From b325593b472f070cbb391a0d4e6db96d21ef6a2f Mon Sep 17 00:00:00 2001 From: Harshavardhana Date: Tue, 6 Mar 2018 16:04:48 -0800 Subject: [PATCH] SSE-C CopyObject key-rotation doesn't need metadata REPLACE value (#5611) Fix a compatibility issue with AWS S3 where to do key rotation we need to replace an existing object's metadata. In such a scenario "REPLACE" metadata directive is not necessary. --- cmd/object-handlers.go | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/cmd/object-handlers.go b/cmd/object-handlers.go index 358377d85..07daedf1a 100644 --- a/cmd/object-handlers.go +++ b/cmd/object-handlers.go @@ -489,7 +489,9 @@ func (api objectAPIHandlers) CopyObjectHandler(w http.ResponseWriter, r *http.Re // Check if x-amz-metadata-directive was not set to REPLACE and source, // desination are same objects. Apply this restriction also when // metadataOnly is true indicating that we are not overwriting the object. - if !isMetadataReplace(r.Header) && srcInfo.metadataOnly { + // if encryption is enabled we do not need explicit "REPLACE" metadata to + // be enabled as well - this is to allow for key-rotation. + if !isMetadataReplace(r.Header) && srcInfo.metadataOnly && !srcInfo.IsEncrypted() { pipeWriter.CloseWithError(fmt.Errorf("invalid copy dest")) // If x-amz-metadata-directive is not set to REPLACE then we need // to error out if source and destination are same.