-
Notifications
You must be signed in to change notification settings - Fork 152
/
aws_iam_access_key.go
31 lines (28 loc) · 1.21 KB
/
aws_iam_access_key.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
package aws
import (
"github.com/snyk/driftctl/enumeration/resource"
dctlresource "github.com/snyk/driftctl/pkg/resource"
)
const AwsIamAccessKeyResourceType = "aws_iam_access_key"
func initAwsIAMAccessKeyMetaData(resourceSchemaRepository dctlresource.SchemaRepositoryInterface) {
resourceSchemaRepository.SetNormalizeFunc(AwsIamAccessKeyResourceType, func(res *resource.Resource) {
val := res.Attrs
// As we can't read secrets from aws API once access_key created we need to set
// fields retrieved from state to nil to avoid drift
// We can't detect drift if we cannot retrieve latest value from aws API for fields like secrets, passwords etc ...
val.SafeDelete([]string{"secret"})
val.SafeDelete([]string{"ses_smtp_password_v4"})
val.SafeDelete([]string{"ses_smtp_password"})
val.SafeDelete([]string{"encrypted_secret"})
val.SafeDelete([]string{"key_fingerprint"})
val.SafeDelete([]string{"pgp_key"})
})
resourceSchemaRepository.SetHumanReadableAttributesFunc(AwsIamAccessKeyResourceType, func(res *resource.Resource) map[string]string {
val := res.Attrs
attrs := make(map[string]string)
if user := val.GetString("user"); user != nil && *user != "" {
attrs["User"] = *user
}
return attrs
})
}