Bump version

Author: ddl-rliu

go.mod

@@ -58,4 +58,4 @@ require (
 	google.golang.org/grpc v1.46.0 // indirect
 )
 
-replace github.com/flyteorg/stow => github.com/ddl-rliu/stow v0.0.14
+replace github.com/flyteorg/stow => github.com/ddl-rliu/stow v0.0.15

s3/config.go

@@ -1,7 +1,6 @@
 package s3
 
 import (
-	"log"
 	"net/http"
 	"net/url"
 	"time"
@@ -155,7 +154,6 @@ func newS3Client(config stow.Config, region string) (client *s3.S3, endpoint str
 		awsConfig.WithRegion("us-east-1")
 	}
 
-	log.Printf("role: %s // %s // %s", authType, accessKeyID, secretKey)
 	if authType == authTypeAccessKey {
 		awsConfig.WithCredentials(credentials.NewStaticCredentials(accessKeyID, secretKey, ""))
 	}

s3/container.go

@@ -2,6 +2,7 @@ package s3
 
 import (
 	"context"
+	"encoding/json"
 	"fmt"
 	"io"
 	"log"
@@ -29,6 +30,11 @@ type container struct {
 	extraArgs      string
 }
 
+type S3ExtraArgs struct {
+	ServerSideEncryption string
+	SSEKMSKeyId          string
+}
+
 func (c *container) PreSignRequest(ctx context.Context, clientMethod stow.ClientMethod, id string,
 	params stow.PresignRequestParams) (url string, err error) {
 
@@ -52,19 +58,28 @@ func (c *container) PreSignRequest(ctx context.Context, clientMethod stow.Client
 		}
 		log.Printf("bucket: %s // %s", c.name, id)
 		log.Printf("extra args: %s", c.extraArgs)
-		if bucketEncrypted, sseAlgortihm, encryptionKey := getKmsMasterKeyId(c.client, c.name); bucketEncrypted {
-			log.Printf("sse: %s // %s", sseAlgortihm, encryptionKey)
-			// switch sseAlgortihm {
-			// case s3.ServerSideEncryptionAes256:
-			// 	params.ServerSideEncryption = aws.String(sseAlgortihm)
-			// case s3.ServerSideEncryptionAwsKms:
-			// 	params.ServerSideEncryption = aws.String(sseAlgortihm)
-			// 	if encryptionKey != "" {
-			// 		params.SSEKMSKeyId = aws.String(encryptionKey)
-			// 	}
-			// }
-			params.ServerSideEncryption = aws.String("aws:kms")
-			params.SSEKMSKeyId = aws.String("kmsId") // placeholder - i think the presigned-url setup means this dummy value is sufficient
+
+		// First, try to set SSE using stow.config
+		var extraArgs S3ExtraArgs
+		json.Unmarshal([]byte(c.extraArgs), &extraArgs)
+		log.Printf("extra args: %s // %s", extraArgs.ServerSideEncryption, extraArgs.SSEKMSKeyId)
+
+		if extraArgs.ServerSideEncryption == "" {
+			// As backup, try to set SSE using s3.GetBucketEncryption
+			if bucketEncrypted, sseAlgortihm, encryptionKey := getKmsMasterKeyId(c.client, c.name); bucketEncrypted {
+				log.Printf("sse: %s // %s", sseAlgortihm, encryptionKey)
+				extraArgs.ServerSideEncryption, extraArgs.SSEKMSKeyId = sseAlgortihm, encryptionKey
+			}
+		}
+
+		switch extraArgs.ServerSideEncryption {
+		case s3.ServerSideEncryptionAes256:
+			params.ServerSideEncryption = aws.String(extraArgs.ServerSideEncryption)
+		case s3.ServerSideEncryptionAwsKms:
+			params.ServerSideEncryption = aws.String(extraArgs.ServerSideEncryption)
+			if extraArgs.SSEKMSKeyId != "" {
+				params.SSEKMSKeyId = aws.String(extraArgs.SSEKMSKeyId)
+			}
 		}
 
 		req, _ = c.client.PutObjectRequest(params)