RubyGems - fog-aws - Versions diffs - 3.11.0 → 3.12.0 - Mend

fog-aws 3.11.0 → 3.12.0

Files changed (12) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +5 -1
data/lib/fog/aws/compute.rb +6 -3
data/lib/fog/aws/credential_fetcher.rb +14 -7
data/lib/fog/aws/models/compute/security_group.rb +13 -5
data/lib/fog/aws/parsers/compute/describe_security_groups.rb +18 -4
data/lib/fog/aws/requests/compute/authorize_security_group_ingress.rb +15 -0
data/lib/fog/aws/requests/compute/describe_security_groups.rb +2 -0
data/lib/fog/aws/version.rb +1 -1
data/tests/credentials_tests.rb +41 -0
data/tests/requests/compute/security_group_tests.rb +12 -1
metadata +2 -2

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: db78eac28d74ef1522933e294d0528ecf4f99d072594629f6befeb75927f63e6
-  data.tar.gz: 9496a31776f748834e82525bebf26a157208d7fec58f273d21508bc1c6d25062
+  metadata.gz: a9f2992e8c7fe7d8b4ae1bba5a16d00fe98d3c531cd473d4b3a1109d6a774e16
+  data.tar.gz: 781c1889a4c0cf5d0fd8b1aa0d5ebf0101ea577aa0412265dd14aff339aacae4
 SHA512:
-  metadata.gz: 0a6c79d3d5598348a49a3c1bff6b4e89804900d851a9a6e1cd328f98e2877b6ff6a66fe1703e5276f46f434d39adc3ad8d00dcef6905308168f34993278c52a5
-  data.tar.gz: d7a32f8b0df5f0f439662d8917e1eaf7ef5cc74433f48653162d74a6ae725d3fdf9a2bfe64e81f59abf8d3470c1cb44631476cd514d145249b99ca95d09615ad
+  metadata.gz: 2c81e87c69e6497df16ea76263e57ccd6457acf85378882745ebd2c58322bce9d93fe773dbf68c8b68bcfb5e3aab5231a534d98d38e8101958cc075e0651f8b5
+  data.tar.gz: cd5d6b7fef8eea60e58c7393bb0921fac17e78ad345ab87f199b34d2d20425500a9837a9eef9fcd12f374aa43d979a6cc1a0b6a554acd029517313794f3ab9ab

data/CHANGELOG.md CHANGED Viewed

@@ -2,7 +2,11 @@
 ## [Unreleased](https://github.com/fog/fog-aws/tree/HEAD)
-[Full Changelog](https://github.com/fog/fog-aws/compare/v3.10.0...HEAD)
+[Full Changelog](https://github.com/fog/fog-aws/compare/v3.11.0...HEAD)
+## [v3.11.0](https://github.com/fog/fog-aws/tree/v3.11.0) (2021-08-05)
+[Full Changelog](https://github.com/fog/fog-aws/compare/v3.10.0...v3.11.0)
 **Closed issues:**

data/lib/fog/aws/compute.rb CHANGED Viewed

@@ -233,21 +233,24 @@ module Fog
                         'fromPort'    => -1,
                         'toPort'      => -1,
                         'ipProtocol'  => 'icmp',
-                        'ipRanges'    => []
+                        'ipRanges'    => [],
+                        'ipv6Ranges'  => []
                       },
                       {
                         'groups'      => [{'groupName' => 'default', 'userId' => owner_id, 'groupId' => security_group_id}],
                         'fromPort'    => 0,
                         'toPort'      => 65535,
                         'ipProtocol'  => 'tcp',
-                        'ipRanges'    => []
+                        'ipRanges'    => [],
+                        'ipv6Ranges'  => []
                       },
                       {
                         'groups'      => [{'groupName' => 'default', 'userId' => owner_id, 'groupId' => security_group_id}],
                         'fromPort'    => 0,
                         'toPort'      => 65535,
                         'ipProtocol'  => 'udp',
-                        'ipRanges'    => []
+                        'ipRanges'    => [],
+                        'ipv6Ranges'  => []
                       }
                     ],
                     'ownerId'             => owner_id

data/lib/fog/aws/credential_fetcher.rb CHANGED Viewed

@@ -13,8 +13,6 @@ module Fog
       CONTAINER_CREDENTIALS_HOST = "http://169.254.170.2"
-      STS_GLOBAL_ENDPOINT = "https://sts.amazonaws.com"
       module ServiceMethods
         def fetch_credentials(options)
           if options[:use_iam_profile] && Fog.mocking?
@@ -23,7 +21,7 @@ module Fog
           if options[:use_iam_profile]
             begin
               role_data = nil
-              region = options[:region]
+              region = options[:region] || ENV["AWS_DEFAULT_REGION"]
               if ENV["AWS_CONTAINER_CREDENTIALS_RELATIVE_URI"]
                 connection = options[:connection] || Excon.new(CONTAINER_CREDENTIALS_HOST)
@@ -44,7 +42,15 @@ module Fog
                   :WebIdentityToken => File.read(options[:aws_web_identity_token_file] || ENV.fetch("AWS_WEB_IDENTITY_TOKEN_FILE")),
                   :Version => "2011-06-15",
                 }
-                connection = options[:connection] || Excon.new(STS_GLOBAL_ENDPOINT, :query => params)
+                sts_endpoint =
+                  if ENV["AWS_STS_REGIONAL_ENDPOINTS"] == "regional" && region
+                    "https://sts.#{region}.amazonaws.com"
+                  else
+                    "https://sts.amazonaws.com"
+                  end
+                connection = options[:connection] || Excon.new(sts_endpoint, :query => params)
                 document = Nokogiri::XML(connection.get(:idempotent => true, :expects => 200).body)
                 session = {
@@ -65,18 +71,19 @@ module Fog
                 role_name = connection.get(:path => INSTANCE_METADATA_PATH, :idempotent => true, :expects => 200, :headers => token_header).body
                 role_data = connection.get(:path => INSTANCE_METADATA_PATH+role_name, :idempotent => true, :expects => 200, :headers => token_header).body
                 session = Fog::JSON.decode(role_data)
                 region ||= connection.get(:path => INSTANCE_METADATA_AZ, :idempotent => true, :expects => 200, :headers => token_header).body[0..-2]
               end
               credentials = {}
               credentials[:aws_access_key_id] = session['AccessKeyId']
               credentials[:aws_secret_access_key] = session['SecretAccessKey']
               credentials[:aws_session_token] = session['Token']
               credentials[:aws_credentials_expire_at] = Time.xmlschema session['Expiration']
               # set region by default to the one the instance is in.
               credentials[:region] = region
+              credentials[:sts_endpoint] = sts_endpoint if sts_endpoint
               #these indicate the metadata service is unavailable or has no profile setup
               credentials
             rescue Excon::Error => e

data/lib/fog/aws/models/compute/security_group.rb CHANGED Viewed

@@ -62,7 +62,8 @@ module Fog
         # options::
         #   A hash that can contain any of the following keys:
         #    :cidr_ip (defaults to "0.0.0.0/0")
-        #    :group - ("account:group_name" or "account:group_id"), cannot be used with :cidr_ip
+        #    :cidr_ipv6 cannot be used with :cidr_ip
+        #    :group - ("account:group_name" or "account:group_id"), cannot be used with :cidr_ip or :cidr_ipv6
         #    :ip_protocol (defaults to "tcp")
         #
         # == Returns:
@@ -178,7 +179,8 @@ module Fog
         # options::
         #   A hash that can contain any of the following keys:
         #    :cidr_ip (defaults to "0.0.0.0/0")
-        #    :group - ("account:group_name" or "account:group_id"), cannot be used with :cidr_ip
+        #    :cidr_ipv6 cannot be used with :cidr_ip
+        #    :group - ("account:group_name" or "account:group_id"), cannot be used with :cidr_ip or :cidr_ipv6
         #    :ip_protocol (defaults to "tcp")
         #
         # == Returns:
@@ -327,9 +329,15 @@ module Fog
           }
           if options[:group].nil?
-            ip_permission['IpRanges'] = [
-              { 'CidrIp' => options[:cidr_ip] || '0.0.0.0/0' }
-            ]
+            if options[:cidr_ipv6].nil?
+              ip_permission['IpRanges'] = [
+                { 'CidrIp' => options[:cidr_ip] || '0.0.0.0/0' }
+              ]
+            else
+              ip_permission['Ipv6Ranges'] = [
+                { 'CidrIpv6' => options[:cidr_ipv6] }
+              ]
+            end
           else
             ip_permission['Groups'] = [
               group_info(options[:group])

