aws-sdk-s3 1.96.2 → 1.132.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +256 -0
- data/VERSION +1 -1
- data/lib/aws-sdk-s3/bucket.rb +226 -76
- data/lib/aws-sdk-s3/bucket_acl.rb +30 -7
- data/lib/aws-sdk-s3/bucket_cors.rb +35 -10
- data/lib/aws-sdk-s3/bucket_lifecycle.rb +39 -12
- data/lib/aws-sdk-s3/bucket_lifecycle_configuration.rb +40 -10
- data/lib/aws-sdk-s3/bucket_logging.rb +30 -7
- data/lib/aws-sdk-s3/bucket_notification.rb +28 -10
- data/lib/aws-sdk-s3/bucket_policy.rb +35 -10
- data/lib/aws-sdk-s3/bucket_request_payment.rb +30 -7
- data/lib/aws-sdk-s3/bucket_tagging.rb +35 -10
- data/lib/aws-sdk-s3/bucket_versioning.rb +78 -17
- data/lib/aws-sdk-s3/bucket_website.rb +35 -10
- data/lib/aws-sdk-s3/client.rb +3854 -2120
- data/lib/aws-sdk-s3/client_api.rb +601 -208
- data/lib/aws-sdk-s3/customizations/bucket.rb +23 -47
- data/lib/aws-sdk-s3/customizations/errors.rb +27 -0
- data/lib/aws-sdk-s3/customizations/object.rb +130 -24
- data/lib/aws-sdk-s3/customizations/types/permanent_redirect.rb +26 -0
- data/lib/aws-sdk-s3/customizations.rb +2 -0
- data/lib/aws-sdk-s3/encryption/client.rb +7 -3
- data/lib/aws-sdk-s3/encryption/decrypt_handler.rb +0 -4
- data/lib/aws-sdk-s3/encryption/kms_cipher_provider.rb +13 -9
- data/lib/aws-sdk-s3/encryptionV2/client.rb +7 -3
- data/lib/aws-sdk-s3/encryptionV2/decrypt_handler.rb +1 -4
- data/lib/aws-sdk-s3/encryptionV2/encrypt_handler.rb +0 -4
- data/lib/aws-sdk-s3/encryptionV2/kms_cipher_provider.rb +10 -6
- data/lib/aws-sdk-s3/endpoint_parameters.rb +146 -0
- data/lib/aws-sdk-s3/endpoint_provider.rb +509 -0
- data/lib/aws-sdk-s3/endpoints.rb +2150 -0
- data/lib/aws-sdk-s3/file_downloader.rb +57 -27
- data/lib/aws-sdk-s3/file_uploader.rb +12 -5
- data/lib/aws-sdk-s3/multipart_file_uploader.rb +26 -7
- data/lib/aws-sdk-s3/multipart_stream_uploader.rb +41 -13
- data/lib/aws-sdk-s3/multipart_upload.rb +138 -16
- data/lib/aws-sdk-s3/multipart_upload_part.rb +144 -18
- data/lib/aws-sdk-s3/object.rb +364 -160
- data/lib/aws-sdk-s3/object_acl.rb +32 -9
- data/lib/aws-sdk-s3/object_copier.rb +7 -5
- data/lib/aws-sdk-s3/object_multipart_copier.rb +41 -19
- data/lib/aws-sdk-s3/object_summary.rb +291 -123
- data/lib/aws-sdk-s3/object_version.rb +99 -46
- data/lib/aws-sdk-s3/plugins/accelerate.rb +3 -44
- data/lib/aws-sdk-s3/plugins/arn.rb +22 -180
- data/lib/aws-sdk-s3/plugins/bucket_dns.rb +3 -39
- data/lib/aws-sdk-s3/plugins/bucket_name_restrictions.rb +1 -6
- data/lib/aws-sdk-s3/plugins/dualstack.rb +1 -55
- data/lib/aws-sdk-s3/plugins/endpoints.rb +262 -0
- data/lib/aws-sdk-s3/plugins/expect_100_continue.rb +2 -1
- data/lib/aws-sdk-s3/plugins/iad_regional_endpoint.rb +6 -29
- data/lib/aws-sdk-s3/plugins/md5s.rb +5 -3
- data/lib/aws-sdk-s3/plugins/s3_signer.rb +35 -100
- data/lib/aws-sdk-s3/plugins/skip_whole_multipart_get_checksums.rb +31 -0
- data/lib/aws-sdk-s3/plugins/streaming_retry.rb +23 -2
- data/lib/aws-sdk-s3/presigned_post.rb +99 -78
- data/lib/aws-sdk-s3/presigner.rb +24 -29
- data/lib/aws-sdk-s3/resource.rb +25 -3
- data/lib/aws-sdk-s3/types.rb +3307 -4625
- data/lib/aws-sdk-s3.rb +5 -1
- metadata +14 -11
- data/lib/aws-sdk-s3/arn/access_point_arn.rb +0 -69
- data/lib/aws-sdk-s3/arn/object_lambda_arn.rb +0 -69
- data/lib/aws-sdk-s3/arn/outpost_access_point_arn.rb +0 -73
- data/lib/aws-sdk-s3/plugins/object_lambda_endpoint.rb +0 -25
@@ -5,22 +5,6 @@ require 'uri'
