Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

rgw/sse-s3: fix bucket encryption of multipart upload #49409

Merged
merged 1 commit into from Apr 6, 2023
Merged

rgw/sse-s3: fix bucket encryption of multipart upload #49409

merged 1 commit into from Apr 6, 2023

Conversation

5cs
Copy link
Contributor

@5cs 5cs commented Dec 13, 2022
edited

Multipart upload missing encryption when we have bucket encryption policy. Fix it by fetching bucket encryption policy and resolving defaults at multipart init op.

Fixes: https://tracker.ceph.com/issues/59218

Signed-off-by: Tongliang Deng dengtongliang@gmail.com

Contribution Guidelines

Checklist

  • Tracker (select at least one)
    • References tracker ticket
    • Very recent bug; references commit where it was introduced
    • New feature (ticket optional)
    • Doc update (no ticket needed)
    • Code cleanup (no ticket needed)
  • Component impact
    • Affects Dashboard, opened tracker ticket
    • Affects Orchestrator, opened tracker ticket
    • No impact that needs to be tracked
  • Documentation (select at least one)
    • Updates relevant documentation
    • No doc update is appropriate
  • Tests (select at least one)
Show available Jenkins commands
  • jenkins retest this please
  • jenkins test classic perf
  • jenkins test crimson perf
  • jenkins test signed
  • jenkins test make check
  • jenkins test make check arm64
  • jenkins test submodules
  • jenkins test dashboard
  • jenkins test dashboard cephadm
  • jenkins test api
  • jenkins test docs
  • jenkins render docs
  • jenkins test ceph-volume all
  • jenkins test ceph-volume tox
  • jenkins test windows

@github-actions github-actions bot added the rgw label Dec 13, 2022
mdw-at-linuxbox
mdw-at-linuxbox reviewed Mar 27, 2023
View reviewed changes
Copy link
Contributor

@mdw-at-linuxbox mdw-at-linuxbox left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What tracker ID goes with this fix? This should be in the commit message.

src/rgw/rgw_rest_s3.cc Outdated
@@ -3876,10 +3876,19 @@ void RGWSetRequestPayment_ObjStore_S3::send_response()

int RGWInitMultipart_ObjStore_S3::get_params(optional_yield y)
{
int ret;

map_qs_metadata(s, true);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is this call necessary? The aws doc doesn't appear to document using query parameters to set encryption parameters when creating a multipart upload.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Removed.

@cbodley
Copy link
Contributor

cbodley commented Mar 29, 2023

What tracker ID goes with this fix? This should be in the commit message.

i've opened https://tracker.ceph.com/issues/59218 to track backports for this. we'll also want an s3test case that exercises this

@5cs
rgw/sse-s3: fix bucket encryption of multipart upload
6d9e4f7 
Multipart upload missing encryption when we have bucket encryption
policy. Fix it by fetching bucket encryption policy and resolving
defaults at multipart init op.

Fixes: https://tracker.ceph.com/issues/59218

Signed-off-by: Tongliang Deng <dengtongliang@gmail.com>
@5cs 5cs force-pushed the fix-multipart-upload-encryption branch from 8c67720 to 6d9e4f7 Compare March 30, 2023 02:19
@5cs 5cs requested a review from a team as a code owner March 30, 2023 02:19
@5cs
Copy link
Contributor Author

5cs commented Mar 30, 2023

What tracker ID goes with this fix? This should be in the commit message.

i've opened https://tracker.ceph.com/issues/59218 to track backports for this. we'll also want an s3test case that exercises this

Thanks very much, I've updated the commit message with it.

@cbodley cbodley mentioned this pull request Mar 30, 2023
Merged
@cbodley
Copy link
Contributor

cbodley commented Mar 30, 2023

there's a test_sse_s3_default_multipart_upload test case that looks like it should have caught this; i opened ceph/s3-tests#505 to add a check for the encryption header. does that look right, @mdw-at-linuxbox @5cs?

@cbodley
Copy link
Contributor

cbodley commented Mar 30, 2023

jenkins test make check

@cbodley
Copy link
Contributor

cbodley commented Apr 6, 2023

passed qa against tests from ceph/s3-tests#505:
run https://pulpito.ceph.com/cbodley-2023-04-01_01:23:10-rgw-wip-cbodley-testing-distro-default-smithi/
rerun https://pulpito.ceph.com/cbodley-2023-04-03_13:05:03-rgw-wip-cbodley-testing-distro-default-smithi/

test_sse_s3_default_multipart_upload PASSED

@cbodley cbodley merged commit 7dd680a into ceph:main Apr 6, 2023
4 checks passed
@5cs 5cs deleted the fix-multipart-upload-encryption branch April 6, 2023 13:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mdw-at-linuxbox mdw-at-linuxbox mdw-at-linuxbox left review comments

@cbodley cbodley cbodley approved these changes

Assignees
No one assigned
Labels
bug-fix needs-qa rgw wip-cbodley-testing
Projects
None yet
Milestone
No milestone
4 participants
@5cs @cbodley @mdw-at-linuxbox @ivancich