aws-sdk-s3 1.96.2 → 1.132.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +256 -0
- data/VERSION +1 -1
- data/lib/aws-sdk-s3/bucket.rb +226 -76
- data/lib/aws-sdk-s3/bucket_acl.rb +30 -7
- data/lib/aws-sdk-s3/bucket_cors.rb +35 -10
- data/lib/aws-sdk-s3/bucket_lifecycle.rb +39 -12
- data/lib/aws-sdk-s3/bucket_lifecycle_configuration.rb +40 -10
- data/lib/aws-sdk-s3/bucket_logging.rb +30 -7
- data/lib/aws-sdk-s3/bucket_notification.rb +28 -10
- data/lib/aws-sdk-s3/bucket_policy.rb +35 -10
- data/lib/aws-sdk-s3/bucket_request_payment.rb +30 -7
- data/lib/aws-sdk-s3/bucket_tagging.rb +35 -10
- data/lib/aws-sdk-s3/bucket_versioning.rb +78 -17
- data/lib/aws-sdk-s3/bucket_website.rb +35 -10
- data/lib/aws-sdk-s3/client.rb +3854 -2120
- data/lib/aws-sdk-s3/client_api.rb +601 -208
- data/lib/aws-sdk-s3/customizations/bucket.rb +23 -47
- data/lib/aws-sdk-s3/customizations/errors.rb +27 -0
- data/lib/aws-sdk-s3/customizations/object.rb +130 -24
- data/lib/aws-sdk-s3/customizations/types/permanent_redirect.rb +26 -0
- data/lib/aws-sdk-s3/customizations.rb +2 -0
- data/lib/aws-sdk-s3/encryption/client.rb +7 -3
- data/lib/aws-sdk-s3/encryption/decrypt_handler.rb +0 -4
- data/lib/aws-sdk-s3/encryption/kms_cipher_provider.rb +13 -9
- data/lib/aws-sdk-s3/encryptionV2/client.rb +7 -3
- data/lib/aws-sdk-s3/encryptionV2/decrypt_handler.rb +1 -4
- data/lib/aws-sdk-s3/encryptionV2/encrypt_handler.rb +0 -4
- data/lib/aws-sdk-s3/encryptionV2/kms_cipher_provider.rb +10 -6
- data/lib/aws-sdk-s3/endpoint_parameters.rb +146 -0
- data/lib/aws-sdk-s3/endpoint_provider.rb +509 -0
- data/lib/aws-sdk-s3/endpoints.rb +2150 -0
- data/lib/aws-sdk-s3/file_downloader.rb +57 -27
- data/lib/aws-sdk-s3/file_uploader.rb +12 -5
- data/lib/aws-sdk-s3/multipart_file_uploader.rb +26 -7
- data/lib/aws-sdk-s3/multipart_stream_uploader.rb +41 -13
- data/lib/aws-sdk-s3/multipart_upload.rb +138 -16
- data/lib/aws-sdk-s3/multipart_upload_part.rb +144 -18
- data/lib/aws-sdk-s3/object.rb +364 -160
- data/lib/aws-sdk-s3/object_acl.rb +32 -9
- data/lib/aws-sdk-s3/object_copier.rb +7 -5
- data/lib/aws-sdk-s3/object_multipart_copier.rb +41 -19
- data/lib/aws-sdk-s3/object_summary.rb +291 -123
- data/lib/aws-sdk-s3/object_version.rb +99 -46
- data/lib/aws-sdk-s3/plugins/accelerate.rb +3 -44
- data/lib/aws-sdk-s3/plugins/arn.rb +22 -180
- data/lib/aws-sdk-s3/plugins/bucket_dns.rb +3 -39
- data/lib/aws-sdk-s3/plugins/bucket_name_restrictions.rb +1 -6
- data/lib/aws-sdk-s3/plugins/dualstack.rb +1 -55
- data/lib/aws-sdk-s3/plugins/endpoints.rb +262 -0
- data/lib/aws-sdk-s3/plugins/expect_100_continue.rb +2 -1
- data/lib/aws-sdk-s3/plugins/iad_regional_endpoint.rb +6 -29
- data/lib/aws-sdk-s3/plugins/md5s.rb +5 -3
- data/lib/aws-sdk-s3/plugins/s3_signer.rb +35 -100
- data/lib/aws-sdk-s3/plugins/skip_whole_multipart_get_checksums.rb +31 -0
- data/lib/aws-sdk-s3/plugins/streaming_retry.rb +23 -2
- data/lib/aws-sdk-s3/presigned_post.rb +99 -78
- data/lib/aws-sdk-s3/presigner.rb +24 -29
- data/lib/aws-sdk-s3/resource.rb +25 -3
- data/lib/aws-sdk-s3/types.rb +3307 -4625
- data/lib/aws-sdk-s3.rb +5 -1
- metadata +14 -11
- data/lib/aws-sdk-s3/arn/access_point_arn.rb +0 -69
- data/lib/aws-sdk-s3/arn/object_lambda_arn.rb +0 -69
- data/lib/aws-sdk-s3/arn/outpost_access_point_arn.rb +0 -73
- data/lib/aws-sdk-s3/plugins/object_lambda_endpoint.rb +0 -25
@@ -56,6 +56,12 @@ module Aws::S3
|
|
56
56
|
data[:etag]
|
57
57
|
end
|
58
58
|
|
59
|
+
# The algorithm that was used to create a checksum of the object.
|
60
|
+
# @return [Array<String>]
|
61
|
+
def checksum_algorithm
|
62
|
+
data[:checksum_algorithm]
|
63
|
+
end
|
64
|
+
|
59
65
|
# Size in bytes of the object.
|
60
66
|
# @return [Integer]
|
61
67
|
def size
|
@@ -99,6 +105,20 @@ module Aws::S3
|
|
99
105
|
data[:owner]
|
100
106
|
end
|
101
107
|
|
108
|
+
# Specifies the restoration status of an object. Objects in certain
|
109
|
+
# storage classes must be restored before they can be retrieved. For
|
110
|
+
# more information about these storage classes and how to work with
|
111
|
+
# archived objects, see [ Working with archived objects][1] in the
|
112
|
+
# *Amazon S3 User Guide*.
|
113
|
+
#
|
114
|
+
#
|
115
|
+
#
|
116
|
+
# [1]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/archived-objects.html
|
117
|
+
# @return [Types::RestoreStatus]
|
118
|
+
def restore_status
|
119
|
+
data[:restore_status]
|
120
|
+
end
|
121
|
+
|
102
122
|
# @!endgroup
|
103
123
|
|
104
124
|
# @return [Client]
|
@@ -223,7 +243,9 @@ module Aws::S3
|
|
223
243
|
:retry
|
224
244
|
end
|
225
245
|
end
|
226
|
-
Aws::
|
246
|
+
Aws::Plugins::UserAgent.feature('resource') do
|
247
|
+
Aws::Waiters::Waiter.new(options).wait({})
|
248
|
+
end
|
227
249
|
end
|
228
250
|
|
229
251
|
# @!group Actions
|
@@ -245,8 +267,8 @@ module Aws::S3
|
|
245
267
|
# @option options [String] :request_payer
|
246
268
|
# Confirms that the requester knows that they will be charged for the
|
247
269
|
# request. Bucket owners need not specify this parameter in their
|
248
|
-
# requests. For information about downloading objects from
|
249
|
-
#
|
270
|
+
# requests. For information about downloading objects from Requester
|
271
|
+
# Pays buckets, see [Downloading Objects in Requester Pays Buckets][1]
|
250
272
|
# in the *Amazon S3 User Guide*.
|
251
273
|
#
|
252
274
|
#
|
@@ -254,11 +276,12 @@ module Aws::S3
|
|
254
276
|
# [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html
|
255
277
|
# @option options [Boolean] :bypass_governance_retention
|
256
278
|
# Indicates whether S3 Object Lock should bypass Governance-mode
|
257
|
-
# restrictions to process this operation.
|
279
|
+
# restrictions to process this operation. To use this header, you must
|
280
|
+
# have the `s3:BypassGovernanceRetention` permission.
|
258
281
|
# @option options [String] :expected_bucket_owner
|
259
282
|
# The account ID of the expected bucket owner. If the bucket is owned by
|
260
|
-
# a different account, the request
|
261
|
-
#
|
283
|
+
# a different account, the request fails with the HTTP status code `403
|
284
|
+
# Forbidden` (access denied).
|
262
285
|
# @return [Types::DeleteObjectOutput]
|
263
286
|
def delete(options = {})
|
264
287
|
options = options.merge(
|
@@ -266,7 +289,9 @@ module Aws::S3
|
|
266
289
|
key: @object_key,
|
267
290
|
version_id: @id
|
268
291
|
)
|
269
|
-
resp =
|
292
|
+
resp = Aws::Plugins::UserAgent.feature('resource') do
|
293
|
+
@client.delete_object(options)
|
294
|
+
end
|
270
295
|
resp.data
|
271
296
|
end
|
272
297
|
|
@@ -290,24 +315,25 @@ module Aws::S3
|
|
290
315
|
# request_payer: "requester", # accepts requester
|
291
316
|
# part_number: 1,
|
292
317
|
# expected_bucket_owner: "AccountId",
|
318
|
+
# checksum_mode: "ENABLED", # accepts ENABLED
|
293
319
|
# })
|
294
320
|
# @param [Hash] options ({})
|
295
321
|
# @option options [String] :if_match
|
296
322
|
# Return the object only if its entity tag (ETag) is the same as the one
|
297
|
-
# specified
|
323
|
+
# specified; otherwise, return a 412 (precondition failed) error.
|
298
324
|
# @option options [Time,DateTime,Date,Integer,String] :if_modified_since
|
299
325
|
# Return the object only if it has been modified since the specified
|
300
|
-
# time
|
326
|
+
# time; otherwise, return a 304 (not modified) error.
|
301
327
|
# @option options [String] :if_none_match
|
302
328
|
# Return the object only if its entity tag (ETag) is different from the
|
303
|
-
# one specified
|
329
|
+
# one specified; otherwise, return a 304 (not modified) error.
|
304
330
|
# @option options [Time,DateTime,Date,Integer,String] :if_unmodified_since
|
305
331
|
# Return the object only if it has not been modified since the specified
|
306
|
-
# time
|
332
|
+
# time; otherwise, return a 412 (precondition failed) error.
|
307
333
|
# @option options [String] :range
|
308
334
|
# Downloads the specified range bytes of an object. For more information
|
309
335
|
# about the HTTP Range header, see
|
310
|
-
# [https://www.
|
336
|
+
# [https://www.rfc-editor.org/rfc/rfc9110.html#name-range][1].
|
311
337
|
#
|
312
338
|
# <note markdown="1"> Amazon S3 doesn't support retrieving multiple ranges of data per
|
313
339
|
# `GET` request.
|
@@ -316,7 +342,7 @@ module Aws::S3
|
|
316
342
|
#
|
317
343
|
#
|
318
344
|
#
|
319
|
-
# [1]: https://www.
|
345
|
+
# [1]: https://www.rfc-editor.org/rfc/rfc9110.html#name-range
|
320
346
|
# @option options [String] :response_cache_control
|
321
347
|
# Sets the `Cache-Control` header of the response.
|
322
348
|
# @option options [String] :response_content_disposition
|
@@ -345,8 +371,8 @@ module Aws::S3
|
|
345
371
|
# @option options [String] :request_payer
|
346
372
|
# Confirms that the requester knows that they will be charged for the
|
347
373
|
# request. Bucket owners need not specify this parameter in their
|
348
|
-
# requests. For information about downloading objects from
|
349
|
-
#
|
374
|
+
# requests. For information about downloading objects from Requester
|
375
|
+
# Pays buckets, see [Downloading Objects in Requester Pays Buckets][1]
|
350
376
|
# in the *Amazon S3 User Guide*.
|
351
377
|
#
|
352
378
|
#
|
@@ -359,8 +385,10 @@ module Aws::S3
|
|
359
385
|
# object.
|
360
386
|
# @option options [String] :expected_bucket_owner
|
361
387
|
# The account ID of the expected bucket owner. If the bucket is owned by
|
362
|
-
# a different account, the request
|
363
|
-
#
|
388
|
+
# a different account, the request fails with the HTTP status code `403
|
389
|
+
# Forbidden` (access denied).
|
390
|
+
# @option options [String] :checksum_mode
|
391
|
+
# To retrieve the checksum, this mode must be enabled.
|
364
392
|
# @return [Types::GetObjectOutput]
|
365
393
|
def get(options = {}, &block)
|
366
394
|
options = options.merge(
|
@@ -368,7 +396,9 @@ module Aws::S3
|
|
368
396
|
key: @object_key,
|
369
397
|
version_id: @id
|
370
398
|
)
|
371
|
-
resp =
|
399
|
+
resp = Aws::Plugins::UserAgent.feature('resource') do
|
400
|
+
@client.get_object(options, &block)
|
401
|
+
end
|
372
402
|
resp.data
|
373
403
|
end
|
374
404
|
|
@@ -386,33 +416,26 @@ module Aws::S3
|
|
386
416
|
# request_payer: "requester", # accepts requester
|
387
417
|
# part_number: 1,
|
388
418
|
# expected_bucket_owner: "AccountId",
|
419
|
+
# checksum_mode: "ENABLED", # accepts ENABLED
|
389
420
|
# })
|
390
421
|
# @param [Hash] options ({})
|
391
422
|
# @option options [String] :if_match
|
392
423
|
# Return the object only if its entity tag (ETag) is the same as the one
|
393
|
-
# specified
|
424
|
+
# specified; otherwise, return a 412 (precondition failed) error.
|
394
425
|
# @option options [Time,DateTime,Date,Integer,String] :if_modified_since
|
395
426
|
# Return the object only if it has been modified since the specified
|
396
|
-
# time
|
427
|
+
# time; otherwise, return a 304 (not modified) error.
|
397
428
|
# @option options [String] :if_none_match
|
398
429
|
# Return the object only if its entity tag (ETag) is different from the
|
399
|
-
# one specified
|
430
|
+
# one specified; otherwise, return a 304 (not modified) error.
|
400
431
|
# @option options [Time,DateTime,Date,Integer,String] :if_unmodified_since
|
401
432
|
# Return the object only if it has not been modified since the specified
|
402
|
-
# time
|
433
|
+
# time; otherwise, return a 412 (precondition failed) error.
|
403
434
|
# @option options [String] :range
|
404
|
-
#
|
405
|
-
#
|
406
|
-
#
|
407
|
-
#
|
408
|
-
# <note markdown="1"> Amazon S3 doesn't support retrieving multiple ranges of data per
|
409
|
-
# `GET` request.
|
410
|
-
#
|
411
|
-
# </note>
|
412
|
-
#
|
413
|
-
#
|
414
|
-
#
|
415
|
-
# [1]: http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.35
|
435
|
+
# HeadObject returns only the metadata for an object. If the Range is
|
436
|
+
# satisfiable, only the `ContentLength` is affected in the response. If
|
437
|
+
# the Range is not satisfiable, S3 returns a `416 - Requested Range Not
|
438
|
+
# Satisfiable` error.
|
416
439
|
# @option options [String] :sse_customer_algorithm
|
417
440
|
# Specifies the algorithm to use to when encrypting the object (for
|
418
441
|
# example, AES256).
|
@@ -429,8 +452,8 @@ module Aws::S3
|
|
429
452
|
# @option options [String] :request_payer
|
430
453
|
# Confirms that the requester knows that they will be charged for the
|
431
454
|
# request. Bucket owners need not specify this parameter in their
|
432
|
-
# requests. For information about downloading objects from
|
433
|
-
#
|
455
|
+
# requests. For information about downloading objects from Requester
|
456
|
+
# Pays buckets, see [Downloading Objects in Requester Pays Buckets][1]
|
434
457
|
# in the *Amazon S3 User Guide*.
|
435
458
|
#
|
436
459
|
#
|
@@ -443,8 +466,15 @@ module Aws::S3
|
|
443
466
|
# the number of parts in this object.
|
444
467
|
# @option options [String] :expected_bucket_owner
|
445
468
|
# The account ID of the expected bucket owner. If the bucket is owned by
|
446
|
-
# a different account, the request
|
447
|
-
#
|
469
|
+
# a different account, the request fails with the HTTP status code `403
|
470
|
+
# Forbidden` (access denied).
|
471
|
+
# @option options [String] :checksum_mode
|
472
|
+
# To retrieve the checksum, this parameter must be enabled.
|
473
|
+
#
|
474
|
+
# In addition, if you enable `ChecksumMode` and the object is encrypted
|
475
|
+
# with Amazon Web Services Key Management Service (Amazon Web Services
|
476
|
+
# KMS), you must have permission to use the `kms:Decrypt` action for the
|
477
|
+
# request to succeed.
|
448
478
|
# @return [Types::HeadObjectOutput]
|
449
479
|
def head(options = {})
|
450
480
|
options = options.merge(
|
@@ -452,7 +482,9 @@ module Aws::S3
|
|
452
482
|
key: @object_key,
|
453
483
|
version_id: @id
|
454
484
|
)
|
455
|
-
resp =
|
485
|
+
resp = Aws::Plugins::UserAgent.feature('resource') do
|
486
|
+
@client.head_object(options)
|
487
|
+
end
|
456
488
|
resp.data
|
457
489
|
end
|
458
490
|
|
@@ -524,6 +556,7 @@ module Aws::S3
|
|
524
556
|
# request_payer: "requester", # accepts requester
|
525
557
|
# bypass_governance_retention: false,
|
526
558
|
# expected_bucket_owner: "AccountId",
|
559
|
+
# checksum_algorithm: "CRC32", # accepts CRC32, CRC32C, SHA1, SHA256
|
527
560
|
# })
|
528
561
|
# @param options ({})
|
529
562
|
# @option options [String] :mfa
|
@@ -534,8 +567,8 @@ module Aws::S3
|
|
534
567
|
# @option options [String] :request_payer
|
535
568
|
# Confirms that the requester knows that they will be charged for the
|
536
569
|
# request. Bucket owners need not specify this parameter in their
|
537
|
-
# requests. For information about downloading objects from
|
538
|
-
#
|
570
|
+
# requests. For information about downloading objects from Requester
|
571
|
+
# Pays buckets, see [Downloading Objects in Requester Pays Buckets][1]
|
539
572
|
# in the *Amazon S3 User Guide*.
|
540
573
|
#
|
541
574
|
#
|
@@ -543,12 +576,30 @@ module Aws::S3
|
|
543
576
|
# [1]: https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectsinRequesterPaysBuckets.html
|
544
577
|
# @option options [Boolean] :bypass_governance_retention
|
545
578
|
# Specifies whether you want to delete this object even if it has a
|
546
|
-
# Governance-type Object Lock in place.
|
547
|
-
#
|
579
|
+
# Governance-type Object Lock in place. To use this header, you must
|
580
|
+
# have the `s3:BypassGovernanceRetention` permission.
|
548
581
|
# @option options [String] :expected_bucket_owner
|
549
582
|
# The account ID of the expected bucket owner. If the bucket is owned by
|
550
|
-
# a different account, the request
|
551
|
-
#
|
583
|
+
# a different account, the request fails with the HTTP status code `403
|
584
|
+
# Forbidden` (access denied).
|
585
|
+
# @option options [String] :checksum_algorithm
|
586
|
+
# Indicates the algorithm used to create the checksum for the object
|
587
|
+
# when using the SDK. This header will not provide any additional
|
588
|
+
# functionality if not using the SDK. When sending this header, there
|
589
|
+
# must be a corresponding `x-amz-checksum` or `x-amz-trailer` header
|
590
|
+
# sent. Otherwise, Amazon S3 fails the request with the HTTP status code
|
591
|
+
# `400 Bad Request`. For more information, see [Checking object
|
592
|
+
# integrity][1] in the *Amazon S3 User Guide*.
|
593
|
+
#
|
594
|
+
# If you provide an individual checksum, Amazon S3 ignores any provided
|
595
|
+
# `ChecksumAlgorithm` parameter.
|
596
|
+
#
|
597
|
+
# This checksum algorithm must be the same for all parts and it match
|
598
|
+
# the checksum value supplied in the `CreateMultipartUpload` request.
|
599
|
+
#
|
600
|
+
#
|
601
|
+
#
|
602
|
+
# [1]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/checking-object-integrity.html
|
552
603
|
# @return [void]
|
553
604
|
def batch_delete!(options = {})
|
554
605
|
batch_enum.each do |batch|
|
@@ -562,7 +613,9 @@ module Aws::S3
|
|
562
613
|
version_id: item.id
|
563
614
|
}
|
564
615
|
end
|
565
|
-
|
616
|
+
Aws::Plugins::UserAgent.feature('resource') do
|
617
|
+
batch[0].client.delete_objects(params)
|
618
|
+
end
|
566
619
|
end
|
567
620
|
nil
|
568
621
|
end
|
@@ -23,67 +23,26 @@ each bucket. [Go here for more information](http://docs.aws.amazon.com/AmazonS3/
|
|
23
23
|
operations = config.api.operation_names - [
|
24
24
|
:create_bucket, :list_buckets, :delete_bucket
|
25
25
|
]
|
26
|
-
# Need 2 handlers so that the context can be set for other plugins
|
27
|
-
# and to remove :use_accelerate_endpoint from the params.
|
28
26
|
handlers.add(
|
29
27
|
OptionHandler, step: :initialize, operations: operations
|
30
28
|
)
|
31
|
-
handlers.add(
|
32
|
-
AccelerateHandler, step: :build, priority: 11, operations: operations
|
33
|
-
)
|
34
29
|
end
|
35
30
|
|
36
31
|
# @api private
|
37
32
|
class OptionHandler < Seahorse::Client::Handler
|
38
33
|
def call(context)
|
39
34
|
# Support client configuration and per-operation configuration
|
35
|
+
# TODO: move this to an options hash and warn here.
|
40
36
|
if context.params.is_a?(Hash)
|
41
37
|
accelerate = context.params.delete(:use_accelerate_endpoint)
|
42
38
|
end
|
43
|
-
|
44
|
-
|
45
|
-
if accelerate && !context.config.regional_endpoint
|
46
|
-
raise ArgumentError,
|
47
|
-
'Cannot use both :use_accelerate_endpoint and :endpoint'
|
39
|
+
if accelerate.nil?
|
40
|
+
accelerate = context.config.use_accelerate_endpoint
|
48
41
|
end
|
49
42
|
context[:use_accelerate_endpoint] = accelerate
|
50
43
|
@handler.call(context)
|
51
44
|
end
|
52
45
|
end
|
53
|
-
|
54
|
-
# @api private
|
55
|
-
class AccelerateHandler < Seahorse::Client::Handler
|
56
|
-
def call(context)
|
57
|
-
if context.config.regional_endpoint && context[:use_accelerate_endpoint]
|
58
|
-
dualstack = !!context[:use_dualstack_endpoint]
|
59
|
-
use_accelerate_endpoint(context, dualstack)
|
60
|
-
end
|
61
|
-
@handler.call(context)
|
62
|
-
end
|
63
|
-
|
64
|
-
private
|
65
|
-
|
66
|
-
def use_accelerate_endpoint(context, dualstack)
|
67
|
-
bucket_name = context.params[:bucket]
|
68
|
-
validate_bucket_name!(bucket_name)
|
69
|
-
endpoint = URI.parse(context.http_request.endpoint.to_s)
|
70
|
-
endpoint.scheme = 'https'
|
71
|
-
endpoint.port = 443
|
72
|
-
endpoint.host = "#{bucket_name}.s3-accelerate"\
|
73
|
-
"#{'.dualstack' if dualstack}.amazonaws.com"
|
74
|
-
context.http_request.endpoint = endpoint.to_s
|
75
|
-
# s3 accelerate endpoint doesn't work with 'expect' header
|
76
|
-
context.http_request.headers.delete('expect')
|
77
|
-
end
|
78
|
-
|
79
|
-
def validate_bucket_name!(bucket_name)
|
80
|
-
unless BucketDns.dns_compatible?(bucket_name, _ssl = true)
|
81
|
-
raise ArgumentError,
|
82
|
-
'Unable to use `use_accelerate_endpoint: true` on buckets '\
|
83
|
-
'with non-DNS compatible names.'
|
84
|
-
end
|
85
|
-
end
|
86
|
-
end
|
87
46
|
end
|
88
47
|
end
|
89
48
|
end
|
@@ -1,9 +1,5 @@
|
|
1
1
|
# frozen_string_literal: true
|
2
2
|
|
3
|
-
require_relative '../arn/access_point_arn'
|
4
|
-
require_relative '../arn/object_lambda_arn'
|
5
|
-
require_relative '../arn/outpost_access_point_arn'
|
6
|
-
|
7
3
|
module Aws
|
8
4
|
module S3
|
9
5
|
module Plugins
|
@@ -23,142 +19,21 @@ be made. Set to `false` to use the client's region instead.
|
|
23
19
|
resolve_s3_use_arn_region(cfg)
|
24
20
|
end
|
25
21
|
|
26
|
-
|
27
|
-
|
28
|
-
|
29
|
-
|
30
|
-
|
31
|
-
|
32
|
-
|
33
|
-
|
34
|
-
|
35
|
-
|
36
|
-
def call(context)
|
37
|
-
if context.metadata[:s3_arn]
|
38
|
-
ARN.resolve_url!(
|
39
|
-
context.http_request.endpoint,
|
40
|
-
context.metadata[:s3_arn][:arn],
|
41
|
-
context.metadata[:s3_arn][:resolved_region],
|
42
|
-
context.metadata[:s3_arn][:fips],
|
43
|
-
context.metadata[:s3_arn][:dualstack],
|
44
|
-
# if regional_endpoint is false, a custom endpoint was provided
|
45
|
-
# in this case, we want to prefix the endpoint using the ARN
|
46
|
-
!context.config.regional_endpoint
|
47
|
-
)
|
48
|
-
end
|
49
|
-
@handler.call(context)
|
50
|
-
end
|
51
|
-
end
|
52
|
-
|
53
|
-
# This plugin will extract out any ARN input and set context for other
|
54
|
-
# plugins to use without having to translate the ARN again.
|
55
|
-
class ARNHandler < Seahorse::Client::Handler
|
56
|
-
def call(context)
|
57
|
-
bucket_member = _bucket_member(context.operation.input.shape)
|
58
|
-
if bucket_member && (bucket = context.params[bucket_member])
|
59
|
-
resolved_region, arn = ARN.resolve_arn!(
|
60
|
-
bucket,
|
61
|
-
context.config.region,
|
62
|
-
context.config.s3_use_arn_region
|
63
|
-
)
|
64
|
-
if arn
|
65
|
-
validate_config!(context, arn)
|
66
|
-
|
67
|
-
fips = false
|
68
|
-
if resolved_region.include?('fips')
|
69
|
-
fips = true
|
70
|
-
resolved_region = resolved_region.gsub('fips-', '')
|
71
|
-
.gsub('-fips', '')
|
72
|
-
end
|
73
|
-
|
74
|
-
context.metadata[:s3_arn] = {
|
75
|
-
arn: arn,
|
76
|
-
resolved_region: resolved_region,
|
77
|
-
fips: fips,
|
78
|
-
dualstack: extract_dualstack_config!(context)
|
79
|
-
}
|
80
|
-
end
|
81
|
-
end
|
82
|
-
@handler.call(context)
|
83
|
-
end
|
84
|
-
|
85
|
-
private
|
86
|
-
|
87
|
-
def _bucket_member(input)
|
88
|
-
input.members.each do |member, ref|
|
89
|
-
return member if ref.shape.name == 'BucketName'
|
90
|
-
end
|
91
|
-
nil
|
92
|
-
end
|
93
|
-
|
94
|
-
# other plugins use dualstack so disable it when we're done
|
95
|
-
def extract_dualstack_config!(context)
|
96
|
-
dualstack = context[:use_dualstack_endpoint]
|
97
|
-
context[:use_dualstack_endpoint] = false if dualstack
|
98
|
-
dualstack
|
99
|
-
end
|
100
|
-
|
101
|
-
def validate_config!(context, arn)
|
102
|
-
if context.config.force_path_style
|
103
|
-
raise ArgumentError,
|
104
|
-
'Cannot provide an Access Point ARN when '\
|
105
|
-
'`:force_path_style` is set to true.'
|
106
|
-
end
|
107
|
-
|
108
|
-
if context.config.use_accelerate_endpoint
|
109
|
-
raise ArgumentError,
|
110
|
-
'Cannot provide an Access Point ARN when '\
|
111
|
-
'`:use_accelerate_endpoint` is set to true.'
|
112
|
-
end
|
113
|
-
|
114
|
-
if !arn.support_dualstack? && context[:use_dualstack_endpoint]
|
115
|
-
raise ArgumentError,
|
116
|
-
'Cannot provide an Outpost Access Point ARN when '\
|
117
|
-
'`:use_dualstack_endpoint` is set to true.'
|
118
|
-
end
|
119
|
-
end
|
22
|
+
option(
|
23
|
+
:s3_disable_multiregion_access_points,
|
24
|
+
default: false,
|
25
|
+
doc_type: 'Boolean',
|
26
|
+
docstring: <<-DOCS) do |cfg|
|
27
|
+
When set to `false` this will option will raise errors when multi-region
|
28
|
+
access point ARNs are used. Multi-region access points can potentially
|
29
|
+
result in cross region requests.
|
30
|
+
DOCS
|
31
|
+
resolve_s3_disable_multiregion_access_points(cfg)
|
120
32
|
end
|
121
33
|
|
122
34
|
class << self
|
123
|
-
# @api private
|
124
|
-
def resolve_arn!(member_value, region, use_arn_region)
|
125
|
-
if Aws::ARNParser.arn?(member_value)
|
126
|
-
arn = Aws::ARNParser.parse(member_value)
|
127
|
-
s3_arn = resolve_arn_type!(arn)
|
128
|
-
s3_arn.validate_arn!
|
129
|
-
validate_region_config!(s3_arn, region, use_arn_region)
|
130
|
-
region = s3_arn.region if use_arn_region && !region.include?('fips')
|
131
|
-
[region, s3_arn]
|
132
|
-
else
|
133
|
-
[region]
|
134
|
-
end
|
135
|
-
end
|
136
|
-
|
137
|
-
# @api private
|
138
|
-
def resolve_url!(url, arn, region, fips = false, dualstack = false, has_custom_endpoint = false)
|
139
|
-
custom_endpoint = url.host if has_custom_endpoint
|
140
|
-
url.host = arn.host_url(region, fips, dualstack, custom_endpoint)
|
141
|
-
url.path = url_path(url.path, arn)
|
142
|
-
url
|
143
|
-
end
|
144
|
-
|
145
35
|
private
|
146
36
|
|
147
|
-
def resolve_arn_type!(arn)
|
148
|
-
case arn.service
|
149
|
-
when 's3'
|
150
|
-
Aws::S3::AccessPointARN.new(arn.to_h)
|
151
|
-
when 's3-outposts'
|
152
|
-
Aws::S3::OutpostAccessPointARN.new(arn.to_h)
|
153
|
-
when 's3-object-lambda'
|
154
|
-
Aws::S3::ObjectLambdaARN.new(arn.to_h)
|
155
|
-
else
|
156
|
-
raise ArgumentError,
|
157
|
-
'Only Access Point, Outposts, and Object Lambdas ARNs '\
|
158
|
-
'are currently supported.'
|
159
|
-
end
|
160
|
-
end
|
161
|
-
|
162
37
|
def resolve_s3_use_arn_region(cfg)
|
163
38
|
value = ENV['AWS_S3_USE_ARN_REGION'] ||
|
164
39
|
Aws.shared_config.s3_use_arn_region(profile: cfg.profile) ||
|
@@ -174,52 +49,19 @@ be made. Set to `false` to use the client's region instead.
|
|
174
49
|
value
|
175
50
|
end
|
176
51
|
|
177
|
-
|
178
|
-
|
179
|
-
|
180
|
-
|
181
|
-
|
182
|
-
|
183
|
-
|
184
|
-
|
185
|
-
|
186
|
-
|
187
|
-
|
188
|
-
unless use_arn_region
|
189
|
-
raise Aws::Errors::InvalidARNRegionError,
|
190
|
-
'Configured client region is not a regional endpoint.'
|
191
|
-
end
|
192
|
-
# These "regions" are in the AWS partition
|
193
|
-
# Cannot use ARN region unless it's the same partition
|
194
|
-
unless arn.partition == 'aws'
|
195
|
-
raise Aws::Errors::InvalidARNPartitionError
|
196
|
-
end
|
197
|
-
else
|
198
|
-
if region.include?('fips')
|
199
|
-
# If ARN type doesn't support FIPS but the client region is FIPS
|
200
|
-
unless arn.support_fips?
|
201
|
-
raise ArgumentError,
|
202
|
-
'FIPS client regions are not supported for this type '\
|
203
|
-
'of ARN.'
|
204
|
-
end
|
205
|
-
|
206
|
-
fips = true
|
207
|
-
# Normalize the region so we can compare partition and regions
|
208
|
-
region = region.gsub('fips-', '').gsub('-fips', '')
|
209
|
-
end
|
210
|
-
|
211
|
-
# Raise if the ARN and client regions are in different partitions
|
212
|
-
if use_arn_region &&
|
213
|
-
!Aws::Partitions.partition(arn.partition).region?(region)
|
214
|
-
raise Aws::Errors::InvalidARNPartitionError
|
215
|
-
end
|
216
|
-
|
217
|
-
# Raise if regions mismatch
|
218
|
-
# Either when it's a fips client or not using the ARN region
|
219
|
-
if (!use_arn_region || fips) && region != arn.region
|
220
|
-
raise Aws::Errors::InvalidARNRegionError
|
221
|
-
end
|
52
|
+
def resolve_s3_disable_multiregion_access_points(cfg)
|
53
|
+
value = ENV['AWS_S3_DISABLE_MULTIREGION_ACCESS_POINTS'] ||
|
54
|
+
Aws.shared_config.s3_disable_multiregion_access_points(profile: cfg.profile) ||
|
55
|
+
'false'
|
56
|
+
value = Aws::Util.str_2_bool(value)
|
57
|
+
# Raise if provided value is not true or false
|
58
|
+
if value.nil?
|
59
|
+
raise ArgumentError,
|
60
|
+
'Must provide either `true` or `false` for '\
|
61
|
+
's3_use_arn_region profile option or for '\
|
62
|
+
"ENV['AWS_S3_USE_ARN_REGION']"
|
222
63
|
end
|
64
|
+
value
|
223
65
|
end
|
224
66
|
end
|
225
67
|
end
|
@@ -23,45 +23,10 @@ When set to `true`, the bucket name is always left in the
|
|
23
23
|
request URI and never moved to the host as a sub-domain.
|
24
24
|
DOCS
|
25
25
|
|
26
|
-
|
27
|
-
|
28
|
-
|
29
|
-
|
30
|
-
# @api private
|
31
|
-
class Handler < Seahorse::Client::Handler
|
32
|
-
|
33
|
-
def call(context)
|
34
|
-
move_dns_compat_bucket_to_subdomain(context)
|
35
|
-
@handler.call(context)
|
36
|
-
end
|
37
|
-
|
38
|
-
private
|
39
|
-
|
40
|
-
def move_dns_compat_bucket_to_subdomain(context)
|
41
|
-
bucket_name = context.params[:bucket]
|
42
|
-
endpoint = context.http_request.endpoint
|
43
|
-
if bucket_name &&
|
44
|
-
BucketDns.dns_compatible?(bucket_name, https?(endpoint)) &&
|
45
|
-
context.operation_name.to_s != 'get_bucket_location'
|
46
|
-
move_bucket_to_subdomain(bucket_name, endpoint)
|
47
|
-
end
|
48
|
-
end
|
49
|
-
|
50
|
-
def move_bucket_to_subdomain(bucket_name, endpoint)
|
51
|
-
endpoint.host = "#{bucket_name}.#{endpoint.host}"
|
52
|
-
path = endpoint.path.sub("/#{bucket_name}", '')
|
53
|
-
path = "/#{path}" unless path.match(/^\//)
|
54
|
-
endpoint.path = path
|
55
|
-
end
|
56
|
-
|
57
|
-
def https?(uri)
|
58
|
-
uri.scheme == 'https'
|
59
|
-
end
|
60
|
-
|
61
|
-
end
|
62
|
-
|
26
|
+
# These class methods were originally used in a handler in this plugin.
|
27
|
+
# SigV2 legacy signer needs this logic so we keep it here as utility.
|
28
|
+
# New endpoint resolution will check this as a matcher.
|
63
29
|
class << self
|
64
|
-
|
65
30
|
# @param [String] bucket_name
|
66
31
|
# @param [Boolean] ssl
|
67
32
|
# @return [Boolean]
|
@@ -81,7 +46,6 @@ request URI and never moved to the host as a sub-domain.
|
|
81
46
|
bucket_name !~ /(\d+\.){3}\d+/ &&
|
82
47
|
bucket_name !~ /[.-]{2}/
|
83
48
|
end
|
84
|
-
|
85
49
|
end
|
86
50
|
end
|
87
51
|
end
|
@@ -13,12 +13,7 @@ module Aws
|
|
13
13
|
def call(context)
|
14
14
|
bucket_member = _bucket_member(context.operation.input.shape)
|
15
15
|
if bucket_member && (bucket = context.params[bucket_member])
|
16
|
-
|
17
|
-
bucket,
|
18
|
-
context.config.region,
|
19
|
-
context.config.s3_use_arn_region
|
20
|
-
)
|
21
|
-
if !arn && bucket.include?('/')
|
16
|
+
if !Aws::ARNParser.arn?(bucket) && bucket.include?('/')
|
22
17
|
raise ArgumentError,
|
23
18
|
'bucket name must not contain a forward-slash (/)'
|
24
19
|
end
|