google-cloud-storage 1.11.0 → 1.12.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/google/cloud/storage/bucket.rb +75 -2
- data/lib/google/cloud/storage/file.rb +100 -18
- data/lib/google/cloud/storage/service.rb +6 -4
- data/lib/google/cloud/storage/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 303659292accc44f277af53a486fc796a833b5f9f209923b989d34fd732a03dd
|
|
4
|
+
data.tar.gz: 6d702f3c6ab49d78dd9fba0b836a7b5ebcd0fc00f80c59fe3a2217e441ed1ab1
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: c9cac290f73ce71a32b26f3a8f293ac12813f08c0494435c47736a0533e94719bcfe8697f33c7234466cc11ce1d5db4227edbb14a9cae537654ae558a6924444
|
|
7
|
+
data.tar.gz: e7accc00dc59f35e31548767c33a871a2cabfce2ae2a4c13429aaa445e1436a36457911cc032ac162582381cf8ca6769f433c710c923c8ccc9983d9cce30a158
|
|
@@ -378,6 +378,54 @@ module Google
|
|
|
378
378
|
patch_gapi! :billing
|
|
379
379
|
end
|
|
380
380
|
|
|
381
|
+
##
|
|
382
|
+
# The Cloud KMS encryption key that will be used to protect files.
|
|
383
|
+
# For example: `projects/a/locations/b/keyRings/c/cryptoKeys/d`
|
|
384
|
+
#
|
|
385
|
+
# @return [String, nil] A Cloud KMS encryption key, or `nil` if none
|
|
386
|
+
# has been configured.
|
|
387
|
+
#
|
|
388
|
+
# @example
|
|
389
|
+
# require "google/cloud/storage"
|
|
390
|
+
#
|
|
391
|
+
# storage = Google::Cloud::Storage.new
|
|
392
|
+
#
|
|
393
|
+
# bucket = storage.bucket "my-bucket"
|
|
394
|
+
#
|
|
395
|
+
# # KMS key ring must use the same location as the bucket.
|
|
396
|
+
# kms_key_name = "projects/a/locations/b/keyRings/c/cryptoKeys/d"
|
|
397
|
+
# bucket.default_kms_key = kms_key_name
|
|
398
|
+
#
|
|
399
|
+
# bucket.default_kms_key #=> kms_key_name
|
|
400
|
+
#
|
|
401
|
+
def default_kms_key
|
|
402
|
+
@gapi.encryption && @gapi.encryption.default_kms_key_name
|
|
403
|
+
end
|
|
404
|
+
|
|
405
|
+
##
|
|
406
|
+
# Set the Cloud KMS encryption key that will be used to protect files.
|
|
407
|
+
# For example: `projects/a/locations/b/keyRings/c/cryptoKeys/d`
|
|
408
|
+
#
|
|
409
|
+
# @param [String] new_default_kms_key New Cloud KMS key name
|
|
410
|
+
#
|
|
411
|
+
# @example
|
|
412
|
+
# require "google/cloud/storage"
|
|
413
|
+
#
|
|
414
|
+
# storage = Google::Cloud::Storage.new
|
|
415
|
+
#
|
|
416
|
+
# bucket = storage.bucket "my-bucket"
|
|
417
|
+
#
|
|
418
|
+
# # KMS key ring must use the same location as the bucket.
|
|
419
|
+
# kms_key_name = "projects/a/locations/b/keyRings/c/cryptoKeys/d"
|
|
420
|
+
#
|
|
421
|
+
# bucket.default_kms_key = kms_key_name
|
|
422
|
+
#
|
|
423
|
+
def default_kms_key= new_default_kms_key
|
|
424
|
+
@gapi.encryption = Google::Apis::StorageV1::Bucket::Encryption.new \
|
|
425
|
+
default_kms_key_name: new_default_kms_key
|
|
426
|
+
patch_gapi! :encryption
|
|
427
|
+
end
|
|
428
|
+
|
|
381
429
|
##
|
|
382
430
|
# Updates the bucket with changes made in the given block in a single
|
|
383
431
|
# PATCH request. The following attributes may be set: {#cors},
|
|
@@ -645,7 +693,15 @@ module Google
|
|
|
645
693
|
# Class](https://cloud.google.com/storage/docs/per-object-storage-class).
|
|
646
694
|
# The default value is the default storage class for the bucket.
|
|
647
695
|
# @param [String] encryption_key Optional. A customer-supplied, AES-256
|
|
648
|
-
# encryption key that will be used to encrypt the file.
|
|
696
|
+
# encryption key that will be used to encrypt the file. Do not provide
|
|
697
|
+
# if `kms_key` is used.
|
|
698
|
+
# @param [String] kms_key Optional. Resource name of the Cloud KMS
|
|
699
|
+
# key, of the form
|
|
700
|
+
# `projects/my-prj/locations/kr-loc/keyRings/my-kr/cryptoKeys/my-key`,
|
|
701
|
+
# that will be used to encrypt the file. The KMS key ring must use
|
|
702
|
+
# the same location as the bucket.The Service Account associated with
|
|
703
|
+
# your project requires access to this encryption key. Do not provide
|
|
704
|
+
# if `encryption_key` is used.
|
|
649
705
|
#
|
|
650
706
|
# @return [Google::Cloud::Storage::File]
|
|
651
707
|
#
|
|
@@ -687,6 +743,22 @@ module Google
|
|
|
687
743
|
# file = bucket.file "destination/path/file.ext",
|
|
688
744
|
# encryption_key: key
|
|
689
745
|
#
|
|
746
|
+
# @example Providing a customer-managed Cloud KMS encryption key:
|
|
747
|
+
# require "google/cloud/storage"
|
|
748
|
+
#
|
|
749
|
+
# storage = Google::Cloud::Storage.new
|
|
750
|
+
# bucket = storage.bucket "my-bucket"
|
|
751
|
+
#
|
|
752
|
+
# # KMS key ring must use the same location as the bucket.
|
|
753
|
+
# kms_key_name = "projects/a/locations/b/keyRings/c/cryptoKeys/d"
|
|
754
|
+
#
|
|
755
|
+
# bucket.create_file "path/to/local.file.ext",
|
|
756
|
+
# "destination/path/file.ext",
|
|
757
|
+
# kms_key: kms_key_name
|
|
758
|
+
#
|
|
759
|
+
# file = bucket.file "destination/path/file.ext"
|
|
760
|
+
# file.kms_key #=> kms_key_name
|
|
761
|
+
#
|
|
690
762
|
# @example Create a file with gzip-encoded data.
|
|
691
763
|
# require "zlib"
|
|
692
764
|
# require "google/cloud/storage"
|
|
@@ -717,13 +789,14 @@ module Google
|
|
|
717
789
|
content_disposition: nil, content_encoding: nil,
|
|
718
790
|
content_language: nil, content_type: nil,
|
|
719
791
|
crc32c: nil, md5: nil, metadata: nil,
|
|
720
|
-
storage_class: nil, encryption_key: nil
|
|
792
|
+
storage_class: nil, encryption_key: nil, kms_key: nil
|
|
721
793
|
ensure_service!
|
|
722
794
|
options = { acl: File::Acl.predefined_rule_for(acl), md5: md5,
|
|
723
795
|
cache_control: cache_control, content_type: content_type,
|
|
724
796
|
content_disposition: content_disposition, crc32c: crc32c,
|
|
725
797
|
content_encoding: content_encoding, metadata: metadata,
|
|
726
798
|
content_language: content_language, key: encryption_key,
|
|
799
|
+
kms_key: kms_key,
|
|
727
800
|
storage_class: storage_class_for(storage_class),
|
|
728
801
|
user_project: user_project }
|
|
729
802
|
ensure_io_or_file_exists! file
|
|
@@ -308,6 +308,23 @@ module Google
|
|
|
308
308
|
Base64.decode64 @gapi.customer_encryption.key_sha256
|
|
309
309
|
end
|
|
310
310
|
|
|
311
|
+
##
|
|
312
|
+
# The Cloud KMS encryption key that was used to protect the file, or
|
|
313
|
+
# `nil` if none has been configured.
|
|
314
|
+
#
|
|
315
|
+
# @see https://cloud.google.com/kms/docs/ Cloud Key Management Service
|
|
316
|
+
# Documentation
|
|
317
|
+
#
|
|
318
|
+
# @return [String, nil] A Cloud KMS encryption key, or `nil` if none has
|
|
319
|
+
# been configured.
|
|
320
|
+
#
|
|
321
|
+
# @see https://cloud.google.com/kms/docs/ Cloud Key Management Service
|
|
322
|
+
# Documentation
|
|
323
|
+
#
|
|
324
|
+
def kms_key
|
|
325
|
+
@gapi.kms_key_name
|
|
326
|
+
end
|
|
327
|
+
|
|
311
328
|
##
|
|
312
329
|
# The file's storage class. This defines how the file is stored and
|
|
313
330
|
# determines the SLA and the cost of storage. For more information, see
|
|
@@ -320,11 +337,16 @@ module Google
|
|
|
320
337
|
end
|
|
321
338
|
|
|
322
339
|
##
|
|
323
|
-
#
|
|
324
|
-
# storage. Accepted values include
|
|
325
|
-
#
|
|
326
|
-
#
|
|
327
|
-
#
|
|
340
|
+
# Rewrites the file with a new storage class, which determines the SLA
|
|
341
|
+
# and the cost of storage. Accepted values include:
|
|
342
|
+
#
|
|
343
|
+
# * `:multi_regional`
|
|
344
|
+
# * `:regional`
|
|
345
|
+
# * `:nearline`
|
|
346
|
+
# * `:coldline`
|
|
347
|
+
#
|
|
348
|
+
# as well as the equivalent strings returned by {File#storage_class} or
|
|
349
|
+
# {Bucket#storage_class}. For more information, see [Storage
|
|
328
350
|
# Classes](https://cloud.google.com/storage/docs/storage-classes) and
|
|
329
351
|
# [Per-Object Storage
|
|
330
352
|
# Class](https://cloud.google.com/storage/docs/per-object-storage-class).
|
|
@@ -718,9 +740,18 @@ module Google
|
|
|
718
740
|
# @param [String] encryption_key Optional. The customer-supplied,
|
|
719
741
|
# AES-256 encryption key used to decrypt the file, if the existing
|
|
720
742
|
# file is encrypted.
|
|
721
|
-
# @param [String] new_encryption_key Optional. The
|
|
722
|
-
# AES-256 encryption key
|
|
723
|
-
# file
|
|
743
|
+
# @param [String, nil] new_encryption_key Optional. The new
|
|
744
|
+
# customer-supplied, AES-256 encryption key with which to encrypt the
|
|
745
|
+
# file. If not provided, the rewritten file will be encrypted using
|
|
746
|
+
# the default server-side encryption, or the `new_kms_key` if one is
|
|
747
|
+
# provided. Do not provide if `new_kms_key` is used.
|
|
748
|
+
# @param [String] new_kms_key Optional. Resource name of the Cloud KMS
|
|
749
|
+
# key, of the form
|
|
750
|
+
# `projects/my-prj/locations/kr-loc/keyRings/my-kr/cryptoKeys/my-key`,
|
|
751
|
+
# that will be used to encrypt the file. The KMS key ring must use
|
|
752
|
+
# the same location as the bucket.The Service Account associated with
|
|
753
|
+
# your project requires access to this encryption key. Do not provide
|
|
754
|
+
# if `new_encryption_key` is used.
|
|
724
755
|
# @yield [file] a block yielding a delegate object for updating
|
|
725
756
|
#
|
|
726
757
|
# @return [Google::Cloud::Storage::File]
|
|
@@ -770,7 +801,7 @@ module Google
|
|
|
770
801
|
# f.metadata["rewritten_from"] = "#{file.bucket}/#{file.name}"
|
|
771
802
|
# end
|
|
772
803
|
#
|
|
773
|
-
# @example
|
|
804
|
+
# @example Rewriting with a customer-supplied encryption key:
|
|
774
805
|
# require "google/cloud/storage"
|
|
775
806
|
#
|
|
776
807
|
# storage = Google::Cloud::Storage.new
|
|
@@ -793,9 +824,31 @@ module Google
|
|
|
793
824
|
# f.metadata["rewritten_from"] = "#{file.bucket}/#{file.name}"
|
|
794
825
|
# end
|
|
795
826
|
#
|
|
827
|
+
# @example Rewriting with a customer-managed Cloud KMS encryption key:
|
|
828
|
+
# require "google/cloud/storage"
|
|
829
|
+
#
|
|
830
|
+
# storage = Google::Cloud::Storage.new
|
|
831
|
+
#
|
|
832
|
+
# bucket = storage.bucket "my-bucket"
|
|
833
|
+
#
|
|
834
|
+
# # KMS key ring must use the same location as the bucket.
|
|
835
|
+
# kms_key_name = "projects/a/locations/b/keyRings/c/cryptoKeys/d"
|
|
836
|
+
#
|
|
837
|
+
# # Old customer-supplied key was stored securely for later use.
|
|
838
|
+
# old_key = "y\x03\"\x0E\xB6\xD3\x9B\x0E\xAB*\x19\xFAv\xDEY\xBEI..."
|
|
839
|
+
#
|
|
840
|
+
# file = bucket.file "path/to/my-file.ext"
|
|
841
|
+
# file.rewrite "new-destination-bucket",
|
|
842
|
+
# "path/to/destination/file.ext",
|
|
843
|
+
# encryption_key: old_key,
|
|
844
|
+
# new_kms_key: kms_key_name do |f|
|
|
845
|
+
# f.metadata["rewritten_from"] = "#{file.bucket}/#{file.name}"
|
|
846
|
+
# end
|
|
847
|
+
#
|
|
796
848
|
def rewrite dest_bucket_or_path, dest_path = nil,
|
|
797
849
|
acl: nil, generation: nil,
|
|
798
|
-
encryption_key: nil, new_encryption_key: nil
|
|
850
|
+
encryption_key: nil, new_encryption_key: nil,
|
|
851
|
+
new_kms_key: nil
|
|
799
852
|
ensure_service!
|
|
800
853
|
dest_bucket, dest_path = fix_rewrite_args dest_bucket_or_path,
|
|
801
854
|
dest_path
|
|
@@ -815,6 +868,7 @@ module Google
|
|
|
815
868
|
acl: acl, generation: generation,
|
|
816
869
|
encryption_key: encryption_key,
|
|
817
870
|
new_encryption_key: new_encryption_key,
|
|
871
|
+
new_kms_key: new_kms_key,
|
|
818
872
|
user_project: user_project
|
|
819
873
|
|
|
820
874
|
File.from_gapi new_gapi, service, user_project: user_project
|
|
@@ -841,13 +895,20 @@ module Google
|
|
|
841
895
|
# if one was used.
|
|
842
896
|
# @param [String, nil] new_encryption_key Optional. The new
|
|
843
897
|
# customer-supplied, AES-256 encryption key with which to encrypt the
|
|
844
|
-
# file. If
|
|
845
|
-
# default server-side encryption,
|
|
846
|
-
#
|
|
898
|
+
# file. If not provided, the rewritten file will be encrypted using
|
|
899
|
+
# the default server-side encryption, or the `new_kms_key` if one is
|
|
900
|
+
# provided. Do not provide if `new_kms_key` is used.
|
|
901
|
+
# @param [String] new_kms_key Optional. Resource name of the Cloud KMS
|
|
902
|
+
# key, of the form
|
|
903
|
+
# `projects/my-prj/locations/kr-loc/keyRings/my-kr/cryptoKeys/my-key`,
|
|
904
|
+
# that will be used to encrypt the file. The KMS key ring must use
|
|
905
|
+
# the same location as the bucket.The Service Account associated with
|
|
906
|
+
# your project requires access to this encryption key. Do not provide
|
|
907
|
+
# if `new_encryption_key` is used.
|
|
847
908
|
#
|
|
848
909
|
# @return [Google::Cloud::Storage::File]
|
|
849
910
|
#
|
|
850
|
-
# @example
|
|
911
|
+
# @example Rotating to a new customer-supplied encryption key:
|
|
851
912
|
# require "google/cloud/storage"
|
|
852
913
|
#
|
|
853
914
|
# storage = Google::Cloud::Storage.new
|
|
@@ -865,9 +926,27 @@ module Google
|
|
|
865
926
|
#
|
|
866
927
|
# file.rotate encryption_key: old_key, new_encryption_key: new_key
|
|
867
928
|
#
|
|
868
|
-
|
|
929
|
+
# @example Rotating to a customer-managed Cloud KMS encryption key:
|
|
930
|
+
# require "google/cloud/storage"
|
|
931
|
+
#
|
|
932
|
+
# storage = Google::Cloud::Storage.new
|
|
933
|
+
# bucket = storage.bucket "my-bucket"
|
|
934
|
+
#
|
|
935
|
+
# # KMS key ring must use the same location as the bucket.
|
|
936
|
+
# kms_key_name = "projects/a/locations/b/keyRings/c/cryptoKeys/d"
|
|
937
|
+
#
|
|
938
|
+
# # Old key was stored securely for later use.
|
|
939
|
+
# old_key = "y\x03\"\x0E\xB6\xD3\x9B\x0E\xAB*\x19\xFAv\xDEY\xBEI..."
|
|
940
|
+
#
|
|
941
|
+
# file = bucket.file "path/to/my-file.ext", encryption_key: old_key
|
|
942
|
+
#
|
|
943
|
+
# file.rotate encryption_key: old_key, new_kms_key: kms_key_name
|
|
944
|
+
#
|
|
945
|
+
def rotate encryption_key: nil, new_encryption_key: nil,
|
|
946
|
+
new_kms_key: nil
|
|
869
947
|
rewrite bucket, name, encryption_key: encryption_key,
|
|
870
|
-
new_encryption_key: new_encryption_key
|
|
948
|
+
new_encryption_key: new_encryption_key,
|
|
949
|
+
new_kms_key: new_kms_key
|
|
871
950
|
end
|
|
872
951
|
|
|
873
952
|
##
|
|
@@ -1233,7 +1312,8 @@ module Google
|
|
|
1233
1312
|
|
|
1234
1313
|
ensure_service!
|
|
1235
1314
|
|
|
1236
|
-
|
|
1315
|
+
rewrite_attrs = %i[storage_class kms_key_name]
|
|
1316
|
+
@gapi = if attributes.any? { |a| rewrite_attrs.include? a }
|
|
1237
1317
|
rewrite_gapi \
|
|
1238
1318
|
bucket, name, update_gapi, user_project: user_project
|
|
1239
1319
|
else
|
|
@@ -1254,12 +1334,14 @@ module Google
|
|
|
1254
1334
|
def rewrite_gapi bucket, name, updated_gapi,
|
|
1255
1335
|
new_bucket: nil, new_name: nil, acl: nil,
|
|
1256
1336
|
generation: nil, encryption_key: nil,
|
|
1257
|
-
new_encryption_key: nil,
|
|
1337
|
+
new_encryption_key: nil, new_kms_key: nil,
|
|
1338
|
+
user_project: nil
|
|
1258
1339
|
new_bucket ||= bucket
|
|
1259
1340
|
new_name ||= name
|
|
1260
1341
|
options = { acl: File::Acl.predefined_rule_for(acl),
|
|
1261
1342
|
generation: generation, source_key: encryption_key,
|
|
1262
1343
|
destination_key: new_encryption_key,
|
|
1344
|
+
destination_kms_key: new_kms_key,
|
|
1263
1345
|
user_project: user_project }.delete_if { |_k, v| v.nil? }
|
|
1264
1346
|
|
|
1265
1347
|
resp = service.rewrite_file \
|
|
@@ -278,7 +278,8 @@ module Google
|
|
|
278
278
|
cache_control: nil, content_disposition: nil,
|
|
279
279
|
content_encoding: nil, content_language: nil,
|
|
280
280
|
content_type: nil, crc32c: nil, md5: nil, metadata: nil,
|
|
281
|
-
storage_class: nil, key: nil,
|
|
281
|
+
storage_class: nil, key: nil, kms_key: nil,
|
|
282
|
+
user_project: nil
|
|
282
283
|
file_obj = Google::Apis::StorageV1::Object.new(
|
|
283
284
|
{ cache_control: cache_control, content_type: content_type,
|
|
284
285
|
content_disposition: content_disposition, md5_hash: md5,
|
|
@@ -293,7 +294,7 @@ module Google
|
|
|
293
294
|
bucket_name, file_obj,
|
|
294
295
|
name: path, predefined_acl: acl, upload_source: source,
|
|
295
296
|
content_encoding: content_encoding, content_type: content_type,
|
|
296
|
-
user_project: user_project(user_project),
|
|
297
|
+
kms_key_name: kms_key, user_project: user_project(user_project),
|
|
297
298
|
options: key_options(key)
|
|
298
299
|
end
|
|
299
300
|
end
|
|
@@ -316,14 +317,15 @@ module Google
|
|
|
316
317
|
def rewrite_file source_bucket_name, source_file_path,
|
|
317
318
|
destination_bucket_name, destination_file_path,
|
|
318
319
|
file_gapi = nil, source_key: nil, destination_key: nil,
|
|
319
|
-
|
|
320
|
-
user_project: nil
|
|
320
|
+
destination_kms_key: nil, acl: nil, generation: nil,
|
|
321
|
+
token: nil, user_project: nil
|
|
321
322
|
key_options = rewrite_key_options source_key, destination_key
|
|
322
323
|
execute do
|
|
323
324
|
service.rewrite_object \
|
|
324
325
|
source_bucket_name, source_file_path,
|
|
325
326
|
destination_bucket_name, destination_file_path,
|
|
326
327
|
file_gapi,
|
|
328
|
+
destination_kms_key_name: destination_kms_key,
|
|
327
329
|
destination_predefined_acl: acl,
|
|
328
330
|
source_generation: generation,
|
|
329
331
|
rewrite_token: token,
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: google-cloud-storage
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.
|
|
4
|
+
version: 1.12.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Mike Moore
|
|
@@ -9,7 +9,7 @@ authors:
|
|
|
9
9
|
autorequire:
|
|
10
10
|
bindir: bin
|
|
11
11
|
cert_chain: []
|
|
12
|
-
date: 2018-05-
|
|
12
|
+
date: 2018-05-10 00:00:00.000000000 Z
|
|
13
13
|
dependencies:
|
|
14
14
|
- !ruby/object:Gem::Dependency
|
|
15
15
|
name: google-cloud-core
|