(bucket, objMD, objectKey, log, keyArnPrefix, opts, cb)
| 59 | // Use opts.skipObjectUpdate to only prepare objMD without sending the update to metadata |
| 60 | // if a metadata.putObjectMD is expected later in call flow. (Downside: update skipped if error) |
| 61 | function updateObjectEncryption(bucket, objMD, objectKey, log, keyArnPrefix, opts, cb) { |
| 62 | if (!objMD) { |
| 63 | return cb(null, bucket, objMD); |
| 64 | } |
| 65 | |
| 66 | const key = objMD['x-amz-server-side-encryption-aws-kms-key-id']; |
| 67 | |
| 68 | if (!key || isScalityKmsArn(key)) { |
| 69 | return cb(null, bucket, objMD); |
| 70 | } |
| 71 | const newKey = `${keyArnPrefix}${key}`; |
| 72 | // eslint-disable-next-line no-param-reassign |
| 73 | objMD['x-amz-server-side-encryption-aws-kms-key-id'] = newKey; |
| 74 | // Doesn't seem to be used but update as well |
| 75 | for (const dataLocator of objMD.location || []) { |
| 76 | if (dataLocator.masterKeyId) { |
| 77 | dataLocator.masterKeyId = `${keyArnPrefix}${dataLocator.masterKeyId}`; |
| 78 | } |
| 79 | } |
| 80 | // eslint-disable-next-line no-param-reassign |
| 81 | objMD.originOp = 's3:ObjectCreated:Copy'; |
| 82 | // Copy should be tested for 9.5 in INTGR-1038 |
| 83 | // to make sure it does not impact backbeat CRR / bucket notif |
| 84 | const params = getVersionSpecificMetadataOptions(objMD, config.nullVersionCompatMode); |
| 85 | |
| 86 | log.info('reformating object encryption key', { oldKey: key, newKey, skipUpdate: opts.skipObjectUpdate }); |
| 87 | if (opts.skipObjectUpdate) { |
| 88 | return cb(null, bucket, objMD); |
| 89 | } |
| 90 | return metadata.putObjectMD(bucket.getName(), objectKey, objMD, params, |
| 91 | log, err => cb(err, bucket, objMD)); |
| 92 | } |
| 93 | |
| 94 | /** |
| 95 | * Update encryption of bucket and object if kms provider changed |
no test coverage detected