aws-sdk-s3 1.62.0 → 1.63.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/aws-sdk-s3.rb +1 -1
- data/lib/aws-sdk-s3/client.rb +1 -1
- data/lib/aws-sdk-s3/presigner.rb +100 -32
- metadata +2 -2
    
        checksums.yaml
    CHANGED
    
    | @@ -1,7 +1,7 @@ | |
| 1 1 | 
             
            ---
         | 
| 2 2 | 
             
            SHA256:
         | 
| 3 | 
            -
              metadata.gz:  | 
| 4 | 
            -
              data.tar.gz:  | 
| 3 | 
            +
              metadata.gz: da2e6ca940a8ce680ead9bccdf025c410123d7e57037c60a8f6537212f76aacc
         | 
| 4 | 
            +
              data.tar.gz: 475125426aac2b54ead19be2d0d60abe4bd937dad68d8eaef6800dea14764545
         | 
| 5 5 | 
             
            SHA512:
         | 
| 6 | 
            -
              metadata.gz:  | 
| 7 | 
            -
              data.tar.gz:  | 
| 6 | 
            +
              metadata.gz: 35c7afe8f6252bbce8845aa9f868dad6928291726a80824300d06b87aed3d316f58a18e5f79d4858fbf41563ce048f3c96e6a4d97520ea897198a4660514aa04
         | 
| 7 | 
            +
              data.tar.gz: 42cf77fb2421bfed31a08641186470ee3e36eceeecc3680a564aa0504de767b3d666e42ee74d5f8ffea7539bd6c383cd104602682bba7c86459358d3f14d4435
         | 
    
        data/lib/aws-sdk-s3.rb
    CHANGED
    
    
    
        data/lib/aws-sdk-s3/client.rb
    CHANGED
    
    | @@ -11789,7 +11789,7 @@ module Aws::S3 | |
| 11789 11789 | 
             
                    params: params,
         | 
| 11790 11790 | 
             
                    config: config)
         | 
| 11791 11791 | 
             
                  context[:gem_name] = 'aws-sdk-s3'
         | 
| 11792 | 
            -
                  context[:gem_version] = '1. | 
| 11792 | 
            +
                  context[:gem_version] = '1.63.0'
         | 
| 11793 11793 | 
             
                  Seahorse::Client::Request.new(handlers, context)
         | 
| 11794 11794 | 
             
                end
         | 
| 11795 11795 |  | 
    
        data/lib/aws-sdk-s3/presigner.rb
    CHANGED
    
    | @@ -1,21 +1,13 @@ | |
| 1 1 | 
             
            module Aws
         | 
| 2 2 | 
             
              module S3
         | 
| 3 | 
            -
             | 
| 4 | 
            -
                # Allows you to create presigned URLs for S3 operations.
         | 
| 5 | 
            -
                #
         | 
| 6 | 
            -
                # Example Use:
         | 
| 7 | 
            -
                #
         | 
| 8 | 
            -
                #      signer = Aws::S3::Presigner.new
         | 
| 9 | 
            -
                #      url = signer.presigned_url(:get_object, bucket: "bucket", key: "key")
         | 
| 10 | 
            -
                #
         | 
| 11 3 | 
             
                class Presigner
         | 
| 12 | 
            -
             | 
| 13 4 | 
             
                  # @api private
         | 
| 14 5 | 
             
                  ONE_WEEK = 60 * 60 * 24 * 7
         | 
| 15 6 |  | 
| 16 7 | 
             
                  # @api private
         | 
| 17 8 | 
             
                  FIFTEEN_MINUTES = 60 * 15
         | 
| 18 9 |  | 
| 10 | 
            +
                  # @api private
         | 
| 19 11 | 
             
                  BLACKLISTED_HEADERS = [
         | 
| 20 12 | 
             
                    'accept',
         | 
| 21 13 | 
             
                    'cache-control',
         | 
| @@ -41,7 +33,13 @@ module Aws | |
| 41 33 | 
             
                    @client = options[:client] || Aws::S3::Client.new
         | 
| 42 34 | 
             
                  end
         | 
| 43 35 |  | 
| 44 | 
            -
                  #  | 
| 36 | 
            +
                  # Create presigned URLs for S3 operations.
         | 
| 37 | 
            +
                  #
         | 
| 38 | 
            +
                  # @example
         | 
| 39 | 
            +
                  #  signer = Aws::S3::Presigner.new
         | 
| 40 | 
            +
                  #  url = signer.presigned_url(:get_object, bucket: "bucket", key: "key")
         | 
| 41 | 
            +
                  #
         | 
| 42 | 
            +
                  # @param [Symbol] :method Symbolized method name of the operation you want
         | 
| 45 43 | 
             
                  #   to presign.
         | 
| 46 44 | 
             
                  #
         | 
| 47 45 | 
             
                  # @option params [Integer] :expires_in (900) The number of seconds
         | 
| @@ -73,27 +71,88 @@ module Aws | |
| 73 71 | 
             
                  # @raise [ArgumentError] Raises an ArgumentError if `:expires_in`
         | 
| 74 72 | 
             
                  #   exceeds one week.
         | 
| 75 73 | 
             
                  #
         | 
| 74 | 
            +
                  # @return [String] a presigned url
         | 
| 76 75 | 
             
                  def presigned_url(method, params = {})
         | 
| 76 | 
            +
                    url, _headers = _presigned_request(method, params)
         | 
| 77 | 
            +
                    url
         | 
| 78 | 
            +
                  end
         | 
| 79 | 
            +
             | 
| 80 | 
            +
                  # Allows you to create presigned URL requests for S3 operations. This
         | 
| 81 | 
            +
                  # method returns a tuple containing the URL and the signed X-amz-* headers
         | 
| 82 | 
            +
                  # to be used with the presigned url.
         | 
| 83 | 
            +
                  #
         | 
| 84 | 
            +
                  # @example
         | 
| 85 | 
            +
                  #  signer = Aws::S3::Presigner.new
         | 
| 86 | 
            +
                  #  url, headers = signer.presigned_request(
         | 
| 87 | 
            +
                  #    :get_object, bucket: "bucket", key: "key"
         | 
| 88 | 
            +
                  #  )
         | 
| 89 | 
            +
                  #
         | 
| 90 | 
            +
                  # @param [Symbol] :method Symbolized method name of the operation you want
         | 
| 91 | 
            +
                  #   to presign.
         | 
| 92 | 
            +
                  #
         | 
| 93 | 
            +
                  # @option params [Integer] :expires_in (900) The number of seconds
         | 
| 94 | 
            +
                  #   before the presigned URL expires. Defaults to 15 minutes. As signature
         | 
| 95 | 
            +
                  #   version 4 has a maximum expiry time of one week for presigned URLs,
         | 
| 96 | 
            +
                  #   attempts to set this value to greater than one week (604800) will
         | 
| 97 | 
            +
                  #   raise an exception.
         | 
| 98 | 
            +
                  #
         | 
| 99 | 
            +
                  # @option params [Time] :time (Time.now) The starting time for when the
         | 
| 100 | 
            +
                  #   presigned url becomes active.
         | 
| 101 | 
            +
                  #
         | 
| 102 | 
            +
                  # @option params [Boolean] :secure (true) When `false`, a HTTP URL
         | 
| 103 | 
            +
                  #   is returned instead of the default HTTPS URL.
         | 
| 104 | 
            +
                  #
         | 
| 105 | 
            +
                  # @option params [Boolean] :virtual_host (false) When `true`, the
         | 
| 106 | 
            +
                  #   bucket name will be used as the hostname. This will cause
         | 
| 107 | 
            +
                  #   the returned URL to be 'http' and not 'https'.
         | 
| 108 | 
            +
                  #
         | 
| 109 | 
            +
                  # @option params [Boolean] :use_accelerate_endpoint (false) When `true`,
         | 
| 110 | 
            +
                  #   Presigner will attempt to use accelerated endpoint.
         | 
| 111 | 
            +
                  #
         | 
| 112 | 
            +
                  # @option params [Array<String>] :whitelist_headers ([]) Additional
         | 
| 113 | 
            +
                  #   headers to be included for the signed request. Certain headers beyond
         | 
| 114 | 
            +
                  #   the authorization header could, in theory, be changed for various
         | 
| 115 | 
            +
                  #   reasons (including but not limited to proxies) while in transit and
         | 
| 116 | 
            +
                  #   after signing. This would lead to signature errors being returned,
         | 
| 117 | 
            +
                  #   despite no actual problems with signing. (see BLACKLISTED_HEADERS)
         | 
| 118 | 
            +
                  #
         | 
| 119 | 
            +
                  # @raise [ArgumentError] Raises an ArgumentError if `:expires_in`
         | 
| 120 | 
            +
                  #   exceeds one week.
         | 
| 121 | 
            +
                  #
         | 
| 122 | 
            +
                  # @return [String, Hash] A tuple with a presigned URL and headers that
         | 
| 123 | 
            +
                  #   should be included with the request.
         | 
| 124 | 
            +
                  def presigned_request(method, params = {})
         | 
| 125 | 
            +
                    _presigned_request(method, params, false)
         | 
| 126 | 
            +
                  end
         | 
| 127 | 
            +
             | 
| 128 | 
            +
                  private
         | 
| 129 | 
            +
             | 
| 130 | 
            +
                  def _presigned_request(method, params, hoist = true)
         | 
| 77 131 | 
             
                    if params[:key].nil? or params[:key] == ''
         | 
| 78 132 | 
             
                      raise ArgumentError, ":key must not be blank"
         | 
| 79 133 | 
             
                    end
         | 
| 80 | 
            -
                    virtual_host =  | 
| 134 | 
            +
                    virtual_host = params.delete(:virtual_host)
         | 
| 81 135 | 
             
                    time = params.delete(:time)
         | 
| 82 | 
            -
                     | 
| 83 | 
            -
                     | 
| 84 | 
            -
                     | 
| 136 | 
            +
                    unsigned_headers = unsigned_headers(params)
         | 
| 137 | 
            +
                    scheme = http_scheme(params)
         | 
| 138 | 
            +
                    expires_in = expires_in(params)
         | 
| 85 139 |  | 
| 86 140 | 
             
                    req = @client.build_request(method, params)
         | 
| 87 141 | 
             
                    use_bucket_as_hostname(req) if virtual_host
         | 
| 88 142 |  | 
| 89 | 
            -
                    sign_but_dont_send( | 
| 90 | 
            -
             | 
| 143 | 
            +
                    x_amz_headers = sign_but_dont_send(
         | 
| 144 | 
            +
                      req, expires_in, scheme, time, unsigned_headers, hoist
         | 
| 145 | 
            +
                    )
         | 
| 146 | 
            +
                    [req.send_request.data, x_amz_headers]
         | 
| 91 147 | 
             
                  end
         | 
| 92 148 |  | 
| 93 | 
            -
                   | 
| 149 | 
            +
                  def unsigned_headers(params)
         | 
| 150 | 
            +
                    whitelist_headers = params.delete(:whitelist_headers) || []
         | 
| 151 | 
            +
                    BLACKLISTED_HEADERS - whitelist_headers
         | 
| 152 | 
            +
                  end
         | 
| 94 153 |  | 
| 95 | 
            -
                  def http_scheme(params | 
| 96 | 
            -
                    if params.delete(:secure) == false | 
| 154 | 
            +
                  def http_scheme(params)
         | 
| 155 | 
            +
                    if params.delete(:secure) == false
         | 
| 97 156 | 
             
                      'http'
         | 
| 98 157 | 
             
                    else
         | 
| 99 158 | 
             
                      @client.config.endpoint.scheme
         | 
| @@ -104,12 +163,11 @@ module Aws | |
| 104 163 | 
             
                    if (expires_in = params.delete(:expires_in))
         | 
| 105 164 | 
             
                      if expires_in > ONE_WEEK
         | 
| 106 165 | 
             
                        raise ArgumentError,
         | 
| 107 | 
            -
                              "expires_in value of #{expires_in} exceeds one-week maximum"
         | 
| 108 | 
            -
                      elsif expires_in <= 0 | 
| 166 | 
            +
                              "expires_in value of #{expires_in} exceeds one-week maximum."
         | 
| 167 | 
            +
                      elsif expires_in <= 0
         | 
| 109 168 | 
             
                        raise ArgumentError,
         | 
| 110 | 
            -
                              "expires_in value of #{expires_in} cannot be 0 or less"
         | 
| 169 | 
            +
                              "expires_in value of #{expires_in} cannot be 0 or less."
         | 
| 111 170 | 
             
                      end
         | 
| 112 | 
            -
             | 
| 113 171 | 
             
                      expires_in
         | 
| 114 172 | 
             
                    else
         | 
| 115 173 | 
             
                      FIFTEEN_MINUTES
         | 
| @@ -122,14 +180,16 @@ module Aws | |
| 122 180 | 
             
                      uri = context.http_request.endpoint
         | 
| 123 181 | 
             
                      uri.host = context.params[:bucket]
         | 
| 124 182 | 
             
                      uri.path.sub!("/#{context.params[:bucket]}", '')
         | 
| 125 | 
            -
                      uri.scheme = 'http'
         | 
| 126 | 
            -
                      uri.port = 80
         | 
| 127 183 | 
             
                      @handler.call(context)
         | 
| 128 184 | 
             
                    end
         | 
| 129 185 | 
             
                  end
         | 
| 130 186 |  | 
| 131 187 | 
             
                  # @param [Seahorse::Client::Request] req
         | 
| 132 | 
            -
                  def sign_but_dont_send( | 
| 188 | 
            +
                  def sign_but_dont_send(
         | 
| 189 | 
            +
                    req, expires_in, scheme, time, unsigned_headers, hoist = true
         | 
| 190 | 
            +
                  )
         | 
| 191 | 
            +
                    x_amz_headers = {}
         | 
| 192 | 
            +
             | 
| 133 193 | 
             
                    http_req = req.context.http_request
         | 
| 134 194 |  | 
| 135 195 | 
             
                    req.handlers.remove(Aws::S3::Plugins::S3Signer::LegacyHandler)
         | 
| @@ -138,9 +198,7 @@ module Aws | |
| 138 198 |  | 
| 139 199 | 
             
                    signer = build_signer(req.context.config, unsigned_headers)
         | 
| 140 200 |  | 
| 141 | 
            -
                    req.context[:presigned_url] = true
         | 
| 142 201 | 
             
                    req.handle(step: :send) do |context|
         | 
| 143 | 
            -
             | 
| 144 202 | 
             
                      if scheme != http_req.endpoint.scheme
         | 
| 145 203 | 
             
                        endpoint = http_req.endpoint.dup
         | 
| 146 204 | 
             
                        endpoint.scheme = scheme
         | 
| @@ -148,13 +206,18 @@ module Aws | |
| 148 206 | 
             
                        http_req.endpoint = URI.parse(endpoint.to_s)
         | 
| 149 207 | 
             
                      end
         | 
| 150 208 |  | 
| 151 | 
            -
                      # hoist x-amz-* headers to the querystring
         | 
| 152 209 | 
             
                      query = http_req.endpoint.query ? http_req.endpoint.query.split('&') : []
         | 
| 153 | 
            -
                      http_req.headers. | 
| 154 | 
            -
                         | 
| 155 | 
            -
             | 
| 210 | 
            +
                      http_req.headers.each do |key, value|
         | 
| 211 | 
            +
                        next unless key =~ /^x-amz/i
         | 
| 212 | 
            +
             | 
| 213 | 
            +
                        if hoist
         | 
| 214 | 
            +
                          value = Aws::Sigv4::Signer.uri_escape(value)
         | 
| 156 215 | 
             
                          key = Aws::Sigv4::Signer.uri_escape(key)
         | 
| 216 | 
            +
                          # hoist x-amz-* headers to the querystring
         | 
| 217 | 
            +
                          http_req.headers.delete(key)
         | 
| 157 218 | 
             
                          query << "#{key}=#{value}"
         | 
| 219 | 
            +
                        else
         | 
| 220 | 
            +
                          x_amz_headers[key] = value
         | 
| 158 221 | 
             
                        end
         | 
| 159 222 | 
             
                      end
         | 
| 160 223 | 
             
                      http_req.endpoint.query = query.join('&') unless query.empty?
         | 
| @@ -168,8 +231,13 @@ module Aws | |
| 168 231 | 
             
                        time: time
         | 
| 169 232 | 
             
                      ).to_s
         | 
| 170 233 |  | 
| 234 | 
            +
                      # Used for excluding presigned_urls from API request count
         | 
| 235 | 
            +
                      context[:presigned_url] = true
         | 
| 236 | 
            +
             | 
| 171 237 | 
             
                      Seahorse::Client::Response.new(context: context, data: url)
         | 
| 172 238 | 
             
                    end
         | 
| 239 | 
            +
                    # Return the headers
         | 
| 240 | 
            +
                    x_amz_headers
         | 
| 173 241 | 
             
                  end
         | 
| 174 242 |  | 
| 175 243 | 
             
                  def build_signer(cfg, unsigned_headers)
         | 
    
        metadata
    CHANGED
    
    | @@ -1,14 +1,14 @@ | |
| 1 1 | 
             
            --- !ruby/object:Gem::Specification
         | 
| 2 2 | 
             
            name: aws-sdk-s3
         | 
| 3 3 | 
             
            version: !ruby/object:Gem::Version
         | 
| 4 | 
            -
              version: 1. | 
| 4 | 
            +
              version: 1.63.0
         | 
| 5 5 | 
             
            platform: ruby
         | 
| 6 6 | 
             
            authors:
         | 
| 7 7 | 
             
            - Amazon Web Services
         | 
| 8 8 | 
             
            autorequire: 
         | 
| 9 9 | 
             
            bindir: bin
         | 
| 10 10 | 
             
            cert_chain: []
         | 
| 11 | 
            -
            date: 2020-04- | 
| 11 | 
            +
            date: 2020-04-22 00:00:00.000000000 Z
         | 
| 12 12 | 
             
            dependencies:
         | 
| 13 13 | 
             
            - !ruby/object:Gem::Dependency
         | 
| 14 14 | 
             
              name: aws-sdk-kms
         |