From 96210d8ca70acd51f4113b10e34d1c31825d8e7e Mon Sep 17 00:00:00 2001 From: Erik Kristensen Date: Thu, 26 Sep 2024 18:10:46 -0600 Subject: [PATCH 01/13] feat(api-gateway-api-key): support properties --- ...teway-apikeys.go => apigateway-api-key.go} | 24 ++++++++++++++----- 1 file changed, 18 insertions(+), 6 deletions(-) rename resources/{apigateway-apikeys.go => apigateway-api-key.go} (75%) diff --git a/resources/apigateway-apikeys.go b/resources/apigateway-api-key.go similarity index 75% rename from resources/apigateway-apikeys.go rename to resources/apigateway-api-key.go index b4233e2e..51602aa5 100644 --- a/resources/apigateway-apikeys.go +++ b/resources/apigateway-api-key.go @@ -2,12 +2,14 @@ package resources import ( "context" + "time" "github.com/aws/aws-sdk-go/aws" "github.com/aws/aws-sdk-go/service/apigateway" "github.com/ekristen/libnuke/pkg/registry" "github.com/ekristen/libnuke/pkg/resource" + "github.com/ekristen/libnuke/pkg/types" "github.com/ekristen/aws-nuke/v3/pkg/nuke" ) @@ -43,8 +45,11 @@ func (l *APIGatewayAPIKeyLister) List(_ context.Context, o interface{}) ([]resou for _, item := range output.Items { resources = append(resources, &APIGatewayAPIKey{ - svc: svc, - APIKey: item.Id, + svc: svc, + apiKey: item.Id, + Name: item.Name, + Tags: item.Tags, + CreatedDate: item.CreatedDate, }) } @@ -59,18 +64,25 @@ func (l *APIGatewayAPIKeyLister) List(_ context.Context, o interface{}) ([]resou } type APIGatewayAPIKey struct { - svc *apigateway.APIGateway - APIKey *string + svc *apigateway.APIGateway + apiKey *string + Name *string + Tags map[string]*string + CreatedDate *time.Time } func (f *APIGatewayAPIKey) Remove(_ context.Context) error { _, err := f.svc.DeleteApiKey(&apigateway.DeleteApiKeyInput{ - ApiKey: f.APIKey, + ApiKey: f.apiKey, }) return err } +func (f *APIGatewayAPIKey) Properties() types.Properties { + return types.NewPropertiesFromStruct(f) +} + func (f *APIGatewayAPIKey) String() string { - return *f.APIKey + return *f.apiKey } From 9e0747fef75fd5d108a7622ed89496a8419f3572 Mon Sep 17 00:00:00 2001 From: Erik Kristensen Date: Thu, 26 Sep 2024 18:13:06 -0600 Subject: [PATCH 02/13] refactor(api-gateway-usage-plan): standardization --- ...usageplans.go => apigateway-usage-plan.go} | 43 ++++++++----------- 1 file changed, 17 insertions(+), 26 deletions(-) rename resources/{apigateway-usageplans.go => apigateway-usage-plan.go} (68%) diff --git a/resources/apigateway-usageplans.go b/resources/apigateway-usage-plan.go similarity index 68% rename from resources/apigateway-usageplans.go rename to resources/apigateway-usage-plan.go index c66c847b..3e0d0e30 100644 --- a/resources/apigateway-usageplans.go +++ b/resources/apigateway-usage-plan.go @@ -26,13 +26,6 @@ func init() { type APIGatewayUsagePlanLister struct{} -type APIGatewayUsagePlan struct { - svc *apigateway.APIGateway - usagePlanID *string - name *string - tags map[string]*string -} - func (l *APIGatewayUsagePlanLister) List(_ context.Context, o interface{}) ([]resource.Resource, error) { opts := o.(*nuke.ListerOpts) svc := apigateway.New(opts.Session) @@ -51,9 +44,9 @@ func (l *APIGatewayUsagePlanLister) List(_ context.Context, o interface{}) ([]re for _, item := range output.Items { resources = append(resources, &APIGatewayUsagePlan{ svc: svc, - usagePlanID: item.Id, - name: item.Name, - tags: item.Tags, + UsagePlanID: item.Id, + Name: item.Name, + Tags: item.Tags, }) } @@ -67,27 +60,25 @@ func (l *APIGatewayUsagePlanLister) List(_ context.Context, o interface{}) ([]re return resources, nil } -func (f *APIGatewayUsagePlan) Remove(_ context.Context) error { - _, err := f.svc.DeleteUsagePlan(&apigateway.DeleteUsagePlanInput{ - UsagePlanId: f.usagePlanID, +type APIGatewayUsagePlan struct { + svc *apigateway.APIGateway + UsagePlanID *string + Name *string + Tags map[string]*string +} + +func (r *APIGatewayUsagePlan) Remove(_ context.Context) error { + _, err := r.svc.DeleteUsagePlan(&apigateway.DeleteUsagePlanInput{ + UsagePlanId: r.UsagePlanID, }) return err } -func (f *APIGatewayUsagePlan) String() string { - return *f.usagePlanID +func (r *APIGatewayUsagePlan) String() string { + return *r.UsagePlanID } -func (f *APIGatewayUsagePlan) Properties() types.Properties { - properties := types.NewProperties() - - for key, tag := range f.tags { - properties.SetTag(&key, tag) - } - - properties. - Set("UsagePlanID", f.usagePlanID). - Set("Name", f.name) - return properties +func (r *APIGatewayUsagePlan) Properties() types.Properties { + return types.NewPropertiesFromStruct(r) } From eb70c92aa7aa085da8f210d8e02fbf590f38de06 Mon Sep 17 00:00:00 2001 From: Erik Kristensen Date: Thu, 26 Sep 2024 18:13:35 -0600 Subject: [PATCH 03/13] refactor(api-gateway-api-key): standardization - receiver names --- resources/apigateway-api-key.go | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/resources/apigateway-api-key.go b/resources/apigateway-api-key.go index 51602aa5..cc53b1f1 100644 --- a/resources/apigateway-api-key.go +++ b/resources/apigateway-api-key.go @@ -71,18 +71,18 @@ type APIGatewayAPIKey struct { CreatedDate *time.Time } -func (f *APIGatewayAPIKey) Remove(_ context.Context) error { - _, err := f.svc.DeleteApiKey(&apigateway.DeleteApiKeyInput{ - ApiKey: f.apiKey, +func (r *APIGatewayAPIKey) Remove(_ context.Context) error { + _, err := r.svc.DeleteApiKey(&apigateway.DeleteApiKeyInput{ + ApiKey: r.apiKey, }) return err } -func (f *APIGatewayAPIKey) Properties() types.Properties { - return types.NewPropertiesFromStruct(f) +func (r *APIGatewayAPIKey) Properties() types.Properties { + return types.NewPropertiesFromStruct(r) } -func (f *APIGatewayAPIKey) String() string { - return *f.apiKey +func (r *APIGatewayAPIKey) String() string { + return *r.apiKey } From 45fb8b8a5486a06f08e36b56d3aeac5334a4d7b6 Mon Sep 17 00:00:00 2001 From: Erik Kristensen Date: Mon, 30 Sep 2024 15:48:09 -0600 Subject: [PATCH 04/13] fix(dms-certificate): use correct delete function --- resources/databasemigrationservice-certificates.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/resources/databasemigrationservice-certificates.go b/resources/databasemigrationservice-certificates.go index 4e6d5995..b4616b96 100644 --- a/resources/databasemigrationservice-certificates.go +++ b/resources/databasemigrationservice-certificates.go @@ -63,8 +63,8 @@ type DatabaseMigrationServiceCertificate struct { } func (f *DatabaseMigrationServiceCertificate) Remove(_ context.Context) error { - _, err := f.svc.DeleteEndpoint(&databasemigrationservice.DeleteEndpointInput{ - EndpointArn: f.ARN, + _, err := f.svc.DeleteCertificate(&databasemigrationservice.DeleteCertificateInput{ + CertificateArn: f.ARN, }) return err From 2e3e61f377bfe5dbcdf04e971fc4debde7ab3239 Mon Sep 17 00:00:00 2001 From: Erik Kristensen Date: Mon, 30 Sep 2024 15:49:48 -0600 Subject: [PATCH 05/13] feat(dms-certificate): add properties --- ...go => databasemigrationservice-certificate.go} | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) rename resources/{databasemigrationservice-certificates.go => databasemigrationservice-certificate.go} (79%) diff --git a/resources/databasemigrationservice-certificates.go b/resources/databasemigrationservice-certificate.go similarity index 79% rename from resources/databasemigrationservice-certificates.go rename to resources/databasemigrationservice-certificate.go index b4616b96..cc6603e2 100644 --- a/resources/databasemigrationservice-certificates.go +++ b/resources/databasemigrationservice-certificate.go @@ -2,6 +2,7 @@ package resources import ( "context" + "github.com/ekristen/libnuke/pkg/types" "github.com/aws/aws-sdk-go/aws" "github.com/aws/aws-sdk-go/service/databasemigrationservice" @@ -62,14 +63,18 @@ type DatabaseMigrationServiceCertificate struct { ARN *string } -func (f *DatabaseMigrationServiceCertificate) Remove(_ context.Context) error { - _, err := f.svc.DeleteCertificate(&databasemigrationservice.DeleteCertificateInput{ - CertificateArn: f.ARN, +func (r *DatabaseMigrationServiceCertificate) Properties() types.Properties { + return types.NewPropertiesFromStruct(r) +} + +func (r *DatabaseMigrationServiceCertificate) Remove(_ context.Context) error { + _, err := r.svc.DeleteCertificate(&databasemigrationservice.DeleteCertificateInput{ + CertificateArn: r.ARN, }) return err } -func (f *DatabaseMigrationServiceCertificate) String() string { - return *f.ARN +func (r *DatabaseMigrationServiceCertificate) String() string { + return *r.ARN } From 8b95dddab5e5da278e80e0c7f30ec201fd1eb2a5 Mon Sep 17 00:00:00 2001 From: Erik Kristensen Date: Mon, 30 Sep 2024 16:00:46 -0600 Subject: [PATCH 06/13] feat(eks-fargate-profile): tag support --- ...{eks-fargate.go => eks-fargate-profile.go} | 45 ++++++++++++------- resources/eks-fargate-profile_mock_test.go | 20 +++++++++ 2 files changed, 49 insertions(+), 16 deletions(-) rename resources/{eks-fargate.go => eks-fargate-profile.go} (65%) create mode 100644 resources/eks-fargate-profile_mock_test.go diff --git a/resources/eks-fargate.go b/resources/eks-fargate-profile.go similarity index 65% rename from resources/eks-fargate.go rename to resources/eks-fargate-profile.go index 489397a4..ae8f1db5 100644 --- a/resources/eks-fargate.go +++ b/resources/eks-fargate-profile.go @@ -2,6 +2,8 @@ package resources import ( "context" + "github.com/sirupsen/logrus" + "time" "fmt" @@ -71,10 +73,21 @@ func (l *EKSFargateProfileLister) List(_ context.Context, o interface{}) ([]reso } for _, name := range resp.FargateProfileNames { + profResp, err := svc.DescribeFargateProfile(&eks.DescribeFargateProfileInput{ + ClusterName: clusterName, + FargateProfileName: name, + }) + if err != nil { + logrus.WithError(err).Error("unable to describe fargate profile") + continue + } + resources = append(resources, &EKSFargateProfile{ - svc: svc, - name: name, - cluster: clusterName, + svc: svc, + Name: name, + Cluster: clusterName, + CreatedAt: profResp.FargateProfile.CreatedAt, + Tags: profResp.FargateProfile.Tags, }) } @@ -91,25 +104,25 @@ func (l *EKSFargateProfileLister) List(_ context.Context, o interface{}) ([]reso } type EKSFargateProfile struct { - svc *eks.EKS - cluster *string - name *string + svc *eks.EKS + Cluster *string + Name *string + CreatedAt *time.Time + Tags map[string]*string } -func (fp *EKSFargateProfile) Remove(_ context.Context) error { - _, err := fp.svc.DeleteFargateProfile(&eks.DeleteFargateProfileInput{ - ClusterName: fp.cluster, - FargateProfileName: fp.name, +func (r *EKSFargateProfile) Remove(_ context.Context) error { + _, err := r.svc.DeleteFargateProfile(&eks.DeleteFargateProfileInput{ + ClusterName: r.Cluster, + FargateProfileName: r.Name, }) return err } -func (fp *EKSFargateProfile) Properties() types.Properties { - return types.NewProperties(). - Set("Cluster", *fp.cluster). - Set("Profile", *fp.name) +func (r *EKSFargateProfile) Properties() types.Properties { + return types.NewPropertiesFromStruct(r) } -func (fp *EKSFargateProfile) String() string { - return fmt.Sprintf("%s:%s", *fp.cluster, *fp.name) +func (r *EKSFargateProfile) String() string { + return fmt.Sprintf("%s:%s", *r.Cluster, *r.Name) } diff --git a/resources/eks-fargate-profile_mock_test.go b/resources/eks-fargate-profile_mock_test.go new file mode 100644 index 00000000..17af377d --- /dev/null +++ b/resources/eks-fargate-profile_mock_test.go @@ -0,0 +1,20 @@ +package resources + +import ( + "github.com/gotidy/ptr" + "github.com/stretchr/testify/assert" + "testing" +) + +func TestEKSFargateProperties(t *testing.T) { + resource := &EKSFargateProfile{ + Cluster: ptr.String("test-id"), + Name: ptr.String("test-name"), + } + + properties := resource.Properties() + + assert.Equal(t, "test-id", properties.Get("Cluster")) + assert.Equal(t, "test-name", properties.Get("Name")) + assert.Equal(t, "test-id:test-name", resource.String()) +} From 456b7d61c67bf1d0a4ea863a02a69214a1a58dfd Mon Sep 17 00:00:00 2001 From: Erik Kristensen Date: Mon, 30 Sep 2024 16:01:54 -0600 Subject: [PATCH 07/13] chore: fix lint violations --- resources/databasemigrationservice-certificate.go | 2 +- resources/eks-fargate-profile.go | 4 ++-- resources/eks-fargate-profile_mock_test.go | 3 ++- 3 files changed, 5 insertions(+), 4 deletions(-) diff --git a/resources/databasemigrationservice-certificate.go b/resources/databasemigrationservice-certificate.go index cc6603e2..ef2d546a 100644 --- a/resources/databasemigrationservice-certificate.go +++ b/resources/databasemigrationservice-certificate.go @@ -2,13 +2,13 @@ package resources import ( "context" - "github.com/ekristen/libnuke/pkg/types" "github.com/aws/aws-sdk-go/aws" "github.com/aws/aws-sdk-go/service/databasemigrationservice" "github.com/ekristen/libnuke/pkg/registry" "github.com/ekristen/libnuke/pkg/resource" + "github.com/ekristen/libnuke/pkg/types" "github.com/ekristen/aws-nuke/v3/pkg/nuke" ) diff --git a/resources/eks-fargate-profile.go b/resources/eks-fargate-profile.go index ae8f1db5..44d5f625 100644 --- a/resources/eks-fargate-profile.go +++ b/resources/eks-fargate-profile.go @@ -2,10 +2,10 @@ package resources import ( "context" - "github.com/sirupsen/logrus" + "fmt" "time" - "fmt" + "github.com/sirupsen/logrus" "github.com/aws/aws-sdk-go/aws" "github.com/aws/aws-sdk-go/service/eks" diff --git a/resources/eks-fargate-profile_mock_test.go b/resources/eks-fargate-profile_mock_test.go index 17af377d..b7b3717c 100644 --- a/resources/eks-fargate-profile_mock_test.go +++ b/resources/eks-fargate-profile_mock_test.go @@ -1,9 +1,10 @@ package resources import ( + "testing" + "github.com/gotidy/ptr" "github.com/stretchr/testify/assert" - "testing" ) func TestEKSFargateProperties(t *testing.T) { From 3fefccd452a95b1fa18df294dadc8a71f2ed5c2a Mon Sep 17 00:00:00 2001 From: Erik Kristensen Date: Mon, 30 Sep 2024 16:03:40 -0600 Subject: [PATCH 08/13] feat(mgn-source-server): disconnect before delete --- resources/{mgn-source-servers.go => mgn-source-server.go} | 7 +++++++ 1 file changed, 7 insertions(+) rename resources/{mgn-source-servers.go => mgn-source-server.go} (91%) diff --git a/resources/mgn-source-servers.go b/resources/mgn-source-server.go similarity index 91% rename from resources/mgn-source-servers.go rename to resources/mgn-source-server.go index 936846db..02cef99e 100644 --- a/resources/mgn-source-servers.go +++ b/resources/mgn-source-server.go @@ -76,6 +76,13 @@ type MGNSourceServer struct { } func (f *MGNSourceServer) Remove(_ context.Context) error { + // Disconnect source server from service first before delete + if _, err := f.svc.DisconnectFromService(&mgn.DisconnectFromServiceInput{ + SourceServerID: f.sourceServerID, + }); err != nil { + return err + } + _, err := f.svc.DeleteSourceServer(&mgn.DeleteSourceServerInput{ SourceServerID: f.sourceServerID, }) From 8de889a1fac10a6ab8a3ccb43bc8f6a3044ec9fa Mon Sep 17 00:00:00 2001 From: Erik Kristensen Date: Mon, 30 Sep 2024 16:46:30 -0600 Subject: [PATCH 09/13] feat(iam-role): allow removal of service-linked roles --- resources/{iam-roles.go => iam-role.go} | 11 +++++- ...les_mock_test.go => iam-role_mock_test.go} | 37 +++++++++++++++++++ 2 files changed, 47 insertions(+), 1 deletion(-) rename resources/{iam-roles.go => iam-role.go} (89%) rename resources/{iam-roles_mock_test.go => iam-role_mock_test.go} (75%) diff --git a/resources/iam-roles.go b/resources/iam-role.go similarity index 89% rename from resources/iam-roles.go rename to resources/iam-role.go index 56498dc7..e28df742 100644 --- a/resources/iam-roles.go +++ b/resources/iam-role.go @@ -14,6 +14,7 @@ import ( "github.com/ekristen/libnuke/pkg/registry" "github.com/ekristen/libnuke/pkg/resource" + libsettings "github.com/ekristen/libnuke/pkg/settings" "github.com/ekristen/libnuke/pkg/types" "github.com/ekristen/aws-nuke/v3/pkg/nuke" @@ -32,11 +33,15 @@ func init() { DeprecatedAliases: []string{ "IamRole", }, + Settings: []string{ + "IncludeServiceLinkedRoles", + }, }) } type IAMRole struct { svc iamiface.IAMAPI + settings *libsettings.Setting Name *string Path *string CreateDate *time.Time @@ -44,8 +49,12 @@ type IAMRole struct { Tags []*iam.Tag } +func (r *IAMRole) Settings(settings *libsettings.Setting) { + r.settings = settings +} + func (r *IAMRole) Filter() error { - if strings.HasPrefix(*r.Path, "/aws-service-role/") { + if strings.HasPrefix(*r.Path, "/aws-service-role/") && !r.settings.GetBool("IncludeServiceLinkedRoles") { return fmt.Errorf("cannot delete service roles") } if strings.HasPrefix(*r.Path, "/aws-reserved/sso.amazonaws.com/") { diff --git a/resources/iam-roles_mock_test.go b/resources/iam-role_mock_test.go similarity index 75% rename from resources/iam-roles_mock_test.go rename to resources/iam-role_mock_test.go index afe08013..26a0b873 100644 --- a/resources/iam-roles_mock_test.go +++ b/resources/iam-role_mock_test.go @@ -13,6 +13,8 @@ import ( "github.com/aws/aws-sdk-go/aws/session" "github.com/aws/aws-sdk-go/service/iam" + libsettings "github.com/ekristen/libnuke/pkg/settings" + "github.com/ekristen/aws-nuke/v3/mocks/mock_iamiface" "github.com/ekristen/aws-nuke/v3/pkg/nuke" ) @@ -67,6 +69,10 @@ func Test_Mock_IAMRole_List(t *testing.T) { a.Equal("/", *iamRole.Path) a.Equal(createDate.Format(time.RFC3339), iamRole.Properties().Get("CreateDate")) a.Equal(lastUsedDate.Format(time.RFC3339), iamRole.Properties().Get("LastUsedDate")) + + err = iamRole.Filter() + a.Nil(err) + } func Test_Mock_IAMRole_Remove(t *testing.T) { @@ -91,6 +97,37 @@ func Test_Mock_IAMRole_Remove(t *testing.T) { a.Nil(err) } +func Test_Mock_IAMRole_Filter_ServiceLinked(t *testing.T) { + a := assert.New(t) + ctrl := gomock.NewController(t) + defer ctrl.Finish() + + mockIAM := mock_iamiface.NewMockIAMAPI(ctrl) + + settings := &libsettings.Setting{} + + iamRole := IAMRole{ + svc: mockIAM, + settings: settings, + Name: ptr.String("test"), + Path: ptr.String("/aws-service-role/"), + Tags: []*iam.Tag{}, + } + + err := iamRole.Filter() + a.NotNil(err, "should not be able to delete service linked roles") + + iamRole.settings.Set("IncludeServiceLinkedRoles", false) + + err = iamRole.Filter() + a.NotNil(err, "should not be able to delete service linked roles") + + iamRole.settings.Set("IncludeServiceLinkedRoles", true) + + err = iamRole.Filter() + a.Nil(err, "should be able to delete service linked roles") +} + func Test_Mock_IAMRole_Properties(t *testing.T) { a := assert.New(t) ctrl := gomock.NewController(t) From f99edac203b75e0eb4ac2e8dc75d3c7b230563ce Mon Sep 17 00:00:00 2001 From: Erik Kristensen Date: Mon, 30 Sep 2024 16:50:13 -0600 Subject: [PATCH 10/13] docs(iam-role): detail the settings --- docs/resources/iam-role.md | 14 ++++++++++++++ mkdocs.yml | 1 + 2 files changed, 15 insertions(+) create mode 100644 docs/resources/iam-role.md diff --git a/docs/resources/iam-role.md b/docs/resources/iam-role.md new file mode 100644 index 00000000..efbabdd2 --- /dev/null +++ b/docs/resources/iam-role.md @@ -0,0 +1,14 @@ +# IAM Role + +This will remove all IAM Roles an AWS account. + +## Settings + +- `IncludeServiceLinkedRoles` + +### IncludeServiceLinkedRoles + +By default, service linked roles are excluded from the deletion process. This setting allows you to include them in the +deletion process now that AWS allows for them to be removed. + +Default is `false`. diff --git a/mkdocs.yml b/mkdocs.yml index 751996cd..10dd4ad7 100644 --- a/mkdocs.yml +++ b/mkdocs.yml @@ -92,6 +92,7 @@ nav: - Migration Guide: config-migration.md - Resources: - Cognito User Pool: resources/cognito-user-pool.md + - IAM Role: resources/iam-role.md - S3 Bucket: resources/s3-bucket.md - Development: - Overview: development.md From e73b2b156a4b4d729c321f6863b683bf10bfe6c3 Mon Sep 17 00:00:00 2001 From: Erik Kristensen Date: Mon, 30 Sep 2024 17:00:50 -0600 Subject: [PATCH 11/13] chore: fix lint violation --- resources/iam-role_mock_test.go | 1 - 1 file changed, 1 deletion(-) diff --git a/resources/iam-role_mock_test.go b/resources/iam-role_mock_test.go index 26a0b873..28660c51 100644 --- a/resources/iam-role_mock_test.go +++ b/resources/iam-role_mock_test.go @@ -72,7 +72,6 @@ func Test_Mock_IAMRole_List(t *testing.T) { err = iamRole.Filter() a.Nil(err) - } func Test_Mock_IAMRole_Remove(t *testing.T) { From aee3915e0955e26bdd80ff0e8e01a1251b1a1bc8 Mon Sep 17 00:00:00 2001 From: Erik Kristensen Date: Mon, 30 Sep 2024 18:07:28 -0600 Subject: [PATCH 12/13] feat(cloudwatchevents-rule): add pagination support --- resources/cloudwatchevents-rule.go | 41 +++++++++++++++++++----------- 1 file changed, 26 insertions(+), 15 deletions(-) diff --git a/resources/cloudwatchevents-rule.go b/resources/cloudwatchevents-rule.go index 8ff7fceb..1fb58345 100644 --- a/resources/cloudwatchevents-rule.go +++ b/resources/cloudwatchevents-rule.go @@ -28,33 +28,44 @@ type CloudWatchEventsRuleLister struct{} func (l *CloudWatchEventsRuleLister) List(_ context.Context, o interface{}) ([]resource.Resource, error) { opts := o.(*nuke.ListerOpts) + var resources []resource.Resource svc := cloudwatchevents.New(opts.Session) - resp, err := svc.ListEventBuses(nil) - if err != nil { - return nil, err - } + params := &cloudwatchevents.ListEventBusesInput{} - resources := make([]resource.Resource, 0) - for _, bus := range resp.EventBuses { - resp, err := svc.ListRules(&cloudwatchevents.ListRulesInput{ - EventBusName: bus.Name, - }) + for { + resp, err := svc.ListEventBuses(params) if err != nil { return nil, err } - for _, rule := range resp.Rules { - resources = append(resources, &CloudWatchEventsRule{ - svc: svc, - Name: rule.Name, - ARN: rule.Arn, - State: rule.State, + for _, bus := range resp.EventBuses { + resp, err := svc.ListRules(&cloudwatchevents.ListRulesInput{ EventBusName: bus.Name, }) + if err != nil { + return nil, err + } + + for _, rule := range resp.Rules { + resources = append(resources, &CloudWatchEventsRule{ + svc: svc, + Name: rule.Name, + ARN: rule.Arn, + State: rule.State, + EventBusName: bus.Name, + }) + } + } + + if resp.NextToken == nil { + break } + + params.NextToken = resp.NextToken } + return resources, nil } From dbbe47463088201e2ae8599f7586e871c8c90f36 Mon Sep 17 00:00:00 2001 From: Erik Kristensen Date: Mon, 30 Sep 2024 18:40:33 -0600 Subject: [PATCH 13/13] feat(iam-role-policy): filter out sso managed policies --- resources/iam-role-policy.go | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/resources/iam-role-policy.go b/resources/iam-role-policy.go index 0d80e7e3..9a2345b4 100644 --- a/resources/iam-role-policy.go +++ b/resources/iam-role-policy.go @@ -2,7 +2,6 @@ package resources import ( "context" - "fmt" "strings" @@ -41,6 +40,9 @@ func (e *IAMRolePolicy) Filter() error { if strings.HasPrefix(e.rolePath, "/aws-service-role/") { return fmt.Errorf("cannot alter service roles") } + if strings.HasPrefix(e.rolePath, "/aws-reserved/sso.amazonaws.com/") { + return fmt.Errorf("cannot alter sso roles") + } return nil }