terraspace_plugin_aws 0.3.4 → 0.3.5
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +4 -0
- data/lib/terraspace_plugin_aws/interfaces/backend/bucket/secure.rb +1 -0
- data/lib/terraspace_plugin_aws/interfaces/backend/bucket/tagging.rb +44 -0
- data/lib/terraspace_plugin_aws/interfaces/backend/bucket.rb +8 -2
- data/lib/terraspace_plugin_aws/interfaces/backend/table.rb +26 -0
- data/lib/terraspace_plugin_aws/interfaces/config.rb +7 -2
- data/lib/terraspace_plugin_aws/version.rb +1 -1
- data/terraspace_plugin_aws.gemspec +1 -1
- metadata +6 -5
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: c20f17d758fbb6924ceece1c1bbc16ec17e3eba0fa8a0a6fa4d644b9875579b6
|
4
|
+
data.tar.gz: 73b7f625a5f84f7252206717523807c7607ac4a4fe6f6572cfd01e7110641b38
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 39978c0db0055dba8dc59246b9da3dd20c469daf36805526f4b2c0c051425dd6dbf0be054812de9e7ae0c32b31657222225ae039915ddc3ef11aab657d9adbb9
|
7
|
+
data.tar.gz: ff11fee1dec2508d941dacd4f727ad362802285aca20ac2b0aa9cc87a034e0d287f9f10db3816e330958025e608fdeff45720b543047f1d3fe5fe52f5f305fb1
|
data/CHANGELOG.md
CHANGED
@@ -3,6 +3,10 @@
|
|
3
3
|
All notable changes to this project will be documented in this file.
|
4
4
|
This project *loosely tries* to adhere to [Semantic Versioning](http://semver.org/).
|
5
5
|
|
6
|
+
## [0.3.5] - 2021-12-30
|
7
|
+
- [#15](https://github.com/boltops-tools/terraspace_plugin_aws/pull/15) block public access support
|
8
|
+
- [#16](https://github.com/boltops-tools/terraspace_plugin_aws/pull/16) tagging support for s3 bucket and dynamodb table
|
9
|
+
|
6
10
|
## [0.3.4] - 2021-12-30
|
7
11
|
- [#13](https://github.com/boltops-tools/terraspace_plugin_aws/pull/13) check aws setup and provide friendly message
|
8
12
|
- [#14](https://github.com/boltops-tools/terraspace_plugin_aws/pull/14) fix aws_secret helper
|
@@ -31,6 +31,7 @@ class TerraspacePluginAws::Interfaces::Backend::Bucket
|
|
31
31
|
S3Secure::Versioning::Enable.new(options).run if c.versioning
|
32
32
|
S3Secure::Lifecycle::Add.new(options).run if c.lifecycle
|
33
33
|
S3Secure::AccessLogs::Enable.new(options).run if c.access_logging
|
34
|
+
S3Secure::PublicAccess::Block.new(options).run if c.block_public_access
|
34
35
|
rescue Aws::S3::Errors::AccessDenied => e
|
35
36
|
@@retries += 1
|
36
37
|
retry unless @@retries > 1
|
@@ -0,0 +1,44 @@
|
|
1
|
+
class TerraspacePluginAws::Interfaces::Backend::Bucket
|
2
|
+
class Tagging
|
3
|
+
include TerraspacePluginAws::Clients
|
4
|
+
include TerraspacePluginAws::Logging
|
5
|
+
|
6
|
+
def initialize(bucket)
|
7
|
+
@bucket = bucket
|
8
|
+
end
|
9
|
+
|
10
|
+
def tag
|
11
|
+
return if tagging.nil? || tagging[:tag_set].empty? # safeguard: dont overwrite current tags
|
12
|
+
s3.put_bucket_tagging(bucket: @bucket, tagging: tagging)
