Enforce SSE/StorageClass in PUT Object Copy

"RenameFile" is implemented in S3 using `PUT Object Copy`, which should enforce SSE/StorageClass same way as regular `PUT Object`. Fixes: #647
2026-01-11 03:11:50 +00:00 · 2017-09-28 18:30:50 +03:00
parent 9a767b7631
commit 2d66a4ca0a
7 changed files with 96 additions and 0 deletions
--- a/s3/public.go
+++ b/s3/public.go
@@ -370,6 +370,13 @@ func (storage *PublishedStorage) RenameFile(oldName, newName string) error {
 		ACL:        aws.String(storage.acl),
 	}

+	if storage.storageClass != "" {
+		params.StorageClass = aws.String(storage.storageClass)
+	}
+	if storage.encryptionMethod != "" {
+		params.ServerSideEncryption = aws.String(storage.encryptionMethod)
+	}
+
 	_, err := storage.s3.CopyObject(params)
 	if err != nil {
 		return fmt.Errorf("error copying %s -> %s in %s: %s", oldName, newName, storage, err)
--- a/system/s3_lib.py
+++ b/system/s3_lib.py
@@ -18,6 +18,8 @@ class S3Test(BaseTest):
    BaseTest + support for S3
    """

+    s3Overrides = {}
+
    def fixture_available(self):
        return super(S3Test, self).fixture_available() and s3_conn is not None

@@ -31,6 +33,8 @@ class S3Test(BaseTest):
            }
        }}

+        self.configOverride["S3PublishEndpoints"]["test1"].update(**self.s3Overrides)
+
        super(S3Test, self).prepare()

    def shutdown(self):
--- a/system/t06_publish/S3Publish6Test_binary
+++ b/system/t06_publish/S3Publish6Test_binary
@@ -0,0 +1,27 @@
+
+
+ (name, value) pairs from the user, via conventional methods such as
+ .
+ .
+ Boost version (currently 1.49).
+ Library to let program developers obtain program options, that is
+ This package forms part of the Boost C++ Libraries collection.
+ This package is a dependency package, which depends on Debian's default
+ command line and config file.
+Architecture: i386
+Depends: libboost-program-options1.49-dev
+Description: program options library for C++ (default version)
+Filename: pool/main/b/boost-defaults/libboost-program-options-dev_1.49.0.1_i386.deb
+Homepage: http://www.boost.org/libs/program_options/
+Installed-Size: 26
+MD5sum: 0035d7822b2f8f0ec4013f270fd650c2
+Maintainer: Debian Boost Team <pkg-boost-devel@lists.alioth.debian.org>
+Package: libboost-program-options-dev
+Priority: optional
+SHA1: 36895eb64cfe89c33c0a2f7ac2f0c6e0e889e04b
+SHA256: c76b4bd12fd92e4dfe1b55b18a67a669d92f62985d6a96c8a21d96120982cf12
+SHA512: d7302241373da972aa9b9e71d2fd769b31a38f71182aa71bc0d69d090d452c69bb74b8612c002ccf8a89c279ced84ac27177c8b92d20f00023b3d268e6cec69c
+Section: libdevel
+Size: 2738
+Source: boost-defaults
+Version: 1.49.0.1
--- a/system/t06_publish/S3Publish6Test_gold
+++ b/system/t06_publish/S3Publish6Test_gold
@@ -0,0 +1,8 @@
+Loading packages...
+Generating metadata files and linking package files...
+Finalizing metadata files...
+Signing file 'Release' with gpg, please enter your passphrase when prompted:
+Clearsigning file 'Release' with gpg, please enter your passphrase when prompted:
+Cleaning up prefix "." components main...
+
+Publish for local repo s3:test1:./maverick [i386, source] publishes {main: [local-repo]} has been successfully updated.
--- a/system/t06_publish/S3Publish6Test_release
+++ b/system/t06_publish/S3Publish6Test_release
@@ -0,0 +1,11 @@
+Origin: . maverick
+Label: . maverick
+Suite: maverick
+Codename: maverick
+Architectures: i386
+Components: main
+Description: Generated by aptly
+MD5Sum:
+SHA1:
+SHA256:
+SHA512:
--- a/system/t06_publish/S3Publish6Test_sources
+++ b/system/t06_publish/S3Publish6Test_sources
--- a/system/t06_publish/s3.py
+++ b/system/t06_publish/s3.py
@@ -156,3 +156,42 @@ class S3Publish5Test(S3Test):
        self.check_not_exists('public/pool/main/p/pyspi/pyspi_0.6.1.orig.tar.gz')
        self.check_not_exists('public/pool/main/p/pyspi/pyspi-0.6.1-1.3.stripped.dsc')
        self.check_exists('public/pool/main/b/boost-defaults/libboost-program-options-dev_1.49.0.1_i386.deb')
+
+
+class S3Publish6Test(S3Test):
+    """
+    publish to S3: publish update removed some packages with SSE AES256
+    """
+    s3Overrides = {'encryptionMethod': 'AES256'}
+    fixtureCmds = [
+        "aptly repo create -distribution=maverick local-repo",
+        "aptly repo add local-repo ${files}/",
+        "aptly publish repo -keyring=${files}/aptly.pub -secret-keyring=${files}/aptly.sec local-repo s3:test1:",
+        "aptly repo remove local-repo pyspi"
+    ]
+    runCmd = "aptly publish update -keyring=${files}/aptly.pub -secret-keyring=${files}/aptly.sec maverick s3:test1:"
+
+    def check(self):
+        super(S3Publish6Test, self).check()
+
+        self.check_exists('public/dists/maverick/InRelease')
+        self.check_exists('public/dists/maverick/Release')
+        self.check_exists('public/dists/maverick/Release.gpg')
+
+        self.check_exists('public/dists/maverick/main/binary-i386/Packages')
+        self.check_exists('public/dists/maverick/main/binary-i386/Packages.gz')
+        self.check_exists('public/dists/maverick/main/binary-i386/Packages.bz2')
+        self.check_exists('public/dists/maverick/main/source/Sources')
+        self.check_exists('public/dists/maverick/main/source/Sources.gz')
+        self.check_exists('public/dists/maverick/main/source/Sources.bz2')
+
+        self.check_not_exists('public/pool/main/p/pyspi/pyspi_0.6.1-1.3.dsc')
+        self.check_not_exists('public/pool/main/p/pyspi/pyspi_0.6.1-1.3.diff.gz')
+        self.check_not_exists('public/pool/main/p/pyspi/pyspi_0.6.1.orig.tar.gz')
+        self.check_not_exists('public/pool/main/p/pyspi/pyspi-0.6.1-1.3.stripped.dsc')
+        self.check_exists('public/pool/main/b/boost-defaults/libboost-program-options-dev_1.49.0.1_i386.deb')
+
+        # verify contents except of sums
+        self.check_file_contents('public/dists/maverick/Release', 'release', match_prepare=strip_processor)
+        self.check_file_contents('public/dists/maverick/main/source/Sources', 'sources', match_prepare=lambda s: "\n".join(sorted(s.split("\n"))))
+        self.check_file_contents('public/dists/maverick/main/binary-i386/Packages', 'binary', match_prepare=lambda s: "\n".join(sorted(s.split("\n"))))