From: Seena Fallah <seenafallah@gmail.com>
Date: Mon, 16 Jun 2025 10:31:41 +0000 (+0300)
Subject: rgw: expose copy_source from rgw_s3_prepare_decrypt
X-Git-Tag: testing/wip-vshankar-testing-20260219.051425~1^2~4^2~4
X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=8ceb9b515e38eb22039403ff4cf94d5caca881ce;p=ceph-ci.git

rgw: expose copy_source from rgw_s3_prepare_decrypt

Co-authored-by: Marcus Watts <mwatts@redhat.com>
Signed-off-by: Seena Fallah <seenafallah@gmail.com>
---

diff --git a/src/rgw/rgw_crypt.cc b/src/rgw/rgw_crypt.cc
index 3b027d58b43..8e8ffc2d869 100644
--- a/src/rgw/rgw_crypt.cc
+++ b/src/rgw/rgw_crypt.cc
@@ -1314,10 +1314,9 @@ int rgw_s3_prepare_encrypt(req_state* s, optional_yield y,
 int rgw_s3_prepare_decrypt(req_state* s, optional_yield y,
                            map<string, bufferlist>& attrs,
                            std::unique_ptr<BlockCrypt>* block_crypt,
-                           std::map<std::string, std::string>* crypt_http_responses)
+                           std::map<std::string, std::string>* crypt_http_responses,
+                           bool copy_source)
 {
-  const bool copy_source = s->src_object != nullptr;
-
   int res = 0;
   std::string stored_mode = get_str_attribute(attrs, RGW_ATTR_CRYPT_MODE);
   ldpp_dout(s, 15) << "Encryption mode: " << stored_mode << dendl;
diff --git a/src/rgw/rgw_crypt.h b/src/rgw/rgw_crypt.h
index c5721ec5536..beba77c0994 100644
--- a/src/rgw/rgw_crypt.h
+++ b/src/rgw/rgw_crypt.h
@@ -156,8 +156,8 @@ int rgw_s3_prepare_encrypt(req_state* s, optional_yield y,
 int rgw_s3_prepare_decrypt(req_state* s, optional_yield y,
                            std::map<std::string, ceph::bufferlist>& attrs,
                            std::unique_ptr<BlockCrypt>* block_crypt,
-                           std::map<std::string,
-                                    std::string>* crypt_http_responses);
+                           std::map<std::string, std::string>* crypt_http_responses,
+                           bool copy_source);
 
 static inline void set_attr(std::map<std::string, bufferlist>& attrs,
                             const char* key,
diff --git a/src/rgw/rgw_op.cc b/src/rgw/rgw_op.cc
index 0d14f44193d..a0a6068ae78 100644
--- a/src/rgw/rgw_op.cc
+++ b/src/rgw/rgw_op.cc
@@ -5802,9 +5802,10 @@ public:
     // decrypt
     if (src_encrypted) {
       auto attr_iter = s->src_object->get_attrs().find(RGW_ATTR_MANIFEST);
+      static constexpr bool copy_source = true;
       ret = get_decrypt_filter(&decrypt, filter, s, s->src_object->get_attrs(),
                                attr_iter != s->src_object->get_attrs().end() ? &attr_iter->second : nullptr,
-                               nullptr);
+                               nullptr, copy_source);
       if (ret < 0) {
         return ret;
       }
@@ -9962,11 +9963,12 @@ int get_decrypt_filter(
   req_state* s,
   std::map<std::string, bufferlist>& attrs,
   bufferlist* manifest_bl,
-  std::map<std::string, std::string>* crypt_http_responses)
+  std::map<std::string, std::string>* crypt_http_responses,
+  bool copy_source)
 {
   std::unique_ptr<BlockCrypt> block_crypt;
   int res = rgw_s3_prepare_decrypt(s, s->yield, attrs, &block_crypt,
-                                   crypt_http_responses);
+                                   crypt_http_responses, copy_source);
   if (res < 0) {
     return res;
   }
diff --git a/src/rgw/rgw_op.h b/src/rgw/rgw_op.h
index 5dac376e018..2fbcb55bed9 100644
--- a/src/rgw/rgw_op.h
+++ b/src/rgw/rgw_op.h
@@ -2906,4 +2906,5 @@ int get_decrypt_filter(
   req_state* s,
   std::map<std::string, bufferlist>& attrs,
   bufferlist* manifest_bl,
-  std::map<std::string, std::string>* crypt_http_responses);
+  std::map<std::string, std::string>* crypt_http_responses,
+  bool copy_source);
diff --git a/src/rgw/rgw_rest_s3.cc b/src/rgw/rgw_rest_s3.cc
index c5b05107069..026d418f8e1 100644
--- a/src/rgw/rgw_rest_s3.cc
+++ b/src/rgw/rgw_rest_s3.cc
@@ -783,7 +783,8 @@ int RGWGetObj_ObjStore_S3::get_decrypt_filter(std::unique_ptr<RGWGetObj_Filter>
     return 0;
   }
 
-  return ::get_decrypt_filter(filter, cb, s, attrs, manifest_bl, &crypt_http_responses);
+  static constexpr bool copy_source = false;
+  return ::get_decrypt_filter(filter, cb, s, attrs, manifest_bl, &crypt_http_responses, copy_source);
 }
 
 int RGWGetObj_ObjStore_S3::verify_requester(const rgw::auth::StrategyRegistry& auth_registry, optional_yield y) 
@@ -3014,7 +3015,8 @@ int RGWPutObj_ObjStore_S3::get_decrypt_filter(
     map<string, bufferlist>& attrs,
     bufferlist* manifest_bl)
 {
-  return ::get_decrypt_filter(filter, cb, s, attrs, manifest_bl, nullptr);
+  static constexpr bool copy_source = true;
+  return ::get_decrypt_filter(filter, cb, s, attrs, manifest_bl, nullptr, copy_source);
 }
 
 int RGWPutObj_ObjStore_S3::get_encrypt_filter(
@@ -3033,8 +3035,9 @@ int RGWPutObj_ObjStore_S3::get_encrypt_filter(
       std::unique_ptr<BlockCrypt> block_crypt;
       /* We are adding to existing object.
        * We use crypto mode that configured as if we were decrypting. */
+      static constexpr bool copy_source = false;
       res = rgw_s3_prepare_decrypt(s, s->yield, obj->get_attrs(),
-                                   &block_crypt, &crypt_http_responses);
+                                   &block_crypt, &crypt_http_responses, copy_source);
       if (res == 0 && block_crypt != nullptr)
         filter->reset(new RGWPutObj_BlockEncrypt(s, s->cct, cb, std::move(block_crypt), s->yield));
     }
@@ -4033,9 +4036,9 @@ int RGWGetObjAttrs_ObjStore_S3::get_decrypt_filter(
   //
   // in the SSE-KMS and SSE-S3 cases, this unfortunately causes us to fetch
   // decryption keys which we don't need :(
-  std::unique_ptr<BlockCrypt> block_crypt; // ignored
-  return rgw_s3_prepare_decrypt(s, s->yield, attrs, &block_crypt,
-                                nullptr);
+  static constexpr bool copy_source = false;
+  return rgw_s3_prepare_decrypt(s, s->yield, attrs, nullptr,
+                                nullptr, copy_source);
 }
 
 void RGWGetObjAttrs_ObjStore_S3::send_response()