s3-secure 0.4.1 → 0.6.0

data/spec/lib/lifecycle/builder_spec.rb

@@ -0,0 +1,85 @@
+describe S3Secure::Lifecycle::Builder do
+  subject { S3Secure::Lifecycle::Builder.new(rules) }
+
+  describe "already has s3-secure-automated-cleanup rule" do
+    let(:rules) {
+      [{:expiration=>{:expired_object_delete_marker=>true},
+        :id=>"s3-secure-automated-cleanup",
+        :status=>"Enabled",
+        :noncurrent_version_expiration=>{:noncurrent_days=>365},
+        :abort_incomplete_multipart_upload=>{:days_after_initiation=>30}}]
+    }
+
+    it "has?" do
+      result = subject.has?("s3-secure-automated-cleanup")
+      expect(result).to be true
+    end
+
+    it "rules_with_addition" do
+      rules = subject.rules_with_addition
+      expect(rules.size).to eq 1 # no dups
+      result = has_lifecycle?(rules)
+      expect(result).to be true
+    end
+
+    it "rules_with_removal" do
+      rules = subject.rules_with_removal
+      result = has_lifecycle?(rules)
+      expect(result).to be false
+    end
+  end
+
+  describe "doesnt have s3-secure-automated-cleanup rule" do
+    let(:rules) {
+      [{:rules=>
+        [{:expiration=>{:expired_object_delete_marker=>true},
+          :id=>"someother-policy",
+          :status=>"Enabled",
+          :noncurrent_version_expiration=>{:noncurrent_days=>365},
+          :abort_incomplete_multipart_upload=>{:days_after_initiation=>30}}]}]
+    }
+
+    it "has?" do
+      result = subject.has?("s3-secure-automated-cleanup")
+      expect(result).to be false
+    end
+
+    it "rules_with_addition" do
+      rules = subject.rules_with_addition
+      expect(rules.size).to eq 2 # no dups
+      result = has_lifecycle?(rules)
+      expect(result).to be true
+    end
+
+    it "rules_with_removal" do
+      rules = subject.rules_with_removal
+      result = has_lifecycle?(rules)
+      expect(result).to be false
+    end
+  end
+
+  describe "empty policy" do
+    let(:rules) { nil }
+
+    it "has?" do
+      result = subject.has?("s3-secure-automated-cleanup")
+      expect(result).to be false
+    end
+
+    it "rules_with_addition" do
+      rules = subject.rules_with_addition
+      result = has_lifecycle?(rules)
+      expect(result).to be true
+    end
+
+    it "rules_with_removal" do
+      rules = subject.rules_with_removal
+      result = has_lifecycle?(rules)
+      expect(result).to be false
+    end
+  end
+
+  def has_lifecycle?(rules)
+    !!rules.detect { |rule| rule[:id] == S3Secure::Lifecycle::Builder::RULE_ID }
+  end
+end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: s3-secure
 version: !ruby/object:Gem::Version
-  version: 0.4.1
+  version: 0.6.0
 platform: ruby
 authors:
 - Tung Nguyen
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2019-11-26 00:00:00.000000000 Z
+date: 2021-12-30 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
@@ -38,6 +38,20 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: cli-format
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: memoist
   requirement: !ruby/object:Gem::Requirement
@@ -66,6 +80,20 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: rexml
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: text-table
   requirement: !ruby/object:Gem::Requirement
@@ -197,30 +225,56 @@ files:
 - exe/s3-secure
 - lib/s3-secure.rb
 - lib/s3_secure.rb
-- lib/s3_secure/abstract_base.rb
+- lib/s3_secure/access_logs/base.rb
+- lib/s3_secure/access_logs/disable.rb
+- lib/s3_secure/access_logs/enable.rb
+- lib/s3_secure/access_logs/list.rb
+- lib/s3_secure/access_logs/show.rb
 - lib/s3_secure/autoloader.rb
 - lib/s3_secure/aws_services.rb
-- lib/s3_secure/batch.rb
+- lib/s3_secure/aws_services/s3.rb
 - lib/s3_secure/cli.rb
+- lib/s3_secure/cli/access_logs.rb
+- lib/s3_secure/cli/base.rb
+- lib/s3_secure/cli/batch.rb
+- lib/s3_secure/cli/encryption.rb
+- lib/s3_secure/cli/help.rb
+- lib/s3_secure/cli/lifecycle.rb
+- lib/s3_secure/cli/policy.rb
+- lib/s3_secure/cli/public_access.rb
+- lib/s3_secure/cli/remediate_all.rb
+- lib/s3_secure/cli/say.rb
+- lib/s3_secure/cli/summary.rb
+- lib/s3_secure/cli/versioning.rb
 - lib/s3_secure/command.rb
 - lib/s3_secure/completer.rb
 - lib/s3_secure/completer/script.rb
 - lib/s3_secure/completer/script.sh
-- lib/s3_secure/encryption.rb
 - lib/s3_secure/encryption/base.rb
 - lib/s3_secure/encryption/disable.rb
 - lib/s3_secure/encryption/enable.rb
 - lib/s3_secure/encryption/list.rb
 - lib/s3_secure/encryption/show.rb
-- lib/s3_secure/help.rb
+- lib/s3_secure/help/batch.md
 - lib/s3_secure/help/completion.md
 - lib/s3_secure/help/completion_script.md
 - lib/s3_secure/help/encryption/disable.md
 - lib/s3_secure/help/encryption/enable.md
+- lib/s3_secure/help/encryption/list.md
+- lib/s3_secure/help/lifecycle/add.md
+- lib/s3_secure/help/lifecycle/list.md
+- lib/s3_secure/help/lifecycle/remove.md
+- lib/s3_secure/help/lifecycle/show.md
 - lib/s3_secure/help/policy/enforce_ssl.md
+- lib/s3_secure/help/policy/list.md
 - lib/s3_secure/help/policy/unforce_ssl.md
 - lib/s3_secure/help/summary.md
-- lib/s3_secure/policy.rb
+- lib/s3_secure/lifecycle/add.rb
+- lib/s3_secure/lifecycle/base.rb
+- lib/s3_secure/lifecycle/builder.rb
+- lib/s3_secure/lifecycle/list.rb
+- lib/s3_secure/lifecycle/remove.rb
+- lib/s3_secure/lifecycle/show.rb
 - lib/s3_secure/policy/base.rb
 - lib/s3_secure/policy/checker.rb
 - lib/s3_secure/policy/document.rb
@@ -231,20 +285,30 @@ files:
 - lib/s3_secure/policy/list.rb
 - lib/s3_secure/policy/show.rb
 - lib/s3_secure/policy/unforce.rb
-- lib/s3_secure/summary.rb
+- lib/s3_secure/public_access/base.rb
+- lib/s3_secure/public_access/block.rb
+- lib/s3_secure/public_access/list.rb
+- lib/s3_secure/public_access/show.rb
+- lib/s3_secure/public_access/unblock.rb
 - lib/s3_secure/summary/item.rb
 - lib/s3_secure/summary/items.rb
 - lib/s3_secure/table.rb
 - lib/s3_secure/version.rb
+- lib/s3_secure/versioning/base.rb
+- lib/s3_secure/versioning/disable.rb
+- lib/s3_secure/versioning/enable.rb
+- lib/s3_secure/versioning/list.rb
+- lib/s3_secure/versioning/show.rb
 - s3-secure.gemspec
 - spec/lib/cli_spec.rb
+- spec/lib/lifecycle/builder_spec.rb
 - spec/lib/policy/checker_spec.rb
 - spec/lib/policy/document/force_ssl_remove_spec.rb
 - spec/lib/policy/document_spec.rb
 - spec/spec_helper.rb
-homepage: https://github.com/tongueroo/s3-secure
+homepage: https://github.com/boltops-tools/s3-secure
 licenses:
-- MIT
+- Apache2.0
 metadata: {}
 post_install_message: 
 rdoc_options: []
@@ -261,12 +325,13 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.0.6
+rubygems_version: 3.2.32
 signing_key: 
 specification_version: 4
 summary: S3 Bucket security hardening tool
 test_files:
 - spec/lib/cli_spec.rb
+- spec/lib/lifecycle/builder_spec.rb
 - spec/lib/policy/checker_spec.rb
 - spec/lib/policy/document/force_ssl_remove_spec.rb
 - spec/lib/policy/document_spec.rb

