Config¶
The configuration is the user supplied configuration that is used to drive the nuke process. The configuration is a YAML file that is loaded from the path specified by the --config flag.
Sections¶
The configuration is broken down into the following sections:
- blocklist
- regions
- accounts
- presets
- filters
- resource-types
- includes
- excludes
- cloud-control
- targets (deprecated, use includes)
- resource-types
- includes
- excludes
- cloud-control
- targets (deprecated, use includes)
- feature-flags (deprecated, use settings instead)
- settings
- presets
Simple Example¶
blocklist:
- bootstrap-12345
regions:
- global
- us-central1
accounts:
playground-12345:
filters:
IAMRole:
- "admin"
resource-types:
includes:
- IAMRole
settings:
CloudSQLInstance:
DisableDeletionProtection: true
Blocklist¶
The blocklist is simply a list of Accounts that the tool cannot run against. This is to protect the user from accidentally running the tool against the wrong account. The blocklist must always be populated with at least one entry.
Regions¶
The regions is a list of GCP regions that the tool will run against. The tool will run against all regions specified in the configuration. If no regions are listed, then the tool will NOT run against any region. Regions must be explicitly provided.
All Regions¶
You may specify the special region all
to run against all enabled regions. This will run against all regions that are
enabled in the account. It will not run against regions that are disabled. It will also automatically include the
special region global
which is for specific global resources.
Important
The use of all
will ignore all other regions specified in the configuration. It will only run against regions
that are enabled in the account.
Projects¶
Important
Projects uses the accounts
key in the configuration. This is due to the commonality of libnuke between tools.
The accounts section is a map of GCP Project IDs to their configuration. The ID is the key and the value is the configuration for that project.
The configuration for each project is broken down into the following sections:
- presets
- filters
- resource-types
- includes
- excludes
Presets¶
Presets under an account entry is a list of strings that must map to a globally defined preset in the configuration.
Filters¶
Filters is a map of filters against resource types. To learn more about filters, see the Filtering
Note: filters can be defined at the account level and at the preset level.
Resource Types¶
Resource types is a map of resource types to their configuration. The resource type is the key and the value is the configuration for that resource type.
The configuration for each resource type is broken down into the following sections:
- includes
- excludes
Includes¶
Includes are a list of resource types the tool will run against. If no includes are specified, then the tool will run against all resource types.
Excludes¶
Excludes are a list of resource types the tool will not run against. If no excludes are specified, then the tool will run against all resource types unless Includes is specified.
Settings¶
Settings are a map of resource types to their settings configuration. This allows for alternative behavior when removing
resources. If a resource has a setting alternative, and you'd like to use its behavior, then you can specify the resource
type in the settings
section.
Global Presets¶
To read more on global presets, see the Presets documentation.