aws-sdk-s3 1.119.2 → 1.158.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +263 -0
- data/VERSION +1 -1
- data/lib/aws-sdk-s3/access_grants_credentials.rb +57 -0
- data/lib/aws-sdk-s3/access_grants_credentials_provider.rb +250 -0
- data/lib/aws-sdk-s3/bucket.rb +573 -133
- data/lib/aws-sdk-s3/bucket_acl.rb +18 -12
- data/lib/aws-sdk-s3/bucket_cors.rb +24 -16
- data/lib/aws-sdk-s3/bucket_lifecycle.rb +24 -16
- data/lib/aws-sdk-s3/bucket_lifecycle_configuration.rb +24 -16
- data/lib/aws-sdk-s3/bucket_logging.rb +25 -12
- data/lib/aws-sdk-s3/bucket_notification.rb +12 -6
- data/lib/aws-sdk-s3/bucket_policy.rb +70 -18
- data/lib/aws-sdk-s3/bucket_region_cache.rb +9 -5
- data/lib/aws-sdk-s3/bucket_request_payment.rb +18 -12
- data/lib/aws-sdk-s3/bucket_tagging.rb +24 -16
- data/lib/aws-sdk-s3/bucket_versioning.rb +42 -32
- data/lib/aws-sdk-s3/bucket_website.rb +24 -16
- data/lib/aws-sdk-s3/client.rb +6866 -3226
- data/lib/aws-sdk-s3/client_api.rb +162 -21
- data/lib/aws-sdk-s3/customizations/bucket.rb +3 -1
- data/lib/aws-sdk-s3/customizations/errors.rb +16 -3
- data/lib/aws-sdk-s3/customizations/object.rb +91 -18
- data/lib/aws-sdk-s3/customizations.rb +8 -0
- data/lib/aws-sdk-s3/encryption/client.rb +6 -2
- data/lib/aws-sdk-s3/encryption/kms_cipher_provider.rb +13 -9
- data/lib/aws-sdk-s3/encryptionV2/client.rb +6 -2
- data/lib/aws-sdk-s3/encryptionV2/decrypt_handler.rb +1 -0
- data/lib/aws-sdk-s3/encryptionV2/kms_cipher_provider.rb +10 -6
- data/lib/aws-sdk-s3/endpoint_parameters.rb +44 -0
- data/lib/aws-sdk-s3/endpoint_provider.rb +186 -327
- data/lib/aws-sdk-s3/endpoints.rb +540 -0
- data/lib/aws-sdk-s3/express_credentials.rb +55 -0
- data/lib/aws-sdk-s3/express_credentials_provider.rb +59 -0
- data/lib/aws-sdk-s3/file_downloader.rb +169 -44
- data/lib/aws-sdk-s3/file_uploader.rb +8 -6
- data/lib/aws-sdk-s3/multipart_file_uploader.rb +4 -4
- data/lib/aws-sdk-s3/multipart_stream_uploader.rb +10 -7
- data/lib/aws-sdk-s3/multipart_upload.rb +81 -20
- data/lib/aws-sdk-s3/multipart_upload_part.rb +169 -38
- data/lib/aws-sdk-s3/object.rb +1590 -275
- data/lib/aws-sdk-s3/object_acl.rb +38 -18
- data/lib/aws-sdk-s3/object_copier.rb +7 -5
- data/lib/aws-sdk-s3/object_multipart_copier.rb +42 -24
- data/lib/aws-sdk-s3/object_summary.rb +1437 -285
- data/lib/aws-sdk-s3/object_version.rb +350 -51
- data/lib/aws-sdk-s3/plugins/access_grants.rb +178 -0
- data/lib/aws-sdk-s3/plugins/endpoints.rb +14 -2
- data/lib/aws-sdk-s3/plugins/express_session_auth.rb +97 -0
- data/lib/aws-sdk-s3/plugins/http_200_errors.rb +53 -16
- data/lib/aws-sdk-s3/plugins/location_constraint.rb +3 -1
- data/lib/aws-sdk-s3/plugins/md5s.rb +2 -1
- data/lib/aws-sdk-s3/plugins/s3_signer.rb +20 -13
- data/lib/aws-sdk-s3/presigned_post.rb +52 -43
- data/lib/aws-sdk-s3/presigner.rb +8 -4
- data/lib/aws-sdk-s3/resource.rb +99 -21
- data/lib/aws-sdk-s3/types.rb +5285 -1632
- data/lib/aws-sdk-s3.rb +1 -1
- data/sig/bucket.rbs +212 -0
- data/sig/bucket_acl.rbs +78 -0
- data/sig/bucket_cors.rbs +69 -0
- data/sig/bucket_lifecycle.rbs +88 -0
- data/sig/bucket_lifecycle_configuration.rbs +111 -0
- data/sig/bucket_logging.rbs +76 -0
- data/sig/bucket_notification.rbs +114 -0
- data/sig/bucket_policy.rbs +59 -0
- data/sig/bucket_request_payment.rbs +54 -0
- data/sig/bucket_tagging.rbs +65 -0
- data/sig/bucket_versioning.rbs +77 -0
- data/sig/bucket_website.rbs +93 -0
- data/sig/client.rbs +2385 -0
- data/sig/customizations/bucket.rbs +19 -0
- data/sig/customizations/object.rbs +38 -0
- data/sig/customizations/object_summary.rbs +35 -0
- data/sig/errors.rbs +34 -0
- data/sig/multipart_upload.rbs +110 -0
- data/sig/multipart_upload_part.rbs +105 -0
- data/sig/object.rbs +442 -0
- data/sig/object_acl.rbs +86 -0
- data/sig/object_summary.rbs +334 -0
- data/sig/object_version.rbs +137 -0
- data/sig/resource.rbs +128 -0
- data/sig/types.rbs +2575 -0
- data/sig/waiters.rbs +95 -0
- metadata +43 -11
@@ -0,0 +1,178 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module Aws
|
4
|
+
module S3
|
5
|
+
module Plugins
|
6
|
+
# @api private
|
7
|
+
class AccessGrants < Seahorse::Client::Plugin
|
8
|
+
@s3control =
|
9
|
+
begin
|
10
|
+
require 'aws-sdk-s3control'
|
11
|
+
true
|
12
|
+
rescue LoadError
|
13
|
+
false
|
14
|
+
end
|
15
|
+
|
16
|
+
option(
|
17
|
+
:access_grants,
|
18
|
+
default: false,
|
19
|
+
doc_type: 'Boolean',
|
20
|
+
docstring: <<-DOCS)
|
21
|
+
When `true`, the S3 client will use the S3 Access Grants feature to
|
22
|
+
authenticate requests. Bucket credentials will be fetched from S3
|
23
|
+
Control using the `get_data_access` API.
|
24
|
+
DOCS
|
25
|
+
|
26
|
+
option(:access_grants_credentials_provider,
|
27
|
+
doc_type: 'Aws::S3::AccessGrantsCredentialsProvider',
|
28
|
+
rbs_type: 'untyped',
|
29
|
+
docstring: <<-DOCS) do |_cfg|
|
30
|
+
When `access_grants` is `true`, this option can be used to provide
|
31
|
+
additional options to the credentials provider, including a privilege
|
32
|
+
setting, caching, and fallback behavior.
|
33
|
+
DOCS
|
34
|
+
Aws::S3::AccessGrantsCredentialsProvider.new
|
35
|
+
end
|
36
|
+
|
37
|
+
# @api private
|
38
|
+
class Handler < Seahorse::Client::Handler
|
39
|
+
PERMISSION_MAP = {
|
40
|
+
head_object: 'READ',
|
41
|
+
get_object: 'READ',
|
42
|
+
get_object_acl: 'READ',
|
43
|
+
list_multipart_uploads: 'READ',
|
44
|
+
list_objects_v2: 'READ',
|
45
|
+
list_object_versions: 'READ',
|
46
|
+
list_parts: 'READ',
|
47
|
+
head_bucket: 'READ',
|
48
|
+
get_object_attributes: 'READ',
|
49
|
+
put_object: 'WRITE',
|
50
|
+
put_object_acl: 'WRITE',
|
51
|
+
delete_object: 'WRITE',
|
52
|
+
abort_multipart_upload: 'WRITE',
|
53
|
+
create_multipart_upload: 'WRITE',
|
54
|
+
upload_part: 'WRITE',
|
55
|
+
complete_multipart_upload: 'WRITE',
|
56
|
+
delete_objects: 'WRITE',
|
57
|
+
copy_object: 'READWRITE'
|
58
|
+
}.freeze
|
59
|
+
|
60
|
+
def call(context)
|
61
|
+
provider = context.config.access_grants_credentials_provider
|
62
|
+
|
63
|
+
if access_grants_operation?(context) &&
|
64
|
+
!s3_express_endpoint?(context) &&
|
65
|
+
!credentials_head_bucket_call?(provider)
|
66
|
+
params = context[:endpoint_params]
|
67
|
+
permission = PERMISSION_MAP[context.operation_name]
|
68
|
+
|
69
|
+
key =
|
70
|
+
case context.operation_name
|
71
|
+
when :delete_objects
|
72
|
+
delete_params = context.params[:delete]
|
73
|
+
common_prefixes(delete_params[:objects].map { |o| o[:key] })
|
74
|
+
when :copy_object
|
75
|
+
source_bucket, source_key = params[:copy_source].split('/', 2)
|
76
|
+
if params[:bucket] != source_bucket
|
77
|
+
raise ArgumentError,
|
78
|
+
'source and destination bucket must be the same'
|
79
|
+
end
|
80
|
+
common_prefixes([params[:key], source_key])
|
81
|
+
else
|
82
|
+
params[:key]
|
83
|
+
end
|
84
|
+
|
85
|
+
credentials = provider.access_grants_credentials_for(
|
86
|
+
bucket: params[:bucket],
|
87
|
+
key: key,
|
88
|
+
prefix: params[:prefix],
|
89
|
+
permission: permission
|
90
|
+
)
|
91
|
+
context[:sigv4_credentials] = credentials # Sign will use this
|
92
|
+
end
|
93
|
+
|
94
|
+
with_metric(credentials) { @handler.call(context) }
|
95
|
+
end
|
96
|
+
|
97
|
+
private
|
98
|
+
|
99
|
+
def with_metric(credentials, &block)
|
100
|
+
return block.call unless credentials
|
101
|
+
|
102
|
+
Aws::Plugins::UserAgent.metric('S3_ACCESS_GRANTS', &block)
|
103
|
+
end
|
104
|
+
|
105
|
+
# HeadBucket is a supported call. When fetching credentials,
|
106
|
+
# this plugin is executed again, and becomes recursive.
|
107
|
+
def credentials_head_bucket_call?(provider)
|
108
|
+
provider.instance_variable_get(:@head_bucket_call)
|
109
|
+
end
|
110
|
+
|
111
|
+
def access_grants_operation?(context)
|
112
|
+
params = context[:endpoint_params]
|
113
|
+
params[:bucket] && PERMISSION_MAP[context.operation_name]
|
114
|
+
end
|
115
|
+
|
116
|
+
def s3_express_endpoint?(context)
|
117
|
+
context[:endpoint_properties]['backend'] == 'S3Express'
|
118
|
+
end
|
119
|
+
|
120
|
+
# Return the common prefix of the keys, regardless of the delimiter.
|
121
|
+
# For example, given keys ['foo/bar', 'foo/baz'], the common prefix
|
122
|
+
# is 'foo/ba'.
|
123
|
+
def common_prefixes(keys)
|
124
|
+
return '' if keys.empty?
|
125
|
+
|
126
|
+
first_key = keys[0]
|
127
|
+
common_ancestor = first_key
|
128
|
+
last_prefix = ''
|
129
|
+
keys.each do |k|
|
130
|
+
until common_ancestor.empty?
|
131
|
+
break if k.start_with?(common_ancestor)
|
132
|
+
|
133
|
+
last_index = common_ancestor.rindex('/')
|
134
|
+
return '' if last_index.nil?
|
135
|
+
|
136
|
+
last_prefix = common_ancestor[(last_index + 1)..-1]
|
137
|
+
common_ancestor = common_ancestor[0...last_index]
|
138
|
+
end
|
139
|
+
end
|
140
|
+
new_common_ancestor = "#{common_ancestor}/#{last_prefix}"
|
141
|
+
keys.each do |k|
|
142
|
+
until last_prefix.empty?
|
143
|
+
break if k.start_with?(new_common_ancestor)
|
144
|
+
|
145
|
+
last_prefix = last_prefix[0...-1]
|
146
|
+
new_common_ancestor = "#{common_ancestor}/#{last_prefix}"
|
147
|
+
end
|
148
|
+
end
|
149
|
+
if new_common_ancestor == "#{first_key}/"
|
150
|
+
first_key
|
151
|
+
else
|
152
|
+
new_common_ancestor
|
153
|
+
end
|
154
|
+
end
|
155
|
+
end
|
156
|
+
|
157
|
+
def add_handlers(handlers, config)
|
158
|
+
return unless AccessGrants.s3control? && config.access_grants
|
159
|
+
|
160
|
+
handlers.add(Handler)
|
161
|
+
end
|
162
|
+
|
163
|
+
def after_initialize(client)
|
164
|
+
return unless AccessGrants.s3control? && client.config.access_grants
|
165
|
+
|
166
|
+
provider = client.config.access_grants_credentials_provider
|
167
|
+
provider.s3_client = client unless provider.s3_client
|
168
|
+
end
|
169
|
+
|
170
|
+
class << self
|
171
|
+
def s3control?
|
172
|
+
@s3control
|
173
|
+
end
|
174
|
+
end
|
175
|
+
end
|
176
|
+
end
|
177
|
+
end
|
178
|
+
end
|
@@ -14,6 +14,7 @@ module Aws::S3
|
|
14
14
|
option(
|
15
15
|
:endpoint_provider,
|
16
16
|
doc_type: 'Aws::S3::EndpointProvider',
|
17
|
+
rbs_type: 'untyped',
|
17
18
|
docstring: 'The endpoint provider used to resolve endpoints. Any '\
|
18
19
|
'object that responds to `#resolve_endpoint(parameters)` '\
|
19
20
|
'where `parameters` is a Struct similar to '\
|
@@ -22,19 +23,26 @@ module Aws::S3
|
|
22
23
|
Aws::S3::EndpointProvider.new
|
23
24
|
end
|
24
25
|
|
26
|
+
option(
|
27
|
+
:disable_s3_express_session_auth,
|
28
|
+
doc_type: 'Boolean',
|
29
|
+
default: nil,
|
30
|
+
docstring: "Parameter to indicate whether S3Express session auth should be disabled")
|
31
|
+
|
25
32
|
# @api private
|
26
33
|
class Handler < Seahorse::Client::Handler
|
27
34
|
def call(context)
|
28
|
-
# If endpoint was discovered, do not resolve or apply the endpoint.
|
29
35
|
unless context[:discovered_endpoint]
|
30
36
|
params = parameters_for_operation(context)
|
31
37
|
endpoint = context.config.endpoint_provider.resolve_endpoint(params)
|
32
38
|
|
33
39
|
context.http_request.endpoint = endpoint.url
|
34
40
|
apply_endpoint_headers(context, endpoint.headers)
|
41
|
+
|
42
|
+
context[:endpoint_params] = params
|
43
|
+
context[:endpoint_properties] = endpoint.properties
|
35
44
|
end
|
36
45
|
|
37
|
-
context[:endpoint_params] = params
|
38
46
|
context[:auth_scheme] =
|
39
47
|
Aws::Endpoints.resolve_auth_scheme(context, endpoint)
|
40
48
|
|
@@ -66,6 +74,8 @@ module Aws::S3
|
|
66
74
|
Aws::S3::Endpoints::CreateBucket.build(context)
|
67
75
|
when :create_multipart_upload
|
68
76
|
Aws::S3::Endpoints::CreateMultipartUpload.build(context)
|
77
|
+
when :create_session
|
78
|
+
Aws::S3::Endpoints::CreateSession.build(context)
|
69
79
|
when :delete_bucket
|
70
80
|
Aws::S3::Endpoints::DeleteBucket.build(context)
|
71
81
|
when :delete_bucket_analytics_configuration
|
@@ -176,6 +186,8 @@ module Aws::S3
|
|
176
186
|
Aws::S3::Endpoints::ListBucketMetricsConfigurations.build(context)
|
177
187
|
when :list_buckets
|
178
188
|
Aws::S3::Endpoints::ListBuckets.build(context)
|
189
|
+
when :list_directory_buckets
|
190
|
+
Aws::S3::Endpoints::ListDirectoryBuckets.build(context)
|
179
191
|
when :list_multipart_uploads
|
180
192
|
Aws::S3::Endpoints::ListMultipartUploads.build(context)
|
181
193
|
when :list_object_versions
|
@@ -0,0 +1,97 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module Aws
|
4
|
+
module S3
|
5
|
+
module Plugins
|
6
|
+
# @api private
|
7
|
+
class ExpressSessionAuth < Seahorse::Client::Plugin
|
8
|
+
# This should be s3_disable_express_auth instead
|
9
|
+
# But this is not a built in. We're overwriting the generated value
|
10
|
+
option(:disable_s3_express_session_auth,
|
11
|
+
default: false,
|
12
|
+
doc_type: 'Boolean',
|
13
|
+
docstring: <<-DOCS) do |cfg|
|
14
|
+
When `true`, S3 Express session authentication is disabled.
|
15
|
+
DOCS
|
16
|
+
resolve_disable_s3_express_session_auth(cfg)
|
17
|
+
end
|
18
|
+
|
19
|
+
option(:express_credentials_provider,
|
20
|
+
doc_type: 'Aws::S3::ExpressCredentialsProvider',
|
21
|
+
rbs_type: 'untyped',
|
22
|
+
docstring: <<-DOCS) do |_cfg|
|
23
|
+
Credential Provider for S3 Express endpoints. Manages credentials
|
24
|
+
for different buckets.
|
25
|
+
DOCS
|
26
|
+
Aws::S3::ExpressCredentialsProvider.new
|
27
|
+
end
|
28
|
+
|
29
|
+
# @api private
|
30
|
+
class Handler < Seahorse::Client::Handler
|
31
|
+
def call(context)
|
32
|
+
if (props = context[:endpoint_properties])
|
33
|
+
# S3 Express endpoint - turn off md5 and enable crc32 default
|
34
|
+
if props['backend'] == 'S3Express'
|
35
|
+
if context.operation_name == :put_object || checksum_required?(context)
|
36
|
+
context[:default_request_checksum_algorithm] = 'CRC32'
|
37
|
+
end
|
38
|
+
context[:s3_express_endpoint] = true
|
39
|
+
end
|
40
|
+
|
41
|
+
# if s3 express auth, use new credentials and sign additional header
|
42
|
+
if context[:auth_scheme]['name'] == 'sigv4-s3express' &&
|
43
|
+
!context.config.disable_s3_express_session_auth
|
44
|
+
bucket = context.params[:bucket]
|
45
|
+
credentials_provider = context.config.express_credentials_provider
|
46
|
+
credentials = credentials_provider.express_credentials_for(bucket)
|
47
|
+
context[:sigv4_credentials] = credentials # Sign will use this
|
48
|
+
end
|
49
|
+
end
|
50
|
+
with_metric(credentials) { @handler.call(context) }
|
51
|
+
end
|
52
|
+
|
53
|
+
private
|
54
|
+
|
55
|
+
def with_metric(credentials, &block)
|
56
|
+
return block.call unless credentials
|
57
|
+
|
58
|
+
Aws::Plugins::UserAgent.metric('S3_EXPRESS_BUCKET', &block)
|
59
|
+
end
|
60
|
+
|
61
|
+
def checksum_required?(context)
|
62
|
+
context.operation.http_checksum_required ||
|
63
|
+
(context.operation.http_checksum &&
|
64
|
+
context.operation.http_checksum['requestChecksumRequired'])
|
65
|
+
end
|
66
|
+
end
|
67
|
+
|
68
|
+
handler(Handler)
|
69
|
+
|
70
|
+
# Optimization - sets this client as the client to create sessions.
|
71
|
+
def after_initialize(client)
|
72
|
+
provider = client.config.express_credentials_provider
|
73
|
+
provider.client = client unless provider.client
|
74
|
+
end
|
75
|
+
|
76
|
+
class << self
|
77
|
+
private
|
78
|
+
|
79
|
+
def resolve_disable_s3_express_session_auth(cfg)
|
80
|
+
value = ENV['AWS_S3_DISABLE_EXPRESS_SESSION_AUTH'] ||
|
81
|
+
Aws.shared_config.s3_disable_express_session_auth(profile: cfg.profile) ||
|
82
|
+
'false'
|
83
|
+
value = Aws::Util.str_2_bool(value)
|
84
|
+
# Raise if provided value is not true or false
|
85
|
+
if value.nil?
|
86
|
+
raise ArgumentError,
|
87
|
+
'Must provide either `true` or `false` for the '\
|
88
|
+
'`s3_disable_express_session_auth` profile option or for '\
|
89
|
+
"ENV['AWS_S3_DISABLE_EXPRESS_SESSION_AUTH']."
|
90
|
+
end
|
91
|
+
value
|
92
|
+
end
|
93
|
+
end
|
94
|
+
end
|
95
|
+
end
|
96
|
+
end
|
97
|
+
end
|
@@ -15,22 +15,67 @@ module Aws
|
|
15
15
|
|
16
16
|
def call(context)
|
17
17
|
@handler.call(context).on(200) do |response|
|
18
|
-
|
19
|
-
|
20
|
-
|
21
|
-
|
18
|
+
return response if streaming_output?(context.operation.output)
|
19
|
+
|
20
|
+
error = check_for_error(context)
|
21
|
+
return response unless error
|
22
|
+
|
23
|
+
context.http_response.status_code = 500
|
24
|
+
response.data = nil
|
25
|
+
response.error = error
|
26
|
+
end
|
27
|
+
end
|
28
|
+
|
29
|
+
private
|
30
|
+
|
31
|
+
# Streaming outputs are not subject to 200 errors.
|
32
|
+
def streaming_output?(output)
|
33
|
+
if (payload = output[:payload_member])
|
34
|
+
# checking ref and shape
|
35
|
+
payload['streaming'] || payload.shape['streaming'] ||
|
36
|
+
payload.eventstream
|
37
|
+
else
|
38
|
+
false
|
39
|
+
end
|
40
|
+
end
|
41
|
+
|
42
|
+
# Checks if the output shape is a structure shape and has members that
|
43
|
+
# are in the body for the case of a payload and a normal structure. A
|
44
|
+
# non-structure shape will not have members in the body. In the case
|
45
|
+
# of a string or blob, the body contents would have been checked first
|
46
|
+
# before this method is called in incomplete_xml_body?.
|
47
|
+
def members_in_body?(output)
|
48
|
+
shape =
|
49
|
+
if output[:payload_member]
|
50
|
+
output[:payload_member].shape
|
51
|
+
else
|
52
|
+
output.shape
|
22
53
|
end
|
54
|
+
|
55
|
+
if structure_shape?(shape)
|
56
|
+
shape.members.any? { |_, k| k.location.nil? }
|
57
|
+
else
|
58
|
+
false
|
23
59
|
end
|
24
60
|
end
|
25
61
|
|
62
|
+
def structure_shape?(shape)
|
63
|
+
shape.is_a?(Seahorse::Model::Shapes::StructureShape)
|
64
|
+
end
|
65
|
+
|
66
|
+
# Must have a member in the body and have the start of an XML Tag.
|
67
|
+
# Other incomplete xml bodies will result in an XML ParsingError.
|
68
|
+
def incomplete_xml_body?(xml, output)
|
69
|
+
members_in_body?(output) && !xml.match(/<\w/)
|
70
|
+
end
|
71
|
+
|
26
72
|
def check_for_error(context)
|
27
73
|
xml = context.http_response.body_contents
|
28
|
-
if xml.match(
|
74
|
+
if xml.match(/\?>\s*<Error>/)
|
29
75
|
error_code = xml.match(/<Code>(.+?)<\/Code>/)[1]
|
30
76
|
error_message = xml.match(/<Message>(.+?)<\/Message>/)[1]
|
31
77
|
S3::Errors.error_class(error_code).new(context, error_message)
|
32
|
-
elsif
|
33
|
-
# Other incomplete xml bodies will result in XML ParsingError
|
78
|
+
elsif incomplete_xml_body?(xml, context.operation.output)
|
34
79
|
Seahorse::Client::NetworkingError.new(
|
35
80
|
S3::Errors
|
36
81
|
.error_class('InternalError')
|
@@ -40,15 +85,7 @@ module Aws
|
|
40
85
|
end
|
41
86
|
end
|
42
87
|
|
43
|
-
handler(
|
44
|
-
Handler,
|
45
|
-
step: :sign,
|
46
|
-
operations: [
|
47
|
-
:complete_multipart_upload,
|
48
|
-
:copy_object,
|
49
|
-
:upload_part_copy,
|
50
|
-
]
|
51
|
-
)
|
88
|
+
handler(Handler, step: :sign)
|
52
89
|
end
|
53
90
|
end
|
54
91
|
end
|
@@ -22,7 +22,9 @@ module Aws
|
|
22
22
|
|
23
23
|
def populate_location_constraint(params, region)
|
24
24
|
params[:create_bucket_configuration] ||= {}
|
25
|
-
params[:create_bucket_configuration][:
|
25
|
+
unless params[:create_bucket_configuration][:location]
|
26
|
+
params[:create_bucket_configuration][:location_constraint] ||= region
|
27
|
+
end
|
26
28
|
end
|
27
29
|
|
28
30
|
end
|
@@ -22,7 +22,8 @@ module Aws
|
|
22
22
|
CHUNK_SIZE = 1 * 1024 * 1024 # one MB
|
23
23
|
|
24
24
|
def call(context)
|
25
|
-
if !context[:checksum_algorithms] # skip in favor of flexible checksum
|
25
|
+
if !context[:checksum_algorithms] && # skip in favor of flexible checksum
|
26
|
+
!context[:s3_express_endpoint] # s3 express endpoints do not support md5
|
26
27
|
body = context.http_request.body
|
27
28
|
if body.respond_to?(:size) && body.size > 0
|
28
29
|
context.http_request.headers['Content-Md5'] ||= md5(body)
|
@@ -4,6 +4,11 @@ require 'aws-sigv4'
|
|
4
4
|
|
5
5
|
module Aws
|
6
6
|
module S3
|
7
|
+
# @api private
|
8
|
+
def self.bucket_region_cache
|
9
|
+
@bucket_region_cache ||= BucketRegionCache.new
|
10
|
+
end
|
11
|
+
|
7
12
|
module Plugins
|
8
13
|
# This plugin used to have a V4 signer but it was removed in favor of
|
9
14
|
# generic Sign plugin that uses endpoint auth scheme.
|
@@ -51,8 +56,10 @@ module Aws
|
|
51
56
|
private
|
52
57
|
|
53
58
|
def check_for_cached_region(context, bucket)
|
54
|
-
cached_region = S3
|
55
|
-
if cached_region &&
|
59
|
+
cached_region = Aws::S3.bucket_region_cache[bucket]
|
60
|
+
if cached_region &&
|
61
|
+
cached_region != context.config.region &&
|
62
|
+
!S3Signer.custom_endpoint?(context)
|
56
63
|
context.http_request.endpoint.host = S3Signer.new_hostname(
|
57
64
|
context, cached_region
|
58
65
|
)
|
@@ -77,7 +84,7 @@ module Aws
|
|
77
84
|
def handle_region_errors(response)
|
78
85
|
if wrong_sigv4_region?(response) &&
|
79
86
|
!fips_region?(response) &&
|
80
|
-
!custom_endpoint?(response) &&
|
87
|
+
!S3Signer.custom_endpoint?(response.context) &&
|
81
88
|
!expired_credentials?(response)
|
82
89
|
get_region_and_retry(response.context)
|
83
90
|
else
|
@@ -95,7 +102,7 @@ module Aws
|
|
95
102
|
end
|
96
103
|
|
97
104
|
def update_bucket_cache(context, actual_region)
|
98
|
-
S3
|
105
|
+
Aws::S3.bucket_region_cache[context.params[:bucket]] = actual_region
|
99
106
|
end
|
100
107
|
|
101
108
|
def fips_region?(resp)
|
@@ -106,15 +113,6 @@ module Aws
|
|
106
113
|
resp.context.http_response.body_contents.match(/<Code>ExpiredToken<\/Code>/)
|
107
114
|
end
|
108
115
|
|
109
|
-
def custom_endpoint?(resp)
|
110
|
-
region = resp.context.config.region
|
111
|
-
partition = Aws::Endpoints::Matchers.aws_partition(region)
|
112
|
-
endpoint = resp.context.http_request.endpoint
|
113
|
-
|
114
|
-
!endpoint.hostname.include?(partition['dnsSuffix']) &&
|
115
|
-
!endpoint.hostname.include?(partition['dualStackDnsSuffix'])
|
116
|
-
end
|
117
|
-
|
118
116
|
def wrong_sigv4_region?(resp)
|
119
117
|
resp.context.http_response.status_code == 400 &&
|
120
118
|
(resp.context.http_response.headers['x-amz-bucket-region'] ||
|
@@ -168,6 +166,15 @@ module Aws
|
|
168
166
|
context.config.endpoint_provider.resolve_endpoint(endpoint_params)
|
169
167
|
URI(endpoint.url).host
|
170
168
|
end
|
169
|
+
|
170
|
+
def custom_endpoint?(context)
|
171
|
+
region = context.config.region
|
172
|
+
partition = Aws::Endpoints::Matchers.aws_partition(region)
|
173
|
+
endpoint = context.http_request.endpoint
|
174
|
+
|
175
|
+
!endpoint.hostname.include?(partition['dnsSuffix']) &&
|
176
|
+
!endpoint.hostname.include?(partition['dualStackDnsSuffix'])
|
177
|
+
end
|
171
178
|
end
|
172
179
|
end
|
173
180
|
end
|
@@ -315,26 +315,28 @@ module Aws
|
|
315
315
|
|
316
316
|
# @!group Fields
|
317
317
|
|
318
|
-
#
|
319
|
-
#
|
320
|
-
#
|
318
|
+
# @!method key(key)
|
319
|
+
# The key to use for the uploaded object. You can use `${filename}`
|
320
|
+
# as a variable in the key. This will be replaced with the name
|
321
|
+
# of the file as provided by the user.
|
321
322
|
#
|
322
|
-
#
|
323
|
-
#
|
324
|
-
#
|
323
|
+
# For example, if the key is given as `/user/betty/${filename}` and
|
324
|
+
# the file uploaded is named `lolcatz.jpg`, the resultant key will
|
325
|
+
# be `/user/betty/lolcatz.jpg`.
|
325
326
|
#
|
326
|
-
#
|
327
|
-
#
|
328
|
-
#
|
327
|
+
# @param [String] key
|
328
|
+
# @see http://docs.aws.amazon.com/AmazonS3/latest/dev/UsingMetadata.html)
|
329
|
+
# @return [self]
|
329
330
|
define_field(:key) do |key|
|
330
331
|
@key_set = true
|
331
332
|
with('key', key)
|
332
333
|
end
|
333
334
|
|
334
|
-
#
|
335
|
-
#
|
336
|
-
#
|
337
|
-
#
|
335
|
+
# @!method key_starts_with(prefix)
|
336
|
+
# Specify a prefix the uploaded
|
337
|
+
# @param [String] prefix
|
338
|
+
# @see #key
|
339
|
+
# @return [self]
|
338
340
|
define_field(:key_starts_with) do |prefix|
|
339
341
|
@key_set = true
|
340
342
|
starts_with('key', prefix)
|
@@ -412,26 +414,29 @@ module Aws
|
|
412
414
|
# @return [self]
|
413
415
|
define_field(:content_encoding, 'Content-Encoding', starts_with: true)
|
414
416
|
|
415
|
-
#
|
416
|
-
#
|
417
|
-
#
|
418
|
-
#
|
419
|
-
#
|
420
|
-
#
|
417
|
+
# @!method expires(time)
|
418
|
+
# The date and time at which the object is no longer cacheable.
|
419
|
+
# @note This does not affect the expiration of the presigned post
|
420
|
+
# signature.
|
421
|
+
# @param [Time] time
|
422
|
+
# @see http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.21
|
423
|
+
# @return [self]
|
421
424
|
define_field(:expires) do |time|
|
422
425
|
with('Expires', time.httpdate)
|
423
426
|
end
|
424
427
|
|
425
|
-
#
|
426
|
-
#
|
427
|
-
#
|
428
|
+
# @!method expires_starts_with(prefix)
|
429
|
+
# @param [String] prefix
|
430
|
+
# @see #expires
|
431
|
+
# @return [self]
|
428
432
|
define_field(:expires_starts_with) do |prefix|
|
429
433
|
starts_with('Expires', prefix)
|
430
434
|
end
|
431
435
|
|
432
|
-
#
|
433
|
-
#
|
434
|
-
#
|
436
|
+
# @!method content_length_range(byte_range)
|
437
|
+
# The minimum and maximum allowable size for the uploaded content.
|
438
|
+
# @param [Range<Integer>] byte_range
|
439
|
+
# @return [self]
|
435
440
|
define_field(:content_length_range) do |byte_range|
|
436
441
|
min = byte_range.begin
|
437
442
|
max = byte_range.end
|
@@ -507,10 +512,11 @@ module Aws
|
|
507
512
|
# @return [self]
|
508
513
|
define_field(:website_redirect_location, 'x-amz-website-redirect-location')
|
509
514
|
|
510
|
-
#
|
511
|
-
#
|
512
|
-
#
|
513
|
-
#
|
515
|
+
# @!method metadata(hash)
|
516
|
+
# Metadata hash to store with the uploaded object. Hash keys will be
|
517
|
+
# prefixed with "x-amz-meta-".
|
518
|
+
# @param [Hash<String,String>] hash
|
519
|
+
# @return [self]
|
514
520
|
define_field(:metadata) do |hash|
|
515
521
|
hash.each do |key, value|
|
516
522
|
with("x-amz-meta-#{key}", value)
|
@@ -518,10 +524,11 @@ module Aws
|
|
518
524
|
self
|
519
525
|
end
|
520
526
|
|
521
|
-
#
|
522
|
-
#
|
523
|
-
#
|
524
|
-
#
|
527
|
+
# @!method metadata_starts_with(hash)
|
528
|
+
# Specify allowable prefix for each key in the metadata hash.
|
529
|
+
# @param [Hash<String,String>] hash
|
530
|
+
# @see #metadata
|
531
|
+
# @return [self]
|
525
532
|
define_field(:metadata_starts_with) do |hash|
|
526
533
|
hash.each do |key, value|
|
527
534
|
starts_with("x-amz-meta-#{key}", value)
|
@@ -571,24 +578,26 @@ module Aws
|
|
571
578
|
'x-amz-server-side-encryption-customer-algorithm'
|
572
579
|
)
|
573
580
|
|
574
|
-
#
|
575
|
-
#
|
576
|
-
#
|
581
|
+
# @!method server_side_encryption_customer_key(value)
|
582
|
+
# Specifies the customer-provided encryption key for Amazon S3 to use
|
583
|
+
# in encrypting data. This value is used to store the object and then
|
584
|
+
# it is discarded; Amazon does not store the encryption key.
|
577
585
|
#
|
578
|
-
#
|
586
|
+
# You must also call {#server_side_encryption_customer_algorithm}.
|
579
587
|
#
|
580
|
-
#
|
581
|
-
#
|
582
|
-
#
|
588
|
+
# @param [String] value
|
589
|
+
# @see #server_side_encryption_customer_algorithm
|
590
|
+
# @return [self]
|
583
591
|
define_field(:server_side_encryption_customer_key) do |value|
|
584
592
|
field_name = 'x-amz-server-side-encryption-customer-key'
|
585
593
|
with(field_name, base64(value))
|
586
594
|
with(field_name + '-MD5', base64(OpenSSL::Digest::MD5.digest(value)))
|
587
595
|
end
|
588
596
|
|
589
|
-
#
|
590
|
-
#
|
591
|
-
#
|
597
|
+
# @!method server_side_encryption_customer_key_starts_with(prefix)
|
598
|
+
# @param [String] prefix
|
599
|
+
# @see #server_side_encryption_customer_key
|
600
|
+
# @return [self]
|
592
601
|
define_field(:server_side_encryption_customer_key_starts_with) do |prefix|
|
593
602
|
field_name = 'x-amz-server-side-encryption-customer-key'
|
594
603
|
starts_with(field_name, prefix)
|