aws-sdk-s3 1.150.0 → 1.169.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +110 -0
- data/VERSION +1 -1
- data/lib/aws-sdk-s3/access_grants_credentials_provider.rb +12 -3
- data/lib/aws-sdk-s3/bucket.rb +252 -88
- data/lib/aws-sdk-s3/bucket_acl.rb +3 -3
- data/lib/aws-sdk-s3/bucket_cors.rb +4 -4
- data/lib/aws-sdk-s3/bucket_lifecycle.rb +4 -4
- data/lib/aws-sdk-s3/bucket_lifecycle_configuration.rb +42 -5
- data/lib/aws-sdk-s3/bucket_logging.rb +3 -3
- data/lib/aws-sdk-s3/bucket_notification.rb +3 -3
- data/lib/aws-sdk-s3/bucket_policy.rb +8 -8
- data/lib/aws-sdk-s3/bucket_request_payment.rb +3 -3
- data/lib/aws-sdk-s3/bucket_tagging.rb +4 -4
- data/lib/aws-sdk-s3/bucket_versioning.rb +5 -5
- data/lib/aws-sdk-s3/bucket_website.rb +4 -4
- data/lib/aws-sdk-s3/client.rb +1685 -668
- data/lib/aws-sdk-s3/client_api.rb +49 -4
- data/lib/aws-sdk-s3/customizations/bucket.rb +1 -1
- data/lib/aws-sdk-s3/customizations/object.rb +11 -5
- data/lib/aws-sdk-s3/customizations/object_summary.rb +5 -0
- data/lib/aws-sdk-s3/customizations/object_version.rb +13 -0
- data/lib/aws-sdk-s3/customizations.rb +24 -38
- data/lib/aws-sdk-s3/encryption/client.rb +2 -2
- data/lib/aws-sdk-s3/encryption/kms_cipher_provider.rb +2 -2
- data/lib/aws-sdk-s3/encryptionV2/client.rb +2 -2
- data/lib/aws-sdk-s3/encryptionV2/kms_cipher_provider.rb +2 -2
- data/lib/aws-sdk-s3/endpoint_parameters.rb +21 -18
- data/lib/aws-sdk-s3/endpoint_provider.rb +1 -0
- data/lib/aws-sdk-s3/endpoints.rb +416 -1614
- data/lib/aws-sdk-s3/errors.rb +3 -0
- data/lib/aws-sdk-s3/file_downloader.rb +1 -1
- data/lib/aws-sdk-s3/file_uploader.rb +1 -1
- data/lib/aws-sdk-s3/multipart_stream_uploader.rb +1 -1
- data/lib/aws-sdk-s3/multipart_upload.rb +31 -8
- data/lib/aws-sdk-s3/multipart_upload_part.rb +11 -11
- data/lib/aws-sdk-s3/object.rb +441 -158
- data/lib/aws-sdk-s3/object_acl.rb +3 -3
- data/lib/aws-sdk-s3/object_copier.rb +1 -1
- data/lib/aws-sdk-s3/object_summary.rb +403 -134
- data/lib/aws-sdk-s3/object_version.rb +53 -13
- data/lib/aws-sdk-s3/plugins/access_grants.rb +75 -5
- data/lib/aws-sdk-s3/plugins/endpoints.rb +24 -212
- data/lib/aws-sdk-s3/plugins/express_session_auth.rb +7 -1
- data/lib/aws-sdk-s3/plugins/http_200_errors.rb +53 -16
- data/lib/aws-sdk-s3/resource.rb +37 -11
- data/lib/aws-sdk-s3/types.rb +1106 -401
- data/lib/aws-sdk-s3.rb +35 -31
- data/sig/bucket.rbs +4 -0
- data/sig/bucket_lifecycle_configuration.rbs +7 -3
- data/sig/client.rbs +49 -5
- data/sig/multipart_upload.rbs +1 -0
- data/sig/object.rbs +7 -0
- data/sig/object_summary.rbs +1 -0
- data/sig/object_version.rbs +6 -0
- data/sig/resource.rbs +7 -1
- data/sig/types.rbs +36 -2
- data/sig/waiters.rbs +12 -0
- metadata +7 -6
data/lib/aws-sdk-s3/object.rb
CHANGED
@@ -132,7 +132,7 @@ module Aws::S3
|
|
132
132
|
data[:content_length]
|
133
133
|
end
|
134
134
|
|
135
|
-
# The base64-encoded, 32-bit
|
135
|
+
# The base64-encoded, 32-bit CRC-32 checksum of the object. This will
|
136
136
|
# only be present if it was uploaded with the object. When you use an
|
137
137
|
# API operation on an object that was uploaded using multipart uploads,
|
138
138
|
# this value may not be a direct checksum value of the full object.
|
@@ -149,7 +149,7 @@ module Aws::S3
|
|
149
149
|
data[:checksum_crc32]
|
150
150
|
end
|
151
151
|
|
152
|
-
# The base64-encoded, 32-bit
|
152
|
+
# The base64-encoded, 32-bit CRC-32C checksum of the object. This will
|
153
153
|
# only be present if it was uploaded with the object. When you use an
|
154
154
|
# API operation on an object that was uploaded using multipart uploads,
|
155
155
|
# this value may not be a direct checksum value of the full object.
|
@@ -288,11 +288,6 @@ module Aws::S3
|
|
288
288
|
|
289
289
|
# The server-side encryption algorithm used when you store this object
|
290
290
|
# in Amazon S3 (for example, `AES256`, `aws:kms`, `aws:kms:dsse`).
|
291
|
-
#
|
292
|
-
# <note markdown="1"> For directory buckets, only server-side encryption with Amazon S3
|
293
|
-
# managed keys (SSE-S3) (`AES256`) is supported.
|
294
|
-
#
|
295
|
-
# </note>
|
296
291
|
# @return [String]
|
297
292
|
def server_side_encryption
|
298
293
|
data[:server_side_encryption]
|
@@ -329,13 +324,8 @@ module Aws::S3
|
|
329
324
|
data[:sse_customer_key_md5]
|
330
325
|
end
|
331
326
|
|
332
|
-
# If present, indicates the ID of the
|
333
|
-
#
|
334
|
-
# object.
|
335
|
-
#
|
336
|
-
# <note markdown="1"> This functionality is not supported for directory buckets.
|
337
|
-
#
|
338
|
-
# </note>
|
327
|
+
# If present, indicates the ID of the KMS key that was used for object
|
328
|
+
# encryption.
|
339
329
|
# @return [String]
|
340
330
|
def ssekms_key_id
|
341
331
|
data[:ssekms_key_id]
|
@@ -343,10 +333,6 @@ module Aws::S3
|
|
343
333
|
|
344
334
|
# Indicates whether the object uses an S3 Bucket Key for server-side
|
345
335
|
# encryption with Key Management Service (KMS) keys (SSE-KMS).
|
346
|
-
#
|
347
|
-
# <note markdown="1"> This functionality is not supported for directory buckets.
|
348
|
-
#
|
349
|
-
# </note>
|
350
336
|
# @return [Boolean]
|
351
337
|
def bucket_key_enabled
|
352
338
|
data[:bucket_key_enabled]
|
@@ -500,7 +486,7 @@ module Aws::S3
|
|
500
486
|
#
|
501
487
|
# @return [self]
|
502
488
|
def load
|
503
|
-
resp = Aws::Plugins::UserAgent.
