RubyGems - aws-sdk-s3 - Versions diffs - 1.156.0 → 1.159.0 - Mend

aws-sdk-s3 1.156.0 → 1.159.0

Files changed (23) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +15 -0
data/VERSION +1 -1
data/lib/aws-sdk-s3/access_grants_credentials_provider.rb +12 -3
data/lib/aws-sdk-s3/bucket.rb +79 -16
data/lib/aws-sdk-s3/client.rb +541 -312
data/lib/aws-sdk-s3/client_api.rb +16 -1
data/lib/aws-sdk-s3/multipart_upload.rb +20 -0
data/lib/aws-sdk-s3/object.rb +36 -4
data/lib/aws-sdk-s3/object_summary.rb +28 -0
data/lib/aws-sdk-s3/object_version.rb +17 -4
data/lib/aws-sdk-s3/plugins/access_grants.rb +68 -4
data/lib/aws-sdk-s3/resource.rb +10 -8
data/lib/aws-sdk-s3/types.rb +294 -47
data/lib/aws-sdk-s3.rb +1 -1
data/sig/bucket.rbs +1 -0
data/sig/client.rbs +7 -1
data/sig/multipart_upload.rbs +1 -0
data/sig/object.rbs +1 -0
data/sig/object_summary.rbs +1 -0
data/sig/resource.rbs +2 -1
data/sig/types.rbs +9 -0
metadata +2 -2

data/lib/aws-sdk-s3/client_api.rb CHANGED Viewed

@@ -334,6 +334,7 @@ module Aws::S3
     ListBucketMetricsConfigurationsOutput = Shapes::StructureShape.new(name: 'ListBucketMetricsConfigurationsOutput')
     ListBucketMetricsConfigurationsRequest = Shapes::StructureShape.new(name: 'ListBucketMetricsConfigurationsRequest')
     ListBucketsOutput = Shapes::StructureShape.new(name: 'ListBucketsOutput')
+    ListBucketsRequest = Shapes::StructureShape.new(name: 'ListBucketsRequest')
     ListDirectoryBucketsOutput = Shapes::StructureShape.new(name: 'ListDirectoryBucketsOutput')
     ListDirectoryBucketsRequest = Shapes::StructureShape.new(name: 'ListDirectoryBucketsRequest')
     ListMultipartUploadsOutput = Shapes::StructureShape.new(name: 'ListMultipartUploadsOutput')
@@ -357,6 +358,7 @@ module Aws::S3
     MFADeleteStatus = Shapes::StringShape.new(name: 'MFADeleteStatus')
     Marker = Shapes::StringShape.new(name: 'Marker')
     MaxAgeSeconds = Shapes::IntegerShape.new(name: 'MaxAgeSeconds')
+    MaxBuckets = Shapes::IntegerShape.new(name: 'MaxBuckets')
     MaxDirectoryBuckets = Shapes::IntegerShape.new(name: 'MaxDirectoryBuckets')
     MaxKeys = Shapes::IntegerShape.new(name: 'MaxKeys')
     MaxParts = Shapes::IntegerShape.new(name: 'MaxParts')
@@ -768,6 +770,7 @@ module Aws::S3
     CompleteMultipartUploadRequest.add_member(:checksum_sha256, Shapes::ShapeRef.new(shape: ChecksumSHA256, location: "header", location_name: "x-amz-checksum-sha256"))
     CompleteMultipartUploadRequest.add_member(:request_payer, Shapes::ShapeRef.new(shape: RequestPayer, location: "header", location_name: "x-amz-request-payer"))
     CompleteMultipartUploadRequest.add_member(:expected_bucket_owner, Shapes::ShapeRef.new(shape: AccountId, location: "header", location_name: "x-amz-expected-bucket-owner"))
+    CompleteMultipartUploadRequest.add_member(:if_none_match, Shapes::ShapeRef.new(shape: IfNoneMatch, location: "header", location_name: "If-None-Match"))
     CompleteMultipartUploadRequest.add_member(:sse_customer_algorithm, Shapes::ShapeRef.new(shape: SSECustomerAlgorithm, location: "header", location_name: "x-amz-server-side-encryption-customer-algorithm"))
     CompleteMultipartUploadRequest.add_member(:sse_customer_key, Shapes::ShapeRef.new(shape: SSECustomerKey, location: "header", location_name: "x-amz-server-side-encryption-customer-key"))
     CompleteMultipartUploadRequest.add_member(:sse_customer_key_md5, Shapes::ShapeRef.new(shape: SSECustomerKeyMD5, location: "header", location_name: "x-amz-server-side-encryption-customer-key-MD5"))
@@ -1707,8 +1710,13 @@ module Aws::S3
     ListBucketsOutput.add_member(:buckets, Shapes::ShapeRef.new(shape: Buckets, location_name: "Buckets"))
     ListBucketsOutput.add_member(:owner, Shapes::ShapeRef.new(shape: Owner, location_name: "Owner"))
+    ListBucketsOutput.add_member(:continuation_token, Shapes::ShapeRef.new(shape: NextToken, location_name: "ContinuationToken"))
     ListBucketsOutput.struct_class = Types::ListBucketsOutput
+    ListBucketsRequest.add_member(:max_buckets, Shapes::ShapeRef.new(shape: MaxBuckets, location: "querystring", location_name: "max-buckets"))
+    ListBucketsRequest.add_member(:continuation_token, Shapes::ShapeRef.new(shape: Token, location: "querystring", location_name: "continuation-token"))
+    ListBucketsRequest.struct_class = Types::ListBucketsRequest
     ListDirectoryBucketsOutput.add_member(:buckets, Shapes::ShapeRef.new(shape: Buckets, location_name: "Buckets"))
     ListDirectoryBucketsOutput.add_member(:continuation_token, Shapes::ShapeRef.new(shape: DirectoryBucketToken, location_name: "ContinuationToken"))
     ListDirectoryBucketsOutput.struct_class = Types::ListDirectoryBucketsOutput
@@ -2311,6 +2319,7 @@ module Aws::S3
     PutObjectRequest.add_member(:checksum_sha1, Shapes::ShapeRef.new(shape: ChecksumSHA1, location: "header", location_name: "x-amz-checksum-sha1"))
     PutObjectRequest.add_member(:checksum_sha256, Shapes::ShapeRef.new(shape: ChecksumSHA256, location: "header", location_name: "x-amz-checksum-sha256"))
     PutObjectRequest.add_member(:expires, Shapes::ShapeRef.new(shape: Expires, location: "header", location_name: "Expires"))
+    PutObjectRequest.add_member(:if_none_match, Shapes::ShapeRef.new(shape: IfNoneMatch, location: "header", location_name: "If-None-Match"))
     PutObjectRequest.add_member(:grant_full_control, Shapes::ShapeRef.new(shape: GrantFullControl, location: "header", location_name: "x-amz-grant-full-control"))
     PutObjectRequest.add_member(:grant_read, Shapes::ShapeRef.new(shape: GrantRead, location: "header", location_name: "x-amz-grant-read"))
     PutObjectRequest.add_member(:grant_read_acp, Shapes::ShapeRef.new(shape: GrantReadACP, location: "header", location_name: "x-amz-grant-read-acp"))
@@ -3291,8 +3300,14 @@ module Aws::S3
         o.name = "ListBuckets"
         o.http_method = "GET"
         o.http_request_uri = "/"
-        o.input = Shapes::ShapeRef.new(shape: Shapes::StructureShape.new(struct_class: Aws::EmptyStructure))
+        o.input = Shapes::ShapeRef.new(shape: ListBucketsRequest)
         o.output = Shapes::ShapeRef.new(shape: ListBucketsOutput)
+        o[:pager] = Aws::Pager.new(
+          limit_key: "max_buckets",
+          tokens: {
+            "continuation_token" => "continuation_token"
+          }
+        )
       end)
       api.add_operation(:list_directory_buckets, Seahorse::Model::Operation.new.tap do |o|

