Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add object lock configuration to augment table #9532

Open
wants to merge 6 commits into
base: main
Choose a base branch
from
Open

Add object lock configuration to augment table #9532

wants to merge 6 commits into from

Conversation

dmytro-afanasiev
Copy link
Collaborator

@dmytro-afanasiev dmytro-afanasiev commented May 22, 2024
edited 

policies:
    - name: example
      resource: aws.s3
      filters:
        - type: lock-configuration
          key: Rule.DefaultRetention.Mode
          value: COMPLIANCE

@dmytro-afanasiev dmytro-afanasiev mentioned this pull request May 22, 2024
Open
@kapilt
Copy link
Collaborator

kapilt commented May 22, 2024

this should definitely be a separate filter, we're trying to slim augment table not add to it for s3, re not forcing api calls when they aren't explicitly needed for the policy.

@dmytro-afanasiev
Copy link
Collaborator Author

this should definitely be a separate filter, we're trying to slim augment table not add to it for s3, re not forcing api calls when they aren't explicitly needed for the policy.

changed to value filter

kapilt
kapilt reviewed May 31, 2024
View reviewed changes
c7n/resources/s3.py
return super().process(resources, event)

def __call__(self, r):
if self.annotate:
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

afaics given the class value for annotate = true, there's no need for the conditional here.

kapilt
kapilt reviewed May 31, 2024
View reviewed changes
c7n/resources/s3.py
schema = type_schema('lock-configuration', rinherit=ValueFilter.schema)
permissions = ('s3:GetBucketObjectLockConfiguration',)
annotate = True
annotation_key = 'ObjectLockConfiguration'
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

generally want a c7n: prefix on annotation keys to distinguish from native attributes.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kapilt kapilt kapilt left review comments

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@dmytro-afanasiev @kapilt