getObjectAttributes method
Retrieves all of the metadata from an object without returning the object itself. This operation is useful if you're interested only in an object's metadata.
GetObjectAttributes combines the functionality of
HeadObject and ListParts. All of the data
returned with both of those individual calls can be returned with a single
call to GetObjectAttributes.
- Permissions
-
-
General purpose bucket permissions - To use
GetObjectAttributes, you must have READ access to the object.The other permissions that you need to use this operation depend on whether the bucket is versioned and if a version ID is passed in the
GetObjectAttributesrequest.-
If you pass a version ID in your request, you need both the
s3:GetObjectVersionands3:GetObjectVersionAttributespermissions. -
If you do not pass a version ID in your request, you need the
s3:GetObjectands3:GetObjectAttributespermissions.
If the object that you request does not exist, the error Amazon S3 returns depends on whether you also have the
s3:ListBucketpermission.-
If you have the
s3:ListBucketpermission on the bucket, Amazon S3 returns an HTTP status code404 Not Found("no such key") error. -
If you don't have the
s3:ListBucketpermission, Amazon S3 returns an HTTP status code403 Forbidden("access denied") error.
-
If you pass a version ID in your request, you need both the
-
Directory bucket permissions - To grant access to this API
operation on a directory bucket, we recommend that you use the
CreateSessionAPI operation for session-based authorization. Specifically, you grant thes3express:CreateSessionpermission to the directory bucket in a bucket policy or an IAM identity-based policy. Then, you make theCreateSessionAPI call on the bucket to obtain a session token. With the session token in your request header, you can make API requests to this operation. After the session token expires, you make anotherCreateSessionAPI call to generate a new session token for use. Amazon Web Services CLI or SDKs create session and refresh the session token automatically to avoid service interruptions when a session expires. For more information about authorization, seeCreateSession.If the object is encrypted with SSE-KMS, you must also have the
kms:GenerateDataKeyandkms:Decryptpermissions in IAM identity-based policies and KMS key policies for the KMS key.
-
General purpose bucket permissions - To use
- Encryption
-
If you encrypted an object when you stored the object in Amazon S3 by
using server-side encryption with customer-provided encryption keys
(SSE-C), then when you retrieve the metadata from the object, you must use
the following headers. These headers provide the server with the
encryption key required to retrieve the object's metadata. The headers
are:
-
x-amz-server-side-encryption-customer-algorithm -
x-amz-server-side-encryption-customer-key -
x-amz-server-side-encryption-customer-key-MD5
-
- Versioning
-
Directory buckets - S3 Versioning isn't enabled and supported for
directory buckets. For this API operation, only the
nullvalue of the version ID is supported by directory buckets. You can only specifynullto theversionIdquery parameter in the request. - Conditional request headers
-
Consider the following when using request headers:
-
If both of the
If-MatchandIf-Unmodified-Sinceheaders are present in the request as follows, then Amazon S3 returns the HTTP status code200 OKand the data requested:-
If-Matchcondition evaluates totrue. -
If-Unmodified-Sincecondition evaluates tofalse.
-
-
If both of the
If-None-MatchandIf-Modified-Sinceheaders are present in the request as follows, then Amazon S3 returns the HTTP status code304 Not Modified:-
If-None-Matchcondition evaluates tofalse. -
If-Modified-Sincecondition evaluates totrue.
-
-
If both of the
- HTTP Host header syntax
-
Directory buckets - The HTTP Host header syntax is
Bucket-name.s3express-zone-id.region-code.amazonaws.com.
GetObjectAttributes:
- GetObject
- GetObjectAcl
- GetObjectLegalHold
- GetObjectLockConfiguration
- GetObjectRetention
- GetObjectTagging
- HeadObject
- ListParts
May throw NoSuchKey.
Parameter bucket :
The name of the bucket that contains the object.
Directory buckets - When you use this operation with a directory
bucket, you must use virtual-hosted-style requests in the format
Bucket-name.s3express-zone-id.region-code.amazonaws.com.
Path-style requests are not supported. Directory bucket names must be
unique in the chosen Zone (Availability Zone or Local Zone). Bucket names
must follow the format
bucket-base-name--zone-id--x-s3 (for example,
amzn-s3-demo-bucket--usw2-az1--x-s3). For information
about bucket naming restrictions, see Directory
bucket naming rules in the Amazon S3 User Guide.
Access points - When you use this action with an access point for
general purpose buckets, you must provide the alias of the access point in
place of the bucket name or specify the access point ARN. When you use
this action with an access point for directory buckets, you must provide
the access point name in place of the bucket name. When using the access
point ARN, you must direct requests to the access point hostname. The
access point hostname takes the form
AccessPointName-AccountId.s3-accesspoint.Region.amazonaws.com.
When using this action with an access point through the Amazon Web
Services SDKs, you provide the access point ARN in place of the bucket
name. For more information about access point ARNs, see Using
access points in the Amazon S3 User Guide.
S3 on Outposts - When you use this action with S3 on Outposts, you
must direct requests to the S3 on Outposts hostname. The S3 on Outposts
hostname takes the form
AccessPointName-AccountId.outpostID.s3-outposts.Region.amazonaws.com.
When you use this action with S3 on Outposts, the destination bucket must
be the Outposts access point ARN or the access point alias. For more
information about S3 on Outposts, see What
is S3 on Outposts? in the Amazon S3 User Guide.
Parameter key :
The object key.
Parameter objectAttributes :
Specifies the fields at the root level that you want returned in the
response. Fields that you do not specify are not returned.
Parameter expectedBucketOwner :
The account ID of the expected bucket owner. If the account ID that you
provide does not match the actual owner of the bucket, the request fails
with the HTTP status code 403 Forbidden (access denied).
Parameter maxParts :
Sets the maximum number of parts to return. For more information, see Uploading
and copying objects using multipart upload in Amazon S3 in the
Amazon Simple Storage Service user guide.
Parameter partNumberMarker :
Specifies the part after which listing should begin. Only parts with
higher part numbers will be listed. For more information, see Uploading
and copying objects using multipart upload in Amazon S3 in the
Amazon Simple Storage Service user guide.
Parameter sSECustomerAlgorithm :
Specifies the algorithm to use when encrypting the object (for example,
AES256).
Parameter sSECustomerKey :
Specifies the customer-provided encryption key for Amazon S3 to use in
encrypting data. This value is used to store the object and then it is
discarded; Amazon S3 does not store the encryption key. The key must be
appropriate for use with the algorithm specified in the
x-amz-server-side-encryption-customer-algorithm header.
Parameter sSECustomerKeyMD5 :
Specifies the 128-bit MD5 digest of the encryption key according to RFC
1321. Amazon S3 uses this header for a message integrity check to ensure
that the encryption key was transmitted without error.
Parameter versionId :
The version ID used to reference a specific version of the object.
Implementation
Future<GetObjectAttributesOutput> getObjectAttributes({
required String bucket,
required String key,
required List<ObjectAttributes> objectAttributes,
String? expectedBucketOwner,
int? maxParts,
String? partNumberMarker,
RequestPayer? requestPayer,
String? sSECustomerAlgorithm,
String? sSECustomerKey,
String? sSECustomerKeyMD5,
String? versionId,
}) async {
final headers = <String, String>{
'x-amz-object-attributes':
objectAttributes.map((e) => e.value).join(', '),
if (expectedBucketOwner != null)
'x-amz-expected-bucket-owner': expectedBucketOwner.toString(),
if (maxParts != null) 'x-amz-max-parts': maxParts.toString(),
if (partNumberMarker != null)
'x-amz-part-number-marker': partNumberMarker.toString(),
if (requestPayer != null) 'x-amz-request-payer': requestPayer.value,
if (sSECustomerAlgorithm != null)
'x-amz-server-side-encryption-customer-algorithm':
sSECustomerAlgorithm.toString(),
if (sSECustomerKey != null)
'x-amz-server-side-encryption-customer-key': sSECustomerKey.toString(),
if (sSECustomerKeyMD5 != null)
'x-amz-server-side-encryption-customer-key-MD5':
sSECustomerKeyMD5.toString(),
};
final $query = <String, List<String>>{
if (versionId != null) 'versionId': [versionId],
};
final $result = await _protocol.sendRaw(
method: 'GET',
requestUri:
'/${Uri.encodeComponent(bucket)}/${key.split('/').map(Uri.encodeComponent).join('/')}?attributes',
queryParams: $query,
headers: headers,
exceptionFnMap: _exceptionFns,
);
final $elem = await _s.xmlFromResponse($result);
return GetObjectAttributesOutput(
checksum: _s.extractXmlChild($elem, 'Checksum')?.let(Checksum.fromXml),
eTag: _s.extractXmlStringValue($elem, 'ETag'),
objectParts: _s
.extractXmlChild($elem, 'ObjectParts')
?.let(GetObjectAttributesParts.fromXml),
objectSize: _s.extractXmlIntValue($elem, 'ObjectSize'),
storageClass: _s
.extractXmlStringValue($elem, 'StorageClass')
?.let(StorageClass.fromString),
deleteMarker:
_s.extractHeaderBoolValue($result.headers, 'x-amz-delete-marker'),
lastModified:
_s.extractHeaderDateTimeValue($result.headers, 'Last-Modified'),
requestCharged: _s
.extractHeaderStringValue($result.headers, 'x-amz-request-charged')
?.let(RequestCharged.fromString),
versionId:
_s.extractHeaderStringValue($result.headers, 'x-amz-version-id'),
);
}