Rename to session_token and rearrange readme

laurilehmijoki · Mar 3, 2017 · 0ef15b2 · 0ef15b2
1 parent 66c7041
commit 0ef15b2
Show file tree

Hide file tree

Showing 6 changed files with 20 additions and 14 deletions.
diff --git a/README.md b/README.md
@@ -59,13 +59,12 @@ You can use ERB in your `s3_website.yml` file which incorporates environment var
 ```yaml
 s3_id: <%= ENV['S3_ID'] %>
 s3_secret: <%= ENV['S3_SECRET'] %>
-s3_token: <%= ENV['S3_TOKEN'] %>
 s3_bucket: blog.example.com
 ```
 
 (If you are using `s3_website` on an [EC2 instance with IAM
 roles](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/UsingIAM.html#UsingIAMrolesWithAmazonEC2Instances),
-you can omit the `s3_id`, `s3_secret` and `s3_token` keys in the config file.)
+you can omit the `s3_id` and `s3_secret` keys in the config file.)
 
 S3_website implements support for reading environment variables from a file using
 the [dotenv](https://github.com/bkeepers/dotenv) gem. You can create a `.env` file
@@ -77,9 +76,6 @@ Your `.env` file should containing the following variables:
 
     S3_ID=FOO
     S3_SECRET=BAR
-    S3_TOKEN=STS_SESSION_TOKEN
-
-Note: the `S3_TOKEN` variable is optional and is for use when acquiring [AWS temporary security credentials](http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp.html) (eg: when [assuming IAM roles](http://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRole.html))
 
 ## Project goals
 
@@ -450,6 +446,16 @@ Define the subdirectory like so:
 s3_key_prefix: your-subdirectory
 ```
 
+### Temporary security credentials with Session Token
+
+[AWS temporary security credentials](http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp.html) (eg: when [assuming IAM roles](http://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRole.html))
+
+Usage: 
+
+```yaml
+session_token: your-token
+```
+
 ## Migrating from v1 to v2
 
 Please read the [release note](/changelog.md#200) on version 2. It contains

diff --git a/additional-docs/example-configurations.md b/additional-docs/example-configurations.md
@@ -24,7 +24,7 @@ the `s3_id` and `s3_secret`.
 ````yaml
 s3_id: abcd
 s3_secret: 2s+x92
-s3_token: hex!xeh
+session_token: hex!xeh
 s3_bucket: your.domain.net
 ````
 

diff --git a/resources/configuration_file_template.yml b/resources/configuration_file_template.yml
@@ -1,8 +1,9 @@
 s3_id: YOUR_AWS_S3_ACCESS_KEY_ID
 s3_secret: YOUR_AWS_S3_SECRET_ACCESS_KEY
+s3_bucket: your.blog.bucket.com
+
 # set s3_token if using temporary credentials with a session token (eg: when assuming a role)
 # s3_token: YOUR_AWS_S3_SESSION_TOKEN
-s3_bucket: your.blog.bucket.com
 
 # Below are examples of all the available configurations.
 # See README for more detailed info on each of them.

diff --git a/src/main/scala/s3/website/model/Config.scala b/src/main/scala/s3/website/model/Config.scala
@@ -13,7 +13,7 @@ import com.amazonaws.auth.{AWSCredentialsProvider, BasicAWSCredentials, BasicSes
 case class Config(
   s3_id:                                  Option[String], // If undefined, use IAM Roles (http://docs.aws.amazon.com/AWSSdkDocsJava/latest/DeveloperGuide/java-dg-roles.html)
   s3_secret:                              Option[String], // If undefined, use IAM Roles (http://docs.aws.amazon.com/AWSSdkDocsJava/latest/DeveloperGuide/java-dg-roles.html)
-  s3_token:                               Option[String], // If defined, the AWS Security Token Service session token (http://docs.aws.amazon.com/STS/latest/APIReference/Welcome.html)
+  session_token:                          Option[String], // If defined, the AWS Security Token Service session token (http://docs.aws.amazon.com/STS/latest/APIReference/Welcome.html)
   s3_bucket:                              String,
   s3_endpoint:                            S3Endpoint,
   site:                                   Option[String],
@@ -38,7 +38,7 @@ object Config {
 
   def awsCredentials(config: Config): AWSCredentialsProvider = {
     val credentialsFromConfigFile =
-      if (config.s3_token.isEmpty) {
+      if (config.session_token.isEmpty) {
         for {
           s3_id <- config.s3_id
           s3_secret <- config.s3_secret
@@ -47,8 +47,8 @@ object Config {
         for {
           s3_id <- config.s3_id
           s3_secret <- config.s3_secret
-          s3_token <- config.s3_token
-        } yield new BasicSessionCredentials(s3_id, s3_secret, s3_token)
+          session_token <- config.session_token
+        } yield new BasicSessionCredentials(s3_id, s3_secret, session_token)
       }
     credentialsFromConfigFile.fold(new DefaultAWSCredentialsProviderChain: AWSCredentialsProvider)(credentials =>
       new AWSCredentialsProvider {

diff --git a/src/main/scala/s3/website/model/Site.scala b/src/main/scala/s3/website/model/Site.scala
@@ -35,7 +35,7 @@ object Site {
         for {
           s3_id <- loadOptionalString("s3_id").right
           s3_secret <- loadOptionalString("s3_secret").right
-          s3_token <- loadOptionalString("s3_token").right
+          session_token <- loadOptionalString("session_token").right
           s3_bucket <- loadRequiredString("s3_bucket").right
           s3_endpoint <- loadEndpoint.right
           site <- loadOptionalString("site").right
@@ -66,7 +66,7 @@ object Site {
           Config(
             s3_id,
             s3_secret,
-            s3_token,
+            session_token,
             s3_bucket,
             s3_endpoint getOrElse S3Endpoint.defaultEndpoint,
             site,

diff --git a/src/test/scala/s3/website/S3WebsiteSpec.scala b/src/test/scala/s3/website/S3WebsiteSpec.scala
@@ -1436,7 +1436,6 @@ class S3WebsiteSpec extends Specification {
     """
       |s3_id: foo
       |s3_secret: bar
-      |s3_token: baz
       |s3_bucket: bucket
     """.stripMargin