-
Notifications
You must be signed in to change notification settings - Fork 99
/
bucket_encryption.go
218 lines (175 loc) · 7.21 KB
/
bucket_encryption.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
package lib
import (
"fmt"
"strings"
"github.com/aliyun/aliyun-oss-go-sdk/oss"
)
var specChineseBucketEncryption = SpecText{
synopsisText: "设置、查询或者删除bucket的encryption配置",
paramText: "bucket_url [options]",
syntaxText: `
ossutil bucket-encryption --method put oss://bucket --sse-algorithm algorithmName [--kms-masterkey-id keyid]
ossutil bucket-encryption --method get oss://bucket
ossuitl bucket-encryption --method delete oss://bucket
`,
detailHelpText: `
bucket-encryption命令通过设置method选项值为put、get、delete,可以设置、查询或者删除bucket的encryption配置
选项--sse-algorithm值只能是KMS、AES256
当--sse-algorithm选项值为AES256时,不能输入选项--kms-masterkey-id
用法:
该命令有三种用法:
1) ossutil bucket-encryption --method put oss://bucket --sse-algorithm algorithmName --kms-masterkey-id keyid
这个命令设置bucket的encryption配置,算法名为algorithmName,KMSMasterKeyID为keyid
2) ossutil bucket-encryption --method get oss://bucket
这个命令查询bucket的encryption配置
3) ossutil bucket-encryption --method delete oss://bucket
这个命令删除bucket的encryption配置
`,
sampleText: `
1) 设置bucket的encryption配置,算法名为AES256
ossutil bucket-encryption --method put oss://bucket --sse-algorithm AES256
2) 设置bucket的encryption配置,算法名为KMS,KMSMasterKeyID为123
ossutil bucket-encryption --method put oss://bucket --sse-algorithm KMS --kms-masterkey-id 123
3) 查询bucket的encryption配置
ossutil bucket-encryption --method get oss://bucket
4) 删除bucket的encryption配置
ossutil bucket-encryption --method delete oss://bucket
`,
}
var specEnglishBucketEncryption = SpecText{
synopsisText: "Set, get or delete bucket encryption configuration",
paramText: "bucket_url [options]",
syntaxText: `
ossutil bucket-encryption --method put oss://bucket --sse-algorithm algorithmName [--kms-masterkey-id keyid]
ossutil bucket-encryption --method get oss://bucket
ossuitl bucket-encryption --method delete oss://bucket
`,
detailHelpText: `
bucket-encryption command can set, get and delete the encryption configuration of the oss bucket by set method option value to put, get, delete
The option --sse-algorithm value can only be KMS, AES256.
If the --sse-algorithm option value is AES256, you cannot input the option --kms-masterkey-id
Usage:
There are three usages for this command:
1) ossutil bucket-encryption --method put oss://bucket --sse-algorithm algorithmName --kms-masterkey-id keyid
The command sets the encryption configuration of the bucket, the algorithm name is algorithmName and KMSMasterKeyID is keyid.
2) ossutil bucket-encryption --method get oss://bucket
The command gets the encryption configuration of bucket
3) ossutil bucket-encryption --method delete oss://bucket
The command deletes the encryption configuration of bucket
`,
sampleText: `
1) set the encryption configuration of the bucket. The algorithm name is AES256.
ossutil bucket-encryption --method put oss://bucket --sse-algorithm AES256
2) set the encryption configuration of the bucket. The algorithm name is KMS and the KMSMasterKeyID is 123.
ossutil bucket-encryption --method put oss://bucket --sse-algorithm KMS --kms-masterkey-id 123
3) get bucket encryption configuration
ossutil bucket-encryption --method get oss://bucket
4) delete bucket encryption configuration
ossutil bucket-encryption --method delete oss://bucket
`,
}
type BucketEncryptionCommand struct {
command Command
bucketName string
encryptionResult oss.GetBucketEncryptionResult
}
var bucketEncryptionCommand = BucketEncryptionCommand{
command: Command{
name: "bucket-encryption",
nameAlias: []string{"bucket-encryption"},
minArgc: 1,
maxArgc: 1,
specChinese: specChineseBucketEncryption,
specEnglish: specEnglishBucketEncryption,
group: GroupTypeNormalCommand,
validOptionNames: []string{
OptionConfigFile,
OptionEndpoint,
OptionAccessKeyID,
OptionAccessKeySecret,
OptionSTSToken,
OptionMethod,
OptionLogLevel,
OptionSSEAlgorithm,
OptionKMSMasterKeyID,
},
},
}
// function for FormatHelper interface
func (bec *BucketEncryptionCommand) formatHelpForWhole() string {
return bec.command.formatHelpForWhole()
}
func (bec *BucketEncryptionCommand) formatIndependHelp() string {
return bec.command.formatIndependHelp()
}
// Init simulate inheritance, and polymorphism
func (bec *BucketEncryptionCommand) Init(args []string, options OptionMapType) error {
return bec.command.Init(args, options, bec)
}
// RunCommand simulate inheritance, and polymorphism
func (bec *BucketEncryptionCommand) RunCommand() error {
strMethod, _ := GetString(OptionMethod, bec.command.options)
if strMethod == "" {
return fmt.Errorf("--method value is empty")
}
strMethod = strings.ToLower(strMethod)
if strMethod != "put" && strMethod != "get" && strMethod != "delete" {
return fmt.Errorf("--method value is not in the optional value:put|get|delete")
}
srcBucketUrL, err := GetCloudUrl(bec.command.args[0], "")
if err != nil {
return err
}
bec.bucketName = srcBucketUrL.bucket
if strMethod == "put" {
err = bec.PutBucketEncryption()
} else if strMethod == "get" {
err = bec.GetBucketEncryption()
} else if strMethod == "delete" {
err = bec.DeleteBucketEncryption()
}
return err
}
func (bec *BucketEncryptionCommand) PutBucketEncryption() error {
strAlgorithm, _ := GetString(OptionSSEAlgorithm, bec.command.options)
strKeyId, _ := GetString(OptionKMSMasterKeyID, bec.command.options)
if strAlgorithm != string(oss.KMSAlgorithm) && strAlgorithm != string(oss.AESAlgorithm) {
return fmt.Errorf("value of option --sse-algorithm must be KMS or AES256")
}
if strAlgorithm == string(oss.AESAlgorithm) && len(strKeyId) > 0 {
return fmt.Errorf("value of option --kms-masterkey-id must be empty if value of option --sse-algorithm is AES256")
}
var encryptionRule oss.ServerEncryptionRule
encryptionRule.SSEDefault.SSEAlgorithm = strAlgorithm
encryptionRule.SSEDefault.KMSMasterKeyID = strKeyId
// put bucket encryption
client, err := bec.command.ossClient(bec.bucketName)
if err != nil {
return err
}
return client.SetBucketEncryption(bec.bucketName, encryptionRule)
}
func (bec *BucketEncryptionCommand) GetBucketEncryption() error {
client, err := bec.command.ossClient(bec.bucketName)
if err != nil {
return err
}
bec.encryptionResult, err = client.GetBucketEncryption(bec.bucketName)
if err != nil {
fmt.Printf("GetBucketEncryption error,info:%s\n", err.Error())
return err
}
fmt.Printf("SSEAlgorithm:%s\n", bec.encryptionResult.SSEDefault.SSEAlgorithm)
if bec.encryptionResult.SSEDefault.SSEAlgorithm == string(oss.KMSAlgorithm) {
fmt.Printf("KMSMasterKeyID:%s\n", bec.encryptionResult.SSEDefault.KMSMasterKeyID)
}
fmt.Printf("\n\n")
return nil
}
func (bec *BucketEncryptionCommand) DeleteBucketEncryption() error {
client, err := bec.command.ossClient(bec.bucketName)
if err != nil {
return err
}
return client.DeleteBucketEncryption(bec.bucketName)
}