miasma-aws 0.1.14 → 0.1.16
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +5 -0
- data/README.md +42 -0
- data/lib/miasma/contrib/aws.rb +40 -0
- data/lib/miasma-aws/api/sts.rb +52 -0
- data/lib/miasma-aws/api.rb +11 -0
- data/lib/miasma-aws/version.rb +1 -1
- metadata +4 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 9ddfd1e74d80ada8575393aabf92009624191fa0
|
|
4
|
+
data.tar.gz: 3733de905ea6752c7118a0ac36091da340a6bff6
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: f5ae40e62e7d0aee7d2ca6c260f3fe99d54f85d9760701d8f71cd5b4d7bd5b9bf8017b1a467b8e392e8933dd574b0a08fab46a71090cf5f0db99a41ae59226b1
|
|
7
|
+
data.tar.gz: a7a9320181bd4079068ba19a0cfe434d3aaf141a81251ad71a06132957bf65f74d2a66f0de3f7f5dd66b208045171063425adeaa07c99d70585df981833443ec
|
data/CHANGELOG.md
CHANGED
|
@@ -1,3 +1,8 @@
|
|
|
1
|
+
## v0.1.16
|
|
2
|
+
* Add new `aws_sts_token` attribute for credentials
|
|
3
|
+
* Automatically include STS token on requests if available
|
|
4
|
+
* Add support for assuming roles via STS
|
|
5
|
+
|
|
1
6
|
## v0.1.14
|
|
2
7
|
* Fix checksum generation on multi-part uploads
|
|
3
8
|
* Fix paginated fetching of bucket objects
|
data/README.md
CHANGED
|
@@ -2,6 +2,48 @@
|
|
|
2
2
|
|
|
3
3
|
AWS API plugin for the miasma cloud library
|
|
4
4
|
|
|
5
|
+
## Supported credential attributes:
|
|
6
|
+
|
|
7
|
+
Supported attributes used in the credentials section of API
|
|
8
|
+
configurations:
|
|
9
|
+
|
|
10
|
+
```ruby
|
|
11
|
+
Miasma.api(
|
|
12
|
+
:type => :storage,
|
|
13
|
+
:provider => :aws,
|
|
14
|
+
:credentials => {
|
|
15
|
+
...
|
|
16
|
+
}
|
|
17
|
+
)
|
|
18
|
+
```
|
|
19
|
+
|
|
20
|
+
### Common general use attributes
|
|
21
|
+
|
|
22
|
+
* `aws_access_key_id` - User access key ID
|
|
23
|
+
* `aws_secret_access_key` - User secret access key
|
|
24
|
+
* `aws_region` - Region to connect
|
|
25
|
+
|
|
26
|
+
### Profile related attributes
|
|
27
|
+
|
|
28
|
+
* `aws_profile_name` - Use credentials/configuration from profile name
|
|
29
|
+
* `aws_credentials_file` - Specify custom credentials file
|
|
30
|
+
* `aws_config_file` - Specify custom configuration file
|
|
31
|
+
|
|
32
|
+
### Secure Token Service related:
|
|
33
|
+
|
|
34
|
+
* `aws_sts_token` - Set STS token to use with current key ID and secret
|
|
35
|
+
* `aws_sts_role_arn` - Assume role
|
|
36
|
+
* `aws_external_id` - Provide an external ID when assuming role
|
|
37
|
+
* `aws_sts_role_session_name` - Provide custom session name when assuming role
|
|
38
|
+
|
|
39
|
+
### S3 related attributes
|
|
40
|
+
|
|
41
|
+
* `aws_bucket_region` - Override current `aws_region` for bucket
|
|
42
|
+
|
|
43
|
+
### Other attributes
|
|
44
|
+
|
|
45
|
+
* `aws_host` - Use custom DNS endpoint for API requests
|
|
46
|
+
|
|
5
47
|
## Current support matrix
|
|
6
48
|
|
|
7
49
|
|Model |Create|Read|Update|Delete|
|
data/lib/miasma/contrib/aws.rb
CHANGED
|
@@ -6,6 +6,9 @@ require 'openssl'
|
|
|
6
6
|
|
|
7
7
|
module Miasma
|
|
8
8
|
module Contrib
|
|
9
|
+
module Aws
|
|
10
|
+
autoload :Api, 'miasma-aws/api'
|
|
11
|
+
end
|
|
9
12
|
# Core API for AWS access
|
|
10
13
|
class AwsApiCore
|
|
11
14
|
|
|
@@ -328,6 +331,10 @@ module Miasma
|
|
|
328
331
|
def self.included(klass)
|
|
329
332
|
klass.class_eval do
|
|
330
333
|
attribute :aws_profile_name, String, :default => 'default'
|
|
334
|
+
attribute :aws_sts_token, String
|
|
335
|
+
attribute :aws_sts_role_arn, String
|
|
336
|
+
attribute :aws_sts_external_id, String
|
|
337
|
+
attribute :aws_sts_role_session_name, String
|
|
331
338
|
attribute :aws_credentials_file, String, :required => true, :default => File.join(Dir.home, '.aws/credentials')
|
|
332
339
|
attribute :aws_config_file, String, :required => true, :default => File.join(Dir.home, '.aws/config')
|
|
333
340
|
attribute :aws_access_key_id, String, :required => true
|
|
@@ -377,6 +384,33 @@ module Miasma
|
|
|
377
384
|
).merge(creds)
|
|
378
385
|
)
|
|
379
386
|
end
|
|
387
|
+
if(creds[:aws_sts_role_arn])
|
|
388
|
+
sts_assume_role!(creds)
|
|
389
|
+
end
|
|
390
|
+
true
|
|
391
|
+
end
|
|
392
|
+
|
|
393
|
+
# Assume requested role and replace key id and secret
|
|
394
|
+
#
|
|
395
|
+
# @param creds [Hash]
|
|
396
|
+
# @return [TrueClass]
|
|
397
|
+
def sts_assume_role!(creds)
|
|
398
|
+
unless(creds[:aws_access_key_id_original])
|
|
399
|
+
creds[:aws_access_key_id_original] = creds[:aws_access_key_id]
|
|
400
|
+
creds[:aws_secret_access_key_original] = creds[:aws_secret_access_key]
|
|
401
|
+
end
|
|
402
|
+
sts = Miasma::Contrib::Aws::Api::Sts.new(
|
|
403
|
+
:aws_access_key_id => creds[:aws_access_key_id_original],
|
|
404
|
+
:aws_secret_access_key => creds[:aws_secret_access_key_original],
|
|
405
|
+
:aws_region => creds.fetch(:aws_sts_region, 'us-east-1'),
|
|
406
|
+
:aws_credentials_file => creds.fetch(:aws_credentials_file, aws_credentials_file),
|
|
407
|
+
:aws_config_file => creds.fetch(:aws_config_file, aws_config_file),
|
|
408
|
+
:aws_profile_name => creds[:aws_profile_name],
|
|
409
|
+
:aws_host => creds[:aws_host]
|
|
410
|
+
)
|
|
411
|
+
role_info = sts.assume_role(creds[:aws_sts_role_arn])
|
|
412
|
+
creds.merge!(role_info)
|
|
413
|
+
true
|
|
380
414
|
end
|
|
381
415
|
|
|
382
416
|
# Load configuration from the AWS configuration file
|
|
@@ -455,6 +489,9 @@ module Miasma
|
|
|
455
489
|
if(self.class::API_VERSION)
|
|
456
490
|
if(options[:form])
|
|
457
491
|
options.set(:form, 'Version', self.class::API_VERSION)
|
|
492
|
+
if(aws_sts_token)
|
|
493
|
+
options.set(:form, 'SecurityToken', aws_sts_token)
|
|
494
|
+
end
|
|
458
495
|
else
|
|
459
496
|
options[:params] = options.fetch(
|
|
460
497
|
:params, Smash.new
|
|
@@ -463,6 +500,9 @@ module Miasma
|
|
|
463
500
|
