aws-sdk-s3 1.13.0 → 1.146.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +5 -5
- data/CHANGELOG.md +1131 -0
- data/LICENSE.txt +202 -0
- data/VERSION +1 -0
- data/lib/aws-sdk-s3/bucket.rb +805 -91
- data/lib/aws-sdk-s3/bucket_acl.rb +66 -17
- data/lib/aws-sdk-s3/bucket_cors.rb +79 -17
- data/lib/aws-sdk-s3/bucket_lifecycle.rb +66 -19
- data/lib/aws-sdk-s3/bucket_lifecycle_configuration.rb +68 -19
- data/lib/aws-sdk-s3/bucket_logging.rb +68 -18
- data/lib/aws-sdk-s3/bucket_notification.rb +56 -20
- data/lib/aws-sdk-s3/bucket_policy.rb +107 -17
- data/lib/aws-sdk-s3/bucket_region_cache.rb +2 -0
- data/lib/aws-sdk-s3/bucket_request_payment.rb +60 -15
- data/lib/aws-sdk-s3/bucket_tagging.rb +71 -17
- data/lib/aws-sdk-s3/bucket_versioning.rb +133 -17
- data/lib/aws-sdk-s3/bucket_website.rb +78 -17
- data/lib/aws-sdk-s3/client.rb +16336 -3915
- data/lib/aws-sdk-s3/client_api.rb +1364 -173
- data/lib/aws-sdk-s3/customizations/bucket.rb +57 -38
- data/lib/aws-sdk-s3/customizations/errors.rb +27 -0
- data/lib/aws-sdk-s3/customizations/multipart_upload.rb +2 -0
- data/lib/aws-sdk-s3/customizations/object.rb +327 -53
- data/lib/aws-sdk-s3/customizations/object_summary.rb +12 -0
- data/lib/aws-sdk-s3/customizations/types/list_object_versions_output.rb +2 -0
- data/lib/aws-sdk-s3/customizations/types/permanent_redirect.rb +26 -0
- data/lib/aws-sdk-s3/customizations.rb +12 -1
- data/lib/aws-sdk-s3/encryption/client.rb +29 -8
- data/lib/aws-sdk-s3/encryption/decrypt_handler.rb +71 -29
- data/lib/aws-sdk-s3/encryption/default_cipher_provider.rb +43 -5
- data/lib/aws-sdk-s3/encryption/default_key_provider.rb +2 -0
- data/lib/aws-sdk-s3/encryption/encrypt_handler.rb +13 -2
- data/lib/aws-sdk-s3/encryption/errors.rb +2 -0
- data/lib/aws-sdk-s3/encryption/io_auth_decrypter.rb +11 -3
- data/lib/aws-sdk-s3/encryption/io_decrypter.rb +11 -3
- data/lib/aws-sdk-s3/encryption/io_encrypter.rb +2 -0
- data/lib/aws-sdk-s3/encryption/key_provider.rb +2 -0
- data/lib/aws-sdk-s3/encryption/kms_cipher_provider.rb +46 -11
- data/lib/aws-sdk-s3/encryption/materials.rb +8 -6
- data/lib/aws-sdk-s3/encryption/utils.rb +25 -0
- data/lib/aws-sdk-s3/encryption.rb +4 -0
- data/lib/aws-sdk-s3/encryptionV2/client.rb +570 -0
- data/lib/aws-sdk-s3/encryptionV2/decrypt_handler.rb +223 -0
- data/lib/aws-sdk-s3/encryptionV2/default_cipher_provider.rb +170 -0
- data/lib/aws-sdk-s3/encryptionV2/default_key_provider.rb +40 -0
- data/lib/aws-sdk-s3/encryptionV2/encrypt_handler.rb +65 -0
- data/lib/aws-sdk-s3/encryptionV2/errors.rb +37 -0
- data/lib/aws-sdk-s3/encryptionV2/io_auth_decrypter.rb +58 -0
- data/lib/aws-sdk-s3/encryptionV2/io_decrypter.rb +37 -0
- data/lib/aws-sdk-s3/encryptionV2/io_encrypter.rb +73 -0
- data/lib/aws-sdk-s3/encryptionV2/key_provider.rb +31 -0
- data/lib/aws-sdk-s3/encryptionV2/kms_cipher_provider.rb +173 -0
- data/lib/aws-sdk-s3/encryptionV2/materials.rb +60 -0
- data/lib/aws-sdk-s3/encryptionV2/utils.rb +103 -0
- data/lib/aws-sdk-s3/encryption_v2.rb +23 -0
- data/lib/aws-sdk-s3/endpoint_parameters.rb +178 -0
- data/lib/aws-sdk-s3/endpoint_provider.rb +591 -0
- data/lib/aws-sdk-s3/endpoints.rb +2590 -0
- data/lib/aws-sdk-s3/errors.rb +123 -1
- data/lib/aws-sdk-s3/event_streams.rb +20 -7
- data/lib/aws-sdk-s3/express_credentials.rb +55 -0
- data/lib/aws-sdk-s3/express_credentials_cache.rb +30 -0
- data/lib/aws-sdk-s3/express_credentials_provider.rb +36 -0
- data/lib/aws-sdk-s3/file_downloader.rb +184 -51
- data/lib/aws-sdk-s3/file_part.rb +16 -13
- data/lib/aws-sdk-s3/file_uploader.rb +39 -20
- data/lib/aws-sdk-s3/legacy_signer.rb +17 -25
- data/lib/aws-sdk-s3/multipart_file_uploader.rb +82 -23
- data/lib/aws-sdk-s3/multipart_stream_uploader.rb +202 -0
- data/lib/aws-sdk-s3/multipart_upload.rb +242 -31
- data/lib/aws-sdk-s3/multipart_upload_error.rb +2 -0
- data/lib/aws-sdk-s3/multipart_upload_part.rb +371 -47
- data/lib/aws-sdk-s3/object.rb +2260 -217
- data/lib/aws-sdk-s3/object_acl.rb +105 -24
- data/lib/aws-sdk-s3/object_copier.rb +9 -5
- data/lib/aws-sdk-s3/object_multipart_copier.rb +43 -19
- data/lib/aws-sdk-s3/object_summary.rb +1851 -186
- data/lib/aws-sdk-s3/object_version.rb +457 -74
- data/lib/aws-sdk-s3/plugins/accelerate.rb +17 -64
- data/lib/aws-sdk-s3/plugins/arn.rb +70 -0
- data/lib/aws-sdk-s3/plugins/bucket_dns.rb +7 -43
- data/lib/aws-sdk-s3/plugins/bucket_name_restrictions.rb +20 -3
- data/lib/aws-sdk-s3/plugins/dualstack.rb +7 -50
- data/lib/aws-sdk-s3/plugins/endpoints.rb +274 -0
- data/lib/aws-sdk-s3/plugins/expect_100_continue.rb +5 -4
- data/lib/aws-sdk-s3/plugins/express_session_auth.rb +91 -0
- data/lib/aws-sdk-s3/plugins/get_bucket_location_fix.rb +3 -1
- data/lib/aws-sdk-s3/plugins/http_200_errors.rb +11 -3
- data/lib/aws-sdk-s3/plugins/iad_regional_endpoint.rb +44 -0
- data/lib/aws-sdk-s3/plugins/location_constraint.rb +5 -1
- data/lib/aws-sdk-s3/plugins/md5s.rb +35 -27
- data/lib/aws-sdk-s3/plugins/redirects.rb +5 -1
- data/lib/aws-sdk-s3/plugins/s3_host_id.rb +2 -0
- data/lib/aws-sdk-s3/plugins/s3_signer.rb +60 -91
- data/lib/aws-sdk-s3/plugins/skip_whole_multipart_get_checksums.rb +31 -0
- data/lib/aws-sdk-s3/plugins/sse_cpk.rb +3 -1
- data/lib/aws-sdk-s3/plugins/streaming_retry.rb +139 -0
- data/lib/aws-sdk-s3/plugins/url_encoded_keys.rb +2 -0
- data/lib/aws-sdk-s3/presigned_post.rb +160 -99
- data/lib/aws-sdk-s3/presigner.rb +172 -77
- data/lib/aws-sdk-s3/resource.rb +122 -6
- data/lib/aws-sdk-s3/types.rb +13937 -5517
- data/lib/aws-sdk-s3/waiters.rb +67 -1
- data/lib/aws-sdk-s3.rb +16 -6
- data/sig/bucket.rbs +212 -0
- data/sig/bucket_acl.rbs +78 -0
- data/sig/bucket_cors.rbs +69 -0
- data/sig/bucket_lifecycle.rbs +88 -0
- data/sig/bucket_lifecycle_configuration.rbs +111 -0
- data/sig/bucket_logging.rbs +76 -0
- data/sig/bucket_notification.rbs +114 -0
- data/sig/bucket_policy.rbs +59 -0
- data/sig/bucket_request_payment.rbs +54 -0
- data/sig/bucket_tagging.rbs +65 -0
- data/sig/bucket_versioning.rbs +77 -0
- data/sig/bucket_website.rbs +93 -0
- data/sig/client.rbs +2360 -0
- data/sig/errors.rbs +34 -0
- data/sig/multipart_upload.rbs +110 -0
- data/sig/multipart_upload_part.rbs +105 -0
- data/sig/object.rbs +436 -0
- data/sig/object_acl.rbs +86 -0
- data/sig/object_summary.rbs +334 -0
- data/sig/object_version.rbs +131 -0
- data/sig/resource.rbs +124 -0
- data/sig/types.rbs +2562 -0
- data/sig/waiters.rbs +83 -0
- metadata +70 -16
data/lib/aws-sdk-s3/presigner.rb
CHANGED
@@ -1,27 +1,47 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
module Aws
|
2
4
|
module S3
|
3
|
-
|
4
|
-
# Allows you to create presigned URLs for S3 operations.
|
5
|
-
#
|
6
|
-
# Example Use:
|
7
|
-
#
|
8
|
-
# signer = Aws::S3::Presigner.new
|
9
|
-
# url = signer.presigned_url(:get_object, bucket: "bucket", key: "key")
|
10
|
-
#
|
11
5
|
class Presigner
|
12
|
-
|
13
6
|
# @api private
|
14
7
|
ONE_WEEK = 60 * 60 * 24 * 7
|
15
8
|
|
16
9
|
# @api private
|
17
10
|
FIFTEEN_MINUTES = 60 * 15
|
18
11
|
|
12
|
+
# @api private
|
13
|
+
BLACKLISTED_HEADERS = [
|
14
|
+
'accept',
|
15
|
+
'amz-sdk-request',
|
16
|
+
'cache-control',
|
17
|
+
'content-length', # due to a ELB bug
|
18
|
+
'expect',
|
19
|
+
'from',
|
20
|
+
'if-match',
|
21
|
+
'if-none-match',
|
22
|
+
'if-modified-since',
|
23
|
+
'if-unmodified-since',
|
24
|
+
'if-range',
|
25
|
+
'max-forwards',
|
26
|
+
'pragma',
|
27
|
+
'proxy-authorization',
|
28
|
+
'referer',
|
29
|
+
'te',
|
30
|
+
'user-agent'
|
31
|
+
].freeze
|
32
|
+
|
19
33
|
# @option options [Client] :client Optionally provide an existing
|
20
34
|
# S3 client
|
21
35
|
def initialize(options = {})
