Unable to write to a bucket that has object lock enabled

I believe this should already be available through hook_s3fs_upload_params_alter() and hook_s3fs_copy_params_alter() which is available for sites to make changes (though I don't think validation currently uses those hooks the full writes do use them.)

Since this is a new parameter on the AWS SDK and our existing API provides options I'm classifying this as a feature request and pushing to 4.x.

Would you mind providing some more context on reasons for why the buckets are using Object Lock? I normally don't think of most of the content that would be on Drupal as requiring such a feature so it would be helpful to understand the reasons to better determine if we should implement this inside s3fs or if we should leave this as a hook-only feature.

Thank you.

My use case isn't entirely typical.  It relates to compliance and the storage of data in a secure vault in case it is required in a legal case some years in the future.   

To achieve this I set up an S3 bucket and turned on Object Lock and set Compliance mode with a retention period of 7 years.  This prevents any file added to the bucket from being deleted or overwritten for 7 years. 
My Drupal application takes a form submission, renders it as a PDF and then saves the PDF into the bucket using s3fs.

Based on your advice I've tried out the hook_s3fs_upload_params_alter hook.   Unfortunately they are executed after the validate routine so never get invoked due to validate failing.  However, after temporarily bypassing the validate function I can see the hook does run and setting   $upload_params['AddContentMD5'] = true; does resolve my problem.

So here's the solution in my local copy:

1.  I've added a new setting into settings.php:    $config['s3fs.settings']['object_lock'] = true;

2.  I've added a hook into my module:

function mymodule_s3fs_upload_params_alter(array &$upload_params) {
  $config = \Drupal::config('s3fs.settings')->get();
  if (isset($config['object_lock'])) {
    $upload_params['AddContentMD5'] = TRUE;
  }
}

3. I've patched the validate function in S3fsService.php as follows:

diff --git a/src/S3fsService.php b/src/S3fsService.php
index 97c22f8..464368a 100644
--- a/src/S3fsService.php
+++ b/src/S3fsService.php
@@ -160,6 +160,11 @@ public function validate(array $config) {
         $putOptions['CacheControl'] = $config['cache_control_header'];
       }

+      // An MD5 header is required for files stored in an object lock enabled bucket.
+      if (!empty($config['object_lock'])) {
+        $putOptions['AddContentMD5'] = true;
+      }
+
       $s3->putObject($putOptions);
       $object = $s3->getObject(['Bucket' => $config['bucket'], 'Key' => $key]);
       if ($object) {

I've split out the lack of calling hooks during validation into 🐛 Bucket validation does not call hooks. Downport .

That will allow us to keep this focused on if we want to implement this as an internally supported feature or if we depend upon hook implementations to do so.

Just a note, don't forget about hook_s3fs_copy_params_alter() as that is used for FileSytemInterface::copy() operations.