aws-sdk-s3 1.87.0 → 1.96.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +778 -0
- data/LICENSE.txt +202 -0
- data/VERSION +1 -0
- data/lib/aws-sdk-s3.rb +2 -2
- data/lib/aws-sdk-s3/arn/access_point_arn.rb +15 -8
- data/lib/aws-sdk-s3/arn/object_lambda_arn.rb +69 -0
- data/lib/aws-sdk-s3/arn/outpost_access_point_arn.rb +10 -8
- data/lib/aws-sdk-s3/bucket.rb +22 -21
- data/lib/aws-sdk-s3/bucket_acl.rb +6 -4
- data/lib/aws-sdk-s3/bucket_cors.rb +5 -5
- data/lib/aws-sdk-s3/bucket_lifecycle.rb +3 -3
- data/lib/aws-sdk-s3/bucket_lifecycle_configuration.rb +3 -3
- data/lib/aws-sdk-s3/bucket_logging.rb +3 -4
- data/lib/aws-sdk-s3/bucket_notification.rb +2 -2
- data/lib/aws-sdk-s3/bucket_policy.rb +3 -3
- data/lib/aws-sdk-s3/bucket_request_payment.rb +5 -6
- data/lib/aws-sdk-s3/bucket_tagging.rb +3 -3
- data/lib/aws-sdk-s3/bucket_versioning.rb +4 -4
- data/lib/aws-sdk-s3/bucket_website.rb +3 -3
- data/lib/aws-sdk-s3/client.rb +1368 -1015
- data/lib/aws-sdk-s3/client_api.rb +62 -1
- data/lib/aws-sdk-s3/customizations/bucket.rb +8 -3
- data/lib/aws-sdk-s3/customizations/object.rb +39 -14
- data/lib/aws-sdk-s3/encryptionV2/default_cipher_provider.rb +3 -3
- data/lib/aws-sdk-s3/errors.rb +1 -1
- data/lib/aws-sdk-s3/event_streams.rb +1 -1
- data/lib/aws-sdk-s3/file_uploader.rb +2 -2
- data/lib/aws-sdk-s3/multipart_upload.rb +7 -7
- data/lib/aws-sdk-s3/multipart_upload_part.rb +7 -7
- data/lib/aws-sdk-s3/object.rb +127 -42
- data/lib/aws-sdk-s3/object_acl.rb +7 -5
- data/lib/aws-sdk-s3/object_summary.rb +40 -41
- data/lib/aws-sdk-s3/object_version.rb +14 -14
- data/lib/aws-sdk-s3/plugins/accelerate.rb +7 -4
- data/lib/aws-sdk-s3/plugins/arn.rb +96 -55
- data/lib/aws-sdk-s3/plugins/dualstack.rb +10 -3
- data/lib/aws-sdk-s3/plugins/expect_100_continue.rb +2 -1
- data/lib/aws-sdk-s3/plugins/get_bucket_location_fix.rb +1 -1
- data/lib/aws-sdk-s3/plugins/iad_regional_endpoint.rb +11 -11
- data/lib/aws-sdk-s3/plugins/md5s.rb +1 -1
- data/lib/aws-sdk-s3/plugins/object_lambda_endpoint.rb +25 -0
- data/lib/aws-sdk-s3/plugins/s3_signer.rb +24 -26
- data/lib/aws-sdk-s3/presigner.rb +27 -30
- data/lib/aws-sdk-s3/resource.rb +5 -3
- data/lib/aws-sdk-s3/types.rb +1029 -570
- data/lib/aws-sdk-s3/waiters.rb +1 -1
- metadata +13 -9
@@ -3,7 +3,7 @@
|
|
3
3
|
# WARNING ABOUT GENERATED CODE
|
4
4
|
#
|
5
5
|
# This file is generated. See the contributing guide for more information:
|
6
|
-
# https://github.com/aws/aws-sdk-ruby/blob/
|
6
|
+
# https://github.com/aws/aws-sdk-ruby/blob/version-3/CONTRIBUTING.md
|
7
7
|
#
|
8
8
|
# WARNING ABOUT GENERATED CODE
|
9
9
|
|
@@ -267,8 +267,10 @@ module Aws::S3
|
|
267
267
|
#
|
268
268
|
# This action is not supported by Amazon S3 on Outposts.
|
269
269
|
# @option options [String] :grant_write
|
270
|
-
# Allows grantee to create
|
271
|
-
#
|
270
|
+
# Allows grantee to create new objects in the bucket.
|
271
|
+
#
|
272
|
+
# For the bucket and object owners of existing objects, also allows
|
273
|
+
# deletions and overwrites of those objects.
|
272
274
|
# @option options [String] :grant_write_acp
|
273
275
|
# Allows grantee to write the ACL for the applicable bucket.
|
274
276
|
#
|
@@ -278,7 +280,7 @@ module Aws::S3
|
|
278
280
|
# request. Bucket owners need not specify this parameter in their
|
279
281
|
# requests. For information about downloading objects from requester
|
280
282
|
# pays buckets, see [Downloading Objects in Requestor Pays Buckets][1]
|
281
|
-
# in the *Amazon S3
|
283
|
+
# in the *Amazon S3 User Guide*.
|
282
284
|
#
|
283
285
|
#
|
284
286
|
#
|
@@ -286,7 +288,7 @@ module Aws::S3
|
|
286
288
|
# @option options [String] :version_id
|
287
289
|
# VersionId used to reference a specific version of the object.
|
288
290
|
# @option options [String] :expected_bucket_owner
|
289
|
-
# The account
|
291
|
+
# The account ID of the expected bucket owner. If the bucket is owned by
|
290
292
|
# a different account, the request will fail with an HTTP `403 (Access
|
291
293
|
# Denied)` error.
|
292
294
|
# @return [Types::PutObjectAclOutput]
|
@@ -3,7 +3,7 @@
|
|
3
3
|
# WARNING ABOUT GENERATED CODE
|
4
4
|
#
|
5
5
|
# This file is generated. See the contributing guide for more information:
|
6
|
-
# https://github.com/aws/aws-sdk-ruby/blob/
|
6
|
+
# https://github.com/aws/aws-sdk-ruby/blob/version-3/CONTRIBUTING.md
|
7
7
|
#
|
8
8
|
# WARNING ABOUT GENERATED CODE
|
9
9
|
|
@@ -42,7 +42,7 @@ module Aws::S3
|
|
42
42
|
@key
|
43
43
|
end
|
44
44
|
|
45
|
-
#
|
45
|
+
# Creation date of the object.
|
46
46
|
# @return [Time]
|
47
47
|
def last_modified
|
48
48
|
data[:last_modified]
