storj.io/minio@v0.0.0-20230509071714-0cbc90f649b1/pkg/madmin/kms-commands.go

storj.io/minio@v0.0.0-20230509071714-0cbc90f649b1/pkg/madmin/kms-commands.go (about)

     1  /*
     2   * MinIO Cloud Storage, (C) 2019 MinIO, Inc.
     3   *
     4   * Licensed under the Apache License, Version 2.0 (the "License");
     5   * you may not use this file except in compliance with the License.
     6   * You may obtain a copy of the License at
     7   *
     8   *     http://www.apache.org/licenses/LICENSE-2.0
     9   *
    10   * Unless required by applicable law or agreed to in writing, software
    11   * distributed under the License is distributed on an "AS IS" BASIS,
    12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    13   * See the License for the specific language governing permissions and
    14   * limitations under the License.
    15   */
    16  
    17  package madmin
    18  
    19  import (
    20  	"context"
    21  	"encoding/json"
    22  	"net/http"
    23  	"net/url"
    24  )
    25  
    26  // CreateKey tries to create a new master key with the given keyID
    27  // at the KMS connected to a MinIO server.
    28  func (adm *AdminClient) CreateKey(ctx context.Context, keyID string) error {
    29  	// POST /minio/admin/v3/kms/key/create?key-id=<keyID>
    30  	qv := url.Values{}
    31  	qv.Set("key-id", keyID)
    32  	reqData := requestData{
    33  		relPath:     adminAPIPrefix + "/kms/key/create",
    34  		queryValues: qv,
    35  	}
    36  
    37  	resp, err := adm.executeMethod(ctx, http.MethodPost, reqData)
    38  	if err != nil {
    39  		return err
    40  	}
    41  	defer closeResponse(resp)
    42  	if resp.StatusCode != http.StatusOK {
    43  		return httpRespToErrorResponse(resp)
    44  	}
    45  	return nil
    46  }
    47  
    48  // GetKeyStatus requests status information about the key referenced by keyID
    49  // from the KMS connected to a MinIO by performing a Admin-API request.
    50  // It basically hits the `/minio/admin/v3/kms/key/status` API endpoint.
    51  func (adm *AdminClient) GetKeyStatus(ctx context.Context, keyID string) (*KMSKeyStatus, error) {
    52  	// GET /minio/admin/v3/kms/key/status?key-id=<keyID>
    53  	qv := url.Values{}
    54  	qv.Set("key-id", keyID)
    55  	reqData := requestData{
    56  		relPath:     adminAPIPrefix + "/kms/key/status",
    57  		queryValues: qv,
    58  	}
    59  
    60  	resp, err := adm.executeMethod(ctx, http.MethodGet, reqData)
    61  	if err != nil {
    62  		return nil, err
    63  	}
    64  	defer closeResponse(resp)
    65  	if resp.StatusCode != http.StatusOK {
    66  		return nil, httpRespToErrorResponse(resp)
    67  	}
    68  	var keyInfo KMSKeyStatus
    69  	if err = json.NewDecoder(resp.Body).Decode(&keyInfo); err != nil {
    70  		return nil, err
    71  	}
    72  	return &keyInfo, nil
    73  }
    74  
    75  // KMSKeyStatus contains some status information about a KMS master key.
    76  // The MinIO server tries to access the KMS and perform encryption and
    77  // decryption operations. If the MinIO server can access the KMS and
    78  // all master key operations succeed it returns a status containing only
    79  // the master key ID but no error.
    80  type KMSKeyStatus struct {
    81  	KeyID         string `json:"key-id"`
    82  	EncryptionErr string `json:"encryption-error,omitempty"` // An empty error == success
    83  	DecryptionErr string `json:"decryption-error,omitempty"` // An empty error == success
    84  }