implemented vpc lattice api (gruntwork-io#706)

Israelistic · May 23, 2024 · 298fb3e · 298fb3e
1 parent 40df16f
commit 298fb3e
Show file tree

Hide file tree

Showing 14 changed files with 691 additions and 0 deletions.
diff --git a/README.md b/README.md
@@ -104,6 +104,9 @@ Cloud-nuke suppports 🔎 inspecting and 🔥💀 deleting the following AWS res
 | NetworkFirewall         | Network Firewall Rule Group                              |
 | NetworkFirewall         | Network Firewall TLS inspection configuration            |
 | NetworkFirewall         | Network Firewall Resource Policy 						             |
+| VPCLattice         			| VPC Lattice Service							 						             |
+| VPCLattice         			| VPC Lattice Service Network			 						             |
+| VPCLattice         			| VPC Lattice Target Group    		 						             |
 
 > **WARNING:** The RDS APIs also interact with neptune and document db resources.
 > Running `cloud-nuke aws --resource-type rds` without a config file will remove any neptune and document db resources
@@ -627,6 +630,10 @@ of the file that are supported are listed here.
 | network-firewall-rule-group | NetworkFirewallRuleGroup     | ✅ (Firewall Rule group name)   			  | ✅ (First Seen Tag Time)             | ✅    |    ❌   |
 | network-firewall-tls-config | NetworkFirewallTLSConfig     | ✅ (Firewall TLS config name)   			  | ✅ (First Seen Tag Time)             | ✅    |    ❌   |
 | network-firewall-resource-policy | NetworkFirewallResourcePolicy     | ✅ (Firewall Resource Policy ARN)   			  |  ❌             |  ❌    |    ❌   |
+| vpc-lattice-service				  | VPCLatticeService 			     | ✅ (VPC Lattice service ARN)   			  |  (Creation Time) 											|  ❌   |    ✅ 	|
+| vpc-lattice-service-network | VPCLatticeServiceNetwork     | ✅ (VPC Lattice service network ARN)   |  (Creation Time) 											|  ❌   |    ✅ 	|
+| vpc-lattice-target-group 		| VPCLatticeTargetGroup   		 | ✅ (VPC Lattice target group ARN)   		|  (Creation Time) 											|  ❌   |    ✅ 	|
+
 
 
 ### Resource Deletion and 'IsNukable' Check Option

diff --git a/aws/resource_registry.go b/aws/resource_registry.go
@@ -141,6 +141,9 @@ func getRegisteredRegionalResources() []AwsResource {
 		&resources.NetworkFirewallRuleGroup{},
 		&resources.NetworkFirewallTLSConfig{},
 		&resources.NetworkFirewallResourcePolicy{},
+		&resources.VPCLatticeServiceNetwork{},
+		&resources.VPCLatticeService{},
+		&resources.VPCLatticeTargetGroup{},
 	}
 }
 

diff --git a/aws/resources/vpc_lattice_service.go b/aws/resources/vpc_lattice_service.go
@@ -0,0 +1,68 @@
+package resources
+
+import (
+	"context"
+
+	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/service/vpclattice"
+	"github.com/gruntwork-io/cloud-nuke/config"
+	"github.com/gruntwork-io/cloud-nuke/logging"
+	"github.com/gruntwork-io/cloud-nuke/report"
+	"github.com/gruntwork-io/go-commons/errors"
+)
+
+func (network *VPCLatticeService) getAll(_ context.Context, configObj config.Config) ([]*string, error) {
+	output, err := network.Client.ListServicesWithContext(network.Context, nil)
+	if err != nil {
+		return nil, errors.WithStackTrace(err)
+	}
+
+	var ids []*string
+	for _, item := range output.Items {
+
+		if configObj.VPCLatticeService.ShouldInclude(config.ResourceValue{
+			Name: item.Name,
+			Time: item.CreatedAt,
+		}) {
+			ids = append(ids, item.Arn)
+		}
+	}
+
+	return ids, nil
+}
+
+func (network *VPCLatticeService) nukeAll(identifiers []*string) error {
+	if len(identifiers) == 0 {
+		logging.Debugf("No %s to nuke in region %s", network.ResourceServiceName(), network.Region)
+		return nil
+
+	}
+
+	logging.Debugf("Deleting all %s in region %s", network.ResourceServiceName(), network.Region)
+
+	deletedCount := 0
+	for _, id := range identifiers {
+
+		_, err := network.Client.DeleteServiceWithContext(network.Context, &vpclattice.DeleteServiceInput{
+			ServiceIdentifier: id,
+		})
+
+		// Record status of this resource
+		e := report.Entry{
+			Identifier:   aws.StringValue(id),
+			ResourceType: network.ResourceServiceName(),
+			Error:        err,
+		}
+		report.Record(e)
+
+		if err != nil {
+			logging.Debugf("[Failed] %s", err)
+		} else {
+			deletedCount++
+			logging.Debugf("Deleted %s: %s", network.ResourceServiceName(), aws.StringValue(id))
+		}
+	}
+
+	logging.Debugf("[OK] %d %s(s) terminated in %s", deletedCount, network.ResourceServiceName(), network.Region)
+	return nil
+}
diff --git a/aws/resources/vpc_lattice_service_network.go b/aws/resources/vpc_lattice_service_network.go
@@ -0,0 +1,68 @@
+package resources
+
+import (
+	"context"
+
+	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/service/vpclattice"
+	"github.com/gruntwork-io/cloud-nuke/config"
+	"github.com/gruntwork-io/cloud-nuke/logging"
+	"github.com/gruntwork-io/cloud-nuke/report"
+	"github.com/gruntwork-io/go-commons/errors"
+)
+
+func (network *VPCLatticeServiceNetwork) getAll(_ context.Context, configObj config.Config) ([]*string, error) {
+	output, err := network.Client.ListServiceNetworksWithContext(network.Context, nil)
+	if err != nil {
+		return nil, errors.WithStackTrace(err)
+	}
+
+	var ids []*string
+	for _, item := range output.Items {
+
+		if configObj.VPCLatticeServiceNetwork.ShouldInclude(config.ResourceValue{
+			Name: item.Name,
+			Time: item.CreatedAt,
+		}) {
+			ids = append(ids, item.Arn)
+		}
+	}
+
+	return ids, nil
+}
+
+func (network *VPCLatticeServiceNetwork) nukeAll(identifiers []*string) error {
+	if len(identifiers) == 0 {
+		logging.Debugf("No %s to nuke in region %s", network.ResourceServiceName(), network.Region)
+		return nil
+
+	}
+
+	logging.Debugf("Deleting all %s in region %s", network.ResourceServiceName(), network.Region)
+
+	deletedCount := 0
+	for _, id := range identifiers {
+
+		_, err := network.Client.DeleteServiceNetworkWithContext(network.Context, &vpclattice.DeleteServiceNetworkInput{
+			ServiceNetworkIdentifier: id,
+		})
+
+		// Record status of this resource
+		e := report.Entry{
+			Identifier:   aws.StringValue(id),
+			ResourceType: network.ResourceServiceName(),
+			Error:        err,
+		}
+		report.Record(e)
+
+		if err != nil {
+			logging.Debugf("[Failed] %s", err)
+		} else {
+			deletedCount++
+			logging.Debugf("Deleted %s: %s", network.ResourceServiceName(), aws.StringValue(id))
+		}
+	}
+
+	logging.Debugf("[OK] %d %s(s) terminated in %s", deletedCount, network.ResourceServiceName(), network.Region)
+	return nil
+}
diff --git a/aws/resources/vpc_lattice_service_network_test.go b/aws/resources/vpc_lattice_service_network_test.go
@@ -0,0 +1,108 @@
+package resources_test
+
+import (
+	"context"
+	"regexp"
+	"testing"
+	"time"
+
+	"github.com/aws/aws-sdk-go/aws"
+	awsgo "github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/aws/request"
+	"github.com/aws/aws-sdk-go/service/vpclattice"
+	"github.com/aws/aws-sdk-go/service/vpclattice/vpclatticeiface"
+	"github.com/gruntwork-io/cloud-nuke/aws/resources"
+	"github.com/gruntwork-io/cloud-nuke/config"
+	"github.com/gruntwork-io/cloud-nuke/util"
+	"github.com/stretchr/testify/require"
+)
+
+type mockedVPCLatticeServiceNetwork struct {
+	vpclatticeiface.VPCLatticeAPI
+	DeleteServiceNetworkOutput vpclattice.DeleteServiceNetworkOutput
+	ListServiceNetworksOutput  vpclattice.ListServiceNetworksOutput
+}
+
+func (m mockedVPCLatticeServiceNetwork) ListServiceNetworksWithContext(aws.Context, *vpclattice.ListServiceNetworksInput, ...request.Option) (*vpclattice.ListServiceNetworksOutput, error) {
+	return &m.ListServiceNetworksOutput, nil
+}
+
+func (m mockedVPCLatticeServiceNetwork) DeleteServiceNetworkWithContext(aws.Context, *vpclattice.DeleteServiceNetworkInput, ...request.Option) (*vpclattice.DeleteServiceNetworkOutput, error) {
+	return &m.DeleteServiceNetworkOutput, nil
+}
+
+func TestVPCLatticeServiceNetwork_GetAll(t *testing.T) {
+
+	t.Parallel()
+
+	var (
+		id1 = "aws-nuke-test-" + util.UniqueID()
+		id2 = "aws-nuke-test-" + util.UniqueID()
+		now = time.Now()
+	)
+
+	obj := resources.VPCLatticeServiceNetwork{
+		Client: mockedVPCLatticeServiceNetwork{
+			ListServiceNetworksOutput: vpclattice.ListServiceNetworksOutput{
+				Items: []*vpclattice.ServiceNetworkSummary{
+					{
+						Arn:       awsgo.String(id1),
+						Name:      awsgo.String(id1),
+						CreatedAt: aws.Time(now),
+					}, {
+						Arn:       awsgo.String(id2),
+						Name:      awsgo.String(id2),
+						CreatedAt: aws.Time(now.Add(1 * time.Hour)),
+					},
+				},
+			},
+		},
+	}
+
+	tests := map[string]struct {
+		configObj config.ResourceType
+		expected  []string
+	}{
+		"emptyFilter": {
+			configObj: config.ResourceType{},
+			expected:  []string{id1, id2},
+		},
+		"nameExclusionFilter": {
+			configObj: config.ResourceType{
+				ExcludeRule: config.FilterRule{
+					NamesRegExp: []config.Expression{{
+						RE: *regexp.MustCompile(id2),
+					}}},
+			},
+			expected: []string{id1},
+		},
+		"timeAfterExclusionFilter": {
+			configObj: config.ResourceType{
+				ExcludeRule: config.FilterRule{
+					TimeAfter: awsgo.Time(now),
+				}},
+			expected: []string{id1},
+		},
+	}
+	for name, tc := range tests {
+		t.Run(name, func(t *testing.T) {
+			names, err := obj.GetAndSetIdentifiers(context.Background(), config.Config{
+				VPCLatticeServiceNetwork: tc.configObj,
+			})
+			require.NoError(t, err)
+			require.Equal(t, tc.expected, names)
+		})
+	}
+}
+
+func TestVPCLatticeServiceNetwork__NukeAll(t *testing.T) {
+	t.Parallel()
+
+	obj := resources.VPCLatticeServiceNetwork{
+		Client: mockedVPCLatticeServiceNetwork{
+			ListServiceNetworksOutput: vpclattice.ListServiceNetworksOutput{},
+		},
+	}
+	err := obj.Nuke([]string{"test"})
+	require.NoError(t, err)
+}
diff --git a/aws/resources/vpc_lattice_service_network_types.go b/aws/resources/vpc_lattice_service_network_types.go
@@ -0,0 +1,64 @@
+package resources
+
+import (
+	"context"
+
+	awsgo "github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/aws/session"
+	"github.com/aws/aws-sdk-go/service/vpclattice"
+	"github.com/aws/aws-sdk-go/service/vpclattice/vpclatticeiface"
+	"github.com/gruntwork-io/cloud-nuke/config"
+	"github.com/gruntwork-io/go-commons/errors"
+)
+
+type VPCLatticeServiceNetwork struct {
+	BaseAwsResource
+	Client vpclatticeiface.VPCLatticeAPI
+	Region string
+	ARNs   []string
+}
+
+func (n *VPCLatticeServiceNetwork) Init(session *session.Session) {
+	n.Client = vpclattice.New(session)
+}
+
+// ResourceName - the simple name of the aws resource
+func (n *VPCLatticeServiceNetwork) ResourceName() string {
+	return "vpc-lattice-service-network"
+}
+
+// ResourceIdentifiers - the arns of the aws certificate manager certificates
+func (n *VPCLatticeServiceNetwork) ResourceIdentifiers() []string {
+	return n.ARNs
+}
+
+func (n *VPCLatticeServiceNetwork) GetAndSetResourceConfig(configObj config.Config) config.ResourceType {
+	return configObj.VPCLatticeServiceNetwork
+}
+
+func (n *VPCLatticeServiceNetwork) ResourceServiceName() string {
+	return "VPC Lattice Service Network"
+}
+
+func (n *VPCLatticeServiceNetwork) MaxBatchSize() int {
+	return maxBatchSize
+}
+
+func (n *VPCLatticeServiceNetwork) GetAndSetIdentifiers(c context.Context, configObj config.Config) ([]string, error) {
+	identifiers, err := n.getAll(c, configObj)
+	if err != nil {
+		return nil, err
+	}
+
+	n.ARNs = awsgo.StringValueSlice(identifiers)
+	return n.ARNs, nil
+}
+
+// Nuke - nuke 'em all!!!
+func (n *VPCLatticeServiceNetwork) Nuke(arns []string) error {
+	if err := n.nukeAll(awsgo.StringSlice(arns)); err != nil {
+		return errors.WithStackTrace(err)
+	}
+
+	return nil
+}