diff options
| author | Tim Burke <tim.burke@gmail.com> | 2018-11-20 17:21:04 -0800 |
|---|---|---|
| committer | Tim Burke <tim.burke@gmail.com> | 2018-12-06 18:54:30 +0000 |
| commit | 8e95a93858dc215e2d2f7d48e035e6b5f1ab582a (patch) | |
| tree | 80c0b721e862868335dc465ae12251676b37361f /swift/common/middleware/s3api/s3request.py | |
| parent | 3465d639e312ad112b3d239f7e18590cff792ec8 (diff) | |
| download | swift-8e95a93858dc215e2d2f7d48e035e6b5f1ab582a.tar.gz | |
s3api: Allow some forms of server-side-encryption
...if and only if encryption is enabled. A few things to note about server-side
encryption:
- We register whether encryption is present and enabled when the proxy server
starts up.
- This is generally considered an operator feature, not a user-facing one. S3
API users can now learn more about how your cluster is set up than they
previously could.
- If encryption is enabled but there are no keymasters in the pipeline, all
writes will fail with "Unable to retrieve encryption keys."
- There's still a 'swift.crypto.override' env key that keymasters can set to
skip encryption, so this isn't a full guarantee that things will be
encrypted. On the other hand, none of the keymasters in Swift ever set that
override.
Note that this *does not* start including x-amz-server-side-encryption
headers in the response, neither during PUT nor GET. We should only
send that when we know for sure that the data on disk was encrypted.
Change-Id: I4c20bca7fedb839628f1b2f8611807631b8bf430
Related-Bug: 1607116
Related-Change: Icf28dc57e589f9be20937947095800d7ce57b2f7
Diffstat (limited to 'swift/common/middleware/s3api/s3request.py')
| -rw-r--r-- | swift/common/middleware/s3api/s3request.py | 15 |
1 files changed, 12 insertions, 3 deletions
diff --git a/swift/common/middleware/s3api/s3request.py b/swift/common/middleware/s3api/s3request.py index 03894a09e..d12275487 100644 --- a/swift/common/middleware/s3api/s3request.py +++ b/swift/common/middleware/s3api/s3request.py @@ -24,7 +24,7 @@ import six from six.moves.urllib.parse import quote, unquote, parse_qsl import string -from swift.common.utils import split_path, json +from swift.common.utils import split_path, json, get_swift_info from swift.common import swob from swift.common.http import HTTP_OK, HTTP_CREATED, HTTP_ACCEPTED, \ HTTP_NO_CONTENT, HTTP_UNAUTHORIZED, HTTP_FORBIDDEN, HTTP_NOT_FOUND, \ @@ -741,8 +741,17 @@ class S3Request(swob.Request): if 'x-amz-mfa' in self.headers: raise S3NotImplemented('MFA Delete is not supported.') - if 'x-amz-server-side-encryption' in self.headers: - raise S3NotImplemented('Server-side encryption is not supported.') + sse_value = self.headers.get('x-amz-server-side-encryption') + if sse_value is not None: + if sse_value not in ('aws:kms', 'AES256'): + raise InvalidArgument( + 'x-amz-server-side-encryption', sse_value, + 'The encryption method specified is not supported') + encryption_enabled = get_swift_info(admin=True)['admin'].get( + 'encryption', {}).get('enabled') + if not encryption_enabled or sse_value != 'AES256': + raise S3NotImplemented( + 'Server-side encryption is not supported.') if 'x-amz-website-redirect-location' in self.headers: raise S3NotImplemented('Website redirection is not supported.') |