s3-secure 0.6.0 → 0.7.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 739695e06691bf9716545d0874b7a92bca5c739d78ebd7caee2458a45dbf767e
-  data.tar.gz: 2b9d47ad43044cd0b70e4063639d08c7963e8c144057ddc4b56556e07f7d7ee1
+  metadata.gz: 0e15a47d29daa735b3711252366efd5098a37deb8a462890247bc02e1a5142a5
+  data.tar.gz: d0e54444d2e786683ac9c04616df08b3ec967d1f6ae12a8623f9a1ae10161446
 SHA512:
-  metadata.gz: a68b9daf5ec3b047776a5e3e70ecf7aa680bb5fb685d911ff82d04c0baffd73b13e2d5acc3c899a241c10a2da7825de8b35a8fbe89116c95f515be1ee4b70017
-  data.tar.gz: 48346b04e0e720b004aec4b73ecb8da5c191b0f0018eceb9041a0b32fdd71f5a840a005be4df5daed95752af125770ceebc48e06b39b2131adb3c29af0463861
+  metadata.gz: 02773d9b0dec9ac2a707c00006419b0e454e29d8f56bf8752c2306481c9ac93f1ed8b07a24fdbeba0b8280b0b00c968636c6cfaa5e4db68237f6c7889434abcb
+  data.tar.gz: 6f83926d4bfe6ea06620e7901e13492770246ed31bfb1bb119f62546d20038e4576ce26997111dfc3539294cc34fdd2952aef8b90d7ba3d5314780c83c2b4b0d

data/CHANGELOG.md

@@ -3,6 +3,12 @@
 All notable changes to this project will be documented in this file.
 This project *tries* to adhere to [Semantic Versioning](http://semver.org/), even before v1.0.
 
+## [0.7.0] - 2023-07-11
+- [#8](https://github.com/tongueroo/s3-secure/pull/8) fix s3.put_bucket_acl with s3.put_bucket_ownership_controls
+
+## [0.6.1] - 2021-12-30
+- [#6](https://github.com/tongueroo/s3-secure/pull/6) maintain backward compatibility terraspace_plugin_aws
+
 ## [0.6.0] - 2021-12-30
 - [#4](https://github.com/tongueroo/s3-secure/pull/4) refactor move directly related cli classes to subfolder
 - [#5](https://github.com/tongueroo/s3-secure/pull/5) add public access block support

data/lib/s3_secure/access_logs/enable.rb

@@ -13,6 +13,17 @@ module S3Secure::AccessLogs
         return
       end
 
+      # require to add in order to use put_bucket_acl since this change
+      # https://aws.amazon.com/blogs/aws/amazon-s3-block-public-access-another-layer-of-protection-for-your-accounts-and-buckets/
+      s3.put_bucket_ownership_controls(
+        bucket: @bucket,
+        ownership_controls: { # required
+          rules: [ # required
+            {object_ownership: "ObjectWriter"}, # required, accepts BucketOwnerPreferred, ObjectWriter, BucketOwnerEnforced
+          ],
+        },
+      )
+
       s3.put_bucket_acl(
         bucket: @bucket,
         access_control_policy: @show.access_control_policy_with_log_delivery_permissions,

data/lib/s3_secure/backwards_compatibility.rb

@@ -0,0 +1,20 @@
+module S3Secure
+  module BackwardsCompatibility
+  end
+
+  module Encryption
+    CLI::Encryption::Enable = Encryption::Enable
+  end
+  module Policy
+    CLI::Policy::Enforce = Policy::Enforce
+  end
+  module Versioning
+    CLI::Versioning::Enable = Versioning::Enable
+  end
+  module Lifecycle
+    CLI::Lifecycle::Add = Lifecycle::Add
+  end
+  module AccessLogs
+    CLI::AccessLogs::Enable = AccessLogs::Enable
+  end
+end

data/lib/s3_secure/policy/document/base.rb

@@ -1,4 +1,4 @@
-module S3Secure::Policy::Document
+class S3Secure::Policy::Document
   class Base
     extend Memoist
 

data/lib/s3_secure/policy/document/force_ssl_only_access.rb

@@ -1,4 +1,4 @@
-module S3Secure::Policy::Document
+class S3Secure::Policy::Document
   class ForceSSLOnlyAccess < Base
     def policy_document
       if @bucket_policy.blank?

data/lib/s3_secure/policy/document/force_ssl_only_access_remove.rb

@@ -1,4 +1,4 @@
-module S3Secure::Policy::Document
+class S3Secure::Policy::Document
   class ForceSSLOnlyAccessRemove < Base
     def initialize(bucket, bucket_policy)
       # @bucket_policy is existing document policy

data/lib/s3_secure/public_access/block.rb

@@ -10,7 +10,7 @@ module S3Secure::PublicAccess
           restrict_public_buckets: true,
         },
       )
-      $stderr.puts("Public access blocked for bucket: #{@bucket}")
+      say "Public access blocked for bucket: #{@bucket}"
       resp
     end
   end

data/lib/s3_secure/public_access/list.rb

@@ -5,7 +5,7 @@ module S3Secure::PublicAccess
       presenter.header = ["Bucket", "Block Public Access?"]
 
       buckets.each do |bucket|
-        $stderr.puts "Getting bucket public access configuration for bucket #{bucket.color(:green)}"
+        say "Getting bucket public access configuration for bucket #{bucket.color(:green)}"
 
         blocked = Show.new(bucket: bucket).blocked?
         row = [bucket, blocked]

data/lib/s3_secure/public_access/show.rb

@@ -4,10 +4,10 @@ module S3Secure::PublicAccess
       resp = s3.get_public_access_block(
         bucket: @bucket,
       )
-      $stderr.puts(resp.to_h)
+      say(resp.to_h)
       resp
     rescue Aws::S3::Errors::NoSuchPublicAccessBlockConfiguration
-      $stderr.puts "No public access block configuration found for bucket: #{@bucket}"
+      say "No public access block configuration found for bucket: #{@bucket}"
     end
 
     def blocked?

data/lib/s3_secure/public_access/unblock.rb

@@ -4,7 +4,7 @@ module S3Secure::PublicAccess
       resp = s3.delete_public_access_block(
         bucket: @bucket,
       )
-      $stderr.puts("Removed public access block configuration for bucket: #{@bucket}")
+      say("Removed public access block configuration for bucket: #{@bucket}")
       resp
     end
   end

data/lib/s3_secure/version.rb

@@ -1,3 +1,3 @@
 module S3Secure
-  VERSION = "0.6.0"
+  VERSION = "0.7.0"
 end

data/lib/s3_secure.rb

@@ -14,3 +14,5 @@ S3Secure::Autoloader.setup
 module S3Secure
   class Error < StandardError; end
 end
+
+require_relative "s3_secure/backwards_compatibility"

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: s3-secure
 version: !ruby/object:Gem::Version
-  version: 0.6.0
+  version: 0.7.0
 platform: ruby
 authors:
 - Tung Nguyen
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2021-12-30 00:00:00.000000000 Z
+date: 2023-07-11 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: activesupport
@@ -233,6 +233,7 @@ files:
 - lib/s3_secure/autoloader.rb
 - lib/s3_secure/aws_services.rb
 - lib/s3_secure/aws_services/s3.rb
+- lib/s3_secure/backwards_compatibility.rb
 - lib/s3_secure/cli.rb
 - lib/s3_secure/cli/access_logs.rb
 - lib/s3_secure/cli/base.rb
@@ -325,7 +326,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.2.32
+rubygems_version: 3.4.10
 signing_key: 
 specification_version: 4
 summary: S3 Bucket security hardening tool