fix(services): Added encryption rules data to s3 service

Author: m-pizarro

src/services/s3/format.ts

@@ -7,6 +7,7 @@ import {
   Policy,
   PolicyStatus,
   PublicAccessBlockConfiguration,
+  ServerSideEncryptionConfiguration,
 } from 'aws-sdk/clients/s3'
 
 import { AwsS3 } from '../../types/generated'
@@ -138,10 +139,16 @@ export default ({
     corsAdditions.corsConfiguration = t.yes
   }
 
-  const encryptionAdditions = { encrypted: t.no }
+  const encryptionAdditions = { encrypted: t.no, encryptionRules: [] }
 
   if (!isEmpty(encryptionInfo)) {
+    const { Rules } = encryptionInfo as ServerSideEncryptionConfiguration
     encryptionAdditions.encrypted = t.yes
+    encryptionAdditions.encryptionRules = Rules.map(r => ({
+      id: cuid(),
+      sseAlgorithm: r.ApplyServerSideEncryptionByDefault?.SSEAlgorithm,
+      kmsMasterKeyID: r.ApplyServerSideEncryptionByDefault?.KMSMasterKeyID,
+    }))
   }
 
   const replicationAdditions = { crossRegionReplication: t.disabled }
@@ -182,36 +189,42 @@ export default ({
       LambdaFunctionConfigurations: lambdaFunctionConfigurations = [],
     }: NotificationConfiguration = notificationConfiguration
     notificationConfigurationData = {
-      topicConfigurations: topicConfigurations?.map(tc => ({
-        id: tc.Id || cuid(),
-        topicArn: tc.TopicArn,
-        events: tc.Events || [],
-        filterRules: tc.Filter?.Key?.FilterRules?.map(r => ({
-          id: cuid(),
-          name: r.Name,
-          value: r.Value,  
+      topicConfigurations:
+        topicConfigurations?.map(tc => ({
+          id: tc.Id || cuid(),
+          topicArn: tc.TopicArn,
+          events: tc.Events || [],
+          filterRules:
+            tc.Filter?.Key?.FilterRules?.map(r => ({
+              id: cuid(),
+              name: r.Name,
+              value: r.Value,
+            })) || [],
         })) || [],
-      })) || [],
-      queueConfigurations: queueConfigurations?.map(qc => ({
-        id: qc.Id || cuid(),
-        queueArn: qc.QueueArn,
-        events: qc.Events || [],
-        filterRules: qc.Filter?.Key?.FilterRules?.map(r => ({
-          id: cuid(),
-          name: r.Name,
-          value: r.Value,  
+      queueConfigurations:
+        queueConfigurations?.map(qc => ({
+          id: qc.Id || cuid(),
+          queueArn: qc.QueueArn,
+          events: qc.Events || [],
+          filterRules:
+            qc.Filter?.Key?.FilterRules?.map(r => ({
+              id: cuid(),
+              name: r.Name,
+              value: r.Value,
+            })) || [],
         })) || [],
-      })) || [],
-      lambdaFunctionConfigurations: lambdaFunctionConfigurations?.map(lc => ({
-        id: lc.Id || cuid(),
-        lambdaFunctionArn: lc.LambdaFunctionArn,
-        events: lc.Events || [],
-        filterRules: lc.Filter?.Key?.FilterRules?.map(r => ({
-          id: cuid(),
-          name: r.Name,
-          value: r.Value,  
+      lambdaFunctionConfigurations:
+        lambdaFunctionConfigurations?.map(lc => ({
+          id: lc.Id || cuid(),
+          lambdaFunctionArn: lc.LambdaFunctionArn,
+          events: lc.Events || [],
+          filterRules:
+            lc.Filter?.Key?.FilterRules?.map(r => ({
+              id: cuid(),
+              name: r.Name,
+              value: r.Value,
+            })) || [],
         })) || [],
-      })) || [],
     }
   }
 
@@ -243,12 +256,13 @@ export default ({
       : `${total}`,
     transferAcceleration: accelerationStatus,
     notificationConfiguration: notificationConfigurationData,
-    aclGrants: grants?.map(g => ({
-      id: cuid(),
-      granteeType: g.Grantee?.Type,
-      granteeUri: g.Grantee?.URI,
-      permission: g.Permission,
-    })) || [],
+    aclGrants:
+      grants?.map(g => ({
+        id: cuid(),
+        granteeType: g.Grantee?.Type,
+        granteeUri: g.Grantee?.URI,
+        permission: g.Permission,
+      })) || [],
   }
   return s3
 }

src/services/s3/schema.graphql

@@ -65,6 +65,17 @@ type awsS3AclGrant
   permission: String @search(by: [hash])
 }
 
+type awsS3ServerSideEncryptionConfiguration
+  @generate(
+    query: { get: false, query: true, aggregate: false }
+    mutation: { add: false, delete: false }
+    subscription: false
+  ) {
+  id: String! @id
+  sseAlgorithm: String @search(by: [hash])
+  kmsMasterKeyID: String @search(by: [hash])
+}
+
 type awsS3 implements awsBaseService @key(fields: "arn") {
   access: String @search(by: [hash, regexp])
   bucketOwnerName: String @search(by: [hash, regexp])
@@ -74,6 +85,7 @@ type awsS3 implements awsBaseService @key(fields: "arn") {
   transferAcceleration: String @search(by: [hash, regexp])
   corsConfiguration: String @search(by: [hash, regexp])
   encrypted: String @search(by: [hash, regexp])
+  encryptionRules: [awsS3ServerSideEncryptionConfiguration]
   lifecycle: String @search(by: [hash, regexp])
   logging: String @search(by: [hash, regexp])
   blockPublicAcls: String @search(by: [hash, regexp])

src/types/generated.ts

@@ -3836,6 +3836,7 @@ export type AwsS3 = AwsBaseService & {
   crossRegionReplication?: Maybe<Scalars['String']>;
   ecsCluster?: Maybe<Array<Maybe<AwsEcsCluster>>>;
   encrypted?: Maybe<Scalars['String']>;
+  encryptionRules?: Maybe<Array<Maybe<AwsS3ServerSideEncryptionConfiguration>>>;
   iamRole?: Maybe<Array<Maybe<AwsIamRole>>>;
   ignorePublicAcls?: Maybe<Scalars['String']>;
   kinesisFirehose?: Maybe<Array<Maybe<AwsKinesisFirehose>>>;
@@ -3892,6 +3893,12 @@ export type AwsS3QueueConfiguration = AwsS3ConfigurationBase & {
   queueArn?: Maybe<Scalars['String']>;
 };
 
+export type AwsS3ServerSideEncryptionConfiguration = {
+  id: Scalars['String'];
+  kmsMasterKeyID?: Maybe<Scalars['String']>;
+  sseAlgorithm?: Maybe<Scalars['String']>;
+};
+
 export type AwsS3TopicConfiguration = AwsS3ConfigurationBase & {
   topicArn?: Maybe<Scalars['String']>;
 };