aws-sdk-s3 1.122.0 → 1.157.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +238 -0
- data/VERSION +1 -1
- data/lib/aws-sdk-s3/access_grants_credentials.rb +57 -0
- data/lib/aws-sdk-s3/access_grants_credentials_provider.rb +250 -0
- data/lib/aws-sdk-s3/bucket.rb +507 -114
- data/lib/aws-sdk-s3/bucket_acl.rb +18 -12
- data/lib/aws-sdk-s3/bucket_cors.rb +24 -16
- data/lib/aws-sdk-s3/bucket_lifecycle.rb +24 -16
- data/lib/aws-sdk-s3/bucket_lifecycle_configuration.rb +24 -16
- data/lib/aws-sdk-s3/bucket_logging.rb +25 -12
- data/lib/aws-sdk-s3/bucket_notification.rb +12 -6
- data/lib/aws-sdk-s3/bucket_policy.rb +70 -18
- data/lib/aws-sdk-s3/bucket_region_cache.rb +9 -5
- data/lib/aws-sdk-s3/bucket_request_payment.rb +18 -12
- data/lib/aws-sdk-s3/bucket_tagging.rb +24 -16
- data/lib/aws-sdk-s3/bucket_versioning.rb +42 -32
- data/lib/aws-sdk-s3/bucket_website.rb +24 -16
- data/lib/aws-sdk-s3/client.rb +6048 -2781
- data/lib/aws-sdk-s3/client_api.rb +148 -20
- data/lib/aws-sdk-s3/customizations/bucket.rb +3 -1
- data/lib/aws-sdk-s3/customizations/errors.rb +16 -3
- data/lib/aws-sdk-s3/customizations/object.rb +91 -18
- data/lib/aws-sdk-s3/customizations.rb +8 -0
- data/lib/aws-sdk-s3/encryption/client.rb +6 -2
- data/lib/aws-sdk-s3/encryption/kms_cipher_provider.rb +13 -9
- data/lib/aws-sdk-s3/encryptionV2/client.rb +6 -2
- data/lib/aws-sdk-s3/encryptionV2/decrypt_handler.rb +1 -0
- data/lib/aws-sdk-s3/encryptionV2/kms_cipher_provider.rb +10 -6
- data/lib/aws-sdk-s3/endpoint_parameters.rb +44 -0
- data/lib/aws-sdk-s3/endpoint_provider.rb +111 -252
- data/lib/aws-sdk-s3/endpoints.rb +540 -0
- data/lib/aws-sdk-s3/express_credentials.rb +55 -0
- data/lib/aws-sdk-s3/express_credentials_provider.rb +59 -0
- data/lib/aws-sdk-s3/file_downloader.rb +169 -44
- data/lib/aws-sdk-s3/file_uploader.rb +8 -6
- data/lib/aws-sdk-s3/multipart_file_uploader.rb +4 -4
- data/lib/aws-sdk-s3/multipart_stream_uploader.rb +10 -7
- data/lib/aws-sdk-s3/multipart_upload.rb +81 -20
- data/lib/aws-sdk-s3/multipart_upload_part.rb +169 -38
- data/lib/aws-sdk-s3/object.rb +1571 -261
- data/lib/aws-sdk-s3/object_acl.rb +38 -18
- data/lib/aws-sdk-s3/object_copier.rb +7 -5
- data/lib/aws-sdk-s3/object_multipart_copier.rb +42 -24
- data/lib/aws-sdk-s3/object_summary.rb +1422 -276
- data/lib/aws-sdk-s3/object_version.rb +344 -47
- data/lib/aws-sdk-s3/plugins/access_grants.rb +178 -0
- data/lib/aws-sdk-s3/plugins/endpoints.rb +14 -2
- data/lib/aws-sdk-s3/plugins/express_session_auth.rb +97 -0
- data/lib/aws-sdk-s3/plugins/http_200_errors.rb +53 -16
- data/lib/aws-sdk-s3/plugins/location_constraint.rb +3 -1
- data/lib/aws-sdk-s3/plugins/md5s.rb +2 -1
- data/lib/aws-sdk-s3/plugins/s3_signer.rb +7 -2
- data/lib/aws-sdk-s3/presigned_post.rb +52 -43
- data/lib/aws-sdk-s3/presigner.rb +8 -4
- data/lib/aws-sdk-s3/resource.rb +89 -13
- data/lib/aws-sdk-s3/types.rb +4879 -1513
- data/lib/aws-sdk-s3.rb +1 -1
- data/sig/bucket.rbs +212 -0
- data/sig/bucket_acl.rbs +78 -0
- data/sig/bucket_cors.rbs +69 -0
- data/sig/bucket_lifecycle.rbs +88 -0
- data/sig/bucket_lifecycle_configuration.rbs +111 -0
- data/sig/bucket_logging.rbs +76 -0
- data/sig/bucket_notification.rbs +114 -0
- data/sig/bucket_policy.rbs +59 -0
- data/sig/bucket_request_payment.rbs +54 -0
- data/sig/bucket_tagging.rbs +65 -0
- data/sig/bucket_versioning.rbs +77 -0
- data/sig/bucket_website.rbs +93 -0
- data/sig/client.rbs +2381 -0
- data/sig/customizations/bucket.rbs +19 -0
- data/sig/customizations/object.rbs +38 -0
- data/sig/customizations/object_summary.rbs +35 -0
- data/sig/errors.rbs +34 -0
- data/sig/multipart_upload.rbs +110 -0
- data/sig/multipart_upload_part.rbs +105 -0
- data/sig/object.rbs +442 -0
- data/sig/object_acl.rbs +86 -0
- data/sig/object_summary.rbs +334 -0
- data/sig/object_version.rbs +137 -0
- data/sig/resource.rbs +127 -0
- data/sig/types.rbs +2568 -0
- data/sig/waiters.rbs +95 -0
- metadata +43 -11
@@ -0,0 +1,178 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module Aws
|
4
|
+
module S3
|
5
|
+
module Plugins
|
6
|
+
# @api private
|
7
|
+
class AccessGrants < Seahorse::Client::Plugin
|
8
|
+
@s3control =
|
9
|
+
begin
|
10
|
+
require 'aws-sdk-s3control'
|
11
|
+
true
|
12
|
+
rescue LoadError
|
13
|
+
false
|
14
|
+
end
|
15
|
+
|
16
|
+
option(
|
17
|
+
:access_grants,
|
18
|
+
default: false,
|
19
|
+
doc_type: 'Boolean',
|
20
|
+
docstring: <<-DOCS)
|
21
|
+
When `true`, the S3 client will use the S3 Access Grants feature to
|
22
|
+
authenticate requests. Bucket credentials will be fetched from S3
|
23
|
+
Control using the `get_data_access` API.
|
24
|
+
DOCS
|
25
|
+
|
26
|
+
option(:access_grants_credentials_provider,
|
27
|
+
doc_type: 'Aws::S3::AccessGrantsCredentialsProvider',
|
28
|
+
rbs_type: 'untyped',
|
29
|
+
docstring: <<-DOCS) do |_cfg|
|
30
|
+
When `access_grants` is `true`, this option can be used to provide
|
31
|
+
additional options to the credentials provider, including a privilege
|
32
|
+
setting, caching, and fallback behavior.
|
33
|
+
DOCS
|
34
|
+
Aws::S3::AccessGrantsCredentialsProvider.new
|
35
|
+
end
|
36
|
+
|
37
|
+
# @api private
|
38
|
+
class Handler < Seahorse::Client::Handler
|
39
|
+
PERMISSION_MAP = {
|
40
|
+
head_object: 'READ',
|
41
|
+
get_object: 'READ',
|
42
|
+
get_object_acl: 'READ',
|
43
|
+
list_multipart_uploads: 'READ',
|
44
|
+
list_objects_v2: 'READ',
|
45
|
+
list_object_versions: 'READ',
|
46
|
+
list_parts: 'READ',
|
47
|
+
head_bucket: 'READ',
|
48
|
+
get_object_attributes: 'READ',
|
49
|
+
put_object: 'WRITE',
|
50
|
+
put_object_acl: 'WRITE',
|
51
|
+
delete_object: 'WRITE',
|
52
|
+
abort_multipart_upload: 'WRITE',
|
53
|
+
create_multipart_upload: 'WRITE',
|
54
|
+
upload_part: 'WRITE',
|
55
|
+
complete_multipart_upload: 'WRITE',
|
56
|
+
delete_objects: 'WRITE',
|
57
|
+
copy_object: 'READWRITE'
|
58
|
+
}.freeze
|
59
|
+
|
60
|
+
def call(context)
|
61
|
+
provider = context.config.access_grants_credentials_provider
|
62
|
+
|
63
|
+
if access_grants_operation?(context) &&
|
64
|
+
!s3_express_endpoint?(context) &&
|
65
|
+
!credentials_head_bucket_call?(provider)
|
66
|
+
params = context[:endpoint_params]
|
67
|
+
permission = PERMISSION_MAP[context.operation_name]
|
68
|
+
|
69
|
+
key =
|
70
|
+
case context.operation_name
|
71
|
+
when :delete_objects
|
72
|
+
delete_params = context.params[:delete]
|
73
|
+
common_prefixes(delete_params[:objects].map { |o| o[:key] })
|
74
|
+
when :copy_object
|
75
|
+
source_bucket, source_key = params[:copy_source].split('/', 2)
|
76
|
+
if params[:bucket] != source_bucket
|
77
|
+
raise ArgumentError,
|
78
|
+
'source and destination bucket must be the same'
|
79
|
+
end
|
80
|
+
common_prefixes([params[:key], source_key])
|
81
|
+
else
|
82
|
+
params[:key]
|
83
|
+
end
|
84
|
+
|
85
|
+
credentials = provider.access_grants_credentials_for(
|
86
|
+
bucket: params[:bucket],
|
87
|
+
key: key,
|
88
|
+
prefix: params[:prefix],
|
89
|
+
permission: permission
|
90
|
+
)
|
91
|
+
context[:sigv4_credentials] = credentials # Sign will use this
|
92
|
+
end
|
93
|
+
|
94
|
+
with_metric(credentials) { @handler.call(context) }
|
95
|
+
end
|
96
|
+
|
97
|
+
private
|
98
|
+
|
99
|
+
def with_metric(credentials, &block)
|
100
|
+
return block.call unless credentials
|
101
|
+
|
102
|
+
Aws::Plugins::UserAgent.metric('S3_ACCESS_GRANTS', &block)
