Fix flex checksum validation cfg

[wty-Bryant]

Operations supporting output checksum validation (e.g. s3.GetObject) would only return checksum if user enable that in request. This PR fixes flex checksum's validation cfg to enable validation by default

It has been tested that getting a s3 object uploaded with checksum will validate checksum from response by default, so there should be no warning like WARN Response has no supported checksum. Not validating response payload.. Sample test code is shown below:

import (
	"bytes"
	"context"
	"io"

	"github.com/aws/aws-sdk-go-v2/aws"
	"github.com/aws/aws-sdk-go-v2/config"
	"github.com/aws/aws-sdk-go-v2/service/s3"
)

func main() {
	cfg, err := config.LoadDefaultConfig(context.Background())
	if err != nil {
		panic(err)
	}

	svc := s3.NewFromConfig(cfg)
	_, err = svc.PutObject(context.Background(), &s3.PutObjectInput{ // should default to crc32
		Bucket: aws.String("your-bucket"),
		Key:    aws.String("sdk-upload-crc32"),
		Body:   bytes.NewReader([]byte("hello")),
	})
	if err != nil {
		panic(err)
	}

	out, err := svc.GetObject(context.Background(), &s3.GetObjectInput{ // should default to crc32
		Bucket: aws.String("your-bucket"),
		Key:    aws.String("sdk-upload-crc32"),
	})
	if err != nil {
		panic(err)
	}
	defer out.Body.Close()
	if _, err := io.Copy(io.Discard, out.Body); err != nil {
		panic(err)
	}
}

[lucix-aws]

Please include sample code that tests this and demonstrates the desired outcome in the PR description.

[Madrigal]

to double check, if an object is uploaded with CRC64, enabling response validation should still succeed and we have a test for it, right?

[Madrigal]

Is this setter something that customers can interact with? If not, I'd just leave it as "Enable request validation mode by default"

[lucix-aws]

to double check, if an object is uploaded with CRC64, enabling response validation should still succeed and we have a test for it, right?

Seconded. In fact, we need integration tests for everything here. Please demonstrate all of the following in integration tests:

• round-tripping an object succeeds and defaults to crc32
• downloading an object that has a crc64 checksum succeeds, and logs skipped-validation warning
  • since we don't support it natively, you can do a crc64 checksum by precomputing one and just attaching it to the PutObject call
• uploading an object with no checksum and then downloading it through the Go SDK succeeds

[lucix-aws]

We may have tests already that cover some of those cases, just point to them it so

[Madrigal]

nit: this is a bit of a misnomer since we don't really calculate anything, but ¯_(ツ)_/¯

[wty-Bryant]

I just got that checksum from previous old manual test :(

[RJKeevil]

Hello @wty-Bryant, this worked perfectly for me for single part gets, but i still get the warnings for multipart gets. With a debugger i can see that the CRC32 header is returned for small files but not for large/multipart files, triggering the warning. I am just using a library that calls _, err = downloader.Download(ctx, writer, input) and cannot see any missing options etc that would enable checksums in multipart, is it possible to add a larger file to your tests to confirm?

[anishsana]

@wty-Bryant This change is causing my application to constantly throw the following warning -

SDK 2025/01/27 20:27:25 WARN Response has no supported checksum. Not validating response payload.
SDK 2025/01/27 20:27:25 WARN Response has no supported checksum. Not validating response payload.
SDK 2025/01/27 20:27:25 WARN Response has no supported checksum. Not validating response payload.
SDK 2025/01/27 20:27:25 WARN Response has no supported checksum. Not validating response payload.
SDK 2025/01/27 20:27:25 WARN Response has no supported checksum. Not validating response payload.

Is there any way to disable this validation to prevent the warning from being thrown?

[RJKeevil]

@anishsana you probably need to set the env var AWS_RESPONSE_CHECKSUM_VALIDATION="WHEN_REQUIRED" in the meantime