change port network firewall, network firewall policy, network firewa…

…ll resource policy, network firewall rule group, network firewall tls config to awsSDKv2 gruntwork-io#770

aws/resources/network_firewall.go

@@ -5,20 +5,21 @@ import (
 	"slices"
 	"time"
 
-	awsgo "github.com/aws/aws-sdk-go/aws"
-	"github.com/aws/aws-sdk-go/service/networkfirewall"
+	"github.com/aws/aws-sdk-go-v2/aws"
+	"github.com/aws/aws-sdk-go-v2/service/networkfirewall"
+	"github.com/aws/aws-sdk-go-v2/service/networkfirewall/types"
 	"github.com/gruntwork-io/cloud-nuke/config"
 	"github.com/gruntwork-io/cloud-nuke/logging"
 	"github.com/gruntwork-io/cloud-nuke/report"
 	"github.com/gruntwork-io/cloud-nuke/util"
 	"github.com/gruntwork-io/go-commons/errors"
 )
 
-func shouldIncludeNetworkFirewall(firewall *networkfirewall.Firewall, firstSeenTime *time.Time, configObj config.Config) bool {
+func shouldIncludeNetworkFirewall(firewall *types.Firewall, firstSeenTime *time.Time, configObj config.Config) bool {
 	var identifierName string
 	tags := util.ConvertNetworkFirewallTagsToMap(firewall.Tags)
 
-	identifierName = awsgo.StringValue(firewall.FirewallName) // set the default
+	identifierName = aws.ToString(firewall.FirewallName) // set the default
 	if v, ok := tags["Name"]; ok {
 		identifierName = v
 	}
@@ -35,24 +36,24 @@ func (nfw *NetworkFirewall) getAll(c context.Context, configObj config.Config) (
 	var firstSeenTime *time.Time
 	var err error
 
-	metaOutput, err := nfw.Client.ListFirewalls(nil)
+	metaOutput, err := nfw.Client.ListFirewalls(nfw.Context, &networkfirewall.ListFirewallsInput{})
 	if err != nil {
 		return nil, errors.WithStackTrace(err)
 	}
 
 	var deleteprotected []string
 	// describe the firewalls to get more info
 	for _, firewall := range metaOutput.Firewalls {
-		output, err := nfw.Client.DescribeFirewallWithContext(nfw.Context, &networkfirewall.DescribeFirewallInput{
+		output, err := nfw.Client.DescribeFirewall(nfw.Context, &networkfirewall.DescribeFirewallInput{
 			FirewallArn: firewall.FirewallArn,
 		})
 		if err != nil {
-			logging.Errorf("[Failed] to describe the firewall %s", awsgo.StringValue(firewall.FirewallArn))
+			logging.Errorf("[Failed] to describe the firewall %s", aws.ToString(firewall.FirewallArn))
 			return nil, errors.WithStackTrace(err)
 		}
 
 		if output.Firewall == nil {
-			logging.Errorf("[Failed] no firewall information found for %s", awsgo.StringValue(firewall.FirewallArn))
+			logging.Errorf("[Failed] no firewall information found for %s", aws.ToString(firewall.FirewallArn))
 			continue
 		}
 
@@ -63,8 +64,8 @@ func (nfw *NetworkFirewall) getAll(c context.Context, configObj config.Config) (
 		}
 
 		// check the resource is delete protected
-		if awsgo.BoolValue(output.Firewall.DeleteProtection) {
-			deleteprotected = append(deleteprotected, awsgo.StringValue(firewall.FirewallName))
+		if output.Firewall.DeleteProtection {
+			deleteprotected = append(deleteprotected, aws.ToString(firewall.FirewallName))
 		}
 
 		if shouldIncludeNetworkFirewall(output.Firewall, firstSeenTime, configObj) {
@@ -74,7 +75,7 @@ func (nfw *NetworkFirewall) getAll(c context.Context, configObj config.Config) (
 
 	nfw.VerifyNukablePermissions(identifiers, func(id *string) error {
 		// check the resource is enabled delete protection
-		if slices.Contains(deleteprotected, awsgo.StringValue(id)) {
+		if slices.Contains(deleteprotected, aws.ToString(id)) {
 			return util.ErrDeleteProtectionEnabled
 		}
 		return nil
@@ -98,13 +99,13 @@ func (nfw *NetworkFirewall) nukeAll(identifiers []*string) error {
 			continue
 		}
 
-		_, err := nfw.Client.DeleteFirewallWithContext(nfw.Context, &networkfirewall.DeleteFirewallInput{
+		_, err := nfw.Client.DeleteFirewall(nfw.Context, &networkfirewall.DeleteFirewallInput{
 			FirewallName: id,
 		})
 
 		// Record status of this resource
 		e := report.Entry{
-			Identifier:   awsgo.StringValue(id),
+			Identifier:   aws.ToString(id),
 			ResourceType: "Network Firewall",
 			Error:        err,
 		}

aws/resources/network_firewall_policy.go

@@ -4,19 +4,20 @@ import (
 	"context"
 	"time"
 
-	awsgo "github.com/aws/aws-sdk-go/aws"
-	"github.com/aws/aws-sdk-go/service/networkfirewall"
+	"github.com/aws/aws-sdk-go-v2/aws"
+	"github.com/aws/aws-sdk-go-v2/service/networkfirewall"
+	"github.com/aws/aws-sdk-go-v2/service/networkfirewall/types"
 	"github.com/gruntwork-io/cloud-nuke/config"
 	"github.com/gruntwork-io/cloud-nuke/logging"
 	"github.com/gruntwork-io/cloud-nuke/report"
 	"github.com/gruntwork-io/cloud-nuke/util"
 	"github.com/gruntwork-io/go-commons/errors"
 )
 
-func shouldIncludeNetworkFirewallPolicy(firewall *networkfirewall.FirewallPolicyResponse, firstSeenTime *time.Time, configObj config.Config) bool {
+func shouldIncludeNetworkFirewallPolicy(firewall *types.FirewallPolicyResponse, firstSeenTime *time.Time, configObj config.Config) bool {
 	// if the firewall policy has any attachments, then we can't remove that policy
-	if awsgo.Int64Value(firewall.NumberOfAssociations) > 0 {
-		logging.Debugf("[Skipping] the policy %s is still in use", awsgo.StringValue(firewall.FirewallPolicyName))
+	if aws.ToInt32(firewall.NumberOfAssociations) > 0 {
+		logging.Debugf("[Skipping] the policy %s is still in use", aws.ToString(firewall.FirewallPolicyName))
 		return false
 	}
 
@@ -40,23 +41,23 @@ func (nfw *NetworkFirewallPolicy) getAll(c context.Context, configObj config.Con
 		err           error
 	)
 
-	metaOutput, err := nfw.Client.ListFirewallPoliciesWithContext(nfw.Context, nil)
+	metaOutput, err := nfw.Client.ListFirewallPolicies(nfw.Context, nil)
 	if err != nil {
 		return nil, errors.WithStackTrace(err)
 	}
 
 	for _, policy := range metaOutput.FirewallPolicies {
 
-		output, err := nfw.Client.DescribeFirewallPolicyWithContext(nfw.Context, &networkfirewall.DescribeFirewallPolicyInput{
+		output, err := nfw.Client.DescribeFirewallPolicy(nfw.Context, &networkfirewall.DescribeFirewallPolicyInput{
 			FirewallPolicyArn: policy.Arn,
 		})
 		if err != nil {
-			logging.Errorf("[Failed] to describe the firewall policy %s", awsgo.StringValue(policy.Name))
+			logging.Errorf("[Failed] to describe the firewall policy %s", aws.ToString(policy.Name))
 			return nil, errors.WithStackTrace(err)
 		}
 
 		if output.FirewallPolicyResponse == nil {
-			logging.Errorf("[Failed] no firewall policy information found for %s", awsgo.StringValue(policy.Name))
+			logging.Errorf("[Failed] no firewall policy information found for %s", aws.ToString(policy.Name))
 			continue
 		}
 
@@ -84,13 +85,13 @@ func (nfw *NetworkFirewallPolicy) nukeAll(identifiers []*string) error {
 	var deleted []*string
 
 	for _, id := range identifiers {
-		_, err := nfw.Client.DeleteFirewallPolicyWithContext(nfw.Context, &networkfirewall.DeleteFirewallPolicyInput{
+		_, err := nfw.Client.DeleteFirewallPolicy(nfw.Context, &networkfirewall.DeleteFirewallPolicyInput{
 			FirewallPolicyName: id,
 		})
 
 		// Record status of this resource
 		e := report.Entry{
-			Identifier:   awsgo.StringValue(id),
+			Identifier:   aws.ToString(id),
 			ResourceType: "Network Firewall policy",
 			Error:        err,
 		}

aws/resources/network_firewall_policy_test.go

@@ -7,39 +7,31 @@ import (
 	"testing"
 	"time"
 
-	"github.com/aws/aws-sdk-go/aws"
-	"github.com/aws/aws-sdk-go/aws/request"
-	"github.com/aws/aws-sdk-go/service/networkfirewall"
-	"github.com/aws/aws-sdk-go/service/networkfirewall/networkfirewalliface"
-
-	awsgo "github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go-v2/aws"
+	"github.com/aws/aws-sdk-go-v2/service/networkfirewall"
+	"github.com/aws/aws-sdk-go-v2/service/networkfirewall/types"
 	"github.com/gruntwork-io/cloud-nuke/config"
 	"github.com/gruntwork-io/cloud-nuke/util"
 	"github.com/stretchr/testify/require"
 )
 
 type mockedNetworkFirewallPolicy struct {
-	networkfirewalliface.NetworkFirewallAPI
-	DeleteFirewallPolicyOutput   networkfirewall.DeleteFirewallPolicyOutput
+	NetworkFirewallPolicyAPI
 	ListFirewallPoliciesOutput   networkfirewall.ListFirewallPoliciesOutput
-	TagResourceOutput            networkfirewall.TagResourceOutput
 	DescribeFirewallPolicyOutput map[string]networkfirewall.DescribeFirewallPolicyOutput
+	DeleteFirewallPolicyOutput   networkfirewall.DeleteFirewallPolicyOutput
 }
 
-func (m mockedNetworkFirewallPolicy) TagResource(*networkfirewall.TagResourceInput) (*networkfirewall.TagResourceOutput, error) {
-	return &m.TagResourceOutput, nil
-}
-
-func (m mockedNetworkFirewallPolicy) DeleteFirewallPolicyWithContext(_ awsgo.Context, _ *networkfirewall.DeleteFirewallPolicyInput, _ ...request.Option) (*networkfirewall.DeleteFirewallPolicyOutput, error) {
+func (m mockedNetworkFirewallPolicy) DeleteFirewallPolicy(ctx context.Context, params *networkfirewall.DeleteFirewallPolicyInput, optFns ...func(*networkfirewall.Options)) (*networkfirewall.DeleteFirewallPolicyOutput, error) {
 	return &m.DeleteFirewallPolicyOutput, nil
 }
 
-func (m mockedNetworkFirewallPolicy) ListFirewallPoliciesWithContext(_ awsgo.Context, _ *networkfirewall.ListFirewallPoliciesInput, _ ...request.Option) (*networkfirewall.ListFirewallPoliciesOutput, error) {
+func (m mockedNetworkFirewallPolicy) ListFirewallPolicies(ctx context.Context, params *networkfirewall.ListFirewallPoliciesInput, optFns ...func(*networkfirewall.Options)) (*networkfirewall.ListFirewallPoliciesOutput, error) {
 	return &m.ListFirewallPoliciesOutput, nil
 }
 
-func (m mockedNetworkFirewallPolicy) DescribeFirewallPolicyWithContext(_ awsgo.Context, req *networkfirewall.DescribeFirewallPolicyInput, _ ...request.Option) (*networkfirewall.DescribeFirewallPolicyOutput, error) {
-	raw := awsgo.StringValue(req.FirewallPolicyArn)
+func (m mockedNetworkFirewallPolicy) DescribeFirewallPolicy(ctx context.Context, params *networkfirewall.DescribeFirewallPolicyInput, optFns ...func(*networkfirewall.Options)) (*networkfirewall.DescribeFirewallPolicyOutput, error) {
+	raw := aws.ToString(params.FirewallPolicyArn)
 	v, ok := m.DescribeFirewallPolicyOutput[raw]
 	if !ok {
 		return nil, fmt.Errorf("unable to describe the %s", raw)
@@ -63,42 +55,42 @@ func TestNetworkFirewallPolicy_GetAll(t *testing.T) {
 	nfw := NetworkFirewallPolicy{
 		Client: mockedNetworkFirewallPolicy{
 			ListFirewallPoliciesOutput: networkfirewall.ListFirewallPoliciesOutput{
-				FirewallPolicies: []*networkfirewall.FirewallPolicyMetadata{
+				FirewallPolicies: []types.FirewallPolicyMetadata{
 					{
-						Arn:  awsgo.String(testId1),
-						Name: awsgo.String(testName1),
+						Arn:  aws.String(testId1),
+						Name: aws.String(testName1),
 					},
 					{
-						Arn:  awsgo.String(testId2),
-						Name: awsgo.String(testName2),
+						Arn:  aws.String(testId2),
+						Name: aws.String(testName2),
 					},
 				},
 			},
 			DescribeFirewallPolicyOutput: map[string]networkfirewall.DescribeFirewallPolicyOutput{
 				testId1: {
-					FirewallPolicyResponse: &networkfirewall.FirewallPolicyResponse{
-						FirewallPolicyName: awsgo.String(testName1),
-						Tags: []*networkfirewall.Tag{
+					FirewallPolicyResponse: &types.FirewallPolicyResponse{
+						FirewallPolicyName: aws.String(testName1),
+						Tags: []types.Tag{
 							{
-								Key:   awsgo.String("Name"),
-								Value: awsgo.String(testName1),
+								Key:   aws.String("Name"),
+								Value: aws.String(testName1),
 							}, {
-								Key:   awsgo.String(util.FirstSeenTagKey),
-								Value: awsgo.String(util.FormatTimestamp(now)),
+								Key:   aws.String(util.FirstSeenTagKey),
+								Value: aws.String(util.FormatTimestamp(now)),
 							},
 						},
 					},
 				},
 				testId2: {
-					FirewallPolicyResponse: &networkfirewall.FirewallPolicyResponse{
-						FirewallPolicyName: awsgo.String(testName2),
-						Tags: []*networkfirewall.Tag{
+					FirewallPolicyResponse: &types.FirewallPolicyResponse{
+						FirewallPolicyName: aws.String(testName2),
+						Tags: []types.Tag{
 							{
-								Key:   awsgo.String("Name"),
-								Value: awsgo.String(testName2),
+								Key:   aws.String("Name"),
+								Value: aws.String(testName2),
 							}, {
-								Key:   awsgo.String(util.FirstSeenTagKey),
-								Value: awsgo.String(util.FormatTimestamp(now.Add(1 * time.Hour))),
+								Key:   aws.String(util.FirstSeenTagKey),
+								Value: aws.String(util.FormatTimestamp(now.Add(1 * time.Hour))),
 							},
 						},
 					},
@@ -129,7 +121,7 @@ func TestNetworkFirewallPolicy_GetAll(t *testing.T) {
 		"timeAfterExclusionFilter": {
 			configObj: config.ResourceType{
 				ExcludeRule: config.FilterRule{
-					TimeAfter: awsgo.Time(now),
+					TimeAfter: aws.Time(now),
 				}},
 			expected: []string{testName1},
 		},
@@ -140,7 +132,7 @@ func TestNetworkFirewallPolicy_GetAll(t *testing.T) {
 				NetworkFirewallPolicy: tc.configObj,
 			})
 			require.NoError(t, err)
-			require.Equal(t, tc.expected, aws.StringValueSlice(names))
+			require.Equal(t, tc.expected, aws.ToStringSlice(names))
 		})
 	}
 }

aws/resources/network_firewall_policy_types.go

@@ -3,26 +3,31 @@ package resources
 import (
 	"context"
 
-	awsgo "github.com/aws/aws-sdk-go/aws"
-	"github.com/aws/aws-sdk-go/aws/session"
-	"github.com/aws/aws-sdk-go/service/networkfirewall"
-	"github.com/aws/aws-sdk-go/service/networkfirewall/networkfirewalliface"
+	"github.com/aws/aws-sdk-go-v2/aws"
+	"github.com/aws/aws-sdk-go-v2/service/networkfirewall"
 	"github.com/gruntwork-io/cloud-nuke/config"
 	"github.com/gruntwork-io/go-commons/errors"
 )
 
+type NetworkFirewallPolicyAPI interface {
+	ListFirewallPolicies(ctx context.Context, params *networkfirewall.ListFirewallPoliciesInput, optFns ...func(*networkfirewall.Options)) (*networkfirewall.ListFirewallPoliciesOutput, error)
+	DescribeFirewallPolicy(ctx context.Context, params *networkfirewall.DescribeFirewallPolicyInput, optFns ...func(*networkfirewall.Options)) (*networkfirewall.DescribeFirewallPolicyOutput, error)
+	DeleteFirewallPolicy(ctx context.Context, params *networkfirewall.DeleteFirewallPolicyInput, optFns ...func(*networkfirewall.Options)) (*networkfirewall.DeleteFirewallPolicyOutput, error)
+}
+
 type NetworkFirewallPolicy struct {
 	BaseAwsResource
-	Client      networkfirewalliface.NetworkFirewallAPI
+	Client      NetworkFirewallPolicyAPI
 	Region      string
 	Identifiers []string
 }
 
-func (nfw *NetworkFirewallPolicy) Init(session *session.Session) {
-	nfw.BaseAwsResource.Init(session)
-	nfw.Client = networkfirewall.New(session)
+func (nfw *NetworkFirewallPolicy) InitV2(cfg aws.Config) {
+	nfw.Client = networkfirewall.NewFromConfig(cfg)
 }
 
+func (nfw *NetworkFirewallPolicy) IsUsingV2() bool { return true }
+
 // ResourceName - the simple name of the aws resource
 func (nfw *NetworkFirewallPolicy) ResourceName() string {
 	return "network-firewall-policy"
@@ -49,13 +54,13 @@ func (nfw *NetworkFirewallPolicy) GetAndSetIdentifiers(c context.Context, config
 		return nil, err
 	}
 
-	nfw.Identifiers = awsgo.StringValueSlice(identifiers)
+	nfw.Identifiers = aws.ToStringSlice(identifiers)
 	return nfw.Identifiers, nil
 }
 
 // Nuke - nuke 'em all!!!
 func (nfw *NetworkFirewallPolicy) Nuke(identifiers []string) error {
-	if err := nfw.nukeAll(awsgo.StringSlice(identifiers)); err != nil {
+	if err := nfw.nukeAll(aws.StringSlice(identifiers)); err != nil {
 		return errors.WithStackTrace(err)
 	}