Documentation ¶
Index ¶
- type AwsALBListenerTransformer
- type AwsALBTransformer
- type AwsApiGatewayApiExpander
- type AwsApiGatewayBasePathMappingReconciler
- type AwsApiGatewayDeploymentExpander
- type AwsApiGatewayDomainNamesReconciler
- type AwsApiGatewayResourceExpander
- type AwsApiGatewayRestApiPolicyExpander
- type AwsBucketPolicyExpander
- type AwsConsoleApiGatewayGatewayResponse
- type AwsDefaultApiGatewayAccount
- type AwsDefaultInternetGateway
- type AwsDefaultInternetGatewayRoute
- type AwsDefaultNetworkACL
- type AwsDefaultNetworkACLRule
- type AwsDefaultRoute
- type AwsDefaultRouteTable
- type AwsDefaultSQSQueuePolicy
- type AwsDefaultSecurityGroupRule
- type AwsDefaultSubnet
- type AwsDefaultVPC
- type AwsDefaults
- type AwsEbsEncryptionByDefaultReconciler
- type AwsInstanceBlockDeviceResourceMapper
- type AwsInstanceEIP
- type AwsNatGatewayEipAssoc
- type AwsNetworkACLExpander
- type AwsRDSClusterInstanceExpander
- type AwsRoleManagedPolicyExpander
- type AwsRouteTableExpander
- type AwsS3BucketPublicAccessBlockReconciler
- type AwsSNSTopicPolicyExpander
- type AwsSQSQueuePolicyExpander
- type AzurermRouteExpander
- type AzurermSubnetExpander
- type Chain
- type EipAssociationExpander
- type GoogleComputeInstanceGroupManagerReconciler
- type GoogleDefaultIAMMember
- type GoogleIAMBindingTransformer
- type GoogleLegacyBucketIAMMember
- type GoogleStorageBucketIAMPolicyTransformer
- type IamPolicyAttachmentExpander
- type IamPolicyAttachmentTransformer
- type Middleware
- type OpenAPIAwsExtensions
- type OpenAPIAwsMethodExtensions
- type Route53DefaultZoneRecordSanitizer
- type Route53RecordIDReconcilier
- type S3BucketAcl
- type TagsAllManager
- type VPCDefaultSecurityGroupSanitizer
- type VPCSecurityGroupRuleSanitizer
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type AwsALBListenerTransformer ¶ added in v0.29.0
type AwsALBListenerTransformer struct {
// contains filtered or unexported fields
}
AwsALBListenerTransformer is a simple middleware to turn all aws_alb_listener resources into aws_lb_listener ones Both types provide the same functionality, but we can't know which one was used to provision cloud resources. So we use aws_lb_listener as the common type.
func NewAwsALBListenerTransformer ¶ added in v0.29.0
func NewAwsALBListenerTransformer(resourceFactory resource.ResourceFactory) AwsALBListenerTransformer
type AwsALBTransformer ¶ added in v0.27.0
type AwsALBTransformer struct {
// contains filtered or unexported fields
}
AwsALBTransformer is a simple middleware to turn all aws_alb resources into aws_lb ones Both types provide the same functionality, but we can't know which one was used to provision cloud resources. So we use aws_lb as the common type.
func NewAwsALBTransformer ¶ added in v0.27.0
func NewAwsALBTransformer(resourceFactory resource.ResourceFactory) AwsALBTransformer
type AwsApiGatewayApiExpander ¶ added in v0.19.0
type AwsApiGatewayApiExpander struct {
// contains filtered or unexported fields
}
Explodes the body attribute of api gateway apis v1|v2 to dedicated resources as per Terraform documentations (https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/api_gateway_rest_api) (https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/apigatewayv2_api)
func NewAwsApiGatewayApiExpander ¶ added in v0.19.0
func NewAwsApiGatewayApiExpander(resourceFactory resource.ResourceFactory) AwsApiGatewayApiExpander
type AwsApiGatewayBasePathMappingReconciler ¶ added in v0.28.1
type AwsApiGatewayBasePathMappingReconciler struct{}
AwsApiGatewayBasePathMappingReconciler is used to reconcile API Gateway base path mapping (v1 and v2) from both remote and state resources because v1|v2 AWS SDK list endpoints return all mappings without distinction.
