def test_bucket_encryption_wrong(self): from oss2.models import ServerSideEncryptionRule self.assertRaises(oss2.exceptions.NoSuchServerSideEncryptionRule, self.bucket.get_bucket_encryption) rule = ServerSideEncryptionRule() rule.sse_algorithm = oss2.SERVER_SIDE_ENCRYPTION_AES256 rule.kms_master_keyid = "test" self.assertRaises(oss2.exceptions.InvalidArgument, self.bucket.put_bucket_encryption, rule) rule.sse_algorithm = "random" rule.kms_master_keyid = "" self.assertRaises(oss2.exceptions.InvalidEncryptionAlgorithmError, self.bucket.put_bucket_encryption, rule) rule.sse_algorithm = oss2.SERVER_SIDE_ENCRYPTION_KMS rule.kms_master_keyid = "" result = self.bucket.put_bucket_encryption(rule) self.assertEqual(int(result.status) / 100, 2) rule.kms_master_keyid = None result = self.bucket.put_bucket_encryption(rule) self.assertEqual(int(result.status) / 100, 2) result = self.bucket.get_bucket_encryption() self.assertEqual(result.sse_algorithm, oss2.SERVER_SIDE_ENCRYPTION_KMS) self.assertTrue(result.kms_master_keyid is None) result = self.bucket.delete_bucket_encryption() rule.sse_algorithm = oss2.SERVER_SIDE_ENCRYPTION_KMS rule.kms_master_keyid = "test_wrong" result = self.bucket.put_bucket_encryption(rule) self.assertEqual(int(result.status) / 100, 2) result = self.bucket.get_bucket_encryption() self.assertEqual(result.sse_algorithm, oss2.SERVER_SIDE_ENCRYPTION_KMS) self.assertEqual(result.kms_master_keyid, "test_wrong") result = self.bucket.delete_bucket_encryption() self.assertEqual(int(result.status), 204)
def test_bucket_encryption(self): from oss2.models import ServerSideEncryptionRule rule = ServerSideEncryptionRule() # AES256 rule.sse_algorithm = oss2.SERVER_SIDE_ENCRYPTION_AES256 rule.kms_master_keyid = "" result = self.bucket.put_bucket_encryption(rule) self.assertEqual(int(result.status) / 100, 2) wait_meta_sync() result = self.bucket.get_bucket_info() self.assertEqual(result.bucket_encryption_rule.sse_algorithm, 'AES256') self.assertTrue(result.bucket_encryption_rule.kms_master_keyid is None) result = self.bucket.put_object("test", "test") self.assertEqual(int(result.status) / 100, 2) result = self.bucket.get_object("test") self.assertEqual(int(result.status) / 100, 2) self.assertEqual("test", result.read()) result = self.bucket.delete_bucket_encryption() self.assertEqual(int(result.status) / 100, 2) # KMS rule.sse_algorithm = oss2.SERVER_SIDE_ENCRYPTION_KMS rule.kms_master_keyid = "" result = self.bucket.put_bucket_encryption(rule) self.assertEqual(int(result.status) / 100, 2) wait_meta_sync() result = self.bucket.get_bucket_info() self.assertEqual(result.bucket_encryption_rule.sse_algorithm, 'KMS') self.assertTrue(result.bucket_encryption_rule.kms_master_keyid is None) result = self.bucket.delete_bucket_encryption() self.assertEqual(int(result.status) / 100, 2)
def test_put_bucket_encryption(self): auth = oss2.Auth(OSS_ID, OSS_SECRET) bucket_name = OSS_BUCKET + "-test-put-bucket-encryption" bucket = oss2.Bucket(auth, self.endpoint, bucket_name) bucket.create_bucket() # set SM4 rule = ServerSideEncryptionRule() rule.sse_algorithm = oss2.SERVER_SIDE_ENCRYPTION_SM4 bucket.put_bucket_encryption(rule) result = bucket.get_bucket_encryption() self.assertEqual(SERVER_SIDE_ENCRYPTION_SM4, result.sse_algorithm) self.assertIsNone(result.kms_master_keyid) self.assertIsNone(result.kms_data_encryption) bucket_info = bucket.get_bucket_info() rule = bucket_info.bucket_encryption_rule self.assertEqual(SERVER_SIDE_ENCRYPTION_SM4, rule.sse_algorithm) self.assertIsNone(result.kms_master_keyid) self.assertIsNone(result.kms_data_encryption) # set KMS and data SM4, and none kms_key_id. rule = ServerSideEncryptionRule() rule.sse_algorithm = SERVER_SIDE_ENCRYPTION_KMS rule.kms_data_encryption = KMS_DATA_ENCRYPTION_SM4 bucket.put_bucket_encryption(rule) result = bucket.get_bucket_encryption() self.assertEqual(SERVER_SIDE_ENCRYPTION_KMS, result.sse_algorithm) self.assertIsNone(result.kms_master_keyid) self.assertEqual(KMS_DATA_ENCRYPTION_SM4, result.kms_data_encryption) bucket_info = bucket.get_bucket_info() rule = bucket_info.bucket_encryption_rule self.assertEqual(SERVER_SIDE_ENCRYPTION_KMS, rule.sse_algorithm) self.assertIsNone(rule.kms_master_keyid) self.assertEqual(KMS_DATA_ENCRYPTION_SM4, rule.kms_data_encryption) # set KMS and SM4, and has kms key id rule = ServerSideEncryptionRule() rule.sse_algorithm = SERVER_SIDE_ENCRYPTION_KMS rule.kms_master_keyid = '123' rule.kms_data_encryption = KMS_DATA_ENCRYPTION_SM4 bucket.put_bucket_encryption(rule) result = bucket.get_bucket_encryption() self.assertEqual(SERVER_SIDE_ENCRYPTION_KMS, result.sse_algorithm) self.assertEqual('123', result.kms_master_keyid) self.assertEqual(KMS_DATA_ENCRYPTION_SM4, result.kms_data_encryption) bucket_info = bucket.get_bucket_info() rule = bucket_info.bucket_encryption_rule self.assertEqual(SERVER_SIDE_ENCRYPTION_KMS, rule.sse_algorithm) self.assertEqual('123', rule.kms_master_keyid) self.assertEqual(KMS_DATA_ENCRYPTION_SM4, rule.kms_data_encryption) # set AES256 and data encryption is not none rule = ServerSideEncryptionRule() rule.sse_algorithm = SERVER_SIDE_ENCRYPTION_AES256 rule.kms_data_encryption = KMS_DATA_ENCRYPTION_SM4 bucket.put_bucket_encryption(rule) result = bucket.get_bucket_encryption() self.assertEqual(SERVER_SIDE_ENCRYPTION_AES256, result.sse_algorithm) self.assertIsNone(result.kms_master_keyid) self.assertIsNone(result.kms_data_encryption) bucket_info = bucket.get_bucket_info() rule = bucket_info.bucket_encryption_rule self.assertEqual(SERVER_SIDE_ENCRYPTION_AES256, rule.sse_algorithm) self.assertIsNone(rule.kms_master_keyid) self.assertIsNone(rule.kms_data_encryption) # set SM4 and data encryption is not none rule = ServerSideEncryptionRule() rule.sse_algorithm = SERVER_SIDE_ENCRYPTION_SM4 rule.kms_data_encryption = KMS_DATA_ENCRYPTION_SM4 bucket.put_bucket_encryption(rule) result = bucket.get_bucket_encryption() self.assertEqual(SERVER_SIDE_ENCRYPTION_SM4, result.sse_algorithm) self.assertIsNone(result.kms_master_keyid) self.assertIsNone(result.kms_data_encryption) bucket_info = bucket.get_bucket_info() rule = bucket_info.bucket_encryption_rule self.assertEqual(SERVER_SIDE_ENCRYPTION_SM4, rule.sse_algorithm) self.assertIsNone(result.kms_master_keyid) self.assertIsNone(result.kms_data_encryption)