diff --git a/pkg/objstore/s3/s3.go b/pkg/objstore/s3/s3.go index 21bdcf49dd..3c22d456a4 100644 --- a/pkg/objstore/s3/s3.go +++ b/pkg/objstore/s3/s3.go @@ -47,10 +47,12 @@ const ( // SSES3 is the name of the SSE-S3 method for objstore encryption. SSES3 = "SSE-S3" - // SSEConfigKey is the context key to override SSE config. This feature is used by downstream + // sseConfigKey is the context key to override SSE config. This feature is used by downstream // projects (eg. Cortex) to inject custom SSE config on a per-request basis. Future work or // refactoring can introduce breaking changes as far as the functionality is preserved. - SSEConfigKey = ctxKey(0) + // NOTE: we're using a context value only because it's a very specific S3 option. If SSE will + // be available to wider set of backends we should probably add a variadic option to Get() and Upload(). + sseConfigKey = ctxKey(0) ) var DefaultConfig = Config{ @@ -497,7 +499,7 @@ func (b *Bucket) Close() error { return nil } // getServerSideEncryption returns the SSE to use. func (b *Bucket) getServerSideEncryption(ctx context.Context) (encrypt.ServerSide, error) { - if value := ctx.Value(SSEConfigKey); value != nil { + if value := ctx.Value(sseConfigKey); value != nil { if sse, ok := value.(encrypt.ServerSide); ok { return sse, nil } @@ -581,3 +583,9 @@ func NewTestBucketFromConfig(t testing.TB, location string, c Config, reuseBucke } }, nil } + +// ContextWithSSEConfig returns a context with a custom SSE config set. The returned context should be +// provided to S3 objstore client functions to override the default SSE config. +func ContextWithSSEConfig(ctx context.Context, value encrypt.ServerSide) context.Context { + return context.WithValue(ctx, sseConfigKey, value) +} diff --git a/pkg/objstore/s3/s3_test.go b/pkg/objstore/s3/s3_test.go index b68b77f4cd..466c669712 100644 --- a/pkg/objstore/s3/s3_test.go +++ b/pkg/objstore/s3/s3_test.go @@ -293,7 +293,7 @@ func TestBucket_getServerSideEncryption(t *testing.T) { bkt, err = NewBucketWithConfig(log.NewNopLogger(), cfg, "test") testutil.Ok(t, err) - sse, err = bkt.getServerSideEncryption(context.WithValue(context.Background(), SSEConfigKey, override)) + sse, err = bkt.getServerSideEncryption(context.WithValue(context.Background(), sseConfigKey, override)) testutil.Ok(t, err) testutil.Equals(t, encrypt.KMS, sse.Type()) }