right_aws_api 0.1.0 → 0.2.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 113d86af588e3e120100ac9a99ca962f716e8ee9
-  data.tar.gz: 50cece7801a4993dff77168a339fed0bfff64a3d
+  metadata.gz: 5329a8cc0261eacfd9bf681412e9064185934f7e
+  data.tar.gz: f6d75ece8c71660a0e6c465827083c1e655ca385
 SHA512:
-  metadata.gz: 2abec6e84d93498ea70d7299814becc689deab4a63b9b3f0f8b5324a1ed71a26c4bbf25b5b71e14177e541c74aebaa2752e4ae6afe08c93fc7737a096b073b20
-  data.tar.gz: 1b661a9ed16de1e9ee55e5e39d95165856b5fef65450703accf71822e1c18759b58c65137cdad6aa5dd366d00d6b6f260244ded69959e2ef17727d24e5cd0c27
+  metadata.gz: 4b6aa4f90078247eae455daf5e90d71323ea0dcf74f224885b4fb89f4beac77da3c7448f9e849e5253ed6d8019c7d97afa58164916f3ed9038143acb74ab129c
+  data.tar.gz: fddd2af29aa08ce0f364b69a45fb177f08799c6f28dc20ef03c47329ee8273e881bad92dad36bc42b8f6cc7c05246fbc80fecb65adb12b8573e313acc78c67cc

data/lib/cloud/aws/s3/link/manager.rb

@@ -0,0 +1,70 @@
+#--
+# Copyright (c) 2014 RightScale, Inc.
+#
+# Permission is hereby granted, free of charge, to any person obtaining
+# a copy of this software and associated documentation files (the
+# 'Software'), to deal in the Software without restriction, including
+# without limitation the rights to use, copy, modify, merge, publish,
+# distribute, sublicense, and/or sell copies of the Software, and to
+# permit persons to whom the Software is furnished to do so, subject to
+# the following conditions:
+#
+# The above copyright notice and this permission notice shall be
+# included in all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+# IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
+# CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
+# TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
+# SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+#++
+
+require "cloud/aws/s3/manager"
+require "cloud/aws/s3/link/routines/request_signer"
+require "cloud/aws/s3/link/wrappers/default"
+
+module RightScale
+  module CloudApi
+    module AWS
+      module S3
+
+        # Simple Storage Service Query API link namespace
+        #
+        # @api public
+        #
+        module Link
+
+          # S3 Query API links manager
+          #
+          # @example
+          #   link = RightScale::CloudApi::AWS::S3::Link::Manager::new(key, secret, endpoint)
+          #   link.get(
+          #     'devs-us-east/kd/Константин',
+          #     :params => { 'response-content-type' => 'image/peg'}
+          #   ) #=>
+          #     https://devs-us-east.s3.amazonaws.com/kd%2F%D0%9A%D0%BE%D0%BD%D1%81%D1%82%D0%B0%
+          #     D0%BD%D1%82%D0%B8%D0%BD?AWSAccessKeyId=AK...TA&Expires=1436557118&
+          #     Signature=hg...%3D&response-content-type=image%2Fpeg
+          #
+          # @example
+          #   link.ListAllMyBuckets#=>
+          #     https://s3.amazonaws.com/?AWSAccessKeyId=AK...TA&Expires=1436651780&
+          #     Signature=XK...53s%3D
+          #
+          class Manager < S3::Manager
+          end
+
+          class ApiManager < S3::ApiManager
+            set_routine CloudApi::RequestInitializer
+            set_routine AWS::S3::Link::RequestSigner
+
+            include Mixin::QueryApiPatterns
+          end
+        end
+
+      end
+    end
+  end
+end

data/lib/cloud/aws/s3/link/routines/request_signer.rb

@@ -0,0 +1,109 @@
+#--
+# Copyright (c) 2013 RightScale, Inc.
+#
+# Permission is hereby granted, free of charge, to any person obtaining
+# a copy of this software and associated documentation files (the
+# 'Software'), to deal in the Software without restriction, including
+# without limitation the rights to use, copy, modify, merge, publish,
+# distribute, sublicense, and/or sell copies of the Software, and to
+# permit persons to whom the Software is furnished to do so, subject to
+# the following conditions:
+#
+# The above copyright notice and this permission notice shall be
+# included in all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+# IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
+# CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
+# TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
+# SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+#++
+
+module RightScale
+  module CloudApi
+    module AWS
+      module S3
+        module Link
+
+          # S3 Request signer
+          class RequestSigner < S3::RequestSigner
+
+
+            # Authenticates an S3 request
+            #
+            # @return [void]
+            #
+            # @example
+            #  # no example
+            #
+            def process
+              fail Error::new("Only GET method is supported") unless @data[:request][:verb] == :get
+              fail Error::new("Body must be blank")           unless @data[:request][:body]._blank?
+              fail Error::new("Headers must be blank")        unless @data[:request][:headers]._blank?
+
+              uri        = @data[:connection][:uri]
+              access_key = @data[:credentials][:aws_access_key_id]
+              secret_key = @data[:credentials][:aws_secret_access_key]
+              bucket     = @data[:request][:bucket]
+              object     = @data[:request][:relative_path]
+              params     = @data[:request][:params]
+              verb       = @data[:request][:verb]
+
+              bucket, object = compute_bucket_name_and_object_path(bucket, object)
+              uri            = compute_host(bucket, uri)
+
+              compute_params!(params, access_key)
+
+              # Set Auth param
+              signature = compute_signature(secret_key, verb, bucket, object, params)
+              params['Signature'] = signature
+
+              # Compute href
+              path                = compute_path(bucket, object, params)
+              uri.path, uri.query = path.split('?')
+              @data[:result]      = uri.to_s
+
+              # Set completion flag
+              @data[:vars][:system][:done] = true
+            end
+
+
+            # Sets response params
+            #
+            # @param [Hash] params
+            #
+            # @return [Hash]
+            #
+            def compute_params!(params, access_key)
+              # Expires
+              expires   = params['Expires']
+              expires ||= Time.now.utc.to_i + ONE_YEAR_OF_SECONDS
+              expires   = expires.to_i unless expires.is_a?(Fixnum)
+              params['Expires']        = expires
+              params['AWSAccessKeyId'] = access_key
+              params
+            end
+
+
+            # Computes signature
+            #
+            # @param [String] secret_key
+            # @param [String] verb
+            # @param [String] bucket
+            # @param [Hash]   params
+            #
+            # @return [String]
+            #
+            def compute_signature(secret_key, verb, bucket, object, params)
+              can_path = compute_canonicalized_path(bucket, object, params)
+              Utils::AWS::sign_s3_signature(secret_key, verb, can_path, { 'expires' => params['Expires'] })
+            end
+          end
+
+        end
+      end
+    end
+  end
+end

data/lib/cloud/aws/s3/link/wrappers/default.rb

@@ -0,0 +1,40 @@
+#--
+# Copyright (c) 2014 RightScale, Inc.
+#
+# Permission is hereby granted, free of charge, to any person obtaining
+# a copy of this software and associated documentation files (the
+# 'Software'), to deal in the Software without restriction, including
+# without limitation the rights to use, copy, modify, merge, publish,
+# distribute, sublicense, and/or sell copies of the Software, and to
+# permit persons to whom the Software is furnished to do so, subject to
+# the following conditions:
+#
+# The above copyright notice and this permission notice shall be
+# included in all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+# IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
+# CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
+# TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
+# SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+#++
+
+require "cloud/aws/s3/wrappers/default"
+
+module RightScale
+  module CloudApi
+    module AWS
+      module S3
+        module Link
+          # S3 Link Wrapper namespace
+          module Wrapper
+            # Default wrapper
+            DEFAULT = S3::Wrapper::DEFAULT
+          end
+        end
+      end
+    end
+  end
+end

data/lib/cloud/aws/s3/manager.rb

@@ -45,7 +45,7 @@ module RightScale
         #
         # @example
         #  # -- Using HTTP verb methods --
-        #  
+        #
         #  # List all buckets
         #  s3.get
         #
@@ -142,7 +142,7 @@ module RightScale
         #               :headers => {'content-type' => 'image/jpeg'})
         #
         # @example
-        #  
+        #
         #  # List all buckets
         #  s3.ListAllMyBuckets #=>
         #    {"ListAllMyBucketsResult"=>
@@ -179,7 +179,7 @@ module RightScale
         #         "Size"=>"3257230",
         #         "Key"=>"kd/boot.jpg"},
         #       "@xmlns"=>"http://s3.amazonaws.com/doc/2006-03-01/",
-        #       "Prefix"=>"kd"}}        
+        #       "Prefix"=>"kd"}}
         #
         #
         # @example
@@ -279,21 +279,19 @@ module RightScale
         #
         #
         # @example
-        #  # Get a link to ListAllMyBuckets action
-        #  s3.ListAllMyBuckets(:options=>{:cloud=>{:link=>true}}) #=> 
-        #    {"verb"   => "get",
-        #     "link"   => "https://s3.amazonaws.com/?AWSAccessKeyId=0K4QH...G2&Expires=1426111071&Signature=vLMH...3D",
-        #     "headers"=> {"host"=>["s3.amazonaws.com"]}}
-        #
-        #  # If you need to get a bunch of links you can use with_options helper method:
-        #  opts = {:headers => {'expires' => Time.now + 3600}}
-        #  s3.with_options(:cloud=>{:link => true}) do
-        #    pp s3.GetObject({'Bucket'=>'my-bucket', 'Object'=>'kd/kd0.test', 'versionId'=>"00eYZeb291o4"}, opts)
-        #    pp s3.GetObject({'Bucket'=>'my-bucket', 'Object'=>'kd/kd1.test', 'versionId'=>"fafaf1obp1W4"}, opts)
-        #    pp s3.GetObject({'Bucket'=>'my-bucket', 'Object'=>'kd/kd2.test', 'versionId'=>"00asdTebp1W4"}, opts)
-        #    pp s3.GetObject({'Bucket'=>'my-bucket', 'Object'=>'kd/kd3.test', 'versionId'=>"0lkjreobp1W4"}, opts)
-        #  end
+        #   link = RightScale::CloudApi::AWS::S3::Link::Manager::new(key, secret, endpoint)
+        #   link.get(
+        #     'devs-us-east/kd/Константин',
+        #     :params => { 'response-content-type' => 'image/peg'}
+        #   ) #=>
+        #     'https://devs-us-east.s3.amazonaws.com/kd%2F%D0%9A%D0%BE%D0%BD%D1%81%D1%82%D0%B0%
+        #      D0%BD%D1%82%D0%B8%D0%BD?AWSAccessKeyId=AK...TA&Expires=1436557118&
+        #      Signature=hg...%3D&response-content-type=image%2Fpeg'
         #
+        # @example
+        #   link.ListAllMyBuckets #=>
+        #     'https://s3.amazonaws.com/?AWSAccessKeyId=AK...TA&Expires=1436651780&
+        #      Signature=XK...53s%3D'
         #
         # @see ApiManager
         # @see Wrapper::DEFAULT.extended Wrapper::DEFAULT.extended (click [View source])
@@ -365,8 +363,8 @@ module RightScale
             raise Error::new("Opts must be Hash not #{opts.class.name}") unless opts.is_a?(Hash)
             process_api_request(verb, relative_path, opts, &block)
           end
-          
         end
+
       end
     end
   end

data/lib/cloud/aws/s3/routines/request_signer.rb

@@ -55,17 +55,18 @@ module RightScale
 
 
           # Using Query String API Amazon allows to override some of response headers:
-          # 
+          #
           # response-content-type response-content-language response-expires
           # reponse-cache-control response-content-disposition response-content-encoding
-          # 
+          #
           # @see http://docs.amazonwebservices.com/AmazonS3/latest/API/RESTObjectGET.html?r=2145
           #
-          OVERRIDE_RESPONSE_HEADERS = /^response-/ 
+          OVERRIDE_RESPONSE_HEADERS = /^response-/
 
           # One year in seconds
           ONE_YEAR_OF_SECONDS = 365*60*60*24
-          
+
+
           # Authenticates an S3 request
           #
           # @return [void]
@@ -74,169 +75,215 @@ module RightScale
           #  # no example
           #
           def process
-            # Extract sub-resource(s).
-            # Sub-resources are acl, torrent, versioning, location etc.
-            sub_resources = {}
-            @data[:request][:params].each do |key, value|
-              sub_resources[key] = (value._blank? ? nil : value) if SUB_RESOURCES.include?(key) || key[OVERRIDE_RESPONSE_HEADERS]
-            end
+            uri        = @data[:connection][:uri]
+            access_key = @data[:credentials][:aws_access_key_id]
+            secret_key = @data[:credentials][:aws_secret_access_key]
+            body       = @data[:request][:body]
+            bucket     = @data[:request][:bucket]
+            headers    = @data[:request][:headers]
+            object     = @data[:request][:relative_path]
+            params     = @data[:request][:params]
+            verb       = @data[:request][:verb]
+
+            bucket, object = compute_bucket_name_and_object_path(bucket, object)
+            body           = compute_body(body, headers['content-type'])
+            uri            = compute_host(bucket, uri)
+
+            compute_headers!(headers, body, uri.host)
+
+            # Set Authorization header
+            signature = compute_signature(access_key, secret_key, verb, bucket, object, params, headers)
+            headers['authorization'] = "AWS #{access_key}:#{signature}"
+
+            @data[:request][:body]           = body
+            @data[:request][:bucket]         = bucket
+            @data[:request][:headers]        = headers
+            @data[:request][:params]         = params
+            @data[:request][:path]           = compute_path(bucket, object, params)
+            @data[:request][:relative_path]  = object
+            @data[:connection][:uri] = uri
+          end
 
-            # Extract bucket name and object path
-            if @data[:request][:bucket]._blank?
-              # This is a very first attempt:
-              # 1. extract the bucket name from the path
-              # 2. save the bucket into request data vars
-              bucket_name, @data[:request][:relative_path] = @data[:request][:relative_path].to_s[/^([^\/]*)\/?(.*)$/] && [$1, $2]
-              @data[:request][:bucket] = bucket_name
-              # Static path is the path that the original URL has.
-              # 1. For Amazon it is always ''.
-              # 2. For Euca it is usually a non-blank string.
-              static_path = @data[:connection][:uri].path
-              # Add trailing '/' to the path unless it is.
-              static_path = "#{static_path}/" unless static_path[/\/$/]
-              # Store the path: we may need it for signing redirects later.
-              @data[:request][:static_path] = static_path
-            else
-              # This is a retry or a redirect:
-              # 1. Extract the bucket name from the request data;
-              # 2. Get rid of the path the remote server sent in the location header. We are
-              #    re-signing the request and have to build everything from the scratch.
-              #    In the crazy case when the new location has path differs from the original one
-              #    we are screwed up and we will get "SignatureDoesNotMatch" error. But this does
-              #    not seem to be the case for Amazon or Euca.
-              bucket_name = @data[:request][:bucket]
-              # Revert static path back to the original value.
-              static_path = @data[:request][:static_path]
-              @data[:connection][:uri].path = static_path
+
+          # Returns a list of  sub-resource(s)
+          #
+          # Sub-resources are acl, torrent, versioning, location, etc. See SUB_RESOURCES
+          #
+          # @return [Hash]
+          #
+          def get_subresources(params)
+            result = {}
+            params.each do |key, value|
+              next unless SUB_RESOURCES.include?(key) || key[OVERRIDE_RESPONSE_HEADERS]
+              result[key] = (value._blank? ? nil : value)
             end
+            result
+          end
+
+
+          # Returns canonicalized bucket
+          #
+          # @param [String] bucket
+          #
+          # @return [String]
+          #
+          # @example
+          #   # DNS bucket
+          #   compute_canonicalized_bucket('foo-bar') #=> 'foo-bar/'
+          #
+          # @example
+          #   # non DNS bucket
+          #   compute_canonicalized_bucket('foo_bar') #=> 'foo_bar'
+          #
+          def compute_canonicalized_bucket(bucket)
+            bucket += '/' if Utils::AWS::is_dns_bucket?(bucket)
+            bucket
+          end
+
 
-            # Escape that part of the path that may have UTF-8 chars (in S3 Object name for instance).
+          # Returns canonicalized path
+          #
+          # @param [String] bucket
+          # @param [String] relative_path
+          # @param [Hash]   params
+          #
+          # @return [String]
+          #
+          # @example
+          #   params = { 'Foo' => 1, 'acl' => '2', 'response-content-type' => 'jpg' }
+          #   compute_canonicalized_path('foo-bar_bucket', 'a/b/c/d.jpg', params)
+          #     #=> '/foo-bar_bucket/a/b/c/d.jpg?acl=3&response-content-type=jpg'
+          #
+          def compute_canonicalized_path(bucket, relative_path, params)
+            can_bucket = compute_canonicalized_bucket(bucket)
+            sub_params = get_subresources(params)
+            # We use the block below to avoid escaping: Amazon does not like escaped bucket and '/'
+            # in canonicalized path (relative path has been escaped above already)
+            Utils::join_urn(can_bucket, relative_path, sub_params) { |value| value }
+          end
+
+
+          # Extracts S3 bucket name and escapes relative path
+          #
+          # @param [String] bucket
+          # @param [String] relative_path
+          #
+          # @return [Array]  [bucket, escaped_relative_path]
+          #
+          # @example
+          #   subject.compute_bucket_name_and_object_path(nil, 'my-test-bucket/foo/bar/банана.jpg') #=>
+          #     ['my-test-bucket', 'foo%2Fbar%2F%D0%B1%D0%B0%D0%BD%D0%B0%D0%BD%D0%B0.jpg']
+          #
+          def compute_bucket_name_and_object_path(bucket, relative_path)
+            return [bucket, relative_path] if bucket
+            # This is a very first attempt:
+            relative_path.to_s[/^([^\/]*)\/?(.*)$/]
+            # Escape part of the path that may have UTF-8 chars (in S3 Object name for instance).
             # Amazon wants them to be escaped before we sign the request.
-            #
-            # P.S. Escape AFTER we extract bucket name.
-            @data[:request][:relative_path] = Utils::AWS::amz_escape(@data[:request][:relative_path])
-
-            # Calculate a canonical path (bucket part must end with '/')
-            bucket_string      = Utils::AWS::is_dns_bucket?(bucket_name) ? "#{bucket_name}/" : bucket_name.to_s
-            canonicalized_path = Utils::join_urn(static_path,
-                                                 bucket_string,
-                                                 @data[:request][:relative_path],
-                                                 sub_resources ){ |value| value } # pass this block to avoid escaping: Amazon does not like escaped things in canonicalized_path
-
-            # Make sure headers required for authentication are set
-            unless @data[:options][:cloud][:link]
-              # Make sure 'content-type' is set.
-              # P.S. Ruby 2.1+ sets 'content-type' by default for POST and PUT requests.
-              #      So we need to include it into our signature to avoid the error below:
-              #      'The request signature we calculated does not match the signature you provided.
-              #       Check your key and signing method.'
-              @data[:request][:headers].set_if_blank('content-type', 'application/octet-stream')
-              # REST Auth:
-              unless @data[:request][:body]._blank?
-                # Fix body if it is a Hash instance
-                if @data[:request][:body].is_a?(Hash)
-                  @data[:request][:body] = Utils::contentify_body(@data[:request][:body], @data[:request][:headers]['content-type'])
-                end
-                # Calculate 'content-md5' when possible (some API calls wanna have it set)
-                if @data[:request][:body].is_a?(String)
-                  @data[:request][:headers]['content-md5'] = Base64::encode64(Digest::MD5::digest(@data[:request][:body])).strip
-                end
-              end
-              # Set date
-              @data[:request][:headers].set_if_blank('date', Time::now.utc.httpdate)
-              # Sign a request
-              signature = Utils::AWS::sign_s3_signature( @data[:credentials][:aws_secret_access_key],
-                                                         @data[:request][:verb],
-                                                         canonicalized_path,
-                                                         @data[:request][:headers])
-              @data[:request][:headers]['authorization'] = "AWS #{@data[:credentials][:aws_access_key_id]}:#{signature}"
-            else
-              # @see http://docs.amazonwebservices.com/AmazonS3/latest/dev/RESTAuthentication.html
-              #
-              # Amazon: ... We assume that when a browser makes the GET request, it won't provide a Content-MD5 or a Content-Type header,
-              #  nor will it set any x-amz- headers, so those parts of the StringToSign are left blank. ...
-              #
-              # Only GET requests!
-              raise Error::new("Only GET requests are supported by S3 Query String API") unless @data[:request][:verb] == :get
-              # Expires
-              expires = Utils::dearrayify(@data[:request][:headers]['expires'].first || (Time.now.utc.to_i + ONE_YEAR_OF_SECONDS))
-              expires = expires.to_i unless expires.is_a?(Fixnum)
-              # QUERY STRING AUTH: ('expires' and 'x-amz-*' headers are not supported)
-              @data[:request][:params]['Expires']  = expires
-              @data[:request][:headers]['expires'] = expires # a hack to sign a record
-              @data[:request][:headers].dup.each do |header, values|
-                @data[:request][:headers].delete(header) unless header.to_s[/(^x-amz-)|(^expires$)/]
-              end
-              @data[:request][:params]['AWSAccessKeyId'] = @data[:credentials][:aws_access_key_id]
-              # Sign a request
-              signature = Utils::AWS::sign_s3_signature( @data[:credentials][:aws_secret_access_key],
-                                                         @data[:request][:verb],
-                                                         canonicalized_path,
-                                                         @data[:request][:headers] )
-              @data[:request][:params]['Signature'] = signature
-              # we dont need this header any more
-              @data[:request][:headers].delete('expires')
-            end
+            [ $1, Utils::AWS::amz_escape($2) ]
+          end
 
-            # Sub-domain compatible buckets vs incompatible ones
-            if !@data[:options][:cloud][:no_subdomains] && Utils::AWS::is_dns_bucket?(bucket_name)
-              # DNS compatible bucket name:
-              #
-              # Figure out if we need to add bucket name into the host name. It is rediculous but
-              # sometimes Amazon returns a redirect to a host with the bucket name already mixed in
-              # but sometimes without.
-              # The only thing we can do so far is to check if the host name starts with the bucket
-              # and the name is at least 4th level DNS name.
-              #
-              # Examples:
-              #   * my-bucket.s3-ap-southeast-2.amazonaws.com
-              #   * my-bucket.s3.amazonaws.com
-              #   * s3.amazonaws.com
-              #
-              # P.S. This assumtion will not work for any other providers but we will figure it out later
-              #      if we support any. The only other provider we support is Eucalyptus but it always
-              #      expects that the bucket goes into path and never into the host therefore we are
-              #      OK with Euca (Euca is expected to be run with :no_subdomains => true).
-              #
-              unless @data[:connection][:uri].host[/^#{bucket_name}\..+\.[^.]+\.[^.]+$/]
-                # If there was a redirect and it had 'location' header then there is nothing to do with the host
-                # otherwise we have to add the bucket to the host.
-                # P.S. When Amazon returns a redirect (usually 301) with the new host in the message body
-                # the new host does not have the bucket name in it. But if it is 307 and the host is in the location
-                # header then that host name already includes the bucket in it. Grrrr....
-                @data[:connection][:uri].host = "#{bucket_name}.#{@data[:connection][:uri].host}"
-              end
-              @data[:request][:path] = Utils::join_urn( @data[:connection][:uri].path,
-                                                        @data[:request][:relative_path],
-                                                        @data[:request][:params] )
-            else
-              # Old incompatible or Eucalyptus
-              @data[:request][:path] = Utils::join_urn( @data[:connection][:uri].path,
-                                                        "#{bucket_name}",
-                                                        @data[:request][:relative_path],
-                                                        @data[:request][:params] )
-            end
 
-            # Host should be set for REST requests (and should not affect on Query String ones)
-            @data[:request][:headers]['host'] = @data[:connection][:uri].host
-
-            # Finalize data
-            if @data[:options][:cloud][:link]
-              # Amazon supports only some GET requests without body and any headers:
-              # Return the link
-              uri = @data[:connection][:uri].clone
-              uri.path, uri.query = @data[:request][:path].split('?')
-              @data[:result] = {
-                "verb"    => @data[:request][:verb].to_s,
-                "link"    => uri.to_s,
-                "headers" => @data[:request][:headers]
-              }
-              # Query Auth:we should stop here because we just generated a link for the third part usage
-              @data[:vars][:system][:done]   = true
-            end
+          # Figure out if we need to add bucket name into the host name
+          #
+          # If there was a redirect and it had 'location' header then there is nothing to do
+          # with the host, otherwise we have to add the bucket to the host.
+          #
+          # P.S. When Amazon returns a redirect (usually 301) with the new host in the message
+          # body, the new host does not have the bucket name in it. But if it is 307 and the
+          # host is in the location header then that host name already includes the bucket in it.
+          # The only thing we can do so far is to check if the host name starts with the bucket
+          # and the name is at least 4th level DNS name.
+          #
+          # Examples:
+          #   * my-bucket.s3-ap-southeast-2.amazonaws.com
+          #   * my-bucket.s3.amazonaws.com
+          #   * s3.amazonaws.com
+          #
+          # @param [String] bucket
+          # @param [URI]    uri
+          #
+          # @return [URI]
+          #
+          def compute_host(bucket, uri)
+            return uri unless Utils::AWS::is_dns_bucket?(bucket)
+            return uri if uri.host[/^#{bucket}\..+\.[^.]+\.[^.]+$/]
+            uri.host = "#{bucket}.#{uri.host}"
+            uri
           end
-        end
 
