seaweedfs

History

Chris Lu 17028fbf59 fix: serialize SSE-KMS metadata when bucket default encryption applies KMS (#8780 ) * fix: serialize SSE-KMS metadata when bucket default encryption applies KMS When a bucket has default SSE-KMS encryption enabled and a file is uploaded without explicit SSE headers, the encryption was applied correctly but the SSE-KMS metadata (x-seaweedfs-sse-kms-key) was not serialized. This caused downloads to fail with "empty SSE-KMS metadata" because the entry's Extended map stored an empty byte slice. The existing code already handled this for SSE-S3 bucket defaults (SerializeSSES3Metadata) but was missing the equivalent call to SerializeSSEKMSMetadata for the KMS path. Fixes seaweedfs/seaweedfs#8776 * ci: add KMS integration tests to GitHub Actions Add a kms-tests.yml workflow that runs on changes to KMS/SSE code with two jobs: 1. KMS provider tests: starts OpenBao via Docker, runs Go integration tests in test/kms/ against a real KMS backend 2. S3 KMS e2e tests: starts OpenBao + weed mini built from source, runs test_s3_kms.sh which covers bucket-default SSE-KMS upload/download (the exact scenario from #8776) Supporting changes: - test/kms/Makefile: add CI targets (test-provider-ci, test-s3-kms-ci) that manage OpenBao via plain Docker and run weed from source - test/kms/s3-config-openbao-template.json: S3 config template with OpenBao KMS provider for weed mini * refactor: combine SSE-S3 and SSE-KMS metadata serialization into else-if SSE-S3 and SSE-KMS bucket default encryption are mutually exclusive, so use a single if/else-if block instead of two independent if blocks. * Update .github/workflows/kms-tests.yml Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com> * fix(ci): start weed mini from data dir to avoid Docker filer.toml weed mini reads filer.toml from the current working directory first. When running from test/kms/, it picked up the Docker-targeted filer.toml which has dir="/data/filerdb" (a path that doesn't exist in CI), causing a fatal crash at filer store initialization. Fix by cd-ing to the data directory before starting weed mini. Also improve log visibility on failure. --------- Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>		1 day ago
..
data	volume: large_volume version has bug when using in memory index	5 years ago
erasure_coding	simplify plugin scheduler: remove configurable IdleSleepSeconds, use constant 61s	3 weeks ago
foundationdb	go 1.25	3 weeks ago
fuse_integration	mount: stream all filer mutations over single ordered gRPC stream (#8770)	2 days ago
java/spark	build(deps): bump io.netty:netty-codec-http from 4.1.129.Final to 4.1.132.Final in /test/java/spark (#8784)	1 day ago
kafka	fix tests	4 days ago
kms	fix: serialize SSE-KMS metadata when bucket default encryption applies KMS (#8780)	1 day ago
metadata_subscribe	fix: keep metadata subscriptions progressing (#8730) (#8746)	4 days ago
mq	fix: add missing backslash for volume extraArgs in helm chart (#7676)	4 months ago
multi_master	fix: improve raft leader election reliability and failover speed (#8692)	1 week ago
plugin_workers	test: assert ReadFileStatusCount in batch execution test	3 weeks ago
postgres	update go version	3 weeks ago
random_access	Java 3.59	2 years ago
s3	fix: resolve CORS cache race condition causing stale 404 responses (#8748)	4 days ago
s3tables	Iceberg table maintenance Phase 3: multi-spec compaction, delete handling, and metrics (#8643)	2 weeks ago
sftp	chore: execute goimports to format the code (#7983)	3 months ago
tus	Add TUS protocol support for resumable uploads (#7592)	3 months ago
volume_server	test: restore coverage removed in PR #8360 (#8779)	2 days ago