awspec 0.55.0 → 0.56.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/awspec.rb +1 -0
- data/lib/awspec/generator/template.rb +6 -3
- data/lib/awspec/shared_context.rb +11 -0
- data/lib/awspec/type/ami.rb +7 -5
- data/lib/awspec/type/autoscaling_group.rb +8 -6
- data/lib/awspec/type/base.rb +15 -7
- data/lib/awspec/type/cloudfront_distribution.rb +8 -6
- data/lib/awspec/type/cloudtrail.rb +10 -8
- data/lib/awspec/type/cloudwatch_alarm.rb +9 -7
- data/lib/awspec/type/cloudwatch_event.rb +8 -6
- data/lib/awspec/type/directconnect_virtual_interface.rb +11 -4
- data/lib/awspec/type/ebs.rb +14 -7
- data/lib/awspec/type/ec2.rb +20 -13
- data/lib/awspec/type/elasticache.rb +13 -6
- data/lib/awspec/type/elasticache_cache_parameter_group.rb +15 -8
- data/lib/awspec/type/elasticsearch.rb +9 -7
- data/lib/awspec/type/elastictranscoder_pipeline.rb +7 -5
- data/lib/awspec/type/elb.rb +11 -9
- data/lib/awspec/type/iam_group.rb +8 -6
- data/lib/awspec/type/iam_policy.rb +8 -6
- data/lib/awspec/type/iam_role.rb +8 -6
- data/lib/awspec/type/iam_user.rb +8 -6
- data/lib/awspec/type/kms.rb +8 -6
- data/lib/awspec/type/lambda.rb +8 -6
- data/lib/awspec/type/launch_configuration.rb +7 -5
- data/lib/awspec/type/nat_gateway.rb +8 -6
- data/lib/awspec/type/network_acl.rb +10 -8
- data/lib/awspec/type/network_interface.rb +14 -12
- data/lib/awspec/type/rds.rb +14 -12
- data/lib/awspec/type/rds_db_cluster_parameter_group.rb +13 -9
- data/lib/awspec/type/rds_db_parameter_group.rb +13 -9
- data/lib/awspec/type/route53_hosted_zone.rb +11 -7
- data/lib/awspec/type/route_table.rb +8 -6
- data/lib/awspec/type/s3_bucket.rb +15 -13
- data/lib/awspec/type/security_group.rb +14 -13
- data/lib/awspec/type/ses_identity.rb +15 -13
- data/lib/awspec/type/subnet.rb +7 -5
- data/lib/awspec/type/vpc.rb +13 -11
- data/lib/awspec/type/waf_web_acl.rb +8 -6
- data/lib/awspec/version.rb +1 -1
- metadata +3 -2
|
@@ -1,9 +1,11 @@
|
|
|
1
1
|
module Awspec::Type
|
|
2
2
|
class NetworkInterface < Base
|
|
3
|
-
def
|
|
4
|
-
|
|
5
|
-
|
|
6
|
-
|
|
3
|
+
def resource_via_client
|
|
4
|
+
@resource_via_client ||= find_network_interface(@display_name)
|
|
5
|
+
end
|
|
6
|
+
|
|
7
|
+
def id
|
|
8
|
+
@id ||= resource_via_client.network_interface_id if resource_via_client
|
|
7
9
|
end
|
|
8
10
|
|
|
9
11
|
STATES = %w(
|
|
@@ -12,28 +14,28 @@ module Awspec::Type
|
|
|
12
14
|
|
|
13
15
|
STATES.each do |state|
|
|
14
16
|
define_method state.tr('-', '_') + '?' do
|
|
15
|
-
|
|
17
|
+
resource_via_client.status == state
|
|
16
18
|
end
|
|
17
19
|
end
|
|
18
20
|
|
|
19
21
|
def attached_to?(instance_id, device_index = 0)
|
|
20
22
|
instance = find_ec2(instance_id)
|
|
21
23
|
return false unless instance
|
|
22
|
-
return false unless
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
|
|
24
|
+
return false unless resource_via_client.attachment
