Add support for X-Amz-Content-Sha256: STREAMING-UNSIGNED-PAYLOAD-TRAILER #824

Open
opened 2024-05-21 06:52:45 +00:00 by crimsonfez · 4 comments

When I configured HTTPS via Caddy I get this error when velero tries to upload a backup.

Response: error 400 Bad Request, Bad request: Invalid content sha256 hash: Invalid character 'S' at position 0

When I use HTTP it does not have this issue even through Caddy.

Here is the log before showing what request failed

PUT /404sys-ord/backups/test5/velero-backup.json?x-id=PutObject

When I configured HTTPS via Caddy I get this error when velero tries to upload a backup. `Response: error 400 Bad Request, Bad request: Invalid content sha256 hash: Invalid character 'S' at position 0` When I use HTTP it does not have this issue even through Caddy. Here is the log before showing what request failed `PUT /404sys-ord/backups/test5/velero-backup.json?x-id=PutObject`
Author

I believe the problem here is related to X-Amz-Content-Sha256: STREAMING-UNSIGNED-PAYLOAD-TRAILER

I believe the problem here is related to `X-Amz-Content-Sha256: STREAMING-UNSIGNED-PAYLOAD-TRAILER`
Author

Turns out the aws library that Velero uses will use this type of content signing only with TLS connections, which is why this is not an issue on HTTP.

Turns out the aws library that Velero uses will use this type of content signing only with TLS connections, which is why this is not an issue on HTTP.
crimsonfez changed title from `Invalid content sha256 hash` when using HTTPS to Add support for `X-Amz-Content-Sha256: STREAMING-UNSIGNED-PAYLOAD-TRAILER` 2024-05-22 07:33:21 +00:00

Turns out the aws library that Velero uses will use this type of content signing only with TLS connections, which is why this is not an issue on HTTP.

This seems to circumvent the issue on the velero side. Same problem seems to also be present in minio https://github.com/vmware-tanzu/velero/issues/7696#issuecomment-2078241888

> Turns out the aws library that Velero uses will use this type of content signing only with TLS connections, which is why this is not an issue on HTTP. This seems to circumvent the issue on the velero side. Same problem seems to also be present in minio https://github.com/vmware-tanzu/velero/issues/7696#issuecomment-2078241888
Owner

I believe the problem here is related to X-Amz-Content-Sha256: STREAMING-UNSIGNED-PAYLOAD-TRAILER

Indeed, it's not implemented currently.

> I believe the problem here is related to X-Amz-Content-Sha256: STREAMING-UNSIGNED-PAYLOAD-TRAILER Indeed, it's not implemented currently.
lx added the
S3 Compatibility
label 2024-05-24 16:39:00 +00:00
Sign in to join this conversation.
No milestone
No project
No assignees
3 participants
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: Deuxfleurs/garage#824
No description provided.