func NewAwsApiGatewayBasePathMappingReconciler ¶ added in v0.28.1
func NewAwsApiGatewayBasePathMappingReconciler() AwsApiGatewayBasePathMappingReconciler
type AwsApiGatewayDeploymentExpander ¶
type AwsApiGatewayDeploymentExpander struct {
// contains filtered or unexported fields
}
Create a aws_api_gateway_stage resource from a aws_api_gateway_deployment resource and ignore the latter resource since we don't support it
func NewAwsApiGatewayDeploymentExpander ¶
func NewAwsApiGatewayDeploymentExpander(resourceFactory resource.ResourceFactory) AwsApiGatewayDeploymentExpander
type AwsApiGatewayDomainNamesReconciler ¶ added in v0.19.0
type AwsApiGatewayDomainNamesReconciler struct{}
Used to reconcile API Gateway domain names (v1 and v2) from both remote and state resources because v1|v2 AWS SDK list endpoints return all domain names without distinction
func NewAwsApiGatewayDomainNamesReconciler ¶ added in v0.19.0
func NewAwsApiGatewayDomainNamesReconciler() AwsApiGatewayDomainNamesReconciler
type AwsApiGatewayResourceExpander ¶
type AwsApiGatewayResourceExpander struct {
// contains filtered or unexported fields
}
Explodes api gateway default resource found in aws_api_gateway_rest_api.root_resource_id from state resources to dedicated resources
func NewAwsApiGatewayResourceExpander ¶
func NewAwsApiGatewayResourceExpander(resourceFactory resource.ResourceFactory) AwsApiGatewayResourceExpander
type AwsApiGatewayRestApiPolicyExpander ¶
type AwsApiGatewayRestApiPolicyExpander struct {
// contains filtered or unexported fields
}
Explodes policy found in aws_api_gateway_rest_api.policy from state resources to dedicated resources
func NewAwsApiGatewayRestApiPolicyExpander ¶
func NewAwsApiGatewayRestApiPolicyExpander(resourceFactory resource.ResourceFactory) AwsApiGatewayRestApiPolicyExpander
type AwsBucketPolicyExpander ¶
type AwsBucketPolicyExpander struct {
// contains filtered or unexported fields
}
Explodes policy found in aws_s3_bucket.policy from state resources to dedicated resources
func NewAwsBucketPolicyExpander ¶
func NewAwsBucketPolicyExpander(resourceFactory resource.ResourceFactory) AwsBucketPolicyExpander
type AwsConsoleApiGatewayGatewayResponse ¶
type AwsConsoleApiGatewayGatewayResponse struct{}
Each API Gateway rest API has by design all the gateway responses available to edit in the console which result in useless noises (e.g. lots of unmanaged resources) by driftctl. This middleware ignores all console responses if not managed by IAC.
func NewAwsConsoleApiGatewayGatewayResponse ¶
func NewAwsConsoleApiGatewayGatewayResponse() AwsConsoleApiGatewayGatewayResponse
type AwsDefaultApiGatewayAccount ¶ added in v0.19.0
type AwsDefaultApiGatewayAccount struct{}
AwsDefaultApiGatewayAccount is a middleware that ignores the default API Gateway account resource in the current region.
func NewAwsDefaultApiGatewayAccount ¶ added in v0.19.0
func NewAwsDefaultApiGatewayAccount() AwsDefaultApiGatewayAccount
type AwsDefaultInternetGateway ¶
type AwsDefaultInternetGateway struct{}
Each default vpc has an internet gateway attached that should not be seen as unmanaged if not managed by IaC This middleware ignores default internet gateway from unmanaged resources if not managed by IaC
func NewAwsDefaultInternetGateway ¶
func NewAwsDefaultInternetGateway() AwsDefaultInternetGateway
type AwsDefaultInternetGatewayRoute ¶
type AwsDefaultInternetGatewayRoute struct{}
Each region has a default vpc which has an internet gateway attached and thus the route table of this same vpc has a default route (0.0.0.0/0) that should not be seen as unmanaged if not managed by IaC This middleware ignores the above route from unmanaged resources if not managed by IaC
