mirror of
https://github.com/ceph/ceph
synced 2025-01-19 17:41:39 +00:00
Merge pull request #52247 from cbodley/wip-57905
rgw: rgwx-skip-decrypt also skips decompression of encrypted objects Reviewed-by: Shilpa Jagannath <smanjara@redhat.com>
This commit is contained in:
commit
813fb284c7
@ -3386,6 +3386,7 @@ public:
|
||||
|
||||
|
||||
int process_attrs(void) {
|
||||
bool encrypted = false;
|
||||
if (extra_data_bl.length()) {
|
||||
JSONParser jp;
|
||||
if (!jp.parse(extra_data_bl.c_str(), extra_data_bl.length())) {
|
||||
@ -3395,8 +3396,18 @@ public:
|
||||
|
||||
JSONDecoder::decode_json("attrs", src_attrs, &jp);
|
||||
|
||||
encrypted = src_attrs.count(RGW_ATTR_CRYPT_MODE);
|
||||
if (encrypted) {
|
||||
// we won't have access to the decrypted data for checksumming
|
||||
try_etag_verify = false;
|
||||
}
|
||||
|
||||
// if the object is both compressed and encrypted, it was transferred
|
||||
// in its encrypted+compressed form. we need to preserve the original
|
||||
// RGW_ATTR_COMPRESSION instead of falling back to default compression
|
||||
// settings
|
||||
auto iter = src_attrs.find(RGW_ATTR_COMPRESSION);
|
||||
if (iter != src_attrs.end()) {
|
||||
if (iter != src_attrs.end() && !encrypted) {
|
||||
const bufferlist bl = std::move(iter->second);
|
||||
src_attrs.erase(iter); // don't preserve source compression info
|
||||
|
||||
@ -3437,8 +3448,8 @@ public:
|
||||
return ret;
|
||||
}
|
||||
|
||||
if (plugin && src_attrs.find(RGW_ATTR_CRYPT_MODE) == src_attrs.end()) {
|
||||
//do not compress if object is encrypted
|
||||
// do not compress if object is encrypted
|
||||
if (plugin && !encrypted) {
|
||||
compressor = boost::in_place(cct, plugin, filter);
|
||||
// add a filter that buffers data so we don't try to compress tiny blocks.
|
||||
// libcurl reads in 16k at a time, and we need at least 64k to get a good
|
||||
@ -3448,12 +3459,7 @@ public:
|
||||
filter = &*buffering;
|
||||
}
|
||||
|
||||
/*
|
||||
* Presently we don't support ETag based verification if encryption is
|
||||
* requested. We can enable simultaneous support once we have a mechanism
|
||||
* to know the sequence in which the filters must be applied.
|
||||
*/
|
||||
if (try_etag_verify && src_attrs.find(RGW_ATTR_CRYPT_MODE) == src_attrs.end()) {
|
||||
if (try_etag_verify) {
|
||||
ret = rgw::putobj::create_etag_verifier(dpp, cct, filter, manifest_bl,
|
||||
compression_info,
|
||||
etag_verifier);
|
||||
|
@ -2200,8 +2200,9 @@ void RGWGetObj::execute(optional_yield y)
|
||||
gc_invalidate_time = ceph_clock_now();
|
||||
gc_invalidate_time += (s->cct->_conf->rgw_gc_obj_min_wait / 2);
|
||||
|
||||
bool need_decompress;
|
||||
int64_t ofs_x, end_x;
|
||||
bool need_decompress = false;
|
||||
int64_t ofs_x = 0, end_x = 0;
|
||||
bool encrypted = false;
|
||||
|
||||
RGWGetObj_CB cb(this);
|
||||
RGWGetObj_Filter* filter = (RGWGetObj_Filter *)&cb;
|
||||
@ -2301,11 +2302,17 @@ void RGWGetObj::execute(optional_yield y)
|
||||
ldpp_dout(this, 0) << "ERROR: failed to decode compression info, cannot decompress" << dendl;
|
||||
goto done_err;
|
||||
}
|
||||
if (need_decompress) {
|
||||
s->obj_size = cs_info.orig_size;
|
||||
s->object->set_obj_size(cs_info.orig_size);
|
||||
decompress.emplace(s->cct, &cs_info, partial_content, filter);
|
||||
filter = &*decompress;
|
||||
|
||||
// where encryption and compression are combined, compression was applied to
|
||||
// the data before encryption. if the system header rgwx-skip-decrypt is
|
||||
// present, we have to skip the decompression filter too
|
||||
encrypted = attrs.count(RGW_ATTR_CRYPT_MODE);
|
||||
|
||||
if (need_decompress && (!encrypted || !skip_decrypt)) {
|
||||
s->obj_size = cs_info.orig_size;
|
||||
s->object->set_obj_size(cs_info.orig_size);
|
||||
decompress.emplace(s->cct, &cs_info, partial_content, filter);
|
||||
filter = &*decompress;
|
||||
}
|
||||
|
||||
attr_iter = attrs.find(RGW_ATTR_OBJ_REPLICATION_TRACE);
|
||||
|
Loading…
Reference in New Issue
Block a user