From f2211537769893b622bb05015885718bc0225eb2 Mon Sep 17 00:00:00 2001 From: Anis Elleuch Date: Tue, 14 Sep 2021 20:55:32 +0100 Subject: [PATCH] s3-gateway: Allow encryption S3 passthrough for SSE-S3 (#13204) This reverts commit 35cbe43b6df48927a1574829b13f9ed5d3af99d3. --- cmd/object-handlers.go | 74 ++++++++++++++++++++++++++++++++++-------- 1 file changed, 60 insertions(+), 14 deletions(-) diff --git a/cmd/object-handlers.go b/cmd/object-handlers.go index 0c7710e3b..085c72e58 100644 --- a/cmd/object-handlers.go +++ b/cmd/object-handlers.go @@ -916,9 +916,18 @@ func (api objectAPIHandlers) CopyObjectHandler(w http.ResponseWriter, r *http.Re return } - if _, ok := crypto.IsRequested(r.Header); ok && !objectAPI.IsEncryptionSupported() { - writeErrorResponse(ctx, w, errorCodes.ToAPIErr(ErrNotImplemented), r.URL) - return + if _, ok := crypto.IsRequested(r.Header); ok { + if globalIsGateway { + if crypto.SSEC.IsRequested(r.Header) && !objectAPI.IsEncryptionSupported() { + writeErrorResponse(ctx, w, errorCodes.ToAPIErr(ErrNotImplemented), r.URL) + return + } + } else { + if !objectAPI.IsEncryptionSupported() { + writeErrorResponse(ctx, w, errorCodes.ToAPIErr(ErrNotImplemented), r.URL) + return + } + } } vars := mux.Vars(r) @@ -1467,9 +1476,18 @@ func (api objectAPIHandlers) PutObjectHandler(w http.ResponseWriter, r *http.Req return } - if _, ok := crypto.IsRequested(r.Header); ok && !objectAPI.IsEncryptionSupported() { - writeErrorResponse(ctx, w, errorCodes.ToAPIErr(ErrNotImplemented), r.URL) - return + if _, ok := crypto.IsRequested(r.Header); ok { + if globalIsGateway { + if crypto.SSEC.IsRequested(r.Header) && !objectAPI.IsEncryptionSupported() { + writeErrorResponse(ctx, w, errorCodes.ToAPIErr(ErrNotImplemented), r.URL) + return + } + } else { + if !objectAPI.IsEncryptionSupported() { + writeErrorResponse(ctx, w, errorCodes.ToAPIErr(ErrNotImplemented), r.URL) + return + } + } } vars := mux.Vars(r) @@ -1798,9 +1816,18 @@ func (api objectAPIHandlers) PutObjectExtractHandler(w http.ResponseWriter, r *h return } - if _, ok := crypto.IsRequested(r.Header); ok && !objectAPI.IsEncryptionSupported() { - writeErrorResponse(ctx, w, errorCodes.ToAPIErr(ErrNotImplemented), r.URL) - return + if _, ok := crypto.IsRequested(r.Header); ok { + if globalIsGateway { + if crypto.SSEC.IsRequested(r.Header) && !objectAPI.IsEncryptionSupported() { + writeErrorResponse(ctx, w, errorCodes.ToAPIErr(ErrNotImplemented), r.URL) + return + } + } else { + if !objectAPI.IsEncryptionSupported() { + writeErrorResponse(ctx, w, errorCodes.ToAPIErr(ErrNotImplemented), r.URL) + return + } + } } vars := mux.Vars(r) @@ -2075,9 +2102,18 @@ func (api objectAPIHandlers) NewMultipartUploadHandler(w http.ResponseWriter, r return } - if _, ok := crypto.IsRequested(r.Header); ok && !objectAPI.IsEncryptionSupported() { - writeErrorResponse(ctx, w, errorCodes.ToAPIErr(ErrNotImplemented), r.URL) - return + if _, ok := crypto.IsRequested(r.Header); ok { + if globalIsGateway { + if crypto.SSEC.IsRequested(r.Header) && !objectAPI.IsEncryptionSupported() { + writeErrorResponse(ctx, w, errorCodes.ToAPIErr(ErrNotImplemented), r.URL) + return + } + } else { + if !objectAPI.IsEncryptionSupported() { + writeErrorResponse(ctx, w, errorCodes.ToAPIErr(ErrNotImplemented), r.URL) + return + } + } } vars := mux.Vars(r) @@ -2517,8 +2553,18 @@ func (api objectAPIHandlers) PutObjectPartHandler(w http.ResponseWriter, r *http return } - if _, ok := crypto.IsRequested(r.Header); ok && !objectAPI.IsEncryptionSupported() { - writeErrorResponse(ctx, w, errorCodes.ToAPIErr(ErrNotImplemented), r.URL) + if _, ok := crypto.IsRequested(r.Header); ok { + if globalIsGateway { + if crypto.SSEC.IsRequested(r.Header) && !objectAPI.IsEncryptionSupported() { + writeErrorResponse(ctx, w, errorCodes.ToAPIErr(ErrNotImplemented), r.URL) + return + } + } else { + if !objectAPI.IsEncryptionSupported() { + writeErrorResponse(ctx, w, errorCodes.ToAPIErr(ErrNotImplemented), r.URL) + return + } + } } vars := mux.Vars(r)