data/lib/aws-sdk-s3/multipart_upload.rb CHANGED Viewed

@@ -295,6 +295,7 @@ module Aws::S3
     #     checksum_sha256: "ChecksumSHA256",
     #     request_payer: "requester", # accepts requester
     #     expected_bucket_owner: "AccountId",
+    #     if_none_match: "IfNoneMatch",
     #     sse_customer_algorithm: "SSECustomerAlgorithm",
     #     sse_customer_key: "SSECustomerKey",
     #     sse_customer_key_md5: "SSECustomerKeyMD5",
@@ -362,6 +363,25 @@ module Aws::S3
     #   The account ID of the expected bucket owner. If the account ID that
     #   you provide does not match the actual owner of the bucket, the request
     #   fails with the HTTP status code `403 Forbidden` (access denied).
+    # @option options [String] :if_none_match
+    #   Uploads the object only if the object key name does not already exist
+    #   in the bucket specified. Otherwise, Amazon S3 returns a `412
+    #   Precondition Failed` error.
+    #
+    #   If a conflicting operation occurs during the upload S3 returns a `409
+    #   ConditionalRequestConflict` response. On a 409 failure you should
+    #   re-initiate the multipart upload with `CreateMultipartUpload` and
+    #   re-upload each part.
+    #
+    #   Expects the '*' (asterisk) character.
+    #
+    #   For more information about conditional requests, see [RFC 7232][1], or
+    #   [Conditional requests][2] in the *Amazon S3 User Guide*.
+    #
+    #
+    #
+    #   [1]: https://tools.ietf.org/html/rfc7232
+    #   [2]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/conditional-requests.html
     # @option options [String] :sse_customer_algorithm
     #   The server-side encryption (SSE) algorithm used to encrypt the object.
     #   This parameter is required only when the object was created using a

data/lib/aws-sdk-s3/object.rb CHANGED Viewed

@@ -1662,6 +1662,15 @@ module Aws::S3
     #   fails with the HTTP status code `403 Forbidden` (access denied).
     # @option options [String] :checksum_mode
     #   To retrieve the checksum, this mode must be enabled.
+    #
+    #   In addition, if you enable checksum mode and the object is uploaded
+    #   with a [checksum][1] and encrypted with an Key Management Service
+    #   (KMS) key, you must have permission to use the `kms:Decrypt` action to
+    #   retrieve the checksum.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_Checksum.html
     # @return [Types::GetObjectOutput]
     def get(options = {}, &block)
       options = options.merge(
@@ -2182,6 +2191,7 @@ module Aws::S3
     #     checksum_sha1: "ChecksumSHA1",
     #     checksum_sha256: "ChecksumSHA256",
     #     expires: Time.now,
+    #     if_none_match: "IfNoneMatch",
     #     grant_full_control: "GrantFullControl",
     #     grant_read: "GrantRead",
     #     grant_read_acp: "GrantReadACP",
@@ -2396,6 +2406,24 @@ module Aws::S3
     #
     #
     #   [1]: https://www.rfc-editor.org/rfc/rfc7234#section-5.3
+    # @option options [String] :if_none_match
+    #   Uploads the object only if the object key name does not already exist
+    #   in the bucket specified. Otherwise, Amazon S3 returns a `412
+    #   Precondition Failed` error.
+    #
+    #   If a conflicting operation occurs during the upload S3 returns a `409
+    #   ConditionalRequestConflict` response. On a 409 failure you should
+    #   retry the upload.
+    #
+    #   Expects the '*' (asterisk) character.
+    #
+    #   For more information about conditional requests, see [RFC 7232][1], or
+    #   [Conditional requests][2] in the *Amazon S3 User Guide*.
+    #
+    #
+    #
+    #   [1]: https://tools.ietf.org/html/rfc7232
+    #   [2]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/conditional-requests.html
     # @option options [String] :grant_full_control
     #   Gives the grantee READ, READ\_ACP, and WRITE\_ACP permissions on the
     #   object.
@@ -2944,10 +2972,14 @@ module Aws::S3
     # @option options [String] :checksum_mode
     #   To retrieve the checksum, this parameter must be enabled.
     #
-    #   In addition, if you enable `ChecksumMode` and the object is encrypted
-    #   with Amazon Web Services Key Management Service (Amazon Web Services
-    #   KMS), you must have permission to use the `kms:Decrypt` action for the
-    #   request to succeed.
+    #   In addition, if you enable checksum mode and the object is uploaded
+    #   with a [checksum][1] and encrypted with an Key Management Service
+    #   (KMS) key, you must have permission to use the `kms:Decrypt` action to
+    #   retrieve the checksum.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_Checksum.html
     # @return [Types::HeadObjectOutput]
     def head(options = {})
       options = options.merge(

