kotovalexarian-likes-github/fog--fog
1
0
Fork 0
mirror of https://github.com/fog/fog.git synced 2022-11-09 13:51:43 -05:00
Code Releases Activity

start an instance with an IAM profile and access the credentials

Browse source
This commit is contained in:
Frederick Cheung 2012-06-18 09:44:51 +01:00
parent c2ed3c886d
commit 38c75c85ab
23 changed files with 440 additions and 139 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
lib/fog/aws.rb
View file

@ -1,5 +1,5 @@
require 'fog/core'
require 'fog/aws/credential_fetcher'
module Fog
module AWS

31
lib/fog/aws/auto_scaling.rb
View file

@ -3,13 +3,14 @@ require 'fog/aws'
module Fog
module AWS
class AutoScaling < Fog::Service
extend Fog::AWS::CredentialFetcher::ServiceMethods
class IdentifierTaken < Fog::Errors::Error; end
class ResourceInUse < Fog::Errors::Error; end
class ValidationError < Fog::Errors::Error; end
requires :aws_access_key_id, :aws_secret_access_key
recognizes :host, :path, :port, :scheme, :persistent, :region
recognizes :host, :path, :port, :scheme, :persistent, :region, :use_iam_profile, :aws_session_token, :aws_credentials_expire_at
request_path 'fog/aws/requests/auto_scaling'
request :create_auto_scaling_group
@ -51,7 +52,7 @@ module Fog
collection :instances
class Real
include Fog::AWS::CredentialFetcher::ConnectionMethods
# Initialize connection to AutoScaling
#
# ==== Notes
@ -72,9 +73,8 @@ module Fog
def initialize(options={})
require 'fog/core/parser'
@aws_access_key_id = options[:aws_access_key_id]
@aws_secret_access_key = options[:aws_secret_access_key]
@hmac = Fog::HMAC.new('sha256', @aws_secret_access_key)
@use_iam_profile = options[:use_iam_profile]
setup_credentials(options)
@connection_options = options[:connection_options] || {}
options[:region] ||= 'us-east-1'
@ -93,6 +93,8 @@ module Fog
private
def request(params)
refresh_credentials_if_expired
idempotent = params.delete(:idempotent)
parser = params.delete(:parser)
@ -100,6 +102,7 @@ module Fog
params,
{
:aws_access_key_id => @aws_access_key_id,
:aws_session_token => @aws_session_token,
:hmac => @hmac,
:host => @host,
:path => @path,
@ -139,8 +142,17 @@ module Fog
response
end
def setup_credentials(options)
@aws_access_key_id = options[:aws_access_key_id]
@aws_secret_access_key = options[:aws_secret_access_key]
@aws_session_token = options[:aws_session_token]
@aws_credentials_expire_at = options[:aws_credentials_expire_at]
@hmac = Fog::HMAC.new('sha256', @aws_secret_access_key)
end
end
class Mock
def self.data
@ -186,9 +198,8 @@ module Fog
end
def initialize(options={})
@aws_access_key_id = options[:aws_access_key_id]
@use_iam_profile = options[:use_iam_profile]
setup_credentials(options)
@region = options[:region] || 'us-east-1'
unless ['ap-northeast-1', 'ap-southeast-1', 'eu-west-1', 'sa-east-1', 'us-east-1', 'us-west-1', 'us-west-2'].include?(@region)
@ -197,6 +208,10 @@ module Fog
end
def setup_credentials(options)
@aws_access_key_id = options[:aws_access_key_id]
end
def data
self.class.data[@region][@aws_access_key_id]
end

23
lib/fog/aws/beanstalk.rb
View file

@ -3,11 +3,12 @@ require 'fog/aws'
module Fog
module AWS
class ElasticBeanstalk < Fog::Service
extend Fog::AWS::CredentialFetcher::ServiceMethods
class InvalidParameterError < Fog::Errors::Error; end
requires :aws_access_key_id, :aws_secret_access_key
recognizes :region, :host, :path, :port, :scheme, :persistent
recognizes :region, :host, :path, :port, :scheme, :persistent, :use_iam_profile, :aws_session_token, :aws_credentials_expire_at
request_path 'fog/aws/requests/beanstalk'
@ -63,13 +64,12 @@ module Fog
end
class Real
include Fog::AWS::CredentialFetcher::ConnectionMethods
def initialize(options={})
require 'fog/core/parser'
@aws_access_key_id = options[:aws_access_key_id]
@aws_secret_access_key = options[:aws_secret_access_key]
@hmac = Fog::HMAC.new('sha256', @aws_secret_access_key)
@use_iam_profile = options[:use_iam_profile]
setup_credentials(options)
@connection_options = options[:connection_options] || {}
options[:region] ||= 'us-east-1'
@ -92,7 +92,18 @@ module Fog
private
def setup_credentials(options)
@aws_access_key_id = options[:aws_access_key_id]
@aws_secret_access_key = options[:aws_secret_access_key]
@aws_session_token = options[:aws_session_token]
@aws_credentials_expire_at = options[:aws_credentials_expire_at]
@hmac = Fog::HMAC.new('sha256', @aws_secret_access_key)
end
def request(params)
refresh_credentials_if_expired
idempotent = params.delete(:idempotent)
parser = params.delete(:parser)

27
lib/fog/aws/cdn.rb
View file

@ -4,9 +4,10 @@ require 'fog/cdn'
module Fog
module CDN
class AWS < Fog::Service
extend Fog::AWS::CredentialFetcher::ServiceMethods
requires :aws_access_key_id, :aws_secret_access_key
recognizes :host, :path, :port, :scheme, :version, :persistent
recognizes :host, :path, :port, :scheme, :version, :persistent, :use_iam_profile, :aws_session_token, :aws_credentials_expire_at
model_path 'fog/aws/cdn/models'
@ -42,7 +43,8 @@ module Fog
def initialize(options={})
require 'mime/types'
@aws_access_key_id = options[:aws_access_key_id]
@use_iam_profile = options[:use_iam_profile]
setup_credentials(options)
@region = options[:region]
end
@ -58,10 +60,13 @@ module Fog
"foo"
end
def setup_credentials(options={})
@aws_access_key_id = options[:aws_access_key_id]
end
end
class Real
include Fog::AWS::CredentialFetcher::ConnectionMethods
# Initialize connection to Cloudfront
#
# ==== Notes
@ -82,10 +87,9 @@ module Fog
def initialize(options={})
require 'fog/core/parser'
@aws_access_key_id = options[:aws_access_key_id]
@aws_secret_access_key = options[:aws_secret_access_key]
@use_iam_profile = options[:use_iam_profile]
setup_credentials(options)
@connection_options = options[:connection_options] || {}
@hmac = Fog::HMAC.new('sha1', @aws_secret_access_key)
@host = options[:host] || 'cloudfront.amazonaws.com'
@path = options[:path] || '/'
@persistent = options[:persistent] || true
@ -101,7 +105,18 @@ module Fog
private
def setup_credentials(options)
@aws_access_key_id = options[:aws_access_key_id]
@aws_secret_access_key = options[:aws_secret_access_key]
@aws_session_token = options[:aws_session_token]
@aws_credentials_expire_at = options[:aws_credentials_expire_at]
@hmac = Fog::HMAC.new('sha1', @aws_secret_access_key)
end
def request(params, &block)
refresh_credentials_if_expired
params[:headers] ||= {}
params[:headers]['Date'] = Fog::Time.now.to_date_header
params[:headers]['Authorization'] = "AWS #{@aws_access_key_id}:#{signature(params)}"

21
lib/fog/aws/cloud_formation.rb
View file

@ -3,9 +3,10 @@ require 'fog/aws'
module Fog
module AWS
class CloudFormation < Fog::Service
extend Fog::AWS::CredentialFetcher::ServiceMethods
requires :aws_access_key_id, :aws_secret_access_key
recognizes :host, :path, :port, :scheme, :persistent, :region
recognizes :host, :path, :port, :scheme, :persistent, :region, :use_iam_profile, :aws_session_token, :aws_credentials_expire_at
request_path 'fog/aws/requests/cloud_formation'
request :create_stack
@ -26,7 +27,7 @@ module Fog
end
class Real
include Fog::AWS::CredentialFetcher::ConnectionMethods
# Initialize connection to CloudFormation
#
# ==== Notes
@ -47,9 +48,8 @@ module Fog
def initialize(options={})
require 'fog/core/parser'
@aws_access_key_id = options[:aws_access_key_id]
@aws_secret_access_key = options[:aws_secret_access_key]
@hmac = Fog::HMAC.new('sha256', @aws_secret_access_key)
@use_iam_profile = options[:use_iam_profile]
setup_credentials(options)
@connection_options = options[:connection_options] || {}
options[:region] ||= 'us-east-1'
@ -67,7 +67,18 @@ module Fog
private
def setup_credentials(options)
@aws_access_key_id = options[:aws_access_key_id]
@aws_secret_access_key = options[:aws_secret_access_key]
@aws_session_token = options[:aws_session_token]
@aws_credentials_expire_at = options[:aws_credentials_expire_at]
@hmac = Fog::HMAC.new('sha256', @aws_secret_access_key)
end
def request(params)
refresh_credentials_if_expired
idempotent = params.delete(:idempotent)
parser = params.delete(:parser)

21
lib/fog/aws/cloud_watch.rb
View file

@ -3,10 +3,10 @@ require 'fog/aws'
module Fog
module AWS
class CloudWatch < Fog::Service
extend Fog::AWS::CredentialFetcher::ServiceMethods
requires :aws_access_key_id, :aws_secret_access_key
recognizes :region, :host, :path, :port, :scheme, :persistent
recognizes :region, :host, :path, :port, :scheme, :persistent, :use_iam_profile, :aws_session_token, :aws_credentials_expire_at
request_path 'fog/aws/requests/cloud_watch'
@ -42,7 +42,7 @@ module Fog
end
class Real
include Fog::AWS::CredentialFetcher::ConnectionMethods
# Initialize connection to Cloudwatch
#
# ==== Notes
@ -62,9 +62,8 @@ module Fog
# ==== Returns
# * CloudWatch object with connection to AWS.
def initialize(options={})
@aws_access_key_id = options[:aws_access_key_id]
@aws_secret_access_key = options[:aws_secret_access_key]
@hmac = Fog::HMAC.new('sha256', @aws_secret_access_key)
@use_iam_profile = options[:use_iam_profile]
setup_credentials(options)
@connection_options = options[:connection_options] || {}
options[:region] ||= 'us-east-1'
@ -82,7 +81,17 @@ module Fog
private
def setup_credentials(options)
@aws_access_key_id = options[:aws_access_key_id]
@aws_secret_access_key = options[:aws_secret_access_key]
@aws_session_token = options[:aws_session_token]
@aws_credentials_expire_at = options[:aws_credentials_expire_at]
@hmac = Fog::HMAC.new('sha256', @aws_secret_access_key)
end
def request(params)
refresh_credentials_if_expired
idempotent = params.delete(:idempotent)
parser = params.delete(:parser)

