From: wangyingbin <wangyingbin@inspur.com>
Date: Wed, 16 Sep 2020 07:15:45 +0000 (+0800)
Subject: rgw:When KMS encryption is used and the key does not exist, we should not throw ERR_... 
X-Git-Tag: v16.2.8~100^2
X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=eada6b4636fbd9e73ddd85a95021fdcd60a40253;p=ceph.git

rgw:When KMS encryption is used and the key does not exist, we should not throw ERR_ INVALID_ ACCESS_ Key error code.

When kms encryption is used, the key_id is null or the actual_key size is wrong, we should not throw "ERR_INVALID_ACCESS_KEY " error code, instead of "EINVAL"error code, is used to indicate parameter error.

Signed-off-by: wangyingbin <wangyingbin@inspur.com>
(cherry picked from commit 40dbc29984d67a3f4946a0b30d53f3db19952bf0)
---

diff --git a/src/rgw/rgw_crypt.cc b/src/rgw/rgw_crypt.cc
index 2c4275a94801..08837d39ef2a 100644
--- a/src/rgw/rgw_crypt.cc
+++ b/src/rgw/rgw_crypt.cc
@@ -1035,7 +1035,7 @@ int rgw_s3_prepare_encrypt(struct req_state* s,
 	  ldpp_dout(s, 5) << "ERROR: not provide a valid key id" << dendl;
 	  s->err.message = "Server Side Encryption with KMS managed key requires "
 	    "HTTP header x-amz-server-side-encryption-aws-kms-key-id";
-	  return -ERR_INVALID_ACCESS_KEY;
+	  return -EINVAL;
 	}
 	/* try to retrieve actual key */
 	std::string key_selector = create_random_key_selector(s->cct);
@@ -1054,7 +1054,7 @@ int rgw_s3_prepare_encrypt(struct req_state* s,
 	  ldpp_dout(s, 5) << "ERROR: key obtained from key_id:" <<
             key_id << " is not 256 bit size" << dendl;
 	  s->err.message = "KMS provided an invalid key for the given kms-keyid.";
-	  return -ERR_INVALID_ACCESS_KEY;
+	  return -EINVAL;
 	}
 
 	if (block_crypt) {