Project

General

Profile

Actions
Copy link

Bug #61473

open

sse: rgw_crypt_default_encryption_key no longer applies default encryption

Added by Casey Bodley almost 3 years ago. Updated 8 months ago.

Status:
Pending Backport
Priority:
Normal
Assignee:
-
Target version:
-
% Done:

0%

Source:
Backport:
quincy reef
Regression:
No
Severity:
3 - minor
Reviewed:
Affected Versions:
ceph-qa-suite:
Pull request ID:
51786
Tags (freeform):
Merge Commit:
43ad8a4ccd03357bf51377c4913868756f198978
Fixed In:
v18.0.0-5304-g43ad8a4ccd
Released In:
v19.2.0~1880
Upkeep Timestamp:
2025-07-14T19:10:22+00:00

Description

it doesn't appear to be possible to trigger default encryption with rgw_crypt_default_encryption_key any more

rgw_s3_prepare_encrypt() only considers rgw_crypt_default_encryption_key if
  • the upload requests sse-s3 encryption with x-amz-server-side-encryption: AES256, and
  • rgw_crypt_sse_s3_backend is not set to "vault"

however, vault is the only valid value for the backend (enforced by enum_values), so the rgw_crypt_default_encryption_key logic is unreachable

i believe this default encryption key is intended to apply to all requests that don't specify another encryption method

Related issues 2 (1 open1 closed)

Copied to rgw - Backport #62310: quincy: sse: rgw_crypt_default_encryption_key no longer applies default encryptionResolvedCasey BodleyActions
Copied to rgw - Backport #62311: reef: sse: rgw_crypt_default_encryption_key no longer applies default encryptionIn ProgressCasey BodleyActions
Actions
Copy link
 #1

Updated by Casey Bodley almost 3 years ago

  • Status changed from New to Fix Under Review
  • Pull request ID set to 51786
Actions
Copy link
 #2

Updated by Casey Bodley almost 3 years ago

  • Backport set to quincy reef
Actions
Copy link
 #3

Updated by Casey Bodley over 2 years ago

  • Status changed from Fix Under Review to Pending Backport
Actions
Copy link
 #4

Updated by Upkeep Bot over 2 years ago

  • Copied to Backport #62310: quincy: sse: rgw_crypt_default_encryption_key no longer applies default encryption added
Actions
Copy link
 #5

Updated by Upkeep Bot over 2 years ago

  • Copied to Backport #62311: reef: sse: rgw_crypt_default_encryption_key no longer applies default encryption added
Actions
Copy link
 #7

Updated by Upkeep Bot 9 months ago

  • Merge Commit set to 43ad8a4ccd03357bf51377c4913868756f198978
  • Fixed In set to v18.0.0-5304-g43ad8a4ccd0
  • Released In set to v19.2.0~1880
  • Upkeep Timestamp set to 2025-07-09T16:44:08+00:00
Actions
Copy link
 #8

Updated by Upkeep Bot 8 months ago

  • Fixed In changed from v18.0.0-5304-g43ad8a4ccd0 to v18.0.0-5304-g43ad8a4ccd
  • Upkeep Timestamp changed from 2025-07-09T16:44:08+00:00 to 2025-07-14T19:10:22+00:00
Actions
Copy link

Also available in: Atom PDF