aws-sdk-s3 1.84.1 → 1.117.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +930 -0
- data/LICENSE.txt +202 -0
- data/VERSION +1 -0
- data/lib/aws-sdk-s3/bucket.rb +154 -46
- data/lib/aws-sdk-s3/bucket_acl.rb +28 -6
- data/lib/aws-sdk-s3/bucket_cors.rb +29 -9
- data/lib/aws-sdk-s3/bucket_lifecycle.rb +30 -9
- data/lib/aws-sdk-s3/bucket_lifecycle_configuration.rb +31 -9
- data/lib/aws-sdk-s3/bucket_logging.rb +25 -6
- data/lib/aws-sdk-s3/bucket_notification.rb +21 -9
- data/lib/aws-sdk-s3/bucket_policy.rb +27 -7
- data/lib/aws-sdk-s3/bucket_request_payment.rb +27 -8
- data/lib/aws-sdk-s3/bucket_tagging.rb +27 -7
- data/lib/aws-sdk-s3/bucket_versioning.rb +70 -10
- data/lib/aws-sdk-s3/bucket_website.rb +27 -7
- data/lib/aws-sdk-s3/client.rb +3747 -1848
- data/lib/aws-sdk-s3/client_api.rb +677 -227
- data/lib/aws-sdk-s3/customizations/bucket.rb +28 -49
- data/lib/aws-sdk-s3/customizations/object.rb +116 -18
- data/lib/aws-sdk-s3/encryption/client.rb +1 -1
- data/lib/aws-sdk-s3/encryption/decrypt_handler.rb +0 -4
- data/lib/aws-sdk-s3/encryptionV2/client.rb +1 -1
- data/lib/aws-sdk-s3/encryptionV2/decrypt_handler.rb +0 -4
- data/lib/aws-sdk-s3/encryptionV2/default_cipher_provider.rb +3 -3
- data/lib/aws-sdk-s3/encryptionV2/encrypt_handler.rb +0 -4
- data/lib/aws-sdk-s3/endpoint_parameters.rb +142 -0
- data/lib/aws-sdk-s3/endpoint_provider.rb +2020 -0
- data/lib/aws-sdk-s3/endpoints.rb +2149 -0
- data/lib/aws-sdk-s3/errors.rb +1 -1
- data/lib/aws-sdk-s3/event_streams.rb +1 -1
- data/lib/aws-sdk-s3/file_downloader.rb +7 -2
- data/lib/aws-sdk-s3/file_uploader.rb +8 -3
- data/lib/aws-sdk-s3/legacy_signer.rb +15 -25
- data/lib/aws-sdk-s3/multipart_file_uploader.rb +26 -7
- data/lib/aws-sdk-s3/multipart_stream_uploader.rb +36 -10
- data/lib/aws-sdk-s3/multipart_upload.rb +133 -19
- data/lib/aws-sdk-s3/multipart_upload_part.rb +141 -21
- data/lib/aws-sdk-s3/object.rb +430 -126
- data/lib/aws-sdk-s3/object_acl.rb +31 -9
- data/lib/aws-sdk-s3/object_summary.rb +265 -110
- data/lib/aws-sdk-s3/object_version.rb +80 -53
- data/lib/aws-sdk-s3/plugins/accelerate.rb +1 -39
- data/lib/aws-sdk-s3/plugins/arn.rb +25 -142
- data/lib/aws-sdk-s3/plugins/bucket_dns.rb +3 -39
- data/lib/aws-sdk-s3/plugins/bucket_name_restrictions.rb +1 -6
- data/lib/aws-sdk-s3/plugins/dualstack.rb +2 -49
- data/lib/aws-sdk-s3/plugins/endpoints.rb +262 -0
- data/lib/aws-sdk-s3/plugins/expect_100_continue.rb +3 -1
- data/lib/aws-sdk-s3/plugins/get_bucket_location_fix.rb +1 -1
- data/lib/aws-sdk-s3/plugins/iad_regional_endpoint.rb +8 -31
- data/lib/aws-sdk-s3/plugins/md5s.rb +5 -3
- data/lib/aws-sdk-s3/plugins/s3_signer.rb +33 -102
- data/lib/aws-sdk-s3/plugins/skip_whole_multipart_get_checksums.rb +31 -0
- data/lib/aws-sdk-s3/plugins/streaming_retry.rb +23 -2
- data/lib/aws-sdk-s3/presigned_post.rb +47 -35
- data/lib/aws-sdk-s3/presigner.rb +39 -49
- data/lib/aws-sdk-s3/resource.rb +24 -4
- data/lib/aws-sdk-s3/types.rb +3785 -4735
- data/lib/aws-sdk-s3/waiters.rb +1 -1
- data/lib/aws-sdk-s3.rb +6 -2
- metadata +19 -14
- data/lib/aws-sdk-s3/arn/access_point_arn.rb +0 -62
- data/lib/aws-sdk-s3/arn/outpost_access_point_arn.rb +0 -71
@@ -3,7 +3,7 @@
|
|
3
3
|
# WARNING ABOUT GENERATED CODE
|
4
4
|
#
|
5
5
|
# This file is generated. See the contributing guide for more information:
|
6
|
-
# https://github.com/aws/aws-sdk-ruby/blob/
|
6
|
+
# https://github.com/aws/aws-sdk-ruby/blob/version-3/CONTRIBUTING.md
|
7
7
|
#
|
8
8
|
# WARNING ABOUT GENERATED CODE
|
9
9
|
|
@@ -56,6 +56,12 @@ module Aws::S3
|
|
56
56
|
data[:etag]
