lucid-cumulus 0.11.13 → 0.11.14

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: c649e221a9a55e7a1275e21747366a2217301ac609dedfb2e954a16fb1b5a1e6
4
- data.tar.gz: 38bc146d6d1d757bc0155e7aa381e29c17e56d1d6ec168e6783251f04ddc5f51
3
+ metadata.gz: f9ec1b31cd8db8cac1263ac361113cd923419abef71f273b1938c76db6585ab4
4
+ data.tar.gz: 9e4b37ba4e30a4c22c6b7e89991895e042cc331e74ad4bc90cb3a228c26e22e7
5
5
  SHA512:
6
- metadata.gz: e8b582222f32d953e3dd6c2e3afe97b649e5295f966bae80350e9fb80b5a3c29674869a5ed099b67bd9e608ea478c5dce8e1cb84748de667d299bc058bc996d4
7
- data.tar.gz: 490f1b06d7920da8c05061a147014526c30b805f75b1b4ee6f99107490bf2c2f31828dad70f3e5f92ce3932d778654c11a7e1b17a7e455b23d9de13497d8b47b
6
+ metadata.gz: 9bb3a9d6a33678601e31a6d086ccc990403e407f08b1722d8502be5945daf4facb7de60ab102fc950687d759a58861ae4f6009f5a9cec50ef7239905c472f239
7
+ data.tar.gz: fc81bac1f0ee1d6cc4099cf323b906b8ce6b5ccc5b47f7d261d5d386a489d5507b5b0761b151a476fda6afde93be9bf9ec2bf81bfa177893d26b9fca33f55650
data/Gemfile.lock CHANGED
@@ -1,7 +1,7 @@
1
1
  PATH
2
2
  remote: .
3
3
  specs:
4
- lucid-cumulus (0.11.13)
4
+ lucid-cumulus (0.11.14)
5
5
  aws-sdk (~> 3.0)
6
6
  deepsort (~> 0.1)
7
7
  parse-cron (~> 0.1.4)
@@ -9,19 +9,19 @@ PATH
9
9
  GEM
10
10
  remote: https://rubygems.org/
11
11
  specs:
12
- aws-partitions (1.53.0)
12
+ aws-partitions (1.57.0)
13
13
  aws-sdk (3.0.1)
14
14
  aws-sdk-resources (~> 3)
15
15
  aws-sdk-acm (1.2.0)
16
16
  aws-sdk-core (~> 3)
17
17
  aws-sigv4 (~> 1.0)
18
- aws-sdk-alexaforbusiness (1.0.0)
18
+ aws-sdk-alexaforbusiness (1.1.0)
19
19
  aws-sdk-core (~> 3)
20
20
  aws-sigv4 (~> 1.0)
21
21
  aws-sdk-apigateway (1.9.0)
22
22
  aws-sdk-core (~> 3)
23
23
  aws-sigv4 (~> 1.0)
24
- aws-sdk-applicationautoscaling (1.6.0)
24
+ aws-sdk-applicationautoscaling (1.7.0)
25
25
  aws-sdk-core (~> 3)
26
26
  aws-sigv4 (~> 1.0)
27
27
  aws-sdk-applicationdiscoveryservice (1.1.0)
@@ -39,10 +39,13 @@ GEM
39
39
  aws-sdk-autoscaling (1.4.0)
40
40
  aws-sdk-core (~> 3)
41
41
  aws-sigv4 (~> 1.0)
42
+ aws-sdk-autoscalingplans (1.1.0)
43
+ aws-sdk-core (~> 3)
44
+ aws-sigv4 (~> 1.0)
42
45
  aws-sdk-batch (1.3.0)
43
46
  aws-sdk-core (~> 3)
44
47
  aws-sigv4 (~> 1.0)
45
- aws-sdk-budgets (1.3.0)
48
+ aws-sdk-budgets (1.4.0)
46
49
  aws-sdk-core (~> 3)
47
50
  aws-sigv4 (~> 1.0)
48
51
  aws-sdk-cloud9 (1.0.0)
@@ -81,7 +84,7 @@ GEM
81
84
  aws-sdk-cloudwatchlogs (1.2.0)
82
85
  aws-sdk-core (~> 3)
83
86
  aws-sigv4 (~> 1.0)
84
- aws-sdk-codebuild (1.5.0)
87
+ aws-sdk-codebuild (1.6.0)
85
88
  aws-sdk-core (~> 3)
86
89
  aws-sigv4 (~> 1.0)
87
90
  aws-sdk-codecommit (1.2.0)
@@ -111,7 +114,7 @@ GEM
111
114
  aws-sdk-configservice (1.5.0)
112
115
  aws-sdk-core (~> 3)
113
116
  aws-sigv4 (~> 1.0)
114
- aws-sdk-core (3.13.1)
117
+ aws-sdk-core (3.14.0)
115
118
  aws-partitions (~> 1.0)
116
119
  aws-sigv4 (~> 1.0)
117
120
  jmespath (~> 1.0)
@@ -145,7 +148,7 @@ GEM
145
148
  aws-sdk-dynamodbstreams (1.0.0)
146
149
  aws-sdk-core (~> 3)
147
150
  aws-sigv4 (~> 1.0)
148
- aws-sdk-ec2 (1.24.0)
151
+ aws-sdk-ec2 (1.25.0)
149
152
  aws-sdk-core (~> 3)
150
153
  aws-sigv4 (~> 1.0)
151
154
  aws-sdk-ecr (1.2.0)
@@ -187,13 +190,13 @@ GEM
187
190
  aws-sdk-glacier (1.5.0)
188
191
  aws-sdk-core (~> 3)
189
192
  aws-sigv4 (~> 1.0)
190
- aws-sdk-glue (1.3.0)
193
+ aws-sdk-glue (1.4.0)
191
194
  aws-sdk-core (~> 3)
192
195
  aws-sigv4 (~> 1.0)
193
196
  aws-sdk-greengrass (1.2.0)
194
197
  aws-sdk-core (~> 3)
195
198
  aws-sigv4 (~> 1.0)
196
- aws-sdk-guardduty (1.0.0)
199
+ aws-sdk-guardduty (1.1.0)
197
200
  aws-sdk-core (~> 3)
198
201
  aws-sigv4 (~> 1.0)
199
202
  aws-sdk-health (1.0.0)
@@ -235,7 +238,7 @@ GEM
235
238
  aws-sdk-kms (1.4.0)
236
239
  aws-sdk-core (~> 3)
237
240
  aws-sigv4 (~> 1.0)
238
- aws-sdk-lambda (1.2.0)
241
+ aws-sdk-lambda (1.4.0)
239
242
  aws-sdk-core (~> 3)
240
243
  aws-sigv4 (~> 1.0)
241
244
  aws-sdk-lambdapreview (1.0.0)
@@ -307,7 +310,7 @@ GEM
307
310
  aws-sdk-pricing (1.0.0)
308
311
  aws-sdk-core (~> 3)
309
312
  aws-sigv4 (~> 1.0)
310
- aws-sdk-rds (1.10.0)
313
+ aws-sdk-rds (1.11.0)
311
314
  aws-sdk-core (~> 3)
312
315
  aws-sigv4 (~> 1.0)
313
316
  aws-sdk-redshift (1.1.0)
@@ -322,7 +325,7 @@ GEM
322
325
  aws-sdk-resourcegroupstaggingapi (1.0.0)
323
326
  aws-sdk-core (~> 3)
324
327
  aws-sigv4 (~> 1.0)
325
- aws-sdk-resources (3.10.0)
328
+ aws-sdk-resources (3.12.0)
326
329
  aws-sdk-acm (~> 1)
327
330
  aws-sdk-alexaforbusiness (~> 1)
328
331
  aws-sdk-apigateway (~> 1)
@@ -332,6 +335,7 @@ GEM
332
335
  aws-sdk-appsync (~> 1)
333
336
  aws-sdk-athena (~> 1)
334
337
  aws-sdk-autoscaling (~> 1)
338
+ aws-sdk-autoscalingplans (~> 1)
335
339
  aws-sdk-batch (~> 1)
336
340
  aws-sdk-budgets (~> 1)
337
341
  aws-sdk-cloud9 (~> 1)
@@ -445,6 +449,7 @@ GEM
445
449
  aws-sdk-storagegateway (~> 1)
446
450
  aws-sdk-support (~> 1)
447
451
  aws-sdk-swf (~> 1)
452
+ aws-sdk-transcribeservice (~> 1)
448
453
  aws-sdk-translate (~> 1)
449
454
  aws-sdk-waf (~> 1)
450
455
  aws-sdk-wafregional (~> 1)
@@ -462,7 +467,7 @@ GEM
462
467
  aws-sdk-core (~> 3)
463
468
  aws-sdk-kms (~> 1)
464
469
  aws-sigv4 (~> 1.0)
465
- aws-sdk-sagemaker (1.4.0)
470
+ aws-sdk-sagemaker (1.5.0)
466
471
  aws-sdk-core (~> 3)
467
472
  aws-sigv4 (~> 1.0)
468
473
  aws-sdk-sagemakerruntime (1.0.0)
@@ -513,6 +518,9 @@ GEM
513
518
  aws-sdk-swf (1.0.0)
514
519
  aws-sdk-core (~> 3)
515
520
  aws-sigv4 (~> 1.0)
521
+ aws-sdk-transcribeservice (1.0.0)
522
+ aws-sdk-core (~> 3)
523
+ aws-sigv4 (~> 1.0)
516
524
  aws-sdk-translate (1.0.0)
517
525
  aws-sdk-core (~> 3)
518
526
  aws-sigv4 (~> 1.0)
@@ -28,6 +28,16 @@ module AwsExtensions
28
28
  rescue Aws::S3::Errors::ReplicationConfigurationNotFoundError
29
29
  nil
30
30
  end
31
+
32
+ def default_encryption
33
+ conf = Cumulus::S3::client(location).get_bucket_encryption({bucket: name}).server_side_encryption_configuration
34
+ conf.rules.find do |r|
35
+ sse = r.apply_server_side_encryption_by_default
36
+ sse and break sse
37
+ end
38
+ rescue Aws::S3::Errors::ServerSideEncryptionConfigurationNotFoundError
39
+ nil
40
+ end
31
41
  end
32
42
  end
33
43
  end
@@ -0,0 +1,14 @@
1
+ require 's3/models/DefaultEncryptionConfig'
2
+
3
+ module AwsExtensions
4
+ module S3
5
+ module ServerSideEncryptionByDefault
6
+ def to_cumulus
7
+ cumulus = Cumulus::S3::DefaultEncryptionConfig.new
8
+ cumulus.populate!(self)
9
+ cumulus
10
+ end
11
+ end
12
+ end
13
+ end
14
+
@@ -87,6 +87,7 @@ module Cumulus
87
87
  update_lifecycle(local.region, local.name, local.lifecycle)
88
88
  update_notifications(local.region, local.name, local.notifications)
89
89
  update_replication(local.region, local.name, local.replication)
90
+ update_default_encryption(local.region, local.name, local.default_encryption)
90
91
  update_tags(local.region, local.name, local.tags) if !local.tags.empty?
91
92
  end
92
93
 
@@ -122,6 +123,9 @@ module Cumulus
122
123
  elsif diff.type == BucketChange::REPLICATION
123
124
  puts Colors.blue("\tupdating replication...")
124
125
  update_replication(diff.local.region, diff.local.name, diff.local.replication)
126
+ elsif diff.type == BucketChange::ENCRYPTION
127
+ puts Colors.blue("\tupdating default encryption...")
128
+ update_default_encryption(diff.local.region, diff.local.name, diff.local.default_encryption)
125
129
  end
126
130
  end
127
131
  end
@@ -291,6 +295,23 @@ module Cumulus
291
295
  })
292
296
  end
293
297
  end
298
+
299
+ def update_default_encryption(region, bucket_name, default_encryption)
300
+ if default_encryption
301
+ S3.client(region).put_bucket_encryption({
302
+ bucket: bucket_name,
303
+ server_side_encryption_configuration: {
304
+ rules: [{
305
+ apply_server_side_encryption_by_default: default_encryption.to_aws
306
+ }]
307
+ }
308
+ })
309
+ else
310
+ S3.client(region).delete_bucket_encryption({
311
+ bucket: bucket_name
312
+ })
313
+ end
314
+ end
294
315
  end
295
316
  end
296
317
  end
@@ -10,8 +10,11 @@ require "aws_extensions/s3/BucketVersioning"
10
10
  require "aws_extensions/s3/BucketWebsite"
11
11
  require "aws_extensions/s3/CORSRule"
12
12
  require "aws_extensions/s3/ReplicationConfiguration"
13
+ require "aws_extensions/s3/ServerSideEncryptionByDefault"
13
14
  require "s3/loader/Loader"
14
15
  require "s3/models/BucketDiff"
16
+ require "s3/models/DefaultEncryptionConfig"
17
+ require "s3/models/DefaultEncryptionDiff"
15
18
  require "s3/models/GrantConfig"
16
19
  require "s3/models/GrantDiff"
17
20
  require "s3/models/LifecycleConfig"
@@ -51,6 +54,8 @@ module Cumulus
51
54
  Aws::S3::BucketLifecycle.send(:include, AwsExtensions::S3::BucketLifecycle)
52
55
  # Monkey patch ReplicationConfiguration to convert to Cumulus format
53
56
  Aws::S3::Types::ReplicationConfiguration.send(:include, AwsExtensions::S3::ReplicationConfiguration)
57
+ # Monkey patch ServerSideEncryptionByDefault to convert to Cumulus format
58
+ Aws::S3::Types::ServerSideEncryptionByDefault.send(:include, AwsExtensions::S3::ServerSideEncryptionByDefault)
54
59
 
