aws-sdk-s3 1.156.0 → 1.157.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (8) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +5 -0
  3. data/VERSION +1 -1
  4. data/lib/aws-sdk-s3/access_grants_credentials_provider.rb +12 -3
  5. data/lib/aws-sdk-s3/client.rb +1 -1
  6. data/lib/aws-sdk-s3/plugins/access_grants.rb +68 -4
  7. data/lib/aws-sdk-s3.rb +1 -1
  8. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 444d8fbcdc8d19b75228bdec52d8e1651f4d35459866847055b0d7e16d56371a
4
- data.tar.gz: 785d49ecff3a7441d4f3c196ed64d7cfbe79330627c585fc7108a4a7b11d6d2b
3
+ metadata.gz: 39a77f1b089e257fe94bc26a0ca7309479a61cff7f46326243f2d1b002ce2bac
4
+ data.tar.gz: e2dbcc9f6ea92e1097d84130a2cd1c3e1caae305bdeb8b450056872edd2b4f74
5
5
  SHA512:
6
- metadata.gz: e60cb04b18ce10ec62f4b63f28cf8ed7adf206a22910c7251ed9d1c2040a3466cb2d09a0987d6fc8d2361b4c15dfa0b764877b5c7bdedd03146383b5a11a79ae
7
- data.tar.gz: 2e5654d95f462359aebeae89f2b855211b95acbe1820ad354a7a8c0e8261ff1188715e469637aea8c647124a7672f102a08e5fa78d73ed27253fcb886cfa13b8
6
+ metadata.gz: e34240198a44e4e678e0be7ef836318ff899ec61edc29bc2866d432eb6af834a7f81b801ea85ec35e26deec1e59705c1829b22e66093e6591d84dbc966f76e0e
7
+ data.tar.gz: 362065ca01c2d4a9e33cc9beb43afce43fbcb8c593db5785a32c623bbc99fe63471a41d767a1ae91343b94aba7df0e80360c0310c1f07aa052c76d63d07fda09
data/CHANGELOG.md CHANGED
@@ -1,6 +1,11 @@
1
1
  Unreleased Changes
2
2
  ------------------
3
3
 
4
+ 1.157.0 (2024-08-01)
5
+ ------------------
6
+
7
+ * Feature - Support `head_bucket`, `get_object_attributes`, `delete_objects`, and `copy_object` for Access Grants.
8
+
4
9
  1.156.0 (2024-07-02)
5
10
  ------------------
6
11
 
data/VERSION CHANGED
@@ -1 +1 @@
1
- 1.156.0
1
+ 1.157.0
data/lib/aws-sdk-s3/access_grants_credentials_provider.rb CHANGED
@@ -47,6 +47,8 @@ module Aws
47
47
  @caching = options.delete(:caching) != false
48
48
  @s3_control_clients = {}
49
49
  @bucket_region_cache = Aws::S3.bucket_region_cache
50
+ @head_bucket_mutex = Mutex.new
51
+ @head_bucket_call = false
50
52
  return unless @caching
51
53
 
52
54
  @credentials_cache = Aws::S3.access_grants_credentials_cache
@@ -195,9 +197,16 @@ module Aws
195
197
  end
196
198
 
197
199
  def new_bucket_region_for(bucket)
198
- @s3_client.head_bucket(bucket: bucket).bucket_region
199
- rescue Aws::S3::Errors::Http301Error => e
200
- e.data.region
200
+ @head_bucket_mutex.synchronize do
201
+ begin
202
+ @head_bucket_call = true
203
+ @s3_client.head_bucket(bucket: bucket).bucket_region
204
+ rescue Aws::S3::Errors::Http301Error => e
205
+ e.data.region
206
+ ensure
207
+ @head_bucket_call = false
208
+ end
209
+ end
201
210
  end
202
211
 
203
212
  # returns the account id for the configured credentials
data/lib/aws-sdk-s3/client.rb CHANGED
@@ -18863,7 +18863,7 @@ module Aws::S3
18863
18863
  params: params,
18864
18864
  config: config)
18865
18865
  context[:gem_name] = 'aws-sdk-s3'
18866
- context[:gem_version] = '1.156.0'
18866
+ context[:gem_version] = '1.157.0'
18867
18867
  Seahorse::Client::Request.new(handlers, context)
18868
18868
  end
18869
18869
 
data/lib/aws-sdk-s3/plugins/access_grants.rb CHANGED
@@ -44,25 +44,47 @@ setting, caching, and fallback behavior.
44
44
  list_objects_v2: 'READ',
45
45
  list_object_versions: 'READ',
46
46
  list_parts: 'READ',
47
+ head_bucket: 'READ',
48
+ get_object_attributes: 'READ',
47
49
  put_object: 'WRITE',
48
50
  put_object_acl: 'WRITE',
49
51
  delete_object: 'WRITE',
50
52
  abort_multipart_upload: 'WRITE',
51
53
  create_multipart_upload: 'WRITE',
52
54
  upload_part: 'WRITE',
53
- complete_multipart_upload: 'WRITE'
55
+ complete_multipart_upload: 'WRITE',
56
+ delete_objects: 'WRITE',
57
+ copy_object: 'READWRITE'
54
58
  }.freeze
55
59
 
56
60
  def call(context)
61
+ provider = context.config.access_grants_credentials_provider
62
+
57
63
  if access_grants_operation?(context) &&
58
- !s3_express_endpoint?(context)
64
+ !s3_express_endpoint?(context) &&
65
+ !credentials_head_bucket_call?(provider)
59
66
  params = context[:endpoint_params]
60
67
  permission = PERMISSION_MAP[context.operation_name]
61
68
 
62
- provider = context.config.access_grants_credentials_provider
69
+ key =
70
+ case context.operation_name
71
+ when :delete_objects
72
+ delete_params = context.params[:delete]
73
+ common_prefixes(delete_params[:objects].map { |o| o[:key] })
74
+ when :copy_object
75
+ source_bucket, source_key = params[:copy_source].split('/', 2)
76
+ if params[:bucket] != source_bucket
77
+ raise ArgumentError,
78
+ 'source and destination bucket must be the same'
79
+ end
80
+ common_prefixes([params[:key], source_key])
81
+ else
82
+ params[:key]
83
+ end
84
+
63
85
  credentials = provider.access_grants_credentials_for(
64
86
  bucket: params[:bucket],
65
- key: params[:key],
87
+ key: key,
66
88
  prefix: params[:prefix],
67
89
  permission: permission
68
90
  )
@@ -80,6 +102,12 @@ setting, caching, and fallback behavior.
80
102
  Aws::Plugins::UserAgent.metric('S3_ACCESS_GRANTS', &block)
81
103
  end
82
104
 
105
+ # HeadBucket is a supported call. When fetching credentials,
106
+ # this plugin is executed again, and becomes recursive.
107
+ def credentials_head_bucket_call?(provider)
108
+ provider.instance_variable_get(:@head_bucket_call)
109
+ end
110
+
83
111
  def access_grants_operation?(context)
84
112
  params = context[:endpoint_params]
85
113
  params[:bucket] && PERMISSION_MAP[context.operation_name]
@@ -88,6 +116,42 @@ setting, caching, and fallback behavior.
88
116
  def s3_express_endpoint?(context)
89
117
  context[:endpoint_properties]['backend'] == 'S3Express'
90
118
  end
119
+
120
+ # Return the common prefix of the keys, regardless of the delimiter.
121
+ # For example, given keys ['foo/bar', 'foo/baz'], the common prefix
122
+ # is 'foo/ba'.
123
+ def common_prefixes(keys)
124
+ return '' if keys.empty?
125
+
126
+ first_key = keys[0]
127
+ common_ancestor = first_key
128
+ last_prefix = ''
129
+ keys.each do |k|
130
+ until common_ancestor.empty?
131
+ break if k.start_with?(common_ancestor)
132
+
133
+ last_index = common_ancestor.rindex('/')
134
+ return '' if last_index.nil?
135
+
136
+ last_prefix = common_ancestor[(last_index + 1)..-1]
137
+ common_ancestor = common_ancestor[0...last_index]
138
+ end
139
+ end
140
+ new_common_ancestor = "#{common_ancestor}/#{last_prefix}"
141
+ keys.each do |k|
142
+ until last_prefix.empty?
143
+ break if k.start_with?(new_common_ancestor)
144
+
145
+ last_prefix = last_prefix[0...-1]
146
+ new_common_ancestor = "#{common_ancestor}/#{last_prefix}"
147
+ end
148
+ end
149
+ if new_common_ancestor == "#{first_key}/"
150
+ first_key
151
+ else
152
+ new_common_ancestor
153
+ end
154
+ end
91
155
  end
92
156
 
93
157
  def add_handlers(handlers, config)
data/lib/aws-sdk-s3.rb CHANGED
@@ -73,6 +73,6 @@ require_relative 'aws-sdk-s3/event_streams'
73
73
  # @!group service
74
74
  module Aws::S3
75
75
 
76
- GEM_VERSION = '1.156.0'
76
+ GEM_VERSION = '1.157.0'
77
77
 
78
78
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: aws-sdk-s3
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.156.0
4
+ version: 1.157.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Amazon Web Services
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2024-07-02 00:00:00.000000000 Z
11
+ date: 2024-08-01 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: aws-sdk-kms