aws-sdk 1.1.4 → 1.2.0

data/lib/aws/core/collection/simple.rb

@@ -0,0 +1,89 @@
+# Copyright 2011 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"). You
+# may not use this file except in compliance with the License. A copy of
+# the License is located at
+#
+#     http://aws.amazon.com/apache2.0/
+#
+# or in the "license" file accompanying this file. This file is
+# distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF
+# ANY KIND, either express or implied. See the License for the specific
+# language governing permissions and limitations under the License.
+
+module AWS
+  module Core
+    module Collection
+
+      # AWS::Core::Collection::Simple is used by collections that always 
+      # recieve every matching items in a single response.
+      #
+      # This means:
+      #
+      # * Paging methods are simulated
+      #
+      # * Next tokens are artificial (guessable numeric offsets)
+      #
+      # AWS services generally return all items only for requests with a
+      # small maximum number of results.  
+      #
+      # See {AWS::Core::Collection} for documentation on the available
+      # collection methods.
+      module Simple
+
+        include Model
+        include Enumerable
+        include Collection
+
+        # (see AWS::Core::Collection#each_batch)
+        def each_batch options = {}, &block
+
+          each_opts  = options.dup
+          limit      = each_opts.delete(:limit)
+          next_token = each_opts.delete(:next_token)
+          offset     = next_token ? next_token.to_i - 1 : 0
+          total      = 0
+
+          nil_or_next_token = nil
+
+          batch = []
+          _each_item(each_opts.dup) do |item|
+
+            total += 1
+
+            # skip until we reach our offset (derived from the "next token")
+            next if total <= offset
+
+            if limit
+
+              if batch.size < limit
+                batch << item
+              else
+                # allow _each_item to yield one more item than needed
+                # so we can determine if we should return a "next token"
+                nil_or_next_token = total
+                break
+              end
+
+            else
+              batch << item
+            end
+
+          end
+
+          yield(batch)
+
+          nil_or_next_token
+
+        end
+
+        protected
+        def _each_item options = {}, &block
+          raise NotImplementedError
+        end
+
+      end
+
+    end
+  end
+end

data/lib/aws/core/configuration.rb

@@ -102,6 +102,26 @@ module AWS
     #   size (in bytes) each S3 multipart segment should be.
     #   Defaults to 5242880 (5MB).
     #
+    # @attr_reader [Symbol] s3_server_side_encryption The algorithm to
+    #   use when encrypting object data on the server side.  The only
+    #   valid value is +:aes256+, which specifies that the object
+    #   should be stored using the AES encryption algorithm with 256
+    #   bit keys.  Defaults to +nil+, meaning server side encryption
+    #   is not used unless specified on each individual call to upload
+    #   an object.  This option controls the default behavior for the
+    #   following method:
+    #
+    #   * {S3::S3Object#write}
+    #   * {S3::S3Object#multipart_upload}
+    #   * {S3::S3Object#copy_from} and {S3::S3Object#copy_to}
+    #   * {S3::S3Object#presigned_post}
+    #   * {S3::Bucket#presigned_post}
+    #
+    #   You can construct an interface to Amazon S3 which always
+    #   stores data using server side encryption as follows:
+    #
+    #     s3 = AWS::S3.new(:s3_server_side_encryption => :aes256)
+    #
     # @attr_reader [String,nil] secret_access_key AWS secret access key 
     #   credential.  Defaults to +nil+.
     #
@@ -306,6 +326,7 @@ module AWS
             :ssl_ca_file,
             :user_agent_prefix,
             :logger,
+            :logger_truncate_strings_at,
           ]
 
           add_option :"#{ruby_name}_endpoint", default_endpoint
@@ -322,6 +343,8 @@ module AWS
       add_option :http_handler, Core::Http::NetHttpHandler.new
   
       add_option :logger
+
+      add_option :logger_truncate_strings_at, 1000 
   
       add_option :max_retries, 3
   

data/lib/aws/core/option_grammar.rb

@@ -130,6 +130,8 @@ module AWS
           end
   
         end
+
+        Long = Integer
   
         # @private
         module Boolean

data/lib/aws/core/page_result.rb

@@ -0,0 +1,73 @@
+# Copyright 2011 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"). You
+# may not use this file except in compliance with the License. A copy of
+# the License is located at
+#
+#     http://aws.amazon.com/apache2.0/
+#
+# or in the "license" file accompanying this file. This file is
+# distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF
+# ANY KIND, either express or implied. See the License for the specific
+# language governing permissions and limitations under the License.
+
+module AWS
+  module Core
+
+    class PageResult < Array
+
+      # @return [Collection] Returns the collection that was used to
+      #   populated this page of results.
+      attr_reader :collection
+
+      # @return [Integer] Returns the maximum number of results per page.
+      #   The final page in a collection may return fewer than +:per_page+
+      #   items (e.g. +:per_page+ is 10 and there are only 7 items).
+      attr_reader :per_page
+
+      # @return [String] An opaque token that can be passed the #page method
+      #   of the collection that returned this page of results.  This next
+      #   token behaves as a pseudo offset.  If +next_token+ is +nil+ then
+      #   there are no more results for the collection.
+      attr_reader :next_token
+      
+      # @param [Collection] collection The collection that was used to
+      #   request this page of results.  The collection should respond to
+      #   #page and accept a :next_token option.
+      #
+      # @param [Array] items An array of result items that represent a
+      #   page of results.
+      #
+      # @param [Integer] per_page The number of requested items for this
+      #   page of results.  If the count of items is smaller than +per_page+
+      #   then this is the last page of results.
+      #
+      # @param [String] next_token (nil) A token that can be passed to the
+      #   
+      def initialize collection, items, per_page, next_token
+        @collection = collection
+        @per_page = per_page
+        @next_token = next_token
+        super(items)
+      end
+
+      def next_page
+        if last_page?
+          raise 'unable to get the next page, already at the last page'
+        end
+        collection.page(:per_page => per_page, :next_token => next_token)
+      end
+
+      # @return [Boolean] Returns true if this is the last page of results.
+      def last_page?
+        next_token.nil?
+      end
+
+      # @return [Boolean] Returns true if there are more pages of results.
+      def more?
+        !!next_token
+      end
+
+    end
+  end
+end

data/lib/aws/ec2/security_group.rb

@@ -30,9 +30,10 @@ module AWS
     class SecurityGroup < Resource
 
       AWS.register_autoloads(self, 'aws/ec2/security_group') do
-        autoload :IpPermission,                 'ip_permission'
-        autoload :IpPermissionCollection,       'ip_permission_collection'
-        autoload :EgressIpPermissionCollection, 'egress_ip_permission_collection'
+        autoload :IpPermission,                  'ip_permission'
+        autoload :IpPermissionCollection,        'ingress_ip_permission_collection'
+        autoload :IngressIpPermissionCollection, 'ingress_ip_permission_collection'
+        autoload :EgressIpPermissionCollection,  'egress_ip_permission_collection'
       end
 
       include TaggedItem
@@ -79,12 +80,12 @@ module AWS
         vpc_id ? true : false
       end
 
-      # @return [SecurityGroup::IpPermissionCollection] Returns a
+      # @return [SecurityGroup::IngressIpPermissionCollection] Returns a
       #   collection of {IpPermission} objects that represents all of
       #   the (ingress) permissions this security group has 
       #   authorizations for.
       def ingress_ip_permissions
-        IpPermissionCollection.new(self, :config => config)
+        IngressIpPermissionCollection.new(self, :config => config)
       end
       alias_method :ip_permissions, :ingress_ip_permissions
 
@@ -105,8 +106,9 @@ module AWS
       #
       # @param [String] ip_ranges One or more IP ranges to allow ping from.
       #   Defaults to 0.0.0.0/0
-      # @return [IpPermission] Returns an IpPermission object that was added
-      #   to this security group.
+      #
+      # @return [nil]
+      #
       def allow_ping *sources
         sources << '0.0.0.0/0' if sources.empty?
         authorize_ingress('icmp', -1, *sources)
@@ -117,8 +119,9 @@ module AWS
       #
       # @param [String] ip_ranges One or more IP ranges to allow ping from.
       #   Defaults to 0.0.0.0/0
-      # @return [IpPermission] Returns an IpPermission object that was added
-      #   to this security group.
+      #
+      # @return [nil] 
+      #
       def disallow_ping *sources
         sources << '0.0.0.0/0' if sources.empty?
         revoke_ingress('icmp', -1, *sources)
@@ -138,25 +141,67 @@ module AWS
       #   # ftp
       #   security_group.authorize_ingress(:tcp, 20..21)
       #
+      # == Sources
+      # 
+      # Security groups accept ingress trafic from:
+      #
+      # * CIDR IP addresses
+      # * security groups
+      # * load balancers
+      # 
+      # === Ip Addresses
+      #
       # In the following example allow incoming SSH from a list of 
-      # IP address.
+      # IP address ranges.
       #
       #   security_group.authorize_ingress(:tcp, 22, 
       #     '111.111.111.111/0', '222.222.222.222/0')
       #
-      # You can also pass another security group as an ingress source.
-      # Allows traffic through that originates from EC2 instances inside
-      # the given security group.
+      # === Security Groups
+      #
+      # To autohrize ingress traffic from all EC2 instance in another
+      # security group, just pass the security group:
       #
       #   web = security_groups.create('webservers')
       #   db = security_groups.create('database')
-      #
-      #   # allows ec2 instances in the webservers security group to make
-      #   # tcp requests via port 3306 to instances in the database 
-      #   # security group
       #   db.authorize_ingress(:tcp, 3306, web)
       #
-      # You can even mix and match IP address and security group sources.
+      # You can also pass a hash of security group details instead of
+      # a {SecurityGroup} object.
+      #
+      #   # by security group name
+      #   sg.authorize_ingress(:tcp, 80, { :group_name => 'other-group' })
+      #
+      #   # by security group id
+      #   sg.authorize_ingress(:tcp, 80, { :group_id => 'sg-1234567' })
+      #
+      # If the security group belongs to a different account, just make
+      # sure it has the correct owner ID populated:
+      #
+      #   not_my_sg = SecurityGroup.new('sg-1234567', :owner_id => 'abcxyz123')
+      #   my_sg.authorize_ingress(:tcp, 80, not_my_sg)
+      #
+      # You can do the same with a hash as well (with either +:group_id+
+      # or +:group_name+):
+      #
+      #   sg.authorize_ingress(:tcp, 21..22, { :group_id => 'sg-id', :user_id => 'abcxyz123' }) 
+      #
+      # === Load Balancers
+      #
+      # If you use ELB to manage load balancers, then you need to add
+      # ingress permissions to the security groups they route traffic into.
+      # You can do this by passing the {LoadBalancer} into authorize_ingress:
+      #
+      #   load_balancer = AWS::ELB.new.load_balancers['web-load-balancer']
+      #
+      #   sg.authorize_ingress(:tcp, 80, load_balancer)
+      #
+      # === Multiple Sources
+      #
+      # You can provide multiple sources each time you call authorize
+      # ingress, and you can mix and match the source types:
+      #
+      #   sg.authorize_ingress(:tcp, 80, other_sg, '1.2.3.4/0', load_balancer)
       #
       # @param [String, Symbol] protocol Should be :tcp, :udp or :icmp
       #   or the string equivalent.
@@ -166,35 +211,38 @@ module AWS
       #   or a range (like 20..21).
       #
       # @param [Mixed] sources One or more CIDR IP addresses,
-      #   security groups, or hashes.  Hash values should
-      #   have :group_id and :user_id keys/values.  This is useful
-      #   for when the security group belongs to another account.  The
-      #   user id should be the owner_id (account id) of the security
-      #   group.
+      #   security groups, or load balancers.  Security groups
+      #   can be specified as hashes.
+      #
+      #   A security group hash must provide either +:group_id+ or 
+      #   +:group_name+ for the security group.  If the security group
+      #   does not belong to you aws account then you must also
+      #   provide +:user_id+ (which can be an AWS account ID or alias).
       #
-      # @return [IpPermission] Returns an IpPermission object that was added
-      #   to this security group.
+      # @return [nil]
       #
       def authorize_ingress protocol, ports, *sources
-        parse_ingress_sources(sources) do |options|
-          permission = IpPermission.new(self, protocol, ports, options)
-          permission.authorize
-          permission
-        end
+        client.authorize_security_group_ingress(
+          :group_id => id,
+          :ip_permissions => [ingress_opts(protocol, ports, sources)]
+        )
+        nil
       end
 
       # Revokes an ingress (inbound) ip permission.  This is the inverse 
       # operation to {#authorize_ingress}.  See {#authorize_ingress}
       # for param and option documentation.
+      #
       # @see #authorize_ingress
-      # @return [IpPermission] Returns an IpPermission object that was added
-      #   to this security group.
+      #
+      # @return [nil]
+      #
       def revoke_ingress protocol, ports, *sources
-        parse_ingress_sources(sources) do |options|
-          permission = IpPermission.new(self, protocol, ports, options)
-          permission.revoke
-          permission
-        end
+        client.revoke_security_group_ingress(
+          :group_id => id,
+          :ip_permissions => [ingress_opts(protocol, ports, sources)]
+        )
+        nil
       end
 
       # Authorize egress (outbound) traffic for a VPC security group.
@@ -209,44 +257,43 @@ module AWS
       # @note Calling this method on a non-VPC security group raises an error.
       #
       # @overload authorize_egress(*sources, options = {})
+      #
       #   @param [Mixed] sources One or more CIDR IP addresses,
-      #     security groups, or hashes.  Hash values should
-      #     have :group_id and :user_id keys/values.  This is useful
-      #     for when the security group belongs to another account.  The
-      #     user id should be the owner_id (account id) of the security
-      #     group.
+      #     security groups or load balancers.  See {#authorize_ingress}
+      #     for more information on accepted formats for sources.
+      #
       #   @param [Hash] options
-      #   @option options [Symbol] :protocol (:any) The protocol to authorize
-      #     traffic for.  If this option is ommitted, all protocols are
-      #     allowed.  Defaults to the symbol +:any+.  For a complete list of
-      #     supported protocols, see 
+      #
+      #   @option options [Symbol] :protocol (:any) The protocol name or number
+      #     to authorize egress traffic for.  For a complete list of protocols
+      #     see: {http://www.iana.org/assignments/protocol-numbers/protocol-numbers.xml}
+      #
       #   @option options [Range<Integer>,Integer] :ports (nil) An optional
       #     port or range of ports.  This option is required depending on
-      #     the protocal.  
-      #
-      # @param 
-      # @return [IpPermission] Returns an IpPermission object that was added
-      #   to this security group.
-      def authorize_egress *args
-        parse_egress_args(*args) do |protocol, ports, options|
-          permission = IpPermission.new(self, protocol, ports, options)
-          permission.authorize
-          permission
-        end
+      #     the protocol.  
+      #
+      # @return [nil]
+      #
+      def authorize_egress *sources
+        client.authorize_security_group_egress(
+          :group_id => id,
+          :ip_permissions => [egress_opts(sources)])
+        nil
       end
 
       # Revokes an egress (outound) ip permission.  This is the inverse 
       # operation to {#authorize_egress}.  See {#authorize_egress}
       # for param and option documentation.
+      #
       # @see #authorize_egress
-      # @return [IpPermission] Returns an IpPermission object that was added
-      #   to this security group.
-      def revoke_egress *args
-        parse_egress_args(*args) do |protocol, ports, options|
-          permission = IpPermission.new(self, protocol, ports, options)
-          permission.revoke
-          permission
-        end
+      #
+      # @return [nil]
+      #
+      def revoke_egress *sources
+        client.revoke_security_group_egress(
+          :group_id => id,
+          :ip_permissions => [egress_opts(sources)])
+        nil
       end
 
       # Deletes this security group. 
@@ -281,22 +328,25 @@ module AWS
 
       # @private
       protected
-      def parse_ingress_sources sources
+      def ingress_opts protocol, ports, sources
+
+        opts = {}
+        opts[:ip_protocol] = protocol.to_s.downcase
+        opts[:from_port] = Array(ports).first.to_i
+        opts[:to_port] = Array(ports).last.to_i
 
         ips, groups = parse_sources(sources)
 
-        options = {}
-        options[:ip_ranges] = ips unless ips.empty?
-        options[:groups] = groups unless groups.empty?
-        options[:egress] = false
+        opts[:ip_ranges] = ips unless ips.empty?
+        opts[:user_id_group_pairs] = groups unless groups.empty?
 
-        yield(options)
+        opts
 
       end
 
       # @private
       protected
-      def parse_egress_args *args, &block
+      def egress_opts args
         ensure_vpc do
 
           last = args.last
@@ -312,17 +362,22 @@ module AWS
             options = {}
           end
 
-          protocol = options[:protocol] || :any
+          opts = {}
+
+          opts[:ip_protocol] = [nil,:any, '-1'].include?(options[:protocol]) ?
+            '-1' : options[:protocol].to_s.downcase
 
-          ports = options[:ports]
+          if options[:ports]
+            opts[:from_port] = Array(options[:ports]).first.to_i
+            opts[:to_port] = Array(options[:ports]).last.to_i
+          end
 
           ips, groups = parse_sources(args)
 
-          options[:ip_ranges] = ips unless ips.empty?
-          options[:groups] = groups unless groups.empty?
-          options[:egress] = true
+          opts[:ip_ranges] = ips unless ips.empty?
+          opts[:user_id_group_pairs] = groups unless groups.empty?
 
-          yield(protocol, ports, options)
+          opts
 
         end
       end
@@ -336,29 +391,39 @@ module AWS
 
         sources.each do |source|
           case source
-          when String then ips << source
-          when SecurityGroup then groups << source
-          when Hash
-            if source.has_key?(:group_id) and source.has_key?(:user_id)
 
-              group = SecurityGroup.new(source[:group_id],
-                :owner_id => source[:user_id],
-                :config => config)
+          when String
+            ips << { :cidr_ip => source }
+
+          when SecurityGroup
+            groups << { :group_id => source.id, :user_id => source.owner_id }
 
-              groups << group
+          when ELB::LoadBalancer 
+            groups << source.source_security_group
 
-            else
+          when Hash
+            
+            # group name or id required
+            unless source.has_key?(:group_id) or source.has_key?(:group_name)
               raise ArgumentError, 'invalid ip permission hash, ' +
-                'must provide :group_id and :user_id'
+                'must provide :group_id or :group_name'
             end
 
+            # prevent typos
+            unless source.keys - [:group_id, :group_name, :user_id] == []
+              raise ArgumentError, 'invalid ip permission hash, ' +
+                'only accepts the following keys, :group_id, :group_name, :user_id'
+            end
+
+            groups << source
+
           else
             raise ArgumentError, 'invalid ingress ip permission, ' +
               'expected CIDR IP addres or SecurityGroup'
           end
         end
 
-        ips << '0.0.0.0/0' if ips.empty? and groups.empty?
+        ips << { :cidr_ip => '0.0.0.0/0' } if ips.empty? and groups.empty?
 
         [ips, groups]