From: Casey Bodley <cbodley@users.noreply.github.com>
Date: Thu, 4 Nov 2021 16:07:05 +0000 (-0400)
Subject: Merge pull request #37184 from ybwang0211/KMSMSMSMS_return_error_message
X-Git-Tag: v17.1.0~514
X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=79a784bde43d4908a93125610234e5ad00cdd96c;p=ceph.git

Merge pull request #37184 from ybwang0211/KMSMSMSMS_return_error_message

rgw:When KMS encryption is used and the key does not exist, we should…

Reviewed-by: Casey Bodley <cbodley@redhat.com>
Reviewed-by: J. Eric Ivancich <ivancich@redhat.com>
---

79a784bde43d4908a93125610234e5ad00cdd96c
diff --cc src/rgw/rgw_crypt.cc
index 373f36eea1b,3a040da942c..b977e77cecb
--- a/src/rgw/rgw_crypt.cc
+++ b/src/rgw/rgw_crypt.cc
@@@ -1040,10 -779,10 +1040,10 @@@ int rgw_s3_prepare_encrypt(struct req_s
  	std::string_view key_id =
            get_crypt_attribute(s->info.env, parts, X_AMZ_SERVER_SIDE_ENCRYPTION_AWS_KMS_KEY_ID);
  	if (key_id.empty()) {
 -	  ldout(s->cct, 5) << "ERROR: not provide a valid key id" << dendl;
 +	  ldpp_dout(s, 5) << "ERROR: not provide a valid key id" << dendl;
  	  s->err.message = "Server Side Encryption with KMS managed key requires "
  	    "HTTP header x-amz-server-side-encryption-aws-kms-key-id";
- 	  return -ERR_INVALID_ACCESS_KEY;
+ 	  return -EINVAL;
  	}
  	/* try to retrieve actual key */
  	std::string key_selector = create_random_key_selector(s->cct);
@@@ -1059,14 -794,17 +1059,14 @@@
  	  return res;
  	}
  	if (actual_key.size() != AES_256_KEYSIZE) {
 -	  ldout(s->cct, 5) << "ERROR: key obtained from key_id:" <<
 +	  ldpp_dout(s, 5) << "ERROR: key obtained from key_id:" <<
              key_id << " is not 256 bit size" << dendl;
  	  s->err.message = "KMS provided an invalid key for the given kms-keyid.";
- 	  return -ERR_INVALID_ACCESS_KEY;
+ 	  return -EINVAL;
  	}
 -	set_attr(attrs, RGW_ATTR_CRYPT_MODE, "SSE-KMS");
 -	set_attr(attrs, RGW_ATTR_CRYPT_KEYID, key_id);
 -	set_attr(attrs, RGW_ATTR_CRYPT_KEYSEL, key_selector);
  
  	if (block_crypt) {
 -	  auto aes = std::unique_ptr<AES_256_CBC>(new AES_256_CBC(s->cct));
 +	  auto aes = std::unique_ptr<AES_256_CBC>(new AES_256_CBC(s, s->cct));
  	  aes->set_key(reinterpret_cast<const uint8_t*>(actual_key.c_str()), AES_256_KEYSIZE);
  	  *block_crypt = std::move(aes);
  	}