aws-sdk-s3 1.36.0 → 1.95.1

data/lib/aws-sdk-s3/plugins/arn.rb

@@ -0,0 +1,228 @@
+# frozen_string_literal: true
+
+require_relative '../arn/access_point_arn'
+require_relative '../arn/object_lambda_arn'
+require_relative '../arn/outpost_access_point_arn'
+
+module Aws
+  module S3
+    module Plugins
+      # When an accesspoint ARN is provided for :bucket in S3 operations, this
+      # plugin resolves the request endpoint from the ARN when possible.
+      # @api private
+      class ARN < Seahorse::Client::Plugin
+        option(
+          :s3_use_arn_region,
+          default: true,
+          doc_type: 'Boolean',
+          docstring: <<-DOCS) do |cfg|
+For S3 ARNs passed into the `:bucket` parameter, this option will
+use the region in the ARN, allowing for cross-region requests to
+be made. Set to `false` to use the client's region instead.
+          DOCS
+          resolve_s3_use_arn_region(cfg)
+        end
+
+        # param validator is validate:50
+        # endpoint is build:90 (populates the URI for the first time)
+        # endpoint pattern is build:10
+        def add_handlers(handlers, _config)
+          handlers.add(ARNHandler, step: :validate, priority: 75)
+          handlers.add(UrlHandler)
+        end
+
+        # After extracting out any ARN input, resolve a new URL with it.
+        class UrlHandler < Seahorse::Client::Handler
+          def call(context)
+            if context.metadata[:s3_arn]
+              ARN.resolve_url!(
+                context.http_request.endpoint,
+                context.metadata[:s3_arn][:arn],
+                context.metadata[:s3_arn][:resolved_region],
+                context.metadata[:s3_arn][:fips],
+                context.metadata[:s3_arn][:dualstack],
+                # if regional_endpoint is false, a custom endpoint was provided
+                # in this case, we want to prefix the endpoint using the ARN
+                !context.config.regional_endpoint
+              )
+            end
+            @handler.call(context)
+          end
+        end
+
+        # This plugin will extract out any ARN input and set context for other
+        # plugins to use without having to translate the ARN again.
+        class ARNHandler < Seahorse::Client::Handler
+          def call(context)
+            bucket_member = _bucket_member(context.operation.input.shape)
+            if bucket_member && (bucket = context.params[bucket_member])
+              resolved_region, arn = ARN.resolve_arn!(
+                bucket,
+                context.config.region,
+                context.config.s3_use_arn_region
+              )
+              if arn
+                validate_config!(context, arn)
+
+                fips = false
+                if resolved_region.include?('fips')
+                  fips = true
+                  resolved_region = resolved_region.gsub('fips-', '')
+                                                   .gsub('-fips', '')
+                end
+
+                context.metadata[:s3_arn] = {
+                  arn: arn,
+                  resolved_region: resolved_region,
+                  fips: fips,
+                  dualstack: extract_dualstack_config!(context)
+                }
+              end
+            end
+            @handler.call(context)
+          end
+
+          private
+
+          def _bucket_member(input)
+            input.members.each do |member, ref|
+              return member if ref.shape.name == 'BucketName'
+            end
+            nil
+          end
+
+          # other plugins use dualstack so disable it when we're done
+          def extract_dualstack_config!(context)
+            dualstack = context[:use_dualstack_endpoint]
+            context[:use_dualstack_endpoint] = false if dualstack
+            dualstack
+          end
+
+          def validate_config!(context, arn)
+            if context.config.force_path_style
+              raise ArgumentError,
+                    'Cannot provide an Access Point ARN when '\
+                    '`:force_path_style` is set to true.'
+            end
+
+            if context.config.use_accelerate_endpoint
+              raise ArgumentError,
+                    'Cannot provide an Access Point ARN when '\
+                    '`:use_accelerate_endpoint` is set to true.'
+            end
+
+            if !arn.support_dualstack? && context[:use_dualstack_endpoint]
+              raise ArgumentError,
+                    'Cannot provide an Outpost Access Point ARN when '\
+                    '`:use_dualstack_endpoint` is set to true.'
+            end
+          end
+        end
+
+        class << self
+          # @api private
+          def resolve_arn!(member_value, region, use_arn_region)
+            if Aws::ARNParser.arn?(member_value)
+              arn = Aws::ARNParser.parse(member_value)
+              s3_arn = resolve_arn_type!(arn)
