forked from googleapis/google-cloud-ruby
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathbucket_encryption_test.rb
More file actions
155 lines (119 loc) · 6.01 KB
/
bucket_encryption_test.rb
File metadata and controls
155 lines (119 loc) · 6.01 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
# Copyright 2018 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
require "helper"
describe Google::Cloud::Storage::Bucket, :encryption, :mock_storage do
let(:bucket_name) { "new-bucket-#{Time.now.to_i}" }
let(:bucket_hash) { random_bucket_hash name: bucket_name }
let(:bucket_json) { bucket_hash.to_json }
let(:bucket_gapi) { Google::Apis::StorageV1::Bucket.from_json bucket_json }
let(:bucket) { Google::Cloud::Storage::Bucket.from_gapi bucket_gapi, storage.service }
describe "customer-supplied encryption key (CSEK)" do
let(:encryption_key) { "y\x03\"\x0E\xB6\xD3\x9B\x0E\xAB*\x19\xFAv\xDEY\xBEI\xF8ftA|[z\x1A\xFBE\xDE\x97&\xBC\xC7" }
let(:encryption_key_sha256) { "5\x04_\xDF\x1D\x8A_d\xFEK\e6p[XZz\x13s]E\xF6\xBB\x10aQH\xF6o\x14f\xF9" }
let(:key_options) do { header: {
"x-goog-encryption-algorithm" => "AES256",
"x-goog-encryption-key" => Base64.strict_encode64(encryption_key),
"x-goog-encryption-key-sha256" => Base64.strict_encode64(encryption_key_sha256)
} }
end
it "creates a file with customer-supplied encryption key" do
new_file_name = random_file_path
Tempfile.open ["google-cloud", ".txt"] do |tmpfile|
tmpfile.write "Hello world"
tmpfile.rewind
mock = Minitest::Mock.new
mock.expect :insert_object, create_file_gapi(bucket.name, new_file_name),
[bucket.name, empty_file_gapi], **insert_object_args(name: new_file_name, upload_source: tmpfile, options: key_options.merge(retries: 0))
bucket.service.mocked_service = mock
bucket.create_file tmpfile, new_file_name, encryption_key: encryption_key
mock.verify
end
end
it "finds a file with customer-supplied encryption key" do
file_name = "file.ext"
mock = Minitest::Mock.new
mock.expect :get_object, find_file_gapi(bucket.name, file_name),
[bucket.name, file_name], **get_object_args(options: key_options)
bucket.service.mocked_service = mock
file = bucket.file file_name, encryption_key: encryption_key
mock.verify
_(file.name).must_equal file_name
_(file.user_project).must_be :nil?
_(file).wont_be :lazy?
end
end
describe "KMS customer-managed encryption key (CMEK)" do
let(:kms_key) { "path/to/encryption_key_name" }
it "gets and sets its encryption config" do
mock = Minitest::Mock.new
patch_bucket_gapi = Google::Apis::StorageV1::Bucket.new encryption: encryption_gapi(kms_key)
mock.expect :patch_bucket, patch_bucket_gapi, [bucket_name, patch_bucket_gapi], **patch_bucket_args(options: {retries: 0})
bucket.service.mocked_service = mock
_(bucket.default_kms_key).must_be :nil?
bucket.default_kms_key = kms_key
_(bucket.default_kms_key).wont_be :nil?
_(bucket.default_kms_key).must_be_kind_of String
_(bucket.default_kms_key).must_equal kms_key
end
it "sets its encryption config to nil" do
bucket_gapi_with_key = bucket_gapi.dup
bucket_gapi_with_key.encryption = encryption_gapi(kms_key)
bucket_with_key = Google::Cloud::Storage::Bucket.from_gapi bucket_gapi_with_key, storage.service
patch_bucket_gapi = Google::Apis::StorageV1::Bucket.new encryption: encryption_gapi(nil)
mock = Minitest::Mock.new
mock.expect :patch_bucket, bucket_gapi, [bucket_name, patch_bucket_gapi], **patch_bucket_args(options: {retries: 0})
bucket_with_key.service.mocked_service = mock
_(bucket_with_key.default_kms_key).wont_be :nil?
bucket_with_key.default_kms_key = nil
_(bucket_with_key.default_kms_key).must_be :nil?
end
it "creates a file with the kms_key option" do
new_file_name = random_file_path
Tempfile.open ["google-cloud", ".txt"] do |tmpfile|
tmpfile.write "Hello world"
tmpfile.rewind
mock = Minitest::Mock.new
mock.expect :insert_object, create_file_gapi(bucket.name, new_file_name),
[bucket.name, empty_file_gapi], **insert_object_args(name: new_file_name, upload_source: tmpfile, kms_key_name: kms_key, options: {retries: 0})
bucket.service.mocked_service = mock
bucket.create_file tmpfile, new_file_name, kms_key: kms_key
mock.verify
end
end
end
def create_file_gapi bucket=nil, name = nil
Google::Apis::StorageV1::Object.from_json random_file_hash(bucket, name).to_json
end
def empty_file_gapi cache_control: nil, content_disposition: nil,
content_encoding: nil, content_language: nil,
content_type: nil, crc32c: nil, md5: nil, metadata: nil,
storage_class: nil, checksum: nil
# Set crc32c if both md5 and crc32c are not provided
crc32c ||= set_crc32c_as_default md5, crc32c, checksum
params = {
cache_control: cache_control, content_type: content_type,
content_disposition: content_disposition, md5_hash: md5,
content_encoding: content_encoding, crc32c: crc32c,
content_language: content_language, metadata: metadata,
storage_class: storage_class }.delete_if { |_k, v| v.nil? }
Google::Apis::StorageV1::Object.new(**params)
end
def find_file_gapi bucket=nil, name = nil
Google::Apis::StorageV1::Object.from_json random_file_hash(bucket, name).to_json
end
def list_files_gapi count = 2, token = nil, prefixes = nil
files = count.times.map { Google::Apis::StorageV1::Object.from_json random_file_hash.to_json }
Google::Apis::StorageV1::Objects.new kind: "storage#objects", items: files, next_page_token: token, prefixes: prefixes
end
end