fix: preserve override configuration

src/main/java/software/amazon/encryption/s3/S3AsyncEncryptionClient.java

@@ -5,7 +5,6 @@
 import static software.amazon.encryption.s3.S3EncryptionClientUtilities.DEFAULT_BUFFER_SIZE_BYTES;
 import static software.amazon.encryption.s3.S3EncryptionClientUtilities.MAX_ALLOWED_BUFFER_SIZE_BYTES;
 import static software.amazon.encryption.s3.S3EncryptionClientUtilities.MIN_ALLOWED_BUFFER_SIZE_BYTES;
-import static software.amazon.encryption.s3.internal.ApiNameVersion.API_NAME_INTERCEPTOR;
 
 import java.net.URI;
 import java.security.KeyPair;
@@ -56,6 +55,7 @@
 import software.amazon.awssdk.services.s3.model.UploadPartResponse;
 import software.amazon.awssdk.services.s3.multipart.MultipartConfiguration;
 import software.amazon.encryption.s3.algorithms.AlgorithmSuite;
+import software.amazon.encryption.s3.internal.ApiNameVersion;
 import software.amazon.encryption.s3.internal.GetEncryptedObjectPipeline;
 import software.amazon.encryption.s3.internal.InstructionFileConfig;
 import software.amazon.encryption.s3.internal.NoRetriesAsyncRequestBody;
@@ -240,12 +240,12 @@ public <T> CompletableFuture<T> getObject(GetObjectRequest getObjectRequest,
     @Override
     public CompletableFuture<DeleteObjectResponse> deleteObject(DeleteObjectRequest deleteObjectRequest) {
         final DeleteObjectRequest actualRequest = deleteObjectRequest.toBuilder()
-                .overrideConfiguration(API_NAME_INTERCEPTOR)
+                .overrideConfiguration(ApiNameVersion.addApiNameToOverrideConfiguration(deleteObjectRequest.overrideConfiguration()))
                 .build();
         final CompletableFuture<DeleteObjectResponse> response = _wrappedClient.deleteObject(actualRequest);
         final String instructionObjectKey = deleteObjectRequest.key() + ".instruction";
         final CompletableFuture<DeleteObjectResponse> instructionResponse = _wrappedClient.deleteObject(builder -> builder
-                .overrideConfiguration(API_NAME_INTERCEPTOR)
+                .overrideConfiguration(ApiNameVersion.addApiNameToOverrideConfiguration(deleteObjectRequest.overrideConfiguration()))
                 .bucket(deleteObjectRequest.bucket())
                 .key(instructionObjectKey));
         // Delete the instruction file, then delete the object
@@ -271,7 +271,7 @@ public CompletableFuture<DeleteObjectsResponse> deleteObjects(DeleteObjectsReque
         // Add the original objects
         objectsToDelete.addAll(deleteObjectsRequest.delete().objects());
         return _wrappedClient.deleteObjects(deleteObjectsRequest.toBuilder()
-                .overrideConfiguration(API_NAME_INTERCEPTOR)
+                .overrideConfiguration(ApiNameVersion.addApiNameToOverrideConfiguration(deleteObjectsRequest.overrideConfiguration()))
                 .delete(builder -> builder.objects(objectsToDelete))
                 .build());
     }

src/main/java/software/amazon/encryption/s3/S3EncryptionClient.java

@@ -7,7 +7,6 @@
 import static software.amazon.encryption.s3.S3EncryptionClientUtilities.MAX_ALLOWED_BUFFER_SIZE_BYTES;
 import static software.amazon.encryption.s3.S3EncryptionClientUtilities.MIN_ALLOWED_BUFFER_SIZE_BYTES;
 import static software.amazon.encryption.s3.S3EncryptionClientUtilities.instructionFileKeysToDelete;
-import static software.amazon.encryption.s3.internal.ApiNameVersion.API_NAME_INTERCEPTOR;
 
 import java.io.IOException;
 import java.net.URI;
@@ -75,6 +74,7 @@
 import software.amazon.awssdk.services.s3.model.UploadPartRequest;
 import software.amazon.awssdk.services.s3.model.UploadPartResponse;
 import software.amazon.encryption.s3.algorithms.AlgorithmSuite;
+import software.amazon.encryption.s3.internal.ApiNameVersion;
 import software.amazon.encryption.s3.internal.ContentMetadata;
 import software.amazon.encryption.s3.internal.ContentMetadataDecodingStrategy;
 import software.amazon.encryption.s3.internal.ContentMetadataEncodingStrategy;
@@ -570,7 +570,7 @@ private <T extends Throwable> T onAbort(UploadObjectObserver observer, T t) {
     public DeleteObjectResponse deleteObject(DeleteObjectRequest deleteObjectRequest) throws AwsServiceException,
             SdkClientException {
         DeleteObjectRequest actualRequest = deleteObjectRequest.toBuilder()
-                .overrideConfiguration(API_NAME_INTERCEPTOR)
+                .overrideConfiguration(ApiNameVersion.addApiNameToOverrideConfiguration(deleteObjectRequest.overrideConfiguration()))
                 .build();
 