30
lib/fog/aws/compute.rb
View file

@ -4,9 +4,10 @@ require 'fog/compute'
module Fog
module Compute
class AWS < Fog::Service
extend Fog::AWS::CredentialFetcher::ServiceMethods
requires :aws_access_key_id, :aws_secret_access_key
recognizes :endpoint, :region, :host, :path, :port, :scheme, :persistent, :aws_session_token
recognizes :endpoint, :region, :host, :path, :port, :scheme, :persistent, :aws_session_token, :use_iam_profile, :aws_credentials_expire_at
model_path 'fog/aws/models/compute'
model :address
@ -205,8 +206,8 @@ module Fog
end
def initialize(options={})
@aws_access_key_id = options[:aws_access_key_id]
@use_iam_profile = options[:use_iam_profile]
setup_credentials(options)
@region = options[:region] || 'us-east-1'
unless ['ap-northeast-1', 'ap-southeast-1', 'eu-west-1', 'us-east-1', 'us-west-1', 'us-west-2', 'sa-east-1'].include?(@region)
@ -268,10 +269,14 @@ module Fog
resources
end
def setup_credentials(options)
@aws_access_key_id = options[:aws_access_key_id]
end
end
class Real
include Fog::AWS::CredentialFetcher::ConnectionMethods
# Initialize connection to EC2
#
# ==== Notes
@ -298,11 +303,9 @@ module Fog
def initialize(options={})
require 'fog/core/parser'
@aws_access_key_id = options[:aws_access_key_id]
@aws_secret_access_key = options[:aws_secret_access_key]
@aws_session_token = options[:aws_session_token]
@use_iam_profile = options[:use_iam_profile]
setup_credentials(options)
@connection_options = options[:connection_options] || {}
@hmac = Fog::HMAC.new('sha256', @aws_secret_access_key)
@region = options[:region] ||= 'us-east-1'
if @endpoint = options[:endpoint]
@ -326,8 +329,17 @@ module Fog
end
private
def setup_credentials(options)
@aws_access_key_id = options[:aws_access_key_id]
@aws_secret_access_key = options[:aws_secret_access_key]
@aws_session_token = options[:aws_session_token]
@aws_credentials_expire_at = options[:aws_credentials_expire_at]
@hmac = Fog::HMAC.new('sha256', @aws_secret_access_key)
end
def request(params)
refresh_credentials_if_expired
idempotent = params.delete(:idempotent)
parser = params.delete(:parser)
@ -340,7 +352,7 @@ module Fog
:host => @host,
:path => @path,
:port => @port,
:version => '2012-03-01'
:version => '2012-06-01'
}
)

66
lib/fog/aws/credential_fetcher.rb Normal file
View file

@ -0,0 +1,66 @@
require 'net/http'
require 'uri'
require 'fog/core/json'
module Fog
module AWS
module CredentialFetcher
INSTANCE_METADATA_URI = "http://169.254.169.254/latest/meta-data/iam/security-credentials/"
module ServiceMethods
def fetch_credentials(options)
if options[:use_iam_profile]
begin
role_name = Net::HTTP.get_response(URI.parse(INSTANCE_METADATA_URI))
role_name.error! unless role_name.is_a?(Net::HTTPSuccess)
role_data = Net::HTTP.get_response(URI.parse(INSTANCE_METADATA_URI+role_name.body))
role_data.error! unless role_data.is_a?(Net::HTTPSuccess)
session = Fog::JSON.decode(role_data.body)
credentials = {}
credentials[:aws_access_key_id] = session['AccessKeyId']
credentials[:aws_secret_access_key] = session['SecretAccessKey']
credentials[:aws_session_token] = session['Token']
credentials[:aws_credentials_expire_at] = Time.xmlschema session['Expiration']
#these indicate the metadata service is unavailable or has no profile setup
credentials
rescue Errno::EHOSTUNREACH, Errno::ECONNREFUSED, SocketError, Timeout::Error, Net::HTTPError, Net::HTTPServerException => e
Fog::Logger.warning("Unable to fetch credentuals: #{e.message}")
super
end
else
super
end
end
end
module ConnectionMethods
def refresh_credentials_if_expired
refresh_credentials if credentials_expired?
end
private
def credentials_expired?
@use_iam_profile &&
(!@aws_credentials_expire_at ||
(@aws_credentials_expire_at && Fog::Time.now > @aws_credentials_expire_at - 15)) #new credentials become available from around 5 minutes before expiration time
end
def refresh_credentials
if @use_iam_profile
new_credentials = service.fetch_credentials :use_iam_profile => @use_iam_profile
if new_credentials.any?
setup_credentials new_credentials
return true
else
false
end
else
false
end
end
end
end
end
end

27
lib/fog/aws/dns.rb
View file

@ -4,9 +4,10 @@ require 'fog/dns'
module Fog
module DNS
class AWS < Fog::Service
extend Fog::AWS::CredentialFetcher::ServiceMethods
requires :aws_access_key_id, :aws_secret_access_key
recognizes :host, :path, :port, :scheme, :version, :persistent
recognizes :host, :path, :port, :scheme, :version, :persistent, :use_iam_profile, :aws_session_token, :aws_credentials_expire_at
model_path 'fog/aws/models/dns'
model :record
@ -45,7 +46,8 @@ module Fog
def initialize(options={})
require 'mime/types'
@aws_access_key_id = options[:aws_access_key_id]
@use_iam_profile = options[:use_iam_profile]
setup_credentials(options)
@region = options[:region]
end
@ -60,10 +62,14 @@ module Fog
def signature(params)
"foo"
end
def setup_credentials(options)
@aws_access_key_id = options[:aws_access_key_id]
end
end
class Real
include Fog::AWS::CredentialFetcher::ConnectionMethods
# Initialize connection to Route 53 DNS service
#
# ==== Notes
@ -84,10 +90,9 @@ module Fog
def initialize(options={})
require 'fog/core/parser'
@aws_access_key_id = options[:aws_access_key_id]
@aws_secret_access_key = options[:aws_secret_access_key]
@use_iam_profile = options[:use_iam_profile]
setup_credentials(options)
@connection_options = options[:connection_options] || {}
@hmac = Fog::HMAC.new('sha1', @aws_secret_access_key)
@host = options[:host] || 'route53.amazonaws.com'
@path = options[:path] || '/'
@persistent = options[:persistent] || true
@ -104,7 +109,17 @@ module Fog
private
def setup_credentials(options)
@aws_access_key_id = options[:aws_access_key_id]
@aws_secret_access_key = options[:aws_secret_access_key]
@aws_session_token = options[:aws_session_token]
@aws_credentials_expire_at = options[:aws_credentials_expire_at]
@hmac = Fog::HMAC.new('sha1', @aws_secret_access_key)
end
def request(params, &block)
refresh_credentials_if_expired
params[:headers] ||= {}
params[:headers]['Date'] = Fog::Time.now.to_date_header
params[:headers]['X-Amzn-Authorization'] = "AWS3-HTTPS AWSAccessKeyId=#{@aws_access_key_id},Algorithm=HmacSHA1,Signature=#{signature(params)}"

53
lib/fog/aws/dynamodb.rb
View file

@ -3,9 +3,10 @@ require 'fog/aws'
module Fog
module AWS
class DynamoDB < Fog::Service
extend Fog::AWS::CredentialFetcher::ServiceMethods
requires :aws_access_key_id, :aws_secret_access_key
recognizes :aws_session_token, :host, :path, :port, :scheme, :persistent, :region
recognizes :aws_session_token, :host, :path, :port, :scheme, :persistent, :region, :use_iam_profile, :aws_credentials_expire_at
request_path 'fog/aws/requests/dynamodb'
request :batch_get_item
@ -37,7 +38,8 @@ module Fog
end
def initialize(options={})
@aws_access_key_id = options[:aws_access_key_id]
@use_iam_profile = options[:use_iam_profile]
setup_credentials(options)
end
def data
@ -48,10 +50,13 @@ module Fog
self.class.data.delete(@aws_access_key_id)
end
def setup_credientials(options)
@aws_access_key_id = options[:aws_access_key_id]
end
end
class Real
include Fog::AWS::CredentialFetcher::ConnectionMethods
# Initialize connection to DynamoDB
#
# ==== Notes
@ -70,24 +75,13 @@ module Fog
# ==== Returns
# * DynamoDB object with connection to aws
def initialize(options={})
if options[:aws_session_token]
@aws_access_key_id = options[:aws_access_key_id]
@aws_secret_access_key = options[:aws_secret_access_key]
@aws_session_token = options[:aws_session_token]
else
sts = Fog::AWS::STS.new(
:aws_access_key_id => options[:aws_access_key_id],
:aws_secret_access_key => options[:aws_secret_access_key]
)
session_data = sts.get_session_token.body
@use_iam_profile = options[:use_iam_profile]
#TODO check dynamodb stuff
@aws_access_key_id = session_data['AccessKeyId']
@aws_secret_access_key = session_data['SecretAccessKey']
@aws_session_token = session_data['SessionToken']
end
setup_credentials(options)
@connection_options = options[:connection_options] || {}
@hmac = Fog::HMAC.new('sha256', @aws_secret_access_key)
options[:region] ||= 'us-east-1'
@host = options[:host] || "dynamodb.#{options[:region]}.amazonaws.com"
@path = options[:path] || '/'
@ -99,11 +93,32 @@ module Fog
private
def setup_credentials(options)
if options[:aws_session_token]
@aws_access_key_id = options[:aws_access_key_id]
@aws_secret_access_key = options[:aws_secret_access_key]
@aws_session_token = options[:aws_session_token]
@aws_credentials_expire_at = options[:aws_credentials_expire_at]
else
sts = Fog::AWS::STS.new(
:aws_access_key_id => options[:aws_access_key_id],
:aws_secret_access_key => options[:aws_secret_access_key]
)
session_data = sts.get_session_token.body
@aws_access_key_id = session_data['AccessKeyId']
@aws_secret_access_key = session_data['SecretAccessKey']
@aws_session_token = session_data['SessionToken']
end
@hmac = Fog::HMAC.new('sha256', @aws_secret_access_key)
end
def reload
@connection.reset
end
def request(params)
refresh_credentials_if_expired
idempotent = params.delete(:idempotent)
headers = {

22
lib/fog/aws/elasticache.rb
View file

@ -1,12 +1,13 @@
module Fog
module AWS
class Elasticache < Fog::Service
extend Fog::AWS::CredentialFetcher::ServiceMethods
class IdentifierTaken < Fog::Errors::Error; end
class InvalidInstance < Fog::Errors::Error; end
requires :aws_access_key_id, :aws_secret_access_key
recognizes :region, :host, :path, :port, :scheme, :persistent
recognizes :region, :host, :path, :port, :scheme, :persistent, :use_iam_profile, :aws_session_token, :aws_credentials_expire_at
request_path 'fog/aws/requests/elasticache'
@ -47,11 +48,10 @@ module Fog
end
class Real
include Fog::AWS::CredentialFetcher::ConnectionMethods
def initialize(options={})
@aws_access_key_id = options[:aws_access_key_id]
@aws_secret_access_key = options[:aws_secret_access_key]
@hmac = Fog::HMAC.new('sha256', @aws_secret_access_key)
@use_iam_profile = options[:use_iam_profile]
setup_credentials(options)
options[:region] ||= 'us-east-1'
@host = options[:host] || "elasticache.#{options[:region]}.amazonaws.com"
@ -68,7 +68,19 @@ module Fog
end
private
def setup_credentials(options)
@aws_access_key_id = options[:aws_access_key_id]
@aws_secret_access_key = options[:aws_secret_access_key]
@aws_session_token = options[:aws_session_token]
@aws_credentials_expire_at = options[:aws_credentials_expire_at]
@hmac = Fog::HMAC.new('sha256', @aws_secret_access_key)
end
def request(params)
refresh_credentials_if_expired
idempotent = params.delete(:idempotent)
parser = params.delete(:parser)

30
lib/fog/aws/elb.rb
View file

@ -3,6 +3,7 @@ require 'fog/aws'
module Fog
module AWS
class ELB < Fog::Service
extend Fog::AWS::CredentialFetcher::ServiceMethods
class DuplicatePolicyName < Fog::Errors::Error; end
class IdentifierTaken < Fog::Errors::Error; end
@ -15,7 +16,7 @@ module Fog
class ValidationError < Fog::Errors::Error; end
requires :aws_access_key_id, :aws_secret_access_key
recognizes :region, :host, :path, :port, :scheme, :persistent
recognizes :region, :host, :path, :port, :scheme, :persistent, :use_iam_profile, :aws_session_token, :aws_credentials_expire_at
request_path 'fog/aws/requests/elb'
request :configure_health_check
@ -75,7 +76,8 @@ module Fog
end
def initialize(options={})
@aws_access_key_id = options[:aws_access_key_id]
@use_iam_profile = options[:use_iam_profile]
setup_credentials(options)
@region = options[:region] || 'us-east-1'
@ -84,6 +86,10 @@ module Fog
end
end
def setup_credentials(options)
@aws_access_key_id = options[:aws_access_key_id]
end
def data
self.class.data[@region][@aws_access_key_id]
end
@ -94,7 +100,7 @@ module Fog
end
class Real
include Fog::AWS::CredentialFetcher::ConnectionMethods
# Initialize connection to ELB
#
# ==== Notes
@ -116,11 +122,10 @@ module Fog
def initialize(options={})
require 'fog/core/parser'
@aws_access_key_id = options[:aws_access_key_id]
@aws_secret_access_key = options[:aws_secret_access_key]
@use_iam_profile = options[:use_iam_profile]
setup_credentials(options)
@connection_options = options[:connection_options] || {}
@hmac = Fog::HMAC.new('sha256', @aws_secret_access_key)
options[:region] ||= 'us-east-1'
@host = options[:host] || "elasticloadbalancing.#{options[:region]}.amazonaws.com"
@path = options[:path] || '/'
@ -136,7 +141,18 @@ module Fog
private
def setup_credentials(options={})
@aws_access_key_id = options[:aws_access_key_id]
@aws_secret_access_key = options[:aws_secret_access_key]
@aws_session_token = options[:aws_session_token]
@aws_credentials_expire_at = options[:aws_credentials_expire_at]
@hmac = Fog::HMAC.new('sha256', @aws_secret_access_key)
end
def request(params)
refresh_credentials_if_expired
idempotent = params.delete(:idempotent)
parser = params.delete(:parser)

21
lib/fog/aws/emr.rb
View file

@ -3,11 +3,12 @@ require 'fog/aws'
module Fog
module AWS
class EMR < Fog::Service
extend Fog::AWS::CredentialFetcher::ServiceMethods
class IdentifierTaken < Fog::Errors::Error; end
requires :aws_access_key_id, :aws_secret_access_key
recognizes :region, :host, :path, :port, :scheme, :persistent
recognizes :region, :host, :path, :port, :scheme, :persistent, :use_iam_profile, :aws_session_token, :aws_credentials_expire_at
request_path 'fog/aws/requests/emr'
@ -42,7 +43,7 @@ module Fog
end
class Real
include Fog::AWS::CredentialFetcher::ConnectionMethods
# Initialize connection to EMR
#
# ==== Notes
@ -62,10 +63,9 @@ module Fog
# ==== Returns
# * EMR object with connection to AWS.
def initialize(options={})
@aws_access_key_id = options[:aws_access_key_id]
@aws_secret_access_key = options[:aws_secret_access_key]
@use_iam_profile = options[:use_iam_profile]
setup_credentials(options)
@connection_options = options[:connection_options] || {}
@hmac = Fog::HMAC.new('sha256', @aws_secret_access_key)
options[:region] ||= 'us-east-1'
@host = options[:host] || "elasticmapreduce.#{options[:region]}.amazonaws.com"
@ -83,7 +83,18 @@ module Fog
private
def setup_credentials(options)
@aws_access_key_id = options[:aws_access_key_id]
@aws_secret_access_key = options[:aws_secret_access_key]
@aws_session_token = options[:aws_session_token]
@aws_credentials_expire_at = options[:aws_credentials_expire_at]
@hmac = Fog::HMAC.new('sha256', @aws_secret_access_key)
end
def request(params)
refresh_credentials_if_expired
idempotent = params.delete(:idempotent)
parser = params.delete(:parser)

7
lib/fog/aws/models/compute/server.rb
View file

@ -19,6 +19,7 @@ module Fog
attribute :dns_name, :aliases => 'dnsName'
attribute :groups
attribute :flavor_id, :aliases => 'instanceType'
attribute :iam_instance_profile, :aliases => 'iamInstanceProfile'
attribute :image_id, :aliases => 'imageId'
attr_accessor :instance_initiated_shutdown_behavior
attribute :kernel_id, :aliases => 'kernelId'
@ -46,6 +47,8 @@ module Fog
attr_accessor :password
attr_writer :private_key, :private_key_path, :public_key, :public_key_path, :username
attr_writer :iam_instance_profile_name, :iam_instance_profile_arn
def initialize(attributes={})
self.groups ||= ["default"] unless (attributes[:subnet_id] || attributes[:security_group_ids])
@ -147,6 +150,8 @@ module Fog
options = {
'BlockDeviceMapping' => block_device_mapping,
'ClientToken' => client_token,
'IamInstanceProfile.Arn' => @iam_instance_profile_arn,
'IamInstanceProfile.Name' => @iam_instance_profile_name,
'InstanceInitiatedShutdownBehavior' => instance_initiated_shutdown_behavior,
'InstanceType' => flavor_id,
'KernelId' => kernel_id,
@ -160,7 +165,7 @@ module Fog
'SecurityGroup' => groups,
'SecurityGroupId' => security_group_ids,
'SubnetId' => subnet_id,
'UserData' => user_data
'UserData' => user_data,
}
options.delete_if {|key, value| value.nil?}

10
lib/fog/aws/parsers/compute/describe_instances.rb
View file

@ -9,8 +9,8 @@ module Fog
@block_device_mapping = {}
@network_interface = {}
@context = []
@contexts = ['blockDeviceMapping', 'groupSet', 'instancesSet', 'instanceState', 'networkInterfaceSet', 'placement', 'productCodes', 'stateReason', 'tagSet']
@instance = { 'blockDeviceMapping' => [], 'networkInterfaces' => [], 'instanceState' => {}, 'monitoring' => {}, 'placement' => {}, 'productCodes' => [], 'stateReason' => {}, 'tagSet' => {} }
@contexts = ['blockDeviceMapping', 'groupSet', 'iamInstanceProfile', 'instancesSet', 'instanceState', 'networkInterfaceSet', 'placement', 'productCodes', 'stateReason', 'tagSet']
@instance = { 'blockDeviceMapping' => [], 'networkInterfaces' => [], 'iamInstanceProfile' => {}, 'instanceState' => {}, 'monitoring' => {}, 'placement' => {}, 'productCodes' => [], 'stateReason' => {}, 'tagSet' => {} }
@reservation = { 'groupIds' => [], 'groupSet' => [], 'instancesSet' => [] }
@response = { 'reservationSet' => [] }
@tag = {}
@ -27,6 +27,8 @@ module Fog
case name
when 'amiLaunchIndex'
@instance[name] = value.to_i
when 'arn'
@instance[@context.last][name] = value
when 'availabilityZone', 'tenancy'
@instance['placement'][name] = value
when 'architecture', 'clientToken', 'dnsName', 'imageId',
@ -61,6 +63,8 @@ module Fog
when 'placement'
@instance['placement'][name] = value
end
when 'id'
@instance[@context.last][name] = value
when 'item'
case @context.last
when 'blockDeviceMapping'
@ -71,7 +75,7 @@ module Fog
@network_interface = {}
when 'instancesSet'
@reservation['instancesSet'] << @instance
@instance = { 'blockDeviceMapping' => [], 'networkInterfaces' => [], 'instanceState' => {}, 'monitoring' => {}, 'placement' => {}, 'productCodes' => [], 'stateReason' => {}, 'tagSet' => {} }
@instance = { 'blockDeviceMapping' => [], 'networkInterfaces' => [], 'iamInstanceProfile' => {}, 'instanceState' => {}, 'monitoring' => {}, 'placement' => {}, 'productCodes' => [], 'stateReason' => {}, 'tagSet' => {} }
when 'tagSet'
@instance['tagSet'][@tag['key']] = @tag['value']
@tag = {}

30
lib/fog/aws/rds.rb
View file

@ -3,13 +3,14 @@ require 'fog/aws'
module Fog
module AWS
class RDS < Fog::Service
extend Fog::AWS::CredentialFetcher::ServiceMethods
class IdentifierTaken < Fog::Errors::Error; end
class AuthorizationAlreadyExists < Fog::Errors::Error; end
requires :aws_access_key_id, :aws_secret_access_key
recognizes :region, :host, :path, :port, :scheme, :persistent
recognizes :region, :host, :path, :port, :scheme, :persistent, :use_iam_profile, :aws_session_token, :aws_credentials_expire_at
request_path 'fog/aws/requests/rds'
@ -85,9 +86,8 @@ module Fog
end
def initialize(options={})
@aws_access_key_id = options[:aws_access_key_id]
@use_iam_profile = options[:use_iam_profile]
@region = options[:region] || 'us-east-1'
unless ['ap-northeast-1', 'ap-southeast-1', 'eu-west-1', 'us-east-1', 'us-west-1', 'us-west-2'].include?(@region)
@ -104,12 +104,14 @@ module Fog
self.class.data[@region].delete(@aws_access_key_id)
end
def setup_credentials(options)
@aws_access_key_id = options[:aws_access_key_id]
end
end
class Real
include Fog::AWS::CredentialFetcher::ConnectionMethods
# Initialize connection to ELB
#
# ==== Notes
@ -129,10 +131,9 @@ module Fog
# ==== Returns
# * ELB object with connection to AWS.
def initialize(options={})
@aws_access_key_id = options[:aws_access_key_id]
@aws_secret_access_key = options[:aws_secret_access_key]
@use_iam_profile = options[:use_iam_profile]
setup_credentials(options)
@connection_options = options[:connection_options] || {}
@hmac = Fog::HMAC.new('sha256', @aws_secret_access_key)
options[:region] ||= 'us-east-1'
@host = options[:host] || "rds.#{options[:region]}.amazonaws.com"
@ -149,7 +150,18 @@ module Fog
private
def setup_credentials(options)
@aws_access_key_id = options[:aws_access_key_id]
@aws_secret_access_key = options[:aws_secret_access_key]
@aws_session_token = options[:aws_session_token]
@aws_credentials_expire_at = options[:aws_credentials_expire_at]
@hmac = Fog::HMAC.new('sha256', @aws_secret_access_key)
end
def request(params)
refresh_credentials_if_expired
idempotent = params.delete(:idempotent)
parser = params.delete(:parser)

2
lib/fog/aws/requests/auto_scaling/create_launch_configuration.rb
View file

@ -23,6 +23,7 @@ module Fog
# * 'Ebs.VolumeSize'<~Integer> - The volume size, in GigaBytes.
# * 'VirtualName'<~String> - The virtual name associated with the
# device.
# * 'IamInstanceProfile'<~String> The name or the Amazon Resource Name (ARN) of the instance profile associated with the IAM role for the instance
# * 'InstanceMonitoring.Enabled'<~Boolean> - Enable/Disable detailed monitoring, default is enabled
# * 'KernelId'<~String> - The ID of the kernel associated with the
# EC2 AMI.
@ -77,6 +78,7 @@ module Fog
data[:launch_configurations][launch_configuration_name] = {
'BlockDeviceMappings' => [],
'CreatedTime' => Time.now.utc,
'IamInstanceProfile' => nil,
'ImageId' => image_id,
'InstanceMonitoring.Enabled' => true,
'InstanceType' => instance_type,

22
lib/fog/aws/ses.rb
View file

@ -3,9 +3,10 @@ require 'fog/aws'
module Fog
module AWS
class SES < Fog::Service
extend Fog::AWS::CredentialFetcher::ServiceMethods
requires :aws_access_key_id, :aws_secret_access_key
recognizes :region, :host, :path, :port, :scheme, :persistent
recognizes :region, :host, :path, :port, :scheme, :persistent, :use_iam_profile, :aws_session_token, :aws_credentials_expire_at
request_path 'fog/aws/requests/ses'
request :delete_verified_email_address
@ -25,7 +26,7 @@ module Fog
end
class Real
include Fog::AWS::CredentialFetcher::ConnectionMethods
# Initialize connection to SES
#
# ==== Notes
@ -47,10 +48,10 @@ module Fog
def initialize(options={})
require 'fog/core/parser'
@aws_access_key_id = options[:aws_access_key_id]
@aws_secret_access_key = options[:aws_secret_access_key]
@use_iam_profile = options[:use_iam_profile]
setup_credentials(options)
@connection_options = options[:connection_options] || {}
@hmac = Fog::HMAC.new('sha256', @aws_secret_access_key)
options[:region] ||= 'us-east-1'
@host = options[:host] || "email.#{options[:region]}.amazonaws.com"
@path = options[:path] || '/'
@ -66,7 +67,18 @@ module Fog
private
def setup_credentials(options)
@aws_access_key_id = options[:aws_access_key_id]
@aws_secret_access_key = options[:aws_secret_access_key]
@aws_session_token = options[:aws_session_token]
@aws_credentials_expire_at = options[:aws_credentials_expire_at]
@hmac = Fog::HMAC.new('sha256', @aws_secret_access_key)
end
def request(params)
refresh_credentials_if_expired
idempotent = params.delete(:idempotent)
parser = params.delete(:parser)

29
lib/fog/aws/simpledb.rb
View file

@ -3,9 +3,10 @@ require 'fog/aws'
module Fog
module AWS
class SimpleDB < Fog::Service
extend Fog::AWS::CredentialFetcher::ServiceMethods
requires :aws_access_key_id, :aws_secret_access_key
recognizes :host, :nil_string, :path, :port, :scheme, :persistent, :region, :aws_session_token
recognizes :host, :nil_string, :path, :port, :scheme, :persistent, :region, :aws_session_token, :use_iam_profile, :aws_credentials_expire_at
request_path 'fog/aws/requests/simpledb'
request :batch_put_attributes
@ -33,7 +34,8 @@ module Fog
end
def initialize(options={})
@aws_access_key_id = options[:aws_access_key_id]
@use_iam_profile = options[:use_iam_profile]
setup_credentials(options)
end
def data
@ -44,10 +46,13 @@ module Fog
self.class.data.delete(@aws_access_key_id)
end
def setup_credentials(options)
@aws_access_key_id = options[:aws_access_key_id]
end
end
class Real
include Fog::AWS::CredentialFetcher::ConnectionMethods
# Initialize connection to SimpleDB
#
# ==== Notes
@ -68,11 +73,9 @@ module Fog
def initialize(options={})
require 'fog/core/parser'
@aws_access_key_id = options[:aws_access_key_id]
@aws_secret_access_key = options[:aws_secret_access_key]
@aws_session_token = options[:aws_session_token]
@use_iam_profile = options[:use_iam_profile]
setup_credentials(options)
@connection_options = options[:connection_options] || {}
@hmac = Fog::HMAC.new('sha256', @aws_secret_access_key)
@nil_string = options[:nil_string]|| 'nil'
options[:region] ||= 'us-east-1'
@ -90,6 +93,14 @@ module Fog
end
private
def setup_credentials(options)
@aws_access_key_id = options[:aws_access_key_id]
@aws_secret_access_key = options[:aws_secret_access_key]
@aws_session_token = options[:aws_session_token]
@aws_credentials_expire_at = options[:aws_credentials_expire_at]
@hmac = Fog::HMAC.new('sha256', @aws_secret_access_key)
end
def encode_attributes(attributes, replace_attributes = [], expected_attributes = {})
encoded_attributes = {}
@ -149,6 +160,8 @@ module Fog
end
def request(params)
refresh_credentials_if_expired
idempotent = params.delete(:idempotent)
parser = params.delete(:parser)

22
lib/fog/aws/sns.rb
View file

@ -3,9 +3,10 @@ require 'fog/aws'
module Fog
module AWS
class SNS < Fog::Service
extend Fog::AWS::CredentialFetcher::ServiceMethods
requires :aws_access_key_id, :aws_secret_access_key
recognizes :host, :path, :port, :scheme, :persistent, :region
recognizes :host, :path, :port, :scheme, :persistent, :region, :use_iam_profile, :aws_session_token, :aws_credentials_expire_at
request_path 'fog/aws/requests/sns'
request :add_permission
@ -30,7 +31,7 @@ module Fog
end
class Real
include Fog::AWS::CredentialFetcher::ConnectionMethods
# Initialize connection to SNS
#
# ==== Notes
@ -49,10 +50,10 @@ module Fog
# ==== Returns
# * SNS object with connection to AWS.
def initialize(options={})
@aws_access_key_id = options[:aws_access_key_id]
@aws_secret_access_key = options[:aws_secret_access_key]
require 'multi_json'
@use_iam_profile = options[:use_iam_profile]
setup_credentials(options)
@connection_options = options[:connection_options] || {}
@hmac = Fog::HMAC.new('sha256', @aws_secret_access_key)
options[:region] ||= 'us-east-1'
@host = options[:host] || "sns.#{options[:region]}.amazonaws.com"
@ -70,7 +71,18 @@ module Fog
private
def setup_credentials(options)
@aws_access_key_id = options[:aws_access_key_id]
@aws_secret_access_key = options[:aws_secret_access_key]
@aws_session_token = options[:aws_session_token]
@aws_credentials_expire_at = options[:aws_credentials_expire_at]
@hmac = Fog::HMAC.new('sha256', @aws_secret_access_key)
end
def request(params)
refresh_credentials_if_expired
idempotent = params.delete(:idempotent)
parser = params.delete(:parser)

28
lib/fog/aws/sqs.rb
View file

@ -3,9 +3,10 @@ require 'fog/aws'
module Fog
module AWS
class SQS < Fog::Service
extend Fog::AWS::CredentialFetcher::ServiceMethods
requires :aws_access_key_id, :aws_secret_access_key
recognizes :region, :host, :path, :port, :scheme, :persistent, :aws_session_token
recognizes :region, :host, :path, :port, :scheme, :persistent, :aws_session_token, :use_iam_profile, :aws_credentials_expire_at
request_path 'fog/aws/requests/sqs'
request :change_message_visibility
@ -35,8 +36,8 @@ module Fog
end
def initialize(options={})
@aws_access_key_id = options[:aws_access_key_id]
@use_iam_profile = options[:use_iam_profile]
setup_credentials(options)
@region = options[:region] || 'us-east-1'
unless ['ap-northeast-1', 'ap-southeast-1', 'eu-west-1', 'us-east-1', 'us-west-1', 'us-west-2'].include?(@region)
@ -52,10 +53,13 @@ module Fog
self.class.data[@region].delete(@aws_access_key_id)
end
def setup_credentials(options)
@aws_access_key_id = options[:aws_access_key_id]
end
end
class Real
include Fog::AWS::CredentialFetcher::ConnectionMethods
# Initialize connection to SQS
#
# ==== Notes
@ -75,11 +79,9 @@ module Fog
# ==== Returns
# * SQS object with connection to AWS.
def initialize(options={})
@aws_access_key_id = options[:aws_access_key_id]
@aws_secret_access_key = options[:aws_secret_access_key]
@aws_session_token = options[:aws_session_token]
@use_iam_profile = options[:use_iam_profile]
setup_credentials(options)
@connection_options = options[:connection_options] || {}
@hmac = Fog::HMAC.new('sha256', @aws_secret_access_key)
options[:region] ||= 'us-east-1'
@host = options[:host] || case options[:region]
when 'us-east-1'
@ -100,6 +102,14 @@ module Fog
private
def setup_credentials(options)
@aws_access_key_id = options[:aws_access_key_id]
@aws_secret_access_key = options[:aws_secret_access_key]
@aws_session_token = options[:aws_session_token]
@aws_credentials_expire_at = options[:aws_credentials_expire_at]
@hmac = Fog::HMAC.new('sha256', @aws_secret_access_key)
end
def path_from_queue_url(queue_url)
queue_url.split('.com', 2).last
end

36
lib/fog/aws/storage.rb
View file

@ -4,9 +4,10 @@ require 'fog/storage'
module Fog
module Storage
class AWS < Fog::Service
extend Fog::AWS::CredentialFetcher::ServiceMethods
requires :aws_access_key_id, :aws_secret_access_key
recognizes :endpoint, :region, :host, :path, :port, :scheme, :persistent
recognizes :endpoint, :region, :host, :path, :port, :scheme, :persistent, :use_iam_profile, :aws_session_token, :aws_credentials_expire_at
model_path 'fog/aws/models/storage'
collection :directories
@ -66,7 +67,8 @@ module Fog
def cdn
@cdn ||= Fog::AWS::CDN.new(
:aws_access_key_id => @aws_access_key_id,
:aws_secret_access_key => @aws_secret_access_key
:aws_secret_access_key => @aws_secret_access_key,
:use_iam_profile => @use_iam_profile
)
end
@ -195,8 +197,8 @@ module Fog
def initialize(options={})
require 'mime/types'
@aws_access_key_id = options[:aws_access_key_id]
@aws_secret_access_key = options[:aws_secret_access_key]
@use_iam_profile = options[:use_iam_profile]
setup_credentials(options)
options[:region] ||= 'us-east-1'
@host = options[:host] || case options[:region]
when 'us-east-1'
@ -220,11 +222,18 @@ module Fog
"foo"
end
def setup_credentials
@aws_access_key_id = options[:aws_access_key_id]
@aws_secret_access_key = options[:aws_secret_access_key]
@aws_session_token = options[:aws_session_token]
@aws_credentials_expire_at = options[:aws_credentials_expire_at]
end
end
class Real
include Utils
include Fog::AWS::CredentialFetcher::ConnectionMethods
# Initialize connection to S3
#
# ==== Notes
@ -247,10 +256,10 @@ module Fog
require 'fog/core/parser'
require 'mime/types'
@aws_access_key_id = options[:aws_access_key_id]
@aws_secret_access_key = options[:aws_secret_access_key]
@use_iam_profile = options[:use_iam_profile]
setup_credentials(options)
@connection_options = options[:connection_options] || {}
@hmac = Fog::HMAC.new('sha1', @aws_secret_access_key)
if @endpoint = options[:endpoint]
endpoint = URI.parse(@endpoint)
@host = endpoint.host
@ -357,7 +366,18 @@ DATA
private
def setup_credentials(options)
@aws_access_key_id = options[:aws_access_key_id]
@aws_secret_access_key = options[:aws_secret_access_key]
@aws_session_token = options[:aws_session_token]
@aws_credentials_expire_at = options[:aws_credentials_expire_at]
@hmac = Fog::HMAC.new('sha1', @aws_secret_access_key)
end
def request(params, &block)
refresh_credentials_if_expired
params[:headers]['Date'] = Fog::Time.now.to_date_header
params[:headers]['Authorization'] = "AWS #{@aws_access_key_id}:#{signature(params)}"

19
lib/fog/core/service.rb
View file

@ -47,15 +47,8 @@ module Fog
end
def new(options={})
# attempt to load credentials from config file
options = Fog.symbolize_credentials(options)
begin
default_credentials = Fog.credentials.reject {|key, value| !(recognized | requirements).include?(key)}
options = default_credentials.merge(options)
rescue LoadError
# if there are no configured credentials, do nothing
end
options = fetch_credentials(options).merge(options)
validate_options(options)
coerce_options(options)
setup_requirements
@ -69,6 +62,16 @@ module Fog
end
end
def fetch_credentials(options)
# attempt to load credentials from config file
begin
default_credentials = Fog.credentials.reject {|key, value| !(recognized | requirements).include?(key)}
rescue LoadError
# if there are no configured credentials, do nothing
{}
end
end
def setup_requirements
if superclass.respond_to?(:setup_requirements)
superclass.setup_requirements