sport_ngin_aws_auditor 3.11.3 → 4.0.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 8d0f76d7c93a5ec23dfbc04f861ea9f1bae8e32a
4
- data.tar.gz: 5f9f2299fc81a61bcffe6d5e15a22d167a880de7
3
+ metadata.gz: 426f863fd847de5399249f6e81575fcdef99ae29
4
+ data.tar.gz: 8ad69c1ef79d4e0b3b92c59264655c28b719c001
5
5
  SHA512:
6
- metadata.gz: be355e56498bb4b5d63b3f4031f7b5b3b947b0c555410edd1d5ec133c4fdb01b345f8465da37d3fcd6e76b39818fa5a997f244d8ba796c6a0f41769501f2452c
7
- data.tar.gz: 6b1013de4972e1bfadbe884606f897a1ed8afbebae32069188da0782b152893bdc14e7282ee05dd75edf56e693aa0e3714c4e1f235e20c6c9ac0804d3d5f4ec3
6
+ metadata.gz: 52a07a51a83b4229dc3df8ce7bac6685f0b19b369ea01f100a637ae35876c06e2b4a1044a69f4d15bf7913c6114519db72144a420790bf8efa32a396cdb5a81b
7
+ data.tar.gz: bb2bbf9806d201085f611f18c6cff3439b71dcb32a6397d2bb8a059a6fca3925442b2aa522d0f1f5f74b81b3f96ee36e93207ee233648c33e70cb6a53160fa0a
data/.travis.yml CHANGED
@@ -6,6 +6,6 @@ branches:
6
6
 
