cucloud 0.7.1 → 0.7.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 06edeee4328a50a7b8d53d614dcfb14569958034
-  data.tar.gz: 9f5b616df716a3823825c033403c2d1283a878b2
+  metadata.gz: 31e962ea920996c2b969af9640ed9f53f4be3115
+  data.tar.gz: 15d2df0ed1dd0e46ebe4041f3bfbaaf21403be42
 SHA512:
-  metadata.gz: 77990c758327658b1525717a0265282684298ba3a6358182c68a8bb72308cbd40a3a9d3483feded96b6e9707635fff43c50811f3ede396d58d375a6f3ad31b1a
-  data.tar.gz: 4422445626b608d849b697ade78ae2f28a6a13c69bb0e8330306d88ca8ce754853dbf06f0b0c5c2d12585d14e5bda3708e84914d6dbbb300c017437fd0bf98c5
+  metadata.gz: 176107f8a5eaa16e5a5a4f355903804314e544491bd9cfd2937d971517944dcaa712d55a5f38c18fe7f20b201fddbebfbc261cc8bd6167f890aa5bf371e42159
+  data.tar.gz: 81c2e58bd69ddd100c667c34fe726ccb9316383756ba1033834cf47dc32a7c0388842e720f56558d30da6935f09cfb98fe443ae341b1d995f04c72ecda12f626

data/README.md

@@ -48,6 +48,7 @@ Note - the cucloud library assumes that environment credentials are available to
 Utilities that use this API:
 
 * Autoscale AMI Updater: https://github.com/CU-CloudCollab/asg-ami-update
+* Collection of Handy Cloud Utilities: https://github.com/CU-CloudCollab/cucloud_utils
 
 
 ## Development
@@ -60,6 +61,9 @@ To run styleguide/syntax tests:
 To run unit tests:
 ``` $ bundle exec rake spec ```
 
+To run unit tests for one file (kms_utils.spec.rb):
+``` $ bundle exec rake spec SPEC=spec/kms_utils_spec.rb ```
+
 To generate documentation:
 ``` bundle exec yard ```
 

data/lib/cucloud.rb

@@ -8,10 +8,13 @@ module Cucloud
   require 'cucloud/asg_utils'
   require 'cucloud/ssm_utils'
   require 'cucloud/iam_utils'
+  require 'cucloud/kms_utils'
   require 'cucloud/vpc_utils'
   require 'cucloud/config_service_utils'
   require 'cucloud/cloud_trail_utils'
   require 'cucloud/rds_utils'
+  require 'cucloud/lambda_utils'
+  require 'cucloud/cfn_utils'
 
   # This is the default region API calls are made against
   DEFAULT_REGION = 'us-east-1'.freeze

data/lib/cucloud/cfn_utils.rb

@@ -0,0 +1,50 @@
+module Cucloud
+  # CFNUtils - Utilities for CloudFormation
+  class CfnUtils
+    # Define some error classes
+    class UnknownServiceError < StandardError
+    end
+
+    def initialize(cfn = Aws::CloudFormation::Client.new)
+      @cfn = cfn
+    end
+
+    # Create cloud formation stack from template
+    # @param stack_name [string] name of the the cfn stack
+    # @param template_json [string] file path to cfn template json
+    # @return [String] representing the stack events from the run
+    def create_stack(stack_name, template_json)
+      manage_stack(stack_name, template_json)
+    end
+
+    # Update cloud formation stack from template
+    # @param stack_name [string] name of the the cfn stack
+    # @param template_json [string] file path to cfn template json
+    # @return [String] representing the stack events from the run
+    def update_stack(stack_name, template_json)
+      manage_stack(stack_name, template_json, :update_stack)
+    end
+
+    private
+
+    # Manage cloud formation stack from template,
+    # abstracts logic for both the create and update
+    # @param stack_name [string] name of the the cfn stack
+    # @param template_json [string] file path to cfn template json
+    # @return [String] representing the stack events from the run
+    def manage_stack(stack_name, template_json, action = :create_stack)
+      template = IO.read(template_json)
+
+      response = @cfn.send(action, stack_name: stack_name,
+                                   template_body: template,
+                                   capabilities: %w(CAPABILITY_IAM CAPABILITY_NAMED_IAM))
+
+      raise UnknownServiceError unless response.successful?
+
+      wait_event = action == :create_stack ? :stack_create_complete : :stack_update_complete
+
+      @cfn.wait_until(wait_event, stack_name: stack_name)
+      @cfn.describe_stack_events(stack_name: stack_name)
+    end
+  end
+end

