git.apps.os.sepia.ceph.com Git

author	Marcus Watts <mwatts@redhat.com>
	Sat, 18 Dec 2021 04:13:09 +0000 (23:13 -0500)
committer	Marcus Watts <mwatts@redhat.com>
	Thu, 12 May 2022 07:33:41 +0000 (03:33 -0400)
commit	0318a086f508ed7f9028d48e8b98e4b2f458a51f
tree	401179cf7769a3c31e6a9b8bcf669a2f9970958e	tree \| snapshot
parent	86015e9f8a3998703d939adb004ae6ee7c8e7919	commit \| diff

rgw/sse-s3: various improvements.

1. sse-s3 should not require bucketencryption policy, work w/ postobj
2. make bucket key name configurable
3. +rgw_remove_sse_s3_bucket_key

1. for sse-s3 should not require bucketencryption policy, work w/ postobj
get_crypt_attribute ->
using s->info.crypt_attribute_map instead of s->env to avoid havoing
to know about HTTP_X_AMZ_SERVER_SIDE_ENCRYPTION_CUSTOMER_ALGORITHM names,
crypt_attribute_get -> crypt_attributes.get
to consolidate crypt attribute sources
rework sse-s3 logic: sse-s3 can be specified entirely in the rest call,
so remove requirement that bucket has bucket encryption policy.
also avoid term "default encryption", prefer term "test key".

2. for make bucket key name configurable:
With this modification, sse-s3 key names default to being
the bucket id, but can be configured to instead consist
of the owners name, a fixed string, or variations thereof.

3. +rgw_remove_sse_s3_bucket_key
For sse-s3, keys are supposed to be managed entirely by s3.
This means when a bucket is removed, we should be removing its key,
which should no longer be in use for anything. This is only safe
if the key was constructed using "%bucket_id", otherwise it might be
used in another bucket and we can never remove it automatically.

Signed-off-by: Marcus Watts <mwatts@redhat.com>
(cherry picked from commit 55daff7ae0aec48ea2210592ebcbaa2d8f397245)

src/rgw/rgw_crypt.cc		diff \| blob \| history
src/rgw/rgw_crypt.h		diff \| blob \| history
src/rgw/rgw_op.cc		diff \| blob \| history