Allow to invert Filter Results #226
Conversation
|
Hello @leflamm, what would happen, if you specify more than one filter with |
|
Hi @svenwltr, can you give a specific example? Thx! |
|
Hi @svenwltr , I believe you are correct regarding two inverted exact matches. IIUC, for accounts:
<some account>: # stage12
filters:
CloudFormationStack:
- type: glob
value: "*u*"
invert: true
- type: glob
value: "*o*"
invert: truewould filter (as in "protect from removal") all resources that:
or to say it the other way: it would only remove resources containing both - "o" and "u". |
|
But thanks for your hint! I believe I may have to think a little more about the desired behavior. |
|
aws-nuke internally takes every resource and applies every filter on it. If a filter matches, it marks the node as filtered. So for example, assume we have these Cloud Formation Stacks with your example filter:
So you are right. The inverting thing confused me a bit. Is this the behavior you want? Also /cc @rebuy-de/prp-aws-nuke |
|
It makes perfect sense for It's definitely a behavior I can live with - users simply need to understand how filters get applied. There may be users who write down this... accounts:
<some account>: # stage12
filters:
CloudFormationStack:
- type: glob
value: "*u*"
invert: true
- type: glob
value: "*o*"
invert: true... and wrongly assume any CloudFormationStack containing either "u" or "o" or both to be marked for removal - which is not how applying filters works. Still, it can easily be achieved by e. g.: accounts:
<some account>: # stage12
filters:
CloudFormationStack:
- type: regex
value: ".*[uv].*"
invert: trueMaybe the
Cheers, Christian |
|
Sorry for the late response. It feels like this is something we might want to implement in a different way (eg something not in /cc @rebuy-de/prp-aws-nuke @tomvachon Maybe you have some opinions on this? |
|
Okay, since there are no other opinions and I still do not have new thoughts I guess we can just do this. Could you please improve the README like you suggested and squash your commits? |
|
@svenwltr Hm, i think that could easily be a foot-gun, right? |
|
@bjoernhaeuser In what sense? People doing the configuration wrong? Encouraging people to use this for a wrong use case? |
|
Yeah, or having a configuration which noone understands anymore if you need a lot of filtering. But on the other side you probably do not need more than one filter a lot of times.. |
|
Therefore: 👍 |
That's what I figured. Even if I want to nuke specific resources using 3 different patterns I can write <resource>:
- type: regex
property: <property>
value: (<pattern1>|<pattern2>|<pattern3>)
invert: true
I'll provide a README.md proposal and will squash the commits. |
* introduce `invert` flag * update readme, explain filter application
|
@svenwltr plz let me know if the README.md change works for you or if this needs to be more elaborate. Cheers |
svenwltr
added
the
kind/enhancement
Hi!
invert: truecan be added to any filter statement and would invert such filter result.Can be useful to not only protect resources from being nuked, but to also explicitly define resources to be removed by inverting a filter result (else used for resource protection).
Cheers, Christian