|
22
36
|
@client = options[:client] || Aws::S3::Client.new
|
23
37
|
end
|
24
38
|
|
39
|
+
# Create presigned URLs for S3 operations.
|
40
|
+
#
|
41
|
+
# @example
|
42
|
+
# signer = Aws::S3::Presigner.new
|
43
|
+
# url = signer.presigned_url(:get_object, bucket: "bucket", key: "key")
|
44
|
+
#
|
25
45
|
# @param [Symbol] method Symbolized method name of the operation you want
|
26
46
|
# to presign.
|
27
47
|
#
|
@@ -29,7 +49,59 @@ module Aws
|
|
29
49
|
# before the presigned URL expires. Defaults to 15 minutes. As signature
|
30
50
|
# version 4 has a maximum expiry time of one week for presigned URLs,
|
31
51
|
# attempts to set this value to greater than one week (604800) will
|
32
|
-
# raise an exception.
|
52
|
+
# raise an exception. The min value of this option and the credentials
|
53
|
+
# expiration time is used in the presigned URL.
|
54
|
+
#
|
55
|
+
# @option params [Time] :time (Time.now) The starting time for when the
|
56
|
+
# presigned url becomes active.
|
57
|
+
#
|
58
|
+
# @option params [Boolean] :secure (true) When `false`, a HTTP URL
|
59
|
+
# is returned instead of the default HTTPS URL.
|
60
|
+
#
|
61
|
+
# @option params [Boolean] :virtual_host (false) When `true`, the
|
62
|
+
# bucket name will be used as the hostname.
|
63
|
+
#
|
64
|
+
# @option params [Boolean] :use_accelerate_endpoint (false) When `true`,
|
65
|
+
# Presigner will attempt to use accelerated endpoint.
|
66
|
+
#
|
67
|
+
# @option params [Array<String>] :whitelist_headers ([]) Additional
|
68
|
+
# headers to be included for the signed request. Certain headers beyond
|
69
|
+
# the authorization header could, in theory, be changed for various
|
70
|
+
# reasons (including but not limited to proxies) while in transit and
|
71
|
+
# after signing. This would lead to signature errors being returned,
|
72
|
+
# despite no actual problems with signing. (see BLACKLISTED_HEADERS)
|
73
|
+
#
|
74
|
+
# @raise [ArgumentError] Raises an ArgumentError if `:expires_in`
|
75
|
+
# exceeds one week.
|
76
|
+
#
|
77
|
+
# @return [String] a presigned url
|
78
|
+
def presigned_url(method, params = {})
|
79
|
+
url, _headers = _presigned_request(method, params)
|
80
|
+
url
|
81
|
+
end
|
82
|
+
|
83
|
+
# Allows you to create presigned URL requests for S3 operations. This
|
84
|
+
# method returns a tuple containing the URL and the signed X-amz-* headers
|
85
|
+
# to be used with the presigned url.
|
86
|
+
#
|
87
|
+
# @example
|
88
|
+
# signer = Aws::S3::Presigner.new
|
89
|
+
# url, headers = signer.presigned_request(
|
90
|
+
# :get_object, bucket: "bucket", key: "key"
|
91
|
+
# )
|
92
|
+
#
|
93
|
+
# @param [Symbol] method Symbolized method name of the operation you want
|
94
|
+
# to presign.
|
95
|
+
#
|
96
|
+
# @option params [Integer] :expires_in (900) The number of seconds
|
97
|
+
# before the presigned URL expires. Defaults to 15 minutes. As signature
|
98
|
+
# version 4 has a maximum expiry time of one week for presigned URLs,
|
99
|
+
# attempts to set this value to greater than one week (604800) will
|
100
|
+
# raise an exception. The min value of this option and the credentials
|
101
|
+
# expiration time is used in the presigned URL.
|
102
|
+
#
|
103
|
+
# @option params [Time] :time (Time.now) The starting time for when the
|
104
|
+
# presigned url becomes active.
|
33
105
|
#
|
34
106
|
# @option params [Boolean] :secure (true) When `false`, a HTTP URL
|
35
107
|
# is returned instead of the default HTTPS URL.
|
@@ -38,37 +110,57 @@ module Aws
|
|
38
110
|
# bucket name will be used as the hostname. This will cause
|
39
111
|
# the returned URL to be 'http' and not 'https'.
|
40
112
|
#
|
113
|
+
# @option params [Boolean] :use_accelerate_endpoint (false) When `true`,
|
114
|
+
# Presigner will attempt to use accelerated endpoint.
|
115
|
+
#
|
116
|
+
# @option params [Array<String>] :whitelist_headers ([]) Additional
|
117
|
+
# headers to be included for the signed request. Certain headers beyond
|
118
|
+
# the authorization header could, in theory, be changed for various
|
119
|
+
# reasons (including but not limited to proxies) while in transit and
|
120
|
+
# after signing. This would lead to signature errors being returned,
|
121
|
+
# despite no actual problems with signing. (see BLACKLISTED_HEADERS)
|
122
|
+
#
|
41
123
|
# @raise [ArgumentError] Raises an ArgumentError if `:expires_in`
|
42
124
|
# exceeds one week.
|
43
125
|
#
|
44
|
-
|
45
|
-
|
46
|
-
|
47
|
-
|
48
|
-
|
49
|
-
|
126
|
+
# @return [String, Hash] A tuple with a presigned URL and headers that
|
127
|
+
# should be included with the request.
|
128
|
+
def presigned_request(method, params = {})
|
129
|
+
_presigned_request(method, params, false)
|
130
|
+
end
|
131
|
+
|
132
|
+
private
|
133
|
+
|
134
|
+
def _presigned_request(method, params, hoist = true)
|
135
|
+
virtual_host = params.delete(:virtual_host)
|
136
|
+
time = params.delete(:time)
|
137
|
+
unsigned_headers = unsigned_headers(params)
|
138
|
+
secure = params.delete(:secure) != false
|
139
|
+
expires_in = expires_in(params)
|
50
140
|
|
51
141
|
req = @client.build_request(method, params)
|
52
142
|
use_bucket_as_hostname(req) if virtual_host
|
53
|
-
|
54
|
-
req.send_request.data
|
55
|
-
end
|
143
|
+
handle_presigned_url_context(req)
|
56
144
|
|
57
|
-
|
145
|
+
x_amz_headers = sign_but_dont_send(
|
146
|
+
req, expires_in, secure, time, unsigned_headers, hoist
|
147
|
+
)
|
148
|
+
[req.send_request.data, x_amz_headers]
|
149
|
+
end
|
58
150
|
|
59
|
-
def
|
60
|
-
|
61
|
-
|
62
|
-
else
|
63
|
-
@client.config.endpoint.scheme
|
64
|
-
end
|
151
|
+
def unsigned_headers(params)
|
152
|
+
whitelist_headers = params.delete(:whitelist_headers) || []
|
153
|
+
BLACKLISTED_HEADERS - whitelist_headers
|
65
154
|
end
|
66
155
|
|
67
156
|
def expires_in(params)
|
68
|
-
if expires_in = params.delete(:expires_in)
|
157
|
+
if (expires_in = params.delete(:expires_in))
|
69
158
|
if expires_in > ONE_WEEK
|
70
|
-
|
71
|
-
|
159
|
+
raise ArgumentError,
|
160
|
+
"expires_in value of #{expires_in} exceeds one-week maximum."
|
161
|
+
elsif expires_in <= 0
|
162
|
+
raise ArgumentError,
|
163
|
+
"expires_in value of #{expires_in} cannot be 0 or less."
|
72
164
|
end
|
73
165
|
expires_in
|
74
166
|
else
|
@@ -77,88 +169,91 @@ module Aws
|
|
77
169
|
end
|
78
170
|
|
79
171
|
def use_bucket_as_hostname(req)
|
80
|
-
req.
|
81
|
-
req.handle do |context|
|
172
|
+
req.handle(priority: 35) do |context|
|
82
173
|
uri = context.http_request.endpoint
|
83
174
|
uri.host = context.params[:bucket]
|
84
175
|
uri.path.sub!("/#{context.params[:bucket]}", '')
|
85
|
-
|
86
|
-
|
176
|
+
@handler.call(context)
|
177
|
+
end
|
178
|
+
end
|
179
|
+
|
180
|
+
# Used for excluding presigned_urls from API request count.
|
181
|
+
#
|
182
|
+
# Store context information as early as possible, to allow
|
183
|
+
# handlers to perform decisions based on this flag if need.
|
184
|
+
def handle_presigned_url_context(req)
|
185
|
+
req.handle(step: :initialize, priority: 98) do |context|
|
186
|
+
context[:presigned_url] = true
|
87
187
|
@handler.call(context)
|
88
188
|
end
|
89
189
|
end
|
90
190
|
|
91
191
|
# @param [Seahorse::Client::Request] req
|
92
|
-
def sign_but_dont_send(
|
192
|
+
def sign_but_dont_send(
|
193
|
+
req, expires_in, secure, time, unsigned_headers, hoist = true
|
194
|
+
)
|
195
|
+
x_amz_headers = {}
|
93
196
|
|
94
197
|
http_req = req.context.http_request
|
95
198
|
|
96
199
|
req.handlers.remove(Aws::S3::Plugins::S3Signer::LegacyHandler)
|
97
|
-
req.handlers.remove(Aws::
|
200
|
+
req.handlers.remove(Aws::Plugins::Sign::Handler)
|
98
201
|
req.handlers.remove(Seahorse::Client::Plugins::ContentLength::Handler)
|
99
202
|
|
100
|
-
signer = build_signer(req.context.config)
|
101
|
-
|
102
203
|
req.handle(step: :send) do |context|
|
103
|
-
|
104
|
-
if
|
105
|
-
endpoint =
|
106
|
-
endpoint.
|
107
|
-
endpoint.port = (scheme == 'http' ? 80 : 443)
|
108
|
-
http_req.endpoint = URI.parse(endpoint.to_s)
|
204
|
+
# if an endpoint was not provided, force secure or insecure
|
205
|
+
if context.config.regional_endpoint
|
206
|
+
http_req.endpoint.scheme = secure ? 'https' : 'http'
|
207
|
+
http_req.endpoint.port = secure ? 443 : 80
|
109
208
|
end
|
110
209
|
|
111
|
-
# hoist x-amz-* headers to the querystring
|
112
210
|
query = http_req.endpoint.query ? http_req.endpoint.query.split('&') : []
|
113
|
-
http_req.headers.
