class Aws::S3::Plugins::ARN
@api private
plugin resolves the request endpoint from the ARN when possible.
When an accesspoint ARN is provided for :bucket in S3 operations, this
def add_handlers(handlers, _config)
endpoint is build:90 (populates the URI for the first time)
param validator is validate:50
def add_handlers(handlers, _config) handlers.add(ARNHandler, step: :validate, priority: 75) handlers.add(UrlHandler) end
def resolve_arn!(member_value, region, use_arn_region)
- Api: - private
def resolve_arn!(member_value, region, use_arn_region) if Aws::ARNParser.arn?(member_value) arn = Aws::ARNParser.parse(member_value) s3_arn = resolve_arn_type!(arn) s3_arn.validate_arn! validate_region_config!(s3_arn, region, use_arn_region) region = s3_arn.region if use_arn_region && !region.include?('fips') [region, s3_arn] else [region] end end
def resolve_arn_type!(arn)
def resolve_arn_type!(arn) case arn.service when 's3' Aws::S3::AccessPointARN.new(arn.to_h) when 's3-outposts' Aws::S3::OutpostAccessPointARN.new(arn.to_h) when 's3-object-lambda' Aws::S3::ObjectLambdaARN.new(arn.to_h) else raise ArgumentError, 'Only Access Point, Outposts, and Object Lambdas ARNs '\ 'are currently supported.' end end
def resolve_s3_use_arn_region(cfg)
def resolve_s3_use_arn_region(cfg) value = ENV['AWS_S3_USE_ARN_REGION'] || Aws.shared_config.s3_use_arn_region(profile: cfg.profile) || 'true' value = Aws::Util.str_2_bool(value) # Raise if provided value is not true or false if value.nil? raise ArgumentError, 'Must provide either `true` or `false` for the '\ '`s3_use_arn_region` profile option or for '\ "ENV['AWS_S3_USE_ARN_REGION']." end value end
def resolve_url!(url, arn, region, fips = false, dualstack = false, has_custom_endpoint = false)
- Api: - private
def resolve_url!(url, arn, region, fips = false, dualstack = false, has_custom_endpoint = false) custom_endpoint = url.host if has_custom_endpoint url.host = arn.host_url(region, fips, dualstack, custom_endpoint) url.path = url_path(url.path, arn) url end
def url_path(path, arn)
def url_path(path, arn) path = path.sub("/#{Seahorse::Util.uri_escape(arn.to_s)}", '') .sub("/#{arn}", '') "/#{path}" unless path =~ /^\// path end
def validate_region_config!(arn, region, use_arn_region)
def validate_region_config!(arn, region, use_arn_region) if ['s3-external-1', 'aws-global'].include?(region) # These "regions" are not regional endpoints unless use_arn_region raise Aws::Errors::InvalidARNRegionError, 'Configured client region is not a regional endpoint.' end # These "regions" are in the AWS partition # Cannot use ARN region unless it's the same partition unless arn.partition == 'aws' raise Aws::Errors::InvalidARNPartitionError end else if region.include?('fips') # If ARN type doesn't support FIPS but the client region is FIPS unless arn.support_fips? raise ArgumentError, 'FIPS client regions are not supported for this type '\ 'of ARN.' end fips = true # Normalize the region so we can compare partition and regions region = region.gsub('fips-', '').gsub('-fips', '') end # Raise if the ARN and client regions are in different partitions if use_arn_region && !Aws::Partitions.partition(arn.partition).region?(region) raise Aws::Errors::InvalidARNPartitionError end # Raise if regions mismatch # Either when it's a fips client or not using the ARN region if (!use_arn_region || fips) && region != arn.region raise Aws::Errors::InvalidARNRegionError end end end