|
489
|
+
resp = Aws::Plugins::UserAgent.metric('RESOURCE_MODEL') do
|
504
490
|
@client.head_object(
|
505
491
|
bucket: @bucket_name,
|
506
492
|
key: @key
|
@@ -550,7 +536,7 @@ module Aws::S3
|
|
550
536
|
options, params = separate_params_and_options(options)
|
551
537
|
waiter = Waiters::ObjectExists.new(options)
|
552
538
|
yield_waiter_and_warn(waiter, &block) if block_given?
|
553
|
-
Aws::Plugins::UserAgent.
|
539
|
+
Aws::Plugins::UserAgent.metric('RESOURCE_MODEL') do
|
554
540
|
waiter.wait(params.merge(bucket: @bucket_name,
|
555
541
|
key: @key))
|
556
542
|
end
|
@@ -571,7 +557,7 @@ module Aws::S3
|
|
571
557
|
options, params = separate_params_and_options(options)
|
572
558
|
waiter = Waiters::ObjectNotExists.new(options)
|
573
559
|
yield_waiter_and_warn(waiter, &block) if block_given?
|
574
|
-
Aws::Plugins::UserAgent.
|
560
|
+
Aws::Plugins::UserAgent.metric('RESOURCE_MODEL') do
|
575
561
|
waiter.wait(params.merge(bucket: @bucket_name,
|
576
562
|
key: @key))
|
577
563
|
end
|
@@ -676,7 +662,7 @@ module Aws::S3
|
|
676
662
|
:retry
|
677
663
|
end
|
678
664
|
end
|
679
|
-
Aws::Plugins::UserAgent.
|
665
|
+
Aws::Plugins::UserAgent.metric('RESOURCE_MODEL') do
|
680
666
|
Aws::Waiters::Waiter.new(options).wait({})
|
681
667
|
end
|
682
668
|
end
|
@@ -1031,9 +1017,8 @@ module Aws::S3
|
|
1031
1017
|
# </note>
|
1032
1018
|
# @option options [String] :server_side_encryption
|
1033
1019
|
# The server-side encryption algorithm used when storing this object in
|
1034
|
-
# Amazon S3
|
1035
|
-
#
|
1036
|
-
# and will receive a `400 Bad Request` response.
|
1020
|
+
# Amazon S3. Unrecognized or unsupported values won’t write a
|
1021
|
+
# destination object and will receive a `400 Bad Request` response.
|
1037
1022
|
#
|
1038
1023
|
# Amazon S3 automatically encrypts all new objects that are copied to an
|
1039
1024
|
# S3 bucket. When copying an object, if you don't specify encryption
|
@@ -1041,35 +1026,72 @@ module Aws::S3
|
|
1041
1026
|
# object is set to the default encryption configuration of the
|
1042
1027
|
# destination bucket. By default, all buckets have a base level of
|
1043
1028
|
# encryption configuration that uses server-side encryption with Amazon
|
1044
|
-
# S3 managed keys (SSE-S3). If the destination bucket has a
|
1045
|
-
# encryption configuration
|
1046
|
-
#
|
1047
|
-
# encryption with Amazon Web Services KMS keys (DSSE-KMS), or
|
1048
|
-
# server-side encryption with customer-provided encryption keys (SSE-C),
|
1049
|
-
# Amazon S3 uses the corresponding KMS key, or a customer-provided key
|
1050
|
-
# to encrypt the target object copy.
|
1051
|
-
#
|
1052
|
-
# When you perform a `CopyObject` operation, if you want to use a
|
1053
|
-
# different type of encryption setting for the target object, you can
|
1054
|
-
# specify appropriate encryption-related headers to encrypt the target
|
1055
|
-
# object with an Amazon S3 managed key, a KMS key, or a
|
1056
|
-
# customer-provided key. If the encryption setting in your request is
|
1057
|
-
# different from the default encryption configuration of the destination
|
1058
|
-
# bucket, the encryption setting in your request takes precedence.
|
1029
|
+
# S3 managed keys (SSE-S3). If the destination bucket has a different
|
1030
|
+
# default encryption configuration, Amazon S3 uses the corresponding
|
1031
|
+
# encryption key to encrypt the target object copy.
|
1059
1032
|
#
|
1060
1033
|
# With server-side encryption, Amazon S3 encrypts your data as it writes
|
1061
1034
|
# your data to disks in its data centers and decrypts the data when you
|
1062
1035
|
# access it. For more information about server-side encryption, see
|
1063
1036
|
# [Using Server-Side Encryption][1] in the *Amazon S3 User Guide*.
|
1064
1037
|
#
|
1065
|
-
# <
|
1066
|
-
#
|
1067
|
-
#
|
1068
|
-
#
|
1038
|
+
# <b>General purpose buckets </b>
|
1039
|
+
#
|
1040
|
+
# * For general purpose buckets, there are the following supported
|
1041
|
+
# options for server-side encryption: server-side encryption with Key
|
1042
|
+
# Management Service (KMS) keys (SSE-KMS), dual-layer server-side
|
1043
|
+
# encryption with Amazon Web Services KMS keys (DSSE-KMS), and
|
1044
|
+
# server-side encryption with customer-provided encryption keys
|
1045
|
+
# (SSE-C). Amazon S3 uses the corresponding KMS key, or a
|
1046
|
+
# customer-provided key to encrypt the target object copy.
|
1047
|
+
#
|
1048
|
+
# * When you perform a `CopyObject` operation, if you want to use a
|
1049
|
+
# different type of encryption setting for the target object, you can
|
1050
|
+
# specify appropriate encryption-related headers to encrypt the target
|
1051
|
+
# object with an Amazon S3 managed key, a KMS key, or a
|
1052
|
+
# customer-provided key. If the encryption setting in your request is
|
1053
|
+
# different from the default encryption configuration of the
|
1054
|
+
# destination bucket, the encryption setting in your request takes
|
1055
|
+
# precedence.
|
1056
|
+
#
|
1057
|
+
# <b>Directory buckets </b>
|
1058
|
+
#
|
1059
|
+
# * For directory buckets, there are only two supported options for
|
1060
|
+
# server-side encryption: server-side encryption with Amazon S3
|
1061
|
+
# managed keys (SSE-S3) (`AES256`) and server-side encryption with KMS
|
1062
|
+
# keys (SSE-KMS) (`aws:kms`). We recommend that the bucket's default
|
1063
|
+
# encryption uses the desired encryption configuration and you don't
|
1064
|
+
# override the bucket default encryption in your `CreateSession`
|
1065
|
+
# requests or `PUT` object requests. Then, new objects are
|
1066
|
+
# automatically encrypted with the desired encryption settings. For
|
1067
|
+
# more information, see [Protecting data with server-side
|
1068
|
+
# encryption][2] in the *Amazon S3 User Guide*. For more information
|
1069
|
+
# about the encryption overriding behaviors in directory buckets, see
|
1070
|
+
# [Specifying server-side encryption with KMS for new object
|
1071
|
+
# uploads][3].
|
1072
|
+
#
|
1073
|
+
# * To encrypt new object copies to a directory bucket with SSE-KMS, we
|
1074
|
+
# recommend you specify SSE-KMS as the directory bucket's default
|
1075
|
+
# encryption configuration with a KMS key (specifically, a [customer
|
1076
|
+
# managed key][4]). The [Amazon Web Services managed key][5]
|
1077
|
+
# (`aws/s3`) isn't supported. Your SSE-KMS configuration can only
|
1078
|
+
# support 1 [customer managed key][4] per directory bucket for the
|
1079
|
+
# lifetime of the bucket. After you specify a customer managed key for
|
1080
|
+
# SSE-KMS, you can't override the customer managed key for the
|
1081
|
+
# bucket's SSE-KMS configuration. Then, when you perform a
|
1082
|
+
# `CopyObject` operation and want to specify server-side encryption
|
1083
|
+
# settings for new object copies with SSE-KMS in the
|
1084
|
+
# encryption-related request headers, you must ensure the encryption
|
1085
|
+
# key is the same customer managed key that you specified for the
|
1086
|
+
# directory bucket's default encryption configuration.
|
1069
1087
|
#
|
1070
1088
|
#
|
1071
1089
|
#
|
1072
1090
|
# [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/serv-side-encryption.html
|
1091
|
+
# [2]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-serv-side-encryption.html
|
1092
|
+
# [3]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-specifying-kms-encryption.html
|
1093
|
+
# [4]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk
|
1094
|
+
# [5]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk
|
1073
1095
|
# @option options [String] :storage_class
|
1074
1096
|
# If the `x-amz-storage-class` header is not used, the copied object
|
1075
1097
|
# will be stored in the `STANDARD` Storage Class by default. The
|
@@ -1160,32 +1182,55 @@ module Aws::S3
|
|
1160
1182
|
#
|
1161
1183
|
# </note>
|
1162
1184
|
# @option options [String] :ssekms_key_id
|
1163
|
-
# Specifies the KMS ID (Key ID, Key ARN, or Key Alias) to use for
|
1164
|
-
# encryption. All GET and PUT requests for an object protected by
|
1165
|
-
# will fail if they're not made via SSL or using SigV4. For
|
1166
|
-
# about configuring any of the officially supported Amazon
|
1167
|
-
# SDKs and Amazon Web Services CLI, see [Specifying the
|
1168
|
-
# Version in Request Authentication][1] in the *Amazon S3 User
|
1169
|
-
#
|
1170
|
-
#
|
1171
|
-
#
|
1172
|
-
#
|
1173
|
-
#
|
1185
|
+
# Specifies the KMS key ID (Key ID, Key ARN, or Key Alias) to use for
|
1186
|
+
# object encryption. All GET and PUT requests for an object protected by
|
1187
|
+
# KMS will fail if they're not made via SSL or using SigV4. For
|
1188
|
+
# information about configuring any of the officially supported Amazon
|
1189
|
+
# Web Services SDKs and Amazon Web Services CLI, see [Specifying the
|
1190
|
+
# Signature Version in Request Authentication][1] in the *Amazon S3 User
|
1191
|
+
# Guide*.
|
1192
|
+
#
|
1193
|
+
# **Directory buckets** - If you specify `x-amz-server-side-encryption`
|
1194
|
+
# with `aws:kms`, the ` x-amz-server-side-encryption-aws-kms-key-id`
|
1195
|
+
# header is implicitly assigned the ID of the KMS symmetric encryption
|
1196
|
+
# customer managed key that's configured for your directory bucket's
|
1197
|
+
# default encryption setting. If you want to specify the `
|
1198
|
+
# x-amz-server-side-encryption-aws-kms-key-id` header explicitly, you
|
1199
|
+
# can only specify it with the ID (Key ID or Key ARN) of the KMS
|
1200
|
+
# customer managed key that's configured for your directory bucket's
|
1201
|
+
# default encryption setting. Otherwise, you get an HTTP `400 Bad
|
1202
|
+
# Request` error. Only use the key ID or key ARN. The key alias format
|
1203
|
+
# of the KMS key isn't supported. Your SSE-KMS configuration can only
|
1204
|
+
# support 1 [customer managed key][2] per directory bucket for the
|
1205
|
+
# lifetime of the bucket. The [Amazon Web Services managed key][3]
|
1206
|
+
# (`aws/s3`) isn't supported.
|
1174
1207
|
#
|
1175
1208
|
#
|
1176
1209
|
#
|
1177
1210
|
# [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingAWSSDK.html#specify-signature-version
|
1211
|
+
# [2]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk
|
1212
|
+
# [3]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk
|
1178
1213
|
# @option options [String] :ssekms_encryption_context
|
1179
|
-
# Specifies the Amazon Web Services KMS Encryption Context
|
1180
|
-
#
|
1181
|
-
#
|
1182
|
-
#
|
1183
|
-
# `CopyObject` requests.
|
1214
|
+
# Specifies the Amazon Web Services KMS Encryption Context as an
|
1215
|
+
# additional encryption context to use for the destination object
|
1216
|
+
# encryption. The value of this header is a base64-encoded UTF-8 string
|
1217
|
+
# holding JSON with the encryption context key-value pairs.
|
1184
1218
|
#
|
1185
|
-
#
|
1186
|
-
#
|
1219
|
+
# **General purpose buckets** - This value must be explicitly added to
|
1220
|
+
# specify encryption context for `CopyObject` requests if you want an
|
1221
|
+
# additional encryption context for your destination object. The
|
1222
|
+
# additional encryption context of the source object won't be copied to
|
1223
|
+
# the destination object. For more information, see [Encryption
|
1224
|
+
# context][1] in the *Amazon S3 User Guide*.
|
1187
1225
|
#
|
1188
|
-
#
|
1226
|
+
# **Directory buckets** - You can optionally provide an explicit
|
1227
|
+
# encryption context value. The value must match the default encryption
|
1228
|
+
# context - the bucket Amazon Resource Name (ARN). An additional
|
1229
|
+
# encryption context value is not supported.
|
1230
|
+
#
|
1231
|
+
#
|
1232
|
+
#
|
1233
|
+
# [1]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/UsingKMSEncryption.html#encryption-context
|
1189
1234
|
# @option options [Boolean] :bucket_key_enabled
|
1190
1235
|
# Specifies whether Amazon S3 should use an S3 Bucket Key for object
|
1191
1236
|
# encryption with server-side encryption using Key Management Service
|
@@ -1199,14 +1244,19 @@ module Aws::S3
|
|
1199
1244
|
# For more information, see [Amazon S3 Bucket Keys][1] in the *Amazon S3
|
1200
1245
|
# User Guide*.
|
1201
1246
|
#
|
1202
|
-
# <note markdown="1">
|
1203
|
-
#
|
1247
|
+
# <note markdown="1"> **Directory buckets** - S3 Bucket Keys aren't supported, when you
|
1248
|
+
# copy SSE-KMS encrypted objects from general purpose buckets to
|
1249
|
+
# directory buckets, from directory buckets to general purpose buckets,
|
1250
|
+
# or between directory buckets, through [CopyObject][2]. In this case,
|
1251
|
+
# Amazon S3 makes a call to KMS every time a copy request is made for a
|
1252
|
+
# KMS-encrypted object.
|
1204
1253
|
#
|
1205
1254
|
# </note>
|
1206
1255
|
#
|
1207
1256
|
#
|
1208
1257
|
#
|
1209
1258
|
# [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/bucket-key.html
|
1259
|
+
# [2]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_CopyObject.html
|
1210
1260
|
# @option options [String] :copy_source_sse_customer_algorithm
|
1211
1261
|
# Specifies the algorithm to use when decrypting the source object (for
|
1212
1262
|
# example, `AES256`).
|
@@ -1346,7 +1396,7 @@ module Aws::S3
|
|
1346
1396
|
bucket: @bucket_name,
|
1347
1397
|
key: @key
|
1348
1398
|
)
|
1349
|
-
resp = Aws::Plugins::UserAgent.
|
1399
|
+
resp = Aws::Plugins::UserAgent.metric('RESOURCE_MODEL') do
|
1350
1400
|
@client.copy_object(options)
|
1351
1401
|
end
|
1352
1402
|
resp.data
|
@@ -1412,7 +1462,7 @@ module Aws::S3
|
|
1412
1462
|
bucket: @bucket_name,
|
1413
1463
|
key: @key
|
1414
1464
|
)
|
1415
|
-
resp = Aws::Plugins::UserAgent.
