-
Notifications
You must be signed in to change notification settings - Fork 14
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
service/s3: presigned PutObject with Tagging set does not add tagging to object in S3 bucket. #782
Comments
Thanks for opening an issue. I agree that the tagging for pre-signed URL is not working correctly. Were you able to get this case to succeed? I made some local code changes to the SDK that has the tagging header on the query string ( |
A url with |
I'll follow up with S3 on this. A work around is that you can provide the header to your Net::HTTP request and it succeeds. Instead of
|
yeah S3 ignores the x-amz-tagging query param, you need to provide it as a header to get the objects tagged correctly, I realized that because I test the same scenario in golang, and the Go-lang SDK is adding the x-amz-tagging values in the Signature calculation header and you need to provide the x-amz-tagging with the same values as a header to work. package main
import (
"context"
"fmt"
"time"
"github.com/aws/aws-sdk-go-v2/aws"
"github.com/aws/aws-sdk-go-v2/credentials"
"github.com/aws/aws-sdk-go-v2/service/s3"
)
func main() {
client := s3.New(options)
name := "bucketname"
fmt.Println("Upload an object to the bucket")
fmt.Println("Create Presign client")
presignClient := s3.NewPresignClient(client)
presignParams := &s3.PutObjectInput{
Bucket: aws.String(name),
Key: aws.String("myfilego.txt"),
Tagging: aws.String("Key1=Value2"),
}
// Apply an expiration via an option function
presignDuration := func(po *s3.PresignOptions) {
po.Expires = 5 * time.Minute
}
presignResult, err := presignClient.PresignPutObject(context.TODO(), presignParams, presignDuration)
if err != nil {
panic("Couldn't get presigned URL for PutObject")
}
fmt.Printf("Presigned URL For object: %s\n", presignResult.URL)
} Result
(I added the header manually, but this works as expected) I agree it's really confusing anyway, thanks I will test the workaround. |
Yes. That's why we have both |
We've created an internal tracking ticket with S3 regarding this. In the mean time, I would rely on sending the header directly instead of hoisting it. The |
Soft update, S3 acknowledges that this is a bug and is working on a fix. |
Moving to cross SDK issue so we can reconcile this with Internal ticket with s3 #V737336920 |
def get_presigned_url(bucket, object_key) the pretext of the coding is still been in the middle of the logged file and concept behaviour security purposes and more of the often file concepts in it. |
Describe the bug
Objects uploaded to S3 with presigned Put Object URL with Tagging parameter set, do not have the tagging metadata. The SDK hoists the x-amz-tagging header to the query string, which is ignored by S3. S3 requires the x-amz-tagging to be a signed header.
Expected Behavior
x-amz-tagging must be a signed header
Current Behavior
Example
Result
Reproduction Steps
The text was updated successfully, but these errors were encountered: