From 0b29eee9edf3218e86ee544695d9f7a790c31530 Mon Sep 17 00:00:00 2001
From: adfost <adfost@comcast.net>
Date: Thu, 17 Mar 2022 19:09:04 -0700
Subject: [PATCH] Adding bucket object tag tests (#1732)

adding bucket object tests
---
 .../tests/permissions/bucketObjectTags.ts     | 79 +++++++++++++++++++
 portal-ui/tests/policies/bucketCannotTag.json | 25 ++++++
 portal-ui/tests/scripts/cleanup-env.sh        |  3 +
 portal-ui/tests/scripts/common.sh             |  5 ++
 portal-ui/tests/utils/roles.ts                | 38 +++++++--
 5 files changed, 142 insertions(+), 8 deletions(-)
 create mode 100644 portal-ui/tests/permissions/bucketObjectTags.ts
 create mode 100644 portal-ui/tests/policies/bucketCannotTag.json

diff --git a/portal-ui/tests/permissions/bucketObjectTags.ts b/portal-ui/tests/permissions/bucketObjectTags.ts
new file mode 100644
index 000000000..e0d65de38
--- /dev/null
+++ b/portal-ui/tests/permissions/bucketObjectTags.ts
@@ -0,0 +1,79 @@
+// This file is part of MinIO Console Server
+// Copyright (c) 2022 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+import * as roles from "../utils/roles";
+import * as elements from "../utils/elements";
+import * as functions from "../utils/functions";
+import { testBucketBrowseButtonFor } from "../utils/functions";
+import { Selector } from "testcafe";
+
+fixture("For user with Bucket Read & Write permissions").page("http://localhost:9090");
+
+test
+  .before(async (t) => {
+    // Create a bucket
+    await functions.setUpBucket(t, "bucketobjecttags");
+    await functions.setVersioned(t, "bucketobjecttags");
+  })("Tags can be created and deleted", async (t) => {
+    const testBucketBrowseButton = testBucketBrowseButtonFor("bucketobjecttags");
+    await t
+      .useRole(roles.bucketObjectTags)
+      .navigateTo("http://localhost:9090/buckets")
+      .click(testBucketBrowseButton)
+      // Upload object to bucket
+      .setFilesToUpload(elements.uploadInput, "../uploads/test.txt")
+      .wait(1000)
+      .click("div.ReactVirtualized__Grid.ReactVirtualized__Table__Grid > div > div:nth-child(1)")
+      .click(Selector("button").withText("Tags"))
+      .typeText("#newTagKey", "tag1")
+      .typeText("#newTagLabel", "test")
+      .click(Selector("button:enabled").withText("Save New Tag"))
+      .click(Selector("button").withText("Tags"))
+      .expect(Selector(".MuiChip-label").withText("tag1 : test").exists).ok()
+      .click(Selector(".MuiChip-deleteIcon"))
+      .click(Selector("button").withText("Yes"))
+      .click(Selector("button").withText("Tags"))
+      .expect(Selector(".MuiChip-label").withText("tag1 : test").exists).notOk()
+  }).after(async (t) => {
+    // Cleanup created bucket and corresponding uploads
+    await functions.cleanUpBucketAndUploads(t, "bucketobjecttags");
+  });
+
+test
+    .before(async (t) => {
+        // Create a bucket
+        await functions.setUpBucket(t, "bucketcannottag");
+        await functions.setVersioned(t, "bucketcannottag");
+    })("User should not be able to create tag", async (t) => {
+        const testBucketBrowseButton = testBucketBrowseButtonFor("bucketcannottag");
+        await t
+            .useRole(roles.bucketCannotTag)
+            .navigateTo("http://localhost:9090/buckets")
+            .click(testBucketBrowseButton)
+            // Upload object to bucket
+            .setFilesToUpload(elements.uploadInput, "../uploads/test.txt")
+            .wait(1000)
+            .click("div.ReactVirtualized__Grid.ReactVirtualized__Table__Grid > div > div:nth-child(1)")
+            .click(Selector("button").withText("Tags"))
+            .typeText("#newTagKey", "tag1")
+            .typeText("#newTagLabel", "test")
+            .click(Selector("button:enabled").withText("Save New Tag"))
+            .click(Selector("button").withText("Tags"))
+            .expect(Selector(".MuiChip-label").withText("tag1 : test").exists).notOk()
+    }).after(async (t) => {
+    // Cleanup created bucket and corresponding uploads
+    await functions.cleanUpBucketAndUploads(t, "bucketcannottag");
+});
diff --git a/portal-ui/tests/policies/bucketCannotTag.json b/portal-ui/tests/policies/bucketCannotTag.json
new file mode 100644
index 000000000..9aefdd075
--- /dev/null
+++ b/portal-ui/tests/policies/bucketCannotTag.json
@@ -0,0 +1,25 @@
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Effect": "Allow",
+      "Action": [
+        "s3:*"
+      ],
+      "Resource": [
+        "arn:aws:s3:::*"
+      ]
+    },
+    {
+      "Action": [
+        "s3:PutObjectTagging",
+        "s3:DeleteObjectTagging"
+      ],
+      "Effect": "Deny",
+      "Sid": "Deny_Tagging_Actions",
+      "Resource": [
+        "arn:aws:s3:::*"
+      ]
+    }
+  ]
+}
diff --git a/portal-ui/tests/scripts/cleanup-env.sh b/portal-ui/tests/scripts/cleanup-env.sh
index 2aef7f0d7..ae0f5afc1 100644
--- a/portal-ui/tests/scripts/cleanup-env.sh
+++ b/portal-ui/tests/scripts/cleanup-env.sh
@@ -11,6 +11,8 @@ remove_users() {
   mc admin user remove minio bucketassignpolicy-$TIMESTAMP
   mc admin user remove minio bucketread-$TIMESTAMP
   mc admin user remove minio bucketwrite-$TIMESTAMP
+  mc admin user remove minio bucketobjecttags-$TIMESTAMP
+  mc admin user remove minio bucketcannottag-$TIMESTAMP
   mc admin user remove minio dashboard-$TIMESTAMP
   mc admin user remove minio diagnostics-$TIMESTAMP
   mc admin user remove minio groups-$TIMESTAMP
@@ -32,6 +34,7 @@ remove_policies() {
   mc admin policy remove minio bucketassignpolicy-$TIMESTAMP
   mc admin policy remove minio bucketread-$TIMESTAMP
   mc admin policy remove minio bucketwrite-$TIMESTAMP
+  mc admin policy remove minio bucketcannottag-$TIMESTAMP
   mc admin policy remove minio dashboard-$TIMESTAMP
   mc admin policy remove minio diagnostics-$TIMESTAMP
   mc admin policy remove minio groups-$TIMESTAMP
diff --git a/portal-ui/tests/scripts/common.sh b/portal-ui/tests/scripts/common.sh
index b2b55653e..78e801011 100644
--- a/portal-ui/tests/scripts/common.sh
+++ b/portal-ui/tests/scripts/common.sh
@@ -27,6 +27,7 @@ create_policies() {
   mc admin policy add minio bucketread-$TIMESTAMP portal-ui/tests/policies/bucketRead.json
   mc admin policy add minio bucketwrite-$TIMESTAMP portal-ui/tests/policies/bucketWrite.json
   mc admin policy add minio bucketreadwrite-$TIMESTAMP portal-ui/tests/policies/bucketReadWrite.json
+  mc admin policy add minio bucketcannottag-$TIMESTAMP portal-ui/tests/policies/bucketCannotTag.json
   mc admin policy add minio bucketspecific-$TIMESTAMP portal-ui/tests/policies/bucketSpecific.json
   mc admin policy add minio dashboard-$TIMESTAMP portal-ui/tests/policies/dashboard.json
   mc admin policy add minio diagnostics-$TIMESTAMP portal-ui/tests/policies/diagnostics.json
@@ -51,6 +52,8 @@ create_users() {
   mc admin user add minio bucketread-$TIMESTAMP bucketread
   mc admin user add minio bucketwrite-$TIMESTAMP bucketwrite
   mc admin user add minio bucketreadwrite-$TIMESTAMP bucketreadwrite
+  mc admin user add minio bucketobjecttags-$TIMESTAMP bucketobjecttags
+  mc admin user add minio bucketcannottag-$TIMESTAMP bucketcannottag
   mc admin user add minio bucketspecific-$TIMESTAMP bucketspecific
   mc admin user add minio dashboard-$TIMESTAMP dashboard
   mc admin user add minio diagnostics-$TIMESTAMP diagnostics
@@ -79,6 +82,8 @@ assign_policies() {
   mc admin policy set minio bucketread-$TIMESTAMP user=bucketread-$TIMESTAMP
   mc admin policy set minio bucketwrite-$TIMESTAMP user=bucketwrite-$TIMESTAMP
   mc admin policy set minio bucketreadwrite-$TIMESTAMP user=bucketreadwrite-$TIMESTAMP
+  mc admin policy set minio bucketreadwrite-$TIMESTAMP user=bucketobjecttags-$TIMESTAMP
+  mc admin policy set minio bucketcannottag-$TIMESTAMP user=bucketcannottag-$TIMESTAMP
   mc admin policy set minio bucketspecific-$TIMESTAMP user=bucketspecific-$TIMESTAMP
   mc admin policy set minio dashboard-$TIMESTAMP user=dashboard-$TIMESTAMP
   mc admin policy set minio diagnostics-$TIMESTAMP user=diagnostics-$TIMESTAMP
diff --git a/portal-ui/tests/utils/roles.ts b/portal-ui/tests/utils/roles.ts
index 6eb0c62b9..c8b8904e7 100644
--- a/portal-ui/tests/utils/roles.ts
+++ b/portal-ui/tests/utils/roles.ts
@@ -54,14 +54,36 @@ export const bucketWrite = Role(
 );
 
 export const bucketReadWrite = Role(
-  loginUrl,
-  async (t) => {
-    await t
-      .typeText("#accessKey", "bucketreadwrite-" + unixTimestamp)
-      .typeText("#secretKey", "bucketreadwrite")
-      .click(submitButton);
-  },
-  { preserveUrl: true }
+    loginUrl,
+    async (t) => {
+        await t
+            .typeText("#accessKey", "bucketreadwrite-" + unixTimestamp)
+            .typeText("#secretKey", "bucketreadwrite")
+            .click(submitButton);
+    },
+    { preserveUrl: true }
+);
+
+export const bucketObjectTags = Role(
+    loginUrl,
+    async (t) => {
+        await t
+            .typeText("#accessKey", "bucketobjecttags-" + unixTimestamp)
+            .typeText("#secretKey", "bucketobjecttags")
+            .click(submitButton);
+    },
+    { preserveUrl: true }
+);
+
+export const bucketCannotTag = Role(
+    loginUrl,
+    async (t) => {
+        await t
+            .typeText("#accessKey", "bucketcannottag-" + unixTimestamp)
+            .typeText("#secretKey", "bucketcannottag")
+            .click(submitButton);
+    },
+    { preserveUrl: true }
 );
 
 export const bucketSpecific = Role(