Browse Source

add in node tagging audit

Chris Mague 7 years ago
parent
commit
2f37bf4e1e
5 changed files with 69 additions and 4 deletions
  1. 11 4
      Rakefile
  2. 11 0
      Readme.md
  3. 1 0
      config.yaml.example
  4. 1 0
      lib/neoinfra.rb
  5. 45 0
      lib/neoinfra/audit.rb

+ 11 - 4
Rakefile

@@ -12,11 +12,9 @@ task default: :full_test
 
 require 'rubocop/rake_task'
 require 'rake'
+require 'pp'
 require 'rspec/core/rake_task'
-require 'neoinfra/accounts'
-require 'neoinfra/vpcs'
-require 'neoinfra/aws'
-require 'neoinfra/nodes'
+require 'neoinfra'
 
 RuboCop::RakeTask.new(:rubocop) do |t|
   t.options = ['--display-cop-names']
@@ -65,3 +63,12 @@ end
 desc 'Load Everything'
 task load_all: %i[load_accounts load_regions load_vpcs load_buckets load_nodes]
 task full_test: %i[rubocop spec]
+
+task :audit_nodes do
+  puts 'auditing Nodes'
+  j = NeoInfra::Audit.new
+  pp j.audit_nodes
+end
+
+desc 'Tag Audit'
+task audit_all: %i[audit_nodes]

+ 11 - 0
Readme.md

@@ -1,5 +1,16 @@
 # neo-infra
 
+
+## Auditing
+
+To audit resources to ensure that they are properly tagged run
+
+```
+rake audit_all
+```
+
+See the tag_policy section of the config.yaml.example file for ideas
+
 ## Running
 
 1) Download and run neo4j container

+ 1 - 0
config.yaml.example

@@ -16,3 +16,4 @@ tag_policy:
     - Environment
   - :recommended:
     - Product
+    - Name

+ 1 - 0
lib/neoinfra.rb

@@ -3,6 +3,7 @@
 # The supplies all of the various neoinfra info
 module NeoInfra
   require 'neoinfra/config'
+  require 'neoinfra/audit'
   require 'neoinfra/accounts'
   require 'neoinfra/aws'
   require 'neoinfra/vpcs'

+ 45 - 0
lib/neoinfra/audit.rb

@@ -0,0 +1,45 @@
+# frozen_string_literal: true
+
+require 'nodes'
+require 'accounts'
+require 'fog'
+require 'neoinfra/aws'
+
+# NeoInfra Account information
+module NeoInfra
+  # Provide informations about the accounts available
+  class Audit
+    def audit_nodes
+      results = Hash.new{ |h, k| h[k] = {} }
+      aws = NeoInfra::Aws.new
+      @cfg = NeoInfra::Config.new
+
+      @cfg.accounts.each do |account|
+        base_conf = {
+          provider: 'AWS',
+          aws_access_key_id: account[:key],
+          aws_secret_access_key: account[:secret]
+        }
+        aws.regions.each do |region|
+          region_conf = { region: region }
+          new_conn = Fog::Compute.new(region_conf.merge(base_conf))
+          new_conn.servers.all.each do |ec2|
+            [:required, :recommended]. each do |a|
+              unless (ec2.tags.keys.sort & @cfg.tag_policy[a].sort) == @cfg.tag_policy[a].sort
+                results[ec2.id].merge!({
+                                  "#{a.to_s}_missing_tags" => @cfg.tag_policy[a].sort - ec2.tags.keys.sort,
+                                  'tags' => ec2.tags.keys.sort,
+                                  'account' => account[:name],
+                                  'launched' => ec2.created_at,
+                                  'region' => region,
+                                  'ssh_key' => ec2.key_name
+                })
+              end
+            end
+          end
+        end
+      end
+      return results
+    end
+  end
+end