fix: unwrap CompletionException in default client, rethrow as S3Encry… (#162)

kessplas · web-flow · commit 1a00d3e9046c · 2023-05-30T15:39:03.000-07:00
* fix: unwrap CompletionException in default client, rethrow as S3EncryptionClientException
diff --git a/src/main/java/software/amazon/encryption/s3/S3EncryptionClient.java b/src/main/java/software/amazon/encryption/s3/S3EncryptionClient.java
@@ -187,8 +187,15 @@ public PutObjectResponse putObject(PutObjectRequest putObjectRequest, RequestBod
                 .secureRandom(_secureRandom)
                 .build();
 
-        CompletableFuture<PutObjectResponse> futurePut = pipeline.putObject(putObjectRequest, AsyncRequestBody.fromInputStream(requestBody.contentStreamProvider().newStream(), requestBody.optionalContentLength().orElse(-1L), Executors.newSingleThreadExecutor()));
-        return futurePut.join();
+        try {
+            CompletableFuture<PutObjectResponse> futurePut = pipeline.putObject(putObjectRequest, AsyncRequestBody.fromInputStream(requestBody.contentStreamProvider().newStream(), requestBody.optionalContentLength().orElse(-1L), Executors.newSingleThreadExecutor()));
+            return futurePut.join();
+        } catch (CompletionException completionException) {
+            throw new S3EncryptionClientException(completionException.getMessage(), completionException.getCause());
+        } catch (Exception exception) {
+            throw new S3EncryptionClientException(exception.getMessage(), exception);
+        }
+
     }
 
     /**
@@ -311,7 +318,7 @@ private CompleteMultipartUploadResponse multipartPutObject(PutObjectRequest requ
 
     private <T extends Throwable> T onAbort(UploadObjectObserver observer, T t) {
         observer.onAbort();
-        return t;
+        throw new S3EncryptionClientException(t.getMessage(), t);
     }
 
     /**
@@ -329,15 +336,23 @@ public DeleteObjectResponse deleteObject(DeleteObjectRequest deleteObjectRequest
         DeleteObjectRequest actualRequest = deleteObjectRequest.toBuilder()
                 .overrideConfiguration(API_NAME_INTERCEPTOR)
                 .build();
-        // Delete the object
-        DeleteObjectResponse deleteObjectResponse = _wrappedAsyncClient.deleteObject(actualRequest).join();
-        // If Instruction file exists, delete the instruction file as well.
-        String instructionObjectKey = deleteObjectRequest.key() + INSTRUCTION_FILE_SUFFIX;
-        _wrappedAsyncClient.deleteObject(builder -> builder
-                .overrideConfiguration(API_NAME_INTERCEPTOR)
-                .bucket(deleteObjectRequest.bucket())
-                .key(instructionObjectKey)).join();
-        return deleteObjectResponse;
+
+        try {
+            // Delete the object
+            DeleteObjectResponse deleteObjectResponse = _wrappedAsyncClient.deleteObject(actualRequest).join();
+            // If Instruction file exists, delete the instruction file as well.
+            String instructionObjectKey = deleteObjectRequest.key() + INSTRUCTION_FILE_SUFFIX;
+            _wrappedAsyncClient.deleteObject(builder -> builder
+                    .overrideConfiguration(API_NAME_INTERCEPTOR)
+                    .bucket(deleteObjectRequest.bucket())
+                    .key(instructionObjectKey)).join();
+            // Return original deletion
+            return deleteObjectResponse;
+        } catch (CompletionException e) {
+            throw new S3EncryptionClientException(e.getCause().getMessage(), e.getCause());
+        } catch (Exception e) {
+            throw new S3EncryptionClientException("Unable to delete object.", e);
+        }
     }
 
     /**
@@ -355,16 +370,22 @@ public DeleteObjectsResponse deleteObjects(DeleteObjectsRequest deleteObjectsReq
         DeleteObjectsRequest actualRequest = deleteObjectsRequest.toBuilder()
                 .overrideConfiguration(API_NAME_INTERCEPTOR)
                 .build();
-        // Delete the objects
-        DeleteObjectsResponse deleteObjectsResponse = _wrappedAsyncClient.deleteObjects(actualRequest).join();
-        // If Instruction files exists, delete the instruction files as well.
-        List<ObjectIdentifier> deleteObjects = instructionFileKeysToDelete(deleteObjectsRequest);
-        _wrappedAsyncClient.deleteObjects(DeleteObjectsRequest.builder()
-                .overrideConfiguration(API_NAME_INTERCEPTOR)
-                .bucket(deleteObjectsRequest.bucket())
-                .delete(builder -> builder.objects(deleteObjects))
-                .build()).join();
-        return deleteObjectsResponse;
+        try {
+            // Delete the objects
+            DeleteObjectsResponse deleteObjectsResponse = _wrappedAsyncClient.deleteObjects(actualRequest).join();
+            // If Instruction files exists, delete the instruction files as well.
+            List<ObjectIdentifier> deleteObjects = instructionFileKeysToDelete(deleteObjectsRequest);
+            _wrappedAsyncClient.deleteObjects(DeleteObjectsRequest.builder()
+                    .overrideConfiguration(API_NAME_INTERCEPTOR)
+                    .bucket(deleteObjectsRequest.bucket())
+                    .delete(builder -> builder.objects(deleteObjects))
+                    .build()).join();
+            return deleteObjectsResponse;
+        } catch (CompletionException e) {
+            throw new S3EncryptionClientException(e.getCause().getMessage(), e.getCause());
+        } catch (Exception e) {
+            throw new S3EncryptionClientException("Unable to delete objects.", e);
+        }
     }
 
     /**
@@ -379,7 +400,13 @@ public DeleteObjectsResponse deleteObjects(DeleteObjectsRequest deleteObjectsReq
      */
     @Override
     public CreateMultipartUploadResponse createMultipartUpload(CreateMultipartUploadRequest request) {
-        return _multipartPipeline.createMultipartUpload(request);
+        try {
+            return _multipartPipeline.createMultipartUpload(request);
+        } catch (CompletionException e) {
+            throw new S3EncryptionClientException(e.getCause().getMessage(), e.getCause());
+        } catch (Exception e) {
+            throw new S3EncryptionClientException("Unable to create Multipart upload.", e);
+        }
     }
 
     /**
@@ -396,7 +423,13 @@ public CreateMultipartUploadResponse createMultipartUpload(CreateMultipartUpload
     @Override
     public UploadPartResponse uploadPart(UploadPartRequest request, RequestBody requestBody)
             throws AwsServiceException, SdkClientException {
-        return _multipartPipeline.uploadPart(request, requestBody);
+        try {
+            return _multipartPipeline.uploadPart(request, requestBody);
+        } catch (CompletionException e) {
+            throw new S3EncryptionClientException(e.getCause().getMessage(), e.getCause());
+        } catch (Exception e) {
+            throw new S3EncryptionClientException("Unable to upload part.", e);
+        }
     }
 
     /**
@@ -407,7 +440,13 @@ public UploadPartResponse uploadPart(UploadPartRequest request, RequestBody requ
     @Override
     public CompleteMultipartUploadResponse completeMultipartUpload(CompleteMultipartUploadRequest request)
             throws AwsServiceException, SdkClientException {
-        return _multipartPipeline.completeMultipartUpload(request);
+        try {
+            return _multipartPipeline.completeMultipartUpload(request);
+        } catch (CompletionException e) {
+            throw new S3EncryptionClientException(e.getCause().getMessage(), e.getCause());
+        } catch (Exception e) {
+            throw new S3EncryptionClientException("Unable to complete Multipart upload.", e);
+        }
     }
 
     /**
diff --git a/src/test/java/software/amazon/encryption/s3/S3EncryptionClientTest.java b/src/test/java/software/amazon/encryption/s3/S3EncryptionClientTest.java
@@ -17,13 +17,17 @@
 import software.amazon.awssdk.core.sync.RequestBody;
 import software.amazon.awssdk.services.s3.S3AsyncClient;
 import software.amazon.awssdk.services.s3.S3Client;
+import software.amazon.awssdk.services.s3.model.CreateMultipartUploadResponse;
 import software.amazon.awssdk.services.s3.model.GetObjectResponse;
+import software.amazon.awssdk.services.s3.model.NoSuchBucketException;
+import software.amazon.awssdk.services.s3.model.NoSuchKeyException;
 import software.amazon.awssdk.services.s3.model.ObjectIdentifier;
 import software.amazon.awssdk.services.s3.model.PutObjectRequest;
 import software.amazon.awssdk.services.s3.model.S3Exception;
 import software.amazon.encryption.s3.materials.CryptographicMaterialsManager;
 import software.amazon.encryption.s3.materials.DefaultCryptoMaterialsManager;
 import software.amazon.encryption.s3.materials.KmsKeyring;
+import software.amazon.encryption.s3.utils.BoundedInputStream;
 
 import javax.crypto.KeyGenerator;
 import javax.crypto.SecretKey;
@@ -41,6 +45,8 @@
 import static org.junit.jupiter.api.Assertions.assertDoesNotThrow;
 import static org.junit.jupiter.api.Assertions.assertEquals;
 import static org.junit.jupiter.api.Assertions.assertThrows;
+import static org.junit.jupiter.api.Assertions.assertTrue;
+import static org.junit.jupiter.api.Assertions.fail;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.never;
@@ -208,6 +214,65 @@ public void deleteObjectWithWrongObjectKeySuccess() {
         v3Client.close();
     }
 
+    @Test
+    public void deleteObjectWithWrongBucketFailure() {
+        // V3 Client
+        S3Client v3Client = S3EncryptionClient.builder()
+                .aesKey(AES_KEY)
+                .build();
+        try {
+            v3Client.deleteObject(builder -> builder.bucket("NotMyBukkit").key("InvalidKey"));
+        } catch (S3EncryptionClientException exception) {
+            // Verify inner exception
+            assertTrue(exception.getCause() instanceof NoSuchBucketException);
+        }
+
+        v3Client.close();
+    }
+
+    @Test
+    public void deleteObjectsWithWrongBucketFailure() {
+        // V3 Client
+        S3Client v3Client = S3EncryptionClient.builder()
+                .aesKey(AES_KEY)
+                .build();
+        List<ObjectIdentifier> objects = new ArrayList<>();
+        objects.add(ObjectIdentifier.builder().key("InvalidKey").build());
+        try {
+            v3Client.deleteObjects(builder -> builder.bucket("NotMyBukkit").delete(builder1 -> builder1.objects(objects)));
+        } catch (S3EncryptionClientException exception) {
+            // Verify inner exception
+            assertTrue(exception.getCause() instanceof NoSuchBucketException);
+        }
+        v3Client.close();
+    }
+
+    @Test
+    public void getNonExistentObject() {
+        final String objectKey = appendTestSuffix("this-is-not-an-object-key");
+        S3Client v3Client = S3EncryptionClient.builder()
+                .kmsKeyId(KMS_KEY_ALIAS)
+                .build();
+
+        // Ensure the object does not exist
+        deleteObject(BUCKET, objectKey, v3Client);
+
+        try {
+            v3Client.getObjectAsBytes(builder -> builder
+                    .bucket(BUCKET)
+                    .key(objectKey)
+                    .build());
+        } catch (S3EncryptionClientException exception) {
+            // Depending on the permissions of the calling principal,
+            // this could be NoSuchKeyException
+            // or S3Exception (access denied)
+            assertTrue(exception.getCause() instanceof S3Exception);
+        }
+
+        // Cleanup
+        v3Client.close();
+    }
+
     @Test
     public void s3EncryptionClientWithMultipleKeyringsFails() {
         assertThrows(S3EncryptionClientException.class, () -> S3EncryptionClient.builder()
@@ -544,6 +609,65 @@ public void attemptToDecryptPlaintext() {
         v3Client.close();
     }
 
+    @Test
+    public void createMultipartUploadFailure() {
+        // V3 Client
+        S3Client v3Client = S3EncryptionClient.builder()
+                .aesKey(AES_KEY)
+                .build();
+        try {
+            v3Client.createMultipartUpload(builder -> builder.bucket("NotMyBukkit").key("InvalidKey").build());
+        } catch (S3EncryptionClientException exception) {
+            // Verify inner exception
+            assertTrue(exception.getCause() instanceof NoSuchBucketException);
+        }
+
+        v3Client.close();
+    }
+
+    @Test
+    public void uploadPartFailure() {
+        final String objectKey = appendTestSuffix("upload-part-failure");
+        // V3 Client
+        S3Client v3Client = S3EncryptionClient.builder()
+                .aesKey(AES_KEY)
+                .build();
+
+        // To get a server-side failure from uploadPart,
+        // a valid MPU request must be created
+        CreateMultipartUploadResponse initiateResult = v3Client.createMultipartUpload(builder ->
+                builder.bucket(BUCKET).key(objectKey));
+
+        try {
+            v3Client.uploadPart(builder -> builder.partNumber(1).bucket("NotMyBukkit").key("InvalidKey").uploadId(initiateResult.uploadId()).build(),
+                    RequestBody.fromInputStream(new BoundedInputStream(16), 16));
+        } catch (S3EncryptionClientException exception) {
+            // Verify inner exception
+            assertTrue(exception.getCause() instanceof NoSuchBucketException);
+        }
+
+        // MPU was not completed, but delete to be safe
+        deleteObject(BUCKET, objectKey, v3Client);
+        v3Client.close();
+    }
+
+
+    @Test
+    public void completeMultipartUploadFailure() {
+        // V3 Client
+        S3Client v3Client = S3EncryptionClient.builder()
+                .aesKey(AES_KEY)
+                .build();
+        try {
+            v3Client.completeMultipartUpload(builder -> builder.bucket("NotMyBukkit").key("InvalidKey").uploadId("Invalid").build());
+        } catch (S3EncryptionClientException exception) {
+            // Verify inner exception
+            assertTrue(exception.getCause() instanceof NoSuchBucketException);
+        }
+
+        v3Client.close();
+    }
+
     /**
      * A simple, reusable round-trip (encryption + decryption) using a given
      * S3Client. Useful for testing client configuration.
