sftpgo-mirror/internal/vfs/filesystem.go

392 lines
13 KiB
Go
Raw Permalink Normal View History

// Copyright (C) 2019-2023 Nicola Murino
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published
// by the Free Software Foundation, version 3.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with this program. If not, see <https://www.gnu.org/licenses/>.
package vfs
import (
"os"
"github.com/sftpgo/sdk"
"github.com/drakkan/sftpgo/v2/internal/kms"
)
2021-07-11 13:26:51 +00:00
// Filesystem defines filesystem details
type Filesystem struct {
2021-07-11 13:26:51 +00:00
RedactedSecret string `json:"-"`
Provider sdk.FilesystemProvider `json:"provider"`
OSConfig sdk.OSFsConfig `json:"osconfig,omitempty"`
2021-07-11 13:26:51 +00:00
S3Config S3FsConfig `json:"s3config,omitempty"`
GCSConfig GCSFsConfig `json:"gcsconfig,omitempty"`
AzBlobConfig AzBlobFsConfig `json:"azblobconfig,omitempty"`
CryptConfig CryptFsConfig `json:"cryptconfig,omitempty"`
SFTPConfig SFTPFsConfig `json:"sftpconfig,omitempty"`
HTTPConfig HTTPFsConfig `json:"httpconfig,omitempty"`
}
// SetEmptySecrets sets the secrets to empty
func (f *Filesystem) SetEmptySecrets() {
f.S3Config.AccessSecret = kms.NewEmptySecret()
f.GCSConfig.Credentials = kms.NewEmptySecret()
f.AzBlobConfig.AccountKey = kms.NewEmptySecret()
f.AzBlobConfig.SASURL = kms.NewEmptySecret()
f.CryptConfig.Passphrase = kms.NewEmptySecret()
f.SFTPConfig.Password = kms.NewEmptySecret()
f.SFTPConfig.PrivateKey = kms.NewEmptySecret()
f.SFTPConfig.KeyPassphrase = kms.NewEmptySecret()
f.HTTPConfig.Password = kms.NewEmptySecret()
f.HTTPConfig.APIKey = kms.NewEmptySecret()
}
// SetEmptySecretsIfNil sets the secrets to empty if nil
func (f *Filesystem) SetEmptySecretsIfNil() {
if f.S3Config.AccessSecret == nil {
f.S3Config.AccessSecret = kms.NewEmptySecret()
}
if f.GCSConfig.Credentials == nil {
f.GCSConfig.Credentials = kms.NewEmptySecret()
}
if f.AzBlobConfig.AccountKey == nil {
f.AzBlobConfig.AccountKey = kms.NewEmptySecret()
}
2021-06-11 20:27:36 +00:00
if f.AzBlobConfig.SASURL == nil {
f.AzBlobConfig.SASURL = kms.NewEmptySecret()
}
if f.CryptConfig.Passphrase == nil {
f.CryptConfig.Passphrase = kms.NewEmptySecret()
}
if f.SFTPConfig.Password == nil {
f.SFTPConfig.Password = kms.NewEmptySecret()
}
if f.SFTPConfig.PrivateKey == nil {
f.SFTPConfig.PrivateKey = kms.NewEmptySecret()
}
if f.SFTPConfig.KeyPassphrase == nil {
f.SFTPConfig.KeyPassphrase = kms.NewEmptySecret()
}
if f.HTTPConfig.Password == nil {
f.HTTPConfig.Password = kms.NewEmptySecret()
}
if f.HTTPConfig.APIKey == nil {
f.HTTPConfig.APIKey = kms.NewEmptySecret()
}
}
// SetNilSecretsIfEmpty set the secrets to nil if empty.
// This is useful before rendering as JSON so the empty fields
// will not be serialized.
func (f *Filesystem) SetNilSecretsIfEmpty() {
if f.S3Config.AccessSecret != nil && f.S3Config.AccessSecret.IsEmpty() {
f.S3Config.AccessSecret = nil
}
if f.GCSConfig.Credentials != nil && f.GCSConfig.Credentials.IsEmpty() {
f.GCSConfig.Credentials = nil
}
if f.AzBlobConfig.AccountKey != nil && f.AzBlobConfig.AccountKey.IsEmpty() {
f.AzBlobConfig.AccountKey = nil
}
2021-06-11 20:27:36 +00:00
if f.AzBlobConfig.SASURL != nil && f.AzBlobConfig.SASURL.IsEmpty() {
f.AzBlobConfig.SASURL = nil
}
if f.CryptConfig.Passphrase != nil && f.CryptConfig.Passphrase.IsEmpty() {
f.CryptConfig.Passphrase = nil
}
f.SFTPConfig.setNilSecretsIfEmpty()
f.HTTPConfig.setNilSecretsIfEmpty()
}
// IsEqual returns true if the fs is equal to other
func (f *Filesystem) IsEqual(other Filesystem) bool {
if f.Provider != other.Provider {
return false
}
switch f.Provider {
2021-07-11 13:26:51 +00:00
case sdk.S3FilesystemProvider:
return f.S3Config.isEqual(other.S3Config)
2021-07-11 13:26:51 +00:00
case sdk.GCSFilesystemProvider:
return f.GCSConfig.isEqual(other.GCSConfig)
2021-07-11 13:26:51 +00:00
case sdk.AzureBlobFilesystemProvider:
return f.AzBlobConfig.isEqual(other.AzBlobConfig)
2021-07-11 13:26:51 +00:00
case sdk.CryptedFilesystemProvider:
return f.CryptConfig.isEqual(other.CryptConfig)
2021-07-11 13:26:51 +00:00
case sdk.SFTPFilesystemProvider:
return f.SFTPConfig.isEqual(other.SFTPConfig)
case sdk.HTTPFilesystemProvider:
return f.HTTPConfig.isEqual(other.HTTPConfig)
default:
return true
}
}
// IsSameResource returns true if fs point to the same resource as other
func (f *Filesystem) IsSameResource(other Filesystem) bool {
if f.Provider != other.Provider {
return false
}
switch f.Provider {
case sdk.S3FilesystemProvider:
return f.S3Config.isSameResource(other.S3Config)
case sdk.GCSFilesystemProvider:
return f.GCSConfig.isSameResource(other.GCSConfig)
case sdk.AzureBlobFilesystemProvider:
return f.AzBlobConfig.isSameResource(other.AzBlobConfig)
case sdk.CryptedFilesystemProvider:
return f.CryptConfig.isSameResource(other.CryptConfig)
case sdk.SFTPFilesystemProvider:
return f.SFTPConfig.isSameResource(other.SFTPConfig)
case sdk.HTTPFilesystemProvider:
return f.HTTPConfig.isSameResource(other.HTTPConfig)
default:
return true
}
}
// GetPathSeparator returns the path separator
func (f *Filesystem) GetPathSeparator() string {
switch f.Provider {
case sdk.LocalFilesystemProvider, sdk.CryptedFilesystemProvider:
return string(os.PathSeparator)
default:
return "/"
}
}
// Validate verifies the FsConfig matching the configured provider and sets all other
// Filesystem.*Config to their zero value if successful
func (f *Filesystem) Validate(additionalData string) error {
switch f.Provider {
2021-07-11 13:26:51 +00:00
case sdk.S3FilesystemProvider:
if err := f.S3Config.ValidateAndEncryptCredentials(additionalData); err != nil {
return err
}
f.OSConfig = sdk.OSFsConfig{}
f.GCSConfig = GCSFsConfig{}
f.AzBlobConfig = AzBlobFsConfig{}
f.CryptConfig = CryptFsConfig{}
f.SFTPConfig = SFTPFsConfig{}
f.HTTPConfig = HTTPFsConfig{}
return nil
2021-07-11 13:26:51 +00:00
case sdk.GCSFilesystemProvider:
if err := f.GCSConfig.ValidateAndEncryptCredentials(additionalData); err != nil {
return err
}
f.OSConfig = sdk.OSFsConfig{}
f.S3Config = S3FsConfig{}
f.AzBlobConfig = AzBlobFsConfig{}
f.CryptConfig = CryptFsConfig{}
f.SFTPConfig = SFTPFsConfig{}
f.HTTPConfig = HTTPFsConfig{}
return nil
2021-07-11 13:26:51 +00:00
case sdk.AzureBlobFilesystemProvider:
if err := f.AzBlobConfig.ValidateAndEncryptCredentials(additionalData); err != nil {
return err
}
f.OSConfig = sdk.OSFsConfig{}
f.S3Config = S3FsConfig{}
f.GCSConfig = GCSFsConfig{}
f.CryptConfig = CryptFsConfig{}
f.SFTPConfig = SFTPFsConfig{}
f.HTTPConfig = HTTPFsConfig{}
return nil
2021-07-11 13:26:51 +00:00
case sdk.CryptedFilesystemProvider:
if err := f.CryptConfig.ValidateAndEncryptCredentials(additionalData); err != nil {
return err
}
f.OSConfig = sdk.OSFsConfig{}
f.S3Config = S3FsConfig{}
f.GCSConfig = GCSFsConfig{}
f.AzBlobConfig = AzBlobFsConfig{}
f.SFTPConfig = SFTPFsConfig{}
f.HTTPConfig = HTTPFsConfig{}
return validateOSFsConfig(&f.CryptConfig.OSFsConfig)
2021-07-11 13:26:51 +00:00
case sdk.SFTPFilesystemProvider:
if err := f.SFTPConfig.ValidateAndEncryptCredentials(additionalData); err != nil {
return err
}
f.OSConfig = sdk.OSFsConfig{}
f.S3Config = S3FsConfig{}
f.GCSConfig = GCSFsConfig{}
f.AzBlobConfig = AzBlobFsConfig{}
f.CryptConfig = CryptFsConfig{}
f.HTTPConfig = HTTPFsConfig{}
return nil
case sdk.HTTPFilesystemProvider:
if err := f.HTTPConfig.ValidateAndEncryptCredentials(additionalData); err != nil {
return err
}
f.OSConfig = sdk.OSFsConfig{}
f.S3Config = S3FsConfig{}
f.GCSConfig = GCSFsConfig{}
f.AzBlobConfig = AzBlobFsConfig{}
f.CryptConfig = CryptFsConfig{}
f.SFTPConfig = SFTPFsConfig{}
return nil
default:
2021-07-11 13:26:51 +00:00
f.Provider = sdk.LocalFilesystemProvider
f.S3Config = S3FsConfig{}
f.GCSConfig = GCSFsConfig{}
f.AzBlobConfig = AzBlobFsConfig{}
f.CryptConfig = CryptFsConfig{}
f.SFTPConfig = SFTPFsConfig{}
f.HTTPConfig = HTTPFsConfig{}
return validateOSFsConfig(&f.OSConfig)
}
}
// HasRedactedSecret returns true if configured the filesystem configuration has a redacted secret
func (f *Filesystem) HasRedactedSecret() bool {
// TODO move vfs specific code into each *FsConfig struct
switch f.Provider {
2021-07-11 13:26:51 +00:00
case sdk.S3FilesystemProvider:
return f.S3Config.AccessSecret.IsRedacted()
2021-07-11 13:26:51 +00:00
case sdk.GCSFilesystemProvider:
return f.GCSConfig.Credentials.IsRedacted()
2021-07-11 13:26:51 +00:00
case sdk.AzureBlobFilesystemProvider:
if f.AzBlobConfig.AccountKey.IsRedacted() {
return true
}
return f.AzBlobConfig.SASURL.IsRedacted()
2021-07-11 13:26:51 +00:00
case sdk.CryptedFilesystemProvider:
return f.CryptConfig.Passphrase.IsRedacted()
2021-07-11 13:26:51 +00:00
case sdk.SFTPFilesystemProvider:
if f.SFTPConfig.Password.IsRedacted() {
return true
}
if f.SFTPConfig.PrivateKey.IsRedacted() {
return true
}
return f.SFTPConfig.KeyPassphrase.IsRedacted()
case sdk.HTTPFilesystemProvider:
if f.HTTPConfig.Password.IsRedacted() {
return true
}
return f.HTTPConfig.APIKey.IsRedacted()
}
return false
}
// HideConfidentialData hides filesystem confidential data
func (f *Filesystem) HideConfidentialData() {
switch f.Provider {
2021-07-11 13:26:51 +00:00
case sdk.S3FilesystemProvider:
f.S3Config.HideConfidentialData()
2021-07-11 13:26:51 +00:00
case sdk.GCSFilesystemProvider:
f.GCSConfig.HideConfidentialData()
2021-07-11 13:26:51 +00:00
case sdk.AzureBlobFilesystemProvider:
f.AzBlobConfig.HideConfidentialData()
2021-07-11 13:26:51 +00:00
case sdk.CryptedFilesystemProvider:
f.CryptConfig.HideConfidentialData()
2021-07-11 13:26:51 +00:00
case sdk.SFTPFilesystemProvider:
f.SFTPConfig.HideConfidentialData()
case sdk.HTTPFilesystemProvider:
f.HTTPConfig.HideConfidentialData()
}
}
// GetACopy returns a filesystem copy
func (f *Filesystem) GetACopy() Filesystem {
f.SetEmptySecretsIfNil()
fs := Filesystem{
Provider: f.Provider,
OSConfig: sdk.OSFsConfig{
ReadBufferSize: f.OSConfig.ReadBufferSize,
WriteBufferSize: f.OSConfig.WriteBufferSize,
},
S3Config: S3FsConfig{
BaseS3FsConfig: sdk.BaseS3FsConfig{
Bucket: f.S3Config.Bucket,
Region: f.S3Config.Region,
AccessKey: f.S3Config.AccessKey,
RoleARN: f.S3Config.RoleARN,
Endpoint: f.S3Config.Endpoint,
StorageClass: f.S3Config.StorageClass,
2021-11-13 15:05:40 +00:00
ACL: f.S3Config.ACL,
KeyPrefix: f.S3Config.KeyPrefix,
UploadPartSize: f.S3Config.UploadPartSize,
UploadConcurrency: f.S3Config.UploadConcurrency,
DownloadPartSize: f.S3Config.DownloadPartSize,
DownloadConcurrency: f.S3Config.DownloadConcurrency,
DownloadPartMaxTime: f.S3Config.DownloadPartMaxTime,
UploadPartMaxTime: f.S3Config.UploadPartMaxTime,
ForcePathStyle: f.S3Config.ForcePathStyle,
2021-07-11 13:26:51 +00:00
},
AccessSecret: f.S3Config.AccessSecret.Clone(),
},
GCSConfig: GCSFsConfig{
BaseGCSFsConfig: sdk.BaseGCSFsConfig{
2021-07-11 13:26:51 +00:00
Bucket: f.GCSConfig.Bucket,
AutomaticCredentials: f.GCSConfig.AutomaticCredentials,
StorageClass: f.GCSConfig.StorageClass,
2021-11-15 20:57:41 +00:00
ACL: f.GCSConfig.ACL,
2021-07-11 13:26:51 +00:00
KeyPrefix: f.GCSConfig.KeyPrefix,
UploadPartSize: f.GCSConfig.UploadPartSize,
UploadPartMaxTime: f.GCSConfig.UploadPartMaxTime,
2021-07-11 13:26:51 +00:00
},
Credentials: f.GCSConfig.Credentials.Clone(),
},
AzBlobConfig: AzBlobFsConfig{
BaseAzBlobFsConfig: sdk.BaseAzBlobFsConfig{
Container: f.AzBlobConfig.Container,
AccountName: f.AzBlobConfig.AccountName,
Endpoint: f.AzBlobConfig.Endpoint,
KeyPrefix: f.AzBlobConfig.KeyPrefix,
UploadPartSize: f.AzBlobConfig.UploadPartSize,
UploadConcurrency: f.AzBlobConfig.UploadConcurrency,
DownloadPartSize: f.AzBlobConfig.DownloadPartSize,
DownloadConcurrency: f.AzBlobConfig.DownloadConcurrency,
UseEmulator: f.AzBlobConfig.UseEmulator,
AccessTier: f.AzBlobConfig.AccessTier,
2021-07-11 13:26:51 +00:00
},
AccountKey: f.AzBlobConfig.AccountKey.Clone(),
SASURL: f.AzBlobConfig.SASURL.Clone(),
},
CryptConfig: CryptFsConfig{
OSFsConfig: sdk.OSFsConfig{
ReadBufferSize: f.CryptConfig.ReadBufferSize,
WriteBufferSize: f.CryptConfig.WriteBufferSize,
},
Passphrase: f.CryptConfig.Passphrase.Clone(),
},
SFTPConfig: SFTPFsConfig{
BaseSFTPFsConfig: sdk.BaseSFTPFsConfig{
2021-07-11 13:26:51 +00:00
Endpoint: f.SFTPConfig.Endpoint,
Username: f.SFTPConfig.Username,
Prefix: f.SFTPConfig.Prefix,
DisableCouncurrentReads: f.SFTPConfig.DisableCouncurrentReads,
BufferSize: f.SFTPConfig.BufferSize,
EqualityCheckMode: f.SFTPConfig.EqualityCheckMode,
2021-07-11 13:26:51 +00:00
},
Password: f.SFTPConfig.Password.Clone(),
PrivateKey: f.SFTPConfig.PrivateKey.Clone(),
KeyPassphrase: f.SFTPConfig.KeyPassphrase.Clone(),
},
HTTPConfig: HTTPFsConfig{
BaseHTTPFsConfig: sdk.BaseHTTPFsConfig{
Endpoint: f.HTTPConfig.Endpoint,
Username: f.HTTPConfig.Username,
SkipTLSVerify: f.HTTPConfig.SkipTLSVerify,
EqualityCheckMode: f.HTTPConfig.EqualityCheckMode,
},
Password: f.HTTPConfig.Password.Clone(),
APIKey: f.HTTPConfig.APIKey.Clone(),
},
}
if len(f.SFTPConfig.Fingerprints) > 0 {
fs.SFTPConfig.Fingerprints = make([]string, len(f.SFTPConfig.Fingerprints))
copy(fs.SFTPConfig.Fingerprints, f.SFTPConfig.Fingerprints)
}
return fs
}