aws-sdk-s3 1.103.0 → 1.113.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (44) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +70 -0
  3. data/VERSION +1 -1
  4. data/lib/aws-sdk-s3/arn/access_point_arn.rb +6 -6
  5. data/lib/aws-sdk-s3/arn/multi_region_access_point_arn.rb +2 -3
  6. data/lib/aws-sdk-s3/arn/object_lambda_arn.rb +6 -6
  7. data/lib/aws-sdk-s3/arn/outpost_access_point_arn.rb +7 -6
  8. data/lib/aws-sdk-s3/bucket.rb +115 -18
  9. data/lib/aws-sdk-s3/bucket_acl.rb +18 -2
  10. data/lib/aws-sdk-s3/bucket_cors.rb +20 -4
  11. data/lib/aws-sdk-s3/bucket_lifecycle.rb +24 -6
  12. data/lib/aws-sdk-s3/bucket_lifecycle_configuration.rb +28 -6
  13. data/lib/aws-sdk-s3/bucket_logging.rb +18 -2
  14. data/lib/aws-sdk-s3/bucket_notification.rb +17 -5
  15. data/lib/aws-sdk-s3/bucket_policy.rb +20 -4
  16. data/lib/aws-sdk-s3/bucket_request_payment.rb +18 -2
  17. data/lib/aws-sdk-s3/bucket_tagging.rb +20 -4
  18. data/lib/aws-sdk-s3/bucket_versioning.rb +54 -6
  19. data/lib/aws-sdk-s3/bucket_website.rb +20 -4
  20. data/lib/aws-sdk-s3/client.rb +1954 -683
  21. data/lib/aws-sdk-s3/client_api.rb +387 -21
  22. data/lib/aws-sdk-s3/customizations/object.rb +76 -3
  23. data/lib/aws-sdk-s3/file_downloader.rb +1 -1
  24. data/lib/aws-sdk-s3/file_uploader.rb +5 -0
  25. data/lib/aws-sdk-s3/multipart_file_uploader.rb +26 -7
  26. data/lib/aws-sdk-s3/multipart_upload.rb +126 -12
  27. data/lib/aws-sdk-s3/multipart_upload_part.rb +132 -13
  28. data/lib/aws-sdk-s3/object.rb +249 -77
  29. data/lib/aws-sdk-s3/object_acl.rb +20 -4
  30. data/lib/aws-sdk-s3/object_summary.rb +167 -45
  31. data/lib/aws-sdk-s3/object_version.rb +64 -38
  32. data/lib/aws-sdk-s3/plugins/accelerate.rb +7 -1
  33. data/lib/aws-sdk-s3/plugins/arn.rb +11 -24
  34. data/lib/aws-sdk-s3/plugins/bucket_dns.rb +1 -1
  35. data/lib/aws-sdk-s3/plugins/dualstack.rb +25 -31
  36. data/lib/aws-sdk-s3/plugins/iad_regional_endpoint.rb +6 -0
  37. data/lib/aws-sdk-s3/plugins/md5s.rb +5 -3
  38. data/lib/aws-sdk-s3/plugins/s3_signer.rb +19 -4
  39. data/lib/aws-sdk-s3/plugins/skip_whole_multipart_get_checksums.rb +31 -0
  40. data/lib/aws-sdk-s3/presigned_post.rb +38 -19
  41. data/lib/aws-sdk-s3/resource.rb +18 -0
  42. data/lib/aws-sdk-s3/types.rb +2462 -547
  43. data/lib/aws-sdk-s3.rb +1 -1
  44. metadata +5 -4
@@ -77,17 +77,10 @@ result in cross region requests.
77
77
  if arn
78
78
  validate_config!(context, arn)
79
79
 
80
- fips = false
81
- if resolved_region.include?('fips')
82
- fips = true
83
- resolved_region = resolved_region.gsub('fips-', '')
84
- .gsub('-fips', '')
85
- end
86
-
87
80
  context.metadata[:s3_arn] = {
88
81
  arn: arn,
89
82
  resolved_region: resolved_region,
90
- fips: fips,
83
+ fips: context.config.use_fips_endpoint,
91
84
  dualstack: extract_dualstack_config!(context)
92
85
  }
93
86
  end
@@ -126,7 +119,8 @@ result in cross region requests.
126
119
 
127
120
  if !arn.support_dualstack? && context[:use_dualstack_endpoint]
128
121
  raise ArgumentError,
129
- 'Cannot provide an Outpost Access Point or Multi-region Access Point ARN'\
122
+ 'Cannot provide an Outpost Access Point, Object Lambda, '\
123
+ 'or Multi-region Access Point ARN'\
130
124
  ' when `:use_dualstack_endpoint` is set to true.'
131
125
  end
132
126
 
@@ -135,6 +129,12 @@ result in cross region requests.
135
129
  'Cannot provide a Multi-region Access Point ARN with '\
136
130
  '`:s3_disable_multiregion_access_points` set to true'
137
131
  end
132
+
133
+ if context.config.use_fips_endpoint && !arn.support_fips?
134
+ raise ArgumentError,
135
+ 'FIPS client regions are not supported for this type '\
136
+ 'of ARN.'
137
+ end
138
138
  end
139
139
  end
140
140
 
@@ -146,7 +146,7 @@ result in cross region requests.
146
146
  s3_arn = resolve_arn_type!(arn)
147
147
  s3_arn.validate_arn!
148
148
  validate_region_config!(s3_arn, region, use_arn_region)
149
- region = s3_arn.region if use_arn_region && !region.include?('fips')
149
+ region = s3_arn.region if use_arn_region
150
150
  [region, s3_arn]
151
151
  else
152
152
  [region]
@@ -231,19 +231,6 @@ result in cross region requests.
231
231
  raise Aws::Errors::InvalidARNPartitionError
232
232
  end
233
233
  else
234
- if region.include?('fips')
235
- # If ARN type doesn't support FIPS but the client region is FIPS
236
- unless arn.support_fips?
237
- raise ArgumentError,
238
- 'FIPS client regions are not supported for this type '\
239
- 'of ARN.'
240
- end
241
-
242
- fips = true
243
- # Normalize the region so we can compare partition and regions
244
- region = region.gsub('fips-', '').gsub('-fips', '')
245
- end
246
-
247
234
  # use_arn_region does not apply to MRAP (global) arns
248
235
  unless arn.region.empty?
249
236
  # Raise if the ARN and client regions are in different partitions
@@ -254,7 +241,7 @@ result in cross region requests.
254
241
 
255
242
  # Raise if regions mismatch
256
243
  # Either when it's a fips client or not using the ARN region
257
- if (!use_arn_region || fips) && region != arn.region
244
+ if !use_arn_region && region != arn.region
258
245
  raise Aws::Errors::InvalidARNRegionError
259
246
  end
260
247
  end
@@ -24,7 +24,7 @@ request URI and never moved to the host as a sub-domain.
24
24
  DOCS
25
25
 
26
26
  def add_handlers(handlers, config)
27
- handlers.add(Handler) unless config.force_path_style
27
+ handlers.add(Handler, priority: 48) unless config.force_path_style
28
28
  end
29
29
 
30
30
  # @api private
@@ -5,18 +5,9 @@ module Aws
5
5
  module Plugins
6
6
  # @api private
7
7
  class Dualstack < Seahorse::Client::Plugin
8
-
9
- option(:use_dualstack_endpoint,
10
- default: false,
11
- doc_type: 'Boolean',
12
- docstring: <<-DOCS)
13
- When set to `true`, IPv6-compatible bucket endpoints will be used
14
- for all operations.
15
- DOCS
16
-
17
8
  def add_handlers(handlers, config)
18
9
  handlers.add(OptionHandler, step: :initialize)
19
- handlers.add(DualstackHandler, step: :build, priority: 11)
10
+ handlers.add(DualstackHandler, step: :build, priority: 49)
20
11
  end
21
12
 
22
13
  # @api private
@@ -40,38 +31,41 @@ for all operations.
40
31
  # @api private
41
32
  class DualstackHandler < Seahorse::Client::Handler
42
33
  def call(context)
43
- if context.config.regional_endpoint && use_dualstack_endpoint?(context)
34
+ # only rewrite the endpoint if it's not a custom endpoint
35
+ # accelerate/ARN already handle dualstack cases, so ignore these
36
+ # check to see if dualstack is on but configured off via operation
37
+ if context.config.regional_endpoint &&
38
+ use_dualstack_endpoint?(context)
44
39
  apply_dualstack_endpoint(context)
45
40
  end
46
41
  @handler.call(context)
47
42
  end
48
43
 
49
44
  private
50
- def apply_dualstack_endpoint(context)
51
- bucket_name = context.params[:bucket]
52
- region = context.config.region
53
- dns_suffix = Aws::Partitions::EndpointProvider.dns_suffix_for(region)
54
45
 
55
- if use_bucket_dns?(bucket_name, context)
56
- host = "#{bucket_name}.s3.dualstack.#{region}.#{dns_suffix}"
57
- else
58
- host = "s3.dualstack.#{region}.#{dns_suffix}"
59
- end
46
+ def apply_dualstack_endpoint(context)
47
+ new_endpoint = Aws::Partitions::EndpointProvider.resolve(
48
+ context.config.region,
49
+ 's3',
50
+ 'regional',
51
+ {
52
+ dualstack: context[:use_dualstack_endpoint],
53
+ fips: context.config.use_fips_endpoint
54
+ }
55
+ )
60
56
  endpoint = URI.parse(context.http_request.endpoint.to_s)
61
- endpoint.scheme = context.http_request.endpoint.scheme
62
- endpoint.port = context.http_request.endpoint.port
63
- endpoint.host = host
64
- context.http_request.endpoint = endpoint.to_s
65
- end
66
-
67
- def use_bucket_dns?(bucket_name, context)
68
- ssl = context.http_request.endpoint.scheme == "https"
69
- bucket_name && BucketDns.dns_compatible?(bucket_name, ssl) &&
70
- !context.config.force_path_style
57
+ endpoint.host = URI.parse(new_endpoint).host
58
+ context.http_request.endpoint = endpoint
71
59
  end
72
60
 
73
61
  def use_dualstack_endpoint?(context)
74
- context[:use_dualstack_endpoint] && !context[:use_accelerate_endpoint]
62
+ # case when dualstack is turned off via operation
63
+ (context[:use_dualstack_endpoint] ||
64
+ context.config.use_dualstack_endpoint) &&
65
+ # accelerate plugin already applies dualstack
66
+ !context[:use_accelerate_endpoint] &&
67
+ # arns handle dualstack
68
+ !context.metadata[:s3_arn]
75
69
  end
76
70
  end
77
71
 
@@ -48,8 +48,14 @@ Defaults to `legacy` mode which uses the global endpoint.
48
48
  private
49
49
 
50
50
  def self.resolve_iad_regional_endpoint(cfg)
51
+ default_mode_value =
52
+ if cfg.respond_to?(:defaults_mode_config_resolver)
53
+ cfg.defaults_mode_config_resolver.resolve(:s3_us_east_1_regional_endpoint)
54
+ end
55
+
51
56
  mode = ENV['AWS_S3_US_EAST_1_REGIONAL_ENDPOINT'] ||
52
57
  Aws.shared_config.s3_us_east_1_regional_endpoint(profile: cfg.profile) ||
58
+ default_mode_value ||
53
59
  'legacy'
54
60
  mode = mode.downcase
55
61
  unless %w(legacy regional).include?(mode)
@@ -22,9 +22,11 @@ module Aws
22
22
  CHUNK_SIZE = 1 * 1024 * 1024 # one MB
23
23
 
24
24
  def call(context)
25
- body = context.http_request.body
26
- if body.respond_to?(:size) && body.size > 0
27
- context.http_request.headers['Content-Md5'] ||= md5(body)
25
+ if !context[:checksum_algorithms] # skip in favor of flexible checksum
26
+ body = context.http_request.body
27
+ if body.respond_to?(:size) && body.size > 0
28
+ context.http_request.headers['Content-Md5'] ||= md5(body)
29
+ end
28
30
  end
29
31
  @handler.call(context)
30
32
  end
@@ -22,7 +22,9 @@ module Aws
22
22
  # S3 removes core's signature_v4 plugin that checks for this
23
23
  raise Aws::Errors::MissingRegionError if cfg.region.nil?
24
24
 
25
- Aws::Partitions::EndpointProvider.signing_region(cfg.region, 's3')
25
+ Aws::Partitions::EndpointProvider.signing_region(
26
+ cfg.region, 's3'
27
+ )
26
28
  end
27
29
 
28
30
  def add_handlers(handlers, cfg)
@@ -162,7 +164,12 @@ module Aws
162
164
 
163
165
  def custom_endpoint?(resp)
164
166
  resolved_suffix = Aws::Partitions::EndpointProvider.dns_suffix_for(
165
- resp.context.config.region
167
+ resp.context.config.region,
168
+ 's3',
169
+ {
170
+ dualstack: resp.context[:use_dualstack_endpoint],
171
+ fips: resp.context.config.use_fips_endpoint
172
+ }
166
173
  )
167
174
  !resp.context.http_request.endpoint.hostname.include?(resolved_suffix)
168
175
  end
@@ -234,12 +241,20 @@ module Aws
234
241
  # Otherwise it will retry with the ARN as the bucket name.
235
242
  def new_hostname(context, region)
236
243
  uri = URI.parse(
237
- Aws::Partitions::EndpointProvider.resolve(region, 's3')
244
+ Aws::Partitions::EndpointProvider.resolve(
245
+ region, 's3', 'regional',
246
+ {
247
+ dualstack: context[:use_dualstack_endpoint],
248
+ fips: context.config.use_fips_endpoint
249
+ }
250
+ )
238
251
  )
239
252
 
240
253
  if (arn = context.metadata[:s3_arn])
241
254
  # Retry with the response region and not the ARN resolved one
242
- ARN.resolve_url!(uri, arn[:arn], region).host
255
+ ARN.resolve_url!(
256
+ uri, arn[:arn], region, arn[:fips], arn[:dualstack]
257
+ ).host
243
258
  else
244
259
  "#{context.params[:bucket]}.#{uri.host}"
245
260
  end
@@ -0,0 +1,31 @@
1
+ # frozen_string_literal: true
2
+
3
+ module Aws
4
+ module S3
5
+ module Plugins
6
+
7
+ # S3 GetObject results for whole Multipart Objects contain a checksum
8
+ # that cannot be validated. These should be skipped by the
9
+ # ChecksumAlgorithm plugin.
10
+ class SkipWholeMultipartGetChecksums < Seahorse::Client::Plugin
11
+
12
+ class Handler < Seahorse::Client::Handler
13
+
14
+ def call(context)
15
+ context[:http_checksum] ||= {}
16
+ context[:http_checksum][:skip_on_suffix] = true
17
+
18
+ @handler.call(context)
19
+ end
20
+
21
+ end
22
+
23
+ handler(
24
+ Handler,
25
+ step: :initialize,
26
+ operations: [:get_object]
27
+ )
28
+ end
29
+ end
30
+ end
31
+ end
@@ -98,7 +98,7 @@ module Aws
98
98
  # or call the associated method.
99
99
  #
100
100
  # ```ruby
101
- # post = Aws::S3::PresignedPost.new(creds, region, bucket).
101
+ # post = Aws::S3::PresignedPost.new(creds, region, bucket)
102
102
  # post.content_type('text/plain')
103
103
  # ```
104
104
  #
@@ -176,11 +176,17 @@ module Aws
176
176
  # ```
177
177
  #
178
178
  class PresignedPost
179
+ @@allowed_fields = []
179
180
 
180
181
  # @param [Credentials] credentials Security credentials for signing
181
182
  # the post policy.
182
183
  # @param [String] bucket_region Region of the target bucket.
183
184
  # @param [String] bucket_name Name of the target bucket.
185
+ # @option options [Boolean] :use_accelerate_endpoint (false) When `true`,
186
+ # PresignedPost will attempt to use accelerated endpoint.
187
+ # @option options [String] :url See {PresignedPost#url}.
188
+ # @option options [Sting, Array<String>] :allow_any
189
+ # See {PresignedPost#allow_any}.
184
190
  # @option options [Time] :signature_expiration Specify when the signature on
185
191
  # the post will expire. Defaults to one hour from creation of the
186
192
  # presigned post. May not exceed one week from creation time.
@@ -205,7 +211,7 @@ module Aws
205
211
  # See {PresignedPost#content_encoding}.
206
212
  # @option options [String] :content_encoding_starts_with
207
213
  # See {PresignedPost#content_encoding_starts_with}.
208
- # @option options [String] :expires See {PresignedPost#expires}.
214
+ # @option options [Time] :expires See {PresignedPost#expires}.
209
215
  # @option options [String] :expires_starts_with
210
216
  # See {PresignedPost#expires_starts_with}.
211
217
  # @option options [Range<Integer>] :content_length_range
@@ -232,6 +238,8 @@ module Aws
232
238
  # See {PresignedPost#server_side_encryption_customer_algorithm}.
233
239
  # @option options [String] :server_side_encryption_customer_key
234
240
  # See {PresignedPost#server_side_encryption_customer_key}.
241
+ # @option options [String] :server_side_encryption_customer_key_starts_with
242
+ # See {PresignedPost#server_side_encryption_customer_key_starts_with}.
235
243
  def initialize(credentials, bucket_region, bucket_name, options = {})
236
244
  @credentials = credentials.credentials
237
245
  @bucket_region = bucket_region
@@ -247,7 +255,12 @@ module Aws
247
255
  case option_name
248
256
  when :allow_any then allow_any(option_value)
249
257
  when :signature_expiration then @signature_expiration = option_value
250
- else send("#{option_name}", option_value)
258
+ else
259
+ if @@allowed_fields.include?(option_name)
260
+ send("#{option_name}", option_value)
261
+ else
262
+ raise ArgumentError, "Unsupported option: #{option_name}"
263
+ end
251
264
  end
252
265
  end
253
266
  end
@@ -279,17 +292,23 @@ module Aws
279
292
  end
280
293
 
281
294
  # @api private
282
- def self.define_field(field, *args)
295
+ def self.define_field(field, *args, &block)
296
+ @@allowed_fields << field
283
297
  options = args.last.is_a?(Hash) ? args.pop : {}
284
298
  field_name = args.last || field.to_s
285
299
 
286
- define_method("#{field}") do |value|
287
- with(field_name, value)
288
- end
300
+ if block_given?
301
+ define_method("#{field}", block)
302
+ else
303
+ define_method("#{field}") do |value|
304
+ with(field_name, value)
305
+ end
289
306
 
290
- if options[:starts_with]
291
- define_method("#{field}_starts_with") do |value|
292
- starts_with(field_name, value)
307
+ if options[:starts_with]
308
+ @@allowed_fields << "#{field}_starts_with".to_sym
309
+ define_method("#{field}_starts_with") do |value|
310
+ starts_with(field_name, value)
311
+ end
293
312
  end
294
313
  end
295
314
  end
@@ -307,7 +326,7 @@ module Aws
307
326
  # @param [String] key
308
327
  # @see http://docs.aws.amazon.com/AmazonS3/latest/dev/UsingMetadata.html)
309
328
  # @return [self]
310
- def key(key)
329
+ define_field(:key) do |key|
311
330
  @key_set = true
312
331
  with('key', key)
313
332
  end
@@ -316,7 +335,7 @@ module Aws
316
335
  # @param [String] prefix
317
336
  # @see #key
318
337
  # @return [self]
319
- def key_starts_with(prefix)
338
+ define_field(:key_starts_with) do |prefix|
320
339
  @key_set = true
321
340
  starts_with('key', prefix)
322
341
  end
@@ -399,21 +418,21 @@ module Aws
399
418
  # @param [Time] time
400
419
  # @see http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.21
401
420
  # @return [self]
402
- def expires(time)
421
+ define_field(:expires) do |time|
403
422
  with('Expires', time.httpdate)
404
423
  end
405
424
 
406
425
  # @param [String] prefix
407
426
  # @see #expires
408
427
  # @return [self]
409
- def expires_starts_with(prefix)
428
+ define_field(:expires_starts_with) do |prefix|
410
429
  starts_with('Expires', prefix)
411
430
  end
412
431
 
413
432
  # The minimum and maximum allowable size for the uploaded content.
414
433
  # @param [Range<Integer>] byte_range
415
434
  # @return [self]
416
- def content_length_range(byte_range)
435
+ define_field(:content_length_range) do |byte_range|
417
436
  min = byte_range.begin
418
437
  max = byte_range.end
419
438
  max -= 1 if byte_range.exclude_end?
@@ -492,7 +511,7 @@ module Aws
492
511
  # prefixed with "x-amz-meta-".
493
512
  # @param [Hash<String,String>] hash
494
513
  # @return [self]
495
- def metadata(hash)
514
+ define_field(:metadata) do |hash|
496
515
  hash.each do |key, value|
497
516
  with("x-amz-meta-#{key}", value)
498
517
  end
@@ -503,7 +522,7 @@ module Aws
503
522
  # @param [Hash<String,String>] hash
504
523
  # @see #metadata
505
524
  # @return [self]
506
- def metadata_starts_with(hash)
525
+ define_field(:metadata_starts_with) do |hash|
507
526
  hash.each do |key, value|
508
527
  starts_with("x-amz-meta-#{key}", value)
509
528
  end
@@ -561,7 +580,7 @@ module Aws
561
580
  # @param [String] value
562
581
  # @see #server_side_encryption_customer_algorithm
563
582
  # @return [self]
564
- def server_side_encryption_customer_key(value)
583
+ define_field(:server_side_encryption_customer_key) do |value|
565
584
  field_name = 'x-amz-server-side-encryption-customer-key'
566
585
  with(field_name, base64(value))
567
586
  with(field_name + '-MD5', base64(OpenSSL::Digest::MD5.digest(value)))
@@ -570,7 +589,7 @@ module Aws
570
589
  # @param [String] prefix
571
590
  # @see #server_side_encryption_customer_key
572
591
  # @return [self]
573
- def server_side_encryption_customer_key_starts_with(prefix)
592
+ define_field(:server_side_encryption_customer_key_starts_with) do |prefix|
574
593
  field_name = 'x-amz-server-side-encryption-customer-key'
575
594
  starts_with(field_name, prefix)
576
595
  end
@@ -49,6 +49,7 @@ module Aws::S3
49
49
  # grant_write: "GrantWrite",
50
50
  # grant_write_acp: "GrantWriteACP",
51
51
  # object_lock_enabled_for_bucket: false,
52
+ # object_ownership: "BucketOwnerPreferred", # accepts BucketOwnerPreferred, ObjectWriter, BucketOwnerEnforced
52
53
  # })
53
54
  # @param [Hash] options ({})
54
55
  # @option options [String] :acl
@@ -74,6 +75,23 @@ module Aws::S3
74
75
  # @option options [Boolean] :object_lock_enabled_for_bucket
75
76
  # Specifies whether you want S3 Object Lock to be enabled for the new
76
77
  # bucket.
78
+ # @option options [String] :object_ownership
79
+ # The container element for object ownership for a bucket's ownership
80
+ # controls.
81
+ #
82
+ # BucketOwnerPreferred - Objects uploaded to the bucket change ownership
83
+ # to the bucket owner if the objects are uploaded with the
84
+ # `bucket-owner-full-control` canned ACL.
85
+ #
86
+ # ObjectWriter - The uploading account will own the object if the object
87
+ # is uploaded with the `bucket-owner-full-control` canned ACL.
88
+ #
89
+ # BucketOwnerEnforced - Access control lists (ACLs) are disabled and no
90
+ # longer affect permissions. The bucket owner automatically owns and has
91
+ # full control over every object in the bucket. The bucket only accepts
92
+ # PUT requests that don't specify an ACL or bucket owner full control
93
+ # ACLs, such as the `bucket-owner-full-control` canned ACL or an
94
+ # equivalent form of this ACL expressed in the XML format.
77
95
  # @return [Bucket]
78
96
  def create_bucket(options = {})
79
97
  @client.create_bucket(options)