sport_ngin_aws_auditor 4.2.0 → 4.2.1

Sign up to get free protection for your applications and to get access to all the features.
Files changed (10) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.markdown +8 -0
  3. data/lib/sport_ngin_aws_auditor/aws.rb +5 -4
  4. data/lib/sport_ngin_aws_auditor/ec2_instance.rb +14 -3
  5. data/lib/sport_ngin_aws_auditor/instance.rb +1 -1
  6. data/lib/sport_ngin_aws_auditor/scripts/audit.rb +1 -1
  7. data/lib/sport_ngin_aws_auditor/version.rb +1 -1
  8. data/spec/sport_ngin_aws_auditor/aws_spec.rb +5 -1
  9. data/spec/sport_ngin_aws_auditor/ec2_instance_spec.rb +38 -3
  10. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: e6e2a11ed64e5f72238b80eb808015489df6a243
4
- data.tar.gz: 1b09c49f16a8bf21db028a1be599ed09ff107526
3
+ metadata.gz: 097d2b8ebf92bd8bebefe7e88ea6488d79027fcc
4
+ data.tar.gz: 81c8048fa5698dfe4c67701ca0358052d8e2b15a
5
5
  SHA512:
6
- metadata.gz: b3e794c240a871df8314544b34a2a065409cd83e5bd09f8842e6f5fd6a3a75ad1d9b1ce4f5c4ab5ca0c3bad72cdbcdbd55636b4f52021ff95f6a545ad12fb2ee
7
- data.tar.gz: 4d845435e3ede6990360081c22a084545adc66dd76be55234ac1182945b77dca3967b541432da25f3d23601c4ae67d1fdde53aa2c44316f764beda3768037219
6
+ metadata.gz: e1420329217ae71010ee6c21930928f35b71bbbe76622dbf5a972fe487f3cd0ba764dbc6760598fecca72a22a548c86bd61cf9dd35ffe788dcffc03b3e551728
7
+ data.tar.gz: c85e78bba0677e337a9c79078dcf378b1895ebcb85875e61f62d12908fc4213c5a44e04041f71fa39af5dbf0efd303ddf09efb4eebef9f513e940bfb412fbd2a
data/CHANGELOG.markdown CHANGED
@@ -1 +1,9 @@
1
+ #### v4.2.1
2
+ * Only give the name 'VPC' to an instance if the account supports EC2 Classic
3
+
4
+ > Emma Sax: Unknown User: https://github.com/sportngin/sport_ngin_aws_auditor/pull/40
5
+
1
6
  #### v4.2.0
7
+ * Thread safe AWS SDK authentication
8
+
9
+ > Brian Bergstrom: https://github.com/sportngin/sport_ngin_aws_auditor/pull/37
data/lib/sport_ngin_aws_auditor/aws.rb CHANGED
@@ -46,8 +46,9 @@ module SportNginAwsAuditor
46
46
  Aws::STS::Client.new(client_options).get_caller_identity.account
47
47
  end
48
48
 
49
- def self.sts_for_instance
50
- Aws::STS::Client.new(region: DEFAULT_REGION, credentials: Aws::InstanceProfileCredentials.new)
49
+ def self.sts
50
+ creds = Aws::SharedCredentials.new(profile_name: @environment).credentials || Aws::InstanceProfileCredentials.new
51
+ Aws::STS::Client.new(region: DEFAULT_REGION, credentials: creds)
51
52
  end
52
53
 
53
54
  def self.ec2(region=DEFAULT_REGION)
@@ -87,12 +88,12 @@ module SportNginAwsAuditor
87
88
  def self.auth_with_assumed_roles(arn_id, role_name)
88
89
  role_arn = "arn:aws:iam::#{arn_id}:role/#{role_name}"
89
90
  session_name = "auditor#{Time.now.to_i}"
90
- @credentials = Aws::AssumeRoleCredentials.new(client: sts_for_instance, role_arn: role_arn, role_session_name: session_name)
91
+ @credentials = Aws::AssumeRoleCredentials.new(client: sts, role_arn: role_arn, role_session_name: session_name)
91
92
  end
92
93
 
93
94
  def self.get_session(mfa_token, mfa_serial_number)
94
95
  return @session if @session
95
- @session = sts_for_instance.get_session_token(duration_seconds: 3600, serial_number: mfa_serial_number, token_code: mfa_token)
96
+ @session = sts.get_session_token(duration_seconds: 3600, serial_number: mfa_serial_number, token_code: mfa_token)
96
97
  end
97
98
 
98
99
  end
data/lib/sport_ngin_aws_auditor/ec2_instance.rb CHANGED
@@ -52,7 +52,8 @@ module SportNginAwsAuditor
52
52
  private :get_more_info
53
53
  end
54
54
 
55
- attr_accessor :id, :name, :platform, :availability_zone, :scope, :instance_type, :count, :stack_name, :tag_value, :tag_reason, :expiration_date, :count_remaining
55
+ attr_accessor :id, :name, :platform, :availability_zone, :scope, :instance_type, :count, :stack_name,
56
+ :tag_value, :tag_reason, :expiration_date, :count_remaining
56
57
  def initialize(ec2_instance, tag_name, count=1)
57
58
  if ec2_instance.class.to_s == "Aws::EC2::Types::ReservedInstances"
58
59
  self.id = ec2_instance.reserved_instances_id
@@ -60,6 +61,7 @@ module SportNginAwsAuditor
60
61
  self.platform = platform_helper(ec2_instance.product_description)
61
62
  self.scope = ec2_instance.scope
62
63
  self.availability_zone = self.scope == 'Region' ? nil : ec2_instance.availability_zone
64
+ self.availability_zone << ' ' if self.availability_zone != nil
63
65
  self.instance_type = ec2_instance.instance_type
64
66
  self.count = count
65
67
  self.stack_name = nil
@@ -70,6 +72,7 @@ module SportNginAwsAuditor
70
72
  self.platform = platform_helper((ec2_instance.platform || ''), ec2_instance.vpc_id)
71
73
  self.scope = nil
72
74
  self.availability_zone = ec2_instance.placement.availability_zone
75
+ self.availability_zone << ' ' if self.availability_zone != nil
73
76
  self.instance_type = ec2_instance.instance_type
74
77
  self.count = count
75
78
  self.stack_name = nil
@@ -88,7 +91,7 @@ module SportNginAwsAuditor
88
91
  end
89
92
 
90
93
  def to_s
91
- "#{platform} #{availability_zone} #{instance_type}"
94
+ "#{platform} #{availability_zone}#{instance_type}"
92
95
  end
93
96
 
94
97
  def no_reserved_instance_tag_value
@@ -104,12 +107,20 @@ module SportNginAwsAuditor
104
107
  platform << 'Linux'
105
108
  end
106
109
 
107
- if description.downcase.include?('vpc') || vpc
110
+ if ec2_classic_support && (description.downcase.include?('vpc') || vpc)
108
111
  platform << ' VPC'
109
112
  end
110
113
 
111
114
  return platform
112
115
  end
113
116
  private :platform_helper
117
+
118
+ def ec2_classic_support(client=AWS.ec2)
119
+ account_attributes = client.describe_account_attributes.account_attributes
120
+ attribute = account_attributes.select { |aa| aa.attribute_name == 'supported-platforms' }.first
121
+ attribute_values = attribute.attribute_values
122
+ attribute_values_array = attribute_values.collect { |v| v.attribute_value }
123
+ return attribute_values_array.include?('EC2')
124
+ end
114
125
  end
115
126
  end
data/lib/sport_ngin_aws_auditor/instance.rb CHANGED
@@ -54,7 +54,7 @@ module SportNginAwsAuditor
54
54
  end
55
55
 
56
56
  if region_based?
57
- # if type = 'Linux VPC t2.small'...
57
+ # if type = 'Linux VPC t2.small'...
58
58
  my_match = type.match(/(\w*\s*\w*\s{1})\s*(\s*\S*)/)
59
59
 
60
60
  # then platform = 'Linux VPC '...
data/lib/sport_ngin_aws_auditor/scripts/audit.rb CHANGED
@@ -104,7 +104,7 @@ module SportNginAwsAuditor
104
104
  retired_ris.each do |ri|
105
105
  color, rgb, prefix = color_chooser({:instance => ri, :retired_ri => true, :retired_tag => false})
106
106
  if ri.availability_zone.nil?
107
- # if ri.to_s = 'Linux VPC t2.small'...
107
+ # if ri.to_s = 'Linux VPC t2.small'...
108
108
  my_match = ri.to_s.match(/(\w*\s*\w*\s{1})\s*(\s*\S*)/)
109
109
 
110
110
  # then platform = 'Linux VPC '...
data/lib/sport_ngin_aws_auditor/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module SportNginAwsAuditor
2
- VERSION = "4.2.0"
2
+ VERSION = "4.2.1"
3
3
  end
data/spec/sport_ngin_aws_auditor/aws_spec.rb CHANGED
@@ -45,7 +45,7 @@ module SportNginAwsAuditor
45
45
  allow(Aws::IAM::Client).to receive(:new).and_return(iam_client)
46
46
 
