aws-sdk 1.30.1 → 1.31.0

data/lib/aws/auto_scaling.rb

@@ -82,7 +82,6 @@ module AWS
     autoload :LaunchConfigurationCollection, 'aws/auto_scaling/launch_configuration_collection'
     autoload :NotificationConfiguration, 'aws/auto_scaling/notification_configuration'
     autoload :NotificationConfigurationCollection, 'aws/auto_scaling/notification_configuration_collection'
-    autoload :Request, 'aws/auto_scaling/request'
     autoload :ScalingPolicy, 'aws/auto_scaling/scaling_policy'
     autoload :ScalingPolicyCollection, 'aws/auto_scaling/scaling_policy_collection'
     autoload :ScalingPolicyOptions, 'aws/auto_scaling/scaling_policy_options'

data/lib/aws/auto_scaling/client.rb

@@ -19,6 +19,8 @@ module AWS
 
       API_VERSION= '2011-01-01'
 
+      signature_version :Version4, 'autoscaling'
+
       # @api private
       CACHEABLE_REQUESTS = Set[
         :describe_adjustment_types,

data/lib/aws/cloud_formation.rb

@@ -147,7 +147,6 @@ module AWS
 
     autoload :Client, 'aws/cloud_formation/client'
     autoload :Errors, 'aws/cloud_formation/errors'
-    autoload :Request, 'aws/cloud_formation/request'
     autoload :Stack, 'aws/cloud_formation/stack'
     autoload :StackCollection, 'aws/cloud_formation/stack_collection'
     autoload :StackEvent, 'aws/cloud_formation/stack_event'

data/lib/aws/cloud_formation/client.rb

@@ -19,6 +19,8 @@ module AWS
 
       API_VERSION = '2010-05-15'
 
+      signature_version :Version4, 'cloudformation'
+
       # @api private
       CACHEABLE_REQUESTS = Set[
         :describe_adjustment_types,

data/lib/aws/cloud_front.rb

@@ -63,7 +63,6 @@ module AWS
 
     autoload :Client,  'aws/cloud_front/client'
     autoload :Errors,  'aws/cloud_front/errors'
-    autoload :Request, 'aws/cloud_front/request'
 
     include Core::ServiceInterface
 

data/lib/aws/cloud_front/client.rb

@@ -16,7 +16,9 @@ module AWS
 
     class Client < Core::RESTXMLClient
 
-      API_VERSION = '2013-09-27'
+      API_VERSION = '2013-11-11'
+
+      signature_version :Version4, 'cloudfront'
 
       # @api private
       CACHEABLE_REQUESTS = Set[]
@@ -24,21 +26,19 @@ module AWS
     end
 
     class Client::V20130512 < Client
-
       define_client_methods('2013-05-12')
-
     end
 
     class Client::V20130826 < Client
-
       define_client_methods('2013-08-26')
-
     end
 
     class Client::V20130927 < Client
-
       define_client_methods('2013-09-27')
+    end
 
+    class Client::V20131111 < Client
+      define_client_methods('2013-11-11')
     end
 
   end

data/lib/aws/cloud_search.rb

@@ -63,7 +63,6 @@ module AWS
 
     autoload :Client, 'aws/cloud_search/client'
     autoload :Errors, 'aws/cloud_search/errors'
-    autoload :Request, 'aws/cloud_search/request'
 
     include Core::ServiceInterface
 

data/lib/aws/cloud_search/client.rb

@@ -17,8 +17,11 @@ module AWS
     # Client class for Amazon Cloud Search.
     class Client < Core::QueryClient
 
+
       API_VERSION = '2011-02-01'
 
+      signature_version :Version4, 'cloudsearch'
+
       # @api private
       CACHEABLE_REQUESTS = Set[]
 

data/lib/aws/cloud_trail.rb

@@ -63,7 +63,6 @@ module AWS
 
     autoload :Client,  'aws/cloud_trail/client'
     autoload :Errors,  'aws/cloud_trail/errors'
-    autoload :Request, 'aws/cloud_trail/request'
 
     include Core::ServiceInterface
 

data/lib/aws/cloud_trail/client.rb

@@ -18,6 +18,8 @@ module AWS
 
       API_VERSION = '2013-11-01'
 
+      signature_version :Version4, 'cloudtrail'
+
       # @api private
       CACHEABLE_REQUESTS = Set[]
 

data/lib/aws/cloud_watch.rb

@@ -71,7 +71,6 @@ module AWS
     autoload :MetricCollection, 'aws/cloud_watch/metric_collection'
     autoload :MetricAlarmCollection, 'aws/cloud_watch/metric_alarm_collection'
     autoload :MetricStatistics, 'aws/cloud_watch/metric_statistics'
-    autoload :Request, 'aws/cloud_watch/request'
 
     include Core::ServiceInterface
 

data/lib/aws/cloud_watch/client.rb

@@ -19,6 +19,8 @@ module AWS
 
       API_VERSION = '2010-08-01'
 
+      signature_version :Version4, 'monitoring'
+
       # @api private
       CACHEABLE_REQUESTS = Set[
         :describe_alarm_history,

data/lib/aws/core.rb

@@ -201,7 +201,6 @@ module AWS
     autoload :RESTResponseParser, "#{SRC}/core/rest_response_parser"
 
     autoload :ServiceInterface, "#{SRC}/core/service_interface"
-    autoload :Signer, "#{SRC}/core/signer"
     autoload :UriEscape, "#{SRC}/core/uri_escape"
 
     module Options
@@ -210,11 +209,14 @@ module AWS
       autoload :Validator, "#{SRC}/core/options/validator"
     end
 
-    module Signature
-      autoload :Version2, "#{SRC}/core/signature/version_2"
-      autoload :Version3, "#{SRC}/core/signature/version_3"
-      autoload :Version3HTTPS, "#{SRC}/core/signature/version_3_https"
-      autoload :Version4, "#{SRC}/core/signature/version_4"
+    module Signers
+      autoload :Base, "#{SRC}/core/signers/base"
+      autoload :CloudFront, "#{SRC}/core/signers/cloud_front"
+      autoload :S3, "#{SRC}/core/signers/s3"
+      autoload :Version2, "#{SRC}/core/signers/version_2"
+      autoload :Version3, "#{SRC}/core/signers/version_3"
+      autoload :Version3Https, "#{SRC}/core/signers/version_3_https"
+      autoload :Version4, "#{SRC}/core/signers/version_4"
     end
 
     module XML

data/lib/aws/core/client.rb

@@ -48,7 +48,7 @@ module AWS
 
         # translate these into service specific configuration options,
         # e.g. :endpoint into :s3_endpoint
-        [:endpoint, :region, :port].each do |opt|
+        [:endpoint, :region, :port, :signature_version].each do |opt|
           if options[opt]
             options[:"#{service_ruby_name}_#{opt}"] = options.delete(opt)
           end
@@ -57,6 +57,8 @@ module AWS
         @config = (options.delete(:config) || AWS.config)
         @config = @config.with(options)
 
+        @region = @config.send(:"#{service_ruby_name}_region")
+
         @credential_provider = @config.credential_provider
         @http_handler = @config.http_handler
         @endpoint = config.send(:"#{service_ruby_name}_endpoint")
@@ -188,7 +190,7 @@ module AWS
 
       # @api private
       def new_request
-        eval(self.class.name.sub(/::Client.*$/, ''))::Request.new
+        Http::Request.new
       end
 
       def new_response(*args, &block)
@@ -480,7 +482,7 @@ module AWS
 
               response = new_response do
                 req = client.send(:build_request, name, options)
-                req.add_authorization!(credential_provider)
+                client.send(:sign_request, req)
                 req
               end
 
@@ -543,7 +545,7 @@ module AWS
         http_request.service_ruby_name = service_ruby_name
         http_request.host = endpoint
         http_request.port = port
-        http_request.region = config.send(:"#{service_ruby_name}_region")
+        http_request.region = @region
         http_request.use_ssl = config.use_ssl?
 
         send("configure_#{name}_request", http_request, opts)
@@ -565,6 +567,13 @@ module AWS
 
       end
 
+      # @param [Http::Request] req
+      # @return [Http::Request]
+      # @api private
+      def sign_request req
+        req
+      end
+
       def user_agent_string
         engine = (RUBY_ENGINE rescue nil or "ruby")
         user_agent = "%s aws-sdk-ruby/#{VERSION} %s/%s %s" %
@@ -675,6 +684,23 @@ module AWS
           YAML.load(File.read(path))
         end
 
+        # @param [Symbol] version
+        # @param [String,nil] service_signing_name Required for `:Version4`
+        # @api private
+        def signature_version version, service_signing_name = nil
+          define_method(:sign_request) do |req|
+            @signer ||= begin
+              signer_class = AWS::Core::Signers.const_get(version)
+              signer_args = (version == :Version4) ?
+                [credential_provider, service_signing_name, @region] :
+                [credential_provider]
+              signer_class.new(*signer_args)
+            end
+            @signer.sign_request(req)
+            req
+          end
+        end
+
         # Defines one method for each service operation described in
         # the API configuration.
         # @param [String] api_version

data/lib/aws/core/configuration.rb

@@ -437,7 +437,7 @@ module AWS
                 else
                   'us-gov-west-1' # e.g. iam.us-gov.amazonaws.com
                 end
-              elsif matches = endpoint.match(/^.+?[.-](.+)\.amazonaws.com$/)
+              elsif matches = endpoint.match(/^.+?[.-](.+)\.amazonaws.com/)
                 matches[1]
               else
                 AWS.const_get(name).global_endpoint? ? 'us-east-1' : config.region

data/lib/aws/core/http/request.rb

@@ -89,6 +89,7 @@ module AWS
         # @api private
         attr_accessor :continue_timeout
 
+        # @api private
         def endpoint
           scheme = use_ssl ? 'https' : 'http'
           port = case scheme
@@ -237,7 +238,7 @@ module AWS
           end
 
           def encoded
-            value ? "#{escape(name)}=#{escape(value)}" : escape(name)
+            value ? "#{escape(name)}=#{escape(value)}" : "#{escape(name)}="
           end
 
         end

data/lib/aws/core/signers/base.rb

@@ -0,0 +1,46 @@
+# Copyright 2011-2013 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"). You
+# may not use this file except in compliance with the License. A copy of
+# the License is located at
+#
+#     http://aws.amazon.com/apache2.0/
+#
+# or in the "license" file accompanying this file. This file is
+# distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF
+# ANY KIND, either express or implied. See the License for the specific
+# language governing permissions and limitations under the License.
+
+require 'base64'
+
+module AWS
+  module Core
+    module Signers
+      # @api private
+      module Base
+
+        # Signs a string using the credentials stored in memory.
+        # @param [String] secret Usually an AWS secret access key.
+        # @param [String] string_to_sign The string to sign.
+        # @param [String] digest_method The digest method to use when
+        #   computing the HMAC digest.
+        # @return [String] Returns the computed signature.
+        def sign secret, string_to_sign, digest_method = 'sha256'
+          Base64.encode64(hmac(secret, string_to_sign, digest_method)).strip
+        end
+        module_function :sign
+
+        # Computes an HMAC digest of the passed string.
+        # @param [String] key
+        # @param [String] value
+        # @param [String] digest ('sha256')
+        # @return [String]
+        def hmac key, value, digest = 'sha256'
+          OpenSSL::HMAC.digest(OpenSSL::Digest::Digest.new(digest), key, value)
+        end
+        module_function :hmac
+
+      end
+    end
+  end
+end

data/lib/aws/core/signers/cloud_front.rb

@@ -0,0 +1,56 @@
+# Copyright 2011-2013 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"). You
+# may not use this file except in compliance with the License. A copy of
+# the License is located at
+#
+#     http://aws.amazon.com/apache2.0/
+#
+# or in the "license" file accompanying this file. This file is
+# distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF
+# ANY KIND, either express or implied. See the License for the specific
+# language governing permissions and limitations under the License.
+
+require 'time'
+
+module AWS
+  module Core
+    module Signers
+      class CloudFront
+
+        include Base
+
+        # @param [CredentialProviders::Provider] credentials
+        def initialize credentials
+          @credentials = credentials
+        end
+
+        # @return [CredentialProviders::Provider]
+        attr_reader :credentials
+
+        # @param [Http::Request] req
+        # @return [Http::Request]
+        def sign_request req
+          req.headers['x-amz-security-token'] = credentials.session_token if
+            credentials.session_token
+          req.headers['authorization'] =
+            "AWS #{credentials.access_key_id}:#{signature(req)}"
+          req
+        end
+
+        private
+
+        # @param [Http::Request] req
+        def signature req
+          sign(credentials.secret_access_key, string_to_sign(req), 'sha1')
+        end
+
+        # @param [Http::Request] req
+        def string_to_sign req
+          req.headers['date'] ||= Time.now.httpdate
+        end
+
+      end
+    end
+  end
+end

data/lib/aws/core/signers/s3.rb

@@ -0,0 +1,159 @@
+# Copyright 2011-2013 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"). You
+# may not use this file except in compliance with the License. A copy of
+# the License is located at
+#
+#     http://aws.amazon.com/apache2.0/
+#
+# or in the "license" file accompanying this file. This file is
+# distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF
+# ANY KIND, either express or implied. See the License for the specific
+# language governing permissions and limitations under the License.
+
+module AWS
+  module Core
+    module Signers
+      # @api private
+      class S3
+
+        SUB_RESOURCES = %w(
+          acl location logging notification partNumber policy
+          requestPayment torrent uploadId uploads versionId
+          versioning versions restore delete lifecycle tagging cors
+          website
+        )
+
+        QUERY_PARAMS = %w(
+          response-content-type response-content-language
+          response-expires response-cache-control
+          response-content-disposition response-content-encoding
+        )
+
+        # @param [CredentialProviders::Provider] credentials
+        def initialize credentials
+          @credentials = credentials
+        end
+
+        # @return [CredentialProviders::Provider]
+        attr_reader :credentials
+
+        # @param [Http::Request] req
+        # @return [Http::Request]
+        def sign_request req
+          if token = credentials.session_token
+            req.headers["x-amz-security-token"] = token
+          end
+          req.headers["authorization"] = authorization(req)
+        end
+
+        private
+
+        def authorization req
+          "AWS #{credentials.access_key_id}:#{signature(req)}"
+        end
+
+        def signature req
+          secret = credentials.secret_access_key
+          signature = self.class.string_to_sign(req)
+          signature = Base.sign(credentials.secret_access_key, signature, 'sha1')
+          URI.escape(signature)
+        end
+
+        class << self
+
+          # From the S3 developer guide:
+          #
+          #     StringToSign =
+          #       HTTP-Verb ` "\n" `
+          #       content-md5 ` "\n" `
+          #       content-type ` "\n" `
+          #       date ` "\n" `
+          #       CanonicalizedAmzHeaders + CanonicalizedResource;
+          #
+          def string_to_sign req
+            [
+              req.http_method,
+              req.headers.values_at('content-md5', 'content-type').join("\n"),
+              signing_string_date(req),
+              canonicalized_headers(req),
+              canonicalized_resource(req),
+            ].flatten.compact.join("\n")
+          end
+
+          def signing_string_date req
+            # if a date is provided via x-amz-date then we should omit the
+            # Date header from the signing string (should appear as a blank line)
+            if req.headers.detect{|k,v| k.to_s =~ /^x-amz-date$/i }
+              ''
+            else
+              req.headers['date'] ||= Time.now.httpdate
+            end
+          end
+
+          # CanonicalizedAmzHeaders
+          #
+          # See the developer guide for more information on how this element
+          # is generated.
+          #
+          def canonicalized_headers req
+            x_amz = req.headers.select{|k, v| k.to_s =~ /^x-amz-/i }
+            x_amz = x_amz.collect{|k, v| [k.downcase, v] }
+            x_amz = x_amz.sort_by{|k, v| k }
+            x_amz = x_amz.collect{|k, v| "#{k}:#{v.to_s.strip}" }.join("\n")
+            x_amz == '' ? nil : x_amz
+          end
+
+          # From the S3 developer guide
+          #
+          #     CanonicalizedResource =
+          #       [ "/" ` Bucket ] `
+          #       <HTTP-Request-URI, protocol name up to the querystring> +
+          #       [ sub-resource, if present. e.g. "?acl", "?location",
+          #       "?logging", or "?torrent"];
+          #
+          # @api private
+          def canonicalized_resource req
+
+            parts = []
+
+            # virtual hosted-style requests require the hostname to appear
+            # in the canonicalized resource prefixed by a forward slash.
+            if
+              AWS::S3::Client.dns_compatible_bucket_name?(req.bucket) and
+              !req.path_style?
+            then
+              parts << "/#{req.bucket}"
+            end
+
+            # all requests require the portion of the un-decoded uri up to
+            # but not including the query string
+            parts << req.path
+
+            # lastly any sub resource querystring params need to be appened
+            # in lexigraphical ordered joined by '&' and prefixed by '?'
+            params =
+              sub_resource_params(req) +
+              query_parameters_for_signature(req)
+
+            unless params.empty?
+              parts << '?'
+              parts << params.sort.collect{|p| p.to_s }.join('&')
+            end
+
+            parts.join
+          end
+
+          def sub_resource_params req
+            req.params.select{|p| SUB_RESOURCES.include?(p.name) }
+          end
+
+          def query_parameters_for_signature req
+            req.params.select { |p| QUERY_PARAMS.include?(p.name) }
+          end
+
+        end
+      end
+    end
+  end
+end