Skip to content

Commit

Permalink
enable S3 serverside encryption (#52)
Browse files Browse the repository at this point in the history 
* enable encryption

* Add variable description

* Fix readme

* fix breakup when AWS_S3_SSE is not provided

* fix pointers
  • Loading branch information
@nexusix @hypnoglow
nexusix authored and hypnoglow committed Oct 5, 2018
1 parent 319c9b3 commit 96b3581
Show file tree
Hide file tree
Showing 2 changed files with 29 additions and 10 deletions.
4 changes: 4 additions & 0 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -192,6 +192,10 @@ and others. To configure the plugin to work alternative S3 backend, just define

See [these integration tests](https://github.com/hypnoglow/helm-s3/blob/master/hack/integration-tests-local.sh#L10) that use local minio docker container for a complete example.

## Using S3 bucket ServerSide Encryption

To enable S3 SSE export environment variable `AWS_S3_SSE` and set it to desired type for example `AES256`.

## Documentation

Additional documentation is available in the [docs](docs) directory. This currently includes:
Expand Down
35 changes: 25 additions & 10 deletions internal/awss3/storage.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@ import (
"fmt"
"io"
"net/url"
"os"
"strings"

"github.com/aws/aws-sdk-go/aws"
Expand All @@ -20,6 +21,11 @@ import (
"k8s.io/helm/pkg/provenance"
)

const (
// selects serverside encryption for bucket
awsS3encryption = "AWS_S3_SSE"
)

var (
// ErrBucketNotFound signals that a bucket was not found.
ErrBucketNotFound = errors.New("bucket not found")
Expand All @@ -33,6 +39,15 @@ func New(session *session.Session) *Storage {
return &Storage{session: session}
}

// Returns desired encryption
func getSSE() *string {
sse := os.Getenv(awsS3encryption)
if sse == "" {
return nil
}
return &sse
}

// Storage provides an interface to work with AWS S3 objects by s3 protocol.
type Storage struct {
session *session.Session
Expand Down Expand Up @@ -227,14 +242,14 @@ func (s *Storage) PutChart(ctx context.Context, uri string, r io.Reader, chartMe
if err != nil {
return "", err
}

result, err := s3manager.NewUploader(s.session).UploadWithContext(
ctx,
&s3manager.UploadInput{
Bucket: aws.String(bucket),
Key: aws.String(key),
ACL: aws.String(acl),
Body: r,
Bucket: aws.String(bucket),
Key: aws.String(key),
ACL: aws.String(acl),
ServerSideEncryption: getSSE(),
Body: r,
Metadata: map[string]*string{
metaChartMetadata: aws.String(chartMeta),
metaChartDigest: aws.String(chartDigest),
Expand All @@ -259,14 +274,14 @@ func (s *Storage) PutIndex(ctx context.Context, uri string, acl string, r io.Rea
if err != nil {
return err
}

_, err = s3manager.NewUploader(s.session).UploadWithContext(
ctx,
&s3manager.UploadInput{
Bucket: aws.String(bucket),
Key: aws.String(key),
ACL: aws.String(acl),
Body: r,
Bucket: aws.String(bucket),
Key: aws.String(key),
ACL: aws.String(acl),
ServerSideEncryption: getSSE(),
Body: r,
})
if err != nil {
return errors.Wrap(err, "upload index to S3 bucket")
Expand Down

0 comments on commit 96b3581

Please sign in to comment.