mirrors/versitygw
1
0
Fork 0
mirror of https://github.com/versity/versitygw.git synced 2026-01-11 13:50:13 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #635 from versity/test_cmdline_policy_getobject

Browse Source 
Test cmdline policy getobject
This commit is contained in:
Ben McClelland
2024-06-21 10:34:27 -07:00
committed by GitHub
parent 63c9e75039 a958315144
commit 341d287e37
16 changed files with 459 additions and 109 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
tests/README.md
View File

@@ -10,6 +10,7 @@
* **s3cmd**: Instructions are [here](https://github.com/s3tools/s3cmd/blob/master/INSTALL.md).
* **mc**: Instructions are [here](https://min.io/docs/minio/linux/reference/minio-mc.html).
3. Install BATS. Instructions are [here](https://bats-core.readthedocs.io/en/stable/installation.html).
4. If running on Mac OS, install **jq** with the command `brew install jq`.
4. Create a `.secrets` file in the `tests` folder, and add the `AWS_ACCESS_KEY_ID` and `AWS_SECRET_ACCESS_KEY` values to the file.
5. Create a local AWS profile for connection to S3, and add the `AWS_ACCESS_KEY_ID`, `AWS_SECRET_ACCESS_KEY`, and `AWS_REGION` values for your account to the profile. Example:
```

4
tests/commands/delete_bucket_policy.sh
View File

@@ -5,14 +5,14 @@ delete_bucket_policy() {
log 2 "delete bucket policy command requires command type, bucket"
return 1
fi
if [[ $1 == 'aws' ]]; then
if [[ $1 == 'aws' ]] || [[ $1 == 's3api' ]]; then
error=$(aws --no-verify-ssl s3api delete-bucket-policy --bucket "$2" 2>&1) || delete_result=$?
elif [[ $1 == 's3cmd' ]]; then
error=$(s3cmd "${S3CMD_OPTS[@]}" --no-check-certificate delpolicy "s3://$2" 2>&1) || delete_result=$?
elif [[ $1 == 'mc' ]]; then
error=$(mc --insecure anonymous set none "$MC_ALIAS/$2" 2>&1) || delete_result=$?
else
log 2 "command 'get bucket policy' not implemented for '$1'"
log 2 "command 'delete bucket policy' not implemented for '$1'"
return 1
fi
if [[ $delete_result -ne 0 ]]; then

14
tests/commands/get_bucket_policy.sh
View File

@@ -2,22 +2,22 @@
get_bucket_policy() {
if [[ $# -ne 2 ]]; then
echo "get bucket policy command requires command type, bucket"
log 2 "get bucket policy command requires command type, bucket"
return 1
fi
local get_bucket_policy_result=0
if [[ $1 == 'aws' ]]; then
if [[ $1 == 'aws' ]] || [[ $1 == 's3api' ]]; then
get_bucket_policy_aws "$2" || get_bucket_policy_result=$?
elif [[ $1 == 's3cmd' ]]; then
get_bucket_policy_s3cmd "$2" || get_bucket_policy_result=$?
elif [[ $1 == 'mc' ]]; then
get_bucket_policy_mc "$2" || get_bucket_policy_result=$?
else
echo "command 'get bucket policy' not implemented for '$1'"
log 2 "command 'get bucket policy' not implemented for '$1'"
return 1
fi
if [[ $get_bucket_policy_result -ne 0 ]]; then
echo "error getting policy: $bucket_policy"
log 2 "error getting policy: $bucket_policy"
return 1
fi
export bucket_policy
@@ -26,17 +26,17 @@ get_bucket_policy() {
get_bucket_policy_aws() {
if [[ $# -ne 1 ]]; then
echo "aws 'get bucket policy' command requires bucket"
log 2 "aws 'get bucket policy' command requires bucket"
return 1
fi
policy_json=$(aws --no-verify-ssl s3api get-bucket-policy --bucket "$1" 2>&1) || get_result=$?
policy_json=$(aws --no-verify-ssl s3api get-bucket-policy --bucket "$1" 2>&1) || local get_result=$?
policy_json=$(echo "$policy_json" | grep -v "InsecureRequestWarning")
log 5 "$policy_json"
if [[ $get_result -ne 0 ]]; then
if [[ "$policy_json" == *"(NoSuchBucketPolicy)"* ]]; then
bucket_policy=
else
echo "error getting policy: $policy_json"
log 2 "error getting policy: $policy_json"
return 1
fi
else

21
tests/commands/get_object.sh
View File

@@ -39,3 +39,24 @@ get_object_with_range() {
fi
return 0
}
get_object_with_user() {
if [ $# -ne 6 ]; then
log 2 "'get object with user' command requires command type, bucket, key, save location, aws ID, aws secret key"
return 1
fi
local exit_code=0
if [[ $1 == 's3api' ]] || [[ $1 == 'aws' ]]; then
get_object_error=$(AWS_ACCESS_KEY_ID="$5" AWS_SECRET_ACCESS_KEY="$6" aws --no-verify-ssl s3api get-object --bucket "$2" --key "$3" "$4" 2>&1) || exit_code=$?
else
log 2 "'get object with user' command not implemented for '$1'"
return 1
fi
log 5 "put object exit code: $exit_code"
if [ $exit_code -ne 0 ]; then
log 2 "error getting object: $get_object_error"
export get_object_error
return 1
fi
return 0
}

12
tests/commands/put_bucket_acl.sh
View File

@@ -21,4 +21,16 @@ put_bucket_acl() {
return 1
fi
return 0
}
put_bucket_canned_acl() {
if [[ $# -ne 2 ]]; then
log 2 "'put bucket canned acl' command requires bucket name, canned ACL"
return 1
fi
if ! error=$(aws --no-verify-ssl s3api put-bucket-acl --bucket "$1" --acl "$2"); then
log 2 "error resetting bucket acls: $error"
return 1
fi
return 0
}

13
tests/commands/put_bucket_policy.sh
View File

@@ -5,18 +5,21 @@ put_bucket_policy() {
log 2 "get bucket policy command requires command type, bucket, policy file"
return 1
fi
local put_policy_result=0
if [[ $1 == 'aws' ]] || [[ $1 == 's3api' ]]; then
policy=$(aws --no-verify-ssl s3api put-bucket-policy --bucket "$2" --policy "file://$3" 2>&1) || put_result=$?
policy=$(aws --no-verify-ssl s3api put-bucket-policy --bucket "$2" --policy "file://$3" 2>&1) || put_policy_result=$?
elif [[ $1 == 's3cmd' ]]; then
policy=$(s3cmd "${S3CMD_OPTS[@]}" --no-check-certificate setpolicy "$3" "s3://$2" 2>&1) || put_result=$?
policy=$(s3cmd "${S3CMD_OPTS[@]}" --no-check-certificate setpolicy "$3" "s3://$2" 2>&1) || put_policy_result=$?
elif [[ $1 == 'mc' ]]; then
policy=$(mc --insecure anonymous set-json "$3" "$MC_ALIAS/$2" 2>&1) || put_result=$?
policy=$(mc --insecure anonymous set-json "$3" "$MC_ALIAS/$2" 2>&1) || put_policy_result=$?
else
log 2 "command 'put bucket policy' not implemented for '$1'"
return 1
fi
if [[ $put_result -ne 0 ]]; then
log 2 "error putting policy: $policy"
if [[ $put_policy_result -ne 0 ]]; then
put_bucket_policy_error=$policy
log 2 "error putting policy: $put_bucket_policy_error"
export put_bucket_policy_error
return 1
fi
return 0

3
tests/remove_static.sh
View File

@@ -2,7 +2,6 @@
source ./tests/setup.sh
source ./tests/util.sh
source ./tests/commands/delete_bucket.sh
delete_bucket_if_exists() {
if [[ $# -ne 2 ]]; then
@@ -18,7 +17,7 @@ delete_bucket_if_exists() {
log 5 "bucket '$2' doesn't exist, skipping"
return 0
fi
if ! delete_bucket "$1" "$2"; then
if ! delete_bucket_recursive "$1" "$2"; then
log 2 "error deleting bucket"
return 1
fi

3
tests/run_all.sh
View File

@@ -17,7 +17,4 @@ fi
if ! ./tests/run.sh mc; then
exit 1
fi
if ! ./tests/run.sh user; then
exit 1
fi
exit 0

313
tests/test_aws.sh
View File

@@ -110,7 +110,7 @@ export RUN_USERS=true
create_test_files "$bucket_file" || fail "error creating test file"
printf "%s" "$bucket_file_data" > "$test_file_folder"/$bucket_file
delete_bucket_if_exists "s3api" "$BUCKET_ONE_NAME" || fail "error deleting bucket, or checking for existence"
delete_bucket_or_contents_if_exists "s3api" "$BUCKET_ONE_NAME" || fail "error deleting bucket, or checking for existence"
# in static bucket config, bucket will still exist
bucket_exists "s3api" "$BUCKET_ONE_NAME" || local exists_result=$?
[[ $exists_result -ne 2 ]] || fail "error checking for bucket existence"
@@ -227,18 +227,16 @@ export RUN_USERS=true
delete_bucket_or_contents "aws" "$BUCKET_ONE_NAME"
}
#@test "test_get_object_invalid_range" {
# bucket_file="bucket_file"
#
# create_test_files "$bucket_file" || local created=$?
# [[ $created -eq 0 ]] || fail "Error creating test files"
# setup_bucket "s3api" "$BUCKET_ONE_NAME" || local setup_result=$?
# [[ $setup_result -eq 0 ]] || fail "error setting up bucket"
# put_object "s3api" "$test_file_folder/$bucket_file" "$BUCKET_ONE_NAME" "$bucket_file" || fail "error putting object"
# get_object_with_range "$BUCKET_ONE_NAME" "$bucket_file" "bytes=0-0" "$test_file_folder/$bucket_file-range" || local get_result=$?
# [[ $get_result -ne 0 ]] || fail "Get object with zero range returned no error"
#}
# get-bucket-location
@test "test_get_bucket_location" {
test_common_get_bucket_location "aws"
}
# get-bucket-policy - test_get_put_delete_bucket_policy
# get-bucket-tagging - test_set_get_delete_bucket_tags
# get-object
@test "test_get_object_full_range" {
bucket_file="bucket_file"
@@ -252,6 +250,18 @@ export RUN_USERS=true
[[ "$(cat "$test_file_folder/$bucket_file-range")" == "9" ]] || fail "byte range not copied properly"
}
#@test "test_get_object_invalid_range" {
# bucket_file="bucket_file"
#
# create_test_files "$bucket_file" || local created=$?
# [[ $created -eq 0 ]] || fail "Error creating test files"
# setup_bucket "s3api" "$BUCKET_ONE_NAME" || local setup_result=$?
# [[ $setup_result -eq 0 ]] || fail "error setting up bucket"
# put_object "s3api" "$test_file_folder/$bucket_file" "$BUCKET_ONE_NAME" "$bucket_file" || fail "error putting object"
# get_object_with_range "$BUCKET_ONE_NAME" "$bucket_file" "bytes=0-0" "$test_file_folder/$bucket_file-range" || local get_result=$?
# [[ $get_result -ne 0 ]] || fail "Get object with zero range returned no error"
#}
@test "test_put_object" {
bucket_file="bucket_file"
@@ -418,7 +428,7 @@ legal_hold_retention_setup() {
return 1
fi
delete_bucket_if_exists "s3api" "$BUCKET_ONE_NAME" || fail "error deleting bucket, or checking for existence"
delete_bucket_or_contents_if_exists "s3api" "$BUCKET_ONE_NAME" || fail "error deleting bucket, or checking for existence"
create_user_if_nonexistent "$1" "$2" "user" || fail "error creating user if nonexistent"
create_test_files "$3" || fail "error creating test files"
@@ -709,6 +719,278 @@ legal_hold_retention_setup() {
delete_test_files $folder_name
}
#@test "test_put_policy_no_version" {
# policy_file="policy_file"
#
# create_test_files "$policy_file" || fail "error creating policy file"
#
# effect="Allow"
# principal="*"
# action="s3:GetObject"
# resource="arn:aws:s3:::$BUCKET_ONE_NAME/*"
#
# cat <<EOF > "$test_file_folder"/$policy_file
# {
# "Statement": [
# {
# "Effect": "$effect",
# "Principal": "$principal",
# "Action": "$action",
# "Resource": "$resource"
# }
# ]
# }
#EOF
#
# setup_bucket "s3api" "$BUCKET_ONE_NAME" || fail "error setting up bucket"
#
# check_for_empty_policy "s3api" "$BUCKET_ONE_NAME" || fail "policy not empty"
#
# put_bucket_policy "s3api" "$BUCKET_ONE_NAME" "$test_file_folder/$policy_file" || fail "error putting policy"
#
# get_bucket_policy "s3api" "$BUCKET_ONE_NAME" || fail "unable to retrieve policy"
#}
@test "test_put_policy_invalid_action" {
policy_file="policy_file"
create_test_files "$policy_file" || fail "error creating policy file"
effect="Allow"
principal="*"
action="s3:GetObjectt"
resource="arn:aws:s3:::$BUCKET_ONE_NAME/*"
cat <<EOF > "$test_file_folder"/$policy_file
{
"Statement": [
{
"Effect": "$effect",
"Principal": "$principal",
"Action": "$action",
"Resource": "$resource"
}
]
}
EOF
setup_bucket "s3api" "$BUCKET_ONE_NAME" || fail "error setting up bucket"
check_for_empty_policy "s3api" "$BUCKET_ONE_NAME" || fail "policy not empty"
if put_bucket_policy "s3api" "$BUCKET_ONE_NAME" "$test_file_folder/$policy_file"; then
fail "put succeeded despite malformed policy"
fi
# shellcheck disable=SC2154
[[ "$put_bucket_policy_error" == *"MalformedPolicy"*"unsupported action"* ]] || fail "invalid policy error: $put_bucket_policy_error"
delete_bucket_or_contents "aws" "$BUCKET_ONE_NAME"
delete_test_files "$policy_file"
}
@test "test_policy_get_object_with_user" {
# TODO (https://github.com/versity/versitygw/issues/637)
if [[ $RECREATE_BUCKETS == "false" ]]; then
return 0
fi
policy_file="policy_file"
username="ABCDEFG"
password="HIJKLMN"
test_file="test_file"
create_test_files "$test_file" "$policy_file" || fail "error creating policy file"
echo "$BATS_TEST_NAME" >> "$test_file_folder/$test_file"
effect="Allow"
principal="$username"
action="s3:GetObject"
resource="arn:aws:s3:::$BUCKET_ONE_NAME/$test_file"
if user_exists "$username"; then
delete_user "$username" || fail "failed to delete user '$username'"
fi
setup_policy_with_single_statement "$test_file_folder/$policy_file" "2012-10-17" "$effect" "$principal" "$action" "$resource" || fail "failed to set up policy"
setup_bucket "s3api" "$BUCKET_ONE_NAME" || fail "error setting up bucket"
