vagrant-gsauth 1.0.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 53c5257aa38fa117c1ceefa223db18ba419dece1
+  data.tar.gz: dfffba687e143e9326e2c5349101ce9e7dfdeddc
+SHA512:
+  metadata.gz: 0c918eafc59052be0732051acfa8d3387f06249ce4fddd8914b58e0bb673fc094016ca3403e9eff87f57afcb25e911c94f2e6155b97edf643f65e60aa543ff79
+  data.tar.gz: accff56a518fb2db6a68fde1ea27c3a978ce7381aeeab5198e7a93db6c9144319b2afaf8ee531f32fd54cad7b1b7058167fe5bf118f7de4bd8130cb6e2a09ed8

data/.gitignore

@@ -0,0 +1,6 @@
+.DS_Store
+
+pkg
+*.gem
+.env
+Gemfile.lock

data/.rubocop.yml

@@ -0,0 +1,33 @@
+Lint/AssignmentInCondition:
+  Enabled: false
+
+Metrics/AbcSize:
+  Max: 40
+
+Metrics/CyclomaticComplexity:
+  Max: 12
+
+Metrics/LineLength:
+  Max: 100
+
+Metrics/MethodLength:
+  CountComments: false
+  Max: 25
+
+Metrics/PerceivedComplexity:
+  Max: 15
+
+Style/AlignParameters:
+  EnforcedStyle: with_fixed_indentation
+
+Style/Documentation:
+  Enabled: false
+
+Style/FileName:
+  Enabled: false
+
+Style/RescueModifier:
+  Enabled: false
+
+Style/SignalException:
+  EnforcedStyle: only_raise

data/.ruby-version

@@ -0,0 +1 @@
+2.2.3

data/.travis.yml

@@ -0,0 +1,51 @@
+sudo: false
+
+language: ruby
+rvm:
+- 2.2.3
+
+addons:
+  apt:
+    packages:
+    - bsdtar
+    - libxslt1.1
+
+before_install:
+# Install Bats, the Bash testing framework
+- npm install bats
+
+# Speed up Nokogiri installation substantially by using precompiled libxslt
+- bundle config build.nokogiri --use-system-libraries
+
+# Older versions of Vagrant can't handle the current version of Bundler, which
+# ships with Travis.
+- rvm @default,@global do gem uninstall bundler --all --executables
+- gem install bundler -v '~> 1.5.2'
+- bundle --version
+
+before_script:
+- test/setup.rb
+
+after_script:
+- test/cleanup.rb
+
+env:
+  global:
+  - VAGRANT_S3AUTH_ATLAS_BOX_NAME="travis-$TRAVIS_JOB_NUMBER"
+  - VAGRANT_S3AUTH_BUCKET="travis-$TRAVIS_JOB_NUMBER.vagrant-gsauth.com"
+  - VAGRANT_S3AUTH_REGION_NONSTANDARD=eu-west-1
+  - VAGRANT_S3AUTH_BOX_BASE=minimal
+  matrix:
+  - VAGRANT_VERSION=master
+  - VAGRANT_VERSION=v1.8.1
+  - VAGRANT_VERSION=v1.7.4
+  - VAGRANT_VERSION=v1.6.5
+  - VAGRANT_VERSION=v1.5.1
+
+deploy:
+  provider: rubygems
+  api_key:
+    secure: foobar
+  on:
+    tags: true
+    repo: ConduceInc/vagrant-gsauth

data/.vagrant/machines/default/virtualbox/action_provision

@@ -0,0 +1 @@
+1.5:e21ed4ad-df79-4ce2-92e7-737f03004c9a

data/.vagrant/machines/default/virtualbox/action_set_name

@@ -0,0 +1 @@
+1480608574

data/.vagrant/machines/default/virtualbox/creator_uid

@@ -0,0 +1 @@
+501

data/.vagrant/machines/default/virtualbox/id

@@ -0,0 +1 @@
+e21ed4ad-df79-4ce2-92e7-737f03004c9a

data/.vagrant/machines/default/virtualbox/index_uuid

@@ -0,0 +1 @@
+b8501bb300114a7fb421a3e4ddc35121

data/.vagrant/machines/default/virtualbox/private_key

@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEowIBAAKCAQEA1ZRGw9t6XM5AAMPcRFHYyJkhSLSXhD0Y3VThjVCiazc23xvO
+FQL/wd7Cz7UkjwplHOP2CN2FPFHJqLHVhn5PtCYIZLOHAHL4WzhYqm2sIVyLBbWI
+lsHHgH25wRXrR50za437QtqPIb/brs5auNKOi4Q0elIeCah9G8tKBf/jbDB1ibXY
+L3XVALvBIb6U0dtf0mURgdaT+Ql35UzH5hqQDuT+uB0sfKgKozl9LnxGN0MG45L/
+jqmOBfffLAnHGe7EOTQFIli9hgIbliwgZfTpCY4wQrOyceCvzU/R11QH/+zbsUQe
+hAoRjWob0uENeI7qOYs4ea2t/A/BfWjgJJtk1wIDAQABAoIBAA4dRWvuFjEJ5Ero
+pqbRLd1b2Uo/vP+dNgZydJFtMb6aIIMwCDd1QkeinAcz9l2Jl1MIcZr2YLayxPvj
+/LNtp4DFPqrA/nv2HRmSKLHim4x83CcdbxBfb/q61ErBUxIhfmNuN5uca/cUAcWU
+l4Q9TfREYV9wC9Ihk1sB3Tt2RKZCkqn2DJ8zmeOktNQEU4CvHjRu7/SD58scE3Db
+gEZfaUDKPdzhDvnHtSiP1g+NJRYvY5zPZLcjwA8XEJw0qrIwpK7hDYJ0iTtqPWRR
+z+54sy9rp85BzRbM+UpRiP0RRDrFrP6Suz+vAm7wXE5ivwHEMfAAfeqE4fk2emIU
+Et1+GkECgYEA6ya2bsj8X1yiMdxfwjaKrPpEm3zaxiRHavKS8H9I7fiPs88dbEL1
+uP0P/SMFzb1ipoLZ1goQLsLs1XIrdZhNwEpG3nPUBUkz5hiGipa2gKG2Nt108L6P
+Dawd1t/vhzU2JVIjG6EKKNoWBx2UEOc6/LYXsw6crxpT1cVzXTDkACECgYEA6IPw
+L7IAk6df7igpW4+iVZjfPbifk31nKvq1hMZqkdIIh+c6/Iadom9PO96WSuI8AcrD
+l+bPceP9Kkdq4oIzMuTVmlPXyTRiWM4FzKVMYLbhp5gaFrjuNP9lNaAxLdwoCaQg
+BFcDzaG56Sj5NM8VpQjVlmG9NZxfcIDIl5tKpfcCgYB4L5kelmsm8lmT0ma/BNFs
+B535Op82lmRKLSEc+nFz747DACCxrKeanP0HDFdzCFDbehWMaChNPiN+FJRRzj4v
+Acem+txqtzdnazGYs98jb4OKFzYltb+35Th7EomCOZgrCwgWnwBqUMzhZiS/Xu+v
+KgKC6fz7IiGnKPwFrW9bAQKBgGjPgKefT48/dYi/ZdU2K/D11jvWS2iKsMS4+rX9
+UvCkgt/wJbDLZadhEZBlR849qNsN8Zk5m+003lv+kXnFQxr/+CF3BeBW0rZBOHAF
+WyaFibaoY6o2dnpBXfgMW97WTN37s8sBBl/dNRabN6rMZm9cShtdt5LBCGyIQOPG
+RqIFAoGBAMm5MPvX/rtJO8XeQVOZ0o3Rv/zpOjA/gqAhQbiMTHaPkWHBfLD0Vgmj
+zehNrSp1kKaITcpf6M0XeaXX63M3tM8Vdw2vftdkR6wLMiemImNkOk7gahBieqMv
+7AU6AtLW1PdwQU6cXyRY0t4fjC5FWhdNWnLJ8Os7Qs0BajWP6PK3
+-----END RSA PRIVATE KEY-----

data/.vagrant/machines/default/virtualbox/synced_folders

@@ -0,0 +1 @@
+{"virtualbox":{"/vagrant":{"guestpath":"/vagrant","hostpath":"/Users/jdipierro/Source/vagrant-s3auth","disabled":false,"__vagrantfile":true}}}

data/CHANGELOG.md

@@ -0,0 +1,135 @@
+## 1.3.0
+
+**18 January 2016**
+
+Enhancements:
+
+* upgrade to AWS SDK v2.2.10
+
+Fixes:
+
+* allow box update checks when offline ([#26])
+* support the Vagrant 1.8.x series ([#27])
+
+## 1.2.0
+
+**20 August 2015**
+
+Enhancements:
+
+* output the discovered AWS access key and its source (environment variable or
+  profile) when downloading an authenticated S3 box ([#21])
+
+Thanks, [@Daemoen][Daemoen]!
+
+## 1.1.1
+
+**6 August 2015**
+
+Enhancements:
+
+* bump dependencies to latest patch versions and dev dependencies to latest
+  versions
+
+## 1.1.0
+
+**1 June 2015**
+
+Enhancements:
+
+* upgrade to AWS SDK v2 ([#15])
+* recommend the use of the AWS SDK's centralized credential file ([#14])
+
+Fixes:
+
+* allow up to ten minutes of time skew ([#16])
+* try an unauthenticated download before demanding AWS credentials ([#10])
+
+Thanks, [@kimpepper][kimpepper] and [@companykitchen-dev][companykitchen-dev]!
+
+## 1.0.3
+
+**10 March 2015**
+
+Fixes:
+
+* fix namespace collisions with [vagrant-aws][vagrant-aws] ([#11])
+
+Thanks, [@andres-rojas][andres-rojas]!
+
+
+## 1.0.2
+
+**25 December 2014**
+
+Enhancements:
+
+* provide better error messages when S3 API requests are denied ([#9])
+* include IAM policy recommendations in README
+
+## 1.0.1
+
+**21 December 2014**
+
+Enhancements:
+
+* support bucket-in-host style S3 URLs to simplify usage instructions
+
+Fixes:
+
+* internal cleanup
+* improved detection of incompatible Vagrant versions
+
+## 1.0.0
+
+**16 December 2014**
+
+Enhancements:
+
+* passes a complete acceptance test suite
+* detects full and shorthand S3 URLs at all download stages
+
+Fixes:
+
+* automatically determines region for shorthand S3 URLs ([#1], [#7])
+
+## 0.1.0
+
+**13 June 2014**
+
+Enhancements:
+
+* support buckets hosted in any S3 region ([#1])
+
+Fixes:
+
+* properly authenticate requests for simple (non-metadata) S3 boxes ([#1])
+
+## 0.0.2
+
+**6 June 2014**
+
+Enhancements:
+
+* formally license under MIT
+
+## 0.0.1
+
+* initial release
+
+[#1]: https://github.com/WhoopInc/vagrant-s3auth/issues/1
+[#7]: https://github.com/WhoopInc/vagrant-s3auth/issues/7
+[#9]: https://github.com/WhoopInc/vagrant-s3auth/issues/9
+[#10]: https://github.com/WhoopInc/vagrant-s3auth/issues/10
+[#11]: https://github.com/WhoopInc/vagrant-s3auth/pull/11
+[#14]: https://github.com/WhoopInc/vagrant-s3auth/issues/14
+[#15]: https://github.com/WhoopInc/vagrant-s3auth/issues/15
+[#16]: https://github.com/WhoopInc/vagrant-s3auth/issues/16
+[#21]: https://github.com/WhoopInc/vagrant-s3auth/issues/21
+
+[Daemoen]: https://github.com/Daemoen
+[andres-rojas]: https://github.com/andres-rojas
+[companykitchen-dev]: https://github.com/companykitchen-dev
+[kimpepper]: https://github.com/kimpepper
+
+[vagrant-aws]: https://github.com/mitchellh/vagrant-aws

data/CONTRIBUTING.md

@@ -0,0 +1,40 @@
+# Contributing
+
+We love contributions! Pull request away.
+
+## Hacking
+
+You'll need Ruby and Bundler, of course. Then, check out the code and install
+the gems:
+
+```bash
+$ git clone git@github.com:conduceinc/vagrant-gsauth.git
+$ cd vagrant-gsauth
+$ bundle
+```
+
+Hack away! When you're ready to test, either [run the test suite](TESTING.md) or
+run Vagrant manually *using the configured Bundler environment*:
+
+```bash
+$ VAGRANT_LOG=debug bundle exec vagrant box add S3_URL
+```
+
+If you forget the `bundle exec`, you'll use system Vagrant—not the Vagrant that
+has your plugin changes installed!
+
+## Guidelines
+
+We do ask that all contributions pass the linter and test suite. Travis will
+automatically run these against your contribution once you submit the pull
+request, but you can also run them locally as you go!
+
+### Linting
+
+```bash
+$ rake lint
+```
+
+### Testing
+
+See [TESTING](TESTING.md).

data/Gemfile

@@ -0,0 +1,13 @@
+source 'https://rubygems.org'
+
+VAGRANT_REF = ENV['VAGRANT_VERSION'] || 'master'
+
+group :development do
+  gem 'vagrant', git: 'git://github.com/mitchellh/vagrant.git', ref: VAGRANT_REF
+end
+
+group :plugins do
+  gemspec
+  gem 'google-api-client', require: 'google/apis/storage_v1'
+  gem 'vagrant-aws', git: 'git://github.com/mitchellh/vagrant-aws.git', ref: 'master'
+end

data/LICENSE

@@ -0,0 +1,19 @@
+Copyright (c) 2014 WHOOP, Inc.
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

data/README.md

@@ -0,0 +1,131 @@
+# vagrant-gsauth
+
+<a href="https://travis-ci.org/ConduceInc/vagrant-gsauth">
+  <img src="https://travis-ci.org/ConduceInc/vagrant-gsauth.svg?branch=master"
+    align="right">
+</a>
+
+Private, versioned Vagrant boxes hosted in Google Cloud Storage.
+
+## Installation
+
+From the command line:
+
+```bash
+$ vagrant plugin install vagrant-gsauth
+```
+
+### Requirements
+
+* [Vagrant][vagrant], v1.5.1+
+
+## Usage
+
+vagrant-gsauth will parse GS URLs:
+
+```
+gs://bucket/path/to/metadata
+```
+
+And authorize the request using your Google Cloud SDK login.
+
+This means you can host your team's sensitive, private boxes in Google Storage, and use your
+developers' existing Google credentials to securely grant access.
+
+If you've already got your credentials stored in the standard environment
+variables:
+
+```ruby
+# Vagrantfile
+
+Vagrant.configure('2') do |config|
+  config.vm.box     = 'simple-secrets'
+  config.vm.box_url = 'gs://example.com/secret.box'
+end
+```
+
+### Configuration
+
+#### Google Cloud credentials
+
+https://cloud.google.com/sdk/
+
+#### GS URLs
+
+You can use the gs protocol shorthand
+
+```
+gs://bucket/resource
+```
+
+which expands to full path HTTPS URL.
+
+#### Simple boxes
+
+Simply point your `box_url` at a google storage URL:
+
+```ruby
+Vagrant.configure('2') do |config|
+  config.vm.box     = 'simple-secrets'
+  config.vm.box_url = 'gs://bucket/secret.box'
+end
+```
+
+#### Metadata (versioned) boxes
+
+[Metadata boxes][metadata-boxes] were added to Vagrant in 1.5 and power Vagrant
+Cloud. You can host your own metadata and bypass Vagrant Cloud entirely.
+
+Essentially, you point your `box_url` at a [JSON metadata file][metadata-boxes]
+that tells Vagrant where to find all possible versions:
+
+```ruby
+# Vagrantfile
+
+Vagrant.configure('2') do |config|
+  config.vm.box     = 'examplecorp/secrets'
+  config.vm.box_url = 'gs://bucket/secrets'
+end
+```
+
+```json
+"gs://bucket/secrets"
+
+{
+  "name": "examplecorp/secrets",
+  "description": "This box contains company secrets.",
+  "versions": [{
+    "version": "0.1.0",
+    "providers": [{
+      "name": "virtualbox",
+      "url": "gs://bucket/secrets/1.0.0/secrets.box",
+      "checksum_type": "sha1",
+      "checksum": "foo"
+    }]
+  }]
+}
+```
+
+**IMPORTANT:** Your metadata *must* be served with `Content-Type: application/json`
+or Vagrant will not recognize it as metadata!
+
+## Auto-install
+
+The beauty of Vagrant is the magic of "`vagrant up` and done." Making your users
+install a plugin is lame.
+
+But wait! Just stick some shell in your Vagrantfile:
+
+```ruby
+unless Vagrant.has_plugin?('vagrant-gsauth')
+  # Attempt to install ourself. Bail out on failure so we don't get stuck in an
+  # infinite loop.
+  system('vagrant plugin install vagrant-gsauth') || exit!
+
+  # Relaunch Vagrant so the plugin is detected. Exit with the same status code.
+  exit system('vagrant', *ARGV)
+end
+```
+
+[metadata-boxes]: http://docs.vagrantup.com/v2/boxes/format.html
+[vagrant]: http://vagrantup.com

data/Rakefile

@@ -0,0 +1,15 @@
+require 'rubygems'
+require 'bundler/setup'
+require 'rubocop/rake_task'
+
+Dir.chdir(File.expand_path('../', __FILE__))
+
+Bundler::GemHelper.install_tasks
+
+RuboCop::RakeTask.new(:lint)
+
+task :test do
+  sh 'bats test/run.bats'
+end
+
+task default: %w(lint test)

data/TESTING.md

@@ -0,0 +1,51 @@
+# Testing
+
+No unit testing, since the project is so small. But a full suite of acceptance
+tests that run using [Bats: Bash Automated Testing System][bats]! Basically, the
+acceptance tests run `vagrant box add GS_URL` with a bunch of GS URLs and box
+types, and assert that everything works!
+
+See [the .travis.yml CI configuration](.travis.yml) for a working example.
+
+## Environment variables
+
+You'll need to export the below. Recommended values included when not sensitive.
+
+```bash
+# Base name of bucket. Must be unique.
+export VAGRANT_GSAUTH_BUCKET="vagrant-gsauth"
+# The test box to use. Currently only 1.
+export VAGRANT_GSAUTH_BOX_BASE="minimal"
+# The Google Cloud project that the tests will create buckets and objects under.
+export VAGRANT_GSAUTH_PROJECT="someproject-1234567"
+```
+
+[bats]: https://github.com/sstephenson/bats
+
+## Running tests
+
+You'll need [Bats][bats] installed! Then:
+
+```bash
+# export env vars as described
+$ test/setup.rb
+$ rake test
+# hack hack hack
+$ rake test
+$ test/cleanup.rb
+```
+
+## Scripts
+
+### test/setup.rb
+
+Creates a Google Cloud Storage bucket with the contents of the box
+directory.
+
+### test/cleanup.rb
+
+Destroys GS buckets and objects.
+
+## run.bats
+
+Attempts to `vagrant box add` the boxes from Google Storage.

data/lib/vagrant-gsauth.rb

@@ -0,0 +1,14 @@
+require 'pathname'
+
+require 'vagrant-gsauth/plugin'
+
+module VagrantPlugins
+  module GSAuth
+    def self.source_root
+      @source_root ||= Pathname.new(File.expand_path('../../', __FILE__))
+    end
+
+    I18n.load_path << File.expand_path('locales/en.yml', source_root)
+    I18n.reload!
+  end
+end

data/lib/vagrant-gsauth/errors.rb

@@ -0,0 +1,19 @@
+require 'vagrant'
+
+module VagrantPlugins
+  module GSAuth
+    module Errors
+      class VagrantGSAuthError < Vagrant::Errors::VagrantError
+        error_namespace('vagrant_s3auth.errors')
+      end
+
+      class UnknownBucketError < VagrantGSAuthError
+        error_key(:unknown_bucket)
+      end
+
+      class MalformedShorthandURLError < VagrantGSAuthError
+        error_key(:malformed_shorthand_url)
+      end
+    end
+  end
+end

data/lib/vagrant-gsauth/extension/downloader.rb

@@ -0,0 +1,60 @@
+require 'uri'
+
+require 'vagrant/util/downloader'
+require 'vagrant-gsauth/util'
+require 'google/apis/errors'
+
+GSAuth = VagrantPlugins::GSAuth
+
+module Vagrant
+  module Util
+    class Downloader
+      def gsauth_download(options, subprocess_options, &data_proc)
+        # The URL sent to curl is always the last argument. We have to rely
+        # on this implementation detail because we need to hook into both
+        # HEAD and GET requests.
+        url = options.last
+        gs_object = GSAuth::Util.get_object(url)
+        return unless gs_object
+
+        @logger.info("gsauth: Discovered GS URL: #{@source}")
+        @logger.debug("gsauth: Bucket: #{gs_object.bucket}")
+        @logger.debug("gsauth: Object: #{gs_object.name}")
+
+        url.replace(gs_object.media_link)
+        @logger.debug("gsauth: Media download link: #{gs_object.media_link}")
+
+        auth_headers = GSAuth::Util.authorization_header
+
+        options.insert(0, *auth_headers.map { |k, v| ['-H', "#{k}: #{v}"] }.flatten)
+
+        execute_curl_without_gsauth(options, subprocess_options, &data_proc)
+      rescue Errors::DownloaderError => e
+        if e.message =~ /403 Forbidden/
+          e.message << "\n\n"
+          e.message << I18n.t('vagrant_gsauth.errors.box_download_forbidden',
+            bucket: gs_object && gs_object.bucket.name)
+        end
+        raise
+      rescue Google::Apis::Error => e
+        raise Errors::DownloaderError, message: e
+      rescue ::Seahorse::Client::NetworkingError => e
+        # Vagrant ignores download errors during e.g. box update checks
+        # because an internet connection isn't necessary if the box is
+        # already downloaded. Vagrant isn't expecting AWS's
+        # Seahorse::Client::NetworkingError, so we cast it to the
+        # DownloaderError Vagrant expects.
+        raise Errors::DownloaderError, message: e
+      end
+
+      def execute_curl_with_gsauth(options, subprocess_options, &data_proc)
+        @ui.clear_line if @ui
+
+        gsauth_download(options, subprocess_options, &data_proc) || (raise e)
+      end
+
+      alias execute_curl_without_gsauth execute_curl
+      alias execute_curl execute_curl_with_gsauth
+    end
+  end
+end

data/lib/vagrant-gsauth/middleware/expand_gs_urls.rb

@@ -0,0 +1,28 @@
+require 'uri'
+
+module VagrantPlugins
+  module GSAuth
+    class ExpandGSUrls
+      def initialize(app, _)
+        @app = app
+      end
+
+      def call(env)
+        env[:box_urls].map! do |url_string|
+          url = URI(url_string)
+
+          if url.scheme == 'gs'
+            bucket = url.host
+            key = url.path[1..-1]
+            raise Errors::MalformedShorthandURLError, url: url unless bucket && key
+            next "https://storage.cloud.google.com/#{bucket}/#{key}"
+          end
+
+          url_string
+        end
+
+        @app.call(env)
+      end
+    end
+  end
+end

data/lib/vagrant-gsauth/plugin.rb

@@ -0,0 +1,27 @@
+begin
+  require 'vagrant'
+rescue LoadError
+  raise 'The Vagrant S3Auth plugin must be run within Vagrant.'
+end
+
+require_relative 'errors'
+require_relative 'extension/downloader'
+
+module VagrantPlugins
+  module GSAuth
+    class Plugin < Vagrant.plugin('2')
+      Vagrant.require_version('>= 1.5.1')
+
+      name 'gsauth'
+
+      description <<-DESC
+        Use versioned Vagrant boxes with Google Cloud authentication.
+      DESC
+
+      action_hook(:gs_urls, :authenticate_box_url) do |hook|
+        require_relative 'middleware/expand_gs_urls'
+        hook.prepend(ExpandGSUrls)
+      end
+    end
+  end
+end

data/lib/vagrant-gsauth/util.rb

@@ -0,0 +1,49 @@
+require 'log4r'
+require 'net/http'
+require 'uri'
+
+require 'googleauth'
+require 'google/apis/storage_v1'
+
+module VagrantPlugins
+  module GSAuth
+    module Util
+      MEDIA_URL_MATCHER = %r{
+        ^\/download\/storage\/v1\/b\/   # Literal string '/download/storage/v1/b/'
+        (?<bucket>[[:alnum:]_\-]+)      # Sequence of alphnumeric characters plus _ and -
+        \/o\/                           # Literal string '/o/'
+        (?<key>[[:alnum:]\-_]+)         # Next sequence of alphnumeric characters plus _ and -
+      }x
+
+      def self.storage_svc
+        svc = Google::Apis::StorageV1::StorageService.new
+        scopes = ['https://www.googleapis.com/auth/devstorage.read_only']
+        svc.authorization = Google::Auth.get_application_default(scopes)
+        svc
+      end
+
+      def self.get_object(url)
+        url = URI(url)
+
+        if url.scheme == 'gs'
+          bucket = url.host
+          key = url.path.split('/').last
+        elsif match = MEDIA_URL_MATCHER.match(url.path)
+          bucket = match['bucket']
+          key = match['key']
+        else
+          components = url.path.split('/').delete_if(&:empty?)
+          bucket = components.shift
+          key = components.join('/')
+        end
+
+        storage_svc.get_object(bucket, key) if bucket && key
+      end
+
+      def self.authorization_header
+        auth_headers = {}
+        storage_svc.authorization.apply(auth_headers)
+      end
+    end
+  end
+end

data/lib/vagrant-gsauth/version.rb

@@ -0,0 +1,5 @@
+module VagrantPlugins
+  module GSAuth
+    VERSION = '1.0.0'.freeze
+  end
+end

data/locales/en.yml

@@ -0,0 +1,56 @@
+en:
+  vagrant_s3auth:
+    downloader:
+      env_credential_provider: |-
+        Signing S3 request with key '%{access_key}' loaded from $%{env_var}
+
+      profile_credential_provider: |-
+        Signing S3 request with key '%{access_key}' loaded from profile '%{profile}'
+
+    errors:
+      missing_credentials: |-
+        Unable to find AWS credentials.
+
+        Ensure the following variables are set in your environment, or set
+        them at the top of your Vagrantfile:
+
+            AWS_ACCESS_KEY_ID
+            AWS_SECRET_ACCESS_KEY
+
+        Alternatively, you can create a credential profile and set the
+
+            AWS_PROFILE
+
+        environment variable. Consult the documentation for details.
+
+      malformed_shorthand_url: |-
+        Malformed shorthand GS box URL:
+
+            %{url}
+
+        Check your `box_url` setting.
+
+      s3_api_error: |-
+        Unable to communicate with Amazon S3 to download box. The S3 API reports:
+
+            %{error}
+
+      bucket_location_access_denied_error: |-
+        Request for box's Amazon S3 region was denied.
+
+        This usually indicates that your user account is misconfigured. Ensure
+        your IAM policy allows the "s3:GetBucketLocation" action for your bucket:
+
+            arn:aws:s3:::%{bucket}
+
+      box_download_forbidden: |-
+        This box is hosted on Amazon S3. A 403 Forbidden error usually indicates
+        that your user account is misconfigured. Ensure your IAM policy allows
+        the "s3:GetObject" action for your bucket:
+
+            arn:aws:s3:::%{bucket}/*
+
+        It may also indicate the box does not exist, so check your spelling.
+
+      unknown_bucket: |-
+        Unable to determine the bucket

