From acb53ee5e62cd30ebfb43b8f79e50c42abaca529 Mon Sep 17 00:00:00 2001 From: Paolo Di Tommaso Date: Sat, 20 Nov 2021 17:51:11 +0100 Subject: [PATCH] Fix Missing AWS SSE encryption for begin and exit task files #2452 --- .../aws/batch/AwsBatchFileCopyStrategy.groovy | 6 ++---- .../nextflow/cloud/aws/util/S3BashLib.groovy | 12 +++++++----- .../batch/AwsBatchFileCopyStrategyTest.groovy | 12 ++++++++---- .../aws/batch/AwsBatchScriptLauncherTest.groovy | 16 ++++++++++++---- 4 files changed, 29 insertions(+), 17 deletions(-) diff --git a/plugins/nf-amazon/src/main/nextflow/cloud/aws/batch/AwsBatchFileCopyStrategy.groovy b/plugins/nf-amazon/src/main/nextflow/cloud/aws/batch/AwsBatchFileCopyStrategy.groovy index 25ab24a205..d79ec957e3 100644 --- a/plugins/nf-amazon/src/main/nextflow/cloud/aws/batch/AwsBatchFileCopyStrategy.groovy +++ b/plugins/nf-amazon/src/main/nextflow/cloud/aws/batch/AwsBatchFileCopyStrategy.groovy @@ -134,8 +134,7 @@ class AwsBatchFileCopyStrategy extends SimpleFileCopyStrategy { */ @Override String touchFile( Path file ) { - final aws = opts.getAwsCli() - "echo start | $aws s3 cp --only-show-errors - s3:/${Escape.path(file)}" + "echo start | nxf_s3_upload - s3:/${Escape.path(file)}" } /** @@ -162,8 +161,7 @@ class AwsBatchFileCopyStrategy extends SimpleFileCopyStrategy { * {@inheritDoc} */ String exitFile( Path path ) { - final aws = opts.getAwsCli() - "| $aws s3 cp --only-show-errors - s3:/${Escape.path(path)} || true" + "| nxf_s3_upload - s3:/${Escape.path(path)} || true" } /** diff --git a/plugins/nf-amazon/src/main/nextflow/cloud/aws/util/S3BashLib.groovy b/plugins/nf-amazon/src/main/nextflow/cloud/aws/util/S3BashLib.groovy index ad549ce2da..8f075178de 100644 --- a/plugins/nf-amazon/src/main/nextflow/cloud/aws/util/S3BashLib.groovy +++ b/plugins/nf-amazon/src/main/nextflow/cloud/aws/util/S3BashLib.groovy @@ -28,7 +28,7 @@ import nextflow.executor.BashFunLib class S3BashLib extends BashFunLib { private String storageClass = 'STANDARD' - private String encryptionEncryption = '' + private String storageEncryption = '' private String debug = '' private String cli = 'aws' private String retryMode @@ -58,7 +58,7 @@ class S3BashLib extends BashFunLib { S3BashLib withStorageEncryption(String value) { if( value ) - this.encryptionEncryption = value ? "--sse $value " : '' + this.storageEncryption = value ? "--sse $value " : '' return this } @@ -78,10 +78,12 @@ class S3BashLib extends BashFunLib { nxf_s3_upload() { local name=\$1 local s3path=\$2 - if [[ -d "\$name" ]]; then - $cli s3 cp --only-show-errors --recursive $debug$encryptionEncryption--storage-class $storageClass "\$name" "\$s3path/\$name" + if [[ "\$name" == - ]]; then + $cli s3 cp --only-show-errors $debug$storageEncryption--storage-class $storageClass - "\$s3path" + elif [[ -d "\$name" ]]; then + $cli s3 cp --only-show-errors --recursive $debug$storageEncryption--storage-class $storageClass "\$name" "\$s3path/\$name" else - $cli s3 cp --only-show-errors $debug$encryptionEncryption--storage-class $storageClass "\$name" "\$s3path/\$name" + $cli s3 cp --only-show-errors $debug$storageEncryption--storage-class $storageClass "\$name" "\$s3path/\$name" fi } diff --git a/plugins/nf-amazon/src/test/nextflow/cloud/aws/batch/AwsBatchFileCopyStrategyTest.groovy b/plugins/nf-amazon/src/test/nextflow/cloud/aws/batch/AwsBatchFileCopyStrategyTest.groovy index 047baefeeb..545bf64a2d 100644 --- a/plugins/nf-amazon/src/test/nextflow/cloud/aws/batch/AwsBatchFileCopyStrategyTest.groovy +++ b/plugins/nf-amazon/src/test/nextflow/cloud/aws/batch/AwsBatchFileCopyStrategyTest.groovy @@ -33,9 +33,9 @@ class AwsBatchFileCopyStrategyTest extends Specification { def RUN = Paths.get('/some/data/.command.run') def copy = new AwsBatchFileCopyStrategy(Mock(TaskBean), new AwsOptions()) expect: - copy.touchFile(RUN) == "echo start | aws s3 cp --only-show-errors - s3://some/data/.command.run" + copy.touchFile(RUN) == "echo start | nxf_s3_upload - s3://some/data/.command.run" copy.copyFile("nobel_prize_results.gz",Paths.get("/some/data/nobel_prize_results.gz")) == "nxf_s3_upload nobel_prize_results.gz s3://some/data" - copy.exitFile(EXIT) == "| aws s3 cp --only-show-errors - s3://some/path/.exitcode || true" + copy.exitFile(EXIT) == "| nxf_s3_upload - s3://some/path/.exitcode || true" copy.stageInputFile(FILE, 'foo.txt') == """ downloads+=("nxf_s3_download s3://some/data/nobel_prize_results.gz foo.txt") """ @@ -188,7 +188,9 @@ class AwsBatchFileCopyStrategyTest extends Specification { nxf_s3_upload() { local name=$1 local s3path=$2 - if [[ -d "$name" ]]; then + if [[ "$name" == - ]]; then + aws s3 cp --only-show-errors --storage-class STANDARD - "$s3path" + elif [[ -d "$name" ]]; then aws s3 cp --only-show-errors --recursive --storage-class STANDARD "$name" "$s3path/$name" else aws s3 cp --only-show-errors --storage-class STANDARD "$name" "$s3path/$name" @@ -275,7 +277,9 @@ class AwsBatchFileCopyStrategyTest extends Specification { nxf_s3_upload() { local name=$1 local s3path=$2 - if [[ -d "$name" ]]; then + if [[ "$name" == - ]]; then + /foo/aws s3 cp --only-show-errors --sse AES256 --storage-class STANDARD_IA - "$s3path" + elif [[ -d "$name" ]]; then /foo/aws s3 cp --only-show-errors --recursive --sse AES256 --storage-class STANDARD_IA "$name" "$s3path/$name" else /foo/aws s3 cp --only-show-errors --sse AES256 --storage-class STANDARD_IA "$name" "$s3path/$name" diff --git a/plugins/nf-amazon/src/test/nextflow/cloud/aws/batch/AwsBatchScriptLauncherTest.groovy b/plugins/nf-amazon/src/test/nextflow/cloud/aws/batch/AwsBatchScriptLauncherTest.groovy index 00658ac8b7..7b06de8d2a 100644 --- a/plugins/nf-amazon/src/test/nextflow/cloud/aws/batch/AwsBatchScriptLauncherTest.groovy +++ b/plugins/nf-amazon/src/test/nextflow/cloud/aws/batch/AwsBatchScriptLauncherTest.groovy @@ -117,7 +117,9 @@ class AwsBatchScriptLauncherTest extends Specification { nxf_s3_upload() { local name=$1 local s3path=$2 - if [[ -d "$name" ]]; then + if [[ "$name" == - ]]; then + /conda/bin/aws --region eu-west-1 s3 cp --only-show-errors --storage-class STANDARD - "$s3path" + elif [[ -d "$name" ]]; then /conda/bin/aws --region eu-west-1 s3 cp --only-show-errors --recursive --storage-class STANDARD "$name" "$s3path/$name" else /conda/bin/aws --region eu-west-1 s3 cp --only-show-errors --storage-class STANDARD "$name" "$s3path/$name" @@ -292,7 +294,9 @@ class AwsBatchScriptLauncherTest extends Specification { nxf_s3_upload() { local name=$1 local s3path=$2 - if [[ -d "$name" ]]; then + if [[ "$name" == - ]]; then + aws s3 cp --only-show-errors --storage-class STANDARD - "$s3path" + elif [[ -d "$name" ]]; then aws s3 cp --only-show-errors --recursive --storage-class STANDARD "$name" "$s3path/$name" else aws s3 cp --only-show-errors --storage-class STANDARD "$name" "$s3path/$name" @@ -433,7 +437,9 @@ class AwsBatchScriptLauncherTest extends Specification { nxf_s3_upload() { local name=$1 local s3path=$2 - if [[ -d "$name" ]]; then + if [[ "$name" == - ]]; then + aws s3 cp --only-show-errors --storage-class STANDARD - "$s3path" + elif [[ -d "$name" ]]; then aws s3 cp --only-show-errors --recursive --storage-class STANDARD "$name" "$s3path/$name" else aws s3 cp --only-show-errors --storage-class STANDARD "$name" "$s3path/$name" @@ -548,7 +554,9 @@ class AwsBatchScriptLauncherTest extends Specification { nxf_s3_upload() { local name=$1 local s3path=$2 - if [[ -d "$name" ]]; then + if [[ "$name" == - ]]; then + aws s3 cp --only-show-errors --storage-class STANDARD - "$s3path" + elif [[ -d "$name" ]]; then aws s3 cp --only-show-errors --recursive --storage-class STANDARD "$name" "$s3path/$name" else aws s3 cp --only-show-errors --storage-class STANDARD "$name" "$s3path/$name"