feat(wal-e): add WALE_S3_SSE environment variable

Author: duanhongyi

charts/database/templates/database-deployment.yaml

@@ -41,6 +41,10 @@ spec:
               value: "{{.Values.global.storage}}"
             - name: PGCTLTIMEOUT
               value: "{{.Values.postgres.timeout}}"
+{{- if eq .Values.global.storage "s3" }}
+            - name: S3_SSE
+              value: "{{.Values.s3.use_sse}}"
+{{- end}}
           lifecycle:
             preStop:
               exec:

rootfs/docker-entrypoint-initdb.d/001_setup_envdir.sh

@@ -17,6 +17,11 @@ if [[ "$DATABASE_STORAGE" == "s3" || "$DATABASE_STORAGE" == "minio" ]]; then
     else
       echo "https+path://s3-${AWS_REGION}.amazonaws.com:443" > WALE_S3_ENDPOINT
     fi
+    if [[ $S3_SSE ]]; then
+      echo $S3_SSE > WALE_S3_SSE
+    else
+      echo "false" > WALE_S3_SSE
+    fi
   else
     AWS_REGION="us-east-1"
     BUCKET_NAME="dbwal"

rootfs/patcher-script.d/patch_wal_e_s3.py

@@ -7,10 +7,10 @@ def wrap_uri_put_file(creds, uri, fp, content_type=None, conn=None):
         k = s3_util._uri_to_key(creds, uri, conn=conn)
         if content_type is not None:
             k.content_type = content_type
+        encrypt_key = False
         if os.getenv('DATABASE_STORAGE') == 's3':
-            encrypt_key=True
-        else:
-            encrypt_key=False
+            if os.getenv('WALE_S3_SSE', 'false') == 'true':
+                encrypt_key = True
         k.set_contents_from_file(fp, encrypt_key=encrypt_key)
         return k
     s3.uri_put_file = wrap_uri_put_file