From 5ee437e4c76f14302feb8a3d3693380c9f7cee3a Mon Sep 17 00:00:00 2001 From: Elie Date: Thu, 6 Jan 2022 17:31:14 +0100 Subject: [PATCH] Fix crash in GCP iam binding middleware --- .../google_iam_binding_tranformer_test.go | 23 +++++++++++++++++++ .../google_iam_binding_transformer.go | 6 ++++- 2 files changed, 28 insertions(+), 1 deletion(-) diff --git a/pkg/middlewares/google_iam_binding_tranformer_test.go b/pkg/middlewares/google_iam_binding_tranformer_test.go index c9d3b8c75..5c43eec93 100644 --- a/pkg/middlewares/google_iam_binding_tranformer_test.go +++ b/pkg/middlewares/google_iam_binding_tranformer_test.go @@ -18,6 +18,29 @@ func TestGoogleProjectIAMBindingTransformer_Execute(t *testing.T) { expected []*resource.Resource mock func(factory *terraform.MockResourceFactory) }{ + { + name: "Test that bindings with nil members does not cause any crash", + resourcesFromState: []*resource.Resource{ + { + Type: google.GoogleStorageBucketIamBindingResourceType, + Attrs: &resource.Attributes{ + "bucket": "hey", + "role": "storage.admin", + "members": nil, + }, + }, + { + Type: google.GoogleProjectIamBindingResourceType, + Attrs: &resource.Attributes{ + "project": "coucou", + "role": "storage.admin", + "members": nil, + }, + }, + }, + expected: []*resource.Resource{}, + mock: nil, + }, { "Test that project bindings are transformed into member", []*resource.Resource{ diff --git a/pkg/middlewares/google_iam_binding_transformer.go b/pkg/middlewares/google_iam_binding_transformer.go index 529b02173..820f33ea4 100644 --- a/pkg/middlewares/google_iam_binding_transformer.go +++ b/pkg/middlewares/google_iam_binding_transformer.go @@ -39,7 +39,11 @@ func (m *GoogleIAMBindingTransformer) Execute(_, resourcesFromState *[]*resource resName := *stateRes.Attrs.GetString(resField) roleName := *stateRes.Attrs.GetString("role") - members, _ := stateRes.Attrs.Get("members") + members, exist := stateRes.Attrs.Get("members") + + if !exist || members == nil { + continue + } for _, member := range members.([]interface{}) { id := fmt.Sprintf("%s/%s/%s", resName, roleName, member)