aws-sdk-s3 1.156.0 → 1.157.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (8) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +5 -0
  3. data/VERSION +1 -1
  4. data/lib/aws-sdk-s3/access_grants_credentials_provider.rb +12 -3
  5. data/lib/aws-sdk-s3/client.rb +1 -1
  6. data/lib/aws-sdk-s3/plugins/access_grants.rb +68 -4
  7. data/lib/aws-sdk-s3.rb +1 -1
  8. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 444d8fbcdc8d19b75228bdec52d8e1651f4d35459866847055b0d7e16d56371a
4
- data.tar.gz: 785d49ecff3a7441d4f3c196ed64d7cfbe79330627c585fc7108a4a7b11d6d2b
3
+ metadata.gz: 39a77f1b089e257fe94bc26a0ca7309479a61cff7f46326243f2d1b002ce2bac
4
+ data.tar.gz: e2dbcc9f6ea92e1097d84130a2cd1c3e1caae305bdeb8b450056872edd2b4f74
5
5
  SHA512:
6
- metadata.gz: e60cb04b18ce10ec62f4b63f28cf8ed7adf206a22910c7251ed9d1c2040a3466cb2d09a0987d6fc8d2361b4c15dfa0b764877b5c7bdedd03146383b5a11a79ae
7
- data.tar.gz: 2e5654d95f462359aebeae89f2b855211b95acbe1820ad354a7a8c0e8261ff1188715e469637aea8c647124a7672f102a08e5fa78d73ed27253fcb886cfa13b8
6
+ metadata.gz: e34240198a44e4e678e0be7ef836318ff899ec61edc29bc2866d432eb6af834a7f81b801ea85ec35e26deec1e59705c1829b22e66093e6591d84dbc966f76e0e
7
+ data.tar.gz: 362065ca01c2d4a9e33cc9beb43afce43fbcb8c593db5785a32c623bbc99fe63471a41d767a1ae91343b94aba7df0e80360c0310c1f07aa052c76d63d07fda09
data/CHANGELOG.md CHANGED
@@ -1,6 +1,11 @@
1
1
  Unreleased Changes
2
2
  ------------------
3
3
 
4
+ 1.157.0 (2024-08-01)
5
+ ------------------
6
+
7
+ * Feature - Support `head_bucket`, `get_object_attributes`, `delete_objects`, and `copy_object` for Access Grants.
8
+
4
9
  1.156.0 (2024-07-02)
5
10
  ------------------
6
11
 
data/VERSION CHANGED
@@ -1 +1 @@
1
- 1.156.0
1
+ 1.157.0
data/lib/aws-sdk-s3/access_grants_credentials_provider.rb CHANGED
@@ -47,6 +47,8 @@ module Aws
47
47
  @caching = options.delete(:caching) != false
48
48
  @s3_control_clients = {}
49
49
  @bucket_region_cache = Aws::S3.bucket_region_cache
50
+ @head_bucket_mutex = Mutex.new
51
+ @head_bucket_call = false
50
52
  return unless @caching
51
53
 
52
54
  @credentials_cache = Aws::S3.access_grants_credentials_cache
@@ -195,9 +197,16 @@ module Aws
195
197
  end
196
198
 
197
199
  def new_bucket_region_for(bucket)
198
- @s3_client.head_bucket(bucket: bucket).bucket_region
199
- rescue Aws::S3::Errors::Http301Error => e
200
- e.data.region
200
+ @head_bucket_mutex.synchronize do
201
+ begin
202
+ @head_bucket_call = true
203
+ @s3_client.head_bucket(bucket: bucket).bucket_region
204
+ rescue Aws::S3::Errors::Http301Error => e
205
+ e.data.region
206
+ ensure
207
+ @head_bucket_call = false
208
+ end
209
+ end
201
210
  end
202
211
 
203
212
  # returns the account id for the configured credentials
data/lib/aws-sdk-s3/client.rb CHANGED
@@ -18863,7 +18863,7 @@ module Aws::S3
18863
18863
  params: params,
18864
18864
  config: config)
18865
18865
  context[:gem_name] = 'aws-sdk-s3'
18866
- context[:gem_version] = '1.156.0'
18866
+ context[:gem_version] = '1.157.0'
18867
18867
  Seahorse::Client::Request.new(handlers, context)
18868
18868
  end
18869
18869
 
data/lib/aws-sdk-s3/plugins/access_grants.rb CHANGED
@@ -44,25 +44,47 @@ setting, caching, and fallback behavior.
44
44
  list_objects_v2: 'READ',
45
45
  list_object_versions: 'READ',
46
46
  list_parts: 'READ',
47
+ head_bucket: 'READ',
48
+ get_object_attributes: 'READ',
47
49
  put_object: 'WRITE',
48
50
  put_object_acl: 'WRITE',
49
51
  delete_object: 'WRITE',
50
52
  abort_multipart_upload: 'WRITE',
51
53
  create_multipart_upload: 'WRITE',
52
54
  upload_part: 'WRITE',
53
- complete_multipart_upload: 'WRITE'
55
+ complete_multipart_upload: 'WRITE',
56
+ delete_objects: 'WRITE',
57
+ copy_object: 'READWRITE'
54
58
  }.freeze
55
59
 
56
60
  def call(context)
61
+ provider = context.config.access_grants_credentials_provider
62
+
57
63
  if access_grants_operation?(context) &&
58
- !s3_express_endpoint?(context)
64
+ !s3_express_endpoint?(context) &&
65
+ !credentials_head_bucket_call?(provider)
59
66
  params = context[:endpoint_params]
60
67
  permission = PERMISSION_MAP[context.operation_name]
61
68
 
62
- provider = context.config.access_grants_credentials_provider
69
+ key =
70
+ case context.operation_name
71
+ when :delete_objects
72
+ delete_params = context.params[:delete]
73
+ common_prefixes(delete_params[:objects].map { |o| o[:key] })
74
+ when :copy_object
75
+ source_bucket, source_key = params[:copy_source].split('/', 2)
76
+ if params[:bucket] != source_bucket
77
+ raise ArgumentError,
78
+ 'source and destination bucket must be the same'
79
+ end
80
+ common_prefixes([params[:key], source_key])
81
+ else
82
+ params[:key]
83
+ end
84
+
63
85
  credentials = provider.access_grants_credentials_for(
64
86
  bucket: params[:bucket],
65
- key: params[:key],
87
+ key: key,
66
88
  prefix: params[:prefix],
67
89
  permission: permission
68
90
  )
@@ -80,6 +102,12 @@ setting, caching, and fallback behavior.
80
102
  Aws::Plugins::UserAgent.metric('S3_ACCESS_GRANTS', &block)
81
103
  end
82
104
 
105
+ # HeadBucket is a supported call. When fetching credentials,
106
+ # this plugin is executed again, and becomes recursive.
107
+ def credentials_head_bucket_call?(provider)
108
+ provider.instance_variable_get(:@head_bucket_call)
109
+ end
110
+
83
111
  def access_grants_operation?(context)
84
112
  params = context[:endpoint_params]
85
113
  params[:bucket] && PERMISSION_MAP[context.operation_name]
@@ -88,6 +116,42 @@ setting, caching, and fallback behavior.
88
116
  def s3_express_endpoint?(context)
89
117
  context[:endpoint_properties]['backend'] == 'S3Express'
90
118
  end
119
+
120
+ # Return the common prefix of the keys, regardless of the delimiter.
121
+ # For example, given keys ['foo/bar', 'foo/baz'], the common prefix
122
+ # is 'foo/ba'.
123
+ def common_prefixes(keys)
124
+ return '' if keys.empty?
125
+
126
+ first_key = keys[0]
127
+ common_ancestor = first_key
128
+ last_prefix = ''
129
+ keys.each do |k|
130
+ until common_ancestor.empty?
131
+ break if k.start_with?(common_ancestor)
132
+
133
+ last_index = common_ancestor.rindex('/')
134
+ return '' if last_index.nil?
135
+
136
+ last_prefix = common_ancestor[(last_index + 1)..-1]
137
+ common_ancestor = common_ancestor[0...last_index]
138
+ end
139
+ end
140
+ new_common_ancestor = "#{common_ancestor}/#{last_prefix}"
141
+ keys.each do |k|
142
+ until last_prefix.empty?
143
+ break if k.start_with?(new_common_ancestor)
144
+
145
+ last_prefix = last_prefix[0...-1]
146
+ new_common_ancestor = "#{common_ancestor}/#{last_prefix}"
147
+ end
148
+ end
149
+ if new_common_ancestor == "#{first_key}/"
150
+ first_key
151
+ else
152
+ new_common_ancestor
153
+ end
154
+ end
91
155
  end
92
156
 
93
157
  def add_handlers(handlers, config)
data/lib/aws-sdk-s3.rb CHANGED
@@ -73,6 +73,6 @@ require_relative 'aws-sdk-s3/event_streams'
73
73
  # @!group service
74
74
  module Aws::S3
75
75
 
76
- GEM_VERSION = '1.156.0'
76
+ GEM_VERSION = '1.157.0'
77
77
 
78
78
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: aws-sdk-s3
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.156.0
4
+ version: 1.157.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Amazon Web Services
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2024-07-02 00:00:00.000000000 Z
11
+ date: 2024-08-01 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: aws-sdk-kms