data/lib/cucloud/iam_utils.rb

@@ -157,5 +157,16 @@ module Cucloud
         get_user_access_keys(user[:base_data].user_name).select { |k| k[:days_old] > n && k[:active] }
       end.flatten
     end
+
+    # Gets the ARN for a given certificate
+    # @param [String] cert_name The name of the certificate
+    # @param [String] The ARN for the certificate
+    # @raise [ArgumentError] If the provided certificate name is nil
+    def get_cert_arn(cert_name)
+      raise ArgumentError, '"cert_name" may not be nil' if cert_name.nil?
+
+      cert = @iam.get_server_certificate(server_certificate_name: cert_name)
+      cert.server_certificate.server_certificate_metadata.arn
+    end
   end
 end

data/lib/cucloud/kms_utils.rb

@@ -0,0 +1,151 @@
+module Cucloud
+  # Utilities library for interacting with KMS.
+  class KmsUtils
+    # Class to represent missing key error
+    class MissingKmsKey < StandardError
+    end
+
+    # This is used in a sttuct to denote an encrypted field
+    ENCRYPTED_SUFFIX = '_encrypted'.freeze
+    # This is used in a sttuct to denote an decrypted field
+    DECRYPTED_SUFFIX = '_decrypted'.freeze
+
+    attr_accessor :kms_key_id
+
+    # Initialize the class optionally providing an existing Aws::KMS::Client
+    # @param kms_client [Aws::KMS::Client] optional
+    def initialize(kms_client = Aws::KMS::Client.new)
+      @kms = kms_client
+    end
+
+    # Decrypt the given Base64-strict-encoded ciphertext.
+    # @param ciphertext [String]  encrypted and Base64 strict encoded string
+    # @return [String] decrypted string (i.e. plaintext)
+    def decrypt(ciphertext)
+      return nil if ciphertext.nil?
+      return '' if ciphertext.empty?
+      @kms.decrypt(ciphertext_blob: Base64.strict_decode64(ciphertext)).plaintext
+    end
+
+    # Encrypt the given plaintext. Uses provided the KMS key provided,
+    # or the KMS key configured at initialization if none is provided.
+    # @param plaintext [String] plaintext string to be encrypted
+    # @param key_id [String] KMS key id to use for encryption (optional)
+    # @return [String] Encrypted and Base64 strict encoded ciphertext
+    def encrypt(plaintext, key_id = @kms_key_id)
+      return nil if plaintext.nil?
+      return '' if plaintext.empty?
+      Base64.strict_encode64(@kms.encrypt(key_id: key_id, plaintext: plaintext).ciphertext_blob)
+    end
+
+    # Process the given structure and decrypt the values of any
+    # attributes with names suffixed by "\_encrypted". For each such encrypted
+    # atttribute-value pair, adds a new attribute with suffix "_decrypted"
+    # and value consisting of the plaintext (i.e. decrypted value)
+    # of the encrypted value.
+    # @example
+    #   decrypt_struct({ x_encrypted: <encrypted_value> }) =>
+    #     { x_encrypted: <encrypted_value>, x_decrypted: <plaintext> }
+    #   decrypt_struct([{ x_encrypted: <encrypted_value> } ]) =>
+    #     [{ x_encrypted: <encrypted_value>, x_decrypted: <plaintext> }]
+    # @param main_node the structure (Hash, Array) to decrypt
+    # @return a copy of the structure with additional atttribute-value pairs for the decrypted values
+    def decrypt_struct(main_node)
+      return nil if main_node.nil?
+      return main_node if main_node.is_a?(String)
+      if main_node.is_a?(Hash)
+        new_hash = {}
+        main_node.each_pair do |key, value|
+          if key_to_decrypt?(key)
+            plaintext = decrypt(value)
+            new_hash[decrypted_key_label(key)] = plaintext
+            new_hash[key] = value
+          else
+            result = decrypt_struct(value)
+            new_hash[key] = result
+          end
+        end
+        return new_hash
+      elsif main_node.is_a?(Array)
+        new_array = []
+        main_node.each do |element|
+          result = decrypt_struct(element)
+          new_array << result
+        end
+        return new_array
+      else
+        return main_node
+      end
+    end
+
+    # Process the given structure and encrypt the values of any attributes
+    # with names suffixed by "_decrypted". For each such plaintext
+    # atttribute-value pair, adds a new attribute with suffix "\_encrypted"
+    # and value consisting of the encrypted value. The "_decrypted"
+    # atttribute-value pair is removed from the structure. Uses the
+    # provided the KMS key provided,
+    # or the KMS key configured at initialization if none is provided.
+    # @example
+    #   encrypt_struct({ x_decrypted: <plaintext> }) =>
+    #     { x_encrypted: <encrypted_value> }
+    #   encrypt_struct([{ x_decrypted: <plaintext> }]) =>
+    #     [{ x_encrypted: <encrypted_value> }]
+    # @param main_node the structure (Hash, Array) to encrypt_struct
+    # @param key_id [String] KMS key id to use for encryption (optional)
+    # @return a copy of the structure with decrypted atttribute-value pairs replaced by encrypted atttribute-value pairs
+    def encrypt_struct(main_node, key_id = @kms_key_id)
+      return nil if main_node.nil?
+      if main_node.is_a?(Hash)
+        new_hash = {}
+        remove_keys = []
+        main_node.each_pair do |key, value|
+          if key_to_encrypt?(key)
+            ciphertext = encrypt(value, key_id)
+            new_hash[encrypted_key_label(key)] = ciphertext
+            remove_keys << key
+          else
+            result = encrypt_struct(value, key_id)
+            new_hash[key] = result
+          end
+        end
+        main_node.merge!(new_hash)
+        main_node.delete_if do |key, _|
+          remove_keys.include?(key)
+        end
+        return main_node
+      elsif main_node.is_a?(Array)
+        main_node.map do |element|
+          encrypt_struct(element, key_id)
+        end
+      else
+        return main_node
+      end
+    end
+
+    private
+
+    def key_to_decrypt?(key)
+      key.to_s.end_with?(ENCRYPTED_SUFFIX)
+    end
+
+    def key_to_encrypt?(key)
+      key.to_s.end_with?(DECRYPTED_SUFFIX)
+    end
+
+    def encrypted_key_label(key)
+      if key.is_a?(Symbol)
+        key.to_s.sub(DECRYPTED_SUFFIX, ENCRYPTED_SUFFIX).to_sym
+      else
+        key.sub(DECRYPTED_SUFFIX, ENCRYPTED_SUFFIX)
+      end
+    end
+
+    def decrypted_key_label(key)
+      if key.is_a?(Symbol)
+        key.to_s.sub(ENCRYPTED_SUFFIX, DECRYPTED_SUFFIX).to_sym
+      else
+        key.sub(ENCRYPTED_SUFFIX, DECRYPTED_SUFFIX)
+      end
+    end
+  end
+end

data/lib/cucloud/lambda_utils.rb

@@ -0,0 +1,45 @@
+module Cucloud
+  # LambdaUtils - Utilities for woking with Lambda functions
+  class LambdaUtils
+    require 'open-uri'
+
+    # Constructor for LambdaUtils class
+    # @param lambda_client [Aws::Lambda::Client] AWS Lambda SDK Client
+    def initialize(lambda_client = Aws::Lambda::Client.new)
+      @lambda = lambda_client
+    end
+
+    # Download the source pacakge for a given lambda function
+    # @param function_name [String] Name of the lambda function
+    # @param path [String] Local path to write the source pacakge to, defaults to /tmp
+    # @param version [String] Version of the function to download, defaults to $LATEST
+    # @return [String] Local path to the file
+    def download_source_for_function(function_name, path = '/tmp', version = '$LATEST')
+      lambda_function = @lambda.get_function(function_name: function_name,
+                                             qualifier: version)
+
+      file_path = path + '/' + function_name + version + '.zip'
+      File.open(file_path, 'wb') do |saved_file|
+        open(lambda_function[:code][:location], 'rb') do |read_file|
+          saved_file.write(read_file.read)
+        end
+      end
+      file_path
+    end
+
+    # Return all versions of a lambda function
+    # @param function_name [String] Name of the lambda function
+    # @return [Array] Array of strings representing the versions of the lambda function
+    def get_all_versions_for_function(function_name)
+      version_response = @lambda.list_versions_by_function(function_name: function_name)
+      version_response.versions.map { |x| x[:version] }
+    end
+
+    # Return all funtion names for an account
+    # @return [Array] Array of strings representing the function names
+    def get_all_function_names_for_account_region
+      funtions_response = @lambda.list_functions
+      funtions_response.functions.map { |x| x[:function_name] }
+    end
+  end
+end

data/lib/cucloud/rds_utils.rb

@@ -1,6 +1,11 @@
 module Cucloud
   # RdsUtils class - for interacting with the AWS relational database service
   class RdsUtils
+    # RDSInstanceAlreadyExist Class - capture erros when creating or restoring
+    # an RDS instance which already exist
+    class RDSInstanceAlreadyExist < StandardError
+    end
+
     def initialize(rds_client = Aws::RDS::Client.new)
       @rds = rds_client
     end
@@ -13,6 +18,69 @@ module Cucloud
       resource.db_instance(db_instance_identifier)
     end
 
+    # Determine if a givne db instance exist
+    # @param db_instance_identifier [String] RDS instance identifier
+    # @return [boolean]
+    def does_db_exist?(db_instance_identifier)
+      get_instance(db_instance_identifier).instance_create_time
+      true
+    rescue Aws::RDS::Errors::DBInstanceNotFound
+      false
+    end
+
+    # Delete a givne db instance
+    # @param db_instance_identifier [String] RDS instance identifier
+    # @param db_snapshot_identifier [String] Name for final snapshot, default is nil
+    def delete_db_instance(db_instance_identifier, db_snapshot_identifier = nil)
+      if does_db_exist?(db_instance_identifier)
+        if db_snapshot_identifier.nil?
+          @rds.delete_db_instance(db_instance_identifier: db_instance_identifier, skip_final_snapshot: true)
+        else
+          @rds.delete_db_instance(db_instance_identifier: db_instance_identifier,
+                                  final_db_snapshot_identifier: db_snapshot_identifier)
+        end
+
+        @rds.wait_until(:db_instance_deleted, db_instance_identifier: db_instance_identifier)
+      else
+        raise Aws::RDS::Errors::DBInstanceNotFound.new(db_instance_identifier, '')
+      end
+    end
+
+    # Restore DB from a snapshot
+    # @param db_instance_identifier [String] RDS instance identifier
+    # @param db_snapshot_identifier [String] Name for final snapshot, default is nil
+    def restore_db(db_instance_identifier, restore_from, options = {})
+      raise RDSInstanceAlreadyExist if does_db_exist?(db_instance_identifier)
+
+      db_snapshot_identifier =
+        options[:db_snapshot_identifier].nil? ? find_latest_snapshot(restore_from) : options[:db_snapshot_identifier]
+      options[:db_instance_identifier] = db_instance_identifier
+      options[:db_snapshot_identifier] = db_snapshot_identifier
+      @rds.restore_db_instance_from_db_snapshot(options)
+    end
+
+    # Delete a givne db instance
+    # @param db_instance_identifier [String] RDS instance identifier
+    # @return [String] Most recent snapshot ID for given RDS instance
+    def find_latest_snapshot(db_instance_identifier, snapshot_type = 'manual')
+      latest_snapshot_time = Time.new(2002)
+      latest_snap_shot = nil
+      snapshots_info = @rds.describe_db_snapshots(
+        db_instance_identifier: db_instance_identifier, snapshot_type: snapshot_type
+      )[:db_snapshots]
+
+      snapshots_info.each do |snapshot_info|
+        next if snapshot_info[:status] != 'available'
+
+        if latest_snapshot_time.to_i < snapshot_info[:snapshot_create_time].to_i
+          latest_snapshot_time = snapshot_info[:snapshot_create_time].to_i
+          latest_snap_shot = snapshot_info
+        end
+      end
+
+      latest_snap_shot.nil? ? nil : latest_snap_shot[:db_snapshot_identifier]
+    end
+
     # Begins the creation of a snapshot of the given RDS instance.
     # This is a non-blocking call so it will return before the snapshot
     # is created and available.

data/lib/cucloud/version.rb

@@ -1,5 +1,5 @@
 module Cucloud
   # Disable mutable constant warning - freezing this oddly breaks bundler
   # rubocop:disable Style/MutableConstant
-  VERSION = '0.7.1'
+  VERSION = '0.7.2'
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: cucloud
 version: !ruby/object:Gem::Version
-  version: 0.7.1
+  version: 0.7.2
 platform: ruby
 authors:
 - sbower
@@ -10,7 +10,7 @@ authors:
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2016-12-13 00:00:00.000000000 Z
+date: 2017-02-24 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk
@@ -149,12 +149,14 @@ files:
 - cucloud.gemspec
 - lib/cucloud.rb
 - lib/cucloud/asg_utils.rb
+- lib/cucloud/cfn_utils.rb
 - lib/cucloud/cloud_trail_utils.rb
 - lib/cucloud/config_service_utils.rb
 - lib/cucloud/ec2_utils.rb
 - lib/cucloud/ecs_utils.rb
-- lib/cucloud/elb_utils.rb
 - lib/cucloud/iam_utils.rb
+- lib/cucloud/kms_utils.rb
+- lib/cucloud/lambda_utils.rb
 - lib/cucloud/rds_utils.rb
 - lib/cucloud/ssm_utils.rb
 - lib/cucloud/version.rb

data/lib/cucloud/elb_utils.rb

@@ -1,36 +0,0 @@
-module Cucloud
-  # ElbUtils class - methods related to elb
-  class ElbUtils
-    def initialize(s3 = Aws::S3::Client.new)
-      @s3 = s3
-    end
-
-    # Enable logging to a s3 bucket for an ELB
-    # @param elb_name [string] name of the elastic load balancer
-    # @param app_name [string] name of the application, used as prefix inside s3 bucket
-    # @param policy [string] IAM policy to be applied to the bucket
-    # @return [boolean]
-    def enable_logging(elb_name, app_name, policy, _elb = Aws::ElasticLoadBalancing::Client.new)
-      ## Added by Scott Ross
-      ## Stand alone script found here: https://github.com/CU-CloudCollab/elb-logging/
-      ## Manual process: http://docs.aws.amazon.com/ElasticLoadBalancing/latest/DeveloperGuide/enable-access-logs.html
-
-      bucket_name = "#{elb_name}-logging"
-
-      @s3.create_bucket(bucket: bucket_name)
-      s3.put_bucket_policy(bucket: bucket_name,
-                           policy: policy.to_json)
-
-      elb_client.modify_load_balancer_attributes(load_balancer_name: elb_name, # required
-                                                 load_balancer_attributes: {
-                                                   access_log: {
-                                                     enabled: true, # required
-                                                     s3_bucket_name: bucket_name,
-                                                     emit_interval: 5,
-                                                     s3_bucket_prefix: app_name
-                                                   }
-                                                 })
-      s3.list_objects(bucket: bucket_name).contents.length == 1 ? 0 : 1
-    end
-  end
-end