aws_sdk 3.1.5

data/lib/aws/sqs/request.rb

@@ -0,0 +1,43 @@
+# Copyright 2011-2012 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"). You
+# may not use this file except in compliance with the License. A copy of
+# the License is located at
+#
+#     http://aws.amazon.com/apache2.0/
+#
+# or in the "license" file accompanying this file. This file is
+# distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF
+# ANY KIND, either express or implied. See the License for the specific
+# language governing permissions and limitations under the License.
+
+module AWS
+  class SQS
+
+    # @private
+    class Request < Core::Http::Request
+
+      include Core::Signature::Version2
+
+      def path
+        full_url.path
+      end
+
+      def host
+        full_url.host
+      end
+
+      private
+
+      def full_url
+        if url_param = params.find { |p| p.name == "QueueUrl" }
+          URI.parse(url_param.value)
+        else
+          URI::HTTP.build(:host => @host, :path => '/')
+        end
+      end
+
+    end
+
+  end
+end

data/lib/aws/sts.rb

@@ -0,0 +1,152 @@
+# Copyright 2011-2012 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"). You
+# may not use this file except in compliance with the License. A copy of
+# the License is located at
+#
+#     http://aws.amazon.com/apache2.0/
+#
+# or in the "license" file accompanying this file. This file is
+# distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF
+# ANY KIND, either express or implied. See the License for the specific
+# language governing permissions and limitations under the License.
+
+require 'aws/core'
+require 'aws/sts/config'
+
+module AWS
+
+  # This class is a starting point for working with the AWS Security
+  # Token Service.  The AWS Security Token Service is a web service
+  # that enables you to request temporary, limited-privilege
+  # credentials for users that you authenticate (federated users), or
+  # IAM users.
+  #
+  # @example Getting temporary credentials and using them to make an EC2 request
+  #   sts = AWS::STS.new(:access_key_id => "LONG_TERM_KEY",
+  #                      :secret_access_key => "LONG_TERM_SECRET")
+  #   session = sts.new_session(:duration => 60*60)
+  #   ec2 = AWS::EC2.new(session.credentials)
+  #   ec2.instances.to_a
+  #
+  # @example Getting temporary credentials with restricted permissions
+  #   policy = AWS::STS::Policy.new
+  #   policy.allow(:actions => ["s3:*", "ec2:*"],
+  #                :resources => :any)
+  #   session = sts.new_federated_session("TemporaryUser", :policy => policy)
+  #   ec2 = AWS::EC2.new(session.credentials)
+  #   ec2.instances.to_a
+  #
+  class STS
+
+    AWS.register_autoloads(self) do
+      autoload :Client,           'client'
+      autoload :Errors,           'errors'
+      autoload :FederatedSession, 'federated_session'
+      autoload :Policy,           'policy'
+      autoload :Request,          'request'
+      autoload :Session,          'session'
+    end
+
+    include Core::ServiceInterface
+
+    # Returns a set of temporary credentials for an AWS account or IAM
+    # User. The credentials consist of an Access Key ID, a Secret
+    # Access Key, and a security token. These credentials are valid
+    # for the specified duration only. The session duration for IAM
+    # users can be between one and 36 hours, with a default of 12
+    # hours. The session duration for AWS account owners is restricted
+    # to one hour.
+    #
+    # @param [Hash] opts Options for getting temporary credentials.
+    #
+    # @option opts [Integer] :duration The duration, in seconds, that
+    #   the session should last. Acceptable durations for IAM user
+    #   sessions range from 3600s (one hour) to 129600s (36 hours),
+    #   with 43200s (12 hours) as the default. Sessions for AWS
+    #   account owners are restricted to a maximum of 3600s (one
+    #   hour).
+    #
+    # @option opts [String] :serial_number
+    #
+    # @option opts [String] :token_code
+    #
+    # @return [Session]
+    #
+    def new_session(opts = {})
+      get_session(:get_session_token, opts) do |resp, session_opts|
+        Session.new(session_opts)
+      end
+    end
+
+    # Returns a set of temporary credentials for a federated user with
+    # the user name and policy specified in the request. The
+    # credentials consist of an Access Key ID, a Secret Access Key,
+    # and a security token. The credentials are valid for the
+    # specified duration, between one and 36 hours.
+    #
+    # The federated user who holds these credentials has only those
+    # permissions allowed by intersection of the specified policy and
+    # any resource or user policies that apply to the caller of the
+    # GetFederationToken API. For more information about how token
+    # permissions work, see
+    # {http://docs.amazonwebservices.com/IAM/latest/UserGuide/TokenPermissions.html
+    # Controlling Token Permissions} in Using AWS Identity and Access
+    # Management.
+    #
+    # @param [String] name The name of the federated user associated
+    #   with the session.  Must be between 2 and 32 characters in
+    #   length.
+    #
+    # @param [Hash] opts Options for getting temporary credentials.
+    #
+    # @option opts [Integer] :duration The duration, in seconds, that
+    #   the session should last. Acceptable durations for federation
+    #   sessions range from 3600s (one hour) to 129600s (36 hours),
+    #   with one hour as the default.
+    #
+    # @option opts [String, AWS::STS::Policy] :policy A policy
+    #   specifying the permissions to associate with the session. The
+    #   caller can delegate their own permissions by specifying a
+    #   policy for the session, and both policies will be checked when
+    #   a service call is made. In other words, permissions of the
+    #   session credentials are the intersection of the policy
+    #   specified in the API and the policies associated with the user
+    #   who issued the session.
+    #
+    # @return [FederatedSession]
+    #
+    def new_federated_session(name, opts = {})
+      opts = opts.merge(:name => name)
+      case
+      when opts[:policy].kind_of?(String) || !opts[:policy]
+        # leave it alone
+      when opts[:policy].respond_to?(:to_json)
+        opts[:policy] = opts[:policy].to_json
+      end
+      get_session(:get_federation_token, opts) do |resp, session_opts|
+        session_opts.merge!(
+          :user_id => resp[:federated_user][:federated_user_id],
+          :user_arn => resp[:federated_user][:arn],
+          :packed_policy_size => resp[:packed_policy_size]
+        )
+        FederatedSession.new(session_opts)
+      end
+    end
+
+    # @private
+    protected
+    def get_session(method, opts = {})
+      opts[:duration_seconds] = opts.delete(:duration) if opts[:duration]
+      resp = client.send(method, opts)
+      credentials = resp[:credentials].dup
+      session_opts = {
+        :credentials => credentials,
+        :expires_at => credentials.delete(:expiration),
+      }
+      yield(resp, session_opts)
+    end
+
+  end
+
+end

data/lib/aws/sts/client.rb

@@ -0,0 +1,105 @@
+# Copyright 2011-2012 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"). You
+# may not use this file except in compliance with the License. A copy of
+# the License is located at
+#
+#     http://aws.amazon.com/apache2.0/
+#
+# or in the "license" file accompanying this file. This file is
+# distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF
+# ANY KIND, either express or implied. See the License for the specific
+# language governing permissions and limitations under the License.
+
+module AWS
+  class STS
+
+    # Client class for AWS Security Token Service (STS).
+    class Client < Core::Client
+
+      API_VERSION = '2011-06-15'
+
+      extend Core::Client::QueryXML
+
+      REGION_US_E1 = 'sts.amazonaws.com'
+
+      # @private
+      CACHEABLE_REQUESTS = Set[]
+
+      def initialize *args
+        super
+        unless config.use_ssl?
+          msg = 'AWS Security Token Service (STS) requires ssl but the ' + 
+            ':use_ssl option is set to false.  Try passing :use_ssl => true'
+          raise ArgumentError, msg
+        end
+      end
+
+      ## client methods ##
+
+      # Calls the GetFederationToken API operation.
+      # @method get_federation_token(options = {})
+      #
+      # === Options:
+      #
+      # * +:name+ - *required* - (String) The name of the federated user
+      #   associated with the credentials. For information about limitations on
+      #   user names, go to Limitations on IAM Entities in Using AWS Identity
+      #   and Access Management.
+      # * +:policy+ - (String) A policy specifying the permissions to associate
+      #   with the credentials. The caller can delegate their own permissions
+      #   by specifying a policy, and both policies will be checked when a
+      #   service call is made. For more information about how permissions work
+      #   in the context of temporary credentials, see Controlling Permissions
+      #   in Temporary Credentials in Using AWS Identity and Access Management.
+      # * +:duration_seconds+ - (Integer) The duration, in seconds, that the
+      #   session should last. Acceptable durations for federation sessions
+      #   range from 3600s (one hour) to 129600s (36 hours), with 43200s (12
+      #   hours) as the default.
+      #
+      # === Response Structure:
+      #
+      # * +:credentials+ - (Hash)
+      #   * +:access_key_id+ - (String)
+      #   * +:secret_access_key+ - (String)
+      #   * +:session_token+ - (String)
+      #   * +:expiration+ - (Time)
+      # * +:federated_user+ - (Hash)
+      #   * +:federated_user_id+ - (String)
+      #   * +:arn+ - (String)
+      # * +:packed_policy_size+ - (Integer)
+      #
+      # @return [Core::Response]
+      #
+      define_client_method :get_federation_token, 'GetFederationToken'
+
+      # Calls the GetSessionToken API operation.
+      # @method get_session_token(options = {})
+      #
+      # === Options:
+      #
+      # * +:duration_seconds+ - (Integer) The duration, in seconds, that the
+      #   credentials should remain valid. Acceptable durations for IAM user
+      #   sessions range from 3600s (one hour) to 129600s (36 hours), with
+      #   43200s (12 hours) as the default. Sessions for AWS account owners are
+      #   restricted to a maximum of 3600s (one hour).
+      # * +:serial_number+ - (String)
+      # * +:token_code+ - (String)
+      #
+      # === Response Structure:
+      #
+      # * +:credentials+ - (Hash)
+      #   * +:access_key_id+ - (String)
+      #   * +:secret_access_key+ - (String)
+      #   * +:session_token+ - (String)
+      #   * +:expiration+ - (Time)
+      #
+      # @return [Core::Response]
+      #
+      define_client_method :get_session_token, 'GetSessionToken'
+
+      ## end client methods ##
+
+    end
+  end
+end

data/lib/aws/sts/config.rb

@@ -0,0 +1,18 @@
+# Copyright 2011-2012 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"). You
+# may not use this file except in compliance with the License. A copy of
+# the License is located at
+#
+#     http://aws.amazon.com/apache2.0/
+#
+# or in the "license" file accompanying this file. This file is
+# distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF
+# ANY KIND, either express or implied. See the License for the specific
+# language governing permissions and limitations under the License.
+
+AWS::Core::Configuration.module_eval do
+
+  add_service 'STS', 'sts', 'sts.amazonaws.com'
+
+end

data/lib/aws/sts/errors.rb

@@ -0,0 +1,22 @@
+# Copyright 2011-2012 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"). You
+# may not use this file except in compliance with the License. A copy of
+# the License is located at
+#
+#     http://aws.amazon.com/apache2.0/
+#
+# or in the "license" file accompanying this file. This file is
+# distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF
+# ANY KIND, either express or implied. See the License for the specific
+# language governing permissions and limitations under the License.
+
+module AWS
+  class STS
+    module Errors
+
+      extend Core::LazyErrorClasses
+
+    end
+  end
+end

data/lib/aws/sts/federated_session.rb

@@ -0,0 +1,56 @@
+# Copyright 2011-2012 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"). You
+# may not use this file except in compliance with the License. A copy of
+# the License is located at
+#
+#     http://aws.amazon.com/apache2.0/
+#
+# or in the "license" file accompanying this file. This file is
+# distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF
+# ANY KIND, either express or implied. See the License for the specific
+# language governing permissions and limitations under the License.
+
+module AWS
+  class STS
+
+    # Represents a federated session using temporary AWS credentials.
+    # Use {STS#new_federated_session} to get an instance of this
+    # class.
+    class FederatedSession < Session
+
+      # The string identifying the federated user associated with the
+      # session, similar to the UserId of an IAM user.
+      #
+      # @return [String]
+      attr_reader :user_id
+
+      # The ARN specifying the federated user associated with the
+      # session. For more information about ARNs and how to use them
+      # in policies, see
+      # {http://docs.amazonwebservices.com/IAM/latest/UserGuide/index.html?Using_Identifiers.html
+      # Identifiers for IAM Entities} in <i>Using AWS Identity and
+      # Access Management</i>.
+      #
+      # @return [String]
+      attr_reader :user_arn
+
+      # A percentage value indicating the size of the policy in packed
+      # form. Policies for which the packed size is greater than 100%
+      # of the allowed value are rejected by the service.
+      #
+      # @return [Integer]
+      attr_reader :packed_policy_size
+
+      # @private
+      def initialize(opts = {})
+        @user_id = opts[:user_id]
+        @user_arn = opts[:user_arn]
+        @packed_policy_size = opts[:packed_policy_size]
+        super
+      end
+
+    end
+
+  end
+end

data/lib/aws/sts/policy.rb

@@ -0,0 +1,30 @@
+# Copyright 2011-2012 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"). You
+# may not use this file except in compliance with the License. A copy of
+# the License is located at
+#
+#     http://aws.amazon.com/apache2.0/
+#
+# or in the "license" file accompanying this file. This file is
+# distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF
+# ANY KIND, either express or implied. See the License for the specific
+# language governing permissions and limitations under the License.
+
+module AWS
+  class STS
+
+    # (see Core::Policy)
+    class Policy < Core::Policy
+
+      # (see Core::Policy#to_h)
+      def to_h
+        h = super
+        h.delete("Id")
+        h
+      end
+
+    end
+
+  end
+end

data/lib/aws/sts/request.rb

@@ -0,0 +1,29 @@
+# Copyright 2011-2012 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"). You
+# may not use this file except in compliance with the License. A copy of
+# the License is located at
+#
+#     http://aws.amazon.com/apache2.0/
+#
+# or in the "license" file accompanying this file. This file is
+# distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF
+# ANY KIND, either express or implied. See the License for the specific
+# language governing permissions and limitations under the License.
+
+module AWS
+  class STS
+
+    # @private
+    class Request < Core::Http::Request
+
+      include Core::Signature::Version4
+
+      def service
+        'sts'
+      end
+
+    end
+
+  end
+end