forked from TrueCloudLab/s3-tests
rgw: Data encryption is not follow the AWS agreement
Encryption request headers should not be sent for GET requests and HEAD requests if your object uses SSE-KMS/SSE-S3 or you’ll get an HTTP 400 BadRequest error. Signed-off-by: hechuang <hechuang@xsky.com>
This commit is contained in:
parent
425d209989
commit
58944d0ba6
1 changed files with 5 additions and 27 deletions
|
@ -8376,7 +8376,7 @@ def _test_sse_kms_customer_write(file_size, key_id = 'testkey-1'):
|
||||||
key = bucket.new_key('testobj')
|
key = bucket.new_key('testobj')
|
||||||
data = 'A'*file_size
|
data = 'A'*file_size
|
||||||
key.set_contents_from_string(data, headers=sse_kms_client_headers)
|
key.set_contents_from_string(data, headers=sse_kms_client_headers)
|
||||||
rdata = key.get_contents_as_string(headers=sse_kms_client_headers)
|
rdata = key.get_contents_as_string()
|
||||||
eq(data, rdata)
|
eq(data, rdata)
|
||||||
|
|
||||||
|
|
||||||
|
@ -8455,28 +8455,6 @@ def test_sse_kms_present():
|
||||||
eq(data, result)
|
eq(data, result)
|
||||||
|
|
||||||
|
|
||||||
@attr(resource='object')
|
|
||||||
@attr(method='put')
|
|
||||||
@attr(operation='write encrypted with SSE-KMS but read with other key')
|
|
||||||
@attr(assertion='operation fails')
|
|
||||||
@attr('encryption')
|
|
||||||
def test_sse_kms_other_key():
|
|
||||||
bucket = get_new_bucket()
|
|
||||||
sse_kms_client_headers_A = {
|
|
||||||
'x-amz-server-side-encryption': 'aws:kms',
|
|
||||||
'x-amz-server-side-encryption-aws-kms-key-id': 'testkey-1'
|
|
||||||
}
|
|
||||||
sse_kms_client_headers_B = {
|
|
||||||
'x-amz-server-side-encryption': 'aws:kms',
|
|
||||||
'x-amz-server-side-encryption-aws-kms-key-id': 'testkey-2'
|
|
||||||
}
|
|
||||||
key = bucket.new_key('testobj')
|
|
||||||
data = 'A'*100
|
|
||||||
key.set_contents_from_string(data, headers=sse_kms_client_headers_A)
|
|
||||||
result = key.get_contents_as_string(headers=sse_kms_client_headers_B)
|
|
||||||
eq(data, result)
|
|
||||||
|
|
||||||
|
|
||||||
@attr(resource='object')
|
@attr(resource='object')
|
||||||
@attr(method='put')
|
@attr(method='put')
|
||||||
@attr(operation='declare SSE-KMS but do not provide key_id')
|
@attr(operation='declare SSE-KMS but do not provide key_id')
|
||||||
|
@ -8537,13 +8515,13 @@ def test_sse_kms_multipart_upload():
|
||||||
k = bucket.get_key(key)
|
k = bucket.get_key(key)
|
||||||
eq(k.metadata['foo'], 'bar')
|
eq(k.metadata['foo'], 'bar')
|
||||||
eq(k.content_type, content_type)
|
eq(k.content_type, content_type)
|
||||||
test_string = k.get_contents_as_string(headers=enc_headers)
|
test_string = k.get_contents_as_string()
|
||||||
eq(len(test_string), k.size)
|
eq(len(test_string), k.size)
|
||||||
eq(data, test_string)
|
eq(data, test_string)
|
||||||
eq(test_string, data)
|
eq(test_string, data)
|
||||||
|
|
||||||
_check_content_using_range_enc(k, data, 1000000, enc_headers=enc_headers)
|
_check_content_using_range(k, data, 1000000)
|
||||||
_check_content_using_range_enc(k, data, 10000000, enc_headers=enc_headers)
|
_check_content_using_range(k, data, 10000000)
|
||||||
|
|
||||||
|
|
||||||
@attr(resource='object')
|
@attr(resource='object')
|
||||||
|
@ -8639,7 +8617,7 @@ def test_sse_kms_post_object_authenticated_request():
|
||||||
}
|
}
|
||||||
|
|
||||||
key = bucket.get_key("foo.txt")
|
key = bucket.get_key("foo.txt")
|
||||||
got = key.get_contents_as_string(headers=get_headers)
|
got = key.get_contents_as_string()
|
||||||
eq(got, 'bar')
|
eq(got, 'bar')
|
||||||
|
|
||||||
@attr(resource='object')
|
@attr(resource='object')
|
||||||
|
|
Loading…
Reference in a new issue