Skip to content

require_https_for_sse_cpk option does not work #2519

Closed
#3364
Closed
require_https_for_sse_cpk option does not work#2519
#3364
Labels
bugThis issue is a bug.needs-triageThis issue or PR still needs to be triaged.
@nkuroda

Description

@nkuroda
nkuroda
opened on May 10, 2021

Confirm by changing [ ] to [x] below to ensure that it's a bug:

Describe the bug
I noticed this issue when trying SSE-C in my local environment using minio.
Aws::S3::Client constructor can receive require_https_for_sse_cpk optional argument as below, but I think this option does not work.

aws-sdk-ruby/gems/aws-sdk-s3/lib/aws-sdk-s3/client.rb

Lines 280 to 283 in 02a9af7

# @option options [Boolean] :require_https_for_sse_cpk (true)
# When `true`, the endpoint **must** be HTTPS for all operations
# where server-side-encryption is used with customer-provided keys.
# This should only be disabled for local testing.

I think Aws::S3::Plugins::SseCpk#require_https method needs to be modified.

aws-sdk-ruby/gems/aws-sdk-s3/lib/aws-sdk-s3/plugins/sse_cpk.rb

Lines 43 to 53 in a82c898

def require_https(context)
unless URI::HTTPS === context.config.endpoint
msg = <<-MSG.strip.gsub("\n", ' ')
Attempting to send customer-provided-keys for S3
server-side-encryption over HTTP; Please configure a HTTPS
endpoint. If you are attempting to use a test endpoint,
you can disable this check via `:require_https_for_sse_cpk`
MSG
raise ArgumentError, msg
end
end

I think it would be better to modify as follows.

          def require_https(context)
            return unless context.config.require_https_for_sse_cpk

            unless URI::HTTPS === context.config.endpoint
              msg = <<-MSG.strip.gsub("\n", ' ')
                Attempting to send customer-provided-keys for S3
                server-side-encryption over HTTP; Please configure a HTTPS
                endpoint. If you are attempting to use a test endpoint,
                you can disable this check via `:require_https_for_sse_cpk`
              MSG
              raise ArgumentError, msg
            end
          end

Gem name ('aws-sdk', 'aws-sdk-resources' or service gems like 'aws-sdk-s3') and its version
'aws-sdk-s3'

Version of Ruby, OS environment
ruby 2.7.2p137 (2020-10-01 revision 5445e04352) [x86_64-darwin19]

To Reproduce (observed behavior)
Steps to reproduce the behavior (please share code or minimal repo)

[1] pry(main)> client = Aws::S3::Client.new(region: 'ap-northeast-1', credentials: xxx, require_https_for_sse_cpk: false)
=> #<Aws::S3::Client>
[2] pry(main)> bucket = Aws::S3::Resource.new(client: client).bucket('bucket_name')
=> #<Aws::S3::Bucket:0x00007fa59a4a70d0
 @arn=nil,
 @client=#<Aws::S3::Client>,
 @data=nil,
 @name="bucket_name",
 @resolved_region="ap-northeast-1",
 @waiter_block_warned=false>
[3] pry(main)> object = bucket.object('object_name')
=> #<Aws::S3::Object:0x00007fa59a3fdcd8
 @bucket_name="bucket_name",
 @client=#<Aws::S3::Client>,
 @data=nil,
 @key="object_name",
 @waiter_block_warned=false>
[4] pry(main)> object.presigned_url(:put, sse_customer_algorithm: 'AES256', sse_customer_key: 'customer_key')
ArgumentError: Attempting to send customer-provided-keys for S3                 server-side-encryption over HTTP; Please configure a HTTPS                 endpoint. If you are attempting to use a test endpoint,                 you can disable this check via `:require_https_for_sse_cpk`
from /Users/nkuroda/.rbenv/versions/2.7.2/lib/ruby/gems/2.7.0/gems/aws-sdk-s3-1.94.0/lib/aws-sdk-s3/plugins/sse_cpk.rb:51:in `require_https'

Expected behavior
Successful issuance of SSE-C type presigned_url

Screenshots
If applicable, add screenshots to help explain your problem.

Additional context
Add any other context about the problem here.

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugThis issue is a bug.needs-triageThis issue or PR still needs to be triaged.

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions