[sse-c] add encrypted multipart upload test

src/garage/tests/s3/ssec.rs

@@ -1,11 +1,14 @@
 use crate::common::{self, Context};
 use aws_sdk_s3::primitives::ByteStream;
+use aws_sdk_s3::types::{CompletedMultipartUpload, CompletedPart};
 
 const SSEC_KEY: &str = "u8zCfnEyt5Imo/krN+sxA1DQXxLWtPJavU6T6gOVj1Y=";
 const SSEC_KEY_MD5: &str = "jMGbs3GyZkYjJUP6q5jA7g==";
 const SSEC_KEY2: &str = "XkYVk4Z3vVDO2yJaUqCAEZX6lL10voMxtV06d8my/eU=";
 const SSEC_KEY2_MD5: &str = "kedo2ab8J1MCjHwJuLTJHw==";
 
+const SZ_2MB: usize = 2 * 1024 * 1024;
+
 #[tokio::test]
 async fn test_ssec_object() {
 	let ctx = common::context();
@@ -101,7 +104,8 @@ async fn test_ssec_object() {
 			SSEC_KEY2_MD5,
 			SSEC_KEY,
 			SSEC_KEY_MD5,
-		);
+		)
+		.await;
 
 		// Test copy from encrypted to encrypted
 		let r = ctx
@@ -130,7 +134,238 @@ async fn test_ssec_object() {
 			SSEC_KEY2_MD5,
 			SSEC_KEY,
 			SSEC_KEY_MD5,
-		);
+		)
+		.await;
+	}
+}
+
+#[tokio::test]
+async fn test_multipart_upload() {
+	let ctx = common::context();
+	let bucket = ctx.create_bucket("test-ssec-mpu");
+
+	let u1 = vec![0x11; SZ_2MB];
+	let u2 = vec![0x22; SZ_2MB];
+	let u3 = vec![0x33; SZ_2MB];
+	let all = [&u1[..], &u2[..], &u3[..]].concat();
+
+	// Test simple encrypted mpu
+	{
+		let up = ctx
+			.client
+			.create_multipart_upload()
+			.bucket(&bucket)
+			.key("a")
+			.sse_customer_algorithm("AES256")
+			.sse_customer_key(SSEC_KEY)
+			.sse_customer_key_md5(SSEC_KEY_MD5)
+			.send()
+			.await
+			.unwrap();
+		assert!(up.upload_id.is_some());
+		assert_eq!(up.sse_customer_algorithm, Some("AES256".into()));
+		assert_eq!(up.sse_customer_key_md5, Some(SSEC_KEY_MD5.into()));
+
+		let uid = up.upload_id.as_ref().unwrap();
+
+		let mut etags = vec![];
+		for (i, part) in vec![&u1, &u2, &u3].into_iter().enumerate() {
+			let pu = ctx
+				.client
+				.upload_part()
+				.bucket(&bucket)
+				.key("a")
+				.upload_id(uid)
+				.part_number((i + 1) as i32)
+				.sse_customer_algorithm("AES256")
+				.sse_customer_key(SSEC_KEY)
+				.sse_customer_key_md5(SSEC_KEY_MD5)
+				.body(ByteStream::from(part.to_vec()))
+				.send()
+				.await
+				.unwrap();
+			etags.push(pu.e_tag.unwrap());
+		}
+
+		let mut cmp = CompletedMultipartUpload::builder();
+		for (i, etag) in etags.into_iter().enumerate() {
+			cmp = cmp.parts(
+				CompletedPart::builder()
+					.part_number((i + 1) as i32)
+					.e_tag(etag)
+					.build(),
+			);
+		}
+
+		ctx.client
+			.complete_multipart_upload()
+			.bucket(&bucket)
+			.key("a")
+			.upload_id(uid)
+			.multipart_upload(cmp.build())
+			.send()
+			.await
+			.unwrap();
+
+		test_read_encrypted(
+			&ctx,
+			&bucket,
+			"a",
+			&all,
+			SSEC_KEY,
+			SSEC_KEY_MD5,
+			SSEC_KEY2,
+			SSEC_KEY2_MD5,
+		)
+		.await;
+	}
+
+	// Test upload part copy from first object
+	{
+		// (setup) Upload a single part object
+		ctx.client
+			.put_object()
+			.bucket(&bucket)
+			.key("b")
+			.body(ByteStream::from(u1.clone()))
+			.sse_customer_algorithm("AES256")
+			.sse_customer_key(SSEC_KEY2)
+			.sse_customer_key_md5(SSEC_KEY2_MD5)
