fix: make sure to set the right sse-kms key (#4967)

2025-11-10 13:42:32 +03:00 · 2024-06-24 12:40:33 -07:00
parent dda9e96887
commit 3548007d5b
2 changed files with 45 additions and 8 deletions
--- a/cmd/encryption-methods_test.go
+++ b/cmd/encryption-methods_test.go
@@ -26,6 +26,8 @@ func TestParseEncryptionKeys(t *testing.T) {
 	baseAlias := "mintest"
 	basePrefix := "two/layer/prefix"
 	baseObject := "object_name"
+	sseKeyKMS := "my-default-key"
+	sseKeyKMSInvalid := "my@default@key"
 	sseKey := "MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTIzNDU2Nzg5MDA"
 	sseKeyPlain := "01234567890123456789012345678900"
 	sseHexKey := "3031323334353637383930313233343536373839303132333435363738393030"
@@ -52,6 +54,7 @@ func TestParseEncryptionKeys(t *testing.T) {
 			alias:         baseAlias,
 			prefix:        basePrefix,
 			object:        baseObject,
+			sseType:       sseC,
 			success:       true,
 		},
 		{
@@ -60,6 +63,7 @@ func TestParseEncryptionKeys(t *testing.T) {
 			alias:         baseAlias,
 			prefix:        basePrefix,
 			object:        baseObject,
+			sseType:       sseC,
 			success:       true,
 		},
 		{
@@ -68,6 +72,7 @@ func TestParseEncryptionKeys(t *testing.T) {
 			alias:         baseAlias + "=",
 			prefix:        basePrefix + "=",
 			object:        baseObject + "=",
+			sseType:       sseC,
 			success:       true,
 		},
 		{
@@ -76,6 +81,7 @@ func TestParseEncryptionKeys(t *testing.T) {
 			alias:         baseAlias + "/",
 			prefix:        basePrefix + "/",
 			object:        baseObject + "/",
+			sseType:       sseC,
 			success:       true,
 		},
 		{
@@ -84,6 +90,7 @@ func TestParseEncryptionKeys(t *testing.T) {
 			alias:         baseAlias,
 			prefix:        basePrefix,
 			object:        baseObject + "=",
+			sseType:       sseC,
 			success:       true,
 		},
 		{
@@ -92,36 +99,67 @@ func TestParseEncryptionKeys(t *testing.T) {
 			alias:         baseAlias,
 			prefix:        basePrefix,
 			object:        baseObject + "!@_==_$^&*",
+			sseType:       sseC,
 			success:       true,
 		},
 		{
 			encryptionKey: fmt.Sprintf("%s/%s/%s=%sXXXXX", baseAlias, basePrefix, baseObject, sseKey),
+			sseType:       sseC,
 			success:       false,
 		},
 		{
 			encryptionKey: fmt.Sprintf("%s/%s/%s=%s", baseAlias, basePrefix, baseObject, sseKeyInvalidShort),
+			sseType:       sseC,
 			success:       false,
 		},
 		{
 			encryptionKey: fmt.Sprintf("%s/%s/%s=%s", baseAlias, basePrefix, baseObject, sseKeyInvalidSymbols),
+			sseType:       sseC,
 			success:       false,
 		},
 		{
 			encryptionKey: fmt.Sprintf("%s/%s/%s=%s", baseAlias, basePrefix, baseObject, sseKeyInvalidSpaces),
+			sseType:       sseC,
 			success:       false,
 		},
 		{
 			encryptionKey: fmt.Sprintf("%s/%s/%s=%s", baseAlias, basePrefix, baseObject, sseKeyInvalidPrefixSpace),
+			sseType:       sseC,
 			success:       false,
 		},
 		{
 			encryptionKey: fmt.Sprintf("%s/%s/%s==%s", baseAlias, basePrefix, baseObject, sseKeyInvalidOneShort),
+			sseType:       sseC,
 			success:       false,
 		},
+		// sse-type KMS
+		{
+			encryptionKey: fmt.Sprintf("%s/%s/%s=%s", baseAlias, basePrefix, baseObject, sseKeyKMS),
+			keyPlain:      sseKeyKMS,
+			alias:         baseAlias,
+			prefix:        basePrefix,
+			object:        baseObject,
+			sseType:       sseKMS,
+			success:       true,
+		},
+		{
+			encryptionKey: fmt.Sprintf("%s/%s/%s=%s", baseAlias, basePrefix, baseObject, sseKeyKMSInvalid),
+			sseType:       sseKMS,
+			success:       false,
+		},
+		// sse-type S3
+		{
+			encryptionKey: fmt.Sprintf("%s/%s/%s", baseAlias, basePrefix, baseObject),
+			alias:         baseAlias,
+			prefix:        basePrefix,
+			object:        baseObject,
+			sseType:       sseS3,
+			success:       true,
+		},
 	}

 	for i, tc := range testCases {
-		alias, prefix, key, err := parseSSEKey(tc.encryptionKey, sseC)
+		alias, prefix, key, err := parseSSEKey(tc.encryptionKey, tc.sseType)
 		if tc.success {
 			if err != nil {
 				t.Fatalf("Test %d: Expected success, got %s", i+1, err)