fog-aws 3.11.0 → 3.12.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: db78eac28d74ef1522933e294d0528ecf4f99d072594629f6befeb75927f63e6
4
- data.tar.gz: 9496a31776f748834e82525bebf26a157208d7fec58f273d21508bc1c6d25062
3
+ metadata.gz: a9f2992e8c7fe7d8b4ae1bba5a16d00fe98d3c531cd473d4b3a1109d6a774e16
4
+ data.tar.gz: 781c1889a4c0cf5d0fd8b1aa0d5ebf0101ea577aa0412265dd14aff339aacae4
5
5
  SHA512:
6
- metadata.gz: 0a6c79d3d5598348a49a3c1bff6b4e89804900d851a9a6e1cd328f98e2877b6ff6a66fe1703e5276f46f434d39adc3ad8d00dcef6905308168f34993278c52a5
7
- data.tar.gz: d7a32f8b0df5f0f439662d8917e1eaf7ef5cc74433f48653162d74a6ae725d3fdf9a2bfe64e81f59abf8d3470c1cb44631476cd514d145249b99ca95d09615ad
6
+ metadata.gz: 2c81e87c69e6497df16ea76263e57ccd6457acf85378882745ebd2c58322bce9d93fe773dbf68c8b68bcfb5e3aab5231a534d98d38e8101958cc075e0651f8b5
7
+ data.tar.gz: cd5d6b7fef8eea60e58c7393bb0921fac17e78ad345ab87f199b34d2d20425500a9837a9eef9fcd12f374aa43d979a6cc1a0b6a554acd029517313794f3ab9ab
data/CHANGELOG.md CHANGED
@@ -2,7 +2,11 @@
2
2
 
3
3
  ## [Unreleased](https://github.com/fog/fog-aws/tree/HEAD)
4
4
 
5
- [Full Changelog](https://github.com/fog/fog-aws/compare/v3.10.0...HEAD)
5
+ [Full Changelog](https://github.com/fog/fog-aws/compare/v3.11.0...HEAD)
6
+
7
+ ## [v3.11.0](https://github.com/fog/fog-aws/tree/v3.11.0) (2021-08-05)
8
+
9
+ [Full Changelog](https://github.com/fog/fog-aws/compare/v3.10.0...v3.11.0)
6
10
 
7
11
  **Closed issues:**
8
12
 
@@ -233,21 +233,24 @@ module Fog
233
233
  'fromPort' => -1,
234
234
  'toPort' => -1,
235
235
  'ipProtocol' => 'icmp',
236
- 'ipRanges' => []
236
+ 'ipRanges' => [],
237
+ 'ipv6Ranges' => []
237
238
  },
238
239
  {
239
240
  'groups' => [{'groupName' => 'default', 'userId' => owner_id, 'groupId' => security_group_id}],
240
241
  'fromPort' => 0,
241
242
  'toPort' => 65535,
242
243
  'ipProtocol' => 'tcp',
243
- 'ipRanges' => []
244
+ 'ipRanges' => [],
245
+ 'ipv6Ranges' => []
244
246
  },
245
247
  {
246
248
  'groups' => [{'groupName' => 'default', 'userId' => owner_id, 'groupId' => security_group_id}],
247
249
  'fromPort' => 0,
248
250
  'toPort' => 65535,
249
251
  'ipProtocol' => 'udp',
250
- 'ipRanges' => []
252
+ 'ipRanges' => [],
253
+ 'ipv6Ranges' => []
251
254
  }
252
255
  ],
253
256
  'ownerId' => owner_id
@@ -13,8 +13,6 @@ module Fog
13
13
 
14
14
  CONTAINER_CREDENTIALS_HOST = "http://169.254.170.2"
15
15
 
16
- STS_GLOBAL_ENDPOINT = "https://sts.amazonaws.com"
17
-
18
16
  module ServiceMethods
19
17
  def fetch_credentials(options)
20
18
  if options[:use_iam_profile] && Fog.mocking?
@@ -23,7 +21,7 @@ module Fog
23
21
  if options[:use_iam_profile]
24
22
  begin
25
23
  role_data = nil
26
- region = options[:region]
24
+ region = options[:region] || ENV["AWS_DEFAULT_REGION"]
27
25
 
28
26
  if ENV["AWS_CONTAINER_CREDENTIALS_RELATIVE_URI"]
29
27
  connection = options[:connection] || Excon.new(CONTAINER_CREDENTIALS_HOST)
@@ -44,7 +42,15 @@ module Fog
44
42
  :WebIdentityToken => File.read(options[:aws_web_identity_token_file] || ENV.fetch("AWS_WEB_IDENTITY_TOKEN_FILE")),
45
43
  :Version => "2011-06-15",
46
44
  }
47
- connection = options[:connection] || Excon.new(STS_GLOBAL_ENDPOINT, :query => params)
45
+
46
+ sts_endpoint =
47
+ if ENV["AWS_STS_REGIONAL_ENDPOINTS"] == "regional" && region
48
+ "https://sts.#{region}.amazonaws.com"
49
+ else
50
+ "https://sts.amazonaws.com"
51
+ end
52
+
53
+ connection = options[:connection] || Excon.new(sts_endpoint, :query => params)
48
54
  document = Nokogiri::XML(connection.get(:idempotent => true, :expects => 200).body)
49
55
 
50
56
  session = {
@@ -65,18 +71,19 @@ module Fog
65
71
  role_name = connection.get(:path => INSTANCE_METADATA_PATH, :idempotent => true, :expects => 200, :headers => token_header).body
66
72
  role_data = connection.get(:path => INSTANCE_METADATA_PATH+role_name, :idempotent => true, :expects => 200, :headers => token_header).body
67
73
  session = Fog::JSON.decode(role_data)
68
-
74
+
69
75
  region ||= connection.get(:path => INSTANCE_METADATA_AZ, :idempotent => true, :expects => 200, :headers => token_header).body[0..-2]
70
76
  end
71
-
77
+
72
78
  credentials = {}
73
79
  credentials[:aws_access_key_id] = session['AccessKeyId']
74
80
  credentials[:aws_secret_access_key] = session['SecretAccessKey']
75
81
  credentials[:aws_session_token] = session['Token']
76
82
  credentials[:aws_credentials_expire_at] = Time.xmlschema session['Expiration']
77
-
83
+
78
84
  # set region by default to the one the instance is in.
79
85
  credentials[:region] = region
86
+ credentials[:sts_endpoint] = sts_endpoint if sts_endpoint
80
87
  #these indicate the metadata service is unavailable or has no profile setup
81
88
  credentials
82
89
  rescue Excon::Error => e
@@ -62,7 +62,8 @@ module Fog
62
62
  # options::
63
63
  # A hash that can contain any of the following keys:
64
64
  # :cidr_ip (defaults to "0.0.0.0/0")
65
- # :group - ("account:group_name" or "account:group_id"), cannot be used with :cidr_ip
65
+ # :cidr_ipv6 cannot be used with :cidr_ip
66
+ # :group - ("account:group_name" or "account:group_id"), cannot be used with :cidr_ip or :cidr_ipv6
66
67
  # :ip_protocol (defaults to "tcp")
67
68
  #
68
69
  # == Returns:
@@ -178,7 +179,8 @@ module Fog
178
179
  # options::
179
180
  # A hash that can contain any of the following keys:
180
181
  # :cidr_ip (defaults to "0.0.0.0/0")
181
- # :group - ("account:group_name" or "account:group_id"), cannot be used with :cidr_ip
182
+ # :cidr_ipv6 cannot be used with :cidr_ip
183
+ # :group - ("account:group_name" or "account:group_id"), cannot be used with :cidr_ip or :cidr_ipv6
182
184
  # :ip_protocol (defaults to "tcp")
183
185
  #
184
186
  # == Returns:
@@ -327,9 +329,15 @@ module Fog
327
329
  }
328
330
 
329
331
  if options[:group].nil?
330
- ip_permission['IpRanges'] = [
331
- { 'CidrIp' => options[:cidr_ip] || '0.0.0.0/0' }
332
- ]
332
+ if options[:cidr_ipv6].nil?
333
+ ip_permission['IpRanges'] = [
334
+ { 'CidrIp' => options[:cidr_ip] || '0.0.0.0/0' }
335
+ ]
336
+ else
337
+ ip_permission['Ipv6Ranges'] = [
338
+ { 'CidrIpv6' => options[:cidr_ipv6] }
339
+ ]
340
+ end
333
341
  else
334
342
  ip_permission['Groups'] = [
335
343
  group_info(options[:group])
@@ -5,9 +5,10 @@ module Fog
5
5
  class DescribeSecurityGroups < Fog::Parsers::Base
6
6
  def reset
7
7
  @group = {}
8
- @ip_permission = { 'groups' => [], 'ipRanges' => []}
9
- @ip_permission_egress = { 'groups' => [], 'ipRanges' => []}
8
+ @ip_permission = { 'groups' => [], 'ipRanges' => [], 'ipv6Ranges' => []}
9
+ @ip_permission_egress = { 'groups' => [], 'ipRanges' => [], 'ipv6Ranges' => []}
10
10
  @ip_range = {}
11
+ @ipv6_range = {}
11
12
  @security_group = { 'ipPermissions' => [], 'ipPermissionsEgress' => [], 'tagSet' => {} }
12
13
  @response = { 'securityGroupInfo' => [] }
13
14
  @tag = {}
@@ -24,6 +25,8 @@ module Fog
24
25
  @in_ip_permissions_egress = true
25
26
  when 'ipRanges'
26
27
  @in_ip_ranges = true
28
+ when 'ipv6Ranges'
29
+ @in_ipv6_ranges = true
27
30
  when 'tagSet'
28
31
  @in_tag_set = true
29
32
  end
@@ -44,6 +47,8 @@ module Fog
44
47
  case name
45
48
  when 'cidrIp'
46
49
  @ip_range[name] = value
50
+ when 'cidrIpv6'
51
+ @ipv6_range[name] = value
47
52
  when 'fromPort', 'toPort'
48
53
  if @in_ip_permissions_egress
49
54
  @ip_permission_egress[name] = value.to_i
@@ -72,6 +77,8 @@ module Fog
72
77
  end
73
78
  when 'ipRanges'
74
79
  @in_ip_ranges = false
80
+ when 'ipv6Ranges'
81
+ @in_ipv6_ranges = false
75
82
  when 'item'
76
83
  if @in_groups
77
84
  if @in_ip_permissions_egress
@@ -87,12 +94,19 @@ module Fog
87
94
  @ip_permission['ipRanges'] << @ip_range
88
95
  end
89
96
  @ip_range = {}
97
+ elsif @in_ipv6_ranges
98
+ if @in_ip_permissions_egress
99
+ @ip_permission_egress['ipv6Ranges'] << @ipv6_range
100
+ else
101
+ @ip_permission['ipv6Ranges'] << @ipv6_range
102
+ end
103
+ @ipv6_range = {}
90
104
  elsif @in_ip_permissions
91
105
  @security_group['ipPermissions'] << @ip_permission
92
- @ip_permission = { 'groups' => [], 'ipRanges' => []}
106
+ @ip_permission = { 'groups' => [], 'ipRanges' => [], 'ipv6Ranges' => []}
93
107
  elsif @in_ip_permissions_egress
94
108
  @security_group['ipPermissionsEgress'] << @ip_permission_egress
95
- @ip_permission_egress = { 'groups' => [], 'ipRanges' => []}
109
+ @ip_permission_egress = { 'groups' => [], 'ipRanges' => [], 'ipv6Ranges' => []}
96
110
  else
97
111
  @response['securityGroupInfo'] << @security_group
98
112
  @security_group = { 'ipPermissions' => [], 'ipPermissionsEgress' => [], 'tagSet' => {} }
@@ -30,6 +30,9 @@ module Fog
30
30
  # * 'IpRanges'<~Array>:
31
31
  # * ip_range<~Hash>:
32
32
  # * 'CidrIp'<~String> - CIDR range
33
+ # * 'Ipv6Ranges'<~Array>:
34
+ # * ip_range<~Hash>:
35
+ # * 'CidrIpv6'<~String> - CIDR range
33
36
  # * 'ToPort'<~Integer> - End of port range (or -1 for ICMP wildcard)
34
37
  #
35
38
  # === Returns
@@ -72,6 +75,10 @@ module Fog
72
75
  range_index += 1
73
76
  params[format('IpPermissions.%d.IpRanges.%d.CidrIp', key_index, range_index)] = ip_range['CidrIp']
74
77
  end
78
+ (permission['Ipv6Ranges'] || []).each_with_index do |ip_range, range_index|
79
+ range_index += 1
80
+ params[format('IpPermissions.%d.Ipv6Ranges.%d.CidrIpv6', key_index, range_index)] = ip_range['CidrIpv6']
81
+ end
75
82
  end
76
83
  params.reject {|k, v| v.nil? }
77
84
  end
@@ -186,6 +193,14 @@ module Fog
186
193
  'groups' => [],
187
194
  'ipRanges' => [{'cidrIp' => options['CidrIp']}]
188
195
  }
196
+ elsif options['CidrIpv6']
197
+ normalized_permissions << {
198
+ 'ipProtocol' => options['IpProtocol'],
199
+ 'fromPort' => Integer(options['FromPort']),
200
+ 'toPort' => Integer(options['ToPort']),
201
+ 'groups' => [],
202
+ 'ipv6Ranges' => [{'cidrIpv6' => options['CidrIpv6']}]
203
+ }
189
204
  elsif options['IpPermissions']
190
205
  options['IpPermissions'].each do |permission|
191
206
 
@@ -27,6 +27,8 @@ module Fog
27
27
  # * 'ipProtocol'<~String> - Ip protocol, must be in ['tcp', 'udp', 'icmp']
28
28
  # * 'ipRanges'<~Array>:
29
29
  # * 'cidrIp'<~String> - CIDR range
30
+ # * 'ipv6Ranges'<~Array>:
31
+ # * 'cidrIpv6'<~String> - CIDR ipv6 range
30
32
  # * 'toPort'<~Integer> - End of port range (or -1 for ICMP wildcard)
31
33
  # * 'ownerId'<~String> - AWS Access Key Id of the owner of the security group
32
34
  # * 'NextToken'<~String> - The token to retrieve the next page of results
@@ -1,5 +1,5 @@
1
1
  module Fog
2
2
  module AWS
3
- VERSION = "3.11.0"
3
+ VERSION = "3.12.0"
4
4
  end
5
5
  end
@@ -83,6 +83,7 @@ Shindo.tests('AWS | credentials', ['aws']) do
83
83
  aws_secret_access_key: 'dummysecret',
84
84
  aws_session_token: 'dummytoken',
85
85
  region: 'us-west-1',
86
+ sts_endpoint: "https://sts.amazonaws.com",
86
87
  aws_credentials_expire_at: expires_at
87
88
  ) { Fog::AWS::Compute.fetch_credentials(use_iam_profile: true) }
88
89
  end
@@ -95,10 +96,50 @@ Shindo.tests('AWS | credentials', ['aws']) do
95
96
  aws_secret_access_key: 'dummysecret',
96
97
  aws_session_token: 'dummytoken',
97
98
  region: 'us-west-1',
99
+ sts_endpoint: "https://sts.amazonaws.com",
100
+ aws_credentials_expire_at: expires_at
101
+ ) { Fog::AWS::Compute.fetch_credentials(use_iam_profile: true, region: 'us-west-1') }
102
+ end
103
+
104
+ ENV["AWS_STS_REGIONAL_ENDPOINTS"] = "regional"
105
+
106
+ tests('#fetch_credentials with no region specified') do
107
+ returns(
108
+ aws_access_key_id: 'dummykey',
109
+ aws_secret_access_key: 'dummysecret',
110
+ aws_session_token: 'dummytoken',
111
+ region: 'us-west-1',
112
+ sts_endpoint: "https://sts.amazonaws.com",
113
+ aws_credentials_expire_at: expires_at
114
+ ) { Fog::AWS::Compute.fetch_credentials(use_iam_profile: true) }
115
+ end
116
+
117
+ tests('#fetch_credentials with regional STS endpoint') do
118
+ returns(
119
+ aws_access_key_id: 'dummykey',
120
+ aws_secret_access_key: 'dummysecret',
121
+ aws_session_token: 'dummytoken',
122
+ region: 'us-west-1',
123
+ sts_endpoint: "https://sts.us-west-1.amazonaws.com",
124
+ aws_credentials_expire_at: expires_at
125
+ ) { Fog::AWS::Compute.fetch_credentials(use_iam_profile: true, region: 'us-west-1') }
126
+ end
127
+
128
+ ENV["AWS_DEFAULT_REGION"] = "us-west-1"
129
+
130
+ tests('#fetch_credentials with regional STS endpoint with region in env') do
131
+ returns(
132
+ aws_access_key_id: 'dummykey',
133
+ aws_secret_access_key: 'dummysecret',
134
+ aws_session_token: 'dummytoken',
135
+ region: 'us-west-1',
136
+ sts_endpoint: "https://sts.us-west-1.amazonaws.com",
98
137
  aws_credentials_expire_at: expires_at
99
138
  ) { Fog::AWS::Compute.fetch_credentials(use_iam_profile: true) }
100
139
  end
101
140
 
