search

lifeomic / terraform-plan-parser

Command line utility and JavaScript API for parsing stdout from "terraform plan" and converting it to JSON.
MIT License
149 stars 16 forks source link

Parse policy JSON #16

Open tlvince opened 6 years ago

tlvince commented 6 years ago

For the following plan:

An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
  ~ update in-place
-/+ destroy and then create replacement

Terraform will perform the following actions:

  ~ module.iam_role_for_event_filter_lambda.aws_iam_policy.iam_policy
      policy:                "{\n  \"Version\": \"2012-10-17\",\n  \"Statement\": [\n    {\n      \"Effect\": \"Allow\",\n      \"Action\": [\n        \"logs:CreateLogGroup\",\n        \"logs:CreateLogStream\",\n        \"logs:PutLogEvents\"\n      ],\n      \"Resource\": [\"*\"]\n  }\n  ]\n}\n" => "{\n  \"Version\": \"2012-10-17\",\n  \"Statement\": [\n    {\n      \"Effect\": \"Allow\",\n      \"Action\": [\n        \"logs:CreateLogGroup\",\n        \"logs:CreateLogStream\",\n        \"logs:PutLogEvents\"\n      ],\n      \"Resource\": [\"*\"]\n    },\n    {\n      \"Effect\": \"Allow\",\n      \"Action\": [\"kinesis:GetRecords\"],\n      \"Resource\": [\"arn:aws:kinesis:eu-west-2:xxx:stream/xxx\"]\n    }\n  ]\n}\n"

Plan: 0 to add, 1 to change, 0 to destroy.

... terraform-plan-parser currently outputs (abbreviated):

    {
      "action": "update",
      "type": "aws_iam_policy",
      "name": "iam_policy",
      "path": "module.iam_role_for_event_filter_lambda.aws_iam_policy.iam_policy",
      "changedAttributes": {
        "policy": {
          "old": {
            "type": "string",
            "value": "{\n  \"Version\": \"2012-10-17\",\n  \"Statement\": [\n    {\n      \"Effect\": \"Allow\",\n      \"Action\": [\n        \"logs:CreateLogGroup\",\n        \"logs:CreateLogStream\",\n        \"logs:PutLogEvents\"\n      ],\n      \"Resource\": [\"*\"]\n  }\n  ]\n}\n"
          },
          "new": {
            "type": "string",
            "value": "{\n  \"Version\": \"2012-10-17\",\n  \"Statement\": [\n    {\n      \"Effect\": \"Allow\",\n      \"Action\": [\n        \"logs:CreateLogGroup\",\n        \"logs:CreateLogStream\",\n        \"logs:PutLogEvents\"\n      ],\n      \"Resource\": [\"*\"]\n    },\n    {\n      \"Effect\": \"Allow\",\n      \"Action\": [\"kinesis:GetRecords\"],\n      \"Resource\": [\"arn:aws:kinesis:eu-west-2:xxx:stream/xxx\"]\n    }\n  ]\n}\n"
          }
        }
      },
      "module": "iam_role_for_event_filter_lambda"
    }

It' d be nice if the policy JSON could also be parsed, e.g. for old.value:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "logs:CreateLogGroup",
        "logs:CreateLogStream",
        "logs:PutLogEvents"
      ],
      "Resource": [
        "*"
      ]
    }
  ]
}

Probably this can be generalised for other types of JSON values.