aws-sdk-s3 1.79.0 → 1.82.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (34) hide show
  1. checksums.yaml +4 -4
  2. data/lib/aws-sdk-s3.rb +2 -1
  3. data/lib/aws-sdk-s3/arn/access_point_arn.rb +62 -0
  4. data/lib/aws-sdk-s3/arn/outpost_access_point_arn.rb +71 -0
  5. data/lib/aws-sdk-s3/bucket.rb +34 -3
  6. data/lib/aws-sdk-s3/bucket_acl.rb +5 -0
  7. data/lib/aws-sdk-s3/bucket_cors.rb +12 -1
  8. data/lib/aws-sdk-s3/bucket_lifecycle.rb +12 -1
  9. data/lib/aws-sdk-s3/bucket_lifecycle_configuration.rb +12 -1
  10. data/lib/aws-sdk-s3/bucket_logging.rb +5 -0
  11. data/lib/aws-sdk-s3/bucket_notification.rb +5 -0
  12. data/lib/aws-sdk-s3/bucket_policy.rb +12 -1
  13. data/lib/aws-sdk-s3/bucket_request_payment.rb +5 -0
  14. data/lib/aws-sdk-s3/bucket_tagging.rb +12 -1
  15. data/lib/aws-sdk-s3/bucket_versioning.rb +15 -0
  16. data/lib/aws-sdk-s3/bucket_website.rb +12 -1
  17. data/lib/aws-sdk-s3/client.rb +1753 -555
  18. data/lib/aws-sdk-s3/client_api.rb +87 -0
  19. data/lib/aws-sdk-s3/customizations/bucket.rb +7 -4
  20. data/lib/aws-sdk-s3/multipart_upload.rb +15 -0
  21. data/lib/aws-sdk-s3/multipart_upload_part.rb +63 -6
  22. data/lib/aws-sdk-s3/object.rb +97 -14
  23. data/lib/aws-sdk-s3/object_acl.rb +5 -0
  24. data/lib/aws-sdk-s3/object_summary.rb +92 -10
  25. data/lib/aws-sdk-s3/object_version.rb +22 -2
  26. data/lib/aws-sdk-s3/plugins/arn.rb +187 -0
  27. data/lib/aws-sdk-s3/plugins/bucket_dns.rb +0 -2
  28. data/lib/aws-sdk-s3/plugins/bucket_name_restrictions.rb +1 -1
  29. data/lib/aws-sdk-s3/plugins/s3_signer.rb +29 -7
  30. data/lib/aws-sdk-s3/presigned_post.rb +1 -0
  31. data/lib/aws-sdk-s3/presigner.rb +1 -0
  32. data/lib/aws-sdk-s3/types.rb +1296 -147
  33. metadata +7 -5
  34. data/lib/aws-sdk-s3/plugins/bucket_arn.rb +0 -212
@@ -228,6 +228,7 @@ module Aws::S3
228
228
  # grant_write_acp: "GrantWriteACP",
229
229
  # request_payer: "requester", # accepts requester
230
230
  # version_id: "ObjectVersionId",
231
+ # expected_bucket_owner: "AccountId",
231
232
  # })
232
233
  # @param [Hash] options ({})
233
234
  # @option options [String] :acl
@@ -273,6 +274,10 @@ module Aws::S3
273
274
  # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html
274
275
  # @option options [String] :version_id
275
276
  # VersionId used to reference a specific version of the object.
277
+ # @option options [String] :expected_bucket_owner
278
+ # The account id of the expected bucket owner. If the bucket is owned by
279
+ # a different account, the request will fail with an HTTP `403 (Access
280
+ # Denied)` error.
