1# frozen_string_literal: true
2
3module ObjectStorage
4  class Config
5    AWS_PROVIDER = 'AWS'
6    AZURE_PROVIDER = 'AzureRM'
7    GOOGLE_PROVIDER = 'Google'
8
9    attr_reader :options
10
11    def initialize(options)
12      @options = options.to_hash.deep_symbolize_keys
13    end
14
15    def credentials
16      @credentials ||= options[:connection] || {}
17    end
18
19    def storage_options
20      @storage_options ||= options[:storage_options] || {}
21    end
22
23    def enabled?
24      options[:enabled]
25    end
26
27    def bucket
28      options[:remote_directory]
29    end
30
31    def consolidated_settings?
32      options.fetch(:consolidated_settings, false)
33    end
34
35    # AWS-specific options
36    def aws?
37      provider == AWS_PROVIDER
38    end
39
40    def use_iam_profile?
41      Gitlab::Utils.to_boolean(credentials[:use_iam_profile], default: false)
42    end
43
44    def use_path_style?
45      Gitlab::Utils.to_boolean(credentials[:path_style], default: false)
46    end
47
48    def server_side_encryption
49      storage_options[:server_side_encryption]
50    end
51
52    def server_side_encryption_kms_key_id
53      storage_options[:server_side_encryption_kms_key_id]
54    end
55
56    def provider
57      credentials[:provider].to_s
58    end
59    # End AWS-specific options
60
61    # Begin Azure-specific options
62    def azure_storage_domain
63      credentials[:azure_storage_domain]
64    end
65    # End Azure-specific options
66
67    def google?
68      provider == GOOGLE_PROVIDER
69    end
70
71    def azure?
72      provider == AZURE_PROVIDER
73    end
74
75    def fog_attributes
76      @fog_attributes ||= begin
77        return {} unless aws_server_side_encryption_enabled?
78
79        aws_server_side_encryption_headers.compact
80      end
81    end
82
83    def aws_server_side_encryption_enabled?
84      aws? && server_side_encryption.present?
85    end
86
87    private
88
89    # This returns a Hash of HTTP encryption headers to send along to S3.
90    #
91    # They can also be passed in as Fog::AWS::Storage::File attributes, since there
92    # are aliases defined for them:
93    # https://github.com/fog/fog-aws/blob/ab288f29a0974d64fd8290db41080e5578be9651/lib/fog/aws/models/storage/file.rb#L24-L25
94    def aws_server_side_encryption_headers
95      {
96        'x-amz-server-side-encryption' => server_side_encryption,
97        'x-amz-server-side-encryption-aws-kms-key-id' => server_side_encryption_kms_key_id
98      }
99    end
100  end
101end
102