Add option to ingore KMS errors due to permissions (#27)

bjfish25 · bfisher8 · web-flow · commit 0c78aca5f897 · 2024-06-27T10:11:44.000-05:00
* Add option to ingore KMS errors due to permissions

* Add ignored option

---------

Co-authored-by: bfisher8 &lt;bradley.fisher@optum.com&gt;
diff --git a/cmd/nuke.go b/cmd/nuke.go
@@ -128,8 +128,8 @@ func (n *Nuke) Run() error {
 		time.Sleep(5 * time.Second)
 	}
 
-	fmt.Printf("Nuke complete: %d failed, %d skipped, %d finished.\n\n",
-		n.items.Count(ItemStateFailed), n.items.Count(ItemStateFiltered), n.items.Count(ItemStateFinished))
+	fmt.Printf("Nuke complete: %d failed, %d skipped, %d ignored, %d finished.\n\n",
+		n.items.Count(ItemStateFailed), n.items.Count(ItemStateFiltered), n.items.Count(ItemStateIgnored), n.items.Count(ItemStateFinished))
 
 	return nil
 }
@@ -264,14 +264,18 @@ func (n *Nuke) HandleQueue() {
 	}
 
 	fmt.Println()
-	fmt.Printf("Removal requested: %d waiting, %d failed, %d skipped, %d finished\n\n",
+	fmt.Printf("Removal requested: %d waiting, %d failed, %d skipped, %d ignored, %d finished\n\n",
 		n.items.Count(ItemStateWaiting, ItemStatePending), n.items.Count(ItemStateFailed),
-		n.items.Count(ItemStateFiltered), n.items.Count(ItemStateFinished))
+		n.items.Count(ItemStateFiltered), n.items.Count(ItemStateIgnored), n.items.Count(ItemStateFinished))
 }
 
 func (n *Nuke) HandleRemove(item *Item) {
 	err := item.Resource.Remove()
-	if err != nil {
+	if err != nil && err.Error() == "ignoring error" {
+		item.State = ItemStateIgnored
+		item.Reason = ""
+		return
+	} else if err != nil {
 		item.State = ItemStateFailed
 		item.Reason = err.Error()
 		return
diff --git a/cmd/queue.go b/cmd/queue.go
@@ -16,6 +16,7 @@ const (
 	ItemStateFailed
 	ItemStateFiltered
 	ItemStateFinished
+	ItemStateIgnored
 )
 
 // An Item describes an actual AWS resource entity with the current state and
@@ -44,6 +45,8 @@ func (i *Item) Print() {
 		Log(i.Region, i.Type, i.Resource, ReasonSkip, i.Reason)
 	case ItemStateFinished:
 		Log(i.Region, i.Type, i.Resource, ReasonSuccess, "removed")
+	case ItemStateIgnored:
+		Log(i.Region, i.Type, i.Resource, ReasonSuccess, "ignored")
 	}
 }
 
diff --git a/pkg/config/config.go b/pkg/config/config.go
@@ -40,6 +40,7 @@ type FeatureFlags struct {
 	DisableDeletionProtection        DisableDeletionProtection `yaml:"disable-deletion-protection"`
 	DisableEC2InstanceStopProtection bool                      `yaml:"disable-ec2-instance-stop-protection"`
 	ForceDeleteLightsailAddOns       bool                      `yaml:"force-delete-lightsail-addons"`
+	DisableFailOnKMSError            bool                      `yaml:"disable-fail-on-kms-error"`
 }
 
 type DisableDeletionProtection struct {
diff --git a/resources/kms-aliases.go b/resources/kms-aliases.go
@@ -6,12 +6,15 @@ import (
 
