minio/cmd/bucket-encryption_test.go

// Copyright (c) 2015-2021 MinIO, Inc.
//
// This file is part of MinIO Object Storage stack
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with this program.  If not, see <http://www.gnu.org/licenses/>.

package cmd

import (
	"bytes"
	"testing"
)

func TestValidateBucketSSEConfig(t *testing.T) {
	testCases := []struct {
		inputXML    string
		expectedErr error
		shouldPass  bool
	}{
		// MinIO supported XML
		{
			inputXML: `<ServerSideEncryptionConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
			<Rule>
			<ApplyServerSideEncryptionByDefault>
			<SSEAlgorithm>AES256</SSEAlgorithm>
			</ApplyServerSideEncryptionByDefault>
			</Rule>
			</ServerSideEncryptionConfiguration>`,
			expectedErr: nil,
			shouldPass:  true,
		},
		// Unsupported XML
		{
			inputXML: `<ServerSideEncryptionConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
			<Rule>
			<ApplyServerSideEncryptionByDefault>
                        <SSEAlgorithm>aws:kms</SSEAlgorithm>
                        <KMSMasterKeyID>my-key</KMSMasterKeyID>
			</ApplyServerSideEncryptionByDefault>
			</Rule>
			</ServerSideEncryptionConfiguration>`,
			expectedErr: nil,
			shouldPass:  true,
		},
	}

	for i, tc := range testCases {
		_, err := validateBucketSSEConfig(bytes.NewReader([]byte(tc.inputXML)))
		if tc.shouldPass && err != nil {
			t.Fatalf("Test case %d: Expected to succeed but got %s", i+1, err)
		}

		if !tc.shouldPass {
			if err == nil || err != nil && err.Error() != tc.expectedErr.Error() {
				t.Fatalf("Test case %d: Expected %s but got %s", i+1, tc.expectedErr, err)
			}
		}
	}
}
update license change for MinIO Signed-off-by: Harshavardhana <harsha@minio.io> 2021-04-19 03:41:13 +08:00			`// Copyright (c) 2015-2021 MinIO, Inc.`
			`//`
			`// This file is part of MinIO Object Storage stack`
			`//`
			`// This program is free software: you can redistribute it and/or modify`
			`// it under the terms of the GNU Affero General Public License as published by`
			`// the Free Software Foundation, either version 3 of the License, or`
			`// (at your option) any later version.`
			`//`
			`// This program is distributed in the hope that it will be useful`
			`// but WITHOUT ANY WARRANTY; without even the implied warranty of`
			`// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the`
			`// GNU Affero General Public License for more details.`
			`//`
			`// You should have received a copy of the GNU Affero General Public License`
			`// along with this program. If not, see <http://www.gnu.org/licenses/>.`
Add support for bucket encryption feature (#8890) - pkg/bucket/encryption provides support for handling bucket encryption configuration - changes under cmd/ provide support for AES256 algorithm only Co-Authored-By: Poorna <poornas@users.noreply.github.com> Co-authored-by: Harshavardhana <harsha@minio.io> 2020-02-05 17:42:34 +08:00
			`package cmd`

			`import (`
			`"bytes"`
			`"testing"`
			`)`

			`func TestValidateBucketSSEConfig(t *testing.T) {`
			`testCases := []struct {`
			`inputXML string`
			`expectedErr error`
			`shouldPass bool`
			`}{`
			`// MinIO supported XML`
			`{`
			inputXML: `<ServerSideEncryptionConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
			`<Rule>`
			`<ApplyServerSideEncryptionByDefault>`
			`<SSEAlgorithm>AES256</SSEAlgorithm>`
			`</ApplyServerSideEncryptionByDefault>`
			`</Rule>`
			</ServerSideEncryptionConfiguration>`,
			`expectedErr: nil,`
			`shouldPass: true,`
			`},`
			`// Unsupported XML`
			`{`
			inputXML: `<ServerSideEncryptionConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
			`<Rule>`
			`<ApplyServerSideEncryptionByDefault>`
			`<SSEAlgorithm>aws:kms</SSEAlgorithm>`
sse: add support for SSE-KMS bucket configurations (#12295) This commit adds support for SSE-KMS bucket configurations. Before, the MinIO server did not support SSE-KMS, and therefore, it was not possible to specify an SSE-KMS bucket config. Now, this is possible. For example: ``` mc encrypt set sse-kms some-key <alias>/my-bucket ``` Further, this commit fixes an issue caused by not supporting SSE-KMS bucket configuration and switching to SSE-KMS as default SSE method. Before, the server just checked whether an SSE bucket config was present (not which type of SSE config) and applied the default SSE method (which was switched from SSE-S3 to SSE-KMS). This caused objects to get encrypted with SSE-KMS even though a SSE-S3 bucket config was present. This issue is fixed as a side-effect of this commit. Signed-off-by: Andreas Auernhammer <aead@mail.de> 2021-05-14 15:59:05 +08:00			`<KMSMasterKeyID>my-key</KMSMasterKeyID>`
Add support for bucket encryption feature (#8890) - pkg/bucket/encryption provides support for handling bucket encryption configuration - changes under cmd/ provide support for AES256 algorithm only Co-Authored-By: Poorna <poornas@users.noreply.github.com> Co-authored-by: Harshavardhana <harsha@minio.io> 2020-02-05 17:42:34 +08:00			`</ApplyServerSideEncryptionByDefault>`
			`</Rule>`
			</ServerSideEncryptionConfiguration>`,
sse: add support for SSE-KMS bucket configurations (#12295) This commit adds support for SSE-KMS bucket configurations. Before, the MinIO server did not support SSE-KMS, and therefore, it was not possible to specify an SSE-KMS bucket config. Now, this is possible. For example: ``` mc encrypt set sse-kms some-key <alias>/my-bucket ``` Further, this commit fixes an issue caused by not supporting SSE-KMS bucket configuration and switching to SSE-KMS as default SSE method. Before, the server just checked whether an SSE bucket config was present (not which type of SSE config) and applied the default SSE method (which was switched from SSE-S3 to SSE-KMS). This caused objects to get encrypted with SSE-KMS even though a SSE-S3 bucket config was present. This issue is fixed as a side-effect of this commit. Signed-off-by: Andreas Auernhammer <aead@mail.de> 2021-05-14 15:59:05 +08:00			`expectedErr: nil,`
			`shouldPass: true,`
Add support for bucket encryption feature (#8890) - pkg/bucket/encryption provides support for handling bucket encryption configuration - changes under cmd/ provide support for AES256 algorithm only Co-Authored-By: Poorna <poornas@users.noreply.github.com> Co-authored-by: Harshavardhana <harsha@minio.io> 2020-02-05 17:42:34 +08:00			`},`
			`}`

			`for i, tc := range testCases {`
			`_, err := validateBucketSSEConfig(bytes.NewReader([]byte(tc.inputXML)))`
			`if tc.shouldPass && err != nil {`
			`t.Fatalf("Test case %d: Expected to succeed but got %s", i+1, err)`
			`}`

			`if !tc.shouldPass {`
			`if err == nil \|\| err != nil && err.Error() != tc.expectedErr.Error() {`
			`t.Fatalf("Test case %d: Expected %s but got %s", i+1, tc.expectedErr, err)`
			`}`
			`}`
			`}`
			`}`