aws-sdk-s3 1.36.0 → 1.95.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +5 -5
- data/CHANGELOG.md +768 -0
- data/LICENSE.txt +202 -0
- data/VERSION +1 -0
- data/lib/aws-sdk-s3/arn/access_point_arn.rb +69 -0
- data/lib/aws-sdk-s3/arn/object_lambda_arn.rb +69 -0
- data/lib/aws-sdk-s3/arn/outpost_access_point_arn.rb +73 -0
- data/lib/aws-sdk-s3/bucket.rb +277 -76
- data/lib/aws-sdk-s3/bucket_acl.rb +40 -15
- data/lib/aws-sdk-s3/bucket_cors.rb +50 -14
- data/lib/aws-sdk-s3/bucket_lifecycle.rb +33 -14
- data/lib/aws-sdk-s3/bucket_lifecycle_configuration.rb +32 -14
- data/lib/aws-sdk-s3/bucket_logging.rb +35 -15
- data/lib/aws-sdk-s3/bucket_notification.rb +32 -18
- data/lib/aws-sdk-s3/bucket_policy.rb +34 -13
- data/lib/aws-sdk-s3/bucket_region_cache.rb +2 -0
- data/lib/aws-sdk-s3/bucket_request_payment.rb +34 -12
- data/lib/aws-sdk-s3/bucket_tagging.rb +42 -14
- data/lib/aws-sdk-s3/bucket_versioning.rb +67 -12
- data/lib/aws-sdk-s3/bucket_website.rb +49 -17
- data/lib/aws-sdk-s3/client.rb +7494 -618
- data/lib/aws-sdk-s3/client_api.rb +417 -2
- data/lib/aws-sdk-s3/customizations/bucket.rb +59 -16
- data/lib/aws-sdk-s3/customizations/multipart_upload.rb +2 -0
- data/lib/aws-sdk-s3/customizations/object.rb +125 -60
- data/lib/aws-sdk-s3/customizations/object_summary.rb +5 -0
- data/lib/aws-sdk-s3/customizations/types/list_object_versions_output.rb +2 -0
- data/lib/aws-sdk-s3/customizations.rb +4 -1
- data/lib/aws-sdk-s3/encryption/client.rb +22 -5
- data/lib/aws-sdk-s3/encryption/decrypt_handler.rb +72 -26
- data/lib/aws-sdk-s3/encryption/default_cipher_provider.rb +43 -5
- data/lib/aws-sdk-s3/encryption/default_key_provider.rb +2 -0
- data/lib/aws-sdk-s3/encryption/encrypt_handler.rb +13 -2
- data/lib/aws-sdk-s3/encryption/errors.rb +2 -0
- data/lib/aws-sdk-s3/encryption/io_auth_decrypter.rb +2 -0
- data/lib/aws-sdk-s3/encryption/io_decrypter.rb +11 -3
- data/lib/aws-sdk-s3/encryption/io_encrypter.rb +2 -0
- data/lib/aws-sdk-s3/encryption/key_provider.rb +2 -0
- data/lib/aws-sdk-s3/encryption/kms_cipher_provider.rb +34 -3
- data/lib/aws-sdk-s3/encryption/materials.rb +8 -6
- data/lib/aws-sdk-s3/encryption/utils.rb +25 -0
- data/lib/aws-sdk-s3/encryption.rb +4 -0
- data/lib/aws-sdk-s3/encryptionV2/client.rb +566 -0
- data/lib/aws-sdk-s3/encryptionV2/decrypt_handler.rb +226 -0
- data/lib/aws-sdk-s3/encryptionV2/default_cipher_provider.rb +170 -0
- data/lib/aws-sdk-s3/encryptionV2/default_key_provider.rb +40 -0
- data/lib/aws-sdk-s3/encryptionV2/encrypt_handler.rb +69 -0
- data/lib/aws-sdk-s3/encryptionV2/errors.rb +37 -0
- data/lib/aws-sdk-s3/encryptionV2/io_auth_decrypter.rb +58 -0
- data/lib/aws-sdk-s3/encryptionV2/io_decrypter.rb +37 -0
- data/lib/aws-sdk-s3/encryptionV2/io_encrypter.rb +73 -0
- data/lib/aws-sdk-s3/encryptionV2/key_provider.rb +31 -0
- data/lib/aws-sdk-s3/encryptionV2/kms_cipher_provider.rb +169 -0
- data/lib/aws-sdk-s3/encryptionV2/materials.rb +60 -0
- data/lib/aws-sdk-s3/encryptionV2/utils.rb +103 -0
- data/lib/aws-sdk-s3/encryption_v2.rb +23 -0
- data/lib/aws-sdk-s3/errors.rb +123 -1
- data/lib/aws-sdk-s3/event_streams.rb +15 -8
- data/lib/aws-sdk-s3/file_downloader.rb +10 -8
- data/lib/aws-sdk-s3/file_part.rb +11 -6
- data/lib/aws-sdk-s3/file_uploader.rb +28 -14
- data/lib/aws-sdk-s3/legacy_signer.rb +17 -25
- data/lib/aws-sdk-s3/multipart_file_uploader.rb +53 -13
- data/lib/aws-sdk-s3/multipart_stream_uploader.rb +20 -7
- data/lib/aws-sdk-s3/multipart_upload.rb +64 -29
- data/lib/aws-sdk-s3/multipart_upload_error.rb +2 -0
- data/lib/aws-sdk-s3/multipart_upload_part.rb +115 -42
- data/lib/aws-sdk-s3/object.rb +656 -151
- data/lib/aws-sdk-s3/object_acl.rb +64 -21
- data/lib/aws-sdk-s3/object_copier.rb +2 -0
- data/lib/aws-sdk-s3/object_multipart_copier.rb +2 -0
- data/lib/aws-sdk-s3/object_summary.rb +474 -138
- data/lib/aws-sdk-s3/object_version.rb +122 -58
- data/lib/aws-sdk-s3/plugins/accelerate.rb +32 -38
- data/lib/aws-sdk-s3/plugins/arn.rb +228 -0
- data/lib/aws-sdk-s3/plugins/bucket_dns.rb +7 -7
- data/lib/aws-sdk-s3/plugins/bucket_name_restrictions.rb +25 -3
- data/lib/aws-sdk-s3/plugins/dualstack.rb +15 -4
- data/lib/aws-sdk-s3/plugins/expect_100_continue.rb +4 -4
- data/lib/aws-sdk-s3/plugins/get_bucket_location_fix.rb +2 -0
- data/lib/aws-sdk-s3/plugins/http_200_errors.rb +11 -3
- data/lib/aws-sdk-s3/plugins/iad_regional_endpoint.rb +67 -0
- data/lib/aws-sdk-s3/plugins/location_constraint.rb +2 -0
- data/lib/aws-sdk-s3/plugins/md5s.rb +30 -28
- data/lib/aws-sdk-s3/plugins/object_lambda_endpoint.rb +25 -0
- data/lib/aws-sdk-s3/plugins/redirects.rb +2 -0
- data/lib/aws-sdk-s3/plugins/s3_host_id.rb +2 -0
- data/lib/aws-sdk-s3/plugins/s3_signer.rb +64 -35
- data/lib/aws-sdk-s3/plugins/sse_cpk.rb +3 -1
- data/lib/aws-sdk-s3/plugins/streaming_retry.rb +118 -0
- data/lib/aws-sdk-s3/plugins/url_encoded_keys.rb +2 -0
- data/lib/aws-sdk-s3/presigned_post.rb +72 -32
- data/lib/aws-sdk-s3/presigner.rb +162 -66
- data/lib/aws-sdk-s3/resource.rb +23 -5
- data/lib/aws-sdk-s3/types.rb +6441 -952
- data/lib/aws-sdk-s3/waiters.rb +67 -1
- data/lib/aws-sdk-s3.rb +12 -6
- metadata +35 -12
@@ -1,3 +1,5 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
require 'aws-sigv4'
|
2
4
|
|
3
5
|
module Aws
|
@@ -6,17 +8,20 @@ module Aws
|
|
6
8
|
# This plugin is an implementation detail and may be modified.
|
7
9
|
# @api private
|
8
10
|
class S3Signer < Seahorse::Client::Plugin
|
9
|
-
|
10
11
|
option(:signature_version, 'v4')
|
11
12
|
|
12
13
|
option(:sigv4_signer) do |cfg|
|
13
14
|
S3Signer.build_v4_signer(
|
15
|
+
service: 's3',
|
14
16
|
region: cfg.sigv4_region,
|
15
17
|
credentials: cfg.credentials
|
16
18
|
)
|
17
19
|
end
|
18
20
|
|
19
21
|
option(:sigv4_region) do |cfg|
|
22
|
+
# S3 removes core's signature_v4 plugin that checks for this
|
23
|
+
raise Aws::Errors::MissingRegionError if cfg.region.nil?
|
24
|
+
|
20
25
|
Aws::Partitions::EndpointProvider.signing_region(cfg.region, 's3')
|
21
26
|
end
|
22
27
|
|
@@ -48,7 +53,6 @@ module Aws
|
|
48
53
|
end
|
49
54
|
|
50
55
|
class V4Handler < Seahorse::Client::Handler
|
51
|
-
|
52
56
|
def call(context)
|
53
57
|
Aws::Plugins::SignatureV4.apply_signature(
|
54
58
|
context: context,
|
@@ -62,25 +66,34 @@ module Aws
|
|
62
66
|
def sigv4_signer(context)
|
63
67
|
# If the client was configured with the wrong region,
|
64
68
|
# we have to build a new signer.
|
65
|
-
if
|
66
|
-
|
67
|
-
context[:cached_sigv4_region] != context.config.sigv4_signer.region
|
68
|
-
then
|
69
|
+
if context[:cached_sigv4_region] &&
|
70
|
+
context[:cached_sigv4_region] != context.config.sigv4_signer.region
|
69
71
|
S3Signer.build_v4_signer(
|
72
|
+
service: 's3',
|
70
73
|
region: context[:cached_sigv4_region],
|
71
74
|
credentials: context.config.credentials
|
72
75
|
)
|
76
|
+
elsif (arn = context.metadata[:s3_arn])
|
77
|
+
S3Signer.build_v4_signer(
|
78
|
+
service: arn[:arn].service,
|
79
|
+
region: arn[:resolved_region],
|
80
|
+
credentials: context.config.credentials
|
81
|
+
)
|
82
|
+
elsif context.operation.name == 'WriteGetObjectResponse'
|
83
|
+
S3Signer.build_v4_signer(
|
84
|
+
service: 's3-object-lambda',
|
85
|
+
region: context.config.sigv4_region,
|
86
|
+
credentials: context.config.credentials
|
87
|
+
)
|
73
88
|
else
|
74
89
|
context.config.sigv4_signer
|
75
90
|
end
|
76
91
|
end
|
77
|
-
|
78
92
|
end
|
79
93
|
|
80
94
|
# This handler will update the http endpoint when the bucket region
|
81
95
|
# is known/cached.
|
82
96
|
class CachedBucketRegionHandler < Seahorse::Client::Handler
|
83
|
-
|
84
97
|
def call(context)
|
85
98
|
bucket = context.params[:bucket]
|
86
99
|
check_for_cached_region(context, bucket) if bucket
|
@@ -92,11 +105,12 @@ module Aws
|
|
92
105
|
def check_for_cached_region(context, bucket)
|
93
106
|
cached_region = S3::BUCKET_REGIONS[bucket]
|
94
107
|
if cached_region && cached_region != context.config.region
|
95
|
-
context.http_request.endpoint.host = S3Signer.new_hostname(
|
108
|
+
context.http_request.endpoint.host = S3Signer.new_hostname(
|
109
|
+
context, cached_region
|
110
|
+
)
|
96
111
|
context[:cached_sigv4_region] = cached_region
|
97
112
|
end
|
98
113
|
end
|
99
|
-
|
100
114
|
end
|
101
115
|
|
102
116
|
# This handler detects when a request fails because of a mismatched bucket
|
@@ -104,7 +118,6 @@ module Aws
|
|
104
118
|
# region, then finally a version 4 signed request against the correct
|
105
119
|
# regional endpoint.
|
106
120
|
class BucketRegionErrorHandler < Seahorse::Client::Handler
|
107
|
-
|
108
121
|
def call(context)
|
109
122
|
response = @handler.call(context)
|
110
123
|
handle_region_errors(response)
|
@@ -113,7 +126,9 @@ module Aws
|
|
113
126
|
private
|
114
127
|
|
115
128
|
def handle_region_errors(response)
|
116
|
-
if wrong_sigv4_region?(response) &&
|
129
|
+
if wrong_sigv4_region?(response) &&
|
130
|
+
!fips_region?(response) &&
|
131
|
+
!custom_endpoint?(response)
|
117
132
|
get_region_and_retry(response.context)
|
118
133
|
else
|
119
134
|
response
|
@@ -137,21 +152,33 @@ module Aws
|
|
137
152
|
resp.context.http_request.endpoint.host.include?('fips')
|
138
153
|
end
|
139
154
|
|
155
|
+
def custom_endpoint?(resp)
|
156
|
+
resolved_suffix = Aws::Partitions::EndpointProvider.dns_suffix_for(
|
157
|
+
resp.context.config.region
|
158
|
+
)
|
159
|
+
!resp.context.http_request.endpoint.hostname.include?(resolved_suffix)
|
160
|
+
end
|
161
|
+
|
140
162
|
def wrong_sigv4_region?(resp)
|
141
163
|
resp.context.http_response.status_code == 400 &&
|
142
|
-
|
143
|
-
|
144
|
-
resp.context.http_response.body_contents.match(/<Region>.+?<\/Region>/)
|
145
|
-
)
|
164
|
+
(resp.context.http_response.headers['x-amz-bucket-region'] ||
|
165
|
+
resp.context.http_response.body_contents.match(/<Region>.+?<\/Region>/))
|
146
166
|
end
|
147
167
|
|
148
168
|
def resign_with_new_region(context, actual_region)
|
149
169
|
context.http_response.body.truncate(0)
|
150
|
-
context.http_request.endpoint.host = S3Signer.new_hostname(
|
170
|
+
context.http_request.endpoint.host = S3Signer.new_hostname(
|
171
|
+
context, actual_region
|
172
|
+
)
|
151
173
|
context.metadata[:redirect_region] = actual_region
|
174
|
+
# if it's an ARN, use the service in the ARN
|
175
|
+
if (arn = context.metadata[:s3_arn])
|
176
|
+
service = arn[:arn].service
|
177
|
+
end
|
152
178
|
Aws::Plugins::SignatureV4.apply_signature(
|
153
179
|
context: context,
|
154
180
|
signer: S3Signer.build_v4_signer(
|
181
|
+
service: service || 's3',
|
155
182
|
region: actual_region,
|
156
183
|
credentials: context.config.credentials
|
157
184
|
)
|
@@ -160,7 +187,7 @@ module Aws
|
|
160
187
|
|
161
188
|
def region_from_body(body)
|
162
189
|
region = body.match(/<Region>(.+?)<\/Region>/)[1]
|
163
|
-
if region.nil? || region ==
|
190
|
+
if region.nil? || region == ''
|
164
191
|
raise "couldn't get region from body: #{body}"
|
165
192
|
else
|
166
193
|
region
|
@@ -168,44 +195,46 @@ module Aws
|
|
168
195
|
end
|
169
196
|
|
170
197
|
def log_warning(context, actual_region)
|
171
|
-
msg = "S3 client configured for #{context.config.region.inspect} "
|
172
|
-
|
173
|
-
|
174
|
-
|
175
|
-
if logger = context.config.logger
|
198
|
+
msg = "S3 client configured for #{context.config.region.inspect} " \
|
199
|
+
"but the bucket #{context.params[:bucket].inspect} is in " \
|
200
|
+
"#{actual_region.inspect}; Please configure the proper region " \
|
201
|
+
"to avoid multiple unnecessary redirects and signing attempts\n"
|
202
|
+
if (logger = context.config.logger)
|
176
203
|
logger.warn(msg)
|
177
204
|
else
|
178
205
|
warn(msg)
|
179
206
|
end
|
180
207
|
end
|
181
|
-
|
182
208
|
end
|
183
209
|
|
184
210
|
class << self
|
185
|
-
|
186
211
|
# @option options [required, String] :region
|
187
212
|
# @option options [required, #credentials] :credentials
|
188
213
|
# @api private
|
189
214
|
def build_v4_signer(options = {})
|
190
|
-
Aws::Sigv4::Signer.new(
|
191
|
-
service:
|
215
|
+
Aws::Sigv4::Signer.new(
|
216
|
+
service: options[:service],
|
192
217
|
region: options[:region],
|
193
218
|
credentials_provider: options[:credentials],
|
194
219
|
uri_escape_path: false,
|
195
|
-
unsigned_headers: ['content-length', 'x-amzn-trace-id']
|
196
|
-
|
220
|
+
unsigned_headers: ['content-length', 'x-amzn-trace-id']
|
221
|
+
)
|
197
222
|
end
|
198
223
|
|
224
|
+
# Check to see if the bucket is actually an ARN
|
225
|
+
# Otherwise it will retry with the ARN as the bucket name.
|
199
226
|
def new_hostname(context, region)
|
200
|
-
|
201
|
-
|
202
|
-
|
227
|
+
uri = URI.parse(
|
228
|
+
Aws::Partitions::EndpointProvider.resolve(region, 's3')
|
229
|
+
)
|
230
|
+
|
231
|
+
if (arn = context.metadata[:s3_arn])
|
232
|
+
# Retry with the response region and not the ARN resolved one
|
233
|
+
ARN.resolve_url!(uri, arn[:arn], region).host
|
203
234
|
else
|
204
|
-
|
205
|
-
bucket + '.' + URI.parse(endpoint).host
|
235
|
+
"#{context.params[:bucket]}.#{uri.host}"
|
206
236
|
end
|
207
237
|
end
|
208
|
-
|
209
238
|
end
|
210
239
|
end
|
211
240
|
end
|
@@ -1,3 +1,5 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
require 'uri'
|
2
4
|
require 'openssl'
|
3
5
|
|
@@ -18,7 +20,7 @@ This should only be disabled for local testing.
|
|
18
20
|
class Handler < Seahorse::Client::Handler
|
19
21
|
|
20
22
|
def call(context)
|
21
|
-
compute_key_md5(context)
|
23
|
+
compute_key_md5(context) if context.params.is_a?(Hash)
|
22
24
|
@handler.call(context)
|
23
25
|
end
|
24
26
|
|
@@ -0,0 +1,118 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require 'forwardable'
|
4
|
+
|
5
|
+
module Aws
|
6
|
+
module S3
|
7
|
+
module Plugins
|
8
|
+
|
9
|
+
# A wrapper around BlockIO that adds no-ops for truncate and rewind
|
10
|
+
# @api private
|
11
|
+
class RetryableBlockIO
|
12
|
+
extend Forwardable
|
13
|
+
def_delegators :@block_io, :write, :read, :size
|
14
|
+
|
15
|
+
def initialize(block_io)
|
16
|
+
@block_io = block_io
|
17
|
+
end
|
18
|
+
|
19
|
+
def truncate(_integer); end
|
20
|
+
|
21
|
+
def rewind; end
|
22
|
+
end
|
23
|
+
|
24
|
+
# A wrapper around ManagedFile that adds no-ops for truncate and rewind
|
25
|
+
# @api private
|
26
|
+
class RetryableManagedFile
|
27
|
+
extend Forwardable
|
28
|
+
def_delegators :@file, :write, :read, :size, :open?, :close
|
29
|
+
|
30
|
+
def initialize(managed_file)
|
31
|
+
@file = managed_file
|
32
|
+
end
|
33
|
+
|
34
|
+
def truncate(_integer); end
|
35
|
+
|
36
|
+
def rewind; end
|
37
|
+
end
|
38
|
+
|
39
|
+
# This handler works with the ResponseTarget plugin to provide smart
|
40
|
+
# retries of S3 streaming operations that support the range parameter
|
41
|
+
# (currently only: get_object). When a 200 OK with a TruncatedBodyError
|
42
|
+
# is received this handler will add a range header that excludes the
|
43
|
+
# data that has already been processed (written to file or sent to
|
44
|
+
# the target Proc).
|
45
|
+
# It is important to not write data to the custom target in the case of
|
46
|
+
# a non-success response. We do not want to write an XML error
|
47
|
+
# message to someone's file or pass it to a user's Proc.
|
48
|
+
# @api private
|
49
|
+
class StreamingRetry < Seahorse::Client::Plugin
|
50
|
+
|
51
|
+
class Handler < Seahorse::Client::Handler
|
52
|
+
|
53
|
+
def call(context)
|
54
|
+
target = context.params[:response_target] || context[:response_target]
|
55
|
+
|
56
|
+
# retry is only supported when range is NOT set on the initial request
|
57
|
+
if supported_target?(target) && !context.params[:range]
|
58
|
+
add_event_listeners(context, target)
|
59
|
+
end
|
60
|
+
@handler.call(context)
|
61
|
+
end
|
62
|
+
|
63
|
+
private
|
64
|
+
|
65
|
+
def add_event_listeners(context, target)
|
66
|
+
context.http_response.on_headers(200..299) do
|
67
|
+
case context.http_response.body
|
68
|
+
when Seahorse::Client::BlockIO then
|
69
|
+
context.http_response.body = RetryableBlockIO.new(context.http_response.body)
|
70
|
+
when Seahorse::Client::ManagedFile then
|
71
|
+
context.http_response.body = RetryableManagedFile.new(context.http_response.body)
|
72
|
+
end
|
73
|
+
end
|
74
|
+
|
75
|
+
context.http_response.on_headers(400..599) do
|
76
|
+
context.http_response.body = StringIO.new # something to write the error to
|
77
|
+
end
|
78
|
+
|
79
|
+
context.http_response.on_success(200..299) do
|
80
|
+
body = context.http_response.body
|
81
|
+
if body.is_a?(RetryableManagedFile) && body.open?
|
82
|
+
body.close
|
83
|
+
end
|
84
|
+
end
|
85
|
+
|
86
|
+
context.http_response.on_error do |error|
|
87
|
+
if retryable_body?(context) && truncated_body?(error)
|
88
|
+
context.http_request.headers[:range] = "bytes=#{context.http_response.body.size}-"
|
89
|
+
end
|
90
|
+
end
|
91
|
+
end
|
92
|
+
|
93
|
+
def truncated_body?(error)
|
94
|
+
error.is_a?(Seahorse::Client::NetworkingError) &&
|
95
|
+
error.original_error.is_a?(
|
96
|
+
Seahorse::Client::NetHttp::Handler::TruncatedBodyError
|
97
|
+
)
|
98
|
+
end
|
99
|
+
|
100
|
+
def retryable_body?(context)
|
101
|
+
context.http_response.body.is_a?(RetryableBlockIO) ||
|
102
|
+
context.http_response.body.is_a?(RetryableManagedFile)
|
103
|
+
end
|
104
|
+
|
105
|
+
def supported_target?(target)
|
106
|
+
case target
|
107
|
+
when Proc, String, Pathname then true
|
108
|
+
else false
|
109
|
+
end
|
110
|
+
end
|
111
|
+
end
|
112
|
+
|
113
|
+
handler(Handler, step: :sign, operations: [:get_object], priority: 10)
|
114
|
+
|
115
|
+
end
|
116
|
+
end
|
117
|
+
end
|
118
|
+
end
|
@@ -1,3 +1,5 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
1
3
|
require 'openssl'
|
2
4
|
require 'base64'
|
3
5
|
|
@@ -183,35 +185,59 @@ module Aws
|
|
183
185
|
# the post will expire. Defaults to one hour from creation of the
|
184
186
|
# presigned post. May not exceed one week from creation time.
|
185
187
|
# @option options [String] :key See {PresignedPost#key}.
|
186
|
-
# @option options [String] :key_starts_with
|
188
|
+
# @option options [String] :key_starts_with
|
189
|
+
# See {PresignedPost#key_starts_with}.
|
187
190
|
# @option options [String] :acl See {PresignedPost#acl}.
|
188
|
-
# @option options [String] :acl_starts_with
|
189
|
-
#
|
190
|
-
# @option options [String] :
|
191
|
+
# @option options [String] :acl_starts_with
|
192
|
+
# See {PresignedPost#acl_starts_with}.
|
193
|
+
# @option options [String] :cache_control
|
194
|
+
# See {PresignedPost#cache_control}.
|
195
|
+
# @option options [String] :cache_control_starts_with
|
196
|
+
# See {PresignedPost#cache_control_starts_with}.
|
191
197
|
# @option options [String] :content_type See {PresignedPost#content_type}.
|
192
|
-
# @option options [String] :content_type_starts_with
|
193
|
-
#
|
194
|
-
# @option options [String] :
|
195
|
-
#
|
196
|
-
# @option options [String] :
|
198
|
+
# @option options [String] :content_type_starts_with
|
199
|
+
# See {PresignedPost#content_type_starts_with}.
|
200
|
+
# @option options [String] :content_disposition
|
201
|
+
# See {PresignedPost#content_disposition}.
|
202
|
+
# @option options [String] :content_disposition_starts_with
|
203
|
+
# See {PresignedPost#content_disposition_starts_with}.
|
204
|
+
# @option options [String] :content_encoding
|
205
|
+
# See {PresignedPost#content_encoding}.
|
206
|
+
# @option options [String] :content_encoding_starts_with
|
207
|
+
# See {PresignedPost#content_encoding_starts_with}.
|
197
208
|
# @option options [String] :expires See {PresignedPost#expires}.
|
198
|
-
# @option options [String] :expires_starts_with
|
199
|
-
#
|
200
|
-
# @option options [
|
201
|
-
#
|
202
|
-
# @option options [String] :
|
203
|
-
#
|
204
|
-
# @option options [String] :
|
205
|
-
#
|
206
|
-
# @option options [
|
207
|
-
#
|
208
|
-
# @option options [String] :
|
209
|
-
#
|
210
|
-
# @option options [String] :
|
209
|
+
# @option options [String] :expires_starts_with
|
210
|
+
# See {PresignedPost#expires_starts_with}.
|
211
|
+
# @option options [Range<Integer>] :content_length_range
|
212
|
+
# See {PresignedPost#content_length_range}.
|
213
|
+
# @option options [String] :success_action_redirect
|
214
|
+
# See {PresignedPost#success_action_redirect}.
|
215
|
+
# @option options [String] :success_action_redirect_starts_with
|
216
|
+
# See {PresignedPost#success_action_redirect_starts_with}.
|
217
|
+
# @option options [String] :success_action_status
|
218
|
+
# See {PresignedPost#success_action_status}.
|
219
|
+
# @option options [String] :storage_class
|
220
|
+
# See {PresignedPost#storage_class}.
|
221
|
+
# @option options [String] :website_redirect_location
|
222
|
+
# See {PresignedPost#website_redirect_location}.
|
223
|
+
# @option options [Hash<String,String>] :metadata
|
224
|
+
# See {PresignedPost#metadata}.
|
225
|
+
# @option options [Hash<String,String>] :metadata_starts_with
|
226
|
+
# See {PresignedPost#metadata_starts_with}.
|
227
|
+
# @option options [String] :server_side_encryption
|
228
|
+
# See {PresignedPost#server_side_encryption}.
|
229
|
+
# @option options [String] :server_side_encryption_aws_kms_key_id
|
230
|
+
# See {PresignedPost#server_side_encryption_aws_kms_key_id}.
|
231
|
+
# @option options [String] :server_side_encryption_customer_algorithm
|
232
|
+
# See {PresignedPost#server_side_encryption_customer_algorithm}.
|
233
|
+
# @option options [String] :server_side_encryption_customer_key
|
234
|
+
# See {PresignedPost#server_side_encryption_customer_key}.
|
211
235
|
def initialize(credentials, bucket_region, bucket_name, options = {})
|
212
236
|
@credentials = credentials.credentials
|
213
237
|
@bucket_region = bucket_region
|
214
238
|
@bucket_name = bucket_name
|
239
|
+
@accelerate = !!options.delete(:use_accelerate_endpoint)
|
240
|
+
options.delete(:url) if @accelerate # resource methods pass url
|
215
241
|
@url = options.delete(:url) || bucket_url
|
216
242
|
@fields = {}
|
217
243
|
@key_set = false
|
@@ -234,7 +260,7 @@ module Aws
|
|
234
260
|
# as hidden input fields.
|
235
261
|
def fields
|
236
262
|
check_required_values!
|
237
|
-
datetime = Time.now.utc.strftime(
|
263
|
+
datetime = Time.now.utc.strftime('%Y%m%dT%H%M%SZ')
|
238
264
|
fields = @fields.dup
|
239
265
|
fields.update('policy' => policy(datetime))
|
240
266
|
fields.update(signature_fields(datetime))
|
@@ -270,7 +296,7 @@ module Aws
|
|
270
296
|
|
271
297
|
# @!group Fields
|
272
298
|
|
273
|
-
# The key to use for the uploaded object.
|
299
|
+
# The key to use for the uploaded object. You can use `${filename}`
|
274
300
|
# as a variable in the key. This will be replaced with the name
|
275
301
|
# of the file as provided by the user.
|
276
302
|
#
|
@@ -505,7 +531,10 @@ module Aws
|
|
505
531
|
# (KMS) master encryption key to use for the object.
|
506
532
|
# @param [String] value
|
507
533
|
# @return [self]
|
508
|
-
define_field(
|
534
|
+
define_field(
|
535
|
+
:server_side_encryption_aws_kms_key_id,
|
536
|
+
'x-amz-server-side-encryption-aws-kms-key-id'
|
537
|
+
)
|
509
538
|
|
510
539
|
# @!endgroup
|
511
540
|
|
@@ -518,7 +547,10 @@ module Aws
|
|
518
547
|
# @param [String] value
|
519
548
|
# @see #server_side_encryption_customer_key
|
520
549
|
# @return [self]
|
521
|
-
define_field(
|
550
|
+
define_field(
|
551
|
+
:server_side_encryption_customer_algorithm,
|
552
|
+
'x-amz-server-side-encryption-customer-algorithm'
|
553
|
+
)
|
522
554
|
|
523
555
|
# Specifies the customer-provided encryption key for Amazon S3 to use
|
524
556
|
# in encrypting data. This value is used to store the object and then
|
@@ -571,8 +603,8 @@ module Aws
|
|
571
603
|
|
572
604
|
def check_required_values!
|
573
605
|
unless @key_set
|
574
|
-
msg =
|
575
|
-
|
606
|
+
msg = 'key required; you must provide a key via :key, '\
|
607
|
+
":key_starts_with, or :allow_any => ['key']"
|
576
608
|
raise msg
|
577
609
|
end
|
578
610
|
end
|
@@ -580,10 +612,18 @@ module Aws
|
|
580
612
|
def bucket_url
|
581
613
|
url = Aws::Partitions::EndpointProvider.resolve(@bucket_region, 's3')
|
582
614
|
url = URI.parse(url)
|
583
|
-
if Plugins::BucketDns.dns_compatible?(@bucket_name, true)
|
584
|
-
|
615
|
+
if Plugins::BucketDns.dns_compatible?(@bucket_name, _ssl = true)
|
616
|
+
if @accelerate
|
617
|
+
url.host = "#{@bucket_name}.s3-accelerate.amazonaws.com"
|
618
|
+
else
|
619
|
+
url.host = "#{@bucket_name}.#{url.host}"
|
620
|
+
end
|
585
621
|
else
|
586
|
-
url.path =
|
622
|
+
url.path = "/#{@bucket_name}"
|
623
|
+
end
|
624
|
+
if @bucket_region == 'us-east-1'
|
625
|
+
# keep legacy behavior by default
|
626
|
+
url.host = Plugins::IADRegionalEndpoint.legacy_host(url.host)
|
587
627
|
end
|
588
628
|
url.to_s
|
589
629
|
end
|
@@ -613,7 +653,7 @@ module Aws
|
|
613
653
|
|
614
654
|
def signature(datetime, string_to_sign)
|
615
655
|
k_secret = @credentials.secret_access_key
|
616
|
-
k_date = hmac(
|
656
|
+
k_date = hmac('AWS4' + k_secret, datetime[0,8])
|
617
657
|
k_region = hmac(k_date, @bucket_region)
|
618
658
|
k_service = hmac(k_region, 's3')
|
619
659
|
k_credentials = hmac(k_service, 'aws4_request')
|