Project

General

Profile

Actions
Copy link

Bug #45942

closed

[rgw] copy object on bucket with SSE-C returns NotImplemented

Added by David Piper almost 4 years ago. Updated almost 4 years ago.

Status:
Duplicate
Priority:
Normal
Assignee:
-
Target version:
-
% Done:

0%

Source:
Tags:
encryption
Backport:
Regression:
No
Severity:
3 - minor
Reviewed:
Affected Versions:
Ceph - v14.2.9
ceph-qa-suite:
rgw
Pull request ID:
Crash signature (v1):
Crash signature (v2):

Description

Seen on test ceph cluster running v14.2.9 in containers (v4.0.12-stable-4.0-nautilus-centos-7).

We can successfully read/write S3 objects to RGWs using SSE-C, and also use x-amz-copy-source to copy objects, as per documentation:

https://docs.ceph.com/docs/nautilus/radosgw/encryption/#customer-provided-keys
https://docs.ceph.com/docs/nautilus/radosgw/s3/objectops/#copy-object

Expectation:
------------
RGW requests with `x-amz-server-side-encryption-customer` fields and `x-amz-copy-source` return success.

Actual:
-------
Requests that combine both headers i.e. copying an encrypted object, fail with a 501 NotImplemented response:

PUT /mrbounce-ses/FutureDelivery/20200527091625B0265140001303/202006081330/1/fakemrbounceuser/localhost HTTP/1.1
Host: 127.3.3.3:7480
amz-sdk-invocation-id: a493d79a-5f0b-351a-dfcc-e3f98ef8de3f
amz-sdk-retry: 0/0/500
Authorization: AWS4-HMAC-SHA256 Credential=UQP5WP7XIYCADCOP1IK2/20200608/eu-west-1/s3/aws4_request, SignedHeaders=amz-sdk-invocation-id;amz-sdk-retry;host;x-amz-content-sha256;x-amz-copy-source;x-amz-date;x-amz-server-side-encryption-customer-algorithm;x-amz-server-side-encryption-customer-key;x-amz-server-side-encryption-customer-key-md5;x-client-identity, Signature=ad0b95ef8ab9ca924bf3e1eaaeac7b16de9d73ea72976beb8f4d6785802ecab8
User-Agent: aws-sdk-java/2.7.5 Linux/5.5.7-1.el7.elrepo.x86_64 OpenJDK_64-Bit_Server_VM/25.232-b09 Java/1.8.0_232 vendor/Oracle_Corporation io/sync http/Apache
x-amz-content-sha256: UNSIGNED-PAYLOAD
x-amz-copy-source: mrbounce-ses/FutureDelivery/20200527091625B0265140001303/202006021745/1/mrbounce_sdc/localhost
X-Amz-Date: 20200608T133052Z
x-amz-server-side-encryption-customer-algorithm: AES256
x-amz-server-side-encryption-customer-key: YXc3OGVmYnE0ODRPWVVTRkdFOGY5Ym84ZXF3NzkyZmQ=
x-amz-server-side-encryption-customer-key-MD5: 2b6tFaOW0qSq1FOhX+WgZw==
x-client-identity: UCPortal
Content-Length: 0
Connection: Keep-Alive
HTTP/1.1 501 Not Implemented
Content-Length: 224
x-amz-request-id: tx000000000000000002274-005ede3d8d-e6d72-siteB
Accept-Ranges: bytes
Content-Type: application/xml
Date: Mon, 08 Jun 2020 13:30:53 GMT
<Error><Code>NotImplemented</Code><BucketName>mrbounce-ses</BucketName><RequestId>tx000000000000000002274-005ede3d8d-e6d72-siteB</RequestId><HostId>e6d72-siteB-geored_zg</HostId></Error>

Related issues 1 (1 open0 closed)

Is duplicate of rgw - Bug #23264: Server side encryption support for s3 COPY operationIn ProgressMarcus Watts

Actions
Actions
Copy link
 #1

Updated by Brad Hubbard almost 4 years ago

  • Project changed from Ceph to rgw
Actions
Copy link
 #2

Updated by Casey Bodley almost 4 years ago

  • Is duplicate of Bug #23264: Server side encryption support for s3 COPY operation added
Actions
Copy link
 #3

Updated by Casey Bodley almost 4 years ago

  • Tags set to encryption
Actions
Copy link
 #4

Updated by Casey Bodley almost 4 years ago

  • Status changed from New to Duplicate
Actions
Copy link

Also available in: Atom PDF