-
Notifications
You must be signed in to change notification settings - Fork 16
/
filter-buckets.py
34 lines (24 loc) · 1.24 KB
/
filter-buckets.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
#!/usr/bin/env python
from relay_sdk import Interface, Dynamic as D
relay = Interface()
to_modify = []
to_do_nothing = []
bucketACLs = relay.get(D.bucketACLs)
for bucketName in bucketACLs.keys():
public_bucket = False
# If the URI of the grant is "http://acs/amazonaws.com/groups/global/AllUsers" and the permission contains "WRITE_ACP", adding to list to remediate.
for grant in bucketACLs[bucketName]:
if grant['Grantee']['Type'] == "Group" and grant['Grantee']['URI'] == "http://acs.amazonaws.com/groups/global/AllUsers" and "WRITE_ACP" in str(grant['Permission']):
public_bucket = True
else:
continue
if public_bucket:
to_modify.append(bucketName)
else:
to_do_nothing.append(bucketName)
print("\nFound {} bucket(s) that DON'T have public WRITE_ACP permissions:".format(len(to_do_nothing)))
print(*[bucket for bucket in to_do_nothing], sep = "\n")
print("\nFound {} bucket(s) that have public WRITE_ACP permissions:".format(len(to_modify)))
print(*[bucket for bucket in to_modify], sep = "\n")
print('\nSetting output variable `buckets` with list of {} bucket(s) with public WRITE_ACP permissions.'.format(len(to_modify)))
relay.outputs.set('buckets', to_modify)