lywsvip/rustfs
1
0
Fork 0
mirror of https://github.com/rustfs/rustfs.git synced 2026-05-06 22:28:16 +08:00
Code Issues Packages Projects Releases Wiki Activity

fix(kms): restore configure and decrypt compatibility

Browse Source
This commit is contained in:
overtrue
2026-04-07 19:34:09 +08:00
parent 1f598105dd
commit bf64bcabf8
2 changed files with 34 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

45
crates/kms/src/api_types.rs
View File

@@ -110,6 +110,7 @@ pub struct ConfigureVaultTransitKmsRequest {
#[serde(tag = "backend_type")]
pub enum ConfigureKmsRequest {
/// Configure with Local backend
#[serde(alias = "local", alias = "Local")]
Local(ConfigureLocalKmsRequest),
/// Configure with Vault KV v2 + Transit backend
#[serde(
@@ -121,6 +122,11 @@ pub enum ConfigureKmsRequest {
)]
VaultKv2(ConfigureVaultKmsRequest),
/// Configure with Vault Transit backend
#[serde(
rename = "VaultTransit",
alias = "vault-transit",
alias = "vault_transit"
)]
VaultTransit(ConfigureVaultTransitKmsRequest),
}
@@ -453,24 +459,39 @@ mod tests {
#[test]
fn test_deserialize_vault_transit_configure_request() {
let cases = ["VaultTransit", "vault-transit", "vault_transit"];
for raw_backend in cases {
let raw = serde_json::json!({
"backend_type": raw_backend,
"address": "http://127.0.0.1:8200",
"auth_method": {
"Token": {
"token": "dev-root-token"
}
},
"mount_path": "transit",
"default_key_id": "rustfs-master-key"
});
let request: ConfigureKmsRequest =
serde_json::from_value(raw).expect("vault-transit request should deserialize");
let config = request.to_kms_config();
assert_eq!(config.backend, KmsBackend::VaultTransit);
let vault = config.vault_transit_config().expect("vault-transit config should be present");
assert_eq!(vault.mount_path, "transit");
}
}
#[test]
fn test_deserialize_local_configure_request() {
let raw = serde_json::json!({
"backend_type": "VaultTransit",
"address": "http://127.0.0.1:8200",
"auth_method": {
"Token": {
"token": "dev-root-token"
}
},
"mount_path": "transit",
"default_key_id": "rustfs-master-key"
"backend_type": "local",
"key_dir": "./target/kms-key-dir"
});
let request: ConfigureKmsRequest = serde_json::from_value(raw).expect("vault-transit request should deserialize");
let config = request.to_kms_config();
assert_eq!(config.backend, KmsBackend::VaultTransit);
let vault = config.vault_transit_config().expect("vault-transit config should be present");
assert_eq!(vault.mount_path, "transit");
assert_eq!(config.backend, KmsBackend::Local);
}
#[test]

2
crates/kms/src/backends/vault_transit.rs
View File

@@ -535,7 +535,7 @@ impl KmsBackend for VaultTransitKmsBackend {
}
async fn decrypt(&self, request: DecryptRequest) -> Result<DecryptResponse> {
let envelope = DataKeyEnvelope::deserialize(&request.ciphertext_blob)?;
let envelope: DataKeyEnvelope = serde_json::from_slice(&request.ciphertext)?;
let plaintext = self.client.decrypt(&request, None).await?;
Ok(DecryptResponse {
plaintext,