From a1513efe21af694e04db466a4d1d63cfd857876e Mon Sep 17 00:00:00 2001
From: Jeegn Chen <jeegnchen@gmail.com>
Date: Tue, 6 Mar 2018 13:20:07 +0800
Subject: [PATCH] rgw: reject encrypted object COPY before supported

Current implementation does not follow S3 spec and even
may result in data corruption silently when copying
multipart objects accorss pools. So reject COPY operations
on encrypted objects before it is fully functional.

Fixes: http://tracker.ceph.com/issues/23232
Signed-off-by: Jeegn Chen <jeegnchen@gmail.com>
---
 src/rgw/rgw_rados.cc | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/src/rgw/rgw_rados.cc b/src/rgw/rgw_rados.cc
index 9594a54056d0b..d0e1298be0a68 100644
--- a/src/rgw/rgw_rados.cc
+++ b/src/rgw/rgw_rados.cc
@@ -8097,6 +8097,15 @@ int RGWRados::copy_obj(RGWObjectCtx& obj_ctx,
   if (ret < 0) {
     return ret;
   }
+  if (src_attrs.count(RGW_ATTR_CRYPT_MODE)) {
+    // Current implementation does not follow S3 spec and even
+    // may result in data corruption silently when copying
+    // multipart objects acorss pools. So reject COPY operations
+    //on encrypted objects before it is fully functional.
+    ldout(cct, 0) << "ERROR: copy op for encrypted object " << src_obj
+                  << " has not been implemented." << dendl;
+    return -ERR_NOT_IMPLEMENTED;
+  }
 
   src_attrs[RGW_ATTR_ACL] = attrs[RGW_ATTR_ACL];
   src_attrs.erase(RGW_ATTR_DELETE_AT);
-- 
2.39.5