Coverage for /pythoncovmergedfiles/medio/medio/usr/local/lib/python3.8/site-packages/c7n/resources/s3control.py: 63%
73 statements
« prev ^ index » next coverage.py v7.3.2, created at 2023-12-08 06:51 +0000
« prev ^ index » next coverage.py v7.3.2, created at 2023-12-08 06:51 +0000
1# Copyright The Cloud Custodian Authors.
2# SPDX-License-Identifier: Apache-2.0
3from c7n.actions import Action
4from c7n.filters.iamaccess import CrossAccountAccessFilter
5from c7n.manager import resources
6from c7n.resources.aws import Arn
7from c7n.query import QueryResourceManager, TypeInfo, DescribeSource
8from c7n.utils import local_session, type_schema
11class AccessPointDescribe(DescribeSource):
12 def get_query_params(self, query_params):
13 query_params = query_params or {}
14 query_params['AccountId'] = self.manager.config.account_id
15 return query_params
17 def augment(self, resources):
18 client = local_session(self.manager.session_factory).client('s3control')
19 results = []
20 for r in resources:
21 arn = Arn.parse(r['AccessPointArn'])
22 ap = client.get_access_point(AccountId=arn.account_id, Name=r['Name'])
23 ap.pop('ResponseMetadata', None)
24 ap['AccessPointArn'] = arn.arn
25 results.append(ap)
26 return results
29@resources.register('s3-access-point')
30class AccessPoint(QueryResourceManager):
31 class resource_type(TypeInfo):
32 service = 's3control'
33 id = name = 'Name'
34 enum_spec = ('list_access_points', 'AccessPointList', None)
35 arn = 'AccessPointArn'
36 arn_service = 's3'
37 arn_type = 'accesspoint'
38 cfn_type = 'AWS::S3::AccessPoint'
39 permission_prefix = 's3'
41 source_mapping = {'describe': AccessPointDescribe}
44@AccessPoint.filter_registry.register('cross-account')
45class AccessPointCrossAccount(CrossAccountAccessFilter):
47 policy_attribute = 'c7n:Policy'
48 permissions = ('s3:GetAccessPointPolicy',)
50 def process(self, resources, event=None):
51 client = local_session(self.manager.session_factory).client('s3control')
52 for r in resources:
53 if self.policy_attribute in r:
54 continue
55 arn = Arn.parse(r['AccessPointArn'])
56 r[self.policy_attribute] = client.get_access_point_policy(
57 AccountId=arn.account_id, Name=r['Name']
58 ).get('Policy')
60 return super().process(resources, event)
63@AccessPoint.action_registry.register('delete')
64class Delete(Action):
66 schema = type_schema('delete')
67 permissions = ('s3:DeleteAccessPoint',)
69 def process(self, resources):
70 client = local_session(self.manager.session_factory).client('s3control')
71 for r in resources:
72 arn = Arn.parse(r['AccessPointArn'])
73 try:
74 client.delete_access_point(AccountId=arn.account_id, Name=r['Name'])
75 except client.NotFoundException:
76 continue
79class MultiRegionAccessPointDescribe(DescribeSource):
80 def get_query_params(self, query_params):
81 query_params = query_params or {}
82 query_params['AccountId'] = self.manager.config.account_id
83 return query_params
86@resources.register('s3-access-point-multi')
87class MultiRegionAccessPoint(QueryResourceManager):
88 class resource_type(TypeInfo):
89 service = 's3control'
90 id = name = 'Name'
91 enum_spec = ('list_multi_region_access_points', 'AccessPoints', None)
92 arn_service = 's3'
93 arn_type = 'accesspoint'
94 cfn_type = 'AWS::S3::MultiRegionAccessPoint'
95 permission_prefix = 's3'
97 source_mapping = {'describe': MultiRegionAccessPointDescribe}