cloudserver/tests/unit/api/bucketDeleteEncryption.js at a7ce187499da2bf5c2f7d0979068fb659a53a1ff · scality/cloudserver · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
const assert = require('assert');

const { bucketPut } = require('../../../lib/api/bucketPut');
const bucketPutEncryption = require('../../../lib/api/bucketPutEncryption');
const bucketDeleteEncryption = require('../../../lib/api/bucketDeleteEncryption');
const { cleanup, DummyRequestLogger, makeAuthInfo } = require('../helpers');
const { templateSSEConfig, templateRequest, getSSEConfig } = require('../utils/bucketEncryption');
const log = new DummyRequestLogger();
const authInfo = makeAuthInfo('accessKey1');
const bucketName = 'bucketname';

const bucketPutRequest = {
    bucketName,
    headers: { host: `${bucketName}.s3.amazonaws.com` },
    url: '/',
    actionImplicitDenies: false,
};
describe('bucketDeleteEncryption API', () => {
    before(() => cleanup());

    beforeEach(done => bucketPut(authInfo, bucketPutRequest, log, done));
    afterEach(() => cleanup());

    it('should perform a no-op if no sse config exists', done => {
        bucketDeleteEncryption(authInfo, templateRequest(bucketName, {}), log, err => {
            assert.ifError(err);
            return getSSEConfig(bucketName, log, (err, sseInfo) => {
                assert.ifError(err);
                assert.strictEqual(sseInfo, null);
                done();
            });
        });
    });

    ['AES256', 'aws:kms'].forEach(algorithm =>
        it(`should disable mandatory sse for ${algorithm}`, done => {
            const post = templateSSEConfig({ algorithm });
            bucketPutEncryption(authInfo, templateRequest(bucketName, { post }), log, err => {
                assert.ifError(err);
                bucketDeleteEncryption(authInfo, templateRequest(bucketName, {}), log, err => {
                    assert.ifError(err);
                    return getSSEConfig(bucketName, log, (err, sseInfo) => {
                        assert.ifError(err);
                        assert.strictEqual(sseInfo.mandatory, false);
                        done();
                    });
                });
            });
        }));

    it('should disable mandatory sse and clear key for aws:kms with a configured master key id', done => {
        const post = templateSSEConfig({ algorithm: 'aws:kms', keyId: '12345' });
        bucketPutEncryption(authInfo, templateRequest(bucketName, { post }), log, err => {
            assert.ifError(err);
            bucketDeleteEncryption(authInfo, templateRequest(bucketName, {}), log, err => {
                assert.ifError(err);
                return getSSEConfig(bucketName, log, (err, sseInfo) => {
                    assert.ifError(err);
                    assert.strictEqual(sseInfo.mandatory, false);
                    assert.strictEqual(sseInfo.configuredMasterKeyId, undefined);
                    done();
                });
            });
        });
    });
});