blob: e8a28200585639b4344ff9730b3dc65527463659 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
|
#!/bin/bash
# End-to-end S3 KMS integration tests
set -e
SEAWEEDFS_S3_ENDPOINT=${SEAWEEDFS_S3_ENDPOINT:-"http://127.0.0.1:8333"}
ACCESS_KEY=${ACCESS_KEY:-"any"}
SECRET_KEY=${SECRET_KEY:-"any"}
echo "๐งช Running S3 KMS Integration Tests"
echo "S3 Endpoint: $SEAWEEDFS_S3_ENDPOINT"
# Test file content
TEST_CONTENT="Hello, SeaweedFS KMS Integration! This is test data that should be encrypted."
TEST_FILE="/tmp/seaweedfs-kms-test.txt"
DOWNLOAD_FILE="/tmp/seaweedfs-kms-download.txt"
# Create test file
echo "$TEST_CONTENT" > "$TEST_FILE"
# AWS CLI configuration
export AWS_ACCESS_KEY_ID="$ACCESS_KEY"
export AWS_SECRET_ACCESS_KEY="$SECRET_KEY"
export AWS_DEFAULT_REGION="us-east-1"
echo "๐ Creating test buckets..."
# Create test buckets
BUCKETS=("test-openbao" "test-vault" "test-local" "secure-data")
for bucket in "${BUCKETS[@]}"; do
echo " Creating bucket: $bucket"
aws s3 mb "s3://$bucket" --endpoint-url "$SEAWEEDFS_S3_ENDPOINT" || {
echo " โ ๏ธ Bucket $bucket might already exist"
}
done
echo "๐ Setting up bucket encryption..."
# Test 1: OpenBao KMS Encryption
echo " Setting OpenBao encryption for test-openbao bucket..."
cat > /tmp/openbao-encryption.json << EOF
{
"Rules": [
{
"ApplyServerSideEncryptionByDefault": {
"SSEAlgorithm": "aws:kms",
"KMSMasterKeyID": "test-key-1"
},
"BucketKeyEnabled": false
}
]
}
EOF
aws s3api put-bucket-encryption \
--endpoint-url "$SEAWEEDFS_S3_ENDPOINT" \
--bucket test-openbao \
--server-side-encryption-configuration file:///tmp/openbao-encryption.json || {
echo " โ ๏ธ Failed to set bucket encryption for test-openbao"
}
# Test 2: Verify bucket encryption
echo " Verifying bucket encryption configuration..."
aws s3api get-bucket-encryption \
--endpoint-url "$SEAWEEDFS_S3_ENDPOINT" \
--bucket test-openbao | jq '.' || {
echo " โ ๏ธ Failed to get bucket encryption for test-openbao"
}
echo "โฌ๏ธ Testing object uploads with KMS encryption..."
# Test 3: Upload objects with default bucket encryption
echo " Uploading object with default bucket encryption..."
aws s3 cp "$TEST_FILE" "s3://test-openbao/encrypted-object-1.txt" \
--endpoint-url "$SEAWEEDFS_S3_ENDPOINT"
# Test 4: Upload object with explicit SSE-KMS
echo " Uploading object with explicit SSE-KMS headers..."
aws s3 cp "$TEST_FILE" "s3://test-openbao/encrypted-object-2.txt" \
--endpoint-url "$SEAWEEDFS_S3_ENDPOINT" \
--sse aws:kms \
--sse-kms-key-id "test-key-2"
# Test 5: Upload to unencrypted bucket
echo " Uploading object to unencrypted bucket..."
aws s3 cp "$TEST_FILE" "s3://test-local/unencrypted-object.txt" \
--endpoint-url "$SEAWEEDFS_S3_ENDPOINT"
echo "โฌ๏ธ Testing object downloads and decryption..."
# Test 6: Download encrypted objects
echo " Downloading encrypted object 1..."
aws s3 cp "s3://test-openbao/encrypted-object-1.txt" "$DOWNLOAD_FILE" \
--endpoint-url "$SEAWEEDFS_S3_ENDPOINT"
# Verify content
if cmp -s "$TEST_FILE" "$DOWNLOAD_FILE"; then
echo " โ
Encrypted object 1 downloaded and decrypted successfully"
else
echo " โ Encrypted object 1 content mismatch"
exit 1
fi
echo " Downloading encrypted object 2..."
aws s3 cp "s3://test-openbao/encrypted-object-2.txt" "$DOWNLOAD_FILE" \
--endpoint-url "$SEAWEEDFS_S3_ENDPOINT"
# Verify content
if cmp -s "$TEST_FILE" "$DOWNLOAD_FILE"; then
echo " โ
Encrypted object 2 downloaded and decrypted successfully"
else
echo " โ Encrypted object 2 content mismatch"
exit 1
fi
echo "๐ Testing object metadata..."
# Test 7: Check encryption metadata
echo " Checking encryption metadata..."
METADATA=$(aws s3api head-object \
--endpoint-url "$SEAWEEDFS_S3_ENDPOINT" \
--bucket test-openbao \
--key encrypted-object-1.txt)
echo "$METADATA" | jq '.'
# Verify SSE headers are present
if echo "$METADATA" | grep -q "ServerSideEncryption"; then
echo " โ
SSE metadata found in object headers"
else
echo " โ ๏ธ No SSE metadata found (might be internal only)"
fi
echo "๐ Testing list operations..."
# Test 8: List objects
echo " Listing objects in encrypted bucket..."
aws s3 ls "s3://test-openbao/" --endpoint-url "$SEAWEEDFS_S3_ENDPOINT"
echo "๐ Testing multipart uploads with encryption..."
# Test 9: Multipart upload with encryption
LARGE_FILE="/tmp/large-test-file.txt"
echo " Creating large test file..."
for i in {1..1000}; do
echo "Line $i: $TEST_CONTENT" >> "$LARGE_FILE"
done
echo " Uploading large file with multipart and SSE-KMS..."
aws s3 cp "$LARGE_FILE" "s3://test-openbao/large-encrypted-file.txt" \
--endpoint-url "$SEAWEEDFS_S3_ENDPOINT" \
--sse aws:kms \
--sse-kms-key-id "multipart-key"
# Download and verify
echo " Downloading and verifying large encrypted file..."
DOWNLOAD_LARGE_FILE="/tmp/downloaded-large-file.txt"
aws s3 cp "s3://test-openbao/large-encrypted-file.txt" "$DOWNLOAD_LARGE_FILE" \
--endpoint-url "$SEAWEEDFS_S3_ENDPOINT"
if cmp -s "$LARGE_FILE" "$DOWNLOAD_LARGE_FILE"; then
echo " โ
Large encrypted file uploaded and downloaded successfully"
else
echo " โ Large encrypted file content mismatch"
exit 1
fi
echo "๐งน Cleaning up test files..."
rm -f "$TEST_FILE" "$DOWNLOAD_FILE" "$LARGE_FILE" "$DOWNLOAD_LARGE_FILE" /tmp/*-encryption.json
echo "๐ Running performance test..."
# Test 10: Performance test
PERF_FILE="/tmp/perf-test.txt"
for i in {1..100}; do
echo "Performance test line $i: $TEST_CONTENT" >> "$PERF_FILE"
done
echo " Testing upload/download performance with encryption..."
start_time=$(date +%s)
aws s3 cp "$PERF_FILE" "s3://test-openbao/perf-test.txt" \
--endpoint-url "$SEAWEEDFS_S3_ENDPOINT" \
--sse aws:kms \
--sse-kms-key-id "performance-key"
aws s3 cp "s3://test-openbao/perf-test.txt" "/tmp/perf-download.txt" \
--endpoint-url "$SEAWEEDFS_S3_ENDPOINT"
end_time=$(date +%s)
duration=$((end_time - start_time))
echo " โฑ๏ธ Performance test completed in ${duration} seconds"
rm -f "$PERF_FILE" "/tmp/perf-download.txt"
echo ""
echo "๐ S3 KMS Integration Tests Summary:"
echo " โ
Bucket creation and encryption configuration"
echo " โ
Default bucket encryption"
echo " โ
Explicit SSE-KMS encryption"
echo " โ
Object upload and download"
echo " โ
Encryption/decryption verification"
echo " โ
Metadata handling"
echo " โ
Multipart upload with encryption"
echo " โ
Performance test"
echo ""
echo "๐ All S3 KMS integration tests passed successfully!"
echo ""
# Optional: Show bucket sizes and object counts
echo "๐ Final Statistics:"
for bucket in "${BUCKETS[@]}"; do
COUNT=$(aws s3 ls "s3://$bucket/" --endpoint-url "$SEAWEEDFS_S3_ENDPOINT" | wc -l)
echo " Bucket $bucket: $COUNT objects"
done
|
