MCPcopy
hub / github.com/minio/minio-go / UpdateObjectEncryption

Method UpdateObjectEncryption

api-update-object-encryption.go:72–130  ·  view source on GitHub ↗

UpdateObjectEncryption changes the encryption configuration of an existing object in-place. The object must already be encrypted with SSE-S3 or SSE-KMS. SSE-C objects are not supported. This operation rotates the data encryption key envelope without re-reading/re-writing object data. Parameters: -

(ctx context.Context, bucketName, objectName string, opts UpdateObjectEncryptionOptions)

Source from the content-addressed store, hash-verified

70//
71// Returns the version ID of the updated object (if versioning is enabled) and an error if the operation fails.
72func (c *Client) UpdateObjectEncryption(ctx context.Context, bucketName, objectName string, opts UpdateObjectEncryptionOptions) (UpdateObjectEncryptionResult, error) {
73 // Input validation.
74 if err := s3utils.CheckValidBucketName(bucketName); err != nil {
75 return UpdateObjectEncryptionResult{}, err
76 }
77
78 if err := s3utils.CheckValidObjectName(objectName); err != nil {
79 return UpdateObjectEncryptionResult{}, err
80 }
81
82 if opts.KMSKeyArn == "" {
83 return UpdateObjectEncryptionResult{}, errInvalidArgument("KMSKeyArn is required for UpdateObjectEncryption.")
84 }
85
86 // Get resources properly escaped and lined up before
87 // using them in http request.
88 urlValues := make(url.Values)
89 urlValues.Set("encryption", "")
90
91 if opts.VersionID != "" {
92 urlValues.Set("versionId", opts.VersionID)
93 }
94
95 reqBody := updateObjectEncryptionRequest{
96 XMLNS: "http://s3.amazonaws.com/doc/2006-03-01/",
97 SSEKMS: &updateObjectEncryptionSSEKMS{
98 BucketKeyEnabled: opts.BucketKeyEnabled,
99 KMSKeyArn: opts.KMSKeyArn,
100 },
101 }
102
103 bodyData, err := xml.Marshal(reqBody)
104 if err != nil {
105 return UpdateObjectEncryptionResult{}, err
106 }
107
108 reqMetadata := requestMetadata{
109 bucketName: bucketName,
110 objectName: objectName,
111 queryValues: urlValues,
112 contentBody: bytes.NewReader(bodyData),
113 contentLength: int64(len(bodyData)),
114 contentMD5Base64: sumMD5Base64(bodyData),
115 contentSHA256Hex: sum256Hex(bodyData),
116 }
117
118 // Execute PUT Object Encryption.
119 resp, err := c.executeMethod(ctx, http.MethodPut, reqMetadata)
120 defer closeResponse(resp)
121 if err != nil {
122 return UpdateObjectEncryptionResult{}, err
123 }
124 if resp.StatusCode != http.StatusOK {
125 return UpdateObjectEncryptionResult{}, httpRespToErrorResponse(resp, bucketName, objectName)
126 }
127 return UpdateObjectEncryptionResult{
128 VersionID: resp.Header.Get(amzVersionID),
129 }, nil

Calls 11

executeMethodMethod · 0.95
CheckValidBucketNameFunction · 0.92
CheckValidObjectNameFunction · 0.92
errInvalidArgumentFunction · 0.85
sumMD5Base64Function · 0.85
sum256HexFunction · 0.85
httpRespToErrorResponseFunction · 0.85
closeResponseFunction · 0.70
MarshalMethod · 0.65
SetMethod · 0.45
GetMethod · 0.45