Skip to content

Commit 5991491

Browse files
BourgoisMickaelBourgoisMickael
committed
ifixup copy
1 parent f0e12c0 commit 5991491

4 files changed

Lines changed: 181 additions & 154 deletions

File tree

tests/functional/sse-kms-migration/arnPrefix.js

Lines changed: 14 additions & 62 deletions
Original file line numberDiff line numberDiff line change
@@ -15,7 +15,7 @@ const { makeRequest } = require('../raw-node/utils/makeRequest');
1515
const { config } = require('../../../lib/Config');
1616
const { getKeyIdFromArn, isScalityKmsArn } = require('arsenal/build/lib/network/KMSInterface');
1717
const helpers = require('./helpers');
18-
18+
const scenarios = require('./scenarios');
1919
// use file to defined key in arn prefix, if no prefix mem is used
2020

2121
// copy part of aws-node-sdk/test/object/encryptionHeaders.js and add more tests
@@ -207,67 +207,26 @@ describe('SSE KMS arnPrefix', () => {
207207
});
208208

209209
if (bktConf.deleteSSE) {
210-
beforeEach(async () => {
211-
const bucketMD = await helpers.MD.getBucket(bkt.name, log);
212-
if (bucketMD.getServerSideEncryption()) {
213-
bucketMD.setServerSideEncryption(null);
214-
void await helpers.MD.updateBucket(bucketMD.getName(), bucketMD, log);
215-
}
216-
});
210+
beforeEach(async () => scenarios.deleteBucketSSEBeforeEach(bkt.name, log));
217211
}
218212

219213
if (!bktConf.algo) {
220-
it('GetBucketEncryption should return ServerSideEncryptionConfigurationNotFoundError', async () => {
221-
void await assert.rejects(helpers.s3.getBucketEncryption({ Bucket: bkt.name }).promise(), err => {
222-
assert.strictEqual(err.code, 'ServerSideEncryptionConfigurationNotFoundError');
223-
return true;
224-
});
225-
});
214+
it('GetBucketEncryption should return ServerSideEncryptionConfigurationNotFoundError',
215+
async () => await scenarios.tests.getBucketSSEError(bkt.name));
226216

227217
if (!bktConf.deleteSSE) {
228-
it('should have non mandatory SSE in bucket MD as test init put an object with AES256', async () => {
229-
const bucketMD = await helpers.MD.getBucket(bkt.name, log);
230-
const sseMD = bucketMD.getServerSideEncryption();
231-
assert.strictEqual(sseMD.mandatory, false);
232-
assert.strictEqual(sseMD.algorithm, 'AES256');
233-
assert.match(sseMD.masterKeyId, new RegExp(kms.arnPrefix));
234-
});
218+
it('should have non mandatory SSE in bucket MD as test init put an object with AES256',
219+
async () => await scenarios.tests.getBucketNonMandatorySSE(bkt.name, log, 'after'));
235220
}
236221
} else {
237-
it('GetBucketEncryption should return SSE with arnPrefix to key', async () => {
238-
// bucket already has SSE from initBucket function
239-
const sseS3 = await helpers.s3.getBucketEncryption({ Bucket: bkt.name }).promise();
240-
241-
const { SSEAlgorithm, KMSMasterKeyID } = sseS3
242-
.ServerSideEncryptionConfiguration.Rules[0].ApplyServerSideEncryptionByDefault;
243-
244-
// Compare bucketMD as well to make sure key is stored with arn
245-
const bucketMD = await helpers.MD.getBucket(bkt.name, log);
246-
const sseMD = bucketMD.getServerSideEncryption();
247-
248-
assert.strictEqual(SSEAlgorithm, bktConf.algo);
249-
assert.strictEqual(sseMD.algorithm, bktConf.algo);
250-
if (!bktConf.masterKeyId) {
251-
// AES256 or aws:kms without keyId
252-
assert.match(sseMD.masterKeyId, arnPrefixReg);
253-
}
254-
if (bktConf.masterKeyId) {
255-
// arn prefixed even if not prefixed in input
256-
assert.strictEqual(sseMD.configuredMasterKeyId, bkt.kmsKeyInfo.masterKeyArn);
257-
assert.strictEqual(KMSMasterKeyID, helpers.getKey(bkt.kmsKeyInfo.masterKeyArn));
258-
}
259-
});
222+
it('GetBucketEncryption should return SSE with arnPrefix to key',
223+
async () => await scenarios.tests.getBucketSSE(bkt.name, log, bktConf.algo,
224+
bktConf.masterKeyId ? bkt.kmsKeyInfo.masterKeyArn : null, 'after'));
260225
}
261226

262-
testCasesObj.forEach(objConf => it(`should assert uploaded objects with SSE ${objConf.name}`, async () => {
263-
const obj = bkt.objs[objConf.name];
264-
const assertion = {
265-
Bucket: bkt.name,
266-
Key: obj.name,
267-
Body: obj.body,
268-
};
269-
void await assertObjectSSE(assertion, { objConf, obj }, { bktConf, bkt });
270-
}));
227+
testCasesObj.forEach(objConf => it(`should assert uploaded objects with SSE ${objConf.name}`,
228+
async () => scenarios.tests.getPreUploadedObject(bkt.name,
229+
{ objConf, obj: bkt.objs[objConf.name] }, { bktConf, bkt })));
271230

272231
testCasesObj.forEach(objConf => describe(`object enc-obj-${objConf.name}`, () => {
273232
const obj = {
@@ -289,15 +248,8 @@ describe('SSE KMS arnPrefix', () => {
289248
objForCopy = bkt.objs[objConf.name];
290249
});
291250

292-
it(`should PutObject ${obj.name} overriding bucket SSE`, async () => {
293-
void await helpers.putEncryptedObject(bkt.name, obj.name, objConf, obj.kmsKey, obj.body);
294-
const assertion = {
295-
Bucket: bkt.name,
296-
Key: obj.name,
297-
Body: obj.body,
298-
};
299-
void await assertObjectSSE(assertion, { objConf, obj }, { bktConf, bkt });
300-
});
251+
it(`should PutObject ${obj.name} overriding bucket SSE`,
252+
async () => scenarios.tests.putObjectOverrideSSE({ objConf, obj }, { bktConf, bkt }));
301253

302254
// CopyObject scenarios
303255
[

tests/functional/sse-kms-migration/beforeMigration.js

Lines changed: 12 additions & 54 deletions
Original file line numberDiff line numberDiff line change
@@ -175,57 +175,22 @@ describe('SSE KMS before migration', () => {
175175
}
176176

177177
if (!bktConf.algo) {
178-
it('GetBucketEncryption should return ServerSideEncryptionConfigurationNotFoundError', async () => {
179-
void await assert.rejects(helpers.s3.getBucketEncryption({ Bucket: bkt.name }).promise(), err => {
180-
assert.strictEqual(err.code, 'ServerSideEncryptionConfigurationNotFoundError');
181-
return true;
182-
});
183-
});
178+
it('GetBucketEncryption should return ServerSideEncryptionConfigurationNotFoundError',
179+
async () => await scenarios.tests.getBucketSSEError(bkt.name));
184180

185181
if (!bktConf.deleteSSE) {
186-
it('should have non mandatory SSE in bucket MD as test init put an object with AES256', async () => {
187-
const bucketMD = await helpers.MD.getBucket(bkt.name, log);
188-
const sseMD = bucketMD.getServerSideEncryption();
189-
assert.strictEqual(sseMD.mandatory, false);
190-
assert.strictEqual(sseMD.algorithm, 'AES256');
191-
assert.match(sseMD.masterKeyId, new RegExp(kms.arnPrefix));
192-
});
182+
it('should have non mandatory SSE in bucket MD as test init put an object with AES256',
183+
async () => await scenarios.tests.getBucketNonMandatorySSE(bkt.name, log, 'before'));
193184
}
194185
} else {
195-
it('GetBucketEncryption should return SSE with arnPrefix to key', async () => {
196-
// bucket already has SSE from initBucket function
197-
const sseS3 = await helpers.s3.getBucketEncryption({ Bucket: bkt.name }).promise();
198-
199-
const { SSEAlgorithm, KMSMasterKeyID } = sseS3
200-
.ServerSideEncryptionConfiguration.Rules[0].ApplyServerSideEncryptionByDefault;
201-
202-
// Compare bucketMD as well to make sure key is stored with arn
203-
const bucketMD = await helpers.MD.getBucket(bkt.name, log);
204-
const sseMD = bucketMD.getServerSideEncryption();
205-
206-
assert.strictEqual(SSEAlgorithm, bktConf.algo);
207-
assert.strictEqual(sseMD.algorithm, bktConf.algo);
208-
if (!bktConf.masterKeyId) {
209-
// AES256 or aws:kms without keyId
210-
assert.match(sseMD.masterKeyId, new RegExp(kms.arnPrefix));
211-
}
212-
if (bktConf.masterKeyId) {
213-
// arn prefixed even if not prefixed in input
214-
assert.strictEqual(sseMD.configuredMasterKeyId, bkt.kmsKeyInfo.masterKeyArn);
215-
assert.strictEqual(KMSMasterKeyID, bkt.kmsKeyInfo.masterKeyArn);
216-
}
217-
});
186+
it('GetBucketEncryption should return SSE with arnPrefix to key',
187+
async () => await scenarios.tests.getBucketSSE(bkt.name, log, bktConf.algo,
188+
bktConf.masterKeyId ? bkt.kmsKeyInfo.masterKeyArn : null, 'before'));
218189
}
219190

220-
testCasesObj.forEach(objConf => it(`should have pre uploaded object with SSE ${objConf.name}`, async () => {
221-
const obj = bkt.objs[objConf.name];
222-
const assertion = {
223-
Bucket: bkt.name,
224-
Key: obj.name,
225-
Body: obj.body,
226-
};
227-
void await scenarios.assertObjectSSE(assertion, { objConf, obj }, { bktConf, bkt });
228-
}));
191+
testCasesObj.forEach(objConf => it(`should have pre uploaded object with SSE ${objConf.name}`,
192+
async () => scenarios.tests.getPreUploadedObject(bkt.name,
193+
{ objConf, obj: bkt.objs[objConf.name] }, { bktConf, bkt })));
229194

230195
testCasesObj.forEach(objConf => describe(`object enc-obj-${objConf.name}`, () => {
231196
const obj = {
@@ -248,15 +213,8 @@ describe('SSE KMS before migration', () => {
248213
objForCopy = bkt.objs[objConf.name];
249214
});
250215

251-
it(`should PutObject ${obj.name} overriding bucket SSE`, async () => {
252-
void await helpers.putEncryptedObject(bkt.name, obj.name, objConf, obj.kmsKey, obj.body);
253-
const assertion = {
254-
Bucket: bkt.name,
255-
Key: obj.name,
256-
Body: obj.body,
257-
};
258-
void await scenarios.assertObjectSSE(assertion, { objConf, obj }, { bktConf, bkt });
259-
});
216+
it(`should PutObject ${obj.name} overriding bucket SSE`,
217+
async () => scenarios.tests.putObjectOverrideSSE({ objConf, obj }, { bktConf, bkt }));
260218

261219
// S3C-9996 The SSE was bugged with MPU, where the completion takes only the masterKeyId from bucket
262220
// Fixed at the same time as migration, some scenario can pass only in newer version above migration

tests/functional/sse-kms-migration/migration.js

Lines changed: 10 additions & 37 deletions
Original file line numberDiff line numberDiff line change
@@ -7,6 +7,7 @@ const assert = require('assert');
77
const log = new DummyRequestLogger();
88
const { getKeyIdFromArn, isScalityKmsArn, SCAL_KMS_ARN } = require('arsenal/build/lib/network/KMSInterface');
99
const helpers = require('./helpers');
10+
const scenarios = require('./scenarios');
1011

1112
// use file to defined key in arn prefix, if no prefix mem is used
1213

@@ -196,54 +197,26 @@ describe('SSE KMS migration', () => {
196197
});
197198

198199
if (bktConf.deleteSSE) {
199-
beforeEach(async () => {
200-
const bucketMD = await helpers.MD.getBucket(bkt.name, log);
201-
if (bucketMD.getServerSideEncryption()) {
202-
bucketMD.setServerSideEncryption(null);
203-
void await helpers.MD.updateBucket(bucketMD.getName(), bucketMD, log);
204-
}
205-
});
200+
beforeEach(async () => scenarios.deleteBucketSSEBeforeEach(bkt.name, log));
206201
}
207202

208203
if (!bktConf.algo) {
209-
it('GetBucketEncryption should return ServerSideEncryptionConfigurationNotFoundError', async () => {
210-
void await assert.rejects(helpers.s3.getBucketEncryption({ Bucket: bkt.name }).promise(), err => {
211-
assert.strictEqual(err.code, 'ServerSideEncryptionConfigurationNotFoundError');
212-
return true;
213-
});
214-
});
204+
it('GetBucketEncryption should return ServerSideEncryptionConfigurationNotFoundError',
205+
async () => await scenarios.tests.getBucketSSEError(bkt.name));
215206

216207
if (!bktConf.deleteSSE) {
217-
it('should have non mandatory SSE in bucket MD as test init put an object with AES256', async () => {
218-
const bucketMD = await helpers.MD.getBucket(bkt.name, log);
219-
const sseMD = bucketMD.getServerSideEncryption();
220-
assert.strictEqual(sseMD.mandatory, false);
221-
assert.strictEqual(sseMD.algorithm, 'AES256');
222-
assert.doesNotMatch(sseMD.masterKeyId, SCAL_KMS_ARN_REG);
223-
});
208+
it('should have non mandatory SSE in bucket MD as test init put an object with AES256',
209+
async () => scenarios.tests.getBucketNonMandatorySSE(bkt.name, log, 'migration'));
224210
}
225211
} else {
226-
it('ensure old SSE KMS key setup', async () => {
227-
const bucketMD = await helpers.MD.getBucket(bkt.name, log);
228-
const sseMD = bucketMD.getServerSideEncryption();
229-
const sseS3 = await helpers.getBucketSSE(bkt.name);
230-
231-
assert.strictEqual(sseS3.SSEAlgorithm, bktConf.algo);
232-
assert.strictEqual(sseMD.algorithm, bktConf.algo);
233-
if (!bktConf.masterKeyId) {
234-
// AES256 or aws:kms without keyId
235-
assert.doesNotMatch(sseMD.masterKeyId, SCAL_KMS_ARN_REG);
236-
}
237-
if (bktConf.masterKeyId) {
238-
// arn prefixed even if not prefixed in input
239-
assert.doesNotMatch(sseMD.configuredMasterKeyId, SCAL_KMS_ARN_REG);
240-
assert.doesNotMatch(sseS3.KMSMasterKeyID, SCAL_KMS_ARN_REG);
241-
}
242-
});
212+
it('ensure old SSE KMS key setup',
213+
async () => await scenarios.tests.getBucketSSE(bkt.name, log, bktConf.algo,
214+
bktConf.masterKeyId ? bkt.kmsKeyInfo.masterKeyArn : null, 'migration'));
243215
}
244216

245217
testCasesObj.forEach(objConf => it(`should have pre uploaded object with SSE ${objConf.name}`, async () => {
246218
const obj = bkt.objs[objConf.name];
219+
// use MD here to avoid triggering a migration
247220
const sseMD = await helpers.getObjectMDSSE(bkt.name, obj.name);
248221
if (sseMD.SSEKMSKeyId) {
249222
assert.doesNotMatch(sseMD.SSEKMSKeyId, SCAL_KMS_ARN_REG);

0 commit comments

Comments
 (0)