Backport of s3: fix S3 Object Lock header issue for lock file writes into v1.10 #36146
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
github-actions
bot
force-pushed
the
backport/b/s3-object-lock-file/firmly-curious-yak
branch
from
2700ddf to
4498299
Compare
Because the S3 backend has only diverged from main with the commits to address lockfile header issues with lock enabled buckets, this commit simply copies the existing state of the `internal/backend/remote-state/s3` subfolder onto the `v1.10` branch.
bschaatsbergen
previously approved these changes
Dec 2, 2024
jar-b
approved these changes
Dec 2, 2024
|
Reminder for the merging maintainer: if this is a user-visible change, please update the changelog on the appropriate release branch. |
|
I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active contributions. |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Backport
This PR is auto-generated from #36120 to be assessed for backporting due to the inclusion of the label 1.10-backport.
🚨
The person who merged in the original PR is:
@jar-b
This person should manually cherry-pick the original PR into a new backport PR,
and close this one when the manual backport PR is merged in.
The below text is copied from the body of the original PR.
Fixes #36113
When S3 Object Lock is enabled on a bucket with a retention period, Amazon S3 requires the
Content-MD5orx-amz-sdk-checksum-algorithmheader to be present in object uploads (PutObject). See Uploading objects to an Object Lock enabled bucket.It seems we overlooked maintaining the default behavior of the
skip_checksumflag for the lock file when writing to S3 Object Lock-enabled buckets.To clarify the default behavior of
skip_checksum: by default, if this argument is not set in the backend, we set the S3 checksum algorithm behavior toSHA256. This causes the underlying S3 AWS SDK V2 serializers to automatically append that requiredx-amz-sdk-checksum-algorithmheader. For more details, see the relevant code in the AWS SDK v2 serializers.This PR updates the lock file implementation to use the same "uploader" that we rely on for writing Terraform state to S3, and preserving the default
skip_checksumbehavior for the lock file. To ensure a consistent and compatible experience with S3 Object Lock-enabled buckets between the two mechanisms writing data to S3.Overview of commits
b667207
4766667
de09b08
701e02c
7b73b16
9db9647
86ca532