RubyGems - trusted-advisor-status - Versions diffs - 0.0.1 - Mend

trusted-advisor-status 0.0.1

Files changed (8) hide show

checksums.yaml +7 -0
data/bin/trusted-advisor-status +15 -0
data/bin/wipe-trusted-advisor-history +9 -0
data/lib/hash_util.rb +23 -0
data/lib/results_dao.rb +84 -0
data/lib/results_differencer.rb +69 -0
data/lib/trusted_advisor_status.rb +135 -0
metadata +80 -0

checksums.yaml ADDED Viewed

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 629b80755ac7f3bb7ddf9f9a28495c274a0ecd14
+  data.tar.gz: f8335b6cc73fe74e0e45c556fdf9f3d4751d18e9
+SHA512:
+  metadata.gz: 1337b5c13fa5ce08df3638123367a1473489df23cf53828327bba5fcad2519415c89018a088c315369a22a48063189906e2a537d22d9347d2aec40cdb45c7916
+  data.tar.gz: ae6ca68c5c3305b2b2a3e1e7c86ecae36e198ee1b35d004196ad5b4adc44671ab195ccb0e738134b0602370a8119034613c29653904776413f4b49c7b1d897de

data/bin/trusted-advisor-status ADDED Viewed

@@ -0,0 +1,15 @@
+#!/usr/bin/env ruby
+require 'trollop'
+require 'trusted_advisor_status'
+opts = Trollop::options do
+  opt :categories, '', type: :strings, required: false, default: %w(security performance)
+  opt :fail_on_warn, '', type: :boolean, required: false, default: false, conflicts: :fail_on_error
+  opt :fail_on_error, '', type: :boolean, required: false, default: false, conflicts: :fail_on_warn
+  opt :delta_name, 'Given a name here, the results will be the delta of results already stored against the name', type: :string, required: false
+end
+exit TrustedAdvisorStatus.new.check_status categories: opts[:categories],
+                                           fail_on_warn: opts[:fail_on_warn],
+                                           fail_on_error: opts[:fail_on_error],
+                                           delta_name: opts[:delta_name]

data/bin/wipe-trusted-advisor-history ADDED Viewed

@@ -0,0 +1,9 @@
+#!/usr/bin/env ruby
+require 'trollop'
+require 'results_dao'
+opts = Trollop::options do
+  opt :delta_name, 'Given a name here, the results will be the delta of results already stored against the name', type: :string, required: true
+end
+ResultsDAO.new.nuke_results opts[:delta_name]

data/lib/hash_util.rb ADDED Viewed

@@ -0,0 +1,23 @@
+module HashUtil
+  def self.stringify_keys(hash)
+    new_hash = {}
+    hash.each do |k,v|
+      if v.is_a? Hash
+        new_hash[k.to_s] = stringify_keys(v)
+      elsif v.is_a? Array
+        new_array = v.map do |element|
+          if element.is_a? Hash
+            stringify_keys(element)
+          else
+            element
+          end
+        end
+        new_hash[k.to_s] = new_array
+      else
+        new_hash[k.to_s] = v
+      end
+    end
+    new_hash
+  end
+end

data/lib/results_dao.rb ADDED Viewed

@@ -0,0 +1,84 @@
+require 'aws-sdk'
+class ResultsDAO
+  def nuke_results(delta_name)
+    table = dynamo_db.table(delta_name)
+    table.delete
+    client.wait_until(:table_not_exists, table_name: delta_name)
+  end
+  def retrieve_prior_results(delta_name:)
+    if table_exists? delta_name
+      table = dynamo_db.table(delta_name)
+      item_response = table.get_item key: {
+                                            'result_label' => 'previous_result'
+                                          }
+      unless item_response.item.nil?
+        item = item_response.item['result']
+        if item.nil?
+          raise "Result key must have value in prior results: #{item_response.item}"
+        else
+          item
+        end
+      end
+    else
+      nil
+    end
+  end
+  def update_prior_result(delta_name:, results:)
+    conditionally_create_table table_name: delta_name
+    table = dynamo_db.table(delta_name)
+    result_item = {
+      'result_label' => 'previous_result',
+      'result' => results
+    }
+    table.put_item item: result_item
+  end
+  private
+  def conditionally_create_table(table_name:)
+    unless table_exists? table_name
+      dynamo_db.create_table attribute_definitions: [
+                               {
+                                 attribute_name: 'result_label',
+                                 attribute_type: 'S'
+                               }
+                             ],
+                             table_name: table_name,
+                             key_schema: [
+                               {
+                                 attribute_name: 'result_label',
+                                 key_type: 'HASH'
+                               }
+                             ],
+                             provisioned_throughput: {
+                               read_capacity_units: 1,
+                               write_capacity_units: 1
+                             }
+      client.wait_until(:table_exists, table_name: table_name)
+    end
+  end
+  def table_exists?(table_name)
+    found_table = dynamo_db.tables.find { |table| table.name == table_name }
+    not found_table.nil?
+  end
+  def client
+    Aws::DynamoDB::Client.new
+  end
+  def dynamo_db
+    Aws::DynamoDB::Resource.new(client: client)
+  end
+end

data/lib/results_differencer.rb ADDED Viewed

@@ -0,0 +1,69 @@
+require 'set'
+class ResultsDifferencer
+  def fixed(prior:,
+            current:)
+    prior_hash = {}
+    prior.each { |result| prior_hash[result['check_id']] = result }
+    current_hash = {}
+    current.each { |result| current_hash[result['check_id']] = result }
+    prior_ids = prior.map { |result| result['check_id'] }
+    current_ids = current.map { |result| result['check_id'] }
+    fixed_check_ids = prior_ids - current_ids
+    same_check_ids = prior_ids - fixed_check_ids
+    delta = []
+    same_check_ids.each do |check_id|
+      fixed_resources = prior_hash[check_id]['flagged_resources'] - current_hash[check_id]['flagged_resources']
+      if fixed_resources != []
+        delta_result = prior_hash[check_id].dup
+        delta_result['flagged_resources'] = fixed_resources
+        delta << delta_result
+      else
+      end
+    end
+    fixed_check_ids.each { |check_id| delta << prior_hash[check_id] }
+    delta
+  end
+  def new_violations(prior:,
+                     current:)
+    prior_hash = {}
+    prior.each { |result| prior_hash[result['check_id']] = result }
+    current_hash = {}
+    current.each { |result| current_hash[result['check_id']] = result }
+    prior_ids = prior.map { |result| result['check_id'] }
+    current_ids = current.map { |result| result['check_id'] }
+    new_check_ids = current_ids - prior_ids
+    same_check_ids = current_ids - new_check_ids
+    delta = []
+    same_check_ids.each do |check_id|
+      new_resources = current_hash[check_id]['flagged_resources'] - prior_hash[check_id]['flagged_resources']
+      if new_resources != []
+        delta_result = current_hash[check_id].dup
+        delta_result['flagged_resources'] = new_resources
+        delta << delta_result
+      end
+    end
+    new_check_ids.each { |check_id| delta << current_hash[check_id] }
+    delta
+  end
+end

data/lib/trusted_advisor_status.rb ADDED Viewed

@@ -0,0 +1,135 @@
+require 'aws-sdk'
+require 'json'
+require_relative 'results_dao'
+require_relative 'results_differencer'
+require_relative 'hash_util'
+class TrustedAdvisorStatus
+  def check_status(categories: %w(security performance),
+                   fail_on_warn: false,
+                   fail_on_error: false,
+                   delta_name: nil)
+    results = discover_results(categories: categories,
+                               delta_name: delta_name)
+    render_results(results)
+    if results.is_a? Array
+      new_violations = results
+    elsif results.is_a? Hash
+      new_violations = results['new_violation']
+    end
+    if fail_on_error
+      error_found = new_violations.find { |result| result['status'] == 'error' }
+      error_found.nil? ? 0 : 1
+    elsif fail_on_warn
+      warning_fond = new_violations.find { |result| result['status'] == 'error' or result['status'] == 'warning' }
+      warning_fond.nil? ? 0 : 1
+    else
+      0
+    end
+  end
+  def discover_results(categories:, delta_name:)
+    results_dao = ResultsDAO.new
+    full_results = not_ok_check_results(categories: categories)
+    if delta_name.nil?
+      full_results
+    else
+      prior_results = results_dao.retrieve_prior_results delta_name: delta_name
+      if prior_results.nil?
+        delta_results = full_results
+      else
+        diff = ResultsDifferencer.new
+        new_violations = diff.new_violations(prior: prior_results,
+                                             current: full_results)
+        fixes = diff.fixed(prior: prior_results,
+                           current: full_results)
+        delta_results = {
+          'new_violation' => new_violations,
+          'fixes' => fixes
+        }
+      end
+      results_dao.update_prior_result(delta_name: delta_name, results: full_results)
+      delta_results
+    end
+  end
+  private
+  # resp.result.check_id #=> String
+  # resp.result.timestamp #=> String
+  # resp.result.status #=> String
+  # resp.result.resources_summary.resources_processed #=> Integer
+  # resp.result.resources_summary.resources_flagged #=> Integer
+  # resp.result.resources_summary.resources_ignored #=> Integer
+  # resp.result.resources_summary.resources_suppressed #=> Integer
+  # resp.result.flagged_resources #=> Array
+  # resp.result.flagged_resources[0].status #=> String
+  # resp.result.flagged_resources[0].region #=> String
+  # resp.result.flagged_resources[0].resource_id #=> String
+  # resp.result.flagged_resources[0].is_suppressed #=> true/false
+  # resp.result.flagged_resources[0].metadata #=> Array
+  # resp.result.flagged_resources[0].metadata[0] #=> String
+  def not_ok_check_results(categories:)
+    # the region is on purpose - support intfc is global, but can't find endpoint outside of us-east-1
+    support = Aws::Support::Client.new region: 'us-east-1'
+    describe_trusted_advisor_checks_response = support.describe_trusted_advisor_checks language: 'en'
+    if categories.nil?
+      checks = describe_trusted_advisor_checks_response.checks
+    else
+      checks = describe_trusted_advisor_checks_response.checks.select { |check| categories.include? check.category }
+    end
+    checks.reduce([]) do |aggregate, check|
+      describe_trusted_advisor_check_result_response = support.describe_trusted_advisor_check_result check_id: check.id,
+                                                                                                     language: 'en'
+      if describe_trusted_advisor_check_result_response.result.status != 'ok'
+        aggregate << convert_check_result_into_hash(check.name,
+                                                    describe_trusted_advisor_check_result_response.result)
+      end
+      aggregate
+    end
+  end
+  def convert_check_result_into_hash(check_name, check_result)
+    hash_result = check_result.to_h
+    hash_result.delete :timestamp
+    hash_result.delete :resources_summary
+    hash_result.delete :category_specific_summary
+    hash_result[:description] = check_name
+    unless hash_result[:flagged_resources].nil?
+      hash_result[:flagged_resources] = hash_result[:flagged_resources].reject do |flagged_resource|
+        is_suppressed = flagged_resource[:is_suppressed]
+        flagged_resource.delete :resource_id
+        flagged_resource.delete :is_suppressed
+        is_suppressed
+      end
+    end
+    HashUtil::stringify_keys(hash_result)
+  end
+  def render_results(results)
+    puts JSON.pretty_generate(results)
+  end
+end

metadata ADDED Viewed

@@ -0,0 +1,80 @@
+--- !ruby/object:Gem::Specification
+name: trusted-advisor-status
+version: !ruby/object:Gem::Version
+  version: 0.0.1
+platform: ruby
+authors:
+- someguy
+autorequire:
+bindir: bin
+cert_chain: []
+date: 2016-03-10 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: aws-sdk
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 2.2.17
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 2.2.17
+- !ruby/object:Gem::Dependency
+  name: trollop
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 2.1.2
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - '='
+      - !ruby/object:Gem::Version
+        version: 2.1.2
+description: Some scripting around the AWS Trusted Advisor interface for convenience
+  in calling from pipeline
+email:
+executables:
+- trusted-advisor-status
+- wipe-trusted-advisor-history
+extensions: []
+extra_rdoc_files: []
+files:
+- bin/trusted-advisor-status
+- bin/wipe-trusted-advisor-history
+- lib/hash_util.rb
+- lib/results_dao.rb
+- lib/results_differencer.rb
+- lib/trusted_advisor_status.rb
+homepage: https://github.com/stelligent/trusted-advisor-status
+licenses: []
+metadata: {}
+post_install_message:
+rdoc_options: []
+require_paths:
+- lib
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: 2.1.0
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project:
+rubygems_version: 2.6.0
+signing_key:
+specification_version: 4
+summary: ''
+test_files: []