aws-sdk-s3 1.114.0 → 1.136.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +163 -0
- data/VERSION +1 -1
- data/lib/aws-sdk-s3/bucket.rb +123 -61
- data/lib/aws-sdk-s3/bucket_acl.rb +9 -3
- data/lib/aws-sdk-s3/bucket_cors.rb +12 -4
- data/lib/aws-sdk-s3/bucket_lifecycle.rb +12 -4
- data/lib/aws-sdk-s3/bucket_lifecycle_configuration.rb +12 -4
- data/lib/aws-sdk-s3/bucket_logging.rb +9 -3
- data/lib/aws-sdk-s3/bucket_notification.rb +9 -3
- data/lib/aws-sdk-s3/bucket_policy.rb +12 -4
- data/lib/aws-sdk-s3/bucket_request_payment.rb +9 -3
- data/lib/aws-sdk-s3/bucket_tagging.rb +12 -4
- data/lib/aws-sdk-s3/bucket_versioning.rb +15 -5
- data/lib/aws-sdk-s3/bucket_website.rb +12 -4
- data/lib/aws-sdk-s3/client.rb +2084 -1724
- data/lib/aws-sdk-s3/client_api.rb +213 -189
- data/lib/aws-sdk-s3/customizations/bucket.rb +23 -47
- data/lib/aws-sdk-s3/customizations/errors.rb +27 -0
- data/lib/aws-sdk-s3/customizations/object.rb +95 -19
- data/lib/aws-sdk-s3/customizations/types/permanent_redirect.rb +26 -0
- data/lib/aws-sdk-s3/customizations.rb +2 -0
- data/lib/aws-sdk-s3/encryption/client.rb +6 -2
- data/lib/aws-sdk-s3/encryption/kms_cipher_provider.rb +13 -9
- data/lib/aws-sdk-s3/encryptionV2/client.rb +6 -2
- data/lib/aws-sdk-s3/encryptionV2/decrypt_handler.rb +1 -0
- data/lib/aws-sdk-s3/encryptionV2/kms_cipher_provider.rb +10 -6
- data/lib/aws-sdk-s3/endpoint_parameters.rb +146 -0
- data/lib/aws-sdk-s3/endpoint_provider.rb +509 -0
- data/lib/aws-sdk-s3/endpoints.rb +2150 -0
- data/lib/aws-sdk-s3/file_downloader.rb +170 -44
- data/lib/aws-sdk-s3/file_uploader.rb +8 -6
- data/lib/aws-sdk-s3/multipart_stream_uploader.rb +41 -13
- data/lib/aws-sdk-s3/multipart_upload.rb +27 -13
- data/lib/aws-sdk-s3/multipart_upload_part.rb +20 -10
- data/lib/aws-sdk-s3/object.rb +156 -110
- data/lib/aws-sdk-s3/object_acl.rb +14 -6
- data/lib/aws-sdk-s3/object_copier.rb +7 -5
- data/lib/aws-sdk-s3/object_multipart_copier.rb +41 -19
- data/lib/aws-sdk-s3/object_summary.rb +149 -94
- data/lib/aws-sdk-s3/object_version.rb +55 -21
- data/lib/aws-sdk-s3/plugins/accelerate.rb +3 -50
- data/lib/aws-sdk-s3/plugins/arn.rb +0 -184
- data/lib/aws-sdk-s3/plugins/bucket_dns.rb +3 -39
- data/lib/aws-sdk-s3/plugins/bucket_name_restrictions.rb +1 -6
- data/lib/aws-sdk-s3/plugins/dualstack.rb +1 -49
- data/lib/aws-sdk-s3/plugins/endpoints.rb +262 -0
- data/lib/aws-sdk-s3/plugins/expect_100_continue.rb +2 -1
- data/lib/aws-sdk-s3/plugins/iad_regional_endpoint.rb +0 -29
- data/lib/aws-sdk-s3/plugins/s3_signer.rb +32 -126
- data/lib/aws-sdk-s3/presigned_post.rb +61 -59
- data/lib/aws-sdk-s3/presigner.rb +24 -35
- data/lib/aws-sdk-s3/resource.rb +7 -3
- data/lib/aws-sdk-s3/types.rb +858 -4125
- data/lib/aws-sdk-s3.rb +5 -1
- metadata +12 -11
- data/lib/aws-sdk-s3/arn/access_point_arn.rb +0 -69
- data/lib/aws-sdk-s3/arn/multi_region_access_point_arn.rb +0 -68
- data/lib/aws-sdk-s3/arn/object_lambda_arn.rb +0 -69
- data/lib/aws-sdk-s3/arn/outpost_access_point_arn.rb +0 -74
- data/lib/aws-sdk-s3/plugins/object_lambda_endpoint.rb +0 -25
@@ -0,0 +1,262 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
# WARNING ABOUT GENERATED CODE
|
4
|
+
#
|
5
|
+
# This file is generated. See the contributing guide for more information:
|
6
|
+
# https://github.com/aws/aws-sdk-ruby/blob/version-3/CONTRIBUTING.md
|
7
|
+
#
|
8
|
+
# WARNING ABOUT GENERATED CODE
|
9
|
+
|
10
|
+
|
11
|
+
module Aws::S3
|
12
|
+
module Plugins
|
13
|
+
class Endpoints < Seahorse::Client::Plugin
|
14
|
+
option(
|
15
|
+
:endpoint_provider,
|
16
|
+
doc_type: 'Aws::S3::EndpointProvider',
|
17
|
+
docstring: 'The endpoint provider used to resolve endpoints. Any '\
|
18
|
+
'object that responds to `#resolve_endpoint(parameters)` '\
|
19
|
+
'where `parameters` is a Struct similar to '\
|
20
|
+
'`Aws::S3::EndpointParameters`'
|
21
|
+
) do |cfg|
|
22
|
+
Aws::S3::EndpointProvider.new
|
23
|
+
end
|
24
|
+
|
25
|
+
# @api private
|
26
|
+
class Handler < Seahorse::Client::Handler
|
27
|
+
def call(context)
|
28
|
+
# If endpoint was discovered, do not resolve or apply the endpoint.
|
29
|
+
unless context[:discovered_endpoint]
|
30
|
+
params = parameters_for_operation(context)
|
31
|
+
endpoint = context.config.endpoint_provider.resolve_endpoint(params)
|
32
|
+
|
33
|
+
context.http_request.endpoint = endpoint.url
|
34
|
+
apply_endpoint_headers(context, endpoint.headers)
|
35
|
+
end
|
36
|
+
|
37
|
+
context[:endpoint_params] = params
|
38
|
+
context[:auth_scheme] =
|
39
|
+
Aws::Endpoints.resolve_auth_scheme(context, endpoint)
|
40
|
+
|
41
|
+
@handler.call(context)
|
42
|
+
end
|
43
|
+
|
44
|
+
private
|
45
|
+
|
46
|
+
def apply_endpoint_headers(context, headers)
|
47
|
+
headers.each do |key, values|
|
48
|
+
value = values
|
49
|
+
.compact
|
50
|
+
.map { |s| Seahorse::Util.escape_header_list_string(s.to_s) }
|
51
|
+
.join(',')
|
52
|
+
|
53
|
+
context.http_request.headers[key] = value
|
54
|
+
end
|
55
|
+
end
|
56
|
+
|
57
|
+
def parameters_for_operation(context)
|
58
|
+
case context.operation_name
|
59
|
+
when :abort_multipart_upload
|
60
|
+
Aws::S3::Endpoints::AbortMultipartUpload.build(context)
|
61
|
+
when :complete_multipart_upload
|
62
|
+
Aws::S3::Endpoints::CompleteMultipartUpload.build(context)
|
63
|
+
when :copy_object
|
64
|
+
Aws::S3::Endpoints::CopyObject.build(context)
|
65
|
+
when :create_bucket
|
66
|
+
Aws::S3::Endpoints::CreateBucket.build(context)
|
67
|
+
when :create_multipart_upload
|
68
|
+
Aws::S3::Endpoints::CreateMultipartUpload.build(context)
|
69
|
+
when :delete_bucket
|
70
|
+
Aws::S3::Endpoints::DeleteBucket.build(context)
|
71
|
+
when :delete_bucket_analytics_configuration
|
72
|
+
Aws::S3::Endpoints::DeleteBucketAnalyticsConfiguration.build(context)
|
73
|
+
when :delete_bucket_cors
|
74
|
+
Aws::S3::Endpoints::DeleteBucketCors.build(context)
|
75
|
+
when :delete_bucket_encryption
|
76
|
+
Aws::S3::Endpoints::DeleteBucketEncryption.build(context)
|
77
|
+
when :delete_bucket_intelligent_tiering_configuration
|
78
|
+
Aws::S3::Endpoints::DeleteBucketIntelligentTieringConfiguration.build(context)
|
79
|
+
when :delete_bucket_inventory_configuration
|
80
|
+
Aws::S3::Endpoints::DeleteBucketInventoryConfiguration.build(context)
|
81
|
+
when :delete_bucket_lifecycle
|
82
|
+
Aws::S3::Endpoints::DeleteBucketLifecycle.build(context)
|
83
|
+
when :delete_bucket_metrics_configuration
|
84
|
+
Aws::S3::Endpoints::DeleteBucketMetricsConfiguration.build(context)
|
85
|
+
when :delete_bucket_ownership_controls
|
86
|
+
Aws::S3::Endpoints::DeleteBucketOwnershipControls.build(context)
|
87
|
+
when :delete_bucket_policy
|
88
|
+
Aws::S3::Endpoints::DeleteBucketPolicy.build(context)
|
89
|
+
when :delete_bucket_replication
|
90
|
+
Aws::S3::Endpoints::DeleteBucketReplication.build(context)
|
91
|
+
when :delete_bucket_tagging
|
92
|
+
Aws::S3::Endpoints::DeleteBucketTagging.build(context)
|
93
|
+
when :delete_bucket_website
|
94
|
+
Aws::S3::Endpoints::DeleteBucketWebsite.build(context)
|
95
|
+
when :delete_object
|
96
|
+
Aws::S3::Endpoints::DeleteObject.build(context)
|
97
|
+
when :delete_object_tagging
|
98
|
+
Aws::S3::Endpoints::DeleteObjectTagging.build(context)
|
99
|
+
when :delete_objects
|
100
|
+
Aws::S3::Endpoints::DeleteObjects.build(context)
|
101
|
+
when :delete_public_access_block
|
102
|
+
Aws::S3::Endpoints::DeletePublicAccessBlock.build(context)
|
103
|
+
when :get_bucket_accelerate_configuration
|
104
|
+
Aws::S3::Endpoints::GetBucketAccelerateConfiguration.build(context)
|
105
|
+
when :get_bucket_acl
|
106
|
+
Aws::S3::Endpoints::GetBucketAcl.build(context)
|
107
|
+
when :get_bucket_analytics_configuration
|
108
|
+
Aws::S3::Endpoints::GetBucketAnalyticsConfiguration.build(context)
|
109
|
+
when :get_bucket_cors
|
110
|
+
Aws::S3::Endpoints::GetBucketCors.build(context)
|
111
|
+
when :get_bucket_encryption
|
112
|
+
Aws::S3::Endpoints::GetBucketEncryption.build(context)
|
113
|
+
when :get_bucket_intelligent_tiering_configuration
|
114
|
+
Aws::S3::Endpoints::GetBucketIntelligentTieringConfiguration.build(context)
|
115
|
+
when :get_bucket_inventory_configuration
|
116
|
+
Aws::S3::Endpoints::GetBucketInventoryConfiguration.build(context)
|
117
|
+
when :get_bucket_lifecycle
|
118
|
+
Aws::S3::Endpoints::GetBucketLifecycle.build(context)
|
119
|
+
when :get_bucket_lifecycle_configuration
|
120
|
+
Aws::S3::Endpoints::GetBucketLifecycleConfiguration.build(context)
|
121
|
+
when :get_bucket_location
|
122
|
+
Aws::S3::Endpoints::GetBucketLocation.build(context)
|
123
|
+
when :get_bucket_logging
|
124
|
+
Aws::S3::Endpoints::GetBucketLogging.build(context)
|
125
|
+
when :get_bucket_metrics_configuration
|
126
|
+
Aws::S3::Endpoints::GetBucketMetricsConfiguration.build(context)
|
127
|
+
when :get_bucket_notification
|
128
|
+
Aws::S3::Endpoints::GetBucketNotification.build(context)
|
129
|
+
when :get_bucket_notification_configuration
|
130
|
+
Aws::S3::Endpoints::GetBucketNotificationConfiguration.build(context)
|
131
|
+
when :get_bucket_ownership_controls
|
132
|
+
Aws::S3::Endpoints::GetBucketOwnershipControls.build(context)
|
133
|
+
when :get_bucket_policy
|
134
|
+
Aws::S3::Endpoints::GetBucketPolicy.build(context)
|
135
|
+
when :get_bucket_policy_status
|
136
|
+
Aws::S3::Endpoints::GetBucketPolicyStatus.build(context)
|
137
|
+
when :get_bucket_replication
|
138
|
+
Aws::S3::Endpoints::GetBucketReplication.build(context)
|
139
|
+
when :get_bucket_request_payment
|
140
|
+
Aws::S3::Endpoints::GetBucketRequestPayment.build(context)
|
141
|
+
when :get_bucket_tagging
|
142
|
+
Aws::S3::Endpoints::GetBucketTagging.build(context)
|
143
|
+
when :get_bucket_versioning
|
144
|
+
Aws::S3::Endpoints::GetBucketVersioning.build(context)
|
145
|
+
when :get_bucket_website
|
146
|
+
Aws::S3::Endpoints::GetBucketWebsite.build(context)
|
147
|
+
when :get_object
|
148
|
+
Aws::S3::Endpoints::GetObject.build(context)
|
149
|
+
when :get_object_acl
|
150
|
+
Aws::S3::Endpoints::GetObjectAcl.build(context)
|
151
|
+
when :get_object_attributes
|
152
|
+
Aws::S3::Endpoints::GetObjectAttributes.build(context)
|
153
|
+
when :get_object_legal_hold
|
154
|
+
Aws::S3::Endpoints::GetObjectLegalHold.build(context)
|
155
|
+
when :get_object_lock_configuration
|
156
|
+
Aws::S3::Endpoints::GetObjectLockConfiguration.build(context)
|
157
|
+
when :get_object_retention
|
158
|
+
Aws::S3::Endpoints::GetObjectRetention.build(context)
|
159
|
+
when :get_object_tagging
|
160
|
+
Aws::S3::Endpoints::GetObjectTagging.build(context)
|
161
|
+
when :get_object_torrent
|
162
|
+
Aws::S3::Endpoints::GetObjectTorrent.build(context)
|
163
|
+
when :get_public_access_block
|
164
|
+
Aws::S3::Endpoints::GetPublicAccessBlock.build(context)
|
165
|
+
when :head_bucket
|
166
|
+
Aws::S3::Endpoints::HeadBucket.build(context)
|
167
|
+
when :head_object
|
168
|
+
Aws::S3::Endpoints::HeadObject.build(context)
|
169
|
+
when :list_bucket_analytics_configurations
|
170
|
+
Aws::S3::Endpoints::ListBucketAnalyticsConfigurations.build(context)
|
171
|
+
when :list_bucket_intelligent_tiering_configurations
|
172
|
+
Aws::S3::Endpoints::ListBucketIntelligentTieringConfigurations.build(context)
|
173
|
+
when :list_bucket_inventory_configurations
|
174
|
+
Aws::S3::Endpoints::ListBucketInventoryConfigurations.build(context)
|
175
|
+
when :list_bucket_metrics_configurations
|
176
|
+
Aws::S3::Endpoints::ListBucketMetricsConfigurations.build(context)
|
177
|
+
when :list_buckets
|
178
|
+
Aws::S3::Endpoints::ListBuckets.build(context)
|
179
|
+
when :list_multipart_uploads
|
180
|
+
Aws::S3::Endpoints::ListMultipartUploads.build(context)
|
181
|
+
when :list_object_versions
|
182
|
+
Aws::S3::Endpoints::ListObjectVersions.build(context)
|
183
|
+
when :list_objects
|
184
|
+
Aws::S3::Endpoints::ListObjects.build(context)
|
185
|
+
when :list_objects_v2
|
186
|
+
Aws::S3::Endpoints::ListObjectsV2.build(context)
|
187
|
+
when :list_parts
|
188
|
+
Aws::S3::Endpoints::ListParts.build(context)
|
189
|
+
when :put_bucket_accelerate_configuration
|
190
|
+
Aws::S3::Endpoints::PutBucketAccelerateConfiguration.build(context)
|
191
|
+
when :put_bucket_acl
|
192
|
+
Aws::S3::Endpoints::PutBucketAcl.build(context)
|
193
|
+
when :put_bucket_analytics_configuration
|
194
|
+
Aws::S3::Endpoints::PutBucketAnalyticsConfiguration.build(context)
|
195
|
+
when :put_bucket_cors
|
196
|
+
Aws::S3::Endpoints::PutBucketCors.build(context)
|
197
|
+
when :put_bucket_encryption
|
198
|
+
Aws::S3::Endpoints::PutBucketEncryption.build(context)
|
199
|
+
when :put_bucket_intelligent_tiering_configuration
|
200
|
+
Aws::S3::Endpoints::PutBucketIntelligentTieringConfiguration.build(context)
|
201
|
+
when :put_bucket_inventory_configuration
|
202
|
+
Aws::S3::Endpoints::PutBucketInventoryConfiguration.build(context)
|
203
|
+
when :put_bucket_lifecycle
|
204
|
+
Aws::S3::Endpoints::PutBucketLifecycle.build(context)
|
205
|
+
when :put_bucket_lifecycle_configuration
|
206
|
+
Aws::S3::Endpoints::PutBucketLifecycleConfiguration.build(context)
|
207
|
+
when :put_bucket_logging
|
208
|
+
Aws::S3::Endpoints::PutBucketLogging.build(context)
|
209
|
+
when :put_bucket_metrics_configuration
|
210
|
+
Aws::S3::Endpoints::PutBucketMetricsConfiguration.build(context)
|
211
|
+
when :put_bucket_notification
|
212
|
+
Aws::S3::Endpoints::PutBucketNotification.build(context)
|
213
|
+
when :put_bucket_notification_configuration
|
214
|
+
Aws::S3::Endpoints::PutBucketNotificationConfiguration.build(context)
|
215
|
+
when :put_bucket_ownership_controls
|
216
|
+
Aws::S3::Endpoints::PutBucketOwnershipControls.build(context)
|
217
|
+
when :put_bucket_policy
|
218
|
+
Aws::S3::Endpoints::PutBucketPolicy.build(context)
|
219
|
+
when :put_bucket_replication
|
220
|
+
Aws::S3::Endpoints::PutBucketReplication.build(context)
|
221
|
+
when :put_bucket_request_payment
|
222
|
+
Aws::S3::Endpoints::PutBucketRequestPayment.build(context)
|
223
|
+
when :put_bucket_tagging
|
224
|
+
Aws::S3::Endpoints::PutBucketTagging.build(context)
|
225
|
+
when :put_bucket_versioning
|
226
|
+
Aws::S3::Endpoints::PutBucketVersioning.build(context)
|
227
|
+
when :put_bucket_website
|
228
|
+
Aws::S3::Endpoints::PutBucketWebsite.build(context)
|
229
|
+
when :put_object
|
230
|
+
Aws::S3::Endpoints::PutObject.build(context)
|
231
|
+
when :put_object_acl
|
232
|
+
Aws::S3::Endpoints::PutObjectAcl.build(context)
|
233
|
+
when :put_object_legal_hold
|
234
|
+
Aws::S3::Endpoints::PutObjectLegalHold.build(context)
|
235
|
+
when :put_object_lock_configuration
|
236
|
+
Aws::S3::Endpoints::PutObjectLockConfiguration.build(context)
|
237
|
+
when :put_object_retention
|
238
|
+
Aws::S3::Endpoints::PutObjectRetention.build(context)
|
239
|
+
when :put_object_tagging
|
240
|
+
Aws::S3::Endpoints::PutObjectTagging.build(context)
|
241
|
+
when :put_public_access_block
|
242
|
+
Aws::S3::Endpoints::PutPublicAccessBlock.build(context)
|
243
|
+
when :restore_object
|
244
|
+
Aws::S3::Endpoints::RestoreObject.build(context)
|
245
|
+
when :select_object_content
|
246
|
+
Aws::S3::Endpoints::SelectObjectContent.build(context)
|
247
|
+
when :upload_part
|
248
|
+
Aws::S3::Endpoints::UploadPart.build(context)
|
249
|
+
when :upload_part_copy
|
250
|
+
Aws::S3::Endpoints::UploadPartCopy.build(context)
|
251
|
+
when :write_get_object_response
|
252
|
+
Aws::S3::Endpoints::WriteGetObjectResponse.build(context)
|
253
|
+
end
|
254
|
+
end
|
255
|
+
end
|
256
|
+
|
257
|
+
def add_handlers(handlers, _config)
|
258
|
+
handlers.add(Handler, step: :build, priority: 75)
|
259
|
+
end
|
260
|
+
end
|
261
|
+
end
|
262
|
+
end
|
@@ -16,7 +16,8 @@ module Aws
|
|
16
16
|
|
17
17
|
def call(context)
|
18
18
|
body = context.http_request.body
|
19
|
-
if body.respond_to?(:size) && body.size > 0
|
19
|
+
if body.respond_to?(:size) && body.size > 0 &&
|
20
|
+
!context[:use_accelerate_endpoint]
|
20
21
|
context.http_request.headers['expect'] = '100-continue'
|
21
22
|
end
|
22
23
|
@handler.call(context)
|
@@ -16,35 +16,6 @@ Defaults to `legacy` mode which uses the global endpoint.
|
|
16
16
|
resolve_iad_regional_endpoint(cfg)
|
17
17
|
end
|
18
18
|
|
19
|
-
def add_handlers(handlers, config)
|
20
|
-
# only modify non-custom endpoints
|
21
|
-
if config.regional_endpoint && config.region == 'us-east-1'
|
22
|
-
handlers.add(Handler)
|
23
|
-
end
|
24
|
-
end
|
25
|
-
|
26
|
-
# @api private
|
27
|
-
class Handler < Seahorse::Client::Handler
|
28
|
-
|
29
|
-
def call(context)
|
30
|
-
# WriteGetObjectResponse does not have a global endpoint
|
31
|
-
# ARNs are regionalized, so don't touch those either.
|
32
|
-
if context.operation.name != 'WriteGetObjectResponse' &&
|
33
|
-
context.config.s3_us_east_1_regional_endpoint == 'legacy' &&
|
34
|
-
!context.metadata[:s3_arn]
|
35
|
-
host = context.http_request.endpoint.host
|
36
|
-
legacy_host = IADRegionalEndpoint.legacy_host(host)
|
37
|
-
context.http_request.endpoint.host = legacy_host
|
38
|
-
end
|
39
|
-
@handler.call(context)
|
40
|
-
end
|
41
|
-
|
42
|
-
end
|
43
|
-
|
44
|
-
def self.legacy_host(host)
|
45
|
-
host.sub(".us-east-1", '')
|
46
|
-
end
|
47
|
-
|
48
19
|
private
|
49
20
|
|
50
21
|
def self.resolve_iad_regional_endpoint(cfg)
|
@@ -5,28 +5,13 @@ require 'aws-sigv4'
|
|
5
5
|
module Aws
|
6
6
|
module S3
|
7
7
|
module Plugins
|
8
|
-
# This plugin
|
8
|
+
# This plugin used to have a V4 signer but it was removed in favor of
|
9
|
+
# generic Sign plugin that uses endpoint auth scheme.
|
10
|
+
#
|
9
11
|
# @api private
|
10
12
|
class S3Signer < Seahorse::Client::Plugin
|
11
13
|
option(:signature_version, 'v4')
|
12
14
|
|
13
|
-
option(:sigv4_signer) do |cfg|
|
14
|
-
S3Signer.build_v4_signer(
|
15
|
-
service: 's3',
|
16
|
-
region: cfg.sigv4_region,
|
17
|
-
credentials: cfg.credentials
|
18
|
-
)
|
19
|
-
end
|
20
|
-
|
21
|
-
option(:sigv4_region) do |cfg|
|
22
|
-
# S3 removes core's signature_v4 plugin that checks for this
|
23
|
-
raise Aws::Errors::MissingRegionError if cfg.region.nil?
|
24
|
-
|
25
|
-
Aws::Partitions::EndpointProvider.signing_region(
|
26
|
-
cfg.region, 's3'
|
27
|
-
)
|
28
|
-
end
|
29
|
-
|
30
15
|
def add_handlers(handlers, cfg)
|
31
16
|
case cfg.signature_version
|
32
17
|
when 'v4' then add_v4_handlers(handlers)
|
@@ -39,11 +24,11 @@ module Aws
|
|
39
24
|
|
40
25
|
def add_v4_handlers(handlers)
|
41
26
|
handlers.add(CachedBucketRegionHandler, step: :sign, priority: 60)
|
42
|
-
handlers.add(V4Handler, step: :sign)
|
43
27
|
handlers.add(BucketRegionErrorHandler, step: :sign, priority: 40)
|
44
28
|
end
|
45
29
|
|
46
30
|
def add_legacy_handler(handlers)
|
31
|
+
# generic Sign plugin will be skipped if it sees sigv2
|
47
32
|
handlers.add(LegacyHandler, step: :sign)
|
48
33
|
end
|
49
34
|
|
@@ -54,53 +39,6 @@ module Aws
|
|
54
39
|
end
|
55
40
|
end
|
56
41
|
|
57
|
-
class V4Handler < Seahorse::Client::Handler
|
58
|
-
def call(context)
|
59
|
-
Aws::Plugins::SignatureV4.apply_signature(
|
60
|
-
context: context,
|
61
|
-
signer: sigv4_signer(context)
|
62
|
-
)
|
63
|
-
@handler.call(context)
|
64
|
-
end
|
65
|
-
|
66
|
-
private
|
67
|
-
|
68
|
-
def sigv4_signer(context)
|
69
|
-
# If the client was configured with the wrong region,
|
70
|
-
# we have to build a new signer.
|
71
|
-
if context[:cached_sigv4_region] &&
|
72
|
-
context[:cached_sigv4_region] != context.config.sigv4_signer.region
|
73
|
-
S3Signer.build_v4_signer(
|
74
|
-
service: 's3',
|
75
|
-
region: context[:cached_sigv4_region],
|
76
|
-
credentials: context.config.credentials
|
77
|
-
)
|
78
|
-
elsif (arn = context.metadata[:s3_arn])
|
79
|
-
if arn[:arn].is_a?(MultiRegionAccessPointARN)
|
80
|
-
signing_region = '*'
|
81
|
-
signing_algorithm = :sigv4a
|
82
|
-
else
|
83
|
-
signing_region = arn[:resolved_region]
|
84
|
-
signing_algorithm = :sigv4
|
85
|
-
end
|
86
|
-
S3Signer.build_v4_signer(
|
87
|
-
service: arn[:arn].service,
|
88
|
-
signing_algorithm: signing_algorithm,
|
89
|
-
region: signing_region,
|
90
|
-
credentials: context.config.credentials
|
91
|
-
)
|
92
|
-
elsif context.operation.name == 'WriteGetObjectResponse'
|
93
|
-
S3Signer.build_v4_signer(
|
94
|
-
service: 's3-object-lambda',
|
95
|
-
region: context.config.sigv4_region,
|
96
|
-
credentials: context.config.credentials
|
97
|
-
)
|
98
|
-
else
|
99
|
-
context.config.sigv4_signer
|
100
|
-
end
|
101
|
-
end
|
102
|
-
end
|
103
|
-
|
104
42
|
# This handler will update the http endpoint when the bucket region
|
105
43
|
# is known/cached.
|
106
44
|
class CachedBucketRegionHandler < Seahorse::Client::Handler
|
@@ -114,11 +52,13 @@ module Aws
|
|
114
52
|
|
115
53
|
def check_for_cached_region(context, bucket)
|
116
54
|
cached_region = S3::BUCKET_REGIONS[bucket]
|
117
|
-
if cached_region &&
|
55
|
+
if cached_region &&
|
56
|
+
cached_region != context.config.region &&
|
57
|
+
!S3Signer.custom_endpoint?(context)
|
118
58
|
context.http_request.endpoint.host = S3Signer.new_hostname(
|
119
59
|
context, cached_region
|
120
60
|
)
|
121
|
-
context[:
|
61
|
+
context[:sigv4_region] = cached_region # Sign plugin will use this
|
122
62
|
end
|
123
63
|
end
|
124
64
|
end
|
@@ -126,7 +66,8 @@ module Aws
|
|
126
66
|
# This handler detects when a request fails because of a mismatched bucket
|
127
67
|
# region. It follows up by making a request to determine the correct
|
128
68
|
# region, then finally a version 4 signed request against the correct
|
129
|
-
# regional endpoint.
|
69
|
+
# regional endpoint. This is intended for s3's global endpoint which
|
70
|
+
# will return 400 if the bucket is not in region.
|
130
71
|
class BucketRegionErrorHandler < Seahorse::Client::Handler
|
131
72
|
def call(context)
|
132
73
|
response = @handler.call(context)
|
@@ -138,7 +79,7 @@ module Aws
|
|
138
79
|
def handle_region_errors(response)
|
139
80
|
if wrong_sigv4_region?(response) &&
|
140
81
|
!fips_region?(response) &&
|
141
|
-
!custom_endpoint?(response) &&
|
82
|
+
!S3Signer.custom_endpoint?(response.context) &&
|
142
83
|
!expired_credentials?(response)
|
143
84
|
get_region_and_retry(response.context)
|
144
85
|
else
|
@@ -160,25 +101,13 @@ module Aws
|
|
160
101
|
end
|
161
102
|
|
162
103
|
def fips_region?(resp)
|
163
|
-
resp.context.http_request.endpoint.host.include?('fips')
|
104
|
+
resp.context.http_request.endpoint.host.include?('s3-fips.')
|
164
105
|
end
|
165
106
|
|
166
107
|
def expired_credentials?(resp)
|
167
108
|
resp.context.http_response.body_contents.match(/<Code>ExpiredToken<\/Code>/)
|
168
109
|
end
|
169
110
|
|
170
|
-
def custom_endpoint?(resp)
|
171
|
-
resolved_suffix = Aws::Partitions::EndpointProvider.dns_suffix_for(
|
172
|
-
resp.context.config.region,
|
173
|
-
's3',
|
174
|
-
{
|
175
|
-
dualstack: resp.context[:use_dualstack_endpoint],
|
176
|
-
fips: resp.context.config.use_fips_endpoint
|
177
|
-
}
|
178
|
-
)
|
179
|
-
!resp.context.http_request.endpoint.hostname.include?(resolved_suffix)
|
180
|
-
end
|
181
|
-
|
182
111
|
def wrong_sigv4_region?(resp)
|
183
112
|
resp.context.http_response.status_code == 400 &&
|
184
113
|
(resp.context.http_response.headers['x-amz-bucket-region'] ||
|
@@ -191,18 +120,14 @@ module Aws
|
|
191
120
|
context, actual_region
|
192
121
|
)
|
193
122
|
context.metadata[:redirect_region] = actual_region
|
194
|
-
|
195
|
-
|
196
|
-
|
197
|
-
|
198
|
-
|
199
|
-
context: context,
|
200
|
-
signer: S3Signer.build_v4_signer(
|
201
|
-
service: service || 's3',
|
202
|
-
region: actual_region,
|
203
|
-
credentials: context.config.credentials
|
204
|
-
)
|
123
|
+
|
124
|
+
signer = Aws::Plugins::Sign.signer_for(
|
125
|
+
context[:auth_scheme],
|
126
|
+
context.config,
|
127
|
+
actual_region
|
205
128
|
)
|
129
|
+
|
130
|
+
signer.sign(context)
|
206
131
|
end
|
207
132
|
|
208
133
|
def region_from_body(body)
|
@@ -228,41 +153,22 @@ module Aws
|
|
228
153
|
end
|
229
154
|
|
230
155
|
class << self
|
231
|
-
|
232
|
-
|
233
|
-
|
234
|
-
|
235
|
-
|
236
|
-
|
237
|
-
|
238
|
-
credentials_provider: options[:credentials],
|
239
|
-
signing_algorithm: options.fetch(:signing_algorithm, :sigv4),
|
240
|
-
uri_escape_path: false,
|
241
|
-
unsigned_headers: ['content-length', 'x-amzn-trace-id']
|
242
|
-
)
|
156
|
+
def new_hostname(context, region)
|
157
|
+
endpoint_params = context[:endpoint_params].dup
|
158
|
+
endpoint_params.region = region
|
159
|
+
endpoint_params.endpoint = nil
|
160
|
+
endpoint =
|
161
|
+
context.config.endpoint_provider.resolve_endpoint(endpoint_params)
|
162
|
+
URI(endpoint.url).host
|
243
163
|
end
|
244
164
|
|
245
|
-
|
246
|
-
|
247
|
-
|
248
|
-
|
249
|
-
Aws::Partitions::EndpointProvider.resolve(
|
250
|
-
region, 's3', 'regional',
|
251
|
-
{
|
252
|
-
dualstack: context[:use_dualstack_endpoint],
|
253
|
-
fips: context.config.use_fips_endpoint
|
254
|
-
}
|
255
|
-
)
|
256
|
-
)
|
165
|
+
def custom_endpoint?(context)
|
166
|
+
region = context.config.region
|
167
|
+
partition = Aws::Endpoints::Matchers.aws_partition(region)
|
168
|
+
endpoint = context.http_request.endpoint
|
257
169
|
|
258
|
-
|
259
|
-
|
260
|
-
ARN.resolve_url!(
|
261
|
-
uri, arn[:arn], region, arn[:fips], arn[:dualstack]
|
262
|
-
).host
|
263
|
-
else
|
264
|
-
"#{context.params[:bucket]}.#{uri.host}"
|
265
|
-
end
|
170
|
+
!endpoint.hostname.include?(partition['dnsSuffix']) &&
|
171
|
+
!endpoint.hostname.include?(partition['dualStackDnsSuffix'])
|
266
172
|
end
|
267
173
|
end
|
268
174
|
end
|