7
7
  language: ruby
8
8
  rvm:
9
- - 2.2
9
+ - 2.2.5
10
10
  cache: bundler
11
11
  script: bundle exec rspec
data/CHANGELOG.markdown CHANGED
@@ -1,122 +0,0 @@
1
- #### v3.11.3
2
- * Missed this bug because I did not test previous bug's fix in Slack
3
-
4
- > Emma Sax: Unknown User: https://github.com/sportngin/sport_ngin_aws_auditor/pull/30
5
-
6
- #### v3.11.2
7
- * We actually do not want to cache the counts of instances and reserved instances between multiple runs
8
-
9
- > Emma Sax: Unknown User: https://github.com/sportngin/sport_ngin_aws_auditor/pull/29
10
-
11
- #### v3.11.1
12
- * Must merge this PR in to run the audit command correctly
13
-
14
- > Emma Sax: Unknown User: https://github.com/sportngin/sport_ngin_aws_auditor/pull/28
15
-
16
- #### v3.11.0
17
- * Automatically ignore instances based on a regex string
18
-
19
- > Emma Sax: Unknown User: https://github.com/sportngin/sport_ngin_aws_auditor/pull/26
20
-
21
- #### v3.10.1
22
- * Caching should not affect RI counts between runs
23
-
24
- > Emma Sax: Andy Fleener, Unknown User: https://github.com/sportngin/sport_ngin_aws_auditor/pull/25
25
-
26
- #### v3.10.0
27
- * Handling region-based RIs
28
-
29
- > Emma Sax: Andy Fleener, Luke Ludwig, Tim Sandquist, Unknown User: https://github.com/sportngin/sport_ngin_aws_auditor/pull/21
30
-
31
- #### v3.9.0
32
- * Add the ability to pass config data in as a flag
33
-
34
- > Emma Sax: Andy Fleener, Unknown User: https://github.com/sportngin/sport_ngin_aws_auditor/pull/24
35
-
36
- #### v3.8.3
37
- * Fixing bugs with outputs and counts
38
-
39
- > Emma Sax: Tim Sandquist, Unknown User: https://github.com/sportngin/sport_ngin_aws_auditor/pull/23
40
-
41
- #### v3.8.2
42
- * Fixing bugs so that counts are accurate again
43
-
44
- > Emma Sax: : https://github.com/sportngin/sport_ngin_aws_auditor/pull/20
45
-
46
- #### v3.8.1
47
- #### v3.8.0
48
- * Clarifying printout of audit command
49
-
50
- > Emma Sax: : https://github.com/sportngin/sport_ngin_aws_auditor/pull/18
51
-
52
- #### v3.7.0
53
- * Print retired tags into slack/terminal on audit
54
-
55
- > Emma Sax: Brian Bergstrom: https://github.com/sportngin/sport_ngin_aws_auditor/pull/17
56
-
57
- #### v3.6.0
58
- * Print reserved instances that have retired in past week
59
-
60
- > Emma Sax: Andy Fleener: https://github.com/sportngin/sport_ngin_aws_auditor/pull/16
61
-
62
- #### v3.5.0
63
- * Cleaning up slack printouts with the audit command
64
-
65
- > Emma Sax: Brian Bergstrom: https://github.com/sportngin/sport_ngin_aws_auditor/pull/15
66
-
67
- #### v3.4.1
68
- #### v3.4.0
69
- * Add other RDS engine types
70
-
71
- > matl33t: Emma Sax, Brian Bergstrom: https://github.com/sportngin/sport_ngin_aws_auditor/pull/11
72
-
73
- #### v3.3.1
74
- * Fixing bug where Slack will print discrepancies if there are *only* tagged instances
75
-
76
- > Emma Sax: : https://github.com/sportngin/sport_ngin_aws_auditor/pull/13
77
-
78
- #### v3.3.0
79
- * Slack should print instances that have tags
80
-
81
- > Emma Sax: Andy Fleener: https://github.com/sportngin/sport_ngin_aws_auditor/pull/12
82
-
83
- #### v3.2.0
84
- * Proper recognition of windows/linux/vpc instances
85
-
86
- > Emma Sax: Andy Fleener: https://github.com/sportngin/sport_ngin_aws_auditor/pull/8
87
-
88
- #### v3.1.2
89
- #### v3.1.0
90
- * Authentication with AWS roles instead of credentials file
91
-
92
- > Emma Sax: Brian Bergstrom: https://github.com/sportngin/sport_ngin_aws_auditor/pull/7
93
-
94
- #### v3.0.2
95
- #### v3.0.1
96
- #### v3.0.0
97
- * Rename gem directories and modules
98
-
99
- > Emma Sax: Brian Bergstrom: https://github.com/sportngin/sport_ngin_aws_auditor/pull/6
100
-
101
- #### v2.1.0
102
- * Adding option to print audit results to Slack channel
103
-
104
- > Emma Sax, Matt Krieger: Brian Bergstrom: https://github.com/sportngin/aws_auditor/pull/4
105
-
106
- * Adding option to print audit results to Slack channel
107
-
108
- > Emma Sax, Matt Krieger: Brian Bergstrom: https://github.com/sportngin/aws_auditor/pull/4
109
-
110
- #### v2.0.0
111
- * Adding enhancements for taking no-reserved-instance tag into consideration during audit
112
-
113
- > Emma Sax: Brian Bergstrom: https://github.com/sportngin/aws_auditor/pull/2
114
-
115
- #### v1.0.0
116
- * Upgrading aws-sdk version from v1 to v2
117
-
118
- > Emma Sax: Brian Bergstrom: https://github.com/sportngin/aws_auditor/pull/3
119
-
120
- * First tests, Travis CI, MFA support, and fog file compatibility
121
-
122
- > Brian Bergstrom: Emma Sax: https://github.com/sportngin/aws_auditor/pull/1
@@ -11,7 +11,15 @@ version SportNginAwsAuditor::VERSION
11
11
  wrap_help_text :verbatim
12
12
 
13
13
  flag [:config], :desc => 'SportNginAwsAuditor config file path', :default_value => SportNginAwsAuditor::DefaultPaths.config
14
+ flag [:display], :desc => 'The name that should be printed in the output'
14
15
  switch [:aws_roles], :desc => 'Use AWS roles instead of an ~/.aws/credentials file'
16
+ switch [:assume_roles], :desc => 'Assume roles to audit cross accounts; should have roles/policies already set up'
17
+ flag [:role_name], :desc => 'The name of the role that is giving cross account access', :default_value => 'CrossAccountAuditorAccess'
18
+ flag [:arn_id], :desc => 'The identifying digits of the AWS arn if using assume_roles;
19
+ should be the numerical part of the example:
20
+ arn:aws:iam::999999999999:role/#{role_name}'
21
+ flag [:region], :desc => 'The region(s) the audit should occur in; if no region is specified, then the auditor will be run in every
22
+ U.S. region. To run multiple regions, the input should be a string like: us-east-1, us-east-2'
15
23
 
16
24
  program_long_desc """
17
25
  DOCUMENTATION
@@ -1,14 +1,27 @@
1
1
  require_relative './instance_helper'
2
+ require_relative './convenience_wrappers'
2
3
 
3
4
  module SportNginAwsAuditor
4
5
  class AuditData
6
+ extend EC2Wrapper
7
+ extend RDSWrapper
8
+ extend CacheWrapper
5
9
 
6
- attr_accessor :data, :retired_tags, :retired_ris, :selected_audit_type, :klass, :tag_name, :region, :ignore_instances_regexes
7
- def initialize(instances, reserved, class_type, tag_name, ignore_instances_regexes)
8
- self.selected_audit_type = (!instances && !reserved) ? "all" : (instances ? "instances" : "reserved")
9
- self.klass = SportNginAwsAuditor.const_get(class_type)
10
- self.tag_name = tag_name
11
- self.ignore_instances_regexes = ignore_instances_regexes
10
+ attr_accessor :data, :retired_tags, :retired_ris, :selected_audit_type, :klass, :tag_name, :region, :ignore_instances_regexes, :client
11
+ def initialize(info)
12
+ self.selected_audit_type = (!info[:instances] && !info[:reserved]) ? "all" : (info[:instances] ? "instances" : "reserved")
13
+ self.klass = SportNginAwsAuditor.const_get(info[:class])
14
+ self.tag_name = info[:tag_name]
15
+ self.ignore_instances_regexes = info[:regexes]
16
+ self.region = info[:region].match(/(\w{2}-\w{4,})/)[0] if info[:region].match(/(\w{2}-\w{4,})/)
17
+
18
+ if info[:class] == "EC2Instance"
19
+ self.client = EC2Wrapper.ec2(info[:region])
20
+ elsif info[:class] == "RDSInstance"
21
+ self.client = RDSWrapper.rds(info[:region])
22
+ elsif info[:class] == "CacheInstance"
23
+ self.client = CacheWrapper.cache(info[:region])
24
+ end
12
25
  end
13
26
 
14
27
  def instances?
@@ -28,7 +41,7 @@ module SportNginAwsAuditor
28
41
  instance_hash, retired_tags = gather_instances_data
29
42
  retired_ris = nil
30
43
  elsif reserved?
31
- instance_hash = self.klass.instance_count_hash(self.klass.get_reserved_instances)
44
+ instance_hash = self.klass.instance_count_hash(self.klass.get_reserved_instances(self.client))
32
45
  retired_tags, retired_ris = nil
33
46
  elsif all?
34
47
  instance_hash, retired_tags, retired_ris = gather_all_data
@@ -45,8 +58,7 @@ module SportNginAwsAuditor
45
58
  end
46
59
 
47
60
  def gather_instances_data
48
- instances = self.klass.get_instances(tag_name)
49
- gather_region(instances)
61
+ instances = self.klass.get_instances(self.client, tag_name)
50
62
  retired_tags = self.klass.get_retired_tags(instances)
51
63
  instances_with_tag = self.klass.filter_instances_with_tags(instances)
52
64
  instances_without_tag = self.klass.filter_instances_without_tags(instances)
@@ -57,23 +69,12 @@ module SportNginAwsAuditor
57
69
  end
58
70
 
59
71
  def gather_all_data
60
- instances = self.klass.get_instances(tag_name)
61
- gather_region(instances)
72
+ instances = self.klass.get_instances(self.client, tag_name)
62
73
  retired_tags = self.klass.get_retired_tags(instances)
63
- instance_hash = self.klass.compare(instances, ignore_instances_regexes)
64
- retired_ris = self.klass.get_recent_retired_reserved_instances
74
+ instance_hash = self.klass.compare(instances, ignore_instances_regexes, self.client)
75
+ retired_ris = self.klass.get_recent_retired_reserved_instances(self.client)
65
76
 
66
77
  return instance_hash, retired_tags, retired_ris
67
78
  end
68
-
69
- def gather_region(instances)
70
- if self.klass == SportNginAwsAuditor::EC2Instance
71
- # if instances.first.availability_zone = 'us-east-1a'...
72
- match = instances.first.availability_zone.match(/(\w{2}-\w{4,})/)
73
-
74
- # then region = 'us-east'
75
- self.region = match[0] unless match.nil?
76
- end
77
- end
78
79
  end
79
80
  end
@@ -8,29 +8,42 @@ module SportNginAwsAuditor
8
8
  end
9
9
 
10
10
  class AWSSDK
11
- def self.authenticate(environment)
11
+ def self.authenticate_with_iam(environment)
12
12
  shared_credentials = Aws::SharedCredentials.new(profile_name: environment)
13
- Aws.config.update({region: 'us-east-1', credentials: shared_credentials})
14
-
13
+ update_aws_config({region: 'us-east-1', credentials: shared_credentials})
15
14
  iam = Aws::IAM::Client.new
16
15
 
17
- # this will be an array of 0 or 1 because iam.list_mfa_devices.mfa_devices will only return 0 or 1 device per user;
18
- # if user doesn't have MFA enabled, then this loop won't even execute
16
+ # this will be an array of 0 or 1 because iam.list_mfa_devices.mfa_devices will only return 0 or 1 device per user;
17
+ # if user doesn't have MFA enabled, then this loop won't even execute
19
18
  iam.list_mfa_devices.mfa_devices.each do |mfadevice|
20
- mfa_serial_number = mfadevice.serial_number
21
- mfa_token = Output.ask("Enter MFA token: "){ |q| q.validate = /^\d{6}$/ }
22
- session_credentials_hash = get_session(mfa_token,
23
- mfa_serial_number,
24
- shared_credentials.credentials.access_key_id,
25
- shared_credentials.credentials.secret_access_key).credentials
26
-
27
- session_credentials = Aws::Credentials.new(session_credentials_hash.access_key_id,
28
- session_credentials_hash.secret_access_key,
29
- session_credentials_hash.session_token)
30
- Aws.config.update({region: 'us-east-1', credentials: session_credentials})
19
+ authenticate_with_mfa(mfadevice, shared_credentials)
31
20
  end
32
21
  end
33
22
 
23
+ def self.authenticate_with_mfa(mfadevice, shared_credentials)
24
+ mfa_serial_number = mfadevice.serial_number
25
+ mfa_token = Output.ask("Enter MFA token: "){ |q| q.validate = /^\d{6}$/ }
26
+ session_credentials_hash = get_session(mfa_token,
27
+ mfa_serial_number,
28
+ shared_credentials.credentials.access_key_id,
29
+ shared_credentials.credentials.secret_access_key).credentials
30
+
31
+ session_credentials = Aws::Credentials.new(session_credentials_hash.access_key_id,
32
+ session_credentials_hash.secret_access_key,
33
+ session_credentials_hash.session_token)
34
+ update_aws_config({region: 'us-east-1', credentials: session_credentials})
35
+ end
36
+
37
+ def self.authenticate_with_assumed_roles(environment, arn_id, role_name, sts_client)
38
+ role_arn = "arn:aws:iam::#{arn_id}:role/#{role_name}"
39
+ session_name = "auditor#{Time.now.to_i}"
40
+ assumed_role_credentials = Aws::AssumeRoleCredentials.new(client: sts_client,
41
+ role_arn: role_arn,
42
+ role_session_name: session_name)
43
+ update_aws_config({region: 'us-east-1', credentials: assumed_role_credentials})
44
+ return assumed_role_credentials
45
+ end
46
+
34
47
  def self.get_session(mfa_token, mfa_serial_number, access_key_id, secret_access_key)
35
48
  return @session if @session
36
49
  sts = Aws::STS::Client.new(access_key_id: access_key_id,
@@ -39,10 +52,10 @@ module SportNginAwsAuditor
39
52
  @session = sts.get_session_token(duration_seconds: 3600,
40
53
  serial_number: mfa_serial_number,
41
54
  token_code: mfa_token)
42
- end
55
+ end
43
56
 
44
- def self.authenticate_with_roles(environment)
45
- Aws.config.update({region: 'us-east-1'})
57
+ def self.update_aws_config(options)
58
+ Aws.config.update(options)
46
59
  end
47
60
  end
48
61
  end
@@ -7,23 +7,23 @@ module SportNginAwsAuditor
7
7
  extend AWSWrapper
8
8
 
9
9
  class << self
10
- def get_instances(tag_name=nil)
10
+ def get_instances(client, tag_name=nil)
11
11
  account_id = get_account_id
12
- cache.describe_cache_clusters.cache_clusters.map do |instance|
12
+ client.describe_cache_clusters.cache_clusters.map do |instance|
13
13
  next unless instance.cache_cluster_status.to_s == 'available'
14
- new(instance, account_id, tag_name, cache)
14
+ new(instance, account_id, tag_name, client)
15
15
  end.compact
16
16
  end
17
17
 
18
- def get_reserved_instances
19
- cache.describe_reserved_cache_nodes.reserved_cache_nodes.map do |instance|
18
+ def get_reserved_instances(client)
19
+ client.describe_reserved_cache_nodes.reserved_cache_nodes.map do |instance|
20
20
  next unless instance.state.to_s == 'active'
21
21
  new(instance)
22
22
  end.compact
23
23
  end
24
24
 
25
- def get_retired_reserved_instances
26
- cache.describe_reserved_cache_nodes.reserved_cache_nodes.map do |instance|
25
+ def get_retired_reserved_instances(client)
26
+ client.describe_reserved_cache_nodes.reserved_cache_nodes.map do |instance|
27
27
  next unless instance.state == 'retired'
28
28
  new(instance)
29
29
  end.compact
@@ -31,7 +31,7 @@ module SportNginAwsAuditor
31
31
  end
32
32
 
33
33
  attr_accessor :id, :name, :instance_type, :scope, :engine, :count, :tag_value, :tag_reason, :expiration_date, :availability_zone
34
- def initialize(cache_instance, account_id=nil, tag_name=nil, cache=nil)
34
+ def initialize(cache_instance, account_id=nil, tag_name=nil, client=nil)
35
35
  if cache_instance.class.to_s == "Aws::ElastiCache::Types::ReservedCacheNode"
36
36
  self.id = cache_instance.reserved_cache_node_id
37
37
  self.name = cache_instance.reserved_cache_node_id
@@ -56,7 +56,7 @@ module SportNginAwsAuditor
56
56
  arn = "arn:aws:elasticache:#{region}:#{account_id}:cluster:#{self.id}"
57
57
 
58
58
  # go through to see if the tag we're looking for is one of them
59
- cache.list_tags_for_resource(resource_name: arn).tag_list.each do |tag|
59
+ client.list_tags_for_resource(resource_name: arn).tag_list.each do |tag|
60
60
  if tag.key == tag_name
61
61
  self.tag_value = tag.value
62
62
  elsif tag.key == 'no-reserved-instance-reason'
@@ -1,30 +1,48 @@
1
1
  require_relative './aws'
2
+ require 'aws-sdk'
2
3
  require_relative './google'
3
4
 
4
5
  module SportNginAwsAuditor
5
- attr_accessor :creds
6
+ attr_accessor :assume_role_creds
6
7
 
7
8
  module AWSWrapper
8
- attr_accessor :aws, :account_id
9
-
10
- def aws(environment, roles)
11
- if roles
12
- SportNginAwsAuditor::AWSSDK.authenticate_with_roles(environment)
9
+ def aws(environment, global_options)
10
+ if global_options[:aws_roles]
11
+ SportNginAwsAuditor::AWSSDK.update_aws_config({region: 'us-east-1'})
12
+ elsif global_options[:assume_roles]
13
+ @assume_role_creds = SportNginAwsAuditor::AWSSDK.authenticate_with_assumed_roles(environment,
14
+ global_options[:arn_id],
15
+ global_options[:role_name],
16
+ get_sts_client(environment))
13
17
  else
14
- SportNginAwsAuditor::AWSSDK.authenticate(environment)
18
+ SportNginAwsAuditor::AWSSDK.authenticate_with_iam(environment)
15
19
  end
16
20
  end
17
21
 
18
22
  def get_account_id
19
- @account_id ||= Aws::STS::Client.new.get_caller_identity.account
23
+ Aws::STS::Client.new.get_caller_identity.account
24
+ end
25
+
26
+ def get_sts_client(environment)
27
+ @sts_client ||= Aws::STS::Client.new(profile: environment, region: 'us-east-1')
28
+ end
29
+
30
+ def reset_credentials
31
+ SportNginAwsAuditor::AWSSDK.update_aws_config({credentials: Aws::InstanceProfileCredentials.new})
20
32
  end
21
33
  end
22
34
 
23
35
  module EC2Wrapper
24
- attr_accessor :ec2
25
-
26
- def ec2
27
- @ec2 ||= Aws::EC2::Client.new
36
+ def self.ec2(region=nil)
37
+ if @assume_role_creds && region
38
+ @ec2 = Aws::EC2::Client.new(credentials: @assume_role_creds, region: region)
39
+ elsif @assume_role_creds && !region
40
+ @ec2 = Aws::EC2::Client.new(credentials: @assume_role_creds)
41
+ elsif @assume_role_creds.nil? && region
42
+ @ec2 = Aws::EC2::Client.new(region: region)
43
+ else
44
+ @ec2 = Aws::EC2::Client.new
45
+ end
28
46
  end
29
47
  end
30
48
 
@@ -32,23 +50,40 @@ module SportNginAwsAuditor
32
50
  attr_accessor :opsworks
33
51
 
34
52
  def opsworks
35
- @opsworks ||= Aws::OpsWorks::Client.new
53
+ return @opsworks if @opsworks
54
+ if @assume_role_creds
55
+ @opsworks = Aws::Opsworks::Client.new(credentials: @assume_role_creds)
56
+ else
57
+ @opsworks = Aws::OpsWorks::Client.new
58
+ end
36
59
  end
37
60
  end
38
61
 
39
62
  module RDSWrapper
40
- attr_accessor :rds
41
-
42
- def rds
43
- @rds ||= Aws::RDS::Client.new
63
+ def self.rds(region=nil)
64
+ if @assume_role_creds && region
65
+ @rds = Aws::RDS::Client.new(credentials: @assume_role_creds, region: region)
66
+ elsif @assume_role_creds && !region
67
+ @rds = Aws::RDS::Client.new(credentials: @assume_role_creds)
68
+ elsif @assume_role_creds.nil? && region
69
+ @rds = Aws::RDS::Client.new(region: region)
70
+ else
71
+ @rds = Aws::RDS::Client.new
72
+ end
44
73
  end
45
74
  end
46
75
 
47
76
  module CacheWrapper
48
- attr_accessor :cache
49
-
50
- def cache
51
- @cache ||= Aws::ElastiCache::Client.new
77
+ def self.cache(region=nil)
78
+ if @assume_role_creds && region
79
+ @cache = Aws::ElastiCache::Client.new(credentials: @assume_role_creds, region: region)
80
+ elsif @assume_role_creds && !region
81
+ @cache = Aws::ElastiCache::Client.new(credentials: @assume_role_creds)
82
+ elsif @assume_role_creds.nil? && region
83
+ @cache = Aws::ElastiCache::Client.new(region: region)
84
+ else
85
+ @cache = Aws::ElastiCache::Client.new
86
+ end
52
87
  end
53
88
  end
54
89
 
@@ -6,33 +6,33 @@ module SportNginAwsAuditor
6
6
  extend EC2Wrapper
7
7
 
8
8
  class << self
9
- def get_instances(tag_name=nil)
10
- instances = ec2.describe_instances.reservations.map do |reservation|
9
+ def get_instances(client, tag_name=nil)
10
+ instances = client.describe_instances.reservations.map do |reservation|
11
11
  reservation.instances.map do |instance|
12
12
  next unless instance.state.name == 'running'
13
13
  new(instance, tag_name)
14
14
  end.compact
15
15
  end.flatten.compact
16
- get_more_info(instances)
16
+ get_more_info(instances, client)
17
17
  end
18
18
 
19
- def get_reserved_instances
20
- ec2.describe_reserved_instances.reserved_instances.map do |instance|
19
+ def get_reserved_instances(client)
20
+ client.describe_reserved_instances.reserved_instances.map do |instance|
21
21
  next unless instance.state == 'active'
22
22
  new(instance, nil, instance.instance_count)
23
23
  end.compact
24
24
  end
25
25
 
26
- def get_retired_reserved_instances
27
- ec2.describe_reserved_instances.reserved_instances.map do |instance|
26
+ def get_retired_reserved_instances(client)
27
+ client.describe_reserved_instances.reserved_instances.map do |instance|
28
28
  next unless instance.state == 'retired'
29
29
  new(instance, nil, instance.instance_count)
30
30
  end.compact
31
31
  end
32
32
 
33
- def bucketize
33
+ def bucketize(client)
34
34
  buckets = {}
35
- get_instances.map do |instance|
35
+ get_instances(client).map do |instance|
36
36
  name = instance.stack_name || instance.name
37
37
  if name
38
38
  buckets[name] = [] unless buckets.has_key? name
@@ -44,9 +44,9 @@ module SportNginAwsAuditor
44
44
  buckets.sort_by{|k,v| k }
45
45
  end
46
46
 
47
- def get_more_info(instances)
47
+ def get_more_info(instances, client)
48
48
  instances.each do |instance|
49
- tags = ec2.describe_tags(:filters => [{:name => "resource-id", :values => [instance.id]}]).tags
49
+ tags = client.describe_tags(:filters => [{:name => "resource-id", :values => [instance.id]}]).tags
50
50
  tags = Hash[tags.map { |tag| [tag[:key], tag[:value]]}.compact]
51
51
  instance.name = tags["Name"]
52
52
  instance.stack_name = tags["opsworks:stack"]
@@ -4,12 +4,12 @@ require_relative './audit_data'
4
4
  module SportNginAwsAuditor
5
5
  module InstanceHelper
6
6
 
7
- def instance_hash
8
- Hash[get_instances.map { |instance| instance.nil? ? next : [instance.id, instance]}.compact]
7
+ def instance_hash(client)
8
+ Hash[get_instances(client).map { |instance| instance.nil? ? next : [instance.id, instance]}.compact]
9
9
  end
10
10
 
11
- def reserved_instance_hash
12
- Hash[get_reserved_instances.map { |instance| instance.nil? ? next : [instance.id, instance]}.compact]
11
+ def reserved_instance_hash(client)
12
+ Hash[get_reserved_instances(client).map { |instance| instance.nil? ? next : [instance.id, instance]}.compact]
13
13
  end
14
14
 
15
15
  #################### ADDING DATA TO HASH ####################
@@ -102,8 +102,8 @@ module SportNginAwsAuditor
102
102
  return ignored_instances, instances_with_tag, instance_hash
103
103
  end
104
104
 
105
- def sort_through_RIs
106
- ris = get_reserved_instances
105
+ def sort_through_RIs(client)
106
+ ris = get_reserved_instances(client)
107
107
  ris_availability = filter_ris_availability_zone(ris)
108
108
  ris_region = filter_ris_region_based(ris)
109
109
  ris_hash = instance_count_hash(ris_availability)
@@ -127,9 +127,9 @@ module SportNginAwsAuditor
127
127
  return differences
128
128
  end
129
129
 
130
- def compare(instances, ignore_instances_regexes)
130
+ def compare(instances, ignore_instances_regexes, client)
131
131
  ignored_instances, instances_with_tag, instance_hash = sort_through_instances(instances, ignore_instances_regexes)
132
- ris_region, ris_hash = sort_through_RIs
132
+ ris_region, ris_hash = sort_through_RIs(client)
133
133
  differences = measure_differences(instance_hash, ris_hash)
134
134
  add_additional_data(ris_region, instances_with_tag, ignored_instances, differences)
135
135
  differences
@@ -177,8 +177,8 @@ module SportNginAwsAuditor
177
177
 
178
178
  # this gets all retired reserved instances and filters out only the ones that have expired
179
179
  # within the past week
180
- def get_recent_retired_reserved_instances
181
- get_retired_reserved_instances.select do |ri|
180
+ def get_recent_retired_reserved_instances(client)
181
+ get_retired_reserved_instances(client).select do |ri|
182
182
  ri.expiration_date > (Time.now - 604800)
183
183
  end
184
184
  end
@@ -7,23 +7,23 @@ module SportNginAwsAuditor
7
7
  extend AWSWrapper
8
8
 
9
9
  class << self
10
- def get_instances(tag_name=nil)
10
+ def get_instances(client, tag_name=nil)
11
11
  account_id = get_account_id
12
- rds.describe_db_instances.db_instances.map do |instance|
12
+ client.describe_db_instances.db_instances.map do |instance|
13
13
  next unless instance.db_instance_status.to_s == 'available'
14
- new(instance, account_id, tag_name, rds)
14
+ new(instance, account_id, tag_name, client)
15
15
  end.compact
16
16
  end
17
17
 
18
- def get_reserved_instances
19
- rds.describe_reserved_db_instances.reserved_db_instances.map do |instance|
18
+ def get_reserved_instances(client)
19
+ client.describe_reserved_db_instances.reserved_db_instances.map do |instance|
20
20
  next unless instance.state.to_s == 'active'
21
21
  new(instance)
22
22
  end.compact
23
23
  end
24
24
 
25
- def get_retired_reserved_instances
26
- rds.describe_reserved_db_instances.reserved_db_instances.map do |instance|
25
+ def get_retired_reserved_instances(client)
26
+ client.describe_reserved_db_instances.reserved_db_instances.map do |instance|
27
27
  next unless instance.state == 'retired'
28
28
  new(instance)
29
29
  end.compact
@@ -31,7 +31,7 @@ module SportNginAwsAuditor
31
31
  end
32
32
 
33
33
  attr_accessor :id, :name, :multi_az, :scope, :instance_type, :engine, :count, :tag_value, :tag_reason, :expiration_date
34
- def initialize(rds_instance, account_id=nil, tag_name=nil, rds=nil)
34
+ def initialize(rds_instance, account_id=nil, tag_name=nil, client=nil)
35
35
  if rds_instance.class.to_s == "Aws::RDS::Types::ReservedDBInstance"
36
36
  self.id = rds_instance.reserved_db_instances_offering_id
37
37
  self.scope = nil
@@ -55,7 +55,7 @@ module SportNginAwsAuditor
55
55
  arn = "arn:aws:rds:#{region}:#{account_id}:db:#{self.id}"
56
56
 
57
57
  # go through to see if the tag we're looking for is one of them
58
- rds.list_tags_for_resource(resource_name: arn).tag_list.each do |tag|
58
+ client.list_tags_for_resource(resource_name: arn).tag_list.each do |tag|
59
59
  if tag.key == tag_name
60
60
  self.tag_value = tag.value
61
61
  elsif tag.key == 'no-reserved-instance-reason'