Skip to content

Feat: add bucket encryption enforcement configuration#2718

Open
thiyaguk09 wants to merge 4 commits intomainfrom
feat/bucket-encryption-config
Open

Feat: add bucket encryption enforcement configuration#2718
thiyaguk09 wants to merge 4 commits intomainfrom
feat/bucket-encryption-config

Conversation

@thiyaguk09
Copy link
Contributor

@thiyaguk09 thiyaguk09 commented Feb 5, 2026

Description

This PR implements support for Bucket Encryption Enforcement in the BucketMetadata interface. This feature allows users to restrict object creation based on specific encryption types (Google-managed, Customer-managed, or Customer-supplied).

Key Changes:

  • Added googleManagedEncryptionEnforcementConfig, customerManagedEncryptionEnforcementConfig, and customerSuppliedEncryptionEnforcementConfig to the BucketMetadata interface.
  • Included the server-generated effectiveTime (readonly) and restrictionMode fields for each configuration type.
  • Added three new code samples: setBucketEncryptionEnforcementConfig, getBucketEncryptionEnforcementConfig, and removeAllBucketEncryptionEnforcementConfig.

Impact

This is a non-breaking feature addition. It enables security-conscious users to enforce CMEK-only (Customer-Managed Encryption Keys) policies at the bucket level, aligning the Node.js library with the latest GCS API capabilities.

Testing

  • Unit Tests: Added coverage in test/bucket.ts to verify that metadata is correctly serialized into PATCH requests. All tests follow the recommended pattern of mocking the underlying request layer.
  • System Tests: Added new test cases in system-test/storage.ts that execute the sample scripts against a live GCS project to verify end-to-end functionality and backend state persistence.
  • Samples: Verified that all three new samples run successfully and produce human-readable output.

Additional Information

Note that effectiveTime is treated as a read-only field populated by the server, which is verified in the system tests.

Checklist

  • Make sure to open an issue as a bug/issue before writing your code! That way we can discuss the change, evaluate designs, and agree on the general idea
  • Ensure the tests and linter pass
  • Code coverage does not decrease
  • Appropriate docs were updated
  • Appropriate comments were added, particularly in complex areas or places that require background
  • No new warnings or issues will be generated from this change

Fixes #🦕

@thiyaguk09
feat: add encryption enforcement configuration to bucket metadata
b73b084 
Implement support for GoogleManaged, CustomerManaged, and
CustomerSupplied encryption enforcement configurations in
BucketMetadata.
This allows buckets to restrict object creation based on encryption
types.

- Update BucketMetadata interface with new enforcement config fields
- Add unit tests for metadata parsing, patching, and serialization
- Include JSDoc examples for configuring CMEK-only enforcement
@thiyaguk09
add sample & tests
f2af573
@thiyaguk09
test: add samples and system tests for bucket encryption enforcement
64799ff 
Adds comprehensive code samples and system tests to verify
Google-managed,
Customer-managed, and Customer-supplied encryption enforcement logic.

- Add setBucketEncryptionEnforcementConfig.js sample
- Add getBucketEncryptionEnforcementConfig.js sample
- Add removeAllBucketEncryptionEnforcementConfig.js sample
- Add system tests to verify CLI output and backend metadata state
- Ensure server-side effectiveTime is correctly captured and displayed
@thiyaguk09
fix: typo
1a72da1
@product-auto-label product-auto-label bot added size: l Pull request size is large. api: storage Issues related to the googleapis/nodejs-storage API. labels Feb 5, 2026
@thiyaguk09 thiyaguk09 marked this pull request as ready for review February 5, 2026 10:58
@thiyaguk09 thiyaguk09 requested review from a team as code owners February 5, 2026 10:58
@snippet-bot
Copy link

snippet-bot bot commented Feb 5, 2026

Here is the summary of changes.

You are about to add 3 region tags.

This comment is generated by snippet-bot.
If you find problems with this result, please file an issue at:
https://github.com/googleapis/repo-automation-bots/issues.
To update this comment, add snippet-bot:force-run label or use the checkbox below:

  • Refresh this comment

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

api: storage Issues related to the googleapis/nodejs-storage API. size: l Pull request size is large.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@thiyaguk09