47
47
  expect(Aws::Credentials).to receive(:new).and_return(cred_double).at_least(:once)
48
- expect(Aws::SharedCredentials).to receive(:new).and_return(shared_creds)
48
+ expect(Aws::SharedCredentials).to receive(:new).and_return(shared_creds).twice
49
49
  AWS.auth_with_iam
50
50
  end
51
51
  end
@@ -65,9 +65,13 @@ module SportNginAwsAuditor
65
65
  secret_access_key: 'secret_access_key',
66
66
  session_token: 'session_token')
67
67
  new_creds = double('new_creds', credentials: cred_double)
68
+ shared_credentials = double('shared_credentials', access_key_id: 'access_key_id',
69
+ secret_access_key: 'secret_access_key')
70
+ shared_creds = double('shared_creds', credentials: shared_credentials)
68
71
  @sts = double('sts', get_session_token: new_creds)
69
72
  allow(Aws::STS::Client).to receive(:new).and_return(@sts)
70
73
  allow(Aws::AssumeRoleCredentials).to receive(:new).and_return(cred_double)
74
+ expect(Aws::SharedCredentials).to receive(:new).and_return(shared_creds)
71
75
  end
72
76
 
73
77
  it "should set credentials" do
data/spec/sport_ngin_aws_auditor/ec2_instance_spec.rb CHANGED
@@ -39,6 +39,13 @@ module SportNginAwsAuditor
39
39
  stack_tag = { key: "opsworks:stack", value: "our_app_service_2" }
40
40
  client_tags = double('tags', tags: [name_tag, stack_tag])
41
41
  @ec2_client = double('@ec2_client', describe_instances: ec2_instances, describe_tags: client_tags)
42
+ ec2_value = double('value', attribute_value: "EC2")
43
+ vpc_value = double('value', attribute_value: "VPC")
44
+ arr_of_hashes = [ec2_value, vpc_value]
45
+ attr_values = double('attr_values', attribute_name: 'supported-platforms', attribute_values: arr_of_hashes)
46
+ account_attributes = double('account_attributes', account_attributes: [attr_values])
47
+ allow(@ec2_client).to receive(:describe_account_attributes).and_return(account_attributes)
48
+ allow(Aws::EC2::Client).to receive(:new).and_return(@ec2_client)
42
49
  end
43
50
 
44
51
  it "should make an ec2_instance for each instance" do
@@ -59,7 +66,7 @@ module SportNginAwsAuditor
59
66
  expect(instance.stack_name).to eq("our_app_service_2")
60
67
  expect(instance.name).to eq("our-app-instance-100")
61
68
  expect(instance.id).to eq("i-thisisfake")
62
- expect(instance.availability_zone).to eq("us-east-1d")
69
+ expect(instance.availability_zone).to eq("us-east-1d ")
63
70
  expect(instance.instance_type).to eq("t2.large")
64
71
  expect(instance.platform).to eq("Linux VPC")
65
72
  end
@@ -93,6 +100,13 @@ module SportNginAwsAuditor
93
100
  class: "Aws::EC2::Types::ReservedInstances")
94
101
  reserved_ec2_instances = double('reserved_ec2_instances', reserved_instances: [reserved_ec2_instance1, reserved_ec2_instance2])
95
102
  @ec2_client = double('@ec2_client', describe_reserved_instances: reserved_ec2_instances)
103
+ ec2_value = double('value', attribute_value: "EC2")
104
+ vpc_value = double('value', attribute_value: "VPC")
105
+ arr_of_hashes = [ec2_value, vpc_value]
106
+ attr_values = double('attr_values', attribute_name: 'supported-platforms', attribute_values: arr_of_hashes)
107
+ account_attributes = double('account_attributes', account_attributes: [attr_values])
108
+ allow(@ec2_client).to receive(:describe_account_attributes).and_return(account_attributes)
109
+ allow(Aws::EC2::Client).to receive(:new).and_return(@ec2_client)
96
110
  end
97
111
 
