Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Rewrite object receives 400 error when CMEK is enabled for a bucket #806

Closed
cojenco opened this issue Jun 2, 2022 · 0 comments · Fixed by #807
Closed

Rewrite object receives 400 error when CMEK is enabled for a bucket #806

cojenco opened this issue Jun 2, 2022 · 0 comments · Fixed by #807
Assignees
@cojenco
Labels
api: storage Issues related to the googleapis/python-storage API. priority: p2 Moderately-important priority. Fix may not be included in next release. type: bug Error or flaw in code with unintended results or allowing sub-optimal usage patterns.

Comments

@cojenco
Copy link
Contributor

cojenco commented Jun 2, 2022

Tracking issue for a customer.

Unable to rewrite on top of an existing GCS blob in CMEK enabled bucket. Receives a 400 Bad Request with the following repro code. This looks very similar to #155

Environment details

  • python 3.9
  • google-cloud-storage 2.3.0

Steps to reproduce

  1. Create a bucket with Customer-managed encryption keys (via Cloud KMS)
  2. Write blob to bucket
  3. Overwrite blob

Code example

from google.cloud import storage
bucket_name = 'your-bucket-name'
blob_name1 = 'your-object-name'
blob_name1 = 'your-different-name'
client = storage.Client()
bucket = client.bucket(bucket_name)
blob1 = bucket.get_blob(blob_name1)
blob2 = bucket.get_blob(blob_name2)
blob2.rewrite(blob1)

Expected behavior: Success, blob2 is overwritten
Actual behavior: google.api_core.exceptions.BadRequest: 400 POST <...> Bad Cloud KMS crypto key <...>
As long as blob1 and blob2 are not equal and both exist, this issue happens.

Workaround

Either delete blob2 first, then overwrite. OR call blob2 = bucket.blob(blob_name2) instead.

Potential Fix:

  • blob.rewrite() should only use kms_key_name if it doesn't end with a version.
@cojenco cojenco self-assigned this Jun 2, 2022
@product-auto-label product-auto-label bot added the api: storage Issues related to the googleapis/python-storage API. label Jun 2, 2022
@cojenco cojenco mentioned this issue Jun 2, 2022
Merged
@cojenco cojenco added priority: p2 Moderately-important priority. Fix may not be included in next release. type: bug Error or flaw in code with unintended results or allowing sub-optimal usage patterns. labels Jun 3, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@cojenco cojenco

Labels
api: storage Issues related to the googleapis/python-storage API. priority: p2 Moderately-important priority. Fix may not be included in next release. type: bug Error or flaw in code with unintended results or allowing sub-optimal usage patterns.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix: rewrite object in CMEK enabled bucket cojenco/python-storage
1 participant
@cojenco