Mirror
/
seaweedfs
mirror of https://github.com/seaweedfs/seaweedfs.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
11845 Commits
46 Branches
312 Tags
265 MiB
 
 
 
 
 
 
Branch: add-foundation-db
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'add-foundation-db'
${ noResults }
seaweedfs/test/s3/sse/setup_openbao_sse.sh

146 lines
4.8 KiB
Raw Permalink Blame History

#!/bin/bash
# Setup OpenBao for SSE Integration Testing
# This script configures OpenBao with encryption keys for S3 SSE testing
set -e
# Configuration
OPENBAO_ADDR="${OPENBAO_ADDR:-http://127.0.0.1:8200}"
OPENBAO_TOKEN="${OPENBAO_TOKEN:-root-token-for-testing}"
TRANSIT_PATH="${TRANSIT_PATH:-transit}"
echo "🚀 Setting up OpenBao for S3 SSE integration testing..."
echo "OpenBao Address: $OPENBAO_ADDR"
echo "Transit Path: $TRANSIT_PATH"
# Export for API calls
export VAULT_ADDR="$OPENBAO_ADDR"
export VAULT_TOKEN="$OPENBAO_TOKEN"
# Wait for OpenBao to be ready
echo "⏳ Waiting for OpenBao to be ready..."
for i in {1..30}; do
if curl -s "$OPENBAO_ADDR/v1/sys/health" > /dev/null 2>&1; then
echo "✅ OpenBao is ready!"
break
fi
if [ $i -eq 30 ]; then
echo "❌ OpenBao failed to start within 60 seconds"
exit 1
fi
sleep 2
done
# Enable transit secrets engine (ignore error if already enabled)
echo "🔧 Setting up transit secrets engine..."
curl -s -X POST \
-H "X-Vault-Token: $OPENBAO_TOKEN" \
-H "Content-Type: application/json" \
-d "{\"type\":\"transit\"}" \
"$OPENBAO_ADDR/v1/sys/mounts/$TRANSIT_PATH" || echo "Transit engine may already be enabled"
# Create encryption keys for S3 SSE testing
echo "🔑 Creating encryption keys for SSE testing..."
# Test keys that match the existing test expectations
declare -a keys=(
"test-key-123:SSE-KMS basic integration test key"
"source-test-key-123:SSE-KMS copy source key"
"dest-test-key-456:SSE-KMS copy destination key"
"test-multipart-key:SSE-KMS multipart upload test key"
"invalid-test-key:SSE-KMS error testing key"
"test-kms-range-key:SSE-KMS range request test key"
"seaweedfs-test-key:General SeaweedFS SSE test key"
"bucket-default-key:Default bucket encryption key"
"high-security-key:High security encryption key"
"performance-key:Performance testing key"
)
for key_info in "${keys[@]}"; do
IFS=':' read -r key_name description <<< "$key_info"
echo " Creating key: $key_name ($description)"
# Create key
response=$(curl -s -X POST \
-H "X-Vault-Token: $OPENBAO_TOKEN" \
-H "Content-Type: application/json" \
-d "{\"type\":\"aes256-gcm96\",\"description\":\"$description\"}" \
"$OPENBAO_ADDR/v1/$TRANSIT_PATH/keys/$key_name")
if echo "$response" | grep -q "errors"; then
echo " Warning: $response"
fi
# Verify key was created
verify_response=$(curl -s \
-H "X-Vault-Token: $OPENBAO_TOKEN" \
"$OPENBAO_ADDR/v1/$TRANSIT_PATH/keys/$key_name")
if echo "$verify_response" | grep -q "\"name\":\"$key_name\""; then
echo " ✅ Key $key_name created successfully"
else
echo " ❌ Failed to verify key $key_name"
echo " Response: $verify_response"
fi
done
# Test basic encryption/decryption functionality
echo "🧪 Testing basic encryption/decryption..."
test_plaintext="Hello, SeaweedFS SSE Integration!"
test_key="test-key-123"
# Encrypt
encrypt_response=$(curl -s -X POST \
-H "X-Vault-Token: $OPENBAO_TOKEN" \
-H "Content-Type: application/json" \
-d "{\"plaintext\":\"$(echo -n "$test_plaintext" | base64)\"}" \
"$OPENBAO_ADDR/v1/$TRANSIT_PATH/encrypt/$test_key")
if echo "$encrypt_response" | grep -q "ciphertext"; then
ciphertext=$(echo "$encrypt_response" | grep -o '"ciphertext":"[^"]*"' | cut -d'"' -f4)
echo " ✅ Encryption successful: ${ciphertext:0:50}..."
# Decrypt to verify
decrypt_response=$(curl -s -X POST \
-H "X-Vault-Token: $OPENBAO_TOKEN" \
-H "Content-Type: application/json" \
-d "{\"ciphertext\":\"$ciphertext\"}" \
"$OPENBAO_ADDR/v1/$TRANSIT_PATH/decrypt/$test_key")
if echo "$decrypt_response" | grep -q "plaintext"; then
decrypted_b64=$(echo "$decrypt_response" | grep -o '"plaintext":"[^"]*"' | cut -d'"' -f4)
decrypted=$(echo "$decrypted_b64" | base64 -d)
if [ "$decrypted" = "$test_plaintext" ]; then
echo " ✅ Decryption successful: $decrypted"
else
echo " ❌ Decryption failed: expected '$test_plaintext', got '$decrypted'"
fi
else
echo " ❌ Decryption failed: $decrypt_response"
fi
else
echo " ❌ Encryption failed: $encrypt_response"
fi
echo ""
echo "📊 OpenBao SSE setup summary:"
echo " Address: $OPENBAO_ADDR"
echo " Transit Path: $TRANSIT_PATH"
echo " Keys Created: ${#keys[@]}"
echo " Status: Ready for S3 SSE integration testing"
echo ""
echo "🎯 Ready to run S3 SSE integration tests!"
echo ""
echo "Usage:"
echo " # Run with Docker Compose"
echo " make test-with-kms"
echo ""
echo " # Run specific test suites"
echo " make test-ssekms-integration"
echo ""
echo " # Check status"
echo " curl $OPENBAO_ADDR/v1/sys/health"
echo ""
echo "✅ OpenBao SSE setup complete!"