s3-secure 0.5.0 → 0.5.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 6e1f48e9f8af3b66318cc9bbb69c7689e6973f10979e0adc5d2274fa0e3fc1a6
-  data.tar.gz: 72c7e5845cdf8438a785bc5310ed25ce82b7c73d29c2891430492d817dd9159f
+  metadata.gz: 2fe4cf360f3085cd6d3a6432163e48446163b3fb4c873594198009a9eca48352
+  data.tar.gz: 74458fbc45b76b221c51dd75120f75c0122cd32aee9efc1a2516fcba8eaeaebb
 SHA512:
-  metadata.gz: 5cf2fe5bf3f6e8d889eb9fe3bf912782e819e65d423bf2ef12b63bb480b6ac6d6849d061c87cc46988e1fb3f9c5be71ee293c59a73566cd70e976aec39d84f0f
-  data.tar.gz: 6e41d083dd57a83be7b33a23b49c430f63803403ce8ba97a7fd5b25ca764d38a99c16a0dc2d9d6ff054a00aebb39bca0b1cc3ecbb9eb5e796bb19a57bb819032
+  metadata.gz: 3a657388018a9a0aac3b396e6d7480e210871cd2a0f6a7a85cc31a22f9b1caa7ef0e536bfe2dbbf7a921fc1c5f98366c36f388a36330b55cb9ca740fc0ffa56f
+  data.tar.gz: c52d3846e952af1438bb9f776d66e976a9645b5ec2c8ba8cfec18ae2ce9e24526d69f9c07951b25aaa26cc74c56da25585083c57f9d9775c2f0bd5f78ea89107

data/CHANGELOG.md

@@ -3,6 +3,9 @@
 All notable changes to this project will be documented in this file.
 This project *tries* to adhere to [Semantic Versioning](http://semver.org/), even before v1.0.
 
+## [0.5.1]
+- #3 add quiet option
+
 ## [0.5.0]
 - add commands: access_logs, lifecycle, versioning, remediate_all
 - s3 client is smarter and switches regions on a per-bucket basis

data/lib/s3_secure/abstract_base.rb

@@ -1,7 +1,8 @@
 module S3Secure
   class AbstractBase
-    include S3Secure::AwsServices
     extend Memoist
+    include S3Secure::AwsServices
+    include Say
 
     def initialize(options={})
       @options = options

data/lib/s3_secure/access_logs.rb

@@ -1,5 +1,7 @@
 module S3Secure
   class AccessLogs < Command
+    class_option :quiet, type: :boolean
+
     desc "list", "List bucket access_logs setting"
     long_desc Help.text("access_logs/list")
     option :format, desc: "Format options: #{CliFormat.formats.join(', ')}"

data/lib/s3_secure/access_logs/disable.rb

@@ -9,7 +9,7 @@ class S3Secure::AccessLogs
 
     def remove_access_logging
       unless @show.logging_enabled?
-        puts "Bucket #{@bucket} is not configured with access logging. So nothing to remove."
+        say "Bucket #{@bucket} is not configured with access logging. So nothing to remove."
         return
       end
 
@@ -17,12 +17,12 @@ class S3Secure::AccessLogs
         bucket: @bucket, # source
         bucket_logging_status: {}, # empty hash to remove
       )
-      puts "Bucket #{@bucket} access logging removed"
+      say "Bucket #{@bucket} access logging removed"
     end
 
     def remove_bucket_acl
       unless @show.acl_enabled?
-        puts "Bucket #{@bucket} is not configured the log delivery ACL. So nothing to remove."
+        say "Bucket #{@bucket} is not configured the log delivery ACL. So nothing to remove."
         return
       end
 
@@ -31,7 +31,7 @@ class S3Secure::AccessLogs
         bucket: @bucket,
         access_control_policy: access_control_policy,
       )
-      puts "Bucket #{@bucket} ACL Log Delivery removed"
+      say "Bucket #{@bucket} ACL Log Delivery removed"
     end
   end
 end

data/lib/s3_secure/access_logs/enable.rb

@@ -9,7 +9,7 @@ class S3Secure::AccessLogs
     # Bucket ACL applies on the target bucket only
     def add_bucket_acl
       if @show.acl_enabled?
-        puts "Bucket acl already has log delivery ACL"
+        say "Bucket acl already has log delivery ACL"
         return
       end
 
@@ -17,12 +17,12 @@ class S3Secure::AccessLogs
         bucket: @bucket,
         access_control_policy: @show.access_control_policy_with_log_delivery_permissions,
       )
-      puts "Added to bucket acl that grants log delivery"
+      say "Added to bucket acl that grants log delivery"
     end
 
     def enable_access_logging
       if @show.logging_enabled?
-        puts "Bucket access logging already enabled"
+        say "Bucket access logging already enabled"
         return
       end
 
@@ -35,7 +35,7 @@ class S3Secure::AccessLogs
           },
         },
       )
-      puts "Enabled access logging on the source bucket #{@bucket} to be delivered to the target bucket #{@show.target_bucket}"
+      say "Enabled access logging on the source bucket #{@bucket} to be delivered to the target bucket #{@show.target_bucket}"
     end
   end
 end

data/lib/s3_secure/access_logs/show.rb

@@ -1,9 +1,9 @@
 class S3Secure::AccessLogs
   class Show < Base
     def run
-      puts "Bucket ACL:"
+      say "Bucket ACL:"
       pp bucket_acl_grants
-      puts "Bucket Logging:"
+      say "Bucket Logging:"
       pp bucket_logging
     end
 

data/lib/s3_secure/cli.rb

@@ -1,6 +1,6 @@
 module S3Secure
   class CLI < Command
-    class_option :verbose, type: :boolean
+    class_option :quiet, type: :boolean
     class_option :noop, type: :boolean
 
     desc "access_logs SUBCOMMAND", "access_logs subcommands"
@@ -23,7 +23,7 @@ module S3Secure
     long_desc Help.text(:lifecycle)
     subcommand "lifecycle", Lifecycle
 
-    desc "remediate_all", "Remediate all. For more fine-grain control use each of the commands directly."
+    desc "remediate_all BUCKET", "Remediate all. For more fine-grain control use each of the commands directly."
     long_desc Help.text("remediate_all")
     def remediate_all(bucket)
       RemediateAll.new(options.merge(bucket: bucket)).run

data/lib/s3_secure/encryption.rb

@@ -1,5 +1,7 @@
 module S3Secure
   class Encryption < Command
+    class_option :quiet, type: :boolean
+
     desc "list", "List bucket encryptions"
     long_desc Help.text("encryption/list")
     option :format, desc: "Format options: #{CliFormat.formats.join(', ')}"

data/lib/s3_secure/encryption/disable.rb

@@ -5,9 +5,9 @@ class S3Secure::Encryption
 
       if show.enabled?
         s3.delete_bucket_encryption(bucket: @bucket) # returns resp = #<struct Aws::EmptyStructure>
-        puts "Bucket #{@bucket} encryption has been removed"
+        say "Bucket #{@bucket} encryption has been removed"
       else
-        puts "Bucket #{@bucket} is not configured with encryption at the bucket level"
+        say "Bucket #{@bucket} is not configured with encryption at the bucket level"
       end
     end
   end

data/lib/s3_secure/encryption/enable.rb

@@ -5,8 +5,7 @@ class S3Secure::Encryption
 
       if show.enabled?
         # check rules to see if encryption is already set of some sort
-        puts "Bucket #{@bucket} already has encryption rules:"
-        puts show.rules.map(&:to_h)
+        say "Bucket #{@bucket} already has encryption rules:"
       else
         # Set encryption rules
         # Ruby docs: https://docs.aws.amazon.com/sdk-for-ruby/v3/api/Aws/S3/Client.html#put_bucket_encryption-instance_method
@@ -18,8 +17,7 @@ class S3Secure::Encryption
           bucket: @bucket,
           server_side_encryption_configuration: {
             rules: [rule]})
-        puts "Encyption enabled on bucket #{@bucket} with rules:"
-        pp rule
+        say "Encyption enabled on bucket #{@bucket} with rules:"
       end
     end
 

data/lib/s3_secure/encryption/show.rb

@@ -2,10 +2,10 @@ class S3Secure::Encryption
   class Show < Base
     def run
       if rules
-        puts "Bucket #{@bucket} is configured with these encryption rules:"
-        puts rules.map(&:to_h)
+        say "Bucket #{@bucket} is configured with these encryption rules:"
+        say rules.map(&:to_h)
       else
-        puts "Bucket #{@bucket} is not configured with encryption at the bucket level"
+        say "Bucket #{@bucket} is not configured with encryption at the bucket level"
       end
     end
 

data/lib/s3_secure/lifecycle.rb

@@ -1,5 +1,7 @@
 module S3Secure
   class Lifecycle < Command
+    class_option :quiet, type: :boolean
+
     desc "list", "List bucket lifecycles"
     long_desc Help.text("lifecycle/list")
     option :format, desc: "Format options: #{CliFormat.formats.join(', ')}"

