self-hosted/minio
self-hosted/minio
1
0
Fork 0
mirror of https://github.com/minio/minio synced 2024-07-22 02:44:15 +00:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

Disable caching of encrypted objects (#19890)

Browse source 
Don't write encrypted objects to cache, if configured.
This commit is contained in:
Klaus Post 2024-06-06 11:39:18 -07:00 committed by GitHub
parent b94dd835c9
commit 0fbb945e13
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 16 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

18
cmd/object-handlers.go
View file

@ -384,6 +384,10 @@ func (api objectAPIHandlers) getObjectHandler(ctx context.Context, objectAPI Obj
} }
cachedResult := globalCacheConfig.Enabled() && opts.VersionID == "" cachedResult := globalCacheConfig.Enabled() && opts.VersionID == ""
if _, ok := crypto.IsRequested(r.Header); ok {
// No need to check cache for encrypted objects.
cachedResult = false
}
var update bool var update bool
if cachedResult { if cachedResult {
@ -606,6 +610,8 @@ func (api objectAPIHandlers) getObjectHandler(ctx context.Context, objectAPI Obj
w.Header().Set(xhttp.AmzServerSideEncryptionCustomerAlgorithm, r.Header.Get(xhttp.AmzServerSideEncryptionCustomerAlgorithm)) w.Header().Set(xhttp.AmzServerSideEncryptionCustomerAlgorithm, r.Header.Get(xhttp.AmzServerSideEncryptionCustomerAlgorithm))
w.Header().Set(xhttp.AmzServerSideEncryptionCustomerKeyMD5, r.Header.Get(xhttp.AmzServerSideEncryptionCustomerKeyMD5)) w.Header().Set(xhttp.AmzServerSideEncryptionCustomerKeyMD5, r.Header.Get(xhttp.AmzServerSideEncryptionCustomerKeyMD5))
} }
// Never store encrypted objects in cache.
update = false
objInfo.ETag = getDecryptedETag(r.Header, objInfo, false) objInfo.ETag = getDecryptedETag(r.Header, objInfo, false)
} }
@ -949,7 +955,10 @@ func (api objectAPIHandlers) headObjectHandler(ctx context.Context, objectAPI Ob
} }
cachedResult := globalCacheConfig.Enabled() && opts.VersionID == "" cachedResult := globalCacheConfig.Enabled() && opts.VersionID == ""
if _, ok := crypto.IsRequested(r.Header); ok {
// No need to check cache for encrypted objects.
cachedResult = false
}
var update bool var update bool
if cachedResult { if cachedResult {
rc := &cache.CondCheck{} rc := &cache.CondCheck{}
@ -1044,6 +1053,10 @@ func (api objectAPIHandlers) headObjectHandler(ctx context.Context, objectAPI Ob
} }
} }
} }
if _, ok := crypto.IsEncrypted(objInfo.UserDefined); ok {
// Never store encrypted objects in cache.
update = false
}
if objInfo.UserTags != "" { if objInfo.UserTags != "" {
// Set this such that authorization policies can be applied on the object tags. // Set this such that authorization policies can be applied on the object tags.
@ -2139,7 +2152,8 @@ func (api objectAPIHandlers) PutObjectHandler(w http.ResponseWriter, r *http.Req
}) })
var buf *bytebufferpool.ByteBuffer var buf *bytebufferpool.ByteBuffer
if globalCacheConfig.MatchesSize(size) { // Disable cache for encrypted objects - headers are applied with sseConfig.Apply if auto encrypted.
if globalCacheConfig.MatchesSize(size) && !crypto.Requested(r.Header) {
buf = bytebufferpool.Get() buf = bytebufferpool.Get()
defer bytebufferpool.Put(buf) defer bytebufferpool.Put(buf)
} }