aws-sdk-s3 1.10.0 → 1.208.0

data/lib/aws-sdk-s3/customizations.rb

@@ -1,30 +1,33 @@
-# utility classes
-require 'aws-sdk-s3/bucket_region_cache'
-require 'aws-sdk-s3/encryption'
-require 'aws-sdk-s3/file_part'
-require 'aws-sdk-s3/file_uploader'
-require 'aws-sdk-s3/file_downloader'
-require 'aws-sdk-s3/legacy_signer'
-require 'aws-sdk-s3/multipart_file_uploader'
-require 'aws-sdk-s3/multipart_upload_error'
-require 'aws-sdk-s3/object_copier'
-require 'aws-sdk-s3/object_multipart_copier'
-require 'aws-sdk-s3/presigned_post'
-require 'aws-sdk-s3/presigner'
+# frozen_string_literal: true
 
-# customizations to generated classes
-require 'aws-sdk-s3/customizations/bucket'
-require 'aws-sdk-s3/customizations/object'
-require 'aws-sdk-s3/customizations/object_summary'
-require 'aws-sdk-s3/customizations/multipart_upload'
-require 'aws-sdk-s3/customizations/types/list_object_versions_output'
+module Aws
+  module S3
+    # utility classes
+    autoload :BucketRegionCache, 'aws-sdk-s3/bucket_region_cache'
+    autoload :Encryption, 'aws-sdk-s3/encryption'
+    autoload :EncryptionV2, 'aws-sdk-s3/encryption_v2'
+    autoload :EncryptionV3, 'aws-sdk-s3/encryption_v3'
+    autoload :FilePart, 'aws-sdk-s3/file_part'
+    autoload :DefaultExecutor, 'aws-sdk-s3/default_executor'
+    autoload :FileUploader, 'aws-sdk-s3/file_uploader'
+    autoload :FileDownloader, 'aws-sdk-s3/file_downloader'
+    autoload :LegacySigner, 'aws-sdk-s3/legacy_signer'
+    autoload :MultipartDownloadError, 'aws-sdk-s3/multipart_download_error'
+    autoload :MultipartFileUploader, 'aws-sdk-s3/multipart_file_uploader'
+    autoload :MultipartStreamUploader, 'aws-sdk-s3/multipart_stream_uploader'
+    autoload :MultipartUploadError, 'aws-sdk-s3/multipart_upload_error'
+    autoload :ObjectCopier, 'aws-sdk-s3/object_copier'
+    autoload :ObjectMultipartCopier, 'aws-sdk-s3/object_multipart_copier'
+    autoload :PresignedPost, 'aws-sdk-s3/presigned_post'
+    autoload :Presigner, 'aws-sdk-s3/presigner'
+    autoload :TransferManager, 'aws-sdk-s3/transfer_manager'
 
-[
-  Aws::S3::Object::Collection,
-  Aws::S3::ObjectSummary::Collection,
-  Aws::S3::ObjectVersion::Collection,
-].each do |klass|
-  klass.send(:alias_method, :delete, :batch_delete!)
-  klass.send(:extend, Aws::Deprecations)
-  klass.send(:deprecated, :delete, use: :batch_delete!)
+    # s3 express session auth
+    autoload :ExpressCredentials, 'aws-sdk-s3/express_credentials'
+    autoload :ExpressCredentialsProvider, 'aws-sdk-s3/express_credentials_provider'
+
+    # s3 access grants auth
+    autoload :AccessGrantsCredentials, 'aws-sdk-s3/access_grants_credentials'
+    autoload :AccessGrantsCredentialsProvider, 'aws-sdk-s3/access_grants_credentials_provider'
+  end
 end