data/test/box/minimal

@@ -0,0 +1,13 @@
+{
+  "name": "%{bucket}/minimal",
+  "description": "This box contains company secrets.",
+  "versions": [{
+    "version": "1.0.1",
+    "providers": [{
+      "name": "virtualbox",
+      "url": "%{box_url}",
+      "checksum_type": "sha1",
+      "checksum": "8ea536dd3092cf159f02405edd44ded5b62ba4e6"
+    }]
+  }]
+}

data/test/cleanup.rb

@@ -0,0 +1,15 @@
+#!/usr/bin/env ruby
+
+require 'bundler/setup'
+require 'googleauth'
+require 'google/apis/storage_v1'
+
+require_relative 'support'
+
+svc = Google::Apis::StorageV1::StorageService.new
+svc.authorization = Google::Auth.get_application_default(SCOPES)
+
+svc.delete_object(BUCKET, BOX_BASE)
+svc.delete_object(BUCKET, "#{BOX_BASE}.box")
+sleep 1
+svc.delete_bucket(BUCKET)

data/test/run.bats

@@ -0,0 +1,35 @@
+#!/usr/bin/env bats
+
+missing_vars=()
+
+require_var() {
+  [[ "${!1}" ]] || missing_vars+=("$1")
+}
+
+require_var VAGRANT_GSAUTH_BUCKET
+require_var VAGRANT_GSAUTH_BOX_BASE
+require_var VAGRANT_GSAUTH_PROJECT
+
+if [[ ${#missing_vars[*]} -gt 0 ]]; then
+  echo "Missing required environment variables:"
+  printf '    %s\n' "${missing_vars[@]}"
+  exit 1
+fi
+
+teardown() {
+  bundle exec vagrant box remove "$VAGRANT_GSAUTH_BUCKET/$VAGRANT_GSAUTH_BOX_BASE" > /dev/null 2>&1 || true
+}
+
+@test "simple box with shorthand url" {
+  bundle exec vagrant box add --name "$VAGRANT_GSAUTH_BUCKET/$VAGRANT_GSAUTH_BOX_BASE" "gs://$VAGRANT_GSAUTH_BUCKET/$VAGRANT_GSAUTH_BOX_BASE.box"
+}
+
+@test "metadata box with shorthand url" {
+  bundle exec vagrant box add "gs://$VAGRANT_GSAUTH_BUCKET/$VAGRANT_GSAUTH_BOX_BASE"
+}
+
+@test "garbage shorthand url" {
+  run bundle exec vagrant box add --name "$VAGRANT_GSAUTH_BUCKET/$VAGRANT_GSAUTH_BOX_BASE" gs://wubbalubbadubdub
+  [[ "$status" -eq 1 ]]
+  [[ "$output" == *"Malformed shorthand GS box URL"* ]]
+}

data/test/setup.rb

@@ -0,0 +1,29 @@
+#!/usr/bin/env ruby
+
+require 'bundler/setup'
+require 'googleauth'
+require 'google/apis/storage_v1'
+
+require_relative 'support'
+
+ROOT = Pathname.new(File.dirname(__FILE__))
+
+svc = Google::Apis::StorageV1::StorageService.new
+svc.authorization = Google::Auth.get_application_default(SCOPES)
+svc.insert_bucket(PROJECT, Google::Apis::StorageV1::Bucket.new(name: BUCKET))
+
+box_file = File.open(ROOT + Pathname.new("box/#{BOX_BASE}.box"))
+box_obj = svc.insert_object(BUCKET, name: "#{BOX_BASE}.box",
+                                    upload_source: box_file,
+                                    content_type: 'application/x-gzip')
+
+metadata_string = File.read(ROOT + Pathname.new("box/#{BOX_BASE}")) % {
+  bucket: BUCKET,
+  box_url: "https://storage.googleapis.com/#{BUCKET}/#{BOX_BASE}.box"
+}
+
+svc.insert_object(BUCKET, name: BOX_BASE,
+                          upload_source: StringIO.new(metadata_string),
+                          content_type: 'application/json')
+
+box_obj.self_link

data/test/support.rb

@@ -0,0 +1,6 @@
+require 'http'
+
+PROJECT = ENV['VAGRANT_GSAUTH_PROJECT'].freeze
+BUCKET = ENV['VAGRANT_GSAUTH_BUCKET'].freeze
+BOX_BASE = ENV['VAGRANT_GSAUTH_BOX_BASE'].freeze
+SCOPES = ['https://www.googleapis.com/auth/devstorage.read_write'].freeze

data/vagrant-gsauth.gemspec

@@ -0,0 +1,25 @@
+$LOAD_PATH.unshift File.expand_path('../lib', __FILE__)
+
+require 'vagrant-gsauth/version'
+
+Gem::Specification.new do |spec|
+  spec.name          = 'vagrant-gsauth'
+  spec.version       = VagrantPlugins::GSAuth::VERSION
+  spec.authors       = ['Nikhil Benesch', 'Justin DiPierro']
+  spec.email         = ['benesch@whoop.com', 'justin@conduce.com']
+  spec.summary       = 'Private, versioned Vagrant boxes hosted on Google Cloud Storage.'
+  spec.homepage      = 'https://github.com/conduceinc/vagrant-gsauth'
+  spec.license       = 'MIT'
+
+  spec.files         = `git ls-files -z`.split("\x0")
+  spec.test_files    = spec.files.grep(/spec/)
+  spec.require_paths = ['lib']
+
+  spec.add_dependency 'google-api-client', '~> 0.9'
+  spec.add_dependency 'googleauth', '~> 0.5.1'
+
+  spec.add_development_dependency 'bundler', '~> 1.5'
+  spec.add_development_dependency 'http', '~> 1.0.2'
+  spec.add_development_dependency 'rake', '~> 10.5.0'
+  spec.add_development_dependency 'rubocop', '~> 0.36.0'
+end

metadata

@@ -0,0 +1,164 @@
+--- !ruby/object:Gem::Specification
+name: vagrant-gsauth
+version: !ruby/object:Gem::Version
+  version: 1.0.0
+platform: ruby
+authors:
+- Nikhil Benesch
+- Justin DiPierro
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2016-12-01 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: google-api-client
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.9'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.9'
+- !ruby/object:Gem::Dependency
+  name: googleauth
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.5.1
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.5.1
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.5'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.5'
+- !ruby/object:Gem::Dependency
+  name: http
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.0.2
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.0.2
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 10.5.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 10.5.0
+- !ruby/object:Gem::Dependency
+  name: rubocop
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.36.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.36.0
+description: 
+email:
+- benesch@whoop.com
+- justin@conduce.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- ".rubocop.yml"
+- ".ruby-version"
+- ".travis.yml"
+- ".vagrant/machines/default/virtualbox/action_provision"
+- ".vagrant/machines/default/virtualbox/action_set_name"
+- ".vagrant/machines/default/virtualbox/creator_uid"
+- ".vagrant/machines/default/virtualbox/id"
+- ".vagrant/machines/default/virtualbox/index_uuid"
+- ".vagrant/machines/default/virtualbox/private_key"
+- ".vagrant/machines/default/virtualbox/synced_folders"
+- CHANGELOG.md
+- CONTRIBUTING.md
+- Gemfile
+- LICENSE
+- README.md
+- Rakefile
+- TESTING.md
+- lib/vagrant-gsauth.rb
+- lib/vagrant-gsauth/errors.rb
+- lib/vagrant-gsauth/extension/downloader.rb
+- lib/vagrant-gsauth/middleware/expand_gs_urls.rb
+- lib/vagrant-gsauth/plugin.rb
+- lib/vagrant-gsauth/util.rb
+- lib/vagrant-gsauth/version.rb
+- locales/en.yml
+- test/box/minimal
+- test/box/minimal.box
+- test/cleanup.rb
+- test/run.bats
+- test/setup.rb
+- test/support.rb
+- vagrant-gsauth.gemspec
+homepage: https://github.com/conduceinc/vagrant-gsauth
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubyforge_project: 
+rubygems_version: 2.4.5.1
+signing_key: 
+specification_version: 4
+summary: Private, versioned Vagrant boxes hosted on Google Cloud Storage.
+test_files:
+- vagrant-gsauth.gemspec