aws-sdk-s3 1.96.2 → 1.132.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (66) hide show
  1. checksums.yaml +4 -4
  2. data/CHANGELOG.md +256 -0
  3. data/VERSION +1 -1
  4. data/lib/aws-sdk-s3/bucket.rb +226 -76
  5. data/lib/aws-sdk-s3/bucket_acl.rb +30 -7
  6. data/lib/aws-sdk-s3/bucket_cors.rb +35 -10
  7. data/lib/aws-sdk-s3/bucket_lifecycle.rb +39 -12
  8. data/lib/aws-sdk-s3/bucket_lifecycle_configuration.rb +40 -10
  9. data/lib/aws-sdk-s3/bucket_logging.rb +30 -7
  10. data/lib/aws-sdk-s3/bucket_notification.rb +28 -10
  11. data/lib/aws-sdk-s3/bucket_policy.rb +35 -10
  12. data/lib/aws-sdk-s3/bucket_request_payment.rb +30 -7
  13. data/lib/aws-sdk-s3/bucket_tagging.rb +35 -10
  14. data/lib/aws-sdk-s3/bucket_versioning.rb +78 -17
  15. data/lib/aws-sdk-s3/bucket_website.rb +35 -10
  16. data/lib/aws-sdk-s3/client.rb +3854 -2120
  17. data/lib/aws-sdk-s3/client_api.rb +601 -208
  18. data/lib/aws-sdk-s3/customizations/bucket.rb +23 -47
  19. data/lib/aws-sdk-s3/customizations/errors.rb +27 -0
  20. data/lib/aws-sdk-s3/customizations/object.rb +130 -24
  21. data/lib/aws-sdk-s3/customizations/types/permanent_redirect.rb +26 -0
  22. data/lib/aws-sdk-s3/customizations.rb +2 -0
  23. data/lib/aws-sdk-s3/encryption/client.rb +7 -3
  24. data/lib/aws-sdk-s3/encryption/decrypt_handler.rb +0 -4
  25. data/lib/aws-sdk-s3/encryption/kms_cipher_provider.rb +13 -9
  26. data/lib/aws-sdk-s3/encryptionV2/client.rb +7 -3
  27. data/lib/aws-sdk-s3/encryptionV2/decrypt_handler.rb +1 -4
  28. data/lib/aws-sdk-s3/encryptionV2/encrypt_handler.rb +0 -4
  29. data/lib/aws-sdk-s3/encryptionV2/kms_cipher_provider.rb +10 -6
  30. data/lib/aws-sdk-s3/endpoint_parameters.rb +146 -0
  31. data/lib/aws-sdk-s3/endpoint_provider.rb +509 -0
  32. data/lib/aws-sdk-s3/endpoints.rb +2150 -0
  33. data/lib/aws-sdk-s3/file_downloader.rb +57 -27
  34. data/lib/aws-sdk-s3/file_uploader.rb +12 -5
  35. data/lib/aws-sdk-s3/multipart_file_uploader.rb +26 -7
  36. data/lib/aws-sdk-s3/multipart_stream_uploader.rb +41 -13
  37. data/lib/aws-sdk-s3/multipart_upload.rb +138 -16
  38. data/lib/aws-sdk-s3/multipart_upload_part.rb +144 -18
  39. data/lib/aws-sdk-s3/object.rb +364 -160
  40. data/lib/aws-sdk-s3/object_acl.rb +32 -9
  41. data/lib/aws-sdk-s3/object_copier.rb +7 -5
  42. data/lib/aws-sdk-s3/object_multipart_copier.rb +41 -19
  43. data/lib/aws-sdk-s3/object_summary.rb +291 -123
  44. data/lib/aws-sdk-s3/object_version.rb +99 -46
  45. data/lib/aws-sdk-s3/plugins/accelerate.rb +3 -44
  46. data/lib/aws-sdk-s3/plugins/arn.rb +22 -180
  47. data/lib/aws-sdk-s3/plugins/bucket_dns.rb +3 -39
  48. data/lib/aws-sdk-s3/plugins/bucket_name_restrictions.rb +1 -6
  49. data/lib/aws-sdk-s3/plugins/dualstack.rb +1 -55
  50. data/lib/aws-sdk-s3/plugins/endpoints.rb +262 -0
  51. data/lib/aws-sdk-s3/plugins/expect_100_continue.rb +2 -1
  52. data/lib/aws-sdk-s3/plugins/iad_regional_endpoint.rb +6 -29
  53. data/lib/aws-sdk-s3/plugins/md5s.rb +5 -3
  54. data/lib/aws-sdk-s3/plugins/s3_signer.rb +35 -100
  55. data/lib/aws-sdk-s3/plugins/skip_whole_multipart_get_checksums.rb +31 -0
  56. data/lib/aws-sdk-s3/plugins/streaming_retry.rb +23 -2
  57. data/lib/aws-sdk-s3/presigned_post.rb +99 -78
  58. data/lib/aws-sdk-s3/presigner.rb +24 -29
  59. data/lib/aws-sdk-s3/resource.rb +25 -3
  60. data/lib/aws-sdk-s3/types.rb +3307 -4625
  61. data/lib/aws-sdk-s3.rb +5 -1
  62. metadata +14 -11
  63. data/lib/aws-sdk-s3/arn/access_point_arn.rb +0 -69
  64. data/lib/aws-sdk-s3/arn/object_lambda_arn.rb +0 -69
  65. data/lib/aws-sdk-s3/arn/outpost_access_point_arn.rb +0 -73
  66. data/lib/aws-sdk-s3/plugins/object_lambda_endpoint.rb +0 -25
@@ -5,22 +5,6 @@ require 'uri'
5
5
  module Aws
6
6
  module S3
7
7
  class Bucket
8
- # Save the old initialize method so that we can call 'super'.
9
- old_initialize = instance_method(:initialize)
10
- # Make the method redefinable
11
- alias_method :initialize, :initialize
12
- # Define a new initialize method that extracts out a bucket ARN.
13
- define_method(:initialize) do |*args|
14
- old_initialize.bind(self).call(*args)
15
- resolved_region, arn = Plugins::ARN.resolve_arn!(
16
- name,
17
- client.config.region,
18
- client.config.s3_use_arn_region
19
- )
20
- @resolved_region = resolved_region
21
- @arn = arn
22
- end
23
-
24
8
  # Deletes all objects and versioned objects from this bucket
25
9
  #
26
10
  # @example
@@ -105,14 +89,27 @@ module Aws
105
89
  if options[:virtual_host]
106
90
  scheme = options.fetch(:secure, true) ? 'https' : 'http'
107
91
  "#{scheme}://#{name}"
108
- elsif @arn
109
- Plugins::ARN.resolve_url!(
110
- client.config.endpoint.dup,
111
- @arn,
112
- @resolved_region
113
- ).to_s
114
92
  else
115
- s3_bucket_url
93
+ # Taken from Aws::S3::Endpoints module
94
+ unless client.config.regional_endpoint
95
+ endpoint = client.config.endpoint.to_s
96
+ end
97
+ params = Aws::S3::EndpointParameters.new(
98
+ bucket: name,
99
+ region: client.config.region,
100
+ use_fips: client.config.use_fips_endpoint,
101
+ use_dual_stack: client.config.use_dualstack_endpoint,
102
+ endpoint: endpoint,
103
+ force_path_style: client.config.force_path_style,
104
+ accelerate: client.config.use_accelerate_endpoint,
105
+ use_global_endpoint: client.config.s3_us_east_1_regional_endpoint == 'legacy',
106
+ use_object_lambda_endpoint: nil,
107
+ disable_access_points: nil,
108
+ disable_multi_region_access_points: client.config.s3_disable_multiregion_access_points,
109
+ use_arn_region: client.config.s3_use_arn_region,
110
+ )
111
+ endpoint = Aws::S3::EndpointProvider.new.resolve_endpoint(params)
112
+ endpoint.url
116
113
  end
117
114
  end
118
115
 
@@ -137,34 +134,13 @@ module Aws
137
134
 
138
135
  # @api private
139
136
  def load
140
- @data = client.list_buckets.buckets.find { |b| b.name == name }
137
+ @data = Aws::Plugins::UserAgent.feature('resource') do
138
+ client.list_buckets.buckets.find { |b| b.name == name }
139
+ end
141
140
  raise "unable to load bucket #{name}" if @data.nil?
142
141
 
143
142
  self
144
143
  end
145
-
146
- private
147
-
148
- def s3_bucket_url
149
- url = client.config.endpoint.dup
150
- if bucket_as_hostname?(url.scheme == 'https')
151
- url.host = "#{name}.#{url.host}"
152
- else
153
- url.path += '/' unless url.path[-1] == '/'
154
- url.path += Seahorse::Util.uri_escape(name)
155
- end
156
- if (client.config.region == 'us-east-1') &&
157
- (client.config.s3_us_east_1_regional_endpoint == 'legacy')
158
- url.host = Plugins::IADRegionalEndpoint.legacy_host(url.host)
159
- end
160
- url.to_s
161
- end
162
-
163
- def bucket_as_hostname?(https)
164
- Plugins::BucketDns.dns_compatible?(name, https) &&
165
- !client.config.force_path_style
166
- end
167
-
168
144
  end
169
145
  end
170
146
  end
@@ -0,0 +1,27 @@
1
+ # frozen_string_literal: true
2
+
3
+ module Aws
4
+ module S3
5
+ module Errors
6
+ # Hijack PermanentRedirect dynamic error to also include endpoint
7
+ # and bucket.
8
+ class PermanentRedirect < ServiceError
9
+ # @param [Seahorse::Client::RequestContext] context
10
+ # @param [String] message
11
+ # @param [Aws::S3::Types::PermanentRedirect] _data
12
+ def initialize(context, message, _data = Aws::EmptyStructure.new)
13
+ data = Aws::S3::Types::PermanentRedirect.new(message: message)
14
+ body = context.http_response.body_contents
15
+ if (endpoint = body.match(/<Endpoint>(.+?)<\/Endpoint>/))
16
+ data.endpoint = endpoint[1]
17
+ end
18
+ if (bucket = body.match(/<Bucket>(.+?)<\/Bucket>/))
19
+ data.bucket = bucket[1]
20
+ end
21
+ data.region = context.http_response.headers['x-amz-bucket-region']
22
+ super(context, message, data)
23
+ end
24
+ end
25
+ end
26
+ end
27
+ end
@@ -27,10 +27,13 @@ module Aws
27
27
  # necessary for objects larger than 5GB and can provide
28
28
  # performance improvements on large objects. Amazon S3 does
29
29
  # not accept multipart copies for objects smaller than 5MB.
30
+ # Object metadata such as Content-Type will be copied, however,
31
+ # Checksums are not copied.
30
32
  #
31
33
  # @option options [Integer] :content_length Only used when
32
34
  # `:multipart_copy` is `true`. Passing this options avoids a HEAD
33
- # request to query the source object size. Raises an `ArgumentError` if
35
+ # request to query the source object size but prevents object metadata
36
+ # from being copied. Raises an `ArgumentError` if
34
37
  # this option is provided when `:multipart_copy` is `false` or not set.
35
38
  #
36
39
  # @option options [S3::Client] :copy_source_client Only used when
@@ -43,6 +46,14 @@ module Aws
43
46
  # different region. You do not need to specify this option
44
47
  # if you have provided a `:source_client` or a `:content_length`.
45
48
  #
49
+ # @option options [Boolean] :use_source_parts (false) Only used when
50
+ # `:multipart_copy` is `true`. Use part sizes defined on the source
51
+ # object if any exist. If copying or moving an object that
52
+ # is already multipart, this does not re-part the object, instead
53
+ # re-using the part definitions on the original. That means the etag
54
+ # and any checksums will not change. This is especially useful if the
55
+ # source object has parts with varied sizes.
56
+ #
46
57
  # @example Basic object copy
47
58
  #
48
59
  # bucket = Aws::S3::Bucket.new('target-bucket')
@@ -65,11 +76,13 @@ module Aws
65
76
  # @see #copy_to
66
77
  #
67
78
  def copy_from(source, options = {})
68
- if Hash === source && source[:copy_source]
69
- # for backwards compatibility
70
- @client.copy_object(source.merge(bucket: bucket_name, key: key))
71
- else
72
- ObjectCopier.new(self, options).copy_from(source, options)
79
+ Aws::Plugins::UserAgent.feature('resource') do
80
+ if Hash === source && source[:copy_source]
81
+ # for backwards compatibility
82
+ @client.copy_object(source.merge(bucket: bucket_name, key: key))
83
+ else
84
+ ObjectCopier.new(self, options).copy_from(source, options)
85
+ end
73
86
  end
74
87
  end
75
88
 
@@ -106,7 +119,9 @@ module Aws
106
119
  # object.copy_to('src-bucket/src-key', multipart_copy: true)
107
120
  #
108
121
  def copy_to(target, options = {})
109
- ObjectCopier.new(self, options).copy_to(target, options)
122
+ Aws::Plugins::UserAgent.feature('resource') do
123
+ ObjectCopier.new(self, options).copy_to(target, options)
124
+ end
110
125
  end
111
126
 
112
127
  # Copies and deletes the current object. The object will only be deleted
@@ -161,7 +176,7 @@ module Aws
161
176
  #
162
177
  # @param [Symbol] method
163
178
  # The S3 operation to generate a presigned URL for. Valid values
164
- # are `:get`, `:put`, `:head`, `:delete`, `:create_multipart_upload`,
179
+ # are `:get`, `:put`, `:head`, `:delete`, `:create_multipart_upload`,
165
180
  # `:list_multipart_uploads`, `:complete_multipart_upload`,
166
181
  # `:abort_multipart_upload`, `:list_parts`, and `:upload_part`.
167
182
  #
@@ -215,6 +230,79 @@ module Aws
215
230
  )
216
231
  end
217
232
 
233
+ # Allows you to create presigned URL requests for S3 operations. This
234
+ # method returns a tuple containing the URL and the signed X-amz-* headers
235
+ # to be used with the presigned url.
236
+ #
237
+ # @example Pre-signed GET URL, valid for one hour
238
+ #
239
+ # obj.presigned_request(:get, expires_in: 3600)
240
+ # #=> ["https://bucket-name.s3.amazonaws.com/object-key?...", {}]
241
+ #
242
+ # @example Pre-signed PUT with a canned ACL
243
+ #
244
+ # # the object uploaded using this URL will be publicly accessible
245
+ # obj.presigned_request(:put, acl: 'public-read')
246
+ # #=> ["https://bucket-name.s3.amazonaws.com/object-key?...",
247
+ # {"x-amz-acl"=>"public-read"}]
248
+ #
249
+ # @param [Symbol] method
250
+ # The S3 operation to generate a presigned request for. Valid values
251
+ # are `:get`, `:put`, `:head`, `:delete`, `:create_multipart_upload`,
252
+ # `:list_multipart_uploads`, `:complete_multipart_upload`,
253
+ # `:abort_multipart_upload`, `:list_parts`, and `:upload_part`.
254
+ #
255
+ # @param [Hash] params
256
+ # Additional request parameters to use when generating the pre-signed
257
+ # request. See the related documentation in {Client} for accepted
258
+ # params.
259
+ #
260
+ # | Method | Client Method |
261
+ # |------------------------------|------------------------------------|
262
+ # | `:get` | {Client#get_object} |
263
+ # | `:put` | {Client#put_object} |
264
+ # | `:head` | {Client#head_object} |
265
+ # | `:delete` | {Client#delete_object} |
266
+ # | `:create_multipart_upload` | {Client#create_multipart_upload} |
267
+ # | `:list_multipart_uploads` | {Client#list_multipart_uploads} |
268
+ # | `:complete_multipart_upload` | {Client#complete_multipart_upload} |
269
+ # | `:abort_multipart_upload` | {Client#abort_multipart_upload} |
270
+ # | `:list_parts` | {Client#list_parts} |
271
+ # | `:upload_part` | {Client#upload_part} |
272
+ #
273
+ # @option params [Boolean] :virtual_host (false) When `true` the
274
+ # presigned URL will use the bucket name as a virtual host.
275
+ #
276
+ # bucket = Aws::S3::Bucket.new('my.bucket.com')
277
+ # bucket.object('key').presigned_request(virtual_host: true)
278
+ # #=> ["http://my.bucket.com/key?...", {}]
279
+ #
280
+ # @option params [Integer] :expires_in (900) Number of seconds before
281
+ # the pre-signed URL expires. This may not exceed one week (604800
282
+ # seconds). Note that the pre-signed URL is also only valid as long as
283
+ # credentials used to sign it are. For example, when using IAM roles,
284
+ # temporary tokens generated for signing also have a default expiration
285
+ # which will affect the effective expiration of the pre-signed URL.
286
+ #
287
+ # @raise [ArgumentError] Raised if `:expires_in` exceeds one week
288
+ # (604800 seconds).
289
+ #
290
+ # @return [String, Hash] A tuple with a presigned URL and headers that
291
+ # should be included with the request.
292
+ #
293
+ def presigned_request(method, params = {})
294
+ presigner = Presigner.new(client: client)
295
+
296
+ if %w(delete head get put).include?(method.to_s)
297
+ method = "#{method}_object".to_sym
298
+ end
299
+
300
+ presigner.presigned_request(
301
+ method.downcase,
302
+ params.merge(bucket: bucket_name, key: key)
303
+ )
304
+ end
305
+
218
306
  # Returns the public (un-signed) URL for this object.
219
307
  #
220
308
  # s3.bucket('bucket-name').object('obj-key').public_url
@@ -295,10 +383,12 @@ module Aws
295
383
  tempfile: uploading_options.delete(:tempfile),
296
384
  part_size: uploading_options.delete(:part_size)
297
385
  )
298
- uploader.upload(
299
- uploading_options.merge(bucket: bucket_name, key: key),
300
- &block
301
- )
386
+ Aws::Plugins::UserAgent.feature('resource') do
387
+ uploader.upload(
388
+ uploading_options.merge(bucket: bucket_name, key: key),
389
+ &block
390
+ )
391
+ end
302
392
  true
303
393
  end
304
394
 
@@ -327,7 +417,7 @@ module Aws
327
417
  # progress = Proc.new do |bytes, totals|
328
418
  # puts bytes.map.with_index { |b, i| "Part #{i+1}: #{b} / #{totals[i]}"}.join(' ') + "Total: #{100.0 * bytes.sum / totals.sum }%" }
329
419
  # end
330
- # obj.upload_file('/path/to/file')
420
+ # obj.upload_file('/path/to/file', progress_callback: progress)
331
421
  #
332
422
  # @param [String, Pathname, File, Tempfile] source A file on the local
333
423
  # file system that will be uploaded as this object. This can either be
@@ -337,10 +427,10 @@ module Aws
337
427
  # using an open Tempfile, rewind it before uploading or else the object
338
428
  # will be empty.
339
429
  #
340
- # @option options [Integer] :multipart_threshold (15728640) Files larger
430
+ # @option options [Integer] :multipart_threshold (104857600) Files larger
341
431
  # than or equal to `:multipart_threshold` are uploaded using the S3
342
432
  # multipart APIs.
343
- # Default threshold is 15MB.
433
+ # Default threshold is 100MB.
344
434
  #
345
435
  # @option options [Integer] :thread_count (10) The number of parallel
346
436
  # multipart uploads. This option is not used if the file is smaller than
@@ -364,10 +454,12 @@ module Aws
364
454
  multipart_threshold: uploading_options.delete(:multipart_threshold),
365
455
  client: client
366
456
  )
367
- response = uploader.upload(
368
- source,
369
- uploading_options.merge(bucket: bucket_name, key: key)
370
- )
457
+ response = Aws::Plugins::UserAgent.feature('resource') do
458
+ uploader.upload(
459
+ source,
460
+ uploading_options.merge(bucket: bucket_name, key: key)
461
+ )
462
+ end
371
463
  yield response if block_given?
372
464
  true
373
465
  end
@@ -391,7 +483,7 @@ module Aws
391
483
  # customizing each range size in multipart_download,
392
484
  # By default, `auto` mode is enabled, which performs multipart_download
393
485
  #
394
- # @option options [String] chunk_size required in get_range mode.
486
+ # @option options [Integer] chunk_size required in get_range mode.
395
487
  #
396
488
  # @option options [Integer] thread_count (10) Customize threads used in
397
489
  # the multipart download.
@@ -400,14 +492,28 @@ module Aws
400
492
  # retrieve the object. For more about object versioning, see:
401
493
  # https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectVersioning.html
402
494
  #
495
+ # @option options [String] checksum_mode (ENABLED) When `ENABLED` and
496
+ # the object has a stored checksum, it will be used to validate the
497
+ # download and will raise an `Aws::Errors::ChecksumError` if
498
+ # checksum validation fails. You may provide a `on_checksum_validated`
499
+ # callback if you need to verify that validation occured and which
500
+ # algorithm was used.
501
+ #
502
+ # @option options [Callable] on_checksum_validated Called each time a
503
+ # request's checksum is validated with the checksum algorithm and the
504
+ # response. For multipart downloads, this will be called for each
505
+ # part that is downloaded and validated.
506
+ #
403
507
  # @return [Boolean] Returns `true` when the file is downloaded without
404
508
  # any errors.
405
509
  def download_file(destination, options = {})
406
510
  downloader = FileDownloader.new(client: client)
407
- downloader.download(
408
- destination,
409
- options.merge(bucket: bucket_name, key: key)
410
- )
511
+ Aws::Plugins::UserAgent.feature('resource') do
512
+ downloader.download(
513
+ destination,
514
+ options.merge(bucket: bucket_name, key: key)
515
+ )
516
+ end
411
517
  true
412
518
  end
413
519
  end
@@ -0,0 +1,26 @@
1
+ # frozen_string_literal: true
2
+
3
+ module Aws
4
+ module S3
5
+ module Types
6
+ # This error is not modeled.
7
+ #
8
+ # The bucket you are attempting to access must be addressed using the
9
+ # specified endpoint. Please send all future requests to this endpoint.
10
+ #
11
+ # @!attribute [rw] endpoint
12
+ # @return [String]
13
+ #
14
+ # @!attribute [rw] bucket
15
+ # @return [String]
16
+ #
17
+ # @!attribute [rw] message
18
+ # @return [String]
19
+ #
20
+ class PermanentRedirect < Struct.new(:endpoint, :bucket, :region, :message)
21
+ SENSITIVE = []
22
+ include Aws::Structure
23
+ end
24
+ end
25
+ end
26
+ end
@@ -18,10 +18,12 @@ require 'aws-sdk-s3/presigner'
18
18
 
19
19
  # customizations to generated classes
20
20
  require 'aws-sdk-s3/customizations/bucket'
21
+ require 'aws-sdk-s3/customizations/errors'
21
22
  require 'aws-sdk-s3/customizations/object'
22
23
  require 'aws-sdk-s3/customizations/object_summary'
23
24
  require 'aws-sdk-s3/customizations/multipart_upload'
24
25
  require 'aws-sdk-s3/customizations/types/list_object_versions_output'
26
+ require 'aws-sdk-s3/customizations/types/permanent_redirect'
25
27
 
