Project

General

Profile

Actions

Bug #20671

closed

rgw multisite: objects encrypted with SSE-KMS are stored unencrypted in target zone

Added by Casey Bodley over 6 years ago. Updated over 6 years ago.

Status:
Resolved
Priority:
High
Assignee:
Target version:
-
% Done:

0%

Source:
Tags:
Backport:
luminous
Regression:
No
Severity:
3 - minor
Reviewed:
Affected Versions:
ceph-qa-suite:
Pull request ID:
Crash signature (v1):
Crash signature (v2):

Description

When SSE-KMS encryption is used, multisite sync is able to fetch the decrypted contents of the object. However, it stores the unencrypted object data to rados, along with the original SSE-KMS encryption attributes. So when a client reads that object from the secondary zone, radosgw tries to decrypt the already-unencrypted data and returns garbage data.


Related issues 2 (0 open2 closed)

Related to rgw - Bug #20668: rgw multisite: cannot sync objects encrypted with SSE-CResolvedCasey Bodley07/18/2017

Actions
Copied to rgw - Backport #21115: luminous: rgw multisite: objects encrypted with SSE-KMS are stored unencrypted in target zoneResolvedNathan CutlerActions
Actions #1

Updated by Casey Bodley over 6 years ago

  • Status changed from New to 12
  • Assignee set to Casey Bodley
Actions #2

Updated by Casey Bodley over 6 years ago

  • Related to Bug #20668: rgw multisite: cannot sync objects encrypted with SSE-C added
Actions #3

Updated by Casey Bodley over 6 years ago

  • Status changed from 12 to 17
Actions #4

Updated by Matt Benjamin over 6 years ago

  • Status changed from 17 to Pending Backport
  • Backport set to luminous
Actions #5

Updated by Nathan Cutler over 6 years ago

  • Copied to Backport #21115: luminous: rgw multisite: objects encrypted with SSE-KMS are stored unencrypted in target zone added
Actions #6

Updated by Nathan Cutler over 6 years ago

  • Status changed from Pending Backport to Resolved
Actions

Also available in: Atom PDF