aws-sdk-s3 1.115.0 → 1.117.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +12 -0
- data/VERSION +1 -1
- data/lib/aws-sdk-s3/client.rb +142 -125
- data/lib/aws-sdk-s3/client_api.rb +95 -95
- data/lib/aws-sdk-s3/customizations/bucket.rb +20 -46
- data/lib/aws-sdk-s3/endpoint_parameters.rb +142 -0
- data/lib/aws-sdk-s3/endpoint_provider.rb +2020 -0
- data/lib/aws-sdk-s3/endpoints.rb +2149 -0
- data/lib/aws-sdk-s3/multipart_stream_uploader.rb +25 -6
- data/lib/aws-sdk-s3/plugins/accelerate.rb +3 -50
- data/lib/aws-sdk-s3/plugins/arn.rb +0 -184
- data/lib/aws-sdk-s3/plugins/bucket_dns.rb +3 -39
- data/lib/aws-sdk-s3/plugins/bucket_name_restrictions.rb +1 -6
- data/lib/aws-sdk-s3/plugins/dualstack.rb +1 -49
- data/lib/aws-sdk-s3/plugins/endpoints.rb +262 -0
- data/lib/aws-sdk-s3/plugins/expect_100_continue.rb +2 -1
- data/lib/aws-sdk-s3/plugins/iad_regional_endpoint.rb +0 -29
- data/lib/aws-sdk-s3/plugins/s3_signer.rb +27 -123
- data/lib/aws-sdk-s3/presigned_post.rb +9 -16
- data/lib/aws-sdk-s3/presigner.rb +19 -34
- data/lib/aws-sdk-s3.rb +5 -1
- metadata +8 -9
- data/lib/aws-sdk-s3/arn/access_point_arn.rb +0 -69
- data/lib/aws-sdk-s3/arn/multi_region_access_point_arn.rb +0 -68
- data/lib/aws-sdk-s3/arn/object_lambda_arn.rb +0 -69
- data/lib/aws-sdk-s3/arn/outpost_access_point_arn.rb +0 -74
- data/lib/aws-sdk-s3/plugins/object_lambda_endpoint.rb +0 -25
@@ -0,0 +1,262 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
# WARNING ABOUT GENERATED CODE
|
4
|
+
#
|
5
|
+
# This file is generated. See the contributing guide for more information:
|
6
|
+
# https://github.com/aws/aws-sdk-ruby/blob/version-3/CONTRIBUTING.md
|
7
|
+
#
|
8
|
+
# WARNING ABOUT GENERATED CODE
|
9
|
+
|
10
|
+
|
11
|
+
module Aws::S3
|
12
|
+
module Plugins
|
13
|
+
class Endpoints < Seahorse::Client::Plugin
|
14
|
+
option(
|
15
|
+
:endpoint_provider,
|
16
|
+
doc_type: 'Aws::S3::EndpointProvider',
|
17
|
+
docstring: 'The endpoint provider used to resolve endpoints. Any '\
|
18
|
+
'object that responds to `#resolve_endpoint(parameters)` '\
|
19
|
+
'where `parameters` is a Struct similar to '\
|
20
|
+
'`Aws::S3::EndpointParameters`'
|
21
|
+
) do |cfg|
|
22
|
+
Aws::S3::EndpointProvider.new
|
23
|
+
end
|
24
|
+
|
25
|
+
# @api private
|
26
|
+
class Handler < Seahorse::Client::Handler
|
27
|
+
def call(context)
|
28
|
+
# If endpoint was discovered, do not resolve or apply the endpoint.
|
29
|
+
unless context[:discovered_endpoint]
|
30
|
+
params = parameters_for_operation(context)
|
31
|
+
endpoint = context.config.endpoint_provider.resolve_endpoint(params)
|
32
|
+
|
33
|
+
context.http_request.endpoint = endpoint.url
|
34
|
+
apply_endpoint_headers(context, endpoint.headers)
|
35
|
+
end
|
36
|
+
|
37
|
+
context[:endpoint_params] = params
|
38
|
+
context[:auth_scheme] =
|
39
|
+
Aws::Endpoints.resolve_auth_scheme(context, endpoint)
|
40
|
+
|
41
|
+
@handler.call(context)
|
42
|
+
end
|
43
|
+
|
44
|
+
private
|
45
|
+
|
46
|
+
def apply_endpoint_headers(context, headers)
|
47
|
+
headers.each do |key, values|
|
48
|
+
value = values
|
49
|
+
.compact
|
50
|
+
.map { |s| Seahorse::Util.escape_header_list_string(s.to_s) }
|
51
|
+
.join(',')
|
52
|
+
|
53
|
+
context.http_request.headers[key] = value
|
54
|
+
end
|
55
|
+
end
|
56
|
+
|
57
|
+
def parameters_for_operation(context)
|
58
|
+
case context.operation_name
|
59
|
+
when :abort_multipart_upload
|
60
|
+
Aws::S3::Endpoints::AbortMultipartUpload.build(context)
|
61
|
+
when :complete_multipart_upload
|
62
|
+
Aws::S3::Endpoints::CompleteMultipartUpload.build(context)
|
63
|
+
when :copy_object
|
64
|
+
Aws::S3::Endpoints::CopyObject.build(context)
|
65
|
+
when :create_bucket
|
66
|
+
Aws::S3::Endpoints::CreateBucket.build(context)
|
67
|
+
when :create_multipart_upload
|
68
|
+
Aws::S3::Endpoints::CreateMultipartUpload.build(context)
|
69
|
+
when :delete_bucket
|
70
|
+
Aws::S3::Endpoints::DeleteBucket.build(context)
|
71
|
+
when :delete_bucket_analytics_configuration
|
72
|
+
Aws::S3::Endpoints::DeleteBucketAnalyticsConfiguration.build(context)
|
73
|
+
when :delete_bucket_cors
|
74
|
+
Aws::S3::Endpoints::DeleteBucketCors.build(context)
|
75
|
+
when :delete_bucket_encryption
|
76
|
+
Aws::S3::Endpoints::DeleteBucketEncryption.build(context)
|
77
|
+
when :delete_bucket_intelligent_tiering_configuration
|
78
|
+
Aws::S3::Endpoints::DeleteBucketIntelligentTieringConfiguration.build(context)
|
79
|
+
when :delete_bucket_inventory_configuration
|
80
|
+
Aws::S3::Endpoints::DeleteBucketInventoryConfiguration.build(context)
|
81
|
+
when :delete_bucket_lifecycle
|
82
|
+
Aws::S3::Endpoints::DeleteBucketLifecycle.build(context)
|
83
|
+
when :delete_bucket_metrics_configuration
|
84
|
+
Aws::S3::Endpoints::DeleteBucketMetricsConfiguration.build(context)
|
85
|
+
when :delete_bucket_ownership_controls
|
86
|
+
Aws::S3::Endpoints::DeleteBucketOwnershipControls.build(context)
|
87
|
+
when :delete_bucket_policy
|
88
|
+
Aws::S3::Endpoints::DeleteBucketPolicy.build(context)
|
89
|
+
when :delete_bucket_replication
|
90
|
+
Aws::S3::Endpoints::DeleteBucketReplication.build(context)
|
91
|
+
when :delete_bucket_tagging
|
92
|
+
Aws::S3::Endpoints::DeleteBucketTagging.build(context)
|
93
|
+
when :delete_bucket_website
|
94
|
+
Aws::S3::Endpoints::DeleteBucketWebsite.build(context)
|
95
|
+
when :delete_object
|
96
|
+
Aws::S3::Endpoints::DeleteObject.build(context)
|
97
|
+
when :delete_object_tagging
|
98
|
+
Aws::S3::Endpoints::DeleteObjectTagging.build(context)
|
99
|
+
when :delete_objects
|
100
|
+
Aws::S3::Endpoints::DeleteObjects.build(context)
|
101
|
+
when :delete_public_access_block
|
102
|
+
Aws::S3::Endpoints::DeletePublicAccessBlock.build(context)
|
103
|
+
when :get_bucket_accelerate_configuration
|
104
|
+
Aws::S3::Endpoints::GetBucketAccelerateConfiguration.build(context)
|
105
|
+
when :get_bucket_acl
|
106
|
+
Aws::S3::Endpoints::GetBucketAcl.build(context)
|
107
|
+
when :get_bucket_analytics_configuration
|
108
|
+
Aws::S3::Endpoints::GetBucketAnalyticsConfiguration.build(context)
|
109
|
+
when :get_bucket_cors
|
110
|
+
Aws::S3::Endpoints::GetBucketCors.build(context)
|
111
|
+
when :get_bucket_encryption
|
112
|
+
Aws::S3::Endpoints::GetBucketEncryption.build(context)
|
113
|
+
when :get_bucket_intelligent_tiering_configuration
|
114
|
+
Aws::S3::Endpoints::GetBucketIntelligentTieringConfiguration.build(context)
|
115
|
+
when :get_bucket_inventory_configuration
|
116
|
+
Aws::S3::Endpoints::GetBucketInventoryConfiguration.build(context)
|
117
|
+
when :get_bucket_lifecycle
|
118
|
+
Aws::S3::Endpoints::GetBucketLifecycle.build(context)
|
119
|
+
when :get_bucket_lifecycle_configuration
|
120
|
+
Aws::S3::Endpoints::GetBucketLifecycleConfiguration.build(context)
|
121
|
+
when :get_bucket_location
|
122
|
+
Aws::S3::Endpoints::GetBucketLocation.build(context)
|
123
|
+
when :get_bucket_logging
|
124
|
+
Aws::S3::Endpoints::GetBucketLogging.build(context)
|
125
|
+
when :get_bucket_metrics_configuration
|
126
|
+
Aws::S3::Endpoints::GetBucketMetricsConfiguration.build(context)
|
127
|
+
when :get_bucket_notification
|
128
|
+
Aws::S3::Endpoints::GetBucketNotification.build(context)
|
129
|
+
when :get_bucket_notification_configuration
|
130
|
+
Aws::S3::Endpoints::GetBucketNotificationConfiguration.build(context)
|
131
|
+
when :get_bucket_ownership_controls
|
132
|
+
Aws::S3::Endpoints::GetBucketOwnershipControls.build(context)
|
133
|
+
when :get_bucket_policy
|
134
|
+
Aws::S3::Endpoints::GetBucketPolicy.build(context)
|
135
|
+
when :get_bucket_policy_status
|
136
|
+
Aws::S3::Endpoints::GetBucketPolicyStatus.build(context)
|
137
|
+
when :get_bucket_replication
|
138
|
+
Aws::S3::Endpoints::GetBucketReplication.build(context)
|
139
|
+
when :get_bucket_request_payment
|
140
|
+
Aws::S3::Endpoints::GetBucketRequestPayment.build(context)
|
141
|
+
when :get_bucket_tagging
|
142
|
+
Aws::S3::Endpoints::GetBucketTagging.build(context)
|
143
|
+
when :get_bucket_versioning
|
144
|
+
Aws::S3::Endpoints::GetBucketVersioning.build(context)
|
145
|
+
when :get_bucket_website
|
146
|
+
Aws::S3::Endpoints::GetBucketWebsite.build(context)
|
147
|
+
when :get_object
|
148
|
+
Aws::S3::Endpoints::GetObject.build(context)
|
149
|
+
when :get_object_acl
|
150
|
+
Aws::S3::Endpoints::GetObjectAcl.build(context)
|
151
|
+
when :get_object_attributes
|
152
|
+
Aws::S3::Endpoints::GetObjectAttributes.build(context)
|
153
|
+
when :get_object_legal_hold
|
154
|
+
Aws::S3::Endpoints::GetObjectLegalHold.build(context)
|
155
|
+
when :get_object_lock_configuration
|
156
|
+
Aws::S3::Endpoints::GetObjectLockConfiguration.build(context)
|
157
|
+
when :get_object_retention
|
158
|
+
Aws::S3::Endpoints::GetObjectRetention.build(context)
|
159
|
+
when :get_object_tagging
|
160
|
+
Aws::S3::Endpoints::GetObjectTagging.build(context)
|
161
|
+
when :get_object_torrent
|
162
|
+
Aws::S3::Endpoints::GetObjectTorrent.build(context)
|
163
|
+
when :get_public_access_block
|
164
|
+
Aws::S3::Endpoints::GetPublicAccessBlock.build(context)
|
165
|
+
when :head_bucket
|
166
|
+
Aws::S3::Endpoints::HeadBucket.build(context)
|
167
|
+
when :head_object
|
168
|
+
Aws::S3::Endpoints::HeadObject.build(context)
|
169
|
+
when :list_bucket_analytics_configurations
|
170
|
+
Aws::S3::Endpoints::ListBucketAnalyticsConfigurations.build(context)
|
171
|
+
when :list_bucket_intelligent_tiering_configurations
|
172
|
+
Aws::S3::Endpoints::ListBucketIntelligentTieringConfigurations.build(context)
|
173
|
+
when :list_bucket_inventory_configurations
|
174
|
+
Aws::S3::Endpoints::ListBucketInventoryConfigurations.build(context)
|
175
|
+
when :list_bucket_metrics_configurations
|
176
|
+
Aws::S3::Endpoints::ListBucketMetricsConfigurations.build(context)
|
177
|
+
when :list_buckets
|
178
|
+
Aws::S3::Endpoints::ListBuckets.build(context)
|
179
|
+
when :list_multipart_uploads
|
180
|
+
Aws::S3::Endpoints::ListMultipartUploads.build(context)
|
181
|
+
when :list_object_versions
|
182
|
+
Aws::S3::Endpoints::ListObjectVersions.build(context)
|
183
|
+
when :list_objects
|
184
|
+
Aws::S3::Endpoints::ListObjects.build(context)
|
185
|
+
when :list_objects_v2
|
186
|
+
Aws::S3::Endpoints::ListObjectsV2.build(context)
|
187
|
+
when :list_parts
|
188
|
+
Aws::S3::Endpoints::ListParts.build(context)
|
189
|
+
when :put_bucket_accelerate_configuration
|
190
|
+
Aws::S3::Endpoints::PutBucketAccelerateConfiguration.build(context)
|
191
|
+
when :put_bucket_acl
|
192
|
+
Aws::S3::Endpoints::PutBucketAcl.build(context)
|
193
|
+
when :put_bucket_analytics_configuration
|
194
|
+
Aws::S3::Endpoints::PutBucketAnalyticsConfiguration.build(context)
|
195
|
+
when :put_bucket_cors
|
196
|
+
Aws::S3::Endpoints::PutBucketCors.build(context)
|
197
|
+
when :put_bucket_encryption
|
198
|
+
Aws::S3::Endpoints::PutBucketEncryption.build(context)
|
199
|
+
when :put_bucket_intelligent_tiering_configuration
|
200
|
+
Aws::S3::Endpoints::PutBucketIntelligentTieringConfiguration.build(context)
|
201
|
+
when :put_bucket_inventory_configuration
|
202
|
+
Aws::S3::Endpoints::PutBucketInventoryConfiguration.build(context)
|
203
|
+
when :put_bucket_lifecycle
|
204
|
+
Aws::S3::Endpoints::PutBucketLifecycle.build(context)
|
205
|
+
when :put_bucket_lifecycle_configuration
|
206
|
+
Aws::S3::Endpoints::PutBucketLifecycleConfiguration.build(context)
|
207
|
+
when :put_bucket_logging
|
208
|
+
Aws::S3::Endpoints::PutBucketLogging.build(context)
|
209
|
+
when :put_bucket_metrics_configuration
|
210
|
+
Aws::S3::Endpoints::PutBucketMetricsConfiguration.build(context)
|
211
|
+
when :put_bucket_notification
|
212
|
+
Aws::S3::Endpoints::PutBucketNotification.build(context)
|
213
|
+
when :put_bucket_notification_configuration
|
214
|
+
Aws::S3::Endpoints::PutBucketNotificationConfiguration.build(context)
|
215
|
+
when :put_bucket_ownership_controls
|
216
|
+
Aws::S3::Endpoints::PutBucketOwnershipControls.build(context)
|
217
|
+
when :put_bucket_policy
|
218
|
+
Aws::S3::Endpoints::PutBucketPolicy.build(context)
|
219
|
+
when :put_bucket_replication
|
220
|
+
Aws::S3::Endpoints::PutBucketReplication.build(context)
|
221
|
+
when :put_bucket_request_payment
|
222
|
+
Aws::S3::Endpoints::PutBucketRequestPayment.build(context)
|
223
|
+
when :put_bucket_tagging
|
224
|
+
Aws::S3::Endpoints::PutBucketTagging.build(context)
|
225
|
+
when :put_bucket_versioning
|
226
|
+
Aws::S3::Endpoints::PutBucketVersioning.build(context)
|
227
|
+
when :put_bucket_website
|
228
|
+
Aws::S3::Endpoints::PutBucketWebsite.build(context)
|
229
|
+
when :put_object
|
230
|
+
Aws::S3::Endpoints::PutObject.build(context)
|
231
|
+
when :put_object_acl
|
232
|
+
Aws::S3::Endpoints::PutObjectAcl.build(context)
|
233
|
+
when :put_object_legal_hold
|
234
|
+
Aws::S3::Endpoints::PutObjectLegalHold.build(context)
|
235
|
+
when :put_object_lock_configuration
|
236
|
+
Aws::S3::Endpoints::PutObjectLockConfiguration.build(context)
|
237
|
+
when :put_object_retention
|
238
|
+
Aws::S3::Endpoints::PutObjectRetention.build(context)
|
239
|
+
when :put_object_tagging
|
240
|
+
Aws::S3::Endpoints::PutObjectTagging.build(context)
|
241
|
+
when :put_public_access_block
|
242
|
+
Aws::S3::Endpoints::PutPublicAccessBlock.build(context)
|
243
|
+
when :restore_object
|
244
|
+
Aws::S3::Endpoints::RestoreObject.build(context)
|
245
|
+
when :select_object_content
|
246
|
+
Aws::S3::Endpoints::SelectObjectContent.build(context)
|
247
|
+
when :upload_part
|
248
|
+
Aws::S3::Endpoints::UploadPart.build(context)
|
249
|
+
when :upload_part_copy
|
250
|
+
Aws::S3::Endpoints::UploadPartCopy.build(context)
|
251
|
+
when :write_get_object_response
|
252
|
+
Aws::S3::Endpoints::WriteGetObjectResponse.build(context)
|
253
|
+
end
|
254
|
+
end
|
255
|
+
end
|
256
|
+
|
257
|
+
def add_handlers(handlers, _config)
|
258
|
+
handlers.add(Handler, step: :build, priority: 75)
|
259
|
+
end
|
260
|
+
end
|
261
|
+
end
|
262
|
+
end
|
@@ -16,7 +16,8 @@ module Aws
|
|
16
16
|
|
17
17
|
def call(context)
|
18
18
|
body = context.http_request.body
|
19
|
-
if body.respond_to?(:size) && body.size > 0
|
19
|
+
if body.respond_to?(:size) && body.size > 0 &&
|
20
|
+
!context[:use_accelerate_endpoint]
|
20
21
|
context.http_request.headers['expect'] = '100-continue'
|
21
22
|
end
|
22
23
|
@handler.call(context)
|
@@ -16,35 +16,6 @@ Defaults to `legacy` mode which uses the global endpoint.
|
|
16
16
|
resolve_iad_regional_endpoint(cfg)
|
17
17
|
end
|
18
18
|
|
19
|
-
def add_handlers(handlers, config)
|
20
|
-
# only modify non-custom endpoints
|
21
|
-
if config.regional_endpoint && config.region == 'us-east-1'
|
22
|
-
handlers.add(Handler)
|
23
|
-
end
|
24
|
-
end
|
25
|
-
|
26
|
-
# @api private
|
27
|
-
class Handler < Seahorse::Client::Handler
|
28
|
-
|
29
|
-
def call(context)
|
30
|
-
# WriteGetObjectResponse does not have a global endpoint
|
31
|
-
# ARNs are regionalized, so don't touch those either.
|
32
|
-
if context.operation.name != 'WriteGetObjectResponse' &&
|
33
|
-
context.config.s3_us_east_1_regional_endpoint == 'legacy' &&
|
34
|
-
!context.metadata[:s3_arn]
|
35
|
-
host = context.http_request.endpoint.host
|
36
|
-
legacy_host = IADRegionalEndpoint.legacy_host(host)
|
37
|
-
context.http_request.endpoint.host = legacy_host
|
38
|
-
end
|
39
|
-
@handler.call(context)
|
40
|
-
end
|
41
|
-
|
42
|
-
end
|
43
|
-
|
44
|
-
def self.legacy_host(host)
|
45
|
-
host.sub(".us-east-1", '')
|
46
|
-
end
|
47
|
-
|
48
19
|
private
|
49
20
|
|
50
21
|
def self.resolve_iad_regional_endpoint(cfg)
|
@@ -5,28 +5,13 @@ require 'aws-sigv4'
|
|
5
5
|
module Aws
|
6
6
|
module S3
|
7
7
|
module Plugins
|
8
|
-
# This plugin
|
8
|
+
# This plugin used to have a V4 signer but it was removed in favor of
|
9
|
+
# generic Sign plugin that uses endpoint auth scheme.
|
10
|
+
#
|
9
11
|
# @api private
|
10
12
|
class S3Signer < Seahorse::Client::Plugin
|
11
13
|
option(:signature_version, 'v4')
|
12
14
|
|
13
|
-
option(:sigv4_signer) do |cfg|
|
14
|
-
S3Signer.build_v4_signer(
|
15
|
-
service: 's3',
|
16
|
-
region: cfg.sigv4_region,
|
17
|
-
credentials: cfg.credentials
|
18
|
-
)
|
19
|
-
end
|
20
|
-
|
21
|
-
option(:sigv4_region) do |cfg|
|
22
|
-
# S3 removes core's signature_v4 plugin that checks for this
|
23
|
-
raise Aws::Errors::MissingRegionError if cfg.region.nil?
|
24
|
-
|
25
|
-
Aws::Partitions::EndpointProvider.signing_region(
|
26
|
-
cfg.region, 's3'
|
27
|
-
)
|
28
|
-
end
|
29
|
-
|
30
15
|
def add_handlers(handlers, cfg)
|
31
16
|
case cfg.signature_version
|
32
17
|
when 'v4' then add_v4_handlers(handlers)
|
@@ -39,11 +24,11 @@ module Aws
|
|
39
24
|
|
40
25
|
def add_v4_handlers(handlers)
|
41
26
|
handlers.add(CachedBucketRegionHandler, step: :sign, priority: 60)
|
42
|
-
handlers.add(V4Handler, step: :sign)
|
43
27
|
handlers.add(BucketRegionErrorHandler, step: :sign, priority: 40)
|
44
28
|
end
|
45
29
|
|
46
30
|
def add_legacy_handler(handlers)
|
31
|
+
# generic Sign plugin will be skipped if it sees sigv2
|
47
32
|
handlers.add(LegacyHandler, step: :sign)
|
48
33
|
end
|
49
34
|
|
@@ -54,53 +39,6 @@ module Aws
|
|
54
39
|
end
|
55
40
|
end
|
56
41
|
|
57
|
-
class V4Handler < Seahorse::Client::Handler
|
58
|
-
def call(context)
|
59
|
-
Aws::Plugins::SignatureV4.apply_signature(
|
60
|
-
context: context,
|
61
|
-
signer: sigv4_signer(context)
|
62
|
-
)
|
63
|
-
@handler.call(context)
|
64
|
-
end
|
65
|
-
|
66
|
-
private
|
67
|
-
|
68
|
-
def sigv4_signer(context)
|
69
|
-
# If the client was configured with the wrong region,
|
70
|
-
# we have to build a new signer.
|
71
|
-
if context[:cached_sigv4_region] &&
|
72
|
-
context[:cached_sigv4_region] != context.config.sigv4_signer.region
|
73
|
-
S3Signer.build_v4_signer(
|
74
|
-
service: 's3',
|
75
|
-
region: context[:cached_sigv4_region],
|
76
|
-
credentials: context.config.credentials
|
77
|
-
)
|
78
|
-
elsif (arn = context.metadata[:s3_arn])
|
79
|
-
if arn[:arn].is_a?(MultiRegionAccessPointARN)
|
80
|
-
signing_region = '*'
|
81
|
-
signing_algorithm = :sigv4a
|
82
|
-
else
|
83
|
-
signing_region = arn[:resolved_region]
|
84
|
-
signing_algorithm = :sigv4
|
85
|
-
end
|
86
|
-
S3Signer.build_v4_signer(
|
87
|
-
service: arn[:arn].service,
|
88
|
-
signing_algorithm: signing_algorithm,
|
89
|
-
region: signing_region,
|
90
|
-
credentials: context.config.credentials
|
91
|
-
)
|
92
|
-
elsif context.operation.name == 'WriteGetObjectResponse'
|
93
|
-
S3Signer.build_v4_signer(
|
94
|
-
service: 's3-object-lambda',
|
95
|
-
region: context.config.sigv4_region,
|
96
|
-
credentials: context.config.credentials
|
97
|
-
)
|
98
|
-
else
|
99
|
-
context.config.sigv4_signer
|
100
|
-
end
|
101
|
-
end
|
102
|
-
end
|
103
|
-
|
104
42
|
# This handler will update the http endpoint when the bucket region
|
105
43
|
# is known/cached.
|
106
44
|
class CachedBucketRegionHandler < Seahorse::Client::Handler
|
@@ -118,7 +56,7 @@ module Aws
|
|
118
56
|
context.http_request.endpoint.host = S3Signer.new_hostname(
|
119
57
|
context, cached_region
|
120
58
|
)
|
121
|
-
context[:
|
59
|
+
context[:sigv4_region] = cached_region # Sign plugin will use this
|
122
60
|
end
|
123
61
|
end
|
124
62
|
end
|
@@ -126,7 +64,8 @@ module Aws
|
|
126
64
|
# This handler detects when a request fails because of a mismatched bucket
|
127
65
|
# region. It follows up by making a request to determine the correct
|
128
66
|
# region, then finally a version 4 signed request against the correct
|
129
|
-
# regional endpoint.
|
67
|
+
# regional endpoint. This is intended for s3's global endpoint which
|
68
|
+
# will return 400 if the bucket is not in region.
|
130
69
|
class BucketRegionErrorHandler < Seahorse::Client::Handler
|
131
70
|
def call(context)
|
132
71
|
response = @handler.call(context)
|
@@ -160,7 +99,7 @@ module Aws
|
|
160
99
|
end
|
161
100
|
|
162
101
|
def fips_region?(resp)
|
163
|
-
resp.context.http_request.endpoint.host.include?('fips')
|
102
|
+
resp.context.http_request.endpoint.host.include?('s3-fips.')
|
164
103
|
end
|
165
104
|
|
166
105
|
def expired_credentials?(resp)
|
@@ -168,15 +107,12 @@ module Aws
|
|
168
107
|
end
|
169
108
|
|
170
109
|
def custom_endpoint?(resp)
|
171
|
-
|
172
|
-
|
173
|
-
|
174
|
-
|
175
|
-
|
176
|
-
|
177
|
-
}
|
178
|
-
)
|
179
|
-
!resp.context.http_request.endpoint.hostname.include?(resolved_suffix)
|
110
|
+
region = resp.context.config.region
|
111
|
+
partition = Aws::Endpoints::Matchers.aws_partition(region)
|
112
|
+
endpoint = resp.context.http_request.endpoint
|
113
|
+
|
114
|
+
!endpoint.hostname.include?(partition['dnsSuffix']) &&
|
115
|
+
!endpoint.hostname.include?(partition['dualStackDnsSuffix'])
|
180
116
|
end
|
181
117
|
|
182
118
|
def wrong_sigv4_region?(resp)
|
@@ -191,18 +127,14 @@ module Aws
|
|
191
127
|
context, actual_region
|
192
128
|
)
|
193
129
|
context.metadata[:redirect_region] = actual_region
|
194
|
-
|
195
|
-
|
196
|
-
|
197
|
-
|
198
|
-
|
199
|
-
context: context,
|
200
|
-
signer: S3Signer.build_v4_signer(
|
201
|
-
service: service || 's3',
|
202
|
-
region: actual_region,
|
203
|
-
credentials: context.config.credentials
|
204
|
-
)
|
130
|
+
|
131
|
+
signer = Aws::Plugins::Sign.signer_for(
|
132
|
+
context[:auth_scheme],
|
133
|
+
context.config,
|
134
|
+
actual_region
|
205
135
|
)
|
136
|
+
|
137
|
+
signer.sign(context)
|
206
138
|
end
|
207
139
|
|
208
140
|
def region_from_body(body)
|
@@ -228,41 +160,13 @@ module Aws
|
|
228
160
|
end
|
229
161
|
|
230
162
|
class << self
|
231
|
-
# @option options [required, String] :region
|
232
|
-
# @option options [required, #credentials] :credentials
|
233
|
-
# @api private
|
234
|
-
def build_v4_signer(options = {})
|
235
|
-
Aws::Sigv4::Signer.new(
|
236
|
-
service: options[:service],
|
237
|
-
region: options[:region],
|
238
|
-
credentials_provider: options[:credentials],
|
239
|
-
signing_algorithm: options.fetch(:signing_algorithm, :sigv4),
|
240
|
-
uri_escape_path: false,
|
241
|
-
unsigned_headers: ['content-length', 'x-amzn-trace-id']
|
242
|
-
)
|
243
|
-
end
|
244
|
-
|
245
|
-
# Check to see if the bucket is actually an ARN
|
246
|
-
# Otherwise it will retry with the ARN as the bucket name.
|
247
163
|
def new_hostname(context, region)
|
248
|
-
|
249
|
-
|
250
|
-
|
251
|
-
|
252
|
-
|
253
|
-
|
254
|
-
}
|
255
|
-
)
|
256
|
-
)
|
257
|
-
|
258
|
-
if (arn = context.metadata[:s3_arn])
|
259
|
-
# Retry with the response region and not the ARN resolved one
|
260
|
-
ARN.resolve_url!(
|
261
|
-
uri, arn[:arn], region, arn[:fips], arn[:dualstack]
|
262
|
-
).host
|
263
|
-
else
|
264
|
-
"#{context.params[:bucket]}.#{uri.host}"
|
265
|
-
end
|
164
|
+
endpoint_params = context[:endpoint_params].dup
|
165
|
+
endpoint_params.region = region
|
166
|
+
endpoint_params.endpoint = nil
|
167
|
+
endpoint =
|
168
|
+
context.config.endpoint_provider.resolve_endpoint(endpoint_params)
|
169
|
+
URI(endpoint.url).host
|
266
170
|
end
|
267
171
|
end
|
268
172
|
end
|
@@ -629,22 +629,15 @@ module Aws
|
|
629
629
|
end
|
630
630
|
|
631
631
|
def bucket_url
|
632
|
-
|
633
|
-
|
634
|
-
|
635
|
-
|
636
|
-
|
637
|
-
|
638
|
-
|
639
|
-
|
640
|
-
|
641
|
-
url.path = "/#{@bucket_name}"
|
642
|
-
end
|
643
|
-
if @bucket_region == 'us-east-1'
|
644
|
-
# keep legacy behavior by default
|
645
|
-
url.host = Plugins::IADRegionalEndpoint.legacy_host(url.host)
|
646
|
-
end
|
647
|
-
url.to_s
|
632
|
+
# Taken from Aws::S3::Endpoints module
|
633
|
+
params = Aws::S3::EndpointParameters.new(
|
634
|
+
bucket: @bucket_name,
|
635
|
+
region: @bucket_region,
|
636
|
+
accelerate: @accelerate,
|
637
|
+
use_global_endpoint: true
|
638
|
+
)
|
639
|
+
endpoint = Aws::S3::EndpointProvider.new.resolve_endpoint(params)
|
640
|
+
endpoint.url
|
648
641
|
end
|
649
642
|
|
650
643
|
# @return [Hash]
|
data/lib/aws-sdk-s3/presigner.rb
CHANGED
@@ -133,7 +133,7 @@ module Aws
|
|
133
133
|
virtual_host = params.delete(:virtual_host)
|
134
134
|
time = params.delete(:time)
|
135
135
|
unsigned_headers = unsigned_headers(params)
|
136
|
-
|
136
|
+
secure = params.delete(:secure) != false
|
137
137
|
expires_in = expires_in(params)
|
138
138
|
|
139
139
|
req = @client.build_request(method, params)
|
@@ -141,7 +141,7 @@ module Aws
|
|
141
141
|
handle_presigned_url_context(req)
|
142
142
|
|
143
143
|
x_amz_headers = sign_but_dont_send(
|
144
|
-
req, expires_in,
|
144
|
+
req, expires_in, secure, time, unsigned_headers, hoist
|
145
145
|
)
|
146
146
|
[req.send_request.data, x_amz_headers]
|
147
147
|
end
|
@@ -151,14 +151,6 @@ module Aws
|
|
151
151
|
BLACKLISTED_HEADERS - whitelist_headers
|
152
152
|
end
|
153
153
|
|
154
|
-
def http_scheme(params)
|
155
|
-
if params.delete(:secure) == false
|
156
|
-
'http'
|
157
|
-
else
|
158
|
-
@client.config.endpoint.scheme
|
159
|
-
end
|
160
|
-
end
|
161
|
-
|
162
154
|
def expires_in(params)
|
163
155
|
if (expires_in = params.delete(:expires_in))
|
164
156
|
if expires_in > ONE_WEEK
|
@@ -175,8 +167,7 @@ module Aws
|
|
175
167
|
end
|
176
168
|
|
177
169
|
def use_bucket_as_hostname(req)
|
178
|
-
req.
|
179
|
-
req.handle do |context|
|
170
|
+
req.handle(priority: 35) do |context|
|
180
171
|
uri = context.http_request.endpoint
|
181
172
|
uri.host = context.params[:bucket]
|
182
173
|
uri.path.sub!("/#{context.params[:bucket]}", '')
|
@@ -197,23 +188,20 @@ module Aws
|
|
197
188
|
|
198
189
|
# @param [Seahorse::Client::Request] req
|
199
190
|
def sign_but_dont_send(
|
200
|
-
req, expires_in,
|
191
|
+
req, expires_in, secure, time, unsigned_headers, hoist = true
|
201
192
|
)
|
202
193
|
x_amz_headers = {}
|
203
194
|
|
204
195
|
http_req = req.context.http_request
|
205
196
|
|
206
197
|
req.handlers.remove(Aws::S3::Plugins::S3Signer::LegacyHandler)
|
207
|
-
req.handlers.remove(Aws::
|
198
|
+
req.handlers.remove(Aws::Plugins::Sign::Handler)
|
208
199
|
req.handlers.remove(Seahorse::Client::Plugins::ContentLength::Handler)
|
209
200
|
|
210
201
|
req.handle(step: :send) do |context|
|
211
|
-
|
212
|
-
|
213
|
-
|
214
|
-
endpoint.port = (scheme == 'http' ? 80 : 443)
|
215
|
-
http_req.endpoint = URI.parse(endpoint.to_s)
|
216
|
-
end
|
202
|
+
# preserve existing scheme if default
|
203
|
+
http_req.endpoint.scheme = secure ? context.config.endpoint.scheme : 'http'
|
204
|
+
http_req.endpoint.port = secure ? 443 : 80
|
217
205
|
|
218
206
|
query = http_req.endpoint.query ? http_req.endpoint.query.split('&') : []
|
219
207
|
http_req.headers.each do |key, value|
|
@@ -231,24 +219,21 @@ module Aws
|
|
231
219
|
end
|
232
220
|
http_req.endpoint.query = query.join('&') unless query.empty?
|
233
221
|
|
234
|
-
|
235
|
-
|
236
|
-
|
237
|
-
|
238
|
-
|
239
|
-
|
240
|
-
|
241
|
-
signing_algorithm = arn[:arn].is_a?(MultiRegionAccessPointARN) ? :sigv4a : :sigv4
|
242
|
-
end
|
243
|
-
|
222
|
+
auth_scheme = context[:auth_scheme]
|
223
|
+
scheme_name = auth_scheme['name']
|
224
|
+
region = if scheme_name == 'sigv4a'
|
225
|
+
auth_scheme['signingRegionSet'].first
|
226
|
+
else
|
227
|
+
auth_scheme['signingRegion']
|
228
|
+
end
|
244
229
|
signer = Aws::Sigv4::Signer.new(
|
245
|
-
service:
|
230
|
+
service: auth_scheme['signingName'] || 's3',
|
246
231
|
region: region || context.config.region,
|
247
|
-
signing_algorithm: signing_algorithm,
|
248
232
|
credentials_provider: context.config.credentials,
|
233
|
+
signing_algorithm: scheme_name.to_sym,
|
234
|
+
uri_escape_path: !!!auth_scheme['disableDoubleEncoding'],
|
249
235
|
unsigned_headers: unsigned_headers,
|
250
|
-
apply_checksum_header: false
|
251
|
-
uri_escape_path: false
|
236
|
+
apply_checksum_header: false
|
252
237
|
)
|
253
238
|
|
254
239
|
url = signer.presign_url(
|