aws-sdk-s3 1.96.2 → 1.132.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (66) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +256 -0
  3. data/VERSION +1 -1
  4. data/lib/aws-sdk-s3/bucket.rb +226 -76
  5. data/lib/aws-sdk-s3/bucket_acl.rb +30 -7
  6. data/lib/aws-sdk-s3/bucket_cors.rb +35 -10
  7. data/lib/aws-sdk-s3/bucket_lifecycle.rb +39 -12
  8. data/lib/aws-sdk-s3/bucket_lifecycle_configuration.rb +40 -10
  9. data/lib/aws-sdk-s3/bucket_logging.rb +30 -7
  10. data/lib/aws-sdk-s3/bucket_notification.rb +28 -10
  11. data/lib/aws-sdk-s3/bucket_policy.rb +35 -10
  12. data/lib/aws-sdk-s3/bucket_request_payment.rb +30 -7
  13. data/lib/aws-sdk-s3/bucket_tagging.rb +35 -10
  14. data/lib/aws-sdk-s3/bucket_versioning.rb +78 -17
  15. data/lib/aws-sdk-s3/bucket_website.rb +35 -10
  16. data/lib/aws-sdk-s3/client.rb +3854 -2120
  17. data/lib/aws-sdk-s3/client_api.rb +601 -208
  18. data/lib/aws-sdk-s3/customizations/bucket.rb +23 -47
  19. data/lib/aws-sdk-s3/customizations/errors.rb +27 -0
  20. data/lib/aws-sdk-s3/customizations/object.rb +130 -24
  21. data/lib/aws-sdk-s3/customizations/types/permanent_redirect.rb +26 -0
  22. data/lib/aws-sdk-s3/customizations.rb +2 -0
  23. data/lib/aws-sdk-s3/encryption/client.rb +7 -3
  24. data/lib/aws-sdk-s3/encryption/decrypt_handler.rb +0 -4
  25. data/lib/aws-sdk-s3/encryption/kms_cipher_provider.rb +13 -9
  26. data/lib/aws-sdk-s3/encryptionV2/client.rb +7 -3
  27. data/lib/aws-sdk-s3/encryptionV2/decrypt_handler.rb +1 -4
  28. data/lib/aws-sdk-s3/encryptionV2/encrypt_handler.rb +0 -4
  29. data/lib/aws-sdk-s3/encryptionV2/kms_cipher_provider.rb +10 -6
  30. data/lib/aws-sdk-s3/endpoint_parameters.rb +146 -0
  31. data/lib/aws-sdk-s3/endpoint_provider.rb +509 -0
  32. data/lib/aws-sdk-s3/endpoints.rb +2150 -0
  33. data/lib/aws-sdk-s3/file_downloader.rb +57 -27
  34. data/lib/aws-sdk-s3/file_uploader.rb +12 -5
  35. data/lib/aws-sdk-s3/multipart_file_uploader.rb +26 -7
  36. data/lib/aws-sdk-s3/multipart_stream_uploader.rb +41 -13
  37. data/lib/aws-sdk-s3/multipart_upload.rb +138 -16
  38. data/lib/aws-sdk-s3/multipart_upload_part.rb +144 -18
  39. data/lib/aws-sdk-s3/object.rb +364 -160
  40. data/lib/aws-sdk-s3/object_acl.rb +32 -9
  41. data/lib/aws-sdk-s3/object_copier.rb +7 -5
  42. data/lib/aws-sdk-s3/object_multipart_copier.rb +41 -19
  43. data/lib/aws-sdk-s3/object_summary.rb +291 -123
  44. data/lib/aws-sdk-s3/object_version.rb +99 -46
  45. data/lib/aws-sdk-s3/plugins/accelerate.rb +3 -44
  46. data/lib/aws-sdk-s3/plugins/arn.rb +22 -180
  47. data/lib/aws-sdk-s3/plugins/bucket_dns.rb +3 -39
  48. data/lib/aws-sdk-s3/plugins/bucket_name_restrictions.rb +1 -6
  49. data/lib/aws-sdk-s3/plugins/dualstack.rb +1 -55
  50. data/lib/aws-sdk-s3/plugins/endpoints.rb +262 -0
  51. data/lib/aws-sdk-s3/plugins/expect_100_continue.rb +2 -1
  52. data/lib/aws-sdk-s3/plugins/iad_regional_endpoint.rb +6 -29
  53. data/lib/aws-sdk-s3/plugins/md5s.rb +5 -3
  54. data/lib/aws-sdk-s3/plugins/s3_signer.rb +35 -100
  55. data/lib/aws-sdk-s3/plugins/skip_whole_multipart_get_checksums.rb +31 -0
  56. data/lib/aws-sdk-s3/plugins/streaming_retry.rb +23 -2
  57. data/lib/aws-sdk-s3/presigned_post.rb +99 -78
  58. data/lib/aws-sdk-s3/presigner.rb +24 -29
  59. data/lib/aws-sdk-s3/resource.rb +25 -3
  60. data/lib/aws-sdk-s3/types.rb +3307 -4625
  61. data/lib/aws-sdk-s3.rb +5 -1
  62. metadata +14 -11
  63. data/lib/aws-sdk-s3/arn/access_point_arn.rb +0 -69
  64. data/lib/aws-sdk-s3/arn/object_lambda_arn.rb +0 -69
  65. data/lib/aws-sdk-s3/arn/outpost_access_point_arn.rb +0 -73
  66. data/lib/aws-sdk-s3/plugins/object_lambda_endpoint.rb +0 -25
@@ -56,6 +56,12 @@ module Aws::S3
56
56
  data[:etag]
57
57
  end
58
58
 
59
+ # The algorithm that was used to create a checksum of the object.
60
+ # @return [Array<String>]
61
+ def checksum_algorithm
62
+ data[:checksum_algorithm]
63
+ end
64
+
59
65
  # Size in bytes of the object.
60
66
  # @return [Integer]
61
67
  def size
@@ -99,6 +105,20 @@ module Aws::S3
99
105
  data[:owner]
100
106
  end
101
107
 
108
+ # Specifies the restoration status of an object. Objects in certain
109
+ # storage classes must be restored before they can be retrieved. For
110
+ # more information about these storage classes and how to work with
111
+ # archived objects, see [ Working with archived objects][1] in the
112
+ # *Amazon S3 User Guide*.
113
+ #
114
+ #
115
+ #
116
+ # [1]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/archived-objects.html
117
+ # @return [Types::RestoreStatus]
118
+ def restore_status
119
+ data[:restore_status]
120
+ end
121
+
102
122
  # @!endgroup
103
123
 
104
124
  # @return [Client]
@@ -223,7 +243,9 @@ module Aws::S3
223
243
  :retry
224
244
  end
225
245
  end
226
- Aws::Waiters::Waiter.new(options).wait({})
246
+ Aws::Plugins::UserAgent.feature('resource') do
247
+ Aws::Waiters::Waiter.new(options).wait({})
248
+ end
227
249
  end
228
250
 
229
251
  # @!group Actions
@@ -245,8 +267,8 @@ module Aws::S3
245
267
  # @option options [String] :request_payer
246
268
  # Confirms that the requester knows that they will be charged for the
247
269
  # request. Bucket owners need not specify this parameter in their
248
- # requests. For information about downloading objects from requester
249
- # pays buckets, see [Downloading Objects in Requestor Pays Buckets][1]
270
+ # requests. For information about downloading objects from Requester
271
+ # Pays buckets, see [Downloading Objects in Requester Pays Buckets][1]
250
272
  # in the *Amazon S3 User Guide*.
251
273
  #
252
274
  #
@@ -254,11 +276,12 @@ module Aws::S3
254
276
  # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html
255
277
  # @option options [Boolean] :bypass_governance_retention
256
278
  # Indicates whether S3 Object Lock should bypass Governance-mode
257
- # restrictions to process this operation.
279
+ # restrictions to process this operation. To use this header, you must
280
+ # have the `s3:BypassGovernanceRetention` permission.
258
281
  # @option options [String] :expected_bucket_owner
259
282
  # The account ID of the expected bucket owner. If the bucket is owned by
260
- # a different account, the request will fail with an HTTP `403 (Access
261
- # Denied)` error.
283
+ # a different account, the request fails with the HTTP status code `403
284
+ # Forbidden` (access denied).
262
285
  # @return [Types::DeleteObjectOutput]
263
286
  def delete(options = {})
264
287
  options = options.merge(
@@ -266,7 +289,9 @@ module Aws::S3
266
289
  key: @object_key,
267
290
  version_id: @id
268
291
  )
269
- resp = @client.delete_object(options)
292
+ resp = Aws::Plugins::UserAgent.feature('resource') do
293
+ @client.delete_object(options)
294
+ end
270
295
  resp.data
271
296
  end
272
297
 
@@ -290,24 +315,25 @@ module Aws::S3
290
315
  # request_payer: "requester", # accepts requester
291
316
  # part_number: 1,
292
317
  # expected_bucket_owner: "AccountId",
318
+ # checksum_mode: "ENABLED", # accepts ENABLED
293
319
  # })
294
320
  # @param [Hash] options ({})
295
321
  # @option options [String] :if_match
296
322
  # Return the object only if its entity tag (ETag) is the same as the one
297
- # specified, otherwise return a 412 (precondition failed).
323
+ # specified; otherwise, return a 412 (precondition failed) error.
298
324
  # @option options [Time,DateTime,Date,Integer,String] :if_modified_since
299
325
  # Return the object only if it has been modified since the specified
300
- # time, otherwise return a 304 (not modified).
326
+ # time; otherwise, return a 304 (not modified) error.
301
327
  # @option options [String] :if_none_match
302
328
  # Return the object only if its entity tag (ETag) is different from the
303
- # one specified, otherwise return a 304 (not modified).
329
+ # one specified; otherwise, return a 304 (not modified) error.
304
330
  # @option options [Time,DateTime,Date,Integer,String] :if_unmodified_since
305
331
  # Return the object only if it has not been modified since the specified
306
- # time, otherwise return a 412 (precondition failed).
332
+ # time; otherwise, return a 412 (precondition failed) error.
307
333
  # @option options [String] :range
308
334
  # Downloads the specified range bytes of an object. For more information
309
335
  # about the HTTP Range header, see
310
- # [https://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.35][1].
336
+ # [https://www.rfc-editor.org/rfc/rfc9110.html#name-range][1].
311
337
  #
312
338
  # <note markdown="1"> Amazon S3 doesn't support retrieving multiple ranges of data per
313
339
  # `GET` request.
@@ -316,7 +342,7 @@ module Aws::S3
316
342
  #
317
343
  #
318
344
  #
319
- # [1]: https://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.35
345
+ # [1]: https://www.rfc-editor.org/rfc/rfc9110.html#name-range
320
346
  # @option options [String] :response_cache_control
321
347
  # Sets the `Cache-Control` header of the response.
322
348
  # @option options [String] :response_content_disposition
@@ -345,8 +371,8 @@ module Aws::S3
345
371
  # @option options [String] :request_payer
346
372
  # Confirms that the requester knows that they will be charged for the
347
373
  # request. Bucket owners need not specify this parameter in their
348
- # requests. For information about downloading objects from requester
349
- # pays buckets, see [Downloading Objects in Requestor Pays Buckets][1]
374
+ # requests. For information about downloading objects from Requester
375
+ # Pays buckets, see [Downloading Objects in Requester Pays Buckets][1]
350
376
  # in the *Amazon S3 User Guide*.
351
377
  #
352
378
  #
@@ -359,8 +385,10 @@ module Aws::S3
359
385
  # object.
360
386
  # @option options [String] :expected_bucket_owner
361
387
  # The account ID of the expected bucket owner. If the bucket is owned by
362
- # a different account, the request will fail with an HTTP `403 (Access
363
- # Denied)` error.
388
+ # a different account, the request fails with the HTTP status code `403
389
+ # Forbidden` (access denied).
390
+ # @option options [String] :checksum_mode
391
+ # To retrieve the checksum, this mode must be enabled.
364
392
  # @return [Types::GetObjectOutput]
365
393
  def get(options = {}, &block)
366
394
  options = options.merge(
@@ -368,7 +396,9 @@ module Aws::S3
368
396
  key: @object_key,
369
397
  version_id: @id
370
398
  )
371
- resp = @client.get_object(options, &block)
399
+ resp = Aws::Plugins::UserAgent.feature('resource') do
400
+ @client.get_object(options, &block)
401
+ end
372
402
  resp.data
373
403
  end
374
404
 
@@ -386,33 +416,26 @@ module Aws::S3
386
416
  # request_payer: "requester", # accepts requester
387
417
  # part_number: 1,
388
418
  # expected_bucket_owner: "AccountId",
419
+ # checksum_mode: "ENABLED", # accepts ENABLED
389
420
  # })
390
421
  # @param [Hash] options ({})
391
422
  # @option options [String] :if_match
392
423
  # Return the object only if its entity tag (ETag) is the same as the one
393
- # specified, otherwise return a 412 (precondition failed).
424
+ # specified; otherwise, return a 412 (precondition failed) error.
394
425
  # @option options [Time,DateTime,Date,Integer,String] :if_modified_since
395
426
  # Return the object only if it has been modified since the specified
396
- # time, otherwise return a 304 (not modified).
427
+ # time; otherwise, return a 304 (not modified) error.
397
428
  # @option options [String] :if_none_match
398
429
  # Return the object only if its entity tag (ETag) is different from the
399
- # one specified, otherwise return a 304 (not modified).
430
+ # one specified; otherwise, return a 304 (not modified) error.
400
431
  # @option options [Time,DateTime,Date,Integer,String] :if_unmodified_since
401
432
  # Return the object only if it has not been modified since the specified
402
- # time, otherwise return a 412 (precondition failed).
433
+ # time; otherwise, return a 412 (precondition failed) error.
403
434
  # @option options [String] :range
404
- # Downloads the specified range bytes of an object. For more information
405
- # about the HTTP Range header, see
406
- # [http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.35][1].
407
- #
408
- # <note markdown="1"> Amazon S3 doesn't support retrieving multiple ranges of data per
409
- # `GET` request.
410
- #
411
- # </note>
412
- #
413
- #
414
- #
415
- # [1]: http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.35
435
+ # HeadObject returns only the metadata for an object. If the Range is
436
+ # satisfiable, only the `ContentLength` is affected in the response. If
437
+ # the Range is not satisfiable, S3 returns a `416 - Requested Range Not
438
+ # Satisfiable` error.
416
439
  # @option options [String] :sse_customer_algorithm
417
440
  # Specifies the algorithm to use to when encrypting the object (for
418
441
  # example, AES256).
@@ -429,8 +452,8 @@ module Aws::S3
429
452
  # @option options [String] :request_payer
430
453
  # Confirms that the requester knows that they will be charged for the
431
454
  # request. Bucket owners need not specify this parameter in their
432
- # requests. For information about downloading objects from requester
433
- # pays buckets, see [Downloading Objects in Requestor Pays Buckets][1]
455
+ # requests. For information about downloading objects from Requester
456
+ # Pays buckets, see [Downloading Objects in Requester Pays Buckets][1]
434
457
  # in the *Amazon S3 User Guide*.
435
458
  #
436
459
  #
@@ -443,8 +466,15 @@ module Aws::S3
443
466
  # the number of parts in this object.
444
467
  # @option options [String] :expected_bucket_owner
445
468
  # The account ID of the expected bucket owner. If the bucket is owned by
446
- # a different account, the request will fail with an HTTP `403 (Access
447
- # Denied)` error.
469
+ # a different account, the request fails with the HTTP status code `403
470
+ # Forbidden` (access denied).
471
+ # @option options [String] :checksum_mode
472
+ # To retrieve the checksum, this parameter must be enabled.
473
+ #
474
+ # In addition, if you enable `ChecksumMode` and the object is encrypted
475
+ # with Amazon Web Services Key Management Service (Amazon Web Services
476
+ # KMS), you must have permission to use the `kms:Decrypt` action for the
477
+ # request to succeed.
448
478
  # @return [Types::HeadObjectOutput]
449
479
  def head(options = {})
450
480
  options = options.merge(
@@ -452,7 +482,9 @@ module Aws::S3
452
482
  key: @object_key,
453
483
  version_id: @id
454
484
  )
455
- resp = @client.head_object(options)
485
+ resp = Aws::Plugins::UserAgent.feature('resource') do
486
+ @client.head_object(options)
487
+ end
456
488
  resp.data
457
489
  end
458
490
 
@@ -524,6 +556,7 @@ module Aws::S3
524
556
  # request_payer: "requester", # accepts requester
525
557
  # bypass_governance_retention: false,
526
558
  # expected_bucket_owner: "AccountId",
559
+ # checksum_algorithm: "CRC32", # accepts CRC32, CRC32C, SHA1, SHA256
527
560
  # })
528
561
  # @param options ({})
529
562
  # @option options [String] :mfa
@@ -534,8 +567,8 @@ module Aws::S3
534
567
  # @option options [String] :request_payer
535
568
  # Confirms that the requester knows that they will be charged for the
536
569
  # request. Bucket owners need not specify this parameter in their
537
- # requests. For information about downloading objects from requester
538
- # pays buckets, see [Downloading Objects in Requestor Pays Buckets][1]
570
+ # requests. For information about downloading objects from Requester
571
+ # Pays buckets, see [Downloading Objects in Requester Pays Buckets][1]
539
572
  # in the *Amazon S3 User Guide*.
540
573
  #
541
574
  #
@@ -543,12 +576,30 @@ module Aws::S3
543
576
  # [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html
544
577
  # @option options [Boolean] :bypass_governance_retention
545
578
  # Specifies whether you want to delete this object even if it has a
546
- # Governance-type Object Lock in place. You must have sufficient
547
- # permissions to perform this operation.
579
+ # Governance-type Object Lock in place. To use this header, you must
580
+ # have the `s3:BypassGovernanceRetention` permission.
548
581
  # @option options [String] :expected_bucket_owner
549
582
  # The account ID of the expected bucket owner. If the bucket is owned by
550
- # a different account, the request will fail with an HTTP `403 (Access
551
- # Denied)` error.
583
+ # a different account, the request fails with the HTTP status code `403
584
+ # Forbidden` (access denied).
585
+ # @option options [String] :checksum_algorithm
586
+ # Indicates the algorithm used to create the checksum for the object
587
+ # when using the SDK. This header will not provide any additional
588
+ # functionality if not using the SDK. When sending this header, there
589
+ # must be a corresponding `x-amz-checksum` or `x-amz-trailer` header
590
+ # sent. Otherwise, Amazon S3 fails the request with the HTTP status code
591
+ # `400 Bad Request`. For more information, see [Checking object
592
+ # integrity][1] in the *Amazon S3 User Guide*.
593
+ #
594
+ # If you provide an individual checksum, Amazon S3 ignores any provided
595
+ # `ChecksumAlgorithm` parameter.
596
+ #
597
+ # This checksum algorithm must be the same for all parts and it match
598
+ # the checksum value supplied in the `CreateMultipartUpload` request.
599
+ #
600
+ #
601
+ #
602
+ # [1]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html
552
603
  # @return [void]
553
604
  def batch_delete!(options = {})
554
605
  batch_enum.each do |batch|
@@ -562,7 +613,9 @@ module Aws::S3
562
613
  version_id: item.id
563
614
  }
564
615
  end
565
- batch[0].client.delete_objects(params)
616
+ Aws::Plugins::UserAgent.feature('resource') do
617
+ batch[0].client.delete_objects(params)
618
+ end
566
619
  end
567
620
  nil
568
621
  end
@@ -23,67 +23,26 @@ each bucket. [Go here for more information](http://docs.aws.amazon.com/AmazonS3/
23
23
  operations = config.api.operation_names - [
24
24
  :create_bucket, :list_buckets, :delete_bucket
25
25
  ]
26
- # Need 2 handlers so that the context can be set for other plugins
27
- # and to remove :use_accelerate_endpoint from the params.
28
26
  handlers.add(
29
27
  OptionHandler, step: :initialize, operations: operations
30
28
  )
31
- handlers.add(
32
- AccelerateHandler, step: :build, priority: 11, operations: operations
33
- )
34
29
  end
35
30
 
36
31
  # @api private
37
32
  class OptionHandler < Seahorse::Client::Handler
38
33
  def call(context)
39
34
  # Support client configuration and per-operation configuration
35
+ # TODO: move this to an options hash and warn here.
40
36
  if context.params.is_a?(Hash)
41
37
  accelerate = context.params.delete(:use_accelerate_endpoint)
42
38
  end
43
- accelerate = context.config.use_accelerate_endpoint if accelerate.nil?
44
- # Raise if :endpoint and dualstack are both provided
45
- if accelerate && !context.config.regional_endpoint
46
- raise ArgumentError,
47
- 'Cannot use both :use_accelerate_endpoint and :endpoint'
39
+ if accelerate.nil?
