s3-secure 0.5.1 → 0.6.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 2fe4cf360f3085cd6d3a6432163e48446163b3fb4c873594198009a9eca48352
-  data.tar.gz: 74458fbc45b76b221c51dd75120f75c0122cd32aee9efc1a2516fcba8eaeaebb
+  metadata.gz: 739695e06691bf9716545d0874b7a92bca5c739d78ebd7caee2458a45dbf767e
+  data.tar.gz: 2b9d47ad43044cd0b70e4063639d08c7963e8c144057ddc4b56556e07f7d7ee1
 SHA512:
-  metadata.gz: 3a657388018a9a0aac3b396e6d7480e210871cd2a0f6a7a85cc31a22f9b1caa7ef0e536bfe2dbbf7a921fc1c5f98366c36f388a36330b55cb9ca740fc0ffa56f
-  data.tar.gz: c52d3846e952af1438bb9f776d66e976a9645b5ec2c8ba8cfec18ae2ce9e24526d69f9c07951b25aaa26cc74c56da25585083c57f9d9775c2f0bd5f78ea89107
+  metadata.gz: a68b9daf5ec3b047776a5e3e70ecf7aa680bb5fb685d911ff82d04c0baffd73b13e2d5acc3c899a241c10a2da7825de8b35a8fbe89116c95f515be1ee4b70017
+  data.tar.gz: 48346b04e0e720b004aec4b73ecb8da5c191b0f0018eceb9041a0b32fdd71f5a840a005be4df5daed95752af125770ceebc48e06b39b2131adb3c29af0463861

data/CHANGELOG.md

@@ -3,6 +3,11 @@
 All notable changes to this project will be documented in this file.
 This project *tries* to adhere to [Semantic Versioning](http://semver.org/), even before v1.0.
 
+## [0.6.0] - 2021-12-30
+- [#4](https://github.com/tongueroo/s3-secure/pull/4) refactor move directly related cli classes to subfolder
+- [#5](https://github.com/tongueroo/s3-secure/pull/5) add public access block support
+- fix activesupport require
+
 ## [0.5.1]
 - #3 add quiet option
 

data/README.md

@@ -1,6 +1,7 @@
 # s3-secure tool
 
-[![Gem Version](https://badge.fury.io/rb/s3-secure.png)](http://badge.fury.io/rb/s3-secure)]
+[![Gem Version](https://badge.fury.io/rb/s3-secure.png)](http://badge.fury.io/rb/s3-secure)
+
 [![BoltOps Badge](https://img.boltops.com/boltops/badges/boltops-badge.png)](https://www.boltops.com)
 
 The s3-secure tool can be used to harden your s3 bucket security posture. The tool is useful if you have a lot of buckets to update. It supports:
@@ -171,4 +172,4 @@ buckets.txt:
 
 Install with:
 
-    gem install s3-secure
+    gem install s3-secure

data/lib/s3_secure/access_logs/base.rb

@@ -1,4 +1,4 @@
-class S3Secure::AccessLogs
-  class Base < S3Secure::AbstractBase
+module S3Secure::AccessLogs
+  class Base < S3Secure::CLI::Base
   end
 end

data/lib/s3_secure/access_logs/disable.rb

@@ -1,4 +1,4 @@
-class S3Secure::AccessLogs
+module S3Secure::AccessLogs
   class Disable < Base
     def run
       @show = Show.new(bucket: @bucket)

data/lib/s3_secure/access_logs/enable.rb

@@ -1,4 +1,4 @@
-class S3Secure::AccessLogs
+module S3Secure::AccessLogs
   class Enable < Base
     def run
       @show = Show.new(bucket: @bucket)

data/lib/s3_secure/access_logs/list.rb

@@ -1,4 +1,4 @@
-class S3Secure::AccessLogs
+module S3Secure::AccessLogs
   class List < Base
     def run
       presenter = CliFormat::Presenter.new(@options)

data/lib/s3_secure/access_logs/show.rb

@@ -1,4 +1,4 @@
-class S3Secure::AccessLogs
+module S3Secure::AccessLogs
   class Show < Base
     def run
       say "Bucket ACL:"

data/lib/s3_secure/aws_services/s3.rb

@@ -8,6 +8,13 @@ module S3Secure::AwsServices
       @@s3_clients[@bucket] ||= new_s3_regional_client
     end
 
