Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

MIGRATION ISSUE: Equivalent way of disabling MD5 (S3DisableContentMD5Validation) #2769

Closed
2 tasks done
stanhu opened this issue Sep 2, 2024 · 3 comments
Closed
2 tasks done

MIGRATION ISSUE: Equivalent way of disabling MD5 (S3DisableContentMD5Validation) #2769

stanhu opened this issue Sep 2, 2024 · 3 comments
Assignees
@RanVaknin
Labels
guidance Question that needs advice or information. p2 This is a standard priority issue response-requested Waiting on additional info and feedback. Will move to "closing-soon" in 7 days. v1-v2-inconsistency v1-v2-inconsistency Behavior has changed from v1 to v2, or feature is missing altogether

Comments

@stanhu
Copy link

stanhu commented Sep 2, 2024

Pre-Migration Checklist

Go Version Used

Go 1.21

Describe the Migration Issue

In AWS SDK Go v1, we previously used S3DisableContentMD5Validation to avoid computing MD5 checksums in the PutObject API call in FIPS systems:

From https://docs.aws.amazon.com/sdk-for-go/api/aws/:

    // S3DisableContentMD5Validation config option is temporarily disabled,
    // For S3 GetObject API calls, #1837.
    //
    // Set this to `true` to disable the S3 service client from automatically
    // adding the ContentMD5 to S3 Object Put and Upload API calls. This option
    // will also disable the SDK from performing object ContentMD5 validation
    // on GetObject API calls.
    S3DisableContentMD5Validation *bool

I saw the comment in #1040 (comment), but I'm not sure if this meant it was possible to disable MD5 outright.

Could someone clarify what needs to be done here?

Code Comparison

V1:

	cfg := &aws.Config{
		S3DisableContentMD5Validation: aws.Bool(True),
	}

Observed Differences/Errors

There's no obvious way to set S3DisableContentMD5Validation.

Additional Context

No response
@stanhu stanhu added needs-triage This issue or PR still needs to be triaged. v1-v2-inconsistency v1-v2-inconsistency Behavior has changed from v1 to v2, or feature is missing altogether labels Sep 2, 2024
@RanVaknin
Copy link
Contributor

Hi @stanhu ,

Is there a particular operation that calculates md5 for you? In v2 md5 shouldn't be calculated by default.

v1:

PUT /hey123.txt HTTP/1.1
Host: testbucket-REDACTED.s3.amazonaws.com
User-Agent: aws-sdk-go/1.50.9 (go1.19.1; darwin; arm64)
Content-Length: 3
Authorization: AWS4-HMAC-SHA256 Credential=REDACTED/20240904/us-east-1/s3/aws4_request, SignedHeaders=content-length;content-md5;host;x-amz-content-sha256;x-amz-date, Signature=REDACTED
Content-Md5: rL0Y20zC+Fzt72VPzMSk2A==
X-Amz-Content-Sha256: REDACTED
X-Amz-Date: 20240904T165439Z
Accept-Encoding: gzip

v2:

PUT /hey123.txt?x-id=PutObject HTTP/1.1
Host: testbucket-REDACTED.s3.us-west-2.amazonaws.com
User-Agent: m/E aws-sdk-go-v2/1.30.4 os/macos lang/go#1.19.1 md/GOOS#darwin md/GOARCH#arm64 api/s3#1.61.0
Content-Length: 13
Accept-Encoding: identity
Amz-Sdk-Invocation-Id: REDACTED
Amz-Sdk-Request: attempt=1; max=3
Authorization: AWS4-HMAC-SHA256 Credential=REDACTED/20240904/us-west-2/s3/aws4_request, SignedHeaders=accept-encoding;amz-sdk-invocation-id;amz-sdk-request;content-length;content-type;host;x-amz-content-sha256;x-amz-date, Signature=REDACTED
Content-Type: application/octet-stream
X-Amz-Content-Sha256: UNSIGNED-PAYLOAD
X-Amz-Date: 20240904T165749Z

You can view this by enabling the network logger:

	cfg, err := config.LoadDefaultConfig(context.TODO(), config.WithRegion("us-west-2"), config.WithClientLogMode(aws.LogRequestWithBody|aws.LogResponseWithBody))

Thanks,
Ran~

@RanVaknin RanVaknin self-assigned this Sep 4, 2024
@RanVaknin RanVaknin added guidance Question that needs advice or information. response-requested Waiting on additional info and feedback. Will move to "closing-soon" in 7 days. p2 This is a standard priority issue and removed needs-triage This issue or PR still needs to be triaged. labels Sep 4, 2024
@stanhu
Copy link
Author

stanhu commented Sep 4, 2024

Ah, even better. Thanks!

@stanhu stanhu closed this as completed Sep 4, 2024
@github-actions GitHub Actions
Copy link

github-actions bot commented Sep 4, 2024

This issue is now closed. Comments on closed issues are hard for our team to see.
If you need more assistance, please open a new issue that references this one.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@RanVaknin RanVaknin

Labels
guidance Question that needs advice or information. p2 This is a standard priority issue response-requested Waiting on additional info and feedback. Will move to "closing-soon" in 7 days. v1-v2-inconsistency v1-v2-inconsistency Behavior has changed from v1 to v2, or feature is missing altogether
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@stanhu @RanVaknin