Merge pull request #995 from openshift-cherrypick-robot/cherry-pick-9…

…94-to-release-4.14 [release-4.14] OCPBUGS-28989: pkg/storage/s3: enable bucket key on encryption settings
openshift · Feb 22, 2024 · ecff686 · ecff686
2 parents 791c39c + 963e0f5
commit ecff686
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 3 deletions.
diff --git a/pkg/storage/s3/s3.go b/pkg/storage/s3/s3.go
@@ -794,12 +794,14 @@ func (d *driver) CreateStorage(cr *imageregistryv1.Config) error {
 			encryptionType = s3.ServerSideEncryptionAes256
 		}
 
+		enableBucketKey := true
 		_, err = svc.PutBucketEncryptionWithContext(d.Context, &s3.PutBucketEncryptionInput{
 			Bucket: aws.String(d.Config.Bucket),
 			ServerSideEncryptionConfiguration: &s3.ServerSideEncryptionConfiguration{
 				Rules: []*s3.ServerSideEncryptionRule{
 					{
 						ApplyServerSideEncryptionByDefault: encryption,
+						BucketKeyEnabled:                   &enableBucketKey,
 					},
 				},
 			},

diff --git a/test/e2e/aws_test.go b/test/e2e/aws_test.go
@@ -226,7 +226,7 @@ func TestAWSDefaults(t *testing.T) {
 					ApplyServerSideEncryptionByDefault: &s3.ServerSideEncryptionByDefault{
 						SSEAlgorithm: aws.String(s3.ServerSideEncryptionAes256),
 					},
-					BucketKeyEnabled: aws.Bool(false),
+					BucketKeyEnabled: aws.Bool(true),
 				},
 			},
 		}
@@ -552,7 +552,7 @@ func TestAWSChangeS3Encryption(t *testing.T) {
 				ApplyServerSideEncryptionByDefault: &s3.ServerSideEncryptionByDefault{
 					SSEAlgorithm: aws.String(s3.ServerSideEncryptionAes256),
 				},
-				BucketKeyEnabled: aws.Bool(false),
+				BucketKeyEnabled: aws.Bool(true),
 			},
 		},
 	}
@@ -602,7 +602,7 @@ func TestAWSChangeS3Encryption(t *testing.T) {
 							SSEAlgorithm:   aws.String(s3.ServerSideEncryptionAwsKms),
 							KMSMasterKeyID: aws.String("testKey"),
 						},
-						BucketKeyEnabled: aws.Bool(false),
+						BucketKeyEnabled: aws.Bool(true),
 					},
 				},
 			}