diff --git a/resources/wafv2-api-key.go b/resources/wafv2-api-key.go new file mode 100644 index 00000000..33882020 --- /dev/null +++ b/resources/wafv2-api-key.go @@ -0,0 +1,122 @@ +package resources + +import ( + "context" + "strings" + "time" + + "github.com/aws/aws-sdk-go/aws" + "github.com/aws/aws-sdk-go/aws/endpoints" + "github.com/aws/aws-sdk-go/service/wafv2" + + "github.com/ekristen/libnuke/pkg/registry" + "github.com/ekristen/libnuke/pkg/resource" + "github.com/ekristen/libnuke/pkg/types" + + "github.com/ekristen/aws-nuke/v3/pkg/nuke" +) + +const WAFv2APIKeyResource = "WAFv2APIKey" // #nosec G101 + +func init() { + registry.Register(®istry.Registration{ + Name: WAFv2APIKeyResource, + Scope: nuke.Account, + Lister: &WAFv2APIKeyLister{}, + }) +} + +type WAFv2APIKeyLister struct{} + +func (l *WAFv2APIKeyLister) List(_ context.Context, o interface{}) ([]resource.Resource, error) { + opts := o.(*nuke.ListerOpts) + var resources []resource.Resource + + svc := wafv2.New(opts.Session) + + params := &wafv2.ListAPIKeysInput{ + Limit: aws.Int64(50), + Scope: aws.String("REGIONAL"), + } + + output, err := getAPIKeys(svc, params) + if err != nil { + return []resource.Resource{}, err + } + + resources = append(resources, output...) + + if *opts.Session.Config.Region == endpoints.UsEast1RegionID { + params.Scope = aws.String("CLOUDFRONT") + + output, err := getAPIKeys(svc, params) + if err != nil { + return []resource.Resource{}, err + } + + resources = append(resources, output...) + } + + return resources, nil +} + +func getAPIKeys(svc *wafv2.WAFV2, params *wafv2.ListAPIKeysInput) ([]resource.Resource, error) { + var resources []resource.Resource + + for { + resp, err := svc.ListAPIKeys(params) + if err != nil { + return nil, err + } + + for _, apiKey := range resp.APIKeySummaries { + var tokenDomains []string + for _, tokenDomain := range apiKey.TokenDomains { + tokenDomains = append(tokenDomains, *tokenDomain) + } + + resources = append(resources, &WAFv2APIKey{ + svc: svc, + apiKey: apiKey.APIKey, + TokenDomains: tokenDomains, + Scope: params.Scope, + CreateDate: apiKey.CreationTimestamp, + }) + } + + if resp.NextMarker == nil { + break + } + + params.NextMarker = resp.NextMarker + } + + return resources, nil +} + +type WAFv2APIKey struct { + svc *wafv2.WAFV2 + apiKey *string + TokenDomains []string + Scope *string + CreateDate *time.Time +} + +func (r *WAFv2APIKey) Remove(_ context.Context) error { + _, err := r.svc.DeleteAPIKey(&wafv2.DeleteAPIKeyInput{ + APIKey: r.apiKey, + Scope: r.Scope, + }) + + return err +} + +func (r *WAFv2APIKey) String() string { + return (*r.apiKey)[:16] +} + +func (r *WAFv2APIKey) Properties() types.Properties { + return types.NewPropertiesFromStruct(r). + // Note: this is necessary because NewPropertiesFromStruct doesn't handle slices of strings + Set("TokenDomains", strings.Join(r.TokenDomains, ",")) +} diff --git a/resources/wafv2-rulegroup.go b/resources/wafv2-rulegroup.go index ab1551de..9569e6f0 100644 --- a/resources/wafv2-rulegroup.go +++ b/resources/wafv2-rulegroup.go @@ -4,6 +4,7 @@ import ( "context" "github.com/aws/aws-sdk-go/aws" + "github.com/aws/aws-sdk-go/aws/endpoints" "github.com/aws/aws-sdk-go/service/wafv2" "github.com/ekristen/libnuke/pkg/registry" @@ -43,7 +44,7 @@ func (l *WAFv2RuleGroupLister) List(_ context.Context, o interface{}) ([]resourc resources = append(resources, output...) - if *opts.Session.Config.Region == "us-east-1" { + if *opts.Session.Config.Region == endpoints.UsEast1RegionID { params.Scope = aws.String("CLOUDFRONT") output, err := getRuleGroups(svc, params) diff --git a/resources/wafv2-webacls.go b/resources/wafv2-webacls.go index 8aaed46e..fe822f1c 100644 --- a/resources/wafv2-webacls.go +++ b/resources/wafv2-webacls.go @@ -4,6 +4,7 @@ import ( "context" "github.com/aws/aws-sdk-go/aws" + "github.com/aws/aws-sdk-go/aws/endpoints" "github.com/aws/aws-sdk-go/service/wafv2" "github.com/ekristen/libnuke/pkg/registry" @@ -43,7 +44,7 @@ func (l *WAFv2WebACLLister) List(_ context.Context, o interface{}) ([]resource.R resources = append(resources, output...) - if *opts.Session.Config.Region == "us-east-1" { + if *opts.Session.Config.Region == endpoints.UsEast1RegionID { params.Scope = aws.String("CLOUDFRONT") output, err := getWebACLs(svc, params)