feat: refactor EBS volumes and Snapshot and add tests (#732)

* feat: refactor EBS and Snapshot and add tests

* feat: fix linter issues and variable naming

Author: rajramo61

docs/resources/ec2-snapshot.md

@@ -11,13 +11,36 @@ generated: true
 EC2Snapshot
 ```
 
-
-
-### DependsOn
-
-!!! important - Experimental Feature
-    This resource depends on a resource using the experimental feature. This means that the resource will
-    only be deleted if all the resources of a particular type are deleted first or reach a terminal state.
-
-- [EC2Image](./ec2-image.md)
+## Properties
+
+
+- `DataEncryptionKeyID`: The data encryption key identifier for the snapshot
+- `Description`: The description for the snapshot
+- `Encrypted`: Indicates whether the snapshot is encrypted
+- `KmsKeyID`: The Amazon Resource Name (ARN) of the AWS KMS key used for encryption
+- `OwnerAlias`: The AWS owner alias
+- `OwnerID`: The AWS account ID of the EBS snapshot owner
+- `Progress`: The progress of the snapshot as a percentage
+- `RestoreExpiryTime`: Only for archived snapshots that are temporarily restored
+- `SnapshotID`: The ID of the snapshot
+- `StartTime`: The time stamp when the snapshot was initiated
+- `State`: The snapshot state
+- `StateMessage`: Encrypted Amazon EBS snapshots are copied asynchronously
+- `StorageTier`: The storage tier in which the snapshot is stored
+- `VolumeID`: The ID of the volume that was used to create the snapshot
+- `VolumeSize`: The size of the volume in GiB
+- `tag:<key>:`: This resource has tags with property `Tags`. These are key/value pairs that are
+	added as their own property with the prefix of `tag:` (e.g. [tag:example: "value"]) 
+
+!!! note - Using Properties
+    Properties are what [Filters](../config-filtering.md) are written against in your configuration. You use the property
+    names to write filters for what you want to **keep** and omit from the nuke process.
+
+### String Property
+
+The string representation of a resource is generally the value of the Name, ID or ARN field of the resource. Not all
+resources support properties. To write a filter against the string representation, simply omit the `property` field in
+the filter.
+
+The string value is always what is used in the output of the log format when a resource is identified.
 

docs/resources/ec2-volume.md

@@ -11,5 +11,32 @@ generated: true
 EC2Volume
 ```
 
+## Properties
 
 
+- `AvailabilityZone`: The Availability Zone in which the volume was created
+- `CreateTime`: The time stamp when volume creation was initiated
+- `Encrypted`: Indicates whether the volume is encrypted
+- `Iops`: The number of I/O operations per second (IOPS)
+- `KmsKeyID`: The Amazon Resource Name (ARN) of the AWS KMS key used for encryption
+- `MultiAttachEnabled`: Indicates whether Amazon EBS Multi-Attach is enabled
+- `Size`: The size of the volume in GiB
+- `State`: The state of the volume (creating, available, in-use, deleting, deleted, error)
+- `Throughput`: The throughput that the volume supports in MiB/s
+- `VolumeID`: The ID of the EBS volume
+- `VolumeType`: The volume type (gp2, gp3, io1, io2, st1, sc1, standard)
+- `tag:<key>:`: This resource has tags with property `Tags`. These are key/value pairs that are
+	added as their own property with the prefix of `tag:` (e.g. [tag:example: "value"]) 
+
+!!! note - Using Properties
+    Properties are what [Filters](../config-filtering.md) are written against in your configuration. You use the property
+    names to write filters for what you want to **keep** and omit from the nuke process.
+
+### String Property
+
+The string representation of a resource is generally the value of the Name, ID or ARN field of the resource. Not all
+resources support properties. To write a filter against the string representation, simply omit the `property` field in
+the filter.
+
+The string value is always what is used in the output of the log format when a resource is identified.
+

mkdocs.yml

@@ -505,6 +505,10 @@ nav:
     - Neptune Graph: resources/neptune-graph.md
     - Neptune Instance: resources/neptune-instance.md
     - Neptune Snapshot: resources/neptune-snapshot.md
+    - Network Firewall Logging Configuration: resources/network-firewall-logging-configuration.md
+    - Network Firewall Policy: resources/network-firewall-policy.md
+    - Network Firewall Rule Group: resources/network-firewall-rule-group.md
+    - Network Firewall: resources/network-firewall.md
     - Network Manager Connect Peer: resources/network-manager-connect-peer.md
     - Network Manager Core Network: resources/network-manager-core-network.md
     - Network Manager Global Network: resources/network-manager-global-network.md

resources/ec2-snapshots.go

@@ -2,12 +2,10 @@ package resources
 
 import (
 	"context"
-
-	"fmt"
 	"time"
 
