MCPcopy
hub / github.com/scality/cloudserver / updateObjectEncryption

Function updateObjectEncryption

lib/api/apiUtils/bucket/updateEncryption.js:61–92  ·  view source on GitHub ↗
(bucket, objMD, objectKey, log, keyArnPrefix, opts, cb)

Source from the content-addressed store, hash-verified

59// Use opts.skipObjectUpdate to only prepare objMD without sending the update to metadata
60// if a metadata.putObjectMD is expected later in call flow. (Downside: update skipped if error)
61function updateObjectEncryption(bucket, objMD, objectKey, log, keyArnPrefix, opts, cb) {
62 if (!objMD) {
63 return cb(null, bucket, objMD);
64 }
65
66 const key = objMD['x-amz-server-side-encryption-aws-kms-key-id'];
67
68 if (!key || isScalityKmsArn(key)) {
69 return cb(null, bucket, objMD);
70 }
71 const newKey = `${keyArnPrefix}${key}`;
72 // eslint-disable-next-line no-param-reassign
73 objMD['x-amz-server-side-encryption-aws-kms-key-id'] = newKey;
74 // Doesn't seem to be used but update as well
75 for (const dataLocator of objMD.location || []) {
76 if (dataLocator.masterKeyId) {
77 dataLocator.masterKeyId = `${keyArnPrefix}${dataLocator.masterKeyId}`;
78 }
79 }
80 // eslint-disable-next-line no-param-reassign
81 objMD.originOp = 's3:ObjectCreated:Copy';
82 // Copy should be tested for 9.5 in INTGR-1038
83 // to make sure it does not impact backbeat CRR / bucket notif
84 const params = getVersionSpecificMetadataOptions(objMD, config.nullVersionCompatMode);
85
86 log.info('reformating object encryption key', { oldKey: key, newKey, skipUpdate: opts.skipObjectUpdate });
87 if (opts.skipObjectUpdate) {
88 return cb(null, bucket, objMD);
89 }
90 return metadata.putObjectMD(bucket.getName(), objectKey, objMD, params,
91 log, err => cb(err, bucket, objMD));
92}
93
94/**
95 * Update encryption of bucket and object if kms provider changed

Callers 1

updateEncryptionFunction · 0.85

Calls 2

infoMethod · 0.80

Tested by

no test coverage detected