|
57
57
|
end
|
58
58
|
|
59
|
+
# The algorithm that was used to create a checksum of the object.
|
60
|
+
# @return [Array<String>]
|
61
|
+
def checksum_algorithm
|
62
|
+
data[:checksum_algorithm]
|
63
|
+
end
|
64
|
+
|
59
65
|
# Size in bytes of the object.
|
60
66
|
# @return [Integer]
|
61
67
|
def size
|
@@ -245,20 +251,21 @@ module Aws::S3
|
|
245
251
|
# @option options [String] :request_payer
|
246
252
|
# Confirms that the requester knows that they will be charged for the
|
247
253
|
# request. Bucket owners need not specify this parameter in their
|
248
|
-
# requests. For information about downloading objects from
|
249
|
-
#
|
250
|
-
# in the *Amazon S3
|
254
|
+
# requests. For information about downloading objects from Requester
|
255
|
+
# Pays buckets, see [Downloading Objects in Requester Pays Buckets][1]
|
256
|
+
# in the *Amazon S3 User Guide*.
|
251
257
|
#
|
252
258
|
#
|
253
259
|
#
|
254
260
|
# [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html
|
255
261
|
# @option options [Boolean] :bypass_governance_retention
|
256
262
|
# Indicates whether S3 Object Lock should bypass Governance-mode
|
257
|
-
# restrictions to process this operation.
|
263
|
+
# restrictions to process this operation. To use this header, you must
|
264
|
+
# have the `s3:BypassGovernanceRetention` permission.
|
258
265
|
# @option options [String] :expected_bucket_owner
|
259
|
-
# The account
|
260
|
-
# a different account, the request
|
261
|
-
#
|
266
|
+
# The account ID of the expected bucket owner. If the bucket is owned by
|
267
|
+
# a different account, the request fails with the HTTP status code `403
|
268
|
+
# Forbidden` (access denied).
|
262
269
|
# @return [Types::DeleteObjectOutput]
|
263
270
|
def delete(options = {})
|
264
271
|
options = options.merge(
|
@@ -290,20 +297,21 @@ module Aws::S3
|
|
290
297
|
# request_payer: "requester", # accepts requester
|
291
298
|
# part_number: 1,
|
292
299
|
# expected_bucket_owner: "AccountId",
|
300
|
+
# checksum_mode: "ENABLED", # accepts ENABLED
|
293
301
|
# })
|
294
302
|
# @param [Hash] options ({})
|
295
303
|
# @option options [String] :if_match
|
296
304
|
# Return the object only if its entity tag (ETag) is the same as the one
|
297
|
-
# specified
|
305
|
+
# specified; otherwise, return a 412 (precondition failed) error.
|
298
306
|
# @option options [Time,DateTime,Date,Integer,String] :if_modified_since
|
299
307
|
# Return the object only if it has been modified since the specified
|
300
|
-
# time
|
308
|
+
# time; otherwise, return a 304 (not modified) error.
|
301
309
|
# @option options [String] :if_none_match
|
302
310
|
# Return the object only if its entity tag (ETag) is different from the
|
303
|
-
# one specified
|
311
|
+
# one specified; otherwise, return a 304 (not modified) error.
|
304
312
|
# @option options [Time,DateTime,Date,Integer,String] :if_unmodified_since
|
305
313
|
# Return the object only if it has not been modified since the specified
|
306
|
-
# time
|
314
|
+
# time; otherwise, return a 412 (precondition failed) error.
|
307
315
|
# @option options [String] :range
|
308
316
|
# Downloads the specified range bytes of an object. For more information
|
309
317
|
# about the HTTP Range header, see
|
@@ -330,13 +338,13 @@ module Aws::S3
|
|
330
338
|
# @option options [Time,DateTime,Date,Integer,String] :response_expires
|
331
339
|
# Sets the `Expires` header of the response.
|
332
340
|
# @option options [String] :sse_customer_algorithm
|
333
|
-
# Specifies the algorithm to use to when
|
341
|
+
# Specifies the algorithm to use to when decrypting the object (for
|
334
342
|
# example, AES256).
|
335
343
|
# @option options [String] :sse_customer_key
|
336
|
-
# Specifies the customer-provided encryption key for Amazon S3 to
|
337
|
-
#
|
338
|
-
#
|
339
|
-
# be appropriate for use with the algorithm specified in the
|
344
|
+
# Specifies the customer-provided encryption key for Amazon S3 used to
|
345
|
+
# encrypt the data. This value is used to decrypt the object when
|
346
|
+
# recovering it and must match the one used when storing the data. The
|
347
|
+
# key must be appropriate for use with the algorithm specified in the
|
340
348
|
# `x-amz-server-side-encryption-customer-algorithm` header.
|
341
349
|
# @option options [String] :sse_customer_key_md5
|
342
350
|
# Specifies the 128-bit MD5 digest of the encryption key according to
|
@@ -345,9 +353,9 @@ module Aws::S3
|
|
345
353
|
# @option options [String] :request_payer
|
346
354
|
# Confirms that the requester knows that they will be charged for the
|
347
355
|
# request. Bucket owners need not specify this parameter in their
|
348
|
-
# requests. For information about downloading objects from
|
349
|
-
#
|
350
|
-
# in the *Amazon S3
|
356
|
+
# requests. For information about downloading objects from Requester
|
357
|
+
# Pays buckets, see [Downloading Objects in Requester Pays Buckets][1]
|
358
|
+
# in the *Amazon S3 User Guide*.
|
351
359
|
#
|
352
360
|
#
|
353
361
|
#
|
@@ -358,9 +366,11 @@ module Aws::S3
|
|
358
366
|
# for the part specified. Useful for downloading just a part of an
|
359
367
|
# object.
|
360
368
|
# @option options [String] :expected_bucket_owner
|
361
|
-
# The account
|
362
|
-
# a different account, the request
|
363
|
-
#
|
369
|
+
# The account ID of the expected bucket owner. If the bucket is owned by
|
370
|
+
# a different account, the request fails with the HTTP status code `403
|
371
|
+
# Forbidden` (access denied).
|
372
|
+
# @option options [String] :checksum_mode
|
373
|
+
# To retrieve the checksum, this mode must be enabled.
|
364
374
|
# @return [Types::GetObjectOutput]
|
365
375
|
def get(options = {}, &block)
|
366
376
|
options = options.merge(
|
@@ -386,33 +396,24 @@ module Aws::S3
|
|
386
396
|
# request_payer: "requester", # accepts requester
|
387
397
|
# part_number: 1,
|
388
398
|
# expected_bucket_owner: "AccountId",
|
399
|
+
# checksum_mode: "ENABLED", # accepts ENABLED
|
389
400
|
# })
|
390
401
|
# @param [Hash] options ({})
|
391
402
|
# @option options [String] :if_match
|
392
403
|
# Return the object only if its entity tag (ETag) is the same as the one
|
393
|
-
# specified
|
404
|
+
# specified; otherwise, return a 412 (precondition failed) error.
|
394
405
|
# @option options [Time,DateTime,Date,Integer,String] :if_modified_since
|
395
406
|
# Return the object only if it has been modified since the specified
|
396
|
-
# time
|
407
|
+
# time; otherwise, return a 304 (not modified) error.
|
397
408
|
# @option options [String] :if_none_match
|
398
409
|
# Return the object only if its entity tag (ETag) is different from the
|
399
|
-
# one specified
|
410
|
+
# one specified; otherwise, return a 304 (not modified) error.
|
400
411
|
# @option options [Time,DateTime,Date,Integer,String] :if_unmodified_since
|
401
412
|
# Return the object only if it has not been modified since the specified
|
402
|
-
# time
|
413
|
+
# time; otherwise, return a 412 (precondition failed) error.
|
403
414
|
# @option options [String] :range
|
404
|
-
#
|
405
|
-
#
|
406
|
-
# [http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.35][1].
|
407
|
-
#
|
408
|
-
# <note markdown="1"> Amazon S3 doesn't support retrieving multiple ranges of data per
|
409
|
-
# `GET` request.
|
410
|
-
#
|
411
|
-
# </note>
|
412
|
-
#
|
413
|
-
#
|
414
|
-
#
|
415
|
-
# [1]: http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.35
|
415
|
+
# Because `HeadObject` returns only the metadata for an object, this
|
416
|
+
# parameter has no effect.
|
416
417
|
# @option options [String] :sse_customer_algorithm
|
417
418
|
# Specifies the algorithm to use to when encrypting the object (for
|
418
419
|
# example, AES256).
|
@@ -429,9 +430,9 @@ module Aws::S3
|
|
429
430
|
# @option options [String] :request_payer
|
430
431
|
# Confirms that the requester knows that they will be charged for the
|
431
432
|
# request. Bucket owners need not specify this parameter in their
|
432
|
-
# requests. For information about downloading objects from
|
433
|
-
#
|
434
|
-
# in the *Amazon S3
|
433
|
+
# requests. For information about downloading objects from Requester
|
434
|
+
# Pays buckets, see [Downloading Objects in Requester Pays Buckets][1]
|
435
|
+
# in the *Amazon S3 User Guide*.
|
435
436
|
#
|
436
437
|
#
|
437
438
|
#
|
@@ -442,9 +443,16 @@ module Aws::S3
|
|
442
443
|
# for the part specified. Useful querying about the size of the part and
|
443
444
|
# the number of parts in this object.
|
444
445
|
# @option options [String] :expected_bucket_owner
|
445
|
-
# The account
|
446
|
-
# a different account, the request
|
447
|
-
#
|
446
|
+
# The account ID of the expected bucket owner. If the bucket is owned by
|
447
|
+
# a different account, the request fails with the HTTP status code `403
|
448
|
+
# Forbidden` (access denied).
|
449
|
+
# @option options [String] :checksum_mode
|
450
|
+
# To retrieve the checksum, this parameter must be enabled.
|
451
|
+
#
|
452
|
+
# In addition, if you enable `ChecksumMode` and the object is encrypted
|
453
|
+
# with Amazon Web Services Key Management Service (Amazon Web Services
|
454
|
+
# KMS), you must have permission to use the `kms:Decrypt` action for the
|
455
|
+
# request to succeed.
|
448
456
|
# @return [Types::HeadObjectOutput]
|
449
457
|
def head(options = {})
