Merge pull request #834 from roseo1/lakeformation

feat(lakeformation): add initial lakeformation resources

Author: ekristen

docs/documentation.md

@@ -41,11 +41,11 @@ first letter of the field name. The field name should match what the existing pr
 #### Generating Documentation for All Resources
 
 ```console
-go run tools/generate-docs/main.go --write
+go run tools/generate-docs/docs.go --write
 ```
 
 #### Generating Documentation for a Single Resource
 
 ```console
-go run tools/generate-docs/main.go --resource EC2Instance --write
+go run tools/generate-docs/docs.go --resource EC2Instance --write
 ```

docs/resources/lake-formation-location.md

@@ -0,0 +1,30 @@
+---
+generated: true
+---
+
+# LakeFormationLocation
+
+
+## Resource
+
+```text
+LakeFormationLocation
+```
+
+## Properties
+
+
+- `ResourceARN`: The ARN of the resource registered with Lake Formation
+
+!!! note - Using Properties
+    Properties are what [Filters](../config-filtering.md) are written against in your configuration. You use the property
+    names to write filters for what you want to **keep** and omit from the nuke process.
+
+### String Property
+
+The string representation of a resource is generally the value of the Name, ID or ARN field of the resource. Not all
+resources support properties. To write a filter against the string representation, simply omit the `property` field in
+the filter.
+
+The string value is always what is used in the output of the log format when a resource is identified.
+

docs/resources/lake-formation-permission.md

@@ -0,0 +1,32 @@
+---
+generated: true
+---
+
+# LakeFormationPermission
+
+
+## Resource
+
+```text
+LakeFormationPermission
+```
+
+## Properties
+
+
+- `Permissions`: The permissions to remove from the principal
+- `PrincipalARN`: The ARN of the principal to remove permissions from
+- `Resource`: -
+
+!!! note - Using Properties
+    Properties are what [Filters](../config-filtering.md) are written against in your configuration. You use the property
+    names to write filters for what you want to **keep** and omit from the nuke process.
+
+### String Property
+
+The string representation of a resource is generally the value of the Name, ID or ARN field of the resource. Not all
+resources support properties. To write a filter against the string representation, simply omit the `property` field in
+the filter.
+
+The string value is always what is used in the output of the log format when a resource is identified.
+

docs/resources/lake-formation-tag.md

@@ -0,0 +1,31 @@
+---
+generated: true
+---
+
+# LakeFormationTag
+
+
+## Resource
+
+```text
+LakeFormationTag
+```
+
+## Properties
+
+
+- `CatalogID`: The identifier for the Data Catalog. By default, the account ID.
+- `TagKey`: The key-name for the LF-tag
+
+!!! note - Using Properties
+    Properties are what [Filters](../config-filtering.md) are written against in your configuration. You use the property
+    names to write filters for what you want to **keep** and omit from the nuke process.
+
+### String Property
+
+The string representation of a resource is generally the value of the Name, ID or ARN field of the resource. Not all
+resources support properties. To write a filter against the string representation, simply omit the `property` field in
+the filter.
+
+The string value is always what is used in the output of the log format when a resource is identified.
+

go.mod

@@ -61,6 +61,7 @@ require (
 	github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.4.8 // indirect
 	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.1 // indirect
 	github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.18.10 // indirect
+	github.com/aws/aws-sdk-go-v2/service/lakeformation v1.46.4 // indirect
 	github.com/aws/aws-sdk-go-v2/service/sso v1.25.6 // indirect
 	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.30.4 // indirect
 	github.com/benbjohnson/clock v1.3.0 // indirect

go.sum

@@ -76,6 +76,8 @@ github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.1 h1:ky79ysLMx
 github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.1/go.mod h1:+2MmkvFvPYM1vsozBWduoLJUi5maxFk5B7KJFECujhY=
 github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.18.10 h1:fXoWC2gi7tdJYNTPnnlSGzEVwewUchOi8xVq/dkg8Qs=
 github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.18.10/go.mod h1:cvzBApD5dVazHU8C2rbBQzzzsKc8m5+wNJ9mCRZLKPc=
+github.com/aws/aws-sdk-go-v2/service/lakeformation v1.46.4 h1:/FGGegoEL5Kt7GmRG6fezeyTKDKF5SkIfAZplTmEd7c=
+github.com/aws/aws-sdk-go-v2/service/lakeformation v1.46.4/go.mod h1:UItZ8YQ8PcPAEVdk1/1tZwAsLmOZS4SiYLdvM4jde2g=
 github.com/aws/aws-sdk-go-v2/service/mgn v1.37.5 h1:BMu425Ntx40waGQ0/g6BeX1F/sYvKdIcO+ABys5Jv9s=
 github.com/aws/aws-sdk-go-v2/service/mgn v1.37.5/go.mod h1:F3YMviBP/8gRnYBh8j+6MUw/c3ID0l3IMS37kHAo22Y=
 github.com/aws/aws-sdk-go-v2/service/mgn v1.37.6 h1:ITYqWof2FxKHKTmxsjkwvgTjD14gajRXJYenLIeg1qA=

mkdocs.yml

@@ -473,6 +473,9 @@ nav:
     - Kinesis Analytics Application: resources/kinesis-analytics-application.md
     - Kinesis Stream: resources/kinesis-stream.md
     - Kinesis Video Project: resources/kinesis-video-project.md
+    - Lake Formation Location: resources/lake-formation-location.md
+    - Lake Formation Permission: resources/lake-formation-permission.md
+    - Lake Formation Tag: resources/lake-formation-tag.md
     - Lambda Event Source Mapping: resources/lambda-event-source-mapping.md
     - Lambda Function: resources/lambda-function.md
     - Lambda Layer: resources/lambda-layer.md

resources/lakeformation-location.go

@@ -0,0 +1,67 @@
+package resources
+
+import (
+	"context"
+
+	"github.com/aws/aws-sdk-go-v2/service/lakeformation"
+
+	"github.com/ekristen/libnuke/pkg/registry"
+	"github.com/ekristen/libnuke/pkg/resource"
+	"github.com/ekristen/libnuke/pkg/types"
+
+	"github.com/ekristen/aws-nuke/v3/pkg/nuke"
+)
+
+const LakeFormationLocationResource = "LakeFormationLocation"
+
+func init() {
+	registry.Register(&registry.Registration{
+		Name:     LakeFormationLocationResource,
+		Scope:    nuke.Account,
+		Resource: &LakeFormationLocation{},
+		Lister:   &LakeFormationLocationLister{},
+	})
+}
+
+type LakeFormationLocationLister struct{}
+
+func (l *LakeFormationLocationLister) List(ctx context.Context, o interface{}) ([]resource.Resource, error) {
+	opts := o.(*nuke.ListerOpts)
+
+	svc := lakeformation.NewFromConfig(*opts.Config)
+	resources := make([]resource.Resource, 0)
+
+	paginator := lakeformation.NewListResourcesPaginator(svc, &lakeformation.ListResourcesInput{})
+	for paginator.HasMorePages() {
+		page, err := paginator.NextPage(ctx)
+		if err != nil {
+			return nil, err
+		}
+
+		for _, ri := range page.ResourceInfoList {
+			resources = append(resources, &LakeFormationLocation{
+				svc:         svc,
+				ResourceARN: ri.ResourceArn,
+			})
+		}
+	}
+
+	return resources, nil
+}
+
+type LakeFormationLocation struct {
+	svc         *lakeformation.Client
+	ResourceARN *string `description:"The ARN of the resource registered with Lake Formation"`
+}
+
+func (f *LakeFormationLocation) Remove(ctx context.Context) error {
+	_, err := f.svc.DeregisterResource(ctx, &lakeformation.DeregisterResourceInput{
+		ResourceArn: f.ResourceARN,
+	})
+
+	return err
+}
+
+func (f *LakeFormationLocation) Properties() types.Properties {
+	return types.NewPropertiesFromStruct(f)
+}

resources/lakeformation-permission.go

@@ -0,0 +1,84 @@
+package resources
+
+import (
+	"context"
+	"fmt"
+
+	"github.com/aws/aws-sdk-go-v2/service/lakeformation"
+	lakeformationtypes "github.com/aws/aws-sdk-go-v2/service/lakeformation/types"
+
+	"github.com/ekristen/libnuke/pkg/registry"
+	"github.com/ekristen/libnuke/pkg/resource"
+	"github.com/ekristen/libnuke/pkg/types"
+
+	"github.com/ekristen/aws-nuke/v3/pkg/nuke"
+)
+
+const LakeFormationPermissionResource = "LakeFormationPermission"
+
+func init() {
+	registry.Register(&registry.Registration{
+		Name:     LakeFormationPermissionResource,
+		Scope:    nuke.Account,
+		Resource: &LakeFormationPermission{},
+		Lister:   &LakeFormationPermissionLister{},
+	})
+}
+
+type LakeFormationPermissionLister struct{}
+
+func (l *LakeFormationPermissionLister) List(ctx context.Context, o interface{}) ([]resource.Resource, error) {
+	opts := o.(*nuke.ListerOpts)
+
+	svc := lakeformation.NewFromConfig(*opts.Config)
+	resources := make([]resource.Resource, 0)
+
+	paginator := lakeformation.NewListPermissionsPaginator(svc, &lakeformation.ListPermissionsInput{})
+	for paginator.HasMorePages() {
+		page, err := paginator.NextPage(ctx)
+		if err != nil {
+			return nil, err
+		}
+
+		for _, prp := range page.PrincipalResourcePermissions {
+			resources = append(resources, &LakeFormationPermission{
+				svc:          svc,
+				PrincipalARN: prp.Principal.DataLakePrincipalIdentifier,
+				Resource:     prp.Resource,
+				Permissions:  prp.Permissions,
+			})
+		}
+	}
+
+	return resources, nil
+}
+
+type LakeFormationPermission struct {
+	svc          *lakeformation.Client
+	PrincipalARN *string                         `description:"The ARN of the principal to remove permissions from"`
+	Permissions  []lakeformationtypes.Permission `description:"The permissions to remove from the principal"`
+	Resource     *lakeformationtypes.Resource    `description:"-"`
+}
+
+func (f *LakeFormationPermission) Remove(ctx context.Context) error {
+	_, err := f.svc.RevokePermissions(ctx, &lakeformation.RevokePermissionsInput{
+		Principal: &lakeformationtypes.DataLakePrincipal{
+			DataLakePrincipalIdentifier: f.PrincipalARN,
+		},
+		Resource:    f.Resource,
+		Permissions: f.Permissions,
+	})
+
+	return err
+}
+
+func (r *LakeFormationPermission) Filter() error {
+	if *r.PrincipalARN == "IAM_ALLOWED_PRINCIPALS" {
+		return fmt.Errorf("cannot delete default setting group permissions")
+	}
+	return nil
+}
+
+func (f *LakeFormationPermission) Properties() types.Properties {
+	return types.NewPropertiesFromStruct(f)
+}

resources/lakeformation-tag.go

@@ -0,0 +1,70 @@
+package resources
+
+import (
+	"context"
+
+	"github.com/aws/aws-sdk-go-v2/service/lakeformation"
+
+	"github.com/ekristen/libnuke/pkg/registry"
+	"github.com/ekristen/libnuke/pkg/resource"
+	"github.com/ekristen/libnuke/pkg/types"
+
+	"github.com/ekristen/aws-nuke/v3/pkg/nuke"
+)
+
+const LakeFormationTagResource = "LakeFormationTag"
+
+func init() {
+	registry.Register(&registry.Registration{
+		Name:     LakeFormationTagResource,
+		Scope:    nuke.Account,
+		Resource: &LakeFormationTag{},
+		Lister:   &LakeFormationTagLister{},
+	})
+}
+
+type LakeFormationTagLister struct{}
+
+func (l *LakeFormationTagLister) List(ctx context.Context, o interface{}) ([]resource.Resource, error) {
+	opts := o.(*nuke.ListerOpts)
+
+	svc := lakeformation.NewFromConfig(*opts.Config)
+	resources := make([]resource.Resource, 0)
+
+	paginator := lakeformation.NewListLFTagsPaginator(svc, &lakeformation.ListLFTagsInput{})
+	for paginator.HasMorePages() {
+		page, err := paginator.NextPage(ctx)
+		if err != nil {
+			return nil, err
+		}
+
+		for _, t := range page.LFTags {
+			resources = append(resources, &LakeFormationTag{
+				svc:       svc,
+				TagKey:    t.TagKey,
+				CatalogID: t.CatalogId,
+			})
+		}
+	}
+
+	return resources, nil
+}
+
+type LakeFormationTag struct {
+	svc       *lakeformation.Client
+	TagKey    *string `description:"The key-name for the LF-tag"`
+	CatalogID *string `description:"The identifier for the Data Catalog. By default, the account ID."`
+}
+
+func (f *LakeFormationTag) Remove(ctx context.Context) error {
+	_, err := f.svc.DeleteLFTag(ctx, &lakeformation.DeleteLFTagInput{
+		TagKey:    f.TagKey,
+		CatalogId: f.CatalogID,
+	})
+
+	return err
+}
+
+func (f *LakeFormationTag) Properties() types.Properties {
+	return types.NewPropertiesFromStruct(f)
+}