diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index ac14bcf0..52c3e465 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -18,6 +18,9 @@ jobs: uses: ./.github/workflows/lint.yml run-tests: + permissions: + id-token: write + contents: read name: Run Tests uses: ./.github/workflows/test.yml with: @@ -25,6 +28,10 @@ jobs: secrets: inherit run-duvet: + permissions: + id-token: write + contents: read + pages: write name: Run Duvet uses: ./.github/workflows/duvet.yml secrets: inherit diff --git a/test-server/cpp-v2-transition-server/.duvet/config.toml b/test-server/cpp-v2-transition-server/.duvet/config.toml index d137df36..cf036140 100644 --- a/test-server/cpp-v2-transition-server/.duvet/config.toml +++ b/test-server/cpp-v2-transition-server/.duvet/config.toml @@ -6,7 +6,17 @@ pattern = "aws-sdk-cpp/src/aws-cpp-sdk-s3-encryption/**/*.cpp" [[source]] pattern = "aws-sdk-cpp/src/aws-cpp-sdk-s3-encryption/**/*.h" -# Include required specifications here +[[source]] +pattern = "aws-sdk-cpp/src/aws-cpp-sdk-core/include/aws/core/utils/crypto/*.h" + +[[source]] +pattern = "aws-sdk-cpp/src/aws-cpp-sdk-core/include/aws/core/utils/crypto/*.cpp" + +[[source]] +pattern = "compliance.txt" + +[[specification]] +source = "../specification/s3-encryption/client.md" [[specification]] source = "../specification/s3-encryption/data-format/content-metadata.md" [[specification]] diff --git a/test-server/cpp-v2-transition-server/compliance.txt b/test-server/cpp-v2-transition-server/compliance.txt new file mode 100644 index 00000000..b6051c5e --- /dev/null +++ b/test-server/cpp-v2-transition-server/compliance.txt @@ -0,0 +1,25 @@ +We're not doing double encoding yet + +//= ../specification/s3-encryption/data-format/metadata-strategy.md#object-metadata +//= type=exception +//# The S3EC SHOULD support decoding the S3 Server's "double encoding". + + + +Yes, this is how we do prefixes. + +//= ../specification/s3-encryption/data-format/content-metadata.md#content-metadata-mapkeys +//= type=exception +//# The "x-amz-meta-" prefix is automatically added by the S3 server and MUST NOT be included in implementation code. + +//= ../specification/s3-encryption/data-format/content-metadata.md#content-metadata-mapkeys +//= type=exception +//# The "x-amz-" prefix denotes that the metadata is owned by an Amazon product and MUST be prepended to all S3EC metadata mapkeys. + + + +We do not support a custom Instruction File suffix under any circumstances. + +//= ../specification/s3-encryption/data-format/metadata-strategy.md#instruction-file +//= type=exception +//# The S3EC MUST NOT support providing a custom Instruction File suffix on ordinary writes; custom suffixes MUST only be used during re-encryption. diff --git a/test-server/cpp-v3-server/.duvet/config.toml b/test-server/cpp-v3-server/.duvet/config.toml index d137df36..cf036140 100644 --- a/test-server/cpp-v3-server/.duvet/config.toml +++ b/test-server/cpp-v3-server/.duvet/config.toml @@ -6,7 +6,17 @@ pattern = "aws-sdk-cpp/src/aws-cpp-sdk-s3-encryption/**/*.cpp" [[source]] pattern = "aws-sdk-cpp/src/aws-cpp-sdk-s3-encryption/**/*.h" -# Include required specifications here +[[source]] +pattern = "aws-sdk-cpp/src/aws-cpp-sdk-core/include/aws/core/utils/crypto/*.h" + +[[source]] +pattern = "aws-sdk-cpp/src/aws-cpp-sdk-core/include/aws/core/utils/crypto/*.cpp" + +[[source]] +pattern = "compliance.txt" + +[[specification]] +source = "../specification/s3-encryption/client.md" [[specification]] source = "../specification/s3-encryption/data-format/content-metadata.md" [[specification]] diff --git a/test-server/cpp-v3-server/compliance.txt b/test-server/cpp-v3-server/compliance.txt new file mode 100644 index 00000000..b6051c5e --- /dev/null +++ b/test-server/cpp-v3-server/compliance.txt @@ -0,0 +1,25 @@ +We're not doing double encoding yet + +//= ../specification/s3-encryption/data-format/metadata-strategy.md#object-metadata +//= type=exception +//# The S3EC SHOULD support decoding the S3 Server's "double encoding". + + + +Yes, this is how we do prefixes. + +//= ../specification/s3-encryption/data-format/content-metadata.md#content-metadata-mapkeys +//= type=exception +//# The "x-amz-meta-" prefix is automatically added by the S3 server and MUST NOT be included in implementation code. + +//= ../specification/s3-encryption/data-format/content-metadata.md#content-metadata-mapkeys +//= type=exception +//# The "x-amz-" prefix denotes that the metadata is owned by an Amazon product and MUST be prepended to all S3EC metadata mapkeys. + + + +We do not support a custom Instruction File suffix under any circumstances. + +//= ../specification/s3-encryption/data-format/metadata-strategy.md#instruction-file +//= type=exception +//# The S3EC MUST NOT support providing a custom Instruction File suffix on ordinary writes; custom suffixes MUST only be used during re-encryption.