|
450
458
|
options = options.merge(
|
@@ -524,6 +532,7 @@ module Aws::S3
|
|
524
532
|
# request_payer: "requester", # accepts requester
|
525
533
|
# bypass_governance_retention: false,
|
526
534
|
# expected_bucket_owner: "AccountId",
|
535
|
+
# checksum_algorithm: "CRC32", # accepts CRC32, CRC32C, SHA1, SHA256
|
527
536
|
# })
|
528
537
|
# @param options ({})
|
529
538
|
# @option options [String] :mfa
|
@@ -534,21 +543,39 @@ module Aws::S3
|
|
534
543
|
# @option options [String] :request_payer
|
535
544
|
# Confirms that the requester knows that they will be charged for the
|
536
545
|
# request. Bucket owners need not specify this parameter in their
|
537
|
-
# requests. For information about downloading objects from
|
538
|
-
#
|
539
|
-
# in the *Amazon S3
|
546
|
+
# requests. For information about downloading objects from Requester
|
547
|
+
# Pays buckets, see [Downloading Objects in Requester Pays Buckets][1]
|
548
|
+
# in the *Amazon S3 User Guide*.
|
540
549
|
#
|
541
550
|
#
|
542
551
|
#
|
543
552
|
# [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html
|
544
553
|
# @option options [Boolean] :bypass_governance_retention
|
545
554
|
# Specifies whether you want to delete this object even if it has a
|
546
|
-
# Governance-type Object Lock in place.
|
547
|
-
#
|
555
|
+
# Governance-type Object Lock in place. To use this header, you must
|
556
|
+
# have the `s3:BypassGovernanceRetention` permission.
|
548
557
|
# @option options [String] :expected_bucket_owner
|
549
|
-
# The account
|
550
|
-
# a different account, the request
|
551
|
-
#
|
558
|
+
# The account ID of the expected bucket owner. If the bucket is owned by
|
559
|
+
# a different account, the request fails with the HTTP status code `403
|
560
|
+
# Forbidden` (access denied).
|
561
|
+
# @option options [String] :checksum_algorithm
|
562
|
+
# Indicates the algorithm used to create the checksum for the object
|
563
|
+
# when using the SDK. This header will not provide any additional
|
564
|
+
# functionality if not using the SDK. When sending this header, there
|
565
|
+
# must be a corresponding `x-amz-checksum` or `x-amz-trailer` header
|
566
|
+
# sent. Otherwise, Amazon S3 fails the request with the HTTP status code
|
567
|
+
# `400 Bad Request`. For more information, see [Checking object
|
568
|
+
# integrity][1] in the *Amazon S3 User Guide*.
|
569
|
+
#
|
570
|
+
# If you provide an individual checksum, Amazon S3 ignores any provided
|
571
|
+
# `ChecksumAlgorithm` parameter.
|
572
|
+
#
|
573
|
+
# This checksum algorithm must be the same for all parts and it match
|
574
|
+
# the checksum value supplied in the `CreateMultipartUpload` request.
|
575
|
+
#
|
576
|
+
#
|
577
|
+
#
|
578
|
+
# [1]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html
|
552
579
|
# @return [void]
|
553
580
|
def batch_delete!(options = {})
|
554
581
|
batch_enum.each do |batch|
|
@@ -23,20 +23,16 @@ each bucket. [Go here for more information](http://docs.aws.amazon.com/AmazonS3/
|
|
23
23
|
operations = config.api.operation_names - [
|
24
24
|
:create_bucket, :list_buckets, :delete_bucket
|
25
25
|
]
|
26
|
-
# Need 2 handlers so that the context can be set for other plugins
|
27
|
-
# and to remove :use_accelerate_endpoint from the params.
|
28
26
|
handlers.add(
|
29
27
|
OptionHandler, step: :initialize, operations: operations
|
30
28
|
)
|
31
|
-
handlers.add(
|
32
|
-
AccelerateHandler, step: :build, priority: 0, operations: operations
|
33
|
-
)
|
34
29
|
end
|
35
30
|
|
36
31
|
# @api private
|
37
32
|
class OptionHandler < Seahorse::Client::Handler
|
38
33
|
def call(context)
|
39
34
|
# Support client configuration and per-operation configuration
|
35
|
+
# TODO: move this to an options hash and warn here.
|
40
36
|
if context.params.is_a?(Hash)
|
41
37
|
accelerate = context.params.delete(:use_accelerate_endpoint)
|
42
38
|
end
|
@@ -47,40 +43,6 @@ each bucket. [Go here for more information](http://docs.aws.amazon.com/AmazonS3/
|
|
47
43
|
@handler.call(context)
|
48
44
|
end
|
49
45
|
end
|
50
|
-
|
51
|
-
# @api private
|
52
|
-
class AccelerateHandler < Seahorse::Client::Handler
|
53
|
-
def call(context)
|
54
|
-
if context[:use_accelerate_endpoint]
|
55
|
-
dualstack = !!context[:use_dualstack_endpoint]
|
56
|
-
use_accelerate_endpoint(context, dualstack)
|
57
|
-
end
|
58
|
-
@handler.call(context)
|
59
|
-
end
|
60
|
-
|
61
|
-
private
|
62
|
-
|
63
|
-
def use_accelerate_endpoint(context, dualstack)
|
64
|
-
bucket_name = context.params[:bucket]
|
65
|
-
validate_bucket_name!(bucket_name)
|
66
|
-
endpoint = URI.parse(context.http_request.endpoint.to_s)
|
67
|
-
endpoint.scheme = 'https'
|
68
|
-
endpoint.port = 443
|
69
|
-
endpoint.host = "#{bucket_name}.s3-accelerate"\
|
70
|
-
"#{'.dualstack' if dualstack}.amazonaws.com"
|
71
|
-
context.http_request.endpoint = endpoint.to_s
|
72
|
-
# s3 accelerate endpoint doesn't work with 'expect' header
|
73
|
-
context.http_request.headers.delete('expect')
|
74
|
-
end
|
75
|
-
|
76
|
-
def validate_bucket_name!(bucket_name)
|
77
|
-
unless BucketDns.dns_compatible?(bucket_name, _ssl = true)
|
78
|
-
raise ArgumentError,
|
79
|
-
'Unable to use `use_accelerate_endpoint: true` on buckets '\
|
80
|
-
'with non-DNS compatible names.'
|
81
|
-
end
|
82
|
-
end
|
83
|
-
end
|
84
46
|
end
|
85
47
|
end
|
86
48
|
end
|
@@ -1,8 +1,5 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
|
-
require_relative '../arn/access_point_arn'
|
4
|
-
require_relative '../arn/outpost_access_point_arn'
|
5
|
-
|
6
3
|
module Aws
|
7
4
|
module S3
|
8
5
|
module Plugins
|
@@ -22,106 +19,19 @@ be made. Set to `false` to use the client's region instead.
|
|
22
19
|
resolve_s3_use_arn_region(cfg)
|
23
20
|
end
|
24
21
|
|
25
|
-
|
26
|
-
|
27
|
-
|
28
|
-
|
29
|
-
|
30
|
-
|
31
|
-
|
32
|
-
|
33
|
-
|
34
|
-
|
35
|
-
context.config.region,
|
36
|
-
context.config.s3_use_arn_region
|
37
|
-
)
|
38
|
-
if arn
|
39
|
-
validate_config!(context, arn)
|
40
|
-
|
41
|
-
ARN.resolve_url!(
|
42
|
-
context.http_request.endpoint,
|
43
|
-
arn,
|
44
|
-
resolved_region,
|
45
|
-
extract_dualstack_config!(context)
|
46
|
-
)
|
47
|
-
end
|
48
|
-
end
|
49
|
-
@handler.call(context)
|
50
|
-
end
|
51
|
-
|
52
|
-
private
|
53
|
-
|
54
|
-
def _bucket_member(input)
|
55
|
-
input.members.each do |member, ref|
|
56
|
-
return member if ref.shape.name == 'BucketName'
|
57
|
-
end
|
58
|
-
nil
|
59
|
-
end
|
60
|
-
|
61
|
-
# other plugins use dualstack so disable it when we're done
|
62
|
-
def extract_dualstack_config!(context)
|
63
|
-
dualstack = context[:use_dualstack_endpoint]
|
64
|
-
context[:use_dualstack_endpoint] = false if dualstack
|
65
|
-
dualstack
|
66
|
-
end
|
67
|
-
|
68
|
-
def validate_config!(context, arn)
|
69
|
-
unless context.config.regional_endpoint
|
70
|
-
raise ArgumentError,
|
71
|
-
'Cannot provide both an Access Point ARN and setting '\
|
72
|
-
':endpoint.'
|
73
|
-
end
|
74
|
-
|
75
|
-
if context.config.force_path_style
|
76
|
-
raise ArgumentError,
|
77
|
-
'Cannot provide both an Access Point ARN and setting '\
|
78
|
-
':force_path_style to true.'
|
79
|
-
end
|
80
|
-
|
81
|
-
if context.config.use_accelerate_endpoint
|
82
|
-
raise ArgumentError,
|
83
|
-
'Cannot provide both an Access Point ARN and setting '\
|
84
|
-
':use_accelerate_endpoint to true.'
|
85
|
-
end
|
86
|
-
|
87
|
-
if !arn.support_dualstack? && context[:use_dualstack_endpoint]
|
88
|
-
raise ArgumentError,
|
89
|
-
'Cannot provide both an Outpost Access Point ARN and '\
|
90
|
-
'setting :use_dualstack_endpoint to true.'
|
91
|
-
end
|
92
|
-
end
|
22
|
+
option(
|
23
|
+
:s3_disable_multiregion_access_points,
|
24
|
+
default: false,
|
25
|
+
doc_type: 'Boolean',
|
26
|
+
docstring: <<-DOCS) do |cfg|
|
27
|
+
When set to `false` this will option will raise errors when multi-region
|
28
|
+
access point ARNs are used. Multi-region access points can potentially
|
29
|
+
result in cross region requests.
|
30
|
+
DOCS
|
31
|
+
resolve_s3_disable_multiregion_access_points(cfg)
|
93
32
|
end
|
94
33
|
|
95
34
|
class << self
|
96
|
-
# @api private
|
97
|
-
def resolve_arn!(member_value, region, use_arn_region)
|
98
|
-
if Aws::ARNParser.arn?(member_value)
|
99
|
-
arn = Aws::ARNParser.parse(member_value)
|
100
|
-
if arn.resource.start_with?('accesspoint')
|
101
|
-
s3_arn = Aws::S3::AccessPointARN.new(arn.to_h)
|
102
|
-
elsif arn.resource.start_with?('outpost')
|
103
|
-
s3_arn = Aws::S3::OutpostAccessPointARN.new(arn.to_h)
|
104
|
-
else
|
105
|
-
raise ArgumentError,
|
106
|
-
'Only Access Point and Outpost Access Point type ARNs '\
|
107
|
-
'are currently supported.'
|
108
|
-
end
|
109
|
-
s3_arn.validate_arn!
|
110
|
-
validate_region_config!(s3_arn, region, use_arn_region)
|
111
|
-
region = s3_arn.region if use_arn_region
|
112
|
-
[region, s3_arn]
|
113
|
-
else
|
114
|
-
[region]
|
115
|
-
end
|
116
|
-
end
|
117
|
-
|
118
|
-
# @api private
|
119
|
-
def resolve_url!(url, arn, region, dualstack = false)
|
120
|
-
url.host = arn.host_url(region, dualstack)
|
121
|
-
url.path = url_path(url.path, arn)
|
122
|
-
url
|
123
|
-
end
|
124
|
-
|
125
35
|
private
|
126
36
|
|
127
37
|
def resolve_s3_use_arn_region(cfg)
|
@@ -132,53 +42,26 @@ be made. Set to `false` to use the client's region instead.
|
|
132
42
|
# Raise if provided value is not true or false
|
133
43
|
if value.nil?
|
134
44
|
raise ArgumentError,
|
135
|
-
'Must provide either `true` or `false` for '\
|
136
|
-
's3_use_arn_region profile option or for '\
|
137
|
-
"ENV['AWS_S3_USE_ARN_REGION']"
|
45
|
+
'Must provide either `true` or `false` for the '\
|
46
|
+
'`s3_use_arn_region` profile option or for '\
|
47
|
+
"ENV['AWS_S3_USE_ARN_REGION']."
