Skip to content
This repository has been archived by the owner on May 10, 2024. It is now read-only.


Merge pull request #3800 from houglum/develop
Browse files Browse the repository at this point in the history
Fix to support uploads to KMS-encrypted buckets.
  • Loading branch information
mfschwartz committed Mar 12, 2018
2 parents 132b64d + 7509420 commit 0a1d904
Showing 1 changed file with 9 additions and 5 deletions.
14 changes: 9 additions & 5 deletions boto/s3/
Original file line number Diff line number Diff line change
Expand Up @@ -236,7 +236,7 @@ def handle_storage_class_header(self, resp):
self._storage_class = resp.getheader(
provider.storage_class_header, None)
if (self._storage_class is None and
provider.get_provider_name() == 'aws'):
provider.get_provider_name() == 'aws'):
# S3 docs for HEAD object requests say S3 will return this
# header for all objects except Standard storage class objects.
self._storage_class = 'STANDARD'
Expand Down Expand Up @@ -321,7 +321,7 @@ def open_read(self, headers=None, query_args='',
# header if one was returned. If not, use Content-Length
# header.
if (name.lower() == 'content-length' and
'Content-Range' not in response_headers):
'Content-Range' not in response_headers):
self.size = int(value)
elif name.lower() == 'content-range':
end_range = re.sub('.*/(.*)', '\\1', value)
Expand Down Expand Up @@ -922,7 +922,7 @@ def sender(http_conn, method, path, data, headers):
# type. This can be achieved by setting headers['Content-Type']
# to None when calling this method.
if (len(content_type_headers) == 1 and
headers[content_type_headers[0]] is None):
headers[content_type_headers[0]] is None):
# Delete null Content-Type value to skip sending that header.
del headers[content_type_headers[0]]
Expand Down Expand Up @@ -986,9 +986,13 @@ def should_retry(self, response, chunked_transfer=False):
# If you use customer-provided encryption keys, the ETag value that
# Amazon S3 returns in the response will not be the MD5 of the
# object.
server_side_encryption_customer_algorithm = response.getheader(
amz_server_side_encryption_customer_algorithm = response.getheader(
'x-amz-server-side-encryption-customer-algorithm', None)
if server_side_encryption_customer_algorithm is None:
# The same is applicable for KMS-encrypted objects in gs buckets.
goog_customer_managed_encryption = response.getheader(
'x-goog-encryption-kms-key-name', None)
if (amz_server_side_encryption_customer_algorithm is None and
goog_customer_managed_encryption is None):
if self.etag != '"%s"' % md5:
raise provider.storage_data_error(
'ETag from S3 did not match computed MD5. '
Expand Down

0 comments on commit 0a1d904

Please sign in to comment.