Merge pull request #883 from cloudskiff/ignore_enumeration

Ignore resource prior to scan
snyk · Jul 30, 2021 · 360f727 · 360f727
2 parents eb152a1 + 94da3ba
commit 360f727
Show file tree

Hide file tree

Showing 30 changed files with 172,218 additions and 67 deletions.
diff --git a/pkg/cmd/scan.go b/pkg/cmd/scan.go
@@ -222,9 +222,9 @@ func scanRun(opts *pkg.ScanOptions) error {
 	logrus.Debug("Checking for driftignore")
 	driftIgnore := filter.NewDriftIgnore(opts.DriftignorePath)
 
-	scanner := remote.NewScanner(remoteLibrary, alerter, remote.ScannerOptions{Deep: opts.Deep})
+	scanner := remote.NewScanner(remoteLibrary, alerter, remote.ScannerOptions{Deep: opts.Deep}, driftIgnore)
 
-	iacSupplier, err := supplier.GetIACSupplier(opts.From, providerLibrary, opts.BackendOptions, iacProgress, resFactory)
+	iacSupplier, err := supplier.GetIACSupplier(opts.From, providerLibrary, opts.BackendOptions, iacProgress, resFactory, driftIgnore)
 	if err != nil {
 		return err
 	}

diff --git a/pkg/filter/driftignore.go b/pkg/filter/driftignore.go
@@ -67,6 +67,10 @@ func (r *DriftIgnore) readIgnoreFile() error {
 	return nil
 }
 
+func (r *DriftIgnore) IsTypeIgnored(ty resource.ResourceType) bool {
+	return r.match(fmt.Sprintf("%s.*", ty))
+}
+
 func (r *DriftIgnore) IsResourceIgnored(res resource.Resource) bool {
 	return r.match(fmt.Sprintf("%s.%s", res.TerraformType(), res.TerraformId()))
 }

diff --git a/pkg/filter/filter.go b/pkg/filter/filter.go
@@ -3,6 +3,7 @@ package filter
 import "github.com/cloudskiff/driftctl/pkg/resource"
 
 type Filter interface {
+	IsTypeIgnored(ty resource.ResourceType) bool
 	IsResourceIgnored(res resource.Resource) bool
 	IsFieldIgnored(res resource.Resource, path []string) bool
 }
diff --git a/pkg/filter/mock_Filter.go b/pkg/filter/mock_Filter.go
diff --git a/pkg/iac/supplier/supplier.go b/pkg/iac/supplier/supplier.go
@@ -3,6 +3,7 @@ package supplier
 import (
 	"fmt"
 
+	"github.com/cloudskiff/driftctl/pkg/filter"
 	"github.com/cloudskiff/driftctl/pkg/iac/terraform/state/backend"
 	"github.com/cloudskiff/driftctl/pkg/output"
 	"github.com/cloudskiff/driftctl/pkg/terraform"
@@ -33,7 +34,8 @@ func GetIACSupplier(configs []config.SupplierConfig,
 	library *terraform.ProviderLibrary,
 	backendOpts *backend.Options,
 	progress output.Progress,
-	factory resource.ResourceFactory) (resource.Supplier, error) {
+	factory resource.ResourceFactory,
+	filter filter.Filter) (resource.Supplier, error) {
 
 	chainSupplier := resource.NewChainSupplier()
 	for _, config := range configs {
@@ -47,7 +49,7 @@ func GetIACSupplier(configs []config.SupplierConfig,
 		var err error
 		switch config.Key {
 		case state.TerraformStateReaderSupplier:
-			supplier, err = state.NewReader(config, library, backendOpts, progress, deserializer)
+			supplier, err = state.NewReader(config, library, backendOpts, progress, deserializer, filter)
 		default:
 			return nil, errors.Errorf("Unsupported supplier '%s'", config.Key)
 		}

diff --git a/pkg/iac/supplier/supplier_test.go b/pkg/iac/supplier/supplier_test.go
@@ -5,6 +5,7 @@ import (
 	"reflect"
 	"testing"
 
+	"github.com/cloudskiff/driftctl/pkg/filter"
 	"github.com/cloudskiff/driftctl/pkg/iac/config"
 	"github.com/cloudskiff/driftctl/pkg/iac/terraform/state/backend"
 	"github.com/cloudskiff/driftctl/pkg/output"
@@ -90,7 +91,9 @@ func TestGetIACSupplier(t *testing.T) {
 			repo := resource.InitFakeSchemaRepository("aws", "3.19.0")
 			factory := terraform.NewTerraformResourceFactory(repo)
 
