RubyGems - fog-aws - Versions diffs - 3.11.0 → 3.12.0 - Mend

fog-aws 3.11.0 → 3.12.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (12) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +5 -1
data/lib/fog/aws/compute.rb +6 -3
data/lib/fog/aws/credential_fetcher.rb +14 -7
data/lib/fog/aws/models/compute/security_group.rb +13 -5
data/lib/fog/aws/parsers/compute/describe_security_groups.rb +18 -4
data/lib/fog/aws/requests/compute/authorize_security_group_ingress.rb +15 -0
data/lib/fog/aws/requests/compute/describe_security_groups.rb +2 -0
data/lib/fog/aws/version.rb +1 -1
data/tests/credentials_tests.rb +41 -0
data/tests/requests/compute/security_group_tests.rb +12 -1
metadata +2 -2

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: db78eac28d74ef1522933e294d0528ecf4f99d072594629f6befeb75927f63e6
-  data.tar.gz: 9496a31776f748834e82525bebf26a157208d7fec58f273d21508bc1c6d25062
+  metadata.gz: a9f2992e8c7fe7d8b4ae1bba5a16d00fe98d3c531cd473d4b3a1109d6a774e16
+  data.tar.gz: 781c1889a4c0cf5d0fd8b1aa0d5ebf0101ea577aa0412265dd14aff339aacae4
 SHA512:
-  metadata.gz: 0a6c79d3d5598348a49a3c1bff6b4e89804900d851a9a6e1cd328f98e2877b6ff6a66fe1703e5276f46f434d39adc3ad8d00dcef6905308168f34993278c52a5
-  data.tar.gz: d7a32f8b0df5f0f439662d8917e1eaf7ef5cc74433f48653162d74a6ae725d3fdf9a2bfe64e81f59abf8d3470c1cb44631476cd514d145249b99ca95d09615ad
+  metadata.gz: 2c81e87c69e6497df16ea76263e57ccd6457acf85378882745ebd2c58322bce9d93fe773dbf68c8b68bcfb5e3aab5231a534d98d38e8101958cc075e0651f8b5
+  data.tar.gz: cd5d6b7fef8eea60e58c7393bb0921fac17e78ad345ab87f199b34d2d20425500a9837a9eef9fcd12f374aa43d979a6cc1a0b6a554acd029517313794f3ab9ab

data/CHANGELOG.md CHANGED Viewed

@@ -2,7 +2,11 @@
 ## [Unreleased](https://github.com/fog/fog-aws/tree/HEAD)
-[Full Changelog](https://github.com/fog/fog-aws/compare/v3.10.0...HEAD)
+[Full Changelog](https://github.com/fog/fog-aws/compare/v3.11.0...HEAD)
+## [v3.11.0](https://github.com/fog/fog-aws/tree/v3.11.0) (2021-08-05)
+[Full Changelog](https://github.com/fog/fog-aws/compare/v3.10.0...v3.11.0)
 **Closed issues:**

data/lib/fog/aws/compute.rb CHANGED Viewed

@@ -233,21 +233,24 @@ module Fog
                         'fromPort'    => -1,
                         'toPort'      => -1,
                         'ipProtocol'  => 'icmp',
-                        'ipRanges'    => []
+                        'ipRanges'    => [],
+                        'ipv6Ranges'  => []
                       },
                       {
                         'groups'      => [{'groupName' => 'default', 'userId' => owner_id, 'groupId' => security_group_id}],
                         'fromPort'    => 0,
                         'toPort'      => 65535,
                         'ipProtocol'  => 'tcp',
-                        'ipRanges'    => []
+                        'ipRanges'    => [],
+                        'ipv6Ranges'  => []
                       },
                       {
                         'groups'      => [{'groupName' => 'default', 'userId' => owner_id, 'groupId' => security_group_id}],
                         'fromPort'    => 0,
                         'toPort'      => 65535,
                         'ipProtocol'  => 'udp',
-                        'ipRanges'    => []
+                        'ipRanges'    => [],
+                        'ipv6Ranges'  => []
                       }
                     ],
                     'ownerId'             => owner_id

data/lib/fog/aws/credential_fetcher.rb CHANGED Viewed

@@ -13,8 +13,6 @@ module Fog
       CONTAINER_CREDENTIALS_HOST = "http://169.254.170.2"
-      STS_GLOBAL_ENDPOINT = "https://sts.amazonaws.com"
       module ServiceMethods
         def fetch_credentials(options)
           if options[:use_iam_profile] && Fog.mocking?
@@ -23,7 +21,7 @@ module Fog
           if options[:use_iam_profile]
             begin
               role_data = nil
-              region = options[:region]
+              region = options[:region] || ENV["AWS_DEFAULT_REGION"]
               if ENV["AWS_CONTAINER_CREDENTIALS_RELATIVE_URI"]
                 connection = options[:connection] || Excon.new(CONTAINER_CREDENTIALS_HOST)
@@ -44,7 +42,15 @@ module Fog
                   :WebIdentityToken => File.read(options[:aws_web_identity_token_file] || ENV.fetch("AWS_WEB_IDENTITY_TOKEN_FILE")),
                   :Version => "2011-06-15",
                 }
-                connection = options[:connection] || Excon.new(STS_GLOBAL_ENDPOINT, :query => params)
+                sts_endpoint =
+                  if ENV["AWS_STS_REGIONAL_ENDPOINTS"] == "regional" && region
+                    "https://sts.#{region}.amazonaws.com"
+                  else
+                    "https://sts.amazonaws.com"
+                  end
+                connection = options[:connection] || Excon.new(sts_endpoint, :query => params)
                 document = Nokogiri::XML(connection.get(:idempotent => true, :expects => 200).body)
                 session = {
@@ -65,18 +71,19 @@ module Fog
                 role_name = connection.get(:path => INSTANCE_METADATA_PATH, :idempotent => true, :expects => 200, :headers => token_header).body
                 role_data = connection.get(:path => INSTANCE_METADATA_PATH+role_name, :idempotent => true, :expects => 200, :headers => token_header).body
                 session = Fog::JSON.decode(role_data)
                 region ||= connection.get(:path => INSTANCE_METADATA_AZ, :idempotent => true, :expects => 200, :headers => token_header).body[0..-2]
               end
               credentials = {}
               credentials[:aws_access_key_id] = session['AccessKeyId']
               credentials[:aws_secret_access_key] = session['SecretAccessKey']
               credentials[:aws_session_token] = session['Token']
               credentials[:aws_credentials_expire_at] = Time.xmlschema session['Expiration']
               # set region by default to the one the instance is in.
               credentials[:region] = region
+              credentials[:sts_endpoint] = sts_endpoint if sts_endpoint
               #these indicate the metadata service is unavailable or has no profile setup
               credentials
             rescue Excon::Error => e

data/lib/fog/aws/models/compute/security_group.rb CHANGED Viewed

@@ -62,7 +62,8 @@ module Fog
         # options::
         #   A hash that can contain any of the following keys:
         #    :cidr_ip (defaults to "0.0.0.0/0")
-        #    :group - ("account:group_name" or "account:group_id"), cannot be used with :cidr_ip
+        #    :cidr_ipv6 cannot be used with :cidr_ip
+        #    :group - ("account:group_name" or "account:group_id"), cannot be used with :cidr_ip or :cidr_ipv6
         #    :ip_protocol (defaults to "tcp")
         #
         # == Returns:
@@ -178,7 +179,8 @@ module Fog
         # options::
         #   A hash that can contain any of the following keys:
         #    :cidr_ip (defaults to "0.0.0.0/0")
-        #    :group - ("account:group_name" or "account:group_id"), cannot be used with :cidr_ip
+        #    :cidr_ipv6 cannot be used with :cidr_ip
+        #    :group - ("account:group_name" or "account:group_id"), cannot be used with :cidr_ip or :cidr_ipv6
         #    :ip_protocol (defaults to "tcp")
         #
         # == Returns:
@@ -327,9 +329,15 @@ module Fog
           }
           if options[:group].nil?
-            ip_permission['IpRanges'] = [
-              { 'CidrIp' => options[:cidr_ip] || '0.0.0.0/0' }
-            ]
+            if options[:cidr_ipv6].nil?
+              ip_permission['IpRanges'] = [
+                { 'CidrIp' => options[:cidr_ip] || '0.0.0.0/0' }
+              ]
+            else
+              ip_permission['Ipv6Ranges'] = [
+                { 'CidrIpv6' => options[:cidr_ipv6] }
+              ]
+            end
           else
             ip_permission['Groups'] = [
               group_info(options[:group])

data/lib/fog/aws/parsers/compute/describe_security_groups.rb CHANGED Viewed

@@ -5,9 +5,10 @@ module Fog
         class DescribeSecurityGroups < Fog::Parsers::Base
           def reset
             @group = {}
-            @ip_permission = { 'groups' => [], 'ipRanges' => []}
-            @ip_permission_egress = { 'groups' => [], 'ipRanges' => []}
+            @ip_permission = { 'groups' => [], 'ipRanges' => [], 'ipv6Ranges' => []}
+            @ip_permission_egress = { 'groups' => [], 'ipRanges' => [], 'ipv6Ranges' => []}
             @ip_range = {}
+            @ipv6_range = {}
             @security_group = { 'ipPermissions' => [], 'ipPermissionsEgress' => [], 'tagSet' => {} }
             @response = { 'securityGroupInfo' => [] }
             @tag = {}
@@ -24,6 +25,8 @@ module Fog
               @in_ip_permissions_egress = true
             when 'ipRanges'
               @in_ip_ranges = true
+            when 'ipv6Ranges'
+              @in_ipv6_ranges = true
             when 'tagSet'
               @in_tag_set = true
             end
@@ -44,6 +47,8 @@ module Fog
               case name
               when 'cidrIp'
                 @ip_range[name] = value
+              when 'cidrIpv6'
+                @ipv6_range[name] = value
               when 'fromPort', 'toPort'
                 if @in_ip_permissions_egress
                   @ip_permission_egress[name] = value.to_i
@@ -72,6 +77,8 @@ module Fog
                 end
               when 'ipRanges'
                 @in_ip_ranges = false
+              when 'ipv6Ranges'
+                @in_ipv6_ranges = false
               when 'item'
                 if @in_groups
                   if @in_ip_permissions_egress
@@ -87,12 +94,19 @@ module Fog
                     @ip_permission['ipRanges'] << @ip_range
                   end
                   @ip_range = {}
+                elsif @in_ipv6_ranges
+                  if @in_ip_permissions_egress
+                    @ip_permission_egress['ipv6Ranges'] << @ipv6_range
+                  else
+                    @ip_permission['ipv6Ranges'] << @ipv6_range
+                  end
+                  @ipv6_range = {}
                 elsif @in_ip_permissions
                   @security_group['ipPermissions'] << @ip_permission
-                  @ip_permission = { 'groups' => [], 'ipRanges' => []}
+                  @ip_permission = { 'groups' => [], 'ipRanges' => [], 'ipv6Ranges' => []}
                 elsif @in_ip_permissions_egress
                   @security_group['ipPermissionsEgress'] << @ip_permission_egress
-                  @ip_permission_egress = { 'groups' => [], 'ipRanges' => []}
+                  @ip_permission_egress = { 'groups' => [], 'ipRanges' => [], 'ipv6Ranges' => []}
                 else
                   @response['securityGroupInfo'] << @security_group
                   @security_group = { 'ipPermissions' => [], 'ipPermissionsEgress' => [], 'tagSet' => {} }

data/lib/fog/aws/requests/compute/authorize_security_group_ingress.rb CHANGED Viewed

@@ -30,6 +30,9 @@ module Fog
         #       * 'IpRanges'<~Array>:
         #         * ip_range<~Hash>:
         #           * 'CidrIp'<~String> - CIDR range
+        #       * 'Ipv6Ranges'<~Array>:
+        #         * ip_range<~Hash>:
+        #           * 'CidrIpv6'<~String> - CIDR range
         #       * 'ToPort'<~Integer> - End of port range (or -1 for ICMP wildcard)
         #
         # === Returns
@@ -72,6 +75,10 @@ module Fog
               range_index += 1
               params[format('IpPermissions.%d.IpRanges.%d.CidrIp', key_index, range_index)] = ip_range['CidrIp']
             end
+            (permission['Ipv6Ranges'] || []).each_with_index do |ip_range, range_index|
+              range_index += 1
+              params[format('IpPermissions.%d.Ipv6Ranges.%d.CidrIpv6', key_index, range_index)] = ip_range['CidrIpv6']
+            end
           end
           params.reject {|k, v| v.nil? }
         end
@@ -186,6 +193,14 @@ module Fog
               'groups'     => [],
               'ipRanges'   => [{'cidrIp' => options['CidrIp']}]
             }
+          elsif options['CidrIpv6']
+            normalized_permissions << {
+              'ipProtocol' => options['IpProtocol'],
+              'fromPort'   => Integer(options['FromPort']),
+              'toPort'     => Integer(options['ToPort']),
+              'groups'     => [],
+              'ipv6Ranges' => [{'cidrIpv6' => options['CidrIpv6']}]
+            }
           elsif options['IpPermissions']
             options['IpPermissions'].each do |permission|

data/lib/fog/aws/requests/compute/describe_security_groups.rb CHANGED Viewed

@@ -27,6 +27,8 @@ module Fog
         #         * 'ipProtocol'<~String> - Ip protocol, must be in ['tcp', 'udp', 'icmp']
         #         * 'ipRanges'<~Array>:
         #           * 'cidrIp'<~String> - CIDR range
+        #         * 'ipv6Ranges'<~Array>:
+        #           * 'cidrIpv6'<~String> - CIDR ipv6 range
         #         * 'toPort'<~Integer> - End of port range (or -1 for ICMP wildcard)
         #       * 'ownerId'<~String> - AWS Access Key Id of the owner of the security group
         #     * 'NextToken'<~String> - The token to retrieve the next page of results

data/lib/fog/aws/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 module Fog
   module AWS
-    VERSION = "3.11.0"
+    VERSION = "3.12.0"
   end
 end

data/tests/credentials_tests.rb CHANGED Viewed

@@ -83,6 +83,7 @@ Shindo.tests('AWS | credentials', ['aws']) do
         aws_secret_access_key: 'dummysecret',
         aws_session_token: 'dummytoken',
         region: 'us-west-1',
+        sts_endpoint: "https://sts.amazonaws.com",
         aws_credentials_expire_at: expires_at
       ) { Fog::AWS::Compute.fetch_credentials(use_iam_profile: true) }
     end
@@ -95,10 +96,50 @@ Shindo.tests('AWS | credentials', ['aws']) do
         aws_secret_access_key: 'dummysecret',
         aws_session_token: 'dummytoken',
         region: 'us-west-1',
+        sts_endpoint: "https://sts.amazonaws.com",
+        aws_credentials_expire_at: expires_at
+      ) { Fog::AWS::Compute.fetch_credentials(use_iam_profile: true, region: 'us-west-1') }
+    end
+    ENV["AWS_STS_REGIONAL_ENDPOINTS"] = "regional"
+    tests('#fetch_credentials with no region specified') do
+      returns(
+        aws_access_key_id: 'dummykey',
+        aws_secret_access_key: 'dummysecret',
+        aws_session_token: 'dummytoken',
+        region: 'us-west-1',
+        sts_endpoint: "https://sts.amazonaws.com",
+        aws_credentials_expire_at: expires_at
+      ) { Fog::AWS::Compute.fetch_credentials(use_iam_profile: true) }
+    end
+    tests('#fetch_credentials with regional STS endpoint') do
+      returns(
+        aws_access_key_id: 'dummykey',
+        aws_secret_access_key: 'dummysecret',
+        aws_session_token: 'dummytoken',
+        region: 'us-west-1',
+        sts_endpoint: "https://sts.us-west-1.amazonaws.com",
+        aws_credentials_expire_at: expires_at
+      ) { Fog::AWS::Compute.fetch_credentials(use_iam_profile: true, region: 'us-west-1') }
+    end
+    ENV["AWS_DEFAULT_REGION"] = "us-west-1"
+    tests('#fetch_credentials with regional STS endpoint with region in env') do
+      returns(
+        aws_access_key_id: 'dummykey',
+        aws_secret_access_key: 'dummysecret',
+        aws_session_token: 'dummytoken',
+        region: 'us-west-1',
+        sts_endpoint: "https://sts.us-west-1.amazonaws.com",
         aws_credentials_expire_at: expires_at
       ) { Fog::AWS::Compute.fetch_credentials(use_iam_profile: true) }
     end
+    ENV["AWS_STS_REGIONAL_ENDPOINTS"] = nil
+    ENV["AWS_DEFAULT_REGION"] = nil
     ENV['AWS_WEB_IDENTITY_TOKEN_FILE'] = nil
     compute = Fog::AWS::Compute.new(use_iam_profile: true)