|
|
5
5
|
module Aws
|
6
6
|
module S3
|
7
7
|
class Bucket
|
8
|
-
# Save the old initialize method so that we can call 'super'.
|
9
|
-
old_initialize = instance_method(:initialize)
|
10
|
-
# Make the method redefinable
|
11
|
-
alias_method :initialize, :initialize
|
12
|
-
# Define a new initialize method that extracts out a bucket ARN.
|
13
|
-
define_method(:initialize) do |*args|
|
14
|
-
old_initialize.bind(self).call(*args)
|
15
|
-
resolved_region, arn = Plugins::ARN.resolve_arn!(
|
16
|
-
name,
|
17
|
-
client.config.region,
|
18
|
-
client.config.s3_use_arn_region
|
19
|
-
)
|
20
|
-
@resolved_region = resolved_region
|
21
|
-
@arn = arn
|
22
|
-
end
|
23
|
-
|
24
8
|
# Deletes all objects and versioned objects from this bucket
|
25
9
|
#
|
26
10
|
# @example
|
@@ -105,14 +89,27 @@ module Aws
|
|
105
89
|
if options[:virtual_host]
|
106
90
|
scheme = options.fetch(:secure, true) ? 'https' : 'http'
|
107
91
|
"#{scheme}://#{name}"
|
108
|
-
elsif @arn
|
109
|
-
Plugins::ARN.resolve_url!(
|
110
|
-
client.config.endpoint.dup,
|
111
|
-
@arn,
|
112
|
-
@resolved_region
|
113
|
-
).to_s
|
114
92
|
else
|
115
|
-
|
93
|
+
# Taken from Aws::S3::Endpoints module
|
94
|
+
unless client.config.regional_endpoint
|
95
|
+
endpoint = client.config.endpoint.to_s
|
96
|
+
end
|
97
|
+
params = Aws::S3::EndpointParameters.new(
|
98
|
+
bucket: name,
|
99
|
+
region: client.config.region,
|
100
|
+
use_fips: client.config.use_fips_endpoint,
|
101
|
+
use_dual_stack: client.config.use_dualstack_endpoint,
|
102
|
+
endpoint: endpoint,
|
103
|
+
force_path_style: client.config.force_path_style,
|
104
|
+
accelerate: client.config.use_accelerate_endpoint,
|
105
|
+
use_global_endpoint: client.config.s3_us_east_1_regional_endpoint == 'legacy',
|
106
|
+
use_object_lambda_endpoint: nil,
|
107
|
+
disable_access_points: nil,
|
108
|
+
disable_multi_region_access_points: client.config.s3_disable_multiregion_access_points,
|
109
|
+
use_arn_region: client.config.s3_use_arn_region,
|
110
|
+
)
|
111
|
+
endpoint = Aws::S3::EndpointProvider.new.resolve_endpoint(params)
|
112
|
+
endpoint.url
|
116
113
|
end
|
117
114
|
end
|
118
115
|
|
@@ -137,34 +134,13 @@ module Aws
|
|
137
134
|
|
138
135
|
# @api private
|
139
136
|
def load
|
140
|
-
@data =
|
137
|
+
@data = Aws::Plugins::UserAgent.feature('resource') do
|
138
|
+
client.list_buckets.buckets.find { |b| b.name == name }
|
139
|
+
end
|
141
140
|
raise "unable to load bucket #{name}" if @data.nil?
|
142
141
|
|
143
142
|
self
|
144
143
|
end
|
145
|
-
|
146
|
-
private
|
147
|
-
|
148
|
-
def s3_bucket_url
|
149
|
-
url = client.config.endpoint.dup
|
150
|
-
if bucket_as_hostname?(url.scheme == 'https')
|
151
|
-
url.host = "#{name}.#{url.host}"
|
152
|
-
else
|
153
|
-
url.path += '/' unless url.path[-1] == '/'
|
154
|
-
url.path += Seahorse::Util.uri_escape(name)
|
155
|
-
end
|
156
|
-
if (client.config.region == 'us-east-1') &&
|
157
|
-
(client.config.s3_us_east_1_regional_endpoint == 'legacy')
|
158
|
-
url.host = Plugins::IADRegionalEndpoint.legacy_host(url.host)
|
159
|
-
end
|
160
|
-
url.to_s
|
161
|
-
end
|
162
|
-
|
163
|
-
def bucket_as_hostname?(https)
|
164
|
-
Plugins::BucketDns.dns_compatible?(name, https) &&
|
165
|
-
!client.config.force_path_style
|
166
|
-
end
|
167
|
-
|
168
144
|
end
|
169
145
|
end
|
170
146
|
end
|
@@ -0,0 +1,27 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module Aws
|
4
|
+
module S3
|
5
|
+
module Errors
|
6
|
+
# Hijack PermanentRedirect dynamic error to also include endpoint
|
7
|
+
# and bucket.
|
8
|
+
class PermanentRedirect < ServiceError
|
9
|
+
# @param [Seahorse::Client::RequestContext] context
|
10
|
+
# @param [String] message
|
11
|
+
# @param [Aws::S3::Types::PermanentRedirect] _data
|
12
|
+
def initialize(context, message, _data = Aws::EmptyStructure.new)
|
13
|
+
data = Aws::S3::Types::PermanentRedirect.new(message: message)
|
14
|
+
body = context.http_response.body_contents
|
15
|
+
if (endpoint = body.match(/<Endpoint>(.+?)<\/Endpoint>/))
|
16
|
+
data.endpoint = endpoint[1]
|
17
|
+
end
|
18
|
+
if (bucket = body.match(/<Bucket>(.+?)<\/Bucket>/))
|
19
|
+
data.bucket = bucket[1]
|
20
|
+
end
|
21
|
+
data.region = context.http_response.headers['x-amz-bucket-region']
|
22
|
+
super(context, message, data)
