aws-sdk-s3 1.115.0 → 1.117.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +17 -0
- data/VERSION +1 -1
- data/lib/aws-sdk-s3/client.rb +142 -125
- data/lib/aws-sdk-s3/client_api.rb +95 -95
- data/lib/aws-sdk-s3/customizations/bucket.rb +20 -46
- data/lib/aws-sdk-s3/endpoint_parameters.rb +142 -0
- data/lib/aws-sdk-s3/endpoint_provider.rb +2020 -0
- data/lib/aws-sdk-s3/endpoints.rb +2149 -0
- data/lib/aws-sdk-s3/multipart_stream_uploader.rb +25 -6
- data/lib/aws-sdk-s3/plugins/accelerate.rb +3 -50
- data/lib/aws-sdk-s3/plugins/arn.rb +0 -184
- data/lib/aws-sdk-s3/plugins/bucket_dns.rb +3 -39
- data/lib/aws-sdk-s3/plugins/bucket_name_restrictions.rb +1 -6
- data/lib/aws-sdk-s3/plugins/dualstack.rb +1 -49
- data/lib/aws-sdk-s3/plugins/endpoints.rb +262 -0
- data/lib/aws-sdk-s3/plugins/expect_100_continue.rb +2 -1
- data/lib/aws-sdk-s3/plugins/iad_regional_endpoint.rb +0 -29
- data/lib/aws-sdk-s3/plugins/s3_signer.rb +27 -123
- data/lib/aws-sdk-s3/presigned_post.rb +9 -16
- data/lib/aws-sdk-s3/presigner.rb +20 -33
- data/lib/aws-sdk-s3.rb +5 -1
- metadata +8 -9
- data/lib/aws-sdk-s3/arn/access_point_arn.rb +0 -69
- data/lib/aws-sdk-s3/arn/multi_region_access_point_arn.rb +0 -68
- data/lib/aws-sdk-s3/arn/object_lambda_arn.rb +0 -69
- data/lib/aws-sdk-s3/arn/outpost_access_point_arn.rb +0 -74
- data/lib/aws-sdk-s3/plugins/object_lambda_endpoint.rb +0 -25
@@ -0,0 +1,262 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
# WARNING ABOUT GENERATED CODE
|
4
|
+
#
|
5
|
+
# This file is generated. See the contributing guide for more information:
|
6
|
+
# https://github.com/aws/aws-sdk-ruby/blob/version-3/CONTRIBUTING.md
|
7
|
+
#
|
8
|
+
# WARNING ABOUT GENERATED CODE
|
9
|
+
|
10
|
+
|
11
|
+
module Aws::S3
|
12
|
+
module Plugins
|
13
|
+
class Endpoints < Seahorse::Client::Plugin
|
14
|
+
option(
|
15
|
+
:endpoint_provider,
|
16
|
+
doc_type: 'Aws::S3::EndpointProvider',
|
17
|
+
docstring: 'The endpoint provider used to resolve endpoints. Any '\
|
18
|
+
'object that responds to `#resolve_endpoint(parameters)` '\
|
19
|
+
'where `parameters` is a Struct similar to '\
|
20
|
+
'`Aws::S3::EndpointParameters`'
|
21
|
+
) do |cfg|
|
22
|
+
Aws::S3::EndpointProvider.new
|
23
|
+
end
|
24
|
+
|
25
|
+
# @api private
|
26
|
+
class Handler < Seahorse::Client::Handler
|
27
|
+
def call(context)
|
28
|
+
# If endpoint was discovered, do not resolve or apply the endpoint.
|
29
|
+
unless context[:discovered_endpoint]
|
30
|
+
params = parameters_for_operation(context)
|
31
|
+
endpoint = context.config.endpoint_provider.resolve_endpoint(params)
|
32
|
+
|
33
|
+
context.http_request.endpoint = endpoint.url
|
34
|
+
apply_endpoint_headers(context, endpoint.headers)
|
35
|
+
end
|
36
|
+
|
37
|
+
context[:endpoint_params] = params
|
38
|
+
context[:auth_scheme] =
|
39
|
+
Aws::Endpoints.resolve_auth_scheme(context, endpoint)
|
40
|
+
|
41
|
+
@handler.call(context)
|
42
|
+
end
|
43
|
+
|
44
|
+
private
|
45
|
+
|
46
|
+
def apply_endpoint_headers(context, headers)
|
47
|
+
headers.each do |key, values|
|
48
|
+
value = values
|
49
|
+
.compact
|
50
|
+
.map { |s| Seahorse::Util.escape_header_list_string(s.to_s) }
|
51
|
+
.join(',')
|
52
|
+
|
53
|
+
context.http_request.headers[key] = value
|
54
|
+
end
|
55
|
+
end
|
56
|
+
|
57
|
+
def parameters_for_operation(context)
|
58
|
+
case context.operation_name
|
59
|
+
when :abort_multipart_upload
|
60
|
+
Aws::S3::Endpoints::AbortMultipartUpload.build(context)
|
61
|
+
when :complete_multipart_upload
|
62
|
+
Aws::S3::Endpoints::CompleteMultipartUpload.build(context)
|
63
|
+
when :copy_object
|
64
|
+
Aws::S3::Endpoints::CopyObject.build(context)
|
65
|
+
when :create_bucket
|
66
|
+
Aws::S3::Endpoints::CreateBucket.build(context)
|
67
|
+
when :create_multipart_upload
|
68
|
+
Aws::S3::Endpoints::CreateMultipartUpload.build(context)
|
69
|
+
when :delete_bucket
|
70
|
+
Aws::S3::Endpoints::DeleteBucket.build(context)
|
71
|
+
when :delete_bucket_analytics_configuration
|
72
|
+
Aws::S3::Endpoints::DeleteBucketAnalyticsConfiguration.build(context)
|
73
|
+
when :delete_bucket_cors
|
74
|
+
Aws::S3::Endpoints::DeleteBucketCors.build(context)
|
75
|
+
when :delete_bucket_encryption
|
76
|
+
Aws::S3::Endpoints::DeleteBucketEncryption.build(context)
|
77
|
+
when :delete_bucket_intelligent_tiering_configuration
|
78
|
+
Aws::S3::Endpoints::DeleteBucketIntelligentTieringConfiguration.build(context)
|
79
|
+
when :delete_bucket_inventory_configuration
|
80
|
+
Aws::S3::Endpoints::DeleteBucketInventoryConfiguration.build(context)
|
81
|
+
when :delete_bucket_lifecycle
|
82
|
+
Aws::S3::Endpoints::DeleteBucketLifecycle.build(context)
|
83
|
+
when :delete_bucket_metrics_configuration
|
84
|
+
Aws::S3::Endpoints::DeleteBucketMetricsConfiguration.build(context)
|
85
|
+
when :delete_bucket_ownership_controls
|
86
|
+
Aws::S3::Endpoints::DeleteBucketOwnershipControls.build(context)
|
87
|
+
when :delete_bucket_policy
|
88
|
+
Aws::S3::Endpoints::DeleteBucketPolicy.build(context)
|
89
|
+
when :delete_bucket_replication
|
90
|
+
Aws::S3::Endpoints::DeleteBucketReplication.build(context)
|
91
|
+
when :delete_bucket_tagging
|
92
|
+
Aws::S3::Endpoints::DeleteBucketTagging.build(context)
|
93
|
+
when :delete_bucket_website
|
94
|
+
Aws::S3::Endpoints::DeleteBucketWebsite.build(context)
|
95
|
+
when :delete_object
|
96
|
+
Aws::S3::Endpoints::DeleteObject.build(context)
|
97
|
+
when :delete_object_tagging
|
98
|
+
Aws::S3::Endpoints::DeleteObjectTagging.build(context)
|
99
|
+
when :delete_objects
|
100
|
+
Aws::S3::Endpoints::DeleteObjects.build(context)
|
101
|
+
when :delete_public_access_block
|
102
|
+
Aws::S3::Endpoints::DeletePublicAccessBlock.build(context)
|
103
|
+
when :get_bucket_accelerate_configuration
|
104
|
+
Aws::S3::Endpoints::GetBucketAccelerateConfiguration.build(context)
|
105
|
+
when :get_bucket_acl
|
106
|
+
Aws::S3::Endpoints::GetBucketAcl.build(context)
|
107
|
+
when :get_bucket_analytics_configuration
|
108
|
+
Aws::S3::Endpoints::GetBucketAnalyticsConfiguration.build(context)
|
109
|
+
when :get_bucket_cors
|
110
|
+
Aws::S3::Endpoints::GetBucketCors.build(context)
|
111
|
+
when :get_bucket_encryption
|
112
|
+
Aws::S3::Endpoints::GetBucketEncryption.build(context)
|
113
|
+
when :get_bucket_intelligent_tiering_configuration
|
114
|
+
Aws::S3::Endpoints::GetBucketIntelligentTieringConfiguration.build(context)
|
115
|
+
when :get_bucket_inventory_configuration
|
116
|
+
Aws::S3::Endpoints::GetBucketInventoryConfiguration.build(context)
|
117
|
+
when :get_bucket_lifecycle
|
118
|
+
Aws::S3::Endpoints::GetBucketLifecycle.build(context)
|
119
|
+
when :get_bucket_lifecycle_configuration
|
120
|
+
Aws::S3::Endpoints::GetBucketLifecycleConfiguration.build(context)
|
121
|
+
when :get_bucket_location
|
122
|
+
Aws::S3::Endpoints::GetBucketLocation.build(context)
|
123
|
+
when :get_bucket_logging
|
124
|
+
Aws::S3::Endpoints::GetBucketLogging.build(context)
|
125
|
+
when :get_bucket_metrics_configuration
|
126
|
+
Aws::S3::Endpoints::GetBucketMetricsConfiguration.build(context)
|
127
|
+
when :get_bucket_notification
|
128
|
+
Aws::S3::Endpoints::GetBucketNotification.build(context)
|
129
|
+
when :get_bucket_notification_configuration
|
130
|
+
Aws::S3::Endpoints::GetBucketNotificationConfiguration.build(context)
|
131
|
+
when :get_bucket_ownership_controls
|
132
|
+
Aws::S3::Endpoints::GetBucketOwnershipControls.build(context)
|
133
|
+
when :get_bucket_policy
|
134
|
+
Aws::S3::Endpoints::GetBucketPolicy.build(context)
|
135
|
+
when :get_bucket_policy_status
|
136
|
+
Aws::S3::Endpoints::GetBucketPolicyStatus.build(context)
|
137
|
+
when :get_bucket_replication
|
138
|
+
Aws::S3::Endpoints::GetBucketReplication.build(context)
|
139
|
+
when :get_bucket_request_payment
|
140
|
+
Aws::S3::Endpoints::GetBucketRequestPayment.build(context)
|
141
|
+
when :get_bucket_tagging
|
142
|
+
Aws::S3::Endpoints::GetBucketTagging.build(context)
|
143
|
+
when :get_bucket_versioning
|
144
|
+
Aws::S3::Endpoints::GetBucketVersioning.build(context)
|
145
|
+
when :get_bucket_website
|
146
|
+
Aws::S3::Endpoints::GetBucketWebsite.build(context)
|
147
|
+
when :get_object
|
148
|
+
Aws::S3::Endpoints::GetObject.build(context)
|
149
|
+
when :get_object_acl
|
150
|
+
Aws::S3::Endpoints::GetObjectAcl.build(context)
|
151
|
+
when :get_object_attributes
|
152
|
+
Aws::S3::Endpoints::GetObjectAttributes.build(context)
|
153
|
+
when :get_object_legal_hold
|
154
|
+
Aws::S3::Endpoints::GetObjectLegalHold.build(context)
|
155
|
+
when :get_object_lock_configuration
|
156
|
+
Aws::S3::Endpoints::GetObjectLockConfiguration.build(context)
|
157
|
+
when :get_object_retention
|
158
|
+
Aws::S3::Endpoints::GetObjectRetention.build(context)
|
159
|
+
when :get_object_tagging
|
160
|
+
Aws::S3::Endpoints::GetObjectTagging.build(context)
|
161
|
+
when :get_object_torrent
|
162
|
+
Aws::S3::Endpoints::GetObjectTorrent.build(context)
|
163
|
+
when :get_public_access_block
|
164
|
+
Aws::S3::Endpoints::GetPublicAccessBlock.build(context)
|
165
|
+
when :head_bucket
|
166
|
+
Aws::S3::Endpoints::HeadBucket.build(context)
|
167
|
+
when :head_object
|
168
|
+
Aws::S3::Endpoints::HeadObject.build(context)
|
169
|
+
when :list_bucket_analytics_configurations
|
170
|
+
Aws::S3::Endpoints::ListBucketAnalyticsConfigurations.build(context)
|
171
|
+
when :list_bucket_intelligent_tiering_configurations
|
172
|
+
Aws::S3::Endpoints::ListBucketIntelligentTieringConfigurations.build(context)
|
173
|
+
when :list_bucket_inventory_configurations
|
174
|
+
Aws::S3::Endpoints::ListBucketInventoryConfigurations.build(context)
|
175
|
+
when :list_bucket_metrics_configurations
|
176
|
+
Aws::S3::Endpoints::ListBucketMetricsConfigurations.build(context)
|
177
|
+
when :list_buckets
|
178
|
+
Aws::S3::Endpoints::ListBuckets.build(context)
|
179
|
+
when :list_multipart_uploads
|
180
|
+
Aws::S3::Endpoints::ListMultipartUploads.build(context)
|
181
|
+
when :list_object_versions
|
182
|
+
Aws::S3::Endpoints::ListObjectVersions.build(context)
|
183
|
+
when :list_objects
|
184
|
+
Aws::S3::Endpoints::ListObjects.build(context)
|
185
|
+
when :list_objects_v2
|
186
|
+
Aws::S3::Endpoints::ListObjectsV2.build(context)
|
187
|
+
when :list_parts
|
188
|
+
Aws::S3::Endpoints::ListParts.build(context)
|
189
|
+
when :put_bucket_accelerate_configuration
|
190
|
+
Aws::S3::Endpoints::PutBucketAccelerateConfiguration.build(context)
|
191
|
+
when :put_bucket_acl
|
192
|
+
Aws::S3::Endpoints::PutBucketAcl.build(context)
|
193
|
+
when :put_bucket_analytics_configuration
|
194
|
+
Aws::S3::Endpoints::PutBucketAnalyticsConfiguration.build(context)
|
195
|
+
when :put_bucket_cors
|
196
|
+
Aws::S3::Endpoints::PutBucketCors.build(context)
|
197
|
+
when :put_bucket_encryption
|
198
|
+
Aws::S3::Endpoints::PutBucketEncryption.build(context)
|
199
|
+
when :put_bucket_intelligent_tiering_configuration
|
200
|
+
Aws::S3::Endpoints::PutBucketIntelligentTieringConfiguration.build(context)
|
201
|
+
when :put_bucket_inventory_configuration
|
202
|
+
Aws::S3::Endpoints::PutBucketInventoryConfiguration.build(context)
|
203
|
+
when :put_bucket_lifecycle
|
204
|
+
Aws::S3::Endpoints::PutBucketLifecycle.build(context)
|
205
|
+
when :put_bucket_lifecycle_configuration
|
206
|
+
Aws::S3::Endpoints::PutBucketLifecycleConfiguration.build(context)
|
207
|
+
when :put_bucket_logging
|
208
|
+
Aws::S3::Endpoints::PutBucketLogging.build(context)
|
209
|
+
when :put_bucket_metrics_configuration
|
210
|
+
Aws::S3::Endpoints::PutBucketMetricsConfiguration.build(context)
|
211
|
+
when :put_bucket_notification
|
212
|
+
Aws::S3::Endpoints::PutBucketNotification.build(context)
|
213
|
+
when :put_bucket_notification_configuration
|
214
|
+
Aws::S3::Endpoints::PutBucketNotificationConfiguration.build(context)
|
215
|
+
when :put_bucket_ownership_controls
|
216
|
+
Aws::S3::Endpoints::PutBucketOwnershipControls.build(context)
|
217
|
+
when :put_bucket_policy
|
218
|
+
Aws::S3::Endpoints::PutBucketPolicy.build(context)
|
219
|
+
when :put_bucket_replication
|
220
|
+
Aws::S3::Endpoints::PutBucketReplication.build(context)
|
221
|
+
when :put_bucket_request_payment
|
222
|
+
Aws::S3::Endpoints::PutBucketRequestPayment.build(context)
|
223
|
+
when :put_bucket_tagging
|
224
|
+
Aws::S3::Endpoints::PutBucketTagging.build(context)
|
225
|
+
when :put_bucket_versioning
|
226
|
+
Aws::S3::Endpoints::PutBucketVersioning.build(context)
|
227
|
+
when :put_bucket_website
|
228
|
+
Aws::S3::Endpoints::PutBucketWebsite.build(context)
|
229
|
+
when :put_object
|
230
|
+
Aws::S3::Endpoints::PutObject.build(context)
|
231
|
+
when :put_object_acl
|
232
|
+
Aws::S3::Endpoints::PutObjectAcl.build(context)
|
233
|
+
when :put_object_legal_hold
|
234
|
+
Aws::S3::Endpoints::PutObjectLegalHold.build(context)
|
235
|
+
when :put_object_lock_configuration
|
236
|
+
Aws::S3::Endpoints::PutObjectLockConfiguration.build(context)
|
237
|
+
when :put_object_retention
|
238
|
+
Aws::S3::Endpoints::PutObjectRetention.build(context)
|
239
|
+
when :put_object_tagging
|
240
|
+
Aws::S3::Endpoints::PutObjectTagging.build(context)
|
241
|
+
when :put_public_access_block
|
242
|
+
Aws::S3::Endpoints::PutPublicAccessBlock.build(context)
|
243
|
+
when :restore_object
|
244
|
+
Aws::S3::Endpoints::RestoreObject.build(context)
|
245
|
+
when :select_object_content
|
246
|
+
Aws::S3::Endpoints::SelectObjectContent.build(context)
|
247
|
+
when :upload_part
|
248
|
+
Aws::S3::Endpoints::UploadPart.build(context)
|
249
|
+
when :upload_part_copy
|
250
|
+
Aws::S3::Endpoints::UploadPartCopy.build(context)
|
251
|
+
when :write_get_object_response
|
252
|
+
Aws::S3::Endpoints::WriteGetObjectResponse.build(context)
|
253
|
+
end
|
254
|
+
end
|
255
|
+
end
|
256
|
+
|
257
|
+
def add_handlers(handlers, _config)
|
258
|
+
handlers.add(Handler, step: :build, priority: 75)
|
259
|
+
end
|
260
|
+
end
|
261
|
+
end
|
262
|
+
end
|
@@ -16,7 +16,8 @@ module Aws
|
|
16
16
|
|
17
17
|
def call(context)
|
18
18
|
body = context.http_request.body
|
19
|
-
if body.respond_to?(:size) && body.size > 0
|
19
|
+
if body.respond_to?(:size) && body.size > 0 &&
|
20
|
+
!context[:use_accelerate_endpoint]
|
20
21
|
context.http_request.headers['expect'] = '100-continue'
|
21
22
|
end
|
22
23
|
@handler.call(context)
|
@@ -16,35 +16,6 @@ Defaults to `legacy` mode which uses the global endpoint.
|
|
16
16
|
resolve_iad_regional_endpoint(cfg)
|
17
17
|
end
|
18
18
|
|
19
|
-
def add_handlers(handlers, config)
|
20
|
-
# only modify non-custom endpoints
|
21
|
-
if config.regional_endpoint && config.region == 'us-east-1'
|
22
|
-
handlers.add(Handler)
|
23
|
-
end
|
24
|
-
end
|
25
|
-
|
26
|
-
# @api private
|
27
|
-
class Handler < Seahorse::Client::Handler
|
28
|
-
|
29
|
-
def call(context)
|
30
|
-
# WriteGetObjectResponse does not have a global endpoint
|
31
|
-
# ARNs are regionalized, so don't touch those either.
|
32
|
-
if context.operation.name != 'WriteGetObjectResponse' &&
|
33
|
-
context.config.s3_us_east_1_regional_endpoint == 'legacy' &&
|
34
|
-
!context.metadata[:s3_arn]
|
35
|
-
host = context.http_request.endpoint.host
|
36
|
-
legacy_host = IADRegionalEndpoint.legacy_host(host)
|
37
|
-
context.http_request.endpoint.host = legacy_host
|
38
|
-
end
|
39
|
-
@handler.call(context)
|
40
|
-
end
|
41
|
-
|
42
|
-
end
|
43
|
-
|
44
|
-
def self.legacy_host(host)
|
45
|
-
host.sub(".us-east-1", '')
|
46
|
-
end
|
47
|
-
|
48
19
|
private
|
49
20
|
|
50
21
|
def self.resolve_iad_regional_endpoint(cfg)
|
@@ -5,28 +5,13 @@ require 'aws-sigv4'
|
|
5
5
|
module Aws
|
6
6
|
module S3
|
7
7
|
module Plugins
|
8
|
-
# This plugin
|
8
|
+
# This plugin used to have a V4 signer but it was removed in favor of
|
9
|
+
# generic Sign plugin that uses endpoint auth scheme.
|
10
|
+
#
|
9
11
|
# @api private
|
10
12
|
class S3Signer < Seahorse::Client::Plugin
|
11
13
|
option(:signature_version, 'v4')
|
12
14
|
|
13
|
-
option(:sigv4_signer) do |cfg|
|
14
|
-
S3Signer.build_v4_signer(
|
15
|
-
service: 's3',
|
16
|
-
region: cfg.sigv4_region,
|
17
|
-
credentials: cfg.credentials
|
18
|
-
)
|
19
|
-
end
|
20
|
-
|
21
|
-
option(:sigv4_region) do |cfg|
|
22
|
-
# S3 removes core's signature_v4 plugin that checks for this
|
23
|
-
raise Aws::Errors::MissingRegionError if cfg.region.nil?
|
24
|
-
|
25
|
-
Aws::Partitions::EndpointProvider.signing_region(
|
26
|
-
cfg.region, 's3'
|
27
|
-
)
|
28
|
-
end
|
29
|
-
|
30
15
|
def add_handlers(handlers, cfg)
|
31
16
|
case cfg.signature_version
|
32
17
|
when 'v4' then add_v4_handlers(handlers)
|
@@ -39,11 +24,11 @@ module Aws
|
|
39
24
|
|
40
25
|
def add_v4_handlers(handlers)
|
41
26
|
handlers.add(CachedBucketRegionHandler, step: :sign, priority: 60)
|
42
|
-
handlers.add(V4Handler, step: :sign)
|
43
27
|
handlers.add(BucketRegionErrorHandler, step: :sign, priority: 40)
|
44
28
|
end
|
45
29
|
|
46
30
|
def add_legacy_handler(handlers)
|
31
|
+
# generic Sign plugin will be skipped if it sees sigv2
|
47
32
|
handlers.add(LegacyHandler, step: :sign)
|
48
33
|
end
|
49
34
|
|
@@ -54,53 +39,6 @@ module Aws
|
|
54
39
|
end
|
55
40
|
end
|
56
41
|
|
57
|
-
class V4Handler < Seahorse::Client::Handler
|
58
|
-
def call(context)
|
59
|
-
Aws::Plugins::SignatureV4.apply_signature(
|
60
|
-
context: context,
|
61
|
-
signer: sigv4_signer(context)
|
62
|
-
)
|
63
|
-
@handler.call(context)
|
64
|
-
end
|
65
|
-
|
66
|
-
private
|
67
|
-
|
68
|
-
def sigv4_signer(context)
|
69
|
-
# If the client was configured with the wrong region,
|
70
|
-
# we have to build a new signer.
|
71
|
-
if context[:cached_sigv4_region] &&
|
72
|
-
context[:cached_sigv4_region] != context.config.sigv4_signer.region
|
73
|
-
S3Signer.build_v4_signer(
|
74
|
-
service: 's3',
|
75
|
-
region: context[:cached_sigv4_region],
|
76
|
-
credentials: context.config.credentials
|
77
|
-
)
|
78
|
-
elsif (arn = context.metadata[:s3_arn])
|
79
|
-
if arn[:arn].is_a?(MultiRegionAccessPointARN)
|
80
|
-
signing_region = '*'
|
81
|
-
signing_algorithm = :sigv4a
|
82
|
-
else
|
83
|
-
signing_region = arn[:resolved_region]
|
84
|
-
signing_algorithm = :sigv4
|
85
|
-
end
|
86
|
-
S3Signer.build_v4_signer(
|
87
|
-
service: arn[:arn].service,
|
88
|
-
signing_algorithm: signing_algorithm,
|
89
|
-
region: signing_region,
|
90
|
-
credentials: context.config.credentials
|
91
|
-
)
|
92
|
-
elsif context.operation.name == 'WriteGetObjectResponse'
|
93
|
-
S3Signer.build_v4_signer(
|
94
|
-
service: 's3-object-lambda',
|
95
|
-
region: context.config.sigv4_region,
|
96
|
-
credentials: context.config.credentials
|
97
|
-
)
|
98
|
-
else
|
99
|
-
context.config.sigv4_signer
|
100
|
-
end
|
101
|
-
end
|
102
|
-
end
|
103
|
-
|
104
42
|
# This handler will update the http endpoint when the bucket region
|
105
43
|
# is known/cached.
|
106
44
|
class CachedBucketRegionHandler < Seahorse::Client::Handler
|
@@ -118,7 +56,7 @@ module Aws
|
|
118
56
|
context.http_request.endpoint.host = S3Signer.new_hostname(
|
119
57
|
context, cached_region
|
120
58
|
)
|
121
|
-
context[:
|
59
|
+
context[:sigv4_region] = cached_region # Sign plugin will use this
|
122
60
|
end
|
123
61
|
end
|
124
62
|
end
|
@@ -126,7 +64,8 @@ module Aws
|
|
126
64
|
# This handler detects when a request fails because of a mismatched bucket
|
127
65
|
# region. It follows up by making a request to determine the correct
|
128
66
|
# region, then finally a version 4 signed request against the correct
|
129
|
-
# regional endpoint.
|
67
|
+
# regional endpoint. This is intended for s3's global endpoint which
|
68
|
+
# will return 400 if the bucket is not in region.
|
130
69
|
class BucketRegionErrorHandler < Seahorse::Client::Handler
|
131
70
|
def call(context)
|
132
71
|
response = @handler.call(context)
|
@@ -160,7 +99,7 @@ module Aws
|
|
160
99
|
end
|
161
100
|
|
162
101
|
def fips_region?(resp)
|
163
|
-
resp.context.http_request.endpoint.host.include?('fips')
|
102
|
+
resp.context.http_request.endpoint.host.include?('s3-fips.')
|
164
103
|
end
|
165
104
|
|
166
105
|
def expired_credentials?(resp)
|
@@ -168,15 +107,12 @@ module Aws
|
|
168
107
|
end
|
169
108
|
|
170
109
|
def custom_endpoint?(resp)
|
171
|
-
|
172
|
-
|
173
|
-
|
174
|
-
|
175
|
-
|
176
|
-
|
177
|
-
}
|
178
|
-
)
|
179
|
-
!resp.context.http_request.endpoint.hostname.include?(resolved_suffix)
|
110
|
+
region = resp.context.config.region
|
111
|
+
partition = Aws::Endpoints::Matchers.aws_partition(region)
|
112
|
+
endpoint = resp.context.http_request.endpoint
|
113
|
+
|
114
|
+
!endpoint.hostname.include?(partition['dnsSuffix']) &&
|
115
|
+
!endpoint.hostname.include?(partition['dualStackDnsSuffix'])
|
180
116
|
end
|
181
117
|
|
182
118
|
def wrong_sigv4_region?(resp)
|
@@ -191,18 +127,14 @@ module Aws
|
|
191
127
|
context, actual_region
|
192
128
|
)
|
193
129
|
context.metadata[:redirect_region] = actual_region
|
194
|
-
|
195
|
-
|
196
|
-
|
197
|
-
|
198
|
-
|
199
|
-
context: context,
|
200
|
-
signer: S3Signer.build_v4_signer(
|
201
|
-
service: service || 's3',
|
202
|
-
region: actual_region,
|
203
|
-
credentials: context.config.credentials
|
204
|
-
)
|
130
|
+
|
131
|
+
signer = Aws::Plugins::Sign.signer_for(
|
132
|
+
context[:auth_scheme],
|
133
|
+
context.config,
|
134
|
+
actual_region
|
205
135
|
)
|
136
|
+
|
137
|
+
signer.sign(context)
|
206
138
|
end
|
207
139
|
|
208
140
|
def region_from_body(body)
|
@@ -228,41 +160,13 @@ module Aws
|
|
228
160
|
end
|
229
161
|
|
230
162
|
class << self
|
231
|
-
# @option options [required, String] :region
|
232
|
-
# @option options [required, #credentials] :credentials
|
233
|
-
# @api private
|
234
|
-
def build_v4_signer(options = {})
|
235
|
-
Aws::Sigv4::Signer.new(
|
236
|
-
service: options[:service],
|
237
|
-
region: options[:region],
|
238
|
-
credentials_provider: options[:credentials],
|
239
|
-
signing_algorithm: options.fetch(:signing_algorithm, :sigv4),
|
240
|
-
uri_escape_path: false,
|
241
|
-
unsigned_headers: ['content-length', 'x-amzn-trace-id']
|
242
|
-
)
|
243
|
-
end
|
244
|
-
|
245
|
-
# Check to see if the bucket is actually an ARN
|
246
|
-
# Otherwise it will retry with the ARN as the bucket name.
|
247
163
|
def new_hostname(context, region)
|
248
|
-
|
249
|
-
|
250
|
-
|
251
|
-
|
252
|
-
|
253
|
-
|
254
|
-
}
|
255
|
-
)
|
256
|
-
)
|
257
|
-
|
258
|
-
if (arn = context.metadata[:s3_arn])
|
259
|
-
# Retry with the response region and not the ARN resolved one
|
260
|
-
ARN.resolve_url!(
|
261
|
-
uri, arn[:arn], region, arn[:fips], arn[:dualstack]
|
262
|
-
).host
|
263
|
-
else
|
264
|
-
"#{context.params[:bucket]}.#{uri.host}"
|
265
|
-
end
|
164
|
+
endpoint_params = context[:endpoint_params].dup
|
165
|
+
endpoint_params.region = region
|
166
|
+
endpoint_params.endpoint = nil
|
167
|
+
endpoint =
|
168
|
+
context.config.endpoint_provider.resolve_endpoint(endpoint_params)
|
169
|
+
URI(endpoint.url).host
|
266
170
|
end
|
267
171
|
end
|
268
172
|
end
|
@@ -629,22 +629,15 @@ module Aws
|
|
629
629
|
end
|
630
630
|
|
631
631
|
def bucket_url
|
632
|
-
|
633
|
-
|
634
|
-
|
635
|
-
|
636
|
-
|
637
|
-
|
638
|
-
|
639
|
-
|
640
|
-
|
641
|
-
url.path = "/#{@bucket_name}"
|
642
|
-
end
|
643
|
-
if @bucket_region == 'us-east-1'
|
644
|
-
# keep legacy behavior by default
|
645
|
-
url.host = Plugins::IADRegionalEndpoint.legacy_host(url.host)
|
646
|
-
end
|
647
|
-
url.to_s
|
632
|
+
# Taken from Aws::S3::Endpoints module
|
633
|
+
params = Aws::S3::EndpointParameters.new(
|
634
|
+
bucket: @bucket_name,
|
635
|
+
region: @bucket_region,
|
636
|
+
accelerate: @accelerate,
|
637
|
+
use_global_endpoint: true
|
638
|
+
)
|
639
|
+
endpoint = Aws::S3::EndpointProvider.new.resolve_endpoint(params)
|
640
|
+
endpoint.url
|
648
641
|
end
|
649
642
|
|
650
643
|
# @return [Hash]
|
data/lib/aws-sdk-s3/presigner.rb
CHANGED
@@ -133,7 +133,7 @@ module Aws
|
|
133
133
|
virtual_host = params.delete(:virtual_host)
|
134
134
|
time = params.delete(:time)
|
135
135
|
unsigned_headers = unsigned_headers(params)
|
136
|
-
|
136
|
+
secure = params.delete(:secure) != false
|
137
137
|
expires_in = expires_in(params)
|
138
138
|
|
139
139
|
req = @client.build_request(method, params)
|
@@ -141,7 +141,7 @@ module Aws
|
|
141
141
|
handle_presigned_url_context(req)
|
142
142
|
|
143
143
|
x_amz_headers = sign_but_dont_send(
|
144
|
-
req, expires_in,
|
144
|
+
req, expires_in, secure, time, unsigned_headers, hoist
|
145
145
|
)
|
146
146
|
[req.send_request.data, x_amz_headers]
|
147
147
|
end
|
@@ -151,14 +151,6 @@ module Aws
|
|
151
151
|
BLACKLISTED_HEADERS - whitelist_headers
|
152
152
|
end
|
153
153
|
|
154
|
-
def http_scheme(params)
|
155
|
-
if params.delete(:secure) == false
|
156
|
-
'http'
|
157
|
-
else
|
158
|
-
@client.config.endpoint.scheme
|
159
|
-
end
|
160
|
-
end
|
161
|
-
|
162
154
|
def expires_in(params)
|
163
155
|
if (expires_in = params.delete(:expires_in))
|
164
156
|
if expires_in > ONE_WEEK
|
@@ -175,8 +167,7 @@ module Aws
|
|
175
167
|
end
|
176
168
|
|
177
169
|
def use_bucket_as_hostname(req)
|
178
|
-
req.
|
179
|
-
req.handle do |context|
|
170
|
+
req.handle(priority: 35) do |context|
|
180
171
|
uri = context.http_request.endpoint
|
181
172
|
uri.host = context.params[:bucket]
|
182
173
|
uri.path.sub!("/#{context.params[:bucket]}", '')
|
@@ -197,22 +188,21 @@ module Aws
|
|
197
188
|
|
198
189
|
# @param [Seahorse::Client::Request] req
|
199
190
|
def sign_but_dont_send(
|
200
|
-
req, expires_in,
|
191
|
+
req, expires_in, secure, time, unsigned_headers, hoist = true
|
201
192
|
)
|
202
193
|
x_amz_headers = {}
|
203
194
|
|
204
195
|
http_req = req.context.http_request
|
205
196
|
|
206
197
|
req.handlers.remove(Aws::S3::Plugins::S3Signer::LegacyHandler)
|
207
|
-
req.handlers.remove(Aws::
|
198
|
+
req.handlers.remove(Aws::Plugins::Sign::Handler)
|
208
199
|
req.handlers.remove(Seahorse::Client::Plugins::ContentLength::Handler)
|
209
200
|
|
210
201
|
req.handle(step: :send) do |context|
|
211
|
-
if
|
212
|
-
|
213
|
-
endpoint.scheme =
|
214
|
-
endpoint.port =
|
215
|
-
http_req.endpoint = URI.parse(endpoint.to_s)
|
202
|
+
# if an endpoint was not provided, force secure or insecure
|
203
|
+
if context.config.regional_endpoint
|
204
|
+
http_req.endpoint.scheme = secure ? 'https' : 'http'
|
205
|
+
http_req.endpoint.port = secure ? 443 : 80
|
216
206
|
end
|
217
207
|
|
218
208
|
query = http_req.endpoint.query ? http_req.endpoint.query.split('&') : []
|
@@ -231,24 +221,21 @@ module Aws
|
|
231
221
|
end
|
232
222
|
http_req.endpoint.query = query.join('&') unless query.empty?
|
233
223
|
|
234
|
-
|
235
|
-
|
236
|
-
|
237
|
-
|
238
|
-
|
239
|
-
|
240
|
-
|
241
|
-
signing_algorithm = arn[:arn].is_a?(MultiRegionAccessPointARN) ? :sigv4a : :sigv4
|
242
|
-
end
|
243
|
-
|
224
|
+
auth_scheme = context[:auth_scheme]
|
225
|
+
scheme_name = auth_scheme['name']
|
226
|
+
region = if scheme_name == 'sigv4a'
|
227
|
+
auth_scheme['signingRegionSet'].first
|
228
|
+
else
|
229
|
+
auth_scheme['signingRegion']
|
230
|
+
end
|
244
231
|
signer = Aws::Sigv4::Signer.new(
|
245
|
-
service:
|
232
|
+
service: auth_scheme['signingName'] || 's3',
|
246
233
|
region: region || context.config.region,
|
247
|
-
signing_algorithm: signing_algorithm,
|
248
234
|
credentials_provider: context.config.credentials,
|
235
|
+
signing_algorithm: scheme_name.to_sym,
|
236
|
+
uri_escape_path: !!!auth_scheme['disableDoubleEncoding'],
|
249
237
|
unsigned_headers: unsigned_headers,
|
250
|
-
apply_checksum_header: false
|
251
|
-
uri_escape_path: false
|
238
|
+
apply_checksum_header: false
|
252
239
|
)
|
253
240
|
|
254
241
|
url = signer.presign_url(
|