data/tests/requests/compute/security_group_tests.rb CHANGED Viewed

@@ -19,6 +19,7 @@ Shindo.tests('Fog::Compute[:aws] | security group requests', ['aws']) do
         'groups'      => [{ 'groupName' => Fog::Nullable::String, 'userId' => String, 'groupId' => String }],
         'ipProtocol'  => String,
         'ipRanges'    => [Fog::Nullable::Hash],
+        'ipv6Ranges'  => [Fog::Nullable::Hash],
         'toPort'      => Fog::Nullable::Integer,
       }],
       'ipPermissionsEgress' => [],
@@ -54,16 +55,19 @@ Shindo.tests('Fog::Compute[:aws] | security group requests', ['aws']) do
       {"groups"=>[{"groupName"=>"default", "userId"=>@owner_id, "groupId"=>@group_id_default}],
         "fromPort"=>1,
         "ipRanges"=>[],
+        "ipv6Ranges"=>[],
         "ipProtocol"=>"tcp",
         "toPort"=>65535},
       {"groups"=>[{"groupName"=>"default", "userId"=>@owner_id, "groupId"=>@group_id_default}],
         "fromPort"=>1,
         "ipRanges"=>[],
+        "ipv6Ranges"=>[],
         "ipProtocol"=>"udp",
         "toPort"=>65535},
       {"groups"=>[{"groupName"=>"default", "userId"=>@owner_id, "groupId"=>@group_id_default}],
         "fromPort"=>-1,
         "ipRanges"=>[],
+        "ipv6Ranges"=>[],
         "ipProtocol"=>"icmp",
         "toPort"=>-1}
     ]
@@ -88,6 +92,7 @@ Shindo.tests('Fog::Compute[:aws] | security group requests', ['aws']) do
         [{"userId"=>@owner_id, "groupName"=>"default", "groupId"=>@group_id_default},
           {"userId"=>@owner_id, "groupName"=>"fog_security_group_two", "groupId"=>@group_id_two}],
         "ipRanges"=>[],
+        "ipv6Ranges"=>[],
         "ipProtocol"=>"tcp",
         "fromPort"=>1,
         "toPort"=>65535},
@@ -95,6 +100,7 @@ Shindo.tests('Fog::Compute[:aws] | security group requests', ['aws']) do
         [{"userId"=>@owner_id, "groupName"=>"default", "groupId"=>@group_id_default},
           {"userId"=>@owner_id, "groupName"=>"fog_security_group_two", "groupId"=>@group_id_two}],
         "ipRanges"=>[],
+        "ipv6Ranges"=>[],
         "ipProtocol"=>"udp",
         "fromPort"=>1,
         "toPort"=>65535},
@@ -102,6 +108,7 @@ Shindo.tests('Fog::Compute[:aws] | security group requests', ['aws']) do
         [{"userId"=>@owner_id, "groupName"=>"default", "groupId"=>@group_id_default},
           {"userId"=>@owner_id, "groupName"=>"fog_security_group_two", "groupId"=>@group_id_two}],
         "ipRanges"=>[],
+        "ipv6Ranges"=>[],
         "ipProtocol"=>"icmp",
         "fromPort"=>-1,
         "toPort"=>-1}
@@ -133,6 +140,7 @@ Shindo.tests('Fog::Compute[:aws] | security group requests', ['aws']) do
     expected_permissions += [
       {"groups"=>[],
         "ipRanges"=>[{"cidrIp"=>"10.0.0.0/8"}],
+        "ipv6Ranges"=>[],
         "ipProtocol"=>"tcp",
         "fromPort"=>22,
         "toPort"=>22}
@@ -164,7 +172,8 @@ Shindo.tests('Fog::Compute[:aws] | security group requests', ['aws']) do
       'IpPermissions' => [
         {
           'IpProtocol' => 'tcp', 'FromPort' => '80', 'ToPort' => '80',
-          'IpRanges' => [{ 'CidrIp' => '192.168.0.0/24' }]
+          'IpRanges' => [{ 'CidrIp' => '192.168.0.0/24' }],
+          'Ipv6Ranges' => []
         }
       ]
     }
@@ -177,6 +186,7 @@ Shindo.tests('Fog::Compute[:aws] | security group requests', ['aws']) do
     expected_permissions += [
       {"groups"=>[],
         "ipRanges"=>[{"cidrIp"=>"192.168.0.0/24"}],
+        "ipv6Ranges"=>[],
         "ipProtocol"=>"tcp",
         "fromPort"=>80,
         "toPort"=>80}
@@ -204,6 +214,7 @@ Shindo.tests('Fog::Compute[:aws] | security group requests', ['aws']) do
     expected_permissions += [
       {"groups"=>[{"userId"=>@owner_id, "groupName"=>"fog_security_group_two", "groupId"=>@group_id_two}],
         "ipRanges"=>[],
+        "ipv6Ranges"=>[],
         "ipProtocol"=>"tcp",
         "fromPort"=>8000,
         "toPort"=>8000}

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: fog-aws
 version: !ruby/object:Gem::Version
-  version: 3.11.0
+  version: 3.12.0
 platform: ruby
 authors:
 - Josh Lane
@@ -9,7 +9,7 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2021-08-05 00:00:00.000000000 Z
+date: 2021-08-23 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler