Created
July 8, 2021 13:13
-
-
Save fridim/013b6824af484df0f630fd2fd3183ec4 to your computer and use it in GitHub Desktop.
Work in progress for 660
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
1 file changed, 58 insertions(+) | |
resources/s3-buckets.go | 58 +++++++++++++++++++++++++++++++++++++++++++++++++ | |
modified resources/s3-buckets.go | |
@@ -9,6 +9,8 @@ import ( | |
"github.com/aws/aws-sdk-go/aws/request" | |
"github.com/aws/aws-sdk-go/aws/session" | |
"github.com/aws/aws-sdk-go/service/s3" | |
+ "github.com/aws/aws-sdk-go/service/sts" | |
+ "github.com/aws/aws-sdk-go/service/s3control" | |
"github.com/aws/aws-sdk-go/service/s3/s3iface" | |
"github.com/aws/aws-sdk-go/service/s3/s3manager" | |
"github.com/rebuy-de/aws-nuke/pkg/types" | |
@@ -20,13 +22,27 @@ func init() { | |
type S3Bucket struct { | |
svc *s3.S3 | |
+ svcControl *s3control.S3Control | |
name string | |
tags []*s3.Tag | |
+ accessPoints []*s3control.AccessPoint | |
+ accountID string | |
} | |
func ListS3Buckets(s *session.Session) ([]Resource, error) { | |
svc := s3.New(s) | |
+ svcControl := s3control.New(s) | |
+ | |
+ // Lookup current account ID | |
+ stsSvc := sts.New(s) | |
+ callerID, err := stsSvc.GetCallerIdentity(&sts.GetCallerIdentityInput{}) | |
+ if err != nil { | |
+ return nil, err | |
+ } | |
+ | |
+ accountID := callerID.Account | |
+ | |
buckets, err := DescribeS3Buckets(svc) | |
if err != nil { | |
return nil, err | |
@@ -34,6 +50,21 @@ func ListS3Buckets(s *session.Session) ([]Resource, error) { | |
resources := make([]Resource, 0) | |
for _, name := range buckets { | |
+ fmt.Println("listing BUCKET", name) | |
+ input := &s3control.ListAccessPointsInput{ | |
+ Bucket: &name, | |
+ AccountId: accountID, | |
+ } | |
+ output, err := svcControl.ListAccessPoints(input) | |
+ accessPoints := []*s3control.AccessPoint{} | |
+ if err == nil { | |
+ accessPoints = output.AccessPointList | |
+ | |
+ fmt.Println("access points", accessPoints) | |
+ } else { | |
+ fmt.Println(err) | |
+ } | |
+ | |
tags, err := svc.GetBucketTagging(&s3.GetBucketTaggingInput{ | |
Bucket: aws.String(name), | |
}) | |
@@ -45,6 +76,9 @@ func ListS3Buckets(s *session.Session) ([]Resource, error) { | |
svc: svc, | |
name: name, | |
tags: make([]*s3.Tag, 0), | |
+ svcControl: svcControl, | |
+ accountID: *accountID, | |
+ accessPoints: accessPoints, | |
}) | |
} | |
} | |
@@ -53,6 +87,9 @@ func ListS3Buckets(s *session.Session) ([]Resource, error) { | |
resources = append(resources, &S3Bucket{ | |
svc: svc, | |
+ svcControl: svcControl, | |
+ accountID: *accountID, | |
+ accessPoints: accessPoints, | |
name: name, | |
tags: tags.TagSet, | |
}) | |
@@ -112,6 +149,12 @@ func (e *S3Bucket) Remove() error { | |
return err | |
} | |
+ fmt.Println("REMOVING BUCKET") | |
+ err = e.RemoveAllAccessPoints() | |
+ if err != nil { | |
+ return err | |
+ } | |
+ | |
_, err = e.svc.DeleteBucket(&s3.DeleteBucketInput{ | |
Bucket: &e.name, | |
}) | |
@@ -119,6 +162,21 @@ func (e *S3Bucket) Remove() error { | |
return err | |
} | |
+func (e *S3Bucket) RemoveAllAccessPoints() error { | |
+ for _, accessPoint := range e.accessPoints { | |
+ fmt.Println("REMOVING accessPoint", accessPoint) | |
+ input := &s3control.DeleteAccessPointInput{ | |
+ Name: accessPoint.Name, | |
+ AccountId: &e.accountID, | |
+ } | |
+ if _, err := e.svcControl.DeleteAccessPoint(input) ; err != nil { | |
+ return err | |
+ } | |
+ | |
+ } | |
+ return nil | |
+} | |
+ | |
func (e *S3Bucket) RemoveAllVersions() error { | |
params := &s3.ListObjectVersionsInput{ | |
Bucket: &e.name, | |
[back] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
listing BUCKET vehsystempoc-infra | |
DNS lookup failed for s3-control.ap-southeast-1.amazonaws.com; assuming it does not exist in this region |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment