RubyGems - vagrant-ec2-metadata - Versions diffs - 0.0.3 → 0.0.5 - Mend

vagrant-ec2-metadata 0.0.3 → 0.0.5

Files changed (8) hide show

checksums.yaml +5 -5
checksums.yaml.gz.sig +0 -0
data/lib/vagrant-ec2-metadata/server.rb +42 -13
data/lib/vagrant-ec2-metadata/version.rb +1 -1
data/lib/vagrant-ec2-metadata.rb +5 -4
data.tar.gz.sig +1 -1
metadata +7 -8
metadata.gz.sig +3 -1

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: b39fa813ecb66b687b5bfdd5be62352fae5e4e0d
-  data.tar.gz: 2da7b1319f80aecdecf9c6922bde2530aefdfd26
+SHA256:
+  metadata.gz: 2e867c6d250971803534937a1a989806fb0a2e65ad650e01fa5770f77ec083f0
+  data.tar.gz: 343d5435d23a8a54a9f3936822cb47a3416e43b44b7f15297e1b1e5a54bfb99c
 SHA512:
-  metadata.gz: 3772d5c7560a0e4b0e8b27757b2d1faa83dda570626ed1bebe064733fe8fa6688a98113bd76ae5f196c56dff90325971f64dfaa08cb405ad86d7387068b87e0b
-  data.tar.gz: b0dc167dd1e73d3a0ee1df85dda666f806d3f7e18f4f65519eaa361cef2d26ff7c08324f3bccb5a474c253c21f62f66539c681138caa82d3eac59507b1ec751a
+  metadata.gz: d69d13a1f61cb0406324f3c4c90d336172df3ef3f7526a983fd14af28d2aa366ba120ebc127719849bcbc5120bfdb1654ba5870f75f1c81cb5c323f2ca4994f8
+  data.tar.gz: 88f574e031baa81c664e876cf73a54968eb7af388d033de0bfcefbdc78325eabe6c31d456c44af688c4f365acc6cbd4c074e94168b9ebfdba0344be866c2fab4

checksums.yaml.gz.sig CHANGED Viewed

Binary file

data/lib/vagrant-ec2-metadata/server.rb CHANGED Viewed

@@ -4,6 +4,15 @@ require "socket"
 ENV["AWS_DEFAULT_REGION"] ||= "us-west-2"
+# WEBrick doesn't let us use PUT unless we apply this hack first
+module WEBrick
+  module HTTPServlet
+    class ProcHandler
+      alias do_PUT do_GET
+    end
+  end
+end
 module VagrantEc2Metadata
   class Server
     def initialize(config, port, options, env)
@@ -11,6 +20,7 @@ module VagrantEc2Metadata
       @port = port
       @options = options
       @env = env
+      @imdsv2_token = "supersecrettoken"
     end
     def start
@@ -31,10 +41,29 @@ module VagrantEc2Metadata
           next
         end
+        if req.request_method == "PUT"
+          if req.path == "/latest/api/token"
+            res.body = @imdsv2_token
+          end
+          next
+        end
+        if @config.require_tokens && (!req.header["x-aws-ec2-metadata-token"] || req.header["x-aws-ec2-metadata-token"][0] != @imdsv2_token)
+          res.status = 401 # Unauthorized
+          next
+        end
         # This endpoint is all we handle right now
-        next if !req.path.start_with?("/latest/meta-data/iam/security-credentials/")
+        if !req.path.start_with?("/latest/meta-data/iam/security-credentials")
+          res.status = 404
+          next
+        end
-        if req.path == "/latest/meta-data/iam/security-credentials/"
+        if req.path == "/latest/meta-data/iam/security-credentials"
+          # The Go SDK sends the request here first, then gets redirected to the correct path.. https://github.com/aws/aws-sdk-go/pull/2002
+          res.status = 301
+          res["Location"] = "/latest/meta-data/iam/security-credentials/"
+        elsif req.path == "/latest/meta-data/iam/security-credentials/"
           res.body = "role"
         else
           sts = ::Aws::STS::Client.new(profile: @config.profile)
@@ -52,17 +81,17 @@ module VagrantEc2Metadata
             creds = resp.credentials
           end
-          res.body = <<EOF
-{
-  "Code" : "Success",
-  "LastUpdated" : "#{Time.now.strftime("%Y-%m-%dT%H:%M:%SZ")}",
-  "Type" : "AWS-HMAC",
-  "AccessKeyId" : "#{creds.access_key_id}",
-  "SecretAccessKey" : "#{creds.secret_access_key}",
-  "Token" : "#{creds.session_token}",
-  "Expiration" : "#{creds.expiration.strftime("%Y-%m-%dT%H:%M:%SZ")}"
-}
-EOF
+          res.body = <<~EOF
+            {
+              "Code" : "Success",
+              "LastUpdated" : "#{Time.now.strftime("%Y-%m-%dT%H:%M:%SZ")}",
+              "Type" : "AWS-HMAC",
+              "AccessKeyId" : "#{creds.access_key_id}",
+              "SecretAccessKey" : "#{creds.secret_access_key}",
+              "Token" : "#{creds.session_token}",
+              "Expiration" : "#{creds.expiration.strftime("%Y-%m-%dT%H:%M:%SZ")}"
+            }
+          EOF
         end
       end

data/lib/vagrant-ec2-metadata/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module VagrantEc2Metadata
-  VERSION = "0.0.3"
+  VERSION = "0.0.5"
 end

data/lib/vagrant-ec2-metadata.rb CHANGED Viewed

@@ -7,9 +7,11 @@ module VagrantEc2Metadata
     attr_accessor :profile
     attr_accessor :role_arn
     attr_accessor :port
+    attr_accessor :require_tokens
     def initialize
       @profile = UNSET_VALUE
+      @require_tokens = false
     end
     def finalize!
@@ -40,10 +42,9 @@ module VagrantEc2Metadata
       # If you are having troubles with the iptables rule, you can flush it with:
       # sudo iptables -t nat -F
-      cmd = <<EOF
-sudo iptables -t nat -A OUTPUT -p tcp -d 169.254.169.254 -j DNAT --to-destination #{host_ip}:#{port} || echo 'Error setting up iptables rule.'
-grep -q -F '169.254.169.254 instance-data' /etc/hosts || echo "# Added by vagrant-ec2-metadata:\n169.254.169.254 instance-data" | sudo tee -a /etc/hosts >/dev/null
-EOF
+      cmd = <<~EOF
+        sudo iptables -t nat -A OUTPUT -p tcp -d 169.254.169.254 -j DNAT --to-destination #{host_ip}:#{port} || echo 'Error setting up iptables rule.'
+      EOF
       @machine.ui.info("Setting up an iptables rule for the EC2 metadata server (port #{port}).")
       @machine.action(:ssh_run,

data.tar.gz.sig CHANGED Viewed

	@@ -1 +1 @@
1	- ~~��27h��k��D��\'Mj]E��i��k�<cd&�r��XZ�"��ͧ��j<˾��I�~~
1	+ ��3$6��=V��,>s��8ه�H��c蘣

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: vagrant-ec2-metadata
 version: !ruby/object:Gem::Version
-  version: 0.0.3
+  version: 0.0.5
 platform: ruby
 authors:
 - Stefan Sundin
@@ -31,7 +31,7 @@ cert_chain:
   E04BZKo2WzOTzSDymo97Yu4YFgyc98umMyeaCvPk4YmdNzqSanAXpY2bnsyu0CF5
   Td0=
   -----END CERTIFICATE-----
-date: 2017-11-02 00:00:00.000000000 Z
+date: 2022-10-25 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk-core
@@ -39,28 +39,28 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '3.6'
+        version: '3.164'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '3.6'
+        version: '3.164'
 - !ruby/object:Gem::Dependency
   name: webrick
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.3'
+        version: 1.6.1
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.3'
+        version: 1.6.1
 description: Easily provide vagrant machines with AWS credentials by faking an EC2
   metadata server.
 email:
@@ -91,8 +91,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project:
-rubygems_version: 2.6.13
+rubygems_version: 3.1.2
 signing_key:
 specification_version: 4
 summary: Easily provide vagrant machines with AWS credentials.

metadata.gz.sig CHANGED Viewed

@@ -1 +1,3 @@
-��5z�(6Z�s�^�^J=b����4>���gh$L��1E�>�Á��X8�)�>"%�4�8�i����\�e�yL>"��
+E>g�2�T����i�	��5������Hg`u����+�ү�
+j�Eu	�Ƒ����p�
+�䃅�wa�'p��/�*