-
-
Notifications
You must be signed in to change notification settings - Fork 8
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat!: v1 - rewrite to use libnuke - rewrite resources, docs, regions and more #45
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
BREAKING CHANGE: regions (aka locations) are used to control tenant level and resource group locations
fix: run sleep bug where no default sleep is set
fix: missing cli args and incorrectly named
fix: arm builds, regions and logging
chore(dep): update libnuke @ v0.13.0
ekristen
changed the title
feat: v1 - Rewrite to use libnuke, Use concept of Regions/Locations, Documentation, Much More
feat!: v1 - rewrite to use libnuke - complete rewrite of resources, docs, regions and more
Mar 29, 2024
ekristen
changed the title
feat!: v1 - rewrite to use libnuke - complete rewrite of resources, docs, regions and more
feat!: v1 - rewrite to use libnuke - rewrite resources, docs, regions and more
Mar 29, 2024
🎉 This PR is included in version 1.0.0-beta.1 🎉 The release is available on GitHub release Your semantic-release bot 📦🚀 |
🎉 This PR is included in version 1.0.0 🎉 The release is available on GitHub release Your semantic-release bot 📦🚀 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Quick Start
brew install ekristen/tap/azure-nuke@1
Overview
Next Releases
This is a complete rewrite of the azure-nuke tool to take advantage of the dedicated library libnuke of which I'm the author. This library was build by taking the code from the original
aws-nuke
tool and building a dedicated and well tested library from it. I've since rewritten my implementation of aws-nuke to use it.Why the Rewrite
The original implementation was hacked together by pulling parts of the original aws-nuke code out and I wasn't really happy with how the resources were implemented and the concept of tenant, subscription and resource level resources was frustrating.
Feedback Wanted
I want your feedback on the terminology and anything else you've like to provide comment on.
What's New
Regions (aka locations)
To keep things consistent and not to re-implement things, I've opted to use the libnuke/config package as it's well tested.
Azure themselves are using Regions in the taxonomy on their website, while their API and docs refer to Location most places are starting to use the word Region, so we are going to stick with that.
Regions supported are
global
and all azure locations around the world.global
refers to the tenant, again consideringglobal
vstenant
here, unsure at the moment, but usingglobal
, there is a special region calledall
this will automatically include the tenant (entra ID) and all regions.So if you want to target anything scoped to your
tenant
+subscriptions
+ resources ineastus
your configuration would need to look like:Configuration Changes
tenants
is deprecated in favor ofaccounts
tenant-blocklist
is deprecated in favor ofblocklist
Note: this is mainly due to standardization around libnuke's terminology.
Resource Scanning Behavior
If region
all
orglobal
are in the regions list, tenant scoped (ie EntraID) resources will be scanned. This is primarily going to be users, groups, service principals, etc.Azure's APIs are TERRIBLE and cannot filter on regions 🤦. Ugh. Therefore regions add a special global filter to your configuration and any region NOT in the
regions
configuration WILL BE FILTERED BY CONFIG if you do not run with--quiet
you will see "filtered by config".note: considering adding a way to add a custom message like "filtered by region" but at the moment that's not possible.
Resource Group Behavior
Because of how azure resources are organized we have to discover subscriptions and resource groups early. If the region list is only
eastus
and there's a resource group called "my-central-rg" in centralus, NO resources will be scanned frommy-central-rg
however it will show up in the resources list as "filtered by config".Resource Changes
Any resource that was using an
uuid
by default to represent itself has been moved to it'sname
and the ID is now a property. This affects how you write filters.Builds
macOS builds are now signed! You do not have to approve them in security preferences any longer.