Cyberduck Mountain Duck CLI

Opened 2 years ago

Closed 11 months ago

Last modified 10 months ago

#9378 closed defect (fixed)

Missing x-amz-server-side-encryption header when creating folders

Reported by: jmgtan Owned by: dkocher
Priority: normal Milestone: 6.2
Component: s3 Version: 4.8.3
Severity: normal Keywords:
Cc: Architecture:
Platform:

Description

Steps to replicate:

  1. Create a new bucket and apply the bucket policy from this page: http://docs.aws.amazon.com/AmazonS3/latest/dev/UsingServerSideEncryption.html
  2. Connect using Cyberduck and enable server side encryption in the preferences.
  3. Try to upload a normal file and it should work.
  4. Create a new folder and it would fail.

Creating a new folder via the AWS CLI works:

aws s3api put-object --server-side-encryption AES256 --key test/ --bucket <bucketName>

Setting the s3.metadata.default to include the encryption header doesn't work either. It seems like creating a new folder doesn't include the x-amz-server-side-encryption header.

Change History (11)

comment:1 Changed 2 years ago by dkocher

  • Component changed from core to s3
  • Milestone set to 5.0
  • Owner set to dkocher
  • Status changed from new to assigned

comment:2 Changed 2 years ago by dkocher

  • Resolution set to fixed
  • Status changed from assigned to closed

comment:3 Changed 2 years ago by dkocher

  • Milestone changed from 5.0 to 4.9

comment:4 Changed 2 years ago by dkocher

In r19953.

comment:5 Changed 11 months ago by dkocher

  • Summary changed from S3 Creating New Folders with SSE Restriction Fails to Missing x-amz-server-side-encryption header when creating folders

comment:6 Changed 11 months ago by dkocher

  • Milestone changed from 4.9 to 6.1
  • Resolution fixed deleted
  • Status changed from closed to reopened

comment:7 Changed 11 months ago by dkocher

We use the following bucket policy for testing 

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "DenyIncorrectEncryptionHeader",
            "Effect": "Deny",
            "Principal": "*",
            "Action": "s3:PutObject",
            "Resource": "arn:aws:s3:::test-eu-central-1-sse/*",
            "Condition": {
                "StringNotEquals": {
                    "s3:x-amz-server-side-encryption": "AES256"
                }
            }
        },
        {
            "Sid": "DenyUnEncryptedObjectUploads",
            "Effect": "Deny",
            "Principal": "*",
            "Action": "s3:PutObject",
            "Resource": "arn:aws:s3:::test-eu-central-1-sse/*",
            "Condition": {
                "Null": {
                    "s3:x-amz-server-side-encryption": "true"
                }
            }
        }
    ]
}

comment:8 Changed 11 months ago by dkocher

  • Resolution set to fixed
  • Status changed from reopened to closed

In r41412.

comment:9 Changed 11 months ago by dkocher

  • Milestone changed from 6.1 to 6.1.1
  • Resolution fixed deleted
  • Status changed from closed to reopened

comment:10 Changed 11 months ago by dkocher

  • Resolution set to fixed
  • Status changed from reopened to closed

In r41742.

comment:11 Changed 10 months ago by dkocher

  • Milestone changed from 6.1.1 to 6.2

Milestone renamed

Note: See TracTickets for help on using tickets.
swiss made software