]> git.apps.os.sepia.ceph.com Git - ceph.git/commitdiff
projects / ceph.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | combined (merge: 85055e8 f0b88e5)
Merge pull request #17882 from ZVampirEM77/wip-rgw-encryption
authorMatt Benjamin <mbenjamin@redhat.com>
Tue, 10 Oct 2017 18:56:08 +0000 (14:56 -0400)
committerGitHub <noreply@github.com>
Tue, 10 Oct 2017 18:56:08 +0000 (14:56 -0400)
rgw: clean up and fix some bugs for encryption

1  2 
src/rgw/rgw_common.cc patch | diff1 | diff2 | blob | history
src/rgw/rgw_common.h patch | diff1 | diff2 | blob | history
src/rgw/rgw_crypt.cc patch | diff1 | diff2 | blob | history

diff --cc src/rgw/rgw_common.cc
Simple merge
diff --cc src/rgw/rgw_common.h
Simple merge
diff --cc src/rgw/rgw_crypt.cc
index 1af9782bd38a462bd429e5a62fb58933ac082be3,18cdc6e2b44070a9a19ade443643fd544d529434..a759e0097d07d9b941536601863ccac4db3119ec
--- 1/src/rgw/rgw_crypt.cc
--- 2/src/rgw/rgw_crypt.cc
+++ b/src/rgw/rgw_crypt.cc
@@@ -1105,10 -1178,18 +1178,21 @@@ int rgw_s3_prepare_encrypt(struct req_s
          *block_crypt = std::move(aes);
        }
        actual_key.replace(0, actual_key.length(), actual_key.length(), '\000');
 +
 +      crypt_http_responses["x-amz-server-side-encryption"] = "aws:kms";
 +      crypt_http_responses["x-amz-server-side-encryption-aws-kms-key-id"] = key_id.to_string();
        return 0;
+     } else {
+       boost::string_view key_id =
+           get_crypt_attribute(s->info.env, parts, X_AMZ_SERVER_SIDE_ENCRYPTION_AWS_KMS_KEY_ID);
+       if (!key_id.empty()) {
+         ldout(s->cct, 5) << "ERROR: SSE-KMS encryption request is missing the header "
+                          << "x-amz-server-side-encryption"
+                          << dendl;
+         s->err.message = "Server Side Encryption with KMS managed key requires "
+                          "HTTP header x-amz-server-side-encryption : aws:kms";
+         return -EINVAL;
+       }
      }
  
      /* no other encryption mode, check if default encryption is selected */
Unnamed repository; edit this file 'description' to name the repository.