data/lib/aws-sdk-s3/object_summary.rb CHANGED Viewed

@@ -1298,6 +1298,15 @@ module Aws::S3
     #   fails with the HTTP status code `403 Forbidden` (access denied).
     # @option options [String] :checksum_mode
     #   To retrieve the checksum, this mode must be enabled.
+    #
+    #   In addition, if you enable checksum mode and the object is uploaded
+    #   with a [checksum][1] and encrypted with an Key Management Service
+    #   (KMS) key, you must have permission to use the `kms:Decrypt` action to
+    #   retrieve the checksum.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_Checksum.html
     # @return [Types::GetObjectOutput]
     def get(options = {}, &block)
       options = options.merge(
@@ -1818,6 +1827,7 @@ module Aws::S3
     #     checksum_sha1: "ChecksumSHA1",
     #     checksum_sha256: "ChecksumSHA256",
     #     expires: Time.now,
+    #     if_none_match: "IfNoneMatch",
     #     grant_full_control: "GrantFullControl",
     #     grant_read: "GrantRead",
     #     grant_read_acp: "GrantReadACP",
@@ -2032,6 +2042,24 @@ module Aws::S3
     #
     #
     #   [1]: https://www.rfc-editor.org/rfc/rfc7234#section-5.3
+    # @option options [String] :if_none_match
+    #   Uploads the object only if the object key name does not already exist
+    #   in the bucket specified. Otherwise, Amazon S3 returns a `412
+    #   Precondition Failed` error.
+    #
+    #   If a conflicting operation occurs during the upload S3 returns a `409
+    #   ConditionalRequestConflict` response. On a 409 failure you should
+    #   retry the upload.
+    #
+    #   Expects the '*' (asterisk) character.
+    #
+    #   For more information about conditional requests, see [RFC 7232][1], or
+    #   [Conditional requests][2] in the *Amazon S3 User Guide*.
+    #
+    #
+    #
+    #   [1]: https://tools.ietf.org/html/rfc7232
+    #   [2]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/conditional-requests.html
     # @option options [String] :grant_full_control
     #   Gives the grantee READ, READ\_ACP, and WRITE\_ACP permissions on the
     #   object.

data/lib/aws-sdk-s3/object_version.rb CHANGED Viewed

@@ -523,6 +523,15 @@ module Aws::S3
     #   fails with the HTTP status code `403 Forbidden` (access denied).
     # @option options [String] :checksum_mode
     #   To retrieve the checksum, this mode must be enabled.
+    #
+    #   In addition, if you enable checksum mode and the object is uploaded
+    #   with a [checksum][1] and encrypted with an Key Management Service
+    #   (KMS) key, you must have permission to use the `kms:Decrypt` action to
+    #   retrieve the checksum.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_Checksum.html
     # @return [Types::GetObjectOutput]
     def get(options = {}, &block)
       options = options.merge(
@@ -701,10 +710,14 @@ module Aws::S3
     # @option options [String] :checksum_mode
     #   To retrieve the checksum, this parameter must be enabled.
     #
-    #   In addition, if you enable `ChecksumMode` and the object is encrypted
-    #   with Amazon Web Services Key Management Service (Amazon Web Services
-    #   KMS), you must have permission to use the `kms:Decrypt` action for the
-    #   request to succeed.
+    #   In addition, if you enable checksum mode and the object is uploaded
+    #   with a [checksum][1] and encrypted with an Key Management Service
+    #   (KMS) key, you must have permission to use the `kms:Decrypt` action to
+    #   retrieve the checksum.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_Checksum.html
     # @return [Types::HeadObjectOutput]
     def head(options = {})
       options = options.merge(

