From: Matt Benjamin <mbenjamin@redhat.com>
Date: Tue, 10 Oct 2017 18:56:08 +0000 (-0400)
Subject: Merge pull request #17882 from ZVampirEM77/wip-rgw-encryption
X-Git-Tag: v13.0.1~617
X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=65b7543390c8ee2a797bc559a64c61e35dd77cf6;p=ceph-ci.git

Merge pull request #17882 from ZVampirEM77/wip-rgw-encryption

rgw: clean up and fix some bugs for encryption
---

65b7543390c8ee2a797bc559a64c61e35dd77cf6
diff --cc src/rgw/rgw_crypt.cc
index 1af9782bd38,18cdc6e2b44..a759e0097d0
--- a/src/rgw/rgw_crypt.cc
+++ b/src/rgw/rgw_crypt.cc
@@@ -1105,10 -1178,18 +1178,21 @@@ int rgw_s3_prepare_encrypt(struct req_s
          *block_crypt = std::move(aes);
        }
        actual_key.replace(0, actual_key.length(), actual_key.length(), '\000');
 +
 +      crypt_http_responses["x-amz-server-side-encryption"] = "aws:kms";
 +      crypt_http_responses["x-amz-server-side-encryption-aws-kms-key-id"] = key_id.to_string();
        return 0;
+     } else {
+       boost::string_view key_id =
+           get_crypt_attribute(s->info.env, parts, X_AMZ_SERVER_SIDE_ENCRYPTION_AWS_KMS_KEY_ID);
+       if (!key_id.empty()) {
+         ldout(s->cct, 5) << "ERROR: SSE-KMS encryption request is missing the header "
+                          << "x-amz-server-side-encryption"
+                          << dendl;
+         s->err.message = "Server Side Encryption with KMS managed key requires "
+                          "HTTP header x-amz-server-side-encryption : aws:kms";
+         return -EINVAL;
+       }
      }
  
      /* no other encryption mode, check if default encryption is selected */