vagrant-ec2-metadata 0.0.4 → 0.0.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 822b3d6ab4f2fc4b4f5eb512bcf398dcfec40b72dbd69de8f9280323fc10d9d4
4
- data.tar.gz: cab8260dcffeac0157ec521d8b71a90bb2d658ae2a2969b3d44ca20237cf5c9f
3
+ metadata.gz: 2e867c6d250971803534937a1a989806fb0a2e65ad650e01fa5770f77ec083f0
4
+ data.tar.gz: 343d5435d23a8a54a9f3936822cb47a3416e43b44b7f15297e1b1e5a54bfb99c
5
5
  SHA512:
6
- metadata.gz: 133835fd1741a1dfc7607f302b94b36ca0c9af234838c9b6ee5075e95c5131444b2abb773a49e987e894f29c8026e6a1757976fe0c5084ea61321dada7c366d2
7
- data.tar.gz: 80aba68130cc15c815f68c409e43ac6e0bf3e64b4d7ded6e1deee9bff8183ace8c60566a0b3bb687ee7bb7d482c228e6e3629771c3718a4334fbf79787ffe403
6
+ metadata.gz: d69d13a1f61cb0406324f3c4c90d336172df3ef3f7526a983fd14af28d2aa366ba120ebc127719849bcbc5120bfdb1654ba5870f75f1c81cb5c323f2ca4994f8
7
+ data.tar.gz: 88f574e031baa81c664e876cf73a54968eb7af388d033de0bfcefbdc78325eabe6c31d456c44af688c4f365acc6cbd4c074e94168b9ebfdba0344be866c2fab4
checksums.yaml.gz.sig CHANGED
Binary file
@@ -4,6 +4,15 @@ require "socket"
4
4
 
5
5
  ENV["AWS_DEFAULT_REGION"] ||= "us-west-2"
6
6
 
7
+ # WEBrick doesn't let us use PUT unless we apply this hack first
8
+ module WEBrick
9
+ module HTTPServlet
10
+ class ProcHandler
11
+ alias do_PUT do_GET
12
+ end
13
+ end
14
+ end
15
+
7
16
  module VagrantEc2Metadata
8
17
  class Server
9
18
  def initialize(config, port, options, env)
@@ -11,6 +20,7 @@ module VagrantEc2Metadata
11
20
  @port = port
12
21
  @options = options
13
22
  @env = env
23
+ @imdsv2_token = "supersecrettoken"
14
24
  end
15
25
 
16
26
  def start
@@ -31,6 +41,18 @@ module VagrantEc2Metadata
31
41
  next
32
42
  end
33
43
 
44
+ if req.request_method == "PUT"
45
+ if req.path == "/latest/api/token"
46
+ res.body = @imdsv2_token
47
+ end
48
+ next
49
+ end
50
+
51
+ if @config.require_tokens && (!req.header["x-aws-ec2-metadata-token"] || req.header["x-aws-ec2-metadata-token"][0] != @imdsv2_token)
52
+ res.status = 401 # Unauthorized
53
+ next
54
+ end
55
+
34
56
  # This endpoint is all we handle right now
35
57
  if !req.path.start_with?("/latest/meta-data/iam/security-credentials")
36
58
  res.status = 404
@@ -59,17 +81,17 @@ module VagrantEc2Metadata
59
81
  creds = resp.credentials
60
82
  end
61
83
 
62
- res.body = <<EOF
63
- {
64
- "Code" : "Success",
65
- "LastUpdated" : "#{Time.now.strftime("%Y-%m-%dT%H:%M:%SZ")}",
66
- "Type" : "AWS-HMAC",
67
- "AccessKeyId" : "#{creds.access_key_id}",
68
- "SecretAccessKey" : "#{creds.secret_access_key}",
69
- "Token" : "#{creds.session_token}",
70
- "Expiration" : "#{creds.expiration.strftime("%Y-%m-%dT%H:%M:%SZ")}"
71
- }
72
- EOF
84
+ res.body = <<~EOF
85
+ {
86
+ "Code" : "Success",
87
+ "LastUpdated" : "#{Time.now.strftime("%Y-%m-%dT%H:%M:%SZ")}",
88
+ "Type" : "AWS-HMAC",
89
+ "AccessKeyId" : "#{creds.access_key_id}",
90
+ "SecretAccessKey" : "#{creds.secret_access_key}",
91
+ "Token" : "#{creds.session_token}",
92
+ "Expiration" : "#{creds.expiration.strftime("%Y-%m-%dT%H:%M:%SZ")}"
93
+ }
94
+ EOF
73
95
  end
74
96
  end
75
97
 