98
112
  it "should make a reserved_ec2_instance for each instance" do
@@ -112,7 +126,7 @@ module SportNginAwsAuditor
112
126
  reserved_instance = reserved_instances.first
113
127
  expect(reserved_instance.id).to eq("12345-dfas-1234-asdf-thisisfake!!")
114
128
  expect(reserved_instance.platform).to eq("Windows VPC")
115
- expect(reserved_instance.availability_zone).to eq("us-east-1b")
129
+ expect(reserved_instance.availability_zone).to eq("us-east-1b ")
116
130
  expect(reserved_instance.instance_type).to eq("t2.medium")
117
131
  expect(reserved_instance.count).to eq(4)
118
132
  end
@@ -158,6 +172,13 @@ module SportNginAwsAuditor
158
172
  retired_reserved_ec2_instance2,
159
173
  reserved_ec2_instance1])
160
174
  @ec2_client = double('@ec2_client', describe_reserved_instances: reserved_ec2_instances)
175
+ ec2_value = double('value', attribute_value: "EC2")
176
+ vpc_value = double('value', attribute_value: "VPC")
177
+ arr_of_hashes = [ec2_value, vpc_value]
178
+ attr_values = double('attr_values', attribute_name: 'supported-platforms', attribute_values: arr_of_hashes)
179
+ account_attributes = double('account_attributes', account_attributes: [attr_values])
180
+ allow(@ec2_client).to receive(:describe_account_attributes).and_return(account_attributes)
181
+ allow(Aws::EC2::Client).to receive(:new).and_return(@ec2_client)
161
182
  end
162
183
 
163
184
  it "should make a retired_reserved_ec2_instance for each instance" do
@@ -177,7 +198,7 @@ module SportNginAwsAuditor
177
198
  retired_reserved_instance = retired_reserved_instances.first
178
199
  expect(retired_reserved_instance.id).to eq("12345-dfas-1234-asdf-thisisfake!!")
179
200
  expect(retired_reserved_instance.platform).to eq("Windows VPC")
180
- expect(retired_reserved_instance.availability_zone).to eq("us-east-1b")
201
+ expect(retired_reserved_instance.availability_zone).to eq("us-east-1b ")
181
202
  expect(retired_reserved_instance.instance_type).to eq("t2.medium")
182
203
  expect(retired_reserved_instance.count).to eq(4)
183
204
  expect(retired_reserved_instance.expiration_date).to be >= @time - 86500
@@ -215,6 +236,13 @@ module SportNginAwsAuditor
215
236
  stack_tag = { key: "opsworks:stack", value: "our_app_service_2" }
216
237
  tags = double('tags', tags: [name_tag, stack_tag])
217
238
  @ec2_client = double('@ec2_client', describe_instances: ec2_instances, describe_tags: tags)
239
+ ec2_value = double('value', attribute_value: "EC2")
240
+ vpc_value = double('value', attribute_value: "VPC")
241
+ arr_of_hashes = [ec2_value, vpc_value]
242
+ attr_values = double('attr_values', attribute_name: 'supported-platforms', attribute_values: arr_of_hashes)
243
+ account_attributes = double('account_attributes', account_attributes: [attr_values])
244
+ allow(@ec2_client).to receive(:describe_account_attributes).and_return(account_attributes)
245
+ allow(Aws::EC2::Client).to receive(:new).and_return(@ec2_client)
218
246
  instances = EC2Instance.get_instances(@ec2_client, "tag_name")
219
247
  instance = instances.first
220
248
  expect(instance.to_s).to eq("Linux VPC us-east-1d t2.large")
@@ -247,6 +275,13 @@ module SportNginAwsAuditor
247
275
  stack_tag = { key: "opsworks:stack", value: "our_app_service_2" }
248
276
  tags = double('tags', tags: [name_tag, stack_tag])
249
277
  @ec2_client = double('@ec2_client', describe_instances: ec2_instances, describe_tags: tags)
278
+ ec2_value = double('value', attribute_value: "EC2")
279
+ vpc_value = double('value', attribute_value: "VPC")
280
+ arr_of_hashes = [ec2_value, vpc_value]
281
+ attr_values = double('attr_values', attribute_name: 'supported-platforms', attribute_values: arr_of_hashes)
282
+ account_attributes = double('account_attributes', account_attributes: [attr_values])
283
+ allow(@ec2_client).to receive(:describe_account_attributes).and_return(account_attributes)
284
+ allow(Aws::EC2::Client).to receive(:new).and_return(@ec2_client)
250
285
  end
251
286
 
252
287
  it "should return a hash where the first element's key is the opsworks:stack name of the instances" do
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: sport_ngin_aws_auditor
3
3
  version: !ruby/object:Gem::Version
4
- version: 4.2.0
4
+ version: 4.2.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Elliot Hursh
@@ -10,7 +10,7 @@ authors:
10
10
  autorequire:
11
11
  bindir: bin
12
12
  cert_chain: []
13
- date: 2017-03-07 00:00:00.000000000 Z
13
+ date: 2017-03-31 00:00:00.000000000 Z
14
14
  dependencies:
15
15
  - !ruby/object:Gem::Dependency
16
16
  name: aws-sdk