aws-sdk 1.0.3 → 1.0.4

data/lib/aws.rb

@@ -53,7 +53,7 @@ module AWS; end
 
 require 'aws/common'
 
-%w(ec2 s3 simple_db simple_email_service sns sqs record rails).each do |service|
+%w(ec2 s3 simple_db simple_email_service sns sqs sts record rails).each do |service|
   $:.each do |load_path|
     if (Pathname.new(load_path) + "aws" + "#{service}.rb").exist?
       require "aws/#{service}"

data/lib/aws/api_config/STS-2011-06-15.yml

@@ -0,0 +1,56 @@
+# Copyright 2011 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"). You
+# may not use this file except in compliance with the License. A copy of
+# the License is located at
+#
+#     http://aws.amazon.com/apache2.0/
+#
+# or in the "license" file accompanying this file. This file is
+# distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF
+# ANY KIND, either express or implied. See the License for the specific
+# language governing permissions and limitations under the License.
+
+---
+:operations:
+  GetSessionToken:
+    :input:
+      DurationSeconds:
+      - :integer
+    :output:
+    - Credentials:
+      - Expiration:
+        - :timestamp
+  GetFederationToken:
+    :input:
+      Name:
+      - :string
+      - :pattern: !ruby/regexp /[\w+=,.@-]*/
+      - :required
+      Policy:
+      - :string
+      - :pattern: !ruby/regexp /[\u0009\u000A\u000D\u0020-\u00FF]+/
+      DurationSeconds:
+      - :integer
+    :output:
+    - Credentials:
+      - Expiration:
+        - :timestamp
+    - PackedPolicySize:
+      - :integer
+:client_errors:
+  MalformedQueryString: []
+  InvalidParameterCombination: []
+  InvalidParameterValue: []
+  InvalidQueryParameter: []
+  MissingAction: []
+  MissingParameter: []
+  RequestExpired: []
+  AccessDenied: []
+  NotAuthorized: []
+  DelegationFailure: []
+  MalformedHttpRequest: []
+  MalformedPolicyDocument: []
+  PackedPolicyTooLarge: []
+:server_errors:
+  ServiceUnavailable: []

data/lib/aws/authorize_with_session_token.rb

@@ -0,0 +1,29 @@
+# Copyright 2011 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"). You
+# may not use this file except in compliance with the License. A copy of
+# the License is located at
+#
+#     http://aws.amazon.com/apache2.0/
+#
+# or in the "license" file accompanying this file. This file is
+# distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF
+# ANY KIND, either express or implied. See the License for the specific
+# language governing permissions and limitations under the License.
+
+module AWS
+
+  module AuthorizeWithSessionToken
+
+    def add_authorization! signer
+      if signer.respond_to?(:session_token) and
+          token = signer.session_token
+        add_param("SecurityToken", token)
+      end
+
+      super
+    end
+
+  end
+
+end

data/lib/aws/base_client.rb

@@ -22,6 +22,7 @@ require 'aws/http/request'
 require 'aws/http/response'
 require 'aws/xml_grammar'
 require 'aws/option_grammar'
+require 'aws/client_logging'
 require 'benchmark'
 require 'set'
 
@@ -32,6 +33,7 @@ module AWS
   class BaseClient
 
     include Configurable
+    include ClientLogging
 
     extend Naming
 
@@ -163,60 +165,8 @@ module AWS
     end
 
     protected
-    def new_response(*args)
-      Response.new(*args)
-    end
-
-    private
-    def log severity, message
-      config.logger.send(severity, message + "\n") if config.logger
-    end
-
-    private
-    def log_client_request method_name, options, &block
-
-      response = nil
-      time = Benchmark.measure do
-        response = yield
-      end
-
-      if options[:async]
-        response.on_success { log_client_request_on_success(method_name,
-                                                            options,
-                                                            response,
-                                                            time) }
-      else
-        log_client_request_on_success(method_name,
-                                      options,
-                                      response,
-                                      time)
-      end
-
-      response
-
-    end
-
-    private
-    def log_client_request_on_success(method_name, options, response, time)
-      status = response.http_response.status
-      service = self.class.service_name
-
-      pattern = "[AWS %s %s %.06f] %s %s"
-      parts = [service, status, time.real, method_name, options.inspect]
-      severity = :info
-
-      if response.error
-        pattern += " %s: %s"
-        parts << response.error.class
-        parts << response.error.message
-        severity = :error
-      end
-
-      if response.cached
-        pattern << " [CACHED]"
-      end
-
-      log(severity, pattern % parts)
+    def new_response(*args, &block)
+      Response.new(*args, &block)
     end
 
