const { createResource, createSchema, types } = require('@lukekaalim/terraform-plugin-sdk'); const { CreateAccessPointForObjectLambdaCommand, PutAccessPointConfigurationForObjectLambdaCommand, DeleteAccessPointForObjectLambdaCommand, GetAccessPointConfigurationForObjectLambdaCommand } = require("@aws-sdk/client-s3-control"); const { STSClient, GetCallerIdentityCommand } = require("@aws-sdk/client-sts") const fileSchema = createSchema({ id: { type: types.string, description: 'The Unique ID of this Access Point', computed: true }, name: { type: types.string, description: 'The name of the access point', required: true, forceNew: true }, supporting_access_point: { type: types.string, description: 'The arn of the S3 access point', required: true }, actions: { type: types.list(types.string), description: 'The allowed actions', required: true }, lambda_arn: { type: types.string, description: 'The ARN of the AWS Lambda function', required: true }, arn: { type: types.string, description: 'The ARN of the AWS Lambda function', computed: true }, }, 2); const accessPointforObjectLambda = createResource({ name: 'access_point_for_object_lambda', block: fileSchema, version: 2, upgrade(version, state) { switch (version.low) { case 1: return { id: state.id, name: '' }; default: return state; } }, async read({ client }, state) { const foo = new GetCallerIdentityCommand({}) const iamClient = new STSClient({region: 'eu-central-1'}) const iamResult = await iamClient.send(foo) const command = new GetAccessPointConfigurationForObjectLambdaCommand({ AccountId: iamResult.Account, Name: state.name }) const result = await client.send(command) return { ...state, supporting_access_point: result.Configuration.SupportingAccessPoint, actions: result.Configuration.TransformationConfigurations[0].Actions, lambda_arn: result.Configuration.TransformationConfigurations[0].ContentTransformation.AwsLambda.FunctionArn } }, async create({ client }, config) { const foo = new GetCallerIdentityCommand({}) const iamClient = new STSClient({region: 'eu-central-1'}) const iamResult = await iamClient.send(foo) const command = new CreateAccessPointForObjectLambdaCommand({ AccountId: iamResult.Account, Name: config.name, Configuration: { SupportingAccessPoint: config.supporting_access_point, TransformationConfigurations: [{ Actions: config.actions, ContentTransformation: { AwsLambda: { FunctionArn: config.lambda_arn } } }] } }) const result = await client.send(command) return { ...config, id: config.name, arn: result.ObjectLambdaAccessPointArn } }, async update({ client }, state, config) { const foo = new GetCallerIdentityCommand({}) const iamClient = new STSClient({region: 'eu-central-1'}) const iamResult = await iamClient.send(foo) const command = new PutAccessPointConfigurationForObjectLambdaCommand({ AccountId: iamResult.Account, Name: config.name, Configuration: { SupportingAccessPoint: config.supporting_access_point, TransformationConfigurations: [{ Actions: config.actions, ContentTransformation: { AwsLambda: { FunctionArn: config.lambda_arn } } }] } }) await client.send(command) return config }, async delete({ client }, state) { const foo = new GetCallerIdentityCommand({}) const iamClient = new STSClient({region: 'eu-central-1'}) const iamResult = await iamClient.send(foo) const command = new DeleteAccessPointForObjectLambdaCommand({ AccountId: iamResult.Account, Name: state.name }) await client.send(command) return null; }, }); module.exports = { accessPointforObjectLambda, };