55
60
  # Public: An object representing configuration for an S3 bucket
56
61
  class BucketConfig
@@ -66,6 +71,7 @@ module Cumulus
66
71
  attr_reader :tags
67
72
  attr_reader :versioning
68
73
  attr_reader :website
74
+ attr_reader :default_encryption
69
75
 
70
76
  # Public: Constructor
71
77
  #
@@ -93,6 +99,9 @@ module Cumulus
93
99
  [g["name"], GrantConfig.new(g)]
94
100
  end]
95
101
  end
102
+ if json["default_encryption"]
103
+ @default_encryption = DefaultEncryptionConfig.new(json["default_encryption"])
104
+ end
96
105
  @website = if json["website"] then WebsiteConfig.new(json["website"]) end
97
106
  @logging = if json["logging"] then LoggingConfig.new(json["logging"]) end
98
107
  @notifications = Hash[(json["notifications"] || []).map { |n| [n["name"], NotificationConfig.new(n)] }]
@@ -120,6 +129,10 @@ module Cumulus
120
129
  @versioning = aws.versioning.enabled
121
130
  @replication = aws.replication.to_cumulus rescue nil
122
131
  @tags = Hash[aws.tagging.safe_tags.map { |t| [t.key, t.value] }]
132
+ default_encryption = aws.default_encryption
133
+ if default_encryption
134
+ @default_encryption = default_encryption.to_cumulus
135
+ end
123
136
 
124
137
  policy = aws.policy.policy_string
125
138
  if policy and policy != ""
@@ -168,6 +181,7 @@ module Cumulus
168
181
  lifecycle: if !@lifecycle.empty? then @lifecycle.values.map(&:to_h) end,
169
182
  versioning: @versioning,
170
183
  replication: if @replication then @replication.to_h end,
184
+ default_encryption: if @default_encryption then @default_encryption end,
171
185
  tags: @tags,
172
186
  }.reject { |k, v| v.nil? })
173
187
  end
@@ -222,6 +236,13 @@ module Cumulus
222
236
  diffs << BucketDiff.replication_changes(replication_diffs, self)
223
237
  end
224
238
 
239
+ aws_default_encryption = aws.default_encryption
240
+ if aws_default_encryption then aws_default_encryption = aws_default_encryption.to_cumulus end
241
+ default_encryption_diffs = diff_encryption(@default_encryption, aws_default_encryption)
242
+ if !default_encryption_diffs.empty?
243
+ diffs << BucketDiff.default_encryption_changes(default_encryption_diffs, self)
244
+ end
245
+
225
246
  diffs
226
247
  end
227
248
 
@@ -290,6 +311,26 @@ module Cumulus
290
311
  diffs.flatten
291
312
  end
292
313
 
314
+ # Internal: Determine changes in default encryption.
315
+ #
316
+ # local - the local default encryption configuration
317
+ # aws - the aws default encryption configuration
318
+ #
319
+ # Returns an array of DefaultEncryptionDiffs representing the differences between
320
+ # local and AWS configuration.
321
+ def diff_encryption(local, aws)
322
+ diffs = []
323
+ if local and aws
324
+ diffs << local.diff(aws)
325
+ elsif local
326
+ diffs << DefaultEncryptionDiff.added(local)
327
+ elsif aws
328
+ diffs << ReplicationDiff.unmanaged(aws)
329
+ end
330
+
331
+ diffs.flatten
332
+ end
333
+
293
334
  # Internal: Determine changes in sub configurations.
294
335
  #
295
336
  # local - the local configurations (hash from name to config)
@@ -18,6 +18,7 @@ module Cumulus
18
18
  TAGS = Common::DiffChange.next_change_id
19
19
  VERSIONING = Common::DiffChange.next_change_id
20
20
  WEBSITE = Common::DiffChange.next_change_id
21
+ ENCRYPTION = Common::DiffChange.next_change_id
21
22
  end
22
23
 
23
24
  # Public: Represents a single difference between local configuration and AWS
@@ -30,6 +31,7 @@ module Cumulus
30
31
  attr_accessor :lifecycle
31
32
  attr_accessor :notifications
32
33
  attr_accessor :replication
34
+ attr_accessor :default_encryption
33
35
 
34
36
  # Public: Static method that will create a diff representing changes in grants
35
37
  #
@@ -82,6 +84,12 @@ module Cumulus
82
84
  diff
83
85
  end
84
86
 
87
+ def self.default_encryption_changes(default_encryption, local)
88
+ diff = BucketDiff.new(ENCRYPTION, nil, local)
89
+ diff.default_encryption = default_encryption
90
+ diff
91
+ end
92
+
85
93
  def diff_string
86
94
  case @type
87
95
  when CORS
@@ -132,6 +140,11 @@ module Cumulus
132
140
  Colors.aws_changes("\tAWS\t- #{if @aws.website.to_cumulus then @aws.website.to_cumulus else "Not enabled" end}"),
133
141
  Colors.local_changes("\tLocal\t- #{if @local.website then @local.website else "Not enabled" end}"),
134
142
  ].join("\n")
143
+ when ENCRYPTION
144
+ [
145
+ "Default Encryption:",
146
+ default_encryption.flat_map { |r| r.to_s.lines.map { |s| "\t#{s}" }.join },
147
+ ].flatten.join("\n")
135
148
  end
136
149
  end
137
150
 
@@ -0,0 +1,59 @@
1
+ require "s3/models/DefaultEncryptionDiff"
2
+
3
+ module Cumulus
4
+ module S3
5
+ class DefaultEncryptionConfig
6
+ attr_reader :algorithm
7
+ attr_reader :kms_master_key_id
8
+
9
+ # Public: Constructor
10
+ #
11
+ # json - a hash representing the JSON configuration.
12
+ def initialize(json = nil)
13
+ if json
14
+ @algorithm = json["algorithm"]
15
+ @kms_master_key_id = json["kms_master_key_id"]
16
+ end
17
+ end
18
+
19
+ def to_aws
20
+ {
21
+ sse_algorithm: @algorithm,
22
+ kms_master_key_id: @kms_master_key_id
23
+ }
24
+ end
25
+
26
+ def to_h
27
+ {
28
+ "algorithm" => @algorithm,
29
+ "kms_master_key_id" => @kms_master_key_id
30
+ }
31
+ end
32
+
33
+ def diff(aws)
34
+ diffs = []
35
+ if @algorithm != aws.algorithm
36
+ diffs << DefaultEncryptionDiff.new(DefaultEncryptionChange::ALGORITHM, aws, self)
37
+ end
38
+ if @kms_master_key_id != aws.kms_master_key_id
39
+ diffs << DefaultEncryptionDiff.new(DefaultEncryptionChange::KMS_KEY, aws, self)
40
+ end
41
+
42
+ diffs
43
+ end
44
+
45
+ def populate!(aws)
46
+ @algorithm = aws.sse_algorithm
47
+ @kms_master_key_id = aws.kms_master_key_id
48
+ end
49
+
50
+ def ==(other)
51
+ other.is_a?(DefaultEncryptionConfig) && @algorithm == other.algorithm && @kms_master_key_id == other.kms_master_key_id
52
+ end
53
+
54
+ def !=(other)
55
+ !(self == other)
56
+ end
57
+ end
58
+ end
59
+ end
@@ -0,0 +1,38 @@
1
+ require 'common/models/Diff'
2
+ require "util/Colors"
3
+
4
+ module Cumulus
5
+ module S3
6
+ module DefaultEncryptionChange
7
+ include Common::DiffChange
8
+
9
+ ALGORITHM = Common::DiffChange.next_change_id
10
+ KMS_KEY = Common::DiffChange.next_change_id
11
+ end
12
+
13
+ class DefaultEncryptionDiff < Common::Diff
14
+ include DefaultEncryptionChange
15
+
16
+ def asset_type
17
+ "S3 Default Encryption"
18
+ end
19
+
20
+ def aws_name
21
+ "Configuration"
22
+ end
23
+
24
+ def local_name
25
+ "Configuration"
26
+ end
27
+
28
+ def diff_string
29
+ case @type
30
+ when ALGORITHM
31
+ "Algorithm: AWS - #{Colors.aws_changes(@aws.algorithm)}, Local - #{Colors.local_changes(@local.algorithm)}"
32
+ when KMS_KEY
33
+ "KMS key id: AWS -#{Colors.aws_changes(@aws.kms_master_key_id)}, Local - #{Colors.local_changes(@local.kms_master_key_id)}"
34
+ end
35
+ end
36
+ end
37
+ end
38
+ end
@@ -4,7 +4,7 @@ require "bundler"
4
4
 
5
5
  Gem::Specification.new do |s|
6
6
  s.name = "lucid-cumulus"
7
- s.version = "0.11.13"
7
+ s.version = "0.11.14"
8
8
  s.platform = Gem::Platform::RUBY
9
9
  s.authors = ["Keilan Jackson", "Mark Siebert"]
10
10
  s.email = "cumulus@lucidchart.com"
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: lucid-cumulus
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.11.13
4
+ version: 0.11.14
5
5
  platform: ruby
6
6
  authors:
7
7
  - Keilan Jackson
@@ -9,7 +9,7 @@ authors:
9
9
  autorequire:
10
10
  bindir: bin
11
11
  cert_chain: []
12
- date: 2018-01-15 00:00:00.000000000 Z
12
+ date: 2018-01-26 00:00:00.000000000 Z
13
13
  dependencies:
14
14
  - !ruby/object:Gem::Dependency
15
15
  name: aws-sdk
@@ -108,6 +108,7 @@ files:
108
108
  - lib/aws_extensions/s3/BucketWebsite.rb
109
109
  - lib/aws_extensions/s3/CORSRule.rb
110
110
  - lib/aws_extensions/s3/ReplicationConfiguration.rb
111
+ - lib/aws_extensions/s3/ServerSideEncryptionByDefault.rb
111
112
  - lib/cloudfront/CloudFront.rb
112
113
  - lib/cloudfront/Commands.rb
113
114
  - lib/cloudfront/loader/Loader.rb
@@ -195,6 +196,8 @@ files:
195
196
  - lib/s3/manager/Manager.rb
196
197
  - lib/s3/models/BucketConfig.rb
197
198
  - lib/s3/models/BucketDiff.rb
199
+ - lib/s3/models/DefaultEncryptionConfig.rb
200
+ - lib/s3/models/DefaultEncryptionDiff.rb
198
201
  - lib/s3/models/GrantConfig.rb
199
202
  - lib/s3/models/GrantDiff.rb
200
203
  - lib/s3/models/LifecycleConfig.rb