diff options
| author | Chris Lu <chrislusf@users.noreply.github.com> | 2025-11-28 13:28:17 -0800 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2025-11-28 13:28:17 -0800 |
| commit | bd419fda5119ae7f7225cfca0fcb98bce04f4980 (patch) | |
| tree | 16e1f6d020daf38663c44c423f935d3a0546f7f8 /weed/command/scaffold_test.go | |
| parent | 7e4bab80326866b1ade17bf3ebddb96999507a25 (diff) | |
| download | seaweedfs-bd419fda5119ae7f7225cfca0fcb98bce04f4980.tar.xz seaweedfs-bd419fda5119ae7f7225cfca0fcb98bce04f4980.zip | |
fix: copy to bucket with default SSE-S3 encryption fails (#7562) (#7568)
* filer use context without cancellation
* pass along context
* fix: copy to bucket with default SSE-S3 encryption fails (#7562)
When copying an object from an encrypted bucket to a temporary unencrypted
bucket, then to another bucket with default SSE-S3 encryption, the operation
fails with 'invalid SSE-S3 source key type' error.
Root cause:
When objects are copied from an SSE-S3 encrypted bucket to an unencrypted
bucket, the 'X-Amz-Server-Side-Encryption: AES256' header is preserved but
the actual encryption key (SeaweedFSSSES3Key) is stripped. This creates an
'orphaned' SSE-S3 header that causes IsSSES3EncryptedInternal() to return
true, triggering decryption logic with a nil key.
Fix:
1. Modified IsSSES3EncryptedInternal() to require BOTH the AES256 header
AND the SeaweedFSSSES3Key to be present before returning true
2. Added isOrphanedSSES3Header() to detect orphaned SSE-S3 headers
3. Updated copy handler to strip orphaned headers during copy operations
Fixes #7562
* fmt
* refactor: simplify isOrphanedSSES3Header function logic
Remove redundant existence check since the caller iterates through
metadata map, making the check unnecessary. Improves readability
while maintaining the same functionality.
Diffstat (limited to 'weed/command/scaffold_test.go')
0 files changed, 0 insertions, 0 deletions