put_object "s3api" "$test_file_folder/$test_file" "$BUCKET_ONE_NAME" "$test_file" || fail "error copying object"
if ! check_for_empty_policy "s3api" "$BUCKET_ONE_NAME"; then
delete_bucket_policy "s3api" "$BUCKET_ONE_NAME" || fail "error deleting policy"
check_for_empty_policy "s3api" "$BUCKET_ONE_NAME" || fail "policy not empty after deletion"
fi
if put_bucket_policy "s3api" "$BUCKET_ONE_NAME" "$test_file_folder/$policy_file"; then
fail "put succeeded despite invalid username"
fi
[[ "$put_bucket_policy_error" == *"MalformedPolicy"* ]] || fail "invalid policy error: $put_bucket_policy_error"
# cat <<EOF > "$test_file_folder"/acl_file
#{
# "Grants": [
# {
# "Grantee": {
# "ID": "ABCDEFG",
# "Type": "CanonicalUser"
# },
# "Permission": "READ"
# }
# ],
# "Owner": {
# "ID": "$AWS_ACCESS_KEY_ID"
# }
#}
#EOF
#
#put_bucket_acl "s3api" "$BUCKET_ONE_NAME" "$test_file_folder/acl_file" || fail "error putting acl"
#put_bucket_canned_acl "$BUCKET_ONE_NAME" "public-read-write" || fail "error putting acl"
create_user "$username" "$password" "user" || fail "error creating user"
if get_object_with_user "s3api" "$BUCKET_ONE_NAME" "$test_file" "$test_file_folder/$test_file-copy" "$username" "$password"; then
fail "get object with user succeeded despite lack of permissions"
fi
# shellcheck disable=SC2154
[[ "$get_object_error" == *"Access Denied"* ]] || fail "invalid get object error: $get_object_error"
put_bucket_policy "s3api" "$BUCKET_ONE_NAME" "$test_file_folder/$policy_file" || fail "error putting policy"
#get_bucket_policy "s3api" "$BUCKET_ONE_NAME" || fail "error getting bucket policy"
#log 5 "$bucket_policy"
get_object_with_user "s3api" "$BUCKET_ONE_NAME" "$test_file" "$test_file_folder/$test_file-copy" "$username" "$password" || fail "error getting object after permissions"
compare_files "$test_file_folder/$test_file" "$test_file_folder/$test_file-copy" || fail "files not equal"
delete_bucket_or_contents "aws" "$BUCKET_ONE_NAME"
}
@test "test_policy_get_object_specific_file" {
# TODO (https://github.com/versity/versitygw/issues/637)
if [[ $RECREATE_BUCKETS == "false" ]]; then
return 0
fi
policy_file="policy_file"
test_file="test_file"
test_file_two="test_file_two"
username="ABCDEFG"
password="HIJKLMN"
create_test_files "$policy_file" "$test_file" "$test_file_two" || fail "error creating policy file"
echo "$BATS_TEST_NAME" >> "$test_file_folder/$test_file"
echo "$BATS_TEST_NAME-2" >> "$test_file_folder/$test_file_two"
effect="Allow"
principal="$username"
action="s3:GetObject"
resource="arn:aws:s3:::$BUCKET_ONE_NAME/test_file"
if user_exists "$username"; then
delete_user "$username" || fail "failed to delete user '$username'"
fi
create_user "$username" "$password" "user" || fail "error creating user"
setup_bucket "s3api" "$BUCKET_ONE_NAME" || fail "error setting up bucket"
setup_policy_with_single_statement "$test_file_folder/$policy_file" "dummy" "$effect" "$principal" "$action" "$resource" || fail "failed to set up policy"
put_bucket_policy "s3api" "$BUCKET_ONE_NAME" "$test_file_folder/$policy_file" || fail "error putting policy"
put_object "s3api" "$test_file_folder/$test_file" "$BUCKET_ONE_NAME" "$test_file" || fail "error copying object"
put_object "s3api" "$test_file_folder/$test_file_two" "$BUCKET_ONE_NAME" "$test_file_two" || fail "error copying object"
get_object_with_user "s3api" "$BUCKET_ONE_NAME" "$test_file" "$test_file_folder/$test_file-copy" "$username" "$password" || fail "error getting object after permissions"
if get_object_with_user "s3api" "$BUCKET_ONE_NAME" "$test_file_two" "$test_file_folder/$test_file_two-copy" "$username" "$password"; then
fail "get object with user succeeded despite lack of permissions"
fi
# shellcheck disable=SC2154
[[ "$get_object_error" == *"Access Denied"* ]] || fail "invalid get object error: $get_object_error"
delete_bucket_or_contents "aws" "$BUCKET_ONE_NAME"
}
@test "test_policy_get_object_file_wildcard" {
# TODO (https://github.com/versity/versitygw/issues/637)
if [[ $RECREATE_BUCKETS == "false" ]]; then
return 0
fi
policy_file="policy_file_one"
policy_file_two="policy_file_two"
policy_file_three="policy_fil"
username="ABCDEFG"
password="HIJKLMN"
create_test_files "$policy_file" "$policy_file_two" "$policy_file_three" || fail "error creating policy file"
echo "$BATS_TEST_NAME" >> "$test_file_folder/$policy_file"
effect="Allow"
principal="$username"
action="s3:GetObject"
resource="arn:aws:s3:::$BUCKET_ONE_NAME/policy_file*"
if user_exists "$username"; then
delete_user "$username" || fail "failed to delete user '$username'"
fi
create_user "$username" "$password" "user" || fail "error creating user account"
setup_bucket "s3api" "$BUCKET_ONE_NAME" || fail "error setting up bucket"
setup_policy_with_single_statement "$test_file_folder/$policy_file" "dummy" "$effect" "$principal" "$action" "$resource" || fail "failed to set up policy"
put_bucket_policy "s3api" "$BUCKET_ONE_NAME" "$test_file_folder/$policy_file" || fail "error putting policy"
put_object "s3api" "$test_file_folder/$policy_file" "$BUCKET_ONE_NAME" "$policy_file" || fail "error copying object one"
put_object "s3api" "$test_file_folder/$policy_file_two" "$BUCKET_ONE_NAME" "$policy_file_two" || fail "error copying object two"
put_object "s3api" "$test_file_folder/$policy_file_three" "$BUCKET_ONE_NAME" "$policy_file_three" || fail "error copying object three"
get_object_with_user "s3api" "$BUCKET_ONE_NAME" "$policy_file" "$test_file_folder/$policy_file" "$username" "$password" || fail "error getting object one after permissions"
get_object_with_user "s3api" "$BUCKET_ONE_NAME" "$policy_file_two" "$test_file_folder/$policy_file_two" "$username" "$password" || fail "error getting object two after permissions"
if get_object_with_user "s3api" "$BUCKET_ONE_NAME" "$policy_file_three" "$test_file_folder/$policy_file_three" "$username" "$password"; then
fail "get object three with user succeeded despite lack of permissions"
fi
[[ "$get_object_error" == *"Access Denied"* ]] || fail "invalid get object error: $get_object_error"
delete_bucket_or_contents "aws" "$BUCKET_ONE_NAME"
}
@test "test_policy_get_object_folder_wildcard" {
# TODO (https://github.com/versity/versitygw/issues/637)
if [[ $RECREATE_BUCKETS == "false" ]]; then
return 0
fi
policy_file="policy_file"
test_folder="test_folder"
test_file="test_file"
username="ABCDEFG"
password="HIJKLMN"
create_test_folder "$test_folder" || fail "error creating test folder"
create_test_files "$test_folder/$test_file" "$policy_file" || fail "error creating policy file, test file"
echo "$BATS_TEST_NAME" >> "$test_file_folder/$test_folder/$test_file"
effect="Allow"
principal="$username"
action="s3:GetObject"
resource="arn:aws:s3:::$BUCKET_ONE_NAME/$test_folder/*"
if user_exists "$username"; then
delete_user "$username" || fail "failed to delete user '$username'"
fi
create_user "$username" "$password" "user" || fail "error creating user"
setup_bucket "s3api" "$BUCKET_ONE_NAME" || fail "error setting up bucket"
setup_policy_with_single_statement "$test_file_folder/$policy_file" "dummy" "$effect" "$principal" "$action" "$resource" || fail "failed to set up policy"
put_bucket_policy "s3api" "$BUCKET_ONE_NAME" "$test_file_folder/$policy_file" || fail "error putting policy"
put_object "s3api" "$test_file_folder/$test_folder/$test_file" "$BUCKET_ONE_NAME" "$test_folder/$test_file" || fail "error copying object to bucket"
get_object_with_user "s3api" "$BUCKET_ONE_NAME" "$test_folder/$test_file" "$test_file_folder/$test_file" "$username" "$password" || fail "error getting object one after permissions"
delete_bucket_or_contents "aws" "$BUCKET_ONE_NAME"
delete_test_files "$test_folder/$test_file" "$policy_file"
}
# ensure that lists of files greater than a size of 1000 (pagination) are returned properly
#@test "test_list_objects_file_count" {
# test_common_list_objects_file_count "aws"
#}
#@test "test_filename_length" {
# file_name=$(printf "%0.sa" $(seq 1 1025))
# echo "$file_name"
# ensure that lists of files greater than a size of 1000 (pagination) are returned properly
#@test "test_list_objects_file_count" {
# test_common_list_objects_file_count "aws"
@@ -750,7 +1032,6 @@ legal_hold_retention_setup() {
}
@test "test_add_object_metadata" {
object_one="object-one"
test_key="x-test-data"
test_value="test-value"
@@ -775,7 +1056,3 @@ legal_hold_retention_setup() {
[[ $value == "\"$test_value\"" ]] || fail "values doesn't match (expected $value, actual \"$test_value\")"
}
@test "test_get_bucket_location" {
test_common_get_bucket_location "aws"
}

37
tests/test_common.sh
View File

@@ -137,28 +137,24 @@ test_common_put_get_object() {
fi
local object_name="test-object"
create_test_files "$object_name" || local create_result=$?
[[ $create_result -eq 0 ]] || fail "Error creating test file"
create_test_files "$object_name" || fail "error creating test file"
echo "test data" > "$test_file_folder"/"$object_name"
setup_bucket "$1" "$BUCKET_ONE_NAME" || local setup_result=$?
[[ $setup_result -eq 0 ]] || fail "error setting up bucket"
setup_bucket "$1" "$BUCKET_ONE_NAME" || fail "error setting up bucket"
put_object "$1" "$test_file_folder/$object_name" "$BUCKET_ONE_NAME" "$object_name" || local copy_result=$?
[[ $copy_result -eq 0 ]] || fail "Failed to add object to bucket"
object_exists "$1" "$BUCKET_ONE_NAME" "$object_name" || local exists_result_one=$?
[[ $exists_result_one -eq 0 ]] || fail "Object not added to bucket"
if [[ $1 == 's3' ]]; then
copy_object "$1" "$test_file_folder/$object_name" "$BUCKET_ONE_NAME" "$object_name" || fail "failed to add object to bucket"
else
put_object "$1" "$test_file_folder/$object_name" "$BUCKET_ONE_NAME" "$object_name" || fail "failed to add object to bucket"
fi
object_exists "$1" "$BUCKET_ONE_NAME" "$object_name" || fail "object not added to bucket"
get_object "$1" "$BUCKET_ONE_NAME" "$object_name" "$test_file_folder/${object_name}_copy" || local delete_result=$?
[[ $delete_result -eq 0 ]] || fail "Failed to delete object"
object_exists "$1" "$BUCKET_ONE_NAME" "$object_name" || local exists_result_two=$?
[[ $exists_result_two -eq 1 ]] || fail "Object not removed from bucket"
compare_files "$test_file_folder"/"$object_name" "$test_file_folder/${object_name}_copy" || compare_result=$?
[[ $compare_result -ne 0 ]] || fail "objects are different"
get_object "$1" "$BUCKET_ONE_NAME" "$object_name" "$test_file_folder/${object_name}_copy" || fail "failed to get object"
compare_files "$test_file_folder"/"$object_name" "$test_file_folder/${object_name}_copy" || fail "objects are different"
delete_bucket_or_contents "$1" "$BUCKET_ONE_NAME"
delete_test_files "$test_file_folder/$object_name" "$test_file_folder/${object_name}_copy"
delete_test_files "$object_name" "${object_name}_copy"
}
test_common_get_set_versioning() {
@@ -440,12 +436,10 @@ test_common_get_bucket_location() {
test_common_put_bucket_acl() {
[[ $# -eq 1 ]] || fail "test common put bucket acl missing command type"
setup_bucket "$1" "$BUCKET_ONE_NAME" || local created=$?
[[ $created -eq 0 ]] || fail "Error creating bucket"
setup_bucket "$1" "$BUCKET_ONE_NAME" || fail "error creating bucket"
if ! user_exists "ABCDEFG"; then
create_user "ABCDEFG" "HIJKLMN" user || create_result=$?
[[ $create_result -eq 0 ]] || fail "Error creating user"
create_user "ABCDEFG" "HIJKLMN" user || fail "error creating user"
fi
get_bucket_acl "$1" "$BUCKET_ONE_NAME" || local result=$?
@@ -480,8 +474,7 @@ cat <<EOF > "$test_file_folder"/"$acl_file"
}
EOF
put_bucket_acl "$1" "$BUCKET_ONE_NAME" "$test_file_folder"/"$acl_file" || local put_result=$?
[[ $put_result -eq 0 ]] || fail "Error putting acl"
put_bucket_acl "$1" "$BUCKET_ONE_NAME" "$test_file_folder"/"$acl_file" || fail "error putting acl"
get_bucket_acl "$1" "$BUCKET_ONE_NAME" || local result=$?
[[ $result -eq 0 ]] || fail "Error retrieving acl"

27
tests/test_mc.sh
View File

@@ -38,13 +38,30 @@ export RUN_MC=true
# delete-object - put-object tests
# delete-objects - test setup/teardown
# delete-object-tagging
@test "test_delete_object_tagging" {
test_common_delete_object_tagging "mc"
}
# delete-objects - test setup/teardown
# get-bucket-location
@test "test_get_bucket_location" {
test_common_get_bucket_location "mc"
}
# get-bucket-policy - test_get_put_delete_bucket_policy
# get-bucket-tagging
@test "test_set_get_object_tags_mc" {
test_common_set_get_object_tags "mc"
}
# get-object
@test "test_put_get_object" {
test_common_put_get_object "mc"
}
@test "test_put_object-with-data-mc" {
test_common_put_object_with_data "mc"
}
@@ -61,9 +78,6 @@ export RUN_MC=true
test_common_list_objects "mc"
}
@test "test_set_get_object_tags_mc" {
test_common_set_get_object_tags "mc"
}
@test "test_presigned_url_utf8_chars_mc" {
test_common_presigned_url_utf8_chars "mc"
@@ -104,6 +118,3 @@ export RUN_MC=true
}
@test "test_get_bucket_location" {
test_common_get_bucket_location "mc"
}

9
tests/test_s3.sh
View File

@@ -23,6 +23,11 @@ source ./tests/test_common.sh
# delete-objects - tested with recursive bucket delete
# get-object
@test "test_copy_get_object" {
test_common_put_get_object "s3"
}
@test "test_put_object" {
test_common_put_object_no_data "s3"
}
@@ -34,7 +39,3 @@ source ./tests/test_common.sh
@test "test_list_objects_file_count" {
test_common_list_objects_file_count "s3"
}
@test "test_put_get_object" {
test_common_put_get_object "s3"
}

34
tests/test_s3cmd.sh
View File

@@ -10,6 +10,7 @@ source ./tests/commands/get_bucket_policy.sh
source ./tests/commands/put_bucket_policy.sh
export RUN_S3CMD=true
export RUN_USERS=true
# complete-multipart-upload
@test "test_complete_multipart_upload" {
@@ -52,6 +53,26 @@ export RUN_S3CMD=true
# get-bucket-acl - test_put_bucket_acl
# get-bucket-location
@test "test_get_bucket_location" {
test_common_get_bucket_location "s3cmd"
}
# get-bucket-policy - test_get_put_delete_bucket_policy
# get-object
@test "test_put_get_object" {
test_common_put_get_object "s3cmd"
}
@test "test_put_object_with_data" {
test_common_put_object_with_data "s3cmd"
}
@test "test_put_object_no_data" {
test_common_put_object_no_data "s3cmd"
}
#@test "test_put_bucket_acl" {
# test_common_put_bucket_acl "s3cmd"
#}
@@ -73,7 +94,6 @@ export RUN_S3CMD=true
test_common_list_objects_file_count "s3cmd"
}
@test "test_get_bucket_info_s3cmd" {
setup_bucket "s3cmd" "$BUCKET_ONE_NAME" || local setup_result=$?
[[ $setup_result -eq 0 ]] || fail "error setting up bucket"
@@ -82,15 +102,6 @@ export RUN_S3CMD=true
delete_bucket_or_contents "s3cmd" "$BUCKET_ONE_NAME"
}
# put-object
@test "test_put_object_with_data" {
test_common_put_object_with_data "s3cmd"
}
@test "test_put_object_no_data" {
test_common_put_object_no_data "s3cmd"
}
@test "test_get_bucket_info_doesnt_exist_s3cmd" {
setup_bucket "s3cmd" "$BUCKET_ONE_NAME" || local setup_result=$?
[[ $setup_result -eq 0 ]] || fail "error setting up bucket"
@@ -100,6 +111,3 @@ export RUN_S3CMD=true
delete_bucket_or_contents "s3cmd" "$BUCKET_ONE_NAME"
}
@test "test_get_bucket_location" {
test_common_get_bucket_location "s3cmd"
}

28
tests/util.sh
View File

@@ -8,12 +8,14 @@ source ./tests/commands/complete_multipart_upload.sh
source ./tests/commands/create_multipart_upload.sh
source ./tests/commands/create_bucket.sh
source ./tests/commands/delete_bucket.sh
source ./tests/commands/delete_bucket_policy.sh
source ./tests/commands/delete_object.sh
source ./tests/commands/get_bucket_tagging.sh
source ./tests/commands/get_object_tagging.sh
source ./tests/commands/head_bucket.sh
source ./tests/commands/head_object.sh
source ./tests/commands/list_objects.sh
source ./tests/commands/put_bucket_acl.sh
source ./tests/commands/upload_part_copy.sh
# recursively delete an AWS bucket
@@ -144,28 +146,34 @@ bucket_exists() {
# return: 0 for success, 1 for failure
delete_bucket_or_contents() {
if [ $# -ne 2 ]; then
echo "delete bucket or contents function requires command type, bucket name"
log 2 "delete bucket or contents function requires command type, bucket name"
return 1
fi
if [[ $RECREATE_BUCKETS == "false" ]]; then
delete_bucket_contents "$1" "$2" || local delete_result=$?
if [[ $delete_result -ne 0 ]]; then
echo "error deleting bucket contents"
if ! delete_bucket_contents "$1" "$2"; then
log 2 "error deleting bucket contents"
return 1
fi
log 5 "bucket contents deletion success"
if ! delete_bucket_policy "s3api" "$2"; then
log 2 "error deleting bucket policies"
return 1
fi
if ! put_bucket_canned_acl "$2" "private"; then
log 2 "error resetting bucket ACLs"
return 1
fi
log 5 "bucket contents, policy, ACL deletion success"
return 0
fi
delete_bucket_recursive "$1" "$2" || local delete_result=$?
if [[ $delete_result -ne 0 ]]; then
echo "Bucket deletion error"
if ! delete_bucket_recursive "$1" "$2"; then
log 2 "Bucket deletion error"
return 1
fi
log 5 "bucket deletion success"
return 0
}
delete_bucket_if_exists() {
delete_bucket_or_contents_if_exists() {
if [ $# -ne 2 ]; then
log 2 "bucket creation function requires command type, bucket name"
return 1
@@ -201,7 +209,7 @@ setup_bucket() {
log 2 "bucket creation function requires command type, bucket name"
return 1
fi
delete_bucket_if_exists "$1" "$2" || local delete_bucket_result=$?
delete_bucket_or_contents_if_exists "$1" "$2" || local delete_bucket_result=$?
if [[ $delete_bucket_result -ne 0 ]]; then
log 2 "error deleting bucket, or checking for bucket existence"
return 1

35
tests/util_policy.sh
View File

@@ -6,23 +6,44 @@ check_for_empty_policy() {
return 1
fi
local get_result=0
get_bucket_policy "$1" "$2" || get_result=$?
if [[ $get_result -ne 0 ]]; then
echo "error getting bucket policy"
if ! get_bucket_policy "$1" "$2"; then
log 2 "error getting bucket policy"
return 1
fi
# shellcheck disable=SC2154
log 5 "bucket policy: $bucket_policy"
# shellcheck disable=SC2154
if [[ $bucket_policy == "" ]]; then
return 0
fi
policy=$(echo "$bucket_policy" | jq -r '.Policy')
statement=$(echo "$policy" | jq -r '.Statement[0]')
#policy=$(echo "$bucket_policy" | jq -r '.Policy')
statement=$(echo "$bucket_policy" | jq -r '.Statement[0]')
log 5 "statement: $statement"
if [[ "" != "$statement" ]] && [[ "null" != "$statement" ]]; then
echo "policy should be empty (actual value: '$statement')"
return 1
fi
return 0
}
}
setup_policy_with_single_statement() {
if [[ $# -ne 6 ]]; then
"'setup single policy' command requires file, version, effect, principal, action, resource"
fi
cat <<EOF > "$1"
{
"Version": "$2",
"Statement": [
{
"Effect": "$3",
"Principal": "$4",
"Action": "$5",
"Resource": "$6"
}
]
}
EOF
log 5 "$(cat "$1")"
}

14
tests/util_users.sh
View File

@@ -2,12 +2,11 @@
create_user() {
if [[ $# -ne 3 ]]; then
echo "create user command requires user ID, key, and role"
log 2 "create user command requires user ID, key, and role"
return 1
fi
create_user_with_user "$AWS_ACCESS_KEY_ID" "$AWS_SECRET_ACCESS_KEY" "$1" "$2" "$3" || create_result=$?
if [[ $create_result -ne 0 ]]; then
echo "error creating user: $error"
if ! create_user_with_user "$AWS_ACCESS_KEY_ID" "$AWS_SECRET_ACCESS_KEY" "$1" "$2" "$3"; then
log 2 "error creating user"
return 1
fi
return 0
@@ -28,12 +27,11 @@ create_user_if_nonexistent() {
create_user_with_user() {
if [[ $# -ne 5 ]]; then
echo "create user with user command requires creator ID, key, and new user ID, key, and role"
log 2 "create user with user command requires creator ID, key, and new user ID, key, and role"
return 1
fi
error=$($VERSITY_EXE admin --allow-insecure --access "$1" --secret "$2" --endpoint-url "$AWS_ENDPOINT_URL" create-user --access "$3" --secret "$4" --role "$5") || local create_result=$?
if [[ $create_result -ne 0 ]]; then
echo "error creating user: $error"
if ! error=$($VERSITY_EXE admin --allow-insecure --access "$1" --secret "$2" --endpoint-url "$AWS_ENDPOINT_URL" create-user --access "$3" --secret "$4" --role "$5" 2>&1); then
log 2 "error creating user: $error"
return 1
fi
return 0