mirror of
https://github.com/aptly-dev/aptly.git
synced 2026-05-06 22:18:28 +00:00
Support for custom storage class and encryption method. #105
This commit is contained in:
Andrey Smirnov
+1
-1
@@ -217,7 +217,7 @@ func (context *AptlyContext) GetPublishedStorage(name string) aptly.PublishedSto
|
|||||||
|
|
||||||
var err error
|
var err error
|
||||||
publishedStorage, err = s3.NewPublishedStorage(params.AccessKeyID, params.SecretAccessKey,
|
publishedStorage, err = s3.NewPublishedStorage(params.AccessKeyID, params.SecretAccessKey,
|
||||||
params.Region, params.Bucket, params.ACL, params.Prefix)
|
params.Region, params.Bucket, params.ACL, params.Prefix, params.StorageClass, params.EncryptionMethod)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
Fatal(err)
|
Fatal(err)
|
||||||
}
|
}
|
||||||
|
|||||||
+12
-2
@@ -1,7 +1,7 @@
|
|||||||
.\" generated with Ronn/v0.7.3
|
.\" generated with Ronn/v0.7.3
|
||||||
.\" http://github.com/rtomayko/ronn/tree/0.7.3
|
.\" http://github.com/rtomayko/ronn/tree/0.7.3
|
||||||
.
|
.
|
||||||
.TH "APTLY" "1" "September 2014" "" ""
|
.TH "APTLY" "1" "October 2014" "" ""
|
||||||
.
|
.
|
||||||
.SH "NAME"
|
.SH "NAME"
|
||||||
\fBaptly\fR \- Debian repository management tool
|
\fBaptly\fR \- Debian repository management tool
|
||||||
@@ -55,7 +55,9 @@ Configuration file is stored in JSON format (default values shown below):
|
|||||||
"awsAccessKeyID": ""
|
"awsAccessKeyID": ""
|
||||||
"awsSecretAccessKey": "",
|
"awsSecretAccessKey": "",
|
||||||
"prefix": "",
|
"prefix": "",
|
||||||
"acl": "public\-read"
|
"acl": "public\-read",
|
||||||
|
"storageClass": "",
|
||||||
|
"encryptionMethod": ""
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
.
|
.
|
||||||
@@ -141,6 +143,14 @@ bucket name
|
|||||||
\fBawsAccessKeyID\fR, \fBawsSecretAccessKey\fR
|
\fBawsAccessKeyID\fR, \fBawsSecretAccessKey\fR
|
||||||
(optional) Amazon credentials to access S3 bucket\. If not supplied, environment variables \fBAWS_ACCESS_KEY_ID\fR and \fBAWS_SECRET_ACCESS_KEY\fR are used\.
|
(optional) Amazon credentials to access S3 bucket\. If not supplied, environment variables \fBAWS_ACCESS_KEY_ID\fR and \fBAWS_SECRET_ACCESS_KEY\fR are used\.
|
||||||
.
|
.
|
||||||
|
.TP
|
||||||
|
\fBstorageClass\fR
|
||||||
|
(optional) Amazon S3 storage class, defaults to \fBSTANDARD\fR\. Other values available: \fBREDUCED_REDUNDANCY\fR (lower price, lower redundancy)
|
||||||
|
.
|
||||||
|
.TP
|
||||||
|
\fBencryptionMethod\fR
|
||||||
|
(optional) server\-side encryption method, defaults to none\. Currently the only available encryption method is \fBAES256\fR
|
||||||
|
.
|
||||||
.P
|
.P
|
||||||
In order to publish to S3, specify endpoint as \fBs3:endpoint\-name:\fR before publishing prefix on the command line, e\.g\.:
|
In order to publish to S3, specify endpoint as \fBs3:endpoint\-name:\fR before publishing prefix on the command line, e\.g\.:
|
||||||
.
|
.
|
||||||
|
|||||||
+10
-1
@@ -47,7 +47,9 @@ Configuration file is stored in JSON format (default values shown below):
|
|||||||
"awsAccessKeyID": ""
|
"awsAccessKeyID": ""
|
||||||
"awsSecretAccessKey": "",
|
"awsSecretAccessKey": "",
|
||||||
"prefix": "",
|
"prefix": "",
|
||||||
"acl": "public-read"
|
"acl": "public-read",
|
||||||
|
"storageClass": "",
|
||||||
|
"encryptionMethod": ""
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -121,6 +123,13 @@ and associated settings:
|
|||||||
(optional) Amazon credentials to access S3 bucket. If not supplied,
|
(optional) Amazon credentials to access S3 bucket. If not supplied,
|
||||||
environment variables `AWS_ACCESS_KEY_ID` and `AWS_SECRET_ACCESS_KEY`
|
environment variables `AWS_ACCESS_KEY_ID` and `AWS_SECRET_ACCESS_KEY`
|
||||||
are used.
|
are used.
|
||||||
|
* `storageClass`:
|
||||||
|
(optional) Amazon S3 storage class, defaults to `STANDARD`. Other values
|
||||||
|
available: `REDUCED_REDUNDANCY` (lower price, lower redundancy)
|
||||||
|
* `encryptionMethod`:
|
||||||
|
(optional) server-side encryption method, defaults to none. Currently
|
||||||
|
the only available encryption method is `AES256`
|
||||||
|
|
||||||
|
|
||||||
In order to publish to S3, specify endpoint as `s3:endpoint-name:` before
|
In order to publish to S3, specify endpoint as `s3:endpoint-name:` before
|
||||||
publishing prefix on the command line, e.g.:
|
publishing prefix on the command line, e.g.:
|
||||||
|
|||||||
+32
-9
@@ -13,10 +13,12 @@ import (
|
|||||||
|
|
||||||
// PublishedStorage abstract file system with published files (actually hosted on S3)
|
// PublishedStorage abstract file system with published files (actually hosted on S3)
|
||||||
type PublishedStorage struct {
|
type PublishedStorage struct {
|
||||||
s3 *s3.S3
|
s3 *s3.S3
|
||||||
bucket *s3.Bucket
|
bucket *s3.Bucket
|
||||||
acl s3.ACL
|
acl s3.ACL
|
||||||
prefix string
|
prefix string
|
||||||
|
storageClass string
|
||||||
|
encryptionMethod string
|
||||||
}
|
}
|
||||||
|
|
||||||
// Check interface
|
// Check interface
|
||||||
@@ -25,12 +27,22 @@ var (
|
|||||||
)
|
)
|
||||||
|
|
||||||
// NewPublishedStorageRaw creates published storage from raw aws credentials
|
// NewPublishedStorageRaw creates published storage from raw aws credentials
|
||||||
func NewPublishedStorageRaw(auth aws.Auth, region aws.Region, bucket, defaultACL, prefix string) (*PublishedStorage, error) {
|
func NewPublishedStorageRaw(auth aws.Auth, region aws.Region, bucket, defaultACL, prefix,
|
||||||
|
storageClass, encryptionMethod string) (*PublishedStorage, error) {
|
||||||
if defaultACL == "" {
|
if defaultACL == "" {
|
||||||
defaultACL = "private"
|
defaultACL = "private"
|
||||||
}
|
}
|
||||||
|
|
||||||
result := &PublishedStorage{s3: s3.New(auth, region), acl: s3.ACL(defaultACL), prefix: prefix}
|
if storageClass == "STANDARD" {
|
||||||
|
storageClass = ""
|
||||||
|
}
|
||||||
|
|
||||||
|
result := &PublishedStorage{
|
||||||
|
s3: s3.New(auth, region),
|
||||||
|
acl: s3.ACL(defaultACL),
|
||||||
|
prefix: prefix,
|
||||||
|
storageClass: storageClass,
|
||||||
|
encryptionMethod: encryptionMethod}
|
||||||
result.bucket = result.s3.Bucket(bucket)
|
result.bucket = result.s3.Bucket(bucket)
|
||||||
|
|
||||||
return result, nil
|
return result, nil
|
||||||
@@ -38,7 +50,8 @@ func NewPublishedStorageRaw(auth aws.Auth, region aws.Region, bucket, defaultACL
|
|||||||
|
|
||||||
// NewPublishedStorage creates new instance of PublishedStorage with specified S3 access
|
// NewPublishedStorage creates new instance of PublishedStorage with specified S3 access
|
||||||
// keys, region and bucket name
|
// keys, region and bucket name
|
||||||
func NewPublishedStorage(accessKey, secretKey, region, bucket, defaultACL, prefix string) (*PublishedStorage, error) {
|
func NewPublishedStorage(accessKey, secretKey, region, bucket, defaultACL, prefix,
|
||||||
|
storageClass, encryptionMethod string) (*PublishedStorage, error) {
|
||||||
auth, err := aws.GetAuth(accessKey, secretKey)
|
auth, err := aws.GetAuth(accessKey, secretKey)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
@@ -49,7 +62,7 @@ func NewPublishedStorage(accessKey, secretKey, region, bucket, defaultACL, prefi
|
|||||||
return nil, fmt.Errorf("unknown region: %#v", region)
|
return nil, fmt.Errorf("unknown region: %#v", region)
|
||||||
}
|
}
|
||||||
|
|
||||||
return NewPublishedStorageRaw(auth, awsRegion, bucket, defaultACL, prefix)
|
return NewPublishedStorageRaw(auth, awsRegion, bucket, defaultACL, prefix, storageClass, encryptionMethod)
|
||||||
}
|
}
|
||||||
|
|
||||||
// String
|
// String
|
||||||
@@ -81,7 +94,17 @@ func (storage *PublishedStorage) PutFile(path string, sourceFilename string) err
|
|||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
err = storage.bucket.PutReader(filepath.Join(storage.prefix, path), source, fi.Size(), "binary/octet-stream", storage.acl)
|
headers := map[string][]string{
|
||||||
|
"Content-Type": {"binary/octet-stream"},
|
||||||
|
}
|
||||||
|
if storage.storageClass != "" {
|
||||||
|
headers["x-amz-storage-class"] = []string{storage.storageClass}
|
||||||
|
}
|
||||||
|
if storage.encryptionMethod != "" {
|
||||||
|
headers["x-amz-server-side-encryption"] = []string{storage.encryptionMethod}
|
||||||
|
}
|
||||||
|
|
||||||
|
err = storage.bucket.PutReaderHeader(filepath.Join(storage.prefix, path), source, fi.Size(), headers, storage.acl)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return fmt.Errorf("error uploading %s to %s: %s", sourceFilename, storage, err)
|
return fmt.Errorf("error uploading %s to %s: %s", sourceFilename, storage, err)
|
||||||
}
|
}
|
||||||
|
|||||||
+3
-3
@@ -24,10 +24,10 @@ func (s *PublishedStorageSuite) SetUpTest(c *C) {
|
|||||||
c.Assert(s.srv, NotNil)
|
c.Assert(s.srv, NotNil)
|
||||||
|
|
||||||
auth, _ := aws.GetAuth("aa", "bb")
|
auth, _ := aws.GetAuth("aa", "bb")
|
||||||
s.storage, err = NewPublishedStorageRaw(auth, aws.Region{Name: "test-1", S3Endpoint: s.srv.URL(), S3LocationConstraint: true}, "test", "", "")
|
s.storage, err = NewPublishedStorageRaw(auth, aws.Region{Name: "test-1", S3Endpoint: s.srv.URL(), S3LocationConstraint: true}, "test", "", "", "", "")
|
||||||
c.Assert(err, IsNil)
|
c.Assert(err, IsNil)
|
||||||
|
|
||||||
s.prefixedStorage, err = NewPublishedStorageRaw(auth, aws.Region{Name: "test-1", S3Endpoint: s.srv.URL(), S3LocationConstraint: true}, "test", "", "lala")
|
s.prefixedStorage, err = NewPublishedStorageRaw(auth, aws.Region{Name: "test-1", S3Endpoint: s.srv.URL(), S3LocationConstraint: true}, "test", "", "lala", "", "")
|
||||||
c.Assert(err, IsNil)
|
c.Assert(err, IsNil)
|
||||||
|
|
||||||
err = s.storage.s3.Bucket("test").PutBucket("private")
|
err = s.storage.s3.Bucket("test").PutBucket("private")
|
||||||
@@ -39,7 +39,7 @@ func (s *PublishedStorageSuite) TearDownTest(c *C) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
func (s *PublishedStorageSuite) TestNewPublishedStorage(c *C) {
|
func (s *PublishedStorageSuite) TestNewPublishedStorage(c *C) {
|
||||||
stor, err := NewPublishedStorage("aa", "bbb", "", "", "", "")
|
stor, err := NewPublishedStorage("aa", "bbb", "", "", "", "", "", "")
|
||||||
c.Check(stor, IsNil)
|
c.Check(stor, IsNil)
|
||||||
c.Check(err, ErrorMatches, "unknown region: .*")
|
c.Check(err, ErrorMatches, "unknown region: .*")
|
||||||
}
|
}
|
||||||
|
|||||||
+8
-6
@@ -26,12 +26,14 @@ type ConfigStructure struct {
|
|||||||
|
|
||||||
// S3PublishRoot describes single S3 publishing entry point
|
// S3PublishRoot describes single S3 publishing entry point
|
||||||
type S3PublishRoot struct {
|
type S3PublishRoot struct {
|
||||||
Region string `json:"region"`
|
Region string `json:"region"`
|
||||||
Bucket string `json:"bucket"`
|
Bucket string `json:"bucket"`
|
||||||
AccessKeyID string `json:"awsAccessKeyID"`
|
AccessKeyID string `json:"awsAccessKeyID"`
|
||||||
SecretAccessKey string `json:"awsSecretAccessKey"`
|
SecretAccessKey string `json:"awsSecretAccessKey"`
|
||||||
Prefix string `json:"prefix"`
|
Prefix string `json:"prefix"`
|
||||||
ACL string `json:"acl"`
|
ACL string `json:"acl"`
|
||||||
|
StorageClass string `json:"storageClass"`
|
||||||
|
EncryptionMethod string `json:"encryptionMethod"`
|
||||||
}
|
}
|
||||||
|
|
||||||
// Config is configuration for aptly, shared by all modules
|
// Config is configuration for aptly, shared by all modules
|
||||||
|
|||||||
@@ -65,8 +65,9 @@ func (s *ConfigSuite) TestSaveConfig(c *C) {
|
|||||||
" \"awsAccessKeyID\": \"\",\n"+
|
" \"awsAccessKeyID\": \"\",\n"+
|
||||||
" \"awsSecretAccessKey\": \"\",\n"+
|
" \"awsSecretAccessKey\": \"\",\n"+
|
||||||
" \"prefix\": \"\",\n"+
|
" \"prefix\": \"\",\n"+
|
||||||
" \"acl\": \"\"\n"+
|
" \"acl\": \"\",\n"+
|
||||||
" }\n"+
|
" \"storageClass\": \"\",\n"+
|
||||||
|
" \"encryptionMethod\": \"\"\n"+" }\n"+
|
||||||
" }\n"+
|
" }\n"+
|
||||||
"}")
|
"}")
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user