'Version' => self.class::API_VERSION
|
|
464
501
|
)
|
|
465
502
|
)
|
|
503
|
+
if(aws_sts_token)
|
|
504
|
+
options.set(:params, 'SecurityToken', aws_sts_token)
|
|
505
|
+
end
|
|
466
506
|
end
|
|
467
507
|
end
|
|
468
508
|
update_request(connection, options)
|
|
@@ -0,0 +1,52 @@
|
|
|
1
|
+
require 'miasma'
|
|
2
|
+
|
|
3
|
+
module Miasma
|
|
4
|
+
module Contrib
|
|
5
|
+
module Aws
|
|
6
|
+
module Api
|
|
7
|
+
class Sts < Miasma::Types::Api
|
|
8
|
+
|
|
9
|
+
# Service name of the API
|
|
10
|
+
API_SERVICE = 'sts'
|
|
11
|
+
# Supported version of the AutoScaling API
|
|
12
|
+
API_VERSION = '2011-06-15'
|
|
13
|
+
|
|
14
|
+
include Contrib::AwsApiCore::ApiCommon
|
|
15
|
+
include Contrib::AwsApiCore::RequestUtils
|
|
16
|
+
|
|
17
|
+
# Assume new role
|
|
18
|
+
#
|
|
19
|
+
# @param role_arn [String] IAM Role ARN
|
|
20
|
+
# @param args [Hash]
|
|
21
|
+
# @option args [String] :external_id
|
|
22
|
+
# @option args [String] :session_name
|
|
23
|
+
# @return [Hash]
|
|
24
|
+
def assume_role(role_arn, args={})
|
|
25
|
+
req_params = Smash.new.tap do |params|
|
|
26
|
+
params['Action'] = 'AssumeRole'
|
|
27
|
+
params['RoleArn'] = role_arn
|
|
28
|
+
params['RoleSessionName'] = args.fetch(
|
|
29
|
+
:session_name,
|
|
30
|
+
SecureRandom.uuid.tr('-', '')
|
|
31
|
+
)
|
|
32
|
+
params['ExternalId'] = args[:external_id] if args[:external_id]
|
|
33
|
+
end
|
|
34
|
+
result = request(
|
|
35
|
+
:path => '/',
|
|
36
|
+
:params => req_params
|
|
37
|
+
).get(:body, 'AssumeRoleResponse', 'AssumeRoleResult')
|
|
38
|
+
Smash.new(
|
|
39
|
+
:aws_sts_token => result.get('Credentials', 'SessionToken'),
|
|
40
|
+
:aws_secret_access_key => result.get('Credentials', 'SecretAccessKey'),
|
|
41
|
+
:aws_access_key_id => result.get('Credentials', 'AccessKeyId'),
|
|
42
|
+
:aws_sts_token_expires => Time.parse(result.get('Credentials', 'Expiration')),
|
|
43
|
+
:aws_sts_assumed_role_arn => result.get('AssumedRoleUser', 'Arn'),
|
|
44
|
+
:aws_sts_assumed_role_id => result.get('AssumedRoleUser', 'AssumedRoleId')
|
|
45
|
+
)
|
|
46
|
+
end
|
|
47
|
+
|
|
48
|
+
end
|
|
49
|
+
end
|
|
50
|
+
end
|
|
51
|
+
end
|
|
52
|
+
end
|
data/lib/miasma-aws/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: miasma-aws
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.1.
|
|
4
|
+
version: 0.1.16
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Chris Roberts
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2015-
|
|
11
|
+
date: 2015-06-08 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: miasma
|
|
@@ -104,6 +104,8 @@ files:
|
|
|
104
104
|
- LICENSE
|
|
105
105
|
- README.md
|
|
106
106
|
- lib/miasma-aws.rb
|
|
107
|
+
- lib/miasma-aws/api.rb
|
|
108
|
+
- lib/miasma-aws/api/sts.rb
|
|
107
109
|
- lib/miasma-aws/version.rb
|
|
108
110
|
- lib/miasma/contrib/aws.rb
|
|
109
111
|
- lib/miasma/contrib/aws/auto_scale.rb
|