aws-sdk-s3 1.36.1 → 1.56.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/aws-sdk-s3/bucket.rb +158 -34
- data/lib/aws-sdk-s3/bucket_acl.rb +10 -1
- data/lib/aws-sdk-s3/bucket_cors.rb +17 -1
- data/lib/aws-sdk-s3/bucket_lifecycle.rb +1 -1
- data/lib/aws-sdk-s3/bucket_lifecycle_configuration.rb +2 -1
- data/lib/aws-sdk-s3/bucket_logging.rb +10 -3
- data/lib/aws-sdk-s3/bucket_notification.rb +6 -3
- data/lib/aws-sdk-s3/bucket_policy.rb +1 -0
- data/lib/aws-sdk-s3/bucket_request_payment.rb +9 -0
- data/lib/aws-sdk-s3/bucket_tagging.rb +9 -1
- data/lib/aws-sdk-s3/bucket_versioning.rb +25 -0
- data/lib/aws-sdk-s3/bucket_website.rb +14 -4
- data/lib/aws-sdk-s3/client.rb +4636 -301
- data/lib/aws-sdk-s3/client_api.rb +22 -0
- data/lib/aws-sdk-s3/customizations/bucket.rb +4 -0
- data/lib/aws-sdk-s3/customizations/object.rb +65 -43
- data/lib/aws-sdk-s3/encryption/client.rb +4 -0
- data/lib/aws-sdk-s3/event_streams.rb +7 -7
- data/lib/aws-sdk-s3/file_part.rb +9 -6
- data/lib/aws-sdk-s3/file_uploader.rb +13 -12
- data/lib/aws-sdk-s3/multipart_file_uploader.rb +14 -11
- data/lib/aws-sdk-s3/multipart_upload.rb +3 -1
- data/lib/aws-sdk-s3/multipart_upload_part.rb +3 -1
- data/lib/aws-sdk-s3/object.rb +205 -32
- data/lib/aws-sdk-s3/object_acl.rb +17 -2
- data/lib/aws-sdk-s3/object_summary.rb +125 -25
- data/lib/aws-sdk-s3/object_version.rb +6 -2
- data/lib/aws-sdk-s3/plugins/iad_regional_endpoint.rb +59 -0
- data/lib/aws-sdk-s3/plugins/md5s.rb +3 -4
- data/lib/aws-sdk-s3/plugins/s3_signer.rb +2 -0
- data/lib/aws-sdk-s3/presigned_post.rb +4 -0
- data/lib/aws-sdk-s3/presigner.rb +44 -30
- data/lib/aws-sdk-s3/resource.rb +2 -0
- data/lib/aws-sdk-s3/types.rb +2460 -430
- data/lib/aws-sdk-s3.rb +1 -1
- metadata +7 -6
@@ -38,19 +38,20 @@ module Aws::S3
|
|
38
38
|
@key
|
39
39
|
end
|
40
40
|
|
41
|
-
|
41
|
+
# The date the Object was Last Modified
|
42
42
|
# @return [Time]
|
43
43
|
def last_modified
|
44
44
|
data[:last_modified]
|
45
45
|
end
|
46
46
|
|
47
|
-
|
47
|
+
# The entity tag is an MD5 hash of the object. ETag reflects only
|
48
|
+
# changes to the contents of an object, not its metadata.
|
48
49
|
# @return [String]
|
49
50
|
def etag
|
50
51
|
data[:etag]
|
51
52
|
end
|
52
53
|
|
53
|
-
|
54
|
+
# Size in bytes of the object
|
54
55
|
# @return [Integer]
|
55
56
|
def size
|
56
57
|
data[:size]
|
@@ -62,7 +63,7 @@ module Aws::S3
|
|
62
63
|
data[:storage_class]
|
63
64
|
end
|
64
65
|
|
65
|
-
|
66
|
+
# The owner of the object
|
66
67
|
# @return [Types::Owner]
|
67
68
|
def owner
|
68
69
|
data[:owner]
|
@@ -118,10 +119,10 @@ module Aws::S3
|
|
118
119
|
# @option options [Proc] :before_attempt
|
119
120
|
# @option options [Proc] :before_wait
|
120
121
|
# @return [ObjectSummary]
|
121
|
-
def wait_until_exists(options = {})
|
122
|
+
def wait_until_exists(options = {}, &block)
|
122
123
|
options, params = separate_params_and_options(options)
|
123
124
|
waiter = Waiters::ObjectExists.new(options)
|
124
|
-
yield_waiter_and_warn(waiter, &
|
125
|
+
yield_waiter_and_warn(waiter, &block) if block_given?
|
125
126
|
waiter.wait(params.merge(bucket: @bucket_name,
|
126
127
|
key: @key))
|
127
128
|
ObjectSummary.new({
|
@@ -137,10 +138,10 @@ module Aws::S3
|
|
137
138
|
# @option options [Proc] :before_attempt
|
138
139
|
# @option options [Proc] :before_wait
|
139
140
|
# @return [ObjectSummary]
|
140
|
-
def wait_until_not_exists(options = {})
|
141
|
+
def wait_until_not_exists(options = {}, &block)
|
141
142
|
options, params = separate_params_and_options(options)
|
142
143
|
waiter = Waiters::ObjectNotExists.new(options)
|
143
|
-
yield_waiter_and_warn(waiter, &
|
144
|
+
yield_waiter_and_warn(waiter, &block) if block_given?
|
144
145
|
waiter.wait(params.merge(bucket: @bucket_name,
|
145
146
|
key: @key))
|
146
147
|
ObjectSummary.new({
|
@@ -278,6 +279,7 @@ module Aws::S3
|
|
278
279
|
# sse_customer_key: "SSECustomerKey",
|
279
280
|
# sse_customer_key_md5: "SSECustomerKeyMD5",
|
280
281
|
# ssekms_key_id: "SSEKMSKeyId",
|
282
|
+
# ssekms_encryption_context: "SSEKMSEncryptionContext",
|
281
283
|
# copy_source_sse_customer_algorithm: "CopySourceSSECustomerAlgorithm",
|
282
284
|
# copy_source_sse_customer_key: "CopySourceSSECustomerKey",
|
283
285
|
# copy_source_sse_customer_key_md5: "CopySourceSSECustomerKeyMD5",
|
@@ -362,6 +364,10 @@ module Aws::S3
|
|
362
364
|
# via SSL or using SigV4. Documentation on configuring any of the
|
363
365
|
# officially supported AWS SDKs and CLI can be found at
|
364
366
|
# http://docs.aws.amazon.com/AmazonS3/latest/dev/UsingAWSSDK.html#specify-signature-version
|
367
|
+
# @option options [String] :ssekms_encryption_context
|
368
|
+
# Specifies the AWS KMS Encryption Context to use for object encryption.
|
369
|
+
# The value of this header is a base64-encoded UTF-8 string holding JSON
|
370
|
+
# with the encryption context key-value pairs.
|
365
371
|
# @option options [String] :copy_source_sse_customer_algorithm
|
366
372
|
# Specifies the algorithm to use when decrypting the source object
|
367
373
|
# (e.g., AES256).
|
@@ -412,6 +418,8 @@ module Aws::S3
|
|
412
418
|
# @option options [String] :mfa
|
413
419
|
# The concatenation of the authentication device's serial number, a
|
414
420
|
# space, and the value that is displayed on your authentication device.
|
421
|
+
# Required to permanently delete a versionedobject if versioning is
|
422
|
+
# configured with MFA Deleteenabled.
|
415
423
|
# @option options [String] :version_id
|
416
424
|
# VersionId used to reference a specific version of the object.
|
417
425
|
# @option options [String] :request_payer
|
@@ -543,6 +551,7 @@ module Aws::S3
|
|
543
551
|
# sse_customer_key: "SSECustomerKey",
|
544
552
|
# sse_customer_key_md5: "SSECustomerKeyMD5",
|
545
553
|
# ssekms_key_id: "SSEKMSKeyId",
|
554
|
+
# ssekms_encryption_context: "SSEKMSEncryptionContext",
|
546
555
|
# request_payer: "requester", # accepts requester
|
547
556
|
# tagging: "TaggingHeader",
|
548
557
|
# object_lock_mode: "GOVERNANCE", # accepts GOVERNANCE, COMPLIANCE
|
@@ -605,6 +614,10 @@ module Aws::S3
|
|
605
614
|
# via SSL or using SigV4. Documentation on configuring any of the
|
606
615
|
# officially supported AWS SDKs and CLI can be found at
|
607
616
|
# http://docs.aws.amazon.com/AmazonS3/latest/dev/UsingAWSSDK.html#specify-signature-version
|
617
|
+
# @option options [String] :ssekms_encryption_context
|
618
|
+
# Specifies the AWS KMS Encryption Context to use for object encryption.
|
619
|
+
# The value of this header is a base64-encoded UTF-8 string holding JSON
|
620
|
+
# with the encryption context key-value pairs.
|
608
621
|
# @option options [String] :request_payer
|
609
622
|
# Confirms that the requester knows that she or he will be charged for
|
610
623
|
# the request. Bucket owners need not specify this parameter in their
|
@@ -664,6 +677,7 @@ module Aws::S3
|
|
664
677
|
# sse_customer_key: "SSECustomerKey",
|
665
678
|
# sse_customer_key_md5: "SSECustomerKeyMD5",
|
666
679
|
# ssekms_key_id: "SSEKMSKeyId",
|
680
|
+
# ssekms_encryption_context: "SSEKMSEncryptionContext",
|
667
681
|
# request_payer: "requester", # accepts requester
|
668
682
|
# tagging: "TaggingHeader",
|
669
683
|
# object_lock_mode: "GOVERNANCE", # accepts GOVERNANCE, COMPLIANCE
|
@@ -672,29 +686,77 @@ module Aws::S3
|
|
672
686
|
# })
|
673
687
|
# @param [Hash] options ({})
|
674
688
|
# @option options [String] :acl
|
675
|
-
# The canned ACL to apply to the object.
|
689
|
+
# The canned ACL to apply to the object. For more information, see
|
690
|
+
# [Canned ACL][1].
|
691
|
+
#
|
692
|
+
#
|
693
|
+
#
|
694
|
+
# [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#CannedACL
|
676
695
|
# @option options [String, IO] :body
|
677
696
|
# Object data.
|
678
697
|
# @option options [String] :cache_control
|
679
|
-
#
|
698
|
+
# Can be used to specify caching behavior along the request/reply chain.
|
699
|
+
# For more information, see
|
700
|
+
# [http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.9][1].
|
701
|
+
#
|
702
|
+
#
|
703
|
+
#
|
704
|
+
# [1]: http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.9
|
680
705
|
# @option options [String] :content_disposition
|
681
|
-
# Specifies presentational information for the object.
|
706
|
+
# Specifies presentational information for the object. For more
|
707
|
+
# information, see
|
708
|
+
# [http://www.w3.org/Protocols/rfc2616/rfc2616-sec19.html#sec19.5.1][1].
|
709
|
+
#
|
710
|
+
#
|
711
|
+
#
|
712
|
+
# [1]: http://www.w3.org/Protocols/rfc2616/rfc2616-sec19.html#sec19.5.1
|
682
713
|
# @option options [String] :content_encoding
|
683
714
|
# Specifies what content encodings have been applied to the object and
|
684
715
|
# thus what decoding mechanisms must be applied to obtain the media-type
|
685
|
-
# referenced by the Content-Type header field.
|
716
|
+
# referenced by the Content-Type header field. For more information, see
|
717
|
+
# [http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.11][1].
|
718
|
+
#
|
719
|
+
#
|
720
|
+
#
|
721
|
+
# [1]: http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.11
|
686
722
|
# @option options [String] :content_language
|
687
723
|
# The language the content is in.
|
688
724
|
# @option options [Integer] :content_length
|
689
725
|
# Size of the body in bytes. This parameter is useful when the size of
|
690
|
-
# the body cannot be determined automatically.
|
726
|
+
# the body cannot be determined automatically. For more information, see
|
727
|
+
# [http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.13][1].
|
728
|
+
#
|
729
|
+
#
|
730
|
+
#
|
731
|
+
# [1]: http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.13
|
691
732
|
# @option options [String] :content_md5
|
692
|
-
# The base64-encoded 128-bit MD5 digest of the
|
693
|
-
#
|
733
|
+
# The base64-encoded 128-bit MD5 digest of the message (without the
|
734
|
+
# headers) according to RFC 1864. This header can be used as a message
|
735
|
+
# integrity check to verify that the data is the same data that was
|
736
|
+
# originally sent. Although it is optional, we recommend using the
|
737
|
+
# Content-MD5 mechanism as an end-to-end integrity check. For more
|
738
|
+
# information about REST request authentication, see [REST
|
739
|
+
# Authentication][1].
|
740
|
+
#
|
741
|
+
#
|
742
|
+
#
|
743
|
+
# [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/RESTAuthentication.html
|
694
744
|
# @option options [String] :content_type
|
695
|
-
# A standard MIME type describing the format of the
|
745
|
+
# A standard MIME type describing the format of the contents. For more
|
746
|
+
# information, see
|
747
|
+
# [http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.17][1].
|
748
|
+
#
|
749
|
+
#
|
750
|
+
#
|
751
|
+
# [1]: http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.17
|
696
752
|
# @option options [Time,DateTime,Date,Integer,String] :expires
|
697
|
-
# The date and time at which the object is no longer cacheable.
|
753
|
+
# The date and time at which the object is no longer cacheable. For more
|
754
|
+
# information, see
|
755
|
+
# [http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.21][1].
|
756
|
+
#
|
757
|
+
#
|
758
|
+
#
|
759
|
+
# [1]: http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.21
|
698
760
|
# @option options [String] :grant_full_control
|
699
761
|
# Gives the grantee READ, READ\_ACP, and WRITE\_ACP permissions on the
|
700
762
|
# object.
|
@@ -710,11 +772,32 @@ module Aws::S3
|
|
710
772
|
# The Server-side encryption algorithm used when storing this object in
|
711
773
|
# S3 (e.g., AES256, aws:kms).
|
712
774
|
# @option options [String] :storage_class
|
713
|
-
#
|
775
|
+
# If you don't specify, Standard is the default storage class. Amazon
|
776
|
+
# S3 supports other storage classes.
|
714
777
|
# @option options [String] :website_redirect_location
|
715
778
|
# If the bucket is configured as a website, redirects requests for this
|
716
779
|
# object to another object in the same bucket or to an external URL.
|
717
|
-
# Amazon S3 stores the value of this header in the object metadata.
|
780
|
+
# Amazon S3 stores the value of this header in the object metadata. For
|
781
|
+
# information about object metadata, see .
|
782
|
+
#
|
783
|
+
# In the following example, the request header sets the redirect to an
|
784
|
+
# object (anotherPage.html) in the same bucket:
|
785
|
+
#
|
786
|
+
# `x-amz-website-redirect-location: /anotherPage.html`
|
787
|
+
#
|
788
|
+
# In the following example, the request header sets the object redirect
|
789
|
+
# to another website:
|
790
|
+
#
|
791
|
+
# `x-amz-website-redirect-location: http://www.example.com/`
|
792
|
+
#
|
793
|
+
# For more information about website hosting in Amazon S3, see [Hosting
|
794
|
+
# Websites on Amazon S3][1] and [How to Configure Website Page
|
795
|
+
# Redirects][2].
|
796
|
+
#
|
797
|
+
#
|
798
|
+
#
|
799
|
+
# [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/WebsiteHosting.html
|
800
|
+
# [2]: https://docs.aws.amazon.com/AmazonS3/latest/dev/how-to-page-redirect.html
|
718
801
|
# @option options [String] :sse_customer_algorithm
|
719
802
|
# Specifies the algorithm to use to when encrypting the object (e.g.,
|
720
803
|
# AES256).
|
@@ -729,11 +812,20 @@ module Aws::S3
|
|
729
812
|
# RFC 1321. Amazon S3 uses this header for a message integrity check to
|
730
813
|
# ensure the encryption key was transmitted without error.
|
731
814
|
# @option options [String] :ssekms_key_id
|
732
|
-
#
|
733
|
-
#
|
734
|
-
#
|
735
|
-
#
|
736
|
-
#
|
815
|
+
# If the x-amz-server-side-encryption is present and has the value of
|
816
|
+
# aws:kms, this header specifies the ID of the AWS Key Management
|
817
|
+
# Service (AWS KMS) customer master key (CMK) that was used for the
|
818
|
+
# object.
|
819
|
+
#
|
820
|
+
# If the value of x-amz-server-side-encryption is aws:kms, this header
|
821
|
+
# specifies the ID of the AWS KMS CMK that will be used for the object.
|
822
|
+
# If you specify x-amz-server-side-encryption:aws:kms, but do not
|
823
|
+
# provide x-amz-server-side-encryption-aws-kms-key-id, Amazon S3 uses
|
824
|
+
# the AWS managed CMK in AWS to protect the data.
|
825
|
+
# @option options [String] :ssekms_encryption_context
|
826
|
+
# Specifies the AWS KMS Encryption Context to use for object encryption.
|
827
|
+
# The value of this header is a base64-encoded UTF-8 string holding JSON
|
828
|
+
# with the encryption context key-value pairs.
|
737
829
|
# @option options [String] :request_payer
|
738
830
|
# Confirms that the requester knows that she or he will be charged for
|
739
831
|
# the request. Bucket owners need not specify this parameter in their
|
@@ -748,7 +840,12 @@ module Aws::S3
|
|
748
840
|
# @option options [Time,DateTime,Date,Integer,String] :object_lock_retain_until_date
|
749
841
|
# The date and time when you want this object's Object Lock to expire.
|
750
842
|
# @option options [String] :object_lock_legal_hold_status
|
751
|
-
#
|
843
|
+
# Specifies whether a legal hold will be applied to this object. For
|
844
|
+
# more information about S3 Object Lock, see [Object Lock][1].
|
845
|
+
#
|
846
|
+
#
|
847
|
+
#
|
848
|
+
# [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock.html
|
752
849
|
# @return [Types::PutObjectOutput]
|
753
850
|
def put(options = {})
|
754
851
|
options = options.merge(
|
@@ -848,6 +945,7 @@ module Aws::S3
|
|
848
945
|
# })
|
849
946
|
# @param [Hash] options ({})
|
850
947
|
# @option options [String] :version_id
|
948
|
+
# VersionId used to reference a specific version of the object.
|
851
949
|
# @option options [Types::RestoreRequest] :restore_request
|
852
950
|
# Container for restore job parameters.
|
853
951
|
# @option options [String] :request_payer
|
@@ -990,6 +1088,8 @@ module Aws::S3
|
|
990
1088
|
# @option options [String] :mfa
|
991
1089
|
# The concatenation of the authentication device's serial number, a
|
992
1090
|
# space, and the value that is displayed on your authentication device.
|
1091
|
+
# Required to permanently delete a versioned object if versioning is
|
1092
|
+
# configured with MFA Delete enabled.
|
993
1093
|
# @option options [String] :request_payer
|
994
1094
|
# Confirms that the requester knows that she or he will be charged for
|
995
1095
|
# the request. Bucket owners need not specify this parameter in their
|
@@ -46,7 +46,7 @@ module Aws::S3
|
|
46
46
|
@id
|
47
47
|
end
|
48
48
|
|
49
|
-
|
49
|
+
# The entity tag is an MD5 hash of that version of the object
|
50
50
|
# @return [String]
|
51
51
|
def etag
|
52
52
|
data[:etag]
|
@@ -89,7 +89,7 @@ module Aws::S3
|
|
89
89
|
data[:last_modified]
|
90
90
|
end
|
91
91
|
|
92
|
-
|
92
|
+
# Specifies the Owner of the object.
|
93
93
|
# @return [Types::Owner]
|
94
94
|
def owner
|
95
95
|
data[:owner]
|
@@ -233,6 +233,8 @@ module Aws::S3
|
|
233
233
|
# @option options [String] :mfa
|
234
234
|
# The concatenation of the authentication device's serial number, a
|
235
235
|
# space, and the value that is displayed on your authentication device.
|
236
|
+
# Required to permanently delete a versionedobject if versioning is
|
237
|
+
# configured with MFA Deleteenabled.
|
236
238
|
# @option options [String] :request_payer
|
237
239
|
# Confirms that the requester knows that she or he will be charged for
|
238
240
|
# the request. Bucket owners need not specify this parameter in their
|
@@ -475,6 +477,8 @@ module Aws::S3
|
|
475
477
|
# @option options [String] :mfa
|
476
478
|
# The concatenation of the authentication device's serial number, a
|
477
479
|
# space, and the value that is displayed on your authentication device.
|
480
|
+
# Required to permanently delete a versioned object if versioning is
|
481
|
+
# configured with MFA Delete enabled.
|
478
482
|
# @option options [String] :request_payer
|
479
483
|
# Confirms that the requester knows that she or he will be charged for
|
480
484
|
# the request. Bucket owners need not specify this parameter in their
|
@@ -0,0 +1,59 @@
|
|
1
|
+
module Aws
|
2
|
+
module S3
|
3
|
+
module Plugins
|
4
|
+
|
5
|
+
class IADRegionalEndpoint < Seahorse::Client::Plugin
|
6
|
+
|
7
|
+
option(:s3_us_east_1_regional_endpoint,
|
8
|
+
default: 'legacy',
|
9
|
+
doc_type: String,
|
10
|
+
docstring: <<-DOCS) do |cfg|
|
11
|
+
Passing in `regional` to enable regional endpoint for S3's `us-east-1`
|
12
|
+
region. Defaults to `legacy` mode using global endpoint.
|
13
|
+
DOCS
|
14
|
+
resolve_iad_regional_endpoint(cfg)
|
15
|
+
end
|
16
|
+
|
17
|
+
def add_handlers(handlers, config)
|
18
|
+
if config.region == 'us-east-1'
|
19
|
+
handlers.add(Handler)
|
20
|
+
end
|
21
|
+
end
|
22
|
+
|
23
|
+
# @api private
|
24
|
+
class Handler < Seahorse::Client::Handler
|
25
|
+
|
26
|
+
def call(context)
|
27
|
+
# keep legacy global endpoint pattern by default
|
28
|
+
if context.config.s3_us_east_1_regional_endpoint == 'legacy'
|
29
|
+
context.http_request.endpoint.host = IADRegionalEndpoint.legacy_host(
|
30
|
+
context.http_request.endpoint.host)
|
31
|
+
end
|
32
|
+
@handler.call(context)
|
33
|
+
end
|
34
|
+
|
35
|
+
end
|
36
|
+
|
37
|
+
def self.legacy_host(host)
|
38
|
+
host.sub(".us-east-1", '')
|
39
|
+
end
|
40
|
+
|
41
|
+
private
|
42
|
+
|
43
|
+
def self.resolve_iad_regional_endpoint(cfg)
|
44
|
+
mode = ENV['AWS_S3_US_EAST_1_REGIONAL_ENDPOINT'] ||
|
45
|
+
Aws.shared_config.s3_us_east_1_regional_endpoint(profile: cfg.profile) ||
|
46
|
+
'legacy'
|
47
|
+
unless %w(legacy regional).include?(mode)
|
48
|
+
raise ArgumentError, "expected :s3_us_east_1_regional_endpoint or"\
|
49
|
+
" ENV['AWS_S3_US_EAST_1_REGIONAL_ENDPOINT'] to be `legacy` or"\
|
50
|
+
" `regional`."
|
51
|
+
end
|
52
|
+
mode
|
53
|
+
end
|
54
|
+
|
55
|
+
end
|
56
|
+
|
57
|
+
end
|
58
|
+
end
|
59
|
+
end
|
@@ -1,5 +1,4 @@
|
|
1
1
|
require 'openssl'
|
2
|
-
require 'base64'
|
3
2
|
|
4
3
|
module Aws
|
5
4
|
module S3
|
@@ -37,13 +36,13 @@ module Aws
|
|
37
36
|
# @return [String<MD5>]
|
38
37
|
def md5(value)
|
39
38
|
if (File === value || Tempfile === value) && !value.path.nil? && File.exist?(value.path)
|
40
|
-
|
39
|
+
OpenSSL::Digest::MD5.file(value).base64digest
|
41
40
|
elsif value.respond_to?(:read)
|
42
41
|
md5 = OpenSSL::Digest::MD5.new
|
43
42
|
update_in_chunks(md5, value)
|
44
|
-
|
43
|
+
md5.base64digest
|
45
44
|
else
|
46
|
-
|
45
|
+
OpenSSL::Digest::MD5.digest(value).base64digest
|
47
46
|
end
|
48
47
|
end
|
49
48
|
|
data/lib/aws-sdk-s3/presigner.rb
CHANGED
@@ -16,6 +16,25 @@ module Aws
|
|
16
16
|
# @api private
|
17
17
|
FIFTEEN_MINUTES = 60 * 15
|
18
18
|
|
19
|
+
BLACKLISTED_HEADERS = [
|
20
|
+
'accept',
|
21
|
+
'cache-control',
|
22
|
+
'content-length', # due to a ELB bug
|
23
|
+
'expect',
|
24
|
+
'from',
|
25
|
+
'if-match',
|
26
|
+
'if-none-match',
|
27
|
+
'if-modified-since',
|
28
|
+
'if-unmodified-since',
|
29
|
+
'if-range',
|
30
|
+
'max-forwards',
|
31
|
+
'pragma',
|
32
|
+
'proxy-authorization',
|
33
|
+
'referer',
|
34
|
+
'te',
|
35
|
+
'user-agent'
|
36
|
+
].freeze
|
37
|
+
|
19
38
|
# @option options [Client] :client Optionally provide an existing
|
20
39
|
# S3 client
|
21
40
|
def initialize(options = {})
|
@@ -31,6 +50,9 @@ module Aws
|
|
31
50
|
# attempts to set this value to greater than one week (604800) will
|
32
51
|
# raise an exception.
|
33
52
|
#
|
53
|
+
# @option params [Time] :time (Time.now) The starting time for when the
|
54
|
+
# presigned url becomes active.
|
55
|
+
#
|
34
56
|
# @option params [Boolean] :secure (true) When `false`, a HTTP URL
|
35
57
|
# is returned instead of the default HTTPS URL.
|
36
58
|
#
|
@@ -38,8 +60,15 @@ module Aws
|
|
38
60
|
# bucket name will be used as the hostname. This will cause
|
39
61
|
# the returned URL to be 'http' and not 'https'.
|
40
62
|
#
|
41
|
-
# @option params [Boolean] :use_accelerate_endpoint (false) When `true`,
|
42
|
-
# will attempt to use accelerated endpoint
|
63
|
+
# @option params [Boolean] :use_accelerate_endpoint (false) When `true`,
|
64
|
+
# Presigner will attempt to use accelerated endpoint.
|
65
|
+
#
|
66
|
+
# @option params [Array<String>] :whitelist_headers ([]) Additional
|
67
|
+
# headers to be included for the signed request. Certain headers beyond
|
68
|
+
# the authorization header could, in theory, be changed for various
|
69
|
+
# reasons (including but not limited to proxies) while in transit and
|
70
|
+
# after signing. This would lead to signature errors being returned,
|
71
|
+
# despite no actual problems with signing. (see BLACKLISTED_HEADERS)
|
43
72
|
#
|
44
73
|
# @raise [ArgumentError] Raises an ArgumentError if `:expires_in`
|
45
74
|
# exceeds one week.
|
@@ -49,11 +78,15 @@ module Aws
|
|
49
78
|
raise ArgumentError, ":key must not be blank"
|
50
79
|
end
|
51
80
|
virtual_host = !!params.delete(:virtual_host)
|
81
|
+
time = params.delete(:time)
|
82
|
+
whitelisted_headers = params.delete(:whitelist_headers) || []
|
83
|
+
unsigned_headers = BLACKLISTED_HEADERS - whitelisted_headers
|
52
84
|
scheme = http_scheme(params, virtual_host)
|
53
85
|
|
54
86
|
req = @client.build_request(method, params)
|
55
87
|
use_bucket_as_hostname(req) if virtual_host
|
56
|
-
|
88
|
+
|
89
|
+
sign_but_dont_send(req, expires_in(params), scheme, time, unsigned_headers)
|
57
90
|
req.send_request.data
|
58
91
|
end
|
59
92
|
|
@@ -68,7 +101,7 @@ module Aws
|
|
68
101
|
end
|
69
102
|
|
70
103
|
def expires_in(params)
|
71
|
-
if expires_in = params.delete(:expires_in)
|
104
|
+
if (expires_in = params.delete(:expires_in))
|
72
105
|
if expires_in > ONE_WEEK
|
73
106
|
msg = "expires_in value of #{expires_in} exceeds one-week maximum"
|
74
107
|
raise ArgumentError, msg
|
@@ -92,17 +125,16 @@ module Aws
|
|
92
125
|
end
|
93
126
|
|
94
127
|
# @param [Seahorse::Client::Request] req
|
95
|
-
def sign_but_dont_send(req, expires_in, scheme)
|
96
|
-
|
128
|
+
def sign_but_dont_send(req, expires_in, scheme, time, unsigned_headers)
|
97
129
|
http_req = req.context.http_request
|
98
130
|
|
99
131
|
req.handlers.remove(Aws::S3::Plugins::S3Signer::LegacyHandler)
|
100
132
|
req.handlers.remove(Aws::S3::Plugins::S3Signer::V4Handler)
|
101
133
|
req.handlers.remove(Seahorse::Client::Plugins::ContentLength::Handler)
|
102
134
|
|
103
|
-
signer = build_signer(req.context.config)
|
104
|
-
req.context[:presigned_url] = true
|
135
|
+
signer = build_signer(req.context.config, unsigned_headers)
|
105
136
|
|
137
|
+
req.context[:presigned_url] = true
|
106
138
|
req.handle(step: :send) do |context|
|
107
139
|
|
108
140
|
if scheme != http_req.endpoint.scheme
|
@@ -128,41 +160,23 @@ module Aws
|
|
128
160
|
url: http_req.endpoint,
|
129
161
|
headers: http_req.headers,
|
130
162
|
body_digest: 'UNSIGNED-PAYLOAD',
|
131
|
-
expires_in: expires_in
|
163
|
+
expires_in: expires_in,
|
164
|
+
time: time
|
132
165
|
).to_s
|
133
166
|
|
134
167
|
Seahorse::Client::Response.new(context: context, data: url)
|
135
168
|
end
|
136
169
|
end
|
137
170
|
|
138
|
-
def build_signer(cfg)
|
171
|
+
def build_signer(cfg, unsigned_headers)
|
139
172
|
Aws::Sigv4::Signer.new(
|
140
173
|
service: 's3',
|
141
174
|
region: cfg.region,
|
142
175
|
credentials_provider: cfg.credentials,
|
143
|
-
unsigned_headers:
|
144
|
-
'cache-control',
|
145
|
-
'content-length', # due to a ELB bug
|
146
|
-
'expect',
|
147
|
-
'max-forwards',
|
148
|
-
'pragma',
|
149
|
-
'te',
|
150
|
-
'if-match',
|
151
|
-
'if-none-match',
|
152
|
-
'if-modified-since',
|
153
|
-
'if-unmodified-since',
|
154
|
-
'if-range',
|
155
|
-
'accept',
|
156
|
-
'proxy-authorization',
|
157
|
-
'from',
|
158
|
-
'referer',
|
159
|
-
'user-agent',
|
160
|
-
'x-amzn-trace-id'
|
161
|
-
],
|
176
|
+
unsigned_headers: unsigned_headers,
|
162
177
|
uri_escape_path: false
|
163
178
|
)
|
164
179
|
end
|
165
|
-
|
166
180
|
end
|
167
181
|
end
|
168
182
|
end
|
data/lib/aws-sdk-s3/resource.rb
CHANGED
@@ -40,7 +40,9 @@ module Aws::S3
|
|
40
40
|
# @option options [String] :acl
|
41
41
|
# The canned ACL to apply to the bucket.
|
42
42
|
# @option options [required, String] :bucket
|
43
|
+
# The name of the bucket to create.
|
43
44
|
# @option options [Types::CreateBucketConfiguration] :create_bucket_configuration
|
45
|
+
# The configuration information for the bucket.
|
44
46
|
# @option options [String] :grant_full_control
|
45
47
|
# Allows grantee the read, write, read ACP, and write ACP permissions on
|
46
48
|
# the bucket.
|