From 975036486bd521638ceedd29ac3ecdd23dc953ab Mon Sep 17 00:00:00 2001 From: James Kwon <96548424+james03160927@users.noreply.github.com> Date: Mon, 24 Jun 2024 16:50:16 -0400 Subject: [PATCH] fix: active ruleset wont able to nuke (#723) --- aws/resources/ses_email_receiving.go | 13 +++++++++++++ aws/resources/ses_email_receiving_test.go | 5 +++++ 2 files changed, 18 insertions(+) diff --git a/aws/resources/ses_email_receiving.go b/aws/resources/ses_email_receiving.go index e32b3270..da5f5094 100644 --- a/aws/resources/ses_email_receiving.go +++ b/aws/resources/ses_email_receiving.go @@ -5,6 +5,7 @@ import ( "slices" "github.com/aws/aws-sdk-go/aws" + awsgo "github.com/aws/aws-sdk-go/aws" "github.com/aws/aws-sdk-go/service/ses" "github.com/gruntwork-io/cloud-nuke/config" "github.com/gruntwork-io/cloud-nuke/logging" @@ -30,6 +31,13 @@ func (s *SesReceiptRule) getAll(c context.Context, configObj config.Config) ([]* return nil, nil } + // https://docs.aws.amazon.com/cli/latest/reference/ses/delete-receipt-rule-set.html + // Important : The currently active rule set cannot be deleted. + activeRule, err := s.Client.DescribeActiveReceiptRuleSetWithContext(s.Context, &ses.DescribeActiveReceiptRuleSetInput{}) + if err != nil { + return nil, errors.WithStackTrace(err) + } + result, err := s.Client.ListReceiptRuleSetsWithContext(s.Context, &ses.ListReceiptRuleSetsInput{}) if err != nil { return nil, errors.WithStackTrace(err) @@ -37,6 +45,11 @@ func (s *SesReceiptRule) getAll(c context.Context, configObj config.Config) ([]* var rulesets []*string for _, sets := range result.RuleSets { + // checking the rule set is the active one + if activeRule != nil && activeRule.Metadata != nil && awsgo.StringValue(activeRule.Metadata.Name) == awsgo.StringValue(sets.Name) { + logging.Debugf("The Ruleset %s is active and you wont able to delete it", awsgo.StringValue(sets.Name)) + continue + } if configObj.SESReceiptRuleSet.ShouldInclude(config.ResourceValue{ Name: sets.Name, Time: sets.CreatedTimestamp, diff --git a/aws/resources/ses_email_receiving_test.go b/aws/resources/ses_email_receiving_test.go index 1a601b80..821da369 100644 --- a/aws/resources/ses_email_receiving_test.go +++ b/aws/resources/ses_email_receiving_test.go @@ -19,6 +19,7 @@ type mockedSesReceiptRule struct { sesiface.SESAPI DeleteReceiptRuleSetOutput ses.DeleteReceiptRuleSetOutput ListReceiptRuleSetsOutput ses.ListReceiptRuleSetsOutput + DescribeActiveReceiptRuleSetOutput ses.DescribeActiveReceiptRuleSetOutput } func (m mockedSesReceiptRule) ListReceiptRuleSetsWithContext(_ awsgo.Context, _ *ses.ListReceiptRuleSetsInput, _ ...request.Option) (*ses.ListReceiptRuleSetsOutput, error) { @@ -29,6 +30,10 @@ func (m mockedSesReceiptRule) DeleteReceiptRuleSetWithContext(_ awsgo.Context, _ return &m.DeleteReceiptRuleSetOutput, nil } +func (m mockedSesReceiptRule) DescribeActiveReceiptRuleSetWithContext(_ awsgo.Context, _ *ses.DescribeActiveReceiptRuleSetInput, _ ...request.Option) (*ses.DescribeActiveReceiptRuleSetOutput, error) { + return &m.DescribeActiveReceiptRuleSetOutput, nil +} + func TestSesReceiptRule_GetAll(t *testing.T) { id1 := "test-id-1"