backend/s3: add SSE-C support for AWS, Ceph, and MinIO
This commit is contained in:
parent
ff0a299bfb
commit
815ae7df45
1 changed files with 53 additions and 2 deletions
|
@ -641,7 +641,7 @@ isn't set then "acl" is used instead.`,
|
||||||
}, {
|
}, {
|
||||||
Name: "server_side_encryption",
|
Name: "server_side_encryption",
|
||||||
Help: "The server-side encryption algorithm used when storing this object in S3.",
|
Help: "The server-side encryption algorithm used when storing this object in S3.",
|
||||||
Provider: "AWS",
|
Provider: "AWS,Ceph,Minio",
|
||||||
Examples: []fs.OptionExample{{
|
Examples: []fs.OptionExample{{
|
||||||
Value: "",
|
Value: "",
|
||||||
Help: "None",
|
Help: "None",
|
||||||
|
@ -652,10 +652,22 @@ isn't set then "acl" is used instead.`,
|
||||||
Value: "aws:kms",
|
Value: "aws:kms",
|
||||||
Help: "aws:kms",
|
Help: "aws:kms",
|
||||||
}},
|
}},
|
||||||
|
}, {
|
||||||
|
Name: "sse_customer_algorithm",
|
||||||
|
Help: "If using SSE-C, the server-side encryption algorithm used when storing this object in S3.",
|
||||||
|
Provider: "AWS,Ceph,Minio",
|
||||||
|
Advanced: true,
|
||||||
|
Examples: []fs.OptionExample{{
|
||||||
|
Value: "",
|
||||||
|
Help: "None",
|
||||||
|
}, {
|
||||||
|
Value: "AES256",
|
||||||
|
Help: "AES256",
|
||||||
|
}},
|
||||||
}, {
|
}, {
|
||||||
Name: "sse_kms_key_id",
|
Name: "sse_kms_key_id",
|
||||||
Help: "If using KMS ID you must provide the ARN of Key.",
|
Help: "If using KMS ID you must provide the ARN of Key.",
|
||||||
Provider: "AWS",
|
Provider: "AWS,Ceph,Minio",
|
||||||
Examples: []fs.OptionExample{{
|
Examples: []fs.OptionExample{{
|
||||||
Value: "",
|
Value: "",
|
||||||
Help: "None",
|
Help: "None",
|
||||||
|
@ -663,6 +675,24 @@ isn't set then "acl" is used instead.`,
|
||||||
Value: "arn:aws:kms:us-east-1:*",
|
Value: "arn:aws:kms:us-east-1:*",
|
||||||
Help: "arn:aws:kms:*",
|
Help: "arn:aws:kms:*",
|
||||||
}},
|
}},
|
||||||
|
}, {
|
||||||
|
Name: "sse_customer_key",
|
||||||
|
Help: "If using SSE-C you must provide the secret encyption key used to encrypt/decrypt your data.",
|
||||||
|
Provider: "AWS,Ceph,Minio",
|
||||||
|
Advanced: true,
|
||||||
|
Examples: []fs.OptionExample{{
|
||||||
|
Value: "",
|
||||||
|
Help: "None",
|
||||||
|
}},
|
||||||
|
}, {
|
||||||
|
Name: "sse_customer_key_md5",
|
||||||
|
Help: "If using SSE-C you must provide the secret encryption key MD5 checksum.",
|
||||||
|
Provider: "AWS,Ceph,Minio",
|
||||||
|
Advanced: true,
|
||||||
|
Examples: []fs.OptionExample{{
|
||||||
|
Value: "",
|
||||||
|
Help: "None",
|
||||||
|
}},
|
||||||
}, {
|
}, {
|
||||||
Name: "storage_class",
|
Name: "storage_class",
|
||||||
Help: "The storage class to use when storing new objects in S3.",
|
Help: "The storage class to use when storing new objects in S3.",
|
||||||
|
@ -889,6 +919,9 @@ type Options struct {
|
||||||
BucketACL string `config:"bucket_acl"`
|
BucketACL string `config:"bucket_acl"`
|
||||||
ServerSideEncryption string `config:"server_side_encryption"`
|
ServerSideEncryption string `config:"server_side_encryption"`
|
||||||
SSEKMSKeyID string `config:"sse_kms_key_id"`
|
SSEKMSKeyID string `config:"sse_kms_key_id"`
|
||||||
|
SSECustomerAlgorithm string `config:"sse_customer_algorithm"`
|
||||||
|
SSECustomerKey string `config:"sse_customer_key"`
|
||||||
|
SSECustomerKeyMD5 string `config:"sse_customer_key_md5"`
|
||||||
StorageClass string `config:"storage_class"`
|
StorageClass string `config:"storage_class"`
|
||||||
UploadCutoff fs.SizeSuffix `config:"upload_cutoff"`
|
UploadCutoff fs.SizeSuffix `config:"upload_cutoff"`
|
||||||
CopyCutoff fs.SizeSuffix `config:"copy_cutoff"`
|
CopyCutoff fs.SizeSuffix `config:"copy_cutoff"`
|
||||||
|
@ -2084,6 +2117,15 @@ func (o *Object) Open(ctx context.Context, options ...fs.OpenOption) (in io.Read
|
||||||
Bucket: &bucket,
|
Bucket: &bucket,
|
||||||
Key: &bucketPath,
|
Key: &bucketPath,
|
||||||
}
|
}
|
||||||
|
if o.fs.opt.SSECustomerAlgorithm != "" {
|
||||||
|
req.SSECustomerAlgorithm = &o.fs.opt.SSECustomerAlgorithm
|
||||||
|
}
|
||||||
|
if o.fs.opt.SSECustomerKey != "" {
|
||||||
|
req.SSECustomerKey = &o.fs.opt.SSECustomerKey
|
||||||
|
}
|
||||||
|
if o.fs.opt.SSECustomerKeyMD5 != "" {
|
||||||
|
req.SSECustomerKeyMD5 = &o.fs.opt.SSECustomerKeyMD5
|
||||||
|
}
|
||||||
fs.FixRangeOption(options, o.bytes)
|
fs.FixRangeOption(options, o.bytes)
|
||||||
for _, option := range options {
|
for _, option := range options {
|
||||||
switch option.(type) {
|
switch option.(type) {
|
||||||
|
@ -2351,6 +2393,15 @@ func (o *Object) Update(ctx context.Context, in io.Reader, src fs.ObjectInfo, op
|
||||||
if o.fs.opt.ServerSideEncryption != "" {
|
if o.fs.opt.ServerSideEncryption != "" {
|
||||||
req.ServerSideEncryption = &o.fs.opt.ServerSideEncryption
|
req.ServerSideEncryption = &o.fs.opt.ServerSideEncryption
|
||||||
}
|
}
|
||||||
|
if o.fs.opt.SSECustomerAlgorithm != "" {
|
||||||
|
req.SSECustomerAlgorithm = &o.fs.opt.SSECustomerAlgorithm
|
||||||
|
}
|
||||||
|
if o.fs.opt.SSECustomerKey != "" {
|
||||||
|
req.SSECustomerKey = &o.fs.opt.SSECustomerKey
|
||||||
|
}
|
||||||
|
if o.fs.opt.SSECustomerKeyMD5 != "" {
|
||||||
|
req.SSECustomerKeyMD5 = &o.fs.opt.SSECustomerKeyMD5
|
||||||
|
}
|
||||||
if o.fs.opt.SSEKMSKeyID != "" {
|
if o.fs.opt.SSEKMSKeyID != "" {
|
||||||
req.SSEKMSKeyId = &o.fs.opt.SSEKMSKeyID
|
req.SSEKMSKeyId = &o.fs.opt.SSEKMSKeyID
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue