s3api: ensure MD5 is calculated or reused during CopyObject (#8163)
* s3api: ensure MD5 is calculated or reused during CopyObject Fixes #8155 - Capture and reuse source MD5 for direct copies - Calculate MD5 for small inline objects during copy * s3api: refactor encryption logic and safe MD5 copying - Extract duplicated bucket default encryption logic into helper - Use safe append copy for MD5 slice to avoid shared modifications * refactor * avoids unnecessary MD5 recalculations for small files
This commit is contained in:
Chris Lu
@@ -13,26 +13,16 @@ import (
|
||||
|
||||
// executeUnifiedCopyStrategy executes the appropriate copy strategy based on encryption state
|
||||
// Returns chunks and destination metadata that should be applied to the destination entry
|
||||
func (s3a *S3ApiServer) executeUnifiedCopyStrategy(entry *filer_pb.Entry, r *http.Request, dstBucket, srcObject, dstObject string) ([]*filer_pb.FileChunk, map[string][]byte, error) {
|
||||
func (s3a *S3ApiServer) executeUnifiedCopyStrategy(entry *filer_pb.Entry, r *http.Request, srcBucket, dstBucket, srcObject, dstObject string) ([]*filer_pb.FileChunk, map[string][]byte, error) {
|
||||
// Detect encryption state (using entry-aware detection for multipart objects)
|
||||
srcPath := fmt.Sprintf("%s/%s/%s", s3a.option.BucketsPath, r.Header.Get("X-Amz-Copy-Source-Bucket"), srcObject)
|
||||
srcPath := fmt.Sprintf("%s/%s/%s", s3a.option.BucketsPath, srcBucket, srcObject)
|
||||
dstPath := fmt.Sprintf("%s/%s/%s", s3a.option.BucketsPath, dstBucket, dstObject)
|
||||
state := DetectEncryptionStateWithEntry(entry, r, srcPath, dstPath)
|
||||
|
||||
// Debug logging for encryption state
|
||||
|
||||
// Apply bucket default encryption if no explicit encryption specified
|
||||
if !state.IsTargetEncrypted() {
|
||||
bucketMetadata, err := s3a.getBucketMetadata(dstBucket)
|
||||
if err == nil && bucketMetadata != nil && bucketMetadata.Encryption != nil {
|
||||
switch bucketMetadata.Encryption.SseAlgorithm {
|
||||
case "aws:kms":
|
||||
state.DstSSEKMS = true
|
||||
case "AES256":
|
||||
state.DstSSES3 = true
|
||||
}
|
||||
}
|
||||
}
|
||||
s3a.applyCopyBucketDefaultEncryption(state, dstBucket)
|
||||
|
||||
// Determine copy strategy
|
||||
strategy, err := DetermineUnifiedCopyStrategy(state, entry.Extended, r)
|
||||
@@ -169,3 +159,18 @@ func (s3a *S3ApiServer) executeReencryptCopy(entry *filer_pb.Entry, r *http.Requ
|
||||
glog.V(2).Infof("Cross-encryption copy: using unified multipart copy")
|
||||
return s3a.copyMultipartCrossEncryption(entry, r, state, dstBucket, dstPath)
|
||||
}
|
||||
|
||||
// applyCopyBucketDefaultEncryption applies the destination bucket's default encryption settings if no explicit encryption is specified
|
||||
func (s3a *S3ApiServer) applyCopyBucketDefaultEncryption(state *EncryptionState, dstBucket string) {
|
||||
if !state.IsTargetEncrypted() {
|
||||
bucketMetadata, err := s3a.getBucketMetadata(dstBucket)
|
||||
if err == nil && bucketMetadata != nil && bucketMetadata.Encryption != nil {
|
||||
switch bucketMetadata.Encryption.SseAlgorithm {
|
||||
case "aws:kms":
|
||||
state.DstSSEKMS = true
|
||||
case "AES256":
|
||||
state.DstSSES3 = true
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user