self-hosted/minio
self-hosted/minio
1
0
Fork 0
mirror of https://github.com/minio/minio synced 2024-07-05 17:08:43 +00:00
Code Issues Projects Releases Wiki Activity

Disable caching of encrypted objects (#19890)

Browse Source 
Don't write encrypted objects to cache, if configured.
This commit is contained in:
Klaus Post 2024-06-06 11:39:18 -07:00 committed by GitHub
parent b94dd835c9
commit 0fbb945e13
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 16 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
cmd/object-handlers.go
View File

@ -384,6 +384,10 @@ func (api objectAPIHandlers) getObjectHandler(ctx context.Context, objectAPI Obj
}
cachedResult := globalCacheConfig.Enabled() && opts.VersionID == ""
if _, ok := crypto.IsRequested(r.Header); ok {
// No need to check cache for encrypted objects.
cachedResult = false
}
var update bool
if cachedResult {
@ -606,6 +610,8 @@ func (api objectAPIHandlers) getObjectHandler(ctx context.Context, objectAPI Obj
w.Header().Set(xhttp.AmzServerSideEncryptionCustomerAlgorithm, r.Header.Get(xhttp.AmzServerSideEncryptionCustomerAlgorithm))
w.Header().Set(xhttp.AmzServerSideEncryptionCustomerKeyMD5, r.Header.Get(xhttp.AmzServerSideEncryptionCustomerKeyMD5))
}
// Never store encrypted objects in cache.
update = false
objInfo.ETag = getDecryptedETag(r.Header, objInfo, false)
}
@ -949,7 +955,10 @@ func (api objectAPIHandlers) headObjectHandler(ctx context.Context, objectAPI Ob
}
cachedResult := globalCacheConfig.Enabled() && opts.VersionID == ""
if _, ok := crypto.IsRequested(r.Header); ok {
// No need to check cache for encrypted objects.
cachedResult = false
}
var update bool
if cachedResult {
rc := &cache.CondCheck{}
@ -1044,6 +1053,10 @@ func (api objectAPIHandlers) headObjectHandler(ctx context.Context, objectAPI Ob
}
}
}
if _, ok := crypto.IsEncrypted(objInfo.UserDefined); ok {
// Never store encrypted objects in cache.
update = false
}
if objInfo.UserTags != "" {
// Set this such that authorization policies can be applied on the object tags.
@ -2139,7 +2152,8 @@ func (api objectAPIHandlers) PutObjectHandler(w http.ResponseWriter, r *http.Req
})
var buf *bytebufferpool.ByteBuffer
if globalCacheConfig.MatchesSize(size) {
// Disable cache for encrypted objects - headers are applied with sseConfig.Apply if auto encrypted.
if globalCacheConfig.MatchesSize(size) && !crypto.Requested(r.Header) {
buf = bytebufferpool.Get()
defer bytebufferpool.Put(buf)
}