libopenstorage · talakad · Jul 27, 2023 · Jul 17, 2023 · Jul 26, 2023
diff --git a/SDK_CHANGELOG.md b/SDK_CHANGELOG.md
@@ -2,6 +2,10 @@
 
 ## Releases
 
+### v0.164.0 - (07/17/2023)
+
+* Add serverSideEncryption field to aws credentials
+
 ### v0.163.0 - (07/13/2023)
 
 * Add mode field to SdkStorageRebalanceRequest

diff --git a/api/api.go b/api/api.go
@@ -157,6 +157,8 @@ const (
  OptCredSecretKey = "CredSecretKey"
  // OptCredBucket is the optional bucket name
  OptCredBucket = "CredBucket"
+ // OptCredSSE for s3 sse flag
+ OptCredSSE = "CredSSE"
  // OptCredGoogleProjectID projectID for google cloud
  OptCredGoogleProjectID = "CredProjectID"
  // OptCredGoogleJsonKey for google cloud

diff --git a/api/api.pb.go b/api/api.pb.go
diff --git a/api/api.proto b/api/api.proto
@@ -3299,6 +3299,8 @@ message SdkAwsCredentialRequest {
  bool disable_ssl = 5;
  // (optional) Disable path-style access
  bool disable_path_style = 6;
+ // (optional) server side encryption
+ string server_side_encryption = 7;
 }
 
 // Defines credentials for Azure
@@ -3343,6 +3345,8 @@ message SdkAwsCredentialResponse {
  bool disable_path_style = 6;
  // (optional) Storage class for s3 puts
  string s3_storage_class = 7;
+ // (optional) server side encryption
+ string server_side_encryption = 8;
 }
 
 // Defines the response for Azure credentials
@@ -5435,7 +5439,7 @@ message SdkVersion {
  // SDK version major value of this specification
  Major = 0;
  // SDK version minor value of this specification
- Minor = 163;
+ Minor = 164;
  // SDK version patch value of this specification
  Patch = 0;
  }

diff --git a/api/server/sdk/api/api.swagger.json b/api/server/sdk/api/api.swagger.json
diff --git a/api/server/sdk/credentials.go b/api/server/sdk/credentials.go
@@ -95,6 +95,7 @@ func (s *CredentialServer) awsCreate(
  params[api.OptCredEndpoint] = aws.GetEndpoint()
  params[api.OptCredAccessKey] = aws.GetAccessKey()
  params[api.OptCredSecretKey] = aws.GetSecretKey()
+ params[api.OptCredSSE] = fmt.Sprintf("%v", aws.GetServerSideEncryption())
  params[api.OptCredDisableSSL] = fmt.Sprintf("%v", aws.GetDisableSsl())
  params[api.OptCredDisablePathStyle] = fmt.Sprintf("%v", aws.GetDisablePathStyle())
  params[api.OptCredProxy] = fmt.Sprintf("%v", req.GetUseProxy())
@@ -500,12 +501,13 @@ func (s *CredentialServer) Inspect(
  }
  resp.CredentialType = &api.SdkCredentialInspectResponse_AwsCredential{
  AwsCredential: &api.SdkAwsCredentialResponse{
- AccessKey: accessKey,
- Endpoint: endpoint,
- Region: region,
- DisableSsl: disableSsl == "true",
- DisablePathStyle: disablePathStyle == "true",
- S3StorageClass: storageClass,
+ AccessKey: accessKey,
+ Endpoint: endpoint,
+ Region: region,
+ DisableSsl: disableSsl == "true",
+ DisablePathStyle: disablePathStyle == "true",
+ S3StorageClass: storageClass,
+ ServerSideEncryption: info[api.OptCredSSE].(string),
  },
  }
  case "azure":
@@ -712,7 +714,7 @@ func (s *CredentialServer) awsUpdate(
  }
  // Users have to provide correct values, whether they want to change it or not
  params[api.OptCredDisableSSL] = fmt.Sprintf("%v", aws.GetDisableSsl())
-
+ params[api.OptCredSSE] = fmt.Sprintf("%v", aws.GetServerSideEncryption())
  params[api.OptCredDisablePathStyle] = fmt.Sprintf("%v", aws.GetDisablePathStyle())
  params[api.OptCredProxy] = fmt.Sprintf("%v", req.GetUseProxy())
  params[api.OptCredIAMPolicy] = fmt.Sprintf("%v", req.GetIamPolicy())

diff --git a/api/server/sdk/credentials_test.go b/api/server/sdk/credentials_test.go
@@ -22,6 +22,7 @@ import (
  "strconv"
  "testing"
 
+ "github.com/aws/aws-sdk-go/service/s3"
  "github.com/golang/mock/gomock"
  "github.com/golang/protobuf/jsonpb"
  "github.com/kubernetes-csi/csi-test/utils"
@@ -50,12 +51,13 @@ func TestSdkAWSCredentialCreateSuccess(t *testing.T) {
  IamPolicy: false,
  CredentialType: &api.SdkCredentialCreateRequest_AwsCredential{
  AwsCredential: &api.SdkAwsCredentialRequest{
- AccessKey: "dummy-access",
- SecretKey: "dummy-secret",
- Endpoint: "dummy-endpoint",
- Region: "dummy-region",
- DisableSsl: true,
- DisablePathStyle: false,
+ AccessKey: "dummy-access",
+ SecretKey: "dummy-secret",
+ Endpoint: "dummy-endpoint",
+ Region: "dummy-region",
+ DisableSsl: true,
+ DisablePathStyle: false,
+ ServerSideEncryption: s3.ServerSideEncryptionAes256,
  },
  },
  }
@@ -70,6 +72,7 @@ func TestSdkAWSCredentialCreateSuccess(t *testing.T) {
  params[api.OptCredEndpoint] = req.GetAwsCredential().GetEndpoint()
  params[api.OptCredAccessKey] = req.GetAwsCredential().GetAccessKey()
  params[api.OptCredSecretKey] = req.GetAwsCredential().GetSecretKey()
+ params[api.OptCredSSE] = s3.ServerSideEncryptionAes256
  params[api.OptCredDisableSSL] = "true"
  params[api.OptCredDisablePathStyle] = "false"
  params[api.OptCredProxy] = "true"
@@ -107,10 +110,11 @@ func TestSdkAWSCredentialCreateFailed(t *testing.T) {
  IamPolicy: false,
  CredentialType: &api.SdkCredentialCreateRequest_AwsCredential{
  AwsCredential: &api.SdkAwsCredentialRequest{
- AccessKey: "dummy-access",
- SecretKey: "dummy-secret",
- Endpoint: "dummy-endpoint",
- Region: "dummy-region",
+ AccessKey: "dummy-access",
+ SecretKey: "dummy-secret",
+ Endpoint: "dummy-endpoint",
+ Region: "dummy-region",
+ ServerSideEncryption: s3.ServerSideEncryptionAes256,
  },
  },
  }
@@ -130,6 +134,7 @@ func TestSdkAWSCredentialCreateFailed(t *testing.T) {
  params[api.OptCredProxy] = "false"
  params[api.OptCredIAMPolicy] = "false"
  params[api.OptCredStorageClass] = ""
+ params[api.OptCredSSE] = s3.ServerSideEncryptionAes256
 
  uuid := "bad-uuid"
  s.MockDriver().
@@ -742,6 +747,7 @@ func TestSdkAWSInspect(t *testing.T) {
  api.OptCredProxy: "false",
  api.OptCredIAMPolicy: "false",
  api.OptCredStorageClass: "",
+ api.OptCredSSE: s3.ServerSideEncryptionAes256,
  }
  enumerateData := map[string]interface{}{
  uuid: enumAws,
@@ -767,6 +773,7 @@ func TestSdkAWSInspect(t *testing.T) {
  assert.Equal(t, enumAws[api.OptCredAccessKey], resp.GetAwsCredential().GetAccessKey())
  assert.Equal(t, enumAws[api.OptCredDisableSSL] == "true", resp.GetAwsCredential().GetDisableSsl())
  assert.Equal(t, enumAws[api.OptCredDisablePathStyle] == "true", resp.GetAwsCredential().GetDisablePathStyle())
+ assert.Equal(t, enumAws[api.OptCredSSE], resp.GetAwsCredential().GetServerSideEncryption())
 }
 
 func TestSdkCredentialAzureInspect(t *testing.T) {
@@ -966,6 +973,7 @@ func TestSdkCredentialOwnership(t *testing.T) {
  params[api.OptCredProxy] = "false"
  params[api.OptCredIAMPolicy] = "false"
  params[api.OptCredStorageClass] = ""
+ params[api.OptCredSSE] = ""
 
  // Create a marshalled ownership for the expect params
  ownership := &api.Ownership{
@@ -1212,6 +1220,7 @@ func TestSdkAWSCredentialUpdateSuccess(t *testing.T) {
  params[api.OptCredEndpoint] = req.GetAwsCredential().GetEndpoint()
  params[api.OptCredAccessKey] = req.GetAwsCredential().GetAccessKey()
  params[api.OptCredSecretKey] = req.GetAwsCredential().GetSecretKey()
+ params[api.OptCredSSE] = ""
  params[api.OptCredDisableSSL] = "true"
  params[api.OptCredDisablePathStyle] = "false"
  params[api.OptCredProxy] = "true"
@@ -1232,6 +1241,7 @@ func TestSdkAWSCredentialUpdateSuccess(t *testing.T) {
  api.OptCredDisablePathStyle: "false",
  api.OptCredProxy: "false",
  api.OptCredIAMPolicy: "false",
+ api.OptCredSSE: "",
  }
  enumerateData := map[string]interface{}{
  uuid: enumAws,
@@ -1307,6 +1317,7 @@ func TestSdkAWSCredentialUpdateFailed(t *testing.T) {
  params[api.OptCredEndpoint] = req.GetAwsCredential().GetEndpoint()
  params[api.OptCredAccessKey] = req.GetAwsCredential().GetAccessKey()
  params[api.OptCredSecretKey] = req.GetAwsCredential().GetSecretKey()
+ params[api.OptCredSSE] = ""
  params[api.OptCredDisableSSL] = "true"
  params[api.OptCredDisablePathStyle] = "false"
  params[api.OptCredProxy] = "true"