vagrant-box-s3 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: d81dbf3d8b32768cfc022e376cfc5426bf6f84048e51788244ec03bf092cc827
+  data.tar.gz: 7d4edce6804ea7df82cbc6dd4faf781b486e8eec61979e595b45a321a000bf27
+SHA512:
+  metadata.gz: 22d63d9785c64664cdd552f4486870711caa7f6141a11756505d92c44ff7a140922fe7158708a2992e03cbfaade073a9782de46296b4462eedcf977d193439bb
+  data.tar.gz: bac015704c14167f29339d1390cd4458c732d945d02075201024f50ad5e72d0a2196a115ae8f1975b0c0ef6df0e13b8348f30a372754804089aff0f4e2e433b5

data/LICENSE.txt

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2024 Steve Whiteley
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

data/README.md

@@ -0,0 +1,124 @@
+# Vagrant Box S3
+
+Use Vagrant boxes stored in Amazon S3 private buckets.
+
+### Requirements
+
+- [vagrant](https://developer.hashicorp.com/vagrant/install?product_intent=vagrant) (2.4.x)
+- [aws-sdk-s3](https://rubygems.org/gems/aws-sdk-s3/versions/1.143.0) (1.x)
+
+## Features
+
+This plugin works by monkey patching `Vagrant::Util::Downloader`, extending the core Downloader class in Vagrant to
+override the `execute_curl` method to replace S3 box URLs with pre-signed S3 URLs.
+
+## Installation
+
+    vagrant plugin install ../vagrant-box-s3/pkg/vagrant-box-s3-0.1.2.gem
+
+## Usage
+
+The plugin with automatically sign requests to AWS S3 URLs with your AWS credentials, allowing you to store private
+boxes on S3 with your own bucket policies in place.
+
+## Configuration
+
+AWS credentials are read from the standard environment variables `AWS_ACCESS_KEY_ID` and `AWS_SECRET_ACCESS_KEY`.
+
+You can also use your credentials file to create a profile. Select the appropriate profile using the `AWS_PROFILE` environment variable. For example:
+
+#### ~/.aws/credentials
+
+    [vagrant-s3auth]
+    aws_access_key_id = AKIA...
+    aws_secret_access_key = ...
+
+#### Vagrantfile
+
+    ENV.delete_if { |name| name.start_with?('AWS_') }  # Filter out rogue env vars.
+    ENV['AWS_PROFILE'] = 'vagrant-s3auth'
+
+    Vagrant.configure("2") { |config| ... }
+
+### S3 URLs
+
+You can use any valid HTTP(S) URL for your box URL:
+
+#### Path-Style URLs
+
+Specify the bucket name in the path of the URL. AWS has deprecated path-style URLs, but they might still be seen or used in legacy systems.
+
+- Format: https://s3.Region.amazonaws.com/bucket-name/key-name
+  Example: https://s3.eu-west-1.amazonaws.com/mybucket/mybox.box
+
+- Format: https://s3-Region.amazonaws.com/bucket-name/keyname
+  Example: https://s3-eu-west-1.amazonaws.com/bucket-name/mybox.box
+
+#### Virtual-Hosted-Style URLs
+Virtual-hosted-style URLs use the bucket name as a subdomain. This is the recommended and most commonly used format.
+
+- Format: https://bucket-name.s3.Region.amazonaws.com/key-name
+- Example: https://mybucket.s3.eu-west-1.amazonaws.com/mybox.box
+
+### IAM configuration
+
+IAM accounts will need at least the following policy, replacing `BUCKET` with your bucket name.
+
+    {
+        "Version": "2012-10-17",
+        "Statement": [
+            {
+                "Effect": "Allow",
+                "Action": "s3:GetObject",
+                "Resource": "arn:aws:s3:::BUCKET/*"
+            },
+            {
+                "Effect": "Allow",
+                "Action": ["s3:GetBucketLocation", "s3:ListBucket"],
+                "Resource": "arn:aws:s3:::BUCKET"
+            }
+        ]
+    }
+
+## Development
+
+### Requirements
+
+- [Ruby](https://www.ruby-lang.org/en/downloads/) (3.2.x)
+
+A specific version of ruby can be installed on macOS via rbenv:
+
+    brew install rbenv
+
+    echo 'eval "$(rbenv init -)"' >> ~/.zshrc
+
+    rbenv install 3.2.2
+
+    cd /path/to/vagrant-box-s3
+
+    rbenv local 3.2.2
+
+    ruby -v
+
+If bundled packages / dependencies have changed, run bundle install:
+
+    bundle install --path vendor/bundle
+
+To build the plugin, use `rake build`, this will create a file with the current version number, e.g. `pkg/vagrant-box-s3-0.1.2.gem`.
+
+Update the current version in `lib/vagrant-box-s3/version.rb`.
+
+Testing the plugin requires installing into vagrant from the build:
+
+    vagrant plugin install ../vagrant-box-s3/pkg/vagrant-box-s3-0.1.2.gem
+
+Then running a command that will trigger box URL related actions, such as `vagrant up`, `vagrant box update` etc. with the `--debug` flag.
+
+## Contributing
+
+Bug reports and pull requests are welcome on GitHub at https://github.com/[USERNAME]/vagrant-box-s3. 
+This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the [Contributor Covenant](http://contributor-covenant.org) code of conduct.
+
+## License
+
+The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).

data/lib/vagrant-box-s3/downloader.rb

@@ -0,0 +1,46 @@
+require 'vagrant-box-s3/utils'
+
+module Vagrant
+  module Util
+    class Downloader
+
+      def aws_auth_download(options, subprocess_options, &data_proc)
+        # Get URL from options, which is the last option in the list.
+        url = options.last
+
+        # Determine method from curl command -I flag existence.
+        method = options.any? { |o| o == '-I' } ? :head_object : :get_object
+
+        # Generate pre-signed URL from S3 URL.
+        presigned_url = VagrantPlugins::BoxS3::Utils.presign_url(method, url, @logger)
+
+        # Update URL in options.
+        url.replace(presigned_url.to_s)
+
+        # Call original execute_curl (aliased).
+        execute_curl_without_aws_auth(options, subprocess_options, &data_proc)
+
+      rescue Aws::S3::Errors::Forbidden => e
+        message = "403 Forbidden: #{e.message}"
+        raise Errors::DownloaderError, message: message
+      rescue Seahorse::Client::NetworkingError => e
+        raise Errors::DownloaderError, message: e
+      end
+
+      def execute_curl_with_aws_auth(options, subprocess_options, &data_proc)
+        options = options.dup
+        url = options.find { |o| o =~ /^http/ }
+
+        if url && url.include?('amazonaws.com')
+          aws_auth_download(options, subprocess_options, &data_proc)
+        else
+          execute_curl_without_aws_auth(options, subprocess_options, &data_proc)
+        end
+      end
+
+      alias execute_curl_without_aws_auth execute_curl
+      alias execute_curl execute_curl_with_aws_auth
+
+    end
+  end
+end

data/lib/vagrant-box-s3/utils.rb

@@ -0,0 +1,66 @@
+require 'aws-sdk-s3'
+require 'uri'
+
+module VagrantPlugins
+  module BoxS3
+    class Utils
+
+      # Match host style URLs, e.g.
+      # https://bucket-name.s3.Region.amazonaws.com/key-name
+      S3_URL_HOST_REGEX = %r{^https?://([\w\-\.]+)\.s3\.([\w\-]+)\.amazonaws\.com/([^?]+)}
+
+      # Match path style URLs e.g.
+      # https://s3.Region.amazonaws.com/bucket-name/key-name
+      # https://s3-Region.amazonaws.com/bucket-name/keyname
+      S3_URL_PATH_REGEX = %r{^https?://s3[-\.]([\w\-]+)\.amazonaws\.com/([^/]+)/([^?]+)}
+
+      # Parse an s3 URL.
+      def self.parse_s3_url(s3_url)
+        region = bucket = key = nil
+        if s3_url =~ S3_URL_HOST_REGEX
+          match = S3_URL_HOST_REGEX.match(s3_url)
+          region = match[2]
+          bucket = match[1]
+          key = match[3]
+        elsif s3_url =~ S3_URL_PATH_REGEX
+          match = S3_URL_PATH_REGEX.match(s3_url)
+          region = match[1]
+          bucket = match[2]
+          key = match[3]
+        end
+
+        return region, bucket, key
+      end
+
+      # Pre-sign an s3 URL, with given method.
+      def self.presign_url(method, url, logger)
+          logger.info("BoxS3: Generating signed URL for #{method.upcase}")
+          logger.info("BoxS3: Discovered S3 URL: #{url}")
+
+          region, bucket, key = parse_s3_url(url)
+
+          logger.debug("BoxS3: Region: #{region}")
+          logger.debug("BoxS3: Bucket: #{bucket}")
+          logger.debug("BoxS3: Key: #{key}")
+
+          client = Aws::S3::Client.new(
+            profile: ENV['AWS_PROFILE'],
+            region: region
+          )
+          presigner = Aws::S3::Presigner.new(client: client)
+
+          presigned_url = presigner.presigned_url(
+            method,
+            bucket: bucket,
+            key: key,
+            expires_in: 3600
+          ).to_s
+
+          logger.debug("BoxS3: Pre-signed URL: #{presigned_url}")
+
+          return presigned_url
+      end
+
+    end
+  end
+end

data/lib/vagrant-box-s3/version.rb

@@ -0,0 +1,5 @@
+module VagrantPlugins
+  module BoxS3
+    VERSION = '0.1.0'
+  end
+end

data/lib/vagrant-box-s3.rb

@@ -0,0 +1,14 @@
+require 'vagrant'
+
+module VagrantPlugins
+  module BoxS3
+    class Plugin < Vagrant.plugin('2')
+      name 'BoxS3'
+
+      action_hook(:initialize_aliases) do |hook|
+        require_relative 'vagrant-box-s3/downloader'
+      end
+
+    end
+  end
+end

metadata

@@ -0,0 +1,91 @@
+--- !ruby/object:Gem::Specification
+name: vagrant-box-s3
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- Steve Whiteley
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2024-02-13 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: aws-sdk-s3
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.143.0
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.143.0
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.17'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.17'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '10.0'
+description: Private, versioned Vagrant boxes hosted on Amazon S3.
+email:
+- steve@memiah.co.uk
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- LICENSE.txt
+- README.md
+- lib/vagrant-box-s3.rb
+- lib/vagrant-box-s3/downloader.rb
+- lib/vagrant-box-s3/utils.rb
+- lib/vagrant-box-s3/version.rb
+homepage: https://github.com/memiah/vagrant-box-s3
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.0.3.1
+signing_key: 
+specification_version: 4
+summary: Amazon AWS S3 Auth.
+test_files: []