sport_ngin_aws_auditor 0.3.0 → 3.1.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.soyuz.yml +13 -0
- data/CHANGELOG.markdown +7 -0
- data/README.md +12 -2
- data/bin/sport-ngin-aws-auditor +1 -0
- data/lib/sport_ngin_aws_auditor/aws.rb +4 -0
- data/lib/sport_ngin_aws_auditor/commands/audit.rb +1 -1
- data/lib/sport_ngin_aws_auditor/commands/export.rb +1 -1
- data/lib/sport_ngin_aws_auditor/commands/inspect.rb +1 -1
- data/lib/sport_ngin_aws_auditor/convenience_wrappers.rb +6 -2
- data/lib/sport_ngin_aws_auditor/scripts/audit.rb +2 -2
- data/lib/sport_ngin_aws_auditor/scripts/export.rb +2 -2
- data/lib/sport_ngin_aws_auditor/scripts/inspect.rb +2 -2
- data/lib/sport_ngin_aws_auditor/version.rb +1 -1
- data/spec/sport_ngin_aws_auditor/aws_spec.rb +9 -2
- metadata +3 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 8a729a98a969d22420b9c43f6c97b81296d8ddec
|
4
|
+
data.tar.gz: ce7be235f4f0606abd915afcedc8edb81660112f
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 34ad6c153be5887b02c394449119916a93af889ab853ea8f7ba62fe6f479779195aaa45979a516f3e8487e06a88a5129961348a7ff5879b630c398e0afebbe57
|
7
|
+
data.tar.gz: f07e5fc024016ec6ed798c7ed101753f315bef1fecea7ad09d59c3472bb3912544df7f3b778a2ae34c94496a57f7059318c1622d248dcf68b70533d60f8b204c
|
data/.soyuz.yml
ADDED
@@ -0,0 +1,13 @@
|
|
1
|
+
defaults:
|
2
|
+
deploy_cmd: gem push *.gem
|
3
|
+
before_deploy_cmds:
|
4
|
+
- /usr/local/bin/op tag-release
|
5
|
+
- sed -i "" -e "s/\".*/\"$(git tag| sed s/v// | sort -n -t. -k1,1 -k2,2 -k3,3 | tail -1)\"/" lib/sport_ngin_aws_auditor/version.rb
|
6
|
+
- git add lib/sport_ngin_aws_auditor/version.rb
|
7
|
+
- git commit -m "Version Bump" && git push
|
8
|
+
- gem build sport_ngin_aws_auditor.gemspec
|
9
|
+
after_deploy_cmds:
|
10
|
+
- rm *.gem
|
11
|
+
environments:
|
12
|
+
-
|
13
|
+
rubygems: {}
|
data/CHANGELOG.markdown
CHANGED
data/README.md
CHANGED
@@ -21,7 +21,7 @@ Or install it yourself as:
|
|
21
21
|
## How-to
|
22
22
|
|
23
23
|
### AWS Setup
|
24
|
-
|
24
|
+
Either create an `~/.aws/credentials` file that should have the following structure:
|
25
25
|
|
26
26
|
```
|
27
27
|
[ACCOUNT 1]
|
@@ -37,6 +37,10 @@ aws_access_key_id = [AWS ACCESS KEY]
|
|
37
37
|
aws_secret_access_key = [SECRET ACCESS KEY]
|
38
38
|
```
|
39
39
|
|
40
|
+
Then this gem will use [AWS Shared Credentials](http://docs.aws.amazon.com/cli/latest/userguide/cli-chap-getting-started.html) with your credentials file. However, if you'd like to run these through either a default profile in your credentials file or through [User Roles](http://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_cross-account-with-roles.html), then use the flag `aws_roles`:
|
41
|
+
|
42
|
+
$ sport_ngin_aws_auditor --aws_roles [command] account1
|
43
|
+
|
40
44
|
### Google Setup (optional)
|
41
45
|
You can export audit information to a Google Spreadsheet, but you must first follow “Create a client ID and client secret” on [this page](https://developers.google.com/drive/web/auth/web-server) to get a client ID and client secret for OAuth. Then create a `.google.yml` in your home directory with the following structure.
