Deuxfleurs/garage
42
39
Fork 55
Code Issues 71 Pull requests 7 Releases 29 Wiki Activity

[sse-c] remove sse-c multipart test from test-smoke
Some checks failed
ci/woodpecker/pr/debug Pipeline failed
Details
ci/woodpecker/push/debug Pipeline failed
Details

Browse source
This commit is contained in:
Alex 2024-02-29 14:59:41 +01:00
parent d7a552ac31
commit 4ae123bf00
Signed by: lx
GPG key ID: 0E496D15096376BE
1 changed files with 1 additions and 33 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

34
script/test-smoke.sh
View file

@ -83,12 +83,9 @@ if [ -z "$SKIP_AWS" ]; then
fi
aws s3api delete-object --bucket eprouvette --key upload
echo "🛠️ Test SSE-C with awscli (aws s3)"
SSEC_KEY="u8zCfnEyt5Imo/krN+sxA1DQXxLWtPJavU6T6gOVj1Y="
SSEC_KEY_MD5="jMGbs3GyZkYjJUP6q5jA7g=="
SSEC_KEY2="XkYVk4Z3vVDO2yJaUqCAEZX6lL10voMxtV06d8my/eU="
SSEC_KEY2_MD5="kedo2ab8J1MCjHwJuLTJHw=="
echo "🛠️ Test SSE-C with awscli (aws s3)"
echo "$SSEC_KEY" | base64 -d > /tmp/garage.ssec-key
for idx in {1,2}.rnd; do
aws s3 cp --sse-c AES256 --sse-c-key fileb:///tmp/garage.ssec-key \
@ -98,35 +95,6 @@ if [ -z "$SKIP_AWS" ]; then
diff "/tmp/garage.$idx" "/tmp/garage.$idx.dl.sse-c"
done
aws s3api delete-object --bucket eprouvette --key test-sse
echo "🛠️ Testing SSE-C encryption with awscli (aws s3api)"
# test multipart encrypted upload
UPLOAD=$(aws s3api create-multipart-upload --bucket eprouvette --key 'ssec-upload' \
--sse-customer-algorithm AES256 --sse-customer-key "$SSEC_KEY" --sse-customer-key-md5 "$SSEC_KEY_MD5" \
| jq -r ".UploadId")
echo "Encrypted upload ID: $UPLOAD"
ETAG1=$(aws s3api upload-part --bucket eprouvette --key 'ssec-upload' \
--part-number 1 --body "/tmp/garage.part1.rnd" --upload-id "$UPLOAD" \
--sse-customer-algorithm AES256 --sse-customer-key "$SSEC_KEY" --sse-customer-key-md5 "$SSEC_KEY_MD5" \
| jq -r ".ETag")
ETAG2=$(aws s3api upload-part --bucket eprouvette --key 'ssec-upload' \
--part-number 2 --body "/tmp/garage.part2.rnd" --upload-id "$UPLOAD" \
--sse-customer-algorithm AES256 --sse-customer-key "$SSEC_KEY" --sse-customer-key-md5 "$SSEC_KEY_MD5" \
| jq -r ".ETag")
MPU="{\"Parts\":[{\"PartNumber\":1,\"ETag\":$ETAG1}, {\"PartNumber\":2,\"ETag\":$ETAG2}]}"
echo $MPU > /tmp/garage.mpu.json
aws s3api complete-multipart-upload --multipart-upload file:///tmp/garage.mpu.json \
--bucket eprouvette --key 'ssec-upload' --upload-id "$UPLOAD"
if aws s3api get-object --bucket eprouvette --key 'ssec-upload' "/tmp/garage-sse-upload.out"; then
echo "Encrypted multipart upload could be read without encryption key"
exit 1
fi
aws s3api get-object --bucket eprouvette --key 'ssec-upload' /tmp/garage.mpu.get \
--sse-customer-algorithm AES256 --sse-customer-key "$SSEC_KEY" --sse-customer-key-md5 "$SSEC_KEY_MD5"
if [ "$(md5sum /tmp/garage.mpu.get | cut -d ' ' -f 1)" != "$(cat /tmp/garage.part{1,2}.rnd | md5sum | cut -d ' ' -f 1)" ]; then
echo "Encrypted multipart upload was trashed"
exit 1
fi
fi
# S3CMD