refactor encryption apis to ts (#1277)

minio · Apr 23, 2024 · d449fcd · d449fcd
1 parent b5a8d3f
commit d449fcd
Show file tree

Hide file tree

Showing 13 changed files with 160 additions and 233 deletions.
diff --git a/README.md b/README.md
@@ -212,6 +212,9 @@ The complete API Reference is available here:
 - [set-bucket-replication.mjs](https://github.com/minio/minio-js/blob/master/examples/set-bucket-replication.mjs)
 - [get-bucket-replication.mjs](https://github.com/minio/minio-js/blob/master/examples/get-bucket-replication.mjs)
 - [remove-bucket-replication.mjs](https://github.com/minio/minio-js/blob/master/examples/remove-bucket-replication.mjs)
+- [set-bucket-encryption.mjs](https://github.com/minio/minio-js/blob/master/examples/set-bucket-encryption.mjs)
+- [get-bucket-encryption.mjs](https://github.com/minio/minio-js/blob/master/examples/get-bucket-encryption.mjs)
+- [remove-bucket-encryption.mjs](https://github.com/minio/minio-js/blob/master/examples/remove-bucket-encryption.mjs)
 
 #### File Object Operations
 

diff --git a/docs/API.md b/docs/API.md
@@ -749,94 +749,69 @@ await minioClient.getObjectLockConfig('my-bucketname')
 
 <a name="setBucketEncryption"></a>
 
-### setBucketEncryption(bucketName [,encryptionConfig, callback])
+### setBucketEncryption(bucketName [,encryptionConfig])
 
 Set encryption configuration on a Bucket
 
 **Parameters**
 
-| Param              | Type       | Description                                                                                                                                                                                        |
-| ------------------ | ---------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
-| `bucketName`       | _string_   | Name of the bucket.                                                                                                                                                                                |
-| `encryptionConfig` | _object_   | Encryption Configuration can be either omitted or `{}` or a valid and supported encryption config. by default: `{Rule:[{ApplyServerSideEncryptionByDefault:{SSEAlgorithm:"AES256"}}]}` is applied. |
-| `callback(err)`    | _function_ | Callback is called with `err` in case of error.                                                                                                                                                    |
+| Param              | Type     | Description                                                                                                                                                                                        |
+| ------------------ | -------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| `bucketName`       | _string_ | Name of the bucket.                                                                                                                                                                                |
+| `encryptionConfig` | _object_ | Encryption Configuration can be either omitted or `{}` or a valid and supported encryption config. by default: `{Rule:[{ApplyServerSideEncryptionByDefault:{SSEAlgorithm:"AES256"}}]}` is applied. |
 
 **Example **
 Set Encryption configuration on a Bucket
 
 ```js
-s3Client.setBucketEncryption('my-bucketname', function (err, lockConfig) {
-  if (err) {
-    return console.log(err)
-  }
-  console.log(lockConfig)
-})
+await s3Client.setBucketEncryption('my-bucketname')
 ```
 
 **Example 1**
 Set Encryption configuration on a Bucket with an Algorithm
 
 ```js
-s3Client.setBucketEncryption(
-  'my-bucketname',
-  { Rule: [{ ApplyServerSideEncryptionByDefault: { SSEAlgorithm: 'AES256' } }] },
-  function (err, lockConfig) {
-    if (err) {
-      return console.log(err)
-    }
-    console.log('Success')
-  },
-)
+await s3Client.setBucketEncryption('my-bucketname', {
+  Rule: [{ ApplyServerSideEncryptionByDefault: { SSEAlgorithm: 'AES256' } }],
+})
 ```
 
 <a name="getBucketEncryption"></a>
 
-### getBucketEncryption(bucketName [, callback])
+### getBucketEncryption(bucketName)
 
 Get encryption configuration of a Bucket
 
 **Parameters**
 
-| Param                      | Type       | Description                                                                               |
-| -------------------------- | ---------- | ----------------------------------------------------------------------------------------- |
-| `bucketName`               | _string_   | Name of the bucket.                                                                       |
-| `callback(err, encConfig)` | _function_ | Callback is called with `err` in case of error. else it is called with lock configuration |
+| Param        | Type     | Description         |
+| ------------ | -------- | ------------------- |
+| `bucketName` | _string_ | Name of the bucket. |
 
 **Example **
 Get Encryption configuration of a Bucket
 
 ```js
-s3Client.getBucketEncryption('my-bucketname', function (err, encConfig) {
-  if (err) {
-    return console.log(err)
-  }
-  console.log(encConfig)
-})
+await s3Client.getBucketEncryption('my-bucketname')
 ```
 
 <a name="removeBucketEncryption"></a>
 
-### removeBucketEncryption(bucketName [, callback])
+### removeBucketEncryption(bucketName)
 
 Remove encryption configuration of a Bucket
 
 **Parameters**
 
-| Param           | Type       | Description                                     |
-| --------------- | ---------- | ----------------------------------------------- |
-| `bucketName`    | _string_   | Name of the bucket.                             |
-| `callback(err)` | _function_ | Callback is called with `err` in case of error. |
+| Param        | Type     | Description         |
+| ------------ | -------- | ------------------- |
+| `bucketName` | _string_ | Name of the bucket. |
 
 **Example **
 Remove Encryption configuration of a Bucket
 
 ```js
-s3Client.removeBucketEncryption('my-bucketname', function (err) {
-  if (err) {
-    return console.log(err)
-  }
-  console.log('Success')
-})
+await s3Client.removeBucketEncryption('my-bucketname')
 ```
 
 ## 3. Object operations

diff --git a/examples/remove-bucket-encryption.js → examples/get-bucket-encryption.mjs b/examples/remove-bucket-encryption.js → examples/get-bucket-encryption.mjs
@@ -25,9 +25,4 @@ const s3Client = new Minio.Client({
   secretKey: 'YOUR-SECRETACCESSKEY',
 })
 
-s3Client.removeBucketEncryption('my-bucket', function (error) {
-  if (error) {
-    return console.log(error)
-  }
-  console.log('Success')
-})
+await s3Client.getBucketEncryption('test-bucket')
diff --git a/examples/get-bucket-encryption.js → examples/remove-bucket-encryption.mjs b/examples/get-bucket-encryption.js → examples/remove-bucket-encryption.mjs
@@ -25,9 +25,4 @@ const s3Client = new Minio.Client({
   secretKey: 'YOUR-SECRETACCESSKEY',
 })
 
-s3Client.getBucketEncryption('my-bucket', function (error, enConfig) {
-  if (error) {
-    return console.log(error)
-  }
-  console.log(enConfig)
-})
+await s3Client.removeBucketEncryption('test-bucket')
diff --git a/examples/set-bucket-encryption.js → examples/set-bucket-encryption.mjs b/examples/set-bucket-encryption.js → examples/set-bucket-encryption.mjs
@@ -26,12 +26,12 @@ const s3Client = new Minio.Client({
 })
 
 //Apply default encryption.
-s3Client.setBucketEncryption('my-bucket', function (error) {
-  if (error) {
-    return console.log(error)
-  }
-  console.log('Success')
-})
+try {
+  await s3Client.setBucketEncryption('test-bucket')
+  console.log('Successfully set bucket default encryption with AES256 Algorithm')
+} catch (err) {
+  console.error(err)
+}
 
 //Set Encryption Rule. Only one rule is allowed.
 
@@ -50,12 +50,7 @@ const encryptionConfig = {
   ],
 }
 
-s3Client.setBucketEncryption('my-bucket', encryptionConfig, function (error) {
-  if (error) {
-    return console.log(error)
-  }
-  console.log('Success')
-})
+await s3Client.setBucketEncryption('test-bucket', encryptionConfig)
 
 /**
  * KMS ID based SSE Encryption
@@ -96,9 +91,4 @@ const kmsIdEncryptionConfig = {
   ],
 }
 
-s3Client.setBucketEncryption('my-bucket', kmsIdEncryptionConfig, function (error) {
-  if (error) {
-    return console.log(error)
-  }
-  console.log('Success')
-})
+await s3Client.setBucketEncryption('test-bucket', kmsIdEncryptionConfig)
diff --git a/src/internal/client.ts b/src/internal/client.ts
@@ -59,6 +59,7 @@ import type {
   BucketItemStat,
   BucketStream,
   BucketVersioningConfiguration,
+  EncryptionConfig,
   GetObjectLegalHoldOptions,
   IncompleteUploadedBucketItem,
   IRequest,
@@ -2340,4 +2341,62 @@ export class TypedClient {
     const body = await readAsString(res)
     return xmlParsers.parseLifecycleConfig(body)
   }
+  async setBucketEncryption(bucketName: string, encryptionConfig?: EncryptionConfig): Promise<void> {
+    if (!isValidBucketName(bucketName)) {
+      throw new errors.InvalidBucketNameError('Invalid bucket name: ' + bucketName)
+    }
+    if (!_.isEmpty(encryptionConfig) && encryptionConfig.Rule.length > 1) {
+      throw new errors.InvalidArgumentError('Invalid Rule length. Only one rule is allowed.: ' + encryptionConfig.Rule)
+    }
+
+    let encryptionObj = encryptionConfig
+    if (_.isEmpty(encryptionConfig)) {
+      encryptionObj = {
+        // Default MinIO Server Supported Rule
+        Rule: [
+          {
+            ApplyServerSideEncryptionByDefault: {
+              SSEAlgorithm: 'AES256',
+            },
+          },
+        ],
+      }
+    }
+
+    const method = 'PUT'
+    const query = 'encryption'
+    const builder = new xml2js.Builder({
+      rootName: 'ServerSideEncryptionConfiguration',
+      renderOpts: { pretty: false },
+      headless: true,
+    })
+    const payload = builder.buildObject(encryptionObj)
+
+    const headers: RequestHeaders = {}
+    headers['Content-MD5'] = toMd5(payload)
+
+    await this.makeRequestAsyncOmit({ method, bucketName, query, headers }, payload)
+  }
+
+  async getBucketEncryption(bucketName: string) {
+    if (!isValidBucketName(bucketName)) {
+      throw new errors.InvalidBucketNameError('Invalid bucket name: ' + bucketName)
+    }
+    const method = 'GET'
+    const query = 'encryption'
+
+    const res = await this.makeRequestAsync({ method, bucketName, query })
+    const body = await readAsString(res)
+    return xmlParsers.parseBucketEncryptionConfig(body)
+  }
+
+  async removeBucketEncryption(bucketName: string) {
+    if (!isValidBucketName(bucketName)) {
+      throw new errors.InvalidBucketNameError('Invalid bucket name: ' + bucketName)
+    }
+    const method = 'DELETE'
+    const query = 'encryption'
+
+    await this.makeRequestAsyncOmit({ method, bucketName, query }, '', [204])
+  }
 }
diff --git a/src/internal/type.ts b/src/internal/type.ts
@@ -316,7 +316,6 @@ export type SelectOptions = {
   requestProgress?: SelectProgress
   scanRange?: ScanRange
 }
-
 export type Expiration = {
   Date: string
   Days: number
@@ -370,3 +369,16 @@ export type LifecycleConfig = {
 }
 
 export type LifeCycleConfigParam = LifecycleConfig | null | undefined | ''
+
+export type ApplySSEByDefault = {
+  KmsMasterKeyID?: string
+  SSEAlgorithm: string
+}
+
+export type EncryptionRule = {
+  ApplyServerSideEncryptionByDefault?: ApplySSEByDefault
+}
+
+export type EncryptionConfig = {
+  Rule: EncryptionRule[]
+}
diff --git a/src/internal/xml-parser.ts b/src/internal/xml-parser.ts
@@ -544,3 +544,7 @@ export function parseLifecycleConfig(xml: string) {
   const xmlObj = parseXml(xml)
   return xmlObj.LifecycleConfiguration
 }
+
+export function parseBucketEncryptionConfig(xml: string) {
+  return parseXml(xml)
+}
diff --git a/src/minio.d.ts b/src/minio.d.ts
@@ -116,7 +116,6 @@ export type LockUnit = RETENTION_VALIDITY_UNITS
 export type VersioningConfig = Record<string | number | symbol, unknown>
 export type TagList = Record<string, string>
 
-export type Encryption = EncryptionConfig | EmptyObject
 export interface PostPolicyResult {
   postURL: string
   formData: {
@@ -130,14 +129,6 @@ export interface LockConfig {
   validity: number
 }
 
-export interface EncryptionConfig {
-  Rule: EncryptionRule[]
-}
-
-export interface EncryptionRule {
-  [key: string]: any
-}
-
 export interface LegalHoldOptions {
   versionId: string
   status: LEGAL_HOLD_STATUS
@@ -157,15 +148,6 @@ export class Client extends TypedClient {
 
   listObjectsV2(bucketName: string, prefix?: string, recursive?: boolean, startAfter?: string): BucketStream<BucketItem>
 
-  getBucketEncryption(bucketName: string, callback: ResultCallback<Encryption>): void
-  getBucketEncryption(bucketName: string): Promise<Encryption>
-
-  setBucketEncryption(bucketName: string, encryptionConfig: Encryption, callback: NoResultCallback): void
-  setBucketEncryption(bucketName: string, encryptionConfig: Encryption): Promise<void>
-
-  removeBucketEncryption(bucketName: string, callback: NoResultCallback): void
-  removeBucketEncryption(bucketName: string): Promise<void>
-
   copyObject(
     bucketName: string,
     objectName: string,