Merge pull request #311 from ekristen/cognito

feat: support deletion protection on cognito user pools
ekristen · Sep 26, 2024 · 9168df4 · 9168df4
2 parents 382498b + b664097
commit 9168df4
Show file tree

Hide file tree

Showing 12 changed files with 5,733 additions and 46 deletions.
diff --git a/docs/resources/cognito-user-pool.md b/docs/resources/cognito-user-pool.md
@@ -0,0 +1,19 @@
+# Cognito User Pool
+
+**ResourceType:** `CognitoUserPool`
+
+## Settings
+
+- `DisableDeletionProtection`
+
+### DisableDeletionProtection
+
+Specifies whether deletion protection should be disabled prior to deleting the Cognito User Pool. Default is `false`.
+
+## Example Configuration
+
+```yaml
+settings:
+  CognitoUserPool:
+    DisableDeletionProtection: true
+```
diff --git a/go.mod b/go.mod
@@ -32,8 +32,10 @@ require (
 	github.com/russross/blackfriday/v2 v2.1.0 // indirect
 	github.com/stevenle/topsort v0.2.0 // indirect
 	github.com/xrash/smetrics v0.0.0-20240521201337-686a1a2994c1 // indirect
+	golang.org/x/mod v0.17.0 // indirect
 	golang.org/x/sync v0.8.0 // indirect
 	golang.org/x/sys v0.20.0 // indirect
+	golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d // indirect
 	gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
 )
diff --git a/go.sum b/go.sum
@@ -66,6 +66,8 @@ go.uber.org/ratelimit v0.3.1/go.mod h1:6euWsTB6U/Nb3X++xEUXA8ciPJvr19Q/0h1+oDcJh
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
+golang.org/x/mod v0.17.0 h1:zY54UmvipHiNd+pm+m0x9KhZ9hl1/7QNMyxXbc6ICqA=
+golang.org/x/mod v0.17.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
 golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM=
@@ -91,6 +93,8 @@ golang.org/x/text v0.18.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.1.1/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
+golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d h1:vU5i/LfpvrRCpgM/VPfJLg5KjxD3E+hfT1SH+d9zLwg=
+golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d/go.mod h1:aiJjzUbINMkxbQROHiO6hDPo2LHcIPhhQsa9DLh0yGk=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=

diff --git a/mkdocs.yml b/mkdocs.yml
@@ -91,7 +91,8 @@ nav:
     - Custom Endpoints: config-custom-endpoints.md
     - Migration Guide: config-migration.md
   - Resources:
-      S3 Bucket: resources/s3-bucket.md
+    - Cognito User Pool: resources/cognito-user-pool.md
+    - S3 Bucket: resources/s3-bucket.md
   - Development:
     - Overview: development.md
     - Contributing: contributing.md

diff --git a/mocks/mock_cognitoidentityprovideriface/mock.go b/mocks/mock_cognitoidentityprovideriface/mock.go
diff --git a/resources/cognito-identity-pools.go → resources/cognito-identity-pool.go b/resources/cognito-identity-pools.go → resources/cognito-identity-pool.go
@@ -64,14 +64,14 @@ func (l *CognitoIdentityPoolLister) List(_ context.Context, o interface{}) ([]re
 	return resources, nil
 }
 
-func (f *CognitoIdentityPool) Remove(_ context.Context) error {
-	_, err := f.svc.DeleteIdentityPool(&cognitoidentity.DeleteIdentityPoolInput{
-		IdentityPoolId: f.id,
+func (r *CognitoIdentityPool) Remove(_ context.Context) error {
+	_, err := r.svc.DeleteIdentityPool(&cognitoidentity.DeleteIdentityPoolInput{
+		IdentityPoolId: r.id,
 	})
 
 	return err
 }
 
-func (f *CognitoIdentityPool) String() string {
-	return *f.name
+func (r *CognitoIdentityPool) String() string {
+	return *r.name
 }
diff --git a/resources/cognito-identity-providers.go → resources/cognito-identity-provider.go b/resources/cognito-identity-providers.go → resources/cognito-identity-provider.go
@@ -90,23 +90,23 @@ type CognitoIdentityProvider struct {
 	userPoolID   *string
 }
 
-func (p *CognitoIdentityProvider) Remove(_ context.Context) error {
-	_, err := p.svc.DeleteIdentityProvider(&cognitoidentityprovider.DeleteIdentityProviderInput{
-		UserPoolId:   p.userPoolID,
-		ProviderName: p.name,
+func (r *CognitoIdentityProvider) Remove(_ context.Context) error {
+	_, err := r.svc.DeleteIdentityProvider(&cognitoidentityprovider.DeleteIdentityProviderInput{
+		UserPoolId:   r.userPoolID,
+		ProviderName: r.name,
 	})
 
 	return err
 }
 
-func (p *CognitoIdentityProvider) Properties() types.Properties {
+func (r *CognitoIdentityProvider) Properties() types.Properties {
 	properties := types.NewProperties()
-	properties.Set("Type", p.providerType)
-	properties.Set("UserPoolName", p.userPoolName)
-	properties.Set("Name", p.name)
+	properties.Set("Type", r.providerType)
+	properties.Set("UserPoolName", r.userPoolName)
+	properties.Set("Name", r.name)
 	return properties
 }
 
-func (p *CognitoIdentityProvider) String() string {
-	return fmt.Sprintf("%s -> %s", ptr.ToString(p.userPoolName), ptr.ToString(p.name))
+func (r *CognitoIdentityProvider) String() string {
+	return fmt.Sprintf("%s -> %s", ptr.ToString(r.userPoolName), ptr.ToString(r.name))
 }
diff --git a/resources/cognito-userpool-clients.go → resources/cognito-userpool-client.go b/resources/cognito-userpool-clients.go → resources/cognito-userpool-client.go
@@ -88,23 +88,23 @@ type CognitoUserPoolClient struct {
 	userPoolID   *string
 }
 
-func (p *CognitoUserPoolClient) Remove(_ context.Context) error {
-	_, err := p.svc.DeleteUserPoolClient(&cognitoidentityprovider.DeleteUserPoolClientInput{
-		ClientId:   p.id,
-		UserPoolId: p.userPoolID,
+func (r *CognitoUserPoolClient) Remove(_ context.Context) error {
+	_, err := r.svc.DeleteUserPoolClient(&cognitoidentityprovider.DeleteUserPoolClientInput{
+		ClientId:   r.id,
+		UserPoolId: r.userPoolID,
 	})
 
 	return err
 }
 
-func (p *CognitoUserPoolClient) Properties() types.Properties {
+func (r *CognitoUserPoolClient) Properties() types.Properties {
 	properties := types.NewProperties()
-	properties.Set("ID", p.id)
-	properties.Set("Name", p.name)
-	properties.Set("UserPoolName", p.userPoolName)
+	properties.Set("ID", r.id)
+	properties.Set("Name", r.name)
+	properties.Set("UserPoolName", r.userPoolName)
 	return properties
 }
 
-func (p *CognitoUserPoolClient) String() string {
-	return fmt.Sprintf("%s -> %s", *p.userPoolName, *p.name)
+func (r *CognitoUserPoolClient) String() string {
+	return fmt.Sprintf("%s -> %s", *r.userPoolName, *r.name)
 }
diff --git a/resources/cognito-userpool-domains.go → resources/cognito-userpool-domain.go b/resources/cognito-userpool-domains.go → resources/cognito-userpool-domain.go
@@ -75,16 +75,16 @@ type CognitoUserPoolDomain struct {
 	userPoolID   *string
 }
 
-func (f *CognitoUserPoolDomain) Remove(_ context.Context) error {
+func (r *CognitoUserPoolDomain) Remove(_ context.Context) error {
 	params := &cognitoidentityprovider.DeleteUserPoolDomainInput{
-		Domain:     f.name,
-		UserPoolId: f.userPoolID,
+		Domain:     r.name,
+		UserPoolId: r.userPoolID,
 	}
-	_, err := f.svc.DeleteUserPoolDomain(params)
+	_, err := r.svc.DeleteUserPoolDomain(params)
 
 	return err
 }
 
-func (f *CognitoUserPoolDomain) String() string {
-	return fmt.Sprintf("%s -> %s", *f.userPoolName, *f.name)
+func (r *CognitoUserPoolDomain) String() string {
+	return fmt.Sprintf("%s -> %s", *r.userPoolName, *r.name)
 }
diff --git a/resources/cognito-userpools.go → resources/cognito-userpool.go b/resources/cognito-userpools.go → resources/cognito-userpool.go
@@ -9,11 +9,13 @@ import (
 
