mirrors/versitygw
1
0
Fork 0
mirror of https://github.com/versity/versitygw.git synced 2026-04-17 03:11:02 +00:00
Code Issues Packages Projects Releases Wiki Activity

test: chunked upload - invalid checksums, retention, legal hold tests

Browse Source
This commit is contained in:
Luke McCrone
2025-03-25 20:29:48 -03:00
parent 7a3de637e4
commit 8431ba2a21
25 changed files with 812 additions and 265 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
tests/commands/create_bucket.sh
View File

@@ -85,5 +85,8 @@ create_bucket_object_lock_enabled() {
log 2 "error creating bucket: $error"
return 1
fi
if [ "$DIRECT" == "true" ]; then
sleep 15
fi
return 0
}

16
tests/commands/get_object_legal_hold.sh
View File

@@ -42,4 +42,18 @@ get_object_legal_hold_rest() {
return 1
fi
return 0
}
}
get_object_legal_hold_version_id() {
if [[ $# -ne 3 ]]; then
log 2 "'get_object_legal_hold_version_id' command requires bucket, key, version id"
return 1
fi
record_command "get-object-legal-hold" "client:s3api"
if ! legal_hold=$(send_command aws --no-verify-ssl s3api get-object-legal-hold --bucket "$1" --key "$2" --version-id "$3" 2>&1); then
log 2 "error getting object legal hold w/version id: $legal_hold"
return 1
fi
echo "$legal_hold"
return 0
}

20
tests/commands/put_object_legal_hold.sh
View File

@@ -20,11 +20,23 @@ put_object_legal_hold() {
log 2 "'put object legal hold' command requires bucket, key, hold status ('ON' or 'OFF')"
return 1
fi
local error=""
error=$(send_command aws --no-verify-ssl s3api put-object-legal-hold --bucket "$1" --key "$2" --legal-hold "{\"Status\": \"$3\"}" 2>&1) || local put_hold_result=$?
if [[ $put_hold_result -ne 0 ]]; then
if ! error=$(send_command aws --no-verify-ssl s3api put-object-legal-hold --bucket "$1" --key "$2" --legal-hold "{\"Status\": \"$3\"}" 2>&1); then
log 2 "error putting object legal hold: $error"
return 1
fi
return 0
}
}
put_object_legal_hold_version_id() {
record_command "put-object-legal-hold" "client:s3api"
if [[ $# -ne 4 ]]; then
log 2 "'put_object_legal_hold_version_id' command requires bucket, key, version ID, hold status ('ON' or 'OFF')"
return 1
fi
local error=""
if ! error=$(send_command aws --no-verify-ssl s3api put-object-legal-hold --bucket "$1" --key "$2" --version-id "$3" --legal-hold "{\"Status\": \"$4\"}" 2>&1); then
log 2 "error putting object legal hold w/version ID: $error"
return 1
fi
return 0
}

21
tests/rest_scripts/calculate_checksum.py Normal file
View File

@@ -0,0 +1,21 @@
import sys
from awscrt import checksums
def get_call(checksum_type):
if checksum_type == "crc32c":
return checksums.crc32c
elif checksum_type == "crc64nvme":
return checksums.crc64nvme
sys.stderr.write("unrecognized checksum type " + checksum_type)
sys.exit(1)
def main():
if len(sys.argv) != 3:
sys.stderr.write('Checksum type, data file path required')
sys.exit(1)
with open(sys.argv[2], 'rb') as f:
function = get_call(sys.argv[1])
print(function(f.read()))
if __name__ == "__main__":
main()

78
tests/rest_scripts/calculate_checksum.sh
View File

@@ -16,29 +16,59 @@
source ./tests/rest_scripts/rest.sh
if ! DEACTIVATE=false source ./tests/rest_scripts/init_python_env.sh; then
log_rest 2 "error initializing python environment"
exit 1
fi
if ! checksum_decimal=$(python3 -c "
import sys
from awscrt import checksums
calculate_checksum_python() {
if [ "$#" -ne 2 ]; then
log 2 "'calculate_checksum_python' requires checksum type, data file"
return 1
fi
if ! DEACTIVATE=false source ./tests/rest_scripts/init_python_env.sh; then
log_rest 2 "error initializing python environment"
return 1
fi
if ! checksum_decimal=$(python3 ./tests/rest_scripts/calculate_checksum.py "$1" "$2" 2>&1); then
log_rest 2 "error calculating checksum: $checksum_decimal"
return 1
fi
log 5 "decimal checksum: $checksum_decimal"
if ! deactivate 1>/dev/null; then
log_rest 2 "error deactivating virtual environment"
return 1
fi
if [ "$CHECKSUM_TYPE" == "crc64nvme" ]; then
hex_format="%016x"
else
hex_format="%08x"
fi
# shellcheck disable=SC2059
checksum=$(printf "$hex_format" "$checksum_decimal" | xxd -r -p | base64)
echo "$checksum"
}
with open(sys.argv[1], 'rb') as f:
print(checksums.${CHECKSUM_TYPE}(f.read()))" "$DATA_FILE" 2>&1); then
log_rest 2 "error calculating checksum: $checksum_decimal"
case "$CHECKSUM_TYPE" in
"crc32c")
if ! checksum=$(calculate_checksum_python "crc32c" "$DATA_FILE" 2>&1); then
log_rest 2 "error getting checksum: $checksum"
exit 1
fi
;;
"crc64nvme")
if ! checksum=$(calculate_checksum_python "crc64nvme" "$DATA_FILE" 2>&1); then
log 2 "error calculating checksum: $checksum"
exit 1
fi
;;
"sha256")
checksum="$(sha256sum "$DATA_FILE" | awk '{print $1}' | xxd -r -p | base64)"
;;
"sha1")
checksum="$(sha1sum "$DATA_FILE" | awk '{print $1}' | xxd -r -p | base64)"
;;
"crc32")
checksum="$(gzip -c -1 "$DATA_FILE" | tail -c8 | od -t x4 -N 4 -A n | awk '{print $1}' | xxd -r -p | base64)"
;;
*)
log_rest 2 "invalid checksum type: '$CHECKSUM_TYPE'"
exit 1
fi
log 5 "decimal checksum: $checksum_decimal"
if ! deactivate 1>/dev/null; then
log_rest 2 "error deactivating virtual environment"
exit 1
fi
if [ "$CHECKSUM_TYPE" == "crc64nvme" ]; then
hex_format="%016x"
else
hex_format="%08x"
fi
# shellcheck disable=SC2059
checksum_hash=$(printf "$hex_format" "$checksum_decimal" | xxd -r -p | base64)
echo "$checksum_hash"
;;
esac
echo "$checksum"

31
tests/rest_scripts/put_object.sh
View File

@@ -49,35 +49,12 @@ if [ -n "$expires" ]; then
cr_data+=("expires:$expires")
fi
cr_data+=("host:$host")
if [ "$checksum_type" == "sha256" ]; then
if [ -z "$checksum_hash" ]; then
checksum_hash="$(sha256sum "$data_file" | awk '{print $1}' | xxd -r -p | base64)"
fi
cr_data+=("x-amz-checksum-sha256:$checksum_hash")
elif [ "$checksum_type" == "sha1" ]; then
if [ -z "$checksum_hash" ]; then
checksum_hash="$(sha1sum "$data_file" | awk '{print $1}' | xxd -r -p | base64)"
fi
cr_data+=("x-amz-checksum-sha1:$checksum_hash")
elif [ "$checksum_type" == "crc32" ]; then
if [ -z "$checksum_hash" ]; then
checksum_hash="$(gzip -c -1 "$data_file" | tail -c8 | od -t x4 -N 4 -A n | awk '{print $1}' | xxd -r -p | base64)"
fi
cr_data+=("x-amz-checksum-crc32:$checksum_hash")
elif [ "$checksum_type" == "crc64nvme" ]; then
if [ -z "$checksum_hash" ] && ! checksum_hash=$(DATA_FILE="$data_file" TEST_FILE_FOLDER="$TEST_FILE_FOLDER" CHECKSUM_TYPE="crc64nvme" ./tests/rest_scripts/calculate_checksum.sh 2>&1); then
log_rest 2 "error calculating crc64nvme checksum: $checksum_hash"
if [ "$checksum_type" != "" ]; then
if [ "$checksum_hash" == "" ] && ! checksum_hash=$(DATA_FILE="$data_file" CHECKSUM_TYPE="$checksum_type" ./tests/rest_scripts/calculate_checksum.sh 2>&1); then
log_rest 2 "error calculating checksum hash"
exit 1
fi
cr_data+=("x-amz-checksum-crc64nvme:$checksum_hash")
elif [ "$checksum_type" == "crc32c" ]; then
if [ -z "$checksum_hash" ] && ! checksum_hash=$(DATA_FILE="$data_file" TEST_FILE_FOLDER="$TEST_FILE_FOLDER" CHECKSUM_TYPE="crc32c" ./tests/rest_scripts/calculate_checksum.sh 2>&1); then
log_rest 2 "error calculating crc32c checksum: $checksum_hash"
exit 1
fi
cr_data+=("x-amz-checksum-crc32c:$checksum_hash")
elif [ "$checksum_type" != "" ]; then
cr_data+=("x-amz-checksum-$checksum_type:$checksum_hash")
cr_data+=("x-amz-checksum-${checksum_type}:$checksum_hash")
fi
cr_data+=("x-amz-content-sha256:$payload_hash" "x-amz-date:$current_date_time")
build_canonical_request "${cr_data[@]}"

65
tests/rest_scripts/put_object_legal_hold.sh Executable file
View File

@@ -0,0 +1,65 @@
#!/usr/bin/env bash
# Copyright 2024 Versity Software
# This file is licensed under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http:#www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
source ./tests/rest_scripts/rest.sh
# Fields
# shellcheck disable=SC2153
bucket_name="$BUCKET_NAME"
# shellcheck disable=SC2153
key="$OBJECT_KEY"
# shellcheck disable=SC2153
status="$STATUS"
# shellcheck disable=SC2153
omit_payload="${OMIT_PAYLOAD:=false}"
if [ "$omit_payload" == "false" ]; then
payload="<?xml version=\"1.0\" encoding=\"UTF-8\"?>
<LegalHold xmlns=\"http://s3.amazonaws.com/doc/2006-03-01/\">
<Status>$status</Status>
</LegalHold>"
fi
payload_hash="$(echo -n "$payload" | sha256sum | awk '{print $1}')"
content_md5=$(echo -n "$payload" | openssl dgst -binary -md5 | openssl base64)
current_date_time=$(date -u +"%Y%m%dT%H%M%SZ")
canonical_request="PUT
/$bucket_name/$key
legal-hold=
content-md5:$content_md5
host:$host
x-amz-content-sha256:$payload_hash
x-amz-date:$current_date_time
content-md5;host;x-amz-content-sha256;x-amz-date
$payload_hash"
# shellcheck disable=SC2119
create_canonical_hash_sts_and_signature
curl_command+=(curl -ks -w "\"%{http_code}\"" -X PUT "$AWS_ENDPOINT_URL/$bucket_name/$key?legal-hold="
-H "\"Authorization: AWS4-HMAC-SHA256 Credential=$aws_access_key_id/$year_month_day/$aws_region/s3/aws4_request,SignedHeaders=content-md5;host;x-amz-content-sha256;x-amz-date,Signature=$signature\""
-H "\"Content-MD5: $content_md5\""
-H "\"x-amz-content-sha256: $payload_hash\""
-H "\"x-amz-date: $current_date_time\"")
if [ "$omit_payload" == "false" ]; then
curl_command+=(-d "\"${payload//\"/\\\"}\"")
fi
curl_command+=(-o "$OUTPUT_FILE")
# shellcheck disable=SC2154
eval "${curl_command[*]}" 2>&1

20
tests/rest_scripts/put_object_openssl_chunked_example.sh
View File

@@ -23,6 +23,7 @@ load_parameters() {
test_mode=${TEST_MODE:=true}
# shellcheck disable=SC2034
command_file="${COMMAND_FILE:=command.txt}"
no_content_length="${NO_CONTENT_LENGTH:=false}"
readonly signature_no_data="e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855"
@@ -163,8 +164,15 @@ content-length:$content_length
host:$host
x-amz-content-sha256:STREAMING-AWS4-HMAC-SHA256-PAYLOAD
x-amz-date:$current_date_time
x-amz-decoded-content-length:$file_size
x-amz-storage-class:REDUCED_REDUNDANCY
"
if [ "$no_content_length" == "false" ]; then
canonical_request+="x-amz-decoded-content-length:$file_size
"
else
canonical_request+="x-amz-decoded-content-length:
"
fi
canonical_request+="x-amz-storage-class:REDUCED_REDUNDANCY
content-encoding;content-length;host;x-amz-content-sha256;x-amz-date;x-amz-decoded-content-length;x-amz-storage-class
STREAMING-AWS4-HMAC-SHA256-PAYLOAD"
@@ -322,8 +330,12 @@ x-amz-storage-class: REDUCED_REDUNDANCY\r
Authorization: AWS4-HMAC-SHA256 Credential=$aws_access_key_id/$year_month_day/$aws_region/s3/aws4_request,SignedHeaders=content-encoding;content-length;host;x-amz-content-sha256;x-amz-date;x-amz-decoded-content-length;x-amz-storage-class,Signature=$first_signature\r
x-amz-content-sha256: STREAMING-AWS4-HMAC-SHA256-PAYLOAD\r
Content-Encoding: aws-chunked\r
x-amz-decoded-content-length: $file_size\r
Content-Length: $content_length\r
"
if [ "$no_content_length" == "false" ]; then
command+="x-amz-decoded-content-length: $file_size\r
"
fi
command+="Content-Length: $content_length\r
\r\n"
if [ "$test_mode" == "true" ] && [ "$command" != "$expected_command" ]; then

48
tests/rest_scripts/put_object_openssl_chunked_trailer_example.sh
View File

@@ -53,13 +53,15 @@ load_parameters() {
final_signature="$FINAL_SIGNATURE"
# shellcheck disable=SC2153
trailer="$TRAILER"
# shellcheck disable=SC2153
checksum="$CHECKSUM"
fi
readonly initial_sts_data="AWS4-HMAC-SHA256-PAYLOAD
$current_date_time
$year_month_day/$aws_region/s3/aws4_request"
readonly initial_trailer_sts_data="AWS4-HMAC-SHA256-TRAILER
readonly trailer_sts_data="AWS4-HMAC-SHA256-TRAILER
$current_date_time
$year_month_day/$aws_region/s3/aws4_request"
@@ -95,7 +97,7 @@ e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855"
readonly expected_sts_chunk_final="AWS4-HMAC-SHA256-PAYLOAD
readonly expected_sts_chunk_final="AWS4-HMAC-SHA256-TRAILER
20130524T000000Z
20130524/us-east-1/s3/aws4_request
2ca2aba2005185cf7159c6277faf83795951dd77a3a99e6e65d5c9f85863f992
@@ -124,7 +126,7 @@ x-amz-content-sha256: STREAMING-AWS4-HMAC-SHA256-PAYLOAD-TRAILER\r
Content-Encoding: aws-chunked\r
x-amz-decoded-content-length: 66560\r
x-amz-trailer: x-amz-checksum-crc32c\r
Content-Length: 66824\r
Content-Length: 66946\r
\r\n"
}
@@ -141,42 +143,26 @@ get_file_size_and_content_length() {
get_chunk_sizes
log_rest 5 "signature string length: ${#signature_string}"
content_length=$((length+file_size+${#signature_string}+92))
if [ "$test_mode" == "true" ] && [ "$content_length" != 66824 ]; then
if [ "$test_mode" == "true" ] && [ "$content_length" != 66946 ]; then
log_rest 2 "content length mismatch ($content_length)"
return 1
fi
}
calculate_checksum() {
case "$TRAILER" in
"x-amz-checksum-crc32c")
if ! checksum=$(DATA_FILE=$data_file TEST_FILE_FOLDER="$TEST_FILE_FOLDER" CHECKSUM_TYPE="crc32c" ./tests/rest_scripts/calculate_checksum.sh 2>&1); then
checksum_type="${trailer/x-amz-checksum-/}"
log_rest 5 "checksum type: $checksum_type"
if [ "$CHECKSUM" == "" ]; then
if ! checksum=$(DATA_FILE="$data_file" CHECKSUM_TYPE="$checksum_type" ./tests/rest_scripts/calculate_checksum.sh 2>&1); then
log_rest 2 "error getting checksum: $checksum"
return 1
fi
;;
"x-amz-checksum-crc64nvme")
if ! checksum=$(DATA_FILE="$data_file" TEST_FILE_FOLDER="$TEST_FILE_FOLDER" CHECKSUM_TYPE="crc64nvme" ./tests/rest_scripts/calculate_checksum.sh 2>&1); then
log 2 "error calculating checksum: $checksum"
return 1
fi
;;
"x-amz-checksum-sha256")
checksum="$(sha256sum "$data_file" | awk '{print $1}' | xxd -r -p | base64)"
;;
"x-amz-checksum-sha1")
checksum="$(sha1sum "$data_file" | awk '{print $1}' | xxd -r -p | base64)"
;;
"x-amz-checksum-crc32")
checksum="$(gzip -c -1 "$data_file" | tail -c8 | od -t x4 -N 4 -A n | awk '{print $1}' | xxd -r -p | base64)"
;;
*)
log_rest 2 "invalid trailer type: '$TRAILER'"
return 1
;;
esac
signature_string="$TRAILER:$checksum"
else
checksum="$CHECKSUM"
fi
signature_string="$trailer:$checksum"
trailer_payload_hash="$(echo "$signature_string" | sha256sum | awk '{print $1}')"
return 0
}
get_chunk_sizes() {
@@ -317,7 +303,7 @@ build_chunk() {
build_trailer() {
log_rest 5 "payload hash: $payload_hash"
final_sts_data="$initial_trailer_sts_data
final_sts_data="$trailer_sts_data
$signature
$trailer_payload_hash"
log_rest 5 "$final_sts_data"
@@ -422,7 +408,7 @@ load_parameters
if ! calculate_checksum; then
log_rest 2 "error calculating trailer checksum"
return 1
exit 1
fi
if ! get_file_size_and_content_length; then
log_rest 2 "error getting file size and content length"

22
tests/rest_scripts/put_object_retention.sh
View File

@@ -26,12 +26,16 @@ key="$OBJECT_KEY"
mode="$RETENTION_MODE"
# shellcheck disable=SC2153
retain_until_date="$RETAIN_UNTIL_DATE"
# shellcheck disable=SC2153
omit_payload="${OMIT_PAYLOAD:=false}"
payload="<?xml version=\"1.0\" encoding=\"UTF-8\"?>
<Retention xmlns=\"http://s3.amazonaws.com/doc/2006-03-01/\">
<Mode>$mode</Mode>
<RetainUntilDate>$retain_until_date</RetainUntilDate>
</Retention>"
if [ "$omit_payload" == "false" ]; then
payload="<?xml version=\"1.0\" encoding=\"UTF-8\"?>
<Retention xmlns=\"http://s3.amazonaws.com/doc/2006-03-01/\">
<Mode>$mode</Mode>
<RetainUntilDate>$retain_until_date</RetainUntilDate>
</Retention>"
fi
payload_hash="$(echo -n "$payload" | sha256sum | awk '{print $1}')"
content_md5=$(echo -n "$payload" | openssl dgst -binary -md5 | openssl base64)
@@ -55,8 +59,10 @@ curl_command+=(curl -ks -w "\"%{http_code}\"" -X PUT "$AWS_ENDPOINT_URL/$bucket_
-H "\"Authorization: AWS4-HMAC-SHA256 Credential=$aws_access_key_id/$year_month_day/$aws_region/s3/aws4_request,SignedHeaders=content-md5;host;x-amz-content-sha256;x-amz-date,Signature=$signature\""
-H "\"Content-MD5: $content_md5\""
-H "\"x-amz-content-sha256: $payload_hash\""
-H "\"x-amz-date: $current_date_time\""
-d "\"${payload//\"/\\\"}\""
-o "$OUTPUT_FILE")
-H "\"x-amz-date: $current_date_time\"")
if [ "$omit_payload" == "false" ]; then
curl_command+=(-d "\"${payload//\"/\\\"}\"")
fi
curl_command+=(-o "$OUTPUT_FILE")
# shellcheck disable=SC2154
eval "${curl_command[*]}" 2>&1

2
tests/run.sh
View File

@@ -151,6 +151,8 @@ run_suite() {
exit_code=1
elif ! "$HOME"/bin/bats ./tests/test_rest_versioning.sh; then
exit_code=1
elif ! "$HOME"/bin/bats ./tests/test_rest_bucket.sh; then
exit_code=1
fi
;;
s3api-user)

142
tests/test_rest.sh
View File

@@ -66,14 +66,6 @@ test_file="test_file"
assert_success
}
@test "test_rest_list_buckets" {
run setup_bucket "s3api" "$BUCKET_ONE_NAME"
assert_success
run list_check_buckets_rest
assert_success
}
@test "test_rest_delete_object" {
run setup_bucket_and_file "$BUCKET_ONE_NAME" "$test_file"
assert_success
@@ -144,26 +136,6 @@ test_file="test_file"
assert_success
}
@test "test_rest_set_get_lock_config" {
run setup_bucket "s3api" "$BUCKET_ONE_NAME"
assert_success
run check_no_object_lock_config_rest "$BUCKET_ONE_NAME"
assert_success
run bucket_cleanup_if_bucket_exists "s3api" "$BUCKET_ONE_NAME"
assert_success
# in static bucket config, bucket will still exist
if ! bucket_exists "rest" "$BUCKET_ONE_NAME"; then
run create_bucket_object_lock_enabled "$BUCKET_ONE_NAME"
assert_success
fi
run check_object_lock_config_enabled_rest "$BUCKET_ONE_NAME"
assert_success
}
@test "REST - legal hold, get without config" {
run setup_bucket_and_file "$BUCKET_ONE_NAME" "$test_file"
assert_success
@@ -233,9 +205,6 @@ test_file="test_file"
}
@test "REST - attributes - checksum" {
if [ "$DIRECT" != "true" ]; then
skip "https://github.com/versity/versitygw/issues/1006"
fi
run setup_bucket_and_file "$BUCKET_ONE_NAME" "$test_file"
assert_success
@@ -243,39 +212,6 @@ test_file="test_file"
assert_success
}
@test "REST - bucket tagging - no tags" {
run setup_bucket "s3api" "$BUCKET_ONE_NAME"
assert_success
run verify_no_bucket_tags_rest "$BUCKET_ONE_NAME"
assert_success
}
@test "REST - bucket tagging - tags" {
test_key="testKey"
test_value="testValue"
run setup_bucket "s3api" "$BUCKET_ONE_NAME"
assert_success
run add_verify_bucket_tags_rest "$BUCKET_ONE_NAME" "$test_key" "$test_value"
assert_success
}
@test "REST - get, put bucket ownership controls" {
run setup_bucket "s3api" "$BUCKET_ONE_NAME"
assert_success
run get_and_check_ownership_controls "$BUCKET_ONE_NAME" "BucketOwnerEnforced"
assert_success
run put_bucket_ownership_controls_rest "$BUCKET_ONE_NAME" "BucketOwnerPreferred"
assert_success
run get_and_check_ownership_controls "$BUCKET_ONE_NAME" "BucketOwnerPreferred"
assert_success
}
@test "REST - get policy w/o policy" {
if [ "$DIRECT" != "true" ]; then
skip "https://github.com/versity/versitygw/issues/959"
@@ -374,9 +310,6 @@ test_file="test_file"
}
@test "REST - head object" {
if [ "$DIRECT" != "true" ]; then
skip "https://github.com/versity/versitygw/issues/1114"
fi
run setup_bucket_and_file "$BUCKET_ONE_NAME" "$test_file"
assert_success
@@ -391,6 +324,17 @@ test_file="test_file"
assert_success
}
@test "REST - HeadObject - default crc64nvme checksum" {
run setup_bucket_and_file "$BUCKET_ONE_NAME" "$test_file"
assert_success
run put_object "rest" "$TEST_FILE_FOLDER/$test_file" "$BUCKET_ONE_NAME" "$test_file"
assert_success
run check_default_checksum "$BUCKET_ONE_NAME" "$test_file" "$TEST_FILE_FOLDER/$test_file"
assert_success
}
@test "REST - POST call on root endpoint" {
if [ "$DIRECT" != "true" ]; then
skip "https://github.com/versity/versitygw/issues/1036"
@@ -508,19 +452,6 @@ test_file="test_file"
assert_success
}
@test "REST - HeadBucket" {
run setup_bucket "s3api" "$BUCKET_ONE_NAME"
assert_success
run head_bucket_rest "$BUCKET_ONE_NAME"
assert_success
}
@test "REST - HeadBucket - doesn't exist" {
run head_bucket_rest "$BUCKET_ONE_NAME"
assert_failure 1
}
@test "REST - PutObject with user permission - admin user" {
run setup_bucket_file_and_user "$BUCKET_ONE_NAME" "$test_file" "$USERNAME_ONE" "$PASSWORD_ONE" "admin"
assert_success
@@ -551,3 +482,54 @@ test_file="test_file"
run put_object_rest_user_bad_signature "$username" "$password" "$TEST_FILE_FOLDER/$test_file" "$BUCKET_ONE_NAME" "$test_file"
assert_success
}
@test "REST - PutObjectRetention - w/o request body" {
if [ "$DIRECT" != "true" ]; then
skip "https://github.com/versity/versitygw/issues/1185"
fi
run setup_bucket_object_lock_enabled "$BUCKET_ONE_NAME"
assert_success
run create_test_file "$test_file"
assert_success
run put_object "rest" "$TEST_FILE_FOLDER/$test_file" "$BUCKET_ONE_NAME" "$test_file"
assert_success
run retention_rest_without_request_body "$BUCKET_ONE_NAME" "$test_file"
assert_success
}
@test "REST - PutObjectLegalHold w/o payload" {
if [ "$DIRECT" != "true" ]; then
skip "https://github.com/versity/versitygw/issues/1191"
fi
run setup_bucket_object_lock_enabled "$BUCKET_ONE_NAME"
assert_success
run create_test_file "$test_file"
assert_success
run put_object "rest" "$TEST_FILE_FOLDER/$test_file" "$BUCKET_ONE_NAME" "$test_file"
assert_success
run check_legal_hold_without_payload "$BUCKET_ONE_NAME" "$test_file"
assert_success
}
@test "REST - PutObjectLegalHold - success" {
if [ "$DIRECT" != "true" ]; then
skip "https://github.com/versity/versitygw/issues/1193"
fi
run setup_bucket_object_lock_enabled "$BUCKET_ONE_NAME"
assert_success
run create_test_file "$test_file"
assert_success
run put_object "rest" "$TEST_FILE_FOLDER/$test_file" "$BUCKET_ONE_NAME" "$test_file"
assert_success
run rest_check_legal_hold "$BUCKET_ONE_NAME" "$test_file"
assert_success
}

104
tests/test_rest_bucket.sh Executable file
View File

@@ -0,0 +1,104 @@
#!/usr/bin/env bats
# Copyright 2024 Versity Software
# This file is licensed under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http:#www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
load ./bats-support/load
load ./bats-assert/load
source ./tests/commands/get_object_lock_configuration.sh
source ./tests/commands/head_bucket.sh
source ./tests/commands/list_buckets.sh
source ./tests/logger.sh
source ./tests/setup.sh
source ./tests/util/util_bucket.sh
source ./tests/util/util_list_buckets.sh
source ./tests/util/util_lock_config.sh
source ./tests/util/util_ownership.sh
source ./tests/util/util_rest.sh
source ./tests/util/util_tags.sh
@test "REST - HeadBucket" {
run setup_bucket "s3api" "$BUCKET_ONE_NAME"
assert_success
run head_bucket_rest "$BUCKET_ONE_NAME"
assert_success
}
@test "REST - HeadBucket - doesn't exist" {
run head_bucket_rest "$BUCKET_ONE_NAME"
assert_failure 1
}
@test "REST - bucket tagging - no tags" {
run setup_bucket "s3api" "$BUCKET_ONE_NAME"
assert_success
run verify_no_bucket_tags_rest "$BUCKET_ONE_NAME"
assert_success
}
@test "REST - bucket tagging - tags" {
test_key="testKey"
test_value="testValue"
run setup_bucket "s3api" "$BUCKET_ONE_NAME"
assert_success
run add_verify_bucket_tags_rest "$BUCKET_ONE_NAME" "$test_key" "$test_value"
assert_success
}
@test "test_rest_list_buckets" {
run setup_bucket "s3api" "$BUCKET_ONE_NAME"
assert_success
run list_check_buckets_rest
assert_success
}
@test "REST - get, put bucket ownership controls" {
run setup_bucket "s3api" "$BUCKET_ONE_NAME"
assert_success
run get_and_check_ownership_controls "$BUCKET_ONE_NAME" "BucketOwnerEnforced"
assert_success
run put_bucket_ownership_controls_rest "$BUCKET_ONE_NAME" "BucketOwnerPreferred"
assert_success
run get_and_check_ownership_controls "$BUCKET_ONE_NAME" "BucketOwnerPreferred"
assert_success
}
@test "test_rest_set_get_lock_config" {
run setup_bucket "s3api" "$BUCKET_ONE_NAME"
assert_success
run check_no_object_lock_config_rest "$BUCKET_ONE_NAME"
assert_success
run bucket_cleanup_if_bucket_exists "s3api" "$BUCKET_ONE_NAME"
assert_success
# in static bucket config, bucket will still exist
if ! bucket_exists "rest" "$BUCKET_ONE_NAME"; then
run create_bucket_object_lock_enabled "$BUCKET_ONE_NAME"
assert_success
fi
run check_object_lock_config_enabled_rest "$BUCKET_ONE_NAME"
assert_success
}

74
tests/test_rest_chunked.sh
View File

@@ -26,20 +26,15 @@ source ./tests/util/util_head_object.sh
source ./tests/util/util_setup.sh
@test "REST - chunked upload, no content length" {
if [ "$DIRECT" != "true" ]; then
skip "https://github.com/versity/versitygw/issues/1043"
fi
test_file="test-file"
run setup_bucket_and_file "$BUCKET_ONE_NAME" "$test_file"
assert_success
run attempt_seed_signature_without_content_length "$BUCKET_ONE_NAME" "$test_file" "$TEST_FILE_FOLDER/$test_file"
run attempt_seed_signature_without_content_length "$TEST_FILE_FOLDER/$test_file" "$BUCKET_ONE_NAME" "$test_file"
assert_success
}
@test "REST - chunked upload, signature error" {
if [ "$DIRECT" != "true" ]; then
skip "https://github.com/versity/versitygw/issues/1123"
fi
run setup_bucket "s3api" "$BUCKET_ONE_NAME"
assert_success
@@ -162,3 +157,68 @@ source ./tests/util/util_setup.sh
run put_chunked_upload_trailer_invalid "$TEST_FILE_FOLDER/$test_file" "$BUCKET_ONE_NAME" "$test_file"
assert_success
}
@test "test - REST chunked upload - sha1 trailer - invalid" {
if [ "$DIRECT" != "true" ]; then
skip "https://github.com/versity/versitygw/issues/1165"
fi
run chunked_upload_trailer_invalid_checksum "sha1"
assert_success
}
@test "test - REST chunked upload - sha256 trailer - invalid" {
if [ "$DIRECT" != "true" ]; then
skip "https://github.com/versity/versitygw/issues/1165"
fi
run chunked_upload_trailer_invalid_checksum "sha256"
assert_success
}
@test "test - REST chunked upload - crc32 trailer - invalid" {
if [ "$DIRECT" != "true" ]; then
skip "https://github.com/versity/versitygw/issues/1165"
fi
run chunked_upload_trailer_invalid_checksum "crc32"
assert_success
}
@test "test - REST chunked upload - crc32c trailer - invalid" {
if [ "$DIRECT" != "true" ]; then
skip "https://github.com/versity/versitygw/issues/1165"
fi
run chunked_upload_trailer_invalid_checksum "crc32c"
assert_success
}
@test "test - REST chunked upload - crc64nvme trailer - invalid" {
if [ "$DIRECT" != "true" ]; then
skip "https://github.com/versity/versitygw/issues/1165"
fi
run chunked_upload_trailer_invalid_checksum "crc64nvme"
assert_success
}
@test "test - REST chunked upload - sha1 trailer - incorrect" {
run chunked_upload_trailer_incorrect_checksum "sha1"
assert_success
}
@test "test - REST chunked upload - sha256 trailer - incorrect" {
run chunked_upload_trailer_incorrect_checksum "sha256"
assert_success
}
@test "test - REST chunked upload - crc32 trailer - incorrect" {
run chunked_upload_trailer_incorrect_checksum "crc32"
assert_success
}
@test "test - REST chunked upload - crc32c trailer - incorrect" {
run chunked_upload_trailer_incorrect_checksum "crc32c"
assert_success
}
@test "test - REST chunked upload - crc64nvme trailer - incorrect" {
run chunked_upload_trailer_incorrect_checksum "crc64nvme"
assert_success
}

14
tests/test_user_common.sh
View File

@@ -23,10 +23,6 @@ source ./tests/util/util_users.sh
source ./tests/commands/list_buckets.sh
test_admin_user() {
if [[ $# -ne 1 ]]; then
fail "test admin user command requires command type"
fi
admin_username="$USERNAME_ONE"
admin_password="$PASSWORD_ONE"
user_username="$USERNAME_TWO"
@@ -63,8 +59,6 @@ test_admin_user() {
}
test_create_user_already_exists() {
assert [ $# -eq 1 ]
username="$USERNAME_ONE"
password="$PASSWORD_ONE"
@@ -80,10 +74,6 @@ test_user_user() {
skip
fi
if [[ $# -ne 1 ]]; then
fail "test admin user command requires command type"
fi
username="$USERNAME_ONE"
password="$PASSWORD_ONE"
@@ -115,10 +105,6 @@ test_user_user() {
}
test_userplus_operation() {
if [[ $# -ne 1 ]]; then
fail "test admin user command requires command type"
fi
username="$USERNAME_ONE"
password="$PASSWORD_ONE"

2
tests/util/util_attributes.sh
View File

@@ -87,7 +87,7 @@ add_and_check_checksum() {
log 2 "'add_and_check_checksum' requires data file, key"
return 1
fi
if ! result=$(COMMAND_LOG="$COMMAND_LOG" DATA_FILE="$1" BUCKET_NAME="$BUCKET_ONE_NAME" OBJECT_KEY="$2" CHECKSUM="true" OUTPUT_FILE="$TEST_FILE_FOLDER/result.txt" ./tests/rest_scripts/put_object.sh); then
if ! result=$(COMMAND_LOG="$COMMAND_LOG" DATA_FILE="$1" BUCKET_NAME="$BUCKET_ONE_NAME" OBJECT_KEY="$2" CHECKSUM_TYPE="sha256" OUTPUT_FILE="$TEST_FILE_FOLDER/result.txt" ./tests/rest_scripts/put_object.sh); then
log 2 "error sending object file: $result"
return 1
fi

2
tests/util/util_bucket.sh
View File

@@ -278,7 +278,7 @@ setup_bucket() {
# bucket creation and resets take longer to propagate in direct mode
if [ "$DIRECT" == "true" ]; then
sleep 10
sleep 15
fi
if [[ $1 == "s3cmd" ]]; then

206
tests/util/util_chunked_upload.sh
View File

@@ -5,12 +5,18 @@ attempt_seed_signature_without_content_length() {
log 2 "'attempt_seed_signature_without_content_length' requires bucket name, key, data file"
return 1
fi
if ! result=$(COMMAND_LOG="$COMMAND_LOG" CONTENT_ENCODING="aws-chunked" BUCKET_NAME="$1" OBJECT_KEY="$2" DATA_FILE="$3" OUTPUT_FILE="$TEST_FILE_FOLDER/result.txt" ./tests/rest_scripts/put_object.sh); then
log 2 "error putting object: $result"
if ! result=$(COMMAND_LOG="$COMMAND_LOG" \
AWS_ACCESS_KEY_ID="$AWS_ACCESS_KEY_ID" \
AWS_SECRET_ACCESS_KEY="$AWS_SECRET_ACCESS_KEY" \
AWS_ENDPOINT_URL="$AWS_ENDPOINT_URL" \
DATA_FILE="$1" \
BUCKET_NAME="$2" \
OBJECT_KEY="$3" CHUNK_SIZE=8192 TEST_MODE=false COMMAND_FILE="$TEST_FILE_FOLDER/command.txt" NO_CONTENT_LENGTH="true" ./tests/rest_scripts/put_object_openssl_chunked_example.sh 2>&1); then
log 2 "error creating command: $result"
return 1
fi
if [ "$result" != 411 ]; then
log 2 "expected '411', actual '$result' ($(cat "$TEST_FILE_FOLDER/result.txt"))"
if ! send_via_openssl_and_check_code "$TEST_FILE_FOLDER/command.txt" 411; then
log 2 "error in sending or checking response code"
return 1
fi
return 0
@@ -32,12 +38,8 @@ attempt_chunked_upload_with_bad_first_signature() {
return 1
fi
host="${AWS_ENDPOINT_URL#http*://}"
if [ "$host" == "s3.amazonaws.com" ]; then
host+=":443"
fi
if ! result=$(openssl s_client -connect "$host" -ign_eof < "$TEST_FILE_FOLDER/command.txt" 2>&1); then
log 2 "error sending openssl command: $result"
if ! result=$(send_via_openssl "$TEST_FILE_FOLDER/command.txt"); then
log 2 "error sending command via openssl"
return 1
fi
response_code="$(echo "$result" | grep "HTTP" | awk '{print $2}')"
@@ -46,7 +48,9 @@ attempt_chunked_upload_with_bad_first_signature() {
log 2 "expected code '403', was '$response_code'"
return 1
fi
response_data="$(echo "$result" | grep "<")"
log 5 "result: $result"
response_data="$(echo "$result" | grep "<Error>")"
response_data="${response_data/---/}"
log 5 "response data: $response_data"
log 5 "END"
if ! check_xml_element <(echo "$response_data") "SignatureDoesNotMatch" "Error" "Code"; then
@@ -72,17 +76,8 @@ chunked_upload_success() {
return 1
fi
host="${AWS_ENDPOINT_URL#http*://}"
if [ "$host" == "s3.amazonaws.com" ]; then
host+=":443"
fi
if ! result=$(openssl s_client -connect "$host" -ign_eof < "$TEST_FILE_FOLDER/command.txt" 2>&1); then
log 2 "error sending openssl command: $result"
return 1
fi
response_code="$(echo "$result" | grep "HTTP" | awk '{print $2}')"
if [ "$response_code" != "200" ]; then
log 2 "expected response '200', was '$response_code'"
if ! send_via_openssl_and_check_code "$TEST_FILE_FOLDER/command.txt" 200; then
log 2 "error sending command via openssl or checking response code"
return 1
fi
return 0
@@ -107,12 +102,8 @@ attempt_chunked_upload_with_bad_final_signature() {
log 2 "error creating command: $result"
return 1
fi
host="${AWS_ENDPOINT_URL#http*://}"
if [ "$host" == "s3.amazonaws.com" ]; then
host+=":443"
fi
if ! result=$(openssl s_client -connect "$host" -ign_eof < "$TEST_FILE_FOLDER/command.txt" 2>&1); then
log 2 "error sending openssl command: $result"
if ! result=$(send_via_openssl "$TEST_FILE_FOLDER/command.txt"); then
log 2 "error sending command via openssl"
return 1
fi
response_code="$(echo "$result" | grep "HTTP" | awk '{print $2}')"
@@ -144,25 +135,15 @@ put_object_chunked_trailer_success() {
DATA_FILE="$1" \
BUCKET_NAME="$2" \
OBJECT_KEY="$3" CHUNK_SIZE=8192 TEST_MODE=false TRAILER="x-amz-checksum-$4" TEST_FILE_FOLDER="$TEST_FILE_FOLDER" COMMAND_FILE="$TEST_FILE_FOLDER/command.txt" ./tests/rest_scripts/put_object_openssl_chunked_trailer_example.sh 2>&1); then
log 2 "error creating command: $result"
return 1
fi
log 2 "error creating command: $result"
return 1
fi
host="${AWS_ENDPOINT_URL#http*://}"
if [ "$host" == "s3.amazonaws.com" ]; then
host+=":443"
fi
if ! result=$(openssl s_client -connect "$host" -ign_eof < "$TEST_FILE_FOLDER/command.txt" 2>&1); then
log 2 "error sending openssl command: $result"
return 1
fi
log 5 "result: $result"
response_code="$(echo "$result" | grep "HTTP" | awk '{print $2}')"
if [ "$response_code" != "200" ]; then
log 2 "expected response '200', was '$response_code'"
return 1
fi
return 0
if ! send_via_openssl_and_check_code "$TEST_FILE_FOLDER/command.txt" 200; then
log 2 "error sending command via openssl or checking response code"
return 1
fi
return 0
}
put_chunked_upload_trailer_invalid() {
@@ -182,12 +163,8 @@ put_chunked_upload_trailer_invalid() {
return 1
fi
host="${AWS_ENDPOINT_URL#http*://}"
if [ "$host" == "s3.amazonaws.com" ]; then
host+=":443"
fi
if ! result=$(openssl s_client -connect "$host" -ign_eof < "$TEST_FILE_FOLDER/command.txt" 2>&1); then
log 2 "error sending openssl command: $result"
if ! result=$(send_via_openssl "$TEST_FILE_FOLDER/command.txt"); then
log 2 "error sending command via openssl"
return 1
fi
response_code="$(echo "$result" | grep "HTTP" | awk '{print $2}')"
@@ -196,8 +173,9 @@ put_chunked_upload_trailer_invalid() {
return 1
fi
error_data="$(echo "$result" | grep "<Error>")"
if ! check_xml_element <(echo -n "$error_data") "InvalidRequest" "Error" "Code"; then
log 2 "error checking xml element"
echo -n "$error_data" > "$TEST_FILE_FOLDER/error-data.txt"
if ! check_xml_error_contains "$TEST_FILE_FOLDER/error-data.txt" "InvalidRequest" "The value specified in the x-amz-trailer header is not supported"; then
log 2 "error checking xml error, message"
return 1
fi
return 0
@@ -227,3 +205,123 @@ chunked_upload_trailer_success() {
fi
return 0
}
chunked_upload_trailer_invalid_checksum() {
if [ "$#" -ne 1 ]; then
log 2 "'chunked_upload_trailer_invalid_checksum' requires checksum"
return 1
fi
if ! setup_bucket "s3api" "$BUCKET_ONE_NAME"; then
log 2 "error setting up bucket"
return 1
fi
test_file="test-file"
if ! create_test_file "$test_file" 10000; then
log 2 "error creating test file"
return 1
fi
# shellcheck disable=SC2097,SC2098
if ! result=$(COMMAND_LOG="$COMMAND_LOG" \
AWS_ACCESS_KEY_ID="$AWS_ACCESS_KEY_ID" \
AWS_SECRET_ACCESS_KEY="$AWS_SECRET_ACCESS_KEY" \
AWS_ENDPOINT_URL="$AWS_ENDPOINT_URL" \
DATA_FILE="$TEST_FILE_FOLDER/$test_file" \
BUCKET_NAME="$BUCKET_ONE_NAME" \
OBJECT_KEY="$test_file" CHUNK_SIZE=8192 TEST_MODE=false TRAILER="x-amz-checksum-$1" CHECKSUM="a" TEST_FILE_FOLDER="$TEST_FILE_FOLDER" COMMAND_FILE="$TEST_FILE_FOLDER/command.txt" ./tests/rest_scripts/put_object_openssl_chunked_trailer_example.sh 2>&1); then
log 2 "error creating command: $result"
return 1
fi
if ! send_via_openssl_check_code_error_contains "$TEST_FILE_FOLDER/command.txt" "400" "InvalidRequest" "Value for x-amz-checksum-$1 trailing header is invalid."; then
log 2 "error sending openssl and checking response"
return 1
fi
return 0
}
chunked_upload_trailer_incorrect_checksum() {
if [ "$#" -ne 1 ]; then
log 2 "'chunked_upload_trailer_invalid_checksum' requires checksum"
return 1
fi
if ! setup_bucket "s3api" "$BUCKET_ONE_NAME"; then
log 2 "error setting up bucket"
return 1
fi
test_file="test-file"
if ! create_test_file "$test_file" 10000; then
log 2 "error creating test file"
return 1
fi
if ! checksum=$(calculate_incorrect_checksum "$1" "$test_file"); then
log 2 "error calculating incorrect checksum"
return 1
fi
# shellcheck disable=SC2097,SC2098
if ! result=$(COMMAND_LOG="$COMMAND_LOG" \
AWS_ACCESS_KEY_ID="$AWS_ACCESS_KEY_ID" \
AWS_SECRET_ACCESS_KEY="$AWS_SECRET_ACCESS_KEY" \
AWS_ENDPOINT_URL="$AWS_ENDPOINT_URL" \
DATA_FILE="$TEST_FILE_FOLDER/$test_file" \
BUCKET_NAME="$BUCKET_ONE_NAME" \
OBJECT_KEY="$test_file" CHUNK_SIZE=8192 TEST_MODE=false TRAILER="x-amz-checksum-$1" CHECKSUM="$checksum" TEST_FILE_FOLDER="$TEST_FILE_FOLDER" COMMAND_FILE="$TEST_FILE_FOLDER/command.txt" ./tests/rest_scripts/put_object_openssl_chunked_trailer_example.sh 2>&1); then
log 2 "error creating command: $result"
return 1
fi
uppercase_type="$(echo "$1" | tr '[:lower:]' '[:upper:]')"
if ! send_via_openssl_check_code_error_contains "$TEST_FILE_FOLDER/command.txt" "400" "BadDigest" "The $uppercase_type you specified did not match the calculated checksum."; then
log 2 "error sending openssl and checking response"
return 1
fi
return 0
}
send_via_openssl() {
if [ "$#" -ne 1 ]; then
log 2 "'send_via_openssl' requires command file"
return 1
fi
host="${AWS_ENDPOINT_URL#http*://}"
if [ "$host" == "s3.amazonaws.com" ]; then
host+=":443"
fi
if ! result=$(openssl s_client -connect "$host" -ign_eof < "$1" 2>&1); then
log 2 "error sending openssl command: $result"
return 1
fi
echo "$result"
}
send_via_openssl_and_check_code() {
if [ "$#" -ne 2 ]; then
log 2 "'send_via_openssl_and_check_code' requires command file, expected code"
return 1
fi
if ! result=$(send_via_openssl "$1"); then
log 2 "error sending command via openssl"
return 1
fi
response_code="$(echo "$result" | grep "HTTP/" | awk '{print $2}')"
if [ "$response_code" != "$2" ]; then
log 2 "expected '$2', actual '$response_code' (error response: '$result')"
return 1
fi
echo "$result"
}
send_via_openssl_check_code_error_contains() {
if [ "$#" -ne 4 ]; then
log 2 "'send_via_openssl_check_code_error_contains' requires command file, expected code, error, message"
return 1
fi
if ! result=$(send_via_openssl_and_check_code "$1" "$2"); then
log 2 "error sending and checking code"
return 1
fi
error_data="$(echo "$result" | grep "<Error>" | sed 's/---//')"
echo -n "$error_data" > "$TEST_FILE_FOLDER/error-data.txt"
if ! check_xml_error_contains "$TEST_FILE_FOLDER/error-data.txt" "$3" "$4"; then
log 2 "error checking xml error, message"
return 1
fi
return 0
}

27
tests/util/util_head_object.sh
View File

@@ -192,3 +192,30 @@ head_object_without_and_with_checksum() {
fi
return 0
}
check_default_checksum() {
if [ $# -ne 3 ]; then
log 2 "'head_object_without_checksum' requires bucket, file, local file"
return 1
fi
if ! result=$(OUTPUT_FILE="$TEST_FILE_FOLDER/result.txt" COMMAND_LOG="$COMMAND_LOG" BUCKET_NAME="$1" OBJECT_KEY="$2" ./tests/rest_scripts/head_object.sh); then
log 2 "error getting result: $result"
return 1
fi
if ! result=$(OUTPUT_FILE="$TEST_FILE_FOLDER/result.txt" COMMAND_LOG="$COMMAND_LOG" BUCKET_NAME="$1" OBJECT_KEY="$2" CHECKSUM="true" ./tests/rest_scripts/head_object.sh); then
log 2 "error getting result: $result"
return 1
fi
log 5 "result: $(cat "$TEST_FILE_FOLDER/result.txt")"
head_checksum=$(grep -i "x-amz-checksum-crc64nvme" "$TEST_FILE_FOLDER/result.txt" | awk '{print $2}' | sed 's/\r$//')
log 5 "checksum: $head_checksum"
if ! checksum=$(CHECKSUM_TYPE="crc64nvme" DATA_FILE="$3" TEST_FILE_FOLDER="$TEST_FILE_FOLDER" ./tests/rest_scripts/calculate_checksum.sh); then
log 2 "error calculating local checksum: $checksum"
return 1
fi
if [ "$head_checksum" != "$checksum" ]; then
log 2 "checksum mismatch (returned: '$head_checksum', local: '$checksum')"
return 1
fi
return 0
}

70
tests/util/util_legal_hold.sh
View File

@@ -57,3 +57,73 @@ check_legal_hold_without_lock_enabled() {
fi
return 0
}
check_remove_legal_hold_versions() {
if [ $# -ne 3 ]; then
log 2 "'check_remove_legal_hold_versions' requires bucket, key, version ID"
return 1
fi
if ! legal_hold=$(get_object_legal_hold_version_id "$1" "$2" "$3"); then
if [[ "$legal_hold" != *"MethodNotAllowed"* ]]; then
log 2 "error getting object legal hold status with version id"
return 1
fi
return 0
fi
log 5 "legal hold: $legal_hold"
if ! status="$(echo "$legal_hold" | grep -v "InsecureRequestWarning" | jq -r '.LegalHold.Status' 2>&1)"; then
log 2 "error getting legal hold status: $status"
return 1
fi
if [ "$status" == "ON" ]; then
if ! put_object_legal_hold_version_id "$1" "$2" "$3" "OFF"; then
log 2 "error removing legal hold of version ID"
return 1
fi
fi
return 0
}
check_legal_hold_without_payload() {
if [ $# -ne 2 ]; then
log 2 "'check_legal_hold_without_payload' requires bucket name, key"
return 1
fi
if ! result=$(COMMAND_LOG="$COMMAND_LOG" BUCKET_NAME="$1" OBJECT_KEY="$2" OMIT_PAYLOAD="true" OUTPUT_FILE="$TEST_FILE_FOLDER/result.txt" ./tests/rest_scripts/put_object_legal_hold.sh); then
log 2 "error: $result"
return 1
fi
if [ "$result" != "400" ]; then
log 2 "expected '400', was '$result' ($(cat "$TEST_FILE_FOLDER/result.txt"))"
return 1
fi
if ! check_xml_error_contains "$TEST_FILE_FOLDER/result.txt" "MalformedXML" "The XML you provided"; then
log 2 "error checking xml error, message"
return 1
fi
return 0
}
rest_check_legal_hold() {
if [ $# -ne 2 ]; then
log 2 "'rest_check_legal_hold' requires bucket name, key"
return 1
fi
if ! result=$(COMMAND_LOG="$COMMAND_LOG" BUCKET_NAME="$1" OBJECT_KEY="$2" STATUS="ON" OUTPUT_FILE="$TEST_FILE_FOLDER/result.txt" ./tests/rest_scripts/put_object_legal_hold.sh); then
log 2 "error: $result"
return 1
fi
if [ "$result" != "200" ]; then
log 2 "expected '200', was '$result' ($(cat "$TEST_FILE_FOLDER/result.txt"))"
return 1
fi
if ! result=$(COMMAND_LOG="$COMMAND_LOG" BUCKET_NAME="$1" OBJECT_KEY="$2" OUTPUT_FILE="$TEST_FILE_FOLDER/result.txt" ./tests/rest_scripts/get_object_legal_hold.sh); then
log 2 "error: $result"
return 1
fi
if ! check_xml_element "$TEST_FILE_FOLDER/result.txt" "ON" "LegalHold" "Status"; then
log 2 "error checking legal hold status"
return 1
fi
return 0
}

3
tests/util/util_object.sh
View File

@@ -336,7 +336,7 @@ put_object_rest_checksum() {
check_checksum_rest_invalid() {
if [ $# -ne 1 ]; then
log 2 "'put_object_rest_sha256_invalid' requires checksum type"
log 2 "'check_checksum_rest_invalid' requires checksum type"
return 1
fi
test_file="test_file"
@@ -405,6 +405,7 @@ calculate_incorrect_checksum() {
log 2 "invalid checksum type: $1"
return 1
esac
echo "$incorrect_checksum"
return 0
}

21
tests/util/util_retention.sh
View File

@@ -92,3 +92,24 @@ log_worm_protection() {
# shellcheck disable=SC2154
log 5 "RETENTION: $retention"
}
retention_rest_without_request_body() {
if [ $# -ne 2 ]; then
log 2 "'retention_rest_without_request_body' requires bucket name, key"
return 1
fi
if ! result=$(COMMAND_LOG="$COMMAND_LOG" BUCKET_NAME="$1" OBJECT_KEY="$2" OMIT_PAYLOAD="true" OUTPUT_FILE="$TEST_FILE_FOLDER/result.txt" ./tests/rest_scripts/put_object_retention.sh); then
log 2 "error: $result"
return 1
fi
if [ "$result" != "400" ]; then
log 2 "expected '400', was '$result'"
return 1
fi
log 5 "result: $result ($(cat "$TEST_FILE_FOLDER/result.txt"))"
if ! check_xml_error_contains "$TEST_FILE_FOLDER/result.txt" "MalformedXML" "The XML you provided"; then
log 2 "error checking xml reply"
return 1
fi
return 0
}

20
tests/util/util_setup.sh
View File

@@ -77,3 +77,23 @@ setup_bucket_file_and_user() {
echo "$result"
return 0
}
setup_bucket_object_lock_enabled() {
if [ $# -ne 1 ]; then
log 2 "'setup_bucket_object_lock_enabled' requires bucket name"
return 1
fi
if ! bucket_cleanup_if_bucket_exists "s3api" "$1"; then
log 2 "error cleaning up bucket"
return 1
fi
# in static bucket config, bucket will still exist
if ! bucket_exists "rest" "$1"; then
if ! create_bucket_object_lock_enabled "$1"; then
log 2 "error creating bucket with object lock enabled"
return 1
fi
fi
return 0
}

8
tests/util/util_versioning.sh
View File

@@ -65,8 +65,14 @@ delete_object_version_with_or_without_retention() {
log 5 "version ID: ${version_ids[$idx]}"
# shellcheck disable=SC2154
if [ "$lock_config_exists" == "true" ]; then
if ! check_remove_legal_hold_versions "$1" "${version_keys[$idx]}" "${version_ids[$idx]}"; then
log 2 "error checking, removing legal hold versions"
fi
if ! put_object_legal_hold_version_id "$1" "${version_keys[$idx]}" "${version_ids[$idx]}" "OFF"; then
log 2 "error turning off object legal hold"
fi
if ! delete_object_version_bypass_retention "$1" "${version_keys[$idx]}" "${version_ids[$idx]}"; then
log 2 "error deleting object version"
log 2 "error deleting object version, bypassing retention"
return 1
fi
else

58
tests/util/util_xml.sh
View File

@@ -1,17 +1,29 @@
#!/usr/bin/env bash
get_element_text() {
if [ $# -lt 2 ]; then
log 2 "'get_element_text' requires data source, XML tree"
return 1
fi
local xpath='//'
for tree_val in "${@:2}"; do
xpath+='*[local-name()="'$tree_val'"]/'
done
xpath+='text()'
if ! xml_val=$(xmllint --xpath "$xpath" "$1" 2>&1); then
log 2 "error getting XML value matching $xpath: $xml_val (file data: $(cat "$1"))"
return 1
fi
echo "$xml_val"
}
check_xml_element() {
if [ $# -lt 3 ]; then
log 2 "'check_xml_element' requires data source, expected value, XML tree"
return 1
fi
local xpath='//'
for tree_val in "${@:3}"; do
xpath+='*[local-name()="'$tree_val'"]/'
done
xpath+='text()'
if ! xml_val=$(xmllint --xpath "$xpath" "$1" 2>&1); then
log 2 "error getting XML value matching $xpath: $xml_val"
if ! xml_val=$(get_element_text "$1" "${@:3}"); then
log 2 "error getting element text"
return 1
fi
if [ "$2" != "$xml_val" ]; then
@@ -20,3 +32,35 @@ check_xml_element() {
fi
return 0
}
check_xml_element_contains() {
if [ $# -lt 3 ]; then
log 2 "'check_xml_element_contains' requires data source, expected value, XML tree"
return 1
fi
if ! xml_val=$(get_element_text "$1" "${@:3}"); then
log 2 "error getting element text"
return 1
fi
if [[ "$xml_val" != *"$2"* ]]; then
log 2 "XML data mismatch, expected '$2', actual '$xml_val'"
return 1
fi
return 0
}
check_xml_error_contains() {
if [ "$#" -ne 3 ]; then
log 2 "'check_xml_code_error_contains' requires data source, expected error, string"
return 1
fi
if ! check_xml_element "$1" "$2" "Error" "Code"; then
log 2 "error checking xml error code"
return 1
fi
if ! check_xml_element_contains "$1" "$3" "Error" "Message"; then
log 2 "error checking xml element"
return 1
fi
return 0
}