fog-aws 3.22.0 → 3.30.0

data/lib/fog/aws/requests/elbv2/describe_tags.rb

@@ -25,7 +25,7 @@ module Fog
           response = Excon::Response.new
           resource_arns = [*resource_arns]
 
-          tag_describtions = resource_arns.map do |resource_arn|
+          tag_descriptions = resource_arns.map do |resource_arn|
             if self.data[:load_balancers_v2][resource_arn]
               {
                 "Tags"=>self.data[:tags][resource_arn],
@@ -39,7 +39,7 @@ module Fog
           response.status = 200
           response.body = {
             "ResponseMetadata"=>{"RequestId"=> Fog::AWS::Mock.request_id },
-            "DescribeTagsResult"=>{"TagDescriptions"=> tag_describtions}
+            "DescribeTagsResult"=>{"TagDescriptions"=> tag_descriptions}
           }
 
           response

data/lib/fog/aws/requests/glacier/initiate_job.rb

@@ -2,7 +2,7 @@ module Fog
   module AWS
     class Glacier
       class Real
-        # This operation initates a multipart upload of an archive to a vault
+        # This operation initiates a multipart upload of an archive to a vault
         #
         # ==== Parameters
         # * name<~String> The vault name

data/lib/fog/aws/requests/glacier/initiate_multipart_upload.rb

@@ -2,7 +2,7 @@ module Fog
   module AWS
     class Glacier
       class Real
-        # This operation initates a multipart upload of an archive to a vault
+        # This operation initiates a multipart upload of an archive to a vault
         #
         # ==== Parameters
         # * name<~String> The vault name

data/lib/fog/aws/requests/kinesis/list_streams.rb

@@ -2,7 +2,7 @@ module Fog
   module AWS
     class Kinesis
       class Real
-        # List availabe streams
+        # List available streams
         #
         # ==== Options
         # * ExclusiveStartStreamName<~String>: The name of the stream to start the list with.

data/lib/fog/aws/requests/kms/create_key.rb

@@ -2,61 +2,99 @@ module Fog
   module AWS
     class KMS
       class Real
-        DEFAULT_KEY_POLICY = <<-JSON
-{
-  "Version": "2012-10-17",
-  "Id": "key-default-1",
-  "Statement": [
-    {
-      "Sid": "Enable IAM User Permissions",
-      "Effect": "Allow",
-      "Principal": {
-        "AWS": "arn:aws:iam::915445820265:root"
-      },
-      "Action": "kms:*",
-      "Resource": "*"
-    }
-  ]
-}
-        JSON
-
         require 'fog/aws/parsers/kms/describe_key'
 
-        def create_key(policy = nil, description = nil, usage = "ENCRYPT_DECRYPT")
-          request(
-            'Action'      => 'CreateKey',
-            'Description' => description,
-            'KeyUsage'    => usage,
-            'Policy'      => policy,
-            :parser       => Fog::Parsers::AWS::KMS::DescribeKey.new
-          )
+        # Create Key
+        #
+        # ==== Parameters
+        # * options<~Hash>:
+        #   * 'Description'<~String>:
+        #   * 'KeyUsage'<~String>:
+        #   * 'Policy'<~String>:
+        #   * ... (see docs from see also)
+        #
+        # === Returns
+        #
+        # ==== See Also
+        # https://docs.aws.amazon.com/kms/latest/APIReference/API_CreateKey.html
+        def create_key(*args)
+          options = Fog::AWS::KMS.parse_create_key_args(args)
+          request({
+            'Action' => 'CreateKey',
+            :parser => Fog::Parsers::AWS::KMS::DescribeKey.new
+          }.merge!(options))
         end
       end
 
       class Mock
-        def create_key(policy = nil, description = nil, usage = "ENCRYPT_DECRYPT")
+        def create_key(*args)
+          options = Fog::AWS::KMS.parse_create_key_args(args)
+
           response = Excon::Response.new
           key_id   = UUID.uuid
           key_arn  = Fog::AWS::Mock.arn("kms", self.account_id, "key/#{key_id}", @region)
 
           key = {
-            "KeyUsage"     => usage,
-            "AWSAccountId" => self.account_id,
-            "KeyId"        => key_id,
-            "Description"  => description,
-            "CreationDate" => Time.now,
-            "Arn"          => key_arn,
-            "Enabled"      => true,
-          }
+            'Arn' => key_arn,
+            'AWSAccountId' => self.account_id,
+            'CreationDate' => Time.now.utc,
+            'DeletionDate' => nil,
+            'Description' => nil,
+            'Enabled' => true,
+            'KeyId' => key_id,
+            'KeySpec' => 'SYMMETRIC_DEFAULT',
+            'KeyState' => 'Enabled',
+            'KeyUsage' => 'ENCRYPT_DECRYPT',
+            'Policy' => nil
+          }.merge!(options)
 
           # @todo use default policy
 
           self.data[:keys][key_id] = key
 
-          response.body = { "KeyMetadata" => key }
+          klass, arg = {
+            'ECC_NIST_P256' => [OpenSSL::PKey::EC, 'prime256v1'],
+            'ECC_NIST_P384' => [OpenSSL::PKey::EC, 'secp384r1'],
+            'ECC_NIST_P521' => [OpenSSL::PKey::EC, 'secp521r1'],
+            'ECC_SECG_P256K1' => [OpenSSL::PKey::EC, 'secp256k1'],
+            'RSA_2048' => [OpenSSL::PKey::RSA, 2048],
+            'RSA_3072' => [OpenSSL::PKey::RSA, 3072],
+            'RSA_4096' => [OpenSSL::PKey::RSA, 4096]
+          }[key['KeySpec']]
+          raise "Unknown or not-yet-implemented #{key['KeySpec']} KeySpec for kms create_key mocks" unless klass
+
+          self.data[:pkeys][key_id] = klass.generate(arg)
+
+          response.body = { 'KeyMetadata' => key }
           response
         end
       end
+
+      # previous args (policy, description, usage) was deprecated in favor of a hash of options
+      def self.parse_create_key_args(args)
+        case args.size
+        when 0
+          {}
+        when 1
+          if args[0].is_a?(Hash)
+            args[0]
+          else
+            Fog::Logger.deprecation("create_key with distinct arguments is deprecated, use options hash instead [light_black](#{caller.first})[/]")
+            {
+              'Policy' => args[0]
+            }
+          end
+        when 2, 3
+          Fog::Logger.deprecation("create_key with distinct arguments is deprecated, use options hash instead [light_black](#{caller.first})[/]")
+          {
+            'Policy' => args[0],
+            'Description' => args[1],
+            'KeyUsage' => args[2] || 'ENCRYPT_DECRYPT'
+          }
+        else
+          raise "Unknown argument style: #{args.inspect}, use options hash instead."
+        end
+      end
     end
   end
 end

data/lib/fog/aws/requests/kms/get_public_key.rb

@@ -0,0 +1,35 @@
+module Fog
+  module AWS
+    class KMS
+      class Real
+        require 'fog/aws/parsers/kms/get_public_key'
+
+        def get_public_key(identifier, grant_tokens = nil)
+          request(
+            'Action' => 'GetPublicKey',
+            'GrantTokens' => grant_tokens,
+            'KeyId' => identifier,
+            :parser => Fog::Parsers::AWS::KMS::GetPublicKey.new
+          )
+        end
+      end
+
+      class Mock
+        def get_public_key(identifier, _grant_tokens = [])
+          response = Excon::Response.new
+          key = self.data[:keys][identifier]
+          pkey = self.data[:pkeys][identifier]
+
+          response.body = {
+            'KeyId' => key['Arn'],
+            'KeyUsage' => key['KeyUsage'],
+            'KeySpec' => key['KeySpec'],
+            'PublicKey' => Base64.strict_encode64(pkey.public_to_der),
+            'SigningAlgorithms' => key['SigningAlgorithms']
+          }
+          response
+        end
+      end
+    end
+  end
+end

data/lib/fog/aws/requests/kms/list_keys.rb

@@ -2,7 +2,6 @@ module Fog
   module AWS
     class KMS
       class Real
-
         require 'fog/aws/parsers/kms/list_keys'
 
         def list_keys(options={})
@@ -43,9 +42,9 @@ module Fog
           key_set = if marker
                       self.data[:markers][marker] || []
                     else
-                      self.data[:keys].inject([]) { |r,(k,v)|
-                        r << { "KeyId" => k, "KeyArn" => v["Arn"] }
-                      }
+                      self.data[:keys].inject([]) do |r, (k, v)|
+                        r << { 'KeyArn' => v['Arn'], 'KeyId' => k }
+                      end
                     end
 
           keys = if limit

data/lib/fog/aws/requests/kms/schedule_key_deletion.rb

@@ -0,0 +1,37 @@
+module Fog
+  module AWS
+    class KMS
+      class Real
+        require 'fog/aws/parsers/kms/schedule_key_deletion'
+
+        def schedule_key_deletion(identifier, pending_window_in_days)
+          request(
+            'Action' => 'ScheduleKeyDeletion',
+            'KeyId' => identifier,
+            'PendingWindowInDays' => pending_window_in_days,
+            :parser => Fog::Parsers::AWS::KMS::ScheduleKeyDeletion.new
+          )
+        end
+      end
+
+      class Mock
+        def schedule_key_deletion(identifier, pending_window_in_days)
+          response = Excon::Response.new
+          key = self.data[:keys][identifier]
+
+          key['DeletionDate'] = Time.now + (60 * 60 * 24 * pending_window_in_days)
+          key['Enabled'] = false
+          key['KeyState'] = 'PendingDeletion'
+
+          response.body = {
+            'DeletionDate' => key['DeletionDate'],
+            'KeyId' => key['KeyId'],
+            'KeyState' => key['KeyState'],
+            'PendingWindowInDays' => pending_window_in_days
+          }
+          response
+        end
+      end
+    end
+  end
+end

data/lib/fog/aws/requests/kms/sign.rb

@@ -0,0 +1,62 @@
+module Fog
+  module AWS
+    class KMS
+      class Real
+        require 'fog/aws/parsers/kms/sign'
+
+        # Sign
+        #
+        # ==== Parameters
+        # * identifier<~String>: id, arn, alias name, or alias arn for key to sign with
+        # * message<~String>: base64 encoded message to sign
+        #
+        # === Returns
+        # * response<~Excon::Response>:
+        #
+        # ==== See Also
+        # https://docs.aws.amazon.com/kms/latest/APIReference/API_Sign.html
+        #
+        def sign(identifier, message, algorithm, options = {})
+          request({
+            'Action' => 'Sign',
+            'KeyId' => identifier,
+            'Message' => message,
+            'SigningAlgorithm' => algorithm,
+            :parser => Fog::Parsers::AWS::KMS::Sign.new
+          }.merge!(options))
+        end
+      end
+
+      class Mock
+        def sign(identifier, message, algorithm, options = {})
+          response = Excon::Response.new
+          pkey = self.data[:pkeys][identifier]
+          unless pkey
+            response.status = 404
+            raise(Excon::Errors.status_error({ expects: 200 }, response))
+          end
+
+          data = Base64.decode64(message)
+
+          # FIXME: SM2 support?
+          sha = "SHA#{algorithm.split('_SHA_').last}"
+          signopts = {}
+          signopts[:rsa_padding_mode] = 'pss' if algorithm.start_with?('RSASSA_PSS')
+
+          signature = if options['MessageType'] == 'DIGEST'
+                        pkey.sign_raw(sha, data, signopts)
+                      else
+                        pkey.sign(sha, data, signopts)
+                      end
+
+          response.body = {
+            'KeyId' => identifier,
+            'Signature' => Base64.strict_encode64(signature),
+            'SigningAlgorithm' => algorithm
+          }
+          response
+        end
+      end
+    end
+  end
+end

data/lib/fog/aws/requests/rds/authorize_db_security_group_ingress.rb

@@ -43,12 +43,12 @@ module Fog
           if sec_group = self.data[:security_groups][name]
             if opts.key?('CIDRIP')
               if sec_group['IPRanges'].find{|h| h['CIDRIP'] == opts['CIDRIP']}
-                raise Fog::AWS::RDS::AuthorizationAlreadyExists.new("AuthorizationAlreadyExists => #{opts['CIDRIP']} is alreay defined")
+                raise Fog::AWS::RDS::AuthorizationAlreadyExists.new("AuthorizationAlreadyExists => #{opts['CIDRIP']} is already defined")
               end
               sec_group['IPRanges'] << opts.merge({"Status" => 'authorizing'})
             else
               if sec_group['EC2SecurityGroups'].find{|h| h['EC2SecurityGroupName'] == opts['EC2SecurityGroupName'] || h['EC2SecurityGroupId'] == opts['EC2SecurityGroupId']}
-                raise Fog::AWS::RDS::AuthorizationAlreadyExists.new("AuthorizationAlreadyExists => #{opts['EC2SecurityGroupName']} is alreay defined")
+                raise Fog::AWS::RDS::AuthorizationAlreadyExists.new("AuthorizationAlreadyExists => #{opts['EC2SecurityGroupName']} is already defined")
               end
               sec_group['EC2SecurityGroups'] << opts.merge({"Status" => 'authorizing'})
             end

data/lib/fog/aws/requests/rds/create_db_cluster.rb

@@ -12,7 +12,7 @@ module Fog
         # * AvailabilityZones<~Array> - A list of EC2 Availability Zones that instances in the DB cluster can be created in
         # * BackupRetentionPeriod<~String> - The number of days for which automated backups are retained
         # * CharacterSetName<~String> - A value that indicates that the DB cluster should be associated with the specified CharacterSet
-        # * DatabaseName<~String> - The name for your database of up to 8 alpha-numeric characters. If you do not provide a name, Amazon RDS will not create a database in the DB cluster you are creating
+        # * DatabaseName<~String> - The name for your database of up to 8 alphanumeric characters. If you do not provide a name, Amazon RDS will not create a database in the DB cluster you are creating
         # * DBClusterIdentifier<~String> - The DB cluster identifier. This parameter is stored as a lowercase string
         # * DBClusterParameterGroupName<~String> - The name of the DB cluster parameter group to associate with this DB cluster
         # * DBSubnetGroupName<~String> - A DB subnet group to associate with this DB cluster

data/lib/fog/aws/requests/rds/describe_db_snapshots.rb

@@ -9,7 +9,7 @@ module Fog
         # ==== Parameters
         # * DBInstanceIdentifier <~String> - ID of instance to retrieve information for. if absent information for all instances is returned
         # * DBSnapshotIdentifier <~String> - ID of snapshot to retrieve information for. if absent information for all snapshots is returned
-        # * SnapshotType       <~String> - type of snapshot to retrive (automated|manual)
+        # * SnapshotType       <~String> - type of snapshot to retrieve (automated|manual)
         # * Marker               <~String> - An optional marker provided in the previous DescribeDBInstances request
         # * MaxRecords           <~Integer> - Max number of records to return (between 20 and 100)
         # Only one of DBInstanceIdentifier or DBSnapshotIdentifier can be specified

data/lib/fog/aws/requests/rds/modify_db_instance.rb

@@ -56,7 +56,7 @@ module Fog
               self.data[:modify_time] = Time.now
               # TODO verify the params options
               # if apply_immediately is false, all the options go to pending_modified_values and then apply and clear after either
-              # a reboot or the maintainance window
+              # a reboot or the maintenance window
               #if apply_immediately
               #  modified_server = server.merge(options)
               #else

data/lib/fog/aws/requests/rds/modify_db_parameter_group.rb

@@ -10,7 +10,7 @@ module Fog
         # * DBParameterGroupName <~String> - name of the parameter group
         # * Parameters<~Array> - Array of up to 20 Hashes describing parameters to set
         #   * 'ParameterName'<~String> - parameter name.
-        #   * 'ParameterValue'<~String> - new paremeter value
+        #   * 'ParameterValue'<~String> - new parameter value
         #   * 'ApplyMethod'<~String> - immediate | pending-reboot whether to set the parameter immediately or not (may require an instance restart)
         #
         # ==== Returns

data/lib/fog/aws/requests/ses/send_raw_email.rb

@@ -9,7 +9,7 @@ module Fog
         # ==== Parameters
         # * RawMessage <~String> - The message to be sent.
         # * Options <~Hash>
-        #   * Source <~String> - The sender's email address. Takes precenence over Return-Path if specified in RawMessage
+        #   * Source <~String> - The sender's email address. Takes precedence over Return-Path if specified in RawMessage
         #   * Destinations <~Array> - All destinations for this email.
         #
         # ==== Returns

data/lib/fog/aws/requests/sqs/change_message_visibility.rb

@@ -8,7 +8,7 @@ module Fog
         #
         # ==== Parameters
         # * queue_url<~String> - Url of queue for message to update
-        # * receipt_handle<~String> - Token from previous recieve message
+        # * receipt_handle<~String> - Token from previous receive message
         # * visibility_timeout<~Integer> - New visibility timeout in 0..43200
         #
         # ==== See Also

data/lib/fog/aws/requests/sqs/delete_message.rb

@@ -8,7 +8,7 @@ module Fog
         #
         # ==== Parameters
         # * queue_url<~String> - Url of queue to delete message from
-        # * receipt_handle<~String> - Token from previous recieve message
+        # * receipt_handle<~String> - Token from previous receive message
         #
         # ==== See Also
         # http://docs.amazonwebservices.com/AWSSimpleQueueService/latest/APIReference/Query_QueryDeleteMessage.html

data/lib/fog/aws/requests/storage/copy_object.rb

@@ -17,7 +17,7 @@ module Fog
         # @option options [Time] x-amz-copy_source-if-modified_since Copies object it it has been modified since this time
         # @option options [String] x-amz-copy_source-if-none-match Copies object if its etag does not match this value
         # @option options [Time] x-amz-copy_source-if-unmodified-since Copies object it it has not been modified since this time
-        # @option options [String] x-amz-storage-class Default is 'STANDARD', set to 'REDUCED_REDUNDANCY' for non-critical, reproducable data
+        # @option options [String] x-amz-storage-class Default is 'STANDARD', set to 'REDUCED_REDUNDANCY' for non-critical, reproducible data
         #
         #
         # @return [Excon::Response]

data/lib/fog/aws/requests/storage/get_bucket.rb

@@ -9,7 +9,7 @@ module Fog
         # @param bucket_name [String] name of bucket to list object keys from
         # @param options [Hash] config arguments for list.  Defaults to {}.
         # @option options delimiter [String] causes keys with the same string between the prefix
-        #     value and the first occurence of delimiter to be rolled up
+        #     value and the first occurrence of delimiter to be rolled up
         # @option options marker [String] limits object keys to only those that appear
         #     lexicographically after its value.
         # @option options max-keys [Integer] limits number of object keys returned
@@ -17,7 +17,7 @@ module Fog
         #
         # @return [Excon::Response] response:
         #   * body [Hash]:
-        #     * Delimeter [String] - Delimiter specified for query
+        #     * Delimiter [String] - Delimiter specified for query
         #     * IsTruncated [Boolean] - Whether or not the listing is truncated
         #     * Marker [String]- Marker specified for query
         #     * MaxKeys [Integer] - Maximum number of keys specified for query

data/lib/fog/aws/requests/storage/get_bucket_object_versions.rb

@@ -8,7 +8,7 @@ module Fog
         #
         # @param bucket_name [String] name of bucket to list object keys from
         # @param options [Hash] config arguments for list
-        # @option options delimiter [String] causes keys with the same string between the prefix value and the first occurence of delimiter to be rolled up
+        # @option options delimiter [String] causes keys with the same string between the prefix value and the first occurrence of delimiter to be rolled up
         # @option options key-marker [String] limits object keys to only those that appear lexicographically after its value.
         # @option options max-keys [Integer] limits number of object keys returned
         # @option options prefix [String] limits object keys to those beginning with its value.
@@ -16,7 +16,7 @@ module Fog
         #
         # @return [Excon::Response] response:
         #   * body [Hash]:
-        #     * Delimeter [String] - Delimiter specified for query
+        #     * Delimiter [String] - Delimiter specified for query
         #     * KeyMarker [String] - Key marker specified for query
         #     * MaxKeys [Integer] - Maximum number of keys specified for query
         #     * Name [String] - Name of the bucket

data/lib/fog/aws/requests/storage/list_parts.rb

@@ -21,7 +21,7 @@ module Fog
         #       * ID [String] Id of upload initiator
         #     * IsTruncated [Boolean] Whether or not the listing is truncated
         #     * Key [String] Key where multipart upload was initiated
-        #     * MaxParts [String] maximum number of replies alllowed in response
+        #     * MaxParts [String] maximum number of replies allowed in response
         #     * NextPartNumberMarker [String] last item in list, for further pagination
         #     * Part [Array]:
         #       * ETag [String] ETag of part

data/lib/fog/aws/requests/storage/put_bucket.rb

@@ -61,10 +61,6 @@ DATA
           end
           if !self.data[:buckets][bucket_name]
             self.data[:buckets][bucket_name] = bucket
-          elsif self.region != 'us-east-1'
-            response.status = 409
-            Fog::Logger.warning "Your region '#{self.region}' does not match the default region 'us-east-1'"
-            raise(Excon::Errors.status_error({:expects => 201}, response))
           end
           response
         end

data/lib/fog/aws/requests/storage/put_bucket_lifecycle.rb

@@ -47,7 +47,7 @@ module Fog
                       if rule['NoncurrentVersionExpiration']['NoncurrentDays']
                         NoncurrentVersionExpiration { NoncurrentDays rule['NoncurrentVersionExpiration']['NoncurrentDays'] }
                       elsif rule['NoncurrentVersionExpiration']['Date']
-                        NoncurrentVersoinExpiration {
+                        NoncurrentVersionExpiration {
                           if Date rule['NoncurrentVersionExpiration']['Date'].is_a?(Time)
                             rule['NoncurrentVersionExpiration']['Date'].utc.iso8601
                           else

data/lib/fog/aws/requests/storage/put_bucket_notification.rb

@@ -5,7 +5,7 @@ module Fog
         # Change notification configuration for an S3 bucket
         #
         # @param bucket_name [String] name of bucket to set notification configuration for
-        # * notications [Hash]:
+        # * notifications [Hash]:
         #   * Topics [Array] SNS topic configurations for the notification
         #     * ID [String] Unique identifier for the configuration
         #     * Topic [String] Amazon SNS topic ARN to which Amazon S3 will publish a message when it detects events of specified type

data/lib/fog/aws/requests/storage/put_object.rb

@@ -16,7 +16,7 @@ module Fog
         # @option options Content-Type [String] Standard MIME type describing contents (defaults to MIME::Types.of.first)
         # @option options Expires [String] Cache expiry
         # @option options x-amz-acl [String] Permissions, must be in ['private', 'public-read', 'public-read-write', 'authenticated-read']
-        # @option options x-amz-storage-class [String] Default is 'STANDARD', set to 'REDUCED_REDUNDANCY' for non-critical, reproducable data
+        # @option options x-amz-storage-class [String] Default is 'STANDARD', set to 'REDUCED_REDUNDANCY' for non-critical, reproducible data
         # @option options x-amz-meta-#{name} Headers to be returned with object, note total size of request without body must be less than 8 KB. Each name, value pair must conform to US-ASCII.
         # @option options x-amz-server-side-encryption [String] Sets HTTP header for server-side encryption. Set to 'AES256' for SSE-S3 and SSE-C. Set to 'aws:kms' for SSE-KMS
         # @option options x-amz-server-side​-encryption​-customer-algorithm [String] Algorithm to use to when encrypting the object for SSE-C.

data/lib/fog/aws/requests/storage/upload_part_copy.rb

@@ -35,7 +35,7 @@ module Fog
         # @option options [Time] x-amz-copy_source-if-modified_since Copies object it it has been modified since this time
         # @option options [String] x-amz-copy_source-if-none-match Copies object if its etag does not match this value
         # @option options [Time] x-amz-copy_source-if-unmodified-since Copies object it it has not been modified since this time
-        # @option options [Time] x-amz-copy-source-range Specifes the range of bytes to copy from the source object
+        # @option options [Time] x-amz-copy-source-range Specifies the range of bytes to copy from the source object
         #
         # @return [Excon::Response]
         #   * body [Hash]:

data/lib/fog/aws/ses.rb

@@ -48,18 +48,21 @@ module Fog
         def initialize(options={})
 
           @use_iam_profile = options[:use_iam_profile]
-          setup_credentials(options)
 
           @instrumentor       = options[:instrumentor]
           @instrumentor_name  = options[:instrumentor_name] || 'fog.aws.ses'
           @connection_options     = options[:connection_options] || {}
           options[:region] ||= 'us-east-1'
+          @region = options[:region]
+
           @host = options[:host] || "email.#{options[:region]}.amazonaws.com"
           @path       = options[:path]        || '/'
           @persistent = options[:persistent]  || false
           @port       = options[:port]        || 443
           @scheme     = options[:scheme]      || 'https'
           @connection = Fog::XML::Connection.new("#{@scheme}://#{@host}:#{@port}#{@path}", @persistent, @connection_options)
+
+          setup_credentials(options)
         end
 
         def reload
@@ -74,7 +77,7 @@ module Fog
           @aws_session_token     = options[:aws_session_token]
           @aws_credentials_expire_at = options[:aws_credentials_expire_at]
 
-          @hmac = Fog::HMAC.new('sha256', @aws_secret_access_key)
+          @signer = Fog::AWS::SignatureV4.new(@aws_access_key_id, @aws_secret_access_key, @region, 'ses')
         end
 
         def request(params)
@@ -87,20 +90,20 @@ module Fog
             'Content-Type'  => 'application/x-www-form-urlencoded',
             'Date'          => Fog::Time.now.to_date_header,
           }
-          headers['x-amz-security-token'] = @aws_session_token if @aws_session_token
-          #AWS3-HTTPS AWSAccessKeyId=<Your AWS Access Key ID>, Algorithm=HmacSHA256, Signature=<Signature>
-          headers['X-Amzn-Authorization'] = 'AWS3-HTTPS '
-          headers['X-Amzn-Authorization'] << 'AWSAccessKeyId=' << @aws_access_key_id
-          headers['X-Amzn-Authorization'] << ', Algorithm=HmacSHA256'
-          headers['X-Amzn-Authorization'] << ', Signature=' << Base64.encode64(@hmac.sign(headers['Date'])).chomp!
-
-          body = ''
-          for key in params.keys.sort
-            unless (value = params[key]).nil?
-              body << "#{key}=#{CGI.escape(value.to_s).gsub(/\+/, '%20')}&"
-            end
-          end
-          body.chop! # remove trailing '&'
+
+          body, headers = AWS.signed_params_v4(
+            params,
+            { 'Content-Type' => 'application/x-www-form-urlencoded' },
+            {
+              :method             => 'POST',
+              :aws_session_token  => @aws_session_token,
+              :signer             => @signer,
+              :host               => @host,
+              :path               => @path,
+              :port               => @port,
+              :version            => '2010-12-01'
+            }
+          )
 
           if @instrumentor
             @instrumentor.instrument("#{@instrumentor_name}.request", params) do

data/lib/fog/aws/signaturev4.rb

@@ -106,7 +106,7 @@ DATA
       end
 
       def canonical_headers(headers)
-        canonical_headers = ''
+        canonical_headers = +''
 
         for key in headers.keys.sort_by {|k| k.to_s.downcase}
           canonical_headers << "#{key.to_s.downcase}:#{headers[key].to_s.strip}\n"