Class: AwsS3Bucket

Inherits:

Object

• Object
• AwsS3Bucket

Includes:

AwsSingularResourceMixin

Defined in:

lib/resources/aws/aws_s3_bucket.rb

Defined Under Namespace

Classes: Backend

Instance Attribute Summary

• #bucket_name ⇒ Object readonly

  Returns the value of attribute bucket_name.

• #has_access_logging_enabled ⇒ Object readonly

  Returns the value of attribute has_access_logging_enabled.

• #has_default_encryption_enabled ⇒ Object readonly

  Returns the value of attribute has_default_encryption_enabled.

• #region ⇒ Object readonly

  Returns the value of attribute region.

Instance Method Summary

• #bucket_acl ⇒ Object
• #bucket_policy ⇒ Object
• #has_access_logging_enabled? ⇒ Boolean
• #has_default_encryption_enabled? ⇒ Boolean
• #public? ⇒ Boolean

  RSpec will alias this to be_public.

• #to_s ⇒ Object

Methods included from AwsSingularResourceMixin

#exists?, included

Methods included from AwsResourceMixin

#catch_aws_errors, #check_resource_param_names, #initialize, #inspec_runner

Instance Attribute Details

#bucket_name ⇒ Object (readonly)

Returns the value of attribute bucket_name.

# File 'lib/resources/aws/aws_s3_bucket.rb', line 16

def bucket_name
  @bucket_name
end

#has_access_logging_enabled ⇒ Object (readonly)

Returns the value of attribute has_access_logging_enabled.

# File 'lib/resources/aws/aws_s3_bucket.rb', line 16

def has_access_logging_enabled
  @has_access_logging_enabled
end

#has_default_encryption_enabled ⇒ Object (readonly)

Returns the value of attribute has_default_encryption_enabled.

# File 'lib/resources/aws/aws_s3_bucket.rb', line 16

def has_default_encryption_enabled
  @has_default_encryption_enabled
end

#region ⇒ Object (readonly)

Returns the value of attribute region.

# File 'lib/resources/aws/aws_s3_bucket.rb', line 16

def region
  @region
end

Instance Method Details

#bucket_acl ⇒ Object

# File 'lib/resources/aws/aws_s3_bucket.rb', line 22

def bucket_acl
  catch_aws_errors do
    @bucket_acl ||= BackendFactory.create(inspec_runner).get_bucket_acl(bucket: bucket_name).grants
  end
end

#bucket_policy ⇒ Object

# File 'lib/resources/aws/aws_s3_bucket.rb', line 28

def bucket_policy
  @bucket_policy ||= fetch_bucket_policy
end

#has_access_logging_enabled? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/resources/aws/aws_s3_bucket.rb', line 47

def has_access_logging_enabled?
  return false unless @exists

  catch_aws_errors do
    @has_access_logging_enabled ||= !BackendFactory.create(inspec_runner).get_bucket_logging(bucket: bucket_name).logging_enabled.nil?
  end
end

#has_default_encryption_enabled? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/resources/aws/aws_s3_bucket.rb', line 41

def has_default_encryption_enabled?
  return false unless @exists

  @has_default_encryption_enabled ||= fetch_bucket_encryption_configuration
end

#public? ⇒ Boolean

RSpec will alias this to be_public

Returns:

• (Boolean)

# File 'lib/resources/aws/aws_s3_bucket.rb', line 33

def public?
  # first line just for formatting
  false || \
    bucket_acl.any? { |g| g.grantee.type == "Group" && g.grantee.uri =~ /AllUsers/ } || \
    bucket_acl.any? { |g| g.grantee.type == "Group" && g.grantee.uri =~ /AuthenticatedUsers/ } || \
    bucket_policy.any? { |s| s.effect == "Allow" && s.principal == "*" }
end

#to_s ⇒ Object

# File 'lib/resources/aws/aws_s3_bucket.rb', line 18

def to_s
  "S3 Bucket #{@bucket_name}"
end