aws-sdk-s3 1.96.2 → 1.132.0

data/lib/aws-sdk-s3/customizations/bucket.rb

@@ -5,22 +5,6 @@ require 'uri'
 module Aws
   module S3
     class Bucket
-      # Save the old initialize method so that we can call 'super'.
-      old_initialize = instance_method(:initialize)
-      # Make the method redefinable
-      alias_method :initialize, :initialize
-      # Define a new initialize method that extracts out a bucket ARN.
-      define_method(:initialize) do |*args|
-        old_initialize.bind(self).call(*args)
-        resolved_region, arn = Plugins::ARN.resolve_arn!(
-          name,
-          client.config.region,
-          client.config.s3_use_arn_region
-        )
-        @resolved_region = resolved_region
-        @arn = arn
-      end
-
       # Deletes all objects and versioned objects from this bucket
       #
       # @example
@@ -105,14 +89,27 @@ module Aws
         if options[:virtual_host]
           scheme = options.fetch(:secure, true) ? 'https' : 'http'
           "#{scheme}://#{name}"
-        elsif @arn
-          Plugins::ARN.resolve_url!(
-            client.config.endpoint.dup,
-            @arn,
-            @resolved_region
-          ).to_s
         else
-          s3_bucket_url
+          # Taken from Aws::S3::Endpoints module
+          unless client.config.regional_endpoint
+            endpoint = client.config.endpoint.to_s
+          end
+          params = Aws::S3::EndpointParameters.new(
+            bucket: name,
+            region: client.config.region,
+            use_fips: client.config.use_fips_endpoint,
+            use_dual_stack: client.config.use_dualstack_endpoint,
+            endpoint: endpoint,
+            force_path_style: client.config.force_path_style,
+            accelerate: client.config.use_accelerate_endpoint,
+            use_global_endpoint: client.config.s3_us_east_1_regional_endpoint == 'legacy',
+            use_object_lambda_endpoint: nil,
+            disable_access_points: nil,
+            disable_multi_region_access_points: client.config.s3_disable_multiregion_access_points,
+            use_arn_region: client.config.s3_use_arn_region,
+          )
+          endpoint = Aws::S3::EndpointProvider.new.resolve_endpoint(params)
+          endpoint.url
         end
       end
 
@@ -137,34 +134,13 @@ module Aws
 
       # @api private
       def load
-        @data = client.list_buckets.buckets.find { |b| b.name == name }
+        @data = Aws::Plugins::UserAgent.feature('resource') do
+          client.list_buckets.buckets.find { |b| b.name == name }
+        end
         raise "unable to load bucket #{name}" if @data.nil?
 
         self
       end
-
-      private
-
-      def s3_bucket_url
-        url = client.config.endpoint.dup
-        if bucket_as_hostname?(url.scheme == 'https')
-          url.host = "#{name}.#{url.host}"
-        else
-          url.path += '/' unless url.path[-1] == '/'
-          url.path += Seahorse::Util.uri_escape(name)
-        end
-        if (client.config.region == 'us-east-1') &&
-           (client.config.s3_us_east_1_regional_endpoint == 'legacy')
-          url.host = Plugins::IADRegionalEndpoint.legacy_host(url.host)
-        end
-        url.to_s
-      end
-
-      def bucket_as_hostname?(https)
-        Plugins::BucketDns.dns_compatible?(name, https) &&
-          !client.config.force_path_style
-      end
-
     end
   end
 end

data/lib/aws-sdk-s3/customizations/errors.rb

@@ -0,0 +1,27 @@
+# frozen_string_literal: true
+
+module Aws
+  module S3
+    module Errors
+      # Hijack PermanentRedirect dynamic error to also include endpoint
+      # and bucket.
+      class PermanentRedirect < ServiceError
+        # @param [Seahorse::Client::RequestContext] context
+        # @param [String] message
+        # @param [Aws::S3::Types::PermanentRedirect] _data
+        def initialize(context, message, _data = Aws::EmptyStructure.new)
+          data = Aws::S3::Types::PermanentRedirect.new(message: message)
+          body = context.http_response.body_contents
+          if (endpoint = body.match(/<Endpoint>(.+?)<\/Endpoint>/))
+            data.endpoint = endpoint[1]
+          end
+          if (bucket = body.match(/<Bucket>(.+?)<\/Bucket>/))
+            data.bucket = bucket[1]
+          end
+          data.region = context.http_response.headers['x-amz-bucket-region']
+          super(context, message, data)
+        end
+      end
+    end
+  end
+end

data/lib/aws-sdk-s3/customizations/object.rb

@@ -27,10 +27,13 @@ module Aws
       #   necessary for objects larger than 5GB and can provide
       #   performance improvements on large objects. Amazon S3 does
       #   not accept multipart copies for objects smaller than 5MB.
+      #   Object metadata such as Content-Type will be copied, however,
+      #   Checksums are not copied.
       #
       # @option options [Integer] :content_length Only used when
       #   `:multipart_copy` is `true`. Passing this options avoids a HEAD
-      #   request to query the source object size. Raises an `ArgumentError` if
+      #   request to query the source object size but prevents object metadata
+      #   from being copied. Raises an `ArgumentError` if
       #   this option is provided when `:multipart_copy` is `false` or not set.
       #
       # @option options [S3::Client] :copy_source_client Only used when
@@ -43,6 +46,14 @@ module Aws
       #   different region. You do not need to specify this option
       #   if you have provided a `:source_client` or a `:content_length`.
       #
+      # @option options [Boolean] :use_source_parts (false) Only used when
+      #   `:multipart_copy` is `true`. Use part sizes defined on the source
+      #   object if any exist. If copying or moving an object that
+      #   is already multipart, this does not re-part the object, instead
+      #   re-using the part definitions on the original. That means the etag
+      #   and any checksums will not change. This is especially useful if the
+      #   source object has parts with varied sizes.
+      #
       # @example Basic object copy
       #
       #   bucket = Aws::S3::Bucket.new('target-bucket')
@@ -65,11 +76,13 @@ module Aws
       # @see #copy_to
       #
       def copy_from(source, options = {})
-        if Hash === source && source[:copy_source]
-          # for backwards compatibility
-          @client.copy_object(source.merge(bucket: bucket_name, key: key))
-        else
-          ObjectCopier.new(self, options).copy_from(source, options)
+        Aws::Plugins::UserAgent.feature('resource') do
+          if Hash === source && source[:copy_source]
+            # for backwards compatibility
+            @client.copy_object(source.merge(bucket: bucket_name, key: key))
+          else
+            ObjectCopier.new(self, options).copy_from(source, options)
+          end
         end
       end
 
@@ -106,7 +119,9 @@ module Aws
       #   object.copy_to('src-bucket/src-key', multipart_copy: true)
       #
       def copy_to(target, options = {})
-        ObjectCopier.new(self, options).copy_to(target, options)
+        Aws::Plugins::UserAgent.feature('resource') do
+          ObjectCopier.new(self, options).copy_to(target, options)
+        end
       end
 
       # Copies and deletes the current object. The object will only be deleted
@@ -161,7 +176,7 @@ module Aws
       #
       # @param [Symbol] method
       #   The S3 operation to generate a presigned URL for. Valid values
-      #   are `:get`, `:put`, `:head`, `:delete`, `:create_multipart_upload`, 
+      #   are `:get`, `:put`, `:head`, `:delete`, `:create_multipart_upload`,
       #   `:list_multipart_uploads`, `:complete_multipart_upload`,
       #   `:abort_multipart_upload`, `:list_parts`, and `:upload_part`.
       #
@@ -215,6 +230,79 @@ module Aws
         )
       end
 