40
+ accelerate = context.config.use_accelerate_endpoint
48
41
  end
49
42
  context[:use_accelerate_endpoint] = accelerate
50
43
  @handler.call(context)
51
44
  end
52
45
  end
53
-
54
- # @api private
55
- class AccelerateHandler < Seahorse::Client::Handler
56
- def call(context)
57
- if context.config.regional_endpoint && context[:use_accelerate_endpoint]
58
- dualstack = !!context[:use_dualstack_endpoint]
59
- use_accelerate_endpoint(context, dualstack)
60
- end
61
- @handler.call(context)
62
- end
63
-
64
- private
65
-
66
- def use_accelerate_endpoint(context, dualstack)
67
- bucket_name = context.params[:bucket]
68
- validate_bucket_name!(bucket_name)
69
- endpoint = URI.parse(context.http_request.endpoint.to_s)
70
- endpoint.scheme = 'https'
71
- endpoint.port = 443
72
- endpoint.host = "#{bucket_name}.s3-accelerate"\
73
- "#{'.dualstack' if dualstack}.amazonaws.com"
74
- context.http_request.endpoint = endpoint.to_s
75
- # s3 accelerate endpoint doesn't work with 'expect' header
76
- context.http_request.headers.delete('expect')
77
- end
78
-
79
- def validate_bucket_name!(bucket_name)
80
- unless BucketDns.dns_compatible?(bucket_name, _ssl = true)
81
- raise ArgumentError,
82
- 'Unable to use `use_accelerate_endpoint: true` on buckets '\
83
- 'with non-DNS compatible names.'
84
- end
85
- end
86
- end
87
46
  end
88
47
  end
89
48
  end
@@ -1,9 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
- require_relative '../arn/access_point_arn'
4
- require_relative '../arn/object_lambda_arn'
5
- require_relative '../arn/outpost_access_point_arn'
6
-
7
3
  module Aws
8
4
  module S3
9
5
  module Plugins
@@ -23,142 +19,21 @@ be made. Set to `false` to use the client's region instead.
23
19
  resolve_s3_use_arn_region(cfg)
24
20
  end
25
21
 
26
- # param validator is validate:50
27
- # endpoint is build:90 (populates the URI for the first time)
28
- # endpoint pattern is build:10
29
- def add_handlers(handlers, _config)
30
- handlers.add(ARNHandler, step: :validate, priority: 75)
31
- handlers.add(UrlHandler)
32
- end
33
-
34
- # After extracting out any ARN input, resolve a new URL with it.
35
- class UrlHandler < Seahorse::Client::Handler
36
- def call(context)
37
- if context.metadata[:s3_arn]
38
- ARN.resolve_url!(
39
- context.http_request.endpoint,
40
- context.metadata[:s3_arn][:arn],
41
- context.metadata[:s3_arn][:resolved_region],
42
- context.metadata[:s3_arn][:fips],
43
- context.metadata[:s3_arn][:dualstack],
44
- # if regional_endpoint is false, a custom endpoint was provided
45
- # in this case, we want to prefix the endpoint using the ARN
46
- !context.config.regional_endpoint
47
- )
48
- end
49
- @handler.call(context)
50
- end
51
- end
52
-
53
- # This plugin will extract out any ARN input and set context for other
54
- # plugins to use without having to translate the ARN again.
55
- class ARNHandler < Seahorse::Client::Handler
56
- def call(context)
57
- bucket_member = _bucket_member(context.operation.input.shape)
58
- if bucket_member && (bucket = context.params[bucket_member])
59
- resolved_region, arn = ARN.resolve_arn!(
60
- bucket,
61
- context.config.region,
62
- context.config.s3_use_arn_region
63
- )
64
- if arn
65
- validate_config!(context, arn)
66
-
67
- fips = false
68
- if resolved_region.include?('fips')
69
- fips = true
70
- resolved_region = resolved_region.gsub('fips-', '')
71
- .gsub('-fips', '')
72
- end
73
-
74
- context.metadata[:s3_arn] = {
75
- arn: arn,
76
- resolved_region: resolved_region,
77
- fips: fips,
78
- dualstack: extract_dualstack_config!(context)
79
- }
80
- end
81
- end
82
- @handler.call(context)
83
- end
84
-
85
- private
86
-
87
- def _bucket_member(input)
88
- input.members.each do |member, ref|
89
- return member if ref.shape.name == 'BucketName'
90
- end
91
- nil
92
- end
93
-
94
- # other plugins use dualstack so disable it when we're done
95
- def extract_dualstack_config!(context)
96
- dualstack = context[:use_dualstack_endpoint]
97
- context[:use_dualstack_endpoint] = false if dualstack
98
- dualstack
99
- end
100
-
101
- def validate_config!(context, arn)
102
- if context.config.force_path_style
103
- raise ArgumentError,
104
- 'Cannot provide an Access Point ARN when '\
105
- '`:force_path_style` is set to true.'
106
- end
107
-
108
- if context.config.use_accelerate_endpoint
109
- raise ArgumentError,
110
- 'Cannot provide an Access Point ARN when '\
111
- '`:use_accelerate_endpoint` is set to true.'
112
- end
113
-
114
- if !arn.support_dualstack? && context[:use_dualstack_endpoint]
115
- raise ArgumentError,
116
- 'Cannot provide an Outpost Access Point ARN when '\
117
- '`:use_dualstack_endpoint` is set to true.'
118
- end
119
- end
22
+ option(
23
+ :s3_disable_multiregion_access_points,
24
+ default: false,
25
+ doc_type: 'Boolean',
26
+ docstring: <<-DOCS) do |cfg|
27
+ When set to `false` this will option will raise errors when multi-region
28
+ access point ARNs are used. Multi-region access points can potentially
29
+ result in cross region requests.
30
+ DOCS
31
+ resolve_s3_disable_multiregion_access_points(cfg)
120
32
  end
121
33
 
122
34
  class << self
123
- # @api private
124
- def resolve_arn!(member_value, region, use_arn_region)
125
- if Aws::ARNParser.arn?(member_value)
126
- arn = Aws::ARNParser.parse(member_value)
127
- s3_arn = resolve_arn_type!(arn)
128
- s3_arn.validate_arn!
129
- validate_region_config!(s3_arn, region, use_arn_region)
130
- region = s3_arn.region if use_arn_region && !region.include?('fips')
131
- [region, s3_arn]
132
- else
133
- [region]
134
- end
135
- end
136
-
137
- # @api private
138
- def resolve_url!(url, arn, region, fips = false, dualstack = false, has_custom_endpoint = false)
139
- custom_endpoint = url.host if has_custom_endpoint
140
- url.host = arn.host_url(region, fips, dualstack, custom_endpoint)
141
- url.path = url_path(url.path, arn)
142
- url
143
- end
144
-
145
35
  private
146
36
 
147
- def resolve_arn_type!(arn)
148
- case arn.service
149
- when 's3'
150
- Aws::S3::AccessPointARN.new(arn.to_h)
151
- when 's3-outposts'
152
- Aws::S3::OutpostAccessPointARN.new(arn.to_h)
153
- when 's3-object-lambda'
154
- Aws::S3::ObjectLambdaARN.new(arn.to_h)
155
- else
156
- raise ArgumentError,
157
- 'Only Access Point, Outposts, and Object Lambdas ARNs '\
158
- 'are currently supported.'
159
- end
160
- end
161
-
162
37
  def resolve_s3_use_arn_region(cfg)
163
38
  value = ENV['AWS_S3_USE_ARN_REGION'] ||
164
39
  Aws.shared_config.s3_use_arn_region(profile: cfg.profile) ||
@@ -174,52 +49,19 @@ be made. Set to `false` to use the client's region instead.
174
49
  value
175
50
  end
176
51
 
177
- # Remove ARN from the path because we've already set the new host
178
- def url_path(path, arn)
179
- path = path.sub("/#{Seahorse::Util.uri_escape(arn.to_s)}", '')
180
- .sub("/#{arn}", '')
181
- "/#{path}" unless path =~ /^\//
182
- path
183
- end
184
-
185
- def validate_region_config!(arn, region, use_arn_region)
186
- if ['s3-external-1', 'aws-global'].include?(region)
187
- # These "regions" are not regional endpoints
188
- unless use_arn_region
189
- raise Aws::Errors::InvalidARNRegionError,
190
- 'Configured client region is not a regional endpoint.'
191
- end
192
- # These "regions" are in the AWS partition
193
- # Cannot use ARN region unless it's the same partition
194
- unless arn.partition == 'aws'
195
- raise Aws::Errors::InvalidARNPartitionError
196
- end
197
- else
198
- if region.include?('fips')
199
- # If ARN type doesn't support FIPS but the client region is FIPS
200
- unless arn.support_fips?
201
- raise ArgumentError,
202
- 'FIPS client regions are not supported for this type '\
203
- 'of ARN.'
204
- end
205
-
206
- fips = true
207
- # Normalize the region so we can compare partition and regions
208
- region = region.gsub('fips-', '').gsub('-fips', '')
209
- end
210
-
211
- # Raise if the ARN and client regions are in different partitions
212
- if use_arn_region &&
213
- !Aws::Partitions.partition(arn.partition).region?(region)
214
- raise Aws::Errors::InvalidARNPartitionError
215
- end
216
-
217
- # Raise if regions mismatch
218
- # Either when it's a fips client or not using the ARN region
219
- if (!use_arn_region || fips) && region != arn.region
220
- raise Aws::Errors::InvalidARNRegionError
221
- end
52
+ def resolve_s3_disable_multiregion_access_points(cfg)
53
+ value = ENV['AWS_S3_DISABLE_MULTIREGION_ACCESS_POINTS'] ||
54
+ Aws.shared_config.s3_disable_multiregion_access_points(profile: cfg.profile) ||
55
+ 'false'
56
+ value = Aws::Util.str_2_bool(value)
57
+ # Raise if provided value is not true or false
58
+ if value.nil?
59
+ raise ArgumentError,
60
+ 'Must provide either `true` or `false` for '\
61
+ 's3_use_arn_region profile option or for '\
62
+ "ENV['AWS_S3_USE_ARN_REGION']"
222
63
  end
64
+ value
223
65
  end
224
66
  end
225
67
  end
@@ -23,45 +23,10 @@ When set to `true`, the bucket name is always left in the
23
23
  request URI and never moved to the host as a sub-domain.
24
24
  DOCS
25
25
 
26
- def add_handlers(handlers, config)
27
- handlers.add(Handler) unless config.force_path_style
28
- end
29
-
30
- # @api private
31
- class Handler < Seahorse::Client::Handler
32
-
33
- def call(context)
34
- move_dns_compat_bucket_to_subdomain(context)
35
- @handler.call(context)
36
- end
37
-
38
- private
39
-
40
- def move_dns_compat_bucket_to_subdomain(context)
41
- bucket_name = context.params[:bucket]
42
- endpoint = context.http_request.endpoint
43
- if bucket_name &&
44
- BucketDns.dns_compatible?(bucket_name, https?(endpoint)) &&
45
- context.operation_name.to_s != 'get_bucket_location'
46
- move_bucket_to_subdomain(bucket_name, endpoint)
47
- end
48
- end
49
-
50
- def move_bucket_to_subdomain(bucket_name, endpoint)
51
- endpoint.host = "#{bucket_name}.#{endpoint.host}"
52
- path = endpoint.path.sub("/#{bucket_name}", '')
53
- path = "/#{path}" unless path.match(/^\//)
54
- endpoint.path = path
55
- end
56
-
57
- def https?(uri)
58
- uri.scheme == 'https'
59
- end
60
-
61
- end
62
-
26
+ # These class methods were originally used in a handler in this plugin.
27
+ # SigV2 legacy signer needs this logic so we keep it here as utility.
28
+ # New endpoint resolution will check this as a matcher.
63
29
  class << self
64
-
65
30
  # @param [String] bucket_name
66
31
  # @param [Boolean] ssl
67
32
  # @return [Boolean]
@@ -81,7 +46,6 @@ request URI and never moved to the host as a sub-domain.
81
46
  bucket_name !~ /(\d+\.){3}\d+/ &&
82
47
  bucket_name !~ /[.-]{2}/
83
48
  end
84
-
85
49
  end
86
50
  end
87
51
  end
@@ -13,12 +13,7 @@ module Aws
13
13
  def call(context)
14
14
  bucket_member = _bucket_member(context.operation.input.shape)
15
15
  if bucket_member && (bucket = context.params[bucket_member])
16
- _resolved_region, arn = ARN.resolve_arn!(
17
- bucket,
18
- context.config.region,
19
- context.config.s3_use_arn_region
20
- )
21
- if !arn && bucket.include?('/')
16
+ if !Aws::ARNParser.arn?(bucket) && bucket.include?('/')
22
17
  raise ArgumentError,
23
18
  'bucket name must not contain a forward-slash (/)'
24
19
  end