Skip to content
This repository

support fog's new use_iam_profile option #203

Closed
wants to merge 1 commit into from

3 participants

Frederick Cheung Mark Evans Daniel Pehrson
Frederick Cheung

EC2 recently gained the option for credentials to be fetched from the instance metadata service rather than embedding them in a credentials file. This patch allows dragonfly to do this (via fog's support for this - currently on master but unreleased)

Frederick Cheung

This has been part of the recent releases of fog - it would be great if dragonfly was able to use it. Perhaps it would be better to make it so that dragonfly is less tightly coupled to fog? Instead of the current setup users could pass a hash of options that would be passed through verbatim to fog

Mark Evans
Owner

hi - sorry for the massively late response on the original request - I agree - passing through options verbatim simplifies things a bit. I'll merge this in soon, though FYI I will also at some point move S3, Mongo and Couch datastores out of core and into their own self-contained gems
thanks again

Frederick Cheung

That sounds like a great plan

Daniel Pehrson

Just wanted to pop in here and give a +1 on this. In the process of setting up the CloudFormation infrastructure for an app that will use DragonFly and IAM Instance Profiles are very attractive for credential management.

Thank to both of you for working on this, can' wait to see it merged.

Mark Evans
Owner

sorry again for the delay - I've merged via a cherry-pick in master (still plan to separate out into a separate gem though!)

Mark Evans markevans closed this August 15, 2013
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Showing 1 unique commit by 1 author.

Jun 24, 2012
Frederick Cheung support fog's new use_iam_profile option e571779
This page is out of date. Refresh to see the latest.
17  lib/dragonfly/data_storage/s3data_store.rb
@@ -12,6 +12,7 @@ class S3DataStore
12 12
       configurable_attr :access_key_id
13 13
       configurable_attr :secret_access_key
14 14
       configurable_attr :region
  15
+      configurable_attr :use_iam_profile
15 16
       configurable_attr :use_filesystem, true
16 17
       configurable_attr :storage_headers, {'x-amz-acl' => 'public-read'}
17 18
       configurable_attr :url_scheme, 'http'
@@ -33,6 +34,7 @@ def initialize(opts={})
33 34
         self.access_key_id = opts[:access_key_id]
34 35
         self.secret_access_key = opts[:secret_access_key]
35 36
         self.region = opts[:region]
  37
+        self.use_iam_profile = opts[:use_iam_profile]
36 38
       end
37 39
 
38 40
       def store(temp_object, opts={})
@@ -96,12 +98,13 @@ def domain
96 98
 
97 99
       def storage
98 100
         @storage ||= begin
99  
-          storage = Fog::Storage.new(
  101
+          storage = Fog::Storage.new({
100 102
             :provider => 'AWS',
101 103
             :aws_access_key_id => access_key_id,
102 104
             :aws_secret_access_key => secret_access_key,
103  
-            :region => region
104  
-          )
  105
+            :region => region,
  106
+            :use_iam_profile => use_iam_profile
  107
+          }.reject {|name, option| option.nil?})
105 108
           storage.sync_clock
106 109
           storage
107 110
         end
@@ -118,8 +121,12 @@ def bucket_exists?
118 121
 
119 122
       def ensure_configured
120 123
         unless @configured
121  
-          [:bucket_name, :access_key_id, :secret_access_key].each do |attr|
122  
-            raise NotConfigured, "You need to configure #{self.class.name} with #{attr}" if send(attr).nil?
  124
+          if use_iam_profile
  125
+            raise NotConfigured, "You need to configure #{self.class.name} with #{attr}" if bucket_name.nil?
  126
+          else
  127
+            [:bucket_name, :access_key_id, :secret_access_key].each do |attr|
  128
+              raise NotConfigured, "You need to configure #{self.class.name} with #{attr}" if send(attr).nil?
  129
+            end
123 130
           end
124 131
           @configured = true
125 132
         end
10  spec/dragonfly/data_storage/s3_data_store_spec.rb
@@ -176,6 +176,16 @@
176 176
       @data_store.secret_access_key = nil
177 177
       proc{ @data_store.retrieve('asdf') }.should raise_error(Dragonfly::Configurable::NotConfigured)
178 178
     end
  179
+    
  180
+    if !enabled #this will fail since the specs are not running on an ec2 instance with an iam role defined
  181
+      it 'should allow missing secret key and access key on store if iam profiles are allowed' do
  182
+        @data_store.use_iam_profile = true
  183
+        @data_store.secret_access_key = nil
  184
+        @data_store.access_key_id = nil
  185
+        proc{ @data_store.store(@temp_object) }.should_not raise_error(Dragonfly::Configurable::NotConfigured)
  186
+      end
  187
+    end
  188
+      
179 189
   end
180 190
 
181 191
   describe "autocreating the bucket" do
Commit_comment_tip

Tip: You can add notes to lines in a file. Hover to the left of a line to make a note

Something went wrong with that request. Please try again.