Mirror
/
seaweedfs
mirror of https://github.com/seaweedfs/seaweedfs.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

ErrNoEncryptionConfig

pull/7481/head
chrislu 3 weeks ago
parent
2f6abd3814
commit
0e94b4d36c
2 changed files with 12 additions and 3 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 6
      weed/s3api/s3_bucket_encryption.go
  2. 9
      weed/s3api/s3api_object_handlers_put.go

6
weed/s3api/s3_bucket_encryption.go
View File

@ -2,6 +2,7 @@ package s3api
import ( import (
"encoding/xml" "encoding/xml"
"errors"
"fmt" "fmt"
"io" "io"
"net/http" "net/http"
@ -12,6 +13,9 @@ import (
"github.com/seaweedfs/seaweedfs/weed/s3api/s3err" "github.com/seaweedfs/seaweedfs/weed/s3api/s3err"
) )
// ErrNoEncryptionConfig is returned when a bucket has no encryption configuration
var ErrNoEncryptionConfig = errors.New("no encryption configuration found")
// ServerSideEncryptionConfiguration represents the bucket encryption configuration // ServerSideEncryptionConfiguration represents the bucket encryption configuration
type ServerSideEncryptionConfiguration struct { type ServerSideEncryptionConfiguration struct {
XMLName xml.Name `xml:"ServerSideEncryptionConfiguration"` XMLName xml.Name `xml:"ServerSideEncryptionConfiguration"`
@ -186,7 +190,7 @@ func (s3a *S3ApiServer) GetBucketEncryptionConfig(bucket string) (*s3_pb.Encrypt
config, errCode := s3a.getEncryptionConfiguration(bucket) config, errCode := s3a.getEncryptionConfiguration(bucket)
if errCode != s3err.ErrNone { if errCode != s3err.ErrNone {
if errCode == s3err.ErrNoSuchBucketEncryptionConfiguration { if errCode == s3err.ErrNoSuchBucketEncryptionConfiguration {
return nil, fmt.Errorf("no encryption configuration found")
return nil, ErrNoEncryptionConfig
} }
return nil, fmt.Errorf("failed to get encryption configuration") return nil, fmt.Errorf("failed to get encryption configuration")
} }

9
weed/s3api/s3api_object_handlers_put.go
View File

@ -384,7 +384,7 @@ func (s3a *S3ApiServer) putToFiler(r *http.Request, uploadUrl string, dataReader
glog.V(4).Infof("putToFiler: Chunked upload SUCCESS - path=%s, chunks=%d, size=%d", glog.V(4).Infof("putToFiler: Chunked upload SUCCESS - path=%s, chunks=%d, size=%d",
filePath, len(chunkResult.FileChunks), chunkResult.TotalSize) filePath, len(chunkResult.FileChunks), chunkResult.TotalSize)
// Log chunk details for debugging (verbose only - high frequency) // Log chunk details for debugging (verbose only - high frequency)
if glog.V(4) { if glog.V(4) {
for i, chunk := range chunkResult.FileChunks { for i, chunk := range chunkResult.FileChunks {
@ -1139,7 +1139,12 @@ func (s3a *S3ApiServer) applyBucketDefaultEncryption(bucket string, r *http.Requ
// Check if bucket has default encryption configured // Check if bucket has default encryption configured
encryptionConfig, err := s3a.GetBucketEncryptionConfig(bucket) encryptionConfig, err := s3a.GetBucketEncryptionConfig(bucket)
if err != nil { if err != nil {
// Failed to read encryption config - propagate error to prevent silent encryption bypass
// Check if this is just "no encryption configured" vs a real error
if errors.Is(err, ErrNoEncryptionConfig) {
// No default encryption configured, return original reader
return &BucketDefaultEncryptionResult{DataReader: dataReader}, nil
}
// Real error - propagate to prevent silent encryption bypass
return nil, fmt.Errorf("failed to read bucket encryption config: %v", err) return nil, fmt.Errorf("failed to read bucket encryption config: %v", err)
} }
if encryptionConfig == nil { if encryptionConfig == nil {

Write Preview
Loading…
Cancel
Save