noobaa · vh05 · Oct 23, 2024 · dannyzaken · Nov 13, 2024
diff --git a/src/endpoint/s3/ops/s3_put_bucket.js b/src/endpoint/s3/ops/s3_put_bucket.js
@@ -9,6 +9,15 @@ async function put_bucket(req, res) {
     const lock_enabled = config.WORM_ENABLED ? req.headers['x-amz-bucket-object-lock-enabled'] &&
         req.headers['x-amz-bucket-object-lock-enabled'].toUpperCase() === 'TRUE' : undefined;
     await req.object_sdk.create_bucket({ name: req.params.bucket, lock_enabled: lock_enabled });
+
+    // Set default server side bucket encryption
+    // More details: https://docs.aws.amazon.com/AmazonS3/latest/userguide/bucket-encryption.html
+    await req.object_sdk.put_bucket_encryption({
+        name: req.params.bucket,
+        encryption: {
+            "algorithm": "AES256",
+        }
+    });
     res.setHeader('Location', '/' + req.params.bucket);
 }
 

diff --git a/src/test/system_tests/ceph_s3_tests/s3-tests-lists/s3_tests_pending_list.txt b/src/test/system_tests/ceph_s3_tests/s3-tests-lists/s3_tests_pending_list.txt
@@ -144,4 +144,6 @@ s3tests_boto3/functional/test_s3.py::test_lifecycle_expiration_size_lt
 s3tests_boto3/functional/test_s3.py::test_object_lock_delete_multipart_object_with_retention
 s3tests_boto3/functional/test_s3.py::test_object_lock_delete_multipart_object_with_legal_hold_on
 s3tests_boto3/functional/test_s3.py::test_get_undefined_public_block
-s3tests_boto3/functional/test_s3.py::test_get_public_block_deny_bucket_policy
+s3tests_boto3/functional/test_s3.py::test_get_public_block_deny_bucket_policy
+s3tests_boto3/functional/test_s3.py::test_get_bucket_encryption_s3
+s3tests_boto3/functional/test_s3.py::test_get_bucket_encryption_kms
diff --git a/src/test/unit_tests/test_s3_encryption.js b/src/test/unit_tests/test_s3_encryption.js
@@ -71,14 +71,22 @@ mocha.describe('Bucket Encryption Operations', async () => {
         await local_s3.createBucket({ Bucket: BKT });
     });
 
-    mocha.it('should get bucket encryption error without encryption configured', async () => {
+    mocha.it('getBucketEncryption should return the default server side encryption configuration', async () => {
         try {
             const res = await local_s3.getBucketEncryption({ Bucket: BKT });
-            throw new Error(`Expected to get error with unconfigured bucket encryption ${res}`);
+            const expected_response = {
+                ServerSideEncryptionConfiguration: {
+                    Rules: [{
+                        ApplyServerSideEncryptionByDefault: {
+                            SSEAlgorithm: 'AES256'
+                        }
+                    }]
+                }
+            };
+            const res_without_metadata = _.omit(res, '$metadata');
+            assert.deepEqual(res_without_metadata, expected_response);
         } catch (error) {
-            assert(error.message === 'The server side encryption configuration was not found.', `Error message does not match got: ${error.message}`);
-            assert(error.Code === 'ServerSideEncryptionConfigurationNotFoundError', `Error code does not match got: ${error.Code}`);
-            assert(error.$metadata.httpStatusCode === 404, `Error status code does not match got: ${error.$metadata.httpStatusCode}`);
+            throw new Error(`The server side encryption configuration was not found ${error.message}`);
         }
     });