vagrant-s3auth 1.0.1 → 1.0.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 497d147d5fb4636bd0653dcc502062c8ee3ccbc1
4
- data.tar.gz: e1c85dcd893e04a9a74e65c3c6b709620d31cfde
3
+ metadata.gz: a06edc23d119892ccc9f71721ea458fc20485102
4
+ data.tar.gz: 2f402e2d249ab5db39a2e134030abd29b2d268ff
5
5
  SHA512:
6
- metadata.gz: 7f6a8b6450e73759490ff0ae77f365283f47fc591f2b3a45e9bde151495aed5e63ef780ec33a794f6e8d92d543f32f1e2327ad50f2f8f43a9dec370997c00e55
7
- data.tar.gz: df4ba738e97b5eceec09d7e02654b4bf3b2c17e74ada47db61f6507bb9a22d84f2cd241e62deb1dfab548f821cc838709cf6e8f0ad95f1ec671a171333f2c020
6
+ metadata.gz: d8e0d925b25da57e804918b179b956e15e09c83317f2aa1cdbc2ae3d9809128430b7c1f87ca3d951d446c34ca696dc1db9dc0ac94420e0225b388bea0d4924da
7
+ data.tar.gz: 9fdf565b0630c9efcb9a4aa1f220d4b01f2a6639a65b6d7c03687570d545ba6109cee4e2488552add9a56d631c347d5ef63f555607061d05f9dffd466a74d16f
data/.rubocop.yml CHANGED
@@ -2,7 +2,7 @@ Lint/AssignmentInCondition:
2
2
  Enabled: false
3
3
 
4
4
  Metrics/AbcSize:
5
- Max: 30
5
+ Max: 40
6
6
 
7
7
  Metrics/CyclomaticComplexity:
8
8
  Max: 12
@@ -12,7 +12,7 @@ Metrics/LineLength:
12
12
 
13
13
  Metrics/MethodLength:
14
14
  CountComments: false
15
- Max: 20
15
+ Max: 25
16
16
 
17
17
  Metrics/PerceivedComplexity:
18
18
  Max: 15
data/CHANGELOG.md CHANGED
@@ -1,3 +1,12 @@
1
+ ## 1.0.2
2
+
3
+ **25 December 2014**
4
+
5
+ Enhancements:
6
+
7
+ * provide better error messages when S3 API requests are denied [#9]
8
+ * include IAM policy recommendations in README
9
+
1
10
  ## 1.0.1
2
11
 
3
12
  **21 December 2014**
@@ -50,3 +59,4 @@ Enhancements:
50
59
 
51
60
  [#1]: https://github.com/WhoopInc/vagrant-s3auth/issues/1
52
61
  [#7]: https://github.com/WhoopInc/vagrant-s3auth/issues/7
62
+ [#9]: https://github.com/WhoopInc/vagrant-s3auth/issues/9
data/Gemfile.lock CHANGED
@@ -23,7 +23,7 @@ GIT
23
23
  PATH
24
24
  remote: .
25
25
  specs:
26
- vagrant-s3auth (1.0.1)
26
+ vagrant-s3auth (1.0.2)
27
27
  aws-sdk (~> 1.59.1)
28
28
 
29
29
  GEM
data/README.md CHANGED
@@ -60,6 +60,34 @@ ENV['AWS_ACCESS_KEY_ID'] = creds[0].chomp
60
60
  ENV['AWS_SECRET_ACCESS_KEY'] = creds[1].chomp
61
61
  ```
62
62
 
63
+ ##### IAM configuration
64
+
65
+ IAM accounts will need at least the following policy:
66
+
67
+ ```json
68
+ {
69
+ "Version": "2012-10-17",
70
+ "Statement": [
71
+ {
72
+ "Effect": "Allow",
73
+ "Action": "s3:GetObject",
74
+ "Resource": "arn:aws:s3:::BUCKET/*"
75
+ },
76
+ {
77
+ "Effect": "Allow",
78
+ "Action": ["s3:GetBucketLocation", "s3:ListBucket"],
79
+ "Resource": "arn:aws:s3:::BUCKET"
80
+ }
81
+ ]
82
+ }
83
+ ```
84
+
85
+ `s3:ListBucket` permission is not strictly necessary. vagrant-s3auth will never
86
+ make a ListBucket request, but without ListBucket permission, a misspelled box
87
+ name results in a 403 Forbidden error instead of a 404 Not Found error.
88
+
89
+ See [AWS S3 Guide: User Policy Examples][aws-user-policy] for more.
90
+
63
91
  #### S3 URLs
64
92
 
65
93
  You can use any valid HTTP(S) URL for your object:
@@ -188,6 +216,7 @@ end
188
216
 
189
217
 
190
218
  [aws-signed]: http://docs.aws.amazon.com/AmazonS3/latest/dev/RESTAuthentication.html#ConstructingTheAuthenticationHeader
219
+ [aws-user-policy]: http://docs.aws.amazon.com/AmazonS3/latest/dev/example-policies-s3.html
191
220
  [bucket-vhost]: http://docs.aws.amazon.com/AmazonS3/latest/dev/VirtualHosting.html#VirtualHostingExamples
192
221
  [metadata-boxes]: http://docs.vagrantup.com/v2/boxes/format.html
193
222
  [vagrant]: http://vagrantup.com
@@ -15,6 +15,10 @@ module VagrantPlugins
15
15
  error_key(:malformed_shorthand_url)
16
16
  end
17
17
 
18
+ class BucketLocationAccessDeniedError < VagrantS3AuthError
19
+ error_key(:bucket_location_access_denied_error)
20
+ end
21
+
18
22
  class S3APIError < VagrantS3AuthError
19
23
  error_key(:s3_api_error)
20
24
  end
@@ -27,6 +27,14 @@ module Vagrant
27
27
  end
28
28
 
29
29
  execute_curl_without_s3(options, subprocess_options, &data_proc)
30
+ rescue Errors::DownloaderError => e
31
+ if e.message =~ /403 Forbidden/
32
+ e.message << "\n\n"
33
+ e.message << I18n.t('vagrant_s3auth.errors.box_download_forbidden',
34
+ access_key: ENV['AWS_ACCESS_KEY_ID'],
35
+ bucket: s3_object && s3_object.bucket.name)
36
+ end
37
+ raise
30
38
  rescue AWS::Errors::MissingCredentialsError
31
39
  raise VagrantPlugins::S3Auth::Errors::MissingCredentialsError
32
40
  rescue AWS::Errors::Base => e
@@ -46,6 +46,10 @@ module VagrantPlugins
46
46
 
47
47
  def self.get_bucket_region(bucket)
48
48
  LOCATION_TO_REGION[AWS::S3.new.buckets[bucket].location_constraint]
49
+ rescue AWS::S3::Errors::AccessDenied
50
+ raise Errors::BucketLocationAccessDeniedError,
51
+ bucket: bucket,
52
+ access_key: ENV['AWS_ACCESS_KEY_ID']
49
53
  end
50
54
  end
51
55
  end
@@ -1,5 +1,5 @@
1
1
  module VagrantPlugins
2
2
  module S3Auth
3
- VERSION = '1.0.1'
3
+ VERSION = '1.0.2'
4
4
  end
5
5
  end
data/locales/en.yml CHANGED
@@ -21,3 +21,28 @@ en:
21
21
  Unable to communicate with Amazon S3 to download box. The S3 API reports:
22
22
 
23
23
  %{error}
24
+
25
+ bucket_location_access_denied_error: |-
26
+ Request for box's Amazon S3 region was denied.
27
+
28
+ This usually indicates that your user account with access key ID
29
+
30
+ %{access_key}
31
+
32
+ is misconfigured. Ensure your IAM policy allows the "s3:GetBucketLocation"
33
+ action for your bucket:
34
+
35
+ arn:aws:s3:::%{bucket}
36
+
37
+ box_download_forbidden: |-
38
+ This box is hosted on Amazon S3. A 403 Forbidden error usually indicates
39
+ that your user account with access key ID
40
+
41
+ %{access_key}
42
+
43
+ is misconfigured. Ensure your IAM policy allows the "s3:GetObject"
44
+ action for your bucket:
45
+
46
+ arn:aws:s3:::%{bucket}/*
47
+
48
+ It may also indicate the box does not exist, so check your spelling.
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: vagrant-s3auth
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.0.1
4
+ version: 1.0.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - Nikhil Benesch
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2014-12-21 00:00:00.000000000 Z
11
+ date: 2014-12-25 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: aws-sdk