MCPcopy
hub / github.com/scality/cloudserver / bucketPutEncryption

Function bucketPutEncryption

lib/api/bucketPutEncryption.js:20–97  ·  view source on GitHub ↗

* Bucket Put Encryption - Put bucket SSE configuration * @param {AuthInfo} authInfo - Instance of AuthInfo class with requester's info * @param {object} request - http request object * @param {object} log - Werelogs logger * @param {function} callback - callback to server * @return {undefined}

(authInfo, request, log, callback)

Source from the content-addressed store, hash-verified

18 */
19
20function bucketPutEncryption(authInfo, request, log, callback) {
21 const { bucketName } = request;
22
23 const metadataValParams = {
24 authInfo,
25 bucketName,
26 requestType: request.apiMethods || 'bucketPutEncryption',
27 request,
28 };
29
30 return async.waterfall([
31 next => standardMetadataValidateBucket(metadataValParams, request.actionImplicitDenies, log, next),
32 (bucket, next) => checkExpectedBucketOwner(request.headers, bucket, log, err => next(err, bucket)),
33 (bucket, next) => {
34 log.trace('parsing encryption config', { method: 'bucketPutEncryption' });
35 return parseEncryptionXml(request.post, log, (err, encryptionConfig) => {
36 if (err) {
37 return next(err);
38 }
39 return next(null, bucket, encryptionConfig);
40 });
41 },
42 (bucket, encryptionConfig, next) => {
43 const existingConfig = bucket.getServerSideEncryption();
44 // Check if encryption is not configured or if a default master key has not been created yet.
45 if (existingConfig === null || !existingConfig.masterKeyId) {
46 return kms.bucketLevelEncryption(bucket, encryptionConfig, log,
47 (err, updatedConfig) => {
48 if (err) {
49 return next(err);
50 }
51 return next(null, bucket, updatedConfig);
52 });
53 }
54
55 // If encryption is already configured and a default master key exists
56
57 // If the request does not specify a custom key, reuse the existing default master key id
58 // This ensures that a new default master key is not generated every time
59 // `putBucketEncryption` is called, avoiding unnecessary key creation
60 const updatedConfig = {
61 mandatory: true,
62 algorithm: encryptionConfig.algorithm,
63 cryptoScheme: existingConfig.cryptoScheme,
64 masterKeyId: existingConfig.masterKeyId,
65 };
66
67 // If the request specifies a custom master key id, store it in the updated configuration
68 const { configuredMasterKeyId } = encryptionConfig;
69 if (configuredMasterKeyId) {
70 updatedConfig.configuredMasterKeyId = configuredMasterKeyId;
71 }
72
73 const { isAccountEncryptionEnabled } = existingConfig;
74 if (isAccountEncryptionEnabled) {
75 updatedConfig.isAccountEncryptionEnabled = isAccountEncryptionEnabled;
76 }
77

Callers 3

bucketDelete.jsFile · 0.85

Calls 7

checkExpectedBucketOwnerFunction · 0.85
parseEncryptionXmlFunction · 0.85
collectCorsHeadersFunction · 0.85
pushMetricFunction · 0.85
traceMethod · 0.80
bucketLevelEncryptionMethod · 0.80

Tested by

no test coverage detected