From c850156f2169f2c2be0cc5de1aa15a5f4e0dbf3c Mon Sep 17 00:00:00 2001 From: Erik Kristensen Date: Fri, 21 Jun 2024 17:14:04 -0600 Subject: [PATCH 1/4] fix(deps): update module github.com/ekristen/libnuke to v0.17.0 --- go.mod | 2 +- go.sum | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/go.mod b/go.mod index ba62e563..9f6a02e7 100644 --- a/go.mod +++ b/go.mod @@ -4,7 +4,7 @@ go 1.21.6 require ( github.com/aws/aws-sdk-go v1.53.19 - github.com/ekristen/libnuke v0.15.1 + github.com/ekristen/libnuke v0.17.0 github.com/fatih/color v1.17.0 github.com/golang/mock v1.6.0 github.com/google/uuid v1.6.0 diff --git a/go.sum b/go.sum index abd697ba..d0b369fa 100644 --- a/go.sum +++ b/go.sum @@ -20,6 +20,8 @@ github.com/ekristen/libnuke v0.15.0 h1:YiQo8E32cZucz1UI14OPikSRl1UoyIp02rntrVeX3 github.com/ekristen/libnuke v0.15.0/go.mod h1:riI1tjCf6r+et/9oUBd1vQeFmn2Sn6UeFUR0nWkMeYw= github.com/ekristen/libnuke v0.15.1 h1:qOfGxnFYuCGaFW4g+J6QHvphhkHoeb0i5Z7VuaIOGSQ= github.com/ekristen/libnuke v0.15.1/go.mod h1:riI1tjCf6r+et/9oUBd1vQeFmn2Sn6UeFUR0nWkMeYw= +github.com/ekristen/libnuke v0.17.0 h1:DrTHsRh7eHBIbCKwrzpTzAdngDUAnnq61J/1I3+kDTM= +github.com/ekristen/libnuke v0.17.0/go.mod h1:riI1tjCf6r+et/9oUBd1vQeFmn2Sn6UeFUR0nWkMeYw= github.com/fatih/color v1.16.0 h1:zmkK9Ngbjj+K0yRhTVONQh1p/HknKYSlNT+vZCzyokM= github.com/fatih/color v1.16.0/go.mod h1:fL2Sau1YI5c0pdGEVCbKQbLXB6edEj1ZgiY4NijnWvE= github.com/fatih/color v1.17.0 h1:GlRw1BRJxkpqUCBKzKOw098ed57fEsKeNjpTe3cSjK4= From e6543698b0d0d0699a206da1fcaa3e04d56d1d70 Mon Sep 17 00:00:00 2001 From: Erik Kristensen Date: Fri, 21 Jun 2024 17:14:45 -0600 Subject: [PATCH 2/4] refactor: use setting get bool instead of get to avoid nil pointer --- resources/cloudformation-stack.go | 2 +- resources/ec2-image.go | 16 ++++++++-------- resources/ec2-instance.go | 4 ++-- resources/elbv2-alb.go | 2 +- resources/lightsail-instances.go | 5 +++-- resources/qldb-ledger.go | 2 +- resources/quicksight-subscriptions.go | 2 +- resources/rds-instances.go | 2 +- 8 files changed, 18 insertions(+), 17 deletions(-) diff --git a/resources/cloudformation-stack.go b/resources/cloudformation-stack.go index d7a53510..cdbc7559 100644 --- a/resources/cloudformation-stack.go +++ b/resources/cloudformation-stack.go @@ -106,7 +106,7 @@ func (cfs *CloudFormationStack) removeWithAttempts(attempt int) error { if ok && awsErr.Code() == "ValidationError" && awsErr.Message() == "Stack ["+*cfs.stack.StackName+"] cannot be deleted while TerminationProtection is enabled" { // check if the setting for the resource is set to allow deletion protection to be disabled - if cfs.settings.Get("DisableDeletionProtection").(bool) { + if cfs.settings.GetBool("DisableDeletionProtection") { logrus.Infof("CloudFormationStack stackName=%s attempt=%d maxAttempts=%d updating termination protection", *cfs.stack.StackName, attempt, cfs.maxDeleteAttempts) _, err = cfs.svc.UpdateTerminationProtection(&cloudformation.UpdateTerminationProtectionInput{ diff --git a/resources/ec2-image.go b/resources/ec2-image.go index 3412ee7c..1b477500 100644 --- a/resources/ec2-image.go +++ b/resources/ec2-image.go @@ -95,7 +95,7 @@ type EC2Image struct { } func (e *EC2Image) Filter() error { - if *e.state == "pending" { + if ptr.ToString(e.state) == "pending" { return fmt.Errorf("ineligible state for removal") } @@ -104,19 +104,19 @@ func (e *EC2Image) Filter() error { strings.ReplaceAll(*e.deregistrationProtection, "disabled after ", "")) } - if *e.deregistrationProtection != ec2.ImageStateDisabled { - if e.settings.Get(DisableDeregistrationProtectionSetting) == nil || - (e.settings.Get(DisableDeregistrationProtectionSetting) != nil && - !e.settings.Get(DisableDeregistrationProtectionSetting).(bool)) { + if ptr.ToString(e.deregistrationProtection) != ec2.ImageStateDisabled { + if !e.settings.GetBool(DisableDeregistrationProtectionSetting) || !e.settings.GetBool(DisableDeregistrationProtectionSetting) { return fmt.Errorf("deregistration protection is enabled") } } - if !e.settings.Get(IncludeDeprecatedSetting).