Discussion:
AWS CDN - Trusted Signers error
Roshan Baliga
2013-03-11 03:29:35 UTC
Permalink
Hi,
I am using Fog 1.9.0 to create a CloudFront streaming distribution. If I
don't specify TrustedSigners, a streaming distribution post request results
in the creation of a streaming distribution.
However if I add TrustedSigners a 400 (Bad Request) is returned.
From t e Fog documentation, TrustedSigners is an array:
'TrustedSigners'<~Array> - Optional grant of rights to up to 5 aws
accounts to generate signed URLs for private content, elements are either
'Self' for your own account or an
AWS<http://ruby-doc.org/gems/docs/t/tag-fog-1.0.1/Fog/CDN/AWS.html>
Account
Number
I use it in the following manner:

---------------------------------------------------------------------------------------------------------------------
require 'fog'

conn = Fog::CDN.new(
:provider => 'AWS',
:aws_access_key_id => 'xyz',
:aws_secret_access_key => 'abcd'
)
p = {"Enabled"=>true, "S3Origin"=>{"DNSName"=>"simple-test.s3.amazonaws.com",
"OriginAccessIdentity"=>"origin-access-identity/cloudfront/E3QU39FOKP0LeP"},
"TrustedSigners"=>['self']}
resp = conn.post_streaming_distribution(p)
puts resp.body
puts resp.headers
-----------------------------------------------------------------------------------------------------------------------

I get the following error:

-----------------------------------------------------------------------------------------------------------------------
`request_kernel': Expected(201) <=> Actual(400 Bad Request)
(Excon::Errors::BadRequest)
request => {:connect_timeout=>60, :headers=>{"User-Agent"=>"fog/1.9.0",
"Content-Type"=>"text/xml", "Date"=>"Mon, 11 Mar 2013 02:14:39 +0000",
"Authorization"=>"AWS AKIAJWG3Y2H525I3MBWA:TVqcaXNNQ1NCbWAvSRYh75lQLoo=",
"Host"=>"cloudfront.amazonaws.com:443", "Content-Length"=>419},
:instrumentor_name=>"excon", :mock=>false, :read_timeout=>60,
:retry_limit=>4,
:ssl_ca_file=>"/usr/local/lib/ruby/gems/1.9.1/gems/excon-0.14.3/data/cacert.pem",
:ssl_verify_peer=>true, :write_timeout=>60, :host=>"cloudfront.amazonaws.com",
:path=>"/2010-11-01//streaming-distribution", :port=>"443", :query=>nil,
:scheme=>"https", :body=>"<?xml version=\"1.0\"
encoding=\"UTF-8\"?><StreamingDistributionConfig xmlns=\"
http://cloudfront.amazonaws.com/doc/2010-11-01/\
"><Enabled>true</Enabled><S3Origin><DNSName>test.s3.amazonaws.com
</DNSName><OriginAccessIdentity>origin-access-identity/cloudfront/E3QU39FOKP0LeP</OriginAccessIdentity></S3Origin>
<TrustedSigners>self</TrustedSigners><CallerReference>1362986179</CallerReference></StreamingDistributionConfig>",
:expects=>201, :idempotent=>true, :method=>"POST",
:response_block=>#<Proc:0x9fba80c@/usr/local/lib/ruby/gems/1.9.1/gems/fog-1.9.0/lib/fog/core/connection.rb:17
(lambda)>}
response => #<Excon::Response:0x9fae4a8 @body="<?xml
version=\"1.0\"?>\n<ErrorResponse xmlns=\"
http://cloudfront.amazonaws.com/doc/2010-11-01/\"><Error><Type>Sender</Type><Code>MalformedInput</Code><Message>Unexpected
complex element
termination</Message></Error><RequestId>72593a20-89f1-11e2-abb8-3518185a092c</RequestId></ErrorResponse>",
@headers={"x-amzn-RequestId"=>"72593a20-89f1-11e2-abb8-3518185a092c",
"Content-Type"=>"text/xml", "Content-Length"=>"286", "Date"=>"Mon, 11 Mar
2013 02:14:47 GMT"}, @status=400>
-----------------------------------------------------------------------------------------------------------------------

The creation of the TrustedSigners in the request body doesn't seem to be
what Amazon is expecting:
If I see the latest AWS documentation (
http://docs.aws.amazon.com/AmazonCloudFront/latest/APIReference/CreateStreamingDistribution.html),
AWS is expecting TrustedSigners in the following format:

<TrustedSigners>
<Quantity>3</Quantity>
<Items>
<AwsAccountNumber>self</AwsAccountNumber>
<AwsAccountNumber>111122223333</AwsAccountNumber>
<AwsAccountNumber>444455556666</AwsAccountNumber>
</Items>
</TrustedSigners>


and not <TrustedSigners>self</TrustedSigners> that Fog is sending out in
its body.

Is there something wrong in the way I am specifying TrustedSigners?


Regards,
Roshan
--
You received this message because you are subscribed to the Google Groups "ruby-fog" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ruby-fog+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/***@public.gmane.org
For more options, visit https://groups.google.com/groups/opt_out.
geemus (Wesley Beary)
2013-03-11 18:33:09 UTC
Permalink
Looks like you hit the nail on the head. It appears that we do relatively
naive xml building for that request, which is good enough in most cases but
doesn't work for that. An issue and/or pull request on the github repo
would be great (and I'd be happy to help out with that however I can).

It baffles me why they need it to be formatted this way instead of more
like other attributes (ie the quantity should be pretty apparent I would
think). Anyway, we should definitely update the code to accomodate this.
Post by Roshan Baliga
Hi,
I am using Fog 1.9.0 to create a CloudFront streaming distribution. If I
don't specify TrustedSigners, a streaming distribution post request results
in the creation of a streaming distribution.
However if I add TrustedSigners a 400 (Bad Request) is returned.
'TrustedSigners'<~Array> - Optional grant of rights to up to 5 aws
accounts to generate signed URLs for private content, elements are either
'Self' for your own account or an AWS<http://ruby-doc.org/gems/docs/t/tag-fog-1.0.1/Fog/CDN/AWS.html> Account
Number
---------------------------------------------------------------------------------------------------------------------
require 'fog'
conn = Fog::CDN.new(
:provider => 'AWS',
:aws_access_key_id => 'xyz',
:aws_secret_access_key => 'abcd'
)
p = {"Enabled"=>true, "S3Origin"=>{"DNSName"=>"
simple-test.s3.amazonaws.com",
"OriginAccessIdentity"=>"origin-access-identity/cloudfront/E3QU39FOKP0LeP"},
"TrustedSigners"=>['self']}
resp = conn.post_streaming_distribution(p)
puts resp.body
puts resp.headers
-----------------------------------------------------------------------------------------------------------------------
-----------------------------------------------------------------------------------------------------------------------
`request_kernel': Expected(201) <=> Actual(400 Bad Request)
(Excon::Errors::BadRequest)
request => {:connect_timeout=>60, :headers=>{"User-Agent"=>"fog/1.9.0",
"Content-Type"=>"text/xml", "Date"=>"Mon, 11 Mar 2013 02:14:39 +0000",
"Authorization"=>"AWS AKIAJWG3Y2H525I3MBWA:TVqcaXNNQ1NCbWAvSRYh75lQLoo=",
"Host"=>"cloudfront.amazonaws.com:443", "Content-Length"=>419},
:instrumentor_name=>"excon", :mock=>false, :read_timeout=>60,
:retry_limit=>4,
:ssl_ca_file=>"/usr/local/lib/ruby/gems/1.9.1/gems/excon-0.14.3/data/cacert.pem",
:ssl_verify_peer=>true, :write_timeout=>60, :host=>"
cloudfront.amazonaws.com", :path=>"/2010-11-01//streaming-distribution",
:port=>"443", :query=>nil, :scheme=>"https", :body=>"<?xml version=\"1.0\"
encoding=\"UTF-8\"?><StreamingDistributionConfig xmlns=\"
http://cloudfront.amazonaws.com/doc/2010-11-01/\
"><Enabled>true</Enabled><S3Origin><DNSName>test.s3.amazonaws.com
</DNSName><OriginAccessIdentity>origin-access-identity/cloudfront/E3QU39FOKP0LeP</OriginAccessIdentity></S3Origin>
<TrustedSigners>self</TrustedSigners><CallerReference>1362986179</CallerReference></StreamingDistributionConfig>",
:expects=>201, :idempotent=>true, :method=>"POST",
(lambda)>}
version=\"1.0\"?>\n<ErrorResponse xmlns=\"
http://cloudfront.amazonaws.com/doc/2010-11-01/\"><Error><Type>Sender</Type><Code>MalformedInput</Code><Message>Unexpected
complex element
termination</Message></Error><RequestId>72593a20-89f1-11e2-abb8-3518185a092c</RequestId></ErrorResponse>",
@headers={"x-amzn-RequestId"=>"72593a20-89f1-11e2-abb8-3518185a092c",
"Content-Type"=>"text/xml", "Content-Length"=>"286", "Date"=>"Mon, 11 Mar
-----------------------------------------------------------------------------------------------------------------------
The creation of the TrustedSigners in the request body doesn't seem to be
If I see the latest AWS documentation (
http://docs.aws.amazon.com/AmazonCloudFront/latest/APIReference/CreateStreamingDistribution.html),
<TrustedSigners>
<Quantity>3</Quantity>
<Items>
<AwsAccountNumber>self</AwsAccountNumber>
<AwsAccountNumber>111122223333</AwsAccountNumber>
<AwsAccountNumber>444455556666</AwsAccountNumber>
</Items>
</TrustedSigners>
and not <TrustedSigners>self</TrustedSigners> that Fog is sending out in
its body.
Is there something wrong in the way I am specifying TrustedSigners?
Regards,
Roshan
--
You received this message because you are subscribed to the Google Groups "ruby-fog" group.
To unsubscribe from this group and stop receiving emails from it, send an
For more options, visit https://groups.google.com/groups/opt_out.
--
You received this message because you are subscribed to the Google Groups "ruby-fog" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ruby-fog+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/***@public.gmane.org
For more options, visit https://groups.google.com/groups/opt_out.
Loading...