fix: Support all PutObjectRequest fields

seebees · seebees · commit 037fb32d4abf · 2025-05-08T13:39:28.000-07:00
All possible values of a PutObjectRequest need to be supported when enabling multiparty put object.

This PR adds support and the S3EC will now fail closed in the case of new options. This is preferred to silently dropping the value.
diff --git a/src/main/java/software/amazon/encryption/s3/internal/ConvertSDKRequests.java b/src/main/java/software/amazon/encryption/s3/internal/ConvertSDKRequests.java
@@ -0,0 +1,143 @@
+package software.amazon.encryption.s3.internal;
+
+import software.amazon.awssdk.awscore.AwsRequestOverrideConfiguration;
+import software.amazon.awssdk.services.s3.model.*;
+import java.time.Instant;
+import java.util.Map;
+
+public class ConvertSDKRequests {
+
+  public static CreateMultipartUploadRequest convert(PutObjectRequest request) {
+
+    final CreateMultipartUploadRequest.Builder output = CreateMultipartUploadRequest.builder();
+    request
+      .toBuilder()
+      .sdkFields()
+      .forEach(f -> {
+        final Object value = f.getValueOrDefault(request);
+        if (value != null) {
+          switch (f.memberName()) {
+            case "ACL":
+              output.acl((String) value);
+              break;
+            case "Bucket":
+              output.bucket((String) value);
+              break;
+            case "BucketKeyEnabled":
+              output.bucketKeyEnabled((Boolean) value);
+              break;
+            case "CacheControl":
+              output.cacheControl((String) value);
+              break;
+            case "ChecksumAlgorithm":
+              output.checksumAlgorithm((String) value);
+              break;
+            case "ChecksumType":
+              output.checksumType((ChecksumType) value);
+            case "ContentDisposition":
+              assert value instanceof String;
+              output.contentDisposition((String) value);
+              break;
+            case "ContentEncoding":
+              output.contentEncoding((String) value);
+              break;
+            case "ContentLanguage":
+              output.contentLanguage((String) value);
+              break;
+            case "ContentType":
+              output.contentType((String) value);
+              break;
+            case "ExpectedBucketOwner":
+              output.expectedBucketOwner((String) value);
+              break;
+            case "Expires":
+              output.expires((Instant) value);
+              break;
+            case "GrantFullControl":
+              output.grantFullControl((String) value);
+              break;
+            case "GrantRead":
+              output.grantRead((String) value);
+              break;
+            case "GrantReadACP":
+              output.grantReadACP((String) value);
+              break;
+            case "GrantWriteACP":
+              output.grantWriteACP((String) value);
+              break;
+            case "Key":
+              output.key((String) value);
+              break;
+            case "Metadata":
+              // The PutObjectRequest.builder().metadata(value)
+              // only takes Map<String, String> therefore it should not be possible
+              // to get here with anything other than a Map<String, String>
+              // This may be overkill, but this map should be small
+              // so the performance hit to verify this is worth the correctness.
+              if (!isStringStringMap(value)) {
+                throw new IllegalArgumentException("Metadata must be a Map<String, String>");
+              }
+              @SuppressWarnings("unchecked")
+              Map<String, String> metadata = (Map<String, String>) value;
+              output.metadata(metadata);
+              break;
+            case "ObjectLockLegalHoldStatus":
+              output.objectLockLegalHoldStatus((String) value);
+              break;
+            case "ObjectLockMode":
+              output.objectLockMode((String) value);
+              break;
+            case "ObjectLockRetainUntilDate":
+              output.objectLockRetainUntilDate((Instant) value);
+              break;
+            case "RequestPayer":
+              output.requestPayer((String) value);
+              break;
+            case "ServerSideEncryption":
+              output.serverSideEncryption((String) value);
+              break;
+            case "SSECustomerAlgorithm":
+              output.sseCustomerAlgorithm((String) value);
+              break;
+            case "SSECustomerKey":
+              output.sseCustomerKey((String) value);
+              break;
+            case "SSEKMSEncryptionContext":
+              output.ssekmsEncryptionContext((String) value);
+              break;
+            case "SSEKMSKeyId":
+              output.ssekmsKeyId((String) value);
+              break;
+            case "StorageClass":
+              output.storageClass((String) value);
+              break;
+            case "Tagging":
+              output.tagging((String) value);
+              break;
+            case "WebsiteRedirectLocation":
+              output.websiteRedirectLocation((String) value);
+              break;
+            default:
+              // Rather than silently dropping the value,
+              // we loudly signal that we don't know how to handle this field.
+              throw new IllegalArgumentException("Unknown PutObjectRequest field " + f.locationName() + ".");
+          }
+        }
+      });
+    return output
+      // OverrideConfiguration is not as SDKField but still needs to be supported
+      .overrideConfiguration(request.overrideConfiguration().orElse(null))
+      .build();
+  }
+
+  private static boolean isStringStringMap(Object value) {
+    if (!(value instanceof Map)) {
+      return false;
+    }
+    Map<?, ?> map = (Map<?, ?>) value;
+    return map.entrySet().stream()
+      .allMatch(entry -> entry != null
+        && ((Map.Entry<?, ?>) entry).getKey() instanceof String
+        && ((Map.Entry<?, ?>) entry).getValue() instanceof String);
+  }
+}
diff --git a/src/main/java/software/amazon/encryption/s3/internal/UploadObjectObserver.java b/src/main/java/software/amazon/encryption/s3/internal/UploadObjectObserver.java
@@ -42,20 +42,10 @@ public UploadObjectObserver init(PutObjectRequest req,
         this.es = es;
         return this;
     }
-
-    protected CreateMultipartUploadRequest newCreateMultipartUploadRequest(
-            PutObjectRequest request) {
-        return CreateMultipartUploadRequest.builder()
-                .bucket(request.bucket())
-                .key(request.key())
-                .metadata(request.metadata())
-                .overrideConfiguration(request.overrideConfiguration().orElse(null))
-                .build();
-    }
-
+    
     public String onUploadCreation(PutObjectRequest req) {
         CreateMultipartUploadResponse res =
-                s3EncryptionClient.createMultipartUpload(newCreateMultipartUploadRequest(req));
+                s3EncryptionClient.createMultipartUpload(ConvertSDKRequests.convert(req));
         return this.uploadId = res.uploadId();
     }
 
diff --git a/src/test/java/software/amazon/encryption/s3/internal/ConvertSDKRequestsTest.java b/src/test/java/software/amazon/encryption/s3/internal/ConvertSDKRequestsTest.java
