vagrant-s3auth 1.1.0 → 1.2.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +22 -0
- data/Gemfile.lock +25 -22
- data/README.md +9 -1
- data/lib/vagrant-s3auth/extension/downloader.rb +21 -1
- data/lib/vagrant-s3auth/util.rb +22 -3
- data/lib/vagrant-s3auth/version.rb +1 -1
- data/locales/en.yml +11 -12
- data/vagrant-s3auth.gemspec +4 -4
- metadata +10 -10
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 5a13ed72a2dc87181ab1e328e3fe52782d149788
|
4
|
+
data.tar.gz: 86307061db0770afccf7394997e7023944f04b91
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 893a0878cc5f12ff5dd4fb6df47a54f42c0674f226c48f624f4c61b827f75980d165930d33ce432141999ab28c2c5bbe618ec7bfbc473ed8d4683872020772d9
|
7
|
+
data.tar.gz: 3f85ee22e9d9aa93243d878eb098708e36e1a5393678d7c42a2ff0396e950d7c11c109fd5252a15f27c31358ccf0c0dad9b4f493747f52438c73e7a716a50212
|
data/CHANGELOG.md
CHANGED
@@ -1,3 +1,23 @@
|
|
1
|
+
## 1.2.0
|
2
|
+
|
3
|
+
**20 August 2015**
|
4
|
+
|
5
|
+
Enhancements:
|
6
|
+
|
7
|
+
* output the discovered AWS access key and its source (environment variable or
|
8
|
+
profile) when downloading an authenticated S3 box ([#21])
|
9
|
+
|
10
|
+
Thanks, [@Daemoen][Daemoen]!
|
11
|
+
|
12
|
+
## 1.1.1
|
13
|
+
|
14
|
+
**6 August 2015**
|
15
|
+
|
16
|
+
Enhancements:
|
17
|
+
|
18
|
+
* bump dependencies to latest patch versions and dev dependencies to latest
|
19
|
+
versions
|
20
|
+
|
1
21
|
## 1.1.0
|
2
22
|
|
3
23
|
**1 June 2015**
|
@@ -92,7 +112,9 @@ Enhancements:
|
|
92
112
|
[#14]: https://github.com/WhoopInc/vagrant-s3auth/issues/14
|
93
113
|
[#15]: https://github.com/WhoopInc/vagrant-s3auth/issues/15
|
94
114
|
[#16]: https://github.com/WhoopInc/vagrant-s3auth/issues/16
|
115
|
+
[#21]: https://github.com/WhoopInc/vagrant-s3auth/issues/21
|
95
116
|
|
117
|
+
[Daemoen]: https://github.com/Daemoen
|
96
118
|
[andres-rojas]: https://github.com/andres-rojas
|
97
119
|
[companykitchen-dev]: https://github.com/companykitchen-dev
|
98
120
|
[kimpepper]: https://github.com/kimpepper
|
data/Gemfile.lock
CHANGED
@@ -32,24 +32,23 @@ GIT
|
|
32
32
|
PATH
|
33
33
|
remote: .
|
34
34
|
specs:
|
35
|
-
vagrant-s3auth (1.
|
36
|
-
aws-sdk (~> 2.
|
35
|
+
vagrant-s3auth (1.2.0)
|
36
|
+
aws-sdk (~> 2.1.13)
|
37
37
|
|
38
38
|
GEM
|
39
39
|
remote: https://rubygems.org/
|
40
40
|
specs:
|
41
41
|
CFPropertyList (2.3.1)
|
42
|
-
|
43
|
-
|
44
|
-
|
45
|
-
|
46
|
-
|
47
|
-
|
48
|
-
|
42
|
+
addressable (2.3.8)
|
43
|
+
ast (2.1.0)
|
44
|
+
astrolabe (1.3.1)
|
45
|
+
parser (~> 2.2)
|
46
|
+
aws-sdk (2.1.13)
|
47
|
+
aws-sdk-resources (= 2.1.13)
|
48
|
+
aws-sdk-core (2.1.13)
|
49
49
|
jmespath (~> 1.0)
|
50
|
-
|
51
|
-
|
52
|
-
aws-sdk-core (= 2.0.47)
|
50
|
+
aws-sdk-resources (2.1.13)
|
51
|
+
aws-sdk-core (= 2.1.13)
|
53
52
|
builder (3.2.2)
|
54
53
|
celluloid (0.16.0)
|
55
54
|
timers (~> 4.0.0)
|
@@ -163,10 +162,14 @@ GEM
|
|
163
162
|
builder (>= 2.1.2)
|
164
163
|
hashicorp-checkpoint (0.1.4)
|
165
164
|
hitimes (1.2.2)
|
166
|
-
http (0.
|
165
|
+
http (0.9.0)
|
166
|
+
addressable (~> 2.3)
|
167
|
+
http-cookie (~> 1.0)
|
168
|
+
http-form_data (~> 1.0.1)
|
167
169
|
http_parser.rb (~> 0.6.0)
|
168
170
|
http-cookie (1.0.2)
|
169
171
|
domain_name (~> 0.5)
|
172
|
+
http-form_data (1.0.1)
|
170
173
|
http_parser.rb (0.6.0)
|
171
174
|
httpclient (2.6.0.1)
|
172
175
|
i18n (0.7.0)
|
@@ -195,11 +198,11 @@ GEM
|
|
195
198
|
nokogiri (1.6.3.1)
|
196
199
|
mini_portile (= 0.6.0)
|
197
200
|
nori (2.6.0)
|
198
|
-
parser (2.2.2.
|
201
|
+
parser (2.2.2.6)
|
199
202
|
ast (>= 1.1, < 3.0)
|
200
|
-
powerpack (0.
|
203
|
+
powerpack (0.1.1)
|
201
204
|
rainbow (2.0.0)
|
202
|
-
rake (10.
|
205
|
+
rake (10.4.2)
|
203
206
|
rb-fsevent (0.9.5)
|
204
207
|
rb-inotify (0.9.5)
|
205
208
|
ffi (>= 0.5.0)
|
@@ -209,10 +212,10 @@ GEM
|
|
209
212
|
http-cookie (>= 1.0.2, < 2.0)
|
210
213
|
mime-types (>= 1.16, < 3.0)
|
211
214
|
netrc (~> 0.7)
|
212
|
-
rubocop (0.
|
215
|
+
rubocop (0.33.0)
|
213
216
|
astrolabe (~> 1.3)
|
214
|
-
parser (>= 2.2.
|
215
|
-
powerpack (~> 0.
|
217
|
+
parser (>= 2.2.2.5, < 3.0)
|
218
|
+
powerpack (~> 0.1)
|
216
219
|
rainbow (>= 1.99.1, < 3.0)
|
217
220
|
ruby-progressbar (~> 1.4)
|
218
221
|
ruby-progressbar (1.7.5)
|
@@ -245,9 +248,9 @@ PLATFORMS
|
|
245
248
|
|
246
249
|
DEPENDENCIES
|
247
250
|
bundler (~> 1.5)
|
248
|
-
http (~> 0.
|
249
|
-
rake (~> 10.
|
250
|
-
rubocop (~> 0.
|
251
|
+
http (~> 0.9.0)
|
252
|
+
rake (~> 10.4.2)
|
253
|
+
rubocop (~> 0.33.0)
|
251
254
|
vagrant!
|
252
255
|
vagrant-aws!
|
253
256
|
vagrant-s3auth!
|
data/README.md
CHANGED
@@ -67,12 +67,15 @@ aws_secret_access_key = ...
|
|
67
67
|
```ruby
|
68
68
|
# Vagrantfile
|
69
69
|
|
70
|
+
ENV.delete_if { |name| name.start_with?('AWS_') } # Filter out rogue env vars.
|
70
71
|
ENV['AWS_PROFILE'] = 'vagrant-s3auth'
|
71
72
|
|
72
73
|
Vagrant.configure("2") { |config| ... }
|
73
74
|
```
|
74
75
|
|
75
|
-
|
76
|
+
**CAUTION:** If `AWS_ACCESS_KEY_ID` exists in your environment, it will
|
77
|
+
take precedence over `AWS_PROFILE`! Either take care to filter rogue
|
78
|
+
environment variables as above, or set the access key explicitly:
|
76
79
|
|
77
80
|
```ruby
|
78
81
|
access_key, secret_key = whizbang_inc_api.fetch_api_creds()
|
@@ -80,6 +83,11 @@ ENV['AWS_ACCESS_KEY_ID'] = access_key
|
|
80
83
|
ENV['AWS_SECRET_ACCESS_KEY'] = secret_key
|
81
84
|
```
|
82
85
|
|
86
|
+
The detected AWS access key and its source (environment variable or
|
87
|
+
profile file) will be displayed when the box is downloaded. If you use
|
88
|
+
multiple AWS credentials and see authentication errors, verify that the
|
89
|
+
correct access key was detected.
|
90
|
+
|
83
91
|
##### IAM configuration
|
84
92
|
|
85
93
|
IAM accounts will need at least the following policy:
|
@@ -8,6 +8,22 @@ S3Auth = VagrantPlugins::S3Auth
|
|
8
8
|
module Vagrant
|
9
9
|
module Util
|
10
10
|
class Downloader
|
11
|
+
def s3auth_credential_source
|
12
|
+
credential_provider = S3Auth::Util.s3_credential_provider
|
13
|
+
case credential_provider
|
14
|
+
when ::Aws::Credentials
|
15
|
+
I18n.t(
|
16
|
+
'vagrant_s3auth.downloader.env_credential_provider',
|
17
|
+
access_key: credential_provider.credentials.access_key_id,
|
18
|
+
env_var: S3Auth::Util::AWS_ACCESS_KEY_ENV_VARS.find { |k| ENV.key?(k) })
|
19
|
+
when ::Aws::SharedCredentials
|
20
|
+
I18n.t(
|
21
|
+
'vagrant_s3auth.downloader.profile_credential_provider',
|
22
|
+
access_key: credential_provider.credentials.access_key_id,
|
23
|
+
profile: credential_provider.profile_name)
|
24
|
+
end
|
25
|
+
end
|
26
|
+
|
11
27
|
def s3auth_download(options, subprocess_options, &data_proc)
|
12
28
|
# The URL sent to curl is always the last argument. We have to rely
|
13
29
|
# on this implementation detail because we need to hook into both
|
@@ -25,6 +41,8 @@ module Vagrant
|
|
25
41
|
|
26
42
|
@logger.info("s3auth: Generating signed URL for #{method.upcase}")
|
27
43
|
|
44
|
+
@ui.detail(s3auth_credential_source) if @ui
|
45
|
+
|
28
46
|
url.replace(S3Auth::Util.s3_url_for(method, s3_object).to_s)
|
29
47
|
|
30
48
|
execute_curl_without_s3auth(options, subprocess_options, &data_proc)
|
@@ -32,7 +50,6 @@ module Vagrant
|
|
32
50
|
if e.message =~ /403 Forbidden/
|
33
51
|
e.message << "\n\n"
|
34
52
|
e.message << I18n.t('vagrant_s3auth.errors.box_download_forbidden',
|
35
|
-
access_key: ENV['AWS_ACCESS_KEY_ID'],
|
36
53
|
bucket: s3_object && s3_object.bucket.name)
|
37
54
|
end
|
38
55
|
raise
|
@@ -45,6 +62,9 @@ module Vagrant
|
|
45
62
|
def execute_curl_with_s3auth(options, subprocess_options, &data_proc)
|
46
63
|
execute_curl_without_s3auth(options, subprocess_options, &data_proc)
|
47
64
|
rescue Errors::DownloaderError => e
|
65
|
+
# Ensure the progress bar from the just-failed request is cleared.
|
66
|
+
@ui.clear_line if @ui
|
67
|
+
|
48
68
|
s3auth_download(options, subprocess_options, &data_proc) || (raise e)
|
49
69
|
end
|
50
70
|
|
data/lib/vagrant-s3auth/util.rb
CHANGED
@@ -8,6 +8,14 @@ module VagrantPlugins
|
|
8
8
|
module Util
|
9
9
|
S3_HOST_MATCHER = /^((?<bucket>[[:alnum:]\-\.]+).)?s3([[:alnum:]\-\.]+)?\.amazonaws\.com$/
|
10
10
|
|
11
|
+
# The list of environment variables that the AWS Ruby SDK searches
|
12
|
+
# for access keys. Sadly, there's no better way to determine which
|
13
|
+
# environment variable the Ruby SDK is using without mirroring the
|
14
|
+
# logic ourself.
|
15
|
+
#
|
16
|
+
# See: https://github.com/aws/aws-sdk-ruby/blob/ab0eb18d0ce0a515254e207dae772864c34b048d/aws-sdk-core/lib/aws-sdk-core/credential_provider_chain.rb#L42
|
17
|
+
AWS_ACCESS_KEY_ENV_VARS = %w(AWS_ACCESS_KEY_ID AMAZON_ACCESS_KEY_ID AWS_ACCESS_KEY)
|
18
|
+
|
11
19
|
DEFAULT_REGION = 'us-east-1'
|
12
20
|
|
13
21
|
LOCATION_TO_REGION = Hash.new { |_, key| key }.merge(
|
@@ -15,6 +23,12 @@ module VagrantPlugins
|
|
15
23
|
'EU' => 'eu-west-1'
|
16
24
|
)
|
17
25
|
|
26
|
+
class NullObject
|
27
|
+
def method_missing(*)
|
28
|
+
nil
|
29
|
+
end
|
30
|
+
end
|
31
|
+
|
18
32
|
def self.s3_client(region = DEFAULT_REGION)
|
19
33
|
::Aws::S3::Client.new(region: region)
|
20
34
|
end
|
@@ -55,9 +69,14 @@ module VagrantPlugins
|
|
55
69
|
s3_client.get_bucket_location(bucket: bucket).location_constraint
|
56
70
|
]
|
57
71
|
rescue ::Aws::S3::Errors::AccessDenied
|
58
|
-
raise Errors::BucketLocationAccessDeniedError,
|
59
|
-
|
60
|
-
|
72
|
+
raise Errors::BucketLocationAccessDeniedError, bucket: bucket
|
73
|
+
end
|
74
|
+
|
75
|
+
def self.s3_credential_provider
|
76
|
+
# Providing a NullObject here is the same as instantiating a
|
77
|
+
# client without specifying a credentials config, like we do in
|
78
|
+
# `self.s3_client`.
|
79
|
+
::Aws::CredentialProviderChain.new(NullObject.new).resolve
|
61
80
|
end
|
62
81
|
end
|
63
82
|
end
|
data/locales/en.yml
CHANGED
@@ -1,5 +1,12 @@
|
|
1
1
|
en:
|
2
2
|
vagrant_s3auth:
|
3
|
+
downloader:
|
4
|
+
env_credential_provider: |-
|
5
|
+
Signing S3 request with key '%{access_key}' loaded from $%{env_var}
|
6
|
+
|
7
|
+
profile_credential_provider: |-
|
8
|
+
Signing S3 request with key '%{access_key}' loaded from profile '%{profile}'
|
9
|
+
|
3
10
|
errors:
|
4
11
|
missing_credentials: |-
|
5
12
|
Unable to find AWS credentials.
|
@@ -31,23 +38,15 @@ en:
|
|
31
38
|
bucket_location_access_denied_error: |-
|
32
39
|
Request for box's Amazon S3 region was denied.
|
33
40
|
|
34
|
-
This usually indicates that your user account
|
35
|
-
|
36
|
-
%{access_key}
|
37
|
-
|
38
|
-
is misconfigured. Ensure your IAM policy allows the "s3:GetBucketLocation"
|
39
|
-
action for your bucket:
|
41
|
+
This usually indicates that your user account is misconfigured. Ensure
|
42
|
+
your IAM policy allows the "s3:GetBucketLocation" action for your bucket:
|
40
43
|
|
41
44
|
arn:aws:s3:::%{bucket}
|
42
45
|
|
43
46
|
box_download_forbidden: |-
|
44
47
|
This box is hosted on Amazon S3. A 403 Forbidden error usually indicates
|
45
|
-
that your user account
|
46
|
-
|
47
|
-
%{access_key}
|
48
|
-
|
49
|
-
is misconfigured. Ensure your IAM policy allows the "s3:GetObject"
|
50
|
-
action for your bucket:
|
48
|
+
that your user account is misconfigured. Ensure your IAM policy allows
|
49
|
+
the "s3:GetObject" action for your bucket:
|
51
50
|
|
52
51
|
arn:aws:s3:::%{bucket}/*
|
53
52
|
|
data/vagrant-s3auth.gemspec
CHANGED
@@ -15,10 +15,10 @@ Gem::Specification.new do |spec|
|
|
15
15
|
spec.test_files = spec.files.grep(/spec/)
|
16
16
|
spec.require_paths = ['lib']
|
17
17
|
|
18
|
-
spec.add_dependency 'aws-sdk', '~> 2.
|
18
|
+
spec.add_dependency 'aws-sdk', '~> 2.1.13'
|
19
19
|
|
20
20
|
spec.add_development_dependency 'bundler', '~> 1.5'
|
21
|
-
spec.add_development_dependency 'http', '~> 0.
|
22
|
-
spec.add_development_dependency 'rake', '~> 10.
|
23
|
-
spec.add_development_dependency 'rubocop', '~> 0.
|
21
|
+
spec.add_development_dependency 'http', '~> 0.9.0'
|
22
|
+
spec.add_development_dependency 'rake', '~> 10.4.2'
|
23
|
+
spec.add_development_dependency 'rubocop', '~> 0.33.0'
|
24
24
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: vagrant-s3auth
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.
|
4
|
+
version: 1.2.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Nikhil Benesch
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2015-
|
11
|
+
date: 2015-08-21 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: aws-sdk
|
@@ -16,14 +16,14 @@ dependencies:
|
|
16
16
|
requirements:
|
17
17
|
- - "~>"
|
18
18
|
- !ruby/object:Gem::Version
|
19
|
-
version: 2.
|
19
|
+
version: 2.1.13
|
20
20
|
type: :runtime
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
24
|
- - "~>"
|
25
25
|
- !ruby/object:Gem::Version
|
26
|
-
version: 2.
|
26
|
+
version: 2.1.13
|
27
27
|
- !ruby/object:Gem::Dependency
|
28
28
|
name: bundler
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
@@ -44,42 +44,42 @@ dependencies:
|
|
44
44
|
requirements:
|
45
45
|
- - "~>"
|
46
46
|
- !ruby/object:Gem::Version
|
47
|
-
version: 0.
|
47
|
+
version: 0.9.0
|
48
48
|
type: :development
|
49
49
|
prerelease: false
|
50
50
|
version_requirements: !ruby/object:Gem::Requirement
|
51
51
|
requirements:
|
52
52
|
- - "~>"
|
53
53
|
- !ruby/object:Gem::Version
|
54
|
-
version: 0.
|
54
|
+
version: 0.9.0
|
55
55
|
- !ruby/object:Gem::Dependency
|
56
56
|
name: rake
|
57
57
|
requirement: !ruby/object:Gem::Requirement
|
58
58
|
requirements:
|
59
59
|
- - "~>"
|
60
60
|
- !ruby/object:Gem::Version
|
61
|
-
version: 10.
|
61
|
+
version: 10.4.2
|
62
62
|
type: :development
|
63
63
|
prerelease: false
|
64
64
|
version_requirements: !ruby/object:Gem::Requirement
|
65
65
|
requirements:
|
66
66
|
- - "~>"
|
67
67
|
- !ruby/object:Gem::Version
|
68
|
-
version: 10.
|
68
|
+
version: 10.4.2
|
69
69
|
- !ruby/object:Gem::Dependency
|
70
70
|
name: rubocop
|
71
71
|
requirement: !ruby/object:Gem::Requirement
|
72
72
|
requirements:
|
73
73
|
- - "~>"
|
74
74
|
- !ruby/object:Gem::Version
|
75
|
-
version: 0.
|
75
|
+
version: 0.33.0
|
76
76
|
type: :development
|
77
77
|
prerelease: false
|
78
78
|
version_requirements: !ruby/object:Gem::Requirement
|
79
79
|
requirements:
|
80
80
|
- - "~>"
|
81
81
|
- !ruby/object:Gem::Version
|
82
|
-
version: 0.
|
82
|
+
version: 0.33.0
|
83
83
|
description:
|
84
84
|
email:
|
85
85
|
- benesch@whoop.com
|