s3-secure 0.6.0 → 0.7.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 739695e06691bf9716545d0874b7a92bca5c739d78ebd7caee2458a45dbf767e
4
- data.tar.gz: 2b9d47ad43044cd0b70e4063639d08c7963e8c144057ddc4b56556e07f7d7ee1
3
+ metadata.gz: 0e15a47d29daa735b3711252366efd5098a37deb8a462890247bc02e1a5142a5
4
+ data.tar.gz: d0e54444d2e786683ac9c04616df08b3ec967d1f6ae12a8623f9a1ae10161446
5
5
  SHA512:
6
- metadata.gz: a68b9daf5ec3b047776a5e3e70ecf7aa680bb5fb685d911ff82d04c0baffd73b13e2d5acc3c899a241c10a2da7825de8b35a8fbe89116c95f515be1ee4b70017
7
- data.tar.gz: 48346b04e0e720b004aec4b73ecb8da5c191b0f0018eceb9041a0b32fdd71f5a840a005be4df5daed95752af125770ceebc48e06b39b2131adb3c29af0463861
6
+ metadata.gz: 02773d9b0dec9ac2a707c00006419b0e454e29d8f56bf8752c2306481c9ac93f1ed8b07a24fdbeba0b8280b0b00c968636c6cfaa5e4db68237f6c7889434abcb
7
+ data.tar.gz: 6f83926d4bfe6ea06620e7901e13492770246ed31bfb1bb119f62546d20038e4576ce26997111dfc3539294cc34fdd2952aef8b90d7ba3d5314780c83c2b4b0d
data/CHANGELOG.md CHANGED
@@ -3,6 +3,12 @@
3
3
  All notable changes to this project will be documented in this file.
4
4
  This project *tries* to adhere to [Semantic Versioning](http://semver.org/), even before v1.0.
5
5
 
6
+ ## [0.7.0] - 2023-07-11
7
+ - [#8](https://github.com/tongueroo/s3-secure/pull/8) fix s3.put_bucket_acl with s3.put_bucket_ownership_controls
8
+
9
+ ## [0.6.1] - 2021-12-30
10
+ - [#6](https://github.com/tongueroo/s3-secure/pull/6) maintain backward compatibility terraspace_plugin_aws
11
+
6
12
  ## [0.6.0] - 2021-12-30
7
13
  - [#4](https://github.com/tongueroo/s3-secure/pull/4) refactor move directly related cli classes to subfolder
8
14
  - [#5](https://github.com/tongueroo/s3-secure/pull/5) add public access block support
@@ -13,6 +13,17 @@ module S3Secure::AccessLogs
13
13
  return
14
14
  end
15
15
 
16
+ # require to add in order to use put_bucket_acl since this change
17
+ # https://aws.amazon.com/blogs/aws/amazon-s3-block-public-access-another-layer-of-protection-for-your-accounts-and-buckets/
18
+ s3.put_bucket_ownership_controls(
19
+ bucket: @bucket,
20
+ ownership_controls: { # required
21
+ rules: [ # required
22
+ {object_ownership: "ObjectWriter"}, # required, accepts BucketOwnerPreferred, ObjectWriter, BucketOwnerEnforced
23
+ ],
24
+ },
25
+ )
26
+
16
27
  s3.put_bucket_acl(
17
28
  bucket: @bucket,
18
29
  access_control_policy: @show.access_control_policy_with_log_delivery_permissions,
@@ -0,0 +1,20 @@
1
+ module S3Secure
2
+ module BackwardsCompatibility
3
+ end
4
+
5
+ module Encryption
6
+ CLI::Encryption::Enable = Encryption::Enable
7
+ end
8
+ module Policy
9
+ CLI::Policy::Enforce = Policy::Enforce
10
+ end
11
+ module Versioning
12
+ CLI::Versioning::Enable = Versioning::Enable
13
+ end
14
+ module Lifecycle
15
+ CLI::Lifecycle::Add = Lifecycle::Add
16
+ end
17
+ module AccessLogs
18
+ CLI::AccessLogs::Enable = AccessLogs::Enable
19
+ end
20
+ end
@@ -1,4 +1,4 @@
1
- module S3Secure::Policy::Document
1
+ class S3Secure::Policy::Document
2
2
  class Base
3
3
  extend Memoist
4
4
 
@@ -1,4 +1,4 @@
1
- module S3Secure::Policy::Document
1
+ class S3Secure::Policy::Document
2
2
  class ForceSSLOnlyAccess < Base
3
3
  def policy_document
4
4
  if @bucket_policy.blank?
@@ -1,4 +1,4 @@
1
- module S3Secure::Policy::Document
1
+ class S3Secure::Policy::Document
2
2
  class ForceSSLOnlyAccessRemove < Base
3
3
  def initialize(bucket, bucket_policy)
4
4
  # @bucket_policy is existing document policy
@@ -10,7 +10,7 @@ module S3Secure::PublicAccess
10
10
  restrict_public_buckets: true,
11
11
  },
12
12
  )
13
- $stderr.puts("Public access blocked for bucket: #{@bucket}")
13
+ say "Public access blocked for bucket: #{@bucket}"
14
14
  resp
15
15
  end
16
16
  end
@@ -5,7 +5,7 @@ module S3Secure::PublicAccess
5
5
  presenter.header = ["Bucket", "Block Public Access?"]
6
6
 
7
7
  buckets.each do |bucket|
8
- $stderr.puts "Getting bucket public access configuration for bucket #{bucket.color(:green)}"
8
+ say "Getting bucket public access configuration for bucket #{bucket.color(:green)}"
9
9
 
10
10
  blocked = Show.new(bucket: bucket).blocked?
11
11
  row = [bucket, blocked]
@@ -4,10 +4,10 @@ module S3Secure::PublicAccess
4
4
  resp = s3.get_public_access_block(
5
5
  bucket: @bucket,
6
6
  )
7
- $stderr.puts(resp.to_h)
7
+ say(resp.to_h)
8
8
  resp
9
9
  rescue Aws::S3::Errors::NoSuchPublicAccessBlockConfiguration
10
- $stderr.puts "No public access block configuration found for bucket: #{@bucket}"
10
+ say "No public access block configuration found for bucket: #{@bucket}"
11
11
  end
12
12
 
13
13
  def blocked?
@@ -4,7 +4,7 @@ module S3Secure::PublicAccess
4
4
  resp = s3.delete_public_access_block(
5
5
  bucket: @bucket,
6
6
  )
7
- $stderr.puts("Removed public access block configuration for bucket: #{@bucket}")
7
+ say("Removed public access block configuration for bucket: #{@bucket}")
8
8
  resp
9
9
  end
10
10
  end
@@ -1,3 +1,3 @@
1
1
  module S3Secure
2
- VERSION = "0.6.0"
2
+ VERSION = "0.7.0"
3
3
  end
data/lib/s3_secure.rb CHANGED
@@ -14,3 +14,5 @@ S3Secure::Autoloader.setup
14
14
  module S3Secure
15
15
  class Error < StandardError; end
16
16
  end
17
+
18
+ require_relative "s3_secure/backwards_compatibility"
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: s3-secure
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.6.0
4
+ version: 0.7.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Tung Nguyen
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2021-12-30 00:00:00.000000000 Z
11
+ date: 2023-07-11 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: activesupport
@@ -233,6 +233,7 @@ files:
233
233
  - lib/s3_secure/autoloader.rb
234
234
  - lib/s3_secure/aws_services.rb
235
235
  - lib/s3_secure/aws_services/s3.rb
236
+ - lib/s3_secure/backwards_compatibility.rb
236
237
  - lib/s3_secure/cli.rb
237
238
  - lib/s3_secure/cli/access_logs.rb
238
239
  - lib/s3_secure/cli/base.rb
@@ -325,7 +326,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
325
326
  - !ruby/object:Gem::Version
326
327
  version: '0'
327
328
  requirements: []
328
- rubygems_version: 3.2.32
329
+ rubygems_version: 3.4.10
329
330
  signing_key:
330
331
  specification_version: 4
331
332
  summary: S3 Bucket security hardening tool