miasma-aws 0.1.14 → 0.1.16
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +5 -0
- data/README.md +42 -0
- data/lib/miasma/contrib/aws.rb +40 -0
- data/lib/miasma-aws/api/sts.rb +52 -0
- data/lib/miasma-aws/api.rb +11 -0
- data/lib/miasma-aws/version.rb +1 -1
- metadata +4 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 9ddfd1e74d80ada8575393aabf92009624191fa0
|
|
4
|
+
data.tar.gz: 3733de905ea6752c7118a0ac36091da340a6bff6
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: f5ae40e62e7d0aee7d2ca6c260f3fe99d54f85d9760701d8f71cd5b4d7bd5b9bf8017b1a467b8e392e8933dd574b0a08fab46a71090cf5f0db99a41ae59226b1
|
|
7
|
+
data.tar.gz: a7a9320181bd4079068ba19a0cfe434d3aaf141a81251ad71a06132957bf65f74d2a66f0de3f7f5dd66b208045171063425adeaa07c99d70585df981833443ec
|
data/CHANGELOG.md
CHANGED
|
@@ -1,3 +1,8 @@
|
|
|
1
|
+
## v0.1.16
|
|
2
|
+
* Add new `aws_sts_token` attribute for credentials
|
|
3
|
+
* Automatically include STS token on requests if available
|
|
4
|
+
* Add support for assuming roles via STS
|
|
5
|
+
|
|
1
6
|
## v0.1.14
|
|
2
7
|
* Fix checksum generation on multi-part uploads
|
|
3
8
|
* Fix paginated fetching of bucket objects
|
data/README.md
CHANGED
|
@@ -2,6 +2,48 @@
|
|
|
2
2
|
|
|
3
3
|
AWS API plugin for the miasma cloud library
|
|
4
4
|
|
|
5
|
+
## Supported credential attributes:
|
|
6
|
+
|
|
7
|
+
Supported attributes used in the credentials section of API
|
|
8
|
+
configurations:
|
|
9
|
+
|
|
10
|
+
```ruby
|
|
11
|
+
Miasma.api(
|
|
12
|
+
:type => :storage,
|
|
13
|
+
:provider => :aws,
|
|
14
|
+
:credentials => {
|
|
15
|
+
...
|
|
16
|
+
}
|
|
17
|
+
)
|
|
18
|
+
```
|
|
19
|
+
|
|
20
|
+
### Common general use attributes
|
|
21
|
+
|
|
22
|
+
* `aws_access_key_id` - User access key ID
|
|
23
|
+
* `aws_secret_access_key` - User secret access key
|
|
24
|
+
* `aws_region` - Region to connect
|
|
25
|
+
|
|
26
|
+
### Profile related attributes
|
|
27
|
+
|
|
28
|
+
* `aws_profile_name` - Use credentials/configuration from profile name
|
|
29
|
+
* `aws_credentials_file` - Specify custom credentials file
|
|
30
|
+
* `aws_config_file` - Specify custom configuration file
|
|
31
|
+
|
|
32
|
+
### Secure Token Service related:
|
|
33
|
+
|
|
34
|
+
* `aws_sts_token` - Set STS token to use with current key ID and secret
|
|
35
|
+
* `aws_sts_role_arn` - Assume role
|
|
36
|
+
* `aws_external_id` - Provide an external ID when assuming role
|
|
37
|
+
* `aws_sts_role_session_name` - Provide custom session name when assuming role
|
|
38
|
+
|
|
39
|
+
### S3 related attributes
|
|
40
|
+
|
|
41
|
+
* `aws_bucket_region` - Override current `aws_region` for bucket
|
|
42
|
+
|
|
43
|
+
### Other attributes
|
|
44
|
+
|
|
45
|
+
* `aws_host` - Use custom DNS endpoint for API requests
|
|
46
|
+
|
|
5
47
|
## Current support matrix
|
|
6
48
|
|
|
7
49
|
|Model |Create|Read|Update|Delete|
|
data/lib/miasma/contrib/aws.rb
CHANGED
|
@@ -6,6 +6,9 @@ require 'openssl'
|
|
|
6
6
|
|
|
7
7
|
module Miasma
|
|
8
8
|
module Contrib
|
|
9
|
+
module Aws
|
|
10
|
+
autoload :Api, 'miasma-aws/api'
|
|
11
|
+
end
|
|
9
12
|
# Core API for AWS access
|
|
10
13
|
class AwsApiCore
|
|
11
14
|
|
|
@@ -328,6 +331,10 @@ module Miasma
|
|
|
328
331
|
def self.included(klass)
|
|
329
332
|
klass.class_eval do
|
|
330
333
|
attribute :aws_profile_name, String, :default => 'default'
|
|
334
|
+
attribute :aws_sts_token, String
|
|
335
|
+
attribute :aws_sts_role_arn, String
|
|
336
|
+
attribute :aws_sts_external_id, String
|
|
337
|
+
attribute :aws_sts_role_session_name, String
|
|
331
338
|
attribute :aws_credentials_file, String, :required => true, :default => File.join(Dir.home, '.aws/credentials')
|
|
332
339
|
attribute :aws_config_file, String, :required => true, :default => File.join(Dir.home, '.aws/config')
|
|
333
340
|
attribute :aws_access_key_id, String, :required => true
|
|
@@ -377,6 +384,33 @@ module Miasma
|
|
|
377
384
|
).merge(creds)
|
|
378
385
|
)
|
|
379
386
|
end
|
|
387
|
+
if(creds[:aws_sts_role_arn])
|
|
388
|
+
sts_assume_role!(creds)
|
|
389
|
+
end
|
|
390
|
+
true
|
|
391
|
+
end
|
|
392
|
+
|
|
393
|
+
# Assume requested role and replace key id and secret
|
|
394
|
+
#
|
|
395
|
+
# @param creds [Hash]
|
|
396
|
+
# @return [TrueClass]
|
|
397
|
+
def sts_assume_role!(creds)
|
|
398
|
+
unless(creds[:aws_access_key_id_original])
|
|
399
|
+
creds[:aws_access_key_id_original] = creds[:aws_access_key_id]
|
|
400
|
+
creds[:aws_secret_access_key_original] = creds[:aws_secret_access_key]
|
|
401
|
+
end
|
|
402
|
+
sts = Miasma::Contrib::Aws::Api::Sts.new(
|
|
403
|
+
:aws_access_key_id => creds[:aws_access_key_id_original],
|
|
404
|
+
:aws_secret_access_key => creds[:aws_secret_access_key_original],
|
|
405
|
+
:aws_region => creds.fetch(:aws_sts_region, 'us-east-1'),
|
|
406
|
+
:aws_credentials_file => creds.fetch(:aws_credentials_file, aws_credentials_file),
|
|
407
|
+
:aws_config_file => creds.fetch(:aws_config_file, aws_config_file),
|
|
408
|
+
:aws_profile_name => creds[:aws_profile_name],
|
|
409
|
+
:aws_host => creds[:aws_host]
|
|
410
|
+
)
|
|
411
|
+
role_info = sts.assume_role(creds[:aws_sts_role_arn])
|
|
412
|
+
creds.merge!(role_info)
|
|
413
|
+
true
|
|
380
414
|
end
|
|
381
415
|
|
|
382
416
|
# Load configuration from the AWS configuration file
|
|
@@ -455,6 +489,9 @@ module Miasma
|
|
|
455
489
|
if(self.class::API_VERSION)
|
|
456
490
|
if(options[:form])
|
|
457
491
|
options.set(:form, 'Version', self.class::API_VERSION)
|
|
492
|
+
if(aws_sts_token)
|
|
493
|
+
options.set(:form, 'SecurityToken', aws_sts_token)
|
|
494
|
+
end
|
|
458
495
|
else
|
|
459
496
|
options[:params] = options.fetch(
|
|
460
497
|
:params, Smash.new
|
|
@@ -463,6 +500,9 @@ module Miasma
|
|
|
463
500
|
'Version' => self.class::API_VERSION
|
|
464
501
|
)
|
|
465
502
|
)
|
|
503
|
+
if(aws_sts_token)
|
|
504
|
+
options.set(:params, 'SecurityToken', aws_sts_token)
|
|
505
|
+
end
|
|
466
506
|
end
|
|
467
507
|
end
|
|
468
508
|
update_request(connection, options)
|
|
@@ -0,0 +1,52 @@
|
|
|
1
|
+
require 'miasma'
|
|
2
|
+
|
|
3
|
+
module Miasma
|
|
4
|
+
module Contrib
|
|
5
|
+
module Aws
|
|
6
|
+
module Api
|
|
7
|
+
class Sts < Miasma::Types::Api
|
|
8
|
+
|
|
9
|
+
# Service name of the API
|
|
10
|
+
API_SERVICE = 'sts'
|
|
11
|
+
# Supported version of the AutoScaling API
|
|
12
|
+
API_VERSION = '2011-06-15'
|
|
13
|
+
|
|
14
|
+
include Contrib::AwsApiCore::ApiCommon
|
|
15
|
+
include Contrib::AwsApiCore::RequestUtils
|
|
16
|
+
|
|
17
|
+
# Assume new role
|
|
18
|
+
#
|
|
19
|
+
# @param role_arn [String] IAM Role ARN
|
|
20
|
+
# @param args [Hash]
|
|
21
|
+
# @option args [String] :external_id
|
|
22
|
+
# @option args [String] :session_name
|
|
23
|
+
# @return [Hash]
|
|
24
|
+
def assume_role(role_arn, args={})
|
|
25
|
+
req_params = Smash.new.tap do |params|
|
|
26
|
+
params['Action'] = 'AssumeRole'
|
|
27
|
+
params['RoleArn'] = role_arn
|
|
28
|
+
params['RoleSessionName'] = args.fetch(
|
|
29
|
+
:session_name,
|
|
30
|
+
SecureRandom.uuid.tr('-', '')
|
|
31
|
+
)
|
|
32
|
+
params['ExternalId'] = args[:external_id] if args[:external_id]
|
|
33
|
+
end
|
|
34
|
+
result = request(
|
|
35
|
+
:path => '/',
|
|
36
|
+
:params => req_params
|
|
37
|
+
).get(:body, 'AssumeRoleResponse', 'AssumeRoleResult')
|
|
38
|
+
Smash.new(
|
|
39
|
+
:aws_sts_token => result.get('Credentials', 'SessionToken'),
|
|
40
|
+
:aws_secret_access_key => result.get('Credentials', 'SecretAccessKey'),
|
|
41
|
+
:aws_access_key_id => result.get('Credentials', 'AccessKeyId'),
|
|
42
|
+
:aws_sts_token_expires => Time.parse(result.get('Credentials', 'Expiration')),
|
|
43
|
+
:aws_sts_assumed_role_arn => result.get('AssumedRoleUser', 'Arn'),
|
|
44
|
+
:aws_sts_assumed_role_id => result.get('AssumedRoleUser', 'AssumedRoleId')
|
|
45
|
+
)
|
|
46
|
+
end
|
|
47
|
+
|
|
48
|
+
end
|
|
49
|
+
end
|
|
50
|
+
end
|
|
51
|
+
end
|
|
52
|
+
end
|
data/lib/miasma-aws/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: miasma-aws
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.1.
|
|
4
|
+
version: 0.1.16
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Chris Roberts
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2015-
|
|
11
|
+
date: 2015-06-08 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: miasma
|
|
@@ -104,6 +104,8 @@ files:
|
|
|
104
104
|
- LICENSE
|
|
105
105
|
- README.md
|
|
106
106
|
- lib/miasma-aws.rb
|
|
107
|
+
- lib/miasma-aws/api.rb
|
|
108
|
+
- lib/miasma-aws/api/sts.rb
|
|
107
109
|
- lib/miasma-aws/version.rb
|
|
108
110
|
- lib/miasma/contrib/aws.rb
|
|
109
111
|
- lib/miasma/contrib/aws/auto_scale.rb
|