miasma-aws 0.3.20 → 0.3.22
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +5 -0
- data/lib/miasma-aws/version.rb +1 -1
- data/lib/miasma/contrib/aws.rb +32 -20
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 52b34565420604144ef097dabea4e434e2f413af448c3cd5041abeb6a3aab3f3
|
|
4
|
+
data.tar.gz: e2de941c5c78209ba8ee8c737f5c6b43113ce2251818e53e610bd2c688d4ed78
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 9eba4d31741db7cd4efa9277ab0b8c831bcf6081f56bd591e943f694084d26ab5adfbb8e130c755350c2dd052a9f059e46f8d32c75dfd26ac56432edf6509168
|
|
7
|
+
data.tar.gz: f89d2ca230d03b1bbc0745bab06e2dffc23828e785926e75bd604e1784777c8c831feef8bf03077852e17383ebff9b7680c8245f6f26ea3da56b0bd04125cdb5
|
data/CHANGELOG.md
CHANGED
|
@@ -1,3 +1,8 @@
|
|
|
1
|
+
# v0.3.22
|
|
2
|
+
* [fix] Resolve configuration loading issues (#58)
|
|
3
|
+
* [enhancement] Update token refresh to within 10m of expiry (#59)
|
|
4
|
+
* [enhancement] Unify token expiry checks (#56)
|
|
5
|
+
|
|
1
6
|
# v0.3.20
|
|
2
7
|
* [fix] Properly calculate token expiry (#52)
|
|
3
8
|
* [enhancement] Generate custom exception when key is not provided to signer (#53)
|
data/lib/miasma-aws/version.rb
CHANGED
data/lib/miasma/contrib/aws.rb
CHANGED
|
@@ -395,6 +395,8 @@ module Miasma
|
|
|
395
395
|
klass.const_set(
|
|
396
396
|
:ECS_TASK_PROFILE_PATH, ENV["AWS_CONTAINER_CREDENTIALS_RELATIVE_URI"]
|
|
397
397
|
)
|
|
398
|
+
# Reload sts tokens if expiry is within the next 10 minutes
|
|
399
|
+
klass.const_set(:STS_TOKEN_EXPIRY_BUFFER, 600)
|
|
398
400
|
end
|
|
399
401
|
|
|
400
402
|
# Build new API for specified type using current provider / creds
|
|
@@ -421,9 +423,14 @@ module Miasma
|
|
|
421
423
|
# @param creds [Hash]
|
|
422
424
|
# @return [TrueClass]
|
|
423
425
|
def custom_setup(creds)
|
|
424
|
-
cred_file = load_aws_file(
|
|
425
|
-
|
|
426
|
-
|
|
426
|
+
cred_file = load_aws_file(creds.fetch(
|
|
427
|
+
:aws_credentials_file, aws_credentials_file
|
|
428
|
+
))
|
|
429
|
+
config_file = load_aws_file(creds.fetch(
|
|
430
|
+
:aws_config_file, aws_config_file
|
|
431
|
+
))
|
|
432
|
+
# Load any configuration available from the config file
|
|
433
|
+
profile = creds.fetch(:aws_profile_name, aws_profile_name)
|
|
427
434
|
profile_list = [profile].compact
|
|
428
435
|
new_config_creds = Smash.new
|
|
429
436
|
while profile
|
|
@@ -436,7 +443,7 @@ module Miasma
|
|
|
436
443
|
new_config_creds = config_file.fetch(:default, Smash.new).merge(
|
|
437
444
|
new_config_creds
|
|
438
445
|
)
|
|
439
|
-
|
|
446
|
+
# Load any configuration available from the creds file
|
|
440
447
|
new_creds = Smash.new
|
|
441
448
|
profile_list.each do |profile|
|
|
442
449
|
new_creds = cred_file.fetch(profile, Smash.new).merge(
|
|
@@ -448,15 +455,17 @@ module Miasma
|
|
|
448
455
|
new_creds
|
|
449
456
|
)
|
|
450
457
|
new_creds = new_creds.merge(new_config_creds)
|
|
451
|
-
#
|
|
458
|
+
# Provided credentials override any config file or creds
|
|
459
|
+
# file configuration so set them into new creds if available
|
|
460
|
+
new_creds.merge!(creds)
|
|
461
|
+
# Replace creds hash with updated hash so it is loaded with
|
|
462
|
+
# updated values
|
|
452
463
|
creds.replace(new_creds)
|
|
453
464
|
if creds[:aws_iam_instance_profile]
|
|
454
465
|
self.class.const_get(:ECS_TASK_PROFILE_PATH).nil? ?
|
|
455
466
|
load_instance_credentials!(creds) :
|
|
456
467
|
load_ecs_credentials!(creds)
|
|
457
468
|
end
|
|
458
|
-
# Set underlying attributes
|
|
459
|
-
data.replace(creds)
|
|
460
469
|
true
|
|
461
470
|
end
|
|
462
471
|
|
|
@@ -790,24 +799,27 @@ module Miasma
|
|
|
790
799
|
# @return [TrueClass, FalseClass]
|
|
791
800
|
# @note update check only applied if assuming role
|
|
792
801
|
def sts_assume_role_update_required?(args = {})
|
|
793
|
-
|
|
794
|
-
|
|
795
|
-
expiry.nil? || expiry - 15 <= Time.now
|
|
796
|
-
else
|
|
797
|
-
false
|
|
798
|
-
end
|
|
802
|
+
sts_attribute_update_required?(:aws_sts_role_arn,
|
|
803
|
+
:aws_sts_token_expires, args)
|
|
799
804
|
end
|
|
800
805
|
|
|
801
806
|
# @return [TrueClass, FalseClass]
|
|
802
807
|
# @note update check only applied if assuming role
|
|
803
808
|
def sts_mfa_session_update_required?(args = {})
|
|
804
|
-
|
|
805
|
-
|
|
806
|
-
|
|
807
|
-
|
|
808
|
-
|
|
809
|
-
|
|
810
|
-
|
|
809
|
+
sts_attribute_update_required?(:aws_sts_session_token_code,
|
|
810
|
+
:aws_sts_session_token_expires, args)
|
|
811
|
+
end
|
|
812
|
+
|
|
813
|
+
# Check if STS attribute requires update
|
|
814
|
+
#
|
|
815
|
+
# @param key [String, Symbol] token key
|
|
816
|
+
# @param expiry_key [Time] expiry of token
|
|
817
|
+
# @param args [Hash] overrides to check instead of instance values
|
|
818
|
+
# @return [TrueClass, FalseClass]
|
|
819
|
+
def sts_attribute_update_required?(key, expiry_key, args = {})
|
|
820
|
+
if args.fetch(key, attributes[key])
|
|
821
|
+
expiry = args.fetch(expiry_key, attributes[expiry_key])
|
|
822
|
+
expiry.nil? || expiry - self.class.const_get(:STS_TOKEN_EXPIRY_BUFFER) <= Time.now
|
|
811
823
|
else
|
|
812
824
|
false
|
|
813
825
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: miasma-aws
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.3.
|
|
4
|
+
version: 0.3.22
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Chris Roberts
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2018-07-
|
|
11
|
+
date: 2018-07-22 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: miasma
|