|
1465
|
+
resp = Aws::Plugins::UserAgent.metric('RESOURCE_MODEL') do
|
1416
1466
|
@client.delete_object(options)
|
1417
1467
|
end
|
1418
1468
|
resp.data
|
@@ -1662,13 +1712,22 @@ module Aws::S3
|
|
1662
1712
|
# fails with the HTTP status code `403 Forbidden` (access denied).
|
1663
1713
|
# @option options [String] :checksum_mode
|
1664
1714
|
# To retrieve the checksum, this mode must be enabled.
|
1715
|
+
#
|
1716
|
+
# **General purpose buckets** - In addition, if you enable checksum mode
|
1717
|
+
# and the object is uploaded with a [checksum][1] and encrypted with an
|
1718
|
+
# Key Management Service (KMS) key, you must have permission to use the
|
1719
|
+
# `kms:Decrypt` action to retrieve the checksum.
|
1720
|
+
#
|
1721
|
+
#
|
1722
|
+
#
|
1723
|
+
# [1]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_Checksum.html
|
1665
1724
|
# @return [Types::GetObjectOutput]
|
1666
1725
|
def get(options = {}, &block)
|
1667
1726
|
options = options.merge(
|
1668
1727
|
bucket: @bucket_name,
|
1669
1728
|
key: @key
|
1670
1729
|
)
|
1671
|
-
resp = Aws::Plugins::UserAgent.
|
1730
|
+
resp = Aws::Plugins::UserAgent.metric('RESOURCE_MODEL') do
|
1672
1731
|
@client.get_object(options, &block)
|
1673
1732
|
end
|
1674
1733
|
resp.data
|
@@ -2010,10 +2069,52 @@ module Aws::S3
|
|
2010
2069
|
# The server-side encryption algorithm used when you store this object
|
2011
2070
|
# in Amazon S3 (for example, `AES256`, `aws:kms`).
|
2012
2071
|
#
|
2013
|
-
# <
|
2014
|
-
#
|
2072
|
+
# * <b>Directory buckets </b> - For directory buckets, there are only
|
2073
|
+
# two supported options for server-side encryption: server-side
|
2074
|
+
# encryption with Amazon S3 managed keys (SSE-S3) (`AES256`) and
|
2075
|
+
# server-side encryption with KMS keys (SSE-KMS) (`aws:kms`). We
|
2076
|
+
# recommend that the bucket's default encryption uses the desired
|
2077
|
+
# encryption configuration and you don't override the bucket default
|
2078
|
+
# encryption in your `CreateSession` requests or `PUT` object
|
2079
|
+
# requests. Then, new objects are automatically encrypted with the
|
2080
|
+
# desired encryption settings. For more information, see [Protecting
|
2081
|
+
# data with server-side encryption][1] in the *Amazon S3 User Guide*.
|
2082
|
+
# For more information about the encryption overriding behaviors in
|
2083
|
+
# directory buckets, see [Specifying server-side encryption with KMS
|
2084
|
+
# for new object uploads][2].
|
2085
|
+
#
|
2086
|
+
# In the Zonal endpoint API calls (except [CopyObject][3] and
|
2087
|
+
# [UploadPartCopy][4]) using the REST API, the encryption request
|
2088
|
+
# headers must match the encryption settings that are specified in the
|
2089
|
+
# `CreateSession` request. You can't override the values of the
|
2090
|
+
# encryption settings (`x-amz-server-side-encryption`,
|
2091
|
+
# `x-amz-server-side-encryption-aws-kms-key-id`,
|
2092
|
+
# `x-amz-server-side-encryption-context`, and
|
2093
|
+
# `x-amz-server-side-encryption-bucket-key-enabled`) that are
|
2094
|
+
# specified in the `CreateSession` request. You don't need to
|
2095
|
+
# explicitly specify these encryption settings values in Zonal
|
2096
|
+
# endpoint API calls, and Amazon S3 will use the encryption settings
|
2097
|
+
# values from the `CreateSession` request to protect new objects in
|
2098
|
+
# the directory bucket.
|
2099
|
+
#
|
2100
|
+
# <note markdown="1"> When you use the CLI or the Amazon Web Services SDKs, for
|
2101
|
+
# `CreateSession`, the session token refreshes automatically to avoid
|
2102
|
+
# service interruptions when a session expires. The CLI or the Amazon
|
2103
|
+
# Web Services SDKs use the bucket's default encryption configuration
|
2104
|
+
# for the `CreateSession` request. It's not supported to override the
|
2105
|
+
# encryption settings values in the `CreateSession` request. So in the
|
2106
|
+
# Zonal endpoint API calls (except [CopyObject][3] and
|
2107
|
+
# [UploadPartCopy][4]), the encryption request headers must match the
|
2108
|
+
# default encryption configuration of the directory bucket.
|
2015
2109
|
#
|
2016
|
-
#
|
2110
|
+
# </note>
|
2111
|
+
#
|
2112
|
+
#
|
2113
|
+
#
|
2114
|
+
# [1]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-serv-side-encryption.html
|
2115
|
+
# [2]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-specifying-kms-encryption.html
|
2116
|
+
# [3]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_CopyObject.html
|
2117
|
+
# [4]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPartCopy.html
|
2017
2118
|
# @option options [String] :storage_class
|
2018
2119
|
# By default, Amazon S3 uses the STANDARD Storage Class to store newly
|
2019
2120
|
# created objects. The STANDARD storage class provides high durability
|
@@ -2066,32 +2167,74 @@ module Aws::S3
|
|
2066
2167
|
#
|
2067
2168
|
# </note>
|
2068
2169
|
# @option options [String] :ssekms_key_id
|
2069
|
-
# Specifies the ID (Key ID, Key ARN, or Key Alias)
|
2070
|
-
# encryption
|
2071
|
-
#
|
2072
|
-
#
|
2073
|
-
#
|
2074
|
-
#
|
2170
|
+
# Specifies the KMS key ID (Key ID, Key ARN, or Key Alias) to use for
|
2171
|
+
# object encryption. If the KMS key doesn't exist in the same account
|
2172
|
+
# that's issuing the command, you must use the full Key ARN not the Key
|
2173
|
+
# ID.
|
2174
|
+
#
|
2175
|
+
# **General purpose buckets** - If you specify
|
2176
|
+
# `x-amz-server-side-encryption` with `aws:kms` or `aws:kms:dsse`, this
|
2177
|
+
# header specifies the ID (Key ID, Key ARN, or Key Alias) of the KMS key
|
2178
|
+
# to use. If you specify `x-amz-server-side-encryption:aws:kms` or
|
2179
|
+
# `x-amz-server-side-encryption:aws:kms:dsse`, but do not provide
|
2180
|
+
# `x-amz-server-side-encryption-aws-kms-key-id`, Amazon S3 uses the
|
2181
|
+
# Amazon Web Services managed key (`aws/s3`) to protect the data.
|
2182
|
+
#
|
2183
|
+
# **Directory buckets** - If you specify `x-amz-server-side-encryption`
|
2184
|
+
# with `aws:kms`, the ` x-amz-server-side-encryption-aws-kms-key-id`
|
2185
|
+
# header is implicitly assigned the ID of the KMS symmetric encryption
|
2186
|
+
# customer managed key that's configured for your directory bucket's
|
2187
|
+
# default encryption setting. If you want to specify the `
|
2188
|
+
# x-amz-server-side-encryption-aws-kms-key-id` header explicitly, you
|
2189
|
+
# can only specify it with the ID (Key ID or Key ARN) of the KMS
|
2190
|
+
# customer managed key that's configured for your directory bucket's
|
2191
|
+
# default encryption setting. Otherwise, you get an HTTP `400 Bad
|
2192
|
+
# Request` error. Only use the key ID or key ARN. The key alias format
|
2193
|
+
# of the KMS key isn't supported. Your SSE-KMS configuration can only
|
2194
|
+
# support 1 [customer managed key][1] per directory bucket for the
|
2195
|
+
# lifetime of the bucket. The [Amazon Web Services managed key][2]
|
2196
|
+
# (`aws/s3`) isn't supported.
|
2197
|
+
#
|
2198
|
+
#
|
2199
|
+
#
|
2200
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk
|
2201
|
+
# [2]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk
|
2075
2202
|
# @option options [String] :ssekms_encryption_context
|
2076
2203
|
# Specifies the Amazon Web Services KMS Encryption Context to use for
|
2077
|
-
# object encryption. The value of this header is a
|
2078
|
-
#
|
2079
|
-
#
|
2080
|
-
#
|
2081
|
-
#
|
2082
|
-
#
|
2204
|
+
# object encryption. The value of this header is a Base64-encoded string
|
2205
|
+
# of a UTF-8 encoded JSON, which contains the encryption context as
|
2206
|
+
# key-value pairs.
|
2207
|
+
#
|
2208
|
+
# **Directory buckets** - You can optionally provide an explicit
|
2209
|
+
# encryption context value. The value must match the default encryption
|
2210
|
+
# context - the bucket Amazon Resource Name (ARN). An additional
|
2211
|
+
# encryption context value is not supported.
|
2083
2212
|
# @option options [Boolean] :bucket_key_enabled
|
2084
2213
|
# Specifies whether Amazon S3 should use an S3 Bucket Key for object
|
2085
2214
|
# encryption with server-side encryption using Key Management Service
|
2086
|
-
# (KMS) keys (SSE-KMS).
|
2087
|
-
# to use an S3 Bucket Key for object encryption with SSE-KMS.
|
2215
|
+
# (KMS) keys (SSE-KMS).
|
2088
2216
|
#
|
2089
|
-
#
|
2217
|
+
# **General purpose buckets** - Setting this header to `true` causes
|
2218
|
+
# Amazon S3 to use an S3 Bucket Key for object encryption with SSE-KMS.
|
2219
|
+
# Also, specifying this header with a PUT action doesn't affect
|
2090
2220
|
# bucket-level settings for S3 Bucket Key.
|
2091
2221
|
#
|
2092
|
-
#
|
2222
|
+
# **Directory buckets** - S3 Bucket Keys are always enabled for `GET`
|
2223
|
+
# and `PUT` operations in a directory bucket and can’t be disabled. S3
|
2224
|
+
# Bucket Keys aren't supported, when you copy SSE-KMS encrypted objects
|
2225
|
+
# from general purpose buckets to directory buckets, from directory
|
2226
|
+
# buckets to general purpose buckets, or between directory buckets,
|
2227
|
+
# through [CopyObject][1], [UploadPartCopy][2], [the Copy operation in
|
2228
|
+
# Batch Operations][3], or [the import jobs][4]. In this case, Amazon S3
|
2229
|
+
# makes a call to KMS every time a copy request is made for a
|
2230
|
+
# KMS-encrypted object.
|
2093
2231
|
#
|
2094
|
-
#
|
2232
|
+
#
|
2233
|
+
#
|
2234
|
+
# [1]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_CopyObject.html
|
2235
|
+
# [2]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPartCopy.html
|
2236
|
+
# [3]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-buckets-objects-Batch-Ops
|
2237
|
+
# [4]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/create-import-job
|
2095
2238
|
# @option options [String] :request_payer
|
2096
2239
|
# Confirms that the requester knows that they will be charged for the
|
2097
2240
|
# request. Bucket owners need not specify this parameter in their
|
@@ -2153,7 +2296,7 @@ module Aws::S3
|
|
2153
2296
|
bucket: @bucket_name,
|
2154
2297
|
key: @key
|
2155
2298
|
)
|
2156
|
-
resp = Aws::Plugins::UserAgent.
|
2299
|
+
resp = Aws::Plugins::UserAgent.metric('RESOURCE_MODEL') do
|
2157
2300
|
@client.create_multipart_upload(options)
|
2158
2301
|
end
|
2159
2302
|
MultipartUpload.new(
|
@@ -2182,6 +2325,7 @@ module Aws::S3
|
|
2182
2325
|
# checksum_sha1: "ChecksumSHA1",
|
2183
2326
|
# checksum_sha256: "ChecksumSHA256",
|
2184
2327
|
# expires: Time.now,
|
2328
|
+
# if_none_match: "IfNoneMatch",
|
2185
2329
|
# grant_full_control: "GrantFullControl",
|
2186
2330
|
# grant_read: "GrantRead",
|
2187
2331
|
# grant_read_acp: "GrantReadACP",
|
@@ -2289,10 +2433,11 @@ module Aws::S3
|
|
2289
2433
|
# information about REST request authentication, see [REST
|
2290
2434
|
# Authentication][1].
|
2291
2435
|
#
|
2292
|
-
# <note markdown="1"> The `Content-MD5` header is required
|
2293
|
-
# object with a retention period configured
|
2294
|
-
#
|
2295
|
-
# Object Lock
|
2436
|
+
# <note markdown="1"> The `Content-MD5` or `x-amz-sdk-checksum-algorithm` header is required
|
2437
|
+
# for any request to upload an object with a retention period configured
|
2438
|
+
# using Amazon S3 Object Lock. For more information, see [Uploading
|
2439
|
+
# objects to an Object Lock enabled bucket ][2] in the *Amazon S3 User
|
2440
|
+
# Guide*.
|
2296
2441
|
#
|
2297
2442
|
# </note>
|
2298
2443
|
#
|
@@ -2303,7 +2448,7 @@ module Aws::S3
|
|
2303
2448
|
#
|
2304
2449
|
#
|
2305
2450
|
# [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/RESTAuthentication.html
|
2306
|
-
# [2]: https://docs.aws.amazon.com/AmazonS3/latest/
|
2451
|
+
# [2]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lock-managing.html#object-lock-put-object
|
2307
2452
|
# @option options [String] :content_type
|
2308
2453
|
# A standard MIME type describing the format of the contents. For more
|
2309
2454
|
# information, see
|
@@ -2323,13 +2468,13 @@ module Aws::S3
|
|
2323
2468
|
# For the `x-amz-checksum-algorithm ` header, replace ` algorithm ` with
|
2324
2469
|
# the supported algorithm from the following list:
|
2325
2470
|
#
|
2326
|
-
# * CRC32
|
2471
|
+
# * `CRC32`
|
2327
2472
|
#
|
2328
|
-
# * CRC32C
|
2473
|
+
# * `CRC32C`
|
2329
2474
|
#
|
2330
|
-
# * SHA1
|
2475
|
+
# * `SHA1`
|
2331
2476
|
#
|
2332
|
-
# * SHA256
|
2477
|
+
# * `SHA256`
|
2333
2478
|
#
|
2334
2479
|
# For more information, see [Checking object integrity][1] in the
|
2335
2480
|
# *Amazon S3 User Guide*.
|
@@ -2340,20 +2485,27 @@ module Aws::S3
|
|
2340
2485
|
# provided `ChecksumAlgorithm` parameter and uses the checksum algorithm
|
2341
2486
|
# that matches the provided value in `x-amz-checksum-algorithm `.
|
2342
2487
|
#
|
2343
|
-
# <note markdown="1">
|
2344
|
-
#
|
2488
|
+
# <note markdown="1"> The `Content-MD5` or `x-amz-sdk-checksum-algorithm` header is required
|
2489
|
+
# for any request to upload an object with a retention period configured
|
2490
|
+
# using Amazon S3 Object Lock. For more information, see [Uploading
|
2491
|
+
# objects to an Object Lock enabled bucket ][2] in the *Amazon S3 User
|
2492
|
+
# Guide*.
|
2345
2493
|
#
|
2346
2494
|
# </note>
|
2347
2495
|
#
|
2496
|
+
# For directory buckets, when you use Amazon Web Services SDKs, `CRC32`
|
2497
|
+
# is the default checksum algorithm that's used for performance.
|
2498
|
+
#
|
2348
2499
|
#
|
2349
2500
|
#
|
2350
2501
|
# [1]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html
|
2502
|
+
# [2]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/object-lock-managing.html#object-lock-put-object
|
2351
2503
|
# @option options [String] :checksum_crc32
|
2352
2504
|
# This header can be used as a data integrity check to verify that the
|
2353
2505
|
# data received is the same data that was originally sent. This header
|
2354
|
-
# specifies the base64-encoded, 32-bit
|
2355
|
-
# more information, see [Checking object integrity][1] in the
|
2356
|
-
# User Guide*.
|
2506
|
+
# specifies the base64-encoded, 32-bit CRC-32 checksum of the object.
|
2507
|
+
# For more information, see [Checking object integrity][1] in the
|
2508
|
+
# *Amazon S3 User Guide*.
|
2357
2509
|
#
|
2358
2510
|
#
|
2359
2511
|
#
|
@@ -2361,7 +2513,7 @@ module Aws::S3
|
|
2361
2513
|
# @option options [String] :checksum_crc32c
|
2362
2514
|
# This header can be used as a data integrity check to verify that the
|
2363
2515
|
# data received is the same data that was originally sent. This header
|
2364
|
-
# specifies the base64-encoded, 32-bit
|
2516
|
+
# specifies the base64-encoded, 32-bit CRC-32C checksum of the object.
|
2365
2517
|
# For more information, see [Checking object integrity][1] in the
|
2366
2518
|
# *Amazon S3 User Guide*.
|
2367
2519
|
#
|
@@ -2396,6 +2548,24 @@ module Aws::S3
|
|
2396
2548
|
#
|
2397
2549
|
#
|
2398
2550
|
# [1]: https://www.rfc-editor.org/rfc/rfc7234#section-5.3
|
2551
|
+
# @option options [String] :if_none_match
|
2552
|
+
# Uploads the object only if the object key name does not already exist
|
2553
|
+
# in the bucket specified. Otherwise, Amazon S3 returns a `412
|
2554
|
+
# Precondition Failed` error.
|
2555
|
+
#
|
2556
|
+
# If a conflicting operation occurs during the upload S3 returns a `409
|
2557
|
+
# ConditionalRequestConflict` response. On a 409 failure you should
|
2558
|
+
# retry the upload.
|
2559
|
+
#
|
2560
|
+
# Expects the '*' (asterisk) character.
|
2561
|
+
#
|
2562
|
+
# For more information about conditional requests, see [RFC 7232][1], or
|
2563
|
+
# [Conditional requests][2] in the *Amazon S3 User Guide*.
|
2564
|
+
#
|
2565
|
+
#
|
2566
|
+
#
|
2567
|
+
# [1]: https://tools.ietf.org/html/rfc7232
|
2568
|
+
# [2]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/conditional-requests.html
|
2399
2569
|
# @option options [String] :grant_full_control
|
2400
2570
|
# Gives the grantee READ, READ\_ACP, and WRITE\_ACP permissions on the
|
2401
2571
|
# object.
|
@@ -2436,25 +2606,65 @@ module Aws::S3
|
|
2436
2606
|
# object in Amazon S3 (for example, `AES256`, `aws:kms`,
|
2437
2607
|
# `aws:kms:dsse`).
|
2438
2608
|
#
|
2439
|
-
# <b>General purpose buckets </b> - You have four mutually exclusive
|
2440
|
-
#
|
2441
|
-
#
|
2442
|
-
#
|
2443
|
-
#
|
2444
|
-
#
|
2445
|
-
#
|
2446
|
-
#
|
2447
|
-
#
|
2448
|
-
#
|
2449
|
-
#
|
2609
|
+
# * <b>General purpose buckets </b> - You have four mutually exclusive
|
2610
|
+
# options to protect data using server-side encryption in Amazon S3,
|
2611
|
+
# depending on how you choose to manage the encryption keys.
|
2612
|
+
# Specifically, the encryption key options are Amazon S3 managed keys
|
2613
|
+
# (SSE-S3), Amazon Web Services KMS keys (SSE-KMS or DSSE-KMS), and
|
2614
|
+
# customer-provided keys (SSE-C). Amazon S3 encrypts data with
|
2615
|
+
# server-side encryption by using Amazon S3 managed keys (SSE-S3) by
|
2616
|
+
# default. You can optionally tell Amazon S3 to encrypt data at rest
|
2617
|
+
# by using server-side encryption with other key options. For more
|
2618
|
+
# information, see [Using Server-Side Encryption][1] in the *Amazon S3
|
2619
|
+
# User Guide*.
|
2620
|
+
#
|
2621
|
+
# * <b>Directory buckets </b> - For directory buckets, there are only
|
2622
|
+
# two supported options for server-side encryption: server-side
|
2623
|
+
# encryption with Amazon S3 managed keys (SSE-S3) (`AES256`) and
|
2624
|
+
# server-side encryption with KMS keys (SSE-KMS) (`aws:kms`). We
|
2625
|
+
# recommend that the bucket's default encryption uses the desired
|
2626
|
+
# encryption configuration and you don't override the bucket default
|
2627
|
+
# encryption in your `CreateSession` requests or `PUT` object
|
2628
|
+
# requests. Then, new objects are automatically encrypted with the
|
2629
|
+
# desired encryption settings. For more information, see [Protecting
|
2630
|
+
# data with server-side encryption][2] in the *Amazon S3 User Guide*.
|
2631
|
+
# For more information about the encryption overriding behaviors in
|
2632
|
+
# directory buckets, see [Specifying server-side encryption with KMS
|
2633
|
+
# for new object uploads][3].
|
2634
|
+
#
|
2635
|
+
# In the Zonal endpoint API calls (except [CopyObject][4] and
|
2636
|
+
# [UploadPartCopy][5]) using the REST API, the encryption request
|
2637
|
+
# headers must match the encryption settings that are specified in the
|
2638
|
+
# `CreateSession` request. You can't override the values of the
|
2639
|
+
# encryption settings (`x-amz-server-side-encryption`,
|
2640
|
+
# `x-amz-server-side-encryption-aws-kms-key-id`,
|
2641
|
+
# `x-amz-server-side-encryption-context`, and
|
2642
|
+
# `x-amz-server-side-encryption-bucket-key-enabled`) that are
|
2643
|
+
# specified in the `CreateSession` request. You don't need to
|
2644
|
+
# explicitly specify these encryption settings values in Zonal
|
2645
|
+
# endpoint API calls, and Amazon S3 will use the encryption settings
|
2646
|
+
# values from the `CreateSession` request to protect new objects in
|
2647
|
+
# the directory bucket.
|
2648
|
+
#
|
2649
|
+
# <note markdown="1"> When you use the CLI or the Amazon Web Services SDKs, for
|
2650
|
+
# `CreateSession`, the session token refreshes automatically to avoid
|
2651
|
+
# service interruptions when a session expires. The CLI or the Amazon
|
2652
|
+
# Web Services SDKs use the bucket's default encryption configuration
|
2653
|
+
# for the `CreateSession` request. It's not supported to override the
|
2654
|
+
# encryption settings values in the `CreateSession` request. So in the
|
2655
|
+
# Zonal endpoint API calls (except [CopyObject][4] and
|
2656
|
+
# [UploadPartCopy][5]), the encryption request headers must match the
|
2657
|
+
# default encryption configuration of the directory bucket.
|
2450
2658
|
#
|
2451
|
-
#
|
2452
|
-
# server-side encryption with Amazon S3 managed keys (SSE-S3) (`AES256`)
|
2453
|
-
# value is supported.
|
2659
|
+
# </note>
|
2454
2660
|
#
|
2455
2661
|
#
|
2456
2662
|
#
|
2457
2663
|
# [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingServerSideEncryption.html
|
2664
|
+
# [2]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-serv-side-encryption.html
|
2665
|
+
# [3]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-specifying-kms-encryption.html
|
2666
|
+
# [4]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_CopyObject.html
|
2667
|
+
# [5]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPartCopy.html
|
2458
2668
|
# @option options [String] :storage_class
|
2459
2669
|
# By default, Amazon S3 uses the STANDARD Storage Class to store newly
|
2460
2670
|
# created objects. The STANDARD storage class provides high durability
|
@@ -2528,44 +2738,86 @@ module Aws::S3
|
|
2528
2738
|
#
|
2529
2739
|
# </note>
|
2530
2740
|
# @option options [String] :ssekms_key_id
|
2531
|
-
#
|
2532
|
-
#
|
2533
|
-
#
|
2534
|
-
#
|
2535
|
-
#
|
2536
|
-
#
|
2537
|
-
# x-amz-server-side-encryption
|
2538
|
-
#
|
2539
|
-
#
|
2540
|
-
#
|
2741
|
+
# Specifies the KMS key ID (Key ID, Key ARN, or Key Alias) to use for
|
2742
|
+
# object encryption. If the KMS key doesn't exist in the same account
|
2743
|
+
# that's issuing the command, you must use the full Key ARN not the Key
|
2744
|
+
# ID.
|
2745
|
+
#
|
2746
|
+
# **General purpose buckets** - If you specify
|
2747
|
+
# `x-amz-server-side-encryption` with `aws:kms` or `aws:kms:dsse`, this
|
2748
|
+
# header specifies the ID (Key ID, Key ARN, or Key Alias) of the KMS key
|
2749
|
+
# to use. If you specify `x-amz-server-side-encryption:aws:kms` or
|
2750
|
+
# `x-amz-server-side-encryption:aws:kms:dsse`, but do not provide
|
2751
|
+
# `x-amz-server-side-encryption-aws-kms-key-id`, Amazon S3 uses the
|
2752
|
+
# Amazon Web Services managed key (`aws/s3`) to protect the data.
|
2753
|
+
#
|
2754
|
+
# **Directory buckets** - If you specify `x-amz-server-side-encryption`
|
2755
|
+
# with `aws:kms`, the ` x-amz-server-side-encryption-aws-kms-key-id`
|
2756
|
+
# header is implicitly assigned the ID of the KMS symmetric encryption
|
2757
|
+
# customer managed key that's configured for your directory bucket's
|
2758
|
+
# default encryption setting. If you want to specify the `
|
2759
|
+
# x-amz-server-side-encryption-aws-kms-key-id` header explicitly, you
|
2760
|
+
# can only specify it with the ID (Key ID or Key ARN) of the KMS
|
2761
|
+
# customer managed key that's configured for your directory bucket's
|
2762
|
+
# default encryption setting. Otherwise, you get an HTTP `400 Bad
|
2763
|
+
# Request` error. Only use the key ID or key ARN. The key alias format
|
2764
|
+
# of the KMS key isn't supported. Your SSE-KMS configuration can only
|
2765
|
+
# support 1 [customer managed key][1] per directory bucket for the
|
2766
|
+
# lifetime of the bucket. The [Amazon Web Services managed key][2]
|
2767
|
+
# (`aws/s3`) isn't supported.
|
2768
|
+
#
|
2769
|
+
#
|
2770
|
+
#
|
2771
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk
|
2772
|
+
# [2]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk
|
2773
|
+
# @option options [String] :ssekms_encryption_context
|
2774
|
+
# Specifies the Amazon Web Services KMS Encryption Context as an
|
2775
|
+
# additional encryption context to use for object encryption. The value
|
2776
|
+
# of this header is a Base64-encoded string of a UTF-8 encoded JSON,
|
2777
|
+
# which contains the encryption context as key-value pairs. This value
|
2778
|
+
# is stored as object metadata and automatically gets passed on to
|
2779
|
+
# Amazon Web Services KMS for future `GetObject` operations on this
|
2780
|
+
# object.
|
2541
2781
|
#
|
2542
|
-
#
|
2782
|
+
# **General purpose buckets** - This value must be explicitly added
|
2783
|
+
# during `CopyObject` operations if you want an additional encryption
|
2784
|
+
# context for your object. For more information, see [Encryption
|
2785
|
+
# context][1] in the *Amazon S3 User Guide*.
|
2543
2786
|
#
|
2544
|
-
#
|
2545
|
-
#
|
2546
|
-
#
|
2547
|
-
#
|
2548
|
-
# string holding JSON with the encryption context key-value pairs. This
|
2549
|
-
# value is stored as object metadata and automatically gets passed on to
|
2550
|
-
# Amazon Web Services KMS for future `GetObject` or `CopyObject`
|
2551
|
-
# operations on this object. This value must be explicitly added during
|
2552
|
-
# `CopyObject` operations.
|
2787
|
+
# **Directory buckets** - You can optionally provide an explicit
|
2788
|
+
# encryption context value. The value must match the default encryption
|
2789
|
+
# context - the bucket Amazon Resource Name (ARN). An additional
|
2790
|
+
# encryption context value is not supported.
|
2553
2791
|
#
|
2554
|
-
# <note markdown="1"> This functionality is not supported for directory buckets.
|
2555
2792
|
#
|
2556
|
-
#
|
2793
|
+
#
|
2794
|
+
# [1]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/UsingKMSEncryption.html#encryption-context
|
2557
2795
|
# @option options [Boolean] :bucket_key_enabled
|
2558
2796
|
# Specifies whether Amazon S3 should use an S3 Bucket Key for object
|
2559
2797
|
# encryption with server-side encryption using Key Management Service
|
2560
|
-
# (KMS) keys (SSE-KMS).
|
2561
|
-
# to use an S3 Bucket Key for object encryption with SSE-KMS.
|
2798
|
+
# (KMS) keys (SSE-KMS).
|
2562
2799
|
#
|
2563
|
-
#
|
2564
|
-
#
|
2800
|
+
# **General purpose buckets** - Setting this header to `true` causes
|
2801
|
+
# Amazon S3 to use an S3 Bucket Key for object encryption with SSE-KMS.
|
2802
|
+
# Also, specifying this header with a PUT action doesn't affect
|
2803
|
+
# bucket-level settings for S3 Bucket Key.
|
2565
2804
|
#
|
2566
|
-
#
|
2805
|
+
# **Directory buckets** - S3 Bucket Keys are always enabled for `GET`
|
2806
|
+
# and `PUT` operations in a directory bucket and can’t be disabled. S3
|
2807
|
+
# Bucket Keys aren't supported, when you copy SSE-KMS encrypted objects
|
2808
|
+
# from general purpose buckets to directory buckets, from directory
|
2809
|
+
# buckets to general purpose buckets, or between directory buckets,
|
2810
|
+
# through [CopyObject][1], [UploadPartCopy][2], [the Copy operation in
|
2811
|
+
# Batch Operations][3], or [the import jobs][4]. In this case, Amazon S3
|
2812
|
+
# makes a call to KMS every time a copy request is made for a
|
2813
|
+
# KMS-encrypted object.
|
2567
2814
|
#
|
2568
|
-
#
|
2815
|
+
#
|
2816
|
+
#
|
2817
|
+
# [1]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_CopyObject.html
|
2818
|
+
# [2]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_UploadPartCopy.html
|
2819
|
+
# [3]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-buckets-objects-Batch-Ops
|
2820
|
+
# [4]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/create-import-job
|
2569
2821
|
# @option options [String] :request_payer
|
2570
2822
|
# Confirms that the requester knows that they will be charged for the
|
2571
2823
|
# request. Bucket owners need not specify this parameter in their
|
@@ -2624,7 +2876,7 @@ module Aws::S3
|
|
2624
2876
|
bucket: @bucket_name,
|
2625
2877
|
key: @key
|
2626
2878
|
)
|
2627
|
-
resp = Aws::Plugins::UserAgent.
|
2879
|
+
resp = Aws::Plugins::UserAgent.metric('RESOURCE_MODEL') do
|
2628
2880
|
@client.put_object(options)
|
2629
2881
|
end
|
2630
2882
|
resp.data
|
@@ -2765,7 +3017,7 @@ module Aws::S3
|
|
2765
3017
|
bucket: @bucket_name,
|
2766
3018
|
key: @key
|
2767
3019
|
)
|
2768
|
-
resp = Aws::Plugins::UserAgent.
|
3020
|
+
resp = Aws::Plugins::UserAgent.metric('RESOURCE_MODEL') do
|
2769
3021
|
@client.restore_object(options)
|
2770
3022
|
end
|
2771
3023
|
resp.data
|
@@ -2779,6 +3031,12 @@ module Aws::S3
|
|
2779
3031
|
# if_none_match: "IfNoneMatch",
|
2780
3032
|
# if_unmodified_since: Time.now,
|
2781
3033
|
# range: "Range",
|
3034
|
+
# response_cache_control: "ResponseCacheControl",
|
3035
|
+
# response_content_disposition: "ResponseContentDisposition",
|
3036
|
+
# response_content_encoding: "ResponseContentEncoding",
|
3037
|
+
# response_content_language: "ResponseContentLanguage",
|
3038
|
+
# response_content_type: "ResponseContentType",
|
3039
|
+
# response_expires: Time.now,
|
2782
3040
|
# version_id: "ObjectVersionId",
|
2783
3041
|
# sse_customer_algorithm: "SSECustomerAlgorithm",
|
2784
3042
|
# sse_customer_key: "SSECustomerKey",
|
@@ -2866,6 +3124,18 @@ module Aws::S3
|
|
2866
3124
|
# satisfiable, only the `ContentLength` is affected in the response. If
|
2867
3125
|
# the Range is not satisfiable, S3 returns a `416 - Requested Range Not
|
2868
3126
|
# Satisfiable` error.
|
3127
|
+
# @option options [String] :response_cache_control
|
3128
|
+
# Sets the `Cache-Control` header of the response.
|
3129
|
+
# @option options [String] :response_content_disposition
|
3130
|
+
# Sets the `Content-Disposition` header of the response.
|
3131
|
+
# @option options [String] :response_content_encoding
|
3132
|
+
# Sets the `Content-Encoding` header of the response.
|
3133
|
+
# @option options [String] :response_content_language
|
3134
|
+
# Sets the `Content-Language` header of the response.
|
3135
|
+
# @option options [String] :response_content_type
|
3136
|
+
# Sets the `Content-Type` header of the response.
|
3137
|
+
# @option options [Time,DateTime,Date,Integer,String] :response_expires
|
3138
|
+
# Sets the `Expires` header of the response.
|
2869
3139
|
# @option options [String] :version_id
|
2870
3140
|
# Version ID used to reference a specific version of the object.
|
2871
3141
|
#
|
@@ -2926,17 +3196,27 @@ module Aws::S3
|
|
2926
3196
|
# @option options [String] :checksum_mode
|
2927
3197
|
# To retrieve the checksum, this parameter must be enabled.
|
2928
3198
|
#
|
2929
|
-
#
|
2930
|
-
#
|
2931
|
-
# KMS), you must have permission to use the
|
2932
|
-
#
|
3199
|
+
# **General purpose buckets** - If you enable checksum mode and the
|
3200
|
+
# object is uploaded with a [checksum][1] and encrypted with an Key
|
3201
|
+
# Management Service (KMS) key, you must have permission to use the
|
3202
|
+
# `kms:Decrypt` action to retrieve the checksum.
|
3203
|
+
#
|
3204
|
+
# **Directory buckets** - If you enable `ChecksumMode` and the object is
|
3205
|
+
# encrypted with Amazon Web Services Key Management Service (Amazon Web
|
3206
|
+
# Services KMS), you must also have the `kms:GenerateDataKey` and
|
3207
|
+
# `kms:Decrypt` permissions in IAM identity-based policies and KMS key
|
3208
|
+
# policies for the KMS key to retrieve the checksum of the object.
|
3209
|
+
#
|
3210
|
+
#
|
3211
|
+
#
|
3212
|
+
# [1]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_Checksum.html
|
2933
3213
|
# @return [Types::HeadObjectOutput]
|
2934
3214
|
def head(options = {})
|
2935
3215
|
options = options.merge(
|
2936
3216
|
bucket: @bucket_name,
|
2937
3217
|
key: @key
|
2938
3218
|
)
|
2939
|
-
resp = Aws::Plugins::UserAgent.
|
3219
|
+
resp = Aws::Plugins::UserAgent.metric('RESOURCE_MODEL') do
|
2940
3220
|
@client.head_object(options)
|
2941
3221
|
end
|
2942
3222
|
resp.data
|
@@ -3119,13 +3399,13 @@ module Aws::S3
|
|
3119
3399
|
# For the `x-amz-checksum-algorithm ` header, replace ` algorithm ` with
|
3120
3400
|
# the supported algorithm from the following list:
|
3121
3401
|
#
|
3122
|
-
# * CRC32
|
3402
|
+
# * `CRC32`
|
3123
3403
|
#
|
3124
|
-
# * CRC32C
|
3404
|
+
# * `CRC32C`
|
3125
3405
|
#
|
3126
|
-
# * SHA1
|
3406
|
+
# * `SHA1`
|
3127
3407
|
#
|
3128
|
-
# * SHA256
|
3408
|
+
# * `SHA256`
|
3129
3409
|
#
|
3130
3410
|
# For more information, see [Checking object integrity][1] in the
|
3131
3411
|
# *Amazon S3 User Guide*.
|
@@ -3154,7 +3434,7 @@ module Aws::S3
|
|
3154
3434
|
key: item.key
|
3155
3435
|
}
|
3156
3436
|
end
|
3157
|
-
Aws::Plugins::UserAgent.
|
3437
|
+
Aws::Plugins::UserAgent.metric('RESOURCE_MODEL') do
|
3158
3438
|
batch[0].client.delete_objects(params)
|
3159
3439
|
end
|
3160
3440
|
end
|
@@ -3166,3 +3446,6 @@ module Aws::S3
|
|
3166
3446
|
end
|
3167
3447
|
end
|
3168
3448
|
end
|
3449
|
+
|
3450
|
+
# Load customizations if they exist
|
3451
|
+
require 'aws-sdk-s3/customizations/object'
|