aws-sdk-s3 1.75.0 → 1.79.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (34) hide show
  1. checksums.yaml +4 -4
  2. data/lib/aws-sdk-s3.rb +2 -2
  3. data/lib/aws-sdk-s3/bucket.rb +2 -2
  4. data/lib/aws-sdk-s3/client.rb +145 -119
  5. data/lib/aws-sdk-s3/encryption.rb +2 -0
  6. data/lib/aws-sdk-s3/encryption/client.rb +11 -0
  7. data/lib/aws-sdk-s3/encryption/decrypt_handler.rb +64 -29
  8. data/lib/aws-sdk-s3/encryption/default_cipher_provider.rb +41 -5
  9. data/lib/aws-sdk-s3/encryption/encrypt_handler.rb +5 -5
  10. data/lib/aws-sdk-s3/encryption/io_decrypter.rb +7 -6
  11. data/lib/aws-sdk-s3/encryption/kms_cipher_provider.rb +32 -3
  12. data/lib/aws-sdk-s3/encryption/utils.rb +23 -0
  13. data/lib/aws-sdk-s3/encryptionV2/client.rb +201 -23
  14. data/lib/aws-sdk-s3/encryptionV2/decrypt_handler.rb +40 -12
  15. data/lib/aws-sdk-s3/encryptionV2/default_cipher_provider.rb +77 -10
  16. data/lib/aws-sdk-s3/encryptionV2/default_key_provider.rb +2 -0
  17. data/lib/aws-sdk-s3/encryptionV2/encrypt_handler.rb +7 -4
  18. data/lib/aws-sdk-s3/encryptionV2/errors.rb +24 -0
  19. data/lib/aws-sdk-s3/encryptionV2/io_auth_decrypter.rb +2 -0
  20. data/lib/aws-sdk-s3/encryptionV2/io_decrypter.rb +2 -0
  21. data/lib/aws-sdk-s3/encryptionV2/io_encrypter.rb +2 -0
  22. data/lib/aws-sdk-s3/encryptionV2/key_provider.rb +2 -0
  23. data/lib/aws-sdk-s3/encryptionV2/kms_cipher_provider.rb +90 -20
  24. data/lib/aws-sdk-s3/encryptionV2/materials.rb +2 -0
  25. data/lib/aws-sdk-s3/encryptionV2/utils.rb +2 -15
  26. data/lib/aws-sdk-s3/encryption_v2.rb +4 -1
  27. data/lib/aws-sdk-s3/multipart_upload_part.rb +1 -1
  28. data/lib/aws-sdk-s3/object.rb +1 -1
  29. data/lib/aws-sdk-s3/object_summary.rb +19 -3
  30. data/lib/aws-sdk-s3/presigned_post.rb +1 -0
  31. data/lib/aws-sdk-s3/presigner.rb +2 -2
  32. data/lib/aws-sdk-s3/resource.rb +1 -1
  33. data/lib/aws-sdk-s3/types.rb +25 -8
  34. metadata +4 -4
@@ -1,3 +1,5 @@
1
+ # frozen_string_literal: true
2
+
1
3
  require 'base64'
2
4
 
3
5
  module Aws
@@ -1,3 +1,5 @@
1
+ # frozen_string_literal: true
2
+
1
3
  require 'openssl'
2
4
 
3
5
  module Aws
@@ -6,24 +8,9 @@ module Aws
6
8
  # @api private
7
9
  module Utils
8
10
 
9
- UNSAFE_MSG = "unsafe encryption, data is longer than key length"
10
-
11
11
  class << self
12
12
 
13
- def encrypt(key, data)
14
- case key
15
- when OpenSSL::PKey::RSA # asymmetric encryption
16
- warn(UNSAFE_MSG) if key.public_key.n.num_bits < cipher_size(data)
17
- key.public_encrypt(data)
18
- when String # symmetric encryption
19
- warn(UNSAFE_MSG) if cipher_size(key) < cipher_size(data)
20
- cipher = aes_encryption_cipher(:ECB, key)
21
- cipher.update(data) + cipher.final
22
- end
23
- end
24
-
25
13
  def encrypt_aes_gcm(key, data, auth_data)
26
- warn(UNSAFE_MSG) if cipher_size(key) < cipher_size(data)
27
14
  cipher = aes_encryption_cipher(:GCM, key)
28
15
  cipher.iv = (iv = cipher.random_iv)
29
16
  cipher.auth_data = auth_data
@@ -14,7 +14,10 @@ require 'aws-sdk-s3/encryptionV2/default_key_provider'
14
14
 
15
15
  module Aws
16
16
  module S3
17
- module EncryptionV2; end
17
+ module EncryptionV2
18
+ AES_GCM_TAG_LEN_BYTES = 16
19
+ EC_USER_AGENT = 'S3CryptoV2'
20
+ end
18
21
  end
19
22
  end
20
23
 
@@ -302,7 +302,7 @@ module Aws::S3
302
302
  # request_payer: "requester", # accepts requester
303
303
  # })
304
304
  # @param [Hash] options ({})
305
- # @option options [String, IO] :body
305
+ # @option options [String, StringIO, File] :body
306
306
  # Object data.
307
307
  # @option options [Integer] :content_length
308
308
  # Size of the body in bytes. This parameter is useful when the size of
@@ -983,7 +983,7 @@ module Aws::S3
983
983
  #
984
984
  #
985
985
  # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#CannedACL
986
- # @option options [String, IO] :body
986
+ # @option options [String, StringIO, File] :body
987
987
  # Object data.
988
988
  # @option options [String] :cache_control
989
989
  # Can be used to specify caching behavior along the request/reply chain.
@@ -48,8 +48,24 @@ module Aws::S3
48
48
  data[:last_modified]
49
49
  end
50
50
 
51
- # The entity tag is an MD5 hash of the object. ETag reflects only
52
- # changes to the contents of an object, not its metadata.
51
+ # The entity tag is a hash of the object. The ETag reflects changes only
52
+ # to the contents of an object, not its metadata. The ETag may or may
53
+ # not be an MD5 digest of the object data. Whether or not it is depends
54
+ # on how the object was created and how it is encrypted as described
55
+ # below:
56
+ #
57
+ # * Objects created by the PUT Object, POST Object, or Copy operation,
58
+ # or through the AWS Management Console, and are encrypted by SSE-S3
59
+ # or plaintext, have ETags that are an MD5 digest of their object
60
+ # data.
61
+ #
62
+ # * Objects created by the PUT Object, POST Object, or Copy operation,
63
+ # or through the AWS Management Console, and are encrypted by SSE-C or
64
+ # SSE-KMS, have ETags that are not an MD5 digest of their object data.
65
+ #
66
+ # * If an object is created by either the Multipart Upload or Part Copy
67
+ # operation, the ETag is not an MD5 digest, regardless of the method
68
+ # of encryption.
53
69
  # @return [String]
54
70
  def etag
55
71
  data[:etag]
@@ -733,7 +749,7 @@ module Aws::S3
733
749
  #
734
750
  #
735
751
  # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/acl-overview.html#CannedACL
736
- # @option options [String, IO] :body
752
+ # @option options [String, StringIO, File] :body
737
753
  # Object data.
738
754
  # @option options [String] :cache_control
739
755
  # Can be used to specify caching behavior along the request/reply chain.
@@ -237,6 +237,7 @@ module Aws
237
237
  @bucket_region = bucket_region
238
238
  @bucket_name = bucket_name
239
239
  @accelerate = !!options.delete(:use_accelerate_endpoint)
240
+ options.delete(:url) if @accelerate # resource methods pass url
240
241
  @url = options.delete(:url) || bucket_url
241
242
  @fields = {}
242
243
  @key_set = false
@@ -41,7 +41,7 @@ module Aws
41
41
  # signer = Aws::S3::Presigner.new
42
42
  # url = signer.presigned_url(:get_object, bucket: "bucket", key: "key")
43
43
  #
44
- # @param [Symbol] :method Symbolized method name of the operation you want
44
+ # @param [Symbol] method Symbolized method name of the operation you want
45
45
  # to presign.
46
46
  #
47
47
  # @option params [Integer] :expires_in (900) The number of seconds
@@ -89,7 +89,7 @@ module Aws
89
89
  # :get_object, bucket: "bucket", key: "key"
90
90
  # )
91
91
  #
92
- # @param [Symbol] :method Symbolized method name of the operation you want
92
+ # @param [Symbol] method Symbolized method name of the operation you want
93
93
  # to presign.
94
94
  #
95
95
  # @option params [Integer] :expires_in (900) The number of seconds
@@ -41,7 +41,7 @@ module Aws::S3
41
41
  # acl: "private", # accepts private, public-read, public-read-write, authenticated-read
42
42
  # bucket: "BucketName", # required
43
43
  # create_bucket_configuration: {
44
- # location_constraint: "EU", # accepts EU, eu-west-1, us-west-1, us-west-2, ap-south-1, ap-southeast-1, ap-southeast-2, ap-northeast-1, sa-east-1, cn-north-1, eu-central-1
44
+ # location_constraint: "af-south-1", # accepts af-south-1, ap-east-1, ap-northeast-1, ap-northeast-2, ap-northeast-3, ap-south-1, ap-southeast-1, ap-southeast-2, ca-central-1, cn-north-1, cn-northwest-1, EU, eu-central-1, eu-north-1, eu-south-1, eu-west-1, eu-west-2, eu-west-3, me-south-1, sa-east-1, us-east-2, us-gov-east-1, us-gov-west-1, us-west-1, us-west-2
45
45
  # },
46
46
  # grant_full_control: "GrantFullControl",
47
47
  # grant_read: "GrantRead",
@@ -1517,7 +1517,7 @@ module Aws::S3
1517
1517
  # data as a hash:
1518
1518
  #
1519
1519
  # {
1520
- # location_constraint: "EU", # accepts EU, eu-west-1, us-west-1, us-west-2, ap-south-1, ap-southeast-1, ap-southeast-2, ap-northeast-1, sa-east-1, cn-north-1, eu-central-1
1520
+ # location_constraint: "af-south-1", # accepts af-south-1, ap-east-1, ap-northeast-1, ap-northeast-2, ap-northeast-3, ap-south-1, ap-southeast-1, ap-southeast-2, ca-central-1, cn-north-1, cn-northwest-1, EU, eu-central-1, eu-north-1, eu-south-1, eu-west-1, eu-west-2, eu-west-3, me-south-1, sa-east-1, us-east-2, us-gov-east-1, us-gov-west-1, us-west-1, us-west-2
1521
1521
  # }
1522
1522
  #
1523
1523
  # @!attribute [rw] location_constraint
@@ -1555,7 +1555,7 @@ module Aws::S3
1555
1555
  # acl: "private", # accepts private, public-read, public-read-write, authenticated-read
1556
1556
  # bucket: "BucketName", # required
1557
1557
  # create_bucket_configuration: {
1558
- # location_constraint: "EU", # accepts EU, eu-west-1, us-west-1, us-west-2, ap-south-1, ap-southeast-1, ap-southeast-2, ap-northeast-1, sa-east-1, cn-north-1, eu-central-1
1558
+ # location_constraint: "af-south-1", # accepts af-south-1, ap-east-1, ap-northeast-1, ap-northeast-2, ap-northeast-3, ap-south-1, ap-southeast-1, ap-southeast-2, ca-central-1, cn-north-1, cn-northwest-1, EU, eu-central-1, eu-north-1, eu-south-1, eu-west-1, eu-west-2, eu-west-3, me-south-1, sa-east-1, us-east-2, us-gov-east-1, us-gov-west-1, us-west-1, us-west-2
1559
1559
  # },
1560
1560
  # grant_full_control: "GrantFullControl",
1561
1561
  # grant_read: "GrantRead",
@@ -2457,7 +2457,7 @@ module Aws::S3
2457
2457
  # @return [String]
2458
2458
  #
2459
2459
  # @!attribute [rw] key
2460
- # Name of the tag.
2460
+ # Name of the object key.
2461
2461
  # @return [String]
2462
2462
  #
2463
2463
  # @!attribute [rw] version_id
@@ -7042,7 +7042,7 @@ module Aws::S3
7042
7042
  # in the subsequent request to get next set of objects. Amazon S3
7043
7043
  # lists objects in alphabetical order Note: This element is returned
7044
7044
  # only if you have delimiter request parameter specified. If response
7045
- # does not include the NextMaker and it is truncated, you can use the
7045
+ # does not include the NextMarker and it is truncated, you can use the
7046
7046
  # value of the last Key in the response as the marker in the
7047
7047
  # subsequent request to get the next set of object keys.
7048
7048
  # @return [String]
@@ -8140,8 +8140,25 @@ module Aws::S3
8140
8140
  # @return [Time]
8141
8141
  #
8142
8142
  # @!attribute [rw] etag
8143
- # The entity tag is an MD5 hash of the object. ETag reflects only
8144
- # changes to the contents of an object, not its metadata.
8143
+ # The entity tag is a hash of the object. The ETag reflects changes
8144
+ # only to the contents of an object, not its metadata. The ETag may or
8145
+ # may not be an MD5 digest of the object data. Whether or not it is
8146
+ # depends on how the object was created and how it is encrypted as
8147
+ # described below:
8148
+ #
8149
+ # * Objects created by the PUT Object, POST Object, or Copy operation,
8150
+ # or through the AWS Management Console, and are encrypted by SSE-S3
8151
+ # or plaintext, have ETags that are an MD5 digest of their object
8152
+ # data.
8153
+ #
8154
+ # * Objects created by the PUT Object, POST Object, or Copy operation,
8155
+ # or through the AWS Management Console, and are encrypted by SSE-C
8156
+ # or SSE-KMS, have ETags that are not an MD5 digest of their object
8157
+ # data.
8158
+ #
8159
+ # * If an object is created by either the Multipart Upload or Part
8160
+ # Copy operation, the ETag is not an MD5 digest, regardless of the
8161
+ # method of encryption.
8145
8162
  # @return [String]
8146
8163
  #
8147
8164
  # @!attribute [rw] size
@@ -10553,7 +10570,7 @@ module Aws::S3
10553
10570
  # @return [String]
10554
10571
  #
10555
10572
  # @!attribute [rw] key
10556
- # Name of the tag.
10573
+ # Name of the object key.
10557
10574
  # @return [String]
10558
10575
  #
10559
10576
  # @!attribute [rw] version_id
@@ -12453,7 +12470,7 @@ module Aws::S3
12453
12470
  # }
12454
12471
  #
12455
12472
  # @!attribute [rw] key
12456
- # Name of the tag.
12473
+ # Name of the object key.
12457
12474
  # @return [String]
12458
12475
  #
12459
12476
  # @!attribute [rw] value
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: aws-sdk-s3
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.75.0
4
+ version: 1.79.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Amazon Web Services
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2020-07-21 00:00:00.000000000 Z
11
+ date: 2020-08-26 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: aws-sdk-kms
@@ -47,7 +47,7 @@ dependencies:
47
47
  version: '3'
48
48
  - - ">="
49
49
  - !ruby/object:Gem::Version
50
- version: 3.104.1
50
+ version: 3.104.3
51
51
  type: :runtime
52
52
  prerelease: false
53
53
  version_requirements: !ruby/object:Gem::Requirement
@@ -57,7 +57,7 @@ dependencies:
57
57
  version: '3'
58
58
  - - ">="
59
59
  - !ruby/object:Gem::Version
60
- version: 3.104.1
60
+ version: 3.104.3
61
61
  description: Official AWS Ruby gem for Amazon Simple Storage Service (Amazon S3).
62
62
  This gem is part of the AWS SDK for Ruby.
63
63
  email: