Class: S3Secure::AccessLogs::Show

Inherits:
Base show all
Defined in:
lib/s3_secure/access_logs/show.rb

Instance Method Summary collapse

Methods inherited from CLI::Base

#buckets, #initialize

Methods included from CLI::Say

#say

Methods included from S3Secure::AwsServices

#sts

Methods included from S3Secure::AwsServices::S3

#check_bucket!, #new_s3_regional_client, #region, #region_map, #s3, #s3_client, #s3_regional_client

Constructor Details

This class inherits a constructor from S3Secure::CLI::Base

Instance Method Details

#access_control_policy_with_log_delivery_permissionsObject 



55
56
57
58
 
# File 'lib/s3_secure/access_logs/show.rb', line 55

def access_control_policy_with_log_delivery_permissions
  grants = bucket_acl_grants + log_delivery_access_grants
  { grants: grants, owner: owner }
end

#access_control_policy_without_log_delivery_permissionsObject 



60
61
62
63
 
# File 'lib/s3_secure/access_logs/show.rb', line 60

def access_control_policy_without_log_delivery_permissions
  grants = bucket_acl_grants - log_delivery_access_grants
  { grants: grants, owner: owner }
end

#acl_enabled?Boolean

Returns:

  • (Boolean) 


34
35
36
37
 
# File 'lib/s3_secure/access_logs/show.rb', line 34

def acl_enabled?
  grants = bucket_acl_grants & log_delivery_access_grants
  !grants.empty?
end

#bucket_aclObject 



18
19
20
21
22
23
 
# File 'lib/s3_secure/access_logs/show.rb', line 18

def bucket_acl
  # Tricky here, need to swtich the s3 client in case target_bucket is in another region
  with_regional_s3(target_bucket) do
    s3.get_bucket_acl(bucket: target_bucket)
  end
end

#bucket_acl_grantsObject 



26
27
28
 
# File 'lib/s3_secure/access_logs/show.rb', line 26

def bucket_acl_grants
  bucket_acl.grants.map(&:to_h)
end

#bucket_loggingObject 



10
11
12
13
14
15
 
# File 'lib/s3_secure/access_logs/show.rb', line 10

def bucket_logging
  # Tricky here, need to swtich the s3 client in case target_bucket is in another region
  with_regional_s3(target_bucket) do
    s3.get_bucket_logging(bucket: target_bucket).to_h
  end
end

#enabled?Boolean

Returns:

  • (Boolean) 


30
31
32
 
# File 'lib/s3_secure/access_logs/show.rb', line 30

def enabled?
  acl_enabled? && logging_enabled?
end

#log_delivery_access_grantsObject 



43
44
45
46
47
48
49
50
51
52
53
 
# File 'lib/s3_secure/access_logs/show.rb', line 43

def log_delivery_access_grants
  [
    {
      grantee: {type: "Group", uri: "http://acs.amazonaws.com/groups/s3/LogDelivery"},
      permission: "WRITE"
    },{
      grantee: {type: "Group", uri: "http://acs.amazonaws.com/groups/s3/LogDelivery"},
      permission: "READ_ACP"
    }
  ]
end

#logging_enabled?Boolean

Returns:

  • (Boolean) 


39
40
41
 
# File 'lib/s3_secure/access_logs/show.rb', line 39

def logging_enabled?
  !bucket_logging.empty?
end

#ownerObject 



65
66
67
68
69
70
 
# File 'lib/s3_secure/access_logs/show.rb', line 65

def owner
  {
    display_name: bucket_acl.owner.display_name,
    id: bucket_acl.owner.id,
  }
end

#runObject 



3
4
5
6
7
8
 
# File 'lib/s3_secure/access_logs/show.rb', line 3

def run
  say "Bucket ACL:"
  pp bucket_acl_grants
  say "Bucket Logging:"
  pp bucket_logging
end

#target_bucketObject 



72
73
74
 
# File 'lib/s3_secure/access_logs/show.rb', line 72

def target_bucket
  @options[:target_bucket] || @bucket
end

#target_prefixObject 



76
77
78
79
80
 
# File 'lib/s3_secure/access_logs/show.rb', line 76

def target_prefix
  prefix = @options[:target_prefix] || "access-logs"
  prefix += "/" unless prefix.ends_with?("/")
  prefix
end

#with_regional_s3(bucket) ⇒ Object 



82
83
84
85
86
87
 
# File 'lib/s3_secure/access_logs/show.rb', line 82

def with_regional_s3(bucket)
  current_bucket, @bucket = @bucket, bucket
  result = yield
  @bucket = current_bucket
  result
end