aws-sdk-s3 1.103.0 → 1.143.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (93) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +288 -0
  3. data/VERSION +1 -1
  4. data/lib/aws-sdk-s3/bucket.rb +590 -100
  5. data/lib/aws-sdk-s3/bucket_acl.rb +28 -6
  6. data/lib/aws-sdk-s3/bucket_cors.rb +34 -10
  7. data/lib/aws-sdk-s3/bucket_lifecycle.rb +38 -12
  8. data/lib/aws-sdk-s3/bucket_lifecycle_configuration.rb +42 -12
  9. data/lib/aws-sdk-s3/bucket_logging.rb +35 -6
  10. data/lib/aws-sdk-s3/bucket_notification.rb +27 -9
  11. data/lib/aws-sdk-s3/bucket_policy.rb +78 -10
  12. data/lib/aws-sdk-s3/bucket_request_payment.rb +28 -6
  13. data/lib/aws-sdk-s3/bucket_tagging.rb +34 -10
  14. data/lib/aws-sdk-s3/bucket_versioning.rb +72 -14
  15. data/lib/aws-sdk-s3/bucket_website.rb +34 -10
  16. data/lib/aws-sdk-s3/client.rb +7917 -3171
  17. data/lib/aws-sdk-s3/client_api.rb +709 -224
  18. data/lib/aws-sdk-s3/customizations/bucket.rb +23 -47
  19. data/lib/aws-sdk-s3/customizations/errors.rb +27 -0
  20. data/lib/aws-sdk-s3/customizations/object.rb +171 -22
  21. data/lib/aws-sdk-s3/customizations/types/permanent_redirect.rb +26 -0
  22. data/lib/aws-sdk-s3/customizations.rb +7 -0
  23. data/lib/aws-sdk-s3/encryption/client.rb +6 -2
  24. data/lib/aws-sdk-s3/encryption/kms_cipher_provider.rb +13 -9
  25. data/lib/aws-sdk-s3/encryptionV2/client.rb +6 -2
  26. data/lib/aws-sdk-s3/encryptionV2/decrypt_handler.rb +1 -0
  27. data/lib/aws-sdk-s3/encryptionV2/kms_cipher_provider.rb +10 -6
  28. data/lib/aws-sdk-s3/endpoint_parameters.rb +178 -0
  29. data/lib/aws-sdk-s3/endpoint_provider.rb +591 -0
  30. data/lib/aws-sdk-s3/endpoints.rb +2590 -0
  31. data/lib/aws-sdk-s3/express_credentials.rb +55 -0
  32. data/lib/aws-sdk-s3/express_credentials_cache.rb +30 -0
  33. data/lib/aws-sdk-s3/express_credentials_provider.rb +36 -0
  34. data/lib/aws-sdk-s3/file_downloader.rb +170 -45
  35. data/lib/aws-sdk-s3/file_uploader.rb +11 -4
  36. data/lib/aws-sdk-s3/multipart_file_uploader.rb +26 -8
  37. data/lib/aws-sdk-s3/multipart_stream_uploader.rb +41 -14
  38. data/lib/aws-sdk-s3/multipart_upload.rb +194 -19
  39. data/lib/aws-sdk-s3/multipart_upload_part.rb +280 -30
  40. data/lib/aws-sdk-s3/object.rb +1735 -266
  41. data/lib/aws-sdk-s3/object_acl.rb +49 -13
  42. data/lib/aws-sdk-s3/object_copier.rb +7 -5
  43. data/lib/aws-sdk-s3/object_multipart_copier.rb +41 -19
  44. data/lib/aws-sdk-s3/object_summary.rb +1497 -221
  45. data/lib/aws-sdk-s3/object_version.rb +365 -58
  46. data/lib/aws-sdk-s3/plugins/accelerate.rb +3 -44
  47. data/lib/aws-sdk-s3/plugins/arn.rb +0 -197
  48. data/lib/aws-sdk-s3/plugins/bucket_dns.rb +3 -39
  49. data/lib/aws-sdk-s3/plugins/bucket_name_restrictions.rb +1 -6
  50. data/lib/aws-sdk-s3/plugins/dualstack.rb +1 -55
  51. data/lib/aws-sdk-s3/plugins/endpoints.rb +274 -0
  52. data/lib/aws-sdk-s3/plugins/expect_100_continue.rb +2 -1
  53. data/lib/aws-sdk-s3/plugins/express_session_auth.rb +91 -0
  54. data/lib/aws-sdk-s3/plugins/iad_regional_endpoint.rb +6 -29
  55. data/lib/aws-sdk-s3/plugins/location_constraint.rb +3 -1
  56. data/lib/aws-sdk-s3/plugins/md5s.rb +6 -3
  57. data/lib/aws-sdk-s3/plugins/s3_signer.rb +35 -109
  58. data/lib/aws-sdk-s3/plugins/skip_whole_multipart_get_checksums.rb +31 -0
  59. data/lib/aws-sdk-s3/plugins/streaming_retry.rb +23 -2
  60. data/lib/aws-sdk-s3/presigned_post.rb +99 -78
  61. data/lib/aws-sdk-s3/presigner.rb +26 -37
  62. data/lib/aws-sdk-s3/resource.rb +97 -3
  63. data/lib/aws-sdk-s3/types.rb +6618 -4880
  64. data/lib/aws-sdk-s3.rb +5 -1
  65. data/sig/bucket.rbs +212 -0
  66. data/sig/bucket_acl.rbs +78 -0
  67. data/sig/bucket_cors.rbs +69 -0
  68. data/sig/bucket_lifecycle.rbs +88 -0
  69. data/sig/bucket_lifecycle_configuration.rbs +111 -0
  70. data/sig/bucket_logging.rbs +76 -0
  71. data/sig/bucket_notification.rbs +114 -0
  72. data/sig/bucket_policy.rbs +59 -0
  73. data/sig/bucket_request_payment.rbs +54 -0
  74. data/sig/bucket_tagging.rbs +65 -0
  75. data/sig/bucket_versioning.rbs +77 -0
  76. data/sig/bucket_website.rbs +93 -0
  77. data/sig/client.rbs +2360 -0
  78. data/sig/errors.rbs +34 -0
  79. data/sig/multipart_upload.rbs +110 -0
  80. data/sig/multipart_upload_part.rbs +105 -0
  81. data/sig/object.rbs +436 -0
  82. data/sig/object_acl.rbs +86 -0
  83. data/sig/object_summary.rbs +334 -0
  84. data/sig/object_version.rbs +131 -0
  85. data/sig/resource.rbs +124 -0
  86. data/sig/types.rbs +2562 -0
  87. data/sig/waiters.rbs +83 -0
  88. metadata +45 -16
  89. data/lib/aws-sdk-s3/arn/access_point_arn.rb +0 -69
  90. data/lib/aws-sdk-s3/arn/multi_region_access_point_arn.rb +0 -69
  91. data/lib/aws-sdk-s3/arn/object_lambda_arn.rb +0 -69
  92. data/lib/aws-sdk-s3/arn/outpost_access_point_arn.rb +0 -73
  93. data/lib/aws-sdk-s3/plugins/object_lambda_endpoint.rb +0 -25
@@ -0,0 +1,31 @@
1
+ # frozen_string_literal: true
2
+
3
+ module Aws
4
+ module S3
5
+ module Plugins
6
+
7
+ # S3 GetObject results for whole Multipart Objects contain a checksum
8
+ # that cannot be validated. These should be skipped by the
9
+ # ChecksumAlgorithm plugin.
10
+ class SkipWholeMultipartGetChecksums < Seahorse::Client::Plugin
11
+
12
+ class Handler < Seahorse::Client::Handler
13
+
14
+ def call(context)
15
+ context[:http_checksum] ||= {}
16
+ context[:http_checksum][:skip_on_suffix] = true
17
+
18
+ @handler.call(context)
19
+ end
20
+
21
+ end
22
+
23
+ handler(
24
+ Handler,
25
+ step: :initialize,
26
+ operations: [:get_object]
27
+ )
28
+ end
29
+ end
30
+ end
31
+ end
@@ -36,6 +36,17 @@ module Aws
36
36
  def rewind; end
37
37
  end
38
38
 
