This repository has been archived by the owner on Aug 16, 2022. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 40
/
accounts.go
85 lines (76 loc) · 2.69 KB
/
accounts.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
package s3
import (
"context"
"errors"
aws "github.com/aws/aws-sdk-go-v2/aws"
s3control "github.com/aws/aws-sdk-go-v2/service/s3control"
s3controlTypes "github.com/aws/aws-sdk-go-v2/service/s3control/types"
"github.com/cloudquery/cq-provider-aws/client"
"github.com/cloudquery/cq-provider-sdk/provider/diag"
"github.com/cloudquery/cq-provider-sdk/provider/schema"
)
type S3AccountConfig struct {
s3controlTypes.PublicAccessBlockConfiguration
ConfigExists bool
}
func Accounts() *schema.Table {
return &schema.Table{
Name: "aws_s3_account_config",
Description: "Account configurations for S3",
Resolver: fetchS3AccountConfig,
Multiplex: client.AccountMultiplex,
IgnoreError: client.IgnoreCommonErrors,
DeleteFilter: client.DeleteAccountFilter,
Options: schema.TableCreationOptions{PrimaryKeys: []string{"account_id"}},
Columns: []schema.Column{
{
Name: "account_id",
Type: schema.TypeString,
Resolver: client.ResolveAWSAccount,
},
{
Name: "config_exists",
Type: schema.TypeBool,
Description: "Specifies whether Amazon S3 public access control config exists",
},
{
Name: "block_public_acls",
Type: schema.TypeBool,
Description: "Specifies whether Amazon S3 should block public access control lists (ACLs) for buckets in this account",
},
{
Name: "block_public_policy",
Type: schema.TypeBool,
Description: "Specifies whether Amazon S3 should block public bucket policies for buckets in this account.",
},
{
Name: "ignore_public_acls",
Type: schema.TypeBool,
Description: "Specifies whether Amazon S3 should ignore public ACLs for buckets in this account",
},
{
Name: "restrict_public_buckets",
Type: schema.TypeBool,
Description: "Specifies whether Amazon S3 should restrict public bucket policies for buckets in this account.",
},
},
}
}
func fetchS3AccountConfig(ctx context.Context, meta schema.ClientMeta, _ *schema.Resource, res chan<- interface{}) error {
c := meta.(*client.Client)
svc := c.Services().S3Control
var accountConfig s3control.GetPublicAccessBlockInput
accountConfig.AccountId = aws.String(c.AccountID)
resp, err := svc.GetPublicAccessBlock(ctx, &accountConfig)
if err != nil {
// If we received any error other than NoSuchPublicAccessBlockConfiguration, we return and error
var nspabc *s3controlTypes.NoSuchPublicAccessBlockConfiguration
if !errors.As(err, &nspabc) {
return diag.WrapError(err)
}
res <- S3AccountConfig{s3controlTypes.PublicAccessBlockConfiguration{}, false}
} else {
res <- S3AccountConfig{*resp.PublicAccessBlockConfiguration, true}
}
return nil
}