aws-sdk-s3 1.101.0 → 1.105.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +20 -0
- data/VERSION +1 -1
- data/lib/aws-sdk-s3/arn/access_point_arn.rb +6 -6
- data/lib/aws-sdk-s3/arn/multi_region_access_point_arn.rb +68 -0
- data/lib/aws-sdk-s3/arn/object_lambda_arn.rb +6 -6
- data/lib/aws-sdk-s3/arn/outpost_access_point_arn.rb +7 -6
- data/lib/aws-sdk-s3/bucket.rb +5 -5
- data/lib/aws-sdk-s3/client.rb +289 -270
- data/lib/aws-sdk-s3/client_api.rb +3 -0
- data/lib/aws-sdk-s3/object.rb +18 -18
- data/lib/aws-sdk-s3/object_summary.rb +12 -12
- data/lib/aws-sdk-s3/plugins/accelerate.rb +1 -1
- data/lib/aws-sdk-s3/plugins/arn.rb +59 -33
- data/lib/aws-sdk-s3/plugins/bucket_dns.rb +1 -1
- data/lib/aws-sdk-s3/plugins/dualstack.rb +25 -31
- data/lib/aws-sdk-s3/plugins/s3_signer.rb +29 -5
- data/lib/aws-sdk-s3/presigner.rb +6 -0
- data/lib/aws-sdk-s3/types.rb +78 -57
- data/lib/aws-sdk-s3.rb +1 -1
- metadata +7 -6
@@ -22,6 +22,7 @@ module Aws::S3
|
|
22
22
|
AcceptRanges = Shapes::StringShape.new(name: 'AcceptRanges')
|
23
23
|
AccessControlPolicy = Shapes::StructureShape.new(name: 'AccessControlPolicy')
|
24
24
|
AccessControlTranslation = Shapes::StructureShape.new(name: 'AccessControlTranslation')
|
25
|
+
AccessPointArn = Shapes::StringShape.new(name: 'AccessPointArn')
|
25
26
|
AccountId = Shapes::StringShape.new(name: 'AccountId')
|
26
27
|
AllowQuotedRecordDelimiter = Shapes::BooleanShape.new(name: 'AllowQuotedRecordDelimiter')
|
27
28
|
AllowedHeader = Shapes::StringShape.new(name: 'AllowedHeader')
|
@@ -1686,6 +1687,7 @@ module Aws::S3
|
|
1686
1687
|
|
1687
1688
|
MetricsAndOperator.add_member(:prefix, Shapes::ShapeRef.new(shape: Prefix, location_name: "Prefix"))
|
1688
1689
|
MetricsAndOperator.add_member(:tags, Shapes::ShapeRef.new(shape: TagSet, location_name: "Tag", metadata: {"flattened"=>true}))
|
1690
|
+
MetricsAndOperator.add_member(:access_point_arn, Shapes::ShapeRef.new(shape: AccessPointArn, location_name: "AccessPointArn"))
|
1689
1691
|
MetricsAndOperator.struct_class = Types::MetricsAndOperator
|
1690
1692
|
|
1691
1693
|
MetricsConfiguration.add_member(:id, Shapes::ShapeRef.new(shape: MetricsId, required: true, location_name: "Id"))
|
@@ -1696,6 +1698,7 @@ module Aws::S3
|
|
1696
1698
|
|
1697
1699
|
MetricsFilter.add_member(:prefix, Shapes::ShapeRef.new(shape: Prefix, location_name: "Prefix"))
|
1698
1700
|
MetricsFilter.add_member(:tag, Shapes::ShapeRef.new(shape: Tag, location_name: "Tag"))
|
1701
|
+
MetricsFilter.add_member(:access_point_arn, Shapes::ShapeRef.new(shape: AccessPointArn, location_name: "AccessPointArn"))
|
1699
1702
|
MetricsFilter.add_member(:and, Shapes::ShapeRef.new(shape: MetricsAndOperator, location_name: "And"))
