mirror of
https://github.com/fog/fog.git
synced 2022-11-09 13:51:43 -05:00
[AWS|Compute] switch to signature version 4
This commit is contained in:
Frederick Cheung
parent
5668e6e4b1
commit
3e56d4e192
2 changed files with 40 additions and 18 deletions
|
|
@ -451,14 +451,15 @@ module Fog
|
|||
def initialize(options={})
|
||||
require 'fog/core/parser'
|
||||
|
||||
@use_iam_profile = options[:use_iam_profile]
|
||||
setup_credentials(options)
|
||||
@connection_options = options[:connection_options] || {}
|
||||
@region = options[:region] ||= 'us-east-1'
|
||||
@instrumentor = options[:instrumentor]
|
||||
@instrumentor_name = options[:instrumentor_name] || 'fog.aws.compute'
|
||||
@version = options[:version] || '2014-06-15'
|
||||
|
||||
@use_iam_profile = options[:use_iam_profile]
|
||||
setup_credentials(options)
|
||||
|
||||
if @endpoint = options[:endpoint]
|
||||
endpoint = URI.parse(@endpoint)
|
||||
@host = endpoint.host or raise InvalidURIError.new("could not parse endpoint: #{@endpoint}")
|
||||
|
|
@ -488,7 +489,7 @@ module Fog
|
|||
@aws_session_token = options[:aws_session_token]
|
||||
@aws_credentials_expire_at = options[:aws_credentials_expire_at]
|
||||
|
||||
@hmac = Fog::HMAC.new('sha256', @aws_secret_access_key)
|
||||
@signer = Fog::AWS::SignatureV4.new( @aws_access_key_id, @aws_secret_access_key,@region,'ec2')
|
||||
end
|
||||
|
||||
def request(params)
|
||||
|
|
@ -496,33 +497,33 @@ module Fog
|
|||
idempotent = params.delete(:idempotent)
|
||||
parser = params.delete(:parser)
|
||||
|
||||
body = Fog::AWS.signed_params(
|
||||
params,
|
||||
{
|
||||
:aws_access_key_id => @aws_access_key_id,
|
||||
:aws_session_token => @aws_session_token,
|
||||
:hmac => @hmac,
|
||||
:host => @host,
|
||||
:path => @path,
|
||||
:port => @port,
|
||||
:version => @version
|
||||
body, headers = Fog::AWS.signed_params_v4(
|
||||
params,
|
||||
{'Content-Type' => 'application/x-www-form-urlencoded'},
|
||||
{
|
||||
:host => @host,
|
||||
:path => @path,
|
||||
:port => @port,
|
||||
:version => @version,
|
||||
:signer => @signer,
|
||||
:aws_session_token => @aws_session_token,
|
||||
:method => "POST"
|
||||
}
|
||||
)
|
||||
|
||||
if @instrumentor
|
||||
@instrumentor.instrument("#{@instrumentor_name}.request", params) do
|
||||
_request(body, idempotent, parser)
|
||||
_request(body, headers, idempotent, parser)
|
||||
end
|
||||
else
|
||||
_request(body, idempotent, parser)
|
||||
_request(body, headers, idempotent, parser)
|
||||
end
|
||||
end
|
||||
|
||||
def _request(body, idempotent, parser)
|
||||
def _request(body, headers, idempotent, parser)
|
||||
@connection.request({
|
||||
:body => body,
|
||||
:expects => 200,
|
||||
:headers => { 'Content-Type' => 'application/x-www-form-urlencoded' },
|
||||
:headers => headers,
|
||||
:idempotent => idempotent,
|
||||
:method => 'POST',
|
||||
:parser => parser
|
||||
|
|
|
|||
|
|
@ -94,6 +94,27 @@ module Fog
|
|||
}
|
||||
end
|
||||
|
||||
def self.signed_params_v4(params, headers, options={})
|
||||
date = Fog::Time.now
|
||||
|
||||
params = params.merge('Version' => options[:version])
|
||||
|
||||
headers = headers.merge('Host' => options[:host], 'x-amz-date' => date.to_iso8601_basic)
|
||||
headers['x-amz-security-token'] = options[:aws_session_token] if options[:aws_session_token]
|
||||
|
||||
body = ''
|
||||
for key in params.keys.sort
|
||||
unless (value = params[key]).nil?
|
||||
body << "#{key}=#{escape(value.to_s)}&"
|
||||
end
|
||||
end
|
||||
body.chop!
|
||||
|
||||
headers['Authorization'] = options[:signer].sign({:method => options[:method], :headers => headers, :body => body, :query => {}, :path => options[:path]}, date)
|
||||
|
||||
return body, headers
|
||||
end
|
||||
|
||||
def self.signed_params(params, options = {})
|
||||
params.merge!({
|
||||
'AWSAccessKeyId' => options[:aws_access_key_id],
|
||||
|
|
|
|||
Loading…
Reference in a new issue