k1LoW/awspec

testing for s3 bucket server_side_encryption

pmysore1 opened this issue · 2 comments

Hi,
I am trying to test whether server side encryption enabled or not with below syntax. However it is failing.

describe s3_bucket("#{s3_bucket_name}") do
it { should exist }
it { should have_versioning_enabled }
its('resource.server_side_encryption') { should eq 'aws:kms' }
end

Failures:

  1. s3_bucket 'xxxx-automation-xxxxxxxxxxxxxxxxx' resource.server_side_encryption
    Failure/Error: its('resource.server_side_encryption') { should eq 'aws:kms' }

    NoMethodError:
    undefined method `server_side_encryption' for #<Aws::S3::Bucket name="xxxxx-automation-xxxxxxxxxxx">

    ./spec/s3_bucket_spec.rb:18:in `block (2 levels) in <top (required)>'

Looks like my syntax is correct. Can you please suggest the correct syntax to verify this.
Thanks
-Pradeep

This is due to the fact that awspec isn't calling out to appropriate S3 API to fetch that setting.

Syntactically it wouldn't have worked either because the resource wouldn't contain that attribute, this is as per AWS API.

The resolution will be to add in support for identifying the encryption details like there is for cors, versioning, logging and policies.

k1LoW commented

Thank you for your comment !!