s3-secure 0.3.0 → 0.4.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 2f11b8e84cd1ebb0ec8765311ee00e898d43771d564a1b0e5397d7fcfce3c4b9
-  data.tar.gz: 6790be3ac47993e207dee4bff4f59f1847ac7c0cb003166e2bf550fed6118ab8
+  metadata.gz: 458984b9117afa2925e7b2f6d662d1d7d85f1db797443a8addde3e59162794d4
+  data.tar.gz: 9127363474746342e5af37bfd32a68e5fce29f6738902026fa00141720989f26
 SHA512:
-  metadata.gz: 6dcbd04a00a3a118015fb3228fb79faa2e1d069e5bb5f4af09c253c14b470aeb21f7ad002df444d3fa1263c1c26c7e14f4d384d9b9463239c0c1f3f7a122dc54
-  data.tar.gz: b228ed523d193dbb2d4ac153b52aa6e57f848357a69810f232074e9a3313397a9f9abb57da87a101a486f5331975c2d6d21ef3fd656968b0f12c7a4dcd5f72c7
+  metadata.gz: a318aa5bbf6d9a960d65e2f32a6ea18053b07532c6a19e8ce4c36d3e92252e6383344238ec372e98d0c8da970a3af6015af67b169f244af81b80b431ca518450
+  data.tar.gz: e098eea71ed734a3ad6664d293d476fcddad5a4c285542bf1dc634ef9833773c99b0a77637f5bcb9242e3e3d3ee9b3256b904c635e96c2806de936b230eba258

data/CHANGELOG.md

@@ -3,6 +3,9 @@
 All notable changes to this project will be documented in this file.
 This project *tries* to adhere to [Semantic Versioning](http://semver.org/), even before v1.0.
 
+## [0.4.0]
+-  #1 summary command
+
 ## [0.3.0]
 - clean up policy_document method interface
 

data/lib/s3_secure/cli.rb

@@ -11,6 +11,14 @@ module S3Secure
     long_desc Help.text(:policy)
     subcommand "policy", Policy
 
+    desc "summary", "Summarize buckets"
+    long_desc Help.text("summary")
+    option :ssl, default: "any", desc: "filter for ssl enforcement. Examples: any, yes, no"
+    option :encrypted, default: "any", desc: "filter for encryption enabled. Examples: any, yes, no"
+    def summary
+      Summary.new(options).run
+    end
+
     desc "batch *PARAMS", "Batch wrapper method"
     long_desc Help.text(:batch)
     def batch(*params)

data/lib/s3_secure/help/summary.md

@@ -0,0 +1,22 @@
+## Examples
+
+    $ s3-secure summary
+    Determining bucket security-related settings...
+    +----------------------------+------+------------+
+    |           Bucket           | SSL? | Encrypted? |
+    +----------------------------+------+------------+
+    | a-test-bucket-in-us-east-1 | yes  | no         |
+    | a-test-bucket-in-us-west-1 | no   | no         |
+    +----------------------------+------+------------+
+    $
+
+There are `--ssl no` and `--encrypted no` filtering options:
+
+    $ s3-secure summary --ssl no --encrypted no
+    Determining bucket security-related settings...
+    +----------------------------+------+------------+
+    |           Bucket           | SSL? | Encrypted? |
+    +----------------------------+------+------------+
+    | a-test-bucket-in-us-west-1 | no   | no         |
+    +----------------------------+------+------------+
+    $

data/lib/s3_secure/summary.rb

@@ -0,0 +1,13 @@
+module S3Secure
+  class Summary < AbstractBase
+    def run
+      $stderr.puts("Determining bucket security-related settings...")
+      data = [%w[Bucket SSL? Encrypted?]]
+      items = Items.new(@options, buckets)
+      items.filtered_items.each do |i|
+        data << [i.bucket, i.ssl, i.encrypted]
+      end
+      S3Secure::Table.new(@options, data).display
+    end
+  end
+end

data/lib/s3_secure/summary/item.rb

@@ -0,0 +1,16 @@
+class S3Secure::Summary
+  class Item
+    attr_reader :bucket
+    def initialize(bucket, properties={})
+      @bucket, @properties = bucket, properties
+    end
+
+    def method_missing(name, *args, &block)
+      if @properties.key?(name)
+        @properties[name]
+      else
+        super
+      end
+    end
+  end
+end

data/lib/s3_secure/summary/items.rb

@@ -0,0 +1,67 @@
+class S3Secure::Summary
+  class Items < S3Secure::AbstractBase
+    extend Memoist
+
+    # override initialize
+    def initialize(options, buckets)
+      @options, @buckets = options, buckets
+      @ssl, @encrypted = @options[:ssl], @options[:encrypted]
+    end
+
+    def filtered_items
+      items = all_items.select do |item|
+        case @ssl
+        when "yes", "no"
+          @ssl == item.ssl
+        else # any or fallback
+          true
+        end
+      end
+
+      items.select do |item|
+        case @encrypted
+        when "yes", "no"
+          @encrypted == item.encrypted
+        else # any or fallback
+          true
+        end
+      end
+    end
+
+    # Triggers loading of items
+    def all_items
+      load_items!
+    end
+
+    def load_items!
+      @buckets.map do |bucket|
+        Item.new(bucket,
+                 ssl: ssl?(bucket) ? "yes" : "no",
+                 encrypted: encrypted?(bucket) ? "yes" : "no")
+      end
+    end
+    memoize :load_items!
+
+  private
+    def ssl?(bucket)
+      s3 = s3_regional_client(bucket)
+      list = S3Secure::Policy::List.new(@options)
+      list.set_s3(s3)
+
+      bucket_policy = list.get_policy(bucket)
+      document = S3Secure::Policy::Document.new(bucket, bucket_policy)
+      document.has?("ForceSSLOnlyAccess")
+    end
+    memoize :ssl?
+
+    def encrypted?(bucket)
+      s3 = s3_regional_client(bucket)
+      list = S3Secure::Encryption::List.new(@options)
+      list.set_s3(s3)
+
+      rules = list.get_encryption_rules(bucket)
+      !!rules
+    end
+    memoize :encrypted?
+  end
+end

data/lib/s3_secure/table.rb

@@ -0,0 +1,18 @@
+require "text-table"
+
+module S3Secure
+  class Table
+    attr_reader :data
+    def initialize(options, data)
+      @options = options
+      @data = data
+    end
+
+    def display
+      table = Text::Table.new
+      table.head = data.shift
+      table.rows = data
+      puts table
+    end
+  end
+end

data/lib/s3_secure/version.rb

@@ -1,3 +1,3 @@
 module S3Secure
-  VERSION = "0.3.0"
+  VERSION = "0.4.0"
 end

data/s3-secure.gemspec

@@ -22,6 +22,7 @@ Gem::Specification.new do |spec|
   spec.add_dependency "aws-sdk-s3"
   spec.add_dependency "memoist"
   spec.add_dependency "rainbow"
+  spec.add_dependency "text-table"
   spec.add_dependency "thor"
   spec.add_dependency "zeitwerk"
 

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: s3-secure
 version: !ruby/object:Gem::Version
-  version: 0.3.0
+  version: 0.4.0
 platform: ruby
 authors:
 - Tung Nguyen
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2019-11-23 00:00:00.000000000 Z
+date: 2019-11-26 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
@@ -66,6 +66,20 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: text-table
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: thor
   requirement: !ruby/object:Gem::Requirement
@@ -201,7 +215,7 @@ files:
 - lib/s3_secure/help.rb
 - lib/s3_secure/help/completion.md
 - lib/s3_secure/help/completion_script.md
-- lib/s3_secure/help/hello.md
+- lib/s3_secure/help/summary.md
 - lib/s3_secure/policy.rb
 - lib/s3_secure/policy/base.rb
 - lib/s3_secure/policy/checker.rb
@@ -213,6 +227,10 @@ files:
 - lib/s3_secure/policy/list.rb
 - lib/s3_secure/policy/show.rb
 - lib/s3_secure/policy/unforce.rb
+- lib/s3_secure/summary.rb
+- lib/s3_secure/summary/item.rb
+- lib/s3_secure/summary/items.rb
+- lib/s3_secure/table.rb
 - lib/s3_secure/version.rb
 - s3-secure.gemspec
 - spec/lib/cli_spec.rb

data/lib/s3_secure/help/hello.md

@@ -1,5 +0,0 @@
-## Examples
-
-    s3-secure hello
-    s3-secure hello NAME
-    s3-secure hello NAME --from me