rgw: Data encryption is not follow the AWS agreement

Encryption request headers should not be sent for GET requests and HEAD
requests if your object uses SSE-KMS/SSE-S3 or you’ll get an HTTP 400
BadRequest error.

Signed-off-by: hechuang <hechuang@xsky.com>
This commit is contained in:
hechuang 2017-06-30 13:56:58 +08:00
parent 425d209989
commit 58944d0ba6

View file

@ -8376,7 +8376,7 @@ def _test_sse_kms_customer_write(file_size, key_id = 'testkey-1'):
key = bucket.new_key('testobj') key = bucket.new_key('testobj')
data = 'A'*file_size data = 'A'*file_size
key.set_contents_from_string(data, headers=sse_kms_client_headers) key.set_contents_from_string(data, headers=sse_kms_client_headers)
rdata = key.get_contents_as_string(headers=sse_kms_client_headers) rdata = key.get_contents_as_string()
eq(data, rdata) eq(data, rdata)
@ -8455,28 +8455,6 @@ def test_sse_kms_present():
eq(data, result) eq(data, result)
@attr(resource='object')
@attr(method='put')
@attr(operation='write encrypted with SSE-KMS but read with other key')
@attr(assertion='operation fails')
@attr('encryption')
def test_sse_kms_other_key():
bucket = get_new_bucket()
sse_kms_client_headers_A = {
'x-amz-server-side-encryption': 'aws:kms',
'x-amz-server-side-encryption-aws-kms-key-id': 'testkey-1'
}
sse_kms_client_headers_B = {
'x-amz-server-side-encryption': 'aws:kms',
'x-amz-server-side-encryption-aws-kms-key-id': 'testkey-2'
}
key = bucket.new_key('testobj')
data = 'A'*100
key.set_contents_from_string(data, headers=sse_kms_client_headers_A)
result = key.get_contents_as_string(headers=sse_kms_client_headers_B)
eq(data, result)
@attr(resource='object') @attr(resource='object')
@attr(method='put') @attr(method='put')
@attr(operation='declare SSE-KMS but do not provide key_id') @attr(operation='declare SSE-KMS but do not provide key_id')
@ -8537,13 +8515,13 @@ def test_sse_kms_multipart_upload():
k = bucket.get_key(key) k = bucket.get_key(key)
eq(k.metadata['foo'], 'bar') eq(k.metadata['foo'], 'bar')
eq(k.content_type, content_type) eq(k.content_type, content_type)
test_string = k.get_contents_as_string(headers=enc_headers) test_string = k.get_contents_as_string()
eq(len(test_string), k.size) eq(len(test_string), k.size)
eq(data, test_string) eq(data, test_string)
eq(test_string, data) eq(test_string, data)
_check_content_using_range_enc(k, data, 1000000, enc_headers=enc_headers) _check_content_using_range(k, data, 1000000)
_check_content_using_range_enc(k, data, 10000000, enc_headers=enc_headers) _check_content_using_range(k, data, 10000000)
@attr(resource='object') @attr(resource='object')
@ -8639,7 +8617,7 @@ def test_sse_kms_post_object_authenticated_request():
} }
key = bucket.get_key("foo.txt") key = bucket.get_key("foo.txt")
got = key.get_contents_as_string(headers=get_headers) got = key.get_contents_as_string()
eq(got, 'bar') eq(got, 'bar')
@attr(resource='object') @attr(resource='object')