search

ekristen / libnuke

Common Golang Packages for use by the Various Cloud Nuke Tools
MIT License
22 stars 3 forks source link

Feature: Support Global Filters #25

Closed ekristen closed 7 months ago

ekristen commented 7 months ago

It would be nice to allow for a global filter to be define that is merged into all filters.

Global would be overwritten by local if there's a conflict.

References

YuriGal commented 7 months ago

Wow that was fast, cool!

This filter will be generic, not just for tags, correct? E.g. if we want to filter any resource with "controltower" or "sso" in their names something like this

filters:
  *:
    - property: 'Name'
      type: 'regex'
      value: '(?i:sso|controltower)'

would work?

ekristen commented 7 months ago

I've been working on my own fork of aws-nuke for a while and rewriting it for a couple months to make additions like this easier to do. It just so happens I've been working on this specific thing for a little while now trying to find the most intuitive way to implement.

Correct, the syntax I'm working on is the following

filters:
  __global__:
    - property: Name
      type: regex
      value: '(?i:sso|controltower)'

  TestResource:
    - property: tag:testing
      value: test

would result in 

filters:
  TestResource:
    - property: Name
      type: regex
      value: '(?i:sso|controltower)'
    - property: tag:testing
      value: test

The filters get appended not a true merge because it's a list, so the global will be added to the front of the filters for the resource, then any specific Resource Filters will get appended to the list. The filters are AND together, so if any of them match, it's filtered.

Side Note: I'm also working on Filter Groups. This will allow you to add a group property to the filter definition. Groups will be OR'd, while filters in the group are AND'd. If group is omitted it's just in the default group and all AND'd together. This would allow for some more complex filtering to take place.