Actions
Bug #58594
openMultiPart Upload with Bucket Policy Fails
% Done:
0%
Source:
Tags:
post multipart policy sse backport_processed
Backport:
quincy reef
Regression:
No
Severity:
3 - minor
Reviewed:
Description
When configuring a bucket with the following policy, any multi-part uploads are rejected:
{"Sid":"DenyUnencryptedUploads","Effect":"Deny","Principal":"*","Action":"s3:PutObject","Resource":"BUCKET_ARN/*","Condition":{"Null":{"s3:x-amz-server-side-encryption":"true"}}}
From some digging it would appear the authorization checks found in `RGWPutObj::verify_permission` are not replicated in the `RGWPostObj::verify_permission` function and thus the `x-amz-server-side-encryption` header is never added to the authorization environment using `rgw_add_to_iam_environment`, currently `src/rgw/rgw_op.cc`:3697 on the main branch.
Actions