swa 0.8.6 → 1.0.0

data/lib/swa/cli/iam_command.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require "aws-sdk-iam"
 require "swa/cli/base_command"
 require "swa/cli/collection_behaviour"
@@ -10,6 +12,7 @@ require "swa/iam/role"
 require "swa/iam/user"
 
 module Swa
+
   module CLI
 
     class IamCommand < BaseCommand
@@ -36,8 +39,6 @@ module Swa
 
         include CollectionBehaviour
 
-        private
-
         def collection
           query_for(:groups, Swa::IAM::Group)
         end
@@ -50,8 +51,6 @@ module Swa
 
         include ItemBehaviour
 
-        private
-
         def item
           Swa::IAM::InstanceProfile.new(iam.instance_profile(File.basename(name)))
         end
@@ -66,8 +65,6 @@ module Swa
 
         include CollectionBehaviour
 
-        private
-
         def collection
           query_for(:instance_profiles, Swa::IAM::InstanceProfile)
         end
@@ -80,8 +77,6 @@ module Swa
 
         include ItemBehaviour
 
-        private
-
         def item
           Swa::IAM::Policy.new(iam.policy(arn))
         end
@@ -117,14 +112,12 @@ module Swa
 
         include CollectionBehaviour
 
-        private
-
         def collection
           query_for(:policies, Swa::IAM::Policy, query_options)
         end
 
         def query_options
-          { :scope => scope }.reject { |_k,v| v.nil? }
+          { scope: scope }.compact
         end
 
       end
@@ -135,8 +128,6 @@ module Swa
 
         include ItemBehaviour
 
-        private
-
         def role
           Swa::IAM::Role.new(iam.role(File.basename(name)))
         end
@@ -148,8 +139,8 @@ module Swa
         subcommand "assume", "Assume the role" do
 
           option "--session-name", "NAME", "STS session-name",
-                 :environment_variable => "USER",
-                 :default => "swa"
+                 environment_variable: "USER",
+                 default: "swa"
 
           parameter "[COMMAND] ...", "command to execute"
 
@@ -162,29 +153,35 @@ module Swa
             end
           end
 
-          private
-
           def assume
             response = sts_client.assume_role(
-              :role_arn => item.arn,
-              :role_session_name => session_name
+              role_arn: item.arn,
+              role_session_name: session_name
             )
             Swa::IAM::Credentials.new(response.credentials.to_h)
           end
 
           def dump_env(env)
-            env.each do |k,v|
+            env.each do |k, v|
               puts "#{k}=#{v}"
             end
           end
 
         end
 
-        subcommand ["policies"], "Show role policies." do
+        subcommand ["attached-policies"], "Show attached managed policies." do
 
           include CollectionBehaviour
 
-          private
+          def collection
+            role.attached_policies
+          end
+
+        end
+
+        subcommand ["policies"], "Show role policies." do
+
+          include CollectionBehaviour
 
           def collection
             role.policies
@@ -206,14 +203,33 @@ module Swa
 
           end
 
-          private
-
           def item
             role.policy(policy_name)
           end
 
         end
 
+        subcommand ["simulate"], "Simulate an action" do
+
+          parameter "ACTION ...", "action to simulate"
+
+          option %w[--resource -R], "RESOURCE", "resource ARN", multivalued: true do |arg|
+            arg.sub(%r{\As3://}, "arn:aws:s3:::")
+          end
+
+          def execute
+            evaluation_results = iam.client.simulate_principal_policy(
+              policy_source_arn: role.arn,
+              action_names: action_list,
+              resource_arns: resource_list
+            ).each.flat_map(&:evaluation_results).map { |result| stringify_keys(result.to_h) }
+            display_data(evaluation_results)
+          end
+
+          include DataPresentation
+
+        end
+
         subcommand "trust-policy", "print AssumeRolePolicyDocument" do
 
           self.default_subcommand = "data"
@@ -226,8 +242,6 @@ module Swa
               display_data(trust_policy_data, query)
             end
 
-            private
-
             def trust_policy_data
               JSON.parse(role.assume_role_policy_document)
             end
@@ -254,8 +268,6 @@ module Swa
 
         include CollectionBehaviour
 
-        private
-
         def collection
           query_for(:roles, Swa::IAM::Role)
         end
@@ -268,8 +280,6 @@ module Swa
 
         include ItemBehaviour
 
-        private
-
         def item
           Swa::IAM::User.new(iam.user(File.basename(name)))
         end
@@ -284,8 +294,6 @@ module Swa
 
         include CollectionBehaviour
 
-        private
-
         def collection
           query_for(:users, Swa::IAM::User)
         end
@@ -300,7 +308,7 @@ module Swa
 
       def query_for(query_method, resource_model, *query_args)
         aws_resources = iam.public_send(query_method, *query_args)
-        wrapped_resources = resource_model.list(aws_resources)
+        resource_model.list(aws_resources)
       end
 
       def sts_client
@@ -310,4 +318,5 @@ module Swa
     end
 
   end
+
 end

data/lib/swa/cli/item_behaviour.rb

@@ -1,10 +1,12 @@
+# frozen_string_literal: true
+
 module Swa
+
   module CLI
 
     module ItemBehaviour
 
       def self.included(target)
-
         target.subcommand ["summary", "s"], "One-line summary" do
           def execute
             puts item.summary
@@ -20,10 +22,10 @@ module Swa
           end
 
         end
-
       end
 
     end
 
   end
+
 end

data/lib/swa/cli/kms_command.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require "aws-sdk-kms"
 require "swa/cli/base_command"
 require "swa/cli/collection_behaviour"
@@ -6,6 +8,7 @@ require "swa/kms/alias"
 require "swa/kms/key"
 
 module Swa
+
   module CLI
 
     class KmsCommand < BaseCommand
@@ -28,10 +31,29 @@ module Swa
 
         include ItemBehaviour
 
-        private
-
         def item
-          Swa::KMS::Key.new(kms_client.describe_key(:key_id => id).key_metadata)
+          Swa::KMS::Key.new(kms_client.describe_key(key_id: id).key_metadata)
+        end
+
+        subcommand ["policies"], "Show key policies" do
+
+          def execute
+            policy_names = kms_client.list_key_policies(key_id: id).lazy.flat_map(&:policy_names)
+            puts(*policy_names)
+          end
+
+        end
+
+        subcommand ["policy"], "Show named key policy" do
+
+          parameter "NAME", "policy name"
+
+          def execute
+            policy = kms_client.get_key_policy(key_id: id, policy_name: name)
+            policy_data = MultiJson.load(policy.policy)
+            display_data(policy_data)
+          end
+
         end
 
       end
@@ -40,8 +62,6 @@ module Swa
 
         include CollectionBehaviour
 
-        private
-
         def collection
           query_for(:list_keys, :keys, Swa::KMS::Key)
         end
@@ -61,4 +81,5 @@ module Swa
     end
 
   end
+
 end

data/lib/swa/cli/lake_formation_command.rb

@@ -1,39 +1,101 @@
+# frozen_string_literal: true
+
 require "aws-sdk-lakeformation"
 require "swa/cli/base_command"
 require "swa/cli/collection_behaviour"
 require "swa/cli/item_behaviour"
+require "swa/lake_formation/data_lake_settings"
 require "swa/lake_formation/permission"
 require "swa/lake_formation/resource_info"
+require "swa/lake_formation/tag"
 
 module Swa
+
   module CLI
 
     class LakeFormationCommand < BaseCommand
 
+      subcommand ["data-lake-settings", "settings"], "Show Data Lake Settings" do
+
+        self.default_subcommand = "data"
+
+        include ItemBehaviour
+
+        private
+
+        def item
+          Swa::LakeFormation::DataLakeSettings.new(lf_client.get_data_lake_settings.data_lake_settings)
+        end
+
+        def execute
+          display_data(stringify_keys(response.data_lake_settings.to_h))
+        end
+
+      end
+
+      subcommand ["lf-tags", "tags"], "Show LF-Tags" do
+
+        self.description = <<-EOF
+          List LF-Tags.
+        EOF
+
+        include CollectionBehaviour
+
+        def collection
+          query_for(:list_lf_tags, :lf_tags, Swa::LakeFormation::Tag)
+        end
+      end
+
       subcommand ["permissions"], "Show permissions" do
 
         self.description = <<-EOF
           List permissions.
         EOF
 
-        ALLOWED_RESOURCE_TYPES = %w(CATALOG DATABASE TABLE DATA_LOCATION LF_TAG LF_TAG_POLICY LF_TAG_POLICY_DATABASE LF_TAG_POLICY_TABLE)
-
-        option ["--type", "-T"], "TYPE", "Resource type" do |value|
-          value = value.upcase
-          raise ArgumentError, "Invalid resource type: #{value}" unless ALLOWED_RESOURCE_TYPES.include?(value)
-          value
+        option ["--resource", "-R"], "DATABASE[.TABLE]", "Resource", attribute_name: :resource_filter do |value|
+          parse_resource_filter(value)
         end
 
-        include CollectionBehaviour
+        option ["--principal", "-P"], "ARN", "Principal ARN"
 
-        private
+        include CollectionBehaviour
 
         def collection
           query_args = {}
-          query_args[:resource_type] = type if type
+          query_args[:resource] = resource_filter if resource_filter
+          if principal
+            query_args[:principal] = {
+              data_lake_principal_identifier: principal
+            }
+          end
           query_for(:list_permissions, :principal_resource_permissions, Swa::LakeFormation::Permission, **query_args)
         end
 
+        def parse_resource_filter(value)
+          case value
+          when /\A(\w+)\z/
+            {
+              database: {
+                name: value
+              }
+            }
+          when /\A(\w+)\.(\w+|\*)\z/
+            {
+              table: {
+                database_name: ::Regexp.last_match(1),
+                name: ::Regexp.last_match(2)
+              }
+            }.tap do |filter|
+              if ::Regexp.last_match(2) == "*"
+                filter[:table].delete(:name)
+                filter[:table][:table_wildcard] = {}
+              end
+            end
+          else
+            raise ArgumentError, "Invalid resource filter: #{value.inspect}"
+          end
+        end
+
       end
 
       subcommand ["resources"], "Show resources" do
@@ -44,8 +106,6 @@ module Swa
 
         include CollectionBehaviour
 
-        private
-
         def collection
           query_for(:list_resources, :resource_info_list, Swa::LakeFormation::ResourceInfo)
         end
@@ -65,4 +125,5 @@ module Swa
     end
 
   end
+
 end

data/lib/swa/cli/main_command.rb

@@ -1,6 +1,9 @@
+# frozen_string_literal: true
+
 require "swa/cli/base_command"
 require "swa/cli/athena_command"
 require "swa/cli/cloud_formation_command"
+require "swa/cli/cloudtrail_command"
 require "swa/cli/ec2_command"
 require "swa/cli/elb_command"
 require "swa/cli/glue_command"
@@ -10,25 +13,27 @@ require "swa/cli/lake_formation_command"
 require "swa/cli/s3_command"
 
 module Swa
+
   module CLI
 
     class MainCommand < BaseCommand
 
       subcommand "athena", "Athena stuff", AthenaCommand
-      subcommand ["cf", "cloudformation"], "CloudFormation stuff", CloudFormationCommand
+      subcommand %w[cf cloudformation], "CloudFormation stuff", CloudFormationCommand
+      subcommand "cloudtrail", "CloudTrail stuff", CloudtrailCommand
       subcommand "ec2", "EC2 stuff", Ec2Command
       subcommand "elb", "elb stuff", ElbCommand
       subcommand "glue", "Glue stuff", GlueCommand
       subcommand "iam", "IAM stuff", IamCommand
       subcommand "kms", "KMS stuff", KmsCommand
-      subcommand ["lf", "lakeformation"], "LakeFormation stuff", LakeFormationCommand
+      subcommand %w[lf lakeformation], "LakeFormation stuff", LakeFormationCommand
       subcommand "s3", "S3 stuff", S3Command
 
       protected
 
       RESOURCE_PREFIXES_BY_SERVICE = {
-        "ec2" => %w(ami i sg subnet vpc)
-      }
+        "ec2" => %w[ami i sg subnet vpc]
+      }.freeze
 
       def subcommand_for_prefix(prefix)
         RESOURCE_PREFIXES_BY_SERVICE.each do |subcommand, prefixes|
@@ -39,16 +44,20 @@ module Swa
       def parse_parameters
         case remaining_arguments.first
         when /^(\w+)-/
-          subcommand = subcommand_for_prefix($1)
+          subcommand = subcommand_for_prefix(::Regexp.last_match(1))
           remaining_arguments.unshift(subcommand) if subcommand
         when %r{^s3://([^/]+)/(.+/)?$}
-          remaining_arguments[0, 1] = ["s3", "bucket", $1, "objects", "--prefix", $2]
+          remaining_arguments[0, 1] =
+            ["s3", "bucket", ::Regexp.last_match(1), "objects", "--prefix", ::Regexp.last_match(2)]
         when %r{^s3://([^/]+)/(.+)\*$}
-          remaining_arguments[0, 1] = ["s3", "bucket", $1, "objects", "--prefix", $2]
+          remaining_arguments[0, 1] =
+            ["s3", "bucket", ::Regexp.last_match(1), "objects", "--prefix", ::Regexp.last_match(2)]
         when %r{^s3://([^/]+)/(.+)$}
-          remaining_arguments[0, 1] = ["s3", "bucket", $1, "object", $2]
+          remaining_arguments[0, 1] = ["s3", "bucket", ::Regexp.last_match(1), "object", ::Regexp.last_match(2)]
         when %r{^s3://([^/]+)$}
-          remaining_arguments[0, 1] = ["s3", "bucket", $1]
+          remaining_arguments[0, 1] = ["s3", "bucket", ::Regexp.last_match(1)]
+        when %r{^arn:aws:iam::.*:policy/}
+          remaining_arguments.unshift("iam", "policy")
         end
         super
       end
@@ -56,4 +65,5 @@ module Swa
     end
 
