From 9932a403c10d8d88f201beb8b30fa64252809096 Mon Sep 17 00:00:00 2001 From: Suleman Sohail Date: Sun, 7 May 2023 16:22:19 +0500 Subject: [PATCH 1/9] Added Deletion protection disable feature in cognito user-pool --- pkg/config/config.go | 1 + resources/cognito-userpools.go | 41 ++++++++++++++++++++++++++++++++++ 2 files changed, 42 insertions(+) diff --git a/pkg/config/config.go b/pkg/config/config.go index 564b2573..0aea6bed 100644 --- a/pkg/config/config.go +++ b/pkg/config/config.go @@ -47,6 +47,7 @@ type DisableDeletionProtection struct { CloudformationStack bool `yaml:"CloudformationStack"` ELBv2 bool `yaml:"ELBv2"` QLDBLedger bool `yaml:"QLDBLedger"` + CognitoUserPool bool `yaml:"CognitoUserPool"` } type PresetDefinitions struct { diff --git a/resources/cognito-userpools.go b/resources/cognito-userpools.go index c1a5f819..7af21ab8 100644 --- a/resources/cognito-userpools.go +++ b/resources/cognito-userpools.go @@ -4,12 +4,15 @@ import ( "github.com/aws/aws-sdk-go/aws" "github.com/aws/aws-sdk-go/aws/session" "github.com/aws/aws-sdk-go/service/cognitoidentityprovider" + "github.com/rebuy-de/aws-nuke/v2/pkg/config" ) type CognitoUserPool struct { svc *cognitoidentityprovider.CognitoIdentityProvider name *string id *string + + featureFlags config.FeatureFlags } func init() { @@ -48,11 +51,49 @@ func ListCognitoUserPools(sess *session.Session) ([]Resource, error) { return resources, nil } +func (l *CognitoUserPool) FeatureFlags(ff config.FeatureFlags) { + l.featureFlags = ff +} + func (f *CognitoUserPool) Remove() error { _, err := f.svc.DeleteUserPool(&cognitoidentityprovider.DeleteUserPoolInput{ UserPoolId: f.id, }) + if err != nil { + if f.featureFlags.DisableDeletionProtection.CognitoUserPool{ + err = f.DisableProtection() + if err!=nil{ + return err + } + _, err = f.svc.DeleteUserPool(&cognitoidentityprovider.DeleteUserPoolInput{ + UserPoolId: f.id, + }) + if err != nil { + return err + } + + return nil + } + } + + return err +} + +func (e *CognitoUserPool) DisableProtection() error{ + userPoolOutput,err := e.svc.DescribeUserPool(&cognitoidentityprovider.DescribeUserPoolInput{ + UserPoolId : e.id, + }) + if err!=nil{ + return err + } + userPool := userPoolOutput.UserPool + params := &cognitoidentityprovider.UpdateUserPoolInput{ + DeletionProtection: &cognitoidentityprovider.DeletionProtectionType_Values()[1], + UserPoolId: e.id, + AutoVerifiedAttributes:userPool.AutoVerifiedAttributes, + } + _, err = e.svc.UpdateUserPool(params) return err } From b4f6b52f8e968cd385a339ada7d2aa045bc36be2 Mon Sep 17 00:00:00 2001 From: Suleman Sohail Date: Mon, 8 May 2023 12:10:52 +0500 Subject: [PATCH 2/9] Minor Changes --- resources/cognito-userpools.go | 5 ----- 1 file changed, 5 deletions(-) diff --git a/resources/cognito-userpools.go b/resources/cognito-userpools.go index 7af21ab8..0e964285 100644 --- a/resources/cognito-userpools.go +++ b/resources/cognito-userpools.go @@ -11,7 +11,6 @@ type CognitoUserPool struct { svc *cognitoidentityprovider.CognitoIdentityProvider name *string id *string - featureFlags config.FeatureFlags } @@ -56,7 +55,6 @@ func (l *CognitoUserPool) FeatureFlags(ff config.FeatureFlags) { } func (f *CognitoUserPool) Remove() error { - _, err := f.svc.DeleteUserPool(&cognitoidentityprovider.DeleteUserPoolInput{ UserPoolId: f.id, }) @@ -72,11 +70,9 @@ func (f *CognitoUserPool) Remove() error { if err != nil { return err } - return nil } } - return err } @@ -94,7 +90,6 @@ func (e *CognitoUserPool) DisableProtection() error{ AutoVerifiedAttributes:userPool.AutoVerifiedAttributes, } _, err = e.svc.UpdateUserPool(params) - return err } From 4a930f78ab348a70d9f3889492b3a0fa1d874048 Mon Sep 17 00:00:00 2001 From: Suleman Sohail Date: Mon, 8 May 2023 12:14:56 +0500 Subject: [PATCH 3/9] nit --- pkg/config/config.go | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/pkg/config/config.go b/pkg/config/config.go index 0aea6bed..4ea8ce4d 100644 --- a/pkg/config/config.go +++ b/pkg/config/config.go @@ -42,12 +42,12 @@ type FeatureFlags struct { } type DisableDeletionProtection struct { - RDSInstance bool `yaml:"RDSInstance"` - EC2Instance bool `yaml:"EC2Instance"` - CloudformationStack bool `yaml:"CloudformationStack"` - ELBv2 bool `yaml:"ELBv2"` - QLDBLedger bool `yaml:"QLDBLedger"` - CognitoUserPool bool `yaml:"CognitoUserPool"` + RDSInstance bool `yaml:"RDSInstance"` + EC2Instance bool `yaml:"EC2Instance"` + CloudformationStack bool `yaml:"CloudformationStack"` + ELBv2 bool `yaml:"ELBv2"` + QLDBLedger bool `yaml:"QLDBLedger"` + CognitoUserPool bool `yaml:"CognitoUserPool"` } type PresetDefinitions struct { From 7de09726a491c7dd9d99a2f5f47d1cb63207dca5 Mon Sep 17 00:00:00 2001 From: Suleman Sohail Date: Mon, 8 May 2023 12:16:32 +0500 Subject: [PATCH 4/9] spaces --- pkg/config/config.go | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/pkg/config/config.go b/pkg/config/config.go index 4ea8ce4d..a5159a79 100644 --- a/pkg/config/config.go +++ b/pkg/config/config.go @@ -42,12 +42,12 @@ type FeatureFlags struct { } type DisableDeletionProtection struct { - RDSInstance bool `yaml:"RDSInstance"` - EC2Instance bool `yaml:"EC2Instance"` - CloudformationStack bool `yaml:"CloudformationStack"` - ELBv2 bool `yaml:"ELBv2"` - QLDBLedger bool `yaml:"QLDBLedger"` - CognitoUserPool bool `yaml:"CognitoUserPool"` + RDSInstance bool `yaml:"RDSInstance"` + EC2Instance bool `yaml:"EC2Instance"` + CloudformationStack bool `yaml:"CloudformationStack"` + ELBv2 bool `yaml:"ELBv2"` + QLDBLedger bool `yaml:"QLDBLedger"` + CognitoUserPool bool `yaml:"CognitoUserPool"` } type PresetDefinitions struct { From b1feb6cb4ad6480b4566a498e34006d0897e61fb Mon Sep 17 00:00:00 2001 From: Suleman Sohail Date: Mon, 8 May 2023 12:17:07 +0500 Subject: [PATCH 5/9] spaces 2 --- pkg/config/config.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/config/config.go b/pkg/config/config.go index a5159a79..94dcaaa0 100644 --- a/pkg/config/config.go +++ b/pkg/config/config.go @@ -43,7 +43,7 @@ type FeatureFlags struct { type DisableDeletionProtection struct { RDSInstance bool `yaml:"RDSInstance"` - EC2Instance bool `yaml:"EC2Instance"` + EC2Instance bool `yaml:"EC2Instance"` CloudformationStack bool `yaml:"CloudformationStack"` ELBv2 bool `yaml:"ELBv2"` QLDBLedger bool `yaml:"QLDBLedger"` From 5936b4ad3beeced50624a07274b470d3ffac966d Mon Sep 17 00:00:00 2001 From: Suleman Sohail Date: Tue, 25 Jul 2023 17:01:45 +0500 Subject: [PATCH 6/9] stopping executions --- resources/sfn-statemachines.go | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/resources/sfn-statemachines.go b/resources/sfn-statemachines.go index e0748f7a..9fbc2ff6 100644 --- a/resources/sfn-statemachines.go +++ b/resources/sfn-statemachines.go @@ -47,6 +47,28 @@ func ListSFNStateMachines(sess *session.Session) ([]Resource, error) { } func (f *SFNStateMachine) Remove() error { + params := &sfn.ListExecutionsInput{ + StateMachineArn: f.ARN, + } + + for{ + executions,execError := f.svc.ListExecutions(params) + if execError != nil { + break + } + for _, execs := range executions.Executions { + + f.svc.StopExecution(&sfn.StopExecutionInput{ + ExecutionArn: execs.ExecutionArn, + }) + } + + if executions.NextToken == nil { + break + } + params.NextToken = executions.NextToken + } + _, err := f.svc.DeleteStateMachine(&sfn.DeleteStateMachineInput{ StateMachineArn: f.ARN, From 1d463d53d5fda3c5fb8e74ea908d3ca8bb29512d Mon Sep 17 00:00:00 2001 From: Suleman Sohail Date: Tue, 25 Jul 2023 22:26:28 +0500 Subject: [PATCH 7/9] bad revert --- resources/sfn-statemachines.go | 22 ---------------------- 1 file changed, 22 deletions(-) diff --git a/resources/sfn-statemachines.go b/resources/sfn-statemachines.go index 9fbc2ff6..e0748f7a 100644 --- a/resources/sfn-statemachines.go +++ b/resources/sfn-statemachines.go @@ -47,28 +47,6 @@ func ListSFNStateMachines(sess *session.Session) ([]Resource, error) { } func (f *SFNStateMachine) Remove() error { - params := &sfn.ListExecutionsInput{ - StateMachineArn: f.ARN, - } - - for{ - executions,execError := f.svc.ListExecutions(params) - if execError != nil { - break - } - for _, execs := range executions.Executions { - - f.svc.StopExecution(&sfn.StopExecutionInput{ - ExecutionArn: execs.ExecutionArn, - }) - } - - if executions.NextToken == nil { - break - } - params.NextToken = executions.NextToken - } - _, err := f.svc.DeleteStateMachine(&sfn.DeleteStateMachineInput{ StateMachineArn: f.ARN, From 54db91115daed71ab68c13561e20eede98852253 Mon Sep 17 00:00:00 2001 From: Suleman Sohail Date: Sun, 13 Aug 2023 16:54:11 +0500 Subject: [PATCH 8/9] Formatted --- resources/cognito-userpools.go | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/resources/cognito-userpools.go b/resources/cognito-userpools.go index 0e964285..3fbd9a62 100644 --- a/resources/cognito-userpools.go +++ b/resources/cognito-userpools.go @@ -8,9 +8,9 @@ import ( ) type CognitoUserPool struct { - svc *cognitoidentityprovider.CognitoIdentityProvider - name *string - id *string + svc *cognitoidentityprovider.CognitoIdentityProvider + name *string + id *string featureFlags config.FeatureFlags } @@ -59,9 +59,9 @@ func (f *CognitoUserPool) Remove() error { UserPoolId: f.id, }) if err != nil { - if f.featureFlags.DisableDeletionProtection.CognitoUserPool{ + if f.featureFlags.DisableDeletionProtection.CognitoUserPool { err = f.DisableProtection() - if err!=nil{ + if err != nil { return err } _, err = f.svc.DeleteUserPool(&cognitoidentityprovider.DeleteUserPoolInput{ @@ -76,18 +76,18 @@ func (f *CognitoUserPool) Remove() error { return err } -func (e *CognitoUserPool) DisableProtection() error{ - userPoolOutput,err := e.svc.DescribeUserPool(&cognitoidentityprovider.DescribeUserPoolInput{ - UserPoolId : e.id, +func (e *CognitoUserPool) DisableProtection() error { + userPoolOutput, err := e.svc.DescribeUserPool(&cognitoidentityprovider.DescribeUserPoolInput{ + UserPoolId: e.id, }) - if err!=nil{ + if err != nil { return err } userPool := userPoolOutput.UserPool params := &cognitoidentityprovider.UpdateUserPoolInput{ - DeletionProtection: &cognitoidentityprovider.DeletionProtectionType_Values()[1], - UserPoolId: e.id, - AutoVerifiedAttributes:userPool.AutoVerifiedAttributes, + DeletionProtection: &cognitoidentityprovider.DeletionProtectionType_Values()[1], + UserPoolId: e.id, + AutoVerifiedAttributes: userPool.AutoVerifiedAttributes, } _, err = e.svc.UpdateUserPool(params) return err From 9ce66f15b0fc5f1b97c933786dd65e1e014c3d53 Mon Sep 17 00:00:00 2001 From: Suleman Sohail Date: Sun, 10 Sep 2023 19:14:12 +0500 Subject: [PATCH 9/9] Validating error message --- resources/cognito-userpools.go | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/resources/cognito-userpools.go b/resources/cognito-userpools.go index 3fbd9a62..c6f6b307 100644 --- a/resources/cognito-userpools.go +++ b/resources/cognito-userpools.go @@ -1,7 +1,10 @@ package resources import ( + "strings" + "github.com/aws/aws-sdk-go/aws" + "github.com/aws/aws-sdk-go/aws/awserr" "github.com/aws/aws-sdk-go/aws/session" "github.com/aws/aws-sdk-go/service/cognitoidentityprovider" "github.com/rebuy-de/aws-nuke/v2/pkg/config" @@ -59,7 +62,8 @@ func (f *CognitoUserPool) Remove() error { UserPoolId: f.id, }) if err != nil { - if f.featureFlags.DisableDeletionProtection.CognitoUserPool { + awsErr, ok := err.(awserr.Error) + if ok && strings.Contains(awsErr.Message(), "Deletion protection must be inactivated first") && f.featureFlags.DisableDeletionProtection.CognitoUserPool { err = f.DisableProtection() if err != nil { return err @@ -85,7 +89,7 @@ func (e *CognitoUserPool) DisableProtection() error { } userPool := userPoolOutput.UserPool params := &cognitoidentityprovider.UpdateUserPoolInput{ - DeletionProtection: &cognitoidentityprovider.DeletionProtectionType_Values()[1], + DeletionProtection: aws.String(cognitoidentityprovider.DeletionProtectionTypeInactive), UserPoolId: e.id, AutoVerifiedAttributes: userPool.AutoVerifiedAttributes, }