rgw: decrypt multipart get part when encrypted

[sungjoon-koh]

If the multipart object is encrypted by SSE-C or SSE-S3, get object with partNumber doesn't decrypt the part.

This patch enables rgw to decrypt the part for get object request with partNumber.

Contribution Guidelines

• To sign and title your commits, please refer to Submitting Patches to Ceph.

• If you are submitting a fix for a stable branch (e.g. "quincy"), please refer to Submitting Patches to Ceph - Backports for the proper workflow.

• When filling out the below checklist, you may click boxes directly in the GitHub web UI. When entering or editing the entire PR message in the GitHub web UI editor, you may also select a checklist item by adding an x between the brackets: [x]. Spaces and capitalization matter when checking off items this way.

Checklist

• Tracker (select at least one)
  • References tracker ticket
  • Very recent bug; references commit where it was introduced
  • New feature (ticket optional)
  • Doc update (no ticket needed)
  • Code cleanup (no ticket needed)
• Component impact
  • Affects Dashboard, opened tracker ticket
  • Affects Orchestrator, opened tracker ticket
  • No impact that needs to be tracked
• Documentation (select at least one)
  • Updates relevant documentation
  • No doc update is appropriate
• Tests (select at least one)
  • Includes unit test(s)
  • Includes integration test(s)
  • Includes bug reproducer
  • No tests

Show available Jenkins commands

• jenkins retest this please
• jenkins test classic perf
• jenkins test crimson perf
• jenkins test signed
• jenkins test make check
• jenkins test make check arm64
• jenkins test submodules
• jenkins test dashboard
• jenkins test dashboard cephadm
• jenkins test api
• jenkins test docs
• jenkins render docs
• jenkins test ceph-volume all
• jenkins test ceph-volume tox
• jenkins test windows
• jenkins test rook e2e

[sungjoon-koh]

@cbodley Hello, could you please check this PR?

[sungjoon-koh]

To reproduce:

1. Enable SSE-S3 (add following line to vstart.sh)
   rgw crypt default encryption key = 4YSmvJtBv0aZ7geVgAsdpRnLBEwWSWlMIGnRS8a9TSA=
2. Create multipart, upload part, and complete multipart upload.
3. Get object with part number.
   aws s3api get-object --bucket $BUCKET --key $KEY --part-number 1 test-part-1

--> You can get encrypted part.

[cbodley]

thanks @sungjoon-koh! i've created https://tracker.ceph.com/issues/68292 to track the backport to squid

[adamemerson]

jenkins test windows

[cbodley]

i added a sse-c test case for this in ceph/s3-tests#591

[sungjoon-koh]

@cbodley Thank you for your prompt response. I addressed your comment.
I also checked with your test.

[sungjoon-koh]

jenkins test api

[sungjoon-koh]

jenkins test windows

[cbodley]

passed qa in https://pulpito.ceph.com/cbodley-2024-10-04_16:44:30-rgw-wip-68292-distro-default-smithi/ against test cases from ceph/s3-tests#591:

s3tests_boto3/functional/test_s3.py::test_multipart_get_part PASSED      [ 67%]
s3tests_boto3/functional/test_s3.py::test_multipart_sse_c_get_part PASSED [ 67%]
s3tests_boto3/functional/test_s3.py::test_multipart_single_get_part PASSED [ 68%]
s3tests_boto3/functional/test_s3.py::test_non_multipart_get_part PASSED  [ 68%]
s3tests_boto3/functional/test_s3.py::test_non_multipart_sse_c_get_part PASSED [ 68%]