mss-sdk 1.0.0

data/lib/mss/core/configuration.rb

@@ -0,0 +1,527 @@
+# Copyright 2011-2013 Amazon.com, Inc. or its affiliates. All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"). You
+# may not use this file except in compliance with the License. A copy of
+# the License is located at
+#
+#
+# or in the "license" file accompanying this file. This file is
+# distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF
+# ANY KIND, either express or implied. See the License for the specific
+# language governing permissions and limitations under the License.
+
+require 'set'
+require 'uri'
+
+module MSS
+  module Core
+
+    # A configuration object for MSS interfaces and clients.
+    #
+    # ## Configuring Credentials
+    #
+    # In order to do anything with MSS you will need to assign credentials.
+    # The simplest method is to assign your credentials into the default
+    # configuration:
+    #
+    #     MSS.config(:access_key_id => 'KEY', :secret_access_key => 'SECRET')
+    #
+    # You can also export them into your environment and they will be picked up
+    # automatically:
+    #
+    #     export MSS_ACCESS_KEY_ID='YOUR_KEY_ID_HERE'
+    #     export MSS_SECRET_ACCESS_KEY='YOUR_SECRET_KEY_HERE'
+    #
+    # For compatability with other MSS gems, the credentials can also be
+    # exported like:
+    #
+    #     export AMAZON_ACCESS_KEY_ID='YOUR_KEY_ID_HERE'
+    #     export AMAZON_SECRET_ACCESS_KEY='YOUR_SECRET_KEY_HERE'
+    #
+    # ## Modifying a Configuration
+    #
+    # Configuration objects are read-only.  If you need a different set of
+    # configuration values, call {#with}, passing in the updates
+    # and a new configuration object will be returned.
+    #
+    #     config = Configuration.new(:max_retries => 3)
+    #     new_config = config.with(:max_retries => 2)
+    #
+    #     config.max_retries #=> 3
+    #     new_config.max_retries #=> 2
+    #
+    # ## Global Configuration
+    #
+    # The global default configuration can be found at {MSS.config}
+    #
+    # @attr_reader [String,nil] access_key_id (nil)
+    #   MSS access key id credential.
+    #
+    # @attr_reader [String,nil] secret_access_key (nil)
+    #   MSS secret access key credential.
+    #
+    # @attr_reader [String,nil] session_token (nil) MSS secret token credential.
+    #
+    # @attr_reader [String] region
+    #   The MSS region used for requests. The default is `us-east-1`.
+    #
+    # @attr_reader [Boolean] dynamo_db_big_decimals (true) When `true`,
+    #   {DynamoDB} will convert number values returned by {DynamoDB::Client}
+    #   from strings to BigDecimal objects.  If you set this to `false`,
+    #   they will be converted from strings into floats (with a potential
+    #   loss of precision).
+    #
+    # @attr_reader [Boolean] dynamo_db_retry_throughput_errors (true) When
+    #   true, MSS::DynamoDB::Errors::ProvisionedThroughputExceededException
+    #   errors will be retried.
+    #
+    # @attr_reader [Object] http_handler The http handler that sends requests
+    #   to MSS.  Defaults to an HTTP handler built on net/http.
+    #
+    # @attr_reader [Integer] http_idle_timeout The number of seconds a
+    #   persistent connection is allowed to sit idle before it should no
+    #   longer be used.
+    #
+    # @attr_reader [Integer] http_open_timeout The number of seconds before
+    #   the `http_handler` should timeout while trying to open a new HTTP
+    #   session.
+    #
+    # @attr_reader [Integer] http_read_timeout The number of seconds before
+    #   the `http_handler` should timeout while waiting for a HTTP
+    #   response.
+    #
+    # @attr_reader [Boolean] http_wire_trace When `true`, the http handler
+    #   will log all wire traces to the `:logger`.  If a `:logger` is not
+    #   configured, then wire traces will be sent to standard out.
+    #
+    # @attr_reader [Logger,nil] logger (nil) The logging interface.
+    #
+    # @attr_reader [Symbol] log_level (:info) The log level to use when
+    #   logging every API call.  Does not set the `:logger`'s log_level.
+    #
+    # @attr_reader [LogFormatter] log_formatter The log message formatter.
+    #
+    # @attr_reader [Integer] max_retries (3) The maximum number of times
+    #   service errors (500) and throttling errors should be retried. There is
+    #   an exponential backoff in between retries, so the more retries the
+    #   longer it can take to fail.
+    #
+    # @attr_reader [URI,nil] proxy_uri (nil) The URI of the proxy
+    #    to send service requests through.
+    #
+    # @attr_reader [Boolean] s3_force_path_style (false) When
+    #   `true`, requests will always use path style.  This can be useful
+    #   for testing environments.
+    #
+    # @attr_reader [Integer] s3_multipart_max_parts (10000)
+    #   The maximum number of parts to split a file into when uploading
+    #   in parts to S3.
+    #
+    # @attr_reader [Integer] s3_multipart_threshold (16777216) When uploading
+    #   data to S3, if the number of bytes to send exceeds
+    #   `:s3_multipart_threshold` then a multi part session is automatically
+    #   started and the data is sent up in chunks.  The size of each part
+    #   is specified by `:s3_multipart_min_part_size`. Defaults to
+    #   16777216 (16MB).
+    #
+    # @attr_reader [Integer] s3_multipart_min_part_size (5242880)
+    #   The absolute minimum size (in bytes) each S3 multipart
+    #   segment should be defaults to 5242880 (5MB).
+    #
+    # @attr_reader [Symbol] s3_server_side_encryption The algorithm to
+    #   use when encrypting object data on the server side.  The only
+    #   valid value is `:aes256`, which specifies that the object
+    #   should be stored using the AES encryption algorithm with 256
+    #   bit keys.  Defaults to `nil`, meaning server side encryption
+    #   is not used unless specified on each individual call to upload
+    #   an object.  This option controls the default behavior for the
+    #   following method:
+    #
+    #     * {S3::S3Object#write}
+    #     * {S3::S3Object#multipart_upload}
+    #     * {S3::S3Object#copy_from} and {S3::S3Object#copy_to}
+    #     * {S3::S3Object#presigned_post}
+    #     * {S3::Bucket#presigned_post}
+    #
+    #   You can construct an interface to Amazon S3 which always
+    #   stores data using server side encryption as follows:
+    #
+    #       s3 = MSS::S3.new(:s3_server_side_encryption => :aes256)
+    #
+    # @attr_reader [OpenSSL::PKey::RSA, String] s3_encryption_key
+    #   If this is set, MSS::S3::S3Object #read and #write methods will always
+    #   perform client-side encryption with this key. The key can be overridden
+    #   at runtime by using the :encryption_key option.  A value of nil
+    #   means that client-side encryption will not be used.
+    #
+    # @attr_reader [Symbol] s3_encryption_materials_location
+    #   When set to `:instruction_file`, MSS::S3::S3Object will store
+    #   encryption materials in a separate object, instead of the object
+    #   metadata.
+    #
+    # @attr_reader [Boolean] simple_db_consistent_reads (false) Determines
+    #   if all SimpleDB read requests should be done consistently.
+    #   Consistent reads are slower, but reflect all changes to SDB.
+    #
+    # @attr_reader [Boolean] sqs_verify_checksums (true)
+    #   When `true` all SQS operations will check body content against
+    #   MD5 checksums, raising an exception if there is a mismatch.
+    #
+    # @attr_reader [CredentialProvider::Provider] credential_provider
+    #   Returns the object that is responsible for loading credentials.
+    #
+    # @attr_reader [String] ssl_ca_file The path to a CA cert bundle in
+    #   PEM format.
+    #
+    #   If `ssl_verify_peer` is true (the default) this bundle will be
+    #   used to validate the server certificate in each HTTPS request.
+    #   The MSS SDK for Ruby ships with a CA cert bundle, which is the
+    #   default value for this option.
+    #
+    # @attr_reader [String] ssl_ca_path (nil)
+    #   The path the a CA cert directory.
+    #
+    # @attr_reader [String] ssl_cert_store (nil)
+    #
+    # @attr_reader [Boolean] ssl_verify_peer (true) When `true`
+    #   the HTTP handler validate server certificates for HTTPS requests.
+    #
+    #   This option should only be disabled for diagnostic purposes;
+    #   leaving this option set to `false` exposes your application to
+    #   man-in-the-middle attacks and can pose a serious security
+    #   risk.
+    #
+    # @attr_reader [Boolean] stub_requests (false) When `true` requests are not
+    #   sent to MSS, instead empty responses are generated and returned to
+    #   each service request.
+    #
+    # @attr_reader [Boolean] use_ssl (true) When `true`, all requests
+    #   to MSS are sent using HTTPS instead vanilla HTTP.
+    #
+    # @attr_reader [String] user_agent_prefix (nil) A string prefix to
+    #   append to all requests against MSS services.  This should be set
+    #   for clients and applications built on top of the mss-sdk gem.
