storj.io/minio@v0.0.0-20230509071714-0cbc90f649b1/cmd/crypto/config.go

storj.io/minio@v0.0.0-20230509071714-0cbc90f649b1/cmd/crypto/config.go (about)

     1  // MinIO Cloud Storage, (C) 2017-2019 MinIO, Inc.
     2  //
     3  // Licensed under the Apache License, Version 2.0 (the "License");
     4  // you may not use this file except in compliance with the License.
     5  // You may obtain a copy of the License at
     6  //
     7  //    http://www.apache.org/licenses/LICENSE-2.0
     8  //
     9  // Unless required by applicable law or agreed to in writing, software
    10  // distributed under the License is distributed on an "AS IS" BASIS,
    11  // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    12  // See the License for the specific language governing permissions and
    13  // limitations under the License.
    14  
    15  package crypto
    16  
    17  import (
    18  	"math/rand"
    19  	"strings"
    20  
    21  	"storj.io/minio/cmd/config"
    22  	"storj.io/minio/pkg/ellipses"
    23  	"storj.io/minio/pkg/env"
    24  	xnet "storj.io/minio/pkg/net"
    25  )
    26  
    27  const (
    28  	// EnvKMSAutoEncryption is the environment variable used to en/disable
    29  	// SSE-S3 auto-encryption. SSE-S3 auto-encryption, if enabled,
    30  	// requires a valid KMS configuration and turns any non-SSE-C
    31  	// request into an SSE-S3 request.
    32  	// If present EnvAutoEncryption must be either "on" or "off".
    33  	EnvKMSAutoEncryption = "MINIO_KMS_AUTO_ENCRYPTION"
    34  )
    35  
    36  // ParseKESEndpoints parses the given endpoint string and
    37  // returns a list of valid endpoint URLs. The order of the
    38  // returned endpoints is randomized.
    39  func ParseKESEndpoints(endpointStr string) ([]string, error) {
    40  	var rawEndpoints []string
    41  	for _, endpoint := range strings.Split(endpointStr, ",") {
    42  		if strings.TrimSpace(endpoint) == "" {
    43  			continue
    44  		}
    45  		if !ellipses.HasEllipses(endpoint) {
    46  			rawEndpoints = append(rawEndpoints, endpoint)
    47  			continue
    48  		}
    49  		pattern, err := ellipses.FindEllipsesPatterns(endpoint)
    50  		if err != nil {
    51  			return nil, Errorf("Invalid KES endpoint %q: %v", endpointStr, err)
    52  		}
    53  		for _, p := range pattern {
    54  			rawEndpoints = append(rawEndpoints, p.Expand()...)
    55  		}
    56  	}
    57  	if len(rawEndpoints) == 0 {
    58  		return nil, Errorf("Invalid KES endpoint %q", endpointStr)
    59  	}
    60  
    61  	var (
    62  		randNum   = rand.Intn(len(rawEndpoints))
    63  		endpoints = make([]string, len(rawEndpoints))
    64  	)
    65  	for i, endpoint := range rawEndpoints {
    66  		endpoint, err := xnet.ParseHTTPURL(endpoint)
    67  		if err != nil {
    68  			return nil, Errorf("Invalid KES endpoint %q: %v", endpointStr, err)
    69  		}
    70  		endpoints[(randNum+i)%len(rawEndpoints)] = endpoint.String()
    71  	}
    72  	return endpoints, nil
    73  }
    74  
    75  // LookupAutoEncryption returns true if and only if
    76  // the MINIO_KMS_AUTO_ENCRYPTION env. variable is
    77  // set to "on".
    78  func LookupAutoEncryption() bool {
    79  	auto, _ := config.ParseBool(env.Get(EnvKMSAutoEncryption, config.EnableOff))
    80  	return auto
    81  }