-
Notifications
You must be signed in to change notification settings - Fork 180
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Retrieve server-side encryption setting on HeadObject #1143
Conversation
Signed-off-by: Alessandro Passaro <[email protected]>
Signed-off-by: Alessandro Passaro <[email protected]>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
a couple of non-blocking questions
let key = format!("{prefix}hello"); | ||
let expected_sdk_sse = match sse_type { | ||
None => aws_sdk_s3::types::ServerSideEncryption::Aes256, | ||
Some("AES256") => aws_sdk_s3::types::ServerSideEncryption::Aes256, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think, aws_sdk_s3::types::ServerSideEncryption
implements From<&str>
@@ -300,6 +300,12 @@ pub struct HeadObjectResult { | |||
/// HeadObject must explicitly request for this field to be included, | |||
/// otherwise the values will be empty. | |||
pub checksum: Checksum, | |||
|
|||
/// Server-side encryption type that was used to store the object. | |||
pub sse_type: Option<String>, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
do we expect this to be set for all objects? I think, Option<String>
in the client is fine, but in mountpoint code, what are we going to do if it is not set? (and what assumptions do we make about the state of such object)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is not currently used in Mountpoint.
|
||
/// See [Server-side encryption](https://docs.aws.amazon.com/AmazonS3/latest/userguide/s3-express-data-protection.html#s3-express-ecnryption) for directory buckets. | ||
#[test_case(None, None)] | ||
#[test_case(Some("AES256"), None)] |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
are those cases actually different from the HeadObject
perspective?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You are right. Remove and explained the limitation on directory bucket tests. If we want to expand them in the future, we'll need to configure a different bucket in the CI.
Signed-off-by: Alessandro Passaro <[email protected]>
Description of change
Add two new fields to
HeadObjectResult
:sse_type
: The server-side encryption algorithm used to store the object (header: "x-amz-server-side-encryption"),sse_kms_key_id
: The ID of the KMS key was used for object encryption, if present (header: "x-amz-server-side-encryption-aws-kms-key-id").Does this change impact existing behavior?
No. Only adds fields to a non-exhaustive type.
Does this change need a changelog entry in any of the crates?
Yes:
mountpoint-s3-client
.By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license and I agree to the terms of the Developer Certificate of Origin (DCO).