aws-sdk-s3 1.87.0 → 1.96.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (48) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +778 -0
  3. data/LICENSE.txt +202 -0
  4. data/VERSION +1 -0
  5. data/lib/aws-sdk-s3.rb +2 -2
  6. data/lib/aws-sdk-s3/arn/access_point_arn.rb +15 -8
  7. data/lib/aws-sdk-s3/arn/object_lambda_arn.rb +69 -0
  8. data/lib/aws-sdk-s3/arn/outpost_access_point_arn.rb +10 -8
  9. data/lib/aws-sdk-s3/bucket.rb +22 -21
  10. data/lib/aws-sdk-s3/bucket_acl.rb +6 -4
  11. data/lib/aws-sdk-s3/bucket_cors.rb +5 -5
  12. data/lib/aws-sdk-s3/bucket_lifecycle.rb +3 -3
  13. data/lib/aws-sdk-s3/bucket_lifecycle_configuration.rb +3 -3
  14. data/lib/aws-sdk-s3/bucket_logging.rb +3 -4
  15. data/lib/aws-sdk-s3/bucket_notification.rb +2 -2
  16. data/lib/aws-sdk-s3/bucket_policy.rb +3 -3
  17. data/lib/aws-sdk-s3/bucket_request_payment.rb +5 -6
  18. data/lib/aws-sdk-s3/bucket_tagging.rb +3 -3
  19. data/lib/aws-sdk-s3/bucket_versioning.rb +4 -4
  20. data/lib/aws-sdk-s3/bucket_website.rb +3 -3
  21. data/lib/aws-sdk-s3/client.rb +1368 -1015
  22. data/lib/aws-sdk-s3/client_api.rb +62 -1
  23. data/lib/aws-sdk-s3/customizations/bucket.rb +8 -3
  24. data/lib/aws-sdk-s3/customizations/object.rb +39 -14
  25. data/lib/aws-sdk-s3/encryptionV2/default_cipher_provider.rb +3 -3
  26. data/lib/aws-sdk-s3/errors.rb +1 -1
  27. data/lib/aws-sdk-s3/event_streams.rb +1 -1
  28. data/lib/aws-sdk-s3/file_uploader.rb +2 -2
  29. data/lib/aws-sdk-s3/multipart_upload.rb +7 -7
  30. data/lib/aws-sdk-s3/multipart_upload_part.rb +7 -7
  31. data/lib/aws-sdk-s3/object.rb +127 -42
  32. data/lib/aws-sdk-s3/object_acl.rb +7 -5
  33. data/lib/aws-sdk-s3/object_summary.rb +40 -41
  34. data/lib/aws-sdk-s3/object_version.rb +14 -14
  35. data/lib/aws-sdk-s3/plugins/accelerate.rb +7 -4
  36. data/lib/aws-sdk-s3/plugins/arn.rb +96 -55
  37. data/lib/aws-sdk-s3/plugins/dualstack.rb +10 -3
  38. data/lib/aws-sdk-s3/plugins/expect_100_continue.rb +2 -1
  39. data/lib/aws-sdk-s3/plugins/get_bucket_location_fix.rb +1 -1
  40. data/lib/aws-sdk-s3/plugins/iad_regional_endpoint.rb +11 -11
  41. data/lib/aws-sdk-s3/plugins/md5s.rb +1 -1
  42. data/lib/aws-sdk-s3/plugins/object_lambda_endpoint.rb +25 -0
  43. data/lib/aws-sdk-s3/plugins/s3_signer.rb +24 -26
  44. data/lib/aws-sdk-s3/presigner.rb +27 -30
  45. data/lib/aws-sdk-s3/resource.rb +5 -3
  46. data/lib/aws-sdk-s3/types.rb +1029 -570
  47. data/lib/aws-sdk-s3/waiters.rb +1 -1
  48. metadata +13 -9
@@ -3,7 +3,7 @@
3
3
  # WARNING ABOUT GENERATED CODE
4
4
  #
5
5
  # This file is generated. See the contributing guide for more information:
6
- # https://github.com/aws/aws-sdk-ruby/blob/master/CONTRIBUTING.md
6
+ # https://github.com/aws/aws-sdk-ruby/blob/version-3/CONTRIBUTING.md
7
7
  #
8
8
  # WARNING ABOUT GENERATED CODE
9
9
 
@@ -267,8 +267,10 @@ module Aws::S3
267
267
  #
268
268
  # This action is not supported by Amazon S3 on Outposts.
269
269
  # @option options [String] :grant_write
270
- # Allows grantee to create, overwrite, and delete any object in the
271
- # bucket.
270
+ # Allows grantee to create new objects in the bucket.
271
+ #
272
+ # For the bucket and object owners of existing objects, also allows
273
+ # deletions and overwrites of those objects.
272
274
  # @option options [String] :grant_write_acp
273
275
  # Allows grantee to write the ACL for the applicable bucket.
274
276
  #
@@ -278,7 +280,7 @@ module Aws::S3
278
280
  # request. Bucket owners need not specify this parameter in their
279
281
  # requests. For information about downloading objects from requester
280
282
  # pays buckets, see [Downloading Objects in Requestor Pays Buckets][1]
281
- # in the *Amazon S3 Developer Guide*.
283
+ # in the *Amazon S3 User Guide*.
282
284
  #
283
285
  #
284
286
  #
@@ -286,7 +288,7 @@ module Aws::S3
286
288
  # @option options [String] :version_id
287
289
  # VersionId used to reference a specific version of the object.
288
290
  # @option options [String] :expected_bucket_owner
289
- # The account id of the expected bucket owner. If the bucket is owned by
291
+ # The account ID of the expected bucket owner. If the bucket is owned by
290
292
  # a different account, the request will fail with an HTTP `403 (Access
291
293
  # Denied)` error.
292
294
  # @return [Types::PutObjectAclOutput]
@@ -3,7 +3,7 @@
3
3
  # WARNING ABOUT GENERATED CODE
4
4
  #
5
5
  # This file is generated. See the contributing guide for more information:
6
- # https://github.com/aws/aws-sdk-ruby/blob/master/CONTRIBUTING.md
6
+ # https://github.com/aws/aws-sdk-ruby/blob/version-3/CONTRIBUTING.md
7
7
  #
8
8
  # WARNING ABOUT GENERATED CODE
9
9
 
