Rewrite object receives 400 error when CMEK is enabled for a bucket

[cojenco]

Tracking issue for a customer.

Unable to rewrite on top of an existing GCS blob in CMEK enabled bucket. Receives a 400 Bad Request with the following repro code. This looks very similar to #155

Environment details

• python 3.9
• google-cloud-storage 2.3.0

Steps to reproduce

1. Create a bucket with Customer-managed encryption keys (via Cloud KMS)
2. Write blob to bucket
3. Overwrite blob

Code example

from google.cloud import storage
bucket_name = 'your-bucket-name'
blob_name1 = 'your-object-name'
blob_name1 = 'your-different-name'
client = storage.Client()
bucket = client.bucket(bucket_name)
blob1 = bucket.get_blob(blob_name1)
blob2 = bucket.get_blob(blob_name2)
blob2.rewrite(blob1)

Expected behavior: Success, blob2 is overwritten
Actual behavior: google.api_core.exceptions.BadRequest: 400 POST <...> Bad Cloud KMS crypto key <...>
As long as blob1 and blob2 are not equal and both exist, this issue happens.

Workaround

Either delete blob2 first, then overwrite. OR call blob2 = bucket.blob(blob_name2) instead.

Potential Fix:

• blob.rewrite() should only use kms_key_name if it doesn't end with a version.