Adds SetBucketEncryption and GetBucketEncryption apis

README.md

@@ -190,6 +190,10 @@ The full API Reference is available here.
 * [setbucketlifecycle.go](https://github.com/minio/minio-go/blob/master/examples/s3/setbucketlifecycle.go)
 * [getbucketlifecycle.go](https://github.com/minio/minio-go/blob/master/examples/s3/getbucketlifecycle.go)
 
+### Full Examples : Bucket encryption Operations
+* [setbucketencryption.go](https://github.com/minio/minio-go/blob/master/examples/s3/setbucketencryption.go)
+* [getbucketencryption.go](https://github.com/minio/minio-go/blob/master/examples/s3/getbucketencryption.go)
+
 ### Full Examples : Bucket notification Operations
 * [setbucketnotification.go](https://github.com/minio/minio-go/blob/master/examples/s3/setbucketnotification.go)
 * [getbucketnotification.go](https://github.com/minio/minio-go/blob/master/examples/s3/getbucketnotification.go)

api-get-bucket-encryption.go

@@ -0,0 +1,73 @@
+/*
+ * MinIO Go Library for Amazon S3 Compatible Cloud Storage
+ * Copyright 2020 MinIO, Inc *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package minio
+
+import (
+	"context"
+	"io/ioutil"
+	"net/http"
+	"net/url"
+
+	"github.com/minio/minio-go/v6/pkg/s3utils"
+)
+
+// GetBucketEncryption - get default encryption configuration for a bucket.
+func (c Client) GetBucketEncryption(bucketName string) (string, error) {
+	return c.GetBucketEncryptionWithContext(context.Background(), bucketName)
+}
+
+// GetBucketEncryptionWithContext gets the default encryption configuration on an existing bucket with a context to control cancellations and timeouts.
+func (c Client) GetBucketEncryptionWithContext(ctx context.Context, bucketName string) (string, error) {
+	// Input validation.
+	if err := s3utils.CheckValidBucketName(bucketName); err != nil {
+		return "", err
+	}
+	return c.getBucketEncryption(ctx, bucketName)
+}
+
+// Get the default encryption configuration for a bucket.
+func (c Client) getBucketEncryption(ctx context.Context, bucketName string) (string, error) {
+	// Get resources properly escaped and lined up before
+	// using them in http request.
+	urlValues := make(url.Values)
+	urlValues.Set("encryption", "")
+
+	// Execute GET on bucket to get the default encryption configuration.
+	resp, err := c.executeMethod(ctx, "GET", requestMetadata{
+		bucketName:  bucketName,
+		queryValues: urlValues,
+	})
+
+	defer closeResponse(resp)
+	if err != nil {
+		return "", err
+	}
+
+	if resp != nil {
+		if resp.StatusCode != http.StatusOK {
+			return "", httpRespToErrorResponse(resp, bucketName, "")
+		}
+	}
+
+	bucketEncryptionBuf, err := ioutil.ReadAll(resp.Body)
+	if err != nil {
+		return "", err
+	}
+
+	encryption := string(bucketEncryptionBuf)
+	return encryption, err
+}

api-put-bucket.go

@@ -313,6 +313,92 @@ func (c Client) removeBucketLifecycle(ctx context.Context, bucketName string) er
 	return nil
 }
 
+// SetBucketEncryption sets the default encryption configuration on an existing bucket.
+func (c Client) SetBucketEncryption(bucketName, configuration string) error {
+	return c.SetBucketEncryptionWithContext(context.Background(), bucketName, configuration)
+}
+
+// SetBucketEncryptionWithContext sets the default encryption configuration on an existing bucket with a context to control cancellations and timeouts.
+func (c Client) SetBucketEncryptionWithContext(ctx context.Context, bucketName, configuration string) error {
+	// Input validation.
+	if err := s3utils.CheckValidBucketName(bucketName); err != nil {
+		return err
+	}
+
+	// If encryption configuration is empty then delete it.
+	if configuration == "" {
+		return c.removeBucketEncryption(ctx, bucketName)
+	}
+
+	// Set the new default encryption configuration.
+	return c.putBucketEncryption(ctx, bucketName, configuration)
+}
+
+// Creates default encryption configuration on a bucket.
+func (c Client) putBucketEncryption(ctx context.Context, bucketName, configuration string) error {
+	// Input validation.
+	if err := s3utils.CheckValidBucketName(bucketName); err != nil {
+		return err
+	}
+
+	// Get resources properly escaped and lined up before
+	// using them in http request.
+	urlValues := make(url.Values)
+	urlValues.Set("encryption", "")
+
+	// Content-length is mandatory for put default encryption configuration request
+	encryptionConfigReader := strings.NewReader(configuration)
+	b, err := ioutil.ReadAll(encryptionConfigReader)
+	if err != nil {
+		return err
+	}
+
+	reqMetadata := requestMetadata{
+		bucketName:       bucketName,
+		queryValues:      urlValues,
+		contentBody:      encryptionConfigReader,
+		contentLength:    int64(len(b)),
+		contentMD5Base64: sumMD5Base64(b),
+	}
+
+	// Execute PUT to upload a new bucket default encryption configuration.
+	resp, err := c.executeMethod(ctx, "PUT", reqMetadata)
+	defer closeResponse(resp)
+	if err != nil {
+		return err
+	}
+	if resp != nil {
+		if resp.StatusCode != http.StatusOK {
+			return httpRespToErrorResponse(resp, bucketName, "")
+		}
+	}
+	return nil
+}
+
+// Remove default encryption configuration from a bucket.
+func (c Client) removeBucketEncryption(ctx context.Context, bucketName string) error {
+	// Input validation.
+	if err := s3utils.CheckValidBucketName(bucketName); err != nil {
+		return err
+	}
+	// Get resources properly escaped and lined up before
+	// using them in http request.
+	urlValues := make(url.Values)
+	urlValues.Set("encryption", "")
+
+	// DELETE default encryption configuration on a bucket.
+	resp, err := c.executeMethod(ctx, "DELETE", requestMetadata{
+		bucketName:       bucketName,
+		queryValues:      urlValues,
+		contentSHA256Hex: emptySHA256Hex,
+	})
+	defer closeResponse(resp)
+	if err != nil {
+		return err
+	}
+	return nil
+}
+
 // SetBucketNotification saves a new bucket notification.
 func (c Client) SetBucketNotification(bucketName string, bucketNotification BucketNotification) error {
 	return c.SetBucketNotificationWithContext(context.Background(), bucketName, bucketNotification)

