vagrant-s3auth-mfa 1.4.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +7 -0
- data/.gitignore +6 -0
- data/.rubocop.yml +33 -0
- data/.ruby-version +1 -0
- data/.travis.yml +56 -0
- data/CHANGELOG.md +154 -0
- data/CONTRIBUTING.md +40 -0
- data/Gemfile +12 -0
- data/LICENSE +19 -0
- data/README.md +261 -0
- data/Rakefile +15 -0
- data/TESTING.md +70 -0
- data/lib/vagrant-s3auth.rb +14 -0
- data/lib/vagrant-s3auth/errors.rb +27 -0
- data/lib/vagrant-s3auth/extension/downloader.rb +84 -0
- data/lib/vagrant-s3auth/middleware/expand_s3_urls.rb +28 -0
- data/lib/vagrant-s3auth/plugin.rb +27 -0
- data/lib/vagrant-s3auth/util.rb +83 -0
- data/lib/vagrant-s3auth/version.rb +5 -0
- data/locales/en.yml +53 -0
- data/test/box/minimal +13 -0
- data/test/box/minimal.box +0 -0
- data/test/box/public-minimal +13 -0
- data/test/box/public-minimal.box +1 -0
- data/test/cleanup.rb +23 -0
- data/test/run.bats +147 -0
- data/test/setup.rb +34 -0
- data/test/support.rb +82 -0
- data/vagrant-s3auth.gemspec +25 -0
- metadata +157 -0
checksums.yaml
ADDED
@@ -0,0 +1,7 @@
|
|
1
|
+
---
|
2
|
+
SHA256:
|
3
|
+
metadata.gz: 535efe4b64ce2e8edab42b662713d360f76c94408c291bf3e6fd99dc17664493
|
4
|
+
data.tar.gz: ace047d7f8806421050acbc09b99c8c43bdf6fd21bd29250d0bd8fd8e27ef72f
|
5
|
+
SHA512:
|
6
|
+
metadata.gz: ffc6111b6799f0f6f747bb95e784eb1b5b0f530b4772040a99c70332c5e3c728f661404a52e9d243cd31e48ec31d740185b02318f7e695a0c7a2ecb0167277ac
|
7
|
+
data.tar.gz: a2e4158d7b5a8c0c679b27ea574a6ce619007b4e15724097065688de835bd15ed19a8c3f026e3207d9ff95d352ff1ecfafaeb126ab463daf3deada036065066e
|
data/.rubocop.yml
ADDED
@@ -0,0 +1,33 @@
|
|
1
|
+
Lint/AssignmentInCondition:
|
2
|
+
Enabled: false
|
3
|
+
|
4
|
+
Metrics/AbcSize:
|
5
|
+
Max: 40
|
6
|
+
|
7
|
+
Metrics/CyclomaticComplexity:
|
8
|
+
Max: 12
|
9
|
+
|
10
|
+
Metrics/LineLength:
|
11
|
+
Max: 100
|
12
|
+
|
13
|
+
Metrics/MethodLength:
|
14
|
+
CountComments: false
|
15
|
+
Max: 25
|
16
|
+
|
17
|
+
Metrics/PerceivedComplexity:
|
18
|
+
Max: 15
|
19
|
+
|
20
|
+
Style/AlignParameters:
|
21
|
+
EnforcedStyle: with_fixed_indentation
|
22
|
+
|
23
|
+
Style/Documentation:
|
24
|
+
Enabled: false
|
25
|
+
|
26
|
+
Style/FileName:
|
27
|
+
Enabled: false
|
28
|
+
|
29
|
+
Style/RescueModifier:
|
30
|
+
Enabled: false
|
31
|
+
|
32
|
+
Style/SignalException:
|
33
|
+
EnforcedStyle: only_raise
|
data/.ruby-version
ADDED
@@ -0,0 +1 @@
|
|
1
|
+
2.2.3
|
data/.travis.yml
ADDED
@@ -0,0 +1,56 @@
|
|
1
|
+
sudo: false
|
2
|
+
|
3
|
+
language: ruby
|
4
|
+
rvm:
|
5
|
+
- 2.2.3
|
6
|
+
|
7
|
+
addons:
|
8
|
+
apt:
|
9
|
+
packages:
|
10
|
+
- bsdtar
|
11
|
+
- libxslt1.1
|
12
|
+
|
13
|
+
before_install:
|
14
|
+
# Install Bats, the Bash testing framework
|
15
|
+
- npm install bats
|
16
|
+
|
17
|
+
# Speed up Nokogiri installation substantially by using precompiled libxslt
|
18
|
+
- bundle config build.nokogiri --use-system-libraries
|
19
|
+
|
20
|
+
# Older versions of Vagrant can't handle the current version of Bundler, which
|
21
|
+
# ships with Travis.
|
22
|
+
- |
|
23
|
+
if [[ "$BUNDLER_VERSION" ]]
|
24
|
+
then
|
25
|
+
rvm @default,@global do gem uninstall bundler --all --executables
|
26
|
+
gem install bundler -v "$BUNDLER_VERSION"
|
27
|
+
fi
|
28
|
+
- bundle --version
|
29
|
+
|
30
|
+
before_script:
|
31
|
+
- test/setup.rb
|
32
|
+
|
33
|
+
after_script:
|
34
|
+
- test/cleanup.rb
|
35
|
+
|
36
|
+
env:
|
37
|
+
global:
|
38
|
+
- VAGRANT_S3AUTH_ATLAS_BOX_NAME="travis-$TRAVIS_JOB_NUMBER"
|
39
|
+
- VAGRANT_S3AUTH_BUCKET="travis-$TRAVIS_JOB_NUMBER.vagrant-s3auth.com"
|
40
|
+
- VAGRANT_S3AUTH_REGION_NONSTANDARD=eu-west-1
|
41
|
+
- VAGRANT_S3AUTH_BOX_BASE=minimal
|
42
|
+
matrix:
|
43
|
+
- VAGRANT_VERSION=master BUNDLER_VERSION=
|
44
|
+
- VAGRANT_VERSION=v1.9.1 BUNDLER_VERSION=
|
45
|
+
- VAGRANT_VERSION=v1.8.7 BUNDLER_VERSION=1.12.5
|
46
|
+
- VAGRANT_VERSION=v1.7.4 BUNDLER_VERSION=1.10.5
|
47
|
+
- VAGRANT_VERSION=v1.6.5 BUNDLER_VERSION=1.6.9
|
48
|
+
- VAGRANT_VERSION=v1.5.1 BUNDLER_VERSION=1.5.3
|
49
|
+
|
50
|
+
deploy:
|
51
|
+
provider: rubygems
|
52
|
+
api_key:
|
53
|
+
secure: b7ZiPX6EfA4DNV6B65ZvVJF8Xswne4N0MdIqwTkyQ5//0+3hSHg0ChTvjeb+eeTcPFiYxuh0UvXqJMtxi8hCJub03aJ5qeDDm6FJeM7WqsHmXx6A6UGFxnCTi6z7IaaBCs71jygzdjN6AaKOV9PuvhD079dci/yylr0SDHQgvrY=
|
54
|
+
on:
|
55
|
+
tags: true
|
56
|
+
repo: WhoopInc/vagrant-s3auth
|
data/CHANGELOG.md
ADDED
@@ -0,0 +1,154 @@
|
|
1
|
+
## 1.3.2
|
2
|
+
|
3
|
+
**6 January 2016**
|
4
|
+
|
5
|
+
Enhancements:
|
6
|
+
|
7
|
+
* upgrade to AWS SDK v2.6.44
|
8
|
+
|
9
|
+
## 1.3.1
|
10
|
+
|
11
|
+
**30 December 2016**
|
12
|
+
|
13
|
+
Fixes:
|
14
|
+
|
15
|
+
* suppress warning about invalid region with certain buckets ([#31])
|
16
|
+
|
17
|
+
## 1.3.0
|
18
|
+
|
19
|
+
**18 January 2016**
|
20
|
+
|
21
|
+
Enhancements:
|
22
|
+
|
23
|
+
* upgrade to AWS SDK v2.2.10
|
24
|
+
|
25
|
+
Fixes:
|
26
|
+
|
27
|
+
* allow box update checks when offline ([#26])
|
28
|
+
* support the Vagrant 1.8.x series ([#27])
|
29
|
+
|
30
|
+
## 1.2.0
|
31
|
+
|
32
|
+
**20 August 2015**
|
33
|
+
|
34
|
+
Enhancements:
|
35
|
+
|
36
|
+
* output the discovered AWS access key and its source (environment variable or
|
37
|
+
profile) when downloading an authenticated S3 box ([#21])
|
38
|
+
|
39
|
+
Thanks, [@Daemoen][Daemoen]!
|
40
|
+
|
41
|
+
## 1.1.1
|
42
|
+
|
43
|
+
**6 August 2015**
|
44
|
+
|
45
|
+
Enhancements:
|
46
|
+
|
47
|
+
* bump dependencies to latest patch versions and dev dependencies to latest
|
48
|
+
versions
|
49
|
+
|
50
|
+
## 1.1.0
|
51
|
+
|
52
|
+
**1 June 2015**
|
53
|
+
|
54
|
+
Enhancements:
|
55
|
+
|
56
|
+
* upgrade to AWS SDK v2 ([#15])
|
57
|
+
* recommend the use of the AWS SDK's centralized credential file ([#14])
|
58
|
+
|
59
|
+
Fixes:
|
60
|
+
|
61
|
+
* allow up to ten minutes of time skew ([#16])
|
62
|
+
* try an unauthenticated download before demanding AWS credentials ([#10])
|
63
|
+
|
64
|
+
Thanks, [@kimpepper][kimpepper] and [@companykitchen-dev][companykitchen-dev]!
|
65
|
+
|
66
|
+
## 1.0.3
|
67
|
+
|
68
|
+
**10 March 2015**
|
69
|
+
|
70
|
+
Fixes:
|
71
|
+
|
72
|
+
* fix namespace collisions with [vagrant-aws][vagrant-aws] ([#11])
|
73
|
+
|
74
|
+
Thanks, [@andres-rojas][andres-rojas]!
|
75
|
+
|
76
|
+
|
77
|
+
## 1.0.2
|
78
|
+
|
79
|
+
**25 December 2014**
|
80
|
+
|
81
|
+
Enhancements:
|
82
|
+
|
83
|
+
* provide better error messages when S3 API requests are denied ([#9])
|
84
|
+
* include IAM policy recommendations in README
|
85
|
+
|
86
|
+
## 1.0.1
|
87
|
+
|
88
|
+
**21 December 2014**
|
89
|
+
|
90
|
+
Enhancements:
|
91
|
+
|
92
|
+
* support bucket-in-host style S3 URLs to simplify usage instructions
|
93
|
+
|
94
|
+
Fixes:
|
95
|
+
|
96
|
+
* internal cleanup
|
97
|
+
* improved detection of incompatible Vagrant versions
|
98
|
+
|
99
|
+
## 1.0.0
|
100
|
+
|
101
|
+
**16 December 2014**
|
102
|
+
|
103
|
+
Enhancements:
|
104
|
+
|
105
|
+
* passes a complete acceptance test suite
|
106
|
+
* detects full and shorthand S3 URLs at all download stages
|
107
|
+
|
108
|
+
Fixes:
|
109
|
+
|
110
|
+
* automatically determines region for shorthand S3 URLs ([#1], [#7])
|
111
|
+
|
112
|
+
## 0.1.0
|
113
|
+
|
114
|
+
**13 June 2014**
|
115
|
+
|
116
|
+
Enhancements:
|
117
|
+
|
118
|
+
* support buckets hosted in any S3 region ([#1])
|
119
|
+
|
120
|
+
Fixes:
|
121
|
+
|
122
|
+
* properly authenticate requests for simple (non-metadata) S3 boxes ([#1])
|
123
|
+
|
124
|
+
## 0.0.2
|
125
|
+
|
126
|
+
**6 June 2014**
|
127
|
+
|
128
|
+
Enhancements:
|
129
|
+
|
130
|
+
* formally license under MIT
|
131
|
+
|
132
|
+
## 0.0.1
|
133
|
+
|
134
|
+
* initial release
|
135
|
+
|
136
|
+
[#1]: https://github.com/WhoopInc/vagrant-s3auth/issues/1
|
137
|
+
[#7]: https://github.com/WhoopInc/vagrant-s3auth/issues/7
|
138
|
+
[#9]: https://github.com/WhoopInc/vagrant-s3auth/issues/9
|
139
|
+
[#10]: https://github.com/WhoopInc/vagrant-s3auth/issues/10
|
140
|
+
[#11]: https://github.com/WhoopInc/vagrant-s3auth/pull/11
|
141
|
+
[#14]: https://github.com/WhoopInc/vagrant-s3auth/issues/14
|
142
|
+
[#15]: https://github.com/WhoopInc/vagrant-s3auth/issues/15
|
143
|
+
[#16]: https://github.com/WhoopInc/vagrant-s3auth/issues/16
|
144
|
+
[#21]: https://github.com/WhoopInc/vagrant-s3auth/issues/21
|
145
|
+
[#26]: https://github.com/WhoopInc/vagrant-s3auth/issues/26
|
146
|
+
[#27]: https://github.com/WhoopInc/vagrant-s3auth/issues/27
|
147
|
+
[#31]: https://github.com/WhoopInc/vagrant-s3auth/issues/31
|
148
|
+
|
149
|
+
[Daemoen]: https://github.com/Daemoen
|
150
|
+
[andres-rojas]: https://github.com/andres-rojas
|
151
|
+
[companykitchen-dev]: https://github.com/companykitchen-dev
|
152
|
+
[kimpepper]: https://github.com/kimpepper
|
153
|
+
|
154
|
+
[vagrant-aws]: https://github.com/mitchellh/vagrant-aws
|
data/CONTRIBUTING.md
ADDED
@@ -0,0 +1,40 @@
|
|
1
|
+
# Contributing
|
2
|
+
|
3
|
+
We love contributions! Pull request away.
|
4
|
+
|
5
|
+
## Hacking
|
6
|
+
|
7
|
+
You'll need Ruby and Bundler, of course. Then, check out the code and install
|
8
|
+
the gems:
|
9
|
+
|
10
|
+
```bash
|
11
|
+
$ git clone git@github.com:WhoopInc/vagrant-s3auth.git
|
12
|
+
$ cd vagrant-s3auth
|
13
|
+
$ bundle
|
14
|
+
```
|
15
|
+
|
16
|
+
Hack away! When you're ready to test, either [run the test suite](TESTING.md) or
|
17
|
+
run Vagrant manually *using the configured Bundler environment*:
|
18
|
+
|
19
|
+
```bash
|
20
|
+
$ VAGRANT_LOG=debug bundle exec vagrant box add S3_URL
|
21
|
+
```
|
22
|
+
|
23
|
+
If you forget the `bundle exec`, you'll use system Vagrant—not the Vagrant that
|
24
|
+
has your plugin changes installed!
|
25
|
+
|
26
|
+
## Guidelines
|
27
|
+
|
28
|
+
We do ask that all contributions pass the linter and test suite. Travis will
|
29
|
+
automatically run these against your contribution once you submit the pull
|
30
|
+
request, but you can also run them locally as you go!
|
31
|
+
|
32
|
+
### Linting
|
33
|
+
|
34
|
+
```bash
|
35
|
+
$ rake lint
|
36
|
+
```
|
37
|
+
|
38
|
+
### Testing
|
39
|
+
|
40
|
+
See [TESTING](TESTING.md).
|
data/Gemfile
ADDED
@@ -0,0 +1,12 @@
|
|
1
|
+
source 'https://rubygems.org'
|
2
|
+
|
3
|
+
VAGRANT_REF = ENV['VAGRANT_VERSION'] || 'master'
|
4
|
+
|
5
|
+
group :development do
|
6
|
+
gem 'vagrant', git: 'git://github.com/mitchellh/vagrant.git', ref: VAGRANT_REF
|
7
|
+
end
|
8
|
+
|
9
|
+
group :plugins do
|
10
|
+
gemspec
|
11
|
+
gem 'vagrant-aws', git: 'git://github.com/mitchellh/vagrant-aws.git', ref: 'master'
|
12
|
+
end
|
data/LICENSE
ADDED
@@ -0,0 +1,19 @@
|
|
1
|
+
Copyright (c) 2014 WHOOP, Inc.
|
2
|
+
|
3
|
+
Permission is hereby granted, free of charge, to any person obtaining a copy
|
4
|
+
of this software and associated documentation files (the "Software"), to deal
|
5
|
+
in the Software without restriction, including without limitation the rights
|
6
|
+
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
7
|
+
copies of the Software, and to permit persons to whom the Software is
|
8
|
+
furnished to do so, subject to the following conditions:
|
9
|
+
|
10
|
+
The above copyright notice and this permission notice shall be included in
|
11
|
+
all copies or substantial portions of the Software.
|
12
|
+
|
13
|
+
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
14
|
+
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
15
|
+
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
16
|
+
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
17
|
+
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
18
|
+
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
|
19
|
+
THE SOFTWARE.
|
data/README.md
ADDED
@@ -0,0 +1,261 @@
|
|
1
|
+
# vagrant-s3auth
|
2
|
+
|
3
|
+
<a href="https://travis-ci.org/WhoopInc/vagrant-s3auth">
|
4
|
+
<img src="https://travis-ci.org/WhoopInc/vagrant-s3auth.svg?branch=master"
|
5
|
+
align="right">
|
6
|
+
</a>
|
7
|
+
|
8
|
+
Private, versioned Vagrant boxes hosted on Amazon S3.
|
9
|
+
|
10
|
+
## Installation
|
11
|
+
|
12
|
+
From the command line:
|
13
|
+
|
14
|
+
```bash
|
15
|
+
$ vagrant plugin install vagrant-s3auth
|
16
|
+
```
|
17
|
+
|
18
|
+
### Requirements
|
19
|
+
|
20
|
+
* [Vagrant][vagrant], v1.5.1+
|
21
|
+
|
22
|
+
## Usage
|
23
|
+
|
24
|
+
vagrant-s3auth will automatically sign requests for S3 URLs
|
25
|
+
|
26
|
+
```
|
27
|
+
s3://bucket.example.com/path/to/metadata
|
28
|
+
```
|
29
|
+
|
30
|
+
with your AWS access key.
|
31
|
+
|
32
|
+
This means you can host your team's sensitive, private boxes on S3, and use your
|
33
|
+
developers' existing AWS credentials to securely grant access.
|
34
|
+
|
35
|
+
If you've already got your credentials stored in the standard environment
|
36
|
+
variables:
|
37
|
+
|
38
|
+
```ruby
|
39
|
+
# Vagrantfile
|
40
|
+
|
41
|
+
Vagrant.configure('2') do |config|
|
42
|
+
config.vm.box = 'simple-secrets'
|
43
|
+
config.vm.box_url = 's3://example.com/secret.box'
|
44
|
+
end
|
45
|
+
```
|
46
|
+
|
47
|
+
### Configuration
|
48
|
+
|
49
|
+
#### AWS credentials
|
50
|
+
|
51
|
+
AWS credentials are read from the standard environment variables
|
52
|
+
`AWS_ACCESS_KEY_ID` and `AWS_SECRET_ACCESS_KEY`.
|
53
|
+
|
54
|
+
You may find it more convenient to use the
|
55
|
+
[centralized credential file][aws-cred-file] to create a credential
|
56
|
+
profile. Select the appropriate profile using the `AWS_PROFILE`
|
57
|
+
environment variable. For example:
|
58
|
+
|
59
|
+
```ini
|
60
|
+
# ~/.aws/credentials
|
61
|
+
|
62
|
+
[vagrant-s3auth]
|
63
|
+
aws_access_key_id = AKIA...
|
64
|
+
aws_secret_access_key = ...
|
65
|
+
```
|
66
|
+
|
67
|
+
```ruby
|
68
|
+
# Vagrantfile
|
69
|
+
|
70
|
+
ENV.delete_if { |name| name.start_with?('AWS_') } # Filter out rogue env vars.
|
71
|
+
ENV['AWS_PROFILE'] = 'vagrant-s3auth'
|
72
|
+
|
73
|
+
Vagrant.configure("2") { |config| ... }
|
74
|
+
```
|
75
|
+
|
76
|
+
**CAUTION:** If `AWS_ACCESS_KEY_ID` exists in your environment, it will
|
77
|
+
take precedence over `AWS_PROFILE`! Either take care to filter rogue
|
78
|
+
environment variables as above, or set the access key explicitly:
|
79
|
+
|
80
|
+
```ruby
|
81
|
+
access_key, secret_key = whizbang_inc_api.fetch_api_creds()
|
82
|
+
ENV['AWS_ACCESS_KEY_ID'] = access_key
|
83
|
+
ENV['AWS_SECRET_ACCESS_KEY'] = secret_key
|
84
|
+
```
|
85
|
+
|
86
|
+
The detected AWS access key and its source (environment variable or
|
87
|
+
profile file) will be displayed when the box is downloaded. If you use
|
88
|
+
multiple AWS credentials and see authentication errors, verify that the
|
89
|
+
correct access key was detected.
|
90
|
+
|
91
|
+
##### IAM configuration
|
92
|
+
|
93
|
+
IAM accounts will need at least the following policy:
|
94
|
+
|
95
|
+
```json
|
96
|
+
{
|
97
|
+
"Version": "2012-10-17",
|
98
|
+
"Statement": [
|
99
|
+
{
|
100
|
+
"Effect": "Allow",
|
101
|
+
"Action": "s3:GetObject",
|
102
|
+
"Resource": "arn:aws:s3:::BUCKET/*"
|
103
|
+
},
|
104
|
+
{
|
105
|
+
"Effect": "Allow",
|
106
|
+
"Action": ["s3:GetBucketLocation", "s3:ListBucket"],
|
107
|
+
"Resource": "arn:aws:s3:::BUCKET"
|
108
|
+
}
|
109
|
+
]
|
110
|
+
}
|
111
|
+
```
|
112
|
+
|
113
|
+
**IMPORTANT:** You must split up bucket and object permissions into separate policy statements as written above! See [Writing IAM Policies: How to grant access to an Amazon S3 Bucket][aws-s3-iam].
|
114
|
+
|
115
|
+
Also note that `s3:ListBucket` permission is not strictly necessary. vagrant-s3auth will never
|
116
|
+
make a ListBucket request, but without ListBucket permission, a misspelled box
|
117
|
+
name results in a 403 Forbidden error instead of a 404 Not Found error. ([Why?][aws-403-404])
|
118
|
+
|
119
|
+
See [AWS S3 Guide: User Policy Examples][aws-user-policy] for more.
|
120
|
+
|
121
|
+
#### S3 URLs
|
122
|
+
|
123
|
+
You can use any valid HTTP(S) URL for your object:
|
124
|
+
|
125
|
+
```bash
|
126
|
+
# path style
|
127
|
+
http://s3.amazonaws.com/bucket/resource
|
128
|
+
https://s3.amazonaws.com/bucket/resource
|
129
|
+
|
130
|
+
# host style
|
131
|
+
http://bucket.s3.amazonaws.com/resource
|
132
|
+
https://bucket.s3.amazonaws.com/resource
|
133
|
+
```
|
134
|
+
|
135
|
+
Or the S3 protocol shorthand
|
136
|
+
|
137
|
+
```
|
138
|
+
s3://bucket/resource
|
139
|
+
```
|
140
|
+
|
141
|
+
which expands to the path-style HTTPS URL.
|
142
|
+
|
143
|
+
##### Non-standard regions
|
144
|
+
|
145
|
+
If your bucket is not hosted in the US Standard region, you'll need to specify
|
146
|
+
the correct region endpoint as part of the URL:
|
147
|
+
|
148
|
+
```
|
149
|
+
https://s3-us-west-2.amazonaws.com/bucket/resource
|
150
|
+
https://bucket.s3-us-west-2.amazonaws.com/resource
|
151
|
+
```
|
152
|
+
|
153
|
+
Or just use the S3 protocol shorthand, which will automatically determine the
|
154
|
+
correct region at the cost of an extra API call:
|
155
|
+
|
156
|
+
```
|
157
|
+
s3://bucket/resource
|
158
|
+
```
|
159
|
+
|
160
|
+
For additional details on specifying S3 URLs, refer to the [S3 Developer Guide:
|
161
|
+
Virtual hosting of buckets][bucket-vhost].
|
162
|
+
|
163
|
+
#### Simple boxes
|
164
|
+
|
165
|
+
Simply point your `box_url` at a [supported S3 URL](#s3-url):
|
166
|
+
|
167
|
+
```ruby
|
168
|
+
Vagrant.configure('2') do |config|
|
169
|
+
config.vm.box = 'simple-secrets'
|
170
|
+
config.vm.box_url = 'https://s3.amazonaws.com/bucket.example.com/secret.box'
|
171
|
+
end
|
172
|
+
```
|
173
|
+
|
174
|
+
#### Vagrant Cloud
|
175
|
+
|
176
|
+
If you've got a box version on [Vagrant Cloud][vagrant-cloud], just point it at
|
177
|
+
a [supported S3 URL](#s3-urls):
|
178
|
+
|
179
|
+

|
180
|
+
|
181
|
+
Then configure your Vagrantfile like normal:
|
182
|
+
|
183
|
+
```ruby
|
184
|
+
Vagrant.configure('2') do |config|
|
185
|
+
config.vm.box = 'benesch/test-box'
|
186
|
+
end
|
187
|
+
```
|
188
|
+
|
189
|
+
#### Metadata (versioned) boxes
|
190
|
+
|
191
|
+
[Metadata boxes][metadata-boxes] were added to Vagrant in 1.5 and power Vagrant
|
192
|
+
Cloud. You can host your own metadata and bypass Vagrant Cloud entirely.
|
193
|
+
|
194
|
+
Essentially, you point your `box_url` at a [JSON metadata file][metadata-boxes]
|
195
|
+
that tells Vagrant where to find all possible versions:
|
196
|
+
|
197
|
+
```ruby
|
198
|
+
# Vagrantfile
|
199
|
+
|
200
|
+
Vagrant.configure('2') do |config|
|
201
|
+
config.vm.box = 'examplecorp/secrets'
|
202
|
+
config.vm.box_url = 's3://example.com/secrets'
|
203
|
+
end
|
204
|
+
```
|
205
|
+
|
206
|
+
```json
|
207
|
+
"s3://example.com/secrets"
|
208
|
+
|
209
|
+
{
|
210
|
+
"name": "examplecorp/secrets",
|
211
|
+
"description": "This box contains company secrets.",
|
212
|
+
"versions": [{
|
213
|
+
"version": "0.1.0",
|
214
|
+
"providers": [{
|
215
|
+
"name": "virtualbox",
|
216
|
+
"url": "https://s3.amazonaws.com/example.com/secrets.box",
|
217
|
+
"checksum_type": "sha1",
|
218
|
+
"checksum": "foo"
|
219
|
+
}]
|
220
|
+
}]
|
221
|
+
}
|
222
|
+
```
|
223
|
+
|
224
|
+
Within your metadata JSON, be sure to use [supported S3 URLs](#s3-urls).
|
225
|
+
|
226
|
+
Note that the metadata itself doesn't need to be hosted on S3. Any metadata that
|
227
|
+
points to a supported S3 URL will result in an authenticated request.
|
228
|
+
|
229
|
+
**IMPORTANT:** Your metadata *must* be served with `Content-Type: application/json`
|
230
|
+
or Vagrant will not recognize it as metadata! Most S3 uploader tools (and most
|
231
|
+
webservers) will *not* automatically set the `Content-Type` header when the file
|
232
|
+
extension is not `.json`. Consult your tool's documentation for instructions on
|
233
|
+
manually setting the content type.
|
234
|
+
|
235
|
+
## Auto-install
|
236
|
+
|
237
|
+
The beauty of Vagrant is the magic of "`vagrant up` and done." Making your users
|
238
|
+
install a plugin is lame.
|
239
|
+
|
240
|
+
But wait! Just stick some shell in your Vagrantfile:
|
241
|
+
|
242
|
+
```ruby
|
243
|
+
unless Vagrant.has_plugin?('vagrant-s3auth')
|
244
|
+
# Attempt to install ourself. Bail out on failure so we don't get stuck in an
|
245
|
+
# infinite loop.
|
246
|
+
system('vagrant plugin install vagrant-s3auth') || exit!
|
247
|
+
|
248
|
+
# Relaunch Vagrant so the plugin is detected. Exit with the same status code.
|
249
|
+
exit system('vagrant', *ARGV)
|
250
|
+
end
|
251
|
+
```
|
252
|
+
|
253
|
+
[aws-403-404]: https://forums.aws.amazon.com/thread.jspa?threadID=56531#jive-message-210346
|
254
|
+
[aws-cred-file]: http://blogs.aws.amazon.com/security/post/Tx3D6U6WSFGOK2H/A-New-and-Standardized-Way-to-Manage-Credentials-in-the-AWS-SDKs
|
255
|
+
[aws-s3-iam]: http://blogs.aws.amazon.com/security/post/Tx3VRSWZ6B3SHAV/Writing-IAM-Policies-How-to-grant-access-to-an-Amazon-S3-bucket
|
256
|
+
[aws-signed]: http://docs.aws.amazon.com/AmazonS3/latest/dev/RESTAuthentication.html#ConstructingTheAuthenticationHeader
|
257
|
+
[aws-user-policy]: http://docs.aws.amazon.com/AmazonS3/latest/dev/example-policies-s3.html
|
258
|
+
[bucket-vhost]: http://docs.aws.amazon.com/AmazonS3/latest/dev/VirtualHosting.html#VirtualHostingExamples
|
259
|
+
[metadata-boxes]: http://docs.vagrantup.com/v2/boxes/format.html
|
260
|
+
[vagrant]: http://vagrantup.com
|
261
|
+
[vagrant-cloud]: http://vagrantcloud.com
|