From 9138a40139e278fa46e33bc19cb457b617cf8d0a Mon Sep 17 00:00:00 2001 From: Justin Emgarten Date: Sun, 2 Apr 2023 11:54:21 -0700 Subject: [PATCH 1/4] Add AWS SSO support --- build/config.props | 2 ++ src/SleetLib/FileSystem/FileSystemFactory.cs | 9 +++++++++ src/SleetLib/SleetLib.csproj | 2 ++ src/SleetLib/Utility/AmazonS3Utility.cs | 11 +++++++++++ 4 files changed, 24 insertions(+) diff --git a/build/config.props b/build/config.props index 9d9a171d..b0652b94 100644 --- a/build/config.props +++ b/build/config.props @@ -10,6 +10,8 @@ 1.5.0 3.7.103.40 3.7.101.38 + 3.7.100.103 + $(AWSSDKSSOVersion) 1.0.6 diff --git a/src/SleetLib/FileSystem/FileSystemFactory.cs b/src/SleetLib/FileSystem/FileSystemFactory.cs index 62428191..2fb3f5bf 100644 --- a/src/SleetLib/FileSystem/FileSystemFactory.cs +++ b/src/SleetLib/FileSystem/FileSystemFactory.cs @@ -172,10 +172,19 @@ public static async Task CreateFileSystemAsync(LocalSettings s if (!string.IsNullOrWhiteSpace(profileName)) { var credFile = new SharedCredentialsFile(); + var chain = new CredentialProfileStoreChain(); + if (credFile.TryGetProfile(profileName, out var profile)) { + // Successfully created the credentials using the profile amazonS3Client = new AmazonS3Client(profile.GetAWSCredentials(profileSource: null), config); } + else if (chain.TryGetAWSCredentials(profileName, out var credentials)) + { + // Successfully created the credentials using a profile with SSO + // This works for identities outside of AWS such as Azure AD and Okta + amazonS3Client = new AmazonS3Client(credentials, config); + } else { throw new ArgumentException($"The specified AWS profileName {profileName} could not be found. The feed must specify a valid profileName for an AWS credentials file. For help on credential files see: https://docs.aws.amazon.com/sdk-for-net/v2/developer-guide/net-dg-config-creds.html#creds-file"); diff --git a/src/SleetLib/SleetLib.csproj b/src/SleetLib/SleetLib.csproj index 496e036f..3a43d0d2 100644 --- a/src/SleetLib/SleetLib.csproj +++ b/src/SleetLib/SleetLib.csproj @@ -20,6 +20,8 @@ + + diff --git a/src/SleetLib/Utility/AmazonS3Utility.cs b/src/SleetLib/Utility/AmazonS3Utility.cs index 4b24812b..f688a8bb 100644 --- a/src/SleetLib/Utility/AmazonS3Utility.cs +++ b/src/SleetLib/Utility/AmazonS3Utility.cs @@ -1,4 +1,6 @@ using System; +using Amazon.Runtime; +using Amazon.Runtime.CredentialManagement; namespace Sleet { @@ -13,5 +15,14 @@ public static Uri GetBucketPath(string bucketName, string region) return new Uri($"https://s3-{region}.amazonaws.com/{bucketName}/"); } + + public static AWSCredentials LoadSsoCredentials() + { + var chain = new CredentialProfileStoreChain(); + if (!chain.TryGetAWSCredentials("my-sso-profile", out var credentials)) + throw new Exception("Failed to find the my-sso-profile profile"); + + return credentials; + } } } From 69f1ab06afe46fef2f08d10cd117346efb8bda33 Mon Sep 17 00:00:00 2001 From: Justin Emgarten Date: Sun, 2 Apr 2023 12:02:02 -0700 Subject: [PATCH 2/4] Update docs for SSO --- ReleaseNotes.md | 1 + doc/feed-type-s3.md | 11 +++++++++++ 2 files changed, 12 insertions(+) diff --git a/ReleaseNotes.md b/ReleaseNotes.md index bdee877c..ed38e9c3 100644 --- a/ReleaseNotes.md +++ b/ReleaseNotes.md @@ -3,6 +3,7 @@ ## 5.1.0 * Added net7.0 support * Update AWS SDK +* Added AWS SSO profile support ## 5.0.6 * Updated NuGet.* packages to 6.2.1 diff --git a/doc/feed-type-s3.md b/doc/feed-type-s3.md index a0176e68..d1a7d19b 100644 --- a/doc/feed-type-s3.md +++ b/doc/feed-type-s3.md @@ -44,6 +44,17 @@ For `.netconfig`, just create or edit the file directly in the [desired location For details on creating a credentials file go [here](https://docs.aws.amazon.com/sdk-for-net/v2/developer-guide/net-dg-config-creds.html#creds-file) +#### Using SSO profiles + +If you are using an SSO profile, you must first log in using the AWS CLI before running sleet to allow SSO profiles to be used. + +Sleet will not prompt for SSO login. + +``` +aws sso login --profile my-sso-profile +``` + + ### Using accessKeyId and secretAccessKey in sleet.json `sleet.json`: From 1188615ef464c9b16cf97c076dc0ac969045c8af Mon Sep 17 00:00:00 2001 From: Justin Emgarten Date: Sun, 2 Apr 2023 13:38:21 -0700 Subject: [PATCH 3/4] Update main readme --- README.md | 23 ++++++++++++++++++++--- 1 file changed, 20 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 2b408ec1..3235c9e9 100644 --- a/README.md +++ b/README.md @@ -2,7 +2,7 @@ | AppVeyor | Travis | Azure Pipelines | | --- | --- | --- | -| [![AppVeyor](https://ci.appveyor.com/api/projects/status/cuhdeq60c3ogy7pa?svg=true)](https://ci.appveyor.com/project/emgarten/sleet) | [![Travis](https://travis-ci.com/emgarten/Sleet.svg?branch=main)](https://travis-ci.com/emgarten/Sleet) | [![VSO](https://hackamore.visualstudio.com/_apis/public/build/definitions/abbff132-0981-4267-a80d-a6e7682a75a9/2/badge)](https://github.com/emgarten/sleet) | +| [![AppVeyor](https://ci.appveyor.com/api/projects/status/cuhdeq60c3ogy7pa?svg=true)](https://ci.appveyor.com/project/emgarten/sleet) | [![VSO](https://hackamore.visualstudio.com/_apis/public/build/definitions/abbff132-0981-4267-a80d-a6e7682a75a9/2/badge)](https://github.com/emgarten/sleet) | # What is Sleet? @@ -11,9 +11,15 @@ Sleet is a static NuGet package feed generator. * **Serverless**. Create static feeds directly on *Azure Storage*, *Amazon S3* or another S3 compatible storage. No compute required. * **Cross platform**. Sleet is built in .NET, it can run on *.NET Framework*, *Mono*, or [dotnet CLI](https://github.com/dotnet/cli) * **Fast.** Static feeds are created using the [NuGet v3 feed format](https://docs.microsoft.com/en-us/nuget/api/overview). -* **Symbol server.** Assemblies and pdb files from packages are automatically indexed and provided as a [symbol server](doc/symbol-server.md). * **Simple.** Sleet is a simple command line tool that can add, remove, and update packages. -* **Flexible.** Feeds can be written to disk and hosted with a web server to support authentication. Use the command line tool or a library to run Sleet programmatically. +* **Flexible.** Configuration and credentials can be set using files, env vars, command line args, or AWS specific patterns to support a variety of workflows and CI builds. + +## Why use static feeds? + +* Package binaries are typically kept outside of git repos, static feeds provide a long term storage solution that can be paired with checked in code. +* NuGet feeds are typically read for restore far more than they are updated. +* Cloud storage accounts are a cheap and secure way to share nupkgs for public feeds. +* You keep full control of your packages. ## Getting Sleet @@ -48,13 +54,24 @@ CI builds are located on the following NuGet feed: The list of packages on this feed is [here](https://nuget.blob.core.windows.net/packages/sleet.packageindex.json). +## Contributing + +We welcome contributions. If you are interested in contributing to Sleet report an issue or open a pull request to propose a change. + ## Sleet is.. Cold static packages from the cloud. ☁️ + 📦 = ❄️ +## History + +Sleet was created to achieve the original goals of the NuGet v3 feed format: Provide maximum availability and performance for NuGet restore by using only static files. + +The v3 feed format was designed to do all compute when pushing a new package since updates are infrequent compared to the number of times a package is read for restore. Static files also remove the need to run a specific server to host the feed, allowing a simple file service to handle it. + ## Related projects * [Sleet.Azure](https://github.com/kzu/Sleet.Azure) provides MSBuild props/targets for running Sleet. +* [Sleet.Search](https://github.com/emgarten/Sleet.Search) provides a search service for Sleet feeds. ## License From 46df2a2c25be5d29e4203ec55f9a4bca3389f5ae Mon Sep 17 00:00:00 2001 From: Justin Emgarten Date: Sun, 2 Apr 2023 13:40:42 -0700 Subject: [PATCH 4/4] Remove unused method --- src/SleetLib/Utility/AmazonS3Utility.cs | 13 ------------- 1 file changed, 13 deletions(-) diff --git a/src/SleetLib/Utility/AmazonS3Utility.cs b/src/SleetLib/Utility/AmazonS3Utility.cs index f688a8bb..2d99f9ee 100644 --- a/src/SleetLib/Utility/AmazonS3Utility.cs +++ b/src/SleetLib/Utility/AmazonS3Utility.cs @@ -1,7 +1,3 @@ -using System; -using Amazon.Runtime; -using Amazon.Runtime.CredentialManagement; - namespace Sleet { public static class AmazonS3Utility @@ -15,14 +11,5 @@ public static Uri GetBucketPath(string bucketName, string region) return new Uri($"https://s3-{region}.amazonaws.com/{bucketName}/"); } - - public static AWSCredentials LoadSsoCredentials() - { - var chain = new CredentialProfileStoreChain(); - if (!chain.TryGetAWSCredentials("my-sso-profile", out var credentials)) - throw new Exception("Failed to find the my-sso-profile profile"); - - return credentials; - } } }