terraspace_plugin_aws 0.3.4 → 0.3.5
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +4 -0
- data/lib/terraspace_plugin_aws/interfaces/backend/bucket/secure.rb +1 -0
- data/lib/terraspace_plugin_aws/interfaces/backend/bucket/tagging.rb +44 -0
- data/lib/terraspace_plugin_aws/interfaces/backend/bucket.rb +8 -2
- data/lib/terraspace_plugin_aws/interfaces/backend/table.rb +26 -0
- data/lib/terraspace_plugin_aws/interfaces/config.rb +7 -2
- data/lib/terraspace_plugin_aws/version.rb +1 -1
- data/terraspace_plugin_aws.gemspec +1 -1
- metadata +6 -5
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: c20f17d758fbb6924ceece1c1bbc16ec17e3eba0fa8a0a6fa4d644b9875579b6
|
|
4
|
+
data.tar.gz: 73b7f625a5f84f7252206717523807c7607ac4a4fe6f6572cfd01e7110641b38
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 39978c0db0055dba8dc59246b9da3dd20c469daf36805526f4b2c0c051425dd6dbf0be054812de9e7ae0c32b31657222225ae039915ddc3ef11aab657d9adbb9
|
|
7
|
+
data.tar.gz: ff11fee1dec2508d941dacd4f727ad362802285aca20ac2b0aa9cc87a034e0d287f9f10db3816e330958025e608fdeff45720b543047f1d3fe5fe52f5f305fb1
|
data/CHANGELOG.md
CHANGED
|
@@ -3,6 +3,10 @@
|
|
|
3
3
|
All notable changes to this project will be documented in this file.
|
|
4
4
|
This project *loosely tries* to adhere to [Semantic Versioning](http://semver.org/).
|
|
5
5
|
|
|
6
|
+
## [0.3.5] - 2021-12-30
|
|
7
|
+
- [#15](https://github.com/boltops-tools/terraspace_plugin_aws/pull/15) block public access support
|
|
8
|
+
- [#16](https://github.com/boltops-tools/terraspace_plugin_aws/pull/16) tagging support for s3 bucket and dynamodb table
|
|
9
|
+
|
|
6
10
|
## [0.3.4] - 2021-12-30
|
|
7
11
|
- [#13](https://github.com/boltops-tools/terraspace_plugin_aws/pull/13) check aws setup and provide friendly message
|
|
8
12
|
- [#14](https://github.com/boltops-tools/terraspace_plugin_aws/pull/14) fix aws_secret helper
|
|
@@ -31,6 +31,7 @@ class TerraspacePluginAws::Interfaces::Backend::Bucket
|
|
|
31
31
|
S3Secure::Versioning::Enable.new(options).run if c.versioning
|
|
32
32
|
S3Secure::Lifecycle::Add.new(options).run if c.lifecycle
|
|
33
33
|
S3Secure::AccessLogs::Enable.new(options).run if c.access_logging
|
|
34
|
+
S3Secure::PublicAccess::Block.new(options).run if c.block_public_access
|
|
34
35
|
rescue Aws::S3::Errors::AccessDenied => e
|
|
35
36
|
@@retries += 1
|
|
36
37
|
retry unless @@retries > 1
|
|
@@ -0,0 +1,44 @@
|
|
|
1
|
+
class TerraspacePluginAws::Interfaces::Backend::Bucket
|
|
2
|
+
class Tagging
|
|
3
|
+
include TerraspacePluginAws::Clients
|
|
4
|
+
include TerraspacePluginAws::Logging
|
|
5
|
+
|
|
6
|
+
def initialize(bucket)
|
|
7
|
+
@bucket = bucket
|
|
8
|
+
end
|
|
9
|
+
|
|
10
|
+
def tag
|
|
11
|
+
return if tagging.nil? || tagging[:tag_set].empty? # safeguard: dont overwrite current tags
|
|
12
|
+
s3.put_bucket_tagging(bucket: @bucket, tagging: tagging)