|
|
25
|
+
resource_via_client.attachment.instance_id == instance.instance_id && \
|
|
26
|
+
resource_via_client.attachment.status == 'attached' && \
|
|
27
|
+
resource_via_client.attachment.device_index == device_index
|
|
26
28
|
end
|
|
27
29
|
|
|
28
30
|
def has_private_ip_address?(ip_address, primary = nil)
|
|
29
|
-
|
|
31
|
+
resource_via_client.private_ip_addresses.find do |i|
|
|
30
32
|
next false if !primary.nil? && i.primary != primary
|
|
31
33
|
i.private_ip_address == ip_address
|
|
32
34
|
end
|
|
33
35
|
end
|
|
34
36
|
|
|
35
37
|
def has_security_group?(sg_id)
|
|
36
|
-
sgs =
|
|
38
|
+
sgs = resource_via_client.groups
|
|
37
39
|
ret = sgs.find do |sg|
|
|
38
40
|
sg.group_id == sg_id || sg.group_name == sg_id
|
|
39
41
|
end
|
|
@@ -46,7 +48,7 @@ module Awspec::Type
|
|
|
46
48
|
end
|
|
47
49
|
|
|
48
50
|
def private_ip_addresses_count
|
|
49
|
-
|
|
51
|
+
resource_via_client.private_ip_addresses.count
|
|
50
52
|
end
|
|
51
53
|
end
|
|
52
54
|
end
|
data/lib/awspec/type/rds.rb
CHANGED
|
@@ -2,10 +2,12 @@ module Awspec::Type
|
|
|
2
2
|
class Rds < Base
|
|
3
3
|
aws_resource Aws::RDS::DBInstance
|
|
4
4
|
|
|
5
|
-
def
|
|
6
|
-
|
|
7
|
-
|
|
8
|
-
|
|
5
|
+
def resource_via_client
|
|
6
|
+
@resource_via_client ||= find_rds(@display_name)
|
|
7
|
+
end
|
|
8
|
+
|
|
9
|
+
def id
|
|
10
|
+
@id ||= resource_via_client.db_instance_identifier if resource_via_client
|
|
9
11
|
end
|
|
10
12
|
|
|
11
13
|
STATES = %w(
|
|
@@ -20,12 +22,12 @@ module Awspec::Type
|
|
|
20
22
|
|
|
21
23
|
STATES.each do |state|
|
|
22
24
|
define_method state.tr('-', '_') + '?' do
|
|
23
|
-
|
|
25
|
+
resource_via_client.db_instance_status == state
|
|
24
26
|
end
|
|
25
27
|
end
|
|
26
28
|
|
|
27
29
|
def vpc_id
|
|
28
|
-
|
|
30
|
+
resource_via_client.db_subnet_group.vpc_id
|
|
29
31
|
end
|
|
30
32
|
|
|
31
33
|
def has_security_group?(sg_id)
|
|
@@ -36,14 +38,14 @@ module Awspec::Type
|
|
|
36
38
|
end
|
|
37
39
|
|
|
38
40
|
def has_db_parameter_group?(name)
|
|
39
|
-
pgs =
|
|
41
|
+
pgs = resource_via_client.db_parameter_groups
|
|
40
42
|
pgs.find do |pg|
|
|
41
43
|
pg.db_parameter_group_name == name
|
|
42
44
|
end
|
|
43
45
|
end
|
|
44
46
|
|
|
45
47
|
def has_option_group?(name)
|
|
46
|
-
ogs =
|
|
48
|
+
ogs = resource_via_client.option_group_memberships
|
|
47
49
|
ogs.find do |og|
|
|
48
50
|
og.option_group_name == name
|
|
49
51
|
end
|
|
@@ -52,14 +54,14 @@ module Awspec::Type
|
|
|
52
54
|
private
|
|
53
55
|
|
|
54
56
|
def has_vpc_security_group_id?(sg_id)
|
|
55
|
-
sgs =
|
|
57
|
+
sgs = resource_via_client.vpc_security_groups
|
|
56
58
|
sgs.find do |sg|
|
|
57
59
|
sg.vpc_security_group_id == sg_id
|
|
58
60
|
end
|
|
59
61
|
end
|
|
60
62
|
|
|
61
63
|
def has_vpc_security_group_name?(sg_id)
|
|
62
|
-
sgs =
|
|
64
|
+
sgs = resource_via_client.vpc_security_groups
|
|
63
65
|
res = ec2_client.describe_security_groups({
|
|
64
66
|
filters: [{ name: 'group-name', values: [sg_id] }]
|
|
65
67
|
})
|
|
@@ -70,7 +72,7 @@ module Awspec::Type
|
|
|
70
72
|
end
|
|
71
73
|
|
|
72
74
|
def has_vpc_security_group_tag_name?(sg_id)
|
|
73
|
-
sgs =
|
|
75
|
+
sgs = resource_via_client.vpc_security_groups
|
|
74
76
|
res = ec2_client.describe_security_groups({
|
|
75
77
|
filters: [{ name: 'tag:Name', values: [sg_id] }]
|
|
76
78
|
})
|
|
@@ -81,7 +83,7 @@ module Awspec::Type
|
|
|
81
83
|
end
|
|
82
84
|
|
|
83
85
|
def has_db_security_group_name?(sg_id)
|
|
84
|
-
sgs =
|
|
86
|
+
sgs = resource_via_client.db_security_groups
|
|
85
87
|
sgs.find do |sg|
|
|
86
88
|
sg.db_security_group_name == sg_id
|
|
87
89
|
end
|
|
@@ -1,27 +1,31 @@
|
|
|
1
1
|
module Awspec::Type
|
|
2
2
|
class RdsDbClusterParameterGroup < Base
|
|
3
|
-
def
|
|
4
|
-
|
|
5
|
-
|
|
3
|
+
def resource_via_client
|
|
4
|
+
return @resource_via_client if @resource_via_client
|
|
5
|
+
|
|
6
|
+
parameters = {}
|
|
6
7
|
res = rds_client.describe_db_cluster_parameters({
|
|
7
|
-
db_cluster_parameter_group_name:
|
|
8
|
+
db_cluster_parameter_group_name: @display_name
|
|
8
9
|
})
|
|
9
10
|
|
|
10
11
|
loop do
|
|
11
12
|
res.parameters.each do |param|
|
|
12
|
-
|
|
13
|
+
parameters[param.parameter_name] = param.parameter_value
|
|
13
14
|
end
|
|
14
15
|
(res.respond_to?(:next_page?) && res.next_page? && res = res.next_page) || break
|
|
15
16
|
end
|
|
16
17
|
|
|
17
|
-
@
|
|
18
|
-
|
|
18
|
+
@resource_via_client ||= parameters
|
|
19
|
+
end
|
|
20
|
+
|
|
21
|
+
def id
|
|
22
|
+
@id ||= @display_name unless resource_via_client.empty?
|
|
19
23
|
end
|
|
20
24
|
|
|
21
25
|
def method_missing(name)
|
|
22
26
|
param_name = name.to_s
|
|
23
|
-
if
|
|
24
|
-
|
|
27
|
+
if resource_via_client.include?(param_name)
|
|
28
|
+
resource_via_client[param_name].to_s
|
|
25
29
|
else
|
|
26
30
|
super
|
|
27
31
|
end
|
|
@@ -1,27 +1,31 @@
|
|
|
1
1
|
module Awspec::Type
|
|
2
2
|
class RdsDbParameterGroup < Base
|
|
3
|
-
def
|
|
4
|
-
|
|
5
|
-
|
|
3
|
+
def resource_via_client
|
|
4
|
+
return @resource_via_client if @resource_via_client
|
|
5
|
+
|
|
6
|
+
parameters = {}
|
|
6
7
|
res = rds_client.describe_db_parameters({
|
|
7
|
-
db_parameter_group_name:
|
|
8
|
+
db_parameter_group_name: @display_name
|
|
8
9
|
})
|
|
9
10
|
|
|
10
11
|
loop do
|
|
11
12
|
res.parameters.each do |param|
|
|
12
|
-
|
|
13
|
+
parameters[param.parameter_name] = param.parameter_value
|
|
13
14
|
end
|
|
14
15
|
(res.next_page? && res = res.next_page) || break
|
|
15
16
|
end
|
|
16
17
|
|
|
17
|
-
@
|
|
18
|
-
|
|
18
|
+
@resource_via_client ||= parameters
|
|
19
|
+
end
|
|
20
|
+
|
|
21
|
+
def id
|
|
22
|
+
@id ||= @display_name unless resource_via_client.empty?
|
|
19
23
|
end
|
|
20
24
|
|
|
21
25
|
def method_missing(name)
|
|
22
26
|
param_name = name.to_s
|
|
23
|
-
if
|
|
24
|
-
|
|
27
|
+
if resource_via_client.include?(param_name)
|
|
28
|
+
resource_via_client[param_name].to_s
|
|
25
29
|
else
|
|
26
30
|
super
|
|
27
31
|
end
|
|
@@ -1,16 +1,20 @@
|
|
|
1
1
|
module Awspec::Type
|
|
2
2
|
class Route53HostedZone < Base
|
|
3
|
-
def
|
|
4
|
-
|
|
5
|
-
|
|
6
|
-
|
|
7
|
-
|
|
8
|
-
@
|
|
3
|
+
def resource_via_client
|
|
4
|
+
@resource_via_client ||= find_hosted_zone(@display_name)
|
|
5
|
+
end
|
|
6
|
+
|
|
7
|
+
def id
|
|
8
|
+
@id ||= resource_via_client.id if resource_via_client
|
|
9
|
+
end
|
|
10
|
+
|
|
11
|
+
def resource_via_client_record_sets
|
|
12
|
+
@resource_via_client_record_sets ||= select_record_sets_by_hosted_zone_id(id)
|
|
9
13
|
end
|
|
10
14
|
|
|
11
15
|
def has_record_set?(name, type, value, options = {})
|
|
12
16
|
name.gsub!(/\*/, '\\\052') # wildcard support
|
|
13
|
-
ret =
|
|
17
|
+
ret = resource_via_client_record_sets.find do |record_set|
|
|
14
18
|
# next if record_set.type != type.upcase
|
|
15
19
|
next unless record_set.type.casecmp(type) == 0
|
|
16
20
|
options[:ttl] = record_set[:ttl] unless options[:ttl]
|
|
@@ -3,10 +3,12 @@ module Awspec::Type
|
|
|
3
3
|
aws_resource Aws::EC2::RouteTable
|
|
4
4
|
tags_allowed
|
|
5
5
|
|
|
6
|
-
def
|
|
7
|
-
|
|
8
|
-
|
|
9
|
-
|
|
6
|
+
def resource_via_client
|
|
7
|
+
@resource_via_client ||= find_route_table(@display_name)
|
|
8
|
+
end
|
|
9
|
+
|
|
10
|
+
def id
|
|
11
|
+
@id ||= resource_via_client.route_table_id if resource_via_client
|
|
10
12
|
end
|
|
11
13
|
|
|
12
14
|
def has_route?(destination,
|
|
@@ -14,7 +16,7 @@ module Awspec::Type
|
|
|
14
16
|
instance_id = nil,
|
|
15
17
|
vpc_peering_connection_id = nil,
|
|
16
18
|
nat_gateway_id = nil)
|
|
17
|
-
|
|
19
|
+
resource_via_client.routes.find do |route|
|
|
18
20
|
if destination
|
|
19
21
|
next false unless route.destination_cidr_block == destination
|
|
20
22
|
end
|
|
@@ -28,7 +30,7 @@ module Awspec::Type
|
|
|
28
30
|
def has_subnet?(subnet_id)
|
|
29
31
|
subnet = find_subnet(subnet_id)
|
|
30
32
|
return false unless subnet
|
|
31
|
-
|
|
33
|
+
resource_via_client.associations.find do |a|
|
|
32
34
|
a.subnet_id == subnet.subnet_id
|
|
33
35
|
end
|
|
34
36
|
end
|
|
@@ -2,15 +2,17 @@ module Awspec::Type
|
|
|
2
2
|
class S3Bucket < Base
|
|
3
3
|
aws_resource Aws::S3::Bucket
|
|
4
4
|
|
|
5
|
-
def
|
|
6
|
-
|
|
7
|
-
|
|
8
|
-
|
|
5
|
+
def resource_via_client
|
|
6
|
+
@resource_via_client ||= find_bucket(@display_name)
|
|
7
|
+
end
|
|
8
|
+
|
|
9
|
+
def id
|
|
10
|
+
@id ||= @display_name if resource_via_client
|
|
9
11
|
end
|
|
10
12
|
|
|
11
13
|
def has_object?(key)
|
|
12
14
|
res = s3_client.head_object({
|
|
13
|
-
bucket:
|
|
15
|
+
bucket: id,
|
|
14
16
|
key: key.sub(%r(\A/), '')
|
|
15
17
|
})
|
|
16
18
|
res
|
|
@@ -19,7 +21,7 @@ module Awspec::Type
|
|
|
19
21
|
end
|
|
20
22
|
|
|
21
23
|
def has_acl_grant?(grantee:, permission:)
|
|
22
|
-
@acl = find_bucket_acl(
|
|
24
|
+
@acl = find_bucket_acl(id)
|
|
23
25
|
@acl.grants.find do |grant|
|
|
24
26
|
grant.permission == permission &&
|
|
25
27
|
(grant.grantee.display_name == grantee || grant.grantee.uri == grantee || grant.grantee.id == grantee)
|
|
@@ -27,12 +29,12 @@ module Awspec::Type
|
|
|
27
29
|
end
|
|
28
30
|
|
|
29
31
|
def acl_owner
|
|
30
|
-
@acl = find_bucket_acl(
|
|
32
|
+
@acl = find_bucket_acl(id)
|
|
31
33
|
@acl.owner.display_name
|
|
32
34
|
end
|
|
33
35
|
|
|
34
36
|
def acl_grants_count
|
|
35
|
-
@acl = find_bucket_acl(
|
|
37
|
+
@acl = find_bucket_acl(id)
|
|
36
38
|
@acl.grants.count
|
|
37
39
|
end
|
|
38
40
|
|
|
@@ -55,7 +57,7 @@ module Awspec::Type
|
|
|
55
57
|
end
|
|
56
58
|
|
|
57
59
|
def has_policy?(policy)
|
|
58
|
-
bp = find_bucket_policy(
|
|
60
|
+
bp = find_bucket_policy(id)
|
|
59
61
|
if bp
|
|
60
62
|
JSON.parse(bp.policy.read, array_class: Set) == JSON.parse(policy, array_class: Set)
|
|
61
63
|
else
|
|
@@ -64,7 +66,7 @@ module Awspec::Type
|
|
|
64
66
|
end
|
|
65
67
|
|
|
66
68
|
def has_logging_enabled?(target_bucket: nil, target_prefix: nil)
|
|
67
|
-
bl = find_bucket_logging(
|
|
69
|
+
bl = find_bucket_logging(id)
|
|
68
70
|
le = bl ? bl.logging_enabled : nil
|
|
69
71
|
|
|
70
72
|
return false if le.nil?
|
|
@@ -74,19 +76,19 @@ module Awspec::Type
|
|
|
74
76
|
end
|
|
75
77
|
|
|
76
78
|
def has_versioning_enabled?
|
|
77
|
-
bv = find_bucket_versioning(
|
|
79
|
+
bv = find_bucket_versioning(id)
|
|
78
80
|
bv ? (bv.status == 'Enabled') : false
|
|
79
81
|
end
|
|
80
82
|
|
|
81
83
|
def has_mfa_delete_enabled?
|
|
82
|
-
bv = find_bucket_versioning(
|
|
84
|
+
bv = find_bucket_versioning(id)
|
|
83
85
|
bv ? (bv.mfa_delete == 'Enabled') : false
|
|
84
86
|
end
|
|
85
87
|
|
|
86
88
|
private
|
|
87
89
|
|
|
88
90
|
def cors_rules
|
|
89
|
-
cors = find_bucket_cors(
|
|
91
|
+
cors = find_bucket_cors(id)
|
|
90
92
|
cors ? cors.cors_rules : []
|
|
91
93
|
end
|
|
92
94
|
end
|
|
@@ -3,11 +3,12 @@ module Awspec::Type
|
|
|
3
3
|
aws_resource Aws::EC2::SecurityGroup
|
|
4
4
|
tags_allowed
|
|
5
5
|
|
|
6
|
-
def
|
|
7
|
-
|
|
8
|
-
|
|
9
|
-
|
|
10
|
-
|
|
6
|
+
def resource_via_client
|
|
7
|
+
@resource_via_client ||= find_security_group(@display_name)
|
|
8
|
+
end
|
|
9
|
+
|
|
10
|
+
def id
|
|
11
|
+
@id ||= resource_via_client.group_id if resource_via_client
|
|
11
12
|
end
|
|
12
13
|
|
|
13
14
|
def opened?(port = nil, protocol = nil, cidr = nil)
|
|
@@ -21,13 +22,13 @@ module Awspec::Type
|
|
|
21
22
|
end
|
|
22
23
|
|
|
23
24
|
def inbound_opened?(port = nil, protocol = nil, cidr = nil)
|
|
24
|
-
|
|
25
|
+
resource_via_client.ip_permissions.find do |permission|
|
|
25
26
|
cidr_opened?(permission, cidr) && protocol_opened?(permission, protocol) && port_opened?(permission, port)
|
|
26
27
|
end
|
|
27
28
|
end
|
|
28
29
|
|
|
29
30
|
def inbound_opened_only?(port = nil, protocol = nil, cidr = nil)
|
|
30
|
-
permissions =
|
|
31
|
+
permissions = resource_via_client.ip_permissions.select do |permission|
|
|
31
32
|
protocol_opened?(permission, protocol) && port_opened?(permission, port)
|
|
32
33
|
end
|
|
33
34
|
cidrs = []
|
|
@@ -38,13 +39,13 @@ module Awspec::Type
|
|
|
38
39
|
end
|
|
39
40
|
|
|
40
41
|
def outbound_opened?(port = nil, protocol = nil, cidr = nil)
|
|
41
|
-
|
|
42
|
+
resource_via_client.ip_permissions_egress.find do |permission|
|
|
42
43
|
cidr_opened?(permission, cidr) && protocol_opened?(permission, protocol) && port_opened?(permission, port)
|
|
43
44
|
end
|
|
44
45
|
end
|
|
45
46
|
|
|
46
47
|
def outbound_opened_only?(port = nil, protocol = nil, cidr = nil)
|
|
47
|
-
permissions =
|
|
48
|
+
permissions = resource_via_client.ip_permissions_egress.select do |permission|
|
|
48
49
|
protocol_opened?(permission, protocol) && port_opened?(permission, port)
|
|
49
50
|
end
|
|
50
51
|
cidrs = []
|
|
@@ -65,23 +66,23 @@ module Awspec::Type
|
|
|
65
66
|
end
|
|
66
67
|
|
|
67
68
|
def ip_permissions_count
|
|
68
|
-
|
|
69
|
+
resource_via_client.ip_permissions.count
|
|
69
70
|
end
|
|
70
71
|
alias_method :inbound_permissions_count, :ip_permissions_count
|
|
71
72
|
|
|
72
73
|
def ip_permissions_egress_count
|
|
73
|
-
|
|
74
|
+
resource_via_client.ip_permissions_egress.count
|
|
74
75
|
end
|
|
75
76
|
alias_method :outbound_permissions_count, :ip_permissions_egress_count
|
|
76
77
|
|
|
77
78
|
def inbound_rule_count
|
|
78
|
-
|
|
79
|
+
resource_via_client.ip_permissions.reduce(0) do |sum, permission|
|
|
79
80
|
sum += permission.ip_ranges.count + permission.user_id_group_pairs.count
|
|
80
81
|
end
|
|
81
82
|
end
|
|
82
83
|
|
|
83
84
|
def outbound_rule_count
|
|
84
|
-
|
|
85
|
+
resource_via_client.ip_permissions_egress.reduce(0) do |sum, permission|
|
|
85
86
|
sum += permission.ip_ranges.count + permission.user_id_group_pairs.count
|
|
86
87
|
end
|
|
87
88
|
end
|