Class: Cucloud::ConfigServiceUtils

Inherits:

Object

• Object
• Cucloud::ConfigServiceUtils

Defined in:

lib/cucloud/config_service_utils.rb

Overview

ConfigServiceUtils - Utilities for Config Service

Defined Under Namespace

Classes: UnsupportedRegionError

Constant Summary

CONFIG_REGIONS =

http://docs.aws.amazon.com/general/latest/gr/rande.html#awsconfig_region

['us-east-1',
'us-west-2',
'eu-west-1',
'eu-central-1',
'ap-northeast-1'].freeze

Class Method Summary

• .get_available_regions ⇒ Array<String>

  Config service is limited to a subset of regions - get currently supported list.

Instance Method Summary

• #get_config_rule_by_name(rule_name) ⇒ Aws::ConfigService::Types::ConfigRule

  Get specific config rule by name.

• #get_config_rules ⇒ Array<Aws::ConfigService::Types::ConfigRule>

  Get array of configuration rules for given region.

• #get_rule_compliance_by_name(rule_name) ⇒ Types::EvaluationResult

  Get compliance details for a given rule by name.

• #get_rule_evaluation_status_by_name(rule_name) ⇒ Types::ConfigRuleEvaluationStatus

  Get evaluation status of rule by name.

• #hours_since_last_run(rule) ⇒ Integer

  Get hours since last config check invocation.

• #initialize(cs_client = Aws::ConfigService::Client.new) ⇒ ConfigServiceUtils constructor

  Constructor for ConfigServiceUtilsclass.

• #recorder_active? ⇒ Boolean

  Are all recorders active and logging data in this region.

• #rule_active?(rule) ⇒ Boolean

  Is this rule active?.

• #rule_compliant?(rule) ⇒ Boolean

  Is this rule currently passing?.

Constructor Details

#initialize(cs_client = Aws::ConfigService::Client.new) ⇒ ConfigServiceUtils

Constructor for ConfigServiceUtilsclass

Parameters:

• AWS (Aws::ConfigService::Client) —

  ConfigService SDK Client

# File 'lib/cucloud/config_service_utils.rb', line 23

def initialize(cs_client = Aws::ConfigService::Client.new)
  unless Cucloud::ConfigServiceUtils.get_available_regions.include? Cucloud.region
    raise Cucloud::ConfigServiceUtils::UnsupportedRegionError,
          "Region #{Cucloud.region} not yet supported by config service"
  end

  @cs = cs_client
  @region = Cucloud.region
end

Class Method Details

.get_available_regions ⇒ Array<String>

Config service is limited to a subset of regions - get currently supported list

Returns:

• (Array<String>) —

  Array of region names

# File 'lib/cucloud/config_service_utils.rb', line 17

def self.get_available_regions
  CONFIG_REGIONS
end

Instance Method Details

#get_config_rule_by_name(rule_name) ⇒ Aws::ConfigService::Types::ConfigRule

Get specific config rule by name

Parameters:

• Config (String) —

  rule name

Returns:

• (Aws::ConfigService::Types::ConfigRule) —

  Rule

# File 'lib/cucloud/config_service_utils.rb', line 43

def get_config_rule_by_name(rule_name)
  # https://docs.aws.amazon.com/sdkforruby/api/Aws/ConfigService/Client.html#describe_config_rules-instance_method
  @cs.describe_config_rules(
    config_rule_names: [rule_name]
  ).config_rules.first
end

#get_config_rules ⇒ Array<Aws::ConfigService::Types::ConfigRule>

Get array of configuration rules for given region

Returns:

• (Array<Aws::ConfigService::Types::ConfigRule>) —

  Array of config rules

# File 'lib/cucloud/config_service_utils.rb', line 35

def get_config_rules
  # https://docs.aws.amazon.com/sdkforruby/api/Aws/ConfigService/Client.html#describe_config_rules-instance_method
  @cs.describe_config_rules.config_rules
end

#get_rule_compliance_by_name(rule_name) ⇒ Types::EvaluationResult

Get compliance details for a given rule by name

Parameters:

• Rule (String) —

  name

Returns:

• (Types::EvaluationResult)

# File 'lib/cucloud/config_service_utils.rb', line 64

def get_rule_compliance_by_name(rule_name)
  # https://docs.aws.amazon.com/sdkforruby/api/Aws/ConfigService/Client.html#describe_config_rule_evaluation_status-instance_method
  @cs.get_compliance_details_by_config_rule(
    config_rule_name: rule_name
  ).evaluation_results.first
end

#get_rule_evaluation_status_by_name(rule_name) ⇒ Types::ConfigRuleEvaluationStatus

Get evaluation status of rule by name

Parameters:

• Rule (String) —

  name

Returns:

• (Types::ConfigRuleEvaluationStatus) —

  Evaluation status of rule

# File 'lib/cucloud/config_service_utils.rb', line 53

def get_rule_evaluation_status_by_name(rule_name)
  # https://docs.aws.amazon.com/sdkforruby/api/Aws/ConfigService/Client.html#describe_config_rule_evaluation_status-instance_method
  @cs.describe_config_rule_evaluation_status(
    config_rule_names: [rule_name]
  ).config_rules_evaluation_status.first
end

#hours_since_last_run(rule) ⇒ Integer

Get hours since last config check invocation

Parameters:

• Rule (Aws::ConfigService::Types::ConfigRule)

Returns:

• (Integer) —

  Hours

# File 'lib/cucloud/config_service_utils.rb', line 95

def hours_since_last_run(rule)
  last_run_time = get_rule_evaluation_status_by_name(rule.config_rule_name).last_successful_invocation_time
  return nil if last_run_time.nil?

  ((Time.now - last_run_time) / 60 / 60).to_i
end

#recorder_active? ⇒ Boolean

Are all recorders active and logging data in this region

Returns:

• (Boolean)

# File 'lib/cucloud/config_service_utils.rb', line 73

def recorder_active?
  @cs.describe_configuration_recorder_status({})
     .configuration_recorders_status.find { |x| !x.recording || x.last_status != 'SUCCESS' }.nil?
end

#rule_active?(rule) ⇒ Boolean

Is this rule active?

Parameters:

• Rule (Aws::ConfigService::Types::ConfigRule)

Returns:

• (Boolean)

# File 'lib/cucloud/config_service_utils.rb', line 81

def rule_active?(rule)
  rule.config_rule_state == 'ACTIVE'
end

#rule_compliant?(rule) ⇒ Boolean

Is this rule currently passing?

Parameters:

• Rule (Aws::ConfigService::Types::ConfigRule)

Returns:

• (Boolean)

# File 'lib/cucloud/config_service_utils.rb', line 88

def rule_compliant?(rule)
  get_rule_compliance_by_name(rule.config_rule_name).compliance_type == 'COMPLIANT'
end