copy: support server-side encryption settings#137
Conversation
|
Build artifact for this PR: |
There was a problem hiding this comment.
Pull request overview
Adds support for server-side encryption configuration to the copy command by introducing a dedicated source-sse input for decrypting SSE-C sources and forwarding both source/destination encryption settings into the SDK copy APIs, with documentation and tests to ensure keys are masked in logs.
Changes:
- Extend SSE parsing to support an input-name override and to disallow SSE-B2 where appropriate (for
source-sse). - Parse and scrub
source-sse, and forwardsourceServerSideEncryption/destinationServerSideEncryptioninto small + large copy calls. - Document the new
copySSE surface and add tests for forwarding + redaction.
Reviewed changes
Copilot reviewed 9 out of 11 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
| src/sse.ts | Adds parsing options for input naming and disallowing SSE-B2 for source-sse. |
| src/inputs.ts | Adds source-sse parsing, secret scrubbing, and exposes parsed source encryption on ParsedInputs. |
| src/commands/copy.ts | Forwards parsed source/destination encryption settings into SDK copy calls. |
| README.md | Documents source-sse and clarifies sse semantics for copy. |
| action.yml | Adds source-sse input and updates sse description. |
| tests/sse.test.ts | Adds coverage for rejecting SSE-B2 when parsing source-sse. |
| tests/inputs.test.ts | Adds coverage for masking and parsing source-sse. |
| tests/commands/delete-copy-presign.test.ts | Adds coverage for SSE forwarding to small/large copy and ensures keys don’t appear in stdout. |
| tests/_parsed-inputs.ts | Updates parsed-inputs helper to include the new fields. |
| dist/index.js | Updates the bundled action output to reflect source changes. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
|
Build artifact for this PR: |
|
Build artifact for this PR: |
|
Build artifact for this PR: |
|
Build artifact for this PR: |
|
Build artifact for this PR: |
|
Build artifact for this PR: |
6b348ce to
688f423
Compare
|
Build artifact for this PR: |
Summary
source-ssefor copy source SSE-C keys, mask raw key values before validation failures can reach logs, and forward source/destination SSE settings into copy requests.Closes #96
Tests
pnpm lintpnpm docs:check-action-ymlpnpm run docspnpm typecheckpnpm testpnpm buildpnpm exec vitest run __tests__/commands/delete-copy-presign.test.ts --reporter=dotpnpm exec vitest run __tests__/sse.test.ts --reporter=dotgit diff --checkFollow-up notes