-
Notifications
You must be signed in to change notification settings - Fork 255
Expand file tree
/
Copy pathgetBucketEncryption.js
More file actions
104 lines (92 loc) · 3.88 KB
/
getBucketEncryption.js
File metadata and controls
104 lines (92 loc) · 3.88 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
const assert = require('assert');
const { S3 } = require('aws-sdk');
const checkError = require('../../lib/utility/checkError');
const getConfig = require('../support/config');
const metadata = require('../../../../../lib/metadata/wrapper');
const { DummyRequestLogger } = require('../../../../unit/helpers');
const bucketName = 'encrypted-bucket';
const log = new DummyRequestLogger();
function setEncryptionInfo(info, cb) {
metadata.getBucket(bucketName, log, (err, bucket) => {
if (err) {
return cb(err);
}
bucket.setServerSideEncryption(info);
return metadata.updateBucket(bucket.getName(), bucket, log, cb);
});
}
describe('aws-sdk test get bucket encryption', () => {
let s3;
before(done => {
const config = getConfig('default', { signatureVersion: 'v4' });
s3 = new S3(config);
metadata.setup(done);
});
beforeEach(done => s3.createBucket({ Bucket: bucketName }, done));
afterEach(done => s3.deleteBucket({ Bucket: bucketName }, done));
it('should return NoSuchBucket error if bucket does not exist', done => {
s3.getBucketEncryption({ Bucket: 'invalid' }, err => {
checkError(err, 'NoSuchBucket', 404);
done();
});
});
it('should return ServerSideEncryptionConfigurationNotFoundError if no sse configured', done => {
s3.getBucketEncryption({ Bucket: bucketName }, err => {
checkError(err, 'ServerSideEncryptionConfigurationNotFoundError', 404);
done();
});
});
it('should return ServerSideEncryptionConfigurationNotFoundError if `mandatory` flag not set', done => {
setEncryptionInfo({ cryptoScheme: 1, algorithm: 'AES256', masterKeyId: '12345', mandatory: false }, err => {
assert.ifError(err);
s3.getBucketEncryption({ Bucket: bucketName }, err => {
checkError(err, 'ServerSideEncryptionConfigurationNotFoundError', 404);
done();
});
});
});
it('should include KMSMasterKeyID if user has configured a custom master key', done => {
setEncryptionInfo({ cryptoScheme: 1, algorithm: 'aws:kms', masterKeyId: '12345',
configuredMasterKeyId: '54321', mandatory: true }, err => {
assert.ifError(err);
s3.getBucketEncryption({ Bucket: bucketName }, (err, res) => {
assert.ifError(err);
assert.deepStrictEqual(res, {
ServerSideEncryptionConfiguration: {
Rules: [
{
ApplyServerSideEncryptionByDefault: {
SSEAlgorithm: 'aws:kms',
KMSMasterKeyID: '54321',
},
BucketKeyEnabled: false,
},
],
},
});
done();
});
});
});
it('should not include KMSMasterKeyID if no user configured master key', done => {
setEncryptionInfo({ cryptoScheme: 1, algorithm: 'AES256', masterKeyId: '12345', mandatory: true }, err => {
assert.ifError(err);
s3.getBucketEncryption({ Bucket: bucketName }, (err, res) => {
assert.ifError(err);
assert.deepStrictEqual(res, {
ServerSideEncryptionConfiguration: {
Rules: [
{
ApplyServerSideEncryptionByDefault: {
SSEAlgorithm: 'AES256',
},
BucketKeyEnabled: false,
},
],
},
});
done();
});
});
});
});