awspec 0.55.0 → 0.56.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/awspec.rb +1 -0
- data/lib/awspec/generator/template.rb +6 -3
- data/lib/awspec/shared_context.rb +11 -0
- data/lib/awspec/type/ami.rb +7 -5
- data/lib/awspec/type/autoscaling_group.rb +8 -6
- data/lib/awspec/type/base.rb +15 -7
- data/lib/awspec/type/cloudfront_distribution.rb +8 -6
- data/lib/awspec/type/cloudtrail.rb +10 -8
- data/lib/awspec/type/cloudwatch_alarm.rb +9 -7
- data/lib/awspec/type/cloudwatch_event.rb +8 -6
- data/lib/awspec/type/directconnect_virtual_interface.rb +11 -4
- data/lib/awspec/type/ebs.rb +14 -7
- data/lib/awspec/type/ec2.rb +20 -13
- data/lib/awspec/type/elasticache.rb +13 -6
- data/lib/awspec/type/elasticache_cache_parameter_group.rb +15 -8
- data/lib/awspec/type/elasticsearch.rb +9 -7
- data/lib/awspec/type/elastictranscoder_pipeline.rb +7 -5
- data/lib/awspec/type/elb.rb +11 -9
- data/lib/awspec/type/iam_group.rb +8 -6
- data/lib/awspec/type/iam_policy.rb +8 -6
- data/lib/awspec/type/iam_role.rb +8 -6
- data/lib/awspec/type/iam_user.rb +8 -6
- data/lib/awspec/type/kms.rb +8 -6
- data/lib/awspec/type/lambda.rb +8 -6
- data/lib/awspec/type/launch_configuration.rb +7 -5
- data/lib/awspec/type/nat_gateway.rb +8 -6
- data/lib/awspec/type/network_acl.rb +10 -8
- data/lib/awspec/type/network_interface.rb +14 -12
- data/lib/awspec/type/rds.rb +14 -12
- data/lib/awspec/type/rds_db_cluster_parameter_group.rb +13 -9
- data/lib/awspec/type/rds_db_parameter_group.rb +13 -9
- data/lib/awspec/type/route53_hosted_zone.rb +11 -7
- data/lib/awspec/type/route_table.rb +8 -6
- data/lib/awspec/type/s3_bucket.rb +15 -13
- data/lib/awspec/type/security_group.rb +14 -13
- data/lib/awspec/type/ses_identity.rb +15 -13
- data/lib/awspec/type/subnet.rb +7 -5
- data/lib/awspec/type/vpc.rb +13 -11
- data/lib/awspec/type/waf_web_acl.rb +8 -6
- data/lib/awspec/version.rb +1 -1
- metadata +3 -2
|
@@ -1,9 +1,11 @@
|
|
|
1
1
|
module Awspec::Type
|
|
2
2
|
class NetworkInterface < Base
|
|
3
|
-
def
|
|
4
|
-
|
|
5
|
-
|
|
6
|
-
|
|
3
|
+
def resource_via_client
|
|
4
|
+
@resource_via_client ||= find_network_interface(@display_name)
|
|
5
|
+
end
|
|
6
|
+
|
|
7
|
+
def id
|
|
8
|
+
@id ||= resource_via_client.network_interface_id if resource_via_client
|
|
7
9
|
end
|
|
8
10
|
|
|
9
11
|
STATES = %w(
|
|
@@ -12,28 +14,28 @@ module Awspec::Type
|
|
|
12
14
|
|
|
13
15
|
STATES.each do |state|
|
|
14
16
|
define_method state.tr('-', '_') + '?' do
|
|
15
|
-
|
|
17
|
+
resource_via_client.status == state
|
|
16
18
|
end
|
|
17
19
|
end
|
|
18
20
|
|
|
19
21
|
def attached_to?(instance_id, device_index = 0)
|
|
20
22
|
instance = find_ec2(instance_id)
|
|
21
23
|
return false unless instance
|
|
22
|
-
return false unless
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
|
|
24
|
+
return false unless resource_via_client.attachment
|
|
25
|
+
resource_via_client.attachment.instance_id == instance.instance_id && \
|
|
26
|
+
resource_via_client.attachment.status == 'attached' && \
|
|
27
|
+
resource_via_client.attachment.device_index == device_index
|
|
26
28
|
end
|
|
27
29
|
|
|
28
30
|
def has_private_ip_address?(ip_address, primary = nil)
|
|
29
|
-
|
|
31
|
+
resource_via_client.private_ip_addresses.find do |i|
|
|
30
32
|
next false if !primary.nil? && i.primary != primary
|
|
31
33
|
i.private_ip_address == ip_address
|
|
32
34
|
end
|
|
33
35
|
end
|
|
34
36
|
|
|
35
37
|
def has_security_group?(sg_id)
|
|
36
|
-
sgs =
|
|
38
|
+
sgs = resource_via_client.groups
|
|
37
39
|
ret = sgs.find do |sg|
|
|
38
40
|
sg.group_id == sg_id || sg.group_name == sg_id
|
|
39
41
|
end
|
|
@@ -46,7 +48,7 @@ module Awspec::Type
|
|
|
46
48
|
end
|
|
47
49
|
|
|
48
50
|
def private_ip_addresses_count
|
|
49
|
-
|
|
51
|
+
resource_via_client.private_ip_addresses.count
|
|
50
52
|
end
|
|
51
53
|
end
|
|
52
54
|
end
|
data/lib/awspec/type/rds.rb
CHANGED
|
@@ -2,10 +2,12 @@ module Awspec::Type
|
|
|
2
2
|
class Rds < Base
|
|
3
3
|
aws_resource Aws::RDS::DBInstance
|
|
4
4
|
|
|
5
|
-
def
|
|
6
|
-
|
|
7
|
-
|
|
8
|
-
|
|
5
|
+
def resource_via_client
|
|
6
|
+
@resource_via_client ||= find_rds(@display_name)
|
|
7
|
+
end
|
|
8
|
+
|
|
9
|
+
def id
|
|
10
|
+
@id ||= resource_via_client.db_instance_identifier if resource_via_client
|
|
9
11
|
end
|
|
10
12
|
|
|
11
13
|
STATES = %w(
|
|
@@ -20,12 +22,12 @@ module Awspec::Type
|
|
|
20
22
|
|
|
21
23
|
STATES.each do |state|
|
|
22
24
|
define_method state.tr('-', '_') + '?' do
|
|
23
|
-
|
|
25
|
+
resource_via_client.db_instance_status == state
|
|
24
26
|
end
|
|
25
27
|
end
|
|
26
28
|
|
|
27
29
|
def vpc_id
|
|
28
|
-
|
|
30
|
+
resource_via_client.db_subnet_group.vpc_id
|
|
29
31
|
end
|
|
30
32
|
|
|
31
33
|
def has_security_group?(sg_id)
|
|
@@ -36,14 +38,14 @@ module Awspec::Type
|
|
|
36
38
|
end
|
|
37
39
|
|
|
38
40
|
def has_db_parameter_group?(name)
|
|
39
|
-
pgs =
|
|
41
|
+
pgs = resource_via_client.db_parameter_groups
|
|
40
42
|
pgs.find do |pg|
|
|
41
43
|
pg.db_parameter_group_name == name
|
|
42
44
|
end
|
|
43
45
|
end
|
|
44
46
|
|
|
45
47
|
def has_option_group?(name)
|
|
46
|
-
ogs =
|
|
48
|
+
ogs = resource_via_client.option_group_memberships
|
|
47
49
|
ogs.find do |og|
|
|
48
50
|
og.option_group_name == name
|
|
49
51
|
end
|
|
@@ -52,14 +54,14 @@ module Awspec::Type
|
|
|
52
54
|
private
|
|
53
55
|
|
|
54
56
|
def has_vpc_security_group_id?(sg_id)
|
|
55
|
-
sgs =
|
|
57
|
+
sgs = resource_via_client.vpc_security_groups
|
|
56
58
|
sgs.find do |sg|
|
|
57
59
|
sg.vpc_security_group_id == sg_id
|
|
58
60
|
end
|
|
59
61
|
end
|
|
60
62
|
|
|
61
63
|
def has_vpc_security_group_name?(sg_id)
|
|
62
|
-
sgs =
|
|
64
|
+
