aws-sdk-core 2.0.9 → 2.0.10

data/apis/S3.api.json

@@ -6,18 +6,6 @@
     "globalEndpoint":"s3.amazonaws.com",
     "serviceAbbreviation":"Amazon S3",
     "serviceFullName":"Amazon Simple Storage Service",
-    "signatureVersion":"v4",
-    "sigv2Regions": [
-      "us-east-1",
-      "us-west-1",
-      "us-west-2",
-      "ap-northeast-1",
-      "ap-southeast-1",
-      "ap-southeast-2",
-      "sa-east-1",
-      "eu-west-1",
-      "us-gov-west-1"
-    ],
     "timestampFormat":"rfc822",
     "protocol":"rest-xml"
   },
@@ -650,7 +638,8 @@
         "ap-northeast-1",
         "sa-east-1",
         "",
-        "cn-north-1"
+        "cn-north-1",
+        "eu-central-1"
       ]
     },
     "BucketLoggingStatus":{
@@ -2038,7 +2027,11 @@
         "DisplayName":{"shape":"DisplayName"},
         "EmailAddress":{"shape":"EmailAddress"},
         "ID":{"shape":"ID"},
-        "Type":{"shape":"Type"},
+        "Type":{
+          "shape":"Type",
+          "xmlAttribute":true,
+          "locationName":"xsi:type"
+        },
         "URI":{"shape":"URI"}
       },
       "xmlNamespace":{
@@ -3490,9 +3483,7 @@
         "CanonicalUser",
         "AmazonCustomerByEmail",
         "Group"
-      ],
-      "xmlAttribute":true,
-      "locationName":"xsi:type"
+      ]
     },
     "URI":{"type":"string"},
     "UploadIdMarker":{"type":"string"},

data/lib/aws-sdk-core.rb

@@ -140,7 +140,7 @@ module Aws
     autoload :S3LocationConstraint, 'aws-sdk-core/plugins/s3_location_constraint'
     autoload :S3Md5s, 'aws-sdk-core/plugins/s3_md5s'
     autoload :S3Redirects, 'aws-sdk-core/plugins/s3_redirects'
-    autoload :S3RegionDetection, 'aws-sdk-core/plugins/s3_region_detection'
+    autoload :S3RequestSigner, 'aws-sdk-core/plugins/s3_request_signer'
     autoload :S3SseCpk, 'aws-sdk-core/plugins/s3_sse_cpk'
     autoload :S3UrlEncodedKeys, 'aws-sdk-core/plugins/s3_url_encoded_keys'
     autoload :SQSQueueUrls, 'aws-sdk-core/plugins/sqs_queue_urls'

data/lib/aws-sdk-core/api/service_customizations.rb

@@ -102,7 +102,7 @@ module Aws
         add_plugin 'Aws::Plugins::S3Redirects'
         add_plugin 'Aws::Plugins::S3SseCpk'
         add_plugin 'Aws::Plugins::S3UrlEncodedKeys'
-        add_plugin 'Aws::Plugins::S3RegionDetection'
+        add_plugin 'Aws::Plugins::S3RequestSigner'
         defs = client_class.waiters.instance_variable_get("@definitions")
         defs[:bucket_exists]['ignore_errors'] = ['NotFound']
         defs[:object_exists]['ignore_errors'] = ['NotFound']

data/lib/aws-sdk-core/configservice.rb

@@ -1,4 +1,5 @@
 Aws.add_service(:ConfigService, {
   api: File.join(Aws::API_DIR, 'ConfigService.api.json'),
   docs: File.join(Aws::API_DIR, 'ConfigService.docs.json'),
+  paginators: File.join(Aws::API_DIR, 'ConfigService.paginators.json'),
 })

data/lib/aws-sdk-core/lambda.rb

@@ -1,4 +1,5 @@
 Aws.add_service(:Lambda, {
   api: File.join(Aws::API_DIR, 'Lambda.api.json'),
   docs: File.join(Aws::API_DIR, 'Lambda.docs.json'),
+  paginators: File.join(Aws::API_DIR, 'Lambda.paginators.json'),
 })

data/lib/aws-sdk-core/plugins/global_configuration.rb

@@ -41,7 +41,7 @@ module Aws
     class GlobalConfiguration < Seahorse::Client::Plugin
 
