Working v2 and networkfirewall

cmd/nuke.go

@@ -160,7 +160,11 @@ func (n *Nuke) Scan() error {
 	queue := make(Queue, 0)
 
 	for _, regionName := range n.Config.Regions {
-		region := NewRegion(regionName, n.Account.ResourceTypeToServiceType, n.Account.NewSession)
+		config, err := n.Account.Credentials.NewConfig(regionName)
+		if err != nil {
+			return err
+		}
+		region := NewRegion(regionName, config, n.Account.ResourceTypeToServiceType, n.Account.NewSession)
 
 		items := Scan(region, resourceTypes)
 		for item := range items {

cmd/queue.go

@@ -53,6 +53,12 @@ func (i *Item) Print() {
 // List gets all resource items of the same resource type like the Item.
 func (i *Item) List() ([]resources.Resource, error) {
 	lister := resources.GetLister(i.Type)
+	if lister == nil {
+		// Type has supported V2 implementation
+		lister := resources.GetListerV2(i.Type)
+		return lister(i.Region.Config)
+	}
+
 	sess, err := i.Region.Session(i.Type)
 	if err != nil {
 		return nil, err

cmd/region.go

@@ -4,6 +4,8 @@ import (
 	"fmt"
 	"sync"
 
+	"github.com/aws/aws-sdk-go-v2/aws"
+
 	"github.com/aws/aws-sdk-go/aws/session"
 	"github.com/rebuy-de/aws-nuke/v2/pkg/awsutil"
 )
@@ -19,14 +21,17 @@ type Region struct {
 	NewSession      SessionFactory
 	ResTypeResolver ResourceTypeResolver
 
+	Config *aws.Config
+
 	cache map[string]*session.Session
 	lock  *sync.RWMutex
 }
 
-func NewRegion(name string, typeResolver ResourceTypeResolver, sessionFactory SessionFactory) *Region {
+func NewRegion(name string, config *aws.Config, typeResolver ResourceTypeResolver, sessionFactory SessionFactory) *Region {
 	return &Region{
 		Name:            name,
 		NewSession:      sessionFactory,
+		Config:          config,
 		ResTypeResolver: typeResolver,
 		lock:            &sync.RWMutex{},
 		cache:           make(map[string]*session.Session),
@@ -60,3 +65,13 @@ func (region *Region) Session(resourceType string) (*session.Session, error) {
 	region.lock.Unlock()
 	return sess, nil
 }
+
+func (region *Region) NewConfig(resourceType string) (*aws.Config, error) {
+	if region.Name == "global" {
+		return nil, awsutil.ErrSkipRequest(fmt.Sprintf(
+			"No service available in region '%s' to handle '%s'",
+			region.Name, resourceType))
+	}
+
+	return region.Config, nil
+}

cmd/scan.go

@@ -56,7 +56,7 @@ func (s *scanner) list(region *Region, resourceType string) {
 	lister := resources.GetLister(resourceType)
 	var rs []resources.Resource
 	sess, err := region.Session(resourceType)
-	if err == nil {
+	if err == nil && lister != nil {
 		rs, err = lister(sess)
 	}
 	if err != nil {
@@ -77,6 +77,32 @@ func (s *scanner) list(region *Region, resourceType string) {
 		return
 	}
 
+	listerV2 := resources.GetListerV2(resourceType)
+	var rsV2 []resources.Resource
+	cfg, err := region.NewConfig(resourceType)
+	if err == nil && listerV2 != nil {
+		rsV2, err = listerV2(cfg)
+	}
+	if err != nil {
+		_, ok := err.(awsutil.ErrSkipRequest)
+		if ok {
+			log.Debugf("skipping request: %v", err)
+			return
+		}
+
+		_, ok = err.(awsutil.ErrUnknownEndpoint)
+		if ok {
+			log.Warnf("skipping request: %v", err)
+			return
+		}
+
+		dump := util.Indent(fmt.Sprintf("%v", err), "    ")
+		log.Errorf("Listing %s failed:\n%s", resourceType, dump)
+		return
+	}
+
+	rs = append(rs, rsV2...)
+
 	for _, r := range rs {
 		s.items <- &Item{
 			Region:   region,

go.mod

@@ -4,6 +4,11 @@ go 1.21
 
 require (
 	github.com/aws/aws-sdk-go v1.53.15
+	github.com/aws/aws-sdk-go-v2 v1.30.0
+	github.com/aws/aws-sdk-go-v2/config v1.27.22
+	github.com/aws/aws-sdk-go-v2/credentials v1.17.22
+	github.com/aws/aws-sdk-go-v2/service/networkfirewall v1.40.0
+	github.com/aws/aws-sdk-go-v2/service/sts v1.30.0
 	github.com/fatih/color v1.17.0
 	github.com/golang/mock v1.6.0
 	github.com/google/uuid v1.6.0
@@ -18,6 +23,15 @@ require (
 )
 
 require (
+	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.8 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.12 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.12 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/ini v1.8.0 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.2 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.14 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sso v1.22.0 // indirect
+	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.26.0 // indirect
+	github.com/aws/smithy-go v1.20.2 // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
 	github.com/gemnasium/logrus-graylog-hook/v3 v3.1.0 // indirect
 	github.com/inconshreveable/mousetrap v1.1.0 // indirect

go.sum

@@ -1,5 +1,33 @@
 github.com/aws/aws-sdk-go v1.53.15 h1:FtZmkg7xM8RfP2oY6p7xdKBYrRgkITk9yve2QV7N938=
 github.com/aws/aws-sdk-go v1.53.15/go.mod h1:LF8svs817+Nz+DmiMQKTO3ubZ/6IaTpq3TjupRn3Eqk=
+github.com/aws/aws-sdk-go-v2 v1.30.0 h1:6qAwtzlfcTtcL8NHtbDQAqgM5s6NDipQTkPxyH/6kAA=
+github.com/aws/aws-sdk-go-v2 v1.30.0/go.mod h1:ffIFB97e2yNsv4aTSGkqtHnppsIJzw7G7BReUZ3jCXM=
+github.com/aws/aws-sdk-go-v2/config v1.27.22 h1:TRkQVtpDINt+Na/ToU7iptyW6U0awAwJ24q4XN+59k8=
+github.com/aws/aws-sdk-go-v2/config v1.27.22/go.mod h1:EYY3mVgFRUWkh6QNKH64MdyKs1YSUgatc0Zp3MDxi7c=
+github.com/aws/aws-sdk-go-v2/credentials v1.17.22 h1:wu9kXQbbt64ul09v3ye4HYleAr4WiGV/uv69EXKDEr0=
+github.com/aws/aws-sdk-go-v2/credentials v1.17.22/go.mod h1:pcvMtPcxJn3r2k6mZD9I0EcumLqPLA7V/0iCgOIlY+o=
+github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.8 h1:FR+oWPFb/8qMVYMWN98bUZAGqPvLHiyqg1wqQGfUAXY=
+github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.8/go.mod h1:EgSKcHiuuakEIxJcKGzVNWh5srVAQ3jKaSrBGRYvM48=
+github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.12 h1:SJ04WXGTwnHlWIODtC5kJzKbeuHt+OUNOgKg7nfnUGw=
+github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.12/go.mod h1:FkpvXhA92gb3GE9LD6Og0pHHycTxW7xGpnEh5E7Opwo=
+github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.12 h1:hb5KgeYfObi5MHkSSZMEudnIvX30iB+E21evI4r6BnQ=
+github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.12/go.mod h1:CroKe/eWJdyfy9Vx4rljP5wTUjNJfb+fPz1uMYUhEGM=
+github.com/aws/aws-sdk-go-v2/internal/ini v1.8.0 h1:hT8rVHwugYE2lEfdFE0QWVo81lF7jMrYJVDWI+f+VxU=
+github.com/aws/aws-sdk-go-v2/internal/ini v1.8.0/go.mod h1:8tu/lYfQfFe6IGnaOdrpVgEL2IrrDOf6/m9RQum4NkY=
+github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.2 h1:Ji0DY1xUsUr3I8cHps0G+XM3WWU16lP6yG8qu1GAZAs=
+github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.2/go.mod h1:5CsjAbs3NlGQyZNFACh+zztPDI7fU6eW9QsxjfnuBKg=
+github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.14 h1:zSDPny/pVnkqABXYRicYuPf9z2bTqfH13HT3v6UheIk=
+github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.14/go.mod h1:3TTcI5JSzda1nw/pkVC9dhgLre0SNBFj2lYS4GctXKI=
+github.com/aws/aws-sdk-go-v2/service/networkfirewall v1.40.0 h1:ZKjJJWxZ4cGM6LWxXsnviGlBpqPvifSod4U8gOXik9U=
+github.com/aws/aws-sdk-go-v2/service/networkfirewall v1.40.0/go.mod h1:23qyfghRkv9qOMRIL9KdUHiKyhARU/0FddRMtvMSVV0=
+github.com/aws/aws-sdk-go-v2/service/sso v1.22.0 h1:lPIAPCRoJkmotLTU/9B6icUFlYDpEuWjKeL79XROv1M=
+github.com/aws/aws-sdk-go-v2/service/sso v1.22.0/go.mod h1:lcQG/MmxydijbeTOp04hIuJwXGWPZGI3bwdFDGRTv14=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.26.0 h1:/4r71ghx+hX9spr884cqXHPEmPzqH/J3K7fkE1yfcmw=
+github.com/aws/aws-sdk-go-v2/service/ssooidc v1.26.0/go.mod h1:z0P8K+cBIsFXUr5rzo/psUeJ20XjPN0+Nn8067Nd+E4=
+github.com/aws/aws-sdk-go-v2/service/sts v1.30.0 h1:9ja34PaKybhCJjVKvxtDsUjbATUJGN+eF6QnO58u5cI=
+github.com/aws/aws-sdk-go-v2/service/sts v1.30.0/go.mod h1:N2mQiucsO0VwK9CYuS4/c2n6Smeh1v47Rz3dWCPFLdE=
+github.com/aws/smithy-go v1.20.2 h1:tbp628ireGtzcHDDmLT/6ADHidqnwgF57XOXZe6tp4Q=
+github.com/aws/smithy-go v1.20.2/go.mod h1:krry+ya/rV9RDcV/Q16kpu6ypI4K2czasz0NC3qS14E=
 github.com/cpuguy83/go-md2man/v2 v2.0.3/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
 github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=

pkg/awsutil/config.go

@@ -0,0 +1,68 @@
+package awsutil
+
+import (
+	"context"
+	"fmt"
+	"strings"
+
+	"github.com/aws/aws-sdk-go-v2/aws"
+	"github.com/aws/aws-sdk-go-v2/config"
+	"github.com/aws/aws-sdk-go-v2/credentials"
+	"github.com/aws/aws-sdk-go-v2/credentials/stscreds"
+	"github.com/aws/aws-sdk-go-v2/service/sts"
+)
+
+func (c *Credentials) NewConfig(region string) (*aws.Config, error) {
+	if c.config == nil {
+		if c.HasProfile() && c.HasKeys() {
+			return nil, fmt.Errorf("you have to specify a profile or credentials for at least one region")
+		}
+
+		if c.HasKeys() {
+			cfg, err := config.LoadDefaultConfig(context.TODO(),
+				config.WithCredentialsProvider(
+					credentials.NewStaticCredentialsProvider(
+						strings.TrimSpace(c.AccessKeyID),
+						strings.TrimSpace(c.SecretAccessKey),
+						strings.TrimSpace(c.SessionToken),
+					),
+				),
+			)
+			if err != nil {
+				return nil, err
+			}
+			c.config = &cfg
+			return c.config, nil
+		}
+
+		profile := "default"
+		if c.HasProfile() {
+			profile = c.Profile
+		}
+
+		if region == GlobalRegionID {
+			region = "aws-global"
+		}
+
+		cfg, err := config.LoadDefaultConfig(context.TODO(),
+			config.WithRegion(region),
+			config.WithSharedConfigProfile(profile),
+		)
+		if err != nil {
+			return nil, err
+		}
+
+		// if given a role to assume, overwrite the cfg credentials with assume role credentials
+		if c.AssumeRoleArn != "" {
+			stsSvc := sts.NewFromConfig(cfg)
+			creds := stscreds.NewAssumeRoleProvider(stsSvc, c.AssumeRoleArn)
+			cfg.Credentials = aws.NewCredentialsCache(creds)
+		}
+
+		c.config = &cfg
+	} else if c.config.Region != region {
+		c.config.Region = region
+	}
+
+	return c.config, nil
+}

pkg/awsutil/session.go

@@ -7,6 +7,8 @@ import (
 	"net/http"
 	"strings"
 
+	v2aws "github.com/aws/aws-sdk-go-v2/aws"
+
 	"github.com/aws/aws-sdk-go/aws"
 	"github.com/aws/aws-sdk-go/aws/credentials"
 	"github.com/aws/aws-sdk-go/aws/credentials/stscreds"
@@ -42,6 +44,8 @@ type Credentials struct {
 
 	CustomEndpoints config.CustomEndpoints
 	session         *session.Session
+
+	config *v2aws.Config
 }
 
 func (c *Credentials) HasProfile() bool {

resources/cloudcontrol.go

@@ -36,7 +36,6 @@ func init() {
 	registerCloudControl("AWS::Timestream::ScheduledQuery")
 	registerCloudControl("AWS::Timestream::Table")
 	registerCloudControl("AWS::Transfer::Workflow")
-	registerCloudControl("AWS::NetworkFirewall::Firewall")
 	registerCloudControl("AWS::NetworkFirewall::FirewallPolicy")
 	registerCloudControl("AWS::NetworkFirewall::RuleGroup")
 }

resources/interface.go

@@ -4,15 +4,19 @@ import (
 	"fmt"
 	"strings"
 
+	"github.com/aws/aws-sdk-go-v2/aws"
 	"github.com/aws/aws-sdk-go/aws/session"
 	"github.com/rebuy-de/aws-nuke/v2/pkg/config"
 	"github.com/rebuy-de/aws-nuke/v2/pkg/types"
 )
 
 type ResourceListers map[string]ResourceLister
+type ResourceListersV2 map[string]ResourceListerV2
 
 type ResourceLister func(s *session.Session) ([]Resource, error)
 
+type ResourceListerV2 func(s *aws.Config) ([]Resource, error)
+
 type Resource interface {
 	Remove() error
 }
@@ -38,6 +42,7 @@ type FeatureFlagGetter interface {
 }
 
 var resourceListers = make(ResourceListers)
+var resourceListersV2 = make(ResourceListersV2)
 
 func register(name string, lister ResourceLister, opts ...registerOption) {
 	_, exists := resourceListers[name]
@@ -52,13 +57,27 @@ func register(name string, lister ResourceLister, opts ...registerOption) {
 	}
 }
 
+func registerV2(name string, lister ResourceListerV2, opts ...registerOptionV2) {
+	_, exists := resourceListersV2[name]
+	if exists {
+		panic(fmt.Sprintf("a resource with the name %s already exists", name))
+	}
+
+	resourceListersV2[name] = lister
+
+	for _, opt := range opts {
+		opt(name, lister)
+	}
+}
+
 var cloudControlMapping = map[string]string{}
 
 func GetCloudControlMapping() map[string]string {
 	return cloudControlMapping
 }
 
 type registerOption func(name string, lister ResourceLister)
+type registerOptionV2 func(name string, lister ResourceListerV2)
 
 func mapCloudControl(typeName string) registerOption {
 	return func(name string, lister ResourceLister) {
@@ -78,11 +97,18 @@ func GetLister(name string) ResourceLister {
 	return resourceListers[name]
 }
 
+func GetListerV2(name string) ResourceListerV2 {
+	return resourceListersV2[name]
+}
+
 func GetListerNames() []string {
 	names := []string{}
 	for resourceType := range resourceListers {
 		names = append(names, resourceType)
 	}
+	for resourceType := range resourceListersV2 {
+		names = append(names, resourceType)
+	}
 
 	return names
 }