From 3388ea2ca8f7dbb732f66bbbb8e44ad236252bdc Mon Sep 17 00:00:00 2001 From: Dmitriy Rabotyagov Date: Fri, 29 Oct 2021 19:19:52 +0300 Subject: [PATCH] Enable encrypted connection to minio In order to test out server-side encryption we need to use secure connection fisrt. This way we generate self-signed certificates for minio. --- .ci.s3cfg | 6 +++--- .github/workflows/test.yml | 21 +++++++++++++++++---- run-tests-minio.py | 4 ++-- 3 files changed, 22 insertions(+), 9 deletions(-) diff --git a/.ci.s3cfg b/.ci.s3cfg index 91797afe2..d2283daaf 100644 --- a/.ci.s3cfg +++ b/.ci.s3cfg @@ -6,7 +6,7 @@ add_headers = bucket_location = us-east-1 ca_certs_file = cache_file = -check_ssl_certificate = True +check_ssl_certificate = False check_ssl_hostname = True cloudfront_host = cloudfront.amazonaws.com default_mime_type = binary/octet-stream @@ -67,9 +67,9 @@ stop_on_error = False storage_class = urlencoding_mode = normal use_http_expect = False -use_https = False +use_https = True use_mime_magic = True verbosity = WARNING -website_endpoint = http://%(bucket)s.s3-website-%(location)s.amazonaws.com/ +website_endpoint = https://%(bucket)s.s3-website-%(location)s.amazonaws.com/ website_error = website_index = index.html diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index e5e5db1bf..83934303d 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -28,19 +28,32 @@ jobs: with: path: ~/cache key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ env.cache-revision }} - - name: Download minio on cache miss - if: steps.cache-minio.outputs.cache-hit != 'true' + - name: Cache certgen + id: cache-certgen + uses: actions/cache@v2 + env: + cache-name: cache-certgen + with: + path: ~/cache + key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ env.cache-revision }} + - name: Download minio and certgen on cache miss + if: steps.cache-minio.outputs.cache-hit != 'true' || steps.cache-certgen.outputs.cache-hit != 'true' run: | mkdir -p ~/cache test ! -e ~/cache/minio && wget -O ~/cache/minio https://dl.minio.io/server/minio/release/linux-amd64/minio || echo "Minio already in cache" + test ! -e ~/cache/certgen && wget -O ~/cache/certgen https://github.com/minio/certgen/releases/download/v0.0.2/certgen-linux-amd64 || echo "Certgen already in cache" - name: Start a local instance of minio run: | export AWS_ACCESS_KEY_ID=Q3AM3UQ867SPQQA43P2F export AWS_SECRET_ACCESS_KEY=zuf+tfteSlswRu7BJ86wekitnifILbZam1KYY3TG - export MINIO_ACCESS_KEY=Q3AM3UQ867SPQQA43P2F - export MINIO_SECRET_KEY=zuf+tfteSlswRu7BJ86wekitnifILbZam1KYY3TG + export MINIO_ROOT_USER=Q3AM3UQ867SPQQA43P2F + export MINIO_ROOT_PASSWORD=zuf+tfteSlswRu7BJ86wekitnifILbZam1KYY3TG chmod +x ~/cache/minio + chmod +x ~/cache/certgen mkdir -p ~/minio_tmp + mkdir -p ~/.minio/certs + cd ~/.minio/certs + ~/cache/certgen -ca -host "localhost,127.0.0.1,172.17.0.1" ~/cache/minio server ~/minio_tmp & sleep 4 # give minio some time to start - name: Run tests diff --git a/run-tests-minio.py b/run-tests-minio.py index cd2772c64..458dac48d 100755 --- a/run-tests-minio.py +++ b/run-tests-minio.py @@ -750,8 +750,8 @@ def pbucket(tail): ## ====== Check SSE-C encrypted object wrong passphrase test_s3cmd("Get server-side encrypted object with wrong passphrase", ['get', u'%s/xyz/demo/some-file.xml' % pbucket(1), 'testsuite-out', '--sse-customer-key=11111111111111111111111111111111'], - retcode = EX_SERVERERROR, - must_find = [ "The calculated MD5 hash of the key did not match" ]) + retcode = EX_ACCESSDENIED, + must_find = [ "Access Denied." ]) ## ====== Check SSE-C encrypted object download test_s3cmd("Get server-side encrypted object", ['get', u'%s/xyz/demo/some-file.xml' % pbucket(1), 'testsuite-out', '--sse-customer-key=12345678901234567890123456789012'],