From 8a712efdab2c6461b4b2490eb02371c51f92f418 Mon Sep 17 00:00:00 2001 From: Andy Jewell Date: Wed, 5 Nov 2025 10:22:14 -0500 Subject: [PATCH 1/4] duvet --- .../.duvet/config.toml | 9 +++++++ .../cpp-v2-transition-server/compliance.txt | 25 +++++++++++++++++++ test-server/cpp-v3-server/.duvet/config.toml | 9 +++++++ test-server/cpp-v3-server/compliance.txt | 25 +++++++++++++++++++ 4 files changed, 68 insertions(+) create mode 100644 test-server/cpp-v2-transition-server/compliance.txt create mode 100644 test-server/cpp-v3-server/compliance.txt diff --git a/test-server/cpp-v2-transition-server/.duvet/config.toml b/test-server/cpp-v2-transition-server/.duvet/config.toml index d137df36..752294fb 100644 --- a/test-server/cpp-v2-transition-server/.duvet/config.toml +++ b/test-server/cpp-v2-transition-server/.duvet/config.toml @@ -6,6 +6,15 @@ pattern = "aws-sdk-cpp/src/aws-cpp-sdk-s3-encryption/**/*.cpp" [[source]] pattern = "aws-sdk-cpp/src/aws-cpp-sdk-s3-encryption/**/*.h" +[[source]] +pattern = "aws-sdk-cpp/src/aws-cpp-sdk-core/include/aws/core/utils/crypto/*.h" + +[[source]] +pattern = "aws-sdk-cpp/src/aws-cpp-sdk-core/include/aws/core/utils/crypto/*.cpp" + +[[source]] +pattern = "compliance.txt" + # Include required specifications here [[specification]] source = "../specification/s3-encryption/data-format/content-metadata.md" diff --git a/test-server/cpp-v2-transition-server/compliance.txt b/test-server/cpp-v2-transition-server/compliance.txt new file mode 100644 index 00000000..b6051c5e --- /dev/null +++ b/test-server/cpp-v2-transition-server/compliance.txt @@ -0,0 +1,25 @@ +We're not doing double encoding yet + +//= ../specification/s3-encryption/data-format/metadata-strategy.md#object-metadata +//= type=exception +//# The S3EC SHOULD support decoding the S3 Server's "double encoding". + + + +Yes, this is how we do prefixes. + +//= ../specification/s3-encryption/data-format/content-metadata.md#content-metadata-mapkeys +//= type=exception +//# The "x-amz-meta-" prefix is automatically added by the S3 server and MUST NOT be included in implementation code. + +//= ../specification/s3-encryption/data-format/content-metadata.md#content-metadata-mapkeys +//= type=exception +//# The "x-amz-" prefix denotes that the metadata is owned by an Amazon product and MUST be prepended to all S3EC metadata mapkeys. + + + +We do not support a custom Instruction File suffix under any circumstances. + +//= ../specification/s3-encryption/data-format/metadata-strategy.md#instruction-file +//= type=exception +//# The S3EC MUST NOT support providing a custom Instruction File suffix on ordinary writes; custom suffixes MUST only be used during re-encryption. diff --git a/test-server/cpp-v3-server/.duvet/config.toml b/test-server/cpp-v3-server/.duvet/config.toml index d137df36..752294fb 100644 --- a/test-server/cpp-v3-server/.duvet/config.toml +++ b/test-server/cpp-v3-server/.duvet/config.toml @@ -6,6 +6,15 @@ pattern = "aws-sdk-cpp/src/aws-cpp-sdk-s3-encryption/**/*.cpp" [[source]] pattern = "aws-sdk-cpp/src/aws-cpp-sdk-s3-encryption/**/*.h" +[[source]] +pattern = "aws-sdk-cpp/src/aws-cpp-sdk-core/include/aws/core/utils/crypto/*.h" + +[[source]] +pattern = "aws-sdk-cpp/src/aws-cpp-sdk-core/include/aws/core/utils/crypto/*.cpp" + +[[source]] +pattern = "compliance.txt" + # Include required specifications here [[specification]] source = "../specification/s3-encryption/data-format/content-metadata.md" diff --git a/test-server/cpp-v3-server/compliance.txt b/test-server/cpp-v3-server/compliance.txt new file mode 100644 index 00000000..b6051c5e --- /dev/null +++ b/test-server/cpp-v3-server/compliance.txt @@ -0,0 +1,25 @@ +We're not doing double encoding yet + +//= ../specification/s3-encryption/data-format/metadata-strategy.md#object-metadata +//= type=exception +//# The S3EC SHOULD support decoding the S3 Server's "double encoding". + + + +Yes, this is how we do prefixes. + +//= ../specification/s3-encryption/data-format/content-metadata.md#content-metadata-mapkeys +//= type=exception +//# The "x-amz-meta-" prefix is automatically added by the S3 server and MUST NOT be included in implementation code. + +//= ../specification/s3-encryption/data-format/content-metadata.md#content-metadata-mapkeys +//= type=exception +//# The "x-amz-" prefix denotes that the metadata is owned by an Amazon product and MUST be prepended to all S3EC metadata mapkeys. + + + +We do not support a custom Instruction File suffix under any circumstances. + +//= ../specification/s3-encryption/data-format/metadata-strategy.md#instruction-file +//= type=exception +//# The S3EC MUST NOT support providing a custom Instruction File suffix on ordinary writes; custom suffixes MUST only be used during re-encryption. From 3f7c6ab4da094e471b6ba1e1d58a32112b64402e Mon Sep 17 00:00:00 2001 From: Andy Jewell Date: Wed, 5 Nov 2025 13:07:42 -0500 Subject: [PATCH 2/4] m --- .github/workflows/main.yml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index ac14bcf0..52c3e465 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -18,6 +18,9 @@ jobs: uses: ./.github/workflows/lint.yml run-tests: + permissions: + id-token: write + contents: read name: Run Tests uses: ./.github/workflows/test.yml with: @@ -25,6 +28,10 @@ jobs: secrets: inherit run-duvet: + permissions: + id-token: write + contents: read + pages: write name: Run Duvet uses: ./.github/workflows/duvet.yml secrets: inherit From 37ffd26e87c78e76545d801e174dc7691d0e07b6 Mon Sep 17 00:00:00 2001 From: Andy Jewell Date: Wed, 5 Nov 2025 14:37:42 -0500 Subject: [PATCH 3/4] m --- test-server/cpp-v2-transition-server/.duvet/config.toml | 3 ++- test-server/cpp-v3-server/.duvet/config.toml | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/test-server/cpp-v2-transition-server/.duvet/config.toml b/test-server/cpp-v2-transition-server/.duvet/config.toml index 752294fb..02473837 100644 --- a/test-server/cpp-v2-transition-server/.duvet/config.toml +++ b/test-server/cpp-v2-transition-server/.duvet/config.toml @@ -15,7 +15,8 @@ pattern = "aws-sdk-cpp/src/aws-cpp-sdk-core/include/aws/core/utils/crypto/*.cpp" [[source]] pattern = "compliance.txt" -# Include required specifications here +[[specification]] +source = "../specification/s3-encryption/data-format/client.md" [[specification]] source = "../specification/s3-encryption/data-format/content-metadata.md" [[specification]] diff --git a/test-server/cpp-v3-server/.duvet/config.toml b/test-server/cpp-v3-server/.duvet/config.toml index 752294fb..02473837 100644 --- a/test-server/cpp-v3-server/.duvet/config.toml +++ b/test-server/cpp-v3-server/.duvet/config.toml @@ -15,7 +15,8 @@ pattern = "aws-sdk-cpp/src/aws-cpp-sdk-core/include/aws/core/utils/crypto/*.cpp" [[source]] pattern = "compliance.txt" -# Include required specifications here +[[specification]] +source = "../specification/s3-encryption/data-format/client.md" [[specification]] source = "../specification/s3-encryption/data-format/content-metadata.md" [[specification]] From a5c35db5acf428c3588ff4c66a87624773214357 Mon Sep 17 00:00:00 2001 From: Andy Jewell Date: Wed, 5 Nov 2025 14:39:20 -0500 Subject: [PATCH 4/4] m --- test-server/cpp-v2-transition-server/.duvet/config.toml | 2 +- test-server/cpp-v3-server/.duvet/config.toml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/test-server/cpp-v2-transition-server/.duvet/config.toml b/test-server/cpp-v2-transition-server/.duvet/config.toml index 02473837..cf036140 100644 --- a/test-server/cpp-v2-transition-server/.duvet/config.toml +++ b/test-server/cpp-v2-transition-server/.duvet/config.toml @@ -16,7 +16,7 @@ pattern = "aws-sdk-cpp/src/aws-cpp-sdk-core/include/aws/core/utils/crypto/*.cpp" pattern = "compliance.txt" [[specification]] -source = "../specification/s3-encryption/data-format/client.md" +source = "../specification/s3-encryption/client.md" [[specification]] source = "../specification/s3-encryption/data-format/content-metadata.md" [[specification]] diff --git a/test-server/cpp-v3-server/.duvet/config.toml b/test-server/cpp-v3-server/.duvet/config.toml index 02473837..cf036140 100644 --- a/test-server/cpp-v3-server/.duvet/config.toml +++ b/test-server/cpp-v3-server/.duvet/config.toml @@ -16,7 +16,7 @@ pattern = "aws-sdk-cpp/src/aws-cpp-sdk-core/include/aws/core/utils/crypto/*.cpp" pattern = "compliance.txt" [[specification]] -source = "../specification/s3-encryption/data-format/client.md" +source = "../specification/s3-encryption/client.md" [[specification]] source = "../specification/s3-encryption/data-format/content-metadata.md" [[specification]]