RubyGems - MovableInkAWS - Versions diffs - 2.6.2 → 2.6.3 - Mend

MovableInkAWS 2.6.2 → 2.6.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (9) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: fb359b343b37bc026f547aa8edc0dcd01fc85786947ef5dc8a6d9ef8b6da05d1
-  data.tar.gz: f0c0c888ac995d1f1c895ae359ff19bc93e46b3ea621852733b39475cad138e1
+  metadata.gz: 4e7ad037cd5628c4064e602e7818305adf691666f178b1cba16f967c17021b1d
+  data.tar.gz: 7f6fbc76c3c7669aadd15682cd806c2e3268f39cd74dd395913910aa01b826f7
 SHA512:
-  metadata.gz: 698f828137a5d649ebe788b5d9c4ab42f333e0a80eeca47708044121703c8afa79248bd86ab8ec0f6afac221c8506d3e52e10356a6f2a3213a09a45926d2d4f0
-  data.tar.gz: 2d68a15e5b41f608411a498fad5db04ec837cdf88791605a73f285e64d1f58964bb7b6d49d7ff6d570e8c919f3c280f607bf6bbc84554339cfbf1ea29eb8de88
+  metadata.gz: 73af21192d6d001442427ed83f21e18b7aee0e214243b6e8572d1ca51f2b9d15a562e14435f666737f6158651285c2a95ac59f3c7a38d8a7539404a4f24a2559
+  data.tar.gz: 0cc73c99406611d2d6482149eea67a8c235b7b5caa0dd7d366ac0e6256c5a2b8faae3de6e83350ff71a464cac40f2b518c6b7a5b72e80613af8a8ee8042352c3

data/Gemfile.lock CHANGED Viewed

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    MovableInkAWS (2.6.2)
+    MovableInkAWS (2.6.3)
       aws-sdk-athena (~> 1)
       aws-sdk-autoscaling (~> 1)
       aws-sdk-cloudwatch (~> 1)

data/lib/movable_ink/aws/iam.rb ADDED Viewed

@@ -0,0 +1,23 @@
+require 'aws-sdk-iam'
+module MovableInk
+  class AWS
+    module IAM
+      def is_arn_iam_user?(arn, username = nil)
+        # arn:aws:iam::account:user/user-name-with-path
+        !arn.match(/arn:aws:iam::\d+:user\/#{(username) ? username + '$' : ''}/).nil?
+      end
+      def is_arn_iam_role?(arn, rolename = nil)
+        # arn:aws:iam::account:role/role-name-with-path
+        !arn.match(/arn:aws:iam::\d+:role\/#{(rolename) ? rolename + '$' : ''}/).nil?
+      end
+      def is_arn_iam_assumed_role?(arn, rolename = nil, exact_match = true)
+        # arn:aws:sts::account:assumed-role/role-name/role-session-name
+        role_name_session_delimiter = (exact_match) ? '/' : ''
+        !arn.match(/arn:aws:sts::\d+:assumed\-role\/#{(rolename) ? rolename + role_name_session_delimiter : ''}/).nil?
+      end
+    end
+  end
+end

data/lib/movable_ink/aws/ssm.rb CHANGED Viewed

@@ -4,14 +4,33 @@ module MovableInk
   class AWS
     module SSM
+      SSM_DEFAULT_REGION = 'us-east-1'
+      SSM_DEFAULT_FAILOVER_REGION = 'us-west-2'
+      def mi_secrets_config_file_path
+        '/etc/movableink/secrets_config.json'
+      end
+      def mi_secrets_config
+        @mi_secrets_config ||= (File.exist?(mi_secrets_config_file_path)) ? JSON.parse(File.read(mi_secrets_config_file_path), :symbolize_names => true) : nil
+      end
+      def mi_ssm_clients_regions
+        default_regions = [SSM_DEFAULT_REGION, SSM_DEFAULT_FAILOVER_REGION]
+        return default_regions if !mi_secrets_config || !mi_secrets_config[:ssm_parameters_regions_map] || !mi_secrets_config[:ssm_parameters_regions_map].key?(my_region.to_sym)
+        my_region_map = mi_secrets_config[:ssm_parameters_regions_map][my_region.to_sym]
+        (my_region_map.keys == [:primary_region, :failover_region]) ? my_region_map.values : default_regions
+      end
       def ssm_client(region = nil)
         @ssm_clients_map ||= {}
-        @ssm_clients_map[region] ||= Aws::SSM::Client.new(region: (region.nil?) ? 'us-east-1' : region)
+        @ssm_clients_map[region] ||= Aws::SSM::Client.new(region: (region.nil?) ? mi_ssm_clients_regions[0] : region)
       end
       def ssm_client_failover(failregion = nil)
         @ssm_failover_clients_map ||= {}
-        @ssm_failover_clients_map[failregion] ||= Aws::SSM::Client.new(region: (failregion.nil?) ? 'us-west-2' : failregion)
+        @ssm_failover_clients_map[failregion] ||= Aws::SSM::Client.new(region: (failregion.nil?) ? mi_ssm_clients_regions[1] : failregion)
       end
       def run_with_backoff_and_client_fallback(region = nil, failregion = nil, &block)

data/lib/movable_ink/aws.rb CHANGED Viewed

@@ -7,13 +7,12 @@ require_relative 'aws/route53'
 require_relative 'aws/ssm'
 require_relative 'aws/athena'
 require_relative 'aws/s3'
+require_relative 'aws/iam'
 require_relative 'aws/eks'
 require_relative 'aws/elasticache'
 require_relative 'aws/api_gateway'
 require_relative 'consul/consul'
 require 'aws-sdk-cloudwatch'
-require 'aws-sdk-iam'
 module MovableInk
   class AWS
@@ -28,6 +27,7 @@ module MovableInk
     include ElastiCache
     include ApiGateway
     include EKS
+    include IAM
     class << self
       def regions

data/lib/movable_ink/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 module MovableInk
   class AWS
-    VERSION = '2.6.2'
+    VERSION = '2.6.3'
   end
 end

data/spec/iam_spec.rb ADDED Viewed

@@ -0,0 +1,43 @@
+require_relative '../lib/movable_ink/aws'
+describe MovableInk::AWS::IAM do
+  let(:aws) { MovableInk::AWS.new }
+  describe 'is_arn_iam_user?' do
+    it 'matches user by arn type' do
+      expect(aws.is_arn_iam_user?('arn:aws:iam::123:user/anosulchyk')).to eq true
+      expect(aws.is_arn_iam_user?('arn:aws:iam::123:role/anosulchyk')).to eq false
+    end
+    it 'matches user by arn type and name' do
+      expect(aws.is_arn_iam_user?('arn:aws:iam::123:user/anosulchyk', 'anosulchyk')).to eq true
+      expect(aws.is_arn_iam_user?('arn:aws:iam::123:user/this/is/user/too', 'this/is/user/too')).to eq true
+      expect(aws.is_arn_iam_user?('arn:aws:iam::123:user/anosulchyk', 'anosulchik11')).to eq false
+    end
+  end
+   describe 'is_arn_iam_role?' do
+    it 'matches role by arn type' do
+      expect(aws.is_arn_iam_role?('arn:aws:iam::123:role/anosulchyk')).to eq true
+      expect(aws.is_arn_iam_role?('arn:aws:sts::123:role/anosulchyk')).to eq false
+    end
+    it 'matches role by arn type and name' do
+       expect(aws.is_arn_iam_role?('arn:aws:iam::123:role/anosulchyk', 'anosulchyk')).to eq true
+      expect(aws.is_arn_iam_role?('arn:aws:iam::123:role/anosulchyk', 'anosulchik11')).to eq false
+    end
+  end
+  describe 'is_arn_iam_assumed_role?' do
+    it 'matches role by arn type' do
+      expect(aws.is_arn_iam_assumed_role?('arn:aws:sts::123:assumed-role/anosulchyk/session')).to eq true
+      expect(aws.is_arn_iam_assumed_role?('arn:aws:sts::123:role/anosulchyk')).to eq false
+    end
+    it 'matches role by arn type and name' do
+       expect(aws.is_arn_iam_assumed_role?('arn:aws:sts::123:assumed-role/anosulchyk/session', 'anosulchyk')).to eq true
+      expect(aws.is_arn_iam_assumed_role?('arn:aws:sts::123:assumed-role/anosulchyk/session-name', '1anosulchyk1')).to eq false
+    end
+  end
+end

data/spec/ssm_spec.rb CHANGED Viewed

@@ -9,6 +9,8 @@ describe MovableInk::AWS::SSM do
       value: 'too-many-secrets'
     })
   }
+  let(:mi_secrets_config_file_path) { '/etc/movableink/secrets_config.json' }
+  let(:mi_secrets_config_file_mock) { "{\"ssm_parameters_regions_map\": { \"us-east-1\": {\"primary_region\": \"us-east-1\", \"failover_region\": \"us-east-2\"}}}" }
   let(:parameters) { ssm.stub_data(:get_parameters_by_path, parameters: [
       {
         name: '/test/zelda/Its',
@@ -113,4 +115,36 @@ describe MovableInk::AWS::SSM do
       expect(results).to include(1, 2)
     end
   end
+  describe 'mi_secrets_config_file_path' do
+    it 'returns string' do
+      expect(aws.mi_secrets_config_file_path).to eq mi_secrets_config_file_path
+    end
+  end
+  describe 'mi_secrets_config' do
+    it 'parses config file with symbols' do
+       allow(File).to receive(:read).with(mi_secrets_config_file_path).and_return(mi_secrets_config_file_mock)
+       allow(File).to receive(:exist?).with(mi_secrets_config_file_path).and_return(true)
+       config = aws.mi_secrets_config
+       expect(config.keys).to eq([:ssm_parameters_regions_map])
+       expect(config[:ssm_parameters_regions_map][:"us-east-1"][:primary_region]).to eq 'us-east-1'
+       expect(config[:ssm_parameters_regions_map][:"us-east-1"][:failover_region]).to eq 'us-east-2'
+    end
+  end
+  describe 'mi_ssm_clients_regions' do
+    it 'returns values from config' do
+      allow(aws).to receive(:mi_secrets_config).and_return(JSON.parse(mi_secrets_config_file_mock, :symbolize_names => true))
+      allow(aws).to receive(:my_region).and_return('us-east-1')
+      expect(aws.mi_ssm_clients_regions).to eq ['us-east-1', 'us-east-2']
+    end
+    it 'returns default values if config is missing' do
+      allow(aws).to receive(:mi_secrets_config).and_return(nil)
+      allow(aws).to receive(:my_region).and_return('us-east-1')
+      expect(aws.mi_ssm_clients_regions).to eq ['us-east-1', 'us-west-2']
+    end
+  end
 end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: MovableInkAWS
 version: !ruby/object:Gem::Version
-  version: 2.6.2
+  version: 2.6.3
 platform: ruby
 authors:
 - Matt Chesler
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2022-05-09 00:00:00.000000000 Z
+date: 2022-05-12 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk-core
@@ -255,6 +255,7 @@ files:
 - lib/movable_ink/aws/eks.rb
 - lib/movable_ink/aws/elasticache.rb
 - lib/movable_ink/aws/errors.rb
+- lib/movable_ink/aws/iam.rb
 - lib/movable_ink/aws/metadata.rb
 - lib/movable_ink/aws/route53.rb
 - lib/movable_ink/aws/s3.rb
@@ -267,6 +268,7 @@ files:
 - spec/consul_spec.rb
 - spec/ec2_spec.rb
 - spec/elasticache_spec.rb
+- spec/iam_spec.rb
 - spec/metadata_spec.rb
 - spec/route53_spec.rb
 - spec/s3_spec.rb