s3-credentials debug-bucket name, closes #86

2024-04-04 21:39:31 -07:00 · 2024-04-04 21:39:31 -07:00 · dafad69e23
commit dafad69e23
--- a/docs/other-commands.md
+++ b/docs/other-commands.md
@ -503,3 +503,45 @@ The following example allows GET and PUT methods from code running on `https://w
      --allowed-origin https://www.example.com/ \
      --expose-header ETag \
      --max-age-seconds 60
+
+## debug-bucket
+
+The `debug-bucket` command is useful for diagnosing issues with a bucket:
+
+    s3-credentials debug-bucket my-bucket
+
+Example output:
+```
+Bucket ACL:
+{
+    "Owner": {
+        "DisplayName": "username",
+        "ID": "cc8ca3a037c6a7c1fa7580076bf7cd1949b3f2f58f01c9df9e53c51f6a249910"
+    },
+    "Grants": [
+        {
+            "Grantee": {
+                "DisplayName": "username",
+                "ID": "cc8ca3a037c6a7c1fa7580076bf7cd1949b3f2f58f01c9df9e53c51f6a249910",
+                "Type": "CanonicalUser"
+            },
+            "Permission": "FULL_CONTROL"
+        }
+    ]
+}
+Bucket policy status:
+{
+    "PolicyStatus": {
+        "IsPublic": true
+    }
+}
+Bucket public access block:
+{
+    "PublicAccessBlockConfiguration": {
+        "BlockPublicAcls": false,
+        "IgnorePublicAcls": false,
+        "BlockPublicPolicy": false,
+        "RestrictPublicBuckets": false
+    }
+}
+```
--- a/s3_credentials/cli.py
+++ b/s3_credentials/cli.py
@ -1329,6 +1329,49 @@ def get_cors_policy(bucket, **boto_options):
    click.echo(json.dumps(response["CORSRules"], indent=4, default=str))


+def without_response_metadata(data):
+    return dict(
+        (key, value) for key, value in data.items() if key != "ResponseMetadata"
+    )
+
+
+@cli.command()
+@click.argument("bucket")
+@common_boto3_options
+def debug_bucket(bucket, **boto_options):
+    """
+    Run a bunch of diagnostics to help debug a bucket
+
+       s3-credentials debug-bucket my-bucket
+    """
+    s3 = make_client("s3", **boto_options)
+
+    try:
+        bucket_acl = s3.get_bucket_acl(Bucket=bucket)
+        click.echo("Bucket ACL:")
+        click.echo(json.dumps(without_response_metadata(bucket_acl), indent=4))
+    except Exception as ex:
+        print(f"Error checking bucket ACL: {ex}")
+
+    try:
+        bucket_policy_status = s3.get_bucket_policy_status(Bucket=bucket)
+        click.echo("Bucket policy status:")
+        click.echo(
+            json.dumps(without_response_metadata(bucket_policy_status), indent=4)
+        )
+    except Exception as ex:
+        print(f"Error checking bucket policy status: {ex}")
+
+    try:
+        bucket_public_access_block = s3.get_public_access_block(Bucket=bucket)
+        click.echo("Bucket public access block:")
+        click.echo(
+            json.dumps(without_response_metadata(bucket_public_access_block), indent=4)
+        )
+    except Exception as ex:
+        print(f"Error checking bucket public access block: {ex}")
+
+
@cli.command()
@click.argument("bucket")
@click.argument(