|
103
|
+
end
|
104
|
+
|
105
|
+
# HeadBucket is a supported call. When fetching credentials,
|
106
|
+
# this plugin is executed again, and becomes recursive.
|
107
|
+
def credentials_head_bucket_call?(provider)
|
108
|
+
provider.instance_variable_get(:@head_bucket_call)
|
109
|
+
end
|
110
|
+
|
111
|
+
def access_grants_operation?(context)
|
112
|
+
params = context[:endpoint_params]
|
113
|
+
params[:bucket] && PERMISSION_MAP[context.operation_name]
|
114
|
+
end
|
115
|
+
|
116
|
+
def s3_express_endpoint?(context)
|
117
|
+
context[:endpoint_properties]['backend'] == 'S3Express'
|
118
|
+
end
|
119
|
+
|
120
|
+
# Return the common prefix of the keys, regardless of the delimiter.
|
121
|
+
# For example, given keys ['foo/bar', 'foo/baz'], the common prefix
|
122
|
+
# is 'foo/ba'.
|
123
|
+
def common_prefixes(keys)
|
124
|
+
return '' if keys.empty?
|
125
|
+
|
126
|
+
first_key = keys[0]
|
127
|
+
common_ancestor = first_key
|
128
|
+
last_prefix = ''
|
129
|
+
keys.each do |k|
|
130
|
+
until common_ancestor.empty?
|
131
|
+
break if k.start_with?(common_ancestor)
|
132
|
+
|
133
|
+
last_index = common_ancestor.rindex('/')
|
134
|
+
return '' if last_index.nil?
|
135
|
+
|
136
|
+
last_prefix = common_ancestor[(last_index + 1)..-1]
|
137
|
+
common_ancestor = common_ancestor[0...last_index]
|
138
|
+
end
|
139
|
+
end
|
140
|
+
new_common_ancestor = "#{common_ancestor}/#{last_prefix}"
|
141
|
+
keys.each do |k|
|
142
|
+
until last_prefix.empty?
|
143
|
+
break if k.start_with?(new_common_ancestor)
|
144
|
+
|
145
|
+
last_prefix = last_prefix[0...-1]
|
146
|
+
new_common_ancestor = "#{common_ancestor}/#{last_prefix}"
|
147
|
+
end
|
148
|
+
end
|
149
|
+
if new_common_ancestor == "#{first_key}/"
|
150
|
+
first_key
|
151
|
+
else
|
152
|
+
new_common_ancestor
|
153
|
+
end
|
154
|
+
end
|
155
|
+
end
|
156
|
+
|
157
|
+
def add_handlers(handlers, config)
|
158
|
+
return unless AccessGrants.s3control? && config.access_grants
|
159
|
+
|
160
|
+
handlers.add(Handler)
|
161
|
+
end
|
162
|
+
|
163
|
+
def after_initialize(client)
|
164
|
+
return unless AccessGrants.s3control? && client.config.access_grants
|
165
|
+
|
166
|
+
provider = client.config.access_grants_credentials_provider
|
167
|
+
provider.s3_client = client unless provider.s3_client
|
168
|
+
end
|
169
|
+
|
170
|
+
class << self
|
171
|
+
def s3control?
|
172
|
+
@s3control
|
173
|
+
end
|
174
|
+
end
|
175
|
+
end
|
176
|
+
end
|
177
|
+
end
|
178
|
+
end
|
@@ -14,6 +14,7 @@ module Aws::S3
|
|
14
14
|
option(
|
15
15
|
:endpoint_provider,
|
16
16
|
doc_type: 'Aws::S3::EndpointProvider',
|
17
|
+
rbs_type: 'untyped',
|
17
18
|
docstring: 'The endpoint provider used to resolve endpoints. Any '\
|
18
19
|
'object that responds to `#resolve_endpoint(parameters)` '\
|
19
20
|
'where `parameters` is a Struct similar to '\
|
@@ -22,19 +23,26 @@ module Aws::S3
|
|
22
23
|
Aws::S3::EndpointProvider.new
|
23
24
|
end
|
24
25
|
|
26
|
+
option(
|
27
|
+
:disable_s3_express_session_auth,
|
28
|
+
doc_type: 'Boolean',
|
29
|
+
default: nil,
|
30
|
+
docstring: "Parameter to indicate whether S3Express session auth should be disabled")
|
31
|
+
|
25
32
|
# @api private
|
26
33
|
class Handler < Seahorse::Client::Handler
|
27
34
|
def call(context)
|
28
|
-
# If endpoint was discovered, do not resolve or apply the endpoint.
|
29
35
|
unless context[:discovered_endpoint]
|
30
36
|
params = parameters_for_operation(context)
|
31
37
|
endpoint = context.config.endpoint_provider.resolve_endpoint(params)
|
32
38
|
|
33
39
|
context.http_request.endpoint = endpoint.url
|
34
40
|
apply_endpoint_headers(context, endpoint.headers)
|
41
|
+
|
42
|
+
context[:endpoint_params] = params
|
43
|
+
context[:endpoint_properties] = endpoint.properties
|
35
44
|
end
|
36
45
|
|
37
|
-
context[:endpoint_params] = params
|
38
46
|
context[:auth_scheme] =
|
39
47
|
Aws::Endpoints.resolve_auth_scheme(context, endpoint)
|
40
48
|
|
@@ -66,6 +74,8 @@ module Aws::S3
|
|
66
74
|
Aws::S3::Endpoints::CreateBucket.build(context)
|
67
75
|
when :create_multipart_upload
|
68
76
|
Aws::S3::Endpoints::CreateMultipartUpload.build(context)
|
77
|
+
when :create_session
|
78
|
+
Aws::S3::Endpoints::CreateSession.build(context)
|
69
79
|
when :delete_bucket
|
70
80
|
Aws::S3::Endpoints::DeleteBucket.build(context)
|
71
81
|
when :delete_bucket_analytics_configuration
|
@@ -176,6 +186,8 @@ module Aws::S3
|
|
176
186
|
Aws::S3::Endpoints::ListBucketMetricsConfigurations.build(context)
|
177
187
|
when :list_buckets
|
178
188
|
Aws::S3::Endpoints::ListBuckets.build(context)
|
189
|
+
when :list_directory_buckets
|
190
|
+
Aws::S3::Endpoints::ListDirectoryBuckets.build(context)
|
179
191
|
when :list_multipart_uploads
|
180
192
|
Aws::S3::Endpoints::ListMultipartUploads.build(context)
|
181
193
|
when :list_object_versions
|
@@ -0,0 +1,97 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module Aws
|
4
|
+
module S3
|
5
|
+
module Plugins
|
6
|
+
# @api private
|
7
|
+
class ExpressSessionAuth < Seahorse::Client::Plugin
|
8
|
+
# This should be s3_disable_express_auth instead
|
9
|
+
# But this is not a built in. We're overwriting the generated value
|
10
|
+
option(:disable_s3_express_session_auth,
|
11
|
+
default: false,
|
12
|
+
doc_type: 'Boolean',
|
13
|
+
docstring: <<-DOCS) do |cfg|
|
14
|
+
When `true`, S3 Express session authentication is disabled.
|
15
|
+
DOCS
|
16
|
+
resolve_disable_s3_express_session_auth(cfg)
|
17
|
+
end
|
18
|
+
|
19
|
+
option(:express_credentials_provider,
|
20
|
+
doc_type: 'Aws::S3::ExpressCredentialsProvider',
|
21
|
+
rbs_type: 'untyped',
|
22
|
+
docstring: <<-DOCS) do |_cfg|
|
23
|
+
Credential Provider for S3 Express endpoints. Manages credentials
|
24
|
+
for different buckets.
|
25
|
+
DOCS
|
26
|
+
Aws::S3::ExpressCredentialsProvider.new
|
27
|
+
end
|
28
|
+
|
29
|
+
# @api private
|
30
|
+
class Handler < Seahorse::Client::Handler
|
31
|
+
def call(context)
|
32
|
+
if (props = context[:endpoint_properties])
|
33
|
+
# S3 Express endpoint - turn off md5 and enable crc32 default
|
34
|
+
if props['backend'] == 'S3Express'
|
35
|
+
if context.operation_name == :put_object || checksum_required?(context)
|
36
|
+
context[:default_request_checksum_algorithm] = 'CRC32'
|
37
|
+
end
|
38
|
+
context[:s3_express_endpoint] = true
|
39
|
+
end
|
40
|
+
|
41
|
+
# if s3 express auth, use new credentials and sign additional header
|
42
|
+
if context[:auth_scheme]['name'] == 'sigv4-s3express' &&
|
43
|
+
!context.config.disable_s3_express_session_auth
|
44
|
+
bucket = context.params[:bucket]
|
45
|
+
credentials_provider = context.config.express_credentials_provider
|
46
|
+
credentials = credentials_provider.express_credentials_for(bucket)
|
47
|
+
context[:sigv4_credentials] = credentials # Sign will use this
|
48
|
+
end
|
49
|
+
end
|
50
|
+
with_metric(credentials) { @handler.call(context) }
|
51
|
+
end
|
52
|
+
|
53
|
+
private
|
54
|
+
|
55
|
+
def with_metric(credentials, &block)
|
56
|
+
return block.call unless credentials
|
57
|
+
|
58
|
+
Aws::Plugins::UserAgent.metric('S3_EXPRESS_BUCKET', &block)
|
59
|
+
end
|
60
|
+
|
61
|
+
def checksum_required?(context)
|
62
|
+
context.operation.http_checksum_required ||
|
63
|
+
(context.operation.http_checksum &&
|
64
|
+
context.operation.http_checksum['requestChecksumRequired'])
|
65
|
+
end
|
66
|
+
end
|
67
|
+
|
68
|
+
handler(Handler)
|
69
|
+
|
70
|
+
# Optimization - sets this client as the client to create sessions.
|
71
|
+
def after_initialize(client)
|
72
|
+
provider = client.config.express_credentials_provider
|
73
|
+
provider.client = client unless provider.client
|
74
|
+
end
|
75
|
+
|
76
|
+
class << self
|
77
|
+
private
|
78
|
+
|
79
|
+
def resolve_disable_s3_express_session_auth(cfg)
|
80
|
+
value = ENV['AWS_S3_DISABLE_EXPRESS_SESSION_AUTH'] ||
|
81
|
+
Aws.shared_config.s3_disable_express_session_auth(profile: cfg.profile) ||
|
82
|
+
'false'
|
83
|
+
value = Aws::Util.str_2_bool(value)
|
84
|
+
# Raise if provided value is not true or false
|
85
|
+
if value.nil?
|
86
|
+
raise ArgumentError,
|
87
|
+
'Must provide either `true` or `false` for the '\
|
88
|
+
'`s3_disable_express_session_auth` profile option or for '\
|
89
|
+
"ENV['AWS_S3_DISABLE_EXPRESS_SESSION_AUTH']."
|
90
|
+
end
|
91
|
+
value
|
92
|
+
end
|
93
|
+
end
|
94
|
+
end
|
95
|
+
end
|
96
|
+
end
|
97
|
+
end
|
@@ -15,22 +15,67 @@ module Aws
|
|
15
15
|
|
16
16
|
def call(context)
|
17
17
|
@handler.call(context).on(200) do |response|
|
18
|
-
|
19
|
-
|
20
|
-
|
21
|
-
|
18
|
+
return response if streaming_output?(context.operation.output)
|
19
|
+
|
20
|
+
error = check_for_error(context)
|
21
|
+
return response unless error
|
22
|
+
|
23
|
+
context.http_response.status_code = 500
|
24
|
+
response.data = nil
|
25
|
+
response.error = error
|
26
|
+
end
|
27
|
+
end
|
28
|
+
|
29
|
+
private
|
30
|
+
|
31
|
+
# Streaming outputs are not subject to 200 errors.
|
32
|
+
def streaming_output?(output)
|
33
|
+
if (payload = output[:payload_member])
|
34
|
+
# checking ref and shape
|
35
|
+
payload['streaming'] || payload.shape['streaming'] ||
|
36
|
+
payload.eventstream
|
37
|
+
else
|
38
|
+
false
|
39
|
+
end
|
40
|
+
end
|
41
|
+
|
42
|
+
# Checks if the output shape is a structure shape and has members that
|
43
|
+
# are in the body for the case of a payload and a normal structure. A
|
44
|
+
# non-structure shape will not have members in the body. In the case
|
45
|
+
# of a string or blob, the body contents would have been checked first
|
46
|
+
# before this method is called in incomplete_xml_body?.
|
47
|
+
def members_in_body?(output)
|
48
|
+
shape =
|
49
|
+
if output[:payload_member]
|
50
|
+
output[:payload_member].shape
|
51
|
+
else
|
52
|
+
output.shape
|
22
53
|
end
|
54
|
+
|
55
|
+
if structure_shape?(shape)
|
56
|
+
shape.members.any? { |_, k| k.location.nil? }
|
57
|
+
else
|
58
|
+
false
|
23
59
|
end
|
24
60
|
end
|
25
61
|
|
62
|
+
def structure_shape?(shape)
|
63
|
+
shape.is_a?(Seahorse::Model::Shapes::StructureShape)
|
64
|
+
end
|
65
|
+
|
66
|
+
# Must have a member in the body and have the start of an XML Tag.
|
67
|
+
# Other incomplete xml bodies will result in an XML ParsingError.
|
68
|
+
def incomplete_xml_body?(xml, output)
|
69
|
+
members_in_body?(output) && !xml.match(/<\w/)
|
70
|
+
end
|
71
|
+
|
26
72
|
def check_for_error(context)
|
27
73
|
xml = context.http_response.body_contents
|
28
|
-
if xml.match(
|
74
|
+
if xml.match(/\?>\s*<Error>/)
|
29
75
|
error_code = xml.match(/<Code>(.+?)<\/Code>/)[1]
|
30
76
|
error_message = xml.match(/<Message>(.+?)<\/Message>/)[1]
|
31
77
|
S3::Errors.error_class(error_code).new(context, error_message)
|
32
|
-
elsif
|
33
|
-
# Other incomplete xml bodies will result in XML ParsingError
|
78
|
+
elsif incomplete_xml_body?(xml, context.operation.output)
|
34
79
|
Seahorse::Client::NetworkingError.new(
|
35
80
|
S3::Errors
|
36
81
|
.error_class('InternalError')
|
@@ -40,15 +85,7 @@ module Aws
|
|
40
85
|
end
|
41
86
|
end
|
42
87
|
|
43
|
-
handler(
|
44
|
-
Handler,
|
45
|
-
step: :sign,
|
46
|
-
operations: [
|
47
|
-
:complete_multipart_upload,
|
48
|
-
:copy_object,
|
49
|
-
:upload_part_copy,
|
50
|
-
]
|
51
|
-
)
|
88
|
+
handler(Handler, step: :sign)
|
52
89
|
end
|
53
90
|
end
|
54
91
|
end
|
@@ -22,7 +22,9 @@ module Aws
|
|
22
22
|
|
23
23
|
def populate_location_constraint(params, region)
|
24
24
|
params[:create_bucket_configuration] ||= {}
|
25
|
-
params[:create_bucket_configuration][:
|
25
|
+
unless params[:create_bucket_configuration][:location]
|
26
|
+
params[:create_bucket_configuration][:location_constraint] ||= region
|
27
|
+
end
|
26
28
|
end
|
27
29
|
|
28
30
|
end
|
@@ -22,7 +22,8 @@ module Aws
|
|
22
22
|
CHUNK_SIZE = 1 * 1024 * 1024 # one MB
|
23
23
|
|
24
24
|
def call(context)
|
25
|
-
if !context[:checksum_algorithms] # skip in favor of flexible checksum
|
25
|
+
if !context[:checksum_algorithms] && # skip in favor of flexible checksum
|
26
|
+
!context[:s3_express_endpoint] # s3 express endpoints do not support md5
|
26
27
|
body = context.http_request.body
|
27
28
|
if body.respond_to?(:size) && body.size > 0
|
28
29
|
context.http_request.headers['Content-Md5'] ||= md5(body)
|
@@ -4,6 +4,11 @@ require 'aws-sigv4'
|
|
4
4
|
|
5
5
|
module Aws
|
6
6
|
module S3
|
7
|
+
# @api private
|
8
|
+
def self.bucket_region_cache
|
9
|
+
@bucket_region_cache ||= BucketRegionCache.new
|
10
|
+
end
|
11
|
+
|
7
12
|
module Plugins
|
8
13
|
# This plugin used to have a V4 signer but it was removed in favor of
|
9
14
|
# generic Sign plugin that uses endpoint auth scheme.
|
@@ -51,7 +56,7 @@ module Aws
|
|
51
56
|
private
|
52
57
|
|
53
58
|
def check_for_cached_region(context, bucket)
|
54
|
-
cached_region = S3
|
59
|
+
cached_region = Aws::S3.bucket_region_cache[bucket]
|
55
60
|
if cached_region &&
|
56
61
|
cached_region != context.config.region &&
|
57
62
|
!S3Signer.custom_endpoint?(context)
|
@@ -97,7 +102,7 @@ module Aws
|
|
97
102
|
end
|
98
103
|
|
99
104
|
def update_bucket_cache(context, actual_region)
|
100
|
-
S3
|
105
|
+
Aws::S3.bucket_region_cache[context.params[:bucket]] = actual_region
|
101
106
|
end
|
102
107
|
|
103
108
|
def fips_region?(resp)
|
@@ -315,26 +315,28 @@ module Aws
|
|
315
315
|
|
316
316
|
# @!group Fields
|
317
317
|
|
318
|
-
#
|
319
|
-
#
|
320
|
-
#
|
318
|
+
# @!method key(key)
|
319
|
+
# The key to use for the uploaded object. You can use `${filename}`
|
320
|
+
# as a variable in the key. This will be replaced with the name
|
321
|
+
# of the file as provided by the user.
|
321
322
|
#
|
322
|
-
#
|
323
|
-
#
|
324
|
-
#
|
323
|
+
# For example, if the key is given as `/user/betty/${filename}` and
|
324
|
+
# the file uploaded is named `lolcatz.jpg`, the resultant key will
|
325
|
+
# be `/user/betty/lolcatz.jpg`.
|
325
326
|
#
|
326
|
-
#
|
327
|
-
#
|
328
|
-
#
|
327
|
+
# @param [String] key
|
328
|
+
# @see http://docs.aws.amazon.com/AmazonS3/latest/dev/UsingMetadata.html)
|
329
|
+
# @return [self]
|
329
330
|
define_field(:key) do |key|
|
330
331
|
@key_set = true
|
331
332
|
with('key', key)
|
332
333
|
end
|
333
334
|
|
334
|
-
#
|
335
|
-
#
|
336
|
-
#
|
337
|
-
#
|
335
|
+
# @!method key_starts_with(prefix)
|
336
|
+
# Specify a prefix the uploaded
|
337
|
+
# @param [String] prefix
|
338
|
+
# @see #key
|
339
|
+
# @return [self]
|
338
340
|
define_field(:key_starts_with) do |prefix|
|
339
341
|
@key_set = true
|
340
342
|
starts_with('key', prefix)
|
@@ -412,26 +414,29 @@ module Aws
|
|
412
414
|
# @return [self]
|
413
415
|
define_field(:content_encoding, 'Content-Encoding', starts_with: true)
|
414
416
|
|
415
|
-
#
|
416
|
-
#
|
417
|
-
#
|
418
|
-
#
|
419
|
-
#
|
420
|
-
#
|
417
|
+
# @!method expires(time)
|
418
|
+
# The date and time at which the object is no longer cacheable.
|
419
|
+
# @note This does not affect the expiration of the presigned post
|
420
|
+
# signature.
|
421
|
+
# @param [Time] time
|
422
|
+
# @see http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.21
|
423
|
+
# @return [self]
|
421
424
|
define_field(:expires) do |time|
|
422
425
|
with('Expires', time.httpdate)
|
423
426
|
end
|
424
427
|
|
425
|
-
#
|
426
|
-
#
|
427
|
-
#
|
428
|
+
# @!method expires_starts_with(prefix)
|
429
|
+
# @param [String] prefix
|
430
|
+
# @see #expires
|
431
|
+
# @return [self]
|
428
432
|
define_field(:expires_starts_with) do |prefix|
|
429
433
|
starts_with('Expires', prefix)
|
430
434
|
end
|
431
435
|
|
432
|
-
#
|
433
|
-
#
|
434
|
-
#
|
436
|
+
# @!method content_length_range(byte_range)
|
437
|
+
# The minimum and maximum allowable size for the uploaded content.
|
438
|
+
# @param [Range<Integer>] byte_range
|
439
|
+
# @return [self]
|
435
440
|
define_field(:content_length_range) do |byte_range|
|
436
441
|
min = byte_range.begin
|
437
442
|
max = byte_range.end
|
@@ -507,10 +512,11 @@ module Aws
|
|
507
512
|
# @return [self]
|
508
513
|
define_field(:website_redirect_location, 'x-amz-website-redirect-location')
|
509
514
|
|
510
|
-
#
|
511
|
-
#
|
512
|
-
#
|
513
|
-
#
|
515
|
+
# @!method metadata(hash)
|
516
|
+
# Metadata hash to store with the uploaded object. Hash keys will be
|
517
|
+
# prefixed with "x-amz-meta-".
|
518
|
+
# @param [Hash<String,String>] hash
|
519
|
+
# @return [self]
|
514
520
|
define_field(:metadata) do |hash|
|
515
521
|
hash.each do |key, value|
|
516
522
|
with("x-amz-meta-#{key}", value)
|
@@ -518,10 +524,11 @@ module Aws
|
|
518
524
|
self
|
519
525
|
end
|
520
526
|
|
521
|
-
#
|
522
|
-
#
|
523
|
-
#
|
524
|
-
#
|
527
|
+
# @!method metadata_starts_with(hash)
|
528
|
+
# Specify allowable prefix for each key in the metadata hash.
|
529
|
+
# @param [Hash<String,String>] hash
|
530
|
+
# @see #metadata
|
531
|
+
# @return [self]
|
525
532
|
define_field(:metadata_starts_with) do |hash|
|
526
533
|
hash.each do |key, value|
|
527
534
|
starts_with("x-amz-meta-#{key}", value)
|
@@ -571,24 +578,26 @@ module Aws
|
|
571
578
|
'x-amz-server-side-encryption-customer-algorithm'
|
572
579
|
)
|
573
580
|
|
574
|
-
#
|
575
|
-
#
|
576
|
-
#
|
581
|
+
# @!method server_side_encryption_customer_key(value)
|
582
|
+
# Specifies the customer-provided encryption key for Amazon S3 to use
|
583
|
+
# in encrypting data. This value is used to store the object and then
|
584
|
+
# it is discarded; Amazon does not store the encryption key.
|
577
585
|
#
|
578
|
-
#
|
586
|
+
# You must also call {#server_side_encryption_customer_algorithm}.
|
579
587
|
#
|
580
|
-
#
|
581
|
-
#
|
582
|
-
#
|
588
|
+
# @param [String] value
|
589
|
+
# @see #server_side_encryption_customer_algorithm
|
590
|
+
# @return [self]
|
583
591
|
define_field(:server_side_encryption_customer_key) do |value|
|
584
592
|
field_name = 'x-amz-server-side-encryption-customer-key'
|
585
593
|
with(field_name, base64(value))
|
586
594
|
with(field_name + '-MD5', base64(OpenSSL::Digest::MD5.digest(value)))
|
587
595
|
end
|
588
596
|
|
589
|
-
#
|
590
|
-
#
|
591
|
-
#
|
597
|
+
# @!method server_side_encryption_customer_key_starts_with(prefix)
|
598
|
+
# @param [String] prefix
|
599
|
+
# @see #server_side_encryption_customer_key
|
600
|
+
# @return [self]
|
592
601
|
define_field(:server_side_encryption_customer_key_starts_with) do |prefix|
|
593
602
|
field_name = 'x-amz-server-side-encryption-customer-key'
|
594
603
|
starts_with(field_name, prefix)
|
data/lib/aws-sdk-s3/presigner.rb
CHANGED
@@ -49,7 +49,8 @@ module Aws
|
|
49
49
|
# before the presigned URL expires. Defaults to 15 minutes. As signature
|
50
50
|
# version 4 has a maximum expiry time of one week for presigned URLs,
|
51
51
|
# attempts to set this value to greater than one week (604800) will
|
52
|
-
# raise an exception.
|
52
|
+
# raise an exception. The min value of this option and the credentials
|
53
|
+
# expiration time is used in the presigned URL.
|
53
54
|
#
|
54
55
|
# @option params [Time] :time (Time.now) The starting time for when the
|
55
56
|
# presigned url becomes active.
|
@@ -96,7 +97,8 @@ module Aws
|
|
96
97
|
# before the presigned URL expires. Defaults to 15 minutes. As signature
|
97
98
|
# version 4 has a maximum expiry time of one week for presigned URLs,
|
98
99
|
# attempts to set this value to greater than one week (604800) will
|
99
|
-
# raise an exception.
|
100
|
+
# raise an exception. The min value of this option and the credentials
|
101
|
+
# expiration time is used in the presigned URL.
|
100
102
|
#
|
101
103
|
# @option params [Time] :time (Time.now) The starting time for when the
|
102
104
|
# presigned url becomes active.
|
@@ -197,6 +199,8 @@ module Aws
|
|
197
199
|
req.handlers.remove(Aws::S3::Plugins::S3Signer::LegacyHandler)
|
198
200
|
req.handlers.remove(Aws::Plugins::Sign::Handler)
|
199
201
|
req.handlers.remove(Seahorse::Client::Plugins::ContentLength::Handler)
|
202
|
+
req.handlers.remove(Aws::Rest::ContentTypeHandler)
|
203
|
+
req.handlers.remove(Aws::Plugins::InvocationId::Handler)
|
200
204
|
|
201
205
|
req.handle(step: :send) do |context|
|
202
206
|
# if an endpoint was not provided, force secure or insecure
|
@@ -230,8 +234,8 @@ module Aws
|
|
230
234
|
end
|
231
235
|
signer = Aws::Sigv4::Signer.new(
|
232
236
|
service: auth_scheme['signingName'] || 's3',
|
233
|
-
region: region || context.config.region,
|
234
|
-
credentials_provider: context.config.credentials,
|
237
|
+
region: context[:sigv4_region] || region || context.config.region,
|
238
|
+
credentials_provider: context[:sigv4_credentials] || context.config.credentials,
|
235
239
|
signing_algorithm: scheme_name.to_sym,
|
236
240
|
uri_escape_path: !!!auth_scheme['disableDoubleEncoding'],
|
237
241
|
unsigned_headers: unsigned_headers,
|