MCPcopy Index your code
hub / github.com/scality/cloudserver / bucketLevelEncryption

Method bucketLevelEncryption

lib/kms/wrapper.js:233–287  ·  view source on GitHub ↗

* * @param {BucketInfo} bucket - bucket info * @param {object} sseConfig - SSE configuration * @param {object} log - logger object * @param {function} cb - callback * @returns {undefined} * @callback called with (err, serverSideEncryptionInfo: object)

(bucket, sseConfig, log, cb)

Source from the content-addressed store, hash-verified

231 * @callback called with (err, serverSideEncryptionInfo: object)
232 */
233 static bucketLevelEncryption(bucket, sseConfig, log, cb) {
234 /*
235 The purpose of bucket level encryption is so that the client does not
236 have to send appropriate headers to trigger encryption on each object
237 put in an "encrypted bucket". Customer provided keys are not
238 feasible in this system because we do not want to store this key
239 in the bucket metadata.
240 */
241 const { algorithm, configuredMasterKeyId, mandatory } = sseConfig;
242 const _mandatory = mandatory === true;
243 if (algorithm === 'AES256' || algorithm === 'aws:kms') {
244 const serverSideEncryptionInfo = {
245 cryptoScheme: 1,
246 algorithm,
247 mandatory: _mandatory,
248 };
249
250 if (algorithm === 'aws:kms' && configuredMasterKeyId) {
251 // If input key is scality arn format it needs validation
252 // otherwise prepend the current KMS client arnPrefix
253 if (isScalityKmsArn(configuredMasterKeyId)) {
254 const detail = extractDetailFromArn(configuredMasterKeyId);
255 const error = validateKeyDetail(detail, availableBackends);
256 if (error) {
257 return cb(error);
258 }
259 serverSideEncryptionInfo.configuredMasterKeyId = configuredMasterKeyId;
260 } else {
261 serverSideEncryptionInfo.configuredMasterKeyId =
262 `${client.backend.arnPrefix}${configuredMasterKeyId}`;
263 }
264
265 return process.nextTick(() => cb(null, serverSideEncryptionInfo));
266 }
267
268 return this.createBucketKey(bucket, log, (err, data) => {
269 if (err) {
270 return cb(err);
271 }
272
273 const { masterKeyId, masterKeyArn, isAccountEncryptionEnabled } = data;
274 serverSideEncryptionInfo.masterKeyId = masterKeyArn || masterKeyId;
275
276 if (isAccountEncryptionEnabled) {
277 serverSideEncryptionInfo.isAccountEncryptionEnabled = isAccountEncryptionEnabled;
278 }
279
280 return cb(null, serverSideEncryptionInfo);
281 });
282 }
283 /*
284 * no encryption
285 */
286 return cb(null, null);
287 }
288
289 /**
290 *

Callers 5

bucketPutEncryptionFunction · 0.80
kms.jsFile · 0.80
_utestCreateBundlePairFunction · 0.80

Calls 1

createBucketKeyMethod · 0.95

Tested by

no test coverage detected