sport_ngin_aws_auditor 0.3.0 → 3.1.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 497401fd2c9de4c7962fc97283f6cc81e99c8f5c
-  data.tar.gz: 1e1809af12e7534be7cddedafc460118267a034d
+  metadata.gz: 8a729a98a969d22420b9c43f6c97b81296d8ddec
+  data.tar.gz: ce7be235f4f0606abd915afcedc8edb81660112f
 SHA512:
-  metadata.gz: 1be186b05ada192823dc6342365cc9f03c594847f325bd09bae8737495157b5df1bc909547174c3a2230c2b484115364602ea0aaccbc5ce421eb0ba68522adab
-  data.tar.gz: daf4c47f1940f302a8e589fe77c2aa45f69dd7affdc2f743d8685842c9555d9610b0ae5897fe91874ac2140944a379fd3011cae803c40d18530a20f417b553cc
+  metadata.gz: 34ad6c153be5887b02c394449119916a93af889ab853ea8f7ba62fe6f479779195aaa45979a516f3e8487e06a88a5129961348a7ff5879b630c398e0afebbe57
+  data.tar.gz: f07e5fc024016ec6ed798c7ed101753f315bef1fecea7ad09d59c3472bb3912544df7f3b778a2ae34c94496a57f7059318c1622d248dcf68b70533d60f8b204c

data/.soyuz.yml

@@ -0,0 +1,13 @@
+defaults:
+  deploy_cmd: gem push *.gem
+  before_deploy_cmds:
+    - /usr/local/bin/op tag-release
+    - sed -i "" -e "s/\".*/\"$(git tag| sed s/v// | sort -n -t. -k1,1 -k2,2 -k3,3 | tail -1)\"/" lib/sport_ngin_aws_auditor/version.rb
+    - git add  lib/sport_ngin_aws_auditor/version.rb
+    - git commit -m "Version Bump" && git push
+    - gem build sport_ngin_aws_auditor.gemspec
+  after_deploy_cmds:
+    - rm *.gem
+environments:
+  -
+    rubygems: {}

data/CHANGELOG.markdown

@@ -1,3 +1,10 @@
+#### v3.1.0
+* Authentication with AWS roles instead of credentials file
+
+  > Emma Sax: Brian Bergstrom: https://github.com/sportngin/sport_ngin_aws_auditor/pull/7
+
+#### v3.0.2
+#### v3.0.1
 #### v3.0.0
 * Rename gem directories and modules
 

data/README.md

@@ -21,7 +21,7 @@ Or install it yourself as:
 ## How-to
 
 ### AWS Setup
-Create an `~/.aws/credentials` file that should have the following structure:
+Either create an `~/.aws/credentials` file that should have the following structure:
 
 ```
 [ACCOUNT 1]
@@ -37,6 +37,10 @@ aws_access_key_id = [AWS ACCESS KEY]
 aws_secret_access_key = [SECRET ACCESS KEY]
 ```
 
+Then this gem will use [AWS Shared Credentials](http://docs.aws.amazon.com/cli/latest/userguide/cli-chap-getting-started.html) with your credentials file. However, if you'd like to run these through either a default profile in your credentials file or through [User Roles](http://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_cross-account-with-roles.html), then use the flag `aws_roles`:
+
+    $ sport_ngin_aws_auditor --aws_roles [command] account1
+
 ### Google Setup (optional)
 You can export audit information to a Google Spreadsheet, but you must first follow “Create a client ID and client secret” on [this page](https://developers.google.com/drive/web/auth/web-server) to get a client ID and client secret for OAuth. Then create a `.google.yml` in your home directory with the following structure.
 
@@ -72,7 +76,7 @@ To print a condensed version of the discrepancies to a Slack account (instead of
 
     $ sport_ngin_aws_auditor audit --slack account1
 
-For this option to use a designated channel, username, icon/emoji, and webhook, set up a global config file (called `.aws_auditor.yml`) in your home directory. The webhook urls for slack can be obtained [here](https://api.slack.com/incoming-webhooks). The config file should look something like this:
+For this option to use a designated channel, username, icon/emoji, and webhook, set up a global config file that should look like this:
 
 ```
 slack:
@@ -82,6 +86,12 @@ slack:
   webhook: [YOUR WEBHOOK URL]
 ```
 
+The default is for the file to be called `.aws_auditor.yml` in your home directory, but to pass in a different path, feel free to pass it in via command line like this:
+
+    $ sport_ngin_aws-auditor --config="/PATH/TO/FILE/slack_file_creds.yml" audit --slack staging
+
+The webhook urls for slack can be obtained [here](https://api.slack.com/incoming-webhooks).
+
 ### The Inspect Command
 
 To list information about all running instances in your account, run:

data/bin/sport-ngin-aws-auditor

@@ -11,6 +11,7 @@ version SportNginAwsAuditor::VERSION
 wrap_help_text :verbatim
 
 flag [:config], :desc => 'SportNginAwsAuditor config file path', :default_value => SportNginAwsAuditor::DefaultPaths.config
+switch [:aws_roles], :desc => 'Use AWS roles instead of an ~/.aws/credentials file'
 
 program_long_desc """
 DOCUMENTATION

data/lib/sport_ngin_aws_auditor/aws.rb

@@ -40,5 +40,9 @@ module SportNginAwsAuditor
                                        serial_number: mfa_serial_number,
                                        token_code: mfa_token)
     end
+
+    def self.authenticate_with_roles(environment)
+        Aws.config.update({region: 'us-east-1'})
+    end
   end
 end

data/lib/sport_ngin_aws_auditor/commands/audit.rb

@@ -12,6 +12,6 @@ command 'audit' do |c|
   c.action do |global_options, options, args|
     require_relative '../scripts/audit'
     raise ArgumentError, 'You must specify an AWS account' unless args.first
-    SportNginAwsAuditor::Scripts::Audit.execute(args.first, options)
+    SportNginAwsAuditor::Scripts::Audit.execute(args.first, options, global_options)
   end
 end

data/lib/sport_ngin_aws_auditor/commands/export.rb

@@ -6,6 +6,6 @@ command 'export' do |c|
   c.action do |global_options, options, args|
     require_relative '../scripts/export'
     raise ArgumentError, 'You must specify an AWS account' unless args.first
-    SportNginAwsAuditor::Scripts::Export.execute(args.first, options)
+    SportNginAwsAuditor::Scripts::Export.execute(args.first, options, global_options)
   end
 end

data/lib/sport_ngin_aws_auditor/commands/inspect.rb

@@ -7,6 +7,6 @@ command 'inspect' do |c|
   c.action do |global_options, options, args|
     require_relative '../scripts/inspect'
     raise ArgumentError, 'You must specify an AWS account' unless args.first
-    SportNginAwsAuditor::Scripts::Inspect.execute(args.first,options)
+    SportNginAwsAuditor::Scripts::Inspect.execute(args.first,options, global_options)
   end
 end

data/lib/sport_ngin_aws_auditor/convenience_wrappers.rb

@@ -7,8 +7,12 @@ module SportNginAwsAuditor
   module AWSWrapper
     attr_accessor :aws, :account_id
 
-    def aws(environment)
-      SportNginAwsAuditor::AWSSDK.authenticate(environment)
+    def aws(environment, roles)
+      if roles
+        SportNginAwsAuditor::AWSSDK.authenticate_with_roles(environment)
+      else
+        SportNginAwsAuditor::AWSSDK.authenticate(environment)
+      end
     end
 
     def get_account_id

data/lib/sport_ngin_aws_auditor/scripts/audit.rb

@@ -10,8 +10,8 @@ module SportNginAwsAuditor
         attr_accessor :options
       end
 
-      def self.execute(environment, options=nil)
-        aws(environment)
+      def self.execute(environment, options=nil, global_options=nil)
+        aws(environment, global_options[:aws_roles])
         @options = options
         slack = options[:slack]
         no_selection = !(options[:ec2] || options[:rds] || options[:cache])

data/lib/sport_ngin_aws_auditor/scripts/export.rb

@@ -13,10 +13,10 @@ module SportNginAwsAuditor
 
       CLASS_TYPES = %w[EC2Instance RDSInstance CacheInstance]
 
-      def self.execute(environment, options = nil)
+      def self.execute(environment, options = nil, global_options = nil)
         @environment = environment
         (puts "Must specify either --drive or --csv"; exit) unless options[:csv] || options[:drive]
-        aws(environment)
+        aws(environment, global_options[:aws_roles])
         print "Gathering info, please wait..."
         all_keys = get_all_keys
         all_info = prepare

data/lib/sport_ngin_aws_auditor/scripts/inspect.rb

@@ -4,8 +4,8 @@ module SportNginAwsAuditor
       extend AWSWrapper
       extend OpsWorksWrapper
 
-      def self.execute(environment, options=nil)
-        aws(environment)
+      def self.execute(environment, options=nil, global_options=nil)
+        aws(environment, global_options[:aws_roles])
         no_selection = options.values.uniq == [false]
         output("EC2Instance") if options[:ec2] || no_selection
         output("RDSInstance") if options[:rds] || no_selection 

data/lib/sport_ngin_aws_auditor/version.rb

@@ -1,3 +1,3 @@
 module SportNginAwsAuditor
-  VERSION = "0.3.0"
+  VERSION = "3.1.0"
 end

data/spec/sport_ngin_aws_auditor/aws_spec.rb

@@ -2,7 +2,7 @@ require "sport_ngin_aws_auditor"
 
 module SportNginAwsAuditor
   describe AWSSDK do
-    context 'without mfa' do
+    context 'without mfa without roles' do
       before :each do
         mfa_devices = double('mfa_devices', mfa_devices: [])
         iam_client = double('iam_client', list_mfa_devices: mfa_devices)
@@ -22,7 +22,7 @@ module SportNginAwsAuditor
       end
     end
 
-    context 'with mfa' do
+    context 'with mfa without roles' do
       it "should use MFA if it should" do
         shared_credentials = double('shared_credentials', access_key_id: 'access_key_id',
                                                           secret_access_key: 'secret_access_key')
@@ -44,5 +44,12 @@ module SportNginAwsAuditor
         AWSSDK::authenticate('staging')
       end
     end
+
+    context 'without mfa with roles' do
+      it "should update configs" do
+        expect(Aws.config).to receive(:update).with({region: 'us-east-1'})
+        AWSSDK::authenticate_with_roles('staging')
+      end
+    end
   end
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: sport_ngin_aws_auditor
 version: !ruby/object:Gem::Version
-  version: 0.3.0
+  version: 3.1.0
 platform: ruby
 authors:
 - Elliot Hursh
@@ -10,7 +10,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2016-07-07 00:00:00.000000000 Z
+date: 2016-07-08 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk
@@ -181,6 +181,7 @@ files:
 - ".rspec"
 - ".ruby-gemset"
 - ".ruby-version"
+- ".soyuz.yml"
 - ".travis.yml"
 - CHANGELOG.markdown
 - Gemfile