Opened on Mar 22, 2016 at 7:48:16 AM
Closed on Jul 7, 2017 at 11:45:06 AM
Last modified on Jul 19, 2017 at 2:16:16 PM
#9378 closed defect (fixed)
Missing x-amz-server-side-encryption header when creating folders
Reported by: | jmgtan | Owned by: | dkocher |
---|---|---|---|
Priority: | normal | Milestone: | 6.2 |
Component: | s3 | Version: | 4.8.3 |
Severity: | normal | Keywords: | |
Cc: | Architecture: | ||
Platform: |
Description
Steps to replicate:
- Create a new bucket and apply the bucket policy from this page: http://docs.aws.amazon.com/AmazonS3/latest/dev/UsingServerSideEncryption.html
- Connect using Cyberduck and enable server side encryption in the preferences.
- Try to upload a normal file and it should work.
- Create a new folder and it would fail.
Creating a new folder via the AWS CLI works:
aws s3api put-object --server-side-encryption AES256 --key test/ --bucket <bucketName>
Setting the s3.metadata.default to include the encryption header doesn't work either. It seems like creating a new folder doesn't include the x-amz-server-side-encryption header.
Change History (11)
comment:1 Changed on Mar 22, 2016 at 11:12:21 AM by dkocher
- Component changed from core to s3
- Milestone set to 5.0
- Owner set to dkocher
- Status changed from new to assigned
comment:2 Changed on Mar 30, 2016 at 12:54:19 PM by dkocher
- Resolution set to fixed
- Status changed from assigned to closed
comment:3 Changed on Mar 30, 2016 at 2:21:36 PM by dkocher
- Milestone changed from 5.0 to 4.9
comment:4 Changed on Mar 30, 2016 at 3:28:45 PM by dkocher
comment:5 Changed on Jun 13, 2017 at 8:30:38 AM by dkocher
- Summary changed from S3 Creating New Folders with SSE Restriction Fails to Missing x-amz-server-side-encryption header when creating folders
comment:6 Changed on Jun 14, 2017 at 9:12:30 AM by dkocher
- Milestone changed from 4.9 to 6.1
- Resolution fixed deleted
- Status changed from closed to reopened
comment:7 Changed on Jun 14, 2017 at 9:16:28 AM by dkocher
We use the following bucket policy for testing
{ "Version": "2012-10-17", "Statement": [ { "Sid": "DenyIncorrectEncryptionHeader", "Effect": "Deny", "Principal": "*", "Action": "s3:PutObject", "Resource": "arn:aws:s3:::test-eu-central-1-sse/*", "Condition": { "StringNotEquals": { "s3:x-amz-server-side-encryption": "AES256" } } }, { "Sid": "DenyUnEncryptedObjectUploads", "Effect": "Deny", "Principal": "*", "Action": "s3:PutObject", "Resource": "arn:aws:s3:::test-eu-central-1-sse/*", "Condition": { "Null": { "s3:x-amz-server-side-encryption": "true" } } } ] }
comment:8 Changed on Jun 14, 2017 at 11:25:48 AM by dkocher
- Resolution set to fixed
- Status changed from reopened to closed
In r41412.
comment:9 Changed on Jul 7, 2017 at 9:37:30 AM by dkocher
- Milestone changed from 6.1 to 6.1.1
- Resolution fixed deleted
- Status changed from closed to reopened
comment:10 Changed on Jul 7, 2017 at 11:45:06 AM by dkocher
- Resolution set to fixed
- Status changed from reopened to closed
In r41742.
comment:11 Changed on Jul 19, 2017 at 2:16:16 PM by dkocher
- Milestone changed from 6.1.1 to 6.2
Milestone renamed
Note: See
TracTickets for help on using
tickets.
In r19953.