aws-sdk 1.32.0 → 1.50.0

data/lib/aws/s3/cipher_io.rb

@@ -108,7 +108,7 @@ module AWS
         if free_space > 0
           @final = cipher.final
           chunk << @final[0..free_space-1]
-          @final = @final[free_space-1..@final.size-1]
+          @final = @final[free_space..@final.size-1]
           @eof   = true unless @final and @final.size > 0
         end
 

data/lib/aws/s3/client.rb

@@ -1,4 +1,5 @@
-# Copyright 2011-2013 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+# -*- coding: utf-8 -*-
+# Copyright 2011-2014 Amazon.com, Inc. or its affiliates. All Rights Reserved.
 #
 # Licensed under the Apache License, Version 2.0 (the "License"). You
 # may not use this file except in compliance with the License. A copy of
@@ -236,7 +237,7 @@ module AWS
       end
 
       def md5 str
-        Base64.encode64(Digest::MD5.digest(str)).strip
+        Base64.encode64(OpenSSL::Digest::MD5.digest(str)).strip
       end
 
       def parse_copy_part_response resp
@@ -291,6 +292,8 @@ module AWS
           'etag' => :etag,
           'x-amz-website-redirect-location' => :website_redirect_location,
           'accept-ranges' => :accept_ranges,
+          'x-amz-server-side-encryption-customer-algorithm' => :sse_customer_algorithm,
+          'x-amz-server-side-encryption-customer-key-MD5' => :sse_customer_key_md5
         }.each_pair do |header,method|
           if value = resp.http_response.header(header)
             resp.data[method] = value
@@ -1015,7 +1018,7 @@ module AWS
       #     * `:permission` - (String) Logging permissions given to the Grantee
       #          for the bucket. The bucket owner is automatically granted FULL_CONTROL
       #          to all logs delivered to the bucket. This optional element enables
-      #          you grant access to others. Valid Values: FULL_CONTROL | READ | WRITE 
+      #          you grant access to others. Valid Values: FULL_CONTROL | READ | WRITE
       #   @return [Core::Response]
       bucket_method(:put_bucket_logging, :put) do
         configure_request do |req, options|
@@ -1062,7 +1065,7 @@ module AWS
           xml = xml.doc.root.to_xml
           req.body = xml
           req.headers['content-md5'] = md5(xml)
-          
+
           super(req, options)
 
         end
@@ -1352,6 +1355,18 @@ module AWS
       #   @option options [String] :grant_read_acp
       #   @option options [String] :grant_write_acp
       #   @option options [String] :grant_full_control
+      #   @option options [String] :sse_customer_algorithm Specifies the
+      #     algorithm to use to when encrypting the object (e.g., AES256).
+      #   @option options [String] :sse_customer_key Specifies the
+      #     customer-provided encryption key for Amazon S3 to use in encrypting
+      #     data. This value is used to store the object and then it is
+      #     discarded; Amazon does not store the encryption key. The key must be
+      #     appropriate for use with the algorithm specified in the
+      #     `:sse_customer_algorithm` header.
+      #   @option options [String] :sse_customer_key_md5 Specifies the 128-bit
+      #     MD5 digest of the encryption key according to RFC 1321. Amazon S3
+      #     uses this header for a message integrity check to ensure the
+      #     encryption key was transmitted without error.
       #   @return [Core::Response]
       #
       object_method(:put_object, :put, :header_options => {
@@ -1368,6 +1383,9 @@ module AWS
         :content_encoding => 'Content-Encoding',
         :content_type => 'Content-Type',
         :expires => 'Expires',
+        :sse_customer_algorithm => 'x-amz-server-side-encryption-customer-algorithm',
+        :sse_customer_key => 'x-amz-server-side-encryption-customer-key',
+        :sse_customer_key_md5 => 'x-amz-server-side-encryption-customer-key-MD5',
       }) do
 
