RubyGems - terraspace_plugin_aws - Versions diffs - 0.3.4 → 0.3.5 - Mend

terraspace_plugin_aws 0.3.4 → 0.3.5

Files changed (10) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +4 -0
data/lib/terraspace_plugin_aws/interfaces/backend/bucket/secure.rb +1 -0
data/lib/terraspace_plugin_aws/interfaces/backend/bucket/tagging.rb +44 -0
data/lib/terraspace_plugin_aws/interfaces/backend/bucket.rb +8 -2
data/lib/terraspace_plugin_aws/interfaces/backend/table.rb +26 -0
data/lib/terraspace_plugin_aws/interfaces/config.rb +7 -2
data/lib/terraspace_plugin_aws/version.rb +1 -1
data/terraspace_plugin_aws.gemspec +1 -1
metadata +6 -5

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: a734d60b2713b55bfaf56b012c3f9a496524ea91e9d929de9390c50748cb6eac
-  data.tar.gz: 7e7ff81c606f4dab49c37bb217efc676c58c522ceb49a6b95e7b06e398040687
+  metadata.gz: c20f17d758fbb6924ceece1c1bbc16ec17e3eba0fa8a0a6fa4d644b9875579b6
+  data.tar.gz: 73b7f625a5f84f7252206717523807c7607ac4a4fe6f6572cfd01e7110641b38
 SHA512:
-  metadata.gz: 99a83edd45b95fbafbce17c2c7a992524176d1335754404716d1d2546ac311baf5010a8e5e3204fd0153e1d718374dda895834947d3d1fb064581e5396df260b
-  data.tar.gz: b0f16167fbf2cfa375b487993540072e757c17cbfe1781e4476f6a680fa69c8757e501adc67aea9099e32b4c0e1bfab3352c72c0162592479c3c11ef3c694fda
+  metadata.gz: 39978c0db0055dba8dc59246b9da3dd20c469daf36805526f4b2c0c051425dd6dbf0be054812de9e7ae0c32b31657222225ae039915ddc3ef11aab657d9adbb9
+  data.tar.gz: ff11fee1dec2508d941dacd4f727ad362802285aca20ac2b0aa9cc87a034e0d287f9f10db3816e330958025e608fdeff45720b543047f1d3fe5fe52f5f305fb1

data/CHANGELOG.md CHANGED Viewed

@@ -3,6 +3,10 @@
 All notable changes to this project will be documented in this file.
 This project *loosely tries* to adhere to [Semantic Versioning](http://semver.org/).
+## [0.3.5] - 2021-12-30
+- [#15](https://github.com/boltops-tools/terraspace_plugin_aws/pull/15) block public access support
+- [#16](https://github.com/boltops-tools/terraspace_plugin_aws/pull/16) tagging support for s3 bucket and dynamodb table
 ## [0.3.4] - 2021-12-30
 - [#13](https://github.com/boltops-tools/terraspace_plugin_aws/pull/13) check aws setup and provide friendly message
 - [#14](https://github.com/boltops-tools/terraspace_plugin_aws/pull/14) fix aws_secret helper

data/lib/terraspace_plugin_aws/interfaces/backend/bucket/secure.rb CHANGED Viewed

@@ -31,6 +31,7 @@ class TerraspacePluginAws::Interfaces::Backend::Bucket
       S3Secure::Versioning::Enable.new(options).run if c.versioning
       S3Secure::Lifecycle::Add.new(options).run if c.lifecycle
       S3Secure::AccessLogs::Enable.new(options).run if c.access_logging
+      S3Secure::PublicAccess::Block.new(options).run if c.block_public_access
     rescue Aws::S3::Errors::AccessDenied => e
       @@retries += 1
       retry unless @@retries > 1

data/lib/terraspace_plugin_aws/interfaces/backend/bucket/tagging.rb ADDED Viewed

@@ -0,0 +1,44 @@
+class TerraspacePluginAws::Interfaces::Backend::Bucket
+  class Tagging
+    include TerraspacePluginAws::Clients
+    include TerraspacePluginAws::Logging
+    def initialize(bucket)
+      @bucket = bucket
+    end
+    def tag
+      return if tagging.nil? || tagging[:tag_set].empty? # safeguard: dont overwrite current tags
+      s3.put_bucket_tagging(bucket: @bucket, tagging: tagging)
+    end
+    # Merges existing tag_set structure so always appends tags, wont remove tags.
+    # This behavior is consistent with the dynamodb tagging.
+    #
+    # Example return:
+    #
+    #     {
+    #       tag_set: [
+    #         { key: "Key1", value: "Value1" },
+    #         { key: "Key2", value: "Value2" },
+    #       ],
+    #     }
+    #
+    def tagging
+      c = TerraspacePluginAws::Interfaces::Config.instance.config
+      tags = !c.s3.tags.empty? ? c.s3.tags : c.tags
+      tag_set = tags.map do |k,v|
+        {key: k.to_s, value: v}
+      end
+      return if tag_set == existing_tagging[:tag_set] # return nil so we can avoid the put_bucket_tagging call
+      tag_set += existing_tagging[:tag_set]
+      { tag_set: tag_set }
+    end
+    def existing_tagging
+      s3.get_bucket_tagging(bucket: @bucket).to_h
+    rescue Aws::S3::Errors::NoSuchTagSet
+      {tag_set: []} # normalize return structure
+    end
+  end
+end

data/lib/terraspace_plugin_aws/interfaces/backend/bucket.rb CHANGED Viewed

@@ -10,12 +10,14 @@ class TerraspacePluginAws::Interfaces::Backend
       end
       if exist?(bucket)
         logger.debug "Bucket already exist: #{bucket}"
-        c = TerraspacePluginAws::Interfaces::Config.instance.config.s3
-        secure(bucket) if c.secure_existing
+        c = TerraspacePluginAws::Interfaces::Config.instance.config
+        secure(bucket) if c.s3.secure_existing
+        tag(bucket) if c.tag_existing
       else
         logger.info "Creating bucket: #{bucket}"
         s3.create_bucket(bucket: bucket)
         secure(bucket)
+        tag(bucket)
       end
     end
@@ -30,5 +32,9 @@ class TerraspacePluginAws::Interfaces::Backend
       logger.error "Bucket might be owned by someone else or is on another one of your AWS accounts."
       exit 1
     end
+    def tag(bucket)
+      Tagging.new(@info["bucket"]).tag
+    end
   end
 end

data/lib/terraspace_plugin_aws/interfaces/backend/table.rb CHANGED Viewed

@@ -6,6 +6,8 @@ class TerraspacePluginAws::Interfaces::Backend
       if exist?(table)
         logger.debug "Table already exist: #{table}"
+        c = TerraspacePluginAws::Interfaces::Config.instance.config
+        tag_existing(table) if c.tag_existing
       else
         logger.info "Creating dynamodb table: #{table}"
         create_table(table)
@@ -36,6 +38,7 @@ class TerraspacePluginAws::Interfaces::Backend
         table_name: name,
       }
       secure(definition)
+      tag(definition)
       definition
     end
@@ -64,6 +67,29 @@ class TerraspacePluginAws::Interfaces::Backend
       definition
     end
+    def tag(definition)
+      definition[:tags] = tags unless tags.empty?
+    end
+    def tag_existing(table_name)
+      return if tags.empty?
+      resp = dynamodb.describe_table(table_name: table_name)
+      # Always appends tags, wont remove tags.
+      dynamodb.tag_resource(
+        resource_arn: resp.table.table_arn,
+        tags: tags
+      )
+    end
+    def tags
+      c = TerraspacePluginAws::Interfaces::Config.instance.config
+      tags = !c.dynamodb.tags.empty? ? c.dynamodb.tags : c.tags
+      # Note there is no map! method for Hash
+      tags = tags.map do |k,v|
+        {key: k.to_s, value: v}
+      end
+    end
     def exist?(name)
       dynamodb.describe_table(table_name: name)
       true  # table exist

data/lib/terraspace_plugin_aws/interfaces/config.rb CHANGED Viewed

@@ -14,19 +14,24 @@ module TerraspacePluginAws::Interfaces
       c = ActiveSupport::OrderedOptions.new
       c.auto_create = true
+      c.tags = {} # can set tags for both s3 bucket and dynamodb table with this config
+      c.tag_existing = true
       c.s3 = ActiveSupport::OrderedOptions.new
+      c.s3.access_logging = false
+      c.s3.block_public_access = true
       c.s3.encryption = true
       c.s3.enforce_ssl = true
-      c.s3.versioning = true
       c.s3.lifecycle = true
-      c.s3.access_logging = false
+      c.s3.versioning = true
       c.s3.secure_existing = false # run the security controls on existing buckets. by default, only run on newly created bucket the first time
+      c.s3.tags = {} # cannot assign to c.tags here because it's a copy
       c.dynamodb = ActiveSupport::OrderedOptions.new
       c.dynamodb.encryption = true
       c.dynamodb.kms_master_key_id = nil
       c.dynamodb.sse_type = "KMS"
+      c.dynamodb.tags = {} # cannot assign to c.tags here because it's a copy
       c
     end

data/lib/terraspace_plugin_aws/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module TerraspacePluginAws
-  VERSION = "0.3.4"
+  VERSION = "0.3.5"
 end

data/terraspace_plugin_aws.gemspec CHANGED Viewed

@@ -28,6 +28,6 @@ Gem::Specification.new do |spec|
   spec.add_dependency "aws-sdk-ssm"
   spec.add_dependency "aws_data"
   spec.add_dependency "memoist"
-  spec.add_dependency "s3-secure"
+  spec.add_dependency "s3-secure", "~> 0.6.1"
   spec.add_dependency "zeitwerk"
 end

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: terraspace_plugin_aws
 version: !ruby/object:Gem::Version
-  version: 0.3.4
+  version: 0.3.5
 platform: ruby
 authors:
 - Tung Nguyen
@@ -98,16 +98,16 @@ dependencies:
   name: s3-secure
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 0.6.1
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - ">="
+    - - "~>"
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 0.6.1
 - !ruby/object:Gem::Dependency
   name: zeitwerk
   requirement: !ruby/object:Gem::Requirement
@@ -172,6 +172,7 @@ files:
 - lib/terraspace_plugin_aws/interfaces/backend/base.rb
 - lib/terraspace_plugin_aws/interfaces/backend/bucket.rb
 - lib/terraspace_plugin_aws/interfaces/backend/bucket/secure.rb
+- lib/terraspace_plugin_aws/interfaces/backend/bucket/tagging.rb
 - lib/terraspace_plugin_aws/interfaces/backend/setup.rb
 - lib/terraspace_plugin_aws/interfaces/backend/table.rb
 - lib/terraspace_plugin_aws/interfaces/config.rb