(bool) && e.deprecated != nil && *e.deprecated { + // TODO(v4): enable by default + if !e.settings.GetBool(IncludeDeprecatedSetting) && ptr.ToBool(e.deprecated) { return fmt.Errorf("excluded by %s setting being false", IncludeDeprecatedSetting) } - if !e.settings.Get(IncludeDisabledSetting).(bool) && e.state != nil && *e.state == ec2.ImageStateDisabled { + // TODO(v4): enable by default + if !e.settings.GetBool(IncludeDisabledSetting) && ptr.ToString(e.state) == ec2.ImageStateDisabled { return fmt.Errorf("excluded by %s setting being false", IncludeDisabledSetting) } @@ -144,7 +144,7 @@ func (e *EC2Image) removeDeregistrationProtection() error { return nil } - if !e.settings.Get(DisableDeregistrationProtectionSetting).(bool) { + if !e.settings.GetBool(DisableDeregistrationProtectionSetting) { return nil } diff --git a/resources/ec2-instance.go b/resources/ec2-instance.go index 6f48e6ac..a054f9fb 100644 --- a/resources/ec2-instance.go +++ b/resources/ec2-instance.go @@ -102,7 +102,7 @@ func (i *EC2Instance) Remove(_ context.Context) error { if ok && awsErr.Code() == awsutil.ErrCodeOperationNotPermitted && awsErr.Message() == "The instance '"+*i.instance.InstanceId+"' may not be "+ "terminated. Modify its 'disableApiTermination' instance attribute and "+ - "try again." && i.settings.Get("DisableDeletionProtection").(bool) { + "try again." && i.settings.GetBool("DisableDeletionProtection") { termErr := i.DisableTerminationProtection() if termErr != nil { return termErr @@ -119,7 +119,7 @@ func (i *EC2Instance) Remove(_ context.Context) error { if ok && awsErr.Code() == "OperationNotPermitted" && awsErr.Message() == "The instance '"+*i.instance.InstanceId+"' may not be "+ "terminated. Modify its 'disableApiStop' instance attribute and try "+ - "again." && i.settings.Get("DisableStopProtection").(bool) { + "again." && i.settings.GetBool("DisableStopProtection") { stopErr := i.DisableStopProtection() if stopErr != nil { return stopErr diff --git a/resources/elbv2-alb.go b/resources/elbv2-alb.go index 8e03c579..bc495d1b 100644 --- a/resources/elbv2-alb.go +++ b/resources/elbv2-alb.go @@ -97,7 +97,7 @@ func (e *ELBv2LoadBalancer) Remove(_ context.Context) error { } if _, err := e.svc.DeleteLoadBalancer(params); err != nil { - if e.settings.Get("DisableDeletionProtection").(bool) { + if e.settings.GetBool("DisableDeletionProtection") { var awsErr awserr.Error ok := errors.As(err, &awsErr) if ok && awsErr.Code() == "OperationNotPermitted" && diff --git a/resources/lightsail-instances.go b/resources/lightsail-instances.go index 285e1687..e1bd40e1 100644 --- a/resources/lightsail-instances.go +++ b/resources/lightsail-instances.go @@ -3,7 +3,8 @@ package resources import ( "context" - "github.com/aws/aws-sdk-go/aws" + "github.com/gotidy/ptr" + "github.com/aws/aws-sdk-go/service/lightsail" "github.com/ekristen/libnuke/pkg/registry" @@ -73,7 +74,7 @@ func (f *LightsailInstance) Settings(setting *libsettings.Setting) { func (f *LightsailInstance) Remove(_ context.Context) error { _, err := f.svc.DeleteInstance(&lightsail.DeleteInstanceInput{ InstanceName: f.instanceName, - ForceDeleteAddOns: aws.Bool(f.settings.Get("ForceDeleteAddOns").(bool)), + ForceDeleteAddOns: ptr.Bool(f.settings.GetBool("ForceDeleteAddOns")), }) return err diff --git a/resources/qldb-ledger.go b/resources/qldb-ledger.go index 78ed326b..c1ae7966 100644 --- a/resources/qldb-ledger.go +++ b/resources/qldb-ledger.go @@ -74,7 +74,7 @@ func (l *QLDBLedger) Settings(setting *libsettings.Setting) { } func (l *QLDBLedger) Remove(_ context.Context) error { - if aws.BoolValue(l.ledger.DeletionProtection) && l.settings.Get("DisableDeletionProtection").(bool) { + if aws.BoolValue(l.ledger.DeletionProtection) && l.settings.GetBool("DisableDeletionProtection") { modifyParams := &qldb.UpdateLedgerInput{ DeletionProtection: aws.Bool(false), Name: l.ledger.Name, diff --git a/resources/quicksight-subscriptions.go b/resources/quicksight-subscriptions.go index 7b48d308..be8a614c 100644 --- a/resources/quicksight-subscriptions.go +++ b/resources/quicksight-subscriptions.go @@ -99,7 +99,7 @@ func (l *QuickSightSubscriptionLister) List(_ context.Context, o interface{}) ([ } func (r *QuickSightSubscription) Remove(_ context.Context) error { - if r.settings != nil && r.settings.Get("DisableTerminationProtection").(bool) { + if r.settings != nil && r.settings.GetBool("DisableTerminationProtection") { err := r.DisableTerminationProtection() if err != nil { return err diff --git a/resources/rds-instances.go b/resources/rds-instances.go index 19b27f31..599d1c3b 100644 --- a/resources/rds-instances.go +++ b/resources/rds-instances.go @@ -74,7 +74,7 @@ func (i *RDSInstance) Settings(settings *libsettings.Setting) { } func (i *RDSInstance) Remove(_ context.Context) error { - if aws.BoolValue(i.instance.DeletionProtection) && i.settings.Get("DisableDeletionProtection").(bool) { + if aws.BoolValue(i.instance.DeletionProtection) && i.settings.GetBool("DisableDeletionProtection") { modifyParams := &rds.ModifyDBInstanceInput{ DBInstanceIdentifier: i.instance.DBInstanceIdentifier, DeletionProtection: aws.Bool(false), From 254c3c273e071e7972ba9fb16bf899e6a8a609c4 Mon Sep 17 00:00:00 2001 From: Erik Kristensen Date: Fri, 21 Jun 2024 17:50:22 -0600 Subject: [PATCH 3/4] fix(deps): update module github.com/ekristen/libnuke to v0.17.1 --- go.mod | 2 +- go.sum | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/go.mod b/go.mod index 9f6a02e7..d7acde27 100644 --- a/go.mod +++ b/go.mod @@ -4,7 +4,7 @@ go 1.21.6 require ( github.com/aws/aws-sdk-go v1.53.19 - github.com/ekristen/libnuke v0.17.0 + github.com/ekristen/libnuke v0.17.1 github.com/fatih/color v1.17.0 github.com/golang/mock v1.6.0 github.com/google/uuid v1.6.0 diff --git a/go.sum b/go.sum index d0b369fa..f699f3c4 100644 --- a/go.sum +++ b/go.sum @@ -22,6 +22,8 @@ github.com/ekristen/libnuke v0.15.1 h1:qOfGxnFYuCGaFW4g+J6QHvphhkHoeb0i5Z7VuaIOG github.com/ekristen/libnuke v0.15.1/go.mod h1:riI1tjCf6r+et/9oUBd1vQeFmn2Sn6UeFUR0nWkMeYw= github.com/ekristen/libnuke v0.17.0 h1:DrTHsRh7eHBIbCKwrzpTzAdngDUAnnq61J/1I3+kDTM= github.com/ekristen/libnuke v0.17.0/go.mod h1:riI1tjCf6r+et/9oUBd1vQeFmn2Sn6UeFUR0nWkMeYw= +github.com/ekristen/libnuke v0.17.1 h1:bEroAfJ18eEKq+1B6n1QSJi9NvwIu9RFUxwOrjwn1xI= +github.com/ekristen/libnuke v0.17.1/go.mod h1:riI1tjCf6r+et/9oUBd1vQeFmn2Sn6UeFUR0nWkMeYw= github.com/fatih/color v1.16.0 h1:zmkK9Ngbjj+K0yRhTVONQh1p/HknKYSlNT+vZCzyokM= github.com/fatih/color v1.16.0/go.mod h1:fL2Sau1YI5c0pdGEVCbKQbLXB6edEj1ZgiY4NijnWvE= github.com/fatih/color v1.17.0 h1:GlRw1BRJxkpqUCBKzKOw098ed57fEsKeNjpTe3cSjK4= From 8a0bfaa1a2ee860bbd0490e25e12cc589c20a09b Mon Sep 17 00:00:00 2001 From: Erik Kristensen Date: Fri, 21 Jun 2024 18:01:02 -0600 Subject: [PATCH 4/4] fix: if logic around deregistration protection --- resources/ec2-image.go | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/resources/ec2-image.go b/resources/ec2-image.go index 1b477500..b44bc491 100644 --- a/resources/ec2-image.go +++ b/resources/ec2-image.go @@ -104,10 +104,9 @@ func (e *EC2Image) Filter() error { strings.ReplaceAll(*e.deregistrationProtection, "disabled after ", "")) } - if ptr.ToString(e.deregistrationProtection) != ec2.ImageStateDisabled { - if !e.settings.GetBool(DisableDeregistrationProtectionSetting) || !e.settings.GetBool(DisableDeregistrationProtectionSetting) { - return fmt.Errorf("deregistration protection is enabled") - } + if ptr.ToString(e.deregistrationProtection) != ec2.ImageStateDisabled && + !e.settings.GetBool(DisableDeregistrationProtectionSetting) { + return fmt.Errorf("deregistration protection is enabled") } // TODO(v4): enable by default