aws-sdk-s3 1.128.0 → 1.199.1

data/lib/aws-sdk-s3/plugins/md5s.rb

@@ -6,80 +6,20 @@ module Aws
   module S3
     module Plugins
       # @api private
-      # This plugin is effectively deprecated in favor of modeled
+      # This plugin is deprecated in favor of modeled
       # httpChecksumRequired traits.
       class Md5s < Seahorse::Client::Plugin
-        # These operations allow Content MD5 but are not required by
-        # httpChecksumRequired. This list should not grow.
-        OPTIONAL_OPERATIONS = [
-          :put_object,
-          :upload_part
-        ]
-
-        # @api private
-        class Handler < Seahorse::Client::Handler
-
-          CHUNK_SIZE = 1 * 1024 * 1024 # one MB
-
-          def call(context)
-            if !context[:checksum_algorithms] # skip in favor of flexible checksum
-              body = context.http_request.body
-              if body.respond_to?(:size) && body.size > 0
-                context.http_request.headers['Content-Md5'] ||= md5(body)
-              end
-            end
-            @handler.call(context)
-          end
-
-          private
-
-          # @param [File, Tempfile, IO#read, String] value
-          # @return [String<MD5>]
-          def md5(value)
-            if (File === value || Tempfile === value) && !value.path.nil? && File.exist?(value.path)
-              OpenSSL::Digest::MD5.file(value).base64digest
-            elsif value.respond_to?(:read)
-              md5 = OpenSSL::Digest::MD5.new
-              update_in_chunks(md5, value)
-              md5.base64digest
-            else
-              OpenSSL::Digest::MD5.digest(value).base64digest
-            end
-          end
-
-          def update_in_chunks(digest, io)
-            loop do
-              chunk = io.read(CHUNK_SIZE)
-              break unless chunk
-              digest.update(chunk)
-            end
-            io.rewind
-          end
-
-        end
-
         option(:compute_checksums,
-          default: true,
-          doc_type: 'Boolean',
-          docstring: <<-DOCS)
-When `true` a MD5 checksum will be computed and sent in the Content Md5
-header for :put_object and :upload_part. When `false`, MD5 checksums
-will not be computed for these operations. Checksums are still computed
-for operations requiring them. Checksum errors returned by Amazon S3 are
-automatically retried up to `:retry_limit` times.
-          DOCS
-
-        def add_handlers(handlers, config)
-          if config.compute_checksums
-            # priority set low to ensure md5 is computed AFTER the request is
-            # built but before it is signed
-            handlers.add(
-              Handler,
-              priority: 10, step: :build, operations: OPTIONAL_OPERATIONS
-            )
-          end
+               default: true,
+               doc_type: 'Boolean',
+               docstring: <<~DOCS)
+                 This option is deprecated. Please use `:request_checksum_calculation` instead.
+                 When `false`, `request_checksum_calculation` is overridden to `when_required`.
+               DOCS
+
+        def after_initialize(client)
+          client.config.request_checksum_calculation = 'when_required' unless client.config.compute_checksums
         end
-
       end
     end
   end

data/lib/aws-sdk-s3/plugins/s3_signer.rb

@@ -4,6 +4,11 @@ require 'aws-sigv4'
 
 module Aws
   module S3
+    # @api private
+    def self.bucket_region_cache
+      @bucket_region_cache ||= BucketRegionCache.new
+    end
+
     module Plugins
       # This plugin used to have a V4 signer but it was removed in favor of
       # generic Sign plugin that uses endpoint auth scheme.
@@ -51,7 +56,7 @@ module Aws
           private
 
           def check_for_cached_region(context, bucket)
-            cached_region = S3::BUCKET_REGIONS[bucket]
+            cached_region = Aws::S3.bucket_region_cache[bucket]
             if cached_region &&
                cached_region != context.config.region &&
                !S3Signer.custom_endpoint?(context)
@@ -97,7 +102,7 @@ module Aws
           end
 
           def update_bucket_cache(context, actual_region)
-            S3::BUCKET_REGIONS[context.params[:bucket]] = actual_region
+            Aws::S3.bucket_region_cache[context.params[:bucket]] = actual_region
           end
 
           def fips_region?(resp)

data/lib/aws-sdk-s3/plugins/streaming_retry.rb

@@ -62,18 +62,16 @@ module Aws
         class Handler < Seahorse::Client::Handler
 
           def call(context)
-            target = context.params[:response_target] || context[:response_target]
-
             # retry is only supported when range is NOT set on the initial request
-            if supported_target?(target) && !context.params[:range]
-              add_event_listeners(context, target)
+            if supported_target?(context) && !context.params[:range]
+              add_event_listeners(context)
             end
             @handler.call(context)
           end
 
           private
 
-          def add_event_listeners(context, target)
+          def add_event_listeners(context)
             context.http_response.on_headers(200..299) do
               case context.http_response.body
               when Seahorse::Client::BlockIO then
@@ -123,8 +121,8 @@ module Aws
               context.http_response.body.is_a?(RetryableManagedFile)
           end
 
