RubyGems - vagrant-s3auth - Versions diffs - 1.1.0 → 1.2.0 - Mend

vagrant-s3auth 1.1.0 → 1.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (10) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +22 -0
data/Gemfile.lock +25 -22
data/README.md +9 -1
data/lib/vagrant-s3auth/extension/downloader.rb +21 -1
data/lib/vagrant-s3auth/util.rb +22 -3
data/lib/vagrant-s3auth/version.rb +1 -1
data/locales/en.yml +11 -12
data/vagrant-s3auth.gemspec +4 -4
metadata +10 -10

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 792627aedcb06b8fa5facb6482fb99dfd9f1c327
-  data.tar.gz: 0f3d32cba11d602fb6079756f8637036f20883aa
+  metadata.gz: 5a13ed72a2dc87181ab1e328e3fe52782d149788
+  data.tar.gz: 86307061db0770afccf7394997e7023944f04b91
 SHA512:
-  metadata.gz: 399ffee437d1ce9b11015bb740b169b94e1e7f74b8323c4d0c29b45bd7feeded918511ed6d80e429527e8f4170ec82be96e24c02c268d26542db76838894ce19
-  data.tar.gz: 90353673af0bbbcf45ac0af54d1944a10308c119a7ce01f444e87ca351cf93a5771c9a26e49dd03f9290bb696d30fa2b87f2fc1ff6dd6d43f58d383eed84365f
+  metadata.gz: 893a0878cc5f12ff5dd4fb6df47a54f42c0674f226c48f624f4c61b827f75980d165930d33ce432141999ab28c2c5bbe618ec7bfbc473ed8d4683872020772d9
+  data.tar.gz: 3f85ee22e9d9aa93243d878eb098708e36e1a5393678d7c42a2ff0396e950d7c11c109fd5252a15f27c31358ccf0c0dad9b4f493747f52438c73e7a716a50212

data/CHANGELOG.md CHANGED Viewed

@@ -1,3 +1,23 @@
+## 1.2.0
+**20 August 2015**
+Enhancements:
+* output the discovered AWS access key and its source (environment variable or
+  profile) when downloading an authenticated S3 box ([#21])
+Thanks, [@Daemoen][Daemoen]!
+## 1.1.1
+**6 August 2015**
+Enhancements:
+* bump dependencies to latest patch versions and dev dependencies to latest
+  versions
 ## 1.1.0
 **1 June 2015**
@@ -92,7 +112,9 @@ Enhancements:
 [#14]: https://github.com/WhoopInc/vagrant-s3auth/issues/14
 [#15]: https://github.com/WhoopInc/vagrant-s3auth/issues/15
 [#16]: https://github.com/WhoopInc/vagrant-s3auth/issues/16
+[#21]: https://github.com/WhoopInc/vagrant-s3auth/issues/21
+[Daemoen]: https://github.com/Daemoen
 [andres-rojas]: https://github.com/andres-rojas
 [companykitchen-dev]: https://github.com/companykitchen-dev
 [kimpepper]: https://github.com/kimpepper

data/Gemfile.lock CHANGED Viewed

@@ -32,24 +32,23 @@ GIT
 PATH
   remote: .
   specs:
-    vagrant-s3auth (1.1.0)
-      aws-sdk (~> 2.0.38)
+    vagrant-s3auth (1.2.0)
+      aws-sdk (~> 2.1.13)
 GEM
   remote: https://rubygems.org/
   specs:
     CFPropertyList (2.3.1)
-    ast (2.0.0)
-    astrolabe (1.3.0)
-      parser (>= 2.2.0.pre.3, < 3.0)
-    aws-sdk (2.0.47)
-      aws-sdk-resources (= 2.0.47)
-    aws-sdk-core (2.0.47)
-      builder (~> 3.0)
+    addressable (2.3.8)
+    ast (2.1.0)
+    astrolabe (1.3.1)
+      parser (~> 2.2)
+    aws-sdk (2.1.13)
+      aws-sdk-resources (= 2.1.13)
+    aws-sdk-core (2.1.13)
       jmespath (~> 1.0)
-      multi_json (~> 1.0)
-    aws-sdk-resources (2.0.47)
-      aws-sdk-core (= 2.0.47)
+    aws-sdk-resources (2.1.13)
+      aws-sdk-core (= 2.1.13)
     builder (3.2.2)
     celluloid (0.16.0)
       timers (~> 4.0.0)
@@ -163,10 +162,14 @@ GEM
       builder (>= 2.1.2)
     hashicorp-checkpoint (0.1.4)
     hitimes (1.2.2)
-    http (0.6.4)
+    http (0.9.0)
+      addressable (~> 2.3)
+      http-cookie (~> 1.0)
+      http-form_data (~> 1.0.1)
       http_parser.rb (~> 0.6.0)
     http-cookie (1.0.2)
       domain_name (~> 0.5)
+    http-form_data (1.0.1)
     http_parser.rb (0.6.0)
     httpclient (2.6.0.1)
     i18n (0.7.0)
@@ -195,11 +198,11 @@ GEM
     nokogiri (1.6.3.1)
       mini_portile (= 0.6.0)
     nori (2.6.0)
-    parser (2.2.2.5)
+    parser (2.2.2.6)
       ast (>= 1.1, < 3.0)
-    powerpack (0.0.9)
+    powerpack (0.1.1)
     rainbow (2.0.0)
-    rake (10.3.2)
+    rake (10.4.2)
     rb-fsevent (0.9.5)
     rb-inotify (0.9.5)
       ffi (>= 0.5.0)
@@ -209,10 +212,10 @@ GEM
       http-cookie (>= 1.0.2, < 2.0)
       mime-types (>= 1.16, < 3.0)
       netrc (~> 0.7)
-    rubocop (0.28.0)
+    rubocop (0.33.0)
       astrolabe (~> 1.3)
-      parser (>= 2.2.0.pre.7, < 3.0)
-      powerpack (~> 0.0.6)
+      parser (>= 2.2.2.5, < 3.0)
+      powerpack (~> 0.1)
       rainbow (>= 1.99.1, < 3.0)
       ruby-progressbar (~> 1.4)
     ruby-progressbar (1.7.5)
@@ -245,9 +248,9 @@ PLATFORMS
 DEPENDENCIES
   bundler (~> 1.5)
-  http (~> 0.6.3)
-  rake (~> 10.3.2)
-  rubocop (~> 0.28.0)
+  http (~> 0.9.0)
+  rake (~> 10.4.2)
+  rubocop (~> 0.33.0)
   vagrant!
   vagrant-aws!
   vagrant-s3auth!

data/README.md CHANGED Viewed

@@ -67,12 +67,15 @@ aws_secret_access_key = ...
 ```ruby
 # Vagrantfile
+ENV.delete_if { |name| name.start_with?('AWS_') }  # Filter out rogue env vars.
 ENV['AWS_PROFILE'] = 'vagrant-s3auth'
 Vagrant.configure("2") { |config| ... }
 ```
-Alternatively, you can write some Ruby to set the access key directly:
+**CAUTION:** If `AWS_ACCESS_KEY_ID` exists in your environment, it will
+take precedence over `AWS_PROFILE`! Either take care to filter rogue
+environment variables as above, or set the access key explicitly:
 ```ruby
 access_key, secret_key = whizbang_inc_api.fetch_api_creds()
@@ -80,6 +83,11 @@ ENV['AWS_ACCESS_KEY_ID']     = access_key
 ENV['AWS_SECRET_ACCESS_KEY'] = secret_key
 ```
+The detected AWS access key and its source (environment variable or
+profile file) will be displayed when the box is downloaded. If you use
+multiple AWS credentials and see authentication errors, verify that the
+correct access key was detected.
 ##### IAM configuration
 IAM accounts will need at least the following policy:

data/lib/vagrant-s3auth/extension/downloader.rb CHANGED Viewed

@@ -8,6 +8,22 @@ S3Auth = VagrantPlugins::S3Auth
 module Vagrant
   module Util
     class Downloader
+      def s3auth_credential_source
+        credential_provider = S3Auth::Util.s3_credential_provider
+        case credential_provider
+        when ::Aws::Credentials
+          I18n.t(
+            'vagrant_s3auth.downloader.env_credential_provider',
+            access_key: credential_provider.credentials.access_key_id,
+            env_var: S3Auth::Util::AWS_ACCESS_KEY_ENV_VARS.find { |k| ENV.key?(k) })
+        when ::Aws::SharedCredentials
+          I18n.t(
+            'vagrant_s3auth.downloader.profile_credential_provider',
+            access_key: credential_provider.credentials.access_key_id,
+            profile: credential_provider.profile_name)
+        end
+      end
       def s3auth_download(options, subprocess_options, &data_proc)
         # The URL sent to curl is always the last argument. We have to rely
         # on this implementation detail because we need to hook into both
@@ -25,6 +41,8 @@ module Vagrant
         @logger.info("s3auth: Generating signed URL for #{method.upcase}")
+        @ui.detail(s3auth_credential_source) if @ui
         url.replace(S3Auth::Util.s3_url_for(method, s3_object).to_s)
         execute_curl_without_s3auth(options, subprocess_options, &data_proc)
@@ -32,7 +50,6 @@ module Vagrant
         if e.message =~ /403 Forbidden/
           e.message << "\n\n"
           e.message << I18n.t('vagrant_s3auth.errors.box_download_forbidden',
-            access_key: ENV['AWS_ACCESS_KEY_ID'],
             bucket: s3_object && s3_object.bucket.name)
         end
         raise
@@ -45,6 +62,9 @@ module Vagrant
       def execute_curl_with_s3auth(options, subprocess_options, &data_proc)
         execute_curl_without_s3auth(options, subprocess_options, &data_proc)
       rescue Errors::DownloaderError => e
+        # Ensure the progress bar from the just-failed request is cleared.
+        @ui.clear_line if @ui
         s3auth_download(options, subprocess_options, &data_proc) || (raise e)
       end

data/lib/vagrant-s3auth/util.rb CHANGED Viewed

@@ -8,6 +8,14 @@ module VagrantPlugins
     module Util
       S3_HOST_MATCHER = /^((?<bucket>[[:alnum:]\-\.]+).)?s3([[:alnum:]\-\.]+)?\.amazonaws\.com$/
+      # The list of environment variables that the AWS Ruby SDK searches
+      # for access keys. Sadly, there's no better way to determine which
+      # environment variable the Ruby SDK is using without mirroring the
+      # logic ourself.
+      #
+      # See: https://github.com/aws/aws-sdk-ruby/blob/ab0eb18d0ce0a515254e207dae772864c34b048d/aws-sdk-core/lib/aws-sdk-core/credential_provider_chain.rb#L42
+      AWS_ACCESS_KEY_ENV_VARS = %w(AWS_ACCESS_KEY_ID AMAZON_ACCESS_KEY_ID AWS_ACCESS_KEY)
       DEFAULT_REGION = 'us-east-1'
       LOCATION_TO_REGION = Hash.new { |_, key| key }.merge(
@@ -15,6 +23,12 @@ module VagrantPlugins
         'EU' => 'eu-west-1'
       )
+      class NullObject
+        def method_missing(*)
+          nil
+        end
+      end
       def self.s3_client(region = DEFAULT_REGION)
         ::Aws::S3::Client.new(region: region)
       end
@@ -55,9 +69,14 @@ module VagrantPlugins
           s3_client.get_bucket_location(bucket: bucket).location_constraint
         ]
       rescue ::Aws::S3::Errors::AccessDenied
-        raise Errors::BucketLocationAccessDeniedError,
-          bucket: bucket,
-          access_key: ENV['AWS_ACCESS_KEY_ID']
+        raise Errors::BucketLocationAccessDeniedError, bucket: bucket
+      end
+      def self.s3_credential_provider
+        # Providing a NullObject here is the same as instantiating a
+        # client without specifying a credentials config, like we do in
+        # `self.s3_client`.
+        ::Aws::CredentialProviderChain.new(NullObject.new).resolve
       end
     end
   end

data/lib/vagrant-s3auth/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 module VagrantPlugins
   module S3Auth
-    VERSION = '1.1.0'
+    VERSION = '1.2.0'
   end
 end

data/locales/en.yml CHANGED Viewed

@@ -1,5 +1,12 @@
 en:
   vagrant_s3auth:
+    downloader:
+      env_credential_provider: |-
+        Signing S3 request with key '%{access_key}' loaded from $%{env_var}
+      profile_credential_provider: |-
+        Signing S3 request with key '%{access_key}' loaded from profile '%{profile}'
     errors:
       missing_credentials: |-
         Unable to find AWS credentials.
@@ -31,23 +38,15 @@ en:
       bucket_location_access_denied_error: |-
         Request for box's Amazon S3 region was denied.
-        This usually indicates that your user account with access key ID
-            %{access_key}
-        is misconfigured. Ensure your IAM policy allows the "s3:GetBucketLocation"
-        action for your bucket:
+        This usually indicates that your user account is misconfigured. Ensure
+        your IAM policy allows the "s3:GetBucketLocation" action for your bucket:
             arn:aws:s3:::%{bucket}
       box_download_forbidden: |-
         This box is hosted on Amazon S3. A 403 Forbidden error usually indicates
-        that your user account with access key ID
-            %{access_key}
-        is misconfigured. Ensure your IAM policy allows the "s3:GetObject"
-        action for your bucket:
+        that your user account is misconfigured. Ensure your IAM policy allows
+        the "s3:GetObject" action for your bucket:
             arn:aws:s3:::%{bucket}/*

data/vagrant-s3auth.gemspec CHANGED Viewed

@@ -15,10 +15,10 @@ Gem::Specification.new do |spec|
   spec.test_files    = spec.files.grep(/spec/)
   spec.require_paths = ['lib']
-  spec.add_dependency 'aws-sdk', '~> 2.0.38'
+  spec.add_dependency 'aws-sdk', '~> 2.1.13'
   spec.add_development_dependency 'bundler', '~> 1.5'
-  spec.add_development_dependency 'http', '~> 0.6.3'
-  spec.add_development_dependency 'rake', '~> 10.3.2'
-  spec.add_development_dependency 'rubocop', '~> 0.28.0'
+  spec.add_development_dependency 'http', '~> 0.9.0'
+  spec.add_development_dependency 'rake', '~> 10.4.2'
+  spec.add_development_dependency 'rubocop', '~> 0.33.0'
 end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: vagrant-s3auth
 version: !ruby/object:Gem::Version
-  version: 1.1.0
+  version: 1.2.0
 platform: ruby
 authors:
 - Nikhil Benesch
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2015-06-01 00:00:00.000000000 Z
+date: 2015-08-21 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 2.0.38
+        version: 2.1.13
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 2.0.38
+        version: 2.1.13
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
@@ -44,42 +44,42 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.6.3
+        version: 0.9.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.6.3
+        version: 0.9.0
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 10.3.2
+        version: 10.4.2
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 10.3.2
+        version: 10.4.2
 - !ruby/object:Gem::Dependency
   name: rubocop
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.28.0
+        version: 0.33.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.28.0
+        version: 0.33.0
 description:
 email:
 - benesch@whoop.com