vagrant-s3auth 1.0.1 → 1.0.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.rubocop.yml +2 -2
- data/CHANGELOG.md +10 -0
- data/Gemfile.lock +1 -1
- data/README.md +29 -0
- data/lib/vagrant-s3auth/errors.rb +4 -0
- data/lib/vagrant-s3auth/extension/downloader.rb +8 -0
- data/lib/vagrant-s3auth/util.rb +4 -0
- data/lib/vagrant-s3auth/version.rb +1 -1
- data/locales/en.yml +25 -0
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: a06edc23d119892ccc9f71721ea458fc20485102
|
4
|
+
data.tar.gz: 2f402e2d249ab5db39a2e134030abd29b2d268ff
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: d8e0d925b25da57e804918b179b956e15e09c83317f2aa1cdbc2ae3d9809128430b7c1f87ca3d951d446c34ca696dc1db9dc0ac94420e0225b388bea0d4924da
|
7
|
+
data.tar.gz: 9fdf565b0630c9efcb9a4aa1f220d4b01f2a6639a65b6d7c03687570d545ba6109cee4e2488552add9a56d631c347d5ef63f555607061d05f9dffd466a74d16f
|
data/.rubocop.yml
CHANGED
@@ -2,7 +2,7 @@ Lint/AssignmentInCondition:
|
|
2
2
|
Enabled: false
|
3
3
|
|
4
4
|
Metrics/AbcSize:
|
5
|
-
Max:
|
5
|
+
Max: 40
|
6
6
|
|
7
7
|
Metrics/CyclomaticComplexity:
|
8
8
|
Max: 12
|
@@ -12,7 +12,7 @@ Metrics/LineLength:
|
|
12
12
|
|
13
13
|
Metrics/MethodLength:
|
14
14
|
CountComments: false
|
15
|
-
Max:
|
15
|
+
Max: 25
|
16
16
|
|
17
17
|
Metrics/PerceivedComplexity:
|
18
18
|
Max: 15
|
data/CHANGELOG.md
CHANGED
@@ -1,3 +1,12 @@
|
|
1
|
+
## 1.0.2
|
2
|
+
|
3
|
+
**25 December 2014**
|
4
|
+
|
5
|
+
Enhancements:
|
6
|
+
|
7
|
+
* provide better error messages when S3 API requests are denied [#9]
|
8
|
+
* include IAM policy recommendations in README
|
9
|
+
|
1
10
|
## 1.0.1
|
2
11
|
|
3
12
|
**21 December 2014**
|
@@ -50,3 +59,4 @@ Enhancements:
|
|
50
59
|
|
51
60
|
[#1]: https://github.com/WhoopInc/vagrant-s3auth/issues/1
|
52
61
|
[#7]: https://github.com/WhoopInc/vagrant-s3auth/issues/7
|
62
|
+
[#9]: https://github.com/WhoopInc/vagrant-s3auth/issues/9
|
data/Gemfile.lock
CHANGED
data/README.md
CHANGED
@@ -60,6 +60,34 @@ ENV['AWS_ACCESS_KEY_ID'] = creds[0].chomp
|
|
60
60
|
ENV['AWS_SECRET_ACCESS_KEY'] = creds[1].chomp
|
61
61
|
```
|
62
62
|
|
63
|
+
##### IAM configuration
|
64
|
+
|
65
|
+
IAM accounts will need at least the following policy:
|
66
|
+
|
67
|
+
```json
|
68
|
+
{
|
69
|
+
"Version": "2012-10-17",
|
70
|
+
"Statement": [
|
71
|
+
{
|
72
|
+
"Effect": "Allow",
|
73
|
+
"Action": "s3:GetObject",
|
74
|
+
"Resource": "arn:aws:s3:::BUCKET/*"
|
75
|
+
},
|
76
|
+
{
|
77
|
+
"Effect": "Allow",
|
78
|
+
"Action": ["s3:GetBucketLocation", "s3:ListBucket"],
|
79
|
+
"Resource": "arn:aws:s3:::BUCKET"
|
80
|
+
}
|
81
|
+
]
|
82
|
+
}
|
83
|
+
```
|
84
|
+
|
85
|
+
`s3:ListBucket` permission is not strictly necessary. vagrant-s3auth will never
|
86
|
+
make a ListBucket request, but without ListBucket permission, a misspelled box
|
87
|
+
name results in a 403 Forbidden error instead of a 404 Not Found error.
|
88
|
+
|
89
|
+
See [AWS S3 Guide: User Policy Examples][aws-user-policy] for more.
