right_aws 1.9.0 → 1.10.0

data/History.txt

@@ -219,3 +219,28 @@ the source key.
     S3Interface::retrieve_object_and_verify (thanks to numerous user reports)
   - Updates to caching for Ec2::describe_images_by methods
   - Ec2 now has Ec2::last_request_id
+
+=== 1.10.0
+
+  Release Notes:
+
+  The big new features are SDB's SQL-like query and query_with_attributes
+  support as well as signature v2 support for all services.  There are also
+  numerous bug fixes, many of them reported and patched by users and
+  customers.
+
+  - AwsBase: signature v2 support added
+  - AwsBase: fix the regex matching for xmlpath which didn't work in Ruby
+    1.8.7 (thanks to a customer report)
+  - Ec2: describe_availability_zones improved to support regions
+  - Ec2: Disabled retries when EC2 returns "ServiceUnavailable: Request limit
+    exceeded"
+  - Ec2: Use POST for large queries; this avoids truncation of large user data
+    when launching instances (thanks to Bob for the report)
+  - CloudFront: docs fixes
+  - SDB: added: SQL-like query, select and query_with_attributes support
+  - SDB: fixed no method error when searching for id that doesn't exist
+    (thanks to multiple users for reporting this)
+  - S3: Fixed overzealous URL-encoding when generating URLs for S3 keys
+    (thanks to a bug report on the RubyForge forum)
+  

data/README.txt

@@ -38,7 +38,7 @@ The RightScale AWS gems comprise:
   AWS accounts.
 - Support for both first- and second-generation SQS (API versions 2007-05-01
   and 2008-01-01).  These versions of SQS are not compatible.
-- Support for signature versions 0 and 1 on SQS, SDB, and EC2.
+- Support for signature versions 0, 1 and 2 on all services.
 - Interoperability with any cloud running Eucalyptus (http://eucalyptus.cs.ucsb.edu)
 - Test suite (requires AWS account to do "live" testing).
 
@@ -119,7 +119,9 @@ multithreaded mode.
   'incompatible Net::HTTP monkey-patch'
 
   This is due to a conflict between the right_http_connection gem and another
-  gem required by attachment_fu.
+  gem required by attachment_fu.  It may be possible to require right_aws (and
+  thus right_http_connection) in the .after_initialize method of the config object in
+  environment.rb (check the docs for Rails::Configuration.after_initialize).
 
 - 8/07: Amazon has changed the semantics of the SQS service.  A
   new queue may not be created within 60 seconds of the destruction of any
@@ -142,7 +144,7 @@ sudo gem install right_aws
 
 == LICENSE:
 
-Copyright (c) 2007-2008 RightScale, Inc. 
+Copyright (c) 2007-2009 RightScale, Inc. 
 
 Permission is hereby granted, free of charge, to any person obtaining
 a copy of this software and associated documentation files (the

data/Rakefile

@@ -10,27 +10,36 @@ require 'lib/right_aws.rb'
 testglobs =     ["test/ts_right_aws.rb"]
 
 
-# Suppress Hoe's self-inclusion as a dependency for our Gem.  This also keeps
-# Rake & rubyforge out of the dependency list.  Users must manually install
+# Suppress Hoe's self-inclusion as a dependency for our Gem. This also keeps
+# Rake & rubyforge out of the dependency list. Users must manually install
 # these gems to run tests, etc.
+# TRB 2/24/09: also do this for the extra_dev_deps array present in newer hoes.
+# Older versions of RubyGems will try to install developer-dependencies as
+# required runtime dependencies.  It would be great to take advantage of the extra dev deps, but not
+# at the cost of requiring many additional dependencies if the user is running an older RubyGems.
 class Hoe
   def extra_deps
     @extra_deps.reject do |x|
       Array(x).first == 'hoe'
     end
   end
+  def extra_dev_deps
+    @extra_dev_deps.reject do |x|
+      Array(x).first == 'hoe'
+    end
+  end
 end
 
 Hoe.new('right_aws', RightAws::VERSION::STRING) do |p|
-  p.rubyforge_name = 'rightaws'
+  p.rubyforge_name = 'rightscale'
   p.author = 'RightScale, Inc.'
-  p.email = 'support@rightscale.com'
-  p.summary = 'Interface classes for the Amazon EC2, SQS, and S3 Web Services'
+  p.email = 'rubygems@rightscale.com'
+  p.summary = 'Interface classes for the Amazon EC2/EBS, SQS, S3, SDB, and ACF Web Services'
   p.description = p.paragraphs_of('README.txt', 2..5).join("\n\n")
   p.url = p.paragraphs_of('README.txt', 0).first.split(/\n/)[1..-1]
   p.changes = p.paragraphs_of('History.txt', 0..1).join("\n\n")
   p.remote_rdoc_dir = "/right_aws_gem_doc"
-  p.extra_deps = [['right_http_connection','>= 1.2.1']]
+  p.extra_deps = [['right_http_connection','>= 1.2.4']]
   p.test_globs = testglobs 
 end
 

data/lib/acf/right_acf_interface.rb

@@ -198,7 +198,7 @@ module RightAws
     # Create a new distribution.
     # Returns the just created distribution or RightAws::AwsError exception.
     #
-    #  acf.create_distribution('bucket-for-k-dzreyev.s3.amazonaws.com', 'Woo-Hoo!', ['web1.my-awesome-site.net'] ) #=>
+    #  acf.create_distribution('bucket-for-k-dzreyev.s3.amazonaws.com', 'Woo-Hoo!', true, ['web1.my-awesome-site.net'] ) #=>
     #    {:comment            => "Woo-Hoo!",
     #     :enabled            => true,
     #     :location           => "https://cloudfront.amazonaws.com/2008-06-30/distribution/E2REJM3VUN5RSI",

data/lib/awsbase/right_awsbase.rb

@@ -27,9 +27,69 @@ module RightAws
   require 'pp'
   