+			.send()
+			.await
+			.unwrap();
+
+		let up = ctx
+			.client
+			.create_multipart_upload()
+			.bucket(&bucket)
+			.key("target")
+			.sse_customer_algorithm("AES256")
+			.sse_customer_key(SSEC_KEY2)
+			.sse_customer_key_md5(SSEC_KEY2_MD5)
+			.send()
+			.await
+			.unwrap();
+		let uid = up.upload_id.as_ref().unwrap();
+
+		let p1 = ctx
+			.client
+			.upload_part()
+			.bucket(&bucket)
+			.key("target")
+			.upload_id(uid)
+			.part_number(1)
+			.sse_customer_algorithm("AES256")
+			.sse_customer_key(SSEC_KEY2)
+			.sse_customer_key_md5(SSEC_KEY2_MD5)
+			.body(ByteStream::from(u3.clone()))
+			.send()
+			.await
+			.unwrap();
+
+		let p2 = ctx
+			.client
+			.upload_part_copy()
+			.bucket(&bucket)
+			.key("target")
+			.upload_id(uid)
+			.part_number(2)
+			.copy_source(format!("{}/a", bucket))
+			.copy_source_range("bytes=500-550000")
+			.copy_source_sse_customer_algorithm("AES256")
+			.copy_source_sse_customer_key(SSEC_KEY)
+			.copy_source_sse_customer_key_md5(SSEC_KEY_MD5)
+			.sse_customer_algorithm("AES256")
+			.sse_customer_key(SSEC_KEY2)
+			.sse_customer_key_md5(SSEC_KEY2_MD5)
+			.send()
+			.await
+			.unwrap();
+
+		let p3 = ctx
+			.client
+			.upload_part()
+			.bucket(&bucket)
+			.key("target")
+			.upload_id(uid)
+			.part_number(3)
+			.sse_customer_algorithm("AES256")
+			.sse_customer_key(SSEC_KEY2)
+			.sse_customer_key_md5(SSEC_KEY2_MD5)
+			.body(ByteStream::from(u2.clone()))
+			.send()
+			.await
+			.unwrap();
+
+		let p4 = ctx
+			.client
+			.upload_part_copy()
+			.bucket(&bucket)
+			.key("target")
+			.upload_id(uid)
+			.part_number(4)
+			.copy_source(format!("{}/b", bucket))
+			.copy_source_range("bytes=1500-20500")
+			.copy_source_sse_customer_algorithm("AES256")
+			.copy_source_sse_customer_key(SSEC_KEY2)
+			.copy_source_sse_customer_key_md5(SSEC_KEY2_MD5)
+			.sse_customer_algorithm("AES256")
+			.sse_customer_key(SSEC_KEY2)
+			.sse_customer_key_md5(SSEC_KEY2_MD5)
+			.send()
+			.await
+			.unwrap();
+
+		let cmp = CompletedMultipartUpload::builder()
+			.parts(
+				CompletedPart::builder()
+					.part_number(1)
+					.e_tag(p1.e_tag.unwrap())
+					.build(),
+			)
+			.parts(
+				CompletedPart::builder()
+					.part_number(2)
+					.e_tag(p2.copy_part_result.unwrap().e_tag.unwrap())
+					.build(),
+			)
+			.parts(
+				CompletedPart::builder()
+					.part_number(3)
+					.e_tag(p3.e_tag.unwrap())
+					.build(),
+			)
+			.parts(
+				CompletedPart::builder()
+					.part_number(4)
+					.e_tag(p4.copy_part_result.unwrap().e_tag.unwrap())
+					.build(),
+			)
+			.build();
+
+		ctx.client
+			.complete_multipart_upload()
+			.bucket(&bucket)
+			.key("target")
+			.upload_id(uid)
+			.multipart_upload(cmp)
+			.send()
+			.await
+			.unwrap();
+
+		// (check) Get object
+		let expected = [&u3[..], &all[500..550001], &u2[..], &u1[1500..20501]].concat();
+		test_read_encrypted(
+			&ctx,
+			&bucket,
+			"target",
+			&expected,
+			SSEC_KEY2,
+			SSEC_KEY2_MD5,
+			SSEC_KEY,
+			SSEC_KEY_MD5,
+		)
+		.await;
 	}
 }