client

package
v3.1.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Nov 11, 2024 License: Apache-2.0 Imports: 14 Imported by: 2

Documentation

Index

Constants

View Source
const DefaultMinFileSize = 1024 * 512 * 5

DefaultMinFileSize is used to check whether we want to write to a temp file or store the data in memory.

View Source
const EncryptionContext = "EncryptionContext"

EncryptionContext is used to extract Encryption Context to use on a per-request basis

Variables

This section is empty.

Functions

This section is empty.

Types

type EncryptionClientOptions

type EncryptionClientOptions struct {
	// TempFolderPath is used to store temp files when calling PutObject
	// Temporary files are needed to compute the X-Amz-Content-Sha256 header
	TempFolderPath string

	// MinFileSize is the minimum size for the content to write to a
	// temporary file instead of using memory
	MinFileSize int64

	// The logger to write logging messages to
	Logger *log.Logger

	// The CryptographicMaterialsManager to use to manage encryption and decryption materials
	CryptographicMaterialsManager materials.CryptographicMaterialsManager

	// EnableLegacyUnauthenticatedModes MUST be set to true in order to decrypt objects encrypted
	//using legacy (unauthenticated) modes such as AES/CBC
	EnableLegacyUnauthenticatedModes bool
}

EncryptionClientOptions is the configuration options for the S3 Encryption Client.

type GetObjectAPIClient

type GetObjectAPIClient interface {
	GetObject(context.Context, *s3.GetObjectInput, ...func(*s3.Options)) (*s3.GetObjectOutput, error)
}

GetObjectAPIClient is a client that implements the GetObject operation

type PutObjectAPIClient

type PutObjectAPIClient interface {
	PutObject(context.Context, *s3.PutObjectInput, ...func(*s3.Options)) (*s3.PutObjectOutput, error)
}

PutObjectAPIClient is a client that implements the PutObject operation

type S3EncryptionClientV3

type S3EncryptionClientV3 struct {
	*s3.Client                         // promoted anonymous field, it allows this type to call s3 Client methods
	Options    EncryptionClientOptions // options for encrypt/decrypt
}

S3EncryptionClientV3 provides client-side encryption for S3. The client embeds a default client to provide support for control plane operations which do not involve encryption.

func New

func New(s3Client *s3.Client, CryptographicMaterialsManager materials.CryptographicMaterialsManager, optFns ...func(options *EncryptionClientOptions)) (*S3EncryptionClientV3, error)

New creates a new S3 Encryption Client v3 with the given CryptographicMaterialsManager

func (*S3EncryptionClientV3) GetObject

func (c *S3EncryptionClientV3) GetObject(ctx context.Context, input *s3.GetObjectInput, optFns ...func(*s3.Options)) (*s3.GetObjectOutput, error)

GetObject will make a request to s3 and retrieve the object. In this process decryption will be done. The SDK only supports region reads of KMS and GCM.

func (*S3EncryptionClientV3) PutObject

func (c *S3EncryptionClientV3) PutObject(ctx context.Context, input *s3.PutObjectInput, optFns ...func(*s3.Options)) (*s3.PutObjectOutput, error)

PutObject will make encrypt the contents before sending the data to S3. Depending on the MinFileSize a temporary file may be used to buffer the encrypted contents to.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL