aws-sdk-s3 1.61.2 → 1.83.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (94) hide show
  1. checksums.yaml +5 -5
  2. data/lib/aws-sdk-s3.rb +5 -2
  3. data/lib/aws-sdk-s3/arn/access_point_arn.rb +62 -0
  4. data/lib/aws-sdk-s3/arn/outpost_access_point_arn.rb +71 -0
  5. data/lib/aws-sdk-s3/bucket.rb +61 -10
  6. data/lib/aws-sdk-s3/bucket_acl.rb +7 -0
  7. data/lib/aws-sdk-s3/bucket_cors.rb +15 -2
  8. data/lib/aws-sdk-s3/bucket_lifecycle.rb +14 -1
  9. data/lib/aws-sdk-s3/bucket_lifecycle_configuration.rb +14 -1
  10. data/lib/aws-sdk-s3/bucket_logging.rb +7 -0
  11. data/lib/aws-sdk-s3/bucket_notification.rb +7 -0
  12. data/lib/aws-sdk-s3/bucket_policy.rb +14 -1
  13. data/lib/aws-sdk-s3/bucket_region_cache.rb +2 -0
  14. data/lib/aws-sdk-s3/bucket_request_payment.rb +7 -0
  15. data/lib/aws-sdk-s3/bucket_tagging.rb +14 -1
  16. data/lib/aws-sdk-s3/bucket_versioning.rb +17 -0
  17. data/lib/aws-sdk-s3/bucket_website.rb +18 -3
  18. data/lib/aws-sdk-s3/client.rb +2521 -1187
  19. data/lib/aws-sdk-s3/client_api.rb +188 -18
  20. data/lib/aws-sdk-s3/customizations.rb +3 -0
  21. data/lib/aws-sdk-s3/customizations/bucket.rb +11 -4
  22. data/lib/aws-sdk-s3/customizations/multipart_upload.rb +2 -0
  23. data/lib/aws-sdk-s3/customizations/object.rb +23 -5
  24. data/lib/aws-sdk-s3/customizations/object_summary.rb +5 -0
  25. data/lib/aws-sdk-s3/customizations/types/list_object_versions_output.rb +2 -0
  26. data/lib/aws-sdk-s3/encryption.rb +4 -0
  27. data/lib/aws-sdk-s3/encryption/client.rb +18 -5
  28. data/lib/aws-sdk-s3/encryption/decrypt_handler.rb +72 -26
  29. data/lib/aws-sdk-s3/encryption/default_cipher_provider.rb +43 -5
  30. data/lib/aws-sdk-s3/encryption/default_key_provider.rb +2 -0
  31. data/lib/aws-sdk-s3/encryption/encrypt_handler.rb +13 -2
  32. data/lib/aws-sdk-s3/encryption/errors.rb +2 -0
  33. data/lib/aws-sdk-s3/encryption/io_auth_decrypter.rb +2 -0
  34. data/lib/aws-sdk-s3/encryption/io_decrypter.rb +11 -3
  35. data/lib/aws-sdk-s3/encryption/io_encrypter.rb +2 -0
  36. data/lib/aws-sdk-s3/encryption/key_provider.rb +2 -0
  37. data/lib/aws-sdk-s3/encryption/kms_cipher_provider.rb +34 -3
  38. data/lib/aws-sdk-s3/encryption/materials.rb +8 -6
  39. data/lib/aws-sdk-s3/encryption/utils.rb +25 -0
  40. data/lib/aws-sdk-s3/encryptionV2/client.rb +566 -0
  41. data/lib/aws-sdk-s3/encryptionV2/decrypt_handler.rb +226 -0
  42. data/lib/aws-sdk-s3/encryptionV2/default_cipher_provider.rb +170 -0
  43. data/lib/aws-sdk-s3/encryptionV2/default_key_provider.rb +40 -0
  44. data/lib/aws-sdk-s3/encryptionV2/encrypt_handler.rb +69 -0
  45. data/lib/aws-sdk-s3/encryptionV2/errors.rb +37 -0
  46. data/lib/aws-sdk-s3/encryptionV2/io_auth_decrypter.rb +58 -0
  47. data/lib/aws-sdk-s3/encryptionV2/io_decrypter.rb +37 -0
  48. data/lib/aws-sdk-s3/encryptionV2/io_encrypter.rb +73 -0
  49. data/lib/aws-sdk-s3/encryptionV2/key_provider.rb +31 -0
  50. data/lib/aws-sdk-s3/encryptionV2/kms_cipher_provider.rb +169 -0
  51. data/lib/aws-sdk-s3/encryptionV2/materials.rb +60 -0
  52. data/lib/aws-sdk-s3/encryptionV2/utils.rb +103 -0
  53. data/lib/aws-sdk-s3/encryption_v2.rb +23 -0
  54. data/lib/aws-sdk-s3/errors.rb +2 -0
  55. data/lib/aws-sdk-s3/event_streams.rb +7 -0
  56. data/lib/aws-sdk-s3/file_downloader.rb +10 -8
  57. data/lib/aws-sdk-s3/file_part.rb +2 -0
  58. data/lib/aws-sdk-s3/file_uploader.rb +14 -1
  59. data/lib/aws-sdk-s3/legacy_signer.rb +2 -0
  60. data/lib/aws-sdk-s3/multipart_file_uploader.rb +39 -2
  61. data/lib/aws-sdk-s3/multipart_stream_uploader.rb +3 -1
  62. data/lib/aws-sdk-s3/multipart_upload.rb +18 -1
  63. data/lib/aws-sdk-s3/multipart_upload_error.rb +2 -0
  64. data/lib/aws-sdk-s3/multipart_upload_part.rb +66 -7
  65. data/lib/aws-sdk-s3/object.rb +174 -23
  66. data/lib/aws-sdk-s3/object_acl.rb +15 -0
  67. data/lib/aws-sdk-s3/object_copier.rb +2 -0
  68. data/lib/aws-sdk-s3/object_multipart_copier.rb +2 -0
  69. data/lib/aws-sdk-s3/object_summary.rb +185 -20
  70. data/lib/aws-sdk-s3/object_version.rb +44 -4
  71. data/lib/aws-sdk-s3/plugins/accelerate.rb +29 -38
  72. data/lib/aws-sdk-s3/plugins/arn.rb +187 -0
  73. data/lib/aws-sdk-s3/plugins/bucket_dns.rb +2 -2
  74. data/lib/aws-sdk-s3/plugins/bucket_name_restrictions.rb +3 -1
  75. data/lib/aws-sdk-s3/plugins/dualstack.rb +5 -1
  76. data/lib/aws-sdk-s3/plugins/expect_100_continue.rb +3 -4
  77. data/lib/aws-sdk-s3/plugins/get_bucket_location_fix.rb +2 -0
  78. data/lib/aws-sdk-s3/plugins/http_200_errors.rb +11 -3
  79. data/lib/aws-sdk-s3/plugins/iad_regional_endpoint.rb +3 -1
  80. data/lib/aws-sdk-s3/plugins/location_constraint.rb +2 -0
  81. data/lib/aws-sdk-s3/plugins/md5s.rb +26 -25
  82. data/lib/aws-sdk-s3/plugins/redirects.rb +2 -0
  83. data/lib/aws-sdk-s3/plugins/s3_host_id.rb +2 -0
  84. data/lib/aws-sdk-s3/plugins/s3_signer.rb +31 -7
  85. data/lib/aws-sdk-s3/plugins/sse_cpk.rb +3 -1
  86. data/lib/aws-sdk-s3/plugins/streaming_retry.rb +118 -0
  87. data/lib/aws-sdk-s3/plugins/url_encoded_keys.rb +2 -0
  88. data/lib/aws-sdk-s3/presigned_post.rb +68 -32
  89. data/lib/aws-sdk-s3/presigner.rb +102 -34
  90. data/lib/aws-sdk-s3/resource.rb +4 -2
  91. data/lib/aws-sdk-s3/types.rb +2016 -256
  92. data/lib/aws-sdk-s3/waiters.rb +2 -0
  93. metadata +23 -6
  94. data/lib/aws-sdk-s3/plugins/bucket_arn.rb +0 -211
@@ -1,3 +1,5 @@
1
+ # frozen_string_literal: true
2
+
1
3
  module Aws
2
4
  module S3
3
5
  module Plugins
@@ -11,7 +13,7 @@ module Aws
11
13
  def call(context)
12
14
  bucket_member = _bucket_member(context.operation.input.shape)
13
15
  if bucket_member && (bucket = context.params[bucket_member])
14
- _resolved_bucket, _resolved_region, arn = BucketARN.resolve_arn!(
16
+ _resolved_region, arn = ARN.resolve_arn!(
15
17
  bucket,
16
18
  context.config.region,
17
19
  context.config.s3_use_arn_region
@@ -1,3 +1,5 @@
1
+ # frozen_string_literal: true
2
+
1
3
  module Aws
2
4
  module S3
3
5
  module Plugins
@@ -20,7 +22,9 @@ for all operations.
20
22
  # @api private
21
23
  class OptionHandler < Seahorse::Client::Handler
22
24
  def call(context)
23
- dualstack = context.params.delete(:use_dualstack_endpoint)
25
+ if context.params.is_a?(Hash)
26
+ dualstack = context.params.delete(:use_dualstack_endpoint)
27
+ end
24
28
  dualstack = context.config.use_dualstack_endpoint if dualstack.nil?
25
29
  context[:use_dualstack_endpoint] = dualstack
26
30
  @handler.call(context)
@@ -1,3 +1,5 @@
1
+ # frozen_string_literal: true
2
+
1
3
  module Aws
2
4
  module S3
3
5
  module Plugins
@@ -13,10 +15,7 @@ module Aws
13
15
  class Handler < Seahorse::Client::Handler
14
16
 
15
17
  def call(context)
16
- if
17
- context.http_request.body &&
18
- context.http_request.body.size > 0
19
- then
18
+ if context.http_request.body && context.http_request.body.size > 0
20
19
  context.http_request.headers['expect'] = '100-continue'
21
20
  end
22
21
  @handler.call(context)
@@ -1,3 +1,5 @@
1
+ # frozen_string_literal: true
2
+
1
3
  module Aws
2
4
  module S3
3
5
  module Plugins
@@ -1,3 +1,5 @@
1
+ # frozen_string_literal: true
2
+
1
3
  module Aws
2
4
  module S3
3
5
  module Plugins
@@ -27,12 +29,19 @@ module Aws
27
29
  error_code = xml.match(/<Code>(.+?)<\/Code>/)[1]
28
30
  error_message = xml.match(/<Message>(.+?)<\/Message>/)[1]
29
31
  S3::Errors.error_class(error_code).new(context, error_message)
32
+ elsif !xml.match(/<\w/) # Must have the start of an XML Tag
33
+ # Other incomplete xml bodies will result in XML ParsingError
34
+ Seahorse::Client::NetworkingError.new(
35
+ S3::Errors
36
+ .error_class('InternalError')
37
+ .new(context, 'Empty or incomplete response body')
38
+ )
30
39
  end
31
40
  end
32
-
33
41
  end
34
42
 
35
- handler(Handler,
43
+ handler(
44
+ Handler,
36
45
  step: :sign,
37
46
  operations: [
38
47
  :complete_multipart_upload,
@@ -40,7 +49,6 @@ module Aws
40
49
  :upload_part_copy,
41
50
  ]
42
51
  )
43
-
44
52
  end
45
53
  end
46
54
  end
@@ -1,3 +1,5 @@
1
+ # frozen_string_literal: true
2
+
1
3
  module Aws
2
4
  module S3
3
5
  module Plugins
@@ -44,7 +46,7 @@ region. Defaults to `legacy` mode using global endpoint.
44
46
  mode = ENV['AWS_S3_US_EAST_1_REGIONAL_ENDPOINT'] ||
45
47
  Aws.shared_config.s3_us_east_1_regional_endpoint(profile: cfg.profile) ||
46
48
  'legacy'
47
- mode.downcase!
49
+ mode = mode.downcase
48
50
  unless %w(legacy regional).include?(mode)
49
51
  raise ArgumentError, "expected :s3_us_east_1_regional_endpoint or"\
50
52
  " ENV['AWS_S3_US_EAST_1_REGIONAL_ENDPOINT'] to be `legacy` or"\
@@ -1,3 +1,5 @@
1
+ # frozen_string_literal: true
2
+
1
3
  module Aws
2
4
  module S3
3
5
  module Plugins
@@ -1,22 +1,19 @@
1
+ # frozen_string_literal: true
2
+
1
3
  require 'openssl'
2
4
 
3
5
  module Aws
4
6
  module S3
5
7
  module Plugins
8
+ # @api private
9
+ # This plugin is effectively deprecated in favor of modeled
10
+ # httpChecksumRequired traits.
6
11
  class Md5s < Seahorse::Client::Plugin
7
-
8
- # Amazon S3 requires these operations to have an MD5 checksum
9
- REQUIRED_OPERATIONS = [
10
- :delete_objects,
11
- :put_bucket_cors,
12
- :put_bucket_lifecycle,
13
- :put_bucket_lifecycle_configuration,
14
- :put_bucket_policy,
15
- :put_bucket_replication,
16
- :put_bucket_tagging,
17
- :put_object_legal_hold,
18
- :put_object_lock_configuration,
19
- :put_object_retention
12
+ # These operations allow Content MD5 but are not required by
13
+ # httpChecksumRequired. This list should not grow.
14
+ OPTIONAL_OPERATIONS = [
15
+ :put_object,
16
+ :upload_part
20
17
  ]
21
18
 
22
19
  # @api private
@@ -49,7 +46,9 @@ module Aws
49
46
  end
50
47
 
51
48
  def update_in_chunks(digest, io)
52
- while chunk = io.read(CHUNK_SIZE, buffer ||= "")
49
+ loop do
50
+ chunk = io.read(CHUNK_SIZE)
51
+ break unless chunk
53
52
  digest.update(chunk)
54
53
  end
55
54
  io.rewind
@@ -61,20 +60,22 @@ module Aws
61
60
  default: true,
62
61
  doc_type: 'Boolean',
63
62
  docstring: <<-DOCS)
64
- When `true` a MD5 checksum will be computed for every request that
65
- sends a body. When `false`, MD5 checksums will only be computed
66
- for operations that require them. Checksum errors returned by Amazon
67
- S3 are automatically retried up to `:retry_limit` times.
63
+ When `true` a MD5 checksum will be computed and sent in the Content Md5
64
+ header for :put_object and :upload_part. When `false`, MD5 checksums
65
+ will not be computed for these operations. Checksums are still computed
66
+ for operations requiring them. Checksum errors returned by Amazon S3 are
67
+ automatically retried up to `:retry_limit` times.
68
68
  DOCS
69
69
 
70
70
  def add_handlers(handlers, config)
71
- # priority set low to ensure md5 is computed AFTER the request is
72
- # built but before it is signed
73
- handlers.add(Handler, {
74
- priority: 10,
75
- step: :build,
76
- operations: config.compute_checksums ? nil : REQUIRED_OPERATIONS,
77
- })
71
+ if config.compute_checksums
72
+ # priority set low to ensure md5 is computed AFTER the request is
73
+ # built but before it is signed
74
+ handlers.add(
75
+ Handler,
76
+ priority: 10, step: :build, operations: OPTIONAL_OPERATIONS
77
+ )
78
+ end
78
79
  end
79
80
 
80
81
  end
@@ -1,3 +1,5 @@
1
+ # frozen_string_literal: true
2
+
1
3
  module Aws
2
4
  module S3
3
5
  module Plugins
@@ -1,3 +1,5 @@
1
+ # frozen_string_literal: true
2
+
1
3
  module Aws
2
4
  module S3
3
5
  module Plugins
@@ -1,3 +1,5 @@
1
+ # frozen_string_literal: true
2
+
1
3
  require 'aws-sigv4'
2
4
 
3
5
  module Aws
@@ -10,12 +12,14 @@ module Aws
10
12
 
11
13
  option(:sigv4_signer) do |cfg|
12
14
  S3Signer.build_v4_signer(
15
+ service: 's3',
13
16
  region: cfg.sigv4_region,
14
17
  credentials: cfg.credentials
15
18
  )
16
19
  end
17
20
 
18
21
  option(:sigv4_region) do |cfg|
22
+ # S3 removes core's signature_v4 plugin that checks for this
19
23
  raise Aws::Errors::MissingRegionError if cfg.region.nil?
20
24
 
21
25
  Aws::Partitions::EndpointProvider.signing_region(cfg.region, 's3')
@@ -65,11 +69,26 @@ module Aws
65
69
  if context[:cached_sigv4_region] &&
66
70
  context[:cached_sigv4_region] != context.config.sigv4_signer.region
67
71
  S3Signer.build_v4_signer(
72
+ service: 's3',
68
73
  region: context[:cached_sigv4_region],
69
74
  credentials: context.config.credentials
70
75
  )
71
76
  else
72
- context.config.sigv4_signer
77
+ resolved_region, arn = ARN.resolve_arn!(
78
+ context.params[:bucket],
79
+ context.config.sigv4_signer.region,
80
+ context.config.s3_use_arn_region
81
+ )
82
+
83
+ if arn
84
+ S3Signer.build_v4_signer(
85
+ service: arn.respond_to?(:outpost_id) ? 's3-outposts' : 's3',
86
+ region: resolved_region,
87
+ credentials: context.config.credentials
88
+ )
89
+ else
90
+ context.config.sigv4_signer
91
+ end
73
92
  end
74
93
  end
75
94
  end
@@ -88,7 +107,9 @@ module Aws
88
107
  def check_for_cached_region(context, bucket)
89
108
  cached_region = S3::BUCKET_REGIONS[bucket]
90
109
  if cached_region && cached_region != context.config.region
91
- context.http_request.endpoint.host = S3Signer.new_hostname(context, cached_region)
110
+ context.http_request.endpoint.host = S3Signer.new_hostname(
111
+ context, cached_region
112
+ )
92
113
  context[:cached_sigv4_region] = cached_region
93
114
  end
94
115
  end
@@ -148,11 +169,14 @@ module Aws
148
169
 
149
170
  def resign_with_new_region(context, actual_region)
150
171
  context.http_response.body.truncate(0)
151
- context.http_request.endpoint.host = S3Signer.new_hostname(context, actual_region)
172
+ context.http_request.endpoint.host = S3Signer.new_hostname(
173
+ context, actual_region
174
+ )
152
175
  context.metadata[:redirect_region] = actual_region
153
176
  Aws::Plugins::SignatureV4.apply_signature(
154
177
  context: context,
155
178
  signer: S3Signer.build_v4_signer(
179
+ service: 's3',
156
180
  region: actual_region,
157
181
  credentials: context.config.credentials
158
182
  )
@@ -187,7 +211,7 @@ module Aws
187
211
  # @api private
188
212
  def build_v4_signer(options = {})
189
213
  Aws::Sigv4::Signer.new(
190
- service: 's3',
214
+ service: options[:service],
191
215
  region: options[:region],
192
216
  credentials_provider: options[:credentials],
193
217
  uri_escape_path: false,
@@ -198,7 +222,7 @@ module Aws
198
222
  def new_hostname(context, region)
199
223
  # Check to see if the bucket is actually an ARN and resolve it
200
224
  # Otherwise it will retry with the ARN as the bucket name.
201
- resolved_bucket, resolved_region, arn = BucketARN.resolve_arn!(
225
+ resolved_region, arn = ARN.resolve_arn!(
202
226
  context.params[:bucket],
203
227
  region,
204
228
  context.config.s3_use_arn_region
@@ -208,9 +232,9 @@ module Aws
208
232
  )
209
233
 
210
234
  if arn
211
- BucketARN.resolve_url!(uri, arn).host
235
+ ARN.resolve_url!(uri, arn).host
212
236
  else
213
- resolved_bucket + '.' + uri.host
237
+ "#{context.params[:bucket]}.#{uri.host}"
214
238
  end
215
239
  end
216
240
  end
@@ -1,3 +1,5 @@
1
+ # frozen_string_literal: true
2
+
1
3
  require 'uri'
2
4
  require 'openssl'
3
5
 
@@ -18,7 +20,7 @@ This should only be disabled for local testing.
18
20
  class Handler < Seahorse::Client::Handler
19
21
 
20
22
  def call(context)
21
- compute_key_md5(context)
23
+ compute_key_md5(context) if context.params.is_a?(Hash)
22
24
  @handler.call(context)
23
25
  end
24
26
 
@@ -0,0 +1,118 @@
1
+ # frozen_string_literal: true
2
+
3
+ require 'forwardable'
4
+
5
+ module Aws
6
+ module S3
7
+ module Plugins
8
+
9
+ # A wrapper around BlockIO that adds no-ops for truncate and rewind
10
+ # @api private
11
+ class RetryableBlockIO
12
+ extend Forwardable
13
+ def_delegators :@block_io, :write, :read, :size
14
+
15
+ def initialize(block_io)
16
+ @block_io = block_io
17
+ end
18
+
19
+ def truncate(_integer); end
20
+
21
+ def rewind; end
22
+ end
23
+
24
+ # A wrapper around ManagedFile that adds no-ops for truncate and rewind
25
+ # @api private
26
+ class RetryableManagedFile
27
+ extend Forwardable
28
+ def_delegators :@file, :write, :read, :size, :open?, :close
29
+
30
+ def initialize(managed_file)
31
+ @file = managed_file
32
+ end
33
+
34
+ def truncate(_integer); end
35
+
36
+ def rewind; end
37
+ end
38
+
39
+ # This handler works with the ResponseTarget plugin to provide smart
40
+ # retries of S3 streaming operations that support the range parameter
41
+ # (currently only: get_object). When a 200 OK with a TruncatedBodyError
42
+ # is received this handler will add a range header that excludes the
43
+ # data that has already been processed (written to file or sent to
44
+ # the target Proc).
45
+ # It is important to not write data to the custom target in the case of
46
+ # a non-success response. We do not want to write an XML error
47
+ # message to someone's file or pass it to a user's Proc.
48
+ # @api private
49
+ class StreamingRetry < Seahorse::Client::Plugin
50
+
51
+ class Handler < Seahorse::Client::Handler
52
+
53
+ def call(context)
54
+ target = context.params[:response_target] || context[:response_target]
55
+
56
+ # retry is only supported when range is NOT set on the initial request
57
+ if supported_target?(target) && !context.params[:range]
58
+ add_event_listeners(context, target)
59
+ end
60
+ @handler.call(context)
61
+ end
62
+
63
+ private
64
+
65
+ def add_event_listeners(context, target)
66
+ context.http_response.on_headers(200..299) do
67
+ case context.http_response.body
68
+ when Seahorse::Client::BlockIO then
69
+ context.http_response.body = RetryableBlockIO.new(context.http_response.body)
70
+ when Seahorse::Client::ManagedFile then
71
+ context.http_response.body = RetryableManagedFile.new(context.http_response.body)
72
+ end
73
+ end
74
+
75
+ context.http_response.on_headers(400..599) do
76
+ context.http_response.body = StringIO.new # something to write the error to
77
+ end
78
+
79
+ context.http_response.on_success(200..299) do
80
+ body = context.http_response.body
81
+ if body.is_a?(RetryableManagedFile) && body.open?
82
+ body.close
83
+ end
84
+ end
85
+
86
+ context.http_response.on_error do |error|
87
+ if retryable_body?(context) && truncated_body?(error)
88
+ context.http_request.headers[:range] = "bytes=#{context.http_response.body.size}-"
89
+ end
90
+ end
91
+ end
92
+
93
+ def truncated_body?(error)
94
+ error.is_a?(Seahorse::Client::NetworkingError) &&
95
+ error.original_error.is_a?(
96
+ Seahorse::Client::NetHttp::Handler::TruncatedBodyError
97
+ )
98
+ end
99
+
100
+ def retryable_body?(context)
101
+ context.http_response.body.is_a?(RetryableBlockIO) ||
102
+ context.http_response.body.is_a?(RetryableManagedFile)
103
+ end
104
+
105
+ def supported_target?(target)
106
+ case target
107
+ when Proc, String, Pathname then true
108
+ else false
109
+ end
110
+ end
111
+ end
112
+
113
+ handler(Handler, step: :sign, operations: [:get_object], priority: 10)
114
+
115
+ end
116
+ end
117
+ end
118
+ end
@@ -1,3 +1,5 @@
1
+ # frozen_string_literal: true
2
+
1
3
  require 'uri'
2
4
  require 'cgi'
3
5