fog-aws 3.27.0 → 3.30.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +16 -15
- data/fog-aws.gemspec +1 -1
- data/lib/fog/aws/kms.rb +5 -1
- data/lib/fog/aws/parsers/kms/describe_key.rb +2 -2
- data/lib/fog/aws/parsers/kms/get_public_key.rb +30 -0
- data/lib/fog/aws/parsers/kms/schedule_key_deletion.rb +28 -0
- data/lib/fog/aws/parsers/kms/sign.rb +24 -0
- data/lib/fog/aws/requests/kms/create_key.rb +74 -36
- data/lib/fog/aws/requests/kms/get_public_key.rb +35 -0
- data/lib/fog/aws/requests/kms/list_keys.rb +3 -4
- data/lib/fog/aws/requests/kms/schedule_key_deletion.rb +37 -0
- data/lib/fog/aws/requests/kms/sign.rb +62 -0
- data/lib/fog/aws/ses.rb +19 -16
- data/lib/fog/aws/storage.rb +20 -10
- data/lib/fog/aws/version.rb +1 -1
- metadata +10 -4
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 58f44efcbc509f12c098d073f5017f022c54732dd9f88cf3c1bf4eb46b52d147
|
|
4
|
+
data.tar.gz: 395b5487e7be6a4aa25ddc7ee3fdd59bf413299f52305000ab50ee447c5d9cf0
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: c64513e607ac4d3f725e5f49096bbbdd44875d10290c81b5991c6821364e4bc8efd4f3b34f91ba0332837b7fb2fc26e987d1fd44b77617a7877b60b548718472
|
|
7
|
+
data.tar.gz: c2c96976eedb60cddba15f1193ac0167bbeaa3754b26b85aa4a7dd56a5031d704987cf96ef1648f45b1b59aa1b02e8404fcded2bbd6ea0c6b28abb6b2edc70d9
|
data/CHANGELOG.md
CHANGED
|
@@ -1,37 +1,38 @@
|
|
|
1
1
|
# Changelog
|
|
2
2
|
|
|
3
|
-
## [v3.
|
|
3
|
+
## [v3.30.0](https://github.com/fog/fog-aws/tree/v3.30.0) (2024-12-17)
|
|
4
4
|
|
|
5
|
-
[Full Changelog](https://github.com/fog/fog-aws/compare/v3.
|
|
5
|
+
[Full Changelog](https://github.com/fog/fog-aws/compare/v3.29.0...v3.30.0)
|
|
6
|
+
|
|
7
|
+
**Closed issues:**
|
|
8
|
+
|
|
9
|
+
- Support S3 FIPS endpoints, disable S3 Transfer Acceleration in GovCloud or FIPS mode [\#729](https://github.com/fog/fog-aws/issues/729)
|
|
6
10
|
|
|
7
11
|
**Merged pull requests:**
|
|
8
12
|
|
|
9
|
-
-
|
|
13
|
+
- Bump fog/.github from 1.4.0 to 1.5.0 [\#732](https://github.com/fog/fog-aws/pull/732) ([dependabot[bot]](https://github.com/apps/dependabot))
|
|
14
|
+
- kms additions [\#731](https://github.com/fog/fog-aws/pull/731) ([geemus](https://github.com/geemus))
|
|
15
|
+
- Support FIPS endpoints, disable S3 Transfer Acceleration in GovCloud [\#730](https://github.com/fog/fog-aws/pull/730) ([matt-domsch-sp](https://github.com/matt-domsch-sp))
|
|
10
16
|
|
|
11
|
-
## [v3.
|
|
17
|
+
## [v3.29.0](https://github.com/fog/fog-aws/tree/v3.29.0) (2024-10-25)
|
|
12
18
|
|
|
13
|
-
[Full Changelog](https://github.com/fog/fog-aws/compare/v3.
|
|
19
|
+
[Full Changelog](https://github.com/fog/fog-aws/compare/v3.28.0...v3.29.0)
|
|
14
20
|
|
|
15
21
|
**Merged pull requests:**
|
|
16
22
|
|
|
17
|
-
-
|
|
23
|
+
- fallback to excon 1.0+ error retry error settings [\#728](https://github.com/fog/fog-aws/pull/728) ([geemus](https://github.com/geemus))
|
|
18
24
|
|
|
19
|
-
## [v3.
|
|
25
|
+
## [v3.28.0](https://github.com/fog/fog-aws/tree/v3.28.0) (2024-10-14)
|
|
20
26
|
|
|
21
|
-
[Full Changelog](https://github.com/fog/fog-aws/compare/v3.
|
|
27
|
+
[Full Changelog](https://github.com/fog/fog-aws/compare/v3.27.0...v3.28.0)
|
|
22
28
|
|
|
23
29
|
**Closed issues:**
|
|
24
30
|
|
|
25
|
-
-
|
|
26
|
-
- Add AWS EKS Pod Identity support [\#718](https://github.com/fog/fog-aws/issues/718)
|
|
31
|
+
- SES needs to support AWS SigV4 [\#726](https://github.com/fog/fog-aws/issues/726)
|
|
27
32
|
|
|
28
33
|
**Merged pull requests:**
|
|
29
34
|
|
|
30
|
-
-
|
|
31
|
-
- Added support for EKS Pod Identity. [\#721](https://github.com/fog/fog-aws/pull/721) ([y-sugawara-acs](https://github.com/y-sugawara-acs))
|
|
32
|
-
- Disable S3 Signature v4 Streaming by default [\#719](https://github.com/fog/fog-aws/pull/719) ([stanhu](https://github.com/stanhu))
|
|
33
|
-
- Drop warning if region is not us-east-1 in mock [\#717](https://github.com/fog/fog-aws/pull/717) ([stanhu](https://github.com/stanhu))
|
|
34
|
-
- add base64 require and dependency [\#716](https://github.com/fog/fog-aws/pull/716) ([geemus](https://github.com/geemus))
|
|
35
|
+
- Update SES to use AWS SigV4 [\#727](https://github.com/fog/fog-aws/pull/727) ([ohookins](https://github.com/ohookins))
|
|
35
36
|
|
|
36
37
|
|
|
37
38
|
|
data/fog-aws.gemspec
CHANGED
|
@@ -29,7 +29,7 @@ Gem::Specification.new do |spec|
|
|
|
29
29
|
spec.add_development_dependency 'shindo', '~> 0.3'
|
|
30
30
|
|
|
31
31
|
spec.add_dependency 'base64', '~> 0.2.0'
|
|
32
|
-
spec.add_dependency 'fog-core', '~> 2.
|
|
32
|
+
spec.add_dependency 'fog-core', '~> 2.6'
|
|
33
33
|
spec.add_dependency 'fog-json', '~> 1.1'
|
|
34
34
|
spec.add_dependency 'fog-xml', '~> 0.1'
|
|
35
35
|
|
data/lib/fog/aws/kms.rb
CHANGED
|
@@ -20,6 +20,9 @@ module Fog
|
|
|
20
20
|
request :list_keys
|
|
21
21
|
request :create_key
|
|
22
22
|
request :describe_key
|
|
23
|
+
request :get_public_key
|
|
24
|
+
request :schedule_key_deletion
|
|
25
|
+
request :sign
|
|
23
26
|
|
|
24
27
|
model_path 'fog/aws/models/kms'
|
|
25
28
|
model :key
|
|
@@ -30,7 +33,8 @@ module Fog
|
|
|
30
33
|
@data ||= Hash.new do |hash, region|
|
|
31
34
|
hash[region] = Hash.new do |region_hash, access_key|
|
|
32
35
|
region_hash[access_key] = {
|
|
33
|
-
:
|
|
36
|
+
keys: {},
|
|
37
|
+
pkeys: {}
|
|
34
38
|
}
|
|
35
39
|
end
|
|
36
40
|
end
|
|
@@ -17,9 +17,9 @@ module Fog
|
|
|
17
17
|
|
|
18
18
|
def end_element(name)
|
|
19
19
|
case name
|
|
20
|
-
when '
|
|
20
|
+
when 'Arn', 'AWSAccountId', 'Description', 'KeyId', 'KeySpec', 'KeyState', 'KeyUsage'
|
|
21
21
|
@key[name] = value
|
|
22
|
-
when 'CreationDate'
|
|
22
|
+
when 'CreationDate', 'DeletionDate'
|
|
23
23
|
@key[name] = Time.parse(value)
|
|
24
24
|
when 'Enabled'
|
|
25
25
|
@key[name] = (value == 'true')
|
|
@@ -0,0 +1,30 @@
|
|
|
1
|
+
module Fog
|
|
2
|
+
module Parsers
|
|
3
|
+
module AWS
|
|
4
|
+
module KMS
|
|
5
|
+
class GetPublicKey < Fog::Parsers::Base
|
|
6
|
+
def reset
|
|
7
|
+
@response = {}
|
|
8
|
+
end
|
|
9
|
+
|
|
10
|
+
def start_element(name, attrs = [])
|
|
11
|
+
super
|
|
12
|
+
case name
|
|
13
|
+
when 'EncryptionAlgorithms', 'KeyAgreementAlgorithms', 'SigningAlgorithms'
|
|
14
|
+
@response[name] = []
|
|
15
|
+
end
|
|
16
|
+
end
|
|
17
|
+
|
|
18
|
+
def end_element(name)
|
|
19
|
+
case name
|
|
20
|
+
when 'KeyId', 'KeySpec', 'KeyUsage', 'PublicKey'
|
|
21
|
+
@response[name] = value
|
|
22
|
+
when 'EncryptionAlgorithms', 'KeyAgreementAlgorithms', 'SigningAlgorithms'
|
|
23
|
+
@response[name] << value
|
|
24
|
+
end
|
|
25
|
+
end
|
|
26
|
+
end
|
|
27
|
+
end
|
|
28
|
+
end
|
|
29
|
+
end
|
|
30
|
+
end
|
|
@@ -0,0 +1,28 @@
|
|
|
1
|
+
module Fog
|
|
2
|
+
module Parsers
|
|
3
|
+
module AWS
|
|
4
|
+
module KMS
|
|
5
|
+
class ScheduleKeyDeletion < Fog::Parsers::Base
|
|
6
|
+
def reset
|
|
7
|
+
@response = {}
|
|
8
|
+
end
|
|
9
|
+
|
|
10
|
+
def start_element(name, attrs = [])
|
|
11
|
+
super
|
|
12
|
+
end
|
|
13
|
+
|
|
14
|
+
def end_element(name)
|
|
15
|
+
case name
|
|
16
|
+
when 'DeletionDate'
|
|
17
|
+
@response[name] = Time.parse(value)
|
|
18
|
+
when 'KeyId', 'KeyState'
|
|
19
|
+
@response[name] = value
|
|
20
|
+
when 'PendingWindowInDays'
|
|
21
|
+
@response[name] = value.to_i
|
|
22
|
+
end
|
|
23
|
+
end
|
|
24
|
+
end
|
|
25
|
+
end
|
|
26
|
+
end
|
|
27
|
+
end
|
|
28
|
+
end
|
|
@@ -0,0 +1,24 @@
|
|
|
1
|
+
module Fog
|
|
2
|
+
module Parsers
|
|
3
|
+
module AWS
|
|
4
|
+
module KMS
|
|
5
|
+
class Sign < Fog::Parsers::Base
|
|
6
|
+
def reset
|
|
7
|
+
@response = {}
|
|
8
|
+
end
|
|
9
|
+
|
|
10
|
+
def start_element(name, attrs = [])
|
|
11
|
+
super
|
|
12
|
+
end
|
|
13
|
+
|
|
14
|
+
def end_element(name)
|
|
15
|
+
case name
|
|
16
|
+
when 'KeyId', 'Signature', 'SigningAlgorithm'
|
|
17
|
+
@response[name] = value
|
|
18
|
+
end
|
|
19
|
+
end
|
|
20
|
+
end
|
|
21
|
+
end
|
|
22
|
+
end
|
|
23
|
+
end
|
|
24
|
+
end
|
|
@@ -2,61 +2,99 @@ module Fog
|
|
|
2
2
|
module AWS
|
|
3
3
|
class KMS
|
|
4
4
|
class Real
|
|
5
|
-
DEFAULT_KEY_POLICY = <<-JSON
|
|
6
|
-
{
|
|
7
|
-
"Version": "2012-10-17",
|
|
8
|
-
"Id": "key-default-1",
|
|
9
|
-
"Statement": [
|
|
10
|
-
{
|
|
11
|
-
"Sid": "Enable IAM User Permissions",
|
|
12
|
-
"Effect": "Allow",
|
|
13
|
-
"Principal": {
|
|
14
|
-
"AWS": "arn:aws:iam::915445820265:root"
|
|
15
|
-
},
|
|
16
|
-
"Action": "kms:*",
|
|
17
|
-
"Resource": "*"
|
|
18
|
-
}
|
|
19
|
-
]
|
|
20
|
-
}
|
|
21
|
-
JSON
|
|
22
|
-
|
|
23
5
|
require 'fog/aws/parsers/kms/describe_key'
|
|
24
6
|
|
|
25
|
-
|
|
26
|
-
|
|
27
|
-
|
|
28
|
-
|
|
29
|
-
|
|
30
|
-
|
|
31
|
-
|
|
32
|
-
|
|
7
|
+
# Create Key
|
|
8
|
+
#
|
|
9
|
+
# ==== Parameters
|
|
10
|
+
# * options<~Hash>:
|
|
11
|
+
# * 'Description'<~String>:
|
|
12
|
+
# * 'KeyUsage'<~String>:
|
|
13
|
+
# * 'Policy'<~String>:
|
|
14
|
+
# * ... (see docs from see also)
|
|
15
|
+
#
|
|
16
|
+
# === Returns
|
|
17
|
+
#
|
|
18
|
+
# ==== See Also
|
|
19
|
+
# https://docs.aws.amazon.com/kms/latest/APIReference/API_CreateKey.html
|
|
20
|
+
def create_key(*args)
|
|
21
|
+
options = Fog::AWS::KMS.parse_create_key_args(args)
|
|
22
|
+
request({
|
|
23
|
+
'Action' => 'CreateKey',
|
|
24
|
+
:parser => Fog::Parsers::AWS::KMS::DescribeKey.new
|
|
25
|
+
}.merge!(options))
|
|
33
26
|
end
|
|
34
27
|
end
|
|
35
28
|
|
|
36
29
|
class Mock
|
|
37
|
-
def create_key(
|
|
30
|
+
def create_key(*args)
|
|
31
|
+
options = Fog::AWS::KMS.parse_create_key_args(args)
|
|
32
|
+
|
|
38
33
|
response = Excon::Response.new
|
|
39
34
|
key_id = UUID.uuid
|
|
40
35
|
key_arn = Fog::AWS::Mock.arn("kms", self.account_id, "key/#{key_id}", @region)
|
|
41
36
|
|
|
42
37
|
key = {
|
|
43
|
-
|
|
44
|
-
|
|
45
|
-
|
|
46
|
-
|
|
47
|
-
|
|
48
|
-
|
|
49
|
-
|
|
50
|
-
|
|
38
|
+
'Arn' => key_arn,
|
|
39
|
+
'AWSAccountId' => self.account_id,
|
|
40
|
+
'CreationDate' => Time.now.utc,
|
|
41
|
+
'DeletionDate' => nil,
|
|
42
|
+
'Description' => nil,
|
|
43
|
+
'Enabled' => true,
|
|
44
|
+
'KeyId' => key_id,
|
|
45
|
+
'KeySpec' => 'SYMMETRIC_DEFAULT',
|
|
46
|
+
'KeyState' => 'Enabled',
|
|
47
|
+
'KeyUsage' => 'ENCRYPT_DECRYPT',
|
|
48
|
+
'Policy' => nil
|
|
49
|
+
}.merge!(options)
|
|
51
50
|
|
|
52
51
|
# @todo use default policy
|
|
53
52
|
|
|
54
53
|
self.data[:keys][key_id] = key
|
|
55
54
|
|
|
56
|
-
|
|
55
|
+
klass, arg = {
|
|
56
|
+
'ECC_NIST_P256' => [OpenSSL::PKey::EC, 'prime256v1'],
|
|
57
|
+
'ECC_NIST_P384' => [OpenSSL::PKey::EC, 'secp384r1'],
|
|
58
|
+
'ECC_NIST_P521' => [OpenSSL::PKey::EC, 'secp521r1'],
|
|
59
|
+
'ECC_SECG_P256K1' => [OpenSSL::PKey::EC, 'secp256k1'],
|
|
60
|
+
'RSA_2048' => [OpenSSL::PKey::RSA, 2048],
|
|
61
|
+
'RSA_3072' => [OpenSSL::PKey::RSA, 3072],
|
|
62
|
+
'RSA_4096' => [OpenSSL::PKey::RSA, 4096]
|
|
63
|
+
}[key['KeySpec']]
|
|
64
|
+
raise "Unknown or not-yet-implemented #{key['KeySpec']} KeySpec for kms create_key mocks" unless klass
|
|
65
|
+
|
|
66
|
+
self.data[:pkeys][key_id] = klass.generate(arg)
|
|
67
|
+
|
|
68
|
+
response.body = { 'KeyMetadata' => key }
|
|
57
69
|
response
|
|
58
70
|
end
|
|
59
71
|
end
|
|
72
|
+
|
|
73
|
+
# previous args (policy, description, usage) was deprecated in favor of a hash of options
|
|
74
|
+
def self.parse_create_key_args(args)
|
|
75
|
+
case args.size
|
|
76
|
+
when 0
|
|
77
|
+
{}
|
|
78
|
+
when 1
|
|
79
|
+
if args[0].is_a?(Hash)
|
|
80
|
+
args[0]
|
|
81
|
+
else
|
|
82
|
+
Fog::Logger.deprecation("create_key with distinct arguments is deprecated, use options hash instead [light_black](#{caller.first})[/]")
|
|
83
|
+
{
|
|
84
|
+
'Policy' => args[0]
|
|
85
|
+
}
|
|
86
|
+
end
|
|
87
|
+
when 2, 3
|
|
88
|
+
Fog::Logger.deprecation("create_key with distinct arguments is deprecated, use options hash instead [light_black](#{caller.first})[/]")
|
|
89
|
+
{
|
|
90
|
+
'Policy' => args[0],
|
|
91
|
+
'Description' => args[1],
|
|
92
|
+
'KeyUsage' => args[2] || 'ENCRYPT_DECRYPT'
|
|
93
|
+
}
|
|
94
|
+
else
|
|
95
|
+
raise "Unknown argument style: #{args.inspect}, use options hash instead."
|
|
96
|
+
end
|
|
97
|
+
end
|
|
60
98
|
end
|
|
61
99
|
end
|
|
62
100
|
end
|
|
@@ -0,0 +1,35 @@
|
|
|
1
|
+
module Fog
|
|
2
|
+
module AWS
|
|
3
|
+
class KMS
|
|
4
|
+
class Real
|
|
5
|
+
require 'fog/aws/parsers/kms/get_public_key'
|
|
6
|
+
|
|
7
|
+
def get_public_key(identifier, grant_tokens = nil)
|
|
8
|
+
request(
|
|
9
|
+
'Action' => 'GetPublicKey',
|
|
10
|
+
'GrantTokens' => grant_tokens,
|
|
11
|
+
'KeyId' => identifier,
|
|
12
|
+
:parser => Fog::Parsers::AWS::KMS::GetPublicKey.new
|
|
13
|
+
)
|
|
14
|
+
end
|
|
15
|
+
end
|
|
16
|
+
|
|
17
|
+
class Mock
|
|
18
|
+
def get_public_key(identifier, _grant_tokens = [])
|
|
19
|
+
response = Excon::Response.new
|
|
20
|
+
key = self.data[:keys][identifier]
|
|
21
|
+
pkey = self.data[:pkeys][identifier]
|
|
22
|
+
|
|
23
|
+
response.body = {
|
|
24
|
+
'KeyId' => key['Arn'],
|
|
25
|
+
'KeyUsage' => key['KeyUsage'],
|
|
26
|
+
'KeySpec' => key['KeySpec'],
|
|
27
|
+
'PublicKey' => Base64.strict_encode64(pkey.public_to_der),
|
|
28
|
+
'SigningAlgorithms' => key['SigningAlgorithms']
|
|
29
|
+
}
|
|
30
|
+
response
|
|
31
|
+
end
|
|
32
|
+
end
|
|
33
|
+
end
|
|
34
|
+
end
|
|
35
|
+
end
|
|
@@ -2,7 +2,6 @@ module Fog
|
|
|
2
2
|
module AWS
|
|
3
3
|
class KMS
|
|
4
4
|
class Real
|
|
5
|
-
|
|
6
5
|
require 'fog/aws/parsers/kms/list_keys'
|
|
7
6
|
|
|
8
7
|
def list_keys(options={})
|
|
@@ -43,9 +42,9 @@ module Fog
|
|
|
43
42
|
key_set = if marker
|
|
44
43
|
self.data[:markers][marker] || []
|
|
45
44
|
else
|
|
46
|
-
self.data[:keys].inject([])
|
|
47
|
-
r << {
|
|
48
|
-
|
|
45
|
+
self.data[:keys].inject([]) do |r, (k, v)|
|
|
46
|
+
r << { 'KeyArn' => v['Arn'], 'KeyId' => k }
|
|
47
|
+
end
|
|
49
48
|
end
|
|
50
49
|
|
|
51
50
|
keys = if limit
|
|
@@ -0,0 +1,37 @@
|
|
|
1
|
+
module Fog
|
|
2
|
+
module AWS
|
|
3
|
+
class KMS
|
|
4
|
+
class Real
|
|
5
|
+
require 'fog/aws/parsers/kms/schedule_key_deletion'
|
|
6
|
+
|
|
7
|
+
def schedule_key_deletion(identifier, pending_window_in_days)
|
|
8
|
+
request(
|
|
9
|
+
'Action' => 'ScheduleKeyDeletion',
|
|
10
|
+
'KeyId' => identifier,
|
|
11
|
+
'PendingWindowInDays' => pending_window_in_days,
|
|
12
|
+
:parser => Fog::Parsers::AWS::KMS::ScheduleKeyDeletion.new
|
|
13
|
+
)
|
|
14
|
+
end
|
|
15
|
+
end
|
|
16
|
+
|
|
17
|
+
class Mock
|
|
18
|
+
def schedule_key_deletion(identifier, pending_window_in_days)
|
|
19
|
+
response = Excon::Response.new
|
|
20
|
+
key = self.data[:keys][identifier]
|
|
21
|
+
|
|
22
|
+
key['DeletionDate'] = Time.now + (60 * 60 * 24 * pending_window_in_days)
|
|
23
|
+
key['Enabled'] = false
|
|
24
|
+
key['KeyState'] = 'PendingDeletion'
|
|
25
|
+
|
|
26
|
+
response.body = {
|
|
27
|
+
'DeletionDate' => key['DeletionDate'],
|
|
28
|
+
'KeyId' => key['KeyId'],
|
|
29
|
+
'KeyState' => key['KeyState'],
|
|
30
|
+
'PendingWindowInDays' => pending_window_in_days
|
|
31
|
+
}
|
|
32
|
+
response
|
|
33
|
+
end
|
|
34
|
+
end
|
|
35
|
+
end
|
|
36
|
+
end
|
|
37
|
+
end
|
|
@@ -0,0 +1,62 @@
|
|
|
1
|
+
module Fog
|
|
2
|
+
module AWS
|
|
3
|
+
class KMS
|
|
4
|
+
class Real
|
|
5
|
+
require 'fog/aws/parsers/kms/sign'
|
|
6
|
+
|
|
7
|
+
# Sign
|
|
8
|
+
#
|
|
9
|
+
# ==== Parameters
|
|
10
|
+
# * identifier<~String>: id, arn, alias name, or alias arn for key to sign with
|
|
11
|
+
# * message<~String>: base64 encoded message to sign
|
|
12
|
+
#
|
|
13
|
+
# === Returns
|
|
14
|
+
# * response<~Excon::Response>:
|
|
15
|
+
#
|
|
16
|
+
# ==== See Also
|
|
17
|
+
# https://docs.aws.amazon.com/kms/latest/APIReference/API_Sign.html
|
|
18
|
+
#
|
|
19
|
+
def sign(identifier, message, algorithm, options = {})
|
|
20
|
+
request({
|
|
21
|
+
'Action' => 'Sign',
|
|
22
|
+
'KeyId' => identifier,
|
|
23
|
+
'Message' => message,
|
|
24
|
+
'SigningAlgorithm' => algorithm,
|
|
25
|
+
:parser => Fog::Parsers::AWS::KMS::Sign.new
|
|
26
|
+
}.merge!(options))
|
|
27
|
+
end
|
|
28
|
+
end
|
|
29
|
+
|
|
30
|
+
class Mock
|
|
31
|
+
def sign(identifier, message, algorithm, options = {})
|
|
32
|
+
response = Excon::Response.new
|
|
33
|
+
pkey = self.data[:pkeys][identifier]
|
|
34
|
+
unless pkey
|
|
35
|
+
response.status = 404
|
|
36
|
+
raise(Excon::Errors.status_error({ expects: 200 }, response))
|
|
37
|
+
end
|
|
38
|
+
|
|
39
|
+
data = Base64.decode64(message)
|
|
40
|
+
|
|
41
|
+
# FIXME: SM2 support?
|
|
42
|
+
sha = "SHA#{algorithm.split('_SHA_').last}"
|
|
43
|
+
signopts = {}
|
|
44
|
+
signopts[:rsa_padding_mode] = 'pss' if algorithm.start_with?('RSASSA_PSS')
|
|
45
|
+
|
|
46
|
+
signature = if options['MessageType'] == 'DIGEST'
|
|
47
|
+
pkey.sign_raw(sha, data, signopts)
|
|
48
|
+
else
|
|
49
|
+
pkey.sign(sha, data, signopts)
|
|
50
|
+
end
|
|
51
|
+
|
|
52
|
+
response.body = {
|
|
53
|
+
'KeyId' => identifier,
|
|
54
|
+
'Signature' => Base64.strict_encode64(signature),
|
|
55
|
+
'SigningAlgorithm' => algorithm
|
|
56
|
+
}
|
|
57
|
+
response
|
|
58
|
+
end
|
|
59
|
+
end
|
|
60
|
+
end
|
|
61
|
+
end
|
|
62
|
+
end
|
data/lib/fog/aws/ses.rb
CHANGED
|
@@ -48,18 +48,21 @@ module Fog
|
|
|
48
48
|
def initialize(options={})
|
|
49
49
|
|
|
50
50
|
@use_iam_profile = options[:use_iam_profile]
|
|
51
|
-
setup_credentials(options)
|
|
52
51
|
|
|
53
52
|
@instrumentor = options[:instrumentor]
|
|
54
53
|
@instrumentor_name = options[:instrumentor_name] || 'fog.aws.ses'
|
|
55
54
|
@connection_options = options[:connection_options] || {}
|
|
56
55
|
options[:region] ||= 'us-east-1'
|
|
56
|
+
@region = options[:region]
|
|
57
|
+
|
|
57
58
|
@host = options[:host] || "email.#{options[:region]}.amazonaws.com"
|
|
58
59
|
@path = options[:path] || '/'
|
|
59
60
|
@persistent = options[:persistent] || false
|
|
60
61
|
@port = options[:port] || 443
|
|
61
62
|
@scheme = options[:scheme] || 'https'
|
|
62
63
|
@connection = Fog::XML::Connection.new("#{@scheme}://#{@host}:#{@port}#{@path}", @persistent, @connection_options)
|
|
64
|
+
|
|
65
|
+
setup_credentials(options)
|
|
63
66
|
end
|
|
64
67
|
|
|
65
68
|
def reload
|
|
@@ -74,7 +77,7 @@ module Fog
|
|
|
74
77
|
@aws_session_token = options[:aws_session_token]
|
|
75
78
|
@aws_credentials_expire_at = options[:aws_credentials_expire_at]
|
|
76
79
|
|
|
77
|
-
@
|
|
80
|
+
@signer = Fog::AWS::SignatureV4.new(@aws_access_key_id, @aws_secret_access_key, @region, 'ses')
|
|
78
81
|
end
|
|
79
82
|
|
|
80
83
|
def request(params)
|
|
@@ -87,20 +90,20 @@ module Fog
|
|
|
87
90
|
'Content-Type' => 'application/x-www-form-urlencoded',
|
|
88
91
|
'Date' => Fog::Time.now.to_date_header,
|
|
89
92
|
}
|
|
90
|
-
|
|
91
|
-
|
|
92
|
-
|
|
93
|
-
|
|
94
|
-
|
|
95
|
-
|
|
96
|
-
|
|
97
|
-
|
|
98
|
-
|
|
99
|
-
|
|
100
|
-
|
|
101
|
-
|
|
102
|
-
|
|
103
|
-
|
|
93
|
+
|
|
94
|
+
body, headers = AWS.signed_params_v4(
|
|
95
|
+
params,
|
|
96
|
+
{ 'Content-Type' => 'application/x-www-form-urlencoded' },
|
|
97
|
+
{
|
|
98
|
+
:method => 'POST',
|
|
99
|
+
:aws_session_token => @aws_session_token,
|
|
100
|
+
:signer => @signer,
|
|
101
|
+
:host => @host,
|
|
102
|
+
:path => @path,
|
|
103
|
+
:port => @port,
|
|
104
|
+
:version => '2010-12-01'
|
|
105
|
+
}
|
|
106
|
+
)
|
|
104
107
|
|
|
105
108
|
if @instrumentor
|
|
106
109
|
@instrumentor.instrument("#{@instrumentor_name}.request", params) do
|
data/lib/fog/aws/storage.rb
CHANGED
|
@@ -7,6 +7,8 @@ module Fog
|
|
|
7
7
|
|
|
8
8
|
DEFAULT_REGION = 'us-east-1'
|
|
9
9
|
ACCELERATION_HOST = 's3-accelerate.amazonaws.com'
|
|
10
|
+
AWS_FIPS_REGIONS = %w(us-east-1 us-east-2 us-west-1 us-west-2 us-gov-east-1 us-gov-west-1 ca-central-1 ca-west-1).freeze
|
|
11
|
+
AWS_GOVCLOUD_REGIONS = %w(us-gov-east-1 us-gov-west-1).freeze
|
|
10
12
|
|
|
11
13
|
DEFAULT_SCHEME = 'https'
|
|
12
14
|
DEFAULT_SCHEME_PORT = {
|
|
@@ -16,10 +18,7 @@ module Fog
|
|
|
16
18
|
|
|
17
19
|
DEFAULT_CONNECTION_OPTIONS = {
|
|
18
20
|
retry_limit: 5,
|
|
19
|
-
retry_interval: 1
|
|
20
|
-
retry_errors: [
|
|
21
|
-
Excon::Error::Timeout, Excon::Error::Socket, Excon::Error::Server
|
|
22
|
-
]
|
|
21
|
+
retry_interval: 1
|
|
23
22
|
}
|
|
24
23
|
|
|
25
24
|
MIN_MULTIPART_CHUNK_SIZE = 5242880
|
|
@@ -261,13 +260,17 @@ module Fog
|
|
|
261
260
|
end
|
|
262
261
|
|
|
263
262
|
def region_to_host(region=nil)
|
|
264
|
-
|
|
265
|
-
|
|
266
|
-
's3.amazonaws.com'
|
|
267
|
-
when %r{\Acn-.*}
|
|
268
|
-
"s3.#{region}.amazonaws.com.cn"
|
|
263
|
+
if ENV['AWS_USE_FIPS_ENDPOINT'] == 'true' && AWS_FIPS_REGIONS.include?(region)
|
|
264
|
+
"s3-fips.#{region}.amazonaws.com" # https://aws.amazon.com/compliance/fips/
|
|
269
265
|
else
|
|
270
|
-
|
|
266
|
+
case region.to_s
|
|
267
|
+
when DEFAULT_REGION, ''
|
|
268
|
+
's3.amazonaws.com'
|
|
269
|
+
when %r{\Acn-.*}
|
|
270
|
+
"s3.#{region}.amazonaws.com.cn"
|
|
271
|
+
else
|
|
272
|
+
"s3.#{region}.amazonaws.com"
|
|
273
|
+
end
|
|
271
274
|
end
|
|
272
275
|
end
|
|
273
276
|
|
|
@@ -581,6 +584,13 @@ module Fog
|
|
|
581
584
|
@port = options[:port] || DEFAULT_SCHEME_PORT[@scheme]
|
|
582
585
|
end
|
|
583
586
|
|
|
587
|
+
# GovCloud doesn't support S3 Transfer Acceleration https://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-s3.html
|
|
588
|
+
# S3 Transfer Acceleration doesn't support FIPS endpoints. When both fog_aws_accelerate=true and AWS_USE_FIPS_ENDPOINT=true, don't use Accelerate.
|
|
589
|
+
if @acceleration && (AWS_GOVCLOUD_REGIONS.include?(@region) || ENV['AWS_USE_FIPS_ENDPOINT'] == 'true')
|
|
590
|
+
Fog::Logger.warning("fog: S3 Transfer Acceleration is not available in GovCloud regions or when AWS_USE_FIPS_ENDPOINT=true. Disabling acceleration.")
|
|
591
|
+
@acceleration = false
|
|
592
|
+
end
|
|
593
|
+
|
|
584
594
|
@host = ACCELERATION_HOST if @acceleration
|
|
585
595
|
setup_credentials(options)
|
|
586
596
|
end
|
data/lib/fog/aws/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: fog-aws
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 3.
|
|
4
|
+
version: 3.30.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Josh Lane
|
|
@@ -9,7 +9,7 @@ authors:
|
|
|
9
9
|
autorequire:
|
|
10
10
|
bindir: bin
|
|
11
11
|
cert_chain: []
|
|
12
|
-
date: 2024-
|
|
12
|
+
date: 2024-12-17 00:00:00.000000000 Z
|
|
13
13
|
dependencies:
|
|
14
14
|
- !ruby/object:Gem::Dependency
|
|
15
15
|
name: bundler
|
|
@@ -101,14 +101,14 @@ dependencies:
|
|
|
101
101
|
requirements:
|
|
102
102
|
- - "~>"
|
|
103
103
|
- !ruby/object:Gem::Version
|
|
104
|
-
version: '2.
|
|
104
|
+
version: '2.6'
|
|
105
105
|
type: :runtime
|
|
106
106
|
prerelease: false
|
|
107
107
|
version_requirements: !ruby/object:Gem::Requirement
|
|
108
108
|
requirements:
|
|
109
109
|
- - "~>"
|
|
110
110
|
- !ruby/object:Gem::Version
|
|
111
|
-
version: '2.
|
|
111
|
+
version: '2.6'
|
|
112
112
|
- !ruby/object:Gem::Dependency
|
|
113
113
|
name: fog-json
|
|
114
114
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -614,7 +614,10 @@ files:
|
|
|
614
614
|
- lib/fog/aws/parsers/iam/upload_server_certificate.rb
|
|
615
615
|
- lib/fog/aws/parsers/iam/upload_signing_certificate.rb
|
|
616
616
|
- lib/fog/aws/parsers/kms/describe_key.rb
|
|
617
|
+
- lib/fog/aws/parsers/kms/get_public_key.rb
|
|
617
618
|
- lib/fog/aws/parsers/kms/list_keys.rb
|
|
619
|
+
- lib/fog/aws/parsers/kms/schedule_key_deletion.rb
|
|
620
|
+
- lib/fog/aws/parsers/kms/sign.rb
|
|
618
621
|
- lib/fog/aws/parsers/lambda/base.rb
|
|
619
622
|
- lib/fog/aws/parsers/rds/authorize_db_security_group_ingress.rb
|
|
620
623
|
- lib/fog/aws/parsers/rds/base.rb
|
|
@@ -1236,7 +1239,10 @@ files:
|
|
|
1236
1239
|
- lib/fog/aws/requests/kinesis/split_shard.rb
|
|
1237
1240
|
- lib/fog/aws/requests/kms/create_key.rb
|
|
1238
1241
|
- lib/fog/aws/requests/kms/describe_key.rb
|
|
1242
|
+
- lib/fog/aws/requests/kms/get_public_key.rb
|
|
1239
1243
|
- lib/fog/aws/requests/kms/list_keys.rb
|
|
1244
|
+
- lib/fog/aws/requests/kms/schedule_key_deletion.rb
|
|
1245
|
+
- lib/fog/aws/requests/kms/sign.rb
|
|
1240
1246
|
- lib/fog/aws/requests/lambda/add_permission.rb
|
|
1241
1247
|
- lib/fog/aws/requests/lambda/create_event_source_mapping.rb
|
|
1242
1248
|
- lib/fog/aws/requests/lambda/create_function.rb
|