141
+ ENV["AWS_STS_REGIONAL_ENDPOINTS"] = nil
142
+ ENV["AWS_DEFAULT_REGION"] = nil
102
143
  ENV['AWS_WEB_IDENTITY_TOKEN_FILE'] = nil
103
144
 
104
145
  compute = Fog::AWS::Compute.new(use_iam_profile: true)
@@ -19,6 +19,7 @@ Shindo.tests('Fog::Compute[:aws] | security group requests', ['aws']) do
19
19
  'groups' => [{ 'groupName' => Fog::Nullable::String, 'userId' => String, 'groupId' => String }],
20
20
  'ipProtocol' => String,
21
21
  'ipRanges' => [Fog::Nullable::Hash],
22
+ 'ipv6Ranges' => [Fog::Nullable::Hash],
22
23
  'toPort' => Fog::Nullable::Integer,
23
24
  }],
24
25
  'ipPermissionsEgress' => [],
@@ -54,16 +55,19 @@ Shindo.tests('Fog::Compute[:aws] | security group requests', ['aws']) do
54
55
  {"groups"=>[{"groupName"=>"default", "userId"=>@owner_id, "groupId"=>@group_id_default}],
55
56
  "fromPort"=>1,
56
57
  "ipRanges"=>[],
58
+ "ipv6Ranges"=>[],
57
59
  "ipProtocol"=>"tcp",
58
60
  "toPort"=>65535},
59
61
  {"groups"=>[{"groupName"=>"default", "userId"=>@owner_id, "groupId"=>@group_id_default}],
60
62
  "fromPort"=>1,
61
63
  "ipRanges"=>[],
64
+ "ipv6Ranges"=>[],
62
65
  "ipProtocol"=>"udp",
63
66
  "toPort"=>65535},
64
67
  {"groups"=>[{"groupName"=>"default", "userId"=>@owner_id, "groupId"=>@group_id_default}],
65
68
  "fromPort"=>-1,
66
69
  "ipRanges"=>[],
70
+ "ipv6Ranges"=>[],
67
71
  "ipProtocol"=>"icmp",
68
72
  "toPort"=>-1}
69
73
  ]
@@ -88,6 +92,7 @@ Shindo.tests('Fog::Compute[:aws] | security group requests', ['aws']) do
88
92
  [{"userId"=>@owner_id, "groupName"=>"default", "groupId"=>@group_id_default},
89
93
  {"userId"=>@owner_id, "groupName"=>"fog_security_group_two", "groupId"=>@group_id_two}],
90
94
  "ipRanges"=>[],
95
+ "ipv6Ranges"=>[],
91
96
  "ipProtocol"=>"tcp",
92
97
  "fromPort"=>1,
93
98
  "toPort"=>65535},
@@ -95,6 +100,7 @@ Shindo.tests('Fog::Compute[:aws] | security group requests', ['aws']) do
95
100
  [{"userId"=>@owner_id, "groupName"=>"default", "groupId"=>@group_id_default},
96
101
  {"userId"=>@owner_id, "groupName"=>"fog_security_group_two", "groupId"=>@group_id_two}],
97
102
  "ipRanges"=>[],
103
+ "ipv6Ranges"=>[],
98
104
  "ipProtocol"=>"udp",
99
105
  "fromPort"=>1,
100
106
  "toPort"=>65535},