       # @api private
-      IDENTIFIERS = Set.new
+      IDENTIFIERS = Set.new(SERVICE_MODULE_NAMES.map(&:downcase).map(&:to_sym))
 
       # @api private
       def before_initialize(client_class, options)

data/lib/aws-sdk-core/plugins/request_signer.rb

@@ -49,8 +49,9 @@ module Aws
 
       option(:sigv4_region) do |cfg|
         prefix = cfg.api.metadata('endpointPrefix')
-        if matches = cfg.endpoint.to_s.match(/#{prefix}[.-](.+)\.amazonaws\.com/)
-          matches[1]
+        endpoint = cfg.endpoint.to_s
+        if matches = endpoint.match(/#{prefix}[.-](.+)\.amazonaws\.com/)
+          matches[1] == 'us-gov' ? 'us-gov-west-1' : matches[1]
         elsif cfg.endpoint.to_s.match(/#{prefix}\.amazonaws\.com/)
           'us-east-1'
         else
@@ -75,8 +76,7 @@ module Aws
         private
 
         def sign_authenticated_requests(context)
-          version = context[:signature_version] || context.config.signature_version
-          if signer = SIGNERS[version]
+          if signer = SIGNERS[context.config.signature_version]
             require_credentials(context)
             signer.sign(context)
           end
@@ -94,7 +94,10 @@ module Aws
 
       end
 
-      handler(Handler, step: :sign)
+      def add_handlers(handlers, config)
+        # See the S3RequestSignerPlugin for Amazon S3 signature logic
+        handlers.add(Handler, step: :sign) unless config.sigv4_name == 's3'
+      end
 
     end
   end

data/lib/aws-sdk-core/plugins/s3_bucket_dns.rb

@@ -38,7 +38,8 @@ module Aws
           endpoint = context.http_request.endpoint
           if
             bucket_name &&
-            S3BucketDns.dns_compatible?(bucket_name, https?(endpoint))
+            S3BucketDns.dns_compatible?(bucket_name, https?(endpoint)) &&
+            context.operation_name != 'get_bucket_location'
           then
             move_bucket_to_subdomain(bucket_name, endpoint)
           end

data/lib/aws-sdk-core/plugins/s3_request_signer.rb

@@ -0,0 +1,241 @@
+require 'set'
+
+module Aws
+  module Plugins
+    # This plugin is an implementation detail and may be modified.
+    # @api private
+    class S3RequestSigner < Seahorse::Client::Plugin
+
+      class SigningHandler < Seahorse::Client::Handler
+
+        # List of regions that support older S3 signature versions.
+        # All new regions only support signature version 4.
+        V2_REGIONS = Set.new(%w(
+          us-east-1
+          us-west-1
+          us-west-2
+          ap-northeast-1
+          ap-southeast-1
+          ap-southeast-2
+          sa-east-1
+          eu-west-1
+          us-gov-west-1
+        ))
+
+        def call(context)
+          version = signature_version(context)
+          case version
+          when /v4/ then apply_v4_signature(context)
+          when /s3/ then apply_v2_signature(context)
+          else raise "unsupported signature version #{version.inspect}"
+          end
+          @handler.call(context)
+        end
+
+        private
+
+        def apply_v4_signature(context)
+          Signers::V4.new(
+            context.config.credentials, 's3',
+            context[:cached_sigv4_region] || context.config.sigv4_region,
+          ).sign(context.http_request)
+        end
+
+        def apply_v2_signature(context)
+          Signers::S3.sign(context)
+        end
+
+        def signature_version(context)
+          context[:cached_signature_version] ||
+          context.config.signature_version ||
+          version_by_region(context)
+        end
+
+        def version_by_region(context)
+          if classic_endpoint?(context)
+            classic_sigv(context)
+          else
+            regional_sigv(context)
+          end
+        end
+
+        def classic_endpoint?(context)
+          context.config.region == 'us-east-1'
+        end
+
+        # When accessing the classic endpoint, s3.amazonaws.com, we don't know
+        # the region name. This makes creating a version 4 signature difficult.
+        # Choose v4 only if using KMS encryptions, which requires v4.
+        def classic_sigv(context)
+          if kms_encrypted?(context)
+            :v4
+          else
+            :s3
+          end
+        end
+
+        def regional_sigv(context)
+          # Drop back to older S3 signature version when uploading objects for
+          # better performance. This optimization may be removed at some point
+          # in favor of always using signature version 4.
+          if V2_REGIONS.include?(context.config.region)
+            uploading_file?(context) && !kms_encrypted?(context) ? :s3 : :v4
+          else
+            :v4
+          end
+        end
+
+        def kms_encrypted?(context)
+          context.params[:server_side_encryption] == 'aws:kms'
+        end
+
+        def uploading_file?(context)
+          %w(put_object upload_part).include?(context.operation_name) &&
+            context.http_request.body.size > 0
+        end
+
+      end
+
+      # Abstract base class for the other two handlers
+      class Handler < Seahorse::Client::Handler
+
+        private
+
+        def new_hostname(context, region)
+          bucket = context.params[:bucket]
+          if region == 'us-east-1'
+            "#{bucket}.s3-external-1.amazonaws.com"
+          else
+            bucket + '.' + URI.parse(EndpointProvider.resolve(region, 's3')).host
+          end
+        end
+
+      end
+
+      # This handler will update the http endpoint when the bucket region
+      # is known/cached.
+      class CachedBucketRegionHandler < Handler
+
+        def call(context)
+          if bucket = context.params[:bucket]
+            use_regional_endpoint_when_known(context, bucket)
+          end
+          @handler.call(context)
+        end
+
+        private
+
+        def use_regional_endpoint_when_known(context, bucket)
+          cached_region = S3::BUCKET_REGIONS[bucket]
+          if cached_region && cached_region != context.config.region
+            context.http_request.endpoint.host = new_hostname(context, cached_region)
+            context[:cached_sigv4_region] = cached_region
+            context[:cached_signature_version] = :v4
+          end
+        end
+
+      end
+
+      # This handler detects when a request fails because signature version 4
+      # is required but not used. It follows up by making a request to
+      # determine the correct region, then finally a version 4 signed
+      # request against the regional endpoint.
+      class BucketSigningErrorHandler < Handler
+
+        SIGV4_MSG = /(Please use AWS4-HMAC-SHA256|AWS Signature Version 4)/
+
+        def call(context)
+          response = @handler.call(context)
+          handle_region_errors(response)
+        end
+
+        private
+
+        def handle_region_errors(response)
+          if sigv4_required_error?(response)
+            detect_region_and_retry(response)
+          elsif wrong_sigv4_region?(response)
+            extract_body_region_and_retry(response.context)
+          else
+            response
+          end
+        end
+
+        def sigv4_required_error?(resp)
+          resp.context.http_response.status_code == 400 &&
+          resp.context.http_response.body_contents.match(SIGV4_MSG) &&
+          resp.context.http_response.body.respond_to?(:truncate)
+        end
+
+        def wrong_sigv4_region?(resp)
+          resp.context.http_response.status_code == 400 &&
+          resp.context.http_response.body_contents.match(/<Region>.+?<\/Region>/)
+        end
+
+        def extract_body_region_and_retry(context)
+          actual_region = region_from_body(context)
+          updgrade_to_v4(context, actual_region)
+          log_warning(context, actual_region)
+          @handler.call(context)
+        end
+
+        def region_from_body(context)
+          context.http_response.body_contents.match(/<Region>(.+?)<\/Region>/)[1]
+        end
+
+        def detect_region_and_retry(resp)
+          context = resp.context
+          updgrade_to_v4(context, 'us-east-1')
+          resp = @handler.call(context)
+          if resp.successful?
+            resp
+          else
+            actual_region = region_from_location_header(context)
+            updgrade_to_v4(context, actual_region)
+            log_warning(context, actual_region)
+            @handler.call(context)
+          end
+        end
+
+        def updgrade_to_v4(context, region)
+          bucket = context.params[:bucket]
+          context.http_response.body.truncate(0)
+          context.http_request.headers.delete('authorization')
+          context.http_request.headers.delete('x-amz-security-token')
+          context.http_request.endpoint.host = new_hostname(context, region)
+          signer = Signers::V4.new(context.config.credentials, 's3', region)
+          signer.sign(context.http_request)
+        end
+
+        def region_from_location_header(context)
+          location = context.http_response.headers['location']
+          location.match(/s3[.-](.+?)\.amazonaws\.com/)[1]
+        end
+
+        def log_warning(context, actual_region)
+          S3::BUCKET_REGIONS[context.params[:bucket]] = actual_region
+          msg = "S3 client configured for #{context.config.region.inspect} " +
+            "but the bucket #{context.params[:bucket].inspect} is in " +
+            "#{actual_region.inspect}; Please configure the proper region " +
+            "to avoid multiple unecessary redirects and signing attempts\n"
+          if logger = context.config.logger
+            logger.warn(msg)
+          else
+            warn(msg)
+          end
+        end
+
+      end
+
+      # BEFORE signing
+      handle(CachedBucketRegionHandler, step: :sign, priority: 60)
+
+      # sign the request
+      handler(SigningHandler, step: :sign)
+
+      # AFTER signing
+      handle(BucketSigningErrorHandler, step: :sign, priority: 40)
+
+    end
+  end
+end

data/lib/aws-sdk-core/signers/s3.rb

@@ -123,11 +123,13 @@ module Aws
         # virtual hosted-style requests require the hostname to appear
         # in the canonicalized resource prefixed by a forward slash.
         if bucket = params[:bucket]
+          bucket = bucket.value
           ssl = endpoint.scheme == 'https'
-          if Plugins::S3BucketDns.dns_compatible?(bucket.value, ssl) &&
-            !@force_path_style
+          if Plugins::S3BucketDns.dns_compatible?(bucket, ssl) &&
+            !@force_path_style &&
+            !endpoint.path.match(/^\/#{Regexp.escape(bucket)}/)
           then
-            parts << "/#{bucket.value}"
+            parts << "/#{bucket}"
           end
         end
 

data/lib/aws-sdk-core/signers/v4.rb

@@ -9,7 +9,7 @@ module Aws
         new(
           context.config.credentials,
           context.config.sigv4_name,
-          context[:sigv4_region] || context.config.sigv4_region
+          context.config.sigv4_region
         ).sign(context.http_request)
       end
 

data/lib/aws-sdk-core/version.rb

@@ -1,3 +1,3 @@
 module Aws
-  VERSION = '2.0.9'
+  VERSION = '2.0.10'
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: aws-sdk-core
 version: !ruby/object:Gem::Version
-  version: 2.0.9
+  version: 2.0.10
 platform: ruby
 authors:
 - Amazon Web Services
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2014-11-13 00:00:00.000000000 Z
+date: 2014-11-20 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: multi_json
@@ -157,7 +157,7 @@ files:
 - lib/aws-sdk-core/plugins/s3_location_constraint.rb
 - lib/aws-sdk-core/plugins/s3_md5s.rb
 - lib/aws-sdk-core/plugins/s3_redirects.rb
-- lib/aws-sdk-core/plugins/s3_region_detection.rb
+- lib/aws-sdk-core/plugins/s3_request_signer.rb
 - lib/aws-sdk-core/plugins/s3_sse_cpk.rb
 - lib/aws-sdk-core/plugins/s3_url_encoded_keys.rb
 - lib/aws-sdk-core/plugins/sqs_queue_urls.rb

data/lib/aws-sdk-core/plugins/s3_region_detection.rb

@@ -1,144 +0,0 @@
-module Aws
-  module Plugins
-    # This plugin is an implementation detail and may be modified.
-    # @api private
-    class S3RegionDetection < Seahorse::Client::Plugin
-
-      # Intentionally not documented - this should go away when all
-      # services support signature version 4 in every region.
-      option(:signature_version) do |cfg|
-        if S3.sigv2_region?(cfg.region)
-          's3'
-        else
-          'v4'
-        end
-      end
-
-      class Handler < Seahorse::Client::Handler
-
-        private
-
-        def new_hostname(context, region)
-          bucket = context.params[:bucket]
-          if region == 'us-east-1'
-            "#{bucket}.s3-external-1.amazonaws.com"
-          else
-            bucket + '.' + URI.parse(EndpointProvider.resolve(region, 's3')).host
-          end
-        end
-
-      end
-
-      class CachedBucketRegionHandler < Handler
-
-        def call(context)
-          if bucket = context.params[:bucket]
-            use_regional_endpoint_when_known(context, bucket)
-          end
-          @handler.call(context)
-        end
-
-        private
-
-        def use_regional_endpoint_when_known(context, bucket)
-          cached_region = S3::BUCKET_REGIONS[bucket]
-          if cached_region && cached_region != context.config.region
-            context.http_request.endpoint.host = new_hostname(context, cached_region)
-            context[:sigv4_region] = cached_region
-            context[:signature_version] = 'v4'
-          end
-        end
-
-      end
-
-      class DetectRegionHandler < Handler
-
-        def call(context)
-          response = @handler.call(context)
-          handle_region_errors(response)
-        end
-
-        private
-
-        def handle_region_errors(response)
-          if requires_sigv4?(response)
-            detect_region_and_retry(response)
-          elsif wrong_sigv4_region?(response)
-            extract_body_region_and_retry(response.context)
-          else
-            response
-          end
-        end
-
-        def requires_sigv4?(resp)
-          resp.context.http_response.status_code == 400 &&
-          resp.context.http_response.body_contents.include?('Please use AWS4-HMAC-SHA256') &&
-          resp.context.http_response.body.respond_to?(:truncate)
-        end
-
-        def wrong_sigv4_region?(resp)
-          resp.context.http_response.status_code == 400 &&
-          resp.context.http_response.body_contents.match(/<Region>.+?<\/Region>/)
-        end
-
-        def extract_body_region_and_retry(context)
-          actual_region = region_from_body(context)
-          updgrade_to_v4(context, actual_region)
-          log_warning(context, actual_region)
-          @handler.call(context)
-        end
-
-        def region_from_body(context)
-          context.http_response.body_contents.match(/<Region>(.+?)<\/Region>/)[1]
-        end
-
-        def detect_region_and_retry(resp)
-          context = resp.context
-          updgrade_to_v4(context, 'us-east-1')
-          resp = @handler.call(context)
-          actual_region = region_from_location_header(context)
-          updgrade_to_v4(context, actual_region)
-          log_warning(context, actual_region)
-          @handler.call(context)
-        end
-
-        def updgrade_to_v4(context, region)
-          bucket = context.params[:bucket]
-          context.http_response.body.truncate(0)
-          context.http_request.headers.delete('authorization')
-          context.http_request.headers.delete('x-amz-security-token')
-          context.http_request.endpoint.host = new_hostname(context, region)
-          signer = Signers::V4.new(context.config.credentials, 's3', region)
-          signer.sign(context.http_request)
-        end
-
-        def region_from_location_header(context)
-          location = context.http_response.headers['location']
-          location.match(/s3.(.+?)\.amazonaws\.com/)[1]
-        end
-
-        def log_warning(context, actual_region)
-          S3::BUCKET_REGIONS[context.params[:bucket]] = actual_region
-          msg = "S3 client configured for #{context.config.region.inspect} " +
-            "but the bucket #{context.params[:bucket].inspect} is in " +
-            "#{actual_region.inspect}; Please configure the proper region " +
-            "to avoid multiple unecessary redirects and signing attempts"
-          if logger = context.config.logger
-            logger.warn(msg)
-          else
-            warn(msg)
-          end
-
-        end
-
-      end
-
-      # BEFORE the request is signed
-      handle(CachedBucketRegionHandler, step: :sign, priority: 60)
-
-      # AFTER the request is signed
-      handle(DetectRegionHandler, step: :sign, priority: 40)
-
-    end
-  end
-end