Class: S3Secure::Encryption::Enable

Inherits:

Base

• Object
• CLI::Base
• Base
• S3Secure::Encryption::Enable

Defined in:

lib/s3_secure/encryption/enable.rb

Instance Method Summary

• #rule ⇒ Object
• #run ⇒ Object

Methods inherited from CLI::Base

#buckets, #initialize

Methods included from CLI::Say

#say

Methods included from AwsServices

#sts

Methods included from AwsServices::S3

#check_bucket!, #new_s3_regional_client, #region, #region_map, #s3, #s3_client, #s3_regional_client

Constructor Details

This class inherits a constructor from S3Secure::CLI::Base

Instance Method Details

#rule ⇒ Object

# File 'lib/s3_secure/encryption/enable.rb', line 24

def rule
  options = if @options[:kms_key] # SSE-KMS
              {
                sse_algorithm: "aws:kms", # required, accepts AES256, aws:kms
                kms_master_key_id: @options[:kms_key], # "SSEKMSKeyId",
              }
            else # SSE-S3
              { sse_algorithm: "AES256" }
            end
  { apply_server_side_encryption_by_default: options }
end

#run ⇒ Object

# File 'lib/s3_secure/encryption/enable.rb', line 3

def run
  show = Show.new(@options)

  if show.enabled?
    # check rules to see if encryption is already set of some sort
    say "Bucket #{@bucket} already has encryption rules:"
  else
    # Set encryption rules
    # Ruby docs: https://docs.aws.amazon.com/sdk-for-ruby/v3/api/Aws/S3/Client.html#put_bucket_encryption-instance_method
    # API docs: https://docs.aws.amazon.com/AmazonS3/latest/API/API_ServerSideEncryptionByDefault.html
    #
    #    put_bucket_encryption returns #<struct Aws::EmptyStructure>
    #
    s3.put_bucket_encryption(
      bucket: @bucket,
      server_side_encryption_configuration: {
        rules: [rule]})
    say "Encyption enabled on bucket #{@bucket} with rules:"
  end
end