S3: add SSE customer key

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
2025-12-07 14:50:55 +03:00 · 2024-08-15 10:09:06 +02:00
parent d783ffc13f
commit 2fbf608895
14 changed files with 264 additions and 75 deletions
--- a/internal/webdavd/internal_test.go
+++ b/internal/webdavd/internal_test.go
@@ -1485,8 +1485,11 @@ func TestUserCacheIsolation(t *testing.T) {
 		LockSystem: webdav.NewMemLS(),
 	}
 	cachedUser.User.FsConfig.S3Config.AccessSecret = kms.NewPlainSecret("test secret")
+	cachedUser.User.FsConfig.S3Config.SSECustomerKey = kms.NewPlainSecret("test key")
 	err = cachedUser.User.FsConfig.S3Config.AccessSecret.Encrypt()
 	assert.NoError(t, err)
+	err = cachedUser.User.FsConfig.S3Config.SSECustomerKey.Encrypt()
+	assert.NoError(t, err)
 	dataprovider.CacheWebDAVUser(cachedUser)
 	cachedUser, ok := dataprovider.GetCachedWebDAVUser(username)

@@ -1500,6 +1503,9 @@ func TestUserCacheIsolation(t *testing.T) {
 		assert.True(t, cachedUser.User.FsConfig.S3Config.AccessSecret.IsEncrypted())
 		err = cachedUser.User.FsConfig.S3Config.AccessSecret.Decrypt()
 		assert.NoError(t, err)
+		assert.True(t, cachedUser.User.FsConfig.S3Config.SSECustomerKey.IsEncrypted())
+		err = cachedUser.User.FsConfig.S3Config.SSECustomerKey.Decrypt()
+		assert.NoError(t, err)
 		cachedUser.User.FsConfig.Provider = sdk.S3FilesystemProvider
 		_, err = cachedUser.User.GetFilesystem("")
 		assert.Error(t, err, "we don't have to get the previously cached filesystem!")
@@ -1508,6 +1514,7 @@ func TestUserCacheIsolation(t *testing.T) {
 	if assert.True(t, ok) {
 		assert.Equal(t, sdk.LocalFilesystemProvider, cachedUser.User.FsConfig.Provider)
 		assert.False(t, cachedUser.User.FsConfig.S3Config.AccessSecret.IsEncrypted())
+		assert.False(t, cachedUser.User.FsConfig.S3Config.SSECustomerKey.IsEncrypted())
 	}

 	err = dataprovider.DeleteUser(username, "", "", "")