Merge pull request #116 from cloudskiff/aws_route_table

Add aws_route, aws_route_table, aws_default_route_table support
snyk · Jan 15, 2021 · 8bbd8d4 · 8bbd8d4
2 parents a0b2e0f + a125839
commit 8bbd8d4
Show file tree

Hide file tree

Showing 64 changed files with 1,033,379 additions and 0 deletions.
diff --git a/doc/cmd/scan/supported_resources/aws.md b/doc/cmd/scan/supported_resources/aws.md
@@ -207,3 +207,6 @@ As AWS documentation recommends, the below policy is granting only the permissio
 - [x]  aws_vpc
 - [x]  aws_security_group
 - [x]  aws_security_group_rule
+- [x]  aws_route_table
+- [x]  aws_default_route_table
+- [x]  aws_route
diff --git a/pkg/driftctl.go b/pkg/driftctl.go
@@ -40,6 +40,9 @@ func (d DriftCTL) Run() *analyser.Analysis {
 		middlewares.AwsInstanceEIP{},
 		middlewares.NewAwsDefaultVPC(),
 		middlewares.NewAwsDefaultSubnet(),
+		middlewares.NewAwsRouteTableExpander(),
+		middlewares.NewAwsDefaultRouteTable(),
+		middlewares.NewAwsDefaultRoute(),
 	)
 
 	logrus.Debug("Ready to run middlewares")

diff --git a/pkg/iac/deserializers.go b/pkg/iac/deserializers.go
@@ -40,5 +40,8 @@ func Deserializers() []deserializer.CTYDeserializer {
 		awsdeserializer.NewVPCDeserializer(),
 		awsdeserializer.NewDefaultSubnetDeserializer(),
 		awsdeserializer.NewSubnetDeserializer(),
+		awsdeserializer.NewDefaultRouteTableDeserializer(),
+		awsdeserializer.NewRouteTableDeserializer(),
+		awsdeserializer.NewRouteDeserializer(),
 	}
 }
diff --git a/pkg/iac/terraform/state/terraform_state_reader_test.go b/pkg/iac/terraform/state/terraform_state_reader_test.go
@@ -68,6 +68,8 @@ func TestTerraformStateReader_Resources(t *testing.T) {
 		{name: "IAM role policy attachment", dirName: "iam_role_policy_attachment", wantErr: false},
 		{name: "IAM user policy attachment", dirName: "iam_user_policy_attachment", wantErr: false},
 		{name: "VPC security group rule", dirName: "vpc_security_group_rule", wantErr: false},
+		{name: "route table", dirName: "route_table", wantErr: false},
+		{name: "route", dirName: "route", wantErr: false},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {

diff --git a/pkg/iac/terraform/state/test/route/result.golden.json b/pkg/iac/terraform/state/test/route/result.golden.json
@@ -0,0 +1,109 @@
+[
+ {
+  "Arn": "arn:aws:ec2:us-east-1:929327065333:vpc/vpc-0a5666c0cfc366714",
+  "AssignGeneratedIpv6CidrBlock": false,
+  "CidrBlock": "10.0.0.0/16",
+  "DefaultNetworkAclId": "acl-081a06acb9d092caf",
+  "DefaultRouteTableId": "rtb-0aa0a93a2960854a1",
+  "DefaultSecurityGroupId": "sg-0b1ad864ecd584998",
+  "DhcpOptionsId": "dopt-d29e33a8",
+  "EnableClassiclink": false,
+  "EnableClassiclinkDnsSupport": false,
+  "EnableDnsHostnames": false,
+  "EnableDnsSupport": true,
+  "Id": "vpc-0a5666c0cfc366714",
+  "InstanceTenancy": "default",
+  "Ipv6AssociationId": "",
+  "Ipv6CidrBlock": "",
+  "MainRouteTableId": "rtb-0aa0a93a2960854a1",
+  "OwnerId": "929327065333",
+  "Tags": {}
+ },
+ {
+  "Id": "rtb-0f37e1ce04d833435",
+  "OwnerId": "929327065333",
+  "PropagatingVgws": null,
+  "Route": [
+   {
+    "CidrBlock": "",
+    "EgressOnlyGatewayId": "",
+    "GatewayId": "igw-0125fbf19e83d008b",
+    "InstanceId": "",
+    "Ipv6CidrBlock": "::/0",
+    "LocalGatewayId": "",
+    "NatGatewayId": "",
+    "NetworkInterfaceId": "",
+    "TransitGatewayId": "",
+    "VpcEndpointId": "",
+    "VpcPeeringConnectionId": ""
+   },
+   {
+    "CidrBlock": "0.0.0.0/0",
+    "EgressOnlyGatewayId": "",
+    "GatewayId": "igw-0125fbf19e83d008b",
+    "InstanceId": "",
+    "Ipv6CidrBlock": "",
+    "LocalGatewayId": "",
+    "NatGatewayId": "",
+    "NetworkInterfaceId": "",
+    "TransitGatewayId": "",
+    "VpcEndpointId": "",
+    "VpcPeeringConnectionId": ""
+   }
+  ],
+  "Tags": {
+   "Name": "r"
+  },
+  "VpcId": "vpc-0a5666c0cfc366714"
+ },
+ {
+  "Id": "rtb-0232602f0f07748fc",
+  "OwnerId": "929327065333",
+  "PropagatingVgws": null,
+  "Route": null,
+  "Tags": {
+   "Name": "rr"
+  },
+  "VpcId": "vpc-0a5666c0cfc366714"
+ },
+ {
+  "DestinationCidrBlock": "1.1.1.1/32",
+  "DestinationIpv6CidrBlock": null,
+  "DestinationPrefixListId": "",
+  "EgressOnlyGatewayId": null,
+  "GatewayId": "igw-0125fbf19e83d008b",
+  "Id": "r-rtb-0232602f0f07748fc243279527",
+  "InstanceId": null,
+  "InstanceOwnerId": "",
+  "LocalGatewayId": null,
+  "NatGatewayId": null,
+  "NetworkInterfaceId": null,
+  "Origin": "CreateRoute",
+  "RouteTableId": "rtb-0232602f0f07748fc",
+  "State": "active",
+  "TransitGatewayId": null,
+  "VpcEndpointId": null,
+  "VpcPeeringConnectionId": null,
+  "Timeouts": null
+ },
+ {
+  "DestinationCidrBlock": null,
+  "DestinationIpv6CidrBlock": "::/0",
+  "DestinationPrefixListId": "",
+  "EgressOnlyGatewayId": null,
+  "GatewayId": "igw-0125fbf19e83d008b",
+  "Id": "r-rtb-0232602f0f07748fc2750132062",
+  "InstanceId": null,
+  "InstanceOwnerId": "",
+  "LocalGatewayId": null,
+  "NatGatewayId": null,
+  "NetworkInterfaceId": null,
+  "Origin": "CreateRoute",
+  "RouteTableId": "rtb-0232602f0f07748fc",
+  "State": "active",
+  "TransitGatewayId": null,
+  "VpcEndpointId": null,
+  "VpcPeeringConnectionId": null,
+  "Timeouts": null
+ }
+]