Commit 12100876 authored by Stan Hu's avatar Stan Hu

Update fog-aws to v3.6.7

This adds support for retrieving credentials via the instance metadata
server v2 (IMDSv2).

Closes https://gitlab.com/gitlab-org/gitlab/-/issues/287816

List of changes:
https://github.com/fog/fog-aws/blob/master/CHANGELOG.md

Diff:
https://github.com/fog/fog-aws/compare/v3.5.2..v3.6.7
parent 078ebbe1
...@@ -115,7 +115,7 @@ gem 'carrierwave', '~> 1.3' ...@@ -115,7 +115,7 @@ gem 'carrierwave', '~> 1.3'
gem 'mini_magick', '~> 4.10.1' gem 'mini_magick', '~> 4.10.1'
# for backups # for backups
gem 'fog-aws', '~> 3.5' gem 'fog-aws', '~> 3.6'
# Locked until fog-google resolves https://github.com/fog/fog-google/issues/421. # Locked until fog-google resolves https://github.com/fog/fog-google/issues/421.
# Also see config/initializers/fog_core_patch.rb. # Also see config/initializers/fog_core_patch.rb.
gem 'fog-core', '= 2.1.0' gem 'fog-core', '= 2.1.0'
......
...@@ -361,7 +361,7 @@ GEM ...@@ -361,7 +361,7 @@ GEM
fog-json fog-json
ipaddress (~> 0.8) ipaddress (~> 0.8)
xml-simple (~> 1.1) xml-simple (~> 1.1)
fog-aws (3.5.2) fog-aws (3.6.7)
fog-core (~> 2.1) fog-core (~> 2.1)
fog-json (~> 1.1) fog-json (~> 1.1)
fog-xml (~> 0.1) fog-xml (~> 0.1)
...@@ -1332,7 +1332,7 @@ DEPENDENCIES ...@@ -1332,7 +1332,7 @@ DEPENDENCIES
flipper-active_support_cache_store (~> 0.17.1) flipper-active_support_cache_store (~> 0.17.1)
flowdock (~> 0.7) flowdock (~> 0.7)
fog-aliyun (~> 0.3) fog-aliyun (~> 0.3)
fog-aws (~> 3.5) fog-aws (~> 3.6)
fog-core (= 2.1.0) fog-core (= 2.1.0)
fog-google (~> 1.11) fog-google (~> 1.11)
fog-local (~> 0.6) fog-local (~> 0.6)
......
---
title: Update fog-aws to v3.6.7
merge_request: 48519
author:
type: fixed
...@@ -292,6 +292,7 @@ RSpec.describe ObjectStorage::DirectUpload do ...@@ -292,6 +292,7 @@ RSpec.describe ObjectStorage::DirectUpload do
context 'when IAM profile is true' do context 'when IAM profile is true' do
let(:use_iam_profile) { true } let(:use_iam_profile) { true }
let(:iam_credentials_v2_url) { "http://169.254.169.254/latest/api/token" }
let(:iam_credentials_url) { "http://169.254.169.254/latest/meta-data/iam/security-credentials/" } let(:iam_credentials_url) { "http://169.254.169.254/latest/meta-data/iam/security-credentials/" }
let(:iam_credentials) do let(:iam_credentials) do
{ {
...@@ -303,6 +304,9 @@ RSpec.describe ObjectStorage::DirectUpload do ...@@ -303,6 +304,9 @@ RSpec.describe ObjectStorage::DirectUpload do
end end
before do before do
# If IMDSv2 is disabled, we should still fall back to IMDSv1
stub_request(:put, iam_credentials_v2_url)
.to_return(status: 404)
stub_request(:get, iam_credentials_url) stub_request(:get, iam_credentials_url)
.to_return(status: 200, body: "somerole", headers: {}) .to_return(status: 200, body: "somerole", headers: {})
stub_request(:get, "#{iam_credentials_url}somerole") stub_request(:get, "#{iam_credentials_url}somerole")
...@@ -310,6 +314,21 @@ RSpec.describe ObjectStorage::DirectUpload do ...@@ -310,6 +314,21 @@ RSpec.describe ObjectStorage::DirectUpload do
end end
it_behaves_like 'a valid S3 upload without multipart data' it_behaves_like 'a valid S3 upload without multipart data'
context 'when IMSDv2 is available' do
let(:iam_token) { 'mytoken' }
before do
stub_request(:put, iam_credentials_v2_url)
.to_return(status: 200, body: iam_token)
stub_request(:get, iam_credentials_url).with(headers: { "X-aws-ec2-metadata-token" => iam_token })
.to_return(status: 200, body: "somerole", headers: {})
stub_request(:get, "#{iam_credentials_url}somerole").with(headers: { "X-aws-ec2-metadata-token" => iam_token })
.to_return(status: 200, body: iam_credentials.to_json, headers: {})
end
it_behaves_like 'a valid S3 upload without multipart data'
end
end end
end end
......
...@@ -515,7 +515,7 @@ RSpec.describe ObjectStorage do ...@@ -515,7 +515,7 @@ RSpec.describe ObjectStorage do
end end
context 'uses AWS' do context 'uses AWS' do
let(:storage_url) { "https://uploads.s3-eu-central-1.amazonaws.com/" } let(:storage_url) { "https://uploads.s3.eu-central-1.amazonaws.com/" }
let(:credentials) do let(:credentials) do
{ {
provider: "AWS", provider: "AWS",
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment