Adjust testPresignedPostPolicy to ensure that GetObject returns the c…

…orrect checksum. Add checksum headers to policy

api-put-object-fan-out.go

@@ -85,7 +85,10 @@ func (c *Client) PutObjectFanOut(ctx context.Context, bucket string, fanOutData
 	policy.SetEncryption(fanOutReq.SSE)
 
 	// Set checksum headers if any.
-	policy.SetChecksum(fanOutReq.Checksum)
+	err := policy.SetChecksum(fanOutReq.Checksum)
+	if err != nil {
+		return nil, err
+	}
 
 	url, formData, err := c.PresignedPostPolicy(ctx, policy)
 	if err != nil {

functional_tests.go

@@ -160,7 +160,7 @@ func logError(testName, function string, args map[string]interface{}, startTime
 	} else {
 		logFailure(testName, function, args, startTime, alert, message, err)
 		if !isRunOnFail() {
-			panic(err)
+			panic(fmt.Sprintf("Test failed with message: %s, err: %v", message, err))
 		}
 	}
 }
@@ -2230,7 +2230,7 @@ func testPutObjectWithChecksums() {
 		h := test.cs.Hasher()
 		h.Reset()
 
-		// Test with Wrong CRC.
+		// Test with a bad CRC - we haven't called h.Write(b), so this is a checksum of empty data
 		meta[test.cs.Key()] = base64.StdEncoding.EncodeToString(h.Sum(nil))
 		args["metadata"] = meta
 		args["range"] = "false"
@@ -2620,7 +2620,7 @@ func testPutMultipartObjectWithChecksums(trailing bool) {
 		cmpChecksum := func(got, want string) {
 			if want != got {
 				logError(testName, function, args, startTime, "", "checksum mismatch", fmt.Errorf("want %s, got %s", want, got))
-				//fmt.Printf("want %s, got %s\n", want, got)
+				// fmt.Printf("want %s, got %s\n", want, got)
 				return
 			}
 		}
@@ -2933,6 +2933,8 @@ func testTrailingChecksums() {
 
 		delete(args, "metadata")
 	}
+
+	logSuccess(testName, function, args, startTime)
 }
 
 // Test PutObject with custom checksums.
@@ -5689,13 +5691,6 @@ func testPresignedPostPolicy() {
 		return
 	}
 
-	// Save the data
-	_, err = c.PutObject(context.Background(), bucketName, objectName, bytes.NewReader(buf), int64(len(buf)), minio.PutObjectOptions{ContentType: "binary/octet-stream"})
-	if err != nil {
-		logError(testName, function, args, startTime, "", "PutObject failed", err)
-		return
-	}
-
 	policy := minio.NewPostPolicy()
 
 	if err := policy.SetBucket(""); err == nil {
@@ -5732,7 +5727,11 @@ func testPresignedPostPolicy() {
 
 	// Add CRC32C
 	checksum := minio.ChecksumCRC32C.ChecksumBytes(buf)
-	policy.SetChecksum(checksum)
+	err = policy.SetChecksum(checksum)
+	if err != nil {
+		logError(testName, function, args, startTime, "", "SetChecksum failed", err)
+		return
+	}
 
 	args["policy"] = policy.String()
 
@@ -5828,7 +5827,7 @@ func testPresignedPostPolicy() {
 	expectedLocation := scheme + os.Getenv(serverEndpoint) + "/" + bucketName + "/" + objectName
 	expectedLocationBucketDNS := scheme + bucketName + "." + os.Getenv(serverEndpoint) + "/" + objectName
 
-	if !strings.Contains(expectedLocation, "s3.amazonaws.com/") {
+	if !strings.Contains(expectedLocation, ".amazonaws.com/") {
 		// Test when not against AWS S3.
 		if val, ok := res.Header["Location"]; ok {
 			if val[0] != expectedLocation && val[0] != expectedLocationBucketDNS {
@@ -5840,9 +5839,26 @@ func testPresignedPostPolicy() {
 			return
 		}
 	}
-	want := checksum.Encoded()
-	if got := res.Header.Get("X-Amz-Checksum-Crc32c"); got != want {
-		logError(testName, function, args, startTime, "", fmt.Sprintf("Want checksum %q, got %q", want, got), nil)
+	wantChecksumCrc32c := checksum.Encoded()
+	if got := res.Header.Get("X-Amz-Checksum-Crc32c"); got != wantChecksumCrc32c {
+		logError(testName, function, args, startTime, "", fmt.Sprintf("Want checksum %q, got %q", wantChecksumCrc32c, got), nil)
+		return
+	}
+
+	// Ensure that when we subsequently GetObject, the checksum is returned
+	gopts := minio.GetObjectOptions{Checksum: true}
+	r, err := c.GetObject(context.Background(), bucketName, objectName, gopts)
+	if err != nil {
+		logError(testName, function, args, startTime, "", "GetObject failed", err)
+		return
+	}
+	st, err := r.Stat()
+	if err != nil {
+		logError(testName, function, args, startTime, "", "Stat failed", err)
+		return
+	}
+	if st.ChecksumCRC32C != wantChecksumCrc32c {
+		logError(testName, function, args, startTime, "", fmt.Sprintf("Want checksum %s, got %s", wantChecksumCrc32c, st.ChecksumCRC32C), nil)
 		return
 	}
 

post-policy.go

@@ -321,11 +321,31 @@ func (p *PostPolicy) SetUserMetadataStartsWith(key, value string) error {
 }
 
 // SetChecksum sets the checksum of the request.
-func (p *PostPolicy) SetChecksum(c Checksum) {
+func (p *PostPolicy) SetChecksum(c Checksum) error {
 	if c.IsSet() {
 		p.formData[amzChecksumAlgo] = c.Type.String()
 		p.formData[c.Type.Key()] = c.Encoded()
+
+		// Needed for S3 compatibility. MinIO ignores the checksum keys in the policy.
+		// https://github.com/minio/minio/blob/RELEASE.2024-08-29T01-40-52Z/cmd/postpolicyform.go#L60-L65
+		policyCond := policyCondition{
+			matchType: "eq",
+			condition: fmt.Sprintf("$%s", amzChecksumAlgo),
+			value:     c.Type.String(),
+		}
+		if err := p.addNewPolicy(policyCond); err != nil {
+			return err
+		}
+		policyCond = policyCondition{
+			matchType: "eq",
+			condition: fmt.Sprintf("$%s", c.Type.Key()),
+			value:     c.Encoded(),
+		}
+		if err := p.addNewPolicy(policyCond); err != nil {
+			return err
+		}
 	}
+	return nil
 }
 
 // SetEncryption - sets encryption headers for POST API