   class AwsUtils #:nodoc:
-    @@digest = OpenSSL::Digest::Digest.new("sha1")
+    @@digest1   = OpenSSL::Digest::Digest.new("sha1")
+    @@digest256 = nil
+    if OpenSSL::OPENSSL_VERSION_NUMBER > 0x00908000
+      @@digest256 = OpenSSL::Digest::Digest.new("sha256") rescue nil # Some installation may not support sha256
+    end
+    
     def self.sign(aws_secret_access_key, auth_string)
-      Base64.encode64(OpenSSL::HMAC.digest(@@digest, aws_secret_access_key, auth_string)).strip
+      Base64.encode64(OpenSSL::HMAC.digest(@@digest1, aws_secret_access_key, auth_string)).strip
+    end
+
+    # Escape a string accordingly Amazon rulles
+    # http://docs.amazonwebservices.com/AmazonSimpleDB/2007-11-07/DeveloperGuide/index.html?REST_RESTAuth.html
+    def self.amz_escape(param)
+      param.to_s.gsub(/([^a-zA-Z0-9._~-]+)/n) do
+        '%' + $1.unpack('H2' * $1.size).join('%').upcase
+      end
+    end
+
+    # Set a timestamp and a signature version
+    def self.fix_service_params(service_hash, signature)
+      service_hash["Timestamp"] ||= Time.now.utc.strftime("%Y-%m-%dT%H:%M:%S.000Z") unless service_hash["Expires"]
+      service_hash["SignatureVersion"] = signature
+      service_hash
+    end
+
+    # Signature Version 0
+    # A deprecated guy (should work till septemper 2009)
+    def self.sign_request_v0(aws_secret_access_key, service_hash)
+      fix_service_params(service_hash, '0')
+      string_to_sign = "#{service_hash['Action']}#{service_hash['Timestamp'] || service_hash['Expires']}"
+      service_hash['Signature'] = AwsUtils::sign(aws_secret_access_key, string_to_sign)
+      service_hash.to_a.collect{|key,val| "#{amz_escape(key)}=#{amz_escape(val.to_s)}" }.join("&")
+    end
+
+    # Signature Version 1
+    # Another deprecated guy (should work till septemper 2009)
+    def self.sign_request_v1(aws_secret_access_key, service_hash)
+      fix_service_params(service_hash, '1')
+      string_to_sign = service_hash.sort{|a,b| (a[0].to_s.downcase)<=>(b[0].to_s.downcase)}.to_s
+      service_hash['Signature'] = AwsUtils::sign(aws_secret_access_key, string_to_sign)
+      service_hash.to_a.collect{|key,val| "#{amz_escape(key)}=#{amz_escape(val.to_s)}" }.join("&")
+    end
+
+    # Signature Version 2
+    # EC2, SQS and SDB requests must be signed by this guy.
+    # See:  http://docs.amazonwebservices.com/AmazonSimpleDB/2007-11-07/DeveloperGuide/index.html?REST_RESTAuth.html
+    #       http://developer.amazonwebservices.com/connect/entry.jspa?externalID=1928
+    def self.sign_request_v2(aws_secret_access_key, service_hash, http_verb, host, uri)
+      fix_service_params(service_hash, '2')
+      # select a signing method (make an old openssl working with sha1)
+      # make 'HmacSHA256' to be a default one
+      service_hash['SignatureMethod'] = 'HmacSHA256' unless ['HmacSHA256', 'HmacSHA1'].include?(service_hash['SignatureMethod'])
+      service_hash['SignatureMethod'] = 'HmacSHA1'   unless @@digest256
+      # select a digest
+      digest = (service_hash['SignatureMethod'] == 'HmacSHA256' ? @@digest256 : @@digest1)
+      # form string to sign
+      canonical_string = service_hash.keys.sort.map do |key|
+        "#{amz_escape(key)}=#{amz_escape(service_hash[key])}"
+      end.join('&')
+      string_to_sign = "#{http_verb.to_s.upcase}\n#{host.downcase}\n#{uri}\n#{canonical_string}"
+      # sign the string
+      signature      = amz_escape(Base64.encode64(OpenSSL::HMAC.digest(digest, aws_secret_access_key, string_to_sign)).strip)
+      "#{canonical_string}&Signature=#{signature}"
     end
 
     # From Amazon's SQS Dev Guide, a brief description of how to escape:
@@ -111,7 +171,7 @@ module RightAws
   end
 
   module RightAwsBaseInterface
-    DEFAULT_SIGNATURE_VERSION = '1'
+    DEFAULT_SIGNATURE_VERSION = '2'
     
     @@caching = false
     def self.caching
@@ -148,10 +208,20 @@ module RightAws
         if aws_access_key_id.blank? || aws_secret_access_key.blank?
       @aws_access_key_id     = aws_access_key_id
       @aws_secret_access_key = aws_secret_access_key
-      @params[:server]       ||= service_info[:default_host]
-      @params[:port]         ||= service_info[:default_port]
-      @params[:service]      ||= service_info[:default_service]
-      @params[:protocol]     ||= service_info[:default_protocol]
+      # if the endpoint was explicitly defined - then use it
+      if @params[:endpoint_url]
+        @params[:server]   = URI.parse(@params[:endpoint_url]).host
+        @params[:port]     = URI.parse(@params[:endpoint_url]).port
+        @params[:service]  = URI.parse(@params[:endpoint_url]).path
+        @params[:protocol] = URI.parse(@params[:endpoint_url]).scheme
+        @params[:region]   = nil
+      else
+        @params[:server]   ||= service_info[:default_host]
+        @params[:server]     = "#{@params[:region]}.#{@params[:server]}" if @params[:region]
+        @params[:port]     ||= service_info[:default_port]
+        @params[:service]  ||= service_info[:default_service]
+        @params[:protocol] ||= service_info[:default_protocol]
+      end
       @params[:multi_thread] ||= defined?(AWS_DAEMON)
       @logger = @params[:logger]
       @logger = RAILS_DEFAULT_LOGGER if !@logger && defined?(RAILS_DEFAULT_LOGGER)
@@ -162,6 +232,15 @@ module RightAws
       @signature_version = (params[:signature_version] || DEFAULT_SIGNATURE_VERSION).to_s
     end
 
+    def signed_service_params(aws_secret_access_key, service_hash, http_verb=nil, host=nil, service=nil )
+      case signature_version.to_s
+      when '0' then AwsUtils::sign_request_v0(aws_secret_access_key, service_hash)
+      when '1' then AwsUtils::sign_request_v1(aws_secret_access_key, service_hash)
+      when '2' then AwsUtils::sign_request_v2(aws_secret_access_key, service_hash, http_verb, host, service)
+      else raise AwsError.new("Unknown signature version (#{signature_version.to_s}) requested")
+      end
+    end
+
     # Returns +true+ if the describe_xxx responses are being cached 
     def caching?
       @params.key?(:cache) ? @params[:cache] : @@caching
@@ -592,8 +671,9 @@ module RightAws
       @xmlpath += @xmlpath.empty? ? name : "/#{name}"
     end
     def tag_end(name)
-      @xmlpath[/^(.*?)\/?#{name}$/]
-      @xmlpath = $1
+      if @xmlpath =~ /^(.*?)\/?#{name}$/
+        @xmlpath = $1
+      end
       tagend(name)
     end
     def text(text)

data/lib/ec2/right_ec2.rb

@@ -68,7 +68,7 @@ module RightAws
     include RightAwsBaseInterface
     
     # Amazon EC2 API version being used
-    API_VERSION       = "2008-08-08"
+    API_VERSION       = "2008-12-01"
     DEFAULT_HOST      = "ec2.amazonaws.com"
     DEFAULT_PATH      = '/'
     DEFAULT_PROTOCOL  = 'https'
@@ -100,7 +100,9 @@ module RightAws
     # Create a new handle to an EC2 account. All handles share the same per process or per thread
     # HTTP connection to Amazon EC2. Each handle is for a specific account. The params have the
     # following options:
+    # * <tt>:endpoint_url</tt> a fully qualified url to Amazon API endpoint (this overwrites: :server, :port, :service, :protocol and :region). Example: 'https://eu-west-1.ec2.amazonaws.com/'
     # * <tt>:server</tt>: EC2 service host, default: DEFAULT_HOST
+    # * <tt>:region</tt>: EC2 region (North America by default)
     # * <tt>:port</tt>: EC2 service port, default: DEFAULT_PORT
     # * <tt>:protocol</tt>: 'http' or 'https', default: DEFAULT_PROTOCOL
     # * <tt>:multi_thread</tt>: true=HTTP connection per thread, false=per process
@@ -120,24 +122,34 @@ module RightAws
            aws_access_key_id    || ENV['AWS_ACCESS_KEY_ID'] , 
            aws_secret_access_key|| ENV['AWS_SECRET_ACCESS_KEY'],
            params)
+      # EC2 doesn't really define any transient errors to retry, and in fact,
+      # when they return a 503 it is usually for 'request limit exceeded' which
+      # we most certainly should not retry.  So let's pare down the list of
+      # retryable errors to InternalError only (see RightAwsBase for the default
+      # list)
+      amazon_problems = ['InternalError']
     end
 
 
     def generate_request(action, params={}) #:nodoc:
-      service_hash = {"Action"            => action,
-                      "AWSAccessKeyId"    => @aws_access_key_id,
-                      "Version"           => @@api,
-                      "Timestamp"         => Time.now.utc.strftime("%Y-%m-%dT%H:%M:%S.000Z"),
-                      "SignatureVersion"  => signature_version }
+      service_hash = {"Action"         => action,
+                      "AWSAccessKeyId" => @aws_access_key_id,
+                      "Version"        => @@api }
       service_hash.update(params)
-      # prepare string to sign
-      string_to_sign = case signature_version
-                       when '0' then service_hash["Action"] + service_hash["Timestamp"]
-                       when '1' then service_hash.sort{|a,b| (a[0].to_s.downcase)<=>(b[0].to_s.downcase)}.to_s
-                       end
-      service_hash.update('Signature' =>  AwsUtils::sign(@aws_secret_access_key, string_to_sign))
-      request_params = service_hash.to_a.collect{|key,val| key + "=" + CGI::escape(val) }.join("&")
-      request        = Net::HTTP::Get.new("#{@params[:service]}?#{request_params}")
+      service_params = signed_service_params(@aws_secret_access_key, service_hash, :get, @params[:server], @params[:service])
+      
+      # use POST method if the length of the query string is too large
+      if service_params.size > 2000
+        if signature_version == '2'
+          # resign the request because HTTP verb is included into signature
+          service_params = signed_service_params(@aws_secret_access_key, service_hash, :post, @params[:server], @params[:service])
+        end
+        request      = Net::HTTP::Post.new(service)
+        request.body = service_params
+        request['Content-Type'] = 'application/x-www-form-urlencoded'
+      else
+        request        = Net::HTTP::Get.new("#{@params[:service]}?#{service_params}")
+      end
         # prepare output hash
       { :request  => request, 
         :server   => @params[:server],
@@ -521,7 +533,7 @@ module RightAws
           # Amazon 169.254.169.254 does not like escaped symbols!
           # And it doesn't like "\n" inside of encoded string! Grrr....
           # Otherwise, some of UserData symbols will be lost...
-        params['UserData'] = Base64.encode64(lparams[:user_data]).delete("\n") unless lparams[:user_data].blank?
+        params['UserData'] = Base64.encode64(lparams[:user_data]).delete("\n").strip unless lparams[:user_data].blank?
       end
       link = generate_request("RunInstances", params)
         #debugger
@@ -969,11 +981,13 @@ module RightAws
     # Describes availability zones that are currently available to the account and their states.
     # Returns an array of 2 keys (:zone_name and :zone_state) hashes:
     #
-    #  ec2.describe_availability_zones  #=> [{:zone_state=>"available", :zone_name=>"us-east-1a"}, 
-    #                                        {:zone_state=>"available", :zone_name=>"us-east-1b"}, 
-    #                                        {:zone_state=>"available", :zone_name=>"us-east-1c"}]
+    #  ec2.describe_availability_zones  #=> [{:region_name=>"us-east-1",
+    #                                         :zone_name=>"us-east-1a",
+    #                                         :zone_state=>"available"}, ... ]
     #
-    #  ec2.describe_availability_zones('us-east-1c') #=> [{:zone_state=>"available", :zone_name=>"us-east-1c"}]
+    #  ec2.describe_availability_zones('us-east-1c') #=> [{:region_name=>"us-east-1", 
+    #                                                      :zone_state=>"available",
+    #                                                      :zone_name=>"us-east-1c"}]
     #
     def describe_availability_zones(list=[])
       link = generate_request("DescribeAvailabilityZones", 
@@ -983,6 +997,23 @@ module RightAws
       on_exception
     end
 
+  #-----------------------------------------------------------------
+  #      Regions
+  #-----------------------------------------------------------------
+
+    # Describe regions.
+    #
+    #  ec2.describe_regions  #=> ["eu-west-1", "us-east-1"]
+    #
+    def describe_regions(list=[])
+      link = generate_request("DescribeRegions",
+                              hash_params('RegionName',list.to_a))
+      request_cache_or_info :describe_regions, link,  QEc2DescribeRegionsParser, @@bench, list.blank?
+    rescue Exception
+      on_exception
+    end
+
+
   #-----------------------------------------------------------------
   #      EBS: Volumes
   #-----------------------------------------------------------------
@@ -1133,6 +1164,45 @@ module RightAws
     rescue Exception
       on_exception
     end
+    
+    # Create a snapshot of specified volume, but with the normal retry algorithms disabled.
+    # This method will return immediately upon error.  The user can specify connect and read timeouts (in s)
+    # for the connection to AWS.  If the user does not specify timeouts, try_create_snapshot uses the default values
+    # in Rightscale::HttpConnection.
+    #
+    #  ec2.try_create_snapshot('vol-898a6fe0') #=> 
+    #      {:aws_volume_id  => "vol-fd9f7a94",
+    #       :aws_started_at => Tue Jun 24 18:40:40 UTC 2008,
+    #       :aws_progress   => "",
+    #       :aws_status     => "pending",
+    #       :aws_id         => "snap-d56783bc"}
+    #
+    def try_create_snapshot(volume_id, connect_timeout = nil, read_timeout = nil)
+      # For safety in the ensure block...we don't want to restore values 
+      # if we never read them in the first place
+      orig_reiteration_time = nil
+      orig_http_params = nil
+      
+      orig_reiteration_time = RightAws::AWSErrorHandler::reiteration_time
+      RightAws::AWSErrorHandler::reiteration_time = 0
+      
+      orig_http_params = Rightscale::HttpConnection::params()
+      new_http_params = orig_http_params.dup
+      new_http_params[:http_connection_retry_count] = 0
+      new_http_params[:http_connection_open_timeout] = connect_timeout if !connect_timeout.nil?
+      new_http_params[:http_connection_read_timeout] = read_timeout if !read_timeout.nil?
+      Rightscale::HttpConnection::params = new_http_params
+      
+      link = generate_request("CreateSnapshot", 
+                              "VolumeId" => volume_id.to_s)
+      request_info(link, QEc2CreateSnapshotParser.new(:logger => @logger))
+     
+    rescue Exception
+      on_exception
+    ensure
+      RightAws::AWSErrorHandler::reiteration_time = orig_reiteration_time if orig_reiteration_time
+      Rightscale::HttpConnection::params = orig_http_params if orig_http_params
+    end
 
     # Delete the specified snapshot.
     #
@@ -1527,8 +1597,9 @@ module RightAws
       end
       def tagend(name)
         case name
-        when 'zoneName'  then @zone[:zone_name]  = @text
-        when 'zoneState' then @zone[:zone_state] = @text
+        when 'regionName' then @zone[:region_name] = @text
+        when 'zoneName'   then @zone[:zone_name]   = @text
+        when 'zoneState'  then @zone[:zone_state]  = @text
         when 'item'      then @result << @zone
         end
       end
@@ -1537,6 +1608,19 @@ module RightAws
       end
     end
 
+  #-----------------------------------------------------------------
+  #      PARSERS: Regions
+  #-----------------------------------------------------------------
+
+    class QEc2DescribeRegionsParser < RightAWSParser #:nodoc:
+      def tagend(name)
+        @result << @text if name == 'regionName'
+      end
+      def reset
+        @result = []
+      end
+    end
+
   #-----------------------------------------------------------------
   #      PARSERS: EBS - Volumes
   #-----------------------------------------------------------------

data/lib/right_aws.rb

@@ -52,7 +52,7 @@ require 'acf/right_acf_interface'
 module RightAws #:nodoc:
   module VERSION #:nodoc:
     MAJOR = 1
-    MINOR = 9
+    MINOR = 10
     TINY  = 0
 
     STRING = [MAJOR, MINOR, TINY].join('.')

data/lib/s3/right_s3_interface.rb

@@ -32,6 +32,7 @@ module RightAws
     DEFAULT_HOST           = 's3.amazonaws.com'
     DEFAULT_PORT           = 443
     DEFAULT_PROTOCOL       = 'https'
+    DEFAULT_SERVICE        = '/'
     REQUEST_TTL            = 30
     DEFAULT_EXPIRES_AFTER  =   1 * 24 * 60 * 60 # One day's worth of seconds
     ONE_YEAR_IN_SECONDS    = 365 * 24 * 60 * 60
@@ -62,7 +63,8 @@ module RightAws
     def initialize(aws_access_key_id=nil, aws_secret_access_key=nil, params={})
       init({ :name             => 'S3', 
              :default_host     => ENV['S3_URL'] ? URI.parse(ENV['S3_URL']).host   : DEFAULT_HOST, 
-             :default_port     => ENV['S3_URL'] ? URI.parse(ENV['S3_URL']).port   : DEFAULT_PORT, 
+             :default_port     => ENV['S3_URL'] ? URI.parse(ENV['S3_URL']).port   : DEFAULT_PORT,
+             :default_service  => ENV['S3_URL'] ? URI.parse(ENV['S3_URL']).path   : DEFAULT_SERVICE,
              :default_protocol => ENV['S3_URL'] ? URI.parse(ENV['S3_URL']).scheme : DEFAULT_PROTOCOL }, 
            aws_access_key_id     || ENV['AWS_ACCESS_KEY_ID'], 
            aws_secret_access_key || ENV['AWS_SECRET_ACCESS_KEY'], 
@@ -108,29 +110,34 @@ module RightAws
       end
       true
     end
-    
-      # Generates request hash for REST API.
-      # Assumes that headers[:url] is URL encoded (use CGI::escape)
-    def generate_rest_request(method, headers)  # :nodoc:
+
+    def fetch_request_params(headers) #:nodoc:
       # default server to use
-      server = @params[:server]
-      # fix path
-      path_to_sign = headers[:url]
-      path_to_sign = "/#{path_to_sign}" unless path_to_sign[/^\//]
+      server  = @params[:server]
+      service = @params[:service].to_s
+      service.chop! if service[%r{/$}] # remove trailing '/' from service
       # extract bucket name and check it's dns compartibility
-      path_to_sign[%r{^/([a-z0-9._-]*)(/[^?]*)?(\?.+)?}i]
+      headers[:url].to_s[%r{^([a-z0-9._-]*)(/[^?]*)?(\?.+)?}i]
       bucket_name, key_path, params_list = $1, $2, $3
       # select request model
       if is_dns_bucket?(bucket_name)
-        # add backet to a server name
+        # fix a path
         server = "#{bucket_name}.#{server}"
-        # remove bucket from the path
-        path = "#{key_path || '/'}#{params_list}"
-        # refactor the path (add '/' before params_list if the key is empty)
-        path_to_sign = "/#{bucket_name}#{path}"
+        key_path ||= '/'
+        path = "#{service}#{key_path}#{params_list}"
       else
-        path = path_to_sign
+        path = "#{service}/#{bucket_name}#{key_path}#{params_list}"
       end
+      path_to_sign = "#{service}/#{bucket_name}#{key_path}#{params_list}"
+#      path_to_sign = "/#{bucket_name}#{key_path}#{params_list}"
+      [ server, path, path_to_sign ]
+    end
+
+      # Generates request hash for REST API.
+      # Assumes that headers[:url] is URL encoded (use CGI::escape)
+    def generate_rest_request(method, headers)  # :nodoc:
+        # calculate request data
+      server, path, path_to_sign = fetch_request_params(headers)
       data = headers[:data]
         # remove unset(==optional) and symbolyc keys
       headers.each{ |key, value| headers.delete(key) if (value.nil? || key.is_a?(Symbol)) }
@@ -808,26 +815,9 @@ module RightAws
 
       # Generates link for QUERY API
     def generate_link(method, headers={}, expires=nil) #:nodoc:
-      # default server to use
-      server = @params[:server]
-      # fix path
-      path_to_sign = headers[:url]
-      path_to_sign = "/#{path_to_sign}" unless path_to_sign[/^\//]
-      # extract bucket name and check it's dns compartibility
-      path_to_sign[%r{^/([a-z0-9._-]*)(/[^?]*)?(\?.+)?}i]
-      bucket_name, key_path, params_list = $1, $2, $3
-      # select request model
-      if is_dns_bucket?(bucket_name)
-        # add backet to a server name
-        server = "#{bucket_name}.#{server}"
-        # remove bucket from the path
-        path = "#{key_path || '/'}#{params_list}"
-        # refactor the path (add '/' before params_list if the key is empty)
-        path_to_sign = "/#{bucket_name}#{path}"
-      else
-        path = path_to_sign
-      end
-       # expiration time
+        # calculate request data
+      server, path, path_to_sign = fetch_request_params(headers)
+        # expiration time
       expires ||= DEFAULT_EXPIRES_AFTER
       expires   = Time.now.utc + expires if expires.is_a?(Fixnum) && (expires < ONE_YEAR_IN_SECONDS)
       expires   = expires.to_i
@@ -890,7 +880,7 @@ module RightAws
       #  s3.put_link('my_awesome_bucket',key, object) #=> url string
       #
     def put_link(bucket, key, data=nil, expires=nil, headers={})
-      generate_link('PUT', headers.merge(:url=>"#{bucket}/#{CGI::escape key}", :data=>data), expires)
+      generate_link('PUT', headers.merge(:url=>"#{bucket}/#{AwsUtils::URLencode key}", :data=>data), expires)
     rescue
       on_exception
     end
@@ -908,7 +898,7 @@ module RightAws
       #
       # see http://docs.amazonwebservices.com/AmazonS3/2006-03-01/VirtualHosting.html
     def get_link(bucket, key, expires=nil, headers={})
-      generate_link('GET', headers.merge(:url=>"#{bucket}/#{CGI::escape key}"), expires)
+      generate_link('GET', headers.merge(:url=>"#{bucket}/#{AwsUtils::URLencode key}"), expires)
     rescue
       on_exception
     end
@@ -918,7 +908,7 @@ module RightAws
       #  s3.head_link('my_awesome_bucket',key) #=> url string
       #
     def head_link(bucket, key, expires=nil,  headers={})
-      generate_link('HEAD', headers.merge(:url=>"#{bucket}/#{CGI::escape key}"), expires)
+      generate_link('HEAD', headers.merge(:url=>"#{bucket}/#{AwsUtils::URLencode key}"), expires)
     rescue
       on_exception
     end
@@ -928,7 +918,7 @@ module RightAws
       #  s3.delete_link('my_awesome_bucket',key) #=> url string
       #
     def delete_link(bucket, key, expires=nil, headers={})
-      generate_link('DELETE', headers.merge(:url=>"#{bucket}/#{CGI::escape key}"), expires)
+      generate_link('DELETE', headers.merge(:url=>"#{bucket}/#{AwsUtils::URLencode key}"), expires)
     rescue
       on_exception
     end
@@ -939,7 +929,7 @@ module RightAws
       #  s3.get_acl_link('my_awesome_bucket',key) #=> url string
       #
     def get_acl_link(bucket, key='', headers={})
-      return generate_link('GET', headers.merge(:url=>"#{bucket}/#{CGI::escape key}?acl"))
+      return generate_link('GET', headers.merge(:url=>"#{bucket}/#{AwsUtils::URLencode key}?acl"))
     rescue
       on_exception
     end
@@ -949,7 +939,7 @@ module RightAws
       #  s3.put_acl_link('my_awesome_bucket',key) #=> url string
       #
     def put_acl_link(bucket, key='', headers={})
-      return generate_link('PUT', headers.merge(:url=>"#{bucket}/#{CGI::escape key}?acl"))
+      return generate_link('PUT', headers.merge(:url=>"#{bucket}/#{AwsUtils::URLencode key}?acl"))
     rescue
       on_exception
     end