rgw: Data encryption is not follow the AWS agreement

Encryption request headers should not be sent for GET requests and HEAD requests if your object uses SSE-KMS/SSE-S3 or you’ll get an HTTP 400 BadRequest error. Signed-off-by: hechuang <hechuang@xsky.com> (cherry picked from commit 58944d0ba6)
2017-06-30 13:56:58 +08:00 · 2017-06-30 13:56:58 +08:00 · 2d7d79c95d
commit 2d7d79c95d
parent 1f9f9d461f
1 changed files with 5 additions and 27 deletions
--- a/s3tests/functional/test_s3.py
+++ b/s3tests/functional/test_s3.py
@ -8281,7 +8281,7 @@ def _test_sse_kms_customer_write(file_size, key_id = 'testkey-1'):
    key = bucket.new_key('testobj')
    data = 'A'*file_size
    key.set_contents_from_string(data, headers=sse_kms_client_headers)
-    rdata = key.get_contents_as_string(headers=sse_kms_client_headers)
+    rdata = key.get_contents_as_string()
    eq(data, rdata)


@ -8360,28 +8360,6 @@ def test_sse_kms_present():
    eq(data, result)


-@attr(resource='object')
-@attr(method='put')
-@attr(operation='write encrypted with SSE-KMS but read with other key')
-@attr(assertion='operation fails')
-@attr('encryption')
-def test_sse_kms_other_key():
-    bucket = get_new_bucket()
-    sse_kms_client_headers_A = {
-        'x-amz-server-side-encryption': 'aws:kms',
-        'x-amz-server-side-encryption-aws-kms-key-id': 'testkey-1'
-    }
-    sse_kms_client_headers_B = {
-        'x-amz-server-side-encryption': 'aws:kms',
-        'x-amz-server-side-encryption-aws-kms-key-id': 'testkey-2'
-    }
-    key = bucket.new_key('testobj')
-    data = 'A'*100
-    key.set_contents_from_string(data, headers=sse_kms_client_headers_A)
-    result = key.get_contents_as_string(headers=sse_kms_client_headers_B)
-    eq(data, result)
-
-
@attr(resource='object')
@attr(method='put')
@attr(operation='declare SSE-KMS but do not provide key_id')
@ -8442,13 +8420,13 @@ def test_sse_kms_multipart_upload():
    k = bucket.get_key(key)
    eq(k.metadata['foo'], 'bar')
    eq(k.content_type, content_type)
-    test_string = k.get_contents_as_string(headers=enc_headers)
+    test_string = k.get_contents_as_string()
    eq(len(test_string), k.size)
    eq(data, test_string)
    eq(test_string, data)

-    _check_content_using_range_enc(k, data, 1000000, enc_headers=enc_headers)
-    _check_content_using_range_enc(k, data, 10000000, enc_headers=enc_headers)
+    _check_content_using_range(k, data, 1000000)
+    _check_content_using_range(k, data, 10000000)


@attr(resource='object')
@ -8544,7 +8522,7 @@ def test_sse_kms_post_object_authenticated_request():
    }

    key = bucket.get_key("foo.txt")
-    got = key.get_contents_as_string(headers=get_headers)
+    got = key.get_contents_as_string()
    eq(got, 'bar')

@attr(resource='object')