Skip to content

add missing header for put encrypted object #6122

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
bert-e merged 1 commit into from
Mar 31, 2026
+31 −3
Merged

add missing header for put encrypted object #6122

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
11 changes: 10 additions & 1 deletion lib/api/objectPut.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,7 @@ const kms = require('../kms/wrapper');
const monitoring = require('../utilities/monitoringHandler');
const { validatePutVersionId } = require('./apiUtils/object/coldStorage');
const { setExpirationHeaders } = require('./apiUtils/object/expirationHeaders');
const { setSSEHeaders } = require('./apiUtils/object/sseHeaders');
const validateChecksumHeaders = require('./apiUtils/object/validateChecksumHeaders');

const writeContinue = require('../utilities/writeContinue');
Expand Down Expand Up @@ -173,7 +174,15 @@ function objectPut(authInfo, request, streamingV4Params, log, callback) {
function createCipherBundle(serverSideEncryptionConfig, next) {
if (serverSideEncryptionConfig) {
return kms.createCipherBundle(
serverSideEncryptionConfig, log, next);
serverSideEncryptionConfig, log, (err, cipherBundle) => {
if (err) {
return next(err);
}
setSSEHeaders(responseHeaders,
cipherBundle.algorithm,
cipherBundle.configuredMasterKeyId || cipherBundle.masterKeyId);
return next(null, cipherBundle);
});
}
return next(null, null);
},
Expand Down
23 changes: 21 additions & 2 deletions tests/functional/aws-node-sdk/test/object/encryptionHeaders.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -174,8 +174,16 @@ describe('per object encryption headers', () => {
const hasKey = target.masterKeyId ? 'a' : 'no';
describe(`Test algorithm ${target.algo || 'none'} with ${hasKey} configuredMasterKeyId`, () => {
it('should put an encrypted object in a unencrypted bucket', done =>
putEncryptedObject(s3, bucket, object, target, kmsKeyId, error => {
putEncryptedObject(s3, bucket, object, target, kmsKeyId, (error, putResp) => {
assert.ifError(error);
if (target.algo) {
assert.strictEqual(putResp.ServerSideEncryption, target.algo,
'PutObject response should include ServerSideEncryption header');
if (target.algo === 'aws:kms') {
assert(putResp.SSEKMSKeyId,
'PutObject response should include SSEKMSKeyId for aws:kms');
}
}
return getSSEConfig(
s3,
bucket,
Expand Down Expand Up @@ -239,8 +247,19 @@ describe('per object encryption headers', () => {
(params, cb) => putBucketEncryption(s3, params, cb) : s3NoOp;
s3Op(params, error => {
assert.ifError(error);
return putEncryptedObject(s3, bucket, object, target, kmsKeyId, error => {
return putEncryptedObject(s3, bucket, object, target, kmsKeyId, (error, putResp) => {
assert.ifError(error);
if (target.algo) {
assert.strictEqual(putResp.ServerSideEncryption, target.algo,
'PutObject response should include ServerSideEncryption header');
if (target.algo === 'aws:kms') {
assert(putResp.SSEKMSKeyId,
'PutObject response should include SSEKMSKeyId for aws:kms');
}
} else if (existing.algo) {
assert.strictEqual(putResp.ServerSideEncryption, existing.algo,
'PutObject response should include ServerSideEncryption from bucket default');
}
return getSSEConfig(
s3,
bucket,
Expand Down
Loading