276
281
  # @return [Types::PutObjectAclOutput]
277
282
  def put(options = {})
278
283
  options = options.merge(
@@ -295,7 +295,7 @@ module Aws::S3
295
295
  # metadata_directive: "COPY", # accepts COPY, REPLACE
296
296
  # tagging_directive: "COPY", # accepts COPY, REPLACE
297
297
  # server_side_encryption: "AES256", # accepts AES256, aws:kms
298
- # storage_class: "STANDARD", # accepts STANDARD, REDUCED_REDUNDANCY, STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER, DEEP_ARCHIVE
298
+ # storage_class: "STANDARD", # accepts STANDARD, REDUCED_REDUNDANCY, STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER, DEEP_ARCHIVE, OUTPOSTS
299
299
  # website_redirect_location: "WebsiteRedirectLocation",
300
300
  # sse_customer_algorithm: "SSECustomerAlgorithm",
301
301
  # sse_customer_key: "SSECustomerKey",
@@ -310,6 +310,8 @@ module Aws::S3
310
310
  # object_lock_mode: "GOVERNANCE", # accepts GOVERNANCE, COMPLIANCE
311
311
  # object_lock_retain_until_date: Time.now,
312
312
  # object_lock_legal_hold_status: "ON", # accepts ON, OFF
313
+ # expected_bucket_owner: "AccountId",
314
+ # expected_source_bucket_owner: "AccountId",
313
315
  # })
314
316
  # @param [Hash] options ({})
315
317
  # @option options [String] :acl
@@ -327,8 +329,50 @@ module Aws::S3
327
329
  # @option options [String] :content_type
328
330
  # A standard MIME type describing the format of the object data.
329
331
  # @option options [required, String] :copy_source
330
- # The name of the source bucket and key name of the source object,
331
- # separated by a slash (/). Must be URL-encoded.
332
+ # Specifies the source object for the copy operation. You specify the
333
+ # value in one of two formats, depending on whether you want to access
334
+ # the source object through an [access point][1]\:
335
+ #
336
+ # * For objects not accessed through an access point, specify the name
337
+ # of the source bucket and the key of the source object, separated by
338
+ # a slash (/). For example, to copy the object `reports/january.pdf`
339
+ # from the bucket `awsexamplebucket`, use
340
+ # `awsexamplebucket/reports/january.pdf`. The value must be URL
341
+ # encoded.
342
+ #
343
+ # * For objects accessed through access points, specify the Amazon
344
+ # Resource Name (ARN) of the object as accessed through the access
345
+ # point, in the format
346
+ # `arn:aws:s3:<Region>:<account-id>:accesspoint/<access-point-name>/object/<key>`.
347
+ # For example, to copy the object `reports/january.pdf` through access
348
+ # point `my-access-point` owned by account `123456789012` in Region
349
+ # `us-west-2`, use the URL encoding of
350
+ # `arn:aws:s3:us-west-2:123456789012:accesspoint/my-access-point/object/reports/january.pdf`.
351
+ # The value must be URL encoded.
352
+ #
353
+ # <note markdown="1"> Amazon S3 supports copy operations using access points only when the
354
+ # source and destination buckets are in the same AWS Region.
355
+ #
356
+ # </note>
357
+ #
358
+ # Alternatively, for objects accessed through Amazon S3 on Outposts,
359
+ # specify the ARN of the object as accessed in the format
360
+ # `arn:aws:s3-outposts:<Region>:<account-id>:outpost/<outpost-id>/object/<key>`.
361
+ # For example, to copy the object `reports/january.pdf` through
362
+ # outpost `my-outpost` owned by account `123456789012` in Region
363
+ # `us-west-2`, use the URL encoding of
364
+ # `arn:aws:s3-outposts:us-west-2:123456789012:outpost/my-outpost/object/reports/january.pdf`.
365
+ # The value must be URL encoded.
366
+ #
367
+ # To copy a specific version of an object, append
368
+ # `?versionId=<version-id>` to the value (for example,
369
+ # `awsexamplebucket/reports/january.pdf?versionId=QUpfdndhfd8438MNFDN93jdnJFkdmqnh893`).
370
+ # If you don't specify a version ID, Amazon S3 copies the latest
371
+ # version of the source object.
372
+ #
373
+ #
374
+ #
375
+ # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/access-points.html
332
376
  # @option options [String] :copy_source_if_match
333
377
  # Copies the object if its entity tag (ETag) matches the specified tag.
334
378
  # @option options [Time,DateTime,Date,Integer,String] :copy_source_if_modified_since
@@ -375,7 +419,7 @@ module Aws::S3
375
419
  # encrypting data. This value is used to store the object and then it is
376
420
  # discarded; Amazon S3 does not store the encryption key. The key must
377
421
  # be appropriate for use with the algorithm specified in the
378
- # `x-amz-server-side​-encryption​-customer-algorithm` header.
422
+ # `x-amz-server-side-encryption-customer-algorithm` header.
379
423
  # @option options [String] :sse_customer_key_md5
380
424
  # Specifies the 128-bit MD5 digest of the encryption key according to
381
425
  # RFC 1321. Amazon S3 uses this header for a message integrity check to
@@ -427,6 +471,14 @@ module Aws::S3
427
471
  # expire.
428
472
  # @option options [String] :object_lock_legal_hold_status
429
473
  # Specifies whether you want to apply a Legal Hold to the copied object.
474
+ # @option options [String] :expected_bucket_owner
475
+ # The account id of the expected destination bucket owner. If the
476
+ # destination bucket is owned by a different account, the request will
477
+ # fail with an HTTP `403 (Access Denied)` error.
478
+ # @option options [String] :expected_source_bucket_owner
479
+ # The account id of the expected source bucket owner. If the source
480
+ # bucket is owned by a different account, the request will fail with an
481
+ # HTTP `403 (Access Denied)` error.
430
482
  # @return [Types::CopyObjectOutput]
431
483
  def copy_from(options = {})
432
484
  options = options.merge(
@@ -444,6 +496,7 @@ module Aws::S3
444
496
  # version_id: "ObjectVersionId",
445
497
  # request_payer: "requester", # accepts requester
446
498
  # bypass_governance_retention: false,
499
+ # expected_bucket_owner: "AccountId",
447
500
  # })
448
501
  # @param [Hash] options ({})
449
502
  # @option options [String] :mfa
@@ -466,6 +519,10 @@ module Aws::S3
466
519
  # @option options [Boolean] :bypass_governance_retention
467
520
  # Indicates whether S3 Object Lock should bypass Governance-mode
468
521
  # restrictions to process this operation.
522
+ # @option options [String] :expected_bucket_owner
523
+ # The account id of the expected bucket owner. If the bucket is owned by
524
+ # a different account, the request will fail with an HTTP `403 (Access
525
+ # Denied)` error.
469
526
  # @return [Types::DeleteObjectOutput]
470
527
  def delete(options = {})
471
528
  options = options.merge(
@@ -496,6 +553,7 @@ module Aws::S3
496
553
  # sse_customer_key_md5: "SSECustomerKeyMD5",
497
554
  # request_payer: "requester", # accepts requester
498
555
  # part_number: 1,
556
+ # expected_bucket_owner: "AccountId",
499
557
  # })
500
558
  # @param [Hash] options ({})
501
559
  # @option options [String] :if_match
@@ -545,7 +603,7 @@ module Aws::S3
545
603
  # encrypting data. This value is used to store the object and then it is
546
604
  # discarded; Amazon S3 does not store the encryption key. The key must
547
605
  # be appropriate for use with the algorithm specified in the
548
- # `x-amz-server-side​-encryption​-customer-algorithm` header.
606
+ # `x-amz-server-side-encryption-customer-algorithm` header.
549
607
  # @option options [String] :sse_customer_key_md5
550
608
  # Specifies the 128-bit MD5 digest of the encryption key according to
551
609
  # RFC 1321. Amazon S3 uses this header for a message integrity check to
@@ -565,6 +623,10 @@ module Aws::S3
565
623
  # between 1 and 10,000. Effectively performs a 'ranged' GET request
566
624
  # for the part specified. Useful for downloading just a part of an
567
625
  # object.
626
+ # @option options [String] :expected_bucket_owner
627
+ # The account id of the expected bucket owner. If the bucket is owned by
628
+ # a different account, the request will fail with an HTTP `403 (Access
629
+ # Denied)` error.
568
630
  # @return [Types::GetObjectOutput]
569
631
  def get(options = {}, &block)
570
632
  options = options.merge(
@@ -593,7 +655,7 @@ module Aws::S3
593
655
  # "MetadataKey" => "MetadataValue",
594
656
  # },
595
657
  # server_side_encryption: "AES256", # accepts AES256, aws:kms
596
- # storage_class: "STANDARD", # accepts STANDARD, REDUCED_REDUNDANCY, STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER, DEEP_ARCHIVE
658
+ # storage_class: "STANDARD", # accepts STANDARD, REDUCED_REDUNDANCY, STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER, DEEP_ARCHIVE, OUTPOSTS
597
659
  # website_redirect_location: "WebsiteRedirectLocation",
598
660
  # sse_customer_algorithm: "SSECustomerAlgorithm",
599
661
  # sse_customer_key: "SSECustomerKey",
@@ -605,6 +667,7 @@ module Aws::S3
605
667
  # object_lock_mode: "GOVERNANCE", # accepts GOVERNANCE, COMPLIANCE
606
668
  # object_lock_retain_until_date: Time.now,
607
669
  # object_lock_legal_hold_status: "ON", # accepts ON, OFF
670
+ # expected_bucket_owner: "AccountId",
608
671
  # })
609
672
  # @param [Hash] options ({})
610
673
  # @option options [String] :acl
@@ -651,7 +714,7 @@ module Aws::S3
651
714
  # encrypting data. This value is used to store the object and then it is
652
715
  # discarded; Amazon S3 does not store the encryption key. The key must
653
716
  # be appropriate for use with the algorithm specified in the
654
- # `x-amz-server-side​-encryption​-customer-algorithm` header.
717
+ # `x-amz-server-side-encryption-customer-algorithm` header.
655
718
  # @option options [String] :sse_customer_key_md5
656
719
  # Specifies the 128-bit MD5 digest of the encryption key according to
657
720
  # RFC 1321. Amazon S3 uses this header for a message integrity check to
@@ -692,6 +755,10 @@ module Aws::S3
692
755
  # @option options [String] :object_lock_legal_hold_status
693
756
  # Specifies whether you want to apply a Legal Hold to the uploaded
694
757
  # object.
758
+ # @option options [String] :expected_bucket_owner
759
+ # The account id of the expected bucket owner. If the bucket is owned by
760
+ # a different account, the request will fail with an HTTP `403 (Access
761
+ # Denied)` error.
695
762
  # @return [MultipartUpload]
696
763
  def initiate_multipart_upload(options = {})
697
764
  options = options.merge(
@@ -728,7 +795,7 @@ module Aws::S3
728
795
  # "MetadataKey" => "MetadataValue",
729
796
  # },
730
797
  # server_side_encryption: "AES256", # accepts AES256, aws:kms
731
- # storage_class: "STANDARD", # accepts STANDARD, REDUCED_REDUNDANCY, STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER, DEEP_ARCHIVE
798
+ # storage_class: "STANDARD", # accepts STANDARD, REDUCED_REDUNDANCY, STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER, DEEP_ARCHIVE, OUTPOSTS
732
799
  # website_redirect_location: "WebsiteRedirectLocation",
733
800
  # sse_customer_algorithm: "SSECustomerAlgorithm",
734
801
  # sse_customer_key: "SSECustomerKey",
@@ -740,6 +807,7 @@ module Aws::S3
740
807
  # object_lock_mode: "GOVERNANCE", # accepts GOVERNANCE, COMPLIANCE
741
808
  # object_lock_retain_until_date: Time.now,
742
809
  # object_lock_legal_hold_status: "ON", # accepts ON, OFF
810
+ # expected_bucket_owner: "AccountId",
743
811
  # })
744
812
  # @param [Hash] options ({})
745
813
  # @option options [String] :acl
@@ -864,7 +932,7 @@ module Aws::S3
864
932
  # encrypting data. This value is used to store the object and then it is
865
933
  # discarded; Amazon S3 does not store the encryption key. The key must
866
934
  # be appropriate for use with the algorithm specified in the
867
- # `x-amz-server-side​-encryption​-customer-algorithm` header.