+      # Allows you to create presigned URL requests for S3 operations. This
+      # method returns a tuple containing the URL and the signed X-amz-* headers
+      # to be used with the presigned url.
+      #
+      # @example Pre-signed GET URL, valid for one hour
+      #
+      #     obj.presigned_request(:get, expires_in: 3600)
+      #     #=> ["https://bucket-name.s3.amazonaws.com/object-key?...", {}]
+      #
+      # @example Pre-signed PUT with a canned ACL
+      #
+      #     # the object uploaded using this URL will be publicly accessible
+      #     obj.presigned_request(:put, acl: 'public-read')
+      #     #=> ["https://bucket-name.s3.amazonaws.com/object-key?...",
+      #      {"x-amz-acl"=>"public-read"}]
+      #
+      # @param [Symbol] method
+      #   The S3 operation to generate a presigned request for. Valid values
+      #   are `:get`, `:put`, `:head`, `:delete`, `:create_multipart_upload`,
+      #   `:list_multipart_uploads`, `:complete_multipart_upload`,
+      #   `:abort_multipart_upload`, `:list_parts`, and `:upload_part`.
+      #
+      # @param [Hash] params
+      #   Additional request parameters to use when generating the pre-signed
+      #   request. See the related documentation in {Client} for accepted
+      #   params.
+      #
+      #   | Method                       | Client Method                      |
+      #   |------------------------------|------------------------------------|
+      #   | `:get`                       | {Client#get_object}                |
+      #   | `:put`                       | {Client#put_object}                |
+      #   | `:head`                      | {Client#head_object}               |
+      #   | `:delete`                    | {Client#delete_object}             |
+      #   | `:create_multipart_upload`   | {Client#create_multipart_upload}   |
+      #   | `:list_multipart_uploads`    | {Client#list_multipart_uploads}    |
+      #   | `:complete_multipart_upload` | {Client#complete_multipart_upload} |
+      #   | `:abort_multipart_upload`    | {Client#abort_multipart_upload}    |
+      #   | `:list_parts`                | {Client#list_parts}                |
+      #   | `:upload_part`               | {Client#upload_part}               |
+      #
+      # @option params [Boolean] :virtual_host (false) When `true` the
+      #   presigned URL will use the bucket name as a virtual host.
+      #
+      #     bucket = Aws::S3::Bucket.new('my.bucket.com')
+      #     bucket.object('key').presigned_request(virtual_host: true)
+      #     #=> ["http://my.bucket.com/key?...", {}]
+      #
+      # @option params [Integer] :expires_in (900) Number of seconds before
+      #   the pre-signed URL expires. This may not exceed one week (604800
+      #   seconds). Note that the pre-signed URL is also only valid as long as
+      #   credentials used to sign it are. For example, when using IAM roles,
+      #   temporary tokens generated for signing also have a default expiration
+      #   which will affect the effective expiration of the pre-signed URL.
+      #
+      # @raise [ArgumentError] Raised if `:expires_in` exceeds one week
+      #   (604800 seconds).
+      #
+      # @return [String, Hash] A tuple with a presigned URL and headers that
+      #   should be included with the request.
+      #
+      def presigned_request(method, params = {})
+        presigner = Presigner.new(client: client)
+
+        if %w(delete head get put).include?(method.to_s)
+          method = "#{method}_object".to_sym
+        end
+
+        presigner.presigned_request(
+          method.downcase,
+          params.merge(bucket: bucket_name, key: key)
+        )
+      end
+
       # Returns the public (un-signed) URL for this object.
       #
       #     s3.bucket('bucket-name').object('obj-key').public_url
@@ -295,10 +383,12 @@ module Aws
           tempfile: uploading_options.delete(:tempfile),
           part_size: uploading_options.delete(:part_size)
         )
-        uploader.upload(
-          uploading_options.merge(bucket: bucket_name, key: key),
-          &block
-        )
+        Aws::Plugins::UserAgent.feature('resource') do
+          uploader.upload(
+            uploading_options.merge(bucket: bucket_name, key: key),
+            &block
+          )
+        end
         true
       end
 
@@ -327,7 +417,7 @@ module Aws
       #     progress = Proc.new do |bytes, totals|
       #       puts bytes.map.with_index { |b, i| "Part #{i+1}: #{b} / #{totals[i]}"}.join(' ') + "Total: #{100.0 * bytes.sum / totals.sum }%" }
       #     end
-      #     obj.upload_file('/path/to/file')
+      #     obj.upload_file('/path/to/file', progress_callback: progress)
       #
       # @param [String, Pathname, File, Tempfile] source A file on the local
       #   file system that will be uploaded as this object. This can either be
@@ -337,10 +427,10 @@ module Aws
       #   using an open Tempfile, rewind it before uploading or else the object
       #   will be empty.
       #
-      # @option options [Integer] :multipart_threshold (15728640) Files larger
+      # @option options [Integer] :multipart_threshold (104857600) Files larger
       #   than or equal to `:multipart_threshold` are uploaded using the S3
       #   multipart APIs.
-      #   Default threshold is 15MB.
+      #   Default threshold is 100MB.
       #
       # @option options [Integer] :thread_count (10) The number of parallel
       #   multipart uploads. This option is not used if the file is smaller than
@@ -364,10 +454,12 @@ module Aws
           multipart_threshold: uploading_options.delete(:multipart_threshold),
           client: client
         )
-        response = uploader.upload(
-          source,
-          uploading_options.merge(bucket: bucket_name, key: key)
-        )
+        response = Aws::Plugins::UserAgent.feature('resource') do
+          uploader.upload(
+            source,
+            uploading_options.merge(bucket: bucket_name, key: key)
+          )
+        end
         yield response if block_given?
         true
       end
@@ -391,7 +483,7 @@ module Aws
       #  customizing each range size in multipart_download,
       #  By default, `auto` mode is enabled, which performs multipart_download
       #
-      # @option options [String] chunk_size required in get_range mode.
+      # @option options [Integer] chunk_size required in get_range mode.
       #
       # @option options [Integer] thread_count (10) Customize threads used in
       #   the multipart download.
@@ -400,14 +492,28 @@ module Aws
       #   retrieve the object. For more about object versioning, see:
       #   https://docs.aws.amazon.com/AmazonS3/latest/dev/ObjectVersioning.html
       #
+      # @option options [String] checksum_mode (ENABLED) When `ENABLED` and
+      #   the object has a stored checksum, it will be used to validate the
+      #   download and will raise an `Aws::Errors::ChecksumError` if
+      #   checksum validation fails. You may provide a `on_checksum_validated`
+      #   callback if you need to verify that validation occured and which
+      #   algorithm was used.
+      #
+      # @option options [Callable] on_checksum_validated Called each time a
+      #   request's checksum is validated with the checksum algorithm and the
+      #   response.  For multipart downloads, this will be called for each
+      #   part that is downloaded and validated.
+      #
       # @return [Boolean] Returns `true` when the file is downloaded without
       #   any errors.
       def download_file(destination, options = {})
         downloader = FileDownloader.new(client: client)
-        downloader.download(
-          destination,
-          options.merge(bucket: bucket_name, key: key)
-        )
+        Aws::Plugins::UserAgent.feature('resource') do
+          downloader.download(
+            destination,
+            options.merge(bucket: bucket_name, key: key)
+          )
+        end
         true
       end
     end

data/lib/aws-sdk-s3/customizations/types/permanent_redirect.rb

@@ -0,0 +1,26 @@
+# frozen_string_literal: true
+
+module Aws
+  module S3
+    module Types
+      # This error is not modeled.
+      #
+      # The bucket you are attempting to access must be addressed using the
+      # specified endpoint. Please send all future requests to this endpoint.
+      #
+      # @!attribute [rw] endpoint
+      #   @return [String]
+      #
+      # @!attribute [rw] bucket
+      #   @return [String]
+      #
+      # @!attribute [rw] message
+      #   @return [String]
+      #
+      class PermanentRedirect < Struct.new(:endpoint, :bucket, :region, :message)
+        SENSITIVE = []
+        include Aws::Structure
+      end
+    end
+  end
+end

data/lib/aws-sdk-s3/customizations.rb

@@ -18,10 +18,12 @@ require 'aws-sdk-s3/presigner'
 
