amazon-s3-encryption-client-java
amazon-s3-encryption-client-java copied to clipboard
aws
S3 Encryption client does throw an error for ranges greater than EOF
Problem:
I created a 64KB (65536 bytes) with S3Encryption client, and then did
S3Client s3Client = S3Client.builder().region(Region.EU_WEST_1).build();
S3Client s3ECClient = S3EncryptionClient.builder()
.kmsKeyId("xxx")
.wrappedClient(s3Client)
.wrappedAsyncClient(S3AsyncClient.builder().region(Region.EU_WEST_1).build())
.enableLegacyUnauthenticatedModes(true)
.build();
ResponseInputStream<GetObjectResponse> inputStream = s3ECClient.getObject(GetObjectRequest.builder()
.bucket("xxxx")
.key("xxxx")
.range("bytes=65536-65635").build());
So end of range 65635 is greater than EOF at 65536. And no error was thrown.
Creating a file with a regular S3 client and then doing
ResponseInputStream<GetObjectResponse> inputStream = s3Client.getObject(GetObjectRequest.builder()
.bucket("xxx")
.key("xxxx")
.range("bytes=65536-65635").build());
throws software.amazon.awssdk.services.s3.model.S3Exception: The requested range is not satisfiable (Service: S3, Status Code: 416, Request ID: which is what we expect to be thrown in S3A.
Solution:
S3 Encryption client should also throw a 416 range not satisfiable error.
Hello Ahmar,
I was able to reproduce this. The issue here is that when we implemented ranged gets in S3EC v3, we decided to maintain compatibility with the S3EC v1/v2 clients. In v1/v2 this form of range returns an empty object. Since this is a deliberate design decision, it would be a breaking change to modify the behavior at this point. Do you need SDK v2-style ranged get behavior specifically? If so, we would need to add it as a new feature i.e. with a configuration option to enable the behavior. Thanks!
@justplaz - Yes it would be great to add that to make sure downstream application doesn't break when using normal S3 client and encrypted S3 client.
