commit 8e95a93858dc215e2d2f7d48e035e6b5f1ab582a
Author: Tim Burke <email address hidden>
Date: Tue Nov 20 17:21:04 2018 -0800
s3api: Allow some forms of server-side-encryption
...if and only if encryption is enabled. A few things to note about server-side
encryption:
- We register whether encryption is present and enabled when the proxy server
starts up.
- This is generally considered an operator feature, not a user-facing one. S3
API users can now learn more about how your cluster is set up than they
previously could.
- If encryption is enabled but there are no keymasters in the pipeline, all
writes will fail with "Unable to retrieve encryption keys."
- There's still a 'swift.crypto.override' env key that keymasters can set to
skip encryption, so this isn't a full guarantee that things will be
encrypted. On the other hand, none of the keymasters in Swift ever set that
override.
Note that this *does not* start including x-amz-server-side-encryption
headers in the response, neither during PUT nor GET. We should only
send that when we know for sure that the data on disk was encrypted.
Reviewed: https:/ /review. openstack. org/619127 /git.openstack. org/cgit/ openstack/ swift/commit/ ?id=8e95a93858d c215e2d2f7d48e0 35e6b5f1ab582a
Committed: https:/
Submitter: Zuul
Branch: master
commit 8e95a93858dc215 e2d2f7d48e035e6 b5f1ab582a
Author: Tim Burke <email address hidden>
Date: Tue Nov 20 17:21:04 2018 -0800
s3api: Allow some forms of server- side-encryption
...if and only if encryption is enabled. A few things to note about server-side
encryption:
- We register whether encryption is present and enabled when the proxy server crypto. override' env key that keymasters can set to
starts up.
- This is generally considered an operator feature, not a user-facing one. S3
API users can now learn more about how your cluster is set up than they
previously could.
- If encryption is enabled but there are no keymasters in the pipeline, all
writes will fail with "Unable to retrieve encryption keys."
- There's still a 'swift.
skip encryption, so this isn't a full guarantee that things will be
encrypted. On the other hand, none of the keymasters in Swift ever set that
override.
Note that this *does not* start including x-amz-server- side-encryption
headers in the response, neither during PUT nor GET. We should only
send that when we know for sure that the data on disk was encrypted.
Change-Id: I4c20bca7fedb83 9628f1b2f861180 7631b8bf430 be2093794709580 0d7ce57b2f7
Related-Bug: 1607116
Related-Change: Icf28dc57e589f9