Added integration tests for Aws::S3::Encryption::Client.

amazon-archives · Dec 16, 2014 · a056f35 · a056f35 · sariyamelody · Dec 17, 2014
1 parent 5b58955
commit a056f35
Show file tree

Hide file tree

Showing 2 changed files with 66 additions and 0 deletions.
diff --git a/aws-sdk-resources/features/s3/client_side_encryption.feature b/aws-sdk-resources/features/s3/client_side_encryption.feature
@@ -0,0 +1,21 @@
+# language: en
+@s3 @client-side-encryption
+Feature: S3 Objects
+
+ Background:
+    Given I create a bucket
+
+  Scenario: Encrypting client-side with GET and PUT
+    Given I have an encryption client
+    When I perform an encrypted PUT of the value "secret"
+    And I GET the object with a non-encyrption client
+    Then the object data should be encrypted
+    When I GET the object with an encryption client
+    Then the object data should be "secret"
+
+  Scenario: Using instruction file for storing the encryption envelope
+    Given I have an encryption client configured for :instruction_file
+    When I perform an encrypted PUT of the value "secret"
+    Then the instruction file should exist
+    When I GET the object with an encryption client
+    Then the object data should be "secret"
diff --git a/aws-sdk-resources/features/s3/step_definitions.rb b/aws-sdk-resources/features/s3/step_definitions.rb
@@ -1,3 +1,5 @@
+require 'base64'
+
 Before("@s3") do
   @s3 = Aws::S3::Resource.new
   @created_buckets = []
@@ -37,3 +39,46 @@
 Then(/^the file should have been uploaded as a multipart upload$/) do
   expect(ApiCallTracker.called_operations).to include('create_multipart_upload')
 end
+
+Given(/^I have an encryption client$/) do
+  @cse = Aws::S3::Encryption::Client.new({
+    client: @s3.client,
+    encryption_key: Base64.decode64("w1WLio3agRWRTSJK/Ouh8NHoqRQ6fn5WbSXDTHjXMSo="),
+  })
+end
+
+Given(/^I have an encryption client configured for :instruction_file$/) do
+  @cse = Aws::S3::Encryption::Client.new({
+    client: @s3.client,
+    encryption_key: Base64.decode64("w1WLio3agRWRTSJK/Ouh8NHoqRQ6fn5WbSXDTHjXMSo="),
+    envelope_location: :instruction_file,
+  })
+end
+
+When(/^I perform an encrypted PUT of the value "(.*?)"$/) do |value|
+  @key = 'encrypted'
+  @plain_text = value
+  @cse.put_object(bucket: @bucket_name, key: @key, body: @plain_text)
+end
+
+When(/^I GET the object with a non\-encyrption client$/) do
+  @cipher_text = @s3.client.get_object(bucket: @bucket_name, key: @key).body.read
+end
+
+Then(/^the object data should be encrypted$/) do
+  expect(@cipher_text).not_to eq(@plaint_text)
+end
+
+When(/^I GET the object with an encryption client$/) do
+  @plain_text = @cse.get_object(bucket: @bucket_name, key: @key).body.read
+end
+
+Then(/^the object data should be "(.*?)"$/) do |value|
+  expect(@plain_text).to eq(value)
+end
+
+Then(/^the instruction file should exist$/) do
+  expect {
+    @s3.client.head_object(bucket: @bucket_name, key: @key + '.instruction')
+  }.not_to raise_error
+end