 # customizations to generated classes
 require 'aws-sdk-s3/customizations/bucket'
+require 'aws-sdk-s3/customizations/errors'
 require 'aws-sdk-s3/customizations/object'
 require 'aws-sdk-s3/customizations/object_summary'
 require 'aws-sdk-s3/customizations/multipart_upload'
 require 'aws-sdk-s3/customizations/types/list_object_versions_output'
+require 'aws-sdk-s3/customizations/types/permanent_redirect'
 
 [
   Aws::S3::Object::Collection,

data/lib/aws-sdk-s3/encryption/client.rb

@@ -120,7 +120,7 @@ module Aws
     #       attr_reader :encryption_materials
     #
     #       def key_for(matdesc)
-    #         key_name = JSON.load(matdesc)['key']
+    #         key_name = JSON.parse(matdesc)['key']
     #         if key = @keys[key_name]
     #           key
     #         else
@@ -270,7 +270,9 @@ module Aws
             envelope_location: @envelope_location,
             instruction_file_suffix: @instruction_file_suffix,
           }
-          req.send_request
+          Aws::Plugins::UserAgent.feature('S3CryptoV1n') do
+            req.send_request
+          end
         end
 
         # Gets an object from Amazon S3, decrypting  data locally.
@@ -298,7 +300,9 @@ module Aws
             envelope_location: envelope_location,
             instruction_file_suffix: instruction_file_suffix,
           }
-          req.send_request(target: block)
+          Aws::Plugins::UserAgent.feature('S3CryptoV1n') do
+            req.send_request(target: block)
+          end
         end
 
         private

data/lib/aws-sdk-s3/encryption/decrypt_handler.rb

@@ -165,10 +165,6 @@ module Aws
         # to initialize the cipher, and the decrypter truncates the
         # auth tag from the body when writing the final bytes.
         def authenticated_decrypter(context, cipher, envelope)
-          if RUBY_VERSION.match(/1.9/)
-            raise "authenticated decryption not supported by OpenSSL in Ruby version ~> 1.9"
-            raise Aws::Errors::NonSupportedRubyVersionError, msg
-          end
           http_resp = context.http_response
           content_length = http_resp.headers['content-length'].to_i
           auth_tag_length = auth_tag_length(envelope)

data/lib/aws-sdk-s3/encryption/kms_cipher_provider.rb

@@ -17,11 +17,13 @@ module Aws
         #   envelope and encryption cipher.
         def encryption_cipher
           encryption_context = { "kms_cmk_id" => @kms_key_id }
-          key_data = @kms_client.generate_data_key(
-            key_id: @kms_key_id,
-            encryption_context: encryption_context,
-            key_spec: 'AES_256',
-          )
+          key_data = Aws::Plugins::UserAgent.feature('S3CryptoV1n') do
+            @kms_client.generate_data_key(
+              key_id: @kms_key_id,
+              encryption_context: encryption_context,
+              key_spec: 'AES_256'
+            )
+          end
           cipher = Utils.aes_encryption_cipher(:CBC)
           cipher.key = key_data.plaintext
           envelope = {
@@ -58,10 +60,12 @@ module Aws
                 "#{envelope['x-amz-wrap-alg']}"
           end
 
-          key = @kms_client.decrypt(
-            ciphertext_blob: decode64(envelope['x-amz-key-v2']),
-            encryption_context: encryption_context
-          ).plaintext
+          key = Aws::Plugins::UserAgent.feature('S3CryptoV1n') do
+            @kms_client.decrypt(
+              ciphertext_blob: decode64(envelope['x-amz-key-v2']),
+              encryption_context: encryption_context
+            ).plaintext
+          end
 
           iv = decode64(envelope['x-amz-iv'])
           block_mode =

data/lib/aws-sdk-s3/encryptionV2/client.rb

@@ -157,7 +157,7 @@ module Aws
     #       attr_reader :encryption_materials
     #
     #       def key_for(matdesc)
-    #         key_name = JSON.load(matdesc)['key']
+    #         key_name = JSON.parse(matdesc)['key']
     #         if key = @keys[key_name]
     #           key
     #         else
@@ -361,7 +361,9 @@ module Aws
             instruction_file_suffix: @instruction_file_suffix,
             kms_encryption_context: kms_encryption_context
           }
-          req.send_request
+          Aws::Plugins::UserAgent.feature('S3CryptoV2') do
+            req.send_request
+          end
         end
 
         # Gets an object from Amazon S3, decrypting data locally.
@@ -414,7 +416,9 @@ module Aws
             kms_allow_decrypt_with_any_cmk: kms_any_cmk_mode,
             security_profile: security_profile
           }
-          req.send_request(target: block)
+          Aws::Plugins::UserAgent.feature('S3CryptoV2') do
+            req.send_request(target: block)
+          end
         end
 
         private

data/lib/aws-sdk-s3/encryptionV2/decrypt_handler.rb

@@ -166,10 +166,6 @@ module Aws
         # to initialize the cipher, and the decrypter truncates the
         # auth tag from the body when writing the final bytes.
         def authenticated_decrypter(context, cipher, envelope)
-          if RUBY_VERSION.match(/1.9/)
-            raise "authenticated decryption not supported by OpenSSL in Ruby version ~> 1.9"
-            raise Aws::Errors::NonSupportedRubyVersionError, msg
-          end
           http_resp = context.http_response
           content_length = http_resp.headers['content-length'].to_i
           auth_tag_length = auth_tag_length(envelope)
@@ -177,6 +173,7 @@ module Aws
           auth_tag = context.client.get_object(
             bucket: context.params[:bucket],
             key: context.params[:key],
+            version_id: context.params[:version_id],
             range: "bytes=-#{auth_tag_length}"
           ).body.read
 

data/lib/aws-sdk-s3/encryptionV2/encrypt_handler.rb

@@ -9,10 +9,6 @@ module Aws
       class EncryptHandler < Seahorse::Client::Handler
 
         def call(context)
-          if RUBY_VERSION.match(/1.9/)
-            raise "authenticated encryption not supported by OpenSSL in Ruby version ~> 1.9"
-            raise Aws::Errors::NonSupportedRubyVersionError, msg
-          end
           envelope, cipher = context[:encryption][:cipher_provider]
            .encryption_cipher(
              kms_encryption_context: context[:encryption][:kms_encryption_context]

data/lib/aws-sdk-s3/encryptionV2/kms_cipher_provider.rb

@@ -24,11 +24,13 @@ module Aws
         def encryption_cipher(options = {})
           validate_key_for_encryption
           encryption_context = build_encryption_context(@content_encryption_schema, options)
-          key_data = @kms_client.generate_data_key(
-            key_id: @kms_key_id,
-            encryption_context: encryption_context,
-            key_spec: 'AES_256'
-          )
+          key_data = Aws::Plugins::UserAgent.feature('S3CryptoV2') do
+            @kms_client.generate_data_key(
+              key_id: @kms_key_id,
+              encryption_context: encryption_context,
+              key_spec: 'AES_256'
+            )
+          end
           cipher = Utils.aes_encryption_cipher(:GCM)
           cipher.key = key_data.plaintext
           envelope = {
@@ -83,7 +85,9 @@ module Aws
             decrypt_options[:key_id] = @kms_key_id
           end
 
-          key = @kms_client.decrypt(decrypt_options).plaintext
+          key = Aws::Plugins::UserAgent.feature('S3CryptoV2') do
+            @kms_client.decrypt(decrypt_options).plaintext
+          end
           iv = decode64(envelope['x-amz-iv'])
           block_mode =
             case cek_alg