aws-sdk-euca 1.8.5

data/lib/aws/storage_gateway/config.rb

@@ -0,0 +1,18 @@
+# Copyright 2011-2013 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"). You
+# may not use this file except in compliance with the License. A copy of
+# the License is located at
+#
+#     http://aws.amazon.com/apache2.0/
+#
+# or in the "license" file accompanying this file. This file is
+# distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF
+# ANY KIND, either express or implied. See the License for the specific
+# language governing permissions and limitations under the License.
+
+AWS::Core::Configuration.module_eval do
+
+  add_service 'StorageGateway', 'storage_gateway', 'storagegateway.us-east-1.amazonaws.com'
+
+end

data/lib/aws/storage_gateway/errors.rb

@@ -0,0 +1,22 @@
+# Copyright 2011-2013 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"). You
+# may not use this file except in compliance with the License. A copy of
+# the License is located at
+#
+#     http://aws.amazon.com/apache2.0/
+#
+# or in the "license" file accompanying this file. This file is
+# distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF
+# ANY KIND, either express or implied. See the License for the specific
+# language governing permissions and limitations under the License.
+
+module AWS
+  class StorageGateway
+    module Errors
+
+      extend Core::LazyErrorClasses
+
+    end
+  end
+end

data/lib/aws/storage_gateway/request.rb

@@ -0,0 +1,28 @@
+# Copyright 2011-2013 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"). You
+# may not use this file except in compliance with the License. A copy of
+# the License is located at
+#
+#     http://aws.amazon.com/apache2.0/
+#
+# or in the "license" file accompanying this file. This file is
+# distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF
+# ANY KIND, either express or implied. See the License for the specific
+# language governing permissions and limitations under the License.
+
+module AWS
+  class StorageGateway
+
+    # @private
+    class Request < Core::Http::Request
+      include Core::Signature::Version4
+
+      def service
+        'storagegateway'
+      end
+
+    end
+
+  end
+end

