Project

General

Profile

Bug #20668

rgw multisite: cannot sync objects encrypted with SSE-C

Added by Casey Bodley almost 2 years ago. Updated over 1 year ago.

Status:
Resolved
Priority:
High
Assignee:
Target version:
-
Start date:
07/18/2017
Due date:
% Done:

0%

Source:
Tags:
Backport:
luminous
Regression:
No
Severity:
3 - minor
Reviewed:
Affected Versions:
ceph-qa-suite:
Pull request ID:

Description

GET requests for encrypted objects require special headers for SSE-C, enforced by rgw_s3_prepare_decrypt(). Multisite sync requests do not include these headers, and will be rejected with 400 Bad Request. These objects should be fetched in encrypted form, so that they can be decrypted on the target zone when the correct SSE-C headers are presented.


Related issues

Related to rgw - Bug #20671: rgw multisite: objects encrypted with SSE-KMS are stored unencrypted in target zone Resolved 07/18/2017
Copied to rgw - Backport #21116: luminous: rgw multisite: cannot sync objects encrypted with SSE-C Resolved

History

#1 Updated by Casey Bodley almost 2 years ago

  • Status changed from New to Verified
  • Assignee set to Casey Bodley

#2 Updated by Casey Bodley almost 2 years ago

  • Status changed from Verified to Need Test

#3 Updated by Casey Bodley almost 2 years ago

  • Related to Bug #20671: rgw multisite: objects encrypted with SSE-KMS are stored unencrypted in target zone added

#4 Updated by Matt Benjamin over 1 year ago

  • Status changed from Need Test to Pending Backport

#5 Updated by Nathan Cutler over 1 year ago

  • Copied to Backport #21116: luminous: rgw multisite: cannot sync objects encrypted with SSE-C added

#6 Updated by Nathan Cutler over 1 year ago

  • Status changed from Pending Backport to Resolved

Also available in: Atom PDF