 	"github.com/aws/aws-sdk-go/aws"
 	"github.com/aws/aws-sdk-go/service/cognitoidentityprovider"
+	"github.com/aws/aws-sdk-go/service/cognitoidentityprovider/cognitoidentityprovideriface"
 	"github.com/aws/aws-sdk-go/service/sts"
 	"github.com/aws/aws-sdk-go/service/sts/stsiface"
 
 	"github.com/ekristen/libnuke/pkg/registry"
 	"github.com/ekristen/libnuke/pkg/resource"
+	"github.com/ekristen/libnuke/pkg/settings"
 	"github.com/ekristen/libnuke/pkg/types"
 
 	"github.com/ekristen/aws-nuke/v3/pkg/nuke"
@@ -26,6 +28,9 @@ func init() {
 		Name:   CognitoUserPoolResource,
 		Scope:  nuke.Account,
 		Lister: &CognitoUserPoolLister{},
+		Settings: []string{
+			"DisableDeletionProtection",
+		},
 		DependsOn: []string{
 			CognitoIdentityPoolResource,
 			CognitoUserPoolClientResource,
@@ -35,11 +40,13 @@ func init() {
 }
 
 type CognitoUserPoolLister struct {
-	stsService stsiface.STSAPI
+	stsService     stsiface.STSAPI
+	cognitoService cognitoidentityprovideriface.CognitoIdentityProviderAPI
 }
 
 func (l *CognitoUserPoolLister) List(_ context.Context, o interface{}) ([]resource.Resource, error) {
 	opts := o.(*nuke.ListerOpts)
+	resources := make([]resource.Resource, 0)
 
 	var stsSvc stsiface.STSAPI
 	if l.stsService != nil {
@@ -48,8 +55,12 @@ func (l *CognitoUserPoolLister) List(_ context.Context, o interface{}) ([]resour
 		stsSvc = sts.New(opts.Session)
 	}
 
-	svc := cognitoidentityprovider.New(opts.Session)
-	resources := make([]resource.Resource, 0)
+	var svc cognitoidentityprovideriface.CognitoIdentityProviderAPI
+	if l.cognitoService != nil {
+		svc = l.cognitoService
+	} else {
+		svc = cognitoidentityprovider.New(opts.Session)
+	}
 
 	identityOutput, err := stsSvc.GetCallerIdentity(nil)
 	if err != nil {
@@ -95,24 +106,39 @@ func (l *CognitoUserPoolLister) List(_ context.Context, o interface{}) ([]resour
 }
 
 type CognitoUserPool struct {
-	svc  *cognitoidentityprovider.CognitoIdentityProvider
-	Name *string
-	ID   *string
-	Tags map[string]*string
+	svc      cognitoidentityprovideriface.CognitoIdentityProviderAPI
+	settings *settings.Setting
+	Name     *string
+	ID       *string
+	Tags     map[string]*string
 }
 
-func (f *CognitoUserPool) Remove(_ context.Context) error {
-	_, err := f.svc.DeleteUserPool(&cognitoidentityprovider.DeleteUserPoolInput{
-		UserPoolId: f.ID,
+func (r *CognitoUserPool) Remove(_ context.Context) error {
+	if r.settings.GetBool("DisableDeletionProtection") {
+		_, err := r.svc.UpdateUserPool(&cognitoidentityprovider.UpdateUserPoolInput{
+			UserPoolId:         r.ID,
+			DeletionProtection: ptr.String("INACTIVE"),
+		})
+		if err != nil {
+			return err
+		}
+	}
+
+	_, err := r.svc.DeleteUserPool(&cognitoidentityprovider.DeleteUserPoolInput{
+		UserPoolId: r.ID,
 	})
 
 	return err
 }
 
-func (f *CognitoUserPool) Properties() types.Properties {
-	return types.NewPropertiesFromStruct(f)
+func (r *CognitoUserPool) Properties() types.Properties {
+	return types.NewPropertiesFromStruct(r)
+}
+
+func (r *CognitoUserPool) String() string {
+	return *r.Name
 }
 
-func (f *CognitoUserPool) String() string {
-	return *f.Name
+func (r *CognitoUserPool) Settings(setting *settings.Setting) {
+	r.settings = setting
 }