[GitHub] [nifi] natural commented on a change in pull request #3574: NIFI-4256 Adds AWS Encryption Controller Service

GitBox Tue, 06 Aug 2019 17:15:05 -0700

natural commented on a change in pull request #3574: NIFI-4256 Adds AWS 
Encryption Controller Service
URL: https://github.com/apache/nifi/pull/3574#discussion_r311324903


 ##########
 File path: 
nifi-nar-bundles/nifi-aws-bundle/nifi-aws-processors/src/test/java/org/apache/nifi/processors/aws/s3/ITPutS3Object.java
 ##########
 @@ -889,6 +924,144 @@ public void testObjectTags() throws IOException, 
InterruptedException {
         Assert.assertEquals("true", objectTags.get(0).getValue());
     }
 
+    @Test
+    public void 
testEncryptionServiceWithServerSideS3ManagedEncryptionStrategy() throws 
IOException, InitializationException {
+        TestRunner runner = 
createPutEncryptionTestRunner(S3EncryptionService.STRATEGY_NAME_SSE_S3, "");
+
+        Map<String, String> attrs = new HashMap<>();
+        attrs.put("filename", "test.txt");
+        runner.enqueue(getResourcePath(SAMPLE_FILE_RESOURCE_NAME), attrs);
+        runner.assertValid();
+        runner.run();
+        runner.assertAllFlowFilesTransferred(PutS3Object.REL_SUCCESS);
+
+        Assert.assertEquals(1, 
runner.getFlowFilesForRelationship(PutS3Object.REL_SUCCESS).size());
+        Assert.assertEquals(0, 
runner.getFlowFilesForRelationship(PutS3Object.REL_FAILURE).size());
+
+        MockFlowFile flowFile = fetchEncryptedFlowFile(attrs, 
S3EncryptionService.STRATEGY_NAME_SSE_S3, "");
+        
flowFile.assertContentEquals(getFileFromResourceName(SAMPLE_FILE_RESOURCE_NAME));
+        flowFile.assertAttributeEquals(PutS3Object.S3_SSE_ALGORITHM, 
ObjectMetadata.AES_256_SERVER_SIDE_ENCRYPTION);
+    }
+
+    @Test
+    public void testEncryptionServiceWithServerSideKMSEncryptionStrategy() 
throws IOException, InitializationException {
+        TestRunner runner = 
createPutEncryptionTestRunner(S3EncryptionService.STRATEGY_NAME_SSE_KMS, 
kmsKeyId);
+
+        final Map<String, String> attrs = new HashMap<>();
+        attrs.put("filename", "test.txt");
+        runner.enqueue(getResourcePath(SAMPLE_FILE_RESOURCE_NAME), attrs);
+        runner.assertValid();
+        runner.run();
+        runner.assertAllFlowFilesTransferred(PutS3Object.REL_SUCCESS);
+
+        Assert.assertEquals(1, 
runner.getFlowFilesForRelationship(PutS3Object.REL_SUCCESS).size());
+        Assert.assertEquals(0, 
runner.getFlowFilesForRelationship(PutS3Object.REL_FAILURE).size());
+
+        MockFlowFile flowFile = fetchEncryptedFlowFile(attrs, 
S3EncryptionService.STRATEGY_NAME_SSE_KMS, kmsKeyId);
+        
flowFile.assertContentEquals(getFileFromResourceName(SAMPLE_FILE_RESOURCE_NAME));
+        flowFile.assertAttributeEquals(PutS3Object.S3_SSE_ALGORITHM, 
"aws:kms");
+    }
+
+    @Test
+    public void testEncryptionServiceWithServerSideCPEKEncryptionStrategy() 
throws IOException, InitializationException {
+        TestRunner runner = 
createPutEncryptionTestRunner(S3EncryptionService.STRATEGY_NAME_SSE_C, 
randomKeyMaterial);
+
+        final Map<String, String> attrs = new HashMap<>();
+        attrs.put("filename", "test.txt");
+        runner.enqueue(getResourcePath(SAMPLE_FILE_RESOURCE_NAME), attrs);
+        runner.assertValid();
+        runner.run();
+        runner.assertAllFlowFilesTransferred(PutS3Object.REL_SUCCESS);
+
+        Assert.assertEquals(1, 
runner.getFlowFilesForRelationship(PutS3Object.REL_SUCCESS).size());
+        Assert.assertEquals(0, 
runner.getFlowFilesForRelationship(PutS3Object.REL_FAILURE).size());
+
+        MockFlowFile flowFile = fetchEncryptedFlowFile(attrs, 
S3EncryptionService.STRATEGY_NAME_SSE_C, randomKeyMaterial);
+        
flowFile.assertContentEquals(getFileFromResourceName(SAMPLE_FILE_RESOURCE_NAME));
+        // successful fetch does not indicate type of original encryption:
+        flowFile.assertAttributeEquals(PutS3Object.S3_SSE_ALGORITHM, null);
+    }
+
+    @Test
+    public void testEncryptionServiceWithClientSideKMSEncryptionStrategy() 
throws InitializationException, IOException {
+        TestRunner runner = 
createPutEncryptionTestRunner(S3EncryptionService.STRATEGY_NAME_CSE_KMS, 
kmsKeyId);
+
+        final Map<String, String> attrs = new HashMap<>();
+        attrs.put("filename", "test.txt");
+        runner.enqueue(getResourcePath(SAMPLE_FILE_RESOURCE_NAME), attrs);
+        runner.assertValid();
+        runner.run();
+        runner.assertAllFlowFilesTransferred(PutS3Object.REL_SUCCESS);
+
+        Assert.assertEquals(1, 
runner.getFlowFilesForRelationship(PutS3Object.REL_SUCCESS).size());
+        Assert.assertEquals(0, 
runner.getFlowFilesForRelationship(PutS3Object.REL_FAILURE).size());
+
+        MockFlowFile flowFile = fetchEncryptedFlowFile(attrs, 
S3EncryptionService.STRATEGY_NAME_CSE_KMS, kmsKeyId);
+        
flowFile.assertContentEquals(getFileFromResourceName(SAMPLE_FILE_RESOURCE_NAME));
+        flowFile.assertAttributeEquals("x-amz-wrap-alg", "kms");
 
 Review comment:
   Done here and also in the put FF.

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
[email protected]


With regards,
Apache Git Services

[GitHub] [nifi] natural commented on a change in pull request #3574: NIFI-4256 Adds AWS Encryption Controller Service

Reply via email to