@@ -1,3 +1,3 @@
1
1
  module VagrantEc2Metadata
2
- VERSION = "0.0.4"
2
+ VERSION = "0.0.5"
3
3
  end
@@ -7,9 +7,11 @@ module VagrantEc2Metadata
7
7
  attr_accessor :profile
8
8
  attr_accessor :role_arn
9
9
  attr_accessor :port
10
+ attr_accessor :require_tokens
10
11
 
11
12
  def initialize
12
13
  @profile = UNSET_VALUE
14
+ @require_tokens = false
13
15
  end
14
16
 
15
17
  def finalize!
@@ -40,10 +42,9 @@ module VagrantEc2Metadata
40
42
  # If you are having troubles with the iptables rule, you can flush it with:
41
43
  # sudo iptables -t nat -F
42
44
 
43
- cmd = <<EOF
44
- sudo iptables -t nat -A OUTPUT -p tcp -d 169.254.169.254 -j DNAT --to-destination #{host_ip}:#{port} || echo 'Error setting up iptables rule.'
45
- grep -q -F '169.254.169.254 instance-data' /etc/hosts || echo "# Added by vagrant-ec2-metadata:\n169.254.169.254 instance-data" | sudo tee -a /etc/hosts >/dev/null
46
- EOF
45
+ cmd = <<~EOF
46
+ sudo iptables -t nat -A OUTPUT -p tcp -d 169.254.169.254 -j DNAT --to-destination #{host_ip}:#{port} || echo 'Error setting up iptables rule.'
47
+ EOF
47
48
 
48
49
  @machine.ui.info("Setting up an iptables rule for the EC2 metadata server (port #{port}).")
49
50
  @machine.action(:ssh_run,
data.tar.gz.sig CHANGED
@@ -1,2 +1 @@
1
- �W,��>h�Ե(� �r�/�[���'-�v?9��2��=���M�]&�ղ��+�BJ��J��E�<X���xLjl<�V��߱���F��Y�Y* �nT��1�rbW?Gg�Ѡ�}��nG���l&|���%� �ua�`�\����2n�J.�:�"(JK��ID5e�/�T��L��/tS��*3(� 2����6=�`�%��(���۵ܳ��Gp+�Xnj
2
- 4�ْ�`�d�l�X����d�6s��Q
1
+ ��3$6��=V��,>s��8ه�H��c蘣
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: vagrant-ec2-metadata
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.0.4
4
+ version: 0.0.5
5
5
  platform: ruby
6
6
  authors:
7
7
  - Stefan Sundin
@@ -31,7 +31,7 @@ cert_chain:
31
31
  E04BZKo2WzOTzSDymo97Yu4YFgyc98umMyeaCvPk4YmdNzqSanAXpY2bnsyu0CF5
32
32
  Td0=
33
33
  -----END CERTIFICATE-----
34
- date: 2018-06-20 00:00:00.000000000 Z
34
+ date: 2022-10-25 00:00:00.000000000 Z
35
35
  dependencies:
36
36
  - !ruby/object:Gem::Dependency
37
37
  name: aws-sdk-core
@@ -39,28 +39,28 @@ dependencies:
39
39
  requirements:
40
40
  - - "~>"
41
41
  - !ruby/object:Gem::Version
42
- version: '3.6'
42
+ version: '3.164'
43
43
  type: :runtime
44
44
  prerelease: false
45
45
  version_requirements: !ruby/object:Gem::Requirement
46
46
  requirements:
47
47
  - - "~>"
48
48
  - !ruby/object:Gem::Version
49
- version: '3.6'
49
+ version: '3.164'
50
50
  - !ruby/object:Gem::Dependency
51
51
  name: webrick
52
52
  requirement: !ruby/object:Gem::Requirement
53
53
  requirements:
54
54
  - - "~>"
55
55
  - !ruby/object:Gem::Version
56
- version: '1.3'
56
+ version: 1.6.1
57
57
  type: :runtime
58
58
  prerelease: false
59
59
  version_requirements: !ruby/object:Gem::Requirement
60
60
  requirements:
61
61
  - - "~>"
62
62
  - !ruby/object:Gem::Version
63
- version: '1.3'
63
+ version: 1.6.1
64
64
  description: Easily provide vagrant machines with AWS credentials by faking an EC2
65
65
  metadata server.
66
66
  email:
@@ -91,8 +91,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
91
91
  - !ruby/object:Gem::Version
92
92
  version: '0'
93
93
  requirements: []
94
- rubyforge_project:
95
- rubygems_version: 2.7.7
94
+ rubygems_version: 3.1.2
96
95
  signing_key:
97
96
  specification_version: 4
98
97
  summary: Easily provide vagrant machines with AWS credentials.
metadata.gz.sig CHANGED
Binary file