+    #
+    # @attr_reader [Boolean] verify_response_body_content_length (true)
+    #   When `true` all HTTP handlers will perform a check to ensure
+    #   that response bodies match the content-length specified in the
+    #   response header, if present. Note that some HTTP handlers will
+    #   always do this whether or not this value is true.
+    #
+    class Configuration
+
+      # Creates a new Configuration object.
+      # @param options (see MSS.config)
+      # @option options (see MSS.config)
+      def initialize options = {}
+
+        @created = options.delete(:__created__) || {}
+
+        # :signer is now a deprecated option, this ensures it will still
+        # work, but its now preferred to set :credential_provider instead.
+        # Credential providers don't have to provide a #sign method.
+        if signer = options.delete(:signer)
+          options[:credential_provider] = signer
+        end
+
+        options.each_pair do |opt_name, value|
+          opt_name = opt_name.to_sym
+          if self.class.accepted_options.include?(opt_name)
+            #if opt_name.to_s =~ /_endpoint$/
+            #  warning = ":#{opt_name} is a deprecated MSS configuration option, "
+            #  warning << "use :region instead"
+            #  warn(warning)
+            #end
+            supplied[opt_name] = value
+          end
+        end
+
+      end
+
+      # @return [Hash] Returns a hash with your configured credentials.
+      def credentials
+        credentials = {}
+        [:access_key_id, :secret_access_key, :session_token].each do |opt|
+          if value = credential_provider.send(opt)
+            credentials[opt] = value
+          end
+        end
+        credentials
+      end
+
+      # Used to create a new Configuration object with the given modifications.
+      # The current configuration object is not modified.
+      #
+      #     MSS.config(:max_retries => 2)
+      #
+      #     no_retries_config = MSS.config.with(:max_retries => 0)
+      #
+      #     MSS.config.max_retries        #=> 2
+      #     no_retries_config.max_retries #=> 0
+      #
+      # You can use these configuration objects returned by #with to create
+      # MSS objects:
+      #
+      #     MSS::S3.new(:config => no_retries_config)
+      #     MSS::SQS.new(:config => no_retries_config)
+      #
+      # @param options (see MSS.config)
+      # @option options (see MSS.config)
+      # @return [Configuration] Copies the current configuration and returns
+      #   a new one with modifications as provided in `:options`.
+      def with options = {}
+
+        # symbolize option keys
+        options = options.inject({}) {|h,kv| h[kv.first.to_sym] = kv.last; h }
+
+        values = supplied.merge(options)
+
+        if supplied == values
+          self # nothing changed
+        else
+          self.class.new(values.merge(:__created__ => @created.dup))
+        end
+
+      end
+
+      # @return [Hash] Returns a hash of all configuration values.
+      def to_h
+        self.class.accepted_options.inject({}) do |h,k|
+          h.merge(k => send(k))
+        end
+      end
+      alias_method :to_hash, :to_h
+
+      # @return [Boolean] Returns true if the two configuration objects have
+      #   the same values.
+      def eql? other
+        other.is_a?(self.class) and self.supplied == other.supplied
+      end
+      alias_method :==, :eql?
+
+      # @api private
+      def inspect
+        "<#{self.class.name}>"
+      end
+
+      # @api private
+      def endpoint_region(svc)
+        (supplied[svc.method_name] || {})[:region] or
+        supplied[:"#{svc.old_name}_region"] or
+        region
+      end
+
+      protected
+
+      def supplied
+        @supplied ||= {}
+      end
+
+      class << self
+
+        # @api private
+        def accepted_options
+          @options ||= Set.new
+        end
+
+        # @api private
+        def add_option name, default_value = nil, options = {}, &transform
+
+          accepted_options << name
+
+          define_method(name) do |&default_override|
+
+            value =
+              if supplied.has_key?(name)
+                supplied[name]
+              elsif default_override
+                default_override.call
+              else
+                default_value
+              end
+
+            transform ? transform.call(self, value) : value
+
+          end
+
+          alias_method("#{name}?", name) if options[:boolean]
+
+        end
+
+        # Configuration options that have dependencies are re-recreated
+        # anytime one of their dependent configuration values are
+        # changed.
+        # @api private
+        def add_option_with_needs name, needs, &create_block
+
+          accepted_options << name
+
+          define_method(name) do
+
+            return supplied[name] if supplied.has_key?(name)
+
+            needed = needs.inject({}) {|h,need| h.merge(need => send(need)) }
+
+            unless @created.key?(name) and @created[name][:needed] == needed
+              created = {}
+              created[:object] = create_block.call(self,needed)
+              created[:needed] = needed
+              @created[name] = created
+            end
+
+            @created[name][:object]
+
+          end
+
+        end
+
+        def add_service name, ruby_name, endpoint_prefix
+
+          svc = SERVICES[name]
+          svc_opt = svc.method_name
+          ruby_name = svc.old_name
+
+          add_option(svc_opt, {})
+
+          add_option :"#{ruby_name}_endpoint" do |config,value|
+            region = config.endpoint_region(svc)
+            endpoint = value
+            endpoint ||= config.send(svc_opt)[:endpoint]
+            endpoint ||= Endpoints.hostname(region, endpoint_prefix)
+            endpoint ||= "#{endpoint_prefix}.#{region}.amazonmss.com"
+            endpoint
+          end
+
+          add_option(:"#{ruby_name}_port") do |config,value|
+            if value
+              value
+            elsif port = config.send(svc_opt)[:port]
+              port
+            else
+              config.use_ssl? ? 443 : 80
+            end
+          end
+
+          # users only need to specify service regions when they use
+          # a test endpoint with a sigv4 service
+          add_option(:"#{ruby_name}_region") do |config,value|
+            if value
+              value
+            elsif region = config.send(svc_opt)[:region]
+              region
+            else
+              endpoint = config.send("#{ruby_name}_endpoint")
+              if endpoint =~ /us-gov/
+                if matches = endpoint.match(/(us-gov-west-\d+)/)
+                  matches[1]
+                else
+                  'us-gov-west-1' # e.g. iam.us-gov.amazonmss.com
+                end
+              elsif matches = endpoint.match(/^.+?[.-](.+)\.amazonmss.com/)
+                matches[1]
+              else
+                MSS.const_get(name).global_endpoint? ? 'us-east-1' : config.region
+              end
+            end
+          end
+
+          needs = [
+            :"#{svc_opt}",
+            :"#{ruby_name}_endpoint",
+            :"#{ruby_name}_port",
+            :"#{ruby_name}_region",
+            :credential_provider,
+            :http_handler,
+            :http_read_timeout,
+            :http_continue_timeout,
+            :http_continue_threshold,
+            :log_formatter,
+            :log_level,
+            :logger,
+            :proxy_uri,
+            :max_retries,
+            :stub_requests?,
+            :ssl_verify_peer?,
+            :ssl_ca_file,
+            :ssl_ca_path,
+            :ssl_cert_store,
+            :use_ssl?,
+            :user_agent_prefix,
+          ]
+
+          create_block = lambda do |config,client_options|
+            options = client_options[:"#{svc_opt}"]
+            MSS.const_get(name)::Client.new(options.merge(:config => config))
+          end
+
+          add_option_with_needs :"#{ruby_name}_client", needs, &create_block
+
+        end
+
+      end
+
+      add_option :access_key_id
+
+      add_option :secret_access_key
+
+      add_option :session_token
+
+      add_option :region do |cfg,region|
+        region || ENV['MSS_REGION'] || ENV['AMAZON_REGION'] || ENV['MSS_DEFAULT_REGION'] || 'us-east-1'
+      end
+
+      add_option_with_needs :credential_provider,
+        [:access_key_id, :secret_access_key, :session_token] do |cfg,static_creds|
+
+        CredentialProviders::DefaultProvider.new(static_creds)
+
+      end
+
+      add_option :http_open_timeout, 15
+
+      add_option :http_read_timeout, 60
+
+      add_option :http_continue_timeout, 1
+
+      add_option :http_continue_threshold, false
+
+      add_option :http_idle_timeout, 5
+
+      add_option :http_wire_trace, false, :boolean => true
+
+      add_option_with_needs(:http_handler,
+        MSS::Core::Http::ConnectionPool::OPTIONS + [:verify_response_body_content_length]
+      ) do |config,options|
+        MSS::Core::Http::NetHttpHandler.new(options)
+      end
+
+      add_option :logger
+
+      add_option :log_level, :info
+
+      add_option :log_formatter, LogFormatter.default
+
+      add_option :max_retries, 3
+
+      add_option :proxy_uri do |config,uri| uri ? URI.parse(uri.to_s) : nil end
+
+      add_option :ssl_verify_peer, true, :boolean => true
+
+      add_option :ssl_ca_file,
+        File.expand_path(File.dirname(__FILE__) + "/../../../ca-bundle.crt")
+
+      add_option :ssl_ca_path
+
+      add_option :ssl_cert_store
+
+      add_option :stub_requests, false, :boolean => true
+
+      add_option :use_ssl, true, :boolean => true
+
+      add_option :user_agent_prefix
+
+      add_option :verify_response_body_content_length, true, :boolean => true
+
+    end
+  end
+end