-			_, err := GetIACSupplier(tt.args.config, terraform.NewProviderLibrary(), tt.args.options, progress, factory)
+			testFilter := &filter.MockFilter{}
+
+			_, err := GetIACSupplier(tt.args.config, terraform.NewProviderLibrary(), tt.args.options, progress, factory, testFilter)
 			if tt.wantErr != nil && err.Error() != tt.wantErr.Error() {
 				t.Errorf("GetIACSupplier() error = %v, wantErr %v", err, tt.wantErr)
 				return

diff --git a/pkg/iac/terraform/state/terraform_state_reader.go b/pkg/iac/terraform/state/terraform_state_reader.go
@@ -4,6 +4,7 @@ import (
 	"fmt"
 	"strings"
 
+	"github.com/cloudskiff/driftctl/pkg/filter"
 	"github.com/cloudskiff/driftctl/pkg/output"
 	"github.com/fatih/color"
 	"github.com/hashicorp/terraform/addrs"
@@ -32,15 +33,16 @@ type TerraformStateReader struct {
 	deserializer   *resource.Deserializer
 	backendOptions *backend.Options
 	progress       output.Progress
+	filter         filter.Filter
 }
 
 func (r *TerraformStateReader) initReader() error {
 	r.enumerator = enumerator.GetEnumerator(r.config)
 	return nil
 }
 
-func NewReader(config config.SupplierConfig, library *terraform.ProviderLibrary, backendOpts *backend.Options, progress output.Progress, deserializer *resource.Deserializer) (*TerraformStateReader, error) {
-	reader := TerraformStateReader{library: library, config: config, deserializer: deserializer, backendOptions: backendOpts, progress: progress}
+func NewReader(config config.SupplierConfig, library *terraform.ProviderLibrary, backendOpts *backend.Options, progress output.Progress, deserializer *resource.Deserializer, filter filter.Filter) (*TerraformStateReader, error) {
+	reader := TerraformStateReader{library: library, config: config, deserializer: deserializer, backendOptions: backendOpts, progress: progress, filter: filter}
 	err := reader.initReader()
 	if err != nil {
 		return nil, err
@@ -79,6 +81,14 @@ func (r *TerraformStateReader) retrieve() (map[string][]cty.Value, error) {
 				continue
 			}
 
+			if r.filter != nil && r.filter.IsTypeIgnored(resource.ResourceType(resType)) {
+				logrus.WithFields(logrus.Fields{
+					"name": resName,
+					"type": resType,
+				}).Debug("Ignored resource from state since it is ignored in filter")
+				continue
+			}
+
 			if stateRes.Addr.Resource.Mode != addrs.ManagedResourceMode {
 				logrus.WithFields(logrus.Fields{
 					"mode": stateRes.Addr.Resource.Mode,

diff --git a/pkg/iac/terraform/state/terraform_state_reader_test.go b/pkg/iac/terraform/state/terraform_state_reader_test.go
@@ -7,13 +7,13 @@ import (
 	"strings"
 	"testing"
 
-	"github.com/pkg/errors"
-	"github.com/stretchr/testify/assert"
-
+	"github.com/cloudskiff/driftctl/pkg/filter"
 	"github.com/cloudskiff/driftctl/pkg/output"
 	resourceaws "github.com/cloudskiff/driftctl/pkg/resource/aws"
 	resourcegithub "github.com/cloudskiff/driftctl/pkg/resource/github"
 	testresource "github.com/cloudskiff/driftctl/test/resource"
+	"github.com/pkg/errors"
+	"github.com/stretchr/testify/assert"
 
 	"github.com/cloudskiff/driftctl/pkg/iac/config"
 	"github.com/cloudskiff/driftctl/pkg/remote/aws"
@@ -305,3 +305,30 @@ func TestTerraformStateReader_VersionSupported(t *testing.T) {
 		})
 	}
 }
+
+func TestTerraformStateReader_WithIgnoredResource(t *testing.T) {
+	progress := &output.MockProgress{}
+	progress.On("Inc").Return().Times(1)
+	progress.On("Stop").Return().Times(1)
+
+	provider := mocks.NewMockedGoldenTFProvider("ignored_resources", nil, false)
+	library := terraform.NewProviderLibrary()
+	library.AddProvider(terraform.AWS, provider)
+
+	filter := &filter.MockFilter{}
+	filter.On("IsTypeIgnored", resource.ResourceType("aws_s3_bucket")).Return(true)
+
+	r := &TerraformStateReader{
+		config: config.SupplierConfig{
+			Path: path.Join(goldenfile.GoldenFilePath, "ignored_resources", "terraform.tfstate"),
+		},
+		library:  library,
+		progress: progress,
+		filter:   filter,
+	}
+
+	got, err := r.Resources()
+	filter.AssertExpectations(t)
+	assert.Nil(t, err)
+	assert.Len(t, got, 0)
+}