esp_sdk 2.0.0 → 2.1.0

data/lib/esp/resources/suppression/region.rb

@@ -2,6 +2,12 @@ module ESP
   class Suppression
     class Region < ESP::Resource
       self.prefix += "suppressions/"
+      # Not Implemented. You cannot search for Suppression::Region.
+      #
+      # Regular ARELlike methods are disabled.  Use the ESP::Suppression object to search suppressions.
+      def self.where(*)
+        fail ESP::NotImplementedError, 'Regular ARELlike methods are disabled.  Use the ESP::Suppression object to search suppressions'
+      end
 
       # Not Implemented. You cannot search for Suppression::Region.
       #
@@ -44,26 +50,14 @@ module ESP
       #
       # +attributes+ | Required | A hash of region suppression attributes
       #
-      # ===== Valid Attributes When Not Creating for Alert
+      # ===== Valid Attributes
       #
-      # +regions+ | Required | An array of region names to suppress.
+      # See {API documentation}[http://api-docs.evident.io?ruby#suppression-region-create] for valid arguments
       #
-      # +external_account_ids+ | Required | An Array of the external accounts identified by +external_account_id+ to suppress the signature or custom signature on.
-      #
-      # +resource+ | Not Required | The resource string this suppression will suppress alerts for.
-      #
-      # +reason+ | Required | The reason for creating the suppression.
-      #
-      # ==== Example
+      # ==== Example When Not Creating for Alert
       #   create(regions: ['us_east_1'], external_account_ids: [5], reason: 'My very good reason for creating this suppression')
       #
-      # ===== Valid Attributes When Creating for Alert
-      #
-      # +alert_id+ | Required | The id for the alert you want to create a suppression for.
-      #
-      # +reason+ | Required | The reason for creating the suppression.
-      #
-      # ==== Example
+      # ==== Example When Creating for Alert
       #   create(alert_id: 5, reason: 'My very good reason for creating this suppression')
 
       # :method: save
@@ -71,27 +65,15 @@ module ESP
       #
       # If you set an +alert_id+, set the +reason+ and all other params will be ignored, and the suppression will be created based on that alert.
       #
-      # ===== Valid Attributes When Not Creating for Alert
-      #
-      # +regions+ | Required | An array of region names to suppress.
-      #
-      # +external_account_ids+ | Required | An Array of the external accounts identified by +external_account_id+ to suppress the signature or custom signature on.
+      # ===== Valid Attributes
       #
-      # +resource+ | Not Required | The resource string this suppression will suppress alerts for.
+      # See {API documentation}[http://api-docs.evident.io?ruby#suppression-region-create] for valid arguments
       #
-      # +reason+ | Required | The reason for creating the suppression.
-      #
-      # ==== Example
+      # ==== Example When Not Creating for Alert
       #   suppression = new(regions: ['us_east_1'], external_account_ids: [5], reason: 'My very good reason for creating this suppression')
       #   suppression.save
       #
-      # ===== Valid Attributes When Creating for Alert
-      #
-      # +alert_id+ | Required | The id for the alert you want to create a suppression for.
-      #
-      # +reason+ | Required | The reason for creating the suppression.
-      #
-      # ==== Example
+      # ==== Example When Creating for Alert
       #   suppression = new(alert_id: 5, reason: 'My very good reason for creating this suppression')
       #   suppression.save
     end

data/lib/esp/resources/suppression/signature.rb

@@ -2,6 +2,12 @@ module ESP
   class Suppression
     class Signature < ESP::Resource
       self.prefix += "suppressions/"
+      # Not Implemented. You cannot search for Suppression::Signature.
+      #
+      # Regular ARELlike methods are disabled.  Use the ESP::Suppression object to search suppressions.
+      def self.where(*)
+        fail ESP::NotImplementedError, 'Regular ARELlike methods are disabled.  Use the ESP::Suppression object to search suppressions'
+      end
 
       # Not Implemented. You cannot search for Suppression::Signature.
       #
@@ -44,30 +50,14 @@ module ESP
       #
       # +attributes+ | Required | A hash of signature suppression attributes
       #
-      # ===== Valid Attributes When Not Creating for Alert
-      #
-      # +signature_ids+ | Conditionally Required | An array of signatures identified by +signature_id+ to suppress.  Required if +custom_signature_ids+ is blank.
+      # ===== Valid Attributes
       #
-      # +custom_signature_ids+ | Conditionally Required | An array of custom signatures identified by +custom_signature_id+ to suppress.  Required if +signature_ids+ is blank.
+      # See {API documentation}[http://api-docs.evident.io?ruby#suppression-signature-create] for valid arguments
       #
-      # +regions+ | Required | An array of region names to suppress.
-      #
-      # +external_account_ids+ | Required | An Array of the external accounts identified by +external_account_id+ to suppress the signature or custom signature on.
-      #
-      # +resource+ | Not Required | The resource string this suppression will suppress alerts for.
-      #
-      # +reason+ | Required | The reason for creating the suppression.
-      #
-      # ==== Example
+      # ==== Example When Not Creating for Alert
       #   create(signature_ids: [4, 2], regions: ['us_east_1'], external_account_ids: [5], reason: 'My very good reason for creating this suppression')
       #
-      # ===== Valid Attributes When Creating for Alert
-      #
-      # +alert_id+ | Required | The id for the alert you want to create a suppression for.
-      #
-      # +reason+ | Required | The reason for creating the suppression.
-      #
-      # ==== Example
+      # ==== Example When Creating for Alert
       #   create(alert_id: 5, reason: 'My very good reason for creating this suppression')
 
       # :method: save
@@ -75,31 +65,15 @@ module ESP
       #
       # If you set an +alert_id+, set the +reason+ and all other params will be ignored, and the suppression will be created based on that alert.
       #
-      # ===== Valid Attributes When Not Creating for Alert
-      #
-      # +signature_ids+ | Conditionally Required | An array of signatures identified by +signature_id+ to suppress.  Required if +custom_signature_ids+ is blank.
-      #
-      # +custom_signature_ids+ | Conditionally Required | An array of custom signatures identified by +custom_signature_id+ to suppress.  Required if +signature_ids+ is blank.
-      #
-      # +regions+ | Required | An array of region names to suppress.
+      # ===== Valid Attributes
       #
-      # +external_account_ids+ | Required | An Array of the external accounts identified by +external_account_id+ to suppress the signature or custom signature on.
+      # See {API documentation}[http://api-docs.evident.io?ruby#suppression-signature-create] for valid arguments
       #
-      # +resource+ | Not Required | The resource string this suppression will suppress alerts for.
-      #
-      # +reason+ | Required | The reason for creating the suppression.
-      #
-      # ==== Example
+      # ==== Example When Not Creating for Alert
       #   suppression = new(signature_ids: [4, 2], regions: ['us_east_1'], external_account_ids: [5], reason: 'My very good reason for creating this suppression')
       #   suppression.save
       #
-      # ===== Valid Attributes When Creating for Alert
-      #
-      # +alert_id+ | Required | The id for the alert you want to create a suppression for.
-      #
-      # +reason+ | Required | The reason for creating the suppression.
-      #
-      # ==== Example
+      # ==== Example When Creating for Alert
       #   suppression = new(alert_id: 5, reason: 'My very good reason for creating this suppression')
       #   suppression.save
     end

data/lib/esp/resources/suppression/unique_identifier.rb

@@ -2,6 +2,12 @@ module ESP
   class Suppression
     class UniqueIdentifier < ESP::Resource
       self.prefix += "suppressions/alert/:alert_id/"
+      # Not Implemented. You cannot search for Suppression::UniqueIdentifier.
+      #
+      # Regular ARELlike methods are disabled.  Use the ESP::Suppression object to search suppressions.
+      def self.where(*)
+        fail ESP::NotImplementedError, 'Regular ARELlike methods are disabled.  Use the ESP::Suppression object to search suppressions'
+      end
 
       # Not Implemented. You cannot search for Suppression::UniqueIdentifier.
       #
@@ -34,9 +40,7 @@ module ESP
       #
       # ==== Attributes
       #
-      # +alert_id+ | Required | The id for the alert you want to create a suppression for.
-      #
-      # +reason+ | Required | The reason for creating the suppression.
+      # See {API documentation}[http://api-docs.evident.io?ruby#suppression-unique-identifier-create] for valid arguments
       #
       # ==== Example
       #   create(alert_id: 5, reason: 'My very good reason for creating this suppression')
@@ -48,9 +52,7 @@ module ESP
       #
       # ==== Attributes
       #
-      # +alert_id+ | Required | The id for the alert you want to create a suppression for.
-      #
-      # +reason+ | Required | The reason for creating the suppression.
+      # See {API documentation}[http://api-docs.evident.io?ruby#suppression-unique-identifier-create] for valid arguments
       #
       # ==== Example
       #   suppression = new(alert_id: 5, reason: 'My very good reason for creating this suppression')

data/lib/esp/resources/suppression.rb

@@ -10,24 +10,38 @@ module ESP
 
     ##
     # The regions affected by this suppression.
-    has_many :regions, class_name: 'ESP::Region'
+    def regions
+      # When regions come back in an include, the method still gets called, to return the object from the attributes.
+      return attributes['regions'] if attributes['regions'].present?
+      return [] unless respond_to? :region_ids
+      ESP::Region.where(id_in: region_ids)
+    end
 
     ##
     # The external accounts affected by this suppression.
-    has_many :external_accounts, class_name: 'ESP::ExternalAccount'
+    def external_accounts
+      # When external_accounts come back in an include, the method still gets called, to return the object from the attributes.
+      return attributes['external_accounts'] if attributes['external_accounts'].present?
+      return [] unless respond_to? :external_account_ids
+      ESP::ExternalAccount.where(id_in: external_account_ids)
+    end
 
     ##
     # The signatures being suppressed.
     def signatures
+      # When signatures come back in an include, the method still gets called, to return the object from the attributes.
+      return attributes['signatures'] if attributes['signatures'].present?
       return [] unless respond_to? :signature_ids
-      ESP::Signature.find(:all, params: { id: signature_ids })
+      ESP::Signature.where(id_in: signature_ids)
     end
 
     ##
     # The custom signatures being suppressed.
     def custom_signatures
+      # When custom_signatures come back in an include, the method still gets called, to return the object from the attributes.
+      return attributes['custom_signatures'] if attributes['custom_signatures'].present?
       return [] unless respond_to? :custom_signature_ids
-      ESP::CustomSignature.find(:all, params: { id: custom_signature_ids })
+      ESP::CustomSignature.where(id_in: custom_signature_ids)
     end
 
     # Overriden so the correct param is sent on the has_many relationships.  API needs this one to be plural.
@@ -69,6 +83,20 @@ module ESP
       false
     end
 
+    # :singleton-method: where
+    # Return a paginated Suppression list filtered by search parameters
+    #
+    # ==== Parameters
+    #
+    # +clauses+ | Hash of attributes with appended predicates to search, sort and include.
+    #
+    # ===== Valid Clauses
+    #
+    # See {API documentation}[http://api-docs.evident.io?ruby#suppression-attributes] for valid arguments
+    #
+    # :call-seq:
+    #  where(clauses = {})
+
     ##
     # :singleton-method: find
     # Find a Suppression by id
@@ -77,8 +105,18 @@ module ESP
     #
     # +id+ | Required | The ID of the suppression to retrieve
     #
+    # +options+ | Optional | A hash of options
+    #
+    # ===== Valid Options
+    #
+    # +include+ | The list of associated objects to return on the initial request.
+    #
+    # ===== Valid Includable Associations
+    #
+    # See {API documentation}[http://api-docs.evident.io?ruby#suppression-attributes] for valid arguments
+    #
     # :call-seq:
-    #  find(id)
+    #  find(id, options = {})
 
     # :singleton-method: all
     # Return a paginated Suppression list

data/lib/esp/resources/tag.rb

@@ -10,6 +10,11 @@ module ESP
       fail ESP::NotImplementedError
     end
 
+    # Not Implemented. You cannot search for a Tag.
+    def self.where(*)
+      fail ESP::NotImplementedError
+    end
+
     # Returns a paginated collection of tags for the given alert_id
     # Convenience method to use instead of ::find since an alert_id is required to return tags.
     #

data/lib/esp/resources/team.rb

@@ -26,6 +26,20 @@ module ESP
       Report.create_for_team(id)
     end
 
+    # :singleton-method: where
+    # Return a paginated Team list filtered by search parameters
+    #
+    # ==== Parameters
+    #
+    # +clauses+ | Hash of attributes with appended predicates to search, sort and include.
+    #
+    # ===== Valid Clauses
+    #
+    # See {API documentation}[http://api-docs.evident.io?ruby#team-attributes] for valid arguments
+    #
+    # :call-seq:
+    #  where(clauses = {})
+
     ##
     # :singleton-method: find
     # Find a Team by id
@@ -34,8 +48,18 @@ module ESP
     #
     # +id+ | Required | The ID of the team to retrieve
     #
+    # +options+ | Optional | A hash of options
+    #
+    # ===== Valid Options
+    #
+    # +include+ | The list of associated objects to return on the initial request.
+    #
+    # ===== Valid Includable Associations
+    #
+    # See {API documentation}[http://api-docs.evident.io?ruby#team-attributes] for valid arguments
+    #
     # :call-seq:
-    #  find(id)
+    #  find(id, options = {})
 
     # :singleton-method: all
     # Return a paginated Team list
@@ -49,24 +73,24 @@ module ESP
     #
     # +attributes+ | Required | A hash of team attributes
     #
-    # ==== Valid Attributes
+    # ===== Valid Attributes
     #
-    # +sub_organization_id+ | Required | The ID of the sub organization to attach this team to
+    # See {API documentation}[http://api-docs.evident.io?ruby#team-create] for valid arguments
     #
-    # +name+ | Required | The name of the team
+    # ==== Example
+    #
+    #  team = ESP::Team.create(name: "Team Name", sub_organization_id: 9)
 
     # :method: save
     # Create and update a Team.
     #
-    # ==== Valid Attributes when updating
+    # ===== Valid Attributes when updating
     #
     # +name+ | Required | The new name of the team
     #
-    # ==== Valid Attributes when creating
-    #
-    # +sub_organization_id+ | Required | The ID of the sub organization to attach this team to
+    # ===== Valid Attributes when creating
     #
-    # +name+ | Required | The name of the team
+    # See {API documentation}[http://api-docs.evident.io?ruby#team-create] for valid arguments
     #
     # ==== Example
     #

data/lib/esp/resources/user.rb

@@ -17,15 +17,31 @@ module ESP
     ##
     # The collection of sub organizations that belong to the user.
     def sub_organizations
-      SubOrganization.find(:all, params: { id: sub_organization_ids })
+      return attributes['sub_organizations'] if attributes['sub_organizations'].present?
+      SubOrganization.where(id_in: sub_organization_ids)
     end
 
     ##
     # The collection of teams that belong to the user.
     def teams
-      Team.find(:all, params: { id: team_ids })
+      return attributes['teams'] if attributes['teams'].present?
+      Team.where(id_in: team_ids)
     end
 
