aws-sdk-s3 1.139.0 → 1.141.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (42) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +15 -0
  3. data/VERSION +1 -1
  4. data/lib/aws-sdk-s3/bucket.rb +423 -93
  5. data/lib/aws-sdk-s3/bucket_acl.rb +9 -9
  6. data/lib/aws-sdk-s3/bucket_cors.rb +12 -12
  7. data/lib/aws-sdk-s3/bucket_lifecycle.rb +12 -12
  8. data/lib/aws-sdk-s3/bucket_lifecycle_configuration.rb +12 -12
  9. data/lib/aws-sdk-s3/bucket_logging.rb +9 -9
  10. data/lib/aws-sdk-s3/bucket_notification.rb +3 -3
  11. data/lib/aws-sdk-s3/bucket_policy.rb +58 -14
  12. data/lib/aws-sdk-s3/bucket_request_payment.rb +9 -9
  13. data/lib/aws-sdk-s3/bucket_tagging.rb +12 -12
  14. data/lib/aws-sdk-s3/bucket_versioning.rb +27 -27
  15. data/lib/aws-sdk-s3/bucket_website.rb +12 -12
  16. data/lib/aws-sdk-s3/client.rb +5639 -2553
  17. data/lib/aws-sdk-s3/client_api.rb +97 -16
  18. data/lib/aws-sdk-s3/customizations.rb +5 -0
  19. data/lib/aws-sdk-s3/endpoint_parameters.rb +32 -0
  20. data/lib/aws-sdk-s3/endpoint_provider.rb +82 -0
  21. data/lib/aws-sdk-s3/endpoints.rb +440 -0
  22. data/lib/aws-sdk-s3/express_credentials.rb +55 -0
  23. data/lib/aws-sdk-s3/express_credentials_cache.rb +30 -0
  24. data/lib/aws-sdk-s3/express_credentials_provider.rb +36 -0
  25. data/lib/aws-sdk-s3/file_downloader.rb +0 -1
  26. data/lib/aws-sdk-s3/multipart_file_uploader.rb +0 -1
  27. data/lib/aws-sdk-s3/multipart_stream_uploader.rb +0 -1
  28. data/lib/aws-sdk-s3/multipart_upload.rb +70 -24
  29. data/lib/aws-sdk-s3/multipart_upload_part.rb +164 -43
  30. data/lib/aws-sdk-s3/object.rb +1496 -248
  31. data/lib/aws-sdk-s3/object_acl.rb +31 -19
  32. data/lib/aws-sdk-s3/object_summary.rb +1366 -272
  33. data/lib/aws-sdk-s3/object_version.rb +304 -57
  34. data/lib/aws-sdk-s3/plugins/endpoints.rb +13 -2
  35. data/lib/aws-sdk-s3/plugins/express_session_auth.rb +90 -0
  36. data/lib/aws-sdk-s3/plugins/location_constraint.rb +3 -1
  37. data/lib/aws-sdk-s3/plugins/md5s.rb +2 -1
  38. data/lib/aws-sdk-s3/presigner.rb +2 -2
  39. data/lib/aws-sdk-s3/resource.rb +83 -11
  40. data/lib/aws-sdk-s3/types.rb +4261 -1238
  41. data/lib/aws-sdk-s3.rb +1 -1
  42. metadata +10 -6
@@ -264,14 +264,22 @@ module Aws::S3
264
264
  # space, and the value that is displayed on your authentication device.
265
265
  # Required to permanently delete a versioned object if versioning is
266
266
  # configured with MFA delete enabled.
267
+ #
268
+ # <note markdown="1"> This functionality is not supported for directory buckets.
269
+ #
270
+ # </note>
267
271
  # @option options [String] :request_payer
268
272
  # Confirms that the requester knows that they will be charged for the
269
273
  # request. Bucket owners need not specify this parameter in their
270
- # requests. If either the source or destination Amazon S3 bucket has
271
- # Requester Pays enabled, the requester will pay for corresponding
272
- # charges to copy the object. For information about downloading objects
273
- # from Requester Pays buckets, see [Downloading Objects in Requester
274
- # Pays Buckets][1] in the *Amazon S3 User Guide*.
274
+ # requests. If either the source or destination S3 bucket has Requester
275
+ # Pays enabled, the requester will pay for corresponding charges to copy
276
+ # the object. For information about downloading objects from Requester
277
+ # Pays buckets, see [Downloading Objects in Requester Pays Buckets][1]
278
+ # in the *Amazon S3 User Guide*.
