aws-sdk-s3 1.79.0 → 1.82.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/aws-sdk-s3.rb +2 -1
- data/lib/aws-sdk-s3/arn/access_point_arn.rb +62 -0
- data/lib/aws-sdk-s3/arn/outpost_access_point_arn.rb +71 -0
- data/lib/aws-sdk-s3/bucket.rb +34 -3
- data/lib/aws-sdk-s3/bucket_acl.rb +5 -0
- data/lib/aws-sdk-s3/bucket_cors.rb +12 -1
- data/lib/aws-sdk-s3/bucket_lifecycle.rb +12 -1
- data/lib/aws-sdk-s3/bucket_lifecycle_configuration.rb +12 -1
- data/lib/aws-sdk-s3/bucket_logging.rb +5 -0
- data/lib/aws-sdk-s3/bucket_notification.rb +5 -0
- data/lib/aws-sdk-s3/bucket_policy.rb +12 -1
- data/lib/aws-sdk-s3/bucket_request_payment.rb +5 -0
- data/lib/aws-sdk-s3/bucket_tagging.rb +12 -1
- data/lib/aws-sdk-s3/bucket_versioning.rb +15 -0
- data/lib/aws-sdk-s3/bucket_website.rb +12 -1
- data/lib/aws-sdk-s3/client.rb +1753 -555
- data/lib/aws-sdk-s3/client_api.rb +87 -0
- data/lib/aws-sdk-s3/customizations/bucket.rb +7 -4
- data/lib/aws-sdk-s3/multipart_upload.rb +15 -0
- data/lib/aws-sdk-s3/multipart_upload_part.rb +63 -6
- data/lib/aws-sdk-s3/object.rb +97 -14
- data/lib/aws-sdk-s3/object_acl.rb +5 -0
- data/lib/aws-sdk-s3/object_summary.rb +92 -10
- data/lib/aws-sdk-s3/object_version.rb +22 -2
- data/lib/aws-sdk-s3/plugins/arn.rb +187 -0
- data/lib/aws-sdk-s3/plugins/bucket_dns.rb +0 -2
- data/lib/aws-sdk-s3/plugins/bucket_name_restrictions.rb +1 -1
- data/lib/aws-sdk-s3/plugins/s3_signer.rb +29 -7
- data/lib/aws-sdk-s3/presigned_post.rb +1 -0
- data/lib/aws-sdk-s3/presigner.rb +1 -0
- data/lib/aws-sdk-s3/types.rb +1296 -147
- metadata +7 -5
- data/lib/aws-sdk-s3/plugins/bucket_arn.rb +0 -212
@@ -228,6 +228,7 @@ module Aws::S3
|
|
228
228
|
# grant_write_acp: "GrantWriteACP",
|
229
229
|
# request_payer: "requester", # accepts requester
|
230
230
|
# version_id: "ObjectVersionId",
|
231
|
+
# expected_bucket_owner: "AccountId",
|
231
232
|
# })
|
232
233
|
# @param [Hash] options ({})
|
233
234
|
# @option options [String] :acl
|
@@ -273,6 +274,10 @@ module Aws::S3
|
|
273
274
|
# [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html
|
274
275
|
# @option options [String] :version_id
|
275
276
|
# VersionId used to reference a specific version of the object.
|
277
|
+
# @option options [String] :expected_bucket_owner
|
278
|
+
# The account id of the expected bucket owner. If the bucket is owned by
|
279
|
+
# a different account, the request will fail with an HTTP `403 (Access
|
280
|
+
# Denied)` error.
|
276
281
|
# @return [Types::PutObjectAclOutput]
|
277
282
|
def put(options = {})
|
278
283
|
options = options.merge(
|
@@ -295,7 +295,7 @@ module Aws::S3
|
|
295
295
|
# metadata_directive: "COPY", # accepts COPY, REPLACE
|
296
296
|
# tagging_directive: "COPY", # accepts COPY, REPLACE
|
297
297
|
# server_side_encryption: "AES256", # accepts AES256, aws:kms
|
298
|
-
# storage_class: "STANDARD", # accepts STANDARD, REDUCED_REDUNDANCY, STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER, DEEP_ARCHIVE
|
298
|
+
# storage_class: "STANDARD", # accepts STANDARD, REDUCED_REDUNDANCY, STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER, DEEP_ARCHIVE, OUTPOSTS
|
299
299
|
# website_redirect_location: "WebsiteRedirectLocation",
|
300
300
|
# sse_customer_algorithm: "SSECustomerAlgorithm",
|
301
301
|
# sse_customer_key: "SSECustomerKey",
|
@@ -310,6 +310,8 @@ module Aws::S3
|
|
310
310
|
# object_lock_mode: "GOVERNANCE", # accepts GOVERNANCE, COMPLIANCE
|
311
311
|
# object_lock_retain_until_date: Time.now,
|
312
312
|
# object_lock_legal_hold_status: "ON", # accepts ON, OFF
|
313
|
+
# expected_bucket_owner: "AccountId",
|
314
|
+
# expected_source_bucket_owner: "AccountId",
|
313
315
|
# })
|
314
316
|
# @param [Hash] options ({})
|
315
317
|
# @option options [String] :acl
|
@@ -327,8 +329,50 @@ module Aws::S3
|
|
327
329
|
# @option options [String] :content_type
|
328
330
|
# A standard MIME type describing the format of the object data.
|
329
331
|
# @option options [required, String] :copy_source
|
330
|
-
#
|
331
|
-
#
|
332
|
+
# Specifies the source object for the copy operation. You specify the
|
333
|
+
# value in one of two formats, depending on whether you want to access
|
334
|
+
# the source object through an [access point][1]\:
|
335
|
+
#
|
336
|
+
# * For objects not accessed through an access point, specify the name
|
337
|
+
# of the source bucket and the key of the source object, separated by
|
338
|
+
# a slash (/). For example, to copy the object `reports/january.pdf`
|
339
|
+
# from the bucket `awsexamplebucket`, use
|
340
|
+
# `awsexamplebucket/reports/january.pdf`. The value must be URL
|
341
|
+
# encoded.
|
342
|
+
#
|
343
|
+
# * For objects accessed through access points, specify the Amazon
|
344
|
+
# Resource Name (ARN) of the object as accessed through the access
|
345
|
+
# point, in the format
|
346
|
+
# `arn:aws:s3:<Region>:<account-id>:accesspoint/<access-point-name>/object/<key>`.
|
347
|
+
# For example, to copy the object `reports/january.pdf` through access
|
348
|
+
# point `my-access-point` owned by account `123456789012` in Region
|
349
|
+
# `us-west-2`, use the URL encoding of
|
350
|
+
# `arn:aws:s3:us-west-2:123456789012:accesspoint/my-access-point/object/reports/january.pdf`.
|
351
|
+
# The value must be URL encoded.
|
352
|
+
#
|
353
|
+
# <note markdown="1"> Amazon S3 supports copy operations using access points only when the
|
354
|
+
# source and destination buckets are in the same AWS Region.
|
355
|
+
#
|
356
|
+
# </note>
|
357
|
+
#
|
358
|
+
# Alternatively, for objects accessed through Amazon S3 on Outposts,
|
359
|
+
# specify the ARN of the object as accessed in the format
|
360
|
+
# `arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/object/<key>`.
|
361
|
+
# For example, to copy the object `reports/january.pdf` through
|
362
|
+
# outpost `my-outpost` owned by account `123456789012` in Region
|
363
|
+
# `us-west-2`, use the URL encoding of
|
364
|
+
# `arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/object/reports/january.pdf`.
|
365
|
+
# The value must be URL encoded.
|
366
|
+
#
|
367
|
+
# To copy a specific version of an object, append
|
368
|
+
# `?versionId=<version-id>` to the value (for example,
|
369
|
+
# `awsexamplebucket/reports/january.pdf?versionId=QUpfdndhfd8438MNFDN93jdnJFkdmqnh893`).
|
370
|
+
# If you don't specify a version ID, Amazon S3 copies the latest
|
371
|
+
# version of the source object.
|
372
|
+
#
|
373
|
+
#
|
374
|
+
#
|
375
|
+
# [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/access-points.html
|
332
376
|
# @option options [String] :copy_source_if_match
|
333
377
|
# Copies the object if its entity tag (ETag) matches the specified tag.
|
334
378
|
# @option options [Time,DateTime,Date,Integer,String] :copy_source_if_modified_since
|
@@ -375,7 +419,7 @@ module Aws::S3
|
|
375
419
|
# encrypting data. This value is used to store the object and then it is
|
376
420
|
# discarded; Amazon S3 does not store the encryption key. The key must
|
377
421
|
# be appropriate for use with the algorithm specified in the
|
378
|
-
# `x-amz-server-side
|
422
|
+
# `x-amz-server-side-encryption-customer-algorithm` header.
|
379
423
|
# @option options [String] :sse_customer_key_md5
|
380
424
|
# Specifies the 128-bit MD5 digest of the encryption key according to
|
381
425
|
# RFC 1321. Amazon S3 uses this header for a message integrity check to
|
@@ -427,6 +471,14 @@ module Aws::S3
|
|
427
471
|
# expire.
|
428
472
|
# @option options [String] :object_lock_legal_hold_status
|
429
473
|
# Specifies whether you want to apply a Legal Hold to the copied object.
|
474
|
+
# @option options [String] :expected_bucket_owner
|
475
|
+
# The account id of the expected destination bucket owner. If the
|
476
|
+
# destination bucket is owned by a different account, the request will
|
477
|
+
# fail with an HTTP `403 (Access Denied)` error.
|
478
|
+
# @option options [String] :expected_source_bucket_owner
|
479
|
+
# The account id of the expected source bucket owner. If the source
|
480
|
+
# bucket is owned by a different account, the request will fail with an
|
481
|
+
# HTTP `403 (Access Denied)` error.
|
430
482
|
# @return [Types::CopyObjectOutput]
|
431
483
|
def copy_from(options = {})
|
432
484
|
options = options.merge(
|
@@ -444,6 +496,7 @@ module Aws::S3
|
|
444
496
|
# version_id: "ObjectVersionId",
|
445
497
|
# request_payer: "requester", # accepts requester
|
446
498
|
# bypass_governance_retention: false,
|
499
|
+
# expected_bucket_owner: "AccountId",
|
447
500
|
# })
|
448
501
|
# @param [Hash] options ({})
|
449
502
|
# @option options [String] :mfa
|
@@ -466,6 +519,10 @@ module Aws::S3
|
|
466
519
|
# @option options [Boolean] :bypass_governance_retention
|
467
520
|
# Indicates whether S3 Object Lock should bypass Governance-mode
|
468
521
|
# restrictions to process this operation.
|
522
|
+
# @option options [String] :expected_bucket_owner
|
523
|
+
# The account id of the expected bucket owner. If the bucket is owned by
|
524
|
+
# a different account, the request will fail with an HTTP `403 (Access
|
525
|
+
# Denied)` error.
|
469
526
|
# @return [Types::DeleteObjectOutput]
|
470
527
|
def delete(options = {})
