vagrant-ec2-metadata 0.0.4 → 0.0.5
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- checksums.yaml.gz.sig +0 -0
- data/lib/vagrant-ec2-metadata/server.rb +33 -11
- data/lib/vagrant-ec2-metadata/version.rb +1 -1
- data/lib/vagrant-ec2-metadata.rb +5 -4
- data.tar.gz.sig +1 -2
- metadata +7 -8
- metadata.gz.sig +0 -0
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 2e867c6d250971803534937a1a989806fb0a2e65ad650e01fa5770f77ec083f0
|
4
|
+
data.tar.gz: 343d5435d23a8a54a9f3936822cb47a3416e43b44b7f15297e1b1e5a54bfb99c
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: d69d13a1f61cb0406324f3c4c90d336172df3ef3f7526a983fd14af28d2aa366ba120ebc127719849bcbc5120bfdb1654ba5870f75f1c81cb5c323f2ca4994f8
|
7
|
+
data.tar.gz: 88f574e031baa81c664e876cf73a54968eb7af388d033de0bfcefbdc78325eabe6c31d456c44af688c4f365acc6cbd4c074e94168b9ebfdba0344be866c2fab4
|
checksums.yaml.gz.sig
CHANGED
Binary file
|
@@ -4,6 +4,15 @@ require "socket"
|
|
4
4
|
|
5
5
|
ENV["AWS_DEFAULT_REGION"] ||= "us-west-2"
|
6
6
|
|
7
|
+
# WEBrick doesn't let us use PUT unless we apply this hack first
|
8
|
+
module WEBrick
|
9
|
+
module HTTPServlet
|
10
|
+
class ProcHandler
|
11
|
+
alias do_PUT do_GET
|
12
|
+
end
|
13
|
+
end
|
14
|
+
end
|
15
|
+
|
7
16
|
module VagrantEc2Metadata
|
8
17
|
class Server
|
9
18
|
def initialize(config, port, options, env)
|
@@ -11,6 +20,7 @@ module VagrantEc2Metadata
|
|
11
20
|
@port = port
|
12
21
|
@options = options
|
13
22
|
@env = env
|
23
|
+
@imdsv2_token = "supersecrettoken"
|
14
24
|
end
|
15
25
|
|
16
26
|
def start
|
@@ -31,6 +41,18 @@ module VagrantEc2Metadata
|
|
31
41
|
next
|
32
42
|
end
|
33
43
|
|
44
|
+
if req.request_method == "PUT"
|
45
|
+
if req.path == "/latest/api/token"
|
46
|
+
res.body = @imdsv2_token
|
47
|
+
end
|
48
|
+
next
|
49
|
+
end
|
50
|
+
|
51
|
+
if @config.require_tokens && (!req.header["x-aws-ec2-metadata-token"] || req.header["x-aws-ec2-metadata-token"][0] != @imdsv2_token)
|
52
|
+
res.status = 401 # Unauthorized
|
53
|
+
next
|
54
|
+
end
|
55
|
+
|
34
56
|
# This endpoint is all we handle right now
|
35
57
|
if !req.path.start_with?("/latest/meta-data/iam/security-credentials")
|
36
58
|
res.status = 404
|
@@ -59,17 +81,17 @@ module VagrantEc2Metadata
|
|
59
81
|
creds = resp.credentials
|
60
82
|
end
|
61
83
|
|
62
|
-
res.body =
|
63
|
-
{
|
64
|
-
|
65
|
-
|
66
|
-
|
67
|
-
|
68
|
-
|
69
|
-
|
70
|
-
|
71
|
-
}
|
72
|
-
EOF
|
84
|
+
res.body = <<~EOF
|
85
|
+
{
|
86
|
+
"Code" : "Success",
|
87
|
+
"LastUpdated" : "#{Time.now.strftime("%Y-%m-%dT%H:%M:%SZ")}",
|
88
|
+
"Type" : "AWS-HMAC",
|
89
|
+
"AccessKeyId" : "#{creds.access_key_id}",
|
90
|
+
"SecretAccessKey" : "#{creds.secret_access_key}",
|
91
|
+
"Token" : "#{creds.session_token}",
|
92
|
+
"Expiration" : "#{creds.expiration.strftime("%Y-%m-%dT%H:%M:%SZ")}"
|
93
|
+
}
|
94
|
+
EOF
|
73
95
|
end
|
74
96
|
end
|
75
97
|
|
data/lib/vagrant-ec2-metadata.rb
CHANGED
@@ -7,9 +7,11 @@ module VagrantEc2Metadata
|
|
7
7
|
attr_accessor :profile
|
8
8
|
attr_accessor :role_arn
|
9
9
|
attr_accessor :port
|
10
|
+
attr_accessor :require_tokens
|
10
11
|
|
11
12
|
def initialize
|
12
13
|
@profile = UNSET_VALUE
|
14
|
+
@require_tokens = false
|
13
15
|
end
|
14
16
|
|
15
17
|
def finalize!
|
@@ -40,10 +42,9 @@ module VagrantEc2Metadata
|
|
40
42
|
# If you are having troubles with the iptables rule, you can flush it with:
|
41
43
|
# sudo iptables -t nat -F
|
42
44
|
|
43
|
-
cmd =
|
44
|
-
sudo iptables -t nat -A OUTPUT -p tcp -d 169.254.169.254 -j DNAT --to-destination #{host_ip}:#{port} || echo 'Error setting up iptables rule.'
|
45
|
-
|
46
|
-
EOF
|
45
|
+
cmd = <<~EOF
|
46
|
+
sudo iptables -t nat -A OUTPUT -p tcp -d 169.254.169.254 -j DNAT --to-destination #{host_ip}:#{port} || echo 'Error setting up iptables rule.'
|
47
|
+
EOF
|
47
48
|
|
48
49
|
@machine.ui.info("Setting up an iptables rule for the EC2 metadata server (port #{port}).")
|
49
50
|
@machine.action(:ssh_run,
|
data.tar.gz.sig
CHANGED
@@ -1,2 +1 @@
|
|
1
|
-
|
2
|
-
4�ْ�`�d�l�X����d�6s��Q
|
1
|
+
��3$6��=V��,>s��8ه�H��c蘣
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: vagrant-ec2-metadata
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.0.
|
4
|
+
version: 0.0.5
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Stefan Sundin
|
@@ -31,7 +31,7 @@ cert_chain:
|
|
31
31
|
E04BZKo2WzOTzSDymo97Yu4YFgyc98umMyeaCvPk4YmdNzqSanAXpY2bnsyu0CF5
|
32
32
|
Td0=
|
33
33
|
-----END CERTIFICATE-----
|
34
|
-
date:
|
34
|
+
date: 2022-10-25 00:00:00.000000000 Z
|
35
35
|
dependencies:
|
36
36
|
- !ruby/object:Gem::Dependency
|
37
37
|
name: aws-sdk-core
|
@@ -39,28 +39,28 @@ dependencies:
|
|
39
39
|
requirements:
|
40
40
|
- - "~>"
|
41
41
|
- !ruby/object:Gem::Version
|
42
|
-
version: '3.
|
42
|
+
version: '3.164'
|
43
43
|
type: :runtime
|
44
44
|
prerelease: false
|
45
45
|
version_requirements: !ruby/object:Gem::Requirement
|
46
46
|
requirements:
|
47
47
|
- - "~>"
|
48
48
|
- !ruby/object:Gem::Version
|
49
|
-
version: '3.
|
49
|
+
version: '3.164'
|
50
50
|
- !ruby/object:Gem::Dependency
|
51
51
|
name: webrick
|
52
52
|
requirement: !ruby/object:Gem::Requirement
|
53
53
|
requirements:
|
54
54
|
- - "~>"
|
55
55
|
- !ruby/object:Gem::Version
|
56
|
-
version:
|
56
|
+
version: 1.6.1
|
57
57
|
type: :runtime
|
58
58
|
prerelease: false
|
59
59
|
version_requirements: !ruby/object:Gem::Requirement
|
60
60
|
requirements:
|
61
61
|
- - "~>"
|
62
62
|
- !ruby/object:Gem::Version
|
63
|
-
version:
|
63
|
+
version: 1.6.1
|
64
64
|
description: Easily provide vagrant machines with AWS credentials by faking an EC2
|
65
65
|
metadata server.
|
66
66
|
email:
|
@@ -91,8 +91,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
91
91
|
- !ruby/object:Gem::Version
|
92
92
|
version: '0'
|
93
93
|
requirements: []
|
94
|
-
|
95
|
-
rubygems_version: 2.7.7
|
94
|
+
rubygems_version: 3.1.2
|
96
95
|
signing_key:
|
97
96
|
specification_version: 4
|
98
97
|
summary: Easily provide vagrant machines with AWS credentials.
|
metadata.gz.sig
CHANGED
Binary file
|