github.com/yankunsam/loki/v2@v2.6.3-0.20220817130409-389df5235c27/pkg/storage/chunk/client/aws/sse_config.go (about) 1 package aws 2 3 import ( 4 "encoding/base64" 5 "encoding/json" 6 7 "github.com/pkg/errors" 8 9 bucket_s3 "github.com/grafana/loki/pkg/storage/bucket/s3" 10 ) 11 12 const ( 13 sseKMSType = "aws:kms" 14 sseS3Type = "AES256" 15 ) 16 17 // SSEParsedConfig configures server side encryption (SSE) 18 // struct used internally to configure AWS S3 19 type SSEParsedConfig struct { 20 ServerSideEncryption string 21 KMSKeyID *string 22 KMSEncryptionContext *string 23 } 24 25 // NewSSEParsedConfig creates a struct to configure server side encryption (SSE) 26 func NewSSEParsedConfig(cfg bucket_s3.SSEConfig) (*SSEParsedConfig, error) { 27 switch cfg.Type { 28 case bucket_s3.SSES3: 29 return &SSEParsedConfig{ 30 ServerSideEncryption: sseS3Type, 31 }, nil 32 case bucket_s3.SSEKMS: 33 if cfg.KMSKeyID == "" { 34 return nil, errors.New("KMS key id must be passed when SSE-KMS encryption is selected") 35 } 36 37 parsedKMSEncryptionContext, err := parseKMSEncryptionContext(cfg.KMSEncryptionContext) 38 if err != nil { 39 return nil, errors.Wrap(err, "failed to parse KMS encryption context") 40 } 41 42 return &SSEParsedConfig{ 43 ServerSideEncryption: sseKMSType, 44 KMSKeyID: &cfg.KMSKeyID, 45 KMSEncryptionContext: parsedKMSEncryptionContext, 46 }, nil 47 default: 48 return nil, errors.New("SSE type is empty or invalid") 49 } 50 } 51 52 func parseKMSEncryptionContext(kmsEncryptionContext string) (*string, error) { 53 if kmsEncryptionContext == "" { 54 return nil, nil 55 } 56 57 // validates if kmsEncryptionContext is a valid JSON 58 jsonKMSEncryptionContext, err := json.Marshal(json.RawMessage(kmsEncryptionContext)) 59 if err != nil { 60 return nil, errors.Wrap(err, "failed to marshal KMS encryption context") 61 } 62 63 parsedKMSEncryptionContext := base64.StdEncoding.EncodeToString(jsonKMSEncryptionContext) 64 65 return &parsedKMSEncryptionContext, nil 66 }