From 5713f820c32cb8c9020699d3aaee894f4f922792 Mon Sep 17 00:00:00 2001 From: Erik Kristensen Date: Tue, 15 Oct 2024 16:33:54 -0600 Subject: [PATCH] docs: filter groups --- docs/cli-experimental.md | 21 ++++++++++++++++++++- docs/config-filtering.md | 27 +++++++++++++++++++++++++++ docs/features/filter-groups.md | 11 +++++++++++ mkdocs.yml | 1 + 4 files changed, 59 insertions(+), 1 deletion(-) diff --git a/docs/cli-experimental.md b/docs/cli-experimental.md index bc89bb78..59adb4bc 100644 --- a/docs/cli-experimental.md +++ b/docs/cli-experimental.md @@ -20,6 +20,8 @@ aws-nuke run --feature-flag "wait-on-dependencies" ## Available Feature Flags +- `filter-groups` - This feature flag will cause aws-nuke to filter based on a grouping method which allows for AND'ing + filters together. - `wait-on-dependencies` - This feature flag will cause aws-nuke to wait for all resource type dependencies to be deleted before deleting the next resource type. @@ -32,4 +34,21 @@ an attached policy. The problem is that if you delete the IAM Role first, it will fail because it has a dependency on the policy. This feature flag will cause aws-nuke to wait for all resources of a given type to be deleted before deleting the next -resource type. This will reduce the number of errors and unnecessary API calls. \ No newline at end of file +resource type. This will reduce the number of errors and unnecessary API calls. + +### filter-groups + +This feature flag will cause aws-nuke to filter resources based on a group method. This is useful when filters need +to be AND'd together. For example, if you want to delete all resources that are tagged with `env:dev` and `namespace:test` +you can use the following filter group: + +```yaml +filters: + ResourceType: + - property: tag:env + value: dev + group: group1 + - property: tag:namespace + value: test + group: group2 +``` \ No newline at end of file diff --git a/docs/config-filtering.md b/docs/config-filtering.md index 1b17c94b..3fe3349b 100644 --- a/docs/config-filtering.md +++ b/docs/config-filtering.md @@ -21,6 +21,33 @@ against some resources and not others. Global works by taking all filters defined under `__global__` and prepends to any filters found for a resource type. If a resource does NOT have any filters defined, the `__global__` ones will still be used. +## Filter Groups + +!!! important + Filter groups are an experimental feature and are disabled by default. To enable filter groups, use the + `--feature-flag filter-groups` flag. + +Filter groups are used to group filters together. This is useful when filters need to be AND'd together. For example, +if you want to delete all resources that are tagged with `env:dev` and `namespace:test` you can use the following filter +group: + +```yaml +filters: + ResourceType: + - property: tag:env + value: dev + group: group1 + - property: tag:namespace + value: test + group: group2 +``` + +In this example, the `group1` and `group2` filters are AND'd together. This means that a resource must match both filters +to be excluded from deletion. + +Only a single filter in a group is required to match. This means that if a resource matches any filter in a group it will +count as a match for the group. + ### Example In this example, we are ignoring all resources that have the tag `aws-nuke` set to `ignore`. Additionally filtering diff --git a/docs/features/filter-groups.md b/docs/features/filter-groups.md index e69de29b..68fe1da6 100644 --- a/docs/features/filter-groups.md +++ b/docs/features/filter-groups.md @@ -0,0 +1,11 @@ +# Filter Groups + +!!! important + This feature is experimental and is disabled by default. To enable it, use the `--feature-flag "filter-groups"` CLI argument. + +Filter groups allow you to filter resources based on a grouping method which allows for AND'ing filters together. By +default, all filters belong to the same group, but you can specify a group name to group filters together. + +All filters within a group are OR'd together, and all groups are AND'd together. + +[Full Documentation](../config-filtering.md#filter-groups) \ No newline at end of file diff --git a/mkdocs.yml b/mkdocs.yml index a18f814f..c1435277 100644 --- a/mkdocs.yml +++ b/mkdocs.yml @@ -77,6 +77,7 @@ nav: - Overview: features/overview.md - Bypass Alias Check: features/bypass-alias-check.md - Global Filters: features/global-filters.md + - Filter Groups: features/filter-groups.md - Enabled Regions: features/enabled-regions.md - Signed Binaries: features/signed-binaries.md - CLI: