From a225902a361f6bcb84679e150ce0d014bca0a0fb Mon Sep 17 00:00:00 2001
From: smiyc <36233521+smiyc@users.noreply.github.com>
Date: Fri, 20 Jun 2025 15:37:23 +0200
Subject: [PATCH] docs: workaround for S3 checksum validation errors with
 recent boto3 versions (#398)

Fixes #393

Signed-off-by: Daniel Chambre <smiyc@pm.me>
Signed-off-by: Marco Nenciarini <marco.nenciarini@enterprisedb.com>
Signed-off-by: Gabriele Bartolini <gabriele.bartolini@enterprisedb.com>
Co-authored-by: Marco Nenciarini <marco.nenciarini@enterprisedb.com>
Co-authored-by: Gabriele Bartolini <gabriele.bartolini@enterprisedb.com>
---
 .wordlist.txt             |  3 +++
 web/docs/object_stores.md | 28 ++++++++++++++++++++++++++++
 2 files changed, 31 insertions(+)

diff --git a/.wordlist.txt b/.wordlist.txt
index 6fb521f..e8c33ea 100644
--- a/.wordlist.txt
+++ b/.wordlist.txt
@@ -49,6 +49,7 @@ Uncomment
 WAL
 WALBackupConfiguration
 WALs
+amz
 api
 apiVersion
 apiextensions
@@ -59,6 +60,7 @@ backend
 backends
 barmanObjectName
 barmancloud
+boto
 bzip
 cd
 cloudnative
@@ -113,6 +115,7 @@ secretKeyRef
 selfsigned
 serverName
 serviceaccount
+sha
 sig
 storageClass
 subcommand
diff --git a/web/docs/object_stores.md b/web/docs/object_stores.md
index 9ca5a2a..c3179ad 100644
--- a/web/docs/object_stores.md
+++ b/web/docs/object_stores.md
@@ -141,6 +141,34 @@ spec:
   [...]
 ```
 
+Recent changes to the [boto3 implementation](https://github.com/boto/boto3/issues/4392)
+of [Amazon S3 Data Integrity Protections](https://docs.aws.amazon.com/sdkref/latest/guide/feature-dataintegrity.html)
+may lead to the `x-amz-content-sha256` error when using the Barman Cloud
+Plugin.
+
+If you encounter this issue (see [GitHub issue #393](https://github.com/cloudnative-pg/plugin-barman-cloud/issues/393)),
+you can apply the following workaround by setting specific environment
+variables in the `ObjectStore` resource:
+
+```yaml
+apiVersion: barmancloud.cnpg.io/v1
+kind: ObjectStore
+metadata:
+  name: linode-store
+spec:
+  instanceSidecarConfiguration:
+    env:
+      - name: AWS_REQUEST_CHECKSUM_CALCULATION
+        value: when_required
+      - name: AWS_RESPONSE_CHECKSUM_VALIDATION
+        value: when_required
+  [...]
+```
+
+These settings ensure that checksum calculations and validations are only
+applied when explicitly required, avoiding compatibility issues with certain
+S3-compatible storage providers.
+
 Example with DigitalOcean Spaces (SFO3, path-style):
 
 ```yaml