sport_ngin_aws_auditor 4.1.0 → 4.2.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 5277289fe41b4b8e42e6f5cca63e4d18406cfcb6
-  data.tar.gz: ac8c8938e68b0e7b1592cb633b3dc81628345180
+  metadata.gz: e6e2a11ed64e5f72238b80eb808015489df6a243
+  data.tar.gz: 1b09c49f16a8bf21db028a1be599ed09ff107526
 SHA512:
-  metadata.gz: fd4073d93376063c9f21c1d9925cac0f86f01f6111291f2bf74c1d68d010fe97e6d056b4122904e91919f4f60b8a5f89fef8c73ad11c47648fd66754f37a6272
-  data.tar.gz: 232c7a07934fe6c05757146fb626c91d15616fe963d4ed00158c2b075e74225027ca377322de0920dccd7b2f3826d0a114a51295cdd7639aa99a7a9160ab33de
+  metadata.gz: b3e794c240a871df8314544b34a2a065409cd83e5bd09f8842e6f5fd6a3a75ad1d9b1ce4f5c4ab5ca0c3bad72cdbcdbd55636b4f52021ff95f6a545ad12fb2ee
+  data.tar.gz: 4d845435e3ede6990360081c22a084545adc66dd76be55234ac1182945b77dca3967b541432da25f3d23601c4ae67d1fdde53aa2c44316f764beda3768037219

data/CHANGELOG.markdown

@@ -1,142 +1 @@
-#### v4.1.0
-* Write a message reporting when the auditor fails for any reason
-
-  > Emma Sax: Unknown User: https://github.com/sportngin/sport_ngin_aws_auditor/pull/36
-
-#### v4.0.2
-* Define availability zone as attribute for RDS object to avoid errors
-
-  > Emma Sax: Unknown User: https://github.com/sportngin/sport_ngin_aws_auditor/pull/35
-
-#### v4.0.1
-* Concat all of the similar values into one value right before printing
-
-  > Emma Sax: Unknown User: https://github.com/sportngin/sport_ngin_aws_auditor/pull/27
-
-#### v4.0.0
-* Adding abilities to audit cross account
-
-  > Emma Sax: Unknown User: https://github.com/sportngin/sport_ngin_aws_auditor/pull/31
-
-#### v3.11.3
-* Missed this bug because I did not test previous bug's fix in Slack
-
-  > Emma Sax: Unknown User: https://github.com/sportngin/sport_ngin_aws_auditor/pull/30
-
-#### v3.11.2
-* We actually do not want to cache the counts of instances and reserved instances between multiple runs
-
-  > Emma Sax: Unknown User: https://github.com/sportngin/sport_ngin_aws_auditor/pull/29
-
-#### v3.11.1
-* Must merge this PR in to run the audit command correctly
-
-  > Emma Sax: Unknown User: https://github.com/sportngin/sport_ngin_aws_auditor/pull/28
-
-#### v3.11.0
-* Automatically ignore instances based on a regex string
-
-  > Emma Sax: Unknown User: https://github.com/sportngin/sport_ngin_aws_auditor/pull/26
-
-#### v3.10.1
-* Caching should not affect RI counts between runs
-
-  > Emma Sax: Andy Fleener, Unknown User: https://github.com/sportngin/sport_ngin_aws_auditor/pull/25
-
-#### v3.10.0
-* Handling region-based RIs
-
-  > Emma Sax: Andy Fleener, Luke Ludwig, Tim Sandquist, Unknown User: https://github.com/sportngin/sport_ngin_aws_auditor/pull/21
-
-#### v3.9.0
-* Add the ability to pass config data in as a flag
-
-  > Emma Sax: Andy Fleener, Unknown User: https://github.com/sportngin/sport_ngin_aws_auditor/pull/24
-
-#### v3.8.3
-* Fixing bugs with outputs and counts
-
-  > Emma Sax: Tim Sandquist, Unknown User: https://github.com/sportngin/sport_ngin_aws_auditor/pull/23
-
-#### v3.8.2
-* Fixing bugs so that counts are accurate again
-
-  > Emma Sax: : https://github.com/sportngin/sport_ngin_aws_auditor/pull/20
-
-#### v3.8.1
-#### v3.8.0
-* Clarifying printout of audit command
-
-  > Emma Sax: : https://github.com/sportngin/sport_ngin_aws_auditor/pull/18
-
-#### v3.7.0
-* Print retired tags into slack/terminal on audit
-
-  > Emma Sax: Brian Bergstrom: https://github.com/sportngin/sport_ngin_aws_auditor/pull/17
-
-#### v3.6.0
-* Print reserved instances that have retired in past week
-
-  > Emma Sax: Andy Fleener: https://github.com/sportngin/sport_ngin_aws_auditor/pull/16
-
-#### v3.5.0
-* Cleaning up slack printouts with the audit command
-
-  > Emma Sax: Brian Bergstrom: https://github.com/sportngin/sport_ngin_aws_auditor/pull/15
-
-#### v3.4.1
-#### v3.4.0
-* Add other RDS engine types
-
-  > matl33t: Emma Sax, Brian Bergstrom: https://github.com/sportngin/sport_ngin_aws_auditor/pull/11
-
-#### v3.3.1
-* Fixing bug where Slack will print discrepancies if there are *only* tagged instances
-
-  > Emma Sax: : https://github.com/sportngin/sport_ngin_aws_auditor/pull/13
-
-#### v3.3.0
-* Slack should print instances that have tags
-
-  > Emma Sax: Andy Fleener: https://github.com/sportngin/sport_ngin_aws_auditor/pull/12
-
-#### v3.2.0
-* Proper recognition of windows/linux/vpc instances
-
-  > Emma Sax: Andy Fleener: https://github.com/sportngin/sport_ngin_aws_auditor/pull/8
-
-#### v3.1.2
-#### v3.1.0
-* Authentication with AWS roles instead of credentials file
-
-  > Emma Sax: Brian Bergstrom: https://github.com/sportngin/sport_ngin_aws_auditor/pull/7
-
-#### v3.0.2
-#### v3.0.1
-#### v3.0.0
-* Rename gem directories and modules
-
-  > Emma Sax: Brian Bergstrom: https://github.com/sportngin/sport_ngin_aws_auditor/pull/6
-
-#### v2.1.0
-* Adding option to print audit results to Slack channel
-
-  > Emma Sax, Matt Krieger: Brian Bergstrom: https://github.com/sportngin/aws_auditor/pull/4
-
-* Adding option to print audit results to Slack channel
-
-  > Emma Sax, Matt Krieger: Brian Bergstrom: https://github.com/sportngin/aws_auditor/pull/4
-
-#### v2.0.0
-* Adding enhancements for taking no-reserved-instance tag into consideration during audit
-
-  > Emma Sax: Brian Bergstrom: https://github.com/sportngin/aws_auditor/pull/2
-
-#### v1.0.0
-* Upgrading aws-sdk version from v1 to v2
-
-  > Emma Sax: Brian Bergstrom: https://github.com/sportngin/aws_auditor/pull/3
-
-* First tests, Travis CI, MFA support, and fog file compatibility
-
-  > Brian Bergstrom: Emma Sax: https://github.com/sportngin/aws_auditor/pull/1
+#### v4.2.0

data/bin/sport-ngin-aws-auditor

@@ -1,7 +1,7 @@
 #!/usr/bin/env ruby
 require 'rubygems'
 require 'gli'
-require_relative '../lib/sport_ngin_aws_auditor'
+require 'sport_ngin_aws_auditor'
 
 include GLI::App
 
@@ -33,4 +33,13 @@ pre do |global,command,options,args|
   true
 end
 
+on_error do |exception|
+  if ENV['GLI_DEBUG']
+    puts exception
+    puts exception.backtrace
+  else
+    true
+  end
+end
+
 exit run(ARGV)

data/lib/sport_ngin_aws_auditor/audit_data.rb

@@ -1,13 +1,7 @@
-require_relative './instance_helper'
-require_relative './convenience_wrappers'
-
 module SportNginAwsAuditor
   class AuditData
-    extend EC2Wrapper
-    extend RDSWrapper
-    extend CacheWrapper
-
     attr_accessor :data, :retired_tags, :retired_ris, :selected_audit_type, :klass, :tag_name, :region, :ignore_instances_regexes, :client
+
     def initialize(info)
       self.selected_audit_type = (!info[:instances] && !info[:reserved]) ? "all" : (info[:instances] ? "instances" : "reserved")
       self.klass = SportNginAwsAuditor.const_get(info[:class])
@@ -16,11 +10,11 @@ module SportNginAwsAuditor
       self.region = info[:region].match(/(\w{2}-\w{4,})/)[0] if info[:region].match(/(\w{2}-\w{4,})/)
       
       if info[:class] == "EC2Instance"
-        self.client = EC2Wrapper.ec2(info[:region])
+        self.client = AWS.ec2(info[:region])
       elsif info[:class] == "RDSInstance"
-        self.client = RDSWrapper.rds(info[:region])
+        self.client = AWS.rds(info[:region])
       elsif info[:class] == "CacheInstance"
-        self.client = CacheWrapper.cache(info[:region])
+        self.client = AWS.cache(info[:region])
       end
     end
 

data/lib/sport_ngin_aws_auditor/aws.rb

@@ -1,61 +1,99 @@
 require 'aws-sdk'
-require 'yaml'
-require 'hashie'
 
