s3-secure 0.4.2 → 0.5.0

data/lib/s3_secure/versioning/disable.rb

@@ -0,0 +1,19 @@
+class S3Secure::Versioning
+  class Disable < Base
+    def run
+      show = Show.new(@options)
+      if show.enabled?
+        s3.put_bucket_versioning(
+          bucket: @bucket,
+          versioning_configuration: {
+            # mfa_delete: "Disabled",
+            status: "Suspended",
+          },
+        )
+        puts "Versioning Suspended on bucket #{@bucket}"
+      else
+        puts "Bucket #{@bucket} is already has versioning already Suspended or not Enabled."
+      end
+    end
+  end
+end

data/lib/s3_secure/versioning/enable.rb

@@ -0,0 +1,19 @@
+class S3Secure::Versioning
+  class Enable < Base
+    def run
+      show = Show.new(@options)
+      if show.enabled?
+        puts "Bucket #{@bucket} is has versioning already enabled."
+      else
+        s3.put_bucket_versioning(
+          bucket: @bucket,
+          versioning_configuration: {
+            # mfa_delete: "Disabled",
+            status: "Enabled",
+          },
+        )
+        puts "Versioning enabled on bucket #{@bucket}"
+      end
+    end
+  end
+end

data/lib/s3_secure/versioning/list.rb

@@ -0,0 +1,24 @@
+class S3Secure::Versioning
+  class List < Base
+    def run
+      presenter = CliFormat::Presenter.new(@options)
+      presenter.header = ["Bucket", "Has Versioning?"]
+
+      buckets.each do |bucket|
+        $stderr.puts "Getting versioning for bucket #{bucket.color(:green)}"
+
+        show = Show.new(bucket: bucket)
+        row = [bucket, show.enabled?]
+        if @options[:versioning].nil?
+          presenter.rows << row # always show policy
+        elsif @options[:versioning]
+          presenter.rows << row if show.enabled? # only show if bucket has some encryption rules
+        else
+          presenter.rows << row unless show.enabled? # only show if bucket doesnt have any encryption rules
+        end
+      end
+
+      presenter.show
+    end
+  end
+end

data/lib/s3_secure/versioning/show.rb

@@ -0,0 +1,27 @@
+class S3Secure::Versioning
+  class Show < Base
+    def run
+      if enabled?
+        puts "This S3 bucket has versioning enabled"
+      else
+        puts "This S3 bucket does not have versioning enabled"
+      end
+      details = get_versioning(@bucket).to_h
+      unless details.empty?
+        puts "Bucket versioning details: "
+        pp details
+      end
+    end
+
+    def enabled?
+      versioning = get_versioning(@bucket)
+      versioning.status == "Enabled" # Can be Enabled, Suspended, or nil
+    end
+
+    def get_versioning(bucket)
+      s3.get_bucket_versioning(bucket: bucket) # resp
+    rescue Aws::S3::Errors::ServerSideEncryptionConfigurationNotFoundError
+    end
+    memoize :get_versioning
+  end
+end

data/s3-secure.gemspec

@@ -10,9 +10,10 @@ Gem::Specification.new do |spec|
   spec.email         = ["tongueroo@gmail.com"]
   spec.summary       = "S3 Bucket security hardening tool"
   spec.homepage      = "https://github.com/tongueroo/s3-secure"
-  spec.license       = "MIT"
+  spec.license       = "Apache2.0"
 
-  spec.files         = `git ls-files`.split($/)
+  git_installed      = system("type git > /dev/null 2>&1")
+  spec.files         = git_installed ? `git ls-files`.split($/) : Dir.glob("**/*")
   spec.bindir        = "exe"
   spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
   spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
@@ -20,6 +21,7 @@ Gem::Specification.new do |spec|
 
   spec.add_dependency "activesupport"
   spec.add_dependency "aws-sdk-s3"
+  spec.add_dependency "cli-format"
   spec.add_dependency "memoist"
   spec.add_dependency "rainbow"
   spec.add_dependency "text-table"

data/spec/lib/lifecycle/builder_spec.rb

@@ -0,0 +1,85 @@
+describe S3Secure::Lifecycle::Builder do
+  subject { S3Secure::Lifecycle::Builder.new(rules) }
+
+  describe "already has s3-secure-automated-cleanup rule" do
+    let(:rules) {
+      [{:expiration=>{:expired_object_delete_marker=>true},
+        :id=>"s3-secure-automated-cleanup",
+        :status=>"Enabled",
+        :noncurrent_version_expiration=>{:noncurrent_days=>365},
+        :abort_incomplete_multipart_upload=>{:days_after_initiation=>30}}]
+    }
+
+    it "has?" do
+      result = subject.has?("s3-secure-automated-cleanup")
+      expect(result).to be true
+    end
+
+    it "rules_with_addition" do
+      rules = subject.rules_with_addition
+      expect(rules.size).to eq 1 # no dups
+      result = has_lifecycle?(rules)
+      expect(result).to be true
+    end
+
+    it "rules_with_removal" do
+      rules = subject.rules_with_removal
+      result = has_lifecycle?(rules)
+      expect(result).to be false
+    end
+  end
+
+  describe "doesnt have s3-secure-automated-cleanup rule" do
+    let(:rules) {
+      [{:rules=>
+        [{:expiration=>{:expired_object_delete_marker=>true},
+          :id=>"someother-policy",
+          :status=>"Enabled",
+          :noncurrent_version_expiration=>{:noncurrent_days=>365},
+          :abort_incomplete_multipart_upload=>{:days_after_initiation=>30}}]}]
+    }
+
+    it "has?" do
+      result = subject.has?("s3-secure-automated-cleanup")
+      expect(result).to be false
+    end
+
+    it "rules_with_addition" do
+      rules = subject.rules_with_addition
+      expect(rules.size).to eq 2 # no dups
+      result = has_lifecycle?(rules)
+      expect(result).to be true
+    end
+
+    it "rules_with_removal" do
+      rules = subject.rules_with_removal
+      result = has_lifecycle?(rules)
+      expect(result).to be false
+    end
+  end
+
+  describe "empty policy" do
+    let(:rules) { nil }
+
+    it "has?" do
+      result = subject.has?("s3-secure-automated-cleanup")
+      expect(result).to be false
+    end
+
+    it "rules_with_addition" do
+      rules = subject.rules_with_addition
+      result = has_lifecycle?(rules)
+      expect(result).to be true
+    end
+
+    it "rules_with_removal" do
+      rules = subject.rules_with_removal
+      result = has_lifecycle?(rules)
+      expect(result).to be false
+    end
+  end
+
+  def has_lifecycle?(rules)
+    !!rules.detect { |rule| rule[:id] == S3Secure::Lifecycle::Builder::RULE_ID }
+  end
+end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: s3-secure
 version: !ruby/object:Gem::Version
-  version: 0.4.2
+  version: 0.5.0
 platform: ruby
 authors:
 - Tung Nguyen
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2019-11-26 00:00:00.000000000 Z
+date: 2020-05-31 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
@@ -38,6 +38,20 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: cli-format
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: memoist
   requirement: !ruby/object:Gem::Requirement
@@ -198,8 +212,15 @@ files:
 - lib/s3-secure.rb
 - lib/s3_secure.rb
 - lib/s3_secure/abstract_base.rb
+- lib/s3_secure/access_logs.rb
+- lib/s3_secure/access_logs/base.rb
+- lib/s3_secure/access_logs/disable.rb
+- lib/s3_secure/access_logs/enable.rb
+- lib/s3_secure/access_logs/list.rb
+- lib/s3_secure/access_logs/show.rb
 - lib/s3_secure/autoloader.rb
 - lib/s3_secure/aws_services.rb
+- lib/s3_secure/aws_services/s3.rb
 - lib/s3_secure/batch.rb
 - lib/s3_secure/cli.rb
 - lib/s3_secure/command.rb
@@ -213,13 +234,27 @@ files:
 - lib/s3_secure/encryption/list.rb
 - lib/s3_secure/encryption/show.rb
 - lib/s3_secure/help.rb
+- lib/s3_secure/help/batch.md
 - lib/s3_secure/help/completion.md
 - lib/s3_secure/help/completion_script.md
 - lib/s3_secure/help/encryption/disable.md
 - lib/s3_secure/help/encryption/enable.md
+- lib/s3_secure/help/encryption/list.md
+- lib/s3_secure/help/lifecycle/add.md
+- lib/s3_secure/help/lifecycle/list.md
+- lib/s3_secure/help/lifecycle/remove.md
+- lib/s3_secure/help/lifecycle/show.md
 - lib/s3_secure/help/policy/enforce_ssl.md
+- lib/s3_secure/help/policy/list.md
 - lib/s3_secure/help/policy/unforce_ssl.md
 - lib/s3_secure/help/summary.md
+- lib/s3_secure/lifecycle.rb
+- lib/s3_secure/lifecycle/add.rb
+- lib/s3_secure/lifecycle/base.rb
+- lib/s3_secure/lifecycle/builder.rb
+- lib/s3_secure/lifecycle/list.rb
+- lib/s3_secure/lifecycle/remove.rb
+- lib/s3_secure/lifecycle/show.rb
 - lib/s3_secure/policy.rb
 - lib/s3_secure/policy/base.rb
 - lib/s3_secure/policy/checker.rb
@@ -231,20 +266,28 @@ files:
 - lib/s3_secure/policy/list.rb
 - lib/s3_secure/policy/show.rb
 - lib/s3_secure/policy/unforce.rb
+- lib/s3_secure/remediate_all.rb
 - lib/s3_secure/summary.rb
 - lib/s3_secure/summary/item.rb
 - lib/s3_secure/summary/items.rb
 - lib/s3_secure/table.rb
 - lib/s3_secure/version.rb
+- lib/s3_secure/versioning.rb
+- lib/s3_secure/versioning/base.rb
+- lib/s3_secure/versioning/disable.rb
+- lib/s3_secure/versioning/enable.rb
+- lib/s3_secure/versioning/list.rb
+- lib/s3_secure/versioning/show.rb
 - s3-secure.gemspec
 - spec/lib/cli_spec.rb
+- spec/lib/lifecycle/builder_spec.rb
 - spec/lib/policy/checker_spec.rb
 - spec/lib/policy/document/force_ssl_remove_spec.rb
 - spec/lib/policy/document_spec.rb
 - spec/spec_helper.rb
 homepage: https://github.com/tongueroo/s3-secure
 licenses:
-- MIT
+- Apache2.0
 metadata: {}
 post_install_message: 
 rdoc_options: []
@@ -261,12 +304,13 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.0.6
+rubygems_version: 3.1.2
 signing_key: 
 specification_version: 4
 summary: S3 Bucket security hardening tool
 test_files:
 - spec/lib/cli_spec.rb
+- spec/lib/lifecycle/builder_spec.rb
 - spec/lib/policy/checker_spec.rb
 - spec/lib/policy/document/force_ssl_remove_spec.rb
 - spec/lib/policy/document_spec.rb