|
@@ -375,7 +375,7 @@ module Aws::S3
|
|
375
375
|
#
|
376
376
|
#
|
377
377
|
#
|
378
|
-
# [1]: https://docs.aws.amazon.com/AmazonS3/latest/
|
378
|
+
# [1]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-points.html
|
379
379
|
# @option options [String] :copy_source_if_match
|
380
380
|
# Copies the object if its entity tag (ETag) matches the specified tag.
|
381
381
|
# @option options [Time,DateTime,Date,Integer,String] :copy_source_if_modified_since
|
@@ -422,7 +422,7 @@ module Aws::S3
|
|
422
422
|
# and high availability. Depending on performance needs, you can specify
|
423
423
|
# a different Storage Class. Amazon S3 on Outposts only uses the
|
424
424
|
# OUTPOSTS Storage Class. For more information, see [Storage Classes][1]
|
425
|
-
# in the *Amazon S3
|
425
|
+
# in the *Amazon S3 User Guide*.
|
426
426
|
#
|
427
427
|
#
|
428
428
|
#
|
@@ -449,8 +449,8 @@ module Aws::S3
|
|
449
449
|
# PUT requests for an object protected by AWS KMS will fail if not made
|
450
450
|
# via SSL or using SigV4. For information about configuring using any of
|
451
451
|
# the officially supported AWS SDKs and AWS CLI, see [Specifying the
|
452
|
-
# Signature Version in Request Authentication][1] in the *Amazon S3
|
453
|
-
#
|
452
|
+
# Signature Version in Request Authentication][1] in the *Amazon S3 User
|
453
|
+
# Guide*.
|
454
454
|
#
|
455
455
|
#
|
456
456
|
#
|
@@ -465,8 +465,8 @@ module Aws::S3
|
|
465
465
|
# Setting this header to `true` causes Amazon S3 to use an S3 Bucket Key
|
466
466
|
# for object encryption with SSE-KMS.
|
467
467
|
#
|
468
|
-
# Specifying this header with a COPY
|
469
|
-
#
|
468
|
+
# Specifying this header with a COPY action doesn’t affect bucket-level
|
469
|
+
# settings for S3 Bucket Key.
|
470
470
|
# @option options [String] :copy_source_sse_customer_algorithm
|
471
471
|
# Specifies the algorithm to use when decrypting the source object (for
|
472
472
|
# example, AES256).
|
@@ -483,7 +483,7 @@ module Aws::S3
|
|
483
483
|
# request. Bucket owners need not specify this parameter in their
|
484
484
|
# requests. For information about downloading objects from requester
|
485
485
|
# pays buckets, see [Downloading Objects in Requestor Pays Buckets][1]
|
486
|
-
# in the *Amazon S3
|
486
|
+
# in the *Amazon S3 User Guide*.
|
487
487
|
#
|
488
488
|
#
|
489
489
|
#
|
@@ -500,11 +500,11 @@ module Aws::S3
|
|
500
500
|
# @option options [String] :object_lock_legal_hold_status
|
501
501
|
# Specifies whether you want to apply a Legal Hold to the copied object.
|
502
502
|
# @option options [String] :expected_bucket_owner
|
503
|
-
# The account
|
503
|
+
# The account ID of the expected destination bucket owner. If the
|
504
504
|
# destination bucket is owned by a different account, the request will
|
505
505
|
# fail with an HTTP `403 (Access Denied)` error.
|
506
506
|
# @option options [String] :expected_source_bucket_owner
|
507
|
-
# The account
|
507
|
+
# The account ID of the expected source bucket owner. If the source
|
508
508
|
# bucket is owned by a different account, the request will fail with an
|
509
509
|
# HTTP `403 (Access Denied)` error.
|
510
510
|
# @return [Types::CopyObjectOutput]
|
@@ -539,7 +539,7 @@ module Aws::S3
|
|
539
539
|
# request. Bucket owners need not specify this parameter in their
|
540
540
|
# requests. For information about downloading objects from requester
|
541
541
|
# pays buckets, see [Downloading Objects in Requestor Pays Buckets][1]
|
542
|
-
# in the *Amazon S3
|
542
|
+
# in the *Amazon S3 User Guide*.
|
543
543
|
#
|
544
544
|
#
|
545
545
|
#
|
@@ -548,7 +548,7 @@ module Aws::S3
|
|
548
548
|
# Indicates whether S3 Object Lock should bypass Governance-mode
|
549
549
|
# restrictions to process this operation.
|
550
550
|
# @option options [String] :expected_bucket_owner
|
551
|
-
# The account
|
551
|
+
# The account ID of the expected bucket owner. If the bucket is owned by
|
552
552
|
# a different account, the request will fail with an HTTP `403 (Access
|
553
553
|
# Denied)` error.
|
554
554
|
# @return [Types::DeleteObjectOutput]
|
@@ -624,13 +624,13 @@ module Aws::S3
|
|
624
624
|
# @option options [String] :version_id
|
625
625
|
# VersionId used to reference a specific version of the object.
|
626
626
|
# @option options [String] :sse_customer_algorithm
|
627
|
-
# Specifies the algorithm to use to when
|
627
|
+
# Specifies the algorithm to use to when decrypting the object (for
|
628
628
|
# example, AES256).
|
629
629
|
# @option options [String] :sse_customer_key
|
630
|
-
# Specifies the customer-provided encryption key for Amazon S3 to
|
631
|
-
#
|
632
|
-
#
|
633
|
-
# be appropriate for use with the algorithm specified in the
|
630
|
+
# Specifies the customer-provided encryption key for Amazon S3 used to
|
631
|
+
# encrypt the data. This value is used to decrypt the object when
|
632
|
+
# recovering it and must match the one used when storing the data. The
|
633
|
+
# key must be appropriate for use with the algorithm specified in the
|
634
634
|
# `x-amz-server-side-encryption-customer-algorithm` header.
|
635
635
|
# @option options [String] :sse_customer_key_md5
|
636
636
|
# Specifies the 128-bit MD5 digest of the encryption key according to
|
@@ -641,7 +641,7 @@ module Aws::S3
|
|
641
641
|
# request. Bucket owners need not specify this parameter in their
|
642
642
|
# requests. For information about downloading objects from requester
|
643
643
|
# pays buckets, see [Downloading Objects in Requestor Pays Buckets][1]
|
644
|
-
# in the *Amazon S3
|
644
|
+
# in the *Amazon S3 User Guide*.
|
645
645
|
#
|
646
646
|
#
|
647
647
|
#
|
@@ -652,7 +652,7 @@ module Aws::S3
|
|
652
652
|
# for the part specified. Useful for downloading just a part of an
|
653
653
|
# object.
|
654
654
|
# @option options [String] :expected_bucket_owner
|
655
|
-
# The account
|
655
|
+
# The account ID of the expected bucket owner. If the bucket is owned by
|
656
656
|
# a different account, the request will fail with an HTTP `403 (Access
|
657
657
|
# Denied)` error.
|
658
658
|
# @return [Types::GetObjectOutput]
|
@@ -745,7 +745,7 @@ module Aws::S3
|
|
745
745
|
# and high availability. Depending on performance needs, you can specify
|
746
746
|
# a different Storage Class. Amazon S3 on Outposts only uses the
|
747
747
|
# OUTPOSTS Storage Class. For more information, see [Storage Classes][1]
|
748
|
-
# in the *Amazon S3
|
748
|
+
# in the *Amazon S3 User Guide*.
|
749
749
|
#
|
750
750
|
#
|
751
751
|
#
|
@@ -773,11 +773,11 @@ module Aws::S3
|
|
773
773
|
# protected by AWS KMS will fail if not made via SSL or using SigV4. For
|
774
774
|
# information about configuring using any of the officially supported
|
775
775
|
# AWS SDKs and AWS CLI, see [Specifying the Signature Version in Request
|
776
|
-
# Authentication][1] in the *Amazon S3
|
776
|
+
# Authentication][1] in the *Amazon S3 User Guide*.
|
777
777
|
#
|
778
778
|
#
|
779
779
|
#
|
780
|
-
# [1]: https://docs.aws.amazon.com/
|
780
|
+
# [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingAWSSDK.html#specify-signature-version
|
781
781
|
# @option options [String] :ssekms_encryption_context
|
782
782
|
# Specifies the AWS KMS Encryption Context to use for object encryption.
|
783
783
|
# The value of this header is a base64-encoded UTF-8 string holding JSON
|
@@ -788,14 +788,14 @@ module Aws::S3
|
|
788
788
|
# Setting this header to `true` causes Amazon S3 to use an S3 Bucket Key
|
789
789
|
# for object encryption with SSE-KMS.
|
790
790
|
#
|
791
|
-
# Specifying this header with an object
|
791
|
+
# Specifying this header with an object action doesn’t affect
|
792
792
|
# bucket-level settings for S3 Bucket Key.
|
793
793
|
# @option options [String] :request_payer
|
794
794
|
# Confirms that the requester knows that they will be charged for the
|
795
795
|
# request. Bucket owners need not specify this parameter in their
|
796
796
|
# requests. For information about downloading objects from requester
|
797
797
|
# pays buckets, see [Downloading Objects in Requestor Pays Buckets][1]
|
798
|
-
# in the *Amazon S3
|
798
|
+
# in the *Amazon S3 User Guide*.
|
799
799
|
#
|
800
800
|
#
|
801
801
|
#
|
@@ -812,7 +812,7 @@ module Aws::S3
|
|
812
812
|
# Specifies whether you want to apply a Legal Hold to the uploaded
|
813
813
|
# object.
|
814
814
|
# @option options [String] :expected_bucket_owner
|
815
|
-
# The account
|
815
|
+
# The account ID of the expected bucket owner. If the bucket is owned by
|
816
816
|
# a different account, the request will fail with an HTTP `403 (Access
|
817
817
|
# Denied)` error.
|
818
818
|
# @return [MultipartUpload]
|
@@ -969,7 +969,7 @@ module Aws::S3
|
|
969
969
|
# and high availability. Depending on performance needs, you can specify
|
970
970
|
# a different Storage Class. Amazon S3 on Outposts only uses the
|
971
971
|
# OUTPOSTS Storage Class. For more information, see [Storage Classes][1]
|
972
|
-
# in the *Amazon S3
|
972
|
+
# in the *Amazon S3 User Guide*.
|
973
973
|
#
|
974
974
|
#
|
975
975
|
#
|
@@ -1016,14 +1016,12 @@ module Aws::S3
|
|
1016
1016
|
# If `x-amz-server-side-encryption` is present and has the value of
|
1017
1017
|
# `aws:kms`, this header specifies the ID of the AWS Key Management
|
1018
1018
|
# Service (AWS KMS) symmetrical customer managed customer master key
|
1019
|
-
# (CMK) that was used for the object.
|
1020
|
-
#
|
1021
|
-
# If the value of `x-amz-server-side-encryption` is `aws:kms`, this
|
1022
|
-
# header specifies the ID of the symmetric customer managed AWS KMS CMK
|
1023
|
-
# that will be used for the object. If you specify
|
1019
|
+
# (CMK) that was used for the object. If you specify
|
1024
1020
|
# `x-amz-server-side-encryption:aws:kms`, but do not provide`
|
1025
1021
|
# x-amz-server-side-encryption-aws-kms-key-id`, Amazon S3 uses the AWS
|
1026
|
-
# managed CMK in AWS to protect the data.
|
1022
|
+
# managed CMK in AWS to protect the data. If the KMS key does not exist
|
1023
|
+
# in the same account issuing the command, you must use the full ARN and
|
1024
|
+
# not just the ID.
|
1027
1025
|
# @option options [String] :ssekms_encryption_context
|
1028
1026
|
# Specifies the AWS KMS Encryption Context to use for object encryption.
|
1029
1027
|
# The value of this header is a base64-encoded UTF-8 string holding JSON
|
@@ -1034,14 +1032,14 @@ module Aws::S3
|
|
1034
1032
|
# Setting this header to `true` causes Amazon S3 to use an S3 Bucket Key
|
1035
1033
|
# for object encryption with SSE-KMS.
|
1036
1034
|
#
|
1037
|
-
# Specifying this header with a PUT
|
1038
|
-
#
|
1035
|
+
# Specifying this header with a PUT action doesn’t affect bucket-level
|
1036
|
+
# settings for S3 Bucket Key.
|
1039
1037
|
# @option options [String] :request_payer
|
1040
1038
|
# Confirms that the requester knows that they will be charged for the
|
1041
1039
|
# request. Bucket owners need not specify this parameter in their
|
1042
1040
|
# requests. For information about downloading objects from requester
|
1043
1041
|
# pays buckets, see [Downloading Objects in Requestor Pays Buckets][1]
|
1044
|
-
# in the *Amazon S3
|
1042
|
+
# in the *Amazon S3 User Guide*.
|
1045
1043
|
#
|
1046
1044
|
#
|
1047
1045
|
#
|
@@ -1053,6 +1051,7 @@ module Aws::S3
|
|
1053
1051
|
# The Object Lock mode that you want to apply to this object.
|
1054
1052
|
# @option options [Time,DateTime,Date,Integer,String] :object_lock_retain_until_date
|
1055
1053
|
# The date and time when you want this object's Object Lock to expire.
|
1054
|
+
# Must be formatted as a timestamp parameter.
|
1056
1055
|
# @option options [String] :object_lock_legal_hold_status
|
1057
1056
|
# Specifies whether a legal hold will be applied to this object. For
|
1058
1057
|
# more information about S3 Object Lock, see [Object Lock][1].
|
@@ -1061,7 +1060,7 @@ module Aws::S3
|
|
1061
1060
|
#
|
1062
1061
|
# [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lock.html
|
1063
1062
|
# @option options [String] :expected_bucket_owner
|
1064
|
-
# The account
|
1063
|
+
# The account ID of the expected bucket owner. If the bucket is owned by
|
1065
1064
|
# a different account, the request will fail with an HTTP `403 (Access
|
1066
1065
|
# Denied)` error.
|
1067
1066
|
# @return [Types::PutObjectOutput]
|
@@ -1172,13 +1171,13 @@ module Aws::S3
|
|
1172
1171
|
# request. Bucket owners need not specify this parameter in their
|
1173
1172
|
# requests. For information about downloading objects from requester
|
1174
1173
|
# pays buckets, see [Downloading Objects in Requestor Pays Buckets][1]
|
1175
|
-
# in the *Amazon S3
|
1174
|
+
# in the *Amazon S3 User Guide*.
|
1176
1175
|
#
|
1177
1176
|
#
|
1178
1177
|
#
|
1179
1178
|
# [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html
|
1180
1179
|
# @option options [String] :expected_bucket_owner
|
1181
|
-
# The account
|
1180
|
+
# The account ID of the expected bucket owner. If the bucket is owned by
|
1182
1181
|
# a different account, the request will fail with an HTTP `403 (Access
|
1183
1182
|
# Denied)` error.
|
1184
1183
|
# @return [Types::RestoreObjectOutput]
|
@@ -1325,7 +1324,7 @@ module Aws::S3
|
|
1325
1324
|
# request. Bucket owners need not specify this parameter in their
|
1326
1325
|
# requests. For information about downloading objects from requester
|
1327
1326
|
# pays buckets, see [Downloading Objects in Requestor Pays Buckets][1]
|
1328
|
-
# in the *Amazon S3
|
1327
|
+
# in the *Amazon S3 User Guide*.
|
1329
1328
|
#
|
1330
1329
|
#
|
1331
1330
|
#
|
@@ -1335,7 +1334,7 @@ module Aws::S3
|
|
1335
1334
|
# Governance-type Object Lock in place. You must have sufficient
|
1336
1335
|
# permissions to perform this operation.
|
1337
1336
|
# @option options [String] :expected_bucket_owner
|
1338
|
-
# The account
|
1337
|
+
# The account ID of the expected bucket owner. If the bucket is owned by
|
1339
1338
|
# a different account, the request will fail with an HTTP `403 (Access
|
1340
1339
|
# Denied)` error.
|
1341
1340
|
# @return [void]
|
@@ -3,7 +3,7 @@
|
|
3
3
|
# WARNING ABOUT GENERATED CODE
|
4
4
|
#
|
5
5
|
# This file is generated. See the contributing guide for more information:
|
6
|
-
# https://github.com/aws/aws-sdk-ruby/blob/
|
6
|
+
# https://github.com/aws/aws-sdk-ruby/blob/version-3/CONTRIBUTING.md
|
7
7
|
#
|
8
8
|
# WARNING ABOUT GENERATED CODE
|
9
9
|
|
@@ -247,7 +247,7 @@ module Aws::S3
|
|
247
247
|
# request. Bucket owners need not specify this parameter in their
|
248
248
|
# requests. For information about downloading objects from requester
|
249
249
|
# pays buckets, see [Downloading Objects in Requestor Pays Buckets][1]
|
250
|
-
# in the *Amazon S3
|
250
|
+
# in the *Amazon S3 User Guide*.
|
251
251
|
#
|
252
252
|
#
|
253
253
|
#
|
@@ -256,7 +256,7 @@ module Aws::S3
|
|
256
256
|
# Indicates whether S3 Object Lock should bypass Governance-mode
|
257
257
|
# restrictions to process this operation.
|
258
258
|
# @option options [String] :expected_bucket_owner
|
259
|
-
# The account
|
259
|
+
# The account ID of the expected bucket owner. If the bucket is owned by
|
260
260
|
# a different account, the request will fail with an HTTP `403 (Access
|
261
261
|
# Denied)` error.
|
262
262
|
# @return [Types::DeleteObjectOutput]
|
@@ -330,13 +330,13 @@ module Aws::S3
|
|
330
330
|
# @option options [Time,DateTime,Date,Integer,String] :response_expires
|
331
331
|
# Sets the `Expires` header of the response.
|
332
332
|
# @option options [String] :sse_customer_algorithm
|
333
|
-
# Specifies the algorithm to use to when
|
333
|
+
# Specifies the algorithm to use to when decrypting the object (for
|
334
334
|
# example, AES256).
|
335
335
|
# @option options [String] :sse_customer_key
|
336
|
-
# Specifies the customer-provided encryption key for Amazon S3 to
|
337
|
-
#
|
338
|
-
#
|
339
|
-
# be appropriate for use with the algorithm specified in the
|
336
|
+
# Specifies the customer-provided encryption key for Amazon S3 used to
|
337
|
+
# encrypt the data. This value is used to decrypt the object when
|
338
|
+
# recovering it and must match the one used when storing the data. The
|
339
|
+
# key must be appropriate for use with the algorithm specified in the
|
340
340
|
# `x-amz-server-side-encryption-customer-algorithm` header.
|
341
341
|
# @option options [String] :sse_customer_key_md5
|
342
342
|
# Specifies the 128-bit MD5 digest of the encryption key according to
|
@@ -347,7 +347,7 @@ module Aws::S3
|
|
347
347
|
# request. Bucket owners need not specify this parameter in their
|
348
348
|
# requests. For information about downloading objects from requester
|
349
349
|
# pays buckets, see [Downloading Objects in Requestor Pays Buckets][1]
|
350
|
-
# in the *Amazon S3
|
350
|
+
# in the *Amazon S3 User Guide*.
|
351
351
|
#
|
352
352
|
#
|
353
353
|
#
|
@@ -358,7 +358,7 @@ module Aws::S3
|
|
358
358
|
# for the part specified. Useful for downloading just a part of an
|
359
359
|
# object.
|
360
360
|
# @option options [String] :expected_bucket_owner
|
361
|
-
# The account
|
361
|
+
# The account ID of the expected bucket owner. If the bucket is owned by
|
362
362
|
# a different account, the request will fail with an HTTP `403 (Access
|
363
363
|
# Denied)` error.
|
364
364
|
# @return [Types::GetObjectOutput]
|
@@ -431,7 +431,7 @@ module Aws::S3
|
|
431
431
|
# request. Bucket owners need not specify this parameter in their
|
432
432
|
# requests. For information about downloading objects from requester
|
433
433
|
# pays buckets, see [Downloading Objects in Requestor Pays Buckets][1]
|
434
|
-
# in the *Amazon S3
|
434
|
+
# in the *Amazon S3 User Guide*.
|
435
435
|
#
|
436
436
|
#
|
437
437
|
#
|
@@ -442,7 +442,7 @@ module Aws::S3
|
|
442
442
|
# for the part specified. Useful querying about the size of the part and
|
443
443
|
# the number of parts in this object.
|
444
444
|
# @option options [String] :expected_bucket_owner
|
445
|
-
# The account
|
445
|
+
# The account ID of the expected bucket owner. If the bucket is owned by
|
446
446
|
# a different account, the request will fail with an HTTP `403 (Access
|
447
447
|
# Denied)` error.
|
448
448
|
# @return [Types::HeadObjectOutput]
|
@@ -536,7 +536,7 @@ module Aws::S3
|
|
536
536
|
# request. Bucket owners need not specify this parameter in their
|
537
537
|
# requests. For information about downloading objects from requester
|
538
538
|
# pays buckets, see [Downloading Objects in Requestor Pays Buckets][1]
|
539
|
-
# in the *Amazon S3
|
539
|
+
# in the *Amazon S3 User Guide*.
|
540
540
|
#
|
541
541
|
#
|
542
542
|
#
|
@@ -546,7 +546,7 @@ module Aws::S3
|
|
546
546
|
# Governance-type Object Lock in place. You must have sufficient
|
547
547
|
# permissions to perform this operation.
|
548
548
|
# @option options [String] :expected_bucket_owner
|
549
|
-
# The account
|
549
|
+
# The account ID of the expected bucket owner. If the bucket is owned by
|
550
550
|
# a different account, the request will fail with an HTTP `403 (Access
|
551
551
|
# Denied)` error.
|
552
552
|
# @return [void]
|
@@ -29,7 +29,7 @@ each bucket. [Go here for more information](http://docs.aws.amazon.com/AmazonS3/
|
|
29
29
|
OptionHandler, step: :initialize, operations: operations
|
30
30
|
)
|
31
31
|
handlers.add(
|
32
|
-
AccelerateHandler, step: :build, priority:
|
32
|
+
AccelerateHandler, step: :build, priority: 11, operations: operations
|
33
33
|
)
|
34
34
|
end
|
35
35
|
|
@@ -40,8 +40,11 @@ each bucket. [Go here for more information](http://docs.aws.amazon.com/AmazonS3/
|
|
40
40
|
if context.params.is_a?(Hash)
|
41
41
|
accelerate = context.params.delete(:use_accelerate_endpoint)
|
42
42
|
end
|
43
|
-
if accelerate.nil?
|
44
|
-
|
43
|
+
accelerate = context.config.use_accelerate_endpoint if accelerate.nil?
|
44
|
+
# Raise if :endpoint and dualstack are both provided
|
45
|
+
if accelerate && !context.config.regional_endpoint
|
46
|
+
raise ArgumentError,
|
47
|
+
'Cannot use both :use_accelerate_endpoint and :endpoint'
|
45
48
|
end
|
46
49
|
context[:use_accelerate_endpoint] = accelerate
|
47
50
|
@handler.call(context)
|
@@ -51,7 +54,7 @@ each bucket. [Go here for more information](http://docs.aws.amazon.com/AmazonS3/
|
|
51
54
|
# @api private
|
52
55
|
class AccelerateHandler < Seahorse::Client::Handler
|
53
56
|
def call(context)
|
54
|
-
if context[:use_accelerate_endpoint]
|
57
|
+
if context.config.regional_endpoint && context[:use_accelerate_endpoint]
|
55
58
|
dualstack = !!context[:use_dualstack_endpoint]
|
56
59
|
use_accelerate_endpoint(context, dualstack)
|
57
60
|
end
|
@@ -1,6 +1,7 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
3
|
require_relative '../arn/access_point_arn'
|
4
|
+
require_relative '../arn/object_lambda_arn'
|
4
5
|
require_relative '../arn/outpost_access_point_arn'
|
5
6
|
|
6
7
|
module Aws
|
@@ -22,11 +23,36 @@ be made. Set to `false` to use the client's region instead.
|
|
22
23
|
resolve_s3_use_arn_region(cfg)
|
23
24
|
end
|
24
25
|
|
26
|
+
# param validator is validate:50
|
27
|
+
# endpoint is build:90 (populates the URI for the first time)
|
28
|
+
# endpoint pattern is build:10
|
25
29
|
def add_handlers(handlers, _config)
|
26
|
-
handlers.add(
|
30
|
+
handlers.add(ARNHandler, step: :validate, priority: 75)
|
31
|
+
handlers.add(UrlHandler)
|
27
32
|
end
|
28
33
|
|
29
|
-
|
34
|
+
# After extracting out any ARN input, resolve a new URL with it.
|
35
|
+
class UrlHandler < Seahorse::Client::Handler
|
36
|
+
def call(context)
|
37
|
+
if context.metadata[:s3_arn]
|
38
|
+
ARN.resolve_url!(
|
39
|
+
context.http_request.endpoint,
|
40
|
+
context.metadata[:s3_arn][:arn],
|
41
|
+
context.metadata[:s3_arn][:resolved_region],
|
42
|
+
context.metadata[:s3_arn][:fips],
|
43
|
+
context.metadata[:s3_arn][:dualstack],
|
44
|
+
# if regional_endpoint is false, a custom endpoint was provided
|
45
|
+
# in this case, we want to prefix the endpoint using the ARN
|
46
|
+
!context.config.regional_endpoint
|
47
|
+
)
|
48
|
+
end
|
49
|
+
@handler.call(context)
|
50
|
+
end
|
51
|
+
end
|
52
|
+
|
53
|
+
# This plugin will extract out any ARN input and set context for other
|
54
|
+
# plugins to use without having to translate the ARN again.
|
55
|
+
class ARNHandler < Seahorse::Client::Handler
|
30
56
|
def call(context)
|
31
57
|
bucket_member = _bucket_member(context.operation.input.shape)
|
32
58
|
if bucket_member && (bucket = context.params[bucket_member])
|
@@ -38,12 +64,19 @@ be made. Set to `false` to use the client's region instead.
|
|
38
64
|
if arn
|
39
65
|
validate_config!(context, arn)
|
40
66
|
|
41
|
-
|
42
|
-
|
43
|
-
|
44
|
-
resolved_region,
|
45
|
-
|
46
|
-
|
67
|
+
fips = false
|
68
|
+
if resolved_region.include?('fips')
|
69
|
+
fips = true
|
70
|
+
resolved_region = resolved_region.gsub('fips-', '')
|
71
|
+
.gsub('-fips', '')
|
72
|
+
end
|
73
|
+
|
74
|
+
context.metadata[:s3_arn] = {
|
75
|
+
arn: arn,
|
76
|
+
resolved_region: resolved_region,
|
77
|
+
fips: fips,
|
78
|
+
dualstack: extract_dualstack_config!(context)
|
79
|
+
}
|
47
80
|
end
|
48
81
|
end
|
49
82
|
@handler.call(context)
|
@@ -66,28 +99,22 @@ be made. Set to `false` to use the client's region instead.
|
|
66
99
|
end
|
67
100
|
|
68
101
|
def validate_config!(context, arn)
|
69
|
-
unless context.config.regional_endpoint
|
70
|
-
raise ArgumentError,
|
71
|
-
'Cannot provide both an Access Point ARN and setting '\
|
72
|
-
':endpoint.'
|
73
|
-
end
|
74
|
-
|
75
102
|
if context.config.force_path_style
|
76
103
|
raise ArgumentError,
|
77
|
-
'Cannot provide
|
78
|
-
'
|
104
|
+
'Cannot provide an Access Point ARN when '\
|
105
|
+
'`:force_path_style` is set to true.'
|
79
106
|
end
|
80
107
|
|
81
108
|
if context.config.use_accelerate_endpoint
|
82
109
|
raise ArgumentError,
|
83
|
-
'Cannot provide
|
84
|
-
'
|
110
|
+
'Cannot provide an Access Point ARN when '\
|
111
|
+
'`:use_accelerate_endpoint` is set to true.'
|
85
112
|
end
|
86
113
|
|
87
114
|
if !arn.support_dualstack? && context[:use_dualstack_endpoint]
|
88
115
|
raise ArgumentError,
|
89
|
-
'Cannot provide
|
90
|
-
'
|
116
|
+
'Cannot provide an Outpost Access Point ARN when '\
|
117
|
+
'`:use_dualstack_endpoint` is set to true.'
|
91
118
|
end
|
92
119
|
end
|
93
120
|
end
|
@@ -97,18 +124,10 @@ be made. Set to `false` to use the client's region instead.
|
|
97
124
|
def resolve_arn!(member_value, region, use_arn_region)
|
98
125
|
if Aws::ARNParser.arn?(member_value)
|
99
126
|
arn = Aws::ARNParser.parse(member_value)
|
100
|
-
|
101
|
-
s3_arn = Aws::S3::AccessPointARN.new(arn.to_h)
|
102
|
-
elsif arn.resource.start_with?('outpost')
|
103
|
-
s3_arn = Aws::S3::OutpostAccessPointARN.new(arn.to_h)
|
104
|
-
else
|
105
|
-
raise ArgumentError,
|
106
|
-
'Only Access Point and Outpost Access Point type ARNs '\
|
107
|
-
'are currently supported.'
|
108
|
-
end
|
127
|
+
s3_arn = resolve_arn_type!(arn)
|
109
128
|
s3_arn.validate_arn!
|
110
129
|
validate_region_config!(s3_arn, region, use_arn_region)
|
111
|
-
region = s3_arn.region if use_arn_region
|
130
|
+
region = s3_arn.region if use_arn_region && !region.include?('fips')
|
112
131
|
[region, s3_arn]
|
113
132
|
else
|
114
133
|
[region]
|
@@ -116,14 +135,30 @@ be made. Set to `false` to use the client's region instead.
|
|
116
135
|
end
|
117
136
|
|
118
137
|
# @api private
|
119
|
-
def resolve_url!(url, arn, region, dualstack = false)
|
120
|
-
url.host
|
138
|
+
def resolve_url!(url, arn, region, fips = false, dualstack = false, has_custom_endpoint = false)
|
139
|
+
custom_endpoint = url.host if has_custom_endpoint
|
140
|
+
url.host = arn.host_url(region, fips, dualstack, custom_endpoint)
|
121
141
|
url.path = url_path(url.path, arn)
|
122
142
|
url
|
123
143
|
end
|
124
144
|
|
125
145
|
private
|
126
146
|
|
147
|
+
def resolve_arn_type!(arn)
|
148
|
+
case arn.service
|
149
|
+
when 's3'
|
150
|
+
Aws::S3::AccessPointARN.new(arn.to_h)
|
151
|
+
when 's3-outposts'
|
152
|
+
Aws::S3::OutpostAccessPointARN.new(arn.to_h)
|
153
|
+
when 's3-object-lambda'
|
154
|
+
Aws::S3::ObjectLambdaARN.new(arn.to_h)
|
155
|
+
else
|
156
|
+
raise ArgumentError,
|
157
|
+
'Only Access Point, Outposts, and Object Lambdas ARNs '\
|
158
|
+
'are currently supported.'
|
159
|
+
end
|
160
|
+
end
|
161
|
+
|
127
162
|
def resolve_s3_use_arn_region(cfg)
|
128
163
|
value = ENV['AWS_S3_USE_ARN_REGION'] ||
|
129
164
|
Aws.shared_config.s3_use_arn_region(profile: cfg.profile) ||
|
@@ -132,15 +167,14 @@ be made. Set to `false` to use the client's region instead.
|
|
132
167
|
# Raise if provided value is not true or false
|
133
168
|
if value.nil?
|
134
169
|
raise ArgumentError,
|
135
|
-
'Must provide either `true` or `false` for '\
|
136
|
-
's3_use_arn_region profile option or for '\
|
137
|
-
"ENV['AWS_S3_USE_ARN_REGION']"
|
170
|
+
'Must provide either `true` or `false` for the '\
|
171
|
+
'`s3_use_arn_region` profile option or for '\
|
172
|
+
"ENV['AWS_S3_USE_ARN_REGION']."
|
138
173
|
end
|
139
174
|
value
|
140
175
|
end
|
141
176
|
|
142
|
-
# Remove ARN from the path
|
143
|
-
# This only works because accesspoints care about the URL
|
177
|
+
# Remove ARN from the path because we've already set the new host
|
144
178
|
def url_path(path, arn)
|
145
179
|
path = path.sub("/#{Seahorse::Util.uri_escape(arn.to_s)}", '')
|
146
180
|
.sub("/#{arn}", '')
|
@@ -149,33 +183,40 @@ be made. Set to `false` to use the client's region instead.
|
|
149
183
|
end
|
150
184
|
|
151
185
|
def validate_region_config!(arn, region, use_arn_region)
|
152
|
-
|
153
|
-
|
154
|
-
|
155
|
-
|
156
|
-
|
157
|
-
(region == 's3-external-1' || region == 'aws-global')
|
158
|
-
if !fips && arn.region.include?('fips')
|
159
|
-
raise ArgumentError,
|
160
|
-
'FIPS region ARNs are not supported for this type of ARN.'
|
186
|
+
if ['s3-external-1', 'aws-global'].include?(region)
|
187
|
+
# These "regions" are not regional endpoints
|
188
|
+
unless use_arn_region
|
189
|
+
raise Aws::Errors::InvalidARNRegionError,
|
190
|
+
'Configured client region is not a regional endpoint.'
|
161
191
|
end
|
162
|
-
|
163
|
-
|
164
|
-
|
165
|
-
|
166
|
-
'ARN without s3_use_arn_region.'
|
192
|
+
# These "regions" are in the AWS partition
|
193
|
+
# Cannot use ARN region unless it's the same partition
|
194
|
+
unless arn.partition == 'aws'
|
195
|
+
raise Aws::Errors::InvalidARNPartitionError
|
167
196
|
end
|
168
|
-
|
169
|
-
|
170
|
-
|
197
|
+
else
|
198
|
+
if region.include?('fips')
|
199
|
+
# If ARN type doesn't support FIPS but the client region is FIPS
|
200
|
+
unless arn.support_fips?
|
201
|
+
raise ArgumentError,
|
202
|
+
'FIPS client regions are not supported for this type '\
|
203
|
+
'of ARN.'
|
204
|
+
end
|
205
|
+
|
206
|
+
fips = true
|
207
|
+
# Normalize the region so we can compare partition and regions
|
171
208
|
region = region.gsub('fips-', '').gsub('-fips', '')
|
172
209
|
end
|
210
|
+
|
211
|
+
# Raise if the ARN and client regions are in different partitions
|
173
212
|
if use_arn_region &&
|
174
213
|
!Aws::Partitions.partition(arn.partition).region?(region)
|
175
214
|
raise Aws::Errors::InvalidARNPartitionError
|
176
215
|
end
|
177
216
|
|
178
|
-
|
217
|
+
# Raise if regions mismatch
|
218
|
+
# Either when it's a fips client or not using the ARN region
|
219
|
+
if (!use_arn_region || fips) && region != arn.region
|
179
220
|
raise Aws::Errors::InvalidARNRegionError
|
180
221
|
end
|
181
222
|
end
|