From a9b6309ba4dff9b322d513869494caf6a78159a8 Mon Sep 17 00:00:00 2001
From: Vinayakswami Hariharmath <vharihar@redhat.com>
Date: Wed, 23 Oct 2024 15:54:24 +0530
Subject: [PATCH] Set default bucket encryption during bucket creation

All S3 buckets have encryption configured by default,
and objects are automatically encrypted by using server
side encryption. When we do get-bucker-encryption on
any bucket we get the the default encryption configuration.

With this patch we set default encryption on bucket while
creating the bucket and follow the behavior of S3 bucket

Signed-off-by: Vinayakswami Hariharmath <vharihar@redhat.com>
---
 src/endpoint/s3/ops/s3_put_bucket.js      | 9 +++++++++
 src/test/unit_tests/test_s3_encryption.js | 7 ++-----
 2 files changed, 11 insertions(+), 5 deletions(-)

diff --git a/src/endpoint/s3/ops/s3_put_bucket.js b/src/endpoint/s3/ops/s3_put_bucket.js
index fd588dafdd..a0cfa3f643 100644
--- a/src/endpoint/s3/ops/s3_put_bucket.js
+++ b/src/endpoint/s3/ops/s3_put_bucket.js
@@ -9,6 +9,15 @@ async function put_bucket(req, res) {
     const lock_enabled = config.WORM_ENABLED ? req.headers['x-amz-bucket-object-lock-enabled'] &&
         req.headers['x-amz-bucket-object-lock-enabled'].toUpperCase() === 'TRUE' : undefined;
     await req.object_sdk.create_bucket({ name: req.params.bucket, lock_enabled: lock_enabled });
+
+    // Set default server side bucket encryption
+    // More details: https://docs.aws.amazon.com/AmazonS3/latest/userguide/bucket-encryption.html
+    await req.object_sdk.put_bucket_encryption({
+        name: req.params.bucket,
+        encryption: {
+            "algorithm": "AES256",
+        }
+    });
     res.setHeader('Location', '/' + req.params.bucket);
 }
 
diff --git a/src/test/unit_tests/test_s3_encryption.js b/src/test/unit_tests/test_s3_encryption.js
index ea731e8be0..9830a3262c 100644
--- a/src/test/unit_tests/test_s3_encryption.js
+++ b/src/test/unit_tests/test_s3_encryption.js
@@ -71,14 +71,11 @@ mocha.describe('Bucket Encryption Operations', async () => {
         await local_s3.createBucket({ Bucket: BKT });
     });
 
-    mocha.it('should get bucket encryption error without encryption configured', async () => {
+    mocha.it('getBucketEncryption should return the default server side encryption configuration', async () => {
         try {
             const res = await local_s3.getBucketEncryption({ Bucket: BKT });
-            throw new Error(`Expected to get error with unconfigured bucket encryption ${res}`);
         } catch (error) {
-            assert(error.message === 'The server side encryption configuration was not found.', `Error message does not match got: ${error.message}`);
-            assert(error.Code === 'ServerSideEncryptionConfigurationNotFoundError', `Error code does not match got: ${error.Code}`);
-            assert(error.$metadata.httpStatusCode === 404, `Error status code does not match got: ${error.$metadata.httpStatusCode}`);
+            throw new Error(`The server side encryption configuration was not found ${error.message}`);
         }
     });