aws-sdk 1.5.2 → 1.5.3

data/lib/aws/core/signature/version_3.rb

@@ -19,37 +19,37 @@ module AWS
     module Signature
       module Version3
 
-        def add_authorization!(signer)
+        def self.included base
+          base.send(:include, Signer)
+        end
 
-          self.access_key_id = signer.access_key_id
+        def add_authorization! credentials
 
           headers["x-amz-date"] ||= (headers["date"] ||= Time.now.rfc822)
           headers["host"] ||= host
 
-          headers["x-amz-security-token"] = signer.session_token if 
-            signer.respond_to?(:session_token) and signer.session_token
+          headers["x-amz-security-token"] = credentials.session_token if 
+            credentials.session_token
 
           # compute the authorization
-          request_hash = OpenSSL::Digest::SHA256.digest(string_to_sign)
-          signature = signer.sign(request_hash)
           headers["x-amzn-authorization"] =
             "AWS3 "+
-            "AWSAccessKeyId=#{signer.access_key_id},"+
+            "AWSAccessKeyId=#{credentials.access_key_id},"+
             "Algorithm=HmacSHA256,"+
             "SignedHeaders=#{headers_to_sign.join(';')},"+
-            "Signature=#{signature}"
+            "Signature=#{sign(credentials.secret_access_key, string_to_sign)}"
         end
 
         protected
 
         def string_to_sign
-          [
+          OpenSSL::Digest::SHA256.digest([
             http_method,
             "/",
             "",
             canonical_headers,
             body
-          ].join("\n")
+          ].join("\n"))
         end
 
         def canonical_headers

data/lib/aws/core/signature/version_4.rb

@@ -20,28 +20,32 @@ module AWS
     module Signature
       module Version4
   
-        def add_authorization! signer
-          self.access_key_id = signer.access_key_id
+        def self.included base
+          base.send(:include, Signer)
+        end
+
+        def add_authorization! credentials
           datetime = Time.now.utc.strftime("%Y%m%dT%H%M%SZ")
           headers['content-type'] ||= 'application/x-www-form-urlencoded'
           headers['host'] = host
           headers['x-amz-date'] = datetime
-          headers['x-amz-security-token'] = signer.session_token if signer.session_token
-          headers['authorization'] = authorization(signer, datetime)
+          headers['x-amz-security-token'] = credentials.session_token if 
+            credentials.session_token
+          headers['authorization'] = authorization(credentials, datetime)
         end
         
         protected
   
-        def authorization signer, datetime
+        def authorization credentials, datetime
           parts = []
-          parts << "AWS4-HMAC-SHA256 Credential=#{access_key_id}/#{credential_string(datetime)}"
+          parts << "AWS4-HMAC-SHA256 Credential=#{credentials.access_key_id}/#{credential_string(datetime)}"
           parts << "SignedHeaders=#{signed_headers}"
-          parts << "Signature=#{hex16(signature(signer, datetime))}"
+          parts << "Signature=#{hex16(signature(credentials, datetime))}"
           parts.join(', ')
         end
   
-        def signature signer, datetime
-          k_secret = signer.secret_access_key
+        def signature credentials, datetime
+          k_secret = credentials.secret_access_key
           k_date = hmac("AWS4" + k_secret, datetime[0,8])
           k_region = hmac(k_date, region)
           k_service = hmac(k_region, service)
@@ -124,10 +128,6 @@ module AWS
           string.unpack('H*').first
         end
   
-        def hmac key, string
-          OpenSSL::HMAC.digest(OpenSSL::Digest::Digest.new('sha256'), key, string)
-        end
-  
         def hash string
           Digest::SHA256.digest(string)
         end