+    # :singleton-method: where
+    # Return a paginated User list filtered by search parameters
+    #
+    # ==== Parameters
+    #
+    # +clauses+ | Hash of attributes with appended predicates to search, sort and include.
+    #
+    # ===== Valid Clauses
+    #
+    # See {API documentation}[http://api-docs.evident.io?ruby#user-attributes] for valid arguments
+    #
+    # :call-seq:
+    #  where(clauses = {})
+
     ##
     # :singleton-method: find
     # Find a User by id
@@ -34,8 +50,18 @@ module ESP
     #
     # +id+ | Required | The ID of the user to retrieve
     #
+    # +options+ | Optional | A hash of options
+    #
+    # ===== Valid Options
+    #
+    # +include+ | The list of associated objects to return on the initial request.
+    #
+    # ===== Valid Includable Associations
+    #
+    # See {API documentation}[http://api-docs.evident.io?ruby#user-attributes] for valid arguments
+    #
     # :call-seq:
-    #  find(id)
+    #  find(id, options = {})
 
     # :singleton-method: all
     # Return a paginated User list

data/lib/esp/version.rb

@@ -1,3 +1,3 @@
 module ESP
-  VERSION = '2.0.0'
+  VERSION = '2.1.0'
 end

data/lib/esp.rb

@@ -3,7 +3,7 @@ module ESP
   #
   # You can optionally set the `ESP_ACCESS_KEY_ID` environment variable.
   def self.access_key_id=(access_key_id)
-    @access_key_id = access_key_id
+    @access_key_id               = access_key_id
     ESP::Resource.hmac_access_id = access_key_id
   end
 
@@ -16,7 +16,7 @@ module ESP
   #
   # You can optionally set the `ESP_SECRET_ACCESS_KEY` environment variable.
   def self.secret_access_key=(secret_access_key)
-    @secret_access_key = secret_access_key
+    @secret_access_key            = secret_access_key
     ESP::Resource.hmac_secret_key = secret_access_key
   end
 
@@ -28,8 +28,8 @@ module ESP
   PATH = '/api/v2'.freeze
 
   HOST = { development: "http://localhost:3000".freeze,
-           test: "http://localhost:3000".freeze,
-           production: "https://api.evident.io".freeze }.freeze # :nodoc:
+           test:        "http://localhost:3000".freeze,
+           production:  "https://api.evident.io".freeze }.freeze # :nodoc:
 
   # Users of the Evident.io marketplace appliance application will need to set the host for their instance.
   #
@@ -37,7 +37,7 @@ module ESP
   #
   # * +host+ - The host for the installed appliance instance.
   def self.host=(host)
-    @host = host
+    @host              = host
     ESP::Resource.site = site
   end
 
@@ -46,6 +46,23 @@ module ESP
     "#{(@host || HOST[ESP.env.to_sym] || ENV['ESP_HOST'])}#{PATH}"
   end
 
+  # Manually set an http_proxy
+  #
+  # You can optionally set the `HTTP_PROXY` environment variable.
+  #
+  # ==== Attribute
+  #
+  # * +http_proxy+ - The URI of the http proxy
+  def self.http_proxy=(proxy)
+    @http_proxy         = proxy
+    ESP::Resource.proxy = http_proxy
+  end
+
+  # Reads the `HTTP_PROXY` environment variable if ::http_proxy was not set manually.
+  def self.http_proxy
+    @http_proxy || ENV['http_proxy']
+  end
+
   # For use in a Rails initializer to set the ::access_key_id, ::secret_access_key and ::site.
   #
   # ==== Example
@@ -54,6 +71,7 @@ module ESP
   #     config.access_key_id = <your key>
   #     config.secret_access_key = <your secret key>
   #     config.host = <host of your appliance instance>
+  #     config.http_proxy = <your proxy URI>
   #   end
   def self.configure
     yield self
@@ -93,4 +111,6 @@ module ESP
   autoload :StatSignature, File.expand_path(File.dirname(__FILE__) + '/esp/resources/stat_signature')
   autoload :StatRegion, File.expand_path(File.dirname(__FILE__) + '/esp/resources/stat_region')
   autoload :StatService, File.expand_path(File.dirname(__FILE__) + '/esp/resources/stat_service')
+  autoload :ExternalAccountCreator, File.expand_path(File.dirname(__FILE__) + '/../lib/esp/external_account_creator')
+  autoload :AWSClients, File.expand_path(File.dirname(__FILE__) + '/../lib/esp/aws_clients')
 end

data/test/esp/aws_clients_test.rb

@@ -0,0 +1,101 @@
+require_relative '../test_helper'
+require_relative '../../lib/esp/aws_clients'
+
+module ESP
+  class AWSClientsTest < ActiveSupport::TestCase
+    context ESP::AWSClients do
+      context 'validations' do
+        should 'be 12 chars' do
+          aws = AWSClients.new
+          aws.stubs(:owner_id).returns("ABC123")
+
+          refute aws.valid?
+          assert_contains aws.errors.full_messages, 'Owner is the wrong length (should be 12 characters)'
+        end
+
+        should 'contain only numeric chars' do
+          aws = AWSClients.new
+          aws.stubs(:owner_id).returns("ABC123")
+
+          refute aws.valid?
+          assert_contains aws.errors.full_messages, 'Owner is not a number'
+        end
+
+        should 'contain 12 numeric chars' do
+          aws = AWSClients.new
+          aws.stubs(:owner_id).returns("012345678912")
+
+          assert aws.valid?
+        end
+      end
+
+      context "#create_and_attach_role" do
+        setup do
+          ENV['AWS_REGION'] = 'us-east-1'
+        end
+
+        teardown do
+          ENV['AWS_REGION'] = nil
+        end
+
+        should "make iam call to create_role with external account id" do
+          aws        = AWSClients.new
+          iam_client = mock
+          iam_client.stubs(:create_role)
+          iam_client.stubs(:attach_role_policy)
+          aws.stubs(:iam).returns(iam_client)
+
+          aws.create_and_attach_role!('1234')
+
+          assert_received(iam_client, :create_role) do |expected|
+            expected.with do |params|
+              assert_equal AWSClients::AWS_ROLE_NAME, params[:role_name]
+              assert_equal aws.send(:trust_policy, '1234'), params[:assume_role_policy_document]
+            end
+          end
+        end
+
+        should "make iam call to attach_role_policy" do
+          aws        = AWSClients.new
+          iam_client = mock
+          iam_client.stubs(:create_role)
+          iam_client.stubs(:attach_role_policy)
+          aws.stubs(:iam).returns(iam_client)
+
+          aws.create_and_attach_role!('1234')
+
+          assert_received(iam_client, :attach_role_policy) do |expected|
+            expected.with do |params|
+              assert_equal AWSClients::AWS_ROLE_NAME, params[:role_name]
+              assert_equal AWSClients::AWS_ROLE_POLICY_ARN, params[:policy_arn]
+            end
+          end
+        end
+
+        should "return the role" do
+          aws        = AWSClients.new
+          iam_client = mock
+          iam_client.expects(:create_role).returns('the role')
+          iam_client.expects(:attach_role_policy)
+          aws.stubs(:iam).returns(iam_client)
+
+          role = aws.create_and_attach_role!('1234')
+
+          assert_equal 'the role', role
+        end
+      end
+
+      context '#trust_policy' do
+        should 'have the esp_owner_id and external_account_id' do
+          aws = AWSClients.new
+          ESP.stubs(:env).returns("production")
+
+          policy = aws.send(:trust_policy, '1234')
+
+          assert_match(/\"AWS\": \"arn:aws:iam::613698206329:root\"/, policy)
+          assert_match(/\"sts:ExternalId\": \"1234"/, policy)
+        end
+      end
+    end
+  end
+end