aws-sdk-core 2.0.3 → 2.0.4

data/lib/aws-sdk-core/plugins/s3_region_detection.rb

@@ -0,0 +1,157 @@
+module Aws
+  module Plugins
+    # This plugin is an implementation detail and may be modified.
+    # @api private
+    class S3RegionDetection < Seahorse::Client::Plugin
+
+      # Intentionally not documented - this should go away when all
+      # services support signature version 4 in every region.
+      option(:signature_version) do |cfg|
+        if S3.sigv2_region?(cfg.region)
+          's3'
+        else
+          'v4'
+        end
+      end
+
+      class Handler < Seahorse::Client::Handler
+
+        private
+
+        def new_hostname(context, region)
+          bucket = context.params[:bucket]
+          if region == 'us-east-1'
+            "#{bucket}.s3-external-1.amazonaws.com"
+          else
+            "#{bucket}.s3.#{region}.amazonaws.com"
+          end
+        end
+
+      end
+
+      class CachedBucketRegionHandler < Handler
+
+        def call(context)
+          if bucket = context.params[:bucket]
+            use_regional_endpoint_when_known(context, bucket)
+          end
+          @handler.call(context)
+        end
+
+        private
+
+        def use_regional_endpoint_when_known(context, bucket)
+          cached_region = S3::BUCKET_REGIONS[bucket]
+          if cached_region && cached_region != context.config.region
+            context.http_request.endpoint.host = new_hostname(context, cached_region)
+            context[:sigv4_region] = cached_region
+            context[:signature_version] =
+              S3.sigv2_region?(cached_region) ? 's3' : 'v4'
+          end
+        end
+
+      end
+
+      class DetectRegionHandler < Handler
+
+        def call(context)
+          response = @handler.call(context)
+          handle_region_errors(response)
+        end
+
+        private
+
+        def handle_region_errors(response)
+          if requires_sigv4?(response)
+            detect_region_and_retry(response)
+          elsif wrong_sigv4_region?(response)
+            extract_body_region_and_retry(response.context)
+          elsif moved_permanently?(response) and dns_style?(response.context)
+            # region detection not supported for 301 moved permanently
+            # when using path style
+            detect_region_and_retry(response) else
+            response
+          end
+        end
+
+        def requires_sigv4?(resp)
+          resp.context.http_response.status_code == 400 &&
+          resp.context.http_response.body_contents.include?('Please use AWS4-HMAC-SHA256') &&
+          resp.context.http_response.body.respond_to?(:truncate)
+        end
+
+        def wrong_sigv4_region?(resp)
+          resp.context.http_response.status_code == 400 &&
+          resp.context.http_response.body_contents.match(/<Region>.+?<\/Region>/)
+        end
+
+        def moved_permanently?(resp)
+          resp.context.http_response.status_code == 301
+        end
+
+        def extract_body_region_and_retry(context)
+          actual_region = region_from_body(context)
+          updgrade_to_v4(context, actual_region)
+          log_warning(context, actual_region)
+          @handler.call(context)
+        end
+
+        def region_from_body(context)
+          context.http_response.body_contents.match(/<Region>(.+?)<\/Region>/)[1]
+        end
+
+        def detect_region_and_retry(resp)
+          context = resp.context
+          updgrade_to_v4(context, 'us-east-1')
+          resp = @handler.call(context)
+          actual_region = region_from_location_header(context)
+          updgrade_to_v4(context, actual_region)
+          log_warning(context, actual_region)
+          @handler.call(context)
+        end
+
+        def updgrade_to_v4(context, region)
+          bucket = context.params[:bucket]
+          context.http_response.body.truncate(0)
+          context.http_request.headers.delete('authorization')
+          context.http_request.headers.delete('x-amz-security-token')
+          context.http_request.endpoint.host = new_hostname(context, region)
+          signer = Signers::V4.new(context.config.credentials, 's3', region)
+          signer.sign(context.http_request)
+        end
+
+        def dns_style?(context)
+          bucket = context.params[:bucket]
+          context.http_request.endpoint.host.match(/^#{Regexp.escape(bucket)}\.s3/)
+        end
+
+        def region_from_location_header(context)
+          location = context.http_response.headers['location']
+          location.match(/s3\.(.+?)\.amazonaws\.com/)[1]
+        end
+
+        def log_warning(context, actual_region)
+          S3::BUCKET_REGIONS[context.params[:bucket]] = actual_region
+          msg = "S3 client configured for #{context.config.region.inspect} " +
+            "but the bucket #{context.params[:bucket].inspect} is in " +
+            "#{actual_region.inspect}; Please configure the proper region " +
+            "to avoid multiple unecessary redirects and signing attempts"
+          if logger = context.config.logger
+            logger.warn(msg)
+          else
+            warn(msg)
+          end
+
+        end
+
+      end
+
+      # BEFORE the request is signed
+      handle(CachedBucketRegionHandler, step: :sign, priority: 60)
+
+      # AFTER the request is signed
+      handle(DetectRegionHandler, step: :sign, priority: 40)
+
+    end
+  end
+end

