rgw: expose copy_source from rgw_s3_prepare_decrypt

Co-authored-by: Marcus Watts <mwatts@redhat.com>
Signed-off-by: Seena Fallah <seenafallah@gmail.com>

diff --git a/src/rgw/rgw_crypt.cc b/src/rgw/rgw_crypt.cc
index 3b027d58b4315c17b71b34c5847499b876ef5573..8e8ffc2d8693a800827e2a66773320a045eda8ab 100644 (file)
--- a/src/rgw/rgw_crypt.cc
+++ b/src/rgw/rgw_crypt.cc
@@ -1314,10 +1314,9 @@ int rgw_s3_prepare_encrypt(req_state* s, optional_yield y,
 int rgw_s3_prepare_decrypt(req_state* s, optional_yield y,
                            map<string, bufferlist>& attrs,
                            std::unique_ptr<BlockCrypt>* block_crypt,
-                           std::map<std::string, std::string>* crypt_http_responses)
+                           std::map<std::string, std::string>* crypt_http_responses,
+                           bool copy_source)
 {
-  const bool copy_source = s->src_object != nullptr;
-
   int res = 0;
   std::string stored_mode = get_str_attribute(attrs, RGW_ATTR_CRYPT_MODE);
   ldpp_dout(s, 15) << "Encryption mode: " << stored_mode << dendl;

diff --git a/src/rgw/rgw_crypt.h b/src/rgw/rgw_crypt.h
index c5721ec55362c7a436a63b17a18c2be651dd5079..beba77c0994085431b217aa5843a50c3aa87f0ec 100644 (file)
--- a/src/rgw/rgw_crypt.h
+++ b/src/rgw/rgw_crypt.h
@@ -156,8 +156,8 @@ int rgw_s3_prepare_encrypt(req_state* s, optional_yield y,
 int rgw_s3_prepare_decrypt(req_state* s, optional_yield y,
                            std::map<std::string, ceph::bufferlist>& attrs,
                            std::unique_ptr<BlockCrypt>* block_crypt,
-                           std::map<std::string,
-                                    std::string>* crypt_http_responses);
+                           std::map<std::string, std::string>* crypt_http_responses,
+                           bool copy_source);
 
 static inline void set_attr(std::map<std::string, bufferlist>& attrs,
                             const char* key,

diff --git a/src/rgw/rgw_op.cc b/src/rgw/rgw_op.cc
index 0d14f44193de9877918e26d33a024e33eed6e1a5..a0a6068ae78a11f9a809b772367ea7acd664dee0 100644 (file)
--- a/src/rgw/rgw_op.cc
+++ b/src/rgw/rgw_op.cc
@@ -5802,9 +5802,10 @@ public:
     // decrypt
     if (src_encrypted) {
       auto attr_iter = s->src_object->get_attrs().find(RGW_ATTR_MANIFEST);
+      static constexpr bool copy_source = true;
       ret = get_decrypt_filter(&decrypt, filter, s, s->src_object->get_attrs(),
                                attr_iter != s->src_object->get_attrs().end() ? &attr_iter->second : nullptr,
-                               nullptr);
+                               nullptr, copy_source);
       if (ret < 0) {
         return ret;
       }
@@ -9962,11 +9963,12 @@ int get_decrypt_filter(
   req_state* s,
   std::map<std::string, bufferlist>& attrs,
   bufferlist* manifest_bl,
-  std::map<std::string, std::string>* crypt_http_responses)
+  std::map<std::string, std::string>* crypt_http_responses,
+  bool copy_source)
 {
   std::unique_ptr<BlockCrypt> block_crypt;
   int res = rgw_s3_prepare_decrypt(s, s->yield, attrs, &block_crypt,
-                                   crypt_http_responses);
+                                   crypt_http_responses, copy_source);
   if (res < 0) {
     return res;
   }

diff --git a/src/rgw/rgw_op.h b/src/rgw/rgw_op.h
index 5dac376e018bc9b91489db8cd69f6a0cc17a8d73..2fbcb55bed9f74f55cc9cbb2e9d205ec808f4c5e 100644 (file)
--- a/src/rgw/rgw_op.h
+++ b/src/rgw/rgw_op.h
@@ -2906,4 +2906,5 @@ int get_decrypt_filter(
   req_state* s,
   std::map<std::string, bufferlist>& attrs,
   bufferlist* manifest_bl,
-  std::map<std::string, std::string>* crypt_http_responses);
+  std::map<std::string, std::string>* crypt_http_responses,
+  bool copy_source);

diff --git a/src/rgw/rgw_rest_s3.cc b/src/rgw/rgw_rest_s3.cc
index c5b05107069ced7be5279fcefdc77a7d13c546ef..026d418f8e1e1ed44ea04c315317d169dfdcd901 100644 (file)
--- a/src/rgw/rgw_rest_s3.cc
+++ b/src/rgw/rgw_rest_s3.cc
@@ -783,7 +783,8 @@ int RGWGetObj_ObjStore_S3::get_decrypt_filter(std::unique_ptr<RGWGetObj_Filter>
     return 0;
   }
 
-  return ::get_decrypt_filter(filter, cb, s, attrs, manifest_bl, &crypt_http_responses);
+  static constexpr bool copy_source = false;
+  return ::get_decrypt_filter(filter, cb, s, attrs, manifest_bl, &crypt_http_responses, copy_source);
 }
 
 int RGWGetObj_ObjStore_S3::verify_requester(const rgw::auth::StrategyRegistry& auth_registry, optional_yield y) 
@@ -3014,7 +3015,8 @@ int RGWPutObj_ObjStore_S3::get_decrypt_filter(
     map<string, bufferlist>& attrs,
     bufferlist* manifest_bl)
 {
-  return ::get_decrypt_filter(filter, cb, s, attrs, manifest_bl, nullptr);
+  static constexpr bool copy_source = true;
+  return ::get_decrypt_filter(filter, cb, s, attrs, manifest_bl, nullptr, copy_source);
 }
 
 int RGWPutObj_ObjStore_S3::get_encrypt_filter(
@@ -3033,8 +3035,9 @@ int RGWPutObj_ObjStore_S3::get_encrypt_filter(
       std::unique_ptr<BlockCrypt> block_crypt;
       /* We are adding to existing object.
        * We use crypto mode that configured as if we were decrypting. */
+      static constexpr bool copy_source = false;
       res = rgw_s3_prepare_decrypt(s, s->yield, obj->get_attrs(),
-                                   &block_crypt, &crypt_http_responses);
+                                   &block_crypt, &crypt_http_responses, copy_source);
       if (res == 0 && block_crypt != nullptr)
         filter->reset(new RGWPutObj_BlockEncrypt(s, s->cct, cb, std::move(block_crypt), s->yield));
     }
@@ -4033,9 +4036,9 @@ int RGWGetObjAttrs_ObjStore_S3::get_decrypt_filter(
   //
   // in the SSE-KMS and SSE-S3 cases, this unfortunately causes us to fetch
   // decryption keys which we don't need :(
-  std::unique_ptr<BlockCrypt> block_crypt; // ignored
-  return rgw_s3_prepare_decrypt(s, s->yield, attrs, &block_crypt,
-                                nullptr);
+  static constexpr bool copy_source = false;
+  return rgw_s3_prepare_decrypt(s, s->yield, attrs, nullptr,
+                                nullptr, copy_source);
 }
 
 void RGWGetObjAttrs_ObjStore_S3::send_response()