Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
This project is now read‑only. Starting Monday, February 2, please use https://ibm-ceph.atlassian.net/ for all bug tracking management.

Bug 1496460

Summary: [ rgw ]: Uploads with SSE-KMS encryption do not include the encryption headers in response
Product: [Red Hat Storage] Red Hat Ceph Storage Reporter: Persona non grata <nobody+410372>
Component: RGWAssignee: Casey Bodley <cbodley>
Status: CLOSED ERRATA QA Contact: Persona non grata <nobody+410372>
Severity: urgent Docs Contact:
Priority: high    
Version: 3.0CC: anharris, cbodley, ceph-eng-bugs, hnallurv, kbader, kdreyer, mbenjamin, owasserm, sweil, tchandra
Target Milestone: rc   
Target Release: 3.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: RHEL: ceph-12.2.1-30.el7cp Ubuntu: ceph_12.2.1-32redhat1xenial Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-12-05 23:46:00 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
In this script, creation of bucket ,object, setting encryption and downloading object are present none

Description Persona non grata 2017-09-27 13:02:03 UTC 
Created attachment 1331433 [details]
In this script, creation of bucket ,object, setting encryption and downloading object are present

Description of problem:
With boto3, after setting object encryption,I was not getting  information about encryption. Also, I was able to download the object without encryption key too!.
Link: http://boto3.readthedocs.io/en/latest/reference/services/s3.html#S3.Client.put_object
Version-Release number of selected component (if applicable):
Ceph 3.0

How reproducible:
Always

Steps to Reproduce:
1. Set up ceph 3.0 cluster.
2. Using boto3,  try to create bucket,putting objects into the bucket and set encryption to the object.
3. Try to download the object with encryption key.
Actual results:
For put_object(), which returns info about the object,info about encryption was not displayed, also, object was getting downloaded without encryption key.
==

Expected results:
After put_object(), should return
Example--
 {
    'Expiration': 'string',
    'ETag': 'string',
    'ServerSideEncryption': 'AES256'|'aws:kms',
    'VersionId': 'string',
    'SSECustomerAlgorithm': 'string',
    'SSECustomerKeyMD5': 'string',
    'SSEKMSKeyId': 'string',
    'RequestCharged': 'requester'
}
and ,for downloading object, should ask for encryption key.
Comment 18 errata-xmlrpc 2017-12-05 23:46:00 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2017:3387