         configure_request do |request, options|
@@ -1419,6 +1437,18 @@ module AWS
       #     is true if and only if the object ETag matches the value for
       #     this option.  If `:matches` is true, the `:data` value
       #     of the response will be `nil`.
+      #   @option options [String] :sse_customer_algorithm Specifies the
+      #     algorithm to use to when encrypting the object (e.g., AES256).
+      #   @option options [String] :sse_customer_key Specifies the
+      #     customer-provided encryption key for Amazon S3 to use in encrypting
+      #     data. This value is used to store the object and then it is
+      #     discarded; Amazon does not store the encryption key. The key must be
+      #     appropriate for use with the algorithm specified in the
+      #     `:sse_customer_algorithm` header.
+      #   @option options [String] :sse_customer_key_md5 Specifies the 128-bit
+      #     MD5 digest of the encryption key according to RFC 1321. Amazon S3
+      #     uses this header for a message integrity check to ensure the
+      #     encryption key was transmitted without error.
       #   @option options [Range<Integer>] :range A byte range of data to request.
       #   @return [Core::Response]
       #
@@ -1427,7 +1457,10 @@ module AWS
                       :if_modified_since => "If-Modified-Since",
                       :if_unmodified_since => "If-Unmodified-Since",
                       :if_match => "If-Match",
-                      :if_none_match => "If-None-Match"
+                      :if_none_match => "If-None-Match",
+                      :sse_customer_algorithm => 'x-amz-server-side-encryption-customer-algorithm',
+                      :sse_customer_key => 'x-amz-server-side-encryption-customer-key',
+                      :sse_customer_key_md5 => 'x-amz-server-side-encryption-customer-key-MD5',
                     }) do
         configure_request do |req, options|
 
@@ -1484,14 +1517,75 @@ module AWS
       #   @option options [required,String] :bucket_name
       #   @option options [required,String] :key
       #   @option options [String] :version_id
+      #   @option options [Time] :if_modified_since If specified, the
+      #     response will contain an additional `:modified` value that
+      #     returns true if the object was modified after the given
+      #     time.  If `:modified` is false, then the response
+      #     `:data` value will be `nil`.
+      #   @option options [Time] :if_unmodified_since If specified, the
+      #     response will contain an additional `:unmodified` value
+      #     that is true if the object was not modified after the
+      #     given time.  If `:unmodified` returns false, the `:data`
+      #     value will be `nil`.
+      #   @option options [String] :if_match If specified, the response
+      #     will contain an additional `:matches` value that is true
+      #     if the object ETag matches the value for this option.  If
+      #     `:matches` is false, the `:data` value of the
+      #     response will be `nil`.
+      #   @option options [String] :if_none_match If specified, the
+      #     response will contain an additional `:matches` value that
+      #     is true if and only if the object ETag matches the value for
+      #     this option.  If `:matches` is true, the `:data` value
+      #     of the response will be `nil`.
+      #   @option options [String] :sse_customer_algorithm Specifies the
+      #     algorithm to use to when encrypting the object (e.g., AES256).
+      #   @option options [String] :sse_customer_key Specifies the
+      #     customer-provided encryption key for Amazon S3 to use in encrypting
+      #     data. This value is used to store the object and then it is
+      #     discarded; Amazon does not store the encryption key. The key must be
+      #     appropriate for use with the algorithm specified in the
+      #     `:sse_customer_algorithm` header.
+      #   @option options [String] :sse_customer_key_md5 Specifies the 128-bit
+      #     MD5 digest of the encryption key according to RFC 1321. Amazon S3
+      #     uses this header for a message integrity check to ensure the
+      #     encryption key was transmitted without error.
+      #   @option options [Range<Integer>] :range A byte range of data to request.
       #   @return [Core::Response]
-      object_method(:head_object, :head) do
+      object_method(:head_object, :head,
+                    :header_options => {
+                      :if_modified_since => "If-Modified-Since",
+                      :if_unmodified_since => "If-Unmodified-Since",
+                      :if_match => "If-Match",
+                      :if_none_match => "If-None-Match",
+                      :sse_customer_algorithm => 'x-amz-server-side-encryption-customer-algorithm',
+                      :sse_customer_key => 'x-amz-server-side-encryption-customer-key',
+                      :sse_customer_key_md5 => 'x-amz-server-side-encryption-customer-key-MD5',
+                    }) do
 
         configure_request do |req, options|
           super(req, options)
           if options[:version_id]
             req.add_param('versionId', options[:version_id])
           end
+
+          ["If-Modified-Since",
+           "If-Unmodified-Since"].each do |date_header|
+            case value = req.headers[date_header]
+            when DateTime
+              req.headers[date_header] = Time.parse(value.to_s).rfc2822
+            when Time
+              req.headers[date_header] = value.rfc2822
+            end
+          end
+
+          if options[:range]
+            range = options[:range]
+            if range.is_a?(Range)
+              offset = range.exclude_end? ? -1 : 0
+              range = "bytes=#{range.first}-#{range.last + offset}"
+            end
+            req.headers['Range'] = range
+          end
         end
 
         process_response do |resp|
@@ -1605,6 +1699,18 @@ module AWS
       #   @option options [String] :grant_read_acp
       #   @option options [String] :grant_write_acp
       #   @option options [String] :grant_full_control
+      #   @option options [String] :sse_customer_algorithm Specifies the
+      #     algorithm to use to when encrypting the object (e.g., AES256).
+      #   @option options [String] :sse_customer_key Specifies the
+      #     customer-provided encryption key for Amazon S3 to use in encrypting
+      #     data. This value is used to store the object and then it is
+      #     discarded; Amazon does not store the encryption key. The key must be
+      #     appropriate for use with the algorithm specified in the
+      #     `:sse_customer_algorithm` header.
+      #   @option options [String] :sse_customer_key_md5 Specifies the 128-bit
+      #     MD5 digest of the encryption key according to RFC 1321. Amazon S3
+      #     uses this header for a message integrity check to ensure the
+      #     encryption key was transmitted without error.
       #   @return [Core::Response]
       object_method(:initiate_multipart_upload, :post, 'uploads',
                     XML::InitiateMultipartUpload,
@@ -1621,6 +1727,9 @@ module AWS
                       :content_encoding => 'Content-Encoding',
                       :content_type => 'Content-Type',
                       :expires => 'Expires',
+                      :sse_customer_algorithm => 'x-amz-server-side-encryption-customer-algorithm',
+                      :sse_customer_key => 'x-amz-server-side-encryption-customer-key',
+                      :sse_customer_key_md5 => 'x-amz-server-side-encryption-customer-key-MD5',
                     }) do
 
         configure_request do |req, options|
@@ -1709,7 +1818,10 @@ module AWS
       #   @return [Core::Response]
       object_method(:upload_part, :put,
                     :header_options => {
-                      :content_md5 => 'Content-MD5'
+                      :content_md5 => 'Content-MD5',
+                      :sse_customer_algorithm => 'x-amz-server-side-encryption-customer-algorithm',
+                      :sse_customer_key => 'x-amz-server-side-encryption-customer-key',
+                      :sse_customer_key_md5 => 'x-amz-server-side-encryption-customer-key-MD5',
                     }) do
         configure_request do |request, options|
 
@@ -1834,6 +1946,12 @@ module AWS
       #     Controls whether Reduced Redundancy Storage is enabled for
       #     the object.  Valid values are 'STANDARD' and
       #     'REDUCED_REDUNDANCY'.
+      #   @option options [String] :metadata_directive ('COPY') Specify 'COPY' or
+      #     'REPLACE'.
+      #   @option options [String] :content_type
+      #   @option options [String] :content_encoding
+      #   @option options [String] :content_disposition
+      #   @option options [String] :cache_control
       #   @option options [String] :expires The date and time at which the
       #     object is no longer cacheable.
       #   @option options [String] :grant_read
@@ -1841,6 +1959,29 @@ module AWS
       #   @option options [String] :grant_read_acp
       #   @option options [String] :grant_write_acp
       #   @option options [String] :grant_full_control
+      #   @option options [String] :sse_customer_algorithm Specifies the
+      #     algorithm to use to when encrypting the object (e.g., AES256).
+      #   @option options [String] :sse_customer_key Specifies the
+      #     customer-provided encryption key for Amazon S3 to use in encrypting
+      #     data. This value is used to store the object and then it is
+      #     discarded; Amazon does not store the encryption key. The key must be
+      #     appropriate for use with the algorithm specified in the
+      #     `:sse_customer_algorithm` header.
+      #   @option options [String] :sse_customer_key_md5 Specifies the 128-bit
+      #     MD5 digest of the encryption key according to RFC 1321. Amazon S3
+      #     uses this header for a message integrity check to ensure the
+      #     encryption key was transmitted without error.
+      #   @option options [String] :copy_source_sse_customer_algorithm Specifies
+      #     the algorithm to use when decrypting the source object (e.g.,
+      #     AES256).
+      #   @option options [String] :copy_source_sse_customer_key Specifies the
+      #     customer-provided encryption key for Amazon S3 to use to decrypt the
+      #     source object. The encryption key provided in this header must be
+      #     one that was used when the source object was created.
+      #   @option options [String] :copy_source_sse_customer_key_md5 Specifies
+      #     the 128-bit MD5 digest of the encryption key according to RFC 1321.
+      #     Amazon S3 uses this header for a message integrity check to ensure
+      #     the encryption key was transmitted without error.
       #   @return [Core::Response]
       object_method(:copy_object, :put, :header_options => {
         :website_redirect_location => 'x-amz-website-redirect-location',
@@ -1854,8 +1995,15 @@ module AWS
         :cache_control => 'Cache-Control',
         :metadata_directive => 'x-amz-metadata-directive',
         :content_type => 'Content-Type',
+        :content_encoding => 'Content-Encoding',
         :content_disposition => 'Content-Disposition',
         :expires => 'Expires',
+        :sse_customer_algorithm => 'x-amz-server-side-encryption-customer-algorithm',
+        :sse_customer_key => 'x-amz-server-side-encryption-customer-key',
+        :sse_customer_key_md5 => 'x-amz-server-side-encryption-customer-key-MD5',
+        :copy_source_sse_customer_algorithm => 'x-amz-copy-source-server-side-encryption-customer-algorithm',
+        :copy_source_sse_customer_key => 'x-amz-copy-source-server-side-encryption-customer-key',
+        :copy_source_sse_customer_key_md5 => 'x-amz-copy-source-server-side-encryption-customer-key-MD5',
       }) do
 
         configure_request do |req, options|

data/lib/aws/s3/client/xml.rb

@@ -192,6 +192,13 @@ module AWS
               element("Days") { integer_value }
               element("Date") { datetime_value }
             end
+            element("NoncurrentVersionTransition") do
+              element("NoncurrentDays") { integer_value }
+              element("StorageClass") { string_value }
+            end
+            element("NoncurrentVersionDays") do
+              element("NoncurrentDays") { integer_value }
+            end
           end
         end
 

data/lib/aws/s3/multipart_upload.rb

@@ -30,6 +30,8 @@ module AWS
 
       include Core::Model
 
+      class EmptyUploadError < StandardError; end
+      
       # @api private
       def initialize(object, id, options = {})
         @id = id
@@ -273,7 +275,7 @@ module AWS
           complete_opts = get_complete_opts(part_numbers)
         end
 
-        raise "no parts uploaded" if complete_opts[:parts].empty?
+        raise EmptyUploadError.new("Unable to complete an empty upload.") if complete_opts[:parts].empty?
 
         resp = client.complete_multipart_upload(complete_opts)
         if resp.data[:version_id]

data/lib/aws/s3/object_collection.rb

@@ -159,7 +159,7 @@ module AWS
           else
             msg = "objects must be keys (strings or hashes with :key and " +
                   ":version_id), S3Objects or ObjectVersions, got " +
-                  object.class.name
+                  obj.class.name
             raise ArgumentError, msg
           end
         end

data/lib/aws/s3/presign_v4.rb

@@ -39,7 +39,14 @@ module AWS
       # @return (see S3Object#url_for)
       def presign(method, options = {})
 
-        now = Time.now.utc.strftime("%Y%m%dT%H%M%SZ")
+        now = Time.now.utc
+        one_week = 60 * 60 * 24 * 7
+        if options[:expires] - now.to_i > one_week
+          msg = "presigned URLs using sigv4 may not expire more than one week out"
+          raise ArgumentError, msg
+        end
+
+        now = now.strftime("%Y%m%dT%H%M%SZ")
 
         request = build_request(method, options)
 
@@ -47,10 +54,8 @@ module AWS
         request.headers['host'] = request.host
         signed_headers = 'Host'
 
-        # must be sent along with the PUT request headers
         if options[:acl]
-          request.headers['X-Amz-Acl'] = options[:acl].to_s.gsub(/_/, '-')
-          signed_headers << ';X-Amz-Acl'
+          request.add_param("X-Amz-Acl", options[:acl].to_s.gsub(/_/, '-'))
         end
 
         # must be sent along with the PUT request headers
@@ -66,10 +71,13 @@ module AWS
           end
         end
 
+        token = client.credential_provider.session_token
+
         request.add_param("X-Amz-Algorithm", "AWS4-HMAC-SHA256")
         request.add_param("X-Amz-Date", now)
         request.add_param("X-Amz-SignedHeaders", signed_headers)
         request.add_param("X-Amz-Expires", seconds_away(options[:expires]))
+        request.add_param('X-Amz-Security-Token', token) if token
         request.add_param("X-Amz-Credential", signer.credential(now))
         request.add_param("X-Amz-Signature", signature(request, now))
 
@@ -96,6 +104,7 @@ module AWS
         when :get, :read then :get_object
         when :put, :write then :put_object
         when :delete then :delete_object
+        when :head then :head_object
         else
           msg = "invalid method, expected :get, :put or :delete, got "
           msg << method.inspect

data/lib/aws/s3/s3_object.rb

@@ -589,6 +589,8 @@ module AWS
       #   @option options [String] :expires The date and time at which the
       #     object is no longer cacheable.
       #
+      #   @option options [String] :website_redirect_location
+      #
       # @return [S3Object, ObjectVersion] If the bucket has versioning
       #   enabled, this methods returns an {ObjectVersion}, otherwise
       #   this method returns `self`.
@@ -1179,6 +1181,7 @@ module AWS
       #   * `:get` or `:read`
       #   * `:put` or `:write`
       #   * `:delete`
+      #   * `:head`
       #
       # @param [Hash] options Additional options for generating the URL.
       #

data/lib/aws/simple_email_service.rb

@@ -55,6 +55,19 @@ module AWS
   # This has only been tested with Rails 2.3 and Rails 3.0.
   #
   #
+  # Regions
+  #
+  # SES is not available in all regions.  If you configure a default region
+  # where SES is not available, you will receive a network error.  You
+  # can configure a default region and a default SES region:
+  #
+  #     AWS.config(
+  #       :region => 'ap-southeast-1',
+  #       :ses => { :region => 'us-west-2' }
+  #     )
+  #
+  # [Go here for a complete list of supported regions](http://docs.aws.amazon.com/general/latest/gr/rande.html#ses_region).
+  #
   # # Identities
   #
   # Before you can send emails, you need to verify one or more identities.

data/lib/aws/simple_email_service/identity.rb

@@ -58,6 +58,8 @@ module AWS
 
       attribute :dkim_verification_status
 
+      mutable_attribute :delivery_topic_arn, :from => :delivery_topic
+
       mutable_attribute :bounce_topic_arn, :from => :bounce_topic
 
       mutable_attribute :complaint_topic_arn, :from => :complaint_topic
@@ -73,6 +75,7 @@ module AWS
       end
 
       provider(:get_identity_notification_attributes) do |provider|
+        provider.provides :delivery_topic_arn
         provider.provides :bounce_topic_arn
         provider.provides :complaint_topic_arn
         provider.provides :forwarding_enabled
@@ -96,6 +99,20 @@ module AWS
         end
       end
 
+      # @param [String,SNS::Topic] topic The topic (ARN string or topic
+      #   object) that delivery notifications should be published to.
+      def delivery_topic= topic
+        arn = topic.respond_to?(:arn) ? topic.arn : topic
+        self.delivery_topic_arn = arn
+      end
+
+      # @return [SNS::Topic,nil]
+      def delivery_topic
+        if arn = delivery_topic_arn
+          SNS::Topic.new(arn, :config => config)
+        end
+      end
+
       # @param [String,SNS::Topic] topic The topic (ARN string or topic
       #   object) that bounce notifications should be published to.
       def bounce_topic= topic
@@ -185,6 +202,10 @@ module AWS
         client_opts = {}
         client_opts[:identity] = identity
         case attr.name
+        when :delivery_topic_arn
+            method = :set_identity_notification_topic
+            client_opts[:notification_type] = 'Delivery'
+            client_opts[:sns_topic] = value if value
         when :bounce_topic_arn
           method = :set_identity_notification_topic
           client_opts[:notification_type] = 'Bounce'