miasma-aws 0.3.20 → 0.3.22

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 04a578bff18113ac8611dca8ce988c964e54c7ad28e9c5da32742bb07e4a5afd
4
- data.tar.gz: f495f1066d0f3a42aac9485330799a3588e7e3144b5ae3b2b65950067a769b94
3
+ metadata.gz: 52b34565420604144ef097dabea4e434e2f413af448c3cd5041abeb6a3aab3f3
4
+ data.tar.gz: e2de941c5c78209ba8ee8c737f5c6b43113ce2251818e53e610bd2c688d4ed78
5
5
  SHA512:
6
- metadata.gz: 04015f3c41bb33aaa3316411ae089b5dfa28f95f8798c78890c37c12d501760a84d3cdc04b9db5039eabde96a8861f9a433504d470647b8c126056007d2fc84e
7
- data.tar.gz: f91b0f9d0c61803f21470b6a3e171ad682d91cbcd2b36da01e31cfc6e74c0b88a99b115bdd6d75b527f19c513e433ea135fdc322c206104c1e41e1a1e65b71a8
6
+ metadata.gz: 9eba4d31741db7cd4efa9277ab0b8c831bcf6081f56bd591e943f694084d26ab5adfbb8e130c755350c2dd052a9f059e46f8d32c75dfd26ac56432edf6509168
7
+ data.tar.gz: f89d2ca230d03b1bbc0745bab06e2dffc23828e785926e75bd604e1784777c8c831feef8bf03077852e17383ebff9b7680c8245f6f26ea3da56b0bd04125cdb5
@@ -1,3 +1,8 @@
1
+ # v0.3.22
2
+ * [fix] Resolve configuration loading issues (#58)
3
+ * [enhancement] Update token refresh to within 10m of expiry (#59)
4
+ * [enhancement] Unify token expiry checks (#56)
5
+
1
6
  # v0.3.20
2
7
  * [fix] Properly calculate token expiry (#52)
3
8
  * [enhancement] Generate custom exception when key is not provided to signer (#53)
@@ -1,4 +1,4 @@
1
1
  module MiasmaAws
2
2
  # Current library version
3
- VERSION = Gem::Version.new("0.3.20")
3
+ VERSION = Gem::Version.new("0.3.22")
4
4
  end
@@ -395,6 +395,8 @@ module Miasma
395
395
  klass.const_set(
396
396
  :ECS_TASK_PROFILE_PATH, ENV["AWS_CONTAINER_CREDENTIALS_RELATIVE_URI"]
397
397
  )
398
+ # Reload sts tokens if expiry is within the next 10 minutes
399
+ klass.const_set(:STS_TOKEN_EXPIRY_BUFFER, 600)
398
400
  end
399
401
 
400
402
  # Build new API for specified type using current provider / creds
@@ -421,9 +423,14 @@ module Miasma
421
423
  # @param creds [Hash]
422
424
  # @return [TrueClass]
423
425
  def custom_setup(creds)
424
- cred_file = load_aws_file(aws_credentials_file)
425
- config_file = load_aws_file(aws_config_file)
426
- profile = creds[:aws_profile_name]
426
+ cred_file = load_aws_file(creds.fetch(
427
+ :aws_credentials_file, aws_credentials_file
428
+ ))
429
+ config_file = load_aws_file(creds.fetch(
430
+ :aws_config_file, aws_config_file
431
+ ))
432
+ # Load any configuration available from the config file
433
+ profile = creds.fetch(:aws_profile_name, aws_profile_name)
427
434
  profile_list = [profile].compact
428
435
  new_config_creds = Smash.new
429
436
  while profile
@@ -436,7 +443,7 @@ module Miasma
436
443
  new_config_creds = config_file.fetch(:default, Smash.new).merge(
437
444
  new_config_creds
438
445
  )
439
- profile = creds[:aws_profile_name]
446
+ # Load any configuration available from the creds file
440
447
  new_creds = Smash.new
441
448
  profile_list.each do |profile|
442
449
  new_creds = cred_file.fetch(profile, Smash.new).merge(
@@ -448,15 +455,17 @@ module Miasma
448
455
  new_creds
449
456
  )
450
457
  new_creds = new_creds.merge(new_config_creds)
451
- # Update original data source
458
+ # Provided credentials override any config file or creds
459
+ # file configuration so set them into new creds if available
460
+ new_creds.merge!(creds)
461
+ # Replace creds hash with updated hash so it is loaded with
462
+ # updated values
452
463
  creds.replace(new_creds)
453
464
  if creds[:aws_iam_instance_profile]
454
465
  self.class.const_get(:ECS_TASK_PROFILE_PATH).nil? ?
455
466
  load_instance_credentials!(creds) :
456
467
  load_ecs_credentials!(creds)
457
468
  end
458
- # Set underlying attributes
459
- data.replace(creds)
460
469
  true
461
470
  end
462
471
 
@@ -790,24 +799,27 @@ module Miasma
790
799
  # @return [TrueClass, FalseClass]
791
800
  # @note update check only applied if assuming role
792
801
  def sts_assume_role_update_required?(args = {})
793
- if args.fetch(:aws_sts_role_arn, attributes[:aws_sts_role_arn])
794
- expiry = args.fetch(:aws_sts_token_expires, attributes[:aws_sts_token_expires])
795
- expiry.nil? || expiry - 15 <= Time.now
796
- else
797
- false
798
- end
802
+ sts_attribute_update_required?(:aws_sts_role_arn,
803
+ :aws_sts_token_expires, args)
799
804
  end
800
805
 
801
806
  # @return [TrueClass, FalseClass]
802
807
  # @note update check only applied if assuming role
803
808
  def sts_mfa_session_update_required?(args = {})
804
- if (args.fetch(:aws_sts_session_token_code,
805
- attributes[:aws_sts_session_token_code]))
806
- expiry = args.fetch(
807
- :aws_sts_session_token_expires,
808
- attributes[:aws_sts_session_token_expires]
809
- )
810
- expiry.nil? || expiry - 15 <= Time.now
809
+ sts_attribute_update_required?(:aws_sts_session_token_code,
810
+ :aws_sts_session_token_expires, args)
811
+ end
812
+
813
+ # Check if STS attribute requires update
814
+ #
815
+ # @param key [String, Symbol] token key
816
+ # @param expiry_key [Time] expiry of token
817
+ # @param args [Hash] overrides to check instead of instance values
818
+ # @return [TrueClass, FalseClass]
819
+ def sts_attribute_update_required?(key, expiry_key, args = {})
820
+ if args.fetch(key, attributes[key])
821
+ expiry = args.fetch(expiry_key, attributes[expiry_key])
822
+ expiry.nil? || expiry - self.class.const_get(:STS_TOKEN_EXPIRY_BUFFER) <= Time.now
811
823
  else
812
824
  false
813
825
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: miasma-aws
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.3.20
4
+ version: 0.3.22
5
5
  platform: ruby
6
6
  authors:
7
7
  - Chris Roberts
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2018-07-14 00:00:00.000000000 Z
11
+ date: 2018-07-22 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: miasma