 	"github.com/aws/aws-sdk-go/aws/session"
 	"github.com/aws/aws-sdk-go/service/kms"
+	"github.com/rebuy-de/aws-nuke/v2/pkg/config"
 	"github.com/rebuy-de/aws-nuke/v2/pkg/types"
 )
 
 type KMSAlias struct {
 	svc  *kms.KMS
 	name string
+
+	featureFlags config.FeatureFlags
 }
 
 func init() {
@@ -48,13 +51,21 @@ func (e *KMSAlias) Remove() error {
 	_, err := e.svc.DeleteAlias(&kms.DeleteAliasInput{
 		AliasName: &e.name,
 	})
+	if e.featureFlags.DisableFailOnKMSError && err != nil {
+		fmt.Printf("Ignoring KMSAlias Remove error: %s\n", err.Error())
+		return fmt.Errorf("ignoring error")
+	}
 	return err
 }
 
 func (e *KMSAlias) String() string {
 	return e.name
 }
 
+func (e *KMSAlias) FeatureFlags(ff config.FeatureFlags) {
+	e.featureFlags = ff
+}
+
 func (e *KMSAlias) Properties() types.Properties {
 	properties := types.NewProperties()
 	properties.
diff --git a/resources/kms-keys.go b/resources/kms-keys.go
@@ -6,6 +6,7 @@ import (
 	"github.com/aws/aws-sdk-go/aws"
 	"github.com/aws/aws-sdk-go/aws/session"
 	"github.com/aws/aws-sdk-go/service/kms"
+	"github.com/rebuy-de/aws-nuke/v2/pkg/config"
 	"github.com/rebuy-de/aws-nuke/v2/pkg/types"
 )
 
@@ -15,6 +16,8 @@ type KMSKey struct {
 	state   string
 	manager *string
 	tags    []*kms.Tag
+
+	featureFlags config.FeatureFlags
 }
 
 func init() {
@@ -102,13 +105,21 @@ func (e *KMSKey) Remove() error {
 		KeyId:               &e.id,
 		PendingWindowInDays: aws.Int64(7),
 	})
+	if e.featureFlags.DisableFailOnKMSError && err != nil {
+		fmt.Printf("Ignoring KMSKey Remove error: %s\n", err.Error())
+		return fmt.Errorf("ignoring error")
+	}
 	return err
 }
 
 func (e *KMSKey) String() string {
 	return e.id
 }
 
+func (e *KMSKey) FeatureFlags(ff config.FeatureFlags) {
+	e.featureFlags = ff
+}
+
 func (i *KMSKey) Properties() types.Properties {
 	properties := types.NewProperties()
 	properties.

Original file line number	Diff line number	Diff line change
`@@ -16,6 +16,7 @@ const (`
`16`	`16`	`ItemStateFailed`
`17`	`17`	`ItemStateFiltered`
`18`	`18`	`ItemStateFinished`
	`19`	`+ ItemStateIgnored`
`19`	`20`	`)`
`20`	`21`
`21`	`22`	`// An Item describes an actual AWS resource entity with the current state and`
`@@ -44,6 +45,8 @@ func (i *Item) Print() {`
`44`	`45`	`Log(i.Region, i.Type, i.Resource, ReasonSkip, i.Reason)`
`45`	`46`	`case ItemStateFinished:`
`46`	`47`	`Log(i.Region, i.Type, i.Resource, ReasonSuccess, "removed")`
	`48`	`+ case ItemStateIgnored:`
	`49`	`+ Log(i.Region, i.Type, i.Resource, ReasonSuccess, "ignored")`
`47`	`50`	`}`
`48`	`51`	`}`
`49`	`52`
Original file line number	Diff line number	Diff line change
`@@ -40,6 +40,7 @@ type FeatureFlags struct {`
`40`	`40`	DisableDeletionProtection DisableDeletionProtection `yaml:"disable-deletion-protection"`
`41`	`41`	DisableEC2InstanceStopProtection bool `yaml:"disable-ec2-instance-stop-protection"`
`42`	`42`	ForceDeleteLightsailAddOns bool `yaml:"force-delete-lightsail-addons"`
	`43`	+ DisableFailOnKMSError bool `yaml:"disable-fail-on-kms-error"`
`43`	`44`	`}`
`44`	`45`
`45`	`46`	`type DisableDeletionProtection struct {`