vagrant-ec2-metadata 0.0.4 → 0.0.5
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- checksums.yaml.gz.sig +0 -0
- data/lib/vagrant-ec2-metadata/server.rb +33 -11
- data/lib/vagrant-ec2-metadata/version.rb +1 -1
- data/lib/vagrant-ec2-metadata.rb +5 -4
- data.tar.gz.sig +1 -2
- metadata +7 -8
- metadata.gz.sig +0 -0
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 2e867c6d250971803534937a1a989806fb0a2e65ad650e01fa5770f77ec083f0
|
4
|
+
data.tar.gz: 343d5435d23a8a54a9f3936822cb47a3416e43b44b7f15297e1b1e5a54bfb99c
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: d69d13a1f61cb0406324f3c4c90d336172df3ef3f7526a983fd14af28d2aa366ba120ebc127719849bcbc5120bfdb1654ba5870f75f1c81cb5c323f2ca4994f8
|
7
|
+
data.tar.gz: 88f574e031baa81c664e876cf73a54968eb7af388d033de0bfcefbdc78325eabe6c31d456c44af688c4f365acc6cbd4c074e94168b9ebfdba0344be866c2fab4
|
checksums.yaml.gz.sig
CHANGED
Binary file
|
@@ -4,6 +4,15 @@ require "socket"
|
|
4
4
|
|
5
5
|
ENV["AWS_DEFAULT_REGION"] ||= "us-west-2"
|
6
6
|
|
7
|
+
# WEBrick doesn't let us use PUT unless we apply this hack first
|
8
|
+
module WEBrick
|
9
|
+
module HTTPServlet
|
10
|
+
class ProcHandler
|
11
|
+
alias do_PUT do_GET
|
12
|
+
end
|
13
|
+
end
|
14
|
+
end
|
15
|
+
|
7
16
|
module VagrantEc2Metadata
|
8
17
|
class Server
|
9
18
|
def initialize(config, port, options, env)
|
@@ -11,6 +20,7 @@ module VagrantEc2Metadata
|
|
11
20
|
@port = port
|
12
21
|
@options = options
|
13
22
|
@env = env
|
23
|
+
@imdsv2_token = "supersecrettoken"
|
14
24
|
end
|
15
25
|
|
16
26
|
def start
|
@@ -31,6 +41,18 @@ module VagrantEc2Metadata
|
|
31
41
|
next
|
32
42
|
end
|
33
43
|
|
44
|
+
if req.request_method == "PUT"
|
45
|
+
if req.path == "/latest/api/token"
|
46
|
+
res.body = @imdsv2_token
|
47
|
+
end
|
48
|
+
next
|
49
|
+
end
|
50
|
+
|
51
|
+
if @config.require_tokens && (!req.header["x-aws-ec2-metadata-token"] || req.header["x-aws-ec2-metadata-token"][0] != @imdsv2_token)
|
52
|
+
res.status = 401 # Unauthorized
|
53
|
+
next
|
54
|
+
end
|
55
|
+
|
34
56
|
# This endpoint is all we handle right now
|
35
57
|
if !req.path.start_with?("/latest/meta-data/iam/security-credentials")
|
36
58
|
res.status = 404
|
@@ -59,17 +81,17 @@ module VagrantEc2Metadata
|
|
59
81
|
creds = resp.credentials
|
60
82
|
end
|
61
83
|
|
62
|
-
res.body =
|
63
|
-
{
|
64
|
-
|
65
|
-
|
66
|
-
|
67
|
-
|
68
|
-
|
69
|
-
|
70
|
-
|
71
|
-
}
|
72
|
-
EOF
|
84
|
+
res.body = <<~EOF
|
85
|
+
{
|
86
|
+
"Code" : "Success",
|
87
|
+
"LastUpdated" : "#{Time.now.strftime("%Y-%m-%dT%H:%M:%SZ")}",
|
88
|
+
"Type" : "AWS-HMAC",
|
89
|
+
"AccessKeyId" : "#{creds.access_key_id}",
|
90
|
+
"SecretAccessKey" : "#{creds.secret_access_key}",
|
91
|
+
"Token" : "#{creds.session_token}",
|
92
|
+
"Expiration" : "#{creds.expiration.strftime("%Y-%m-%dT%H:%M:%SZ")}"
|
93
|
+
}
|
94
|
+
EOF
|
73
95
|
end
|
74
96
|
end
|
75
97
|
|
data/lib/vagrant-ec2-metadata.rb
CHANGED
@@ -7,9 +7,11 @@ module VagrantEc2Metadata
|
|
7
7
|
attr_accessor :profile
|
8
8
|
attr_accessor :role_arn
|
9
9
|
attr_accessor :port
|
10
|
+
attr_accessor :require_tokens
|
10
11
|
|
11
12
|
def initialize
|
12
13
|
@profile = UNSET_VALUE
|
14
|
+
@require_tokens = false
|
13
15
|
end
|
14
16
|
|
15
17
|
def finalize!
|
@@ -40,10 +42,9 @@ module VagrantEc2Metadata
|
|
40
42
|
# If you are having troubles with the iptables rule, you can flush it with:
|
41
43
|
# sudo iptables -t nat -F
|
42
44
|
|
43
|
-
cmd =
|
44
|
-
sudo iptables -t nat -A OUTPUT -p tcp -d 169.254.169.254 -j DNAT --to-destination #{host_ip}:#{port} || echo 'Error setting up iptables rule.'
|
45
|
-
|
46
|
-
EOF
|
45
|
+
cmd = <<~EOF
|
46
|
+
sudo iptables -t nat -A OUTPUT -p tcp -d 169.254.169.254 -j DNAT --to-destination #{host_ip}:#{port} || echo 'Error setting up iptables rule.'
|
47
|
+
EOF
|
47
48
|
|
48
49
|
@machine.ui.info("Setting up an iptables rule for the EC2 metadata server (port #{port}).")
|
49
50
|
@machine.action(:ssh_run,
|
data.tar.gz.sig
CHANGED
@@ -1,2 +1 @@
|
|
1
|
-
|
2
|
-
4�ْ�`�d�l�X����d�6s��Q
|
1
|
+
��3$6��=V��,>s��8ه�H��c蘣
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: vagrant-ec2-metadata
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.0.
|
4
|
+
version: 0.0.5
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Stefan Sundin
|
@@ -31,7 +31,7 @@ cert_chain:
|
|
31
31
|
E04BZKo2WzOTzSDymo97Yu4YFgyc98umMyeaCvPk4YmdNzqSanAXpY2bnsyu0CF5
|
32
32
|
Td0=
|
33
33
|
-----END CERTIFICATE-----
|
34
|
-
date:
|
34
|
+
date: 2022-10-25 00:00:00.000000000 Z
|
35
35
|
dependencies:
|
36
36
|
- !ruby/object:Gem::Dependency
|
37
37
|
name: aws-sdk-core
|
@@ -39,28 +39,28 @@ dependencies:
|
|
39
39
|
requirements:
|
40
40
|
- - "~>"
|
41
41
|
- !ruby/object:Gem::Version
|
42
|
-
version: '3.
|
42
|
+
version: '3.164'
|
43
43
|
type: :runtime
|
44
44
|
prerelease: false
|
45
45
|
version_requirements: !ruby/object:Gem::Requirement
|
46
46
|
requirements:
|
47
47
|
- - "~>"
|
48
48
|
- !ruby/object:Gem::Version
|
49
|
-
version: '3.
|
49
|
+
version: '3.164'
|
50
50
|
- !ruby/object:Gem::Dependency
|
51
51
|
name: webrick
|
52
52
|
requirement: !ruby/object:Gem::Requirement
|
53
53
|
requirements:
|
54
54
|
- - "~>"
|
55
55
|
- !ruby/object:Gem::Version
|
56
|
-
version:
|
56
|
+
version: 1.6.1
|
57
57
|
type: :runtime
|
58
58
|
prerelease: false
|
59
59
|
version_requirements: !ruby/object:Gem::Requirement
|
60
60
|
requirements:
|
61
61
|
- - "~>"
|
62
62
|
- !ruby/object:Gem::Version
|
63
|
-
version:
|
63
|
+
version: 1.6.1
|
64
64
|
description: Easily provide vagrant machines with AWS credentials by faking an EC2
|
65
65
|
metadata server.
|
66
66
|
email:
|
@@ -91,8 +91,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
91
91
|
- !ruby/object:Gem::Version
|
92
92
|
version: '0'
|
93
93
|
requirements: []
|
94
|
-
|
95
|
-
rubygems_version: 2.7.7
|
94
|
+
rubygems_version: 3.1.2
|
96
95
|
signing_key:
|
97
96
|
specification_version: 4
|
98
97
|
summary: Easily provide vagrant machines with AWS credentials.
|
metadata.gz.sig
CHANGED
Binary file
|