Merge pull request #63 from cloudgraphdev/fix/add-acl-grants-to-s3-service

tyler-dunkel · web-flow · commit a95022460ca9 · 2022-05-12T14:56:38.000-05:00
fix: Added ACL Grants needed for aws cis 1.3.0-3.3 rule
diff --git a/src/services/s3/format.ts b/src/services/s3/format.ts
@@ -243,6 +243,12 @@ export default ({
       : `${total}`,
     transferAcceleration: accelerationStatus,
     notificationConfiguration: notificationConfigurationData,
+    aclGrants: grants?.map(g => ({
+      id: cuid(),
+      granteeType: g.Grantee?.Type,
+      granteeUri: g.Grantee?.URI,
+      permission: g.Permission,
+    })) || [],
   }
   return s3
 }
diff --git a/src/services/s3/schema.graphql b/src/services/s3/schema.graphql
@@ -53,6 +53,18 @@ type awsS3NotificationConfiguration
   lambdaFunctionConfigurations: [awsS3LambdaFunctionConfiguration]
 }
 
+type awsS3AclGrant
+  @generate(
+    query: { get: false, query: true, aggregate: false }
+    mutation: { add: false, delete: false }
+    subscription: false
+  ) {
+  id: String! @id
+  granteeType: String @search(by: [hash])
+  granteeUri: String @search(by: [hash])
+  permission: String @search(by: [hash])
+}
+
 type awsS3 implements awsBaseService @key(fields: "arn") {
   access: String @search(by: [hash, regexp])
   bucketOwnerName: String @search(by: [hash, regexp])
@@ -75,6 +87,7 @@ type awsS3 implements awsBaseService @key(fields: "arn") {
   notificationConfiguration: awsS3NotificationConfiguration
   policy: awsIamJSONPolicy
   rawPolicy: String @search(by: [hash, regexp])
+  aclGrants: [awsS3AclGrant]
   kinesisFirehose: [awsKinesisFirehose] @hasInverse(field: s3)
   tags: [awsRawTag]
   cloudfrontDistributions: [awsCloudfront] @hasInverse(field: s3)
diff --git a/src/types/generated.ts b/src/types/generated.ts
@@ -3773,6 +3773,7 @@ export type AwsRouteTable = AwsBaseService & {
 
 export type AwsS3 = AwsBaseService & {
   access?: Maybe<Scalars['String']>;
+  aclGrants?: Maybe<Array<Maybe<AwsS3AclGrant>>>;
   blockPublicAcls?: Maybe<Scalars['String']>;
   blockPublicPolicy?: Maybe<Scalars['String']>;
   bucketOwnerName?: Maybe<Scalars['String']>;
@@ -3805,6 +3806,13 @@ export type AwsS3 = AwsBaseService & {
   versioning?: Maybe<Scalars['String']>;
 };
 
+export type AwsS3AclGrant = {
+  granteeType?: Maybe<Scalars['String']>;
+  granteeUri?: Maybe<Scalars['String']>;
+  id: Scalars['String'];
+  permission?: Maybe<Scalars['String']>;
+};
+
 export type AwsS3ConfigurationBase = {
   events?: Maybe<Array<Maybe<Scalars['String']>>>;
   filterRules?: Maybe<Array<Maybe<AwsS3FilterRule>>>;

Original file line number	Diff line number	Diff line change
`@@ -243,6 +243,12 @@ export default ({`
`243`	`243`	: `${total}`,
`244`	`244`	`transferAcceleration: accelerationStatus,`
`245`	`245`	`notificationConfiguration: notificationConfigurationData,`
	`246`	`+ aclGrants: grants?.map(g => ({`
	`247`	`+ id: cuid(),`
	`248`	`+ granteeType: g.Grantee?.Type,`
	`249`	`+ granteeUri: g.Grantee?.URI,`
	`250`	`+ permission: g.Permission,`
	`251`	`+ })) \|\| [],`
`246`	`252`	`}`
`247`	`253`	`return s3`
`248`	`254`	`}`