1# frozen_string_literal: true 2 3module ObjectStorage 4 class Config 5 AWS_PROVIDER = 'AWS' 6 AZURE_PROVIDER = 'AzureRM' 7 GOOGLE_PROVIDER = 'Google' 8 9 attr_reader :options 10 11 def initialize(options) 12 @options = options.to_hash.deep_symbolize_keys 13 end 14 15 def credentials 16 @credentials ||= options[:connection] || {} 17 end 18 19 def storage_options 20 @storage_options ||= options[:storage_options] || {} 21 end 22 23 def enabled? 24 options[:enabled] 25 end 26 27 def bucket 28 options[:remote_directory] 29 end 30 31 def consolidated_settings? 32 options.fetch(:consolidated_settings, false) 33 end 34 35 # AWS-specific options 36 def aws? 37 provider == AWS_PROVIDER 38 end 39 40 def use_iam_profile? 41 Gitlab::Utils.to_boolean(credentials[:use_iam_profile], default: false) 42 end 43 44 def use_path_style? 45 Gitlab::Utils.to_boolean(credentials[:path_style], default: false) 46 end 47 48 def server_side_encryption 49 storage_options[:server_side_encryption] 50 end 51 52 def server_side_encryption_kms_key_id 53 storage_options[:server_side_encryption_kms_key_id] 54 end 55 56 def provider 57 credentials[:provider].to_s 58 end 59 # End AWS-specific options 60 61 # Begin Azure-specific options 62 def azure_storage_domain 63 credentials[:azure_storage_domain] 64 end 65 # End Azure-specific options 66 67 def google? 68 provider == GOOGLE_PROVIDER 69 end 70 71 def azure? 72 provider == AZURE_PROVIDER 73 end 74 75 def fog_attributes 76 @fog_attributes ||= begin 77 return {} unless aws_server_side_encryption_enabled? 78 79 aws_server_side_encryption_headers.compact 80 end 81 end 82 83 def aws_server_side_encryption_enabled? 84 aws? && server_side_encryption.present? 85 end 86 87 private 88 89 # This returns a Hash of HTTP encryption headers to send along to S3. 90 # 91 # They can also be passed in as Fog::AWS::Storage::File attributes, since there 92 # are aliases defined for them: 93 # https://github.com/fog/fog-aws/blob/ab288f29a0974d64fd8290db41080e5578be9651/lib/fog/aws/models/storage/file.rb#L24-L25 94 def aws_server_side_encryption_headers 95 { 96 'x-amz-server-side-encryption' => server_side_encryption, 97 'x-amz-server-side-encryption-aws-kms-key-id' => server_side_encryption_kms_key_id 98 } 99 end 100 end 101end 102