Skip to content

Commit

Permalink
feat(client-s3): Amazon Simple Storage Service / Features : Add suppo…
Browse files Browse the repository at this point in the history 
…rt for conditional writes for PutObject and CompleteMultipartUpload APIs.
  • Loading branch information
awstools committed Aug 20, 2024
1 parent 5154d4f commit b474584
Show file tree
Hide file tree
Showing 11 changed files with 162 additions and 47 deletions.
15 changes: 12 additions & 3 deletions clients/client-s3/src/commands/CompleteMultipartUploadCommand.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -81,9 +81,10 @@ export interface CompleteMultipartUploadCommandOutput extends CompleteMultipartU
* <ul>
* <li>
* <p>
* <b>General purpose bucket permissions</b> - For information about permissions required to use the multipart upload API, see <a href="https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuAndPermissions.html">Multipart Upload
* and Permissions</a> in the <i>Amazon S3
* User Guide</i>.</p>
* <b>General purpose bucket permissions</b> - For
* information about permissions required to use the multipart upload API, see
* <a href="https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuAndPermissions.html">Multipart Upload and
* Permissions</a> in the <i>Amazon S3 User Guide</i>.</p>
* </li>
* <li>
* <p>
Expand All @@ -94,6 +95,13 @@ export interface CompleteMultipartUploadCommandOutput extends CompleteMultipartU
* <code>CreateSession</code>
* </a>.</p>
* </li>
* <li>
* <p> If you provide an <a href="https://docs.aws.amazon.com/AmazonS3/latest/API/API_Checksum.html">additional checksum
* value</a> in your <code>MultipartUpload</code> requests and the
* object is encrypted with Key Management Service, you must have permission to use the
* <code>kms:Decrypt</code> action for the
* <code>CompleteMultipartUpload</code> request to succeed.</p>
* </li>
* </ul>
* </dd>
* <dt>Special errors</dt>
Expand Down Expand Up @@ -218,6 +226,7 @@ export interface CompleteMultipartUploadCommandOutput extends CompleteMultipartU
* ChecksumSHA256: "STRING_VALUE",
* RequestPayer: "requester",
* ExpectedBucketOwner: "STRING_VALUE",
* IfNoneMatch: "STRING_VALUE",
* SSECustomerAlgorithm: "STRING_VALUE",
* SSECustomerKey: "STRING_VALUE",
* SSECustomerKeyMD5: "STRING_VALUE",
Expand Down
25 changes: 14 additions & 11 deletions clients/client-s3/src/commands/CreateMultipartUploadCommand.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -78,17 +78,20 @@ export interface CreateMultipartUploadCommandOutput extends CreateMultipartUploa
* <ul>
* <li>
* <p>
* <b>General purpose bucket permissions</b> - For information about the permissions required to use the multipart upload API, see
* <a href="https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuAndPermissions.html">Multipart
* upload and permissions</a> in the <i>Amazon S3 User Guide</i>. </p>
* <p>To perform a multipart upload with encryption by using an Amazon Web Services KMS key, the requester
* must have permission to the <code>kms:Decrypt</code> and <code>kms:GenerateDataKey*</code>
* actions on the key. These permissions are required because Amazon S3 must decrypt and read data
* from the encrypted file parts before it completes the multipart upload. For more
* information, see <a href="https://docs.aws.amazon.com/AmazonS3/latest/userguide/mpuoverview.html#mpuAndPermissions">Multipart upload API
* and permissions</a> and <a href="https://docs.aws.amazon.com/AmazonS3/latest/userguide/UsingKMSEncryption.html">Protecting data using
* server-side encryption with Amazon Web Services KMS</a> in the
* <i>Amazon S3 User Guide</i>.</p>
* <b>General purpose bucket permissions</b> - To
* perform a multipart upload with encryption using an Key Management Service (KMS)
* KMS key, the requester must have permission to the
* <code>kms:Decrypt</code> and <code>kms:GenerateDataKey</code> actions on
* the key. The requester must also have permissions for the
* <code>kms:GenerateDataKey</code> action for the
* <code>CreateMultipartUpload</code> API. Then, the requester needs
* permissions for the <code>kms:Decrypt</code> action on the
* <code>UploadPart</code> and <code>UploadPartCopy</code> APIs. These
* permissions are required because Amazon S3 must decrypt and read data from the
* encrypted file parts before it completes the multipart upload. For more
* information, see <a href="https://docs.aws.amazon.com/AmazonS3/latest/userguide/mpuoverview.html#mpuAndPermissions">Multipart upload API and permissions</a> and <a href="https://docs.aws.amazon.com/AmazonS3/latest/userguide/UsingKMSEncryption.html">Protecting data
* using server-side encryption with Amazon Web Services KMS</a> in the
* <i>Amazon S3 User Guide</i>.</p>
* </li>
* <li>
* <p>
Expand Down
1 change: 1 addition & 0 deletions clients/client-s3/src/commands/PutObjectCommand.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -190,6 +190,7 @@ export interface PutObjectCommandOutput extends PutObjectOutput, __MetadataBeare
* ChecksumSHA1: "STRING_VALUE",
* ChecksumSHA256: "STRING_VALUE",
* Expires: new Date("TIMESTAMP"),
* IfNoneMatch: "STRING_VALUE",
* GrantFullControl: "STRING_VALUE",
* GrantRead: "STRING_VALUE",
* GrantReadACP: "STRING_VALUE",
Expand Down
4 changes: 4 additions & 0 deletions clients/client-s3/src/commands/RestoreObjectCommand.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,10 @@ export interface RestoreObjectCommandOutput extends RestoreObjectOutput, __Metad
* <note>
* <p>This operation is not supported by directory buckets.</p>
* </note>
* <important>
* <p>The <code>SELECT</code> job type for the RestoreObject operation is no longer available to new customers. Existing customers of Amazon S3 Select can continue to use the feature as usual. <a href="http://aws.amazon.com/blogs/storage/how-to-optimize-querying-your-data-in-amazon-s3/">Learn more</a>
* </p>
* </important>
* <p>Restores an archived copy of an object back into Amazon S3</p>
* <p>This functionality is not supported for Amazon S3 on Outposts.</p>
* <p>This action performs the following types of requests: </p>
Expand Down
4 changes: 4 additions & 0 deletions clients/client-s3/src/commands/SelectObjectContentCommand.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -38,6 +38,10 @@ export interface SelectObjectContentCommandOutput extends SelectObjectContentOut
* <note>
* <p>This operation is not supported by directory buckets.</p>
* </note>
* <important>
* <p>The SelectObjectContent operation is no longer available to new customers. Existing customers of Amazon S3 Select can continue to use the operation as usual. <a href="http://aws.amazon.com/blogs/storage/how-to-optimize-querying-your-data-in-amazon-s3/">Learn more</a>
* </p>
* </important>
* <p>This action filters the contents of an Amazon S3 object based on a simple structured query
* language (SQL) statement. In the request, along with the SQL expression, you must also
* specify a data serialization format (JSON, CSV, or Apache Parquet) of the object. Amazon S3 uses
Expand Down
18 changes: 15 additions & 3 deletions clients/client-s3/src/commands/UploadPartCommand.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -76,9 +76,21 @@ export interface UploadPartCommandOutput extends UploadPartOutput, __MetadataBea
* <ul>
* <li>
* <p>
* <b>General purpose bucket permissions</b> - For information on the permissions required to use the multipart upload API, see
* <a href="https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuAndPermissions.html">Multipart
* Upload and Permissions</a> in the <i>Amazon S3 User Guide</i>.</p>
* <b>General purpose bucket permissions</b> - To
* perform a multipart upload with encryption using an Key Management Service key, the
* requester must have permission to the <code>kms:Decrypt</code> and
* <code>kms:GenerateDataKey</code> actions on the key. The requester must
* also have permissions for the <code>kms:GenerateDataKey</code> action for
* the <code>CreateMultipartUpload</code> API. Then, the requester needs
* permissions for the <code>kms:Decrypt</code> action on the
* <code>UploadPart</code> and <code>UploadPartCopy</code> APIs.</p>
* <p>These permissions are required because Amazon S3 must decrypt and read data
* from the encrypted file parts before it completes the multipart upload. For
* more information about KMS permissions, see <a href="https://docs.aws.amazon.com/AmazonS3/latest/userguide/UsingKMSEncryption.html">Protecting data
* using server-side encryption with KMS</a> in the
* <i>Amazon S3 User Guide</i>. For information about the
* permissions required to use the multipart upload API, see <a href="https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuAndPermissions.html">Multipart upload and permissions</a> and <a href="https://docs.aws.amazon.com/AmazonS3/latest/userguide/mpuoverview.html#mpuAndPermissions">Multipart upload API and permissions</a> in the
* <i>Amazon S3 User Guide</i>.</p>
* </li>
* <li>
* <p>
Expand Down
39 changes: 30 additions & 9 deletions clients/client-s3/src/commands/UploadPartCopyCommand.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -76,23 +76,44 @@ export interface UploadPartCopyCommandOutput extends UploadPartCopyOutput, __Met
* <ul>
* <li>
* <p>
* <b>General purpose bucket permissions</b> - You must have the permissions in a policy based on the bucket types of your source bucket and destination bucket in an <code>UploadPartCopy</code> operation.</p>
* <b>General purpose bucket permissions</b> - You
* must have the permissions in a policy based on the bucket types of your
* source bucket and destination bucket in an <code>UploadPartCopy</code>
* operation.</p>
* <ul>
* <li>
* <p>If the source object is in a general purpose bucket, you must have the <b>
* <p>If the source object is in a general purpose bucket, you must have the
* <b>
* <code>s3:GetObject</code>
* </b> permission to read the source object that is being copied. </p>
* </b>
* permission to read the source object that is being copied. </p>
* </li>
* <li>
* <p>If the destination bucket is a general purpose bucket, you must have the <b>
* <p>If the destination bucket is a general purpose bucket, you must have the
* <b>
* <code>s3:PutObject</code>
* </b> permission to write the object copy to the destination bucket.
* </p>
* </b>
* permission to write the object copy to the destination bucket. </p>
* </li>
* <li>
* <p>To perform a multipart upload with encryption using an Key Management Service
* key, the requester must have permission to the
* <code>kms:Decrypt</code> and <code>kms:GenerateDataKey</code>
* actions on the key. The requester must also have permissions for the
* <code>kms:GenerateDataKey</code> action for the
* <code>CreateMultipartUpload</code> API. Then, the requester needs
* permissions for the <code>kms:Decrypt</code> action on the
* <code>UploadPart</code> and <code>UploadPartCopy</code> APIs. These
* permissions are required because Amazon S3 must decrypt and read data from
* the encrypted file parts before it completes the multipart upload. For
* more information about KMS permissions, see <a href="https://docs.aws.amazon.com/AmazonS3/latest/userguide/UsingKMSEncryption.html">Protecting
* data using server-side encryption with KMS</a> in the
* <i>Amazon S3 User Guide</i>. For information about the
* permissions required to use the multipart upload API, see <a href="https://docs.aws.amazon.com/AmazonS3/latest/dev/mpuAndPermissions.html">Multipart upload
* and permissions</a> and <a href="https://docs.aws.amazon.com/AmazonS3/latest/userguide/mpuoverview.html#mpuAndPermissions">Multipart upload API and permissions</a> in the
* <i>Amazon S3 User Guide</i>.</p>
* </li>
* </ul>
* <p>For information about permissions required to use the multipart upload API, see
* <a href="https://docs.aws.amazon.com/AmazonS3/latest/userguide/mpuoverview.html#mpuAndPermissions">Multipart upload API and permissions</a> in the
* <i>Amazon S3 User Guide</i>.</p>
* </li>
* <li>
* <p>
Expand Down
20 changes: 17 additions & 3 deletions clients/client-s3/src/models/models_0.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -714,6 +714,15 @@ export interface CompleteMultipartUploadRequest {
*/
ExpectedBucketOwner?: string;

/**
* <p>Uploads the object only if the object key name does not already exist in the bucket specified. Otherwise, Amazon S3 returns a <code>412 Precondition Failed</code> error.</p>
* <p>If a conflicting operation occurs during the upload S3 returns a <code>409 ConditionalRequestConflict</code> response. On a 409 failure you should re-initiate the multipart upload with <code>CreateMultipartUpload</code> and re-upload each part.</p>
* <p>Expects the '*' (asterisk) character.</p>
* <p>For more information about conditional requests, see <a href="https://tools.ietf.org/html/rfc7232">RFC 7232</a>, or <a href="https://docs.aws.amazon.com/AmazonS3/latest/userguide/conditional-requests.html">Conditional requests</a> in the <i>Amazon S3 User Guide</i>.</p>
* @public
*/
IfNoneMatch?: string;

/**
* <p>The server-side encryption (SSE) algorithm used to encrypt the object. This parameter is
* required only when the object was created using a checksum algorithm or if
Expand Down Expand Up @@ -9513,6 +9522,10 @@ export interface GetObjectRequest {

/**
* <p>To retrieve the checksum, this mode must be enabled.</p>
* <p>In addition, if you enable checksum mode and the object is uploaded with a
* <a href="https://docs.aws.amazon.com/AmazonS3/latest/API/API_Checksum.html">checksum</a>
* and encrypted with an Key Management Service (KMS) key, you must have permission to use the
* <code>kms:Decrypt</code> action to retrieve the checksum.</p>
* @public
*/
ChecksumMode?: ChecksumMode;
Expand Down Expand Up @@ -11236,9 +11249,10 @@ export interface HeadObjectRequest {

/**
* <p>To retrieve the checksum, this parameter must be enabled.</p>
* <p>In addition, if you enable <code>ChecksumMode</code> and the object is encrypted with
* Amazon Web Services Key Management Service (Amazon Web Services KMS), you must have permission to use the
* <code>kms:Decrypt</code> action for the request to succeed.</p>
* <p>In addition, if you enable checksum mode and the object is uploaded with a
* <a href="https://docs.aws.amazon.com/AmazonS3/latest/API/API_Checksum.html">checksum</a>
* and encrypted with an Key Management Service (KMS) key, you must have permission to use the
* <code>kms:Decrypt</code> action to retrieve the checksum.</p>
* @public
*/
ChecksumMode?: ChecksumMode;
Expand Down
Loading

0 comments on commit b474584

Please sign in to comment.