resourceFactory resource.ResourceFactory) AwsInstanceBlockDeviceResourceMapper
type AwsInstanceEIP ¶
type AwsInstanceEIP struct{}
type AwsNatGatewayEipAssoc ¶
type AwsNatGatewayEipAssoc struct{}
func NewAwsNatGatewayEipAssoc ¶
func NewAwsNatGatewayEipAssoc() AwsNatGatewayEipAssoc
func (AwsNatGatewayEipAssoc) Execute ¶
func (a AwsNatGatewayEipAssoc) Execute(remoteResources, _ *[]*resource.Resource) error
When creating a nat gateway, we associate an EIP to the gateway It implies that driftctl read a aws_eip_association resource from remote As we cannot use aws_eip_association in terraform to assign an eip to an aws_nat_gateway we should remove this association to ensure we do not output noise in unmanaged resources
type AwsNetworkACLExpander ¶
type AwsNetworkACLExpander struct {
// contains filtered or unexported fields
}
This middelware goal is to explode aws_network_acl ingress and egress block into a set of aws_network_acl_rule
func NewAwsNetworkACLExpander ¶
func NewAwsNetworkACLExpander(resourceFactory resource.ResourceFactory) AwsNetworkACLExpander
type AwsRDSClusterInstanceExpander ¶
type AwsRDSClusterInstanceExpander struct {
// contains filtered or unexported fields
}
AwsRDSClusterInstanceExpander search for cluster instances from state to import corresponding remote db instances. RDS cluster instance does not represent an actual AWS resource, so shouldn't be used for comparison.
func NewRDSClusterInstanceExpander ¶
func NewRDSClusterInstanceExpander(resourceFactory resource.ResourceFactory) AwsRDSClusterInstanceExpander
type AwsRoleManagedPolicyExpander ¶
type AwsRoleManagedPolicyExpander struct {
// contains filtered or unexported fields
}
func NewAwsRoleManagedPolicyExpander ¶
func NewAwsRoleManagedPolicyExpander(resourceFactory resource.ResourceFactory) *AwsRoleManagedPolicyExpander
type AwsRouteTableExpander ¶
type AwsRouteTableExpander struct {
// contains filtered or unexported fields
}
Explodes routes found in aws_default_route_table.route and aws_route_table.route to dedicated resources
func NewAwsRouteTableExpander ¶
func NewAwsRouteTableExpander(alerter alerter.AlerterInterface, resourceFactory resource.ResourceFactory) AwsRouteTableExpander
type AwsSNSTopicPolicyExpander ¶
type AwsSNSTopicPolicyExpander struct {
// contains filtered or unexported fields
}
Explodes policy found in aws_sns_topic from state resources to aws_sns_topic_policy resources
func NewAwsSNSTopicPolicyExpander ¶
func NewAwsSNSTopicPolicyExpander(resourceFactory resource.ResourceFactory, resourceSchemaRepository resource.SchemaRepositoryInterface) AwsSNSTopicPolicyExpander
type AwsSQSQueuePolicyExpander ¶
type AwsSQSQueuePolicyExpander struct {
// contains filtered or unexported fields
}
Explodes policy found in aws_sqs_queue.policy from state resources to dedicated resources
func NewAwsSQSQueuePolicyExpander ¶
func NewAwsSQSQueuePolicyExpander(resourceFactory resource.ResourceFactory, resourceSchemaRepository resource.SchemaRepositoryInterface) AwsSQSQueuePolicyExpander
type AzurermRouteExpander ¶
type AzurermRouteExpander struct {
// contains filtered or unexported fields
}
Explodes routes found in azurerm_route_table.route from state resources to dedicated resources
func NewAzurermRouteExpander ¶
func NewAzurermRouteExpander(resourceFactory resource.ResourceFactory) AzurermRouteExpander
type AzurermSubnetExpander ¶
type AzurermSubnetExpander struct {
// contains filtered or unexported fields
}
Explodes subnet found in azurerm_virtual_network.subnet from state resources to dedicated resources
func NewAzurermSubnetExpander ¶
func NewAzurermSubnetExpander(resourceFactory resource.ResourceFactory) AzurermSubnetExpander
type EipAssociationExpander ¶
type EipAssociationExpander struct {
// contains filtered or unexported fields
}
func NewEipAssociationExpander ¶
func NewEipAssociationExpander(resourceFactory resource.ResourceFactory) EipAssociationExpander
type GoogleDefaultIAMMember ¶
type GoogleDefaultIAMMember struct{}
Some service accounts are created by default when activating APIs, this middleware will filter them unless they are managed.
func NewGoogleDefaultIAMMember ¶
func NewGoogleDefaultIAMMember() *GoogleDefaultIAMMember
type GoogleIAMBindingTransformer ¶
type GoogleIAMBindingTransformer struct {
// contains filtered or unexported fields
}
GoogleIAMBindingTransformer Transforms Bucket IAM binding in bucket iam member to ease comparison.
func NewGoogleIAMBindingTransformer ¶
func NewGoogleIAMBindingTransformer(resourceFactory resource.ResourceFactory) *GoogleIAMBindingTransformer
type GoogleLegacyBucketIAMMember ¶
type GoogleLegacyBucketIAMMember struct{}
Creating buckets add legacy role bindings, this middleware will filter them unless they are managed.
func NewGoogleLegacyBucketIAMMember ¶
func NewGoogleLegacyBucketIAMMember() *GoogleLegacyBucketIAMMember
type GoogleStorageBucketIAMPolicyTransformer ¶
type GoogleStorageBucketIAMPolicyTransformer struct {
// contains filtered or unexported fields
}
GoogleStorageBucketIAMPolicyTransformer Transforms Bucket IAM policy in bucket iam binding to ease comparison.
func NewGoogleIAMPolicyTransformer ¶
func NewGoogleIAMPolicyTransformer(resourceFactory resource.ResourceFactory) *GoogleStorageBucketIAMPolicyTransformer
type IamPolicyAttachmentExpander ¶
type IamPolicyAttachmentExpander struct {
// contains filtered or unexported fields
}
Split Policy attachment when there is multiple user and groups and generate a repeatable id
func NewIamPolicyAttachmentExpander ¶
func NewIamPolicyAttachmentExpander(resourceFactory resource.ResourceFactory) IamPolicyAttachmentExpander
type IamPolicyAttachmentTransformer ¶
type IamPolicyAttachmentTransformer struct {
// contains filtered or unexported fields
}
func NewIamPolicyAttachmentTransformer ¶
func NewIamPolicyAttachmentTransformer(resourceFactory resource.ResourceFactory) IamPolicyAttachmentTransformer
type Middleware ¶
type OpenAPIAwsExtensions ¶
type OpenAPIAwsExtensions struct {
GatewayResponses map[string]interface{} `json:"x-amazon-apigateway-gateway-responses"`
}
type OpenAPIAwsMethodExtensions ¶
type OpenAPIAwsMethodExtensions struct {
Integration map[string]interface{} `json:"x-amazon-apigateway-integration"`
}
type Route53DefaultZoneRecordSanitizer ¶
type Route53DefaultZoneRecordSanitizer struct{}
Remote NS and SAO records from remote state if not managed by IAC
func NewRoute53DefaultZoneRecordSanitizer ¶
func NewRoute53DefaultZoneRecordSanitizer() Route53DefaultZoneRecordSanitizer
type Route53RecordIDReconcilier ¶
type Route53RecordIDReconcilier struct{}
Since AWS returns the FQDN as the name of the remote record, we must change the Id of the state record to be equivalent (ZoneId_FQDN_Type_SetIdentifier) For a TXT record toto for zone example.com with Id 1234 From AWS provider, we retrieve: 1234_toto.example.com_TXT From Terraform state, we retrieve: 1234_toto_TXT
func NewRoute53RecordIDReconcilier ¶
func NewRoute53RecordIDReconcilier() Route53RecordIDReconcilier
type S3BucketAcl ¶
type S3BucketAcl struct{}
Remove grant field on remote resources when acl field != private in state
func NewS3BucketAcl ¶
func NewS3BucketAcl() S3BucketAcl
type TagsAllManager ¶
type TagsAllManager struct{}
Manage tags_all attribute on each compatible resources
func NewTagsAllManager ¶
func NewTagsAllManager() TagsAllManager
type VPCDefaultSecurityGroupSanitizer ¶
type VPCDefaultSecurityGroupSanitizer struct{}
Remove default security group from remote resources
func NewVPCDefaultSecurityGroupSanitizer ¶
func NewVPCDefaultSecurityGroupSanitizer() VPCDefaultSecurityGroupSanitizer
type VPCSecurityGroupRuleSanitizer ¶
type VPCSecurityGroupRuleSanitizer struct {
// contains filtered or unexported fields
}
Split security group rule if it needs to given its attributes
func NewVPCSecurityGroupRuleSanitizer ¶
func NewVPCSecurityGroupRuleSanitizer(resourceFactory resource.ResourceFactory) VPCSecurityGroupRuleSanitizer
Source Files
¶
- aws_api_gateway_api_expander.go
- aws_api_gateway_deployment_expander.go
- aws_api_gateway_domain_names_reconciler.go
- aws_api_gateway_resource_expander.go
- aws_api_gateway_rest_api_policy_expander.go
- aws_bucket_policy_expander.go
- aws_console_api_gateway_gateway_response.go
- aws_default_api_gateway_account.go
- aws_default_igw_route.go
- aws_default_internet_gateway.go
- aws_default_network_acl.go
- aws_default_network_acl_rule.go
- aws_default_route.go
- aws_default_route_table.go
- aws_default_security_group_rule.go
- aws_default_sqs_queue_policy.go
- aws_default_subnet.go
- aws_default_vpc.go
- aws_defaults.go
- aws_eip_association_expander.go
- aws_iam_policy_attachement_transformer.go
- aws_instance_block_device.go
- aws_instance_eip.go
- aws_nat_gateway_eip_assoc.go
- aws_network_acl_expander.go
- aws_rds_cluster_instance_expander.go
- aws_role_managed_policy_expander.go
- aws_route_table_expander.go
- aws_sns_topic_policy_expander.go
- aws_sqs_queue_policy_expander.go
- azurerm_route_expander.go
- azurerm_subnet_expander.go
- chain_middleware.go
- google_default_iam_member.go
- google_iam_binding_transformer.go
- google_iam_policy_transformer.go
- google_legacy_bucket_iam_member.go
- iam_policy_attachment_expander.go
- middlewares.go
- route53_records.go
- route53_records_id_reconcilier.go
- s3_bucket_acl.go
- tags_all_manager.go
- vpc_security_group_default.go
- vpc_security_group_rules.go