google-cloud-storage 0.23.1 → 0.23.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: d25ea51c3061bfb14179befa5250f8665e7f9691
-  data.tar.gz: b431f5182d343bb654b7d57cc75db83d6d5470f7
+  metadata.gz: eacda730dbe4335f179257e4ca952498675b931c
+  data.tar.gz: bb21912a5d50d23f83e92e496954cd78eb6155cf
 SHA512:
-  metadata.gz: f257e340fb77698aaa60a23ac31d86d42352ad6c70450e59a0a30166f96b3c9b111244033131041c1c567d5a34a0c981d1a74b662af844e1c6276a69b2ad35be
-  data.tar.gz: 419052576260453c9595b6c1a6236e8f325d0104fdd0ffc81f71bde1d17e00d28871eff0f8951ef9e56bba825289c7e00cbabff7bec861459fc32a6c23988a56
+  metadata.gz: 0977c4f43a27b33c5de1cbefbcfb648269e0f181430dd186e97d511758797162821c7f8e2999262c1c0c32ef1f7f6555893f29596bffb8b1ddd815aff2b07f08
+  data.tar.gz: 8e56264bf22deac8a2440cde15e8e9a4507ae717a4fbdcf10250ab155fd08cd6c35c66106b6bad3036a899e6af8120bf8da2402bee8ab6c2dc9e9e3312406127

data/lib/google/cloud/storage.rb

@@ -210,7 +210,6 @@ module Google
     #
     # ```ruby
     # require "google/cloud/storage"
-    # require "digest/sha2"
     #
     # storage = Google::Cloud::Storage.new
     # bucket = storage.bucket "my-todo-app"
@@ -229,6 +228,28 @@ module Google
     #                    encryption_key: key
     # ```
     #
+    # Use {Google::Cloud::Storage::File#rotate} to rotate customer-supplied
+    # encryption keys.
+    #
+    # ```ruby
+    # require "google/cloud/storage"
+    #
+    # storage = Google::Cloud::Storage.new
+    # bucket = storage.bucket "my-todo-app"
+    #
+    # # Old key was stored securely for later use.
+    # old_key = "y\x03\"\x0E\xB6\xD3\x9B\x0E\xAB*\x19\xFAv\xDEY\xBEI..."
+    #
+    # file = bucket.file "path/to/my-file.ext", encryption_key: old_key
+    #
+    # # Key generation shown for example purposes only. Write your own.
+    # cipher = OpenSSL::Cipher.new "aes-256-cfb"
+    # cipher.encrypt
+    # new_key = cipher.random_key
+    #
+    # file.rotate encryption_key: old_key, new_encryption_key: new_key
+    # ```
+    #
     # ## Downloading a File
     #
     # Files can be downloaded to the local file system. (See

data/lib/google/cloud/storage/bucket.rb

@@ -16,6 +16,7 @@
 require "google/cloud/storage/bucket/acl"
 require "google/cloud/storage/bucket/list"
 require "google/cloud/storage/bucket/cors"
+require "google/cloud/storage/post_object"
 require "google/cloud/storage/file"
 require "pathname"
 
@@ -514,6 +515,16 @@ module Google
         # @param [Hash] metadata A hash of custom, user-provided web-safe keys
         #   and arbitrary string values that will returned with requests for the
         #   file as "x-goog-meta-" response headers.
+        # @param [Symbol, String] storage_class Storage class of the file.
+        #   Determines how the file is stored and determines the SLA and the
+        #   cost of storage. Values include `:multi_regional`, `:regional`,
+        #   `:nearline`, `:coldline`, `:standard`, and `:dra` (Durable Reduced
+        #   Availability), as well as the strings returned by
+        #   {Bucket#storage_class}. For more information, see [Storage
+        #   Classes](https://cloud.google.com/storage/docs/storage-classes) and
+        #   [Per-Object Storage
+        #   Class](https://cloud.google.com/storage/docs/per-object-storage-class).
+        #   The default value is the default storage class for the bucket.
         # @param [String] encryption_key Optional. A customer-supplied, AES-256
         #   encryption key that will be used to encrypt the file.
         #
@@ -540,7 +551,6 @@ module Google
         #
         # @example Providing a customer-supplied encryption key:
         #   require "google/cloud/storage"
-        #   require "digest/sha2"
         #
         #   storage = Google::Cloud::Storage.new
         #   bucket = storage.bucket "my-bucket"
@@ -562,14 +572,14 @@ module Google
                         content_disposition: nil, content_encoding: nil,
                         content_language: nil, content_type: nil,
                         crc32c: nil, md5: nil, metadata: nil,
-                        encryption_key: nil
+                        storage_class: nil, encryption_key: nil
           ensure_service!
           options = { acl: File::Acl.predefined_rule_for(acl), md5: md5,
                       cache_control: cache_control, content_type: content_type,
                       content_disposition: content_disposition, crc32c: crc32c,
-                      content_encoding: content_encoding,
-                      content_language: content_language, metadata: metadata,
-                      key: encryption_key }
+                      content_encoding: content_encoding, metadata: metadata,
+                      content_language: content_language, key: encryption_key,
+                      storage_class: storage_class_for(storage_class) }
           ensure_file_exists! file
           # TODO: Handle file as an IO and path is missing more gracefully
           path ||= Pathname(file).to_path
@@ -676,6 +686,114 @@ module Google
           signer.signed_url options
         end
 
+        ##
+        # Generate a PostObject that includes the fields and url to
+        # upload objects via html forms.
+        #
+        # Generating a PostObject requires service account credentials,
+        # either by connecting with a service account when calling
+        # {Google::Cloud.storage}, or by passing in the service account
+        # `issuer` and `signing_key` values. Although the private key can
+        # be passed as a string for convenience, creating and storing
+        # an instance of # `OpenSSL::PKey::RSA` is more efficient
+        # when making multiple calls to `post_object`.
+        #
+        # A {SignedUrlUnavailable} is raised if the service account credentials
+        # are missing. Service account credentials are acquired by following the
+        # steps in [Service Account Authentication](
+        # https://cloud.google.com/storage/docs/authentication#service_accounts).
+        #
+        # @see https://cloud.google.com/storage/docs/xml-api/post-object
+        #
+        # @param [String] path Path to of the file in Google Cloud Storage.
+        # @param [Hash] policy The security policy that describes what
+        #   can and cannot be uploaded in the form. When provided,
+        #   the PostObject fields will include a Signature based on the JSON
+        #   representation of this Hash and the same policy in Base64 format.
+        #   If you do not provide a security policy, requests are considered
+        #   to be anonymous and will only work with buckets that have granted
+        #   WRITE or FULL_CONTROL permission to anonymous users.
+        #   See [Policy Document](https://cloud.google.com/storage/docs/xml-api/post-object#policydocument)
+        #   for more information.
+        # @param [String] issuer Service Account's Client Email.
+        # @param [String] client_email Service Account's Client Email.
+        # @param [OpenSSL::PKey::RSA, String] signing_key Service Account's
+        #   Private Key.
+        # @param [OpenSSL::PKey::RSA, String] private_key Service Account's
+        #   Private Key.
+        #
+        # @return [PostObject]
+        #
+        # @example
+        #   require "google/cloud/storage"
+        #
+        #   storage = Google::Cloud::Storage.new
+        #
+        #   bucket = storage.bucket "my-todo-app"
+        #   post = bucket.post_object "avatars/heidi/400x400.png"
+        #
+        #   post.url #=> "https://storage.googleapis.com"
+        #   post.fields[:key] #=> "my-todo-app/avatars/heidi/400x400.png"
+        #   post.fields[:GoogleAccessId] #=> "0123456789@gserviceaccount.com"
+        #   post.fields[:signature] #=> "ABC...XYZ="
+        #   post.fields[:policy] #=> "ABC...XYZ="
+        #
+        # @example Using a policy to define the upload authorization:
+        #   require "google/cloud/storage"
+        #
+        #   storage = Google::Cloud::Storage.new
+        #
+        #   policy = {
+        #     expiration: (Time.now + 3600).iso8601,
+        #     conditions: [
+        #       ["starts-with", "$key", ""],
+        #       {acl: "bucket-owner-read"},
+        #       {bucket: "travel-maps"},
+        #       {success_action_redirect: "http://example.com/success.html"},
+        #       ["eq", "$Content-Type", "image/jpeg"],
+        #       ["content-length-range", 0, 1000000]
+        #     ]
+        #   }
+        #
+        #   bucket = storage.bucket "my-todo-app"
+        #   post = bucket.post_object "avatars/heidi/400x400.png",
+        #                              policy: policy
+        #
+        #   post.url #=> "https://storage.googleapis.com"
+        #   post.fields[:key] #=> "my-todo-app/avatars/heidi/400x400.png"
+        #   post.fields[:GoogleAccessId] #=> "0123456789@gserviceaccount.com"
+        #   post.fields[:signature] #=> "ABC...XYZ="
+        #   post.fields[:policy] #=> "ABC...XYZ="
+        #
+        # @example Using the issuer and signing_key options:
+        #   require "google/cloud/storage"
+        #
+        #   storage = Google::Cloud::Storage.new
+        #
+        #   bucket = storage.bucket "my-todo-app"
+        #   key = OpenSSL::PKey::RSA.new
+        #   post = bucket.post_object "avatars/heidi/400x400.png",
+        #                             issuer: "service-account@gcloud.com",
+        #                             signing_key: key
+        #
+        #   post.url #=> "https://storage.googleapis.com"
+        #   post.fields[:key] #=> "my-todo-app/avatars/heidi/400x400.png"
+        #   post.fields[:GoogleAccessId] #=> "0123456789@gserviceaccount.com"
+        #   post.fields[:signature] #=> "ABC...XYZ="
+        #   post.fields[:policy] #=> "ABC...XYZ="
+        #
+        def post_object path, policy: nil, issuer: nil,
+                        client_email: nil, signing_key: nil,
+                        private_key: nil
+          ensure_service!
+          options = { issuer: issuer, client_email: client_email,
+                      signing_key: signing_key, private_key: private_key,
+                      policy: policy }
+
+          signer = File::Signer.from_bucket self, path
+          signer.post_object options
+        end
+
         ##
         # The Bucket::Acl instance used to control access to the bucket.
         #
@@ -806,6 +924,18 @@ module Google
           fail ArgumentError, "cannot find file #{file}"
         end
 
+        def storage_class_for str
+          return nil if str.nil?
+          { "durable_reduced_availability" => "DURABLE_REDUCED_AVAILABILITY",
+            "dra" => "DURABLE_REDUCED_AVAILABILITY",
+            "durable" => "DURABLE_REDUCED_AVAILABILITY",
+            "nearline" => "NEARLINE",
+            "coldline" => "COLDLINE",
+            "multi_regional" => "MULTI_REGIONAL",
+            "regional" => "REGIONAL",
+            "standard" => "STANDARD" }[str.to_s.downcase] || str.to_s
+        end
+
         ##
         # Yielded to a block to accumulate changes for a patch request.
         class Updater < Bucket

data/lib/google/cloud/storage/file.rb

@@ -21,6 +21,8 @@ require "google/cloud/storage/file/verifier"
 module Google
   module Cloud
     module Storage
+      GOOGLEAPIS_URL = "https://storage.googleapis.com".freeze
+
       ##
       # # File
       #
@@ -265,6 +267,35 @@ module Google
           Base64.decode64 @gapi.customer_encryption.key_sha256
         end
 
+        ##
+        # The file's storage class. This defines how the file is stored and
+        # determines the SLA and the cost of storage. For more information, see
+        # [Storage
+        # Classes](https://cloud.google.com/storage/docs/storage-classes) and
+        # [Per-Object Storage
+        # Class](https://cloud.google.com/storage/docs/per-object-storage-class).
+        def storage_class
+          @gapi.storage_class
+        end
+
+        ##
+        # Updates how the file is stored and determines the SLA and the cost of
+        # storage. Values include `:multi_regional`, `:regional`, `:nearline`,
+        # `:coldline`, `:standard`, and `:dra` (Durable Reduced Availability),
+        # as well as the strings returned by {File#storage_class} or
+        # {Bucket#storage_class}. For more information, see [Storage
+        # Classes](https://cloud.google.com/storage/docs/storage-classes) and
+        # [Per-Object Storage
+        # Class](https://cloud.google.com/storage/docs/per-object-storage-class).
+        # The  default value is the default storage class for the bucket. See
+        # {Bucket#storage_class}.
+        # @param [Symbol, String] storage_class Storage class of the file.
+        def storage_class= storage_class
+          resp = service.update_file_storage_class \
+            bucket, name, storage_class_for(storage_class)
+          @gapi = resp.resource
+        end
+
         ##
         # Updates the file with changes made in the given block in a single
         # PATCH request. The following attributes may be set: {#cache_control=},
@@ -460,6 +491,63 @@ module Google
           File.from_gapi gapi, service
         end
 
+        ##
+        # [Rewrites](https://cloud.google.com/storage/docs/json_api/v1/objects/rewrite)
+        # the file to the same {#bucket} and {#name} with a new
+        # [customer-supplied encryption
+        # key](https://cloud.google.com/storage/docs/encryption#customer-supplied).
+        #
+        # If a new key is provided to this method, the new key must be used to
+        # subsequently download or copy the file. You must securely manage your
+        # keys and ensure that they are not lost. Also, please note that file
+        # metadata is not encrypted, with the exception of the CRC32C checksum
+        # and MD5 hash. The names of files and buckets are also not encrypted,
+        # and you can read or update the metadata of an encrypted file without
+        # providing the encryption key.
+        #
+        # @see https://cloud.google.com/storage/docs/encryption
+        #
+        # @param [String, nil] encryption_key Optional. The last
+        #   customer-supplied, AES-256 encryption key used to encrypt the file,
+        #   if one was used.
+        # @param [String, nil] new_encryption_key Optional. The new
+        #   customer-supplied, AES-256 encryption key with which to encrypt the
+        #   file. If `nil`, the rewritten file will be encrypted using the
+        #   default server-side encryption, not customer-supplied encryption
+        #   keys.
+        #
+        # @return [Google::Cloud::Storage::File]
+        #
+        # @example The file will be rewritten with a new encryption key:
+        #   require "google/cloud/storage"
+        #
+        #   storage = Google::Cloud::Storage.new
+        #   bucket = storage.bucket "my-bucket"
+        #
+        #   # Old key was stored securely for later use.
+        #   old_key = "y\x03\"\x0E\xB6\xD3\x9B\x0E\xAB*\x19\xFAv\xDEY\xBEI..."
+        #
+        #   file = bucket.file "path/to/my-file.ext", encryption_key: old_key
+        #
+        #   # Key generation shown for example purposes only. Write your own.
+        #   cipher = OpenSSL::Cipher.new "aes-256-cfb"
+        #   cipher.encrypt
+        #   new_key = cipher.random_key
+        #
+        #   file.rotate encryption_key: old_key, new_encryption_key: new_key
+        #
+        def rotate encryption_key: nil, new_encryption_key: nil
+          ensure_service!
+          options = { source_key: encryption_key,
+                      destination_key: new_encryption_key }
+          gapi = service.rewrite_file bucket, name, bucket, name, options
+          until gapi.done
+            options[:token] = gapi.rewrite_token
+            gapi = service.rewrite_file bucket, name, bucket, name, options
+          end
+          File.from_gapi gapi.resource, service
+        end
+
         ##
         # Permanently deletes the file.
         #
@@ -723,6 +811,18 @@ module Google
           file
         end
 
+        def storage_class_for str
+          return nil if str.nil?
+          { "durable_reduced_availability" => "DURABLE_REDUCED_AVAILABILITY",
+            "dra" => "DURABLE_REDUCED_AVAILABILITY",
+            "durable" => "DURABLE_REDUCED_AVAILABILITY",
+            "nearline" => "NEARLINE",
+            "coldline" => "COLDLINE",
+            "multi_regional" => "MULTI_REGIONAL",
+            "regional" => "REGIONAL",
+            "standard" => "STANDARD" }[str.to_s.downcase] || str.to_s
+        end
+
         ##
         # @private Create a signed_url for a file.
         class Signer
@@ -749,7 +849,7 @@ module Google
           ##
           # The external url to the file.
           def ext_url
-            "https://storage.googleapis.com#{ext_path}"
+            "#{GOOGLEAPIS_URL}#{ext_path}"
           end
 
           def apply_option_defaults options
@@ -775,6 +875,33 @@ module Google
               @service.credentials.issuer
           end
 
+          def post_object options
+            options = apply_option_defaults options
+
+            fields = {
+              key: ext_path.sub("/", "")
+            }
+
+            p = options[:policy] || {}
+            fail "Policy must be given in a Hash" unless p.is_a? Hash
+
+            i = determine_issuer options
+            s = determine_signing_key options
+
+            fail SignedUrlUnavailable unless i && s
+
+            policy_str = p.to_json
+            policy = Base64.strict_encode64(policy_str).delete("\n")
+
+            signature = generate_signature s, policy
+
+            fields[:GoogleAccessId] = i
+            fields[:signature] = signature
+            fields[:policy] = policy
+
+            Google::Cloud::Storage::PostObject.new GOOGLEAPIS_URL, fields
+          end
+
           def signed_url options
             options = apply_option_defaults options
 
@@ -783,22 +910,22 @@ module Google
 
             fail SignedUrlUnavailable unless i && s
 
-            sig = generate_signature s, options
+            sig = generate_signature s, signature_str(options)
             generate_signed_url i, sig, options[:expires]
           end
 
-          def generate_signature signing_key, options = {}
+          def generate_signature signing_key, secret
             unless signing_key.respond_to? :sign
               signing_key = OpenSSL::PKey::RSA.new signing_key
             end
-            signing_key.sign OpenSSL::Digest::SHA256.new, signature_str(options)
+            signature = signing_key.sign OpenSSL::Digest::SHA256.new, secret
+            Base64.strict_encode64(signature).delete("\n")
           end
 
           def generate_signed_url issuer, signed_string, expires
-            signature = Base64.strict_encode64(signed_string).delete("\n")
             "#{ext_url}?GoogleAccessId=#{CGI.escape issuer}" \
               "&Expires=#{expires}" \
-              "&Signature=#{CGI.escape signature}"
+              "&Signature=#{CGI.escape signed_string}"
           end
 
           def format_extension_headers headers
@@ -815,9 +942,15 @@ module Google
         ##
         # Yielded to a block to accumulate changes for a patch request.
         class Updater < File
+          # @private Do not allow storage_class to be set in an update call.
+          # It cannot be set with PATCH.
+          undef :storage_class=
+
+          # @private
           attr_reader :updates
+
           ##
-          # Create an Updater object.
+          # @private Create an Updater object.
           def initialize gapi
             @updates = []
             @gapi = gapi

data/lib/google/cloud/storage/post_object.rb

@@ -0,0 +1,55 @@
+# Copyright 2014 Google Inc. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+
+module Google
+  module Cloud
+    module Storage
+      ##
+      # PostObject represents the URL, fields, and values needed to upload
+      # objects via html forms.
+      #
+      # @see https://cloud.google.com/storage/docs/xml-api/post-object
+      #
+      # @attr_reader [String] url The URL the form must post to.
+      # @attr_reader [Hash] fields The input fields that must be included in the
+      #   form. Each key/value pair should be set as an input tag's name and
+      #   value.
+      #
+      # @example
+      #   require "google/cloud/storage"
+      #
+      #   storage = Google::Cloud::Storage.new
+      #
+      #   bucket = storage.bucket "my-todo-app"
+      #   post = bucket.post_object "avatars/heidi/400x400.png"
+      #
+      #   post.url #=> "https://storage.googleapis.com"
+      #   post.fields[:key] #=> "my-todo-app/avatars/heidi/400x400.png"
+      #   post.fields[:GoogleAccessId] #=> "0123456789@gserviceaccount.com"
+      #   post.fields[:signature] #=> "ABC...XYZ="
+      #   post.fields[:policy] #=> "ABC...XYZ="
+      #
+      class PostObject
+        attr_reader :url, :fields
+
+        # @private
+        def initialize url, fields
+          @url = url
+          @fields = fields
+        end
+      end
+    end
+  end
+end

data/lib/google/cloud/storage/project.rb

@@ -231,7 +231,7 @@ module Google
         #   Values include `:multi_regional`, `:regional`, `:nearline`,
         #   `:coldline`, `:standard`, and `:dra` (Durable Reduced
         #   Availability), as well as the strings returned by
-        #   Bucket#storage_class. For more information, see [Storage
+        #   {Bucket#storage_class}. For more information, see [Storage
         #   Classes](https://cloud.google.com/storage/docs/storage-classes). The
         #   default value is `:standard`, which is equivalent to
         #   `:multi_regional` or `:regional` depending on the bucket's location
@@ -306,6 +306,7 @@ module Google
         end
 
         def storage_class_for str
+          return nil if str.nil?
           { "durable_reduced_availability" => "DURABLE_REDUCED_AVAILABILITY",
             "dra" => "DURABLE_REDUCED_AVAILABILITY",
             "durable" => "DURABLE_REDUCED_AVAILABILITY",
@@ -313,7 +314,7 @@ module Google
             "coldline" => "COLDLINE",
             "multi_regional" => "MULTI_REGIONAL",
             "regional" => "REGIONAL",
-            "standard" => "STANDARD" }[str.to_s.downcase]
+            "standard" => "STANDARD" }[str.to_s.downcase] || str.to_s
         end
       end
     end

data/lib/google/cloud/storage/service.rb

@@ -171,12 +171,13 @@ module Google
                         cache_control: nil, content_disposition: nil,
                         content_encoding: nil, content_language: nil,
                         content_type: nil, crc32c: nil, md5: nil, metadata: nil,
-                        key: nil
+                        storage_class: nil, key: nil
           file_obj = Google::Apis::StorageV1::Object.new \
             cache_control: cache_control, content_type: content_type,
             content_disposition: content_disposition, md5_hash: md5,
             content_encoding: content_encoding, crc32c: crc32c,
-            content_language: content_language, metadata: metadata
+            content_language: content_language, metadata: metadata,
+            storage_class: storage_class
           content_type ||= mime_type_for(Pathname(source).to_path)
           execute do
             service.insert_object \
@@ -213,6 +214,35 @@ module Google
           end
         end
 
