Skip to content

fix: Remove context passed to MinIO's NewSSEKMS#1428

Open
lbeckman314 wants to merge 6 commits into
developfrom
fix/minio-header
Open

fix: Remove context passed to MinIO's NewSSEKMS#1428
lbeckman314 wants to merge 6 commits into
developfrom
fix/minio-header

Conversation

@lbeckman314

@lbeckman314 lbeckman314 commented Jun 9, 2026

Copy link
Copy Markdown
Contributor

Overview 🌀

This PR adds a fix to Funnel to resolve a malformed x-amz-server-side-encryption-context header when using SSE-KMS with the MinIO Go client (Issue #2235).

Current Behavior ⚠️

  • encrypt.NewSSEKMS(kmskeyId, ctx) was called with a context.Context as the second argument (the KMS encryption context).

  • Since NewSSEKMS JSON-marshals whatever is passed, this produced a nested object {"Context":{"Context":{"Context":{}}}} which was base64-encoded into the x-amz-server-side-encryption-context header.

  • S3 rejects this because it requires a flat string-string map, causing upload/download failures on KMS-enabled buckets.

New Behavior ✔️

  • encrypt.NewSSEKMS(kmskeyId, nil) is called instead.

  • Passing nil tells the MinIO client to omit the x-amz-server-side-encryption-context header entirely, which is correct when no additional KMS encryption context key-value pairs are needed.

Breaking Changes? ❌

  • No breaking change. This is a bug fix that resolves current issues with KMS-enabled buckets — the malformed header caused errors. Users who were not using KMS (KmsKeyID left empty) are unaffected.

Signed-off-by: Liam Beckman <lbeckman314@gmail.com>
@github-actions

github-actions Bot commented Jun 9, 2026

Copy link
Copy Markdown

Gen3 Integration Tests

filepath passed skipped SUBTOTAL
tests/test_gen3_workflow.py 25 4 29
TOTAL 25 4 29

@lbeckman314 lbeckman314 self-assigned this Jun 9, 2026
@lbeckman314 lbeckman314 added bug blocker blocks user interactions labels Jun 9, 2026
@lbeckman314 lbeckman314 marked this pull request as draft June 9, 2026 18:35
@github-actions

github-actions Bot commented Jun 9, 2026

Copy link
Copy Markdown

Gen3 Integration Tests

filepath passed skipped SUBTOTAL
tests/test_gen3_workflow.py 25 4 29
TOTAL 25 4 29

@lbeckman314 lbeckman314 marked this pull request as ready for review June 10, 2026 19:55
@github-actions

Copy link
Copy Markdown

Gen3 Integration Tests

filepath passed skipped SUBTOTAL
tests/test_gen3_workflow.py 25 4 29
TOTAL 25 4 29

@github-actions

Copy link
Copy Markdown

Gen3 Integration Tests

filepath passed skipped SUBTOTAL
tests/test_gen3_workflow.py 25 4 29
TOTAL 25 4 29

@github-actions

Copy link
Copy Markdown

Gen3 Integration Tests

filepath passed skipped SUBTOTAL
tests/test_gen3_workflow.py 25 4 29
TOTAL 25 4 29

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

blocker blocks user interactions bug

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant