aws-sdk-s3 1.75.0

data/lib/aws-sdk-s3/plugins/accelerate.rb

@@ -0,0 +1,87 @@
+# frozen_string_literal: true
+
+module Aws
+  module S3
+    module Plugins
+      # Provides support for using `Aws::S3::Client` with Amazon S3 Transfer
+      # Acceleration.
+      #
+      # Go here for more information about transfer acceleration:
+      # [http://docs.aws.amazon.com/AmazonS3/latest/dev/transfer-acceleration.html](http://docs.aws.amazon.com/AmazonS3/latest/dev/transfer-acceleration.html)
+      class Accelerate < Seahorse::Client::Plugin
+        option(
+          :use_accelerate_endpoint,
+          default: false,
+          doc_type: 'Boolean',
+          docstring: <<-DOCS)
+When set to `true`, accelerated bucket endpoints will be used
+for all object operations. You must first enable accelerate for
+each bucket. [Go here for more information](http://docs.aws.amazon.com/AmazonS3/latest/dev/transfer-acceleration.html).
+          DOCS
+
+        def add_handlers(handlers, config)
+          operations = config.api.operation_names - [
+            :create_bucket, :list_buckets, :delete_bucket
+          ]
+          # Need 2 handlers so that the context can be set for other plugins
+          # and to remove :use_accelerate_endpoint from the params.
+          handlers.add(
+            OptionHandler, step: :initialize, operations: operations
+          )
+          handlers.add(
+            AccelerateHandler, step: :build, priority: 0, operations: operations
+          )
+        end
+
+        # @api private
+        class OptionHandler < Seahorse::Client::Handler
+          def call(context)
+            # Support client configuration and per-operation configuration
+            if context.params.is_a?(Hash)
+              accelerate = context.params.delete(:use_accelerate_endpoint)
+            end
+            if accelerate.nil?
+              accelerate = context.config.use_accelerate_endpoint
+            end
+            context[:use_accelerate_endpoint] = accelerate
+            @handler.call(context)
+          end
+        end
+
+        # @api private
+        class AccelerateHandler < Seahorse::Client::Handler
+          def call(context)
+            if context[:use_accelerate_endpoint]
+              dualstack = !!context[:use_dualstack_endpoint]
+              use_accelerate_endpoint(context, dualstack)
+            end
+            @handler.call(context)
+          end
+
+          private
+
+          def use_accelerate_endpoint(context, dualstack)
+            bucket_name = context.params[:bucket]
+            validate_bucket_name!(bucket_name)
+            endpoint = URI.parse(context.http_request.endpoint.to_s)
+            endpoint.scheme = 'https'
+            endpoint.port = 443
+            endpoint.host = "#{bucket_name}.s3-accelerate"\
+                            "#{'.dualstack' if dualstack}.amazonaws.com"
+            context.http_request.endpoint = endpoint.to_s
+            # s3 accelerate endpoint doesn't work with 'expect' header
+            context.http_request.headers.delete('expect')
+          end
+
+          def validate_bucket_name!(bucket_name)
+            unless BucketDns.dns_compatible?(bucket_name, _ssl = true)
+              raise ArgumentError,
+                    'Unable to use `use_accelerate_endpoint: true` on buckets '\
+                    'with non-DNS compatible names.'
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/aws-sdk-s3/plugins/bucket_arn.rb

@@ -0,0 +1,212 @@
+# frozen_string_literal: true
+
+module Aws
+  module S3
+    module Plugins
+      # When an accesspoint ARN is provided for :bucket in S3 operations, this
+      # plugin resolves the request endpoint from the ARN when possible.
+      class BucketARN < Seahorse::Client::Plugin
+        option(
+          :s3_use_arn_region,
+          default: true,
+          doc_type: 'Boolean',
+          docstring: <<-DOCS) do |cfg|
+By default, the SDK will use the S3 ARN region, and cross-region
+requests could be made. Set to `false` to not use the region from
+the S3 ARN.
+          DOCS
+          resolve_s3_use_arn_region(cfg)
+        end
+
+        def add_handlers(handlers, _config)
+          handlers.add(Handler)
+        end
+
+        # @api private
+        class Handler < Seahorse::Client::Handler
+          def call(context)
+            bucket_member = _bucket_member(context.operation.input.shape)
+            if bucket_member && (bucket = context.params[bucket_member])
+              _resolved_bucket, _resolved_region, arn = BucketARN.resolve_arn!(
+                bucket,
+                context.config.region,
+                context.config.s3_use_arn_region
+              )
+              if arn
+                if arn.resource.start_with?('accesspoint')
+                  validate_config!(context.config)
+                end
+
+                dualstack = extract_dualstack_config!(context)
+
+                BucketARN.resolve_url!(
+                  context.http_request.endpoint,
+                  arn,
+                  dualstack
+                )
+              end
+            end
+            @handler.call(context)
+          end
+
+          private
+
+          def _bucket_member(input)
+            input.members.each do |member, ref|
+              return member if ref.shape.name == 'BucketName'
+            end
+            nil
+          end
+
+          # other plugins use dualstack so disable it when we're done
+          def extract_dualstack_config!(context)
+            dualstack = context[:use_dualstack_endpoint]
+            context[:use_dualstack_endpoint] = false if dualstack
+            dualstack
+          end
+
+          def validate_config!(config)
+            unless config.regional_endpoint
+              raise ArgumentError,
+                'Cannot provide both an accesspoint ARN and :endpoint.'
+            end
+
+            if config.use_accelerate_endpoint
+              raise ArgumentError,
+                'Cannot provide both an accesspoint ARN and setting '\
+                ':use_accelerate_endpoint to true.'
+            end
+
+            if config.force_path_style
+              raise ArgumentError,
+                'Cannot provide both an accesspoint ARN and setting '\
+                ':force_path_style to true.'
+            end
+          end
+        end
+
+        class << self
+
+          # @api private
+          def resolve_arn!(bucket_name, region, s3_use_arn_region)
+            if Aws::ARNParser.arn?(bucket_name)
+              arn = Aws::ARNParser.parse(bucket_name)
+              validate_s3_arn!(arn)
+              validate_region!(arn, region, s3_use_arn_region)
+              if arn.resource.start_with?('accesspoint')
+                region = arn.region if s3_use_arn_region
+                [bucket_name, region, arn]
+              else
+                raise ArgumentError,
+                  'Only accesspoint type ARNs are currently supported.'
+              end
+            else
+              [bucket_name, region]
+            end
+          end
+
+          # @api private
+          def resolve_url!(url, arn, dualstack = false)
+            if arn.resource.start_with?('accesspoint')
+              url.host = accesspoint_arn_host(arn, dualstack)
+            else
+              raise ArgumentError,
+                'Only accesspoint type ARNs are currently supported.'
+            end
+            url.path = url_path(url.path, arn)
+            url
+          end
+
+          private
+
+          def accesspoint_arn_host(arn, dualstack)
+            _resource_type, resource_name = parse_resource(arn.resource)
+            sfx = Aws::Partitions::EndpointProvider.dns_suffix_for(arn.region)
+            "#{resource_name}-#{arn.account_id}"\
+            '.s3-accesspoint'\
+            "#{'.dualstack' if dualstack}"\
+            ".#{arn.region}.#{sfx}"
+          end
+
+          def parse_resource(str)
+            slash = str.index('/') || str.length
+            colon = str.index(':') || str.length
+            delimiter = slash < colon ? slash : colon
+            if delimiter < str.length
+              [str[0..(delimiter - 1)], str[(delimiter + 1)..-1]]
+            else
+              [nil, str]
+            end
+          end
+
+          def resolve_s3_use_arn_region(cfg)
+            value = ENV['AWS_S3_USE_ARN_REGION'] ||
+                    Aws.shared_config.s3_use_arn_region(profile: cfg.profile) ||
+                    'true'
+
+            # Raise if provided value is not true or false
+            if value != 'true' && value != 'false'
+              raise ArgumentError,
+                'Must provide either `true` or `false` for '\
+                's3_use_arn_region profile option or for '\
+                'ENV[\'AWS_S3_USE_ARN_REGION\']'
+            end
+
+            value == 'true'
+          end
+
+          def url_path(path, arn)
+            path = path.sub("/#{Seahorse::Util.uri_escape(arn.to_s)}", '')
+                       .sub("/#{arn}", '')
+            "/#{path}" unless path.match(/^\//)
+            path
+          end
+
+          def validate_s3_arn!(arn)
+            _resource_type, resource_name = parse_resource(arn.resource)
+
+            unless arn.service == 's3'
+              raise ArgumentError, 'Must provide an S3 ARN.'
+            end
+
+            if arn.region.empty? || arn.account_id.empty?
+              raise ArgumentError,
+                'S3 Access Point ARNs must contain both a valid region '\
+                ' and a valid account id.'
+            end
+
+            if resource_name.include?(':') || resource_name.include?('/')
+              raise ArgumentError,
+                'ARN resource id must be a single value.'
+            end
+
+            unless Plugins::BucketDns.valid_subdomain?(
+              "#{resource_name}-#{arn.account_id}"
+            )
+              raise ArgumentError,
+                "#{resource_name}-#{arn.account_id} is not a "\
+                'valid subdomain.'
+            end
+          end
+
+          def validate_region!(arn, region, s3_use_arn_region)
+            if region.include?('fips')
+              raise ArgumentError,
+                'FIPS client regions are currently not supported with '\
+                'accesspoint ARNs.'
+            end
+
+            if s3_use_arn_region &&
+               !Aws::Partitions.partition(arn.partition).region?(region)
+              raise Aws::Errors::InvalidARNPartitionError
+            end
+
+            if !s3_use_arn_region && region != arn.region
+              raise Aws::Errors::InvalidARNRegionError
+            end
+          end
+        end
+      end
+    end
+  end
+end

data/lib/aws-sdk-s3/plugins/bucket_dns.rb

@@ -0,0 +1,91 @@
+# frozen_string_literal: true
+
+module Aws
+  module S3
+    module Plugins
+
+      # Amazon S3 requires DNS style addressing for buckets outside of
+      # the classic region when possible.
+      class BucketDns < Seahorse::Client::Plugin
+
+        # When set to `false` DNS compatible bucket names are moved from
+        # the request URI path to the host as a subdomain, unless the request
+        # is using SSL and the bucket name contains a dot.
+        #
+        # When set to `true`, the bucket name is always forced to be part
+        # of the request URI path.  This will not work with buckets outside
+        # the classic region.
+        option(:force_path_style,
+          default: false,
+          doc_type: 'Boolean',
+          docstring: <<-DOCS)
+When set to `true`, the bucket name is always left in the
+request URI and never moved to the host as a sub-domain.
+          DOCS
+
+        def add_handlers(handlers, config)
+          handlers.add(Handler) unless config.force_path_style
+        end
+
+        # @api private
+        class Handler < Seahorse::Client::Handler
+
+          def call(context)
+            move_dns_compat_bucket_to_subdomain(context)
+            @handler.call(context)
+          end
+
+          private
+
+          def move_dns_compat_bucket_to_subdomain(context)
+            bucket_name = context.params[:bucket]
+            endpoint = context.http_request.endpoint
+            if bucket_name &&
+               BucketDns.dns_compatible?(bucket_name, https?(endpoint)) &&
+               context.operation_name.to_s != 'get_bucket_location'
+              move_bucket_to_subdomain(bucket_name, endpoint)
+            end
+          end
+
+          def move_bucket_to_subdomain(bucket_name, endpoint)
+            endpoint.host = "#{bucket_name}.#{endpoint.host}"
+            path = endpoint.path.sub("/#{bucket_name}", '')
+            path = "/#{path}" unless path.match(/^\//)
+            endpoint.path = path
+          end
+
+          def https?(uri)
+            uri.scheme == 'https'
+          end
+
+        end
+
+        class << self
+
+          # @param [String] bucket_name
+          # @param [Boolean] ssl
+          # @return [Boolean]
+          def dns_compatible?(bucket_name, ssl)
+            if valid_subdomain?(bucket_name)
+              bucket_name.match(/\./) && ssl ? false : true
+            else
+              false
+            end
+          end
+
+          # Checks for a valid RFC-3986 host name
+          # @see https://tools.ietf.org/html/rfc3986#section-3.2.2
+          # @param [String] bucket_name
+          # @return [Boolean]
+          def valid_subdomain?(bucket_name)
+            bucket_name.size < 64 &&
+            bucket_name =~ /^[a-z0-9][a-z0-9.-]+[a-z0-9]$/ &&
+            bucket_name !~ /(\d+\.){3}\d+/ &&
+            bucket_name !~ /[.-]{2}/
+          end
+
+        end
+      end
+    end
+  end
+end

data/lib/aws-sdk-s3/plugins/bucket_name_restrictions.rb

@@ -0,0 +1,45 @@
+# frozen_string_literal: true
+
+module Aws
+  module S3
+    module Plugins
+      # @api private
+      class BucketNameRestrictions < Seahorse::Client::Plugin
+        class Handler < Seahorse::Client::Handler
+
+          # Useful because Aws::S3::Errors::SignatureDoesNotMatch is thrown
+          # when passed a bucket with a forward slash. Instead provide a more
+          # helpful error. Ideally should not be a plugin?
+          def call(context)
+            bucket_member = _bucket_member(context.operation.input.shape)
+            if bucket_member && (bucket = context.params[bucket_member])
+              _resolved_bucket, _resolved_region, arn = BucketARN.resolve_arn!(
+                bucket,
+                context.config.region,
+                context.config.s3_use_arn_region
+              )
+              if !arn && bucket.include?('/')
+                raise ArgumentError,
+                      'bucket name must not contain a forward-slash (/)'
+              end
+            end
+            @handler.call(context)
+          end
+
+          private
+
+          def _bucket_member(input)
+            input.members.each do |member, ref|
+              return member if ref.shape.name == 'BucketName'
+            end
+            nil
+          end
+
+        end
+
+        handler(Handler)
+
+      end
+    end
+  end
+end

data/lib/aws-sdk-s3/plugins/dualstack.rb

@@ -0,0 +1,74 @@
+# frozen_string_literal: true
+
+module Aws
+  module S3
+    module Plugins
+      # @api private
+      class Dualstack < Seahorse::Client::Plugin
+
+        option(:use_dualstack_endpoint,
+          default: false,
+          doc_type: 'Boolean',
+          docstring: <<-DOCS)
+When set to `true`, IPv6-compatible bucket endpoints will be used
+for all operations.
+          DOCS
+
+        def add_handlers(handlers, config)
+          handlers.add(OptionHandler, step: :initialize)
+          handlers.add(DualstackHandler, step: :build, priority: 0)
+        end
+
+        # @api private
+        class OptionHandler < Seahorse::Client::Handler
+          def call(context)
+            if context.params.is_a?(Hash)
+              dualstack = context.params.delete(:use_dualstack_endpoint)
+            end
+            dualstack = context.config.use_dualstack_endpoint if dualstack.nil?
+            context[:use_dualstack_endpoint] = dualstack
+            @handler.call(context)
+          end
+        end
+
+        # @api private
+        class DualstackHandler < Seahorse::Client::Handler
+          def call(context)
+            apply_dualstack_endpoint(context) if use_dualstack_endpoint?(context)
+            @handler.call(context)
+          end
+
+          private
+          def apply_dualstack_endpoint(context)
+            bucket_name = context.params[:bucket]
+            region = context.config.region
+            context.config.force_path_style
+            dns_suffix = Aws::Partitions::EndpointProvider.dns_suffix_for(region)
+
+            if use_bucket_dns?(bucket_name, context)
+              host = "#{bucket_name}.s3.dualstack.#{region}.#{dns_suffix}"
+            else
+              host = "s3.dualstack.#{region}.#{dns_suffix}"
+            end
+            endpoint = URI.parse(context.http_request.endpoint.to_s)
+            endpoint.scheme = context.http_request.endpoint.scheme
+            endpoint.port = context.http_request.endpoint.port
+            endpoint.host = host
+            context.http_request.endpoint = endpoint.to_s
+          end
+
+          def use_bucket_dns?(bucket_name, context)
+            ssl = context.http_request.endpoint.scheme == "https"
+            bucket_name && BucketDns.dns_compatible?(bucket_name, ssl) &&
+              !context.config.force_path_style
+          end
+
+          def use_dualstack_endpoint?(context)
+            context[:use_dualstack_endpoint] && !context[:use_accelerate_endpoint]
+          end
+        end
+
+      end
+    end
+  end
+end