Merge pull request #18442 from theanalyst/wip-21637-luminous

author Abhishek L <abhishek.lekshmanan@gmail.com>

Fri, 27 Oct 2017 14:48:54 +0000 (16:48 +0200)

committer GitHub <noreply@github.com>

Fri, 27 Oct 2017 14:48:54 +0000 (16:48 +0200)
author Abhishek L <abhishek.lekshmanan@gmail.com>
Fri, 27 Oct 2017 14:48:54 +0000 (16:48 +0200)
committer GitHub <noreply@github.com>
Fri, 27 Oct 2017 14:48:54 +0000 (16:48 +0200)
diff --cc src/rgw/rgw_crypt.cc

index 009cbd1def1b2b38e1b0790d0e3b480af60304a6,b467d578cf180798d49cacf59fdf097dee1bda95..81a84ad698af6939832aa81fd9badabc8efbeee4
--- 1/src/rgw/rgw_crypt.cc
--- 2/src/rgw/rgw_crypt.cc
+++ b/src/rgw/rgw_crypt.cc
@@@ -1181,18 -1108,10 +1181,21 @@@ int rgw_s3_prepare_encrypt(struct req_s
           *block_crypt = std::move(aes);
         }
         actual_key.replace(0, actual_key.length(), actual_key.length(), '\000');
+ 
+       crypt_http_responses["x-amz-server-side-encryption"] = "aws:kms";
+       crypt_http_responses["x-amz-server-side-encryption-aws-kms-key-id"] = key_id.to_string();
         return 0;
+ +    } else {
+ +      boost::string_view key_id =
+ +          get_crypt_attribute(s->info.env, parts, X_AMZ_SERVER_SIDE_ENCRYPTION_AWS_KMS_KEY_ID);
+ +      if (!key_id.empty()) {
+ +        ldout(s->cct, 5) << "ERROR: SSE-KMS encryption request is missing the header "
+ +                         << "x-amz-server-side-encryption"
+ +                         << dendl;
+ +        s->err.message = "Server Side Encryption with KMS managed key requires "
+ +                         "HTTP header x-amz-server-side-encryption : aws:kms";
+ +        return -EINVAL;
+ +      }
       }
   
       /* no other encryption mode, check if default encryption is selected */
author	Abhishek L <abhishek.lekshmanan@gmail.com>
	Fri, 27 Oct 2017 14:48:54 +0000 (16:48 +0200)
committer	GitHub <noreply@github.com>
	Fri, 27 Oct 2017 14:48:54 +0000 (16:48 +0200)