diff options
| author | Andrei Pozolotin <andrei.pozolotin@gmail.com> | 2015-09-21 22:59:14 +0000 |
|---|---|---|
| committer | Andrei Pozolotin <andrei.pozolotin@gmail.com> | 2015-10-18 19:14:31 +0000 |
| commit | 81810aff298ffb3e871b4dbab76be2c8b9a46ea8 (patch) | |
| tree | c31aaaeceba6a925aa2e2dafe81d09f1bad552bc /org.eclipse.jgit.test/tst-rsrc | |
| parent | fd060943daf24873e23a49203be19f7491bd46f7 (diff) | |
| download | jgit-81810aff298ffb3e871b4dbab76be2c8b9a46ea8.tar.gz jgit-81810aff298ffb3e871b4dbab76be2c8b9a46ea8.zip | |
Adding AES Walk Encryption support in http://www.jets3t.org/ mode
See previous attempt: https://git.eclipse.org/r/#/c/16674/
Here we preserve as much of JetS3t mode as possible
while allowing to use new Java 8+ PBE algorithms
such as PBEWithHmacSHA512AndAES_256
Summary of changes:
* change pom.xml to control long tests
* add WalkEncryptionTest.launch to run long tests
* add AmazonS3.Keys to to normalize use of constants
* change WalkEncryption to support AES in JetS3t mode
* add WalkEncryptionTest to test remote encryption pipeline
* add support for CI configuration for live Amazon S3 testing
* add log4j based logging for tests in both Eclipse and Maven build
To test locally, check out the review branch, then:
* create amazon test configuration file
* located your home dir: ${user.home}
* named jgit-s3-config.properties
* file format follows AmazonS3 connection settings file:
accesskey = your-amazon-access-key
secretkey = your-amazon-secret-key
test.bucket = your-bucket-for-testing
* finally:
* run in Eclipse: WalkEncryptionTest.launch
* or
* run in Shell: mvn test --define test=WalkEncryptionTest
Change-Id: I6f455fd9fb4eac261ca73d0bec6a4e7dae9f2e91
Signed-off-by: Andrei Pozolotin <andrei.pozolotin@gmail.com>
Diffstat (limited to 'org.eclipse.jgit.test/tst-rsrc')
4 files changed, 101 insertions, 0 deletions
diff --git a/org.eclipse.jgit.test/tst-rsrc/jgit-s3-config.disabled.properties b/org.eclipse.jgit.test/tst-rsrc/jgit-s3-config.disabled.properties new file mode 100644 index 0000000000..d540977e94 --- /dev/null +++ b/org.eclipse.jgit.test/tst-rsrc/jgit-s3-config.disabled.properties @@ -0,0 +1,48 @@ +# +# See WalkEncryptionTest.java +# +# This file is a template for test configuration file used by WalkEncryptionTest. +# To be active, this file must have the following hard coded name: jgit-s3-config.properties +# To be active, this file must be discovered by WalkEncryptionTest from one of these locations: +# * ${user.home}/jgit-s3-config.properties +# * ${user.dir}/jgit-s3-config.properties +# * ${user.dir}/tst-rsrc/jgit-s3-config.properties +# When this file is missing, tests in WalkEncryptionTest will not run, only report a warning. +# + +# +# WalkEncryptionTest requires amazon s3 test bucket setup. +# +# Test bucket setup instructions: +# +# Create IAM user: +# http://docs.aws.amazon.com/IAM/latest/UserGuide/id_users_create.html +# * user name: jgit.eclipse.org +# +# Configure IAM user S3 bucket access +# http://docs.aws.amazon.com/AmazonS3/latest/dev/example-policies-s3.html +# * attach S3 user policy to user account: jgit-s3-config.policy.user.json +# +# Create S3 bucket: +# http://docs.aws.amazon.com/AmazonS3/latest/gsg/CreatingABucket.html +# * bucket name: jgit.eclipse.org +# +# Configure S3 bucket source address/mask access: +# http://docs.aws.amazon.com/AmazonS3/latest/dev/example-bucket-policies.html +# * attach bucket policy to the test bucket: jgit-s3-config.policy.bucket.json +# * verify that any required source address/mask is included in the bucket policy: +# * see https://wiki.eclipse.org/Hudson +# * see http://www.tcpiputils.com/browse/ip-address/198.41.30.200 +# * proxy.eclipse.org 198.41.30.0/24 +# * Andrei Pozolotin 67.175.188.187/32 +# +# Configure bucket 1 day expiration in object life cycle management: +# * https://docs.aws.amazon.com/AmazonS3/latest/dev/manage-lifecycle-using-console.html +# + +# Test bucket name +test.bucket=jgit.eclipse.org + +# IAM credentials for user jgit.eclipse.org +accesskey=AKIAIYWXB4ETREBRMZDQ +secretkey=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 diff --git a/org.eclipse.jgit.test/tst-rsrc/jgit-s3-config.policy.bucket.json b/org.eclipse.jgit.test/tst-rsrc/jgit-s3-config.policy.bucket.json new file mode 100644 index 0000000000..3020b09a00 --- /dev/null +++ b/org.eclipse.jgit.test/tst-rsrc/jgit-s3-config.policy.bucket.json @@ -0,0 +1,20 @@ +{ + "Version": "2012-10-17", + "Statement": [ + { + "Sid": "DenyAllButKnownSourceAddressWithMask", + "Effect": "Deny", + "Principal": "*", + "Action": "s3:*", + "Resource": "arn:aws:s3:::jgit.eclipse.org/*", + "Condition": { + "NotIpAddress": { + "aws:SourceIp": [ + "198.41.30.0/24", + "67.175.188.187/32" + ] + } + } + } + ] +} diff --git a/org.eclipse.jgit.test/tst-rsrc/jgit-s3-config.policy.user.json b/org.eclipse.jgit.test/tst-rsrc/jgit-s3-config.policy.user.json new file mode 100644 index 0000000000..830d0888c0 --- /dev/null +++ b/org.eclipse.jgit.test/tst-rsrc/jgit-s3-config.policy.user.json @@ -0,0 +1,24 @@ +{ + "Version": "2012-10-17", + "Statement": [ + { + "Sid": "BucketList", + "Effect": "Allow", + "Action": "s3:ListAllMyBuckets", + "Resource": [ + "arn:aws:s3:::jgit.eclipse.org" + ] + }, + { + "Sid": "BucketFullControl", + "Effect": "Allow", + "Action": [ + "s3:*" + ], + "Resource": [ + "arn:aws:s3:::jgit.eclipse.org", + "arn:aws:s3:::jgit.eclipse.org/*" + ] + } + ] +} diff --git a/org.eclipse.jgit.test/tst-rsrc/log4j.properties b/org.eclipse.jgit.test/tst-rsrc/log4j.properties new file mode 100644 index 0000000000..14620ffae4 --- /dev/null +++ b/org.eclipse.jgit.test/tst-rsrc/log4j.properties @@ -0,0 +1,9 @@ + +# Root logger option +log4j.rootLogger=INFO, stdout + +# Direct log messages to stdout +log4j.appender.stdout=org.apache.log4j.ConsoleAppender +log4j.appender.stdout.Target=System.out +log4j.appender.stdout.layout=org.apache.log4j.PatternLayout +log4j.appender.stdout.layout.ConversionPattern=%d{yyyy-MM-dd HH:mm:ss} %-5p %c{1}:%L - %m%n |