google-cloud-storage 1.11.0 → 1.12.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/google/cloud/storage/bucket.rb +75 -2
- data/lib/google/cloud/storage/file.rb +100 -18
- data/lib/google/cloud/storage/service.rb +6 -4
- data/lib/google/cloud/storage/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 303659292accc44f277af53a486fc796a833b5f9f209923b989d34fd732a03dd
|
|
4
|
+
data.tar.gz: 6d702f3c6ab49d78dd9fba0b836a7b5ebcd0fc00f80c59fe3a2217e441ed1ab1
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: c9cac290f73ce71a32b26f3a8f293ac12813f08c0494435c47736a0533e94719bcfe8697f33c7234466cc11ce1d5db4227edbb14a9cae537654ae558a6924444
|
|
7
|
+
data.tar.gz: e7accc00dc59f35e31548767c33a871a2cabfce2ae2a4c13429aaa445e1436a36457911cc032ac162582381cf8ca6769f433c710c923c8ccc9983d9cce30a158
|
|
@@ -378,6 +378,54 @@ module Google
|
|
|
378
378
|
patch_gapi! :billing
|
|
379
379
|
end
|
|
380
380
|
|
|
381
|
+
##
|
|
382
|
+
# The Cloud KMS encryption key that will be used to protect files.
|
|
383
|
+
# For example: `projects/a/locations/b/keyRings/c/cryptoKeys/d`
|
|
384
|
+
#
|
|
385
|
+
# @return [String, nil] A Cloud KMS encryption key, or `nil` if none
|
|
386
|
+
# has been configured.
|
|
387
|
+
#
|
|
388
|
+
# @example
|
|
389
|
+
# require "google/cloud/storage"
|
|
390
|
+
#
|
|
391
|
+
# storage = Google::Cloud::Storage.new
|
|
392
|
+
#
|
|
393
|
+
# bucket = storage.bucket "my-bucket"
|
|
394
|
+
#
|
|
395
|
+
# # KMS key ring must use the same location as the bucket.
|
|
396
|
+
# kms_key_name = "projects/a/locations/b/keyRings/c/cryptoKeys/d"
|
|
397
|
+
# bucket.default_kms_key = kms_key_name
|
|
398
|
+
#
|
|
399
|
+
# bucket.default_kms_key #=> kms_key_name
|
|
400
|
+
#
|
|
401
|
+
def default_kms_key
|
|
402
|
+
@gapi.encryption && @gapi.encryption.default_kms_key_name
|
|
403
|
+
end
|
|
404
|
+
|
|
405
|
+
##
|
|
406
|
+
# Set the Cloud KMS encryption key that will be used to protect files.
|
|
407
|
+
# For example: `projects/a/locations/b/keyRings/c/cryptoKeys/d`
|
|
408
|
+
#
|
|
409
|
+
# @param [String] new_default_kms_key New Cloud KMS key name
|
|
410
|
+
#
|
|
411
|
+
# @example
|
|
412
|
+
# require "google/cloud/storage"
|
|
413
|
+
#
|
|
414
|
+
# storage = Google::Cloud::Storage.new
|
|
415
|
+
#
|
|
416
|
+
# bucket = storage.bucket "my-bucket"
|
|
417
|
+
#
|
|
418
|
+
# # KMS key ring must use the same location as the bucket.
|
|
419
|
+
# kms_key_name = "projects/a/locations/b/keyRings/c/cryptoKeys/d"
|
|
420
|
+
#
|
|
421
|
+
# bucket.default_kms_key = kms_key_name
|
|
422
|
+
#
|
|
423
|
+
def default_kms_key= new_default_kms_key
|
|
424
|
+
@gapi.encryption = Google::Apis::StorageV1::Bucket::Encryption.new \
|
|
425
|
+
default_kms_key_name: new_default_kms_key
|
|
426
|
+
patch_gapi! :encryption
|
|
427
|
+
end
|
|
428
|
+
|
|
381
429
|
##
|
|
382
430
|
# Updates the bucket with changes made in the given block in a single
|
|
383
431
|
# PATCH request. The following attributes may be set: {#cors},
|
|
@@ -645,7 +693,15 @@ module Google
|
|
|
645
693
|
# Class](https://cloud.google.com/storage/docs/per-object-storage-class).
|
|
646
694
|
# The default value is the default storage class for the bucket.
|
|
647
695
|
# @param [String] encryption_key Optional. A customer-supplied, AES-256
|
|
648
|
-
# encryption key that will be used to encrypt the file.
|
|
696
|
+
# encryption key that will be used to encrypt the file. Do not provide
|
|
697
|
+
# if `kms_key` is used.
|
|
698
|
+
# @param [String] kms_key Optional. Resource name of the Cloud KMS
|
|
699
|
+
# key, of the form
|
|
700
|
+
# `projects/my-prj/locations/kr-loc/keyRings/my-kr/cryptoKeys/my-key`,
|
|
701
|
+
# that will be used to encrypt the file. The KMS key ring must use
|
|
702
|
+
# the same location as the bucket.The Service Account associated with
|
|
703
|
+
# your project requires access to this encryption key. Do not provide
|
|
704
|
+
# if `encryption_key` is used.
|
|
649
705
|
#
|
|
650
706
|
# @return [Google::Cloud::Storage::File]
|
|
651
707
|
#
|
|
@@ -687,6 +743,22 @@ module Google
|
|
|
687
743
|
# file = bucket.file "destination/path/file.ext",
|
|
688
744
|
# encryption_key: key
|
|
689
745
|
#
|
|
746
|
+
# @example Providing a customer-managed Cloud KMS encryption key:
|
|
747
|
+
# require "google/cloud/storage"
|
|
748
|
+
#
|
|
749
|
+
# storage = Google::Cloud::Storage.new
|
|
750
|
+
# bucket = storage.bucket "my-bucket"
|
|
751
|
+
#
|
|
752
|
+
# # KMS key ring must use the same location as the bucket.
|
|
753
|
+
# kms_key_name = "projects/a/locations/b/keyRings/c/cryptoKeys/d"
|
|
754
|
+
#
|
|
755
|
+
# bucket.create_file "path/to/local.file.ext",
|
|
756
|
+
# "destination/path/file.ext",
|
|
757
|
+
# kms_key: kms_key_name
|
|
758
|
+
#
|
|
759
|
+
# file = bucket.file "destination/path/file.ext"
|
|
760
|
+
# file.kms_key #=> kms_key_name
|
|
761
|
+
#
|
|
690
762
|
# @example Create a file with gzip-encoded data.
|
|
691
763
|
# require "zlib"
|
|
692
764
|
# require "google/cloud/storage"
|
|
@@ -717,13 +789,14 @@ module Google
|
|
|
717
789
|
content_disposition: nil, content_encoding: nil,
|
|
718
790
|
content_language: nil, content_type: nil,
|
|
719
791
|
crc32c: nil, md5: nil, metadata: nil,
|
|
720
|
-
storage_class: nil, encryption_key: nil
|
|
792
|
+
storage_class: nil, encryption_key: nil, kms_key: nil
|
|
721
793
|
ensure_service!
|
|
722
794
|
options = { acl: File::Acl.predefined_rule_for(acl), md5: md5,
|
|
723
795
|
cache_control: cache_control, content_type: content_type,
|
|
724
796
|
content_disposition: content_disposition, crc32c: crc32c,
|
|
725
797
|
content_encoding: content_encoding, metadata: metadata,
|
|
726
798
|
content_language: content_language, key: encryption_key,
|
|
799
|
+
kms_key: kms_key,
|
|
727
800
|
storage_class: storage_class_for(storage_class),
|
|
728
801
|
user_project: user_project }
|
|
729
802
|
ensure_io_or_file_exists! file
|
|
@@ -308,6 +308,23 @@ module Google
|
|
|
308
308
|
Base64.decode64 @gapi.customer_encryption.key_sha256
|
|
309
309
|
end
|
|
310
310
|
|
|
311
|
+
##
|
|
312
|
+
# The Cloud KMS encryption key that was used to protect the file, or
|
|
313
|
+
# `nil` if none has been configured.
|
|
314
|
+
#
|
|
315
|
+
# @see https://cloud.google.com/kms/docs/ Cloud Key Management Service
|
|
316
|
+
# Documentation
|
|
317
|
+
#
|
|
318
|
+
# @return [String, nil] A Cloud KMS encryption key, or `nil` if none has
|
|
319
|
+
# been configured.
|
|
320
|
+
#
|
|
321
|
+
# @see https://cloud.google.com/kms/docs/ Cloud Key Management Service
|
|
322
|
+
# Documentation
|
|
323
|
+
#
|
|
324
|
+
def kms_key
|
|
325
|
+
@gapi.kms_key_name
|
|
326
|
+
end
|
|
327
|
+
|
|
311
328
|
##
|
|
312
329
|
# The file's storage class. This defines how the file is stored and
|
|
313
330
|
# determines the SLA and the cost of storage. For more information, see
|
|
@@ -320,11 +337,16 @@ module Google
|
|
|
320
337
|
end
|
|
321
338
|
|
|
322
339
|
##
|
|
323
|
-
#
|
|
324
|
-
# storage. Accepted values include
|
|
325
|
-
#
|
|
326
|
-
#
|
|
327
|
-
#
|
|
340
|
+
# Rewrites the file with a new storage class, which determines the SLA
|
|
341
|
+
# and the cost of storage. Accepted values include:
|
|
342
|
+
#
|
|
343
|
+
# * `:multi_regional`
|
|
344
|
+
# * `:regional`
|
|
345
|
+
# * `:nearline`
|
|
346
|
+
# * `:coldline`
|
|
347
|
+
#
|
|
348
|
+
# as well as the equivalent strings returned by {File#storage_class} or
|
|
349
|
+
# {Bucket#storage_class}. For more information, see [Storage
|
|
328
350
|
# Classes](https://cloud.google.com/storage/docs/storage-classes) and
|
|
329
351
|
# [Per-Object Storage
|
|
330
352
|
# Class](https://cloud.google.com/storage/docs/per-object-storage-class).
|
|
@@ -718,9 +740,18 @@ module Google
|
|
|
718
740
|
# @param [String] encryption_key Optional. The customer-supplied,
|
|
719
741
|
# AES-256 encryption key used to decrypt the file, if the existing
|
|
720
742
|
# file is encrypted.
|
|
721
|
-
# @param [String] new_encryption_key Optional. The
|
|
722
|
-
# AES-256 encryption key
|
|
723
|
-
# file
|
|
743
|
+
# @param [String, nil] new_encryption_key Optional. The new
|
|
744
|
+
# customer-supplied, AES-256 encryption key with which to encrypt the
|
|
745
|
+
# file. If not provided, the rewritten file will be encrypted using
|
|
746
|
+
# the default server-side encryption, or the `new_kms_key` if one is
|
|
747
|
+
# provided. Do not provide if `new_kms_key` is used.
|
|
748
|
+
# @param [String] new_kms_key Optional. Resource name of the Cloud KMS
|
|
749
|
+
# key, of the form
|
|
750
|
+
# `projects/my-prj/locations/kr-loc/keyRings/my-kr/cryptoKeys/my-key`,
|
|
751
|
+
# that will be used to encrypt the file. The KMS key ring must use
|
|
752
|
+
# the same location as the bucket.The Service Account associated with
|
|
753
|
+
# your project requires access to this encryption key. Do not provide
|
|
754
|
+
# if `new_encryption_key` is used.
|
|
724
755
|
# @yield [file] a block yielding a delegate object for updating
|
|
725
756
|
#
|
|
726
757
|
# @return [Google::Cloud::Storage::File]
|
|
@@ -770,7 +801,7 @@ module Google
|
|
|
770
801
|
# f.metadata["rewritten_from"] = "#{file.bucket}/#{file.name}"
|
|
771
802
|
# end
|
|
772
803
|
#
|
|
773
|
-
# @example
|
|
804
|
+
# @example Rewriting with a customer-supplied encryption key:
|
|
774
805
|
# require "google/cloud/storage"
|
|
775
806
|
#
|
|
776
807
|
# storage = Google::Cloud::Storage.new
|
|
@@ -793,9 +824,31 @@ module Google
|
|
|
793
824
|
# f.metadata["rewritten_from"] = "#{file.bucket}/#{file.name}"
|
|
794
825
|
# end
|
|
795
826
|
#
|
|
827
|
+
# @example Rewriting with a customer-managed Cloud KMS encryption key:
|
|
828
|
+
# require "google/cloud/storage"
|
|
829
|
+
#
|
|
830
|
+
# storage = Google::Cloud::Storage.new
|
|
831
|
+
#
|
|
832
|
+
# bucket = storage.bucket "my-bucket"
|
|
833
|
+
#
|
|
834
|
+
# # KMS key ring must use the same location as the bucket.
|
|
835
|
+
# kms_key_name = "projects/a/locations/b/keyRings/c/cryptoKeys/d"
|
|
836
|
+
#
|
|
837
|
+
# # Old customer-supplied key was stored securely for later use.
|
|
838
|
+
# old_key = "y\x03\"\x0E\xB6\xD3\x9B\x0E\xAB*\x19\xFAv\xDEY\xBEI..."
|
|
839
|
+
#
|
|
840
|
+
# file = bucket.file "path/to/my-file.ext"
|
|
841
|
+
# file.rewrite "new-destination-bucket",
|
|
842
|
+
# "path/to/destination/file.ext",
|
|
843
|
+
# encryption_key: old_key,
|
|
844
|
+
# new_kms_key: kms_key_name do |f|
|
|
845
|
+
# f.metadata["rewritten_from"] = "#{file.bucket}/#{file.name}"
|
|
846
|
+
# end
|
|
847
|
+
#
|
|
796
848
|
def rewrite dest_bucket_or_path, dest_path = nil,
|
|
797
849
|
acl: nil, generation: nil,
|
|
798
|
-
encryption_key: nil, new_encryption_key: nil
|
|
850
|
+
encryption_key: nil, new_encryption_key: nil,
|
|
851
|
+
new_kms_key: nil
|
|
799
852
|
ensure_service!
