You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
GetObjectRequest will make a request to s3 and retrieve the object. In this process decryption will be done. The SDK only supports V2 reads of KMS and GCM.
After much trial and error, I finally discovered that the documentation is wrong. I was able to retrieve my encrypted file by using DecryptionClient.GetObject directly.
Edit: of course, right after I posted this issue, I discovered the real problem:
s3req, out := decryptionClient.GetObjectRequest
I had been operating on s3req.HTTPResponse.Body, which is the encrypted file contents. I needed to work with out, which truly represents the GetObjectOutput. Still, I think the docs could have some improvement here. Given how much of the decryption was handled for me, I had expected the response body to be decrypted.
The v1 of the Go SDK has a consistent paradigm with operation names. Each operation has 3 forms: OperationNameRequest ,OperationName and OperationNameWithContext.
Calling the request form of a service operation, which follows the naming pattern OperationNameRequest, provides a simple way to control when a request is built, signed, and sent. Calling the request
form immediately returns a request object. The request object output is a struct pointer that is not valid
until the request is sent and returned successfully.
Calling the request form can be useful when you want to construct a number of pre-signed requests,
such as pre-signed Amazon S3 URLs. You can also use the request form to modify how the SDK sends a
request.
The following example calls the request form of the GetObject method. The Send method signs the
request before sending it.
req, result:=s3Svc.GetObjectRequest(&s3.GetObjectInput{...})
// result is a *s3.GetObjectOutput struct pointer, not populated until req.Send() returns// req is a *aws.Request struct pointer. Used to Send request.iferr:=req.Send(); err!=nil {
// process errorreturn
}
// Process result
So instead of using the request form (GetObjectRequest), you should be using the non-request form GetObject as it returns (out , err) which is the more Golang idiomatic way of programming.
I still see how a documentation update could benefit some use cases, but at this point the team is directing their effort to enhancing the v2 SDK so this documentation issue is unlikely to get prioritized. When the Crypto client will get ported to v2, it won't have this problem since in v2 we don't have the request form at all. Instead we use middleware to hook into the request and response lifecycle.
GetObjectRequest will make a request to s3 and retrieve the object. In this process decryption will be done. The SDK only supports V2 reads of KMS and GCM.
Your explanation makes perfect sense. I just misinterpreted how the response body was coming back.
Comments on closed issues are hard for our team to see.
If you need more assistance, please either tag a team member or open a new issue that references this one.
If you wish to keep having a conversation with other community members under this issue feel free to do so.
Describe the issue
The doc currently says:
After much trial and error, I finally discovered that the documentation is wrong. I was able to retrieve my encrypted file by using
DecryptionClient.GetObject
directly.Edit: of course, right after I posted this issue, I discovered the real problem:
I had been operating on
s3req.HTTPResponse.Body
, which is the encrypted file contents. I needed to work without
, which truly represents theGetObjectOutput
. Still, I think the docs could have some improvement here. Given how much of the decryption was handled for me, I had expected the response body to be decrypted.Links
https://docs.aws.amazon.com/sdk-for-go/api/service/s3/s3crypto/#DecryptionClient.GetObjectRequest
The text was updated successfully, but these errors were encountered: