cucloud 0.4.0 → 0.5.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +8 -8
- data/lib/cucloud/asg_utils.rb +2 -6
- data/lib/cucloud/config_service_utils.rb +7 -0
- data/lib/cucloud/iam_utils.rb +14 -27
- data/lib/cucloud/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,15 +1,15 @@
|
|
|
1
1
|
---
|
|
2
2
|
!binary "U0hBMQ==":
|
|
3
3
|
metadata.gz: !binary |-
|
|
4
|
-
|
|
4
|
+
Y2I4NDQwZTdiOTNjZDdlNmJlYmE3NTM4YTIxNWIyN2QwYTU1YzFmMA==
|
|
5
5
|
data.tar.gz: !binary |-
|
|
6
|
-
|
|
6
|
+
NGI4NWI2ZWE0NGVkODUyZWU3ZWQ1NWZjNWE0NTJjYmQ4MWU1MDNmNw==
|
|
7
7
|
SHA512:
|
|
8
8
|
metadata.gz: !binary |-
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
|
|
9
|
+
N2U5YTQ1ZGRlZjkzY2M3MGZlYzliMDYwN2YxMDI2MWFlOWQwZmMwN2UyM2Y5
|
|
10
|
+
Yzg3ZTQ1ZjkxYTMwMGZhZjNmYTA0MmNkMmQ3MmQwODJlZTk2MDBiYmIyMTYx
|
|
11
|
+
NTFjMWNlYmY1MDcwM2RmYjRlYzdhZTcwMTg1NGZjZGM1ZjViODI=
|
|
12
12
|
data.tar.gz: !binary |-
|
|
13
|
-
|
|
14
|
-
|
|
15
|
-
|
|
13
|
+
OTY1YjdhN2ExZDgwNjllYjVmMGI2YTllN2Q0NDUzYjNiOTVlYjgyZTM1Y2Rh
|
|
14
|
+
OGRmMGM0ZmFjMzMyMjI0NGQxM2I2OGY5YmU0ODU3ZmI3NjQwYzdmNmZlMTFm
|
|
15
|
+
YjdmMGY0NmRjMjg5M2NmNzk4NzcxZjFmM2RhZTcwNWQwNWEwNjk=
|
data/lib/cucloud/asg_utils.rb
CHANGED
|
@@ -15,10 +15,7 @@ module Cucloud
|
|
|
15
15
|
# @return [Aws::AutoScaling::Types::AutoScalingGroup] AWS SDK autoscale group struct
|
|
16
16
|
def get_asg_by_name(name)
|
|
17
17
|
# https://docs.aws.amazon.com/sdkforruby/api/Aws/AutoScaling/Client.html#describe_auto_scaling_groups-instance_method
|
|
18
|
-
|
|
19
|
-
|
|
20
|
-
# nil if not found -> we're accepting one name, so return first result
|
|
21
|
-
asg_desc.auto_scaling_groups[0]
|
|
18
|
+
@asg.describe_auto_scaling_groups(auto_scaling_group_names: [name]).auto_scaling_groups.first
|
|
22
19
|
end
|
|
23
20
|
|
|
24
21
|
# get an instance of the launch configuration for a given autoscaling group
|
|
@@ -26,8 +23,7 @@ module Cucloud
|
|
|
26
23
|
# @return [Aws::AutoScaling::Types::LaunchConfiguration] AWS SDK Launch Configuration struct
|
|
27
24
|
def get_launch_configuration_by_name(launch_config_name)
|
|
28
25
|
# https://docs.aws.amazon.com/sdkforruby/api/Aws/AutoScaling/Client.html#describe_launch_configurations-instance_method
|
|
29
|
-
|
|
30
|
-
lc_desc.launch_configurations[0]
|
|
26
|
+
@asg.describe_launch_configurations(launch_configuration_names: [launch_config_name]).launch_configurations.first
|
|
31
27
|
end
|
|
32
28
|
|
|
33
29
|
# Generate a hash that can be submitted when creating a new launch config - replace image with desired AMI
|
|
@@ -68,6 +68,13 @@ module Cucloud
|
|
|
68
68
|
).evaluation_results.first
|
|
69
69
|
end
|
|
70
70
|
|
|
71
|
+
# Are all recorders active and logging data in this region
|
|
72
|
+
# @return [Boolean]
|
|
73
|
+
def recorder_active?
|
|
74
|
+
@cs.describe_configuration_recorder_status({})
|
|
75
|
+
.configuration_recorders_status.find { |x| !x.recording || x.last_status != 'SUCCESS' }.nil?
|
|
76
|
+
end
|
|
77
|
+
|
|
71
78
|
# Is this rule active?
|
|
72
79
|
# @param [Aws::ConfigService::Types::ConfigRule] Rule
|
|
73
80
|
# @return [Boolean]
|
data/lib/cucloud/iam_utils.rb
CHANGED
|
@@ -62,21 +62,20 @@ module Cucloud
|
|
|
62
62
|
def audit_password_policy(audit_criteria = [])
|
|
63
63
|
policy_hash = get_account_password_policy.to_h
|
|
64
64
|
|
|
65
|
-
|
|
66
|
-
audit_criteria.each do |check|
|
|
65
|
+
audit_criteria.map do |check|
|
|
67
66
|
case check[:operator]
|
|
68
67
|
when 'EQ'
|
|
69
|
-
|
|
68
|
+
{
|
|
70
69
|
key: check[:key],
|
|
71
70
|
passes: policy_hash[check[:key].to_sym].nil? ? false : policy_hash[check[:key].to_sym] == check[:value]
|
|
72
71
|
}
|
|
73
72
|
when 'LTE'
|
|
74
|
-
|
|
73
|
+
{
|
|
75
74
|
key: check[:key],
|
|
76
75
|
passes: policy_hash[check[:key].to_sym].nil? ? false : policy_hash[check[:key].to_sym] <= check[:value]
|
|
77
76
|
}
|
|
78
77
|
when 'GTE'
|
|
79
|
-
|
|
78
|
+
{
|
|
80
79
|
key: check[:key],
|
|
81
80
|
passes: policy_hash[check[:key].to_sym].nil? ? false : policy_hash[check[:key].to_sym] >= check[:value]
|
|
82
81
|
}
|
|
@@ -84,8 +83,6 @@ module Cucloud
|
|
|
84
83
|
raise UnknownComparisonOperatorError.new, "Unknown operator #{check[:operator]}"
|
|
85
84
|
end
|
|
86
85
|
end
|
|
87
|
-
|
|
88
|
-
audit_array
|
|
89
86
|
end
|
|
90
87
|
|
|
91
88
|
# Get SAML providers configured for this account
|
|
@@ -95,15 +92,12 @@ module Cucloud
|
|
|
95
92
|
# returns https://docs.aws.amazon.com/sdkforruby/api/Aws/IAM/Types/SAMLProviderListEntry.html
|
|
96
93
|
# https://docs.aws.amazon.com/sdkforruby/api/Aws/IAM/Client.html#get_saml_provider-instance_method
|
|
97
94
|
|
|
98
|
-
|
|
99
|
-
|
|
100
|
-
provider_array << {
|
|
95
|
+
@iam.list_saml_providers.saml_provider_list.map do |provider|
|
|
96
|
+
{
|
|
101
97
|
arn: provider.arn,
|
|
102
98
|
saml_metadata_document: @iam.get_saml_provider(saml_provider_arn: provider.arn).saml_metadata_document
|
|
103
99
|
}
|
|
104
100
|
end
|
|
105
|
-
|
|
106
|
-
provider_array
|
|
107
101
|
end
|
|
108
102
|
|
|
109
103
|
# Is the Cornell SAML Identity Provider configured on this account?
|
|
@@ -116,14 +110,12 @@ module Cucloud
|
|
|
116
110
|
# @return [Array<Hash>] Array of user hashes - base user type + added lookups for convenience
|
|
117
111
|
def get_users
|
|
118
112
|
# https://docs.aws.amazon.com/sdkforruby/api/Aws/IAM/Client.html#list_users-instance_method
|
|
119
|
-
|
|
120
|
-
|
|
121
|
-
user_array << {
|
|
113
|
+
@iam.list_users.users.map do |user|
|
|
114
|
+
{
|
|
122
115
|
base_data: user, # https://docs.aws.amazon.com/sdkforruby/api/Aws/IAM/Types/User.html
|
|
123
116
|
has_password: user_has_password?(user.user_name)
|
|
124
117
|
}
|
|
125
118
|
end
|
|
126
|
-
user_array
|
|
127
119
|
end
|
|
128
120
|
|
|
129
121
|
# Does this user have a password configured?
|
|
@@ -147,28 +139,23 @@ module Cucloud
|
|
|
147
139
|
# @return [Array<Hash>] Array of key hashes - base key data + helper calculations for key age and active/inactive
|
|
148
140
|
def get_user_access_keys(user_name)
|
|
149
141
|
# https://docs.aws.amazon.com/sdkforruby/api/Aws/IAM/Client.html#list_access_keys-instance_method
|
|
150
|
-
|
|
151
|
-
@iam.list_access_keys(user_name: user_name).access_key_metadata.
|
|
152
|
-
|
|
142
|
+
|
|
143
|
+
@iam.list_access_keys(user_name: user_name).access_key_metadata.map do |key|
|
|
144
|
+
{
|
|
153
145
|
base_data: key,
|
|
154
146
|
active: key.status == 'Active',
|
|
155
147
|
days_old: (Time.now - key.create_date).to_i / (24 * 60 * 60)
|
|
156
148
|
}
|
|
157
149
|
end
|
|
158
|
-
|
|
159
|
-
keys
|
|
160
150
|
end
|
|
161
151
|
|
|
162
152
|
# Get active access keys on account that are older than specified age (in days)
|
|
163
153
|
# @param [Integer] Days old
|
|
164
154
|
# @return [Array<Hash>]
|
|
165
155
|
def get_active_keys_older_than_n_days(n)
|
|
166
|
-
|
|
167
|
-
|
|
168
|
-
|
|
169
|
-
end
|
|
170
|
-
|
|
171
|
-
keys.flatten
|
|
156
|
+
get_users.map do |user|
|
|
157
|
+
get_user_access_keys(user[:base_data].user_name).select { |k| k[:days_old] > n && k[:active] }
|
|
158
|
+
end.flatten
|
|
172
159
|
end
|
|
173
160
|
end
|
|
174
161
|
end
|
data/lib/cucloud/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: cucloud
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.5.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- sbower
|
|
@@ -10,7 +10,7 @@ authors:
|
|
|
10
10
|
autorequire:
|
|
11
11
|
bindir: exe
|
|
12
12
|
cert_chain: []
|
|
13
|
-
date: 2016-
|
|
13
|
+
date: 2016-08-02 00:00:00.000000000 Z
|
|
14
14
|
dependencies:
|
|
15
15
|
- !ruby/object:Gem::Dependency
|
|
16
16
|
name: aws-sdk
|