func NewAwsDefaultInternetGatewayRoute ¶
func NewAwsDefaultInternetGatewayRoute() AwsDefaultInternetGatewayRoute
type AwsDefaultNetworkACL ¶
type AwsDefaultNetworkACL struct{}
Default network ACL should not be shown as unmanaged as they are present by default This middleware ignores default network ACL from unmanaged resources if they are not managed by IaC
func NewAwsDefaultNetworkACL ¶
func NewAwsDefaultNetworkACL() AwsDefaultNetworkACL
type AwsDefaultNetworkACLRule ¶
type AwsDefaultNetworkACLRule struct{}
Default network acl rules should not be shown as unmanaged as they are present by default This middleware ignores default network acl rules from unmanaged resources if they are not managed by IaC
func NewAwsDefaultNetworkACLRule ¶
func NewAwsDefaultNetworkACLRule() AwsDefaultNetworkACLRule
type AwsDefaultRoute ¶
type AwsDefaultRoute struct{}
Default routes should not be shown as unmanaged as they are present by default This middleware ignores default routes from unmanaged resources if they are not managed by IaC
func NewAwsDefaultRoute ¶
func NewAwsDefaultRoute() AwsDefaultRoute
type AwsDefaultRouteTable ¶
type AwsDefaultRouteTable struct{}
Default route table should not be shown as unmanaged as they are present by default This middleware ignores default route table from unmanaged resources if they are not managed by IaC
func NewAwsDefaultRouteTable ¶
func NewAwsDefaultRouteTable() AwsDefaultRouteTable
type AwsDefaultSQSQueuePolicy ¶
type AwsDefaultSQSQueuePolicy struct{}
SQS queues from AWS have a weird behaviour when we fetch them. By default they have a Policy attached with only an ID "arn:aws:sqs:eu-west-3:XXXXXXXXXXXX:foobar/SQSDefaultPolicy" but on fetch the SDK return an empty policy (e.g. policy = ""). We need to ignore those policy from unmanaged resources if they are not managed by IaC.
func NewAwsDefaultSQSQueuePolicy ¶
func NewAwsDefaultSQSQueuePolicy() AwsDefaultSQSQueuePolicy
type AwsDefaultSecurityGroupRule ¶
type AwsDefaultSecurityGroupRule struct{}
Remove default security group rules of the default security group from remote resources
func NewAwsDefaultSecurityGroupRule ¶
func NewAwsDefaultSecurityGroupRule() AwsDefaultSecurityGroupRule
type AwsDefaultSubnet ¶
type AwsDefaultSubnet struct{}
Default subnet should not be shown as unmanaged as they are present by default This middleware ignores default subnet from unmanaged resources if they are not managed by IaC
func NewAwsDefaultSubnet ¶
func NewAwsDefaultSubnet() AwsDefaultSubnet
type AwsDefaultVPC ¶
type AwsDefaultVPC struct{}
Default VPC should not be shown as unmanaged as they are present by default This middleware ignores default VPC from unmanaged resources if they are not managed by IaC
func NewAwsDefaultVPC ¶
func NewAwsDefaultVPC() AwsDefaultVPC
type AwsDefaults ¶
type AwsDefaults struct{}
AwsDefaults represents service-linked AWS resources When scanning a AWS account, some users may see irrelevant results about default AWS roles or role policies. We ignore these resources by default when strict mode is disabled.
func NewAwsDefaults ¶
func NewAwsDefaults() AwsDefaults
type AwsEbsEncryptionByDefaultReconciler ¶ added in v0.27.0
type AwsEbsEncryptionByDefaultReconciler struct {
// contains filtered or unexported fields
}
AwsEbsEncryptionByDefaultReconciler is a middleware that either creates an 'aws_ebs_encryption_by_default' resource based on its equivalent state one just for the purpose of getting the Terraform custom Id, or removes the resource from our list of remote resources if it is not managed and is disabled.
