aws-sdk-s3 1.151.0 → 1.208.0

data/lib/aws-sdk-s3/plugins/express_session_auth.rb

@@ -29,33 +29,30 @@ for different buckets.
         # @api private
         class Handler < Seahorse::Client::Handler
           def call(context)
-            if (props = context[:endpoint_properties])
-              # S3 Express endpoint - turn off md5 and enable crc32 default
-              if props['backend'] == 'S3Express'
-                if context.operation_name == :put_object || checksum_required?(context)
-                  context[:default_request_checksum_algorithm] = 'CRC32'
-                end
-                context[:s3_express_endpoint] = true
-              end
+            context[:s3_express_endpoint] = true if s3_express_endpoint?(context)
 
-              # if s3 express auth, use new credentials and sign additional header
-              if context[:auth_scheme]['name'] == 'sigv4-s3express' &&
-                 !context.config.disable_s3_express_session_auth
-                bucket = context.params[:bucket]
-                credentials_provider = context.config.express_credentials_provider
-                credentials = credentials_provider.express_credentials_for(bucket)
-                context[:sigv4_credentials] = credentials # Sign will use this
-              end
+            # if s3 express auth, use new credentials and sign additional header
+            if context[:auth_scheme]['name'] == 'sigv4-s3express' &&
+               !context.config.disable_s3_express_session_auth
+              bucket = context.params[:bucket]
+              credentials_provider = context.config.express_credentials_provider
+              credentials = credentials_provider.express_credentials_for(bucket)
+              context[:sigv4_credentials] = credentials # Sign will use this
             end
-            @handler.call(context)
+
+            with_metric(credentials) { @handler.call(context) }
           end
 
           private
 
-          def checksum_required?(context)
-            context.operation.http_checksum_required ||
-              (context.operation.http_checksum &&
-                context.operation.http_checksum['requestChecksumRequired'])
+          def with_metric(credentials, &block)
+            return block.call unless credentials
+
+            Aws::Plugins::UserAgent.metric('S3_EXPRESS_BUCKET', &block)
+          end
+
+          def s3_express_endpoint?(context)
+            context[:endpoint_properties]['backend'] == 'S3Express'
           end
         end
 

data/lib/aws-sdk-s3/plugins/http_200_errors.rb

@@ -15,22 +15,67 @@ module Aws
 
           def call(context)
             @handler.call(context).on(200) do |response|
-              if error = check_for_error(context)
-                context.http_response.status_code = 500
-                response.data = nil
-                response.error = error
+              return response if streaming_output?(context.operation.output)
+
+              error = check_for_error(context)
+              return response unless error
+
+              context.http_response.status_code = 500
+              response.data = nil
+              response.error = error
+            end
+          end
+
+          private
+
+          # Streaming outputs are not subject to 200 errors.
+          def streaming_output?(output)
+            if (payload = output[:payload_member])
+              # checking ref and shape
+              payload['streaming'] || payload.shape['streaming'] ||
+                payload.eventstream
+            else
+              false
+            end
+          end
+
+          # Checks if the output shape is a structure shape and has members that
+          # are in the body for the case of a payload and a normal structure. A
+          # non-structure shape will not have members in the body. In the case
+          # of a string or blob, the body contents would have been checked first
+          # before this method is called in incomplete_xml_body?.
+          def members_in_body?(output)
+            shape =
+              if output[:payload_member]
+                output[:payload_member].shape
+              else
+                output.shape
               end
+
+            if structure_shape?(shape)
+              shape.members.any? { |_, k| k.location.nil? }
+            else
+              false
             end
           end
 
+          def structure_shape?(shape)
+            shape.is_a?(Seahorse::Model::Shapes::StructureShape)
+          end
+
+          # Must have a member in the body and have the start of an XML Tag.
+          # Other incomplete xml bodies will result in an XML ParsingError.
+          def incomplete_xml_body?(xml, output)
+            members_in_body?(output) && !xml.match(/<\w/)
+          end
+
           def check_for_error(context)
             xml = context.http_response.body_contents
-            if xml.match(/<Error>/)
-              error_code = xml.match(/<Code>(.+?)<\/Code>/)[1]
-              error_message = xml.match(/<Message>(.+?)<\/Message>/)[1]
+            if xml.match(/<\?xml\s[^>]*\?>\s*<Error>/)
+              error_code = xml.match(%r{<Code>(.+?)</Code>})[1]
+              error_message = xml.match(%r{<Message>(.+?)</Message>})[1]
               S3::Errors.error_class(error_code).new(context, error_message)
-            elsif !xml.match(/<\w/) # Must have the start of an XML Tag
-              # Other incomplete xml bodies will result in XML ParsingError
+            elsif incomplete_xml_body?(xml, context.operation.output)
               Seahorse::Client::NetworkingError.new(
                 S3::Errors
                   .error_class('InternalError')
@@ -40,15 +85,7 @@ module Aws
           end
         end
 
-        handler(
-          Handler,
-          step: :sign,
-          operations: [
-            :complete_multipart_upload,
-            :copy_object,
-            :upload_part_copy,
-          ]
-        )
+        handler(Handler, step: :sign)
       end
     end
   end

data/lib/aws-sdk-s3/plugins/md5s.rb

@@ -6,81 +6,20 @@ module Aws
   module S3
     module Plugins
       # @api private
-      # This plugin is effectively deprecated in favor of modeled
+      # This plugin is deprecated in favor of modeled
       # httpChecksumRequired traits.
       class Md5s < Seahorse::Client::Plugin
-        # These operations allow Content MD5 but are not required by
-        # httpChecksumRequired. This list should not grow.
-        OPTIONAL_OPERATIONS = [
-          :put_object,
-          :upload_part
-        ]
-
-        # @api private
-        class Handler < Seahorse::Client::Handler
-
-          CHUNK_SIZE = 1 * 1024 * 1024 # one MB
-
-          def call(context)
-            if !context[:checksum_algorithms] && # skip in favor of flexible checksum
-               !context[:s3_express_endpoint] # s3 express endpoints do not support md5
-              body = context.http_request.body
-              if body.respond_to?(:size) && body.size > 0
-                context.http_request.headers['Content-Md5'] ||= md5(body)
-              end
-            end
-            @handler.call(context)
-          end
-
-          private
-
-          # @param [File, Tempfile, IO#read, String] value
-          # @return [String<MD5>]
-          def md5(value)
-            if (File === value || Tempfile === value) && !value.path.nil? && File.exist?(value.path)
-              OpenSSL::Digest::MD5.file(value).base64digest
-            elsif value.respond_to?(:read)
-              md5 = OpenSSL::Digest::MD5.new
-              update_in_chunks(md5, value)
-              md5.base64digest
-            else
-              OpenSSL::Digest::MD5.digest(value).base64digest
-            end
-          end
-
-          def update_in_chunks(digest, io)
-            loop do
-              chunk = io.read(CHUNK_SIZE)
-              break unless chunk
-              digest.update(chunk)
-            end
-            io.rewind
-          end
-
-        end
-
         option(:compute_checksums,
-          default: true,
-          doc_type: 'Boolean',
-          docstring: <<-DOCS)
-When `true` a MD5 checksum will be computed and sent in the Content Md5
-header for :put_object and :upload_part. When `false`, MD5 checksums
-will not be computed for these operations. Checksums are still computed
-for operations requiring them. Checksum errors returned by Amazon S3 are
-automatically retried up to `:retry_limit` times.
-          DOCS
-
-        def add_handlers(handlers, config)
-          if config.compute_checksums
-            # priority set low to ensure md5 is computed AFTER the request is
-            # built but before it is signed
-            handlers.add(
-              Handler,
-              priority: 10, step: :build, operations: OPTIONAL_OPERATIONS
-            )
-          end
+               default: true,
+               doc_type: 'Boolean',
+               docstring: <<~DOCS)
+                 This option is deprecated. Please use `:request_checksum_calculation` instead.
+                 When `false`, `request_checksum_calculation` is overridden to `when_required`.
+               DOCS
+
+        def after_initialize(client)
+          client.config.request_checksum_calculation = 'when_required' unless client.config.compute_checksums
         end
-
       end
     end
   end

data/lib/aws-sdk-s3/plugins/streaming_retry.rb

@@ -62,18 +62,16 @@ module Aws
         class Handler < Seahorse::Client::Handler
 
           def call(context)
-            target = context.params[:response_target] || context[:response_target]
-
             # retry is only supported when range is NOT set on the initial request
-            if supported_target?(target) && !context.params[:range]
-              add_event_listeners(context, target)
+            if supported_target?(context) && !context.params[:range]
+              add_event_listeners(context)
             end
             @handler.call(context)
           end
 
           private
 
-          def add_event_listeners(context, target)
+          def add_event_listeners(context)
             context.http_response.on_headers(200..299) do
               case context.http_response.body
               when Seahorse::Client::BlockIO then
@@ -123,8 +121,8 @@ module Aws
               context.http_response.body.is_a?(RetryableManagedFile)
           end
 
-          def supported_target?(target)
-            case target
+          def supported_target?(context)
+            case context[:response_target]
             when Proc, String, Pathname then true
             else false
             end

data/lib/aws-sdk-s3/plugins/url_encoded_keys.rb

@@ -1,7 +1,8 @@
 # frozen_string_literal: true
 
 require 'uri'
-require 'cgi'
+require "cgi/escape"
+require "cgi/util" if RUBY_VERSION < "3.5"
 
 module Aws
   module S3

data/lib/aws-sdk-s3/presigner.rb

@@ -193,15 +193,14 @@ module Aws
         req, expires_in, secure, time, unsigned_headers, hoist = true
       )
         x_amz_headers = {}
-
         http_req = req.context.http_request
-
-        req.handlers.remove(Aws::S3::Plugins::S3Signer::LegacyHandler)
-        req.handlers.remove(Aws::Plugins::Sign::Handler)
         req.handlers.remove(Seahorse::Client::Plugins::ContentLength::Handler)
         req.handlers.remove(Aws::Rest::ContentTypeHandler)
+        req.handlers.remove(Aws::Plugins::ChecksumAlgorithm::OptionHandler)
+        req.handlers.remove(Aws::Plugins::ChecksumAlgorithm::ChecksumHandler)
         req.handlers.remove(Aws::Plugins::InvocationId::Handler)
-
+        req.handlers.remove(Aws::Plugins::Sign::Handler)
+        req.handlers.remove(Aws::S3::Plugins::S3Signer::LegacyHandler)
         req.handle(step: :send) do |context|
           # if an endpoint was not provided, force secure or insecure
           if context.config.regional_endpoint
@@ -238,6 +237,7 @@ module Aws
             credentials_provider: context[:sigv4_credentials] || context.config.credentials,
             signing_algorithm: scheme_name.to_sym,
             uri_escape_path: !!!auth_scheme['disableDoubleEncoding'],
+            normalize_path: !!!auth_scheme['disableNormalizePath'],
             unsigned_headers: unsigned_headers,
             apply_checksum_header: false
           )

data/lib/aws-sdk-s3/resource.rb

@@ -41,15 +41,21 @@ module Aws::S3
     #     acl: "private", # accepts private, public-read, public-read-write, authenticated-read
     #     bucket: "BucketName", # required
     #     create_bucket_configuration: {
-    #       location_constraint: "af-south-1", # accepts af-south-1, ap-east-1, ap-northeast-1, ap-northeast-2, ap-northeast-3, ap-south-1, ap-south-2, ap-southeast-1, ap-southeast-2, ap-southeast-3, ca-central-1, cn-north-1, cn-northwest-1, EU, eu-central-1, eu-north-1, eu-south-1, eu-south-2, eu-west-1, eu-west-2, eu-west-3, me-south-1, sa-east-1, us-east-2, us-gov-east-1, us-gov-west-1, us-west-1, us-west-2
+    #       location_constraint: "af-south-1", # accepts af-south-1, ap-east-1, ap-northeast-1, ap-northeast-2, ap-northeast-3, ap-south-1, ap-south-2, ap-southeast-1, ap-southeast-2, ap-southeast-3, ap-southeast-4, ap-southeast-5, ca-central-1, cn-north-1, cn-northwest-1, EU, eu-central-1, eu-central-2, eu-north-1, eu-south-1, eu-south-2, eu-west-1, eu-west-2, eu-west-3, il-central-1, me-central-1, me-south-1, sa-east-1, us-east-2, us-gov-east-1, us-gov-west-1, us-west-1, us-west-2
     #       location: {
-    #         type: "AvailabilityZone", # accepts AvailabilityZone
+    #         type: "AvailabilityZone", # accepts AvailabilityZone, LocalZone
     #         name: "LocationNameAsString",
     #       },
     #       bucket: {
-    #         data_redundancy: "SingleAvailabilityZone", # accepts SingleAvailabilityZone
+    #         data_redundancy: "SingleAvailabilityZone", # accepts SingleAvailabilityZone, SingleLocalZone
     #         type: "Directory", # accepts Directory
     #       },
+    #       tags: [
+    #         {
+    #           key: "ObjectKey", # required
+    #           value: "Value", # required
+    #         },
+    #       ],
     #     },
     #     grant_full_control: "GrantFullControl",
     #     grant_read: "GrantRead",
@@ -75,13 +81,14 @@ module Aws::S3
     #
     #   <b>Directory buckets </b> - When you use this operation with a
     #   directory bucket, you must use path-style requests in the format
-    #   `https://s3express-control.region_code.amazonaws.com/bucket-name `.
+    #   `https://s3express-control.region-code.amazonaws.com/bucket-name `.
     #   Virtual-hosted-style requests aren't supported. Directory bucket
-    #   names must be unique in the chosen Availability Zone. Bucket names
-    #   must also follow the format ` bucket_base_name--az_id--x-s3` (for
-    #   example, ` DOC-EXAMPLE-BUCKET--usw2-az1--x-s3`). For information about
-    #   bucket naming restrictions, see [Directory bucket naming rules][2] in
-    #   the *Amazon S3 User Guide*
+    #   names must be unique in the chosen Zone (Availability Zone or Local
+    #   Zone). Bucket names must also follow the format `
+    #   bucket-base-name--zone-id--x-s3` (for example, `
+    #   DOC-EXAMPLE-BUCKET--usw2-az1--x-s3`). For information about bucket
+    #   naming restrictions, see [Directory bucket naming rules][2] in the
+    #   *Amazon S3 User Guide*
     #
     #
     #
@@ -166,7 +173,7 @@ module Aws::S3
     #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html
     # @return [Bucket]
     def create_bucket(options = {})
-      Aws::Plugins::UserAgent.feature('resource') do
+      Aws::Plugins::UserAgent.metric('RESOURCE_MODEL') do
         @client.create_bucket(options)
       end
       Bucket.new(
@@ -188,23 +195,49 @@ module Aws::S3
 
     # @example Request syntax with placeholder values
     #
-    #   s3.buckets()
+    #   buckets = s3.buckets({
+    #     prefix: "Prefix",
+    #     bucket_region: "BucketRegion",
+    #   })
     # @param [Hash] options ({})
+    # @option options [String] :prefix
+    #   Limits the response to bucket names that begin with the specified
+    #   bucket name prefix.
+    # @option options [String] :bucket_region
+    #   Limits the response to buckets that are located in the specified
+    #   Amazon Web Services Region. The Amazon Web Services Region must be
+    #   expressed according to the Amazon Web Services Region code, such as
+    #   `us-west-2` for the US West (Oregon) Region. For a list of the valid
+    #   values for all of the Amazon Web Services Regions, see [Regions and
+    #   Endpoints][1].
+    #
+    #   <note markdown="1"> Requests made to a Regional endpoint that is different from the
+    #   `bucket-region` parameter are not supported. For example, if you want
+    #   to limit the response to your buckets in Region `us-west-2`, the
+    #   request must be made to an endpoint in Region `us-west-2`.
+    #
+    #    </note>
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region
     # @return [Bucket::Collection]
     def buckets(options = {})
       batches = Enumerator.new do |y|
-        batch = []
-        resp = Aws::Plugins::UserAgent.feature('resource') do
+        resp = Aws::Plugins::UserAgent.metric('RESOURCE_MODEL') do
           @client.list_buckets(options)
         end
-        resp.data.buckets.each do |b|
-          batch << Bucket.new(
-            name: b.name,
-            data: b,
-            client: @client
-          )
+        resp.each_page do |page|
+          batch = []
+          page.data.buckets.each do |b|
+            batch << Bucket.new(
+              name: b.name,
+              data: b,
+              client: @client
+            )
+          end
+          y.yield(batch)
         end
-        y.yield(batch)
       end
       Bucket::Collection.new(batches)
     end