sgs = resource_via_client.vpc_security_groups
|
|
63
65
|
res = ec2_client.describe_security_groups({
|
|
64
66
|
filters: [{ name: 'group-name', values: [sg_id] }]
|
|
65
67
|
})
|
|
@@ -70,7 +72,7 @@ module Awspec::Type
|
|
|
70
72
|
end
|
|
71
73
|
|
|
72
74
|
def has_vpc_security_group_tag_name?(sg_id)
|
|
73
|
-
sgs =
|
|
75
|
+
sgs = resource_via_client.vpc_security_groups
|
|
74
76
|
res = ec2_client.describe_security_groups({
|
|
75
77
|
filters: [{ name: 'tag:Name', values: [sg_id] }]
|
|
76
78
|
})
|
|
@@ -81,7 +83,7 @@ module Awspec::Type
|
|
|
81
83
|
end
|
|
82
84
|
|
|
83
85
|
def has_db_security_group_name?(sg_id)
|
|
84
|
-
sgs =
|
|
86
|
+
sgs = resource_via_client.db_security_groups
|
|
85
87
|
sgs.find do |sg|
|
|
86
88
|
sg.db_security_group_name == sg_id
|
|
87
89
|
end
|
|
@@ -1,27 +1,31 @@
|
|
|
1
1
|
module Awspec::Type
|
|
2
2
|
class RdsDbClusterParameterGroup < Base
|
|
3
|
-
def
|
|
4
|
-
|
|
5
|
-
|
|
3
|
+
def resource_via_client
|
|
4
|
+
return @resource_via_client if @resource_via_client
|
|
5
|
+
|
|
6
|
+
parameters = {}
|
|
6
7
|
res = rds_client.describe_db_cluster_parameters({
|
|
7
|
-
db_cluster_parameter_group_name:
|
|
8
|
+
db_cluster_parameter_group_name: @display_name
|
|
8
9
|
})
|
|
9
10
|
|
|
10
11
|
loop do
|
|
11
12
|
res.parameters.each do |param|
|
|
12
|
-
|
|
13
|
+
parameters[param.parameter_name] = param.parameter_value
|
|
13
14
|
end
|
|
14
15
|
(res.respond_to?(:next_page?) && res.next_page? && res = res.next_page) || break
|
|
15
16
|
end
|
|
16
17
|
|
|
17
|
-
@
|
|
18
|
-
|
|
18
|
+
@resource_via_client ||= parameters
|
|
19
|
+
end
|
|
20
|
+
|
|
21
|
+
def id
|
|
22
|
+
@id ||= @display_name unless resource_via_client.empty?
|
|
19
23
|
end
|
|
20
24
|
|
|
21
25
|
def method_missing(name)
|
|
22
26
|
param_name = name.to_s
|
|
23
|
-
if
|
|
24
|
-
|
|
27
|
+
if resource_via_client.include?(param_name)
|
|
28
|
+
resource_via_client[param_name].to_s
|
|
25
29
|
else
|
|
26
30
|
super
|
|
27
31
|
end
|
|
@@ -1,27 +1,31 @@
|
|
|
1
1
|
module Awspec::Type
|
|
2
2
|
class RdsDbParameterGroup < Base
|
|
3
|
-
def
|
|
4
|
-
|
|
5
|
-
|
|
3
|
+
def resource_via_client
|
|
4
|
+
return @resource_via_client if @resource_via_client
|
|
5
|
+
|
|
6
|
+
parameters = {}
|
|
6
7
|
res = rds_client.describe_db_parameters({
|
|
7
|
-
db_parameter_group_name:
|
|
8
|
+
db_parameter_group_name: @display_name
|
|
8
9
|
})
|
|
9
10
|
|
|
10
11
|
loop do
|
|
11
12
|
res.parameters.each do |param|
|
|
12
|
-
|
|
13
|
+
parameters[param.parameter_name] = param.parameter_value
|
|
13
14
|
end
|
|
14
15
|
(res.next_page? && res = res.next_page) || break
|
|
15
16
|
end
|
|
16
17
|
|
|
17
|
-
@
|
|
18
|
-
|
|
18
|
+
@resource_via_client ||= parameters
|
|
19
|
+
end
|
|
20
|
+
|
|
21
|
+
def id
|
|
22
|
+
@id ||= @display_name unless resource_via_client.empty?
|
|
19
23
|
end
|
|
20
24
|
|
|
21
25
|
def method_missing(name)
|
|
22
26
|
param_name = name.to_s
|
|
23
|
-
if
|
|
24
|
-
|
|
27
|
+
if resource_via_client.include?(param_name)
|
|
28
|
+
resource_via_client[param_name].to_s
|
|
25
29
|
else
|
|
26
30
|
super
|
|
27
31
|
end
|
|
@@ -1,16 +1,20 @@
|
|
|
1
1
|
module Awspec::Type
|
|
2
2
|
class Route53HostedZone < Base
|
|
3
|
-
def
|
|
4
|
-
|
|
5
|
-
|
|
6
|
-
|
|
7
|
-
|
|
8
|
-
@
|
|
3
|
+
def resource_via_client
|
|
4
|
+
@resource_via_client ||= find_hosted_zone(@display_name)
|
|
5
|
+
end
|
|
6
|
+
|
|
7
|
+
def id
|
|
8
|
+
@id ||= resource_via_client.id if resource_via_client
|
|
9
|
+
end
|
|
10
|
+
|
|
11
|
+
def resource_via_client_record_sets
|
|
12
|
+
@resource_via_client_record_sets ||= select_record_sets_by_hosted_zone_id(id)
|
|
9
13
|
end
|
|
10
14
|
|
|
11
15
|
def has_record_set?(name, type, value, options = {})
|
|
12
16
|
name.gsub!(/\*/, '\\\052') # wildcard support
|
|
13
|
-
ret =
|
|
17
|
+
ret = resource_via_client_record_sets.find do |record_set|
|
|
14
18
|
# next if record_set.type != type.upcase
|
|
15
19
|
next unless record_set.type.casecmp(type) == 0
|
|
16
20
|
options[:ttl] = record_set[:ttl] unless options[:ttl]
|
|
@@ -3,10 +3,12 @@ module Awspec::Type
|
|
|
3
3
|
aws_resource Aws::EC2::RouteTable
|
|
4
4
|
tags_allowed
|
|
5
5
|
|
|
6
|
-
def
|
|
7
|
-
|
|
8
|
-
|
|
9
|
-
|
|
6
|
+
def resource_via_client
|
|
7
|
+
@resource_via_client ||= find_route_table(@display_name)
|
|
8
|
+
end
|
|
9
|
+
|
|
10
|
+
def id
|
|
11
|
+
@id ||= resource_via_client.route_table_id if resource_via_client
|
|
10
12
|
end
|
|
11
13
|
|
|
12
14
|
def has_route?(destination,
|
|
@@ -14,7 +16,7 @@ module Awspec::Type
|
|
|
14
16
|
instance_id = nil,
|
|
15
17
|
vpc_peering_connection_id = nil,
|
|
16
18
|
nat_gateway_id = nil)
|
|
17
|
-
|
|
19
|
+
resource_via_client.routes.find do |route|
|
|
18
20
|
if destination
|
|
19
21
|
next false unless route.destination_cidr_block == destination
|
|
20
22
|
end
|
|
@@ -28,7 +30,7 @@ module Awspec::Type
|
|
|
28
30
|
def has_subnet?(subnet_id)
|
|
29
31
|
subnet = find_subnet(subnet_id)
|
|
30
32
|
return false unless subnet
|
|
31
|
-
|
|
33
|
+
resource_via_client.associations.find do |a|
|
|
32
34
|
a.subnet_id == subnet.subnet_id
|
|
33
35
|
end
|
|
34
36
|
end
|
|
@@ -2,15 +2,17 @@ module Awspec::Type
|
|
|
2
2
|
class S3Bucket < Base
|
|
3
3
|
aws_resource Aws::S3::Bucket
|
|
4
4
|
|
|
5
|
-
def
|
|
6
|
-
|
|
7
|
-
|
|
8
|
-
|
|
5
|
+
def resource_via_client
|
|
6
|
+
@resource_via_client ||= find_bucket(@display_name)
|
|
7
|
+
end
|
|
8
|
+
|
|
9
|
+
def id
|
|
10
|
+
@id ||= @display_name if resource_via_client
|
|
9
11
|
end
|
|
10
12
|
|
|
11
13
|
def has_object?(key)
|
|
12
14
|
res = s3_client.head_object({
|
|
13
|
-
bucket:
|
|
15
|
+
bucket: id,
|
|
14
16
|
key: key.sub(%r(\A/), '')
|
|
15
17
|
})
|
|
16
18
|
res
|
|
@@ -19,7 +21,7 @@ module Awspec::Type
|
|
|
19
21
|
end
|
|
20
22
|
|
|
21
23
|
def has_acl_grant?(grantee:, permission:)
|
|
22
|
-
@acl = find_bucket_acl(
|
|
24
|
+
@acl = find_bucket_acl(id)
|
|
23
25
|
@acl.grants.find do |grant|
|
|
24
26
|
grant.permission == permission &&
|
|
25
27
|
(grant.grantee.display_name == grantee || grant.grantee.uri == grantee || grant.grantee.id == grantee)
|
|
@@ -27,12 +29,12 @@ module Awspec::Type
|
|
|
27
29
|
end
|
|
28
30
|
|
|
29
31
|
def acl_owner
|
|
30
|
-
@acl = find_bucket_acl(
|
|
32
|
+
@acl = find_bucket_acl(id)
|
|
31
33
|
@acl.owner.display_name
|
|
32
34
|
end
|
|
33
35
|
|
|
34
36
|
def acl_grants_count
|
|
35
|
-
@acl = find_bucket_acl(
|
|
37
|
+
@acl = find_bucket_acl(id)
|
|
36
38
|
@acl.grants.count
|
|
37
39
|
end
|
|
38
40
|
|
|
@@ -55,7 +57,7 @@ module Awspec::Type
|
|
|
55
57
|
end
|
|
56
58
|
|
|
57
59
|
def has_policy?(policy)
|
|
58
|
-
bp = find_bucket_policy(
|
|
60
|
+
bp = find_bucket_policy(id)
|
|
59
61
|
if bp
|
|
60
62
|
JSON.parse(bp.policy.read, array_class: Set) == JSON.parse(policy, array_class: Set)
|
|
61
63
|
else
|
|
@@ -64,7 +66,7 @@ module Awspec::Type
|
|
|
64
66
|
end
|
|
65
67
|
|
|
66
68
|
def has_logging_enabled?(target_bucket: nil, target_prefix: nil)
|
|
67
|
-
bl = find_bucket_logging(
|
|
69
|
+
bl = find_bucket_logging(id)
|
|
68
70
|
le = bl ? bl.logging_enabled : nil
|
|
69
71
|
|
|
70
72
|
return false if le.nil?
|
|
@@ -74,19 +76,19 @@ module Awspec::Type
|
|
|
74
76
|
end
|
|
75
77
|
|
|
76
78
|
def has_versioning_enabled?
|
|
77
|
-
bv = find_bucket_versioning(
|
|
79
|
+
bv = find_bucket_versioning(id)
|
|
78
80
|
bv ? (bv.status == 'Enabled') : false
|
|
79
81
|
end
|
|
80
82
|
|
|
81
83
|
def has_mfa_delete_enabled?
|
|
82
|
-
bv = find_bucket_versioning(
|
|
84
|
+
bv = find_bucket_versioning(id)
|
|
83
85
|
bv ? (bv.mfa_delete == 'Enabled') : false
|
|
84
86
|
end
|
|
85
87
|
|
|
86
88
|
private
|
|
87
89
|
|
|
88
90
|
def cors_rules
|
|
89
|
-
cors = find_bucket_cors(
|
|
91
|
+
cors = find_bucket_cors(id)
|
|
90
92
|
cors ? cors.cors_rules : []
|
|
91
93
|
end
|
|
92
94
|
end
|
|
@@ -3,11 +3,12 @@ module Awspec::Type
|
|
|
3
3
|
aws_resource Aws::EC2::SecurityGroup
|
|
4
4
|
tags_allowed
|
|
5
5
|
|
|
6
|
-
def
|
|
7
|
-
|
|
8
|
-
|
|
9
|
-
|
|
10
|
-
|
|
6
|
+
def resource_via_client
|
|
7
|
+
@resource_via_client ||= find_security_group(@display_name)
|
|
8
|
+
end
|
|
9
|
+
|
|
10
|
+
def id
|
|
11
|
+
@id ||= resource_via_client.group_id if resource_via_client
|
|
11
12
|
end
|
|
12
13
|
|
|
13
14
|
def opened?(port = nil, protocol = nil, cidr = nil)
|
|
@@ -21,13 +22,13 @@ module Awspec::Type
|
|
|
21
22
|
end
|
|
22
23
|
|
|
23
24
|
def inbound_opened?(port = nil, protocol = nil, cidr = nil)
|
|
24
|
-
|
|
25
|
+
resource_via_client.ip_permissions.find do |permission|
|
|
25
26
|
cidr_opened?(permission, cidr) && protocol_opened?(permission, protocol) && port_opened?(permission, port)
|
|
26
27
|
end
|
|
27
28
|
end
|
|
28
29
|
|
|
29
30
|
def inbound_opened_only?(port = nil, protocol = nil, cidr = nil)
|
|
30
|
-
permissions =
|
|
31
|
+
permissions = resource_via_client.ip_permissions.select do |permission|
|
|
31
32
|
protocol_opened?(permission, protocol) && port_opened?(permission, port)
|
|
32
33
|
end
|
|
33
34
|
cidrs = []
|
|
@@ -38,13 +39,13 @@ module Awspec::Type
|
|
|
38
39
|
end
|
|
39
40
|
|
|
40
41
|
def outbound_opened?(port = nil, protocol = nil, cidr = nil)
|
|
41
|
-
|
|
42
|
+
resource_via_client.ip_permissions_egress.find do |permission|
|
|
42
43
|
cidr_opened?(permission, cidr) && protocol_opened?(permission, protocol) && port_opened?(permission, port)
|
|
43
44
|
end
|
|
44
45
|
end
|
|
45
46
|
|
|
46
47
|
def outbound_opened_only?(port = nil, protocol = nil, cidr = nil)
|
|
47
|
-
permissions =
|
|
48
|
+
permissions = resource_via_client.ip_permissions_egress.select do |permission|
|
|
48
49
|
protocol_opened?(permission, protocol) && port_opened?(permission, port)
|
|
49
50
|
end
|
|
50
51
|
cidrs = []
|
|
@@ -65,23 +66,23 @@ module Awspec::Type
|
|
|
65
66
|
end
|
|
66
67
|
|
|
67
68
|
def ip_permissions_count
|
|
68
|
-
|
|
69
|
+
resource_via_client.ip_permissions.count
|
|
69
70
|
end
|
|
70
71
|
alias_method :inbound_permissions_count, :ip_permissions_count
|
|
71
72
|
|
|
72
73
|
def ip_permissions_egress_count
|
|
73
|
-
|
|
74
|
+
resource_via_client.ip_permissions_egress.count
|
|
74
75
|
end
|
|
75
76
|
alias_method :outbound_permissions_count, :ip_permissions_egress_count
|
|
76
77
|
|
|
77
78
|
def inbound_rule_count
|
|
78
|
-
|
|
79
|
+
resource_via_client.ip_permissions.reduce(0) do |sum, permission|
|
|
79
80
|
sum += permission.ip_ranges.count + permission.user_id_group_pairs.count
|
|
80
81
|
end
|
|
81
82
|
end
|
|
82
83
|
|
|
83
84
|
def outbound_rule_count
|
|
84
|
-
|
|
85
|
+
resource_via_client.ip_permissions_egress.reduce(0) do |sum, permission|
|
|
85
86
|
sum += permission.ip_ranges.count + permission.user_id_group_pairs.count
|
|
86
87
|
end
|
|
87
88
|
end
|