aws-sdk-s3 1.139.0 → 1.141.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +15 -0
- data/VERSION +1 -1
- data/lib/aws-sdk-s3/bucket.rb +423 -93
- data/lib/aws-sdk-s3/bucket_acl.rb +9 -9
- data/lib/aws-sdk-s3/bucket_cors.rb +12 -12
- data/lib/aws-sdk-s3/bucket_lifecycle.rb +12 -12
- data/lib/aws-sdk-s3/bucket_lifecycle_configuration.rb +12 -12
- data/lib/aws-sdk-s3/bucket_logging.rb +9 -9
- data/lib/aws-sdk-s3/bucket_notification.rb +3 -3
- data/lib/aws-sdk-s3/bucket_policy.rb +58 -14
- data/lib/aws-sdk-s3/bucket_request_payment.rb +9 -9
- data/lib/aws-sdk-s3/bucket_tagging.rb +12 -12
- data/lib/aws-sdk-s3/bucket_versioning.rb +27 -27
- data/lib/aws-sdk-s3/bucket_website.rb +12 -12
- data/lib/aws-sdk-s3/client.rb +5639 -2553
- data/lib/aws-sdk-s3/client_api.rb +97 -16
- data/lib/aws-sdk-s3/customizations.rb +5 -0
- data/lib/aws-sdk-s3/endpoint_parameters.rb +32 -0
- data/lib/aws-sdk-s3/endpoint_provider.rb +82 -0
- data/lib/aws-sdk-s3/endpoints.rb +440 -0
- data/lib/aws-sdk-s3/express_credentials.rb +55 -0
- data/lib/aws-sdk-s3/express_credentials_cache.rb +30 -0
- data/lib/aws-sdk-s3/express_credentials_provider.rb +36 -0
- data/lib/aws-sdk-s3/file_downloader.rb +0 -1
- data/lib/aws-sdk-s3/multipart_file_uploader.rb +0 -1
- data/lib/aws-sdk-s3/multipart_stream_uploader.rb +0 -1
- data/lib/aws-sdk-s3/multipart_upload.rb +70 -24
- data/lib/aws-sdk-s3/multipart_upload_part.rb +164 -43
- data/lib/aws-sdk-s3/object.rb +1496 -248
- data/lib/aws-sdk-s3/object_acl.rb +31 -19
- data/lib/aws-sdk-s3/object_summary.rb +1366 -272
- data/lib/aws-sdk-s3/object_version.rb +304 -57
- data/lib/aws-sdk-s3/plugins/endpoints.rb +13 -2
- data/lib/aws-sdk-s3/plugins/express_session_auth.rb +90 -0
- data/lib/aws-sdk-s3/plugins/location_constraint.rb +3 -1
- data/lib/aws-sdk-s3/plugins/md5s.rb +2 -1
- data/lib/aws-sdk-s3/presigner.rb +2 -2
- data/lib/aws-sdk-s3/resource.rb +83 -11
- data/lib/aws-sdk-s3/types.rb +4261 -1238
- data/lib/aws-sdk-s3.rb +1 -1
- metadata +10 -6
@@ -264,14 +264,22 @@ module Aws::S3
|
|
264
264
|
# space, and the value that is displayed on your authentication device.
|
265
265
|
# Required to permanently delete a versioned object if versioning is
|
266
266
|
# configured with MFA delete enabled.
|
267
|
+
#
|
268
|
+
# <note markdown="1"> This functionality is not supported for directory buckets.
|
269
|
+
#
|
270
|
+
# </note>
|
267
271
|
# @option options [String] :request_payer
|
268
272
|
# Confirms that the requester knows that they will be charged for the
|
269
273
|
# request. Bucket owners need not specify this parameter in their
|
270
|
-
# requests. If either the source or destination
|
271
|
-
#
|
272
|
-
#
|
273
|
-
#
|
274
|
-
#
|
274
|
+
# requests. If either the source or destination S3 bucket has Requester
|
275
|
+
# Pays enabled, the requester will pay for corresponding charges to copy
|
276
|
+
# the object. For information about downloading objects from Requester
|
277
|
+
# Pays buckets, see [Downloading Objects in Requester Pays Buckets][1]
|
278
|
+
# in the *Amazon S3 User Guide*.
|
279
|
+
#
|
280
|
+
# <note markdown="1"> This functionality is not supported for directory buckets.
|
281
|
+
#
|
282
|
+
# </note>
|
275
283
|
#
|
276
284
|
#
|
277
285
|
#
|
@@ -280,10 +288,14 @@ module Aws::S3
|
|
280
288
|
# Indicates whether S3 Object Lock should bypass Governance-mode
|
281
289
|
# restrictions to process this operation. To use this header, you must
|
282
290
|
# have the `s3:BypassGovernanceRetention` permission.
|
291
|
+
#
|
292
|
+
# <note markdown="1"> This functionality is not supported for directory buckets.
|
293
|
+
#
|
294
|
+
# </note>
|
283
295
|
# @option options [String] :expected_bucket_owner
|
284
|
-
# The account ID of the expected bucket owner. If the
|
285
|
-
#
|
286
|
-
# Forbidden` (access denied).
|
296
|
+
# The account ID of the expected bucket owner. If the account ID that
|
297
|
+
# you provide does not match the actual owner of the bucket, the request
|
298
|
+
# fails with the HTTP status code `403 Forbidden` (access denied).
|
287
299
|
# @return [Types::DeleteObjectOutput]
|
288
300
|
def delete(options = {})
|
289
301
|
options = options.merge(
|
@@ -322,18 +334,64 @@ module Aws::S3
|
|
322
334
|
# @param [Hash] options ({})
|
323
335
|
# @option options [String] :if_match
|
324
336
|
# Return the object only if its entity tag (ETag) is the same as the one
|
325
|
-
# specified; otherwise, return a 412
|
337
|
+
# specified in this header; otherwise, return a `412 Precondition
|
338
|
+
# Failed` error.
|
339
|
+
#
|
340
|
+
# If both of the `If-Match` and `If-Unmodified-Since` headers are
|
341
|
+
# present in the request as follows: `If-Match` condition evaluates to
|
342
|
+
# `true`, and; `If-Unmodified-Since` condition evaluates to `false`;
|
343
|
+
# then, S3 returns `200 OK` and the data requested.
|
344
|
+
#
|
345
|
+
# For more information about conditional requests, see [RFC 7232][1].
|
346
|
+
#
|
347
|
+
#
|
348
|
+
#
|
349
|
+
# [1]: https://tools.ietf.org/html/rfc7232
|
326
350
|
# @option options [Time,DateTime,Date,Integer,String] :if_modified_since
|
327
351
|
# Return the object only if it has been modified since the specified
|
328
|
-
# time; otherwise, return a 304
|
352
|
+
# time; otherwise, return a `304 Not Modified` error.
|
353
|
+
#
|
354
|
+
# If both of the `If-None-Match` and `If-Modified-Since` headers are
|
355
|
+
# present in the request as follows:` If-None-Match` condition evaluates
|
356
|
+
# to `false`, and; `If-Modified-Since` condition evaluates to `true`;
|
357
|
+
# then, S3 returns `304 Not Modified` status code.
|
358
|
+
#
|
359
|
+
# For more information about conditional requests, see [RFC 7232][1].
|
360
|
+
#
|
361
|
+
#
|
362
|
+
#
|
363
|
+
# [1]: https://tools.ietf.org/html/rfc7232
|
329
364
|
# @option options [String] :if_none_match
|
330
365
|
# Return the object only if its entity tag (ETag) is different from the
|
331
|
-
# one specified; otherwise, return a 304
|
366
|
+
# one specified in this header; otherwise, return a `304 Not Modified`
|
367
|
+
# error.
|
368
|
+
#
|
369
|
+
# If both of the `If-None-Match` and `If-Modified-Since` headers are
|
370
|
+
# present in the request as follows:` If-None-Match` condition evaluates
|
371
|
+
# to `false`, and; `If-Modified-Since` condition evaluates to `true`;
|
372
|
+
# then, S3 returns `304 Not Modified` HTTP status code.
|
373
|
+
#
|
374
|
+
# For more information about conditional requests, see [RFC 7232][1].
|
375
|
+
#
|
376
|
+
#
|
377
|
+
#
|
378
|
+
# [1]: https://tools.ietf.org/html/rfc7232
|
332
379
|
# @option options [Time,DateTime,Date,Integer,String] :if_unmodified_since
|
333
380
|
# Return the object only if it has not been modified since the specified
|
334
|
-
# time; otherwise, return a 412
|
381
|
+
# time; otherwise, return a `412 Precondition Failed` error.
|
382
|
+
#
|
383
|
+
# If both of the `If-Match` and `If-Unmodified-Since` headers are
|
384
|
+
# present in the request as follows: `If-Match` condition evaluates to
|
385
|
+
# `true`, and; `If-Unmodified-Since` condition evaluates to `false`;
|
386
|
+
# then, S3 returns `200 OK` and the data requested.
|
387
|
+
#
|
388
|
+
# For more information about conditional requests, see [RFC 7232][1].
|
389
|
+
#
|
390
|
+
#
|
391
|
+
#
|
392
|
+
# [1]: https://tools.ietf.org/html/rfc7232
|
335
393
|
# @option options [String] :range
|
336
|
-
# Downloads the specified range
|
394
|
+
# Downloads the specified byte range of an object. For more information
|
337
395
|
# about the HTTP Range header, see
|
338
396
|
# [https://www.rfc-editor.org/rfc/rfc9110.html#name-range][1].
|
339
397
|
#
|
@@ -348,7 +406,7 @@ module Aws::S3
|
|
348
406
|
# @option options [String] :response_cache_control
|
349
407
|
# Sets the `Cache-Control` header of the response.
|
350
408
|
# @option options [String] :response_content_disposition
|
351
|
-
# Sets the `Content-Disposition` header of the response
|
409
|
+
# Sets the `Content-Disposition` header of the response.
|
352
410
|
# @option options [String] :response_content_encoding
|
353
411
|
# Sets the `Content-Encoding` header of the response.
|
354
412
|
# @option options [String] :response_content_language
|
@@ -358,26 +416,98 @@ module Aws::S3
|
|
358
416
|
# @option options [Time,DateTime,Date,Integer,String] :response_expires
|
359
417
|
# Sets the `Expires` header of the response.
|
360
418
|
# @option options [String] :sse_customer_algorithm
|
361
|
-
# Specifies the algorithm to use
|
362
|
-
# example, AES256).
|
419
|
+
# Specifies the algorithm to use when decrypting the object (for
|
420
|
+
# example, `AES256`).
|
421
|
+
#
|
422
|
+
# If you encrypt an object by using server-side encryption with
|
423
|
+
# customer-provided encryption keys (SSE-C) when you store the object in
|
424
|
+
# Amazon S3, then when you GET the object, you must use the following
|
425
|
+
# headers:
|
426
|
+
#
|
427
|
+
# * `x-amz-server-side-encryption-customer-algorithm`
|
428
|
+
#
|
429
|
+
# * `x-amz-server-side-encryption-customer-key`
|
430
|
+
#
|
431
|
+
# * `x-amz-server-side-encryption-customer-key-MD5`
|
432
|
+
#
|
433
|
+
# For more information about SSE-C, see [Server-Side Encryption (Using
|
434
|
+
# Customer-Provided Encryption Keys)][1] in the *Amazon S3 User Guide*.
|
435
|
+
#
|
436
|
+
# <note markdown="1"> This functionality is not supported for directory buckets.
|
437
|
+
#
|
438
|
+
# </note>
|
439
|
+
#
|
440
|
+
#
|
441
|
+
#
|
442
|
+
# [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html
|
363
443
|
# @option options [String] :sse_customer_key
|
364
|
-
# Specifies the customer-provided encryption key
|
365
|
-
#
|
366
|
-
#
|
367
|
-
#
|
444
|
+
# Specifies the customer-provided encryption key that you originally
|
445
|
+
# provided for Amazon S3 to encrypt the data before storing it. This
|
446
|
+
# value is used to decrypt the object when recovering it and must match
|
447
|
+
# the one used when storing the data. The key must be appropriate for
|
448
|
+
# use with the algorithm specified in the
|
368
449
|
# `x-amz-server-side-encryption-customer-algorithm` header.
|
450
|
+
#
|
451
|
+
# If you encrypt an object by using server-side encryption with
|
452
|
+
# customer-provided encryption keys (SSE-C) when you store the object in
|
453
|
+
# Amazon S3, then when you GET the object, you must use the following
|
454
|
+
# headers:
|
455
|
+
#
|
456
|
+
# * `x-amz-server-side-encryption-customer-algorithm`
|
457
|
+
#
|
458
|
+
# * `x-amz-server-side-encryption-customer-key`
|
459
|
+
#
|
460
|
+
# * `x-amz-server-side-encryption-customer-key-MD5`
|
461
|
+
#
|
462
|
+
# For more information about SSE-C, see [Server-Side Encryption (Using
|
463
|
+
# Customer-Provided Encryption Keys)][1] in the *Amazon S3 User Guide*.
|
464
|
+
#
|
465
|
+
# <note markdown="1"> This functionality is not supported for directory buckets.
|
466
|
+
#
|
467
|
+
# </note>
|
468
|
+
#
|
469
|
+
#
|
470
|
+
#
|
471
|
+
# [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html
|
369
472
|
# @option options [String] :sse_customer_key_md5
|
370
|
-
# Specifies the 128-bit MD5 digest of the encryption
|
371
|
-
# RFC 1321. Amazon S3 uses this header for a message
|
372
|
-
# ensure that the encryption key was transmitted
|
473
|
+
# Specifies the 128-bit MD5 digest of the customer-provided encryption
|
474
|
+
# key according to RFC 1321. Amazon S3 uses this header for a message
|
475
|
+
# integrity check to ensure that the encryption key was transmitted
|
476
|
+
# without error.
|
477
|
+
#
|
478
|
+
# If you encrypt an object by using server-side encryption with
|
479
|
+
# customer-provided encryption keys (SSE-C) when you store the object in
|
480
|
+
# Amazon S3, then when you GET the object, you must use the following
|
481
|
+
# headers:
|
482
|
+
#
|
483
|
+
# * `x-amz-server-side-encryption-customer-algorithm`
|
484
|
+
#
|
485
|
+
# * `x-amz-server-side-encryption-customer-key`
|
486
|
+
#
|
487
|
+
# * `x-amz-server-side-encryption-customer-key-MD5`
|
488
|
+
#
|
489
|
+
# For more information about SSE-C, see [Server-Side Encryption (Using
|
490
|
+
# Customer-Provided Encryption Keys)][1] in the *Amazon S3 User Guide*.
|
491
|
+
#
|
492
|
+
# <note markdown="1"> This functionality is not supported for directory buckets.
|
493
|
+
#
|
494
|
+
# </note>
|
495
|
+
#
|
496
|
+
#
|
497
|
+
#
|
498
|
+
# [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html
|
373
499
|
# @option options [String] :request_payer
|
374
500
|
# Confirms that the requester knows that they will be charged for the
|
375
501
|
# request. Bucket owners need not specify this parameter in their
|
376
|
-
# requests. If either the source or destination
|
377
|
-
#
|
378
|
-
#
|
379
|
-
#
|
380
|
-
#
|
502
|
+
# requests. If either the source or destination S3 bucket has Requester
|
503
|
+
# Pays enabled, the requester will pay for corresponding charges to copy
|
504
|
+
# the object. For information about downloading objects from Requester
|
505
|
+
# Pays buckets, see [Downloading Objects in Requester Pays Buckets][1]
|
506
|
+
# in the *Amazon S3 User Guide*.
|
507
|
+
#
|
508
|
+
# <note markdown="1"> This functionality is not supported for directory buckets.
|
509
|
+
#
|
510
|
+
# </note>
|
381
511
|
#
|
382
512
|
#
|
383
513
|
#
|
@@ -388,9 +518,9 @@ module Aws::S3
|
|
388
518
|
# for the part specified. Useful for downloading just a part of an
|
389
519
|
# object.
|
390
520
|
# @option options [String] :expected_bucket_owner
|
391
|
-
# The account ID of the expected bucket owner. If the
|
392
|
-
#
|
393
|
-
# Forbidden` (access denied).
|
521
|
+
# The account ID of the expected bucket owner. If the account ID that
|
522
|
+
# you provide does not match the actual owner of the bucket, the request
|
523
|
+
# fails with the HTTP status code `403 Forbidden` (access denied).
|
394
524
|
# @option options [String] :checksum_mode
|
395
525
|
# To retrieve the checksum, this mode must be enabled.
|
396
526
|
# @return [Types::GetObjectOutput]
|
@@ -426,41 +556,117 @@ module Aws::S3
|
|
426
556
|
# @option options [String] :if_match
|
427
557
|
# Return the object only if its entity tag (ETag) is the same as the one
|
428
558
|
# specified; otherwise, return a 412 (precondition failed) error.
|
559
|
+
#
|
560
|
+
# If both of the `If-Match` and `If-Unmodified-Since` headers are
|
561
|
+
# present in the request as follows:
|
562
|
+
#
|
563
|
+
# * `If-Match` condition evaluates to `true`, and;
|
564
|
+
#
|
565
|
+
# * `If-Unmodified-Since` condition evaluates to `false`;
|
566
|
+
#
|
567
|
+
# Then Amazon S3 returns `200 OK` and the data requested.
|
568
|
+
#
|
569
|
+
# For more information about conditional requests, see [RFC 7232][1].
|
570
|
+
#
|
571
|
+
#
|
572
|
+
#
|
573
|
+
# [1]: https://tools.ietf.org/html/rfc7232
|
429
574
|
# @option options [Time,DateTime,Date,Integer,String] :if_modified_since
|
430
575
|
# Return the object only if it has been modified since the specified
|
431
576
|
# time; otherwise, return a 304 (not modified) error.
|
577
|
+
#
|
578
|
+
# If both of the `If-None-Match` and `If-Modified-Since` headers are
|
579
|
+
# present in the request as follows:
|
580
|
+
#
|
581
|
+
# * `If-None-Match` condition evaluates to `false`, and;
|
582
|
+
#
|
583
|
+
# * `If-Modified-Since` condition evaluates to `true`;
|
584
|
+
#
|
585
|
+
# Then Amazon S3 returns the `304 Not Modified` response code.
|
586
|
+
#
|
587
|
+
# For more information about conditional requests, see [RFC 7232][1].
|
588
|
+
#
|
589
|
+
#
|
590
|
+
#
|
591
|
+
# [1]: https://tools.ietf.org/html/rfc7232
|
432
592
|
# @option options [String] :if_none_match
|
433
593
|
# Return the object only if its entity tag (ETag) is different from the
|
434
594
|
# one specified; otherwise, return a 304 (not modified) error.
|
595
|
+
#
|
596
|
+
# If both of the `If-None-Match` and `If-Modified-Since` headers are
|
597
|
+
# present in the request as follows:
|
598
|
+
#
|
599
|
+
# * `If-None-Match` condition evaluates to `false`, and;
|
600
|
+
#
|
601
|
+
# * `If-Modified-Since` condition evaluates to `true`;
|
602
|
+
#
|
603
|
+
# Then Amazon S3 returns the `304 Not Modified` response code.
|
604
|
+
#
|
605
|
+
# For more information about conditional requests, see [RFC 7232][1].
|
606
|
+
#
|
607
|
+
#
|
608
|
+
#
|
609
|
+
# [1]: https://tools.ietf.org/html/rfc7232
|
435
610
|
# @option options [Time,DateTime,Date,Integer,String] :if_unmodified_since
|
436
611
|
# Return the object only if it has not been modified since the specified
|
437
612
|
# time; otherwise, return a 412 (precondition failed) error.
|
613
|
+
#
|
614
|
+
# If both of the `If-Match` and `If-Unmodified-Since` headers are
|
615
|
+
# present in the request as follows:
|
616
|
+
#
|
617
|
+
# * `If-Match` condition evaluates to `true`, and;
|
618
|
+
#
|
619
|
+
# * `If-Unmodified-Since` condition evaluates to `false`;
|
620
|
+
#
|
621
|
+
# Then Amazon S3 returns `200 OK` and the data requested.
|
622
|
+
#
|
623
|
+
# For more information about conditional requests, see [RFC 7232][1].
|
624
|
+
#
|
625
|
+
#
|
626
|
+
#
|
627
|
+
# [1]: https://tools.ietf.org/html/rfc7232
|
438
628
|
# @option options [String] :range
|
439
629
|
# HeadObject returns only the metadata for an object. If the Range is
|
440
630
|
# satisfiable, only the `ContentLength` is affected in the response. If
|
441
631
|
# the Range is not satisfiable, S3 returns a `416 - Requested Range Not
|
442
632
|
# Satisfiable` error.
|
443
633
|
# @option options [String] :sse_customer_algorithm
|
444
|
-
# Specifies the algorithm to use
|
634
|
+
# Specifies the algorithm to use when encrypting the object (for
|
445
635
|
# example, AES256).
|
636
|
+
#
|
637
|
+
# <note markdown="1"> This functionality is not supported for directory buckets.
|
638
|
+
#
|
639
|
+
# </note>
|
446
640
|
# @option options [String] :sse_customer_key
|
447
641
|
# Specifies the customer-provided encryption key for Amazon S3 to use in
|
448
642
|
# encrypting data. This value is used to store the object and then it is
|
449
643
|
# discarded; Amazon S3 does not store the encryption key. The key must
|
450
644
|
# be appropriate for use with the algorithm specified in the
|
451
645
|
# `x-amz-server-side-encryption-customer-algorithm` header.
|
646
|
+
#
|
647
|
+
# <note markdown="1"> This functionality is not supported for directory buckets.
|
648
|
+
#
|
649
|
+
# </note>
|
452
650
|
# @option options [String] :sse_customer_key_md5
|
453
651
|
# Specifies the 128-bit MD5 digest of the encryption key according to
|
454
652
|
# RFC 1321. Amazon S3 uses this header for a message integrity check to
|
455
653
|
# ensure that the encryption key was transmitted without error.
|
654
|
+
#
|
655
|
+
# <note markdown="1"> This functionality is not supported for directory buckets.
|
656
|
+
#
|
657
|
+
# </note>
|
456
658
|
# @option options [String] :request_payer
|
457
659
|
# Confirms that the requester knows that they will be charged for the
|
458
660
|
# request. Bucket owners need not specify this parameter in their
|
459
|
-
# requests. If either the source or destination
|
460
|
-
#
|
461
|
-
#
|
462
|
-
#
|
463
|
-
#
|
661
|
+
# requests. If either the source or destination S3 bucket has Requester
|
662
|
+
# Pays enabled, the requester will pay for corresponding charges to copy
|
663
|
+
# the object. For information about downloading objects from Requester
|
664
|
+
# Pays buckets, see [Downloading Objects in Requester Pays Buckets][1]
|
665
|
+
# in the *Amazon S3 User Guide*.
|
666
|
+
#
|
667
|
+
# <note markdown="1"> This functionality is not supported for directory buckets.
|
668
|
+
#
|
669
|
+
# </note>
|
464
670
|
#
|
465
671
|
#
|
466
672
|
#
|
@@ -471,9 +677,9 @@ module Aws::S3
|
|
471
677
|
# for the part specified. Useful querying about the size of the part and
|
472
678
|
# the number of parts in this object.
|
473
679
|
# @option options [String] :expected_bucket_owner
|
474
|
-
# The account ID of the expected bucket owner. If the
|
475
|
-
#
|
476
|
-
# Forbidden` (access denied).
|
680
|
+
# The account ID of the expected bucket owner. If the account ID that
|
681
|
+
# you provide does not match the actual owner of the bucket, the request
|
682
|
+
# fails with the HTTP status code `403 Forbidden` (access denied).
|
477
683
|
# @option options [String] :checksum_mode
|
478
684
|
# To retrieve the checksum, this parameter must be enabled.
|
479
685
|
#
|
@@ -570,14 +776,35 @@ module Aws::S3
|
|
570
776
|
# space, and the value that is displayed on your authentication device.
|
571
777
|
# Required to permanently delete a versioned object if versioning is
|
572
778
|
# configured with MFA delete enabled.
|
779
|
+
#
|
780
|
+
# When performing the `DeleteObjects` operation on an MFA delete enabled
|
781
|
+
# bucket, which attempts to delete the specified versioned objects, you
|
782
|
+
# must include an MFA token. If you don't provide an MFA token, the
|
783
|
+
# entire request will fail, even if there are non-versioned objects that
|
784
|
+
# you are trying to delete. If you provide an invalid token, whether
|
785
|
+
# there are versioned object keys in the request or not, the entire
|
786
|
+
# Multi-Object Delete request will fail. For information about MFA
|
787
|
+
# Delete, see [ MFA Delete][1] in the *Amazon S3 User Guide*.
|
788
|
+
#
|
789
|
+
# <note markdown="1"> This functionality is not supported for directory buckets.
|
790
|
+
#
|
791
|
+
# </note>
|
792
|
+
#
|
793
|
+
#
|
794
|
+
#
|
795
|
+
# [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/Versioning.html#MultiFactorAuthenticationDelete
|
573
796
|
# @option options [String] :request_payer
|
574
797
|
# Confirms that the requester knows that they will be charged for the
|
575
798
|
# request. Bucket owners need not specify this parameter in their
|
576
|
-
# requests. If either the source or destination
|
577
|
-
#
|
578
|
-
#
|
579
|
-
#
|
580
|
-
#
|
799
|
+
# requests. If either the source or destination S3 bucket has Requester
|
800
|
+
# Pays enabled, the requester will pay for corresponding charges to copy
|
801
|
+
# the object. For information about downloading objects from Requester
|
802
|
+
# Pays buckets, see [Downloading Objects in Requester Pays Buckets][1]
|
803
|
+
# in the *Amazon S3 User Guide*.
|
804
|
+
#
|
805
|
+
# <note markdown="1"> This functionality is not supported for directory buckets.
|
806
|
+
#
|
807
|
+
# </note>
|
581
808
|
#
|
582
809
|
#
|
583
810
|
#
|
@@ -586,25 +813,45 @@ module Aws::S3
|
|
586
813
|
# Specifies whether you want to delete this object even if it has a
|
587
814
|
# Governance-type Object Lock in place. To use this header, you must
|
588
815
|
# have the `s3:BypassGovernanceRetention` permission.
|
816
|
+
#
|
817
|
+
# <note markdown="1"> This functionality is not supported for directory buckets.
|
818
|
+
#
|
819
|
+
# </note>
|
589
820
|
# @option options [String] :expected_bucket_owner
|
590
|
-
# The account ID of the expected bucket owner. If the
|
591
|
-
#
|
592
|
-
# Forbidden` (access denied).
|
821
|
+
# The account ID of the expected bucket owner. If the account ID that
|
822
|
+
# you provide does not match the actual owner of the bucket, the request
|
823
|
+
# fails with the HTTP status code `403 Forbidden` (access denied).
|
593
824
|
# @option options [String] :checksum_algorithm
|
594
825
|
# Indicates the algorithm used to create the checksum for the object
|
595
|
-
# when
|
596
|
-
# functionality if
|
597
|
-
# must be a corresponding `x-amz-checksum` or
|
598
|
-
# sent. Otherwise, Amazon S3 fails the request
|
599
|
-
# `400 Bad Request`.
|
600
|
-
#
|
826
|
+
# when you use the SDK. This header will not provide any additional
|
827
|
+
# functionality if you don't use the SDK. When you send this header,
|
828
|
+
# there must be a corresponding `x-amz-checksum-algorithm ` or
|
829
|
+
# `x-amz-trailer` header sent. Otherwise, Amazon S3 fails the request
|
830
|
+
# with the HTTP status code `400 Bad Request`.
|
831
|
+
#
|
832
|
+
# For the `x-amz-checksum-algorithm ` header, replace ` algorithm ` with
|
833
|
+
# the supported algorithm from the following list:
|
834
|
+
#
|
835
|
+
# * CRC32
|
836
|
+
#
|
837
|
+
# * CRC32C
|
838
|
+
#
|
839
|
+
# * SHA1
|
840
|
+
#
|
841
|
+
# * SHA256
|
842
|
+
#
|
843
|
+
# For more information, see [Checking object integrity][1] in the
|
844
|
+
# *Amazon S3 User Guide*.
|
845
|
+
#
|
846
|
+
# If the individual checksum value you provide through
|
847
|
+
# `x-amz-checksum-algorithm ` doesn't match the checksum algorithm you
|
848
|
+
# set through `x-amz-sdk-checksum-algorithm`, Amazon S3 ignores any
|
849
|
+
# provided `ChecksumAlgorithm` parameter and uses the checksum algorithm
|
850
|
+
# that matches the provided value in `x-amz-checksum-algorithm `.
|
601
851
|
#
|
602
852
|
# If you provide an individual checksum, Amazon S3 ignores any provided
|
603
853
|
# `ChecksumAlgorithm` parameter.
|
604
854
|
#
|
605
|
-
# This checksum algorithm must be the same for all parts and it match
|
606
|
-
# the checksum value supplied in the `CreateMultipartUpload` request.
|
607
|
-
#
|
608
855
|
#
|
609
856
|
#
|
610
857
|
# [1]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html
|
@@ -22,19 +22,26 @@ module Aws::S3
|
|
22
22
|
Aws::S3::EndpointProvider.new
|
23
23
|
end
|
24
24
|
|
25
|
+
option(
|
26
|
+
:disable_s3_express_session_auth,
|
27
|
+
doc_type: 'Boolean',
|
28
|
+
default: nil,
|
29
|
+
docstring: "Parameter to indicate whether S3Express session auth should be disabled")
|
30
|
+
|
25
31
|
# @api private
|
26
32
|
class Handler < Seahorse::Client::Handler
|
27
33
|
def call(context)
|
28
|
-
# If endpoint was discovered, do not resolve or apply the endpoint.
|
29
34
|
unless context[:discovered_endpoint]
|
30
35
|
params = parameters_for_operation(context)
|
31
36
|
endpoint = context.config.endpoint_provider.resolve_endpoint(params)
|
32
37
|
|
33
38
|
context.http_request.endpoint = endpoint.url
|
34
39
|
apply_endpoint_headers(context, endpoint.headers)
|
40
|
+
|
41
|
+
context[:endpoint_params] = params
|
42
|
+
context[:endpoint_properties] = endpoint.properties
|
35
43
|
end
|
36
44
|
|
37
|
-
context[:endpoint_params] = params
|
38
45
|
context[:auth_scheme] =
|
39
46
|
Aws::Endpoints.resolve_auth_scheme(context, endpoint)
|
40
47
|
|
@@ -66,6 +73,8 @@ module Aws::S3
|
|
66
73
|
Aws::S3::Endpoints::CreateBucket.build(context)
|
67
74
|
when :create_multipart_upload
|
68
75
|
Aws::S3::Endpoints::CreateMultipartUpload.build(context)
|
76
|
+
when :create_session
|
77
|
+
Aws::S3::Endpoints::CreateSession.build(context)
|
69
78
|
when :delete_bucket
|
70
79
|
Aws::S3::Endpoints::DeleteBucket.build(context)
|
71
80
|
when :delete_bucket_analytics_configuration
|
@@ -176,6 +185,8 @@ module Aws::S3
|
|
176
185
|
Aws::S3::Endpoints::ListBucketMetricsConfigurations.build(context)
|
177
186
|
when :list_buckets
|
178
187
|
Aws::S3::Endpoints::ListBuckets.build(context)
|
188
|
+
when :list_directory_buckets
|
189
|
+
Aws::S3::Endpoints::ListDirectoryBuckets.build(context)
|
179
190
|
when :list_multipart_uploads
|
180
191
|
Aws::S3::Endpoints::ListMultipartUploads.build(context)
|
181
192
|
when :list_object_versions
|
@@ -0,0 +1,90 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module Aws
|
4
|
+
module S3
|
5
|
+
module Plugins
|
6
|
+
# @api private
|
7
|
+
class ExpressSessionAuth < Seahorse::Client::Plugin
|
8
|
+
# This should be s3_disable_express_auth instead
|
9
|
+
# But this is not a built in. We're overwriting the generated value
|
10
|
+
option(:disable_s3_express_session_auth,
|
11
|
+
default: false,
|
12
|
+
doc_type: 'Boolean',
|
13
|
+
docstring: <<-DOCS) do |cfg|
|
14
|
+
When `true`, S3 Express session authentication is disabled.
|
15
|
+
DOCS
|
16
|
+
resolve_disable_s3_express_session_auth(cfg)
|
17
|
+
end
|
18
|
+
|
19
|
+
option(:express_credentials_provider,
|
20
|
+
doc_type: 'Aws::S3::ExpressCredentialsProvider',
|
21
|
+
docstring: <<-DOCS) do |_cfg|
|
22
|
+
Credential Provider for S3 Express endpoints. Manages credentials
|
23
|
+
for different buckets.
|
24
|
+
DOCS
|
25
|
+
Aws::S3::ExpressCredentialsProvider.new
|
26
|
+
end
|
27
|
+
|
28
|
+
# @api private
|
29
|
+
class Handler < Seahorse::Client::Handler
|
30
|
+
def call(context)
|
31
|
+
if (props = context[:endpoint_properties])
|
32
|
+
# S3 Express endpoint - turn off md5 and enable crc32 default
|
33
|
+
if (backend = props['backend']) && backend == 'S3Express'
|
34
|
+
if context.operation_name == :put_object || checksum_required?(context)
|
35
|
+
context[:default_request_checksum_algorithm] = 'CRC32'
|
36
|
+
end
|
37
|
+
context[:s3_express_endpoint] = true
|
38
|
+
end
|
39
|
+
|
40
|
+
# if s3 express auth, use new credentials and sign additional header
|
41
|
+
if context[:auth_scheme]['name'] == 'sigv4-s3express' &&
|
42
|
+
!context.config.disable_s3_express_session_auth
|
43
|
+
bucket = context.params[:bucket]
|
44
|
+
credentials_provider = context.config.express_credentials_provider
|
45
|
+
credentials = credentials_provider.express_credentials_for(bucket)
|
46
|
+
context[:sigv4_credentials] = credentials # Sign will use this
|
47
|
+
end
|
48
|
+
end
|
49
|
+
@handler.call(context)
|
50
|
+
end
|
51
|
+
|
52
|
+
private
|
53
|
+
|
54
|
+
def checksum_required?(context)
|
55
|
+
context.operation.http_checksum_required ||
|
56
|
+
(context.operation.http_checksum &&
|
57
|
+
context.operation.http_checksum['requestChecksumRequired'])
|
58
|
+
end
|
59
|
+
end
|
60
|
+
|
61
|
+
handler(Handler)
|
62
|
+
|
63
|
+
# Optimization - sets this client as the client to create sessions.
|
64
|
+
def after_initialize(client)
|
65
|
+
provider = client.config.express_credentials_provider
|
66
|
+
provider.client = client unless provider.client
|
67
|
+
end
|
68
|
+
|
69
|
+
class << self
|
70
|
+
private
|
71
|
+
|
72
|
+
def resolve_disable_s3_express_session_auth(cfg)
|
73
|
+
value = ENV['AWS_S3_DISABLE_EXPRESS_SESSION_AUTH'] ||
|
74
|
+
Aws.shared_config.s3_disable_express_session_auth(profile: cfg.profile) ||
|
75
|
+
'false'
|
76
|
+
value = Aws::Util.str_2_bool(value)
|
77
|
+
# Raise if provided value is not true or false
|
78
|
+
if value.nil?
|
79
|
+
raise ArgumentError,
|
80
|
+
'Must provide either `true` or `false` for the '\
|
81
|
+
'`s3_disable_express_session_auth` profile option or for '\
|
82
|
+
"ENV['AWS_S3_DISABLE_EXPRESS_SESSION_AUTH']."
|
83
|
+
end
|
84
|
+
value
|
85
|
+
end
|
86
|
+
end
|
87
|
+
end
|
88
|
+
end
|
89
|
+
end
|
90
|
+
end
|
@@ -22,7 +22,9 @@ module Aws
|
|
22
22
|
|
23
23
|
def populate_location_constraint(params, region)
|
24
24
|
params[:create_bucket_configuration] ||= {}
|
25
|
-
params[:create_bucket_configuration][:
|
25
|
+
unless params[:create_bucket_configuration][:location]
|
26
|
+
params[:create_bucket_configuration][:location_constraint] ||= region
|
27
|
+
end
|
26
28
|
end
|
27
29
|
|
28
30
|
end
|
@@ -22,7 +22,8 @@ module Aws
|
|
22
22
|
CHUNK_SIZE = 1 * 1024 * 1024 # one MB
|
23
23
|
|
24
24
|
def call(context)
|
25
|
-
if !context[:checksum_algorithms] # skip in favor of flexible checksum
|
25
|
+
if !context[:checksum_algorithms] && # skip in favor of flexible checksum
|
26
|
+
!context[:s3_express_endpoint] # s3 express endpoints do not support md5
|
26
27
|
body = context.http_request.body
|
27
28
|
if body.respond_to?(:size) && body.size > 0
|
28
29
|
context.http_request.headers['Content-Md5'] ||= md5(body)
|
data/lib/aws-sdk-s3/presigner.rb
CHANGED
@@ -232,8 +232,8 @@ module Aws
|
|
232
232
|
end
|
233
233
|
signer = Aws::Sigv4::Signer.new(
|
234
234
|
service: auth_scheme['signingName'] || 's3',
|
235
|
-
region: region || context.config.region,
|
236
|
-
credentials_provider: context.config.credentials,
|
235
|
+
region: context[:sigv4_region] || region || context.config.region,
|
236
|
+
credentials_provider: context[:sigv4_credentials] || context.config.credentials,
|
237
237
|
signing_algorithm: scheme_name.to_sym,
|
238
238
|
uri_escape_path: !!!auth_scheme['disableDoubleEncoding'],
|
239
239
|
unsigned_headers: unsigned_headers,
|