         try {
@@ -583,7 +583,7 @@ public DeleteObjectResponse deleteObject(DeleteObjectRequest deleteObjectRequest
             //# - DeleteObject MUST delete the associated instruction file using the default instruction file suffix.
             String instructionObjectKey = deleteObjectRequest.key() + DEFAULT_INSTRUCTION_FILE_SUFFIX;
             _wrappedAsyncClient.deleteObject(builder -> builder
-                    .overrideConfiguration(API_NAME_INTERCEPTOR)
+                    .overrideConfiguration(ApiNameVersion.addApiNameToOverrideConfiguration(deleteObjectRequest.overrideConfiguration()))
                     .bucket(deleteObjectRequest.bucket())
                     .key(instructionObjectKey)).join();
             // Return original deletion
@@ -610,7 +610,7 @@ public DeleteObjectResponse deleteObject(DeleteObjectRequest deleteObjectRequest
     public DeleteObjectsResponse deleteObjects(DeleteObjectsRequest deleteObjectsRequest) throws AwsServiceException,
             SdkClientException {
         DeleteObjectsRequest actualRequest = deleteObjectsRequest.toBuilder()
-                .overrideConfiguration(API_NAME_INTERCEPTOR)
+                .overrideConfiguration(ApiNameVersion.addApiNameToOverrideConfiguration(deleteObjectsRequest.overrideConfiguration()))
                 .build();
         try {
             //= specification/s3-encryption/client.md#required-api-operations
@@ -622,7 +622,7 @@ public DeleteObjectsResponse deleteObjects(DeleteObjectsRequest deleteObjectsReq
             //# - DeleteObjects MUST delete each of the corresponding instruction files using the default instruction file suffix.
             List<ObjectIdentifier> deleteObjects = instructionFileKeysToDelete(deleteObjectsRequest);
             _wrappedAsyncClient.deleteObjects(DeleteObjectsRequest.builder()
-                    .overrideConfiguration(API_NAME_INTERCEPTOR)
+                    .overrideConfiguration(ApiNameVersion.addApiNameToOverrideConfiguration(deleteObjectsRequest.overrideConfiguration()))
                     .bucket(deleteObjectsRequest.bucket())
                     .delete(builder -> builder.objects(deleteObjects))
                     .build()).join();

src/main/java/software/amazon/encryption/s3/internal/ApiNameVersion.java

@@ -9,21 +9,36 @@
 import java.io.IOException;
 import java.net.URL;
 import java.util.Enumeration;
+import java.util.Optional;
 import java.util.Properties;
-import java.util.function.Consumer;
 
 /**
  * Provides the information for the ApiName APIs for the AWS SDK
  */
 public class ApiNameVersion {
     private static final ApiName API_NAME = ApiNameVersion.apiNameWithVersion();
-    // This is used in overrideConfiguration
-    public static final Consumer<AwsRequestOverrideConfiguration.Builder> API_NAME_INTERCEPTOR =
-            builder -> builder.addApiName(API_NAME);
 
     public static final String NAME = "AmazonS3Encrypt";
     public static final String API_VERSION_UNKNOWN = "4-unknown";
 
+    /**
+     * Returns an {@link AwsRequestOverrideConfiguration} which includes the S3EC API name while
+     * preserving any override configuration the caller already set on their request. This ensures
+     * caller-supplied configuration (e.g. custom headers, credentials providers, or signer
+     * overrides) is not dropped when the S3EC adds its API name.
+     *
+     * @param existingOverrideConfiguration the override configuration from the original request, if any
+     * @return an override configuration containing the S3EC API name merged with the existing configuration
+     */
+    public static AwsRequestOverrideConfiguration addApiNameToOverrideConfiguration(
+            Optional<AwsRequestOverrideConfiguration> existingOverrideConfiguration) {
+        return existingOverrideConfiguration
+                .map(AwsRequestOverrideConfiguration::toBuilder)
+                .orElseGet(AwsRequestOverrideConfiguration::builder)
+                .addApiName(API_NAME)
+                .build();
+    }
+
     public static ApiName apiNameWithVersion() {
         return ApiName.builder()
                 .name(NAME)

src/main/java/software/amazon/encryption/s3/internal/GetEncryptedObjectPipeline.java

@@ -2,8 +2,6 @@
 // SPDX-License-Identifier: Apache-2.0
 package software.amazon.encryption.s3.internal;
 
-import static software.amazon.encryption.s3.internal.ApiNameVersion.API_NAME_INTERCEPTOR;
-
 import java.nio.ByteBuffer;
 import java.util.Arrays;
 import java.util.Collections;
@@ -64,7 +62,7 @@ public <T> CompletableFuture<T> getObject(GetObjectRequest getObjectRequest, Asy
         //# and end of the cipher blocks for the given range.
         String cryptoRange = RangedGetUtils.getCryptoRangeAsString(getObjectRequest.range());
         GetObjectRequest adjustedRangeRequest = getObjectRequest.toBuilder()
-                .overrideConfiguration(API_NAME_INTERCEPTOR)
+                .overrideConfiguration(ApiNameVersion.addApiNameToOverrideConfiguration(getObjectRequest.overrideConfiguration()))
                 .range(cryptoRange)
                 .build();
         if (!_enableLegacyUnauthenticatedModes && getObjectRequest.range() != null) {

src/main/java/software/amazon/encryption/s3/internal/MultipartUploadObjectPipeline.java

@@ -2,8 +2,6 @@
 // SPDX-License-Identifier: Apache-2.0
 package software.amazon.encryption.s3.internal;
 
-import static software.amazon.encryption.s3.internal.ApiNameVersion.API_NAME_INTERCEPTOR;
-
 import java.io.IOException;
 import java.io.InputStream;
 import java.io.OutputStream;
@@ -80,7 +78,7 @@ public CreateMultipartUploadResponse createMultipartUpload(CreateMultipartUpload
         final byte[] contentIV = materials.algorithmSuite().isCommitting() ? materials.messageId() : materials.iv();
         CreateMultipartUploadRequest createMpuRequest = _contentMetadataEncodingStrategy.encodeMetadata(materials, contentIV, request);
         request = createMpuRequest.toBuilder()
-                .overrideConfiguration(API_NAME_INTERCEPTOR)
+                .overrideConfiguration(ApiNameVersion.addApiNameToOverrideConfiguration(createMpuRequest.overrideConfiguration()))
                 .build();
 
         //= specification/s3-encryption/client.md#optional-api-operations
@@ -135,7 +133,7 @@ public UploadPartResponse uploadPart(UploadPartRequest request, RequestBody requ
 
         // Once we have (a valid) ciphertext length, set the request contentLength
         UploadPartRequest actualRequest = request.toBuilder()
-                .overrideConfiguration(API_NAME_INTERCEPTOR)
+                .overrideConfiguration(ApiNameVersion.addApiNameToOverrideConfiguration(request.overrideConfiguration()))
                 .contentLength(ciphertextLength)
                 .build();
 
@@ -201,7 +199,7 @@ public CompleteMultipartUploadResponse completeMultipartUpload(CompleteMultipart
         }
 
         CompleteMultipartUploadRequest actualRequest = request.toBuilder()
-                .overrideConfiguration(API_NAME_INTERCEPTOR)
+                .overrideConfiguration(ApiNameVersion.addApiNameToOverrideConfiguration(request.overrideConfiguration()))
                 .build();
 
         //= specification/s3-encryption/client.md#optional-api-operations
@@ -215,7 +213,7 @@ public CompleteMultipartUploadResponse completeMultipartUpload(CompleteMultipart
     public AbortMultipartUploadResponse abortMultipartUpload(AbortMultipartUploadRequest request) {
         _multipartUploadMaterials.remove(request.uploadId());
         AbortMultipartUploadRequest actualRequest = request.toBuilder()
-                .overrideConfiguration(API_NAME_INTERCEPTOR)
+                .overrideConfiguration(ApiNameVersion.addApiNameToOverrideConfiguration(request.overrideConfiguration()))
                 .build();
         //= specification/s3-encryption/client.md#optional-api-operations
         //# - AbortMultipartUpload MUST abort the multipart upload.

src/main/java/software/amazon/encryption/s3/internal/PutEncryptedObjectPipeline.java

@@ -2,8 +2,6 @@
 // SPDX-License-Identifier: Apache-2.0
 package software.amazon.encryption.s3.internal;
 
-import static software.amazon.encryption.s3.internal.ApiNameVersion.API_NAME_INTERCEPTOR;
-
 import java.security.SecureRandom;
 import java.util.concurrent.CompletableFuture;
 
@@ -81,7 +79,7 @@ public CompletableFuture<PutObjectResponse> putObject(PutObjectRequest request,
         final byte[] contentIV = materials.algorithmSuite().isCommitting() ? materials.messageId() : materials.iv();
         PutObjectRequest modifiedRequest = _contentMetadataEncodingStrategy.encodeMetadata(materials, contentIV, request);
         PutObjectRequest encryptedPutRequest = modifiedRequest.toBuilder()
-                .overrideConfiguration(API_NAME_INTERCEPTOR)
+                .overrideConfiguration(ApiNameVersion.addApiNameToOverrideConfiguration(request.overrideConfiguration()))
                 .contentLength(encryptedContent.getCiphertextLength())
                 .build();
         return _s3AsyncClient.putObject(encryptedPutRequest, new NoRetriesAsyncRequestBody(encryptedContent.getAsyncCiphertext()));