+
+          # Returns response body
+          #
+          # @param [Object] body
+          # @param [String] content_type
+          #
+          # @return [Object]
+          #
+          def compute_body(body, content_type)
+            return body if body._blank?
+            # Make sure it is a String instance
+            return body unless body.is_a?(Hash)
+            Utils::contentify_body(body, content_type)
+          end
+
+
+          # Sets response headers
+          #
+          # @param [Hash]   headers
+          # @param [String] body
+          # @param [String] host
+          #
+          # @return [Hash]
+          #
+          def compute_headers!(headers, body, host)
+            # Make sure 'content-type' is set.
+            # P.S. Ruby 2.1+ sets 'content-type' by default for POST and PUT requests.
+            #      So we need to include it into our signature to avoid the error below:
+            #      'The request signature we calculated does not match the signature you provided.
+            #       Check your key and signing method.'
+            headers.set_if_blank('content-type', 'application/octet-stream')
+            headers.set_if_blank('date', Time::now.utc.httpdate)
+            headers['content-md5'] = Base64::encode64(Digest::MD5::digest(body)).strip if !body._blank?
+            headers['host']        = host
+            headers
+          end
+
+
+          # Computes signature
+          #
+          # @param [String] access_key
+          # @param [String] secret_key
+          # @param [String] verb
+          # @param [String] bucket
+          # @param [Hash]   params
+          # @param [Hash]   headers
+          #
+          # @return [String]
+          #
+          def compute_signature(access_key, secret_key, verb, bucket, object, params, headers)
+            can_path  = compute_canonicalized_path(bucket, object, params)
+            Utils::AWS::sign_s3_signature(secret_key, verb, can_path, headers)
+          end
+
+
+          # Builds request path
+          #
+          # @param [String] bucket
+          # @param [String] object
+          # @param [Hash]   params
+          #
+          # @return [String]
+          #
+          def compute_path(bucket, object, params)
+            data = []
+            data << bucket unless Utils::AWS::is_dns_bucket?(bucket)
+            data << object
+            data << params
+            Utils::join_urn(*data)
+          end
+
+        end
       end
     end
   end

data/lib/right_aws_api.rb

@@ -40,6 +40,7 @@ require "cloud/aws/iam/manager"
 require "cloud/aws/rds/manager"
 require "cloud/aws/route53/manager"
 require "cloud/aws/s3/manager"
+require "cloud/aws/s3/link/manager"
 require "cloud/aws/sdb/manager"
 require "cloud/aws/sns/manager"
 require "cloud/aws/sqs/manager"

data/lib/right_aws_api_version.rb

@@ -33,7 +33,7 @@ module RightScale
       # Gem version namespace
       module VERSION
         # Current version
-        STRING = '0.1.0'
+        STRING = '0.2.0'
       end
     end
   end

data/right_aws_api.gemspec

@@ -38,6 +38,7 @@ Gem::Specification.new do |spec|
   spec.add_dependency 'right_cloud_api_base', '>= 0.1.0'
 
   spec.add_development_dependency 'rake'
+  spec.add_development_dependency 'rspec', '>= 3.0.0'
 
   spec.description = <<-EOF
 == DESCRIPTION:

data/spec/cloud/aws/s3/link/routines/request_signer_spec.rb

@@ -0,0 +1,53 @@
+require 'right_aws_api'
+
+require 'rspec'
+
+describe RightScale::CloudApi::AWS::S3::Link::RequestSigner do
+
+
+  context '#compute_params!' do
+    before :each do
+      @access_key = 'access-key'
+    end
+
+    context 'Expires' do
+      it 'defaults to something in the future' do
+        result = subject.compute_params!({}, @access_key)
+        expect(result['Expires']).to be_an(Integer)
+      end
+
+      it 'sets the passed value' do
+        expectation = 123
+        result      = subject.compute_params!({ 'Expires' => expectation }, @access_key)
+        expect(result['Expires']).to eq(expectation)
+      end
+    end
+
+
+    context 'AWSAccessKeyId' do
+      it 'sets the passed value' do
+        result = subject.compute_params!({}, @access_key)
+        expect(result['AWSAccessKeyId']).to eq(@access_key)
+      end
+    end
+
+  end
+
+
+  context '#compute_signature' do
+    before :each do
+      @secret_key = 'secret-key'
+      @verb       = :get
+      @bucket     = 'foo-bar'
+      @object     = 'foo%2Fbar%2F%D0%B1%D0%B0%D0%BD%D0%B0%D0%BD%D0%B0.jpg'
+      @params     = { 'Foo' => 1, 'Bar' => 2, 'Expires' => 1000000 }
+      @expectation = "EShMsLs2Bqak5YuIqOTJq15qcJE="
+      @result      = subject.compute_signature(@secret_key, @verb, @bucket, @object, @params)
+    end
+
+    it 'properly calculates the signature' do
+      expect(@result).to eq(@expectation)
+    end
+  end
+
+end

data/spec/cloud/aws/s3/routines/request_signer_spec.rb

@@ -0,0 +1,230 @@
+require 'right_aws_api'
+
+require 'rspec'
+
+describe RightScale::CloudApi::AWS::S3::RequestSigner do
+  context '#get_subresources' do
+    before :each do
+      @sub_resources = {
+        'acl'                       => 0,
+        'policy'                    => 0,
+        'versions'                  => 0,
+        'website'                   => 0,
+        'response-content-type'     => 0,
+        'response-content-language' => 0,
+        'response-foo-bar'          => 0,
+      }
+      trash = {
+        'foo' => 0,
+        'bar' => 0,
+      }
+      params = @sub_resources.merge(trash)
+      @result = subject.get_subresources(params)
+    end
+
+    it "extracts SUB_RESOURCES and response- params" do
+      expect(@result).to eq(@sub_resources)
+    end
+  end
+
+
+  context '#compute_canonicalized_bucket' do
+    context 'DNS bucket' do
+      it 'adds a trailing slash' do
+        expect(subject.compute_canonicalized_bucket('foo-bar')).to eq('foo-bar/')
+      end
+    end
+
+    context 'non DNS bucket' do
+      it 'does nothing' do
+        expect(subject.compute_canonicalized_bucket('foo_bar')).to eq('foo_bar')
+      end
+    end
+  end
+
+
+  context '#compute_canonicalized_path' do
+    context 'with no sub-resources' do
+      before :each do
+        bucket        = 'foo-bar_bucket'
+        relative_path = 'a/b/c/d.jpg'
+        params        = { 'Foo' => 1, 'acl' => '2', 'response-content-type' => 'jpg' }
+        @result       = subject.compute_canonicalized_path(bucket, relative_path, params)
+        @expectation  = '/foo-bar_bucket/a/b/c/d.jpg?acl=2&response-content-type=jpg'
+      end
+
+      it 'works' do
+        expect(@result).to eq(@expectation)
+      end
+    end
+  end
+
+
+
+  context '#compute_bucket_name_and_object_path' do
+    before :each do
+      @original_path = 'my-test-bucket/foo/bar/банана.jpg'
+      @bucket        = 'my-test-bucket'
+      @relative_path = 'foo%2Fbar%2F%D0%B1%D0%B0%D0%BD%D0%B0%D0%BD%D0%B0.jpg'
+    end
+
+    context 'when this is a first API call attempt' do
+      before :each do
+        @r_bucket, @r_path = subject.compute_bucket_name_and_object_path(nil, @original_path)
+      end
+
+      it "extracts the bucket and escapes the path" do
+        expect(@r_bucket).to eq(@bucket)
+        expect(@r_path).to   eq(@relative_path)
+      end
+    end
+
+
+    context 'when there is a redirect and the bucket is already extracted' do
+      before :each do
+        @r_bucket, @r_path = subject.compute_bucket_name_and_object_path(@bucket, @relative_path)
+      end
+
+      it "does nothing" do
+        expect(@r_bucket).to eq(@bucket)
+        expect(@r_path).to   eq(@relative_path)
+      end
+    end
+  end
+
+
+  context '#compute_host' do
+    context 'DNS bucket' do
+      before :each do
+        bucket  = 'foo-bar-bucket'
+        uri     = URI.parse('https://a.b.com')
+        @result = subject.compute_host(bucket, uri)
+        @expectation = 'https://foo-bar-bucket.a.b.com'
+      end
+
+      it 'prepends the host name with the bucket name' do
+        expect(@result.to_s).to eq(@expectation)
+      end
+    end
+
+
+    context 'non DNS bucket' do
+      before :each do
+        bucket  = 'foo-bar_bucket'
+        uri     = URI.parse('https://a.b.com')
+        @result = subject.compute_host(bucket, uri)
+        @expectation = 'https://a.b.com'
+      end
+
+      it 'has no effect on the host name' do
+        expect(@result.to_s).to eq(@expectation)
+      end
+    end
+  end
+
+
+  context '#compute_body' do
+    it 'has no effect for non Hash body' do
+      expect(subject.compute_body(nil, 'application/json')).to eq(nil)
+      expect(subject.compute_body(1,   'application/json')).to eq(1)
+      expect(subject.compute_body([1], 'application/json')).to eq([1])
+    end
+
+    it 'converts Hashes to the required content type' do
+      expect(subject.compute_body({1 => 2}, 'application/json')).to eq("{\"1\":2}")
+      expect(subject.compute_body({1 => 2}, 'application/xml')).to  eq("<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<1>2</1>")
+    end
+  end
+
+
+  context '#compute_headers!' do
+    before :each do
+      @headers = RightScale::CloudApi::HTTPHeaders.new
+      @body    = nil
+      @host    = 'foo_bar.host.com'
+    end
+
+    context 'content-type' do
+      it 'defaults content-type to application/octet-stream' do
+        result      = subject.compute_headers!(@headers, @body, @host)
+        expectation = ['application/octet-stream']
+        expect(result['content-type']).to eq(expectation)
+      end
+    end
+
+
+    context 'date' do
+      it 'sets date' do
+        result = subject.compute_headers!(@headers, @body, @host)
+        expect(result['date']).to       be_an(Array)
+        expect(result['date'].first).to be_a(String)
+      end
+    end
+
+
+    context 'content-md5' do
+      context 'body is blank' do
+        it 'does not set the header' do
+          result = subject.compute_headers!(@headers, @body, @host)
+          expect(result['content-md5']).to eq([])
+        end
+      end
+
+
+      context 'body is not blank' do
+        it 'does not set the header' do
+          result = subject.compute_headers!(@headers, 'woo-hoo', @host)
+          expect(result['content-md5']).to eq(['Ezs4dVuMkr7EgUDB41SEMg=='])
+        end
+      end
+    end
+
+
+    context 'host' do
+      it 'sets the host' do
+        result = subject.compute_headers!(@headers, @body, @host)
+        expect(result['host']).to eq([@host])
+      end
+    end
+  end
+
+
+  context '#compute_signature' do
+    before :each do
+      @secret_key = 'secret-key'
+      @verb       = :get
+      @bucket     = 'foo-bar'
+      @object     = 'foo%2Fbar%2F%D0%B1%D0%B0%D0%BD%D0%B0%D0%BD%D0%B0.jpg'
+      @params     = { 'Foo' => 1, 'Bar' => 2}
+      @headers    = RightScale::CloudApi::HTTPHeaders.new(
+        'x-amz-foo-bar' => '1',
+        'x-amx-foo-boo' => '2',
+        'date'          => 'Fri, 11 Jul 2014 21:25:46 GMT',
+        'other-header'  => 'moo'
+      )
+      @expectation = "Z7hSptZVg7WytxFfM7K73henBpA="
+      @result      = subject.compute_signature(@access_key, @secret_key, @verb, @bucket, @object, @params, @headers)
+    end
+
+    it 'properly calculates the signature' do
+      expect(@result).to eq(@expectation)
+    end
+  end
+
+
+  context '#compute_path' do
+    before :each do
+      @path   = 'foo-bar'
+      @object = 'foo%2Fbar%2F%D0%B1%D0%B0%D0%BD%D0%B0%D0%BD%D0%B0.jpg'
+      @params = { 'Foo' => 1, 'Bar' => 2}
+    end
+
+    it 'works for DNS bucket' do
+      expect(subject.compute_path('foo-bar', @object, @params)).to eq('/foo%2Fbar%2F%D0%B1%D0%B0%D0%BD%D0%B0%D0%BD%D0%B0.jpg?Bar=2&Foo=1')
+    end
+
+    it 'works for non DNS bucket' do
+      expect(subject.compute_path('foo_bar', @object, @params)).to eq('/foo_bar/foo%2Fbar%2F%D0%B1%D0%B0%D0%BD%D0%B0%D0%BD%D0%B0.jpg?Bar=2&Foo=1')
+    end
+  end
+end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: right_aws_api
 version: !ruby/object:Gem::Version
-  version: 0.1.0
+  version: 0.2.0
 platform: ruby
 authors:
 - RightScale, Inc.
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2014-06-19 00:00:00.000000000 Z
+date: 2014-07-15 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: right_cloud_api_base
@@ -38,6 +38,20 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 3.0.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 3.0.0
 description: |+
   == DESCRIPTION:
 
@@ -75,6 +89,9 @@ files:
 - lib/cloud/aws/route53/manager.rb
 - lib/cloud/aws/route53/routines/request_signer.rb
 - lib/cloud/aws/route53/wrappers/default.rb
+- lib/cloud/aws/s3/link/manager.rb
+- lib/cloud/aws/s3/link/routines/request_signer.rb
+- lib/cloud/aws/s3/link/wrappers/default.rb
 - lib/cloud/aws/s3/manager.rb
 - lib/cloud/aws/s3/parsers/response_error.rb
 - lib/cloud/aws/s3/routines/request_signer.rb
@@ -85,6 +102,8 @@ files:
 - lib/right_aws_api.rb
 - lib/right_aws_api_version.rb
 - right_aws_api.gemspec
+- spec/cloud/aws/s3/link/routines/request_signer_spec.rb
+- spec/cloud/aws/s3/routines/request_signer_spec.rb
 - spec/describe_calls.rb
 homepage: 
 licenses: []
@@ -114,5 +133,7 @@ signing_key:
 specification_version: 4
 summary: The gem provides interface to AWS cloud services.
 test_files:
+- spec/cloud/aws/s3/routines/request_signer_spec.rb
+- spec/cloud/aws/s3/link/routines/request_signer_spec.rb
 - spec/describe_calls.rb
 has_rdoc: