Skip to content
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.

Commit 57c5f16

Browse files
dddinarydddinary
committedMar 19, 2025·
resource/alicloud_oss_bucket: Server side encryption support SM4
1 parent 6290205 commit 57c5f16

File tree

4 files changed

+335
-7
lines changed

4 files changed

+335
-7
lines changed
 

‎alicloud/common.go

+1
Original file line numberDiff line numberDiff line change
@@ -563,6 +563,7 @@ func IntMin(x, y int) int {
563563

564564
const ServerSideEncryptionAes256 = "AES256"
565565
const ServerSideEncryptionKMS = "KMS"
566+
const ServerSideEncryptionSM4 = "SM4"
566567

567568
type OptimizedType string
568569

‎alicloud/resource_alicloud_oss_bucket.go

+21-1
Original file line numberDiff line numberDiff line change
@@ -404,12 +404,21 @@ func resourceAlicloudOssBucket() *schema.Resource {
404404
ValidateFunc: StringInSlice([]string{
405405
ServerSideEncryptionAes256,
406406
ServerSideEncryptionKMS,
407+
ServerSideEncryptionSM4,
407408
}, false),
408409
},
409410
"kms_master_key_id": {
410411
Type: schema.TypeString,
411412
Optional: true,
412413
},
414+
"kms_data_encryption": {
415+
Type: schema.TypeString,
416+
Optional: true,
417+
ValidateFunc: StringInSlice([]string{
418+
ServerSideEncryptionSM4,
419+
"",
420+
}, false),
421+
},
413422
},
414423
},
415424
MaxItems: 1,
@@ -534,9 +543,13 @@ func resourceAlicloudOssBucketCreate(d *schema.ResourceData, meta interface{}) e
534543
options = append(options, oss.SetHeader("x-oss-server-side-encryption", sse_algorithm))
535544
}
536545

537-
if sse_kms_id, ok := sse_rule["kms_master_key_id"].(string); ok {
546+
if sse_kms_id, ok := sse_rule["kms_master_key_id"].(string); ok && sse_kms_id != "" {
538547
options = append(options, oss.SetHeader("x-oss-server-side-encryption-key-id", sse_kms_id))
539548
}
549+
550+
if kms_data_encryption, ok := sse_rule["kms_data_encryption"].(string); ok && kms_data_encryption != "" {
551+
options = append(options, oss.SetHeader("x-oss-server-side-data-encryption", kms_data_encryption))
552+
}
540553
}
541554
}
542555

@@ -610,6 +623,9 @@ func resourceAlicloudOssBucketRead(d *schema.ResourceData, meta interface{}) err
610623
if object.BucketInfo.SseRule.KMSMasterKeyID != "" {
611624
rule["kms_master_key_id"] = object.BucketInfo.SseRule.KMSMasterKeyID
612625
}
626+
if object.BucketInfo.SseRule.KMSDataEncryption != "" {
627+
rule["kms_data_encryption"] = object.BucketInfo.SseRule.KMSDataEncryption
628+
}
613629
data := make([]map[string]interface{}, 0)
614630
data = append(data, rule)
615631
d.Set("server_side_encryption_rule", data)
@@ -1577,6 +1593,10 @@ func resourceAlicloudOssBucketEncryptionUpdate(client *connectivity.AliyunClient
15771593
sseRule.SSEDefault.KMSMasterKeyID = v.(string)
15781594
}
15791595

1596+
if v, ok := c["kms_data_encryption"]; ok {
1597+
sseRule.SSEDefault.KMSDataEncryption = v.(string)
1598+
}
1599+
15801600
raw, err := client.WithOssClient(func(ossClient *oss.Client) (interface{}, error) {
15811601
requestInfo = ossClient
15821602
return nil, ossClient.SetBucketEncryption(d.Id(), sseRule)

0 commit comments

Comments
 (0)
Please sign in to comment.