aws-sdk-s3 1.103.0 → 1.120.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +139 -0
- data/VERSION +1 -1
- data/lib/aws-sdk-s3/bucket.rb +134 -34
- data/lib/aws-sdk-s3/bucket_acl.rb +18 -2
- data/lib/aws-sdk-s3/bucket_cors.rb +20 -4
- data/lib/aws-sdk-s3/bucket_lifecycle.rb +24 -6
- data/lib/aws-sdk-s3/bucket_lifecycle_configuration.rb +28 -6
- data/lib/aws-sdk-s3/bucket_logging.rb +18 -2
- data/lib/aws-sdk-s3/bucket_notification.rb +17 -5
- data/lib/aws-sdk-s3/bucket_policy.rb +20 -4
- data/lib/aws-sdk-s3/bucket_request_payment.rb +18 -2
- data/lib/aws-sdk-s3/bucket_tagging.rb +20 -4
- data/lib/aws-sdk-s3/bucket_versioning.rb +54 -6
- data/lib/aws-sdk-s3/bucket_website.rb +20 -4
- data/lib/aws-sdk-s3/client.rb +2574 -1199
- data/lib/aws-sdk-s3/client_api.rb +574 -208
- data/lib/aws-sdk-s3/customizations/bucket.rb +20 -46
- data/lib/aws-sdk-s3/customizations/errors.rb +27 -0
- data/lib/aws-sdk-s3/customizations/object.rb +80 -4
- data/lib/aws-sdk-s3/customizations/types/permanent_redirect.rb +26 -0
- data/lib/aws-sdk-s3/customizations.rb +2 -0
- data/lib/aws-sdk-s3/endpoint_parameters.rb +142 -0
- data/lib/aws-sdk-s3/endpoint_provider.rb +733 -0
- data/lib/aws-sdk-s3/endpoints.rb +2149 -0
- data/lib/aws-sdk-s3/file_downloader.rb +1 -1
- data/lib/aws-sdk-s3/file_uploader.rb +5 -0
- data/lib/aws-sdk-s3/multipart_file_uploader.rb +26 -7
- data/lib/aws-sdk-s3/multipart_stream_uploader.rb +36 -10
- data/lib/aws-sdk-s3/multipart_upload.rb +126 -12
- data/lib/aws-sdk-s3/multipart_upload_part.rb +133 -14
- data/lib/aws-sdk-s3/object.rb +289 -112
- data/lib/aws-sdk-s3/object_acl.rb +20 -4
- data/lib/aws-sdk-s3/object_multipart_copier.rb +11 -5
- data/lib/aws-sdk-s3/object_summary.rb +204 -74
- data/lib/aws-sdk-s3/object_version.rb +68 -40
- data/lib/aws-sdk-s3/plugins/accelerate.rb +3 -44
- data/lib/aws-sdk-s3/plugins/arn.rb +0 -197
- data/lib/aws-sdk-s3/plugins/bucket_dns.rb +3 -39
- data/lib/aws-sdk-s3/plugins/bucket_name_restrictions.rb +1 -6
- data/lib/aws-sdk-s3/plugins/dualstack.rb +1 -55
- data/lib/aws-sdk-s3/plugins/endpoints.rb +262 -0
- data/lib/aws-sdk-s3/plugins/expect_100_continue.rb +2 -1
- data/lib/aws-sdk-s3/plugins/iad_regional_endpoint.rb +6 -29
- data/lib/aws-sdk-s3/plugins/md5s.rb +5 -3
- data/lib/aws-sdk-s3/plugins/s3_signer.rb +33 -109
- data/lib/aws-sdk-s3/plugins/skip_whole_multipart_get_checksums.rb +31 -0
- data/lib/aws-sdk-s3/plugins/streaming_retry.rb +23 -2
- data/lib/aws-sdk-s3/presigned_post.rb +47 -35
- data/lib/aws-sdk-s3/presigner.rb +20 -33
- data/lib/aws-sdk-s3/resource.rb +19 -1
- data/lib/aws-sdk-s3/types.rb +2519 -4175
- data/lib/aws-sdk-s3.rb +5 -1
- metadata +11 -9
- data/lib/aws-sdk-s3/arn/access_point_arn.rb +0 -69
- data/lib/aws-sdk-s3/arn/multi_region_access_point_arn.rb +0 -69
- data/lib/aws-sdk-s3/arn/object_lambda_arn.rb +0 -69
- data/lib/aws-sdk-s3/arn/outpost_access_point_arn.rb +0 -73
- data/lib/aws-sdk-s3/plugins/object_lambda_endpoint.rb +0 -25
@@ -56,6 +56,12 @@ module Aws::S3
|
|
56
56
|
data[:etag]
|
57
57
|
end
|
58
58
|
|
59
|
+
# The algorithm that was used to create a checksum of the object.
|
60
|
+
# @return [Array<String>]
|
61
|
+
def checksum_algorithm
|
62
|
+
data[:checksum_algorithm]
|
63
|
+
end
|
64
|
+
|
59
65
|
# Size in bytes of the object.
|
60
66
|
# @return [Integer]
|
61
67
|
def size
|
@@ -245,8 +251,8 @@ module Aws::S3
|
|
245
251
|
# @option options [String] :request_payer
|
246
252
|
# Confirms that the requester knows that they will be charged for the
|
247
253
|
# request. Bucket owners need not specify this parameter in their
|
248
|
-
# requests. For information about downloading objects from
|
249
|
-
#
|
254
|
+
# requests. For information about downloading objects from Requester
|
255
|
+
# Pays buckets, see [Downloading Objects in Requester Pays Buckets][1]
|
250
256
|
# in the *Amazon S3 User Guide*.
|
251
257
|
#
|
252
258
|
#
|
@@ -255,11 +261,11 @@ module Aws::S3
|
|
255
261
|
# @option options [Boolean] :bypass_governance_retention
|
256
262
|
# Indicates whether S3 Object Lock should bypass Governance-mode
|
257
263
|
# restrictions to process this operation. To use this header, you must
|
258
|
-
# have the `s3:
|
264
|
+
# have the `s3:BypassGovernanceRetention` permission.
|
259
265
|
# @option options [String] :expected_bucket_owner
|
260
266
|
# The account ID of the expected bucket owner. If the bucket is owned by
|
261
|
-
# a different account, the request
|
262
|
-
#
|
267
|
+
# a different account, the request fails with the HTTP status code `403
|
268
|
+
# Forbidden` (access denied).
|
263
269
|
# @return [Types::DeleteObjectOutput]
|
264
270
|
def delete(options = {})
|
265
271
|
options = options.merge(
|
@@ -291,24 +297,25 @@ module Aws::S3
|
|
291
297
|
# request_payer: "requester", # accepts requester
|
292
298
|
# part_number: 1,
|
293
299
|
# expected_bucket_owner: "AccountId",
|
300
|
+
# checksum_mode: "ENABLED", # accepts ENABLED
|
294
301
|
# })
|
295
302
|
# @param [Hash] options ({})
|
296
303
|
# @option options [String] :if_match
|
297
304
|
# Return the object only if its entity tag (ETag) is the same as the one
|
298
|
-
# specified
|
305
|
+
# specified; otherwise, return a 412 (precondition failed) error.
|
299
306
|
# @option options [Time,DateTime,Date,Integer,String] :if_modified_since
|
300
307
|
# Return the object only if it has been modified since the specified
|
301
|
-
# time
|
308
|
+
# time; otherwise, return a 304 (not modified) error.
|
302
309
|
# @option options [String] :if_none_match
|
303
310
|
# Return the object only if its entity tag (ETag) is different from the
|
304
|
-
# one specified
|
311
|
+
# one specified; otherwise, return a 304 (not modified) error.
|
305
312
|
# @option options [Time,DateTime,Date,Integer,String] :if_unmodified_since
|
306
313
|
# Return the object only if it has not been modified since the specified
|
307
|
-
# time
|
314
|
+
# time; otherwise, return a 412 (precondition failed) error.
|
308
315
|
# @option options [String] :range
|
309
316
|
# Downloads the specified range bytes of an object. For more information
|
310
317
|
# about the HTTP Range header, see
|
311
|
-
# [https://www.
|
318
|
+
# [https://www.rfc-editor.org/rfc/rfc9110.html#name-range][1].
|
312
319
|
#
|
313
320
|
# <note markdown="1"> Amazon S3 doesn't support retrieving multiple ranges of data per
|
314
321
|
# `GET` request.
|
@@ -317,7 +324,7 @@ module Aws::S3
|
|
317
324
|
#
|
318
325
|
#
|
319
326
|
#
|
320
|
-
# [1]: https://www.
|
327
|
+
# [1]: https://www.rfc-editor.org/rfc/rfc9110.html#name-range
|
321
328
|
# @option options [String] :response_cache_control
|
322
329
|
# Sets the `Cache-Control` header of the response.
|
323
330
|
# @option options [String] :response_content_disposition
|
@@ -346,8 +353,8 @@ module Aws::S3
|
|
346
353
|
# @option options [String] :request_payer
|
347
354
|
# Confirms that the requester knows that they will be charged for the
|
348
355
|
# request. Bucket owners need not specify this parameter in their
|
349
|
-
# requests. For information about downloading objects from
|
350
|
-
#
|
356
|
+
# requests. For information about downloading objects from Requester
|
357
|
+
# Pays buckets, see [Downloading Objects in Requester Pays Buckets][1]
|
351
358
|
# in the *Amazon S3 User Guide*.
|
352
359
|
#
|
353
360
|
#
|
@@ -360,8 +367,10 @@ module Aws::S3
|
|
360
367
|
# object.
|
361
368
|
# @option options [String] :expected_bucket_owner
|
362
369
|
# The account ID of the expected bucket owner. If the bucket is owned by
|
363
|
-
# a different account, the request
|
364
|
-
#
|
370
|
+
# a different account, the request fails with the HTTP status code `403
|
371
|
+
# Forbidden` (access denied).
|
372
|
+
# @option options [String] :checksum_mode
|
373
|
+
# To retrieve the checksum, this mode must be enabled.
|
365
374
|
# @return [Types::GetObjectOutput]
|
366
375
|
def get(options = {}, &block)
|
367
376
|
options = options.merge(
|
@@ -387,33 +396,26 @@ module Aws::S3
|
|
387
396
|
# request_payer: "requester", # accepts requester
|
388
397
|
# part_number: 1,
|
389
398
|
# expected_bucket_owner: "AccountId",
|
399
|
+
# checksum_mode: "ENABLED", # accepts ENABLED
|
390
400
|
# })
|
391
401
|
# @param [Hash] options ({})
|
392
402
|
# @option options [String] :if_match
|
393
403
|
# Return the object only if its entity tag (ETag) is the same as the one
|
394
|
-
# specified
|
404
|
+
# specified; otherwise, return a 412 (precondition failed) error.
|
395
405
|
# @option options [Time,DateTime,Date,Integer,String] :if_modified_since
|
396
406
|
# Return the object only if it has been modified since the specified
|
397
|
-
# time
|
407
|
+
# time; otherwise, return a 304 (not modified) error.
|
398
408
|
# @option options [String] :if_none_match
|
399
409
|
# Return the object only if its entity tag (ETag) is different from the
|
400
|
-
# one specified
|
410
|
+
# one specified; otherwise, return a 304 (not modified) error.
|
401
411
|
# @option options [Time,DateTime,Date,Integer,String] :if_unmodified_since
|
402
412
|
# Return the object only if it has not been modified since the specified
|
403
|
-
# time
|
413
|
+
# time; otherwise, return a 412 (precondition failed) error.
|
404
414
|
# @option options [String] :range
|
405
|
-
#
|
406
|
-
#
|
407
|
-
#
|
408
|
-
#
|
409
|
-
# <note markdown="1"> Amazon S3 doesn't support retrieving multiple ranges of data per
|
410
|
-
# `GET` request.
|
411
|
-
#
|
412
|
-
# </note>
|
413
|
-
#
|
414
|
-
#
|
415
|
-
#
|
416
|
-
# [1]: http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.35
|
415
|
+
# HeadObject returns only the metadata for an object. If the Range is
|
416
|
+
# satisfiable, only the `ContentLength` is affected in the response. If
|
417
|
+
# the Range is not satisfiable, S3 returns a `416 - Requested Range Not
|
418
|
+
# Satisfiable` error.
|
417
419
|
# @option options [String] :sse_customer_algorithm
|
418
420
|
# Specifies the algorithm to use to when encrypting the object (for
|
419
421
|
# example, AES256).
|
@@ -430,8 +432,8 @@ module Aws::S3
|
|
430
432
|
# @option options [String] :request_payer
|
431
433
|
# Confirms that the requester knows that they will be charged for the
|
432
434
|
# request. Bucket owners need not specify this parameter in their
|
433
|
-
# requests. For information about downloading objects from
|
434
|
-
#
|
435
|
+
# requests. For information about downloading objects from Requester
|
436
|
+
# Pays buckets, see [Downloading Objects in Requester Pays Buckets][1]
|
435
437
|
# in the *Amazon S3 User Guide*.
|
436
438
|
#
|
437
439
|
#
|
@@ -444,8 +446,15 @@ module Aws::S3
|
|
444
446
|
# the number of parts in this object.
|
445
447
|
# @option options [String] :expected_bucket_owner
|
446
448
|
# The account ID of the expected bucket owner. If the bucket is owned by
|
447
|
-
# a different account, the request
|
448
|
-
#
|
449
|
+
# a different account, the request fails with the HTTP status code `403
|
450
|
+
# Forbidden` (access denied).
|
451
|
+
# @option options [String] :checksum_mode
|
452
|
+
# To retrieve the checksum, this parameter must be enabled.
|
453
|
+
#
|
454
|
+
# In addition, if you enable `ChecksumMode` and the object is encrypted
|
455
|
+
# with Amazon Web Services Key Management Service (Amazon Web Services
|
456
|
+
# KMS), you must have permission to use the `kms:Decrypt` action for the
|
457
|
+
# request to succeed.
|
449
458
|
# @return [Types::HeadObjectOutput]
|
450
459
|
def head(options = {})
|
451
460
|
options = options.merge(
|
@@ -525,6 +534,7 @@ module Aws::S3
|
|
525
534
|
# request_payer: "requester", # accepts requester
|
526
535
|
# bypass_governance_retention: false,
|
527
536
|
# expected_bucket_owner: "AccountId",
|
537
|
+
# checksum_algorithm: "CRC32", # accepts CRC32, CRC32C, SHA1, SHA256
|
528
538
|
# })
|
529
539
|
# @param options ({})
|
530
540
|
# @option options [String] :mfa
|
@@ -535,8 +545,8 @@ module Aws::S3
|
|
535
545
|
# @option options [String] :request_payer
|
536
546
|
# Confirms that the requester knows that they will be charged for the
|
537
547
|
# request. Bucket owners need not specify this parameter in their
|
538
|
-
# requests. For information about downloading objects from
|
539
|
-
#
|
548
|
+
# requests. For information about downloading objects from Requester
|
549
|
+
# Pays buckets, see [Downloading Objects in Requester Pays Buckets][1]
|
540
550
|
# in the *Amazon S3 User Guide*.
|
541
551
|
#
|
542
552
|
#
|
@@ -545,11 +555,29 @@ module Aws::S3
|
|
545
555
|
# @option options [Boolean] :bypass_governance_retention
|
546
556
|
# Specifies whether you want to delete this object even if it has a
|
547
557
|
# Governance-type Object Lock in place. To use this header, you must
|
548
|
-
# have the `s3:
|
558
|
+
# have the `s3:BypassGovernanceRetention` permission.
|
549
559
|
# @option options [String] :expected_bucket_owner
|
550
560
|
# The account ID of the expected bucket owner. If the bucket is owned by
|
551
|
-
# a different account, the request
|
552
|
-
#
|
561
|
+
# a different account, the request fails with the HTTP status code `403
|
562
|
+
# Forbidden` (access denied).
|
563
|
+
# @option options [String] :checksum_algorithm
|
564
|
+
# Indicates the algorithm used to create the checksum for the object
|
565
|
+
# when using the SDK. This header will not provide any additional
|
566
|
+
# functionality if not using the SDK. When sending this header, there
|
567
|
+
# must be a corresponding `x-amz-checksum` or `x-amz-trailer` header
|
568
|
+
# sent. Otherwise, Amazon S3 fails the request with the HTTP status code
|
569
|
+
# `400 Bad Request`. For more information, see [Checking object
|
570
|
+
# integrity][1] in the *Amazon S3 User Guide*.
|
571
|
+
#
|
572
|
+
# If you provide an individual checksum, Amazon S3 ignores any provided
|
573
|
+
# `ChecksumAlgorithm` parameter.
|
574
|
+
#
|
575
|
+
# This checksum algorithm must be the same for all parts and it match
|
576
|
+
# the checksum value supplied in the `CreateMultipartUpload` request.
|
577
|
+
#
|
578
|
+
#
|
579
|
+
#
|
580
|
+
# [1]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html
|
553
581
|
# @return [void]
|
554
582
|
def batch_delete!(options = {})
|
555
583
|
batch_enum.each do |batch|
|
@@ -23,67 +23,26 @@ each bucket. [Go here for more information](http://docs.aws.amazon.com/AmazonS3/
|
|
23
23
|
operations = config.api.operation_names - [
|
24
24
|
:create_bucket, :list_buckets, :delete_bucket
|
25
25
|
]
|
26
|
-
# Need 2 handlers so that the context can be set for other plugins
|
27
|
-
# and to remove :use_accelerate_endpoint from the params.
|
28
26
|
handlers.add(
|
29
27
|
OptionHandler, step: :initialize, operations: operations
|
30
28
|
)
|
31
|
-
handlers.add(
|
32
|
-
AccelerateHandler, step: :build, priority: 11, operations: operations
|
33
|
-
)
|
34
29
|
end
|
35
30
|
|
36
31
|
# @api private
|
37
32
|
class OptionHandler < Seahorse::Client::Handler
|
38
33
|
def call(context)
|
39
34
|
# Support client configuration and per-operation configuration
|
35
|
+
# TODO: move this to an options hash and warn here.
|
40
36
|
if context.params.is_a?(Hash)
|
41
37
|
accelerate = context.params.delete(:use_accelerate_endpoint)
|
42
38
|
end
|
43
|
-
|
44
|
-
|
45
|
-
if accelerate && !context.config.regional_endpoint
|
46
|
-
raise ArgumentError,
|
47
|
-
'Cannot use both :use_accelerate_endpoint and :endpoint'
|
39
|
+
if accelerate.nil?
|
40
|
+
accelerate = context.config.use_accelerate_endpoint
|
48
41
|
end
|
49
42
|
context[:use_accelerate_endpoint] = accelerate
|
50
43
|
@handler.call(context)
|
51
44
|
end
|
52
45
|
end
|
53
|
-
|
54
|
-
# @api private
|
55
|
-
class AccelerateHandler < Seahorse::Client::Handler
|
56
|
-
def call(context)
|
57
|
-
if context.config.regional_endpoint && context[:use_accelerate_endpoint]
|
58
|
-
dualstack = !!context[:use_dualstack_endpoint]
|
59
|
-
use_accelerate_endpoint(context, dualstack)
|
60
|
-
end
|
61
|
-
@handler.call(context)
|
62
|
-
end
|
63
|
-
|
64
|
-
private
|
65
|
-
|
66
|
-
def use_accelerate_endpoint(context, dualstack)
|
67
|
-
bucket_name = context.params[:bucket]
|
68
|
-
validate_bucket_name!(bucket_name)
|
69
|
-
endpoint = URI.parse(context.http_request.endpoint.to_s)
|
70
|
-
endpoint.scheme = 'https'
|
71
|
-
endpoint.port = 443
|
72
|
-
endpoint.host = "#{bucket_name}.s3-accelerate"\
|
73
|
-
"#{'.dualstack' if dualstack}.amazonaws.com"
|
74
|
-
context.http_request.endpoint = endpoint.to_s
|
75
|
-
# s3 accelerate endpoint doesn't work with 'expect' header
|
76
|
-
context.http_request.headers.delete('expect')
|
77
|
-
end
|
78
|
-
|
79
|
-
def validate_bucket_name!(bucket_name)
|
80
|
-
unless BucketDns.dns_compatible?(bucket_name, _ssl = true)
|
81
|
-
raise ArgumentError,
|
82
|
-
'Unable to use `use_accelerate_endpoint: true` on buckets '\
|
83
|
-
'with non-DNS compatible names.'
|
84
|
-
end
|
85
|
-
end
|
86
|
-
end
|
87
46
|
end
|
88
47
|
end
|
89
48
|
end
|
@@ -1,10 +1,5 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
|
-
require_relative '../arn/access_point_arn'
|
4
|
-
require_relative '../arn/object_lambda_arn'
|
5
|
-
require_relative '../arn/outpost_access_point_arn'
|
6
|
-
require_relative '../arn/multi_region_access_point_arn'
|
7
|
-
|
8
3
|
module Aws
|
9
4
|
module S3
|
10
5
|
module Plugins
|
@@ -36,150 +31,9 @@ result in cross region requests.
|
|
36
31
|
resolve_s3_disable_multiregion_access_points(cfg)
|
37
32
|
end
|
38
33
|
|
39
|
-
# param validator is validate:50
|
40
|
-
# endpoint is build:90 (populates the URI for the first time)
|
41
|
-
# endpoint pattern is build:10
|
42
|
-
def add_handlers(handlers, _config)
|
43
|
-
handlers.add(ARNHandler, step: :validate, priority: 75)
|
44
|
-
handlers.add(UrlHandler)
|
45
|
-
end
|
46
|
-
|
47
|
-
# After extracting out any ARN input, resolve a new URL with it.
|
48
|
-
class UrlHandler < Seahorse::Client::Handler
|
49
|
-
def call(context)
|
50
|
-
if context.metadata[:s3_arn]
|
51
|
-
ARN.resolve_url!(
|
52
|
-
context.http_request.endpoint,
|
53
|
-
context.metadata[:s3_arn][:arn],
|
54
|
-
context.metadata[:s3_arn][:resolved_region],
|
55
|
-
context.metadata[:s3_arn][:fips],
|
56
|
-
context.metadata[:s3_arn][:dualstack],
|
57
|
-
# if regional_endpoint is false, a custom endpoint was provided
|
58
|
-
# in this case, we want to prefix the endpoint using the ARN
|
59
|
-
!context.config.regional_endpoint
|
60
|
-
)
|
61
|
-
end
|
62
|
-
@handler.call(context)
|
63
|
-
end
|
64
|
-
end
|
65
|
-
|
66
|
-
# This plugin will extract out any ARN input and set context for other
|
67
|
-
# plugins to use without having to translate the ARN again.
|
68
|
-
class ARNHandler < Seahorse::Client::Handler
|
69
|
-
def call(context)
|
70
|
-
bucket_member = _bucket_member(context.operation.input.shape)
|
71
|
-
if bucket_member && (bucket = context.params[bucket_member])
|
72
|
-
resolved_region, arn = ARN.resolve_arn!(
|
73
|
-
bucket,
|
74
|
-
context.config.region,
|
75
|
-
context.config.s3_use_arn_region
|
76
|
-
)
|
77
|
-
if arn
|
78
|
-
validate_config!(context, arn)
|
79
|
-
|
80
|
-
fips = false
|
81
|
-
if resolved_region.include?('fips')
|
82
|
-
fips = true
|
83
|
-
resolved_region = resolved_region.gsub('fips-', '')
|
84
|
-
.gsub('-fips', '')
|
85
|
-
end
|
86
|
-
|
87
|
-
context.metadata[:s3_arn] = {
|
88
|
-
arn: arn,
|
89
|
-
resolved_region: resolved_region,
|
90
|
-
fips: fips,
|
91
|
-
dualstack: extract_dualstack_config!(context)
|
92
|
-
}
|
93
|
-
end
|
94
|
-
end
|
95
|
-
@handler.call(context)
|
96
|
-
end
|
97
|
-
|
98
|
-
private
|
99
|
-
|
100
|
-
def _bucket_member(input)
|
101
|
-
input.members.each do |member, ref|
|
102
|
-
return member if ref.shape.name == 'BucketName'
|
103
|
-
end
|
104
|
-
nil
|
105
|
-
end
|
106
|
-
|
107
|
-
# other plugins use dualstack so disable it when we're done
|
108
|
-
def extract_dualstack_config!(context)
|
109
|
-
dualstack = context[:use_dualstack_endpoint]
|
110
|
-
context[:use_dualstack_endpoint] = false if dualstack
|
111
|
-
dualstack
|
112
|
-
end
|
113
|
-
|
114
|
-
def validate_config!(context, arn)
|
115
|
-
if context.config.force_path_style
|
116
|
-
raise ArgumentError,
|
117
|
-
'Cannot provide an Access Point ARN when '\
|
118
|
-
'`:force_path_style` is set to true.'
|
119
|
-
end
|
120
|
-
|
121
|
-
if context.config.use_accelerate_endpoint
|
122
|
-
raise ArgumentError,
|
123
|
-
'Cannot provide an Access Point ARN when '\
|
124
|
-
'`:use_accelerate_endpoint` is set to true.'
|
125
|
-
end
|
126
|
-
|
127
|
-
if !arn.support_dualstack? && context[:use_dualstack_endpoint]
|
128
|
-
raise ArgumentError,
|
129
|
-
'Cannot provide an Outpost Access Point or Multi-region Access Point ARN'\
|
130
|
-
' when `:use_dualstack_endpoint` is set to true.'
|
131
|
-
end
|
132
|
-
|
133
|
-
if arn.region.empty? && context.config.s3_disable_multiregion_access_points
|
134
|
-
raise ArgumentError,
|
135
|
-
'Cannot provide a Multi-region Access Point ARN with '\
|
136
|
-
'`:s3_disable_multiregion_access_points` set to true'
|
137
|
-
end
|
138
|
-
end
|
139
|
-
end
|
140
|
-
|
141
34
|
class << self
|
142
|
-
# @api private
|
143
|
-
def resolve_arn!(member_value, region, use_arn_region)
|
144
|
-
if Aws::ARNParser.arn?(member_value)
|
145
|
-
arn = Aws::ARNParser.parse(member_value)
|
146
|
-
s3_arn = resolve_arn_type!(arn)
|
147
|
-
s3_arn.validate_arn!
|
148
|
-
validate_region_config!(s3_arn, region, use_arn_region)
|
149
|
-
region = s3_arn.region if use_arn_region && !region.include?('fips')
|
150
|
-
[region, s3_arn]
|
151
|
-
else
|
152
|
-
[region]
|
153
|
-
end
|
154
|
-
end
|
155
|
-
|
156
|
-
# @api private
|
157
|
-
def resolve_url!(url, arn, region, fips = false, dualstack = false, has_custom_endpoint = false)
|
158
|
-
custom_endpoint = url.host if has_custom_endpoint
|
159
|
-
url.host = arn.host_url(region, fips, dualstack, custom_endpoint)
|
160
|
-
url.path = url_path(url.path, arn)
|
161
|
-
url
|
162
|
-
end
|
163
|
-
|
164
35
|
private
|
165
36
|
|
166
|
-
def resolve_arn_type!(arn)
|
167
|
-
case arn.service
|
168
|
-
when 's3'
|
169
|
-
arn.region.empty? ?
|
170
|
-
Aws::S3::MultiRegionAccessPointARN.new(arn.to_h) :
|
171
|
-
Aws::S3::AccessPointARN.new(arn.to_h)
|
172
|
-
when 's3-outposts'
|
173
|
-
Aws::S3::OutpostAccessPointARN.new(arn.to_h)
|
174
|
-
when 's3-object-lambda'
|
175
|
-
Aws::S3::ObjectLambdaARN.new(arn.to_h)
|
176
|
-
else
|
177
|
-
raise ArgumentError,
|
178
|
-
'Only Access Point, Outposts, and Object Lambdas ARNs '\
|
179
|
-
'are currently supported.'
|
180
|
-
end
|
181
|
-
end
|
182
|
-
|
183
37
|
def resolve_s3_use_arn_region(cfg)
|
184
38
|
value = ENV['AWS_S3_USE_ARN_REGION'] ||
|
185
39
|
Aws.shared_config.s3_use_arn_region(profile: cfg.profile) ||
|
@@ -209,57 +63,6 @@ result in cross region requests.
|
|
209
63
|
end
|
210
64
|
value
|
211
65
|
end
|
212
|
-
|
213
|
-
# Remove ARN from the path because we've already set the new host
|
214
|
-
def url_path(path, arn)
|
215
|
-
path = path.sub("/#{Seahorse::Util.uri_escape(arn.to_s)}", '')
|
216
|
-
.sub("/#{arn}", '')
|
217
|
-
"/#{path}" unless path =~ /^\//
|
218
|
-
path
|
219
|
-
end
|
220
|
-
|
221
|
-
def validate_region_config!(arn, region, use_arn_region)
|
222
|
-
if ['s3-external-1', 'aws-global'].include?(region)
|
223
|
-
# These "regions" are not regional endpoints
|
224
|
-
unless use_arn_region
|
225
|
-
raise Aws::Errors::InvalidARNRegionError,
|
226
|
-
'Configured client region is not a regional endpoint.'
|
227
|
-
end
|
228
|
-
# These "regions" are in the AWS partition
|
229
|
-
# Cannot use ARN region unless it's the same partition
|
230
|
-
unless arn.partition == 'aws'
|
231
|
-
raise Aws::Errors::InvalidARNPartitionError
|
232
|
-
end
|
233
|
-
else
|
234
|
-
if region.include?('fips')
|
235
|
-
# If ARN type doesn't support FIPS but the client region is FIPS
|
236
|
-
unless arn.support_fips?
|
237
|
-
raise ArgumentError,
|
238
|
-
'FIPS client regions are not supported for this type '\
|
239
|
-
'of ARN.'
|
240
|
-
end
|
241
|
-
|
242
|
-
fips = true
|
243
|
-
# Normalize the region so we can compare partition and regions
|
244
|
-
region = region.gsub('fips-', '').gsub('-fips', '')
|
245
|
-
end
|
246
|
-
|
247
|
-
# use_arn_region does not apply to MRAP (global) arns
|
248
|
-
unless arn.region.empty?
|
249
|
-
# Raise if the ARN and client regions are in different partitions
|
250
|
-
if use_arn_region &&
|
251
|
-
!Aws::Partitions.partition(arn.partition).region?(region)
|
252
|
-
raise Aws::Errors::InvalidARNPartitionError
|
253
|
-
end
|
254
|
-
|
255
|
-
# Raise if regions mismatch
|
256
|
-
# Either when it's a fips client or not using the ARN region
|
257
|
-
if (!use_arn_region || fips) && region != arn.region
|
258
|
-
raise Aws::Errors::InvalidARNRegionError
|
259
|
-
end
|
260
|
-
end
|
261
|
-
end
|
262
|
-
end
|
263
66
|
end
|
264
67
|
end
|
265
68
|
end
|
@@ -23,45 +23,10 @@ When set to `true`, the bucket name is always left in the
|
|
23
23
|
request URI and never moved to the host as a sub-domain.
|
24
24
|
DOCS
|
25
25
|
|
26
|
-
|
27
|
-
|
28
|
-
|
29
|
-
|
30
|
-
# @api private
|
31
|
-
class Handler < Seahorse::Client::Handler
|
32
|
-
|
33
|
-
def call(context)
|
34
|
-
move_dns_compat_bucket_to_subdomain(context)
|
35
|
-
@handler.call(context)
|
36
|
-
end
|
37
|
-
|
38
|
-
private
|
39
|
-
|
40
|
-
def move_dns_compat_bucket_to_subdomain(context)
|
41
|
-
bucket_name = context.params[:bucket]
|
42
|
-
endpoint = context.http_request.endpoint
|
43
|
-
if bucket_name &&
|
44
|
-
BucketDns.dns_compatible?(bucket_name, https?(endpoint)) &&
|
45
|
-
context.operation_name.to_s != 'get_bucket_location'
|
46
|
-
move_bucket_to_subdomain(bucket_name, endpoint)
|
47
|
-
end
|
48
|
-
end
|
49
|
-
|
50
|
-
def move_bucket_to_subdomain(bucket_name, endpoint)
|
51
|
-
endpoint.host = "#{bucket_name}.#{endpoint.host}"
|
52
|
-
path = endpoint.path.sub("/#{bucket_name}", '')
|
53
|
-
path = "/#{path}" unless path.match(/^\//)
|
54
|
-
endpoint.path = path
|
55
|
-
end
|
56
|
-
|
57
|
-
def https?(uri)
|
58
|
-
uri.scheme == 'https'
|
59
|
-
end
|
60
|
-
|
61
|
-
end
|
62
|
-
|
26
|
+
# These class methods were originally used in a handler in this plugin.
|
27
|
+
# SigV2 legacy signer needs this logic so we keep it here as utility.
|
28
|
+
# New endpoint resolution will check this as a matcher.
|
63
29
|
class << self
|
64
|
-
|
65
30
|
# @param [String] bucket_name
|
66
31
|
# @param [Boolean] ssl
|
67
32
|
# @return [Boolean]
|
@@ -81,7 +46,6 @@ request URI and never moved to the host as a sub-domain.
|
|
81
46
|
bucket_name !~ /(\d+\.){3}\d+/ &&
|
82
47
|
bucket_name !~ /[.-]{2}/
|
83
48
|
end
|
84
|
-
|
85
49
|
end
|
86
50
|
end
|
87
51
|
end
|
@@ -13,12 +13,7 @@ module Aws
|
|
13
13
|
def call(context)
|
14
14
|
bucket_member = _bucket_member(context.operation.input.shape)
|
15
15
|
if bucket_member && (bucket = context.params[bucket_member])
|
16
|
-
|
17
|
-
bucket,
|
18
|
-
context.config.region,
|
19
|
-
context.config.s3_use_arn_region
|
20
|
-
)
|
21
|
-
if !arn && bucket.include?('/')
|
16
|
+
if !Aws::ARNParser.arn?(bucket) && bucket.include?('/')
|
22
17
|
raise ArgumentError,
|
23
18
|
'bucket name must not contain a forward-slash (/)'
|
24
19
|
end
|
@@ -5,18 +5,8 @@ module Aws
|
|
5
5
|
module Plugins
|
6
6
|
# @api private
|
7
7
|
class Dualstack < Seahorse::Client::Plugin
|
8
|
-
|
9
|
-
option(:use_dualstack_endpoint,
|
10
|
-
default: false,
|
11
|
-
doc_type: 'Boolean',
|
12
|
-
docstring: <<-DOCS)
|
13
|
-
When set to `true`, IPv6-compatible bucket endpoints will be used
|
14
|
-
for all operations.
|
15
|
-
DOCS
|
16
|
-
|
17
|
-
def add_handlers(handlers, config)
|
8
|
+
def add_handlers(handlers, _config)
|
18
9
|
handlers.add(OptionHandler, step: :initialize)
|
19
|
-
handlers.add(DualstackHandler, step: :build, priority: 11)
|
20
10
|
end
|
21
11
|
|
22
12
|
# @api private
|
@@ -27,54 +17,10 @@ for all operations.
|
|
27
17
|
dualstack = context.params.delete(:use_dualstack_endpoint)
|
28
18
|
end
|
29
19
|
dualstack = context.config.use_dualstack_endpoint if dualstack.nil?
|
30
|
-
# Raise if :endpoint and dualstack are both provided
|
31
|
-
if dualstack && !context.config.regional_endpoint
|
32
|
-
raise ArgumentError,
|
33
|
-
'Cannot use both :use_dualstack_endpoint and :endpoint'
|
34
|
-
end
|
35
20
|
context[:use_dualstack_endpoint] = dualstack
|
36
21
|
@handler.call(context)
|
37
22
|
end
|
38
23
|
end
|
39
|
-
|
40
|
-
# @api private
|
41
|
-
class DualstackHandler < Seahorse::Client::Handler
|
42
|
-
def call(context)
|
43
|
-
if context.config.regional_endpoint && use_dualstack_endpoint?(context)
|
44
|
-
apply_dualstack_endpoint(context)
|
45
|
-
end
|
46
|
-
@handler.call(context)
|
47
|
-
end
|
48
|
-
|
49
|
-
private
|
50
|
-
def apply_dualstack_endpoint(context)
|
51
|
-
bucket_name = context.params[:bucket]
|
52
|
-
region = context.config.region
|
53
|
-
dns_suffix = Aws::Partitions::EndpointProvider.dns_suffix_for(region)
|
54
|
-
|
55
|
-
if use_bucket_dns?(bucket_name, context)
|
56
|
-
host = "#{bucket_name}.s3.dualstack.#{region}.#{dns_suffix}"
|
57
|
-
else
|
58
|
-
host = "s3.dualstack.#{region}.#{dns_suffix}"
|
59
|
-
end
|
60
|
-
endpoint = URI.parse(context.http_request.endpoint.to_s)
|
61
|
-
endpoint.scheme = context.http_request.endpoint.scheme
|
62
|
-
endpoint.port = context.http_request.endpoint.port
|
63
|
-
endpoint.host = host
|
64
|
-
context.http_request.endpoint = endpoint.to_s
|
65
|
-
end
|
66
|
-
|
67
|
-
def use_bucket_dns?(bucket_name, context)
|
68
|
-
ssl = context.http_request.endpoint.scheme == "https"
|
69
|
-
bucket_name && BucketDns.dns_compatible?(bucket_name, ssl) &&
|
70
|
-
!context.config.force_path_style
|
71
|
-
end
|
72
|
-
|
73
|
-
def use_dualstack_endpoint?(context)
|
74
|
-
context[:use_dualstack_endpoint] && !context[:use_accelerate_endpoint]
|
75
|
-
end
|
76
|
-
end
|
77
|
-
|
78
24
|
end
|
79
25
|
end
|
80
26
|
end
|