data/lib/aws/core/signer.rb

@@ -0,0 +1,46 @@
+# Copyright 2011-2012 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"). You
+# may not use this file except in compliance with the License. A copy of
+# the License is located at
+#
+#     http://aws.amazon.com/apache2.0/
+#
+# or in the "license" file accompanying this file. This file is
+# distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF
+# ANY KIND, either express or implied. See the License for the specific
+# language governing permissions and limitations under the License.
+
+require 'base64'
+
+module AWS
+  module Core
+    
+    # This module provides a {#sign} method that accepts a secret
+    # and a string to sign.
+    module Signer
+
+      # Signs a string using the credentials stored in memory.
+      # @param [String] secret Usually an AWS secret access key.
+      # @param [String] string_to_sign The string to sign.
+      # @param [String] digest_method The digest method to use when
+      #   computing the HMAC digest.
+      # @return [String] Returns the computed signature.
+      def sign secret, string_to_sign, digest_method = 'sha256'
+        Base64.encode64(hmac(secret, string_to_sign, digest_method)).strip
+      end
+      module_function :sign
+
+      # Computes an HMAC digest of the passed string.
+      # @param [String] key
+      # @param [String] value
+      # @param [String] digest ('sha256')
+      # @return [String]
+      def hmac key, value, digest = 'sha256'
+        OpenSSL::HMAC.digest(OpenSSL::Digest::Digest.new(digest), key, value)
+      end
+      module_function :hmac
+
+    end
+  end
+end

data/lib/aws/dynamo_db/batch_write.rb

@@ -235,7 +235,8 @@ module AWS
       end
 
       def str2sym key_desc
-        type, value = key_desc.to_a.flatten
+        type = key_desc.keys.first
+        value = key_desc[type]
         case type
         when "S"  then { :s  => value }
         when "N"  then { :n  => value }

data/lib/aws/dynamo_db/client.rb

@@ -35,12 +35,13 @@ module AWS
 
         super
 
-        # If the signer does not provide a session token, then we will
-        # replace it with another signer that manages an AWS STS session.
-        # This session will auto renew whenever it has expired and will
-        # be shared across threads.
-        if config.signer.session_token.nil?
-          @signer = Core::SessionSigner.for(config) 
+        # Replaces the current credential provider with a SessionProvider
+        # that provides refreshable STS session credentials.  DynamoDB
+        # requires session credentials.
+        if credential_provider.session_token.nil?
+          long_term_credentials = credential_provider.credentials
+          @credential_provider = Core::CredentialProviders::SessionProvider.for(
+            long_term_credentials)
         end
 
       end
@@ -839,26 +840,17 @@ module AWS
       end
 
       def should_retry? response 
-        if possible_expired_credentials?(response)
-          true
-        elsif response.error.is_a?(Errors::ProvisionedThroughputExceededException)
+        if response.error.is_a?(Errors::ProvisionedThroughputExceededException)
           config.dynamo_db_retry_throughput_errors?
         else
           super
         end
       end
 
-      def rebuild_http_request response
-        # called when a request is going to be retried, in case of 
-        # expired credentials we should refresh the session
-        signer.refresh_session if possible_expired_credentials?(response)
-        super
-      end
-
       def sleep_durations response
 
         retry_count = 
-          if possible_expired_credentials?(response)
+          if expired_credentials?(response)
             config.max_retries == 0 ? 0 : 1
           else
             config.max_retries { 10 }
@@ -876,13 +868,6 @@ module AWS
 
       end
 
-      # Returns true if we get an access denied error from the service AND
-      # our signer is capible of getting new short-term credentials
-      def possible_expired_credentials? response
-        signer.respond_to?(:refresh_session) and
-        response.error.is_a?(Errors::ExpiredTokenException)
-      end
-
     end
   end
 end

data/lib/aws/dynamo_db/table.rb

@@ -420,29 +420,6 @@ module AWS
       #
       # @return (see BatchWrite#process!)
       # 
-      def batch_put items
-        batch = BatchWrite.new(:config => config)
-        batch.put(self, options)
-        batch.process!
-      end
-
-      # Batch delets up to 25 items.
-      #
-      #   table.batch_delete(%w(id1 id2 id3 id4))
-      #
-      # @param [Array<String>,Array<Array>] items A list of item keys to 
-      #   delete.  For tables without a range key, items should be an array
-      #   of hash key strings.
-      #
-      #      batch.delete('table-name', ['hk1', 'hk2', 'hk3'])
-      #
-      #   For tables with a range key, items should be an array of 
-      #   hash key and range key pairs.
-      #
-      #      batch.delete('table-name', [['hk1', 'rk1'], ['hk1', 'rk2']])
-      #
-      # @return (see BatchWrite#process!)
-      # 
       def batch_put items
         batch = BatchWrite.new(:config => config)
         batch.put(self, items)

data/lib/aws/ec2/client.rb

@@ -17,7 +17,7 @@ module AWS
     # Client class for Amazon Elastic Compute Cloud (EC2).
     class Client < Core::Client
 
