Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

rgw: include SSE-KMS headers in encrypted upload response #17999

Merged
merged 1 commit into from Oct 2, 2017

Conversation

Projects
None yet
2 participants
@cbodley
Copy link
Contributor

commented Sep 27, 2017

tested with boto3 against a vstart.sh cluster:

import boto3
session = boto3.session.Session()
s3 = session.client('s3', aws_access_key_id='0555b35654ad1656d804', aws_secret_access_key='h7GhxuBLTrlhVUyxSPUKUV8r/2EI4ngqJxD7iBdBYLhwluN30JaT3Q==', endpoint_url='http://localhost:8000')
s3.put_object(Bucket='bucket', Key='foo', Body='abcdefg', ServerSideEncryption='aws:kms', SSEKMSKeyId='testkey-1')

without this patch, the response is missing the expected encryption headers:

{u'ETag': '"7ac66c0f148de9519b8bd264312c4d64"', 'ResponseMetadata': {'HTTPStatusCode': 200, 'RetryAttempts': 0, 'HostId': '', 'RequestId': 'tx000000000000000000002-0059cbf0e9-100a-default', 'HTTPHeaders': {'date': 'Wed, 27 Sep 2017 18:41:46 GMT', 'content-length': '0', 'etag': '"7ac66c0f148de9519b8bd264312c4d64"', 'accept-ranges': 'bytes', 'x-amz-request-id': 'tx000000000000000000002-0059cbf0e9-100a-default'}}}

with this patch applied, the headers are included:

{u'SSEKMSKeyId': 'testkey-1', u'ETag': '"7ac66c0f148de9519b8bd264312c4d64"', 'ResponseMetadata': {'HTTPStatusCode': 200, 'RetryAttempts': 0, 'HostId': '', 'RequestId': 'tx000000000000000000002-0059cbec74-100a-default', 'HTTPHeaders': {'content-length': '0', 'accept-ranges': 'bytes', 'x-amz-server-side-encryption-aws-kms-key-id': 'testkey-1', 'etag': '"7ac66c0f148de9519b8bd264312c4d64"', 'x-amz-request-id': 'tx000000000000000000002-0059cbec74-100a-default', 'date': 'Wed, 27 Sep 2017 18:22:45 GMT', 'x-amz-server-side-encryption': 'aws:kms'}}, u'ServerSideEncryption': 'aws:kms'}

Fixes: http://tracker.ceph.com/issues/21576

rgw: include SSE-KMS headers in encrypted upload response
Fixes: http://tracker.ceph.com/issues/21576

Signed-off-by: Casey Bodley <cbodley@redhat.com>

@cbodley cbodley requested a review from aclamk Sep 27, 2017

@cbodley

This comment has been minimized.

Copy link
Contributor Author

commented Sep 27, 2017

oops, i didn't realize this was already fixed in #17882

@cbodley cbodley closed this Sep 27, 2017

@cbodley cbodley reopened this Oct 2, 2017

@cbodley cbodley requested a review from mattbenjamin Oct 2, 2017

@mattbenjamin
Copy link
Contributor

left a comment

lgtm

@cbodley cbodley merged commit cd0bd44 into ceph:master Oct 2, 2017

5 checks passed

Docs: build check OK - docs built
Details
Signed-off-by all commits in this PR are signed
Details
Unmodified Submodules submodules for project are unmodified
Details
make check make check succeeded
Details
make check (arm64) make check succeeded
Details

@cbodley cbodley deleted the cbodley:wip-21576 branch Oct 2, 2017

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.