github.com/GoogleCloudPlatform/terraformer@v0.8.18/providers/aws/s3.go (about) 1 // Copyright 2018 The Terraformer Authors. 2 // 3 // Licensed under the Apache License, Version 2.0 (the "License"); 4 // you may not use this file except in compliance with the License. 5 // You may obtain a copy of the License at 6 // 7 // http://www.apache.org/licenses/LICENSE-2.0 8 // 9 // Unless required by applicable law or agreed to in writing, software 10 // distributed under the License is distributed on an "AS IS" BASIS, 11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 // See the License for the specific language governing permissions and 13 // limitations under the License. 14 15 package aws 16 17 import ( 18 "context" 19 "fmt" 20 "log" 21 22 "github.com/GoogleCloudPlatform/terraformer/terraformutils" 23 24 "github.com/aws/aws-sdk-go-v2/aws" 25 "github.com/aws/aws-sdk-go-v2/service/s3" 26 ) 27 28 var S3AllowEmptyValues = []string{"tags."} 29 30 var S3AdditionalFields = map[string]interface{}{} 31 32 type S3Generator struct { 33 AWSService 34 } 35 36 // createResources iterate on all buckets 37 // for each bucket we check region and choose only bucket from set region 38 // for each bucket try get bucket policy, if policy exist create additional NewTerraformResource for policy 39 func (g *S3Generator) createResources(config aws.Config, buckets *s3.ListBucketsOutput, region string) []terraformutils.Resource { 40 var resources []terraformutils.Resource 41 svc := s3.NewFromConfig(config) 42 for _, bucket := range buckets.Buckets { 43 resourceName := StringValue(bucket.Name) 44 location, err := svc.GetBucketLocation(context.TODO(), &s3.GetBucketLocationInput{Bucket: bucket.Name}) 45 if err != nil { 46 log.Println(err) 47 continue 48 } 49 // check if bucket in region 50 constraintString := string(location.LocationConstraint) 51 if constraintString == region { 52 attributes := map[string]string{ 53 "force_destroy": "false", 54 "acl": "private", 55 } 56 // try get policy 57 var policy *s3.GetBucketPolicyOutput 58 policy, err = svc.GetBucketPolicy(context.TODO(), &s3.GetBucketPolicyInput{ 59 Bucket: bucket.Name, 60 }) 61 62 if err == nil && policy.Policy != nil { 63 attributes["policy"] = *policy.Policy 64 } 65 resources = append(resources, terraformutils.NewResource( 66 resourceName, 67 resourceName, 68 "aws_s3_bucket", 69 "aws", 70 attributes, 71 S3AllowEmptyValues, 72 S3AdditionalFields)) 73 } 74 } 75 return resources 76 } 77 78 // Generate TerraformResources from AWS API, 79 // Need bucket name as ID for terraform resource 80 func (g *S3Generator) InitResources() error { 81 config, e := g.generateConfig() 82 if e != nil { 83 return e 84 } 85 svc := s3.NewFromConfig(config) 86 87 buckets, err := svc.ListBuckets(context.TODO(), nil) 88 if err != nil { 89 return err 90 } 91 g.Resources = g.createResources(config, buckets, g.GetArgs()["region"].(string)) 92 return nil 93 } 94 95 // PostGenerateHook for add bucket policy json as heredoc 96 // support only bucket with policy 97 func (g *S3Generator) PostConvertHook() error { 98 for i, resource := range g.Resources { 99 if resource.InstanceInfo.Type == "aws_s3_bucket" { 100 if val, ok := g.Resources[i].Item["acl"]; ok && val == "private" { 101 delete(g.Resources[i].Item, "acl") 102 } 103 if val, ok := g.Resources[i].Item["policy"]; ok { 104 g.Resources[i].Item["policy"] = fmt.Sprintf(`<<POLICY 105 %s 106 POLICY`, g.escapeAwsInterpolation(val.(string))) 107 } 108 } 109 } 110 return nil 111 }