aws-sdk-s3 1.101.0 → 1.102.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +5 -0
- data/VERSION +1 -1
- data/lib/aws-sdk-s3/arn/multi_region_access_point_arn.rb +69 -0
- data/lib/aws-sdk-s3/client.rb +6 -1
- data/lib/aws-sdk-s3/plugins/arn.rb +51 -12
- data/lib/aws-sdk-s3/plugins/s3_signer.rb +10 -1
- data/lib/aws-sdk-s3/presigner.rb +6 -0
- data/lib/aws-sdk-s3.rb +1 -1
- metadata +5 -4
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 5e460144a4d67350a975bcb1b28dded53872af939cb512c74bc7c1e73ff1e616
|
|
4
|
+
data.tar.gz: cfd0bc9fb977e27ec33f3d497a1547e92808a13fd42b3e9b1ee7f6a73bec5771
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: c58146b420fb36c1468743f06899a3ce195499a72966a1fe99ead757b4257da9c5cd29133977c371fdbd6fd9f4480b33807a0baae30deecee4fbb94de7f5a72e
|
|
7
|
+
data.tar.gz: 84bdb26904354cb178793d2f329bb428903a5765b76dff87e34e5030c1e132a41d1b22af39a37ae0df778d43b2da673fb92d18ab9a685bbe1ba9451b4b1f5096
|
data/CHANGELOG.md
CHANGED
data/VERSION
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
1.
|
|
1
|
+
1.102.0
|
|
@@ -0,0 +1,69 @@
|
|
|
1
|
+
# frozen_string_literal: true
|
|
2
|
+
|
|
3
|
+
module Aws
|
|
4
|
+
module S3
|
|
5
|
+
# @api private
|
|
6
|
+
class MultiRegionAccessPointARN < Aws::ARN
|
|
7
|
+
def initialize(options)
|
|
8
|
+
super(options)
|
|
9
|
+
@type, @mrap_alias, @extra = @resource.split(/[:,\/]/)
|
|
10
|
+
end
|
|
11
|
+
|
|
12
|
+
attr_reader :mrap_alias
|
|
13
|
+
|
|
14
|
+
def support_dualstack?
|
|
15
|
+
false
|
|
16
|
+
end
|
|
17
|
+
|
|
18
|
+
def support_fips?
|
|
19
|
+
false
|
|
20
|
+
end
|
|
21
|
+
|
|
22
|
+
def validate_arn!
|
|
23
|
+
unless @service == 's3'
|
|
24
|
+
raise ArgumentError,
|
|
25
|
+
'Must provide a valid S3 multi-region access point ARN.'
|
|
26
|
+
end
|
|
27
|
+
|
|
28
|
+
if @account_id.empty?
|
|
29
|
+
raise ArgumentError,
|
|
30
|
+
'S3 multi-region access point ARNs must contain '\
|
|
31
|
+
'an account id.'
|
|
32
|
+
end
|
|
33
|
+
|
|
34
|
+
unless @region.empty?
|
|
35
|
+
raise ArgumentError,
|
|
36
|
+
'Multi-region access points must have an empty region.'
|
|
37
|
+
end
|
|
38
|
+
|
|
39
|
+
if @type != 'accesspoint'
|
|
40
|
+
raise ArgumentError, 'Invalid ARN, resource format is not correct'
|
|
41
|
+
end
|
|
42
|
+
|
|
43
|
+
if @mrap_alias.nil? || @mrap_alias.empty?
|
|
44
|
+
raise ArgumentError, 'Missing ARN multi-region access points alias.'
|
|
45
|
+
end
|
|
46
|
+
|
|
47
|
+
unless @mrap_alias.split('.').all? { |s| Seahorse::Util.host_label?(s) }
|
|
48
|
+
raise ArgumentError, "#{@mrap_alias} is not a valid "\
|
|
49
|
+
'multi region access point alias.'
|
|
50
|
+
end
|
|
51
|
+
|
|
52
|
+
if @extra
|
|
53
|
+
raise ArgumentError,
|
|
54
|
+
'ARN access point resource must be a single value.'
|
|
55
|
+
end
|
|
56
|
+
end
|
|
57
|
+
|
|
58
|
+
def host_url(region, fips = false, dualstack = false, custom_endpoint = nil)
|
|
59
|
+
if custom_endpoint
|
|
60
|
+
"#{@mrap_alias}.#{custom_endpoint}"
|
|
61
|
+
else
|
|
62
|
+
|
|
63
|
+
sfx = Aws::Partitions::EndpointProvider.dns_suffix_for(@partition)
|
|
64
|
+
"#{@mrap_alias}.accesspoint.s3-global.#{sfx}"
|
|
65
|
+
end
|
|
66
|
+
end
|
|
67
|
+
end
|
|
68
|
+
end
|
|
69
|
+
end
|
data/lib/aws-sdk-s3/client.rb
CHANGED
|
@@ -327,6 +327,11 @@ module Aws::S3
|
|
|
327
327
|
# in the future.
|
|
328
328
|
#
|
|
329
329
|
#
|
|
330
|
+
# @option options [Boolean] :s3_disable_multiregion_access_points (false)
|
|
331
|
+
# When set to `false` this will option will raise errors when multi-region
|
|
332
|
+
# access point ARNs are used. Multi-region access points can potentially
|
|
333
|
+
# result in cross region requests.
|
|
334
|
+
#
|
|
330
335
|
# @option options [String] :s3_us_east_1_regional_endpoint ("legacy")
|
|
331
336
|
# Pass in `regional` to enable the `us-east-1` regional endpoint.
|
|
332
337
|
# Defaults to `legacy` mode which uses the global endpoint.
|
|
@@ -14047,7 +14052,7 @@ module Aws::S3
|
|
|
14047
14052
|
params: params,
|
|
14048
14053
|
config: config)
|
|
14049
14054
|
context[:gem_name] = 'aws-sdk-s3'
|
|
14050
|
-
context[:gem_version] = '1.
|
|
14055
|
+
context[:gem_version] = '1.102.0'
|
|
14051
14056
|
Seahorse::Client::Request.new(handlers, context)
|
|
14052
14057
|
end
|
|
14053
14058
|
|
|
@@ -3,6 +3,7 @@
|
|
|
3
3
|
require_relative '../arn/access_point_arn'
|
|
4
4
|
require_relative '../arn/object_lambda_arn'
|
|
5
5
|
require_relative '../arn/outpost_access_point_arn'
|
|
6
|
+
require_relative '../arn/multi_region_access_point_arn'
|
|
6
7
|
|
|
7
8
|
module Aws
|
|
8
9
|
module S3
|
|
@@ -23,6 +24,18 @@ be made. Set to `false` to use the client's region instead.
|
|
|
23
24
|
resolve_s3_use_arn_region(cfg)
|
|
24
25
|
end
|
|
25
26
|
|
|
27
|
+
option(
|
|
28
|
+
:s3_disable_multiregion_access_points,
|
|
29
|
+
default: false,
|
|
30
|
+
doc_type: 'Boolean',
|
|
31
|
+
docstring: <<-DOCS) do |cfg|
|
|
32
|
+
When set to `false` this will option will raise errors when multi-region
|
|
33
|
+
access point ARNs are used. Multi-region access points can potentially
|
|
34
|
+
result in cross region requests.
|
|
35
|
+
DOCS
|
|
36
|
+
resolve_s3_disable_multiregion_access_points(cfg)
|
|
37
|
+
end
|
|
38
|
+
|
|
26
39
|
# param validator is validate:50
|
|
27
40
|
# endpoint is build:90 (populates the URI for the first time)
|
|
28
41
|
# endpoint pattern is build:10
|
|
@@ -113,8 +126,14 @@ be made. Set to `false` to use the client's region instead.
|
|
|
113
126
|
|
|
114
127
|
if !arn.support_dualstack? && context[:use_dualstack_endpoint]
|
|
115
128
|
raise ArgumentError,
|
|
116
|
-
'Cannot provide an Outpost Access Point
|
|
117
|
-
'`:use_dualstack_endpoint` is set to true.'
|
|
129
|
+
'Cannot provide an Outpost Access Point or Multi-region Access Point ARN'\
|
|
130
|
+
' when `:use_dualstack_endpoint` is set to true.'
|
|
131
|
+
end
|
|
132
|
+
|
|
133
|
+
if arn.region.empty? && context.config.s3_disable_multiregion_access_points
|
|
134
|
+
raise ArgumentError,
|
|
135
|
+
'Cannot provide a Multi-region Access Point ARN with '\
|
|
136
|
+
'`:s3_disable_multiregion_access_points` set to true'
|
|
118
137
|
end
|
|
119
138
|
end
|
|
120
139
|
end
|
|
@@ -147,7 +166,9 @@ be made. Set to `false` to use the client's region instead.
|
|
|
147
166
|
def resolve_arn_type!(arn)
|
|
148
167
|
case arn.service
|
|
149
168
|
when 's3'
|
|
150
|
-
|
|
169
|
+
arn.region.empty? ?
|
|
170
|
+
Aws::S3::MultiRegionAccessPointARN.new(arn.to_h) :
|
|
171
|
+
Aws::S3::AccessPointARN.new(arn.to_h)
|
|
151
172
|
when 's3-outposts'
|
|
152
173
|
Aws::S3::OutpostAccessPointARN.new(arn.to_h)
|
|
153
174
|
when 's3-object-lambda'
|
|
@@ -174,6 +195,21 @@ be made. Set to `false` to use the client's region instead.
|
|
|
174
195
|
value
|
|
175
196
|
end
|
|
176
197
|
|
|
198
|
+
def resolve_s3_disable_multiregion_access_points(cfg)
|
|
199
|
+
value = ENV['AWS_S3_DISABLE_MULTIREGION_ACCESS_POINTS'] ||
|
|
200
|
+
Aws.shared_config.s3_disable_multiregion_access_points(profile: cfg.profile) ||
|
|
201
|
+
'false'
|
|
202
|
+
value = Aws::Util.str_2_bool(value)
|
|
203
|
+
# Raise if provided value is not true or false
|
|
204
|
+
if value.nil?
|
|
205
|
+
raise ArgumentError,
|
|
206
|
+
'Must provide either `true` or `false` for '\
|
|
207
|
+
's3_use_arn_region profile option or for '\
|
|
208
|
+
"ENV['AWS_S3_USE_ARN_REGION']"
|
|
209
|
+
end
|
|
210
|
+
value
|
|
211
|
+
end
|
|
212
|
+
|
|
177
213
|
# Remove ARN from the path because we've already set the new host
|
|
178
214
|
def url_path(path, arn)
|
|
179
215
|
path = path.sub("/#{Seahorse::Util.uri_escape(arn.to_s)}", '')
|
|
@@ -208,16 +244,19 @@ be made. Set to `false` to use the client's region instead.
|
|
|
208
244
|
region = region.gsub('fips-', '').gsub('-fips', '')
|
|
209
245
|
end
|
|
210
246
|
|
|
211
|
-
#
|
|
212
|
-
|
|
213
|
-
|
|
214
|
-
|
|
215
|
-
|
|
247
|
+
# use_arn_region does not apply to MRAP (global) arns
|
|
248
|
+
unless arn.region.empty?
|
|
249
|
+
# Raise if the ARN and client regions are in different partitions
|
|
250
|
+
if use_arn_region &&
|
|
251
|
+
!Aws::Partitions.partition(arn.partition).region?(region)
|
|
252
|
+
raise Aws::Errors::InvalidARNPartitionError
|
|
253
|
+
end
|
|
216
254
|
|
|
217
|
-
|
|
218
|
-
|
|
219
|
-
|
|
220
|
-
|
|
255
|
+
# Raise if regions mismatch
|
|
256
|
+
# Either when it's a fips client or not using the ARN region
|
|
257
|
+
if (!use_arn_region || fips) && region != arn.region
|
|
258
|
+
raise Aws::Errors::InvalidARNRegionError
|
|
259
|
+
end
|
|
221
260
|
end
|
|
222
261
|
end
|
|
223
262
|
end
|
|
@@ -74,9 +74,17 @@ module Aws
|
|
|
74
74
|
credentials: context.config.credentials
|
|
75
75
|
)
|
|
76
76
|
elsif (arn = context.metadata[:s3_arn])
|
|
77
|
+
if arn[:arn].is_a?(MultiRegionAccessPointARN)
|
|
78
|
+
signing_region = '*'
|
|
79
|
+
signing_algorithm = :sigv4a
|
|
80
|
+
else
|
|
81
|
+
signing_region = arn[:resolved_region]
|
|
82
|
+
signing_algorithm = :sigv4
|
|
83
|
+
end
|
|
77
84
|
S3Signer.build_v4_signer(
|
|
78
85
|
service: arn[:arn].service,
|
|
79
|
-
|
|
86
|
+
signing_algorithm: signing_algorithm,
|
|
87
|
+
region: signing_region,
|
|
80
88
|
credentials: context.config.credentials
|
|
81
89
|
)
|
|
82
90
|
elsif context.operation.name == 'WriteGetObjectResponse'
|
|
@@ -216,6 +224,7 @@ module Aws
|
|
|
216
224
|
service: options[:service],
|
|
217
225
|
region: options[:region],
|
|
218
226
|
credentials_provider: options[:credentials],
|
|
227
|
+
signing_algorithm: options.fetch(:signing_algorithm, :sigv4),
|
|
219
228
|
uri_escape_path: false,
|
|
220
229
|
unsigned_headers: ['content-length', 'x-amzn-trace-id']
|
|
221
230
|
)
|
data/lib/aws-sdk-s3/presigner.rb
CHANGED
|
@@ -231,17 +231,23 @@ module Aws
|
|
|
231
231
|
end
|
|
232
232
|
http_req.endpoint.query = query.join('&') unless query.empty?
|
|
233
233
|
|
|
234
|
+
signing_algorithm = :sigv4
|
|
235
|
+
|
|
234
236
|
# If it's an ARN, get the resolved region and service
|
|
235
237
|
if (arn = context.metadata[:s3_arn])
|
|
236
238
|
region = arn[:resolved_region]
|
|
237
239
|
service = arn[:arn].service
|
|
240
|
+
region = arn[:arn].is_a?(MultiRegionAccessPointARN) ? '*': arn[:resolved_region]
|
|
241
|
+
signing_algorithm = arn[:arn].is_a?(MultiRegionAccessPointARN) ? :sigv4a : :sigv4
|
|
238
242
|
end
|
|
239
243
|
|
|
240
244
|
signer = Aws::Sigv4::Signer.new(
|
|
241
245
|
service: service || 's3',
|
|
242
246
|
region: region || context.config.region,
|
|
247
|
+
signing_algorithm: signing_algorithm,
|
|
243
248
|
credentials_provider: context.config.credentials,
|
|
244
249
|
unsigned_headers: unsigned_headers,
|
|
250
|
+
apply_checksum_header: false,
|
|
245
251
|
uri_escape_path: false
|
|
246
252
|
)
|
|
247
253
|
|
data/lib/aws-sdk-s3.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: aws-sdk-s3
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.
|
|
4
|
+
version: 1.102.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Amazon Web Services
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2021-09-
|
|
11
|
+
date: 2021-09-02 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: aws-sdk-kms
|
|
@@ -30,14 +30,14 @@ dependencies:
|
|
|
30
30
|
requirements:
|
|
31
31
|
- - "~>"
|
|
32
32
|
- !ruby/object:Gem::Version
|
|
33
|
-
version: '1.
|
|
33
|
+
version: '1.4'
|
|
34
34
|
type: :runtime
|
|
35
35
|
prerelease: false
|
|
36
36
|
version_requirements: !ruby/object:Gem::Requirement
|
|
37
37
|
requirements:
|
|
38
38
|
- - "~>"
|
|
39
39
|
- !ruby/object:Gem::Version
|
|
40
|
-
version: '1.
|
|
40
|
+
version: '1.4'
|
|
41
41
|
- !ruby/object:Gem::Dependency
|
|
42
42
|
name: aws-sdk-core
|
|
43
43
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -71,6 +71,7 @@ files:
|
|
|
71
71
|
- VERSION
|
|
72
72
|
- lib/aws-sdk-s3.rb
|
|
73
73
|
- lib/aws-sdk-s3/arn/access_point_arn.rb
|
|
74
|
+
- lib/aws-sdk-s3/arn/multi_region_access_point_arn.rb
|
|
74
75
|
- lib/aws-sdk-s3/arn/object_lambda_arn.rb
|
|
75
76
|
- lib/aws-sdk-s3/arn/outpost_access_point_arn.rb
|
|
76
77
|
- lib/aws-sdk-s3/bucket.rb
|