data/lib/aws-sdk-s3/plugins/access_grants.rb CHANGED Viewed

@@ -44,25 +44,47 @@ setting, caching, and fallback behavior.
             list_objects_v2: 'READ',
             list_object_versions: 'READ',
             list_parts: 'READ',
+            head_bucket: 'READ',
+            get_object_attributes: 'READ',
             put_object: 'WRITE',
             put_object_acl: 'WRITE',
             delete_object: 'WRITE',
             abort_multipart_upload: 'WRITE',
             create_multipart_upload: 'WRITE',
             upload_part: 'WRITE',
-            complete_multipart_upload: 'WRITE'
+            complete_multipart_upload: 'WRITE',
+            delete_objects: 'WRITE',
+            copy_object: 'READWRITE'
           }.freeze
           def call(context)
+            provider = context.config.access_grants_credentials_provider
             if access_grants_operation?(context) &&
-               !s3_express_endpoint?(context)
+               !s3_express_endpoint?(context) &&
+               !credentials_head_bucket_call?(provider)
               params = context[:endpoint_params]
               permission = PERMISSION_MAP[context.operation_name]
-              provider = context.config.access_grants_credentials_provider
+              key =
+                case context.operation_name
+                when :delete_objects
+                  delete_params = context.params[:delete]
+                  common_prefixes(delete_params[:objects].map { |o| o[:key] })
+                when :copy_object
+                  source_bucket, source_key = params[:copy_source].split('/', 2)
+                  if params[:bucket] != source_bucket
+                    raise ArgumentError,
+                          'source and destination bucket must be the same'
+                  end
+                  common_prefixes([params[:key], source_key])
+                else
+                  params[:key]
+                end
               credentials = provider.access_grants_credentials_for(
                 bucket: params[:bucket],
-                key: params[:key],
+                key: key,
                 prefix: params[:prefix],
                 permission: permission
               )
@@ -80,6 +102,12 @@ setting, caching, and fallback behavior.
             Aws::Plugins::UserAgent.metric('S3_ACCESS_GRANTS', &block)
           end
+          # HeadBucket is a supported call. When fetching credentials,
+          # this plugin is executed again, and becomes recursive.
+          def credentials_head_bucket_call?(provider)
+            provider.instance_variable_get(:@head_bucket_call)
+          end
           def access_grants_operation?(context)
             params = context[:endpoint_params]
             params[:bucket] && PERMISSION_MAP[context.operation_name]
@@ -88,6 +116,42 @@ setting, caching, and fallback behavior.
           def s3_express_endpoint?(context)
             context[:endpoint_properties]['backend'] == 'S3Express'
           end
+          # Return the common prefix of the keys, regardless of the delimiter.
+          # For example, given keys ['foo/bar', 'foo/baz'], the common prefix
+          # is 'foo/ba'.
+          def common_prefixes(keys)
+            return '' if keys.empty?
+            first_key = keys[0]
+            common_ancestor = first_key
+            last_prefix = ''
+            keys.each do |k|
+              until common_ancestor.empty?
+                break if k.start_with?(common_ancestor)
+                last_index = common_ancestor.rindex('/')
+                return '' if last_index.nil?
+                last_prefix = common_ancestor[(last_index + 1)..-1]
+                common_ancestor = common_ancestor[0...last_index]
+              end
+            end
+            new_common_ancestor = "#{common_ancestor}/#{last_prefix}"
+            keys.each do |k|
+              until last_prefix.empty?
+                break if k.start_with?(new_common_ancestor)
+                last_prefix = last_prefix[0...-1]
+                new_common_ancestor = "#{common_ancestor}/#{last_prefix}"
+              end
+            end
+            if new_common_ancestor == "#{first_key}/"
+              first_key
+            else
+              new_common_ancestor
+            end
+          end
         end
         def add_handlers(handlers, config)

data/lib/aws-sdk-s3/resource.rb CHANGED Viewed

@@ -193,18 +193,20 @@ module Aws::S3
     # @return [Bucket::Collection]
     def buckets(options = {})
       batches = Enumerator.new do |y|
-        batch = []
         resp = Aws::Plugins::UserAgent.metric('RESOURCE_MODEL') do
           @client.list_buckets(options)
         end
-        resp.data.buckets.each do |b|
-          batch << Bucket.new(
-            name: b.name,
-            data: b,
-            client: @client
-          )
+        resp.each_page do |page|
+          batch = []
+          page.data.buckets.each do |b|
+            batch << Bucket.new(
+              name: b.name,
+              data: b,
+              client: @client
+            )
+          end
+          y.yield(batch)
         end
-        y.yield(batch)
       end
       Bucket::Collection.new(batches)
     end