cucloud 0.4.0 → 0.5.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +8 -8
- data/lib/cucloud/asg_utils.rb +2 -6
- data/lib/cucloud/config_service_utils.rb +7 -0
- data/lib/cucloud/iam_utils.rb +14 -27
- data/lib/cucloud/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,15 +1,15 @@
|
|
1
1
|
---
|
2
2
|
!binary "U0hBMQ==":
|
3
3
|
metadata.gz: !binary |-
|
4
|
-
|
4
|
+
Y2I4NDQwZTdiOTNjZDdlNmJlYmE3NTM4YTIxNWIyN2QwYTU1YzFmMA==
|
5
5
|
data.tar.gz: !binary |-
|
6
|
-
|
6
|
+
NGI4NWI2ZWE0NGVkODUyZWU3ZWQ1NWZjNWE0NTJjYmQ4MWU1MDNmNw==
|
7
7
|
SHA512:
|
8
8
|
metadata.gz: !binary |-
|
9
|
-
|
10
|
-
|
11
|
-
|
9
|
+
N2U5YTQ1ZGRlZjkzY2M3MGZlYzliMDYwN2YxMDI2MWFlOWQwZmMwN2UyM2Y5
|
10
|
+
Yzg3ZTQ1ZjkxYTMwMGZhZjNmYTA0MmNkMmQ3MmQwODJlZTk2MDBiYmIyMTYx
|
11
|
+
NTFjMWNlYmY1MDcwM2RmYjRlYzdhZTcwMTg1NGZjZGM1ZjViODI=
|
12
12
|
data.tar.gz: !binary |-
|
13
|
-
|
14
|
-
|
15
|
-
|
13
|
+
OTY1YjdhN2ExZDgwNjllYjVmMGI2YTllN2Q0NDUzYjNiOTVlYjgyZTM1Y2Rh
|
14
|
+
OGRmMGM0ZmFjMzMyMjI0NGQxM2I2OGY5YmU0ODU3ZmI3NjQwYzdmNmZlMTFm
|
15
|
+
YjdmMGY0NmRjMjg5M2NmNzk4NzcxZjFmM2RhZTcwNWQwNWEwNjk=
|
data/lib/cucloud/asg_utils.rb
CHANGED
@@ -15,10 +15,7 @@ module Cucloud
|
|
15
15
|
# @return [Aws::AutoScaling::Types::AutoScalingGroup] AWS SDK autoscale group struct
|
16
16
|
def get_asg_by_name(name)
|
17
17
|
# https://docs.aws.amazon.com/sdkforruby/api/Aws/AutoScaling/Client.html#describe_auto_scaling_groups-instance_method
|
18
|
-
|
19
|
-
|
20
|
-
# nil if not found -> we're accepting one name, so return first result
|
21
|
-
asg_desc.auto_scaling_groups[0]
|
18
|
+
@asg.describe_auto_scaling_groups(auto_scaling_group_names: [name]).auto_scaling_groups.first
|
22
19
|
end
|
23
20
|
|
24
21
|
# get an instance of the launch configuration for a given autoscaling group
|
@@ -26,8 +23,7 @@ module Cucloud
|
|
26
23
|
# @return [Aws::AutoScaling::Types::LaunchConfiguration] AWS SDK Launch Configuration struct
|
27
24
|
def get_launch_configuration_by_name(launch_config_name)
|
28
25
|
# https://docs.aws.amazon.com/sdkforruby/api/Aws/AutoScaling/Client.html#describe_launch_configurations-instance_method
|
29
|
-
|
30
|
-
lc_desc.launch_configurations[0]
|
26
|
+
@asg.describe_launch_configurations(launch_configuration_names: [launch_config_name]).launch_configurations.first
|
31
27
|
end
|
32
28
|
|
33
29
|
# Generate a hash that can be submitted when creating a new launch config - replace image with desired AMI
|
@@ -68,6 +68,13 @@ module Cucloud
|
|
68
68
|
).evaluation_results.first
|
69
69
|
end
|
70
70
|
|
71
|
+
# Are all recorders active and logging data in this region
|
72
|
+
# @return [Boolean]
|
73
|
+
def recorder_active?
|
74
|
+
@cs.describe_configuration_recorder_status({})
|
75
|
+
.configuration_recorders_status.find { |x| !x.recording || x.last_status != 'SUCCESS' }.nil?
|
76
|
+
end
|
77
|
+
|
71
78
|
# Is this rule active?
|
72
79
|
# @param [Aws::ConfigService::Types::ConfigRule] Rule
|
73
80
|
# @return [Boolean]
|
data/lib/cucloud/iam_utils.rb
CHANGED
@@ -62,21 +62,20 @@ module Cucloud
|
|
62
62
|
def audit_password_policy(audit_criteria = [])
|
63
63
|
policy_hash = get_account_password_policy.to_h
|
64
64
|
|
65
|
-
|
66
|
-
audit_criteria.each do |check|
|
65
|
+
audit_criteria.map do |check|
|
67
66
|
case check[:operator]
|
68
67
|
when 'EQ'
|
69
|
-
|
68
|
+
{
|
70
69
|
key: check[:key],
|
71
70
|
passes: policy_hash[check[:key].to_sym].nil? ? false : policy_hash[check[:key].to_sym] == check[:value]
|
72
71
|
}
|
73
72
|
when 'LTE'
|
74
|
-
|
73
|
+
{
|
75
74
|
key: check[:key],
|
76
75
|
passes: policy_hash[check[:key].to_sym].nil? ? false : policy_hash[check[:key].to_sym] <= check[:value]
|
77
76
|
}
|
78
77
|
when 'GTE'
|
79
|
-
|
78
|
+
{
|
80
79
|
key: check[:key],
|
81
80
|
passes: policy_hash[check[:key].to_sym].nil? ? false : policy_hash[check[:key].to_sym] >= check[:value]
|
82
81
|
}
|
@@ -84,8 +83,6 @@ module Cucloud
|
|
84
83
|
raise UnknownComparisonOperatorError.new, "Unknown operator #{check[:operator]}"
|
85
84
|
end
|
86
85
|
end
|
87
|
-
|
88
|
-
audit_array
|
89
86
|
end
|
90
87
|
|
91
88
|
# Get SAML providers configured for this account
|
@@ -95,15 +92,12 @@ module Cucloud
|
|
95
92
|
# returns https://docs.aws.amazon.com/sdkforruby/api/Aws/IAM/Types/SAMLProviderListEntry.html
|
96
93
|
# https://docs.aws.amazon.com/sdkforruby/api/Aws/IAM/Client.html#get_saml_provider-instance_method
|
97
94
|
|
98
|
-
|
99
|
-
|
100
|
-
provider_array << {
|
95
|
+
@iam.list_saml_providers.saml_provider_list.map do |provider|
|
96
|
+
{
|
101
97
|
arn: provider.arn,
|
102
98
|
saml_metadata_document: @iam.get_saml_provider(saml_provider_arn: provider.arn).saml_metadata_document
|
103
99
|
}
|
104
100
|
end
|
105
|
-
|
106
|
-
provider_array
|
107
101
|
end
|
108
102
|
|
109
103
|
# Is the Cornell SAML Identity Provider configured on this account?
|
@@ -116,14 +110,12 @@ module Cucloud
|
|
116
110
|
# @return [Array<Hash>] Array of user hashes - base user type + added lookups for convenience
|
117
111
|
def get_users
|
118
112
|
# https://docs.aws.amazon.com/sdkforruby/api/Aws/IAM/Client.html#list_users-instance_method
|
119
|
-
|
120
|
-
|
121
|
-
user_array << {
|
113
|
+
@iam.list_users.users.map do |user|
|
114
|
+
{
|
122
115
|
base_data: user, # https://docs.aws.amazon.com/sdkforruby/api/Aws/IAM/Types/User.html
|
123
116
|
has_password: user_has_password?(user.user_name)
|
124
117
|
}
|
125
118
|
end
|
126
|
-
user_array
|
127
119
|
end
|
128
120
|
|
129
121
|
# Does this user have a password configured?
|
@@ -147,28 +139,23 @@ module Cucloud
|
|
147
139
|
# @return [Array<Hash>] Array of key hashes - base key data + helper calculations for key age and active/inactive
|
148
140
|
def get_user_access_keys(user_name)
|
149
141
|
# https://docs.aws.amazon.com/sdkforruby/api/Aws/IAM/Client.html#list_access_keys-instance_method
|
150
|
-
|
151
|
-
@iam.list_access_keys(user_name: user_name).access_key_metadata.
|
152
|
-
|
142
|
+
|
143
|
+
@iam.list_access_keys(user_name: user_name).access_key_metadata.map do |key|
|
144
|
+
{
|
153
145
|
base_data: key,
|
154
146
|
active: key.status == 'Active',
|
155
147
|
days_old: (Time.now - key.create_date).to_i / (24 * 60 * 60)
|
156
148
|
}
|
157
149
|
end
|
158
|
-
|
159
|
-
keys
|
160
150
|
end
|
161
151
|
|
162
152
|
# Get active access keys on account that are older than specified age (in days)
|
163
153
|
# @param [Integer] Days old
|
164
154
|
# @return [Array<Hash>]
|
165
155
|
def get_active_keys_older_than_n_days(n)
|
166
|
-
|
167
|
-
|
168
|
-
|
169
|
-
end
|
170
|
-
|
171
|
-
keys.flatten
|
156
|
+
get_users.map do |user|
|
157
|
+
get_user_access_keys(user[:base_data].user_name).select { |k| k[:days_old] > n && k[:active] }
|
158
|
+
end.flatten
|
172
159
|
end
|
173
160
|
end
|
174
161
|
end
|
data/lib/cucloud/version.rb
CHANGED
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: cucloud
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.5.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- sbower
|
@@ -10,7 +10,7 @@ authors:
|
|
10
10
|
autorequire:
|
11
11
|
bindir: exe
|
12
12
|
cert_chain: []
|
13
|
-
date: 2016-
|
13
|
+
date: 2016-08-02 00:00:00.000000000 Z
|
14
14
|
dependencies:
|
15
15
|
- !ruby/object:Gem::Dependency
|
16
16
|
name: aws-sdk
|