fix: Support all PutObjectRequest fields (#458)

* fix: Support all PutObjectRequest fields

All possible values of a PutObjectRequest need to be supported when enabling multipart put object.

This PR adds support and the S3EC will now fail closed in the case of new options. This is preferred to silently dropping the value.

Author: seebees

src/main/java/software/amazon/encryption/s3/internal/ConvertSDKRequests.java

@@ -0,0 +1,144 @@
+package software.amazon.encryption.s3.internal;
+
+import software.amazon.awssdk.services.s3.model.ChecksumType;
+import software.amazon.awssdk.services.s3.model.CreateMultipartUploadRequest;
+import software.amazon.awssdk.services.s3.model.PutObjectRequest;
+import java.time.Instant;
+import java.util.Map;
+
+public class ConvertSDKRequests {
+
+  public static CreateMultipartUploadRequest convert(PutObjectRequest request) {
+
+    final CreateMultipartUploadRequest.Builder output = CreateMultipartUploadRequest.builder();
+    request
+      .toBuilder()
+      .sdkFields()
+      .forEach(f -> {
+        final Object value = f.getValueOrDefault(request);
+        if (value != null) {
+          switch (f.memberName()) {
+            case "ACL":
+              output.acl((String) value);
+              break;
+            case "Bucket":
+              output.bucket((String) value);
+              break;
+            case "BucketKeyEnabled":
+              output.bucketKeyEnabled((Boolean) value);
+              break;
+            case "CacheControl":
+              output.cacheControl((String) value);
+              break;
+            case "ChecksumAlgorithm":
+              output.checksumAlgorithm((String) value);
+              break;
+            case "ChecksumType":
+              output.checksumType((ChecksumType) value);
+            case "ContentDisposition":
+              assert value instanceof String;
+              output.contentDisposition((String) value);
+              break;
+            case "ContentEncoding":
+              output.contentEncoding((String) value);
+              break;
+            case "ContentLanguage":
+              output.contentLanguage((String) value);
+              break;
+            case "ContentType":
+              output.contentType((String) value);
+              break;
+            case "ExpectedBucketOwner":
+              output.expectedBucketOwner((String) value);
+              break;
+            case "Expires":
+              output.expires((Instant) value);
+              break;
+            case "GrantFullControl":
+              output.grantFullControl((String) value);
+              break;
+            case "GrantRead":
+              output.grantRead((String) value);
+              break;
+            case "GrantReadACP":
+              output.grantReadACP((String) value);
+              break;
+            case "GrantWriteACP":
+              output.grantWriteACP((String) value);
+              break;
+            case "Key":
+              output.key((String) value);
+              break;
+            case "Metadata":
+              // The PutObjectRequest.builder().metadata(value)
+              // only takes Map<String, String> therefore it should not be possible
+              // to get here with anything other than a Map<String, String>
+              // This may be overkill, but this map should be small
+              // so the performance hit to verify this is worth the correctness.
+              if (!isStringStringMap(value)) {
+                throw new IllegalArgumentException("Metadata must be a Map<String, String>");
+              }
+              @SuppressWarnings("unchecked")
+              Map<String, String> metadata = (Map<String, String>) value;
+              output.metadata(metadata);
+              break;
+            case "ObjectLockLegalHoldStatus":
+              output.objectLockLegalHoldStatus((String) value);
+              break;
+            case "ObjectLockMode":
+              output.objectLockMode((String) value);
+              break;
+            case "ObjectLockRetainUntilDate":
+              output.objectLockRetainUntilDate((Instant) value);
+              break;
+            case "RequestPayer":
+              output.requestPayer((String) value);
+              break;
+            case "ServerSideEncryption":
+              output.serverSideEncryption((String) value);
+              break;
+            case "SSECustomerAlgorithm":
+              output.sseCustomerAlgorithm((String) value);
+              break;
+            case "SSECustomerKey":
+              output.sseCustomerKey((String) value);
+              break;
+            case "SSEKMSEncryptionContext":
+              output.ssekmsEncryptionContext((String) value);
+              break;
+            case "SSEKMSKeyId":
+              output.ssekmsKeyId((String) value);
+              break;
+            case "StorageClass":
+              output.storageClass((String) value);
+              break;
+            case "Tagging":
+              output.tagging((String) value);
+              break;
+            case "WebsiteRedirectLocation":
+              output.websiteRedirectLocation((String) value);
+              break;
+            default:
+              // Rather than silently dropping the value,
+              // we loudly signal that we don't know how to handle this field.
+              throw new IllegalArgumentException("Unknown PutObjectRequest field " + f.locationName() + ".");
+          }
+        }
+      });
+    return output
+      // OverrideConfiguration is not as SDKField but still needs to be supported
+      .overrideConfiguration(request.overrideConfiguration().orElse(null))
+      .build();
+  }
+
+  private static boolean isStringStringMap(Object value) {
+    if (!(value instanceof Map)) {
+      return false;
+    }
+    Map<?, ?> map = (Map<?, ?>) value;
+    return map.entrySet().stream()
+      .allMatch(entry -> entry != null
+        && ((Map.Entry<?, ?>) entry).getKey() instanceof String
+        && ((Map.Entry<?, ?>) entry).getValue() instanceof String);
+  }
+}

src/main/java/software/amazon/encryption/s3/internal/UploadObjectObserver.java

@@ -7,7 +7,6 @@
 import software.amazon.awssdk.services.s3.S3AsyncClient;
 import software.amazon.awssdk.services.s3.model.CompleteMultipartUploadResponse;
 import software.amazon.awssdk.services.s3.model.CompletedPart;
-import software.amazon.awssdk.services.s3.model.CreateMultipartUploadRequest;
 import software.amazon.awssdk.services.s3.model.CreateMultipartUploadResponse;
 import software.amazon.awssdk.services.s3.model.PutObjectRequest;
 import software.amazon.awssdk.services.s3.model.SdkPartType;
@@ -42,20 +41,10 @@ public UploadObjectObserver init(PutObjectRequest req,
         this.es = es;
         return this;
     }
-
-    protected CreateMultipartUploadRequest newCreateMultipartUploadRequest(
-            PutObjectRequest request) {
-        return CreateMultipartUploadRequest.builder()
-                .bucket(request.bucket())
-                .key(request.key())
-                .metadata(request.metadata())
-                .overrideConfiguration(request.overrideConfiguration().orElse(null))
-                .build();
-    }
-
+    
     public String onUploadCreation(PutObjectRequest req) {
         CreateMultipartUploadResponse res =
-                s3EncryptionClient.createMultipartUpload(newCreateMultipartUploadRequest(req));
+                s3EncryptionClient.createMultipartUpload(ConvertSDKRequests.convert(req));
         return this.uploadId = res.uploadId();
     }
 

src/test/java/software/amazon/encryption/s3/S3EncryptionClientMultipartUploadTest.java

@@ -20,6 +20,7 @@
 import software.amazon.awssdk.services.s3.model.SdkPartType;
 import software.amazon.awssdk.services.s3.model.UploadPartRequest;
 import software.amazon.awssdk.services.s3.model.UploadPartResponse;
+import software.amazon.awssdk.services.s3.model.StorageClass;
 import software.amazon.awssdk.utils.IoUtils;
 import software.amazon.encryption.s3.utils.BoundedInputStream;
 
@@ -522,4 +523,43 @@ public void multipartUploadV3OutputStreamPartSizeMismatch() throws IOException {
         v3Client.close();
     }
 
+    @Test
+    public void multipartPutObjectWithOptions() throws IOException {
+        final String objectKey = appendTestSuffix("multipart-put-object-with-options");
+
+        final long fileSizeLimit = 1024 * 1024 * 10;
+        final InputStream inputStream = new BoundedInputStream(fileSizeLimit);
+        final InputStream objectStreamForResult = new BoundedInputStream(fileSizeLimit);
+
+        final S3Client v3Client = S3EncryptionClient.builder()
+          .kmsKeyId(KMS_KEY_ID)
+          .enableMultipartPutObject(true)
+          .enableDelayedAuthenticationMode(true)
+          .cryptoProvider(PROVIDER)
+          .build();
+
+        final Map<String, String> encryptionContext = new HashMap<>();
+        encryptionContext.put("user-metadata-key", "user-metadata-value-v3-to-v3");
+
+        final StorageClass storageClass = StorageClass.INTELLIGENT_TIERING;
+
+        v3Client.putObject(builder -> builder
+          .bucket(BUCKET)
+          .overrideConfiguration(withAdditionalConfiguration(encryptionContext))
+          .storageClass(storageClass)
+          .key(objectKey), RequestBody.fromInputStream(inputStream, fileSizeLimit));
+
+        // Asserts
+        final ResponseInputStream<GetObjectResponse> output = v3Client.getObject(builder -> builder
+          .bucket(BUCKET)
+          .overrideConfiguration(S3EncryptionClient.withAdditionalConfiguration(encryptionContext))
+          .key(objectKey));
+
+        assertTrue(IOUtils.contentEquals(objectStreamForResult, output));
+        assertEquals(storageClass, output.response().storageClass());
+
+        v3Client.deleteObject(builder -> builder.bucket(BUCKET).key(objectKey));
+        v3Client.close();
+    }
+
 }