RubyGems - vagrant-s3auth - Versions diffs - 1.1.0 → 1.2.0 - Mend

vagrant-s3auth 1.1.0 → 1.2.0

Files changed (10) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +22 -0
data/Gemfile.lock +25 -22
data/README.md +9 -1
data/lib/vagrant-s3auth/extension/downloader.rb +21 -1
data/lib/vagrant-s3auth/util.rb +22 -3
data/lib/vagrant-s3auth/version.rb +1 -1
data/locales/en.yml +11 -12
data/vagrant-s3auth.gemspec +4 -4
metadata +10 -10

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 792627aedcb06b8fa5facb6482fb99dfd9f1c327
-  data.tar.gz: 0f3d32cba11d602fb6079756f8637036f20883aa
+  metadata.gz: 5a13ed72a2dc87181ab1e328e3fe52782d149788
+  data.tar.gz: 86307061db0770afccf7394997e7023944f04b91
 SHA512:
-  metadata.gz: 399ffee437d1ce9b11015bb740b169b94e1e7f74b8323c4d0c29b45bd7feeded918511ed6d80e429527e8f4170ec82be96e24c02c268d26542db76838894ce19
-  data.tar.gz: 90353673af0bbbcf45ac0af54d1944a10308c119a7ce01f444e87ca351cf93a5771c9a26e49dd03f9290bb696d30fa2b87f2fc1ff6dd6d43f58d383eed84365f
+  metadata.gz: 893a0878cc5f12ff5dd4fb6df47a54f42c0674f226c48f624f4c61b827f75980d165930d33ce432141999ab28c2c5bbe618ec7bfbc473ed8d4683872020772d9
+  data.tar.gz: 3f85ee22e9d9aa93243d878eb098708e36e1a5393678d7c42a2ff0396e950d7c11c109fd5252a15f27c31358ccf0c0dad9b4f493747f52438c73e7a716a50212

data/CHANGELOG.md CHANGED Viewed

@@ -1,3 +1,23 @@
+## 1.2.0
+**20 August 2015**
+Enhancements:
+* output the discovered AWS access key and its source (environment variable or
+  profile) when downloading an authenticated S3 box ([#21])
+Thanks, [@Daemoen][Daemoen]!
+## 1.1.1
+**6 August 2015**
+Enhancements:
+* bump dependencies to latest patch versions and dev dependencies to latest
+  versions
 ## 1.1.0
 **1 June 2015**
@@ -92,7 +112,9 @@ Enhancements:
 [#14]: https://github.com/WhoopInc/vagrant-s3auth/issues/14
 [#15]: https://github.com/WhoopInc/vagrant-s3auth/issues/15
 [#16]: https://github.com/WhoopInc/vagrant-s3auth/issues/16
+[#21]: https://github.com/WhoopInc/vagrant-s3auth/issues/21
+[Daemoen]: https://github.com/Daemoen
 [andres-rojas]: https://github.com/andres-rojas
 [companykitchen-dev]: https://github.com/companykitchen-dev
 [kimpepper]: https://github.com/kimpepper

data/Gemfile.lock CHANGED Viewed

@@ -32,24 +32,23 @@ GIT
 PATH
   remote: .
   specs:
-    vagrant-s3auth (1.1.0)
-      aws-sdk (~> 2.0.38)
+    vagrant-s3auth (1.2.0)
+      aws-sdk (~> 2.1.13)
 GEM
   remote: https://rubygems.org/
   specs:
     CFPropertyList (2.3.1)
-    ast (2.0.0)
-    astrolabe (1.3.0)
-      parser (>= 2.2.0.pre.3, < 3.0)
-    aws-sdk (2.0.47)
-      aws-sdk-resources (= 2.0.47)
-    aws-sdk-core (2.0.47)
-      builder (~> 3.0)
+    addressable (2.3.8)
+    ast (2.1.0)
+    astrolabe (1.3.1)
+      parser (~> 2.2)
+    aws-sdk (2.1.13)
+      aws-sdk-resources (= 2.1.13)
+    aws-sdk-core (2.1.13)
       jmespath (~> 1.0)
-      multi_json (~> 1.0)
-    aws-sdk-resources (2.0.47)
-      aws-sdk-core (= 2.0.47)
+    aws-sdk-resources (2.1.13)
+      aws-sdk-core (= 2.1.13)
     builder (3.2.2)
     celluloid (0.16.0)
       timers (~> 4.0.0)
@@ -163,10 +162,14 @@ GEM
       builder (>= 2.1.2)
     hashicorp-checkpoint (0.1.4)
     hitimes (1.2.2)
-    http (0.6.4)
+    http (0.9.0)
+      addressable (~> 2.3)
+      http-cookie (~> 1.0)
+      http-form_data (~> 1.0.1)
       http_parser.rb (~> 0.6.0)
     http-cookie (1.0.2)
       domain_name (~> 0.5)
+    http-form_data (1.0.1)
     http_parser.rb (0.6.0)
     httpclient (2.6.0.1)
     i18n (0.7.0)
@@ -195,11 +198,11 @@ GEM
     nokogiri (1.6.3.1)
       mini_portile (= 0.6.0)
     nori (2.6.0)
-    parser (2.2.2.5)
+    parser (2.2.2.6)
       ast (>= 1.1, < 3.0)
-    powerpack (0.0.9)
+    powerpack (0.1.1)
     rainbow (2.0.0)
-    rake (10.3.2)
+    rake (10.4.2)
     rb-fsevent (0.9.5)
     rb-inotify (0.9.5)
       ffi (>= 0.5.0)
@@ -209,10 +212,10 @@ GEM
       http-cookie (>= 1.0.2, < 2.0)
       mime-types (>= 1.16, < 3.0)
       netrc (~> 0.7)
-    rubocop (0.28.0)
+    rubocop (0.33.0)
       astrolabe (~> 1.3)
-      parser (>= 2.2.0.pre.7, < 3.0)
-      powerpack (~> 0.0.6)
+      parser (>= 2.2.2.5, < 3.0)
+      powerpack (~> 0.1)
       rainbow (>= 1.99.1, < 3.0)
       ruby-progressbar (~> 1.4)
     ruby-progressbar (1.7.5)
@@ -245,9 +248,9 @@ PLATFORMS
 DEPENDENCIES
   bundler (~> 1.5)
-  http (~> 0.6.3)
-  rake (~> 10.3.2)
-  rubocop (~> 0.28.0)
+  http (~> 0.9.0)
+  rake (~> 10.4.2)
+  rubocop (~> 0.33.0)
   vagrant!
   vagrant-aws!
   vagrant-s3auth!

data/README.md CHANGED Viewed

@@ -67,12 +67,15 @@ aws_secret_access_key = ...
 ```ruby
 # Vagrantfile
+ENV.delete_if { |name| name.start_with?('AWS_') }  # Filter out rogue env vars.
 ENV['AWS_PROFILE'] = 'vagrant-s3auth'
 Vagrant.configure("2") { |config| ... }
 ```
-Alternatively, you can write some Ruby to set the access key directly:
+**CAUTION:** If `AWS_ACCESS_KEY_ID` exists in your environment, it will
+take precedence over `AWS_PROFILE`! Either take care to filter rogue
+environment variables as above, or set the access key explicitly:
 ```ruby
 access_key, secret_key = whizbang_inc_api.fetch_api_creds()
@@ -80,6 +83,11 @@ ENV['AWS_ACCESS_KEY_ID']     = access_key
 ENV['AWS_SECRET_ACCESS_KEY'] = secret_key
 ```
+The detected AWS access key and its source (environment variable or
+profile file) will be displayed when the box is downloaded. If you use
+multiple AWS credentials and see authentication errors, verify that the
+correct access key was detected.
 ##### IAM configuration
 IAM accounts will need at least the following policy:

data/lib/vagrant-s3auth/extension/downloader.rb CHANGED Viewed

@@ -8,6 +8,22 @@ S3Auth = VagrantPlugins::S3Auth
 module Vagrant
   module Util
     class Downloader
+      def s3auth_credential_source
+        credential_provider = S3Auth::Util.s3_credential_provider
+        case credential_provider
+        when ::Aws::Credentials
+          I18n.t(
+            'vagrant_s3auth.downloader.env_credential_provider',
+            access_key: credential_provider.credentials.access_key_id,
+            env_var: S3Auth::Util::AWS_ACCESS_KEY_ENV_VARS.find { |k| ENV.key?(k) })
+        when ::Aws::SharedCredentials
+          I18n.t(
+            'vagrant_s3auth.downloader.profile_credential_provider',
+            access_key: credential_provider.credentials.access_key_id,
+            profile: credential_provider.profile_name)
+        end
+      end
       def s3auth_download(options, subprocess_options, &data_proc)
         # The URL sent to curl is always the last argument. We have to rely
         # on this implementation detail because we need to hook into both
@@ -25,6 +41,8 @@ module Vagrant
         @logger.info("s3auth: Generating signed URL for #{method.upcase}")
+        @ui.detail(s3auth_credential_source) if @ui
         url.replace(S3Auth::Util.s3_url_for(method, s3_object).to_s)
         execute_curl_without_s3auth(options, subprocess_options, &data_proc)
@@ -32,7 +50,6 @@ module Vagrant
         if e.message =~ /403 Forbidden/
           e.message << "\n\n"
           e.message << I18n.t('vagrant_s3auth.errors.box_download_forbidden',
-            access_key: ENV['AWS_ACCESS_KEY_ID'],
             bucket: s3_object && s3_object.bucket.name)
         end
         raise
@@ -45,6 +62,9 @@ module Vagrant
       def execute_curl_with_s3auth(options, subprocess_options, &data_proc)
         execute_curl_without_s3auth(options, subprocess_options, &data_proc)
       rescue Errors::DownloaderError => e
+        # Ensure the progress bar from the just-failed request is cleared.
+        @ui.clear_line if @ui
         s3auth_download(options, subprocess_options, &data_proc) || (raise e)
       end

data/lib/vagrant-s3auth/util.rb CHANGED Viewed

@@ -8,6 +8,14 @@ module VagrantPlugins
     module Util
       S3_HOST_MATCHER = /^((?<bucket>[[:alnum:]\-\.]+).)?s3([[:alnum:]\-\.]+)?\.amazonaws\.com$/
+      # The list of environment variables that the AWS Ruby SDK searches
+      # for access keys. Sadly, there's no better way to determine which
+      # environment variable the Ruby SDK is using without mirroring the
+      # logic ourself.
+      #
+      # See: https://github.com/aws/aws-sdk-ruby/blob/ab0eb18d0ce0a515254e207dae772864c34b048d/aws-sdk-core/lib/aws-sdk-core/credential_provider_chain.rb#L42
+      AWS_ACCESS_KEY_ENV_VARS = %w(AWS_ACCESS_KEY_ID AMAZON_ACCESS_KEY_ID AWS_ACCESS_KEY)
       DEFAULT_REGION = 'us-east-1'
       LOCATION_TO_REGION = Hash.new { |_, key| key }.merge(
@@ -15,6 +23,12 @@ module VagrantPlugins
         'EU' => 'eu-west-1'
       )
+      class NullObject
+        def method_missing(*)
+          nil
+        end
+      end
       def self.s3_client(region = DEFAULT_REGION)
         ::Aws::S3::Client.new(region: region)
       end
@@ -55,9 +69,14 @@ module VagrantPlugins
           s3_client.get_bucket_location(bucket: bucket).location_constraint
         ]
       rescue ::Aws::S3::Errors::AccessDenied
-        raise Errors::BucketLocationAccessDeniedError,
-          bucket: bucket,
-          access_key: ENV['AWS_ACCESS_KEY_ID']
+        raise Errors::BucketLocationAccessDeniedError, bucket: bucket
+      end
+      def self.s3_credential_provider
+        # Providing a NullObject here is the same as instantiating a
+        # client without specifying a credentials config, like we do in
+        # `self.s3_client`.
+        ::Aws::CredentialProviderChain.new(NullObject.new).resolve
       end
     end
   end

