adding ResourceShares support

Author: ehmanel

aws/resource_registry.go

@@ -136,6 +136,7 @@ func getRegisteredRegionalResources() []resources.AwsResource {
 		resources.NewRdsParameterGroup(),
 		resources.NewRedshiftClusters(),
 		resources.NewRedshiftSnapshotCopyGrants(),
+		resources.NewResourceShares(),
 		resources.NewS3AccessPoints(),
 		resources.NewS3ObjectLambdaAccessPoints(),
 		resources.NewSageMakerNotebookInstances(),

aws/resources/resource_share.go

@@ -0,0 +1,78 @@
+package resources
+
+import (
+	"context"
+
+	"github.com/aws/aws-sdk-go-v2/aws"
+	"github.com/aws/aws-sdk-go-v2/service/ram"
+	"github.com/aws/aws-sdk-go-v2/service/ram/types"
+	"github.com/gruntwork-io/cloud-nuke/config"
+	"github.com/gruntwork-io/cloud-nuke/resource"
+)
+
+// RAMResourceShareAPI defines the interface for RAM Resource Share operations.
+type RAMResourceShareAPI interface {
+	GetResourceShares(ctx context.Context, params *ram.GetResourceSharesInput, optFns ...func(*ram.Options)) (*ram.GetResourceSharesOutput, error)
+	DeleteResourceShare(ctx context.Context, params *ram.DeleteResourceShareInput, optFns ...func(*ram.Options)) (*ram.DeleteResourceShareOutput, error)
+}
+
+// NewResourceShares creates a new RAM Resource Share resource using the generic resource pattern.
+func NewResourceShares() AwsResource {
+	return NewAwsResource(&resource.Resource[RAMResourceShareAPI]{
+		ResourceTypeName: "resource-share",
+		BatchSize:        DefaultBatchSize,
+		InitClient: WrapAwsInitClient(func(r *resource.Resource[RAMResourceShareAPI], cfg aws.Config) {
+			r.Scope.Region = cfg.Region
+			r.Client = ram.NewFromConfig(cfg)
+		}),
+		ConfigGetter: func(c config.Config) config.ResourceType {
+			return c.ResourceShare
+		},
+		Lister: listResourceShares,
+		Nuker:  resource.SimpleBatchDeleter(deleteResourceShare),
+	})
+}
+
+// listResourceShares retrieves all RAM Resource Shares that match the config filters.
+func listResourceShares(ctx context.Context, client RAMResourceShareAPI, _ resource.Scope, cfg config.ResourceType) ([]*string, error) {
+	var identifiers []*string
+	paginator := ram.NewGetResourceSharesPaginator(client, &ram.GetResourceSharesInput{ResourceOwner: types.ResourceOwnerSelf})
+	for paginator.HasMorePages() {
+		page, err := paginator.NextPage(ctx)
+		if err != nil {
+			return nil, err
+		}
+
+		for _, resourceShare := range page.ResourceShares {
+			if cfg.ShouldInclude(config.ResourceValue{
+				Name: resourceShare.Name,
+				Time: resourceShare.CreationTime,
+				Tags: convertRAMTagsToMap(resourceShare.Tags),
+			}) {
+				identifiers = append(identifiers, resourceShare.ResourceShareArn)
+			}
+		}
+	}
+
+	return identifiers, nil
+}
+
+// deleteResourceShare deletes a single RAM Resource Share.
+func deleteResourceShare(ctx context.Context, client RAMResourceShareAPI, arn *string) error {
+	_, err := client.DeleteResourceShare(ctx, &ram.DeleteResourceShareInput{
+		ResourceShareArn: arn,
+	})
+	return err
+}
+
+func convertRAMTagsToMap(tags []types.Tag) map[string]string {
+	tagMap := make(map[string]string)
+	for _, tag := range tags {
+		if tag.Key == nil || tag.Value == nil {
+			continue
+		}
+		tagMap[*tag.Key] = *tag.Value
+	}
+
+	return tagMap
+}

aws/resources/resource_share_test.go

@@ -0,0 +1,179 @@
+package resources
+
+import (
+	"context"
+	"errors"
+	"regexp"
+	"testing"
+	"time"
+
+	"github.com/aws/aws-sdk-go-v2/aws"
+	"github.com/aws/aws-sdk-go-v2/service/ram"
+	"github.com/aws/aws-sdk-go-v2/service/ram/types"
+	"github.com/gruntwork-io/cloud-nuke/config"
+	"github.com/gruntwork-io/cloud-nuke/resource"
+	"github.com/stretchr/testify/require"
+)
+
+type mockRAMResourceShareClient struct {
+	getOutputs  []ram.GetResourceSharesOutput
+	getErr      error
+	getCall     int
+	deleteErr   error
+	deletedARNs []string
+}
+
+func (m *mockRAMResourceShareClient) GetResourceShares(_ context.Context, _ *ram.GetResourceSharesInput, _ ...func(*ram.Options)) (*ram.GetResourceSharesOutput, error) {
+	if m.getErr != nil {
+		return nil, m.getErr
+	}
+
+	if len(m.getOutputs) == 0 {
+		return &ram.GetResourceSharesOutput{}, nil
+	}
+
+	if m.getCall >= len(m.getOutputs) {
+		last := m.getOutputs[len(m.getOutputs)-1]
+		return &last, nil
+	}
+
+	output := m.getOutputs[m.getCall]
+	m.getCall++
+	return &output, nil
+}
+
+func (m *mockRAMResourceShareClient) DeleteResourceShare(_ context.Context, params *ram.DeleteResourceShareInput, _ ...func(*ram.Options)) (*ram.DeleteResourceShareOutput, error) {
+	m.deletedARNs = append(m.deletedARNs, aws.ToString(params.ResourceShareArn))
+	return &ram.DeleteResourceShareOutput{}, m.deleteErr
+}
+
+func TestResourceShareList(t *testing.T) {
+	t.Parallel()
+
+	now := time.Now()
+	oldTime := now.Add(-1 * time.Hour)
+	newTime := now.Add(1 * time.Hour)
+
+	shares := []types.ResourceShare{
+		{
+			Name:             aws.String("share-1"),
+			ResourceShareArn: aws.String("arn:aws:ram:us-east-1:123456789012:resource-share/1"),
+			CreationTime:     aws.Time(oldTime),
+			Tags: []types.Tag{
+				{Key: aws.String("env"), Value: aws.String("prod")},
+			},
+		},
+		{
+			Name:             aws.String("share-2"),
+			ResourceShareArn: aws.String("arn:aws:ram:us-east-1:123456789012:resource-share/2"),
+			CreationTime:     aws.Time(newTime),
+			Tags: []types.Tag{
+				{Key: aws.String("env"), Value: aws.String("dev")},
+			},
+		},
+	}
+
+	tests := map[string]struct {
+		configObj config.ResourceType
+		expected  []string
+	}{
+		"emptyFilter": {
+			configObj: config.ResourceType{},
+			expected: []string{
+				"arn:aws:ram:us-east-1:123456789012:resource-share/1",
+				"arn:aws:ram:us-east-1:123456789012:resource-share/2",
+			},
+		},
+		"nameExclusionFilter": {
+			configObj: config.ResourceType{
+				ExcludeRule: config.FilterRule{
+					NamesRegExp: []config.Expression{{RE: *regexp.MustCompile("share-1")}},
+				},
+			},
+			expected: []string{"arn:aws:ram:us-east-1:123456789012:resource-share/2"},
+		},
+		"tagInclusionFilter": {
+			configObj: config.ResourceType{
+				IncludeRule: config.FilterRule{
+					Tags: map[string]config.Expression{"env": {RE: *regexp.MustCompile("prod")}},
+				},
+			},
+			expected: []string{"arn:aws:ram:us-east-1:123456789012:resource-share/1"},
+		},
+		"timeAfterExclusionFilter": {
+			configObj: config.ResourceType{
+				ExcludeRule: config.FilterRule{
+					TimeAfter: aws.Time(now),
+				},
+			},
+			expected: []string{"arn:aws:ram:us-east-1:123456789012:resource-share/1"},
+		},
+	}
+
+	for name, tc := range tests {
+		t.Run(name, func(t *testing.T) {
+			t.Parallel()
+
+			mock := &mockRAMResourceShareClient{
+				getOutputs: []ram.GetResourceSharesOutput{{ResourceShares: shares}},
+			}
+
+			ids, err := listResourceShares(context.Background(), mock, resource.Scope{Region: "us-east-1"}, tc.configObj)
+			require.NoError(t, err)
+			require.Equal(t, tc.expected, aws.ToStringSlice(ids))
+		})
+	}
+}
+
+func TestResourceShareListPagination(t *testing.T) {
+	t.Parallel()
+
+	mock := &mockRAMResourceShareClient{
+		getOutputs: []ram.GetResourceSharesOutput{
+			{
+				ResourceShares: []types.ResourceShare{
+					{Name: aws.String("share-1"), ResourceShareArn: aws.String("arn:1")},
+				},
+				NextToken: aws.String("next-page"),
+			},
+			{
+				ResourceShares: []types.ResourceShare{
+					{Name: aws.String("share-2"), ResourceShareArn: aws.String("arn:2")},
+				},
+			},
+		},
+	}
+
+	ids, err := listResourceShares(context.Background(), mock, resource.Scope{Region: "us-east-1"}, config.ResourceType{})
+	require.NoError(t, err)
+	require.Equal(t, []string{"arn:1", "arn:2"}, aws.ToStringSlice(ids))
+}
+
+func TestDeleteResourceShare(t *testing.T) {
+	t.Parallel()
+
+	mock := &mockRAMResourceShareClient{}
+	err := deleteResourceShare(context.Background(), mock, aws.String("arn:test"))
+	require.NoError(t, err)
+	require.Equal(t, []string{"arn:test"}, mock.deletedARNs)
+}
+
+func TestDeleteResourceShareError(t *testing.T) {
+	t.Parallel()
+
+	mock := &mockRAMResourceShareClient{deleteErr: errors.New("delete failed")}
+	err := deleteResourceShare(context.Background(), mock, aws.String("arn:test"))
+	require.Error(t, err)
+}
+
+func TestConvertRAMTagsToMap(t *testing.T) {
+	t.Parallel()
+
+	tagMap := convertRAMTagsToMap([]types.Tag{
+		{Key: aws.String("k1"), Value: aws.String("v1")},
+		{Key: nil, Value: aws.String("v2")},
+		{Key: aws.String("k3"), Value: nil},
+	})
+
+	require.Equal(t, map[string]string{"k1": "v1"}, tagMap)
+}

config/config.go

@@ -106,6 +106,7 @@ type Config struct {
 	OpenSearchDomain                ResourceType               `yaml:"OpenSearchDomain"`
 	Redshift                        ResourceType               `yaml:"Redshift"`
 	RedshiftSnapshotCopyGrant       ResourceType               `yaml:"RedshiftSnapshotCopyGrant"`
+	ResourceShare                   ResourceType               `yaml:"ResourceShare"`
 	RDSSnapshot                     ResourceType               `yaml:"RDSSnapshot"`
 	RDSParameterGroup               ResourceType               `yaml:"RDSParameterGroup"`
 	RDSProxy                        ResourceType               `yaml:"RDSProxy"`
@@ -248,6 +249,7 @@ func (c *Config) allResourceTypes() []*ResourceType {
 		&c.OpenSearchDomain,
 		&c.Redshift,
 		&c.RedshiftSnapshotCopyGrant,
+		&c.ResourceShare,
 		&c.RDSSnapshot,
 		&c.RDSParameterGroup,
 		&c.RDSProxy,

config/config_test.go

@@ -95,6 +95,7 @@ func emptyConfig() *Config {
 		OIDCProvider:                    ResourceType{FilterRule{}, FilterRule{}, "", false},
 		OpenSearchDomain:                ResourceType{FilterRule{}, FilterRule{}, "", false},
 		Redshift:                        ResourceType{FilterRule{}, FilterRule{}, "", false},
+		ResourceShare:                   ResourceType{FilterRule{}, FilterRule{}, "", false},
 		RDSSnapshot:                     ResourceType{FilterRule{}, FilterRule{}, "", false},
 		RDSParameterGroup:               ResourceType{FilterRule{}, FilterRule{}, "", false},
 		RDSProxy:                        ResourceType{FilterRule{}, FilterRule{}, "", false},

config/examples/complete.yaml

@@ -1333,6 +1333,24 @@ Redshift:
       test: "true"
   timeout: 1h
   protect_until_expire: true
+ResourceShare:
+  include:
+    names_regex:
+    - that.*
+    - thats.*
+    time_after: 2024-02-02T00:00:00Z
+    time_before: 2024-01-01T00:00:00Z
+    tags:
+      test: "true"
+  exclude:
+    names_regex:
+    - this.*
+    time_after: 2024-02-02T00:00:00Z
+    time_before: 2024-01-01T00:00:00Z
+    tags:
+      test: "true"
+  timeout: 1h
+  protect_until_expire: true
 RDSSnapshot:
   include:
     names_regex:

docs/supported-resources.md

@@ -101,6 +101,7 @@ cloud-nuke supports inspecting and deleting the following AWS resources. The **C
 | `rds-subnet-group` | RDS Subnet Group |
 | `redshift` | Redshift Cluster |
 | `redshift-snapshot-copy-grant` | Redshift Snapshot Copy Grant |
+| `resource-share` | RAM Resource Share |
 | `route-table` | Route Table |
 | `route53-cidr-collection` | Route53 CIDR Collection |
 | `route53-hosted-zone` | Route53 Hosted Zone |
@@ -240,6 +241,7 @@ This table shows which filtering features are supported for each resource type i
 | rds-subnet-group | DBSubnetGroups | ✓ | | ✓ | ✓ |
 | redshift | Redshift | ✓ | ✓ | | ✓ |
 | redshift-snapshot-copy-grant | RedshiftSnapshotCopyGrant | ✓ | | | ✓ |
+| resource-share | ResourceShare | ✓ | ✓ | ✓ | ✓ |
 | route-table | RouteTable | ✓ | ✓ | ✓ | ✓ |
 | route53-cidr-collection | Route53CIDRCollection | ✓ | | | |
 | route53-hosted-zone | Route53HostedZone | ✓ | | ✓ | |

go.mod

@@ -7,7 +7,7 @@ require (
 	cloud.google.com/go/functions v1.19.7
 	cloud.google.com/go/pubsub v1.49.0
 	cloud.google.com/go/storage v1.50.0
-	github.com/aws/aws-sdk-go-v2 v1.41.3
+	github.com/aws/aws-sdk-go-v2 v1.41.4
 	github.com/aws/aws-sdk-go-v2/config v1.29.5
 	github.com/aws/aws-sdk-go-v2/service/accessanalyzer v1.36.12
 	github.com/aws/aws-sdk-go-v2/service/acm v1.30.17
@@ -97,15 +97,16 @@ require (
 	github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.6.8 // indirect
 	github.com/aws/aws-sdk-go-v2/credentials v1.17.58 // indirect
 	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.27 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.19 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.19 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.20 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.20 // indirect
 	github.com/aws/aws-sdk-go-v2/internal/ini v1.8.2 // indirect
 	github.com/aws/aws-sdk-go-v2/internal/v4a v1.3.31 // indirect
 	github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.12.2 // indirect
 	github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.5.5 // indirect
 	github.com/aws/aws-sdk-go-v2/service/internal/endpoint-discovery v1.10.12 // indirect
 	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.12 // indirect
 	github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.18.12 // indirect
+	github.com/aws/aws-sdk-go-v2/service/ram v1.36.2 // indirect
 	github.com/aws/aws-sdk-go-v2/service/sso v1.24.14 // indirect
 	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.28.13 // indirect
 	github.com/cespare/xxhash/v2 v2.3.0 // indirect

go.sum

@@ -49,6 +49,8 @@ github.com/MarvinJWendt/testza v0.4.2/go.mod h1:mSdhXiKH8sg/gQehJ63bINcCKp7RtYew
 github.com/atomicgo/cursor v0.0.1/go.mod h1:cBON2QmmrysudxNBFthvMtN32r3jxVRIvzkUiF/RuIk=
 github.com/aws/aws-sdk-go-v2 v1.41.3 h1:4kQ/fa22KjDt13QCy1+bYADvdgcxpfH18f0zP542kZA=
 github.com/aws/aws-sdk-go-v2 v1.41.3/go.mod h1:mwsPRE8ceUUpiTgF7QmQIJ7lgsKUPQOUl3o72QBrE1o=
+github.com/aws/aws-sdk-go-v2 v1.41.4 h1:10f50G7WyU02T56ox1wWXq+zTX9I1zxG46HYuG1hH/k=
+github.com/aws/aws-sdk-go-v2 v1.41.4/go.mod h1:mwsPRE8ceUUpiTgF7QmQIJ7lgsKUPQOUl3o72QBrE1o=
 github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.6.8 h1:zAxi9p3wsZMIaVCdoiQp2uZ9k1LsZvmAnoTBeZPXom0=
 github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream v1.6.8/go.mod h1:3XkePX5dSaxveLAYY7nsbsZZrKxCyEuE5pM4ziFxyGg=
 github.com/aws/aws-sdk-go-v2/config v1.29.5 h1:4lS2IB+wwkj5J43Tq/AwvnscBerBJtQQ6YS7puzCI1k=
@@ -59,8 +61,12 @@ github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.27 h1:7lOW8NUwE9UZekS1DYoiPd
 github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.27/go.mod h1:w1BASFIPOPUae7AgaH4SbjNbfdkxuggLyGfNFTn8ITY=
 github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.19 h1:/sECfyq2JTifMI2JPyZ4bdRN77zJmr6SrS1eL3augIA=
 github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.19/go.mod h1:dMf8A5oAqr9/oxOfLkC/c2LU/uMcALP0Rgn2BD5LWn0=
+github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.20 h1:CNXO7mvgThFGqOFgbNAP2nol2qAWBOGfqR/7tQlvLmc=
+github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.20/go.mod h1:oydPDJKcfMhgfcgBUZaG+toBbwy8yPWubJXBVERtI4o=
 github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.19 h1:AWeJMk33GTBf6J20XJe6qZoRSJo0WfUhsMdUKhoODXE=
 github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.19/go.mod h1:+GWrYoaAsV7/4pNHpwh1kiNLXkKaSoppxQq9lbH8Ejw=
+github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.20 h1:tN6W/hg+pkM+tf9XDkWUbDEjGLb+raoBMFsTodcoYKw=
+github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.20/go.mod h1:YJ898MhD067hSHA6xYCx5ts/jEd8BSOLtQDL3iZsvbc=
 github.com/aws/aws-sdk-go-v2/internal/ini v1.8.2 h1:Pg9URiobXy85kgFev3og2CuOZ8JZUBENF+dcgWBaYNk=
 github.com/aws/aws-sdk-go-v2/internal/ini v1.8.2/go.mod h1:FbtygfRFze9usAadmnGJNc8KsP346kEe+y2/oyhGAGc=
 github.com/aws/aws-sdk-go-v2/internal/v4a v1.3.31 h1:8IwBjuLdqIO1dGB+dZ9zJEl8wzY3bVYxcs0Xyu/Lsc0=
@@ -155,6 +161,8 @@ github.com/aws/aws-sdk-go-v2/service/networkfirewall v1.44.13 h1:fn05X6eXYxQwZcz
 github.com/aws/aws-sdk-go-v2/service/networkfirewall v1.44.13/go.mod h1:RyXD4m4OOrMULbAgMDjEI7nMYIxCEb+KJ+zBB5ak3Og=
 github.com/aws/aws-sdk-go-v2/service/opensearch v1.45.10 h1:v0VALMz6htCysb4yHVl97EUO1MOhuZZEDz+Fq2lnce0=
 github.com/aws/aws-sdk-go-v2/service/opensearch v1.45.10/go.mod h1:wNaZJ8cVFw8W0kjhatPIcGNFkHNN2hZrAU7SZFldZM0=
+github.com/aws/aws-sdk-go-v2/service/ram v1.36.2 h1:OTuj3yT5iLl37At9ZVUNn+JkD2yZLrZ3MvN9k46CxH4=
+github.com/aws/aws-sdk-go-v2/service/ram v1.36.2/go.mod h1:lrQ7t9FfRKuxQxfJx1PUDnaoSyiq+wGcHATTeW18s34=
 github.com/aws/aws-sdk-go-v2/service/rds v1.93.11 h1:ibWYH+Bc59bDU9YG82HdNIP7MDlFNmlDZp94wKtkUyE=
 github.com/aws/aws-sdk-go-v2/service/rds v1.93.11/go.mod h1:LegGb8OqR5/uLP0RUEqoK2de8FNzDXIejcxpTiGSGVk=
 github.com/aws/aws-sdk-go-v2/service/redshift v1.53.11 h1:3JCZYhdJXv2HPctK3MlaHR4oGWU0/ihN5i3BxAxi110=