|
471
528
|
options = options.merge(
|
@@ -496,6 +553,7 @@ module Aws::S3
|
|
496
553
|
# sse_customer_key_md5: "SSECustomerKeyMD5",
|
497
554
|
# request_payer: "requester", # accepts requester
|
498
555
|
# part_number: 1,
|
556
|
+
# expected_bucket_owner: "AccountId",
|
499
557
|
# })
|
500
558
|
# @param [Hash] options ({})
|
501
559
|
# @option options [String] :if_match
|
@@ -545,7 +603,7 @@ module Aws::S3
|
|
545
603
|
# encrypting data. This value is used to store the object and then it is
|
546
604
|
# discarded; Amazon S3 does not store the encryption key. The key must
|
547
605
|
# be appropriate for use with the algorithm specified in the
|
548
|
-
# `x-amz-server-side
|
606
|
+
# `x-amz-server-side-encryption-customer-algorithm` header.
|
549
607
|
# @option options [String] :sse_customer_key_md5
|
550
608
|
# Specifies the 128-bit MD5 digest of the encryption key according to
|
551
609
|
# RFC 1321. Amazon S3 uses this header for a message integrity check to
|
@@ -565,6 +623,10 @@ module Aws::S3
|
|
565
623
|
# between 1 and 10,000. Effectively performs a 'ranged' GET request
|
566
624
|
# for the part specified. Useful for downloading just a part of an
|
567
625
|
# object.
|
626
|
+
# @option options [String] :expected_bucket_owner
|
627
|
+
# The account id of the expected bucket owner. If the bucket is owned by
|
628
|
+
# a different account, the request will fail with an HTTP `403 (Access
|
629
|
+
# Denied)` error.
|
568
630
|
# @return [Types::GetObjectOutput]
|
569
631
|
def get(options = {}, &block)
|
570
632
|
options = options.merge(
|
@@ -593,7 +655,7 @@ module Aws::S3
|
|
593
655
|
# "MetadataKey" => "MetadataValue",
|
594
656
|
# },
|
595
657
|
# server_side_encryption: "AES256", # accepts AES256, aws:kms
|
596
|
-
# storage_class: "STANDARD", # accepts STANDARD, REDUCED_REDUNDANCY, STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER, DEEP_ARCHIVE
|
658
|
+
# storage_class: "STANDARD", # accepts STANDARD, REDUCED_REDUNDANCY, STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER, DEEP_ARCHIVE, OUTPOSTS
|
597
659
|
# website_redirect_location: "WebsiteRedirectLocation",
|
598
660
|
# sse_customer_algorithm: "SSECustomerAlgorithm",
|
599
661
|
# sse_customer_key: "SSECustomerKey",
|
@@ -605,6 +667,7 @@ module Aws::S3
|
|
605
667
|
# object_lock_mode: "GOVERNANCE", # accepts GOVERNANCE, COMPLIANCE
|
606
668
|
# object_lock_retain_until_date: Time.now,
|
607
669
|
# object_lock_legal_hold_status: "ON", # accepts ON, OFF
|
670
|
+
# expected_bucket_owner: "AccountId",
|
608
671
|
# })
|
609
672
|
# @param [Hash] options ({})
|
610
673
|
# @option options [String] :acl
|
@@ -651,7 +714,7 @@ module Aws::S3
|
|
651
714
|
# encrypting data. This value is used to store the object and then it is
|
652
715
|
# discarded; Amazon S3 does not store the encryption key. The key must
|
653
716
|
# be appropriate for use with the algorithm specified in the
|
654
|
-
# `x-amz-server-side
|
717
|
+
# `x-amz-server-side-encryption-customer-algorithm` header.
|
655
718
|
# @option options [String] :sse_customer_key_md5
|
656
719
|
# Specifies the 128-bit MD5 digest of the encryption key according to
|
657
720
|
# RFC 1321. Amazon S3 uses this header for a message integrity check to
|
@@ -692,6 +755,10 @@ module Aws::S3
|
|
692
755
|
# @option options [String] :object_lock_legal_hold_status
|
693
756
|
# Specifies whether you want to apply a Legal Hold to the uploaded
|
694
757
|
# object.
|
758
|
+
# @option options [String] :expected_bucket_owner
|
759
|
+
# The account id of the expected bucket owner. If the bucket is owned by
|
760
|
+
# a different account, the request will fail with an HTTP `403 (Access
|
761
|
+
# Denied)` error.
|
695
762
|
# @return [MultipartUpload]
|
696
763
|
def initiate_multipart_upload(options = {})
|
697
764
|
options = options.merge(
|
@@ -728,7 +795,7 @@ module Aws::S3
|
|
728
795
|
# "MetadataKey" => "MetadataValue",
|
729
796
|
# },
|
730
797
|
# server_side_encryption: "AES256", # accepts AES256, aws:kms
|
731
|
-
# storage_class: "STANDARD", # accepts STANDARD, REDUCED_REDUNDANCY, STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER, DEEP_ARCHIVE
|
798
|
+
# storage_class: "STANDARD", # accepts STANDARD, REDUCED_REDUNDANCY, STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER, DEEP_ARCHIVE, OUTPOSTS
|
732
799
|
# website_redirect_location: "WebsiteRedirectLocation",
|
733
800
|
# sse_customer_algorithm: "SSECustomerAlgorithm",
|
734
801
|
# sse_customer_key: "SSECustomerKey",
|
@@ -740,6 +807,7 @@ module Aws::S3
|
|
740
807
|
# object_lock_mode: "GOVERNANCE", # accepts GOVERNANCE, COMPLIANCE
|
741
808
|
# object_lock_retain_until_date: Time.now,
|
742
809
|
# object_lock_legal_hold_status: "ON", # accepts ON, OFF
|
810
|
+
# expected_bucket_owner: "AccountId",
|
743
811
|
# })
|
744
812
|
# @param [Hash] options ({})
|
745
813
|
# @option options [String] :acl
|
@@ -864,7 +932,7 @@ module Aws::S3
|
|
864
932
|
# encrypting data. This value is used to store the object and then it is
|
865
933
|
# discarded; Amazon S3 does not store the encryption key. The key must
|
866
934
|
# be appropriate for use with the algorithm specified in the
|
867
|
-
# `x-amz-server-side
|
935
|
+
# `x-amz-server-side-encryption-customer-algorithm` header.
|
868
936
|
# @option options [String] :sse_customer_key_md5
|
869
937
|
# Specifies the 128-bit MD5 digest of the encryption key according to
|
870
938
|
# RFC 1321. Amazon S3 uses this header for a message integrity check to
|
@@ -909,6 +977,10 @@ module Aws::S3
|
|
909
977
|
#
|
910
978
|
#
|
911
979
|
# [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock.html
|
980
|
+
# @option options [String] :expected_bucket_owner
|
981
|
+
# The account id of the expected bucket owner. If the bucket is owned by
|
982
|
+
# a different account, the request will fail with an HTTP `403 (Access
|
983
|
+
# Denied)` error.
|
912
984
|
# @return [Types::PutObjectOutput]
|
913
985
|
def put(options = {})
|
914
986
|
options = options.merge(
|
@@ -1000,11 +1072,12 @@ module Aws::S3
|
|
1000
1072
|
# value: "MetadataValue",
|
1001
1073
|
# },
|
1002
1074
|
# ],
|
1003
|
-
# storage_class: "STANDARD", # accepts STANDARD, REDUCED_REDUNDANCY, STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER, DEEP_ARCHIVE
|
1075
|
+
# storage_class: "STANDARD", # accepts STANDARD, REDUCED_REDUNDANCY, STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER, DEEP_ARCHIVE, OUTPOSTS
|
1004
1076
|
# },
|
1005
1077
|
# },
|
1006
1078
|
# },
|
1007
1079
|
# request_payer: "requester", # accepts requester
|
1080
|
+
# expected_bucket_owner: "AccountId",
|
1008
1081
|
# })
|
1009
1082
|
# @param [Hash] options ({})
|
1010
1083
|
# @option options [String] :version_id
|
@@ -1021,6 +1094,10 @@ module Aws::S3
|
|
1021
1094
|
#
|
1022
1095
|
#
|
1023
1096
|
# [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html
|
1097
|
+
# @option options [String] :expected_bucket_owner
|
1098
|
+
# The account id of the expected bucket owner. If the bucket is owned by
|
1099
|
+
# a different account, the request will fail with an HTTP `403 (Access
|
1100
|
+
# Denied)` error.
|
1024
1101
|
# @return [Types::RestoreObjectOutput]
|
1025
1102
|
def restore_object(options = {})
|
1026
1103
|
options = options.merge(
|
@@ -1152,6 +1229,7 @@ module Aws::S3
|
|
1152
1229
|
# mfa: "MFA",
|
1153
1230
|
# request_payer: "requester", # accepts requester
|
1154
1231
|
# bypass_governance_retention: false,
|
1232
|
+
# expected_bucket_owner: "AccountId",
|
1155
1233
|
# })
|
1156
1234
|
# @param options ({})
|
1157
1235
|
# @option options [String] :mfa
|
@@ -1173,6 +1251,10 @@ module Aws::S3
|
|
1173
1251
|
# Specifies whether you want to delete this object even if it has a
|
1174
1252
|
# Governance-type Object Lock in place. You must have sufficient
|
1175
1253
|
# permissions to perform this operation.
|
1254
|
+
# @option options [String] :expected_bucket_owner
|
1255
|
+
# The account id of the expected bucket owner. If the bucket is owned by
|
1256
|
+
# a different account, the request will fail with an HTTP `403 (Access
|
1257
|
+
# Denied)` error.
|
1176
1258
|
# @return [void]
|
1177
1259
|
def batch_delete!(options = {})
|
1178
1260
|
batch_enum.each do |batch|
|
@@ -234,6 +234,7 @@ module Aws::S3
|
|
234
234
|
# mfa: "MFA",
|
235
235
|
# request_payer: "requester", # accepts requester
|
236
236
|
# bypass_governance_retention: false,
|
237
|
+
# expected_bucket_owner: "AccountId",
|
237
238
|
# })
|
238
239
|
# @param [Hash] options ({})
|
239
240
|
# @option options [String] :mfa
|
@@ -254,6 +255,10 @@ module Aws::S3
|
|
254
255
|
# @option options [Boolean] :bypass_governance_retention
|
255
256
|
# Indicates whether S3 Object Lock should bypass Governance-mode
|
256
257
|
# restrictions to process this operation.
|
258
|
+
# @option options [String] :expected_bucket_owner
|
259
|
+
# The account id of the expected bucket owner. If the bucket is owned by
|
260
|
+
# a different account, the request will fail with an HTTP `403 (Access
|
261
|
+
# Denied)` error.
|
257
262
|
# @return [Types::DeleteObjectOutput]
|
258
263
|
def delete(options = {})
|
259
264
|
options = options.merge(
|
@@ -284,6 +289,7 @@ module Aws::S3
|
|
284
289
|
# sse_customer_key_md5: "SSECustomerKeyMD5",
|
285
290
|
# request_payer: "requester", # accepts requester
|
286
291
|
# part_number: 1,
|
292
|
+
# expected_bucket_owner: "AccountId",
|
287
293
|
# })
|
288
294
|
# @param [Hash] options ({})
|
289
295
|
# @option options [String] :if_match
|
@@ -331,7 +337,7 @@ module Aws::S3
|
|
331
337
|
# encrypting data. This value is used to store the object and then it is
|
332
338
|
# discarded; Amazon S3 does not store the encryption key. The key must
|
333
339
|
# be appropriate for use with the algorithm specified in the
|
334
|
-
# `x-amz-server-side
|
340
|
+
# `x-amz-server-side-encryption-customer-algorithm` header.
|
335
341
|
# @option options [String] :sse_customer_key_md5
|
336
342
|
# Specifies the 128-bit MD5 digest of the encryption key according to
|
337
343
|
# RFC 1321. Amazon S3 uses this header for a message integrity check to
|
@@ -351,6 +357,10 @@ module Aws::S3
|
|
351
357
|
# between 1 and 10,000. Effectively performs a 'ranged' GET request
|
352
358
|
# for the part specified. Useful for downloading just a part of an
|
353
359
|
# object.
|
360
|
+
# @option options [String] :expected_bucket_owner
|
361
|
+
# The account id of the expected bucket owner. If the bucket is owned by
|
362
|
+
# a different account, the request will fail with an HTTP `403 (Access
|
363
|
+
# Denied)` error.
|
354
364
|
# @return [Types::GetObjectOutput]
|
355
365
|
def get(options = {}, &block)
|
356
366
|
options = options.merge(
|
@@ -375,6 +385,7 @@ module Aws::S3
|
|
375
385
|
# sse_customer_key_md5: "SSECustomerKeyMD5",
|
376
386
|
# request_payer: "requester", # accepts requester
|
377
387
|
# part_number: 1,
|
388
|
+
# expected_bucket_owner: "AccountId",
|
378
389
|
# })
|
379
390
|
# @param [Hash] options ({})
|
380
391
|
# @option options [String] :if_match
|
@@ -406,7 +417,7 @@ module Aws::S3
|
|
406
417
|
# encrypting data. This value is used to store the object and then it is
|
407
418
|
# discarded; Amazon S3 does not store the encryption key. The key must
|
408
419
|
# be appropriate for use with the algorithm specified in the
|
409
|
-
# `x-amz-server-side
|
420
|
+
# `x-amz-server-side-encryption-customer-algorithm` header.
|
410
421
|
# @option options [String] :sse_customer_key_md5
|
411
422
|
# Specifies the 128-bit MD5 digest of the encryption key according to
|
412
423
|
# RFC 1321. Amazon S3 uses this header for a message integrity check to
|
@@ -426,6 +437,10 @@ module Aws::S3
|
|
426
437
|
# between 1 and 10,000. Effectively performs a 'ranged' HEAD request
|
427
438
|
# for the part specified. Useful querying about the size of the part and
|
428
439
|
# the number of parts in this object.
|
440
|
+
# @option options [String] :expected_bucket_owner
|
441
|
+
# The account id of the expected bucket owner. If the bucket is owned by
|
442
|
+
# a different account, the request will fail with an HTTP `403 (Access
|
443
|
+
# Denied)` error.
|
429
444
|
# @return [Types::HeadObjectOutput]
|
430
445
|
def head(options = {})
|
431
446
|
options = options.merge(
|
@@ -504,6 +519,7 @@ module Aws::S3
|
|
504
519
|
# mfa: "MFA",
|
505
520
|
# request_payer: "requester", # accepts requester
|
506
521
|
# bypass_governance_retention: false,
|
522
|
+
# expected_bucket_owner: "AccountId",
|
507
523
|
# })
|
508
524
|
# @param options ({})
|
509
525
|
# @option options [String] :mfa
|
@@ -525,6 +541,10 @@ module Aws::S3
|
|
525
541
|
# Specifies whether you want to delete this object even if it has a
|
526
542
|
# Governance-type Object Lock in place. You must have sufficient
|
527
543
|
# permissions to perform this operation.
|
544
|
+
# @option options [String] :expected_bucket_owner
|
545
|
+
# The account id of the expected bucket owner. If the bucket is owned by
|
546
|
+
# a different account, the request will fail with an HTTP `403 (Access
|
547
|
+
# Denied)` error.
|
528
548
|
# @return [void]
|
529
549
|
def batch_delete!(options = {})
|
530
550
|
batch_enum.each do |batch|
|
@@ -0,0 +1,187 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require_relative '../arn/access_point_arn'
|
4
|
+
require_relative '../arn/outpost_access_point_arn'
|
5
|
+
|
6
|
+
module Aws
|
7
|
+
module S3
|
8
|
+
module Plugins
|
9
|
+
# When an accesspoint ARN is provided for :bucket in S3 operations, this
|
10
|
+
# plugin resolves the request endpoint from the ARN when possible.
|
11
|
+
# @api private
|
12
|
+
class ARN < Seahorse::Client::Plugin
|
13
|
+
option(
|
14
|
+
:s3_use_arn_region,
|
15
|
+
default: true,
|
16
|
+
doc_type: 'Boolean',
|
17
|
+
docstring: <<-DOCS) do |cfg|
|
18
|
+
For S3 ARNs passed into the `:bucket` parameter, this option will
|
19
|
+
use the region in the ARN, allowing for cross-region requests to
|
20
|
+
be made. Set to `false` to use the client's region instead.
|
21
|
+
DOCS
|
22
|
+
resolve_s3_use_arn_region(cfg)
|
23
|
+
end
|
24
|
+
|
25
|
+
def add_handlers(handlers, _config)
|
26
|
+
handlers.add(Handler)
|
27
|
+
end
|
28
|
+
|
29
|
+
class Handler < Seahorse::Client::Handler
|
30
|
+
def call(context)
|
31
|
+
bucket_member = _bucket_member(context.operation.input.shape)
|
32
|
+
if bucket_member && (bucket = context.params[bucket_member])
|
33
|
+
resolved_region, arn = ARN.resolve_arn!(
|
34
|
+
bucket,
|
35
|
+
context.config.region,
|
36
|
+
context.config.s3_use_arn_region
|
37
|
+
)
|
38
|
+
if arn
|
39
|
+
validate_config!(context, arn)
|
40
|
+
|
41
|
+
ARN.resolve_url!(
|
42
|
+
context.http_request.endpoint,
|
43
|
+
arn,
|
44
|
+
resolved_region,
|
45
|
+
extract_dualstack_config!(context)
|
46
|
+
)
|
47
|
+
end
|
48
|
+
end
|
49
|
+
@handler.call(context)
|
50
|
+
end
|
51
|
+
|
52
|
+
private
|
53
|
+
|
54
|
+
def _bucket_member(input)
|
55
|
+
input.members.each do |member, ref|
|
56
|
+
return member if ref.shape.name == 'BucketName'
|
57
|
+
end
|
58
|
+
nil
|
59
|
+
end
|
60
|
+
|
61
|
+
# other plugins use dualstack so disable it when we're done
|
62
|
+
def extract_dualstack_config!(context)
|
63
|
+
dualstack = context[:use_dualstack_endpoint]
|
64
|
+
context[:use_dualstack_endpoint] = false if dualstack
|
65
|
+
dualstack
|
66
|
+
end
|
67
|
+
|
68
|
+
def validate_config!(context, arn)
|
69
|
+
unless context.config.regional_endpoint
|
70
|
+
raise ArgumentError,
|
71
|
+
'Cannot provide both an Access Point ARN and setting '\
|
72
|
+
':endpoint.'
|
73
|
+
end
|
74
|
+
|
75
|
+
if context.config.force_path_style
|
76
|
+
raise ArgumentError,
|
77
|
+
'Cannot provide both an Access Point ARN and setting '\
|
78
|
+
':force_path_style to true.'
|
79
|
+
end
|
80
|
+
|
81
|
+
if context.config.use_accelerate_endpoint
|
82
|
+
raise ArgumentError,
|
83
|
+
'Cannot provide both an Access Point ARN and setting '\
|
84
|
+
':use_accelerate_endpoint to true.'
|
85
|
+
end
|
86
|
+
|
87
|
+
if !arn.support_dualstack? && context[:use_dualstack_endpoint]
|
88
|
+
raise ArgumentError,
|
89
|
+
'Cannot provide both an Outpost Access Point ARN and '\
|
90
|
+
'setting :use_dualstack_endpoint to true.'
|
91
|
+
end
|
92
|
+
end
|
93
|
+
end
|
94
|
+
|
95
|
+
class << self
|
96
|
+
# @api private
|
97
|
+
def resolve_arn!(member_value, region, use_arn_region)
|
98
|
+
if Aws::ARNParser.arn?(member_value)
|
99
|
+
arn = Aws::ARNParser.parse(member_value)
|
100
|
+
if arn.resource.start_with?('accesspoint')
|
101
|
+
s3_arn = Aws::S3::AccessPointARN.new(arn.to_h)
|
102
|
+
elsif arn.resource.start_with?('outpost')
|
103
|
+
s3_arn = Aws::S3::OutpostAccessPointARN.new(arn.to_h)
|
104
|
+
else
|
105
|
+
raise ArgumentError,
|
106
|
+
'Only Access Point and Outpost Access Point type ARNs '\
|
107
|
+
'are currently supported.'
|
108
|
+
end
|
109
|
+
s3_arn.validate_arn!
|
110
|
+
validate_region_config!(s3_arn, region, use_arn_region)
|
111
|
+
region = s3_arn.region if use_arn_region
|
112
|
+
[region, s3_arn]
|
113
|
+
else
|
114
|
+
[region]
|
115
|
+
end
|
116
|
+
end
|
117
|
+
|
118
|
+
# @api private
|
119
|
+
def resolve_url!(url, arn, region, dualstack = false)
|
120
|
+
url.host = arn.host_url(region, dualstack)
|
121
|
+
url.path = url_path(url.path, arn)
|
122
|
+
url
|
123
|
+
end
|
124
|
+
|
125
|
+
private
|
126
|
+
|
127
|
+
def resolve_s3_use_arn_region(cfg)
|
128
|
+
value = ENV['AWS_S3_USE_ARN_REGION'] ||
|
129
|
+
Aws.shared_config.s3_use_arn_region(profile: cfg.profile) ||
|
130
|
+
'true'
|
131
|
+
value = Aws::Util.str_2_bool(value)
|
132
|
+
# Raise if provided value is not true or false
|
133
|
+
if value.nil?
|
134
|
+
raise ArgumentError,
|
135
|
+
'Must provide either `true` or `false` for '\
|
136
|
+
's3_use_arn_region profile option or for '\
|
137
|
+
"ENV['AWS_S3_USE_ARN_REGION']"
|
138
|
+
end
|
139
|
+
value
|
140
|
+
end
|
141
|
+
|
142
|
+
# Remove ARN from the path since it was substituted already
|
143
|
+
# This only works because accesspoints care about the URL
|
144
|
+
def url_path(path, arn)
|
145
|
+
path = path.sub("/#{Seahorse::Util.uri_escape(arn.to_s)}", '')
|
146
|
+
.sub("/#{arn}", '')
|
147
|
+
"/#{path}" unless path =~ /^\//
|
148
|
+
path
|
149
|
+
end
|
150
|
+
|
151
|
+
def validate_region_config!(arn, region, use_arn_region)
|
152
|
+
fips = arn.support_fips?
|
153
|
+
|
154
|
+
# s3-external-1 is specific just to s3 and not part of partitions
|
155
|
+
# aws-global is a partition region
|
156
|
+
unless arn.partition == 'aws' &&
|
157
|
+
(region == 's3-external-1' || region == 'aws-global')
|
158
|
+
if !fips && arn.region.include?('fips')
|
159
|
+
raise ArgumentError,
|
160
|
+
'FIPS region ARNs are not supported for this type of ARN.'
|
161
|
+
end
|
162
|
+
|
163
|
+
if !fips && !use_arn_region && region.include?('fips')
|
164
|
+
raise ArgumentError,
|
165
|
+
'FIPS client regions are not supported for this type of '\
|
166
|
+
'ARN without s3_use_arn_region.'
|
167
|
+
end
|
168
|
+
|
169
|
+
# if it's a fips region, attempt to normalize it
|
170
|
+
if fips || use_arn_region
|
171
|
+
region = region.gsub('fips-', '').gsub('-fips', '')
|
172
|
+
end
|
173
|
+
if use_arn_region &&
|
174
|
+
!Aws::Partitions.partition(arn.partition).region?(region)
|
175
|
+
raise Aws::Errors::InvalidARNPartitionError
|
176
|
+
end
|
177
|
+
|
178
|
+
if !use_arn_region && region != arn.region
|
179
|
+
raise Aws::Errors::InvalidARNRegionError
|
180
|
+
end
|
181
|
+
end
|
182
|
+
end
|
183
|
+
end
|
184
|
+
end
|
185
|
+
end
|
186
|
+
end
|
187
|
+
end
|