279
+ #
280
+ # <note markdown="1"> This functionality is not supported for directory buckets.
281
+ #
282
+ # </note>
275
283
  #
276
284
  #
277
285
  #
@@ -280,10 +288,14 @@ module Aws::S3
280
288
  # Indicates whether S3 Object Lock should bypass Governance-mode
281
289
  # restrictions to process this operation. To use this header, you must
282
290
  # have the `s3:BypassGovernanceRetention` permission.
291
+ #
292
+ # <note markdown="1"> This functionality is not supported for directory buckets.
293
+ #
294
+ # </note>
283
295
  # @option options [String] :expected_bucket_owner
284
- # The account ID of the expected bucket owner. If the bucket is owned by
285
- # a different account, the request fails with the HTTP status code `403
286
- # Forbidden` (access denied).
296
+ # The account ID of the expected bucket owner. If the account ID that
297
+ # you provide does not match the actual owner of the bucket, the request
298
+ # fails with the HTTP status code `403 Forbidden` (access denied).
287
299
  # @return [Types::DeleteObjectOutput]
288
300
  def delete(options = {})
289
301
  options = options.merge(
@@ -322,18 +334,64 @@ module Aws::S3
322
334
  # @param [Hash] options ({})
323
335
  # @option options [String] :if_match
324
336
  # Return the object only if its entity tag (ETag) is the same as the one
325
- # specified; otherwise, return a 412 (precondition failed) error.
337
+ # specified in this header; otherwise, return a `412 Precondition
338
+ # Failed` error.
339
+ #
340
+ # If both of the `If-Match` and `If-Unmodified-Since` headers are
341
+ # present in the request as follows: `If-Match` condition evaluates to
342
+ # `true`, and; `If-Unmodified-Since` condition evaluates to `false`;
343
+ # then, S3 returns `200 OK` and the data requested.
344
+ #
345
+ # For more information about conditional requests, see [RFC 7232][1].
346
+ #
347
+ #
348
+ #
349
+ # [1]: https://tools.ietf.org/html/rfc7232
326
350
  # @option options [Time,DateTime,Date,Integer,String] :if_modified_since
327
351
  # Return the object only if it has been modified since the specified
328
- # time; otherwise, return a 304 (not modified) error.
352
+ # time; otherwise, return a `304 Not Modified` error.
353
+ #
354
+ # If both of the `If-None-Match` and `If-Modified-Since` headers are
355
+ # present in the request as follows:` If-None-Match` condition evaluates
356
+ # to `false`, and; `If-Modified-Since` condition evaluates to `true`;
357
+ # then, S3 returns `304 Not Modified` status code.
358
+ #
359
+ # For more information about conditional requests, see [RFC 7232][1].
360
+ #
361
+ #
362
+ #
363
+ # [1]: https://tools.ietf.org/html/rfc7232
329
364
  # @option options [String] :if_none_match
330
365
  # Return the object only if its entity tag (ETag) is different from the
331
- # one specified; otherwise, return a 304 (not modified) error.
366
+ # one specified in this header; otherwise, return a `304 Not Modified`
367
+ # error.
368
+ #
369
+ # If both of the `If-None-Match` and `If-Modified-Since` headers are
370
+ # present in the request as follows:` If-None-Match` condition evaluates
371
+ # to `false`, and; `If-Modified-Since` condition evaluates to `true`;
372
+ # then, S3 returns `304 Not Modified` HTTP status code.
373
+ #
374
+ # For more information about conditional requests, see [RFC 7232][1].
375
+ #
376
+ #
377
+ #
378
+ # [1]: https://tools.ietf.org/html/rfc7232
332
379
  # @option options [Time,DateTime,Date,Integer,String] :if_unmodified_since
333
380
  # Return the object only if it has not been modified since the specified
334
- # time; otherwise, return a 412 (precondition failed) error.
381
+ # time; otherwise, return a `412 Precondition Failed` error.
382
+ #
383
+ # If both of the `If-Match` and `If-Unmodified-Since` headers are
384
+ # present in the request as follows: `If-Match` condition evaluates to
385
+ # `true`, and; `If-Unmodified-Since` condition evaluates to `false`;
386
+ # then, S3 returns `200 OK` and the data requested.
387
+ #
388
+ # For more information about conditional requests, see [RFC 7232][1].
389
+ #
390
+ #
391
+ #
392
+ # [1]: https://tools.ietf.org/html/rfc7232
335
393
  # @option options [String] :range
336
- # Downloads the specified range bytes of an object. For more information
394
+ # Downloads the specified byte range of an object. For more information
337
395
  # about the HTTP Range header, see
338
396
  # [https://www.rfc-editor.org/rfc/rfc9110.html#name-range][1].
339
397
  #
@@ -348,7 +406,7 @@ module Aws::S3
348
406
  # @option options [String] :response_cache_control
349
407
  # Sets the `Cache-Control` header of the response.
350
408
  # @option options [String] :response_content_disposition
351
- # Sets the `Content-Disposition` header of the response
409
+ # Sets the `Content-Disposition` header of the response.
352
410
  # @option options [String] :response_content_encoding
353
411
  # Sets the `Content-Encoding` header of the response.
354
412
  # @option options [String] :response_content_language
@@ -358,26 +416,98 @@ module Aws::S3
358
416
  # @option options [Time,DateTime,Date,Integer,String] :response_expires
359
417
  # Sets the `Expires` header of the response.
360
418
  # @option options [String] :sse_customer_algorithm
361
- # Specifies the algorithm to use to when decrypting the object (for
362
- # example, AES256).
419
+ # Specifies the algorithm to use when decrypting the object (for
420
+ # example, `AES256`).
421
+ #
422
+ # If you encrypt an object by using server-side encryption with
423
+ # customer-provided encryption keys (SSE-C) when you store the object in
424
+ # Amazon S3, then when you GET the object, you must use the following
425
+ # headers:
426
+ #
427
+ # * `x-amz-server-side-encryption-customer-algorithm`
428
+ #
429
+ # * `x-amz-server-side-encryption-customer-key`
430
+ #
431
+ # * `x-amz-server-side-encryption-customer-key-MD5`
432
+ #
433
+ # For more information about SSE-C, see [Server-Side Encryption (Using
434
+ # Customer-Provided Encryption Keys)][1] in the *Amazon S3 User Guide*.
435
+ #
436
+ # <note markdown="1"> This functionality is not supported for directory buckets.
437
+ #
438
+ # </note>
439
+ #
440
+ #
441
+ #
442
+ # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html
363
443
  # @option options [String] :sse_customer_key
364
- # Specifies the customer-provided encryption key for Amazon S3 used to
365
- # encrypt the data. This value is used to decrypt the object when
366
- # recovering it and must match the one used when storing the data. The
367
- # key must be appropriate for use with the algorithm specified in the
444
+ # Specifies the customer-provided encryption key that you originally
445
+ # provided for Amazon S3 to encrypt the data before storing it. This
446
+ # value is used to decrypt the object when recovering it and must match
447
+ # the one used when storing the data. The key must be appropriate for
448
+ # use with the algorithm specified in the
368
449
  # `x-amz-server-side-encryption-customer-algorithm` header.
450
+ #
451
+ # If you encrypt an object by using server-side encryption with
452
+ # customer-provided encryption keys (SSE-C) when you store the object in
453
+ # Amazon S3, then when you GET the object, you must use the following
454
+ # headers:
455
+ #
456
+ # * `x-amz-server-side-encryption-customer-algorithm`
457
+ #
458
+ # * `x-amz-server-side-encryption-customer-key`
459
+ #
460
+ # * `x-amz-server-side-encryption-customer-key-MD5`
461
+ #
462
+ # For more information about SSE-C, see [Server-Side Encryption (Using
463
+ # Customer-Provided Encryption Keys)][1] in the *Amazon S3 User Guide*.
464
+ #
465
+ # <note markdown="1"> This functionality is not supported for directory buckets.
466
+ #
467
+ # </note>
468
+ #
469
+ #
470
+ #
471
+ # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html
369
472
  # @option options [String] :sse_customer_key_md5
370
- # Specifies the 128-bit MD5 digest of the encryption key according to
371
- # RFC 1321. Amazon S3 uses this header for a message integrity check to
372
- # ensure that the encryption key was transmitted without error.
473
+ # Specifies the 128-bit MD5 digest of the customer-provided encryption
474
+ # key according to RFC 1321. Amazon S3 uses this header for a message
475
+ # integrity check to ensure that the encryption key was transmitted
476
+ # without error.
477
+ #
478
+ # If you encrypt an object by using server-side encryption with
479
+ # customer-provided encryption keys (SSE-C) when you store the object in
480
+ # Amazon S3, then when you GET the object, you must use the following
481
+ # headers:
482
+ #
483
+ # * `x-amz-server-side-encryption-customer-algorithm`
484
+ #
485
+ # * `x-amz-server-side-encryption-customer-key`
486
+ #
487
+ # * `x-amz-server-side-encryption-customer-key-MD5`
488
+ #
489
+ # For more information about SSE-C, see [Server-Side Encryption (Using
490
+ # Customer-Provided Encryption Keys)][1] in the *Amazon S3 User Guide*.
491
+ #
492
+ # <note markdown="1"> This functionality is not supported for directory buckets.
493
+ #
494
+ # </note>
495
+ #
496
+ #
497
+ #
498
+ # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/ServerSideEncryptionCustomerKeys.html
373
499
  # @option options [String] :request_payer
374
500
  # Confirms that the requester knows that they will be charged for the
375
501
  # request. Bucket owners need not specify this parameter in their
376
- # requests. If either the source or destination Amazon S3 bucket has
377
- # Requester Pays enabled, the requester will pay for corresponding
378
- # charges to copy the object. For information about downloading objects
379
- # from Requester Pays buckets, see [Downloading Objects in Requester
380
- # Pays Buckets][1] in the *Amazon S3 User Guide*.
502
+ # requests. If either the source or destination S3 bucket has Requester
503
+ # Pays enabled, the requester will pay for corresponding charges to copy
504
+ # the object. For information about downloading objects from Requester
505
+ # Pays buckets, see [Downloading Objects in Requester Pays Buckets][1]
506
+ # in the *Amazon S3 User Guide*.
507
+ #
508
+ # <note markdown="1"> This functionality is not supported for directory buckets.
509
+ #
510
+ # </note>
381
511
  #
382
512
  #
383
513
  #
@@ -388,9 +518,9 @@ module Aws::S3
388
518
  # for the part specified. Useful for downloading just a part of an
389
519
  # object.
390
520
  # @option options [String] :expected_bucket_owner
391
- # The account ID of the expected bucket owner. If the bucket is owned by
392
- # a different account, the request fails with the HTTP status code `403
393
- # Forbidden` (access denied).
521
+ # The account ID of the expected bucket owner. If the account ID that
522
+ # you provide does not match the actual owner of the bucket, the request
523
+ # fails with the HTTP status code `403 Forbidden` (access denied).
394
524
  # @option options [String] :checksum_mode
395
525
  # To retrieve the checksum, this mode must be enabled.
396
526
  # @return [Types::GetObjectOutput]
@@ -426,41 +556,117 @@ module Aws::S3
426
556
  # @option options [String] :if_match
427
557
  # Return the object only if its entity tag (ETag) is the same as the one
428
558
  # specified; otherwise, return a 412 (precondition failed) error.
559
+ #
560
+ # If both of the `If-Match` and `If-Unmodified-Since` headers are
561
+ # present in the request as follows:
562
+ #
563
+ # * `If-Match` condition evaluates to `true`, and;
564
+ #
565
+ # * `If-Unmodified-Since` condition evaluates to `false`;
566
+ #
567
+ # Then Amazon S3 returns `200 OK` and the data requested.
568
+ #
569
+ # For more information about conditional requests, see [RFC 7232][1].
570
+ #
571
+ #
572
+ #
573
+ # [1]: https://tools.ietf.org/html/rfc7232
429
574
  # @option options [Time,DateTime,Date,Integer,String] :if_modified_since
430
575
  # Return the object only if it has been modified since the specified
431
576
  # time; otherwise, return a 304 (not modified) error.
577
+ #
578
+ # If both of the `If-None-Match` and `If-Modified-Since` headers are
579
+ # present in the request as follows:
580
+ #
581
+ # * `If-None-Match` condition evaluates to `false`, and;
582
+ #
583
+ # * `If-Modified-Since` condition evaluates to `true`;
584
+ #
585
+ # Then Amazon S3 returns the `304 Not Modified` response code.
586
+ #
587
+ # For more information about conditional requests, see [RFC 7232][1].
588
+ #
589
+ #
590
+ #
591
+ # [1]: https://tools.ietf.org/html/rfc7232
432
592
  # @option options [String] :if_none_match
433
593
  # Return the object only if its entity tag (ETag) is different from the
434
594
  # one specified; otherwise, return a 304 (not modified) error.
595
+ #
596
+ # If both of the `If-None-Match` and `If-Modified-Since` headers are
597
+ # present in the request as follows:
598
+ #
599
+ # * `If-None-Match` condition evaluates to `false`, and;
600
+ #
601
+ # * `If-Modified-Since` condition evaluates to `true`;
602
+ #
603
+ # Then Amazon S3 returns the `304 Not Modified` response code.
604
+ #
605
+ # For more information about conditional requests, see [RFC 7232][1].
606
+ #
607
+ #
608
+ #
609
+ # [1]: https://tools.ietf.org/html/rfc7232
435
610
  # @option options [Time,DateTime,Date,Integer,String] :if_unmodified_since
436
611
  # Return the object only if it has not been modified since the specified
437
612
  # time; otherwise, return a 412 (precondition failed) error.
613
+ #
614
+ # If both of the `If-Match` and `If-Unmodified-Since` headers are
615
+ # present in the request as follows:
616
+ #
617
+ # * `If-Match` condition evaluates to `true`, and;
618
+ #
619
+ # * `If-Unmodified-Since` condition evaluates to `false`;
620
+ #
621
+ # Then Amazon S3 returns `200 OK` and the data requested.
622
+ #
623
+ # For more information about conditional requests, see [RFC 7232][1].
624
+ #
625
+ #
626
+ #
627
+ # [1]: https://tools.ietf.org/html/rfc7232
438
628
  # @option options [String] :range
439
629
  # HeadObject returns only the metadata for an object. If the Range is
440
630
  # satisfiable, only the `ContentLength` is affected in the response. If
441
631
  # the Range is not satisfiable, S3 returns a `416 - Requested Range Not
442
632
  # Satisfiable` error.
443
633
  # @option options [String] :sse_customer_algorithm
444
- # Specifies the algorithm to use to when encrypting the object (for
634
+ # Specifies the algorithm to use when encrypting the object (for
445
635
  # example, AES256).
636
+ #
637
+ # <note markdown="1"> This functionality is not supported for directory buckets.
638
+ #
639
+ # </note>
446
640
  # @option options [String] :sse_customer_key
447
641
  # Specifies the customer-provided encryption key for Amazon S3 to use in
448
642
  # encrypting data. This value is used to store the object and then it is
449
643
  # discarded; Amazon S3 does not store the encryption key. The key must
450
644
  # be appropriate for use with the algorithm specified in the
451
645
  # `x-amz-server-side-encryption-customer-algorithm` header.
646
+ #
647
+ # <note markdown="1"> This functionality is not supported for directory buckets.
648
+ #
649
+ # </note>
452
650
  # @option options [String] :sse_customer_key_md5
453
651
  # Specifies the 128-bit MD5 digest of the encryption key according to
454
652
  # RFC 1321. Amazon S3 uses this header for a message integrity check to
455
653
  # ensure that the encryption key was transmitted without error.
654
+ #
655
+ # <note markdown="1"> This functionality is not supported for directory buckets.
656
+ #
657
+ # </note>
456
658
  # @option options [String] :request_payer
457
659
  # Confirms that the requester knows that they will be charged for the
458
660
  # request. Bucket owners need not specify this parameter in their
459
- # requests. If either the source or destination Amazon S3 bucket has
460
- # Requester Pays enabled, the requester will pay for corresponding
461
- # charges to copy the object. For information about downloading objects
462
- # from Requester Pays buckets, see [Downloading Objects in Requester
463
- # Pays Buckets][1] in the *Amazon S3 User Guide*.
661
+ # requests. If either the source or destination S3 bucket has Requester
662
+ # Pays enabled, the requester will pay for corresponding charges to copy
663
+ # the object. For information about downloading objects from Requester
664
+ # Pays buckets, see [Downloading Objects in Requester Pays Buckets][1]
665
+ # in the *Amazon S3 User Guide*.
666
+ #
667
+ # <note markdown="1"> This functionality is not supported for directory buckets.
668
+ #
669
+ # </note>
464
670
  #
465
671
  #
466
672
  #
@@ -471,9 +677,9 @@ module Aws::S3
471
677
  # for the part specified. Useful querying about the size of the part and
472
678
  # the number of parts in this object.
473
679
  # @option options [String] :expected_bucket_owner
474
- # The account ID of the expected bucket owner. If the bucket is owned by
475
- # a different account, the request fails with the HTTP status code `403
476
- # Forbidden` (access denied).
680
+ # The account ID of the expected bucket owner. If the account ID that
681
+ # you provide does not match the actual owner of the bucket, the request
682
+ # fails with the HTTP status code `403 Forbidden` (access denied).
477
683
  # @option options [String] :checksum_mode
478
684
  # To retrieve the checksum, this parameter must be enabled.
479
685
  #
@@ -570,14 +776,35 @@ module Aws::S3
570
776
  # space, and the value that is displayed on your authentication device.
571
777
  # Required to permanently delete a versioned object if versioning is
572
778
  # configured with MFA delete enabled.
779
+ #
780
+ # When performing the `DeleteObjects` operation on an MFA delete enabled
781
+ # bucket, which attempts to delete the specified versioned objects, you
782
+ # must include an MFA token. If you don't provide an MFA token, the
783
+ # entire request will fail, even if there are non-versioned objects that
784
+ # you are trying to delete. If you provide an invalid token, whether
785
+ # there are versioned object keys in the request or not, the entire
786
+ # Multi-Object Delete request will fail. For information about MFA
787
+ # Delete, see [ MFA Delete][1] in the *Amazon S3 User Guide*.
788
+ #
789
+ # <note markdown="1"> This functionality is not supported for directory buckets.
790
+ #
791
+ # </note>
792
+ #
793
+ #
794
+ #
795
+ # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/Versioning.html#MultiFactorAuthenticationDelete
573
796
  # @option options [String] :request_payer
574
797
  # Confirms that the requester knows that they will be charged for the
575
798
  # request. Bucket owners need not specify this parameter in their
576
- # requests. If either the source or destination Amazon S3 bucket has
577
- # Requester Pays enabled, the requester will pay for corresponding
578
- # charges to copy the object. For information about downloading objects
579
- # from Requester Pays buckets, see [Downloading Objects in Requester
580
- # Pays Buckets][1] in the *Amazon S3 User Guide*.
799
+ # requests. If either the source or destination S3 bucket has Requester
800
+ # Pays enabled, the requester will pay for corresponding charges to copy
801
+ # the object. For information about downloading objects from Requester
802
+ # Pays buckets, see [Downloading Objects in Requester Pays Buckets][1]
803
+ # in the *Amazon S3 User Guide*.
804
+ #
805
+ # <note markdown="1"> This functionality is not supported for directory buckets.
806
+ #
807
+ # </note>
581
808
  #
582
809
  #
583
810
  #
@@ -586,25 +813,45 @@ module Aws::S3
586
813
  # Specifies whether you want to delete this object even if it has a
587
814
  # Governance-type Object Lock in place. To use this header, you must
588
815
  # have the `s3:BypassGovernanceRetention` permission.
816
+ #
817
+ # <note markdown="1"> This functionality is not supported for directory buckets.
818
+ #
819
+ # </note>
589
820
  # @option options [String] :expected_bucket_owner
590
- # The account ID of the expected bucket owner. If the bucket is owned by
591
- # a different account, the request fails with the HTTP status code `403
592
- # Forbidden` (access denied).
821
+ # The account ID of the expected bucket owner. If the account ID that
822
+ # you provide does not match the actual owner of the bucket, the request
823
+ # fails with the HTTP status code `403 Forbidden` (access denied).
593
824
  # @option options [String] :checksum_algorithm
594
825
  # Indicates the algorithm used to create the checksum for the object
595
- # when using the SDK. This header will not provide any additional
596
- # functionality if not using the SDK. When sending this header, there
597
- # must be a corresponding `x-amz-checksum` or `x-amz-trailer` header
598
- # sent. Otherwise, Amazon S3 fails the request with the HTTP status code
599
- # `400 Bad Request`. For more information, see [Checking object
600
- # integrity][1] in the *Amazon S3 User Guide*.
826
+ # when you use the SDK. This header will not provide any additional
827
+ # functionality if you don't use the SDK. When you send this header,
828
+ # there must be a corresponding `x-amz-checksum-algorithm ` or
829
+ # `x-amz-trailer` header sent. Otherwise, Amazon S3 fails the request
830
+ # with the HTTP status code `400 Bad Request`.
831
+ #
832
+ # For the `x-amz-checksum-algorithm ` header, replace ` algorithm ` with
833
+ # the supported algorithm from the following list:
834
+ #
835
+ # * CRC32
836
+ #
837
+ # * CRC32C
838
+ #
839
+ # * SHA1
840
+ #
841
+ # * SHA256
842
+ #
843
+ # For more information, see [Checking object integrity][1] in the
844
+ # *Amazon S3 User Guide*.
845
+ #
846
+ # If the individual checksum value you provide through
847
+ # `x-amz-checksum-algorithm ` doesn't match the checksum algorithm you
848
+ # set through `x-amz-sdk-checksum-algorithm`, Amazon S3 ignores any
849
+ # provided `ChecksumAlgorithm` parameter and uses the checksum algorithm
850
+ # that matches the provided value in `x-amz-checksum-algorithm `.
601
851
  #
602
852
  # If you provide an individual checksum, Amazon S3 ignores any provided
603
853
  # `ChecksumAlgorithm` parameter.
604
854
  #
605
- # This checksum algorithm must be the same for all parts and it match
606
- # the checksum value supplied in the `CreateMultipartUpload` request.
607
- #
608
855
  #
609
856
  #
610
857
  # [1]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html
@@ -22,19 +22,26 @@ module Aws::S3
22
22
  Aws::S3::EndpointProvider.new
23
23
  end
24
24
 
25
+ option(
26
+ :disable_s3_express_session_auth,
27
+ doc_type: 'Boolean',
28
+ default: nil,
29
+ docstring: "Parameter to indicate whether S3Express session auth should be disabled")
30
+
25
31
  # @api private
26
32
  class Handler < Seahorse::Client::Handler
27
33
  def call(context)
28
- # If endpoint was discovered, do not resolve or apply the endpoint.
29
34
  unless context[:discovered_endpoint]
30
35
  params = parameters_for_operation(context)
31
36
  endpoint = context.config.endpoint_provider.resolve_endpoint(params)
32
37
 
33
38
  context.http_request.endpoint = endpoint.url
34
39
  apply_endpoint_headers(context, endpoint.headers)
40
+
41
+ context[:endpoint_params] = params
42
+ context[:endpoint_properties] = endpoint.properties
35
43
  end
36
44
 
37
- context[:endpoint_params] = params
38
45
  context[:auth_scheme] =
39
46
  Aws::Endpoints.resolve_auth_scheme(context, endpoint)
40
47
 
@@ -66,6 +73,8 @@ module Aws::S3
66
73
  Aws::S3::Endpoints::CreateBucket.build(context)
67
74
  when :create_multipart_upload
68
75
  Aws::S3::Endpoints::CreateMultipartUpload.build(context)
76
+ when :create_session
77
+ Aws::S3::Endpoints::CreateSession.build(context)
69
78
  when :delete_bucket
70
79
  Aws::S3::Endpoints::DeleteBucket.build(context)
71
80
  when :delete_bucket_analytics_configuration
@@ -176,6 +185,8 @@ module Aws::S3
176
185
  Aws::S3::Endpoints::ListBucketMetricsConfigurations.build(context)
177
186
  when :list_buckets
178
187
  Aws::S3::Endpoints::ListBuckets.build(context)
188
+ when :list_directory_buckets
189
+ Aws::S3::Endpoints::ListDirectoryBuckets.build(context)
179
190
  when :list_multipart_uploads
180
191
  Aws::S3::Endpoints::ListMultipartUploads.build(context)
181
192
  when :list_object_versions
@@ -0,0 +1,90 @@
1
+ # frozen_string_literal: true
2
+
3
+ module Aws
4
+ module S3
5
+ module Plugins
6
+ # @api private
7
+ class ExpressSessionAuth < Seahorse::Client::Plugin
8
+ # This should be s3_disable_express_auth instead
9
+ # But this is not a built in. We're overwriting the generated value
10
+ option(:disable_s3_express_session_auth,
11
+ default: false,
12
+ doc_type: 'Boolean',
13
+ docstring: <<-DOCS) do |cfg|
14
+ When `true`, S3 Express session authentication is disabled.
15
+ DOCS
16
+ resolve_disable_s3_express_session_auth(cfg)
17
+ end
18
+
19
+ option(:express_credentials_provider,
20
+ doc_type: 'Aws::S3::ExpressCredentialsProvider',
21
+ docstring: <<-DOCS) do |_cfg|
22
+ Credential Provider for S3 Express endpoints. Manages credentials
23
+ for different buckets.