data/lib/aws/sts.rb

@@ -0,0 +1,163 @@
+# Copyright 2011-2013 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"). You
+# may not use this file except in compliance with the License. A copy of
+# the License is located at
+#
+#     http://aws.amazon.com/apache2.0/
+#
+# or in the "license" file accompanying this file. This file is
+# distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF
+# ANY KIND, either express or implied. See the License for the specific
+# language governing permissions and limitations under the License.
+
+require 'aws/core'
+require 'aws/sts/config'
+
+module AWS
+
+  # This class is a starting point for working with the AWS Security
+  # Token Service.  The AWS Security Token Service is a web service
+  # that enables you to request temporary, limited-privilege
+  # credentials for users that you authenticate (federated users), or
+  # IAM users.
+  #
+  # @example Getting temporary credentials and using them to make an EC2 request
+  #   sts = AWS::STS.new(:access_key_id => "LONG_TERM_KEY",
+  #                      :secret_access_key => "LONG_TERM_SECRET")
+  #   session = sts.new_session(:duration => 60*60)
+  #   ec2 = AWS::EC2.new(session.credentials)
+  #   ec2.instances.to_a
+  #
+  # @example Getting temporary credentials with restricted permissions
+  #   policy = AWS::STS::Policy.new
+  #   policy.allow(:actions => ["s3:*", "ec2:*"],
+  #                :resources => :any)
+  #   session = sts.new_federated_session("TemporaryUser", :policy => policy)
+  #   ec2 = AWS::EC2.new(session.credentials)
+  #   ec2.instances.to_a
+  #
+  # @!attribute [r] client
+  #   @return [Client] the low-level STS client object
+  class STS
+
+    AWS.register_autoloads(self) do
+      autoload :Client,           'client'
+      autoload :Errors,           'errors'
+      autoload :FederatedSession, 'federated_session'
+      autoload :Policy,           'policy'
+      autoload :Request,          'request'
+      autoload :Session,          'session'
+    end
+
+    include Core::ServiceInterface
+
+    # (see Client#assume_role)
+    def assume_role options = {}
+      client.assume_role(options).data
+    end
+
+    # Returns a set of temporary credentials for an AWS account or IAM
+    # User. The credentials consist of an Access Key ID, a Secret
+    # Access Key, and a security token. These credentials are valid
+    # for the specified duration only. The session duration for IAM
+    # users can be between one and 36 hours, with a default of 12
+    # hours. The session duration for AWS account owners is restricted
+    # to one hour.
+    #
+    # @param [Hash] opts Options for getting temporary credentials.
+    #
+    # @option opts [Integer] :duration The duration, in seconds, that
+    #   the session should last. Acceptable durations for IAM user
+    #   sessions range from 3600s (one hour) to 129600s (36 hours),
+    #   with 43200s (12 hours) as the default. Sessions for AWS
+    #   account owners are restricted to a maximum of 3600s (one
+    #   hour).
+    #
+    # @option opts [String] :serial_number The identification number of the
+    #   Multi-Factor Authentication (MFA) device for the user.
+    #
+    # @option opts [String] :token_code The value provided by the MFA device.
+    #   If the user has an access policy requiring an MFA code, provide the
+    #   value here to get permission to resources as specified in the access
+    #   policy.
+    #
+    # @return [Session]
+    def new_session(opts = {})
+      get_session(:get_session_token, opts) do |resp, session_opts|
+        Session.new(session_opts)
+      end
+    end
+
+    # Returns a set of temporary credentials for a federated user with
+    # the user name and policy specified in the request. The
+    # credentials consist of an Access Key ID, a Secret Access Key,
+    # and a security token. The credentials are valid for the
+    # specified duration, between one and 36 hours.
+    #
+    # The federated user who holds these credentials has only those
+    # permissions allowed by intersection of the specified policy and
+    # any resource or user policies that apply to the caller of the
+    # GetFederationToken API. For more information about how token
+    # permissions work, see
+    # {http://docs.amazonwebservices.com/IAM/latest/UserGuide/TokenPermissions.html
+    # Controlling Token Permissions} in Using AWS Identity and Access
+    # Management.
+    #
+    # @param [String] name The name of the federated user associated
+    #   with the session.  Must be between 2 and 32 characters in
+    #   length.
+    #
+    # @param [Hash] opts Options for getting temporary credentials.
+    #
+    # @option opts [Integer] :duration The duration, in seconds, that
+    #   the session should last. Acceptable durations for federation
+    #   sessions range from 3600s (one hour) to 129600s (36 hours),
+    #   with one hour as the default.
+    #
+    # @option opts [String, AWS::STS::Policy] :policy A policy
+    #   specifying the permissions to associate with the session. The
+    #   caller can delegate their own permissions by specifying a
+    #   policy for the session, and both policies will be checked when
+    #   a service call is made. In other words, permissions of the
+    #   session credentials are the intersection of the policy
+    #   specified in the API and the policies associated with the user
+    #   who issued the session.
+    #
+    # @return [FederatedSession]
+    #
+    def new_federated_session(name, opts = {})
+      opts = opts.merge(:name => name)
+      case
+      when opts[:policy].kind_of?(String) || !opts[:policy]
+        # leave it alone
+      when opts[:policy].respond_to?(:to_json)
+        opts[:policy] = opts[:policy].to_json
+      end
+      get_session(:get_federation_token, opts) do |resp, session_opts|
+        session_opts.merge!(
+          :user_id => resp[:federated_user][:federated_user_id],
+          :user_arn => resp[:federated_user][:arn],
+          :packed_policy_size => resp[:packed_policy_size]
+        )
+        FederatedSession.new(session_opts)
+      end
+    end
+
+    protected
+
+    def get_session(method, opts = {})
+      opts[:duration_seconds] = opts.delete(:duration) if
+        opts[:duration]
+      resp = client.send(method, opts)
+      credentials = resp[:credentials].dup
+      session_opts = {
+        :credentials => credentials,
+        :expires_at => credentials.delete(:expiration),
+      }
+      yield(resp, session_opts)
+    end
+
+  end
+
+end

data/lib/aws/sts/client.rb

@@ -0,0 +1,157 @@
+# Copyright 2011-2013 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"). You
+# may not use this file except in compliance with the License. A copy of
+# the License is located at
+#
+#     http://aws.amazon.com/apache2.0/
+#
+# or in the "license" file accompanying this file. This file is
+# distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF
+# ANY KIND, either express or implied. See the License for the specific
+# language governing permissions and limitations under the License.
+
+module AWS
+  class STS
+
+    # Client class for AWS Security Token Service (STS).
+    class Client < Core::QueryClient
+
+      REGION_US_E1 = 'sts.amazonaws.com'
+
+      # @private
+      CACHEABLE_REQUESTS = Set[]
+
+      def initialize *args
+        super
+        unless config.use_ssl?
+          msg = 'AWS Security Token Service (STS) requires ssl but the ' + 
+            ':use_ssl option is set to false.  Try passing :use_ssl => true'
+          raise ArgumentError, msg
+        end
+      end
+
+      # client methods #
+
+      # @!method assume_role(options = {})
+      # Calls the AssumeRole API operation.
+      # @param [Hash] options
+      #   * +:role_arn+ - *required* - (String) The Amazon Resource Name (ARN)
+      #     of the role that the caller is assuming.
+      #   * +:role_session_name+ - *required* - (String) An identifier for the
+      #     assumed role session. The session name is included as part of the
+      #     AssumedRoleUser.
+      #   * +:policy+ - (String) A supplemental policy that can be associated
+      #     with the temporary security credentials. The caller can restrict
+      #     the permissions that are available on the role's temporary security
+      #     credentials to maintain the least amount of privileges. When a
+      #     service call is made with the temporary security credentials, both
+      #     the role's permission policy and supplemental policy are checked.
+      #     For more information about how permissions work in the context of
+      #     temporary credentials, see Controlling Permissions in Temporary
+      #     Credentials.
+      #   * +:duration_seconds+ - (Integer) The duration, in seconds, of the
+      #     role session. The value can range from 900 seconds (15 minutes) to
+      #     3600 seconds (1 hour). By default, the value is set to 3600 seconds
+      #     (1 hour).
+      #   * +:external_id+ - (String) A unique identifier that is generated by
+      #     a third party for each of their customers. For each role that the
+      #     third party can assume, they should instruct their customers to
+      #     create a role with the external ID that was generated by the third
+      #     party. Each time the third party assumes the role, they must pass
+      #     the customer's correct external ID. The external ID is useful in
+      #     order to help third parties bind a role to the customer who created
+      #     it. For more information about the external ID, see About the
+      #     External ID in Using Temporary Security Credentials.
+      # @return [Core::Response]
+      #   The #data method of the response object returns
+      #   a hash with the following structure:
+      #   * +:credentials+ - (Hash)
+      #     * +:access_key_id+ - (String)
+      #     * +:secret_access_key+ - (String)
+      #     * +:session_token+ - (String)
+      #     * +:expiration+ - (Time)
+      #   * +:assumed_role_user+ - (Hash)
+      #     * +:assumed_role_id+ - (String)
+      #     * +:arn+ - (String)
+      #   * +:packed_policy_size+ - (Integer)
+
+      # @!method get_federation_token(options = {})
+      # Calls the GetFederationToken API operation.
+      # @param [Hash] options
+      #   * +:name+ - *required* - (String) The name of the federated user
+      #     associated with the credentials. For information about limitations
+      #     on user names, go to Limitations on IAM Entities in Using IAM.
+      #   * +:policy+ - (String) A policy specifying the permissions to
+      #     associate with the credentials. The caller can delegate their own
+      #     permissions by specifying a policy, and both policies will be
+      #     checked when a service call is made. For more information about how
+      #     permissions work in the context of temporary credentials, see
+      #     Controlling Permissions in Temporary Credentials in Using IAM.
+      #   * +:duration_seconds+ - (Integer) The duration, in seconds, that the
+      #     session should last. Acceptable durations for federation sessions
+      #     range from 900s (15 minutes) to 129600s (36 hours), with 43200s (12
+      #     hours) as the default. Sessions for AWS account owners are
+      #     restricted to a maximum of 3600s (one hour). If the duration is
+      #     longer than one hour, the session for AWS account owners defaults
+      #     to one hour.
+      # @return [Core::Response]
+      #   The #data method of the response object returns
+      #   a hash with the following structure:
+      #   * +:credentials+ - (Hash)
+      #     * +:access_key_id+ - (String)
+      #     * +:secret_access_key+ - (String)
+      #     * +:session_token+ - (String)
+      #     * +:expiration+ - (Time)
+      #   * +:federated_user+ - (Hash)
+      #     * +:federated_user_id+ - (String)
+      #     * +:arn+ - (String)
+      #   * +:packed_policy_size+ - (Integer)
+
+      # @!method get_session_token(options = {})
+      # Calls the GetSessionToken API operation.
+      # @param [Hash] options
+      #   * +:duration_seconds+ - (Integer) The duration, in seconds, that the
+      #     credentials should remain valid. Acceptable durations for IAM user
+      #     sessions range from 900s (15 minutes) to 129600s (36 hours), with
+      #     43200s (12 hours) as the default. Sessions for AWS account owners
+      #     are restricted to a maximum of 3600s (one hour). If the duration is
+      #     longer than one hour, the session for AWS account owners defaults
+      #     to one hour.
+      #   * +:serial_number+ - (String) The identification number of the MFA
+      #     device for the user. If the IAM user has a policy requiring MFA
+      #     authentication (or is in a group requiring MFA authentication) to
+      #     access resources, provide the device value here.The value is in the
+      #     Security Credentials tab of the user's details pane in the IAM
+      #     console. If the IAM user has an active MFA device, the details pane
+      #     displays a Multi-Factor Authentication Device value. The value is
+      #     either for a virtual device, such as
+      #     arn:aws:iam::123456789012:mfa/user, or it is the device serial
+      #     number for a hardware device (usually the number from the back of
+      #     the device), such as GAHT12345678. For more information, see Using
+      #     Multi-Factor Authentication (MFA) Devices with AWS in Using IAM.
+      #   * +:token_code+ - (String) The value provided by the MFA device. If
+      #     the user has an access policy requiring an MFA code (or is in a
+      #     group requiring an MFA code), provide the value here to get
+      #     permission to resources as specified in the access policy. If MFA
+      #     authentication is required, and the user does not provide a code
+      #     when requesting a set of temporary security credentials, the user
+      #     will receive an "access denied" response when requesting resources
+      #     that require MFA authentication. For more information, see Using
+      #     Multi-Factor Authentication (MFA) Devices with AWS in Using IAM.
+      # @return [Core::Response]
+      #   The #data method of the response object returns
+      #   a hash with the following structure:
+      #   * +:credentials+ - (Hash)
+      #     * +:access_key_id+ - (String)
+      #     * +:secret_access_key+ - (String)
+      #     * +:session_token+ - (String)
+      #     * +:expiration+ - (Time)
+
+      # end client methods #
+
+      define_client_methods('2011-06-15')
+
+    end
+  end
+end

data/lib/aws/sts/config.rb

@@ -0,0 +1,18 @@
+# Copyright 2011-2013 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"). You
+# may not use this file except in compliance with the License. A copy of
+# the License is located at
+#
+#     http://aws.amazon.com/apache2.0/
+#
+# or in the "license" file accompanying this file. This file is
+# distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF
+# ANY KIND, either express or implied. See the License for the specific
+# language governing permissions and limitations under the License.
+
+AWS::Core::Configuration.module_eval do
+
+  add_service 'STS', 'sts', 'sts.amazonaws.com'
+
+end

data/lib/aws/sts/errors.rb

@@ -0,0 +1,22 @@
+# Copyright 2011-2013 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"). You
+# may not use this file except in compliance with the License. A copy of
+# the License is located at
+#
+#     http://aws.amazon.com/apache2.0/
+#
+# or in the "license" file accompanying this file. This file is
+# distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF
+# ANY KIND, either express or implied. See the License for the specific
+# language governing permissions and limitations under the License.
+
+module AWS
+  class STS
+    module Errors
+
+      extend Core::LazyErrorClasses
+
+    end
+  end
+end

data/lib/aws/sts/federated_session.rb

@@ -0,0 +1,56 @@
+# Copyright 2011-2013 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"). You
+# may not use this file except in compliance with the License. A copy of
+# the License is located at
+#
+#     http://aws.amazon.com/apache2.0/
+#
+# or in the "license" file accompanying this file. This file is
+# distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF
+# ANY KIND, either express or implied. See the License for the specific
+# language governing permissions and limitations under the License.
+
+module AWS
+  class STS
+
+    # Represents a federated session using temporary AWS credentials.
+    # Use {STS#new_federated_session} to get an instance of this
+    # class.
+    class FederatedSession < Session
+
+      # The string identifying the federated user associated with the
+      # session, similar to the UserId of an IAM user.
+      #
+      # @return [String]
+      attr_reader :user_id
+
+      # The ARN specifying the federated user associated with the
+      # session. For more information about ARNs and how to use them
+      # in policies, see
+      # {http://docs.amazonwebservices.com/IAM/latest/UserGuide/index.html?Using_Identifiers.html
+      # Identifiers for IAM Entities} in <i>Using AWS Identity and
+      # Access Management</i>.
+      #
+      # @return [String]
+      attr_reader :user_arn
+
+      # A percentage value indicating the size of the policy in packed
+      # form. Policies for which the packed size is greater than 100%
+      # of the allowed value are rejected by the service.
+      #
+      # @return [Integer]
+      attr_reader :packed_policy_size
+
+      # @private
+      def initialize(opts = {})
+        @user_id = opts[:user_id]
+        @user_arn = opts[:user_arn]
+        @packed_policy_size = opts[:packed_policy_size]
+        super
+      end
+
+    end
+
+  end
+end