From 0432074ceca318b81acbab8bf6e60cc8ef288bde Mon Sep 17 00:00:00 2001 From: AsyncAws Bot Date: Fri, 13 Mar 2026 07:01:41 +0000 Subject: [PATCH] update generated code --- manifest.json | 2 +- src/Service/S3/CHANGELOG.md | 1 + src/Service/S3/src/Enum/BucketNamespace.php | 20 ++++++ .../S3/src/Input/CreateBucketRequest.php | 52 ++++++++++++++ src/Service/S3/src/S3Client.php | 72 +++++++++++-------- 5 files changed, 117 insertions(+), 30 deletions(-) create mode 100644 src/Service/S3/src/Enum/BucketNamespace.php diff --git a/manifest.json b/manifest.json index b98dfa8f7..005b690ab 100644 --- a/manifest.json +++ b/manifest.json @@ -1,6 +1,6 @@ { "variables": { - "${LATEST}": "3.372.2" + "${LATEST}": "3.373.1" }, "endpoints": "https://raw.githubusercontent.com/aws/aws-sdk-php/${LATEST}/src/data/endpoints.json", "services": { diff --git a/src/Service/S3/CHANGELOG.md b/src/Service/S3/CHANGELOG.md index 5dbddfaa1..16e36fe46 100644 --- a/src/Service/S3/CHANGELOG.md +++ b/src/Service/S3/CHANGELOG.md @@ -5,6 +5,7 @@ ### Added - Added `S3Client::getBucketLifecycleConfiguration()` and `S3Client::putBucketLifecycleConfiguration()` methods +- AWS api-change: Adds support for account regional namespaces for general purpose buckets. The account regional namespace is a reserved subdivision of the global bucket namespace where only your account can create general purpose buckets. ## 3.1.0 diff --git a/src/Service/S3/src/Enum/BucketNamespace.php b/src/Service/S3/src/Enum/BucketNamespace.php new file mode 100644 index 000000000..041dda688 --- /dev/null +++ b/src/Service/S3/src/Enum/BucketNamespace.php @@ -0,0 +1,20 @@ + true, + self::GLOBAL => true, + ][$value]); + } +} diff --git a/src/Service/S3/src/Input/CreateBucketRequest.php b/src/Service/S3/src/Input/CreateBucketRequest.php index a926627be..d2f523be4 100644 --- a/src/Service/S3/src/Input/CreateBucketRequest.php +++ b/src/Service/S3/src/Input/CreateBucketRequest.php @@ -7,6 +7,7 @@ use AsyncAws\Core\Request; use AsyncAws\Core\Stream\StreamFactory; use AsyncAws\S3\Enum\BucketCannedACL; +use AsyncAws\S3\Enum\BucketNamespace; use AsyncAws\S3\Enum\ObjectOwnership; use AsyncAws\S3\ValueObject\CreateBucketConfiguration; @@ -111,6 +112,29 @@ final class CreateBucketRequest extends Input */ private $objectOwnership; + /** + * Specifies the namespace where you want to create your general purpose bucket. When you create a general purpose + * bucket, you can choose to create a bucket in the shared global namespace or you can choose to create a bucket in your + * account regional namespace. Your account regional namespace is a subdivision of the global namespace that only your + * account can create buckets in. For more information on bucket namespaces, see Namespaces for general purpose buckets + * [^1]. + * + * General purpose buckets in your account regional namespace must follow a specific naming convention. These buckets + * consist of a bucket name prefix that you create, and a suffix that contains your 12-digit Amazon Web Services Account + * ID, the Amazon Web Services Region code, and ends with `-an`. Bucket names must follow the format + * `bucket-name-prefix-accountId-region-an` (for example, `amzn-s3-demo-bucket-111122223333-us-west-2-an`). For + * information about bucket naming restrictions, see Account regional namespace naming rules [^2] in the *Amazon S3 User + * Guide*. + * + * > This functionality is not supported for directory buckets. + * + * [^1]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/gpbucketnamespaces.html + * [^2]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/bucketnamingrules.html#account-regional-naming-rules + * + * @var BucketNamespace::*|null + */ + private $bucketNamespace; + /** * @param array{ * ACL?: BucketCannedACL::*|null, @@ -123,6 +147,7 @@ final class CreateBucketRequest extends Input * GrantWriteACP?: string|null, * ObjectLockEnabledForBucket?: bool|null, * ObjectOwnership?: ObjectOwnership::*|null, + * BucketNamespace?: BucketNamespace::*|null, * '@region'?: string|null, * } $input */ @@ -138,6 +163,7 @@ public function __construct(array $input = []) $this->grantWriteAcp = $input['GrantWriteACP'] ?? null; $this->objectLockEnabledForBucket = $input['ObjectLockEnabledForBucket'] ?? null; $this->objectOwnership = $input['ObjectOwnership'] ?? null; + $this->bucketNamespace = $input['BucketNamespace'] ?? null; parent::__construct($input); } @@ -153,6 +179,7 @@ public function __construct(array $input = []) * GrantWriteACP?: string|null, * ObjectLockEnabledForBucket?: bool|null, * ObjectOwnership?: ObjectOwnership::*|null, + * BucketNamespace?: BucketNamespace::*|null, * '@region'?: string|null, * }|CreateBucketRequest $input */ @@ -174,6 +201,14 @@ public function getBucket(): ?string return $this->bucket; } + /** + * @return BucketNamespace::*|null + */ + public function getBucketNamespace(): ?string + { + return $this->bucketNamespace; + } + public function getCreateBucketConfiguration(): ?CreateBucketConfiguration { return $this->createBucketConfiguration; @@ -256,6 +291,13 @@ public function request(): Request } $headers['x-amz-object-ownership'] = $this->objectOwnership; } + if (null !== $this->bucketNamespace) { + if (!BucketNamespace::exists($this->bucketNamespace)) { + /** @psalm-suppress NoValue */ + throw new InvalidArgument(\sprintf('Invalid parameter "BucketNamespace" for "%s". The value "%s" is not a valid "BucketNamespace".', __CLASS__, $this->bucketNamespace)); + } + $headers['x-amz-bucket-namespace'] = $this->bucketNamespace; + } // Prepare query $query = []; @@ -296,6 +338,16 @@ public function setBucket(?string $value): self return $this; } + /** + * @param BucketNamespace::*|null $value + */ + public function setBucketNamespace(?string $value): self + { + $this->bucketNamespace = $value; + + return $this; + } + public function setCreateBucketConfiguration(?CreateBucketConfiguration $value): self { $this->createBucketConfiguration = $value; diff --git a/src/Service/S3/src/S3Client.php b/src/Service/S3/src/S3Client.php index 99771b0ec..d055e426c 100644 --- a/src/Service/S3/src/S3Client.php +++ b/src/Service/S3/src/S3Client.php @@ -9,6 +9,7 @@ use AsyncAws\Core\RequestContext; use AsyncAws\Core\Result; use AsyncAws\S3\Enum\BucketCannedACL; +use AsyncAws\S3\Enum\BucketNamespace; use AsyncAws\S3\Enum\ChecksumAlgorithm; use AsyncAws\S3\Enum\ChecksumMode; use AsyncAws\S3\Enum\ChecksumType; @@ -457,9 +458,10 @@ public function completeMultipartUpload($input): CompleteMultipartUploadOutput * based on the source and destination bucket types in a `CopyObject` operation. * * - If the source object that you want to copy is in a directory bucket, you must have the - * **`s3express:CreateSession`** permission in the `Action` element of a policy to read the object. By default, - * the session is in the `ReadWrite` mode. If you want to restrict the access, you can explicitly set the - * `s3express:SessionMode` condition key to `ReadOnly` on the copy source bucket. + * **`s3express:CreateSession`** permission in the `Action` element of a policy to read the object. If no session + * mode is specified, the session will be created with the maximum allowable privilege, attempting `ReadWrite` + * first, then `ReadOnly` if `ReadWrite` is not permitted. If you want to explicitly restrict the access to be + * read-only, you can set the `s3express:SessionMode` condition key to `ReadOnly` on the copy source bucket. * - If the copy destination is a directory bucket, you must have the **`s3express:CreateSession`** permission in * the `Action` element of a policy to write the object to the destination. The `s3express:SessionMode` condition * key can't be set to `ReadOnly` on the copy destination bucket. @@ -605,18 +607,27 @@ public function copyObject($input): CopyObjectOutput * There are two types of buckets: general purpose buckets and directory buckets. For more information about these * bucket types, see Creating, configuring, and working with Amazon S3 buckets [^2] in the *Amazon S3 User Guide*. * + * General purpose buckets exist in a global namespace, which means that each bucket name must be unique across all + * Amazon Web Services accounts in all the Amazon Web Services Regions within a partition. A partition is a grouping of + * Regions. Amazon Web Services currently has four partitions: `aws` (Standard Regions), `aws-cn` (China Regions), + * `aws-us-gov` (Amazon Web Services GovCloud (US)), and `aws-eusc` (European Sovereign Cloud). When you create a + * general purpose bucket, you can choose to create a bucket in the shared global namespace or you can choose to create + * a bucket in your account regional namespace. Your account regional namespace is a subdivision of the global namespace + * that only your account can create buckets in. For more information on account regional namespaces, see Namespaces for + * general purpose buckets [^3]. + * * > - **General purpose buckets** - If you send your `CreateBucket` request to the `s3.amazonaws.com` global endpoint, * > the request goes to the `us-east-1` Region. So the signature calculations in Signature Version 4 must use * > `us-east-1` as the Region, even if the location constraint in the request specifies another Region where the * > bucket is to be created. If you create a bucket in a Region other than US East (N. Virginia), your application - * > must be able to handle 307 redirect. For more information, see Virtual hosting of buckets [^3] in the *Amazon S3 + * > must be able to handle 307 redirect. For more information, see Virtual hosting of buckets [^4] in the *Amazon S3 * > User Guide*. * > - **Directory buckets ** - For directory buckets, you must make requests for this API operation to the Regional * > endpoint. These endpoints support path-style requests in the format * > `https://s3express-control.*region-code*.amazonaws.com/*bucket-name*`. Virtual-hosted-style requests aren't * > supported. For more information about endpoints in Availability Zones, see Regional and Zonal endpoints for - * > directory buckets in Availability Zones [^4] in the *Amazon S3 User Guide*. For more information about endpoints - * > in Local Zones, see Concepts for directory buckets in Local Zones [^5] in the *Amazon S3 User Guide*. + * > directory buckets in Availability Zones [^5] in the *Amazon S3 User Guide*. For more information about endpoints + * > in Local Zones, see Concepts for directory buckets in Local Zones [^6] in the *Amazon S3 User Guide*. * > * * - `Permissions`: @@ -643,27 +654,27 @@ public function copyObject($input): CopyObjectOutput * ! For the majority of modern use cases in S3, we recommend that you keep all Block Public Access settings * ! enabled and keep ACLs disabled. If you would like to share data with users outside of your account, you can * ! use bucket policies as needed. For more information, see Controlling ownership of objects and disabling ACLs - * ! for your bucket [^6] and Blocking public access to your Amazon S3 storage [^7] in the *Amazon S3 User Guide*. + * ! for your bucket [^7] and Blocking public access to your Amazon S3 storage [^8] in the *Amazon S3 User Guide*. * * - **S3 Block Public Access** - If your specific use case requires granting public access to your S3 resources, * you can disable Block Public Access. Specifically, you can create a new bucket with Block Public Access - * enabled, then separately call the `DeletePublicAccessBlock` [^8] API. To use this operation, you must have the + * enabled, then separately call the `DeletePublicAccessBlock` [^9] API. To use this operation, you must have the * `s3:PutBucketPublicAccessBlock` permission. For more information about S3 Block Public Access, see Blocking - * public access to your Amazon S3 storage [^9] in the *Amazon S3 User Guide*. + * public access to your Amazon S3 storage [^10] in the *Amazon S3 User Guide*. * * - **Directory bucket permissions** - You must have the `s3express:CreateBucket` permission in an IAM identity-based * policy instead of a bucket policy. Cross-account access to this API operation isn't supported. This operation can * only be performed by the Amazon Web Services account that owns the resource. For more information about directory * bucket policies and permissions, see Amazon Web Services Identity and Access Management (IAM) for S3 Express One - * Zone [^10] in the *Amazon S3 User Guide*. + * Zone [^11] in the *Amazon S3 User Guide*. * * ! The permissions for ACLs, Object Lock, S3 Object Ownership, and S3 Block Public Access are not supported for * ! directory buckets. For directory buckets, all Block Public Access settings are enabled at the bucket level and * ! S3 Object Ownership is set to Bucket owner enforced (ACLs disabled). These settings can't be modified. * ! * ! For more information about permissions for creating and working with directory buckets, see Directory buckets - * ! [^11] in the *Amazon S3 User Guide*. For more information about supported S3 features for directory buckets, - * ! see Features of S3 Express One Zone [^12] in the *Amazon S3 User Guide*. + * ! [^12] in the *Amazon S3 User Guide*. For more information about supported S3 features for directory buckets, + * ! see Features of S3 Express One Zone [^13] in the *Amazon S3 User Guide*. * * * - `HTTP Host header syntax`: @@ -672,26 +683,27 @@ public function copyObject($input): CopyObjectOutput * * The following operations are related to `CreateBucket`: * - * - PutObject [^13] - * - DeleteBucket [^14] + * - PutObject [^14] + * - DeleteBucket [^15] * * ! You must URL encode any signed header values that contain spaces. For example, if your header value is `my * ! file.txt`, containing two spaces after `my`, you must URL encode this value to `my%20%20file.txt`. * * [^1]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_control_CreateBucket.html * [^2]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/creating-buckets-s3.html - * [^3]: https://docs.aws.amazon.com/AmazonS3/latest/dev/VirtualHosting.html - * [^4]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/endpoint-directory-buckets-AZ.html - * [^5]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-lzs-for-directory-buckets.html - * [^6]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html - * [^7]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-control-block-public-access.html - * [^8]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeletePublicAccessBlock.html - * [^9]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-control-block-public-access.html - * [^10]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-security-iam.html - * [^11]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-buckets-overview.html - * [^12]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-one-zone.html#s3-express-features - * [^13]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutObject.html - * [^14]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucket.html + * [^3]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/gpbucketnamespaces.html + * [^4]: https://docs.aws.amazon.com/AmazonS3/latest/dev/VirtualHosting.html + * [^5]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/endpoint-directory-buckets-AZ.html + * [^6]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-lzs-for-directory-buckets.html + * [^7]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/about-object-ownership.html + * [^8]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-control-block-public-access.html + * [^9]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeletePublicAccessBlock.html + * [^10]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-control-block-public-access.html + * [^11]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-security-iam.html + * [^12]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/directory-buckets-overview.html + * [^13]: https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-one-zone.html#s3-express-features + * [^14]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_PutObject.html + * [^15]: https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteBucket.html * * @see https://docs.aws.amazon.com/AmazonS3/latest/API/API_CreateBucket.html * @see https://docs.aws.amazon.com/aws-sdk-php/v3/api/api-s3-2006-03-01.html#createbucket @@ -707,6 +719,7 @@ public function copyObject($input): CopyObjectOutput * GrantWriteACP?: string|null, * ObjectLockEnabledForBucket?: bool|null, * ObjectOwnership?: ObjectOwnership::*|null, + * BucketNamespace?: BucketNamespace::*|null, * '@region'?: string|null, * }|CreateBucketRequest $input * @@ -3576,9 +3589,10 @@ public function uploadPart($input): UploadPartOutput * based on the source and destination bucket types in an `UploadPartCopy` operation. * * - If the source object that you want to copy is in a directory bucket, you must have the - * **`s3express:CreateSession`** permission in the `Action` element of a policy to read the object. By default, - * the session is in the `ReadWrite` mode. If you want to restrict the access, you can explicitly set the - * `s3express:SessionMode` condition key to `ReadOnly` on the copy source bucket. + * **`s3express:CreateSession`** permission in the `Action` element of a policy to read the object. If no session + * mode is specified, the session will be created with the maximum allowable privilege, attempting `ReadWrite` + * first, then `ReadOnly` if `ReadWrite` is not permitted. If you want to explicitly restrict the access to be + * read-only, you can set the `s3express:SessionMode` condition key to `ReadOnly` on the copy source bucket. * - If the copy destination is a directory bucket, you must have the **`s3express:CreateSession`** permission in * the `Action` element of a policy to write the object to the destination. The `s3express:SessionMode` condition * key cannot be set to `ReadOnly` on the copy destination.