Skip to content

Commit 88dd8ce

Browse files
m-pizarrom-pizarro
committed
fix: Added ACL Grants needed for aws cis 1.3.0-3.3 rule
1 parent 13d0560 commit 88dd8ce

3 files changed

Lines changed: 27 additions & 0 deletions

File tree

src/services/s3/format.ts

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -243,6 +243,12 @@ export default ({
243243
: `${total}`,
244244
transferAcceleration: accelerationStatus,
245245
notificationConfiguration: notificationConfigurationData,
246+
aclGrants: grants?.map(g => ({
247+
id: cuid(),
248+
granteeType: g.Grantee?.Type,
249+
granteeUri: g.Grantee?.URI,
250+
permission: g.Permission,
251+
})) || [],
246252
}
247253
return s3
248254
}

src/services/s3/schema.graphql

Lines changed: 13 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -53,6 +53,18 @@ type awsS3NotificationConfiguration
5353
lambdaFunctionConfigurations: [awsS3LambdaFunctionConfiguration]
5454
}
5555

56+
type awsS3AclGrant
57+
@generate(
58+
query: { get: false, query: true, aggregate: false }
59+
mutation: { add: false, delete: false }
60+
subscription: false
61+
) {
62+
id: String! @id
63+
granteeType: String @search(by: [hash])
64+
granteeUri: String @search(by: [hash])
65+
permission: String @search(by: [hash])
66+
}
67+
5668
type awsS3 implements awsBaseService @key(fields: "arn") {
5769
access: String @search(by: [hash, regexp])
5870
bucketOwnerName: String @search(by: [hash, regexp])
@@ -75,6 +87,7 @@ type awsS3 implements awsBaseService @key(fields: "arn") {
7587
notificationConfiguration: awsS3NotificationConfiguration
7688
policy: awsIamJSONPolicy
7789
rawPolicy: String @search(by: [hash, regexp])
90+
aclGrants: [awsS3AclGrant]
7891
kinesisFirehose: [awsKinesisFirehose] @hasInverse(field: s3)
7992
tags: [awsRawTag]
8093
cloudfrontDistributions: [awsCloudfront] @hasInverse(field: s3)

src/types/generated.ts

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -3760,6 +3760,7 @@ export type AwsRouteTable = AwsBaseService & {
37603760

37613761
export type AwsS3 = AwsBaseService & {
37623762
access?: Maybe<Scalars['String']>;
3763+
aclGrants?: Maybe<Array<Maybe<AwsS3AclGrant>>>;
37633764
blockPublicAcls?: Maybe<Scalars['String']>;
37643765
blockPublicPolicy?: Maybe<Scalars['String']>;
37653766
bucketOwnerName?: Maybe<Scalars['String']>;
@@ -3792,6 +3793,13 @@ export type AwsS3 = AwsBaseService & {
37923793
versioning?: Maybe<Scalars['String']>;
37933794
};
37943795

3796+
export type AwsS3AclGrant = {
3797+
granteeType?: Maybe<Scalars['String']>;
3798+
granteeUri?: Maybe<Scalars['String']>;
3799+
id: Scalars['String'];
3800+
permission?: Maybe<Scalars['String']>;
3801+
};
3802+
37953803
export type AwsS3ConfigurationBase = {
37963804
events?: Maybe<Array<Maybe<Scalars['String']>>>;
37973805
filterRules?: Maybe<Array<Maybe<AwsS3FilterRule>>>;

0 commit comments

Comments
 (0)