cloudhealth-setup 0.0.10

data/bin/cloudhealth-setup

@@ -0,0 +1,10 @@
+#!/usr/bin/env ruby
+
+unless $:.include?(File.dirname(__FILE__) + '/../lib/')
+  $: << File.dirname(__FILE__) + '/../lib'
+end
+
+require 'rubygems'
+require 'cloudhealth-setup'
+
+Setup.run

data/bin/fog

@@ -0,0 +1,16 @@
+#!/usr/bin/env ruby
+#
+# This file was generated by Bundler.
+#
+# The application 'fog' is installed as part of a gem, and
+# this file is here to facilitate running it.
+#
+
+require 'pathname'
+ENV['BUNDLE_GEMFILE'] ||= File.expand_path("../../Gemfile",
+  Pathname.new(__FILE__).realpath)
+
+require 'rubygems'
+require 'bundler/setup'
+
+load Gem.bin_path('fog', 'fog')

data/bin/nokogiri

@@ -0,0 +1,16 @@
+#!/usr/bin/env ruby
+#
+# This file was generated by Bundler.
+#
+# The application 'nokogiri' is installed as part of a gem, and
+# this file is here to facilitate running it.
+#
+
+require 'pathname'
+ENV['BUNDLE_GEMFILE'] ||= File.expand_path("../../Gemfile",
+  Pathname.new(__FILE__).realpath)
+
+require 'rubygems'
+require 'bundler/setup'
+
+load Gem.bin_path('nokogiri', 'nokogiri')

data/cloudhealth-setup.gemspec

@@ -0,0 +1,26 @@
+Gem::Specification.new do |s|
+  s.name        = 'cloudhealth-setup'
+  s.version     = '0.0.10'
+  s.date        = '2013-08-31'
+  s.platform    = Gem::Platform::RUBY
+  s.authors     = ['CloudHealth Technologies']
+  s.email       = ['support@cloudhealthtech.com']
+  s.homepage    = 'http://www.cloudhealthtech.com'
+  s.summary     = 'Configures an Amazon AWS account for use with the CloudHealth service'
+  s.description = 'Configures an Amazon AWS account for use with the CloudHealth service, including creating a least privilege read only AWS user and enabling the retrieval of cost and usage information.'
+  s.license     = 'MIT'
+  s.has_rdoc    = false
+
+  s.add_dependency("nokogiri", "= 1.5.8")
+  s.add_dependency("fog", "= 1.12.1")
+  s.add_dependency("json", "= 1.8.0")
+  s.add_dependency("excon", "= 0.23.0")
+  s.add_dependency("mixlib-cli", "= 1.3.0")
+  s.add_dependency("mechanize", "= 2.5.1")
+  s.add_dependency("highline", "= 1.6.19")
+
+  s.bindir        = "bin"
+  s.files         = Dir.glob('{bin,lib}/**/*') + %w[cloudhealth-setup.gemspec]
+  s.executables   = Dir.glob('bin/**/*').map { |file| File.basename(file) }
+  s.require_paths = ['lib']
+end

data/lib/cht/aws.rb

@@ -0,0 +1,273 @@
+require "highline/system_extensions"
+include HighLine::SystemExtensions
+
+class Setup
+  def iam
+    begin
+      Fog::AWS::IAM.new({:aws_access_key_id => @aws_key, :aws_secret_access_key => @aws_secret})
+    rescue => e
+      critical_failure("Failed to connect to Amazon AWS IAM: Please ensure your provided credentials are correct and you have internet access. #{e if @verbose}")
+    end
+  end
+
+  def s3
+    begin
+      Fog::Storage.new({:provider => 'AWS', :aws_access_key_id => @aws_key, :aws_secret_access_key => @aws_secret})
+    rescue => e
+      critical_failure("Failed to connect to Amazon AWS S3: Please ensure your provided credentials are correct and you have internet access. #{e if @verbose}")
+    end
+  end
+
+  def check_iam_credentials
+    puts "Please wait, ensuring the provided credentials work."
+    begin
+      @iam.list_users
+    rescue => e
+      if @input_file.nil? || @input_file.empty?
+        # Single account mode
+        puts "Could not login to your account with the provided Amazon Web Services credentials. Please check your AWS Access Key and Secret Access Key and try again. If issue persists contact support@cloudhealthtech.com."
+        exit
+      else
+        # Multi account mode
+        raise SetupFailed, "Could not login to your account with the provided Amazon Web Services credentials. Please check your AWS Access Key and Secret Access Key and try again. If issue persists contact support@cloudhealthtech.com."
+      end
+    end
+  end
+
+  def test_ro_user
+    begin
+      if user_exists
+        puts "[X] AWS Read-Only user (#{@aws_ro_name}) is setup -- Exists"
+      else
+        puts "[ ] AWS Read-Only user (#{@aws_ro_name}) not setup -- No user"
+      end
+      if user_has_policy
+        puts "[X] AWS Read-Only user has a policy -- Exists"
+      else
+        puts "[ ] AWS Read-Only user has no policy -- No policy"
+      end
+    rescue => e
+      puts "    We were unable to test your read only user."
+      puts "    Please contact CloudHealth support at support@cloudhealthtech.com."
+      warning(e)
+    end
+  end
+
+  def uninstall_ro_user
+    begin
+      print "Delete Cloudhealth Read-only user #{@aws_ro_name},attached policies, profiles (y/n)? "
+      k = get_character
+      if k.chr == "y"
+        puts "Deleting user #{@aws_ro_name} and all associated policies and login profiles..."
+        user_policies = @iam.list_user_policies(@aws_ro_name)
+
+        user_policies.body['PolicyNames'].each do |policy|
+          puts "    Deleting user policy #{policy} attached to this user."
+          @iam.delete_user_policy(@aws_ro_name, policy)
+        end
+
+        puts "    Deleting users access keys..."
+        access_keys = @iam.list_access_keys('UserName' => @aws_ro_name).body
+
+        access_keys['AccessKeys'].each do |access_key|
+          puts "    Deleting access key #{access_key['AccessKeyId']}..."
+          @iam.delete_access_key(access_key['AccessKeyId'], 'UserName' => @aws_ro_name)
+        end
+
+        begin
+          puts "    Deleting login profile..."
+          @iam.delete_login_profile(@aws_ro_name)
+        rescue => e
+          puts "    User does not have a login profile, skipping."
+          warning(e)
+        end
+
+        puts "    Deleting user...."
+        @iam.delete_user(@aws_ro_name)
+        puts "    IAM User #{@aws_ro_name} deleted."
+      else
+        puts "    You did not agree to delete the AWS Read only user #{aws_ro_name}."
+      end
+    rescue => e
+      if defined? e.response
+        if e.response.status == 409
+          puts "    Could not delete user and/or login profile/policy, subordinate entities exist."
+        elsif e.response.status == 404
+          puts "    Could not delete user and/or login profile/policy, user/profile/policy does not exist."
+        else
+          puts "    Could not delete User or Policy/profile, unknown error: #{e.response.inspect}"
+        end
+      else
+        puts "    Could not delete: #{e.message}"
+        warning(e) if @verbose
+      end
+    end
+  end
+
+  def setup_ro_user
+    user_created = nil
+    begin
+      puts "Setting up AWS Read only user... "
+      if @aws_ro_name.nil?
+        puts "    Name not specified -- Skipping."
+      else
+        if user_exists
+          if @ro_user_exists
+            puts "    User #{@aws_ro_name} exists... continuing due to --user-exists"
+            puts "    Note: CSV Output file will NOT be complete. Since we did not create the aws read only user"
+            puts "          You must fill in the blanks of the CSV if you plan on importing the CSV on the website."
+          else
+            #TODO This should not exit() in multi-account import mode, it should be raised up and caught. e.g. SetupFailed
+            puts "User #{@aws_ro_name} exists already, If this was your intention please re-run with --user-exists and ensure you update the CSV manually or choose another username via -r <name>"
+            exit
+          end
+        else
+          puts "    Creating user... "
+          user_create = @iam.create_user(@aws_ro_name)
+          key_create = @iam.create_access_key('UserName' => @aws_ro_name)
+          access_key = key_create.body['AccessKey']['AccessKeyId']
+          secret_key = key_create.body['AccessKey']['SecretAccessKey']
+          arn = user_create.body['User']['Arn']
+          user_pass = create_user_password
+          @created_account.merge!(:access_key => access_key, :secret_key => secret_key, :user_pass => user_pass, :user => @aws_ro_name)
+          user_created = "    The user #{@aws_ro_name} has been created with password #{user_pass}, access key #{access_key}, and secret key #{secret_key}"
+        end
+        if user_has_policy
+          puts "    User policy already exists..."
+        else
+          puts "    Creating user policy... "
+          @iam.put_user_policy(@aws_ro_name, "CHTRoPolicy", aws_ro_policy)
+        end
+        puts user_created unless user_created.nil?
+        puts "    Setup of AWS Read only user completed"
+
+      end
+    rescue => e
+      puts "    We were unable to create a read only user."
+      puts "    Please contact CloudHealth support at support@cloudhealthtech.com."
+      warning(e)
+    end
+  end
+
+  def test_s3_bucket
+    begin
+      if @s3.directories.collect{|d| d.key}.include?(@setup_bucket)
+        puts "[X] S3 Billing bucket (#{@setup_bucket}) -- Enabled"
+      else
+        puts "[ ] S3 Billing bucket (#{@setup_bucket}) -- Does not exist"
+      end
+
+      if bucket_has_policy
+        puts "[X] S3 Billing bucket policy -- Exists"
+      else
+        puts "[ ] S3 Billing bucket policy -- No Policy"
+      end
+    rescue => e
+      puts "    We were unable to test your S3 billing bucket. You can manually enable this,"
+      puts "    by following these instructions: http://docs.aws.amazon.com/awsaccountbilling/latest/about/programaccess.html"
+      warning(e)
+    end
+  end
+
+  def setup_s3_bucket
+    begin
+      puts "Setting up S3 billing bucket... "
+      if @s3.directories.collect{|d| d.key}.include?(@setup_bucket)
+        puts "    Bucket exists..."
+      else
+        puts "    Creating bucket... "
+        begin
+          @s3.directories.create(:key => @setup_bucket, :public => false)
+        rescue => e
+          if e.response.status == 409
+            puts "    The bucket you are trying to use is already created, but owned by another account. Please use another bucket name."
+          else
+            raise e
+          end
+        end
+      end
+
+      if bucket_has_policy
+        puts "    Bucket already has policy... "
+      else
+        puts "    Creating bucket policy..."
+        @s3.put_bucket_policy(@setup_bucket, bucket_policy)
+      end
+      @created_account.merge!(:s3_bucket => @setup_bucket)
+      puts "    Bucket setup finished"
+    rescue => e
+      puts "    We were unable to setup an S3 billing bucket. You can manually enable this,"
+      puts "    by following these instructions: http://docs.aws.amazon.com/awsaccountbilling/latest/about/programaccess.html"
+      warning(e)
+    end
+  end
+
+  def user_exists
+    begin
+      @iam.get_user(@aws_ro_name)
+      true
+    rescue
+      false
+    end
+  end
+
+  def test_account_alias
+    begin
+      acct_aliases = @iam.list_account_aliases.body['AccountAliases']
+      if acct_aliases.empty?
+        puts "[ ] AWS Account alias is not setup, Account ID: #{@aws_account_id} used instead -- Not setup"
+      else
+        puts "[X] AWS Account alias(es) are setup (#{acct_aliases.map{|aa| aa.strip}.join(', ')}), ID: #{@aws_account_id} -- Setup"
+      end
+    rescue => e
+      puts "    We were unable to check for an account alias."
+      puts "    Please contact CloudHealth support at support@cloudhealthtech.com"
+      warning(e)
+    end
+  end
+
+  def setup_account_alias
+    begin
+      if @aws_acct_alias.nil?
+        puts "AWS account alias not given, will use account id: #{@created_account[:account_id]} -- Skipping alias setup."
+        @created_account.merge!(:account_alias => @created_account[:account_id],
+                                :account_url => "https://#{@created_account[:account_id]}.signin.aws.amazon.com/")
+      else
+        puts "Setting up account alias... "
+        begin
+          @iam.create_account_alias(@aws_acct_alias)
+          puts "    alias set to #{@aws_acct_alias}..."
+        rescue => e
+          if e.class == Fog::AWS::IAM::EntityAlreadyExists
+            puts "    Account alias was already set."
+          elsif e.response.status == 409
+            puts "    Account alias was already set."
+          else
+            raise e
+          end
+        end
+        @created_account.merge!(:account_alias => @aws_acct_alias,
+                                :account_url => "https://#{@aws_acct_alias}.signin.aws.amazon.com/")
+      end
+    rescue => e
+      puts "    We were unable to create an account alias."
+      puts "    Please contact CloudHealth support at support@cloudhealthtech.com"
+      warning(e)
+    end
+  end
+
+  def create_user_password
+    puts "    Setting user password"
+    pw = SecureRandom.hex
+    begin
+      @iam.create_login_profile(@aws_ro_name, pw)
+    rescue => e
+      if e.response.status == 409
+        puts "    User already had a password set..."
+      else
+        raise e
+      end
+    end
+    pw
+  end
+end

data/lib/cht/error_handling.rb

@@ -0,0 +1,16 @@
+class SetupFailed < StandardError
+end
+
+class Setup
+  def critical_failure(message)
+    puts message
+    #raise SetupFailed, message
+  end
+
+  def warning(e)
+    if @verbose
+      puts e
+      puts e.backtrace
+    end
+  end
+end

data/lib/cht/mechanize.rb

@@ -0,0 +1,336 @@
+class Setup
+  AWS_LOGIN_URL = 'https://www.amazon.com/ap/signin?openid.assoc_handle=aws&openid.return_to=https%3A%2F%2Fportal.aws.amazon.com%2Fgp%2Faws%2Fdeveloper%2Faccount%2Findex.html%3Fie%3DUTF8%26action%3Dactivity-summary&openid.mode=checkid_setup&openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0&openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select&action=&disableCorpSignUp=&clientContext=&marketPlaceId=&poolName=&authCookies=&pageId=aws.ssop&siteState=&accountStatusPolicy=&sso=&openid.pape.preferred_auth_policies=MultifactorPhysical&openid.pape.max_auth_age=3600&openid.ns.pape=http%3A%2F%2Fspecs.openid.net%2Fextensions%2Fpape%2F1.0&server=%2Fap%2Fsignin%3Fie%3DUTF8&accountPoolAlias='
+
+  def mech_browser
+    # Creating Mechanize object
+    browser = Mechanize.new
+    browser.verify_mode = OpenSSL::SSL::VERIFY_NONE
+    browser.redirect_ok = true
+    # Let's give some header here
+    browser.request_headers['User-Agent'] = 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_4) AppleWebKit/537.4 (KHTML, like Gecko) Chrome/22.0.1229.94 Safari/537.4'
+    browser.request_headers['Accept'] = 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8'
+    browser.request_headers['application/xml'] = '*/*'
+    browser
+  end
+
+  def get_page
+    begin
+      url = AWS_LOGIN_URL
+      page = @browser.get(url)
+      signed_in = page.link_with(:text => "Sign Out")
+
+      if signed_in.nil? # Since @browser is shared, sometimes we are already logged in.
+          form = page.form_with(:name => 'signIn')
+          form['email'] = @aws_user
+          form['password'] = @aws_pass
+          login_page = form.submit
+
+          if login_page.code.to_i != 200
+            puts "The login page returned error code #{login_page.code}"
+            raise SetupFailed, "   Could not login to AWS Web Console, Amazon may be experiencing issues or the credentials you provided are incorrect. HTTP Code: #{login_page.code}"
+          end
+      end
+
+      account_id_search = page.search('//span[@class="txtxxsm"]/text()')
+      unless account_id_search.nil? || account_id_search.size == 0 || @created_account[:account_id]
+        firstw, secondw, account_id_long = account_id_search.first.content.strip.split(" ")
+        account_id = account_id_long.gsub("-","")
+        puts "    Account ID for this account is: #{account_id.to_s}" if @verbose
+        @aws_account_id = account_id
+        @created_account.merge!(:account_id => account_id)
+      end
+
+      page = @browser.get("https://portal.aws.amazon.com/gp/aws/developer/account?ie=UTF8&action=billing-preferences")
+
+      if page.code.to_i != 200
+        raise SetupFailed, "  Could not login to AWS Web Console, Amazon may be experiencing issues or the credentials you provided are incorrect. HTTP Code: #{page.code}"
+      end
+
+      page
+    rescue => e
+      raise SetupFailed, e
+    end
+  end
+
+  def check_web_credentials
+    get_page
+    get_page # We run this twice, only on the second login do we find our account id on the initial page. This primes the pump so to speak anyway for subsequent usage. TODO: Fix me
+    if @aws_account_id.nil? || @aws_account_id.empty?
+      if @input_file.nil? || @input_file.empty?
+        # Single account mode
+        puts "Could not login to your account with the provided Amazon Web Services credentials. Please check your provided email address and password and try again. If issue persists contact support@cloudhealthtech.com."
+        exit
+      else
+        # Multi account mode
+        raise SetupFailed, "Could not login to your account with the provided Amazon Web Services credentials. Please check your provided email address and password and try again. If issue persists contact support@cloudhealthtech.com."
+      end
+    end
+  end
+
+  def test_consolidated
+    page = @browser.get("https://portal.aws.amazon.com/gp/aws/developer/account?ie=UTF8&action=consolidated-billing")
+    consolidated_link = page.link_with(:href => "https://portal.aws.amazon.com/gp/aws/developer/subscription/index.html?ie=UTF8&productCode=AWSCBill")
+    if consolidated_link.nil?
+      puts "[O] Account is setup on consolidated billing - Optional"
+    else
+      #We must be on consolidated billing
+      puts "[O] Account is not on consolidated billing - Optional"
+    end
+  end
+
+  def account_consolidated
+    page = @browser.get("https://portal.aws.amazon.com/gp/aws/developer/account?ie=UTF8&action=consolidated-billing")
+    consolidated_link = page.link_with(:href => "https://portal.aws.amazon.com/gp/aws/developer/subscription/index.html?ie=UTF8&productCode=AWSCBill")
+    if consolidated_link.nil?
+      @created_account.merge!(:consolidated => true)
+      puts "Account is on consolidated billing"
+    else
+      #We must be on consolidated billing
+      @created_account.merge!(:consolidated => false)
+      puts "Account is not on consolidated billing"
+    end
+  end
+
+  def dump_page(page)
+      no = rand(500)
+      puts "Writing out page as #{no}.html"
+      File.open("#{no}.html", 'w') do |file|
+          file << page.body
+      end
+  end
+
+  def test_monthly_report
+    begin
+      page = get_page
+      monthly_report_form = page.form_with(:name => "csvReportOptInForm")
+      mrf_enabled = monthly_report_form.field_with(:name => "buttonOption")
+
+      if mrf_enabled.value == "EnableCSVReport"
+        puts "[ ] Monthly report -- Disabled"
+      elsif mrf_enabled.value == "CancelCSVReport"
+        puts "[X] Monthly report -- Enabled"
+      end
+    rescue => e
+      puts "    We were unable to test if monthly report access is enabled."
+      puts "    This setting can be checked manually under Billing Preferences from the AWS Account page."
+      warning(e)
+    end
+  end
+
+  def setup_monthly_report
+    begin
+      puts "Setting up monthly report access... "
+      page = get_page
+      monthly_report_form = page.form_with(:name => "csvReportOptInForm")
+      mrf_enabled = monthly_report_form.field_with(:name => "buttonOption")
+
+      if mrf_enabled.value == "EnableCSVReport"
+        puts "    Report not enabled, enabling... "
+        monthly_report_form.submit
+      elsif mrf_enabled.value == "CancelCSVReport"
+        puts "    Report already enabled... "
+      end
+      puts "    Monthly report access setup complete."
+    rescue => e
+      puts "    We were unable to setup monthly report access."
+      puts "    This setting can be enabled manually under Billing Preferences from the AWS Account page."
+      warning(e)
+    end
+  end
+
+  def test_prog_access
+    begin
+      page = get_page
+      prog_access_form = page.form_with(:name => "paOptInForm")
+      paf_enabled = prog_access_form.field_with(:name => "existingS3BucketName")
+
+      if paf_enabled.nil?
+        puts "[ ] Programmatic access not setup -- Disabled"
+      else
+        puts "[X] Programmatic access is setup -- Enabled"
+      end
+    rescue => e
+      puts "    We were unable to test programmatic access to your billing information."
+      puts "    You can manually enable/test this by following these instructions: http://docs.aws.amazon.com/awsaccountbilling/latest/about/programaccess.html"
+      warning(e)
+    end
+  end
+
+  def setup_prog_access
+    begin
+      puts "Setting up programmatic access to billing... "
+      page = get_page
+      prog_access_form = page.form_with(:name => "paOptInForm")
+      paf_enabled = prog_access_form.field_with(:name => "existingS3BucketName")
+
+      if paf_enabled.nil?
+        puts "    Enabling access in bucket #{@setup_bucket}... "
+        prog_access_form['s3BucketName'] = @setup_bucket
+        prog_access_form.submit
+      else
+        puts "    Access already enabled..."
+      end
+      puts "    Setup of programmatic access to billing finished"
+    rescue => e
+      puts "    We were unable to setup programmatic access to your billing information."
+      puts "    You can manually enable this by following these instructions: http://docs.aws.amazon.com/awsaccountbilling/latest/about/programaccess.html"
+      warning(e)
+    end
+  end
+
+  def test_detailed_billing
+    begin
+      page = get_page
+      detailed_billing_form = page.form_with(:name=>'hourlyOptInForm')
+      bill_enabled = detailed_billing_form.field_with(:name => "buttonOptionHourly")
+
+      if bill_enabled.value == "EnableHourly"
+        puts "[ ] Detailed billing report not setup -- Disabled"
+      elsif bill_enabled.value == "DisableHourly"
+        puts "[X] Detailed billing report setup -- Enabled"
+      end
+    rescue => e
+      puts "    We were unable to test detailed billing reports."
+      puts "    This setting can be enabled/tested manually under Billing Preferences from the AWS account page."
+      warning(e)
+    end
+  end
+
+  def setup_detailed_billing
+    begin
+      puts "Setting up detailed billing report..."
+      page = get_page
+      detailed_billing_form = page.form_with(:name=>'hourlyOptInForm')
+      bill_enabled = detailed_billing_form.field_with(:name => "buttonOptionHourly")
+
+      if bill_enabled.value == "EnableHourly"
+        puts "    Enabling detailed billing report... "
+        detailed_billing_form.submit
+      elsif bill_enabled.value == "DisableHourly"
+        puts "    Report already enabled... "
+      end
+      puts "    Report setup finished"
+    rescue => e
+      puts "    We were unable to enable detailed billing reports."
+      puts "    This setting can be enabled manually under Billing Preferences from the AWS account page."
+      warning(e)
+    end
+  end
+
+  def test_cost_alloc
+    begin
+      page = get_page
+      cost_alloc_form = page.form_with(:name=>'carOptInForm')
+      car_enabled = cost_alloc_form.field_with(:name => "buttonOptionCAR")
+
+      if car_enabled.value == "EnableCAR"
+        puts "[ ] Cost allocation report not setup -- Disabled"
+      elsif car_enabled.value == "DisableCAR"
+        puts "[X] Cost allocation report setup -- Enabled"
+      end
+    rescue => e
+      puts "    We were unable to test cost allocation reports."
+      puts "    This setting can be tested manually under Billing Preferences from the AWS account page."
+      warning(e)
+    end
+  end
+
+  def setup_cost_alloc
+    begin
+      puts "Setting up cost allocation report... "
+      page = get_page
+      cost_alloc_form = page.form_with(:name=>'carOptInForm')
+      car_enabled = cost_alloc_form.field_with(:name => "buttonOptionCAR")
+
+      if car_enabled.value == "EnableCAR"
+        puts "    Enabling cost allocation report... "
+        cost_alloc_form.submit
+      elsif car_enabled.value == "DisableCAR"
+        puts "    Report already enabled... "
+      end
+      puts "    Report setup finished"
+    rescue => e
+      puts "    We were unable to enable cost allocation reports."
+      puts "    This setting can be enabled manually under Billing Preferences from the AWS account page."
+      warning(e)
+    end
+  end
+
+  def test_checkboxes
+    begin
+      get_page
+      page = @browser.get("https://portal.aws.amazon.com/gp/aws/manageYourAccount")
+      checkbox_account_activity_search = page.search('[@id="account_activity_checkbox"]')
+      usage_report_search = page.search('[@id="usage_reports_checkbox"]')
+      activate_button_search = page.search('[@id="activateIAMUserAccess"]')
+      deactivate_button_search = page.search('[@id="deactivateIAMUserAccess"]')
+
+      activate_hidden = begin
+                          activate_button_search.first.attributes['style'].value.include?("display:none")
+                        rescue
+                          false
+                        end
+
+      deactivate_hidden = begin
+                            deactivate_button_search.first.attributes['style'].value.include?("display:none")
+                          rescue
+                            false
+                          end
+
+      if activate_hidden
+        #Activate button is hidden, Deactivate is shown
+        if checkbox_account_activity_search.first.attributes['checked'].nil?
+          # Not checked
+          puts "[ ] IAM access to Account Activity not setup -- Disabled"
+        else
+          # Checked
+          puts "[X] IAM access to Account Activity is setup -- Enabled"
+        end
+        if usage_report_search.first.attributes['checked'].nil?
+          # Not checked
+          puts "[ ] IAM access to Usage Reports not setup -- Disabled"
+        else
+          # Checked
+          puts "[X] IAM access to Usage Reports is setup -- Enabled"
+        end
+      elsif deactivate_hidden
+        #Deactivate button is hidden, Activate shown
+        if checkbox_account_activity_search.first.attributes['checked'].nil?
+          # Not checked
+          puts "[X] IAM access to Account Activity is setup -- Enabled"
+        else
+          # Checked
+          puts "[ ] IAM access to Account Activity not setup -- Disabled"
+        end
+        if usage_report_search.first.attributes['checked'].nil?
+          # Not checked
+          puts "[X] IAM access to Usage Reports is setup -- Enabled"
+        else
+          # Checked
+          puts "[ ] IAM access to Usage Reports not setup -- Disabled"
+        end
+      else
+        puts "[ ] Could not get status of IAM Usage report & Account activity checkboxes - Unknown"
+      end
+    rescue => e
+      warning(e)
+    end
+  end
+
+  def setup_checkboxes
+    checkbox_setup_error = "    We were unable to enable account activity & usage reports.\n    This setting can be enabled manually under the Manage Your Account from the AWS account page."
+    begin
+      puts "Enabling account activity & usage reports..."
+      page = @browser.get("https://portal.aws.amazon.com/gp/aws/manageYourAccount?action=updateIAMUserAccess&activateaa=1&activateur=1")
+      json = JSON.parse(page.body)
+      if json["error"] != "0"
+        puts checkbox_setup_error
+      else
+        puts "    Activity & Usage reports enabled."
+      end
+    rescue => e
+      puts checkbox_setup_error
+      warning(e)
+    end
+  end
+end

data/lib/cht/output.rb

@@ -0,0 +1,32 @@
+class Setup
+  def self.write_csv(accounts, filename)
+    file_exists = File.exists?(filename)
+    mode = if file_exists
+             if @overwrite_file
+               puts "CSV Output file #{filename} exists! Overwriting the file per --overwrite."
+               "wb"
+             else
+               puts "CSV Output file #{filename} exists! Appending to existing file."
+               "ab"
+             end
+           else
+             "wb"
+           end
+
+    count = 0
+    CSV.open(filename, mode) do |csv|
+      unless mode == "ab"
+        csv << ["Account ID", "Console URL", "IAM Username", "IAM Password", "AWS Access Key", "AWS Access Secret", "S3 Bucket", "Is Consolidated?"]
+      end
+      accounts.each do |account|
+        count += 1
+        csv << [account[:account_id], account[:account_url], account[:user], account[:user_pass], account[:access_key], account[:secret_key], account[:s3_bucket], account[:consolidated]]
+      end
+    end
+    puts "Finished setting up #{count} account(s). CSV File path: #{filename}"
+  end
+
+  def response
+    @created_account
+  end
+end

data/lib/cht/policy.rb

@@ -0,0 +1,108 @@
+class Setup
+  def bucket_has_policy
+    begin
+      @s3.get_bucket_policy(@setup_bucket)
+      true
+    rescue
+      false
+    end
+  end
+
+  def user_has_policy
+    begin
+      @iam.get_user_policy("CHTRoPolicy", @aws_ro_name)
+      true
+    rescue
+      false
+    end
+  end
+
+  def bucket_policy
+    { "Version" => "2008-10-17",
+      "Id" => "Policy1335892530063",
+      "Statement" => [
+        {
+          "Sid" => "Stmt1335892150622",
+          "Effect" => "Allow",
+          "Principal" => {
+            "AWS" => "arn:aws:iam::386209384616:root"
+          },
+          "Action" => ["s3:GetBucketAcl", "s3:GetBucketPolicy"],
+          "Resource" => "arn:aws:s3:::#{@setup_bucket}"
+        },
+        {
+          "Sid" => "Stmt1335892526596",
+          "Effect" => "Allow",
+          "Principal" => {
+            "AWS" => "arn:aws:iam::386209384616:root"
+          },
+          "Action" => ["s3:PutObject"],
+          "Resource" => "arn:aws:s3:::#{@setup_bucket}/*"
+        }
+      ]
+    }
+  end
+  def aws_ro_policy
+    {
+      "Statement" => [
+        {
+          "Effect" => "Allow",
+          "Action" => [
+            "aws-portal:ViewBilling",
+            "aws-portal:ViewUsage",
+            "autoscaling:Describe*",
+            "cloudformation:ListStacks",
+            "cloudformation:ListStackResources",
+            "cloudformation:DescribeStacks",
+            "cloudformation:DescribeStackEvents",
+            "cloudformation:DescribeStackResources",
+            "cloudformation:GetTemplate",
+            "cloudfront:Get*",
+            "cloudfront:List*",
+            "cloudwatch:Describe*",
+            "cloudwatch:Get*",
+            "cloudwatch:List*",
+            "dynamodb:DescribeTable",
+            "dynamodb:ListTables",
+            "ec2:Describe*",
+            "elasticache:Describe*",
+            "elasticbeanstalk:Check*",
+            "elasticbeanstalk:Describe*",
+            "elasticbeanstalk:List*",
+            "elasticbeanstalk:RequestEnvironmentInfo",
+            "elasticbeanstalk:RetrieveEnvironmentInfo",
+            "elasticloadbalancing:Describe*",
+            "iam:List*",
+            "iam:Get*",
+            "redshift:Describe*",
+            "route53:Get*",
+            "route53:List*",
+            "rds:Describe*",
+            "s3:List*",
+            "sdb:GetAttributes",
+            "sdb:List*",
+            "sdb:Select*",
+            "ses:Get*",
+            "ses:List*",
+            "sns:Get*",
+            "sns:List*",
+            "sqs:GetQueueAttributes",
+            "sqs:ListQueues",
+            "sqs:ReceiveMessage",
+            "storagegateway:List*",
+            "storagegateway:Describe*"
+          ],
+          "Resource" => "*"
+        },
+        {
+          "Effect" => "Allow",
+          "Action" => [ "s3:Get*","s3:List*" ],
+          "Resource" => [
+            "arn:aws:s3:::#{@setup_bucket}",
+            "arn:aws:s3:::#{@setup_bucket}/*"
+          ]
+        }
+      ]
+    }
+  end
+end

data/lib/cloudhealth-setup.rb

@@ -0,0 +1,244 @@
+gem "fog", "1.12.1"
+gem "json", "1.8.0"
+gem "excon", "0.23.0"
+gem "mixlib-cli", "1.3.0"
+gem "mechanize", "2.5.1"
+gem "highline", "1.6.19"
+gem "nokogiri", "1.5.8"
+
+require "fog"
+require "mixlib/cli"
+require "json"
+require "mechanize"
+require "excon"
+require "highline/import"
+require "securerandom"
+require "csv"
+
+# Ruby 1.8.7 hack for compatability
+unless Kernel.respond_to?(:require_relative)
+  module Kernel
+    def require_relative(path)
+      require File.join(File.dirname(caller[0]), path.to_str)
+    end
+  end
+end
+
+require_relative "cht/aws"
+require_relative "cht/mechanize"
+require_relative "cht/policy"
+require_relative "cht/error_handling"
+require_relative "cht/output"
+
+
+class MyCLI
+  include Mixlib::CLI
+
+  option :output_file,
+    :short => "-o OUTFILE",
+    :long => "--output-file OUTFILE",
+    :default => "./cloudhealth-accounts.csv",
+    :description => "Output CSV"
+
+  option :overwrite_file,
+    :long => "--overwrite",
+    :boolean => true,
+    :description => "Overwrite output file if it exists."
+
+  option :input_file,
+    :short => "-i INPUT",
+    :long => "--input-file INPUT",
+    :description => "INPUT CSV File"
+
+  option :aws_acct_alias,
+    :long => "--account-alias ALIAS",
+    :description => "Set an AWS Account alias"
+
+  option :aws_user,
+    :short => "-u USER",
+    :long => "--aws-user USER",
+    :description => "AWS Username"
+
+  option :aws_pass,
+    :short => "-p PASS",
+    :long => "--aws-pass PASS",
+    :description => "AWS Password"
+
+  option :aws_key,
+    :short => "-k KEY",
+    :long => "--aws-key KEY",
+    :description => "AWS Key"
+
+  option :aws_secret,
+    :short => "-s SECRET",
+    :long => "--aws-secret SECRET",
+    :description => "AWS Secret"
+
+  option :setup_bucket,
+    :short => "-b BUCKET",
+    :long => "--setup-billing-bucket BUCKET",
+    :description => "Name of billing bucket to create/use."
+
+  option :aws_ro_name,
+    :short => "-r READONLY",
+    :long => "--aws-ro-name READONLY",
+    :default => "cloudhealth",
+    :description => "Name of the Read only account to create in AWS"
+
+  option :ro_user_exists,
+    :long => "--user-exists",
+    :boolean => true,
+    :description => "AWS Read-only user exists, Perform other setup anyway (CSV will not be complete)"
+
+  option :verbose,
+    :short => "-v",
+    :long => "--verbose",
+    :description => "Enable verbose output / stack trace errors",
+    :boolean => true
+
+  option :help,
+    :short => "-h",
+    :long => "--help",
+    :description => "Help",
+    :on => :tail,
+    :boolean => true,
+    :show_options => true,
+    :exit => 0
+
+end
+
+
+class CsvImport
+  def initialize(filename)
+    @filename = filename
+  end
+
+  def import_file # Make me work!
+  end
+end
+
+class Setup
+  attr_accessor :aws_key, :aws_secret, :aws_user, :aws_pass, :output_file, :input_file, :aws_url, :setup_bucket, :aws_ro_name, :aws_acct_alias, :account_name, :aws_account_id
+
+  def initialize(options)
+    manual_input = ensure_options(options)
+    options.merge!(manual_input)
+    @aws_key = options[:aws_key]
+    @aws_secret = options[:aws_secret]
+    @output_file = options[:output_file]
+    @input_file = options[:input_file]
+    @aws_user = options[:aws_user]
+    @aws_pass = options[:aws_pass]
+    @setup_bucket = options[:setup_bucket]
+    @aws_ro_name = options[:aws_ro_name]
+    @aws_acct_alias = options[:aws_acct_alias]
+    @aws_account_id = nil
+    @verbose = options[:verbose]
+    @overwrite_file = options[:overwrite_file]
+    @ro_user_exists = options[:ro_user_exists]
+    @created_account = {}
+    @iam = iam
+    @s3 = s3
+    @browser = mech_browser
+    @mode = ARGV[0]
+  end
+
+  def ensure_options(input)
+    # If things dont exist in the options that are required, or required in a combination.
+    output_opts = {}
+
+    if input[:aws_key].nil?
+      output_opts[:aws_key] = ask("Input AWS Key: ") do |q|
+        q.responses[:not_valid] = "You must enter a 20 char AWS Access Key ID"
+        q.responses[:invalid_type] = "You must enter a 20 char AWS Access Key ID"
+        q.validate = lambda {|p| p.length == 20 }
+      end
+    end
+
+    if input[:aws_secret].nil?
+      output_opts[:aws_secret] = ask("Input AWS Secret: ") do |q|
+        q.responses[:not_valid] = "You must enter a 40 char AWS Access Secret Key"
+        q.responses[:invalid_type] = "You must enter a 40 char AWS Access Secret Key"
+        q.validate = lambda {|p| p.length == 40 }
+      end
+    end
+
+    if input[:aws_user].nil?
+      output_opts[:aws_user] = ask("Input AWS Email/Username: ") do |q|
+        q.responses[:not_valid] = "You must enter a valid Email/Username"
+        q.responses[:invalid_type] = "You must enter a valid Email/Username"
+        q.validate = lambda {|p| p.length > 5 }
+      end
+    end
+
+    if input[:aws_pass].nil?
+      output_opts[:aws_pass] = ask("Input AWS Password: ") do |q|
+        q.responses[:not_valid] = "You must enter a valid password"
+        q.responses[:invalid_type] = "You must enter a valid password"
+        q.validate = lambda {|p| p.length > 4 }
+      end
+    end
+
+    if input[:setup_bucket].nil?
+      output_opts[:setup_bucket] = ask("Input S3 Bucket name to setup for billing: ")
+    end
+
+    output_opts
+
+  end
+
+  def self.run
+    cli = MyCLI.new
+    cli.banner = "Usage: cloudhealth-setup test|install|uninstall (options)"
+    cli.parse_options
+    accounts_to_setup = []
+    accounts_processed = []
+    if ARGV[0].nil?
+      puts cli.opt_parser
+      exit
+    end
+
+    if cli.config[:input_file]
+      puts "Starting CloudHealth setup in multi-account setup mode, using input file #{cli.config[:input_file]}"
+      accounts_to_setup << CsvImport.import_file(cli.config[:input_file])
+    else
+      puts "Starting CloudHealth setup in single account mode."
+      accounts_to_setup << cli.config
+    end
+
+    accounts_to_setup.each do |account_options|
+      new_account = Setup.new(account_options)
+
+      case ARGV[0]
+      when "install"
+        new_account.check_iam_credentials
+        new_account.check_web_credentials
+        new_account.setup_monthly_report
+        new_account.setup_s3_bucket
+        new_account.setup_prog_access
+        new_account.setup_detailed_billing
+        new_account.setup_cost_alloc
+        new_account.setup_checkboxes
+        new_account.setup_ro_user
+        new_account.setup_account_alias
+        new_account.account_consolidated
+        accounts_processed << new_account.response
+      when "test"
+        new_account.test_monthly_report
+        new_account.test_s3_bucket
+        new_account.test_prog_access
+        new_account.test_detailed_billing
+        new_account.test_cost_alloc
+        new_account.test_checkboxes
+        new_account.test_ro_user
+        new_account.test_account_alias
+        new_account.test_consolidated
+      when "uninstall"
+        new_account.uninstall_ro_user
+      else
+        puts cli.opt_parser
+      end
+    end
+    Setup.write_csv(accounts_processed, cli.config[:output_file]) if ARGV[0] == "install"
+  end
+end

metadata

@@ -0,0 +1,174 @@
+--- !ruby/object:Gem::Specification
+name: cloudhealth-setup
+version: !ruby/object:Gem::Version
+  version: 0.0.10
+  prerelease: 
+platform: ruby
+authors:
+- CloudHealth Technologies
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2013-08-31 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: nokogiri
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 1.5.8
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 1.5.8
+- !ruby/object:Gem::Dependency
+  name: fog
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 1.12.1
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 1.12.1
+- !ruby/object:Gem::Dependency
+  name: json
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 1.8.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 1.8.0
+- !ruby/object:Gem::Dependency
+  name: excon
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 0.23.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 0.23.0
+- !ruby/object:Gem::Dependency
+  name: mixlib-cli
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 1.3.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 1.3.0
+- !ruby/object:Gem::Dependency
+  name: mechanize
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 2.5.1
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 2.5.1
+- !ruby/object:Gem::Dependency
+  name: highline
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 1.6.19
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 1.6.19
+description: Configures an Amazon AWS account for use with the CloudHealth service,
+  including creating a least privilege read only AWS user and enabling the retrieval
+  of cost and usage information.
+email:
+- support@cloudhealthtech.com
+executables:
+- cloudhealth-setup
+- fog
+- nokogiri
+extensions: []
+extra_rdoc_files: []
+files:
+- bin/cloudhealth-setup
+- bin/fog
+- bin/nokogiri
+- lib/cht/aws.rb
+- lib/cht/error_handling.rb
+- lib/cht/mechanize.rb
+- lib/cht/output.rb
+- lib/cht/policy.rb
+- lib/cloudhealth-setup.rb
+- cloudhealth-setup.gemspec
+homepage: http://www.cloudhealthtech.com
+licenses:
+- MIT
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 1.8.25
+signing_key: 
+specification_version: 3
+summary: Configures an Amazon AWS account for use with the CloudHealth service
+test_files: []
+has_rdoc: false