935
+ # `x-amz-server-side-encryption-customer-algorithm` header.
868
936
  # @option options [String] :sse_customer_key_md5
869
937
  # Specifies the 128-bit MD5 digest of the encryption key according to
870
938
  # RFC 1321. Amazon S3 uses this header for a message integrity check to
@@ -909,6 +977,10 @@ module Aws::S3
909
977
  #
910
978
  #
911
979
  # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock.html
980
+ # @option options [String] :expected_bucket_owner
981
+ # The account id of the expected bucket owner. If the bucket is owned by
982
+ # a different account, the request will fail with an HTTP `403 (Access
983
+ # Denied)` error.
912
984
  # @return [Types::PutObjectOutput]
913
985
  def put(options = {})
914
986
  options = options.merge(
@@ -1000,11 +1072,12 @@ module Aws::S3
1000
1072
  # value: "MetadataValue",
1001
1073
  # },
1002
1074
  # ],
1003
- # storage_class: "STANDARD", # accepts STANDARD, REDUCED_REDUNDANCY, STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER, DEEP_ARCHIVE
1075
+ # storage_class: "STANDARD", # accepts STANDARD, REDUCED_REDUNDANCY, STANDARD_IA, ONEZONE_IA, INTELLIGENT_TIERING, GLACIER, DEEP_ARCHIVE, OUTPOSTS
1004
1076
  # },
1005
1077
  # },
1006
1078
  # },
1007
1079
  # request_payer: "requester", # accepts requester
1080
+ # expected_bucket_owner: "AccountId",
1008
1081
  # })
1009
1082
  # @param [Hash] options ({})
1010
1083
  # @option options [String] :version_id
@@ -1021,6 +1094,10 @@ module Aws::S3
1021
1094
  #
1022
1095
  #
1023
1096
  # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html
1097
+ # @option options [String] :expected_bucket_owner
1098
+ # The account id of the expected bucket owner. If the bucket is owned by
1099
+ # a different account, the request will fail with an HTTP `403 (Access
1100
+ # Denied)` error.
1024
1101
  # @return [Types::RestoreObjectOutput]
1025
1102
  def restore_object(options = {})
1026
1103
  options = options.merge(
@@ -1152,6 +1229,7 @@ module Aws::S3
1152
1229
  # mfa: "MFA",
1153
1230
  # request_payer: "requester", # accepts requester
1154
1231
  # bypass_governance_retention: false,
1232
+ # expected_bucket_owner: "AccountId",
1155
1233
  # })
1156
1234
  # @param options ({})
1157
1235
  # @option options [String] :mfa
@@ -1173,6 +1251,10 @@ module Aws::S3
1173
1251
  # Specifies whether you want to delete this object even if it has a
1174
1252
  # Governance-type Object Lock in place. You must have sufficient
1175
1253
  # permissions to perform this operation.
1254
+ # @option options [String] :expected_bucket_owner
1255
+ # The account id of the expected bucket owner. If the bucket is owned by
1256
+ # a different account, the request will fail with an HTTP `403 (Access
1257
+ # Denied)` error.
1176
1258
  # @return [void]
1177
1259
  def batch_delete!(options = {})
1178
1260
  batch_enum.each do |batch|
@@ -234,6 +234,7 @@ module Aws::S3
234
234
  # mfa: "MFA",
235
235
  # request_payer: "requester", # accepts requester
236
236
  # bypass_governance_retention: false,
237
+ # expected_bucket_owner: "AccountId",
237
238
  # })
238
239
  # @param [Hash] options ({})
239
240
  # @option options [String] :mfa
@@ -254,6 +255,10 @@ module Aws::S3
254
255
  # @option options [Boolean] :bypass_governance_retention
255
256
  # Indicates whether S3 Object Lock should bypass Governance-mode
256
257
  # restrictions to process this operation.
258
+ # @option options [String] :expected_bucket_owner
259
+ # The account id of the expected bucket owner. If the bucket is owned by
260
+ # a different account, the request will fail with an HTTP `403 (Access
261
+ # Denied)` error.
257
262
  # @return [Types::DeleteObjectOutput]
258
263
  def delete(options = {})
259
264
  options = options.merge(
@@ -284,6 +289,7 @@ module Aws::S3
284
289
  # sse_customer_key_md5: "SSECustomerKeyMD5",
285
290
  # request_payer: "requester", # accepts requester
286
291
  # part_number: 1,
292
+ # expected_bucket_owner: "AccountId",
287
293
  # })
288
294
  # @param [Hash] options ({})
289
295
  # @option options [String] :if_match
@@ -331,7 +337,7 @@ module Aws::S3
331
337
  # encrypting data. This value is used to store the object and then it is
332
338
  # discarded; Amazon S3 does not store the encryption key. The key must
333
339
  # be appropriate for use with the algorithm specified in the
334
- # `x-amz-server-side​-encryption​-customer-algorithm` header.
340
+ # `x-amz-server-side-encryption-customer-algorithm` header.
335
341
  # @option options [String] :sse_customer_key_md5
336
342
  # Specifies the 128-bit MD5 digest of the encryption key according to
337
343
  # RFC 1321. Amazon S3 uses this header for a message integrity check to
@@ -351,6 +357,10 @@ module Aws::S3
351
357
  # between 1 and 10,000. Effectively performs a 'ranged' GET request
352
358
  # for the part specified. Useful for downloading just a part of an
353
359
  # object.
360
+ # @option options [String] :expected_bucket_owner
361
+ # The account id of the expected bucket owner. If the bucket is owned by
362
+ # a different account, the request will fail with an HTTP `403 (Access
363
+ # Denied)` error.
354
364
  # @return [Types::GetObjectOutput]
355
365
  def get(options = {}, &block)
356
366
  options = options.merge(
@@ -375,6 +385,7 @@ module Aws::S3
375
385
  # sse_customer_key_md5: "SSECustomerKeyMD5",
376
386
  # request_payer: "requester", # accepts requester
377
387
  # part_number: 1,
388
+ # expected_bucket_owner: "AccountId",
378
389
  # })
379
390
  # @param [Hash] options ({})
380
391
  # @option options [String] :if_match
@@ -406,7 +417,7 @@ module Aws::S3
406
417
  # encrypting data. This value is used to store the object and then it is
407
418
  # discarded; Amazon S3 does not store the encryption key. The key must
408
419
  # be appropriate for use with the algorithm specified in the
409
- # `x-amz-server-side​-encryption​-customer-algorithm` header.
420
+ # `x-amz-server-side-encryption-customer-algorithm` header.
410
421
  # @option options [String] :sse_customer_key_md5
411
422
  # Specifies the 128-bit MD5 digest of the encryption key according to
412
423
  # RFC 1321. Amazon S3 uses this header for a message integrity check to
@@ -426,6 +437,10 @@ module Aws::S3
426
437
  # between 1 and 10,000. Effectively performs a 'ranged' HEAD request
427
438
  # for the part specified. Useful querying about the size of the part and
428
439
  # the number of parts in this object.
440
+ # @option options [String] :expected_bucket_owner
441
+ # The account id of the expected bucket owner. If the bucket is owned by
442
+ # a different account, the request will fail with an HTTP `403 (Access
443
+ # Denied)` error.
429
444
  # @return [Types::HeadObjectOutput]
430
445
  def head(options = {})
431
446
  options = options.merge(
@@ -504,6 +519,7 @@ module Aws::S3
504
519
  # mfa: "MFA",
505
520
  # request_payer: "requester", # accepts requester
506
521
  # bypass_governance_retention: false,
522
+ # expected_bucket_owner: "AccountId",
507
523
  # })
508
524
  # @param options ({})
509
525
  # @option options [String] :mfa
@@ -525,6 +541,10 @@ module Aws::S3
525
541
  # Specifies whether you want to delete this object even if it has a
526
542
  # Governance-type Object Lock in place. You must have sufficient
527
543
  # permissions to perform this operation.
544
+ # @option options [String] :expected_bucket_owner
545
+ # The account id of the expected bucket owner. If the bucket is owned by
546
+ # a different account, the request will fail with an HTTP `403 (Access
547
+ # Denied)` error.
528
548
  # @return [void]
529
549
  def batch_delete!(options = {})
530
550
  batch_enum.each do |batch|
@@ -0,0 +1,187 @@
1
+ # frozen_string_literal: true
2
+
3
+ require_relative '../arn/access_point_arn'
4
+ require_relative '../arn/outpost_access_point_arn'
5
+
6
+ module Aws
7
+ module S3
8
+ module Plugins
9
+ # When an accesspoint ARN is provided for :bucket in S3 operations, this
10
+ # plugin resolves the request endpoint from the ARN when possible.
11
+ # @api private
12
+ class ARN < Seahorse::Client::Plugin
13
+ option(
14
+ :s3_use_arn_region,
15
+ default: true,
16
+ doc_type: 'Boolean',
17
+ docstring: <<-DOCS) do |cfg|
18
+ For S3 ARNs passed into the `:bucket` parameter, this option will
19
+ use the region in the ARN, allowing for cross-region requests to
20
+ be made. Set to `false` to use the client's region instead.
21
+ DOCS
22
+ resolve_s3_use_arn_region(cfg)
23
+ end
24
+
25
+ def add_handlers(handlers, _config)
26
+ handlers.add(Handler)
27
+ end
28
+
29
+ class Handler < Seahorse::Client::Handler
30
+ def call(context)
31
+ bucket_member = _bucket_member(context.operation.input.shape)
32
+ if bucket_member && (bucket = context.params[bucket_member])
33
+ resolved_region, arn = ARN.resolve_arn!(
34
+ bucket,
35
+ context.config.region,
36
+ context.config.s3_use_arn_region
37
+ )
38
+ if arn
39
+ validate_config!(context, arn)
40
+
41
+ ARN.resolve_url!(
42
+ context.http_request.endpoint,
43
+ arn,
44
+ resolved_region,
45
+ extract_dualstack_config!(context)
46
+ )
47
+ end
48
+ end
49
+ @handler.call(context)
50
+ end
51
+
52
+ private
53
+
54
+ def _bucket_member(input)
55
+ input.members.each do |member, ref|
56
+ return member if ref.shape.name == 'BucketName'
57
+ end
58
+ nil
59
+ end
60
+
61
+ # other plugins use dualstack so disable it when we're done
62
+ def extract_dualstack_config!(context)
63
+ dualstack = context[:use_dualstack_endpoint]
64
+ context[:use_dualstack_endpoint] = false if dualstack
65
+ dualstack
66
+ end
67
+
68
+ def validate_config!(context, arn)
69
+ unless context.config.regional_endpoint
70
+ raise ArgumentError,
71
+ 'Cannot provide both an Access Point ARN and setting '\
72
+ ':endpoint.'
73
+ end
74
+
75
+ if context.config.force_path_style
76
+ raise ArgumentError,
77
+ 'Cannot provide both an Access Point ARN and setting '\
78
+ ':force_path_style to true.'
79
+ end
80
+
81
+ if context.config.use_accelerate_endpoint
82
+ raise ArgumentError,
83
+ 'Cannot provide both an Access Point ARN and setting '\
84
+ ':use_accelerate_endpoint to true.'
85
+ end
86
+
87
+ if !arn.support_dualstack? && context[:use_dualstack_endpoint]
88
+ raise ArgumentError,
89
+ 'Cannot provide both an Outpost Access Point ARN and '\
90
+ 'setting :use_dualstack_endpoint to true.'
91
+ end
92
+ end
93
+ end
94
+
95
+ class << self
96
+ # @api private
97
+ def resolve_arn!(member_value, region, use_arn_region)
98
+ if Aws::ARNParser.arn?(member_value)
99
+ arn = Aws::ARNParser.parse(member_value)
100
+ if arn.resource.start_with?('accesspoint')
101
+ s3_arn = Aws::S3::AccessPointARN.new(arn.to_h)
102
+ elsif arn.resource.start_with?('outpost')
103
+ s3_arn = Aws::S3::OutpostAccessPointARN.new(arn.to_h)
104
+ else
105
+ raise ArgumentError,
106
+ 'Only Access Point and Outpost Access Point type ARNs '\
107
+ 'are currently supported.'
108
+ end
109
+ s3_arn.validate_arn!
110
+ validate_region_config!(s3_arn, region, use_arn_region)
111
+ region = s3_arn.region if use_arn_region
112
+ [region, s3_arn]
113
+ else
114
+ [region]
115
+ end
116
+ end
117
+
118
+ # @api private
119
+ def resolve_url!(url, arn, region, dualstack = false)
120
+ url.host = arn.host_url(region, dualstack)
121
+ url.path = url_path(url.path, arn)
122
+ url
123
+ end
124
+
125
+ private
126
+
127
+ def resolve_s3_use_arn_region(cfg)
128
+ value = ENV['AWS_S3_USE_ARN_REGION'] ||
129
+ Aws.shared_config.s3_use_arn_region(profile: cfg.profile) ||
130
+ 'true'
131
+ value = Aws::Util.str_2_bool(value)
132
+ # Raise if provided value is not true or false
133
+ if value.nil?
134
+ raise ArgumentError,
135
+ 'Must provide either `true` or `false` for '\
136
+ 's3_use_arn_region profile option or for '\
137
+ "ENV['AWS_S3_USE_ARN_REGION']"
138
+ end
139
+ value
140
+ end
141
+
142
+ # Remove ARN from the path since it was substituted already
143
+ # This only works because accesspoints care about the URL
144
+ def url_path(path, arn)
145
+ path = path.sub("/#{Seahorse::Util.uri_escape(arn.to_s)}", '')
146
+ .sub("/#{arn}", '')
147
+ "/#{path}" unless path =~ /^\//
148
+ path
149
+ end
150
+
151
+ def validate_region_config!(arn, region, use_arn_region)
152
+ fips = arn.support_fips?
153
+
154
+ # s3-external-1 is specific just to s3 and not part of partitions
155
+ # aws-global is a partition region
156
+ unless arn.partition == 'aws' &&
157
+ (region == 's3-external-1' || region == 'aws-global')
158
+ if !fips && arn.region.include?('fips')
159
+ raise ArgumentError,
160
+ 'FIPS region ARNs are not supported for this type of ARN.'
161
+ end
162
+
163
+ if !fips && !use_arn_region && region.include?('fips')
164
+ raise ArgumentError,
165
+ 'FIPS client regions are not supported for this type of '\
166
+ 'ARN without s3_use_arn_region.'
167
+ end
168
+
169
+ # if it's a fips region, attempt to normalize it
170
+ if fips || use_arn_region
171
+ region = region.gsub('fips-', '').gsub('-fips', '')
172
+ end
173
+ if use_arn_region &&
174
+ !Aws::Partitions.partition(arn.partition).region?(region)
175
+ raise Aws::Errors::InvalidARNPartitionError
176
+ end
177
+
178
+ if !use_arn_region && region != arn.region
179
+ raise Aws::Errors::InvalidARNRegionError
180
+ end
181
+ end
182
+ end
183
+ end
184
+ end
185
+ end
186
+ end
187
+ end