search

gruntwork-io / cloud-nuke

A tool for cleaning up your cloud accounts by nuking (deleting) all resources within it
https://gruntwork.io/
MIT License
2.81k stars 358 forks source link

panic when removing API GW stage certyficate (no custom domain) #739

Closed wakeful closed 4 months ago

wakeful commented 4 months ago

how to reproduce

create an API REST Gateway with new method and stage, when we use the default AWS provided certificate (no custom domain) an nil pointer is being added to the clientCerts slice.

stack trace

 go run main.go aws --region eu-west-1

# AWS Resource Query Parameters
┌─────────────────────────────────────────────────────────────────────┐
| Query Parameter         | Value                                     |
| ------------------------------------------------------------------- |
| Target Regions          | eu-west-1                                 |
| Target Resource Types   | 106 resource types (too many to list all) |
| List Unaliased KMS Keys | false                                     |
└─────────────────────────────────────────────────────────────────────┘

 INFO  Found 1 apigateway resources in eu-west-1
 INFO  Done searching for resources
 INFO  Found total of 1 resources

# Found AWS Resources

┌───────────────────────────────────────────────────────────────────────────────────────┐
| Resource Type       | Region    | Identifier                                | Nukable |
| ------------------------------------------------------------------------------------- |
| apigateway          | eu-west-1 | 9xz8eitv8g                                | -       |
| cloudwatch-loggroup | eu-west-1 | /aws/apigateway/welcome                   | -       |
| cloudwatch-loggroup | eu-west-1 | API-Gateway-Execution-Logs_9xz8eitv8g/dev | -       |
└───────────────────────────────────────────────────────────────────────────────────────┘

INFO The --force flag is set, so waiting for 10 seconds before proceeding to nuke everything in your account. If you don't want to proceed, hit CTRL+C now!!

10...9...8...7...6...5...4...3...2...1...

[0/3] 0% | 0s

panic: runtime error: invalid memory address or nil pointer dereference

[signal SIGSEGV: segmentation violation code=0x1 addr=0x0 pc=0x2112445]

goroutine 642 [running]:

github.com/gruntwork-io/cloud-nuke/aws/resources.(*ApiGateway).removeAttachedClientCertificates(0xc0006df140, {0xc0007ec760, 0x2, 0xc0007be638?})

/home/circleci/project/aws/resources/apigateway.go:93 +0x65

github.com/gruntwork-io/cloud-nuke/aws/resources.(*ApiGateway).nukeAsync(0xc0006df140, 0x700125?, 0x63cae7?, 0xc0005baef0)

/home/circleci/project/aws/resources/apigateway.go:116 +0x115

created by github.com/gruntwork-io/cloud-nuke/aws/resources.(*ApiGateway).nukeAll in goroutine 1

/home/circleci/project/aws/resources/apigateway.go:53 +0x17f

Nuking batch of 1 apigateway resource(s) in eu-west-1 [0/3] 0% | 0s

Error: Process completed with exit code 2.

Expected behaviour

we should skip items when the ClientCertificateId is nil