Enable encrypted connection to minio

In order to test out server-side encryption we need to use secure connection fisrt. This way we generate self-signed certificates for minio.
s3tools · Oct 29, 2021 · 3388ea2 · 3388ea2
1 parent 7be517a
commit 3388ea2
Show file tree

Hide file tree

Showing 3 changed files with 22 additions and 9 deletions.
diff --git a/.ci.s3cfg b/.ci.s3cfg
@@ -6,7 +6,7 @@ add_headers =
 bucket_location = us-east-1
 ca_certs_file = 
 cache_file = 
-check_ssl_certificate = True
+check_ssl_certificate = False
 check_ssl_hostname = True
 cloudfront_host = cloudfront.amazonaws.com
 default_mime_type = binary/octet-stream
@@ -67,9 +67,9 @@ stop_on_error = False
 storage_class = 
 urlencoding_mode = normal
 use_http_expect = False
-use_https = False
+use_https = True
 use_mime_magic = True
 verbosity = WARNING
-website_endpoint = http://%(bucket)s.s3-website-%(location)s.amazonaws.com/
+website_endpoint = https://%(bucket)s.s3-website-%(location)s.amazonaws.com/
 website_error = 
 website_index = index.html
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -28,19 +28,32 @@ jobs:
         with:
           path: ~/cache
           key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ env.cache-revision }}
-      - name: Download minio on cache miss
-        if: steps.cache-minio.outputs.cache-hit != 'true'
+      - name: Cache certgen
+        id: cache-certgen
+        uses: actions/cache@v2
+        env:
+          cache-name: cache-certgen
+        with:
+          path: ~/cache
+          key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ env.cache-revision }}
+      - name: Download minio and certgen on cache miss
+        if: steps.cache-minio.outputs.cache-hit != 'true' || steps.cache-certgen.outputs.cache-hit != 'true'
         run: |
           mkdir -p ~/cache
           test ! -e ~/cache/minio && wget -O ~/cache/minio https://dl.minio.io/server/minio/release/linux-amd64/minio || echo "Minio already in cache"
+          test ! -e ~/cache/certgen && wget -O ~/cache/certgen https://github.com/minio/certgen/releases/download/v0.0.2/certgen-linux-amd64 || echo "Certgen already in cache"
       - name: Start a local instance of minio
         run: |
           export AWS_ACCESS_KEY_ID=Q3AM3UQ867SPQQA43P2F
           export AWS_SECRET_ACCESS_KEY=zuf+tfteSlswRu7BJ86wekitnifILbZam1KYY3TG
-          export MINIO_ACCESS_KEY=Q3AM3UQ867SPQQA43P2F
-          export MINIO_SECRET_KEY=zuf+tfteSlswRu7BJ86wekitnifILbZam1KYY3TG
+          export MINIO_ROOT_USER=Q3AM3UQ867SPQQA43P2F
+          export MINIO_ROOT_PASSWORD=zuf+tfteSlswRu7BJ86wekitnifILbZam1KYY3TG
           chmod +x ~/cache/minio
+          chmod +x ~/cache/certgen
           mkdir -p ~/minio_tmp
+          mkdir -p ~/.minio/certs
+          cd ~/.minio/certs
+          ~/cache/certgen -ca -host "localhost,127.0.0.1,172.17.0.1"
           ~/cache/minio server ~/minio_tmp &
           sleep 4 # give minio some time to start
       - name: Run tests

diff --git a/run-tests-minio.py b/run-tests-minio.py
@@ -750,8 +750,8 @@ def pbucket(tail):
 
 ## ====== Check SSE-C encrypted object wrong passphrase
 test_s3cmd("Get server-side encrypted object with wrong passphrase", ['get', u'%s/xyz/demo/some-file.xml' % pbucket(1), 'testsuite-out', '--sse-customer-key=11111111111111111111111111111111'],
-           retcode = EX_SERVERERROR,
-           must_find = [ "The calculated MD5 hash of the key did not match" ])
+           retcode = EX_ACCESSDENIED,
+           must_find = [ "Access Denied." ])
 
 ## ====== Check SSE-C encrypted object download
 test_s3cmd("Get server-side encrypted object", ['get', u'%s/xyz/demo/some-file.xml' % pbucket(1), 'testsuite-out', '--sse-customer-key=12345678901234567890123456789012'],