s3-secure 0.4.1 → 0.6.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +15 -0
- data/LICENSE.txt +201 -22
- data/README.md +39 -14
- data/lib/s3_secure/access_logs/base.rb +4 -0
- data/lib/s3_secure/access_logs/disable.rb +37 -0
- data/lib/s3_secure/access_logs/enable.rb +41 -0
- data/lib/s3_secure/access_logs/list.rb +25 -0
- data/lib/s3_secure/access_logs/show.rb +89 -0
- data/lib/s3_secure/aws_services/s3.rb +61 -0
- data/lib/s3_secure/aws_services.rb +4 -27
- data/lib/s3_secure/cli/access_logs.rb +32 -0
- data/lib/s3_secure/{abstract_base.rb → cli/base.rb} +4 -3
- data/lib/s3_secure/{batch.rb → cli/batch.rb} +1 -1
- data/lib/s3_secure/{encryption.rb → cli/encryption.rb} +10 -6
- data/lib/s3_secure/cli/help.rb +11 -0
- data/lib/s3_secure/cli/lifecycle.rb +33 -0
- data/lib/s3_secure/cli/policy.rb +31 -0
- data/lib/s3_secure/cli/public_access.rb +32 -0
- data/lib/s3_secure/cli/remediate_all.rb +12 -0
- data/lib/s3_secure/cli/say.rb +7 -0
- data/lib/s3_secure/{summary.rb → cli/summary.rb} +4 -4
- data/lib/s3_secure/cli/versioning.rb +31 -0
- data/lib/s3_secure/cli.rb +25 -3
- data/lib/s3_secure/command.rb +7 -0
- data/lib/s3_secure/encryption/base.rb +2 -2
- data/lib/s3_secure/encryption/disable.rb +6 -10
- data/lib/s3_secure/encryption/enable.rb +6 -12
- data/lib/s3_secure/encryption/list.rb +13 -17
- data/lib/s3_secure/encryption/show.rb +16 -10
- data/lib/s3_secure/help/batch.md +14 -0
- data/lib/s3_secure/help/encryption/list.md +5 -0
- data/lib/s3_secure/help/lifecycle/add.md +13 -0
- data/lib/s3_secure/help/lifecycle/list.md +22 -0
- data/lib/s3_secure/help/lifecycle/remove.md +5 -0
- data/lib/s3_secure/help/lifecycle/show.md +13 -0
- data/lib/s3_secure/help/policy/list.md +5 -0
- data/lib/s3_secure/lifecycle/add.rb +33 -0
- data/lib/s3_secure/lifecycle/base.rb +5 -0
- data/lib/s3_secure/lifecycle/builder.rb +47 -0
- data/lib/s3_secure/lifecycle/list.rb +24 -0
- data/lib/s3_secure/lifecycle/remove.rb +28 -0
- data/lib/s3_secure/lifecycle/show.rb +40 -0
- data/lib/s3_secure/policy/base.rb +2 -2
- data/lib/s3_secure/policy/checker.rb +1 -1
- data/lib/s3_secure/policy/document/base.rb +1 -1
- data/lib/s3_secure/policy/document/force_ssl_only_access.rb +1 -1
- data/lib/s3_secure/policy/document/force_ssl_only_access_remove.rb +1 -1
- data/lib/s3_secure/policy/document.rb +1 -1
- data/lib/s3_secure/policy/enforce.rb +7 -11
- data/lib/s3_secure/policy/list.rb +14 -18
- data/lib/s3_secure/policy/show.rb +12 -11
- data/lib/s3_secure/policy/unforce.rb +8 -11
- data/lib/s3_secure/public_access/base.rb +10 -0
- data/lib/s3_secure/public_access/block.rb +18 -0
- data/lib/s3_secure/public_access/list.rb +24 -0
- data/lib/s3_secure/public_access/show.rb +27 -0
- data/lib/s3_secure/public_access/unblock.rb +12 -0
- data/lib/s3_secure/summary/item.rb +1 -1
- data/lib/s3_secure/summary/items.rb +6 -9
- data/lib/s3_secure/version.rb +1 -1
- data/lib/s3_secure/versioning/base.rb +4 -0
- data/lib/s3_secure/versioning/disable.rb +19 -0
- data/lib/s3_secure/versioning/enable.rb +19 -0
- data/lib/s3_secure/versioning/list.rb +24 -0
- data/lib/s3_secure/versioning/show.rb +27 -0
- data/lib/s3_secure.rb +4 -2
- data/s3-secure.gemspec +6 -3
- data/spec/lib/lifecycle/builder_spec.rb +85 -0
- metadata +76 -11
- data/lib/s3_secure/help.rb +0 -9
- data/lib/s3_secure/policy.rb +0 -27
@@ -0,0 +1,85 @@
|
|
1
|
+
describe S3Secure::Lifecycle::Builder do
|
2
|
+
subject { S3Secure::Lifecycle::Builder.new(rules) }
|
3
|
+
|
4
|
+
describe "already has s3-secure-automated-cleanup rule" do
|
5
|
+
let(:rules) {
|
6
|
+
[{:expiration=>{:expired_object_delete_marker=>true},
|
7
|
+
:id=>"s3-secure-automated-cleanup",
|
8
|
+
:status=>"Enabled",
|
9
|
+
:noncurrent_version_expiration=>{:noncurrent_days=>365},
|
10
|
+
:abort_incomplete_multipart_upload=>{:days_after_initiation=>30}}]
|
11
|
+
}
|
12
|
+
|
13
|
+
it "has?" do
|
14
|
+
result = subject.has?("s3-secure-automated-cleanup")
|
15
|
+
expect(result).to be true
|
16
|
+
end
|
17
|
+
|
18
|
+
it "rules_with_addition" do
|
19
|
+
rules = subject.rules_with_addition
|
20
|
+
expect(rules.size).to eq 1 # no dups
|
21
|
+
result = has_lifecycle?(rules)
|
22
|
+
expect(result).to be true
|
23
|
+
end
|
24
|
+
|
25
|
+
it "rules_with_removal" do
|
26
|
+
rules = subject.rules_with_removal
|
27
|
+
result = has_lifecycle?(rules)
|
28
|
+
expect(result).to be false
|
29
|
+
end
|
30
|
+
end
|
31
|
+
|
32
|
+
describe "doesnt have s3-secure-automated-cleanup rule" do
|
33
|
+
let(:rules) {
|
34
|
+
[{:rules=>
|
35
|
+
[{:expiration=>{:expired_object_delete_marker=>true},
|
36
|
+
:id=>"someother-policy",
|
37
|
+
:status=>"Enabled",
|
38
|
+
:noncurrent_version_expiration=>{:noncurrent_days=>365},
|
39
|
+
:abort_incomplete_multipart_upload=>{:days_after_initiation=>30}}]}]
|
40
|
+
}
|
41
|
+
|
42
|
+
it "has?" do
|
43
|
+
result = subject.has?("s3-secure-automated-cleanup")
|
44
|
+
expect(result).to be false
|
45
|
+
end
|
46
|
+
|
47
|
+
it "rules_with_addition" do
|
48
|
+
rules = subject.rules_with_addition
|
49
|
+
expect(rules.size).to eq 2 # no dups
|
50
|
+
result = has_lifecycle?(rules)
|
51
|
+
expect(result).to be true
|
52
|
+
end
|
53
|
+
|
54
|
+
it "rules_with_removal" do
|
55
|
+
rules = subject.rules_with_removal
|
56
|
+
result = has_lifecycle?(rules)
|
57
|
+
expect(result).to be false
|
58
|
+
end
|
59
|
+
end
|
60
|
+
|
61
|
+
describe "empty policy" do
|
62
|
+
let(:rules) { nil }
|
63
|
+
|
64
|
+
it "has?" do
|
65
|
+
result = subject.has?("s3-secure-automated-cleanup")
|
66
|
+
expect(result).to be false
|
67
|
+
end
|
68
|
+
|
69
|
+
it "rules_with_addition" do
|
70
|
+
rules = subject.rules_with_addition
|
71
|
+
result = has_lifecycle?(rules)
|
72
|
+
expect(result).to be true
|
73
|
+
end
|
74
|
+
|
75
|
+
it "rules_with_removal" do
|
76
|
+
rules = subject.rules_with_removal
|
77
|
+
result = has_lifecycle?(rules)
|
78
|
+
expect(result).to be false
|
79
|
+
end
|
80
|
+
end
|
81
|
+
|
82
|
+
def has_lifecycle?(rules)
|
83
|
+
!!rules.detect { |rule| rule[:id] == S3Secure::Lifecycle::Builder::RULE_ID }
|
84
|
+
end
|
85
|
+
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: s3-secure
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.6.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Tung Nguyen
|
8
8
|
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2021-12-30 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: activesupport
|
@@ -38,6 +38,20 @@ dependencies:
|
|
38
38
|
- - ">="
|
39
39
|
- !ruby/object:Gem::Version
|
40
40
|
version: '0'
|
41
|
+
- !ruby/object:Gem::Dependency
|
42
|
+
name: cli-format
|
43
|
+
requirement: !ruby/object:Gem::Requirement
|
44
|
+
requirements:
|
45
|
+
- - ">="
|
46
|
+
- !ruby/object:Gem::Version
|
47
|
+
version: '0'
|
48
|
+
type: :runtime
|
49
|
+
prerelease: false
|
50
|
+
version_requirements: !ruby/object:Gem::Requirement
|
51
|
+
requirements:
|
52
|
+
- - ">="
|
53
|
+
- !ruby/object:Gem::Version
|
54
|
+
version: '0'
|
41
55
|
- !ruby/object:Gem::Dependency
|
42
56
|
name: memoist
|
43
57
|
requirement: !ruby/object:Gem::Requirement
|
@@ -66,6 +80,20 @@ dependencies:
|
|
66
80
|
- - ">="
|
67
81
|
- !ruby/object:Gem::Version
|
68
82
|
version: '0'
|
83
|
+
- !ruby/object:Gem::Dependency
|
84
|
+
name: rexml
|
85
|
+
requirement: !ruby/object:Gem::Requirement
|
86
|
+
requirements:
|
87
|
+
- - ">="
|
88
|
+
- !ruby/object:Gem::Version
|
89
|
+
version: '0'
|
90
|
+
type: :runtime
|
91
|
+
prerelease: false
|
92
|
+
version_requirements: !ruby/object:Gem::Requirement
|
93
|
+
requirements:
|
94
|
+
- - ">="
|
95
|
+
- !ruby/object:Gem::Version
|
96
|
+
version: '0'
|
69
97
|
- !ruby/object:Gem::Dependency
|
70
98
|
name: text-table
|
71
99
|
requirement: !ruby/object:Gem::Requirement
|
@@ -197,30 +225,56 @@ files:
|
|
197
225
|
- exe/s3-secure
|
198
226
|
- lib/s3-secure.rb
|
199
227
|
- lib/s3_secure.rb
|
200
|
-
- lib/s3_secure/
|
228
|
+
- lib/s3_secure/access_logs/base.rb
|
229
|
+
- lib/s3_secure/access_logs/disable.rb
|
230
|
+
- lib/s3_secure/access_logs/enable.rb
|
231
|
+
- lib/s3_secure/access_logs/list.rb
|
232
|
+
- lib/s3_secure/access_logs/show.rb
|
201
233
|
- lib/s3_secure/autoloader.rb
|
202
234
|
- lib/s3_secure/aws_services.rb
|
203
|
-
- lib/s3_secure/
|
235
|
+
- lib/s3_secure/aws_services/s3.rb
|
204
236
|
- lib/s3_secure/cli.rb
|
237
|
+
- lib/s3_secure/cli/access_logs.rb
|
238
|
+
- lib/s3_secure/cli/base.rb
|
239
|
+
- lib/s3_secure/cli/batch.rb
|
240
|
+
- lib/s3_secure/cli/encryption.rb
|
241
|
+
- lib/s3_secure/cli/help.rb
|
242
|
+
- lib/s3_secure/cli/lifecycle.rb
|
243
|
+
- lib/s3_secure/cli/policy.rb
|
244
|
+
- lib/s3_secure/cli/public_access.rb
|
245
|
+
- lib/s3_secure/cli/remediate_all.rb
|
246
|
+
- lib/s3_secure/cli/say.rb
|
247
|
+
- lib/s3_secure/cli/summary.rb
|
248
|
+
- lib/s3_secure/cli/versioning.rb
|
205
249
|
- lib/s3_secure/command.rb
|
206
250
|
- lib/s3_secure/completer.rb
|
207
251
|
- lib/s3_secure/completer/script.rb
|
208
252
|
- lib/s3_secure/completer/script.sh
|
209
|
-
- lib/s3_secure/encryption.rb
|
210
253
|
- lib/s3_secure/encryption/base.rb
|
211
254
|
- lib/s3_secure/encryption/disable.rb
|
212
255
|
- lib/s3_secure/encryption/enable.rb
|
213
256
|
- lib/s3_secure/encryption/list.rb
|
214
257
|
- lib/s3_secure/encryption/show.rb
|
215
|
-
- lib/s3_secure/help.
|
258
|
+
- lib/s3_secure/help/batch.md
|
216
259
|
- lib/s3_secure/help/completion.md
|
217
260
|
- lib/s3_secure/help/completion_script.md
|
218
261
|
- lib/s3_secure/help/encryption/disable.md
|
219
262
|
- lib/s3_secure/help/encryption/enable.md
|
263
|
+
- lib/s3_secure/help/encryption/list.md
|
264
|
+
- lib/s3_secure/help/lifecycle/add.md
|
265
|
+
- lib/s3_secure/help/lifecycle/list.md
|
266
|
+
- lib/s3_secure/help/lifecycle/remove.md
|
267
|
+
- lib/s3_secure/help/lifecycle/show.md
|
220
268
|
- lib/s3_secure/help/policy/enforce_ssl.md
|
269
|
+
- lib/s3_secure/help/policy/list.md
|
221
270
|
- lib/s3_secure/help/policy/unforce_ssl.md
|
222
271
|
- lib/s3_secure/help/summary.md
|
223
|
-
- lib/s3_secure/
|
272
|
+
- lib/s3_secure/lifecycle/add.rb
|
273
|
+
- lib/s3_secure/lifecycle/base.rb
|
274
|
+
- lib/s3_secure/lifecycle/builder.rb
|
275
|
+
- lib/s3_secure/lifecycle/list.rb
|
276
|
+
- lib/s3_secure/lifecycle/remove.rb
|
277
|
+
- lib/s3_secure/lifecycle/show.rb
|
224
278
|
- lib/s3_secure/policy/base.rb
|
225
279
|
- lib/s3_secure/policy/checker.rb
|
226
280
|
- lib/s3_secure/policy/document.rb
|
@@ -231,20 +285,30 @@ files:
|
|
231
285
|
- lib/s3_secure/policy/list.rb
|
232
286
|
- lib/s3_secure/policy/show.rb
|
233
287
|
- lib/s3_secure/policy/unforce.rb
|
234
|
-
- lib/s3_secure/
|
288
|
+
- lib/s3_secure/public_access/base.rb
|
289
|
+
- lib/s3_secure/public_access/block.rb
|
290
|
+
- lib/s3_secure/public_access/list.rb
|
291
|
+
- lib/s3_secure/public_access/show.rb
|
292
|
+
- lib/s3_secure/public_access/unblock.rb
|
235
293
|
- lib/s3_secure/summary/item.rb
|
236
294
|
- lib/s3_secure/summary/items.rb
|
237
295
|
- lib/s3_secure/table.rb
|
238
296
|
- lib/s3_secure/version.rb
|
297
|
+
- lib/s3_secure/versioning/base.rb
|
298
|
+
- lib/s3_secure/versioning/disable.rb
|
299
|
+
- lib/s3_secure/versioning/enable.rb
|
300
|
+
- lib/s3_secure/versioning/list.rb
|
301
|
+
- lib/s3_secure/versioning/show.rb
|
239
302
|
- s3-secure.gemspec
|
240
303
|
- spec/lib/cli_spec.rb
|
304
|
+
- spec/lib/lifecycle/builder_spec.rb
|
241
305
|
- spec/lib/policy/checker_spec.rb
|
242
306
|
- spec/lib/policy/document/force_ssl_remove_spec.rb
|
243
307
|
- spec/lib/policy/document_spec.rb
|
244
308
|
- spec/spec_helper.rb
|
245
|
-
homepage: https://github.com/
|
309
|
+
homepage: https://github.com/boltops-tools/s3-secure
|
246
310
|
licenses:
|
247
|
-
-
|
311
|
+
- Apache2.0
|
248
312
|
metadata: {}
|
249
313
|
post_install_message:
|
250
314
|
rdoc_options: []
|
@@ -261,12 +325,13 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
261
325
|
- !ruby/object:Gem::Version
|
262
326
|
version: '0'
|
263
327
|
requirements: []
|
264
|
-
rubygems_version: 3.
|
328
|
+
rubygems_version: 3.2.32
|
265
329
|
signing_key:
|
266
330
|
specification_version: 4
|
267
331
|
summary: S3 Bucket security hardening tool
|
268
332
|
test_files:
|
269
333
|
- spec/lib/cli_spec.rb
|
334
|
+
- spec/lib/lifecycle/builder_spec.rb
|
270
335
|
- spec/lib/policy/checker_spec.rb
|
271
336
|
- spec/lib/policy/document/force_ssl_remove_spec.rb
|
272
337
|
- spec/lib/policy/document_spec.rb
|
data/lib/s3_secure/help.rb
DELETED
data/lib/s3_secure/policy.rb
DELETED
@@ -1,27 +0,0 @@
|
|
1
|
-
module S3Secure
|
2
|
-
class Policy < Command
|
3
|
-
desc "list", "List bucket policies"
|
4
|
-
long_desc Help.text("policy/list")
|
5
|
-
def list
|
6
|
-
List.new(options).run
|
7
|
-
end
|
8
|
-
|
9
|
-
desc "show BUCKET", "show bucket policy"
|
10
|
-
long_desc Help.text("policy/show")
|
11
|
-
def show(bucket)
|
12
|
-
Show.new(options.merge(bucket: bucket)).run
|
13
|
-
end
|
14
|
-
|
15
|
-
desc "enforce_ssl BUCKET", "Add enforce ssl bucket policy"
|
16
|
-
long_desc Help.text("policy/enforce_ssl")
|
17
|
-
def enforce_ssl(bucket)
|
18
|
-
Enforce.new(options.merge(bucket: bucket, sid: "ForceSSLOnlyAccess")).run
|
19
|
-
end
|
20
|
-
|
21
|
-
desc "unforce_ssl BUCKET", "Remove enforce ssl bucket policy"
|
22
|
-
long_desc Help.text("policy/unforce_ssl")
|
23
|
-
def unforce_ssl(bucket)
|
24
|
-
Unforce.new(options.merge(bucket: bucket, sid: "ForceSSLOnlyAccess")).run
|
25
|
-
end
|
26
|
-
end
|
27
|
-
end
|