Update signature of UpdateObjectEncryption (#2215)

rraulinio · web-flow · commit 9ab4afb052fc · 2026-03-25T11:53:35.000-07:00
diff --git a/api-update-object-encryption.go b/api-update-object-encryption.go
@@ -52,6 +52,12 @@ type UpdateObjectEncryptionOptions struct {
 	VersionID string
 }
 
+// UpdateObjectEncryptionResult holds the result of an UpdateObjectEncryption call.
+type UpdateObjectEncryptionResult struct {
+	// VersionID is the version ID of the object that was updated, if versioning is enabled.
+	VersionID string
+}
+
 // UpdateObjectEncryption changes the encryption configuration of an existing object in-place.
 // The object must already be encrypted with SSE-S3 or SSE-KMS. SSE-C objects are not supported.
 // This operation rotates the data encryption key envelope without re-reading/re-writing object data.
@@ -62,19 +68,19 @@ type UpdateObjectEncryptionOptions struct {
 //   - objectName: Name of the object
 //   - opts: Options including KMSKeyArn (required), optional BucketKeyEnabled, and optional VersionID
 //
-// Returns an error if the operation fails.
-func (c *Client) UpdateObjectEncryption(ctx context.Context, bucketName, objectName string, opts UpdateObjectEncryptionOptions) error {
+// Returns the version ID of the updated object (if versioning is enabled) and an error if the operation fails.
+func (c *Client) UpdateObjectEncryption(ctx context.Context, bucketName, objectName string, opts UpdateObjectEncryptionOptions) (UpdateObjectEncryptionResult, error) {
 	// Input validation.
 	if err := s3utils.CheckValidBucketName(bucketName); err != nil {
-		return err
+		return UpdateObjectEncryptionResult{}, err
 	}
 
 	if err := s3utils.CheckValidObjectName(objectName); err != nil {
-		return err
+		return UpdateObjectEncryptionResult{}, err
 	}
 
 	if opts.KMSKeyArn == "" {
-		return errInvalidArgument("KMSKeyArn is required for UpdateObjectEncryption.")
+		return UpdateObjectEncryptionResult{}, errInvalidArgument("KMSKeyArn is required for UpdateObjectEncryption.")
 	}
 
 	// Get resources properly escaped and lined up before
@@ -96,7 +102,7 @@ func (c *Client) UpdateObjectEncryption(ctx context.Context, bucketName, objectN
 
 	bodyData, err := xml.Marshal(reqBody)
 	if err != nil {
-		return err
+		return UpdateObjectEncryptionResult{}, err
 	}
 
 	reqMetadata := requestMetadata{
@@ -113,10 +119,12 @@ func (c *Client) UpdateObjectEncryption(ctx context.Context, bucketName, objectN
 	resp, err := c.executeMethod(ctx, http.MethodPut, reqMetadata)
 	defer closeResponse(resp)
 	if err != nil {
-		return err
+		return UpdateObjectEncryptionResult{}, err
 	}
 	if resp.StatusCode != http.StatusOK {
-		return httpRespToErrorResponse(resp, bucketName, objectName)
+		return UpdateObjectEncryptionResult{}, httpRespToErrorResponse(resp, bucketName, objectName)
 	}
-	return nil
+	return UpdateObjectEncryptionResult{
+		VersionID: resp.Header.Get(amzVersionID),
+	}, nil
 }
diff --git a/api-update-object-encryption_test.go b/api-update-object-encryption_test.go
@@ -92,6 +92,7 @@ func TestUpdateObjectEncryptionSuccess(t *testing.T) {
 		capturedPath = r.URL.Path
 		capturedQuery = r.URL.Query()
 		capturedBody, _ = io.ReadAll(r.Body)
+		w.Header().Set("x-amz-version-id", "returned-version-id")
 		w.WriteHeader(http.StatusOK)
 	}))
 	defer ts.Close()
@@ -116,11 +117,16 @@ func TestUpdateObjectEncryptionSuccess(t *testing.T) {
 		VersionID:        "test-version-id",
 	}
 
-	err = client.UpdateObjectEncryption(context.Background(), "mybucket", "myobject", opts)
+	result, err := client.UpdateObjectEncryption(context.Background(), "mybucket", "myobject", opts)
 	if err != nil {
 		t.Fatalf("UpdateObjectEncryption failed: %v", err)
 	}
 
+	// Verify returned version ID from response header.
+	if result.VersionID != "returned-version-id" {
+		t.Fatalf("Expected VersionID 'returned-version-id', got %q", result.VersionID)
+	}
+
 	// Verify request method.
 	if capturedMethod != http.MethodPut {
 		t.Fatalf("Expected PUT, got %s", capturedMethod)
@@ -178,7 +184,7 @@ func TestUpdateObjectEncryptionNoVersionID(t *testing.T) {
 		t.Fatalf("Failed to create client: %v", err)
 	}
 
-	err = client.UpdateObjectEncryption(context.Background(), "mybucket", "myobject", UpdateObjectEncryptionOptions{
+	_, err = client.UpdateObjectEncryption(context.Background(), "mybucket", "myobject", UpdateObjectEncryptionOptions{
 		KMSKeyArn: "my-key",
 	})
 	if err != nil {
@@ -212,7 +218,7 @@ func TestUpdateObjectEncryptionServerError(t *testing.T) {
 		t.Fatalf("Failed to create client: %v", err)
 	}
 
-	err = client.UpdateObjectEncryption(context.Background(), "mybucket", "myobject", UpdateObjectEncryptionOptions{
+	_, err = client.UpdateObjectEncryption(context.Background(), "mybucket", "myobject", UpdateObjectEncryptionOptions{
 		KMSKeyArn: "my-key",
 	})
 	if err == nil {
@@ -234,7 +240,7 @@ func TestUpdateObjectEncryptionInvalidBucket(t *testing.T) {
 		t.Fatalf("Failed to create client: %v", err)
 	}
 
-	err = client.UpdateObjectEncryption(context.Background(), "", "myobject", UpdateObjectEncryptionOptions{
+	_, err = client.UpdateObjectEncryption(context.Background(), "", "myobject", UpdateObjectEncryptionOptions{
 		KMSKeyArn: "my-key",
 	})
 	if err == nil {
@@ -251,7 +257,7 @@ func TestUpdateObjectEncryptionInvalidObject(t *testing.T) {
 		t.Fatalf("Failed to create client: %v", err)
 	}
 
-	err = client.UpdateObjectEncryption(context.Background(), "mybucket", "", UpdateObjectEncryptionOptions{
+	_, err = client.UpdateObjectEncryption(context.Background(), "mybucket", "", UpdateObjectEncryptionOptions{
 		KMSKeyArn: "my-key",
 	})
 	if err == nil {
@@ -268,7 +274,7 @@ func TestUpdateObjectEncryptionEmptyKMSKeyArn(t *testing.T) {
 		t.Fatalf("Failed to create client: %v", err)
 	}
 
-	err = client.UpdateObjectEncryption(context.Background(), "mybucket", "myobject", UpdateObjectEncryptionOptions{
+	_, err = client.UpdateObjectEncryption(context.Background(), "mybucket", "myobject", UpdateObjectEncryptionOptions{
 		KMSKeyArn: "",
 	})
 	if err == nil {
