fix: active ruleset wont able to nuke (#723)

gruntwork-io · Jun 24, 2024 · 9750364 · 9750364
1 parent 11d905b
commit 9750364
Show file tree

Hide file tree

Showing 2 changed files with 18 additions and 0 deletions.
diff --git a/aws/resources/ses_email_receiving.go b/aws/resources/ses_email_receiving.go
@@ -5,6 +5,7 @@ import (
 	"slices"
 
 	"github.com/aws/aws-sdk-go/aws"
+	awsgo "github.com/aws/aws-sdk-go/aws"
 	"github.com/aws/aws-sdk-go/service/ses"
 	"github.com/gruntwork-io/cloud-nuke/config"
 	"github.com/gruntwork-io/cloud-nuke/logging"
@@ -30,13 +31,25 @@ func (s *SesReceiptRule) getAll(c context.Context, configObj config.Config) ([]*
 		return nil, nil
 	}
 
+	// https://docs.aws.amazon.com/cli/latest/reference/ses/delete-receipt-rule-set.html
+	// Important : The currently active rule set cannot be deleted.
+	activeRule, err := s.Client.DescribeActiveReceiptRuleSetWithContext(s.Context, &ses.DescribeActiveReceiptRuleSetInput{})
+	if err != nil {
+		return nil, errors.WithStackTrace(err)
+	}
+
 	result, err := s.Client.ListReceiptRuleSetsWithContext(s.Context, &ses.ListReceiptRuleSetsInput{})
 	if err != nil {
 		return nil, errors.WithStackTrace(err)
 	}
 
 	var rulesets []*string
 	for _, sets := range result.RuleSets {
+		// checking the rule set is the active one
+		if activeRule != nil && activeRule.Metadata != nil && awsgo.StringValue(activeRule.Metadata.Name) == awsgo.StringValue(sets.Name) {
+			logging.Debugf("The Ruleset %s is active and you wont able to delete it", awsgo.StringValue(sets.Name))
+			continue
+		}
 		if configObj.SESReceiptRuleSet.ShouldInclude(config.ResourceValue{
 			Name: sets.Name,
 			Time: sets.CreatedTimestamp,

diff --git a/aws/resources/ses_email_receiving_test.go b/aws/resources/ses_email_receiving_test.go
@@ -19,6 +19,7 @@ type mockedSesReceiptRule struct {
 	sesiface.SESAPI
 	DeleteReceiptRuleSetOutput ses.DeleteReceiptRuleSetOutput
 	ListReceiptRuleSetsOutput  ses.ListReceiptRuleSetsOutput
+	DescribeActiveReceiptRuleSetOutput  ses.DescribeActiveReceiptRuleSetOutput
 }
 
 func (m mockedSesReceiptRule) ListReceiptRuleSetsWithContext(_ awsgo.Context, _ *ses.ListReceiptRuleSetsInput, _ ...request.Option) (*ses.ListReceiptRuleSetsOutput, error) {
@@ -29,6 +30,10 @@ func (m mockedSesReceiptRule) DeleteReceiptRuleSetWithContext(_ awsgo.Context, _
 	return &m.DeleteReceiptRuleSetOutput, nil
 }
 
+func (m mockedSesReceiptRule) DescribeActiveReceiptRuleSetWithContext(_ awsgo.Context, _ *ses.DescribeActiveReceiptRuleSetInput, _ ...request.Option) (*ses.DescribeActiveReceiptRuleSetOutput, error) {
+	return &m.DescribeActiveReceiptRuleSetOutput, nil
+}
+
 func TestSesReceiptRule_GetAll(t *testing.T) {
 
 	id1 := "test-id-1"