aws-sdk-s3 1.36.1 → 1.56.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/aws-sdk-s3/bucket.rb +158 -34
- data/lib/aws-sdk-s3/bucket_acl.rb +10 -1
- data/lib/aws-sdk-s3/bucket_cors.rb +17 -1
- data/lib/aws-sdk-s3/bucket_lifecycle.rb +1 -1
- data/lib/aws-sdk-s3/bucket_lifecycle_configuration.rb +2 -1
- data/lib/aws-sdk-s3/bucket_logging.rb +10 -3
- data/lib/aws-sdk-s3/bucket_notification.rb +6 -3
- data/lib/aws-sdk-s3/bucket_policy.rb +1 -0
- data/lib/aws-sdk-s3/bucket_request_payment.rb +9 -0
- data/lib/aws-sdk-s3/bucket_tagging.rb +9 -1
- data/lib/aws-sdk-s3/bucket_versioning.rb +25 -0
- data/lib/aws-sdk-s3/bucket_website.rb +14 -4
- data/lib/aws-sdk-s3/client.rb +4636 -301
- data/lib/aws-sdk-s3/client_api.rb +22 -0
- data/lib/aws-sdk-s3/customizations/bucket.rb +4 -0
- data/lib/aws-sdk-s3/customizations/object.rb +65 -43
- data/lib/aws-sdk-s3/encryption/client.rb +4 -0
- data/lib/aws-sdk-s3/event_streams.rb +7 -7
- data/lib/aws-sdk-s3/file_part.rb +9 -6
- data/lib/aws-sdk-s3/file_uploader.rb +13 -12
- data/lib/aws-sdk-s3/multipart_file_uploader.rb +14 -11
- data/lib/aws-sdk-s3/multipart_upload.rb +3 -1
- data/lib/aws-sdk-s3/multipart_upload_part.rb +3 -1
- data/lib/aws-sdk-s3/object.rb +205 -32
- data/lib/aws-sdk-s3/object_acl.rb +17 -2
- data/lib/aws-sdk-s3/object_summary.rb +125 -25
- data/lib/aws-sdk-s3/object_version.rb +6 -2
- data/lib/aws-sdk-s3/plugins/iad_regional_endpoint.rb +59 -0
- data/lib/aws-sdk-s3/plugins/md5s.rb +3 -4
- data/lib/aws-sdk-s3/plugins/s3_signer.rb +2 -0
- data/lib/aws-sdk-s3/presigned_post.rb +4 -0
- data/lib/aws-sdk-s3/presigner.rb +44 -30
- data/lib/aws-sdk-s3/resource.rb +2 -0
- data/lib/aws-sdk-s3/types.rb +2460 -430
- data/lib/aws-sdk-s3.rb +1 -1
- metadata +7 -6
@@ -38,19 +38,20 @@ module Aws::S3
|
|
38
38
|
@key
|
39
39
|
end
|
40
40
|
|
41
|
-
|
41
|
+
# The date the Object was Last Modified
|
42
42
|
# @return [Time]
|
43
43
|
def last_modified
|
44
44
|
data[:last_modified]
|
45
45
|
end
|
46
46
|
|
47
|
-
|
47
|
+
# The entity tag is an MD5 hash of the object. ETag reflects only
|
48
|
+
# changes to the contents of an object, not its metadata.
|
48
49
|
# @return [String]
|
49
50
|
def etag
|
50
51
|
data[:etag]
|
51
52
|
end
|
52
53
|
|
53
|
-
|
54
|
+
# Size in bytes of the object
|
54
55
|
# @return [Integer]
|
55
56
|
def size
|
56
57
|
data[:size]
|
@@ -62,7 +63,7 @@ module Aws::S3
|
|
62
63
|
data[:storage_class]
|
63
64
|
end
|
64
65
|
|
65
|
-
|
66
|
+
# The owner of the object
|
66
67
|
# @return [Types::Owner]
|
67
68
|
def owner
|
68
69
|
data[:owner]
|
@@ -118,10 +119,10 @@ module Aws::S3
|
|
118
119
|
# @option options [Proc] :before_attempt
|
119
120
|
# @option options [Proc] :before_wait
|
120
121
|
# @return [ObjectSummary]
|
121
|
-
def wait_until_exists(options = {})
|
122
|
+
def wait_until_exists(options = {}, &block)
|
122
123
|
options, params = separate_params_and_options(options)
|
123
124
|
waiter = Waiters::ObjectExists.new(options)
|
124
|
-
yield_waiter_and_warn(waiter, &
|
125
|
+
yield_waiter_and_warn(waiter, &block) if block_given?
|
125
126
|
waiter.wait(params.merge(bucket: @bucket_name,
|
126
127
|
key: @key))
|
127
128
|
ObjectSummary.new({
|
@@ -137,10 +138,10 @@ module Aws::S3
|
|
137
138
|
# @option options [Proc] :before_attempt
|
138
139
|
# @option options [Proc] :before_wait
|
139
140
|
# @return [ObjectSummary]
|
140
|
-
def wait_until_not_exists(options = {})
|
141
|
+
def wait_until_not_exists(options = {}, &block)
|
141
142
|
options, params = separate_params_and_options(options)
|
142
143
|
waiter = Waiters::ObjectNotExists.new(options)
|
143
|
-
yield_waiter_and_warn(waiter, &
|
144
|
+
yield_waiter_and_warn(waiter, &block) if block_given?
|
144
145
|
waiter.wait(params.merge(bucket: @bucket_name,
|
145
146
|
key: @key))
|
146
147
|
ObjectSummary.new({
|
@@ -278,6 +279,7 @@ module Aws::S3
|
|
278
279
|
# sse_customer_key: "SSECustomerKey",
|
279
280
|
# sse_customer_key_md5: "SSECustomerKeyMD5",
|
280
281
|
# ssekms_key_id: "SSEKMSKeyId",
|
282
|
+
# ssekms_encryption_context: "SSEKMSEncryptionContext",
|
281
283
|
# copy_source_sse_customer_algorithm: "CopySourceSSECustomerAlgorithm",
|
282
284
|
# copy_source_sse_customer_key: "CopySourceSSECustomerKey",
|
283
285
|
# copy_source_sse_customer_key_md5: "CopySourceSSECustomerKeyMD5",
|
@@ -362,6 +364,10 @@ module Aws::S3
|
|
362
364
|
# via SSL or using SigV4. Documentation on configuring any of the
|
363
365
|
# officially supported AWS SDKs and CLI can be found at
|
364
366
|
# http://docs.aws.amazon.com/AmazonS3/latest/dev/UsingAWSSDK.html#specify-signature-version
|
367
|
+
# @option options [String] :ssekms_encryption_context
|
368
|
+
# Specifies the AWS KMS Encryption Context to use for object encryption.
|
369
|
+
# The value of this header is a base64-encoded UTF-8 string holding JSON
|
370
|
+
# with the encryption context key-value pairs.
|
365
371
|
# @option options [String] :copy_source_sse_customer_algorithm
|
366
372
|
# Specifies the algorithm to use when decrypting the source object
|
367
373
|
# (e.g., AES256).
|
@@ -412,6 +418,8 @@ module Aws::S3
|
|
412
418
|
# @option options [String] :mfa
|
413
419
|
# The concatenation of the authentication device's serial number, a
|
414
420
|
# space, and the value that is displayed on your authentication device.
|
421
|
+
# Required to permanently delete a versionedobject if versioning is
|
422
|
+
# configured with MFA Deleteenabled.
|
415
423
|
# @option options [String] :version_id
|
416
424
|
# VersionId used to reference a specific version of the object.
|
417
425
|
# @option options [String] :request_payer
|
@@ -543,6 +551,7 @@ module Aws::S3
|
|
543
551
|
# sse_customer_key: "SSECustomerKey",
|
544
552
|
# sse_customer_key_md5: "SSECustomerKeyMD5",
|
545
553
|
# ssekms_key_id: "SSEKMSKeyId",
|
554
|
+
# ssekms_encryption_context: "SSEKMSEncryptionContext",
|
546
555
|
# request_payer: "requester", # accepts requester
|
547
556
|
# tagging: "TaggingHeader",
|
548
557
|
# object_lock_mode: "GOVERNANCE", # accepts GOVERNANCE, COMPLIANCE
|
@@ -605,6 +614,10 @@ module Aws::S3
|
|
605
614
|
# via SSL or using SigV4. Documentation on configuring any of the
|
606
615
|
# officially supported AWS SDKs and CLI can be found at
|
607
616
|
# http://docs.aws.amazon.com/AmazonS3/latest/dev/UsingAWSSDK.html#specify-signature-version
|
617
|
+
# @option options [String] :ssekms_encryption_context
|
618
|
+
# Specifies the AWS KMS Encryption Context to use for object encryption.
|
619
|
+
# The value of this header is a base64-encoded UTF-8 string holding JSON
|
620
|
+
# with the encryption context key-value pairs.
|
608
621
|
# @option options [String] :request_payer
|
609
622
|
# Confirms that the requester knows that she or he will be charged for
|
610
623
|
# the request. Bucket owners need not specify this parameter in their
|
@@ -664,6 +677,7 @@ module Aws::S3
|
|
664
677
|
# sse_customer_key: "SSECustomerKey",
|
665
678
|
# sse_customer_key_md5: "SSECustomerKeyMD5",
|
666
679
|
# ssekms_key_id: "SSEKMSKeyId",
|
680
|
+
# ssekms_encryption_context: "SSEKMSEncryptionContext",
|
667
681
|
# request_payer: "requester", # accepts requester
|
668
682
|
# tagging: "TaggingHeader",
|
669
683
|
# object_lock_mode: "GOVERNANCE", # accepts GOVERNANCE, COMPLIANCE
|
@@ -672,29 +686,77 @@ module Aws::S3
|
|
672
686
|
# })
|
673
687
|
# @param [Hash] options ({})
|
674
688
|
# @option options [String] :acl
|
675
|
-
# The canned ACL to apply to the object.
|
689
|
+
# The canned ACL to apply to the object. For more information, see
|
690
|
+
# [Canned ACL][1].
|
691
|
+
#
|
692
|
+
#
|
693
|
+
#
|
694
|
+
# [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#CannedACL
|
676
695
|
# @option options [String, IO] :body
|
677
696
|
# Object data.
|
678
697
|
# @option options [String] :cache_control
|
679
|
-
#
|
698
|
+
# Can be used to specify caching behavior along the request/reply chain.
|
699
|
+
# For more information, see
|
700
|
+
# [http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.9][1].
|
701
|
+
#
|
702
|
+
#
|
703
|
+
#
|
704
|
+
# [1]: http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.9
|
680
705
|
# @option options [String] :content_disposition
|
681
|
-
# Specifies presentational information for the object.
|
706
|
+
# Specifies presentational information for the object. For more
|
707
|
+
# information, see
|
708
|
+
# [http://www.w3.org/Protocols/rfc2616/rfc2616-sec19.html#sec19.5.1][1].
|
709
|
+
#
|
710
|
+
#
|
711
|
+
#
|
712
|
+
# [1]: http://www.w3.org/Protocols/rfc2616/rfc2616-sec19.html#sec19.5.1
|
682
713
|
# @option options [String] :content_encoding
|
683
714
|
# Specifies what content encodings have been applied to the object and
|
684
715
|
# thus what decoding mechanisms must be applied to obtain the media-type
|
685
|
-
# referenced by the Content-Type header field.
|
716
|
+
# referenced by the Content-Type header field. For more information, see
|
717
|
+
# [http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.11][1].
|
718
|
+
#
|
719
|
+
#
|
720
|
+
#
|
721
|
+
# [1]: http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.11
|
686
722
|
# @option options [String] :content_language
|
687
723
|
# The language the content is in.
|
688
724
|
# @option options [Integer] :content_length
|
689
725
|
# Size of the body in bytes. This parameter is useful when the size of
|
690
|
-
# the body cannot be determined automatically.
|
726
|
+
# the body cannot be determined automatically. For more information, see
|
727
|
+
# [http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.13][1].
|
728
|
+
#
|
729
|
+
#
|
730
|
+
#
|
731
|
+
# [1]: http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.13
|
691
732
|
# @option options [String] :content_md5
|
692
|
-
# The base64-encoded 128-bit MD5 digest of the
|
693
|
-
#
|
733
|
+
# The base64-encoded 128-bit MD5 digest of the message (without the
|
734
|
+
# headers) according to RFC 1864. This header can be used as a message
|
735
|
+
# integrity check to verify that the data is the same data that was
|
736
|
+
# originally sent. Although it is optional, we recommend using the
|
737
|
+
# Content-MD5 mechanism as an end-to-end integrity check. For more
|
738
|
+
# information about REST request authentication, see [REST
|
739
|
+
# Authentication][1].
|
740
|
+
#
|
741
|
+
#
|
742
|
+
#
|
743
|
+
# [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/RESTAuthentication.html
|
694
744
|
# @option options [String] :content_type
|
695
|
-
# A standard MIME type describing the format of the
|
745
|
+
# A standard MIME type describing the format of the contents. For more
|
746
|
+
# information, see
|
747
|
+
# [http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.17][1].
|
748
|
+
#
|
749
|
+
#
|
750
|
+
#
|
751
|
+
# [1]: http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.17
|
696
752
|
# @option options [Time,DateTime,Date,Integer,String] :expires
|
697
|
-
# The date and time at which the object is no longer cacheable.
|
753
|
+
# The date and time at which the object is no longer cacheable. For more
|
754
|
+
# information, see
|
755
|
+
# [http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.21][1].
|
756
|
+
#
|
757
|
+
#
|
758
|
+
#
|
759
|
+
# [1]: http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.21
|
698
760
|
# @option options [String] :grant_full_control
|
699
761
|
# Gives the grantee READ, READ\_ACP, and WRITE\_ACP permissions on the
|
700
762
|
# object.
|
@@ -710,11 +772,32 @@ module Aws::S3
|
|
710
772
|
# The Server-side encryption algorithm used when storing this object in
|
711
773
|
# S3 (e.g., AES256, aws:kms).
|
712
774
|
# @option options [String] :storage_class
|
713
|
-
#
|
775
|
+
# If you don't specify, Standard is the default storage class. Amazon
|
776
|
+
# S3 supports other storage classes.
|
714
777
|
# @option options [String] :website_redirect_location
|
715
778
|
# If the bucket is configured as a website, redirects requests for this
|
716
779
|
# object to another object in the same bucket or to an external URL.
|
717
|
-
# Amazon S3 stores the value of this header in the object metadata.
|
780
|
+
# Amazon S3 stores the value of this header in the object metadata. For
|
781
|
+
# information about object metadata, see .
|
782
|
+
#
|
783
|
+
# In the following example, the request header sets the redirect to an
|
784
|
+
# object (anotherPage.html) in the same bucket:
|
785
|
+
#
|
786
|
+
# `x-amz-website-redirect-location: /anotherPage.html`
|
787
|
+
#
|
788
|
+
# In the following example, the request header sets the object redirect
|
789
|
+
# to another website:
|
790
|
+
#
|
791
|
+
# `x-amz-website-redirect-location: http://www.example.com/`
|
792
|
+
#
|
793
|
+
# For more information about website hosting in Amazon S3, see [Hosting
|
794
|
+
# Websites on Amazon S3][1] and [How to Configure Website Page
|
795
|
+
# Redirects][2].
|
796
|
+
#
|
797
|
+
#
|
798
|
+
#
|
799
|
+
# [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/WebsiteHosting.html
|
800
|
+
# [2]: https://docs.aws.amazon.com/AmazonS3/latest/dev/how-to-page-redirect.html
|
718
801
|
# @option options [String] :sse_customer_algorithm
|
719
802
|
# Specifies the algorithm to use to when encrypting the object (e.g.,
|
720
803
|
# AES256).
|
@@ -729,11 +812,20 @@ module Aws::S3
|
|
729
812
|
# RFC 1321. Amazon S3 uses this header for a message integrity check to
|
730
813
|
# ensure the encryption key was transmitted without error.
|
731
814
|
# @option options [String] :ssekms_key_id
|
732
|
-
#
|
733
|
-
#
|
734
|
-
#
|
735
|
-
#
|
736
|
-
#
|
815
|
+
# If the x-amz-server-side-encryption is present and has the value of
|
816
|
+
# aws:kms, this header specifies the ID of the AWS Key Management
|
817
|
+
# Service (AWS KMS) customer master key (CMK) that was used for the
|
818
|
+
# object.
|
819
|
+
#
|
820
|
+
# If the value of x-amz-server-side-encryption is aws:kms, this header
|
821
|
+
# specifies the ID of the AWS KMS CMK that will be used for the object.
|
822
|
+
# If you specify x-amz-server-side-encryption:aws:kms, but do not
|
823
|
+
# provide x-amz-server-side-encryption-aws-kms-key-id, Amazon S3 uses
|
824
|
+
# the AWS managed CMK in AWS to protect the data.
|
825
|
+
# @option options [String] :ssekms_encryption_context
|
826
|
+
# Specifies the AWS KMS Encryption Context to use for object encryption.
|
827
|
+
# The value of this header is a base64-encoded UTF-8 string holding JSON
|
828
|
+
# with the encryption context key-value pairs.
|
737
829
|
# @option options [String] :request_payer
|
738
830
|
# Confirms that the requester knows that she or he will be charged for
|
739
831
|
# the request. Bucket owners need not specify this parameter in their
|
@@ -748,7 +840,12 @@ module Aws::S3
|
|
748
840
|
# @option options [Time,DateTime,Date,Integer,String] :object_lock_retain_until_date
|
749
841
|
# The date and time when you want this object's Object Lock to expire.
|
750
842
|
# @option options [String] :object_lock_legal_hold_status
|
751
|
-
#
|
843
|
+
# Specifies whether a legal hold will be applied to this object. For
|
844
|
+
# more information about S3 Object Lock, see [Object Lock][1].
|
845
|
+
#
|
846
|
+
#
|
847
|
+
#
|
848
|
+
# [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock.html
|
752
849
|
# @return [Types::PutObjectOutput]
|
753
850
|
def put(options = {})
|
754
851
|
options = options.merge(
|
@@ -848,6 +945,7 @@ module Aws::S3
|
|
848
945
|
# })
|
849
946
|
# @param [Hash] options ({})
|
850
947
|
# @option options [String] :version_id
|
948
|
+
# VersionId used to reference a specific version of the object.
|
851
949
|
# @option options [Types::RestoreRequest] :restore_request
|
852
950
|
# Container for restore job parameters.
|
853
951
|
# @option options [String] :request_payer
|
@@ -990,6 +1088,8 @@ module Aws::S3
|
|
990
1088
|
# @option options [String] :mfa
|
991
1089
|
# The concatenation of the authentication device's serial number, a
|
992
1090
|
# space, and the value that is displayed on your authentication device.
|
1091
|
+
# Required to permanently delete a versioned object if versioning is
|
1092
|
+
# configured with MFA Delete enabled.
|
993
1093
|
# @option options [String] :request_payer
|
994
1094
|
# Confirms that the requester knows that she or he will be charged for
|
995
1095
|
# the request. Bucket owners need not specify this parameter in their
|
@@ -46,7 +46,7 @@ module Aws::S3
|
|
46
46
|
@id
|
47
47
|
end
|
48
48
|
|
49
|
-
|
49
|
+
# The entity tag is an MD5 hash of that version of the object
|
50
50
|
# @return [String]
|
51
51
|
def etag
|
52
52
|
data[:etag]
|
@@ -89,7 +89,7 @@ module Aws::S3
|
|
89
89
|
data[:last_modified]
|
90
90
|
end
|
91
91
|
|
92
|
-
|
92
|
+
# Specifies the Owner of the object.
|
93
93
|
# @return [Types::Owner]
|
94
94
|
def owner
|
95
95
|
data[:owner]
|
@@ -233,6 +233,8 @@ module Aws::S3
|
|
233
233
|
# @option options [String] :mfa
|
234
234
|
# The concatenation of the authentication device's serial number, a
|
235
235
|
# space, and the value that is displayed on your authentication device.
|
236
|
+
# Required to permanently delete a versionedobject if versioning is
|
237
|
+
# configured with MFA Deleteenabled.
|
236
238
|
# @option options [String] :request_payer
|
237
239
|
# Confirms that the requester knows that she or he will be charged for
|
238
240
|
# the request. Bucket owners need not specify this parameter in their
|
@@ -475,6 +477,8 @@ module Aws::S3
|
|
475
477
|
# @option options [String] :mfa
|
476
478
|
# The concatenation of the authentication device's serial number, a
|
477
479
|
# space, and the value that is displayed on your authentication device.
|
480
|
+
# Required to permanently delete a versioned object if versioning is
|
481
|
+
# configured with MFA Delete enabled.
|
478
482
|
# @option options [String] :request_payer
|
479
483
|
# Confirms that the requester knows that she or he will be charged for
|
480
484
|
# the request. Bucket owners need not specify this parameter in their
|
@@ -0,0 +1,59 @@
|
|
1
|
+
module Aws
|
2
|
+
module S3
|
3
|
+
module Plugins
|
4
|
+
|
5
|
+
class IADRegionalEndpoint < Seahorse::Client::Plugin
|
6
|
+
|
7
|
+
option(:s3_us_east_1_regional_endpoint,
|
8
|
+
default: 'legacy',
|
9
|
+
doc_type: String,
|
10
|
+
docstring: <<-DOCS) do |cfg|
|
11
|
+
Passing in `regional` to enable regional endpoint for S3's `us-east-1`
|
12
|
+
region. Defaults to `legacy` mode using global endpoint.
|
13
|
+
DOCS
|
14
|
+
resolve_iad_regional_endpoint(cfg)
|
15
|
+
end
|
16
|
+
|
17
|
+
def add_handlers(handlers, config)
|
18
|
+
if config.region == 'us-east-1'
|
19
|
+
handlers.add(Handler)
|
20
|
+
end
|
21
|
+
end
|
22
|
+
|
23
|
+
# @api private
|
24
|
+
class Handler < Seahorse::Client::Handler
|
25
|
+
|
26
|
+
def call(context)
|
27
|
+
# keep legacy global endpoint pattern by default
|
28
|
+
if context.config.s3_us_east_1_regional_endpoint == 'legacy'
|
29
|
+
context.http_request.endpoint.host = IADRegionalEndpoint.legacy_host(
|
30
|
+
context.http_request.endpoint.host)
|
31
|
+
end
|
32
|
+
@handler.call(context)
|
33
|
+
end
|
34
|
+
|
35
|
+
end
|
36
|
+
|
37
|
+
def self.legacy_host(host)
|
38
|
+
host.sub(".us-east-1", '')
|
39
|
+
end
|
40
|
+
|
41
|
+
private
|
42
|
+
|
43
|
+
def self.resolve_iad_regional_endpoint(cfg)
|
44
|
+
mode = ENV['AWS_S3_US_EAST_1_REGIONAL_ENDPOINT'] ||
|
45
|
+
Aws.shared_config.s3_us_east_1_regional_endpoint(profile: cfg.profile) ||
|
46
|
+
'legacy'
|
47
|
+
unless %w(legacy regional).include?(mode)
|
48
|
+
raise ArgumentError, "expected :s3_us_east_1_regional_endpoint or"\
|
49
|
+
" ENV['AWS_S3_US_EAST_1_REGIONAL_ENDPOINT'] to be `legacy` or"\
|
50
|
+
" `regional`."
|
51
|
+
end
|
52
|
+
mode
|
53
|
+
end
|
54
|
+
|
55
|
+
end
|
56
|
+
|
57
|
+
end
|
58
|
+
end
|
59
|
+
end
|
@@ -1,5 +1,4 @@
|
|
1
1
|
require 'openssl'
|
2
|
-
require 'base64'
|
3
2
|
|
4
3
|
module Aws
|
5
4
|
module S3
|
@@ -37,13 +36,13 @@ module Aws
|
|
37
36
|
# @return [String<MD5>]
|
38
37
|
def md5(value)
|
39
38
|
if (File === value || Tempfile === value) && !value.path.nil? && File.exist?(value.path)
|
40
|
-
|
39
|
+
OpenSSL::Digest::MD5.file(value).base64digest
|
41
40
|
elsif value.respond_to?(:read)
|
42
41
|
md5 = OpenSSL::Digest::MD5.new
|
43
42
|
update_in_chunks(md5, value)
|
44
|
-
|
43
|
+
md5.base64digest
|
45
44
|
else
|
46
|
-
|
45
|
+
OpenSSL::Digest::MD5.digest(value).base64digest
|
47
46
|
end
|
48
47
|
end
|
49
48
|
|
data/lib/aws-sdk-s3/presigner.rb
CHANGED
@@ -16,6 +16,25 @@ module Aws
|
|
16
16
|
# @api private
|
17
17
|
FIFTEEN_MINUTES = 60 * 15
|
18
18
|
|
19
|
+
BLACKLISTED_HEADERS = [
|
20
|
+
'accept',
|
21
|
+
'cache-control',
|
22
|
+
'content-length', # due to a ELB bug
|
23
|
+
'expect',
|
24
|
+
'from',
|
25
|
+
'if-match',
|
26
|
+
'if-none-match',
|
27
|
+
'if-modified-since',
|
28
|
+
'if-unmodified-since',
|
29
|
+
'if-range',
|
30
|
+
'max-forwards',
|
31
|
+
'pragma',
|
32
|
+
'proxy-authorization',
|
33
|
+
'referer',
|
34
|
+
'te',
|
35
|
+
'user-agent'
|
36
|
+
].freeze
|
37
|
+
|
19
38
|
# @option options [Client] :client Optionally provide an existing
|
20
39
|
# S3 client
|
21
40
|
def initialize(options = {})
|
@@ -31,6 +50,9 @@ module Aws
|
|
31
50
|
# attempts to set this value to greater than one week (604800) will
|
32
51
|
# raise an exception.
|
33
52
|
#
|
53
|
+
# @option params [Time] :time (Time.now) The starting time for when the
|
54
|
+
# presigned url becomes active.
|
55
|
+
#
|
34
56
|
# @option params [Boolean] :secure (true) When `false`, a HTTP URL
|
35
57
|
# is returned instead of the default HTTPS URL.
|
36
58
|
#
|
@@ -38,8 +60,15 @@ module Aws
|
|
38
60
|
# bucket name will be used as the hostname. This will cause
|
39
61
|
# the returned URL to be 'http' and not 'https'.
|
40
62
|
#
|
41
|
-
# @option params [Boolean] :use_accelerate_endpoint (false) When `true`,
|
42
|
-
# will attempt to use accelerated endpoint
|
63
|
+
# @option params [Boolean] :use_accelerate_endpoint (false) When `true`,
|
64
|
+
# Presigner will attempt to use accelerated endpoint.
|
65
|
+
#
|
66
|
+
# @option params [Array<String>] :whitelist_headers ([]) Additional
|
67
|
+
# headers to be included for the signed request. Certain headers beyond
|
68
|
+
# the authorization header could, in theory, be changed for various
|
69
|
+
# reasons (including but not limited to proxies) while in transit and
|
70
|
+
# after signing. This would lead to signature errors being returned,
|
71
|
+
# despite no actual problems with signing. (see BLACKLISTED_HEADERS)
|
43
72
|
#
|
44
73
|
# @raise [ArgumentError] Raises an ArgumentError if `:expires_in`
|
45
74
|
# exceeds one week.
|
@@ -49,11 +78,15 @@ module Aws
|
|
49
78
|
raise ArgumentError, ":key must not be blank"
|
50
79
|
end
|
51
80
|
virtual_host = !!params.delete(:virtual_host)
|
81
|
+
time = params.delete(:time)
|
82
|
+
whitelisted_headers = params.delete(:whitelist_headers) || []
|
83
|
+
unsigned_headers = BLACKLISTED_HEADERS - whitelisted_headers
|
52
84
|
scheme = http_scheme(params, virtual_host)
|
53
85
|
|
54
86
|
req = @client.build_request(method, params)
|
55
87
|
use_bucket_as_hostname(req) if virtual_host
|
56
|
-
|
88
|
+
|
89
|
+
sign_but_dont_send(req, expires_in(params), scheme, time, unsigned_headers)
|
57
90
|
req.send_request.data
|
58
91
|
end
|
59
92
|
|
@@ -68,7 +101,7 @@ module Aws
|
|
68
101
|
end
|
69
102
|
|
70
103
|
def expires_in(params)
|
71
|
-
if expires_in = params.delete(:expires_in)
|
104
|
+
if (expires_in = params.delete(:expires_in))
|
72
105
|
if expires_in > ONE_WEEK
|
73
106
|
msg = "expires_in value of #{expires_in} exceeds one-week maximum"
|
74
107
|
raise ArgumentError, msg
|
@@ -92,17 +125,16 @@ module Aws
|
|
92
125
|
end
|
93
126
|
|
94
127
|
# @param [Seahorse::Client::Request] req
|
95
|
-
def sign_but_dont_send(req, expires_in, scheme)
|
96
|
-
|
128
|
+
def sign_but_dont_send(req, expires_in, scheme, time, unsigned_headers)
|
97
129
|
http_req = req.context.http_request
|
98
130
|
|
99
131
|
req.handlers.remove(Aws::S3::Plugins::S3Signer::LegacyHandler)
|
100
132
|
req.handlers.remove(Aws::S3::Plugins::S3Signer::V4Handler)
|
101
133
|
req.handlers.remove(Seahorse::Client::Plugins::ContentLength::Handler)
|
102
134
|
|
103
|
-
signer = build_signer(req.context.config)
|
104
|
-
req.context[:presigned_url] = true
|
135
|
+
signer = build_signer(req.context.config, unsigned_headers)
|
105
136
|
|
137
|
+
req.context[:presigned_url] = true
|
106
138
|
req.handle(step: :send) do |context|
|
107
139
|
|
108
140
|
if scheme != http_req.endpoint.scheme
|
@@ -128,41 +160,23 @@ module Aws
|
|
128
160
|
url: http_req.endpoint,
|
129
161
|
headers: http_req.headers,
|
130
162
|
body_digest: 'UNSIGNED-PAYLOAD',
|
131
|
-
expires_in: expires_in
|
163
|
+
expires_in: expires_in,
|
164
|
+
time: time
|
132
165
|
).to_s
|
133
166
|
|
134
167
|
Seahorse::Client::Response.new(context: context, data: url)
|
135
168
|
end
|
136
169
|
end
|
137
170
|
|
138
|
-
def build_signer(cfg)
|
171
|
+
def build_signer(cfg, unsigned_headers)
|
139
172
|
Aws::Sigv4::Signer.new(
|
140
173
|
service: 's3',
|
141
174
|
region: cfg.region,
|
142
175
|
credentials_provider: cfg.credentials,
|
143
|
-
unsigned_headers:
|
144
|
-
'cache-control',
|
145
|
-
'content-length', # due to a ELB bug
|
146
|
-
'expect',
|
147
|
-
'max-forwards',
|
148
|
-
'pragma',
|
149
|
-
'te',
|
150
|
-
'if-match',
|
151
|
-
'if-none-match',
|
152
|
-
'if-modified-since',
|
153
|
-
'if-unmodified-since',
|
154
|
-
'if-range',
|
155
|
-
'accept',
|
156
|
-
'proxy-authorization',
|
157
|
-
'from',
|
158
|
-
'referer',
|
159
|
-
'user-agent',
|
160
|
-
'x-amzn-trace-id'
|
161
|
-
],
|
176
|
+
unsigned_headers: unsigned_headers,
|
162
177
|
uri_escape_path: false
|
163
178
|
)
|
164
179
|
end
|
165
|
-
|
166
180
|
end
|
167
181
|
end
|
168
182
|
end
|
data/lib/aws-sdk-s3/resource.rb
CHANGED
@@ -40,7 +40,9 @@ module Aws::S3
|
|
40
40
|
# @option options [String] :acl
|
41
41
|
# The canned ACL to apply to the bucket.
|
42
42
|
# @option options [required, String] :bucket
|
43
|
+
# The name of the bucket to create.
|
43
44
|
# @option options [Types::CreateBucketConfiguration] :create_bucket_configuration
|
45
|
+
# The configuration information for the bucket.
|
44
46
|
# @option options [String] :grant_full_control
|
45
47
|
# Allows grantee the read, write, read ACP, and write ACP permissions on
|
46
48
|
# the bucket.
|