Skip to content

validate individual part ranges/size in upload/download #3202

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 4 commits into
base: main
Choose a base branch
from
Open

validate individual part ranges/size in upload/download #3202

wants to merge 4 commits into from

Conversation

lucix-aws
Copy link
Contributor

@lucix-aws lucix-aws commented Oct 7, 2025
edited
Loading

Adds new SEP-specified durability checks to the existing transfer manager:

  • Uploads will now verify that we actually send the number of parts we expected.
  • Downloads will verify that S3 returns the correct range per part.

I have also elected to add a disable switch for these, since this is technically a behavioral break and there is a possibility that folks out there might actually be hitting these failure points without realizing. I'll add a pinned announcement issue to highlight this change when we ship it.

These changes are effectively verified by the existing unit/integration tests passing.

@lucix-aws lucix-aws requested a review from a team as a code owner October 7, 2025 22:42
@lucix-aws lucix-aws marked this pull request as draft October 7, 2025 22:42
Madrigal
Madrigal reviewed Oct 8, 2025
View reviewed changes
feature/s3/manager/upload.go Outdated

u.expectParts = u.totalSize / u.cfg.PartSize
if u.totalSize%u.cfg.PartSize != 0 {
u.expectParts += 1
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

chill linter, that's like, your opinion

@lucix-aws lucix-aws marked this pull request as ready for review October 8, 2025 20:20
@lucix-aws lucix-aws requested a review from Madrigal October 8, 2025 20:25
wty-Bryant
wty-Bryant reviewed Oct 8, 2025
View reviewed changes
feature/s3/manager/download.go
return 0, err
}

if !d.cfg.DisableValidateParts && params.Range != nil && resp.ContentRange != nil {
Copy link
Contributor

@wty-Bryant wty-Bryant Oct 8, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: IIRC params.Range will always be set at old line 361 in downloadChunk

@Madrigal
Copy link
Contributor

Madrigal commented Oct 8, 2025

change seems fine, but should we add some tests for it?

who tests the validators? who watches the watchmen?

@lucix-aws
Copy link
Contributor Author

change seems fine, but should we add some tests for it?

who tests the validators? who watches the watchmen?

It basically seemed to me like the existing unit tests all do cover it, since the new logic is now running for all of them.

@Madrigal
Copy link
Contributor

Madrigal commented Oct 8, 2025
edited
Loading

change seems fine, but should we add some tests for it?
who tests the validators? who watches the watchmen?

It basically seemed to me like the existing unit tests all do cover it, since the new logic is now running for all of them.

I'm not sure how hard it is to mock a case where we get a different number of parts and I'll be fine if that's a medium/hard thing to do, but we're adding the TrustMeBroThePartsAreCorrect flag that we were definitely not testing before

wty-Bryant
wty-Bryant reviewed Oct 8, 2025
View reviewed changes
feature/s3/manager/download.go Outdated
return false // we don't know, one of the ranges was missing or unparseable
}

return expectStart != actualStart && expectEnd != actualEnd
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Shouldn't it be "||" here? Either start or end bytes mismatch should return true

@lucix-aws
Copy link
Contributor Author

change seems fine, but should we add some tests for it?

who tests the validators? who watches the watchmen?

It basically seemed to me like the existing unit tests all do cover it, since the new logic is now running for all of them.

I'm not sure how hard it is to mock a case where we get a different number of parts and I'll be fine if that's a medium/hard thing to do, but we're adding the TrustMeBroThePartsAreCorrect flag that we were definitely not testing before

Well evidently based on Tianyi's last comment, we do absolutely need a positive test for this, so I'll need to figure it out.

@lucix-aws lucix-aws requested a review from wty-Bryant October 10, 2025 19:09
Madrigal
Madrigal reviewed Oct 10, 2025
View reviewed changes
feature/s3/manager/validate_parts_test.go
c, _, _ := newDownloadBadRangeClient(buf12MB)

d := manager.NewDownloader(c, func(d *manager.Downloader) {
d.Concurrency = 1
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

can we add a test when we useDisableValidateParts and ensure this does not fail?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yes

wty-Bryant
wty-Bryant reviewed Oct 10, 2025
View reviewed changes
feature/s3/manager/download.go
// for the final chunk (or the first chunk if it's smaller) we still
// request a full chunk but we get back the actual final part of the
// object, which will be smaller
if expectStart == actualStart && actualEnd < expectEnd {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nice capture

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Madrigal Madrigal Madrigal approved these changes

@wty-Bryant wty-Bryant wty-Bryant approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@lucix-aws @Madrigal @wty-Bryant