Merge pull request #52247 from cbodley/wip-57905

rgw: rgwx-skip-decrypt also skips decompression of encrypted objects

Reviewed-by: Shilpa Jagannath <smanjara@redhat.com>
This commit is contained in:
Casey Bodley 2023-07-03 11:19:36 -04:00 committed by GitHub
commit 813fb284c7
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 29 additions and 16 deletions

View File

@ -3386,6 +3386,7 @@ public:
int process_attrs(void) {
bool encrypted = false;
if (extra_data_bl.length()) {
JSONParser jp;
if (!jp.parse(extra_data_bl.c_str(), extra_data_bl.length())) {
@ -3395,8 +3396,18 @@ public:
JSONDecoder::decode_json("attrs", src_attrs, &jp);
encrypted = src_attrs.count(RGW_ATTR_CRYPT_MODE);
if (encrypted) {
// we won't have access to the decrypted data for checksumming
try_etag_verify = false;
}
// if the object is both compressed and encrypted, it was transferred
// in its encrypted+compressed form. we need to preserve the original
// RGW_ATTR_COMPRESSION instead of falling back to default compression
// settings
auto iter = src_attrs.find(RGW_ATTR_COMPRESSION);
if (iter != src_attrs.end()) {
if (iter != src_attrs.end() && !encrypted) {
const bufferlist bl = std::move(iter->second);
src_attrs.erase(iter); // don't preserve source compression info
@ -3437,8 +3448,8 @@ public:
return ret;
}
if (plugin && src_attrs.find(RGW_ATTR_CRYPT_MODE) == src_attrs.end()) {
//do not compress if object is encrypted
// do not compress if object is encrypted
if (plugin && !encrypted) {
compressor = boost::in_place(cct, plugin, filter);
// add a filter that buffers data so we don't try to compress tiny blocks.
// libcurl reads in 16k at a time, and we need at least 64k to get a good
@ -3448,12 +3459,7 @@ public:
filter = &*buffering;
}
/*
* Presently we don't support ETag based verification if encryption is
* requested. We can enable simultaneous support once we have a mechanism
* to know the sequence in which the filters must be applied.
*/
if (try_etag_verify && src_attrs.find(RGW_ATTR_CRYPT_MODE) == src_attrs.end()) {
if (try_etag_verify) {
ret = rgw::putobj::create_etag_verifier(dpp, cct, filter, manifest_bl,
compression_info,
etag_verifier);

View File

@ -2200,8 +2200,9 @@ void RGWGetObj::execute(optional_yield y)
gc_invalidate_time = ceph_clock_now();
gc_invalidate_time += (s->cct->_conf->rgw_gc_obj_min_wait / 2);
bool need_decompress;
int64_t ofs_x, end_x;
bool need_decompress = false;
int64_t ofs_x = 0, end_x = 0;
bool encrypted = false;
RGWGetObj_CB cb(this);
RGWGetObj_Filter* filter = (RGWGetObj_Filter *)&cb;
@ -2301,11 +2302,17 @@ void RGWGetObj::execute(optional_yield y)
ldpp_dout(this, 0) << "ERROR: failed to decode compression info, cannot decompress" << dendl;
goto done_err;
}
if (need_decompress) {
s->obj_size = cs_info.orig_size;
s->object->set_obj_size(cs_info.orig_size);
decompress.emplace(s->cct, &cs_info, partial_content, filter);
filter = &*decompress;
// where encryption and compression are combined, compression was applied to
// the data before encryption. if the system header rgwx-skip-decrypt is
// present, we have to skip the decompression filter too
encrypted = attrs.count(RGW_ATTR_CRYPT_MODE);
if (need_decompress && (!encrypted || !skip_decrypt)) {
s->obj_size = cs_info.orig_size;
s->object->set_obj_size(cs_info.orig_size);
decompress.emplace(s->cct, &cs_info, partial_content, filter);
filter = &*decompress;
}
attr_iter = attrs.find(RGW_ATTR_OBJ_REPLICATION_TRACE);