-
Notifications
You must be signed in to change notification settings - Fork 3
/
s3.go
79 lines (64 loc) · 2.58 KB
/
s3.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
package s3
import (
"context"
"sync"
"github.com/aws/aws-sdk-go-v2/aws"
"github.com/aws/aws-sdk-go-v2/service/s3"
"github.com/aws/aws-sdk-go-v2/service/s3/types"
"github.com/padok-team/yatas/plugins/commons"
)
// Return true if the bucket is in the region, false with the correct region if not
func CheckS3Location(s aws.Config, bucket, region string) (bool, string) {
svc := s3.NewFromConfig(s)
params := &s3.GetBucketLocationInput{
Bucket: aws.String(bucket),
}
resp, err := svc.GetBucketLocation(context.TODO(), params)
if err != nil {
return false, ""
}
if string(resp.LocationConstraint) == region {
return true, region
} else if string(resp.LocationConstraint) == "" { // If the bucket is in us-east-1, the LocationConstraint is empty
if region == "us-east-1" {
return true, region
} else {
return false, "us-east-1"
}
} else {
return false, string(resp.LocationConstraint)
}
}
type BucketAndNotInRegion struct {
Buckets []types.Bucket
NotInRegion []types.Bucket
}
func RunChecks(wa *sync.WaitGroup, s aws.Config, c *commons.Config, queue chan []commons.Check) {
var checkConfig commons.CheckConfig
checkConfig.Init(s, c)
var checks []commons.Check
buckets := GetListS3(s)
bucketsNotInRegion := GetListS3NotInRegion(s, s.Region)
couple := BucketAndNotInRegion{buckets, bucketsNotInRegion}
OnlyBucketInRegion := OnlyBucketInRegion(couple)
S3ToEncryption := GetS3ToEncryption(s, OnlyBucketInRegion)
S3toPublicBlockAccess := GetS3ToPublicBlockAccess(s, OnlyBucketInRegion)
S3ToVersioning := GetS3ToVersioning(s, OnlyBucketInRegion)
S3ToObjectLock := GetS3ToObjectLock(s, OnlyBucketInRegion)
S3ToReplicationOtherRegion := GetS3ToReplicationOtherRegion(s, OnlyBucketInRegion)
go commons.CheckTest(checkConfig.Wg, c, "AWS_S3_001", checkIfEncryptionEnabled)(checkConfig, S3ToEncryption, "AWS_S3_001")
go commons.CheckTest(checkConfig.Wg, c, "AWS_S3_002", CheckIfBucketNoReplicationOtherRegion)(checkConfig, S3ToReplicationOtherRegion, "AWS_S3_002")
go commons.CheckTest(checkConfig.Wg, c, "AWS_S3_003", CheckIfBucketObjectVersioningEnabled)(checkConfig, S3ToVersioning, "AWS_S3_003")
go commons.CheckTest(checkConfig.Wg, c, "AWS_S3_004", CheckIfObjectLockConfigurationEnabled)(checkConfig, S3ToObjectLock, "AWS_S3_004")
go commons.CheckTest(checkConfig.Wg, c, "AWS_S3_005", CheckIfS3PublicAccessBlockEnabled)(checkConfig, S3toPublicBlockAccess, "AWS_S3_005")
// Wait for all the goroutines to finish
go func() {
for t := range checkConfig.Queue {
t.EndCheck()
checks = append(checks, t)
checkConfig.Wg.Done()
}
}()
checkConfig.Wg.Wait()
queue <- checks
}