forked from TrueCloudLab/distribution
registry/storage/driver/s3-aws kms support
Signed-off-by: Matt Duch <matt@learnmetrics.com>
This commit is contained in:
parent
4c2edee417
commit
789c90ac42
2 changed files with 25 additions and 1 deletions
|
@ -60,6 +60,7 @@ type DriverParameters struct {
|
||||||
Region string
|
Region string
|
||||||
RegionEndpoint string
|
RegionEndpoint string
|
||||||
Encrypt bool
|
Encrypt bool
|
||||||
|
KeyID string
|
||||||
Secure bool
|
Secure bool
|
||||||
ChunkSize int64
|
ChunkSize int64
|
||||||
RootDirectory string
|
RootDirectory string
|
||||||
|
@ -100,6 +101,7 @@ type driver struct {
|
||||||
Bucket string
|
Bucket string
|
||||||
ChunkSize int64
|
ChunkSize int64
|
||||||
Encrypt bool
|
Encrypt bool
|
||||||
|
KeyID string
|
||||||
RootDirectory string
|
RootDirectory string
|
||||||
StorageClass string
|
StorageClass string
|
||||||
}
|
}
|
||||||
|
@ -188,6 +190,11 @@ func FromParameters(parameters map[string]interface{}) (*Driver, error) {
|
||||||
return nil, fmt.Errorf("The secure parameter should be a boolean")
|
return nil, fmt.Errorf("The secure parameter should be a boolean")
|
||||||
}
|
}
|
||||||
|
|
||||||
|
keyID := parameters["keyid"]
|
||||||
|
if keyID == nil {
|
||||||
|
keyID = ""
|
||||||
|
}
|
||||||
|
|
||||||
chunkSize := int64(defaultChunkSize)
|
chunkSize := int64(defaultChunkSize)
|
||||||
chunkSizeParam := parameters["chunksize"]
|
chunkSizeParam := parameters["chunksize"]
|
||||||
switch v := chunkSizeParam.(type) {
|
switch v := chunkSizeParam.(type) {
|
||||||
|
@ -243,6 +250,7 @@ func FromParameters(parameters map[string]interface{}) (*Driver, error) {
|
||||||
region,
|
region,
|
||||||
fmt.Sprint(regionEndpoint),
|
fmt.Sprint(regionEndpoint),
|
||||||
encryptBool,
|
encryptBool,
|
||||||
|
fmt.Sprint(keyID),
|
||||||
secureBool,
|
secureBool,
|
||||||
chunkSize,
|
chunkSize,
|
||||||
fmt.Sprint(rootDirectory),
|
fmt.Sprint(rootDirectory),
|
||||||
|
@ -317,6 +325,7 @@ func New(params DriverParameters) (*Driver, error) {
|
||||||
Bucket: params.Bucket,
|
Bucket: params.Bucket,
|
||||||
ChunkSize: params.ChunkSize,
|
ChunkSize: params.ChunkSize,
|
||||||
Encrypt: params.Encrypt,
|
Encrypt: params.Encrypt,
|
||||||
|
KeyID: params.KeyID,
|
||||||
RootDirectory: params.RootDirectory,
|
RootDirectory: params.RootDirectory,
|
||||||
StorageClass: params.StorageClass,
|
StorageClass: params.StorageClass,
|
||||||
}
|
}
|
||||||
|
@ -353,6 +362,7 @@ func (d *driver) PutContent(ctx context.Context, path string, contents []byte) e
|
||||||
ContentType: d.getContentType(),
|
ContentType: d.getContentType(),
|
||||||
ACL: d.getACL(),
|
ACL: d.getACL(),
|
||||||
ServerSideEncryption: d.getEncryptionMode(),
|
ServerSideEncryption: d.getEncryptionMode(),
|
||||||
|
SSEKMSKeyId: d.getSSEKMSKeyID(),
|
||||||
StorageClass: d.getStorageClass(),
|
StorageClass: d.getStorageClass(),
|
||||||
Body: bytes.NewReader(contents),
|
Body: bytes.NewReader(contents),
|
||||||
})
|
})
|
||||||
|
@ -390,6 +400,7 @@ func (d *driver) Writer(ctx context.Context, path string, append bool) (storaged
|
||||||
ContentType: d.getContentType(),
|
ContentType: d.getContentType(),
|
||||||
ACL: d.getACL(),
|
ACL: d.getACL(),
|
||||||
ServerSideEncryption: d.getEncryptionMode(),
|
ServerSideEncryption: d.getEncryptionMode(),
|
||||||
|
SSEKMSKeyId: d.getSSEKMSKeyID(),
|
||||||
StorageClass: d.getStorageClass(),
|
StorageClass: d.getStorageClass(),
|
||||||
})
|
})
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
@ -534,6 +545,7 @@ func (d *driver) Move(ctx context.Context, sourcePath string, destPath string) e
|
||||||
ContentType: d.getContentType(),
|
ContentType: d.getContentType(),
|
||||||
ACL: d.getACL(),
|
ACL: d.getACL(),
|
||||||
ServerSideEncryption: d.getEncryptionMode(),
|
ServerSideEncryption: d.getEncryptionMode(),
|
||||||
|
SSEKMSKeyId: d.getSSEKMSKeyID(),
|
||||||
StorageClass: d.getStorageClass(),
|
StorageClass: d.getStorageClass(),
|
||||||
CopySource: aws.String(d.Bucket + "/" + d.s3Path(sourcePath)),
|
CopySource: aws.String(d.Bucket + "/" + d.s3Path(sourcePath)),
|
||||||
})
|
})
|
||||||
|
@ -645,9 +657,19 @@ func parseError(path string, err error) error {
|
||||||
}
|
}
|
||||||
|
|
||||||
func (d *driver) getEncryptionMode() *string {
|
func (d *driver) getEncryptionMode() *string {
|
||||||
if d.Encrypt {
|
if !d.Encrypt {
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
if d.KeyID == "" {
|
||||||
return aws.String("AES256")
|
return aws.String("AES256")
|
||||||
}
|
}
|
||||||
|
return aws.String("aws:kms")
|
||||||
|
}
|
||||||
|
|
||||||
|
func (d *driver) getSSEKMSKeyID() *string {
|
||||||
|
if d.KeyID != "" {
|
||||||
|
return aws.String(d.KeyID)
|
||||||
|
}
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -27,6 +27,7 @@ func init() {
|
||||||
secretKey := os.Getenv("AWS_SECRET_KEY")
|
secretKey := os.Getenv("AWS_SECRET_KEY")
|
||||||
bucket := os.Getenv("S3_BUCKET")
|
bucket := os.Getenv("S3_BUCKET")
|
||||||
encrypt := os.Getenv("S3_ENCRYPT")
|
encrypt := os.Getenv("S3_ENCRYPT")
|
||||||
|
keyID := os.Getenv("S3_KEY_ID")
|
||||||
secure := os.Getenv("S3_SECURE")
|
secure := os.Getenv("S3_SECURE")
|
||||||
region := os.Getenv("AWS_REGION")
|
region := os.Getenv("AWS_REGION")
|
||||||
root, err := ioutil.TempDir("", "driver-")
|
root, err := ioutil.TempDir("", "driver-")
|
||||||
|
@ -60,6 +61,7 @@ func init() {
|
||||||
region,
|
region,
|
||||||
regionEndpoint,
|
regionEndpoint,
|
||||||
encryptBool,
|
encryptBool,
|
||||||
|
keyID,
|
||||||
secureBool,
|
secureBool,
|
||||||
minChunkSize,
|
minChunkSize,
|
||||||
rootDirectory,
|
rootDirectory,
|
||||||
|
|
Loading…
Reference in a new issue