* Bucket Delete Encryption - Delete bucket SSE configuration * @param {AuthInfo} authInfo - Instance of AuthInfo class with requester's info * @param {object} request - http request object * @param {object} log - Werelogs logger * @param {function} callback - callback to server * @return {undef
(authInfo, request, log, callback)
| 16 | */ |
| 17 | |
| 18 | function bucketDeleteEncryption(authInfo, request, log, callback) { |
| 19 | const bucketName = request.bucketName; |
| 20 | |
| 21 | const metadataValParams = { |
| 22 | authInfo, |
| 23 | bucketName, |
| 24 | requestType: request.apiMethods || 'bucketDeleteEncryption', |
| 25 | request, |
| 26 | }; |
| 27 | |
| 28 | return async.waterfall([ |
| 29 | next => standardMetadataValidateBucket(metadataValParams, request.actionImplicitDenies, log, next), |
| 30 | (bucket, next) => checkExpectedBucketOwner(request.headers, bucket, log, err => next(err, bucket)), |
| 31 | (bucket, next) => { |
| 32 | const sseConfig = bucket.getServerSideEncryption(); |
| 33 | |
| 34 | if (sseConfig === null) { |
| 35 | return next(null, bucket); |
| 36 | } |
| 37 | |
| 38 | const { isAccountEncryptionEnabled, masterKeyId, algorithm, cryptoScheme } = sseConfig; |
| 39 | |
| 40 | let updatedSseConfig = null; |
| 41 | |
| 42 | if (!isAccountEncryptionEnabled && masterKeyId) { |
| 43 | // Keep the encryption configuration as a "cache" to avoid generating a new master key: |
| 44 | // - if the default encryption master key is defined at the bucket level (!isAccountEncryptionEnabled), |
| 45 | // - and if a bucket-level default encryption key is already set. |
| 46 | // This "cache" is implemented by storing the configuration in the bucket metadata |
| 47 | // with mandatory set to false, making sure it remains hidden for `getBucketEncryption` operations. |
| 48 | // There is no need to cache the configuration if the default encryption master key is |
| 49 | // managed at the account level, as the master key id in that case is stored directly in |
| 50 | // the account metadata. |
| 51 | updatedSseConfig = { |
| 52 | mandatory: false, |
| 53 | algorithm, |
| 54 | cryptoScheme, |
| 55 | masterKeyId, |
| 56 | }; |
| 57 | } |
| 58 | |
| 59 | bucket.setServerSideEncryption(updatedSseConfig); |
| 60 | return metadata.updateBucket(bucketName, bucket, log, err => next(err, bucket)); |
| 61 | }, |
| 62 | ], |
| 63 | (err, bucket) => { |
| 64 | const corsHeaders = collectCorsHeaders(request.headers.origin, request.method, bucket); |
| 65 | if (err) { |
| 66 | log.trace('error processing request', { error: err, method: 'bucketDeleteEncryption' }); |
| 67 | return callback(err, corsHeaders); |
| 68 | } |
| 69 | pushMetric('deleteBucketEncryption', log, { |
| 70 | authInfo, |
| 71 | bucket: bucketName, |
| 72 | }); |
| 73 | return callback(null, corsHeaders); |
| 74 | }); |
| 75 | } |
no test coverage detected