data/lib/fog/aws/parsers/compute/describe_security_groups.rb CHANGED Viewed

@@ -5,9 +5,10 @@ module Fog
         class DescribeSecurityGroups < Fog::Parsers::Base
           def reset
             @group = {}
-            @ip_permission = { 'groups' => [], 'ipRanges' => []}
-            @ip_permission_egress = { 'groups' => [], 'ipRanges' => []}
+            @ip_permission = { 'groups' => [], 'ipRanges' => [], 'ipv6Ranges' => []}
+            @ip_permission_egress = { 'groups' => [], 'ipRanges' => [], 'ipv6Ranges' => []}
             @ip_range = {}
+            @ipv6_range = {}
             @security_group = { 'ipPermissions' => [], 'ipPermissionsEgress' => [], 'tagSet' => {} }
             @response = { 'securityGroupInfo' => [] }
             @tag = {}
@@ -24,6 +25,8 @@ module Fog
               @in_ip_permissions_egress = true
             when 'ipRanges'
               @in_ip_ranges = true
+            when 'ipv6Ranges'
+              @in_ipv6_ranges = true
             when 'tagSet'
               @in_tag_set = true
             end
@@ -44,6 +47,8 @@ module Fog
               case name
               when 'cidrIp'
                 @ip_range[name] = value
+              when 'cidrIpv6'
+                @ipv6_range[name] = value
               when 'fromPort', 'toPort'
                 if @in_ip_permissions_egress
                   @ip_permission_egress[name] = value.to_i
@@ -72,6 +77,8 @@ module Fog
                 end
               when 'ipRanges'
                 @in_ip_ranges = false
+              when 'ipv6Ranges'
+                @in_ipv6_ranges = false
               when 'item'
                 if @in_groups
                   if @in_ip_permissions_egress
@@ -87,12 +94,19 @@ module Fog
                     @ip_permission['ipRanges'] << @ip_range
                   end
                   @ip_range = {}
+                elsif @in_ipv6_ranges
+                  if @in_ip_permissions_egress
+                    @ip_permission_egress['ipv6Ranges'] << @ipv6_range
+                  else
+                    @ip_permission['ipv6Ranges'] << @ipv6_range
+                  end
+                  @ipv6_range = {}
                 elsif @in_ip_permissions
                   @security_group['ipPermissions'] << @ip_permission
-                  @ip_permission = { 'groups' => [], 'ipRanges' => []}
+                  @ip_permission = { 'groups' => [], 'ipRanges' => [], 'ipv6Ranges' => []}
                 elsif @in_ip_permissions_egress
                   @security_group['ipPermissionsEgress'] << @ip_permission_egress
-                  @ip_permission_egress = { 'groups' => [], 'ipRanges' => []}
+                  @ip_permission_egress = { 'groups' => [], 'ipRanges' => [], 'ipv6Ranges' => []}
                 else
                   @response['securityGroupInfo'] << @security_group
                   @security_group = { 'ipPermissions' => [], 'ipPermissionsEgress' => [], 'tagSet' => {} }

data/lib/fog/aws/requests/compute/authorize_security_group_ingress.rb CHANGED Viewed

@@ -30,6 +30,9 @@ module Fog
         #       * 'IpRanges'<~Array>:
         #         * ip_range<~Hash>:
         #           * 'CidrIp'<~String> - CIDR range
+        #       * 'Ipv6Ranges'<~Array>:
+        #         * ip_range<~Hash>:
+        #           * 'CidrIpv6'<~String> - CIDR range
         #       * 'ToPort'<~Integer> - End of port range (or -1 for ICMP wildcard)
         #
         # === Returns
@@ -72,6 +75,10 @@ module Fog
               range_index += 1
               params[format('IpPermissions.%d.IpRanges.%d.CidrIp', key_index, range_index)] = ip_range['CidrIp']
             end
+            (permission['Ipv6Ranges'] || []).each_with_index do |ip_range, range_index|
+              range_index += 1
+              params[format('IpPermissions.%d.Ipv6Ranges.%d.CidrIpv6', key_index, range_index)] = ip_range['CidrIpv6']
+            end
           end
           params.reject {|k, v| v.nil? }
         end
@@ -186,6 +193,14 @@ module Fog
               'groups'     => [],
               'ipRanges'   => [{'cidrIp' => options['CidrIp']}]
             }
+          elsif options['CidrIpv6']
+            normalized_permissions << {
+              'ipProtocol' => options['IpProtocol'],
+              'fromPort'   => Integer(options['FromPort']),
+              'toPort'     => Integer(options['ToPort']),
+              'groups'     => [],
+              'ipv6Ranges' => [{'cidrIpv6' => options['CidrIpv6']}]
+            }
           elsif options['IpPermissions']
             options['IpPermissions'].each do |permission|

data/lib/fog/aws/requests/compute/describe_security_groups.rb CHANGED Viewed

@@ -27,6 +27,8 @@ module Fog
         #         * 'ipProtocol'<~String> - Ip protocol, must be in ['tcp', 'udp', 'icmp']
         #         * 'ipRanges'<~Array>:
         #           * 'cidrIp'<~String> - CIDR range
+        #         * 'ipv6Ranges'<~Array>:
+        #           * 'cidrIpv6'<~String> - CIDR ipv6 range
         #         * 'toPort'<~Integer> - End of port range (or -1 for ICMP wildcard)
         #       * 'ownerId'<~String> - AWS Access Key Id of the owner of the security group
         #     * 'NextToken'<~String> - The token to retrieve the next page of results

data/lib/fog/aws/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 module Fog
   module AWS
-    VERSION = "3.11.0"
+    VERSION = "3.12.0"
   end
 end

data/tests/credentials_tests.rb CHANGED Viewed

@@ -83,6 +83,7 @@ Shindo.tests('AWS | credentials', ['aws']) do
         aws_secret_access_key: 'dummysecret',
         aws_session_token: 'dummytoken',
         region: 'us-west-1',
+        sts_endpoint: "https://sts.amazonaws.com",
         aws_credentials_expire_at: expires_at
       ) { Fog::AWS::Compute.fetch_credentials(use_iam_profile: true) }
     end
@@ -95,10 +96,50 @@ Shindo.tests('AWS | credentials', ['aws']) do
         aws_secret_access_key: 'dummysecret',
         aws_session_token: 'dummytoken',
         region: 'us-west-1',
+        sts_endpoint: "https://sts.amazonaws.com",
+        aws_credentials_expire_at: expires_at
+      ) { Fog::AWS::Compute.fetch_credentials(use_iam_profile: true, region: 'us-west-1') }
+    end
+    ENV["AWS_STS_REGIONAL_ENDPOINTS"] = "regional"
+    tests('#fetch_credentials with no region specified') do
+      returns(
+        aws_access_key_id: 'dummykey',
+        aws_secret_access_key: 'dummysecret',
+        aws_session_token: 'dummytoken',
+        region: 'us-west-1',
+        sts_endpoint: "https://sts.amazonaws.com",
+        aws_credentials_expire_at: expires_at
+      ) { Fog::AWS::Compute.fetch_credentials(use_iam_profile: true) }
+    end
+    tests('#fetch_credentials with regional STS endpoint') do
+      returns(
+        aws_access_key_id: 'dummykey',
+        aws_secret_access_key: 'dummysecret',
+        aws_session_token: 'dummytoken',
+        region: 'us-west-1',
+        sts_endpoint: "https://sts.us-west-1.amazonaws.com",
+        aws_credentials_expire_at: expires_at
+      ) { Fog::AWS::Compute.fetch_credentials(use_iam_profile: true, region: 'us-west-1') }
+    end
+    ENV["AWS_DEFAULT_REGION"] = "us-west-1"
+    tests('#fetch_credentials with regional STS endpoint with region in env') do
+      returns(
+        aws_access_key_id: 'dummykey',
+        aws_secret_access_key: 'dummysecret',
+        aws_session_token: 'dummytoken',
+        region: 'us-west-1',
+        sts_endpoint: "https://sts.us-west-1.amazonaws.com",
         aws_credentials_expire_at: expires_at
       ) { Fog::AWS::Compute.fetch_credentials(use_iam_profile: true) }
     end
+    ENV["AWS_STS_REGIONAL_ENDPOINTS"] = nil
+    ENV["AWS_DEFAULT_REGION"] = nil
     ENV['AWS_WEB_IDENTITY_TOKEN_FILE'] = nil
     compute = Fog::AWS::Compute.new(use_iam_profile: true)

data/tests/requests/compute/security_group_tests.rb CHANGED Viewed

@@ -19,6 +19,7 @@ Shindo.tests('Fog::Compute[:aws] | security group requests', ['aws']) do
         'groups'      => [{ 'groupName' => Fog::Nullable::String, 'userId' => String, 'groupId' => String }],
         'ipProtocol'  => String,
         'ipRanges'    => [Fog::Nullable::Hash],
+        'ipv6Ranges'  => [Fog::Nullable::Hash],
         'toPort'      => Fog::Nullable::Integer,
       }],
       'ipPermissionsEgress' => [],
@@ -54,16 +55,19 @@ Shindo.tests('Fog::Compute[:aws] | security group requests', ['aws']) do
       {"groups"=>[{"groupName"=>"default", "userId"=>@owner_id, "groupId"=>@group_id_default}],
         "fromPort"=>1,
         "ipRanges"=>[],
+        "ipv6Ranges"=>[],
         "ipProtocol"=>"tcp",
         "toPort"=>65535},
       {"groups"=>[{"groupName"=>"default", "userId"=>@owner_id, "groupId"=>@group_id_default}],
         "fromPort"=>1,
         "ipRanges"=>[],
+        "ipv6Ranges"=>[],
         "ipProtocol"=>"udp",
         "toPort"=>65535},
       {"groups"=>[{"groupName"=>"default", "userId"=>@owner_id, "groupId"=>@group_id_default}],
         "fromPort"=>-1,
         "ipRanges"=>[],
+        "ipv6Ranges"=>[],
         "ipProtocol"=>"icmp",
         "toPort"=>-1}
     ]
@@ -88,6 +92,7 @@ Shindo.tests('Fog::Compute[:aws] | security group requests', ['aws']) do
         [{"userId"=>@owner_id, "groupName"=>"default", "groupId"=>@group_id_default},
           {"userId"=>@owner_id, "groupName"=>"fog_security_group_two", "groupId"=>@group_id_two}],
         "ipRanges"=>[],
+        "ipv6Ranges"=>[],
         "ipProtocol"=>"tcp",
         "fromPort"=>1,
         "toPort"=>65535},
@@ -95,6 +100,7 @@ Shindo.tests('Fog::Compute[:aws] | security group requests', ['aws']) do
         [{"userId"=>@owner_id, "groupName"=>"default", "groupId"=>@group_id_default},
           {"userId"=>@owner_id, "groupName"=>"fog_security_group_two", "groupId"=>@group_id_two}],
         "ipRanges"=>[],
+        "ipv6Ranges"=>[],
         "ipProtocol"=>"udp",
         "fromPort"=>1,
         "toPort"=>65535},
@@ -102,6 +108,7 @@ Shindo.tests('Fog::Compute[:aws] | security group requests', ['aws']) do
         [{"userId"=>@owner_id, "groupName"=>"default", "groupId"=>@group_id_default},
           {"userId"=>@owner_id, "groupName"=>"fog_security_group_two", "groupId"=>@group_id_two}],
         "ipRanges"=>[],
+        "ipv6Ranges"=>[],
         "ipProtocol"=>"icmp",
         "fromPort"=>-1,
         "toPort"=>-1}
@@ -133,6 +140,7 @@ Shindo.tests('Fog::Compute[:aws] | security group requests', ['aws']) do
     expected_permissions += [
       {"groups"=>[],
         "ipRanges"=>[{"cidrIp"=>"10.0.0.0/8"}],
+        "ipv6Ranges"=>[],
         "ipProtocol"=>"tcp",
         "fromPort"=>22,
         "toPort"=>22}
@@ -164,7 +172,8 @@ Shindo.tests('Fog::Compute[:aws] | security group requests', ['aws']) do
       'IpPermissions' => [
         {
           'IpProtocol' => 'tcp', 'FromPort' => '80', 'ToPort' => '80',
-          'IpRanges' => [{ 'CidrIp' => '192.168.0.0/24' }]
+          'IpRanges' => [{ 'CidrIp' => '192.168.0.0/24' }],
+          'Ipv6Ranges' => []
         }
       ]
     }
@@ -177,6 +186,7 @@ Shindo.tests('Fog::Compute[:aws] | security group requests', ['aws']) do
     expected_permissions += [
       {"groups"=>[],
         "ipRanges"=>[{"cidrIp"=>"192.168.0.0/24"}],
+        "ipv6Ranges"=>[],
         "ipProtocol"=>"tcp",
         "fromPort"=>80,
         "toPort"=>80}
@@ -204,6 +214,7 @@ Shindo.tests('Fog::Compute[:aws] | security group requests', ['aws']) do
     expected_permissions += [
       {"groups"=>[{"userId"=>@owner_id, "groupName"=>"fog_security_group_two", "groupId"=>@group_id_two}],
         "ipRanges"=>[],
+        "ipv6Ranges"=>[],
         "ipProtocol"=>"tcp",
         "fromPort"=>8000,
         "toPort"=>8000}

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: fog-aws
 version: !ruby/object:Gem::Version
-  version: 3.11.0
+  version: 3.12.0
 platform: ruby
 authors:
 - Josh Lane
@@ -9,7 +9,7 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2021-08-05 00:00:00.000000000 Z
+date: 2021-08-23 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler