From 58944d0ba6476b5c42aabbabf92a2068f464200a Mon Sep 17 00:00:00 2001
From: hechuang <hechuang@xsky.com>
Date: Fri, 30 Jun 2017 13:56:58 +0800
Subject: [PATCH] rgw: Data encryption is not follow the AWS agreement
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Encryption request headers should not be sent for GET requests and HEAD
requests if your object uses SSE-KMS/SSE-S3 or you’ll get an HTTP 400
BadRequest error.

Signed-off-by: hechuang <hechuang@xsky.com>
---
 s3tests/functional/test_s3.py | 32 +++++---------------------------
 1 file changed, 5 insertions(+), 27 deletions(-)

diff --git a/s3tests/functional/test_s3.py b/s3tests/functional/test_s3.py
index 309004b..650c366 100644
--- a/s3tests/functional/test_s3.py
+++ b/s3tests/functional/test_s3.py
@@ -8376,7 +8376,7 @@ def _test_sse_kms_customer_write(file_size, key_id = 'testkey-1'):
     key = bucket.new_key('testobj')
     data = 'A'*file_size
     key.set_contents_from_string(data, headers=sse_kms_client_headers)
-    rdata = key.get_contents_as_string(headers=sse_kms_client_headers)
+    rdata = key.get_contents_as_string()
     eq(data, rdata)
 
 
@@ -8455,28 +8455,6 @@ def test_sse_kms_present():
     eq(data, result)
 
 
-@attr(resource='object')
-@attr(method='put')
-@attr(operation='write encrypted with SSE-KMS but read with other key')
-@attr(assertion='operation fails')
-@attr('encryption')
-def test_sse_kms_other_key():
-    bucket = get_new_bucket()
-    sse_kms_client_headers_A = {
-        'x-amz-server-side-encryption': 'aws:kms',
-        'x-amz-server-side-encryption-aws-kms-key-id': 'testkey-1'
-    }
-    sse_kms_client_headers_B = {
-        'x-amz-server-side-encryption': 'aws:kms',
-        'x-amz-server-side-encryption-aws-kms-key-id': 'testkey-2'
-    }
-    key = bucket.new_key('testobj')
-    data = 'A'*100
-    key.set_contents_from_string(data, headers=sse_kms_client_headers_A)
-    result = key.get_contents_as_string(headers=sse_kms_client_headers_B)
-    eq(data, result)
-
-
 @attr(resource='object')
 @attr(method='put')
 @attr(operation='declare SSE-KMS but do not provide key_id')
@@ -8537,13 +8515,13 @@ def test_sse_kms_multipart_upload():
     k = bucket.get_key(key)
     eq(k.metadata['foo'], 'bar')
     eq(k.content_type, content_type)
-    test_string = k.get_contents_as_string(headers=enc_headers)
+    test_string = k.get_contents_as_string()
     eq(len(test_string), k.size)
     eq(data, test_string)
     eq(test_string, data)
 
-    _check_content_using_range_enc(k, data, 1000000, enc_headers=enc_headers)
-    _check_content_using_range_enc(k, data, 10000000, enc_headers=enc_headers)
+    _check_content_using_range(k, data, 1000000)
+    _check_content_using_range(k, data, 10000000)
 
 
 @attr(resource='object')
@@ -8639,7 +8617,7 @@ def test_sse_kms_post_object_authenticated_request():
     }
 
     key = bucket.get_key("foo.txt")
-    got = key.get_contents_as_string(headers=get_headers)
+    got = key.get_contents_as_string()
     eq(got, 'bar')
 
 @attr(resource='object')