Skip to content

Commit

Permalink
Add end-to-end test for SSE-C encryption
Browse files Browse the repository at this point in the history 
Signed-off-by: Jens Hausherr <[email protected]>
  • Loading branch information
@jabbrwcky
jabbrwcky committed Sep 30, 2024
1 parent d67c1cf commit fa635f9
Show file tree
Hide file tree
Showing 2 changed files with 59 additions and 0 deletions.
58 changes: 58 additions & 0 deletions providers/s3/s3_e2e_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,13 +6,17 @@ package s3_test
import (
"bytes"
"context"
"io"
"path/filepath"
"strings"
"testing"

"github.com/efficientgo/core/testutil"
"github.com/efficientgo/e2e"
"github.com/go-kit/log"
"github.com/minio/minio-go/v7/pkg/encrypt"

"github.com/thanos-io/objstore/exthttp"
"github.com/thanos-io/objstore/providers/s3"
"github.com/thanos-io/objstore/test/e2e/e2ethanos"
)
Expand Down Expand Up @@ -53,3 +57,57 @@ func BenchmarkUpload(b *testing.B) {
testutil.Ok(b, bkt.Upload(ctx, "test", strings.NewReader(str)))
}
}

func TestSSECencryption(t *testing.T) {
ctx := context.Background()
e, err := e2e.NewDockerEnvironment("e2e-ssec", e2e.WithLogger(log.NewNopLogger()))
testutil.Ok(t, err)
t.Cleanup(e2ethanos.CleanScenario(t, e))

const bucket = "sse-c-encryption"
m := e2ethanos.NewMinio(e, "sse-c-encryption", bucket)
testutil.Ok(t, e2e.StartAndWaitReady(m))

cfg := s3.Config{
Bucket: bucket,
AccessKey: "Cheescake",
SecretKey: "supersecret",
Endpoint: m.Endpoint("https"),
Insecure: false,
HTTPConfig: exthttp.HTTPConfig{
TLSConfig: exthttp.TLSConfig{
CAFile: filepath.Join(m.Dir(), "certs", "CAs", "ca.crt"),
CertFile: filepath.Join(m.Dir(), "certs", "public.crt"),
KeyFile: filepath.Join(m.Dir(), "certs", "private.key"),
},
},
SSEConfig: s3.SSEConfig{
Type: string(encrypt.SSEC),
EncryptionKey: "testdata/encryption_key",
},
BucketLookupType: s3.AutoLookup,
}

bkt, err := s3.NewBucketWithConfig(
log.NewNopLogger(),
cfg,
"test-ssec",
)
testutil.Ok(t, err)

upload := "secret content"
bkt.Upload(ctx, "encrypted", strings.NewReader(upload))
testutil.Ok(t, bkt.Upload(ctx, "encrypted", strings.NewReader(upload)))

exists, err := bkt.Exists(ctx, "encrypted")
testutil.Ok(t, err)
if !exists {
t.Fatalf("upload failed")
}

r, err := bkt.Get(ctx, "encrypted")
testutil.Ok(t, err)
b, err := io.ReadAll(r)
testutil.Ok(t, err)
testutil.Equals(t, upload, string(b))
}
1 change: 1 addition & 0 deletions providers/s3/testdata/encryption_key
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
suchSecretVeryCryptographicKeyZ

0 comments on commit fa635f9

Please sign in to comment.