s3-secure 0.4.0 → 0.4.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (10) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +3 -0
  3. data/README.md +94 -0
  4. data/lib/s3_secure/help/encryption/disable.md +5 -0
  5. data/lib/s3_secure/help/encryption/enable.md +6 -0
  6. data/lib/s3_secure/help/policy/enforce_ssl.md +34 -0
  7. data/lib/s3_secure/help/policy/unforce_ssl.md +61 -0
  8. data/lib/s3_secure/policy/unforce.rb +1 -1
  9. data/lib/s3_secure/version.rb +1 -1
  10. metadata +5 -1
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 458984b9117afa2925e7b2f6d662d1d7d85f1db797443a8addde3e59162794d4
4
- data.tar.gz: 9127363474746342e5af37bfd32a68e5fce29f6738902026fa00141720989f26
3
+ metadata.gz: 5ac0f7a2ea49f20a6889427938cbbdfec5c68f33213bf461e9096dda03d18f2f
4
+ data.tar.gz: '094ff89059df6581f3bf43a62550faad4291838b9db527b2cbfeb7227d7919f8'
5
5
  SHA512:
6
- metadata.gz: a318aa5bbf6d9a960d65e2f32a6ea18053b07532c6a19e8ce4c36d3e92252e6383344238ec372e98d0c8da970a3af6015af67b169f244af81b80b431ca518450
7
- data.tar.gz: e098eea71ed734a3ad6664d293d476fcddad5a4c285542bf1dc634ef9833773c99b0a77637f5bcb9242e3e3d3ee9b3256b904c635e96c2806de936b230eba258
6
+ metadata.gz: efe6747a6ff8a9b413ac1598affa0c6ae7e1c5965953dfc4479e433d455e6676586cd73817f326bb8b29a711ae140514d7f64b1bd246b81f1785a70ca7d33dcf
7
+ data.tar.gz: f3114075b52fc612e9c0d7e79ccea0f04ffd72b11fae3bf125328bf46ed1bd915a27ebd28381767ee990966e00e0ceda66fd4eb55908c85caf6f81465f7d69e9
data/CHANGELOG.md CHANGED
@@ -3,6 +3,9 @@
3
3
  All notable changes to this project will be documented in this file.
4
4
  This project *tries* to adhere to [Semantic Versioning](http://semver.org/), even before v1.0.
5
5
 
6
+ ## [0.4.1]
7
+ - improve cli help
8
+
6
9
  ## [0.4.0]
7
10
  - #1 summary command
8
11
 
data/README.md CHANGED
@@ -25,6 +25,100 @@ Summary of policy commands:
25
25
  s3-secure policy enforce_ssl BUCKET
26
26
  s3-secure policy unforce_ssl BUCKET
27
27
 
28
+ ## Examples with Output
29
+
30
+ Example of `s3-secure encryption enable`:
31
+
32
+ $ s3-secure encryption enable a-test-bucket-in-us-west-1
33
+ Encyption enabled on bucket a-test-bucket-in-us-west-1 with rules:
34
+ {:apply_server_side_encryption_by_default=>{:sse_algorithm=>"AES256"}}
35
+ $
36
+
37
+ Example of `s3-secure policy enforce_ssl`:
38
+
39
+ $ s3-secure policy enforce_ssl a-test-bucket-in-us-west-1
40
+ Add bucket policy to bucket a-test-bucket-in-us-west-1:
41
+ {
42
+ "Version": "2012-10-17",
43
+ "Statement": [
44
+ {
45
+ "Sid": "ForceSSLOnlyAccess",
46
+ "Effect": "Deny",
47
+ "Principal": "*",
48
+ "Action": "s3:GetObject",
49
+ "Resource": "arn:aws:s3:::a-test-bucket-in-us-west-1/*",
50
+ "Condition": {
51
+ "Bool": {
52
+ "aws:SecureTransport": "false"
53
+ }
54
+ }
55
+ }
56
+ ]
57
+ }
58
+ $
59
+
60
+ When removing ssl enforcement from the bucket policy, if there are other policy statements, those are left in tact. Example:
61
+
62
+ $ s3-secure policy show a-test-bucket-in-us-east-1
63
+ Bucket a-test-bucket-in-us-east-1 is configured with this policy:
64
+ {
65
+ "Version": "2012-10-17",
66
+ "Statement": [
67
+ {
68
+ "Sid": "IPAllow",
69
+ "Effect": "Deny",
70
+ "Principal": "*",
71
+ "Action": "s3:*",
72
+ "Resource": "arn:aws:s3:::a-test-bucket-in-us-east-1/*",
73
+ "Condition": {
74
+ "NotIpAddress": {
75
+ "aws:SourceIp": "54.240.143.0/24"
76
+ }
77
+ }
78
+ },
79
+ {
80
+ "Sid": "ForceSSLOnlyAccess",
81
+ "Effect": "Deny",
82
+ "Principal": "*",
83
+ "Action": "s3:GetObject",
84
+ "Resource": "arn:aws:s3:::a-test-bucket-in-us-east-1/*",
85
+ "Condition": {
86
+ "Bool": {
87
+ "aws:SecureTransport": "false"
88
+ }
89
+ }
90
+ }
91
+ ]
92
+ }
93
+ $ s3-secure policy unforce_ssl a-test-bucket-in-us-east-1
94
+ Remove bucket policy statement from bucket a-test-bucket-in-us-east-1:
95
+ {
96
+ "Version": "2012-10-17",
97
+ "Statement": [
98
+ {
99
+ "Sid": "IPAllow",
100
+ "Effect": "Deny",
101
+ "Principal": "*",
102
+ "Action": "s3:*",
103
+ "Resource": "arn:aws:s3:::a-test-bucket-in-us-east-1/*",
104
+ "Condition": {
105
+ "NotIpAddress": {
106
+ "aws:SourceIp": "54.240.143.0/24"
107
+ }
108
+ }
109
+ }
110
+ ]
111
+ }
112
+ $
113
+
114
+ For more help:
115
+
116
+ s3-secure -h
117
+ s3-secure encryption -h
118
+ s3-secure encryption enable -h
119
+ s3-secure policy -h
120
+ s3-secure policy unforce_ssl -h
121
+
28
122
  ## Batch Commands
29
123
 
30
124
  There are some supported batch commands:
data/lib/s3_secure/help/encryption/disable.md ADDED
@@ -0,0 +1,5 @@
1
+ ## Example
2
+
3
+ $ s3-secure encryption disable a-test-bucket-in-us-east-1
4
+ Bucket a-test-bucket-in-us-east-1 encryption has been removed
5
+ $
data/lib/s3_secure/help/encryption/enable.md ADDED
@@ -0,0 +1,6 @@
1
+ ## Example
2
+
3
+ $ s3-secure encryption enable a-test-bucket-in-us-east-1
4
+ Encyption enabled on bucket a-test-bucket-in-us-east-1 with rules:
5
+ {:apply_server_side_encryption_by_default=>{:sse_algorithm=>"AES256"}}
6
+ $
data/lib/s3_secure/help/policy/enforce_ssl.md ADDED
@@ -0,0 +1,34 @@
1
+ ## Example
2
+
3
+ $ s3-secure policy enforce_ssl a-test-bucket-in-us-east-1
4
+ Add bucket policy to bucket a-test-bucket-in-us-east-1:
5
+ {
6
+ "Version": "2012-10-17",
7
+ "Statement": [
8
+ {
9
+ "Sid": "IPAllow",
10
+ "Effect": "Deny",
11
+ "Principal": "*",
12
+ "Action": "s3:*",
13
+ "Resource": "arn:aws:s3:::a-test-bucket-in-us-east-1/*",
14
+ "Condition": {
15
+ "NotIpAddress": {
16
+ "aws:SourceIp": "54.240.143.0/24"
17
+ }
18
+ }
19
+ },
20
+ {
21
+ "Sid": "ForceSSLOnlyAccess",
22
+ "Effect": "Deny",
23
+ "Principal": "*",
24
+ "Action": "s3:GetObject",
25
+ "Resource": "arn:aws:s3:::a-test-bucket-in-us-east-1/*",
26
+ "Condition": {
27
+ "Bool": {
28
+ "aws:SecureTransport": "false"
29
+ }
30
+ }
31
+ }
32
+ ]
33
+ }
34
+ $
data/lib/s3_secure/help/policy/unforce_ssl.md ADDED
@@ -0,0 +1,61 @@
1
+ ## Example
2
+
3
+ If the policy only has the ForceSSLOnlyAccess statement, then the entire bucket policy is removed:
4
+
5
+ $ s3-secure policy unforce_ssl a-test-bucket-in-us-west-1
6
+ Remove bucket policy to bucket a-test-bucket-in-us-west-1:
7
+ $
8
+
9
+ If the policy has other statements, then only the ForceSSLOnlyAccess is removed any other policies are kept in tact.
10
+
11
+ $ s3-secure policy show a-test-bucket-in-us-east-1
12
+ Bucket a-test-bucket-in-us-east-1 is configured with this policy:
13
+ {
14
+ "Version": "2012-10-17",
15
+ "Statement": [
16
+ {
17
+ "Sid": "IPAllow",
18
+ "Effect": "Deny",
19
+ "Principal": "*",
20
+ "Action": "s3:*",
21
+ "Resource": "arn:aws:s3:::a-test-bucket-in-us-east-1/*",
22
+ "Condition": {
23
+ "NotIpAddress": {
24
+ "aws:SourceIp": "54.240.143.0/24"
25
+ }
26
+ }
27
+ },
28
+ {
29
+ "Sid": "ForceSSLOnlyAccess",
30
+ "Effect": "Deny",
31
+ "Principal": "*",
32
+ "Action": "s3:GetObject",
33
+ "Resource": "arn:aws:s3:::a-test-bucket-in-us-east-1/*",
34
+ "Condition": {
35
+ "Bool": {
36
+ "aws:SecureTransport": "false"
37
+ }
38
+ }
39
+ }
40
+ ]
41
+ }
42
+ $ s3-secure policy unforce_ssl a-test-bucket-in-us-east-1
43
+ Remove bucket policy statement from bucket a-test-bucket-in-us-east-1:
44
+ {
45
+ "Version": "2012-10-17",
46
+ "Statement": [
47
+ {
48
+ "Sid": "IPAllow",
49
+ "Effect": "Deny",
50
+ "Principal": "*",
51
+ "Action": "s3:*",
52
+ "Resource": "arn:aws:s3:::a-test-bucket-in-us-east-1/*",
53
+ "Condition": {
54
+ "NotIpAddress": {
55
+ "aws:SourceIp": "54.240.143.0/24"
56
+ }
57
+ }
58
+ }
59
+ ]
60
+ }
61
+ $
data/lib/s3_secure/policy/unforce.rb CHANGED
@@ -31,7 +31,7 @@ class S3Secure::Policy
31
31
  @s3.delete_bucket_policy(bucket: @bucket)
32
32
  end
33
33
 
34
- puts "Remove bucket policy to bucket #{@bucket}:"
34
+ puts "Remove bucket policy statement from bucket #{@bucket}:"
35
35
  puts policy_document if policy_document
36
36
  else
37
37
  puts "Bucket policy for #{@bucket} does not have ForceSSLOnlyAccess policy statement. Nothing to be done."
data/lib/s3_secure/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module S3Secure
2
- VERSION = "0.4.0"
2
+ VERSION = "0.4.1"
3
3
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: s3-secure
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.4.0
4
+ version: 0.4.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Tung Nguyen
@@ -215,6 +215,10 @@ files:
215
215
  - lib/s3_secure/help.rb
216
216
  - lib/s3_secure/help/completion.md
217
217
  - lib/s3_secure/help/completion_script.md
218
+ - lib/s3_secure/help/encryption/disable.md
219
+ - lib/s3_secure/help/encryption/enable.md
220
+ - lib/s3_secure/help/policy/enforce_ssl.md
221
+ - lib/s3_secure/help/policy/unforce_ssl.md
218
222
  - lib/s3_secure/help/summary.md
219
223
  - lib/s3_secure/policy.rb
220
224
  - lib/s3_secure/policy/base.rb