@@ -102,6 +108,7 @@ Shindo.tests('Fog::Compute[:aws] | security group requests', ['aws']) do
102
108
  [{"userId"=>@owner_id, "groupName"=>"default", "groupId"=>@group_id_default},
103
109
  {"userId"=>@owner_id, "groupName"=>"fog_security_group_two", "groupId"=>@group_id_two}],
104
110
  "ipRanges"=>[],
111
+ "ipv6Ranges"=>[],
105
112
  "ipProtocol"=>"icmp",
106
113
  "fromPort"=>-1,
107
114
  "toPort"=>-1}
@@ -133,6 +140,7 @@ Shindo.tests('Fog::Compute[:aws] | security group requests', ['aws']) do
133
140
  expected_permissions += [
134
141
  {"groups"=>[],
135
142
  "ipRanges"=>[{"cidrIp"=>"10.0.0.0/8"}],
143
+ "ipv6Ranges"=>[],
136
144
  "ipProtocol"=>"tcp",
137
145
  "fromPort"=>22,
138
146
  "toPort"=>22}
@@ -164,7 +172,8 @@ Shindo.tests('Fog::Compute[:aws] | security group requests', ['aws']) do
164
172
  'IpPermissions' => [
165
173
  {
166
174
  'IpProtocol' => 'tcp', 'FromPort' => '80', 'ToPort' => '80',
167
- 'IpRanges' => [{ 'CidrIp' => '192.168.0.0/24' }]
175
+ 'IpRanges' => [{ 'CidrIp' => '192.168.0.0/24' }],
176
+ 'Ipv6Ranges' => []
168
177
  }
169
178
  ]
170
179
  }
@@ -177,6 +186,7 @@ Shindo.tests('Fog::Compute[:aws] | security group requests', ['aws']) do
177
186
  expected_permissions += [
178
187
  {"groups"=>[],
179
188
  "ipRanges"=>[{"cidrIp"=>"192.168.0.0/24"}],
189
+ "ipv6Ranges"=>[],
180
190
  "ipProtocol"=>"tcp",
181
191
  "fromPort"=>80,
182
192
  "toPort"=>80}
@@ -204,6 +214,7 @@ Shindo.tests('Fog::Compute[:aws] | security group requests', ['aws']) do
204
214
  expected_permissions += [
205
215
  {"groups"=>[{"userId"=>@owner_id, "groupName"=>"fog_security_group_two", "groupId"=>@group_id_two}],
206
216
  "ipRanges"=>[],
217
+ "ipv6Ranges"=>[],
207
218
  "ipProtocol"=>"tcp",
208
219
  "fromPort"=>8000,
209
220
  "toPort"=>8000}
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: fog-aws
3
3
  version: !ruby/object:Gem::Version
4
- version: 3.11.0
4
+ version: 3.12.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Josh Lane
@@ -9,7 +9,7 @@ authors:
9
9
  autorequire:
10
10
  bindir: bin
11
11
  cert_chain: []
12
- date: 2021-08-05 00:00:00.000000000 Z
12
+ date: 2021-08-23 00:00:00.000000000 Z
13
13
  dependencies:
14
14
  - !ruby/object:Gem::Dependency
15
15
  name: bundler