data/lib/vagrant-s3auth/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 module VagrantPlugins
   module S3Auth
-    VERSION = '1.1.0'
+    VERSION = '1.2.0'
   end
 end

data/locales/en.yml CHANGED Viewed

@@ -1,5 +1,12 @@
 en:
   vagrant_s3auth:
+    downloader:
+      env_credential_provider: |-
+        Signing S3 request with key '%{access_key}' loaded from $%{env_var}
+      profile_credential_provider: |-
+        Signing S3 request with key '%{access_key}' loaded from profile '%{profile}'
     errors:
       missing_credentials: |-
         Unable to find AWS credentials.
@@ -31,23 +38,15 @@ en:
       bucket_location_access_denied_error: |-
         Request for box's Amazon S3 region was denied.
-        This usually indicates that your user account with access key ID
-            %{access_key}
-        is misconfigured. Ensure your IAM policy allows the "s3:GetBucketLocation"
-        action for your bucket:
+        This usually indicates that your user account is misconfigured. Ensure
+        your IAM policy allows the "s3:GetBucketLocation" action for your bucket:
             arn:aws:s3:::%{bucket}
       box_download_forbidden: |-
         This box is hosted on Amazon S3. A 403 Forbidden error usually indicates
-        that your user account with access key ID
-            %{access_key}
-        is misconfigured. Ensure your IAM policy allows the "s3:GetObject"
-        action for your bucket:
+        that your user account is misconfigured. Ensure your IAM policy allows
+        the "s3:GetObject" action for your bucket:
             arn:aws:s3:::%{bucket}/*

data/vagrant-s3auth.gemspec CHANGED Viewed

@@ -15,10 +15,10 @@ Gem::Specification.new do |spec|
   spec.test_files    = spec.files.grep(/spec/)
   spec.require_paths = ['lib']
-  spec.add_dependency 'aws-sdk', '~> 2.0.38'
+  spec.add_dependency 'aws-sdk', '~> 2.1.13'
   spec.add_development_dependency 'bundler', '~> 1.5'
-  spec.add_development_dependency 'http', '~> 0.6.3'
-  spec.add_development_dependency 'rake', '~> 10.3.2'
-  spec.add_development_dependency 'rubocop', '~> 0.28.0'
+  spec.add_development_dependency 'http', '~> 0.9.0'
+  spec.add_development_dependency 'rake', '~> 10.4.2'
+  spec.add_development_dependency 'rubocop', '~> 0.33.0'
 end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: vagrant-s3auth
 version: !ruby/object:Gem::Version
-  version: 1.1.0
+  version: 1.2.0
 platform: ruby
 authors:
 - Nikhil Benesch
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2015-06-01 00:00:00.000000000 Z
+date: 2015-08-21 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 2.0.38
+        version: 2.1.13
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 2.0.38
+        version: 2.1.13
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
@@ -44,42 +44,42 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.6.3
+        version: 0.9.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.6.3
+        version: 0.9.0
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 10.3.2
+        version: 10.4.2
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 10.3.2
+        version: 10.4.2
 - !ruby/object:Gem::Dependency
   name: rubocop
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.28.0
+        version: 0.33.0
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: 0.28.0
+        version: 0.33.0
 description:
 email:
 - benesch@whoop.com