class Aws::S3::Plugins::S3Signer::BucketRegionErrorHandler

will return 400 if the bucket is not in region.
regional endpoint. This is intended for s3’s global endpoint which
region, then finally a version 4 signed request against the correct
region. It follows up by making a request to determine the correct
This handler detects when a request fails because of a mismatched bucket

def call(context) 

def call(context)
  response = @handler.call(context)
  handle_region_errors(response)
end

def custom_endpoint?(resp) 

def custom_endpoint?(resp)
  region = resp.context.config.region
  partition = Aws::Endpoints::Matchers.aws_partition(region)
  endpoint = resp.context.http_request.endpoint
  !endpoint.hostname.include?(partition['dnsSuffix']) &&
    !endpoint.hostname.include?(partition['dualStackDnsSuffix'])
end

def expired_credentials?(resp) 

def expired_credentials?(resp)
  resp.context.http_response.body_contents.match(/<Code>ExpiredToken<\/Code>/)
end

def fips_region?(resp) 

def fips_region?(resp)
  resp.context.http_request.endpoint.host.include?('s3-fips.')
end

def get_region_and_retry(context) 

def get_region_and_retry(context)
  actual_region = context.http_response.headers['x-amz-bucket-region']
  actual_region ||= region_from_body(context.http_response.body_contents)
  update_bucket_cache(context, actual_region)
  log_warning(context, actual_region)
  resign_with_new_region(context, actual_region)
  @handler.call(context)
end

def handle_region_errors(response) 

def handle_region_errors(response)
  if wrong_sigv4_region?(response) &&
     !fips_region?(response) &&
     !custom_endpoint?(response) &&
     !expired_credentials?(response)
    get_region_and_retry(response.context)
  else
    response
  end
end

def log_warning(context, actual_region) 

def log_warning(context, actual_region)
  msg = "S3 client configured for #{context.config.region.inspect} " \
        "but the bucket #{context.params[:bucket].inspect} is in " \
        "#{actual_region.inspect}; Please configure the proper region " \
        "to avoid multiple unnecessary redirects and signing attempts\n"
  if (logger = context.config.logger)
    logger.warn(msg)
  else
    warn(msg)
  end
end

def region_from_body(body) 

def region_from_body(body)
  region = body.match(/<Region>(.+?)<\/Region>/)[1]
  if region.nil? || region == ''
    raise "couldn't get region from body: #{body}"
  else
    region
  end
end

def resign_with_new_region(context, actual_region) 

def resign_with_new_region(context, actual_region)
  context.http_response.body.truncate(0)
  context.http_request.endpoint.host = S3Signer.new_hostname(
    context, actual_region
  )
  context.metadata[:redirect_region] = actual_region
  signer = Aws::Plugins::Sign.signer_for(
    context[:auth_scheme],
    context.config,
    actual_region
  )
  signer.sign(context)
end

def update_bucket_cache(context, actual_region) 

def update_bucket_cache(context, actual_region)
  S3::BUCKET_REGIONS[context.params[:bucket]] = actual_region
end

def wrong_sigv4_region?(resp) 

def wrong_sigv4_region?(resp)
  resp.context.http_response.status_code == 400 &&
    (resp.context.http_response.headers['x-amz-bucket-region'] ||
     resp.context.http_response.body_contents.match(/<Region>.+?<\/Region>/))
end