aws-sdk-s3 1.96.2 → 1.132.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (66) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +256 -0
  3. data/VERSION +1 -1
  4. data/lib/aws-sdk-s3/bucket.rb +226 -76
  5. data/lib/aws-sdk-s3/bucket_acl.rb +30 -7
  6. data/lib/aws-sdk-s3/bucket_cors.rb +35 -10
  7. data/lib/aws-sdk-s3/bucket_lifecycle.rb +39 -12
  8. data/lib/aws-sdk-s3/bucket_lifecycle_configuration.rb +40 -10
  9. data/lib/aws-sdk-s3/bucket_logging.rb +30 -7
  10. data/lib/aws-sdk-s3/bucket_notification.rb +28 -10
  11. data/lib/aws-sdk-s3/bucket_policy.rb +35 -10
  12. data/lib/aws-sdk-s3/bucket_request_payment.rb +30 -7
  13. data/lib/aws-sdk-s3/bucket_tagging.rb +35 -10
  14. data/lib/aws-sdk-s3/bucket_versioning.rb +78 -17
  15. data/lib/aws-sdk-s3/bucket_website.rb +35 -10
  16. data/lib/aws-sdk-s3/client.rb +3854 -2120
  17. data/lib/aws-sdk-s3/client_api.rb +601 -208
  18. data/lib/aws-sdk-s3/customizations/bucket.rb +23 -47
  19. data/lib/aws-sdk-s3/customizations/errors.rb +27 -0
  20. data/lib/aws-sdk-s3/customizations/object.rb +130 -24
  21. data/lib/aws-sdk-s3/customizations/types/permanent_redirect.rb +26 -0
  22. data/lib/aws-sdk-s3/customizations.rb +2 -0
  23. data/lib/aws-sdk-s3/encryption/client.rb +7 -3
  24. data/lib/aws-sdk-s3/encryption/decrypt_handler.rb +0 -4
  25. data/lib/aws-sdk-s3/encryption/kms_cipher_provider.rb +13 -9
  26. data/lib/aws-sdk-s3/encryptionV2/client.rb +7 -3
  27. data/lib/aws-sdk-s3/encryptionV2/decrypt_handler.rb +1 -4
  28. data/lib/aws-sdk-s3/encryptionV2/encrypt_handler.rb +0 -4
  29. data/lib/aws-sdk-s3/encryptionV2/kms_cipher_provider.rb +10 -6
  30. data/lib/aws-sdk-s3/endpoint_parameters.rb +146 -0
  31. data/lib/aws-sdk-s3/endpoint_provider.rb +509 -0
  32. data/lib/aws-sdk-s3/endpoints.rb +2150 -0
  33. data/lib/aws-sdk-s3/file_downloader.rb +57 -27
  34. data/lib/aws-sdk-s3/file_uploader.rb +12 -5
  35. data/lib/aws-sdk-s3/multipart_file_uploader.rb +26 -7
  36. data/lib/aws-sdk-s3/multipart_stream_uploader.rb +41 -13
  37. data/lib/aws-sdk-s3/multipart_upload.rb +138 -16
  38. data/lib/aws-sdk-s3/multipart_upload_part.rb +144 -18
  39. data/lib/aws-sdk-s3/object.rb +364 -160
  40. data/lib/aws-sdk-s3/object_acl.rb +32 -9
  41. data/lib/aws-sdk-s3/object_copier.rb +7 -5
  42. data/lib/aws-sdk-s3/object_multipart_copier.rb +41 -19
  43. data/lib/aws-sdk-s3/object_summary.rb +291 -123
  44. data/lib/aws-sdk-s3/object_version.rb +99 -46
  45. data/lib/aws-sdk-s3/plugins/accelerate.rb +3 -44
  46. data/lib/aws-sdk-s3/plugins/arn.rb +22 -180
  47. data/lib/aws-sdk-s3/plugins/bucket_dns.rb +3 -39
  48. data/lib/aws-sdk-s3/plugins/bucket_name_restrictions.rb +1 -6
  49. data/lib/aws-sdk-s3/plugins/dualstack.rb +1 -55
  50. data/lib/aws-sdk-s3/plugins/endpoints.rb +262 -0
  51. data/lib/aws-sdk-s3/plugins/expect_100_continue.rb +2 -1
  52. data/lib/aws-sdk-s3/plugins/iad_regional_endpoint.rb +6 -29
  53. data/lib/aws-sdk-s3/plugins/md5s.rb +5 -3
  54. data/lib/aws-sdk-s3/plugins/s3_signer.rb +35 -100
  55. data/lib/aws-sdk-s3/plugins/skip_whole_multipart_get_checksums.rb +31 -0
  56. data/lib/aws-sdk-s3/plugins/streaming_retry.rb +23 -2
  57. data/lib/aws-sdk-s3/presigned_post.rb +99 -78
  58. data/lib/aws-sdk-s3/presigner.rb +24 -29
  59. data/lib/aws-sdk-s3/resource.rb +25 -3
  60. data/lib/aws-sdk-s3/types.rb +3307 -4625
  61. data/lib/aws-sdk-s3.rb +5 -1
  62. metadata +14 -11
  63. data/lib/aws-sdk-s3/arn/access_point_arn.rb +0 -69
  64. data/lib/aws-sdk-s3/arn/object_lambda_arn.rb +0 -69
  65. data/lib/aws-sdk-s3/arn/outpost_access_point_arn.rb +0 -73
  66. data/lib/aws-sdk-s3/plugins/object_lambda_endpoint.rb +0 -25
@@ -5,18 +5,8 @@ module Aws
5
5
  module Plugins
6
6
  # @api private
7
7
  class Dualstack < Seahorse::Client::Plugin
8
-
9
- option(:use_dualstack_endpoint,
10
- default: false,
11
- doc_type: 'Boolean',
12
- docstring: <<-DOCS)
13
- When set to `true`, IPv6-compatible bucket endpoints will be used
14
- for all operations.
15
- DOCS
16
-
17
- def add_handlers(handlers, config)
8
+ def add_handlers(handlers, _config)
18
9
  handlers.add(OptionHandler, step: :initialize)
19
- handlers.add(DualstackHandler, step: :build, priority: 11)
20
10
  end
21
11
 
