diff options
Diffstat (limited to 'weed/s3api/auth_credentials.go')
| -rw-r--r-- | weed/s3api/auth_credentials.go | 80 |
1 files changed, 80 insertions, 0 deletions
diff --git a/weed/s3api/auth_credentials.go b/weed/s3api/auth_credentials.go index 266a6144a..a4bee0f02 100644 --- a/weed/s3api/auth_credentials.go +++ b/weed/s3api/auth_credentials.go @@ -2,6 +2,7 @@ package s3api import ( "context" + "encoding/json" "fmt" "net/http" "os" @@ -12,10 +13,13 @@ import ( "github.com/seaweedfs/seaweedfs/weed/credential" "github.com/seaweedfs/seaweedfs/weed/filer" "github.com/seaweedfs/seaweedfs/weed/glog" + "github.com/seaweedfs/seaweedfs/weed/kms" + "github.com/seaweedfs/seaweedfs/weed/kms/local" "github.com/seaweedfs/seaweedfs/weed/pb/filer_pb" "github.com/seaweedfs/seaweedfs/weed/pb/iam_pb" "github.com/seaweedfs/seaweedfs/weed/s3api/s3_constants" "github.com/seaweedfs/seaweedfs/weed/s3api/s3err" + "github.com/seaweedfs/seaweedfs/weed/util" "google.golang.org/grpc" ) @@ -210,6 +214,12 @@ func (iam *IdentityAccessManagement) loadS3ApiConfigurationFromFile(fileName str glog.Warningf("fail to read %s : %v", fileName, readErr) return fmt.Errorf("fail to read %s : %v", fileName, readErr) } + + // Initialize KMS if configuration contains KMS settings + if err := iam.initializeKMSFromConfig(content); err != nil { + glog.Warningf("KMS initialization failed: %v", err) + } + return iam.LoadS3ApiConfigurationFromBytes(content) } @@ -535,3 +545,73 @@ func (iam *IdentityAccessManagement) LoadS3ApiConfigurationFromCredentialManager return iam.loadS3ApiConfiguration(s3ApiConfiguration) } + +// initializeKMSFromConfig parses JSON configuration and initializes KMS provider if present +func (iam *IdentityAccessManagement) initializeKMSFromConfig(configContent []byte) error { + // Parse JSON to extract KMS configuration + var config map[string]interface{} + if err := json.Unmarshal(configContent, &config); err != nil { + return fmt.Errorf("failed to parse config JSON: %v", err) + } + + // Check if KMS configuration exists + kmsConfig, exists := config["kms"] + if !exists { + glog.V(2).Infof("No KMS configuration found in S3 config - SSE-KMS will not be available") + return nil + } + + kmsConfigMap, ok := kmsConfig.(map[string]interface{}) + if !ok { + return fmt.Errorf("invalid KMS configuration format") + } + + // Extract KMS type (default to "local" for testing) + kmsType, ok := kmsConfigMap["type"].(string) + if !ok || kmsType == "" { + kmsType = "local" + } + + glog.V(1).Infof("Initializing KMS provider: type=%s", kmsType) + + // Initialize KMS provider based on type + switch kmsType { + case "local": + return iam.initializeLocalKMS(kmsConfigMap) + default: + return fmt.Errorf("unsupported KMS provider type: %s", kmsType) + } +} + +// initializeLocalKMS initializes the local KMS provider for development/testing +func (iam *IdentityAccessManagement) initializeLocalKMS(kmsConfig map[string]interface{}) error { + // Register local KMS provider factory if not already registered + kms.RegisterProvider("local", func(config util.Configuration) (kms.KMSProvider, error) { + // Create local KMS provider + provider, err := local.NewLocalKMSProvider(config) + if err != nil { + return nil, fmt.Errorf("failed to create local KMS provider: %v", err) + } + + // Create the test keys that our tests expect with specific keyIDs + // Note: Local KMS provider now creates keys on-demand + // No need to pre-create test keys in production code + + glog.V(1).Infof("Local KMS provider created successfully") + return provider, nil + }) + + // Create KMS configuration + kmsConfigObj := &kms.KMSConfig{ + Provider: "local", + Config: nil, // Local provider uses defaults + } + + // Initialize global KMS + if err := kms.InitializeGlobalKMS(kmsConfigObj); err != nil { + return fmt.Errorf("failed to initialize global KMS: %v", err) + } + + glog.V(0).Infof("✅ KMS provider initialized successfully - SSE-KMS is now available") + return nil +} |