 module SportNginAwsAuditor
-  class AwsConfig < Hash
-    include Hashie::Extensions::IndifferentAccess
-  end
+  class AWS
+    DEFAULT_REGION = 'us-east-1'
+
+    @environment = nil
+    @aws_roles = false
+    @assume_roles = false
+    @credentials = nil
+
+    class << self
+      attr_reader :environment, :aws_roles, :assume_roles, :credentials
+    end
+
+    def self.configure(environment, global_options)
+      @environment = environment
+
+      if global_options[:aws_roles]
+        puts "Authenticating with AWS using server roles."
+        @credentials = nil # Auth using server role.
+      elsif global_options[:assume_roles]
+        puts "Authenticating with AWS by assuming roles."
+        auth_with_assumed_roles(global_options[:arn_id], global_options[:role_name])
+      else
+        puts "Authenticating with AWS using credentials file."
+        auth_with_iam
+      end
+    end
+
+    def self.reset
+      @environment = @credentials = nil
+      @aws_roles = @assume_roles = nil
+    end
+
+    def self.client_options(region=DEFAULT_REGION)
+      if @credentials.nil? && @aws_roles == false
+        raise "Unable to set AWS SDK client options because credentials not set and not flagged to use server role."
+      end
+      opts = { region: region }
+      opts[:credentials] = @credentials unless @credentials.nil?
+      opts
+    end
 
-  class AWSSDK
-    def self.authenticate_with_iam(environment)
-      shared_credentials = Aws::SharedCredentials.new(profile_name: environment)
-      update_aws_config({region: 'us-east-1', credentials: shared_credentials})
-      iam = Aws::IAM::Client.new
+    def self.get_account_id
+      Aws::STS::Client.new(client_options).get_caller_identity.account
+    end
+
+    def self.sts_for_instance
+      Aws::STS::Client.new(region: DEFAULT_REGION, credentials: Aws::InstanceProfileCredentials.new)
+    end
+
+    def self.ec2(region=DEFAULT_REGION)
+      Aws::EC2::Client.new(client_options(region))
+    end
+
+    def self.rds(region=DEFAULT_REGION)
+      Aws::RDS::Client.new(client_options(region))
+    end
+
+    def self.cache(region=DEFAULT_REGION)
+      Aws::ElastiCache::Client.new(client_options(region))
+    end
+
+
+    def self.auth_with_iam
+      @credentials = Aws::SharedCredentials.new(profile_name: @environment)
+      iam = Aws::IAM::Client.new(client_options)
 
       # this will be an array of 0 or 1 because iam.list_mfa_devices.mfa_devices will only return 0 or 1 device per user;
       # if user doesn't have MFA enabled, then this loop won't even execute
       iam.list_mfa_devices.mfa_devices.each do |mfadevice|
-        authenticate_with_mfa(mfadevice, shared_credentials)
+        auth_with_mfa(mfadevice)
       end
     end
 
-    def self.authenticate_with_mfa(mfadevice, shared_credentials)
+    def self.auth_with_mfa(mfadevice)
       mfa_serial_number = mfadevice.serial_number
       mfa_token = Output.ask("Enter MFA token: "){ |q|  q.validate = /^\d{6}$/ }
-      session_credentials_hash = get_session(mfa_token,
-                                             mfa_serial_number,
-                                             shared_credentials.credentials.access_key_id,
-                                             shared_credentials.credentials.secret_access_key).credentials
+      session_credentials_hash = get_session(mfa_token, mfa_serial_number).credentials
 
-      session_credentials = Aws::Credentials.new(session_credentials_hash.access_key_id,
+      @credentials = Aws::Credentials.new(session_credentials_hash.access_key_id,
                                                  session_credentials_hash.secret_access_key,
                                                  session_credentials_hash.session_token)
-      update_aws_config({region: 'us-east-1', credentials: session_credentials})
     end
 
-    def self.authenticate_with_assumed_roles(environment, arn_id, role_name, sts_client)
+    def self.auth_with_assumed_roles(arn_id, role_name)
       role_arn = "arn:aws:iam::#{arn_id}:role/#{role_name}"
       session_name = "auditor#{Time.now.to_i}"
-      assumed_role_credentials = Aws::AssumeRoleCredentials.new(client: sts_client,
-                                                                role_arn: role_arn,
-                                                                role_session_name: session_name)
-      update_aws_config({region: 'us-east-1', credentials: assumed_role_credentials})
-      return assumed_role_credentials
+      @credentials = Aws::AssumeRoleCredentials.new(client: sts_for_instance, role_arn: role_arn, role_session_name: session_name)
     end
 
-    def self.get_session(mfa_token, mfa_serial_number, access_key_id, secret_access_key)
+    def self.get_session(mfa_token, mfa_serial_number)
       return @session if @session
-      sts = Aws::STS::Client.new(access_key_id: access_key_id,
-                                 secret_access_key: secret_access_key,
-                                 region: 'us-east-1')
-      @session = sts.get_session_token(duration_seconds: 3600,
-                                       serial_number: mfa_serial_number,
-                                       token_code: mfa_token)
-    end    
-
-    def self.update_aws_config(options)
-        Aws.config.update(options)
+      @session = sts_for_instance.get_session_token(duration_seconds: 3600, serial_number: mfa_serial_number, token_code: mfa_token)
     end
+
   end
 end

data/lib/sport_ngin_aws_auditor/cache_instance.rb

@@ -1,21 +1,19 @@
-require_relative './instance_helper'
+require 'sport_ngin_aws_auditor/instance_helper'
 
 module SportNginAwsAuditor
   class CacheInstance
     extend InstanceHelper
-    extend CacheWrapper
-    extend AWSWrapper
 
     class << self
-      def get_instances(client, tag_name=nil)
-        account_id = get_account_id
+      def get_instances(client=AWS.cache, tag_name=nil)
+        account_id = AWS.get_account_id
         client.describe_cache_clusters.cache_clusters.map do |instance|
           next unless instance.cache_cluster_status.to_s == 'available'
           new(instance, account_id, tag_name, client)
         end.compact
       end
 
-      def get_reserved_instances(client)
+      def get_reserved_instances(client=AWS.cache)
         client.describe_reserved_cache_nodes.reserved_cache_nodes.map do |instance|
           next unless instance.state.to_s == 'active'
           new(instance)

data/lib/sport_ngin_aws_auditor/commands/audit.rb

@@ -15,7 +15,7 @@ command 'audit' do |c|
                                                                                 one of these strings in the name,
                                                                                 pass in like: string1, string2, string3"
   c.action do |global_options, options, args|
-    require_relative '../scripts/audit'
+    require 'sport_ngin_aws_auditor/scripts/audit'
     raise ArgumentError, 'You must specify an AWS account' unless args.first
     SportNginAwsAuditor::Scripts::Audit.execute(args.first, options, global_options)
   end

data/lib/sport_ngin_aws_auditor/commands/export.rb

@@ -4,7 +4,7 @@ command 'export' do |c|
   c.switch [:c, :csv], :desc => "Exports to CSV"
   c.switch [:d, :drive], :desc => "Exports to Google Drive"
   c.action do |global_options, options, args|
-    require_relative '../scripts/export'
+    require 'sport_ngin_aws_auditor/scripts/export'
     raise ArgumentError, 'You must specify an AWS account' unless args.first
     SportNginAwsAuditor::Scripts::Export.execute(args.first, options, global_options)
   end

data/lib/sport_ngin_aws_auditor/commands/inspect.rb

@@ -5,7 +5,7 @@ command 'inspect' do |c|
   c.switch [:d, :rds], :desc => "Only inspect RDS instances"
   c.switch [:c, :cache], :desc => "Only inspect ElastiCache instances"
   c.action do |global_options, options, args|
-    require_relative '../scripts/inspect'
+    require 'sport_ngin_aws_auditor/scripts/inspect'
     raise ArgumentError, 'You must specify an AWS account' unless args.first
     SportNginAwsAuditor::Scripts::Inspect.execute(args.first,options, global_options)
   end

data/lib/sport_ngin_aws_auditor/convenience_wrappers.rb

@@ -1,92 +1,4 @@
-require_relative './aws'
-require 'aws-sdk'
-require_relative './google'
-
 module SportNginAwsAuditor
-  attr_accessor :assume_role_creds
-
-  module AWSWrapper
-    def aws(environment, global_options)
-      if global_options[:aws_roles]
-        SportNginAwsAuditor::AWSSDK.update_aws_config({region: 'us-east-1'})
-      elsif global_options[:assume_roles]
-        @assume_role_creds = SportNginAwsAuditor::AWSSDK.authenticate_with_assumed_roles(environment,
-                                                                                         global_options[:arn_id],
-                                                                                         global_options[:role_name],
-                                                                                         get_sts_client(environment))
-      else
-        SportNginAwsAuditor::AWSSDK.authenticate_with_iam(environment)
-      end
-    end
-
-    def get_account_id
-      Aws::STS::Client.new.get_caller_identity.account
-    end
-
-    def get_sts_client(environment)
-      @sts_client ||= Aws::STS::Client.new(profile: environment, region: 'us-east-1')
-    end
-
-    def reset_credentials
-      SportNginAwsAuditor::AWSSDK.update_aws_config({credentials: Aws::InstanceProfileCredentials.new})
-    end
-  end
-
-  module EC2Wrapper
-    def self.ec2(region=nil)
-      if @assume_role_creds && region 
-        @ec2 = Aws::EC2::Client.new(credentials: @assume_role_creds, region: region)
-      elsif @assume_role_creds && !region
-        @ec2 = Aws::EC2::Client.new(credentials: @assume_role_creds)
-      elsif @assume_role_creds.nil? && region
-        @ec2 = Aws::EC2::Client.new(region: region)
-      else
-        @ec2 = Aws::EC2::Client.new
-      end
-    end
-  end
-
-  module OpsWorksWrapper
-    attr_accessor :opsworks
-
-    def opsworks
-      return @opsworks if @opsworks
-      if @assume_role_creds
-        @opsworks = Aws::Opsworks::Client.new(credentials: @assume_role_creds)
-      else
-        @opsworks = Aws::OpsWorks::Client.new
-      end
-    end
-  end
-
-  module RDSWrapper
-    def self.rds(region=nil)
-      if @assume_role_creds && region
-        @rds = Aws::RDS::Client.new(credentials: @assume_role_creds, region: region)
-      elsif @assume_role_creds && !region
-        @rds = Aws::RDS::Client.new(credentials: @assume_role_creds)
-      elsif @assume_role_creds.nil? && region
-        @rds = Aws::RDS::Client.new(region: region)
-      else
-        @rds = Aws::RDS::Client.new
-      end
-    end
-  end
-    
-  module CacheWrapper
-    def self.cache(region=nil)
-      if @assume_role_creds && region
-        @cache = Aws::ElastiCache::Client.new(credentials: @assume_role_creds, region: region)
-      elsif @assume_role_creds && !region
-        @cache = Aws::ElastiCache::Client.new(credentials: @assume_role_creds)
-      elsif @assume_role_creds.nil? && region
-        @cache = Aws::ElastiCache::Client.new(region: region)
-      else
-        @cache = Aws::ElastiCache::Client.new
-      end
-    end
-  end
-
   module GoogleWrapper
     attr_accessor :google
 

data/lib/sport_ngin_aws_auditor/ec2_instance.rb

@@ -1,12 +1,9 @@
-require_relative './instance_helper'
-
 module SportNginAwsAuditor
   class EC2Instance
     extend InstanceHelper
-    extend EC2Wrapper
 
     class << self
-      def get_instances(client, tag_name=nil)
+      def get_instances(client=AWS.ec2, tag_name=nil)
         instances = client.describe_instances.reservations.map do |reservation|
           reservation.instances.map do |instance|
             next unless instance.state.name == 'running'
@@ -16,7 +13,7 @@ module SportNginAwsAuditor
         get_more_info(instances, client)
       end
 
-      def get_reserved_instances(client)
+      def get_reserved_instances(client=AWS.ec2)
         client.describe_reserved_instances.reserved_instances.map do |instance|
           next unless instance.state == 'active'
           new(instance, nil, instance.instance_count)

data/lib/sport_ngin_aws_auditor/instance.rb

@@ -1,5 +1,3 @@
-require_relative './instance_helper'
-
 module SportNginAwsAuditor
   class Instance
     extend InstanceHelper

data/lib/sport_ngin_aws_auditor/instance_helper.rb

@@ -1,6 +1,3 @@
-require_relative './recently_retired_tag'
-require_relative './audit_data'
-
 module SportNginAwsAuditor
   module InstanceHelper
 

data/lib/sport_ngin_aws_auditor/output.rb

@@ -9,5 +9,9 @@ module SportNginAwsAuditor
     def self.ask(*args, &block)
       terminal.ask(*args, &block)
     end
+
+    def self.say(msg)
+      terminal.say(msg)
+    end
   end
 end

data/lib/sport_ngin_aws_auditor/rds_instance.rb

@@ -1,21 +1,17 @@
-require_relative './instance_helper'
-
 module SportNginAwsAuditor
   class RDSInstance
     extend InstanceHelper
-    extend RDSWrapper
-    extend AWSWrapper
 
     class << self
-      def get_instances(client, tag_name=nil)
-        account_id = get_account_id
+      def get_instances(client=AWS.rds, tag_name=nil)
+        account_id = AWS.get_account_id
         client.describe_db_instances.db_instances.map do |instance|
           next unless instance.db_instance_status.to_s == 'available'
           new(instance, account_id, tag_name, client)
         end.compact
       end
 
-      def get_reserved_instances(client)
+      def get_reserved_instances(client=AWS.rds)
         client.describe_reserved_db_instances.reserved_db_instances.map do |instance|
           next unless instance.state.to_s == 'active'
           new(instance)

data/lib/sport_ngin_aws_auditor/recently_retired_tag.rb

@@ -1,5 +1,3 @@
-require_relative './instance_helper'
-
 module SportNginAwsAuditor
   class RecentlyRetiredTag
 

data/lib/sport_ngin_aws_auditor/scripts/audit.rb

@@ -3,13 +3,9 @@ require 'colorize'
 require 'aws-sdk'
 require_relative "../notify_slack"
 require_relative "../instance"
-require_relative "../audit_data"
-
 module SportNginAwsAuditor
   module Scripts
     class Audit
-      extend AWSWrapper
-
       class << self
         attr_accessor :options, :audit_results
       end
@@ -18,11 +14,10 @@ module SportNginAwsAuditor
 
       def self.execute(environment, options, global_options)
         begin
-          aws(environment, global_options)
+          AWS.configure(environment, global_options)
           collect_options(environment, options, global_options)
           print_title
           @regions.each { |region| audit_region(region) }
-          reset_credentials
         rescue StandardError => e
           if options[:slack]
             NotifySlack.new("Sorry, something seems to have gone wrong.", options[:config_json]).perform
@@ -232,8 +227,7 @@ module SportNginAwsAuditor
       #################### OTHER HELPFUL METHODS ####################
 
       def self.gather_regions
-        ec2 = Aws::EC2::Client.new(region: 'us-east-1')
-        regions = ec2.describe_regions[:regions]
+        regions = AWS.ec2.describe_regions[:regions]
         us_regions = regions.select { |region| region.region_name.include?("us") }
         us_regions.collect { |r| r.region_name }
       end

