UpdateObjectEncryption changes the encryption configuration of an existing object in-place. The object must already be encrypted with SSE-S3 or SSE-KMS. SSE-C objects are not supported. This operation rotates the data encryption key envelope without re-reading/re-writing object data. Parameters: -
(ctx context.Context, bucketName, objectName string, opts UpdateObjectEncryptionOptions)
| 70 | // |
| 71 | // Returns the version ID of the updated object (if versioning is enabled) and an error if the operation fails. |
| 72 | func (c *Client) UpdateObjectEncryption(ctx context.Context, bucketName, objectName string, opts UpdateObjectEncryptionOptions) (UpdateObjectEncryptionResult, error) { |
| 73 | // Input validation. |
| 74 | if err := s3utils.CheckValidBucketName(bucketName); err != nil { |
| 75 | return UpdateObjectEncryptionResult{}, err |
| 76 | } |
| 77 | |
| 78 | if err := s3utils.CheckValidObjectName(objectName); err != nil { |
| 79 | return UpdateObjectEncryptionResult{}, err |
| 80 | } |
| 81 | |
| 82 | if opts.KMSKeyArn == "" { |
| 83 | return UpdateObjectEncryptionResult{}, errInvalidArgument("KMSKeyArn is required for UpdateObjectEncryption.") |
| 84 | } |
| 85 | |
| 86 | // Get resources properly escaped and lined up before |
| 87 | // using them in http request. |
| 88 | urlValues := make(url.Values) |
| 89 | urlValues.Set("encryption", "") |
| 90 | |
| 91 | if opts.VersionID != "" { |
| 92 | urlValues.Set("versionId", opts.VersionID) |
| 93 | } |
| 94 | |
| 95 | reqBody := updateObjectEncryptionRequest{ |
| 96 | XMLNS: "http://s3.amazonaws.com/doc/2006-03-01/", |
| 97 | SSEKMS: &updateObjectEncryptionSSEKMS{ |
| 98 | BucketKeyEnabled: opts.BucketKeyEnabled, |
| 99 | KMSKeyArn: opts.KMSKeyArn, |
| 100 | }, |
| 101 | } |
| 102 | |
| 103 | bodyData, err := xml.Marshal(reqBody) |
| 104 | if err != nil { |
| 105 | return UpdateObjectEncryptionResult{}, err |
| 106 | } |
| 107 | |
| 108 | reqMetadata := requestMetadata{ |
| 109 | bucketName: bucketName, |
| 110 | objectName: objectName, |
| 111 | queryValues: urlValues, |
| 112 | contentBody: bytes.NewReader(bodyData), |
| 113 | contentLength: int64(len(bodyData)), |
| 114 | contentMD5Base64: sumMD5Base64(bodyData), |
| 115 | contentSHA256Hex: sum256Hex(bodyData), |
| 116 | } |
| 117 | |
| 118 | // Execute PUT Object Encryption. |
| 119 | resp, err := c.executeMethod(ctx, http.MethodPut, reqMetadata) |
| 120 | defer closeResponse(resp) |
| 121 | if err != nil { |
| 122 | return UpdateObjectEncryptionResult{}, err |
| 123 | } |
| 124 | if resp.StatusCode != http.StatusOK { |
| 125 | return UpdateObjectEncryptionResult{}, httpRespToErrorResponse(resp, bucketName, objectName) |
| 126 | } |
| 127 | return UpdateObjectEncryptionResult{ |
| 128 | VersionID: resp.Header.Get(amzVersionID), |
| 129 | }, nil |