return;
}
+ op_ret = rgw_remove_sse_s3_bucket_key(s);
+ if (op_ret != 0) {
+ // do nothing; it will already have been logged
+ }
+
op_ret = s->bucket->remove_bucket(this, false, false, nullptr, y);
if (op_ret < 0 && op_ret == -ECANCELED) {
// lost a race, either with mdlog sync or another delete bucket operation.
constexpr auto encrypt_attr = "x-amz-server-side-encryption";
constexpr auto s3_encrypt_attr = "s3:x-amz-server-side-encryption";
- auto enc_header = s->info.x_meta_map.find(encrypt_attr);
- if (enc_header != s->info.x_meta_map.end()){
+ auto enc_header = s->info.crypt_attribute_map.find(encrypt_attr);
+ if (enc_header != s->info.crypt_attribute_map.end()){
rgw_add_to_iam_environment(s->env, s3_encrypt_attr, enc_header->second);
}
constexpr auto kms_attr = "x-amz-server-side-encryption-aws-kms-key-id";
constexpr auto s3_kms_attr = "s3:x-amz-server-side-encryption-aws-kms-key-id";
- auto kms_header = s->info.x_meta_map.find(kms_attr);
- if (kms_header != s->info.x_meta_map.end()){
+ auto kms_header = s->info.crypt_attribute_map.find(kms_attr);
+ if (kms_header != s->info.crypt_attribute_map.end()){
rgw_add_to_iam_environment(s->env, s3_kms_attr, kms_header->second);
}
return;
}
- if(bucket_encryption_conf.kms_master_key_id().compare("") != 0) {
- ldpp_dout(this, 5) << "encryption not supported with sse-kms" << dendl;
- op_ret = -ERR_NOT_IMPLEMENTED;
- s->err.message = "SSE-KMS support is not provided";
- return;
- }
-
- if(bucket_encryption_conf.sse_algorithm().compare("AES256") != 0) {
- ldpp_dout(this, 5) << "only aes256 algorithm is supported for encryption" << dendl;
- op_ret = -ERR_NOT_IMPLEMENTED;
- s->err.message = "Encryption is supported only with AES256 algorithm";
- return;
- }
-
op_ret = store->forward_request_to_master(this, s->user.get(), nullptr, data, nullptr, s->info, y);
if (op_ret < 0) {
ldpp_dout(this, 20) << "forward_request_to_master returned ret=" << op_ret << dendl;
return;
}
- bufferlist key_id_bl;
- string bucket_owner_id = s->bucket->get_info().owner.id;
- key_id_bl.append(bucket_owner_id.c_str(), bucket_owner_id.size() + 1);
-
bufferlist conf_bl;
bucket_encryption_conf.encode(conf_bl);
- op_ret = retry_raced_bucket_write(this, s->bucket.get(), [this, y, &conf_bl, &key_id_bl] {
+ op_ret = retry_raced_bucket_write(this, s->bucket.get(), [this, y, &conf_bl] {
rgw::sal::Attrs attrs = s->bucket->get_attrs();
attrs[RGW_ATTR_BUCKET_ENCRYPTION_POLICY] = conf_bl;
- attrs[RGW_ATTR_BUCKET_ENCRYPTION_KEY_ID] = key_id_bl;
return s->bucket->merge_and_store_attrs(this, attrs, y);
});
}