llm-shield-cloud-aws 0.1.1

AWS cloud integrations for LLM Shield - Secrets Manager, S3, CloudWatch
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486

//! Integration tests for AWS S3 Storage.
//!
//! These tests require:
//! - AWS credentials configured (environment, file, or IAM role)
//! - An S3 bucket for testing (e.g., `llm-shield-test-ACCOUNT_ID`)
//! - Permissions to create, read, update, and delete objects
//!
//! Set environment variable `TEST_S3_BUCKET` to your test bucket name.
//!
//! Run with: cargo test --test integration_storage -- --ignored

use llm_shield_cloud::{CloudStorage, PutObjectOptions};
use llm_shield_cloud_aws::AwsS3Storage;
use std::env;

fn test_bucket() -> String {
    env::var("TEST_S3_BUCKET").unwrap_or_else(|_| {
        panic!("TEST_S3_BUCKET environment variable not set");
    })
}

/// Helper to create a test object key with unique ID
fn test_object_key(prefix: &str) -> String {
    format!("test/{}/{}", prefix, uuid::Uuid::new_v4())
}

#[tokio::test]
#[ignore] // Requires AWS credentials and TEST_S3_BUCKET
async fn test_put_and_get_object() {
    let storage = AwsS3Storage::new(&test_bucket())
        .await
        .expect("Failed to initialize AwsS3Storage");

    let key = test_object_key("put-get");
    let data = b"Hello, S3!";

    // Put object
    storage
        .put_object(&key, data)
        .await
        .expect("Failed to put object");

    // Get object
    let retrieved = storage.get_object(&key).await.expect("Failed to get object");

    assert_eq!(retrieved, data);

    // Cleanup
    let _ = storage.delete_object(&key).await;
}

#[tokio::test]
#[ignore]
async fn test_multipart_upload() {
    let storage = AwsS3Storage::new(&test_bucket())
        .await
        .expect("Failed to initialize AwsS3Storage");

    let key = test_object_key("multipart");

    // Create 10MB of data (exceeds 5MB threshold for multipart)
    let data = vec![0u8; 10 * 1024 * 1024];

    // Upload (should trigger multipart upload)
    storage
        .put_object(&key, &data)
        .await
        .expect("Failed to put large object");

    // Verify upload
    let metadata = storage
        .get_object_metadata(&key)
        .await
        .expect("Failed to get metadata");

    assert_eq!(metadata.size, data.len() as u64);

    // Cleanup
    let _ = storage.delete_object(&key).await;
}

#[tokio::test]
#[ignore]
async fn test_object_exists() {
    let storage = AwsS3Storage::new(&test_bucket())
        .await
        .expect("Failed to initialize AwsS3Storage");

    let key = test_object_key("exists");
    let data = b"existence test";

    // Object should not exist
    let exists_before = storage
        .object_exists(&key)
        .await
        .expect("Failed to check existence");
    assert!(!exists_before);

    // Create object
    storage
        .put_object(&key, data)
        .await
        .expect("Failed to put object");

    // Object should exist
    let exists_after = storage
        .object_exists(&key)
        .await
        .expect("Failed to check existence");
    assert!(exists_after);

    // Cleanup
    let _ = storage.delete_object(&key).await;
}

#[tokio::test]
#[ignore]
async fn test_delete_object() {
    let storage = AwsS3Storage::new(&test_bucket())
        .await
        .expect("Failed to initialize AwsS3Storage");

    let key = test_object_key("delete");
    let data = b"to be deleted";

    // Create object
    storage
        .put_object(&key, data)
        .await
        .expect("Failed to put object");

    // Verify it exists
    assert!(storage.object_exists(&key).await.unwrap());

    // Delete object
    storage
        .delete_object(&key)
        .await
        .expect("Failed to delete object");

    // Verify it no longer exists
    assert!(!storage.object_exists(&key).await.unwrap());
}

#[tokio::test]
#[ignore]
async fn test_list_objects() {
    let storage = AwsS3Storage::new(&test_bucket())
        .await
        .expect("Failed to initialize AwsS3Storage");

    let prefix = format!("test/list-{}/", uuid::Uuid::new_v4());
    let key1 = format!("{}file1.txt", prefix);
    let key2 = format!("{}file2.txt", prefix);
    let key3 = format!("{}file3.txt", prefix);

    // Create objects
    storage
        .put_object(&key1, b"content1")
        .await
        .expect("Failed to put object 1");
    storage
        .put_object(&key2, b"content2")
        .await
        .expect("Failed to put object 2");
    storage
        .put_object(&key3, b"content3")
        .await
        .expect("Failed to put object 3");

    // List objects
    let objects = storage
        .list_objects(&prefix)
        .await
        .expect("Failed to list objects");

    assert_eq!(objects.len(), 3);
    assert!(objects.contains(&key1));
    assert!(objects.contains(&key2));
    assert!(objects.contains(&key3));

    // Cleanup
    let _ = storage.delete_object(&key1).await;
    let _ = storage.delete_object(&key2).await;
    let _ = storage.delete_object(&key3).await;
}

#[tokio::test]
#[ignore]
async fn test_get_object_metadata() {
    let storage = AwsS3Storage::new(&test_bucket())
        .await
        .expect("Failed to initialize AwsS3Storage");

    let key = test_object_key("metadata");
    let data = b"metadata test content";

    // Upload with content type
    let options = PutObjectOptions {
        content_type: Some("text/plain".to_string()),
        storage_class: Some("STANDARD".to_string()),
        ..Default::default()
    };

    storage
        .put_object_with_options(&key, data, &options)
        .await
        .expect("Failed to put object with options");

    // Get metadata
    let metadata = storage
        .get_object_metadata(&key)
        .await
        .expect("Failed to get metadata");

    assert_eq!(metadata.size, data.len() as u64);
    assert_eq!(metadata.content_type, Some("text/plain".to_string()));
    assert!(metadata.etag.is_some());

    // Cleanup
    let _ = storage.delete_object(&key).await;
}

#[tokio::test]
#[ignore]
async fn test_copy_object() {
    let storage = AwsS3Storage::new(&test_bucket())
        .await
        .expect("Failed to initialize AwsS3Storage");

    let source_key = test_object_key("copy-source");
    let dest_key = test_object_key("copy-dest");
    let data = b"content to copy";

    // Create source object
    storage
        .put_object(&source_key, data)
        .await
        .expect("Failed to put source object");

    // Copy object
    storage
        .copy_object(&source_key, &dest_key)
        .await
        .expect("Failed to copy object");

    // Verify destination
    let retrieved = storage
        .get_object(&dest_key)
        .await
        .expect("Failed to get copied object");

    assert_eq!(retrieved, data);

    // Cleanup
    let _ = storage.delete_object(&source_key).await;
    let _ = storage.delete_object(&dest_key).await;
}

#[tokio::test]
#[ignore]
async fn test_put_object_with_options() {
    let storage = AwsS3Storage::new(&test_bucket())
        .await
        .expect("Failed to initialize AwsS3Storage");

    let key = test_object_key("options");
    let data = b"content with options";

    let mut metadata = vec![];
    metadata.push(("purpose".to_string(), "integration-test".to_string()));
    metadata.push(("environment".to_string(), "test".to_string()));

    let options = PutObjectOptions {
        content_type: Some("application/octet-stream".to_string()),
        storage_class: Some("STANDARD".to_string()),
        encryption: Some("AES256".to_string()),
        metadata,
    };

    // Upload with options
    storage
        .put_object_with_options(&key, data, &options)
        .await
        .expect("Failed to put object with options");

    // Verify metadata
    let object_metadata = storage
        .get_object_metadata(&key)
        .await
        .expect("Failed to get metadata");

    assert_eq!(
        object_metadata.content_type,
        Some("application/octet-stream".to_string())
    );

    // Cleanup
    let _ = storage.delete_object(&key).await;
}

#[tokio::test]
#[ignore]
async fn test_delete_objects_batch() {
    let storage = AwsS3Storage::new(&test_bucket())
        .await
        .expect("Failed to initialize AwsS3Storage");

    let prefix = format!("test/batch-delete-{}/", uuid::Uuid::new_v4());
    let keys: Vec<String> = (0..10)
        .map(|i| format!("{}file{}.txt", prefix, i))
        .collect();

    // Create objects
    for key in &keys {
        storage
            .put_object(key, b"batch delete test")
            .await
            .expect("Failed to put object");
    }

    // Verify all exist
    for key in &keys {
        assert!(storage.object_exists(key).await.unwrap());
    }

    // Delete all at once
    storage
        .delete_objects(&keys)
        .await
        .expect("Failed to delete objects batch");

    // Verify all deleted
    for key in &keys {
        assert!(!storage.object_exists(key).await.unwrap());
    }
}

#[tokio::test]
#[ignore]
async fn test_list_objects_with_metadata() {
    let storage = AwsS3Storage::new(&test_bucket())
        .await
        .expect("Failed to initialize AwsS3Storage");

    let prefix = format!("test/list-metadata-{}/", uuid::Uuid::new_v4());
    let key1 = format!("{}small.txt", prefix);
    let key2 = format!("{}large.txt", prefix);

    // Create objects of different sizes
    storage
        .put_object(&key1, b"small")
        .await
        .expect("Failed to put small object");
    storage
        .put_object(&key2, &vec![0u8; 1024 * 1024])
        .await
        .expect("Failed to put large object");

    // List with metadata
    let objects_metadata = storage
        .list_objects_with_metadata(&prefix)
        .await
        .expect("Failed to list objects with metadata");

    assert_eq!(objects_metadata.len(), 2);

    // Check sizes
    let small_metadata = objects_metadata.iter().find(|m| m.size == 5).unwrap();
    let large_metadata = objects_metadata
        .iter()
        .find(|m| m.size == 1024 * 1024)
        .unwrap();

    assert_eq!(small_metadata.size, 5);
    assert_eq!(large_metadata.size, 1024 * 1024);

    // Cleanup
    let _ = storage.delete_object(&key1).await;
    let _ = storage.delete_object(&key2).await;
}

#[tokio::test]
#[ignore]
async fn test_region_configuration() {
    // Test with specific region
    let storage = AwsS3Storage::new_with_region(&test_bucket(), "us-west-2")
        .await
        .expect("Failed to initialize AwsS3Storage with region");

    assert_eq!(storage.region(), "us-west-2");
    assert_eq!(storage.bucket(), test_bucket());

    // Test operations work with specified region
    let key = test_object_key("region-test");
    let data = b"region test content";

    storage
        .put_object(&key, data)
        .await
        .expect("Failed to put object in us-west-2");

    let retrieved = storage
        .get_object(&key)
        .await
        .expect("Failed to get object from us-west-2");

    assert_eq!(retrieved, data);

    // Cleanup
    let _ = storage.delete_object(&key).await;
}

#[tokio::test]
#[ignore]
async fn test_large_file_operations() {
    let storage = AwsS3Storage::new(&test_bucket())
        .await
        .expect("Failed to initialize AwsS3Storage");

    let key = test_object_key("large-file");

    // Create 50MB file (will use multipart upload)
    let size = 50 * 1024 * 1024;
    let data = vec![0xAB; size];

    // Upload
    let start = std::time::Instant::now();
    storage
        .put_object(&key, &data)
        .await
        .expect("Failed to upload large file");
    let upload_duration = start.elapsed();

    println!("Uploaded 50MB in {:?}", upload_duration);

    // Download
    let start = std::time::Instant::now();
    let retrieved = storage
        .get_object(&key)
        .await
        .expect("Failed to download large file");
    let download_duration = start.elapsed();

    println!("Downloaded 50MB in {:?}", download_duration);

    // Verify
    assert_eq!(retrieved.len(), size);
    assert_eq!(retrieved, data);

    // Cleanup
    let _ = storage.delete_object(&key).await;
}

#[tokio::test]
#[ignore]
async fn test_storage_class() {
    let storage = AwsS3Storage::new(&test_bucket())
        .await
        .expect("Failed to initialize AwsS3Storage");

    let key = test_object_key("storage-class");
    let data = b"storage class test";

    // Upload with INTELLIGENT_TIERING storage class
    let options = PutObjectOptions {
        storage_class: Some("INTELLIGENT_TIERING".to_string()),
        ..Default::default()
    };

    storage
        .put_object_with_options(&key, data, &options)
        .await
        .expect("Failed to put object with storage class");

    // Verify (note: storage class might take time to reflect)
    let metadata = storage
        .get_object_metadata(&key)
        .await
        .expect("Failed to get metadata");

    println!("Storage class: {:?}", metadata.storage_class);

    // Cleanup
    let _ = storage.delete_object(&key).await;
}