Support BYOK for OSS storage driver

Change-Id: I423ad03e63bd38aded3abfcba49079ff2fbb3b74
Signed-off-by: Li Yi <denverdino@gmail.com>

registry/storage/driver/oss/oss.go

@@ -54,6 +54,7 @@ type DriverParameters struct {
 	ChunkSize       int64
 	RootDirectory   string
 	Endpoint        string
+	EncryptionKeyID string
 }
 
 func init() {
@@ -68,11 +69,12 @@ func (factory *ossDriverFactory) Create(parameters map[string]interface{}) (stor
 }
 
 type driver struct {
-	Client        *oss.Client
-	Bucket        *oss.Bucket
-	ChunkSize     int64
-	Encrypt       bool
-	RootDirectory string
+	Client          *oss.Client
+	Bucket          *oss.Bucket
+	ChunkSize       int64
+	Encrypt         bool
+	RootDirectory   string
+	EncryptionKeyID string
 }
 
 type baseEmbed struct {
@@ -132,6 +134,11 @@ func FromParameters(parameters map[string]interface{}) (*Driver, error) {
 		}
 	}
 
+	encryptionKeyID, ok := parameters["encryptionkeyid"]
+	if !ok {
+		encryptionKeyID = ""
+	}
+
 	secureBool := true
 	secure, ok := parameters["secure"]
 	if ok {
@@ -185,6 +192,7 @@ func FromParameters(parameters map[string]interface{}) (*Driver, error) {
 		Secure:          secureBool,
 		Internal:        internalBool,
 		Endpoint:        fmt.Sprint(endpoint),
+		EncryptionKeyID: fmt.Sprint(encryptionKeyID),
 	}
 
 	return New(params)
@@ -209,11 +217,12 @@ func New(params DriverParameters) (*Driver, error) {
 	// if you initiated a new OSS client while another one is running on the same bucket.
 
 	d := &driver{
-		Client:        client,
-		Bucket:        bucket,
-		ChunkSize:     params.ChunkSize,
-		Encrypt:       params.Encrypt,
-		RootDirectory: params.RootDirectory,
+		Client:          client,
+		Bucket:          bucket,
+		ChunkSize:       params.ChunkSize,
+		Encrypt:         params.Encrypt,
+		RootDirectory:   params.RootDirectory,
+		EncryptionKeyID: params.EncryptionKeyID,
 	}
 
 	return &Driver{
@@ -403,7 +412,7 @@ func (d *driver) Move(ctx context.Context, sourcePath string, destPath string) e
 	err := d.Bucket.CopyLargeFileInParallel(d.ossPath(sourcePath), d.ossPath(destPath),
 		d.getContentType(),
 		getPermissions(),
-		oss.Options{},
+		d.getOptions(),
 		maxConcurrency)
 	if err != nil {
 		logrus.Errorf("Failed for move from %s to %s: %v", d.ossPath(sourcePath), d.ossPath(destPath), err)
@@ -503,7 +512,17 @@ func hasCode(err error, code string) bool {
 }
 
 func (d *driver) getOptions() oss.Options {
-	return oss.Options{ServerSideEncryption: d.Encrypt}
+	return oss.Options{
+		ServerSideEncryption:      d.Encrypt,
+		ServerSideEncryptionKeyID: d.EncryptionKeyID,
+	}
+}
+
+func (d *driver) getCopyOptions() oss.CopyOptions {
+	return oss.CopyOptions{
+		ServerSideEncryption:      d.Encrypt,
+		ServerSideEncryptionKeyID: d.EncryptionKeyID,
+	}
 }
 
 func getPermissions() oss.ACL {
@@ -580,7 +599,7 @@ func (w *writer) Write(p []byte) (int, error) {
 			w.readyPart = contents
 		} else {
 			// Otherwise we can use the old file as the new first part
-			_, part, err := multi.PutPartCopy(1, oss.CopyOptions{}, w.driver.Bucket.Name+"/"+w.key)
+			_, part, err := multi.PutPartCopy(1, w.driver.getCopyOptions(), w.driver.Bucket.Name+"/"+w.key)
 			if err != nil {
 				return 0, err
 			}

registry/storage/driver/oss/oss_test.go

@@ -31,6 +31,7 @@ func init() {
 	encrypt := os.Getenv("OSS_ENCRYPT")
 	secure := os.Getenv("OSS_SECURE")
 	endpoint := os.Getenv("OSS_ENDPOINT")
+	encryptionKeyID := os.Getenv("OSS_ENCRYPTIONKEYID")
 	root, err := ioutil.TempDir("", "driver-")
 	if err != nil {
 		panic(err)
@@ -73,6 +74,7 @@ func init() {
 			Encrypt:         encryptBool,
 			Secure:          secureBool,
 			Endpoint:        endpoint,
+			EncryptionKeyID: encryptionKeyID,
 		}
 
 		return New(parameters)