@@ -42,7 +42,7 @@ module Aws::S3
42
42
  @key
43
43
  end
44
44
 
45
- # The date the Object was Last Modified
45
+ # Creation date of the object.
46
46
  # @return [Time]
47
47
  def last_modified
48
48
  data[:last_modified]
@@ -375,7 +375,7 @@ module Aws::S3
375
375
  #
376
376
  #
377
377
  #
378
- # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/access-points.html
378
+ # [1]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-points.html
379
379
  # @option options [String] :copy_source_if_match
380
380
  # Copies the object if its entity tag (ETag) matches the specified tag.
381
381
  # @option options [Time,DateTime,Date,Integer,String] :copy_source_if_modified_since
@@ -422,7 +422,7 @@ module Aws::S3
422
422
  # and high availability. Depending on performance needs, you can specify
423
423
  # a different Storage Class. Amazon S3 on Outposts only uses the
424
424
  # OUTPOSTS Storage Class. For more information, see [Storage Classes][1]
425
- # in the *Amazon S3 Service Developer Guide*.
425
+ # in the *Amazon S3 User Guide*.
426
426
  #
427
427
  #
428
428
  #
@@ -449,8 +449,8 @@ module Aws::S3
449
449
  # PUT requests for an object protected by AWS KMS will fail if not made
450
450
  # via SSL or using SigV4. For information about configuring using any of
451
451
  # the officially supported AWS SDKs and AWS CLI, see [Specifying the
452
- # Signature Version in Request Authentication][1] in the *Amazon S3
453
- # Developer Guide*.
452
+ # Signature Version in Request Authentication][1] in the *Amazon S3 User
453
+ # Guide*.
454
454
  #
455
455
  #
456
456
  #
@@ -465,8 +465,8 @@ module Aws::S3
465
465
  # Setting this header to `true` causes Amazon S3 to use an S3 Bucket Key
466
466
  # for object encryption with SSE-KMS.
467
467
  #
468
- # Specifying this header with a COPY operation doesn’t affect
469
- # bucket-level settings for S3 Bucket Key.
468
+ # Specifying this header with a COPY action doesn’t affect bucket-level
469
+ # settings for S3 Bucket Key.
470
470
  # @option options [String] :copy_source_sse_customer_algorithm
471
471
  # Specifies the algorithm to use when decrypting the source object (for
472
472
  # example, AES256).
@@ -483,7 +483,7 @@ module Aws::S3
483
483
  # request. Bucket owners need not specify this parameter in their
484
484
  # requests. For information about downloading objects from requester
485
485
  # pays buckets, see [Downloading Objects in Requestor Pays Buckets][1]
486
- # in the *Amazon S3 Developer Guide*.
486
+ # in the *Amazon S3 User Guide*.
487
487
  #
488
488
  #
489
489
  #
@@ -500,11 +500,11 @@ module Aws::S3
500
500
  # @option options [String] :object_lock_legal_hold_status
501
501
  # Specifies whether you want to apply a Legal Hold to the copied object.
502
502
  # @option options [String] :expected_bucket_owner
503
- # The account id of the expected destination bucket owner. If the
503
+ # The account ID of the expected destination bucket owner. If the
504
504
  # destination bucket is owned by a different account, the request will
505
505
  # fail with an HTTP `403 (Access Denied)` error.
506
506
  # @option options [String] :expected_source_bucket_owner
507
- # The account id of the expected source bucket owner. If the source
507
+ # The account ID of the expected source bucket owner. If the source
508
508
  # bucket is owned by a different account, the request will fail with an
509
509
  # HTTP `403 (Access Denied)` error.
510
510
  # @return [Types::CopyObjectOutput]
@@ -539,7 +539,7 @@ module Aws::S3
539
539
  # request. Bucket owners need not specify this parameter in their
540
540
  # requests. For information about downloading objects from requester
541
541
  # pays buckets, see [Downloading Objects in Requestor Pays Buckets][1]
542
- # in the *Amazon S3 Developer Guide*.
542
+ # in the *Amazon S3 User Guide*.
543
543
  #
544
544
  #
545
545
  #
@@ -548,7 +548,7 @@ module Aws::S3
548
548
  # Indicates whether S3 Object Lock should bypass Governance-mode
549
549
  # restrictions to process this operation.
550
550
  # @option options [String] :expected_bucket_owner
551
- # The account id of the expected bucket owner. If the bucket is owned by
551
+ # The account ID of the expected bucket owner. If the bucket is owned by
552
552
  # a different account, the request will fail with an HTTP `403 (Access
553
553
  # Denied)` error.
554
554
  # @return [Types::DeleteObjectOutput]
@@ -624,13 +624,13 @@ module Aws::S3
624
624
  # @option options [String] :version_id
625
625
  # VersionId used to reference a specific version of the object.
626
626
  # @option options [String] :sse_customer_algorithm
627
- # Specifies the algorithm to use to when encrypting the object (for
627
+ # Specifies the algorithm to use to when decrypting the object (for
628
628
  # example, AES256).
629
629
  # @option options [String] :sse_customer_key
630
- # Specifies the customer-provided encryption key for Amazon S3 to use in
631
- # encrypting data. This value is used to store the object and then it is
632
- # discarded; Amazon S3 does not store the encryption key. The key must
633
- # be appropriate for use with the algorithm specified in the
630
+ # Specifies the customer-provided encryption key for Amazon S3 used to
631
+ # encrypt the data. This value is used to decrypt the object when
632
+ # recovering it and must match the one used when storing the data. The
633
+ # key must be appropriate for use with the algorithm specified in the
634
634
  # `x-amz-server-side-encryption-customer-algorithm` header.
635
635
  # @option options [String] :sse_customer_key_md5
636
636
  # Specifies the 128-bit MD5 digest of the encryption key according to
@@ -641,7 +641,7 @@ module Aws::S3
641
641
  # request. Bucket owners need not specify this parameter in their
642
642
  # requests. For information about downloading objects from requester
643
643
  # pays buckets, see [Downloading Objects in Requestor Pays Buckets][1]
644
- # in the *Amazon S3 Developer Guide*.
644
+ # in the *Amazon S3 User Guide*.
645
645
  #
646
646
  #
647
647
  #
@@ -652,7 +652,7 @@ module Aws::S3
652
652
  # for the part specified. Useful for downloading just a part of an
653
653
  # object.
654
654
  # @option options [String] :expected_bucket_owner
655
- # The account id of the expected bucket owner. If the bucket is owned by
655
+ # The account ID of the expected bucket owner. If the bucket is owned by
656
656
  # a different account, the request will fail with an HTTP `403 (Access
657
657
  # Denied)` error.
658
658
  # @return [Types::GetObjectOutput]
@@ -745,7 +745,7 @@ module Aws::S3
745
745
  # and high availability. Depending on performance needs, you can specify
746
746
  # a different Storage Class. Amazon S3 on Outposts only uses the
747
747
  # OUTPOSTS Storage Class. For more information, see [Storage Classes][1]
748
- # in the *Amazon S3 Service Developer Guide*.
748
+ # in the *Amazon S3 User Guide*.
749
749
  #
750
750
  #
751
751
  #
@@ -773,11 +773,11 @@ module Aws::S3
773
773
  # protected by AWS KMS will fail if not made via SSL or using SigV4. For
774
774
  # information about configuring using any of the officially supported
775
775
  # AWS SDKs and AWS CLI, see [Specifying the Signature Version in Request
776
- # Authentication][1] in the *Amazon S3 Developer Guide*.
776
+ # Authentication][1] in the *Amazon S3 User Guide*.
777
777
  #
778
778
  #
779
779
  #
780
- # [1]: https://docs.aws.amazon.com/http:/docs.aws.amazon.com/AmazonS3/latest/dev/UsingAWSSDK.html#specify-signature-version
780
+ # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingAWSSDK.html#specify-signature-version
781
781
  # @option options [String] :ssekms_encryption_context
782
782
  # Specifies the AWS KMS Encryption Context to use for object encryption.
783
783
  # The value of this header is a base64-encoded UTF-8 string holding JSON
@@ -788,14 +788,14 @@ module Aws::S3
788
788
  # Setting this header to `true` causes Amazon S3 to use an S3 Bucket Key
789
789
  # for object encryption with SSE-KMS.
790
790
  #
791
- # Specifying this header with an object operation doesn’t affect
791
+ # Specifying this header with an object action doesn’t affect
792
792
  # bucket-level settings for S3 Bucket Key.
793
793
  # @option options [String] :request_payer
794
794
  # Confirms that the requester knows that they will be charged for the
795
795
  # request. Bucket owners need not specify this parameter in their
796
796
  # requests. For information about downloading objects from requester
797
797
  # pays buckets, see [Downloading Objects in Requestor Pays Buckets][1]
798
- # in the *Amazon S3 Developer Guide*.
798
+ # in the *Amazon S3 User Guide*.
799
799
  #
800
800
  #
801
801
  #
@@ -812,7 +812,7 @@ module Aws::S3
812
812
  # Specifies whether you want to apply a Legal Hold to the uploaded
813
813
  # object.
814
814
  # @option options [String] :expected_bucket_owner
815
- # The account id of the expected bucket owner. If the bucket is owned by
815
+ # The account ID of the expected bucket owner. If the bucket is owned by
816
816
  # a different account, the request will fail with an HTTP `403 (Access
817
817
  # Denied)` error.
818
818
  # @return [MultipartUpload]
@@ -969,7 +969,7 @@ module Aws::S3
969
969
  # and high availability. Depending on performance needs, you can specify
970
970
  # a different Storage Class. Amazon S3 on Outposts only uses the
971
971
  # OUTPOSTS Storage Class. For more information, see [Storage Classes][1]
972
- # in the *Amazon S3 Service Developer Guide*.
972
+ # in the *Amazon S3 User Guide*.
973
973
  #
974
974
  #
975
975
  #
@@ -1016,14 +1016,12 @@ module Aws::S3
1016
1016
  # If `x-amz-server-side-encryption` is present and has the value of
1017
1017
  # `aws:kms`, this header specifies the ID of the AWS Key Management
1018
1018
  # Service (AWS KMS) symmetrical customer managed customer master key
1019
- # (CMK) that was used for the object.
1020
- #
1021
- # If the value of `x-amz-server-side-encryption` is `aws:kms`, this
1022
- # header specifies the ID of the symmetric customer managed AWS KMS CMK
1023
- # that will be used for the object. If you specify
1019
+ # (CMK) that was used for the object. If you specify
1024
1020
  # `x-amz-server-side-encryption:aws:kms`, but do not provide`
1025
1021
  # x-amz-server-side-encryption-aws-kms-key-id`, Amazon S3 uses the AWS
1026
- # managed CMK in AWS to protect the data.
1022
+ # managed CMK in AWS to protect the data. If the KMS key does not exist
1023
+ # in the same account issuing the command, you must use the full ARN and
1024
+ # not just the ID.
1027
1025
  # @option options [String] :ssekms_encryption_context
1028
1026
  # Specifies the AWS KMS Encryption Context to use for object encryption.
1029
1027
  # The value of this header is a base64-encoded UTF-8 string holding JSON
@@ -1034,14 +1032,14 @@ module Aws::S3
1034
1032
  # Setting this header to `true` causes Amazon S3 to use an S3 Bucket Key
1035
1033
  # for object encryption with SSE-KMS.
1036
1034
  #
1037
- # Specifying this header with a PUT operation doesn’t affect
1038
- # bucket-level settings for S3 Bucket Key.
1035
+ # Specifying this header with a PUT action doesn’t affect bucket-level
1036
+ # settings for S3 Bucket Key.
1039
1037
  # @option options [String] :request_payer
1040
1038
  # Confirms that the requester knows that they will be charged for the
1041
1039
  # request. Bucket owners need not specify this parameter in their
1042
1040
  # requests. For information about downloading objects from requester
1043
1041
  # pays buckets, see [Downloading Objects in Requestor Pays Buckets][1]
1044
- # in the *Amazon S3 Developer Guide*.
1042
+ # in the *Amazon S3 User Guide*.
1045
1043
  #
1046
1044
  #
1047
1045
  #
@@ -1053,6 +1051,7 @@ module Aws::S3
1053
1051
  # The Object Lock mode that you want to apply to this object.
1054
1052
  # @option options [Time,DateTime,Date,Integer,String] :object_lock_retain_until_date
1055
1053
  # The date and time when you want this object's Object Lock to expire.
1054
+ # Must be formatted as a timestamp parameter.
1056
1055
  # @option options [String] :object_lock_legal_hold_status
1057
1056
  # Specifies whether a legal hold will be applied to this object. For
1058
1057
  # more information about S3 Object Lock, see [Object Lock][1].
@@ -1061,7 +1060,7 @@ module Aws::S3
1061
1060
  #
1062
1061
  # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock.html
1063
1062
  # @option options [String] :expected_bucket_owner
1064
- # The account id of the expected bucket owner. If the bucket is owned by
1063
+ # The account ID of the expected bucket owner. If the bucket is owned by
1065
1064
  # a different account, the request will fail with an HTTP `403 (Access
1066
1065
  # Denied)` error.
1067
1066
  # @return [Types::PutObjectOutput]
@@ -1172,13 +1171,13 @@ module Aws::S3
1172
1171
  # request. Bucket owners need not specify this parameter in their
1173
1172
  # requests. For information about downloading objects from requester
1174
1173
  # pays buckets, see [Downloading Objects in Requestor Pays Buckets][1]
1175
- # in the *Amazon S3 Developer Guide*.
1174
+ # in the *Amazon S3 User Guide*.
1176
1175
  #
1177
1176
  #
1178
1177
  #
1179
1178
  # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html
1180
1179
  # @option options [String] :expected_bucket_owner
1181
- # The account id of the expected bucket owner. If the bucket is owned by
1180
+ # The account ID of the expected bucket owner. If the bucket is owned by
1182
1181
  # a different account, the request will fail with an HTTP `403 (Access
1183
1182
  # Denied)` error.
1184
1183
  # @return [Types::RestoreObjectOutput]
@@ -1325,7 +1324,7 @@ module Aws::S3
1325
1324
  # request. Bucket owners need not specify this parameter in their
1326
1325
  # requests. For information about downloading objects from requester
1327
1326
  # pays buckets, see [Downloading Objects in Requestor Pays Buckets][1]
1328
- # in the *Amazon S3 Developer Guide*.
1327
+ # in the *Amazon S3 User Guide*.
1329
1328
  #
1330
1329
  #
1331
1330
  #
@@ -1335,7 +1334,7 @@ module Aws::S3
1335
1334
  # Governance-type Object Lock in place. You must have sufficient
1336
1335
  # permissions to perform this operation.
1337
1336
  # @option options [String] :expected_bucket_owner
1338
- # The account id of the expected bucket owner. If the bucket is owned by
1337
+ # The account ID of the expected bucket owner. If the bucket is owned by
1339
1338
  # a different account, the request will fail with an HTTP `403 (Access
1340
1339
  # Denied)` error.
1341
1340
  # @return [void]
@@ -3,7 +3,7 @@
3
3
  # WARNING ABOUT GENERATED CODE
4
4
  #
5
5
  # This file is generated. See the contributing guide for more information:
6
- # https://github.com/aws/aws-sdk-ruby/blob/master/CONTRIBUTING.md
6
+ # https://github.com/aws/aws-sdk-ruby/blob/version-3/CONTRIBUTING.md
7
7
  #
8
8
  # WARNING ABOUT GENERATED CODE
9
9
 
@@ -247,7 +247,7 @@ module Aws::S3
247
247
  # request. Bucket owners need not specify this parameter in their
248
248
  # requests. For information about downloading objects from requester
249
249
  # pays buckets, see [Downloading Objects in Requestor Pays Buckets][1]
250
- # in the *Amazon S3 Developer Guide*.
250
+ # in the *Amazon S3 User Guide*.
251
251
  #
252
252
  #
253
253
  #
@@ -256,7 +256,7 @@ module Aws::S3
256
256
  # Indicates whether S3 Object Lock should bypass Governance-mode
257
257
  # restrictions to process this operation.
258
258
  # @option options [String] :expected_bucket_owner
259
- # The account id of the expected bucket owner. If the bucket is owned by
259
+ # The account ID of the expected bucket owner. If the bucket is owned by
260
260
  # a different account, the request will fail with an HTTP `403 (Access
261
261
  # Denied)` error.
262
262
  # @return [Types::DeleteObjectOutput]
@@ -330,13 +330,13 @@ module Aws::S3
330
330
  # @option options [Time,DateTime,Date,Integer,String] :response_expires
331
331
  # Sets the `Expires` header of the response.
332
332
  # @option options [String] :sse_customer_algorithm
333
- # Specifies the algorithm to use to when encrypting the object (for
333
+ # Specifies the algorithm to use to when decrypting the object (for
334
334
  # example, AES256).
335
335
  # @option options [String] :sse_customer_key
336
- # Specifies the customer-provided encryption key for Amazon S3 to use in
337
- # encrypting data. This value is used to store the object and then it is
338
- # discarded; Amazon S3 does not store the encryption key. The key must
339
- # be appropriate for use with the algorithm specified in the
336
+ # Specifies the customer-provided encryption key for Amazon S3 used to
337
+ # encrypt the data. This value is used to decrypt the object when
338
+ # recovering it and must match the one used when storing the data. The
339
+ # key must be appropriate for use with the algorithm specified in the
340
340
  # `x-amz-server-side-encryption-customer-algorithm` header.
341
341
  # @option options [String] :sse_customer_key_md5
342
342
  # Specifies the 128-bit MD5 digest of the encryption key according to
@@ -347,7 +347,7 @@ module Aws::S3
347
347
  # request. Bucket owners need not specify this parameter in their
348
348
  # requests. For information about downloading objects from requester
349
349
  # pays buckets, see [Downloading Objects in Requestor Pays Buckets][1]
350
- # in the *Amazon S3 Developer Guide*.
350
+ # in the *Amazon S3 User Guide*.
351
351
  #
352
352
  #
353
353
  #
@@ -358,7 +358,7 @@ module Aws::S3
358
358
  # for the part specified. Useful for downloading just a part of an
359
359
  # object.
360
360
  # @option options [String] :expected_bucket_owner
361
- # The account id of the expected bucket owner. If the bucket is owned by
361
+ # The account ID of the expected bucket owner. If the bucket is owned by
362
362
  # a different account, the request will fail with an HTTP `403 (Access
363
363
  # Denied)` error.
364
364
  # @return [Types::GetObjectOutput]
@@ -431,7 +431,7 @@ module Aws::S3
431
431
  # request. Bucket owners need not specify this parameter in their
432
432
  # requests. For information about downloading objects from requester
433
433
  # pays buckets, see [Downloading Objects in Requestor Pays Buckets][1]
434
- # in the *Amazon S3 Developer Guide*.
434
+ # in the *Amazon S3 User Guide*.
435
435
  #
436
436
  #
437
437
  #
@@ -442,7 +442,7 @@ module Aws::S3
442
442
  # for the part specified. Useful querying about the size of the part and
443
443
  # the number of parts in this object.
444
444
  # @option options [String] :expected_bucket_owner
445
- # The account id of the expected bucket owner. If the bucket is owned by
445
+ # The account ID of the expected bucket owner. If the bucket is owned by
446
446
  # a different account, the request will fail with an HTTP `403 (Access
447
447
  # Denied)` error.
448
448
  # @return [Types::HeadObjectOutput]
@@ -536,7 +536,7 @@ module Aws::S3
536
536
  # request. Bucket owners need not specify this parameter in their
537
537
  # requests. For information about downloading objects from requester
538
538
  # pays buckets, see [Downloading Objects in Requestor Pays Buckets][1]
539
- # in the *Amazon S3 Developer Guide*.
539
+ # in the *Amazon S3 User Guide*.
540
540
  #
541
541
  #
542
542
  #
@@ -546,7 +546,7 @@ module Aws::S3
546
546
  # Governance-type Object Lock in place. You must have sufficient
547
547
  # permissions to perform this operation.
548
548
  # @option options [String] :expected_bucket_owner
549
- # The account id of the expected bucket owner. If the bucket is owned by
549
+ # The account ID of the expected bucket owner. If the bucket is owned by
550
550
  # a different account, the request will fail with an HTTP `403 (Access
551
551
  # Denied)` error.
552
552
  # @return [void]
@@ -29,7 +29,7 @@ each bucket. [Go here for more information](http://docs.aws.amazon.com/AmazonS3/
29
29
  OptionHandler, step: :initialize, operations: operations
30
30
  )
31
31
  handlers.add(
32
- AccelerateHandler, step: :build, priority: 0, operations: operations
32
+ AccelerateHandler, step: :build, priority: 11, operations: operations
33
33
  )
34
34
  end
35
35
 
@@ -40,8 +40,11 @@ each bucket. [Go here for more information](http://docs.aws.amazon.com/AmazonS3/
40
40
  if context.params.is_a?(Hash)
41
41
  accelerate = context.params.delete(:use_accelerate_endpoint)
42
42
  end
43
- if accelerate.nil?
44
- accelerate = context.config.use_accelerate_endpoint
43
+ accelerate = context.config.use_accelerate_endpoint if accelerate.nil?
44
+ # Raise if :endpoint and dualstack are both provided
45
+ if accelerate && !context.config.regional_endpoint
46
+ raise ArgumentError,
47
+ 'Cannot use both :use_accelerate_endpoint and :endpoint'
45
48
  end
46
49
  context[:use_accelerate_endpoint] = accelerate
47
50
  @handler.call(context)
@@ -51,7 +54,7 @@ each bucket. [Go here for more information](http://docs.aws.amazon.com/AmazonS3/
51
54
  # @api private
52
55
  class AccelerateHandler < Seahorse::Client::Handler
53
56
  def call(context)
54
- if context[:use_accelerate_endpoint]
57
+ if context.config.regional_endpoint && context[:use_accelerate_endpoint]
55
58
  dualstack = !!context[:use_dualstack_endpoint]
56
59
  use_accelerate_endpoint(context, dualstack)
57
60
  end
@@ -1,6 +1,7 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  require_relative '../arn/access_point_arn'
4
+ require_relative '../arn/object_lambda_arn'
4
5
  require_relative '../arn/outpost_access_point_arn'
5
6
 
6
7
  module Aws
@@ -22,11 +23,36 @@ be made. Set to `false` to use the client's region instead.
22
23
  resolve_s3_use_arn_region(cfg)
23
24
  end
24
25
 
26
+ # param validator is validate:50
27
+ # endpoint is build:90 (populates the URI for the first time)
28
+ # endpoint pattern is build:10
25
29
  def add_handlers(handlers, _config)
26
- handlers.add(Handler)
30
+ handlers.add(ARNHandler, step: :validate, priority: 75)
31
+ handlers.add(UrlHandler)
27
32
  end
28
33
 
29
- class Handler < Seahorse::Client::Handler
34
+ # After extracting out any ARN input, resolve a new URL with it.
35
+ class UrlHandler < Seahorse::Client::Handler
36
+ def call(context)
37
+ if context.metadata[:s3_arn]
38
+ ARN.resolve_url!(
39
+ context.http_request.endpoint,
40
+ context.metadata[:s3_arn][:arn],
41
+ context.metadata[:s3_arn][:resolved_region],
42
+ context.metadata[:s3_arn][:fips],
43
+ context.metadata[:s3_arn][:dualstack],
44
+ # if regional_endpoint is false, a custom endpoint was provided
45
+ # in this case, we want to prefix the endpoint using the ARN
46
+ !context.config.regional_endpoint
47
+ )
48
+ end
49
+ @handler.call(context)
50
+ end
51
+ end
52
+
53
+ # This plugin will extract out any ARN input and set context for other
54
+ # plugins to use without having to translate the ARN again.
55
+ class ARNHandler < Seahorse::Client::Handler
30
56
  def call(context)
31
57
  bucket_member = _bucket_member(context.operation.input.shape)
32
58
  if bucket_member && (bucket = context.params[bucket_member])
@@ -38,12 +64,19 @@ be made. Set to `false` to use the client's region instead.
38
64
  if arn
39
65
  validate_config!(context, arn)
40
66
 
41
- ARN.resolve_url!(
42
- context.http_request.endpoint,
43
- arn,
44
- resolved_region,
45
- extract_dualstack_config!(context)
46
- )
67
+ fips = false
68
+ if resolved_region.include?('fips')
69
+ fips = true
70
+ resolved_region = resolved_region.gsub('fips-', '')
71
+ .gsub('-fips', '')
72
+ end
73
+
74
+ context.metadata[:s3_arn] = {
75
+ arn: arn,
76
+ resolved_region: resolved_region,
77
+ fips: fips,
78
+ dualstack: extract_dualstack_config!(context)
79
+ }
47
80
  end
48
81
  end
49
82
  @handler.call(context)
@@ -66,28 +99,22 @@ be made. Set to `false` to use the client's region instead.
66
99
  end
67
100
 
68
101
  def validate_config!(context, arn)
69
- unless context.config.regional_endpoint
70
- raise ArgumentError,
71
- 'Cannot provide both an Access Point ARN and setting '\
72
- ':endpoint.'
73
- end
74
-
75
102
  if context.config.force_path_style
76
103
  raise ArgumentError,
77
- 'Cannot provide both an Access Point ARN and setting '\
78
- ':force_path_style to true.'
104
+ 'Cannot provide an Access Point ARN when '\
105
+ '`:force_path_style` is set to true.'
79
106
  end
80
107
 
81
108
  if context.config.use_accelerate_endpoint
82
109
  raise ArgumentError,
83
- 'Cannot provide both an Access Point ARN and setting '\
84
- ':use_accelerate_endpoint to true.'
110
+ 'Cannot provide an Access Point ARN when '\
111
+ '`:use_accelerate_endpoint` is set to true.'
85
112
  end
86
113
 
87
114
  if !arn.support_dualstack? && context[:use_dualstack_endpoint]
88
115
  raise ArgumentError,
89
- 'Cannot provide both an Outpost Access Point ARN and '\
90
- 'setting :use_dualstack_endpoint to true.'
116
+ 'Cannot provide an Outpost Access Point ARN when '\
117
+ '`:use_dualstack_endpoint` is set to true.'
91
118
  end
92
119
  end
93
120
  end
@@ -97,18 +124,10 @@ be made. Set to `false` to use the client's region instead.
97
124
  def resolve_arn!(member_value, region, use_arn_region)
98
125
  if Aws::ARNParser.arn?(member_value)
99
126
  arn = Aws::ARNParser.parse(member_value)
100
- if arn.resource.start_with?('accesspoint')
101
- s3_arn = Aws::S3::AccessPointARN.new(arn.to_h)
102
- elsif arn.resource.start_with?('outpost')
103
- s3_arn = Aws::S3::OutpostAccessPointARN.new(arn.to_h)
104
- else
105
- raise ArgumentError,
106
- 'Only Access Point and Outpost Access Point type ARNs '\
107
- 'are currently supported.'
108
- end
127
+ s3_arn = resolve_arn_type!(arn)
109
128
  s3_arn.validate_arn!
110
129
  validate_region_config!(s3_arn, region, use_arn_region)
111
- region = s3_arn.region if use_arn_region
130
+ region = s3_arn.region if use_arn_region && !region.include?('fips')
112
131
  [region, s3_arn]
113
132
  else
114
133
  [region]
@@ -116,14 +135,30 @@ be made. Set to `false` to use the client's region instead.
116
135
  end
117
136
 
118
137
  # @api private
119
- def resolve_url!(url, arn, region, dualstack = false)
120
- url.host = arn.host_url(region, dualstack)
138
+ def resolve_url!(url, arn, region, fips = false, dualstack = false, has_custom_endpoint = false)
139
+ custom_endpoint = url.host if has_custom_endpoint
140
+ url.host = arn.host_url(region, fips, dualstack, custom_endpoint)
121
141
  url.path = url_path(url.path, arn)
122
142
  url
123
143
  end
124
144
 
125
145
  private
126
146
 
147
+ def resolve_arn_type!(arn)
148
+ case arn.service
149
+ when 's3'
150
+ Aws::S3::AccessPointARN.new(arn.to_h)
151
+ when 's3-outposts'
152
+ Aws::S3::OutpostAccessPointARN.new(arn.to_h)
153
+ when 's3-object-lambda'
154
+ Aws::S3::ObjectLambdaARN.new(arn.to_h)
155
+ else
156
+ raise ArgumentError,
157
+ 'Only Access Point, Outposts, and Object Lambdas ARNs '\
158
+ 'are currently supported.'
159
+ end
160
+ end
161
+
127
162
  def resolve_s3_use_arn_region(cfg)
128
163
  value = ENV['AWS_S3_USE_ARN_REGION'] ||
129
164
  Aws.shared_config.s3_use_arn_region(profile: cfg.profile) ||
@@ -132,15 +167,14 @@ be made. Set to `false` to use the client's region instead.
132
167
  # Raise if provided value is not true or false
133
168
  if value.nil?
134
169
  raise ArgumentError,
135
- 'Must provide either `true` or `false` for '\
136
- 's3_use_arn_region profile option or for '\
137
- "ENV['AWS_S3_USE_ARN_REGION']"
170
+ 'Must provide either `true` or `false` for the '\
171
+ '`s3_use_arn_region` profile option or for '\
172
+ "ENV['AWS_S3_USE_ARN_REGION']."
138
173
  end
139
174
  value
140
175
  end
141
176
 
142
- # Remove ARN from the path since it was substituted already
143
- # This only works because accesspoints care about the URL
177
+ # Remove ARN from the path because we've already set the new host
144
178
  def url_path(path, arn)
145
179
  path = path.sub("/#{Seahorse::Util.uri_escape(arn.to_s)}", '')
146
180
  .sub("/#{arn}", '')
@@ -149,33 +183,40 @@ be made. Set to `false` to use the client's region instead.
149
183
  end
150
184
 
151
185
  def validate_region_config!(arn, region, use_arn_region)
152
- fips = arn.support_fips?
153
-
154
- # s3-external-1 is specific just to s3 and not part of partitions
155
- # aws-global is a partition region
156
- unless arn.partition == 'aws' &&
157
- (region == 's3-external-1' || region == 'aws-global')
158
- if !fips && arn.region.include?('fips')
159
- raise ArgumentError,
160
- 'FIPS region ARNs are not supported for this type of ARN.'
186
+ if ['s3-external-1', 'aws-global'].include?(region)
187
+ # These "regions" are not regional endpoints
188
+ unless use_arn_region
189
+ raise Aws::Errors::InvalidARNRegionError,
190
+ 'Configured client region is not a regional endpoint.'
161
191
  end
162
-
163
- if !fips && !use_arn_region && region.include?('fips')
164
- raise ArgumentError,
165
- 'FIPS client regions are not supported for this type of '\
166
- 'ARN without s3_use_arn_region.'
192
+ # These "regions" are in the AWS partition
193
+ # Cannot use ARN region unless it's the same partition
194
+ unless arn.partition == 'aws'
195
+ raise Aws::Errors::InvalidARNPartitionError
167
196
  end
168
-
169
- # if it's a fips region, attempt to normalize it
170
- if fips || use_arn_region
197
+ else
198
+ if region.include?('fips')
199
+ # If ARN type doesn't support FIPS but the client region is FIPS
200
+ unless arn.support_fips?
201
+ raise ArgumentError,
202
+ 'FIPS client regions are not supported for this type '\
203
+ 'of ARN.'
204
+ end
205
+
206
+ fips = true
207
+ # Normalize the region so we can compare partition and regions
171
208
  region = region.gsub('fips-', '').gsub('-fips', '')
172
209
  end
210
+
211
+ # Raise if the ARN and client regions are in different partitions
173
212
  if use_arn_region &&
174
213
  !Aws::Partitions.partition(arn.partition).region?(region)
175
214
  raise Aws::Errors::InvalidARNPartitionError
176
215
  end
177
216
 
178
- if !use_arn_region && region != arn.region
217
+ # Raise if regions mismatch
218
+ # Either when it's a fips client or not using the ARN region
219
+ if (!use_arn_region || fips) && region != arn.region
179
220
  raise Aws::Errors::InvalidARNRegionError
180
221
  end
181
222
  end