aws-sdk-s3 1.84.1 → 1.117.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (64) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +930 -0
  3. data/LICENSE.txt +202 -0
  4. data/VERSION +1 -0
  5. data/lib/aws-sdk-s3/bucket.rb +154 -46
  6. data/lib/aws-sdk-s3/bucket_acl.rb +28 -6
  7. data/lib/aws-sdk-s3/bucket_cors.rb +29 -9
  8. data/lib/aws-sdk-s3/bucket_lifecycle.rb +30 -9
  9. data/lib/aws-sdk-s3/bucket_lifecycle_configuration.rb +31 -9
  10. data/lib/aws-sdk-s3/bucket_logging.rb +25 -6
  11. data/lib/aws-sdk-s3/bucket_notification.rb +21 -9
  12. data/lib/aws-sdk-s3/bucket_policy.rb +27 -7
  13. data/lib/aws-sdk-s3/bucket_request_payment.rb +27 -8
  14. data/lib/aws-sdk-s3/bucket_tagging.rb +27 -7
  15. data/lib/aws-sdk-s3/bucket_versioning.rb +70 -10
  16. data/lib/aws-sdk-s3/bucket_website.rb +27 -7
  17. data/lib/aws-sdk-s3/client.rb +3747 -1848
  18. data/lib/aws-sdk-s3/client_api.rb +677 -227
  19. data/lib/aws-sdk-s3/customizations/bucket.rb +28 -49
  20. data/lib/aws-sdk-s3/customizations/object.rb +116 -18
  21. data/lib/aws-sdk-s3/encryption/client.rb +1 -1
  22. data/lib/aws-sdk-s3/encryption/decrypt_handler.rb +0 -4
  23. data/lib/aws-sdk-s3/encryptionV2/client.rb +1 -1
  24. data/lib/aws-sdk-s3/encryptionV2/decrypt_handler.rb +0 -4
  25. data/lib/aws-sdk-s3/encryptionV2/default_cipher_provider.rb +3 -3
  26. data/lib/aws-sdk-s3/encryptionV2/encrypt_handler.rb +0 -4
  27. data/lib/aws-sdk-s3/endpoint_parameters.rb +142 -0
  28. data/lib/aws-sdk-s3/endpoint_provider.rb +2020 -0
  29. data/lib/aws-sdk-s3/endpoints.rb +2149 -0
  30. data/lib/aws-sdk-s3/errors.rb +1 -1
  31. data/lib/aws-sdk-s3/event_streams.rb +1 -1
  32. data/lib/aws-sdk-s3/file_downloader.rb +7 -2
  33. data/lib/aws-sdk-s3/file_uploader.rb +8 -3
  34. data/lib/aws-sdk-s3/legacy_signer.rb +15 -25
  35. data/lib/aws-sdk-s3/multipart_file_uploader.rb +26 -7
  36. data/lib/aws-sdk-s3/multipart_stream_uploader.rb +36 -10
  37. data/lib/aws-sdk-s3/multipart_upload.rb +133 -19
  38. data/lib/aws-sdk-s3/multipart_upload_part.rb +141 -21
  39. data/lib/aws-sdk-s3/object.rb +430 -126
  40. data/lib/aws-sdk-s3/object_acl.rb +31 -9
  41. data/lib/aws-sdk-s3/object_summary.rb +265 -110
  42. data/lib/aws-sdk-s3/object_version.rb +80 -53
  43. data/lib/aws-sdk-s3/plugins/accelerate.rb +1 -39
  44. data/lib/aws-sdk-s3/plugins/arn.rb +25 -142
  45. data/lib/aws-sdk-s3/plugins/bucket_dns.rb +3 -39
  46. data/lib/aws-sdk-s3/plugins/bucket_name_restrictions.rb +1 -6
  47. data/lib/aws-sdk-s3/plugins/dualstack.rb +2 -49
  48. data/lib/aws-sdk-s3/plugins/endpoints.rb +262 -0
  49. data/lib/aws-sdk-s3/plugins/expect_100_continue.rb +3 -1
  50. data/lib/aws-sdk-s3/plugins/get_bucket_location_fix.rb +1 -1
  51. data/lib/aws-sdk-s3/plugins/iad_regional_endpoint.rb +8 -31
  52. data/lib/aws-sdk-s3/plugins/md5s.rb +5 -3
  53. data/lib/aws-sdk-s3/plugins/s3_signer.rb +33 -102
  54. data/lib/aws-sdk-s3/plugins/skip_whole_multipart_get_checksums.rb +31 -0
  55. data/lib/aws-sdk-s3/plugins/streaming_retry.rb +23 -2
  56. data/lib/aws-sdk-s3/presigned_post.rb +47 -35
  57. data/lib/aws-sdk-s3/presigner.rb +39 -49
  58. data/lib/aws-sdk-s3/resource.rb +24 -4
  59. data/lib/aws-sdk-s3/types.rb +3785 -4735
  60. data/lib/aws-sdk-s3/waiters.rb +1 -1
  61. data/lib/aws-sdk-s3.rb +6 -2
  62. metadata +19 -14
  63. data/lib/aws-sdk-s3/arn/access_point_arn.rb +0 -62
  64. data/lib/aws-sdk-s3/arn/outpost_access_point_arn.rb +0 -71
@@ -98,7 +98,7 @@ module Aws
98
98
  # or call the associated method.
99
99
  #
100
100
  # ```ruby
101
- # post = Aws::S3::PresignedPost.new(creds, region, bucket).
101
+ # post = Aws::S3::PresignedPost.new(creds, region, bucket)
102
102
  # post.content_type('text/plain')
103
103
  # ```
104
104
  #
@@ -176,11 +176,17 @@ module Aws
176
176
  # ```
177
177
  #
178
178
  class PresignedPost
179
+ @@allowed_fields = []
179
180
 
180
181
  # @param [Credentials] credentials Security credentials for signing
181
182
  # the post policy.
182
183
  # @param [String] bucket_region Region of the target bucket.
183
184
  # @param [String] bucket_name Name of the target bucket.
185
+ # @option options [Boolean] :use_accelerate_endpoint (false) When `true`,
186
+ # PresignedPost will attempt to use accelerated endpoint.
187
+ # @option options [String] :url See {PresignedPost#url}.
188
+ # @option options [Sting, Array<String>] :allow_any
189
+ # See {PresignedPost#allow_any}.
184
190
  # @option options [Time] :signature_expiration Specify when the signature on
185
191
  # the post will expire. Defaults to one hour from creation of the
186
192
  # presigned post. May not exceed one week from creation time.
@@ -205,7 +211,7 @@ module Aws
205
211
  # See {PresignedPost#content_encoding}.
206
212
  # @option options [String] :content_encoding_starts_with
207
213
  # See {PresignedPost#content_encoding_starts_with}.
208
- # @option options [String] :expires See {PresignedPost#expires}.
214
+ # @option options [Time] :expires See {PresignedPost#expires}.
209
215
  # @option options [String] :expires_starts_with
210
216
  # See {PresignedPost#expires_starts_with}.
211
217
  # @option options [Range<Integer>] :content_length_range
@@ -232,6 +238,8 @@ module Aws
232
238
  # See {PresignedPost#server_side_encryption_customer_algorithm}.
233
239
  # @option options [String] :server_side_encryption_customer_key
234
240
  # See {PresignedPost#server_side_encryption_customer_key}.
241
+ # @option options [String] :server_side_encryption_customer_key_starts_with
242
+ # See {PresignedPost#server_side_encryption_customer_key_starts_with}.
235
243
  def initialize(credentials, bucket_region, bucket_name, options = {})
236
244
  @credentials = credentials.credentials
237
245
  @bucket_region = bucket_region
@@ -247,7 +255,12 @@ module Aws
247
255
  case option_name
248
256
  when :allow_any then allow_any(option_value)
249
257
  when :signature_expiration then @signature_expiration = option_value
250
- else send("#{option_name}", option_value)
258
+ else
259
+ if @@allowed_fields.include?(option_name)
260
+ send("#{option_name}", option_value)
261
+ else
262
+ raise ArgumentError, "Unsupported option: #{option_name}"
263
+ end
251
264
  end
252
265
  end
253
266
  end
@@ -279,17 +292,23 @@ module Aws
279
292
  end
280
293
 
281
294
  # @api private
282
- def self.define_field(field, *args)
295
+ def self.define_field(field, *args, &block)
296
+ @@allowed_fields << field
283
297
  options = args.last.is_a?(Hash) ? args.pop : {}
284
298
  field_name = args.last || field.to_s
285
299
 
286
- define_method("#{field}") do |value|
287
- with(field_name, value)
288
- end
300
+ if block_given?
301
+ define_method("#{field}", block)
302
+ else
303
+ define_method("#{field}") do |value|
304
+ with(field_name, value)
305
+ end
289
306
 
290
- if options[:starts_with]
291
- define_method("#{field}_starts_with") do |value|
292
- starts_with(field_name, value)
307
+ if options[:starts_with]
308
+ @@allowed_fields << "#{field}_starts_with".to_sym
309
+ define_method("#{field}_starts_with") do |value|
310
+ starts_with(field_name, value)
311
+ end
293
312
  end
294
313
  end
295
314
  end
@@ -307,7 +326,7 @@ module Aws
307
326
  # @param [String] key
308
327
  # @see http://docs.aws.amazon.com/AmazonS3/latest/dev/UsingMetadata.html)
309
328
  # @return [self]
310
- def key(key)
329
+ define_field(:key) do |key|
311
330
  @key_set = true
312
331
  with('key', key)
313
332
  end
@@ -316,7 +335,7 @@ module Aws
316
335
  # @param [String] prefix
317
336
  # @see #key
318
337
  # @return [self]
319
- def key_starts_with(prefix)
338
+ define_field(:key_starts_with) do |prefix|
320
339
  @key_set = true
321
340
  starts_with('key', prefix)
322
341
  end
@@ -399,21 +418,21 @@ module Aws
399
418
  # @param [Time] time
400
419
  # @see http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.21
401
420
  # @return [self]
402
- def expires(time)
421
+ define_field(:expires) do |time|
403
422
  with('Expires', time.httpdate)
404
423
  end
405
424
 
406
425
  # @param [String] prefix
407
426
  # @see #expires
408
427
  # @return [self]
409
- def expires_starts_with(prefix)
428
+ define_field(:expires_starts_with) do |prefix|
410
429
  starts_with('Expires', prefix)
411
430
  end
412
431
 
413
432
  # The minimum and maximum allowable size for the uploaded content.
414
433
  # @param [Range<Integer>] byte_range
415
434
  # @return [self]
416
- def content_length_range(byte_range)
435
+ define_field(:content_length_range) do |byte_range|
417
436
  min = byte_range.begin
418
437
  max = byte_range.end
419
438
  max -= 1 if byte_range.exclude_end?
@@ -492,7 +511,7 @@ module Aws
492
511
  # prefixed with "x-amz-meta-".
493
512
  # @param [Hash<String,String>] hash
494
513
  # @return [self]
495
- def metadata(hash)
514
+ define_field(:metadata) do |hash|
496
515
  hash.each do |key, value|
497
516
  with("x-amz-meta-#{key}", value)
498
517
  end
@@ -503,7 +522,7 @@ module Aws
503
522
  # @param [Hash<String,String>] hash
504
523
  # @see #metadata
505
524
  # @return [self]
506
- def metadata_starts_with(hash)
525
+ define_field(:metadata_starts_with) do |hash|
507
526
  hash.each do |key, value|
508
527
  starts_with("x-amz-meta-#{key}", value)
509
528
  end
@@ -561,7 +580,7 @@ module Aws
561
580
  # @param [String] value
562
581
  # @see #server_side_encryption_customer_algorithm
563
582
  # @return [self]
564
- def server_side_encryption_customer_key(value)
583
+ define_field(:server_side_encryption_customer_key) do |value|
565
584
  field_name = 'x-amz-server-side-encryption-customer-key'
566
585
  with(field_name, base64(value))
567
586
  with(field_name + '-MD5', base64(OpenSSL::Digest::MD5.digest(value)))
@@ -570,7 +589,7 @@ module Aws
570
589
  # @param [String] prefix
571
590
  # @see #server_side_encryption_customer_key
572
591
  # @return [self]
573
- def server_side_encryption_customer_key_starts_with(prefix)
592
+ define_field(:server_side_encryption_customer_key_starts_with) do |prefix|
574
593
  field_name = 'x-amz-server-side-encryption-customer-key'
575
594
  starts_with(field_name, prefix)
576
595
  end
@@ -610,22 +629,15 @@ module Aws
610
629
  end
611
630
 
612
631
  def bucket_url
613
- url = Aws::Partitions::EndpointProvider.resolve(@bucket_region, 's3')
614
- url = URI.parse(url)
615
- if Plugins::BucketDns.dns_compatible?(@bucket_name, _ssl = true)
616
- if @accelerate
617
- url.host = "#{@bucket_name}.s3-accelerate.amazonaws.com"
618
- else
619
- url.host = "#{@bucket_name}.#{url.host}"
620
- end
621
- else
622
- url.path = "/#{@bucket_name}"
623
- end
624
- if @bucket_region == 'us-east-1'
625
- # keep legacy behavior by default
626
- url.host = Plugins::IADRegionalEndpoint.legacy_host(url.host)
627
- end
628
- url.to_s
632
+ # Taken from Aws::S3::Endpoints module
633
+ params = Aws::S3::EndpointParameters.new(
634
+ bucket: @bucket_name,
635
+ region: @bucket_region,
636
+ accelerate: @accelerate,
637
+ use_global_endpoint: true
638
+ )
639
+ endpoint = Aws::S3::EndpointProvider.new.resolve_endpoint(params)
640
+ endpoint.url
629
641
  end
630
642
 
631
643
  # @return [Hash]
@@ -58,8 +58,7 @@ module Aws
58
58
  # is returned instead of the default HTTPS URL.
59
59
  #
60
60
  # @option params [Boolean] :virtual_host (false) When `true`, the
61
- # bucket name will be used as the hostname. This will cause
62
- # the returned URL to be 'http' and not 'https'.
61
+ # bucket name will be used as the hostname.
63
62
  #
64
63
  # @option params [Boolean] :use_accelerate_endpoint (false) When `true`,
65
64
  # Presigner will attempt to use accelerated endpoint.
@@ -134,14 +133,15 @@ module Aws
134
133
  virtual_host = params.delete(:virtual_host)
135
134
  time = params.delete(:time)
136
135
  unsigned_headers = unsigned_headers(params)
137
- scheme = http_scheme(params)
136
+ secure = params.delete(:secure) != false
138
137
  expires_in = expires_in(params)
139
138
 
140
139
  req = @client.build_request(method, params)
141
140
  use_bucket_as_hostname(req) if virtual_host
141
+ handle_presigned_url_context(req)
142
142
 
143
143
  x_amz_headers = sign_but_dont_send(
144
- req, expires_in, scheme, time, unsigned_headers, hoist
144
+ req, expires_in, secure, time, unsigned_headers, hoist
145
145
  )
146
146
  [req.send_request.data, x_amz_headers]
147
147
  end
@@ -151,14 +151,6 @@ module Aws
151
151
  BLACKLISTED_HEADERS - whitelist_headers
152
152
  end
153
153
 
154
- def http_scheme(params)
155
- if params.delete(:secure) == false
156
- 'http'
157
- else
158
- @client.config.endpoint.scheme
159
- end
160
- end
161
-
162
154
  def expires_in(params)
163
155
  if (expires_in = params.delete(:expires_in))
164
156
  if expires_in > ONE_WEEK
@@ -175,8 +167,7 @@ module Aws
175
167
  end
176
168
 
177
169
  def use_bucket_as_hostname(req)
178
- req.handlers.remove(Plugins::BucketDns::Handler)
179
- req.handle do |context|
170
+ req.handle(priority: 35) do |context|
180
171
  uri = context.http_request.endpoint
181
172
  uri.host = context.params[:bucket]
182
173
  uri.path.sub!("/#{context.params[:bucket]}", '')
@@ -184,26 +175,34 @@ module Aws
184
175
  end
185
176
  end
186
177
 
178
+ # Used for excluding presigned_urls from API request count.
179
+ #
180
+ # Store context information as early as possible, to allow
181
+ # handlers to perform decisions based on this flag if need.
182
+ def handle_presigned_url_context(req)
183
+ req.handle(step: :initialize, priority: 98) do |context|
184
+ context[:presigned_url] = true
185
+ @handler.call(context)
186
+ end
187
+ end
188
+
187
189
  # @param [Seahorse::Client::Request] req
188
190
  def sign_but_dont_send(
189
- req, expires_in, scheme, time, unsigned_headers, hoist = true
191
+ req, expires_in, secure, time, unsigned_headers, hoist = true
190
192
  )
191
193
  x_amz_headers = {}
192
194
 
193
195
  http_req = req.context.http_request
194
196
 
195
197
  req.handlers.remove(Aws::S3::Plugins::S3Signer::LegacyHandler)
196
- req.handlers.remove(Aws::S3::Plugins::S3Signer::V4Handler)
198
+ req.handlers.remove(Aws::Plugins::Sign::Handler)
197
199
  req.handlers.remove(Seahorse::Client::Plugins::ContentLength::Handler)
198
200
 
199
- signer = build_signer(req.context, unsigned_headers)
200
-
201
201
  req.handle(step: :send) do |context|
202
- if scheme != http_req.endpoint.scheme
203
- endpoint = http_req.endpoint.dup
204
- endpoint.scheme = scheme
205
- endpoint.port = (scheme == 'http' ? 80 : 443)
206
- http_req.endpoint = URI.parse(endpoint.to_s)
202
+ # if an endpoint was not provided, force secure or insecure
203
+ if context.config.regional_endpoint
204
+ http_req.endpoint.scheme = secure ? 'https' : 'http'
205
+ http_req.endpoint.port = secure ? 443 : 80
207
206
  end
208
207
 
209
208
  query = http_req.endpoint.query ? http_req.endpoint.query.split('&') : []
@@ -222,6 +221,23 @@ module Aws
222
221
  end
223
222
  http_req.endpoint.query = query.join('&') unless query.empty?
224
223
 
224
+ auth_scheme = context[:auth_scheme]
225
+ scheme_name = auth_scheme['name']
226
+ region = if scheme_name == 'sigv4a'
227
+ auth_scheme['signingRegionSet'].first
228
+ else
229
+ auth_scheme['signingRegion']
230
+ end
231
+ signer = Aws::Sigv4::Signer.new(
232
+ service: auth_scheme['signingName'] || 's3',
233
+ region: region || context.config.region,
234
+ credentials_provider: context.config.credentials,
235
+ signing_algorithm: scheme_name.to_sym,
236
+ uri_escape_path: !!!auth_scheme['disableDoubleEncoding'],
237
+ unsigned_headers: unsigned_headers,
238
+ apply_checksum_header: false
239
+ )
240
+
225
241
  url = signer.presign_url(
226
242
  http_method: http_req.http_method,
227
243
  url: http_req.endpoint,
@@ -231,37 +247,11 @@ module Aws
231
247
  time: time
232
248
  ).to_s
233
249
 
234
- # Used for excluding presigned_urls from API request count
235
- context[:presigned_url] = true
236
-
237
250
  Seahorse::Client::Response.new(context: context, data: url)
238
251
  end
239
252
  # Return the headers
240
253
  x_amz_headers
241
254
  end
242
-
243
- def build_signer(context, unsigned_headers)
244
- signer_opts = {
245
- service: 's3',
246
- region: context.config.region,
247
- credentials_provider: context.config.credentials,
248
- unsigned_headers: unsigned_headers,
249
- uri_escape_path: false
250
- }
251
-
252
- resolved_region, arn = Aws::S3::Plugins::ARN.resolve_arn!(
253
- context.params[:bucket],
254
- context.config.sigv4_signer.region,
255
- context.config.s3_use_arn_region
256
- )
257
-
258
- if arn
259
- signer_opts[:region] = resolved_region
260
- signer_opts[:service] = arn.service
261
- end
262
-
263
- Aws::Sigv4::Signer.new(signer_opts)
264
- end
265
255
  end
266
256
  end
267
257
  end
@@ -3,7 +3,7 @@
3
3
  # WARNING ABOUT GENERATED CODE
4
4
  #
5
5
  # This file is generated. See the contributing guide for more information:
6
- # https://github.com/aws/aws-sdk-ruby/blob/master/CONTRIBUTING.md
6
+ # https://github.com/aws/aws-sdk-ruby/blob/version-3/CONTRIBUTING.md
7
7
  #
8
8
  # WARNING ABOUT GENERATED CODE
9
9
 
@@ -41,7 +41,7 @@ module Aws::S3
41
41
  # acl: "private", # accepts private, public-read, public-read-write, authenticated-read
42
42
  # bucket: "BucketName", # required
43
43
  # create_bucket_configuration: {
44
- # location_constraint: "af-south-1", # accepts af-south-1, ap-east-1, ap-northeast-1, ap-northeast-2, ap-northeast-3, ap-south-1, ap-southeast-1, ap-southeast-2, ca-central-1, cn-north-1, cn-northwest-1, EU, eu-central-1, eu-north-1, eu-south-1, eu-west-1, eu-west-2, eu-west-3, me-south-1, sa-east-1, us-east-2, us-gov-east-1, us-gov-west-1, us-west-1, us-west-2
44
+ # location_constraint: "af-south-1", # accepts af-south-1, ap-east-1, ap-northeast-1, ap-northeast-2, ap-northeast-3, ap-south-1, ap-southeast-1, ap-southeast-2, ap-southeast-3, ca-central-1, cn-north-1, cn-northwest-1, EU, eu-central-1, eu-north-1, eu-south-1, eu-west-1, eu-west-2, eu-west-3, me-south-1, sa-east-1, us-east-2, us-gov-east-1, us-gov-west-1, us-west-1, us-west-2
45
45
  # },
46
46
  # grant_full_control: "GrantFullControl",
47
47
  # grant_read: "GrantRead",
@@ -49,6 +49,7 @@ module Aws::S3
49
49
  # grant_write: "GrantWrite",
50
50
  # grant_write_acp: "GrantWriteACP",
51
51
  # object_lock_enabled_for_bucket: false,
52
+ # object_ownership: "BucketOwnerPreferred", # accepts BucketOwnerPreferred, ObjectWriter, BucketOwnerEnforced
52
53
  # })
53
54
  # @param [Hash] options ({})
54
55
  # @option options [String] :acl
@@ -65,13 +66,32 @@ module Aws::S3
65
66
  # @option options [String] :grant_read_acp
66
67
  # Allows grantee to read the bucket ACL.
67
68
  # @option options [String] :grant_write
68
- # Allows grantee to create, overwrite, and delete any object in the
69
- # bucket.
69
+ # Allows grantee to create new objects in the bucket.
70
+ #
71
+ # For the bucket and object owners of existing objects, also allows
72
+ # deletions and overwrites of those objects.
70
73
  # @option options [String] :grant_write_acp
71
74
  # Allows grantee to write the ACL for the applicable bucket.
72
75
  # @option options [Boolean] :object_lock_enabled_for_bucket
73
76
  # Specifies whether you want S3 Object Lock to be enabled for the new
74
77
  # bucket.
78
+ # @option options [String] :object_ownership
79
+ # The container element for object ownership for a bucket's ownership
80
+ # controls.
81
+ #
82
+ # BucketOwnerPreferred - Objects uploaded to the bucket change ownership
83
+ # to the bucket owner if the objects are uploaded with the
84
+ # `bucket-owner-full-control` canned ACL.
85
+ #
86
+ # ObjectWriter - The uploading account will own the object if the object
87
+ # is uploaded with the `bucket-owner-full-control` canned ACL.
88
+ #
89
+ # BucketOwnerEnforced - Access control lists (ACLs) are disabled and no
90
+ # longer affect permissions. The bucket owner automatically owns and has
91
+ # full control over every object in the bucket. The bucket only accepts
92
+ # PUT requests that don't specify an ACL or bucket owner full control
93
+ # ACLs, such as the `bucket-owner-full-control` canned ACL or an
94
+ # equivalent form of this ACL expressed in the XML format.
75
95
  # @return [Bucket]
76
96
  def create_bucket(options = {})
77
97
  @client.create_bucket(options)