Add support for SSE-S3 server side encryption with vault (#6192)

Add support for sse-s3 encryption with vault as KMS. Also refactoring code to make use of headers and functions defined in crypto package and clean up duplicated code.
2025-11-07 21:02:58 -05:00 · 2018-08-17 12:52:14 -07:00
parent 3d197c1449
commit e71ef905f9
236 changed files with 23463 additions and 608 deletions
--- a/cmd/config-migrate.go
+++ b/cmd/config-migrate.go
@@ -21,6 +21,7 @@ import (
 	"os"
 	"path/filepath"

+	"github.com/minio/minio/cmd/crypto"
 	"github.com/minio/minio/cmd/logger"
 	"github.com/minio/minio/pkg/auth"
 	"github.com/minio/minio/pkg/dns"
@@ -211,6 +212,11 @@ func migrateConfig() error {
 			return err
 		}
 		fallthrough
+	case "27":
+		if err = migrateV27ToV28(); err != nil {
+			return err
+		}
+		fallthrough
 	case serverConfigVersion:
 		// No migration needed. this always points to current version.
 		err = nil
@@ -2373,3 +2379,30 @@ func migrateV26ToV27() error {
 	logger.Info(configMigrateMSGTemplate, configFile, "26", "27")
 	return nil
 }
+
+func migrateV27ToV28() error {
+	configFile := getConfigFile()
+
+	// config V28 is backward compatible with V27, load the old
+	// config file in serverConfigV28 struct and initialize KMSConfig
+	srvConfig := &serverConfigV28{}
+	_, err := quick.LoadConfig(configFile, globalEtcdClient, srvConfig)
+	if os.IsNotExist(err) {
+		return nil
+	} else if err != nil {
+		return fmt.Errorf("Unable to load config file. %v", err)
+	}
+
+	if srvConfig.Version != "27" {
+		return nil
+	}
+
+	srvConfig.Version = "28"
+	srvConfig.KMS = crypto.KMSConfig{}
+	if err = quick.SaveConfig(srvConfig, configFile, globalEtcdClient); err != nil {
+		return fmt.Errorf("Failed to migrate config from ‘27’ to ‘28’. %v", err)
+	}
+
+	logger.Info(configMigrateMSGTemplate, configFile, "27", "28")
+	return nil
+}