data/lib/sport_ngin_aws_auditor/scripts/export.rb

@@ -1,11 +1,9 @@
 require 'csv'
-require_relative "../google"
 
 module SportNginAwsAuditor
   module Scripts
     class Export
       extend GoogleWrapper
-      extend AWSWrapper
 
       class << self
         attr_accessor :ec2_instances, :rds_instances, :cache_instances, :options, :file, :keys_hash, :environment
@@ -16,7 +14,7 @@ module SportNginAwsAuditor
       def self.execute(environment, options = nil, global_options = nil)
         @environment = environment
         (puts "Must specify either --drive or --csv"; exit) unless options[:csv] || options[:drive]
-        aws(environment, global_options[:aws_roles])
+        AWS.configure(environment, global_options)
         print "Gathering info, please wait..."
         all_keys = get_all_keys
         all_info = prepare
@@ -78,7 +76,7 @@ module SportNginAwsAuditor
 
       def self.ec2_array
         instance_array = [{name: "OPSWORKS"}]
-        EC2Instance.bucketize.map do |stack_name, stack_instances|
+        EC2Instance.bucketize(AWS.ec2).map do |stack_name, stack_instances|
           instance_array << {:name => stack_name}.merge(EC2Instance.instance_count_hash(stack_instances))
         end
         instance_array
@@ -112,33 +110,33 @@ module SportNginAwsAuditor
           klass = SportNginAwsAuditor.const_get(class_type)
           instances = klass.instance_count_hash(klass.get_instances) if options[:instance]
           instances = klass.instance_count_hash(klass.get_reserved_instances) if options[:reserved]
-          instances = klass.compare if options[:compare]
+          instances = klass.compare if options[:compare] #TODO fix me
           instances
         end.inject(:merge)
       end
 
       def self.ec2_instances
-        @ec2_instances ||= EC2Instance.instance_hash
+        @ec2_instances ||= EC2Instance.instance_hash(AWS.ec2)
       end
 
       def self.ec2_reserved_instances
-        @ec2_reserved_instances ||= EC2Instance.reserved_instance_hash
+        @ec2_reserved_instances ||= EC2Instance.reserved_instance_hash(AWS.ec2)
       end
 
       def self.rds_instances
-        @rds_instances ||= RDSInstance.instance_hash
+        @rds_instances ||= RDSInstance.instance_hash(AWS.rds)
       end
 
       def self.rds_reserved_instances
-        @rds_reserved_instances ||= RDSInstance.reserved_instance_hash
+        @rds_reserved_instances ||= RDSInstance.reserved_instance_hash(AWS.rds)
       end
       
       def self.cache_instances
-        @cache_instances ||= CacheInstance.instance_hash
+        @cache_instances ||= CacheInstance.instance_hash(AWS.cache)
       end
 
       def self.cache_reserved_instances
-        @cache_reserved_instances ||= CacheInstance.reserved_instance_hash
+        @cache_reserved_instances ||= CacheInstance.reserved_instance_hash(AWS.cache)
       end
 
     end

data/lib/sport_ngin_aws_auditor/scripts/inspect.rb

@@ -1,14 +1,9 @@
 module SportNginAwsAuditor
   module Scripts
     class Inspect
-      extend AWSWrapper
-      extend OpsWorksWrapper
-      extend EC2Wrapper
-      extend RDSWrapper
-      extend CacheWrapper
 
       def self.execute(environment, options=nil, global_options=nil)
-        aws(environment, global_options)
+        AWS.configure(environment, global_options)
         region = (global_options[:region].split(', ') if global_options[:region]) || 'us-east-1'
         no_selection = options.values.uniq == [false]
         output("EC2Instance", region) if options[:ec2] || no_selection
@@ -20,16 +15,16 @@ module SportNginAwsAuditor
         klass = SportNginAwsAuditor.const_get(class_type)
 
         if class_type == "EC2Instance"
-          client = EC2Wrapper.ec2(region)
+          client = AWS.ec2(region)
         elsif class_type == "RDSInstance"
-          client = RDSWrapper.rds(region)
+          client = AWS.rds(region)
         elsif class_type == "CacheInstance"
-          client = CacheWrapper.cache(region)
+          client = AWS.cache(region)
         end
 
         print "Gathering info, please wait..."; print "\r"
         instances = class_type == "EC2Instance" ? klass.bucketize(client) : klass.instance_hash(client)
-        say "<%= color('#{header(class_type)}', :white) %>"
+        Output.say "<%= color('#{header(class_type)}', :white) %>"
         instances.each do |key, value|
           pretty_print(key, klass.instance_count_hash(Array(value)))
         end
@@ -49,7 +44,7 @@ module SportNginAwsAuditor
         puts "======================================="
         puts "#{title}"
         puts "======================================="
-        body.each{ |key, value| say "<%= color('#{key}: #{value[:count]}', :white) %>" }
+        body.each{ |key, value| Output.say "<%= color('#{key}: #{value[:count]}', :white) %>" }
         puts "\n"
       end
     end

data/lib/sport_ngin_aws_auditor/version.rb

@@ -1,3 +1,3 @@
 module SportNginAwsAuditor
-  VERSION = "4.1.0"
+  VERSION = "4.2.0"
 end

data/lib/sport_ngin_aws_auditor.rb

@@ -1,14 +1,18 @@
-require_relative 'sport_ngin_aws_auditor/version'
-require_relative 'sport_ngin_aws_auditor/convenience_wrappers'
-require_relative 'sport_ngin_aws_auditor/ec2_instance'
-require_relative 'sport_ngin_aws_auditor/rds_instance'
-require_relative 'sport_ngin_aws_auditor/cache_instance'
-require_relative 'sport_ngin_aws_auditor/instance'
-require_relative 'sport_ngin_aws_auditor/stack'
-require_relative 'sport_ngin_aws_auditor/google_sheet'
-require_relative 'sport_ngin_aws_auditor/output'
-require_relative 'sport_ngin_aws_auditor/config'
-require_relative 'sport_ngin_aws_auditor/notify_slack'
+require 'sport_ngin_aws_auditor/audit_data'
+require 'sport_ngin_aws_auditor/aws'
+require 'sport_ngin_aws_auditor/cache_instance'
+require 'sport_ngin_aws_auditor/config'
+require 'sport_ngin_aws_auditor/convenience_wrappers'
+require 'sport_ngin_aws_auditor/ec2_instance'
+require 'sport_ngin_aws_auditor/google'
+require 'sport_ngin_aws_auditor/google_sheet'
+require 'sport_ngin_aws_auditor/instance'
+require 'sport_ngin_aws_auditor/instance_helper'
+require 'sport_ngin_aws_auditor/notify_slack'
+require 'sport_ngin_aws_auditor/output'
+require 'sport_ngin_aws_auditor/rds_instance'
+require 'sport_ngin_aws_auditor/recently_retired_tag'
+require 'sport_ngin_aws_auditor/version'
 
 module SportNginAwsAuditor
 

data/spec/sport_ngin_aws_auditor/audit_data_spec.rb

@@ -24,6 +24,7 @@ module SportNginAwsAuditor
                                                                                'instance2' => 1})
       allow(SportNginAwsAuditor::EC2Instance).to receive(:get_recent_retired_reserved_instances).and_return(@retired_ris)
       allow(Instance).to receive(:new).and_return(@instance)
+      allow(SportNginAwsAuditor::AWS).to receive(:client_options).and_return(region: 'us-east-1', credentials: {})
     end
 
     context '#initialization' do

data/spec/sport_ngin_aws_auditor/aws_spec.rb

@@ -1,29 +1,34 @@
 require "sport_ngin_aws_auditor"
 
 module SportNginAwsAuditor
-  describe AWSSDK do
-    context 'without mfa without roles' do
+  describe AWS do
+    before do
+      AWS.reset
+    end
+
+    context 'shared credentials file without mfa' do
       before :each do
         mfa_devices = double('mfa_devices', mfa_devices: [])
         iam_client = double('iam_client', list_mfa_devices: mfa_devices)
         allow(Aws::IAM::Client).to receive(:new).and_return(iam_client)
+        AWS.configure('staging', {})
       end
 
       it "should receive new Aws::SharedCredentials" do
-        expect(Aws::SharedCredentials).to receive(:new).with(profile_name: 'staging')
-        AWSSDK::authenticate_with_iam('staging')
+        expect(Aws::SharedCredentials).to receive(:new).with(profile_name: 'staging').and_call_original
+        AWS.auth_with_iam
       end
 
-      it "should update configs" do
+      it "should set credentials" do
         coffee_types = {:coffee => "cappuccino", :beans => "arabica"}
         allow(Aws::SharedCredentials).to receive(:new).and_return(coffee_types)
-        expect(Aws.config).to receive(:update).with({region: 'us-east-1', credentials: coffee_types})
-        AWSSDK::authenticate_with_iam('staging')
+        AWS.auth_with_iam
+        expect(AWS.credentials).to_not be_nil
       end
     end
 
-    context 'with mfa without roles' do
-      it "should use MFA if it should" do
+    context 'shared credentials file with mfa' do
+      it "should use MFA when user has device configured" do
         shared_credentials = double('shared_credentials', access_key_id: 'access_key_id',
                                                           secret_access_key: 'secret_access_key')
         shared_creds = double('shared_creds', credentials: shared_credentials)
@@ -41,18 +46,20 @@ module SportNginAwsAuditor
 
         expect(Aws::Credentials).to receive(:new).and_return(cred_double).at_least(:once)
         expect(Aws::SharedCredentials).to receive(:new).and_return(shared_creds)
-        AWSSDK::authenticate_with_iam('staging')
+        AWS.auth_with_iam
       end
     end
 
-    context 'without mfa with roles' do
-      it "should update configs" do
-        expect(Aws.config).to receive(:update).with({region: 'us-east-1'})
-        AWSSDK::update_aws_config({region: 'us-east-1'})
+    context "using AWS server role" do
+      it "should configure SDK integration and return client" do
+        AWS.configure('staging', aws_roles: true)
+        expect(AWS.environment).to eq('staging')
+        expect(AWS.credentials).to be_nil
+        expect(AWS.ec2).to_not be_nil
       end
     end
 
-    context 'without mfa with multiple accounts' do
+    context 'using cross account assumed roles' do
       before :each do
         cred_double = double('cred_hash', access_key_id: 'access_key_id',
                                           secret_access_key: 'secret_access_key',
@@ -63,14 +70,9 @@ module SportNginAwsAuditor
         allow(Aws::AssumeRoleCredentials).to receive(:new).and_return(cred_double)
       end
 
-      it "should update config" do
-        expect(Aws.config).to receive(:update)
-        AWSSDK::authenticate_with_assumed_roles('staging', '999999999999', 'CrossAccountAuditorAccess', @sts)
-      end
-
-      it "should call for some credentials" do
-        expect(Aws::AssumeRoleCredentials).to receive(:new)
-        AWSSDK::authenticate_with_assumed_roles('staging', '999999999999', 'CrossAccountAuditorAccess', @sts)
+      it "should set credentials" do
+        AWS.auth_with_assumed_roles('999999999999', 'CrossAccountAuditorAccess')
+        expect(AWS.credentials).to_not be_nil
       end
     end
   end

data/spec/sport_ngin_aws_auditor/cache_instance_spec.rb

@@ -8,6 +8,7 @@ module SportNginAwsAuditor
       client = double('client', get_caller_identity: identity)
       allow(Aws::STS::Client).to receive(:new).and_return(client)
       # @client = Aws::ElastiCache::Client.new(region: 'us-east-1')
+      allow(SportNginAwsAuditor::AWS).to receive(:client_options).and_return(region: 'us-east-1', credentials: {})
     end
 
     after :each do

data/spec/sport_ngin_aws_auditor/rds_instance_spec.rb

@@ -7,6 +7,7 @@ module SportNginAwsAuditor
       identity = double('identity', account: 123456789)
       client = double('client', get_caller_identity: identity)
       allow(Aws::STS::Client).to receive(:new).and_return(client)
+      allow(SportNginAwsAuditor::AWS).to receive(:client_options).and_return(region: 'us-east-1', credentials: {})
     end
 
     after :each do

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: sport_ngin_aws_auditor
 version: !ruby/object:Gem::Version
-  version: 4.1.0
+  version: 4.2.0
 platform: ruby
 authors:
 - Elliot Hursh
@@ -10,7 +10,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2017-03-01 00:00:00.000000000 Z
+date: 2017-03-07 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk
@@ -238,7 +238,6 @@ files:
 - lib/sport_ngin_aws_auditor/scripts/audit.rb
 - lib/sport_ngin_aws_auditor/scripts/export.rb
 - lib/sport_ngin_aws_auditor/scripts/inspect.rb
-- lib/sport_ngin_aws_auditor/stack.rb
 - lib/sport_ngin_aws_auditor/version.rb
 - spec/spec_helper.rb
 - spec/sport_ngin_aws_auditor/audit_data_spec.rb

data/lib/sport_ngin_aws_auditor/stack.rb

@@ -1,63 +0,0 @@
-require 'highline/import'
-
-module SportNginAwsAuditor
-  class Stack
-    extend OpsWorksWrapper
-    extend EC2Wrapper
-
-    class << self
-      attr_accessor :instances, :stacks
-    end
-
-    attr_accessor :id, :name, :instances
-    def initialize(aws_stack)
-      @id = aws_stack[:stack_id]
-      @name = aws_stack[:name]
-      @instances = get_instances.compact
-    end
-
-    def get_instances
-      return @instances if @instances
-      @instances = self.class.opsworks.describe_instances({stack_id: id})[:instances].map do |instance|
-        next unless instance[:status].to_s == 'online'
-        self.class.all_instances[instance[:ec2_instance_id]].stack_id = id
-        self.class.all_instances[instance[:ec2_instance_id]]
-      end
-    end
-
-    def print_instances
-      EC2Instance.instance_count_hash(self.instances).each do |key,value|
-        say "<%= color('#{key}: #{value}', :white) %>"
-      end
-    end
-
-    def pretty_print
-      puts "----------------------------------"
-      puts "#{@name}"
-      puts "----------------------------------"
-      print_instances
-      puts "\n"
-    end
-    
-    def self.all
-      return @stacks if @stacks 
-      @stacks = opsworks.describe_stacks.data[:stacks].map do |stack|
-        new(stack)
-      end.sort! { |a,b| a.name.downcase <=> b.name.downcase }
-    end
-
-    def self.all_instances
-      @all_instances ||= EC2Instance.instance_hash
-    end
-
-    def self.instances_without_stack 
-      all #simply getting all stacks to make sure instance stack_ids is set
-      all_instances.map do |id, instance|
-        next if instance.stack_id 
-        instance
-      end.compact
-    end
-
-  end
-end
-