s3util-rs 1.3.0

Tools for managing Amazon S3 objects and buckets
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59

use std::str::FromStr;

use aws_sdk_s3::types::ServerSideEncryption;

const INVALID_SSE_VALUE: &str =
    "invalid sse value. valid choices: AES256 | aws:kms | aws:kms:dsse.";

pub fn parse_sse(sse: &str) -> Result<String, String> {
    #[allow(deprecated)]
    if matches!(
        ServerSideEncryption::from_str(sse).unwrap(),
        ServerSideEncryption::Unknown(_)
    ) {
        return Err(INVALID_SSE_VALUE.to_string());
    }

    Ok(sse.to_string())
}

pub fn parse_sse_c(sse: &str) -> Result<String, String> {
    if !matches!(
        ServerSideEncryption::from_str(sse).unwrap(),
        ServerSideEncryption::Aes256
    ) {
        return Err(INVALID_SSE_VALUE.to_string());
    }

    Ok(sse.to_string())
}

#[cfg(test)]
mod tests {
    use super::*;

    #[test]
    fn parse_sse_accepts_known_values() {
        for sse in ["AES256", "aws:kms", "aws:kms:dsse"] {
            assert_eq!(parse_sse(sse).unwrap(), sse);
        }
    }

    #[test]
    fn parse_sse_rejects_unknown() {
        let err = parse_sse("rot13").unwrap_err();
        assert!(err.contains("invalid sse value"));
    }

    #[test]
    fn parse_sse_c_accepts_only_aes256() {
        assert_eq!(parse_sse_c("AES256").unwrap(), "AES256");
    }

    #[test]
    fn parse_sse_c_rejects_kms_variants() {
        // SSE-C is AES256 with a customer-supplied key only — KMS variants are not allowed.
        assert!(parse_sse_c("aws:kms").is_err());
        assert!(parse_sse_c("aws:kms:dsse").is_err());
    }
}