CLDSRV-670: Check SSE KMS Key acces on createMPU

Author: BourgoisMickael

lib/api/initiateMultipartUpload.js

@@ -22,6 +22,7 @@ const { setExpirationHeaders } = require('./apiUtils/object/expirationHeaders');
 const { data } = require('../data/wrapper');
 const { setSSEHeaders } = require('./apiUtils/object/sseHeaders');
 const { updateEncryption } = require('./apiUtils/bucket/updateEncryption');
+const kms = require('../kms/wrapper');
 
 /*
 Sample xml response:
@@ -335,6 +336,14 @@ function initiateMultipartUpload(authInfo, request, log, callback) {
                     return next(null, corsHeaders, destinationBucket, objectSSEConfig);
                 }
             ),
+        // If SSE configured, test kms key encryption access, but ignore cipher bundle
+        (corsHeaders, destinationBucket, objectSSEConfig, next) => {
+            if (objectSSEConfig) {
+                return kms.createCipherBundle(objectSSEConfig, log,
+                    (err) => next(err, corsHeaders, destinationBucket, objectSSEConfig));
+            }
+            return next(null, corsHeaders, destinationBucket, objectSSEConfig);
+        },
     ],
         (error, corsHeaders, destinationBucket, objectSSEConfig) => {
             if (error) {