Add aws_s3_bucket_encryption_rules table (#30)

cloudquery · Apr 10, 2021 · b1be06e · b1be06e
1 parent bf49201
commit b1be06e
Show file tree

Hide file tree

Showing 2 changed files with 44 additions and 0 deletions.
diff --git a/client/mocks/builders_test.go b/client/mocks/builders_test.go
@@ -945,6 +945,11 @@ func buildS3Buckets(t *testing.T, ctrl *gomock.Controller) client.Services {
 	if err != nil {
 		t.Fatal(err)
 	}
+	bencryption := s3.GetBucketEncryptionOutput{}
+	err = faker.FakeData(&bencryption)
+	if err != nil {
+		t.Fatal(err)
+	}
 
 	m.EXPECT().ListBuckets(gomock.Any(), gomock.Any()).Return(
 		&s3.ListBucketsOutput{
@@ -966,6 +971,8 @@ func buildS3Buckets(t *testing.T, ctrl *gomock.Controller) client.Services {
 		&s3.GetBucketCorsOutput{
 			CORSRules: []s3Types.CORSRule{bcors},
 		}, nil)
+	m.EXPECT().GetBucketEncryption(gomock.Any(), gomock.Any(), gomock.Any()).Return(
+		&bencryption, nil)
 	return client.Services{
 		S3: m,
 	}

diff --git a/resources/s3_buckets.go b/resources/s3_buckets.go
@@ -99,6 +99,27 @@ func S3Buckets() *schema.Table {
 					},
 				},
 			},
+			{
+				Name:     "aws_s3_bucket_encryption_rules",
+				Resolver: fetchS3BucketEncryptionRules,
+				Columns: []schema.Column{
+					{
+						Name:     "bucket_id",
+						Type:     schema.TypeUUID,
+						Resolver: schema.ParentIdResolver,
+					},
+					{
+						Name:     "kms_master_key_id",
+						Type:     schema.TypeString,
+						Resolver: schema.PathResolver("ApplyServerSideEncryptionByDefault.KMSMasterKeyID"),
+					},
+					{
+						Name:     "sse_algorithm",
+						Type:     schema.TypeString,
+						Resolver: schema.PathResolver("ApplyServerSideEncryptionByDefault.SSEAlgorithm"),
+					},
+				},
+			},
 			{
 				Name:     "aws_s3_bucket_cors_rules",
 				Resolver: fetchS3BucketCorsRules,
@@ -219,6 +240,22 @@ func fetchS3BucketGrants(ctx context.Context, meta schema.ClientMeta, parent *sc
 	res <- aclOutput.Grants
 	return nil
 }
+func fetchS3BucketEncryptionRules(ctx context.Context, meta schema.ClientMeta, parent *schema.Resource, res chan interface{}) error {
+	var ae smithy.APIError
+	r := parent.Item.(types.Bucket)
+	svc := meta.(*client.Client).Services().S3
+	aclOutput, err := svc.GetBucketEncryption(ctx, &s3.GetBucketEncryptionInput{Bucket: r.Name}, func(options *s3.Options) {
+		options.Region = parent.Get("region").(string)
+	})
+	if err != nil {
+		if errors.As(err, &ae) && ae.ErrorCode() == "ServerSideEncryptionConfigurationNotFoundError" {
+			return nil
+		}
+		return err
+	}
+	res <- aclOutput.ServerSideEncryptionConfiguration.Rules
+	return nil
+}
 func fetchS3BucketCorsRules(ctx context.Context, meta schema.ClientMeta, parent *schema.Resource, res chan interface{}) error {
 	var ae smithy.APIError
 	r := parent.Item.(types.Bucket)