|
|
800
853
|
dest_bucket, dest_path = fix_rewrite_args dest_bucket_or_path,
|
|
801
854
|
dest_path
|
|
@@ -815,6 +868,7 @@ module Google
|
|
|
815
868
|
acl: acl, generation: generation,
|
|
816
869
|
encryption_key: encryption_key,
|
|
817
870
|
new_encryption_key: new_encryption_key,
|
|
871
|
+
new_kms_key: new_kms_key,
|
|
818
872
|
user_project: user_project
|
|
819
873
|
|
|
820
874
|
File.from_gapi new_gapi, service, user_project: user_project
|
|
@@ -841,13 +895,20 @@ module Google
|
|
|
841
895
|
# if one was used.
|
|
842
896
|
# @param [String, nil] new_encryption_key Optional. The new
|
|
843
897
|
# customer-supplied, AES-256 encryption key with which to encrypt the
|
|
844
|
-
# file. If
|
|
845
|
-
# default server-side encryption,
|
|
846
|
-
#
|
|
898
|
+
# file. If not provided, the rewritten file will be encrypted using
|
|
899
|
+
# the default server-side encryption, or the `new_kms_key` if one is
|
|
900
|
+
# provided. Do not provide if `new_kms_key` is used.
|
|
901
|
+
# @param [String] new_kms_key Optional. Resource name of the Cloud KMS
|
|
902
|
+
# key, of the form
|
|
903
|
+
# `projects/my-prj/locations/kr-loc/keyRings/my-kr/cryptoKeys/my-key`,
|
|
904
|
+
# that will be used to encrypt the file. The KMS key ring must use
|
|
905
|
+
# the same location as the bucket.The Service Account associated with
|
|
906
|
+
# your project requires access to this encryption key. Do not provide
|
|
907
|
+
# if `new_encryption_key` is used.
|
|
847
908
|
#
|
|
848
909
|
# @return [Google::Cloud::Storage::File]
|
|
849
910
|
#
|
|
850
|
-
# @example
|
|
911
|
+
# @example Rotating to a new customer-supplied encryption key:
|
|
851
912
|
# require "google/cloud/storage"
|
|
852
913
|
#
|
|
853
914
|
# storage = Google::Cloud::Storage.new
|
|
@@ -865,9 +926,27 @@ module Google
|
|
|
865
926
|
#
|
|
866
927
|
# file.rotate encryption_key: old_key, new_encryption_key: new_key
|
|
867
928
|
#
|
|
868
|
-
|
|
929
|
+
# @example Rotating to a customer-managed Cloud KMS encryption key:
|
|
930
|
+
# require "google/cloud/storage"
|
|
931
|
+
#
|
|
932
|
+
# storage = Google::Cloud::Storage.new
|
|
933
|
+
# bucket = storage.bucket "my-bucket"
|
|
934
|
+
#
|
|
935
|
+
# # KMS key ring must use the same location as the bucket.
|
|
936
|
+
# kms_key_name = "projects/a/locations/b/keyRings/c/cryptoKeys/d"
|
|
937
|
+
#
|
|
938
|
+
# # Old key was stored securely for later use.
|
|
939
|
+
# old_key = "y\x03\"\x0E\xB6\xD3\x9B\x0E\xAB*\x19\xFAv\xDEY\xBEI..."
|
|
940
|
+
#
|
|
941
|
+
# file = bucket.file "path/to/my-file.ext", encryption_key: old_key
|
|
942
|
+
#
|
|
943
|
+
# file.rotate encryption_key: old_key, new_kms_key: kms_key_name
|
|
944
|
+
#
|
|
945
|
+
def rotate encryption_key: nil, new_encryption_key: nil,
|
|
946
|
+
new_kms_key: nil
|
|
869
947
|
rewrite bucket, name, encryption_key: encryption_key,
|
|
870
|
-
new_encryption_key: new_encryption_key
|
|
948
|
+
new_encryption_key: new_encryption_key,
|
|
949
|
+
new_kms_key: new_kms_key
|
|
871
950
|
end
|
|
872
951
|
|
|
873
952
|
##
|
|
@@ -1233,7 +1312,8 @@ module Google
|
|
|
1233
1312
|
|
|
1234
1313
|
ensure_service!
|
|
1235
1314
|
|
|
1236
|
-
|
|
1315
|
+
rewrite_attrs = %i[storage_class kms_key_name]
|
|
1316
|
+
@gapi = if attributes.any? { |a| rewrite_attrs.include? a }
|
|
1237
1317
|
rewrite_gapi \
|
|
1238
1318
|
bucket, name, update_gapi, user_project: user_project
|
|
1239
1319
|
else
|
|
@@ -1254,12 +1334,14 @@ module Google
|
|
|
1254
1334
|
def rewrite_gapi bucket, name, updated_gapi,
|
|
1255
1335
|
new_bucket: nil, new_name: nil, acl: nil,
|
|
1256
1336
|
generation: nil, encryption_key: nil,
|
|
1257
|
-
new_encryption_key: nil,
|
|
1337
|
+
new_encryption_key: nil, new_kms_key: nil,
|
|
1338
|
+
user_project: nil
|
|
1258
1339
|
new_bucket ||= bucket
|
|
1259
1340
|
new_name ||= name
|
|
1260
1341
|
options = { acl: File::Acl.predefined_rule_for(acl),
|
|
1261
1342
|
generation: generation, source_key: encryption_key,
|
|
1262
1343
|
destination_key: new_encryption_key,
|
|
1344
|
+
destination_kms_key: new_kms_key,
|
|
1263
1345
|
user_project: user_project }.delete_if { |_k, v| v.nil? }
|
|
1264
1346
|
|
|
1265
1347
|
resp = service.rewrite_file \
|
|
@@ -278,7 +278,8 @@ module Google
|
|
|
278
278
|
cache_control: nil, content_disposition: nil,
|
|
279
279
|
content_encoding: nil, content_language: nil,
|
|
280
280
|
content_type: nil, crc32c: nil, md5: nil, metadata: nil,
|
|
281
|
-
storage_class: nil, key: nil,
|
|
281
|
+
storage_class: nil, key: nil, kms_key: nil,
|
|
282
|
+
user_project: nil
|
|
282
283
|
file_obj = Google::Apis::StorageV1::Object.new(
|
|
283
284
|
{ cache_control: cache_control, content_type: content_type,
|
|
284
285
|
content_disposition: content_disposition, md5_hash: md5,
|
|
@@ -293,7 +294,7 @@ module Google
|
|
|
293
294
|
bucket_name, file_obj,
|
|
294
295
|
name: path, predefined_acl: acl, upload_source: source,
|
|
295
296
|
content_encoding: content_encoding, content_type: content_type,
|
|
296
|
-
user_project: user_project(user_project),
|
|
297
|
+
kms_key_name: kms_key, user_project: user_project(user_project),
|
|
297
298
|
options: key_options(key)
|
|
298
299
|
end
|
|
299
300
|
end
|
|
@@ -316,14 +317,15 @@ module Google
|
|
|
316
317
|
def rewrite_file source_bucket_name, source_file_path,
|
|
317
318
|
destination_bucket_name, destination_file_path,
|
|
318
319
|
file_gapi = nil, source_key: nil, destination_key: nil,
|
|
319
|
-
|
|
320
|
-
user_project: nil
|
|
320
|
+
destination_kms_key: nil, acl: nil, generation: nil,
|
|
321
|
+
token: nil, user_project: nil
|
|
321
322
|
key_options = rewrite_key_options source_key, destination_key
|
|
322
323
|
execute do
|
|
323
324
|
service.rewrite_object \
|
|
324
325
|
source_bucket_name, source_file_path,
|
|
325
326
|
destination_bucket_name, destination_file_path,
|
|
326
327
|
file_gapi,
|
|
328
|
+
destination_kms_key_name: destination_kms_key,
|
|
327
329
|
destination_predefined_acl: acl,
|
|
328
330
|
source_generation: generation,
|
|
329
331
|
rewrite_token: token,
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: google-cloud-storage
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.
|
|
4
|
+
version: 1.12.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Mike Moore
|
|
@@ -9,7 +9,7 @@ authors:
|
|
|
9
9
|
autorequire:
|
|
10
10
|
bindir: bin
|
|
11
11
|
cert_chain: []
|
|
12
|
-
date: 2018-05-
|
|
12
|
+
date: 2018-05-10 00:00:00.000000000 Z
|
|
13
13
|
dependencies:
|
|
14
14
|
- !ruby/object:Gem::Dependency
|
|
15
15
|
name: google-cloud-core
|