26
28
  [
27
29
  Aws::S3::Object::Collection,
@@ -120,7 +120,7 @@ module Aws
120
120
  # attr_reader :encryption_materials
121
121
  #
122
122
  # def key_for(matdesc)
123
- # key_name = JSON.load(matdesc)['key']
123
+ # key_name = JSON.parse(matdesc)['key']
124
124
  # if key = @keys[key_name]
125
125
  # key
126
126
  # else
@@ -270,7 +270,9 @@ module Aws
270
270
  envelope_location: @envelope_location,
271
271
  instruction_file_suffix: @instruction_file_suffix,
272
272
  }
273
- req.send_request
273
+ Aws::Plugins::UserAgent.feature('S3CryptoV1n') do
274
+ req.send_request
275
+ end
274
276
  end
275
277
 
276
278
  # Gets an object from Amazon S3, decrypting data locally.
@@ -298,7 +300,9 @@ module Aws
298
300
  envelope_location: envelope_location,
299
301
  instruction_file_suffix: instruction_file_suffix,
300
302
  }
301
- req.send_request(target: block)
303
+ Aws::Plugins::UserAgent.feature('S3CryptoV1n') do
304
+ req.send_request(target: block)
305
+ end
302
306
  end
303
307
 
304
308
  private
@@ -165,10 +165,6 @@ module Aws
165
165
  # to initialize the cipher, and the decrypter truncates the
166
166
  # auth tag from the body when writing the final bytes.
167
167
  def authenticated_decrypter(context, cipher, envelope)
168
- if RUBY_VERSION.match(/1.9/)
169
- raise "authenticated decryption not supported by OpenSSL in Ruby version ~> 1.9"
170
- raise Aws::Errors::NonSupportedRubyVersionError, msg
171
- end
172
168
  http_resp = context.http_response
173
169
  content_length = http_resp.headers['content-length'].to_i
174
170
  auth_tag_length = auth_tag_length(envelope)
@@ -17,11 +17,13 @@ module Aws
17
17
  # envelope and encryption cipher.
18
18
  def encryption_cipher
19
19
  encryption_context = { "kms_cmk_id" => @kms_key_id }
20
- key_data = @kms_client.generate_data_key(
21
- key_id: @kms_key_id,
22
- encryption_context: encryption_context,
23
- key_spec: 'AES_256',
24
- )
20
+ key_data = Aws::Plugins::UserAgent.feature('S3CryptoV1n') do
21
+ @kms_client.generate_data_key(
22
+ key_id: @kms_key_id,
23
+ encryption_context: encryption_context,
24
+ key_spec: 'AES_256'
25
+ )
26
+ end
25
27
  cipher = Utils.aes_encryption_cipher(:CBC)
26
28
  cipher.key = key_data.plaintext
27
29
  envelope = {
@@ -58,10 +60,12 @@ module Aws
58
60
  "#{envelope['x-amz-wrap-alg']}"
59
61
  end
60
62
 
61
- key = @kms_client.decrypt(
62
- ciphertext_blob: decode64(envelope['x-amz-key-v2']),
63
- encryption_context: encryption_context
64
- ).plaintext
63
+ key = Aws::Plugins::UserAgent.feature('S3CryptoV1n') do
64
+ @kms_client.decrypt(
65
+ ciphertext_blob: decode64(envelope['x-amz-key-v2']),
66
+ encryption_context: encryption_context
67
+ ).plaintext
68
+ end
65
69
 
66
70
  iv = decode64(envelope['x-amz-iv'])
67
71
  block_mode =
@@ -157,7 +157,7 @@ module Aws
157
157
  # attr_reader :encryption_materials
158
158
  #
159
159
  # def key_for(matdesc)
160
- # key_name = JSON.load(matdesc)['key']
160
+ # key_name = JSON.parse(matdesc)['key']
161
161
  # if key = @keys[key_name]
162
162
  # key
163
163
  # else
@@ -361,7 +361,9 @@ module Aws
361
361
  instruction_file_suffix: @instruction_file_suffix,
362
362
  kms_encryption_context: kms_encryption_context
363
363
  }
364
- req.send_request
364
+ Aws::Plugins::UserAgent.feature('S3CryptoV2') do
365
+ req.send_request
366
+ end
365
367
  end
366
368
 
367
369
  # Gets an object from Amazon S3, decrypting data locally.
@@ -414,7 +416,9 @@ module Aws
414
416
  kms_allow_decrypt_with_any_cmk: kms_any_cmk_mode,
415
417
  security_profile: security_profile
416
418
  }
417
- req.send_request(target: block)
419
+ Aws::Plugins::UserAgent.feature('S3CryptoV2') do
420
+ req.send_request(target: block)
421
+ end
418
422
  end
419
423
 
420
424
  private
@@ -166,10 +166,6 @@ module Aws
166
166
  # to initialize the cipher, and the decrypter truncates the
167
167
  # auth tag from the body when writing the final bytes.
168
168
  def authenticated_decrypter(context, cipher, envelope)
169
- if RUBY_VERSION.match(/1.9/)
170
- raise "authenticated decryption not supported by OpenSSL in Ruby version ~> 1.9"
171
- raise Aws::Errors::NonSupportedRubyVersionError, msg
172
- end
173
169
  http_resp = context.http_response
174
170
  content_length = http_resp.headers['content-length'].to_i
175
171
  auth_tag_length = auth_tag_length(envelope)
@@ -177,6 +173,7 @@ module Aws
177
173
  auth_tag = context.client.get_object(
178
174
  bucket: context.params[:bucket],
179
175
  key: context.params[:key],
176
+ version_id: context.params[:version_id],
180
177
  range: "bytes=-#{auth_tag_length}"
181
178
  ).body.read
182
179
 
@@ -9,10 +9,6 @@ module Aws
9
9
  class EncryptHandler < Seahorse::Client::Handler
10
10
 
11
11
  def call(context)
12
- if RUBY_VERSION.match(/1.9/)
13
- raise "authenticated encryption not supported by OpenSSL in Ruby version ~> 1.9"
14
- raise Aws::Errors::NonSupportedRubyVersionError, msg
15
- end
16
12
  envelope, cipher = context[:encryption][:cipher_provider]
17
13
  .encryption_cipher(
18
14
  kms_encryption_context: context[:encryption][:kms_encryption_context]
@@ -24,11 +24,13 @@ module Aws
24
24
  def encryption_cipher(options = {})
25
25
  validate_key_for_encryption
26
26
  encryption_context = build_encryption_context(@content_encryption_schema, options)
27
- key_data = @kms_client.generate_data_key(
28
- key_id: @kms_key_id,
29
- encryption_context: encryption_context,
30
- key_spec: 'AES_256'
31
- )
27
+ key_data = Aws::Plugins::UserAgent.feature('S3CryptoV2') do
28
+ @kms_client.generate_data_key(
29
+ key_id: @kms_key_id,
30
+ encryption_context: encryption_context,
31
+ key_spec: 'AES_256'
32
+ )
33
+ end
32
34
  cipher = Utils.aes_encryption_cipher(:GCM)
33
35
  cipher.key = key_data.plaintext
34
36
  envelope = {
@@ -83,7 +85,9 @@ module Aws
83
85
  decrypt_options[:key_id] = @kms_key_id
84
86
  end
85
87
 
86
- key = @kms_client.decrypt(decrypt_options).plaintext
88
+ key = Aws::Plugins::UserAgent.feature('S3CryptoV2') do
89
+ @kms_client.decrypt(decrypt_options).plaintext
90
+ end
87
91
  iv = decode64(envelope['x-amz-iv'])
88
92
  block_mode =
89
93
  case cek_alg