data/lib/s3_secure/help.rb

@@ -1,9 +0,0 @@
-module S3Secure::Help
-  class << self
-    def text(namespaced_command)
-      path = namespaced_command.to_s.gsub(':','/')
-      path = File.expand_path("../help/#{path}.md", __FILE__)
-      IO.read(path) if File.exist?(path)
-    end
-  end
-end

data/lib/s3_secure/policy.rb

@@ -1,27 +0,0 @@
-module S3Secure
-  class Policy < Command
-    desc "list", "List bucket policies"
-    long_desc Help.text("policy/list")
-    def list
-      List.new(options).run
-    end
-
-    desc "show BUCKET", "show bucket policy"
-    long_desc Help.text("policy/show")
-    def show(bucket)
-      Show.new(options.merge(bucket: bucket)).run
-    end
-
-    desc "enforce_ssl BUCKET", "Add enforce ssl bucket policy"
-    long_desc Help.text("policy/enforce_ssl")
-    def enforce_ssl(bucket)
-      Enforce.new(options.merge(bucket: bucket, sid: "ForceSSLOnlyAccess")).run
-    end
-
-    desc "unforce_ssl BUCKET", "Remove enforce ssl bucket policy"
-    long_desc Help.text("policy/unforce_ssl")
-    def unforce_ssl(bucket)
-      Unforce.new(options.merge(bucket: bucket, sid: "ForceSSLOnlyAccess")).run
-    end
-  end
-end