From 759d70c6c791d6c4d8cf78e8ad510201a3e9bac3 Mon Sep 17 00:00:00 2001 From: Darin Webb Date: Mon, 30 Sep 2024 18:25:57 -0500 Subject: [PATCH 01/21] WIP update aws sdk --- .ruby-version | 1 + README.md | 8 +++++++- aws-google.gemspec | 15 ++++++++------- lib/aws/google/cached_credentials.rb | 14 +++++++++++--- test/aws/google_test.rb | 24 ++++++++++++------------ 5 files changed, 39 insertions(+), 23 deletions(-) create mode 100644 .ruby-version diff --git a/.ruby-version b/.ruby-version new file mode 100644 index 0000000..eca690e --- /dev/null +++ b/.ruby-version @@ -0,0 +1 @@ +3.0.5 diff --git a/README.md b/README.md index 49b54a8..1ecfd6c 100644 --- a/README.md +++ b/README.md @@ -24,9 +24,14 @@ Or install it yourself as: Visit the [Google API Console](https://console.developers.google.com/) to create/obtain [OAuth 2.0 Client ID credentials](https://support.google.com/cloud/answer/6158849) (client ID and client secret) for an application in your Google account. ### Create an AWS IAM Role -Create an AWS IAM Role with the desired IAM policies attached, and a ['trust policy'](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_terms-and-concepts.html#term_trust-policy) ([`AssumeRolePolicyDocument`](https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateRole.html)) allowing the [`sts:AssumeRoleWithWebIdentity`](https://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRoleWithWebIdentity.html) action with [Web Identity Federation condition keys](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#condition-keys-wif) authorizing +Create an AWS IAM Role with the desired IAM policies attached, and a ['trust policy'][1] ([`AssumeRolePolicyDocument`][2]) allowing the [`sts:AssumeRoleWithWebIdentity`][3] action with [Web Identity Federation condition keys][4] authorizing your Google Client ID (`accounts.google.com:aud`) and a specific set of Google Account IDs (`accounts.google.com:sub`): +[1]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_terms-and-concepts.html#term_trust-policy "IAM Trust Policy" +[2]: https://docs.aws.amazon.com/IAM/latest/APIReference/API_CreateRole.html "Create Role API" +[3]: https://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRoleWithWebIdentity.html "Assume Role With Identity API" +[4]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_iam-condition-keys.html#condition-keys-wif "IAM Condition Keys" + ```json { "Version": "2012-10-17", @@ -53,6 +58,7 @@ your Google Client ID (`accounts.google.com:aud`) and a specific set of Google A ### Method 1: `Aws::Google` In your Ruby code, construct an `Aws::Google` object by passing the AWS `role_arn`, Google `client_id` and `client_secret`, either as constructor arguments or via the `Aws::Google.config` global defaults: + ```ruby require 'aws/google' diff --git a/aws-google.gemspec b/aws-google.gemspec index 9cb8004..6d2deed 100644 --- a/aws-google.gemspec +++ b/aws-google.gemspec @@ -1,8 +1,9 @@ -lib = File.expand_path('../lib', __FILE__) +lib = File.expand_path('lib', __dir__) $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib) require 'aws/google/version' Gem::Specification.new do |spec| + spec.required_ruby_version = '>= 3.0.5' spec.name = 'aws-google' spec.version = Aws::Google::VERSION spec.authors = ['Will Jordan'] @@ -21,14 +22,14 @@ Gem::Specification.new do |spec| spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) } spec.require_paths = ['lib'] - spec.add_dependency 'aws-sdk-core', '~> 3.130' + spec.add_dependency 'aws-sdk-core', '~> 3.201' spec.add_dependency 'google-apis-core' spec.add_dependency 'launchy', '~> 2' - spec.add_development_dependency 'activesupport', '~> 5' - spec.add_development_dependency 'minitest', '~> 5.14.2' - spec.add_development_dependency 'mocha', '~> 1.5' - spec.add_development_dependency 'rake', '~> 12' + spec.add_development_dependency 'activesupport', '~> 6.1.7.8' + spec.add_development_dependency 'minitest', '~> 5.25.1' + spec.add_development_dependency 'mocha', '~> 2.4' + spec.add_development_dependency 'rake', '~> 13' spec.add_development_dependency 'timecop', '~> 0.8' - spec.add_development_dependency 'webmock', '~> 3.3' + spec.add_development_dependency 'webmock', '~> 3' end diff --git a/lib/aws/google/cached_credentials.rb b/lib/aws/google/cached_credentials.rb index 61c93dd..fa28cbe 100644 --- a/lib/aws/google/cached_credentials.rb +++ b/lib/aws/google/cached_credentials.rb @@ -35,10 +35,18 @@ def refresh_if_near_expiration # Write credentials and expiration to AWS credentials file. def write_credentials - # AWS CLI is needed because writing AWS credentials is not supported by the AWS Ruby SDK. + # Ensure the AWS CLI is available before attempting to write credentials. return unless system('which aws >/dev/null 2>&1') - Aws::SharedCredentials::KEY_MAP.transform_values(&@credentials.method(:send)). - merge(expiration: @expiration).each do |key, value| + + # Manually map the credentials to the keys used by AWS CLI + credentials_map = { + 'aws_access_key_id' => @credentials.access_key_id, + 'aws_secret_access_key' => @credentials.secret_access_key, + 'aws_session_token' => @credentials.session_token + } + + # Use the AWS CLI to set the credentials in the session profile + credentials_map.each do |key, value| system("aws configure set #{key} #{value} --profile #{@session_profile}") end end diff --git a/test/aws/google_test.rb b/test/aws/google_test.rb index f217585..02712b1 100644 --- a/test/aws/google_test.rb +++ b/test/aws/google_test.rb @@ -72,7 +72,7 @@ it 'creates credentials from a Google auth token' do @oauth_default.once - system.times(5) + system.times(4) c = Aws::Google.new(config).credentials _(c.credentials.access_key_id).must_equal credentials[:access_key_id] @@ -83,12 +83,12 @@ it 'refreshes expired Google auth token credentials' do m = mock m.stubs(:refresh!) - m.stubs(:id_token). - returns(JWT.encode({ email: 'email', exp: Time.now.to_i - 1 }, '')). - then.returns(JWT.encode({ email: 'email' }, '')) + m.stubs(:id_token) + .returns(JWT.encode({ email: 'email', exp: Time.now.to_i - 1 }, '')) + .then.returns(JWT.encode({ email: 'email' }, '')) Google::Auth.stubs(:get_application_default).returns(m) - system.times(5) + system.times(4) c = Aws::Google.new(config).credentials _(c.credentials.access_key_id).must_equal credentials[:access_key_id] @@ -115,7 +115,7 @@ it 'refreshes saved expired credentials' do config[:profile] = 'cdo-expired' @oauth_default.once - system.times(5) + system.times(4) Aws::Google.new(config).credentials end @@ -124,11 +124,11 @@ Aws::Google.any_instance.expects(:refresh).never Aws::Google.new(config).credentials end - + it 'uses config defaults for new AWS clients' do Aws::Google.stubs(:config).returns(config) @oauth_default.once - system.times(5) + system.times(4) c = Aws::STS::Client.new.config.credentials _(c.credentials.access_key_id).must_equal credentials[:access_key_id] _(c.credentials.secret_access_key).must_equal credentials[:secret_access_key] @@ -147,7 +147,7 @@ end it 'retries Google auth when invalid credentials are provided' do - system.times(5) + system.times(4) @oauth_default.once Aws::Google.any_instance.expects(:google_oauth).returns(oauth) Aws::Google.new(config).credentials @@ -198,13 +198,13 @@ end it 'refreshes Google auth token when expired' do - system.times(5) + system.times(4) @oauth_default.once Aws::Google.any_instance.expects(:google_oauth).returns(oauth).once Aws::Google.new(config).credentials end end - + describe 'no shared config' do before do Aws.shared_config.fresh( @@ -218,7 +218,7 @@ Aws::Google.stubs(:config).returns(config) @oauth_default.once - system.times(5) + system.times(4) c = Aws::STS::Client.new(region: 'us-east-1').config.credentials _(c.credentials.access_key_id).must_equal credentials[:access_key_id] From 48d9fea177ec5bf21ddbcabb5780c9754c76d707 Mon Sep 17 00:00:00 2001 From: Darin Webb Date: Wed, 2 Oct 2024 20:53:11 -0500 Subject: [PATCH 02/21] update all the things and add a local docker dev setup --- Dockerfile | 11 +++++++++++ Rakefile | 14 +++++++++----- aws-google.gemspec | 14 +++++++------- docker-compose.yml | 10 ++++++++++ lib/aws/google/cached_credentials.rb | 27 ++++++++++++++++++--------- test/aws/google_test.rb | 15 ++++++++------- 6 files changed, 63 insertions(+), 28 deletions(-) create mode 100644 Dockerfile create mode 100644 docker-compose.yml diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..3ec5451 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,11 @@ +# Base image for Ruby (you can specify a version) +FROM ruby:3.9.1 + +# Install any system dependencies (adjust based on your gem's needs) +RUN apt-get update -qq && apt-get install -y build-essential libpq-dev nodejs + +# Set the working directory inside the container +WORKDIR /app + +# Expose a shell to allow interaction inside the container +CMD ["/bin/bash"] diff --git a/Rakefile b/Rakefile index d6c5113..50565b7 100644 --- a/Rakefile +++ b/Rakefile @@ -1,10 +1,14 @@ -require "bundler/gem_tasks" -require "rake/testtask" +require 'bundler/gem_tasks' +require 'rake/testtask' Rake::TestTask.new(:test) do |t| - t.libs << "test" - t.libs << "lib" + t.libs << 'test' + t.libs << 'lib' t.test_files = FileList['test/**/*_test.rb'] + + # Enable detailed warnings + t.ruby_opts << '-W2' + t.verbose = true # Shows the detailed output of each test end -task :default => :test +task default: :test diff --git a/aws-google.gemspec b/aws-google.gemspec index 6d2deed..37b0bd2 100644 --- a/aws-google.gemspec +++ b/aws-google.gemspec @@ -22,14 +22,14 @@ Gem::Specification.new do |spec| spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) } spec.require_paths = ['lib'] - spec.add_dependency 'aws-sdk-core', '~> 3.201' - spec.add_dependency 'google-apis-core' - spec.add_dependency 'launchy', '~> 2' + spec.add_dependency 'aws-sdk-core', '~> 3.209.1' + spec.add_dependency 'google-apis-core', '~> 0.15.1' + spec.add_dependency 'launchy', '~> 3.0.1' spec.add_development_dependency 'activesupport', '~> 6.1.7.8' spec.add_development_dependency 'minitest', '~> 5.25.1' - spec.add_development_dependency 'mocha', '~> 2.4' - spec.add_development_dependency 'rake', '~> 13' - spec.add_development_dependency 'timecop', '~> 0.8' - spec.add_development_dependency 'webmock', '~> 3' + spec.add_development_dependency 'mocha', '~> 2.4.5' + spec.add_development_dependency 'rake', '~> 13.2.1' + spec.add_development_dependency 'timecop', '~> 0.9.10' + spec.add_development_dependency 'webmock', '3.24.0' end diff --git a/docker-compose.yml b/docker-compose.yml new file mode 100644 index 0000000..1c848fe --- /dev/null +++ b/docker-compose.yml @@ -0,0 +1,10 @@ +version: '3' +services: + ruby: + build: . + volumes: + - .:/app # Map the current directory to /app inside the container + stdin_open: true + tty: true + ports: + - "3000:3000" # If you're using a server (e.g., for testing with Rails), map the port diff --git a/lib/aws/google/cached_credentials.rb b/lib/aws/google/cached_credentials.rb index fa28cbe..9c2d62e 100644 --- a/lib/aws/google/cached_credentials.rb +++ b/lib/aws/google/cached_credentials.rb @@ -17,18 +17,26 @@ def initialize(options = {}) @profile = options[:profile] || ENV['AWS_PROFILE'] || ENV['AWS_DEFAULT_PROFILE'] || 'default' @session_profile = @profile + '_session' - @expiration = Aws.shared_config.expiration(profile: @session_profile) rescue nil - @credentials = Aws.shared_config.credentials(profile: @session_profile) rescue nil + @expiration = begin + Aws.shared_config.expiration(profile: @session_profile) + rescue StandardError + nil + end + @credentials = begin + Aws.shared_config.credentials(profile: @session_profile) + rescue StandardError + nil + end refresh_if_near_expiration end def refresh_if_near_expiration - if near_expiration?(SYNC_EXPIRATION_LENGTH) - @mutex.synchronize do - if near_expiration?(SYNC_EXPIRATION_LENGTH) - refresh - write_credentials - end + return unless near_expiration?(SYNC_EXPIRATION_LENGTH) + + @mutex.synchronize do + if near_expiration?(SYNC_EXPIRATION_LENGTH) + refresh + write_credentials end end end @@ -42,7 +50,8 @@ def write_credentials credentials_map = { 'aws_access_key_id' => @credentials.access_key_id, 'aws_secret_access_key' => @credentials.secret_access_key, - 'aws_session_token' => @credentials.session_token + 'aws_session_token' => @credentials.session_token, + 'expiration' => @expiration } # Use the AWS CLI to set the credentials in the session profile diff --git a/test/aws/google_test.rb b/test/aws/google_test.rb index 02712b1..3c2504d 100644 --- a/test/aws/google_test.rb +++ b/test/aws/google_test.rb @@ -72,7 +72,7 @@ it 'creates credentials from a Google auth token' do @oauth_default.once - system.times(4) + system.times(5) c = Aws::Google.new(config).credentials _(c.credentials.access_key_id).must_equal credentials[:access_key_id] @@ -88,7 +88,7 @@ .then.returns(JWT.encode({ email: 'email' }, '')) Google::Auth.stubs(:get_application_default).returns(m) - system.times(4) + system.times(5) c = Aws::Google.new(config).credentials _(c.credentials.access_key_id).must_equal credentials[:access_key_id] @@ -108,6 +108,7 @@ expiration = provider.expiration _(expiration).must_equal(provider.expiration) Timecop.travel(1.5.hours.from_now) do + # This test is failing. I don't see where we'd be triggering a refresh, and some debugging sugguests the refresh logic is never called. _(expiration).wont_equal(provider.expiration) end end @@ -115,7 +116,7 @@ it 'refreshes saved expired credentials' do config[:profile] = 'cdo-expired' @oauth_default.once - system.times(4) + system.times(5) Aws::Google.new(config).credentials end @@ -128,7 +129,7 @@ it 'uses config defaults for new AWS clients' do Aws::Google.stubs(:config).returns(config) @oauth_default.once - system.times(4) + system.times(5) c = Aws::STS::Client.new.config.credentials _(c.credentials.access_key_id).must_equal credentials[:access_key_id] _(c.credentials.secret_access_key).must_equal credentials[:secret_access_key] @@ -147,7 +148,7 @@ end it 'retries Google auth when invalid credentials are provided' do - system.times(4) + system.times(5) @oauth_default.once Aws::Google.any_instance.expects(:google_oauth).returns(oauth) Aws::Google.new(config).credentials @@ -198,7 +199,7 @@ end it 'refreshes Google auth token when expired' do - system.times(4) + system.times(5) @oauth_default.once Aws::Google.any_instance.expects(:google_oauth).returns(oauth).once Aws::Google.new(config).credentials @@ -218,7 +219,7 @@ Aws::Google.stubs(:config).returns(config) @oauth_default.once - system.times(4) + system.times(5) c = Aws::STS::Client.new(region: 'us-east-1').config.credentials _(c.credentials.access_key_id).must_equal credentials[:access_key_id] From fd6148360a67d247989b6ae665894fb69ae94bae Mon Sep 17 00:00:00 2001 From: Darin Webb Date: Wed, 2 Oct 2024 22:08:16 -0500 Subject: [PATCH 03/21] fix ruby version in dockerfile --- Dockerfile | 2 +- docker-compose.yml | 2 -- 2 files changed, 1 insertion(+), 3 deletions(-) diff --git a/Dockerfile b/Dockerfile index 3ec5451..e99fa98 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,5 +1,5 @@ # Base image for Ruby (you can specify a version) -FROM ruby:3.9.1 +FROM ruby:3.0.5 # Install any system dependencies (adjust based on your gem's needs) RUN apt-get update -qq && apt-get install -y build-essential libpq-dev nodejs diff --git a/docker-compose.yml b/docker-compose.yml index 1c848fe..5af0855 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -6,5 +6,3 @@ services: - .:/app # Map the current directory to /app inside the container stdin_open: true tty: true - ports: - - "3000:3000" # If you're using a server (e.g., for testing with Rails), map the port From 6b6346c6ac7736a2c2800c2c26b22e4861aca674 Mon Sep 17 00:00:00 2001 From: Darin Webb Date: Wed, 2 Oct 2024 22:28:34 -0500 Subject: [PATCH 04/21] refactor docker implementation and update Readme --- Dockerfile | 11 ----------- README.md | 16 ++++++++++++++-- docker-compose.yml | 8 ++++---- 3 files changed, 18 insertions(+), 17 deletions(-) delete mode 100644 Dockerfile diff --git a/Dockerfile b/Dockerfile deleted file mode 100644 index e99fa98..0000000 --- a/Dockerfile +++ /dev/null @@ -1,11 +0,0 @@ -# Base image for Ruby (you can specify a version) -FROM ruby:3.0.5 - -# Install any system dependencies (adjust based on your gem's needs) -RUN apt-get update -qq && apt-get install -y build-essential libpq-dev nodejs - -# Set the working directory inside the container -WORKDIR /app - -# Expose a shell to allow interaction inside the container -CMD ["/bin/bash"] diff --git a/README.md b/README.md index 1ecfd6c..c1ab979 100644 --- a/README.md +++ b/README.md @@ -93,9 +93,21 @@ The extra `credential_process` config line tells AWS to [Source Credentials with ## Development -After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake test` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment. +Prerequisites: -To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and tags, and push the `.gem` file to [rubygems.org](https://rubygems.org). +* Ruby 3.0.5 + +You can have Ruby installed locally, or use Docker and mount this repository into a Ruby container. By using Docker you can avoid conflicts with differing Ruby versions or other installed gems. To run and 'bash' into a Ruby container, install Docker and run the following. See [docker-compose.yml](docker-compose.yml) for details, or to experiment with different Ruby versions. + +``` +docker compose run ruby +``` + +With either option, run `bin/setup` to install dependencies. Then, run `rake test` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment. + +To install this gem onto your local machine, run `bundle exec rake install`. + +To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and tags, and push the `.gem` file to [rubygems.org](https://rubygems.org). ## Contributing diff --git a/docker-compose.yml b/docker-compose.yml index 5af0855..3e3b765 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,8 +1,8 @@ version: '3' services: ruby: - build: . + image: ruby:3.0.5 volumes: - - .:/app # Map the current directory to /app inside the container - stdin_open: true - tty: true + - .:/app + working_dir: /app + command: bash \ No newline at end of file From df570201e9fdd4bc066f01b879d340cdd7ee0695 Mon Sep 17 00:00:00 2001 From: Darin Webb Date: Wed, 2 Oct 2024 22:42:57 -0500 Subject: [PATCH 05/21] switch back to custom dockerfile --- Dockerfile | 8 ++++++++ README.md | 3 ++- docker-compose.yml | 2 +- 3 files changed, 11 insertions(+), 2 deletions(-) create mode 100644 Dockerfile diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..f038c68 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,8 @@ +FROM ruby:3.0.5 + +WORKDIR /app + +# Copy bare minimum files to install gems +COPY Gemfile aws-google.gemspec /app/ +COPY lib /app/lib +RUN bundle install diff --git a/README.md b/README.md index c1ab979..c096056 100644 --- a/README.md +++ b/README.md @@ -97,9 +97,10 @@ Prerequisites: * Ruby 3.0.5 -You can have Ruby installed locally, or use Docker and mount this repository into a Ruby container. By using Docker you can avoid conflicts with differing Ruby versions or other installed gems. To run and 'bash' into a Ruby container, install Docker and run the following. See [docker-compose.yml](docker-compose.yml) for details, or to experiment with different Ruby versions. +You can have Ruby installed locally, or use Docker and mount this repository into a Ruby container. By using Docker you can avoid conflicts with differing Ruby versions or other installed gems. To run and 'bash' into a Ruby container, install Docker and run the following. See [docker-compose.yml](docker-compose.yml) for details. ``` +docker compose build docker compose run ruby ``` diff --git a/docker-compose.yml b/docker-compose.yml index 3e3b765..2637cd4 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,7 +1,7 @@ version: '3' services: ruby: - image: ruby:3.0.5 + build: . volumes: - .:/app working_dir: /app From 22da27699178cba5ee9fa5ee8f4b8d5bc4d27ede Mon Sep 17 00:00:00 2001 From: Darin Webb Date: Wed, 2 Oct 2024 22:48:42 -0500 Subject: [PATCH 06/21] add pr verification github action --- .github/workflows/pr-verify.yml | 44 +++++++++++++++++++++++++++++++++ 1 file changed, 44 insertions(+) create mode 100644 .github/workflows/pr-verify.yml diff --git a/.github/workflows/pr-verify.yml b/.github/workflows/pr-verify.yml new file mode 100644 index 0000000..e010b50 --- /dev/null +++ b/.github/workflows/pr-verify.yml @@ -0,0 +1,44 @@ +name: Run Tests + +on: + pull_request: + branches: + - main + push: + branches: + - darin/update-aws-sdk + +jobs: + # Test on code-dot-org Ruby version + test_3_0_5: + runs-on: ubuntu-latest + + steps: + - name: Checkout code + uses: actions/checkout@v3 + + - name: Set up Ruby + uses: ruby/setup-ruby@v1 + with: + ruby-version: 3.0.5 + bundler-cache: true + + - name: Run tests + run: rake test + + # Test on latest Ruby + test_3_3: + runs-on: ubuntu-latest + + steps: + - name: Checkout code + uses: actions/checkout@v3 + + - name: Set up Ruby + uses: ruby/setup-ruby@v1 + with: + ruby-version: 3.3 + bundler-cache: true + + - name: Run tests + run: rake test \ No newline at end of file From a275c64f3e20249bd93f9f094df78b78a7b22595 Mon Sep 17 00:00:00 2001 From: Darin Webb Date: Wed, 2 Oct 2024 22:50:19 -0500 Subject: [PATCH 07/21] install gems in GitHub action --- .github/workflows/pr-verify.yml | 27 +++++++++++++++------------ 1 file changed, 15 insertions(+), 12 deletions(-) diff --git a/.github/workflows/pr-verify.yml b/.github/workflows/pr-verify.yml index e010b50..5f88602 100644 --- a/.github/workflows/pr-verify.yml +++ b/.github/workflows/pr-verify.yml @@ -23,22 +23,25 @@ jobs: ruby-version: 3.0.5 bundler-cache: true + - name: Install gems + run: bundle install + - name: Run tests run: rake test # Test on latest Ruby - test_3_3: - runs-on: ubuntu-latest + # test_3_3: + # runs-on: ubuntu-latest - steps: - - name: Checkout code - uses: actions/checkout@v3 + # steps: + # - name: Checkout code + # uses: actions/checkout@v3 - - name: Set up Ruby - uses: ruby/setup-ruby@v1 - with: - ruby-version: 3.3 - bundler-cache: true + # - name: Set up Ruby + # uses: ruby/setup-ruby@v1 + # with: + # ruby-version: 3.3 + # bundler-cache: true - - name: Run tests - run: rake test \ No newline at end of file + # - name: Run tests + # run: rake test \ No newline at end of file From a4bf6db5234176d4ce133d6f7d787454bc75b7c6 Mon Sep 17 00:00:00 2001 From: Darin Webb Date: Wed, 2 Oct 2024 22:51:08 -0500 Subject: [PATCH 08/21] try bundle exec in github action --- .github/workflows/pr-verify.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/pr-verify.yml b/.github/workflows/pr-verify.yml index 5f88602..4eb4dff 100644 --- a/.github/workflows/pr-verify.yml +++ b/.github/workflows/pr-verify.yml @@ -27,7 +27,7 @@ jobs: run: bundle install - name: Run tests - run: rake test + run: bundle exec rake test # Test on latest Ruby # test_3_3: From b3ac79b9b0cf5b60677664e40ffd6c030008de1b Mon Sep 17 00:00:00 2001 From: Darin Webb Date: Wed, 2 Oct 2024 22:52:58 -0500 Subject: [PATCH 09/21] add tests for ruby 3.3 --- .github/workflows/pr-verify.yml | 35 ++++++++++++++++++--------------- 1 file changed, 19 insertions(+), 16 deletions(-) diff --git a/.github/workflows/pr-verify.yml b/.github/workflows/pr-verify.yml index 4eb4dff..105bc91 100644 --- a/.github/workflows/pr-verify.yml +++ b/.github/workflows/pr-verify.yml @@ -29,19 +29,22 @@ jobs: - name: Run tests run: bundle exec rake test - # Test on latest Ruby - # test_3_3: - # runs-on: ubuntu-latest - - # steps: - # - name: Checkout code - # uses: actions/checkout@v3 - - # - name: Set up Ruby - # uses: ruby/setup-ruby@v1 - # with: - # ruby-version: 3.3 - # bundler-cache: true - - # - name: Run tests - # run: rake test \ No newline at end of file + #Test on latest Ruby + test_3_3: + runs-on: ubuntu-latest + + steps: + - name: Checkout code + uses: actions/checkout@v3 + + - name: Set up Ruby + uses: ruby/setup-ruby@v1 + with: + ruby-version: 3.3 + bundler-cache: true + + - name: Install gems + run: bundle install + + - name: Run tests + run: rake test \ No newline at end of file From 8fa802383d9a3ac2efe300670f2978ab0890691d Mon Sep 17 00:00:00 2001 From: Darin Webb Date: Wed, 2 Oct 2024 22:54:31 -0500 Subject: [PATCH 10/21] skip degraded test --- test/aws/google_test.rb | 1 + 1 file changed, 1 insertion(+) diff --git a/test/aws/google_test.rb b/test/aws/google_test.rb index 3c2504d..63fe09e 100644 --- a/test/aws/google_test.rb +++ b/test/aws/google_test.rb @@ -97,6 +97,7 @@ end it 'refreshes expired credentials' do + skip 'This test appears to have been failing for a long time. See comment in test.' config[:client].stub_responses( :assume_role_with_web_identity, [ From 3fe7b0ed364e81d33fcb39a15dd418f523e94ffb Mon Sep 17 00:00:00 2001 From: Darin Webb Date: Wed, 2 Oct 2024 22:55:56 -0500 Subject: [PATCH 11/21] fix github action --- .github/workflows/pr-verify.yml | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/.github/workflows/pr-verify.yml b/.github/workflows/pr-verify.yml index 105bc91..ed8ec64 100644 --- a/.github/workflows/pr-verify.yml +++ b/.github/workflows/pr-verify.yml @@ -4,9 +4,6 @@ on: pull_request: branches: - main - push: - branches: - - darin/update-aws-sdk jobs: # Test on code-dot-org Ruby version @@ -47,4 +44,4 @@ jobs: run: bundle install - name: Run tests - run: rake test \ No newline at end of file + run: bundle install rake test \ No newline at end of file From 4a32047eec5dc36665cd33695112a7431793e96e Mon Sep 17 00:00:00 2001 From: Darin Webb Date: Wed, 2 Oct 2024 23:02:01 -0500 Subject: [PATCH 12/21] poke ci From 10f1e48d5b364f6fc5c193735cd48e4b6188b2cc Mon Sep 17 00:00:00 2001 From: Darin Webb Date: Wed, 2 Oct 2024 23:03:22 -0500 Subject: [PATCH 13/21] fix syntax error --- .github/workflows/pr-verify.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/pr-verify.yml b/.github/workflows/pr-verify.yml index ed8ec64..72a24a2 100644 --- a/.github/workflows/pr-verify.yml +++ b/.github/workflows/pr-verify.yml @@ -44,4 +44,4 @@ jobs: run: bundle install - name: Run tests - run: bundle install rake test \ No newline at end of file + run: bundle exec rake test \ No newline at end of file From 9afc055ceb5198887ce45c682297d2b11f22acf8 Mon Sep 17 00:00:00 2001 From: Darin Webb Date: Wed, 2 Oct 2024 23:08:23 -0500 Subject: [PATCH 14/21] Update Rakefile revert rakefile changes --- Rakefile | 4 ---- 1 file changed, 4 deletions(-) diff --git a/Rakefile b/Rakefile index 50565b7..4b2b782 100644 --- a/Rakefile +++ b/Rakefile @@ -5,10 +5,6 @@ Rake::TestTask.new(:test) do |t| t.libs << 'test' t.libs << 'lib' t.test_files = FileList['test/**/*_test.rb'] - - # Enable detailed warnings - t.ruby_opts << '-W2' - t.verbose = true # Shows the detailed output of each test end task default: :test From f38f17605a649acf7a4be540816a1d233fbb0140 Mon Sep 17 00:00:00 2001 From: Darin Webb Date: Wed, 2 Oct 2024 23:09:13 -0500 Subject: [PATCH 15/21] Update docker-compose.yml add final newline --- docker-compose.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-compose.yml b/docker-compose.yml index 2637cd4..a1b9691 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -5,4 +5,4 @@ services: volumes: - .:/app working_dir: /app - command: bash \ No newline at end of file + command: bash From 586d47fa6f0407c948cf6ab9c487c56b35e202d3 Mon Sep 17 00:00:00 2001 From: Darin Webb Date: Mon, 21 Oct 2024 23:53:18 -0500 Subject: [PATCH 16/21] update aws-sdk-core gem --- aws-google.gemspec | 2 +- test/aws/google_test.rb | 3 +-- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/aws-google.gemspec b/aws-google.gemspec index 37b0bd2..a80635f 100644 --- a/aws-google.gemspec +++ b/aws-google.gemspec @@ -22,7 +22,7 @@ Gem::Specification.new do |spec| spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) } spec.require_paths = ['lib'] - spec.add_dependency 'aws-sdk-core', '~> 3.209.1' + spec.add_dependency 'aws-sdk-core', '~> 3.211.0' spec.add_dependency 'google-apis-core', '~> 0.15.1' spec.add_dependency 'launchy', '~> 3.0.1' diff --git a/test/aws/google_test.rb b/test/aws/google_test.rb index 63fe09e..ba2359e 100644 --- a/test/aws/google_test.rb +++ b/test/aws/google_test.rb @@ -97,7 +97,6 @@ end it 'refreshes expired credentials' do - skip 'This test appears to have been failing for a long time. See comment in test.' config[:client].stub_responses( :assume_role_with_web_identity, [ @@ -109,7 +108,7 @@ expiration = provider.expiration _(expiration).must_equal(provider.expiration) Timecop.travel(1.5.hours.from_now) do - # This test is failing. I don't see where we'd be triggering a refresh, and some debugging sugguests the refresh logic is never called. + provider.refresh! _(expiration).wont_equal(provider.expiration) end end From 7cf84be43c226b9b823f68d6b1347968a9b195bd Mon Sep 17 00:00:00 2001 From: Darin Webb Date: Mon, 21 Oct 2024 23:55:31 -0500 Subject: [PATCH 17/21] linting --- .github/workflows/pr-verify.yml | 2 +- lib/aws/google/cached_credentials.rb | 39 ++++++++-------------------- 2 files changed, 12 insertions(+), 29 deletions(-) diff --git a/.github/workflows/pr-verify.yml b/.github/workflows/pr-verify.yml index 72a24a2..059ef8a 100644 --- a/.github/workflows/pr-verify.yml +++ b/.github/workflows/pr-verify.yml @@ -44,4 +44,4 @@ jobs: run: bundle install - name: Run tests - run: bundle exec rake test \ No newline at end of file + run: bundle exec rake test diff --git a/lib/aws/google/cached_credentials.rb b/lib/aws/google/cached_credentials.rb index 9c2d62e..61c93dd 100644 --- a/lib/aws/google/cached_credentials.rb +++ b/lib/aws/google/cached_credentials.rb @@ -17,45 +17,28 @@ def initialize(options = {}) @profile = options[:profile] || ENV['AWS_PROFILE'] || ENV['AWS_DEFAULT_PROFILE'] || 'default' @session_profile = @profile + '_session' - @expiration = begin - Aws.shared_config.expiration(profile: @session_profile) - rescue StandardError - nil - end - @credentials = begin - Aws.shared_config.credentials(profile: @session_profile) - rescue StandardError - nil - end + @expiration = Aws.shared_config.expiration(profile: @session_profile) rescue nil + @credentials = Aws.shared_config.credentials(profile: @session_profile) rescue nil refresh_if_near_expiration end def refresh_if_near_expiration - return unless near_expiration?(SYNC_EXPIRATION_LENGTH) - - @mutex.synchronize do - if near_expiration?(SYNC_EXPIRATION_LENGTH) - refresh - write_credentials + if near_expiration?(SYNC_EXPIRATION_LENGTH) + @mutex.synchronize do + if near_expiration?(SYNC_EXPIRATION_LENGTH) + refresh + write_credentials + end end end end # Write credentials and expiration to AWS credentials file. def write_credentials - # Ensure the AWS CLI is available before attempting to write credentials. + # AWS CLI is needed because writing AWS credentials is not supported by the AWS Ruby SDK. return unless system('which aws >/dev/null 2>&1') - - # Manually map the credentials to the keys used by AWS CLI - credentials_map = { - 'aws_access_key_id' => @credentials.access_key_id, - 'aws_secret_access_key' => @credentials.secret_access_key, - 'aws_session_token' => @credentials.session_token, - 'expiration' => @expiration - } - - # Use the AWS CLI to set the credentials in the session profile - credentials_map.each do |key, value| + Aws::SharedCredentials::KEY_MAP.transform_values(&@credentials.method(:send)). + merge(expiration: @expiration).each do |key, value| system("aws configure set #{key} #{value} --profile #{@session_profile}") end end From 941ea8d52105a1a2ed951a4ec9236ffd05071e71 Mon Sep 17 00:00:00 2001 From: Darin Webb Date: Mon, 21 Oct 2024 23:56:44 -0500 Subject: [PATCH 18/21] revert rakefile --- Rakefile | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/Rakefile b/Rakefile index 4b2b782..d6c5113 100644 --- a/Rakefile +++ b/Rakefile @@ -1,10 +1,10 @@ -require 'bundler/gem_tasks' -require 'rake/testtask' +require "bundler/gem_tasks" +require "rake/testtask" Rake::TestTask.new(:test) do |t| - t.libs << 'test' - t.libs << 'lib' + t.libs << "test" + t.libs << "lib" t.test_files = FileList['test/**/*_test.rb'] end -task default: :test +task :default => :test From 5d43d4ea48787c551e07d5416add1d304425ac49 Mon Sep 17 00:00:00 2001 From: Darin Webb Date: Tue, 22 Oct 2024 20:07:15 -0500 Subject: [PATCH 19/21] Explicitly map credentials keys --- lib/aws/google/cached_credentials.rb | 27 ++++++++++++++++++--------- 1 file changed, 18 insertions(+), 9 deletions(-) diff --git a/lib/aws/google/cached_credentials.rb b/lib/aws/google/cached_credentials.rb index 61c93dd..de3b032 100644 --- a/lib/aws/google/cached_credentials.rb +++ b/lib/aws/google/cached_credentials.rb @@ -23,22 +23,31 @@ def initialize(options = {}) end def refresh_if_near_expiration - if near_expiration?(SYNC_EXPIRATION_LENGTH) - @mutex.synchronize do - if near_expiration?(SYNC_EXPIRATION_LENGTH) - refresh - write_credentials - end + return unless near_expiration?(SYNC_EXPIRATION_LENGTH) + + @mutex.synchronize do + if near_expiration?(SYNC_EXPIRATION_LENGTH) + refresh + write_credentials end end end # Write credentials and expiration to AWS credentials file. def write_credentials - # AWS CLI is needed because writing AWS credentials is not supported by the AWS Ruby SDK. + # Ensure the AWS CLI is available before attempting to write credentials. return unless system('which aws >/dev/null 2>&1') - Aws::SharedCredentials::KEY_MAP.transform_values(&@credentials.method(:send)). - merge(expiration: @expiration).each do |key, value| + + # Manually map the credentials to the keys used by AWS CLI + credentials_map = { + 'aws_access_key_id' => @credentials.access_key_id, + 'aws_secret_access_key' => @credentials.secret_access_key, + 'aws_session_token' => @credentials.session_token, + 'expiration' => @expiration + } + + # Use the AWS CLI to set the credentials in the session profile + credentials_map.each do |key, value| system("aws configure set #{key} #{value} --profile #{@session_profile}") end end From 7fb5e05f484e7873dd07b8ae4529052eda9677c5 Mon Sep 17 00:00:00 2001 From: Darin Webb Date: Fri, 15 Nov 2024 15:53:48 -0600 Subject: [PATCH 20/21] remove obsolete docker compose version --- docker-compose.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/docker-compose.yml b/docker-compose.yml index a1b9691..a39c309 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,4 +1,3 @@ -version: '3' services: ruby: build: . From 02d2408580ef157b013b93f023d694e4cd984928 Mon Sep 17 00:00:00 2001 From: Darin Webb Date: Fri, 15 Nov 2024 16:02:59 -0600 Subject: [PATCH 21/21] update gem version number --- lib/aws/google/version.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/aws/google/version.rb b/lib/aws/google/version.rb index d3ff4cf..77db7b7 100644 --- a/lib/aws/google/version.rb +++ b/lib/aws/google/version.rb @@ -1,5 +1,5 @@ module Aws class Google - VERSION = '0.2.0'.freeze + VERSION = '0.2.1'.freeze end end