data/lib/aws-sdk-core/plugins/stub_responses.rb

@@ -14,13 +14,25 @@ module Aws
 
       option(:stub_responses, false)
 
+      option(:region) do |config|
+        'stubbed-region' if config.stub_responses
+      end
+
+      option(:credentials) do |config|
+        if config.stub_responses
+          Credentials.new('stubbed-akid', 'stubbed-secret')
+        end
+      end
+
       def add_handlers(handlers, config)
         handlers.add(Handler, step: :send) if config.stub_responses
       end
 
       def after_initialize(client)
         # disable retries when stubbing responses
-        client.config.retry_limit = 0 if client.config.stub_responses
+        if client.config.stub_responses
+          client.handlers.remove(RetryErrors::Handler)
+        end
       end
 
       class Handler < Seahorse::Client::Handler

data/lib/aws-sdk-core/rds.rb

@@ -1,6 +1,6 @@
 Aws.add_service(:RDS, {
-  api: File.join(Aws::APIS_DIR, 'RDS.api.json'),
-  docs: File.join(Aws::APIS_DIR, 'RDS.docs.json'),
-  paginators: File.join(Aws::APIS_DIR, 'RDS.paginators.json'),
-  waiters: File.join(Aws::APIS_DIR, 'RDS.waiters.json'),
+  api: File.join(Aws::API_DIR, 'RDS.api.json'),
+  docs: File.join(Aws::API_DIR, 'RDS.docs.json'),
+  paginators: File.join(Aws::API_DIR, 'RDS.paginators.json'),
+  waiters: File.join(Aws::API_DIR, 'RDS.waiters.json'),
 })

data/lib/aws-sdk-core/redshift.rb

@@ -1,6 +1,6 @@
 Aws.add_service(:Redshift, {
-  api: File.join(Aws::APIS_DIR, 'Redshift.api.json'),
-  docs: File.join(Aws::APIS_DIR, 'Redshift.docs.json'),
-  paginators: File.join(Aws::APIS_DIR, 'Redshift.paginators.json'),
-  waiters: File.join(Aws::APIS_DIR, 'Redshift.waiters.json'),
+  api: File.join(Aws::API_DIR, 'Redshift.api.json'),
+  docs: File.join(Aws::API_DIR, 'Redshift.docs.json'),
+  paginators: File.join(Aws::API_DIR, 'Redshift.paginators.json'),
+  waiters: File.join(Aws::API_DIR, 'Redshift.waiters.json'),
 })

data/lib/aws-sdk-core/refreshing_credentials.rb

@@ -0,0 +1,73 @@
+require 'thread'
+
+module Aws
+
+  # Base class used credential classes that can be refreshed. This
+  # provides basic refresh logic in a thread-safe manor. Classes mixing in
+  # this module are expected to implement a #refresh method that populates
+  # the following instance variables:
+  #
+  # * `@access_key_id`
+  # * `@secret_access_key`
+  # * `@session_token`
+  # * `@expiration`
+  #
+  # @api private
+  module RefreshingCredentials
+
+    def initialize(options = {})
+      @mutex = Mutex.new
+      refresh
+    end
+
+    # @return [String,nil]
+    def access_key_id
+      refresh_if_near_expiration
+      @access_key_id
+    end
+
+    # @return [String,nil]
+    def secret_access_key
+      refresh_if_near_expiration
+      @secret_access_key
+    end
+
+    # @return [String,nil]
+    def session_token
+      refresh_if_near_expiration
+      @session_token
+    end
+
+    # @return [Time,nil]
+    def expiration
+      refresh_if_near_expiration
+      @expiration
+    end
+
+    # Refresh credentials.
+    # @return [void]
+    def refresh!
+      @mutex.synchronize { refresh }
+    end
+
+    private
+
+    # Refreshes instance metadata credentials if they are within
+    # 5 minutes of expiration.
+    def refresh_if_near_expiration
+      if near_expiration?
+        @mutex.synchronize do
+          refresh if near_expiration?
+        end
+      end
+    end
+
+    def near_expiration?
+      if @expiration
+        # are we within 5 minutes of expiration?
+        (Time.now.to_i + 5 * 60) > @expiration.to_i
+      end
+    end
+
+  end
+end

data/lib/aws-sdk-core/route53.rb

@@ -1,5 +1,5 @@
 Aws.add_service(:Route53, {
-  api: File.join(Aws::APIS_DIR, 'Route53.api.json'),
-  docs: File.join(Aws::APIS_DIR, 'Route53.docs.json'),
-  paginators: File.join(Aws::APIS_DIR, 'Route53.paginators.json'),
+  api: File.join(Aws::API_DIR, 'Route53.api.json'),
+  docs: File.join(Aws::API_DIR, 'Route53.docs.json'),
+  paginators: File.join(Aws::API_DIR, 'Route53.paginators.json'),
 })

data/lib/aws-sdk-core/route53domains.rb

@@ -1,4 +1,4 @@
 Aws.add_service(:Route53Domains, {
-  api: File.join(Aws::APIS_DIR, 'Route53Domains.api.json'),
-  docs: File.join(Aws::APIS_DIR, 'Route53Domains.docs.json'),
+  api: File.join(Aws::API_DIR, 'Route53Domains.api.json'),
+  docs: File.join(Aws::API_DIR, 'Route53Domains.docs.json'),
 })

data/lib/aws-sdk-core/s3.rb

@@ -1,13 +1,32 @@
 Aws.add_service(:S3, {
-  api: File.join(Aws::APIS_DIR, 'S3.api.json'),
-  docs: File.join(Aws::APIS_DIR, 'S3.docs.json'),
-  paginators: File.join(Aws::APIS_DIR, 'S3.paginators.json'),
-  resources: File.join(Aws::APIS_DIR, 'S3.resources.json'),
-  waiters: File.join(Aws::APIS_DIR, 'S3.waiters.json'),
+  api: File.join(Aws::API_DIR, 'S3.api.json'),
+  docs: File.join(Aws::API_DIR, 'S3.docs.json'),
+  paginators: File.join(Aws::API_DIR, 'S3.paginators.json'),
+  resources: File.join(Aws::API_DIR, 'S3.resources.json'),
+  waiters: File.join(Aws::API_DIR, 'S3.waiters.json'),
 })
 
 module Aws
   module S3
+
     autoload :Presigner, 'aws-sdk-core/s3/presigner'
+    autoload :BucketRegionCache, 'aws-sdk-core/s3/bucket_region_cache'
+
+    # A cache of discovered bucket regions. You can call `#bucket_added`
+    # on this to be notified when you must configure the proper region
+    # to access a bucket.
+    #
+    # This cache is considered an implementation detail.
+    #
+    # @api private
+    BUCKET_REGIONS = BucketRegionCache.new
+
+    # @param [String] region
+    # @return [Boolean]
+    # @api private
+    def self.sigv2_region?(region)
+      Client.api.metadata('sigv2Regions').include?(region)
+    end
+
   end
 end

data/lib/aws-sdk-core/s3/bucket_region_cache.rb

@@ -0,0 +1,75 @@
+require 'thread'
+
+module Aws
+  module S3
+    class BucketRegionCache
+
+      def initialize
+        @regions = {}
+        @listeners = []
+        @mutex = Mutex.new
+      end
+
+      # Registers a block as a callback. This listener is called when a
+      # new bucket/region pair is added to the cache.
+      #
+      #     S3::BUCKET_REGIONS.bucket_added do |bucket_name, region_name|
+      #       # ...
+      #     end
+      #
+      # This happens when a request is made against the classic endpoint,
+      # "s3.amazonaws.com" and an error is returned requiring the request
+      # to be resent with Signature Version 4. At this point, multiple
+      # requests are made to discover the bucket region so that a v4
+      # signature can be generated.
+      #
+      # An application can register listeners here to avoid these extra
+      # requests in the future. By constructing an {S3::Client} with
+      # the proper region, a proper signature can be generated and redirects
+      # avoided.
+      # @return [void]
+      def bucket_added(&block)
+        if block
+          @mutex.synchronize { @listeners << block }
+        else
+          raise ArgumentError, 'missing required block'
+        end
+      end
+
+      # @param [String] bucket_name
+      # @return [String,nil] Returns the cached region for the named bucket.
+      #   Returns `nil` if the bucket is not in the cache.
+      # @api private
+      def [](bucket_name)
+        @mutex.synchronize { @regions[bucket_name] }
+      end
+
+      # Caches a bucket's region. Calling this method will trigger each
+      # of the {#bucket_added} listener callbacks.
+      # @param [String] bucket_name
+      # @param [String] region_name
+      # @return [void]
+      # @api private
+      def []=(bucket_name, region_name)
+        @mutex.synchronize do
+          @regions[bucket_name] = region_name
+          @listeners.each { |block| block.call(bucket_name, region_name) }
+        end
+      end
+
+      # @api private
+      def clear
+        @mutex.synchronize { @regions = {} }
+      end
+
+      # @return [Hash] Returns a hash of cached bucket names and region names.
+      def to_hash
+        @mutex.synchronize do
+          @regions.dup
+        end
+      end
+      alias to_h to_hash
+
+    end
+  end
+end

data/lib/aws-sdk-core/ses.rb

@@ -1,6 +1,6 @@
 Aws.add_service(:SES, {
-  api: File.join(Aws::APIS_DIR, 'SES.api.json'),
-  docs: File.join(Aws::APIS_DIR, 'SES.docs.json'),
-  paginators: File.join(Aws::APIS_DIR, 'SES.paginators.json'),
-  waiters: File.join(Aws::APIS_DIR, 'SES.waiters.json'),
+  api: File.join(Aws::API_DIR, 'SES.api.json'),
+  docs: File.join(Aws::API_DIR, 'SES.docs.json'),
+  paginators: File.join(Aws::API_DIR, 'SES.paginators.json'),
+  waiters: File.join(Aws::API_DIR, 'SES.waiters.json'),
 })

data/lib/aws-sdk-core/signers/v4.rb

@@ -9,7 +9,7 @@ module Aws
         new(
           context.config.credentials,
           context.config.sigv4_name,
-          context.config.sigv4_region
+          context[:sigv4_region] || context.config.sigv4_region
         ).sign(context.http_request)
       end
 

data/lib/aws-sdk-core/simpledb.rb

@@ -1,5 +1,5 @@
 Aws.add_service(:SimpleDB, {
-  api: File.join(Aws::APIS_DIR, 'SimpleDB.api.json'),
-  docs: File.join(Aws::APIS_DIR, 'SimpleDB.docs.json'),
-  paginators: File.join(Aws::APIS_DIR, 'SimpleDB.paginators.json'),
+  api: File.join(Aws::API_DIR, 'SimpleDB.api.json'),
+  docs: File.join(Aws::API_DIR, 'SimpleDB.docs.json'),
+  paginators: File.join(Aws::API_DIR, 'SimpleDB.paginators.json'),
 })

data/lib/aws-sdk-core/sns.rb

@@ -1,6 +1,6 @@
 Aws.add_service(:SNS, {
-  api: File.join(Aws::APIS_DIR, 'SNS.api.json'),
-  docs: File.join(Aws::APIS_DIR, 'SNS.docs.json'),
-  paginators: File.join(Aws::APIS_DIR, 'SNS.paginators.json'),
-  resources: File.join(Aws::APIS_DIR, 'SNS.resources.json'),
+  api: File.join(Aws::API_DIR, 'SNS.api.json'),
+  docs: File.join(Aws::API_DIR, 'SNS.docs.json'),
+  paginators: File.join(Aws::API_DIR, 'SNS.paginators.json'),
+  resources: File.join(Aws::API_DIR, 'SNS.resources.json'),
 })