From 90431d8df4c990acebe959fde75e3c22119bc502 Mon Sep 17 00:00:00 2001
From: duanhongyi <duanhongyi@doopai.com>
Date: Sat, 24 Nov 2018 23:56:05 +0800
Subject: [PATCH] feat(wal-e): add WALE_S3_SSE environment variable

---
 charts/database/templates/database-deployment.yaml    | 4 ++++
 rootfs/docker-entrypoint-initdb.d/001_setup_envdir.sh | 5 +++++
 rootfs/patcher-script.d/patch_wal_e_s3.py             | 6 +++---
 3 files changed, 12 insertions(+), 3 deletions(-)

diff --git a/charts/database/templates/database-deployment.yaml b/charts/database/templates/database-deployment.yaml
index 9b232f9..41f145a 100644
--- a/charts/database/templates/database-deployment.yaml
+++ b/charts/database/templates/database-deployment.yaml
@@ -41,6 +41,10 @@ spec:
               value: "{{.Values.global.storage}}"
             - name: PGCTLTIMEOUT
               value: "{{.Values.postgres.timeout}}"
+{{- if eq .Values.global.storage "s3" }}
+            - name: S3_SSE
+              value: "{{.Values.s3.use_sse}}"
+{{- end}}
           lifecycle:
             preStop:
               exec:
diff --git a/rootfs/docker-entrypoint-initdb.d/001_setup_envdir.sh b/rootfs/docker-entrypoint-initdb.d/001_setup_envdir.sh
index e2c00af..d18904f 100755
--- a/rootfs/docker-entrypoint-initdb.d/001_setup_envdir.sh
+++ b/rootfs/docker-entrypoint-initdb.d/001_setup_envdir.sh
@@ -17,6 +17,11 @@ if [[ "$DATABASE_STORAGE" == "s3" || "$DATABASE_STORAGE" == "minio" ]]; then
     else
       echo "https+path://s3-${AWS_REGION}.amazonaws.com:443" > WALE_S3_ENDPOINT
     fi
+    if [[ $S3_SSE ]]; then
+      echo $S3_SSE > WALE_S3_SSE
+    else
+      echo "false" > WALE_S3_SSE
+    fi
   else
     AWS_REGION="us-east-1"
     BUCKET_NAME="dbwal"
diff --git a/rootfs/patcher-script.d/patch_wal_e_s3.py b/rootfs/patcher-script.d/patch_wal_e_s3.py
index 1b2d4ea..fd248b3 100644
--- a/rootfs/patcher-script.d/patch_wal_e_s3.py
+++ b/rootfs/patcher-script.d/patch_wal_e_s3.py
@@ -7,10 +7,10 @@ def wrap_uri_put_file(creds, uri, fp, content_type=None, conn=None):
         k = s3_util._uri_to_key(creds, uri, conn=conn)
         if content_type is not None:
             k.content_type = content_type
+        encrypt_key = False
         if os.getenv('DATABASE_STORAGE') == 's3':
-            encrypt_key=True
-        else:
-            encrypt_key=False
+            if os.getenv('WALE_S3_SSE', 'false') == 'true':
+                encrypt_key = True
         k.set_contents_from_file(fp, encrypt_key=encrypt_key)
         return k
     s3.uri_put_file = wrap_uri_put_file