Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Request/Response Checksum Behavior Updates #3277

Open
wants to merge 17 commits into
base: flexible-checksums-v2
Choose a base branch
from
Open

Request/Response Checksum Behavior Updates #3277

wants to merge 17 commits into from

Conversation

jonathan343
Copy link
Contributor

@jonathan343 jonathan343 commented Oct 8, 2024
edited
Loading

This PR makes the following updates to the botocore flexible checksum behavior:

Request Checksum Calculation

  • Remove MD5 checksums and make CRC32 the default checksum algorithm.
  • When the request_checksum_calculation config is set to when_supported (default value), a checksum will be generated whenever one of the following conditions is true:
    • An operation applies the httpchecksum trait and defines a requestAlgorithmMember.
    • An operation applies the httpchecksum trait and defines requestChecksumRequired: true.
  • When the request_checksum_calculation config is set to when_required, a checksum will be generated only when:
    • An operation applies the httpchecksum trait and defines requestChecksumRequired: true.

S3 Customizations:

  • Deprecates existing customizations for MD5 checksums.

Response Checksum Validation

  • A value set for requestValidationModeMember by the user will be used by the SDK.
  • If the requestValidationModeMember value is not set by the user, the following behavior is experienced:
    • When the response_checksum_validation config is set to when_supported (default value), the requestValidationModeMember will be set to ENABLED.
    • When the response_checksum_validation config is set to when_required, the requestValidationModeMember will be set to ENABLED.

@codecov-commenter
Copy link

codecov-commenter commented Oct 8, 2024
edited
Loading

⚠️ Please install the 'codecov app svg image' to ensure uploads and comments are reliably processed by Codecov.

Codecov Report

Attention: Patch coverage is 96.66667% with 1 line in your changes missing coverage. Please review.

Please upload report for BASE (flexible-checksums-v2@fac0754). Learn more about missing BASE report.

Files with missing lines Patch % Lines
botocore/utils.py 66.66% 1 Missing ⚠️

❗ Your organization needs to install the Codecov GitHub app to enable full functionality.

Additional details and impacted files 
@@                   Coverage Diff                    @@
##             flexible-checksums-v2    #3277   +/-   ##
========================================================
  Coverage                         ?   93.04%           
========================================================
  Files                            ?       66           
  Lines                            ?    14405           
  Branches                         ?        0           
========================================================
  Hits                             ?    13403           
  Misses                           ?     1002           
  Partials                         ?        0

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

nateprewitt
nateprewitt requested changes Oct 11, 2024
View reviewed changes
botocore/httpchecksum.py Outdated Show resolved Hide resolved
botocore/handlers.py Outdated Show resolved Hide resolved
botocore/httpchecksum.py Outdated Show resolved Hide resolved
botocore/httpchecksum.py Outdated Show resolved Hide resolved
botocore/utils.py Show resolved Hide resolved
tests/functional/test_s3.py Outdated Show resolved Hide resolved
tests/functional/test_s3.py Show resolved Hide resolved
tests/functional/test_s3.py
# `payload_signing_enabled` config overrides this logic and forces the
# header.
def test_content_sha256_not_set_if_config_value_is_true(self):
# By default, put_object() provides a trailing checksum and includes the
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is this right? I wouldn't expect us to be using trailing checksums by default on put_object.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Because CRC32 is the new default, put_object will use trailing checksums by default. This is because put_object has streaming input.

You can see this behavior in the current version of the SDK by running:

import boto3
boto3.set_stream_logger('')

s3 = boto3.client("s3")

response = s3.put_object(
    Body=b"Example data.",
    Bucket="<bucket_name>",
    Key="example_key.txt",
    ChecksumAlgorithm="CRC32",
)

tests/functional/test_s3.py Outdated Show resolved Hide resolved
tests/functional/test_s3.py Show resolved Hide resolved
@jonathan343 jonathan343 changed the title Default to CRC32 for Request Checksum Calculation Request/Response Checksum Updates Oct 28, 2024
@jonathan343 jonathan343 changed the title Request/Response Checksum Updates Request/Response Behavior Checksum Updates Oct 28, 2024
@jonathan343 jonathan343 changed the title Request/Response Behavior Checksum Updates Request/Response Checksum Behavior Updates Oct 28, 2024
nateprewitt
nateprewitt reviewed Oct 28, 2024
View reviewed changes
botocore/handlers.py Show resolved Hide resolved
tests/functional/test_s3.py Outdated Show resolved Hide resolved
tests/unit/test_httpchecksum.py Show resolved Hide resolved
nateprewitt
nateprewitt reviewed Oct 29, 2024
View reviewed changes
botocore/utils.py Outdated Show resolved Hide resolved
SamRemis
SamRemis reviewed Oct 29, 2024
View reviewed changes
botocore/httpchecksum.py Show resolved Hide resolved
botocore/httpchecksum.py Show resolved Hide resolved
nateprewitt
nateprewitt reviewed Oct 29, 2024
View reviewed changes
tests/functional/test_s3.py Outdated Show resolved Hide resolved
tests/functional/test_s3.py Outdated Show resolved Hide resolved
jonathan343 and others added 16 commits November 1, 2024 10:40
@jonathan343
Add Flexible Checksum v2 Config Options (boto#3271)
cdcb6b0 
Add ``request_checksum_calculation`` and ``response_checksum_validation`` config options.
@jonathan343
Add support for CRC64NVME when the CRT is available. (boto#3273)
c38b116 
* Add support for CRC64NVME when the CRT is available.

* Update crc64nvme priority
@jonathan343
Make CRC32 the default checksum and remove MD5
02fac6d
@jonathan343
Add tests for
50d7142
@jonathan343
Fix CRT only tests
0a2971f
@jonathan343
Actually fix CRT only tests
bf16ed7
@jonathan343
PR Feedback
88eb03b
@jonathan343
Ignore x-amz-checksum-algorithm when checking for user supplied check…
878cb93 
…sums.
@jonathan343
Revert "Ignore x-amz-checksum-algorithm when checking for user suppli…
7563334 
…ed checksums."

This reverts commit 93a47eb.
@jonathan343
enable response checksum validation by default
860dc3b
@jonathan343
PR feedback
2e24f7f
@jonathan343
Condense conditional; Update private function warning to docstring
e9eade8
@jonathan343
Avoid importing _CHECKSUM_CLS directly.
ce46e4a
@jonathan343
Add Flexible Checksum v2 Config Options (boto#3271)
d44bb57 
Add ``request_checksum_calculation`` and ``response_checksum_validation`` config options.
@jonathan343
Add support for CRC64NVME when the CRT is available. (boto#3273)
dc710ec 
* Add support for CRC64NVME when the CRT is available.

* Update crc64nvme priority
@jonathan343
merge flexible-checksums-v2
0569615
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@SamRemis SamRemis SamRemis left review comments

@nateprewitt nateprewitt nateprewitt requested changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@jonathan343 @codecov-commenter @nateprewitt @SamRemis