sftpgo/vfs/filesystem.go

package vfs

import (
	"fmt"

	"github.com/drakkan/sftpgo/v2/kms"
	"github.com/drakkan/sftpgo/v2/sdk"
	"github.com/drakkan/sftpgo/v2/util"
)

// ValidatorHelper implements methods we need for Filesystem.ValidateConfig.
// It is implemented by vfs.Folder and dataprovider.User
type ValidatorHelper interface {
	GetGCSCredentialsFilePath() string
	GetEncryptionAdditionalData() string
}

// Filesystem defines filesystem details
type Filesystem struct {
	RedactedSecret string                 `json:"-"`
	Provider       sdk.FilesystemProvider `json:"provider"`
	S3Config       S3FsConfig             `json:"s3config,omitempty"`
	GCSConfig      GCSFsConfig            `json:"gcsconfig,omitempty"`
	AzBlobConfig   AzBlobFsConfig         `json:"azblobconfig,omitempty"`
	CryptConfig    CryptFsConfig          `json:"cryptconfig,omitempty"`
	SFTPConfig     SFTPFsConfig           `json:"sftpconfig,omitempty"`
}

// SetEmptySecretsIfNil sets the secrets to empty if nil
func (f *Filesystem) SetEmptySecretsIfNil() {
	if f.S3Config.AccessSecret == nil {
		f.S3Config.AccessSecret = kms.NewEmptySecret()
	}
	if f.GCSConfig.Credentials == nil {
		f.GCSConfig.Credentials = kms.NewEmptySecret()
	}
	if f.AzBlobConfig.AccountKey == nil {
		f.AzBlobConfig.AccountKey = kms.NewEmptySecret()
	}
	if f.AzBlobConfig.SASURL == nil {
		f.AzBlobConfig.SASURL = kms.NewEmptySecret()
	}
	if f.CryptConfig.Passphrase == nil {
		f.CryptConfig.Passphrase = kms.NewEmptySecret()
	}
	if f.SFTPConfig.Password == nil {
		f.SFTPConfig.Password = kms.NewEmptySecret()
	}
	if f.SFTPConfig.PrivateKey == nil {
		f.SFTPConfig.PrivateKey = kms.NewEmptySecret()
	}
}

// SetNilSecretsIfEmpty set the secrets to nil if empty.
// This is useful before rendering as JSON so the empty fields
// will not be serialized.
func (f *Filesystem) SetNilSecretsIfEmpty() {
	if f.S3Config.AccessSecret != nil && f.S3Config.AccessSecret.IsEmpty() {
		f.S3Config.AccessSecret = nil
	}
	if f.GCSConfig.Credentials != nil && f.GCSConfig.Credentials.IsEmpty() {
		f.GCSConfig.Credentials = nil
	}
	if f.AzBlobConfig.AccountKey != nil && f.AzBlobConfig.AccountKey.IsEmpty() {
		f.AzBlobConfig.AccountKey = nil
	}
	if f.AzBlobConfig.SASURL != nil && f.AzBlobConfig.SASURL.IsEmpty() {
		f.AzBlobConfig.SASURL = nil
	}
	if f.CryptConfig.Passphrase != nil && f.CryptConfig.Passphrase.IsEmpty() {
		f.CryptConfig.Passphrase = nil
	}
	if f.SFTPConfig.Password != nil && f.SFTPConfig.Password.IsEmpty() {
		f.SFTPConfig.Password = nil
	}
	if f.SFTPConfig.PrivateKey != nil && f.SFTPConfig.PrivateKey.IsEmpty() {
		f.SFTPConfig.PrivateKey = nil
	}
}

// IsEqual returns true if the fs is equal to other
func (f *Filesystem) IsEqual(other *Filesystem) bool {
	if f.Provider != other.Provider {
		return false
	}
	switch f.Provider {
	case sdk.S3FilesystemProvider:
		return f.S3Config.isEqual(&other.S3Config)
	case sdk.GCSFilesystemProvider:
		return f.GCSConfig.isEqual(&other.GCSConfig)
	case sdk.AzureBlobFilesystemProvider:
		return f.AzBlobConfig.isEqual(&other.AzBlobConfig)
	case sdk.CryptedFilesystemProvider:
		return f.CryptConfig.isEqual(&other.CryptConfig)
	case sdk.SFTPFilesystemProvider:
		return f.SFTPConfig.isEqual(&other.SFTPConfig)
	default:
		return true
	}
}

// Validate verifies the FsConfig matching the configured provider and sets all other
// Filesystem.*Config to their zero value if successful
func (f *Filesystem) Validate(helper ValidatorHelper) error {
	switch f.Provider {
	case sdk.S3FilesystemProvider:
		if err := f.S3Config.Validate(); err != nil {
			return util.NewValidationError(fmt.Sprintf("could not validate s3config: %v", err))
		}
		if err := f.S3Config.EncryptCredentials(helper.GetEncryptionAdditionalData()); err != nil {
			return util.NewValidationError(fmt.Sprintf("could not encrypt s3 access secret: %v", err))
		}
		f.GCSConfig = GCSFsConfig{}
		f.AzBlobConfig = AzBlobFsConfig{}
		f.CryptConfig = CryptFsConfig{}
		f.SFTPConfig = SFTPFsConfig{}
		return nil
	case sdk.GCSFilesystemProvider:
		if err := f.GCSConfig.Validate(helper.GetGCSCredentialsFilePath()); err != nil {
			return util.NewValidationError(fmt.Sprintf("could not validate GCS config: %v", err))
		}
		f.S3Config = S3FsConfig{}
		f.AzBlobConfig = AzBlobFsConfig{}
		f.CryptConfig = CryptFsConfig{}
		f.SFTPConfig = SFTPFsConfig{}
		return nil
	case sdk.AzureBlobFilesystemProvider:
		if err := f.AzBlobConfig.Validate(); err != nil {
			return util.NewValidationError(fmt.Sprintf("could not validate Azure Blob config: %v", err))
		}
		if err := f.AzBlobConfig.EncryptCredentials(helper.GetEncryptionAdditionalData()); err != nil {
			return util.NewValidationError(fmt.Sprintf("could not encrypt Azure blob account key: %v", err))
		}
		f.S3Config = S3FsConfig{}
		f.GCSConfig = GCSFsConfig{}
		f.CryptConfig = CryptFsConfig{}
		f.SFTPConfig = SFTPFsConfig{}
		return nil
	case sdk.CryptedFilesystemProvider:
		if err := f.CryptConfig.Validate(); err != nil {
			return util.NewValidationError(fmt.Sprintf("could not validate Crypt fs config: %v", err))
		}
		if err := f.CryptConfig.EncryptCredentials(helper.GetEncryptionAdditionalData()); err != nil {
			return util.NewValidationError(fmt.Sprintf("could not encrypt Crypt fs passphrase: %v", err))
		}
		f.S3Config = S3FsConfig{}
		f.GCSConfig = GCSFsConfig{}
		f.AzBlobConfig = AzBlobFsConfig{}
		f.SFTPConfig = SFTPFsConfig{}
		return nil
	case sdk.SFTPFilesystemProvider:
		if err := f.SFTPConfig.Validate(); err != nil {
			return util.NewValidationError(fmt.Sprintf("could not validate SFTP fs config: %v", err))
		}
		if err := f.SFTPConfig.EncryptCredentials(helper.GetEncryptionAdditionalData()); err != nil {
			return util.NewValidationError(fmt.Sprintf("could not encrypt SFTP fs credentials: %v", err))
		}
		f.S3Config = S3FsConfig{}
		f.GCSConfig = GCSFsConfig{}
		f.AzBlobConfig = AzBlobFsConfig{}
		f.CryptConfig = CryptFsConfig{}
		return nil
	default:
		f.Provider = sdk.LocalFilesystemProvider
		f.S3Config = S3FsConfig{}
		f.GCSConfig = GCSFsConfig{}
		f.AzBlobConfig = AzBlobFsConfig{}
		f.CryptConfig = CryptFsConfig{}
		f.SFTPConfig = SFTPFsConfig{}
		return nil
	}
}

// HasRedactedSecret returns true if configured the filesystem configuration has a redacted secret
func (f *Filesystem) HasRedactedSecret() bool {
	// TODO move vfs specific code into each *FsConfig struct
	switch f.Provider {
	case sdk.S3FilesystemProvider:
		if f.S3Config.AccessSecret.IsRedacted() {
			return true
		}
	case sdk.GCSFilesystemProvider:
		if f.GCSConfig.Credentials.IsRedacted() {
			return true
		}
	case sdk.AzureBlobFilesystemProvider:
		if f.AzBlobConfig.AccountKey.IsRedacted() {
			return true
		}
		if f.AzBlobConfig.SASURL.IsRedacted() {
			return true
		}
	case sdk.CryptedFilesystemProvider:
		if f.CryptConfig.Passphrase.IsRedacted() {
			return true
		}
	case sdk.SFTPFilesystemProvider:
		if f.SFTPConfig.Password.IsRedacted() {
			return true
		}
		if f.SFTPConfig.PrivateKey.IsRedacted() {
			return true
		}
	}

	return false
}

// HideConfidentialData hides filesystem confidential data
func (f *Filesystem) HideConfidentialData() {
	switch f.Provider {
	case sdk.S3FilesystemProvider:
		f.S3Config.HideConfidentialData()
	case sdk.GCSFilesystemProvider:
		f.GCSConfig.HideConfidentialData()
	case sdk.AzureBlobFilesystemProvider:
		f.AzBlobConfig.HideConfidentialData()
	case sdk.CryptedFilesystemProvider:
		f.CryptConfig.HideConfidentialData()
	case sdk.SFTPFilesystemProvider:
		f.SFTPConfig.HideConfidentialData()
	}
}

// GetACopy returns a filesystem copy
func (f *Filesystem) GetACopy() Filesystem {
	f.SetEmptySecretsIfNil()
	fs := Filesystem{
		Provider: f.Provider,
		S3Config: S3FsConfig{
			S3FsConfig: sdk.S3FsConfig{
				Bucket:              f.S3Config.Bucket,
				Region:              f.S3Config.Region,
				AccessKey:           f.S3Config.AccessKey,
				AccessSecret:        f.S3Config.AccessSecret.Clone(),
				Endpoint:            f.S3Config.Endpoint,
				StorageClass:        f.S3Config.StorageClass,
				ACL:                 f.S3Config.ACL,
				KeyPrefix:           f.S3Config.KeyPrefix,
				UploadPartSize:      f.S3Config.UploadPartSize,
				UploadConcurrency:   f.S3Config.UploadConcurrency,
				DownloadPartSize:    f.S3Config.DownloadPartSize,
				DownloadConcurrency: f.S3Config.DownloadConcurrency,
				DownloadPartMaxTime: f.S3Config.DownloadPartMaxTime,
				ForcePathStyle:      f.S3Config.ForcePathStyle,
			},
		},
		GCSConfig: GCSFsConfig{
			GCSFsConfig: sdk.GCSFsConfig{
				Bucket:               f.GCSConfig.Bucket,
				CredentialFile:       f.GCSConfig.CredentialFile,
				Credentials:          f.GCSConfig.Credentials.Clone(),
				AutomaticCredentials: f.GCSConfig.AutomaticCredentials,
				StorageClass:         f.GCSConfig.StorageClass,
				KeyPrefix:            f.GCSConfig.KeyPrefix,
			},
		},
		AzBlobConfig: AzBlobFsConfig{
			AzBlobFsConfig: sdk.AzBlobFsConfig{
				Container:         f.AzBlobConfig.Container,
				AccountName:       f.AzBlobConfig.AccountName,
				AccountKey:        f.AzBlobConfig.AccountKey.Clone(),
				Endpoint:          f.AzBlobConfig.Endpoint,
				SASURL:            f.AzBlobConfig.SASURL.Clone(),
				KeyPrefix:         f.AzBlobConfig.KeyPrefix,
				UploadPartSize:    f.AzBlobConfig.UploadPartSize,
				UploadConcurrency: f.AzBlobConfig.UploadConcurrency,
				UseEmulator:       f.AzBlobConfig.UseEmulator,
				AccessTier:        f.AzBlobConfig.AccessTier,
			},
		},
		CryptConfig: CryptFsConfig{
			CryptFsConfig: sdk.CryptFsConfig{
				Passphrase: f.CryptConfig.Passphrase.Clone(),
			},
		},
		SFTPConfig: SFTPFsConfig{
			SFTPFsConfig: sdk.SFTPFsConfig{
				Endpoint:                f.SFTPConfig.Endpoint,
				Username:                f.SFTPConfig.Username,
				Password:                f.SFTPConfig.Password.Clone(),
				PrivateKey:              f.SFTPConfig.PrivateKey.Clone(),
				Prefix:                  f.SFTPConfig.Prefix,
				DisableCouncurrentReads: f.SFTPConfig.DisableCouncurrentReads,
				BufferSize:              f.SFTPConfig.BufferSize,
			},
		},
	}
	if len(f.SFTPConfig.Fingerprints) > 0 {
		fs.SFTPConfig.Fingerprints = make([]string, len(f.SFTPConfig.Fingerprints))
		copy(fs.SFTPConfig.Fingerprints, f.SFTPConfig.Fingerprints)
	}
	return fs
}
extend virtual folders support to all storage backends Fixes #241 2021-03-21 18:15:47 +00:00			`package vfs`

move Filesystem config validation to vfs 2021-06-19 10:24:43 +00:00			`import (`
			`"fmt"`

modules: add v2 support 2021-06-26 05:31:41 +00:00			`"github.com/drakkan/sftpgo/v2/kms"`
add experimental plugin system 2021-07-11 13:26:51 +00:00			`"github.com/drakkan/sftpgo/v2/sdk"`
			`"github.com/drakkan/sftpgo/v2/util"`
move Filesystem config validation to vfs 2021-06-19 10:24:43 +00:00			`)`
extend virtual folders support to all storage backends Fixes #241 2021-03-21 18:15:47 +00:00
move Filesystem config validation to vfs 2021-06-19 10:24:43 +00:00			`// ValidatorHelper implements methods we need for Filesystem.ValidateConfig.`
			`// It is implemented by vfs.Folder and dataprovider.User`
			`type ValidatorHelper interface {`
			`GetGCSCredentialsFilePath() string`
			`GetEncryptionAdditionalData() string`
			`}`

add experimental plugin system 2021-07-11 13:26:51 +00:00			`// Filesystem defines filesystem details`
extend virtual folders support to all storage backends Fixes #241 2021-03-21 18:15:47 +00:00			`type Filesystem struct {`
add experimental plugin system 2021-07-11 13:26:51 +00:00			RedactedSecret string `json:"-"`
			Provider sdk.FilesystemProvider `json:"provider"`
			S3Config S3FsConfig `json:"s3config,omitempty"`
			GCSConfig GCSFsConfig `json:"gcsconfig,omitempty"`
			AzBlobConfig AzBlobFsConfig `json:"azblobconfig,omitempty"`
			CryptConfig CryptFsConfig `json:"cryptconfig,omitempty"`
			SFTPConfig SFTPFsConfig `json:"sftpconfig,omitempty"`
extend virtual folders support to all storage backends Fixes #241 2021-03-21 18:15:47 +00:00			`}`

			`// SetEmptySecretsIfNil sets the secrets to empty if nil`
			`func (f *Filesystem) SetEmptySecretsIfNil() {`
			`if f.S3Config.AccessSecret == nil {`
			`f.S3Config.AccessSecret = kms.NewEmptySecret()`
			`}`
			`if f.GCSConfig.Credentials == nil {`
			`f.GCSConfig.Credentials = kms.NewEmptySecret()`
			`}`
			`if f.AzBlobConfig.AccountKey == nil {`
			`f.AzBlobConfig.AccountKey = kms.NewEmptySecret()`
			`}`
azblob: store SAS URL as kms.Secret 2021-06-11 20:27:36 +00:00			`if f.AzBlobConfig.SASURL == nil {`
			`f.AzBlobConfig.SASURL = kms.NewEmptySecret()`
			`}`
extend virtual folders support to all storage backends Fixes #241 2021-03-21 18:15:47 +00:00			`if f.CryptConfig.Passphrase == nil {`
			`f.CryptConfig.Passphrase = kms.NewEmptySecret()`
			`}`
			`if f.SFTPConfig.Password == nil {`
			`f.SFTPConfig.Password = kms.NewEmptySecret()`
			`}`
			`if f.SFTPConfig.PrivateKey == nil {`
			`f.SFTPConfig.PrivateKey = kms.NewEmptySecret()`
			`}`
			`}`

kms: add a lock, secrets could be modified concurrently for cached users also reduce the size of the JSON payload omitting empty secrets 2021-03-22 18:03:25 +00:00			`// SetNilSecretsIfEmpty set the secrets to nil if empty.`
			`// This is useful before rendering as JSON so the empty fields`
			`// will not be serialized.`
			`func (f *Filesystem) SetNilSecretsIfEmpty() {`
			`if f.S3Config.AccessSecret != nil && f.S3Config.AccessSecret.IsEmpty() {`
			`f.S3Config.AccessSecret = nil`
			`}`
			`if f.GCSConfig.Credentials != nil && f.GCSConfig.Credentials.IsEmpty() {`
			`f.GCSConfig.Credentials = nil`
			`}`
			`if f.AzBlobConfig.AccountKey != nil && f.AzBlobConfig.AccountKey.IsEmpty() {`
			`f.AzBlobConfig.AccountKey = nil`
			`}`
azblob: store SAS URL as kms.Secret 2021-06-11 20:27:36 +00:00			`if f.AzBlobConfig.SASURL != nil && f.AzBlobConfig.SASURL.IsEmpty() {`
			`f.AzBlobConfig.SASURL = nil`
			`}`
kms: add a lock, secrets could be modified concurrently for cached users also reduce the size of the JSON payload omitting empty secrets 2021-03-22 18:03:25 +00:00			`if f.CryptConfig.Passphrase != nil && f.CryptConfig.Passphrase.IsEmpty() {`
			`f.CryptConfig.Passphrase = nil`
			`}`
			`if f.SFTPConfig.Password != nil && f.SFTPConfig.Password.IsEmpty() {`
			`f.SFTPConfig.Password = nil`
			`}`
			`if f.SFTPConfig.PrivateKey != nil && f.SFTPConfig.PrivateKey.IsEmpty() {`
			`f.SFTPConfig.PrivateKey = nil`
			`}`
			`}`

WebDAV: try to preserve the lock fs as much as possible 2021-03-27 18:10:27 +00:00			`// IsEqual returns true if the fs is equal to other`
			`func (f Filesystem) IsEqual(other Filesystem) bool {`
			`if f.Provider != other.Provider {`
			`return false`
			`}`
			`switch f.Provider {`
add experimental plugin system 2021-07-11 13:26:51 +00:00			`case sdk.S3FilesystemProvider:`
WebDAV: try to preserve the lock fs as much as possible 2021-03-27 18:10:27 +00:00			`return f.S3Config.isEqual(&other.S3Config)`
add experimental plugin system 2021-07-11 13:26:51 +00:00			`case sdk.GCSFilesystemProvider:`
WebDAV: try to preserve the lock fs as much as possible 2021-03-27 18:10:27 +00:00			`return f.GCSConfig.isEqual(&other.GCSConfig)`
add experimental plugin system 2021-07-11 13:26:51 +00:00			`case sdk.AzureBlobFilesystemProvider:`
WebDAV: try to preserve the lock fs as much as possible 2021-03-27 18:10:27 +00:00			`return f.AzBlobConfig.isEqual(&other.AzBlobConfig)`
add experimental plugin system 2021-07-11 13:26:51 +00:00			`case sdk.CryptedFilesystemProvider:`
WebDAV: try to preserve the lock fs as much as possible 2021-03-27 18:10:27 +00:00			`return f.CryptConfig.isEqual(&other.CryptConfig)`
add experimental plugin system 2021-07-11 13:26:51 +00:00			`case sdk.SFTPFilesystemProvider:`
WebDAV: try to preserve the lock fs as much as possible 2021-03-27 18:10:27 +00:00			`return f.SFTPConfig.isEqual(&other.SFTPConfig)`
			`default:`
			`return true`
			`}`
			`}`

move Filesystem config validation to vfs 2021-06-19 10:24:43 +00:00			`// Validate verifies the FsConfig matching the configured provider and sets all other`
			`// Filesystem.*Config to their zero value if successful`
			`func (f *Filesystem) Validate(helper ValidatorHelper) error {`
			`switch f.Provider {`
add experimental plugin system 2021-07-11 13:26:51 +00:00			`case sdk.S3FilesystemProvider:`
move Filesystem config validation to vfs 2021-06-19 10:24:43 +00:00			`if err := f.S3Config.Validate(); err != nil {`
add experimental plugin system 2021-07-11 13:26:51 +00:00			`return util.NewValidationError(fmt.Sprintf("could not validate s3config: %v", err))`
move Filesystem config validation to vfs 2021-06-19 10:24:43 +00:00			`}`
			`if err := f.S3Config.EncryptCredentials(helper.GetEncryptionAdditionalData()); err != nil {`
add experimental plugin system 2021-07-11 13:26:51 +00:00			`return util.NewValidationError(fmt.Sprintf("could not encrypt s3 access secret: %v", err))`
move Filesystem config validation to vfs 2021-06-19 10:24:43 +00:00			`}`
			`f.GCSConfig = GCSFsConfig{}`
			`f.AzBlobConfig = AzBlobFsConfig{}`
			`f.CryptConfig = CryptFsConfig{}`
			`f.SFTPConfig = SFTPFsConfig{}`
			`return nil`
add experimental plugin system 2021-07-11 13:26:51 +00:00			`case sdk.GCSFilesystemProvider:`
move Filesystem config validation to vfs 2021-06-19 10:24:43 +00:00			`if err := f.GCSConfig.Validate(helper.GetGCSCredentialsFilePath()); err != nil {`
add experimental plugin system 2021-07-11 13:26:51 +00:00			`return util.NewValidationError(fmt.Sprintf("could not validate GCS config: %v", err))`
move Filesystem config validation to vfs 2021-06-19 10:24:43 +00:00			`}`
			`f.S3Config = S3FsConfig{}`
			`f.AzBlobConfig = AzBlobFsConfig{}`
			`f.CryptConfig = CryptFsConfig{}`
			`f.SFTPConfig = SFTPFsConfig{}`
			`return nil`
add experimental plugin system 2021-07-11 13:26:51 +00:00			`case sdk.AzureBlobFilesystemProvider:`
move Filesystem config validation to vfs 2021-06-19 10:24:43 +00:00			`if err := f.AzBlobConfig.Validate(); err != nil {`
add experimental plugin system 2021-07-11 13:26:51 +00:00			`return util.NewValidationError(fmt.Sprintf("could not validate Azure Blob config: %v", err))`
move Filesystem config validation to vfs 2021-06-19 10:24:43 +00:00			`}`
			`if err := f.AzBlobConfig.EncryptCredentials(helper.GetEncryptionAdditionalData()); err != nil {`
add experimental plugin system 2021-07-11 13:26:51 +00:00			`return util.NewValidationError(fmt.Sprintf("could not encrypt Azure blob account key: %v", err))`
move Filesystem config validation to vfs 2021-06-19 10:24:43 +00:00			`}`
			`f.S3Config = S3FsConfig{}`
			`f.GCSConfig = GCSFsConfig{}`
			`f.CryptConfig = CryptFsConfig{}`
			`f.SFTPConfig = SFTPFsConfig{}`
			`return nil`
add experimental plugin system 2021-07-11 13:26:51 +00:00			`case sdk.CryptedFilesystemProvider:`
move Filesystem config validation to vfs 2021-06-19 10:24:43 +00:00			`if err := f.CryptConfig.Validate(); err != nil {`
add experimental plugin system 2021-07-11 13:26:51 +00:00			`return util.NewValidationError(fmt.Sprintf("could not validate Crypt fs config: %v", err))`
move Filesystem config validation to vfs 2021-06-19 10:24:43 +00:00			`}`
			`if err := f.CryptConfig.EncryptCredentials(helper.GetEncryptionAdditionalData()); err != nil {`
add experimental plugin system 2021-07-11 13:26:51 +00:00			`return util.NewValidationError(fmt.Sprintf("could not encrypt Crypt fs passphrase: %v", err))`
move Filesystem config validation to vfs 2021-06-19 10:24:43 +00:00			`}`
			`f.S3Config = S3FsConfig{}`
			`f.GCSConfig = GCSFsConfig{}`
			`f.AzBlobConfig = AzBlobFsConfig{}`
			`f.SFTPConfig = SFTPFsConfig{}`
			`return nil`
add experimental plugin system 2021-07-11 13:26:51 +00:00			`case sdk.SFTPFilesystemProvider:`
move Filesystem config validation to vfs 2021-06-19 10:24:43 +00:00			`if err := f.SFTPConfig.Validate(); err != nil {`
add experimental plugin system 2021-07-11 13:26:51 +00:00			`return util.NewValidationError(fmt.Sprintf("could not validate SFTP fs config: %v", err))`
move Filesystem config validation to vfs 2021-06-19 10:24:43 +00:00			`}`
			`if err := f.SFTPConfig.EncryptCredentials(helper.GetEncryptionAdditionalData()); err != nil {`
add experimental plugin system 2021-07-11 13:26:51 +00:00			`return util.NewValidationError(fmt.Sprintf("could not encrypt SFTP fs credentials: %v", err))`
move Filesystem config validation to vfs 2021-06-19 10:24:43 +00:00			`}`
			`f.S3Config = S3FsConfig{}`
			`f.GCSConfig = GCSFsConfig{}`
			`f.AzBlobConfig = AzBlobFsConfig{}`
			`f.CryptConfig = CryptFsConfig{}`
			`return nil`
			`default:`
add experimental plugin system 2021-07-11 13:26:51 +00:00			`f.Provider = sdk.LocalFilesystemProvider`
move Filesystem config validation to vfs 2021-06-19 10:24:43 +00:00			`f.S3Config = S3FsConfig{}`
			`f.GCSConfig = GCSFsConfig{}`
			`f.AzBlobConfig = AzBlobFsConfig{}`
			`f.CryptConfig = CryptFsConfig{}`
			`f.SFTPConfig = SFTPFsConfig{}`
			`return nil`
			`}`
			`}`

			`// HasRedactedSecret returns true if configured the filesystem configuration has a redacted secret`
			`func (f *Filesystem) HasRedactedSecret() bool {`
			`// TODO move vfs specific code into each *FsConfig struct`
			`switch f.Provider {`
add experimental plugin system 2021-07-11 13:26:51 +00:00			`case sdk.S3FilesystemProvider:`
move Filesystem config validation to vfs 2021-06-19 10:24:43 +00:00			`if f.S3Config.AccessSecret.IsRedacted() {`
			`return true`
			`}`
add experimental plugin system 2021-07-11 13:26:51 +00:00			`case sdk.GCSFilesystemProvider:`
move Filesystem config validation to vfs 2021-06-19 10:24:43 +00:00			`if f.GCSConfig.Credentials.IsRedacted() {`
			`return true`
			`}`
add experimental plugin system 2021-07-11 13:26:51 +00:00			`case sdk.AzureBlobFilesystemProvider:`
move Filesystem config validation to vfs 2021-06-19 10:24:43 +00:00			`if f.AzBlobConfig.AccountKey.IsRedacted() {`
			`return true`
			`}`
refactor custom actions SFTPGo is now fully auditable, all fs and provider events that change something are notified and can be collected using hooks/plugins. There are some backward incompatible changes for command hooks 2021-10-10 11:08:05 +00:00			`if f.AzBlobConfig.SASURL.IsRedacted() {`
			`return true`
			`}`
add experimental plugin system 2021-07-11 13:26:51 +00:00			`case sdk.CryptedFilesystemProvider:`
move Filesystem config validation to vfs 2021-06-19 10:24:43 +00:00			`if f.CryptConfig.Passphrase.IsRedacted() {`
			`return true`
			`}`
add experimental plugin system 2021-07-11 13:26:51 +00:00			`case sdk.SFTPFilesystemProvider:`
move Filesystem config validation to vfs 2021-06-19 10:24:43 +00:00			`if f.SFTPConfig.Password.IsRedacted() {`
			`return true`
			`}`
			`if f.SFTPConfig.PrivateKey.IsRedacted() {`
			`return true`
			`}`
			`}`

			`return false`
			`}`

			`// HideConfidentialData hides filesystem confidential data`
			`func (f *Filesystem) HideConfidentialData() {`
			`switch f.Provider {`
add experimental plugin system 2021-07-11 13:26:51 +00:00			`case sdk.S3FilesystemProvider:`
fix a possible nil pointer dereference it can happen by upgrading from very old versions 2021-09-11 12:19:17 +00:00			`f.S3Config.HideConfidentialData()`
add experimental plugin system 2021-07-11 13:26:51 +00:00			`case sdk.GCSFilesystemProvider:`
fix a possible nil pointer dereference it can happen by upgrading from very old versions 2021-09-11 12:19:17 +00:00			`f.GCSConfig.HideConfidentialData()`
add experimental plugin system 2021-07-11 13:26:51 +00:00			`case sdk.AzureBlobFilesystemProvider:`
fix a possible nil pointer dereference it can happen by upgrading from very old versions 2021-09-11 12:19:17 +00:00			`f.AzBlobConfig.HideConfidentialData()`
add experimental plugin system 2021-07-11 13:26:51 +00:00			`case sdk.CryptedFilesystemProvider:`
fix a possible nil pointer dereference it can happen by upgrading from very old versions 2021-09-11 12:19:17 +00:00			`f.CryptConfig.HideConfidentialData()`
add experimental plugin system 2021-07-11 13:26:51 +00:00			`case sdk.SFTPFilesystemProvider:`
fix a possible nil pointer dereference it can happen by upgrading from very old versions 2021-09-11 12:19:17 +00:00			`f.SFTPConfig.HideConfidentialData()`
move Filesystem config validation to vfs 2021-06-19 10:24:43 +00:00			`}`
			`}`

s3: allow to configure the chunk download timeout 2021-07-11 16:39:45 +00:00			`// GetACopy returns a filesystem copy`
extend virtual folders support to all storage backends Fixes #241 2021-03-21 18:15:47 +00:00			`func (f *Filesystem) GetACopy() Filesystem {`
			`f.SetEmptySecretsIfNil()`
			`fs := Filesystem{`
			`Provider: f.Provider,`
			`S3Config: S3FsConfig{`
add experimental plugin system 2021-07-11 13:26:51 +00:00			`S3FsConfig: sdk.S3FsConfig{`
s3: allow to configure the chunk download timeout 2021-07-11 16:39:45 +00:00			`Bucket: f.S3Config.Bucket,`
			`Region: f.S3Config.Region,`
			`AccessKey: f.S3Config.AccessKey,`
			`AccessSecret: f.S3Config.AccessSecret.Clone(),`
			`Endpoint: f.S3Config.Endpoint,`
			`StorageClass: f.S3Config.StorageClass,`
S3: add ACL support Fixes #610 2021-11-13 15:05:40 +00:00			`ACL: f.S3Config.ACL,`
s3: allow to configure the chunk download timeout 2021-07-11 16:39:45 +00:00			`KeyPrefix: f.S3Config.KeyPrefix,`
			`UploadPartSize: f.S3Config.UploadPartSize,`
			`UploadConcurrency: f.S3Config.UploadConcurrency,`
S3: expose more properties, possible backward incompatible change Before these changes we implictly set S3ForcePathStyle if an endpoint was provided. This can cause issues with some S3 compatible object storages and must be explicitly set now. AWS is also deprecating this setting https://aws.amazon.com/it/blogs/aws/amazon-s3-path-deprecation-plan-the-rest-of-the-story/ 2021-07-23 14:56:48 +00:00			`DownloadPartSize: f.S3Config.DownloadPartSize,`
			`DownloadConcurrency: f.S3Config.DownloadConcurrency,`
s3: allow to configure the chunk download timeout 2021-07-11 16:39:45 +00:00			`DownloadPartMaxTime: f.S3Config.DownloadPartMaxTime,`
S3: expose more properties, possible backward incompatible change Before these changes we implictly set S3ForcePathStyle if an endpoint was provided. This can cause issues with some S3 compatible object storages and must be explicitly set now. AWS is also deprecating this setting https://aws.amazon.com/it/blogs/aws/amazon-s3-path-deprecation-plan-the-rest-of-the-story/ 2021-07-23 14:56:48 +00:00			`ForcePathStyle: f.S3Config.ForcePathStyle,`
add experimental plugin system 2021-07-11 13:26:51 +00:00			`},`
extend virtual folders support to all storage backends Fixes #241 2021-03-21 18:15:47 +00:00			`},`
			`GCSConfig: GCSFsConfig{`
add experimental plugin system 2021-07-11 13:26:51 +00:00			`GCSFsConfig: sdk.GCSFsConfig{`
			`Bucket: f.GCSConfig.Bucket,`
			`CredentialFile: f.GCSConfig.CredentialFile,`
			`Credentials: f.GCSConfig.Credentials.Clone(),`
			`AutomaticCredentials: f.GCSConfig.AutomaticCredentials,`
			`StorageClass: f.GCSConfig.StorageClass,`
			`KeyPrefix: f.GCSConfig.KeyPrefix,`
			`},`
extend virtual folders support to all storage backends Fixes #241 2021-03-21 18:15:47 +00:00			`},`
			`AzBlobConfig: AzBlobFsConfig{`
add experimental plugin system 2021-07-11 13:26:51 +00:00			`AzBlobFsConfig: sdk.AzBlobFsConfig{`
			`Container: f.AzBlobConfig.Container,`
			`AccountName: f.AzBlobConfig.AccountName,`
			`AccountKey: f.AzBlobConfig.AccountKey.Clone(),`
			`Endpoint: f.AzBlobConfig.Endpoint,`
			`SASURL: f.AzBlobConfig.SASURL.Clone(),`
			`KeyPrefix: f.AzBlobConfig.KeyPrefix,`
			`UploadPartSize: f.AzBlobConfig.UploadPartSize,`
			`UploadConcurrency: f.AzBlobConfig.UploadConcurrency,`
			`UseEmulator: f.AzBlobConfig.UseEmulator,`
			`AccessTier: f.AzBlobConfig.AccessTier,`
			`},`
extend virtual folders support to all storage backends Fixes #241 2021-03-21 18:15:47 +00:00			`},`
			`CryptConfig: CryptFsConfig{`
add experimental plugin system 2021-07-11 13:26:51 +00:00			`CryptFsConfig: sdk.CryptFsConfig{`
			`Passphrase: f.CryptConfig.Passphrase.Clone(),`
			`},`
extend virtual folders support to all storage backends Fixes #241 2021-03-21 18:15:47 +00:00			`},`
			`SFTPConfig: SFTPFsConfig{`
add experimental plugin system 2021-07-11 13:26:51 +00:00			`SFTPFsConfig: sdk.SFTPFsConfig{`
			`Endpoint: f.SFTPConfig.Endpoint,`
			`Username: f.SFTPConfig.Username,`
			`Password: f.SFTPConfig.Password.Clone(),`
			`PrivateKey: f.SFTPConfig.PrivateKey.Clone(),`
			`Prefix: f.SFTPConfig.Prefix,`
			`DisableCouncurrentReads: f.SFTPConfig.DisableCouncurrentReads,`
			`BufferSize: f.SFTPConfig.BufferSize,`
			`},`
extend virtual folders support to all storage backends Fixes #241 2021-03-21 18:15:47 +00:00			`},`
			`}`
			`if len(f.SFTPConfig.Fingerprints) > 0 {`
			`fs.SFTPConfig.Fingerprints = make([]string, len(f.SFTPConfig.Fingerprints))`
			`copy(fs.SFTPConfig.Fingerprints, f.SFTPConfig.Fingerprints)`
			`}`
			`return fs`
			`}`