     private
@@ -244,8 +194,9 @@ module AWS
           populate_error(response)
           retry_delays ||= sleep_durations(response)
           if should_retry?(response) and !retry_delays.empty?
+            response.rebuild_request
             @http_handler.sleep_with_callback(retry_delays.shift) do
-              async_request_with_retries(response, http_request, retry_delays)
+              async_request_with_retries(response, response.http_request, retry_delays)
             end
           else
             response.error ?
@@ -284,6 +235,9 @@ module AWS
       while should_retry?(response)
         break if sleeps.empty?
         Kernel.sleep(sleeps.shift)
+
+        # rebuild the request to get a fresh signature
+        response.rebuild_request
         response = yield
       end
 
@@ -375,38 +329,21 @@ module AWS
       return_or_raise(options) do
         log_client_request(name, options) do
 
-          # we dont want to pass the async option to the configure block
-          opts = options.dup
-          opts.delete(:async)
-
-          http_request = new_request
-
-          # configure the http request
-          http_request.host = endpoint
-          http_request.proxy_uri = config.proxy_uri
-          http_request.use_ssl = config.use_ssl?
-          http_request.ssl_verify_peer = config.ssl_verify_peer?
-          http_request.ssl_ca_file = config.ssl_ca_file
-
-          send("configure_#{name}_request", http_request, opts, &block)
-          http_request.headers["user-agent"] = user_agent_string
-          http_request.add_authorization!(signer)
-
           if config.stub_requests?
 
-            response = stub_for(name) 
-            response.http_request = http_request
+            response = stub_for(name)
+            response.http_request = build_request(name, options, &block)
             response.request_options = options
             response
 
           else
 
-            response = new_response(http_request)
+            client = self
+            response = new_response { client.send(:build_request, name, options, &block) }
             response.request_type = name
             response.request_options = options
 
-            if self.class::CACHEABLE_REQUESTS.
-                include?(name) and
+            if self.class::CACHEABLE_REQUESTS.include?(name) and
                 cache = AWS.response_cache and
                 cached_response = cache.cached(response)
               cached_response.cached = true
@@ -435,6 +372,27 @@ module AWS
       end
     end
 
+    private
+    def build_request(name, options, &block)
+      # we dont want to pass the async option to the configure block
+      opts = options.dup
+      opts.delete(:async)
+
+      http_request = new_request
+
+      # configure the http request
+      http_request.host = endpoint
+      http_request.proxy_uri = config.proxy_uri
+      http_request.use_ssl = config.use_ssl?
+      http_request.ssl_verify_peer = config.ssl_verify_peer?
+      http_request.ssl_ca_file = config.ssl_ca_file
+
+      send("configure_#{name}_request", http_request, opts, &block)
+      http_request.headers["user-agent"] = user_agent_string
+      http_request.add_authorization!(signer)
+      http_request
+    end
+
     private
     def user_agent_string
       engine = (RUBY_ENGINE rescue nil or "ruby")

data/lib/aws/client_logging.rb

@@ -0,0 +1,117 @@
+# Copyright 2011 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"). You
+# may not use this file except in compliance with the License. A copy of
+# the License is located at
+#
+#     http://aws.amazon.com/apache2.0/
+#
+# or in the "license" file accompanying this file. This file is
+# distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF
+# ANY KIND, either express or implied. See the License for the specific
+# language governing permissions and limitations under the License.
+
+module AWS
+
+  # @private
+  module ClientLogging
+
+    MAX_STRING_LENGTH = 50
+
+    def log_client_request(name, options)
+      response = nil
+      time = Benchmark.measure do
+        response = yield
+      end
+
+      if options[:async]
+        response.on_complete do
+          log_client_request_on_success(name, options, response, time)
+        end
+      else
+        log_client_request_on_success(name, options, response, time)
+      end
+      response
+    end
+
+    # Summarizes long strings and adds file size information
+    # @private
+    def sanitize_options(options)
+      sanitize_hash(options)
+    end
+
+    protected
+    def log severity, message
+      config.logger.send(severity, message + "\n") if config.logger
+    end
+
+    protected
+    def log_client_request_on_success(method_name, options, response, time)
+      status = response.http_response.status
+      service = self.class.service_name
+
+      pattern = "[AWS %s %s %.06f] %s %s"
+      parts = [service, status, time.real, method_name, sanitize_options(options)]
+      severity = :info
+
+      if response.error
+        pattern += " %s: %s"
+        parts << response.error.class
+        parts << response.error.message
+        severity = :error
+      end
+
+      if response.cached
+        pattern << " [CACHED]"
+      end
+
+      log(severity, pattern % parts)
+    end
+
+    protected
+    def sanitize_value(value)
+      case value
+      when Hash
+        sanitize_hash(value)
+      when Array
+        sanitize_array(value)
+      when File
+        sanitize_file(value)
+      when String
+        sanitize_string(value)
+      else
+        value.inspect
+      end
+    end
+
+    protected
+    def sanitize_string(str)
+      if str.size > MAX_STRING_LENGTH
+        "#<String \"#{str[0,6]}\" ... \"#{str[-6,6]}\" (#{str.size} characters)>"
+      else
+        str.inspect
+      end
+    end
+
+    protected
+    def sanitize_file(file)
+      "#<File:#{file.path} (#{File.size(file.path)} bytes)>"
+    end
+
+    protected
+    def sanitize_array(ary)
+      "[" +
+        ary.map { |v| sanitize_value(v) }.join(",") +
+        "]"
+    end
+
+    protected
+    def sanitize_hash(hash)
+      "{" + hash.map do |k,v|
+        "#{sanitize_value(k)}=>#{sanitize_value(v)}"
+      end.sort.join(",") + "}"
+    end
+
+  end
+
+end

data/lib/aws/configuration.rb

@@ -81,6 +81,7 @@ module AWS
         :simple_email_service_endpoint => 'email.us-east-1.amazonaws.com',
         :sns_endpoint => 'sns.us-east-1.amazonaws.com',
         :sqs_endpoint => 'sqs.us-east-1.amazonaws.com',
+        :sts_endpoint => 'sts.amazonaws.com',
         :stub_requests => false,
         :proxy_uri => nil,
         :use_ssl => true,
@@ -124,6 +125,12 @@ module AWS
       @options[:secret_access_key]
     end
 
+    # @return [String] Your AWS session token credential.
+    # @see STS
+    def session_token
+      @options[:session_token]
+    end
+
     # Used to create a new Configuration object with the given modifications.
     # The current configuration object is not modified.
     #
@@ -186,6 +193,11 @@ module AWS
       @options[:sqs_endpoint]
     end
 
+    # @return [String] The service endpoint for AWS Security Token Service.
+    def sts_endpoint
+      @options[:sts_endpoint]
+    end
+
     # @return [Boolean] Returns true if all reads to SimpleDB default to
     #   consistent reads.
     def simple_db_consistent_reads?
@@ -207,7 +219,8 @@ module AWS
     def signer
       return @options[:signer] if @options[:signer]
       raise "Missing credentials" unless access_key_id and secret_access_key
-      @options[:signer] ||= DefaultSigner.new(access_key_id, secret_access_key)
+      @options[:signer] ||=
+        DefaultSigner.new(access_key_id, secret_access_key, session_token)
     end
 
     # @return [Object,nil] Returns the current logger.

data/lib/aws/default_signer.rb

@@ -25,14 +25,24 @@ module AWS
     # @return [String] The Secret Access Key used to sign requests.
     attr_reader :secret_access_key
 
+    # @return [String] The Session Token used to sign requests.
+    attr_reader :session_token
+
     # @param [String] access_key_id The Access Key ID used to sign
     #   requests.
     #
     # @param [String] secret_access_key The Secret Access Key used to
     #   sign requests.
-    def initialize(access_key_id, secret_access_key)
+    #
+    # @param [String] session_token The Session Token used to sign
+    #   requests.  You can get credentials that include a session
+    #   token using the {STS} class.
+    def initialize(access_key_id,
+                   secret_access_key,
+                   session_token = nil)
       @access_key_id = access_key_id
       @secret_access_key = secret_access_key
+      @session_token = session_token
     end
 
     # Signs a string using the credentials stored in memory.