deps: update vendor dependencies for S3-compatible storage

Updates AWS SDK and removes Blazer B2 dependency in favor of unified
S3-compatible approach. Includes configuration examples and documentation.

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>

vendor/github.com/aws/aws-sdk-go/service/s3/endpoint.go

@@ -0,0 +1,299 @@
+package s3
+
+import (
+	"fmt"
+	"github.com/aws/aws-sdk-go/aws/awserr"
+	"github.com/aws/aws-sdk-go/aws/endpoints"
+	"net/url"
+	"strings"
+
+	"github.com/aws/aws-sdk-go/aws"
+	awsarn "github.com/aws/aws-sdk-go/aws/arn"
+	"github.com/aws/aws-sdk-go/aws/request"
+	"github.com/aws/aws-sdk-go/internal/s3shared"
+	"github.com/aws/aws-sdk-go/internal/s3shared/arn"
+)
+
+const (
+	s3Namespace              = "s3"
+	s3AccessPointNamespace   = "s3-accesspoint"
+	s3ObjectsLambdaNamespace = "s3-object-lambda"
+	s3OutpostsNamespace      = "s3-outposts"
+)
+
+// Used by shapes with members decorated as endpoint ARN.
+func parseEndpointARN(v string) (arn.Resource, error) {
+	return arn.ParseResource(v, accessPointResourceParser)
+}
+
+func accessPointResourceParser(a awsarn.ARN) (arn.Resource, error) {
+	resParts := arn.SplitResource(a.Resource)
+	switch resParts[0] {
+	case "accesspoint":
+		switch a.Service {
+		case s3Namespace:
+			return arn.ParseAccessPointResource(a, resParts[1:])
+		case s3ObjectsLambdaNamespace:
+			return parseS3ObjectLambdaAccessPointResource(a, resParts)
+		default:
+			return arn.AccessPointARN{}, arn.InvalidARNError{ARN: a, Reason: fmt.Sprintf("service is not %s or %s", s3Namespace, s3ObjectsLambdaNamespace)}
+		}
+	case "outpost":
+		if a.Service != "s3-outposts" {
+			return arn.OutpostAccessPointARN{}, arn.InvalidARNError{ARN: a, Reason: "service is not s3-outposts"}
+		}
+		return parseOutpostAccessPointResource(a, resParts[1:])
+	default:
+		return nil, arn.InvalidARNError{ARN: a, Reason: "unknown resource type"}
+	}
+}
+
+// parseOutpostAccessPointResource attempts to parse the ARNs resource as an
+// outpost access-point resource.
+//
+// Supported Outpost AccessPoint ARN format:
+//	- ARN format: arn:{partition}:s3-outposts:{region}:{accountId}:outpost/{outpostId}/accesspoint/{accesspointName}
+//	- example: arn:aws:s3-outposts:us-west-2:012345678901:outpost/op-1234567890123456/accesspoint/myaccesspoint
+//
+func parseOutpostAccessPointResource(a awsarn.ARN, resParts []string) (arn.OutpostAccessPointARN, error) {
+	// outpost accesspoint arn is only valid if service is s3-outposts
+	if a.Service != "s3-outposts" {
+		return arn.OutpostAccessPointARN{}, arn.InvalidARNError{ARN: a, Reason: "service is not s3-outposts"}
+	}
+
+	if len(resParts) == 0 {
+		return arn.OutpostAccessPointARN{}, arn.InvalidARNError{ARN: a, Reason: "outpost resource-id not set"}
+	}
+
+	if len(resParts) < 3 {
+		return arn.OutpostAccessPointARN{}, arn.InvalidARNError{
+			ARN: a, Reason: "access-point resource not set in Outpost ARN",
+		}
+	}
+
+	resID := strings.TrimSpace(resParts[0])
+	if len(resID) == 0 {
+		return arn.OutpostAccessPointARN{}, arn.InvalidARNError{ARN: a, Reason: "outpost resource-id not set"}
+	}
+
+	var outpostAccessPointARN = arn.OutpostAccessPointARN{}
+	switch resParts[1] {
+	case "accesspoint":
+		accessPointARN, err := arn.ParseAccessPointResource(a, resParts[2:])
+		if err != nil {
+			return arn.OutpostAccessPointARN{}, err
+		}
+		// set access-point arn
+		outpostAccessPointARN.AccessPointARN = accessPointARN
+	default:
+		return arn.OutpostAccessPointARN{}, arn.InvalidARNError{ARN: a, Reason: "access-point resource not set in Outpost ARN"}
+	}
+
+	// set outpost id
+	outpostAccessPointARN.OutpostID = resID
+	return outpostAccessPointARN, nil
+}
+
+func parseS3ObjectLambdaAccessPointResource(a awsarn.ARN, resParts []string) (arn.S3ObjectLambdaAccessPointARN, error) {
+	if a.Service != s3ObjectsLambdaNamespace {
+		return arn.S3ObjectLambdaAccessPointARN{}, arn.InvalidARNError{ARN: a, Reason: fmt.Sprintf("service is not %s", s3ObjectsLambdaNamespace)}
+	}
+
+	accessPointARN, err := arn.ParseAccessPointResource(a, resParts[1:])
+	if err != nil {
+		return arn.S3ObjectLambdaAccessPointARN{}, err
+	}
+
+	if len(accessPointARN.Region) == 0 {
+		return arn.S3ObjectLambdaAccessPointARN{}, arn.InvalidARNError{ARN: a, Reason: fmt.Sprintf("%s region not set", s3ObjectsLambdaNamespace)}
+	}
+
+	return arn.S3ObjectLambdaAccessPointARN{
+		AccessPointARN: accessPointARN,
+	}, nil
+}
+
+func endpointHandler(req *request.Request) {
+	endpoint, ok := req.Params.(endpointARNGetter)
+	if !ok || !endpoint.hasEndpointARN() {
+		updateBucketEndpointFromParams(req)
+		return
+	}
+
+	resource, err := endpoint.getEndpointARN()
+	if err != nil {
+		req.Error = s3shared.NewInvalidARNError(nil, err)
+		return
+	}
+
+	resReq := s3shared.ResourceRequest{
+		Resource: resource,
+		Request:  req,
+	}
+
+	if len(resReq.Request.ClientInfo.PartitionID) != 0 && resReq.IsCrossPartition() {
+		req.Error = s3shared.NewClientPartitionMismatchError(resource,
+			req.ClientInfo.PartitionID, aws.StringValue(req.Config.Region), nil)
+		return
+	}
+
+	if !resReq.AllowCrossRegion() && resReq.IsCrossRegion() {
+		req.Error = s3shared.NewClientRegionMismatchError(resource,
+			req.ClientInfo.PartitionID, aws.StringValue(req.Config.Region), nil)
+		return
+	}
+
+	switch tv := resource.(type) {
+	case arn.AccessPointARN:
+		err = updateRequestAccessPointEndpoint(req, tv)
+		if err != nil {
+			req.Error = err
+		}
+	case arn.S3ObjectLambdaAccessPointARN:
+		err = updateRequestS3ObjectLambdaAccessPointEndpoint(req, tv)
+		if err != nil {
+			req.Error = err
+		}
+	case arn.OutpostAccessPointARN:
+		// outposts does not support FIPS regions
+		if req.Config.UseFIPSEndpoint == endpoints.FIPSEndpointStateEnabled {
+			req.Error = s3shared.NewFIPSConfigurationError(resource, req.ClientInfo.PartitionID,
+				aws.StringValue(req.Config.Region), nil)
+			return
+		}
+
+		err = updateRequestOutpostAccessPointEndpoint(req, tv)
+		if err != nil {
+			req.Error = err
+		}
+	default:
+		req.Error = s3shared.NewInvalidARNError(resource, nil)
+	}
+}
+
+func updateBucketEndpointFromParams(r *request.Request) {
+	bucket, ok := bucketNameFromReqParams(r.Params)
+	if !ok {
+		// Ignore operation requests if the bucket name was not provided
+		// if this is an input validation error the validation handler
+		// will report it.
+		return
+	}
+	updateEndpointForS3Config(r, bucket)
+}
+
+func updateRequestAccessPointEndpoint(req *request.Request, accessPoint arn.AccessPointARN) error {
+	// Accelerate not supported
+	if aws.BoolValue(req.Config.S3UseAccelerate) {
+		return s3shared.NewClientConfiguredForAccelerateError(accessPoint,
+			req.ClientInfo.PartitionID, aws.StringValue(req.Config.Region), nil)
+	}
+
+	// Ignore the disable host prefix for access points
+	req.Config.DisableEndpointHostPrefix = aws.Bool(false)
+
+	if err := accessPointEndpointBuilder(accessPoint).build(req); err != nil {
+		return err
+	}
+
+	removeBucketFromPath(req.HTTPRequest.URL)
+
+	return nil
+}
+
+func updateRequestS3ObjectLambdaAccessPointEndpoint(req *request.Request, accessPoint arn.S3ObjectLambdaAccessPointARN) error {
+	// DualStack not supported
+	if isUseDualStackEndpoint(req) {
+		return s3shared.NewClientConfiguredForDualStackError(accessPoint,
+			req.ClientInfo.PartitionID, aws.StringValue(req.Config.Region), nil)
+	}
+
+	// Accelerate not supported
+	if aws.BoolValue(req.Config.S3UseAccelerate) {
+		return s3shared.NewClientConfiguredForAccelerateError(accessPoint,
+			req.ClientInfo.PartitionID, aws.StringValue(req.Config.Region), nil)
+	}
+
+	// Ignore the disable host prefix for access points
+	req.Config.DisableEndpointHostPrefix = aws.Bool(false)
+
+	if err := s3ObjectLambdaAccessPointEndpointBuilder(accessPoint).build(req); err != nil {
+		return err
+	}
+
+	removeBucketFromPath(req.HTTPRequest.URL)
+
+	return nil
+}
+
+func updateRequestOutpostAccessPointEndpoint(req *request.Request, accessPoint arn.OutpostAccessPointARN) error {
+	// Accelerate not supported
+	if aws.BoolValue(req.Config.S3UseAccelerate) {
+		return s3shared.NewClientConfiguredForAccelerateError(accessPoint,
+			req.ClientInfo.PartitionID, aws.StringValue(req.Config.Region), nil)
+	}
+
+	// Dualstack not supported
+	if isUseDualStackEndpoint(req) {
+		return s3shared.NewClientConfiguredForDualStackError(accessPoint,
+			req.ClientInfo.PartitionID, aws.StringValue(req.Config.Region), nil)
+	}
+
+	// Ignore the disable host prefix for access points
+	req.Config.DisableEndpointHostPrefix = aws.Bool(false)
+
+	if err := outpostAccessPointEndpointBuilder(accessPoint).build(req); err != nil {
+		return err
+	}
+
+	removeBucketFromPath(req.HTTPRequest.URL)
+	return nil
+}
+
+func removeBucketFromPath(u *url.URL) {
+	u.Path = strings.Replace(u.Path, "/{Bucket}", "", -1)
+	if u.Path == "" {
+		u.Path = "/"
+	}
+}
+
+func buildWriteGetObjectResponseEndpoint(req *request.Request) {
+	// DualStack not supported
+	if isUseDualStackEndpoint(req) {
+		req.Error = awserr.New("ConfigurationError", "client configured for dualstack but not supported for operation", nil)
+		return
+	}
+
+	// Accelerate not supported
+	if aws.BoolValue(req.Config.S3UseAccelerate) {
+		req.Error = awserr.New("ConfigurationError", "client configured for accelerate but not supported for operation", nil)
+		return
+	}
+
+	signingName := s3ObjectsLambdaNamespace
+	signingRegion := req.ClientInfo.SigningRegion
+
+	if !hasCustomEndpoint(req) {
+		endpoint, err := resolveRegionalEndpoint(req, aws.StringValue(req.Config.Region), req.ClientInfo.ResolvedRegion, EndpointsID)
+		if err != nil {
+			req.Error = awserr.New(request.ErrCodeSerialization, "failed to resolve endpoint", err)
+			return
+		}
+		signingRegion = endpoint.SigningRegion
+
+		if err = updateRequestEndpoint(req, endpoint.URL); err != nil {
+			req.Error = err
+			return
+		}
+		updateS3HostPrefixForS3ObjectLambda(req)
+	}
+
+	redirectSigner(req, signingName, signingRegion)
+}
+
+func isUseDualStackEndpoint(req *request.Request) bool {
+	if req.Config.UseDualStackEndpoint != endpoints.DualStackEndpointStateUnset {
+		return req.Config.UseDualStackEndpoint == endpoints.DualStackEndpointStateEnabled
+	}
+	return aws.BoolValue(req.Config.UseDualStack)
+}