aws-sdk-s3 1.62.0 → 1.63.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 2215607f661aa4176b322589d7abe5e707263c6b9465cc8f57c48d517f90ff4d
-  data.tar.gz: c2b1125ca62d14989ba39cb0b105032eee2a1166aa08f325ee4265f62d41018d
+  metadata.gz: da2e6ca940a8ce680ead9bccdf025c410123d7e57037c60a8f6537212f76aacc
+  data.tar.gz: 475125426aac2b54ead19be2d0d60abe4bd937dad68d8eaef6800dea14764545
 SHA512:
-  metadata.gz: a198d8fbe9a49fd39aeefebf2f361f375ee7c079f7500e336fecb3d9cfbb68e4c2e18c6a379abeb9b0618179f5a476d482ec81ef9dd51c8a57ce1e6c85f0984f
-  data.tar.gz: 7634f23c03f1f3dc211275ae0166dbda1d46c31dcfb6eb45b327d2455c0d53d0cdc805d5f9ad52538c462aaef369019793d04c091f16582e33ade22db7a00631
+  metadata.gz: 35c7afe8f6252bbce8845aa9f868dad6928291726a80824300d06b87aed3d316f58a18e5f79d4858fbf41563ce048f3c96e6a4d97520ea897198a4660514aa04
+  data.tar.gz: 42cf77fb2421bfed31a08641186470ee3e36eceeecc3680a564aa0504de767b3d666e42ee74d5f8ffea7539bd6c383cd104602682bba7c86459358d3f14d4435

data/lib/aws-sdk-s3.rb

@@ -66,6 +66,6 @@ require_relative 'aws-sdk-s3/event_streams'
 # @service
 module Aws::S3
 
-  GEM_VERSION = '1.62.0'
+  GEM_VERSION = '1.63.0'
 
 end

data/lib/aws-sdk-s3/client.rb

@@ -11789,7 +11789,7 @@ module Aws::S3
         params: params,
         config: config)
       context[:gem_name] = 'aws-sdk-s3'
-      context[:gem_version] = '1.62.0'
+      context[:gem_version] = '1.63.0'
       Seahorse::Client::Request.new(handlers, context)
     end
 

data/lib/aws-sdk-s3/presigner.rb

@@ -1,21 +1,13 @@
 module Aws
   module S3
-
-    # Allows you to create presigned URLs for S3 operations.
-    #
-    # Example Use:
-    #
-    #      signer = Aws::S3::Presigner.new
-    #      url = signer.presigned_url(:get_object, bucket: "bucket", key: "key")
-    #
     class Presigner
-
       # @api private
       ONE_WEEK = 60 * 60 * 24 * 7
 
       # @api private
       FIFTEEN_MINUTES = 60 * 15
 
+      # @api private
       BLACKLISTED_HEADERS = [
         'accept',
         'cache-control',
@@ -41,7 +33,13 @@ module Aws
         @client = options[:client] || Aws::S3::Client.new
       end
 
-      # @param [Symbol] method Symbolized method name of the operation you want
+      # Create presigned URLs for S3 operations.
+      #
+      # @example
+      #  signer = Aws::S3::Presigner.new
+      #  url = signer.presigned_url(:get_object, bucket: "bucket", key: "key")
+      #
+      # @param [Symbol] :method Symbolized method name of the operation you want
       #   to presign.
       #
       # @option params [Integer] :expires_in (900) The number of seconds
@@ -73,27 +71,88 @@ module Aws
       # @raise [ArgumentError] Raises an ArgumentError if `:expires_in`
       #   exceeds one week.
       #
+      # @return [String] a presigned url
       def presigned_url(method, params = {})
+        url, _headers = _presigned_request(method, params)
+        url
+      end
+
+      # Allows you to create presigned URL requests for S3 operations. This
+      # method returns a tuple containing the URL and the signed X-amz-* headers
+      # to be used with the presigned url.
+      #
+      # @example
+      #  signer = Aws::S3::Presigner.new
+      #  url, headers = signer.presigned_request(
+      #    :get_object, bucket: "bucket", key: "key"
+      #  )
+      #
+      # @param [Symbol] :method Symbolized method name of the operation you want
+      #   to presign.
+      #
+      # @option params [Integer] :expires_in (900) The number of seconds
+      #   before the presigned URL expires. Defaults to 15 minutes. As signature
+      #   version 4 has a maximum expiry time of one week for presigned URLs,
+      #   attempts to set this value to greater than one week (604800) will
+      #   raise an exception.
+      #
+      # @option params [Time] :time (Time.now) The starting time for when the
+      #   presigned url becomes active.
+      #
+      # @option params [Boolean] :secure (true) When `false`, a HTTP URL
+      #   is returned instead of the default HTTPS URL.
+      #
+      # @option params [Boolean] :virtual_host (false) When `true`, the
+      #   bucket name will be used as the hostname. This will cause
+      #   the returned URL to be 'http' and not 'https'.
+      #
+      # @option params [Boolean] :use_accelerate_endpoint (false) When `true`,
+      #   Presigner will attempt to use accelerated endpoint.
+      #
+      # @option params [Array<String>] :whitelist_headers ([]) Additional
+      #   headers to be included for the signed request. Certain headers beyond
+      #   the authorization header could, in theory, be changed for various
+      #   reasons (including but not limited to proxies) while in transit and
+      #   after signing. This would lead to signature errors being returned,
+      #   despite no actual problems with signing. (see BLACKLISTED_HEADERS)
+      #
+      # @raise [ArgumentError] Raises an ArgumentError if `:expires_in`
+      #   exceeds one week.
+      #
+      # @return [String, Hash] A tuple with a presigned URL and headers that
+      #   should be included with the request.
+      def presigned_request(method, params = {})
+        _presigned_request(method, params, false)
+      end
+
+      private
+
+      def _presigned_request(method, params, hoist = true)
         if params[:key].nil? or params[:key] == ''
           raise ArgumentError, ":key must not be blank"
         end
-        virtual_host = !!params.delete(:virtual_host)
+        virtual_host = params.delete(:virtual_host)
         time = params.delete(:time)
-        whitelisted_headers = params.delete(:whitelist_headers) || []
-        unsigned_headers = BLACKLISTED_HEADERS - whitelisted_headers
-        scheme = http_scheme(params, virtual_host)
+        unsigned_headers = unsigned_headers(params)
+        scheme = http_scheme(params)
+        expires_in = expires_in(params)
 
         req = @client.build_request(method, params)
         use_bucket_as_hostname(req) if virtual_host
 
-        sign_but_dont_send(req, expires_in(params), scheme, time, unsigned_headers)
-        req.send_request.data
+        x_amz_headers = sign_but_dont_send(
+          req, expires_in, scheme, time, unsigned_headers, hoist
+        )
+        [req.send_request.data, x_amz_headers]
       end
 
-      private
+      def unsigned_headers(params)
+        whitelist_headers = params.delete(:whitelist_headers) || []
+        BLACKLISTED_HEADERS - whitelist_headers
+      end
 
-      def http_scheme(params, virtual_host)
-        if params.delete(:secure) == false || virtual_host
+      def http_scheme(params)
+        if params.delete(:secure) == false
           'http'
         else
           @client.config.endpoint.scheme
@@ -104,12 +163,11 @@ module Aws
         if (expires_in = params.delete(:expires_in))
           if expires_in > ONE_WEEK
             raise ArgumentError,
-                  "expires_in value of #{expires_in} exceeds one-week maximum"
-          elsif expires_in <= 0 
+                  "expires_in value of #{expires_in} exceeds one-week maximum."
+          elsif expires_in <= 0
             raise ArgumentError,
-                  "expires_in value of #{expires_in} cannot be 0 or less"
+                  "expires_in value of #{expires_in} cannot be 0 or less."
           end
-
           expires_in
         else
           FIFTEEN_MINUTES
@@ -122,14 +180,16 @@ module Aws
           uri = context.http_request.endpoint
           uri.host = context.params[:bucket]
           uri.path.sub!("/#{context.params[:bucket]}", '')
-          uri.scheme = 'http'
-          uri.port = 80
           @handler.call(context)
         end
       end
 
       # @param [Seahorse::Client::Request] req
-      def sign_but_dont_send(req, expires_in, scheme, time, unsigned_headers)
+      def sign_but_dont_send(
+        req, expires_in, scheme, time, unsigned_headers, hoist = true
+      )
+        x_amz_headers = {}
+
         http_req = req.context.http_request
 
         req.handlers.remove(Aws::S3::Plugins::S3Signer::LegacyHandler)
@@ -138,9 +198,7 @@ module Aws
 
         signer = build_signer(req.context.config, unsigned_headers)
 
-        req.context[:presigned_url] = true
         req.handle(step: :send) do |context|
-
           if scheme != http_req.endpoint.scheme
             endpoint = http_req.endpoint.dup
             endpoint.scheme = scheme
@@ -148,13 +206,18 @@ module Aws
             http_req.endpoint = URI.parse(endpoint.to_s)
           end
 
-          # hoist x-amz-* headers to the querystring
           query = http_req.endpoint.query ? http_req.endpoint.query.split('&') : []
-          http_req.headers.keys.each do |key|
-            if key.match(/^x-amz/i)
-              value = Aws::Sigv4::Signer.uri_escape(http_req.headers.delete(key))
+          http_req.headers.each do |key, value|
+            next unless key =~ /^x-amz/i
+
+            if hoist
+              value = Aws::Sigv4::Signer.uri_escape(value)
               key = Aws::Sigv4::Signer.uri_escape(key)
+              # hoist x-amz-* headers to the querystring
+              http_req.headers.delete(key)
               query << "#{key}=#{value}"
+            else
+              x_amz_headers[key] = value
             end
           end
           http_req.endpoint.query = query.join('&') unless query.empty?
@@ -168,8 +231,13 @@ module Aws
             time: time
           ).to_s
 
+          # Used for excluding presigned_urls from API request count
+          context[:presigned_url] = true
+
           Seahorse::Client::Response.new(context: context, data: url)
         end
+        # Return the headers
+        x_amz_headers
       end
 
       def build_signer(cfg, unsigned_headers)

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: aws-sdk-s3
 version: !ruby/object:Gem::Version
-  version: 1.62.0
+  version: 1.63.0
 platform: ruby
 authors:
 - Amazon Web Services
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2020-04-20 00:00:00.000000000 Z
+date: 2020-04-22 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk-kms