22
12
  # @api private
@@ -27,54 +17,10 @@ for all operations.
27
17
  dualstack = context.params.delete(:use_dualstack_endpoint)
28
18
  end
29
19
  dualstack = context.config.use_dualstack_endpoint if dualstack.nil?
30
- # Raise if :endpoint and dualstack are both provided
31
- if dualstack && !context.config.regional_endpoint
32
- raise ArgumentError,
33
- 'Cannot use both :use_dualstack_endpoint and :endpoint'
34
- end
35
20
  context[:use_dualstack_endpoint] = dualstack
36
21
  @handler.call(context)
37
22
  end
38
23
  end
39
-
40
- # @api private
41
- class DualstackHandler < Seahorse::Client::Handler
42
- def call(context)
43
- if context.config.regional_endpoint && use_dualstack_endpoint?(context)
44
- apply_dualstack_endpoint(context)
45
- end
46
- @handler.call(context)
47
- end
48
-
49
- private
50
- def apply_dualstack_endpoint(context)
51
- bucket_name = context.params[:bucket]
52
- region = context.config.region
53
- dns_suffix = Aws::Partitions::EndpointProvider.dns_suffix_for(region)
54
-
55
- if use_bucket_dns?(bucket_name, context)
56
- host = "#{bucket_name}.s3.dualstack.#{region}.#{dns_suffix}"
57
- else
58
- host = "s3.dualstack.#{region}.#{dns_suffix}"
59
- end
60
- endpoint = URI.parse(context.http_request.endpoint.to_s)
61
- endpoint.scheme = context.http_request.endpoint.scheme
62
- endpoint.port = context.http_request.endpoint.port
63
- endpoint.host = host
64
- context.http_request.endpoint = endpoint.to_s
65
- end
66
-
67
- def use_bucket_dns?(bucket_name, context)
68
- ssl = context.http_request.endpoint.scheme == "https"
69
- bucket_name && BucketDns.dns_compatible?(bucket_name, ssl) &&
70
- !context.config.force_path_style
71
- end
72
-
73
- def use_dualstack_endpoint?(context)
74
- context[:use_dualstack_endpoint] && !context[:use_accelerate_endpoint]
75
- end
76
- end
77
-
78
24
  end
79
25
  end
80
26
  end
@@ -0,0 +1,262 @@
1
+ # frozen_string_literal: true
2
+
3
+ # WARNING ABOUT GENERATED CODE
4
+ #
5
+ # This file is generated. See the contributing guide for more information:
6
+ # https://github.com/aws/aws-sdk-ruby/blob/version-3/CONTRIBUTING.md
7
+ #
8
+ # WARNING ABOUT GENERATED CODE
9
+
10
+
11
+ module Aws::S3
12
+ module Plugins
13
+ class Endpoints < Seahorse::Client::Plugin
14
+ option(
15
+ :endpoint_provider,
16
+ doc_type: 'Aws::S3::EndpointProvider',
17
+ docstring: 'The endpoint provider used to resolve endpoints. Any '\
18
+ 'object that responds to `#resolve_endpoint(parameters)` '\
19
+ 'where `parameters` is a Struct similar to '\
20
+ '`Aws::S3::EndpointParameters`'
21
+ ) do |cfg|
22
+ Aws::S3::EndpointProvider.new
23
+ end
24
+
25
+ # @api private
26
+ class Handler < Seahorse::Client::Handler
27
+ def call(context)
28
+ # If endpoint was discovered, do not resolve or apply the endpoint.
29
+ unless context[:discovered_endpoint]
30
+ params = parameters_for_operation(context)
31
+ endpoint = context.config.endpoint_provider.resolve_endpoint(params)
32
+
33
+ context.http_request.endpoint = endpoint.url
34
+ apply_endpoint_headers(context, endpoint.headers)
35
+ end
36
+
37
+ context[:endpoint_params] = params
38
+ context[:auth_scheme] =
39
+ Aws::Endpoints.resolve_auth_scheme(context, endpoint)
40
+
41
+ @handler.call(context)
42
+ end
43
+
44
+ private
45
+
46
+ def apply_endpoint_headers(context, headers)
47
+ headers.each do |key, values|
48
+ value = values
49
+ .compact
50
+ .map { |s| Seahorse::Util.escape_header_list_string(s.to_s) }
51
+ .join(',')
52
+
53
+ context.http_request.headers[key] = value
54
+ end
55
+ end
56
+
57
+ def parameters_for_operation(context)
58
+ case context.operation_name
59
+ when :abort_multipart_upload
60
+ Aws::S3::Endpoints::AbortMultipartUpload.build(context)
61
+ when :complete_multipart_upload
62
+ Aws::S3::Endpoints::CompleteMultipartUpload.build(context)
63
+ when :copy_object
64
+ Aws::S3::Endpoints::CopyObject.build(context)
65
+ when :create_bucket
66
+ Aws::S3::Endpoints::CreateBucket.build(context)
67
+ when :create_multipart_upload
68
+ Aws::S3::Endpoints::CreateMultipartUpload.build(context)
69
+ when :delete_bucket
70
+ Aws::S3::Endpoints::DeleteBucket.build(context)
71
+ when :delete_bucket_analytics_configuration
72
+ Aws::S3::Endpoints::DeleteBucketAnalyticsConfiguration.build(context)
73
+ when :delete_bucket_cors
74
+ Aws::S3::Endpoints::DeleteBucketCors.build(context)
75
+ when :delete_bucket_encryption
76
+ Aws::S3::Endpoints::DeleteBucketEncryption.build(context)
77
+ when :delete_bucket_intelligent_tiering_configuration
78
+ Aws::S3::Endpoints::DeleteBucketIntelligentTieringConfiguration.build(context)
79
+ when :delete_bucket_inventory_configuration
80
+ Aws::S3::Endpoints::DeleteBucketInventoryConfiguration.build(context)
81
+ when :delete_bucket_lifecycle
82
+ Aws::S3::Endpoints::DeleteBucketLifecycle.build(context)
83
+ when :delete_bucket_metrics_configuration
84
+ Aws::S3::Endpoints::DeleteBucketMetricsConfiguration.build(context)
85
+ when :delete_bucket_ownership_controls
86
+ Aws::S3::Endpoints::DeleteBucketOwnershipControls.build(context)
87
+ when :delete_bucket_policy
88
+ Aws::S3::Endpoints::DeleteBucketPolicy.build(context)
89
+ when :delete_bucket_replication
90
+ Aws::S3::Endpoints::DeleteBucketReplication.build(context)
91
+ when :delete_bucket_tagging
92
+ Aws::S3::Endpoints::DeleteBucketTagging.build(context)
93
+ when :delete_bucket_website
94
+ Aws::S3::Endpoints::DeleteBucketWebsite.build(context)
95
+ when :delete_object
96
+ Aws::S3::Endpoints::DeleteObject.build(context)
97
+ when :delete_object_tagging
98
+ Aws::S3::Endpoints::DeleteObjectTagging.build(context)
99
+ when :delete_objects
100
+ Aws::S3::Endpoints::DeleteObjects.build(context)
101
+ when :delete_public_access_block
102
+ Aws::S3::Endpoints::DeletePublicAccessBlock.build(context)
103
+ when :get_bucket_accelerate_configuration
104
+ Aws::S3::Endpoints::GetBucketAccelerateConfiguration.build(context)
105
+ when :get_bucket_acl
106
+ Aws::S3::Endpoints::GetBucketAcl.build(context)
107
+ when :get_bucket_analytics_configuration
108
+ Aws::S3::Endpoints::GetBucketAnalyticsConfiguration.build(context)
109
+ when :get_bucket_cors
110
+ Aws::S3::Endpoints::GetBucketCors.build(context)
111
+ when :get_bucket_encryption
112
+ Aws::S3::Endpoints::GetBucketEncryption.build(context)
113
+ when :get_bucket_intelligent_tiering_configuration
114
+ Aws::S3::Endpoints::GetBucketIntelligentTieringConfiguration.build(context)
115
+ when :get_bucket_inventory_configuration
116
+ Aws::S3::Endpoints::GetBucketInventoryConfiguration.build(context)
117
+ when :get_bucket_lifecycle
118
+ Aws::S3::Endpoints::GetBucketLifecycle.build(context)
119
+ when :get_bucket_lifecycle_configuration
120
+ Aws::S3::Endpoints::GetBucketLifecycleConfiguration.build(context)
121
+ when :get_bucket_location
122
+ Aws::S3::Endpoints::GetBucketLocation.build(context)
123
+ when :get_bucket_logging
124
+ Aws::S3::Endpoints::GetBucketLogging.build(context)
125
+ when :get_bucket_metrics_configuration
126
+ Aws::S3::Endpoints::GetBucketMetricsConfiguration.build(context)
127
+ when :get_bucket_notification
128
+ Aws::S3::Endpoints::GetBucketNotification.build(context)
129
+ when :get_bucket_notification_configuration
130
+ Aws::S3::Endpoints::GetBucketNotificationConfiguration.build(context)
131
+ when :get_bucket_ownership_controls
132
+ Aws::S3::Endpoints::GetBucketOwnershipControls.build(context)
133
+ when :get_bucket_policy
134
+ Aws::S3::Endpoints::GetBucketPolicy.build(context)
135
+ when :get_bucket_policy_status
136
+ Aws::S3::Endpoints::GetBucketPolicyStatus.build(context)
137
+ when :get_bucket_replication
138
+ Aws::S3::Endpoints::GetBucketReplication.build(context)
139
+ when :get_bucket_request_payment
140
+ Aws::S3::Endpoints::GetBucketRequestPayment.build(context)
141
+ when :get_bucket_tagging
142
+ Aws::S3::Endpoints::GetBucketTagging.build(context)
143
+ when :get_bucket_versioning
144
+ Aws::S3::Endpoints::GetBucketVersioning.build(context)
145
+ when :get_bucket_website
146
+ Aws::S3::Endpoints::GetBucketWebsite.build(context)
147
+ when :get_object
148
+ Aws::S3::Endpoints::GetObject.build(context)
149
+ when :get_object_acl
150
+ Aws::S3::Endpoints::GetObjectAcl.build(context)
151
+ when :get_object_attributes
152
+ Aws::S3::Endpoints::GetObjectAttributes.build(context)
153
+ when :get_object_legal_hold
154
+ Aws::S3::Endpoints::GetObjectLegalHold.build(context)
155
+ when :get_object_lock_configuration
156
+ Aws::S3::Endpoints::GetObjectLockConfiguration.build(context)
157
+ when :get_object_retention
158
+ Aws::S3::Endpoints::GetObjectRetention.build(context)
159
+ when :get_object_tagging
160
+ Aws::S3::Endpoints::GetObjectTagging.build(context)
161
+ when :get_object_torrent
162
+ Aws::S3::Endpoints::GetObjectTorrent.build(context)
163
+ when :get_public_access_block
164
+ Aws::S3::Endpoints::GetPublicAccessBlock.build(context)
165
+ when :head_bucket
166
+ Aws::S3::Endpoints::HeadBucket.build(context)
167
+ when :head_object
168
+ Aws::S3::Endpoints::HeadObject.build(context)
169
+ when :list_bucket_analytics_configurations
170
+ Aws::S3::Endpoints::ListBucketAnalyticsConfigurations.build(context)
171
+ when :list_bucket_intelligent_tiering_configurations
172
+ Aws::S3::Endpoints::ListBucketIntelligentTieringConfigurations.build(context)
173
+ when :list_bucket_inventory_configurations
174
+ Aws::S3::Endpoints::ListBucketInventoryConfigurations.build(context)
175
+ when :list_bucket_metrics_configurations
176
+ Aws::S3::Endpoints::ListBucketMetricsConfigurations.build(context)
177
+ when :list_buckets
178
+ Aws::S3::Endpoints::ListBuckets.build(context)
179
+ when :list_multipart_uploads
180
+ Aws::S3::Endpoints::ListMultipartUploads.build(context)
181
+ when :list_object_versions
182
+ Aws::S3::Endpoints::ListObjectVersions.build(context)
183
+ when :list_objects
184
+ Aws::S3::Endpoints::ListObjects.build(context)
185
+ when :list_objects_v2
186
+ Aws::S3::Endpoints::ListObjectsV2.build(context)
187
+ when :list_parts
188
+ Aws::S3::Endpoints::ListParts.build(context)
189
+ when :put_bucket_accelerate_configuration
190
+ Aws::S3::Endpoints::PutBucketAccelerateConfiguration.build(context)
191
+ when :put_bucket_acl
192
+ Aws::S3::Endpoints::PutBucketAcl.build(context)
193
+ when :put_bucket_analytics_configuration
194
+ Aws::S3::Endpoints::PutBucketAnalyticsConfiguration.build(context)
195
+ when :put_bucket_cors
196
+ Aws::S3::Endpoints::PutBucketCors.build(context)
197
+ when :put_bucket_encryption
198
+ Aws::S3::Endpoints::PutBucketEncryption.build(context)
199
+ when :put_bucket_intelligent_tiering_configuration
200
+ Aws::S3::Endpoints::PutBucketIntelligentTieringConfiguration.build(context)
201
+ when :put_bucket_inventory_configuration
202
+ Aws::S3::Endpoints::PutBucketInventoryConfiguration.build(context)
203
+ when :put_bucket_lifecycle
204
+ Aws::S3::Endpoints::PutBucketLifecycle.build(context)
205
+ when :put_bucket_lifecycle_configuration
206
+ Aws::S3::Endpoints::PutBucketLifecycleConfiguration.build(context)
207
+ when :put_bucket_logging
208
+ Aws::S3::Endpoints::PutBucketLogging.build(context)
209
+ when :put_bucket_metrics_configuration
210
+ Aws::S3::Endpoints::PutBucketMetricsConfiguration.build(context)
211
+ when :put_bucket_notification
212
+ Aws::S3::Endpoints::PutBucketNotification.build(context)
213
+ when :put_bucket_notification_configuration
214
+ Aws::S3::Endpoints::PutBucketNotificationConfiguration.build(context)
215
+ when :put_bucket_ownership_controls
216
+ Aws::S3::Endpoints::PutBucketOwnershipControls.build(context)
217
+ when :put_bucket_policy
218
+ Aws::S3::Endpoints::PutBucketPolicy.build(context)
219
+ when :put_bucket_replication
220
+ Aws::S3::Endpoints::PutBucketReplication.build(context)
221
+ when :put_bucket_request_payment
222
+ Aws::S3::Endpoints::PutBucketRequestPayment.build(context)
223
+ when :put_bucket_tagging
224
+ Aws::S3::Endpoints::PutBucketTagging.build(context)
225
+ when :put_bucket_versioning
226
+ Aws::S3::Endpoints::PutBucketVersioning.build(context)
227
+ when :put_bucket_website
228
+ Aws::S3::Endpoints::PutBucketWebsite.build(context)
229
+ when :put_object
230
+ Aws::S3::Endpoints::PutObject.build(context)
231
+ when :put_object_acl
232
+ Aws::S3::Endpoints::PutObjectAcl.build(context)
233
+ when :put_object_legal_hold
234
+ Aws::S3::Endpoints::PutObjectLegalHold.build(context)
235
+ when :put_object_lock_configuration
236
+ Aws::S3::Endpoints::PutObjectLockConfiguration.build(context)
237
+ when :put_object_retention
238
+ Aws::S3::Endpoints::PutObjectRetention.build(context)
239
+ when :put_object_tagging
240
+ Aws::S3::Endpoints::PutObjectTagging.build(context)
241
+ when :put_public_access_block
242
+ Aws::S3::Endpoints::PutPublicAccessBlock.build(context)
243
+ when :restore_object
244
+ Aws::S3::Endpoints::RestoreObject.build(context)
245
+ when :select_object_content
246
+ Aws::S3::Endpoints::SelectObjectContent.build(context)
247
+ when :upload_part
248
+ Aws::S3::Endpoints::UploadPart.build(context)
249
+ when :upload_part_copy
250
+ Aws::S3::Endpoints::UploadPartCopy.build(context)
251
+ when :write_get_object_response
252
+ Aws::S3::Endpoints::WriteGetObjectResponse.build(context)
253
+ end
254
+ end
255
+ end
256
+
257
+ def add_handlers(handlers, _config)
258
+ handlers.add(Handler, step: :build, priority: 75)
259
+ end
260
+ end
261
+ end
262
+ end
@@ -16,7 +16,8 @@ module Aws
16
16
 
17
17
  def call(context)
18
18
  body = context.http_request.body
19
- if body.respond_to?(:size) && body.size > 0
19
+ if body.respond_to?(:size) && body.size > 0 &&
20
+ !context[:use_accelerate_endpoint]
20
21
  context.http_request.headers['expect'] = '100-continue'
21
22
  end
22
23
  @handler.call(context)
@@ -16,40 +16,17 @@ Defaults to `legacy` mode which uses the global endpoint.
16
16
  resolve_iad_regional_endpoint(cfg)
17
17
  end
18
18
 
19
- def add_handlers(handlers, config)
20
- # only modify non-custom endpoints
21
- if config.regional_endpoint && config.region == 'us-east-1'
22
- handlers.add(Handler)
23
- end
24
- end
25
-
26
- # @api private
27
- class Handler < Seahorse::Client::Handler
28
-
29
- def call(context)
30
- # WriteGetObjectResponse does not have a global endpoint
31
- # ARNs are regionalized, so don't touch those either.
32
- if context.operation.name != 'WriteGetObjectResponse' &&
33
- context.config.s3_us_east_1_regional_endpoint == 'legacy' &&
34
- !context.metadata[:s3_arn]
35
- host = context.http_request.endpoint.host
36
- legacy_host = IADRegionalEndpoint.legacy_host(host)
37
- context.http_request.endpoint.host = legacy_host
38
- end
39
- @handler.call(context)
40
- end
41
-
42
- end
43
-
44
- def self.legacy_host(host)
45
- host.sub(".us-east-1", '')
46
- end
47
-
48
19
  private
49
20
 
50
21
  def self.resolve_iad_regional_endpoint(cfg)
22
+ default_mode_value =
23
+ if cfg.respond_to?(:defaults_mode_config_resolver)
24
+ cfg.defaults_mode_config_resolver.resolve(:s3_us_east_1_regional_endpoint)
25
+ end
26
+
51
27
  mode = ENV['AWS_S3_US_EAST_1_REGIONAL_ENDPOINT'] ||
52
28
  Aws.shared_config.s3_us_east_1_regional_endpoint(profile: cfg.profile) ||
29
+ default_mode_value ||
53
30
  'legacy'
54
31
  mode = mode.downcase
55
32
  unless %w(legacy regional).include?(mode)
@@ -22,9 +22,11 @@ module Aws
22
22
  CHUNK_SIZE = 1 * 1024 * 1024 # one MB
23
23
 
24
24
  def call(context)
25
- body = context.http_request.body
26
- if body.respond_to?(:size) && body.size > 0
27
- context.http_request.headers['Content-Md5'] ||= md5(body)
25
+ if !context[:checksum_algorithms] # skip in favor of flexible checksum
26
+ body = context.http_request.body
27
+ if body.respond_to?(:size) && body.size > 0
28
+ context.http_request.headers['Content-Md5'] ||= md5(body)
29
+ end
28
30
  end
29
31
  @handler.call(context)
30
32
  end
@@ -5,26 +5,13 @@ require 'aws-sigv4'
5
5
  module Aws
6
6
  module S3
7
7
  module Plugins
8
- # This plugin is an implementation detail and may be modified.
8
+ # This plugin used to have a V4 signer but it was removed in favor of
9
+ # generic Sign plugin that uses endpoint auth scheme.
10
+ #
9
11
  # @api private
10
12
  class S3Signer < Seahorse::Client::Plugin
11
13
  option(:signature_version, 'v4')
12
14
 
13
- option(:sigv4_signer) do |cfg|
14
- S3Signer.build_v4_signer(
15
- service: 's3',
16
- region: cfg.sigv4_region,
17
- credentials: cfg.credentials
18
- )
19
- end
20
-
21
- option(:sigv4_region) do |cfg|
22
- # S3 removes core's signature_v4 plugin that checks for this
23
- raise Aws::Errors::MissingRegionError if cfg.region.nil?
24
-
25
- Aws::Partitions::EndpointProvider.signing_region(cfg.region, 's3')
26
- end
27
-
28
15
  def add_handlers(handlers, cfg)
29
16
  case cfg.signature_version
30
17
  when 'v4' then add_v4_handlers(handlers)
@@ -37,11 +24,11 @@ module Aws
37
24
 
38
25
  def add_v4_handlers(handlers)
39
26
  handlers.add(CachedBucketRegionHandler, step: :sign, priority: 60)
40
- handlers.add(V4Handler, step: :sign)
41
27
  handlers.add(BucketRegionErrorHandler, step: :sign, priority: 40)
42
28
  end
43
29
 
44
30
  def add_legacy_handler(handlers)
31
+ # generic Sign plugin will be skipped if it sees sigv2
45
32
  handlers.add(LegacyHandler, step: :sign)
46
33
  end
47
34
 
@@ -52,45 +39,6 @@ module Aws
52
39
  end
53
40
  end
54
41
 
55
- class V4Handler < Seahorse::Client::Handler
56
- def call(context)
57
- Aws::Plugins::SignatureV4.apply_signature(
58
- context: context,
59
- signer: sigv4_signer(context)
60
- )
61
- @handler.call(context)
62
- end
63
-
64
- private
65
-
66
- def sigv4_signer(context)
67
- # If the client was configured with the wrong region,
68
- # we have to build a new signer.
69
- if context[:cached_sigv4_region] &&
70
- context[:cached_sigv4_region] != context.config.sigv4_signer.region
71
- S3Signer.build_v4_signer(
72
- service: 's3',
73
- region: context[:cached_sigv4_region],
74
- credentials: context.config.credentials
75
- )
76
- elsif (arn = context.metadata[:s3_arn])
77
- S3Signer.build_v4_signer(
78
- service: arn[:arn].service,
79
- region: arn[:resolved_region],
80
- credentials: context.config.credentials
81
- )
82
- elsif context.operation.name == 'WriteGetObjectResponse'
83
- S3Signer.build_v4_signer(
84
- service: 's3-object-lambda',
85
- region: context.config.sigv4_region,
86
- credentials: context.config.credentials
87
- )
88
- else
89
- context.config.sigv4_signer
90
- end
91
- end
92
- end
93
-
94
42
  # This handler will update the http endpoint when the bucket region
95
43
  # is known/cached.
96
44
  class CachedBucketRegionHandler < Seahorse::Client::Handler
@@ -104,11 +52,13 @@ module Aws
104
52
 
105
53
  def check_for_cached_region(context, bucket)
106
54
  cached_region = S3::BUCKET_REGIONS[bucket]
107
- if cached_region && cached_region != context.config.region
55
+ if cached_region &&
56
+ cached_region != context.config.region &&
57
+ !S3Signer.custom_endpoint?(context)
108
58
  context.http_request.endpoint.host = S3Signer.new_hostname(
109
59
  context, cached_region
110
60
  )
111
- context[:cached_sigv4_region] = cached_region
61
+ context[:sigv4_region] = cached_region # Sign plugin will use this
112
62
  end
113
63
  end
114
64
  end
@@ -116,7 +66,8 @@ module Aws
116
66
  # This handler detects when a request fails because of a mismatched bucket
117
67
  # region. It follows up by making a request to determine the correct
118
68
  # region, then finally a version 4 signed request against the correct
119
- # regional endpoint.
69
+ # regional endpoint. This is intended for s3's global endpoint which
70
+ # will return 400 if the bucket is not in region.
120
71
  class BucketRegionErrorHandler < Seahorse::Client::Handler
121
72
  def call(context)
122
73
  response = @handler.call(context)
@@ -128,7 +79,8 @@ module Aws
128
79
  def handle_region_errors(response)
129
80
  if wrong_sigv4_region?(response) &&
130
81
  !fips_region?(response) &&
131
- !custom_endpoint?(response)
82
+ !S3Signer.custom_endpoint?(response.context) &&
83
+ !expired_credentials?(response)
132
84
  get_region_and_retry(response.context)
133
85
  else
134
86
  response
@@ -149,14 +101,11 @@ module Aws
149
101
  end
150
102
 
151
103
  def fips_region?(resp)
152
- resp.context.http_request.endpoint.host.include?('fips')
104
+ resp.context.http_request.endpoint.host.include?('s3-fips.')
153
105
  end
154
106
 
155
- def custom_endpoint?(resp)
156
- resolved_suffix = Aws::Partitions::EndpointProvider.dns_suffix_for(
157
- resp.context.config.region
158
- )
159
- !resp.context.http_request.endpoint.hostname.include?(resolved_suffix)
107
+ def expired_credentials?(resp)
108
+ resp.context.http_response.body_contents.match(/<Code>ExpiredToken<\/Code>/)
160
109
  end
161
110
 
162
111
  def wrong_sigv4_region?(resp)
@@ -171,18 +120,14 @@ module Aws
171
120
  context, actual_region
172
121
  )
173
122
  context.metadata[:redirect_region] = actual_region
174
- # if it's an ARN, use the service in the ARN
175
- if (arn = context.metadata[:s3_arn])
176
- service = arn[:arn].service
177
- end
178
- Aws::Plugins::SignatureV4.apply_signature(
179
- context: context,
180
- signer: S3Signer.build_v4_signer(
181
- service: service || 's3',
182
- region: actual_region,
183
- credentials: context.config.credentials
184
- )
123
+
124
+ signer = Aws::Plugins::Sign.signer_for(
125
+ context[:auth_scheme],
126
+ context.config,
127
+ actual_region
185
128
  )
129
+
130
+ signer.sign(context)
186
131
  end
187
132
 
188
133
  def region_from_body(body)
@@ -208,32 +153,22 @@ module Aws
208
153
  end
209
154
 
210
155
  class << self
211
- # @option options [required, String] :region
212
- # @option options [required, #credentials] :credentials
213
- # @api private
214
- def build_v4_signer(options = {})
215
- Aws::Sigv4::Signer.new(
216
- service: options[:service],
217
- region: options[:region],
218
- credentials_provider: options[:credentials],
219
- uri_escape_path: false,
220
- unsigned_headers: ['content-length', 'x-amzn-trace-id']
221
- )
156
+ def new_hostname(context, region)
157
+ endpoint_params = context[:endpoint_params].dup
158
+ endpoint_params.region = region
159
+ endpoint_params.endpoint = nil
160
+ endpoint =
161
+ context.config.endpoint_provider.resolve_endpoint(endpoint_params)
162
+ URI(endpoint.url).host
222
163
  end
223
164
 
224
- # Check to see if the bucket is actually an ARN
225
- # Otherwise it will retry with the ARN as the bucket name.
226
- def new_hostname(context, region)
227
- uri = URI.parse(
228
- Aws::Partitions::EndpointProvider.resolve(region, 's3')
229
- )
165
+ def custom_endpoint?(context)
166
+ region = context.config.region
167
+ partition = Aws::Endpoints::Matchers.aws_partition(region)
168
+ endpoint = context.http_request.endpoint
230
169
 
231
- if (arn = context.metadata[:s3_arn])
232
- # Retry with the response region and not the ARN resolved one
233
- ARN.resolve_url!(uri, arn[:arn], region).host
234
- else
235
- "#{context.params[:bucket]}.#{uri.host}"
236
- end
170
+ !endpoint.hostname.include?(partition['dnsSuffix']) &&
171
+ !endpoint.hostname.include?(partition['dualStackDnsSuffix'])
237
172
  end
238
173
  end
239
174
  end
@@ -0,0 +1,31 @@
1
+ # frozen_string_literal: true
2
+
3
+ module Aws
4
+ module S3
5
+ module Plugins
6
+
7
+ # S3 GetObject results for whole Multipart Objects contain a checksum
8
+ # that cannot be validated. These should be skipped by the
9
+ # ChecksumAlgorithm plugin.
10
+ class SkipWholeMultipartGetChecksums < Seahorse::Client::Plugin
11
+
12
+ class Handler < Seahorse::Client::Handler
13
+
14
+ def call(context)
15
+ context[:http_checksum] ||= {}
16
+ context[:http_checksum][:skip_on_suffix] = true
17
+
18
+ @handler.call(context)
19
+ end
20
+
21
+ end
22
+
23
+ handler(
24
+ Handler,
25
+ step: :initialize,
26
+ operations: [:get_object]
27
+ )
28
+ end
29
+ end
30
+ end
31
+ end