Commit 612e097b authored by Vlad Stoianovici's avatar Vlad Stoianovici Committed by Achilleas Pipinellis

Outlined our code's incompatibility with Google KMS encryption

parent 43a6b985
...@@ -281,6 +281,9 @@ The service account must have permission to access the bucket. Learn more ...@@ -281,6 +281,9 @@ The service account must have permission to access the bucket. Learn more
in Google's in Google's
[Cloud Storage authentication documentation](https://cloud.google.com/storage/docs/authentication). [Cloud Storage authentication documentation](https://cloud.google.com/storage/docs/authentication).
NOTE:
Bucket encryption with the [Cloud Key Management Service (KMS)](https://cloud.google.com/kms/docs) is not supported and will result in [ETag mismatch errors](#etag-mismatch).
##### Google example (consolidated form) ##### Google example (consolidated form)
For Omnibus installations, this is an example of the `connection` setting: For Omnibus installations, this is an example of the `connection` setting:
...@@ -682,6 +685,8 @@ With the consolidated object configuration and instance profile, Workhorse has ...@@ -682,6 +685,8 @@ With the consolidated object configuration and instance profile, Workhorse has
S3 credentials so that it can compute the `Content-MD5` header. This S3 credentials so that it can compute the `Content-MD5` header. This
eliminates the need to compare ETag headers returned from the S3 server. eliminates the need to compare ETag headers returned from the S3 server.
Encrypting buckets with GCS' [Cloud Key Management Service (KMS)](https://cloud.google.com/kms/docs) is not supported and will result in ETag mismatch errors.
### Using Amazon instance profiles ### Using Amazon instance profiles
Instead of supplying AWS access and secret keys in object storage Instead of supplying AWS access and secret keys in object storage
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment