Cyberduck Mountain Duck CLI

Opened on Mar 22, 2016 at 7:48:16 AM

Closed on Jul 7, 2017 at 11:45:06 AM

Last modified on Jul 19, 2017 at 2:16:16 PM

#9378 closed defect (fixed)

Missing x-amz-server-side-encryption header when creating folders

Reported by: jmgtan Owned by: dkocher
Priority: normal Milestone: 6.2
Component: s3 Version: 4.8.3
Severity: normal Keywords:
Cc: Architecture:
Platform:

Description

Steps to replicate:

  1. Create a new bucket and apply the bucket policy from this page: http://docs.aws.amazon.com/AmazonS3/latest/dev/UsingServerSideEncryption.html
  2. Connect using Cyberduck and enable server side encryption in the preferences.
  3. Try to upload a normal file and it should work.
  4. Create a new folder and it would fail.

Creating a new folder via the AWS CLI works:

aws s3api put-object --server-side-encryption AES256 --key test/ --bucket <bucketName>

Setting the s3.metadata.default to include the encryption header doesn't work either. It seems like creating a new folder doesn't include the x-amz-server-side-encryption header.

Change History (11)

comment:1 Changed on Mar 22, 2016 at 11:12:21 AM by dkocher

  • Component changed from core to s3
  • Milestone set to 5.0
  • Owner set to dkocher
  • Status changed from new to assigned

comment:2 Changed on Mar 30, 2016 at 12:54:19 PM by dkocher

  • Resolution set to fixed
  • Status changed from assigned to closed

comment:3 Changed on Mar 30, 2016 at 2:21:36 PM by dkocher

  • Milestone changed from 5.0 to 4.9

comment:5 Changed on Jun 13, 2017 at 8:30:38 AM by dkocher

  • Summary changed from S3 Creating New Folders with SSE Restriction Fails to Missing x-amz-server-side-encryption header when creating folders

comment:6 Changed on Jun 14, 2017 at 9:12:30 AM by dkocher

  • Milestone changed from 4.9 to 6.1
  • Resolution fixed deleted
  • Status changed from closed to reopened

comment:7 Changed on Jun 14, 2017 at 9:16:28 AM by dkocher

We use the following bucket policy for testing 

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "DenyIncorrectEncryptionHeader",
            "Effect": "Deny",
            "Principal": "*",
            "Action": "s3:PutObject",
            "Resource": "arn:aws:s3:::test-eu-central-1-sse/*",
            "Condition": {
                "StringNotEquals": {
                    "s3:x-amz-server-side-encryption": "AES256"
                }
            }
        },
        {
            "Sid": "DenyUnEncryptedObjectUploads",
            "Effect": "Deny",
            "Principal": "*",
            "Action": "s3:PutObject",
            "Resource": "arn:aws:s3:::test-eu-central-1-sse/*",
            "Condition": {
                "Null": {
                    "s3:x-amz-server-side-encryption": "true"
                }
            }
        }
    ]
}

comment:8 Changed on Jun 14, 2017 at 11:25:48 AM by dkocher

  • Resolution set to fixed
  • Status changed from reopened to closed

In r41412.

comment:9 Changed on Jul 7, 2017 at 9:37:30 AM by dkocher

  • Milestone changed from 6.1 to 6.1.1
  • Resolution fixed deleted
  • Status changed from closed to reopened

comment:10 Changed on Jul 7, 2017 at 11:45:06 AM by dkocher

  • Resolution set to fixed
  • Status changed from reopened to closed

In r41742.

comment:11 Changed on Jul 19, 2017 at 2:16:16 PM by dkocher

  • Milestone changed from 6.1.1 to 6.2

Milestone renamed

Note: See TracTickets for help on using tickets.