aws-sdk-s3 1.136.0 → 1.176.1

data/lib/aws-sdk-s3/plugins/s3_signer.rb

@@ -4,6 +4,11 @@ require 'aws-sigv4'
 
 module Aws
   module S3
+    # @api private
+    def self.bucket_region_cache
+      @bucket_region_cache ||= BucketRegionCache.new
+    end
+
     module Plugins
       # This plugin used to have a V4 signer but it was removed in favor of
       # generic Sign plugin that uses endpoint auth scheme.
@@ -51,7 +56,7 @@ module Aws
           private
 
           def check_for_cached_region(context, bucket)
-            cached_region = S3::BUCKET_REGIONS[bucket]
+            cached_region = Aws::S3.bucket_region_cache[bucket]
             if cached_region &&
                cached_region != context.config.region &&
                !S3Signer.custom_endpoint?(context)
@@ -97,7 +102,7 @@ module Aws
           end
 
           def update_bucket_cache(context, actual_region)
-            S3::BUCKET_REGIONS[context.params[:bucket]] = actual_region
+            Aws::S3.bucket_region_cache[context.params[:bucket]] = actual_region
           end
 
           def fips_region?(resp)

data/lib/aws-sdk-s3/presigner.rb

@@ -199,6 +199,8 @@ module Aws
         req.handlers.remove(Aws::S3::Plugins::S3Signer::LegacyHandler)
         req.handlers.remove(Aws::Plugins::Sign::Handler)
         req.handlers.remove(Seahorse::Client::Plugins::ContentLength::Handler)
+        req.handlers.remove(Aws::Rest::ContentTypeHandler)
+        req.handlers.remove(Aws::Plugins::InvocationId::Handler)
 
         req.handle(step: :send) do |context|
           # if an endpoint was not provided, force secure or insecure
@@ -232,10 +234,11 @@ module Aws
                    end
           signer = Aws::Sigv4::Signer.new(
             service: auth_scheme['signingName'] || 's3',
-            region: region || context.config.region,
-            credentials_provider: context.config.credentials,
+            region: context[:sigv4_region] || region || context.config.region,
+            credentials_provider: context[:sigv4_credentials] || context.config.credentials,
             signing_algorithm: scheme_name.to_sym,
             uri_escape_path: !!!auth_scheme['disableDoubleEncoding'],
+            normalize_path: !!!auth_scheme['disableNormalizePath'],
             unsigned_headers: unsigned_headers,
             apply_checksum_header: false
           )

data/lib/aws-sdk-s3/resource.rb

@@ -41,7 +41,15 @@ module Aws::S3
     #     acl: "private", # accepts private, public-read, public-read-write, authenticated-read
     #     bucket: "BucketName", # required
     #     create_bucket_configuration: {
-    #       location_constraint: "af-south-1", # accepts af-south-1, ap-east-1, ap-northeast-1, ap-northeast-2, ap-northeast-3, ap-south-1, ap-southeast-1, ap-southeast-2, ap-southeast-3, ca-central-1, cn-north-1, cn-northwest-1, EU, eu-central-1, eu-north-1, eu-south-1, eu-west-1, eu-west-2, eu-west-3, me-south-1, sa-east-1, us-east-2, us-gov-east-1, us-gov-west-1, us-west-1, us-west-2, ap-south-2, eu-south-2
+    #       location_constraint: "af-south-1", # accepts af-south-1, ap-east-1, ap-northeast-1, ap-northeast-2, ap-northeast-3, ap-south-1, ap-south-2, ap-southeast-1, ap-southeast-2, ap-southeast-3, ca-central-1, cn-north-1, cn-northwest-1, EU, eu-central-1, eu-north-1, eu-south-1, eu-south-2, eu-west-1, eu-west-2, eu-west-3, me-south-1, sa-east-1, us-east-2, us-gov-east-1, us-gov-west-1, us-west-1, us-west-2
+    #       location: {
+    #         type: "AvailabilityZone", # accepts AvailabilityZone, LocalZone
+    #         name: "LocationNameAsString",
+    #       },
+    #       bucket: {
+    #         data_redundancy: "SingleAvailabilityZone", # accepts SingleAvailabilityZone, SingleLocalZone
+    #         type: "Directory", # accepts Directory
+    #       },
     #     },
     #     grant_full_control: "GrantFullControl",
     #     grant_read: "GrantRead",
@@ -54,47 +62,112 @@ module Aws::S3
     # @param [Hash] options ({})
     # @option options [String] :acl
     #   The canned ACL to apply to the bucket.
+    #
+    #   <note markdown="1"> This functionality is not supported for directory buckets.
+    #
+    #    </note>
     # @option options [required, String] :bucket
     #   The name of the bucket to create.
+    #
+    #   **General purpose buckets** - For information about bucket naming
+    #   restrictions, see [Bucket naming rules][1] in the *Amazon S3 User
+    #   Guide*.
+    #
+    #   <b>Directory buckets </b> - When you use this operation with a
+    #   directory bucket, you must use path-style requests in the format
+    #   `https://s3express-control.region-code.amazonaws.com/bucket-name `.
+    #   Virtual-hosted-style requests aren't supported. Directory bucket
+    #   names must be unique in the chosen Zone (Availability Zone or Local
+    #   Zone). Bucket names must also follow the format `
+    #   bucket-base-name--zone-id--x-s3` (for example, `
+    #   DOC-EXAMPLE-BUCKET--usw2-az1--x-s3`). For information about bucket
+    #   naming restrictions, see [Directory bucket naming rules][2] in the
+    #   *Amazon S3 User Guide*
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/bucketnamingrules.html
+    #   [2]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-bucket-naming-rules.html
     # @option options [Types::CreateBucketConfiguration] :create_bucket_configuration
     #   The configuration information for the bucket.
     # @option options [String] :grant_full_control
     #   Allows grantee the read, write, read ACP, and write ACP permissions on
     #   the bucket.
+    #
+    #   <note markdown="1"> This functionality is not supported for directory buckets.
+    #
+    #    </note>
     # @option options [String] :grant_read
     #   Allows grantee to list the objects in the bucket.
+    #
+    #   <note markdown="1"> This functionality is not supported for directory buckets.
+    #
+    #    </note>
     # @option options [String] :grant_read_acp
     #   Allows grantee to read the bucket ACL.
+    #
+    #   <note markdown="1"> This functionality is not supported for directory buckets.
+    #
+    #    </note>
     # @option options [String] :grant_write
     #   Allows grantee to create new objects in the bucket.
     #
     #   For the bucket and object owners of existing objects, also allows
     #   deletions and overwrites of those objects.
+    #
+    #   <note markdown="1"> This functionality is not supported for directory buckets.
+    #
+    #    </note>
     # @option options [String] :grant_write_acp
     #   Allows grantee to write the ACL for the applicable bucket.
+    #
+    #   <note markdown="1"> This functionality is not supported for directory buckets.
+    #
+    #    </note>
     # @option options [Boolean] :object_lock_enabled_for_bucket
     #   Specifies whether you want S3 Object Lock to be enabled for the new
     #   bucket.
+    #
+    #   <note markdown="1"> This functionality is not supported for directory buckets.
+    #
+    #    </note>
     # @option options [String] :object_ownership
     #   The container element for object ownership for a bucket's ownership
     #   controls.
     #
-    #   BucketOwnerPreferred - Objects uploaded to the bucket change ownership
-    #   to the bucket owner if the objects are uploaded with the
+    #   `BucketOwnerPreferred` - Objects uploaded to the bucket change
+    #   ownership to the bucket owner if the objects are uploaded with the
     #   `bucket-owner-full-control` canned ACL.
     #
-    #   ObjectWriter - The uploading account will own the object if the object
-    #   is uploaded with the `bucket-owner-full-control` canned ACL.
+    #   `ObjectWriter` - The uploading account will own the object if the
+    #   object is uploaded with the `bucket-owner-full-control` canned ACL.
+    #
+    #   `BucketOwnerEnforced` - Access control lists (ACLs) are disabled and
+    #   no longer affect permissions. The bucket owner automatically owns and
+    #   has full control over every object in the bucket. The bucket only
+    #   accepts PUT requests that don't specify an ACL or specify bucket
+    #   owner full control ACLs (such as the predefined
+    #   `bucket-owner-full-control` canned ACL or a custom ACL in XML format
+    #   that grants the same permissions).
+    #
+    #   By default, `ObjectOwnership` is set to `BucketOwnerEnforced` and ACLs
+    #   are disabled. We recommend keeping ACLs disabled, except in uncommon
+    #   use cases where you must control access for each object individually.
+    #   For more information about S3 Object Ownership, see [Controlling
+    #   ownership of objects and disabling ACLs for your bucket][1] in the
+    #   *Amazon S3 User Guide*.
+    #
+    #   <note markdown="1"> This functionality is not supported for directory buckets. Directory
+    #   buckets use the bucket owner enforced setting for S3 Object Ownership.
+    #
+    #    </note>
+    #
     #
-    #   BucketOwnerEnforced - Access control lists (ACLs) are disabled and no
-    #   longer affect permissions. The bucket owner automatically owns and has
-    #   full control over every object in the bucket. The bucket only accepts
-    #   PUT requests that don't specify an ACL or bucket owner full control
-    #   ACLs, such as the `bucket-owner-full-control` canned ACL or an
-    #   equivalent form of this ACL expressed in the XML format.
+    #
+    #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html
     # @return [Bucket]
     def create_bucket(options = {})
-      Aws::Plugins::UserAgent.feature('resource') do
+      Aws::Plugins::UserAgent.metric('RESOURCE_MODEL') do
         @client.create_bucket(options)
       end
       Bucket.new(
@@ -116,23 +189,49 @@ module Aws::S3
 
     # @example Request syntax with placeholder values
     #
-    #   s3.buckets()
+    #   buckets = s3.buckets({
+    #     prefix: "Prefix",
+    #     bucket_region: "BucketRegion",
+    #   })
     # @param [Hash] options ({})
+    # @option options [String] :prefix
+    #   Limits the response to bucket names that begin with the specified
+    #   bucket name prefix.
+    # @option options [String] :bucket_region
+    #   Limits the response to buckets that are located in the specified
+    #   Amazon Web Services Region. The Amazon Web Services Region must be
+    #   expressed according to the Amazon Web Services Region code, such as
+    #   `us-west-2` for the US West (Oregon) Region. For a list of the valid
+    #   values for all of the Amazon Web Services Regions, see [Regions and
+    #   Endpoints][1].
+    #
+    #   <note markdown="1"> Requests made to a Regional endpoint that is different from the
+    #   `bucket-region` parameter are not supported. For example, if you want
+    #   to limit the response to your buckets in Region `us-west-2`, the
+    #   request must be made to an endpoint in Region `us-west-2`.
+    #
+    #    </note>
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region
     # @return [Bucket::Collection]
     def buckets(options = {})
       batches = Enumerator.new do |y|
-        batch = []
-        resp = Aws::Plugins::UserAgent.feature('resource') do
+        resp = Aws::Plugins::UserAgent.metric('RESOURCE_MODEL') do
           @client.list_buckets(options)
         end
-        resp.data.buckets.each do |b|
-          batch << Bucket.new(
-            name: b.name,
-            data: b,
-            client: @client
-          )
+        resp.each_page do |page|
+          batch = []
+          page.data.buckets.each do |b|
+            batch << Bucket.new(
+              name: b.name,
+              data: b,
+              client: @client
+            )
+          end
+          y.yield(batch)
         end
-        y.yield(batch)
       end
       Bucket::Collection.new(batches)
     end