Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Enable and fix semgrep diags checks for all services #37866

Merged
merged 35 commits into from
Jun 7, 2024
Merged

Enable and fix semgrep diags checks for all services #37866

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
35 commits
Select commit Hold shift + click to select a range
d31ee56
Enable semgrep diags checks for 's' services.
ewbankkit Jun 6, 2024
135564f
Fix semgrep diags checks - s3.
ewbankkit Jun 6, 2024
d67e278
Fix semgrep diags checks - s3control.
ewbankkit Jun 6, 2024
36ee52c
Fix semgrep diags checks - scheduler.
ewbankkit Jun 6, 2024
9a40562
Fix semgrep diags checks - schemas.
ewbankkit Jun 6, 2024
cb4966c
Fix semgrep diags checks - securityhub.
ewbankkit Jun 6, 2024
5fcf0ed
Fix semgrep diags checks - servicecatalog.
ewbankkit Jun 6, 2024
a8d1fbe
Fix semgrep diags checks - servicediscovery.
ewbankkit Jun 6, 2024
4c0cac7
Fix semgrep diags checks - sesv2.
ewbankkit Jun 6, 2024
af5deb0
Fix semgrep diags checks - sfn.
ewbankkit Jun 6, 2024
4715960
Fix semgrep diags checks - sns.
ewbankkit Jun 6, 2024
4a0110f
Fix semgrep diags checks - sqs.
ewbankkit Jun 6, 2024
c218273
Fix semgrep diags checks - ssm.
ewbankkit Jun 6, 2024
47ef1e1
Fix semgrep diags checks - ssmcontacts.
ewbankkit Jun 6, 2024
839f967
Fix semgrep diags checks - ssmincidents.
ewbankkit Jun 6, 2024
b82ade6
Fix semgrep diags checks - swf.
ewbankkit Jun 6, 2024
0c98a18
Fix semgrep diags checks - synthetics.
ewbankkit Jun 6, 2024
788d163
Enable semgrep diags checks for 'q' and 'r' services.
ewbankkit Jun 6, 2024
d81f968
Fix semgrep diags checks - qldb.
ewbankkit Jun 6, 2024
af9ae26
Fix semgrep diags checks - quicksight.
ewbankkit Jun 6, 2024
7f717a8
Fix semgrep diags checks - rbin.
ewbankkit Jun 6, 2024
84696c5
Fix semgrep diags checks - rds.
ewbankkit Jun 6, 2024
b05f846
Fix semgrep diags checks - resourcegroups.
ewbankkit Jun 6, 2024
1cbed99
Fix semgrep diags checks - rolesanywhere.
ewbankkit Jun 6, 2024
db1b485
Fix semgrep diags checks - route53.
ewbankkit Jun 6, 2024
cda7103
Fix semgrep diags checks - route53domains.
ewbankkit Jun 6, 2024
0588696
Fix semgrep diags checks - route53resolver.
ewbankkit Jun 6, 2024
f062634
Enable semgrep diags checks for 'p' services.
ewbankkit Jun 6, 2024
6f807c5
Enable semgrep diags checks for all services.
ewbankkit Jun 6, 2024
76cae47
Fix semgrep diags checks - oam.
ewbankkit Jun 6, 2024
c0dcc83
Fix semgrep diags checks - opensearch.
ewbankkit Jun 6, 2024
b9ef476
Fix semgrep diags checks - opsworks.
ewbankkit Jun 6, 2024
9eb143b
Fix semgrep diags checks - organizations.
ewbankkit Jun 6, 2024
3a8b5a9
sqs: Additional diags fix.
ewbankkit Jun 6, 2024
2968ded
Merge branch 'main' into td-return-diags-s-etc
ewbankkit Jun 7, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
23 changes: 1 addition & 22 deletions .ci/semgrep/pluginsdk/diags.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,59 +2,41 @@ rules:
- id: avoid-return-diag_FromErr
languages: [go]
message: Prefer `sdkdiag.AppendFromErr` to `diag.FromErr`
paths:
exclude:
- internal/service/[o-s]*
pattern: return diag.FromErr($ERR)
fix: return sdkdiag.AppendFromErr(diags, $ERR)
severity: WARNING

- id: avoid-append-diag_FromErr
languages: [go]
message: Prefer `sdkdiag.AppendFromErr` to `diag.FromErr`
paths:
exclude:
- internal/service/[o-s]*
pattern: append(diags, diag.FromErr($ERR)...)
fix: sdkdiag.AppendFromErr(diags, $ERR)
severity: WARNING

- id: avoid-diag_Errorf
languages: [go]
message: Prefer `sdkdiag.AppendErrorf` to `diag.Errorf`
paths:
exclude:
- internal/service/[o-s]*
pattern: diag.Errorf($...ARGS)
fix: sdkdiag.AppendErrorf(diags, $...ARGS)
severity: WARNING

- id: avoid-return-create_DiagError
languages: [go]
message: Prefer `create.AppendDiagError` to `create.DiagError`
paths:
exclude:
- internal/service/[o-s]*
pattern: return create.DiagError($...ARGS)
fix: return create.AppendDiagError(diags, $...ARGS)
severity: WARNING

- id: avoid-append-create_DiagError
languages: [go]
message: Prefer `create.AppendDiagError` to `create.DiagError`
paths:
exclude:
- internal/service/[o-s]*
pattern: append(diags, create.DiagError($...ARGS)...)
fix: create.AppendDiagError(diags, $...ARGS)
severity: WARNING

- id: append-Read-to-diags
languages: [go]
message: Append results of $READFN to diags instead of returning directly
paths:
exclude:
- internal/service/[o-s]*
patterns:
- pattern: return $READFN($...ARGS)
- metavariable-regex:
Expand All @@ -70,9 +52,6 @@ rules:
- id: append-Update-to-diags
languages: [go]
message: Append results of $UPDATEFN to diags instead of returning directly
paths:
exclude:
- internal/service/[o-s]*
patterns:
- pattern: return $UPDATEFN($...ARGS)
- metavariable-regex:
Expand All @@ -93,7 +72,7 @@ rules:
include:
- internal/service
exclude:
- internal/service/[o-s]*
- internal/service/o*
patterns:
- pattern: return nil
- pattern-not-inside: |
Expand Down
18 changes: 11 additions & 7 deletions internal/service/oam/link.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -94,6 +94,7 @@ const (
)

func resourceLinkCreate(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
var diags diag.Diagnostics
conn := meta.(*conns.AWSClient).ObservabilityAccessManagerClient(ctx)

in := &oam.CreateLinkInput{
Expand All @@ -105,19 +106,20 @@ func resourceLinkCreate(ctx context.Context, d *schema.ResourceData, meta interf

out, err := conn.CreateLink(ctx, in)
if err != nil {
return create.DiagError(names.ObservabilityAccessManager, create.ErrActionCreating, ResNameLink, d.Get("sink_identifier").(string), err)
return create.AppendDiagError(diags, names.ObservabilityAccessManager, create.ErrActionCreating, ResNameLink, d.Get("sink_identifier").(string), err)
}

if out == nil || out.Id == nil {
return create.DiagError(names.ObservabilityAccessManager, create.ErrActionCreating, ResNameLink, d.Get("sink_identifier").(string), errors.New("empty output"))
return create.AppendDiagError(diags, names.ObservabilityAccessManager, create.ErrActionCreating, ResNameLink, d.Get("sink_identifier").(string), errors.New("empty output"))
}

d.SetId(aws.ToString(out.Arn))

return resourceLinkRead(ctx, d, meta)
return append(diags, resourceLinkRead(ctx, d, meta)...)
}

func resourceLinkRead(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
var diags diag.Diagnostics
conn := meta.(*conns.AWSClient).ObservabilityAccessManagerClient(ctx)

out, err := findLinkByID(ctx, conn, d.Id())
Expand All @@ -129,7 +131,7 @@ func resourceLinkRead(ctx context.Context, d *schema.ResourceData, meta interfac
}

if err != nil {
return create.DiagError(names.ObservabilityAccessManager, create.ErrActionReading, ResNameLink, d.Id(), err)
return create.AppendDiagError(diags, names.ObservabilityAccessManager, create.ErrActionReading, ResNameLink, d.Id(), err)
}

d.Set(names.AttrARN, out.Arn)
Expand All @@ -144,6 +146,7 @@ func resourceLinkRead(ctx context.Context, d *schema.ResourceData, meta interfac
}

func resourceLinkUpdate(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
var diags diag.Diagnostics
conn := meta.(*conns.AWSClient).ObservabilityAccessManagerClient(ctx)

update := false
Expand All @@ -161,14 +164,15 @@ func resourceLinkUpdate(ctx context.Context, d *schema.ResourceData, meta interf
log.Printf("[DEBUG] Updating ObservabilityAccessManager Link (%s): %#v", d.Id(), in)
_, err := conn.UpdateLink(ctx, in)
if err != nil {
return create.DiagError(names.ObservabilityAccessManager, create.ErrActionUpdating, ResNameLink, d.Id(), err)
return create.AppendDiagError(diags, names.ObservabilityAccessManager, create.ErrActionUpdating, ResNameLink, d.Id(), err)
}
}

return resourceLinkRead(ctx, d, meta)
return append(diags, resourceLinkRead(ctx, d, meta)...)
}

func resourceLinkDelete(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
var diags diag.Diagnostics
conn := meta.(*conns.AWSClient).ObservabilityAccessManagerClient(ctx)

log.Printf("[INFO] Deleting ObservabilityAccessManager Link %s", d.Id())
Expand All @@ -183,7 +187,7 @@ func resourceLinkDelete(ctx context.Context, d *schema.ResourceData, meta interf
return nil
}

return create.DiagError(names.ObservabilityAccessManager, create.ErrActionDeleting, ResNameLink, d.Id(), err)
return create.AppendDiagError(diags, names.ObservabilityAccessManager, create.ErrActionDeleting, ResNameLink, d.Id(), err)
}

return nil
Expand Down
7 changes: 4 additions & 3 deletions internal/service/oam/link_data_source.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -63,13 +63,14 @@ const (
)

func dataSourceLinkRead(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
var diags diag.Diagnostics
conn := meta.(*conns.AWSClient).ObservabilityAccessManagerClient(ctx)

linkIdentifier := d.Get("link_identifier").(string)

out, err := findLinkByID(ctx, conn, linkIdentifier)
if err != nil {
return create.DiagError(names.ObservabilityAccessManager, create.ErrActionReading, DSNameLink, linkIdentifier, err)
return create.AppendDiagError(diags, names.ObservabilityAccessManager, create.ErrActionReading, DSNameLink, linkIdentifier, err)
}

d.SetId(aws.ToString(out.Arn))
Expand All @@ -83,13 +84,13 @@ func dataSourceLinkRead(ctx context.Context, d *schema.ResourceData, meta interf

tags, err := listTags(ctx, conn, d.Id())
if err != nil {
return create.DiagError(names.ObservabilityAccessManager, create.ErrActionReading, DSNameLink, d.Id(), err)
return create.AppendDiagError(diags, names.ObservabilityAccessManager, create.ErrActionReading, DSNameLink, d.Id(), err)
}

ignoreTagsConfig := meta.(*conns.AWSClient).IgnoreTagsConfig

if err := d.Set(names.AttrTags, tags.IgnoreAWS().IgnoreConfig(ignoreTagsConfig).Map()); err != nil {
return create.DiagError(names.ObservabilityAccessManager, create.ErrActionSetting, DSNameLink, d.Id(), err)
return create.AppendDiagError(diags, names.ObservabilityAccessManager, create.ErrActionSetting, DSNameLink, d.Id(), err)
}

return nil
Expand Down
5 changes: 3 additions & 2 deletions internal/service/oam/links_data_source.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -35,17 +35,18 @@ const (
)

func dataSourceLinksRead(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
var diags diag.Diagnostics
conn := meta.(*conns.AWSClient).ObservabilityAccessManagerClient(ctx)
listLinksInput := &oam.ListLinksInput{}

listLinksInput := &oam.ListLinksInput{}
paginator := oam.NewListLinksPaginator(conn, listLinksInput)
var arns []string

for paginator.HasMorePages() {
page, err := paginator.NextPage(ctx)

if err != nil {
return create.DiagError(names.ObservabilityAccessManager, create.ErrActionReading, DSNameLinks, "", err)
return create.AppendDiagError(diags, names.ObservabilityAccessManager, create.ErrActionReading, DSNameLinks, "", err)
}

for _, listLinksItem := range page.Items {
Expand Down
13 changes: 8 additions & 5 deletions internal/service/oam/sink.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -69,6 +69,7 @@ const (
)

func resourceSinkCreate(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
var diags diag.Diagnostics
conn := meta.(*conns.AWSClient).ObservabilityAccessManagerClient(ctx)

in := &oam.CreateSinkInput{
Expand All @@ -78,19 +79,20 @@ func resourceSinkCreate(ctx context.Context, d *schema.ResourceData, meta interf

out, err := conn.CreateSink(ctx, in)
if err != nil {
return create.DiagError(names.ObservabilityAccessManager, create.ErrActionCreating, ResNameSink, d.Get(names.AttrName).(string), err)
return create.AppendDiagError(diags, names.ObservabilityAccessManager, create.ErrActionCreating, ResNameSink, d.Get(names.AttrName).(string), err)
}

if out == nil {
return create.DiagError(names.ObservabilityAccessManager, create.ErrActionCreating, ResNameSink, d.Get(names.AttrName).(string), errors.New("empty output"))
return create.AppendDiagError(diags, names.ObservabilityAccessManager, create.ErrActionCreating, ResNameSink, d.Get(names.AttrName).(string), errors.New("empty output"))
}

d.SetId(aws.ToString(out.Arn))

return resourceSinkRead(ctx, d, meta)
return append(diags, resourceSinkRead(ctx, d, meta)...)
}

func resourceSinkRead(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
var diags diag.Diagnostics
conn := meta.(*conns.AWSClient).ObservabilityAccessManagerClient(ctx)

out, err := findSinkByID(ctx, conn, d.Id())
Expand All @@ -102,7 +104,7 @@ func resourceSinkRead(ctx context.Context, d *schema.ResourceData, meta interfac
}

if err != nil {
return create.DiagError(names.ObservabilityAccessManager, create.ErrActionReading, ResNameSink, d.Id(), err)
return create.AppendDiagError(diags, names.ObservabilityAccessManager, create.ErrActionReading, ResNameSink, d.Id(), err)
}

d.Set(names.AttrARN, out.Arn)
Expand All @@ -118,6 +120,7 @@ func resourceSinkUpdate(ctx context.Context, d *schema.ResourceData, meta interf
}

func resourceSinkDelete(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
var diags diag.Diagnostics
conn := meta.(*conns.AWSClient).ObservabilityAccessManagerClient(ctx)

log.Printf("[INFO] Deleting ObservabilityAccessManager Sink %s", d.Id())
Expand All @@ -132,7 +135,7 @@ func resourceSinkDelete(ctx context.Context, d *schema.ResourceData, meta interf
return nil
}

return create.DiagError(names.ObservabilityAccessManager, create.ErrActionDeleting, ResNameSink, d.Id(), err)
return create.AppendDiagError(diags, names.ObservabilityAccessManager, create.ErrActionDeleting, ResNameSink, d.Id(), err)
}

return nil
Expand Down
7 changes: 4 additions & 3 deletions internal/service/oam/sink_data_source.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -47,13 +47,14 @@ const (
)

func dataSourceSinkRead(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
var diags diag.Diagnostics
conn := meta.(*conns.AWSClient).ObservabilityAccessManagerClient(ctx)

sinkIdentifier := d.Get("sink_identifier").(string)

out, err := findSinkByID(ctx, conn, sinkIdentifier)
if err != nil {
return create.DiagError(names.ObservabilityAccessManager, create.ErrActionReading, DSNameSink, sinkIdentifier, err)
return create.AppendDiagError(diags, names.ObservabilityAccessManager, create.ErrActionReading, DSNameSink, sinkIdentifier, err)
}

d.SetId(aws.ToString(out.Arn))
Expand All @@ -64,13 +65,13 @@ func dataSourceSinkRead(ctx context.Context, d *schema.ResourceData, meta interf

tags, err := listTags(ctx, conn, d.Id())
if err != nil {
return create.DiagError(names.ObservabilityAccessManager, create.ErrActionReading, DSNameSink, d.Id(), err)
return create.AppendDiagError(diags, names.ObservabilityAccessManager, create.ErrActionReading, DSNameSink, d.Id(), err)
}

ignoreTagsConfig := meta.(*conns.AWSClient).IgnoreTagsConfig

if err := d.Set(names.AttrTags, tags.IgnoreAWS().IgnoreConfig(ignoreTagsConfig).Map()); err != nil {
return create.DiagError(names.ObservabilityAccessManager, create.ErrActionSetting, DSNameSink, d.Id(), err)
return create.AppendDiagError(diags, names.ObservabilityAccessManager, create.ErrActionSetting, DSNameSink, d.Id(), err)
}

return nil
Expand Down
13 changes: 8 additions & 5 deletions internal/service/oam/sink_policy.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@ import (
"github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation"
"github.com/hashicorp/terraform-provider-aws/internal/conns"
"github.com/hashicorp/terraform-provider-aws/internal/create"
"github.com/hashicorp/terraform-provider-aws/internal/errs/sdkdiag"
"github.com/hashicorp/terraform-provider-aws/internal/tfresource"
"github.com/hashicorp/terraform-provider-aws/internal/verify"
"github.com/hashicorp/terraform-provider-aws/names"
Expand Down Expand Up @@ -76,13 +77,14 @@ const (
)

func resourceSinkPolicyPut(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
var diags diag.Diagnostics
conn := meta.(*conns.AWSClient).ObservabilityAccessManagerClient(ctx)

sinkIdentifier := d.Get("sink_identifier").(string)
policy, err := structure.NormalizeJsonString(d.Get(names.AttrPolicy).(string))

if err != nil {
return diag.Errorf("policy (%s) is invalid JSON: %s", d.Get(names.AttrPolicy).(string), err)
return sdkdiag.AppendErrorf(diags, "policy (%s) is invalid JSON: %s", d.Get(names.AttrPolicy).(string), err)
}

in := &oam.PutSinkPolicyInput{
Expand All @@ -92,17 +94,18 @@ func resourceSinkPolicyPut(ctx context.Context, d *schema.ResourceData, meta int

_, err = conn.PutSinkPolicy(ctx, in)
if err != nil {
return diag.Errorf("putting ObservabilityAccessManager Sink Policy (%s): %s", sinkIdentifier, err)
return sdkdiag.AppendErrorf(diags, "putting ObservabilityAccessManager Sink Policy (%s): %s", sinkIdentifier, err)
}

if d.IsNewResource() {
d.SetId(sinkIdentifier)
}

return resourceSinkPolicyRead(ctx, d, meta)
return append(diags, resourceSinkPolicyRead(ctx, d, meta)...)
}

func resourceSinkPolicyRead(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
var diags diag.Diagnostics
conn := meta.(*conns.AWSClient).ObservabilityAccessManagerClient(ctx)

out, err := findSinkPolicyByID(ctx, conn, d.Id())
Expand All @@ -114,7 +117,7 @@ func resourceSinkPolicyRead(ctx context.Context, d *schema.ResourceData, meta in
}

if err != nil {
return create.DiagError(names.ObservabilityAccessManager, create.ErrActionReading, ResNameSinkPolicy, d.Id(), err)
return create.AppendDiagError(diags, names.ObservabilityAccessManager, create.ErrActionReading, ResNameSinkPolicy, d.Id(), err)
}

d.Set(names.AttrARN, out.SinkArn)
Expand All @@ -123,7 +126,7 @@ func resourceSinkPolicyRead(ctx context.Context, d *schema.ResourceData, meta in

policyToSet, err := verify.PolicyToSet(d.Get(names.AttrPolicy).(string), aws.ToString(out.Policy))
if err != nil {
return diag.FromErr(err)
return sdkdiag.AppendFromErr(diags, err)
}

d.Set(names.AttrPolicy, policyToSet)
Expand Down
3 changes: 2 additions & 1 deletion internal/service/oam/sinks_data_source.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,7 @@ const (
)

func dataSourceSinksRead(ctx context.Context, d *schema.ResourceData, meta interface{}) diag.Diagnostics {
var diags diag.Diagnostics
conn := meta.(*conns.AWSClient).ObservabilityAccessManagerClient(ctx)
listSinksInput := &oam.ListSinksInput{}

Expand All @@ -45,7 +46,7 @@ func dataSourceSinksRead(ctx context.Context, d *schema.ResourceData, meta inter
page, err := paginator.NextPage(ctx)

if err != nil {
return create.DiagError(names.ObservabilityAccessManager, create.ErrActionReading, DSNameSinks, "", err)
return create.AppendDiagError(diags, names.ObservabilityAccessManager, create.ErrActionReading, DSNameSinks, "", err)
}

for _, listSinksItem := range page.Items {
Expand Down
Loading
Loading