chore(ci): add retries to tests

.github/workflows/build.yml

@@ -45,6 +45,9 @@ jobs:
         shell: bash
 
       - name: Test
+        env:
+          AWS_RETRY_MODE: adaptive
+          AWS_MAX_ATTEMPTS: '5'
         run: |
           export AWS_S3EC_TEST_ALT_KMS_KEY_ARN=arn:aws:kms:${{ vars.CI_AWS_REGION }}:${{ secrets.CI_AWS_ACCOUNT_ID }}:key/${{ vars.CI_ALT_KMS_KEY_ID }}
           export AWS_S3EC_TEST_ALT_ROLE_ARN=arn:aws:iam::${{ secrets.CI_AWS_ACCOUNT_ID }}:role/service-role/${{ vars.CI_ALT_ROLE }}

pom.xml

@@ -120,6 +120,12 @@
 
     <!-- Test Dependencies -->
     <!-- https://mvnrepository.com/artifact/org.mockito/mockito-core -->
+    <dependency>
+      <groupId>org.junit-pioneer</groupId>
+      <artifactId>junit-pioneer</artifactId>
+      <version>1.9.1</version>
+      <scope>test</scope>
+    </dependency>
     <dependency>
       <groupId>org.mockito</groupId>
       <artifactId>mockito-core</artifactId>

src/test/java/software/amazon/encryption/s3/AdditionalDecryptionKeyMaterialTest.java

@@ -3,7 +3,7 @@
 package software.amazon.encryption.s3;
 
 import org.junit.jupiter.api.BeforeAll;
-import org.junit.jupiter.api.Test;
+import org.junitpioneer.jupiter.RetryingTest;
 import software.amazon.awssdk.core.ResponseBytes;
 import software.amazon.awssdk.core.sync.RequestBody;
 import software.amazon.awssdk.services.s3.S3Client;
@@ -65,7 +65,7 @@ public static void setUp() throws NoSuchAlgorithmException {
      * Test AES keyring with null additionalDecryptionKeyMaterial map.
      * This tests the default behavior when no additional key material is provided.
      */
-    @Test
+    @RetryingTest(3)
     public void testAesKeyringWithNullAdditionalKeyMaterial() {
         final String objectKey = appendTestSuffix("aes-null-additional-key-material");
         final String input = "AES with null additional key material";
@@ -129,7 +129,7 @@ public void testAesKeyringWithNullAdditionalKeyMaterial() {
      * Test AES keyring with empty additionalDecryptionKeyMaterial map.
      * This tests the behavior when an empty map is provided.
      */
-    @Test
+    @RetryingTest(3)
     public void testAesKeyringWithEmptyAdditionalKeyMaterial() {
         final String objectKey = appendTestSuffix("aes-empty-additional-key-material");
         final String input = "AES with empty additional key material";
@@ -194,7 +194,7 @@ public void testAesKeyringWithEmptyAdditionalKeyMaterial() {
      * Test AES keyring with a singleton additionalDecryptionKeyMaterial map.
      * This tests the behavior when a single additional key material is provided.
      */
-    @Test
+    @RetryingTest(3)
     public void testAesKeyringWithSingletonAdditionalKeyMaterial() {
         final String objectKey = appendTestSuffix("aes-singleton-additional-key-material");
         final String input = "AES with singleton additional key material";
@@ -265,7 +265,7 @@ public void testAesKeyringWithSingletonAdditionalKeyMaterial() {
      * Test AES keyring with multiple entries in the additionalDecryptionKeyMaterial map.
      * This tests the behavior when multiple additional key materials are provided.
      */
-    @Test
+    @RetryingTest(3)
     public void testAesKeyringWithMultipleAdditionalKeyMaterials() {
         final String objectKey = appendTestSuffix("aes-multiple-additional-key-materials");
         final String input = "AES with multiple additional key materials";
@@ -348,7 +348,7 @@ public void testAesKeyringWithMultipleAdditionalKeyMaterials() {
      * Test AES keyring with additionalDecryptionKeyMaterial that doesn't match.
      * This tests the behavior when no matching key material is found and it should fall back to the default key.
      */
-    @Test
+    @RetryingTest(3)
     public void testAesKeyringWithNonMatchingAdditionalKeyMaterial() {
         final String objectKey = appendTestSuffix("aes-non-matching-additional-key-material");
         final String input = "AES with non-matching additional key material";
@@ -423,7 +423,7 @@ public void testAesKeyringWithNonMatchingAdditionalKeyMaterial() {
      * Test AES keyring with additionalDecryptionKeyMaterial that doesn't match and a wrong default key.
      * This tests the behavior when no matching key material is found and the default key is also wrong.
      */
-    @Test
+    @RetryingTest(3)
     public void testAesKeyringWithNonMatchingAdditionalKeyMaterialAndWrongDefaultKey() {
         final String objectKey = appendTestSuffix("aes-non-matching-additional-key-material-wrong-default");
         final String input = "AES with non-matching additional key material and wrong default key";
@@ -494,7 +494,7 @@ public void testAesKeyringWithNonMatchingAdditionalKeyMaterialAndWrongDefaultKey
      * Test RSA keyring with null additionalDecryptionKeyMaterial map.
      * This tests the default behavior when no additional key material is provided.
      */
-    @Test
+    @RetryingTest(3)
     public void testRsaKeyringWithNullAdditionalKeyMaterial() {
         final String objectKey = appendTestSuffix("rsa-null-additional-key-material");
         final String input = "RSA with null additional key material";
@@ -564,7 +564,7 @@ public void testRsaKeyringWithNullAdditionalKeyMaterial() {
      * Test RSA keyring with empty additionalDecryptionKeyMaterial map.
      * This tests the behavior when an empty map is provided.
      */
-    @Test
+    @RetryingTest(3)
     public void testRsaKeyringWithEmptyAdditionalKeyMaterial() {
         final String objectKey = appendTestSuffix("rsa-empty-additional-key-material");
         final String input = "RSA with empty additional key material";
@@ -635,7 +635,7 @@ public void testRsaKeyringWithEmptyAdditionalKeyMaterial() {
      * Test RSA keyring with a singleton additionalDecryptionKeyMaterial map.
      * This tests the behavior when a single additional key material is provided.
      */
-    @Test
+    @RetryingTest(3)
     public void testRsaKeyringWithSingletonAdditionalKeyMaterial() {
         final String objectKey = appendTestSuffix("rsa-singleton-additional-key-material");
         final String input = "RSA with singleton additional key material";
@@ -715,7 +715,7 @@ public void testRsaKeyringWithSingletonAdditionalKeyMaterial() {
      * Test RSA keyring with multiple entries in the additionalDecryptionKeyMaterial map.
      * This tests the behavior when multiple additional key materials are provided.
      */
-    @Test
+    @RetryingTest(3)
     public void testRsaKeyringWithMultipleAdditionalKeyMaterials() {
         final String objectKey = appendTestSuffix("rsa-multiple-additional-key-materials");
         final String input = "RSA with multiple additional key materials";
@@ -810,7 +810,7 @@ public void testRsaKeyringWithMultipleAdditionalKeyMaterials() {
      * Test RSA keyring with additionalDecryptionKeyMaterial that doesn't match.
      * This tests the behavior when no matching key material is found and it should fall back to the default key.
      */
-    @Test
+    @RetryingTest(3)
     public void testRsaKeyringWithNonMatchingAdditionalKeyMaterial() {
         final String objectKey = appendTestSuffix("rsa-non-matching-additional-key-material");
         final String input = "RSA with non-matching additional key material";
@@ -894,7 +894,7 @@ public void testRsaKeyringWithNonMatchingAdditionalKeyMaterial() {
      * Test RSA keyring with additionalDecryptionKeyMaterial that doesn't match and a wrong default key.
      * This tests the behavior when no matching key material is found and the default key is also wrong.
      */
-    @Test
+    @RetryingTest(3)
     public void testRsaKeyringWithNonMatchingAdditionalKeyMaterialAndWrongDefaultKey() {
         final String objectKey = appendTestSuffix("rsa-non-matching-additional-key-material-wrong-default");
         final String input = "RSA with non-matching additional key material and wrong default key";

src/test/java/software/amazon/encryption/s3/ParameterMalleabilityTest.java

@@ -1,7 +1,7 @@
 package software.amazon.encryption.s3;
 
 import org.junit.jupiter.api.BeforeAll;
-import org.junit.jupiter.api.Test;
+import org.junitpioneer.jupiter.RetryingTest;
 import software.amazon.awssdk.core.ResponseInputStream;
 import software.amazon.awssdk.core.sync.RequestBody;
 import software.amazon.awssdk.services.s3.S3Client;
@@ -30,7 +30,7 @@ public static void setUp() throws NoSuchAlgorithmException {
         AES_KEY = keyGen.generateKey();
     }
 
-    @Test
+    @RetryingTest(3)
     public void contentEncryptionDowngradeAttackFails() {
         final String objectKey = appendTestSuffix("content-downgrade-attack-fails");
         S3Client s3Client = S3EncryptionClient.builderV4()
@@ -74,7 +74,7 @@ public void contentEncryptionDowngradeAttackFails() {
         s3Client.close();
     }
 
-    @Test
+    @RetryingTest(3)
     public void keyWrapRemovalAttackFails() {
         final String objectKey = appendTestSuffix("keywrap-removal-attack-fails");
         S3Client s3Client = S3EncryptionClient.builderV4()
@@ -116,7 +116,7 @@ public void keyWrapRemovalAttackFails() {
         s3Client.close();
     }
 
-    @Test
+    @RetryingTest(3)
     public void keyWrapDowngradeAesWrapAttackFails() {
         final String objectKey = appendTestSuffix("keywrap-downgrade-aeswrap-attack-fails");
         S3Client s3Client = S3EncryptionClient.builderV4()
@@ -159,7 +159,7 @@ public void keyWrapDowngradeAesWrapAttackFails() {
         s3Client.close();
     }
 
-    @Test
+    @RetryingTest(3)
     public void keyWrapDowngradeAesAttackFails() {
         final String objectKey = appendTestSuffix("keywrap-downgrade-aes-attack-fails");
         S3Client s3Client = S3EncryptionClient.builderV4()