data/lib/s3_secure/lifecycle/add.rb

@@ -9,7 +9,7 @@ class S3Secure::Lifecycle
         builder = Builder.new(current_rules)
         rules = builder.rules_with_addition(@options[:prefix])
         if current_rules.size == rules.size
-          puts "WARN: rule wasnt added because a #{RULE_ID} already exists".color(:yellow)
+          say "WARN: rule wasnt added because a #{RULE_ID} already exists".color(:yellow)
         else
           s3.put_bucket_lifecycle_configuration(
             bucket: @bucket, # required
@@ -17,7 +17,7 @@ class S3Secure::Lifecycle
           )
         end
       elsif show.any?
-        puts "Bucket #{@bucket} is has a lifecycle policy already."
+        say "Bucket #{@bucket} is has a lifecycle policy already."
         return
       else
         options = {
@@ -27,7 +27,7 @@ class S3Secure::Lifecycle
         s3.put_bucket_lifecycle_configuration(options)
       end
 
-      puts "Added lifecycle policy to bucket #{@bucket}"
+      say "Added lifecycle policy to bucket #{@bucket}"
     end
   end
 end

data/lib/s3_secure/lifecycle/remove.rb

@@ -5,7 +5,7 @@ class S3Secure::Lifecycle
     def run
       show = Show.new(@options)
       unless show.has?(RULE_ID)
-        puts "Bucket #{@bucket} already does not have the #{RULE_ID} lifecycle rule."
+        say "Bucket #{@bucket} already does not have the #{RULE_ID} lifecycle rule."
         return
       end
 
@@ -22,7 +22,7 @@ class S3Secure::Lifecycle
         )
       end
 
-      puts "Removed the #{RULE_ID} lifecycle rule on bucket #{@bucket}"
+      say "Removed the #{RULE_ID} lifecycle rule on bucket #{@bucket}"
     end
   end
 end

data/lib/s3_secure/lifecycle/show.rb

@@ -4,13 +4,13 @@ class S3Secure::Lifecycle
 
     def run
       if any?
-        puts "This S3 bucket has lifecycle rules"
+        say "This S3 bucket has lifecycle rules"
       else
-        puts "This S3 bucket does not have lifecycle rules"
+        say "This S3 bucket does not have lifecycle rules"
       end
 
       if any?
-        puts "Bucket lifecycle details: "
+        say "Bucket lifecycle details: "
         pp get_lifecycle(@bucket).to_h
       end
     end

data/lib/s3_secure/policy.rb

@@ -1,5 +1,7 @@
 module S3Secure
   class Policy < Command
+    class_option :quiet, type: :boolean
+
     desc "list", "List bucket policies"
     long_desc Help.text("policy/list")
     option :format, desc: "Format options: #{CliFormat.formats.join(', ')}"

data/lib/s3_secure/policy/enforce.rb

@@ -11,8 +11,8 @@ class S3Secure::Policy
       bucket_policy = show.policy
       document = Document.new(@bucket, bucket_policy)
       if document.has?(@sid)
-        puts "Bucket policy for #{@bucket} has ForceSSLOnlyAccess policy statement already:"
-        puts bucket_policy
+        say "Bucket policy for #{@bucket} has ForceSSLOnlyAccess policy statement already:"
+        say bucket_policy
       else
         # Set encryption rules
         # Ruby docs: https://docs.aws.amazon.com/sdk-for-ruby/v3/api/Aws/S3/Client.html#put_bucket_policy-instance_method
@@ -25,8 +25,7 @@ class S3Secure::Policy
           bucket: @bucket,
           policy: policy_document,
         )
-        puts "Add bucket policy to bucket #{@bucket}:"
-        puts policy_document
+        say "Add bucket policy to bucket #{@bucket}:"
       end
     end
   end

data/lib/s3_secure/policy/show.rb

@@ -2,11 +2,10 @@ class S3Secure::Policy
   class Show < Base
     def run
       if policy
-        puts "Bucket #{@bucket} is configured with this policy:"
-        puts policy
-        # puts policy.map(&:to_h)
+        say "Bucket #{@bucket} is configured with this policy:"
+        say policy
       else
-        puts "Bucket #{@bucket} is not configured bucket policy"
+        say "Bucket #{@bucket} is not configured bucket policy"
       end
     end
 

data/lib/s3_secure/policy/unforce.rb

@@ -28,10 +28,10 @@ class S3Secure::Policy
           s3.delete_bucket_policy(bucket: @bucket)
         end
 
-        puts "Remove bucket policy statement from bucket #{@bucket}:"
-        puts policy_document if policy_document
+        say "Remove bucket policy statement from bucket #{@bucket}:"
+        say policy_document if policy_document
       else
-        puts "Bucket policy for #{@bucket} does not have ForceSSLOnlyAccess policy statement. Nothing to be done."
+        say "Bucket policy for #{@bucket} does not have ForceSSLOnlyAccess policy statement. Nothing to be done."
       end
     end
   end

data/lib/s3_secure/remediate_all.rb

@@ -1,11 +1,12 @@
 module S3Secure
   class RemediateAll < AbstractBase
     def run
-      Encryption::Enable.new(bucket: @bucket).run
-      Policy::Enforce.new(bucket: @bucket, sid: "ForceSSLOnlyAccess").run
-      Versioning::Enable.new(bucket: @bucket).run
-      Lifecycle::Add.new(bucket: @bucket).run
-      AccessLogs::Enable.new(bucket: @bucket).run
+      o = @options.merge(bucket: @bucket)
+      Encryption::Enable.new(o).run
+      Policy::Enforce.new(o.merge(sid: "ForceSSLOnlyAccess")).run
+      Versioning::Enable.new(o).run
+      Lifecycle::Add.new(o).run
+      AccessLogs::Enable.new(o).run
     end
   end
 end

data/lib/s3_secure/say.rb

@@ -0,0 +1,7 @@
+module S3Secure
+  module Say
+    def say(msg)
+      puts msg unless @options[:quiet]
+    end
+  end
+end

data/lib/s3_secure/version.rb

@@ -1,3 +1,3 @@
 module S3Secure
-  VERSION = "0.5.0"
+  VERSION = "0.5.1"
 end

data/lib/s3_secure/versioning.rb

@@ -1,5 +1,7 @@
 module S3Secure
   class Versioning < Command
+    class_option :quiet, type: :boolean
+
     desc "list", "List bucket versionings"
     long_desc Help.text("versioning/list")
     option :format, desc: "Format options: #{CliFormat.formats.join(', ')}"

data/lib/s3_secure/versioning/disable.rb

@@ -10,9 +10,9 @@ class S3Secure::Versioning
             status: "Suspended",
           },
         )
-        puts "Versioning Suspended on bucket #{@bucket}"
+        say "Versioning Suspended on bucket #{@bucket}"
       else
-        puts "Bucket #{@bucket} is already has versioning already Suspended or not Enabled."
+        say "Bucket #{@bucket} is already has versioning already Suspended or not Enabled."
       end
     end
   end

data/lib/s3_secure/versioning/enable.rb

@@ -3,7 +3,7 @@ class S3Secure::Versioning
     def run
       show = Show.new(@options)
       if show.enabled?
-        puts "Bucket #{@bucket} is has versioning already enabled."
+        say "Bucket #{@bucket} is has versioning already enabled."
       else
         s3.put_bucket_versioning(
           bucket: @bucket,
@@ -12,7 +12,7 @@ class S3Secure::Versioning
             status: "Enabled",
           },
         )
-        puts "Versioning enabled on bucket #{@bucket}"
+        say "Versioning enabled on bucket #{@bucket}"
       end
     end
   end

data/lib/s3_secure/versioning/show.rb

@@ -2,13 +2,13 @@ class S3Secure::Versioning
   class Show < Base
     def run
       if enabled?
-        puts "This S3 bucket has versioning enabled"
+        say "This S3 bucket has versioning enabled"
       else
-        puts "This S3 bucket does not have versioning enabled"
+        say "This S3 bucket does not have versioning enabled"
       end
       details = get_versioning(@bucket).to_h
       unless details.empty?
-        puts "Bucket versioning details: "
+        say "Bucket versioning details: "
         pp details
       end
     end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: s3-secure
 version: !ruby/object:Gem::Version
-  version: 0.5.0
+  version: 0.5.1
 platform: ruby
 authors:
 - Tung Nguyen
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2020-05-31 00:00:00.000000000 Z
+date: 2020-09-19 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
@@ -267,6 +267,7 @@ files:
 - lib/s3_secure/policy/show.rb
 - lib/s3_secure/policy/unforce.rb
 - lib/s3_secure/remediate_all.rb
+- lib/s3_secure/say.rb
 - lib/s3_secure/summary.rb
 - lib/s3_secure/summary/item.rb
 - lib/s3_secure/summary/items.rb