|
138
48
|
end
|
139
49
|
value
|
140
50
|
end
|
141
51
|
|
142
|
-
|
143
|
-
|
144
|
-
|
145
|
-
|
146
|
-
|
147
|
-
|
148
|
-
|
149
|
-
|
150
|
-
|
151
|
-
|
152
|
-
|
153
|
-
|
154
|
-
# s3-external-1 is specific just to s3 and not part of partitions
|
155
|
-
# aws-global is a partition region
|
156
|
-
unless arn.partition == 'aws' &&
|
157
|
-
(region == 's3-external-1' || region == 'aws-global')
|
158
|
-
if !fips && arn.region.include?('fips')
|
159
|
-
raise ArgumentError,
|
160
|
-
'FIPS region ARNs are not supported for this type of ARN.'
|
161
|
-
end
|
162
|
-
|
163
|
-
if !fips && !use_arn_region && region.include?('fips')
|
164
|
-
raise ArgumentError,
|
165
|
-
'FIPS client regions are not supported for this type of '\
|
166
|
-
'ARN without s3_use_arn_region.'
|
167
|
-
end
|
168
|
-
|
169
|
-
# if it's a fips region, attempt to normalize it
|
170
|
-
if fips || use_arn_region
|
171
|
-
region = region.gsub('fips-', '').gsub('-fips', '')
|
172
|
-
end
|
173
|
-
if use_arn_region &&
|
174
|
-
!Aws::Partitions.partition(arn.partition).region?(region)
|
175
|
-
raise Aws::Errors::InvalidARNPartitionError
|
176
|
-
end
|
177
|
-
|
178
|
-
if !use_arn_region && region != arn.region
|
179
|
-
raise Aws::Errors::InvalidARNRegionError
|
180
|
-
end
|
52
|
+
def resolve_s3_disable_multiregion_access_points(cfg)
|
53
|
+
value = ENV['AWS_S3_DISABLE_MULTIREGION_ACCESS_POINTS'] ||
|
54
|
+
Aws.shared_config.s3_disable_multiregion_access_points(profile: cfg.profile) ||
|
55
|
+
'false'
|
56
|
+
value = Aws::Util.str_2_bool(value)
|
57
|
+
# Raise if provided value is not true or false
|
58
|
+
if value.nil?
|
59
|
+
raise ArgumentError,
|
60
|
+
'Must provide either `true` or `false` for '\
|
61
|
+
's3_use_arn_region profile option or for '\
|
62
|
+
"ENV['AWS_S3_USE_ARN_REGION']"
|
181
63
|
end
|
64
|
+
value
|
182
65
|
end
|
183
66
|
end
|
184
67
|
end
|
@@ -23,45 +23,10 @@ When set to `true`, the bucket name is always left in the
|
|
23
23
|
request URI and never moved to the host as a sub-domain.
|
24
24
|
DOCS
|
25
25
|
|
26
|
-
|
27
|
-
|
28
|
-
|
29
|
-
|
30
|
-
# @api private
|
31
|
-
class Handler < Seahorse::Client::Handler
|
32
|
-
|
33
|
-
def call(context)
|
34
|
-
move_dns_compat_bucket_to_subdomain(context)
|
35
|
-
@handler.call(context)
|
36
|
-
end
|
37
|
-
|
38
|
-
private
|
39
|
-
|
40
|
-
def move_dns_compat_bucket_to_subdomain(context)
|
41
|
-
bucket_name = context.params[:bucket]
|
42
|
-
endpoint = context.http_request.endpoint
|
43
|
-
if bucket_name &&
|
44
|
-
BucketDns.dns_compatible?(bucket_name, https?(endpoint)) &&
|
45
|
-
context.operation_name.to_s != 'get_bucket_location'
|
46
|
-
move_bucket_to_subdomain(bucket_name, endpoint)
|
47
|
-
end
|
48
|
-
end
|
49
|
-
|
50
|
-
def move_bucket_to_subdomain(bucket_name, endpoint)
|
51
|
-
endpoint.host = "#{bucket_name}.#{endpoint.host}"
|
52
|
-
path = endpoint.path.sub("/#{bucket_name}", '')
|
53
|
-
path = "/#{path}" unless path.match(/^\//)
|
54
|
-
endpoint.path = path
|
55
|
-
end
|
56
|
-
|
57
|
-
def https?(uri)
|
58
|
-
uri.scheme == 'https'
|
59
|
-
end
|
60
|
-
|
61
|
-
end
|
62
|
-
|
26
|
+
# These class methods were originally used in a handler in this plugin.
|
27
|
+
# SigV2 legacy signer needs this logic so we keep it here as utility.
|
28
|
+
# New endpoint resolution will check this as a matcher.
|
63
29
|
class << self
|
64
|
-
|
65
30
|
# @param [String] bucket_name
|
66
31
|
# @param [Boolean] ssl
|
67
32
|
# @return [Boolean]
|
@@ -81,7 +46,6 @@ request URI and never moved to the host as a sub-domain.
|
|
81
46
|
bucket_name !~ /(\d+\.){3}\d+/ &&
|
82
47
|
bucket_name !~ /[.-]{2}/
|
83
48
|
end
|
84
|
-
|
85
49
|
end
|
86
50
|
end
|
87
51
|
end
|
@@ -13,12 +13,7 @@ module Aws
|
|
13
13
|
def call(context)
|
14
14
|
bucket_member = _bucket_member(context.operation.input.shape)
|
15
15
|
if bucket_member && (bucket = context.params[bucket_member])
|
16
|
-
|
17
|
-
bucket,
|
18
|
-
context.config.region,
|
19
|
-
context.config.s3_use_arn_region
|
20
|
-
)
|
21
|
-
if !arn && bucket.include?('/')
|
16
|
+
if !Aws::ARNParser.arn?(bucket) && bucket.include?('/')
|
22
17
|
raise ArgumentError,
|
23
18
|
'bucket name must not contain a forward-slash (/)'
|
24
19
|
end
|
@@ -5,23 +5,14 @@ module Aws
|
|
5
5
|
module Plugins
|
6
6
|
# @api private
|
7
7
|
class Dualstack < Seahorse::Client::Plugin
|
8
|
-
|
9
|
-
option(:use_dualstack_endpoint,
|
10
|
-
default: false,
|
11
|
-
doc_type: 'Boolean',
|
12
|
-
docstring: <<-DOCS)
|
13
|
-
When set to `true`, IPv6-compatible bucket endpoints will be used
|
14
|
-
for all operations.
|
15
|
-
DOCS
|
16
|
-
|
17
|
-
def add_handlers(handlers, config)
|
8
|
+
def add_handlers(handlers, _config)
|
18
9
|
handlers.add(OptionHandler, step: :initialize)
|
19
|
-
handlers.add(DualstackHandler, step: :build, priority: 0)
|
20
10
|
end
|
21
11
|
|
22
12
|
# @api private
|
23
13
|
class OptionHandler < Seahorse::Client::Handler
|
24
14
|
def call(context)
|
15
|
+
# Support client configuration and per-operation configuration
|
25
16
|
if context.params.is_a?(Hash)
|
26
17
|
dualstack = context.params.delete(:use_dualstack_endpoint)
|
27
18
|
end
|
@@ -30,44 +21,6 @@ for all operations.
|
|
30
21
|
@handler.call(context)
|
31
22
|
end
|
32
23
|
end
|
33
|
-
|
34
|
-
# @api private
|
35
|
-
class DualstackHandler < Seahorse::Client::Handler
|
36
|
-
def call(context)
|
37
|
-
apply_dualstack_endpoint(context) if use_dualstack_endpoint?(context)
|
38
|
-
@handler.call(context)
|
39
|
-
end
|
40
|
-
|
41
|
-
private
|
42
|
-
def apply_dualstack_endpoint(context)
|
43
|
-
bucket_name = context.params[:bucket]
|
44
|
-
region = context.config.region
|
45
|
-
context.config.force_path_style
|
46
|
-
dns_suffix = Aws::Partitions::EndpointProvider.dns_suffix_for(region)
|
47
|
-
|
48
|
-
if use_bucket_dns?(bucket_name, context)
|
49
|
-
host = "#{bucket_name}.s3.dualstack.#{region}.#{dns_suffix}"
|
50
|
-
else
|
51
|
-
host = "s3.dualstack.#{region}.#{dns_suffix}"
|
52
|
-
end
|
53
|
-
endpoint = URI.parse(context.http_request.endpoint.to_s)
|
54
|
-
endpoint.scheme = context.http_request.endpoint.scheme
|
55
|
-
endpoint.port = context.http_request.endpoint.port
|
56
|
-
endpoint.host = host
|
57
|
-
context.http_request.endpoint = endpoint.to_s
|
58
|
-
end
|
59
|
-
|
60
|
-
def use_bucket_dns?(bucket_name, context)
|
61
|
-
ssl = context.http_request.endpoint.scheme == "https"
|
62
|
-
bucket_name && BucketDns.dns_compatible?(bucket_name, ssl) &&
|
63
|
-
!context.config.force_path_style
|
64
|
-
end
|
65
|
-
|
66
|
-
def use_dualstack_endpoint?(context)
|
67
|
-
context[:use_dualstack_endpoint] && !context[:use_accelerate_endpoint]
|
68
|
-
end
|
69
|
-
end
|
70
|
-
|
71
24
|
end
|
72
25
|
end
|
73
26
|
end
|