From 0ef15b202a45b7d12df7f2622ebc85aec525d1f0 Mon Sep 17 00:00:00 2001 From: Lauri Lehmijoki Date: Fri, 3 Mar 2017 15:06:28 +0200 Subject: [PATCH] Rename to session_token and rearrange readme --- README.md | 16 +++++++++++----- additional-docs/example-configurations.md | 2 +- resources/configuration_file_template.yml | 3 ++- src/main/scala/s3/website/model/Config.scala | 8 ++++---- src/main/scala/s3/website/model/Site.scala | 4 ++-- src/test/scala/s3/website/S3WebsiteSpec.scala | 1 - 6 files changed, 20 insertions(+), 14 deletions(-) diff --git a/README.md b/README.md index 2d15b6ba..401a1972 100644 --- a/README.md +++ b/README.md @@ -59,13 +59,12 @@ You can use ERB in your `s3_website.yml` file which incorporates environment var ```yaml s3_id: <%= ENV['S3_ID'] %> s3_secret: <%= ENV['S3_SECRET'] %> -s3_token: <%= ENV['S3_TOKEN'] %> s3_bucket: blog.example.com ``` (If you are using `s3_website` on an [EC2 instance with IAM roles](http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/UsingIAM.html#UsingIAMrolesWithAmazonEC2Instances), -you can omit the `s3_id`, `s3_secret` and `s3_token` keys in the config file.) +you can omit the `s3_id` and `s3_secret` keys in the config file.) S3_website implements support for reading environment variables from a file using the [dotenv](https://github.com/bkeepers/dotenv) gem. You can create a `.env` file @@ -77,9 +76,6 @@ Your `.env` file should containing the following variables: S3_ID=FOO S3_SECRET=BAR - S3_TOKEN=STS_SESSION_TOKEN - -Note: the `S3_TOKEN` variable is optional and is for use when acquiring [AWS temporary security credentials](http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp.html) (eg: when [assuming IAM roles](http://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRole.html)) ## Project goals @@ -450,6 +446,16 @@ Define the subdirectory like so: s3_key_prefix: your-subdirectory ``` +### Temporary security credentials with Session Token + +[AWS temporary security credentials](http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp.html) (eg: when [assuming IAM roles](http://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRole.html)) + +Usage: + +```yaml +session_token: your-token +``` + ## Migrating from v1 to v2 Please read the [release note](/changelog.md#200) on version 2. It contains diff --git a/additional-docs/example-configurations.md b/additional-docs/example-configurations.md index b921b0b5..ae2c165a 100644 --- a/additional-docs/example-configurations.md +++ b/additional-docs/example-configurations.md @@ -24,7 +24,7 @@ the `s3_id` and `s3_secret`. ````yaml s3_id: abcd s3_secret: 2s+x92 -s3_token: hex!xeh +session_token: hex!xeh s3_bucket: your.domain.net ```` diff --git a/resources/configuration_file_template.yml b/resources/configuration_file_template.yml index c5e43c48..e311933e 100644 --- a/resources/configuration_file_template.yml +++ b/resources/configuration_file_template.yml @@ -1,8 +1,9 @@ s3_id: YOUR_AWS_S3_ACCESS_KEY_ID s3_secret: YOUR_AWS_S3_SECRET_ACCESS_KEY +s3_bucket: your.blog.bucket.com + # set s3_token if using temporary credentials with a session token (eg: when assuming a role) # s3_token: YOUR_AWS_S3_SESSION_TOKEN -s3_bucket: your.blog.bucket.com # Below are examples of all the available configurations. # See README for more detailed info on each of them. diff --git a/src/main/scala/s3/website/model/Config.scala b/src/main/scala/s3/website/model/Config.scala index d3a61654..af187845 100644 --- a/src/main/scala/s3/website/model/Config.scala +++ b/src/main/scala/s3/website/model/Config.scala @@ -13,7 +13,7 @@ import com.amazonaws.auth.{AWSCredentialsProvider, BasicAWSCredentials, BasicSes case class Config( s3_id: Option[String], // If undefined, use IAM Roles (http://docs.aws.amazon.com/AWSSdkDocsJava/latest/DeveloperGuide/java-dg-roles.html) s3_secret: Option[String], // If undefined, use IAM Roles (http://docs.aws.amazon.com/AWSSdkDocsJava/latest/DeveloperGuide/java-dg-roles.html) - s3_token: Option[String], // If defined, the AWS Security Token Service session token (http://docs.aws.amazon.com/STS/latest/APIReference/Welcome.html) + session_token: Option[String], // If defined, the AWS Security Token Service session token (http://docs.aws.amazon.com/STS/latest/APIReference/Welcome.html) s3_bucket: String, s3_endpoint: S3Endpoint, site: Option[String], @@ -38,7 +38,7 @@ object Config { def awsCredentials(config: Config): AWSCredentialsProvider = { val credentialsFromConfigFile = - if (config.s3_token.isEmpty) { + if (config.session_token.isEmpty) { for { s3_id <- config.s3_id s3_secret <- config.s3_secret @@ -47,8 +47,8 @@ object Config { for { s3_id <- config.s3_id s3_secret <- config.s3_secret - s3_token <- config.s3_token - } yield new BasicSessionCredentials(s3_id, s3_secret, s3_token) + session_token <- config.session_token + } yield new BasicSessionCredentials(s3_id, s3_secret, session_token) } credentialsFromConfigFile.fold(new DefaultAWSCredentialsProviderChain: AWSCredentialsProvider)(credentials => new AWSCredentialsProvider { diff --git a/src/main/scala/s3/website/model/Site.scala b/src/main/scala/s3/website/model/Site.scala index 2b1628a8..f91ea6db 100644 --- a/src/main/scala/s3/website/model/Site.scala +++ b/src/main/scala/s3/website/model/Site.scala @@ -35,7 +35,7 @@ object Site { for { s3_id <- loadOptionalString("s3_id").right s3_secret <- loadOptionalString("s3_secret").right - s3_token <- loadOptionalString("s3_token").right + session_token <- loadOptionalString("session_token").right s3_bucket <- loadRequiredString("s3_bucket").right s3_endpoint <- loadEndpoint.right site <- loadOptionalString("site").right @@ -66,7 +66,7 @@ object Site { Config( s3_id, s3_secret, - s3_token, + session_token, s3_bucket, s3_endpoint getOrElse S3Endpoint.defaultEndpoint, site, diff --git a/src/test/scala/s3/website/S3WebsiteSpec.scala b/src/test/scala/s3/website/S3WebsiteSpec.scala index cda3f2ee..d0fc42a7 100644 --- a/src/test/scala/s3/website/S3WebsiteSpec.scala +++ b/src/test/scala/s3/website/S3WebsiteSpec.scala @@ -1436,7 +1436,6 @@ class S3WebsiteSpec extends Specification { """ |s3_id: foo |s3_secret: bar - |s3_token: baz |s3_bucket: bucket """.stripMargin