feat: adding support for s3 access grants, grant, instance, location

Author: ekristen

go.mod

@@ -36,6 +36,7 @@ require (
 	github.com/aws/aws-sdk-go-v2/service/internal/checksum v1.4.7 // indirect
 	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.12.7 // indirect
 	github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.18.7 // indirect
+	github.com/aws/aws-sdk-go-v2/service/s3control v1.52.1 // indirect
 	github.com/aws/aws-sdk-go-v2/service/ssmquicksetup v1.3.2 // indirect
 	github.com/aws/aws-sdk-go-v2/service/sso v1.24.8 // indirect
 	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.28.7 // indirect

go.sum

@@ -30,6 +30,8 @@ github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.18.7 h1:Hi0KGbrnr57bEH
 github.com/aws/aws-sdk-go-v2/service/internal/s3shared v1.18.7/go.mod h1:wKNgWgExdjjrm4qvfbTorkvocEstaoDl4WCvGfeCy9c=
 github.com/aws/aws-sdk-go-v2/service/s3 v1.71.1 h1:aOVVZJgWbaH+EJYPvEgkNhCEbXXvH7+oML36oaPK3zE=
 github.com/aws/aws-sdk-go-v2/service/s3 v1.71.1/go.mod h1:r+xl5yzMk9083rMR+sJ5TYj9Tihvf/l1oxzZXDgGj2Q=
+github.com/aws/aws-sdk-go-v2/service/s3control v1.52.1 h1:xxGbXbGtO/VMz2JqB1UwEDlSchryUss0KmQJSZ0oTUE=
+github.com/aws/aws-sdk-go-v2/service/s3control v1.52.1/go.mod h1:6BuUa52of67a+ri/poTH82XiL+rTGQWUPZCmf2cfVHI=
 github.com/aws/aws-sdk-go-v2/service/ssmquicksetup v1.3.2 h1:4siT1z3nEVxJq1jZYu1SRoct5xgbKen+ammCuZBZ2zI=
 github.com/aws/aws-sdk-go-v2/service/ssmquicksetup v1.3.2/go.mod h1:KSO1+erW2SUB6Mw/Qamu1fOT5fn/mzd9G79ENbYqyRQ=
 github.com/aws/aws-sdk-go-v2/service/sso v1.24.8 h1:CvuUmnXI7ebaUAhbJcDy9YQx8wHR69eZ9I7q5hszt/g=

resources/s3-access-grants-grant.go

@@ -0,0 +1,84 @@
+package resources
+
+import (
+	"context"
+	"strings"
+	"time"
+
+	"github.com/gotidy/ptr"
+
+	"github.com/aws/aws-sdk-go-v2/service/s3control"
+
+	"github.com/ekristen/libnuke/pkg/registry"
+	"github.com/ekristen/libnuke/pkg/resource"
+	"github.com/ekristen/libnuke/pkg/types"
+
+	"github.com/ekristen/aws-nuke/v3/pkg/nuke"
+)
+
+const S3AccessGrantsGrantResource = "S3AccessGrantsGrant"
+
+func init() {
+	registry.Register(&registry.Registration{
+		Name:     S3AccessGrantsGrantResource,
+		Scope:    nuke.Account,
+		Resource: &S3AccessGrantsGrant{},
+		Lister:   &S3AccessGrantsGrantLister{},
+	})
+}
+
+type S3AccessGrantsGrantLister struct{}
+
+func (l *S3AccessGrantsGrantLister) List(ctx context.Context, o interface{}) ([]resource.Resource, error) {
+	opts := o.(*nuke.ListerOpts)
+	svc := s3control.NewFromConfig(*opts.Config)
+	var resources []resource.Resource
+
+	res, err := svc.ListAccessGrants(ctx, &s3control.ListAccessGrantsInput{
+		AccountId: opts.AccountID,
+	})
+	if err != nil {
+		if strings.Contains(err.Error(), "AccessGrantsInstanceNotExistsError") {
+			return resources, nil
+		} else {
+			return nil, err
+		}
+	}
+
+	for _, p := range res.AccessGrantsList {
+		resources = append(resources, &S3AccessGrantsGrant{
+			svc:         svc,
+			ID:          p.AccessGrantId,
+			GrantScope:  p.GrantScope,
+			GranteeType: ptr.String(string(p.Grantee.GranteeType)),
+			GranteeID:   p.Grantee.GranteeIdentifier,
+			CreatedAt:   p.CreatedAt,
+		})
+	}
+
+	return resources, nil
+}
+
+type S3AccessGrantsGrant struct {
+	svc         *s3control.Client
+	ID          *string    `description:"The ID of the access grant."`
+	GrantScope  *string    `description:"The scope of the access grant."`
+	GranteeType *string    `description:"The type of the grantee, (e.g. IAM)."`
+	GranteeID   *string    `description:"The ARN of the grantee."`
+	CreatedAt   *time.Time `description:"The date and time the access grant was created."`
+}
+
+func (r *S3AccessGrantsGrant) Remove(ctx context.Context) error {
+	_, err := r.svc.DeleteAccessGrant(ctx, &s3control.DeleteAccessGrantInput{
+		AccessGrantId: r.ID,
+	})
+	return err
+}
+
+func (r *S3AccessGrantsGrant) Properties() types.Properties {
+	return types.NewPropertiesFromStruct(r)
+}
+
+func (r *S3AccessGrantsGrant) String() string {
+	return *r.ID
+}

resources/s3-access-grants-instance.go

@@ -0,0 +1,73 @@
+package resources
+
+import (
+	"context"
+	"time"
+
+	"github.com/aws/aws-sdk-go-v2/service/s3control"
+
+	"github.com/ekristen/libnuke/pkg/registry"
+	"github.com/ekristen/libnuke/pkg/resource"
+	"github.com/ekristen/libnuke/pkg/types"
+
+	"github.com/ekristen/aws-nuke/v3/pkg/nuke"
+)
+
+const S3AccessGrantsInstanceResource = "S3AccessGrantsInstance"
+
+func init() {
+	registry.Register(&registry.Registration{
+		Name:     S3AccessGrantsInstanceResource,
+		Scope:    nuke.Account,
+		Resource: &S3AccessGrantsInstance{},
+		Lister:   &S3AccessGrantsInstanceLister{},
+	})
+}
+
+type S3AccessGrantsInstanceLister struct{}
+
+func (l *S3AccessGrantsInstanceLister) List(ctx context.Context, o interface{}) ([]resource.Resource, error) {
+	opts := o.(*nuke.ListerOpts)
+	svc := s3control.NewFromConfig(*opts.Config)
+	var resources []resource.Resource
+
+	res, err := svc.ListAccessGrantsInstances(ctx, &s3control.ListAccessGrantsInstancesInput{
+		AccountId: opts.AccountID,
+	})
+	if err != nil {
+		return nil, err
+	}
+
+	for _, entity := range res.AccessGrantsInstancesList {
+		resources = append(resources, &S3AccessGrantsInstance{
+			svc:       svc,
+			accountID: opts.AccountID,
+			ID:        entity.AccessGrantsInstanceId,
+			CreatedAt: entity.CreatedAt,
+		})
+	}
+
+	return resources, nil
+}
+
+type S3AccessGrantsInstance struct {
+	svc       *s3control.Client
+	accountID *string
+	ID        *string    `description:"The ID of the access grants instance."`
+	CreatedAt *time.Time `description:"The time the access grants instance was created."`
+}
+
+func (r *S3AccessGrantsInstance) Remove(ctx context.Context) error {
+	_, err := r.svc.DeleteAccessGrantsInstance(ctx, &s3control.DeleteAccessGrantsInstanceInput{
+		AccountId: r.accountID,
+	})
+	return err
+}
+
+func (r *S3AccessGrantsInstance) Properties() types.Properties {
+	return types.NewPropertiesFromStruct(r)
+}
+
+func (r *S3AccessGrantsInstance) String() string {
+	return *r.ID
+}

resources/s3-access-grants-location.go

@@ -0,0 +1,81 @@
+package resources
+
+import (
+	"context"
+	"strings"
+	"time"
+
+	"github.com/aws/aws-sdk-go-v2/service/s3control"
+
+	"github.com/ekristen/libnuke/pkg/registry"
+	"github.com/ekristen/libnuke/pkg/resource"
+	"github.com/ekristen/libnuke/pkg/types"
+
+	"github.com/ekristen/aws-nuke/v3/pkg/nuke"
+)
+
+const S3AccessGrantsLocationResource = "S3AccessGrantsLocation"
+
+func init() {
+	registry.Register(&registry.Registration{
+		Name:     S3AccessGrantsLocationResource,
+		Scope:    nuke.Account,
+		Resource: &S3AccessGrantsLocation{},
+		Lister:   &S3AccessGrantsLocationLister{},
+	})
+}
+
+type S3AccessGrantsLocationLister struct{}
+
+func (l *S3AccessGrantsLocationLister) List(ctx context.Context, o interface{}) ([]resource.Resource, error) {
+	opts := o.(*nuke.ListerOpts)
+	svc := s3control.NewFromConfig(*opts.Config)
+	var resources []resource.Resource
+
+	res, err := svc.ListAccessGrantsLocations(ctx, &s3control.ListAccessGrantsLocationsInput{
+		AccountId: opts.AccountID,
+	})
+	if err != nil {
+		if strings.Contains(err.Error(), "AccessGrantsInstanceNotExistsError") {
+			return resources, nil
+		} else {
+			return nil, err
+		}
+	}
+
+	for _, entity := range res.AccessGrantsLocationsList {
+		resources = append(resources, &S3AccessGrantsLocation{
+			svc:           svc,
+			accountID:     opts.AccountID,
+			ID:            entity.AccessGrantsLocationId,
+			LocationScope: entity.LocationScope,
+			CreatedAt:     entity.CreatedAt,
+		})
+	}
+
+	return resources, nil
+}
+
+type S3AccessGrantsLocation struct {
+	svc           *s3control.Client
+	accountID     *string
+	ID            *string    `description:"The ID of the access grants location."`
+	LocationScope *string    `description:"The scope of the access grants location."`
+	CreatedAt     *time.Time `description:"The time the access grants location was created."`
+}
+
+func (r *S3AccessGrantsLocation) Remove(ctx context.Context) error {
+	_, err := r.svc.DeleteAccessGrantsLocation(ctx, &s3control.DeleteAccessGrantsLocationInput{
+		AccessGrantsLocationId: r.ID,
+		AccountId:              r.accountID,
+	})
+	return err
+}
+
+func (r *S3AccessGrantsLocation) Properties() types.Properties {
+	return types.NewPropertiesFromStruct(r)
+}
+
+func (r *S3AccessGrantsLocation) String() string {
+	return *r.ID
+}