vagrant-gsauth

Private, versioned Vagrant boxes hosted in Google Cloud Storage.

Installation

From the command line:

$ vagrant plugin install vagrant-gsauth

Requirements

• Vagrant, v1.5.1+

Usage

vagrant-gsauth will parse GS URLs:

gs://bucket/path/to/metadata

And authorize the request using your Google Cloud SDK login.

This means you can host your team's sensitive, private boxes in Google Storage, and use your developers' existing Google credentials to securely grant access.

If you've already got your credentials stored in the standard environment variables:

# Vagrantfile

Vagrant.configure('2') do |config|
  config.vm.box     = 'simple-secrets'
  config.vm.box_url = 'gs://example.com/secret.box'
end

Configuration

Google Cloud credentials

https://cloud.google.com/sdk/

GS URLs

You can use the gs protocol shorthand

gs://bucket/resource

which expands to full path HTTPS URL.

Simple boxes

Simply point your box_url at a google storage URL:

Vagrant.configure('2') do |config|
  config.vm.box     = 'simple-secrets'
  config.vm.box_url = 'gs://bucket/secret.box'
end

Metadata (versioned) boxes

Metadata boxes were added to Vagrant in 1.5 and power Vagrant Cloud. You can host your own metadata and bypass Vagrant Cloud entirely.

Essentially, you point your box_url at a JSON metadata file that tells Vagrant where to find all possible versions:

# Vagrantfile

Vagrant.configure('2') do |config|
  config.vm.box     = 'examplecorp/secrets'
  config.vm.box_url = 'gs://bucket/secrets'
end

"gs://bucket/secrets"

{
  "name": "examplecorp/secrets",
  "description": "This box contains company secrets.",
  "versions": [{
    "version": "0.1.0",
    "providers": [{
      "name": "virtualbox",
      "url": "gs://bucket/secrets/1.0.0/secrets.box",
      "checksum_type": "sha1",
      "checksum": "foo"
    }]
  }]
}

IMPORTANT: Your metadata must be served with Content-Type: application/json or Vagrant will not recognize it as metadata!

Auto-install

The beauty of Vagrant is the magic of "vagrant up and done." Making your users install a plugin is lame.

But wait! Just stick some shell in your Vagrantfile:

unless Vagrant.has_plugin?('vagrant-gsauth')
  # Attempt to install ourself. Bail out on failure so we don't get stuck in an
  # infinite loop.
  system('vagrant plugin install vagrant-gsauth') || exit!

  # Relaunch Vagrant so the plugin is detected. Exit with the same status code.
  exit system('vagrant', *ARGV)
end