-          def supported_target?(target)
-            case target
+          def supported_target?(context)
+            case context[:response_target]
             when Proc, String, Pathname then true
             else false
             end

data/lib/aws-sdk-s3/plugins/url_encoded_keys.rb

@@ -1,7 +1,8 @@
 # frozen_string_literal: true
 
 require 'uri'
-require 'cgi'
+require "cgi/escape"
+require "cgi/util" if RUBY_VERSION < "3.5"
 
 module Aws
   module S3

data/lib/aws-sdk-s3/presigned_post.rb

@@ -315,26 +315,28 @@ module Aws
 
       # @!group Fields
 
-      # The key to use for the uploaded object. You can use `${filename}`
-      # as a variable in the key. This will be replaced with the name
-      # of the file as provided by the user.
+      # @!method key(key)
+      #   The key to use for the uploaded object. You can use `${filename}`
+      #   as a variable in the key. This will be replaced with the name
+      #   of the file as provided by the user.
       #
-      # For example, if the key is given as `/user/betty/${filename}` and
-      # the file uploaded is named `lolcatz.jpg`, the resultant key will
-      # be `/user/betty/lolcatz.jpg`.
+      #   For example, if the key is given as `/user/betty/${filename}` and
+      #   the file uploaded is named `lolcatz.jpg`, the resultant key will
+      #   be `/user/betty/lolcatz.jpg`.
       #
-      # @param [String] key
-      # @see http://docs.aws.amazon.com/AmazonS3/latest/dev/UsingMetadata.html)
-      # @return [self]
+      #   @param [String] key
+      #   @see http://docs.aws.amazon.com/AmazonS3/latest/dev/UsingMetadata.html)
+      #   @return [self]
       define_field(:key) do |key|
         @key_set = true
         with('key', key)
       end
 
-      # Specify a prefix the uploaded
-      # @param [String] prefix
-      # @see #key
-      # @return [self]
+      # @!method key_starts_with(prefix)
+      #   Specify a prefix the uploaded
+      #   @param [String] prefix
+      #   @see #key
+      #   @return [self]
       define_field(:key_starts_with) do |prefix|
         @key_set = true
         starts_with('key', prefix)
@@ -412,26 +414,29 @@ module Aws
       #   @return [self]
       define_field(:content_encoding, 'Content-Encoding', starts_with: true)
 
-      # The date and time at which the object is no longer cacheable.
-      # @note This does not affect the expiration of the presigned post
-      #   signature.
-      # @param [Time] time
-      # @see http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.21
-      # @return [self]
+      # @!method expires(time)
+      #   The date and time at which the object is no longer cacheable.
+      #   @note This does not affect the expiration of the presigned post
+      #     signature.
+      #   @param [Time] time
+      #   @see http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.21
+      #   @return [self]
       define_field(:expires) do |time|
         with('Expires', time.httpdate)
       end
 
-      # @param [String] prefix
-      # @see #expires
-      # @return [self]
+      # @!method expires_starts_with(prefix)
+      #   @param [String] prefix
+      #   @see #expires
+      #   @return [self]
       define_field(:expires_starts_with) do |prefix|
         starts_with('Expires', prefix)
       end
 
-      # The minimum and maximum allowable size for the uploaded content.
-      # @param [Range<Integer>] byte_range
-      # @return [self]
+      # @!method content_length_range(byte_range)
+      #   The minimum and maximum allowable size for the uploaded content.
+      #   @param [Range<Integer>] byte_range
+      #   @return [self]
       define_field(:content_length_range) do |byte_range|
         min = byte_range.begin
         max = byte_range.end
@@ -507,10 +512,11 @@ module Aws
       #   @return [self]
       define_field(:website_redirect_location, 'x-amz-website-redirect-location')
 
-      # Metadata hash to store with the uploaded object. Hash keys will be
-      # prefixed with "x-amz-meta-".
-      # @param [Hash<String,String>] hash
-      # @return [self]
+      # @!method metadata(hash)
+      #   Metadata hash to store with the uploaded object. Hash keys will be
+      #   prefixed with "x-amz-meta-".
+      #   @param [Hash<String,String>] hash
+      #   @return [self]
       define_field(:metadata) do |hash|
         hash.each do |key, value|
           with("x-amz-meta-#{key}", value)
@@ -518,10 +524,11 @@ module Aws
         self
       end
 
-      # Specify allowable prefix for each key in the metadata hash.
-      # @param [Hash<String,String>] hash
-      # @see #metadata
-      # @return [self]
+      # @!method metadata_starts_with(hash)
+      #   Specify allowable prefix for each key in the metadata hash.
+      #   @param [Hash<String,String>] hash
+      #   @see #metadata
+      #   @return [self]
       define_field(:metadata_starts_with) do |hash|
         hash.each do |key, value|
           starts_with("x-amz-meta-#{key}", value)
@@ -571,24 +578,26 @@ module Aws
         'x-amz-server-side-encryption-customer-algorithm'
       )
 
-      # Specifies the customer-provided encryption key for Amazon S3 to use
-      # in encrypting data. This value is used to store the object and then
-      # it is discarded; Amazon does not store the encryption key.
+      # @!method server_side_encryption_customer_key(value)
+      #   Specifies the customer-provided encryption key for Amazon S3 to use
+      #   in encrypting data. This value is used to store the object and then
+      #   it is discarded; Amazon does not store the encryption key.
       #
-      # You must also call {#server_side_encryption_customer_algorithm}.
+      #   You must also call {#server_side_encryption_customer_algorithm}.
       #
-      # @param [String] value
-      # @see #server_side_encryption_customer_algorithm
-      # @return [self]
+      #   @param [String] value
+      #   @see #server_side_encryption_customer_algorithm
+      #   @return [self]
       define_field(:server_side_encryption_customer_key) do |value|
         field_name = 'x-amz-server-side-encryption-customer-key'
         with(field_name, base64(value))
         with(field_name + '-MD5', base64(OpenSSL::Digest::MD5.digest(value)))
       end
 
-      # @param [String] prefix
-      # @see #server_side_encryption_customer_key
-      # @return [self]
+      # @!method server_side_encryption_customer_key_starts_with(prefix)
+      #   @param [String] prefix
+      #   @see #server_side_encryption_customer_key
+      #   @return [self]
       define_field(:server_side_encryption_customer_key_starts_with) do |prefix|
         field_name = 'x-amz-server-side-encryption-customer-key'
         starts_with(field_name, prefix)

data/lib/aws-sdk-s3/presigner.rb

@@ -193,13 +193,14 @@ module Aws
         req, expires_in, secure, time, unsigned_headers, hoist = true
       )
         x_amz_headers = {}
-
         http_req = req.context.http_request
-
-        req.handlers.remove(Aws::S3::Plugins::S3Signer::LegacyHandler)
-        req.handlers.remove(Aws::Plugins::Sign::Handler)
         req.handlers.remove(Seahorse::Client::Plugins::ContentLength::Handler)
-
+        req.handlers.remove(Aws::Rest::ContentTypeHandler)
+        req.handlers.remove(Aws::Plugins::ChecksumAlgorithm::OptionHandler)
+        req.handlers.remove(Aws::Plugins::ChecksumAlgorithm::ChecksumHandler)
+        req.handlers.remove(Aws::Plugins::InvocationId::Handler)
+        req.handlers.remove(Aws::Plugins::Sign::Handler)
+        req.handlers.remove(Aws::S3::Plugins::S3Signer::LegacyHandler)
         req.handle(step: :send) do |context|
           # if an endpoint was not provided, force secure or insecure
           if context.config.regional_endpoint
@@ -232,10 +233,11 @@ module Aws
                    end
           signer = Aws::Sigv4::Signer.new(
             service: auth_scheme['signingName'] || 's3',
-            region: region || context.config.region,
-            credentials_provider: context.config.credentials,
+            region: context[:sigv4_region] || region || context.config.region,
+            credentials_provider: context[:sigv4_credentials] || context.config.credentials,
             signing_algorithm: scheme_name.to_sym,
             uri_escape_path: !!!auth_scheme['disableDoubleEncoding'],
+            normalize_path: !!!auth_scheme['disableNormalizePath'],
             unsigned_headers: unsigned_headers,
             apply_checksum_header: false
           )

data/lib/aws-sdk-s3/resource.rb

@@ -41,7 +41,21 @@ module Aws::S3
     #     acl: "private", # accepts private, public-read, public-read-write, authenticated-read
     #     bucket: "BucketName", # required
     #     create_bucket_configuration: {
-    #       location_constraint: "af-south-1", # accepts af-south-1, ap-east-1, ap-northeast-1, ap-northeast-2, ap-northeast-3, ap-south-1, ap-southeast-1, ap-southeast-2, ap-southeast-3, ca-central-1, cn-north-1, cn-northwest-1, EU, eu-central-1, eu-north-1, eu-south-1, eu-west-1, eu-west-2, eu-west-3, me-south-1, sa-east-1, us-east-2, us-gov-east-1, us-gov-west-1, us-west-1, us-west-2
+    #       location_constraint: "af-south-1", # accepts af-south-1, ap-east-1, ap-northeast-1, ap-northeast-2, ap-northeast-3, ap-south-1, ap-south-2, ap-southeast-1, ap-southeast-2, ap-southeast-3, ap-southeast-4, ap-southeast-5, ca-central-1, cn-north-1, cn-northwest-1, EU, eu-central-1, eu-central-2, eu-north-1, eu-south-1, eu-south-2, eu-west-1, eu-west-2, eu-west-3, il-central-1, me-central-1, me-south-1, sa-east-1, us-east-2, us-gov-east-1, us-gov-west-1, us-west-1, us-west-2
+    #       location: {
+    #         type: "AvailabilityZone", # accepts AvailabilityZone, LocalZone
+    #         name: "LocationNameAsString",
+    #       },
+    #       bucket: {
+    #         data_redundancy: "SingleAvailabilityZone", # accepts SingleAvailabilityZone, SingleLocalZone
+    #         type: "Directory", # accepts Directory
+    #       },
+    #       tags: [
+    #         {
+    #           key: "ObjectKey", # required
+    #           value: "Value", # required
+    #         },
+    #       ],
     #     },
     #     grant_full_control: "GrantFullControl",
     #     grant_read: "GrantRead",
@@ -54,47 +68,112 @@ module Aws::S3
     # @param [Hash] options ({})
     # @option options [String] :acl
     #   The canned ACL to apply to the bucket.
+    #
+    #   <note markdown="1"> This functionality is not supported for directory buckets.
+    #
+    #    </note>
     # @option options [required, String] :bucket
     #   The name of the bucket to create.
+    #
+    #   **General purpose buckets** - For information about bucket naming
+    #   restrictions, see [Bucket naming rules][1] in the *Amazon S3 User
+    #   Guide*.
+    #
+    #   <b>Directory buckets </b> - When you use this operation with a
+    #   directory bucket, you must use path-style requests in the format
+    #   `https://s3express-control.region-code.amazonaws.com/bucket-name `.
+    #   Virtual-hosted-style requests aren't supported. Directory bucket
+    #   names must be unique in the chosen Zone (Availability Zone or Local
+    #   Zone). Bucket names must also follow the format `
+    #   bucket-base-name--zone-id--x-s3` (for example, `
+    #   DOC-EXAMPLE-BUCKET--usw2-az1--x-s3`). For information about bucket
+    #   naming restrictions, see [Directory bucket naming rules][2] in the
+    #   *Amazon S3 User Guide*
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/bucketnamingrules.html
+    #   [2]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-bucket-naming-rules.html
     # @option options [Types::CreateBucketConfiguration] :create_bucket_configuration
     #   The configuration information for the bucket.
     # @option options [String] :grant_full_control
     #   Allows grantee the read, write, read ACP, and write ACP permissions on
     #   the bucket.
+    #
+    #   <note markdown="1"> This functionality is not supported for directory buckets.
+    #
+    #    </note>
     # @option options [String] :grant_read
     #   Allows grantee to list the objects in the bucket.
+    #
+    #   <note markdown="1"> This functionality is not supported for directory buckets.
+    #
+    #    </note>
     # @option options [String] :grant_read_acp
     #   Allows grantee to read the bucket ACL.
+    #
+    #   <note markdown="1"> This functionality is not supported for directory buckets.
+    #
+    #    </note>
     # @option options [String] :grant_write
     #   Allows grantee to create new objects in the bucket.
     #
     #   For the bucket and object owners of existing objects, also allows
     #   deletions and overwrites of those objects.
+    #
+    #   <note markdown="1"> This functionality is not supported for directory buckets.
+    #
+    #    </note>
     # @option options [String] :grant_write_acp
     #   Allows grantee to write the ACL for the applicable bucket.
+    #
+    #   <note markdown="1"> This functionality is not supported for directory buckets.
+    #
+    #    </note>
     # @option options [Boolean] :object_lock_enabled_for_bucket
     #   Specifies whether you want S3 Object Lock to be enabled for the new
     #   bucket.
+    #
+    #   <note markdown="1"> This functionality is not supported for directory buckets.
+    #
+    #    </note>
     # @option options [String] :object_ownership
     #   The container element for object ownership for a bucket's ownership
     #   controls.
     #
-    #   BucketOwnerPreferred - Objects uploaded to the bucket change ownership
-    #   to the bucket owner if the objects are uploaded with the
+    #   `BucketOwnerPreferred` - Objects uploaded to the bucket change
+    #   ownership to the bucket owner if the objects are uploaded with the
     #   `bucket-owner-full-control` canned ACL.
     #
-    #   ObjectWriter - The uploading account will own the object if the object
-    #   is uploaded with the `bucket-owner-full-control` canned ACL.
+    #   `ObjectWriter` - The uploading account will own the object if the
+    #   object is uploaded with the `bucket-owner-full-control` canned ACL.
+    #
+    #   `BucketOwnerEnforced` - Access control lists (ACLs) are disabled and
+    #   no longer affect permissions. The bucket owner automatically owns and
+    #   has full control over every object in the bucket. The bucket only
+    #   accepts PUT requests that don't specify an ACL or specify bucket
+    #   owner full control ACLs (such as the predefined
+    #   `bucket-owner-full-control` canned ACL or a custom ACL in XML format
+    #   that grants the same permissions).
+    #
+    #   By default, `ObjectOwnership` is set to `BucketOwnerEnforced` and ACLs
+    #   are disabled. We recommend keeping ACLs disabled, except in uncommon
+    #   use cases where you must control access for each object individually.
+    #   For more information about S3 Object Ownership, see [Controlling
+    #   ownership of objects and disabling ACLs for your bucket][1] in the
+    #   *Amazon S3 User Guide*.
+    #
+    #   <note markdown="1"> This functionality is not supported for directory buckets. Directory
+    #   buckets use the bucket owner enforced setting for S3 Object Ownership.
+    #
+    #    </note>
+    #
     #
-    #   BucketOwnerEnforced - Access control lists (ACLs) are disabled and no
-    #   longer affect permissions. The bucket owner automatically owns and has
-    #   full control over every object in the bucket. The bucket only accepts
-    #   PUT requests that don't specify an ACL or bucket owner full control
-    #   ACLs, such as the `bucket-owner-full-control` canned ACL or an
-    #   equivalent form of this ACL expressed in the XML format.
+    #
+    #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html
     # @return [Bucket]
     def create_bucket(options = {})
-      Aws::Plugins::UserAgent.feature('resource') do
+      Aws::Plugins::UserAgent.metric('RESOURCE_MODEL') do
         @client.create_bucket(options)
       end
       Bucket.new(
@@ -116,23 +195,49 @@ module Aws::S3
 
     # @example Request syntax with placeholder values
     #
-    #   s3.buckets()
+    #   buckets = s3.buckets({
+    #     prefix: "Prefix",
+    #     bucket_region: "BucketRegion",
+    #   })
     # @param [Hash] options ({})
+    # @option options [String] :prefix
+    #   Limits the response to bucket names that begin with the specified
+    #   bucket name prefix.
+    # @option options [String] :bucket_region
+    #   Limits the response to buckets that are located in the specified
+    #   Amazon Web Services Region. The Amazon Web Services Region must be
+    #   expressed according to the Amazon Web Services Region code, such as
+    #   `us-west-2` for the US West (Oregon) Region. For a list of the valid
+    #   values for all of the Amazon Web Services Regions, see [Regions and
+    #   Endpoints][1].
+    #
+    #   <note markdown="1"> Requests made to a Regional endpoint that is different from the
+    #   `bucket-region` parameter are not supported. For example, if you want
+    #   to limit the response to your buckets in Region `us-west-2`, the
+    #   request must be made to an endpoint in Region `us-west-2`.
+    #
+    #    </note>
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region
     # @return [Bucket::Collection]
     def buckets(options = {})
       batches = Enumerator.new do |y|
-        batch = []
-        resp = Aws::Plugins::UserAgent.feature('resource') do
+        resp = Aws::Plugins::UserAgent.metric('RESOURCE_MODEL') do
           @client.list_buckets(options)
         end
-        resp.data.buckets.each do |b|
-          batch << Bucket.new(
-            name: b.name,
-            data: b,
-            client: @client
-          )
+        resp.each_page do |page|
+          batch = []
+          page.data.buckets.each do |b|
+            batch << Bucket.new(
+              name: b.name,
+              data: b,
+              client: @client
+            )
+          end
+          y.yield(batch)
         end
-        y.yield(batch)
       end
       Bucket::Collection.new(batches)
     end