-	"github.com/aws/aws-sdk-go/aws"
-	"github.com/aws/aws-sdk-go/service/ec2"
+	"github.com/aws/aws-sdk-go-v2/service/ec2"
+	ec2types "github.com/aws/aws-sdk-go-v2/service/ec2/types"
 
 	"github.com/ekristen/libnuke/pkg/registry"
 	"github.com/ekristen/libnuke/pkg/resource"
@@ -24,65 +22,92 @@ func init() {
 		Scope:    nuke.Account,
 		Resource: &EC2Snapshot{},
 		Lister:   &EC2SnapshotLister{},
-		DependsOn: []string{
-			EC2ImageResource,
-		},
 	})
 }
 
 type EC2SnapshotLister struct{}
 
-func (l *EC2SnapshotLister) List(_ context.Context, o interface{}) ([]resource.Resource, error) {
+func (l *EC2SnapshotLister) List(ctx context.Context, o interface{}) ([]resource.Resource, error) {
 	opts := o.(*nuke.ListerOpts)
 
-	svc := ec2.New(opts.Session)
+	svc := ec2.NewFromConfig(*opts.Config)
+
 	params := &ec2.DescribeSnapshotsInput{
-		OwnerIds: []*string{
-			aws.String("self"),
-		},
-	}
-	resp, err := svc.DescribeSnapshots(params)
-	if err != nil {
-		return nil, err
+		OwnerIds: []string{"self"},
 	}
-
 	resources := make([]resource.Resource, 0)
-	for _, out := range resp.Snapshots {
-		resources = append(resources, &EC2Snapshot{
-			svc:       svc,
-			id:        *out.SnapshotId,
-			startTime: out.StartTime,
-			tags:      out.Tags,
-		})
+
+	for {
+		resp, err := svc.DescribeSnapshots(ctx, params)
+		if err != nil {
+			return nil, err
+		}
+
+		for i := range resp.Snapshots {
+			snapshot := &resp.Snapshots[i]
+			resources = append(resources, &EC2Snapshot{
+				svc:                 svc,
+				SnapshotID:          snapshot.SnapshotId,
+				Description:         snapshot.Description,
+				VolumeID:            snapshot.VolumeId,
+				VolumeSize:          snapshot.VolumeSize,
+				State:               &snapshot.State,
+				StateMessage:        snapshot.StateMessage,
+				StartTime:           snapshot.StartTime,
+				Progress:            snapshot.Progress,
+				OwnerID:             snapshot.OwnerId,
+				OwnerAlias:          snapshot.OwnerAlias,
+				Encrypted:           snapshot.Encrypted,
+				KmsKeyID:            snapshot.KmsKeyId,
+				DataEncryptionKeyID: snapshot.DataEncryptionKeyId,
+				StorageTier:         &snapshot.StorageTier,
+				RestoreExpiryTime:   snapshot.RestoreExpiryTime,
+				Tags:                &snapshot.Tags,
+			})
+		}
+
+		if resp.NextToken == nil {
+			break
+		}
+		params.NextToken = resp.NextToken
 	}
 
 	return resources, nil
 }
 
 type EC2Snapshot struct {
-	svc       *ec2.EC2
-	id        string
-	startTime *time.Time
-	tags      []*ec2.Tag
+	svc                 *ec2.Client
+	SnapshotID          *string                 `description:"The ID of the snapshot"`
+	Description         *string                 `description:"The description for the snapshot"`
+	VolumeID            *string                 `description:"The ID of the volume that was used to create the snapshot"`
+	VolumeSize          *int32                  `description:"The size of the volume in GiB"`
+	State               *ec2types.SnapshotState `description:"The snapshot state"`
+	StateMessage        *string                 `description:"Encrypted Amazon EBS snapshots are copied asynchronously"`
+	StartTime           *time.Time              `description:"The time stamp when the snapshot was initiated"`
+	Progress            *string                 `description:"The progress of the snapshot as a percentage"`
+	OwnerID             *string                 `description:"The AWS account ID of the EBS snapshot owner"`
+	OwnerAlias          *string                 `description:"The AWS owner alias"`
+	Encrypted           *bool                   `description:"Indicates whether the snapshot is encrypted"`
+	KmsKeyID            *string                 `description:"The Amazon Resource Name (ARN) of the AWS KMS key used for encryption"`
+	DataEncryptionKeyID *string                 `description:"The data encryption key identifier for the snapshot"`
+	StorageTier         *ec2types.StorageTier   `description:"The storage tier in which the snapshot is stored"`
+	RestoreExpiryTime   *time.Time              `description:"Only for archived snapshots that are temporarily restored"`
+	Tags                *[]ec2types.Tag         `description:"The tags associated with the snapshot"`
 }
 
-func (e *EC2Snapshot) Properties() types.Properties {
-	properties := types.NewProperties()
-	properties.Set("StartTime", e.startTime.Format(time.RFC3339))
-
-	for _, tagValue := range e.tags {
-		properties.Set(fmt.Sprintf("tag:%v", *tagValue.Key), tagValue.Value)
+func (r *EC2Snapshot) Remove(ctx context.Context) error {
+	params := &ec2.DeleteSnapshotInput{
+		SnapshotId: r.SnapshotID,
 	}
-	return properties
-}
 
-func (e *EC2Snapshot) Remove(_ context.Context) error {
-	_, err := e.svc.DeleteSnapshot(&ec2.DeleteSnapshotInput{
-		SnapshotId: &e.id,
-	})
+	_, err := r.svc.DeleteSnapshot(ctx, params)
 	return err
 }
 
-func (e *EC2Snapshot) String() string {
-	return e.id
+func (r *EC2Snapshot) Properties() types.Properties {
+	return types.NewPropertiesFromStruct(r)
+}
+
+func (r *EC2Snapshot) String() string {
+	return *r.SnapshotID
 }

resources/ec2-snapshots_test.go

@@ -0,0 +1,152 @@
+package resources
+
+import (
+	"testing"
+	"time"
+
+	"github.com/aws/aws-sdk-go-v2/aws"
+	ec2types "github.com/aws/aws-sdk-go-v2/service/ec2/types"
+	"github.com/gotidy/ptr"
+	"github.com/stretchr/testify/assert"
+)
+
+func Test_EC2Snapshot_String(t *testing.T) {
+	a := assert.New(t)
+
+	ec2Snapshot := EC2Snapshot{
+		SnapshotID: ptr.String("snap-1234567890abcdef0"),
+	}
+
+	a.Equal("snap-1234567890abcdef0", ec2Snapshot.String())
+}
+
+func Test_EC2Snapshot_Properties(t *testing.T) {
+	a := assert.New(t)
+
+	startTime := time.Now()
+	restoreExpiryTime := time.Now().Add(24 * time.Hour)
+	state := ec2types.SnapshotStateCompleted
+	storageTier := ec2types.StorageTierStandard
+
+	ec2Snapshot := EC2Snapshot{
+		SnapshotID:          ptr.String("snap-1234567890abcdef0"),
+		Description:         ptr.String("My snapshot"),
+		VolumeID:            ptr.String("vol-1234567890abcdef0"),
+		VolumeSize:          ptr.Int32(100),
+		State:               &state,
+		StateMessage:        ptr.String("100% complete"),
+		StartTime:           &startTime,
+		Progress:            ptr.String("100%"),
+		OwnerID:             ptr.String("123456789012"),
+		OwnerAlias:          ptr.String("amazon"),
+		Encrypted:           ptr.Bool(true),
+		KmsKeyID:            ptr.String("arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012"),
+		DataEncryptionKeyID: ptr.String("12345678-1234-1234-1234-123456789012"),
+		StorageTier:         &storageTier,
+		RestoreExpiryTime:   &restoreExpiryTime,
+		Tags: &[]ec2types.Tag{
+			{
+				Key:   aws.String("Environment"),
+				Value: aws.String("production"),
+			},
+			{
+				Key:   aws.String("Backup"),
+				Value: aws.String("daily"),
+			},
+		},
+	}
+
+	properties := ec2Snapshot.Properties()
+
+	a.Equal("snap-1234567890abcdef0", properties.Get("SnapshotID"))
+	a.Equal("My snapshot", properties.Get("Description"))
+	a.Equal("vol-1234567890abcdef0", properties.Get("VolumeID"))
+	a.Equal("100", properties.Get("VolumeSize"))
+	a.Equal("completed", properties.Get("State"))
+	a.Equal("100% complete", properties.Get("StateMessage"))
+	a.Equal("100%", properties.Get("Progress"))
+	a.Equal("123456789012", properties.Get("OwnerID"))
+	a.Equal("amazon", properties.Get("OwnerAlias"))
+	a.Equal("true", properties.Get("Encrypted"))
+	a.Equal("arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012", properties.Get("KmsKeyID"))
+	a.Equal("12345678-1234-1234-1234-123456789012", properties.Get("DataEncryptionKeyID"))
+	a.Equal("standard", properties.Get("StorageTier"))
+	a.Equal("production", properties.Get("tag:Environment"))
+	a.Equal("daily", properties.Get("tag:Backup"))
+}
+
+func Test_EC2Snapshot_Properties_EmptyTags(t *testing.T) {
+	a := assert.New(t)
+
+	startTime := time.Now()
+	state := ec2types.SnapshotStatePending
+
+	ec2Snapshot := EC2Snapshot{
+		SnapshotID:  ptr.String("snap-1234567890abcdef0"),
+		Description: ptr.String("Automated backup"),
+		VolumeID:    ptr.String("vol-1234567890abcdef0"),
+		VolumeSize:  ptr.Int32(50),
+		State:       &state,
+		StartTime:   &startTime,
+		Progress:    ptr.String("50%"),
+		OwnerID:     ptr.String("123456789012"),
+		Encrypted:   ptr.Bool(false),
+		Tags:        &[]ec2types.Tag{},
+	}
+
+	properties := ec2Snapshot.Properties()
+
+	a.Equal("snap-1234567890abcdef0", properties.Get("SnapshotID"))
+	a.Equal("Automated backup", properties.Get("Description"))
+	a.Equal("vol-1234567890abcdef0", properties.Get("VolumeID"))
+	a.Equal("50", properties.Get("VolumeSize"))
+	a.Equal("pending", properties.Get("State"))
+	a.Equal("50%", properties.Get("Progress"))
+	a.Equal("123456789012", properties.Get("OwnerID"))
+	a.Equal("false", properties.Get("Encrypted"))
+}
+
+func Test_EC2Snapshot_Properties_SpecialCharactersInTags(t *testing.T) {
+	a := assert.New(t)
+
+	startTime := time.Now()
+	state := ec2types.SnapshotStateCompleted
+	storageTier := ec2types.StorageTierArchive
+
+	ec2Snapshot := EC2Snapshot{
+		SnapshotID:  ptr.String("snap-1234567890abcdef0"),
+		Description: ptr.String("Weekly backup"),
+		VolumeID:    ptr.String("vol-1234567890abcdef0"),
+		VolumeSize:  ptr.Int32(200),
+		State:       &state,
+		StartTime:   &startTime,
+		Progress:    ptr.String("100%"),
+		OwnerID:     ptr.String("123456789012"),
+		Encrypted:   ptr.Bool(true),
+		StorageTier: &storageTier,
+		Tags: &[]ec2types.Tag{
+			{
+				Key:   aws.String("Environment:Stage"),
+				Value: aws.String("prod/staging"),
+			},
+			{
+				Key:   aws.String("Backup-Schedule"),
+				Value: aws.String("weekly/monthly"),
+			},
+		},
+	}
+
+	properties := ec2Snapshot.Properties()
+
+	a.Equal("snap-1234567890abcdef0", properties.Get("SnapshotID"))
+	a.Equal("Weekly backup", properties.Get("Description"))
+	a.Equal("vol-1234567890abcdef0", properties.Get("VolumeID"))
+	a.Equal("200", properties.Get("VolumeSize"))
+	a.Equal("completed", properties.Get("State"))
+	a.Equal("100%", properties.Get("Progress"))
+	a.Equal("123456789012", properties.Get("OwnerID"))
+	a.Equal("true", properties.Get("Encrypted"))
+	a.Equal("archive", properties.Get("StorageTier"))
+	a.Equal("prod/staging", properties.Get("tag:Environment:Stage"))
+	a.Equal("weekly/monthly", properties.Get("tag:Backup-Schedule"))
+}