Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

S3 buckets with KMS encryption require explicit endpoint configuration #144

Open
hhamalai opened this issue Nov 10, 2020 · 0 comments
Open

S3 buckets with KMS encryption require explicit endpoint configuration #144

hhamalai opened this issue Nov 10, 2020 · 0 comments
Labels
good first issue Good for newcomers help wanted Extra attention is needed

Comments

@hhamalai
Copy link
Contributor

hhamalai commented Nov 10, 2020
edited
Loading

Is your feature request related to a problem? Please describe.
When using S3 buckets with KMS SSE turned on for drone-cache, the drone manifest requires explicit definition for S3 endpoint with https schema. This is due to:

  1. KMS SSE backed buckets require secure transport or else they will throw an error:
    Requests specifying Server Side Encryption with AWS KMS managed keys must be made over a secure connection.

  2. drone-cache/storage/backend/s3/s3.go

    Line 38 in f32236f

    DisableSSL: aws.Bool(!strings.HasPrefix(c.Endpoint, "https://")),
    Will set DisableSSL to false, unless endpoint is explicitly defined.

Describe the solution you'd like
I would like to see default SSL on everywhere, and to have explicit configuration in order to disable it. Using default, implicit S3 endpoints should preferred.

Describe alternatives you've considered
There could be an explicit configuration flag to turn on / off SSL.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
good first issue Good for newcomers help wanted Extra attention is needed
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@hhamalai @kakkoyun