vagrant-s3auth-mfa 1.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml ADDED
@@ -0,0 +1,7 @@
1
+ ---
2
+ SHA256:
3
+ metadata.gz: 535efe4b64ce2e8edab42b662713d360f76c94408c291bf3e6fd99dc17664493
4
+ data.tar.gz: ace047d7f8806421050acbc09b99c8c43bdf6fd21bd29250d0bd8fd8e27ef72f
5
+ SHA512:
6
+ metadata.gz: ffc6111b6799f0f6f747bb95e784eb1b5b0f530b4772040a99c70332c5e3c728f661404a52e9d243cd31e48ec31d740185b02318f7e695a0c7a2ecb0167277ac
7
+ data.tar.gz: a2e4158d7b5a8c0c679b27ea574a6ce619007b4e15724097065688de835bd15ed19a8c3f026e3207d9ff95d352ff1ecfafaeb126ab463daf3deada036065066e
data/.gitignore ADDED
@@ -0,0 +1,6 @@
1
+ .DS_Store
2
+
3
+ pkg
4
+ *.gem
5
+ .env
6
+ Gemfile.lock
data/.rubocop.yml ADDED
@@ -0,0 +1,33 @@
1
+ Lint/AssignmentInCondition:
2
+ Enabled: false
3
+
4
+ Metrics/AbcSize:
5
+ Max: 40
6
+
7
+ Metrics/CyclomaticComplexity:
8
+ Max: 12
9
+
10
+ Metrics/LineLength:
11
+ Max: 100
12
+
13
+ Metrics/MethodLength:
14
+ CountComments: false
15
+ Max: 25
16
+
17
+ Metrics/PerceivedComplexity:
18
+ Max: 15
19
+
20
+ Style/AlignParameters:
21
+ EnforcedStyle: with_fixed_indentation
22
+
23
+ Style/Documentation:
24
+ Enabled: false
25
+
26
+ Style/FileName:
27
+ Enabled: false
28
+
29
+ Style/RescueModifier:
30
+ Enabled: false
31
+
32
+ Style/SignalException:
33
+ EnforcedStyle: only_raise
data/.ruby-version ADDED
@@ -0,0 +1 @@
1
+ 2.2.3
data/.travis.yml ADDED
@@ -0,0 +1,56 @@
1
+ sudo: false
2
+
3
+ language: ruby
4
+ rvm:
5
+ - 2.2.3
6
+
7
+ addons:
8
+ apt:
9
+ packages:
10
+ - bsdtar
11
+ - libxslt1.1
12
+
13
+ before_install:
14
+ # Install Bats, the Bash testing framework
15
+ - npm install bats
16
+
17
+ # Speed up Nokogiri installation substantially by using precompiled libxslt
18
+ - bundle config build.nokogiri --use-system-libraries
19
+
20
+ # Older versions of Vagrant can't handle the current version of Bundler, which
21
+ # ships with Travis.
22
+ - |
23
+ if [[ "$BUNDLER_VERSION" ]]
24
+ then
25
+ rvm @default,@global do gem uninstall bundler --all --executables
26
+ gem install bundler -v "$BUNDLER_VERSION"
27
+ fi
28
+ - bundle --version
29
+
30
+ before_script:
31
+ - test/setup.rb
32
+
33
+ after_script:
34
+ - test/cleanup.rb
35
+
36
+ env:
37
+ global:
38
+ - VAGRANT_S3AUTH_ATLAS_BOX_NAME="travis-$TRAVIS_JOB_NUMBER"
39
+ - VAGRANT_S3AUTH_BUCKET="travis-$TRAVIS_JOB_NUMBER.vagrant-s3auth.com"
40
+ - VAGRANT_S3AUTH_REGION_NONSTANDARD=eu-west-1
41
+ - VAGRANT_S3AUTH_BOX_BASE=minimal
42
+ matrix:
43
+ - VAGRANT_VERSION=master BUNDLER_VERSION=
44
+ - VAGRANT_VERSION=v1.9.1 BUNDLER_VERSION=
45
+ - VAGRANT_VERSION=v1.8.7 BUNDLER_VERSION=1.12.5
46
+ - VAGRANT_VERSION=v1.7.4 BUNDLER_VERSION=1.10.5
47
+ - VAGRANT_VERSION=v1.6.5 BUNDLER_VERSION=1.6.9
48
+ - VAGRANT_VERSION=v1.5.1 BUNDLER_VERSION=1.5.3
49
+
50
+ deploy:
51
+ provider: rubygems
52
+ api_key:
53
+ secure: b7ZiPX6EfA4DNV6B65ZvVJF8Xswne4N0MdIqwTkyQ5//0+3hSHg0ChTvjeb+eeTcPFiYxuh0UvXqJMtxi8hCJub03aJ5qeDDm6FJeM7WqsHmXx6A6UGFxnCTi6z7IaaBCs71jygzdjN6AaKOV9PuvhD079dci/yylr0SDHQgvrY=
54
+ on:
55
+ tags: true
56
+ repo: WhoopInc/vagrant-s3auth
data/CHANGELOG.md ADDED
@@ -0,0 +1,154 @@
1
+ ## 1.3.2
2
+
3
+ **6 January 2016**
4
+
5
+ Enhancements:
6
+
7
+ * upgrade to AWS SDK v2.6.44
8
+
9
+ ## 1.3.1
10
+
11
+ **30 December 2016**
12
+
13
+ Fixes:
14
+
15
+ * suppress warning about invalid region with certain buckets ([#31])
16
+
17
+ ## 1.3.0
18
+
19
+ **18 January 2016**
20
+
21
+ Enhancements:
22
+
23
+ * upgrade to AWS SDK v2.2.10
24
+
25
+ Fixes:
26
+
27
+ * allow box update checks when offline ([#26])
28
+ * support the Vagrant 1.8.x series ([#27])
29
+
30
+ ## 1.2.0
31
+
32
+ **20 August 2015**
33
+
34
+ Enhancements:
35
+
36
+ * output the discovered AWS access key and its source (environment variable or
37
+ profile) when downloading an authenticated S3 box ([#21])
38
+
39
+ Thanks, [@Daemoen][Daemoen]!
40
+
41
+ ## 1.1.1
42
+
43
+ **6 August 2015**
44
+
45
+ Enhancements:
46
+
47
+ * bump dependencies to latest patch versions and dev dependencies to latest
48
+ versions
49
+
50
+ ## 1.1.0
51
+
52
+ **1 June 2015**
53
+
54
+ Enhancements:
55
+
56
+ * upgrade to AWS SDK v2 ([#15])
57
+ * recommend the use of the AWS SDK's centralized credential file ([#14])
58
+
59
+ Fixes:
60
+
61
+ * allow up to ten minutes of time skew ([#16])
62
+ * try an unauthenticated download before demanding AWS credentials ([#10])
63
+
64
+ Thanks, [@kimpepper][kimpepper] and [@companykitchen-dev][companykitchen-dev]!
65
+
66
+ ## 1.0.3
67
+
68
+ **10 March 2015**
69
+
70
+ Fixes:
71
+
72
+ * fix namespace collisions with [vagrant-aws][vagrant-aws] ([#11])
73
+
74
+ Thanks, [@andres-rojas][andres-rojas]!
75
+
76
+
77
+ ## 1.0.2
78
+
79
+ **25 December 2014**
80
+
81
+ Enhancements:
82
+
83
+ * provide better error messages when S3 API requests are denied ([#9])
84
+ * include IAM policy recommendations in README
85
+
86
+ ## 1.0.1
87
+
88
+ **21 December 2014**
89
+
90
+ Enhancements:
91
+
92
+ * support bucket-in-host style S3 URLs to simplify usage instructions
93
+
94
+ Fixes:
95
+
96
+ * internal cleanup
97
+ * improved detection of incompatible Vagrant versions
98
+
99
+ ## 1.0.0
100
+
101
+ **16 December 2014**
102
+
103
+ Enhancements:
104
+
105
+ * passes a complete acceptance test suite
106
+ * detects full and shorthand S3 URLs at all download stages
107
+
108
+ Fixes:
109
+
110
+ * automatically determines region for shorthand S3 URLs ([#1], [#7])
111
+
112
+ ## 0.1.0
113
+
114
+ **13 June 2014**
115
+
116
+ Enhancements:
117
+
118
+ * support buckets hosted in any S3 region ([#1])
119
+
120
+ Fixes:
121
+
122
+ * properly authenticate requests for simple (non-metadata) S3 boxes ([#1])
123
+
124
+ ## 0.0.2
125
+
126
+ **6 June 2014**
127
+
128
+ Enhancements:
129
+
130
+ * formally license under MIT
131
+
132
+ ## 0.0.1
133
+
134
+ * initial release
135
+
136
+ [#1]: https://github.com/WhoopInc/vagrant-s3auth/issues/1
137
+ [#7]: https://github.com/WhoopInc/vagrant-s3auth/issues/7
138
+ [#9]: https://github.com/WhoopInc/vagrant-s3auth/issues/9
139
+ [#10]: https://github.com/WhoopInc/vagrant-s3auth/issues/10
140
+ [#11]: https://github.com/WhoopInc/vagrant-s3auth/pull/11
141
+ [#14]: https://github.com/WhoopInc/vagrant-s3auth/issues/14
142
+ [#15]: https://github.com/WhoopInc/vagrant-s3auth/issues/15
143
+ [#16]: https://github.com/WhoopInc/vagrant-s3auth/issues/16
144
+ [#21]: https://github.com/WhoopInc/vagrant-s3auth/issues/21
145
+ [#26]: https://github.com/WhoopInc/vagrant-s3auth/issues/26
146
+ [#27]: https://github.com/WhoopInc/vagrant-s3auth/issues/27
147
+ [#31]: https://github.com/WhoopInc/vagrant-s3auth/issues/31
148
+
149
+ [Daemoen]: https://github.com/Daemoen
150
+ [andres-rojas]: https://github.com/andres-rojas
151
+ [companykitchen-dev]: https://github.com/companykitchen-dev
152
+ [kimpepper]: https://github.com/kimpepper
153
+
154
+ [vagrant-aws]: https://github.com/mitchellh/vagrant-aws
data/CONTRIBUTING.md ADDED
@@ -0,0 +1,40 @@
1
+ # Contributing
2
+
3
+ We love contributions! Pull request away.
4
+
5
+ ## Hacking
6
+
7
+ You'll need Ruby and Bundler, of course. Then, check out the code and install
8
+ the gems:
9
+
10
+ ```bash
11
+ $ git clone git@github.com:WhoopInc/vagrant-s3auth.git
12
+ $ cd vagrant-s3auth
13
+ $ bundle
14
+ ```
15
+
16
+ Hack away! When you're ready to test, either [run the test suite](TESTING.md) or
17
+ run Vagrant manually *using the configured Bundler environment*:
18
+
19
+ ```bash
20
+ $ VAGRANT_LOG=debug bundle exec vagrant box add S3_URL
21
+ ```
22
+
23
+ If you forget the `bundle exec`, you'll use system Vagrant—not the Vagrant that
24
+ has your plugin changes installed!
25
+
26
+ ## Guidelines
27
+
28
+ We do ask that all contributions pass the linter and test suite. Travis will
29
+ automatically run these against your contribution once you submit the pull
30
+ request, but you can also run them locally as you go!
31
+
32
+ ### Linting
33
+
34
+ ```bash
35
+ $ rake lint
36
+ ```
37
+
38
+ ### Testing
39
+
40
+ See [TESTING](TESTING.md).
data/Gemfile ADDED
@@ -0,0 +1,12 @@
1
+ source 'https://rubygems.org'
2
+
3
+ VAGRANT_REF = ENV['VAGRANT_VERSION'] || 'master'
4
+
5
+ group :development do
6
+ gem 'vagrant', git: 'git://github.com/mitchellh/vagrant.git', ref: VAGRANT_REF
7
+ end
8
+
9
+ group :plugins do
10
+ gemspec
11
+ gem 'vagrant-aws', git: 'git://github.com/mitchellh/vagrant-aws.git', ref: 'master'
12
+ end
data/LICENSE ADDED
@@ -0,0 +1,19 @@
1
+ Copyright (c) 2014 WHOOP, Inc.
2
+
3
+ Permission is hereby granted, free of charge, to any person obtaining a copy
4
+ of this software and associated documentation files (the "Software"), to deal
5
+ in the Software without restriction, including without limitation the rights
6
+ to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
7
+ copies of the Software, and to permit persons to whom the Software is
8
+ furnished to do so, subject to the following conditions:
9
+
10
+ The above copyright notice and this permission notice shall be included in
11
+ all copies or substantial portions of the Software.
12
+
13
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
14
+ IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
15
+ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
16
+ AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
17
+ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
18
+ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
19
+ THE SOFTWARE.
data/README.md ADDED
@@ -0,0 +1,261 @@
1
+ # vagrant-s3auth
2
+
3
+ <a href="https://travis-ci.org/WhoopInc/vagrant-s3auth">
4
+ <img src="https://travis-ci.org/WhoopInc/vagrant-s3auth.svg?branch=master"
5
+ align="right">
6
+ </a>
7
+
8
+ Private, versioned Vagrant boxes hosted on Amazon S3.
9
+
10
+ ## Installation
11
+
12
+ From the command line:
13
+
14
+ ```bash
15
+ $ vagrant plugin install vagrant-s3auth
16
+ ```
17
+
18
+ ### Requirements
19
+
20
+ * [Vagrant][vagrant], v1.5.1+
21
+
22
+ ## Usage
23
+
24
+ vagrant-s3auth will automatically sign requests for S3 URLs
25
+
26
+ ```
27
+ s3://bucket.example.com/path/to/metadata
28
+ ```
29
+
30
+ with your AWS access key.
31
+
32
+ This means you can host your team's sensitive, private boxes on S3, and use your
33
+ developers' existing AWS credentials to securely grant access.
34
+
35
+ If you've already got your credentials stored in the standard environment
36
+ variables:
37
+
38
+ ```ruby
39
+ # Vagrantfile
40
+
41
+ Vagrant.configure('2') do |config|
42
+ config.vm.box = 'simple-secrets'
43
+ config.vm.box_url = 's3://example.com/secret.box'
44
+ end
45
+ ```
46
+
47
+ ### Configuration
48
+
49
+ #### AWS credentials
50
+
51
+ AWS credentials are read from the standard environment variables
52
+ `AWS_ACCESS_KEY_ID` and `AWS_SECRET_ACCESS_KEY`.
53
+
54
+ You may find it more convenient to use the
55
+ [centralized credential file][aws-cred-file] to create a credential
56
+ profile. Select the appropriate profile using the `AWS_PROFILE`
57
+ environment variable. For example:
58
+
59
+ ```ini
60
+ # ~/.aws/credentials
61
+
62
+ [vagrant-s3auth]
63
+ aws_access_key_id = AKIA...
64
+ aws_secret_access_key = ...
65
+ ```
66
+
67
+ ```ruby
68
+ # Vagrantfile
69
+
70
+ ENV.delete_if { |name| name.start_with?('AWS_') } # Filter out rogue env vars.
71
+ ENV['AWS_PROFILE'] = 'vagrant-s3auth'
72
+
73
+ Vagrant.configure("2") { |config| ... }
74
+ ```
75
+
76
+ **CAUTION:** If `AWS_ACCESS_KEY_ID` exists in your environment, it will
77
+ take precedence over `AWS_PROFILE`! Either take care to filter rogue
78
+ environment variables as above, or set the access key explicitly:
79
+
80
+ ```ruby
81
+ access_key, secret_key = whizbang_inc_api.fetch_api_creds()
82
+ ENV['AWS_ACCESS_KEY_ID'] = access_key
83
+ ENV['AWS_SECRET_ACCESS_KEY'] = secret_key
84
+ ```
85
+
86
+ The detected AWS access key and its source (environment variable or
87
+ profile file) will be displayed when the box is downloaded. If you use
88
+ multiple AWS credentials and see authentication errors, verify that the
89
+ correct access key was detected.
90
+
91
+ ##### IAM configuration
92
+
93
+ IAM accounts will need at least the following policy:
94
+
95
+ ```json
96
+ {
97
+ "Version": "2012-10-17",
98
+ "Statement": [
99
+ {
100
+ "Effect": "Allow",
101
+ "Action": "s3:GetObject",
102
+ "Resource": "arn:aws:s3:::BUCKET/*"
103
+ },
104
+ {
105
+ "Effect": "Allow",
106
+ "Action": ["s3:GetBucketLocation", "s3:ListBucket"],
107
+ "Resource": "arn:aws:s3:::BUCKET"
108
+ }
109
+ ]
110
+ }
111
+ ```
112
+
113
+ **IMPORTANT:** You must split up bucket and object permissions into separate policy statements as written above! See [Writing IAM Policies: How to grant access to an Amazon S3 Bucket][aws-s3-iam].
114
+
115
+ Also note that `s3:ListBucket` permission is not strictly necessary. vagrant-s3auth will never
116
+ make a ListBucket request, but without ListBucket permission, a misspelled box
117
+ name results in a 403 Forbidden error instead of a 404 Not Found error. ([Why?][aws-403-404])
118
+
119
+ See [AWS S3 Guide: User Policy Examples][aws-user-policy] for more.
120
+
121
+ #### S3 URLs
122
+
123
+ You can use any valid HTTP(S) URL for your object:
124
+
125
+ ```bash
126
+ # path style
127
+ http://s3.amazonaws.com/bucket/resource
128
+ https://s3.amazonaws.com/bucket/resource
129
+
130
+ # host style
131
+ http://bucket.s3.amazonaws.com/resource
132
+ https://bucket.s3.amazonaws.com/resource
133
+ ```
134
+
135
+ Or the S3 protocol shorthand
136
+
137
+ ```
138
+ s3://bucket/resource
139
+ ```
140
+
141
+ which expands to the path-style HTTPS URL.
142
+
143
+ ##### Non-standard regions
144
+
145
+ If your bucket is not hosted in the US Standard region, you'll need to specify
146
+ the correct region endpoint as part of the URL:
147
+
148
+ ```
149
+ https://s3-us-west-2.amazonaws.com/bucket/resource
150
+ https://bucket.s3-us-west-2.amazonaws.com/resource
151
+ ```
152
+
153
+ Or just use the S3 protocol shorthand, which will automatically determine the
154
+ correct region at the cost of an extra API call:
155
+
156
+ ```
157
+ s3://bucket/resource
158
+ ```
159
+
160
+ For additional details on specifying S3 URLs, refer to the [S3 Developer Guide:
161
+ Virtual hosting of buckets][bucket-vhost].
162
+
163
+ #### Simple boxes
164
+
165
+ Simply point your `box_url` at a [supported S3 URL](#s3-url):
166
+
167
+ ```ruby
168
+ Vagrant.configure('2') do |config|
169
+ config.vm.box = 'simple-secrets'
170
+ config.vm.box_url = 'https://s3.amazonaws.com/bucket.example.com/secret.box'
171
+ end
172
+ ```
173
+
174
+ #### Vagrant Cloud
175
+
176
+ If you've got a box version on [Vagrant Cloud][vagrant-cloud], just point it at
177
+ a [supported S3 URL](#s3-urls):
178
+
179
+ ![Adding a S3 box to Vagrant Cloud](https://cloud.githubusercontent.com/assets/882976/3273399/d5d70966-f323-11e3-8393-22195050aeac.png)
180
+
181
+ Then configure your Vagrantfile like normal:
182
+
183
+ ```ruby
184
+ Vagrant.configure('2') do |config|
185
+ config.vm.box = 'benesch/test-box'
186
+ end
187
+ ```
188
+
189
+ #### Metadata (versioned) boxes
190
+
191
+ [Metadata boxes][metadata-boxes] were added to Vagrant in 1.5 and power Vagrant
192
+ Cloud. You can host your own metadata and bypass Vagrant Cloud entirely.
193
+
194
+ Essentially, you point your `box_url` at a [JSON metadata file][metadata-boxes]
195
+ that tells Vagrant where to find all possible versions:
196
+
197
+ ```ruby
198
+ # Vagrantfile
199
+
200
+ Vagrant.configure('2') do |config|
201
+ config.vm.box = 'examplecorp/secrets'
202
+ config.vm.box_url = 's3://example.com/secrets'
203
+ end
204
+ ```
205
+
206
+ ```json
207
+ "s3://example.com/secrets"
208
+
209
+ {
210
+ "name": "examplecorp/secrets",
211
+ "description": "This box contains company secrets.",
212
+ "versions": [{
213
+ "version": "0.1.0",
214
+ "providers": [{
215
+ "name": "virtualbox",
216
+ "url": "https://s3.amazonaws.com/example.com/secrets.box",
217
+ "checksum_type": "sha1",
218
+ "checksum": "foo"
219
+ }]
220
+ }]
221
+ }
222
+ ```
223
+
224
+ Within your metadata JSON, be sure to use [supported S3 URLs](#s3-urls).
225
+
226
+ Note that the metadata itself doesn't need to be hosted on S3. Any metadata that
227
+ points to a supported S3 URL will result in an authenticated request.
228
+
229
+ **IMPORTANT:** Your metadata *must* be served with `Content-Type: application/json`
230
+ or Vagrant will not recognize it as metadata! Most S3 uploader tools (and most
231
+ webservers) will *not* automatically set the `Content-Type` header when the file
232
+ extension is not `.json`. Consult your tool's documentation for instructions on
233
+ manually setting the content type.
234
+
235
+ ## Auto-install
236
+
237
+ The beauty of Vagrant is the magic of "`vagrant up` and done." Making your users
238
+ install a plugin is lame.
239
+
240
+ But wait! Just stick some shell in your Vagrantfile:
241
+
242
+ ```ruby
243
+ unless Vagrant.has_plugin?('vagrant-s3auth')
244
+ # Attempt to install ourself. Bail out on failure so we don't get stuck in an
245
+ # infinite loop.
246
+ system('vagrant plugin install vagrant-s3auth') || exit!
247
+
248
+ # Relaunch Vagrant so the plugin is detected. Exit with the same status code.
249
+ exit system('vagrant', *ARGV)
250
+ end
251
+ ```
252
+
253
+ [aws-403-404]: https://forums.aws.amazon.com/thread.jspa?threadID=56531#jive-message-210346
254
+ [aws-cred-file]: http://blogs.aws.amazon.com/security/post/Tx3D6U6WSFGOK2H/A-New-and-Standardized-Way-to-Manage-Credentials-in-the-AWS-SDKs
255
+ [aws-s3-iam]: http://blogs.aws.amazon.com/security/post/Tx3VRSWZ6B3SHAV/Writing-IAM-Policies-How-to-grant-access-to-an-Amazon-S3-bucket
256
+ [aws-signed]: http://docs.aws.amazon.com/AmazonS3/latest/dev/RESTAuthentication.html#ConstructingTheAuthenticationHeader
257
+ [aws-user-policy]: http://docs.aws.amazon.com/AmazonS3/latest/dev/example-policies-s3.html
258
+ [bucket-vhost]: http://docs.aws.amazon.com/AmazonS3/latest/dev/VirtualHosting.html#VirtualHostingExamples
259
+ [metadata-boxes]: http://docs.vagrantup.com/v2/boxes/format.html
260
+ [vagrant]: http://vagrantup.com
261
+ [vagrant-cloud]: http://vagrantcloud.com