MCPcopy
hub / github.com/scality/cloudserver / assertObjectSSE

Function assertObjectSSE

tests/functional/sse-kms-migration/migration.js:18–63  ·  view source on GitHub ↗
(
    { Bucket, Key, VersionId, Body },
    { obj, objConf },
    { bkt, bktConf },
    // headers come from the command like putObject, CopyObject, MPUs...
    { arnPrefix = kms.arnPrefix, put, headers } = { arnPrefix: kms.arnPrefix },
)

Source from the content-addressed store, hash-verified

16const SCAL_KMS_ARN_REG = new RegExp(`^${SCAL_KMS_ARN}`);
17
18async function assertObjectSSE(
19 { Bucket, Key, VersionId, Body },
20 { obj, objConf },
21 { bkt, bktConf },
22 // headers come from the command like putObject, CopyObject, MPUs...
23 { arnPrefix = kms.arnPrefix, put, headers } = { arnPrefix: kms.arnPrefix },
24) {
25 const sseMD = await helpers.getObjectMDSSE(Bucket, Key);
26 const head = await helpers.s3.headObject({ Bucket, Key, VersionId });
27 const sseMDMigrated = await helpers.getObjectMDSSE(Bucket, Key);
28 const expectedKey = `${sseMD.SSEKMSKeyId && isScalityKmsArn(sseMD.SSEKMSKeyId)
29 ? '' : arnPrefix}${sseMD.SSEKMSKeyId}`;
30
31 if (!put && sseMD.SSEKMSKeyId) {
32 assert.doesNotMatch(sseMD.SSEKMSKeyId, SCAL_KMS_ARN_REG);
33 }
34
35 // obj precedence over bkt
36 assert.strictEqual(head.ServerSideEncryption, (objConf.algo || bktConf.algo));
37 headers && assert.strictEqual(headers.ServerSideEncryption, (objConf.algo || bktConf.algo));
38
39 if (sseMDMigrated.SSEKMSKeyId) {
40 // on metadata verify the full key with arn prefix
41 assert.strictEqual(sseMDMigrated.SSEKMSKeyId, expectedKey);
42 }
43
44 if (obj.kmsKey) {
45 assert.strictEqual(head.SSEKMSKeyId, helpers.getKey(expectedKey));
46 headers && assert.strictEqual(headers.SSEKMSKeyId, helpers.getKey(expectedKey));
47 } else if (objConf.algo !== 'AES256' && bkt.kmsKey) {
48 assert.strictEqual(head.SSEKMSKeyId, helpers.getKey(expectedKey));
49 headers && assert.strictEqual(headers.SSEKMSKeyId, helpers.getKey(expectedKey));
50 } else if (head.ServerSideEncryption === 'aws:kms') {
51 // We differ from aws behavior and always return a
52 // masterKeyId even when not explicitly configured.
53 assert.strictEqual(head.SSEKMSKeyId, helpers.getKey(expectedKey));
54 headers && assert.strictEqual(headers.SSEKMSKeyId, helpers.getKey(expectedKey));
55 } else {
56 assert.strictEqual(head.SSEKMSKeyId, undefined);
57 headers && assert.strictEqual(headers.SSEKMSKeyId, undefined);
58 }
59
60 // always verify GetObject as well to ensure acurate decryption
61 const get = await helpers.s3.getObject({ Bucket, Key, ...(VersionId && { VersionId }) });
62 assert.strictEqual(get.Body.toString(), Body);
63}
64
65describe('SSE KMS migration', () => {
66 /** Bucket to test CopyObject from and to */

Callers 1

migration.jsFile · 0.70

Calls 1

headObjectMethod · 0.80

Tested by

no test coverage detected