From 19be12ae357908aa76c3ec7eba7250e86517ae6a Mon Sep 17 00:00:00 2001
From: Luis Ventura <30115537+Lawiss@users.noreply.github.com>
Date: Fri, 4 Apr 2025 09:18:44 +0200
Subject: [PATCH] Adds --s3-acl option to the cli

This option allows to set a S3 Canned ACL value for the report.
---
 elementary/clients/s3/client.py | 6 +++++-
 elementary/config/config.py     | 2 ++
 elementary/monitor/cli.py       | 8 ++++++++
 3 files changed, 15 insertions(+), 1 deletion(-)

diff --git a/elementary/clients/s3/client.py b/elementary/clients/s3/client.py
index d2c6b4182..b2996d79d 100644
--- a/elementary/clients/s3/client.py
+++ b/elementary/clients/s3/client.py
@@ -41,11 +41,15 @@ def send_report(
         bucket_report_path = remote_bucket_file_path or report_filename
         bucket_website_url = None
         logger.info(f'Uploading to S3 bucket "{self.config.s3_bucket_name}"')
+
+        extra_args = {"ContentType": "text/html"}
+        if self.config.s3_acl is not None:
+            extra_args["ACL"] = self.config.s3_acl
         self.client.upload_file(
             local_html_file_path,
             self.config.s3_bucket_name,
             bucket_report_path,
-            ExtraArgs={"ContentType": "text/html"},
+            ExtraArgs=extra_args,
         )
         logger.info("Uploaded report to S3.")
         if self.config.update_bucket_website:
diff --git a/elementary/config/config.py b/elementary/config/config.py
index 3eaefef46..2f61c89cb 100644
--- a/elementary/config/config.py
+++ b/elementary/config/config.py
@@ -62,6 +62,7 @@ def __init__(
         aws_session_token: Optional[str] = None,
         s3_endpoint_url: Optional[str] = None,
         s3_bucket_name: Optional[str] = None,
+        s3_acl: Optional[str] = None,
         google_project_name: Optional[str] = None,
         google_service_account_path: Optional[str] = None,
         gcs_bucket_name: Optional[str] = None,
@@ -159,6 +160,7 @@ def __init__(
         self.aws_access_key_id = aws_access_key_id
         self.aws_secret_access_key = aws_secret_access_key
         self.aws_session_token = aws_session_token
+        self.s3_acl = s3_acl
 
         google_config = config.get(self._GOOGLE, {})
         self.google_project_name = self._first_not_none(
diff --git a/elementary/monitor/cli.py b/elementary/monitor/cli.py
index 019293f1f..36d63eac0 100644
--- a/elementary/monitor/cli.py
+++ b/elementary/monitor/cli.py
@@ -526,6 +526,12 @@ def report(
     default=None,
     help="The name of the S3 bucket to upload the report to.",
 )
+@click.option(
+    "--s3-acl",
+    type=str,
+    default=None,
+    help="S3 Canned ACL value used to modify report permissions, for example set to 'public-read' to make the report publicly accessible.",
+)
 @click.option(
     "--google-service-account-path",
     type=str,
@@ -638,6 +644,7 @@ def send_report(
     aws_session_token,
     s3_endpoint_url,
     s3_bucket_name,
+    s3_acl,
     azure_connection_string,
     azure_container_name,
     google_service_account_path,
@@ -686,6 +693,7 @@ def send_report(
         azure_container_name=azure_container_name,
         s3_endpoint_url=s3_endpoint_url,
         s3_bucket_name=s3_bucket_name,
+        s3_acl=s3_acl,
         google_service_account_path=google_service_account_path,
         google_project_name=google_project_name,
         gcs_bucket_name=gcs_bucket_name,