Project

General

Profile

Actions
Copy link

Bug #61473

open

sse: rgw_crypt_default_encryption_key no longer applies default encryption

Added by Casey Bodley 12 months ago. Updated 10 months ago.

Status:
Pending Backport
Priority:
Normal
Assignee:
-
Target version:
-
% Done:

0%

Source:
Tags:
sse backport_processed
Backport:
quincy reef
Regression:
No
Severity:
3 - minor
Reviewed:
Affected Versions:
ceph-qa-suite:
Pull request ID:
51786
Crash signature (v1):
Crash signature (v2):

Description

it doesn't appear to be possible to trigger default encryption with rgw_crypt_default_encryption_key any more

rgw_s3_prepare_encrypt() only considers rgw_crypt_default_encryption_key if
  • the upload requests sse-s3 encryption with x-amz-server-side-encryption: AES256, and
  • rgw_crypt_sse_s3_backend is not set to "vault"

however, vault is the only valid value for the backend (enforced by enum_values), so the rgw_crypt_default_encryption_key logic is unreachable

i believe this default encryption key is intended to apply to all requests that don't specify another encryption method

Related issues 2 (2 open0 closed)

Copied to rgw - Backport #62310: quincy: sse: rgw_crypt_default_encryption_key no longer applies default encryptionIn ProgressCasey BodleyActions
Copied to rgw - Backport #62311: reef: sse: rgw_crypt_default_encryption_key no longer applies default encryptionIn ProgressCasey BodleyActions
Actions
Copy link
 #1

Updated by Casey Bodley 12 months ago

  • Status changed from New to Fix Under Review
  • Pull request ID set to 51786
Actions
Copy link
 #2

Updated by Casey Bodley 11 months ago

  • Backport set to quincy reef
Actions
Copy link
 #3

Updated by Casey Bodley 10 months ago

  • Status changed from Fix Under Review to Pending Backport
Actions
Copy link
 #4

Updated by Backport Bot 10 months ago

  • Copied to Backport #62310: quincy: sse: rgw_crypt_default_encryption_key no longer applies default encryption added
Actions
Copy link
 #5

Updated by Backport Bot 10 months ago

  • Copied to Backport #62311: reef: sse: rgw_crypt_default_encryption_key no longer applies default encryption added
Actions
Copy link
 #6

Updated by Backport Bot 10 months ago

  • Tags changed from sse to sse backport_processed
Actions
Copy link

Also available in: Atom PDF