Cyberduck Mountain Duck CLI

#8840 closed defect (fixed)

Failure to rename files with server side encryption enabled for bucket

Reported by: dvdmilam Owned by: dkocher
Priority: normal Milestone: 4.7.1
Component: s3 Version: 4.7
Severity: normal Keywords:
Cc: Architecture:
Platform:

Description

We're using 4.7 (17432), and users are having difficulty renaming files in our s3 bucket.

The bucket allows all permissions. It requires Server Side Encryption (SSE) to be turned on, but the files do not inherit this - when you look in Info for any given file, Server Side Encryption is unchecked.

If you try to rename a file it fails. (Cannot rename file. Access denied. Please contact your web hosting service provider for assistance.)

We've found that if you select the file you want to rename, and click Server Side Encryption in Info, it will let you rename the file once, but we have to repeat the process to rename it again.

Additionally, if we use Cloudberry's Explorer for S3 using same credentials with SSE turned on in Cloudberry we can rename the files with no difficulty - so this problem seems isolated to Cyberduck.

Change History (6)

comment:1 Changed on May 20, 2015 at 1:00:45 PM by dkocher

  • Component changed from core to s3
  • Milestone set to 4.8
  • Owner set to dkocher
  • Status changed from new to assigned
  • Summary changed from s3 file rename issue to Failure to rename files with server side encryption enabled for bucket

comment:2 Changed on May 20, 2015 at 1:27:11 PM by dkocher

Server side encryption is not a bucket option but per object. However I suppose you enforce encryption of objects in the bucket with a bucket policy as described in Protecting Data Using Server-Side Encryption. Make sure to enable AES2566 encryption by default in Preferences → S3 → Encryption.

comment:3 follow-up: Changed on May 20, 2015 at 1:42:57 PM by dkocher

  • Resolution set to fixed
  • Status changed from assigned to closed

Add test in r17555.

comment:4 Changed on May 20, 2015 at 5:33:45 PM by dkocher

  • Resolution fixed deleted
  • Status changed from closed to reopened

comment:5 in reply to: ↑ 3 Changed on May 20, 2015 at 6:21:06 PM by dkocher

Replying to dkocher:

Add test in r17555.

This test shows the issue with a 403 error because no x-amz-server-side-encryption encryption header is set while the bucket policy enforces encryption.

comment:6 Changed on May 20, 2015 at 6:23:39 PM by dkocher

  • Resolution set to fixed
  • Status changed from reopened to closed

In r17564.

Note: See TracTickets for help on using tickets.
swiss made software