vagrant-s3auth 0.1.0 → 1.0.0.rc1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 00a05901c599f47f9266a5d9e718db340f3e61d5
-  data.tar.gz: da85d51f703a4e8f6f756a938a344994cd3b57b4
+  metadata.gz: 7eca0ac3297ce700dc01ce1324d0749881a3e734
+  data.tar.gz: 5356d66628358d58497b437fdf5b1757a6f7279e
 SHA512:
-  metadata.gz: 0bf0b648e79f34ad51b30c8b24f75a3f6505450b536b13da049b3d3d7a707d971d1a75bea88c1e0d2fc3ba2145115974ebbd2d48d803a828774ed643169702c0
-  data.tar.gz: 6a34c9a3229ebcd60d08f4b6eeb825efbf01b27cb27cf7aa615bed66ce26da0e7633f795f52ad8dc81564c3370279f1d559428d3ecd7238815700d80dba22c47
+  metadata.gz: 235f0f650c517820d65990d5e76c226849198c8b65d405e5314ad9569ed9d32fbc63725eb616ccc753d2c8849f7f66219c50b9cab9f740ab0a96b9a82b75bb37
+  data.tar.gz: c64a7083938c0c32e07b80949f76a2c7f4ab837220cfd460b757ef1454aeda0e5323816a5c6b6a8e5e5d47607d81f4629d3f25f37fb07381386dffced83ecacd

data/.gitignore

@@ -1,4 +1,5 @@
-*.gem
-.vagrant
+.DS_Store
+
 pkg
-Vagrantfile
+*.gem
+.env

data/.rubocop.yml

@@ -1,6 +1,22 @@
 Lint/AssignmentInCondition:
   Enabled: false
 
+Metrics/AbcSize:
+  Max: 30
+
+Metrics/CyclomaticComplexity:
+  Max: 10
+
+Metrics/LineLength:
+  Max: 100
+
+Metrics/MethodLength:
+  CountComments: false
+  Max: 20
+
+Metrics/PerceivedComplexity:
+  Max: 12
+
 Style/AlignParameters:
   EnforcedStyle: with_fixed_indentation
 
@@ -10,12 +26,8 @@ Style/Documentation:
 Style/FileName:
   Enabled: false
 
-Style/LineLength:
-  Max: 100
-
-Style/MethodLength:
-  CountComments: false  # count full line comments?
-  Max: 20
+Style/RescueModifier:
+  Enabled: false
 
 Style/SignalException:
   EnforcedStyle: only_raise

data/.ruby-version

@@ -0,0 +1 @@
+2.1.1

data/.travis.yml

@@ -0,0 +1,43 @@
+language: ruby
+rvm:
+- 2.1
+
+before_install:
+# Install Bats, the Bash testing framework
+- git clone https://github.com/sstephenson/bats.git
+- (cd bats; sudo ./install.sh /usr/local)
+
+# Vagrant from source doesn't ship with `bsdtar`
+- sudo apt-get install -qy bsdtar
+
+# Speed up Nokogiri installation substantially by using precompiled libxslt
+- sudo apt-get install -qy libxslt1.1
+- bundle config build.nokogiri --use-system-libraries
+
+# Older versions of Vagrant can't handle the current version of Bundler, which
+# ships with Travis.
+- rvm @default,@global do gem uninstall bundler --all --executables
+- gem install bundler -v '~> 1.5.2'
+- bundle --version
+
+# Allow dynamically changing the bundled Vagrant version via environment
+# variables.
+- rm Gemfile.lock
+
+before_script:
+- test/setup.rb
+
+after_script:
+- test/cleanup.rb
+
+env:
+  global:
+  - VAGRANT_S3AUTH_ATLAS_BOX_NAME="travis-$TRAVIS_JOB_NUMBER"
+  - VAGRANT_S3AUTH_BUCKET="travis-$TRAVIS_JOB_NUMBER.vagrant-s3auth.com"
+  - VAGRANT_S3AUTH_REGION_NONSTANDARD=eu-west-1
+  - VAGRANT_S3AUTH_BOX_BASE=minimal
+  matrix:
+  - VAGRANT_VERSION=master
+  - VAGRANT_VERSION=v1.7.1
+  - VAGRANT_VERSION=v1.6.5
+  - VAGRANT_VERSION=v1.5.0

data/CHANGELOG.md

@@ -1,3 +1,16 @@
+## 1.0.0
+
+**Unreleased**
+
+Enhancements:
+
+* passes a complete acceptance test suite
+* detects full and shorthand S3 URLs at all download stages
+
+Fixes:
+
+* automatically determines region for shorthand S3 URLs ([#1], [#7])
+
 ## 0.1.0
 
 **13 June 2014**
@@ -23,3 +36,4 @@ Enhancements:
 * initial release
 
 [#1]: https://github.com/WhoopInc/vagrant-s3auth/issues/1
+[#7]: https://github.com/WhoopInc/vagrant-s3auth/issues/7

data/CONTRIBUTING.md

@@ -0,0 +1,40 @@
+# Contributing
+
+We love contributions! Pull request away.
+
+## Hacking
+
+You'll need Ruby and Bundler, of course. Then, check out the code and install
+the gems:
+
+```bash
+$ git clone git@github.com:WhoopInc/vagrant-s3auth.git
+$ cd vagrant-s3auth
+$ bundle
+```
+
+Hack away! When you're ready to test, either [run the test suite](TESTING.md) or
+run Vagrant manually *using the configured Bundler environment*:
+
+```bash
+$ VAGRANT_LOG=debug bundle exec vagrant box add S3_URL
+```
+
+If you forget the `bundle exec`, you'll use system Vagrant—not the Vagrant that
+has your plugin changes installed!
+
+## Guidelines
+
+We do ask that all contributions pass the linter and test suite. Travis will
+automatically run these against your contribution once you submit the pull
+request, but you can also run them locally as you go!
+
+### Linting
+
+```bash
+$ rake lint
+```
+
+### Testing
+
+See [TESTING](TESTING.md).

data/Gemfile

@@ -1,11 +1,11 @@
 source 'https://rubygems.org'
 
-group :plugins do
-  gem 'vagrant-s3auth', path: '.'
-end
+VAGRANT_REF = ENV['VAGRANT_VERSION'] || 'master'
 
 group :development do
-  gem 'rake', '~> 10.3.2'
-  gem 'rubocop', '~> 0.23.0'
-  gem 'vagrant', git: 'git://github.com/mitchellh/vagrant.git'
+  gem 'vagrant', git: 'git://github.com/mitchellh/vagrant.git', ref: VAGRANT_REF
+end
+
+group :plugins do
+  gemspec
 end

data/Gemfile.lock

@@ -1,24 +1,30 @@
 GIT
   remote: git://github.com/mitchellh/vagrant.git
-  revision: f0cd8511ed3784415df14aa17b7e4b4935733b63
+  revision: 686e940a8474a8733be40b32e5d9107d557c627b
+  ref: master
   specs:
-    vagrant (1.6.4.dev)
-      bundler (>= 1.5.2, < 1.7.0)
+    vagrant (1.7.2.dev)
+      bundler (>= 1.5.2, < 1.8.0)
       childprocess (~> 0.5.0)
       erubis (~> 2.7.0)
+      hashicorp-checkpoint (~> 0.1.1)
       i18n (~> 0.6.0)
-      listen (~> 2.7.1)
+      listen (~> 2.7.11)
       log4r (~> 1.1.9, < 1.1.11)
       net-scp (~> 1.1.0)
+      net-sftp (~> 2.1)
       net-ssh (>= 2.6.6, < 2.10.0)
+      nokogiri (= 1.6.3.1)
       rb-kqueue (~> 0.2.0)
+      rest-client (>= 1.6.0, < 2.0)
       wdm (~> 0.1.0)
       winrm (~> 1.1.3)
 
 PATH
   remote: .
   specs:
-    vagrant-s3auth (0.1.0)
+    vagrant-s3auth (1.0.0.rc1)
+      aws-sdk (~> 1.59.1)
 
 GEM
   remote: https://rubygems.org/
@@ -27,23 +33,35 @@ GEM
       gyoku (>= 0.4.0)
       nokogiri
     ast (2.0.0)
+    astrolabe (1.3.0)
+      parser (>= 2.2.0.pre.3, < 3.0)
+    aws-sdk (1.59.1)
+      aws-sdk-v1 (= 1.59.1)
+    aws-sdk-v1 (1.59.1)
+      json (~> 1.4)
+      nokogiri (>= 1.4.4)
     builder (3.2.2)
-    celluloid (0.15.2)
-      timers (~> 1.1.0)
-    childprocess (0.5.3)
+    celluloid (0.16.0)
+      timers (~> 4.0.0)
+    childprocess (0.5.5)
       ffi (~> 1.0, >= 1.0.11)
     erubis (2.7.0)
-    ffi (1.9.3)
+    ffi (1.9.6)
     gssapi (1.0.3)
       ffi (>= 1.0.1)
-    gyoku (1.1.1)
+    gyoku (1.2.2)
       builder (>= 2.1.2)
-    httpclient (2.4.0)
+    hashicorp-checkpoint (0.1.4)
+    hitimes (1.2.2)
+    http (0.6.3)
+      http_parser.rb (~> 0.6.0)
+    http_parser.rb (0.6.0)
+    httpclient (2.5.3.3)
     httpi (0.9.7)
       rack
-    i18n (0.6.9)
+    i18n (0.6.11)
     json (1.8.1)
-    listen (2.7.8)
+    listen (2.7.12)
       celluloid (>= 0.15.2)
       rb-fsevent (>= 0.9.3)
       rb-inotify (>= 0.9)
@@ -52,15 +70,19 @@ GEM
     logging (1.8.2)
       little-plugger (>= 1.1.3)
       multi_json (>= 1.8.4)
+    mime-types (2.4.3)
     mini_portile (0.6.0)
     multi_json (1.10.1)
     net-scp (1.1.2)
       net-ssh (>= 2.6.5)
+    net-sftp (2.1.2)
+      net-ssh (>= 2.6.5)
     net-ssh (2.9.1)
-    nokogiri (1.6.2.1)
+    netrc (0.10.1)
+    nokogiri (1.6.3.1)
       mini_portile (= 0.6.0)
     nori (1.1.5)
-    parser (2.1.9)
+    parser (2.2.0.pre.8)
       ast (>= 1.1, < 3.0)
       slop (~> 3.4, >= 3.4.5)
     powerpack (0.0.9)
@@ -72,13 +94,16 @@ GEM
       ffi (>= 0.5.0)
     rb-kqueue (0.2.3)
       ffi (>= 0.5.0)
-    rubocop (0.23.0)
-      json (>= 1.7.7, < 2)
-      parser (~> 2.1.9)
+    rest-client (1.7.2)
+      mime-types (>= 1.16, < 3.0)
+      netrc (~> 0.7)
+    rubocop (0.28.0)
+      astrolabe (~> 1.3)
+      parser (>= 2.2.0.pre.7, < 3.0)
       powerpack (~> 0.0.6)
       rainbow (>= 1.99.1, < 3.0)
       ruby-progressbar (~> 1.4)
-    ruby-progressbar (1.5.1)
+    ruby-progressbar (1.7.0)
     rubyntlm (0.1.1)
     savon (0.9.5)
       akami (~> 1.0)
@@ -88,9 +113,10 @@ GEM
       nokogiri (>= 1.4.0)
       nori (~> 1.0)
       wasabi (~> 1.0)
-    slop (3.5.0)
-    timers (1.1.0)
-    uuidtools (2.1.4)
+    slop (3.6.0)
+    timers (4.0.1)
+      hitimes
+    uuidtools (2.1.5)
     wasabi (1.0.0)
       nokogiri (>= 1.4.0)
     wdm (0.1.0)
@@ -107,7 +133,9 @@ PLATFORMS
   ruby
 
 DEPENDENCIES
+  bundler (~> 1.5)
+  http (~> 0.6.3)
   rake (~> 10.3.2)
-  rubocop (~> 0.23.0)
+  rubocop (~> 0.28.0)
   vagrant!
   vagrant-s3auth!

data/README.md

@@ -1,5 +1,10 @@
 # vagrant-s3auth
 
+<a href="https://travis-ci.org/WhoopInc/vagrant-s3auth">
+  <img src="https://travis-ci.org/WhoopInc/vagrant-s3auth.svg?branch=1.0-cleanup"
+    align="right">
+</a>
+
 Private, versioned Vagrant boxes hosted on Amazon S3.
 
 ## Installation
@@ -16,23 +21,18 @@ $ vagrant plugin install vagrant-s3auth
 
 ## Usage
 
-vagrant-s3auth will automatically convert S3 box URLs
+vagrant-s3auth will automatically sign requests for S3 URLs
 
 ```
 s3://bucket.example.com/path/to/metadata
 ```
 
-to URLs [signed with your AWS access key][aws-signed]:
-
-```
-https://s3.amazonaws.com/bucket.example.com/path/to/metadata?AWSAccessKeyId=
-    AKIAIOSFODNN7EXAMPLE&Expires=1141889120&Signature=vjbyPxybdZaNmGa%2ByT272YEAiv4%3D
-```
+with your AWS access key.
 
 This means you can host your team's sensitive, private boxes on S3, and use your
 developers' existing AWS credentials to securely grant access.
 
-If you've already got your credentials stored in the appropriate environment
+If you've already got your credentials stored in the standard environment
 variables:
 
 ```ruby
@@ -56,59 +56,80 @@ following at the top of your Vagrantfile:
 
 ```ruby
 creds = File.read(File.expand_path('~/.company-aws-creds')).lines
-ENV['AWS_ACCESS_KEY_ID']     = creds[0]
-ENV['AWS_SECRET_ACCESS_KEY'] = creds[1]
+ENV['AWS_ACCESS_KEY_ID']     = creds[0].chomp
+ENV['AWS_SECRET_ACCESS_KEY'] = creds[1].chomp
 ```
 
+#### S3 URLs
 
-#### Simple boxes
+Note that your URL must use the path style of specifying the bucket:
 
-Simply point your `box_url` at Amazon S3:
+```
+http://s3.amazonaws.com/bucket/resource
+https://s3.amazonaws.com/bucket/resource
+```
 
-```ruby
-Vagrant.configure('2') do |config|
-  config.vm.box     = 'simple-secrets'
-  config.vm.box_url = 'https://s3.amazonaws.com/bucket.example.com/secret.box'
-end
+Or the S3 protocol shorthand
+
+```
+s3://bucket/resource
 ```
 
-Note that your URL must be of the form
+which expands to the path-style HTTPS URL.
+
+Virtual host-style S3 URLs, where the bucket is specified in the hostname, are
+**not detected**!
 
 ```
-https://s3.amazonaws.com/bucket/resource
+https://bucket.s3-region.amazonaws.com/resource # ignored
 ```
 
-Other valid forms of S3 URLs (`bucket.s3.amazonaws.com/resource.box`, etc.) will
-not be detected by vagrant-s3auth.
+##### Non-standard regions
 
-As shorthand, `s3://` URLs will be automatically transformed. This is equivalent
-to the above:
+If your bucket is not hosted in the US Standard region, you'll need to specify
+the correct region endpoint as part of the URL:
+
+```
+https://s3-us-west-2.amazonaws.com/bucket/resource
+```
+
+Or just use the S3 protocol shorthand, which will automatically determine the
+correct region at the cost of an extra API call:
+
+```
+s3://bucket/resource
+```
+
+For additional details on specifying S3 URLs, refer to the [S3 Developer Guide:
+Virtual hosting of buckets][bucket-vhost].
+
+#### Simple boxes
+
+Simply point your `box_url` at a [supported S3 URL](#s3-url):
 
 ```ruby
 Vagrant.configure('2') do |config|
   config.vm.box     = 'simple-secrets'
-  config.vm.box_url = 's3://example.com/secret.box'
+  config.vm.box_url = 'https://s3.amazonaws.com/bucket.example.com/secret.box'
 end
 ```
 
-**Note:** Simple box URLs must end in `.box`, or they'll be interpreted as
-[metadata boxes](#metadata-boxes).
-
 #### Vagrant Cloud
 
-Boxes on [Vagrant Cloud][vagrant-cloud] have support for versioning, multiple
-providers, and a GUI management tool. If you've got a box version on Vagrant
-Cloud.
+If you've got a box version on [Vagrant Cloud][vagrant-cloud], just point it at
+a [supported S3 URL](#s3-urls):
 
-Then just configure your Vagrantfile like normal:
+![Adding a S3 box to Vagrant Cloud](https://cloud.githubusercontent.com/assets/882976/3273399/d5d70966-f323-11e3-8393-22195050aeac.png)
+
+Then configure your Vagrantfile like normal:
 
 ```ruby
 Vagrant.configure('2') do |config|
-  config.vm.box = 'examplecorp/secrets'
+  config.vm.box = 'benesch/test-box'
 end
 ```
 
-#### Metadata boxes
+#### Metadata (versioned) boxes
 
 [Metadata boxes][metadata-boxes] were added to Vagrant in 1.5 and power Vagrant
 Cloud. You can host your own metadata and bypass Vagrant Cloud entirely.
@@ -143,27 +164,12 @@ end
 }
 ```
 
-**Note:** box URLs in metadata JSON must use the
-`s3.amazonaws.com/bucket.example.com/resource.box` URL form, or it won't get
-auto-signed.
-
-### Rules
-
-To sum up:
-
-* Only the `box_url` setting can use the `s3://` shorthand. URLs entered on the
-  Vagrant Cloud management interface and in JSON metadata must use the full
-  HTTPS URL.
-
-* The full HTTPS URL must be of the form
-  `https://s3.amazonaws.com/bucket.example.com/resource.box`, or it won't be
-  signed properly.
-
-* Metadata box files must *not* end in `.box`.
+Within your metadata JSON, be sure to use [supported S3 URLs](#s3-urls).
 
-* Actual box files *must* end in `.box`.
+Note that the metadata itself doesn't need to be hosted on S3. Any metadata that
+points to a supported S3 URL will result in an authenticated request.
 
-### Auto-install
+## Auto-install
 
 The beauty of Vagrant is the magic of "`vagrant up` and done." Making your users
 install a plugin is lame.
@@ -182,7 +188,8 @@ end
 ```
 
 
-[aws-signed]: http://docs.aws.amazon.com/AmazonS3/latest/dev/RESTAuthentication.html#RESTAuthenticationQueryStringAuth
+[aws-signed]: http://docs.aws.amazon.com/AmazonS3/latest/dev/RESTAuthentication.html#ConstructingTheAuthenticationHeader
+[bucket-vhost]: http://docs.aws.amazon.com/AmazonS3/latest/dev/VirtualHosting.html#VirtualHostingExamples
 [metadata-boxes]: http://docs.vagrantup.com/v2/boxes/format.html
 [vagrant]: http://vagrantup.com
 [vagrant-cloud]: http://vagrantcloud.com

data/Rakefile

@@ -8,4 +8,8 @@ Bundler::GemHelper.install_tasks
 
 RuboCop::RakeTask.new(:lint)
 
-task default: %w(lint)
+task :test do
+  sh 'bats test/run.bats'
+end
+
+task default: %w(lint test)

data/TESTING.md

@@ -0,0 +1,70 @@
+# Testing
+
+No unit testing, since the project is so small. But a full suite of acceptance
+tests that run using [Bats: Bash Automated Testing System][bats]! Basically, the
+acceptance tests run `vagrant box add S3_URL` with a bunch of S3 URLs and box
+types, and assert that everything works!
+
+See [the .travis.yml CI configuration](.travis.yml) for a working example.
+
+## Environment variables
+
+You'll need to export the below. Recommended values included when not sensitive.
+
+```bash
+# AWS credentials with permissions to create S3 buckets
+export AWS_ACCESS_KEY_ID=
+export AWS_SECRET_ACCESS_KEY=
+
+# Atlas (Vagrant Cloud) API credentials
+export ATLAS_USERNAME="vagrant-s3auth"
+export ATLAS_TOKEN
+
+# Base name of bucket. Must be unique.
+export VAGRANT_S3AUTH_BUCKET="testing.vagrant-s3auth.com"
+
+# If specified as 'metadata', will upload 'box/metadata' and 'box/metadata.box'
+# to each S3 bucket
+export VAGRANT_S3AUTH_BOX_BASE="minimal"
+
+# Base name of Atlas (Vagrant Cloud) box. Atlas boxes can never re-use a once
+# existing name, so include a timestamp or random string in the name.
+export VAGRANT_S3AUTH_ATLAS_BOX_NAME="vagrant-s3auth-192458"
+
+# Additional S3 region to use in testing. US Standard is always used.
+export VAGRANT_S3AUTH_REGION_NONSTANDARD="eu-west-1"
+```
+
+[bats]: https://github.com/sstephenson/bats
+
+## Running tests
+
+You'll need [Bats][bats] installed! Then:
+
+```bash
+# export env vars as described
+$ test/setup.rb
+$ rake test
+# hack hack hack
+$ rake test
+$ test/cleanup.rb
+```
+
+## Scripts
+
+### test/setup.rb
+
+Creates two S3 buckets—one in US Standard (`us-east-1`) and one in
+`$VAGRANT_S3AUTH_REGION_NONSTANDARD`, both with the contents of the box
+directory.
+
+Then creates an Atlas (Vagrant Cloud) box with one version with one VirtualBox
+provider that points to one of the S3 boxes at random.
+
+### test/cleanup.rb
+
+Destroys S3 buckets and Atlas box.
+
+## run.bats
+
+Attempts to `vagrant box add` the boxes on S3 in every way possible.

data/lib/vagrant-s3auth.rb

@@ -4,12 +4,11 @@ require 'vagrant-s3auth/plugin'
 
 module VagrantPlugins
   module S3Auth
-    S3_HOST         = 's3.amazonaws.com'
-    S3_HOST_MATCHER = /^s3([[:alnum:]\-\.]+)?\.amazonaws\.com$/
-    BOX_URL_MATCHER = %r{^s3://(?<bucket>[[:alnum:]\-\.]+)(?<resource>.*)/?}
-
     def self.source_root
       @source_root ||= Pathname.new(File.expand_path('../../', __FILE__))
     end
+
+    I18n.load_path << File.expand_path('locales/en.yml', source_root)
+    I18n.reload!
   end
 end

data/lib/vagrant-s3auth/errors.rb

@@ -10,6 +10,14 @@ module VagrantPlugins
       class MissingCredentialsError < VagrantS3AuthError
         error_key(:missing_credentials)
       end
+
+      class MalformedShorthandURLError < VagrantS3AuthError
+        error_key(:malformed_shorthand_url)
+      end
+
+      class S3APIError < VagrantS3AuthError
+        error_key(:s3_api_error)
+      end
     end
   end
 end

data/lib/vagrant-s3auth/extensions.rb

@@ -1,2 +1 @@
-require_relative 'extensions/box_add'
 require_relative 'extensions/downloader'

data/lib/vagrant-s3auth/extensions/downloader.rb

@@ -1,7 +1,7 @@
 require 'uri'
 
 require 'vagrant/util/downloader'
-require 'vagrant-s3auth/util/authenticator'
+require 'vagrant-s3auth/util'
 
 module Vagrant
   module Util
@@ -13,22 +13,24 @@ module Vagrant
           @logger.info("s3auth: Ignoring unparsable URL: #{url}")
         end
 
-        if url && s3_url?(url)
-          @logger.info("s3auth: Signing S3 URL: #{url}")
+        if url && (s3_object = VagrantPlugins::S3Auth::Util.s3_object_for(url))
+          @logger.info("s3auth: Discovered S3 URL: #{url}")
+          @logger.debug("s3auth: Bucket: #{s3_object.bucket.name.inspect}")
+          @logger.debug("s3auth: Key: #{s3_object.key.inspect}")
 
-          method = options.any? { |o| o == '-I' } ? 'HEAD' : 'GET'
-          headers = VagrantPlugins::S3Auth::Util::Authenticator.sign(url, method)
+          method = options.any? { |o| o == '-I' } ? :head : :get
 
-          headers.each do |name, value|
-            options << '-H' << "#{name}: #{value}"
-          end
+          @logger.info("s3auth: Generating signed URL for #{method.upcase}")
+
+          options.pop
+          options << VagrantPlugins::S3Auth::Util.s3_url_for(method, s3_object).to_s
         end
 
         execute_curl_without_s3(options, subprocess_options, &data_proc)
-      end
-
-      def s3_url?(url)
-        url.host =~ VagrantPlugins::S3Auth::S3_HOST_MATCHER
+      rescue AWS::Errors::MissingCredentialsError
+        raise VagrantPlugins::S3Auth::Errors::MissingCredentialsError
+      rescue AWS::Errors::Base => e
+        raise VagrantPlugins::S3Auth::Errors::S3APIError, error: e
       end
 
       alias_method :execute_curl_without_s3, :execute_curl

data/lib/vagrant-s3auth/plugin.rb

@@ -19,11 +19,6 @@ module VagrantPlugins
       description <<-DESC
         Use versioned Vagrant boxes with S3 authentication.
       DESC
-
-      def self.setup_i18n
-        I18n.load_path << File.expand_path('locales/en.yml', VagrantPlugins::S3Auth.source_root)
-        I18n.reload!
-      end
     end
   end
 end

data/lib/vagrant-s3auth/util.rb

@@ -0,0 +1,52 @@
+require 'aws'
+require 'log4r'
+require 'net/http'
+require 'uri'
+
+module VagrantPlugins
+  module S3Auth
+    module Util
+      S3_HOST_MATCHER = /^s3([[:alnum:]\-\.]+)?\.amazonaws\.com$/
+
+      LOCATION_TO_REGION = Hash.new { |_, key| key }.merge(
+        nil => 'us-east-1',
+        'EU' => 'eu-west-1'
+      )
+
+      def self.s3_object_for(url, follow_redirect = true)
+        url = URI(url)
+
+        if url.scheme == 's3'
+          bucket = url.host
+          key = url.path[1..-1]
+          raise Errors::MalformedShorthandURLError, url: url unless bucket && key
+        elsif url.host =~ S3_HOST_MATCHER
+          components = url.path.split('/').delete_if(&:empty?)
+          bucket = components.shift
+          key = components.join('/')
+        end
+
+        if bucket && key
+          AWS::S3.new(region: get_bucket_region(bucket))
+            .buckets[bucket].objects[key]
+        elsif follow_redirect
+          response = Net::HTTP.get_response(url) rescue nil
+          if response.is_a?(Net::HTTPRedirection)
+            s3_object_for(response['location'], false)
+          end
+        end
+      end
+
+      def self.s3_url_for(method, s3_object)
+        s3_object.url_for(method,
+          expires: 10,
+          signature_version: :v4,
+          force_path_style: true)
+      end
+
+      def self.get_bucket_region(bucket)
+        LOCATION_TO_REGION[AWS::S3.new.buckets[bucket].location_constraint]
+      end
+    end
+  end
+end

data/lib/vagrant-s3auth/version.rb

@@ -1,5 +1,5 @@
 module VagrantPlugins
   module S3Auth
-    VERSION = '0.1.0'
+    VERSION = '1.0.0.rc1'
   end
 end

data/locales/en.yml

@@ -7,4 +7,17 @@ en:
         Ensure the following variables are set in your environment, or set
         them at the top of your Vagrantfile:
 
-            %{missing_variables}
+            AWS_ACCESS_KEY_ID
+            AWS_SECRET_ACCESS_KEY
+
+      malformed_shorthand_url: |-
+        Malformed shorthand S3 box URL:
+
+            %{url}
+
+        Check your `box_url` setting.
+
+      s3_api_error: |-
+        Unable to communicate with Amazon S3 to download box. The S3 API reports:
+
+            %{error}

data/test/box/minimal

@@ -0,0 +1,13 @@
+{
+  "name": "vagrant-s3auth/minimal",
+  "description": "This box contains company secrets.",
+  "versions": [{
+    "version": "1.0.1",
+    "providers": [{
+      "name": "virtualbox",
+      "url": "%{box_url}",
+      "checksum_type": "sha1",
+      "checksum": "8ea536dd3092cf159f02405edd44ded5b62ba4e6"
+    }]
+  }]
+}

data/test/cleanup.rb

@@ -0,0 +1,15 @@
+#!/usr/bin/env ruby
+
+require 'bundler/setup'
+require 'aws'
+
+require_relative 'support'
+
+[REGION_STANDARD, REGION_NONSTANDARD].each do |region|
+  s3 = AWS::S3.new(region: region)
+  bucket = s3.buckets["#{region}.#{BUCKET}"]
+  bucket.delete! if bucket.exists?
+end
+
+atlas = Atlas.new(ATLAS_TOKEN, ATLAS_USERNAME)
+atlas.delete_box(ATLAS_BOX_NAME)

data/test/run.bats

@@ -0,0 +1,93 @@
+#!/usr/bin/env bats
+
+missing_vars=()
+
+require_var() {
+  [[ "${!1}" ]] || missing_vars+=("$1")
+}
+
+require_var AWS_ACCESS_KEY_ID
+require_var AWS_SECRET_ACCESS_KEY
+require_var ATLAS_TOKEN
+require_var ATLAS_USERNAME
+require_var VAGRANT_S3AUTH_BUCKET
+require_var VAGRANT_S3AUTH_BOX_BASE
+require_var VAGRANT_S3AUTH_ATLAS_BOX_NAME
+require_var VAGRANT_S3AUTH_REGION_NONSTANDARD
+
+if [[ ${#missing_vars[*]} -gt 0 ]]; then
+  echo "Missing required environment variables:"
+  printf '    %s\n' "${missing_vars[@]}"
+  exit 1
+fi
+
+teardown() {
+  bundle exec vagrant box remove "$VAGRANT_S3AUTH_BOX_BASE" > /dev/null 2>&1 || true
+  bundle exec vagrant box remove "vagrant-s3auth/$VAGRANT_S3AUTH_BOX_BASE" > /dev/null 2>&1 || true
+  bundle exec vagrant box remove "$ATLAS_USERNAME/$VAGRANT_S3AUTH_ATLAS_BOX_NAME" > /dev/null 2>&1 || true
+}
+
+@test "vagrant cloud" {
+  bundle exec vagrant box add "$ATLAS_USERNAME/$VAGRANT_S3AUTH_ATLAS_BOX_NAME"
+}
+
+@test "simple box with full standard url" {
+  bundle exec vagrant box add \
+    --name "$VAGRANT_S3AUTH_BOX_BASE" \
+    "https://s3.amazonaws.com/us-east-1.$VAGRANT_S3AUTH_BUCKET/$VAGRANT_S3AUTH_BOX_BASE.box"
+}
+
+@test "simple box with shorthand standard url" {
+  bundle exec vagrant box add \
+    --name "$VAGRANT_S3AUTH_BOX_BASE" \
+    "s3://us-east-1.$VAGRANT_S3AUTH_BUCKET/$VAGRANT_S3AUTH_BOX_BASE.box"
+}
+
+@test "simple box with full nonstandard url" {
+  bundle exec vagrant box add \
+    --name "$VAGRANT_S3AUTH_BOX_BASE" \
+    "https://s3-$VAGRANT_S3AUTH_REGION_NONSTANDARD.amazonaws.com/$VAGRANT_S3AUTH_REGION_NONSTANDARD.$VAGRANT_S3AUTH_BUCKET/$VAGRANT_S3AUTH_BOX_BASE.box"
+}
+
+@test "simple box with shorthand nonstandard url" {
+  bundle exec vagrant box add \
+    --name "$VAGRANT_S3AUTH_BOX_BASE" \
+    "s3://$VAGRANT_S3AUTH_REGION_NONSTANDARD.$VAGRANT_S3AUTH_BUCKET/$VAGRANT_S3AUTH_BOX_BASE.box"
+}
+
+@test "metadata box with full standard url" {
+  bundle exec vagrant box add \
+    --name "vagrant-s3auth/$VAGRANT_S3AUTH_BOX_BASE" \
+    "https://s3.amazonaws.com/us-east-1.$VAGRANT_S3AUTH_BUCKET/$VAGRANT_S3AUTH_BOX_BASE"
+}
+
+@test "metadata box with shorthand standard url" {
+  bundle exec vagrant box add \
+    --name "vagrant-s3auth/$VAGRANT_S3AUTH_BOX_BASE" \
+    "s3://us-east-1.$VAGRANT_S3AUTH_BUCKET/$VAGRANT_S3AUTH_BOX_BASE"
+}
+
+@test "metadata box with full nonstandard url" {
+  bundle exec vagrant box add \
+    --name "vagrant-s3auth/$VAGRANT_S3AUTH_BOX_BASE" \
+    "https://s3-$VAGRANT_S3AUTH_REGION_NONSTANDARD.amazonaws.com/$VAGRANT_S3AUTH_REGION_NONSTANDARD.$VAGRANT_S3AUTH_BUCKET/$VAGRANT_S3AUTH_BOX_BASE"
+}
+
+@test "metadata box with shorthand nonstandard url" {
+  bundle exec vagrant box add \
+    --name "vagrant-s3auth/$VAGRANT_S3AUTH_BOX_BASE" \
+    "s3://$VAGRANT_S3AUTH_REGION_NONSTANDARD.$VAGRANT_S3AUTH_BUCKET/$VAGRANT_S3AUTH_BOX_BASE"
+}
+
+@test "garbage shorthand url" {
+  run bundle exec vagrant box add --name "$VAGRANT_S3AUTH_BOX_BASE" s3://smoogedydoop
+  [[ "$status" -eq 1 ]]
+  [[ "$output" == *"Malformed shorthand S3 box URL"* ]]
+}
+
+@test "garbage full url" {
+  run bundle exec vagrant box add --name "$VAGRANT_S3AUTH_BOX_BASE" https://smoogedydoop
+  [[ "$status" -eq 1 ]]
+  echo "$output"
+  [[ "$output" == *"error occurred while downloading the remote file"* ]]
+}

data/test/setup.rb

@@ -0,0 +1,33 @@
+#!/usr/bin/env ruby
+
+require 'bundler/setup'
+require 'aws'
+
+require_relative 'support'
+
+ROOT = Pathname.new(File.dirname(__FILE__))
+
+box_urls = [REGION_STANDARD, REGION_NONSTANDARD].map do |region|
+  s3 = AWS::S3.new(region: region)
+  bucket = s3.buckets.create("#{region}.#{BUCKET}")
+
+  box = bucket.objects["#{BOX_BASE}.box"]
+  box.write(ROOT + Pathname.new("box/#{BOX_BASE}.box"))
+  box.public_url
+
+  metadata_string = File.read(ROOT + Pathname.new("box/#{BOX_BASE}")) % {
+    box_url: box.public_url
+  }
+
+  metadata = bucket.objects[BOX_BASE]
+  metadata.write(metadata_string, content_type: 'application/json')
+  metadata.acl = :public_read
+
+  box.public_url
+end
+
+atlas = Atlas.new(ATLAS_TOKEN, ATLAS_USERNAME)
+atlas.create_box(ATLAS_BOX_NAME)
+atlas.create_version(ATLAS_BOX_NAME, '1.0.1')
+atlas.create_provider(ATLAS_BOX_NAME, '1.0.1', box_urls.sample)
+atlas.release_version(ATLAS_BOX_NAME, '1.0.1')

data/test/support.rb

@@ -0,0 +1,81 @@
+require 'http'
+
+BOX_BASE = ENV['VAGRANT_S3AUTH_BOX_BASE']
+BUCKET = ENV['VAGRANT_S3AUTH_BUCKET']
+REGION_STANDARD = 'us-east-1'
+REGION_NONSTANDARD = ENV['VAGRANT_S3AUTH_REGION_NONSTANDARD']
+
+ATLAS_TOKEN = ENV['ATLAS_TOKEN']
+ATLAS_USERNAME = ENV['ATLAS_USERNAME']
+ATLAS_BOX_NAME = ENV['VAGRANT_S3AUTH_ATLAS_BOX_NAME']
+
+class Atlas
+  BASE_URL = 'https://atlas.hashicorp.com/api/v1'
+
+  BOX_CREATE_URL = "#{BASE_URL}/boxes"
+  BOX_RESOURCE_URL = "#{BASE_URL}/box/%{username}/%{box_name}"
+
+  VERSION_CREATE_URL = "#{BOX_RESOURCE_URL}/versions"
+  VERSION_RESOURCE_URL = "#{BOX_RESOURCE_URL}/version/%{version}"
+  VERSION_RELEASE_URL = "#{VERSION_RESOURCE_URL}/release"
+
+  PROVIDER_CREATE_URL = "#{VERSION_RESOURCE_URL}/providers"
+  PROVIDER_RESOURCE_URL = "#{VERSION_RESOURCE_URL}/provider/%{provider_name}"
+
+  attr_accessor :provider
+
+  def initialize(token, username)
+    raise if !token || token.empty?
+    raise if !username || username.empty?
+
+    @token = token
+    @username = username
+    @provider = 'virtualbox'
+  end
+
+  def create_box(box_name)
+    post(BOX_CREATE_URL, data: { box: { name: box_name, is_private: false } })
+  end
+
+  def delete_box(box_name)
+    url_params = { box_name: box_name }
+    delete(BOX_RESOURCE_URL, url_params: url_params)
+  end
+
+  def create_version(box_name, version)
+    post(VERSION_CREATE_URL,
+      data: { version: { version: version } },
+      url_params: { box_name: box_name })
+  end
+
+  def release_version(box_name, version)
+    put(VERSION_RELEASE_URL,
+      url_params: { box_name: box_name, version: version })
+  end
+
+  def create_provider(box_name, version, url)
+    post(PROVIDER_CREATE_URL,
+      data: { provider: { name: @provider, url: url } },
+      url_params: { box_name: box_name, version: version })
+  end
+
+  def request(method, url, options)
+    url_params = (options[:url_params] || {}).merge(username: @username)
+    data = (options[:data] || {}).merge(access_token: @token)
+
+    response = HTTP.request(method, url % url_params, json: data)
+    raise response unless response.code >= 200 && response.code < 400
+  end
+
+  def post(url, options)
+    request(:post, url, options)
+  end
+
+  def put(url, options)
+    request(:put, url, options)
+  end
+
+  def delete(url, options)
+    request(:delete, url, options)
+  end
+end

data/vagrant-s3auth.gemspec

@@ -15,6 +15,10 @@ Gem::Specification.new do |spec|
   spec.test_files    = spec.files.grep(/spec/)
   spec.require_paths = ['lib']
 
+  spec.add_dependency 'aws-sdk', '~> 1.59.1'
+
   spec.add_development_dependency 'bundler', '~> 1.5'
-  spec.add_development_dependency 'rake'
+  spec.add_development_dependency 'http', '~> 0.6.3'
+  spec.add_development_dependency 'rake', '~> 10.3.2'
+  spec.add_development_dependency 'rubocop', '~> 0.28.0'
 end

metadata

@@ -1,15 +1,29 @@
 --- !ruby/object:Gem::Specification
 name: vagrant-s3auth
 version: !ruby/object:Gem::Version
-  version: 0.1.0
+  version: 1.0.0.rc1
 platform: ruby
 authors:
 - Nikhil Benesch
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2014-06-13 00:00:00.000000000 Z
+date: 2014-12-16 00:00:00.000000000 Z
 dependencies:
+- !ruby/object:Gem::Dependency
+  name: aws-sdk
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 1.59.1
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 1.59.1
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
@@ -24,20 +38,48 @@ dependencies:
     - - ~>
       - !ruby/object:Gem::Version
         version: '1.5'
+- !ruby/object:Gem::Dependency
+  name: http
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 0.6.3
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 0.6.3
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 10.3.2
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: 10.3.2
+- !ruby/object:Gem::Dependency
+  name: rubocop
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ~>
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 0.28.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - '>='
+    - - ~>
       - !ruby/object:Gem::Version
-        version: '0'
+        version: 0.28.0
 description: 
 email:
 - benesch@whoop.com
@@ -47,21 +89,30 @@ extra_rdoc_files: []
 files:
 - .gitignore
 - .rubocop.yml
+- .ruby-version
+- .travis.yml
 - CHANGELOG.md
+- CONTRIBUTING.md
 - Gemfile
 - Gemfile.lock
 - LICENSE
 - README.md
 - Rakefile
+- TESTING.md
 - lib/vagrant-s3auth.rb
 - lib/vagrant-s3auth/errors.rb
 - lib/vagrant-s3auth/extensions.rb
-- lib/vagrant-s3auth/extensions/box_add.rb
 - lib/vagrant-s3auth/extensions/downloader.rb
 - lib/vagrant-s3auth/plugin.rb
-- lib/vagrant-s3auth/util/authenticator.rb
+- lib/vagrant-s3auth/util.rb
 - lib/vagrant-s3auth/version.rb
 - locales/en.yml
+- test/box/minimal
+- test/box/minimal.box
+- test/cleanup.rb
+- test/run.bats
+- test/setup.rb
+- test/support.rb
 - vagrant-s3auth.gemspec
 homepage: https://github.com/WhoopInc/vagrant-s3auth
 licenses:
@@ -78,9 +129,9 @@ required_ruby_version: !ruby/object:Gem::Requirement
       version: '0'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - '>='
+  - - '>'
     - !ruby/object:Gem::Version
-      version: '0'
+      version: 1.3.1
 requirements: []
 rubyforge_project: 
 rubygems_version: 2.0.14

data/lib/vagrant-s3auth/extensions/box_add.rb

@@ -1,41 +0,0 @@
-require 'uri'
-
-module Vagrant
-  module Action
-    module Builtin
-      class BoxAdd
-        def call_with_s3(env)
-          box_url = env[:box_url]
-
-          # Non-iterable box_urls are Vagrant Cloud boxes, which we don't need
-          # to handle.
-          if box_url.respond_to?(:map!)
-            box_url.map! do |url|
-              if matched = VagrantPlugins::S3Auth::BOX_URL_MATCHER.match(url)
-                @logger.info('Transforming S3 box URL: #{url}')
-                s3_url(matched[:bucket], matched[:resource])
-              else
-                @logger.info("Not transforming non-S3 box: #{url}")
-                url
-              end
-            end
-          else
-            @logger.debug('Box URL #{box_url.inspect} looks like a Vagrant "
-              Cloud box, skipping S3 transformation...')
-          end
-
-          call_without_s3(env)
-        end
-
-        def s3_url(bucket, resource)
-          URI::HTTPS.build(
-            host: VagrantPlugins::S3Auth::S3_HOST,
-            path: File.join('/', bucket, resource)).to_s
-        end
-
-        alias_method :call_without_s3, :call
-        alias_method :call, :call_with_s3
-      end
-    end
-  end
-end

data/lib/vagrant-s3auth/util/authenticator.rb

@@ -1,53 +0,0 @@
-require 'base64'
-require 'cgi'
-require 'log4r'
-require 'openssl'
-require 'uri'
-
-require 'vagrant/util/downloader'
-
-module VagrantPlugins
-  module S3Auth
-    module Util
-      class Authenticator
-        def self.sign(url, method)
-          new.sign(url, method)
-        end
-
-        def initialize
-          @access_key = ENV['AWS_ACCESS_KEY_ID']
-          @secret_key = ENV['AWS_SECRET_ACCESS_KEY']
-
-          ensure_credentials
-        end
-
-        def sign(url, method)
-          now = CGI.rfc1123_date(Time.now)
-          message = "#{method}\n\n\n#{now}\n#{url.path}"
-          signature = Base64.strict_encode64(
-            OpenSSL::HMAC.digest('sha1', @secret_key, message))
-
-          {
-            date: now,
-            authorization: "AWS #{@access_key}:#{signature}"
-          }
-        end
-
-        protected
-
-        def ensure_credentials
-          missing_variables = []
-          missing_variables << 'AWS_ACCESS_KEY_ID' unless @access_key
-          missing_variables << 'AWS_SECRET_ACCESS_KEY' unless @secret_key
-
-          # rubocop:disable Style/GuardClause
-          unless missing_variables.empty?
-            raise Errors::MissingCredentialsError,
-              missing_variables: missing_variables.join(', ')
-          end
-          # rubocop:enable Style/GuardClause
-        end
-      end
-    end
-  end
-end