-
Notifications
You must be signed in to change notification settings - Fork 653
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Developer Guide: Document Support for Amazon S3 Object Integrity Features #1689
Comments
skmcgrail
changed the title
documentation: Document SDK Support for Amazon S3 Object Integrity Features
Developer Guide: Document SDK Support for Amazon S3 Object Integrity Features
Apr 29, 2022
skmcgrail
changed the title
Developer Guide: Document SDK Support for Amazon S3 Object Integrity Features
Developer Guide: Document Support for Amazon S3 Object Integrity Features
Apr 29, 2022
@skmcgrail, with the golang sdk, It is currently not possible to use Amazon S3 Object Integrity Features with presigned URL because of this open bug : #1566 |
2 tasks
lucix-aws
removed
documentation
This is a problem with documentation.
good-first-issue
labels
Apr 26, 2024
This issue is now closed. Comments on closed issues are hard for our team to see. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
A little bit more nuanced, but I think this highlights that it is worth creating a developer guide documentation page to help clarify the behaviors when using the S3 client and checksums.
ChecksumCRC32
,ChecksumCRC32C
,ChecksumSHA1
, orChecksumSHA256
fields then the SDK will send that value specified using a standard HTTP request header using the appropriatex-amz-checksum-*
header for each. This is not affected by whether theHTTP
orHTTPS
scheme is used. The request will be signed with SigV4 or SigV4a regardless of the scheme, the only distinction is whether the payload body hash is computed or not for thex-amz-content-sha256
header. For HTTP schemes this will be the computed sha256 hash for the PutObject body, otherwise for HTTPS this will beUNSIGNED-PAYLOAD
. If the payload body hash needs to be computed for sending to a non-HTTPS endpoint, then the body must be seekable so the SDK can compute the hash and reseek the body.ChecksumAlgorithm
field, and an algorithmChecksum*
member is not set, then the SDK will compute the corresponding checksum for the request and will send it in the appropriatex-amz-checksum-*
. The only distinction is if the checksum is sent as a header or trailer based on the endpoint schemeSTREAMING-UNSIGNED-PAYLOAD-TRAILER
which does not require signing each aws-chunk. The Go SDK only supports this variant of aws-chunked, which is why computed checksums sent via a aws-chunked trailer requires an HTTPS endpoint in this SDK. For trailer streaming the content-length of the PutObject body must be known. So either the PutObject request specifiesContentLength
field, the body implementsinterface{ Len() int }
, or the body is seekable so SDK can figure out the length to be sent. The SDK may add support for the signed aws-chunked variants (e.g.STREAMING-AWS4-HMAC-SHA256-PAYLOAD-TRAILER
) in the future as to support sending of signed checksum trailers to non-HTTPS endpoints. That feature is supported in SDKs that had already supported signed aws-chunked payloads previously.Originally posted by @skmcgrail in #1667 (comment)
The text was updated successfully, but these errors were encountered: