aws-sdk-s3 1.127.0 → 1.141.0

data/lib/aws-sdk-s3/express_credentials.rb

@@ -0,0 +1,55 @@
+# frozen_string_literal: true
+
+require 'set'
+
+module Aws
+  module S3
+    # @api private
+    class ExpressCredentials
+      include CredentialProvider
+      include RefreshingCredentials
+
+      SYNC_EXPIRATION_LENGTH = 60 # 1 minute
+      ASYNC_EXPIRATION_LENGTH = 120 # 2 minutes
+
+      def initialize(options = {})
+        @client = options[:client]
+        @create_session_params = {}
+        options.each_pair do |key, value|
+          if self.class.create_session_options.include?(key)
+            @create_session_params[key] = value
+          end
+        end
+        @async_refresh = true
+        super
+      end
+
+      # @return [S3::Client]
+      attr_reader :client
+
+      private
+
+      def refresh
+        c = @client.create_session(@create_session_params).credentials
+        @credentials = Credentials.new(
+          c.access_key_id,
+          c.secret_access_key,
+          c.session_token
+        )
+        @expiration = c.expiration
+      end
+
+      class << self
+
+        # @api private
+        def create_session_options
+          @cso ||= begin
+            input = S3::Client.api.operation(:create_session).input
+            Set.new(input.shape.member_names)
+          end
+        end
+
+      end
+    end
+  end
+end

data/lib/aws-sdk-s3/express_credentials_cache.rb

@@ -0,0 +1,30 @@
+# frozen_string_literal: true
+
+module Aws
+  module S3
+    # @api private
+    class ExpressCredentialsCache
+      def initialize
+        @credentials = {}
+        @mutex = Mutex.new
+      end
+
+      def [](bucket_name)
+        @mutex.synchronize { @credentials[bucket_name] }
+      end
+
+      def []=(bucket_name, credential_provider)
+        @mutex.synchronize do
+          @credentials[bucket_name] = credential_provider
+        end
+      end
+
+      def clear
+        @mutex.synchronize { @credentials = {} }
+      end
+    end
+
+    # @api private
+    EXPRESS_CREDENTIALS_CACHE = ExpressCredentialsCache.new
+  end
+end

data/lib/aws-sdk-s3/express_credentials_provider.rb

@@ -0,0 +1,36 @@
+# frozen_string_literal: true
+
+module Aws
+  module S3
+    # Returns Credentials class for S3 Express. Accepts CreateSession
+    # params as options. See {Client#create_session} for details.
+    class ExpressCredentialsProvider
+      # @param [Hash] options
+      # @option options [Client] :client The S3 client used to create the session.
+      # @option options [String] :session_mode (see: {Client#create_session})
+      # @option options [Callable] :before_refresh Proc called before
+      #   credentials are refreshed.
+      def initialize(options = {})
+        @client = options.delete(:client)
+        @options = options
+        @cache = EXPRESS_CREDENTIALS_CACHE
+      end
+
+      def express_credentials_for(bucket)
+        @cache[bucket] || new_credentials_for(bucket)
+      end
+
+      attr_accessor :client
+
+      private
+
+      def new_credentials_for(bucket)
+        @cache[bucket] = ExpressCredentials.new(
+          bucket: bucket,
+          client: @client,
+          **@options
+        )
+      end
+    end
+  end
+end

data/lib/aws-sdk-s3/file_downloader.rb

@@ -32,6 +32,18 @@ module Aws
         }
         @params[:version_id] = options[:version_id] if options[:version_id]
 
+        # checksum_mode only supports the value "ENABLED"
+        # falsey values (false/nil) or "DISABLED" should be considered
+        # disabled and the api parameter should be unset.
+        if (checksum_mode = options.fetch(:checksum_mode, 'ENABLED'))
+          @params[:checksum_mode] = checksum_mode unless checksum_mode.upcase == 'DISABLED'
+        end
+        @on_checksum_validated = options[:on_checksum_validated]
+
+        @progress_callback = options[:progress_callback]
+
+        validate!
+
         Aws::Plugins::UserAgent.feature('s3-transfer') do
           case @mode
           when 'auto' then multipart_download
@@ -39,7 +51,7 @@ module Aws
           when 'get_range'
             if @chunk_size
               resp = @client.head_object(@params)
-              multithreaded_get_by_ranges(construct_chunks(resp.content_length))
+              multithreaded_get_by_ranges(resp.content_length)
             else
               msg = 'In :get_range mode, :chunk_size must be provided'
               raise ArgumentError, msg
@@ -54,6 +66,17 @@ module Aws
 
       private
 
+      def validate!
+        if @on_checksum_validated && @params[:checksum_mode] != 'ENABLED'
+          raise ArgumentError, "You must set checksum_mode: 'ENABLED' " +
+            "when providing a on_checksum_validated callback"
+        end
+
+        if @on_checksum_validated && !@on_checksum_validated.respond_to?(:call)
+          raise ArgumentError, 'on_checksum_validated must be callable'
+        end
+      end
+
       def multipart_download
         resp = @client.head_object(@params.merge(part_number: 1))
         count = resp.parts_count
@@ -61,7 +84,7 @@ module Aws
           if resp.content_length <= MIN_CHUNK_SIZE
             single_request
           else
-            multithreaded_get_by_ranges(construct_chunks(resp.content_length))
+            multithreaded_get_by_ranges(resp.content_length)
           end
         else
           # partNumber is an option
@@ -78,9 +101,9 @@ module Aws
         chunk_size = compute_chunk(file_size)
         part_size = (file_size.to_f / count.to_f).ceil
         if chunk_size < part_size
-          multithreaded_get_by_ranges(construct_chunks(file_size))
+          multithreaded_get_by_ranges(file_size)
         else
-          multithreaded_get_by_parts(count)
+          multithreaded_get_by_parts(count, file_size)
         end
       end
 
@@ -112,27 +135,64 @@ module Aws
         chunks.each_slice(@thread_count).to_a
       end
 
-      def multithreaded_get_by_ranges(chunks)
-        thread_batches(chunks, 'range')
+      def multithreaded_get_by_ranges(file_size)
+        offset = 0
+        default_chunk_size = compute_chunk(file_size)
+        chunks = []
+        part_number = 1 # parts start at 1
+        while offset < file_size
+          progress = offset + default_chunk_size
+          progress = file_size if progress > file_size
+          range = "bytes=#{offset}-#{progress - 1}"
+          chunks << Part.new(
+            part_number: part_number,
+            size: (progress-offset),
+            params: @params.merge(range: range)
+          )
+          part_number += 1
+          offset = progress
+        end
+        download_in_threads(PartList.new(chunks), file_size)
       end
 
-      def multithreaded_get_by_parts(parts)
-        thread_batches(parts, 'part_number')
+      def multithreaded_get_by_parts(n_parts, total_size)
+        parts = (1..n_parts).map do |part|
+          Part.new(part_number: part, params: @params.merge(part_number: part))
+        end
+        download_in_threads(PartList.new(parts), total_size)
       end
 
-      def thread_batches(chunks, param)
-        batches(chunks, param).each do |batch|
-          threads = []
-          batch.each do |chunk|
-            threads << Thread.new do
-              resp = @client.get_object(
-                @params.merge(param.to_sym => chunk)
-              )
-              write(resp)
+      def download_in_threads(pending, total_size)
+        threads = []
+        if @progress_callback
+          progress = MultipartProgress.new(pending, total_size, @progress_callback)
+        end
+        @thread_count.times do
+          thread = Thread.new do
+            begin
+              while part = pending.shift
+                if progress
+                  part.params[:on_chunk_received] =
+                    proc do |_chunk, bytes, total|
+                      progress.call(part.part_number, bytes, total)
+                    end
+                end
+                resp = @client.get_object(part.params)
+                write(resp)
+                if @on_checksum_validated && resp.checksum_validated
+                  @on_checksum_validated.call(resp.checksum_validated, resp)
+                end
+              end
+              nil
+            rescue => error
+              # keep other threads from downloading other parts
+              pending.clear!
+              raise error
             end
           end
-          threads.each(&:join)
+          threads << thread
         end
+        threads.map(&:value).compact
       end
 
       def write(resp)
@@ -142,9 +202,70 @@ module Aws
       end
 
       def single_request
-        @client.get_object(
-          @params.merge(response_target: @path)
-        )
+        params = @params.merge(response_target: @path)
+        params[:on_chunk_received] = single_part_progress if @progress_callback
+        resp = @client.get_object(params)
+
+        return resp unless @on_checksum_validated
+
+        if resp.checksum_validated
+          @on_checksum_validated.call(resp.checksum_validated, resp)
+        end
+
+        resp
+      end
+
+      def single_part_progress
+        proc do |_chunk, bytes_read, total_size|
+          @progress_callback.call([bytes_read], [total_size], total_size)
+        end
+      end
+
+      class Part < Struct.new(:part_number, :size, :params)
+        include Aws::Structure
+      end
+
+      # @api private
+      class PartList
+        include Enumerable
+        def initialize(parts = [])
+          @parts = parts
+          @mutex = Mutex.new
+        end
+
+        def shift
+          @mutex.synchronize { @parts.shift }
+        end
+
+        def size
+          @mutex.synchronize { @parts.size }
+        end
+
+        def clear!
+          @mutex.synchronize { @parts.clear }
+        end
+
+        def each(&block)
+          @mutex.synchronize { @parts.each(&block) }
+        end
+      end
+
+      # @api private
+      class  MultipartProgress
+        def initialize(parts, total_size, progress_callback)
+          @bytes_received = Array.new(parts.size, 0)
+          @part_sizes = parts.map(&:size)
+          @total_size = total_size
+          @progress_callback = progress_callback
+        end
+
+        def call(part_number, bytes_received, total)
+          # part numbers start at 1
+          @bytes_received[part_number - 1] = bytes_received
+          # part size may not be known until we get the first response
+          @part_sizes[part_number - 1] ||= total
+          @progress_callback.call(@bytes_received, @part_sizes, @total_size)
+        end
       end
     end
   end

data/lib/aws-sdk-s3/multipart_file_uploader.rb

@@ -175,7 +175,6 @@ module Aws
               error
             end
           end
-          thread.abort_on_exception = true
           threads << thread
         end
         threads.map(&:value).compact

data/lib/aws-sdk-s3/multipart_stream_uploader.rb

@@ -192,7 +192,6 @@ module Aws
               error
             end
           end
-          thread.abort_on_exception = true
           thread
         end
       end

data/lib/aws-sdk-s3/multipart_upload.rb

@@ -69,6 +69,11 @@ module Aws::S3
     end
 
     # The class of storage used to store the object.
+    #
+    # <note markdown="1"> **Directory buckets** - Only the S3 Express One Zone storage class is
+    # supported by directory buckets to store objects.
+    #
+    #  </note>
     # @return [String]
     def storage_class
       data[:storage_class]
@@ -76,6 +81,11 @@ module Aws::S3
 
     # Specifies the owner of the object that is part of the multipart
     # upload.
+    #
+    # <note markdown="1"> **Directory buckets** - The bucket owner is returned as the object
+    # owner for all the objects.
+    #
+    #  </note>
     # @return [Types::Owner]
     def owner
       data[:owner]
@@ -234,17 +244,23 @@ module Aws::S3
     # @option options [String] :request_payer
     #   Confirms that the requester knows that they will be charged for the
     #   request. Bucket owners need not specify this parameter in their
-    #   requests. For information about downloading objects from Requester
+    #   requests. If either the source or destination S3 bucket has Requester
+    #   Pays enabled, the requester will pay for corresponding charges to copy
+    #   the object. For information about downloading objects from Requester
     #   Pays buckets, see [Downloading Objects in Requester Pays Buckets][1]
     #   in the *Amazon S3 User Guide*.
     #
+    #   <note markdown="1"> This functionality is not supported for directory buckets.
+    #
+    #    </note>
+    #
     #
     #
     #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html
     # @option options [String] :expected_bucket_owner
-    #   The account ID of the expected bucket owner. If the bucket is owned by
-    #   a different account, the request fails with the HTTP status code `403
-    #   Forbidden` (access denied).
+    #   The account ID of the expected bucket owner. If the account ID that
+    #   you provide does not match the actual owner of the bucket, the request
+    #   fails with the HTTP status code `403 Forbidden` (access denied).
     # @return [Types::AbortMultipartUploadOutput]
     def abort(options = {})
       options = options.merge(
@@ -329,32 +345,47 @@ module Aws::S3
     # @option options [String] :request_payer
     #   Confirms that the requester knows that they will be charged for the
     #   request. Bucket owners need not specify this parameter in their
-    #   requests. For information about downloading objects from Requester
+    #   requests. If either the source or destination S3 bucket has Requester
+    #   Pays enabled, the requester will pay for corresponding charges to copy
+    #   the object. For information about downloading objects from Requester
     #   Pays buckets, see [Downloading Objects in Requester Pays Buckets][1]
     #   in the *Amazon S3 User Guide*.
     #
+    #   <note markdown="1"> This functionality is not supported for directory buckets.
+    #
+    #    </note>
+    #
     #
     #
     #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html
     # @option options [String] :expected_bucket_owner
-    #   The account ID of the expected bucket owner. If the bucket is owned by
-    #   a different account, the request fails with the HTTP status code `403
-    #   Forbidden` (access denied).
+    #   The account ID of the expected bucket owner. If the account ID that
+    #   you provide does not match the actual owner of the bucket, the request
+    #   fails with the HTTP status code `403 Forbidden` (access denied).
     # @option options [String] :sse_customer_algorithm
     #   The server-side encryption (SSE) algorithm used to encrypt the object.
-    #   This parameter is needed only when the object was created using a
-    #   checksum algorithm. For more information, see [Protecting data using
-    #   SSE-C keys][1] in the *Amazon S3 User Guide*.
+    #   This parameter is required only when the object was created using a
+    #   checksum algorithm or if your bucket policy requires the use of SSE-C.
+    #   For more information, see [Protecting data using SSE-C keys][1] in the
+    #   *Amazon S3 User Guide*.
     #
+    #   <note markdown="1"> This functionality is not supported for directory buckets.
     #
+    #    </note>
     #
-    #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/ServerSideEncryptionCustomerKeys.html#ssec-require-condition-key
     # @option options [String] :sse_customer_key
     #   The server-side encryption (SSE) customer managed key. This parameter
     #   is needed only when the object was created using a checksum algorithm.
     #   For more information, see [Protecting data using SSE-C keys][1] in the
     #   *Amazon S3 User Guide*.
     #
+    #   <note markdown="1"> This functionality is not supported for directory buckets.
+    #
+    #    </note>
+    #
     #
     #
     #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html
@@ -364,6 +395,10 @@ module Aws::S3
     #   algorithm. For more information, see [Protecting data using SSE-C
     #   keys][1] in the *Amazon S3 User Guide*.
     #
+    #   <note markdown="1"> This functionality is not supported for directory buckets.
+    #
+    #    </note>
+    #
     #
     #
     #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html
@@ -420,23 +455,33 @@ module Aws::S3
     # @option options [String] :request_payer
     #   Confirms that the requester knows that they will be charged for the
     #   request. Bucket owners need not specify this parameter in their
-    #   requests. For information about downloading objects from Requester
+    #   requests. If either the source or destination S3 bucket has Requester
+    #   Pays enabled, the requester will pay for corresponding charges to copy
+    #   the object. For information about downloading objects from Requester
     #   Pays buckets, see [Downloading Objects in Requester Pays Buckets][1]
     #   in the *Amazon S3 User Guide*.
     #
+    #   <note markdown="1"> This functionality is not supported for directory buckets.
+    #
+    #    </note>
+    #
     #
     #
     #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html
     # @option options [String] :expected_bucket_owner
-    #   The account ID of the expected bucket owner. If the bucket is owned by
-    #   a different account, the request fails with the HTTP status code `403
-    #   Forbidden` (access denied).
+    #   The account ID of the expected bucket owner. If the account ID that
+    #   you provide does not match the actual owner of the bucket, the request
+    #   fails with the HTTP status code `403 Forbidden` (access denied).
     # @option options [String] :sse_customer_algorithm
     #   The server-side encryption (SSE) algorithm used to encrypt the object.
     #   This parameter is needed only when the object was created using a
     #   checksum algorithm. For more information, see [Protecting data using
     #   SSE-C keys][1] in the *Amazon S3 User Guide*.
     #
+    #   <note markdown="1"> This functionality is not supported for directory buckets.
+    #
+    #    </note>
+    #
     #
     #
     #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html
@@ -446,6 +491,10 @@ module Aws::S3
     #   For more information, see [Protecting data using SSE-C keys][1] in the
     #   *Amazon S3 User Guide*.
     #
+    #   <note markdown="1"> This functionality is not supported for directory buckets.
+    #
+    #    </note>
+    #
     #
     #
     #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html
@@ -455,6 +504,10 @@ module Aws::S3
     #   algorithm. For more information, see [Protecting data using SSE-C
     #   keys][1] in the *Amazon S3 User Guide*.
     #
+    #   <note markdown="1"> This functionality is not supported for directory buckets.
+    #
+    #    </note>
+    #
     #
     #
     #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html