Failing S3 move and copy operations with SSE-C

[dw7o]

We use S3 and SSE-C to encrypt the objects stored in the remote S3 repository.
I've initialized the S3Client accordingly with:

extra_args={
    "SSECustomerKey": sse_c_key,
    "SSECustomerAlgorithm": "AES256",
    "CopySourceSSECustomerKey": sse_c_key,
    "CopySourceSSECustomerAlgorithm": "AES256",
}

Reading and writing objects worked that way but copying and moving (= copy and delete) do not: the CopySourceSSECustomerKey and CopySourceSSECustomerAlgorithm are not passed to the copy operation.

If I saw it correctly, the reason is that in s3client.py:298 the property boto3_ul_extra_args is used, which ensures that all extra arguments match the list S3Transfer.ALLOWED_UPLOAD_ARGS (coming from TransferManager.ALLOWED_DOWNLOAD_ARGS). Unfortunately, the Copy* attributes are not included there but in TransferManager.ALLOWED_COPY_ARGS.

Would it be possible to use the ALLOWED_COPY_ARGS there? Or is this restricted intentionally?

[pjbull]

Thanks!

We'd take a fix that additionally creates boto3_cp_extra_args with TransferManager.ALLOWED_COPY_ARGS and uses that in the copy call.