Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix(storage): fix upload object with bucket cmek enabled #158

Merged
merged 5 commits into from May 22, 2020

Conversation

@HemangChothani
Copy link
Contributor

@HemangChothani HemangChothani commented May 21, 2020

Fixes #155

Copy link
Member

@frankyn frankyn left a comment

Thanks @HemangChothani, I have one request, but otherwise LGTM.

if self.kms_key_name is not None:
if (
self.kms_key_name is not None
and "cryptoKeyVersions" not in self.kms_key_name
Copy link
Member

@frankyn frankyn May 21, 2020

Please add comments on why this is needed for posterity. Mainly that Cloud Storage object metadata stores kmsKeyName with version information and uploads() expect non-versioned information.

# When cmek is enabled for bucket blob.metadata stores the value of
# kmsKeyName with version information whereas upload method expect
# information without version so this condition ignores the kmsKeyName
# which has cryptoKeyVersions.
Copy link
Member

@frankyn frankyn May 22, 2020

Suggested changes:

When a Customer Managed Encryption Key is used to encrypt Cloud Storage object at rest, object resource metadata will store the version of the Key Management Service cryptographic material. If a Blob instance with KMS Key metadata set is used to upload a new version of the object then the existing kmsKeyName version value can't be used in the upload request and the client instead ignores it.

@frankyn frankyn merged commit 5f27ffa into googleapis:master May 22, 2020
3 checks passed
cojenco added a commit to cojenco/python-storage that referenced this issue Oct 13, 2021
)

* fix(storage): fix upload object with bucket cmek enabled

* fix(storage): add comments for condition used

* fix(storage): nit

Co-authored-by: Frank Natividad <frankyn@users.noreply.github.com>
cojenco added a commit to cojenco/python-storage that referenced this issue Oct 13, 2021
)

* fix(storage): fix upload object with bucket cmek enabled

* fix(storage): add comments for condition used

* fix(storage): nit

Co-authored-by: Frank Natividad <frankyn@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Linked issues

Successfully merging this pull request may close these issues.

3 participants