aws-sdk-s3 1.136.0 → 1.208.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (119) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +452 -1
  3. data/VERSION +1 -1
  4. data/lib/aws-sdk-s3/access_grants_credentials.rb +57 -0
  5. data/lib/aws-sdk-s3/access_grants_credentials_provider.rb +250 -0
  6. data/lib/aws-sdk-s3/bucket.rb +728 -145
  7. data/lib/aws-sdk-s3/bucket_acl.rb +19 -18
  8. data/lib/aws-sdk-s3/bucket_cors.rb +22 -21
  9. data/lib/aws-sdk-s3/bucket_lifecycle.rb +23 -18
  10. data/lib/aws-sdk-s3/bucket_lifecycle_configuration.rb +76 -19
  11. data/lib/aws-sdk-s3/bucket_logging.rb +21 -14
  12. data/lib/aws-sdk-s3/bucket_notification.rb +6 -6
  13. data/lib/aws-sdk-s3/bucket_policy.rb +65 -20
  14. data/lib/aws-sdk-s3/bucket_region_cache.rb +9 -5
  15. data/lib/aws-sdk-s3/bucket_request_payment.rb +15 -15
  16. data/lib/aws-sdk-s3/bucket_tagging.rb +19 -19
  17. data/lib/aws-sdk-s3/bucket_versioning.rb +74 -41
  18. data/lib/aws-sdk-s3/bucket_website.rb +19 -19
  19. data/lib/aws-sdk-s3/client.rb +9951 -3365
  20. data/lib/aws-sdk-s3/client_api.rb +758 -164
  21. data/lib/aws-sdk-s3/customizations/bucket.rb +1 -1
  22. data/lib/aws-sdk-s3/customizations/errors.rb +15 -2
  23. data/lib/aws-sdk-s3/customizations/object.rb +87 -91
  24. data/lib/aws-sdk-s3/customizations/object_summary.rb +5 -0
  25. data/lib/aws-sdk-s3/customizations/object_version.rb +13 -0
  26. data/lib/aws-sdk-s3/customizations.rb +28 -31
  27. data/lib/aws-sdk-s3/default_executor.rb +103 -0
  28. data/lib/aws-sdk-s3/encryption/client.rb +4 -4
  29. data/lib/aws-sdk-s3/encryption/default_cipher_provider.rb +2 -0
  30. data/lib/aws-sdk-s3/encryption/encrypt_handler.rb +2 -0
  31. data/lib/aws-sdk-s3/encryption/kms_cipher_provider.rb +4 -2
  32. data/lib/aws-sdk-s3/encryptionV2/client.rb +100 -25
  33. data/lib/aws-sdk-s3/encryptionV2/decrypt_handler.rb +7 -162
  34. data/lib/aws-sdk-s3/encryptionV2/decryption.rb +205 -0
  35. data/lib/aws-sdk-s3/encryptionV2/default_cipher_provider.rb +17 -0
  36. data/lib/aws-sdk-s3/encryptionV2/encrypt_handler.rb +2 -0
  37. data/lib/aws-sdk-s3/encryptionV2/io_encrypter.rb +2 -0
  38. data/lib/aws-sdk-s3/encryptionV2/kms_cipher_provider.rb +10 -2
  39. data/lib/aws-sdk-s3/encryptionV2/utils.rb +5 -0
  40. data/lib/aws-sdk-s3/encryptionV3/client.rb +885 -0
  41. data/lib/aws-sdk-s3/encryptionV3/decrypt_handler.rb +98 -0
  42. data/lib/aws-sdk-s3/encryptionV3/decryption.rb +244 -0
  43. data/lib/aws-sdk-s3/encryptionV3/default_cipher_provider.rb +159 -0
  44. data/lib/aws-sdk-s3/encryptionV3/default_key_provider.rb +35 -0
  45. data/lib/aws-sdk-s3/encryptionV3/encrypt_handler.rb +98 -0
  46. data/lib/aws-sdk-s3/encryptionV3/errors.rb +47 -0
  47. data/lib/aws-sdk-s3/encryptionV3/io_auth_decrypter.rb +60 -0
  48. data/lib/aws-sdk-s3/encryptionV3/io_decrypter.rb +35 -0
  49. data/lib/aws-sdk-s3/encryptionV3/io_encrypter.rb +84 -0
  50. data/lib/aws-sdk-s3/encryptionV3/key_provider.rb +28 -0
  51. data/lib/aws-sdk-s3/encryptionV3/kms_cipher_provider.rb +159 -0
  52. data/lib/aws-sdk-s3/encryptionV3/materials.rb +58 -0
  53. data/lib/aws-sdk-s3/encryptionV3/utils.rb +321 -0
  54. data/lib/aws-sdk-s3/encryption_v2.rb +1 -0
  55. data/lib/aws-sdk-s3/encryption_v3.rb +24 -0
  56. data/lib/aws-sdk-s3/endpoint_parameters.rb +65 -30
  57. data/lib/aws-sdk-s3/endpoint_provider.rb +604 -227
  58. data/lib/aws-sdk-s3/endpoints.rb +655 -1261
  59. data/lib/aws-sdk-s3/errors.rb +58 -0
  60. data/lib/aws-sdk-s3/express_credentials.rb +55 -0
  61. data/lib/aws-sdk-s3/express_credentials_provider.rb +59 -0
  62. data/lib/aws-sdk-s3/file_downloader.rb +192 -147
  63. data/lib/aws-sdk-s3/file_uploader.rb +10 -14
  64. data/lib/aws-sdk-s3/legacy_signer.rb +2 -1
  65. data/lib/aws-sdk-s3/multipart_download_error.rb +8 -0
  66. data/lib/aws-sdk-s3/multipart_file_uploader.rb +106 -103
  67. data/lib/aws-sdk-s3/multipart_stream_uploader.rb +99 -109
  68. data/lib/aws-sdk-s3/multipart_upload.rb +185 -38
  69. data/lib/aws-sdk-s3/multipart_upload_error.rb +3 -4
  70. data/lib/aws-sdk-s3/multipart_upload_part.rb +205 -68
  71. data/lib/aws-sdk-s3/object.rb +2052 -315
  72. data/lib/aws-sdk-s3/object_acl.rb +46 -28
  73. data/lib/aws-sdk-s3/object_copier.rb +1 -1
  74. data/lib/aws-sdk-s3/object_multipart_copier.rb +12 -9
  75. data/lib/aws-sdk-s3/object_summary.rb +1778 -262
  76. data/lib/aws-sdk-s3/object_version.rb +400 -68
  77. data/lib/aws-sdk-s3/plugins/access_grants.rb +178 -0
  78. data/lib/aws-sdk-s3/plugins/checksum_algorithm.rb +31 -0
  79. data/lib/aws-sdk-s3/plugins/endpoints.rb +32 -208
  80. data/lib/aws-sdk-s3/plugins/express_session_auth.rb +88 -0
  81. data/lib/aws-sdk-s3/plugins/http_200_errors.rb +55 -18
  82. data/lib/aws-sdk-s3/plugins/location_constraint.rb +3 -1
  83. data/lib/aws-sdk-s3/plugins/md5s.rb +10 -70
  84. data/lib/aws-sdk-s3/plugins/s3_signer.rb +7 -2
  85. data/lib/aws-sdk-s3/plugins/streaming_retry.rb +5 -7
  86. data/lib/aws-sdk-s3/plugins/url_encoded_keys.rb +2 -1
  87. data/lib/aws-sdk-s3/presigner.rb +9 -7
  88. data/lib/aws-sdk-s3/resource.rb +127 -22
  89. data/lib/aws-sdk-s3/transfer_manager.rb +303 -0
  90. data/lib/aws-sdk-s3/types.rb +8065 -1783
  91. data/lib/aws-sdk-s3.rb +35 -31
  92. data/sig/bucket.rbs +231 -0
  93. data/sig/bucket_acl.rbs +78 -0
  94. data/sig/bucket_cors.rbs +69 -0
  95. data/sig/bucket_lifecycle.rbs +88 -0
  96. data/sig/bucket_lifecycle_configuration.rbs +115 -0
  97. data/sig/bucket_logging.rbs +76 -0
  98. data/sig/bucket_notification.rbs +114 -0
  99. data/sig/bucket_policy.rbs +59 -0
  100. data/sig/bucket_request_payment.rbs +54 -0
  101. data/sig/bucket_tagging.rbs +65 -0
  102. data/sig/bucket_versioning.rbs +77 -0
  103. data/sig/bucket_website.rbs +93 -0
  104. data/sig/client.rbs +2612 -0
  105. data/sig/customizations/bucket.rbs +19 -0
  106. data/sig/customizations/object.rbs +38 -0
  107. data/sig/customizations/object_summary.rbs +35 -0
  108. data/sig/errors.rbs +44 -0
  109. data/sig/multipart_upload.rbs +120 -0
  110. data/sig/multipart_upload_part.rbs +109 -0
  111. data/sig/object.rbs +464 -0
  112. data/sig/object_acl.rbs +86 -0
  113. data/sig/object_summary.rbs +347 -0
  114. data/sig/object_version.rbs +143 -0
  115. data/sig/resource.rbs +141 -0
  116. data/sig/types.rbs +2899 -0
  117. data/sig/waiters.rbs +95 -0
  118. metadata +61 -12
  119. data/lib/aws-sdk-s3/plugins/skip_whole_multipart_get_checksums.rb +0 -31
data/lib/aws-sdk-s3/encryptionV2/kms_cipher_provider.rb CHANGED
@@ -24,7 +24,7 @@ module Aws
24
24
  def encryption_cipher(options = {})
25
25
  validate_key_for_encryption
26
26
  encryption_context = build_encryption_context(@content_encryption_schema, options)
27
- key_data = Aws::Plugins::UserAgent.feature('S3CryptoV2') do
27
+ key_data = Aws::Plugins::UserAgent.metric('S3_CRYPTO_V2') do
28
28
  @kms_client.generate_data_key(
29
29
  key_id: @kms_key_id,
30
30
  encryption_context: encryption_context,
@@ -33,6 +33,8 @@ module Aws
33
33
  end
34
34
  cipher = Utils.aes_encryption_cipher(:GCM)
35
35
  cipher.key = key_data.plaintext
36
+ ##= ../specification/s3-encryption/data-format/content-metadata.md#algorithm-suite-and-message-format-version-compatibility
37
+ ##% Objects encrypted with ALG_AES_256_GCM_IV12_TAG16_NO_KDF MUST use the V2 message format version only.
36
38
  envelope = {
37
39
  'x-amz-key-v2' => encode64(key_data.ciphertext_blob),
38
40
  'x-amz-iv' => encode64(cipher.iv = cipher.random_iv),
@@ -53,9 +55,15 @@ module Aws
53
55
 
54
56
  case envelope['x-amz-wrap-alg']
55
57
  when 'kms'
58
+ ##= ../specification/s3-encryption/client.md#enable-legacy-wrapping-algorithms
59
+ ##% The S3EC MUST support the option to enable or disable legacy wrapping algorithms.
56
60
  unless options[:security_profile] == :v2_and_legacy
61
+ ##= ../specification/s3-encryption/client.md#enable-legacy-wrapping-algorithms
62
+ ##% When disabled, the S3EC MUST NOT decrypt objects encrypted using legacy wrapping algorithms; it MUST throw an exception when attempting to decrypt an object encrypted with a legacy wrapping algorithm.
57
63
  raise Errors::LegacyDecryptionError
58
64
  end
65
+ ##= ../specification/s3-encryption/client.md#enable-legacy-wrapping-algorithms
66
+ ##% When enabled, the S3EC MUST be able to decrypt objects encrypted with all supported wrapping algorithms (both legacy and fully supported).
59
67
  when 'kms+context'
60
68
  if cek_alg != encryption_context['aws:x-amz-cek-alg']
61
69
  raise Errors::CEKAlgMismatchError
@@ -85,7 +93,7 @@ module Aws
85
93
  decrypt_options[:key_id] = @kms_key_id
86
94
  end
87
95
 
88
- key = Aws::Plugins::UserAgent.feature('S3CryptoV2') do
96
+ key = Aws::Plugins::UserAgent.metric('S3_CRYPTO_V2') do
89
97
  @kms_client.decrypt(decrypt_options).plaintext
90
98
  end
91
99
  iv = decode64(envelope['x-amz-iv'])
data/lib/aws-sdk-s3/encryptionV2/utils.rb CHANGED
@@ -80,6 +80,11 @@ module Aws
80
80
  # @param [OpenSSL::PKey::RSA, String, nil] key
81
81
  # @param [String, nil] iv The initialization vector
82
82
  def aes_cipher(mode, block_mode, key, iv)
83
+ ##= ../specification/s3-encryption/encryption.md#alg-aes-256-gcm-iv12-tag16-no-kdf
84
+ ##% The client MUST initialize the cipher,
85
+ ##% or call an AES-GCM encryption API, with the plaintext data key, the generated IV,
86
+ ##% and the tag length defined in the Algorithm Suite
87
+ ##% when encrypting with ALG_AES_256_GCM_IV12_TAG16_NO_KDF.
83
88
  cipher = key ?
84
89
  OpenSSL::Cipher.new("aes-#{cipher_size(key)}-#{block_mode.downcase}") :
85
90
  OpenSSL::Cipher.new("aes-256-#{block_mode.downcase}")