vagrant-s3auth 1.0.1 → 1.0.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.rubocop.yml +2 -2
- data/CHANGELOG.md +10 -0
- data/Gemfile.lock +1 -1
- data/README.md +29 -0
- data/lib/vagrant-s3auth/errors.rb +4 -0
- data/lib/vagrant-s3auth/extension/downloader.rb +8 -0
- data/lib/vagrant-s3auth/util.rb +4 -0
- data/lib/vagrant-s3auth/version.rb +1 -1
- data/locales/en.yml +25 -0
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: a06edc23d119892ccc9f71721ea458fc20485102
|
4
|
+
data.tar.gz: 2f402e2d249ab5db39a2e134030abd29b2d268ff
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: d8e0d925b25da57e804918b179b956e15e09c83317f2aa1cdbc2ae3d9809128430b7c1f87ca3d951d446c34ca696dc1db9dc0ac94420e0225b388bea0d4924da
|
7
|
+
data.tar.gz: 9fdf565b0630c9efcb9a4aa1f220d4b01f2a6639a65b6d7c03687570d545ba6109cee4e2488552add9a56d631c347d5ef63f555607061d05f9dffd466a74d16f
|
data/.rubocop.yml
CHANGED
@@ -2,7 +2,7 @@ Lint/AssignmentInCondition:
|
|
2
2
|
Enabled: false
|
3
3
|
|
4
4
|
Metrics/AbcSize:
|
5
|
-
Max:
|
5
|
+
Max: 40
|
6
6
|
|
7
7
|
Metrics/CyclomaticComplexity:
|
8
8
|
Max: 12
|
@@ -12,7 +12,7 @@ Metrics/LineLength:
|
|
12
12
|
|
13
13
|
Metrics/MethodLength:
|
14
14
|
CountComments: false
|
15
|
-
Max:
|
15
|
+
Max: 25
|
16
16
|
|
17
17
|
Metrics/PerceivedComplexity:
|
18
18
|
Max: 15
|
data/CHANGELOG.md
CHANGED
@@ -1,3 +1,12 @@
|
|
1
|
+
## 1.0.2
|
2
|
+
|
3
|
+
**25 December 2014**
|
4
|
+
|
5
|
+
Enhancements:
|
6
|
+
|
7
|
+
* provide better error messages when S3 API requests are denied [#9]
|
8
|
+
* include IAM policy recommendations in README
|
9
|
+
|
1
10
|
## 1.0.1
|
2
11
|
|
3
12
|
**21 December 2014**
|
@@ -50,3 +59,4 @@ Enhancements:
|
|
50
59
|
|
51
60
|
[#1]: https://github.com/WhoopInc/vagrant-s3auth/issues/1
|
52
61
|
[#7]: https://github.com/WhoopInc/vagrant-s3auth/issues/7
|
62
|
+
[#9]: https://github.com/WhoopInc/vagrant-s3auth/issues/9
|
data/Gemfile.lock
CHANGED
data/README.md
CHANGED
@@ -60,6 +60,34 @@ ENV['AWS_ACCESS_KEY_ID'] = creds[0].chomp
|
|
60
60
|
ENV['AWS_SECRET_ACCESS_KEY'] = creds[1].chomp
|
61
61
|
```
|
62
62
|
|
63
|
+
##### IAM configuration
|
64
|
+
|
65
|
+
IAM accounts will need at least the following policy:
|
66
|
+
|
67
|
+
```json
|
68
|
+
{
|
69
|
+
"Version": "2012-10-17",
|
70
|
+
"Statement": [
|
71
|
+
{
|
72
|
+
"Effect": "Allow",
|
73
|
+
"Action": "s3:GetObject",
|
74
|
+
"Resource": "arn:aws:s3:::BUCKET/*"
|
75
|
+
},
|
76
|
+
{
|
77
|
+
"Effect": "Allow",
|
78
|
+
"Action": ["s3:GetBucketLocation", "s3:ListBucket"],
|
79
|
+
"Resource": "arn:aws:s3:::BUCKET"
|
80
|
+
}
|
81
|
+
]
|
82
|
+
}
|
83
|
+
```
|
84
|
+
|
85
|
+
`s3:ListBucket` permission is not strictly necessary. vagrant-s3auth will never
|
86
|
+
make a ListBucket request, but without ListBucket permission, a misspelled box
|
87
|
+
name results in a 403 Forbidden error instead of a 404 Not Found error.
|
88
|
+
|
89
|
+
See [AWS S3 Guide: User Policy Examples][aws-user-policy] for more.
|
90
|
+
|
63
91
|
#### S3 URLs
|
64
92
|
|
65
93
|
You can use any valid HTTP(S) URL for your object:
|
@@ -188,6 +216,7 @@ end
|
|
188
216
|
|
189
217
|
|
190
218
|
[aws-signed]: http://docs.aws.amazon.com/AmazonS3/latest/dev/RESTAuthentication.html#ConstructingTheAuthenticationHeader
|
219
|
+
[aws-user-policy]: http://docs.aws.amazon.com/AmazonS3/latest/dev/example-policies-s3.html
|
191
220
|
[bucket-vhost]: http://docs.aws.amazon.com/AmazonS3/latest/dev/VirtualHosting.html#VirtualHostingExamples
|
192
221
|
[metadata-boxes]: http://docs.vagrantup.com/v2/boxes/format.html
|
193
222
|
[vagrant]: http://vagrantup.com
|
@@ -15,6 +15,10 @@ module VagrantPlugins
|
|
15
15
|
error_key(:malformed_shorthand_url)
|
16
16
|
end
|
17
17
|
|
18
|
+
class BucketLocationAccessDeniedError < VagrantS3AuthError
|
19
|
+
error_key(:bucket_location_access_denied_error)
|
20
|
+
end
|
21
|
+
|
18
22
|
class S3APIError < VagrantS3AuthError
|
19
23
|
error_key(:s3_api_error)
|
20
24
|
end
|
@@ -27,6 +27,14 @@ module Vagrant
|
|
27
27
|
end
|
28
28
|
|
29
29
|
execute_curl_without_s3(options, subprocess_options, &data_proc)
|
30
|
+
rescue Errors::DownloaderError => e
|
31
|
+
if e.message =~ /403 Forbidden/
|
32
|
+
e.message << "\n\n"
|
33
|
+
e.message << I18n.t('vagrant_s3auth.errors.box_download_forbidden',
|
34
|
+
access_key: ENV['AWS_ACCESS_KEY_ID'],
|
35
|
+
bucket: s3_object && s3_object.bucket.name)
|
36
|
+
end
|
37
|
+
raise
|
30
38
|
rescue AWS::Errors::MissingCredentialsError
|
31
39
|
raise VagrantPlugins::S3Auth::Errors::MissingCredentialsError
|
32
40
|
rescue AWS::Errors::Base => e
|
data/lib/vagrant-s3auth/util.rb
CHANGED
@@ -46,6 +46,10 @@ module VagrantPlugins
|
|
46
46
|
|
47
47
|
def self.get_bucket_region(bucket)
|
48
48
|
LOCATION_TO_REGION[AWS::S3.new.buckets[bucket].location_constraint]
|
49
|
+
rescue AWS::S3::Errors::AccessDenied
|
50
|
+
raise Errors::BucketLocationAccessDeniedError,
|
51
|
+
bucket: bucket,
|
52
|
+
access_key: ENV['AWS_ACCESS_KEY_ID']
|
49
53
|
end
|
50
54
|
end
|
51
55
|
end
|
data/locales/en.yml
CHANGED
@@ -21,3 +21,28 @@ en:
|
|
21
21
|
Unable to communicate with Amazon S3 to download box. The S3 API reports:
|
22
22
|
|
23
23
|
%{error}
|
24
|
+
|
25
|
+
bucket_location_access_denied_error: |-
|
26
|
+
Request for box's Amazon S3 region was denied.
|
27
|
+
|
28
|
+
This usually indicates that your user account with access key ID
|
29
|
+
|
30
|
+
%{access_key}
|
31
|
+
|
32
|
+
is misconfigured. Ensure your IAM policy allows the "s3:GetBucketLocation"
|
33
|
+
action for your bucket:
|
34
|
+
|
35
|
+
arn:aws:s3:::%{bucket}
|
36
|
+
|
37
|
+
box_download_forbidden: |-
|
38
|
+
This box is hosted on Amazon S3. A 403 Forbidden error usually indicates
|
39
|
+
that your user account with access key ID
|
40
|
+
|
41
|
+
%{access_key}
|
42
|
+
|
43
|
+
is misconfigured. Ensure your IAM policy allows the "s3:GetObject"
|
44
|
+
action for your bucket:
|
45
|
+
|
46
|
+
arn:aws:s3:::%{bucket}/*
|
47
|
+
|
48
|
+
It may also indicate the box does not exist, so check your spelling.
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: vagrant-s3auth
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.0.
|
4
|
+
version: 1.0.2
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Nikhil Benesch
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2014-12-
|
11
|
+
date: 2014-12-25 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: aws-sdk
|