@@ -196,32 +196,29 @@ def process_action_chunk(action_chunk, bucket, prefix, dry_run, s3_client):
196196 }
197197
198198 for action in action_chunk :
199- created = False
200- removed = False
199+ success = False
200+ error = None
201+
201202 match action ['action' ]:
202203 case 'add' :
203- created , error = create_s3_object (
204- action ['address' ],
205- bucket ,
206- prefix ,
207- dry_run ,
208- s3_client
204+ success , error = create_s3_object (
205+ action ['address' ], bucket , prefix , dry_run , s3_client
209206 )
207+ if success :
208+ results ['created' ] += 1
209+ else :
210+ results ['errors' ] += 1
211+ if error : logger .error (error )
210212 case 'remove' :
211- removed , error = delete_s3_object (
212- action ['address' ],
213- bucket ,
214- prefix ,
215- dry_run ,
216- s3_client
213+ success , error = delete_s3_object (
214+ action ['address' ], bucket , prefix , dry_run , s3_client
217215 )
218- if created :
219- results ['created' ] += 1
220- if removed :
221- results ['removed' ] += 1
222- else :
223- results ['errors' ] += 1
224- logger .error (error )
216+ if success :
217+ results ['removed' ] += 1
218+ else :
219+ results ['errors' ] += 1
220+ if error :
221+ logger .error (error )
225222
226223 return results
227224
@@ -326,28 +323,31 @@ def main():
326323 s3_resource = boto3 .resource ('s3' )
327324 bucket = s3_resource .Bucket (args .bucket )
328325
329- # Read sanctioned addresses
330326 sdn_addresses = read_sanctioned_addresses (args .directory )
331- s3_addresses = [decode (obj .key .replace (OBJECT_PREFIX , "" )) for obj in bucket .objects .all ()]
327+ s3_addresses = [
328+ decode (obj .key .replace (OBJECT_PREFIX , "" ))
329+ for obj in bucket .objects .all ()
330+ ]
332331
333- if not sdn_addresses :
334- logger .error ("No addresses found in SDN list. Exiting." )
335- return
332+ # If SDN is empty, this will generate 'remove' actions for all S3 objects
336333 actions = generate_actions (sdn_addresses , s3_addresses )
334+ # Safety check - but allow it to proceed if SDN is legitimately empty
337335 remove_count = sum (1 for a in actions if a ['action' ] == 'remove' )
338336 total_count = len (s3_addresses )
339- percent_removed = (remove_count / total_count ) * 100
340- if percent_removed > 15 :
341- # Only manual runs by whitelisted actors can bypass the 15% limit
342- if os .getenv ('GITHUB_ACTOR' ) not in "mrose17" , "Sneagan" , "mschfh" ]:
343- logger .error ("Too many addresses are set to be removed. Human "
344- f'review required.\n Total addresses: { total_count } \n '
345- f'Addresses to remove: { remove_count } )
346- raise Exception ("Too many addresses are set to be removed. Human "
347- f'review required.\n Total addresses: { total_count }
348- f'\n Addresses to remove: { remove_count } )
349-
350- # Create S3 objects
337+
338+ if total_count > 0 :
339+ percent_removed = (remove_count / total_count ) * 100
340+ if percent_removed > 15 :
341+ # Only manual runs by whitelisted actors can bypass the 15% limit
342+ if os .getenv ('GITHUB_ACTOR' ) not in "mrose17" , "Sneagan" , "mschfh" ]:
343+ logger .error ("Too many addresses are set to be removed. Human "
344+ f'review required.\n Total addresses: { total_count } \n '
345+ f'Addresses to remove: { remove_count } )
346+ raise Exception ("Too many addresses are set to be removed. Human "
347+ f'review required.\n Total addresses: { total_count }
348+ f'\n Addresses to remove: { remove_count } )
349+
350+ # Create/delete S3 objects
351351 result = reconcile_s3 (
352352 actions = actions ,
353353 bucket = args .bucket ,
0 commit comments