   end
+
 end

data/lib/swa/cli/s3_command.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require "aws-sdk-s3"
 require "swa/cli/base_command"
 require "swa/cli/collection_behaviour"
@@ -7,13 +9,14 @@ require "swa/s3/bucket"
 require "swa/s3/object"
 
 module Swa
+
   module CLI
 
     class S3Command < BaseCommand
 
       subcommand "bucket", "Show bucket" do
 
-        parameter "NAME", "bucket name", :attribute_name => :bucket_name
+        parameter "NAME", "bucket name", attribute_name: :bucket_name
 
         include ItemBehaviour
 
@@ -33,23 +36,39 @@ module Swa
 
         alias_method :item, :bucket
 
+        subcommand "arn", "Display ARN" do
+
+          def execute
+            puts "arn:aws:s3:::#{bucket_name}"
+          end
+
+        end
+
         subcommand "object", "Show object" do
 
-          parameter "KEY", "object key", :attribute_name => :object_key
+          parameter "KEY", "object key", attribute_name: :object_key
 
           include ItemBehaviour
 
+          subcommand "arn", "Display ARN" do
+
+            def execute
+              puts "arn:aws:s3:::#{bucket_name}/#{object_key}"
+            end
+
+          end
+
           subcommand "get", "GET object" do
 
             def execute
-              IO.copy_stream(object.get_body, $stdout)
+              IO.copy_stream(object.body, $stdout)
             end
 
           end
 
           subcommand "put", "PUT object" do
 
-            parameter "[PAYLOAD]", "data", :default => "STDIN"
+            parameter "[PAYLOAD]", "data", default: "STDIN"
 
             def execute
               object.put(payload)
@@ -65,7 +84,7 @@ module Swa
 
           subcommand "upload", "Upload file" do
 
-            parameter "FILE", "file name", :attribute_name => :file_name
+            parameter "FILE", "file name", attribute_name: :file_name
 
             def execute
               object.upload_from(file_name)
@@ -75,15 +94,13 @@ module Swa
 
           subcommand "download", "download object to local file" do
 
-            option %w(-T --to), "TARGET", "file or directory to download into", default: ".", attribute_name: :target
+            option %w[-T --to], "TARGET", "file or directory to download into", default: ".", attribute_name: :target
 
             def execute
               object.download_into(target_file_path, &method(:log_download_progress))
               logger.info "Downloaded to #{target_file_path}"
             end
 
-            private
-
             def target_file_path
               if File.directory?(target)
                 File.join(target, File.basename(object_key))
@@ -105,29 +122,27 @@ module Swa
 
           subcommand ["version", "v"], "Show version" do
 
-            parameter "ID", "object version ID", :attribute_name => :version_id
+            parameter "ID", "object version ID", attribute_name: :version_id
 
             include ItemBehaviour
 
             subcommand "get", "GET object" do
 
               def execute
-                IO.copy_stream(version.get_body, $stdout)
+                IO.copy_stream(version.body, $stdout)
               end
 
             end
 
             subcommand "download", "download version to local file" do
 
-              option %w(-T --to), "TARGET", "file or directory to download into", default: ".", attribute_name: :target
+              option %w[-T --to], "TARGET", "file or directory to download into", default: ".", attribute_name: :target
 
               def execute
                 version.download_into(target_file_path)
                 logger.info "Downloaded to #{target_file_path}"
               end
 
-              private
-
               def target_file_path
                 if File.directory?(target)
                   File.join(target, File.basename(object_key))
@@ -152,16 +167,12 @@ module Swa
 
             include CollectionBehaviour
 
-            protected
-
             def collection
-              bucket.object_versions(:prefix => object_key)
+              bucket.object_versions(prefix: object_key)
             end
 
           end
 
-          protected
-
           def object
             Swa::S3::Object.new(aws_bucket.object(object_key))
           end
@@ -178,7 +189,7 @@ module Swa
 
           subcommand ["list", "ls"], "One-line summary" do
 
-            option %w(-R --recursive), :flag, "list recursively"
+            option %w[-R --recursive], :flag, "list recursively"
 
             def execute
               delimiter = "/" unless recursive?
@@ -210,8 +221,6 @@ module Swa
 
           end
 
-          protected
-
           def objects
             bucket.objects(prefix: prefix)
           end
@@ -255,10 +264,8 @@ module Swa
 
           end
 
-          protected
-
           def versions
-            bucket.object_versions(:prefix => prefix)
+            bucket.object_versions(prefix: prefix)
           end
 
         end
@@ -314,4 +321,5 @@ module Swa
     end
 
   end
+
 end

data/lib/swa/cli/selector.rb

@@ -1,4 +1,7 @@
+# frozen_string_literal: true
+
 module Swa
+
   module CLI
 
     class Selector
@@ -28,4 +31,5 @@ module Swa
     end
 
   end
+
 end