Metadata-Version: 2.1
Name: resoto-plugin-protector
Version: 3.0.4
Summary: Resoto Protector Plugin
Home-page: https://github.com/someengineering/resoto/tree/main/plugins/protector
License: Apache 2.0
Keywords: cloud security
Classifier: Development Status :: 4 - Beta
Classifier: Intended Audience :: System Administrators
Classifier: Intended Audience :: Information Technology
Classifier: License :: OSI Approved :: Apache Software License
Classifier: Programming Language :: Python :: 3.9
Classifier: Operating System :: POSIX :: Linux
Classifier: Operating System :: Unix
Classifier: Environment :: Console
Classifier: Natural Language :: English
Classifier: Topic :: Security
Classifier: Topic :: Utilities
Description-Content-Type: text/markdown

# resoto-plugin-protector
Protector Plugin for Resoto

This plugin protects important resources from deletion by Resoto.

## Usage

In `resh` execute

```
> config edit resoto.worker
```

and find the following section

```
plugin_protector:
  # Configuration for the plugin
  # See https://github.com/someengineering/resoto/tree/main/plugins/protector for syntax details
  config:
    aws:
      '110465657741':
        us-east-1:
          aws_ec2_instance:
            - 'i-0fcbe8974615bfd37'
  # Enable plugin?
  enabled: false
```

The format of the `config` section is as follows:

```
cloud.id:
  account.id:
    region.id:
      kind:
        - resource.id
```

### Implementation details

Each Resoto resource has an attributed `/metadata.protected` which takes a boolean value. By default it is set to `false`. Each Resoto resource inherits BaseResource which contains two methods for cleaning up a resource, `cleanup()` and `delete()`. Both those methods will refuse to manipulate a resource once the `protected` attribute has been set to `true`. Meaning if a resource is marked as protected but has also been flagged for cleanup the cleanup will fail because protected resources cannot be deleted.
