Add markers encryption_sse_c and encryption_sse_kms #553

atta · 2024-03-01T09:39:42Z

testing of sse-c is now possible without a configured kms
add header 'X-Forwarded-Proto' = 'https' if is_secure is set to False in the configuration file

* testing of sse-c is now possible without a configured kms * add header 'X-Forwarded-Proto' = 'https' if is_secure is set to False in the configuration file

atta · 2024-04-22T09:45:30Z

Hi, please let me know if there is anything to change, would love to get it done

LenzGr · 2024-04-25T11:55:55Z

Hey @cbodley or @mattbenjamin - would you mind taking a look at this PR? Thank you :)

cbodley · 2024-04-25T13:20:09Z

.github/workflows/pylint.yml

+        pip install pylint
+    - name: Analysing the code with pylint
+      run: |
+        pylint $(git ls-files '*.py')


please remove this

cbodley · 2024-04-25T13:20:53Z

pytest.ini

+    encryption_sse_c
+    encryption_sse_kms


there's already a marker for sse_s3. please remove the encryption_ part to be consistent

cbodley · 2024-04-25T13:21:02Z

s3tests_boto3/functional/test_s3.py

@@ -5171,15 +5171,15 @@ def test_list_buckets_invalid_auth():
    e = assert_raises(ClientError, bad_auth_client.list_buckets)
    status, error_code = _get_status_and_error_code(e.response)
    assert status == 403
-    assert error_code == 'InvalidAccessKeyId'
+    assert error_code == 'AccessDenied'


what's the motivation of this change? afaik this has been passing as-is

cbodley · 2024-04-25T13:24:08Z

s3tests_boto3/functional/test_s3.py

+    if get_config_is_secure() == False:
+        sse_client_headers['X-Forwarded-Proto'] = 'https'


this shouldn't be necessary, and servers probably shouldn't accept this header from clients without additional configuration. if you're just testing against ceph rgw, you can set rgw_crypt_require_ssl=false to run these

In my tests, if the rgw_crypt_require_ssl=false is set, the ceph rgw will require the header in order to accept the request.

that config option has always worked in our automated testing, ex. https://github.com/ceph/ceph/blob/04416f4/qa/suites/rgw/crypt/3-rgw/rgw.yaml#L7

Ansgar Jazdzewski and others added 2 commits March 1, 2024 10:34

Add markers encryption_sse_c and encryption_sse_kms

1d4429f

* testing of sse-c is now possible without a configured kms * add header 'X-Forwarded-Proto' = 'https' if is_secure is set to False in the configuration file

Create pylint.yml

c471871

mattbenjamin requested review from mdw-at-linuxbox and cbodley March 8, 2024 15:23

cbodley reviewed Apr 25, 2024

View reviewed changes

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Add markers encryption_sse_c and encryption_sse_kms #553

Add markers encryption_sse_c and encryption_sse_kms #553

atta commented Mar 1, 2024

atta commented Apr 22, 2024

LenzGr commented Apr 25, 2024

cbodley Apr 25, 2024

cbodley Apr 25, 2024

cbodley Apr 25, 2024

cbodley Apr 25, 2024

atta May 3, 2024

cbodley May 3, 2024

		if get_config_is_secure() == False:
		sse_client_headers['X-Forwarded-Proto'] = 'https'

Add markers encryption_sse_c and encryption_sse_kms #553

Are you sure you want to change the base?

Add markers encryption_sse_c and encryption_sse_kms #553

Conversation

atta commented Mar 1, 2024

atta commented Apr 22, 2024

LenzGr commented Apr 25, 2024

cbodley Apr 25, 2024

Choose a reason for hiding this comment

cbodley Apr 25, 2024

Choose a reason for hiding this comment

cbodley Apr 25, 2024

Choose a reason for hiding this comment

cbodley Apr 25, 2024

Choose a reason for hiding this comment

atta May 3, 2024

Choose a reason for hiding this comment

cbodley May 3, 2024

Choose a reason for hiding this comment