Project

General

Profile

Bug #61473

sse: rgw_crypt_default_encryption_key no longer applies default encryption

Added by Casey Bodley 10 months ago. Updated 8 months ago.

Status:
Pending Backport
Priority:
Normal
Assignee:
-
Target version:
-
% Done:

0%

Source:
Tags:
sse backport_processed
Backport:
quincy reef
Regression:
No
Severity:
3 - minor
Reviewed:
Affected Versions:
ceph-qa-suite:
Pull request ID:
Crash signature (v1):
Crash signature (v2):

Description

it doesn't appear to be possible to trigger default encryption with rgw_crypt_default_encryption_key any more

rgw_s3_prepare_encrypt() only considers rgw_crypt_default_encryption_key if
  • the upload requests sse-s3 encryption with x-amz-server-side-encryption: AES256, and
  • rgw_crypt_sse_s3_backend is not set to "vault"

however, vault is the only valid value for the backend (enforced by enum_values), so the rgw_crypt_default_encryption_key logic is unreachable

i believe this default encryption key is intended to apply to all requests that don't specify another encryption method


Related issues

Copied to rgw - Backport #62310: quincy: sse: rgw_crypt_default_encryption_key no longer applies default encryption In Progress
Copied to rgw - Backport #62311: reef: sse: rgw_crypt_default_encryption_key no longer applies default encryption In Progress

History

#1 Updated by Casey Bodley 10 months ago

  • Status changed from New to Fix Under Review
  • Pull request ID set to 51786

#2 Updated by Casey Bodley 9 months ago

  • Backport set to quincy reef

#3 Updated by Casey Bodley 8 months ago

  • Status changed from Fix Under Review to Pending Backport

#4 Updated by Backport Bot 8 months ago

  • Copied to Backport #62310: quincy: sse: rgw_crypt_default_encryption_key no longer applies default encryption added

#5 Updated by Backport Bot 8 months ago

  • Copied to Backport #62311: reef: sse: rgw_crypt_default_encryption_key no longer applies default encryption added

#6 Updated by Backport Bot 8 months ago

  • Tags changed from sse to sse backport_processed

Also available in: Atom PDF