s3_website 3.2.0 → 3.3.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 9dd48d8a609cc024fe3ecd567bcd390077b07f1d
-  data.tar.gz: 1fd28bdff75aaed3f3a6d3590ae8258a05d9af97
+  metadata.gz: d2d86efb2bc83642857893a73ac42a0ff82146a3
+  data.tar.gz: b748923cfed9efdd95a8d90ab9f9f6e425ada01b
 SHA512:
-  metadata.gz: 5cf5a79c29bab7b6c2820e80c6068f4aa7cbf2fde9936310eb3a16dabdbcfc0da294d5e38125d1929dd17b485a3dd51cfc18dad802fec520a4f710e090198c07
-  data.tar.gz: 62ac09a5a98f025a894a9fbfe83b66d7ad6a2519e78ab5c2df77b832ec449c98db52b777bfc832f31f7d22699d9638601941abdfc8acb92a91ecd6f3538f2a38
+  metadata.gz: 84d74230f742a5e8bbb8c2092919dca117515e5e958247d950a4d88f51aff86f9c3acb8e2c4cac6b8136f551b32f821c8112a09375a6f86e1e21d9eb7802306a
+  data.tar.gz: cf69eff43b25595b3a9fb73521cd43c6ff8356f47772ff7a930dbc058cd5279b2bece559272c0684438130bcac9bca2b1bb1e7742ba0e152623449abc5123815

data/README.md

@@ -56,6 +56,18 @@ the project's root you can specify the directory like so:
 
 If you omit `s3_id` from your `s3_website.yml`, S3_website will fall back to reading from the [default AWS SDK locations](http://docs.aws.amazon.com/sdk-for-java/v1/developer-guide/credentials.html). For instance, if you've used `aws configure` to set up credentials in `~/.aws/credentials`, S3_website can use these.
 
+### Using an AWS profile or a profile that assumes a role
+
+If you omit `s3_id`, `s3_secret`, and `session_token` you can specify an AWS credentials profile to use via the `profile` configuration variable, eg:
+
+    profile: name_of_aws_profile
+
+In addition, if you want this profile to assume a role before executing against S3, use the `profile_assume_role_arn` variable, eg:
+
+    profile_assume_role_arn: arn_of_role_to_assume
+
+(Note: you have to use a regular profile with an ID and SECRET and specify the role ARN via a variable like this instead of a profile that specifies a `role_arn` as documented [here](http://docs.aws.amazon.com/cli/latest/userguide/cli-roles.html) since it does not look like the Java SDK supports that format, yet...)
+
 ### Using environment variables
 
 You can use ERB in your `s3_website.yml` file which incorporates environment variables:

data/build.sbt

@@ -18,7 +18,7 @@ libraryDependencies += "org.yaml" % "snakeyaml" % "1.13"
 
 libraryDependencies += "org.jruby" % "jruby" % "1.7.11"
 
-libraryDependencies += "com.amazonaws" % "aws-java-sdk" % "1.11.32"
+libraryDependencies += "com.amazonaws" % "aws-java-sdk" % "1.11.172"
 
 libraryDependencies += "log4j" % "log4j" % "1.2.17"
 

data/changelog.md

@@ -2,6 +2,13 @@
 
 This project uses [Semantic Versioning](http://semver.org).
 
+## 3.3.0
+
+* Support `http_error_code_returned_equals` in redirect rules
+
+  See <https://github.com/laurilehmijoki/configure-s3-website/pull/21> for
+  discussion
+
 ## 3.2.0
 
 * Fall back to [the default credentials sources](http://docs.aws.amazon.com/sdk-for-java/v1/developer-guide/credentials.html) if `s3_id` is not provided in `s3_website.yml`

data/lib/s3_website/version.rb

@@ -1,3 +1,3 @@
 module S3Website
-  VERSION = '3.2.0'
+  VERSION = '3.3.0'
 end

data/s3_website.gemspec

@@ -18,7 +18,7 @@ Gem::Specification.new do |s|
   s.default_executable = %q{s3_website}
 
   s.add_dependency 'thor', '~> 0.18'
-  s.add_dependency 'configure-s3-website', '= 2.1.0'
+  s.add_dependency 'configure-s3-website', '= 2.2.0'
   s.add_dependency 'colored', '1.2'
   s.add_dependency 'dotenv', '~> 1.0'
 

data/src/main/scala/s3/website/model/Config.scala

@@ -8,12 +8,15 @@ import scala.util.{Failure, Try}
 import scala.collection.JavaConversions._
 import s3.website.Ruby.rubyRuntime
 import s3.website._
-import com.amazonaws.auth.{AWSCredentialsProvider, BasicAWSCredentials, BasicSessionCredentials, AWSStaticCredentialsProvider, DefaultAWSCredentialsProviderChain}
+import com.amazonaws.auth.{AWSCredentialsProvider, BasicAWSCredentials, BasicSessionCredentials, AWSStaticCredentialsProvider, DefaultAWSCredentialsProviderChain, STSAssumeRoleSessionCredentialsProvider}
+import com.amazonaws.auth.profile.ProfileCredentialsProvider
 
 case class Config(
   s3_id:                                  Option[String], // If undefined, use IAM Roles (http://docs.aws.amazon.com/AWSSdkDocsJava/latest/DeveloperGuide/java-dg-roles.html)
   s3_secret:                              Option[String], // If undefined, use IAM Roles (http://docs.aws.amazon.com/AWSSdkDocsJava/latest/DeveloperGuide/java-dg-roles.html)
   session_token:                          Option[String], // If defined, the AWS Security Token Service session token (http://docs.aws.amazon.com/STS/latest/APIReference/Welcome.html)
+  profile:                                Option[String], // If defined, the AWS profile to use for credentials
+  profile_assume_role_arn:                Option[String], // If defined, the ARN of the role to assume
   s3_bucket:                              String,
   s3_endpoint:                            S3Endpoint,
   site:                                   Option[String],
@@ -37,21 +40,29 @@ case class Config(
 object Config {
 
   def awsCredentials(config: Config): AWSCredentialsProvider = {
-    val credentialsFromConfigFile: Option[AWSStaticCredentialsProvider] =
-      if (config.s3_id.isEmpty) {
-         None
-      } else if (config.session_token.isEmpty) {
+    val credentialsFromConfigFile: Option[AWSCredentialsProvider] =
+      (
         for {
           s3_id <- config.s3_id
           s3_secret <- config.s3_secret
-        } yield new AWSStaticCredentialsProvider(new BasicAWSCredentials(s3_id, s3_secret))
-      } else {
+          session_token <- config.session_token
+        } yield new AWSStaticCredentialsProvider(new BasicSessionCredentials(s3_id, s3_secret, session_token))
+      ) orElse (
         for {
           s3_id <- config.s3_id
           s3_secret <- config.s3_secret
-          session_token <- config.session_token
-        } yield new AWSStaticCredentialsProvider(new BasicSessionCredentials(s3_id, s3_secret, session_token))
-      }
+        } yield new AWSStaticCredentialsProvider(new BasicAWSCredentials(s3_id, s3_secret))
+      ) orElse (
+        for {
+          profile <- config.profile
+          profile_assume_role_arn <- config.profile_assume_role_arn
+        } yield new STSAssumeRoleSessionCredentialsProvider.Builder(profile_assume_role_arn, "s3_website_assume_role_session")
+          .withLongLivedCredentialsProvider(new ProfileCredentialsProvider(profile)).build()
+      ) orElse (
+        for {
+          profile <- config.profile
+        } yield new ProfileCredentialsProvider(profile)
+      )
     credentialsFromConfigFile getOrElse new DefaultAWSCredentialsProviderChain
   }
 
@@ -235,4 +246,4 @@ object Config {
   case class S3_website_yml(file: File) {
     override def toString = file.getPath
   }
-}
+}

data/src/main/scala/s3/website/model/Site.scala

@@ -36,6 +36,8 @@ object Site {
           s3_id <- loadOptionalString("s3_id").right
           s3_secret <- loadOptionalString("s3_secret").right
           session_token <- loadOptionalString("session_token").right
+          profile <- loadOptionalString("profile").right
+          profile_assume_role_arn <- loadOptionalString("profile_assume_role_arn").right
           s3_bucket <- loadRequiredString("s3_bucket").right
           s3_endpoint <- loadEndpoint.right
           site <- loadOptionalString("site").right
@@ -67,6 +69,8 @@ object Site {
             s3_id,
             s3_secret,
             session_token,
+            profile,
+            profile_assume_role_arn,
             s3_bucket,
             s3_endpoint getOrElse S3Endpoint.defaultEndpoint,
             site,
@@ -152,4 +156,4 @@ object Site {
         Right(None)
     }
   }
-}
+}

data/src/test/scala/s3/website/ConfigSpec.scala

@@ -1,16 +1,47 @@
 package s3.website
-import com.amazonaws.auth.{BasicAWSCredentials, BasicSessionCredentials, DefaultAWSCredentialsProviderChain}
+import com.amazonaws.auth.profile.ProfileCredentialsProvider
+import com.amazonaws.auth.{BasicAWSCredentials, BasicSessionCredentials, DefaultAWSCredentialsProviderChain, STSAssumeRoleSessionCredentialsProvider}
 import org.specs2.mutable.Specification
 import s3.website.model.{Config, S3Endpoint}
 
 class ConfigSpec extends Specification {
 
   "Config#awsCredentials" should {
+    s"return ${classOf[BasicSessionCredentials]} when s3_id, s3_secret and session_token are defined in the config" in {
+      Config.awsCredentials(Config(
+        s3_id = Some("test"),
+        s3_secret = Some("secret"),
+        session_token = Some("Token"),
+        profile = None,
+        profile_assume_role_arn = None,
+        s3_bucket = "foo",
+        s3_endpoint = S3Endpoint.defaultEndpoint,
+        site = None,
+        max_age = None,
+        cache_control = None,
+        gzip = None,
+        gzip_zopfli = None,
+        s3_key_prefix = None,
+        ignore_on_server = None,
+        exclude_from_upload = None,
+        s3_reduced_redundancy = None,
+        cloudfront_distribution_id = None,
+        cloudfront_invalidate_root = None,
+        content_type = None,
+        redirects = None,
+        concurrency_level = 1,
+        cloudfront_wildcard_invalidation = None,
+        treat_zero_length_objects_as_redirects = None
+      )).getCredentials must beAnInstanceOf[BasicSessionCredentials]
+    }
+
     s"return ${classOf[BasicAWSCredentials]} when s3_id and s3_secret are defined in the config" in {
       Config.awsCredentials(Config(
         s3_id = Some("test"),
         s3_secret = Some("secret"),
         session_token = None,
+        profile = None,
+        profile_assume_role_arn = None,
         s3_bucket = "foo",
         s3_endpoint = S3Endpoint.defaultEndpoint,
         site = None,
@@ -32,11 +63,13 @@ class ConfigSpec extends Specification {
       )).getCredentials must beAnInstanceOf[BasicAWSCredentials]
     }
 
-    s"return ${classOf[BasicSessionCredentials]} when s3_id, s3_secret and session_token are defined in the config" in {
+    s"return ${classOf[STSAssumeRoleSessionCredentialsProvider]} when profile and profile_assume_role_arn are defined in the config" in {
       Config.awsCredentials(Config(
-        s3_id = Some("test"),
-        s3_secret = Some("secret"),
-        session_token = Some("Token"),
+        s3_id = None,
+        s3_secret = None,
+        session_token = None,
+        profile = Some("profile_name"),
+        profile_assume_role_arn = Some("arn:aws:iam::account-id:role/role-name"),
         s3_bucket = "foo",
         s3_endpoint = S3Endpoint.defaultEndpoint,
         site = None,
@@ -55,14 +88,44 @@ class ConfigSpec extends Specification {
         concurrency_level = 1,
         cloudfront_wildcard_invalidation = None,
         treat_zero_length_objects_as_redirects = None
-      )).getCredentials must beAnInstanceOf[BasicSessionCredentials]
+      )) must beAnInstanceOf[STSAssumeRoleSessionCredentialsProvider]
+    }
+
+    s"return ${classOf[ProfileCredentialsProvider]} when profile is defined in the config" in {
+      Config.awsCredentials(Config(
+        s3_id = None,
+        s3_secret = None,
+        session_token = None,
+        profile = Some("profile_name"),
+        profile_assume_role_arn = None,
+        s3_bucket = "foo",
+        s3_endpoint = S3Endpoint.defaultEndpoint,
+        site = None,
+        max_age = None,
+        cache_control = None,
+        gzip = None,
+        gzip_zopfli = None,
+        s3_key_prefix = None,
+        ignore_on_server = None,
+        exclude_from_upload = None,
+        s3_reduced_redundancy = None,
+        cloudfront_distribution_id = None,
+        cloudfront_invalidate_root = None,
+        content_type = None,
+        redirects = None,
+        concurrency_level = 1,
+        cloudfront_wildcard_invalidation = None,
+        treat_zero_length_objects_as_redirects = None
+      )) must beAnInstanceOf[ProfileCredentialsProvider]
     }
 
-    s"return ${classOf[DefaultAWSCredentialsProviderChain]} when s3_id and s3_secret are not defined in the config" in {
+    s"return ${classOf[DefaultAWSCredentialsProviderChain]} when s3_id, s3_secret, profile and profile_assume_role_arn are not defined in the config" in {
       Config.awsCredentials(Config(
         s3_id = None,
         s3_secret = None,
         session_token = None,
+        profile = None,
+        profile_assume_role_arn = None,
         s3_bucket = "foo",
         s3_endpoint = S3Endpoint.defaultEndpoint,
         site = None,

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: s3_website
 version: !ruby/object:Gem::Version
-  version: 3.2.0
+  version: 3.3.0
 platform: ruby
 authors:
 - Lauri Lehmijoki
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2017-08-08 00:00:00.000000000 Z
+date: 2017-09-04 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: thor
@@ -30,14 +30,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 2.1.0
+        version: 2.2.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 2.1.0
+        version: 2.2.0
 - !ruby/object:Gem::Dependency
   name: colored
   requirement: !ruby/object:Gem::Requirement