data/lib/aws-sdk-s3/default_executor.rb

@@ -0,0 +1,103 @@
+# frozen_string_literal: true
+
+module Aws
+  module S3
+    # @api private
+    class DefaultExecutor
+      DEFAULT_MAX_THREADS = 10
+      RUNNING = :running
+      SHUTTING_DOWN = :shutting_down
+      SHUTDOWN = :shutdown
+
+      def initialize(options = {})
+        @max_threads = options[:max_threads] || DEFAULT_MAX_THREADS
+        @state = RUNNING
+        @queue = Queue.new
+        @pool = []
+        @mutex = Mutex.new
+      end
+
+      # Submits a task for execution.
+      # @param [Object] args Variable number of arguments to pass to the block
+      # @param [Proc] block The block to be executed
+      # @return [Boolean] Returns true if the task was submitted successfully
+      def post(*args, &block)
+        @mutex.synchronize do
+          raise 'Executor has been shutdown and is no longer accepting tasks' unless @state == RUNNING
+
+          @queue << [args, block]
+          ensure_worker_available
+        end
+        true
+      end
+
+      # Immediately terminates all worker threads and clears pending tasks.
+      # This is a forceful shutdown that doesn't wait for running tasks to complete.
+      #
+      # @return [Boolean] true when termination is complete
+      def kill
+        @mutex.synchronize do
+          @state = SHUTDOWN
+          @pool.each(&:kill)
+          @pool.clear
+          @queue.clear
+        end
+        true
+      end
+
+      # Gracefully shuts down the executor, optionally with a timeout.
+      # Stops accepting new tasks and waits for running tasks to complete.
+      #
+      # @param timeout [Numeric, nil] Maximum time in seconds to wait for shutdown.
+      #   If nil, waits indefinitely. If timeout expires, remaining threads are killed.
+      # @return [Boolean] true when shutdown is complete
+      def shutdown(timeout = nil)
+        @mutex.synchronize do
+          return true if @state == SHUTDOWN
+
+          @state = SHUTTING_DOWN
+          @pool.size.times { @queue << :shutdown }
+        end
+
+        if timeout
+          deadline = Time.now + timeout
+          @pool.each do |thread|
+            remaining = deadline - Time.now
+            break if remaining <= 0
+
+            thread.join([remaining, 0].max)
+          end
+          @pool.select(&:alive?).each(&:kill)
+        else
+          @pool.each(&:join)
+        end
+
+        @mutex.synchronize do
+          @pool.clear
+          @state = SHUTDOWN
+        end
+        true
+      end
+
+      private
+
+      def ensure_worker_available
+        return unless @state == RUNNING
+
+        @pool.select!(&:alive?)
+        @pool << spawn_worker if @pool.size < @max_threads
+      end
+
+      def spawn_worker
+        Thread.new do
+          while (job = @queue.shift)
+            break if job == :shutdown
+
+            args, block = job
+            block.call(*args)
+          end
+        end
+      end
+    end
+  end
+end

data/lib/aws-sdk-s3/encryption/client.rb

@@ -1,6 +1,14 @@
+# frozen_string_literal: true
+
+require 'forwardable'
+
 module Aws
   module S3
 
+    # [MAINTENANCE MODE] There is a new version of the Encryption Client.
+    # AWS strongly recommends upgrading to the {Aws::S3::EncryptionV3::Client},
+    # which provides updated data security best practices.
+    # See documentation for {Aws::S3::EncryptionV3::Client}.
     # Provides an encryption client that encrypts and decrypts data client-side,
     # storing the encrypted data in Amazon S3.
     #
@@ -112,7 +120,7 @@ module Aws
     #       attr_reader :encryption_materials
     #
     #       def key_for(matdesc)
-    #         key_name = JSON.load(matdesc)['key']
+    #         key_name = JSON.parse(matdesc)['key']
     #         if key = @keys[key_name]
     #           key
     #         else
@@ -178,8 +186,10 @@ module Aws
       class Client
 
         extend Deprecations
+        extend Forwardable
+        def_delegators :@client, :config, :delete_object, :head_object, :build_request
 
-        # Creates a new encryption client. You must provide on of the following
+        # Creates a new encryption client. You must provide one of the following
         # options:
         #
         # * `:encryption_key`
@@ -223,6 +233,13 @@ module Aws
           @envelope_location = extract_location(options)
           @instruction_file_suffix = extract_suffix(options)
         end
+        deprecated :initialize,
+                   message:
+                     '[MAINTENANCE MODE] This version of the S3 Encryption client is currently in maintenance mode. ' \
+	                     'AWS strongly recommends upgrading to the Aws::S3::EncryptionV2::Client, ' \
+	                     'which provides updated data security best practices. ' \
+	                     'See documentation for Aws::S3::EncryptionV2::Client.'
+
 
         # @return [S3::Client]
         attr_reader :client
@@ -253,7 +270,9 @@ module Aws
             envelope_location: @envelope_location,
             instruction_file_suffix: @instruction_file_suffix,
           }
-          req.send_request
+          Aws::Plugins::UserAgent.metric('S3_CRYPTO_V1N') do
+            req.send_request
+          end
         end
 
         # Gets an object from Amazon S3, decrypting  data locally.
@@ -281,7 +300,9 @@ module Aws
             envelope_location: envelope_location,
             instruction_file_suffix: instruction_file_suffix,
           }
-          req.send_request(target: block)
+          Aws::Plugins::UserAgent.metric('S3_CRYPTO_V1N') do
+            req.send_request(target: block)
+          end
         end
 
         private
@@ -327,7 +348,7 @@ module Aws
           elsif options[:encryption_key]
             DefaultKeyProvider.new(options)
           else
-            msg = "you must pass a :kms_key_id, :key_provider, or :encryption_key"
+            msg = 'you must pass a :kms_key_id, :key_provider, or :encryption_key'
             raise ArgumentError, msg
           end
         end
@@ -347,8 +368,8 @@ module Aws
           if [:metadata, :instruction_file].include?(location)
             location
           else
-            msg = ":envelope_location must be :metadata or :instruction_file "
-            msg << "got #{location.inspect}"
+            msg = ':envelope_location must be :metadata or :instruction_file '\
+                  "got #{location.inspect}"
             raise ArgumentError, msg
           end
         end
@@ -358,7 +379,7 @@ module Aws
           if String === suffix
             suffix
           else
-            msg = ":instruction_file_suffix must be a String"
+            msg = ':instruction_file_suffix must be a String'
             raise ArgumentError, msg
           end
         end

data/lib/aws-sdk-s3/encryption/decrypt_handler.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require 'base64'
 
 module Aws
@@ -5,6 +7,7 @@ module Aws
     module Encryption
       # @api private
       class DecryptHandler < Seahorse::Client::Handler
+        @@warned_response_target_proc = false
 
         V1_ENVELOPE_KEYS = %w(
           x-amz-key
@@ -20,7 +23,17 @@ module Aws
           x-amz-matdesc
         )
 
-        POSSIBLE_ENVELOPE_KEYS = (V1_ENVELOPE_KEYS + V2_ENVELOPE_KEYS).uniq
+        V2_OPTIONAL_KEYS = %w(x-amz-tag-len)
+
+        POSSIBLE_ENVELOPE_KEYS = (V1_ENVELOPE_KEYS +
+          V2_ENVELOPE_KEYS + V2_OPTIONAL_KEYS).uniq
+
+        POSSIBLE_WRAPPING_FORMATS = %w(
+          AES/GCM
+          kms
+          kms+context
+          RSA-OAEP-SHA1
+        )
 
         POSSIBLE_ENCRYPTION_FORMATS = %w(
           AES/GCM/NoPadding
@@ -28,8 +41,21 @@ module Aws
           AES/CBC/PKCS7Padding
         )
 
+        AUTH_REQUIRED_CEK_ALGS = %w(AES/GCM/NoPadding)
+
         def call(context)
           attach_http_event_listeners(context)
+          apply_cse_user_agent(context)
+
+          if context[:response_target].is_a?(Proc) && !@@warned_response_target_proc
+            @@warned_response_target_proc = true
+            warn(':response_target is a Proc, or a block was provided. ' \
+              'Read the entire object to the ' \
+              'end before you start using the decrypted data. This is to ' \
+              'verify that the object has not been modified since it ' \
+              'was encrypted.')
+          end
+
           @handler.call(context)
         end
 
@@ -38,9 +64,9 @@ module Aws
         def attach_http_event_listeners(context)
 
           context.http_response.on_headers(200) do
-            cipher = decryption_cipher(context)
-            decrypter = body_contains_auth_tag?(context) ?
-              authenticated_decrypter(context, cipher) :
+            cipher, envelope = decryption_cipher(context)
+            decrypter = body_contains_auth_tag?(envelope) ?
+              authenticated_decrypter(context, cipher, envelope) :
               IODecrypter.new(cipher, context.http_response.body)
             context.http_response.body = decrypter
           end
@@ -60,8 +86,13 @@ module Aws
         end
 
         def decryption_cipher(context)
-          if envelope = get_encryption_envelope(context)
-            context[:encryption][:cipher_provider].decryption_cipher(envelope)
+          if (envelope = get_encryption_envelope(context))
+            cipher = context[:encryption][:cipher_provider]
+                     .decryption_cipher(
+                       envelope,
+                       context[:encryption]
+                     )
+            [cipher, envelope]
           else
             raise Errors::DecryptionError, "unable to locate encryption envelope"
           end
@@ -97,13 +128,12 @@ module Aws
         end
 
         def extract_envelope(hash)
+          return nil unless hash
           return v1_envelope(hash) if hash.key?('x-amz-key')
           return v2_envelope(hash) if hash.key?('x-amz-key-v2')
           if hash.keys.any? { |key| key.match(/^x-amz-key-(.+)$/) }
             msg = "unsupported envelope encryption version #{$1}"
             raise Errors::DecryptionError, msg
-          else
-            nil # no envelope found
           end
         end
 
@@ -117,39 +147,27 @@ module Aws
             msg = "unsupported content encrypting key (cek) format: #{alg}"
             raise Errors::DecryptionError, msg
           end
-          unless envelope['x-amz-wrap-alg'] == 'kms'
-            # possible to support
-            #   RSA/ECB/OAEPWithSHA-256AndMGF1Padding
+          unless POSSIBLE_WRAPPING_FORMATS.include? envelope['x-amz-wrap-alg']
             alg = envelope['x-amz-wrap-alg'].inspect
             msg = "unsupported key wrapping algorithm: #{alg}"
             raise Errors::DecryptionError, msg
           end
-          unless V2_ENVELOPE_KEYS.sort == envelope.keys.sort
+          unless (missing_keys = V2_ENVELOPE_KEYS - envelope.keys).empty?
             msg = "incomplete v2 encryption envelope:\n"
-            msg += "  expected: #{V2_ENVELOPE_KEYS.join(',')}\n"
-            msg += "  got: #{envelope_keys.join(', ')}"
+            msg += "  missing: #{missing_keys.join(',')}\n"
             raise Errors::DecryptionError, msg
           end
           envelope
         end
 
-        # When the x-amz-meta-x-amz-tag-len header is present, it indicates
-        # that the body of this object has a trailing auth tag. The header
-        # indicates the length of that tag.
-        #
         # This method fetches the tag from the end of the object by
         # making a GET Object w/range request. This auth tag is used
         # to initialize the cipher, and the decrypter truncates the
         # auth tag from the body when writing the final bytes.
-        def authenticated_decrypter(context, cipher)
-          if RUBY_VERSION.match(/1.9/)
-            raise "authenticated decryption not supported by OpeenSSL in Ruby version ~> 1.9"
-            raise Aws::Errors::NonSupportedRubyVersionError, msg
-          end
+        def authenticated_decrypter(context, cipher, envelope)
           http_resp = context.http_response
           content_length = http_resp.headers['content-length'].to_i
-          auth_tag_length = http_resp.headers['x-amz-meta-x-amz-tag-len']
-          auth_tag_length = auth_tag_length.to_i / 8
+          auth_tag_length = auth_tag_length(envelope)
 
           auth_tag = context.client.get_object(
             bucket: context.params[:bucket],
@@ -161,16 +179,40 @@ module Aws
           cipher.auth_data = ''
 
           # The encrypted object contains both the cipher text
-          # plus a trailing auth tag. This decrypter will the body
-          # expect for the trailing auth tag.
+          # plus a trailing auth tag.
           IOAuthDecrypter.new(
             io: http_resp.body,
             encrypted_content_length: content_length - auth_tag_length,
             cipher: cipher)
         end
 
-        def body_contains_auth_tag?(context)
-          context.http_response.headers['x-amz-meta-x-amz-tag-len']
+        def body_contains_auth_tag?(envelope)
+          AUTH_REQUIRED_CEK_ALGS.include?(envelope['x-amz-cek-alg'])
+        end
+
+        # Determine the auth tag length from the algorithm
+        # Validate it against the value provided in the x-amz-tag-len
+        # Return the tag length in bytes
+        def auth_tag_length(envelope)
+          tag_length =
+            case envelope['x-amz-cek-alg']
+            when 'AES/GCM/NoPadding' then AES_GCM_TAG_LEN_BYTES
+            else
+              raise ArgumentError, 'Unsupported cek-alg: ' \
+                "#{envelope['x-amz-cek-alg']}"
+            end
+          if (tag_length * 8) != envelope['x-amz-tag-len'].to_i
+            raise Errors::DecryptionError, 'x-amz-tag-len does not match expected'
+          end
+          tag_length
+        end
+
+        def apply_cse_user_agent(context)
+          if context.config.user_agent_suffix.nil?
+            context.config.user_agent_suffix = EC_USER_AGENT
+          elsif !context.config.user_agent_suffix.include? EC_USER_AGENT
+            context.config.user_agent_suffix += " #{EC_USER_AGENT}"
+          end
         end
 
       end

data/lib/aws-sdk-s3/encryption/default_cipher_provider.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require 'base64'
 
 module Aws
@@ -14,6 +16,8 @@ module Aws
         #   envelope and encryption cipher.
         def encryption_cipher
           cipher = Utils.aes_encryption_cipher(:CBC)
+          ##= ../specification/s3-encryption/data-format/content-metadata.md#algorithm-suite-and-message-format-version-compatibility
+          ##% Objects encrypted with ALG_AES_256_CBC_IV16_NO_KDF MAY use either the V1 or V2 message format version.
           envelope = {
             'x-amz-key' => encode64(encrypt(envelope_key(cipher))),
             'x-amz-iv' => encode64(envelope_iv(cipher)),
@@ -24,11 +28,48 @@ module Aws
 
         # @return [Cipher] Given an encryption envelope, returns a
         #   decryption cipher.
-        def decryption_cipher(envelope)
+        def decryption_cipher(envelope, options = {})
           master_key = @key_provider.key_for(envelope['x-amz-matdesc'])
-          key = Utils.decrypt(master_key, decode64(envelope['x-amz-key']))
-          iv = decode64(envelope['x-amz-iv'])
-          Utils.aes_decryption_cipher(:CBC, key, iv)
+          if envelope.key? 'x-amz-key'
+            # Support for decryption of legacy objects
+            key = Utils.decrypt(master_key, decode64(envelope['x-amz-key']))
+            iv = decode64(envelope['x-amz-iv'])
+            Utils.aes_decryption_cipher(:CBC, key, iv)
+          else
+            if envelope['x-amz-cek-alg'] != 'AES/GCM/NoPadding'
+              raise ArgumentError, 'Unsupported cek-alg: ' \
+                "#{envelope['x-amz-cek-alg']}"
+            end
+            key =
+              case envelope['x-amz-wrap-alg']
+              when 'AES/GCM'
+                if master_key.is_a? OpenSSL::PKey::RSA
+                  raise ArgumentError, 'Key mismatch - Client is configured' \
+                    ' with an RSA key and the x-amz-wrap-alg is AES/GCM.'
+                end
+                Utils.decrypt_aes_gcm(master_key,
+                                      decode64(envelope['x-amz-key-v2']),
+                                      envelope['x-amz-cek-alg'])
+              when 'RSA-OAEP-SHA1'
+                unless master_key.is_a? OpenSSL::PKey::RSA
+                  raise ArgumentError, 'Key mismatch - Client is configured' \
+                    ' with an AES key and the x-amz-wrap-alg is RSA-OAEP-SHA1.'
+                end
+                key, cek_alg = Utils.decrypt_rsa(master_key, decode64(envelope['x-amz-key-v2']))
+                raise Errors::DecryptionError unless cek_alg == envelope['x-amz-cek-alg']
+                key
+              when 'kms+context'
+                raise ArgumentError, 'Key mismatch - Client is configured' \
+                    ' with a user provided key and the x-amz-wrap-alg is' \
+                    ' kms+context.  Please configure the client with the' \
+                    ' required kms_key_id'
+              else
+                raise ArgumentError, 'Unsupported wrap-alg: ' \
+                "#{envelope['x-amz-wrap-alg']}"
+              end
+            iv = decode64(envelope['x-amz-iv'])
+            Utils.aes_decryption_cipher(:GCM, key, iv)
+          end
         end
 
         private
@@ -56,7 +97,6 @@ module Aws
         def decode64(str)
           Base64.decode64(str)
         end
-
       end
     end
   end

data/lib/aws-sdk-s3/encryption/default_key_provider.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module Aws
   module S3
     module Encryption

data/lib/aws-sdk-s3/encryption/encrypt_handler.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require 'base64'
 
 module Aws
@@ -10,6 +12,7 @@ module Aws
           envelope, cipher = context[:encryption][:cipher_provider].encryption_cipher
           apply_encryption_envelope(context, envelope, cipher)
           apply_encryption_cipher(context, cipher)
+          apply_cse_user_agent(context)
           @handler.call(context)
         end
 
@@ -35,15 +38,25 @@ module Aws
           io = StringIO.new(io) if String === io
           context.params[:body] = IOEncrypter.new(cipher, io)
           context.params[:metadata] ||= {}
+          ##= ../specification/s3-encryption/data-format/content-metadata.md#content-metadata-mapkeys
+          ##% - The mapkey "x-amz-unencrypted-content-length" SHOULD be present for V1 format objects.
           context.params[:metadata]['x-amz-unencrypted-content-length'] = io.size
-          if md5 = context.params.delete(:content_md5)
-            context.params[:metadata]['x-amz-unencrypted-content-md5'] = md5
+          if context.params.delete(:content_md5)
+            warn('Setting content_md5 on client side encrypted objects is deprecated')
           end
           context.http_response.on_headers do
             context.params[:body].close
           end
         end
 
+        def apply_cse_user_agent(context)
+          if context.config.user_agent_suffix.nil?
+            context.config.user_agent_suffix = EC_USER_AGENT
+          elsif !context.config.user_agent_suffix.include? EC_USER_AGENT
+            context.config.user_agent_suffix += " #{EC_USER_AGENT}"
+          end
+        end
+
       end
     end
   end

data/lib/aws-sdk-s3/encryption/errors.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module Aws
   module S3
     module Encryption

data/lib/aws-sdk-s3/encryption/io_auth_decrypter.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module Aws
   module S3
     module Encryption
@@ -22,8 +24,10 @@ module Aws
 
         def write(chunk)
           chunk = truncate_chunk(chunk)
-          @bytes_written += chunk.bytesize
-          @decrypter.write(chunk)
+          if chunk.bytesize > 0
+            @bytes_written += chunk.bytesize
+            @decrypter.write(chunk)
+          end
         end
 
         def finalize
@@ -39,8 +43,12 @@ module Aws
         def truncate_chunk(chunk)
           if chunk.bytesize + @bytes_written <= @max_bytes
             chunk
-          else
+          elsif @bytes_written < @max_bytes
             chunk[0..(@max_bytes - @bytes_written - 1)]
+          else
+            # If the tag was sent over after the full body has been read,
+            # we don't want to accidentally append it.
+            ""
           end
         end
 

data/lib/aws-sdk-s3/encryption/io_decrypter.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module Aws
   module S3
     module Encryption
@@ -7,8 +9,10 @@ module Aws
         # @param [OpenSSL::Cipher] cipher
         # @param [IO#write] io An IO-like object that responds to `#write`.
         def initialize(cipher, io)
-          @cipher = cipher.clone
-          @io = io
+          @cipher = cipher
+          # Ensure that IO is reset between retries
+          @io = io.tap { |io| io.truncate(0) if io.respond_to?(:truncate) }
+          @cipher_buffer = String.new
         end
 
         # @return [#write]
@@ -16,7 +20,11 @@ module Aws
 
         def write(chunk)
           # decrypt and write
-          @io.write(@cipher.update(chunk))
+          if @cipher.method(:update).arity == 1
+            @io.write(@cipher.update(chunk))
+          else
+            @io.write(@cipher.update(chunk, @cipher_buffer))
+          end
         end
 
         def finalize

data/lib/aws-sdk-s3/encryption/io_encrypter.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 require 'stringio'
 require 'tempfile'
 

data/lib/aws-sdk-s3/encryption/key_provider.rb

@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
 module Aws
   module S3
     module Encryption