|
23
|
+
end
|
24
|
+
end
|
25
|
+
end
|
26
|
+
end
|
27
|
+
end
|
@@ -27,10 +27,13 @@ module Aws
|
|
27
27
|
# necessary for objects larger than 5GB and can provide
|
28
28
|
# performance improvements on large objects. Amazon S3 does
|
29
29
|
# not accept multipart copies for objects smaller than 5MB.
|
30
|
+
# Object metadata such as Content-Type will be copied, however,
|
31
|
+
# Checksums are not copied.
|
30
32
|
#
|
31
33
|
# @option options [Integer] :content_length Only used when
|
32
34
|
# `:multipart_copy` is `true`. Passing this options avoids a HEAD
|
33
|
-
# request to query the source object size
|
35
|
+
# request to query the source object size but prevents object metadata
|
36
|
+
# from being copied. Raises an `ArgumentError` if
|
34
37
|
# this option is provided when `:multipart_copy` is `false` or not set.
|
35
38
|
#
|
36
39
|
# @option options [S3::Client] :copy_source_client Only used when
|
@@ -43,6 +46,14 @@ module Aws
|
|
43
46
|
# different region. You do not need to specify this option
|
44
47
|
# if you have provided a `:source_client` or a `:content_length`.
|
45
48
|
#
|
49
|
+
# @option options [Boolean] :use_source_parts (false) Only used when
|
50
|
+
# `:multipart_copy` is `true`. Use part sizes defined on the source
|
51
|
+
# object if any exist. If copying or moving an object that
|
52
|
+
# is already multipart, this does not re-part the object, instead
|
53
|
+
# re-using the part definitions on the original. That means the etag
|
54
|
+
# and any checksums will not change. This is especially useful if the
|
55
|
+
# source object has parts with varied sizes.
|
56
|
+
#
|
46
57
|
# @example Basic object copy
|
47
58
|
#
|
48
59
|
# bucket = Aws::S3::Bucket.new('target-bucket')
|
@@ -65,11 +76,13 @@ module Aws
|
|
65
76
|
# @see #copy_to
|
66
77
|
#
|
67
78
|
def copy_from(source, options = {})
|
68
|
-
|
69
|
-
|
70
|
-
|
71
|
-
|
72
|
-
|
79
|
+
Aws::Plugins::UserAgent.feature('resource') do
|
80
|
+
if Hash === source && source[:copy_source]
|
81
|
+
# for backwards compatibility
|
82
|
+
@client.copy_object(source.merge(bucket: bucket_name, key: key))
|
83
|
+
else
|
84
|
+
ObjectCopier.new(self, options).copy_from(source, options)
|
85
|
+
end
|
73
86
|
end
|
74
87
|
end
|
75
88
|
|
@@ -106,7 +119,9 @@ module Aws
|
|
106
119
|
# object.copy_to('src-bucket/src-key', multipart_copy: true)
|
107
120
|
#
|
108
121
|
def copy_to(target, options = {})
|
109
|
-
|
122
|
+
Aws::Plugins::UserAgent.feature('resource') do
|
123
|
+
ObjectCopier.new(self, options).copy_to(target, options)
|
124
|
+
end
|
110
125
|
end
|
111
126
|
|
112
127
|
# Copies and deletes the current object. The object will only be deleted
|
@@ -161,7 +176,7 @@ module Aws
|
|
161
176
|
#
|
162
177
|
# @param [Symbol] method
|
163
178
|
# The S3 operation to generate a presigned URL for. Valid values
|
164
|
-
# are `:get`, `:put`, `:head`, `:delete`, `:create_multipart_upload`,
|
179
|
+
# are `:get`, `:put`, `:head`, `:delete`, `:create_multipart_upload`,
|
165
180
|
# `:list_multipart_uploads`, `:complete_multipart_upload`,
|
166
181
|
# `:abort_multipart_upload`, `:list_parts`, and `:upload_part`.
|
167
182
|
#
|
@@ -215,6 +230,79 @@ module Aws
|
|
215
230
|
)
|
216
231
|
end
|
217
232
|
|
233
|
+
# Allows you to create presigned URL requests for S3 operations. This
|
234
|
+
# method returns a tuple containing the URL and the signed X-amz-* headers
|
235
|
+
# to be used with the presigned url.
|
236
|
+
#
|
237
|
+
# @example Pre-signed GET URL, valid for one hour
|
238
|
+
#
|
239
|
+
# obj.presigned_request(:get, expires_in: 3600)
|
240
|
+
# #=> ["https://bucket-name.s3.amazonaws.com/object-key?...", {}]
|
241
|
+
#
|
242
|
+
# @example Pre-signed PUT with a canned ACL
|
243
|
+
#
|
244
|
+
# # the object uploaded using this URL will be publicly accessible
|
245
|
+
# obj.presigned_request(:put, acl: 'public-read')
|
246
|
+
# #=> ["https://bucket-name.s3.amazonaws.com/object-key?...",
|
247
|
+
# {"x-amz-acl"=>"public-read"}]
|
248
|
+
#
|
249
|
+
# @param [Symbol] method
|
250
|
+
# The S3 operation to generate a presigned request for. Valid values
|
251
|
+
# are `:get`, `:put`, `:head`, `:delete`, `:create_multipart_upload`,
|
252
|
+
# `:list_multipart_uploads`, `:complete_multipart_upload`,
|
253
|
+
# `:abort_multipart_upload`, `:list_parts`, and `:upload_part`.
|
254
|
+
#
|
255
|
+
# @param [Hash] params
|
256
|
+
# Additional request parameters to use when generating the pre-signed
|
257
|
+
# request. See the related documentation in {Client} for accepted
|
258
|
+
# params.
|
259
|
+
#
|
260
|
+
# | Method | Client Method |
|
261
|
+
# |------------------------------|------------------------------------|
|
262
|
+
# | `:get` | {Client#get_object} |
|
263
|
+
# | `:put` | {Client#put_object} |
|
264
|
+
# | `:head` | {Client#head_object} |
|
265
|
+
# | `:delete` | {Client#delete_object} |
|
266
|
+
# | `:create_multipart_upload` | {Client#create_multipart_upload} |
|
267
|
+
# | `:list_multipart_uploads` | {Client#list_multipart_uploads} |
|
268
|
+
# | `:complete_multipart_upload` | {Client#complete_multipart_upload} |
|
269
|
+
# | `:abort_multipart_upload` | {Client#abort_multipart_upload} |
|
270
|
+
# | `:list_parts` | {Client#list_parts} |
|
271
|
+
# | `:upload_part` | {Client#upload_part} |
|
272
|
+
#
|
273
|
+
# @option params [Boolean] :virtual_host (false) When `true` the
|
274
|
+
# presigned URL will use the bucket name as a virtual host.
|
275
|
+
#
|
276
|
+
# bucket = Aws::S3::Bucket.new('my.bucket.com')
|
277
|
+
# bucket.object('key').presigned_request(virtual_host: true)
|
278
|
+
# #=> ["http://my.bucket.com/key?...", {}]
|
279
|
+
#
|
280
|
+
# @option params [Integer] :expires_in (900) Number of seconds before
|
281
|
+
# the pre-signed URL expires. This may not exceed one week (604800
|
282
|
+
# seconds). Note that the pre-signed URL is also only valid as long as
|
283
|
+
# credentials used to sign it are. For example, when using IAM roles,
|
284
|
+
# temporary tokens generated for signing also have a default expiration
|
285
|
+
# which will affect the effective expiration of the pre-signed URL.
|
286
|
+
#
|
287
|
+
# @raise [ArgumentError] Raised if `:expires_in` exceeds one week
|
288
|
+
# (604800 seconds).
|
289
|
+
#
|
290
|
+
# @return [String, Hash] A tuple with a presigned URL and headers that
|
291
|
+
# should be included with the request.
|
292
|
+
#
|
293
|
+
def presigned_request(method, params = {})
|
294
|
+
presigner = Presigner.new(client: client)
|
295
|
+
|
296
|
+
if %w(delete head get put).include?(method.to_s)
|
297
|
+
method = "#{method}_object".to_sym
|
298
|
+
end
|
299
|
+
|
300
|
+
presigner.presigned_request(
|
301
|
+
method.downcase,
|
302
|
+
params.merge(bucket: bucket_name, key: key)
|
303
|
+
)
|
304
|
+
end
|
305
|
+
|
218
306
|
# Returns the public (un-signed) URL for this object.
|
219
307
|
#
|
220
308
|
# s3.bucket('bucket-name').object('obj-key').public_url
|
@@ -295,10 +383,12 @@ module Aws
|
|
295
383
|
tempfile: uploading_options.delete(:tempfile),
|
296
384
|
part_size: uploading_options.delete(:part_size)
|
297
385
|
)
|
298
|
-
|
299
|
-
|
300
|
-
|
301
|
-
|
386
|
+
Aws::Plugins::UserAgent.feature('resource') do
|
387
|
+
uploader.upload(
|
388
|
+
uploading_options.merge(bucket: bucket_name, key: key),
|
389
|
+
&block
|
390
|
+
)
|
391
|
+
end
|
302
392
|
true
|
303
393
|
end
|
304
394
|
|
@@ -327,7 +417,7 @@ module Aws
|
|
327
417
|
# progress = Proc.new do |bytes, totals|
|
328
418
|
# puts bytes.map.with_index { |b, i| "Part #{i+1}: #{b} / #{totals[i]}"}.join(' ') + "Total: #{100.0 * bytes.sum / totals.sum }%" }
|
329
419
|
# end
|
330
|
-
# obj.upload_file('/path/to/file')
|
420
|
+
# obj.upload_file('/path/to/file', progress_callback: progress)
|
331
421
|
#
|
332
422
|
# @param [String, Pathname, File, Tempfile] source A file on the local
|
333
423
|
# file system that will be uploaded as this object. This can either be
|
@@ -337,10 +427,10 @@ module Aws
|
|
337
427
|
# using an open Tempfile, rewind it before uploading or else the object
|
338
428
|
# will be empty.
|
339
429
|
#
|
340
|
-
# @option options [Integer] :multipart_threshold (
|
430
|
+
# @option options [Integer] :multipart_threshold (104857600) Files larger
|
341
431
|
# than or equal to `:multipart_threshold` are uploaded using the S3
|
342
432
|
# multipart APIs.
|
343
|
-
# Default threshold is
|
433
|
+
# Default threshold is 100MB.
|
344
434
|
#
|
345
435
|
# @option options [Integer] :thread_count (10) The number of parallel
|
346
436
|
# multipart uploads. This option is not used if the file is smaller than
|
@@ -364,10 +454,12 @@ module Aws
|
|
364
454
|
multipart_threshold: uploading_options.delete(:multipart_threshold),
|
365
455
|
client: client
|
366
456
|
)
|
367
|
-
response =
|
368
|
-
|
369
|
-
|
370
|
-
|
457
|
+
response = Aws::Plugins::UserAgent.feature('resource') do
|
458
|
+
uploader.upload(
|
459
|
+
source,
|
460
|
+
uploading_options.merge(bucket: bucket_name, key: key)
|
461
|
+
)
|
462
|
+
end
|
371
463
|
yield response if block_given?
|
372
464
|
true
|
373
465
|
end
|
@@ -391,7 +483,7 @@ module Aws
|
|
391
483
|
# customizing each range size in multipart_download,
|
392
484
|
# By default, `auto` mode is enabled, which performs multipart_download
|
393
485
|
#
|
394
|
-
# @option options [
|
486
|
+
# @option options [Integer] chunk_size required in get_range mode.
|
395
487
|
#
|
396
488
|
# @option options [Integer] thread_count (10) Customize threads used in
|
397
489
|
# the multipart download.
|
@@ -400,14 +492,28 @@ module Aws
|
|
400
492
|
# retrieve the object. For more about object versioning, see:
|
401
493
|
# https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectVersioning.html
|
402
494
|
#
|
495
|
+
# @option options [String] checksum_mode (ENABLED) When `ENABLED` and
|
496
|
+
# the object has a stored checksum, it will be used to validate the
|
497
|
+
# download and will raise an `Aws::Errors::ChecksumError` if
|
498
|
+
# checksum validation fails. You may provide a `on_checksum_validated`
|
499
|
+
# callback if you need to verify that validation occured and which
|
500
|
+
# algorithm was used.
|
501
|
+
#
|
502
|
+
# @option options [Callable] on_checksum_validated Called each time a
|
503
|
+
# request's checksum is validated with the checksum algorithm and the
|
504
|
+
# response. For multipart downloads, this will be called for each
|
505
|
+
# part that is downloaded and validated.
|
506
|
+
#
|
403
507
|
# @return [Boolean] Returns `true` when the file is downloaded without
|
404
508
|
# any errors.
|
405
509
|
def download_file(destination, options = {})
|
406
510
|
downloader = FileDownloader.new(client: client)
|
407
|
-
|
408
|
-
|
409
|
-
|
410
|
-
|
511
|
+
Aws::Plugins::UserAgent.feature('resource') do
|
512
|
+
downloader.download(
|
513
|
+
destination,
|
514
|
+
options.merge(bucket: bucket_name, key: key)
|
515
|
+
)
|
516
|
+
end
|
411
517
|
true
|
412
518
|
end
|
413
519
|
end
|
@@ -0,0 +1,26 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
module Aws
|
4
|
+
module S3
|
5
|
+
module Types
|
6
|
+
# This error is not modeled.
|
7
|
+
#
|
8
|
+
# The bucket you are attempting to access must be addressed using the
|
9
|
+
# specified endpoint. Please send all future requests to this endpoint.
|
10
|
+
#
|
11
|
+
# @!attribute [rw] endpoint
|
12
|
+
# @return [String]
|
13
|
+
#
|
14
|
+
# @!attribute [rw] bucket
|
15
|
+
# @return [String]
|
16
|
+
#
|
17
|
+
# @!attribute [rw] message
|
18
|
+
# @return [String]
|
19
|
+
#
|
20
|
+
class PermanentRedirect < Struct.new(:endpoint, :bucket, :region, :message)
|
21
|
+
SENSITIVE = []
|
22
|
+
include Aws::Structure
|
23
|
+
end
|
24
|
+
end
|
25
|
+
end
|
26
|
+
end
|
@@ -18,10 +18,12 @@ require 'aws-sdk-s3/presigner'
|
|
18
18
|
|
19
19
|
# customizations to generated classes
|
20
20
|
require 'aws-sdk-s3/customizations/bucket'
|
21
|
+
require 'aws-sdk-s3/customizations/errors'
|
21
22
|
require 'aws-sdk-s3/customizations/object'
|
22
23
|
require 'aws-sdk-s3/customizations/object_summary'
|
23
24
|
require 'aws-sdk-s3/customizations/multipart_upload'
|
24
25
|
require 'aws-sdk-s3/customizations/types/list_object_versions_output'
|
26
|
+
require 'aws-sdk-s3/customizations/types/permanent_redirect'
|
25
27
|
|
26
28
|
[
|
27
29
|
Aws::S3::Object::Collection,
|
@@ -120,7 +120,7 @@ module Aws
|
|
120
120
|
# attr_reader :encryption_materials
|
121
121
|
#
|
122
122
|
# def key_for(matdesc)
|
123
|
-
# key_name = JSON.
|
123
|
+
# key_name = JSON.parse(matdesc)['key']
|
124
124
|
# if key = @keys[key_name]
|
125
125
|
# key
|
126
126
|
# else
|
@@ -270,7 +270,9 @@ module Aws
|
|
270
270
|
envelope_location: @envelope_location,
|
271
271
|
instruction_file_suffix: @instruction_file_suffix,
|
272
272
|
}
|
273
|
-
|
273
|
+
Aws::Plugins::UserAgent.feature('S3CryptoV1n') do
|
274
|
+
req.send_request
|
275
|
+
end
|
274
276
|
end
|
275
277
|
|
276
278
|
# Gets an object from Amazon S3, decrypting data locally.
|
@@ -298,7 +300,9 @@ module Aws
|
|
298
300
|
envelope_location: envelope_location,
|
299
301
|
instruction_file_suffix: instruction_file_suffix,
|
300
302
|
}
|
301
|
-
|
303
|
+
Aws::Plugins::UserAgent.feature('S3CryptoV1n') do
|
304
|
+
req.send_request(target: block)
|
305
|
+
end
|
302
306
|
end
|
303
307
|
|
304
308
|
private
|
@@ -165,10 +165,6 @@ module Aws
|
|
165
165
|
# to initialize the cipher, and the decrypter truncates the
|
166
166
|
# auth tag from the body when writing the final bytes.
|
167
167
|
def authenticated_decrypter(context, cipher, envelope)
|
168
|
-
if RUBY_VERSION.match(/1.9/)
|
169
|
-
raise "authenticated decryption not supported by OpenSSL in Ruby version ~> 1.9"
|
170
|
-
raise Aws::Errors::NonSupportedRubyVersionError, msg
|
171
|
-
end
|
172
168
|
http_resp = context.http_response
|
173
169
|
content_length = http_resp.headers['content-length'].to_i
|
174
170
|
auth_tag_length = auth_tag_length(envelope)
|
@@ -17,11 +17,13 @@ module Aws
|
|
17
17
|
# envelope and encryption cipher.
|
18
18
|
def encryption_cipher
|
19
19
|
encryption_context = { "kms_cmk_id" => @kms_key_id }
|
20
|
-
key_data =
|
21
|
-
|
22
|
-
|
23
|
-
|
24
|
-
|
20
|
+
key_data = Aws::Plugins::UserAgent.feature('S3CryptoV1n') do
|
21
|
+
@kms_client.generate_data_key(
|
22
|
+
key_id: @kms_key_id,
|
23
|
+
encryption_context: encryption_context,
|
24
|
+
key_spec: 'AES_256'
|
25
|
+
)
|
26
|
+
end
|
25
27
|
cipher = Utils.aes_encryption_cipher(:CBC)
|
26
28
|
cipher.key = key_data.plaintext
|
27
29
|
envelope = {
|
@@ -58,10 +60,12 @@ module Aws
|
|
58
60
|
"#{envelope['x-amz-wrap-alg']}"
|
59
61
|
end
|
60
62
|
|
61
|
-
key =
|
62
|
-
|
63
|
-
|
64
|
-
|
63
|
+
key = Aws::Plugins::UserAgent.feature('S3CryptoV1n') do
|
64
|
+
@kms_client.decrypt(
|
65
|
+
ciphertext_blob: decode64(envelope['x-amz-key-v2']),
|
66
|
+
encryption_context: encryption_context
|
67
|
+
).plaintext
|
68
|
+
end
|
65
69
|
|
66
70
|
iv = decode64(envelope['x-amz-iv'])
|
67
71
|
block_mode =
|
@@ -157,7 +157,7 @@ module Aws
|
|
157
157
|
# attr_reader :encryption_materials
|
158
158
|
#
|
159
159
|
# def key_for(matdesc)
|
160
|
-
# key_name = JSON.
|
160
|
+
# key_name = JSON.parse(matdesc)['key']
|
161
161
|
# if key = @keys[key_name]
|
162
162
|
# key
|
163
163
|
# else
|
@@ -361,7 +361,9 @@ module Aws
|
|
361
361
|
instruction_file_suffix: @instruction_file_suffix,
|
362
362
|
kms_encryption_context: kms_encryption_context
|
363
363
|
}
|
364
|
-
|
364
|
+
Aws::Plugins::UserAgent.feature('S3CryptoV2') do
|
365
|
+
req.send_request
|
366
|
+
end
|
365
367
|
end
|
366
368
|
|
367
369
|
# Gets an object from Amazon S3, decrypting data locally.
|
@@ -414,7 +416,9 @@ module Aws
|
|
414
416
|
kms_allow_decrypt_with_any_cmk: kms_any_cmk_mode,
|
415
417
|
security_profile: security_profile
|
416
418
|
}
|
417
|
-
|
419
|
+
Aws::Plugins::UserAgent.feature('S3CryptoV2') do
|
420
|
+
req.send_request(target: block)
|
421
|
+
end
|
418
422
|
end
|
419
423
|
|
420
424
|
private
|
@@ -166,10 +166,6 @@ module Aws
|
|
166
166
|
# to initialize the cipher, and the decrypter truncates the
|
167
167
|
# auth tag from the body when writing the final bytes.
|
168
168
|
def authenticated_decrypter(context, cipher, envelope)
|
169
|
-
if RUBY_VERSION.match(/1.9/)
|
170
|
-
raise "authenticated decryption not supported by OpenSSL in Ruby version ~> 1.9"
|
171
|
-
raise Aws::Errors::NonSupportedRubyVersionError, msg
|
172
|
-
end
|
173
169
|
http_resp = context.http_response
|
174
170
|
content_length = http_resp.headers['content-length'].to_i
|
175
171
|
auth_tag_length = auth_tag_length(envelope)
|
@@ -177,6 +173,7 @@ module Aws
|
|
177
173
|
auth_tag = context.client.get_object(
|
178
174
|
bucket: context.params[:bucket],
|
179
175
|
key: context.params[:key],
|
176
|
+
version_id: context.params[:version_id],
|
180
177
|
range: "bytes=-#{auth_tag_length}"
|
181
178
|
).body.read
|
182
179
|
|
@@ -9,10 +9,6 @@ module Aws
|
|
9
9
|
class EncryptHandler < Seahorse::Client::Handler
|
10
10
|
|
11
11
|
def call(context)
|
12
|
-
if RUBY_VERSION.match(/1.9/)
|
13
|
-
raise "authenticated encryption not supported by OpenSSL in Ruby version ~> 1.9"
|
14
|
-
raise Aws::Errors::NonSupportedRubyVersionError, msg
|
15
|
-
end
|
16
12
|
envelope, cipher = context[:encryption][:cipher_provider]
|
17
13
|
.encryption_cipher(
|
18
14
|
kms_encryption_context: context[:encryption][:kms_encryption_context]
|
@@ -24,11 +24,13 @@ module Aws
|
|
24
24
|
def encryption_cipher(options = {})
|
25
25
|
validate_key_for_encryption
|
26
26
|
encryption_context = build_encryption_context(@content_encryption_schema, options)
|
27
|
-
key_data =
|
28
|
-
|
29
|
-
|
30
|
-
|
31
|
-
|
27
|
+
key_data = Aws::Plugins::UserAgent.feature('S3CryptoV2') do
|
28
|
+
@kms_client.generate_data_key(
|
29
|
+
key_id: @kms_key_id,
|
30
|
+
encryption_context: encryption_context,
|
31
|
+
key_spec: 'AES_256'
|
32
|
+
)
|
33
|
+
end
|
32
34
|
cipher = Utils.aes_encryption_cipher(:GCM)
|
33
35
|
cipher.key = key_data.plaintext
|
34
36
|
envelope = {
|
@@ -83,7 +85,9 @@ module Aws
|
|
83
85
|
decrypt_options[:key_id] = @kms_key_id
|
84
86
|
end
|
85
87
|
|
86
|
-
key =
|
88
|
+
key = Aws::Plugins::UserAgent.feature('S3CryptoV2') do
|
89
|
+
@kms_client.decrypt(decrypt_options).plaintext
|
90
|
+
end
|
87
91
|
iv = decode64(envelope['x-amz-iv'])
|
88
92
|
block_mode =
|
89
93
|
case cek_alg
|