Skip to content

fix(aws): silence aws-sdk-go-v2 "no supported checksum" warnings on s…#343

Open
universe-ops wants to merge 1 commit into
mainfrom
fix/output-noise
Open

fix(aws): silence aws-sdk-go-v2 "no supported checksum" warnings on s…#343
universe-ops wants to merge 1 commit into
mainfrom
fix/output-noise

Conversation

@universe-ops

Copy link
Copy Markdown
Contributor

aws-sdk-go-v2 (v1.42.0) defaults ResponseChecksumValidation to "when_supported", so the DIY backend's in-process s3blob client tries to validate a checksum on every S3 GET. Pulumi state objects stored without a checksum (all pre-existing state) make the SDK emit a noisy "Response has no supported checksum. Not validating response payload" WARN per object.

Force "when_required" for both request calculation and response validation in the AWS state-store init (alongside the creds we already inject there, before diy.Login opens the bucket). config.LoadDefaultConfig honors these env vars, so checksums are only touched when an operation requires them — no behavior change, just silence. Mirrors the GCS compatibility settings in gcp/bucket.go.

…tate reads

aws-sdk-go-v2 (v1.42.0) defaults ResponseChecksumValidation to "when_supported",
so the DIY backend's in-process s3blob client tries to validate a checksum on every
S3 GET. Pulumi state objects stored without a checksum (all pre-existing state) make
the SDK emit a noisy "Response has no supported checksum. Not validating response
payload" WARN per object.

Force "when_required" for both request calculation and response validation in the AWS
state-store init (alongside the creds we already inject there, before diy.Login opens
the bucket). config.LoadDefaultConfig honors these env vars, so checksums are only
touched when an operation requires them — no behavior change, just silence. Mirrors the
GCS compatibility settings in gcp/bucket.go.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
@github-actions

Copy link
Copy Markdown

Security Scan Results

Repository: api | Commit: 75b6c9c

Check Status Details
✅ Secret Scan Pass No secrets detected
✅ Dependencies (Trivy) Pass 0 total (no critical/high)
✅ Dependencies (Grype) Pass 0 total (no critical/high)
📦 SBOM Generated 522 components (CycloneDX)

Scanned at 2026-06-25 10:22 UTC

@github-actions

Copy link
Copy Markdown

📊 Statement coverage

Measured on the documented included set (see docs/TESTING.md → Coverage scope). Observe-only — no regression gate is enforced yet.

Scope This PR main baseline Δ
Included set (Gold-tier denominator) 90.3% 90.3% +0.0 pp
Full set (whole repo, transparency) 27.7% 27.7% +0.0 pp

Baseline: main @ 9145b8d

@github-actions

Copy link
Copy Markdown

Semgrep Scan Results

Repository: api | Commit: 75b6c9c

Check Status Details
⚠️ Semgrep Warning 1 warning(s), 1 total

Scanned at 2026-06-25 10:23 UTC

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants