You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@camel.apache.org by ac...@apache.org on 2018/01/24 09:55:24 UTC
[camel] branch master updated: CAMEL-12186 - Camel-AWS S3: Support
KMS in S3 Producer related operations
This is an automated email from the ASF dual-hosted git repository.
acosentino pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/camel.git
The following commit(s) were added to refs/heads/master by this push:
new b6957fa CAMEL-12186 - Camel-AWS S3: Support KMS in S3 Producer related operations
b6957fa is described below
commit b6957fa74cae09821d0e4a2f110507afcbfc315c
Author: Andrea Cosentino <an...@gmail.com>
AuthorDate: Wed Jan 24 10:51:56 2018 +0100
CAMEL-12186 - Camel-AWS S3: Support KMS in S3 Producer related operations
---
.../camel-aws/src/main/docs/aws-s3-component.adoc | 17 ++++++++++-
.../camel/component/aws/s3/S3Configuration.java | 26 +++++++++++++++++
.../apache/camel/component/aws/s3/S3Producer.java | 33 ++++++++++++++++++++++
.../s3/springboot/S3ComponentConfiguration.java | 24 ++++++++++++++++
4 files changed, 99 insertions(+), 1 deletion(-)
diff --git a/components/camel-aws/src/main/docs/aws-s3-component.adoc b/components/camel-aws/src/main/docs/aws-s3-component.adoc
index 1d0246d..d5e42a1 100644
--- a/components/camel-aws/src/main/docs/aws-s3-component.adoc
+++ b/components/camel-aws/src/main/docs/aws-s3-component.adoc
@@ -77,7 +77,7 @@ with the following path and query parameters:
| *bucketNameOrArn* | *Required* Bucket name or ARN | | String
|===
-==== Query Parameters (43 parameters):
+==== Query Parameters (45 parameters):
[width="100%",cols="2,5,^1,2",options="header"]
|===
@@ -103,12 +103,14 @@ with the following path and query parameters:
| *exceptionHandler* (consumer) | To let the consumer use a custom ExceptionHandler. Notice if the option bridgeErrorHandler is enabled then this options is not in use. By default the consumer will deal with exceptions that will be logged at WARN or ERROR level and ignored. | | ExceptionHandler
| *exchangePattern* (consumer) | Sets the exchange pattern when the consumer creates an exchange. | | ExchangePattern
| *pollStrategy* (consumer) | A pluggable org.apache.camel.PollingConsumerPollingStrategy allowing you to provide your custom implementation to control error handling usually occurred during the poll operation before an Exchange have been created and being routed in Camel. | | PollingConsumerPoll Strategy
+| *awsKMSKeyId* (producer) | Define the id of KMS key to use in case KMS is enabled | | String
| *deleteAfterWrite* (producer) | Delete file object after the S3 file has been uploaded | false | boolean
| *multiPartUpload* (producer) | If it is true camel will upload the file with multi part format the part size is decided by the option of partSize | false | boolean
| *operation* (producer) | The operation to do in case the user don't want to do only an upload | | S3Operations
| *partSize* (producer) | Setup the partSize which is used in multi part upload the default size is 25M. | 26214400 | long
| *serverSideEncryption* (producer) | Sets the server-side encryption algorithm when encrypting the object using AWS-managed keys. For example use AES256. | | String
| *storageClass* (producer) | The storage class to set in the com.amazonaws.services.s3.model.PutObjectRequest request. | | String
+| *useAwsKMS* (producer) | Define if KMS must be used or not | false | boolean
| *synchronous* (advanced) | Sets whether synchronous processing should be strictly used or Camel is allowed to use asynchronous processing (if supported). | false | boolean
| *backoffErrorThreshold* (scheduler) | The number of subsequent error polls (failed due some error) that should happen before the backoffMultipler should kick-in. | | int
| *backoffIdleThreshold* (scheduler) | The number of subsequent idle polls that should happen before the backoffMultipler should kick-in. | | int
@@ -288,6 +290,19 @@ from("aws-s3://MyBucket?amazonS3Client=#client&delay=5000&maxMessagesPerPoll=5")
.to("mock:result");
--------------------------------------------------------------------------------
+#### Use KMS with the S3 component
+
+To use AWS KMS to encrypt/decrypt data by using AWS infrastructure you can use the options introduced in 2.21.x like in the following example
+
+[source,java]
+--------------------------------------------------------------------------------
+from("file:tmp/test?fileName=test.txt")
+ .setHeader(S3Constants.KEY, constant("testFile"))
+ .to("aws-s3://mybucket?amazonS3Client=#client&useAwsKMS=true&awsKMSKeyId=3f0637ad-296a-3dfe-a796-e60654fb128c");
+--------------------------------------------------------------------------------
+
+In this way you'll ask to S3, to use the KMS key 3f0637ad-296a-3dfe-a796-e60654fb128c, to encrypt the file test.txt. When you'll ask to download this file, the decryption will be done directly before the download.
+
### Dependencies
Maven users will need to add the following dependency to their pom.xml.
diff --git a/components/camel-aws/src/main/java/org/apache/camel/component/aws/s3/S3Configuration.java b/components/camel-aws/src/main/java/org/apache/camel/component/aws/s3/S3Configuration.java
index 95ff8c1..c536ce0 100644
--- a/components/camel-aws/src/main/java/org/apache/camel/component/aws/s3/S3Configuration.java
+++ b/components/camel-aws/src/main/java/org/apache/camel/component/aws/s3/S3Configuration.java
@@ -72,6 +72,10 @@ public class S3Configuration implements Cloneable {
private EncryptionMaterials encryptionMaterials;
@UriParam(label = "common", defaultValue = "false")
private boolean useEncryption;
+ @UriParam(label = "producer", defaultValue = "false")
+ private boolean useAwsKMS;
+ @UriParam(label = "producer")
+ private String awsKMSKeyId;
public long getPartSize() {
return partSize;
@@ -356,6 +360,28 @@ public class S3Configuration implements Cloneable {
this.useEncryption = useEncryption;
}
+ public boolean isUseAwsKMS() {
+ return useAwsKMS;
+ }
+
+ /**
+ * Define if KMS must be used or not
+ */
+ public void setUseAwsKMS(boolean useAwsKMS) {
+ this.useAwsKMS = useAwsKMS;
+ }
+
+ public String getAwsKMSKeyId() {
+ return awsKMSKeyId;
+ }
+
+ /**
+ * Define the id of KMS key to use in case KMS is enabled
+ */
+ public void setAwsKMSKeyId(String awsKMSKeyId) {
+ this.awsKMSKeyId = awsKMSKeyId;
+ }
+
boolean hasProxyConfiguration() {
return ObjectHelper.isNotEmpty(getProxyHost()) && ObjectHelper.isNotEmpty(getProxyPort());
}
diff --git a/components/camel-aws/src/main/java/org/apache/camel/component/aws/s3/S3Producer.java b/components/camel-aws/src/main/java/org/apache/camel/component/aws/s3/S3Producer.java
index c7a2120..df6e1c3 100644
--- a/components/camel-aws/src/main/java/org/apache/camel/component/aws/s3/S3Producer.java
+++ b/components/camel-aws/src/main/java/org/apache/camel/component/aws/s3/S3Producer.java
@@ -48,6 +48,7 @@ import com.amazonaws.services.s3.model.ObjectMetadata;
import com.amazonaws.services.s3.model.PartETag;
import com.amazonaws.services.s3.model.PutObjectRequest;
import com.amazonaws.services.s3.model.PutObjectResult;
+import com.amazonaws.services.s3.model.SSEAwsKeyManagementParams;
import com.amazonaws.services.s3.model.StorageClass;
import com.amazonaws.services.s3.model.UploadPartRequest;
@@ -151,6 +152,16 @@ public class S3Producer extends DefaultProducer {
// PutObjectRequest#setAccessControlList for more details
initRequest.setAccessControlList(acl);
}
+
+ if (getConfiguration().isUseAwsKMS()) {
+ SSEAwsKeyManagementParams keyManagementParams;
+ if (ObjectHelper.isNotEmpty(getConfiguration().getAwsKMSKeyId())) {
+ keyManagementParams = new SSEAwsKeyManagementParams(getConfiguration().getAwsKMSKeyId());
+ } else {
+ keyManagementParams = new SSEAwsKeyManagementParams();
+ }
+ initRequest.setSSEAwsKeyManagementParams(keyManagementParams);
+ }
LOG.trace("Initiating multipart upload [{}] from exchange [{}]...", initRequest, exchange);
@@ -237,6 +248,17 @@ public class S3Producer extends DefaultProducer {
// PutObjectRequest#setAccessControlList for more details
putObjectRequest.setAccessControlList(acl);
}
+
+ if (getConfiguration().isUseAwsKMS()) {
+ SSEAwsKeyManagementParams keyManagementParams;
+ if (ObjectHelper.isNotEmpty(getConfiguration().getAwsKMSKeyId())) {
+ keyManagementParams = new SSEAwsKeyManagementParams(getConfiguration().getAwsKMSKeyId());
+ } else {
+ keyManagementParams = new SSEAwsKeyManagementParams();
+ }
+ putObjectRequest.setSSEAwsKeyManagementParams(keyManagementParams);
+ }
+
LOG.trace("Put object [{}] from exchange [{}]...", putObjectRequest, exchange);
PutObjectResult putObjectResult = getEndpoint().getS3Client().putObject(putObjectRequest);
@@ -291,6 +313,17 @@ public class S3Producer extends DefaultProducer {
} else {
copyObjectRequest = new CopyObjectRequest(bucketName, sourceKey, versionId, bucketNameDestination, destinationKey);
}
+
+ if (getConfiguration().isUseAwsKMS()) {
+ SSEAwsKeyManagementParams keyManagementParams;
+ if (ObjectHelper.isNotEmpty(getConfiguration().getAwsKMSKeyId())) {
+ keyManagementParams = new SSEAwsKeyManagementParams(getConfiguration().getAwsKMSKeyId());
+ } else {
+ keyManagementParams = new SSEAwsKeyManagementParams();
+ }
+ copyObjectRequest.setSSEAwsKeyManagementParams(keyManagementParams);
+ }
+
CopyObjectResult copyObjectResult = s3Client.copyObject(copyObjectRequest);
Message message = getMessageForResponse(exchange);
diff --git a/platforms/spring-boot/components-starter/camel-aws-starter/src/main/java/org/apache/camel/component/aws/s3/springboot/S3ComponentConfiguration.java b/platforms/spring-boot/components-starter/camel-aws-starter/src/main/java/org/apache/camel/component/aws/s3/springboot/S3ComponentConfiguration.java
index 9ca5603..20f336e 100644
--- a/platforms/spring-boot/components-starter/camel-aws-starter/src/main/java/org/apache/camel/component/aws/s3/springboot/S3ComponentConfiguration.java
+++ b/platforms/spring-boot/components-starter/camel-aws-starter/src/main/java/org/apache/camel/component/aws/s3/springboot/S3ComponentConfiguration.java
@@ -227,6 +227,14 @@ public class S3ComponentConfiguration
* Define if encryption must be used or not
*/
private Boolean useEncryption = false;
+ /**
+ * Define if KMS must be used or not
+ */
+ private Boolean useAwsKMS = false;
+ /**
+ * Define the id of KMS key to use in case KMS is enabled
+ */
+ private String awsKMSKeyId;
public Long getPartSize() {
return partSize;
@@ -412,5 +420,21 @@ public class S3ComponentConfiguration
public void setUseEncryption(Boolean useEncryption) {
this.useEncryption = useEncryption;
}
+
+ public Boolean getUseAwsKMS() {
+ return useAwsKMS;
+ }
+
+ public void setUseAwsKMS(Boolean useAwsKMS) {
+ this.useAwsKMS = useAwsKMS;
+ }
+
+ public String getAwsKMSKeyId() {
+ return awsKMSKeyId;
+ }
+
+ public void setAwsKMSKeyId(String awsKMSKeyId) {
+ this.awsKMSKeyId = awsKMSKeyId;
+ }
}
}
\ No newline at end of file
--
To stop receiving notification emails like this one, please contact
acosentino@apache.org.