Merge branch 'sh-update-fog-aws' into 'master'

Update fog-aws to v3.6.7 [RUN AS-IF-FOSS] See merge request gitlab-org/gitlab!48519

Merge branch 'sh-update-fog-aws' into 'master'
Update fog-aws to v3.6.7 [RUN AS-IF-FOSS] See merge request gitlab-org/gitlab!48519
c0c3f829 · Douglas Barbosa Alexandre · c428b409 · 12100876 · c0c3f829 · c0c3f829
Commit c0c3f829 authored Nov 25, 2020 by Douglas Barbosa Alexandre
5 changed files
--- a/Gemfile
+++ b/Gemfile
@@ -115,7 +115,7 @@ gem 'carrierwave', '~> 1.3'
 gem 'mini_magick', '~> 4.10.1'

 # for backups
-gem 'fog-aws', '~> 3.5'
+gem 'fog-aws', '~> 3.6'
 # Locked until fog-google resolves https://github.com/fog/fog-google/issues/421.
 # Also see config/initializers/fog_core_patch.rb.
 gem 'fog-core', '= 2.1.0'

--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -361,7 +361,7 @@ GEM
      fog-json
      ipaddress (~> 0.8)
      xml-simple (~> 1.1)
-    fog-aws (3.5.2)
+    fog-aws (3.6.7)
      fog-core (~> 2.1)
      fog-json (~> 1.1)
      fog-xml (~> 0.1)
@@ -1332,7 +1332,7 @@ DEPENDENCIES
  flipper-active_support_cache_store (~> 0.17.1)
  flowdock (~> 0.7)
  fog-aliyun (~> 0.3)
-  fog-aws (~> 3.5)
+  fog-aws (~> 3.6)
  fog-core (= 2.1.0)
  fog-google (~> 1.11)
  fog-local (~> 0.6)

--- a/changelogs/unreleased/sh-update-fog-aws.yml
+++ b/changelogs/unreleased/sh-update-fog-aws.yml
+---
+title: Update fog-aws to v3.6.7
+merge_request: 48519
+author:
+type: fixed
--- a/spec/lib/object_storage/direct_upload_spec.rb
+++ b/spec/lib/object_storage/direct_upload_spec.rb
@@ -292,6 +292,7 @@ RSpec.describe ObjectStorage::DirectUpload do

        context 'when IAM profile is true' do
          let(:use_iam_profile) { true }
+          let(:iam_credentials_v2_url) { "http://169.254.169.254/latest/api/token" }
          let(:iam_credentials_url) { "http://169.254.169.254/latest/meta-data/iam/security-credentials/" }
          let(:iam_credentials) do
            {
@@ -303,6 +304,9 @@ RSpec.describe ObjectStorage::DirectUpload do
          end

          before do
+            # If IMDSv2 is disabled, we should still fall back to IMDSv1
+            stub_request(:put, iam_credentials_v2_url)
+              .to_return(status: 404)
            stub_request(:get, iam_credentials_url)
              .to_return(status: 200, body: "somerole", headers: {})
            stub_request(:get, "#{iam_credentials_url}somerole")
@@ -310,6 +314,21 @@ RSpec.describe ObjectStorage::DirectUpload do
          end

          it_behaves_like 'a valid S3 upload without multipart data'
+
+          context 'when IMSDv2 is available' do
+            let(:iam_token) { 'mytoken' }
+
+            before do
+              stub_request(:put, iam_credentials_v2_url)
+                .to_return(status: 200, body: iam_token)
+              stub_request(:get, iam_credentials_url).with(headers: { "X-aws-ec2-metadata-token" => iam_token })
+                .to_return(status: 200, body: "somerole", headers: {})
+              stub_request(:get, "#{iam_credentials_url}somerole").with(headers: { "X-aws-ec2-metadata-token" => iam_token })
+                .to_return(status: 200, body: iam_credentials.to_json, headers: {})
+            end
+
+            it_behaves_like 'a valid S3 upload without multipart data'
+          end
        end
      end


--- a/spec/uploaders/object_storage_spec.rb
+++ b/spec/uploaders/object_storage_spec.rb
@@ -515,7 +515,7 @@ RSpec.describe ObjectStorage do
        end

        context 'uses AWS' do
-          let(:storage_url) { "https://uploads.s3-eu-central-1.amazonaws.com/" }
+          let(:storage_url) { "https://uploads.s3.eu-central-1.amazonaws.com/" }
          let(:credentials) do
            {
              provider: "AWS",