config

package
v0.21.4 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Nov 13, 2024 License: MIT Imports: 9 Imported by: 10

Documentation

Overview

Package config provides the configuration for libnuke. It contains the configuration for all the accounts, regions, and resource types. It also contains the presets that can be used to apply a set of filters to a nuke process. The configuration is loaded from a YAML file and is meant to be used by the implementing tool. Use of the configuration is not required but is recommended. The configuration can be implemented a specific way for each tool providing it has the necessary methods available.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type Account

type Account struct {
	// Filters is a collection of filters that are to be included during the nuke process for the specific account.
	Filters filter.Filters `yaml:"filters"`

	// ResourceTypes is a collection of resource types that are to be included or excluded from the nuke process for
	// the specific account.
	ResourceTypes ResourceTypes `yaml:"resource-types"`

	// Presets is a list of presets that are to be used for the specific account configuration. The presets are
	// defined in the top level Presets field.
	Presets []string `yaml:"presets"`
}

Account is a collection of filters and resource types that are to be included or excluded from the nuke process. While the word Account is used, it is not limited to AWS accounts. It can be used for any type of grouping of resources. For example, you could have an account for your AWS account, another for your GCP project, and another for your Azure tenant. It's tool implementation dependent.

type Config

type Config struct {
	// Blocklist is a list of IDs that are to be excluded from the nuke process. In this case account is a generic term.
	// It can represent an AWS account, a GCP project, or an Azure tenant.
	Blocklist []string `yaml:"blocklist"`

	// Regions is a list of regions that are to be included during the nuke process. Region is fairly generic, it can
	// be an AWS region, a GCP region, or an Azure region, or any other region that is supported by the implementing
	// tool.
	Regions []string `yaml:"regions"`

	// Accounts is a map of accounts that are configured a certain way. Account is fairly generic, it can be an AWS
	// account, a GCP project, or an Azure tenant, or any other account that is supported by the implementing tool.
	Accounts map[string]*Account `yaml:"accounts"`

	// ResourceTypes is a collection of resource types that are to be included or excluded from the nuke process.
	ResourceTypes ResourceTypes `yaml:"resource-types"`

	// Presets is a list of presets that are to be used for the configuration. These are global presets that can be used
	// by any account. A Preset can also be defined at the account leve.
	Presets map[string]Preset `yaml:"presets"`

	// Settings is a collection of resource level settings that are to be used by the resource during the nuke process.
	// Resources define their own settings and this allows those settings to be defined in the configuration. The
	// appropriate settings are then passed to the appropriate resource during the nuke process.
	Settings *settings.Settings `yaml:"settings"`

	// Deprecations is a map of deprecated resource types to their replacements. This is passed in as part of the
	// configuration due to the fact the configuration has to resolve the filters in the presets to from any deprecated
	// resource types to their replacements. It cannot be imported from YAML, instead has to be configured post parsing.
	Deprecations map[string]string `yaml:"-"`

	// Log is the logrus entry to use for logging. It cannot be imported from YAML.
	Log *logrus.Entry `yaml:"-"`

	// Deprecated: Use Blocklist instead. Will remove in 4.x
	AccountBlacklist []string `yaml:"account-blacklist"`

	// Deprecated: Use Blocklist instead. Will remove in 4.x
	AccountBlocklist []string `yaml:"account-blocklist"`
}

Config is the configuration for libnuke. It contains the configuration for all the accounts, regions, and resource types. It also contains the presets that can be used to apply a set of filters to a nuke process.

func New

func New(opts Options) (*Config, error)

New creates a new configuration from a file.

func (*Config) Filters

func (c *Config) Filters(accountID string) (filter.Filters, error)

Filters resolves all the filters and preset definitions into one set of filters

func (*Config) HasBlocklist

func (c *Config) HasBlocklist() bool

HasBlocklist returns true if the blocklist is not empty.

func (*Config) InBlocklist

func (c *Config) InBlocklist(searchID string) bool

InBlocklist returns true if the searchID is in the blocklist.

func (*Config) Load

func (c *Config) Load(path string) error

Load loads a configuration from a file and parses it into a Config struct.

func (*Config) ResolveBlocklist

func (c *Config) ResolveBlocklist() []string

ResolveBlocklist returns the blocklist to use to prevent action against the account. In this case account is a generic term. It can represent an AWS account, a GCP project, or an Azure tenant.

func (*Config) ResolveDeprecations

func (c *Config) ResolveDeprecations() error

ResolveDeprecations resolves any Deprecations in the configuration. This is done after the configuration has been parsed. It loops through all the accounts and their filters and replaces any deprecated resource types with the new resource type.

func (*Config) ValidateAccount

func (c *Config) ValidateAccount(accountID string) error

ValidateAccount checks the validity of the configuration that's been parsed

type IConfig

type IConfig interface {
	SetLog(log *logrus.Entry)
	ResolveBlocklist() []string
	HasBlocklist() bool
	InBlocklist(searchID string) bool
	Validate(accountID string) error
	Filters(accountID string) (filter.Filters, error)
	SetDeprecations(deprecations map[string]string)
	ResolveDeprecations() error
}

IConfig is the interface for the config package. It is used to define the methods that are required for the configuration to be used by libnuke. If you are implementing a tool that uses libnuke then you will need to implement this interface for your configuration or use the build in config package.

type Options

type Options struct {
	// Path to the config file
	Path string

	// Log is the logrus entry to use for logging
	Log *logrus.Entry

	// Deprecations is a map of deprecated resource types to their replacements.
	Deprecations map[string]string

	// NoResolveBlacklist will prevent the blocklist from being resolved. This is useful for tools that want to
	// implement their own blocklist. Advanced use only, typically for unit tests.
	NoResolveBlacklist bool

	// NoResolveDeprecations will prevent the Deprecations from being resolved. This is useful for tools that want to
	// implement their own Deprecations. Advanced used only, typically for unit tests.
	NoResolveDeprecations bool
}

Options are the options for creating a new configuration.

type Preset

type Preset struct {
	Filters filter.Filters `yaml:"filters"`
}

Preset is a collection of filters that are to be included during the nuke process.

type ResourceTypes

type ResourceTypes struct {
	// Includes is a list of resource types that are to be included during the nuke process. If a resource type is
	// listed in both the Includes and Excludes fields then the Excludes field will take precedence.
	Includes types.Collection `yaml:"includes"`

	// Excludes is a list of resource types that are to be excluded during the nuke process. If a resource type is
	// listed in both the Includes and Excludes fields then the Excludes field will take precedence.
	Excludes types.Collection `yaml:"excludes"`

	// Alternatives is a list of resource types that are to be used instead of the default resource. The primary use
	// case for this is AWS Cloud Control API resources. If a resource has been registered with the Cloud Control API
	// then we want to use that resource instead of the default resource. This is a Resource level alternative, not
	// a resource instance (i.e. all resources of this type will use the alternative resource, not just the resources
	// that are associated with the alternative resource).
	Alternatives types.Collection `yaml:"alternatives"`

	// Targets is a list of resource types that are to be included during the nuke process. If a resource type is
	// listed in both the Targets and Excludes fields then the Excludes field will take precedence.
	// Deprecated: Use Includes instead.
	Targets types.Collection `yaml:"targets"`

	// CloudControl is a list of resource types that are to be used with the Cloud Control API. This is a Resource
	// level alternative. This was left in place to make the transition to libnuke and ekristen/aws-nuke@v3 easier
	// for existing users.
	// Deprecated: Use Alternatives instead.
	CloudControl types.Collection `yaml:"cloud-control"`
}

ResourceTypes is a collection of resource types that are to be included or excluded from the nuke process. The Includes and Excludes fields are mutually exclusive. If a resource type is listed in both the Includes and Excludes fields then the Excludes field will take precedence. Additionally, the Alternatives field is a list of resource types that are to be used instead of the default resource. The primary use case for this is AWS Cloud Control API resources.

func (*ResourceTypes) GetAlternatives

func (r *ResourceTypes) GetAlternatives() types.Collection

GetAlternatives returns the combined list of cloud control and alternatives. This is left over from the AWS Nuke tool and is deprecated. It was left to make the transition to the library and ekristen/aws-nuke@v3 easier for existing users. This will be removed in 4.x of ekristen/aws-nuke.

func (*ResourceTypes) GetIncludes

func (r *ResourceTypes) GetIncludes() types.Collection

GetIncludes returns the combined list of includes and targets. This is left over from the AWS Nuke tool and is deprecated. It was left to make the transition to the library and ekristen/aws-nuke@v3 easier for existing users. This will be removed in 4.x of ekristen/aws-nuke.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL