aws-sdk 1.32.0 → 1.50.0

data/lib/aws/core/configuration.rb

@@ -116,7 +116,8 @@ module AWS
     #
     # @attr_reader [Logger,nil] logger (nil) The logging interface.
     #
-    # @attr_reader [Symbol] log_level (:info) The log level.
+    # @attr_reader [Symbol] log_level (:info) The log level to use when
+    #   logging every API call.  Does not set the `:logger`'s log_level.
     #
     # @attr_reader [LogFormatter] log_formatter The log message formatter.
     #
@@ -483,7 +484,7 @@ module AWS
       add_option :session_token
 
       add_option :region do |cfg,region|
-        region || ENV['AWS_REGION'] || ENV['AMAZON_REGION'] || 'us-east-1'
+        region || ENV['AWS_REGION'] || ENV['AMAZON_REGION'] || ENV['AWS_DEFAULT_REGION'] || 'us-east-1'
       end
 
       add_option_with_needs :credential_provider,

data/lib/aws/core/credential_providers.rb

@@ -16,6 +16,7 @@ require 'net/http'
 require 'timeout'
 require 'thread'
 require 'time'
+require 'json'
 
 module AWS
   module Core
@@ -37,14 +38,22 @@ module AWS
         #   `:access_key_id` or the `:secret_access_key` can not be found.
         #
         def credentials
-          @cached_credentials ||= begin
-            creds = get_credentials
-            unless creds[:access_key_id] and creds[:secret_access_key]
-              raise Errors::MissingCredentialsError
+          raise Errors::MissingCredentialsError unless set?
+          @cached_credentials.dup
+        end
+
+        # @return [Boolean] Returns true if has credentials and it contains
+        #   at least the `:access_key_id` and `:secret_access_key`.
+        #
+        def set?
+          @cache_mutex ||= Mutex.new
+          unless @cached_credentials
+            @cache_mutex.synchronize do
+              @cached_credentials ||= get_credentials
             end
-            creds
           end
-          @cached_credentials.dup
+          !!(@cached_credentials[:access_key_id] &&
+            @cached_credentials[:secret_access_key])
         end
 
         # @return [String] Returns the AWS access key id.
@@ -108,7 +117,9 @@ module AWS
           @providers = []
           @providers << StaticProvider.new(static_credentials)
           @providers << ENVProvider.new('AWS')
+          @providers << ENVProvider.new('AWS', :access_key_id => 'ACCESS_KEY', :secret_access_key => 'SECRET_KEY', :session_token => 'SESSION_TOKEN')
           @providers << ENVProvider.new('AMAZON')
+          @providers << SharedCredentialFileProvider.new if Dir.home rescue ArgumentError
           @providers << EC2Provider.new
         end
 
@@ -117,14 +128,17 @@ module AWS
 
         def credentials
           providers.each do |provider|
-            begin
+            if provider.set?
               return provider.credentials
-            rescue Errors::MissingCredentialsError
             end
           end
           raise Errors::MissingCredentialsError
         end
 
+        def set?
+          providers.any?(&:set?)
+        end
+
         def refresh
           providers.each do |provider|
             provider.refresh
@@ -181,8 +195,9 @@ module AWS
         include Provider
 
         # @param [String] prefix The prefix to apply to the ENV variable.
-        def initialize prefix
+        def initialize(prefix, suffixes=Hash[KEYS.map{|key| [key, key.to_s.upcase]}])
           @prefix = prefix
+          @suffixes = suffixes
         end
 
         # @return [String]
@@ -192,7 +207,7 @@ module AWS
         def get_credentials
           credentials = {}
           KEYS.each do |key|
-            if value = ENV["#{@prefix}_#{key.to_s.upcase}"]
+            if value = ENV["#{@prefix}_#{@suffixes[key]}"]
               credentials[key] = value
             end
           end
@@ -223,7 +238,7 @@ module AWS
 
         attr_reader :credential_file
 
-        # @param [Sring] credential_file The file path of a credential file
+        # @param [String] credential_file The file path of a credential file
         def initialize(credential_file)
           @credential_file = credential_file
         end
@@ -246,6 +261,58 @@ module AWS
         end
       end
 
+      class SharedCredentialFileProvider
+
+        include Provider
+
+        # @api private
+        KEY_MAP = {
+          "aws_access_key_id" => :access_key_id,
+          "aws_secret_access_key" => :secret_access_key,
+          "aws_session_token" => :session_token,
+        }
+
+        # @option [String] :path
+        # @option [String] :profile_name
+        def initialize(options = {})
+          @path = options[:path] || File.join(Dir.home, '.aws', 'credentials')
+          @profile_name = options[:profile_name]
+          @profile_name ||= ENV['AWS_PROFILE']
+          @profile_name ||= 'default'
+        end
+
+        # @return [String]
+        attr_reader :path
+
+        # @return [String]
+        attr_reader :profile_name
+
+        # (see Provider#get_credentials)
+        def get_credentials
+          if File.exist?(path) && File.readable?(path)
+            load_from_path
+          else
+            {}
+          end
+        end
+
+        private
+
+        def load_from_path
+          profile = load_profile
+          KEY_MAP.inject({}) do |credentials, (source, target)|
+            credentials[target] = profile[source] if profile.key?(source)
+            credentials
+          end
+        end
+
+        def load_profile
+          ini = IniParser.parse(File.read(path))
+          ini[profile_name] || {}
+        end
+
+      end
+
       # This credential provider tries to get credentials from the EC2
       # metadata service.
       class EC2Provider
@@ -313,7 +380,7 @@ module AWS
         #   `:access_key_id` or the `:secret_access_key` can not be found.
         #
         def credentials
-          if @credentials_expiration && @credentials_expiration.utc <= Time.now.utc - 5 * 60
+          if @credentials_expiration && @credentials_expiration.utc <= (Time.now.utc + (15 * 60))
             refresh
           end
           super
@@ -465,6 +532,57 @@ module AWS
 
       end
 
+      # An auto-refreshing credential provider that works by assuming
+      # a role via {AWS::STS#assume_role}.
+      #
+      #    provider = AWS::Core::CredentialProviders::AssumeRoleProvider.new(
+      #      sts: AWS::STS.new(access_key_id:'AKID', secret_access_key:'SECRET'),
+      #      # assume role options:
+      #      role_arn: "linked::account::arn",
+      #      role_session_name: "session-name"
+      #    )
+      #
+      #    ec2 = AWS::EC2.new(credential_provider:provider)
+      #
+      # If you omit the `:sts` option, a new {STS} service object will be
+      # constructed and it will use the default credential provider
+      # from {Aws.config}.
+      #
+      class AssumeRoleProvider
+
+        include Provider
+
+        # @option options [AWS::STS] :sts (STS.new) An instance of {AWS::STS}. 
+        #   This is used to make the API call to assume role.
+        # @option options [required, String] :role_arn
+        # @option options [required, String] :role_session_name
+        # @option options [String] :policy
+        # @option options [Integer] :duration_seconds
+        # @option options [String] :external_id
+        def initialize(options = {})
+          @options = options.dup
+          @sts = @options.delete(:sts) || STS.new
+        end
+
+        def credentials
+          refresh if near_expiration?
+          super
+        end
+
+        private
+
+        def near_expiration?
+          @expiration && @expiration.utc <= Time.now.utc + 5 * 60
+        end
+
+        def get_credentials
+          role = @sts.assume_role(@options)
+          @expiration = role[:credentials][:expiration]
+          role[:credentials]
+        end
+
+      end
+
       # Returns a set of fake credentials, should only be used for testing.
       class FakeProvider < StaticProvider
 

data/lib/aws/core/http/connection_pool.rb

@@ -228,10 +228,20 @@ module AWS
           def new options = {}
             options = pool_options(options)
             @pools_mutex.synchronize do
-              @pools[options] ||= super(options)
+              @pools[options] ||= build(options)
             end
           end
 
+          # Constructs and returns a new connection pool.  This pool is never
+          # shared.
+          # @option (see new)
+          # @return [ConnectionPool]
+          def build(options = {})
+            pool = allocate
+            pool.send(:initialize, pool_options(options))
+            pool
+          end
+
           # @return [Array<ConnectionPool>] Returns a list of of the constructed
           #   connection pools.
           def pools
@@ -277,8 +287,18 @@ module AWS
           args << endpoint.port
           args << proxy_uri.host
           args << proxy_uri.port
-          args << proxy_uri.user
-          args << proxy_uri.password
+          
+          if proxy_uri.user
+            args << URI::decode(proxy_uri.user)
+          else
+            args << nil
+          end
+          
+          if proxy_uri.password
+            args << URI::decode(proxy_uri.password)
+          else 
+            args << nil
+          end
 
           http = Net::HTTP.new(*args.compact)
           http.extend(SessionExtensions)

data/lib/aws/core/http/net_http_handler.rb

@@ -24,7 +24,7 @@ module AWS
       class NetHttpHandler
 
         class TruncatedBodyError < IOError; end
-        
+
         # @api private
         NETWORK_ERRORS = [
           SocketError, EOFError, IOError, Timeout::Error,
@@ -34,7 +34,7 @@ module AWS
 
         # (see ConnectionPool.new)
         def initialize options = {}
-          @pool = ConnectionPool.new(options)
+          @pool = options[:connection_pool] || ConnectionPool.new(options)
           @verify_content_length = options[:verify_response_body_content_length]
         end
 
@@ -58,33 +58,30 @@ module AWS
               http.continue_timeout = request.continue_timeout if
                 http.respond_to?(:continue_timeout=)
 
+              exp_length = nil
+              act_length = 0
               http.request(build_net_http_request(request)) do |net_http_resp|
                 response.status = net_http_resp.code.to_i
                 response.headers = net_http_resp.to_hash
                 exp_length = determine_expected_content_length(response)
-                act_length = 0
-                begin
-                  if block_given? and response.status < 300
-                    net_http_resp.read_body do |data|
-                      begin
-                        act_length += data.bytesize
-                        yield data
-                      ensure
-                        retry_possible = false
-                      end
+                if block_given? and response.status < 300
+                  net_http_resp.read_body do |data|
+                    begin
+                      act_length += data.bytesize
+                      yield data unless data.empty?
+                    ensure
+                      retry_possible = false
                     end
-                  else
-                    response.body = net_http_resp.read_body
-                    act_length += response.body.bytesize unless response.body.nil?
-                  end
-                ensure
-                  run_check = exp_length.nil? == false && request.http_method != "HEAD" && @verify_content_length
-                  if run_check && act_length != exp_length
-                    raise TruncatedBodyError, 'content-length does not match'
                   end
+                else
+                  response.body = net_http_resp.read_body
+                  act_length += response.body.bytesize unless response.body.nil?
                 end
               end
-
+              run_check = exp_length && request.http_method != "HEAD" && @verify_content_length
+              if run_check && act_length != exp_length
+                raise TruncatedBodyError, 'content-length does not match'
+              end
             end
 
           rescue *NETWORK_ERRORS => error

data/lib/aws/core/http/request.rb

@@ -54,6 +54,9 @@ module AWS
         #   to be populated for requests against signature v4 endpoints.
         attr_accessor :region
 
+        # @api private
+        attr_accessor :service
+
         # @return [String] Returns the AWS access key ID used to authorize the
         #   request.
         # @api private
@@ -135,6 +138,13 @@ module AWS
           end
         end
 
+        # @api private
+        def remove_param(name)
+          if param = @params.find { |p| p.name == name }
+            @params.delete(param)
+          end
+        end
+
         # @api private
         # @return [String,nil] Returns the url encoded request params.  If there
         #   are no params, then nil is returned.

data/lib/aws/core/ini_parser.rb

@@ -0,0 +1,42 @@
+# Copyright 2011-2014 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"). You
+# may not use this file except in compliance with the License. A copy of
+# the License is located at
+#
+#     http://aws.amazon.com/apache2.0/
+#
+# or in the "license" file accompanying this file. This file is
+# distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF
+# ANY KIND, either express or implied. See the License for the specific
+# language governing permissions and limitations under the License.
+
+module AWS
+  module Core
+
+    # @api private
+    module IniParser
+
+      def self.parse(ini)
+        current_section = {}
+        map = {}
+        ini.split(/\r?\n/).each do |line|
+          line = line.split(/^|\s;/).first # remove comments
+          section = line.match(/^\s*\[([^\[\]]+)\]\s*$/) unless line.nil?
+          if section
+            current_section = section[1]
+          elsif current_section
+            item = line.match(/^\s*(.+?)\s*=\s*(.+)\s*$/) unless line.nil?
+            if item
+              map[current_section] = map[current_section] || {}
+              map[current_section][item[1]] = item[2]
+            end
+          end  
+        end
+        map
+      end
+
+    end
+
+  end
+end

data/lib/aws/core/lazy_error_classes.rb

@@ -67,7 +67,13 @@ module AWS
       # @return [nil]
       def const_missing constant
         const_missing_mutex.synchronize do
-          const_set(constant, Class.new(Errors::Base) { extend LazyErrorClasses })
+          # It's possible the constant was defined by another thread while
+          # this thread was waiting on the mutex, check before setting.
+          if error_const_set?(constant)
+            const_get(constant)
+          else
+            const_set(constant, Class.new(Errors::Base) { extend LazyErrorClasses })
+          end
         end
       end
 
@@ -84,7 +90,19 @@ module AWS
         module_eval("#{self}::#{code.gsub('.Range','Range').gsub(".","::")}")
       end
 
-    end
+      private
+
+      # @return [Boolean] Returns true if the constant is defined in the
+      #   current module.
+      def error_const_set?(constant)
+        # Not using #const_defined? because in Ruby 1.9+, it returns true for
+        # constants not defined directly on the current module.
+        constant = constant.to_sym
+        # In Ruby 1.8, #constants returns an array of strings,
+        # in Ruby 1.9+, #constants returns an array of symbols.
+        constants.any? { |c| c.to_sym == constant }
+      end
 
+    end
   end
 end