rc_core/
encryption.rs

1//! Bucket and object encryption domain types.
2
3use serde::{Deserialize, Serialize};
4
5/// Bucket default encryption configuration.
6#[derive(Debug, Clone, PartialEq, Eq, Serialize, Deserialize)]
7#[serde(rename_all = "kebab-case")]
8pub enum BucketEncryption {
9    /// Use S3-managed keys.
10    SseS3,
11    /// Use KMS-managed keys with an optional explicit key id.
12    SseKms {
13        #[serde(skip_serializing_if = "Option::is_none")]
14        key_id: Option<String>,
15    },
16}
17
18/// Object write encryption request.
19#[derive(Debug, Clone, PartialEq, Eq, Serialize, Deserialize)]
20#[serde(rename_all = "kebab-case")]
21pub enum ObjectEncryptionRequest {
22    /// Use S3-managed keys.
23    SseS3,
24    /// Use KMS-managed keys with the provided key id.
25    SseKms { key_id: String },
26}
27
28#[cfg(test)]
29mod tests {
30    use super::*;
31    use serde_json::json;
32
33    #[test]
34    fn bucket_encryption_serializes_sse_s3() {
35        let json = serde_json::to_value(&BucketEncryption::SseS3).expect("serialize sse-s3");
36        assert_eq!(json, json!("sse-s3"));
37    }
38
39    #[test]
40    fn bucket_encryption_serializes_sse_kms_key_id() {
41        let json = serde_json::to_value(&BucketEncryption::SseKms {
42            key_id: Some("kms-key".to_string()),
43        })
44        .expect("serialize sse-kms");
45        assert_eq!(json, json!({ "sse-kms": { "key_id": "kms-key" } }));
46    }
47
48    #[test]
49    fn bucket_encryption_serializes_sse_kms_without_key_id() {
50        let json = serde_json::to_value(&BucketEncryption::SseKms { key_id: None })
51            .expect("serialize sse-kms without key");
52        assert_eq!(json, json!({ "sse-kms": {} }));
53    }
54
55    #[test]
56    fn bucket_encryption_round_trips_sse_s3() {
57        let value: BucketEncryption =
58            serde_json::from_value(json!("sse-s3")).expect("deserialize sse-s3");
59        assert_eq!(value, BucketEncryption::SseS3);
60    }
61
62    #[test]
63    fn bucket_encryption_round_trips_sse_kms() {
64        let value: BucketEncryption =
65            serde_json::from_value(json!({ "sse-kms": { "key_id": "kms-key" } }))
66                .expect("deserialize sse-kms");
67        assert_eq!(
68            value,
69            BucketEncryption::SseKms {
70                key_id: Some("kms-key".to_string()),
71            }
72        );
73    }
74
75    #[test]
76    fn bucket_encryption_round_trips_sse_kms_without_key_id() {
77        let value: BucketEncryption = serde_json::from_value(json!({ "sse-kms": {} }))
78            .expect("deserialize sse-kms without key");
79        assert_eq!(value, BucketEncryption::SseKms { key_id: None });
80    }
81
82    #[test]
83    fn object_encryption_request_serializes_sse_s3() {
84        let json =
85            serde_json::to_value(&ObjectEncryptionRequest::SseS3).expect("serialize object sse-s3");
86        assert_eq!(json, json!("sse-s3"));
87    }
88
89    #[test]
90    fn object_encryption_request_serializes_sse_kms() {
91        let json = serde_json::to_value(&ObjectEncryptionRequest::SseKms {
92            key_id: "kms-key".to_string(),
93        })
94        .expect("serialize object sse-kms");
95        assert_eq!(json, json!({ "sse-kms": { "key_id": "kms-key" } }));
96    }
97
98    #[test]
99    fn object_encryption_request_round_trips_sse_s3() {
100        let value: ObjectEncryptionRequest =
101            serde_json::from_value(json!("sse-s3")).expect("deserialize object sse-s3");
102        assert_eq!(value, ObjectEncryptionRequest::SseS3);
103    }
104
105    #[test]
106    fn object_encryption_request_round_trips_sse_kms() {
107        let value: ObjectEncryptionRequest =
108            serde_json::from_value(json!({ "sse-kms": { "key_id": "kms-key" } }))
109                .expect("deserialize object sse-kms");
110        assert_eq!(
111            value,
112            ObjectEncryptionRequest::SseKms {
113                key_id: "kms-key".to_string(),
114            }
115        );
116    }
117}
rc_core/encryption.rs

rc_core/
encryption.rs
