vagrant-s3auth 1.0.3 → 1.1.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +24 -2
- data/Gemfile.lock +91 -75
- data/README.md +32 -5
- data/lib/vagrant-s3auth/extension/downloader.rb +23 -16
- data/lib/vagrant-s3auth/util.rb +18 -10
- data/lib/vagrant-s3auth/version.rb +1 -1
- data/locales/en.yml +7 -1
- data/test/box/public-minimal +13 -0
- data/test/box/public-minimal.box +0 -0
- data/test/cleanup.rb +3 -3
- data/test/run.bats +31 -0
- data/test/setup.rb +16 -14
- data/vagrant-s3auth.gemspec +1 -1
- metadata +6 -4
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 792627aedcb06b8fa5facb6482fb99dfd9f1c327
|
4
|
+
data.tar.gz: 0f3d32cba11d602fb6079756f8637036f20883aa
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 399ffee437d1ce9b11015bb740b169b94e1e7f74b8323c4d0c29b45bd7feeded918511ed6d80e429527e8f4170ec82be96e24c02c268d26542db76838894ce19
|
7
|
+
data.tar.gz: 90353673af0bbbcf45ac0af54d1944a10308c119a7ce01f444e87ca351cf93a5771c9a26e49dd03f9290bb696d30fa2b87f2fc1ff6dd6d43f58d383eed84365f
|
data/CHANGELOG.md
CHANGED
@@ -1,10 +1,26 @@
|
|
1
|
+
## 1.1.0
|
2
|
+
|
3
|
+
**1 June 2015**
|
4
|
+
|
5
|
+
Enhancements:
|
6
|
+
|
7
|
+
* upgrade to AWS SDK v2 ([#15])
|
8
|
+
* recommend the use of the AWS SDK's centralized credential file ([#14])
|
9
|
+
|
10
|
+
Fixes:
|
11
|
+
|
12
|
+
* allow up to ten minutes of time skew ([#16])
|
13
|
+
* try an unauthenticated download before demanding AWS credentials ([#10])
|
14
|
+
|
15
|
+
Thanks, [@kimpepper][kimpepper] and [@companykitchen-dev][companykitchen-dev]!
|
16
|
+
|
1
17
|
## 1.0.3
|
2
18
|
|
3
19
|
**10 March 2015**
|
4
20
|
|
5
21
|
Fixes:
|
6
22
|
|
7
|
-
* fix namespace collisions with [vagrant-aws][vagrant-aws] [#11]
|
23
|
+
* fix namespace collisions with [vagrant-aws][vagrant-aws] ([#11])
|
8
24
|
|
9
25
|
Thanks, [@andres-rojas][andres-rojas]!
|
10
26
|
|
@@ -15,7 +31,7 @@ Thanks, [@andres-rojas][andres-rojas]!
|
|
15
31
|
|
16
32
|
Enhancements:
|
17
33
|
|
18
|
-
* provide better error messages when S3 API requests are denied [#9]
|
34
|
+
* provide better error messages when S3 API requests are denied ([#9])
|
19
35
|
* include IAM policy recommendations in README
|
20
36
|
|
21
37
|
## 1.0.1
|
@@ -71,8 +87,14 @@ Enhancements:
|
|
71
87
|
[#1]: https://github.com/WhoopInc/vagrant-s3auth/issues/1
|
72
88
|
[#7]: https://github.com/WhoopInc/vagrant-s3auth/issues/7
|
73
89
|
[#9]: https://github.com/WhoopInc/vagrant-s3auth/issues/9
|
90
|
+
[#10]: https://github.com/WhoopInc/vagrant-s3auth/issues/10
|
74
91
|
[#11]: https://github.com/WhoopInc/vagrant-s3auth/pull/11
|
92
|
+
[#14]: https://github.com/WhoopInc/vagrant-s3auth/issues/14
|
93
|
+
[#15]: https://github.com/WhoopInc/vagrant-s3auth/issues/15
|
94
|
+
[#16]: https://github.com/WhoopInc/vagrant-s3auth/issues/16
|
75
95
|
|
76
96
|
[andres-rojas]: https://github.com/andres-rojas
|
97
|
+
[companykitchen-dev]: https://github.com/companykitchen-dev
|
98
|
+
[kimpepper]: https://github.com/kimpepper
|
77
99
|
|
78
100
|
[vagrant-aws]: https://github.com/mitchellh/vagrant-aws
|
data/Gemfile.lock
CHANGED
@@ -8,16 +8,16 @@ GIT
|
|
8
8
|
|
9
9
|
GIT
|
10
10
|
remote: git://github.com/mitchellh/vagrant.git
|
11
|
-
revision:
|
11
|
+
revision: e9b11b4ee4172dfaeca98492f5055d46d679ccd6
|
12
12
|
ref: master
|
13
13
|
specs:
|
14
|
-
vagrant (1.7.2
|
14
|
+
vagrant (1.7.2)
|
15
15
|
bundler (>= 1.5.2, < 1.8.0)
|
16
16
|
childprocess (~> 0.5.0)
|
17
17
|
erubis (~> 2.7.0)
|
18
18
|
hashicorp-checkpoint (~> 0.1.1)
|
19
|
-
i18n (
|
20
|
-
listen (~> 2.
|
19
|
+
i18n (>= 0.6.0, <= 0.8.0)
|
20
|
+
listen (~> 2.8.0)
|
21
21
|
log4r (~> 1.1.9, < 1.1.11)
|
22
22
|
net-scp (~> 1.1.0)
|
23
23
|
net-sftp (~> 2.1)
|
@@ -26,46 +26,52 @@ GIT
|
|
26
26
|
rb-kqueue (~> 0.2.0)
|
27
27
|
rest-client (>= 1.6.0, < 2.0)
|
28
28
|
wdm (~> 0.1.0)
|
29
|
-
winrm (~> 1.
|
29
|
+
winrm (~> 1.3)
|
30
|
+
winrm-fs (~> 0.2.0)
|
30
31
|
|
31
32
|
PATH
|
32
33
|
remote: .
|
33
34
|
specs:
|
34
|
-
vagrant-s3auth (1.0
|
35
|
-
aws-sdk (~>
|
35
|
+
vagrant-s3auth (1.1.0)
|
36
|
+
aws-sdk (~> 2.0.38)
|
36
37
|
|
37
38
|
GEM
|
38
39
|
remote: https://rubygems.org/
|
39
40
|
specs:
|
40
|
-
CFPropertyList (2.3.
|
41
|
-
akami (1.2.2)
|
42
|
-
gyoku (>= 0.4.0)
|
43
|
-
nokogiri
|
41
|
+
CFPropertyList (2.3.1)
|
44
42
|
ast (2.0.0)
|
45
43
|
astrolabe (1.3.0)
|
46
44
|
parser (>= 2.2.0.pre.3, < 3.0)
|
47
|
-
aws-sdk (
|
48
|
-
aws-sdk-
|
49
|
-
aws-sdk-
|
50
|
-
|
51
|
-
|
45
|
+
aws-sdk (2.0.47)
|
46
|
+
aws-sdk-resources (= 2.0.47)
|
47
|
+
aws-sdk-core (2.0.47)
|
48
|
+
builder (~> 3.0)
|
49
|
+
jmespath (~> 1.0)
|
50
|
+
multi_json (~> 1.0)
|
51
|
+
aws-sdk-resources (2.0.47)
|
52
|
+
aws-sdk-core (= 2.0.47)
|
52
53
|
builder (3.2.2)
|
53
54
|
celluloid (0.16.0)
|
54
55
|
timers (~> 4.0.0)
|
55
|
-
childprocess (0.5.
|
56
|
+
childprocess (0.5.6)
|
56
57
|
ffi (~> 1.0, >= 1.0.11)
|
58
|
+
domain_name (0.5.24)
|
59
|
+
unf (>= 0.0.5, < 1.0.0)
|
57
60
|
erubis (2.7.0)
|
58
|
-
excon (0.
|
59
|
-
ffi (1.9.
|
61
|
+
excon (0.45.3)
|
62
|
+
ffi (1.9.8)
|
60
63
|
fission (0.5.0)
|
61
64
|
CFPropertyList (~> 2.2)
|
62
|
-
fog (1.
|
65
|
+
fog (1.30.0)
|
63
66
|
fog-atmos
|
64
67
|
fog-aws (~> 0.0)
|
65
68
|
fog-brightbox (~> 0.4)
|
66
|
-
fog-core (~> 1.27, >= 1.27.
|
69
|
+
fog-core (~> 1.27, >= 1.27.4)
|
67
70
|
fog-ecloud
|
71
|
+
fog-google (>= 0.0.2)
|
68
72
|
fog-json
|
73
|
+
fog-local
|
74
|
+
fog-powerdns (>= 0.1.1)
|
69
75
|
fog-profitbricks
|
70
76
|
fog-radosgw (>= 0.0.2)
|
71
77
|
fog-riakcs
|
@@ -82,7 +88,7 @@ GEM
|
|
82
88
|
fog-atmos (0.1.0)
|
83
89
|
fog-core
|
84
90
|
fog-xml
|
85
|
-
fog-aws (0.
|
91
|
+
fog-aws (0.4.0)
|
86
92
|
fog-core (~> 1.27)
|
87
93
|
fog-json (~> 1.0)
|
88
94
|
fog-xml (~> 0.1)
|
@@ -91,23 +97,34 @@ GEM
|
|
91
97
|
fog-core (~> 1.22)
|
92
98
|
fog-json
|
93
99
|
inflecto (~> 0.0.2)
|
94
|
-
fog-core (1.
|
100
|
+
fog-core (1.30.0)
|
95
101
|
builder
|
96
|
-
excon (~> 0.
|
102
|
+
excon (~> 0.45)
|
97
103
|
formatador (~> 0.2)
|
98
104
|
mime-types
|
99
105
|
net-scp (~> 1.1)
|
100
106
|
net-ssh (>= 2.1.3)
|
101
|
-
fog-ecloud (0.
|
107
|
+
fog-ecloud (0.1.1)
|
102
108
|
fog-core
|
103
109
|
fog-xml
|
104
|
-
fog-
|
105
|
-
|
106
|
-
|
110
|
+
fog-google (0.0.5)
|
111
|
+
fog-core
|
112
|
+
fog-json
|
113
|
+
fog-xml
|
114
|
+
fog-json (1.0.2)
|
115
|
+
fog-core (~> 1.0)
|
116
|
+
multi_json (~> 1.10)
|
117
|
+
fog-local (0.2.1)
|
118
|
+
fog-core (~> 1.27)
|
119
|
+
fog-powerdns (0.1.1)
|
120
|
+
fog-core (~> 1.27)
|
121
|
+
fog-json (~> 1.0)
|
122
|
+
fog-xml (~> 0.1)
|
123
|
+
fog-profitbricks (0.0.2)
|
107
124
|
fog-core
|
108
125
|
fog-xml
|
109
126
|
nokogiri
|
110
|
-
fog-radosgw (0.0.
|
127
|
+
fog-radosgw (0.0.4)
|
111
128
|
fog-core (>= 1.21.0)
|
112
129
|
fog-json
|
113
130
|
fog-xml (>= 0.0.1)
|
@@ -115,48 +132,49 @@ GEM
|
|
115
132
|
fog-core
|
116
133
|
fog-json
|
117
134
|
fog-xml
|
118
|
-
fog-sakuracloud (1.0.
|
135
|
+
fog-sakuracloud (1.0.1)
|
119
136
|
fog-core
|
120
137
|
fog-json
|
121
|
-
fog-serverlove (0.1.
|
138
|
+
fog-serverlove (0.1.2)
|
122
139
|
fog-core
|
123
140
|
fog-json
|
124
|
-
fog-softlayer (0.4.
|
141
|
+
fog-softlayer (0.4.6)
|
125
142
|
fog-core
|
126
143
|
fog-json
|
127
|
-
fog-storm_on_demand (0.1.
|
144
|
+
fog-storm_on_demand (0.1.1)
|
128
145
|
fog-core
|
129
146
|
fog-json
|
130
|
-
fog-terremark (0.0
|
147
|
+
fog-terremark (0.1.0)
|
131
148
|
fog-core
|
132
149
|
fog-xml
|
133
|
-
fog-vmfusion (0.0
|
150
|
+
fog-vmfusion (0.1.0)
|
134
151
|
fission
|
135
152
|
fog-core
|
136
|
-
fog-voxel (0.0
|
153
|
+
fog-voxel (0.1.0)
|
137
154
|
fog-core
|
138
155
|
fog-xml
|
139
|
-
fog-xml (0.1.
|
156
|
+
fog-xml (0.1.2)
|
140
157
|
fog-core
|
141
158
|
nokogiri (~> 1.5, >= 1.5.11)
|
142
159
|
formatador (0.2.5)
|
143
|
-
gssapi (1.0
|
160
|
+
gssapi (1.2.0)
|
144
161
|
ffi (>= 1.0.1)
|
145
|
-
gyoku (1.
|
162
|
+
gyoku (1.3.1)
|
146
163
|
builder (>= 2.1.2)
|
147
164
|
hashicorp-checkpoint (0.1.4)
|
148
165
|
hitimes (1.2.2)
|
149
|
-
http (0.6.
|
166
|
+
http (0.6.4)
|
150
167
|
http_parser.rb (~> 0.6.0)
|
168
|
+
http-cookie (1.0.2)
|
169
|
+
domain_name (~> 0.5)
|
151
170
|
http_parser.rb (0.6.0)
|
152
|
-
httpclient (2.
|
153
|
-
|
154
|
-
rack
|
155
|
-
i18n (0.6.11)
|
171
|
+
httpclient (2.6.0.1)
|
172
|
+
i18n (0.7.0)
|
156
173
|
inflecto (0.0.2)
|
157
174
|
ipaddress (0.8.0)
|
158
|
-
|
159
|
-
|
175
|
+
jmespath (1.0.2)
|
176
|
+
multi_json (~> 1.0)
|
177
|
+
listen (2.8.6)
|
160
178
|
celluloid (>= 0.15.2)
|
161
179
|
rb-fsevent (>= 0.9.3)
|
162
180
|
rb-inotify (>= 0.9)
|
@@ -165,31 +183,30 @@ GEM
|
|
165
183
|
logging (1.8.2)
|
166
184
|
little-plugger (>= 1.1.3)
|
167
185
|
multi_json (>= 1.8.4)
|
168
|
-
mime-types (2.
|
186
|
+
mime-types (2.6.1)
|
169
187
|
mini_portile (0.6.0)
|
170
|
-
multi_json (1.
|
188
|
+
multi_json (1.11.0)
|
171
189
|
net-scp (1.1.2)
|
172
190
|
net-ssh (>= 2.6.5)
|
173
191
|
net-sftp (2.1.2)
|
174
192
|
net-ssh (>= 2.6.5)
|
175
|
-
net-ssh (2.9.
|
176
|
-
netrc (0.10.
|
193
|
+
net-ssh (2.9.2)
|
194
|
+
netrc (0.10.3)
|
177
195
|
nokogiri (1.6.3.1)
|
178
196
|
mini_portile (= 0.6.0)
|
179
|
-
nori (
|
180
|
-
parser (2.2.
|
197
|
+
nori (2.6.0)
|
198
|
+
parser (2.2.2.5)
|
181
199
|
ast (>= 1.1, < 3.0)
|
182
|
-
slop (~> 3.4, >= 3.4.5)
|
183
200
|
powerpack (0.0.9)
|
184
|
-
rack (1.5.2)
|
185
201
|
rainbow (2.0.0)
|
186
202
|
rake (10.3.2)
|
187
|
-
rb-fsevent (0.9.
|
203
|
+
rb-fsevent (0.9.5)
|
188
204
|
rb-inotify (0.9.5)
|
189
205
|
ffi (>= 0.5.0)
|
190
|
-
rb-kqueue (0.2.
|
206
|
+
rb-kqueue (0.2.4)
|
191
207
|
ffi (>= 0.5.0)
|
192
|
-
rest-client (1.
|
208
|
+
rest-client (1.8.0)
|
209
|
+
http-cookie (>= 1.0.2, < 2.0)
|
193
210
|
mime-types (>= 1.16, < 3.0)
|
194
211
|
netrc (~> 0.7)
|
195
212
|
rubocop (0.28.0)
|
@@ -198,31 +215,30 @@ GEM
|
|
198
215
|
powerpack (~> 0.0.6)
|
199
216
|
rainbow (>= 1.99.1, < 3.0)
|
200
217
|
ruby-progressbar (~> 1.4)
|
201
|
-
ruby-progressbar (1.7.
|
202
|
-
rubyntlm (0.
|
203
|
-
|
204
|
-
akami (~> 1.0)
|
205
|
-
builder (>= 2.1.2)
|
206
|
-
gyoku (>= 0.4.0)
|
207
|
-
httpi (~> 0.9)
|
208
|
-
nokogiri (>= 1.4.0)
|
209
|
-
nori (~> 1.0)
|
210
|
-
wasabi (~> 1.0)
|
211
|
-
slop (3.6.0)
|
218
|
+
ruby-progressbar (1.7.5)
|
219
|
+
rubyntlm (0.4.0)
|
220
|
+
rubyzip (1.1.7)
|
212
221
|
timers (4.0.1)
|
213
222
|
hitimes
|
223
|
+
unf (0.1.4)
|
224
|
+
unf_ext
|
225
|
+
unf_ext (0.0.7.1)
|
214
226
|
uuidtools (2.1.5)
|
215
|
-
wasabi (1.0.0)
|
216
|
-
nokogiri (>= 1.4.0)
|
217
227
|
wdm (0.1.0)
|
218
|
-
winrm (1.
|
219
|
-
|
228
|
+
winrm (1.3.3)
|
229
|
+
builder (>= 2.1.2)
|
230
|
+
gssapi (~> 1.2)
|
231
|
+
gyoku (~> 1.0)
|
220
232
|
httpclient (~> 2.2, >= 2.2.0.2)
|
221
233
|
logging (~> 1.6, >= 1.6.1)
|
222
|
-
|
223
|
-
rubyntlm (~> 0.
|
224
|
-
savon (= 0.9.5)
|
234
|
+
nori (~> 2.0)
|
235
|
+
rubyntlm (~> 0.4.0)
|
225
236
|
uuidtools (~> 2.1.2)
|
237
|
+
winrm-fs (0.2.0)
|
238
|
+
erubis (~> 2.7)
|
239
|
+
logging (~> 1.6, >= 1.6.1)
|
240
|
+
rubyzip (~> 1.1)
|
241
|
+
winrm (~> 1.3.0)
|
226
242
|
|
227
243
|
PLATFORMS
|
228
244
|
ruby
|
data/README.md
CHANGED
@@ -51,13 +51,33 @@ end
|
|
51
51
|
AWS credentials are read from the standard environment variables
|
52
52
|
`AWS_ACCESS_KEY_ID` and `AWS_SECRET_ACCESS_KEY`.
|
53
53
|
|
54
|
-
|
55
|
-
|
54
|
+
You may find it more convenient to use the
|
55
|
+
[centralized credential file][aws-cred-file] to create a credential
|
56
|
+
profile. Select the appropriate profile using the `AWS_PROFILE`
|
57
|
+
environment variable. For example:
|
58
|
+
|
59
|
+
```ini
|
60
|
+
# ~/.aws/credentials
|
61
|
+
|
62
|
+
[vagrant-s3auth]
|
63
|
+
aws_access_key_id = AKIA...
|
64
|
+
aws_secret_access_key = ...
|
65
|
+
```
|
56
66
|
|
57
67
|
```ruby
|
58
|
-
|
59
|
-
|
60
|
-
ENV['
|
68
|
+
# Vagrantfile
|
69
|
+
|
70
|
+
ENV['AWS_PROFILE'] = 'vagrant-s3auth'
|
71
|
+
|
72
|
+
Vagrant.configure("2") { |config| ... }
|
73
|
+
```
|
74
|
+
|
75
|
+
Alternatively, you can write some Ruby to set the access key directly:
|
76
|
+
|
77
|
+
```ruby
|
78
|
+
access_key, secret_key = whizbang_inc_api.fetch_api_creds()
|
79
|
+
ENV['AWS_ACCESS_KEY_ID'] = access_key
|
80
|
+
ENV['AWS_SECRET_ACCESS_KEY'] = secret_key
|
61
81
|
```
|
62
82
|
|
63
83
|
##### IAM configuration
|
@@ -198,6 +218,12 @@ Within your metadata JSON, be sure to use [supported S3 URLs](#s3-urls).
|
|
198
218
|
Note that the metadata itself doesn't need to be hosted on S3. Any metadata that
|
199
219
|
points to a supported S3 URL will result in an authenticated request.
|
200
220
|
|
221
|
+
**IMPORTANT:** Your metadata *must* be served with `Content-Type: application/json`
|
222
|
+
or Vagrant will not recognize it as metadata! Most S3 uploader tools (and most
|
223
|
+
webservers) will *not* automatically set the `Content-Type` header when the file
|
224
|
+
extension is not `.json`. Consult your tool's documentation for instructions on
|
225
|
+
manually setting the content type.
|
226
|
+
|
201
227
|
## Auto-install
|
202
228
|
|
203
229
|
The beauty of Vagrant is the magic of "`vagrant up` and done." Making your users
|
@@ -217,6 +243,7 @@ end
|
|
217
243
|
```
|
218
244
|
|
219
245
|
[aws-403-404]: https://forums.aws.amazon.com/thread.jspa?threadID=56531#jive-message-210346
|
246
|
+
[aws-cred-file]: http://blogs.aws.amazon.com/security/post/Tx3D6U6WSFGOK2H/A-New-and-Standardized-Way-to-Manage-Credentials-in-the-AWS-SDKs
|
220
247
|
[aws-s3-iam]: http://blogs.aws.amazon.com/security/post/Tx3VRSWZ6B3SHAV/Writing-IAM-Policies-How-to-grant-access-to-an-Amazon-S3-bucket
|
221
248
|
[aws-signed]: http://docs.aws.amazon.com/AmazonS3/latest/dev/RESTAuthentication.html#ConstructingTheAuthenticationHeader
|
222
249
|
[aws-user-policy]: http://docs.aws.amazon.com/AmazonS3/latest/dev/example-policies-s3.html
|
@@ -8,25 +8,26 @@ S3Auth = VagrantPlugins::S3Auth
|
|
8
8
|
module Vagrant
|
9
9
|
module Util
|
10
10
|
class Downloader
|
11
|
-
def
|
11
|
+
def s3auth_download(options, subprocess_options, &data_proc)
|
12
12
|
# The URL sent to curl is always the last argument. We have to rely
|
13
13
|
# on this implementation detail because we need to hook into both
|
14
14
|
# HEAD and GET requests.
|
15
15
|
url = options.last
|
16
16
|
|
17
|
-
|
18
|
-
|
19
|
-
@logger.debug("s3auth: Bucket: #{s3_object.bucket.name.inspect}")
|
20
|
-
@logger.debug("s3auth: Key: #{s3_object.key.inspect}")
|
17
|
+
s3_object = S3Auth::Util.s3_object_for(url)
|
18
|
+
return unless s3_object
|
21
19
|
|
22
|
-
|
20
|
+
@logger.info("s3auth: Discovered S3 URL: #{@source}")
|
21
|
+
@logger.debug("s3auth: Bucket: #{s3_object.bucket.name.inspect}")
|
22
|
+
@logger.debug("s3auth: Key: #{s3_object.key.inspect}")
|
23
23
|
|
24
|
-
|
24
|
+
method = options.any? { |o| o == '-I' } ? :head : :get
|
25
25
|
|
26
|
-
|
27
|
-
|
26
|
+
@logger.info("s3auth: Generating signed URL for #{method.upcase}")
|
27
|
+
|
28
|
+
url.replace(S3Auth::Util.s3_url_for(method, s3_object).to_s)
|
28
29
|
|
29
|
-
|
30
|
+
execute_curl_without_s3auth(options, subprocess_options, &data_proc)
|
30
31
|
rescue Errors::DownloaderError => e
|
31
32
|
if e.message =~ /403 Forbidden/
|
32
33
|
e.message << "\n\n"
|
@@ -35,14 +36,20 @@ module Vagrant
|
|
35
36
|
bucket: s3_object && s3_object.bucket.name)
|
36
37
|
end
|
37
38
|
raise
|
38
|
-
rescue ::
|
39
|
-
raise
|
40
|
-
rescue ::
|
41
|
-
raise
|
39
|
+
rescue ::Aws::Errors::MissingCredentialsError
|
40
|
+
raise S3Auth::Errors::MissingCredentialsError
|
41
|
+
rescue ::Aws::Errors::ServiceError => e
|
42
|
+
raise S3Auth::Errors::S3APIError, error: e
|
43
|
+
end
|
44
|
+
|
45
|
+
def execute_curl_with_s3auth(options, subprocess_options, &data_proc)
|
46
|
+
execute_curl_without_s3auth(options, subprocess_options, &data_proc)
|
47
|
+
rescue Errors::DownloaderError => e
|
48
|
+
s3auth_download(options, subprocess_options, &data_proc) || (raise e)
|
42
49
|
end
|
43
50
|
|
44
|
-
alias_method :
|
45
|
-
alias_method :execute_curl, :
|
51
|
+
alias_method :execute_curl_without_s3auth, :execute_curl
|
52
|
+
alias_method :execute_curl, :execute_curl_with_s3auth
|
46
53
|
end
|
47
54
|
end
|
48
55
|
end
|
data/lib/vagrant-s3auth/util.rb
CHANGED
@@ -1,4 +1,4 @@
|
|
1
|
-
require 'aws'
|
1
|
+
require 'aws-sdk'
|
2
2
|
require 'log4r'
|
3
3
|
require 'net/http'
|
4
4
|
require 'uri'
|
@@ -8,11 +8,21 @@ module VagrantPlugins
|
|
8
8
|
module Util
|
9
9
|
S3_HOST_MATCHER = /^((?<bucket>[[:alnum:]\-\.]+).)?s3([[:alnum:]\-\.]+)?\.amazonaws\.com$/
|
10
10
|
|
11
|
+
DEFAULT_REGION = 'us-east-1'
|
12
|
+
|
11
13
|
LOCATION_TO_REGION = Hash.new { |_, key| key }.merge(
|
12
|
-
|
14
|
+
'' => DEFAULT_REGION,
|
13
15
|
'EU' => 'eu-west-1'
|
14
16
|
)
|
15
17
|
|
18
|
+
def self.s3_client(region = DEFAULT_REGION)
|
19
|
+
::Aws::S3::Client.new(region: region)
|
20
|
+
end
|
21
|
+
|
22
|
+
def self.s3_resource(region = DEFAULT_REGION)
|
23
|
+
::Aws::S3::Resource.new(client: s3_client(region))
|
24
|
+
end
|
25
|
+
|
16
26
|
def self.s3_object_for(url, follow_redirect = true)
|
17
27
|
url = URI(url)
|
18
28
|
|
@@ -27,8 +37,7 @@ module VagrantPlugins
|
|
27
37
|
end
|
28
38
|
|
29
39
|
if bucket && key
|
30
|
-
|
31
|
-
.buckets[bucket].objects[key]
|
40
|
+
s3_resource(get_bucket_region(bucket)).bucket(bucket).object(key)
|
32
41
|
elsif follow_redirect
|
33
42
|
response = Net::HTTP.get_response(url) rescue nil
|
34
43
|
if response.is_a?(Net::HTTPRedirection)
|
@@ -38,15 +47,14 @@ module VagrantPlugins
|
|
38
47
|
end
|
39
48
|
|
40
49
|
def self.s3_url_for(method, s3_object)
|
41
|
-
s3_object.
|
42
|
-
expires: 10,
|
43
|
-
signature_version: :v4,
|
44
|
-
force_path_style: true)
|
50
|
+
s3_object.presigned_url(method, expires_in: 60 * 10)
|
45
51
|
end
|
46
52
|
|
47
53
|
def self.get_bucket_region(bucket)
|
48
|
-
LOCATION_TO_REGION[
|
49
|
-
|
54
|
+
LOCATION_TO_REGION[
|
55
|
+
s3_client.get_bucket_location(bucket: bucket).location_constraint
|
56
|
+
]
|
57
|
+
rescue ::Aws::S3::Errors::AccessDenied
|
50
58
|
raise Errors::BucketLocationAccessDeniedError,
|
51
59
|
bucket: bucket,
|
52
60
|
access_key: ENV['AWS_ACCESS_KEY_ID']
|
data/locales/en.yml
CHANGED
@@ -2,7 +2,7 @@ en:
|
|
2
2
|
vagrant_s3auth:
|
3
3
|
errors:
|
4
4
|
missing_credentials: |-
|
5
|
-
Unable to
|
5
|
+
Unable to find AWS credentials.
|
6
6
|
|
7
7
|
Ensure the following variables are set in your environment, or set
|
8
8
|
them at the top of your Vagrantfile:
|
@@ -10,6 +10,12 @@ en:
|
|
10
10
|
AWS_ACCESS_KEY_ID
|
11
11
|
AWS_SECRET_ACCESS_KEY
|
12
12
|
|
13
|
+
Alternatively, you can create a credential profile and set the
|
14
|
+
|
15
|
+
AWS_PROFILE
|
16
|
+
|
17
|
+
environment variable. Consult the documentation for details.
|
18
|
+
|
13
19
|
malformed_shorthand_url: |-
|
14
20
|
Malformed shorthand S3 box URL:
|
15
21
|
|
@@ -0,0 +1,13 @@
|
|
1
|
+
{
|
2
|
+
"name": "vagrant-s3auth/public-minimal",
|
3
|
+
"description": "This box contains no company secrets.",
|
4
|
+
"versions": [{
|
5
|
+
"version": "1.0.1",
|
6
|
+
"providers": [{
|
7
|
+
"name": "virtualbox",
|
8
|
+
"url": "%{box_url}",
|
9
|
+
"checksum_type": "sha1",
|
10
|
+
"checksum": "8ea536dd3092cf159f02405edd44ded5b62ba4e6"
|
11
|
+
}]
|
12
|
+
}]
|
13
|
+
}
|
Binary file
|
data/test/cleanup.rb
CHANGED
@@ -1,13 +1,13 @@
|
|
1
1
|
#!/usr/bin/env ruby
|
2
2
|
|
3
3
|
require 'bundler/setup'
|
4
|
-
require 'aws'
|
4
|
+
require 'aws-sdk'
|
5
5
|
|
6
6
|
require_relative 'support'
|
7
7
|
|
8
8
|
[REGION_STANDARD, REGION_NONSTANDARD].each do |region|
|
9
|
-
s3 =
|
10
|
-
bucket = s3.
|
9
|
+
s3 = Aws::S3::Resource.new(region: region)
|
10
|
+
bucket = s3.bucket("#{region}.#{BUCKET}")
|
11
11
|
bucket.delete! if bucket.exists?
|
12
12
|
end
|
13
13
|
|
data/test/run.bats
CHANGED
@@ -23,7 +23,9 @@ fi
|
|
23
23
|
|
24
24
|
teardown() {
|
25
25
|
bundle exec vagrant box remove "$VAGRANT_S3AUTH_BOX_BASE" > /dev/null 2>&1 || true
|
26
|
+
bundle exec vagrant box remove "public-$VAGRANT_S3AUTH_BOX_BASE" > /dev/null 2>&1 || true
|
26
27
|
bundle exec vagrant box remove "vagrant-s3auth/$VAGRANT_S3AUTH_BOX_BASE" > /dev/null 2>&1 || true
|
28
|
+
bundle exec vagrant box remove "vagrant-s3auth/public-$VAGRANT_S3AUTH_BOX_BASE" > /dev/null 2>&1 || true
|
27
29
|
bundle exec vagrant box remove "$ATLAS_USERNAME/$VAGRANT_S3AUTH_ATLAS_BOX_NAME" > /dev/null 2>&1 || true
|
28
30
|
}
|
29
31
|
|
@@ -37,6 +39,13 @@ teardown() {
|
|
37
39
|
"https://s3.amazonaws.com/us-east-1.$VAGRANT_S3AUTH_BUCKET/$VAGRANT_S3AUTH_BOX_BASE.box"
|
38
40
|
}
|
39
41
|
|
42
|
+
@test "public simple box with full path standard url without credentials" {
|
43
|
+
AWS_ACCESS_KEY_ID= \
|
44
|
+
bundle exec vagrant box add \
|
45
|
+
--name "$VAGRANT_S3AUTH_BOX_BASE" \
|
46
|
+
"https://s3.amazonaws.com/us-east-1.$VAGRANT_S3AUTH_BUCKET/public-$VAGRANT_S3AUTH_BOX_BASE.box"
|
47
|
+
}
|
48
|
+
|
40
49
|
@test "simple box with full host standard url" {
|
41
50
|
bundle exec vagrant box add \
|
42
51
|
--name "$VAGRANT_S3AUTH_BOX_BASE" \
|
@@ -55,6 +64,13 @@ teardown() {
|
|
55
64
|
"https://s3-$VAGRANT_S3AUTH_REGION_NONSTANDARD.amazonaws.com/$VAGRANT_S3AUTH_REGION_NONSTANDARD.$VAGRANT_S3AUTH_BUCKET/$VAGRANT_S3AUTH_BOX_BASE.box"
|
56
65
|
}
|
57
66
|
|
67
|
+
@test "public simple box with full path nonstandard url without credentials" {
|
68
|
+
AWS_ACCESS_KEY_ID= \
|
69
|
+
bundle exec vagrant box add \
|
70
|
+
--name "$VAGRANT_S3AUTH_BOX_BASE" \
|
71
|
+
"https://s3-$VAGRANT_S3AUTH_REGION_NONSTANDARD.amazonaws.com/$VAGRANT_S3AUTH_REGION_NONSTANDARD.$VAGRANT_S3AUTH_BUCKET/public-$VAGRANT_S3AUTH_BOX_BASE.box"
|
72
|
+
}
|
73
|
+
|
58
74
|
@test "simple box with full host nonstandard url" {
|
59
75
|
bundle exec vagrant box add \
|
60
76
|
--name "$VAGRANT_S3AUTH_BOX_BASE" \
|
@@ -73,6 +89,13 @@ teardown() {
|
|
73
89
|
"https://s3.amazonaws.com/us-east-1.$VAGRANT_S3AUTH_BUCKET/$VAGRANT_S3AUTH_BOX_BASE"
|
74
90
|
}
|
75
91
|
|
92
|
+
@test "public metadata box with full path standard url without credentials" {
|
93
|
+
AWS_ACCESS_KEY_ID= \
|
94
|
+
bundle exec vagrant box add \
|
95
|
+
--name "vagrant-s3auth/public-$VAGRANT_S3AUTH_BOX_BASE" \
|
96
|
+
"https://s3.amazonaws.com/us-east-1.$VAGRANT_S3AUTH_BUCKET/public-$VAGRANT_S3AUTH_BOX_BASE"
|
97
|
+
}
|
98
|
+
|
76
99
|
@test "metadata box with full host standard url" {
|
77
100
|
bundle exec vagrant box add \
|
78
101
|
--name "vagrant-s3auth/$VAGRANT_S3AUTH_BOX_BASE" \
|
@@ -91,6 +114,14 @@ teardown() {
|
|
91
114
|
"https://s3-$VAGRANT_S3AUTH_REGION_NONSTANDARD.amazonaws.com/$VAGRANT_S3AUTH_REGION_NONSTANDARD.$VAGRANT_S3AUTH_BUCKET/$VAGRANT_S3AUTH_BOX_BASE"
|
92
115
|
}
|
93
116
|
|
117
|
+
@test "public metadata box with full path nonstandard url without credentials" {
|
118
|
+
AWS_ACCESS_KEY_ID= \
|
119
|
+
bundle exec vagrant box add \
|
120
|
+
--name "vagrant-s3auth/public-$VAGRANT_S3AUTH_BOX_BASE" \
|
121
|
+
"https://s3-$VAGRANT_S3AUTH_REGION_NONSTANDARD.amazonaws.com/$VAGRANT_S3AUTH_REGION_NONSTANDARD.$VAGRANT_S3AUTH_BUCKET/public-$VAGRANT_S3AUTH_BOX_BASE"
|
122
|
+
}
|
123
|
+
|
124
|
+
|
94
125
|
@test "metadata box with full host nonstandard url" {
|
95
126
|
bundle exec vagrant box add \
|
96
127
|
--name "vagrant-s3auth/$VAGRANT_S3AUTH_BOX_BASE" \
|
data/test/setup.rb
CHANGED
@@ -1,29 +1,31 @@
|
|
1
1
|
#!/usr/bin/env ruby
|
2
2
|
|
3
3
|
require 'bundler/setup'
|
4
|
-
require 'aws'
|
4
|
+
require 'aws-sdk'
|
5
5
|
|
6
6
|
require_relative 'support'
|
7
7
|
|
8
8
|
ROOT = Pathname.new(File.dirname(__FILE__))
|
9
9
|
|
10
|
-
box_urls = [REGION_STANDARD, REGION_NONSTANDARD].
|
11
|
-
s3 =
|
12
|
-
bucket = s3.
|
10
|
+
box_urls = [REGION_STANDARD, REGION_NONSTANDARD].flat_map do |region|
|
11
|
+
s3 = Aws::S3::Resource.new(region: region)
|
12
|
+
bucket = s3.create_bucket(bucket: "#{region}.#{BUCKET}")
|
13
13
|
|
14
|
-
|
15
|
-
|
16
|
-
|
14
|
+
[BOX_BASE, 'public-' + BOX_BASE].flat_map do |box_name|
|
15
|
+
box = bucket.object("#{box_name}.box")
|
16
|
+
box.upload_file(ROOT + Pathname.new("box/#{box_name}.box"))
|
17
|
+
box.acl.put(acl: 'public-read') if box_name.start_with?('public')
|
17
18
|
|
18
|
-
|
19
|
-
|
20
|
-
|
19
|
+
metadata_string = File.read(ROOT + Pathname.new("box/#{box_name}")) % {
|
20
|
+
box_url: box.public_url
|
21
|
+
}
|
21
22
|
|
22
|
-
|
23
|
-
|
24
|
-
|
23
|
+
metadata = bucket.object(box_name)
|
24
|
+
metadata.put(body: metadata_string, content_type: 'application/json')
|
25
|
+
metadata.acl.put(acl: 'public-read') if box_name.start_with?('public')
|
25
26
|
|
26
|
-
|
27
|
+
box.public_url
|
28
|
+
end
|
27
29
|
end
|
28
30
|
|
29
31
|
atlas = Atlas.new(ATLAS_TOKEN, ATLAS_USERNAME)
|
data/vagrant-s3auth.gemspec
CHANGED
@@ -15,7 +15,7 @@ Gem::Specification.new do |spec|
|
|
15
15
|
spec.test_files = spec.files.grep(/spec/)
|
16
16
|
spec.require_paths = ['lib']
|
17
17
|
|
18
|
-
spec.add_dependency 'aws-sdk', '~>
|
18
|
+
spec.add_dependency 'aws-sdk', '~> 2.0.38'
|
19
19
|
|
20
20
|
spec.add_development_dependency 'bundler', '~> 1.5'
|
21
21
|
spec.add_development_dependency 'http', '~> 0.6.3'
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: vagrant-s3auth
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.0
|
4
|
+
version: 1.1.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Nikhil Benesch
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2015-
|
11
|
+
date: 2015-06-01 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: aws-sdk
|
@@ -16,14 +16,14 @@ dependencies:
|
|
16
16
|
requirements:
|
17
17
|
- - "~>"
|
18
18
|
- !ruby/object:Gem::Version
|
19
|
-
version:
|
19
|
+
version: 2.0.38
|
20
20
|
type: :runtime
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
24
|
- - "~>"
|
25
25
|
- !ruby/object:Gem::Version
|
26
|
-
version:
|
26
|
+
version: 2.0.38
|
27
27
|
- !ruby/object:Gem::Dependency
|
28
28
|
name: bundler
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
@@ -108,6 +108,8 @@ files:
|
|
108
108
|
- locales/en.yml
|
109
109
|
- test/box/minimal
|
110
110
|
- test/box/minimal.box
|
111
|
+
- test/box/public-minimal
|
112
|
+
- test/box/public-minimal.box
|
111
113
|
- test/cleanup.rb
|
112
114
|
- test/run.bats
|
113
115
|
- test/setup.rb
|