+        ## Rewrite a file from source bucket/object to a
+        # destination bucket/object.
+        def rewrite_file source_bucket_name, source_file_path,
+                         destination_bucket_name, destination_file_path,
+                         options = {}
+          options = rewrite_key_options options[:source_key],
+                                        options[:destination_key]
+          execute do
+            service.rewrite_object \
+              source_bucket_name, source_file_path,
+              destination_bucket_name, destination_file_path,
+              destination_predefined_acl: options[:acl],
+              source_generation: options[:generation],
+              rewrite_token: options[:token],
+              options: options
+          end
+        end
+
+        ## Rewrite a file from source bucket/object to a
+        # destination bucket/object.
+        def update_file_storage_class bucket_name, file_path, storage_class
+          execute do
+            service.rewrite_object \
+              bucket_name, file_path,
+              bucket_name, file_path,
+              Google::Apis::StorageV1::Object.new(storage_class: storage_class)
+          end
+        end
+
         ##
         # Download contents of a file.
         def download_file bucket_name, file_path, target_path, generation: nil,
@@ -285,15 +315,32 @@ module Google
 
         def key_options key
           options = {}
-          if key
-            key_sha256 = Digest::SHA256.digest key
-            headers = {}
-            headers["x-goog-encryption-algorithm"] = "AES256"
-            headers["x-goog-encryption-key"] = Base64.strict_encode64 key
-            headers["x-goog-encryption-key-sha256"] = \
-              Base64.strict_encode64 key_sha256
-            options[:header] = headers
+          encryption_key_headers options, key if key
+          options
+        end
+
+        def rewrite_key_options source_key, destination_key
+          options = {}
+          if source_key
+            encryption_key_headers options, source_key, copy_source: true
           end
+          encryption_key_headers options, destination_key if destination_key
+          options
+        end
+
+        # @private
+        # @param copy_source If true, header names are those for source object
+        #   in rewrite request. If false, the header names are for use with any
+        #   method supporting customer-supplied encryption keys.
+        #   See https://cloud.google.com/storage/docs/encryption#request
+        def encryption_key_headers options, key, copy_source: false
+          source = copy_source ? "copy-source-" : ""
+          key_sha256 = Digest::SHA256.digest key
+          headers = (options[:header] ||= {})
+          headers["x-goog-#{source}encryption-algorithm"] = "AES256"
+          headers["x-goog-#{source}encryption-key"] = Base64.strict_encode64 key
+          headers["x-goog-#{source}encryption-key-sha256"] = \
+            Base64.strict_encode64 key_sha256
           options
         end
 

data/lib/google/cloud/storage/version.rb

@@ -16,7 +16,7 @@
 module Google
   module Cloud
     module Storage
-      VERSION = "0.23.1"
+      VERSION = "0.23.2"
     end
   end
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: google-cloud-storage
 version: !ruby/object:Gem::Version
-  version: 0.23.1
+  version: 0.23.2
 platform: ruby
 authors:
 - Mike Moore
@@ -9,7 +9,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2016-12-14 00:00:00.000000000 Z
+date: 2017-02-21 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: google-cloud-core
@@ -59,14 +59,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '5.9'
+        version: '5.10'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '5.9'
+        version: '5.10'
 - !ruby/object:Gem::Dependency
   name: minitest-autotest
   requirement: !ruby/object:Gem::Requirement
@@ -169,14 +169,14 @@ dependencies:
   name: yard-doctest
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - "<="
       - !ruby/object:Gem::Version
         version: 0.1.8
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - "<="
       - !ruby/object:Gem::Version
         version: 0.1.8
 description: google-cloud-storage is the official library for Google Cloud Storage.
@@ -202,6 +202,7 @@ files:
 - lib/google/cloud/storage/file/acl.rb
 - lib/google/cloud/storage/file/list.rb
 - lib/google/cloud/storage/file/verifier.rb
+- lib/google/cloud/storage/post_object.rb
 - lib/google/cloud/storage/project.rb
 - lib/google/cloud/storage/service.rb
 - lib/google/cloud/storage/version.rb
@@ -225,7 +226,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.4.5.1
+rubygems_version: 2.6.10
 signing_key: 
 specification_version: 4
 summary: API Client library for Google Cloud Storage