Add AES256 server-side encryption for s3 - Fixes #491

Add a configuration key and support for AES256 server-side encryption.
This commit is contained in:
Justin R. Wilson 2016-06-14 15:22:54 -05:00 committed by Nick Craig-Wood
parent d3dd672640
commit 6e35a3b3ce
2 changed files with 22 additions and 0 deletions

View file

@ -121,6 +121,13 @@ Choose a number from below, or type in your own value
9 / South America (Sao Paulo) Region. 9 / South America (Sao Paulo) Region.
\ "sa-east-1" \ "sa-east-1"
location_constraint> 1 location_constraint> 1
The server-side encryption algorithm used when storing this object in S3.
Choose a number from below, or type in your own value
1 / None
\ ""
2 / AES256
\ "AES256"
server_side_encryption>
Remote config Remote config
-------------------- --------------------
[remote] [remote]

View file

@ -134,6 +134,16 @@ func init() {
Value: "sa-east-1", Value: "sa-east-1",
Help: "South America (Sao Paulo) Region.", Help: "South America (Sao Paulo) Region.",
}}, }},
}, {
Name: "server_side_encryption",
Help: "The server-side encryption algorithm used when storing this object in S3.",
Examples: []fs.OptionExample{{
Value: "",
Help: "None",
}, {
Value: "AES256",
Help: "AES256",
}},
}}, }},
}) })
} }
@ -154,6 +164,7 @@ type Fs struct {
perm string // permissions for new buckets / objects perm string // permissions for new buckets / objects
root string // root of the bucket - ignore all objects above this root string // root of the bucket - ignore all objects above this
locationConstraint string // location constraint of new buckets locationConstraint string // location constraint of new buckets
sse string // the type of server-side encryption
} }
// Object describes a s3 object // Object describes a s3 object
@ -303,6 +314,7 @@ func NewFs(name, root string) (fs.Fs, error) {
// FIXME perm: s3.Private, // FIXME need user to specify // FIXME perm: s3.Private, // FIXME need user to specify
root: directory, root: directory,
locationConstraint: fs.ConfigFile.MustValue(name, "location_constraint"), locationConstraint: fs.ConfigFile.MustValue(name, "location_constraint"),
sse: fs.ConfigFile.MustValue(name, "server_side_encryption"),
} }
if f.root != "" { if f.root != "" {
f.root += "/" f.root += "/"
@ -814,6 +826,9 @@ func (o *Object) Update(in io.Reader, src fs.ObjectInfo) error {
Metadata: metadata, Metadata: metadata,
//ContentLength: &size, //ContentLength: &size,
} }
if o.fs.sse != "" {
req.ServerSideEncryption = &o.fs.sse
}
_, err := uploader.Upload(&req) _, err := uploader.Upload(&req)
if err != nil { if err != nil {
return err return err