multycloud · goncalo-rodrigues · Aug 12, 2022 · Aug 12, 2022
diff --git a/resources/output/iam/aws_iam_role.go b/resources/output/iam/aws_iam_role.go
@@ -34,7 +34,7 @@ type AwsIamRolePolicyAttachment struct {
 
 type AwsIamRolePolicyAttachmentForVap struct {
 	*common.AwsResource `hcl:",squash" default:"name=aws_iam_role_policy_attachment"`
-	Role                string `hcl:"role"`
+	Role                string `hcl:"role" json:"role"`
 	PolicyArn           string `hcl:"policy_arn,expr"`
 }
 

diff --git a/resources/output/route_table/gcp_route_table.go b/resources/output/route_table/gcp_route_table.go
@@ -10,5 +10,5 @@ type GoogleComputeRoute struct {
 	Network             string   `hcl:"network,expr"`
 	Priority            int      `hcl:"priority"`
 	Tags                []string `hcl:"tags"`
-	NextHopGateway      string   `hcl:"next_hop_gateway"`
+	NextHopGateway      string   `hcl:"next_hop_gateway" json:"next_hop_gateway"`
 }
diff --git a/resources/output/vault/azurerm_key_vault.go b/resources/output/vault/azurerm_key_vault.go
@@ -13,7 +13,7 @@ type AzureKeyVault struct {
 
 type AzureKeyVaultAccessPolicyInline struct {
 	TenantId                  string `hcl:"tenant_id,expr"`
-	ObjectId                  string `hcl:"object_id,expr"`
+	ObjectId                  string `hcl:"object_id,expr" json:"object_id"`
 	*AzureKeyVaultPermissions `hcl:",squash"`
 }
 

diff --git a/resources/output/vault_access_policy/gcp_secret_iam_member.go b/resources/output/vault_access_policy/gcp_secret_iam_member.go
@@ -10,6 +10,6 @@ type GoogleSecretManagerSecretIamMember struct {
 	*common.GcpResource `hcl:",squash"  default:"name=google_secret_manager_secret_iam_member"`
 
 	SecretId string `hcl:"secret_id,expr"`
-	Role     string `hcl:"role"`
-	Member   string `hcl:"member"`
+	Role     string `hcl:"role" json:"role"`
+	Member   string `hcl:"member" json:"member"`
 }
diff --git a/resources/types/aws/vault_access_policy.go b/resources/types/aws/vault_access_policy.go
@@ -37,15 +37,32 @@ func (r AwsVaultAccessPolicy) FromState(state *output.TfState) (*resourcespb.Vau
 		return out, nil
 	}
 
-	stateResource, err := output.GetParsedById[iam.AwsIamRolePolicy](state, r.ResourceId)
-	if err != nil {
-		return nil, err
+	// TODO: parse access
+	statuses := map[string]commonpb.ResourceStatus_Status{}
+	if stateResource, exists, err := output.MaybeGetParsedById[iam.AwsIamRolePolicy](state, r.ResourceId); exists {
+		if err != nil {
+			return nil, err
+		}
+
+		out.AwsOutputs = &resourcespb.VaultAccessPolicyAwsOutputs{
+			IamPolicyArn: stateResource.Arn,
+		}
+	} else {
+		statuses["aws_iam_role_policy"] = commonpb.ResourceStatus_NEEDS_CREATE
 	}
 
-	out.AwsOutputs = &resourcespb.VaultAccessPolicyAwsOutputs{
-		IamPolicyArn: stateResource.Arn,
+	if stateResource, exists, err := output.MaybeGetParsedById[iam.AwsIamRolePolicyAttachmentForVap](state, r.ResourceId); exists {
+		if err != nil {
+			return nil, err
+		}
+		out.Identity = stateResource.Role
+	} else {
+		statuses["aws_iam_role_policy_attachment"] = commonpb.ResourceStatus_NEEDS_CREATE
 	}
 
+	if len(statuses) > 0 {
+		out.CommonParameters.ResourceStatus = &commonpb.ResourceStatus{Statuses: statuses}
+	}
 	return out, nil
 }
 

diff --git a/resources/types/azure/vault_access_policy.go b/resources/types/azure/vault_access_policy.go
@@ -36,13 +36,22 @@ func (r AzureVaultAccessPolicy) FromState(state *output.TfState) (*resourcespb.V
 		return out, nil
 	}
 
-	stateResource, err := output.GetParsedById[vault_access_policy.AzureKeyVaultAccessPolicy](state, r.ResourceId)
-	if err != nil {
-		return nil, err
-	}
+	// TODO: parse access
+	statuses := map[string]commonpb.ResourceStatus_Status{}
+	if stateResource, exists, err := output.MaybeGetParsedById[vault_access_policy.AzureKeyVaultAccessPolicy](state, r.ResourceId); exists {
+		if err != nil {
+			return nil, err
+		}
 
-	out.AzureOutputs = &resourcespb.VaultAccessPolicyAzureOutputs{KeyVaultAccessPolicyId: stateResource.ResourceId}
+		out.AzureOutputs = &resourcespb.VaultAccessPolicyAzureOutputs{KeyVaultAccessPolicyId: stateResource.ResourceId}
+		out.Identity = stateResource.ObjectId
+	} else {
+		statuses["azure_key_vault_access_policy"] = commonpb.ResourceStatus_NEEDS_CREATE
+	}
 
+	if len(statuses) > 0 {
+		out.CommonParameters.ResourceStatus = &commonpb.ResourceStatus{Statuses: statuses}
+	}
 	return out, nil
 }
 

diff --git a/resources/types/gcp/route_table.go b/resources/types/gcp/route_table.go
@@ -12,6 +12,7 @@ import (
 	"github.com/multycloud/multy/resources/output/virtual_network"
 	"github.com/multycloud/multy/resources/types"
 	"golang.org/x/exp/slices"
+	"strings"
 )
 
 type GcpRouteTable struct {
@@ -98,7 +99,9 @@ func (r GcpRouteTable) FromState(state *output.TfState) (*resourcespb.RouteTable
 				Destination: resourcespb.RouteDestination_INTERNET,
 			}
 
-			if stateResource.NextHopGateway != "default-internet-gateway" {
+			// https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_route
+			// can be a partial or full url
+			if !strings.HasSuffix(stateResource.NextHopGateway, "default-internet-gateway") {
 				route.Destination = resourcespb.RouteDestination_UNKNOWN_DESTINATION
 			}
 			routes = append(routes, route)

diff --git a/resources/types/gcp/vault_access_policy.go b/resources/types/gcp/vault_access_policy.go
@@ -37,6 +37,7 @@ func (r GcpVaultAccessPolicy) FromState(state *output.TfState) (*resourcespb.Vau
 	}
 
 	out.GcpOutputs = &resourcespb.VaultAccessPolicyGcpOutputs{}
+	statuses := map[string]commonpb.ResourceStatus_Status{}
 
 	var ids []string
 
@@ -51,13 +52,24 @@ func (r GcpVaultAccessPolicy) FromState(state *output.TfState) (*resourcespb.Vau
 	}
 
 	for _, resourceId := range ids {
-		stateResource, err := output.GetParsedById[vault_access_policy.GoogleSecretManagerSecretIamMember](state, resourceId)
-		if err != nil {
-			return nil, err
+		if stateResource, exists, err := output.MaybeGetParsedById[vault_access_policy.GoogleSecretManagerSecretIamMember](state, resourceId); exists {
+			if err != nil {
+				return nil, err
+			}
+			out.GcpOutputs.SecretManagerSecretIamMembershipId = append(out.GcpOutputs.SecretManagerSecretIamMembershipId, stateResource.ResourceId)
+			out.Access = getVaultAccess(stateResource.Role)
+			out.Identity = getIdentity(stateResource.Member)
+			if out.Access != r.Args.Access || out.Identity != r.Args.Identity {
+				statuses[fmt.Sprintf("gcp_secret_manager_secret_iam_member_%s", resourceId)] = commonpb.ResourceStatus_NEEDS_UPDATE
+			}
+		} else {
+			statuses[fmt.Sprintf("gcp_secret_manager_secret_iam_member_%s", resourceId)] = commonpb.ResourceStatus_NEEDS_CREATE
 		}
-		out.GcpOutputs.SecretManagerSecretIamMembershipId = append(out.GcpOutputs.SecretManagerSecretIamMembershipId, stateResource.ResourceId)
 	}
 
+	if len(statuses) > 0 {
+		out.CommonParameters.ResourceStatus = &commonpb.ResourceStatus{Statuses: statuses}
+	}
 	return out, nil
 }
 
@@ -99,6 +111,26 @@ func getGcpIamRole(acl resourcespb.VaultAccess_Enum) (string, error) {
 	}
 }
 
+func getVaultAccess(acl string) resourcespb.VaultAccess_Enum {
+	switch acl {
+	case vault_access_policy.SecretAccessorRole:
+		return resourcespb.VaultAccess_READ
+	case vault_access_policy.SecretWriterRole:
+		return resourcespb.VaultAccess_WRITE
+	case vault_access_policy.SecretOwnerRole:
+		return resourcespb.VaultAccess_OWNER
+	default:
+		return resourcespb.VaultAccess_UNKNOWN
+	}
+}
+
+func getIdentity(member string) string {
+	if strings.HasPrefix(member, "serviceAccount:") {
+		return strings.TrimPrefix(member, "serviceAccount:")
+	}
+	return "unknown"
+}
+
 func (r GcpVaultAccessPolicy) GetMainResourceName() (string, error) {
 	return "", fmt.Errorf("no main resource in vault_access_policy for gcp")
 }