github.com/minio/mc@v0.0.0-20240503112107-b471de8d1882/cmd/encrypt-set.go (about) 1 // Copyright (c) 2015-2022 MinIO, Inc. 2 // 3 // This file is part of MinIO Object Storage stack 4 // 5 // This program is free software: you can redistribute it and/or modify 6 // it under the terms of the GNU Affero General Public License as published by 7 // the Free Software Foundation, either version 3 of the License, or 8 // (at your option) any later version. 9 // 10 // This program is distributed in the hope that it will be useful 11 // but WITHOUT ANY WARRANTY; without even the implied warranty of 12 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 // GNU Affero General Public License for more details. 14 // 15 // You should have received a copy of the GNU Affero General Public License 16 // along with this program. If not, see <http://www.gnu.org/licenses/>. 17 18 package cmd 19 20 import ( 21 "context" 22 "fmt" 23 "strings" 24 25 "github.com/fatih/color" 26 "github.com/minio/cli" 27 json "github.com/minio/colorjson" 28 "github.com/minio/mc/pkg/probe" 29 "github.com/minio/pkg/v2/console" 30 ) 31 32 var encryptSetCmd = cli.Command{ 33 Name: "set", 34 Usage: "set encryption config", 35 Action: mainEncryptSet, 36 OnUsageError: onUsageError, 37 Before: setGlobalsFromContext, 38 Flags: globalFlags, 39 CustomHelpTemplate: `NAME: 40 {{.HelpName}} - {{.Usage}} 41 42 USAGE: 43 {{.HelpName}} <sse-type> [<key-id>] TARGET 44 45 FLAGS: 46 {{range .VisibleFlags}}{{.}} 47 {{end}} 48 EXAMPLES: 49 1. Enable SSE-KMS auto encryption with KMS key on bucket "mybucket" for alias "myminio". 50 {{.Prompt}} {{.HelpName}} sse-kms my-minio-key myminio/mybucket 51 52 2. Enable SSE-KMS auto encryption with KMS key on bucket "mybucket" for alias "s3". 53 {{.Prompt}} {{.HelpName}} sse-kms arn:aws:kms:us-east-1:xxx:key/xxx s3/mybucket 54 `, 55 } 56 57 // checkEncryptSetSyntax - validate all the passed arguments 58 func checkEncryptSetSyntax(ctx *cli.Context) { 59 if len(ctx.Args()) < 2 || len(ctx.Args()) > 3 { 60 showCommandHelpAndExit(ctx, 1) // last argument is exit code 61 } 62 } 63 64 type encryptSetMessage struct { 65 Op string `json:"op"` 66 Status string `json:"status"` 67 URL string `json:"url"` 68 Encryption struct { 69 Algorithm string `json:"algorithm,omitempty"` 70 KeyID string `json:"keyId,omitempty"` 71 } `json:"encryption,omitempty"` 72 } 73 74 func (v encryptSetMessage) JSON() string { 75 v.Status = "success" 76 jsonMessageBytes, e := json.MarshalIndent(v, "", " ") 77 fatalIf(probe.NewError(e), "Unable to marshal into JSON.") 78 return string(jsonMessageBytes) 79 } 80 81 func (v encryptSetMessage) String() string { 82 return console.Colorize("encryptSetMessage", fmt.Sprintf("Auto encryption configuration has been set successfully for %s", v.URL)) 83 } 84 85 func mainEncryptSet(cliCtx *cli.Context) error { 86 ctx, cancelencryptSet := context.WithCancel(globalContext) 87 defer cancelencryptSet() 88 89 console.SetColor("encryptSetMessage", color.New(color.FgGreen)) 90 91 checkEncryptSetSyntax(cliCtx) 92 93 // Get the alias parameter from cli 94 args := cliCtx.Args() 95 aliasedURL := args.Get(len(args) - 1) 96 // Create a new Client 97 client, err := newClient(aliasedURL) 98 fatalIf(err, "Unable to initialize connection.") 99 var algorithm, keyID string 100 switch len(args) { 101 case 3: 102 algorithm = strings.ToLower(args[0]) 103 keyID = args[1] 104 case 2: 105 algorithm = strings.ToLower(args[0]) 106 } 107 if algorithm != "sse-s3" && algorithm != "sse-kms" { 108 fatalIf(probe.NewError(fmt.Errorf("Unknown argument `%s` passed", algorithm)), "Invalid encryption algorithm") 109 } 110 fatalIf(client.SetEncryption(ctx, algorithm, keyID), "Unable to enable auto encryption") 111 msg := encryptSetMessage{ 112 Op: cliCtx.Command.Name, 113 Status: "success", 114 URL: aliasedURL, 115 } 116 msg.Encryption.Algorithm = algorithm 117 printMsg(msg) 118 return nil 119 }