* Update encryption of bucket and object if kms provider changed * * @param {Error} err - error coming from metadata validate before the action handling * @param {BucketInfo} bucket - bucket * @param {Object} [objMD] - object metadata * @param {string} objectKey - objectKey from request. * @p
(err, bucket, objMD, objectKey, log, opts, cb)
| 106 | * @returns {undefined} |
| 107 | */ |
| 108 | function updateEncryption(err, bucket, objMD, objectKey, log, opts, cb) { |
| 109 | // Error passed here to call the function inbetween the metadataValidate and its callback |
| 110 | if (err) { |
| 111 | return cb(err); |
| 112 | } |
| 113 | // if objMD missing, still try updateBucketEncryption |
| 114 | if (!config.sseMigration) { |
| 115 | return cb(null, bucket, objMD); |
| 116 | } |
| 117 | |
| 118 | const { previousKeyType, previousKeyProtocol, previousKeyProvider } = config.sseMigration; |
| 119 | // previousKeyType is required and validated in Config.js |
| 120 | // for now it is the only implementation we need. |
| 121 | // See TAD Seamless decryption with internal and external KMS: https://scality.atlassian.net/wiki/x/EgADu |
| 122 | // for other method of migration without a previousKeyType |
| 123 | |
| 124 | const keyArnPrefix = makeScalityArnPrefix(previousKeyType, previousKeyProtocol, previousKeyProvider); |
| 125 | |
| 126 | return updateBucketEncryption(bucket, log, (err, bucket) => { |
| 127 | // Any error in updating encryption at bucket or object level is returned to client. |
| 128 | // Other possibilities: ignore error, include sse migration notice in error message. |
| 129 | if (err) { |
| 130 | return cb(err, bucket, objMD); |
| 131 | } |
| 132 | if (opts.skipObject) { |
| 133 | return cb(err, bucket, objMD); |
| 134 | } |
| 135 | return updateObjectEncryption(bucket, objMD, objectKey, log, keyArnPrefix, opts, cb); |
| 136 | }); |
| 137 | } |
| 138 | |
| 139 | module.exports = { |
| 140 | updateEncryption, |
no test coverage detected