|
90
|
+
|
63
91
|
#### S3 URLs
|
64
92
|
|
65
93
|
You can use any valid HTTP(S) URL for your object:
|
@@ -188,6 +216,7 @@ end
|
|
188
216
|
|
189
217
|
|
190
218
|
[aws-signed]: http://docs.aws.amazon.com/AmazonS3/latest/dev/RESTAuthentication.html#ConstructingTheAuthenticationHeader
|
219
|
+
[aws-user-policy]: http://docs.aws.amazon.com/AmazonS3/latest/dev/example-policies-s3.html
|
191
220
|
[bucket-vhost]: http://docs.aws.amazon.com/AmazonS3/latest/dev/VirtualHosting.html#VirtualHostingExamples
|
192
221
|
[metadata-boxes]: http://docs.vagrantup.com/v2/boxes/format.html
|
193
222
|
[vagrant]: http://vagrantup.com
|
@@ -15,6 +15,10 @@ module VagrantPlugins
|
|
15
15
|
error_key(:malformed_shorthand_url)
|
16
16
|
end
|
17
17
|
|
18
|
+
class BucketLocationAccessDeniedError < VagrantS3AuthError
|
19
|
+
error_key(:bucket_location_access_denied_error)
|
20
|
+
end
|
21
|
+
|
18
22
|
class S3APIError < VagrantS3AuthError
|
19
23
|
error_key(:s3_api_error)
|
20
24
|
end
|
@@ -27,6 +27,14 @@ module Vagrant
|
|
27
27
|
end
|
28
28
|
|
29
29
|
execute_curl_without_s3(options, subprocess_options, &data_proc)
|
30
|
+
rescue Errors::DownloaderError => e
|
31
|
+
if e.message =~ /403 Forbidden/
|
32
|
+
e.message << "\n\n"
|
33
|
+
e.message << I18n.t('vagrant_s3auth.errors.box_download_forbidden',
|
34
|
+
access_key: ENV['AWS_ACCESS_KEY_ID'],
|
35
|
+
bucket: s3_object && s3_object.bucket.name)
|
36
|
+
end
|
37
|
+
raise
|
30
38
|
rescue AWS::Errors::MissingCredentialsError
|
31
39
|
raise VagrantPlugins::S3Auth::Errors::MissingCredentialsError
|
32
40
|
rescue AWS::Errors::Base => e
|
data/lib/vagrant-s3auth/util.rb
CHANGED
@@ -46,6 +46,10 @@ module VagrantPlugins
|
|
46
46
|
|
47
47
|
def self.get_bucket_region(bucket)
|
48
48
|
LOCATION_TO_REGION[AWS::S3.new.buckets[bucket].location_constraint]
|
49
|
+
rescue AWS::S3::Errors::AccessDenied
|
50
|
+
raise Errors::BucketLocationAccessDeniedError,
|
51
|
+
bucket: bucket,
|
52
|
+
access_key: ENV['AWS_ACCESS_KEY_ID']
|
49
53
|
end
|
50
54
|
end
|
51
55
|
end
|
data/locales/en.yml
CHANGED
@@ -21,3 +21,28 @@ en:
|
|
21
21
|
Unable to communicate with Amazon S3 to download box. The S3 API reports:
|
22
22
|
|
23
23
|
%{error}
|
24
|
+
|
25
|
+
bucket_location_access_denied_error: |-
|
26
|
+
Request for box's Amazon S3 region was denied.
|
27
|
+
|
28
|
+
This usually indicates that your user account with access key ID
|
29
|
+
|
30
|
+
%{access_key}
|
31
|
+
|
32
|
+
is misconfigured. Ensure your IAM policy allows the "s3:GetBucketLocation"
|
33
|
+
action for your bucket:
|
34
|
+
|
35
|
+
arn:aws:s3:::%{bucket}
|
36
|
+
|
37
|
+
box_download_forbidden: |-
|
38
|
+
This box is hosted on Amazon S3. A 403 Forbidden error usually indicates
|
39
|
+
that your user account with access key ID
|
40
|
+
|
41
|
+
%{access_key}
|
42
|
+
|
43
|
+
is misconfigured. Ensure your IAM policy allows the "s3:GetObject"
|
44
|
+
action for your bucket:
|
45
|
+
|
46
|
+
arn:aws:s3:::%{bucket}/*
|
47
|
+
|
48
|
+
It may also indicate the box does not exist, so check your spelling.
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: vagrant-s3auth
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.0.
|
4
|
+
version: 1.0.2
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Nikhil Benesch
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2014-12-
|
11
|
+
date: 2014-12-25 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: aws-sdk
|