Implement deleteObject & deleteObjects (#34)

* Implement `deleteObject` & `deleteObjects` methods

Author: imabhichow

src/main/java/software/amazon/encryption/s3/S3EncryptionClient.java

@@ -3,6 +3,8 @@
 import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
 
 import java.security.KeyPair;
+import java.util.ArrayList;
+import java.util.List;
 import java.security.SecureRandom;
 import java.util.Map;
 import java.util.function.Consumer;
@@ -21,6 +23,7 @@
 import software.amazon.awssdk.services.s3.model.DeleteObjectsResponse;
 import software.amazon.awssdk.services.s3.model.GetObjectRequest;
 import software.amazon.awssdk.services.s3.model.GetObjectResponse;
+import software.amazon.awssdk.services.s3.model.ObjectIdentifier;
 import software.amazon.awssdk.services.s3.model.PutObjectRequest;
 import software.amazon.awssdk.services.s3.model.PutObjectResponse;
 import software.amazon.encryption.s3.internal.GetEncryptedObjectPipeline;
@@ -40,7 +43,7 @@
 public class S3EncryptionClient implements S3Client {
 
     // Used for request-scoped encryption contexts for supporting keys
-    public static final ExecutionAttribute<Map<String,String>> ENCRYPTION_CONTEXT = new ExecutionAttribute<>("EncryptionContext");
+    public static final ExecutionAttribute<Map<String, String>> ENCRYPTION_CONTEXT = new ExecutionAttribute<>("EncryptionContext");
 
     private final S3Client _wrappedClient;
     private final CryptographicMaterialsManager _cryptoMaterialsManager;
@@ -81,7 +84,7 @@ public PutObjectResponse putObject(PutObjectRequest putObjectRequest, RequestBod
 
     @Override
     public <T> T getObject(GetObjectRequest getObjectRequest,
-            ResponseTransformer<GetObjectResponse, T> responseTransformer)
+                           ResponseTransformer<GetObjectResponse, T> responseTransformer)
             throws AwsServiceException, SdkClientException {
 
         GetEncryptedObjectPipeline pipeline = GetEncryptedObjectPipeline.builder()
@@ -97,13 +100,33 @@ public <T> T getObject(GetObjectRequest getObjectRequest,
     @Override
     public DeleteObjectResponse deleteObject(DeleteObjectRequest deleteObjectRequest) throws AwsServiceException,
             SdkClientException {
-        return _wrappedClient.deleteObject(deleteObjectRequest);
+        // Delete the object
+        DeleteObjectResponse deleteObjectResponse = _wrappedClient.deleteObject(deleteObjectRequest);
+        // If Instruction file exists, delete the instruction file as well.
+        String instructionObjectKey = deleteObjectRequest.key() + ".instruction";
+        _wrappedClient.deleteObject(builder -> builder
+                .bucket(deleteObjectRequest.bucket())
+                .key(instructionObjectKey));
+        return deleteObjectResponse;
     }
 
     @Override
     public DeleteObjectsResponse deleteObjects(DeleteObjectsRequest deleteObjectsRequest) throws AwsServiceException,
             SdkClientException {
-        return _wrappedClient.deleteObjects(deleteObjectsRequest);
+        // Delete the objects
+        DeleteObjectsResponse deleteObjectsResponse = _wrappedClient.deleteObjects(deleteObjectsRequest);
+        // If Instruction files exists, delete the instruction files as well.
+        List<ObjectIdentifier> deleteObjects = new ArrayList<>();
+        for (ObjectIdentifier o : deleteObjectsRequest.delete().objects()) {
+            deleteObjects.add(o.toBuilder()
+                    .key(o.key() + ".instruction")
+                    .build());
+        }
+        _wrappedClient.deleteObjects(DeleteObjectsRequest.builder()
+                .bucket(deleteObjectsRequest.bucket())
+                .delete(builder -> builder.objects(deleteObjects))
+                .build());
+        return deleteObjectsResponse;
     }
 
