sensu-plugins-aws 11.0.0 → 11.1.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: cf38e747e9eacaf74e5266c61fb6425729e033b72258e95a97c2c2c3bfafaa6e
-  data.tar.gz: ac749130f70447fc122f00613424793ea1f699184bccc1bee71de020a75c0c84
+  metadata.gz: 52c7355c7f130cafcc95d18c1156cac80d9792cb241098c61f9068443c3a11fd
+  data.tar.gz: b6e0d9e624ccf1e0069df968c1a75d6a328f7f92e3163957c92f01189124e7c0
 SHA512:
-  metadata.gz: 88e750cb8957949dcf0d9d235f182e5327841b9dac8aa0fe53689012a2a7dbd6c49d4f5591d95284175d45aaff0a66115b7569ba4e7bcd05841937a348598447
-  data.tar.gz: b923084b699ebb9a26ac5e11632573a79d9ff432b6de1b5434d2ca027283d017ae611517981b6656435bf5a5f7d83232c39e4fc44dfc1fdac63db71b185c1854
+  metadata.gz: 580a14d2aa95d515887acff5bd11bd22db1b5af2aa26afcd335cfb04509e48fd3c83c5596f83b718319370a56f2ef39f9f314f811a7d58a6d8c81a9e1f3a6a58
+  data.tar.gz: e680f5379849fcba56dd0864bb8bac02f0c29d6eae2723315cbb246ee4e4fc8553162c5d86916cb9bf5d2d29c7a2a971a88e5326a56d714c16e25acec0522ed6

data/CHANGELOG.md

@@ -5,6 +5,14 @@ This CHANGELOG follows the format listed [here](https://github.com/sensu-plugins
 
 ## [Unreleased]
 
+## [11.0.0] - 2018-11-21
+### Added
+- check-s3-bucket-visibility.rb: added option `--all-buckets` to check for all buckets in the region specified for insecure buckets (@majormoses)
+- check-s3-bucket-visibility.rb: added option `--excluded-buckets` to ignore specific buckets that are expected to be loose such as s3 buckets for static website hosting (@majormoses)
+
+### Changed
+- check-s3-bucket-visibility.rb: now uses `aws-sdk-s3` while keeping other plugins locked at their respective versions (@majormoses)
+
 ## [11.0.0] - 2018-02-09
 ### Breaking Changes
 - metrics-elb-full.rb: removed in favor of metrics-elb.rb, which is slightly more configurable and uses the AWS-SDK v2 already. Compared to metrics-elb-full.rb, metrics-elb.rb no longer takes --aws-access-key, --aws-secret-access-key flags, Authentication should be configured per [here](https://github.com/sensu-plugins/sensu-plugins-aws/blob/master/README.md#authentication). --scheme has a default value of `elb` now (@multani)
@@ -436,7 +444,8 @@ WARNING:  This release contains major breaking changes that will impact all user
 ### Added
 - initial release
 
-[Unreleased]: https://github.com/sensu-plugins/sensu-plugins-aws/compare/11.0.0...HEAD
+[Unreleased]: https://github.com/sensu-plugins/sensu-plugins-aws/compare/11.1.0...HEAD
+[11.1.0]: https://github.com/sensu-plugins/sensu-plugins-aws/compare/11.0.0...11.1.0
 [11.0.0]: https://github.com/sensu-plugins/sensu-plugins-aws/compare/10.2.0...11.0.0
 [10.2.0]:https://github.com/sensu-plugins/sensu-plugins-aws/compare/10.1.2...10.2.0
 [10.1.2]: https://github.com/sensu-plugins/sensu-plugins-aws/compare/10.1.1...10.1.2

data/bin/check-s3-bucket-visibility.rb

@@ -29,7 +29,7 @@
 #   for details.
 #
 
-require 'aws-sdk'
+require 'aws-sdk-s3'
 require 'sensu-plugin/check/cli'
 require 'sensu-plugins-aws'
 
@@ -44,7 +44,21 @@ class CheckS3Bucket < Sensu::Plugin::Check::CLI
   option :bucket_names,
          short: '-b BUCKET_NAMES',
          long: '--bucket-names',
-         description: 'A comma seperated list of S3 buckets to check'
+         description: 'A comma seperated list of S3 buckets to check',
+         proc: proc { |b| b.split(',') }
+
+  option :all_buckets,
+         short: '-a BOOL',
+         long: '--all-buckets BOOL',
+         description: 'If all buckets are true it will look at any buckets that we have access to in the region',
+         boolean: true,
+         default: false
+
+  option :exclude_buckets,
+         short: '-e EXCLUDED_BUCKETS_COMMA_SEPERATED',
+         long: '--excluded-buckets EXCLUDED_BUCKETS_COMMA_SEPERATED',
+         description: 'A comma seperated list of buckets to ignore that are expected to have loose permissions',
+         proc: proc { |b| b.split(',') }
 
   option :critical_on_missing,
          short: '-m ',
@@ -60,6 +74,26 @@ class CheckS3Bucket < Sensu::Plugin::Check::CLI
     @s3_client ||= Aws::S3::Client.new
   end
 
+  def s3_resource
+    @s3_resource || Aws::S3::Resource.new
+  end
+
+  def list_buckets
+    buckets = []
+    s3_resource.buckets.each do |bucket|
+      if s3_resource.client.get_bucket_location(bucket: bucket.name).location_constraint == config[:aws_region]
+        buckets << bucket.name
+      else
+        p "skipping bucket: #{bucket.name} as is not in the region specified: #{config[:aws_region]}"
+      end
+    end
+    buckets
+  end
+
+  def excluded_bucket?(bucket_name)
+    config[:exclude_buckets].include?(bucket_name)
+  end
+
   def website_configuration?(bucket_name)
     s3_client.get_bucket_website(bucket: bucket_name)
     true
@@ -88,9 +122,19 @@ class CheckS3Bucket < Sensu::Plugin::Check::CLI
   def run
     errors = []
     warnings = []
-    buckets = config[:bucket_names].split ','
+    buckets = if config[:all_buckets]
+                list_buckets
+              elsif config[:bucket_names] && !config[:bucket_names].empty?
+                config[:bucket_names]
+              else
+                unknown 'you must specify either all buckets or provide list of buckets'
+              end
 
     buckets.each do |bucket_name|
+      if excluded_bucket?(bucket_name)
+        p "bucket_name: #{bucket_name} was ignored as it matched excluded_buckets"
+        next
+      end
       begin
         if website_configuration?(bucket_name)
           errors.push "#{bucket_name}: website configuration found"
@@ -98,7 +142,7 @@ class CheckS3Bucket < Sensu::Plugin::Check::CLI
         if policy_too_permissive?(get_bucket_policy(bucket_name))
           errors.push "#{bucket_name}: bucket policy too permissive"
         end
-      rescue Aws::S3::Errors::NoSuchBucket => _
+      rescue Aws::S3::Errors::NoSuchBucket
         mesg = "Bucket #{bucket_name} not found"
         true?(config[:critical_on_missing]) ? errors.push(mesg) : warnings.push(mesg)
       end

data/lib/sensu-plugins-aws/version.rb

@@ -1,7 +1,7 @@
 module SensuPluginsAWS
   module Version
     MAJOR = 11
-    MINOR = 0
+    MINOR = 1
     PATCH = 0
     VER_STRING = [MAJOR, MINOR, PATCH].compact.join('.')
   end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: sensu-plugins-aws
 version: !ruby/object:Gem::Version
-  version: 11.0.0
+  version: 11.1.0
 platform: ruby
 authors:
 - Sensu-Plugins and contributors
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2018-02-09 00:00:00.000000000 Z
+date: 2018-03-21 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: sensu-plugin
@@ -30,14 +30,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '2.10'
+        version: '3.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '2.10'
+        version: '3.0'
 - !ruby/object:Gem::Dependency
   name: aws-sdk-v1
   requirement: !ruby/object:Gem::Requirement
@@ -445,7 +445,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.7.5
+rubygems_version: 2.7.6
 signing_key: 
 specification_version: 4
 summary: Sensu plugins for working with an AWS environment