Skip to content

Commit

Permalink
fix: no name tag resources are listing for nuke with include filter
Browse files Browse the repository at this point in the history
  • Loading branch information
james03160927 committed Aug 8, 2024
1 parent 6c07bd2 commit c19f856
Show file tree
Hide file tree
Showing 4 changed files with 20 additions and 16 deletions.
2 changes: 1 addition & 1 deletion aws/resources/kms_customer_key.go
Original file line number Diff line number Diff line change
Expand Up @@ -106,7 +106,7 @@ func (kck *KmsCustomerKeys) shouldInclude(
includedByName := false
// verify if key aliases matches configurations
for _, alias := range aliases {
if config.ShouldInclude(alias, configObj.KMSCustomerKeys.IncludeRule.NamesRegExp,
if config.ShouldInclude(&alias, configObj.KMSCustomerKeys.IncludeRule.NamesRegExp,
configObj.KMSCustomerKeys.ExcludeRule.NamesRegExp) {
includedByName = true
}
Expand Down
2 changes: 1 addition & 1 deletion aws/resources/sns.go
Original file line number Diff line number Diff line change
Expand Up @@ -127,7 +127,7 @@ func shouldIncludeSNS(topicArn string, excludeAfter, firstSeenTime time.Time, co
return false
}

return config.ShouldInclude(topicName, configObj.SNS.IncludeRule.NamesRegExp, configObj.SNS.ExcludeRule.NamesRegExp)
return config.ShouldInclude(&topicName, configObj.SNS.IncludeRule.NamesRegExp, configObj.SNS.ExcludeRule.NamesRegExp)
}

func (s *SNSTopic) nukeAll(identifiers []*string) error {
Expand Down
15 changes: 10 additions & 5 deletions config/config.go
Original file line number Diff line number Diff line change
Expand Up @@ -56,7 +56,6 @@ type Config struct {
EC2IPAMResourceDiscovery ResourceType `yaml:"EC2IPAMResourceDiscovery"`
EC2IPAMScope ResourceType `yaml:"EC2IPAMScope"`
EC2Endpoint ResourceType `yaml:"EC2Endpoint"`
EC2PlacementGroups ResourceType `yaml:"EC2PlacementGroups"`
EC2Subnet EC2ResourceType `yaml:"EC2Subnet"`
EgressOnlyInternetGateway ResourceType `yaml:"EgressOnlyInternetGateway"`
ECRRepository ResourceType `yaml:"ECRRepository"`
Expand Down Expand Up @@ -320,19 +319,25 @@ func matches(name string, regexps []Expression) bool {
}

// ShouldInclude - Checks if a resource's Name should be included according to the inclusion and exclusion rules
func ShouldInclude(name string, includeREs []Expression, excludeREs []Expression) bool {
func ShouldInclude(name *string, includeREs []Expression, excludeREs []Expression) bool {
var resourceName string
if name != nil {
resourceName = *name
}


if len(includeREs) == 0 && len(excludeREs) == 0 {
// If no rules are defined, should always include
return true
} else if matches(name, excludeREs) {
} else if matches(resourceName, excludeREs) {
// If a rule that exclude matches, should not include
return false
} else if len(includeREs) == 0 {
// Given the 'Name' is not in the 'exclude' list, should include if there is no 'include' list
return true
} else {
// Given there is a 'include' list, and 'Name' is there, should include
return matches(name, includeREs)
return matches(resourceName, includeREs)
}
}

Expand Down Expand Up @@ -403,7 +408,7 @@ func (r ResourceType) ShouldIncludeBasedOnTag(tags map[string]string) bool {
}

func (r ResourceType) ShouldInclude(value ResourceValue) bool {
if value.Name != nil && !ShouldInclude(*value.Name, r.IncludeRule.NamesRegExp, r.ExcludeRule.NamesRegExp) {
if !ShouldInclude(value.Name, r.IncludeRule.NamesRegExp, r.ExcludeRule.NamesRegExp) {
return false
} else if value.Time != nil && !r.ShouldIncludeBasedOnTime(*value.Time) {
return false
Expand Down
17 changes: 8 additions & 9 deletions config/config_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -48,7 +48,6 @@ func emptyConfig() *Config {
EC2IPAMResourceDiscovery: ResourceType{FilterRule{}, FilterRule{}, "",false},
EC2IPAMScope: ResourceType{FilterRule{}, FilterRule{}, "",false},
EC2Endpoint: ResourceType{FilterRule{}, FilterRule{}, "",false},
EC2PlacementGroups: ResourceType{FilterRule{}, FilterRule{}, "",false},
EC2Subnet: EC2ResourceType{false, ResourceType{FilterRule{}, FilterRule{}, "",false}},
EgressOnlyInternetGateway: ResourceType{FilterRule{}, FilterRule{}, "",false},
ECRRepository: ResourceType{FilterRule{}, FilterRule{}, "",false},
Expand Down Expand Up @@ -161,7 +160,7 @@ func TestShouldInclude_AllowWhenEmpty(t *testing.T) {
var includeREs []Expression
var excludeREs []Expression

assert.True(t, ShouldInclude("test-open-vpn", includeREs, excludeREs),
assert.True(t, ShouldInclude(aws.String("test-open-vpn"), includeREs, excludeREs),
"Should include when both lists are empty")
}

Expand All @@ -172,9 +171,9 @@ func TestShouldInclude_ExcludeWhenMatches(t *testing.T) {
require.NoError(t, err)
excludeREs := []Expression{{RE: *exclude}}

assert.False(t, ShouldInclude("test-openvpn-123", includeREs, excludeREs),
assert.False(t, ShouldInclude(aws.String("test-openvpn-123"), includeREs, excludeREs),
"Should not include when matches from the 'exclude' list")
assert.True(t, ShouldInclude("tf-state-bucket", includeREs, excludeREs),
assert.True(t, ShouldInclude(aws.String("tf-state-bucket"), includeREs, excludeREs),
"Should include when doesn't matches from the 'exclude' list")
}

Expand All @@ -185,9 +184,9 @@ func TestShouldInclude_IncludeWhenMatches(t *testing.T) {

var excludeREs []Expression

assert.True(t, ShouldInclude("test-openvpn-123", includeREs, excludeREs),
assert.True(t, ShouldInclude(aws.String("test-openvpn-123"), includeREs, excludeREs),
"Should include when matches the 'include' list")
assert.False(t, ShouldInclude("test-vpc-123", includeREs, excludeREs),
assert.False(t, ShouldInclude(aws.String("test-vpc-123"), includeREs, excludeREs),
"Should not include when doesn't matches the 'include' list")
}

Expand All @@ -200,11 +199,11 @@ func TestShouldInclude_WhenMatchesIncludeAndExclude(t *testing.T) {
require.NoError(t, err)
excludeREs := []Expression{{RE: *exclude}}

assert.True(t, ShouldInclude("test-eks-cluster-123", includeREs, excludeREs),
assert.True(t, ShouldInclude(aws.String("test-eks-cluster-123"), includeREs, excludeREs),
"Should include when matches the 'include' list but not matches the 'exclude' list")
assert.False(t, ShouldInclude("test-openvpn-123", includeREs, excludeREs),
assert.False(t, ShouldInclude(aws.String("test-openvpn-123"), includeREs, excludeREs),
"Should not include when matches 'exclude' list")
assert.False(t, ShouldInclude("terraform-tf-state", includeREs, excludeREs),
assert.False(t, ShouldInclude(aws.String("terraform-tf-state"), includeREs, excludeREs),
"Should not include when doesn't matches 'include' list")
}

Expand Down

0 comments on commit c19f856

Please sign in to comment.