diff --git a/Dockerfile b/Dockerfile index 8bb89632..067d49f3 100644 --- a/Dockerfile +++ b/Dockerfile @@ -39,7 +39,6 @@ ARG SEMVER_TESTING_ACCESS_KEY_ID ARG SEMVER_TESTING_SECRET_ACCESS_KEY ARG SEMVER_TESTING_BUCKET ARG SEMVER_TESTING_REGION -ARG SEMVER_TESTING_V2_SIGNING COPY --from=builder /tests /go-tests WORKDIR /go-tests RUN set -e; for test in /go-tests/*.test; do \ diff --git a/README.md b/README.md index 9d934fd3..986785c6 100644 --- a/README.md +++ b/README.md @@ -79,6 +79,18 @@ the bucket. * `server_side_encryption`: *Optional.* The server-side encryption algorithm used when storing the version object (e.g. `AES256`, `aws:kms`, `aws:kms:dsse`). +* `skip_s3_checksums`: *Optional.* Disables automatic checksum validation + for S3 operations. The AWS SDK v2 enables checksum validation by default, + which may not be supported by all S3-compatible providers. When set to + `true`, checksums are only calculated and validated when explicitly + required by the S3 API. Defaults to `false` (automatic checksums enabled). + +* `checksum_algorithm`: *Optional.* Specifies the checksum algorithm to use + when uploading objects to S3. Valid values are `CRC32`, `CRC32C`, `SHA1`, + `SHA256`, or `CRC64NVME`. If not specified, S3 will use its default algorithm. + This setting is ignored if `skip_s3_checksums` is set to `true`. Note that + not all S3-compatible providers support all algorithms. + The following IAM permissions are required with a resource ARN like `"arn:aws:s3:::BUCKET_NAME/*"`. You could use the exact key instead of `/*` if you wish: diff --git a/check/check_suite_test.go b/check/check_suite_test.go index c18100f1..7f1d0492 100644 --- a/check/check_suite_test.go +++ b/check/check_suite_test.go @@ -15,7 +15,6 @@ var accessKeyID = os.Getenv("SEMVER_TESTING_ACCESS_KEY_ID") var secretAccessKey = os.Getenv("SEMVER_TESTING_SECRET_ACCESS_KEY") var bucketName = os.Getenv("SEMVER_TESTING_BUCKET") var regionName = os.Getenv("SEMVER_TESTING_REGION") -var v2signing = os.Getenv("SEMVER_TESTING_V2_SIGNING") == "true" var _ = BeforeSuite(func() { var err error diff --git a/check/check_test.go b/check/check_test.go index 9678c69a..0396953e 100644 --- a/check/check_test.go +++ b/check/check_test.go @@ -73,7 +73,6 @@ var _ = Describe("Check", func() { AccessKeyID: accessKeyID, SecretAccessKey: secretAccessKey, RegionName: regionName, - UseV2Signing: v2signing, }, } diff --git a/driver/driver.go b/driver/driver.go index 6fc0d725..8efd492d 100644 --- a/driver/driver.go +++ b/driver/driver.go @@ -12,6 +12,7 @@ import ( "github.com/aws/aws-sdk-go-v2/credentials" "github.com/aws/aws-sdk-go-v2/credentials/stscreds" "github.com/aws/aws-sdk-go-v2/service/s3" + "github.com/aws/aws-sdk-go-v2/service/s3/types" "github.com/aws/aws-sdk-go-v2/service/sts" "github.com/blang/semver" "github.com/concourse/semver-resource/models" @@ -96,6 +97,13 @@ func FromSource(source models.Source) (Driver, error) { }, } + if source.SkipS3Checksums { + s3Opts = append(s3Opts, func(o *s3.Options) { + o.RequestChecksumCalculation = aws.RequestChecksumCalculationWhenRequired + o.ResponseChecksumValidation = aws.ResponseChecksumValidationWhenRequired + }) + } + if source.Endpoint != "" { endpoint := source.Endpoint u, err := url.Parse(source.Endpoint) @@ -118,6 +126,11 @@ func FromSource(source models.Source) (Driver, error) { s3Client := s3.NewFromConfig(cfg, s3Opts...) + var checksumAlgorithm types.ChecksumAlgorithm + if source.ChecksumAlgorithm != "" && !source.SkipS3Checksums { + checksumAlgorithm = types.ChecksumAlgorithm(source.ChecksumAlgorithm) + } + return &S3Driver{ InitialVersion: initialVersion, @@ -125,6 +138,7 @@ func FromSource(source models.Source) (Driver, error) { BucketName: source.Bucket, Key: source.Key, ServerSideEncryption: source.ServerSideEncryption, + ChecksumAlgorithm: checksumAlgorithm, }, nil case models.DriverGit: diff --git a/driver/s3.go b/driver/s3.go index 2525d278..8fa6a2b7 100644 --- a/driver/s3.go +++ b/driver/s3.go @@ -27,6 +27,7 @@ type S3Driver struct { BucketName string Key string ServerSideEncryption string + ChecksumAlgorithm types.ChecksumAlgorithm } func (driver *S3Driver) Bump(bump version.Bump) (semver.Version, error) { @@ -80,6 +81,10 @@ func (driver *S3Driver) Set(newVersion semver.Version) error { params.ServerSideEncryption = types.ServerSideEncryption(driver.ServerSideEncryption) } + if len(driver.ChecksumAlgorithm) > 0 { + params.ChecksumAlgorithm = driver.ChecksumAlgorithm + } + _, err := driver.Svc.PutObject(context.TODO(), params) return err } diff --git a/in/in_suite_test.go b/in/in_suite_test.go index 212e3a6a..0c2f42ae 100644 --- a/in/in_suite_test.go +++ b/in/in_suite_test.go @@ -15,7 +15,6 @@ var accessKeyID = os.Getenv("SEMVER_TESTING_ACCESS_KEY_ID") var secretAccessKey = os.Getenv("SEMVER_TESTING_SECRET_ACCESS_KEY") var bucketName = os.Getenv("SEMVER_TESTING_BUCKET") var regionName = os.Getenv("SEMVER_TESTING_REGION") -var v2signing = os.Getenv("SEMVER_TESTING_V2_SIGNING") == "true" var _ = BeforeSuite(func() { var err error diff --git a/in/in_test.go b/in/in_test.go index 73bde383..5fddbd88 100644 --- a/in/in_test.go +++ b/in/in_test.go @@ -76,7 +76,6 @@ var _ = Describe("In", func() { AccessKeyID: accessKeyID, SecretAccessKey: secretAccessKey, RegionName: regionName, - UseV2Signing: v2signing, }, Params: models.InParams{}, } diff --git a/models/models.go b/models/models.go index b130fe25..eb4e77bb 100644 --- a/models/models.go +++ b/models/models.go @@ -69,7 +69,8 @@ type Source struct { DisableSSL bool `json:"disable_ssl"` SkipSSLVerification bool `json:"skip_ssl_verification"` ServerSideEncryption string `json:"server_side_encryption"` - UseV2Signing bool `json:"use_v2_signing"` + SkipS3Checksums bool `json:"skip_s3_checksums"` + ChecksumAlgorithm string `json:"checksum_algorithm"` URI string `json:"uri"` Branch string `json:"branch"` diff --git a/out/out_test.go b/out/out_test.go index 78a76b1c..b87eac01 100644 --- a/out/out_test.go +++ b/out/out_test.go @@ -73,7 +73,6 @@ var _ = Describe("Out", func() { AccessKeyID: accessKeyID, SecretAccessKey: secretAccessKey, RegionName: regionName, - UseV2Signing: v2signing, }, Params: models.OutParams{}, }