aws-sdk-s3 1.36.1 → 1.56.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (37) hide show
  1. checksums.yaml +4 -4
  2. data/lib/aws-sdk-s3/bucket.rb +158 -34
  3. data/lib/aws-sdk-s3/bucket_acl.rb +10 -1
  4. data/lib/aws-sdk-s3/bucket_cors.rb +17 -1
  5. data/lib/aws-sdk-s3/bucket_lifecycle.rb +1 -1
  6. data/lib/aws-sdk-s3/bucket_lifecycle_configuration.rb +2 -1
  7. data/lib/aws-sdk-s3/bucket_logging.rb +10 -3
  8. data/lib/aws-sdk-s3/bucket_notification.rb +6 -3
  9. data/lib/aws-sdk-s3/bucket_policy.rb +1 -0
  10. data/lib/aws-sdk-s3/bucket_request_payment.rb +9 -0
  11. data/lib/aws-sdk-s3/bucket_tagging.rb +9 -1
  12. data/lib/aws-sdk-s3/bucket_versioning.rb +25 -0
  13. data/lib/aws-sdk-s3/bucket_website.rb +14 -4
  14. data/lib/aws-sdk-s3/client.rb +4636 -301
  15. data/lib/aws-sdk-s3/client_api.rb +22 -0
  16. data/lib/aws-sdk-s3/customizations/bucket.rb +4 -0
  17. data/lib/aws-sdk-s3/customizations/object.rb +65 -43
  18. data/lib/aws-sdk-s3/encryption/client.rb +4 -0
  19. data/lib/aws-sdk-s3/event_streams.rb +7 -7
  20. data/lib/aws-sdk-s3/file_part.rb +9 -6
  21. data/lib/aws-sdk-s3/file_uploader.rb +13 -12
  22. data/lib/aws-sdk-s3/multipart_file_uploader.rb +14 -11
  23. data/lib/aws-sdk-s3/multipart_upload.rb +3 -1
  24. data/lib/aws-sdk-s3/multipart_upload_part.rb +3 -1
  25. data/lib/aws-sdk-s3/object.rb +205 -32
  26. data/lib/aws-sdk-s3/object_acl.rb +17 -2
  27. data/lib/aws-sdk-s3/object_summary.rb +125 -25
  28. data/lib/aws-sdk-s3/object_version.rb +6 -2
  29. data/lib/aws-sdk-s3/plugins/iad_regional_endpoint.rb +59 -0
  30. data/lib/aws-sdk-s3/plugins/md5s.rb +3 -4
  31. data/lib/aws-sdk-s3/plugins/s3_signer.rb +2 -0
  32. data/lib/aws-sdk-s3/presigned_post.rb +4 -0
  33. data/lib/aws-sdk-s3/presigner.rb +44 -30
  34. data/lib/aws-sdk-s3/resource.rb +2 -0
  35. data/lib/aws-sdk-s3/types.rb +2460 -430
  36. data/lib/aws-sdk-s3.rb +1 -1
  37. metadata +7 -6
@@ -38,19 +38,20 @@ module Aws::S3
38
38
  @key
39
39
  end
40
40
 
41
-
41
+ # The date the Object was Last Modified
42
42
  # @return [Time]
43
43
  def last_modified
44
44
  data[:last_modified]
45
45
  end
46
46
 
47
-
47
+ # The entity tag is an MD5 hash of the object. ETag reflects only
48
+ # changes to the contents of an object, not its metadata.
48
49
  # @return [String]
49
50
  def etag
50
51
  data[:etag]
51
52
  end
52
53
 
53
-
54
+ # Size in bytes of the object
54
55
  # @return [Integer]
55
56
  def size
56
57
  data[:size]
@@ -62,7 +63,7 @@ module Aws::S3
62
63
  data[:storage_class]
63
64
  end
64
65
 
65
-
66
+ # The owner of the object
66
67
  # @return [Types::Owner]
67
68
  def owner
68
69
  data[:owner]
@@ -118,10 +119,10 @@ module Aws::S3
118
119
  # @option options [Proc] :before_attempt
119
120
  # @option options [Proc] :before_wait
120
121
  # @return [ObjectSummary]
121
- def wait_until_exists(options = {})
122
+ def wait_until_exists(options = {}, &block)
122
123
  options, params = separate_params_and_options(options)
123
124
  waiter = Waiters::ObjectExists.new(options)
124
- yield_waiter_and_warn(waiter, &Proc.new) if block_given?
125
+ yield_waiter_and_warn(waiter, &block) if block_given?
125
126
  waiter.wait(params.merge(bucket: @bucket_name,
126
127
  key: @key))
127
128
  ObjectSummary.new({
@@ -137,10 +138,10 @@ module Aws::S3
137
138
  # @option options [Proc] :before_attempt
138
139
  # @option options [Proc] :before_wait
139
140
  # @return [ObjectSummary]
140
- def wait_until_not_exists(options = {})
141
+ def wait_until_not_exists(options = {}, &block)
141
142
  options, params = separate_params_and_options(options)
142
143
  waiter = Waiters::ObjectNotExists.new(options)
143
- yield_waiter_and_warn(waiter, &Proc.new) if block_given?
144
+ yield_waiter_and_warn(waiter, &block) if block_given?
144
145
  waiter.wait(params.merge(bucket: @bucket_name,
145
146
  key: @key))
146
147
  ObjectSummary.new({
@@ -278,6 +279,7 @@ module Aws::S3
278
279
  # sse_customer_key: "SSECustomerKey",
279
280
  # sse_customer_key_md5: "SSECustomerKeyMD5",
280
281
  # ssekms_key_id: "SSEKMSKeyId",
282
+ # ssekms_encryption_context: "SSEKMSEncryptionContext",
281
283
  # copy_source_sse_customer_algorithm: "CopySourceSSECustomerAlgorithm",
282
284
  # copy_source_sse_customer_key: "CopySourceSSECustomerKey",
283
285
  # copy_source_sse_customer_key_md5: "CopySourceSSECustomerKeyMD5",
@@ -362,6 +364,10 @@ module Aws::S3
362
364
  # via SSL or using SigV4. Documentation on configuring any of the
363
365
  # officially supported AWS SDKs and CLI can be found at
364
366
  # http://docs.aws.amazon.com/AmazonS3/latest/dev/UsingAWSSDK.html#specify-signature-version
367
+ # @option options [String] :ssekms_encryption_context
368
+ # Specifies the AWS KMS Encryption Context to use for object encryption.
369
+ # The value of this header is a base64-encoded UTF-8 string holding JSON
370
+ # with the encryption context key-value pairs.
365
371
  # @option options [String] :copy_source_sse_customer_algorithm
366
372
  # Specifies the algorithm to use when decrypting the source object
367
373
  # (e.g., AES256).
@@ -412,6 +418,8 @@ module Aws::S3
412
418
  # @option options [String] :mfa
413
419
  # The concatenation of the authentication device's serial number, a
414
420
  # space, and the value that is displayed on your authentication device.
421
+ # Required to permanently delete a versionedobject if versioning is
422
+ # configured with MFA Deleteenabled.
415
423
  # @option options [String] :version_id
416
424
  # VersionId used to reference a specific version of the object.
417
425
  # @option options [String] :request_payer
@@ -543,6 +551,7 @@ module Aws::S3
543
551
  # sse_customer_key: "SSECustomerKey",
544
552
  # sse_customer_key_md5: "SSECustomerKeyMD5",
545
553
  # ssekms_key_id: "SSEKMSKeyId",
554
+ # ssekms_encryption_context: "SSEKMSEncryptionContext",
546
555
  # request_payer: "requester", # accepts requester
547
556
  # tagging: "TaggingHeader",
548
557
  # object_lock_mode: "GOVERNANCE", # accepts GOVERNANCE, COMPLIANCE
@@ -605,6 +614,10 @@ module Aws::S3
605
614
  # via SSL or using SigV4. Documentation on configuring any of the
606
615
  # officially supported AWS SDKs and CLI can be found at
607
616
  # http://docs.aws.amazon.com/AmazonS3/latest/dev/UsingAWSSDK.html#specify-signature-version
617
+ # @option options [String] :ssekms_encryption_context
618
+ # Specifies the AWS KMS Encryption Context to use for object encryption.
619
+ # The value of this header is a base64-encoded UTF-8 string holding JSON
620
+ # with the encryption context key-value pairs.
608
621
  # @option options [String] :request_payer
609
622
  # Confirms that the requester knows that she or he will be charged for
610
623
  # the request. Bucket owners need not specify this parameter in their
@@ -664,6 +677,7 @@ module Aws::S3
664
677
  # sse_customer_key: "SSECustomerKey",
665
678
  # sse_customer_key_md5: "SSECustomerKeyMD5",
666
679
  # ssekms_key_id: "SSEKMSKeyId",
680
+ # ssekms_encryption_context: "SSEKMSEncryptionContext",
667
681
  # request_payer: "requester", # accepts requester
668
682
  # tagging: "TaggingHeader",
669
683
  # object_lock_mode: "GOVERNANCE", # accepts GOVERNANCE, COMPLIANCE
@@ -672,29 +686,77 @@ module Aws::S3
672
686
  # })
673
687
  # @param [Hash] options ({})
674
688
  # @option options [String] :acl
675
- # The canned ACL to apply to the object.
689
+ # The canned ACL to apply to the object. For more information, see
690
+ # [Canned ACL][1].
691
+ #
692
+ #
693
+ #
694
+ # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#CannedACL
676
695
  # @option options [String, IO] :body
677
696
  # Object data.
678
697
  # @option options [String] :cache_control
679
- # Specifies caching behavior along the request/reply chain.
698
+ # Can be used to specify caching behavior along the request/reply chain.
699
+ # For more information, see
700
+ # [http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.9][1].
701
+ #
702
+ #
703
+ #
704
+ # [1]: http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.9
680
705
  # @option options [String] :content_disposition
681
- # Specifies presentational information for the object.
706
+ # Specifies presentational information for the object. For more
707
+ # information, see
708
+ # [http://www.w3.org/Protocols/rfc2616/rfc2616-sec19.html#sec19.5.1][1].
709
+ #
710
+ #
711
+ #
712
+ # [1]: http://www.w3.org/Protocols/rfc2616/rfc2616-sec19.html#sec19.5.1
682
713
  # @option options [String] :content_encoding
683
714
  # Specifies what content encodings have been applied to the object and
684
715
  # thus what decoding mechanisms must be applied to obtain the media-type
685
- # referenced by the Content-Type header field.
716
+ # referenced by the Content-Type header field. For more information, see
717
+ # [http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.11][1].
718
+ #
719
+ #
720
+ #
721
+ # [1]: http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.11
686
722
  # @option options [String] :content_language
687
723
  # The language the content is in.
688
724
  # @option options [Integer] :content_length
689
725
  # Size of the body in bytes. This parameter is useful when the size of
690
- # the body cannot be determined automatically.
726
+ # the body cannot be determined automatically. For more information, see
727
+ # [http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.13][1].
728
+ #
729
+ #
730
+ #
731
+ # [1]: http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.13
691
732
  # @option options [String] :content_md5
692
- # The base64-encoded 128-bit MD5 digest of the part data. This parameter
693
- # is auto-populated when using the command from the CLI
733
+ # The base64-encoded 128-bit MD5 digest of the message (without the
734
+ # headers) according to RFC 1864. This header can be used as a message
735
+ # integrity check to verify that the data is the same data that was
736
+ # originally sent. Although it is optional, we recommend using the
737
+ # Content-MD5 mechanism as an end-to-end integrity check. For more
738
+ # information about REST request authentication, see [REST
739
+ # Authentication][1].
740
+ #
741
+ #
742
+ #
743
+ # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/RESTAuthentication.html
694
744
  # @option options [String] :content_type
695
- # A standard MIME type describing the format of the object data.
745
+ # A standard MIME type describing the format of the contents. For more
746
+ # information, see
747
+ # [http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.17][1].
748
+ #
749
+ #
750
+ #
751
+ # [1]: http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.17
696
752
  # @option options [Time,DateTime,Date,Integer,String] :expires
697
- # The date and time at which the object is no longer cacheable.
753
+ # The date and time at which the object is no longer cacheable. For more
754
+ # information, see
755
+ # [http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.21][1].
756
+ #
757
+ #
758
+ #
759
+ # [1]: http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.21
698
760
  # @option options [String] :grant_full_control
699
761
  # Gives the grantee READ, READ\_ACP, and WRITE\_ACP permissions on the
700
762
  # object.
@@ -710,11 +772,32 @@ module Aws::S3
710
772
  # The Server-side encryption algorithm used when storing this object in
711
773
  # S3 (e.g., AES256, aws:kms).
712
774
  # @option options [String] :storage_class
713
- # The type of storage to use for the object. Defaults to 'STANDARD'.
775
+ # If you don't specify, Standard is the default storage class. Amazon
776
+ # S3 supports other storage classes.
714
777
  # @option options [String] :website_redirect_location
715
778
  # If the bucket is configured as a website, redirects requests for this
716
779
  # object to another object in the same bucket or to an external URL.
717
- # Amazon S3 stores the value of this header in the object metadata.
780
+ # Amazon S3 stores the value of this header in the object metadata. For
781
+ # information about object metadata, see .
782
+ #
783
+ # In the following example, the request header sets the redirect to an
784
+ # object (anotherPage.html) in the same bucket:
785
+ #
786
+ # `x-amz-website-redirect-location: /anotherPage.html`
787
+ #
788
+ # In the following example, the request header sets the object redirect
789
+ # to another website:
790
+ #
791
+ # `x-amz-website-redirect-location: http://www.example.com/`
792
+ #
793
+ # For more information about website hosting in Amazon S3, see [Hosting
794
+ # Websites on Amazon S3][1] and [How to Configure Website Page
795
+ # Redirects][2].
796
+ #
797
+ #
798
+ #
799
+ # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/WebsiteHosting.html
800
+ # [2]: https://docs.aws.amazon.com/AmazonS3/latest/dev/how-to-page-redirect.html
718
801
  # @option options [String] :sse_customer_algorithm
719
802
  # Specifies the algorithm to use to when encrypting the object (e.g.,
720
803
  # AES256).
@@ -729,11 +812,20 @@ module Aws::S3
729
812
  # RFC 1321. Amazon S3 uses this header for a message integrity check to
730
813
  # ensure the encryption key was transmitted without error.
731
814
  # @option options [String] :ssekms_key_id
732
- # Specifies the AWS KMS key ID to use for object encryption. All GET and
733
- # PUT requests for an object protected by AWS KMS will fail if not made
734
- # via SSL or using SigV4. Documentation on configuring any of the
735
- # officially supported AWS SDKs and CLI can be found at
736
- # http://docs.aws.amazon.com/AmazonS3/latest/dev/UsingAWSSDK.html#specify-signature-version
815
+ # If the x-amz-server-side-encryption is present and has the value of
816
+ # aws:kms, this header specifies the ID of the AWS Key Management
817
+ # Service (AWS KMS) customer master key (CMK) that was used for the
818
+ # object.
819
+ #
820
+ # If the value of x-amz-server-side-encryption is aws:kms, this header
821
+ # specifies the ID of the AWS KMS CMK that will be used for the object.
822
+ # If you specify x-amz-server-side-encryption:aws:kms, but do not
823
+ # provide x-amz-server-side-encryption-aws-kms-key-id, Amazon S3 uses
824
+ # the AWS managed CMK in AWS to protect the data.
825
+ # @option options [String] :ssekms_encryption_context
826
+ # Specifies the AWS KMS Encryption Context to use for object encryption.
827
+ # The value of this header is a base64-encoded UTF-8 string holding JSON
828
+ # with the encryption context key-value pairs.
737
829
  # @option options [String] :request_payer
738
830
  # Confirms that the requester knows that she or he will be charged for
739
831
  # the request. Bucket owners need not specify this parameter in their
@@ -748,7 +840,12 @@ module Aws::S3
748
840
  # @option options [Time,DateTime,Date,Integer,String] :object_lock_retain_until_date
749
841
  # The date and time when you want this object's Object Lock to expire.
750
842
  # @option options [String] :object_lock_legal_hold_status
751
- # The Legal Hold status that you want to apply to the specified object.
843
+ # Specifies whether a legal hold will be applied to this object. For
844
+ # more information about S3 Object Lock, see [Object Lock][1].
845
+ #
846
+ #
847
+ #
848
+ # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock.html
752
849
  # @return [Types::PutObjectOutput]
753
850
  def put(options = {})
754
851
  options = options.merge(
@@ -848,6 +945,7 @@ module Aws::S3
848
945
  # })
849
946
  # @param [Hash] options ({})
850
947
  # @option options [String] :version_id
948
+ # VersionId used to reference a specific version of the object.
851
949
  # @option options [Types::RestoreRequest] :restore_request
852
950
  # Container for restore job parameters.
853
951
  # @option options [String] :request_payer
@@ -990,6 +1088,8 @@ module Aws::S3
990
1088
  # @option options [String] :mfa
991
1089
  # The concatenation of the authentication device's serial number, a
992
1090
  # space, and the value that is displayed on your authentication device.
1091
+ # Required to permanently delete a versioned object if versioning is
1092
+ # configured with MFA Delete enabled.
993
1093
  # @option options [String] :request_payer
994
1094
  # Confirms that the requester knows that she or he will be charged for
995
1095
  # the request. Bucket owners need not specify this parameter in their
@@ -46,7 +46,7 @@ module Aws::S3
46
46
  @id
47
47
  end
48
48
 
49
-
49
+ # The entity tag is an MD5 hash of that version of the object
50
50
  # @return [String]
51
51
  def etag
52
52
  data[:etag]
@@ -89,7 +89,7 @@ module Aws::S3
89
89
  data[:last_modified]
90
90
  end
91
91
 
92
-
92
+ # Specifies the Owner of the object.
93
93
  # @return [Types::Owner]
94
94
  def owner
95
95
  data[:owner]
@@ -233,6 +233,8 @@ module Aws::S3
233
233
  # @option options [String] :mfa
234
234
  # The concatenation of the authentication device's serial number, a
235
235
  # space, and the value that is displayed on your authentication device.
236
+ # Required to permanently delete a versionedobject if versioning is
237
+ # configured with MFA Deleteenabled.
236
238
  # @option options [String] :request_payer
237
239
  # Confirms that the requester knows that she or he will be charged for
238
240
  # the request. Bucket owners need not specify this parameter in their
@@ -475,6 +477,8 @@ module Aws::S3
475
477
  # @option options [String] :mfa
476
478
  # The concatenation of the authentication device's serial number, a
477
479
  # space, and the value that is displayed on your authentication device.
480
+ # Required to permanently delete a versioned object if versioning is
481
+ # configured with MFA Delete enabled.
478
482
  # @option options [String] :request_payer
479
483
  # Confirms that the requester knows that she or he will be charged for
480
484
  # the request. Bucket owners need not specify this parameter in their
@@ -0,0 +1,59 @@
1
+ module Aws
2
+ module S3
3
+ module Plugins
4
+
5
+ class IADRegionalEndpoint < Seahorse::Client::Plugin
6
+
7
+ option(:s3_us_east_1_regional_endpoint,
8
+ default: 'legacy',
9
+ doc_type: String,
10
+ docstring: <<-DOCS) do |cfg|
11
+ Passing in `regional` to enable regional endpoint for S3's `us-east-1`
12
+ region. Defaults to `legacy` mode using global endpoint.
13
+ DOCS
14
+ resolve_iad_regional_endpoint(cfg)
15
+ end
16
+
17
+ def add_handlers(handlers, config)
18
+ if config.region == 'us-east-1'
19
+ handlers.add(Handler)
20
+ end
21
+ end
22
+
23
+ # @api private
24
+ class Handler < Seahorse::Client::Handler
25
+
26
+ def call(context)
27
+ # keep legacy global endpoint pattern by default
28
+ if context.config.s3_us_east_1_regional_endpoint == 'legacy'
29
+ context.http_request.endpoint.host = IADRegionalEndpoint.legacy_host(
30
+ context.http_request.endpoint.host)
31
+ end
32
+ @handler.call(context)
33
+ end
34
+
35
+ end
36
+
37
+ def self.legacy_host(host)
38
+ host.sub(".us-east-1", '')
39
+ end
40
+
41
+ private
42
+
43
+ def self.resolve_iad_regional_endpoint(cfg)
44
+ mode = ENV['AWS_S3_US_EAST_1_REGIONAL_ENDPOINT'] ||
45
+ Aws.shared_config.s3_us_east_1_regional_endpoint(profile: cfg.profile) ||
46
+ 'legacy'
47
+ unless %w(legacy regional).include?(mode)
48
+ raise ArgumentError, "expected :s3_us_east_1_regional_endpoint or"\
49
+ " ENV['AWS_S3_US_EAST_1_REGIONAL_ENDPOINT'] to be `legacy` or"\
50
+ " `regional`."
51
+ end
52
+ mode
53
+ end
54
+
55
+ end
56
+
57
+ end
58
+ end
59
+ end
@@ -1,5 +1,4 @@
1
1
  require 'openssl'
2
- require 'base64'
3
2
 
4
3
  module Aws
5
4
  module S3
@@ -37,13 +36,13 @@ module Aws
37
36
  # @return [String<MD5>]
38
37
  def md5(value)
39
38
  if (File === value || Tempfile === value) && !value.path.nil? && File.exist?(value.path)
40
- Base64.encode64(OpenSSL::Digest::MD5.file(value).digest).strip
39
+ OpenSSL::Digest::MD5.file(value).base64digest
41
40
  elsif value.respond_to?(:read)
42
41
  md5 = OpenSSL::Digest::MD5.new
43
42
  update_in_chunks(md5, value)
44
- Base64.encode64(md5.digest).strip
43
+ md5.base64digest
45
44
  else
46
- Base64.encode64(OpenSSL::Digest::MD5.digest(value)).strip
45
+ OpenSSL::Digest::MD5.digest(value).base64digest
47
46
  end
48
47
  end
49
48
 
@@ -17,6 +17,8 @@ module Aws
17
17
  end
18
18
 
19
19
  option(:sigv4_region) do |cfg|
20
+ raise Aws::Errors::MissingRegionError if cfg.region.nil?
21
+
20
22
  Aws::Partitions::EndpointProvider.signing_region(cfg.region, 's3')
21
23
  end
22
24
 
@@ -585,6 +585,10 @@ module Aws
585
585
  else
586
586
  url.path = '/' + @bucket_name
587
587
  end
588
+ if @bucket_region == 'us-east-1'
589
+ # keep legacy behavior by default
590
+ url.host = Plugins::IADRegionalEndpoint.legacy_host(url.host)
591
+ end
588
592
  url.to_s
589
593
  end
590
594
 
@@ -16,6 +16,25 @@ module Aws
16
16
  # @api private
17
17
  FIFTEEN_MINUTES = 60 * 15
18
18
 
19
+ BLACKLISTED_HEADERS = [
20
+ 'accept',
21
+ 'cache-control',
22
+ 'content-length', # due to a ELB bug
23
+ 'expect',
24
+ 'from',
25
+ 'if-match',
26
+ 'if-none-match',
27
+ 'if-modified-since',
28
+ 'if-unmodified-since',
29
+ 'if-range',
30
+ 'max-forwards',
31
+ 'pragma',
32
+ 'proxy-authorization',
33
+ 'referer',
34
+ 'te',
35
+ 'user-agent'
36
+ ].freeze
37
+
19
38
  # @option options [Client] :client Optionally provide an existing
20
39
  # S3 client
21
40
  def initialize(options = {})
@@ -31,6 +50,9 @@ module Aws
31
50
  # attempts to set this value to greater than one week (604800) will
32
51
  # raise an exception.
33
52
  #
53
+ # @option params [Time] :time (Time.now) The starting time for when the
54
+ # presigned url becomes active.
55
+ #
34
56
  # @option params [Boolean] :secure (true) When `false`, a HTTP URL
35
57
  # is returned instead of the default HTTPS URL.
36
58
  #
@@ -38,8 +60,15 @@ module Aws
38
60
  # bucket name will be used as the hostname. This will cause
39
61
  # the returned URL to be 'http' and not 'https'.
40
62
  #
41
- # @option params [Boolean] :use_accelerate_endpoint (false) When `true`, Presigner
42
- # will attempt to use accelerated endpoint
63
+ # @option params [Boolean] :use_accelerate_endpoint (false) When `true`,
64
+ # Presigner will attempt to use accelerated endpoint.
65
+ #
66
+ # @option params [Array<String>] :whitelist_headers ([]) Additional
67
+ # headers to be included for the signed request. Certain headers beyond
68
+ # the authorization header could, in theory, be changed for various
69
+ # reasons (including but not limited to proxies) while in transit and
70
+ # after signing. This would lead to signature errors being returned,
71
+ # despite no actual problems with signing. (see BLACKLISTED_HEADERS)
43
72
  #
44
73
  # @raise [ArgumentError] Raises an ArgumentError if `:expires_in`
45
74
  # exceeds one week.
@@ -49,11 +78,15 @@ module Aws
49
78
  raise ArgumentError, ":key must not be blank"
50
79
  end
51
80
  virtual_host = !!params.delete(:virtual_host)
81
+ time = params.delete(:time)
82
+ whitelisted_headers = params.delete(:whitelist_headers) || []
83
+ unsigned_headers = BLACKLISTED_HEADERS - whitelisted_headers
52
84
  scheme = http_scheme(params, virtual_host)
53
85
 
54
86
  req = @client.build_request(method, params)
55
87
  use_bucket_as_hostname(req) if virtual_host
56
- sign_but_dont_send(req, expires_in(params), scheme)
88
+
89
+ sign_but_dont_send(req, expires_in(params), scheme, time, unsigned_headers)
57
90
  req.send_request.data
58
91
  end
59
92
 
@@ -68,7 +101,7 @@ module Aws
68
101
  end
69
102
 
70
103
  def expires_in(params)
71
- if expires_in = params.delete(:expires_in)
104
+ if (expires_in = params.delete(:expires_in))
72
105
  if expires_in > ONE_WEEK
73
106
  msg = "expires_in value of #{expires_in} exceeds one-week maximum"
74
107
  raise ArgumentError, msg
@@ -92,17 +125,16 @@ module Aws
92
125
  end
93
126
 
94
127
  # @param [Seahorse::Client::Request] req
95
- def sign_but_dont_send(req, expires_in, scheme)
96
-
128
+ def sign_but_dont_send(req, expires_in, scheme, time, unsigned_headers)
97
129
  http_req = req.context.http_request
98
130
 
99
131
  req.handlers.remove(Aws::S3::Plugins::S3Signer::LegacyHandler)
100
132
  req.handlers.remove(Aws::S3::Plugins::S3Signer::V4Handler)
101
133
  req.handlers.remove(Seahorse::Client::Plugins::ContentLength::Handler)
102
134
 
103
- signer = build_signer(req.context.config)
104
- req.context[:presigned_url] = true
135
+ signer = build_signer(req.context.config, unsigned_headers)
105
136
 
137
+ req.context[:presigned_url] = true
106
138
  req.handle(step: :send) do |context|
107
139
 
108
140
  if scheme != http_req.endpoint.scheme
@@ -128,41 +160,23 @@ module Aws
128
160
  url: http_req.endpoint,
129
161
  headers: http_req.headers,
130
162
  body_digest: 'UNSIGNED-PAYLOAD',
131
- expires_in: expires_in
163
+ expires_in: expires_in,
164
+ time: time
132
165
  ).to_s
133
166
 
134
167
  Seahorse::Client::Response.new(context: context, data: url)
135
168
  end
136
169
  end
137
170
 
138
- def build_signer(cfg)
171
+ def build_signer(cfg, unsigned_headers)
139
172
  Aws::Sigv4::Signer.new(
140
173
  service: 's3',
141
174
  region: cfg.region,
142
175
  credentials_provider: cfg.credentials,
143
- unsigned_headers: [
144
- 'cache-control',
145
- 'content-length', # due to a ELB bug
146
- 'expect',
147
- 'max-forwards',
148
- 'pragma',
149
- 'te',
150
- 'if-match',
151
- 'if-none-match',
152
- 'if-modified-since',
153
- 'if-unmodified-since',
154
- 'if-range',
155
- 'accept',
156
- 'proxy-authorization',
157
- 'from',
158
- 'referer',
159
- 'user-agent',
160
- 'x-amzn-trace-id'
161
- ],
176
+ unsigned_headers: unsigned_headers,
162
177
  uri_escape_path: false
163
178
  )
164
179
  end
165
-
166
180
  end
167
181
  end
168
182
  end
@@ -40,7 +40,9 @@ module Aws::S3
40
40
  # @option options [String] :acl
41
41
  # The canned ACL to apply to the bucket.
42
42
  # @option options [required, String] :bucket
43
+ # The name of the bucket to create.
43
44
  # @option options [Types::CreateBucketConfiguration] :create_bucket_configuration
45
+ # The configuration information for the bucket.
44
46
  # @option options [String] :grant_full_control
45
47
  # Allows grantee the read, write, read ACP, and write ACP permissions on
46
48
  # the bucket.