Include resource ID in scanning errors to ignore a particular resource #905

sundowndev · 2021-08-02T16:11:12Z

Q	A
🐛 Bug fix?	yes
🚀 New feature?	no
⚠ Deprecations?	no
❌ BC Break	no
🔗 Related issues	#666
❓ Documentation	no

Description

When we encounter a Access Denied error on a particular resource, it creates an alert and ignore all resources of the same type. With this fix, we create an alert including the resource type & ID so we can only ignore that one.

What changed

Moved RemoteAccessDeniedAlert into new pkg/remote/alerts package
Moved RemoteAWSTerraform & RemoteGithubTerraform into pkg/remote/common/providers.go
Deleted SupplierError and moved its methods into ResourceScanningError
Added fields resourceType & resourceName in ResourceScanningError
Added few unit tests to avoid regression and increase coverage

codecov · 2021-08-02T16:16:44Z

Codecov Report

Merging #905 (4e3d352) into main (62e0efe) will increase coverage by 0.03%.
The diff coverage is 72.16%.

@@            Coverage Diff             @@
##             main     #905      +/-   ##
==========================================
+ Coverage   81.66%   81.70%   +0.03%     
==========================================
  Files         232      233       +1     
  Lines        7566     7588      +22     
==========================================
+ Hits         6179     6200      +21     
- Misses       1159     1161       +2     
+ Partials      228      227       -1

Impacted Files	Coverage Δ
pkg/remote/aws/dynamodb_table_details_fetcher.go	`77.77% <0.00%> (ø)`
...ote/aws/ec2_default_route_table_details_fetcher.go	`77.77% <0.00%> (ø)`
pkg/remote/aws/ec2_route_details_fetcher.go	`81.81% <0.00%> (ø)`
...aws/ec2_route_table_association_details_fetcher.go	`77.77% <0.00%> (ø)`
pkg/remote/aws/iam_access_key_details_fetcher.go	`77.77% <0.00%> (ø)`
pkg/remote/aws/iam_role_enumerator.go	`92.85% <0.00%> (ø)`
.../aws/iam_role_policy_attachment_details_fetcher.go	`78.94% <0.00%> (ø)`
.../aws/iam_user_policy_attachment_details_fetcher.go	`78.94% <0.00%> (ø)`
pkg/remote/aws/init.go	`0.00% <0.00%> (ø)`
...kg/remote/aws/s3_bucket_analytic_detail_fetcher.go	`77.77% <0.00%> (ø)`
... and 75 more

pkg/remote/aws/iam_access_key_enumerator.go

pkg/remote/aws/iam_role_policy_enumerator.go

pkg/remote/aws/vpc_enumerator.go

pkg/remote/aws/lambda_function_details_fetcher.go

pkg/remote/aws/s3_bucket_metrics_enumerator.go

wbeuil

Small changes to make

wbeuil

Nice work !

sundowndev added kind/bug Something isn't working priority/0 labels Aug 2, 2021

sundowndev force-pushed the fix/listedTypeAlerts branch from 882413e to c80d21e Compare August 2, 2021 16:11

refactor: remote access denied alerts

e7c93cb

sundowndev force-pushed the fix/listedTypeAlerts branch from c80d21e to e7c93cb Compare August 3, 2021 10:35

test: resource error handling

f239459

sundowndev force-pushed the fix/listedTypeAlerts branch from 0c37d74 to f239459 Compare August 3, 2021 13:01

sundowndev changed the title ~~Use resource name for resource-specific errors~~ Include resource ID in scanning errors to ignore a particular resource Aug 3, 2021

sundowndev marked this pull request as ready for review August 3, 2021 13:02

sundowndev requested a review from a team as a code owner August 3, 2021 13:02

eliecharra added this to the v0.14 milestone Aug 4, 2021

eliecharra added this to Review in driftctl Aug 4, 2021