MyFavMirrors
/
minio
mirror of https://github.com/minio/minio.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

set kms keyid in replication opts (#20542)

This commit is contained in:
Poorna 2024-10-09 23:49:55 -07:00 committed by GitHub
parent 1bc6681176
commit e029f8a9d7
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 34 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
cmd/bucket-replication.go
View File

@ -889,6 +889,14 @@ func putReplicationOpts(ctx context.Context, sc string, objInfo ObjectInfo, part
if crypto.S3.IsEncrypted(objInfo.UserDefined) {
putOpts.ServerSideEncryption = encrypt.NewSSE()
}
if crypto.S3KMS.IsEncrypted(objInfo.UserDefined) {
sseEnc, err := encrypt.NewSSEKMS(objInfo.KMSKeyID(), nil)
if err != nil {
return putOpts, err
}
putOpts.ServerSideEncryption = sseEnc
}
return
}

28
docs/site-replication/run-sse-kms-object-replication.sh
View File

@ -8,7 +8,10 @@ exit_1() {
cat /tmp/minio1_1.log
echo "minio2 ============"
cat /tmp/minio2_1.log
echo "minio3 ============"
cat /tmp/minio3_1.log
echo "minio4 ============"
cat /tmp/minio4_1.log
exit 1
}
@ -17,7 +20,7 @@ cleanup() {
pkill -9 minio || sudo pkill -9 minio
pkill -9 kes || sudo pkill -9 kes
rm -rf ${PWD}/keys
rm -rf /tmp/minio{1,2}
rm -rf /tmp/minio{1,2,3,4}
echo "done"
}
@ -229,4 +232,25 @@ fi
./mc cat minio2/test-bucket/defpartsize --insecure >/dev/null || exit_1
./mc cat minio2/test-bucket/custpartsize --insecure >/dev/null || exit_1
echo -n "Starting MinIO instances with different kms key ..."
CI=on MINIO_KMS_SECRET_KEY=minio3-default-key:IyqsU3kMFloCNup4BsZtf/rmfHVcTgznO2F25CkEH1g= MINIO_ROOT_USER=minio MINIO_ROOT_PASSWORD=minio123 minio server --certs-dir /tmp/certs --address ":9003" --console-address ":10000" /tmp/minio3/disk{1...4} >/tmp/minio3_1.log 2>&1 &
CI=on MINIO_KMS_SECRET_KEY=minio4-default-key:IyqsU3kMFloCNup4BsZtf/rmfHVcTgznO2F25CkEH1g= MINIO_ROOT_USER=minio MINIO_ROOT_PASSWORD=minio123 minio server --certs-dir /tmp/certs --address ":9004" --console-address ":11000" /tmp/minio4/disk{1...4} >/tmp/minio4_1.log 2>&1 &
echo "done"
export MC_HOST_minio3=https://minio:minio123@localhost:9003
export MC_HOST_minio4=https://minio:minio123@localhost:9004
./mc ready minio3 --insecure
./mc ready minio4 --insecure
./mc admin replicate add minio3 minio4 --insecure
./mc mb minio3/bucket --insecure
./mc cp --insecure --enc-kms minio3/bucket=minio3-default-key /tmp/data/encrypted minio3/bucket/x
sleep 10
st=$(./mc stat --json --no-list --insecure minio3/bucket/x | jq -r .replicationStatus)
if [ "${st}" != "FAILED" ]; then
echo "BUG: Replication succeeded when kms key is different"
exit_1
fi
cleanup