|
114
|
-
|
115
|
-
|
211
|
+
http_req.headers.each do |key, value|
|
212
|
+
next unless key =~ /^x-amz/i
|
213
|
+
|
214
|
+
if hoist
|
215
|
+
value = Aws::Sigv4::Signer.uri_escape(value)
|
116
216
|
key = Aws::Sigv4::Signer.uri_escape(key)
|
217
|
+
# hoist x-amz-* headers to the querystring
|
218
|
+
http_req.headers.delete(key)
|
117
219
|
query << "#{key}=#{value}"
|
220
|
+
else
|
221
|
+
x_amz_headers[key] = value
|
118
222
|
end
|
119
223
|
end
|
120
224
|
http_req.endpoint.query = query.join('&') unless query.empty?
|
121
225
|
|
226
|
+
auth_scheme = context[:auth_scheme]
|
227
|
+
scheme_name = auth_scheme['name']
|
228
|
+
region = if scheme_name == 'sigv4a'
|
229
|
+
auth_scheme['signingRegionSet'].first
|
230
|
+
else
|
231
|
+
auth_scheme['signingRegion']
|
232
|
+
end
|
233
|
+
signer = Aws::Sigv4::Signer.new(
|
234
|
+
service: auth_scheme['signingName'] || 's3',
|
235
|
+
region: context[:sigv4_region] || region || context.config.region,
|
236
|
+
credentials_provider: context[:sigv4_credentials] || context.config.credentials,
|
237
|
+
signing_algorithm: scheme_name.to_sym,
|
238
|
+
uri_escape_path: !!!auth_scheme['disableDoubleEncoding'],
|
239
|
+
unsigned_headers: unsigned_headers,
|
240
|
+
apply_checksum_header: false
|
241
|
+
)
|
242
|
+
|
122
243
|
url = signer.presign_url(
|
123
244
|
http_method: http_req.http_method,
|
124
245
|
url: http_req.endpoint,
|
125
246
|
headers: http_req.headers,
|
126
247
|
body_digest: 'UNSIGNED-PAYLOAD',
|
127
|
-
expires_in: expires_in
|
248
|
+
expires_in: expires_in,
|
249
|
+
time: time
|
128
250
|
).to_s
|
129
251
|
|
130
252
|
Seahorse::Client::Response.new(context: context, data: url)
|
131
253
|
end
|
254
|
+
# Return the headers
|
255
|
+
x_amz_headers
|
132
256
|
end
|
133
|
-
|
134
|
-
def build_signer(cfg)
|
135
|
-
Aws::Sigv4::Signer.new(
|
136
|
-
service: 's3',
|
137
|
-
region: cfg.region,
|
138
|
-
credentials_provider: cfg.credentials,
|
139
|
-
unsigned_headers: [
|
140
|
-
'cache-control',
|
141
|
-
'content-length', # due to a ELB bug
|
142
|
-
'expect',
|
143
|
-
'max-forwards',
|
144
|
-
'pragma',
|
145
|
-
'te',
|
146
|
-
'if-match',
|
147
|
-
'if-none-match',
|
148
|
-
'if-modified-since',
|
149
|
-
'if-unmodified-since',
|
150
|
-
'if-range',
|
151
|
-
'accept',
|
152
|
-
'proxy-authorization',
|
153
|
-
'from',
|
154
|
-
'referer',
|
155
|
-
'user-agent',
|
156
|
-
'x-amzn-trace-id'
|
157
|
-
],
|
158
|
-
uri_escape_path: false
|
159
|
-
)
|
160
|
-
end
|
161
|
-
|
162
257
|
end
|
163
258
|
end
|
164
259
|
end
|
data/lib/aws-sdk-s3/resource.rb
CHANGED
@@ -1,11 +1,25 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
# WARNING ABOUT GENERATED CODE
|
2
4
|
#
|
3
5
|
# This file is generated. See the contributing guide for more information:
|
4
|
-
# https://github.com/aws/aws-sdk-ruby/blob/
|
6
|
+
# https://github.com/aws/aws-sdk-ruby/blob/version-3/CONTRIBUTING.md
|
5
7
|
#
|
6
8
|
# WARNING ABOUT GENERATED CODE
|
7
9
|
|
8
10
|
module Aws::S3
|
11
|
+
|
12
|
+
# This class provides a resource oriented interface for S3.
|
13
|
+
# To create a resource object:
|
14
|
+
#
|
15
|
+
# resource = Aws::S3::Resource.new(region: 'us-west-2')
|
16
|
+
#
|
17
|
+
# You can supply a client object with custom configuration that will be used for all resource operations.
|
18
|
+
# If you do not pass `:client`, a default client will be constructed.
|
19
|
+
#
|
20
|
+
# client = Aws::S3::Client.new(region: 'us-west-2')
|
21
|
+
# resource = Aws::S3::Resource.new(client: client)
|
22
|
+
#
|
9
23
|
class Resource
|
10
24
|
|
11
25
|
# @param options ({})
|
@@ -27,34 +41,134 @@ module Aws::S3
|
|
27
41
|
# acl: "private", # accepts private, public-read, public-read-write, authenticated-read
|
28
42
|
# bucket: "BucketName", # required
|
29
43
|
# create_bucket_configuration: {
|
30
|
-
# location_constraint: "
|
44
|
+
# location_constraint: "af-south-1", # accepts af-south-1, ap-east-1, ap-northeast-1, ap-northeast-2, ap-northeast-3, ap-south-1, ap-south-2, ap-southeast-1, ap-southeast-2, ap-southeast-3, ca-central-1, cn-north-1, cn-northwest-1, EU, eu-central-1, eu-north-1, eu-south-1, eu-south-2, eu-west-1, eu-west-2, eu-west-3, me-south-1, sa-east-1, us-east-2, us-gov-east-1, us-gov-west-1, us-west-1, us-west-2
|
45
|
+
# location: {
|
46
|
+
# type: "AvailabilityZone", # accepts AvailabilityZone
|
47
|
+
# name: "LocationNameAsString",
|
48
|
+
# },
|
49
|
+
# bucket: {
|
50
|
+
# data_redundancy: "SingleAvailabilityZone", # accepts SingleAvailabilityZone
|
51
|
+
# type: "Directory", # accepts Directory
|
52
|
+
# },
|
31
53
|
# },
|
32
54
|
# grant_full_control: "GrantFullControl",
|
33
55
|
# grant_read: "GrantRead",
|
34
56
|
# grant_read_acp: "GrantReadACP",
|
35
57
|
# grant_write: "GrantWrite",
|
36
58
|
# grant_write_acp: "GrantWriteACP",
|
59
|
+
# object_lock_enabled_for_bucket: false,
|
60
|
+
# object_ownership: "BucketOwnerPreferred", # accepts BucketOwnerPreferred, ObjectWriter, BucketOwnerEnforced
|
37
61
|
# })
|
38
62
|
# @param [Hash] options ({})
|
39
63
|
# @option options [String] :acl
|
40
64
|
# The canned ACL to apply to the bucket.
|
65
|
+
#
|
66
|
+
# <note markdown="1"> This functionality is not supported for directory buckets.
|
67
|
+
#
|
68
|
+
# </note>
|
41
69
|
# @option options [required, String] :bucket
|
70
|
+
# The name of the bucket to create.
|
71
|
+
#
|
72
|
+
# **General purpose buckets** - For information about bucket naming
|
73
|
+
# restrictions, see [Bucket naming rules][1] in the *Amazon S3 User
|
74
|
+
# Guide*.
|
75
|
+
#
|
76
|
+
# <b>Directory buckets </b> - When you use this operation with a
|
77
|
+
# directory bucket, you must use path-style requests in the format
|
78
|
+
# `https://s3express-control.region_code.amazonaws.com/bucket-name `.
|
79
|
+
# Virtual-hosted-style requests aren't supported. Directory bucket
|
80
|
+
# names must be unique in the chosen Availability Zone. Bucket names
|
81
|
+
# must also follow the format ` bucket_base_name--az_id--x-s3` (for
|
82
|
+
# example, ` DOC-EXAMPLE-BUCKET--usw2-az1--x-s3`). For information about
|
83
|
+
# bucket naming restrictions, see [Directory bucket naming rules][2] in
|
84
|
+
# the *Amazon S3 User Guide*
|
85
|
+
#
|
86
|
+
#
|
87
|
+
#
|
88
|
+
# [1]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/bucketnamingrules.html
|
89
|
+
# [2]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-bucket-naming-rules.html
|
42
90
|
# @option options [Types::CreateBucketConfiguration] :create_bucket_configuration
|
91
|
+
# The configuration information for the bucket.
|
43
92
|
# @option options [String] :grant_full_control
|
44
93
|
# Allows grantee the read, write, read ACP, and write ACP permissions on
|
45
94
|
# the bucket.
|
95
|
+
#
|
96
|
+
# <note markdown="1"> This functionality is not supported for directory buckets.
|
97
|
+
#
|
98
|
+
# </note>
|
46
99
|
# @option options [String] :grant_read
|
47
100
|
# Allows grantee to list the objects in the bucket.
|
101
|
+
#
|
102
|
+
# <note markdown="1"> This functionality is not supported for directory buckets.
|
103
|
+
#
|
104
|
+
# </note>
|
48
105
|
# @option options [String] :grant_read_acp
|
49
106
|
# Allows grantee to read the bucket ACL.
|
107
|
+
#
|
108
|
+
# <note markdown="1"> This functionality is not supported for directory buckets.
|
109
|
+
#
|
110
|
+
# </note>
|
50
111
|
# @option options [String] :grant_write
|
51
|
-
# Allows grantee to create
|
52
|
-
#
|
112
|
+
# Allows grantee to create new objects in the bucket.
|
113
|
+
#
|
114
|
+
# For the bucket and object owners of existing objects, also allows
|
115
|
+
# deletions and overwrites of those objects.
|
116
|
+
#
|
117
|
+
# <note markdown="1"> This functionality is not supported for directory buckets.
|
118
|
+
#
|
119
|
+
# </note>
|
53
120
|
# @option options [String] :grant_write_acp
|
54
121
|
# Allows grantee to write the ACL for the applicable bucket.
|
122
|
+
#
|
123
|
+
# <note markdown="1"> This functionality is not supported for directory buckets.
|
124
|
+
#
|
125
|
+
# </note>
|
126
|
+
# @option options [Boolean] :object_lock_enabled_for_bucket
|
127
|
+
# Specifies whether you want S3 Object Lock to be enabled for the new
|
128
|
+
# bucket.
|
129
|
+
#
|
130
|
+
# <note markdown="1"> This functionality is not supported for directory buckets.
|
131
|
+
#
|
132
|
+
# </note>
|
133
|
+
# @option options [String] :object_ownership
|
134
|
+
# The container element for object ownership for a bucket's ownership
|
135
|
+
# controls.
|
136
|
+
#
|
137
|
+
# `BucketOwnerPreferred` - Objects uploaded to the bucket change
|
138
|
+
# ownership to the bucket owner if the objects are uploaded with the
|
139
|
+
# `bucket-owner-full-control` canned ACL.
|
140
|
+
#
|
141
|
+
# `ObjectWriter` - The uploading account will own the object if the
|
142
|
+
# object is uploaded with the `bucket-owner-full-control` canned ACL.
|
143
|
+
#
|
144
|
+
# `BucketOwnerEnforced` - Access control lists (ACLs) are disabled and
|
145
|
+
# no longer affect permissions. The bucket owner automatically owns and
|
146
|
+
# has full control over every object in the bucket. The bucket only
|
147
|
+
# accepts PUT requests that don't specify an ACL or specify bucket
|
148
|
+
# owner full control ACLs (such as the predefined
|
149
|
+
# `bucket-owner-full-control` canned ACL or a custom ACL in XML format
|
150
|
+
# that grants the same permissions).
|
151
|
+
#
|
152
|
+
# By default, `ObjectOwnership` is set to `BucketOwnerEnforced` and ACLs
|
153
|
+
# are disabled. We recommend keeping ACLs disabled, except in uncommon
|
154
|
+
# use cases where you must control access for each object individually.
|
155
|
+
# For more information about S3 Object Ownership, see [Controlling
|
156
|
+
# ownership of objects and disabling ACLs for your bucket][1] in the
|
157
|
+
# *Amazon S3 User Guide*.
|
158
|
+
#
|
159
|
+
# <note markdown="1"> This functionality is not supported for directory buckets. Directory
|
160
|
+
# buckets use the bucket owner enforced setting for S3 Object Ownership.
|
161
|
+
#
|
162
|
+
# </note>
|
163
|
+
#
|
164
|
+
#
|
165
|
+
#
|
166
|
+
# [1]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html
|
55
167
|
# @return [Bucket]
|
56
168
|
def create_bucket(options = {})
|
57
|
-
|
169
|
+
Aws::Plugins::UserAgent.feature('resource') do
|
170
|
+
@client.create_bucket(options)
|
171
|
+
end
|
58
172
|
Bucket.new(
|
59
173
|
name: options[:bucket],
|
60
174
|
client: @client
|
@@ -80,7 +194,9 @@ module Aws::S3
|
|
80
194
|
def buckets(options = {})
|
81
195
|
batches = Enumerator.new do |y|
|
82
196
|
batch = []
|
83
|
-
resp =
|
197
|
+
resp = Aws::Plugins::UserAgent.feature('resource') do
|
198
|
+
@client.list_buckets(options)
|
199
|
+
end
|
84
200
|
resp.data.buckets.each do |b|
|
85
201
|
batch << Bucket.new(
|
86
202
|
name: b.name,
|