RubyGems - aws-sdk - Versions diffs - 1.30.1 → 1.31.0 - Mend

aws-sdk 1.30.1 → 1.31.0

Files changed (126) hide show

checksums.yaml +4 -4
data/README.md +6 -3
data/lib/aws/api_config/CloudFront-2013-11-11.yml +2886 -0
data/lib/aws/api_config/CloudTrail-2013-11-01.yml +36 -0
data/lib/aws/api_config/ElasticTranscoder-2012-09-25.yml +67 -446
data/lib/aws/auto_scaling.rb +0 -1
data/lib/aws/auto_scaling/client.rb +2 -0
data/lib/aws/cloud_formation.rb +0 -1
data/lib/aws/cloud_formation/client.rb +2 -0
data/lib/aws/cloud_front.rb +0 -1
data/lib/aws/cloud_front/client.rb +6 -6
data/lib/aws/cloud_search.rb +0 -1
data/lib/aws/cloud_search/client.rb +3 -0
data/lib/aws/cloud_trail.rb +0 -1
data/lib/aws/cloud_trail/client.rb +2 -0
data/lib/aws/cloud_watch.rb +0 -1
data/lib/aws/cloud_watch/client.rb +2 -0
data/lib/aws/core.rb +8 -6
data/lib/aws/core/client.rb +30 -4
data/lib/aws/core/configuration.rb +1 -1
data/lib/aws/core/http/request.rb +2 -1
data/lib/aws/core/signers/base.rb +46 -0
data/lib/aws/core/signers/cloud_front.rb +56 -0
data/lib/aws/core/signers/s3.rb +159 -0
data/lib/aws/core/signers/version_2.rb +72 -0
data/lib/aws/core/signers/version_3.rb +86 -0
data/lib/aws/core/signers/version_3_https.rb +61 -0
data/lib/aws/core/signers/version_4.rb +228 -0
data/lib/aws/core/signers/version_4/chunk_signed_stream.rb +191 -0
data/lib/aws/data_pipeline.rb +0 -1
data/lib/aws/data_pipeline/client.rb +3 -0
data/lib/aws/direct_connect.rb +0 -1
data/lib/aws/direct_connect/client.rb +3 -0
data/lib/aws/dynamo_db.rb +0 -1
data/lib/aws/dynamo_db/client.rb +2 -0
data/lib/aws/ec2.rb +0 -1
data/lib/aws/ec2/client.rb +21 -0
data/lib/aws/elastic_beanstalk.rb +0 -1
data/lib/aws/elastic_beanstalk/client.rb +3 -0
data/lib/aws/elastic_transcoder.rb +0 -1
data/lib/aws/elastic_transcoder/client.rb +2 -0
data/lib/aws/elasticache.rb +0 -1
data/lib/aws/elasticache/client.rb +2 -0
data/lib/aws/elb.rb +0 -1
data/lib/aws/elb/client.rb +2 -0
data/lib/aws/emr.rb +0 -1
data/lib/aws/emr/client.rb +2 -0
data/lib/aws/glacier.rb +0 -1
data/lib/aws/glacier/client.rb +2 -0
data/lib/aws/iam.rb +0 -1
data/lib/aws/iam/client.rb +2 -0
data/lib/aws/import_export.rb +0 -1
data/lib/aws/import_export/client.rb +2 -0
data/lib/aws/kinesis.rb +0 -1
data/lib/aws/kinesis/client.rb +2 -0
data/lib/aws/ops_works.rb +0 -1
data/lib/aws/ops_works/client.rb +2 -0
data/lib/aws/rds.rb +0 -1
data/lib/aws/rds/client.rb +2 -0
data/lib/aws/redshift.rb +0 -1
data/lib/aws/redshift/client.rb +2 -0
data/lib/aws/route_53.rb +0 -1
data/lib/aws/route_53/client.rb +2 -0
data/lib/aws/s3.rb +1 -0
data/lib/aws/s3/bucket_collection.rb +9 -7
data/lib/aws/s3/client.rb +70 -9
data/lib/aws/s3/config.rb +12 -0
data/lib/aws/s3/object_collection.rb +4 -9
data/lib/aws/s3/presign_v4.rb +127 -0
data/lib/aws/s3/presigned_post.rb +1 -1
data/lib/aws/s3/request.rb +0 -136
data/lib/aws/s3/s3_object.rb +40 -19
data/lib/aws/simple_db.rb +0 -1
data/lib/aws/simple_db/client.rb +2 -0
data/lib/aws/simple_email_service.rb +0 -1
data/lib/aws/simple_email_service/client.rb +2 -0
data/lib/aws/simple_workflow.rb +0 -1
data/lib/aws/simple_workflow/client.rb +2 -0
data/lib/aws/sns.rb +0 -1
data/lib/aws/sns/client.rb +2 -0
data/lib/aws/sqs.rb +0 -1
data/lib/aws/sqs/client.rb +2 -0
data/lib/aws/storage_gateway.rb +0 -1
data/lib/aws/storage_gateway/client.rb +2 -0
data/lib/aws/sts.rb +0 -1
data/lib/aws/sts/client.rb +2 -0
data/lib/aws/support.rb +0 -1
data/lib/aws/support/client.rb +2 -0
data/lib/aws/version.rb +1 -1
metadata +12 -38
data/lib/aws/auto_scaling/request.rb +0 -29
data/lib/aws/cloud_formation/request.rb +0 -29
data/lib/aws/cloud_front/request.rb +0 -30
data/lib/aws/cloud_search/request.rb +0 -23
data/lib/aws/cloud_trail/request.rb +0 -30
data/lib/aws/cloud_watch/request.rb +0 -29
data/lib/aws/core/signature/version_2.rb +0 -56
data/lib/aws/core/signature/version_3.rb +0 -77
data/lib/aws/core/signature/version_3_https.rb +0 -54
data/lib/aws/core/signature/version_4.rb +0 -135
data/lib/aws/core/signer.rb +0 -46
data/lib/aws/data_pipeline/request.rb +0 -26
data/lib/aws/direct_connect/request.rb +0 -27
data/lib/aws/dynamo_db/request.rb +0 -26
data/lib/aws/ec2/request.rb +0 -21
data/lib/aws/elastic_beanstalk/request.rb +0 -29
data/lib/aws/elastic_transcoder/request.rb +0 -30
data/lib/aws/elasticache/request.rb +0 -23
data/lib/aws/elb/request.rb +0 -29
data/lib/aws/emr/request.rb +0 -28
data/lib/aws/glacier/request.rb +0 -29
data/lib/aws/iam/request.rb +0 -29
data/lib/aws/import_export/request.rb +0 -23
data/lib/aws/kinesis/request.rb +0 -26
data/lib/aws/ops_works/request.rb +0 -27
data/lib/aws/rds/request.rb +0 -29
data/lib/aws/redshift/request.rb +0 -29
data/lib/aws/route_53/request.rb +0 -23
data/lib/aws/simple_db/request.rb +0 -23
data/lib/aws/simple_email_service/request.rb +0 -27
data/lib/aws/simple_workflow/request.rb +0 -28
data/lib/aws/sns/request.rb +0 -29
data/lib/aws/sqs/request.rb +0 -31
data/lib/aws/storage_gateway/request.rb +0 -28
data/lib/aws/sts/request.rb +0 -29
data/lib/aws/support/request.rb +0 -27

data/lib/aws/core/signers/version_2.rb ADDED

@@ -0,0 +1,72 @@
+# Copyright 2011-2013 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"). You
+# may not use this file except in compliance with the License. A copy of
+# the License is located at
+#
+#     http://aws.amazon.com/apache2.0/
+#
+# or in the "license" file accompanying this file. This file is
+# distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF
+# ANY KIND, either express or implied. See the License for the specific
+# language governing permissions and limitations under the License.
+module AWS
+  module Core
+    module Signers
+      # @api private
+      class Version2
+        include Base
+        # @param [CredentialProviders::Provider] credentials
+        def initialize credentials
+          @credentials = credentials
+        end
+        # @return [CredentialProviders::Provider]
+        attr_reader :credentials
+        # @param [Http::Request] req
+        # @return [Http::Request]
+        def sign_request req
+          req.add_param('AWSAccessKeyId', credentials.access_key_id)
+          if token = credentials.session_token
+            req.add_param("SecurityToken", token)
+          end
+          req.add_param('SignatureVersion', '2')
+          req.add_param('SignatureMethod', 'HmacSHA256')
+          req.add_param('Signature', signature(req))
+          req.body = req.url_encoded_params
+          req
+        end
+        private
+        # @param [Http::Request] req
+        def signature req
+          sign(credentials.secret_access_key, string_to_sign(req))
+        end
+        # @param [Http::Request] req
+        def string_to_sign req
+          host =
+            case req.port
+            when 80, 443 then req.host
+            else "#{req.host}:#{req.port}"
+            end
+          [
+            req.http_method,
+            host.to_s.downcase,
+            req.path,
+            req.url_encoded_params,
+          ].join("\n")
+        end
+      end
+    end
+  end
+end

data/lib/aws/core/signers/version_3.rb ADDED

@@ -0,0 +1,86 @@
+# Copyright 2011-2013 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"). You
+# may not use this file except in compliance with the License. A copy of
+# the License is located at
+#
+#     http://aws.amazon.com/apache2.0/
+#
+# or in the "license" file accompanying this file. This file is
+# distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF
+# ANY KIND, either express or implied. See the License for the specific
+# language governing permissions and limitations under the License.
+require 'openssl'
+require 'time'
+module AWS
+  module Core
+    module Signers
+      # @api private
+      class Version3
+        include Base
+        # @param [CredentialProviders::Provider] credentials
+        def initialize credentials
+          @credentials = credentials
+        end
+        # @return [CredentialProviders::Provider]
+        attr_reader :credentials
+        # @param [Http::Request] req
+        # @return [Http::Request]
+        def sign_request req
+          req.headers["x-amz-date"] ||= (req.headers["date"] ||= Time.now.httpdate)
+          req.headers["host"] ||= req.host
+          req.headers["x-amz-security-token"] = credentials.session_token if
+            credentials.session_token
+          req.headers["x-amzn-authorization"] =
+            "AWS3 "+
+            "AWSAccessKeyId=#{credentials.access_key_id},"+
+            "Algorithm=HmacSHA256,"+
+            "SignedHeaders=#{headers_to_sign(req).join(';')},"+
+            "Signature=#{signature(req)}"
+        end
+        private
+        # @param [Http::Request] req
+        def signature req, service_signing_name = nil
+          sign(credentials.secret_access_key, string_to_sign(req))
+        end
+        # @param [Http::Request] req
+        def string_to_sign req
+          OpenSSL::Digest::SHA256.digest([
+            req.http_method,
+            "/",
+            "",
+            canonical_headers(req),
+            req.body
+          ].join("\n"))
+        end
+        # @param [Http::Request] req
+        def canonical_headers req
+          headers_to_sign(req).map do |name|
+            value = req.headers[name]
+            "#{name.downcase.strip}:#{value.strip}\n"
+          end.sort.join
+        end
+        # @param [Http::Request] req
+        def headers_to_sign req
+          req.headers.keys.select do |header|
+              header == "host" ||
+              header == "content-encoding" ||
+              header =~ /^x-amz/
+          end
+        end
+      end
+    end
+  end
+end

data/lib/aws/core/signers/version_3_https.rb ADDED

@@ -0,0 +1,61 @@
+# Copyright 2011-2013 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"). You
+# may not use this file except in compliance with the License. A copy of
+# the License is located at
+#
+#     http://aws.amazon.com/apache2.0/
+#
+# or in the "license" file accompanying this file. This file is
+# distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF
+# ANY KIND, either express or implied. See the License for the specific
+# language governing permissions and limitations under the License.
+require 'time'
+module AWS
+  module Core
+    module Signers
+      # @api private
+      class Version3Https
+        include Base
+        # @param [CredentialProviders::Provider] credentials
+        def initialize credentials
+          @credentials = credentials
+        end
+        # @return [CredentialProviders::Provider]
+        attr_reader :credentials
+        # @param [Http::Request] req
+        # @return [Http::Request]
+        def sign_request req
+          parts = []
+          parts << "AWS3-HTTPS AWSAccessKeyId=#{credentials.access_key_id}"
+          parts << "Algorithm=HmacSHA256"
+          parts << "Signature=#{signature(req)}"
+          req.headers['x-amzn-authorization'] = parts.join(',')
+          req.headers['x-amz-security-token'] = credentials.session_token if
+            credentials.session_token
+          req
+        end
+        private
+        # @param [Http::Request] req
+        def signature req
+          sign(credentials.secret_access_key, string_to_sign(req))
+        end
+        # @param [Http::Request] req
+        def string_to_sign req
+          req.headers['date'] ||= Time.now.httpdate
+        end
+      end
+    end
+  end
+end

data/lib/aws/core/signers/version_4.rb ADDED

@@ -0,0 +1,228 @@
+# Copyright 2011-2013 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"). You
+# may not use this file except in compliance with the License. A copy of
+# the License is located at
+#
+#     http://aws.amazon.com/apache2.0/
+#
+# or in the "license" file accompanying this file. This file is
+# distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF
+# ANY KIND, either express or implied. See the License for the specific
+# language governing permissions and limitations under the License.
+require 'time'
+require 'openssl'
+require 'digest'
+module AWS
+  module Core
+    module Signers
+      # @api private
+      class Version4
+        autoload :ChunkSignedStream, 'aws/core/signers/version_4/chunk_signed_stream'
+        # @api private
+        # SHA256 hex digest of the empty string
+        EMPTY_DIGEST = 'e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855'
+        # @api private
+        STREAMING_CHECKSUM = "STREAMING-AWS4-HMAC-SHA256-PAYLOAD"
+        # @param [CredentialProviders::Provider] credentials
+        # @param [String] service_name
+        # @param [String] region
+        def initialize credentials, service_name, region
+          @credentials = credentials
+          @service_name = service_name
+          @region = region
+        end
+        # @return [CredentialProviders::Provider]
+        attr_reader :credentials
+        # @return [String]
+        attr_reader :service_name
+        # @return [String]
+        attr_reader :region
+        # @param [Http::Request] req
+        # @option options [Boolean] :chunk_signing (false) When +true+, the
+        #   request body will be signed in chunk.
+        # @option options [DateTime String<YYYYMMDDTHHMMSSZ>] :datetime
+        # @return [Http::Request]
+        def sign_request req, options = {}
+          datetime = options[:datetime] || Time.now.utc.strftime("%Y%m%dT%H%M%SZ")
+          key = derive_key(datetime)
+          token = credentials.session_token
+          chunk_signing = !!options[:chunk_signing]
+          content_sha256 = req.headers['x-amz-content-sha256'] || body_digest(req, chunk_signing)
+          req.headers['host'] = req.host
+          req.headers['x-amz-date'] = datetime
+          req.headers['x-amz-security-token'] = token if token
+          req.headers['x-amz-content-sha256'] = content_sha256
+          if chunk_signing
+            orig_size = req.headers['content-length'].to_i
+            signed_size = ChunkSignedStream.signed_size(orig_size.to_i)
+            req.headers['content-length'] = signed_size.to_s
+            req.headers['x-amz-decoded-content-length'] = orig_size.to_s
+          end
+          req.headers['authorization'] = authorization(req, key, datetime, content_sha256)
+          req.body_stream = chunk_signed_stream(req, key) if chunk_signing
+          req
+        end
+        def signature(request, key, datetime, content_sha256)
+          string = string_to_sign(request, datetime, content_sha256)
+          hexhmac(key, string)
+        end
+        def credential(datetime)
+          "#{credentials.access_key_id}/#{key_path(datetime)}"
+        end
+        def derive_key(datetime)
+          k_secret = credentials.secret_access_key
+          k_date = hmac("AWS4" + k_secret, datetime[0,8])
+          k_region = hmac(k_date, region)
+          k_service = hmac(k_region, service_name)
+          k_credentials = hmac(k_service, 'aws4_request')
+        end
+        private
+        # Wraps the req body stream with another stream.  The wrapper signs
+        # the original body as it is read, injecting signatures of indiviaul
+        # chunks into the resultant stream.
+        # @param [Http::Request] req
+        # @param [String] key
+        # @param [String] datetime
+        def chunk_signed_stream req, key
+          args = []
+          args << req.body_stream
+          args << req.headers['x-amz-decoded-content-length'].to_i
+          args << key
+          args << key_path(req.headers['x-amz-date'])
+          args << req.headers['x-amz-date']
+          args << req.headers['authorization'].split('Signature=')[1]
+          ChunkSignedStream.new(*args)
+        end
+        def authorization req, key, datetime, content_sha256
+          parts = []
+          parts << "AWS4-HMAC-SHA256 Credential=#{credential(datetime)}"
+          parts << "SignedHeaders=#{signed_headers(req)}"
+          parts << "Signature=#{signature(req, key, datetime, content_sha256)}"
+          parts.join(', ')
+        end
+        def string_to_sign req, datetime, content_sha256
+          parts = []
+          parts << 'AWS4-HMAC-SHA256'
+          parts << datetime
+          parts << key_path(datetime)
+          parts << hexdigest(canonical_request(req, content_sha256))
+          parts.join("\n")
+        end
+        # @param [String] datetime
+        # @return [String] the signature scope.
+        def key_path datetime
+          parts = []
+          parts << datetime[0,8]
+          parts << region
+          parts << service_name
+          parts << 'aws4_request'
+          parts.join("/")
+        end
+        # @param [Http::Request] req
+        def canonical_request req, content_sha256
+          parts = []
+          parts << req.http_method
+          parts << req.path
+          parts << req.querystring
+          parts << canonical_headers(req) + "\n"
+          parts << signed_headers(req)
+          parts << content_sha256
+          parts.join("\n")
+        end
+        # @param [Http::Request] req
+        def signed_headers req
+          to_sign = req.headers.keys.map{|k| k.to_s.downcase }
+          to_sign.delete('authorization')
+          to_sign.sort.join(";")
+        end
+        # @param [Http::Request] req
+        def canonical_headers req
+          headers = []
+          req.headers.each_pair do |k,v|
+            headers << [k,v] unless k == 'authorization'
+          end
+          headers = headers.sort_by(&:first)
+          headers.map{|k,v| "#{k}:#{canonical_header_values(v)}" }.join("\n")
+        end
+        # @param [String,Array<String>] values
+        def canonical_header_values values
+          values = [values] unless values.is_a?(Array)
+          values.map(&:to_s).join(',').gsub(/\s+/, ' ').strip
+        end
+        # @param [Http::Request] req
+        # @param [Boolean] chunk_signing
+        # @return [String]
+        def body_digest req, chunk_signing
+          case
+          when chunk_signing then STREAMING_CHECKSUM
+          when ['', nil].include?(req.body) then EMPTY_DIGEST
+          else hexdigest(req.body)
+          end
+        end
+        # @param [String] value
+        # @return [String]
+        def hexdigest value
+          digest = Digest::SHA256.new
+          if value.respond_to?(:read)
+            chunk = nil
+            chunk_size = 1024 * 1024 # 1 megabyte
+            digest.update(chunk) while chunk = value.read(chunk_size)
+            value.rewind
+          else
+            digest.update(value)
+          end
+          digest.hexdigest
+        end
+        # @param [String] key
+        # @param [String] value
+        # @return [String]
+        def hmac key, value
+          OpenSSL::HMAC.digest(sha256_digest, key, value)
+        end
+        # @param [String] key
+        # @param [String] value
+        # @return [String]
+        def hexhmac key, value
+          OpenSSL::HMAC.hexdigest(sha256_digest, key, value)
+        end
+        def sha256_digest
+          OpenSSL::Digest::Digest.new('sha256')
+        end
+      end
+    end
+  end
+end