     @Override
@@ -127,7 +150,8 @@ public static class Builder {
         private boolean _enableDelayedAuthenticationMode = false;
         private SecureRandom _secureRandom = new SecureRandom();
 
-        private Builder() {}
+        private Builder() {
+        }
 
         /**
          * Note that this does NOT create a defensive clone of S3Client. Any modifications made to the wrapped

src/test/java/software/amazon/encryption/s3/S3EncryptionClientCompatibilityTest.java

@@ -21,6 +21,7 @@
 import com.amazonaws.services.s3.model.KMSEncryptionMaterials;
 import com.amazonaws.services.s3.model.KMSEncryptionMaterialsProvider;
 import com.amazonaws.services.s3.model.StaticEncryptionMaterialsProvider;
+
 import java.io.ByteArrayInputStream;
 import java.io.IOException;
 import java.nio.charset.StandardCharsets;
@@ -31,6 +32,7 @@
 import java.util.Map;
 import javax.crypto.KeyGenerator;
 import javax.crypto.SecretKey;
+
 import org.junit.jupiter.api.BeforeAll;
 import org.junit.jupiter.api.Test;
 import software.amazon.awssdk.core.ResponseBytes;
@@ -196,11 +198,8 @@ public void AesGcmV2toV3WithInstructionFile() {
         String output = objectResponse.asUtf8String();
         assertEquals(input, output);
 
-        // TODO: Implement deleteObject in the v3 client
-        //       so that instruction file is deleted too
         // Cleanup
         deleteObject(BUCKET, objectKey, v3Client);
-        deleteObject(BUCKET, (objectKey + ".instruction"), v3Client);
         v3Client.close();
     }
 
@@ -703,5 +702,4 @@ public void AesWrapV1toV3FailsWhenLegacyModeDisabled() {
         deleteObject(BUCKET, objectKey, v3Client);
         v3Client.close();
     }
-
 }

src/test/java/software/amazon/encryption/s3/S3EncryptionClientRangedGetCompatibilityTest.java

@@ -22,6 +22,7 @@
 import static org.junit.jupiter.api.Assertions.assertEquals;
 import static org.junit.jupiter.api.Assertions.assertThrows;
 import static software.amazon.encryption.s3.utils.S3EncryptionClientTestResources.BUCKET;
+import static software.amazon.encryption.s3.utils.S3EncryptionClientTestResources.deleteObject;
 
 /**
  * This class is an integration test for Unauthenticated Ranged Get for AES/CBC and AES/GCM modes
@@ -58,6 +59,10 @@ public void failsOnRangeWhenLegacyModeDisabled() {
         assertThrows(S3EncryptionClientException.class, () -> v3Client.getObjectAsBytes(builder -> builder.bucket(BUCKET)
                 .key(objectKey)
                 .range("bytes=10-20")));
+
+        // Cleanup
+        deleteObject(BUCKET, objectKey, v3Client);
+        v3Client.close();
     }
 
     @Test
@@ -119,6 +124,10 @@ public void AesGcmV3toV3RangedGet() {
                 .key(objectKey));
         output = objectResponse.asUtf8String();
         assertEquals("", output);
+
+        // Cleanup
+        deleteObject(BUCKET, objectKey, v3Client);
+        v3Client.close();
     }
 
     @Test
@@ -147,6 +156,10 @@ public void AesGcmV3toV3FailsRangeExceededObjectLength() {
                 .bucket(BUCKET)
                 .range("bytes=300-400")
                 .key(objectKey)));
+
+        // Cleanup
+        deleteObject(BUCKET, objectKey, v3Client);
+        v3Client.close();
     }
 
     @Test
@@ -216,6 +229,10 @@ public void AesCbcV1toV3RangedGet() {
                 .key(objectKey));
         output = objectResponse.asUtf8String();
         assertEquals("", output);
+
+        // Cleanup
+        deleteObject(BUCKET, objectKey, v3Client);
+        v3Client.close();
     }
 
     @Test
@@ -251,5 +268,9 @@ public void AesCbcV1toV3FailsRangeExceededObjectLength() {
                 .bucket(BUCKET)
                 .range("bytes=300-400")
                 .key(objectKey)));
+
+        // Cleanup
+        deleteObject(BUCKET, objectKey, v3Client);
+        v3Client.close();
     }
 }

src/test/java/software/amazon/encryption/s3/S3EncryptionClientTest.java

@@ -1,5 +1,13 @@
 package software.amazon.encryption.s3;
 
+import com.amazonaws.services.s3.AmazonS3EncryptionClientV2;
+import com.amazonaws.services.s3.AmazonS3EncryptionV2;
+import com.amazonaws.services.s3.model.CryptoConfigurationV2;
+import com.amazonaws.services.s3.model.CryptoMode;
+import com.amazonaws.services.s3.model.CryptoStorageMode;
+import com.amazonaws.services.s3.model.EncryptionMaterials;
+import com.amazonaws.services.s3.model.EncryptionMaterialsProvider;
+import com.amazonaws.services.s3.model.StaticEncryptionMaterialsProvider;
 import java.security.SecureRandom;
 
 import org.junit.jupiter.api.BeforeAll;
@@ -9,7 +17,9 @@
 import software.amazon.awssdk.core.sync.RequestBody;
 import software.amazon.awssdk.services.s3.S3Client;
 import software.amazon.awssdk.services.s3.model.GetObjectResponse;
+import software.amazon.awssdk.services.s3.model.ObjectIdentifier;
 import software.amazon.awssdk.services.s3.model.PutObjectRequest;
+import software.amazon.awssdk.services.s3.model.S3Exception;
 import software.amazon.encryption.s3.materials.AesKeyring;
 import software.amazon.encryption.s3.materials.CryptographicMaterialsManager;
 import software.amazon.encryption.s3.materials.DefaultCryptoMaterialsManager;
@@ -23,10 +33,14 @@
 import java.security.KeyPair;
 import java.security.KeyPairGenerator;
 import java.security.NoSuchAlgorithmException;
+import java.util.ArrayList;
 import java.util.HashMap;
+import java.util.List;
 import java.util.Map;
 
-import static org.junit.jupiter.api.Assertions.*;
+import static org.junit.jupiter.api.Assertions.assertDoesNotThrow;
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertThrows;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.never;
@@ -60,6 +74,104 @@ public static void setUp() throws NoSuchAlgorithmException {
         RSA_KEY_PAIR = keyPairGen.generateKeyPair();
     }
 
+    @Test
+    public void deleteObjectWithInstructionFileSuccess() {
+        final String objectKey = "delete-object-with-instruction-file";
+
+        // V2 Client
+        EncryptionMaterialsProvider materialsProvider =
+                new StaticEncryptionMaterialsProvider(new EncryptionMaterials(AES_KEY));
+        CryptoConfigurationV2 cryptoConfig =
+                new CryptoConfigurationV2(CryptoMode.StrictAuthenticatedEncryption)
+                        .withStorageMode(CryptoStorageMode.InstructionFile);
+        AmazonS3EncryptionV2 v2Client = AmazonS3EncryptionClientV2.encryptionBuilder()
+                .withCryptoConfiguration(cryptoConfig)
+                .withEncryptionMaterialsProvider(materialsProvider)
+                .build();
+
+        // V3 Client
+        S3Client v3Client = S3EncryptionClient.builder()
+                .aesKey(AES_KEY)
+                .build();
+        final String input = "DeleteObjectWithInstructionFileSuccess";
+        v2Client.putObject(BUCKET, objectKey, input);
+
+        // Delete Object
+        v3Client.deleteObject(builder -> builder.bucket(BUCKET).key(objectKey));
+
+        S3Client s3Client = S3Client.builder().build();
+        // Assert throw NoSuchKeyException when getObject for objectKey
+        assertThrows(S3Exception.class, () -> s3Client.getObject(builder -> builder
+                .bucket(BUCKET)
+                .key(objectKey)));
+        assertThrows(S3Exception.class, () -> s3Client.getObject(builder -> builder
+                .bucket(BUCKET)
+                .key(objectKey + ".instruction")));
+
+        // Cleanup
+        v3Client.close();
+        s3Client.close();
+    }
+
+    @Test
+    public void deleteObjectsWithInstructionFilesSuccess() {
+        final String[] objectKeys = {"delete-object-with-instruction-file-1",
+                "delete-object-with-instruction-file-2",
+                "delete-object-with-instruction-file-3"};
+
+        // V2 Client
+        EncryptionMaterialsProvider materialsProvider =
+                new StaticEncryptionMaterialsProvider(new EncryptionMaterials(AES_KEY));
+        CryptoConfigurationV2 cryptoConfig =
+                new CryptoConfigurationV2(CryptoMode.StrictAuthenticatedEncryption)
+                        .withStorageMode(CryptoStorageMode.InstructionFile);
+        AmazonS3EncryptionV2 v2Client = AmazonS3EncryptionClientV2.encryptionBuilder()
+                .withCryptoConfiguration(cryptoConfig)
+                .withEncryptionMaterialsProvider(materialsProvider)
+                .build();
+
+        // V3 Client
+        S3Client v3Client = S3EncryptionClient.builder()
+                .aesKey(AES_KEY)
+                .build();
+        final String input = "DeleteObjectsWithInstructionFileSuccess";
+        List<ObjectIdentifier> objects = new ArrayList<>();
+        for (String objectKey : objectKeys) {
+            v2Client.putObject(BUCKET, objectKey, input);
+            objects.add(ObjectIdentifier.builder().key(objectKey).build());
+        }
+
+        // Delete Objects from S3 Buckets
+        v3Client.deleteObjects(builder -> builder
+                .bucket(BUCKET)
+                .delete(builder1 -> builder1.objects(objects)));
+
+        S3Client s3Client = S3Client.builder().build();
+        // Assert throw NoSuchKeyException when getObject for any of objectKeys
+        assertThrows(S3Exception.class, () -> s3Client.getObject(builder -> builder
+                .bucket(BUCKET)
+                .key(objectKeys[0])));
+        assertThrows(S3Exception.class, () -> s3Client.getObject(builder -> builder
+                .bucket(BUCKET)
+                .key(objectKeys[0] + ".instruction")));
+
+        // Cleanup
+        v3Client.close();
+        s3Client.close();
+    }
+
+    @Test
+    public void deleteObjectWithWrongObjectKeySuccess() {
+        // V3 Client
+        S3Client v3Client = S3EncryptionClient.builder()
+                .aesKey(AES_KEY)
+                .build();
+        assertDoesNotThrow(() -> v3Client.deleteObject(builder -> builder.bucket(BUCKET).key("InvalidKey")));
+
+        // Cleanup
+        v3Client.close();
+    }
+
     @Test
     public void s3EncryptionClientWithMultipleKeyringsFails() {
         assertThrows(S3EncryptionClientException.class, () -> S3EncryptionClient.builder()
@@ -361,6 +473,7 @@ public void s3EncryptionClientFromAESKeyringUsesDifferentSecureRandomThanKeyring
     /**
      * A simple, reusable round-trip (encryption + decryption) using a given
      * S3Client. Useful for testing client configuration.
+     *
      * @param v3Client the client under test
      */
     private void simpleV3RoundTrip(final S3Client v3Client, final String objectKey) {

src/test/java/software/amazon/encryption/s3/utils/S3EncryptionClientTestResources.java

@@ -28,6 +28,4 @@ public static void deleteObject(final String bucket, final String objectKey, fin
                 .delete(delete)
                 .build());
     }
-
-
 }