24
+ DOCS
25
+ Aws::S3::ExpressCredentialsProvider.new
26
+ end
27
+
28
+ # @api private
29
+ class Handler < Seahorse::Client::Handler
30
+ def call(context)
31
+ if (props = context[:endpoint_properties])
32
+ # S3 Express endpoint - turn off md5 and enable crc32 default
33
+ if (backend = props['backend']) && backend == 'S3Express'
34
+ if context.operation_name == :put_object || checksum_required?(context)
35
+ context[:default_request_checksum_algorithm] = 'CRC32'
36
+ end
37
+ context[:s3_express_endpoint] = true
38
+ end
39
+
40
+ # if s3 express auth, use new credentials and sign additional header
41
+ if context[:auth_scheme]['name'] == 'sigv4-s3express' &&
42
+ !context.config.disable_s3_express_session_auth
43
+ bucket = context.params[:bucket]
44
+ credentials_provider = context.config.express_credentials_provider
45
+ credentials = credentials_provider.express_credentials_for(bucket)
46
+ context[:sigv4_credentials] = credentials # Sign will use this
47
+ end
48
+ end
49
+ @handler.call(context)
50
+ end
51
+
52
+ private
53
+
54
+ def checksum_required?(context)
55
+ context.operation.http_checksum_required ||
56
+ (context.operation.http_checksum &&
57
+ context.operation.http_checksum['requestChecksumRequired'])
58
+ end
59
+ end
60
+
61
+ handler(Handler)
62
+
63
+ # Optimization - sets this client as the client to create sessions.
64
+ def after_initialize(client)
65
+ provider = client.config.express_credentials_provider
66
+ provider.client = client unless provider.client
67
+ end
68
+
69
+ class << self
70
+ private
71
+
72
+ def resolve_disable_s3_express_session_auth(cfg)
73
+ value = ENV['AWS_S3_DISABLE_EXPRESS_SESSION_AUTH'] ||
74
+ Aws.shared_config.s3_disable_express_session_auth(profile: cfg.profile) ||
75
+ 'false'
76
+ value = Aws::Util.str_2_bool(value)
77
+ # Raise if provided value is not true or false
78
+ if value.nil?
79
+ raise ArgumentError,
80
+ 'Must provide either `true` or `false` for the '\
81
+ '`s3_disable_express_session_auth` profile option or for '\
82
+ "ENV['AWS_S3_DISABLE_EXPRESS_SESSION_AUTH']."
83
+ end
84
+ value
85
+ end
86
+ end
87
+ end
88
+ end
89
+ end
90
+ end
@@ -22,7 +22,9 @@ module Aws
22
22
 
23
23
  def populate_location_constraint(params, region)
24
24
  params[:create_bucket_configuration] ||= {}
25
- params[:create_bucket_configuration][:location_constraint] ||= region
25
+ unless params[:create_bucket_configuration][:location]
26
+ params[:create_bucket_configuration][:location_constraint] ||= region
27
+ end
26
28
  end
27
29
 
28
30
  end
@@ -22,7 +22,8 @@ module Aws
22
22
  CHUNK_SIZE = 1 * 1024 * 1024 # one MB
23
23
 
24
24
  def call(context)
25
- if !context[:checksum_algorithms] # skip in favor of flexible checksum
25
+ if !context[:checksum_algorithms] && # skip in favor of flexible checksum
26
+ !context[:s3_express_endpoint] # s3 express endpoints do not support md5
26
27
  body = context.http_request.body
27
28
  if body.respond_to?(:size) && body.size > 0
28
29
  context.http_request.headers['Content-Md5'] ||= md5(body)
@@ -232,8 +232,8 @@ module Aws
232
232
  end
233
233
  signer = Aws::Sigv4::Signer.new(
234
234
  service: auth_scheme['signingName'] || 's3',
235
- region: region || context.config.region,
236
- credentials_provider: context.config.credentials,
235
+ region: context[:sigv4_region] || region || context.config.region,
236
+ credentials_provider: context[:sigv4_credentials] || context.config.credentials,
237
237
  signing_algorithm: scheme_name.to_sym,
238
238
  uri_escape_path: !!!auth_scheme['disableDoubleEncoding'],
239
239
  unsigned_headers: unsigned_headers,