change the behaviour to allow matching only on the tag name when excl…

…uding resources from being nuked, fix #822

README.md

@@ -528,12 +528,13 @@ s3:
 #### Tag Filter
 
 You can also exclude resources by tags. The following config will exclude all s3 buckets that have a tag with key `foo`
-and value `true` (case-insensitive).
+if the specified tag has a value, it must be set to `true` (case-insensitive),
+if the tag value is not set, cloud-nuke will only check for the tag name.
 
 ```yaml
 s3:
   exclude:
-    tag: 'foo'
+    tag: 'foo' # exclude if tag foo exists with empty value or 'true'
 ```
 #### Timeout
 You have the flexibility to set individual timeout options for specific resources. The execution will pause until the designated timeout is reached for each resource.

config/config.go

@@ -395,7 +395,7 @@ func (r ResourceType) ShouldIncludeBasedOnTag(tags map[string]string) bool {
 	// Handle exclude rule first
 	exclusionTag := r.getExclusionTag()
 	if value, ok := tags[exclusionTag]; ok {
-		if strings.ToLower(value) == "true" {
+		if strings.ToLower(value) == "true" || value == "" {
 			return false
 		}
 	}

config/config_test.go

@@ -357,13 +357,13 @@ func TestShouldIncludeBasedOnTag(t *testing.T) {
 		expect bool
 	}{
 		{
-			name:   "should exclude resource, with default tag",
+			name:   "should include resource, with default exclude tag",
 			given:  arg{},
 			when:   map[string]string{DefaultAwsResourceExclusionTagKey: "true"},
 			expect: false,
 		},
 		{
-			name: "should exclude resource, with custom tag",
+			name: "should include resource, with custom exclude tag",
 			given: arg{
 				ExcludeRule: FilterRule{
 					Tag: aws.String("my-custom-skip-tag"),
@@ -374,7 +374,24 @@ func TestShouldIncludeBasedOnTag(t *testing.T) {
 			expect: false,
 		},
 		{
-			name: "should include resource when not explicitly set to true",
+			name: "should include resource, with custom exclude tag and empty value",
+			given: arg{
+				ExcludeRule: FilterRule{
+					Tag: aws.String("my-custom-skip-tag"),
+				},
+				ProtectUntilExpire: false,
+			},
+			when:   map[string]string{"my-custom-skip-tag": ""},
+			expect: false,
+		},
+		{
+			name:   "should include resource, when default exclude tag value is empty",
+			given:  arg{},
+			when:   map[string]string{DefaultAwsResourceExclusionTagKey: ""},
+			expect: false,
+		},
+		{
+			name: "should include resource, when default exclude tag is not explicitly set to true",
 			given: arg{
 				ExcludeRule: FilterRule{
 					Tag: aws.String(DefaultAwsResourceExclusionTagKey),
@@ -396,7 +413,7 @@ func TestShouldIncludeBasedOnTag(t *testing.T) {
 			expect: true,
 		},
 		{
-			name: "should skip resource with protect until expire is set",
+			name: "should include resource, when protect until expire is set to time in future",
 			given: arg{
 				ExcludeRule:        FilterRule{},
 				ProtectUntilExpire: true,
@@ -405,7 +422,7 @@ func TestShouldIncludeBasedOnTag(t *testing.T) {
 			expect: false,
 		},
 		{
-			name: "should include resource with if protection expire is in the past",
+			name: "should include resource, when protect until expire is set to time in the past",
 			given: arg{
 				ExcludeRule:        FilterRule{},
 				ProtectUntilExpire: true,
@@ -434,17 +451,17 @@ func TestShouldIncludeWithTags(t *testing.T) {
 		want bool
 	}{
 		{
-			name: "should include when there resource has no tags",
+			name: "should include when resource has no tags",
 			tags: map[string]string{},
 			want: true,
 		},
 		{
-			name: "should include when there resource has tags",
+			name: "should include when resource has tags",
 			tags: map[string]string{"env": "production"},
 			want: true,
 		},
 		{
-			name: "should exclude when there resource has default skip tag",
+			name: "should include when resource has default skip tag set",
 			tags: map[string]string{DefaultAwsResourceExclusionTagKey: "true"},
 			want: false,
 		},