class S3Secure::AccessLogs::Show

Public Instance Methods

access_control_policy_with_log_delivery_permissions() click to toggle source
# File lib/s3_secure/access_logs/show.rb, line 55
def access_control_policy_with_log_delivery_permissions
  grants = bucket_acl_grants + log_delivery_access_grants
  { grants: grants, owner: owner }
end
access_control_policy_without_log_delivery_permissions() click to toggle source
# File lib/s3_secure/access_logs/show.rb, line 60
def access_control_policy_without_log_delivery_permissions
  grants = bucket_acl_grants - log_delivery_access_grants
  { grants: grants, owner: owner }
end
acl_enabled?() click to toggle source
# File lib/s3_secure/access_logs/show.rb, line 34
def acl_enabled?
  grants = bucket_acl_grants & log_delivery_access_grants
  !grants.empty?
end
bucket_acl() click to toggle source
# File lib/s3_secure/access_logs/show.rb, line 18
def bucket_acl
  # Tricky here, need to swtich the s3 client in case target_bucket is in another region
  with_regional_s3(target_bucket) do
    s3.get_bucket_acl(bucket: target_bucket)
  end
end
bucket_acl_grants() click to toggle source
# File lib/s3_secure/access_logs/show.rb, line 26
def bucket_acl_grants
  bucket_acl.grants.map(&:to_h)
end
bucket_logging() click to toggle source
# File lib/s3_secure/access_logs/show.rb, line 10
def bucket_logging
  # Tricky here, need to swtich the s3 client in case target_bucket is in another region
  with_regional_s3(target_bucket) do
    s3.get_bucket_logging(bucket: target_bucket).to_h
  end
end
enabled?() click to toggle source
# File lib/s3_secure/access_logs/show.rb, line 30
def enabled?
  acl_enabled? && logging_enabled?
end
log_delivery_access_grants() click to toggle source
# File lib/s3_secure/access_logs/show.rb, line 43
def log_delivery_access_grants
  [
    {
      grantee: {type: "Group", uri: "http://acs.amazonaws.com/groups/s3/LogDelivery"},
      permission: "WRITE"
    },{
      grantee: {type: "Group", uri: "http://acs.amazonaws.com/groups/s3/LogDelivery"},
      permission: "READ_ACP"
    }
  ]
end
logging_enabled?() click to toggle source
# File lib/s3_secure/access_logs/show.rb, line 39
def logging_enabled?
  !bucket_logging.empty?
end
owner() click to toggle source
# File lib/s3_secure/access_logs/show.rb, line 65
def owner
  {
    display_name: bucket_acl.owner.display_name,
    id: bucket_acl.owner.id,
  }
end
run() click to toggle source
# File lib/s3_secure/access_logs/show.rb, line 3
def run
  say "Bucket ACL:"
  pp bucket_acl_grants
  say "Bucket Logging:"
  pp bucket_logging
end
target_bucket() click to toggle source
# File lib/s3_secure/access_logs/show.rb, line 72
def target_bucket
  @options[:target_bucket] || @bucket
end
target_prefix() click to toggle source
# File lib/s3_secure/access_logs/show.rb, line 76
def target_prefix
  prefix = @options[:target_prefix] || "access-logs"
  prefix += "/" unless prefix.ends_with?("/")
  prefix
end
with_regional_s3(bucket) { || ... } click to toggle source
# File lib/s3_secure/access_logs/show.rb, line 82
def with_regional_s3(bucket)
  current_bucket, @bucket = @bucket, bucket
  result = yield
  @bucket = current_bucket
  result
end