miasma-aws 0.3.20 → 0.3.22
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +5 -0
- data/lib/miasma-aws/version.rb +1 -1
- data/lib/miasma/contrib/aws.rb +32 -20
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 52b34565420604144ef097dabea4e434e2f413af448c3cd5041abeb6a3aab3f3
|
|
4
|
+
data.tar.gz: e2de941c5c78209ba8ee8c737f5c6b43113ce2251818e53e610bd2c688d4ed78
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 9eba4d31741db7cd4efa9277ab0b8c831bcf6081f56bd591e943f694084d26ab5adfbb8e130c755350c2dd052a9f059e46f8d32c75dfd26ac56432edf6509168
|
|
7
|
+
data.tar.gz: f89d2ca230d03b1bbc0745bab06e2dffc23828e785926e75bd604e1784777c8c831feef8bf03077852e17383ebff9b7680c8245f6f26ea3da56b0bd04125cdb5
|
data/CHANGELOG.md
CHANGED
|
@@ -1,3 +1,8 @@
|
|
|
1
|
+
# v0.3.22
|
|
2
|
+
* [fix] Resolve configuration loading issues (#58)
|
|
3
|
+
* [enhancement] Update token refresh to within 10m of expiry (#59)
|
|
4
|
+
* [enhancement] Unify token expiry checks (#56)
|
|
5
|
+
|
|
1
6
|
# v0.3.20
|
|
2
7
|
* [fix] Properly calculate token expiry (#52)
|
|
3
8
|
* [enhancement] Generate custom exception when key is not provided to signer (#53)
|
data/lib/miasma-aws/version.rb
CHANGED
data/lib/miasma/contrib/aws.rb
CHANGED
|
@@ -395,6 +395,8 @@ module Miasma
|
|
|
395
395
|
klass.const_set(
|
|
396
396
|
:ECS_TASK_PROFILE_PATH, ENV["AWS_CONTAINER_CREDENTIALS_RELATIVE_URI"]
|
|
397
397
|
)
|
|
398
|
+
# Reload sts tokens if expiry is within the next 10 minutes
|
|
399
|
+
klass.const_set(:STS_TOKEN_EXPIRY_BUFFER, 600)
|
|
398
400
|
end
|
|
399
401
|
|
|
400
402
|
# Build new API for specified type using current provider / creds
|
|
@@ -421,9 +423,14 @@ module Miasma
|
|
|
421
423
|
# @param creds [Hash]
|
|
422
424
|
# @return [TrueClass]
|
|
423
425
|
def custom_setup(creds)
|
|
424
|
-
cred_file = load_aws_file(
|
|
425
|
-
|
|
426
|
-
|
|
426
|
+
cred_file = load_aws_file(creds.fetch(
|
|
427
|
+
:aws_credentials_file, aws_credentials_file
|
|
428
|
+
))
|
|
429
|
+
config_file = load_aws_file(creds.fetch(
|
|
430
|
+
:aws_config_file, aws_config_file
|
|
431
|
+
))
|
|
432
|
+
# Load any configuration available from the config file
|
|
433
|
+
profile = creds.fetch(:aws_profile_name, aws_profile_name)
|
|
427
434
|
profile_list = [profile].compact
|
|
428
435
|
new_config_creds = Smash.new
|
|
429
436
|
while profile
|
|
@@ -436,7 +443,7 @@ module Miasma
|
|
|
436
443
|
new_config_creds = config_file.fetch(:default, Smash.new).merge(
|
|
437
444
|
new_config_creds
|
|
438
445
|
)
|
|
439
|
-
|
|
446
|
+
# Load any configuration available from the creds file
|
|
440
447
|
new_creds = Smash.new
|
|
441
448
|
profile_list.each do |profile|
|
|
442
449
|
new_creds = cred_file.fetch(profile, Smash.new).merge(
|
|
@@ -448,15 +455,17 @@ module Miasma
|
|
|
448
455
|
new_creds
|
|
449
456
|
)
|
|
450
457
|
new_creds = new_creds.merge(new_config_creds)
|
|
451
|
-
#
|
|
458
|
+
# Provided credentials override any config file or creds
|
|
459
|
+
# file configuration so set them into new creds if available
|
|
460
|
+
new_creds.merge!(creds)
|
|
461
|
+
# Replace creds hash with updated hash so it is loaded with
|
|
462
|
+
# updated values
|
|
452
463
|
creds.replace(new_creds)
|
|
453
464
|
if creds[:aws_iam_instance_profile]
|
|
454
465
|
self.class.const_get(:ECS_TASK_PROFILE_PATH).nil? ?
|
|
455
466
|
load_instance_credentials!(creds) :
|
|
456
467
|
load_ecs_credentials!(creds)
|
|
457
468
|
end
|
|
458
|
-
# Set underlying attributes
|
|
459
|
-
data.replace(creds)
|
|
460
469
|
true
|
|
461
470
|
end
|
|
462
471
|
|
|
@@ -790,24 +799,27 @@ module Miasma
|
|
|
790
799
|
# @return [TrueClass, FalseClass]
|
|
791
800
|
# @note update check only applied if assuming role
|
|
792
801
|
def sts_assume_role_update_required?(args = {})
|
|
793
|
-
|
|
794
|
-
|
|
795
|
-
expiry.nil? || expiry - 15 <= Time.now
|
|
796
|
-
else
|
|
797
|
-
false
|
|
798
|
-
end
|
|
802
|
+
sts_attribute_update_required?(:aws_sts_role_arn,
|
|
803
|
+
:aws_sts_token_expires, args)
|
|
799
804
|
end
|
|
800
805
|
|
|
801
806
|
# @return [TrueClass, FalseClass]
|
|
802
807
|
# @note update check only applied if assuming role
|
|
803
808
|
def sts_mfa_session_update_required?(args = {})
|
|
804
|
-
|
|
805
|
-
|
|
806
|
-
|
|
807
|
-
|
|
808
|
-
|
|
809
|
-
|
|
810
|
-
|
|
809
|
+
sts_attribute_update_required?(:aws_sts_session_token_code,
|
|
810
|
+
:aws_sts_session_token_expires, args)
|
|
811
|
+
end
|
|
812
|
+
|
|
813
|
+
# Check if STS attribute requires update
|
|
814
|
+
#
|
|
815
|
+
# @param key [String, Symbol] token key
|
|
816
|
+
# @param expiry_key [Time] expiry of token
|
|
817
|
+
# @param args [Hash] overrides to check instead of instance values
|
|
818
|
+
# @return [TrueClass, FalseClass]
|
|
819
|
+
def sts_attribute_update_required?(key, expiry_key, args = {})
|
|
820
|
+
if args.fetch(key, attributes[key])
|
|
821
|
+
expiry = args.fetch(expiry_key, attributes[expiry_key])
|
|
822
|
+
expiry.nil? || expiry - self.class.const_get(:STS_TOKEN_EXPIRY_BUFFER) <= Time.now
|
|
811
823
|
else
|
|
812
824
|
false
|
|
813
825
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: miasma-aws
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.3.
|
|
4
|
+
version: 0.3.22
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Chris Roberts
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2018-07-
|
|
11
|
+
date: 2018-07-22 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: miasma
|