Merge pull request #2903 from kjmkznr/remote-s3-sse-kms

state/remote/s3: Allows KMS Key Encryption setting when using S3 backend with encrypt
This commit is contained in:
Paul Hinze 2016-01-19 18:54:03 -06:00
commit ba21769083
1 changed files with 9 additions and 1 deletions

View File

@ -58,6 +58,7 @@ func s3Factory(conf map[string]string) (Client, error) {
if raw, ok := conf["acl"]; ok { if raw, ok := conf["acl"]; ok {
acl = raw acl = raw
} }
kmsKeyID := conf["kms_key_id"]
accessKeyId := conf["access_key"] accessKeyId := conf["access_key"]
secretAccessKey := conf["secret_key"] secretAccessKey := conf["secret_key"]
@ -95,6 +96,7 @@ func s3Factory(conf map[string]string) (Client, error) {
keyName: keyName, keyName: keyName,
serverSideEncryption: serverSideEncryption, serverSideEncryption: serverSideEncryption,
acl: acl, acl: acl,
kmsKeyID: kmsKeyID,
}, nil }, nil
} }
@ -104,6 +106,7 @@ type S3Client struct {
keyName string keyName string
serverSideEncryption bool serverSideEncryption bool
acl string acl string
kmsKeyID string
} }
func (c *S3Client) Get() (*Payload, error) { func (c *S3Client) Get() (*Payload, error) {
@ -156,7 +159,12 @@ func (c *S3Client) Put(data []byte) error {
} }
if c.serverSideEncryption { if c.serverSideEncryption {
i.ServerSideEncryption = aws.String("AES256") if c.kmsKeyID != "" {
i.SSEKMSKeyId = &c.kmsKeyID
i.ServerSideEncryption = aws.String("aws:kms")
} else {
i.ServerSideEncryption = aws.String("AES256")
}
} }
if c.acl != "" { if c.acl != "" {