+    def s3_regional_client(bucket)
+      temp = @bucket
+      @bucket = bucket
+      @@s3_clients[bucket] ||= new_s3_regional_client
+      @bucket = temp
+    end
+
     def new_s3_regional_client
       options = {}
       options[:endpoint] = "https://s3.#{region}.amazonaws.com"

data/lib/s3_secure/aws_services.rb

@@ -2,6 +2,12 @@ require "aws-sdk-s3"
 
 module S3Secure
   module AwsServices
+    extend Memoist
     include S3
+
+    def sts
+      Aws::STS::Client.new
+    end
+    memoize :sts
   end
 end

data/lib/s3_secure/{access_logs.rb → cli/access_logs.rb}

@@ -1,5 +1,5 @@
-module S3Secure
-  class AccessLogs < Command
+class S3Secure::CLI
+  class AccessLogs < S3Secure::Command
     class_option :quiet, type: :boolean
 
     desc "list", "List bucket access_logs setting"
@@ -7,26 +7,26 @@ module S3Secure
     option :format, desc: "Format options: #{CliFormat.formats.join(', ')}"
     option :access_logs, type: :boolean, desc: "Filter for access_logs: all, true, false"
     def list
-      List.new(options).run
+      S3Secure::AccessLogs::List.new(options).run
     end
 
     desc "show BUCKET", "show bucket access_logs"
     long_desc Help.text("access_logs/show")
     def show(bucket)
-      Show.new(options.merge(bucket: bucket)).run
+      S3Secure::AccessLogs::Show.new(options.merge(bucket: bucket)).run
     end
 
     desc "enable BUCKET", "enable bucket access_logs"
     long_desc Help.text("access_logs/enable")
     option :target_bucket, desc: "Target s3 bucket"
     def enable(bucket)
-      Enable.new(options.merge(bucket: bucket)).run
+      S3Secure::AccessLogs::Enable.new(options.merge(bucket: bucket)).run
     end
 
     desc "disable BUCKET", "disable bucket access_logs"
     long_desc Help.text("access_logs/disable")
     def disable(bucket)
-      Disable.new(options.merge(bucket: bucket)).run
+      S3Secure::AccessLogs::Disable.new(options.merge(bucket: bucket)).run
     end
   end
 end

data/lib/s3_secure/{abstract_base.rb → cli/base.rb}

@@ -1,5 +1,5 @@
-module S3Secure
-  class AbstractBase
+class S3Secure::CLI
+  class Base
     extend Memoist
     include S3Secure::AwsServices
     include Say

data/lib/s3_secure/{batch.rb → cli/batch.rb}

@@ -1,4 +1,4 @@
-module S3Secure
+class S3Secure::CLI
   class Batch
     extend Memoist
 

data/lib/s3_secure/{encryption.rb → cli/encryption.rb}

@@ -1,5 +1,5 @@
-module S3Secure
-  class Encryption < Command
+class S3Secure::CLI
+  class Encryption < S3Secure::Command
     class_option :quiet, type: :boolean
 
     desc "list", "List bucket encryptions"
@@ -7,26 +7,26 @@ module S3Secure
     option :format, desc: "Format options: #{CliFormat.formats.join(', ')}"
     option :encryption, type: :boolean, desc: "Filter for encryption: all, true, false"
     def list
-      List.new(options).run
+      S3Secure::Encryption::List.new(options).run
     end
 
     desc "show BUCKET", "show bucket encryption"
     long_desc Help.text("encryption/show")
     def show(bucket)
-      Show.new(options.merge(bucket: bucket)).run
+      S3Secure::Encryption::Show.new(options.merge(bucket: bucket)).run
     end
 
     desc "enable BUCKET", "enable bucket encryption"
     long_desc Help.text("encryption/enable")
     option :kms_key, desc: "KMS Key Id. If this is set will use sse_algorithm=aws:kms Otherwise will use sse_algorithm=AES256"
     def enable(bucket)
-      Enable.new(options.merge(bucket: bucket)).run
+      S3Secure::Encryption::Enable.new(options.merge(bucket: bucket)).run
     end
 
     desc "disable BUCKET", "disable bucket encryption"
     long_desc Help.text("encryption/disable")
     def disable(bucket)
-      Disable.new(options.merge(bucket: bucket)).run
+      S3Secure::Encryption::Disable.new(options.merge(bucket: bucket)).run
     end
   end
 end