docs/API.md

@@ -64,8 +64,8 @@ func main() {
 |                                                   | [`ComposeObject`](#ComposeObject)                   |    [`ComposeObject`](#ComposeObject)                                         |                                               | [`GetBucketObjectLockConfig`](#GetBucketObjectLockConfig)                   |                                                       |
 |                                                   | [`NewSourceInfo`](#NewSourceInfo)                   |    [`NewSourceInfo`](#NewSourceInfo)                                         |                                               | [`EnableVersioning`](#EnableVersioning)                                                              |                                                       |
 |                                                   | [`NewDestinationInfo`](#NewDestinationInfo)         |    [`NewDestinationInfo`](#NewDestinationInfo)                                         |                                               | [`DisableVersioning`](#DisableVersioning)                                                              |                                                       |
-|   | [`PutObjectWithContext`](#PutObjectWithContext)  | [`PutObjectWithContext`](#PutObjectWithContext) |   |   |
-|   | [`GetObjectWithContext`](#GetObjectWithContext)  | [`GetObjectWithContext`](#GetObjectWithContext) |   |   |
+|   | [`PutObjectWithContext`](#PutObjectWithContext)  | [`PutObjectWithContext`](#PutObjectWithContext) |   | [`SetBucketEncryption`](#SetBucketEncryption)  |
+|   | [`GetObjectWithContext`](#GetObjectWithContext)  | [`GetObjectWithContext`](#GetObjectWithContext) |   | [`GetBucketEncryption`](#GetBucketEncryption) |   |
 |   | [`FPutObjectWithContext`](#FPutObjectWithContext)  | [`FPutObjectWithContext`](#FPutObjectWithContext) |   |   |
 |   | [`FGetObjectWithContext`](#FGetObjectWithContext)  | [`FGetObjectWithContext`](#FGetObjectWithContext) |   |   |
 |   | [`RemoveObjectsWithContext`](#RemoveObjectsWithContext)  | |    |   |
@@ -1906,6 +1906,70 @@ if err != nil {
 }
 ```
 
+<a name="SetBucketEncryption"></a>
+### SetBucketEncryption(bucketname, configuration string) error
+Set default encryption configuration on a bucket.
+
+__Parameters__
+
+|Param   |Type   |Description   |
+|:---|:---| :---|
+|`bucketName` | _string_  |Name of the bucket|
+|`configuration` | _string_  |Default encryption configuration to be set |
+
+__Return Values__
+
+|Param   |Type   |Description   |
+|:---|:---| :---|
+|`err` | _error_  |Standard Error   |
+
+__Example__
+
+```go
+encryptionConfig := `<ServerSideEncryptionConfiguration
+    xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
+    <Rule>
+        <ApplyServerSideEncryptionByDefault>
+            <SSEAlgorithm>AES256</SSEAlgorithm>
+        </ApplyServerSideEncryptionByDefault>
+    </Rule>
+</ServerSideEncryptionConfiguration>`
+
+err = minioClient.SetBucketEncryption("my-bucketname", encryptionConfig)
+if err != nil {
+    fmt.Println(err)
+    return
+}
+```
+
+<a name="GetBucketEncryption"></a>
+### GetBucketEncryption(bucketName) (configuration string, error)
+Get default encryption configuration set on a bucket.
+
+__Parameters__
+
+
+|Param   |Type   |Description   |
+|:---|:---| :---|
+|`bucketName`  | _string_  |Name of the bucket   |
+
+__Return Values__
+
+
+|Param   |Type   |Description   |
+|:---|:---| :---|
+|`configuration`  | _string_ |Default encryption configuration returned from the server |
+|`err` | _error_  |Standard Error  |
+
+__Example__
+
+```go
+encryptionConfig, err := minioClient.GetBucketEncryption("my-bucketname")
+if err != nil {
+    log.Fatalln(err)
+}
+```
+
 <a name="SetBucketObjectLockConfig"></a>
 ### SetBucketObjectLockConfig(bucketname, mode *RetentionMode, validity *uint, unit *ValidityUnit) error
 Set object lock configuration in given bucket. mode, validity and unit are either all set or all nil.

examples/s3/getbucketencryption.go

@@ -0,0 +1,65 @@
+// +build ignore
+
+/*
+ * MinIO Go Library for Amazon S3 Compatible Cloud Storage
+ * Copyright 2020 MinIO, Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package main
+
+import (
+	"io"
+	"log"
+	"os"
+	"strings"
+
+	"github.com/minio/minio-go/v6"
+)
+
+func main() {
+	// Note: YOUR-ACCESSKEYID, YOUR-SECRETACCESSKEY and my-bucketname are
+	// dummy values, please replace them with original values.
+
+	// Requests are always secure (HTTPS) by default. Set secure=false to enable insecure (HTTP) access.
+	// This boolean value is the last argument for New().
+
+	// New returns an Amazon S3 compatible client object. API compatibility (v2 or v4) is automatically
+	// determined based on the Endpoint value.
+	s3Client, err := minio.New("s3.amazonaws.com", "YOUR-ACCESSKEYID", "YOUR-SECRETACCESSKEY", true)
+	if err != nil {
+		log.Fatalln(err)
+	}
+
+	// s3Client.TraceOn(os.Stderr)
+
+	// Get default encryption configuration set on a S3 bucket
+	encryptionConfig, err := s3Client.GetBucketEncryption("my-bucketname")
+	if err != nil {
+		log.Fatalln(err)
+	}
+
+	// Create default encryption configuration file
+	localEncryptionConfigFile, err := os.Create("encryptionConfig.json")
+	if err != nil {
+		log.Fatalln(err)
+	}
+	defer localEncryptionConfigFile.Close()
+
+	encryptionConfigReader := strings.NewReader(encryptionConfig)
+
+	if _, err := io.Copy(localEncryptionConfigFile, encryptionConfigReader); err != nil {
+		log.Fatalln(err)
+	}
+}

examples/s3/setbucketencryption.go

@@ -0,0 +1,50 @@
+// +build ignore
+
+/*
+ * MinIO Go Library for Amazon S3 Compatible Cloud Storage
+ * Copyright 2020 MinIO, Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package main
+
+import (
+	"log"
+
+	"github.com/minio/minio-go/v6"
+)
+
+func main() {
+	// Note: YOUR-ACCESSKEYID, YOUR-SECRETACCESSKEY and my-bucketname are
+	// dummy values, please replace them with original values.
+
+	// Requests are always secure (HTTPS) by default. Set secure=false to enable insecure (HTTP) access.
+	// This boolean value is the last argument for New().
+
+	// New returns an Amazon S3 compatible client object. API compatibility (v2 or v4) is automatically
+	// determined based on the Endpoint value.
+	s3Client, err := minio.New("s3.amazonaws.com", "YOUR-ACCESSKEYID", "YOUR-SECRETACCESSKEY", true)
+	if err != nil {
+		log.Fatalln(err)
+	}
+
+	// s3Client.TraceOn(os.Stderr)
+
+	// Set default encryption configuration on a bucket
+	encryptionConfig := `<?xml version="1.0" encoding="UTF-8"?><ServerSideEncryptionConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/"><Rule><ApplyServerSideEncryptionByDefault><SSEAlgorithm>AES256</SSEAlgorithm></ApplyServerSideEncryptionByDefault></Rule></ServerSideEncryptionConfiguration>`
+	err = s3Client.SetBucketEncryption("my-bucketname", encryptionConfig)
+	if err != nil {
+		log.Fatalln(err)
+	}
+}