Skip to content

Commit

Permalink
aws: Add S3GetAccessPointPolicy (#3007)
Browse files Browse the repository at this point in the history
  • Loading branch information
@tolujimoh
tolujimoh authored May 15, 2024
1 parent fb0d8f1 commit ca29fb4
Show file tree
Hide file tree
Showing 7 changed files with 113 additions and 0 deletions.
1 change: 1 addition & 0 deletions backend/go.mod
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@ require (
github.com/aws/aws-sdk-go-v2/service/iam v1.32.0
github.com/aws/aws-sdk-go-v2/service/kinesis v1.27.4
github.com/aws/aws-sdk-go-v2/service/s3 v1.53.1
github.com/aws/aws-sdk-go-v2/service/s3control v1.44.7
github.com/aws/aws-sdk-go-v2/service/sts v1.28.6
github.com/aws/smithy-go v1.20.2
github.com/bradleyfalzon/ghinstallation/v2 v2.7.0
Expand Down
2 changes: 2 additions & 0 deletions backend/go.sum
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

8 changes: 8 additions & 0 deletions backend/mock/service/awsmock/awsmock.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@ import (
"github.com/aws/aws-sdk-go-v2/service/iam"
iamtypes "github.com/aws/aws-sdk-go-v2/service/iam/types"
"github.com/aws/aws-sdk-go-v2/service/s3"
"github.com/aws/aws-sdk-go-v2/service/s3control"
"github.com/aws/aws-sdk-go-v2/service/sts"
"github.com/aws/smithy-go/middleware"
"github.com/golang/protobuf/ptypes/any"
Expand All @@ -29,6 +30,13 @@ import (

type svc struct{}

func (s *svc) S3GetAccessPointPolicy(ctx context.Context, account, region, accessPointName string, accountID string) (*s3control.GetAccessPointPolicyOutput, error) {
return &s3control.GetAccessPointPolicyOutput{
Policy: aws.String("{}"),
ResultMetadata: middleware.Metadata{},
}, nil
}

func (s *svc) GetDirectClient(account string, region string) (clutchawsclient.DirectClient, error) {
panic("implement me")
}
Expand Down
4 changes: 4 additions & 0 deletions backend/service/aws/aws.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,7 @@ import (
"github.com/aws/aws-sdk-go-v2/service/iam"
"github.com/aws/aws-sdk-go-v2/service/kinesis"
"github.com/aws/aws-sdk-go-v2/service/s3"
"github.com/aws/aws-sdk-go-v2/service/s3control"
"github.com/aws/aws-sdk-go-v2/service/sts"
"github.com/iancoleman/strcase"
"github.com/uber-go/tally/v4"
Expand Down Expand Up @@ -155,6 +156,7 @@ func (c *client) createRegionalClients(accountAlias, region string, regions []st
},

s3: s3.NewFromConfig(regionCfg),
s3control: s3control.NewFromConfig(regionCfg),
kinesis: kinesis.NewFromConfig(regionCfg),
ec2: ec2.NewFromConfig(regionCfg),
autoscaling: autoscaling.NewFromConfig(regionCfg),
Expand All @@ -178,6 +180,7 @@ type Client interface {
S3GetBucketPolicy(ctx context.Context, account, region, bucket, accountID string) (*s3.GetBucketPolicyOutput, error)
S3StreamingGet(ctx context.Context, account, region, bucket, key string) (io.ReadCloser, error)

S3GetAccessPointPolicy(ctx context.Context, account, region, accessPointName, accountID string) (*s3control.GetAccessPointPolicyOutput, error)
DescribeTable(ctx context.Context, account, region, tableName string) (*dynamodbv1.Table, error)
UpdateCapacity(ctx context.Context, account, region, tableName string, targetTableCapacity *dynamodbv1.Throughput, indexUpdates []*dynamodbv1.IndexUpdateAction, ignoreMaximums bool) (*dynamodbv1.Table, error)
BatchGetItem(ctx context.Context, account, region string, params *dynamodb.BatchGetItemInput) (*dynamodb.BatchGetItemOutput, error)
Expand Down Expand Up @@ -232,6 +235,7 @@ type regionalClient struct {
iam iamClient
kinesis kinesisClient
s3 s3Client
s3control s3ControlClient
sts stsClient
}

Expand Down
4 changes: 4 additions & 0 deletions backend/service/aws/iface.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@ import (
"github.com/aws/aws-sdk-go-v2/service/iam"
"github.com/aws/aws-sdk-go-v2/service/kinesis"
"github.com/aws/aws-sdk-go-v2/service/s3"
"github.com/aws/aws-sdk-go-v2/service/s3control"
"github.com/aws/aws-sdk-go-v2/service/sts"
)

Expand All @@ -20,6 +21,9 @@ type s3Client interface {
GetBucketPolicy(ctx context.Context, params *s3.GetBucketPolicyInput, optFns ...func(*s3.Options)) (*s3.GetBucketPolicyOutput, error)
}

type s3ControlClient interface {
GetAccessPointPolicy(ctx context.Context, params *s3control.GetAccessPointPolicyInput, optFns ...func(*s3control.Options)) (*s3control.GetAccessPointPolicyOutput, error)
}
type stsClient interface {
AssumeRole(ctx context.Context, params *sts.AssumeRoleInput, optFns ...func(*sts.Options)) (*sts.AssumeRoleOutput, error)
GetCallerIdentity(ctx context.Context, params *sts.GetCallerIdentityInput, optFns ...func(*sts.Options)) (*sts.GetCallerIdentityOutput, error)
Expand Down
22 changes: 22 additions & 0 deletions backend/service/aws/s3control.go
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
package aws

import (
"context"

"github.com/aws/aws-sdk-go-v2/aws"
"github.com/aws/aws-sdk-go-v2/service/s3control"
)

func (c *client) S3GetAccessPointPolicy(ctx context.Context, account, region, accessPointName, accountID string) (*s3control.GetAccessPointPolicyOutput, error) {
cl, err := c.getAccountRegionClient(account, region)
if err != nil {
return nil, err
}

in := &s3control.GetAccessPointPolicyInput{
AccountId: aws.String(accountID),
Name: aws.String(accessPointName),
}

return cl.s3control.GetAccessPointPolicy(ctx, in)
}
72 changes: 72 additions & 0 deletions backend/service/aws/s3control_test.go
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,72 @@
package aws

import (
"context"
"fmt"
"testing"

"github.com/aws/aws-sdk-go-v2/aws"
"github.com/aws/aws-sdk-go-v2/service/s3control"
"github.com/stretchr/testify/assert"
)

func TestS3ControlGetAccessPointPolicy(t *testing.T) {
s3ControlClient := &mockS3Control{
getAccessPointPolicyOutput: &s3control.GetAccessPointPolicyOutput{
Policy: aws.String("policy"),
},
}

c := &client{
currentAccountAlias: "default",
accounts: map[string]*accountClients{
"default": {
clients: map[string]*regionalClient{
"us-east-1": {region: "us-east-1", s3control: s3ControlClient},
},
},
},
}

output, err := c.S3GetAccessPointPolicy(context.Background(), "default", "us-east-1", "access-point", "accountID")
assert.NoError(t, err)
assert.Equal(t, output.Policy, aws.String("policy"))
}

func TestS3ControlGetAccessPointPolicyErrorHandling(t *testing.T) {
s3ControlClient := &mockS3Control{
getAccessPointPolicyErr: fmt.Errorf("error"),
}

c := &client{
currentAccountAlias: "default",
accounts: map[string]*accountClients{
"default": {
clients: map[string]*regionalClient{
"us-east-1": {region: "us-east-1", s3control: s3ControlClient},
},
},
},
}

output1, err1 := c.S3GetAccessPointPolicy(context.Background(), "default", "us-east-1", "access-point", "accountID")
assert.Nil(t, output1)
assert.Error(t, err1)

// Test unknown region
output2, err2 := c.S3GetAccessPointPolicy(context.Background(), "default", "choice-region-1", "access-point", "accountID")
assert.Nil(t, output2)
assert.Error(t, err2)
}

type mockS3Control struct {
getAccessPointPolicyOutput *s3control.GetAccessPointPolicyOutput
getAccessPointPolicyErr error
}

func (m *mockS3Control) GetAccessPointPolicy(ctx context.Context, params *s3control.GetAccessPointPolicyInput, optFns ...func(*s3control.Options)) (*s3control.GetAccessPointPolicyOutput, error) {
if m.getAccessPointPolicyErr != nil {
return nil, m.getAccessPointPolicyErr
}
return m.getAccessPointPolicyOutput, nil
}

0 comments on commit ca29fb4

Please sign in to comment.