+              s3_arn.validate_arn!
+              validate_region_config!(s3_arn, region, use_arn_region)
+              region = s3_arn.region if use_arn_region && !region.include?('fips')
+              [region, s3_arn]
+            else
+              [region]
+            end
+          end
+
+          # @api private
+          def resolve_url!(url, arn, region, fips = false, dualstack = false, has_custom_endpoint = false)
+            custom_endpoint = url.host if has_custom_endpoint
+            url.host = arn.host_url(region, fips, dualstack, custom_endpoint)
+            url.path = url_path(url.path, arn)
+            url
+          end
+
+          private
+
+          def resolve_arn_type!(arn)
+            case arn.service
+            when 's3'
+              Aws::S3::AccessPointARN.new(arn.to_h)
+            when 's3-outposts'
+              Aws::S3::OutpostAccessPointARN.new(arn.to_h)
+            when 's3-object-lambda'
+              Aws::S3::ObjectLambdaARN.new(arn.to_h)
+            else
+              raise ArgumentError,
+                    'Only Access Point, Outposts, and Object Lambdas ARNs '\
+                    'are currently supported.'
+            end
+          end
+
+          def resolve_s3_use_arn_region(cfg)
+            value = ENV['AWS_S3_USE_ARN_REGION'] ||
+                    Aws.shared_config.s3_use_arn_region(profile: cfg.profile) ||
+                    'true'
+            value = Aws::Util.str_2_bool(value)
+            # Raise if provided value is not true or false
+            if value.nil?
+              raise ArgumentError,
+                    'Must provide either `true` or `false` for the '\
+                    '`s3_use_arn_region` profile option or for '\
+                    "ENV['AWS_S3_USE_ARN_REGION']."
+            end
+            value
+          end
+
+          # Remove ARN from the path because we've already set the new host
+          def url_path(path, arn)
+            path = path.sub("/#{Seahorse::Util.uri_escape(arn.to_s)}", '')
+                       .sub("/#{arn}", '')
+            "/#{path}" unless path =~ /^\//
+            path
+          end
+
+          def validate_region_config!(arn, region, use_arn_region)
+            if ['s3-external-1', 'aws-global'].include?(region)
+              # These "regions" are not regional endpoints
+              unless use_arn_region
+                raise Aws::Errors::InvalidARNRegionError,
+                      'Configured client region is not a regional endpoint.'
+              end
+              # These "regions" are in the AWS partition
+              # Cannot use ARN region unless it's the same partition
+              unless arn.partition == 'aws'
+                raise Aws::Errors::InvalidARNPartitionError
+              end
+            else
+              if region.include?('fips')
+                # If ARN type doesn't support FIPS but the client region is FIPS
+                unless arn.support_fips?
+                  raise ArgumentError,
+                        'FIPS client regions are not supported for this type '\
+                        'of ARN.'
+                end
+
+                fips = true
+                # Normalize the region so we can compare partition and regions
+                region = region.gsub('fips-', '').gsub('-fips', '')
+              end
+
+              # Raise if the ARN and client regions are in different partitions
+              if use_arn_region &&
+                 !Aws::Partitions.partition(arn.partition).region?(region)
+                raise Aws::Errors::InvalidARNPartitionError
+              end
+
+              # Raise if regions mismatch
+              # Either when it's a fips client or not using the ARN region
+              if (!use_arn_region || fips) && region != arn.region
+                raise Aws::Errors::InvalidARNRegionError
+              end
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/aws-sdk-s3/plugins/bucket_dns.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module Aws
   module S3
     module Plugins
@@ -38,11 +40,9 @@ request URI and never moved to the host as a sub-domain.
           def move_dns_compat_bucket_to_subdomain(context)
             bucket_name = context.params[:bucket]
             endpoint = context.http_request.endpoint
-            if
-              bucket_name &&
-              BucketDns.dns_compatible?(bucket_name, https?(endpoint)) &&
-              context.operation_name.to_s != 'get_bucket_location'
-            then
+            if bucket_name &&
+               BucketDns.dns_compatible?(bucket_name, https?(endpoint)) &&
+               context.operation_name.to_s != 'get_bucket_location'
               move_bucket_to_subdomain(bucket_name, endpoint)
             end
           end
@@ -73,8 +73,8 @@ request URI and never moved to the host as a sub-domain.
             end
           end
 
-          private
-
+          # @param [String] bucket_name
+          # @return [Boolean]
           def valid_subdomain?(bucket_name)
             bucket_name.size < 64 &&
             bucket_name =~ /^[a-z0-9][a-z0-9.-]+[a-z0-9]$/ &&

data/lib/aws-sdk-s3/plugins/bucket_name_restrictions.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module Aws
   module S3
     module Plugins
@@ -5,14 +7,34 @@ module Aws
       class BucketNameRestrictions < Seahorse::Client::Plugin
         class Handler < Seahorse::Client::Handler
 
+          # Useful because Aws::S3::Errors::SignatureDoesNotMatch is thrown
+          # when passed a bucket with a forward slash. Instead provide a more
+          # helpful error. Ideally should not be a plugin?
           def call(context)
-            if context.params.key?(:bucket) && context.params[:bucket].include?('/')
-              msg = ":bucket option must not contain a forward-slash (/)"
-              raise ArgumentError, msg
+            bucket_member = _bucket_member(context.operation.input.shape)
+            if bucket_member && (bucket = context.params[bucket_member])
+              _resolved_region, arn = ARN.resolve_arn!(
+                bucket,
+                context.config.region,
+                context.config.s3_use_arn_region
+              )
+              if !arn && bucket.include?('/')
+                raise ArgumentError,
+                      'bucket name must not contain a forward-slash (/)'
+              end
             end
             @handler.call(context)
           end
 
+          private
+
+          def _bucket_member(input)
+            input.members.each do |member, ref|
+              return member if ref.shape.name == 'BucketName'
+            end
+            nil
+          end
+
         end
 
         handler(Handler)

data/lib/aws-sdk-s3/plugins/dualstack.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module Aws
   module S3
     module Plugins
@@ -14,14 +16,22 @@ for all operations.
 
         def add_handlers(handlers, config)
           handlers.add(OptionHandler, step: :initialize)
-          handlers.add(DualstackHandler, step: :build, priority: 0)
+          handlers.add(DualstackHandler, step: :build, priority: 11)
         end
 
         # @api private
         class OptionHandler < Seahorse::Client::Handler
           def call(context)
-            dualstack = context.params.delete(:use_dualstack_endpoint)
+            # Support client configuration and per-operation configuration
+            if context.params.is_a?(Hash)
+              dualstack = context.params.delete(:use_dualstack_endpoint)
+            end
             dualstack = context.config.use_dualstack_endpoint if dualstack.nil?
+            # Raise if :endpoint and dualstack are both provided
+            if dualstack && !context.config.regional_endpoint
+              raise ArgumentError,
+                    'Cannot use both :use_dualstack_endpoint and :endpoint'
+            end
             context[:use_dualstack_endpoint] = dualstack
             @handler.call(context)
           end
@@ -30,7 +40,9 @@ for all operations.
         # @api private
         class DualstackHandler < Seahorse::Client::Handler
           def call(context)
-            apply_dualstack_endpoint(context) if use_dualstack_endpoint?(context)
+            if context.config.regional_endpoint && use_dualstack_endpoint?(context)
+              apply_dualstack_endpoint(context)
+            end
             @handler.call(context)
           end
 
@@ -38,7 +50,6 @@ for all operations.
           def apply_dualstack_endpoint(context)
             bucket_name = context.params[:bucket]
             region = context.config.region
-            context.config.force_path_style
             dns_suffix = Aws::Partitions::EndpointProvider.dns_suffix_for(region)
 
             if use_bucket_dns?(bucket_name, context)

data/lib/aws-sdk-s3/plugins/expect_100_continue.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module Aws
   module S3
     module Plugins
@@ -13,10 +15,8 @@ module Aws
         class Handler < Seahorse::Client::Handler
 
           def call(context)
-            if
-              context.http_request.body &&
-              context.http_request.body.size > 0
-            then
+            body = context.http_request.body
+            if body.respond_to?(:size) && body.size > 0
               context.http_request.headers['expect'] = '100-continue'
             end
             @handler.call(context)

data/lib/aws-sdk-s3/plugins/get_bucket_location_fix.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module Aws
   module S3
     module Plugins

data/lib/aws-sdk-s3/plugins/http_200_errors.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module Aws
   module S3
     module Plugins
@@ -27,12 +29,19 @@ module Aws
               error_code = xml.match(/<Code>(.+?)<\/Code>/)[1]
               error_message = xml.match(/<Message>(.+?)<\/Message>/)[1]
               S3::Errors.error_class(error_code).new(context, error_message)
+            elsif !xml.match(/<\w/) # Must have the start of an XML Tag
+              # Other incomplete xml bodies will result in XML ParsingError
+              Seahorse::Client::NetworkingError.new(
+                S3::Errors
+                  .error_class('InternalError')
+                  .new(context, 'Empty or incomplete response body')
+              )
             end
           end
-
         end
 
-        handler(Handler,
+        handler(
+          Handler,
           step: :sign,
           operations: [
             :complete_multipart_upload,
@@ -40,7 +49,6 @@ module Aws
             :upload_part_copy,
           ]
         )
-
       end
     end
   end

data/lib/aws-sdk-s3/plugins/iad_regional_endpoint.rb

@@ -0,0 +1,67 @@
+# frozen_string_literal: true
+
+module Aws
+  module S3
+    module Plugins
+
+      class IADRegionalEndpoint < Seahorse::Client::Plugin
+
+        option(:s3_us_east_1_regional_endpoint,
+          default: 'legacy',
+          doc_type: String,
+          docstring: <<-DOCS) do |cfg|
+Pass in `regional` to enable the `us-east-1` regional endpoint.
+Defaults to `legacy` mode which uses the global endpoint.
+          DOCS
+          resolve_iad_regional_endpoint(cfg)
+        end
+
+        def add_handlers(handlers, config)
+          # only modify non-custom endpoints
+          if config.regional_endpoint && config.region == 'us-east-1'
+            handlers.add(Handler)
+          end
+        end
+
+        # @api private
+        class Handler < Seahorse::Client::Handler
+
+          def call(context)
+            # WriteGetObjectResponse does not have a global endpoint
+            # ARNs are regionalized, so don't touch those either.
+            if context.operation.name != 'WriteGetObjectResponse' &&
+               context.config.s3_us_east_1_regional_endpoint == 'legacy' &&
+               !context.metadata[:s3_arn]
+              host = context.http_request.endpoint.host
+              legacy_host = IADRegionalEndpoint.legacy_host(host)
+              context.http_request.endpoint.host = legacy_host
+            end
+            @handler.call(context)
+          end
+
+        end
+
+        def self.legacy_host(host)
+          host.sub(".us-east-1", '')
+        end
+
+        private
+
+        def self.resolve_iad_regional_endpoint(cfg)
+          mode = ENV['AWS_S3_US_EAST_1_REGIONAL_ENDPOINT'] ||
+            Aws.shared_config.s3_us_east_1_regional_endpoint(profile: cfg.profile) ||
+            'legacy'
+          mode = mode.downcase
+          unless %w(legacy regional).include?(mode)
+            raise ArgumentError, "expected :s3_us_east_1_regional_endpoint or"\
+              " ENV['AWS_S3_US_EAST_1_REGIONAL_ENDPOINT'] to be `legacy` or"\
+              " `regional`."
+          end
+          mode
+        end
+
+      end
+
+    end
+  end
+end

data/lib/aws-sdk-s3/plugins/location_constraint.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module Aws
   module S3
     module Plugins

data/lib/aws-sdk-s3/plugins/md5s.rb

@@ -1,21 +1,19 @@
+# frozen_string_literal: true
+
 require 'openssl'
-require 'base64'
 
 module Aws
   module S3
     module Plugins
+      # @api private
+      # This plugin is effectively deprecated in favor of modeled
+      # httpChecksumRequired traits.
       class Md5s < Seahorse::Client::Plugin
-
-        # Amazon S3 requires these operations to have an MD5 checksum
-        REQUIRED_OPERATIONS = [
-          :delete_objects,
-          :put_bucket_cors,
-          :put_bucket_lifecycle,
-          :put_bucket_policy,
-          :put_bucket_tagging,
-          :put_object_legal_hold,
-          :put_object_lock_configuration,
-          :put_object_retention
+        # These operations allow Content MD5 but are not required by
+        # httpChecksumRequired. This list should not grow.
+        OPTIONAL_OPERATIONS = [
+          :put_object,
+          :upload_part
         ]
 
         # @api private
@@ -25,7 +23,7 @@ module Aws
 
           def call(context)
             body = context.http_request.body
-            if body.size > 0
+            if body.respond_to?(:size) && body.size > 0
               context.http_request.headers['Content-Md5'] ||= md5(body)
             end
             @handler.call(context)
@@ -37,18 +35,20 @@ module Aws
           # @return [String<MD5>]
           def md5(value)
             if (File === value || Tempfile === value) && !value.path.nil? && File.exist?(value.path)
-              Base64.encode64(OpenSSL::Digest::MD5.file(value).digest).strip
+              OpenSSL::Digest::MD5.file(value).base64digest
             elsif value.respond_to?(:read)
               md5 = OpenSSL::Digest::MD5.new
               update_in_chunks(md5, value)
-              Base64.encode64(md5.digest).strip
+              md5.base64digest
             else
-              Base64.encode64(OpenSSL::Digest::MD5.digest(value)).strip
+              OpenSSL::Digest::MD5.digest(value).base64digest
             end
           end
 
           def update_in_chunks(digest, io)
-            while chunk = io.read(CHUNK_SIZE, buffer ||= "")
+            loop do
+              chunk = io.read(CHUNK_SIZE)
+              break unless chunk
               digest.update(chunk)
             end
             io.rewind
@@ -60,20 +60,22 @@ module Aws
           default: true,
           doc_type: 'Boolean',
           docstring: <<-DOCS)
-When `true` a MD5 checksum will be computed for every request that
-sends a body.  When `false`, MD5 checksums will only be computed
-for operations that require them.  Checksum errors returned by Amazon
-S3 are automatically retried up to `:retry_limit` times.
+When `true` a MD5 checksum will be computed and sent in the Content Md5
+header for :put_object and :upload_part. When `false`, MD5 checksums
+will not be computed for these operations. Checksums are still computed
+for operations requiring them. Checksum errors returned by Amazon S3 are
+automatically retried up to `:retry_limit` times.
           DOCS
 
         def add_handlers(handlers, config)
-          # priority set low to ensure md5 is computed AFTER the request is
-          # built but before it is signed
-          handlers.add(Handler, {
-            priority: 10,
-            step: :build,
-            operations: config.compute_checksums ? nil : REQUIRED_OPERATIONS,
-          })
+          if config.compute_checksums
+            # priority set low to ensure md5 is computed AFTER the request is
+            # built but before it is signed
+            handlers.add(
+              Handler,
+              priority: 10, step: :build, operations: OPTIONAL_OPERATIONS
+            )
+          end
         end
 
       end

data/lib/aws-sdk-s3/plugins/object_lambda_endpoint.rb

@@ -0,0 +1,25 @@
+# frozen_string_literal: true
+
+module Aws
+  module S3
+    module Plugins
+      # WriteGetObjectResponse is called from Lambda after a data transform.
+      # If there is no custom endpoint, we change the endpoint from s3 to
+      # s3-object-lambda just for this operation.
+      class ObjectLambdaEndpoint < Seahorse::Client::Plugin
+        class Handler < Seahorse::Client::Handler
+          def call(context)
+            if context.config.regional_endpoint
+              host = context.http_request.endpoint.host
+              host = host.sub('s3.', 's3-object-lambda.')
+              context.http_request.endpoint.host = host
+            end
+            @handler.call(context)
+          end
+        end
+
+        handler(Handler, operations: [:write_get_object_response])
+      end
+    end
+  end
+end

data/lib/aws-sdk-s3/plugins/redirects.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module Aws
   module S3
     module Plugins

data/lib/aws-sdk-s3/plugins/s3_host_id.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module Aws
   module S3
     module Plugins