[#217] Consider Copy-Source-SSE-* headers during copy

Signed-off-by: Marina Biryukova <m.biryukova@yadro.com>
2023-10-19 17:22:26 +03:00 · 2023-10-19 17:22:26 +03:00 · fe796ba538
commit fe796ba538
parent 5ee73fad6a
15 changed files with 355 additions and 55 deletions
--- a/api/handler/multipart_upload_test.go
+++ b/api/handler/multipart_upload_test.go
@ -2,6 +2,8 @@ package handler

 import (
 	"crypto/md5"
+	"crypto/tls"
+	"encoding/base64"
 	"encoding/hex"
 	"encoding/xml"
 	"fmt"
@ -13,6 +15,7 @@ import (
 	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api"
 	s3Errors "git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/errors"
 	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/layer"
+	"git.frostfs.info/TrueCloudLab/frostfs-s3-gw/api/layer/encryption"
 	"github.com/stretchr/testify/require"
 )

@ -183,6 +186,51 @@ func TestMultipartUploadSize(t *testing.T) {
 		uploadPartCopy(hc, bktName, objName2, uploadInfo.UploadID, 1, sourceCopy, 0, 0)
 		uploadPartCopy(hc, bktName, objName2, uploadInfo.UploadID, 2, sourceCopy, 0, partSize)
 	})
+
+	t.Run("check correct size when copy part from encrypted source", func(t *testing.T) {
+		newBucket, newObjName := "new-bucket", "new-object-multipart"
+		bktInfo := createTestBucket(hc, newBucket)
+
+		srcObjName := "source-object"
+		key := []byte("firstencriptionkeyofsourceobject")
+		keyMd5 := md5.Sum(key)
+		srcEnc, err := encryption.NewParams(key)
+		require.NoError(t, err)
+		srcObjInfo := createTestObject(hc, bktInfo, srcObjName, *srcEnc)
+
+		multipartInfo := createMultipartUpload(hc, newBucket, newObjName, headers)
+
+		sourceCopy := newBucket + "/" + srcObjName
+
+		query := make(url.Values)
+		query.Set(uploadIDQuery, multipartInfo.UploadID)
+		query.Set(partNumberQuery, "1")
+
+		// empty copy-source-sse headers
+		w, r := prepareTestRequestWithQuery(hc, newBucket, newObjName, query, nil)
+		r.TLS = &tls.ConnectionState{}
+		r.Header.Set(api.AmzCopySource, sourceCopy)
+		hc.Handler().UploadPartCopy(w, r)
+
+		assertStatus(t, w, http.StatusBadRequest)
+
+		// success copy
+		w, r = prepareTestRequestWithQuery(hc, newBucket, newObjName, query, nil)
+		r.TLS = &tls.ConnectionState{}
+		r.Header.Set(api.AmzCopySource, sourceCopy)
+		r.Header.Set(api.AmzCopySourceServerSideEncryptionCustomerAlgorithm, layer.AESEncryptionAlgorithm)
+		r.Header.Set(api.AmzCopySourceServerSideEncryptionCustomerKey, base64.StdEncoding.EncodeToString(key))
+		r.Header.Set(api.AmzCopySourceServerSideEncryptionCustomerKeyMD5, base64.StdEncoding.EncodeToString(keyMd5[:]))
+		hc.Handler().UploadPartCopy(w, r)
+
+		uploadPartCopyResponse := &UploadPartCopyResponse{}
+		readResponse(hc.t, w, http.StatusOK, uploadPartCopyResponse)
+
+		completeMultipartUpload(hc, newBucket, newObjName, multipartInfo.UploadID, []string{uploadPartCopyResponse.ETag})
+		attr := getObjectAttributes(hc, newBucket, newObjName, objectParts)
+		require.Equal(t, 1, attr.ObjectParts.PartsCount)
+		require.Equal(t, srcObjInfo.Headers[layer.AttributeDecryptedSize], strconv.Itoa(attr.ObjectParts.Parts[0].Size))
+	})
 }

 func TestListParts(t *testing.T) {