func NewAwsEbsEncryptionByDefaultReconciler ¶ added in v0.27.0
func NewAwsEbsEncryptionByDefaultReconciler(resourceFactory resource.ResourceFactory) AwsEbsEncryptionByDefaultReconciler
type AwsInstanceBlockDeviceResourceMapper ¶
type AwsInstanceBlockDeviceResourceMapper struct {
// contains filtered or unexported fields
}
Remove root_block_device from aws_instance resources and create dedicated aws_ebs_volume resources
func NewAwsInstanceBlockDeviceResourceMapper ¶
func NewAwsInstanceBlockDeviceResourceMapper(resourceFactory resource.ResourceFactory) AwsInstanceBlockDeviceResourceMapper
type AwsInstanceEIP ¶
type AwsInstanceEIP struct{}
type AwsNatGatewayEipAssoc ¶
type AwsNatGatewayEipAssoc struct{}
func NewAwsNatGatewayEipAssoc ¶
func NewAwsNatGatewayEipAssoc() AwsNatGatewayEipAssoc
func (AwsNatGatewayEipAssoc) Execute ¶
func (a AwsNatGatewayEipAssoc) Execute(remoteResources, resourcesFromState *[]*resource.Resource) error
When creating a nat gateway, we associate an EIP to the gateway It implies that driftctl read a aws_eip_association resource from remote As we cannot use aws_eip_association in terraform to assign an eip to an aws_nat_gateway we should remove this association to ensure we do not output noise in unmanaged resources
type AwsNetworkACLExpander ¶
type AwsNetworkACLExpander struct {
// contains filtered or unexported fields
}
This middelware goal is to explode aws_network_acl ingress and egress block into a set of aws_network_acl_rule
func NewAwsNetworkACLExpander ¶
func NewAwsNetworkACLExpander(resourceFactory resource.ResourceFactory) AwsNetworkACLExpander
type AwsRDSClusterInstanceExpander ¶
type AwsRDSClusterInstanceExpander struct {
// contains filtered or unexported fields
}
AwsRDSClusterInstanceExpander search for cluster instances from state to import corresponding remote db instances. RDS cluster instance does not represent an actual AWS resource, so shouldn't be used for comparison.
func NewRDSClusterInstanceExpander ¶
func NewRDSClusterInstanceExpander(resourceFactory resource.ResourceFactory) AwsRDSClusterInstanceExpander
type AwsRoleManagedPolicyExpander ¶
type AwsRoleManagedPolicyExpander struct {
// contains filtered or unexported fields
}
func NewAwsRoleManagedPolicyExpander ¶
func NewAwsRoleManagedPolicyExpander(resourceFactory resource.ResourceFactory) *AwsRoleManagedPolicyExpander
type AwsRouteTableExpander ¶
type AwsRouteTableExpander struct {
// contains filtered or unexported fields
}
Explodes routes found in aws_default_route_table.route and aws_route_table.route to dedicated resources
func NewAwsRouteTableExpander ¶
func NewAwsRouteTableExpander(alerter alerter.AlerterInterface, resourceFactory resource.ResourceFactory) AwsRouteTableExpander
type AwsS3BucketPublicAccessBlockReconciler ¶ added in v0.28.0
type AwsS3BucketPublicAccessBlockReconciler struct{}
AwsS3BucketPublicAccessBlockReconciler middleware ignores every s3 bucket public block that is set to the default values (every option set to false) This is used to avoid displaying false positive unmanaged resources. The problem here is that the aws SDK can either return an error `NoSuchPublicAccessBlockConfiguration` while retrieving bucket public block, or a response with all fields set to false (the default)
To reproduce this edgy case you can do that: - Disable this middleware - Go to the folder of the test `TestAcc_Aws_S3Bucket_PublicAccessBlock` : `testdata/acc/aws_s3_bucket_public_access_block` - Apply tf code - Run a scan with the driftignore from the test folder (ignore everything but bucket and public access block)
- Infra should be in sync (be sure that you have no dangling bucket in your aws test env)
- Create a new unmanaged bucket from the console, with every option from the policy block set to false - Run the scan again
- One resource should be unmanaged: the bucket (expected behavior)
- Go to the console and update public access block for that bucket - Run the scan again
- We should now have a new public access block resource unmanaged (expected)
- Now uncheck back all things in the public block you just updated - Run the scan again
- We still have the public block as unmanaged, this is NOT expected since all values are back to default
This simple middleware is handling that edge case by removing resource that have every attribute set to false from remote. We do not remove it when a resource is found in IaC
func NewAwsS3BucketPublicAccessBlockReconciler ¶ added in v0.28.0
func NewAwsS3BucketPublicAccessBlockReconciler() *AwsS3BucketPublicAccessBlockReconciler
type AwsSNSTopicPolicyExpander ¶
type AwsSNSTopicPolicyExpander struct {
// contains filtered or unexported fields
}
Explodes policy found in aws_sns_topic from state resources to aws_sns_topic_policy resources
func NewAwsSNSTopicPolicyExpander ¶
func NewAwsSNSTopicPolicyExpander(resourceFactory resource.ResourceFactory, resourceSchemaRepository dctlresource.SchemaRepositoryInterface) AwsSNSTopicPolicyExpander
type AwsSQSQueuePolicyExpander ¶
type AwsSQSQueuePolicyExpander struct {
// contains filtered or unexported fields
}
Explodes policy found in aws_sqs_queue.policy from state resources to dedicated resources
func NewAwsSQSQueuePolicyExpander ¶
func NewAwsSQSQueuePolicyExpander(resourceFactory resource.ResourceFactory, resourceSchemaRepository dctlresource.SchemaRepositoryInterface) AwsSQSQueuePolicyExpander
type AzurermRouteExpander ¶
type AzurermRouteExpander struct {
// contains filtered or unexported fields
}
Explodes routes found in azurerm_route_table.route from state resources to dedicated resources
func NewAzurermRouteExpander ¶
func NewAzurermRouteExpander(resourceFactory resource.ResourceFactory) AzurermRouteExpander
type AzurermSubnetExpander ¶
type AzurermSubnetExpander struct {
// contains filtered or unexported fields
}
Explodes subnet found in azurerm_virtual_network.subnet from state resources to dedicated resources
func NewAzurermSubnetExpander ¶
func NewAzurermSubnetExpander(resourceFactory resource.ResourceFactory) AzurermSubnetExpander
type EipAssociationExpander ¶
type EipAssociationExpander struct {
// contains filtered or unexported fields
}
func NewEipAssociationExpander ¶
func NewEipAssociationExpander(resourceFactory resource.ResourceFactory) EipAssociationExpander
type GoogleComputeInstanceGroupManagerReconciler ¶ added in v0.26.0
type GoogleComputeInstanceGroupManagerReconciler struct{}
func NewGoogleComputeInstanceGroupManagerReconciler ¶ added in v0.26.0
func NewGoogleComputeInstanceGroupManagerReconciler() *GoogleComputeInstanceGroupManagerReconciler
NewGoogleComputeInstanceGroupManagerReconciler imports remote instance groups when they're managed by a managed instance group manager. Creating a "google_compute_instance_group_manager" resource via Terraform leads to having several unmanaged instance groups. This middleware adds remote instance groups to the state by matching them with managed instance group managers.
type GoogleDefaultIAMMember ¶
type GoogleDefaultIAMMember struct{}
Some service accounts are created by default when activating APIs, this middleware will filter them unless they are managed.
func NewGoogleDefaultIAMMember ¶
func NewGoogleDefaultIAMMember() *GoogleDefaultIAMMember
type GoogleIAMBindingTransformer ¶
type GoogleIAMBindingTransformer struct {
// contains filtered or unexported fields
}
GoogleIAMBindingTransformer Transforms Bucket IAM binding in bucket iam member to ease comparison.
func NewGoogleIAMBindingTransformer ¶
func NewGoogleIAMBindingTransformer(resourceFactory resource.ResourceFactory) *GoogleIAMBindingTransformer
type GoogleLegacyBucketIAMMember ¶
type GoogleLegacyBucketIAMMember struct{}
Creating buckets add legacy role bindings, this middleware will filter them unless they are managed.
func NewGoogleLegacyBucketIAMMember ¶
func NewGoogleLegacyBucketIAMMember() *GoogleLegacyBucketIAMMember
type GoogleStorageBucketIAMPolicyTransformer ¶
type GoogleStorageBucketIAMPolicyTransformer struct {
// contains filtered or unexported fields
}
GoogleStorageBucketIAMPolicyTransformer Transforms Bucket IAM policy in bucket iam binding to ease comparison.
func NewGoogleIAMPolicyTransformer ¶
func NewGoogleIAMPolicyTransformer(resourceFactory resource.ResourceFactory) *GoogleStorageBucketIAMPolicyTransformer
type IamPolicyAttachmentExpander ¶
type IamPolicyAttachmentExpander struct {
// contains filtered or unexported fields
}
Split Policy attachment when there is multiple user and groups and generate a repeatable id
func NewIamPolicyAttachmentExpander ¶
func NewIamPolicyAttachmentExpander(resourceFactory resource.ResourceFactory) IamPolicyAttachmentExpander
type IamPolicyAttachmentTransformer ¶
type IamPolicyAttachmentTransformer struct {
// contains filtered or unexported fields
}
func NewIamPolicyAttachmentTransformer ¶
func NewIamPolicyAttachmentTransformer(resourceFactory resource.ResourceFactory) IamPolicyAttachmentTransformer
type Middleware ¶
type OpenAPIAwsExtensions ¶
type OpenAPIAwsExtensions struct {
GatewayResponses map[string]interface{} `json:"x-amazon-apigateway-gateway-responses"`
}
type OpenAPIAwsMethodExtensions ¶
type OpenAPIAwsMethodExtensions struct {
Integration map[string]interface{} `json:"x-amazon-apigateway-integration"`
}
type Route53DefaultZoneRecordSanitizer ¶
type Route53DefaultZoneRecordSanitizer struct{}
Remote NS and SAO records from remote state if not managed by IAC
func NewRoute53DefaultZoneRecordSanitizer ¶
func NewRoute53DefaultZoneRecordSanitizer() Route53DefaultZoneRecordSanitizer
type Route53RecordIDReconcilier ¶
type Route53RecordIDReconcilier struct{}
Since AWS returns the FQDN as the name of the remote record, we must change the Id of the state record to be equivalent (ZoneId_FQDN_Type_SetIdentifier) For a TXT record toto for zone example.com with Id 1234 From AWS provider, we retrieve: 1234_toto.example.com_TXT From Terraform state, we retrieve: 1234_toto_TXT
func NewRoute53RecordIDReconcilier ¶
func NewRoute53RecordIDReconcilier() Route53RecordIDReconcilier
type S3BucketAcl ¶
type S3BucketAcl struct{}
Remove grant field on remote resources when acl field != private in state
func NewS3BucketAcl ¶
func NewS3BucketAcl() S3BucketAcl
type TagsAllManager ¶
type TagsAllManager struct{}
Manage tags_all attribute on each compatible resources
func NewTagsAllManager ¶
func NewTagsAllManager() TagsAllManager
type VPCDefaultSecurityGroupSanitizer ¶
type VPCDefaultSecurityGroupSanitizer struct{}
Remove default security group from remote resources
func NewVPCDefaultSecurityGroupSanitizer ¶
func NewVPCDefaultSecurityGroupSanitizer() VPCDefaultSecurityGroupSanitizer
type VPCSecurityGroupRuleSanitizer ¶
type VPCSecurityGroupRuleSanitizer struct {
// contains filtered or unexported fields
}
Split security group rule if it needs to given its attributes
func NewVPCSecurityGroupRuleSanitizer ¶
func NewVPCSecurityGroupRuleSanitizer(resourceFactory resource.ResourceFactory) VPCSecurityGroupRuleSanitizer
Source Files ¶
- aws_alb_listener_transformer.go
- aws_alb_transformer.go
- aws_api_gateway_api_expander.go
- aws_api_gateway_base_path_mapping_reconciler.go
- aws_api_gateway_deployment_expander.go
- aws_api_gateway_domain_names_reconciler.go
- aws_api_gateway_resource_expander.go
- aws_api_gateway_rest_api_policy_expander.go
- aws_bucket_policy_expander.go
- aws_console_api_gateway_gateway_response.go
- aws_default_api_gateway_account.go
- aws_default_igw_route.go
- aws_default_internet_gateway.go
- aws_default_network_acl.go
- aws_default_network_acl_rule.go
- aws_default_route.go
- aws_default_route_table.go
- aws_default_security_group_rule.go
- aws_default_sqs_queue_policy.go
- aws_default_subnet.go
- aws_default_vpc.go
- aws_defaults.go
- aws_ebs_encryption_by_default_reconciler.go
- aws_eip_association_expander.go
- aws_iam_policy_attachement_transformer.go
- aws_instance_block_device.go
- aws_instance_eip.go
- aws_nat_gateway_eip_assoc.go
- aws_network_acl_expander.go
- aws_rds_cluster_instance_expander.go
- aws_role_managed_policy_expander.go
- aws_route_table_expander.go
- aws_s3_bucket_public_access_block_reconcilier.go
- aws_sns_topic_policy_expander.go
- aws_sqs_queue_policy_expander.go
- azurerm_route_expander.go
- azurerm_subnet_expander.go
- chain_middleware.go
- google_compute_instance_group_manager_reconciler.go
- google_default_iam_member.go
- google_iam_binding_transformer.go
- google_iam_policy_transformer.go
- google_legacy_bucket_iam_member.go
- iam_policy_attachment_expander.go
- middlewares.go
- route53_records.go
- route53_records_id_reconcilier.go
- s3_bucket_acl.go
- tags_all_manager.go
- vpc_security_group_default.go
- vpc_security_group_rules.go