|
|
13
|
+
end
|
|
14
|
+
|
|
15
|
+
# Merges existing tag_set structure so always appends tags, wont remove tags.
|
|
16
|
+
# This behavior is consistent with the dynamodb tagging.
|
|
17
|
+
#
|
|
18
|
+
# Example return:
|
|
19
|
+
#
|
|
20
|
+
# {
|
|
21
|
+
# tag_set: [
|
|
22
|
+
# { key: "Key1", value: "Value1" },
|
|
23
|
+
# { key: "Key2", value: "Value2" },
|
|
24
|
+
# ],
|
|
25
|
+
# }
|
|
26
|
+
#
|
|
27
|
+
def tagging
|
|
28
|
+
c = TerraspacePluginAws::Interfaces::Config.instance.config
|
|
29
|
+
tags = !c.s3.tags.empty? ? c.s3.tags : c.tags
|
|
30
|
+
tag_set = tags.map do |k,v|
|
|
31
|
+
{key: k.to_s, value: v}
|
|
32
|
+
end
|
|
33
|
+
return if tag_set == existing_tagging[:tag_set] # return nil so we can avoid the put_bucket_tagging call
|
|
34
|
+
tag_set += existing_tagging[:tag_set]
|
|
35
|
+
{ tag_set: tag_set }
|
|
36
|
+
end
|
|
37
|
+
|
|
38
|
+
def existing_tagging
|
|
39
|
+
s3.get_bucket_tagging(bucket: @bucket).to_h
|
|
40
|
+
rescue Aws::S3::Errors::NoSuchTagSet
|
|
41
|
+
{tag_set: []} # normalize return structure
|
|
42
|
+
end
|
|
43
|
+
end
|
|
44
|
+
end
|
|
@@ -10,12 +10,14 @@ class TerraspacePluginAws::Interfaces::Backend
|
|
|
10
10
|
end
|
|
11
11
|
if exist?(bucket)
|
|
12
12
|
logger.debug "Bucket already exist: #{bucket}"
|
|
13
|
-
c = TerraspacePluginAws::Interfaces::Config.instance.config
|
|
14
|
-
secure(bucket) if c.secure_existing
|
|
13
|
+
c = TerraspacePluginAws::Interfaces::Config.instance.config
|
|
14
|
+
secure(bucket) if c.s3.secure_existing
|
|
15
|
+
tag(bucket) if c.tag_existing
|
|
15
16
|
else
|
|
16
17
|
logger.info "Creating bucket: #{bucket}"
|
|
17
18
|
s3.create_bucket(bucket: bucket)
|
|
18
19
|
secure(bucket)
|
|
20
|
+
tag(bucket)
|
|
19
21
|
end
|
|
20
22
|
end
|
|
21
23
|
|
|
@@ -30,5 +32,9 @@ class TerraspacePluginAws::Interfaces::Backend
|
|
|
30
32
|
logger.error "Bucket might be owned by someone else or is on another one of your AWS accounts."
|
|
31
33
|
exit 1
|
|
32
34
|
end
|
|
35
|
+
|
|
36
|
+
def tag(bucket)
|
|
37
|
+
Tagging.new(@info["bucket"]).tag
|
|
38
|
+
end
|
|
33
39
|
end
|
|
34
40
|
end
|
|
@@ -6,6 +6,8 @@ class TerraspacePluginAws::Interfaces::Backend
|
|
|
6
6
|
|
|
7
7
|
if exist?(table)
|
|
8
8
|
logger.debug "Table already exist: #{table}"
|
|
9
|
+
c = TerraspacePluginAws::Interfaces::Config.instance.config
|
|
10
|
+
tag_existing(table) if c.tag_existing
|
|
9
11
|
else
|
|
10
12
|
logger.info "Creating dynamodb table: #{table}"
|
|
11
13
|
create_table(table)
|
|
@@ -36,6 +38,7 @@ class TerraspacePluginAws::Interfaces::Backend
|
|
|
36
38
|
table_name: name,
|
|
37
39
|
}
|
|
38
40
|
secure(definition)
|
|
41
|
+
tag(definition)
|
|
39
42
|
definition
|
|
40
43
|
end
|
|
41
44
|
|
|
@@ -64,6 +67,29 @@ class TerraspacePluginAws::Interfaces::Backend
|
|
|
64
67
|
definition
|
|
65
68
|
end
|
|
66
69
|
|
|
70
|
+
def tag(definition)
|
|
71
|
+
definition[:tags] = tags unless tags.empty?
|
|
72
|
+
end
|
|
73
|
+
|
|
74
|
+
def tag_existing(table_name)
|
|
75
|
+
return if tags.empty?
|
|
76
|
+
resp = dynamodb.describe_table(table_name: table_name)
|
|
77
|
+
# Always appends tags, wont remove tags.
|
|
78
|
+
dynamodb.tag_resource(
|
|
79
|
+
resource_arn: resp.table.table_arn,
|
|
80
|
+
tags: tags
|
|
81
|
+
)
|
|
82
|
+
end
|
|
83
|
+
|
|
84
|
+
def tags
|
|
85
|
+
c = TerraspacePluginAws::Interfaces::Config.instance.config
|
|
86
|
+
tags = !c.dynamodb.tags.empty? ? c.dynamodb.tags : c.tags
|
|
87
|
+
# Note there is no map! method for Hash
|
|
88
|
+
tags = tags.map do |k,v|
|
|
89
|
+
{key: k.to_s, value: v}
|
|
90
|
+
end
|
|
91
|
+
end
|
|
92
|
+
|
|
67
93
|
def exist?(name)
|
|
68
94
|
dynamodb.describe_table(table_name: name)
|
|
69
95
|
true # table exist
|
|
@@ -14,19 +14,24 @@ module TerraspacePluginAws::Interfaces
|
|
|
14
14
|
c = ActiveSupport::OrderedOptions.new
|
|
15
15
|
|
|
16
16
|
c.auto_create = true
|
|
17
|
+
c.tags = {} # can set tags for both s3 bucket and dynamodb table with this config
|
|
18
|
+
c.tag_existing = true
|
|
17
19
|
|
|
18
20
|
c.s3 = ActiveSupport::OrderedOptions.new
|
|
21
|
+
c.s3.access_logging = false
|
|
22
|
+
c.s3.block_public_access = true
|
|
19
23
|
c.s3.encryption = true
|
|
20
24
|
c.s3.enforce_ssl = true
|
|
21
|
-
c.s3.versioning = true
|
|
22
25
|
c.s3.lifecycle = true
|
|
23
|
-
c.s3.
|
|
26
|
+
c.s3.versioning = true
|
|
24
27
|
c.s3.secure_existing = false # run the security controls on existing buckets. by default, only run on newly created bucket the first time
|
|
28
|
+
c.s3.tags = {} # cannot assign to c.tags here because it's a copy
|
|
25
29
|
|
|
26
30
|
c.dynamodb = ActiveSupport::OrderedOptions.new
|
|
27
31
|
c.dynamodb.encryption = true
|
|
28
32
|
c.dynamodb.kms_master_key_id = nil
|
|
29
33
|
c.dynamodb.sse_type = "KMS"
|
|
34
|
+
c.dynamodb.tags = {} # cannot assign to c.tags here because it's a copy
|
|
30
35
|
|
|
31
36
|
c
|
|
32
37
|
end
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: terraspace_plugin_aws
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.3.
|
|
4
|
+
version: 0.3.5
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Tung Nguyen
|
|
@@ -98,16 +98,16 @@ dependencies:
|
|
|
98
98
|
name: s3-secure
|
|
99
99
|
requirement: !ruby/object:Gem::Requirement
|
|
100
100
|
requirements:
|
|
101
|
-
- - "
|
|
101
|
+
- - "~>"
|
|
102
102
|
- !ruby/object:Gem::Version
|
|
103
|
-
version:
|
|
103
|
+
version: 0.6.1
|
|
104
104
|
type: :runtime
|
|
105
105
|
prerelease: false
|
|
106
106
|
version_requirements: !ruby/object:Gem::Requirement
|
|
107
107
|
requirements:
|
|
108
|
-
- - "
|
|
108
|
+
- - "~>"
|
|
109
109
|
- !ruby/object:Gem::Version
|
|
110
|
-
version:
|
|
110
|
+
version: 0.6.1
|
|
111
111
|
- !ruby/object:Gem::Dependency
|
|
112
112
|
name: zeitwerk
|
|
113
113
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -172,6 +172,7 @@ files:
|
|
|
172
172
|
- lib/terraspace_plugin_aws/interfaces/backend/base.rb
|
|
173
173
|
- lib/terraspace_plugin_aws/interfaces/backend/bucket.rb
|
|
174
174
|
- lib/terraspace_plugin_aws/interfaces/backend/bucket/secure.rb
|
|
175
|
+
- lib/terraspace_plugin_aws/interfaces/backend/bucket/tagging.rb
|
|
175
176
|
- lib/terraspace_plugin_aws/interfaces/backend/setup.rb
|
|
176
177
|
- lib/terraspace_plugin_aws/interfaces/backend/table.rb
|
|
177
178
|
- lib/terraspace_plugin_aws/interfaces/config.rb
|