39
+ class NonRetryableStreamingError < StandardError
40
+
41
+ def initialize(error)
42
+ super('Unable to retry request - retry could result in processing duplicated chunks.')
43
+ set_backtrace(error.backtrace)
44
+ @original_error = error
45
+ end
46
+
47
+ attr_reader :original_error
48
+ end
49
+
39
50
  # This handler works with the ResponseTarget plugin to provide smart
40
51
  # retries of S3 streaming operations that support the range parameter
41
52
  # (currently only: get_object). When a 200 OK with a TruncatedBodyError
@@ -84,8 +95,18 @@ module Aws
84
95
  end
85
96
 
86
97
  context.http_response.on_error do |error|
87
- if retryable_body?(context) && truncated_body?(error)
88
- context.http_request.headers[:range] = "bytes=#{context.http_response.body.size}-"
98
+ if retryable_body?(context)
99
+ if truncated_body?(error)
100
+ context.http_request.headers[:range] = "bytes=#{context.http_response.body.size}-"
101
+ else
102
+ case context.http_response.body
103
+ when RetryableManagedFile
104
+ # call rewind on the underlying file
105
+ context.http_response.body.instance_variable_get(:@file).rewind
106
+ else
107
+ raise NonRetryableStreamingError, error
108
+ end
109
+ end
89
110
  end
90
111
  end
91
112
  end
@@ -98,7 +98,7 @@ module Aws
98
98
  # or call the associated method.
99
99
  #
100
100
  # ```ruby
101
- # post = Aws::S3::PresignedPost.new(creds, region, bucket).
101
+ # post = Aws::S3::PresignedPost.new(creds, region, bucket)
102
102
  # post.content_type('text/plain')
103
103
  # ```
104
104
  #
@@ -176,11 +176,17 @@ module Aws
176
176
  # ```
177
177
  #
178
178
  class PresignedPost
179
+ @@allowed_fields = []
179
180
 
180
181
  # @param [Credentials] credentials Security credentials for signing
181
182
  # the post policy.
182
183
  # @param [String] bucket_region Region of the target bucket.
183
184
  # @param [String] bucket_name Name of the target bucket.
185
+ # @option options [Boolean] :use_accelerate_endpoint (false) When `true`,
186
+ # PresignedPost will attempt to use accelerated endpoint.
187
+ # @option options [String] :url See {PresignedPost#url}.
188
+ # @option options [Sting, Array<String>] :allow_any
189
+ # See {PresignedPost#allow_any}.
184
190
  # @option options [Time] :signature_expiration Specify when the signature on
185
191
  # the post will expire. Defaults to one hour from creation of the
186
192
  # presigned post. May not exceed one week from creation time.
@@ -205,7 +211,7 @@ module Aws
205
211
  # See {PresignedPost#content_encoding}.
206
212
  # @option options [String] :content_encoding_starts_with
207
213
  # See {PresignedPost#content_encoding_starts_with}.
208
- # @option options [String] :expires See {PresignedPost#expires}.
214
+ # @option options [Time] :expires See {PresignedPost#expires}.
209
215
  # @option options [String] :expires_starts_with
210
216
  # See {PresignedPost#expires_starts_with}.
211
217
  # @option options [Range<Integer>] :content_length_range
@@ -232,6 +238,8 @@ module Aws
232
238
  # See {PresignedPost#server_side_encryption_customer_algorithm}.
233
239
  # @option options [String] :server_side_encryption_customer_key
234
240
  # See {PresignedPost#server_side_encryption_customer_key}.
241
+ # @option options [String] :server_side_encryption_customer_key_starts_with
242
+ # See {PresignedPost#server_side_encryption_customer_key_starts_with}.
235
243
  def initialize(credentials, bucket_region, bucket_name, options = {})
236
244
  @credentials = credentials.credentials
237
245
  @bucket_region = bucket_region
@@ -247,7 +255,12 @@ module Aws
247
255
  case option_name
248
256
  when :allow_any then allow_any(option_value)
249
257
  when :signature_expiration then @signature_expiration = option_value
250
- else send("#{option_name}", option_value)
258
+ else
259
+ if @@allowed_fields.include?(option_name)
260
+ send("#{option_name}", option_value)
261
+ else
262
+ raise ArgumentError, "Unsupported option: #{option_name}"
263
+ end
251
264
  end
252
265
  end
253
266
  end
@@ -279,44 +292,52 @@ module Aws
279
292
  end
280
293
 
281
294
  # @api private
282
- def self.define_field(field, *args)
295
+ def self.define_field(field, *args, &block)
296
+ @@allowed_fields << field
283
297
  options = args.last.is_a?(Hash) ? args.pop : {}
284
298
  field_name = args.last || field.to_s
285
299
 
286
- define_method("#{field}") do |value|
287
- with(field_name, value)
288
- end
300
+ if block_given?
301
+ define_method("#{field}", block)
302
+ else
303
+ define_method("#{field}") do |value|
304
+ with(field_name, value)
305
+ end
289
306
 
290
- if options[:starts_with]
291
- define_method("#{field}_starts_with") do |value|
292
- starts_with(field_name, value)
307
+ if options[:starts_with]
308
+ @@allowed_fields << "#{field}_starts_with".to_sym
309
+ define_method("#{field}_starts_with") do |value|
310
+ starts_with(field_name, value)
311
+ end
293
312
  end
294
313
  end
295
314
  end
296
315
 
297
316
  # @!group Fields
298
317
 
299
- # The key to use for the uploaded object. You can use `${filename}`
300
- # as a variable in the key. This will be replaced with the name
301
- # of the file as provided by the user.
318
+ # @!method key(key)
319
+ # The key to use for the uploaded object. You can use `${filename}`
320
+ # as a variable in the key. This will be replaced with the name
321
+ # of the file as provided by the user.
302
322
  #
303
- # For example, if the key is given as `/user/betty/${filename}` and
304
- # the file uploaded is named `lolcatz.jpg`, the resultant key will
305
- # be `/user/betty/lolcatz.jpg`.
323
+ # For example, if the key is given as `/user/betty/${filename}` and
324
+ # the file uploaded is named `lolcatz.jpg`, the resultant key will
325
+ # be `/user/betty/lolcatz.jpg`.
306
326
  #
307
- # @param [String] key
308
- # @see http://docs.aws.amazon.com/AmazonS3/latest/dev/UsingMetadata.html)
309
- # @return [self]
310
- def key(key)
327
+ # @param [String] key
328
+ # @see http://docs.aws.amazon.com/AmazonS3/latest/dev/UsingMetadata.html)
329
+ # @return [self]
330
+ define_field(:key) do |key|
311
331
  @key_set = true
312
332
  with('key', key)
313
333
  end
314
334
 
315
- # Specify a prefix the uploaded
316
- # @param [String] prefix
317
- # @see #key
318
- # @return [self]
319
- def key_starts_with(prefix)
335
+ # @!method key_starts_with(prefix)
336
+ # Specify a prefix the uploaded
337
+ # @param [String] prefix
338
+ # @see #key
339
+ # @return [self]
340
+ define_field(:key_starts_with) do |prefix|
320
341
  @key_set = true
321
342
  starts_with('key', prefix)
322
343
  end
@@ -393,27 +414,30 @@ module Aws
393
414
  # @return [self]
394
415
  define_field(:content_encoding, 'Content-Encoding', starts_with: true)
395
416
 
396
- # The date and time at which the object is no longer cacheable.
397
- # @note This does not affect the expiration of the presigned post
398
- # signature.
399
- # @param [Time] time
400
- # @see http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.21
401
- # @return [self]
402
- def expires(time)
417
+ # @!method expires(time)
418
+ # The date and time at which the object is no longer cacheable.
419
+ # @note This does not affect the expiration of the presigned post
420
+ # signature.
421
+ # @param [Time] time
422
+ # @see http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.21
423
+ # @return [self]
424
+ define_field(:expires) do |time|
403
425
  with('Expires', time.httpdate)
404
426
  end
405
427
 
406
- # @param [String] prefix
407
- # @see #expires
408
- # @return [self]
409
- def expires_starts_with(prefix)
428
+ # @!method expires_starts_with(prefix)
429
+ # @param [String] prefix
430
+ # @see #expires
431
+ # @return [self]
432
+ define_field(:expires_starts_with) do |prefix|
410
433
  starts_with('Expires', prefix)
411
434
  end
412
435
 
413
- # The minimum and maximum allowable size for the uploaded content.
414
- # @param [Range<Integer>] byte_range
415
- # @return [self]
416
- def content_length_range(byte_range)
436
+ # @!method content_length_range(byte_range)
437
+ # The minimum and maximum allowable size for the uploaded content.
438
+ # @param [Range<Integer>] byte_range
439
+ # @return [self]
440
+ define_field(:content_length_range) do |byte_range|
417
441
  min = byte_range.begin
418
442
  max = byte_range.end
419
443
  max -= 1 if byte_range.exclude_end?
@@ -488,22 +512,24 @@ module Aws
488
512
  # @return [self]
489
513
  define_field(:website_redirect_location, 'x-amz-website-redirect-location')
490
514
 
491
- # Metadata hash to store with the uploaded object. Hash keys will be
492
- # prefixed with "x-amz-meta-".
493
- # @param [Hash<String,String>] hash
494
- # @return [self]
495
- def metadata(hash)
515
+ # @!method metadata(hash)
516
+ # Metadata hash to store with the uploaded object. Hash keys will be
517
+ # prefixed with "x-amz-meta-".
518
+ # @param [Hash<String,String>] hash
519
+ # @return [self]
520
+ define_field(:metadata) do |hash|
496
521
  hash.each do |key, value|
497
522
  with("x-amz-meta-#{key}", value)
498
523
  end
499
524
  self
500
525
  end
501
526
 
502
- # Specify allowable prefix for each key in the metadata hash.
503
- # @param [Hash<String,String>] hash
504
- # @see #metadata
505
- # @return [self]
506
- def metadata_starts_with(hash)
527
+ # @!method metadata_starts_with(hash)
528
+ # Specify allowable prefix for each key in the metadata hash.
529
+ # @param [Hash<String,String>] hash
530
+ # @see #metadata
531
+ # @return [self]
532
+ define_field(:metadata_starts_with) do |hash|
507
533
  hash.each do |key, value|
508
534
  starts_with("x-amz-meta-#{key}", value)
509
535
  end
@@ -552,25 +578,27 @@ module Aws
552
578
  'x-amz-server-side-encryption-customer-algorithm'
553
579
  )
554
580
 
555
- # Specifies the customer-provided encryption key for Amazon S3 to use
556
- # in encrypting data. This value is used to store the object and then
557
- # it is discarded; Amazon does not store the encryption key.
581
+ # @!method server_side_encryption_customer_key(value)
582
+ # Specifies the customer-provided encryption key for Amazon S3 to use
583
+ # in encrypting data. This value is used to store the object and then
584
+ # it is discarded; Amazon does not store the encryption key.
558
585
  #
559
- # You must also call {#server_side_encryption_customer_algorithm}.
586
+ # You must also call {#server_side_encryption_customer_algorithm}.
560
587
  #
561
- # @param [String] value
562
- # @see #server_side_encryption_customer_algorithm
563
- # @return [self]
564
- def server_side_encryption_customer_key(value)
588
+ # @param [String] value
589
+ # @see #server_side_encryption_customer_algorithm
590
+ # @return [self]
591
+ define_field(:server_side_encryption_customer_key) do |value|
565
592
  field_name = 'x-amz-server-side-encryption-customer-key'
566
593
  with(field_name, base64(value))
567
594
  with(field_name + '-MD5', base64(OpenSSL::Digest::MD5.digest(value)))
568
595
  end
569
596
 
570
- # @param [String] prefix
571
- # @see #server_side_encryption_customer_key
572
- # @return [self]
573
- def server_side_encryption_customer_key_starts_with(prefix)
597
+ # @!method server_side_encryption_customer_key_starts_with(prefix)
598
+ # @param [String] prefix
599
+ # @see #server_side_encryption_customer_key
600
+ # @return [self]
601
+ define_field(:server_side_encryption_customer_key_starts_with) do |prefix|
574
602
  field_name = 'x-amz-server-side-encryption-customer-key'
575
603
  starts_with(field_name, prefix)
576
604
  end
@@ -610,22 +638,15 @@ module Aws
610
638
  end
611
639
 
612
640
  def bucket_url
613
- url = Aws::Partitions::EndpointProvider.resolve(@bucket_region, 's3')
614
- url = URI.parse(url)
615
- if Plugins::BucketDns.dns_compatible?(@bucket_name, _ssl = true)
616
- if @accelerate
617
- url.host = "#{@bucket_name}.s3-accelerate.amazonaws.com"
618
- else
619
- url.host = "#{@bucket_name}.#{url.host}"
620
- end
621
- else
622
- url.path = "/#{@bucket_name}"
623
- end
624
- if @bucket_region == 'us-east-1'
625
- # keep legacy behavior by default
626
- url.host = Plugins::IADRegionalEndpoint.legacy_host(url.host)
627
- end
628
- url.to_s
641
+ # Taken from Aws::S3::Endpoints module
642
+ params = Aws::S3::EndpointParameters.new(
643
+ bucket: @bucket_name,
644
+ region: @bucket_region,
645
+ accelerate: @accelerate,
646
+ use_global_endpoint: true
647
+ )
648
+ endpoint = Aws::S3::EndpointProvider.new.resolve_endpoint(params)
649
+ endpoint.url
629
650
  end
630
651
 
631
652
  # @return [Hash]
@@ -49,7 +49,8 @@ module Aws
49
49
  # before the presigned URL expires. Defaults to 15 minutes. As signature
50
50
  # version 4 has a maximum expiry time of one week for presigned URLs,
51
51
  # attempts to set this value to greater than one week (604800) will
52
- # raise an exception.
52
+ # raise an exception. The min value of this option and the credentials
53
+ # expiration time is used in the presigned URL.
53
54
  #
54
55
  # @option params [Time] :time (Time.now) The starting time for when the
55
56
  # presigned url becomes active.
@@ -96,7 +97,8 @@ module Aws
96
97
  # before the presigned URL expires. Defaults to 15 minutes. As signature
97
98
  # version 4 has a maximum expiry time of one week for presigned URLs,
98
99
  # attempts to set this value to greater than one week (604800) will
99
- # raise an exception.
100
+ # raise an exception. The min value of this option and the credentials
101
+ # expiration time is used in the presigned URL.
100
102
  #
101
103
  # @option params [Time] :time (Time.now) The starting time for when the
102
104
  # presigned url becomes active.
@@ -133,7 +135,7 @@ module Aws
133
135
  virtual_host = params.delete(:virtual_host)
134
136
  time = params.delete(:time)
135
137
  unsigned_headers = unsigned_headers(params)
136
- scheme = http_scheme(params)
138
+ secure = params.delete(:secure) != false
137
139
  expires_in = expires_in(params)
138
140
 
139
141
  req = @client.build_request(method, params)
@@ -141,7 +143,7 @@ module Aws
141
143
  handle_presigned_url_context(req)
142
144
 
143
145
  x_amz_headers = sign_but_dont_send(
144
- req, expires_in, scheme, time, unsigned_headers, hoist
146
+ req, expires_in, secure, time, unsigned_headers, hoist
145
147
  )
146
148
  [req.send_request.data, x_amz_headers]
147
149
  end
@@ -151,14 +153,6 @@ module Aws
151
153
  BLACKLISTED_HEADERS - whitelist_headers
152
154
  end
153
155
 
154
- def http_scheme(params)
155
- if params.delete(:secure) == false
156
- 'http'
157
- else
158
- @client.config.endpoint.scheme
159
- end
160
- end
161
-
162
156
  def expires_in(params)
163
157
  if (expires_in = params.delete(:expires_in))
164
158
  if expires_in > ONE_WEEK
@@ -175,8 +169,7 @@ module Aws
175
169
  end
176
170
 
177
171
  def use_bucket_as_hostname(req)
178
- req.handlers.remove(Plugins::BucketDns::Handler)
179
- req.handle do |context|
172
+ req.handle(priority: 35) do |context|
180
173
  uri = context.http_request.endpoint
181
174
  uri.host = context.params[:bucket]
182
175
  uri.path.sub!("/#{context.params[:bucket]}", '')
@@ -197,22 +190,21 @@ module Aws
197
190
 
198
191
  # @param [Seahorse::Client::Request] req
199
192
  def sign_but_dont_send(
200
- req, expires_in, scheme, time, unsigned_headers, hoist = true
193
+ req, expires_in, secure, time, unsigned_headers, hoist = true
201
194
  )
202
195
  x_amz_headers = {}
203
196
 
204
197
  http_req = req.context.http_request
205
198
 
206
199
  req.handlers.remove(Aws::S3::Plugins::S3Signer::LegacyHandler)
207
- req.handlers.remove(Aws::S3::Plugins::S3Signer::V4Handler)
200
+ req.handlers.remove(Aws::Plugins::Sign::Handler)
208
201
  req.handlers.remove(Seahorse::Client::Plugins::ContentLength::Handler)
209
202
 
210
203
  req.handle(step: :send) do |context|
211
- if scheme != http_req.endpoint.scheme
212
- endpoint = http_req.endpoint.dup
213
- endpoint.scheme = scheme
214
- endpoint.port = (scheme == 'http' ? 80 : 443)
215
- http_req.endpoint = URI.parse(endpoint.to_s)
204
+ # if an endpoint was not provided, force secure or insecure
205
+ if context.config.regional_endpoint
206
+ http_req.endpoint.scheme = secure ? 'https' : 'http'
207
+ http_req.endpoint.port = secure ? 443 : 80
216
208
  end
217
209
 
218
210
  query = http_req.endpoint.query ? http_req.endpoint.query.split('&') : []
@@ -231,24 +223,21 @@ module Aws
231
223
  end
232
224
  http_req.endpoint.query = query.join('&') unless query.empty?
233
225
 
234
- signing_algorithm = :sigv4
235
-
236
- # If it's an ARN, get the resolved region and service
237
- if (arn = context.metadata[:s3_arn])
238
- region = arn[:resolved_region]
239
- service = arn[:arn].service
240
- region = arn[:arn].is_a?(MultiRegionAccessPointARN) ? '*': arn[:resolved_region]
241
- signing_algorithm = arn[:arn].is_a?(MultiRegionAccessPointARN) ? :sigv4a : :sigv4
242
- end
243
-
226
+ auth_scheme = context[:auth_scheme]
227
+ scheme_name = auth_scheme['name']
228
+ region = if scheme_name == 'sigv4a'
229
+ auth_scheme['signingRegionSet'].first
230
+ else
231
+ auth_scheme['signingRegion']
232
+ end
244
233
  signer = Aws::Sigv4::Signer.new(
245
- service: service || 's3',
246
- region: region || context.config.region,
247
- signing_algorithm: signing_algorithm,
248
- credentials_provider: context.config.credentials,
234
+ service: auth_scheme['signingName'] || 's3',
235
+ region: context[:sigv4_region] || region || context.config.region,
236
+ credentials_provider: context[:sigv4_credentials] || context.config.credentials,
237
+ signing_algorithm: scheme_name.to_sym,
238
+ uri_escape_path: !!!auth_scheme['disableDoubleEncoding'],
249
239
  unsigned_headers: unsigned_headers,
250
- apply_checksum_header: false,
251
- uri_escape_path: false
240
+ apply_checksum_header: false
252
241
  )
253
242
 
254
243
  url = signer.presign_url(
@@ -41,7 +41,15 @@ module Aws::S3
41
41
  # acl: "private", # accepts private, public-read, public-read-write, authenticated-read
42
42
  # bucket: "BucketName", # required
43
43
  # create_bucket_configuration: {
44
- # location_constraint: "af-south-1", # accepts af-south-1, ap-east-1, ap-northeast-1, ap-northeast-2, ap-northeast-3, ap-south-1, ap-southeast-1, ap-southeast-2, ca-central-1, cn-north-1, cn-northwest-1, EU, eu-central-1, eu-north-1, eu-south-1, eu-west-1, eu-west-2, eu-west-3, me-south-1, sa-east-1, us-east-2, us-gov-east-1, us-gov-west-1, us-west-1, us-west-2
44
+ # location_constraint: "af-south-1", # accepts af-south-1, ap-east-1, ap-northeast-1, ap-northeast-2, ap-northeast-3, ap-south-1, ap-south-2, ap-southeast-1, ap-southeast-2, ap-southeast-3, ca-central-1, cn-north-1, cn-northwest-1, EU, eu-central-1, eu-north-1, eu-south-1, eu-south-2, eu-west-1, eu-west-2, eu-west-3, me-south-1, sa-east-1, us-east-2, us-gov-east-1, us-gov-west-1, us-west-1, us-west-2
45
+ # location: {
46
+ # type: "AvailabilityZone", # accepts AvailabilityZone
47
+ # name: "LocationNameAsString",
48
+ # },
49
+ # bucket: {
50
+ # data_redundancy: "SingleAvailabilityZone", # accepts SingleAvailabilityZone
51
+ # type: "Directory", # accepts Directory
52
+ # },
45
53
  # },
46
54
  # grant_full_control: "GrantFullControl",
47
55
  # grant_read: "GrantRead",
@@ -49,34 +57,118 @@ module Aws::S3
49
57
  # grant_write: "GrantWrite",
50
58
  # grant_write_acp: "GrantWriteACP",
51
59
  # object_lock_enabled_for_bucket: false,
60
+ # object_ownership: "BucketOwnerPreferred", # accepts BucketOwnerPreferred, ObjectWriter, BucketOwnerEnforced
52
61
  # })
53
62
  # @param [Hash] options ({})
54
63
  # @option options [String] :acl
55
64
  # The canned ACL to apply to the bucket.
65
+ #
66
+ # <note markdown="1"> This functionality is not supported for directory buckets.
67
+ #
68
+ # </note>
56
69
  # @option options [required, String] :bucket
57
70
  # The name of the bucket to create.
71
+ #
72
+ # **General purpose buckets** - For information about bucket naming
73
+ # restrictions, see [Bucket naming rules][1] in the *Amazon S3 User
74
+ # Guide*.
75
+ #
76
+ # <b>Directory buckets </b> - When you use this operation with a
77
+ # directory bucket, you must use path-style requests in the format
78
+ # `https://s3express-control.region_code.amazonaws.com/bucket-name `.
79
+ # Virtual-hosted-style requests aren't supported. Directory bucket
80
+ # names must be unique in the chosen Availability Zone. Bucket names
81
+ # must also follow the format ` bucket_base_name--az_id--x-s3` (for
82
+ # example, ` DOC-EXAMPLE-BUCKET--usw2-az2--x-s3`). For information about
83
+ # bucket naming restrictions, see [Directory bucket naming rules][2] in
84
+ # the *Amazon S3 User Guide*
85
+ #
86
+ #
87
+ #
88
+ # [1]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/bucketnamingrules.html
89
+ # [2]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-bucket-naming-rules.html
58
90
  # @option options [Types::CreateBucketConfiguration] :create_bucket_configuration
59
91
  # The configuration information for the bucket.
60
92
  # @option options [String] :grant_full_control
61
93
  # Allows grantee the read, write, read ACP, and write ACP permissions on
62
94
  # the bucket.
95
+ #
96
+ # <note markdown="1"> This functionality is not supported for directory buckets.
97
+ #
98
+ # </note>
63
99
  # @option options [String] :grant_read
64
100
  # Allows grantee to list the objects in the bucket.
101
+ #
102
+ # <note markdown="1"> This functionality is not supported for directory buckets.
103
+ #
104
+ # </note>
65
105
  # @option options [String] :grant_read_acp
66
106
  # Allows grantee to read the bucket ACL.
107
+ #
108
+ # <note markdown="1"> This functionality is not supported for directory buckets.
109
+ #
110
+ # </note>
67
111
  # @option options [String] :grant_write
68
112
  # Allows grantee to create new objects in the bucket.
69
113
  #
70
114
  # For the bucket and object owners of existing objects, also allows
71
115
  # deletions and overwrites of those objects.
116
+ #
117
+ # <note markdown="1"> This functionality is not supported for directory buckets.
118
+ #
119
+ # </note>
72
120
  # @option options [String] :grant_write_acp
73
121
  # Allows grantee to write the ACL for the applicable bucket.
122
+ #
123
+ # <note markdown="1"> This functionality is not supported for directory buckets.
124
+ #
125
+ # </note>
74
126
  # @option options [Boolean] :object_lock_enabled_for_bucket
75
127
  # Specifies whether you want S3 Object Lock to be enabled for the new
76
128
  # bucket.
129
+ #
130
+ # <note markdown="1"> This functionality is not supported for directory buckets.
131
+ #
132
+ # </note>
133
+ # @option options [String] :object_ownership
134
+ # The container element for object ownership for a bucket's ownership
135
+ # controls.
136
+ #
137
+ # `BucketOwnerPreferred` - Objects uploaded to the bucket change
138
+ # ownership to the bucket owner if the objects are uploaded with the
139
+ # `bucket-owner-full-control` canned ACL.
140
+ #
141
+ # `ObjectWriter` - The uploading account will own the object if the
142
+ # object is uploaded with the `bucket-owner-full-control` canned ACL.
143
+ #
144
+ # `BucketOwnerEnforced` - Access control lists (ACLs) are disabled and
145
+ # no longer affect permissions. The bucket owner automatically owns and
146
+ # has full control over every object in the bucket. The bucket only
147
+ # accepts PUT requests that don't specify an ACL or specify bucket
148
+ # owner full control ACLs (such as the predefined
149
+ # `bucket-owner-full-control` canned ACL or a custom ACL in XML format
150
+ # that grants the same permissions).
151
+ #
152
+ # By default, `ObjectOwnership` is set to `BucketOwnerEnforced` and ACLs
153
+ # are disabled. We recommend keeping ACLs disabled, except in uncommon
154
+ # use cases where you must control access for each object individually.
155
+ # For more information about S3 Object Ownership, see [Controlling
156
+ # ownership of objects and disabling ACLs for your bucket][1] in the
157
+ # *Amazon S3 User Guide*.
158
+ #
159
+ # <note markdown="1"> This functionality is not supported for directory buckets. Directory
160
+ # buckets use the bucket owner enforced setting for S3 Object Ownership.
161
+ #
162
+ # </note>
163
+ #
164
+ #
165
+ #
166
+ # [1]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html
77
167
  # @return [Bucket]
78
168
  def create_bucket(options = {})
79
- @client.create_bucket(options)
169
+ Aws::Plugins::UserAgent.feature('resource') do
170
+ @client.create_bucket(options)
171
+ end
80
172
  Bucket.new(
81
173
  name: options[:bucket],
82
174
  client: @client
@@ -102,7 +194,9 @@ module Aws::S3
102
194
  def buckets(options = {})
103
195
  batches = Enumerator.new do |y|
104
196
  batch = []
105
- resp = @client.list_buckets(options)
197
+ resp = Aws::Plugins::UserAgent.feature('resource') do
198
+ @client.list_buckets(options)
199
+ end
106
200
  resp.data.buckets.each do |b|
107
201
  batch << Bucket.new(
108
202
  name: b.name,