|
1700
1703
|
MetricsFilter.struct_class = Types::MetricsFilter
|
1701
1704
|
|
data/lib/aws-sdk-s3/object.rb
CHANGED
@@ -184,10 +184,10 @@ module Aws::S3
|
|
184
184
|
end
|
185
185
|
|
186
186
|
# If the object is stored using server-side encryption either with an
|
187
|
-
# Amazon Web Services KMS
|
188
|
-
#
|
189
|
-
#
|
190
|
-
#
|
187
|
+
# Amazon Web Services KMS key or an Amazon S3-managed encryption key,
|
188
|
+
# the response includes this header with the value of the server-side
|
189
|
+
# encryption algorithm used when storing this object in Amazon S3 (for
|
190
|
+
# example, AES256, aws:kms).
|
191
191
|
# @return [String]
|
192
192
|
def server_side_encryption
|
193
193
|
data[:server_side_encryption]
|
@@ -217,8 +217,8 @@ module Aws::S3
|
|
217
217
|
end
|
218
218
|
|
219
219
|
# If present, specifies the ID of the Amazon Web Services Key Management
|
220
|
-
# Service (Amazon Web Services KMS) symmetric customer managed
|
221
|
-
#
|
220
|
+
# Service (Amazon Web Services KMS) symmetric customer managed key that
|
221
|
+
# was used for the object.
|
222
222
|
# @return [String]
|
223
223
|
def ssekms_key_id
|
224
224
|
data[:ssekms_key_id]
|
@@ -1028,13 +1028,13 @@ module Aws::S3
|
|
1028
1028
|
# RFC 1321. Amazon S3 uses this header for a message integrity check to
|
1029
1029
|
# ensure that the encryption key was transmitted without error.
|
1030
1030
|
# @option options [String] :ssekms_key_id
|
1031
|
-
# Specifies the ID of the symmetric customer managed
|
1032
|
-
#
|
1033
|
-
#
|
1034
|
-
#
|
1035
|
-
#
|
1036
|
-
#
|
1037
|
-
#
|
1031
|
+
# Specifies the ID of the symmetric customer managed key to use for
|
1032
|
+
# object encryption. All GET and PUT requests for an object protected by
|
1033
|
+
# Amazon Web Services KMS will fail if not made via SSL or using SigV4.
|
1034
|
+
# For information about configuring using any of the officially
|
1035
|
+
# supported Amazon Web Services SDKs and Amazon Web Services CLI, see
|
1036
|
+
# [Specifying the Signature Version in Request Authentication][1] in the
|
1037
|
+
# *Amazon S3 User Guide*.
|
1038
1038
|
#
|
1039
1039
|
#
|
1040
1040
|
#
|
@@ -1277,12 +1277,12 @@ module Aws::S3
|
|
1277
1277
|
# If `x-amz-server-side-encryption` is present and has the value of
|
1278
1278
|
# `aws:kms`, this header specifies the ID of the Amazon Web Services Key
|
1279
1279
|
# Management Service (Amazon Web Services KMS) symmetrical customer
|
1280
|
-
# managed
|
1281
|
-
#
|
1280
|
+
# managed key that was used for the object. If you specify
|
1281
|
+
# `x-amz-server-side-encryption:aws:kms`, but do not provide`
|
1282
1282
|
# x-amz-server-side-encryption-aws-kms-key-id`, Amazon S3 uses the
|
1283
|
-
# Amazon Web Services managed
|
1284
|
-
#
|
1285
|
-
#
|
1283
|
+
# Amazon Web Services managed key to protect the data. If the KMS key
|
1284
|
+
# does not exist in the same account issuing the command, you must use
|
1285
|
+
# the full ARN and not just the ID.
|
1286
1286
|
# @option options [String] :ssekms_encryption_context
|
1287
1287
|
# Specifies the Amazon Web Services KMS Encryption Context to use for
|
1288
1288
|
# object encryption. The value of this header is a base64-encoded UTF-8
|
@@ -772,13 +772,13 @@ module Aws::S3
|
|
772
772
|
# RFC 1321. Amazon S3 uses this header for a message integrity check to
|
773
773
|
# ensure that the encryption key was transmitted without error.
|
774
774
|
# @option options [String] :ssekms_key_id
|
775
|
-
# Specifies the ID of the symmetric customer managed
|
776
|
-
#
|
777
|
-
#
|
778
|
-
#
|
779
|
-
#
|
780
|
-
#
|
781
|
-
#
|
775
|
+
# Specifies the ID of the symmetric customer managed key to use for
|
776
|
+
# object encryption. All GET and PUT requests for an object protected by
|
777
|
+
# Amazon Web Services KMS will fail if not made via SSL or using SigV4.
|
778
|
+
# For information about configuring using any of the officially
|
779
|
+
# supported Amazon Web Services SDKs and Amazon Web Services CLI, see
|
780
|
+
# [Specifying the Signature Version in Request Authentication][1] in the
|
781
|
+
# *Amazon S3 User Guide*.
|
782
782
|
#
|
783
783
|
#
|
784
784
|
#
|
@@ -1021,12 +1021,12 @@ module Aws::S3
|
|
1021
1021
|
# If `x-amz-server-side-encryption` is present and has the value of
|
1022
1022
|
# `aws:kms`, this header specifies the ID of the Amazon Web Services Key
|
1023
1023
|
# Management Service (Amazon Web Services KMS) symmetrical customer
|
1024
|
-
# managed
|
1025
|
-
#
|
1024
|
+
# managed key that was used for the object. If you specify
|
1025
|
+
# `x-amz-server-side-encryption:aws:kms`, but do not provide`
|
1026
1026
|
# x-amz-server-side-encryption-aws-kms-key-id`, Amazon S3 uses the
|
1027
|
-
# Amazon Web Services managed
|
1028
|
-
#
|
1029
|
-
#
|
1027
|
+
# Amazon Web Services managed key to protect the data. If the KMS key
|
1028
|
+
# does not exist in the same account issuing the command, you must use
|
1029
|
+
# the full ARN and not just the ID.
|
1030
1030
|
# @option options [String] :ssekms_encryption_context
|
1031
1031
|
# Specifies the Amazon Web Services KMS Encryption Context to use for
|
1032
1032
|
# object encryption. The value of this header is a base64-encoded UTF-8
|
@@ -41,7 +41,7 @@ each bucket. [Go here for more information](http://docs.aws.amazon.com/AmazonS3/
|
|
41
41
|
accelerate = context.params.delete(:use_accelerate_endpoint)
|
42
42
|
end
|
43
43
|
accelerate = context.config.use_accelerate_endpoint if accelerate.nil?
|
44
|
-
# Raise if :endpoint and
|
44
|
+
# Raise if :endpoint and accelerate are both provided
|
45
45
|
if accelerate && !context.config.regional_endpoint
|
46
46
|
raise ArgumentError,
|
47
47
|
'Cannot use both :use_accelerate_endpoint and :endpoint'
|
@@ -3,6 +3,7 @@
|
|
3
3
|
require_relative '../arn/access_point_arn'
|
4
4
|
require_relative '../arn/object_lambda_arn'
|
5
5
|
require_relative '../arn/outpost_access_point_arn'
|
6
|
+
require_relative '../arn/multi_region_access_point_arn'
|
6
7
|
|
7
8
|
module Aws
|
8
9
|
module S3
|
@@ -23,6 +24,18 @@ be made. Set to `false` to use the client's region instead.
|
|
23
24
|
resolve_s3_use_arn_region(cfg)
|
24
25
|
end
|
25
26
|
|
27
|
+
option(
|
28
|
+
:s3_disable_multiregion_access_points,
|
29
|
+
default: false,
|
30
|
+
doc_type: 'Boolean',
|
31
|
+
docstring: <<-DOCS) do |cfg|
|
32
|
+
When set to `false` this will option will raise errors when multi-region
|
33
|
+
access point ARNs are used. Multi-region access points can potentially
|
34
|
+
result in cross region requests.
|
35
|
+
DOCS
|
36
|
+
resolve_s3_disable_multiregion_access_points(cfg)
|
37
|
+
end
|
38
|
+
|
26
39
|
# param validator is validate:50
|
27
40
|
# endpoint is build:90 (populates the URI for the first time)
|
28
41
|
# endpoint pattern is build:10
|
@@ -64,17 +77,10 @@ be made. Set to `false` to use the client's region instead.
|
|
64
77
|
if arn
|
65
78
|
validate_config!(context, arn)
|
66
79
|
|
67
|
-
fips = false
|
68
|
-
if resolved_region.include?('fips')
|
69
|
-
fips = true
|
70
|
-
resolved_region = resolved_region.gsub('fips-', '')
|
71
|
-
.gsub('-fips', '')
|
72
|
-
end
|
73
|
-
|
74
80
|
context.metadata[:s3_arn] = {
|
75
81
|
arn: arn,
|
76
82
|
resolved_region: resolved_region,
|
77
|
-
fips:
|
83
|
+
fips: context.config.use_fips_endpoint,
|
78
84
|
dualstack: extract_dualstack_config!(context)
|
79
85
|
}
|
80
86
|
end
|
@@ -113,8 +119,21 @@ be made. Set to `false` to use the client's region instead.
|
|
113
119
|
|
114
120
|
if !arn.support_dualstack? && context[:use_dualstack_endpoint]
|
115
121
|
raise ArgumentError,
|
116
|
-
'Cannot provide an Outpost Access Point
|
117
|
-
'
|
122
|
+
'Cannot provide an Outpost Access Point, Object Lambda, '\
|
123
|
+
'or Multi-region Access Point ARN'\
|
124
|
+
' when `:use_dualstack_endpoint` is set to true.'
|
125
|
+
end
|
126
|
+
|
127
|
+
if arn.region.empty? && context.config.s3_disable_multiregion_access_points
|
128
|
+
raise ArgumentError,
|
129
|
+
'Cannot provide a Multi-region Access Point ARN with '\
|
130
|
+
'`:s3_disable_multiregion_access_points` set to true'
|
131
|
+
end
|
132
|
+
|
133
|
+
if context.config.use_fips_endpoint && !arn.support_fips?
|
134
|
+
raise ArgumentError,
|
135
|
+
'FIPS client regions are not supported for this type '\
|
136
|
+
'of ARN.'
|
118
137
|
end
|
119
138
|
end
|
120
139
|
end
|
@@ -127,7 +146,7 @@ be made. Set to `false` to use the client's region instead.
|
|
127
146
|
s3_arn = resolve_arn_type!(arn)
|
128
147
|
s3_arn.validate_arn!
|
129
148
|
validate_region_config!(s3_arn, region, use_arn_region)
|
130
|
-
region = s3_arn.region if use_arn_region
|
149
|
+
region = s3_arn.region if use_arn_region
|
131
150
|
[region, s3_arn]
|
132
151
|
else
|
133
152
|
[region]
|
@@ -147,7 +166,9 @@ be made. Set to `false` to use the client's region instead.
|
|
147
166
|
def resolve_arn_type!(arn)
|
148
167
|
case arn.service
|
149
168
|
when 's3'
|
150
|
-
|
169
|
+
arn.region.empty? ?
|
170
|
+
Aws::S3::MultiRegionAccessPointARN.new(arn.to_h) :
|
171
|
+
Aws::S3::AccessPointARN.new(arn.to_h)
|
151
172
|
when 's3-outposts'
|
152
173
|
Aws::S3::OutpostAccessPointARN.new(arn.to_h)
|
153
174
|
when 's3-object-lambda'
|
@@ -174,6 +195,21 @@ be made. Set to `false` to use the client's region instead.
|
|
174
195
|
value
|
175
196
|
end
|
176
197
|
|
198
|
+
def resolve_s3_disable_multiregion_access_points(cfg)
|
199
|
+
value = ENV['AWS_S3_DISABLE_MULTIREGION_ACCESS_POINTS'] ||
|
200
|
+
Aws.shared_config.s3_disable_multiregion_access_points(profile: cfg.profile) ||
|
201
|
+
'false'
|
202
|
+
value = Aws::Util.str_2_bool(value)
|
203
|
+
# Raise if provided value is not true or false
|
204
|
+
if value.nil?
|
205
|
+
raise ArgumentError,
|
206
|
+
'Must provide either `true` or `false` for '\
|
207
|
+
's3_use_arn_region profile option or for '\
|
208
|
+
"ENV['AWS_S3_USE_ARN_REGION']"
|
209
|
+
end
|
210
|
+
value
|
211
|
+
end
|
212
|
+
|
177
213
|
# Remove ARN from the path because we've already set the new host
|
178
214
|
def url_path(path, arn)
|
179
215
|
path = path.sub("/#{Seahorse::Util.uri_escape(arn.to_s)}", '')
|
@@ -195,29 +231,19 @@ be made. Set to `false` to use the client's region instead.
|
|
195
231
|
raise Aws::Errors::InvalidARNPartitionError
|
196
232
|
end
|
197
233
|
else
|
198
|
-
|
199
|
-
|
200
|
-
|
201
|
-
|
202
|
-
|
203
|
-
|
234
|
+
# use_arn_region does not apply to MRAP (global) arns
|
235
|
+
unless arn.region.empty?
|
236
|
+
# Raise if the ARN and client regions are in different partitions
|
237
|
+
if use_arn_region &&
|
238
|
+
!Aws::Partitions.partition(arn.partition).region?(region)
|
239
|
+
raise Aws::Errors::InvalidARNPartitionError
|
204
240
|
end
|
205
241
|
|
206
|
-
|
207
|
-
#
|
208
|
-
|
209
|
-
|
210
|
-
|
211
|
-
# Raise if the ARN and client regions are in different partitions
|
212
|
-
if use_arn_region &&
|
213
|
-
!Aws::Partitions.partition(arn.partition).region?(region)
|
214
|
-
raise Aws::Errors::InvalidARNPartitionError
|
215
|
-
end
|
216
|
-
|
217
|
-
# Raise if regions mismatch
|
218
|
-
# Either when it's a fips client or not using the ARN region
|
219
|
-
if (!use_arn_region || fips) && region != arn.region
|
220
|
-
raise Aws::Errors::InvalidARNRegionError
|
242
|
+
# Raise if regions mismatch
|
243
|
+
# Either when it's a fips client or not using the ARN region
|
244
|
+
if !use_arn_region && region != arn.region
|
245
|
+
raise Aws::Errors::InvalidARNRegionError
|
246
|
+
end
|
221
247
|
end
|
222
248
|
end
|
223
249
|
end
|
@@ -5,18 +5,9 @@ module Aws
|
|
5
5
|
module Plugins
|
6
6
|
# @api private
|
7
7
|
class Dualstack < Seahorse::Client::Plugin
|
8
|
-
|
9
|
-
option(:use_dualstack_endpoint,
|
10
|
-
default: false,
|
11
|
-
doc_type: 'Boolean',
|
12
|
-
docstring: <<-DOCS)
|
13
|
-
When set to `true`, IPv6-compatible bucket endpoints will be used
|
14
|
-
for all operations.
|
15
|
-
DOCS
|
16
|
-
|
17
8
|
def add_handlers(handlers, config)
|
18
9
|
handlers.add(OptionHandler, step: :initialize)
|
19
|
-
handlers.add(DualstackHandler, step: :build, priority:
|
10
|
+
handlers.add(DualstackHandler, step: :build, priority: 49)
|
20
11
|
end
|
21
12
|
|
22
13
|
# @api private
|
@@ -40,38 +31,41 @@ for all operations.
|
|
40
31
|
# @api private
|
41
32
|
class DualstackHandler < Seahorse::Client::Handler
|
42
33
|
def call(context)
|
43
|
-
if
|
34
|
+
# only rewrite the endpoint if it's not a custom endpoint
|
35
|
+
# accelerate/ARN already handle dualstack cases, so ignore these
|
36
|
+
# check to see if dualstack is on but configured off via operation
|
37
|
+
if context.config.regional_endpoint &&
|
38
|
+
use_dualstack_endpoint?(context)
|
44
39
|
apply_dualstack_endpoint(context)
|
45
40
|
end
|
46
41
|
@handler.call(context)
|
47
42
|
end
|
48
43
|
|
49
44
|
private
|
50
|
-
def apply_dualstack_endpoint(context)
|
51
|
-
bucket_name = context.params[:bucket]
|
52
|
-
region = context.config.region
|
53
|
-
dns_suffix = Aws::Partitions::EndpointProvider.dns_suffix_for(region)
|
54
45
|
|
55
|
-
|
56
|
-
|
57
|
-
|
58
|
-
|
59
|
-
|
46
|
+
def apply_dualstack_endpoint(context)
|
47
|
+
new_endpoint = Aws::Partitions::EndpointProvider.resolve(
|
48
|
+
context.config.region,
|
49
|
+
's3',
|
50
|
+
'regional',
|
51
|
+
{
|
52
|
+
dualstack: context[:use_dualstack_endpoint],
|
53
|
+
fips: context.config.use_fips_endpoint
|
54
|
+
}
|
55
|
+
)
|
60
56
|
endpoint = URI.parse(context.http_request.endpoint.to_s)
|
61
|
-
endpoint.
|
62
|
-
|
63
|
-
endpoint.host = host
|
64
|
-
context.http_request.endpoint = endpoint.to_s
|
65
|
-
end
|
66
|
-
|
67
|
-
def use_bucket_dns?(bucket_name, context)
|
68
|
-
ssl = context.http_request.endpoint.scheme == "https"
|
69
|
-
bucket_name && BucketDns.dns_compatible?(bucket_name, ssl) &&
|
70
|
-
!context.config.force_path_style
|
57
|
+
endpoint.host = URI.parse(new_endpoint).host
|
58
|
+
context.http_request.endpoint = endpoint
|
71
59
|
end
|
72
60
|
|
73
61
|
def use_dualstack_endpoint?(context)
|
74
|
-
|
62
|
+
# case when dualstack is turned off via operation
|
63
|
+
(context[:use_dualstack_endpoint] ||
|
64
|
+
context.config.use_dualstack_endpoint) &&
|
65
|
+
# accelerate plugin already applies dualstack
|
66
|
+
!context[:use_accelerate_endpoint] &&
|
67
|
+
# arns handle dualstack
|
68
|
+
!context.metadata[:s3_arn]
|
75
69
|
end
|
76
70
|
end
|
77
71
|
|
@@ -22,7 +22,9 @@ module Aws
|
|
22
22
|
# S3 removes core's signature_v4 plugin that checks for this
|
23
23
|
raise Aws::Errors::MissingRegionError if cfg.region.nil?
|
24
24
|
|
25
|
-
Aws::Partitions::EndpointProvider.signing_region(
|
25
|
+
Aws::Partitions::EndpointProvider.signing_region(
|
26
|
+
cfg.region, 's3'
|
27
|
+
)
|
26
28
|
end
|
27
29
|
|
28
30
|
def add_handlers(handlers, cfg)
|
@@ -74,9 +76,17 @@ module Aws
|
|
74
76
|
credentials: context.config.credentials
|
75
77
|
)
|
76
78
|
elsif (arn = context.metadata[:s3_arn])
|
79
|
+
if arn[:arn].is_a?(MultiRegionAccessPointARN)
|
80
|
+
signing_region = '*'
|
81
|
+
signing_algorithm = :sigv4a
|
82
|
+
else
|
83
|
+
signing_region = arn[:resolved_region]
|
84
|
+
signing_algorithm = :sigv4
|
85
|
+
end
|
77
86
|
S3Signer.build_v4_signer(
|
78
87
|
service: arn[:arn].service,
|
79
|
-
|
88
|
+
signing_algorithm: signing_algorithm,
|
89
|
+
region: signing_region,
|
80
90
|
credentials: context.config.credentials
|
81
91
|
)
|
82
92
|
elsif context.operation.name == 'WriteGetObjectResponse'
|
@@ -154,7 +164,12 @@ module Aws
|
|
154
164
|
|
155
165
|
def custom_endpoint?(resp)
|
156
166
|
resolved_suffix = Aws::Partitions::EndpointProvider.dns_suffix_for(
|
157
|
-
resp.context.config.region
|
167
|
+
resp.context.config.region,
|
168
|
+
's3',
|
169
|
+
{
|
170
|
+
dualstack: resp.context[:use_dualstack_endpoint],
|
171
|
+
fips: resp.context.config.use_fips_endpoint
|
172
|
+
}
|
158
173
|
)
|
159
174
|
!resp.context.http_request.endpoint.hostname.include?(resolved_suffix)
|
160
175
|
end
|
@@ -216,6 +231,7 @@ module Aws
|
|
216
231
|
service: options[:service],
|
217
232
|
region: options[:region],
|
218
233
|
credentials_provider: options[:credentials],
|
234
|
+
signing_algorithm: options.fetch(:signing_algorithm, :sigv4),
|
219
235
|
uri_escape_path: false,
|
220
236
|
unsigned_headers: ['content-length', 'x-amzn-trace-id']
|
221
237
|
)
|
@@ -225,12 +241,20 @@ module Aws
|
|
225
241
|
# Otherwise it will retry with the ARN as the bucket name.
|
226
242
|
def new_hostname(context, region)
|
227
243
|
uri = URI.parse(
|
228
|
-
Aws::Partitions::EndpointProvider.resolve(
|
244
|
+
Aws::Partitions::EndpointProvider.resolve(
|
245
|
+
region, 's3', 'regional',
|
246
|
+
{
|
247
|
+
dualstack: context[:use_dualstack_endpoint],
|
248
|
+
fips: context.config.use_fips_endpoint
|
249
|
+
}
|
250
|
+
)
|
229
251
|
)
|
230
252
|
|
231
253
|
if (arn = context.metadata[:s3_arn])
|
232
254
|
# Retry with the response region and not the ARN resolved one
|
233
|
-
ARN.resolve_url!(
|
255
|
+
ARN.resolve_url!(
|
256
|
+
uri, arn[:arn], region, arn[:fips], arn[:dualstack]
|
257
|
+
).host
|
234
258
|
else
|
235
259
|
"#{context.params[:bucket]}.#{uri.host}"
|
236
260
|
end
|
data/lib/aws-sdk-s3/presigner.rb
CHANGED
@@ -231,17 +231,23 @@ module Aws
|
|
231
231
|
end
|
232
232
|
http_req.endpoint.query = query.join('&') unless query.empty?
|
233
233
|
|
234
|
+
signing_algorithm = :sigv4
|
235
|
+
|
234
236
|
# If it's an ARN, get the resolved region and service
|
235
237
|
if (arn = context.metadata[:s3_arn])
|
236
238
|
region = arn[:resolved_region]
|
237
239
|
service = arn[:arn].service
|
240
|
+
region = arn[:arn].is_a?(MultiRegionAccessPointARN) ? '*': arn[:resolved_region]
|
241
|
+
signing_algorithm = arn[:arn].is_a?(MultiRegionAccessPointARN) ? :sigv4a : :sigv4
|
238
242
|
end
|
239
243
|
|
240
244
|
signer = Aws::Sigv4::Signer.new(
|
241
245
|
service: service || 's3',
|
242
246
|
region: region || context.config.region,
|
247
|
+
signing_algorithm: signing_algorithm,
|
243
248
|
credentials_provider: context.config.credentials,
|
244
249
|
unsigned_headers: unsigned_headers,
|
250
|
+
apply_checksum_header: false,
|
245
251
|
uri_escape_path: false
|
246
252
|
)
|
247
253
|
|