From ccd03cce97470452766ab397f2ba770dbb2e002e Mon Sep 17 00:00:00 2001 From: Christof <106981178+chdorner-snyk@users.noreply.github.com> Date: Wed, 13 Dec 2023 17:38:49 +0100 Subject: [PATCH] feat: remove deprecated managed IaC drift detection (#4908) * feat: remove deprecated managed IaC drift detection managed drift detection has been deprecated with e6ad44a43b0dbd33fd0ad11e1b7bd9a5b9e0297f and is now being removed after a 90-day period. * fix: linting issues * fix: iac update-exclude-policy acceptance test * feat: fail `iac describe` when `--only-managed` flag provided * feat: upgrade iac describe to driftctl 0.40.0 * chore: ignore false-positive secret leaks from test fixtures * chore: add gitleaks ignore line after rebase --- .gitleaksignore | 3 + package-lock.json | 35 --- package.json | 1 - src/cli/commands/describe.ts | 23 +- .../test/iac/local-execution/analytics.ts | 1 - .../describe-exclusive-argument-error.ts | 11 - .../describe-required-argument-error.ts | 15 -- src/lib/iac/drift.ts | 51 ----- src/lib/iac/drift/driftctl.ts | 49 +--- src/lib/iac/drift/output.ts | 212 +----------------- src/lib/iac/types.d.ts | 33 --- test/fixtures/iac/drift/output/output.json | 25 --- test/jest/acceptance/iac/describe.spec.ts | 64 +++--- .../iac/update-exclude-policy.spec.ts | 1 - test/jest/unit/lib/iac/drift/drift.spec.ts | 146 +----------- .../fixtures/{alldeep.console => all.console} | 69 ++---- .../drift/fixtures/{alldeep.json => all.json} | 77 ------- .../iac/drift/fixtures/driftctl-analysis.json | 25 --- 18 files changed, 88 insertions(+), 753 deletions(-) delete mode 100644 src/lib/errors/describe-exclusive-argument-error.ts delete mode 100644 src/lib/errors/describe-required-argument-error.ts rename test/jest/unit/lib/iac/drift/fixtures/{alldeep.console => all.console} (81%) rename test/jest/unit/lib/iac/drift/fixtures/{alldeep.json => all.json} (82%) diff --git a/.gitleaksignore b/.gitleaksignore index 41c7db9ee0..bbcea379d2 100644 --- a/.gitleaksignore +++ b/.gitleaksignore @@ -79,3 +79,6 @@ cba65a3a91c64db2ee92c87e5972602b6c959586:test/fixtures/sast/sample-analyze-folde c2de35484dcad696a6ee32f2fa317d5cfaffc133:test/fixtures/code/sample-analyze-folders-response.json:generic-api-key:3 668e99c11a12699d9b1aca20cf48e1969055acf5:test/fixtures/sast/sample-analyze-scm-project-response.json:generic-api-key:4 0fb9746f823f48b2802269569e8575f4dfd3d95d:help/cli-commands/iac-test.md:snyk-api-token:219 +168e6f2b48bc294e558d648626a1e00ccd85decc:test/jest/unit/lib/iac/drift/fixtures/all.console:aws-access-token:98 +4c12242de73be79ebd768468e065790f0b9d23a7:test/jest/unit/lib/iac/drift/fixtures/all.console:aws-access-token:98 +25f37b4c609380452b0b96c3853b69e4dc29bb48:test/jest/unit/lib/iac/drift/fixtures/all.console:aws-access-token:98 diff --git a/package-lock.json b/package-lock.json index c3c4afe11b..657a70a430 100644 --- a/package-lock.json +++ b/package-lock.json @@ -37,7 +37,6 @@ "glob": "^7.1.7", "global-agent": "^2.1.12", "jest-json-schema": "^6.1.0", - "jsondiffpatch": "^0.4.1", "lodash.assign": "^4.2.0", "lodash.camelcase": "^4.3.0", "lodash.capitalize": "^4.2.1", @@ -8874,11 +8873,6 @@ "node": ">=0.3.1" } }, - "node_modules/diff-match-patch": { - "version": "1.0.5", - "resolved": "https://registry.npmjs.org/diff-match-patch/-/diff-match-patch-1.0.5.tgz", - "integrity": "sha512-IayShXAgj/QMXgB0IWmKx+rOPuGMhqm5w6jvFxmVenXKIzRqTAAsbBPT3kWQeGANj3jGgvcvv4yK6SxqYmikgw==" - }, "node_modules/diff-sequences": { "version": "27.4.0", "resolved": "https://registry.npmjs.org/diff-sequences/-/diff-sequences-27.4.0.tgz", @@ -14560,21 +14554,6 @@ "node": ">=6" } }, - "node_modules/jsondiffpatch": { - "version": "0.4.1", - "resolved": "https://registry.npmjs.org/jsondiffpatch/-/jsondiffpatch-0.4.1.tgz", - "integrity": "sha512-t0etAxTUk1w5MYdNOkZBZ8rvYYN5iL+2dHCCx/DpkFm/bW28M6y5nUS83D4XdZiHy35Fpaw6LBb+F88fHZnVCw==", - "dependencies": { - "chalk": "^2.3.0", - "diff-match-patch": "^1.0.0" - }, - "bin": { - "jsondiffpatch": "bin/jsondiffpatch" - }, - "engines": { - "node": ">=8.17.0" - } - }, "node_modules/jsonfile": { "version": "6.1.0", "resolved": "https://registry.npmjs.org/jsonfile/-/jsonfile-6.1.0.tgz", @@ -30918,11 +30897,6 @@ "resolved": "https://registry.npmjs.org/diff/-/diff-4.0.2.tgz", "integrity": "sha512-58lmxKSA4BNyLz+HHMUzlOEpg09FV+ev6ZMe3vJihgdxzgcwZ8VoEEPmALCZG9LmqfVoNMMKpttIYTVG6uDY7A==" }, - "diff-match-patch": { - "version": "1.0.5", - "resolved": "https://registry.npmjs.org/diff-match-patch/-/diff-match-patch-1.0.5.tgz", - "integrity": "sha512-IayShXAgj/QMXgB0IWmKx+rOPuGMhqm5w6jvFxmVenXKIzRqTAAsbBPT3kWQeGANj3jGgvcvv4yK6SxqYmikgw==" - }, "diff-sequences": { "version": "27.4.0", "resolved": "https://registry.npmjs.org/diff-sequences/-/diff-sequences-27.4.0.tgz", @@ -35141,15 +35115,6 @@ "minimist": "^1.2.5" } }, - "jsondiffpatch": { - "version": "0.4.1", - "resolved": "https://registry.npmjs.org/jsondiffpatch/-/jsondiffpatch-0.4.1.tgz", - "integrity": "sha512-t0etAxTUk1w5MYdNOkZBZ8rvYYN5iL+2dHCCx/DpkFm/bW28M6y5nUS83D4XdZiHy35Fpaw6LBb+F88fHZnVCw==", - "requires": { - "chalk": "^2.3.0", - "diff-match-patch": "^1.0.0" - } - }, "jsonfile": { "version": "6.1.0", "resolved": "https://registry.npmjs.org/jsonfile/-/jsonfile-6.1.0.tgz", diff --git a/package.json b/package.json index 5db42e3907..3c912b07b6 100644 --- a/package.json +++ b/package.json @@ -84,7 +84,6 @@ "glob": "^7.1.7", "global-agent": "^2.1.12", "jest-json-schema": "^6.1.0", - "jsondiffpatch": "^0.4.1", "lodash.assign": "^4.2.0", "lodash.camelcase": "^4.3.0", "lodash.capitalize": "^4.2.1", diff --git a/src/cli/commands/describe.ts b/src/cli/commands/describe.ts index 511f09eb6b..cdae70a02b 100644 --- a/src/cli/commands/describe.ts +++ b/src/cli/commands/describe.ts @@ -6,16 +6,26 @@ import { parseDriftAnalysisResults, processAnalysis, } from '../../lib/iac/drift'; +import { CustomError } from '../../lib/errors'; import { getIacOrgSettings } from './test/iac/local-execution/org-settings/get-iac-org-settings'; import { UnsupportedEntitlementCommandError } from './test/iac/local-execution/assert-iac-options-flag'; import config from '../../lib/config'; import { addIacDriftAnalytics } from './test/iac/local-execution/analytics'; import * as analytics from '../../lib/analytics'; import { findAndLoadPolicy } from '../../lib/policy'; -import { DescribeRequiredArgumentError } from '../../lib/errors/describe-required-argument-error'; -import help from './help'; import { DCTL_EXIT_CODES, runDriftCTL } from '../../lib/iac/drift/driftctl'; +import { IaCErrorCodes } from './test/iac/local-execution/types'; +import { getErrorStringCode } from './test/iac/local-execution/error-utils'; +export class FlagError extends CustomError { + constructor(flag: string) { + const msg = `Unsupported flag "${flag}" provided. Run snyk iac describe --help for supported flags`; + super(msg); + this.code = IaCErrorCodes.FlagError; + this.strCode = getErrorStringCode(this.code); + this.userMessage = msg; + } +} export default async (...args: MethodArgs): Promise => { const { options } = processCommandArgs(...args); @@ -25,6 +35,10 @@ export default async (...args: MethodArgs): Promise => { return legacyError('describe'); } + if (options['only-managed']) { + return Promise.reject(new FlagError('only-managed')); + } + // Ensure that we are allowed to run that command // by checking the entitlement const orgPublicId = options.org ?? config.org; @@ -57,11 +71,6 @@ export default async (...args: MethodArgs): Promise => { const output = await processAnalysis(options, describe); process.stdout.write(output); } catch (e) { - if (e instanceof DescribeRequiredArgumentError) { - // when missing a required arg we will display help to explain - const helpMsg = await help('iac', 'describe'); - console.log(helpMsg); - } return Promise.reject(e); } }; diff --git a/src/cli/commands/test/iac/local-execution/analytics.ts b/src/cli/commands/test/iac/local-execution/analytics.ts index 6a1f7642a0..32d2326b66 100644 --- a/src/cli/commands/test/iac/local-execution/analytics.ts +++ b/src/cli/commands/test/iac/local-execution/analytics.ts @@ -91,7 +91,6 @@ export function addIacDriftAnalytics( analytics.add('iac-drift-total-unmanaged', analysis.summary.total_unmanaged); analytics.add('iac-drift-total-managed', analysis.summary.total_managed); analytics.add('iac-drift-total-missing', analysis.summary.total_missing); - analytics.add('iac-drift-total-changed', analysis.summary.total_changed); analytics.add( 'iac-drift-iac-source-count', analysis.summary.total_iac_source_count, diff --git a/src/lib/errors/describe-exclusive-argument-error.ts b/src/lib/errors/describe-exclusive-argument-error.ts deleted file mode 100644 index e576d7739c..0000000000 --- a/src/lib/errors/describe-exclusive-argument-error.ts +++ /dev/null @@ -1,11 +0,0 @@ -import { CustomError } from './custom-error'; -import { DescribeExclusiveArgs } from '../iac/drift'; - -export class DescribeExclusiveArgumentError extends CustomError { - constructor() { - super( - 'Please use only one of these arguments: ' + - DescribeExclusiveArgs.join(', '), - ); - } -} diff --git a/src/lib/errors/describe-required-argument-error.ts b/src/lib/errors/describe-required-argument-error.ts deleted file mode 100644 index 30b3229bd5..0000000000 --- a/src/lib/errors/describe-required-argument-error.ts +++ /dev/null @@ -1,15 +0,0 @@ -import { CustomError } from './custom-error'; -import chalk from 'chalk'; - -export class DescribeRequiredArgumentError extends CustomError { - constructor() { - super( - chalk.red( - 'Describe command require one of these arguments:\n' + - ' --only-unmanaged: Report resources not under Terraform control\n' + - ' --only-managed: Report resources from Terraform states that changed (may take a while)\n' + - ' --all: Scan for managed and unmanaged resources (may take a while)', - ), - ); - } -} diff --git a/src/lib/iac/drift.ts b/src/lib/iac/drift.ts index 1f02335b2c..fad0c3f883 100644 --- a/src/lib/iac/drift.ts +++ b/src/lib/iac/drift.ts @@ -3,61 +3,14 @@ import { DescribeOptions, DriftAnalysis, DriftctlExecutionResult, - DriftCTLOptions, GenDriftIgnoreOptions, } from './types'; import { Policy } from '../policy/find-and-load-policy'; -import { DescribeExclusiveArgumentError } from '../errors/describe-exclusive-argument-error'; -import { DescribeRequiredArgumentError } from '../errors/describe-required-argument-error'; import snykLogoSVG from './assets/snyk-logo'; import snykFaviconBase64 from './assets/snyk-favicon'; import { getHumanReadableAnalysis } from './drift/output'; import { runDriftCTL } from './drift/driftctl'; -export const DescribeExclusiveArgs = [ - 'all', - 'only-managed', - 'drift', - 'only-unmanaged', -]; - -export const DescribeRequiredArgs = [ - 'all', - 'only-managed', - 'drift', - 'only-unmanaged', -]; - -export const validateArgs = (options: DriftCTLOptions): void => { - if (options.kind === 'describe') { - return validateDescribeArgs(options as DescribeOptions); - } -}; - -const validateDescribeArgs = (options: DescribeOptions): void => { - // Check that there is no more than one of the exclusive arguments - let count = 0; - for (const describeExclusiveArg of DescribeExclusiveArgs) { - if (options[describeExclusiveArg]) { - count++; - } - } - if (count > 1) { - throw new DescribeExclusiveArgumentError(); - } - - // Check we have one of the required arguments - count = 0; - for (const describeRequiredArgs of DescribeRequiredArgs) { - if (options[describeRequiredArgs]) { - count++; - } - } - if (count === 0) { - throw new DescribeRequiredArgumentError(); - } -}; - export const parseDriftAnalysisResults = (input: string): DriftAnalysis => { return JSON.parse(input) as DriftAnalysis; }; @@ -78,10 +31,6 @@ export const updateExcludeInPolicy = ( const excludedResources = driftignoreFromPolicy(policy); const addResource = (res) => excludedResources.push(`${res.type}.${res.id}`); - if (!options['exclude-changed'] && analysis.summary.total_changed > 0) { - analysis.differences?.forEach((change) => addResource(change.res)); - } - if (!options['exclude-missing'] && analysis.summary.total_missing > 0) { analysis.missing?.forEach((res) => addResource(res)); } diff --git a/src/lib/iac/drift/driftctl.ts b/src/lib/iac/drift/driftctl.ts index eee3cf2339..7462bf7b25 100644 --- a/src/lib/iac/drift/driftctl.ts +++ b/src/lib/iac/drift/driftctl.ts @@ -14,7 +14,6 @@ import { createIgnorePattern, verifyServiceMappingExists, } from '../service-mappings'; -import { validateArgs } from '../drift'; import * as debugLib from 'debug'; import { makeRequest } from '../../request'; import * as child_process from 'child_process'; @@ -36,29 +35,29 @@ export const DCTL_EXIT_CODES = { EXIT_ERROR: 2, }; -export const driftctlVersion = 'v0.36.0'; +export const driftctlVersion = 'v0.40.0'; const driftctlChecksums = { driftctl_darwin_amd64: - 'c9b44613694931d5033d16cf6396c2611d115f3c6971c8215c04b6ce321e9bb5', + '4eb86bd4a1e965c2552879795434143f1db974b2d795581b9ddb69d0bd8a245a', 'driftctl_windows_386.exe': - 'e37505fa9875b3d3c29fdfffebbe03f60154aae3e8d7057cad469dfceec47151', + 'a02f079cb128ba46396db9654bc8bb8066ebde0539ebbeb401a40a81dfc8f733', driftctl_darwin_arm64: - 'a18cb7039bf67bf0addf628887cfd12488895492d7e0c3a31a0a51005bc0d583', + 'dfdee8138eb817cc066b8bf915c808fbd53536ee1757b34ca6e518e1c2ad1ba5', driftctl_linux_arm64: - '6dcc235d511546cc3573f5a7b3fc2a825a4dff7e08df481a55f5826ac6802059', + '8816f1378138c2ce585c762e109b5fdd41b7144b915e97759ceae946db023540', 'driftctl_windows_arm.exe': - 'c7bf2d1f268a5c4b6985d02a0d2e98ecf43ef5bc4de14360568f0233e206e471', + '6217151b4168e93ffdd6e005cb1cf03768f371cd6b412f53605fde46343c08d1', driftctl_linux_amd64: - 'f2b388a6f92772e35320cb2240b68dab2c62c87d4a84ffc88bb42020cb0ab805', + '84e2462454956a4df794a24e0f4d2351299212d772b8602fc5070e6174ac1324', 'driftctl_windows_amd64.exe': - '696e067ee37c156b175c51e55481e823fb8601c8d69133cb12ba8a3f2e22aa68', + '1561fd04e3d428c39ae95f81214517bbf62e8333156bf538a2d385005e350c8b', 'driftctl_windows_arm64.exe': - '5531adc30e0d1431b692062bbc7c91536d86f5f5d212a5bd3083fec6007f0be5', + '76f939d836da64fa9dab63f0eeffd09a0de7e353b034296b8f1582cdff6f2a61', driftctl_linux_arm: - 'c6bcd8987f633d310b9872c5635112d8fd479f4117518aa4864fa38874c7869e', + '7f669ca49e152779a09587ff0e58dedd3996229cc8ff3e5cdc371895eaa994f6', driftctl_linux_386: - '864ff0810466ed2917b3347866b5da80fae43e2487b18a563f1d7f299e5f1518', + 'e6bbdf341148e81511d30dd5afe2fa2ef08f3b0b75079bf0bde2b790d75beb8a', }; const dctlBaseUrl = 'https://static.snyk.io/cli/driftctl/'; @@ -150,14 +149,6 @@ const generateScanFlags = async ( args.push('--strict'); } - if (options.deep || options.all) { - args.push('--deep'); - } - - if (options['only-managed'] || options.drift) { - args.push('--only-managed'); - } - if (options['only-unmanaged']) { args.push('--only-unmanaged'); } @@ -238,24 +229,6 @@ export const runDriftCTL = async ({ stdio?: StdioOptions; }): Promise => { const path = await findOrDownload(); - await validateArgs(options); - - if (options.kind === 'describe') { - const descOptions = options as DescribeOptions; - - if ( - descOptions.deep || - descOptions.all || - descOptions['only-managed'] || - descOptions.drift - ) { - process.stderr.write( - `DEPRECATION NOTICE: Drift detection of managed resources,\n` + - `including --only-managed and --drift has been deprecated.\n` + - `The end-of-life date for drift detection of managed resources is September 30. 2023.\n\n`, - ); - } - } const args = await generateArgs(options, driftIgnore); diff --git a/src/lib/iac/drift/output.ts b/src/lib/iac/drift/output.ts index 403c06636a..2f5dae7406 100644 --- a/src/lib/iac/drift/output.ts +++ b/src/lib/iac/drift/output.ts @@ -1,9 +1,6 @@ import { DescribeOptions, - DiffByType, DriftAnalysis, - DriftAnalysisDifference, - DriftChange, DriftResource, MissingByType, UnmanagedByType, @@ -11,201 +8,20 @@ import { import { findServiceMappingForType } from '../service-mappings'; import chalk from 'chalk'; import { leftPad } from 'snyk-cpp-plugin/dist/display/common'; -import { - create as createDiffPatch, - console as consoleFormatter, -} from 'jsondiffpatch'; export function getHumanReadableAnalysis( option: DescribeOptions, analysis: DriftAnalysis, ): string { let output = getHumanReadableHeader(); + output += getHumanReadableUnmanaged(analysis); - if (!option['only-unmanaged']) { - output += getHumanReadableManaged(analysis); - } - if (!option['only-managed'] && !option.drift) { - output += getHumanReadableUnmanaged(analysis); - } - output += getHumanReadableSummary(analysis); - - return output; -} - -function changeAsString(obj: unknown): string { - if (typeof obj === 'string') { - return obj; - } - return JSON.stringify(obj); -} - -function isJsonDiff(driftChange: DriftChange): boolean { - if (!(typeof driftChange.from === 'string')) { - return false; - } - - try { - JSON.parse(driftChange.from); - } catch (e) { - return false; - } - - return true; -} - -function getNonJsonDiff(driftChange: DriftChange): string { - let output = ''; - switch (driftChange.type) { - case 'create': - output += chalk.green('+') + ' ' + driftChange.path.join('.') + ': '; - output += - chalk.bold(changeAsString(driftChange.from)) + - ' => ' + - chalk.green(changeAsString(driftChange.to)); - break; - case 'update': - output += chalk.yellow('~') + ' ' + driftChange.path.join('.') + ': '; - output += - chalk.bold(changeAsString(driftChange.from)) + - ' => ' + - chalk.yellow(changeAsString(driftChange.to)); - break; - case 'delete': - output += chalk.red('-') + ' ' + driftChange.path.join('.') + ': '; - output += chalk.red(changeAsString(driftChange.from)); - break; - default: - output += driftChange.path.join('.') + ': '; - output += - chalk.bold(changeAsString(driftChange.from)) + - ' => ' + - chalk.bold(changeAsString(driftChange.to)); - break; - } - output += '\n'; - return output; -} - -function getJsonDiff(driftChange: DriftChange): string { - let output = ''; - - let from = null; - if (driftChange.from) { - from = JSON.parse(driftChange.from as string); - } - - let to = null; - if (driftChange.to) { - to = JSON.parse(driftChange.to as string); - } - - let diffStr = ''; - const diffPatch = createDiffPatch().diff(from, to); - if (diffPatch) { - diffStr = consoleFormatter.format(diffPatch, from); - } - - switch (driftChange.type) { - case 'create': - output += chalk.green('+') + ' ' + driftChange.path.join('.') + ':\n'; - break; - case 'update': - output += chalk.yellow('~') + ' ' + driftChange.path.join('.') + ':\n'; - break; - case 'delete': - output += chalk.red('-') + ' ' + driftChange.path.join('.') + ':\n'; - break; - default: - output += driftChange.path.join('.') + ':\n'; - break; - } - - for (const elem of diffStr.split('\n')) { - output += addLine(leftPad(elem, 4)); - } - - return output; -} - -function getHumanReadableDrift(analysis: DriftAnalysis): string { - let output = ''; - if (!analysis.differences || analysis.differences.length <= 0) { - return ''; - } - const diffByStates = new Map(); - - for (const difference of analysis.differences) { - let statefile = 'Generated'; - if (difference.res.source) { - statefile = difference.res.source.source; - } - - if (!diffByStates.has(statefile)) { - diffByStates.set(statefile, { - diffByType: new Map(), - count: 0, - }); - } - const hrDiffs = mustGet(diffByStates, statefile); - const type = difference.res.type; - if (!hrDiffs.diffByType.has(type)) { - hrDiffs.diffByType.set(type, []); - } - hrDiffs.diffByType.get(type)?.push(difference); - hrDiffs.count++; + if (analysis.missing && analysis.missing.length > 0) { + output += getHumanReadableMissing(analysis); } - output += addLine( - chalk.bold('Changed resources: ' + analysis.differences.length), - ); - output += '\n'; - for (const state of [...diffByStates.keys()].sort()) { - const hrDiffs = mustGet(diffByStates, state); - output += addLine( - chalk.blue( - 'State: ' + - chalk.bold(state) + - ' [ Changed Resources: ' + - chalk.bold(hrDiffs.count.toString()) + - ' ]', - ), - ); - output += '\n'; - for (const type of [...hrDiffs.diffByType.keys()].sort()) { - output += addLine(leftPad('Resource Type: ' + type, 2)); - const diffs = mustGet(hrDiffs.diffByType, type); - - for (const diff of diffs) { - output += leftPad('ID: ' + chalk.bold(diff.res.id), 4); - if ( - diff.res.human_readable_attributes && - diff.res.human_readable_attributes.size > 0 - ) { - for (const humanReadableAttribute of [ - ...diff.res.human_readable_attributes.keys(), - ].sort()) { - output += - ' ' + - humanReadableAttribute + - ': ' + - diff.res.human_readable_attributes.get(humanReadableAttribute); - } - } - output += '\n'; + output += getHumanReadableSummary(analysis); - for (const driftChange of diff.changelog) { - output += leftPad(''); - if (isJsonDiff(driftChange)) { - output += getJsonDiff(driftChange); - } else { - output += getNonJsonDiff(driftChange); - } - } - output += '\n'; - } - } - } return output; } @@ -262,17 +78,6 @@ function getHumanReadableMissing(analysis: DriftAnalysis): string { return output; } -function getHumanReadableManaged(analysis: DriftAnalysis): string { - let output = ''; - if (analysis.differences && analysis.differences.length > 0) { - output += getHumanReadableDrift(analysis); - } - if (analysis.missing && analysis.missing.length > 0) { - output += getHumanReadableMissing(analysis); - } - return output; -} - function getHumanReadableResourceList(driftResources: DriftResource[]): string { let output = ''; for (const res of driftResources) { @@ -384,15 +189,6 @@ function getHumanReadableSummary(analysis: DriftAnalysis): string { ), ); } - if (analysis.differences) { - output += addLine( - leftPad( - 'Changed Resources: ' + - chalk.bold(analysis.differences.length.toString()), - 2, - ), - ); - } if (analysis.missing) { output += addLine( leftPad( diff --git a/src/lib/iac/types.d.ts b/src/lib/iac/types.d.ts index ba73a8f4ad..67a8a172fc 100644 --- a/src/lib/iac/types.d.ts +++ b/src/lib/iac/types.d.ts @@ -14,7 +14,6 @@ export interface FmtOptions extends DriftCTLOptions { } export interface GenDriftIgnoreOptions { - 'exclude-changed'?: boolean; 'exclude-missing'?: boolean; 'exclude-unmanaged'?: boolean; } @@ -28,11 +27,6 @@ export interface DescribeOptions extends DriftCTLOptions { 'tfc-endpoint'?: string; 'tf-provider-version'?: string; strict?: true; - deep?: true; - 'only-managed'?: true; - drift?: true; - 'only-unmanaged'?: true; - all?: true; driftignore?: string; 'tf-lockfile'?: string; 'config-dir'?: string; @@ -61,27 +55,12 @@ export type DriftResourceAttributes = Map; export type DriftAnalysisSummary = { total_resources: number; - total_changed: number; total_unmanaged: number; total_missing: number; total_managed: number; total_iac_source_count: number; }; -export type DriftAnalysisDifference = { - res: DriftResource; - changelog: DriftChange[]; -}; - -export type DriftChange = { - type: string; - path: string[]; - from: unknown; - to: unknown; - computed: boolean; - json_string?: boolean; -}; - export type DriftAlert = { message: string; }; @@ -90,19 +69,11 @@ export type DriftAlerts = { [key: string]: DriftAlert[]; }; -export type DriftAnalysisOptions = { - deep: boolean; - only_managed: boolean; - only_unmanaged: boolean; -}; - export type DriftAnalysis = { - options: DriftAnalysisOptions; summary: DriftAnalysisSummary; managed?: DriftResource[]; unmanaged?: DriftResource[]; missing?: DriftResource[]; - differences?: DriftAnalysisDifference[]; alerts?: DriftAlerts; coverage: number; scan_duration: number; @@ -114,10 +85,6 @@ interface AnalysisByType { count: number; } -export interface DiffByType extends AnalysisByType { - diffByType: Map; -} - export interface MissingByType extends AnalysisByType { missingByType: Map; } diff --git a/test/fixtures/iac/drift/output/output.json b/test/fixtures/iac/drift/output/output.json index 8e26ffcccb..5248c65008 100644 --- a/test/fixtures/iac/drift/output/output.json +++ b/test/fixtures/iac/drift/output/output.json @@ -1,12 +1,6 @@ { - "options": { - "deep": true, - "only_managed": false, - "only_unmanaged": false - }, "summary": { "total_resources": 6, - "total_changed": 1, "total_unmanaged": 2, "total_missing": 2, "total_managed": 2, @@ -42,25 +36,6 @@ "type": "aws_iam_access_key" } ], - "differences": [ - { - "res": { - "id": "AKIA5QYBVVD25KFXJHYJ", - "type": "aws_iam_access_key" - }, - "changelog": [ - { - "type": "update", - "path": [ - "status" - ], - "from": "Active", - "to": "Inactive", - "computed": false - } - ] - } - ], "coverage": 33, "alerts": { "aws_iam_access_key": [ diff --git a/test/jest/acceptance/iac/describe.spec.ts b/test/jest/acceptance/iac/describe.spec.ts index a0df31150b..ae1bc8fa5f 100644 --- a/test/jest/acceptance/iac/describe.spec.ts +++ b/test/jest/acceptance/iac/describe.spec.ts @@ -48,7 +48,7 @@ describe('iac describe', () => { it('describe fail without the right entitlement', async () => { const { stdout, stderr, exitCode } = await run( - `snyk iac describe --all --org=no-iac-drift-entitlements`, + `snyk iac describe --org=no-iac-drift-entitlements`, { SNYK_DRIFTCTL_PATH: './iac/drift/args-echo', }, @@ -66,7 +66,7 @@ describe('iac describe', () => { } it('Test when driftctl scan exit in error', async () => { - const { stdout, stderr, exitCode } = await run(`snyk iac describe --all`, { + const { stdout, stderr, exitCode } = await run(`snyk iac describe`, { SNYK_FIXTURE_OUTPUT_PATH: outputFile, DCTL_EXIT_CODE: '2', SNYK_DRIFTCTL_PATH: path.join( @@ -82,7 +82,7 @@ describe('iac describe', () => { }); it('Launch driftctl from SNYK_DRIFTCTL_PATH env var when org has the entitlement', async () => { - const { stdout, stderr, exitCode } = await run(`snyk iac describe --all`, { + const { stdout, stderr, exitCode } = await run(`snyk iac describe`, { SNYK_FIXTURE_OUTPUT_PATH: outputFile, SNYK_DRIFTCTL_PATH: path.join( getFixturePath('iac'), @@ -96,7 +96,7 @@ describe('iac describe', () => { // First invocation of driftctl scan triggered by describe cmd expect(output).toContain('DCTL_IS_SNYK=true'); expect(output).toContain( - `ARGS=scan --no-version-check --output json://stdout --deep --config-dir ${paths.cache} --to aws+tf`, + `ARGS=scan --no-version-check --output json://stdout --config-dir ${paths.cache} --to aws+tf`, ); // no second invocation with console output @@ -106,18 +106,29 @@ describe('iac describe', () => { expect(exitCode).toBe(0); }); + it('Download and launch driftctl when executable is not found and org has the entitlement', async () => { + const cachedir = path.join(os.tmpdir(), 'driftctl_download_' + Date.now()); + const { stderr, exitCode } = await run(`snyk iac describe`, { + SNYK_DRIFTCTL_URL: apiUrl + '/download/driftctl', + SNYK_CACHE_PATH: cachedir, + }); + + expect(stderr).toMatch('download ok'); + expect(exitCode).toBe(2); + expect( + fs.existsSync(path.join(cachedir, 'driftctl_' + driftctlVersion)), + ).toBe(true); + }); + it('Launch driftctl from SNYK_DRIFTCTL_PATH with html output', async () => { - const { stdout, stderr, exitCode } = await run( - `snyk iac describe --all --html`, - { - SNYK_FIXTURE_OUTPUT_PATH: outputFile, - SNYK_DRIFTCTL_PATH: path.join( - getFixturePath('iac'), - 'drift', - 'args-echo.sh', - ), - }, - ); + const { stdout, stderr, exitCode } = await run(`snyk iac describe --html`, { + SNYK_FIXTURE_OUTPUT_PATH: outputFile, + SNYK_DRIFTCTL_PATH: path.join( + getFixturePath('iac'), + 'drift', + 'args-echo.sh', + ), + }); const output = fs.readFileSync(outputFile).toString(); const expectedPipedOutput = fs @@ -129,7 +140,7 @@ describe('iac describe', () => { // First invocation of driftctl scan triggered by describe cmd expect(output).toContain('DCTL_IS_SNYK=true'); expect(output).toContain( - `ARGS=scan --no-version-check --output json://stdout --deep --config-dir ${paths.cache} --to aws+tf`, + `ARGS=scan --no-version-check --output json://stdout --config-dir ${paths.cache} --to aws+tf`, ); // Second invocation of driftctl fmt triggered by describe cmd @@ -159,8 +170,8 @@ describe('iac describe', () => { }); it('Launch driftctl with html output format', async () => { - const { stdout, stderr, exitCode } = await run( - `snyk iac describe --all --html-file-output=${htmlFile}`, + const { stdout, exitCode } = await run( + `snyk iac describe --html-file-output=${htmlFile}`, { SNYK_FIXTURE_OUTPUT_PATH: outputFile, SNYK_DRIFTCTL_PATH: path.join( @@ -172,7 +183,6 @@ describe('iac describe', () => { ); expect(stdout).toBe(''); - expect(stderr).toContain('DEPRECATION NOTICE'); expect(exitCode).toBe(0); const output = fs.readFileSync(outputFile).toString(); @@ -180,7 +190,7 @@ describe('iac describe', () => { // First invocation of driftctl scan triggered by describe cmd expect(output).toContain('DCTL_IS_SNYK=true'); expect(output).toContain( - `ARGS=scan --no-version-check --output json://stdout --deep --config-dir ${paths.cache} --to aws+tf`, + `ARGS=scan --no-version-check --output json://stdout --config-dir ${paths.cache} --to aws+tf`, ); // Second invocation of driftctl fmt triggered by describe cmd @@ -190,20 +200,6 @@ describe('iac describe', () => { ); }); }); - - it('Download and launch driftctl when executable is not found and org has the entitlement', async () => { - const cachedir = path.join(os.tmpdir(), 'driftctl_download_' + Date.now()); - const { stderr, exitCode } = await run(`snyk iac describe --all`, { - SNYK_DRIFTCTL_URL: apiUrl + '/download/driftctl', - SNYK_CACHE_PATH: cachedir, - }); - - expect(stderr).toMatch('download ok'); - expect(exitCode).toBe(2); - expect( - fs.existsSync(path.join(cachedir, 'driftctl_' + driftctlVersion)), - ).toBe(true); - }); }); describe('processDriftctlOutput', () => { diff --git a/test/jest/acceptance/iac/update-exclude-policy.spec.ts b/test/jest/acceptance/iac/update-exclude-policy.spec.ts index 0e1e76f906..fb6d10dde2 100644 --- a/test/jest/acceptance/iac/update-exclude-policy.spec.ts +++ b/test/jest/acceptance/iac/update-exclude-policy.spec.ts @@ -59,7 +59,6 @@ describe('iac update-exclude-policy', () => { const policy = await findAndLoadPolicy(tmpFolderPath, 'iac', {}); const expectedExcludes = { 'iac-drift': [ - 'aws_iam_access_key.AKIA5QYBVVD25KFXJHYJ', 'aws_iam_user.test-driftctl2', 'aws_iam_access_key.AKIA5QYBVVD2Y6PBAAPY', 'aws_s3_bucket_policy.driftctl', diff --git a/test/jest/unit/lib/iac/drift/drift.spec.ts b/test/jest/unit/lib/iac/drift/drift.spec.ts index 7fe4e2c257..b37b9f3734 100644 --- a/test/jest/unit/lib/iac/drift/drift.spec.ts +++ b/test/jest/unit/lib/iac/drift/drift.spec.ts @@ -4,7 +4,6 @@ import { driftignoreFromPolicy, parseDriftAnalysisResults, updateExcludeInPolicy, - validateArgs, } from '../../../../../../src/lib/iac/drift'; import envPaths from 'env-paths'; import { EXIT_CODES } from '../../../../../../src/cli/exit-codes'; @@ -13,15 +12,12 @@ import * as path from 'path'; import { DescribeOptions, DriftAnalysis, - DriftCTLOptions, GenDriftIgnoreOptions, } from '../../../../../../src/lib/iac/types'; import { addIacDriftAnalytics } from '../../../../../../src/cli/commands/test/iac/local-execution/analytics'; import * as analytics from '../../../../../../src/lib/analytics'; import * as snykPolicy from 'snyk-policy'; import { Policy } from '../../../../../../src/lib/policy/find-and-load-policy'; -import { DescribeRequiredArgumentError } from '../../../../../../src/lib/errors/describe-required-argument-error'; -import { DescribeExclusiveArgumentError } from '../../../../../../src/lib/errors/describe-exclusive-argument-error'; import { DCTL_EXIT_CODES, driftctlVersion, @@ -52,44 +48,6 @@ describe('driftctl integration', () => { ]); }); - it('describe: --all enable deep mode', async () => { - { - const args = await generateArgs( - { kind: 'describe', all: true } as DescribeOptions, - [], - ); - expect(args).toEqual([ - 'scan', - '--no-version-check', - '--output', - 'json://stdout', - '--deep', - '--config-dir', - paths.cache, - '--to', - 'aws+tf', - ]); - } - - { - const args = await generateArgs( - { kind: 'describe', all: true, deep: true } as DescribeOptions, - [], - ); - expect(args).toEqual([ - 'scan', - '--no-version-check', - '--output', - 'json://stdout', - '--deep', - '--config-dir', - paths.cache, - '--to', - 'aws+tf', - ]); - } - }); - it('describe: passing options generate correct arguments', async () => { const args = await generateArgs( { @@ -99,7 +57,6 @@ describe('driftctl integration', () => { 'tf-provider-version': 'tfproviderversion', 'tfc-endpoint': 'tfcendpoint', 'tfc-token': 'tfctoken', - deep: true, driftignore: 'driftignore', filter: 'filter', from: 'from', @@ -107,8 +64,6 @@ describe('driftctl integration', () => { quiet: true, strict: true, to: 'to', - 'only-managed': true, - 'only-unmanaged': true, } as DescribeOptions, ['*', '!aws_s3_bucket'], ); @@ -129,9 +84,6 @@ describe('driftctl integration', () => { '--tf-provider-version', 'tfproviderversion', '--strict', - '--deep', - '--only-managed', - '--only-unmanaged', '--driftignore', 'driftignore', '--tf-lockfile', @@ -170,24 +122,6 @@ describe('driftctl integration', () => { ]); }); - it('describe: argument are validated correctly', async () => { - expect(() => { - validateArgs({ kind: 'describe' }); - }).toThrow(new DescribeRequiredArgumentError()); - - expect(() => { - validateArgs({ kind: 'describe', all: true } as DriftCTLOptions); - }).not.toThrow(); - - expect(() => { - validateArgs({ - kind: 'describe', - all: true, - drift: true, - } as DriftCTLOptions); - }).toThrow(new DescribeExclusiveArgumentError()); - }); - it('run driftctl: exit code is translated', () => { expect(translateExitCode(DCTL_EXIT_CODES.EXIT_IN_SYNC)).toEqual(0); expect(translateExitCode(DCTL_EXIT_CODES.EXIT_NOT_IN_SYNC)).toEqual( @@ -227,23 +161,6 @@ describe('parseDriftAnalysisResults', () => { type: 'aws_iam_access_key', }, ], - differences: [ - { - res: { - id: 'AKIA5QYBVVD25KFXJHYJ', - type: 'aws_iam_access_key', - }, - changelog: [ - { - computed: false, - from: 'Active', - path: ['status'], - to: 'Inactive', - type: 'update', - }, - ], - }, - ], managed: [ { id: 'AKIA5QYBVVD25KFXJHYJ', @@ -254,17 +171,11 @@ describe('parseDriftAnalysisResults', () => { type: 'aws_iam_user', }, ], - options: { - deep: true, - only_managed: false, - only_unmanaged: false, - }, provider_name: 'AWS', provider_version: '2.18.5', scan_duration: 123, summary: { total_missing: 2, - total_changed: 1, total_iac_source_count: 3, total_managed: 2, total_resources: 6, @@ -290,14 +201,14 @@ describe('drift analytics', () => { it('should add most of all drift analytics depending on a given analysis', () => { const addAnalyticsSpy = jest.spyOn(analytics, 'add'); - const options: DescribeOptions = { kind: 'describe', deep: true }; + const options: DescribeOptions = { kind: 'describe' }; const driftAnalysisFile = fs.readFileSync( path.resolve(__dirname, `fixtures/driftctl-analysis.json`), ); const analysis = parseDriftAnalysisResults(driftAnalysisFile.toString()); addIacDriftAnalytics(analysis, options); - expect(addAnalyticsSpy).toHaveBeenCalledTimes(12); + expect(addAnalyticsSpy).toHaveBeenCalledTimes(11); expect(addAnalyticsSpy).toHaveBeenCalledWith('iac-drift-coverage', 33); expect(addAnalyticsSpy).toHaveBeenCalledWith( 'iac-drift-total-resources', @@ -309,7 +220,6 @@ describe('drift analytics', () => { ); expect(addAnalyticsSpy).toHaveBeenCalledWith('iac-drift-total-managed', 2); expect(addAnalyticsSpy).toHaveBeenCalledWith('iac-drift-total-missing', 2); - expect(addAnalyticsSpy).toHaveBeenCalledWith('iac-drift-total-changed', 1); expect(addAnalyticsSpy).toHaveBeenCalledWith( 'iac-drift-iac-source-count', 3, @@ -387,7 +297,6 @@ describe('updateExcludeInPolicy', () => { {}, { 'iac-drift': [ - 'aws_iam_access_key.AKIA5QYBVVD25KFXJHYJ', 'aws_iam_user.test-driftctl2', 'aws_iam_access_key.AKIA5QYBVVD2Y6PBAAPY', 'aws_s3_bucket_policy.driftctl', @@ -402,7 +311,6 @@ describe('updateExcludeInPolicy', () => { { foo: ['bar'], 'iac-drift': [ - 'aws_iam_access_key.AKIA5QYBVVD25KFXJHYJ', 'aws_iam_user.test-driftctl2', 'aws_iam_access_key.AKIA5QYBVVD2Y6PBAAPY', 'aws_s3_bucket_policy.driftctl', @@ -416,7 +324,6 @@ describe('updateExcludeInPolicy', () => { {}, { 'iac-drift': [ - 'aws_iam_access_key.AKIA5QYBVVD25KFXJHYJ', 'aws_iam_user.test-driftctl2', 'aws_iam_access_key.AKIA5QYBVVD2Y6PBAAPY', 'aws_s3_bucket_policy.driftctl', @@ -437,22 +344,6 @@ describe('updateExcludeInPolicy', () => { 'aws_s3_bucket.*', 'aws_s3_bucket.name*', // Following exclude are the new ones - 'aws_iam_access_key.AKIA5QYBVVD25KFXJHYJ', - 'aws_iam_user.test-driftctl2', - 'aws_iam_access_key.AKIA5QYBVVD2Y6PBAAPY', - 'aws_s3_bucket_policy.driftctl', - 'aws_s3_bucket_notification.driftctl', - ], - }, - ], - [ - 'with exclude changed option', - 'policy-no-excludes.yml', - { - 'exclude-changed': true, - }, - { - 'iac-drift': [ 'aws_iam_user.test-driftctl2', 'aws_iam_access_key.AKIA5QYBVVD2Y6PBAAPY', 'aws_s3_bucket_policy.driftctl', @@ -468,7 +359,6 @@ describe('updateExcludeInPolicy', () => { }, { 'iac-drift': [ - 'aws_iam_access_key.AKIA5QYBVVD25KFXJHYJ', 'aws_s3_bucket_policy.driftctl', 'aws_s3_bucket_notification.driftctl', ], @@ -482,7 +372,6 @@ describe('updateExcludeInPolicy', () => { }, { 'iac-drift': [ - 'aws_iam_access_key.AKIA5QYBVVD25KFXJHYJ', 'aws_iam_user.test-driftctl2', 'aws_iam_access_key.AKIA5QYBVVD2Y6PBAAPY', ], @@ -501,39 +390,14 @@ describe('Test describe output', () => { return fs.readFileSync(filePath, 'utf-8'); }; - it('test output for known analysis with --all', () => { - const analysis = JSON.parse(loadFile('alldeep.json')); - const options: DescribeOptions = { - kind: 'describe', - all: true, - }; - const hrAnalysis = getHumanReadableAnalysis(options, analysis); - - const expectedOutput = loadFile('alldeep.console'); - expect(hrAnalysis).toBe(expectedOutput); - }); - - it('test output for known analysis with --only-managed', () => { - const analysis = JSON.parse(loadFile('only-managed.json')); - const options: DescribeOptions = { - kind: 'describe', - 'only-managed': true, - }; - const hrAnalysis = getHumanReadableAnalysis(options, analysis); - - const expectedOutput = loadFile('only-managed.console'); - expect(hrAnalysis).toBe(expectedOutput); - }); - - it('test output for known analysis with --only-unmanaged', () => { - const analysis = JSON.parse(loadFile('only-unmanaged.json')); + it('test output for known analysis', () => { + const analysis = JSON.parse(loadFile('all.json')); const options: DescribeOptions = { kind: 'describe', - 'only-unmanaged': true, }; const hrAnalysis = getHumanReadableAnalysis(options, analysis); - const expectedOutput = loadFile('only-unmanaged.console'); + const expectedOutput = loadFile('all.console'); expect(hrAnalysis).toBe(expectedOutput); }); }); diff --git a/test/jest/unit/lib/iac/drift/fixtures/alldeep.console b/test/jest/unit/lib/iac/drift/fixtures/all.console similarity index 81% rename from test/jest/unit/lib/iac/drift/fixtures/alldeep.console rename to test/jest/unit/lib/iac/drift/fixtures/all.console index c778914caa..7e4796baec 100644 --- a/test/jest/unit/lib/iac/drift/fixtures/alldeep.console +++ b/test/jest/unit/lib/iac/drift/fixtures/all.console @@ -3,55 +3,6 @@ Info: Resources under IaC, but different to terraform states. Resolve: Reapply IaC resources or update into terraform. -Changed resources: 3 - -State: tfstate://../driftctl/terraform.tfstate [ Changed Resources: 3 ] - - Resource Type: aws_iam_policy - ID: arn:aws:iam::526954929923:policy/sqshandlingpolicy - ~ policy: - { - Statement: [ - 0: { - Action: [ -  "sqs:ReceiveMessage", -  "sqs:DeleteMessage", -  "sqs:GetQueueAttributes" -  ] => "sqs:*" - Effect: "Allow" - Resource: "*" - Sid: "VisualEditor0" - } - ] - Version: "2012-10-17" - } - - Resource Type: aws_s3_bucket - ID: bucketwithenvtag - + tags.ThisTagIsNew: null => True - - ID: bucketwithouttags - + tags: null => {"Environement":"Prod"} - -Missing resources: 5 - -State: Generated [ Missing Resources: 2 ] - - Resource Type: aws_iam_policy_attachment - ID: loadbalancer-arn:aws:iam::526954929923:policy/s3listingpolicy - ID: loadbalancer-arn:aws:iam::526954929923:policy/sqshandlingpolicy - -State: tfstate://../driftctl/terraform.tfstate [ Missing Resources: 3 ] - - Resource Type: aws_iam_access_key - ID: AKIAXVMHWD4BSY5AP345 - - Resource Type: aws_iam_user - ID: loadbalancer - - Resource Type: aws_iam_user_policy - ID: loadbalancer:lb_ec2_ro - Unmanaged resources: 35 Service: Unidentified [ Unmanaged Resources: 2 ] @@ -133,10 +84,28 @@ Resource Type: aws_internet_gateway ID: igw-037afbaa8a4926de5 +Missing resources: 5 + +State: Generated [ Missing Resources: 2 ] + + Resource Type: aws_iam_policy_attachment + ID: loadbalancer-arn:aws:iam::526954929923:policy/s3listingpolicy + ID: loadbalancer-arn:aws:iam::526954929923:policy/sqshandlingpolicy + +State: tfstate://../driftctl/terraform.tfstate [ Missing Resources: 3 ] + + Resource Type: aws_iam_access_key + ID: AKIAXVMHWD4BSY5AP345 + + Resource Type: aws_iam_user + ID: loadbalancer + + Resource Type: aws_iam_user_policy + ID: loadbalancer:lb_ec2_ro + Test Summary Managed Resources: 8 - Changed Resources: 3 Missing Resources: 5 Unmanaged Resources: 35 diff --git a/test/jest/unit/lib/iac/drift/fixtures/alldeep.json b/test/jest/unit/lib/iac/drift/fixtures/all.json similarity index 82% rename from test/jest/unit/lib/iac/drift/fixtures/alldeep.json rename to test/jest/unit/lib/iac/drift/fixtures/all.json index ef8084cb3d..d271a9e379 100644 --- a/test/jest/unit/lib/iac/drift/fixtures/alldeep.json +++ b/test/jest/unit/lib/iac/drift/fixtures/all.json @@ -1,12 +1,6 @@ { - "options": { - "deep": true, - "only_managed": false, - "only_unmanaged": false - }, "summary": { "total_resources": 48, - "total_changed": 3, "total_unmanaged": 35, "total_missing": 5, "total_managed": 8, @@ -319,77 +313,6 @@ } } ], - "differences": [ - { - "res": { - "id": "arn:aws:iam::526954929923:policy/sqshandlingpolicy", - "type": "aws_iam_policy", - "source": { - "source": "tfstate://../driftctl/terraform.tfstate", - "namespace": "", - "internal_name": "sqshandlingpolicy" - } - }, - "changelog": [ - { - "type": "update", - "path": [ - "policy" - ], - "from": "{\"Statement\":[{\"Action\":[\"sqs:ReceiveMessage\",\"sqs:DeleteMessage\",\"sqs:GetQueueAttributes\"],\"Effect\":\"Allow\",\"Resource\":\"*\"}],\"Version\":\"2012-10-17\"}", - "to": "{\"Statement\":[{\"Action\":\"sqs:*\",\"Effect\":\"Allow\",\"Resource\":\"*\",\"Sid\":\"VisualEditor0\"}],\"Version\":\"2012-10-17\"}", - "computed": false - } - ] - }, - { - "res": { - "id": "bucketwithenvtag", - "type": "aws_s3_bucket", - "source": { - "source": "tfstate://../driftctl/terraform.tfstate", - "namespace": "", - "internal_name": "bucket-with-env-tag" - } - }, - "changelog": [ - { - "type": "create", - "path": [ - "tags", - "ThisTagIsNew" - ], - "from": null, - "to": "True", - "computed": false - } - ] - }, - { - "res": { - "id": "bucketwithouttags", - "type": "aws_s3_bucket", - "source": { - "source": "tfstate://../driftctl/terraform.tfstate", - "namespace": "", - "internal_name": "bucket-without-tags" - } - }, - "changelog": [ - { - "type": "create", - "path": [ - "tags" - ], - "from": null, - "to": { - "Environement": "Prod" - }, - "computed": false - } - ] - } - ], "coverage": 16, "alerts": null, "provider_name": "aws", diff --git a/test/jest/unit/lib/iac/drift/fixtures/driftctl-analysis.json b/test/jest/unit/lib/iac/drift/fixtures/driftctl-analysis.json index 8e26ffcccb..5248c65008 100644 --- a/test/jest/unit/lib/iac/drift/fixtures/driftctl-analysis.json +++ b/test/jest/unit/lib/iac/drift/fixtures/driftctl-analysis.json @@ -1,12 +1,6 @@ { - "options": { - "deep": true, - "only_managed": false, - "only_unmanaged": false - }, "summary": { "total_resources": 6, - "total_changed": 1, "total_unmanaged": 2, "total_missing": 2, "total_managed": 2, @@ -42,25 +36,6 @@ "type": "aws_iam_access_key" } ], - "differences": [ - { - "res": { - "id": "AKIA5QYBVVD25KFXJHYJ", - "type": "aws_iam_access_key" - }, - "changelog": [ - { - "type": "update", - "path": [ - "status" - ], - "from": "Active", - "to": "Inactive", - "computed": false - } - ] - } - ], "coverage": 33, "alerts": { "aws_iam_access_key": [