We use S3 and SSE-C to encrypt the objects stored in the remote S3 repository.
I've initialized the S3Client accordingly with:
extra_args={
"SSECustomerKey": sse_c_key,
"SSECustomerAlgorithm": "AES256",
"CopySourceSSECustomerKey": sse_c_key,
"CopySourceSSECustomerAlgorithm": "AES256",
}
Reading and writing objects worked that way but copying and moving (= copy and delete) do not: the CopySourceSSECustomerKey and CopySourceSSECustomerAlgorithm are not passed to the copy operation.
If I saw it correctly, the reason is that in s3client.py:298 the property boto3_ul_extra_args is used, which ensures that all extra arguments match the list S3Transfer.ALLOWED_UPLOAD_ARGS (coming from TransferManager.ALLOWED_DOWNLOAD_ARGS). Unfortunately, the Copy* attributes are not included there but in TransferManager.ALLOWED_COPY_ARGS.
Would it be possible to use the ALLOWED_COPY_ARGS there? Or is this restricted intentionally?
We use S3 and SSE-C to encrypt the objects stored in the remote S3 repository.
I've initialized the
S3Clientaccordingly with:Reading and writing objects worked that way but copying and moving (= copy and delete) do not: the
CopySourceSSECustomerKeyandCopySourceSSECustomerAlgorithmare not passed to the copy operation.If I saw it correctly, the reason is that in s3client.py:298 the property
boto3_ul_extra_argsis used, which ensures that all extra arguments match the listS3Transfer.ALLOWED_UPLOAD_ARGS(coming fromTransferManager.ALLOWED_DOWNLOAD_ARGS). Unfortunately, theCopy*attributes are not included there but inTransferManager.ALLOWED_COPY_ARGS.Would it be possible to use the
ALLOWED_COPY_ARGSthere? Or is this restricted intentionally?