data/lib/s3_secure/cli/help.rb

@@ -0,0 +1,11 @@
+class S3Secure::CLI
+  class Help
+    class << self
+      def text(namespaced_command)
+        path = namespaced_command.to_s.gsub(':','/')
+        path = File.expand_path("../help/#{path}.md", __FILE__)
+        IO.read(path) if File.exist?(path)
+      end
+    end
+  end
+end

data/lib/s3_secure/{lifecycle.rb → cli/lifecycle.rb}

@@ -1,5 +1,5 @@
-module S3Secure
-  class Lifecycle < Command
+class S3Secure::CLI
+  class Lifecycle < S3Secure::Command
     class_option :quiet, type: :boolean
 
     desc "list", "List bucket lifecycles"
@@ -7,13 +7,13 @@ module S3Secure
     option :format, desc: "Format options: #{CliFormat.formats.join(', ')}"
     option :lifecycle, desc: "Filter for lifecycle: all, true, false"
     def list
-      List.new(options).run
+      S3Secure::Lifecycle::List.new(options).run
     end
 
     desc "show BUCKET", "show bucket lifecycle"
     long_desc Help.text("lifecycle/show")
     def show(bucket)
-      Show.new(options.merge(bucket: bucket)).run
+      S3Secure::Lifecycle::Show.new(options.merge(bucket: bucket)).run
     end
 
     desc "add BUCKET", "add bucket lifecycle"
@@ -21,13 +21,13 @@ module S3Secure
     option :additive, type: :boolean, desc: "Force adding another lifecycle rule even if one exists. Note, may fail, need a different prefix filter"
     option :prefix, desc: "Filter prefix. Used with additive mode."
     def add(bucket)
-      Add.new(options.merge(bucket: bucket)).run
+      S3Secure::Lifecycle::Add.new(options.merge(bucket: bucket)).run
     end
 
     desc "remove BUCKET", "remove bucket lifecycle"
     long_desc Help.text("lifecycle/remove")
     def remove(bucket)
-      Remove.new(options.merge(bucket: bucket)).run
+      S3Secure::Lifecycle::Remove.new(options.merge(bucket: bucket)).run
     end
   end
 end

data/lib/s3_secure/{policy.rb → cli/policy.rb}

@@ -1,5 +1,5 @@
-module S3Secure
-  class Policy < Command
+class S3Secure::CLI
+  class Policy < S3Secure::Command
     class_option :quiet, type: :boolean
 
     desc "list", "List bucket policies"
@@ -7,25 +7,25 @@ module S3Secure
     option :format, desc: "Format options: #{CliFormat.formats.join(', ')}"
     option :policy, type: :boolean, desc: "Filter for policy: all, true, false"
     def list
-      List.new(options).run
+      S3Secure::Policy::List.new(options).run
     end
 
     desc "show BUCKET", "show bucket policy"
     long_desc Help.text("policy/show")
     def show(bucket)
-      Show.new(options.merge(bucket: bucket)).run
+      S3Secure::Policy::Show.new(options.merge(bucket: bucket)).run
     end
 
     desc "enforce_ssl BUCKET", "Add enforce ssl bucket policy"
     long_desc Help.text("policy/enforce_ssl")
     def enforce_ssl(bucket)
-      Enforce.new(options.merge(bucket: bucket, sid: "ForceSSLOnlyAccess")).run
+      S3Secure::Policy::Enforce.new(options.merge(bucket: bucket, sid: "ForceSSLOnlyAccess")).run
     end
 
     desc "unforce_ssl BUCKET", "Remove enforce ssl bucket policy"
     long_desc Help.text("policy/unforce_ssl")
     def unforce_ssl(bucket)
-      Unforce.new(options.merge(bucket: bucket, sid: "ForceSSLOnlyAccess")).run
+      S3Secure::Policy::Unforce.new(options.merge(bucket: bucket, sid: "ForceSSLOnlyAccess")).run
     end
   end
 end

data/lib/s3_secure/cli/public_access.rb

@@ -0,0 +1,32 @@
+class S3Secure::CLI
+  class PublicAccess < S3Secure::Command
+    class_option :quiet, type: :boolean
+
+    desc "list", "List bucket public access policy"
+    long_desc Help.text("public_access/list")
+    option :format, desc: "Format options: #{CliFormat.formats.join(', ')}"
+    option :blocked, desc: "Filter for public_access: all, true, false"
+    def list
+      S3Secure::PublicAccess::List.new(options).run
+    end
+
+    desc "show BUCKET", "show bucket public_access"
+    long_desc Help.text("public_access/show")
+    def show(bucket)
+      S3Secure::PublicAccess::Show.new(options.merge(bucket: bucket)).run
+    end
+
+    desc "block BUCKET", "block bucket public_access"
+    long_desc Help.text("public_access/block")
+    option :prefix, desc: "Filter prefix. Used with mode."
+    def block(bucket)
+      S3Secure::PublicAccess::Block.new(options.merge(bucket: bucket)).run
+    end
+
+    desc "unblock BUCKET", "unblock bucket public_access"
+    long_desc Help.text("public_access/unblock")
+    def unblock(bucket)
+      S3Secure::PublicAccess::Unblock.new(options.merge(bucket: bucket)).run
+    end
+  end
+end

data/lib/s3_secure/{remediate_all.rb → cli/remediate_all.rb}

@@ -1,5 +1,5 @@
-module S3Secure
-  class RemediateAll < AbstractBase
+class S3Secure::CLI
+  class RemediateAll < Base
     def run
       o = @options.merge(bucket: @bucket)
       Encryption::Enable.new(o).run

data/lib/s3_secure/{say.rb → cli/say.rb}

@@ -1,4 +1,4 @@
-module S3Secure
+class S3Secure::CLI
   module Say
     def say(msg)
       puts msg unless @options[:quiet]

data/lib/s3_secure/{summary.rb → cli/summary.rb}

@@ -1,9 +1,9 @@
-module S3Secure
-  class Summary < AbstractBase
+class S3Secure::CLI
+  class Summary < Base
     def run
       $stderr.puts("Determining bucket security-related settings. Can take a while for lots of buckets...")
       data = [%w[Bucket SSL? Encrypted?]]
-      items = Items.new(@options, buckets)
+      items = S3Secure::Summary::Items.new(@options, buckets)
       items.filtered_items.each do |i|
         data << [i.bucket, i.ssl, i.encrypted]
       end

data/lib/s3_secure/{versioning.rb → cli/versioning.rb}

@@ -1,5 +1,5 @@
-module S3Secure
-  class Versioning < Command
+class S3Secure::CLI
+  class Versioning < S3Secure::Command
     class_option :quiet, type: :boolean
 
     desc "list", "List bucket versionings"
@@ -7,25 +7,25 @@ module S3Secure
     option :format, desc: "Format options: #{CliFormat.formats.join(', ')}"
     option :versioning, desc: "Filter for versioning: all, true, false"
     def list
-      List.new(options).run
+      S3Secure::Versioning::List.new(options).run
     end
 
     desc "show BUCKET", "show bucket versioning"
     long_desc Help.text("versioning/show")
     def show(bucket)
-      Show.new(options.merge(bucket: bucket)).run
+      S3Secure::Versioning::Show.new(options.merge(bucket: bucket)).run
     end
 
     desc "enable BUCKET", "enable bucket versioning"
     long_desc Help.text("versioning/enable")
     def enable(bucket)
-      Enable.new(options.merge(bucket: bucket)).run
+      S3Secure::Versioning::Enable.new(options.merge(bucket: bucket)).run
     end
 
     desc "disable BUCKET", "disable bucket versioning"
     long_desc Help.text("versioning/disable")
     def disable(bucket)
-      Disable.new(options.merge(bucket: bucket)).run
+      S3Secure::Versioning::Disable.new(options.merge(bucket: bucket)).run
     end
   end
 end

data/lib/s3_secure/cli.rb

@@ -1,5 +1,5 @@
 module S3Secure
-  class CLI < Command
+  class CLI < S3Secure::Command
     class_option :quiet, type: :boolean
     class_option :noop, type: :boolean
 
@@ -23,6 +23,10 @@ module S3Secure
     long_desc Help.text(:lifecycle)
     subcommand "lifecycle", Lifecycle
 
+    desc "public_access SUBCOMMAND", "public_access subcommands"
+    long_desc Help.text(:public_access)
+    subcommand "public_access", PublicAccess
+
     desc "remediate_all BUCKET", "Remediate all. For more fine-grain control use each of the commands directly."
     long_desc Help.text("remediate_all")
     def remediate_all(bucket)

data/lib/s3_secure/encryption/base.rb

@@ -1,4 +1,4 @@
-class S3Secure::Encryption
-  class Base < S3Secure::AbstractBase
+module S3Secure::Encryption
+  class Base < S3Secure::CLI::Base
   end
 end

data/lib/s3_secure/encryption/disable.rb

@@ -1,4 +1,4 @@
-class S3Secure::Encryption
+module S3Secure::Encryption
   class Disable < Base
     def run
       show = Show.new(@options)

data/lib/s3_secure/encryption/enable.rb

@@ -1,4 +1,4 @@
-class S3Secure::Encryption
+module S3Secure::Encryption
   class Enable < Base
     def run
       show = Show.new(@options)

data/lib/s3_secure/encryption/list.rb

@@ -1,4 +1,4 @@
-class S3Secure::Encryption
+module S3Secure::Encryption
   class List < Base
     def run
       presenter = CliFormat::Presenter.new(@options)

data/lib/s3_secure/encryption/show.rb

@@ -1,4 +1,4 @@
-class S3Secure::Encryption
+module S3Secure::Encryption
   class Show < Base
     def run
       if rules
@@ -7,6 +7,7 @@ class S3Secure::Encryption
       else
         say "Bucket #{@bucket} is not configured with encryption at the bucket level"
       end
+      rules
     end
 
     def enabled?

data/lib/s3_secure/lifecycle/add.rb

@@ -1,4 +1,4 @@
-class S3Secure::Lifecycle
+module S3Secure::Lifecycle
   class Add < Base
     RULE_ID = Base::RULE_ID
 

data/lib/s3_secure/lifecycle/base.rb

@@ -1,5 +1,5 @@
-class S3Secure::Lifecycle
-  class Base < S3Secure::AbstractBase
+module S3Secure::Lifecycle
+  class Base < S3Secure::CLI::Base
     RULE_ID = "s3-secure-automated-cleanup"
   end
 end

data/lib/s3_secure/lifecycle/builder.rb

@@ -1,4 +1,4 @@
-class S3Secure::Lifecycle
+module S3Secure::Lifecycle
   class Builder
     # Note: put_bucket_lifecycle_configuration and put_bucket_lifecycle understand different payloads.
     # put_bucket_lifecycle is old and shouldnt be used

data/lib/s3_secure/lifecycle/list.rb

@@ -1,4 +1,4 @@
-class S3Secure::Lifecycle
+module S3Secure::Lifecycle
   class List < Base
     def run
       presenter = CliFormat::Presenter.new(@options)

data/lib/s3_secure/lifecycle/remove.rb

@@ -1,4 +1,4 @@
-class S3Secure::Lifecycle
+module S3Secure::Lifecycle
   class Remove < Base
     RULE_ID = Base::RULE_ID
 

data/lib/s3_secure/lifecycle/show.rb

@@ -1,4 +1,4 @@
-class S3Secure::Lifecycle
+module S3Secure::Lifecycle
   class Show < Base
     RULE_ID = Base::RULE_ID
 

data/lib/s3_secure/policy/base.rb

@@ -1,4 +1,4 @@
-class S3Secure::Policy
-  class Base < S3Secure::AbstractBase
+module S3Secure::Policy
+  class Base < S3Secure::CLI::Base
   end
 end

data/lib/s3_secure/policy/checker.rb

@@ -1,4 +1,4 @@
-class S3Secure::Policy
+module S3Secure::Policy
   class Checker
     def initialize(bucket_policy)
       @bucket_policy = bucket_policy # existing document policy

data/lib/s3_secure/policy/document/base.rb

@@ -1,4 +1,4 @@
-class S3Secure::Policy::Document
+module S3Secure::Policy::Document
   class Base
     extend Memoist
 

data/lib/s3_secure/policy/document/force_ssl_only_access.rb

@@ -1,4 +1,4 @@
-class S3Secure::Policy::Document
+module S3Secure::Policy::Document
   class ForceSSLOnlyAccess < Base
     def policy_document
       if @bucket_policy.blank?

data/lib/s3_secure/policy/document/force_ssl_only_access_remove.rb

@@ -1,4 +1,4 @@
-class S3Secure::Policy::Document
+module S3Secure::Policy::Document
   class ForceSSLOnlyAccessRemove < Base
     def initialize(bucket, bucket_policy)
       # @bucket_policy is existing document policy

data/lib/s3_secure/policy/document.rb

@@ -1,4 +1,4 @@
-class S3Secure::Policy
+module S3Secure::Policy
   class Document
     extend Memoist
 

data/lib/s3_secure/policy/enforce.rb

@@ -1,4 +1,4 @@
-class S3Secure::Policy
+module S3Secure::Policy
   class Enforce < Base
     def initialize(options={})
       super

data/lib/s3_secure/policy/list.rb

@@ -1,4 +1,4 @@
-class S3Secure::Policy
+module S3Secure::Policy
   class List < Base
     def run
       presenter = CliFormat::Presenter.new(@options)

data/lib/s3_secure/policy/show.rb

@@ -1,4 +1,4 @@
-class S3Secure::Policy
+module S3Secure::Policy
   class Show < Base
     def run
       if policy

data/lib/s3_secure/policy/unforce.rb

@@ -1,4 +1,4 @@
-class S3Secure::Policy
+module S3Secure::Policy
   class Unforce < Base
     def initialize(options={})
       super

data/lib/s3_secure/public_access/base.rb

@@ -0,0 +1,10 @@
+module S3Secure::PublicAccess
+  class Base < S3Secure::CLI::Base
+    extend Memoist
+
+    def account_id
+      sts.get_caller_identity.account
+    end
+    memoize :account_id
+  end
+end

data/lib/s3_secure/public_access/block.rb

@@ -0,0 +1,18 @@
+module S3Secure::PublicAccess
+  class Block < Base
+    def run
+      resp = s3.put_public_access_block(
+        bucket: @bucket,
+        public_access_block_configuration: {
+          block_public_acls: true,
+          ignore_public_acls: true,
+          block_public_policy: true,
+          restrict_public_buckets: true,
+        },
+      )
+      $stderr.puts("Public access blocked for bucket: #{@bucket}")
+      resp
+    end
+  end
+end
+

data/lib/s3_secure/public_access/list.rb

@@ -0,0 +1,24 @@
+module S3Secure::PublicAccess
+  class List < Base
+    def run
+      presenter = CliFormat::Presenter.new(@options)
+      presenter.header = ["Bucket", "Block Public Access?"]
+
+      buckets.each do |bucket|
+        $stderr.puts "Getting bucket public access configuration for bucket #{bucket.color(:green)}"
+
+        blocked = Show.new(bucket: bucket).blocked?
+        row = [bucket, blocked]
+        if @options[:blocked].nil?
+          presenter.rows << row # always show policy
+        elsif @options[:blocked]
+          presenter.rows << row if blocked # only show if bucket is blocked
+        else
+          presenter.rows << row unless blocked # only show if bucket is unblocked
+        end
+      end
+
+      presenter.show
+    end
+  end
+end

data/lib/s3_secure/public_access/show.rb

@@ -0,0 +1,27 @@
+module S3Secure::PublicAccess
+  class Show < Base
+    def run
+      resp = s3.get_public_access_block(
+        bucket: @bucket,
+      )
+      $stderr.puts(resp.to_h)
+      resp
+    rescue Aws::S3::Errors::NoSuchPublicAccessBlockConfiguration
+      $stderr.puts "No public access block configuration found for bucket: #{@bucket}"
+    end
+
+    def blocked?
+      resp = s3.get_public_access_block(
+        bucket: @bucket,
+      )
+      resp.to_h[:public_access_block_configuration] == {
+        block_public_acls: true,
+        block_public_policy: true,
+        ignore_public_acls: true,
+        restrict_public_buckets: true,
+      }
+    rescue Aws::S3::Errors::NoSuchPublicAccessBlockConfiguration
+      false
+    end
+  end
+end

data/lib/s3_secure/public_access/unblock.rb

@@ -0,0 +1,12 @@
+module S3Secure::PublicAccess
+  class Unblock < Base
+    def run
+      resp = s3.delete_public_access_block(
+        bucket: @bucket,
+      )
+      $stderr.puts("Removed public access block configuration for bucket: #{@bucket}")
+      resp
+    end
+  end
+end
+

data/lib/s3_secure/summary/item.rb

@@ -1,4 +1,4 @@
-class S3Secure::Summary
+module S3Secure::Summary
   class Item
     attr_reader :bucket
     def initialize(bucket, properties={})

data/lib/s3_secure/summary/items.rb

@@ -1,5 +1,5 @@
-class S3Secure::Summary
-  class Items < S3Secure::AbstractBase
+module S3Secure::Summary
+  class Items < S3Secure::CLI::Base
     extend Memoist
 
     # override initialize
@@ -44,9 +44,9 @@ class S3Secure::Summary
 
   private
     def ssl?(bucket)
-      list = S3Secure::Policy::List.new(@options)
+      show = S3Secure::Policy::Show.new(@options.merge(bucket: bucket))
 
-      bucket_policy = list.get_policy(bucket)
+      bucket_policy = show.run
       document = S3Secure::Policy::Document.new(bucket, bucket_policy)
       document.has?("ForceSSLOnlyAccess")
     end
@@ -54,10 +54,9 @@ class S3Secure::Summary
 
     def encrypted?(bucket)
       s3 = s3_regional_client(bucket)
-      list = S3Secure::Encryption::List.new(@options)
-      list.set_s3(s3)
+      show = S3Secure::Encryption::Show.new(@options.merge(bucket: bucket))
 
-      rules = list.get_encryption_rules(bucket)
+      rules = show.run
       !!rules
     end
     memoize :encrypted?

data/lib/s3_secure/version.rb

@@ -1,3 +1,3 @@
 module S3Secure
-  VERSION = "0.5.1"
+  VERSION = "0.6.0"
 end

data/lib/s3_secure/versioning/base.rb

@@ -1,4 +1,4 @@
-class S3Secure::Versioning
-  class Base < S3Secure::AbstractBase
+module S3Secure::Versioning
+  class Base < S3Secure::CLI::Base
   end
 end

data/lib/s3_secure/versioning/disable.rb

@@ -1,4 +1,4 @@
-class S3Secure::Versioning
+module S3Secure::Versioning
   class Disable < Base
     def run
       show = Show.new(@options)

data/lib/s3_secure/versioning/enable.rb

@@ -1,4 +1,4 @@
-class S3Secure::Versioning
+module S3Secure::Versioning
   class Enable < Base
     def run
       show = Show.new(@options)

data/lib/s3_secure/versioning/list.rb

@@ -1,4 +1,4 @@
-class S3Secure::Versioning
+module S3Secure::Versioning
   class List < Base
     def run
       presenter = CliFormat::Presenter.new(@options)

data/lib/s3_secure/versioning/show.rb

@@ -1,4 +1,4 @@
-class S3Secure::Versioning
+module S3Secure::Versioning
   class Show < Base
     def run
       if enabled?

data/lib/s3_secure.rb

@@ -1,4 +1,5 @@
 $:.unshift(File.expand_path("../", __FILE__))
+require "active_support"
 require "active_support/core_ext/module" # for delegate
 require "active_support/core_ext/string"
 require "cli_format"

data/s3-secure.gemspec

@@ -9,7 +9,7 @@ Gem::Specification.new do |spec|
   spec.authors       = ["Tung Nguyen"]
   spec.email         = ["tongueroo@gmail.com"]
   spec.summary       = "S3 Bucket security hardening tool"
-  spec.homepage      = "https://github.com/tongueroo/s3-secure"
+  spec.homepage      = "https://github.com/boltops-tools/s3-secure"
   spec.license       = "Apache2.0"
 
   git_installed      = system("type git > /dev/null 2>&1")
@@ -24,6 +24,7 @@ Gem::Specification.new do |spec|
   spec.add_dependency "cli-format"
   spec.add_dependency "memoist"
   spec.add_dependency "rainbow"
+  spec.add_dependency "rexml"
   spec.add_dependency "text-table"
   spec.add_dependency "thor"
   spec.add_dependency "zeitwerk"

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: s3-secure
 version: !ruby/object:Gem::Version
-  version: 0.5.1
+  version: 0.6.0
 platform: ruby
 authors:
 - Tung Nguyen
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2020-09-19 00:00:00.000000000 Z
+date: 2021-12-30 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
@@ -80,6 +80,20 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: rexml
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: text-table
   requirement: !ruby/object:Gem::Requirement
@@ -211,8 +225,6 @@ files:
 - exe/s3-secure
 - lib/s3-secure.rb
 - lib/s3_secure.rb
-- lib/s3_secure/abstract_base.rb
-- lib/s3_secure/access_logs.rb
 - lib/s3_secure/access_logs/base.rb
 - lib/s3_secure/access_logs/disable.rb
 - lib/s3_secure/access_logs/enable.rb
@@ -221,19 +233,28 @@ files:
 - lib/s3_secure/autoloader.rb
 - lib/s3_secure/aws_services.rb
 - lib/s3_secure/aws_services/s3.rb
-- lib/s3_secure/batch.rb
 - lib/s3_secure/cli.rb
+- lib/s3_secure/cli/access_logs.rb
+- lib/s3_secure/cli/base.rb
+- lib/s3_secure/cli/batch.rb
+- lib/s3_secure/cli/encryption.rb
+- lib/s3_secure/cli/help.rb
+- lib/s3_secure/cli/lifecycle.rb
+- lib/s3_secure/cli/policy.rb
+- lib/s3_secure/cli/public_access.rb
+- lib/s3_secure/cli/remediate_all.rb
+- lib/s3_secure/cli/say.rb
+- lib/s3_secure/cli/summary.rb
+- lib/s3_secure/cli/versioning.rb
 - lib/s3_secure/command.rb
 - lib/s3_secure/completer.rb
 - lib/s3_secure/completer/script.rb
 - lib/s3_secure/completer/script.sh
-- lib/s3_secure/encryption.rb
 - lib/s3_secure/encryption/base.rb
 - lib/s3_secure/encryption/disable.rb
 - lib/s3_secure/encryption/enable.rb
 - lib/s3_secure/encryption/list.rb
 - lib/s3_secure/encryption/show.rb
-- lib/s3_secure/help.rb
 - lib/s3_secure/help/batch.md
 - lib/s3_secure/help/completion.md
 - lib/s3_secure/help/completion_script.md
@@ -248,14 +269,12 @@ files:
 - lib/s3_secure/help/policy/list.md
 - lib/s3_secure/help/policy/unforce_ssl.md
 - lib/s3_secure/help/summary.md
-- lib/s3_secure/lifecycle.rb
 - lib/s3_secure/lifecycle/add.rb
 - lib/s3_secure/lifecycle/base.rb
 - lib/s3_secure/lifecycle/builder.rb
 - lib/s3_secure/lifecycle/list.rb
 - lib/s3_secure/lifecycle/remove.rb
 - lib/s3_secure/lifecycle/show.rb
-- lib/s3_secure/policy.rb
 - lib/s3_secure/policy/base.rb
 - lib/s3_secure/policy/checker.rb
 - lib/s3_secure/policy/document.rb
@@ -266,14 +285,15 @@ files:
 - lib/s3_secure/policy/list.rb
 - lib/s3_secure/policy/show.rb
 - lib/s3_secure/policy/unforce.rb
-- lib/s3_secure/remediate_all.rb
-- lib/s3_secure/say.rb
-- lib/s3_secure/summary.rb
+- lib/s3_secure/public_access/base.rb
+- lib/s3_secure/public_access/block.rb
+- lib/s3_secure/public_access/list.rb
+- lib/s3_secure/public_access/show.rb
+- lib/s3_secure/public_access/unblock.rb
 - lib/s3_secure/summary/item.rb
 - lib/s3_secure/summary/items.rb
 - lib/s3_secure/table.rb
 - lib/s3_secure/version.rb
-- lib/s3_secure/versioning.rb
 - lib/s3_secure/versioning/base.rb
 - lib/s3_secure/versioning/disable.rb
 - lib/s3_secure/versioning/enable.rb
@@ -286,7 +306,7 @@ files:
 - spec/lib/policy/document/force_ssl_remove_spec.rb
 - spec/lib/policy/document_spec.rb
 - spec/spec_helper.rb
-homepage: https://github.com/tongueroo/s3-secure
+homepage: https://github.com/boltops-tools/s3-secure
 licenses:
 - Apache2.0
 metadata: {}
@@ -305,7 +325,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.1.2
+rubygems_version: 3.2.32
 signing_key: 
 specification_version: 4
 summary: S3 Bucket security hardening tool

data/lib/s3_secure/help.rb

@@ -1,9 +0,0 @@
-module S3Secure::Help
-  class << self
-    def text(namespaced_command)
-      path = namespaced_command.to_s.gsub(':','/')
-      path = File.expand_path("../help/#{path}.md", __FILE__)
-      IO.read(path) if File.exist?(path)
-    end
-  end
-end