-      API_VERSION = '2012-04-01'
+      API_VERSION = '2012-06-01'
 
       extend Core::Client::QueryXML
 
@@ -1883,6 +1883,9 @@ module AWS
       #       * +:association+ - (Hash)
       #         * +:public_ip+ - (String)
       #         * +:ip_owner_id+ - (String)
+      #     * +:iam_instance_profile+ - (Hash)
+      #       * +:arn+ - (String)
+      #       * +:id+ - (String)
       #
       # @return [Core::Response]
       #
@@ -2471,6 +2474,9 @@ module AWS
       #       * +:private_ip_address+ - (String)
       #       * +:security_group_id+ - (Array<String>)
       #       * +:delete_on_termination+ - (Boolean)
+      #     * +:iam_instance_profile+ - (Hash)
+      #       * +:arn+ - (String)
+      #       * +:name+ - (String)
       #   * +:instance_id+ - (String)
       #   * +:create_time+ - (Time)
       #   * +:product_description+ - (String)
@@ -3612,6 +3618,9 @@ module AWS
       #     * +:private_ip_address+ - (String)
       #     * +:groups+ - (Array<String>)
       #     * +:delete_on_termination+ - (Boolean)
+      #   * +:iam_instance_profile+ - (Hash)
+      #     * +:arn+ - (String)
+      #     * +:name+ - (String)
       #
       # === Response Structure:
       #
@@ -3659,6 +3668,9 @@ module AWS
       #       * +:private_ip_address+ - (String)
       #       * +:security_group_id+ - (Array<String>)
       #       * +:delete_on_termination+ - (Boolean)
+      #     * +:iam_instance_profile+ - (Hash)
+      #       * +:arn+ - (String)
+      #       * +:name+ - (String)
       #   * +:instance_id+ - (String)
       #   * +:create_time+ - (Time)
       #   * +:product_description+ - (String)
@@ -3929,6 +3941,9 @@ module AWS
       #   * +:private_ip_address+ - (String)
       #   * +:groups+ - (Array<String>)
       #   * +:delete_on_termination+ - (Boolean)
+      # * +:iam_instance_profile+ - (Hash)
+      #   * +:arn+ - (String)
+      #   * +:name+ - (String)
       #
       # === Response Structure:
       #
@@ -4016,6 +4031,9 @@ module AWS
       #     * +:association+ - (Hash)
       #       * +:public_ip+ - (String)
       #       * +:ip_owner_id+ - (String)
+      #   * +:iam_instance_profile+ - (Hash)
+      #     * +:arn+ - (String)
+      #     * +:id+ - (String)
       #
       # @return [Core::Response]
       #

data/lib/aws/ec2/image.rb

@@ -146,15 +146,15 @@ module AWS
       # @return [Hash] Returns a hash of block
       #   device mappings for the image.  In each entry, the key is
       #   the device name (e.g. +"/dev/sda1"+) and the value is an
-      #   object with the following methods that return information
+      #   hash with the following keys that return information
       #   about the block device:
       #
-      #   [snapshot_id] The ID of the snapshot that will be used to
+      #   [:snapshot_id] The ID of the snapshot that will be used to
       #                 create this device (may be nil).
       #
-      #   [volume_size] The size of the volume, in GiBs.
+      #   [:volume_size] The size of the volume, in GiBs.
       #
-      #   [delete_on_termination] True if the Amazon EBS volume is
+      #   [:delete_on_termination] True if the Amazon EBS volume is
       #                           deleted on instance termination.
       def block_device_mappings
         (block_device_mapping || []).inject({}) do |h,mapping|

data/lib/aws/ec2/instance.rb

@@ -144,6 +144,10 @@ module AWS
     # @attr_reader [String,nil] subnet_id Instances launched in a VPC have
     #   a subnet_id.  Normal EC2 instances return nil.
     #
+    # @attr_reader [String,nil] iam_instance_profile_id
+    #
+    # @attr_reader [String,nil] iam_instance_profile_arn
+    #
     class Instance < Resource
 
       include TaggedItem
@@ -260,6 +264,18 @@ module AWS
 
       describe_call_attribute :subnet_id, :static => true
 
+      describe_call_attribute :iam_instance_profile_id, 
+        :as => :iam_instance_profile,
+        :static => true do
+        translates_output{|profile| profile[:id] }
+      end
+
+      describe_call_attribute :iam_instance_profile_arn, 
+        :as => :iam_instance_profile,
+        :static => true do
+        translates_output{|profile| profile[:arn] }
+      end
+
       attribute :status do
         translates_output{|state| state.name.tr("-","_").to_sym }
       end
@@ -631,20 +647,17 @@ module AWS
         instance_action :stop
       end
 
-      # @private
       protected
+
       def find_in_response resp
         resp.instance_index[id]
       end
 
-      # @private
-      protected
       def instance_action name 
         client.send("#{name}_instances", :instance_ids => [id])
         nil
       end
 
-      protected
       def get_resource attribute
         if self.class.mutable_describe_attributes.include?(attribute.name)
           describe_attribute_call(attribute)
@@ -653,7 +666,6 @@ module AWS
         end
       end
 
-      protected
       def attributes_from_response_object(obj)
         if atts = super(obj)
           if obj[:instance_state]

data/lib/aws/ec2/instance_collection.rb

@@ -76,13 +76,17 @@ module AWS
       # @param [Hash] options Options for new instance.  +:image_id+ is
       #   the only required option.
       #
-      # @option options :count How many instances to request.  By
+      # @option options [Integer] :count How many instances to request.  By
       #   default one instance is requested.  You can specify this
       #   either as an integer or as a Range, to indicate the
       #   minimum and maximum number of instances to run.  Note that
       #   for a new account you can request at most 20 instances at
       #   once.
       #
+      # @option options [String] :iam_instance_profile The name or
+      #   ARN of an IAM instance profile.  This provides credentials
+      #   to the EC2 instance(s) via the instance metadata service.
+      #
       # @option options [Hash] :block_device_mappings This must be a
       #   hash; the keys are device names to map, and the value for
       #   each entry determines how that device is mapped.  Valid
@@ -192,6 +196,17 @@ module AWS
       #
       def create options = {}
 
+        if profile = options.delete(:iam_instance_profile)
+          profile = case profile
+          when /^arn:aws:iam::/ then { :arn => profile }
+          when String then { :name => profile }
+          when Hash then profile
+          else 
+            msg = "expected a name or ARN string for :iam_instance_profile"
+          end
+          options[:iam_instance_profile] = profile
+        end
+
         if image = options.delete(:image)
           options[:image_id] = image.id
         end

data/lib/aws/errors.rb

@@ -118,5 +118,45 @@ module AWS
       extend ExceptionMixinClassMethods
     end
 
+    # Raised when AWS credentials could not be found.
+    class MissingCredentialsError < StandardError
+
+      def initialize msg = nil
+        msg ||= <<-MSG
+
+Missing Credentials.
+
+Unable to find AWS credentials.  You can configure your AWS credentials
+a few different ways:
+
+* Call AWS.config with :access_key_id and :secret_access_key
+
+* Export AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY to ENV
+
+* On EC2 you can run instances with an IAM instance profile and credentials 
+  will be auto loaded from the instance metadata service on those
+  instances.
+
+* Call AWS.config with :credential_provider.  A credential provider should
+  either include AWS::Core::CredentialProviders::Provider or respond to
+  the same public methods.
+
+= Ruby on Rails
+
+In a Ruby on Rails application you may also specify your credentials in 
+the following ways:
+
+* Via a config initializer script using any of the methods mentioned above
+  (e.g. RAILS_ROOT/config/initializers/aws-sdk.rb).
+
+* Via a yaml configuration file located at RAILS_ROOT/config/aws.yml.
+  This file should be formated like the default RAILS_ROOT/config/database.yml
+  file.
+
+MSG
+        super(msg)
+      end
+    end
+
   end
 end