From: Abhishek L <abhishek.lekshmanan@gmail.com>
Date: Fri, 27 Oct 2017 14:48:54 +0000 (+0200)
Subject: Merge pull request #18442 from theanalyst/wip-21637-luminous
X-Git-Tag: v12.2.2~94
X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=cf621f8b4e8138284843f6d979aca61651a854bd;p=ceph.git

Merge pull request #18442 from theanalyst/wip-21637-luminous

luminous: encryption: PutObj response does not include sse-kms headers

Reviewed-By: Casey Bodley <cbodley@redhat.com>
Reviewed-By: Matt Benjamin <mbenjamin@redhat.com>
---

cf621f8b4e8138284843f6d979aca61651a854bd
diff --cc src/rgw/rgw_crypt.cc
index 009cbd1def1b,b467d578cf18..81a84ad698af
--- a/src/rgw/rgw_crypt.cc
+++ b/src/rgw/rgw_crypt.cc
@@@ -1181,18 -1108,10 +1181,21 @@@ int rgw_s3_prepare_encrypt(struct req_s
          *block_crypt = std::move(aes);
        }
        actual_key.replace(0, actual_key.length(), actual_key.length(), '\000');
+ 
+       crypt_http_responses["x-amz-server-side-encryption"] = "aws:kms";
+       crypt_http_responses["x-amz-server-side-encryption-aws-kms-key-id"] = key_id.to_string();
        return 0;
 +    } else {
 +      boost::string_view key_id =
 +          get_crypt_attribute(s->info.env, parts, X_AMZ_SERVER_SIDE_ENCRYPTION_AWS_KMS_KEY_ID);
 +      if (!key_id.empty()) {
 +        ldout(s->cct, 5) << "ERROR: SSE-KMS encryption request is missing the header "
 +                         << "x-amz-server-side-encryption"
 +                         << dendl;
 +        s->err.message = "Server Side Encryption with KMS managed key requires "
 +                         "HTTP header x-amz-server-side-encryption : aws:kms";
 +        return -EINVAL;
 +      }
      }
  
      /* no other encryption mode, check if default encryption is selected */