MyFavMirrors/minio
1
0
Fork 0
mirror of https://github.com/minio/minio.git synced 2025-11-07 21:02:58 -05:00
Code Issues Packages Projects Releases Wiki Activity

fix: S3 gateway doesn't support full passthrough for encryption (#10484)

Browse Source 
The entire encryption layer is dependent on the fact that
KMS should be configured for S3 encryption to work properly
and we only support passing the headers as is to the backend
for encryption only if KMS is configured.

Make sure that this predictability is maintained, currently
the code was allowing encryption to go through and fail
at later to indicate that KMS was not configured. We should
simply reply "NotImplemented" if KMS is not configured, this
allows clients to simply proceed with their tests.
This commit is contained in:
Harshavardhana
2020-09-15 13:57:15 -07:00
committed by GitHub
parent 730d2dc7be
commit 80fab03b63
9 changed files with 65 additions and 60 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
cmd/gateway/s3/gateway-s3-sse.go
View File

@@ -316,7 +316,7 @@ func (l *s3EncObjects) GetObjectNInfo(ctx context.Context, bucket, object string
}
fn, off, length, err := minio.NewGetObjectReader(rs, objInfo, o)
if err != nil {
return nil, minio.ErrorRespToObjectError(err)
return nil, minio.ErrorRespToObjectError(err, bucket, object)
}
if l.isGWEncrypted(ctx, bucket, object) {
object = getGWContentPath(object)

10
cmd/gateway/s3/gateway-s3.go
View File

@@ -391,21 +391,21 @@ func (l *s3Objects) GetObjectNInfo(ctx context.Context, bucket, object string, r
return nil, minio.ErrorRespToObjectError(err, bucket, object)
}
var startOffset, length int64
startOffset, length, err = rs.GetOffsetLength(objInfo.Size)
fn, off, length, err := minio.NewGetObjectReader(rs, objInfo, opts)
if err != nil {
return nil, minio.ErrorRespToObjectError(err, bucket, object)
}
pr, pw := io.Pipe()
go func() {
err := l.GetObject(ctx, bucket, object, startOffset, length, pw, objInfo.ETag, opts)
err := l.GetObject(ctx, bucket, object, off, length, pw, objInfo.ETag, opts)
pw.CloseWithError(err)
}()
// Setup cleanup function to cause the above go-routine to
// exit in case of partial read
pipeCloser := func() { pr.Close() }
return minio.NewGetObjectReaderFromReader(pr, objInfo, opts, pipeCloser)
return fn(pr, h, opts.CheckPrecondFn, pipeCloser)
}
// GetObject reads an object from S3. Supports additional
@@ -745,7 +745,7 @@ func (l *s3Objects) IsCompressionSupported() bool {
// IsEncryptionSupported returns whether server side encryption is implemented for this layer.
func (l *s3Objects) IsEncryptionSupported() bool {
return minio.GlobalKMS != nil || len(minio.GlobalGatewaySSE) > 0
return minio.GlobalKMS != nil || minio.GlobalGatewaySSE.IsSet()
}
func (l *s3Objects) IsTaggingSupported() bool {