|
42
46
|
|
@@ -72,7 +76,7 @@ To print a condensed version of the discrepancies to a Slack account (instead of
|
|
72
76
|
|
73
77
|
$ sport_ngin_aws_auditor audit --slack account1
|
74
78
|
|
75
|
-
For this option to use a designated channel, username, icon/emoji, and webhook, set up a global config file
|
79
|
+
For this option to use a designated channel, username, icon/emoji, and webhook, set up a global config file that should look like this:
|
76
80
|
|
77
81
|
```
|
78
82
|
slack:
|
@@ -82,6 +86,12 @@ slack:
|
|
82
86
|
webhook: [YOUR WEBHOOK URL]
|
83
87
|
```
|
84
88
|
|
89
|
+
The default is for the file to be called `.aws_auditor.yml` in your home directory, but to pass in a different path, feel free to pass it in via command line like this:
|
90
|
+
|
91
|
+
$ sport_ngin_aws-auditor --config="/PATH/TO/FILE/slack_file_creds.yml" audit --slack staging
|
92
|
+
|
93
|
+
The webhook urls for slack can be obtained [here](https://api.slack.com/incoming-webhooks).
|
94
|
+
|
85
95
|
### The Inspect Command
|
86
96
|
|
87
97
|
To list information about all running instances in your account, run:
|
data/bin/sport-ngin-aws-auditor
CHANGED
@@ -11,6 +11,7 @@ version SportNginAwsAuditor::VERSION
|
|
11
11
|
wrap_help_text :verbatim
|
12
12
|
|
13
13
|
flag [:config], :desc => 'SportNginAwsAuditor config file path', :default_value => SportNginAwsAuditor::DefaultPaths.config
|
14
|
+
switch [:aws_roles], :desc => 'Use AWS roles instead of an ~/.aws/credentials file'
|
14
15
|
|
15
16
|
program_long_desc """
|
16
17
|
DOCUMENTATION
|
@@ -12,6 +12,6 @@ command 'audit' do |c|
|
|
12
12
|
c.action do |global_options, options, args|
|
13
13
|
require_relative '../scripts/audit'
|
14
14
|
raise ArgumentError, 'You must specify an AWS account' unless args.first
|
15
|
-
SportNginAwsAuditor::Scripts::Audit.execute(args.first, options)
|
15
|
+
SportNginAwsAuditor::Scripts::Audit.execute(args.first, options, global_options)
|
16
16
|
end
|
17
17
|
end
|
@@ -6,6 +6,6 @@ command 'export' do |c|
|
|
6
6
|
c.action do |global_options, options, args|
|
7
7
|
require_relative '../scripts/export'
|
8
8
|
raise ArgumentError, 'You must specify an AWS account' unless args.first
|
9
|
-
SportNginAwsAuditor::Scripts::Export.execute(args.first, options)
|
9
|
+
SportNginAwsAuditor::Scripts::Export.execute(args.first, options, global_options)
|
10
10
|
end
|
11
11
|
end
|
@@ -7,6 +7,6 @@ command 'inspect' do |c|
|
|
7
7
|
c.action do |global_options, options, args|
|
8
8
|
require_relative '../scripts/inspect'
|
9
9
|
raise ArgumentError, 'You must specify an AWS account' unless args.first
|
10
|
-
SportNginAwsAuditor::Scripts::Inspect.execute(args.first,options)
|
10
|
+
SportNginAwsAuditor::Scripts::Inspect.execute(args.first,options, global_options)
|
11
11
|
end
|
12
12
|
end
|
@@ -7,8 +7,12 @@ module SportNginAwsAuditor
|
|
7
7
|
module AWSWrapper
|
8
8
|
attr_accessor :aws, :account_id
|
9
9
|
|
10
|
-
def aws(environment)
|
11
|
-
|
10
|
+
def aws(environment, roles)
|
11
|
+
if roles
|
12
|
+
SportNginAwsAuditor::AWSSDK.authenticate_with_roles(environment)
|
13
|
+
else
|
14
|
+
SportNginAwsAuditor::AWSSDK.authenticate(environment)
|
15
|
+
end
|
12
16
|
end
|
13
17
|
|
14
18
|
def get_account_id
|
@@ -10,8 +10,8 @@ module SportNginAwsAuditor
|
|
10
10
|
attr_accessor :options
|
11
11
|
end
|
12
12
|
|
13
|
-
def self.execute(environment, options=nil)
|
14
|
-
aws(environment)
|
13
|
+
def self.execute(environment, options=nil, global_options=nil)
|
14
|
+
aws(environment, global_options[:aws_roles])
|
15
15
|
@options = options
|
16
16
|
slack = options[:slack]
|
17
17
|
no_selection = !(options[:ec2] || options[:rds] || options[:cache])
|
@@ -13,10 +13,10 @@ module SportNginAwsAuditor
|
|
13
13
|
|
14
14
|
CLASS_TYPES = %w[EC2Instance RDSInstance CacheInstance]
|
15
15
|
|
16
|
-
def self.execute(environment, options = nil)
|
16
|
+
def self.execute(environment, options = nil, global_options = nil)
|
17
17
|
@environment = environment
|
18
18
|
(puts "Must specify either --drive or --csv"; exit) unless options[:csv] || options[:drive]
|
19
|
-
aws(environment)
|
19
|
+
aws(environment, global_options[:aws_roles])
|
20
20
|
print "Gathering info, please wait..."
|
21
21
|
all_keys = get_all_keys
|
22
22
|
all_info = prepare
|
@@ -4,8 +4,8 @@ module SportNginAwsAuditor
|
|
4
4
|
extend AWSWrapper
|
5
5
|
extend OpsWorksWrapper
|
6
6
|
|
7
|
-
def self.execute(environment, options=nil)
|
8
|
-
aws(environment)
|
7
|
+
def self.execute(environment, options=nil, global_options=nil)
|
8
|
+
aws(environment, global_options[:aws_roles])
|
9
9
|
no_selection = options.values.uniq == [false]
|
10
10
|
output("EC2Instance") if options[:ec2] || no_selection
|
11
11
|
output("RDSInstance") if options[:rds] || no_selection
|
@@ -2,7 +2,7 @@ require "sport_ngin_aws_auditor"
|
|
2
2
|
|
3
3
|
module SportNginAwsAuditor
|
4
4
|
describe AWSSDK do
|
5
|
-
context 'without mfa' do
|
5
|
+
context 'without mfa without roles' do
|
6
6
|
before :each do
|
7
7
|
mfa_devices = double('mfa_devices', mfa_devices: [])
|
8
8
|
iam_client = double('iam_client', list_mfa_devices: mfa_devices)
|
@@ -22,7 +22,7 @@ module SportNginAwsAuditor
|
|
22
22
|
end
|
23
23
|
end
|
24
24
|
|
25
|
-
context 'with mfa' do
|
25
|
+
context 'with mfa without roles' do
|
26
26
|
it "should use MFA if it should" do
|
27
27
|
shared_credentials = double('shared_credentials', access_key_id: 'access_key_id',
|
28
28
|
secret_access_key: 'secret_access_key')
|
@@ -44,5 +44,12 @@ module SportNginAwsAuditor
|
|
44
44
|
AWSSDK::authenticate('staging')
|
45
45
|
end
|
46
46
|
end
|
47
|
+
|
48
|
+
context 'without mfa with roles' do
|
49
|
+
it "should update configs" do
|
50
|
+
expect(Aws.config).to receive(:update).with({region: 'us-east-1'})
|
51
|
+
AWSSDK::authenticate_with_roles('staging')
|
52
|
+
end
|
53
|
+
end
|
47
54
|
end
|
48
55
|
end
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: sport_ngin_aws_auditor
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version:
|
4
|
+
version: 3.1.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Elliot Hursh
|
@@ -10,7 +10,7 @@ authors:
|
|
10
10
|
autorequire:
|
11
11
|
bindir: bin
|
12
12
|
cert_chain: []
|
13
|
-
date: 2016-07-
|
13
|
+
date: 2016-07-08 00:00:00.000000000 Z
|
14
14
|
dependencies:
|
15
15
|
- !ruby/object:Gem::Dependency
|
16
16
|
name: aws-sdk
|
@@ -181,6 +181,7 @@ files:
|
|
181
181
|
- ".rspec"
|
182
182
|
- ".ruby-gemset"
|
183
183
|
- ".ruby-version"
|
184
|
+
- ".soyuz.yml"
|
184
185
|
- ".travis.yml"
|
185
186
|
- CHANGELOG.markdown
|
186
187
|
- Gemfile
|