|
13
|
+
end
|
14
|
+
|
15
|
+
# Merges existing tag_set structure so always appends tags, wont remove tags.
|
16
|
+
# This behavior is consistent with the dynamodb tagging.
|
17
|
+
#
|
18
|
+
# Example return:
|
19
|
+
#
|
20
|
+
# {
|
21
|
+
# tag_set: [
|
22
|
+
# { key: "Key1", value: "Value1" },
|
23
|
+
# { key: "Key2", value: "Value2" },
|
24
|
+
# ],
|
25
|
+
# }
|
26
|
+
#
|
27
|
+
def tagging
|
28
|
+
c = TerraspacePluginAws::Interfaces::Config.instance.config
|
29
|
+
tags = !c.s3.tags.empty? ? c.s3.tags : c.tags
|
30
|
+
tag_set = tags.map do |k,v|
|
31
|
+
{key: k.to_s, value: v}
|
32
|
+
end
|
33
|
+
return if tag_set == existing_tagging[:tag_set] # return nil so we can avoid the put_bucket_tagging call
|
34
|
+
tag_set += existing_tagging[:tag_set]
|
35
|
+
{ tag_set: tag_set }
|
36
|
+
end
|
37
|
+
|
38
|
+
def existing_tagging
|
39
|
+
s3.get_bucket_tagging(bucket: @bucket).to_h
|
40
|
+
rescue Aws::S3::Errors::NoSuchTagSet
|
41
|
+
{tag_set: []} # normalize return structure
|
42
|
+
end
|
43
|
+
end
|
44
|
+
end
|
@@ -10,12 +10,14 @@ class TerraspacePluginAws::Interfaces::Backend
|
|
10
10
|
end
|
11
11
|
if exist?(bucket)
|
12
12
|
logger.debug "Bucket already exist: #{bucket}"
|
13
|
-
c = TerraspacePluginAws::Interfaces::Config.instance.config
|
14
|
-
secure(bucket) if c.secure_existing
|
13
|
+
c = TerraspacePluginAws::Interfaces::Config.instance.config
|
14
|
+
secure(bucket) if c.s3.secure_existing
|
15
|
+
tag(bucket) if c.tag_existing
|
15
16
|
else
|
16
17
|
logger.info "Creating bucket: #{bucket}"
|
17
18
|
s3.create_bucket(bucket: bucket)
|
18
19
|
secure(bucket)
|
20
|
+
tag(bucket)
|
19
21
|
end
|
20
22
|
end
|
21
23
|
|
@@ -30,5 +32,9 @@ class TerraspacePluginAws::Interfaces::Backend
|
|
30
32
|
logger.error "Bucket might be owned by someone else or is on another one of your AWS accounts."
|
31
33
|
exit 1
|
32
34
|
end
|
35
|
+
|
36
|
+
def tag(bucket)
|
37
|
+
Tagging.new(@info["bucket"]).tag
|
38
|
+
end
|
33
39
|
end
|
34
40
|
end
|
@@ -6,6 +6,8 @@ class TerraspacePluginAws::Interfaces::Backend
|
|
6
6
|
|
7
7
|
if exist?(table)
|
8
8
|
logger.debug "Table already exist: #{table}"
|
9
|
+
c = TerraspacePluginAws::Interfaces::Config.instance.config
|
10
|
+
tag_existing(table) if c.tag_existing
|
9
11
|
else
|
10
12
|
logger.info "Creating dynamodb table: #{table}"
|
11
13
|
create_table(table)
|
@@ -36,6 +38,7 @@ class TerraspacePluginAws::Interfaces::Backend
|
|
36
38
|
table_name: name,
|
37
39
|
}
|
38
40
|
secure(definition)
|
41
|
+
tag(definition)
|
39
42
|
definition
|
40
43
|
end
|
41
44
|
|
@@ -64,6 +67,29 @@ class TerraspacePluginAws::Interfaces::Backend
|
|
64
67
|
definition
|
65
68
|
end
|
66
69
|
|
70
|
+
def tag(definition)
|
71
|
+
definition[:tags] = tags unless tags.empty?
|
72
|
+
end
|
73
|
+
|
74
|
+
def tag_existing(table_name)
|
75
|
+
return if tags.empty?
|
76
|
+
resp = dynamodb.describe_table(table_name: table_name)
|
77
|
+
# Always appends tags, wont remove tags.
|
78
|
+
dynamodb.tag_resource(
|
79
|
+
resource_arn: resp.table.table_arn,
|
80
|
+
tags: tags
|
81
|
+
)
|
82
|
+
end
|
83
|
+
|
84
|
+
def tags
|
85
|
+
c = TerraspacePluginAws::Interfaces::Config.instance.config
|
86
|
+
tags = !c.dynamodb.tags.empty? ? c.dynamodb.tags : c.tags
|
87
|
+
# Note there is no map! method for Hash
|
88
|
+
tags = tags.map do |k,v|
|
89
|
+
{key: k.to_s, value: v}
|
90
|
+
end
|
91
|
+
end
|
92
|
+
|
67
93
|
def exist?(name)
|
68
94
|
dynamodb.describe_table(table_name: name)
|
69
95
|
true # table exist
|
@@ -14,19 +14,24 @@ module TerraspacePluginAws::Interfaces
|
|
14
14
|
c = ActiveSupport::OrderedOptions.new
|
15
15
|
|
16
16
|
c.auto_create = true
|
17
|
+
c.tags = {} # can set tags for both s3 bucket and dynamodb table with this config
|
18
|
+
c.tag_existing = true
|
17
19
|
|
18
20
|
c.s3 = ActiveSupport::OrderedOptions.new
|
21
|
+
c.s3.access_logging = false
|
22
|
+
c.s3.block_public_access = true
|
19
23
|
c.s3.encryption = true
|
20
24
|
c.s3.enforce_ssl = true
|
21
|
-
c.s3.versioning = true
|
22
25
|
c.s3.lifecycle = true
|
23
|
-
c.s3.
|
26
|
+
c.s3.versioning = true
|
24
27
|
c.s3.secure_existing = false # run the security controls on existing buckets. by default, only run on newly created bucket the first time
|
28
|
+
c.s3.tags = {} # cannot assign to c.tags here because it's a copy
|
25
29
|
|
26
30
|
c.dynamodb = ActiveSupport::OrderedOptions.new
|
27
31
|
c.dynamodb.encryption = true
|
28
32
|
c.dynamodb.kms_master_key_id = nil
|
29
33
|
c.dynamodb.sse_type = "KMS"
|
34
|
+
c.dynamodb.tags = {} # cannot assign to c.tags here because it's a copy
|
30
35
|
|
31
36
|
c
|
32
37
|
end
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: terraspace_plugin_aws
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.3.
|
4
|
+
version: 0.3.5
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Tung Nguyen
|
@@ -98,16 +98,16 @@ dependencies:
|
|
98
98
|
name: s3-secure
|
99
99
|
requirement: !ruby/object:Gem::Requirement
|
100
100
|
requirements:
|
101
|
-
- - "
|
101
|
+
- - "~>"
|
102
102
|
- !ruby/object:Gem::Version
|
103
|
-
version:
|
103
|
+
version: 0.6.1
|
104
104
|
type: :runtime
|
105
105
|
prerelease: false
|
106
106
|
version_requirements: !ruby/object:Gem::Requirement
|
107
107
|
requirements:
|
108
|
-
- - "
|
108
|
+
- - "~>"
|
109
109
|
- !ruby/object:Gem::Version
|
110
|
-
version:
|
110
|
+
version: 0.6.1
|
111
111
|
- !ruby/object:Gem::Dependency
|
112
112
|
name: zeitwerk
|
113
113
|
requirement: !ruby/object:Gem::Requirement
|
@@ -172,6 +172,7 @@ files:
|
|
172
172
|
- lib/terraspace_plugin_aws/interfaces/backend/base.rb
|
173
173
|
- lib/terraspace_plugin_aws/interfaces/backend/bucket.rb
|
174
174
|
- lib/terraspace_plugin_aws/interfaces/backend/bucket/secure.rb
|
175
|
+
- lib/terraspace_plugin_aws/interfaces/backend/bucket/tagging.rb
|
175
176
|
- lib/terraspace_plugin_aws/interfaces/backend/setup.rb
|
176
177
|
- lib/terraspace_plugin_aws/interfaces/backend/table.rb
|
177
178
|
- lib/terraspace_plugin_aws/interfaces/config.rb
|