bukelatta 0.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +7 -0
- data/.gitignore +11 -0
- data/.rspec +2 -0
- data/.travis.yml +4 -0
- data/Gemfile +4 -0
- data/LICENSE.txt +21 -0
- data/README.md +80 -0
- data/Rakefile +6 -0
- data/bin/console +14 -0
- data/bin/setup +8 -0
- data/bukelatta.gemspec +32 -0
- data/exe/bukelatta +129 -0
- data/lib/bukelatta/client.rb +82 -0
- data/lib/bukelatta/driver.rb +38 -0
- data/lib/bukelatta/dsl/context.rb +53 -0
- data/lib/bukelatta/dsl/converter.rb +41 -0
- data/lib/bukelatta/dsl/template_helper.rb +18 -0
- data/lib/bukelatta/dsl.rb +11 -0
- data/lib/bukelatta/exporter.rb +35 -0
- data/lib/bukelatta/ext/aws_s3_resource_ext.rb +36 -0
- data/lib/bukelatta/ext/hash_ext.rb +33 -0
- data/lib/bukelatta/ext/string_ext.rb +28 -0
- data/lib/bukelatta/logger.rb +28 -0
- data/lib/bukelatta/utils.rb +23 -0
- data/lib/bukelatta/version.rb +3 -0
- data/lib/bukelatta.rb +25 -0
- metadata +196 -0
checksums.yaml
ADDED
@@ -0,0 +1,7 @@
|
|
1
|
+
---
|
2
|
+
SHA1:
|
3
|
+
metadata.gz: 1e84a56a80a6728268e54b8444aa8347704eb09e
|
4
|
+
data.tar.gz: bf37f6b46f7625cdaaf3ef9d9fff91772bbeef48
|
5
|
+
SHA512:
|
6
|
+
metadata.gz: 531351c5b30f532e73a84349efc0df6e9d5eba85c2aeefaba5d91c9d995207e20eaf57676255ea64200c7a645a11ab6a215f8299aeb9c38ff43fc0204da5686f
|
7
|
+
data.tar.gz: e1cbfbfb8dedd711b25308c1bc61cc79ce88496d288353b892032a72a9a8cc71b501e5dc3046ebcd892e3a68ef3a2af20964d4251ac7097709315b0e31d206c6
|
data/.gitignore
ADDED
data/.rspec
ADDED
data/.travis.yml
ADDED
data/Gemfile
ADDED
data/LICENSE.txt
ADDED
@@ -0,0 +1,21 @@
|
|
1
|
+
The MIT License (MIT)
|
2
|
+
|
3
|
+
Copyright (c) 2016 winebarrel
|
4
|
+
|
5
|
+
Permission is hereby granted, free of charge, to any person obtaining a copy
|
6
|
+
of this software and associated documentation files (the "Software"), to deal
|
7
|
+
in the Software without restriction, including without limitation the rights
|
8
|
+
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
9
|
+
copies of the Software, and to permit persons to whom the Software is
|
10
|
+
furnished to do so, subject to the following conditions:
|
11
|
+
|
12
|
+
The above copyright notice and this permission notice shall be included in
|
13
|
+
all copies or substantial portions of the Software.
|
14
|
+
|
15
|
+
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
16
|
+
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
17
|
+
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
18
|
+
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
19
|
+
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
20
|
+
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
|
21
|
+
THE SOFTWARE.
|
data/README.md
ADDED
@@ -0,0 +1,80 @@
|
|
1
|
+
# Bukelatta
|
2
|
+
|
3
|
+
Bukelatta is a tool to manage S3 Bucket Policy.
|
4
|
+
|
5
|
+
It defines the state of S3 Bucket Policy using DSL, and updates S3 Bucket Policy according to DSL.
|
6
|
+
|
7
|
+
## Installation
|
8
|
+
|
9
|
+
Add this line to your application's Gemfile:
|
10
|
+
|
11
|
+
```ruby
|
12
|
+
gem 'bukelatta'
|
13
|
+
```
|
14
|
+
|
15
|
+
And then execute:
|
16
|
+
|
17
|
+
$ bundle
|
18
|
+
|
19
|
+
Or install it yourself as:
|
20
|
+
|
21
|
+
$ gem install bukelatta
|
22
|
+
|
23
|
+
## Usage
|
24
|
+
|
25
|
+
```sh
|
26
|
+
export AWS_ACCESS_KEY_ID='...'
|
27
|
+
export AWS_SECRET_ACCESS_KEY='...'
|
28
|
+
bukelatta -e -o PolicyFile # export Bucket Policy
|
29
|
+
vi PolicyFile
|
30
|
+
bukelatta -a --dry-run
|
31
|
+
bukelatta -a # apply `PolicyFile`
|
32
|
+
```
|
33
|
+
|
34
|
+
## Help
|
35
|
+
|
36
|
+
```
|
37
|
+
Usage: bukelatta [options]
|
38
|
+
-k, --access-key ACCESS_KEY
|
39
|
+
-s, --secret-key SECRET_KEY
|
40
|
+
-r, --region REGION
|
41
|
+
--profile PROFILE
|
42
|
+
--credentials-path PATH
|
43
|
+
-a, --apply
|
44
|
+
-f, --file FILE
|
45
|
+
--dry-run
|
46
|
+
-e, --export
|
47
|
+
-o, --output FILE
|
48
|
+
--target REGEXP
|
49
|
+
--no-color
|
50
|
+
--debug
|
51
|
+
--request-concurrency N
|
52
|
+
```
|
53
|
+
|
54
|
+
## PolicyFile example
|
55
|
+
|
56
|
+
```ruby
|
57
|
+
require 'other/policyfile'
|
58
|
+
|
59
|
+
bucket "foo-bucket" do
|
60
|
+
{"Version"=>"2012-10-17",
|
61
|
+
"Id"=>"AWSConsole-AccessLogs-Policy-XXX",
|
62
|
+
"Statement"=>
|
63
|
+
[{"Sid"=>"AWSConsoleStmt-XXX",
|
64
|
+
"Effect"=>"Allow",
|
65
|
+
"Principal"=>{"AWS"=>"arn:aws:iam::XXX:root"},
|
66
|
+
"Action"=>"s3:PutObject",
|
67
|
+
"Resource"=>
|
68
|
+
"arn:aws:s3:::foo-bucket/AWSLogs/XXX/*"}]}
|
69
|
+
end
|
70
|
+
|
71
|
+
bucket "bar-bucket" do
|
72
|
+
{"Version"=>"2012-10-17",
|
73
|
+
"Statement"=>
|
74
|
+
[{"Sid"=>"AddPerm",
|
75
|
+
"Effect"=>"Allow",
|
76
|
+
"Principal"=>"*",
|
77
|
+
"Action"=>"s3:GetObject",
|
78
|
+
"Resource"=>"arn:aws:s3:::bar-bucket/*"}]}
|
79
|
+
end
|
80
|
+
```
|
data/Rakefile
ADDED
data/bin/console
ADDED
@@ -0,0 +1,14 @@
|
|
1
|
+
#!/usr/bin/env ruby
|
2
|
+
|
3
|
+
require "bundler/setup"
|
4
|
+
require "bukelatta"
|
5
|
+
|
6
|
+
# You can add fixtures and/or initialization code here to make experimenting
|
7
|
+
# with your gem easier. You can also use a different console, if you like.
|
8
|
+
|
9
|
+
# (If you use this, don't forget to add pry to your Gemfile!)
|
10
|
+
# require "pry"
|
11
|
+
# Pry.start
|
12
|
+
|
13
|
+
require "irb"
|
14
|
+
IRB.start
|
data/bin/setup
ADDED
data/bukelatta.gemspec
ADDED
@@ -0,0 +1,32 @@
|
|
1
|
+
# coding: utf-8
|
2
|
+
lib = File.expand_path('../lib', __FILE__)
|
3
|
+
$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
|
4
|
+
require 'bukelatta/version'
|
5
|
+
|
6
|
+
Gem::Specification.new do |spec|
|
7
|
+
spec.name = 'bukelatta'
|
8
|
+
spec.version = Bukelatta::VERSION
|
9
|
+
spec.authors = ['winebarrel']
|
10
|
+
spec.email = ['sgwr_dts@yahoo.co.jp']
|
11
|
+
|
12
|
+
spec.summary = %q{Bukelatta is a tool to manage S3 Bucket Policy.}
|
13
|
+
spec.description = %q{Bukelatta is a tool to manage S3 Bucket Policy.}
|
14
|
+
spec.homepage = 'https://github.com/winebarrel/bukelatta'
|
15
|
+
spec.license = 'MIT'
|
16
|
+
|
17
|
+
spec.files = `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
|
18
|
+
spec.bindir = 'exe'
|
19
|
+
spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
|
20
|
+
spec.require_paths = ['lib']
|
21
|
+
|
22
|
+
spec.add_dependency 'aws-sdk', '~> 2.3.0'
|
23
|
+
spec.add_dependency 'diffy'
|
24
|
+
spec.add_dependency 'hashie'
|
25
|
+
spec.add_dependency 'multi_xml'
|
26
|
+
spec.add_dependency 'parallel'
|
27
|
+
spec.add_dependency 'term-ansicolor'
|
28
|
+
|
29
|
+
spec.add_development_dependency 'bundler'
|
30
|
+
spec.add_development_dependency 'rake'
|
31
|
+
spec.add_development_dependency 'rspec', '~> 3.0'
|
32
|
+
end
|
data/exe/bukelatta
ADDED
@@ -0,0 +1,129 @@
|
|
1
|
+
#!/usr/bin/env ruby
|
2
|
+
$: << File.expand_path('../../lib', __FILE__)
|
3
|
+
|
4
|
+
require 'bukelatta'
|
5
|
+
require 'optparse'
|
6
|
+
|
7
|
+
Version = Bukelatta::VERSION
|
8
|
+
|
9
|
+
DEFAULT_FILENAME = 'PolicyFile'
|
10
|
+
|
11
|
+
MAGIC_COMMENT = <<-EOS
|
12
|
+
# -*- mode: ruby -*-
|
13
|
+
# vi: set ft=ruby :
|
14
|
+
EOS
|
15
|
+
|
16
|
+
def parse_options(argv)
|
17
|
+
options = {
|
18
|
+
file: DEFAULT_FILENAME,
|
19
|
+
output: '-',
|
20
|
+
dry_run: false,
|
21
|
+
color: true,
|
22
|
+
request_concurrency: 8,
|
23
|
+
aws: {},
|
24
|
+
}
|
25
|
+
|
26
|
+
opt = OptionParser.new
|
27
|
+
opt.on('-k', '--access-key ACCESS_KEY') {|v| options[:aws][:access_key_id] = v }
|
28
|
+
opt.on('-s', '--secret-key SECRET_KEY') {|v| options[:aws][:secret_access_key] = v }
|
29
|
+
opt.on('-r', '--region REGION') {|v| options[:aws][:region] = v }
|
30
|
+
|
31
|
+
opt.on('', '--profile PROFILE') do |v|
|
32
|
+
options[:aws][:credentials] ||= {}
|
33
|
+
options[:aws][:credentials][:profile_name] = v
|
34
|
+
end
|
35
|
+
|
36
|
+
opt.on('', '--credentials-path PATH') do |v|
|
37
|
+
options[:aws][:credentials] ||= {}
|
38
|
+
options[:aws][:credentials][:path] = v
|
39
|
+
end
|
40
|
+
|
41
|
+
opt.on('-a', '--apply') { options[:mode] = :apply }
|
42
|
+
opt.on('-f', '--file FILE') {|v| options[:file] = v }
|
43
|
+
opt.on('' , '--dry-run') { options[:dry_run] = true }
|
44
|
+
opt.on('-e', '--export') { options[:mode] = :export }
|
45
|
+
opt.on('-o', '--output FILE') {|v| options[:output] = v }
|
46
|
+
opt.on('' , '--target REGEXP') {|v| options[:target] = Regexp.new(v) }
|
47
|
+
opt.on('' , '--no-color') { options[:color] = false }
|
48
|
+
opt.on('' , '--debug') { options[:debug] = true }
|
49
|
+
|
50
|
+
opt.on('' , '--request-concurrency N', Integer) do |v|
|
51
|
+
options[:request_concurrency] = v
|
52
|
+
end
|
53
|
+
|
54
|
+
opt.parse!(argv)
|
55
|
+
|
56
|
+
unless options[:mode]
|
57
|
+
puts opt.help
|
58
|
+
exit 1
|
59
|
+
end
|
60
|
+
|
61
|
+
if options[:aws][:credentials]
|
62
|
+
credentials = Aws::SharedCredentials.new(options[:aws][:credentials])
|
63
|
+
options[:aws][:credentials] = credentials
|
64
|
+
end
|
65
|
+
|
66
|
+
String.colorize = options[:color]
|
67
|
+
|
68
|
+
if options[:debug]
|
69
|
+
Bukelatta::Logger.instance.set_debug(options[:debug])
|
70
|
+
|
71
|
+
Aws.config.update(
|
72
|
+
:http_wire_trace => true,
|
73
|
+
:logger => Bukelatta::Logger.instance
|
74
|
+
)
|
75
|
+
end
|
76
|
+
|
77
|
+
options
|
78
|
+
rescue => e
|
79
|
+
$stderr.puts("[ERROR] #{e.message}")
|
80
|
+
exit 1
|
81
|
+
end
|
82
|
+
|
83
|
+
def main(argv)
|
84
|
+
options = parse_options(argv)
|
85
|
+
client = Bukelatta::Client.new(options)
|
86
|
+
logger = Bukelatta::Logger.instance
|
87
|
+
|
88
|
+
case options[:mode]
|
89
|
+
when :export
|
90
|
+
exported = client.export
|
91
|
+
output = options[:output]
|
92
|
+
|
93
|
+
if output == '-'
|
94
|
+
logger.info('# Export Bucket Policy')
|
95
|
+
puts exported
|
96
|
+
else
|
97
|
+
logger.info("Export Bucket Policy to `#{output}`")
|
98
|
+
open(output, 'wb') do |f|
|
99
|
+
f.puts MAGIC_COMMENT
|
100
|
+
f.puts exported
|
101
|
+
end
|
102
|
+
end
|
103
|
+
when :apply
|
104
|
+
file = options[:file]
|
105
|
+
|
106
|
+
unless File.exist?(file)
|
107
|
+
raise "No PolicyFile found (looking for: #{file})"
|
108
|
+
end
|
109
|
+
|
110
|
+
message = "Apply `#{file}` to Bucket Policy"
|
111
|
+
message << ' (dry-run)' if options[:dry_run]
|
112
|
+
logger.info(message)
|
113
|
+
|
114
|
+
updated = client.apply(file)
|
115
|
+
|
116
|
+
logger.info('No change'.intense_blue) unless updated
|
117
|
+
else
|
118
|
+
raise "Unknown mode: #{options[:mode]}"
|
119
|
+
end
|
120
|
+
rescue => e
|
121
|
+
if options[:debug]
|
122
|
+
raise e
|
123
|
+
else
|
124
|
+
$stderr.puts("[ERROR] #{e.message}".red)
|
125
|
+
exit 1
|
126
|
+
end
|
127
|
+
end
|
128
|
+
|
129
|
+
main(ARGV)
|
@@ -0,0 +1,82 @@
|
|
1
|
+
class Bukelatta::Client
|
2
|
+
include Bukelatta::Utils::Helper
|
3
|
+
include Bukelatta::Logger::Helper
|
4
|
+
|
5
|
+
def initialize(options = {})
|
6
|
+
@options = options
|
7
|
+
@client = @options[:client] || Aws::S3::Client.new
|
8
|
+
@resource = Aws::S3::Resource.new(client: @client)
|
9
|
+
@driver = Bukelatta::Driver.new(@client, options)
|
10
|
+
end
|
11
|
+
|
12
|
+
def export
|
13
|
+
exported = Bukelatta::Exporter.export(@client, @options)
|
14
|
+
Bukelatta::DSL.convert(exported, @options)
|
15
|
+
end
|
16
|
+
|
17
|
+
def apply(file)
|
18
|
+
walk(file)
|
19
|
+
end
|
20
|
+
|
21
|
+
private
|
22
|
+
|
23
|
+
def walk(file)
|
24
|
+
expected = load_file(file)
|
25
|
+
actual = Bukelatta::Exporter.export(@client, @options)
|
26
|
+
|
27
|
+
updated = walk_buckets(expected, actual)
|
28
|
+
|
29
|
+
if @options[:dry_run]
|
30
|
+
false
|
31
|
+
else
|
32
|
+
updated
|
33
|
+
end
|
34
|
+
end
|
35
|
+
|
36
|
+
def walk_buckets(expected, actual)
|
37
|
+
updated = false
|
38
|
+
|
39
|
+
expected.each do |bucket_name, expected_policy|
|
40
|
+
next unless matched?(bucket_name)
|
41
|
+
|
42
|
+
actual_policy = actual[bucket_name]
|
43
|
+
|
44
|
+
if actual_policy
|
45
|
+
updated = walk_policy(bucket_name, expected_policy, actual_policy) || updated
|
46
|
+
elsif actual.has_key?(bucket_name)
|
47
|
+
actual.delete(bucket_name)
|
48
|
+
|
49
|
+
if expected_policy
|
50
|
+
@driver.create_policy(bucket_name, expected_policy)
|
51
|
+
updated = true
|
52
|
+
end
|
53
|
+
else
|
54
|
+
log(:warn, "No such bucket: #{bucket_name}")
|
55
|
+
end
|
56
|
+
end
|
57
|
+
end
|
58
|
+
|
59
|
+
def walk_policy(bucket_name, expected_policy, actual_policy)
|
60
|
+
if expected_policy
|
61
|
+
if expected_policy != actual_policy
|
62
|
+
@driver.update_policy(bucket_name, expected_policy, actual_policy)
|
63
|
+
updated = true
|
64
|
+
end
|
65
|
+
else
|
66
|
+
@driver.delete_policy(bucket_name)
|
67
|
+
updated = true
|
68
|
+
end
|
69
|
+
end
|
70
|
+
|
71
|
+
def load_file(file)
|
72
|
+
if file.kind_of?(String)
|
73
|
+
open(file) do |f|
|
74
|
+
Bukelatta::DSL.parse(f.read, file)
|
75
|
+
end
|
76
|
+
elsif file.respond_to?(:read)
|
77
|
+
Bukelatta::DSL.parse(file.read, file.path)
|
78
|
+
else
|
79
|
+
raise TypeError, "can't convert #{file} into File"
|
80
|
+
end
|
81
|
+
end
|
82
|
+
end
|
@@ -0,0 +1,38 @@
|
|
1
|
+
class Bukelatta::Driver
|
2
|
+
include Bukelatta::Utils::Helper
|
3
|
+
include Bukelatta::Logger::Helper
|
4
|
+
|
5
|
+
def initialize(client, options = {})
|
6
|
+
@client = client
|
7
|
+
@resource = Aws::S3::Resource.new(client: @client)
|
8
|
+
@options = options
|
9
|
+
end
|
10
|
+
|
11
|
+
def create_policy(bucket_name, policy)
|
12
|
+
log(:info, "Create Bucket `#{bucket_name}` Policy", color: :cyan)
|
13
|
+
|
14
|
+
unless @options[:dry_run]
|
15
|
+
bucket = @resource.region_bucket(bucket_name)
|
16
|
+
bucket.policy.put(policy: JSON.dump(policy))
|
17
|
+
end
|
18
|
+
end
|
19
|
+
|
20
|
+
def delete_policy(bucket_name)
|
21
|
+
log(:info, "Delete Bucket `#{bucket_name}` Policy", color: :red)
|
22
|
+
|
23
|
+
unless @options[:dry_run]
|
24
|
+
bucket = @resource.region_bucket(bucket_name)
|
25
|
+
bucket.policy.delete
|
26
|
+
end
|
27
|
+
end
|
28
|
+
|
29
|
+
def update_policy(bucket_name, policy, old_policy)
|
30
|
+
log(:info, "Update Bucket `#{bucket_name}` Policy", color: :green)
|
31
|
+
log(:info, diff(old_policy, policy, color: @options[:color]), color: false)
|
32
|
+
|
33
|
+
unless @options[:dry_run]
|
34
|
+
bucket = @resource.region_bucket(bucket_name)
|
35
|
+
bucket.policy.put(policy: JSON.dump(policy))
|
36
|
+
end
|
37
|
+
end
|
38
|
+
end
|
@@ -0,0 +1,53 @@
|
|
1
|
+
class Bukelatta::DSL::Context
|
2
|
+
include Bukelatta::DSL::TemplateHelper
|
3
|
+
|
4
|
+
def self.eval(dsl, path, options = {})
|
5
|
+
self.new(path, options) {
|
6
|
+
eval(dsl, binding, path)
|
7
|
+
}
|
8
|
+
end
|
9
|
+
|
10
|
+
attr_reader :result
|
11
|
+
|
12
|
+
def initialize(path, options = {}, &block)
|
13
|
+
@path = path
|
14
|
+
@options = options
|
15
|
+
@result = {}
|
16
|
+
|
17
|
+
@context = Hashie::Mash.new(
|
18
|
+
:path => path,
|
19
|
+
:options => options,
|
20
|
+
:templates => {}
|
21
|
+
)
|
22
|
+
|
23
|
+
instance_eval(&block)
|
24
|
+
end
|
25
|
+
|
26
|
+
def template(name, &block)
|
27
|
+
@context.templates[name.to_s] = block
|
28
|
+
end
|
29
|
+
|
30
|
+
private
|
31
|
+
|
32
|
+
def require(file)
|
33
|
+
policyfile = (file =~ %r|\A/|) ? file : File.expand_path(File.join(File.dirname(@path), file))
|
34
|
+
|
35
|
+
if File.exist?(policyfile)
|
36
|
+
instance_eval(File.read(policyfile), policyfile)
|
37
|
+
elsif File.exist?(policyfile + '.rb')
|
38
|
+
instance_eval(File.read(policyfile + '.rb'), policyfile + '.rb')
|
39
|
+
else
|
40
|
+
Kernel.require(file)
|
41
|
+
end
|
42
|
+
end
|
43
|
+
|
44
|
+
def bucket(name)
|
45
|
+
name = name.to_s
|
46
|
+
|
47
|
+
if @result[name]
|
48
|
+
raise "Bucket `#{name}` is already defined"
|
49
|
+
end
|
50
|
+
|
51
|
+
@result[name] = yield
|
52
|
+
end
|
53
|
+
end
|
@@ -0,0 +1,41 @@
|
|
1
|
+
class Bukelatta::DSL::Converter
|
2
|
+
include Bukelatta::Utils::Helper
|
3
|
+
|
4
|
+
def self.convert(exported, options = {})
|
5
|
+
self.new(exported, options).convert
|
6
|
+
end
|
7
|
+
|
8
|
+
def initialize(exported, options = {})
|
9
|
+
@exported = exported
|
10
|
+
@options = options
|
11
|
+
end
|
12
|
+
|
13
|
+
def convert
|
14
|
+
output_buckets(@exported)
|
15
|
+
end
|
16
|
+
|
17
|
+
private
|
18
|
+
|
19
|
+
def output_buckets(policy_by_bucket)
|
20
|
+
buckets = []
|
21
|
+
|
22
|
+
policy_by_bucket.sort_by(&:first).each do |bucket_name, policy|
|
23
|
+
if not policy or not matched?(buckets)
|
24
|
+
next
|
25
|
+
end
|
26
|
+
|
27
|
+
buckets << output_bucket(bucket_name, policy)
|
28
|
+
end
|
29
|
+
|
30
|
+
buckets.join("\n")
|
31
|
+
end
|
32
|
+
|
33
|
+
def output_bucket(bucket_name, policy)
|
34
|
+
policy = policy.pretty_inspect.gsub(/^/, ' ').strip
|
35
|
+
<<-EOS
|
36
|
+
bucket #{bucket_name.inspect} do
|
37
|
+
#{policy}
|
38
|
+
end
|
39
|
+
EOS
|
40
|
+
end
|
41
|
+
end
|
@@ -0,0 +1,18 @@
|
|
1
|
+
module Bukelatta::DSL::TemplateHelper
|
2
|
+
def include_template(template_name, context = {})
|
3
|
+
tmplt = @context.templates[template_name.to_s]
|
4
|
+
|
5
|
+
unless tmplt
|
6
|
+
raise "Template `#{template_name}` is not defined"
|
7
|
+
end
|
8
|
+
|
9
|
+
context_orig = @context
|
10
|
+
@context = @context.merge(context)
|
11
|
+
instance_eval(&tmplt)
|
12
|
+
@context = context_orig
|
13
|
+
end
|
14
|
+
|
15
|
+
def context
|
16
|
+
@context
|
17
|
+
end
|
18
|
+
end
|
@@ -0,0 +1,11 @@
|
|
1
|
+
class Bukelatta::DSL
|
2
|
+
class << self
|
3
|
+
def convert(exported, options = {})
|
4
|
+
Bukelatta::DSL::Converter.convert(exported, options)
|
5
|
+
end
|
6
|
+
|
7
|
+
def parse(dsl, path, options = {})
|
8
|
+
Bukelatta::DSL::Context.eval(dsl, path, options).result
|
9
|
+
end
|
10
|
+
end # of class methods
|
11
|
+
end
|
@@ -0,0 +1,35 @@
|
|
1
|
+
class Bukelatta::Exporter
|
2
|
+
def self.export(client, options = {})
|
3
|
+
self.new(client, options).export
|
4
|
+
end
|
5
|
+
|
6
|
+
def initialize(client, options = {})
|
7
|
+
@client = client
|
8
|
+
@options = options
|
9
|
+
@resource = Aws::S3::Resource.new(client: @client)
|
10
|
+
end
|
11
|
+
|
12
|
+
def export
|
13
|
+
export_buckets
|
14
|
+
end
|
15
|
+
|
16
|
+
def export_buckets
|
17
|
+
result = {}
|
18
|
+
concurrency = @options[:request_concurrency]
|
19
|
+
|
20
|
+
buckets = @resource.buckets(concurrency: concurrency)
|
21
|
+
|
22
|
+
Parallel.each(buckets, in_threads: concurrency) do |bucket|
|
23
|
+
policy = export_bucket_policy(bucket)
|
24
|
+
result[bucket.name] = policy
|
25
|
+
end
|
26
|
+
|
27
|
+
result.sort_array!
|
28
|
+
end
|
29
|
+
|
30
|
+
def export_bucket_policy(bucket)
|
31
|
+
policy = JSON.parse(bucket.policy.policy.string)
|
32
|
+
rescue Aws::S3::Errors::NoSuchBucketPolicy
|
33
|
+
nil
|
34
|
+
end
|
35
|
+
end
|
@@ -0,0 +1,36 @@
|
|
1
|
+
module Bukelatta::Ext
|
2
|
+
module AwsS3ResourceExt
|
3
|
+
DEFULT_CONCURRENCY = 8
|
4
|
+
|
5
|
+
def buckets(options = {})
|
6
|
+
concurrency = options[:concurrency] || DEFULT_CONCURRENCY
|
7
|
+
|
8
|
+
Parallel.map(super(), in_threads: concurrency) do |b|
|
9
|
+
region_bucket0(b)
|
10
|
+
end
|
11
|
+
end
|
12
|
+
|
13
|
+
def region_bucket(name)
|
14
|
+
b = self.bucket(name)
|
15
|
+
region_bucket0(b)
|
16
|
+
end
|
17
|
+
|
18
|
+
private
|
19
|
+
|
20
|
+
def region_bucket0(b)
|
21
|
+
begin
|
22
|
+
b.objects.limit(1).first
|
23
|
+
b
|
24
|
+
rescue Aws::S3::Errors::PermanentRedirect => e
|
25
|
+
responce_body = e.context.http_response.body.read
|
26
|
+
responce_body = MultiXml.parse(responce_body)
|
27
|
+
endpoint = responce_body['Error']['Endpoint']
|
28
|
+
client = Aws::S3::Client.new(endpoint: "https://#{endpoint}")
|
29
|
+
resource = Aws::S3::Resource.new(client: client)
|
30
|
+
resource.bucket(b.name)
|
31
|
+
end
|
32
|
+
end
|
33
|
+
end
|
34
|
+
end
|
35
|
+
|
36
|
+
Aws::S3::Resource.prepend(Bukelatta::Ext::AwsS3ResourceExt)
|
@@ -0,0 +1,33 @@
|
|
1
|
+
module Bukelatta::Ext
|
2
|
+
module HashExt
|
3
|
+
def sort_array!
|
4
|
+
keys.each do |key|
|
5
|
+
value = self[key]
|
6
|
+
self[key] = sort_array0(value)
|
7
|
+
end
|
8
|
+
|
9
|
+
self
|
10
|
+
end
|
11
|
+
|
12
|
+
private
|
13
|
+
|
14
|
+
def sort_array0(value)
|
15
|
+
case value
|
16
|
+
when Hash
|
17
|
+
new_value = {}
|
18
|
+
|
19
|
+
value.each do |k, v|
|
20
|
+
new_value[k] = sort_array0(v)
|
21
|
+
end
|
22
|
+
|
23
|
+
new_value
|
24
|
+
when Array
|
25
|
+
value.map {|v| sort_array0(v) }.sort_by(&:to_s)
|
26
|
+
else
|
27
|
+
value
|
28
|
+
end
|
29
|
+
end
|
30
|
+
end
|
31
|
+
end
|
32
|
+
|
33
|
+
Hash.include(Bukelatta::Ext::HashExt)
|
@@ -0,0 +1,28 @@
|
|
1
|
+
module Bukelatta::Ext
|
2
|
+
module StringExt
|
3
|
+
module ClassMethods
|
4
|
+
def colorize=(value)
|
5
|
+
@colorize = value
|
6
|
+
end
|
7
|
+
|
8
|
+
def colorize
|
9
|
+
@colorize
|
10
|
+
end
|
11
|
+
end # ClassMethods
|
12
|
+
|
13
|
+
Term::ANSIColor::Attribute.named_attributes.each do |attribute|
|
14
|
+
class_eval(<<-EOS, __FILE__, __LINE__ + 1)
|
15
|
+
def #{attribute.name}
|
16
|
+
if String.colorize
|
17
|
+
Term::ANSIColor.send(#{attribute.name.inspect}, self)
|
18
|
+
else
|
19
|
+
self
|
20
|
+
end
|
21
|
+
end
|
22
|
+
EOS
|
23
|
+
end
|
24
|
+
end
|
25
|
+
end
|
26
|
+
|
27
|
+
String.include(Bukelatta::Ext::StringExt)
|
28
|
+
String.extend(Bukelatta::Ext::StringExt::ClassMethods)
|
@@ -0,0 +1,28 @@
|
|
1
|
+
class Bukelatta::Logger < ::Logger
|
2
|
+
include Singleton
|
3
|
+
|
4
|
+
def initialize
|
5
|
+
super($stdout)
|
6
|
+
|
7
|
+
self.formatter = proc do |severity, datetime, progname, msg|
|
8
|
+
"#{msg}\n"
|
9
|
+
end
|
10
|
+
|
11
|
+
self.level = Logger::INFO
|
12
|
+
end
|
13
|
+
|
14
|
+
def set_debug(value)
|
15
|
+
self.level = value ? Logger::DEBUG : Logger::INFO
|
16
|
+
end
|
17
|
+
|
18
|
+
module Helper
|
19
|
+
def log(level, message, log_options = {})
|
20
|
+
global_option = @options || {}
|
21
|
+
message = "[#{level.to_s.upcase}] #{message}" unless level == :info
|
22
|
+
message << ' (dry-run)' if global_option[:dry_run]
|
23
|
+
message = message.send(log_options[:color]) if log_options[:color]
|
24
|
+
logger = global_option[:logger] || Bukelatta::Logger.instance
|
25
|
+
logger.send(level, message)
|
26
|
+
end
|
27
|
+
end
|
28
|
+
end
|
@@ -0,0 +1,23 @@
|
|
1
|
+
class Bukelatta::Utils
|
2
|
+
module Helper
|
3
|
+
def matched?(name)
|
4
|
+
if @options[:target]
|
5
|
+
@options[:target] =~ name
|
6
|
+
else
|
7
|
+
true
|
8
|
+
end
|
9
|
+
end
|
10
|
+
|
11
|
+
def diff(obj1, obj2, options = {})
|
12
|
+
diffy = Diffy::Diff.new(
|
13
|
+
obj1.pretty_inspect,
|
14
|
+
obj2.pretty_inspect,
|
15
|
+
:diff => '-u'
|
16
|
+
)
|
17
|
+
|
18
|
+
out = diffy.to_s(options[:color] ? :color : :text).gsub(/\s+\z/m, '')
|
19
|
+
out.gsub!(/^/, options[:indent]) if options[:indent]
|
20
|
+
out
|
21
|
+
end
|
22
|
+
end
|
23
|
+
end
|
data/lib/bukelatta.rb
ADDED
@@ -0,0 +1,25 @@
|
|
1
|
+
require 'aws-sdk'
|
2
|
+
require 'diffy'
|
3
|
+
require 'hashie'
|
4
|
+
require 'json'
|
5
|
+
require 'logger'
|
6
|
+
require 'multi_xml'
|
7
|
+
require 'parallel'
|
8
|
+
require 'pp'
|
9
|
+
require 'singleton'
|
10
|
+
require 'term/ansicolor'
|
11
|
+
|
12
|
+
require 'bukelatta/version'
|
13
|
+
require 'bukelatta/ext/aws_s3_resource_ext'
|
14
|
+
require 'bukelatta/ext/hash_ext'
|
15
|
+
require 'bukelatta/ext/string_ext'
|
16
|
+
require 'bukelatta/logger'
|
17
|
+
require 'bukelatta/utils'
|
18
|
+
|
19
|
+
require 'bukelatta/client'
|
20
|
+
require 'bukelatta/driver'
|
21
|
+
require 'bukelatta/dsl'
|
22
|
+
require 'bukelatta/dsl/template_helper'
|
23
|
+
require 'bukelatta/dsl/context'
|
24
|
+
require 'bukelatta/dsl/converter'
|
25
|
+
require 'bukelatta/exporter'
|
metadata
ADDED
@@ -0,0 +1,196 @@
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
2
|
+
name: bukelatta
|
3
|
+
version: !ruby/object:Gem::Version
|
4
|
+
version: 0.1.0
|
5
|
+
platform: ruby
|
6
|
+
authors:
|
7
|
+
- winebarrel
|
8
|
+
autorequire:
|
9
|
+
bindir: exe
|
10
|
+
cert_chain: []
|
11
|
+
date: 2016-05-02 00:00:00.000000000 Z
|
12
|
+
dependencies:
|
13
|
+
- !ruby/object:Gem::Dependency
|
14
|
+
name: aws-sdk
|
15
|
+
requirement: !ruby/object:Gem::Requirement
|
16
|
+
requirements:
|
17
|
+
- - "~>"
|
18
|
+
- !ruby/object:Gem::Version
|
19
|
+
version: 2.3.0
|
20
|
+
type: :runtime
|
21
|
+
prerelease: false
|
22
|
+
version_requirements: !ruby/object:Gem::Requirement
|
23
|
+
requirements:
|
24
|
+
- - "~>"
|
25
|
+
- !ruby/object:Gem::Version
|
26
|
+
version: 2.3.0
|
27
|
+
- !ruby/object:Gem::Dependency
|
28
|
+
name: diffy
|
29
|
+
requirement: !ruby/object:Gem::Requirement
|
30
|
+
requirements:
|
31
|
+
- - ">="
|
32
|
+
- !ruby/object:Gem::Version
|
33
|
+
version: '0'
|
34
|
+
type: :runtime
|
35
|
+
prerelease: false
|
36
|
+
version_requirements: !ruby/object:Gem::Requirement
|
37
|
+
requirements:
|
38
|
+
- - ">="
|
39
|
+
- !ruby/object:Gem::Version
|
40
|
+
version: '0'
|
41
|
+
- !ruby/object:Gem::Dependency
|
42
|
+
name: hashie
|
43
|
+
requirement: !ruby/object:Gem::Requirement
|
44
|
+
requirements:
|
45
|
+
- - ">="
|
46
|
+
- !ruby/object:Gem::Version
|
47
|
+
version: '0'
|
48
|
+
type: :runtime
|
49
|
+
prerelease: false
|
50
|
+
version_requirements: !ruby/object:Gem::Requirement
|
51
|
+
requirements:
|
52
|
+
- - ">="
|
53
|
+
- !ruby/object:Gem::Version
|
54
|
+
version: '0'
|
55
|
+
- !ruby/object:Gem::Dependency
|
56
|
+
name: multi_xml
|
57
|
+
requirement: !ruby/object:Gem::Requirement
|
58
|
+
requirements:
|
59
|
+
- - ">="
|
60
|
+
- !ruby/object:Gem::Version
|
61
|
+
version: '0'
|
62
|
+
type: :runtime
|
63
|
+
prerelease: false
|
64
|
+
version_requirements: !ruby/object:Gem::Requirement
|
65
|
+
requirements:
|
66
|
+
- - ">="
|
67
|
+
- !ruby/object:Gem::Version
|
68
|
+
version: '0'
|
69
|
+
- !ruby/object:Gem::Dependency
|
70
|
+
name: parallel
|
71
|
+
requirement: !ruby/object:Gem::Requirement
|
72
|
+
requirements:
|
73
|
+
- - ">="
|
74
|
+
- !ruby/object:Gem::Version
|
75
|
+
version: '0'
|
76
|
+
type: :runtime
|
77
|
+
prerelease: false
|
78
|
+
version_requirements: !ruby/object:Gem::Requirement
|
79
|
+
requirements:
|
80
|
+
- - ">="
|
81
|
+
- !ruby/object:Gem::Version
|
82
|
+
version: '0'
|
83
|
+
- !ruby/object:Gem::Dependency
|
84
|
+
name: term-ansicolor
|
85
|
+
requirement: !ruby/object:Gem::Requirement
|
86
|
+
requirements:
|
87
|
+
- - ">="
|
88
|
+
- !ruby/object:Gem::Version
|
89
|
+
version: '0'
|
90
|
+
type: :runtime
|
91
|
+
prerelease: false
|
92
|
+
version_requirements: !ruby/object:Gem::Requirement
|
93
|
+
requirements:
|
94
|
+
- - ">="
|
95
|
+
- !ruby/object:Gem::Version
|
96
|
+
version: '0'
|
97
|
+
- !ruby/object:Gem::Dependency
|
98
|
+
name: bundler
|
99
|
+
requirement: !ruby/object:Gem::Requirement
|
100
|
+
requirements:
|
101
|
+
- - ">="
|
102
|
+
- !ruby/object:Gem::Version
|
103
|
+
version: '0'
|
104
|
+
type: :development
|
105
|
+
prerelease: false
|
106
|
+
version_requirements: !ruby/object:Gem::Requirement
|
107
|
+
requirements:
|
108
|
+
- - ">="
|
109
|
+
- !ruby/object:Gem::Version
|
110
|
+
version: '0'
|
111
|
+
- !ruby/object:Gem::Dependency
|
112
|
+
name: rake
|
113
|
+
requirement: !ruby/object:Gem::Requirement
|
114
|
+
requirements:
|
115
|
+
- - ">="
|
116
|
+
- !ruby/object:Gem::Version
|
117
|
+
version: '0'
|
118
|
+
type: :development
|
119
|
+
prerelease: false
|
120
|
+
version_requirements: !ruby/object:Gem::Requirement
|
121
|
+
requirements:
|
122
|
+
- - ">="
|
123
|
+
- !ruby/object:Gem::Version
|
124
|
+
version: '0'
|
125
|
+
- !ruby/object:Gem::Dependency
|
126
|
+
name: rspec
|
127
|
+
requirement: !ruby/object:Gem::Requirement
|
128
|
+
requirements:
|
129
|
+
- - "~>"
|
130
|
+
- !ruby/object:Gem::Version
|
131
|
+
version: '3.0'
|
132
|
+
type: :development
|
133
|
+
prerelease: false
|
134
|
+
version_requirements: !ruby/object:Gem::Requirement
|
135
|
+
requirements:
|
136
|
+
- - "~>"
|
137
|
+
- !ruby/object:Gem::Version
|
138
|
+
version: '3.0'
|
139
|
+
description: Bukelatta is a tool to manage S3 Bucket Policy.
|
140
|
+
email:
|
141
|
+
- sgwr_dts@yahoo.co.jp
|
142
|
+
executables:
|
143
|
+
- bukelatta
|
144
|
+
extensions: []
|
145
|
+
extra_rdoc_files: []
|
146
|
+
files:
|
147
|
+
- ".gitignore"
|
148
|
+
- ".rspec"
|
149
|
+
- ".travis.yml"
|
150
|
+
- Gemfile
|
151
|
+
- LICENSE.txt
|
152
|
+
- README.md
|
153
|
+
- Rakefile
|
154
|
+
- bin/console
|
155
|
+
- bin/setup
|
156
|
+
- bukelatta.gemspec
|
157
|
+
- exe/bukelatta
|
158
|
+
- lib/bukelatta.rb
|
159
|
+
- lib/bukelatta/client.rb
|
160
|
+
- lib/bukelatta/driver.rb
|
161
|
+
- lib/bukelatta/dsl.rb
|
162
|
+
- lib/bukelatta/dsl/context.rb
|
163
|
+
- lib/bukelatta/dsl/converter.rb
|
164
|
+
- lib/bukelatta/dsl/template_helper.rb
|
165
|
+
- lib/bukelatta/exporter.rb
|
166
|
+
- lib/bukelatta/ext/aws_s3_resource_ext.rb
|
167
|
+
- lib/bukelatta/ext/hash_ext.rb
|
168
|
+
- lib/bukelatta/ext/string_ext.rb
|
169
|
+
- lib/bukelatta/logger.rb
|
170
|
+
- lib/bukelatta/utils.rb
|
171
|
+
- lib/bukelatta/version.rb
|
172
|
+
homepage: https://github.com/winebarrel/bukelatta
|
173
|
+
licenses:
|
174
|
+
- MIT
|
175
|
+
metadata: {}
|
176
|
+
post_install_message:
|
177
|
+
rdoc_options: []
|
178
|
+
require_paths:
|
179
|
+
- lib
|
180
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
181
|
+
requirements:
|
182
|
+
- - ">="
|
183
|
+
- !ruby/object:Gem::Version
|
184
|
+
version: '0'
|
185
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
186
|
+
requirements:
|
187
|
+
- - ">="
|
188
|
+
- !ruby/object:Gem::Version
|
189
|
+
version: '0'
|
190
|
+
requirements: []
|
191
|
+
rubyforge_project:
|
192
|
+
rubygems_version: 2.4.5.1
|
193
|
+
signing_key:
|
194
|
+
specification_version: 4
|
195
|
+
summary: Bukelatta is a tool to manage S3 Bucket Policy.
|
196
|
+
test_files: []
|