rgw/sse-s3: bucketencryption should not generate bucket key names.

It is possible to request and use sse-s3 without setting bucketencryption policy
Therefore, logic to manage per-bucket keys belongs elsewhere.

Signed-off-by: Marcus Watts <mwatts@redhat.com>

diff --git a/src/rgw/rgw_op.cc b/src/rgw/rgw_op.cc
index 575820decf79fa17555c6d220feb8b8d223f6080..ef5e8eb69f2d03f101716a2c827aae9dff9d6199 100644 (file)
--- a/src/rgw/rgw_op.cc
+++ b/src/rgw/rgw_op.cc
@@ -52,7 +52,6 @@
 #include "rgw_notify_event_type.h"
 #include "rgw_sal.h"
 #include "rgw_sal_rados.h"
-#include "rgw_kms.h"
 
 #include "services/svc_zone.h"
 #include "services/svc_quota.h"
@@ -8689,24 +8688,11 @@ void RGWPutBucketEncryption::execute(optional_yield y)
     return;
   }
 
-  bufferlist key_id_bl;
-  string bucket_owner_id = s->bucket->get_info().owner.id;
-  key_id_bl.append(bucket_owner_id.c_str(), bucket_owner_id.size() + 1);
-
-  /* Generating KEK on the vault */
-  ldpp_dout(this, 5) << "Generating KEK: " << bucket_owner_id << dendl;
-  op_ret = generate_kek_sse_s3(s->cct, bucket_owner_id);
-  if (op_ret < 0) {
-    ldpp_dout(this, 20) << "Generate KEK returned =" << op_ret << dendl;
-    return;
-  }
-
   bufferlist conf_bl;
   bucket_encryption_conf.encode(conf_bl);
-  op_ret = retry_raced_bucket_write(this, s->bucket.get(), [this, y, &conf_bl, &key_id_bl] {
+  op_ret = retry_raced_bucket_write(this, s->bucket.get(), [this, y, &conf_bl] {
     rgw::sal::Attrs attrs = s->bucket->get_attrs();
     attrs[RGW_ATTR_BUCKET_ENCRYPTION_POLICY] = conf_bl;
-    attrs[RGW_ATTR_BUCKET_ENCRYPTION_KEY_ID] = key_id_bl;
     return s->bucket->merge_and_store_attrs(this, attrs, y);
   });
 }