Skip to content

Commit

Permalink
fix: fixes, rewrites and all things to make things work
Browse files Browse the repository at this point in the history
  • Loading branch information
@ekristen
ekristen committed Mar 27, 2024
1 parent 40fa2e0 commit ba518d0
Show file tree
Hide file tree
Showing 43 changed files with 524 additions and 354 deletions.
4 changes: 2 additions & 2 deletions go.mod
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,8 @@ require (
github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/recoveryservices/armrecoveryservicesbackup v1.0.0
github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/security/armsecurity v0.11.0
github.com/Azure/go-autorest/autorest/to v0.4.0
github.com/ekristen/libnuke v0.12.0
github.com/ekristen/libnuke v0.12.1-0.20240326234901-fabc1a06d086
github.com/fatih/color v1.16.0
github.com/gotidy/ptr v1.4.0
github.com/hashicorp/go-azure-helpers v0.66.1
github.com/hashicorp/go-azure-sdk v0.20240125.1100331
Expand All @@ -34,7 +35,6 @@ require (
github.com/apparentlymart/go-textseg/v13 v13.0.0 // indirect
github.com/cpuguy83/go-md2man/v2 v2.0.0 // indirect
github.com/davecgh/go-spew v1.1.1 // indirect
github.com/fatih/color v1.16.0 // indirect
github.com/gofrs/uuid v4.2.0+incompatible // indirect
github.com/golang-jwt/jwt/v4 v4.5.0 // indirect
github.com/golang/protobuf v1.5.2 // indirect
Expand Down
9 changes: 3 additions & 6 deletions go.sum
View file
Original file line number Diff line number Diff line change
Expand Up @@ -76,10 +76,8 @@ github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c
github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
github.com/dnaeon/go-vcr v1.2.0 h1:zHCHvJYTMh1N7xnV7zf1m1GPBF9Ad0Jk/whtQ1663qI=
github.com/dnaeon/go-vcr v1.2.0/go.mod h1:R4UdLID7HZT3taECzJs4YgbbH6PIGXB6W/sc5OLb6RQ=
github.com/ekristen/libnuke v0.6.0 h1:VsNkdrprFfbFSsJnwQEynzww7JWR/icKox/sso7ucT0=
github.com/ekristen/libnuke v0.6.0/go.mod h1:WhYx7LDAkvkXwwfhWCASRn7fbifF8kfyhNsUj5zCCVs=
github.com/ekristen/libnuke v0.12.0 h1:Dsk+ckT9sh9QZTLq5m8kOA1KFJGJxSv0TLnfe3YeL1o=
github.com/ekristen/libnuke v0.12.0/go.mod h1:sBdA04l9IMMejQw5gO9k6o/a0GffSYhgZYaUSdRjIac=
github.com/ekristen/libnuke v0.12.1-0.20240326234901-fabc1a06d086 h1:fmTVIbAlYWmN8AyBfk6hBiPMZ7iUsxtUwJ6mnBDf0SU=
github.com/ekristen/libnuke v0.12.1-0.20240326234901-fabc1a06d086/go.mod h1:sBdA04l9IMMejQw5gO9k6o/a0GffSYhgZYaUSdRjIac=
github.com/emirpasic/gods v1.12.0/go.mod h1:YfzfFFoVP/catgzJb4IKIqXjX78Ha8FMSDh3ymbK86o=
github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
Expand Down Expand Up @@ -282,8 +280,7 @@ github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/
github.com/stretchr/testify v1.7.2/go.mod h1:R6va5+xMeoiuVRoj+gSkQ7d3FALtqAAGI1FQKckRals=
github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
github.com/stretchr/testify v1.8.2/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk=
github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg=
github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
github.com/urfave/cli/v2 v2.3.0 h1:qph92Y649prgesehzOrQjdWyxFOp/QVM+6imKHad91M=
github.com/urfave/cli/v2 v2.3.0/go.mod h1:LJmUH05zAU44vOAcrfzZQKsZbVcdbOG8rtL3/XcUArI=
Expand Down
11 changes: 8 additions & 3 deletions pkg/azure/auth.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,15 +2,20 @@ package azure

import (
"context"
"os"

"github.com/sirupsen/logrus"

"github.com/Azure/azure-sdk-for-go/sdk/azidentity"

"github.com/hashicorp/go-azure-sdk/sdk/auth"
"github.com/hashicorp/go-azure-sdk/sdk/auth/autorest"
"github.com/hashicorp/go-azure-sdk/sdk/environments"
"github.com/sirupsen/logrus"
"os"
)

func ConfigureAuth(ctx context.Context, environment, tenantID, clientID, clientSecret, clientCertFile, clientFedTokenFile string) (*Authorizers, error) {
func ConfigureAuth(
ctx context.Context,
environment, tenantID, clientID, clientSecret, clientCertFile, clientFedTokenFile string) (*Authorizers, error) {
env, err := environments.FromName(environment)
if err != nil {
return nil, err
Expand Down
22 changes: 12 additions & 10 deletions pkg/azure/tenant.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,14 +3,14 @@ package azure
import (
"context"
"fmt"
"github.com/gotidy/ptr"
"slices"
"time"

"github.com/gotidy/ptr"
"github.com/sirupsen/logrus"

"github.com/Azure/azure-sdk-for-go/services/resources/mgmt/2019-05-01/resources"
"github.com/Azure/azure-sdk-for-go/services/subscription/mgmt/2020-09-01/subscription"
"github.com/Azure/azure-sdk-for-go/services/resources/mgmt/2019-05-01/resources" //nolint:staticcheck
"github.com/Azure/azure-sdk-for-go/services/subscription/mgmt/2020-09-01/subscription" //nolint:staticcheck
)

type Tenant struct {
Expand All @@ -24,7 +24,10 @@ type Tenant struct {
ResourceGroups map[string][]string
}

func NewTenant(pctx context.Context, authorizers *Authorizers, tenantId string, subscriptionIds []string, locations []string) (*Tenant, error) {
func NewTenant( //nolint:gocyclo
pctx context.Context, authorizers *Authorizers,
tenantID string, subscriptionIDs, regions []string,
) (*Tenant, error) {
ctx, cancel := context.WithTimeout(pctx, time.Second*15)
defer cancel()

Expand All @@ -33,7 +36,7 @@ func NewTenant(pctx context.Context, authorizers *Authorizers, tenantId string,

tenant := &Tenant{
Authorizers: authorizers,
ID: tenantId,
ID: tenantID,
TenantIds: make([]string, 0),
SubscriptionIds: make([]string, 0),
Locations: make(map[string][]string),
Expand Down Expand Up @@ -62,7 +65,7 @@ func NewTenant(pctx context.Context, authorizers *Authorizers, tenantId string,
return nil, err
}
for _, s := range list.Values() {
if len(subscriptionIds) > 0 && !slices.Contains(subscriptionIds, *s.SubscriptionID) {
if len(subscriptionIDs) > 0 && !slices.Contains(subscriptionIDs, *s.SubscriptionID) {
logrus.Warnf("skipping subscription id: %s (reason: not requested)", *s.SubscriptionID)
continue
}
Expand All @@ -74,23 +77,22 @@ func NewTenant(pctx context.Context, authorizers *Authorizers, tenantId string,
groupsClient := resources.NewGroupsClient(*s.SubscriptionID)
groupsClient.Authorizer = authorizers.Management

logrus.Info("configured locations", locations)
logrus.Debugf("configured regions: %v", regions)
for list, err := groupsClient.List(ctx, "", nil); list.NotDone(); err = list.NextWithContext(ctx) {
if err != nil {
return nil, err
}

for _, g := range list.Values() {
// If the location isn't in the list of locations we want to include, skip it
if !slices.Contains(locations, ptr.ToString(g.Location)) {
// If the region isn't in the list of regions we want to include, skip it
if !slices.Contains(regions, ptr.ToString(g.Location)) && !slices.Contains(regions, "all") {
continue
}

logrus.Debugf("resource group name: %s", *g.Name)
tenant.ResourceGroups[*s.SubscriptionID] = append(tenant.ResourceGroups[*s.SubscriptionID], *g.Name)
}
}

}
}

Expand Down
4 changes: 1 addition & 3 deletions pkg/commands/list/list.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -35,10 +35,8 @@ func execute(c *cli.Context) error {
c = color.FgHiGreen
} else if reg.Scope == nuke.Subscription {
c = color.FgHiBlue
} else if reg.Scope == nuke.Subscription {
} else if reg.Scope == nuke.ResourceGroup {
c = color.FgHiMagenta
} else {

}
color.New(c).Printf(fmt.Sprintf("%s\n", string(reg.Scope)))
}
Expand Down
69 changes: 57 additions & 12 deletions pkg/commands/nuke/command.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,6 @@ package nuke
import (
"context"
"fmt"
libscanner "github.com/ekristen/libnuke/pkg/scanner"
"log"
"slices"
"strings"
Expand All @@ -13,8 +12,10 @@ import (
"github.com/urfave/cli/v2"

libconfig "github.com/ekristen/libnuke/pkg/config"
"github.com/ekristen/libnuke/pkg/filter"
libnuke "github.com/ekristen/libnuke/pkg/nuke"
"github.com/ekristen/libnuke/pkg/registry"
libscanner "github.com/ekristen/libnuke/pkg/scanner"
"github.com/ekristen/libnuke/pkg/types"

"github.com/ekristen/azure-nuke/pkg/azure"
Expand All @@ -37,7 +38,7 @@ func (w *log2LogrusWriter) Write(b []byte) (int, error) {
return n, nil
}

func execute(c *cli.Context) error {
func execute(c *cli.Context) error { //nolint:funlen
ctx, cancel := context.WithCancel(c.Context)
defer cancel()

Expand Down Expand Up @@ -87,6 +88,18 @@ func execute(c *cli.Context) error {
return err
}

// Region Filters
if len(filters[filter.Global]) == 0 {
filters[filter.Global] = []filter.Filter{}
}
if !slices.Contains(parsedConfig.Regions, "all") {
filters[filter.Global] = append(filters[filter.Global], filter.Filter{
Property: "Location",
Type: filter.NotIn,
Values: parsedConfig.Regions,
})
}

n := libnuke.New(params, filters, parsedConfig.Settings)

n.SetRunSleep(5 * time.Second)
Expand Down Expand Up @@ -125,29 +138,60 @@ func execute(c *cli.Context) error {
nil,
)

if slices.Contains(parsedConfig.Regions, "global") {
if err := n.RegisterScanner(nuke.Tenant, libscanner.New("tenant/all", tenantResourceTypes, &nuke.ListerOpts{
rgResourceTypes := types.ResolveResourceTypes(
registry.GetNamesForScope(nuke.ResourceGroup),
[]types.Collection{
n.Parameters.Includes,
parsedConfig.ResourceTypes.GetIncludes(),
tenantConfig.ResourceTypes.GetIncludes(),
},
[]types.Collection{
n.Parameters.Excludes,
parsedConfig.ResourceTypes.Excludes,
tenantConfig.ResourceTypes.Excludes,
},
nil,
nil,
)

if slices.Contains(parsedConfig.Regions, "global") || slices.Contains(parsedConfig.Regions, "all") {
if err := n.RegisterScanner(nuke.Tenant, libscanner.New("tenant", tenantResourceTypes, &nuke.ListerOpts{
Authorizers: authorizers,
TenantId: tenant.ID,
TenantID: tenant.ID,
})); err != nil {
return err
}
}

logrus.Debug("registering scanner for tenant subscription resources")
for _, subscriptionId := range tenant.SubscriptionIds {
for _, subscriptionID := range tenant.SubscriptionIds {
logrus.Debug("registering scanner for subscription resources")
parts := strings.Split(subscriptionId, "-")
parts := strings.Split(subscriptionID, "-")
if err := n.RegisterScanner(nuke.Subscription, libscanner.New(fmt.Sprintf("sub/%s", parts[:1][0]), subResourceTypes, &nuke.ListerOpts{
Authorizers: tenant.Authorizers,
TenantId: tenant.ID,
SubscriptionId: subscriptionId,
Locations: parsedConfig.Regions,
TenantID: tenant.ID,
SubscriptionID: subscriptionID,
Regions: parsedConfig.Regions,
})); err != nil {
return err
}
}

for subscriptionID, resourceGroups := range tenant.ResourceGroups {
for _, rg := range resourceGroups {
logrus.Debug("registering scanner for resource group")
if err := n.RegisterScanner(nuke.ResourceGroup, libscanner.New(fmt.Sprintf("rg/%s", rg), rgResourceTypes, &nuke.ListerOpts{
Authorizers: tenant.Authorizers,
TenantID: tenant.ID,
SubscriptionID: subscriptionID,
ResourceGroup: rg,
Regions: parsedConfig.Regions,
})); err != nil {
return err
}
}
}

logrus.Debug("running ...")

return n.Run(c.Context)
Expand All @@ -169,8 +213,9 @@ func init() {
Usage: "exclude this specific resource (this overrides everything)",
},
&cli.BoolFlag{
Name: "quiet",
Usage: "hide filtered messages",
Name: "quiet",
Aliases: []string{"q"},
Usage: "hide filtered messages",
},
&cli.BoolFlag{
Name: "no-dry-run",
Expand Down
4 changes: 3 additions & 1 deletion pkg/config/config.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,8 +2,10 @@ package config

import (
"fmt"
"github.com/ekristen/libnuke/pkg/config"

"github.com/sirupsen/logrus"

"github.com/ekristen/libnuke/pkg/config"
)

// New creates a new extended configuration from a file. This is necessary because we are extended the default
Expand Down
10 changes: 6 additions & 4 deletions pkg/config/config_test.go
View file
Original file line number Diff line number Diff line change
@@ -1,14 +1,16 @@
package config

import (
"io"
"testing"

"github.com/sirupsen/logrus"
"github.com/stretchr/testify/assert"

libconfig "github.com/ekristen/libnuke/pkg/config"
"github.com/ekristen/libnuke/pkg/filter"
"github.com/ekristen/libnuke/pkg/settings"
"github.com/ekristen/libnuke/pkg/types"
"github.com/sirupsen/logrus"
"github.com/stretchr/testify/assert"
"io"
"testing"
)

func TestLoadExampleConfig(t *testing.T) {
Expand Down
24 changes: 20 additions & 4 deletions pkg/nuke/resource.go
View file
Original file line number Diff line number Diff line change
@@ -1,8 +1,11 @@
package nuke

import (
"github.com/ekristen/azure-nuke/pkg/azure"
"regexp"

"github.com/ekristen/libnuke/pkg/registry"

"github.com/ekristen/azure-nuke/pkg/azure"
)

const (
Expand All @@ -11,10 +14,23 @@ const (
ResourceGroup registry.Scope = "resource-group"
)

var (
ResourceGroupRegex = regexp.MustCompile(`/resourceGroups/([^/]+)`)
)

type ListerOpts struct {
Authorizers *azure.Authorizers
TenantId string
SubscriptionId string
TenantID string
SubscriptionID string
ResourceGroup string
Locations []string
Regions []string
}

func GetResourceGroupFromID(id string) *string {
matches := ResourceGroupRegex.FindStringSubmatch(id)
if len(matches) == 2 {
return &matches[1]
}

return nil
}
12 changes: 7 additions & 5 deletions resources/aad-group.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,7 @@ type AzureAdGroupLister struct {
func (l AzureAdGroupLister) List(_ context.Context, o interface{}) ([]resource.Resource, error) {
opts := o.(*nuke.ListerOpts)

log := logrus.WithField("r", AzureAdGroupResource).WithField("s", opts.SubscriptionId)
log := logrus.WithField("r", AzureAdGroupResource).WithField("s", opts.SubscriptionID)

client := msgraph.NewGroupsClient()
client.BaseClient.Authorizer = opts.Authorizers.MicrosoftGraph
Expand All @@ -43,18 +43,20 @@ func (l AzureAdGroupLister) List(_ context.Context, o interface{}) ([]resource.R

ctx := context.Background()

groups, _, err := client.List(ctx, odata.Query{})
entities, _, err := client.List(ctx, odata.Query{})
if err != nil {
return nil, err
}

log.Trace("listing resources")

for _, group := range *groups {
for i := range *entities {
entity := &(*entities)[i]

resources = append(resources, &AzureAdGroup{
client: client,
id: group.ID(),
name: group.DisplayName,
id: entity.ID(),
name: entity.DisplayName,
})
}

Expand Down
Loading

0 comments on commit ba518d0

Please sign in to comment.