Project

General

Profile

Bug #20668

rgw multisite: cannot sync objects encrypted with SSE-C

Added by Casey Bodley about 2 years ago. Updated almost 2 years ago.

Status:
Resolved
Priority:
High
Assignee:
Target version:
-
Start date:
07/18/2017
Due date:
% Done:

0%

Source:
Tags:
Backport:
luminous
Regression:
No
Severity:
3 - minor
Reviewed:
Affected Versions:
ceph-qa-suite:
Pull request ID:

Description

GET requests for encrypted objects require special headers for SSE-C, enforced by rgw_s3_prepare_decrypt(). Multisite sync requests do not include these headers, and will be rejected with 400 Bad Request. These objects should be fetched in encrypted form, so that they can be decrypted on the target zone when the correct SSE-C headers are presented.


Related issues

Related to rgw - Bug #20671: rgw multisite: objects encrypted with SSE-KMS are stored unencrypted in target zone Resolved 07/18/2017
Copied to rgw - Backport #21116: luminous: rgw multisite: cannot sync objects encrypted with SSE-C Resolved

History

#1 Updated by Casey Bodley about 2 years ago

  • Status changed from New to Verified
  • Assignee set to Casey Bodley

#2 Updated by Casey Bodley about 2 years ago

  • Status changed from Verified to Need Test

#3 Updated by Casey Bodley about 2 years ago

  • Related to Bug #20671: rgw multisite: objects encrypted with SSE-KMS are stored unencrypted in target zone added

#4 Updated by Matt Benjamin about 2 years ago

  • Status changed from Need Test to Pending Backport

#5 Updated by Nathan Cutler about 2 years ago

  • Copied to Backport #21116: luminous: rgw multisite: cannot sync objects encrypted with SSE-C added

#6 Updated by Nathan Cutler almost 2 years ago

  • Status changed from Pending Backport to Resolved

Also available in: Atom PDF