diff --git a/tests/commands/create_bucket.sh b/tests/commands/create_bucket.sh
index 99c173c..f191b26 100644
--- a/tests/commands/create_bucket.sh
+++ b/tests/commands/create_bucket.sh
@@ -85,5 +85,8 @@ create_bucket_object_lock_enabled() {
log 2 "error creating bucket: $error"
return 1
fi
+ if [ "$DIRECT" == "true" ]; then
+ sleep 15
+ fi
return 0
}
diff --git a/tests/commands/get_object_legal_hold.sh b/tests/commands/get_object_legal_hold.sh
index 269a9ff..edef8e3 100644
--- a/tests/commands/get_object_legal_hold.sh
+++ b/tests/commands/get_object_legal_hold.sh
@@ -42,4 +42,18 @@ get_object_legal_hold_rest() {
return 1
fi
return 0
-}
\ No newline at end of file
+}
+
+get_object_legal_hold_version_id() {
+ if [[ $# -ne 3 ]]; then
+ log 2 "'get_object_legal_hold_version_id' command requires bucket, key, version id"
+ return 1
+ fi
+ record_command "get-object-legal-hold" "client:s3api"
+ if ! legal_hold=$(send_command aws --no-verify-ssl s3api get-object-legal-hold --bucket "$1" --key "$2" --version-id "$3" 2>&1); then
+ log 2 "error getting object legal hold w/version id: $legal_hold"
+ return 1
+ fi
+ echo "$legal_hold"
+ return 0
+}
diff --git a/tests/commands/put_object_legal_hold.sh b/tests/commands/put_object_legal_hold.sh
index 8a65fd6..0c9f253 100644
--- a/tests/commands/put_object_legal_hold.sh
+++ b/tests/commands/put_object_legal_hold.sh
@@ -20,11 +20,23 @@ put_object_legal_hold() {
log 2 "'put object legal hold' command requires bucket, key, hold status ('ON' or 'OFF')"
return 1
fi
- local error=""
- error=$(send_command aws --no-verify-ssl s3api put-object-legal-hold --bucket "$1" --key "$2" --legal-hold "{\"Status\": \"$3\"}" 2>&1) || local put_hold_result=$?
- if [[ $put_hold_result -ne 0 ]]; then
+ if ! error=$(send_command aws --no-verify-ssl s3api put-object-legal-hold --bucket "$1" --key "$2" --legal-hold "{\"Status\": \"$3\"}" 2>&1); then
log 2 "error putting object legal hold: $error"
return 1
fi
return 0
-}
\ No newline at end of file
+}
+
+put_object_legal_hold_version_id() {
+ record_command "put-object-legal-hold" "client:s3api"
+ if [[ $# -ne 4 ]]; then
+ log 2 "'put_object_legal_hold_version_id' command requires bucket, key, version ID, hold status ('ON' or 'OFF')"
+ return 1
+ fi
+ local error=""
+ if ! error=$(send_command aws --no-verify-ssl s3api put-object-legal-hold --bucket "$1" --key "$2" --version-id "$3" --legal-hold "{\"Status\": \"$4\"}" 2>&1); then
+ log 2 "error putting object legal hold w/version ID: $error"
+ return 1
+ fi
+ return 0
+}
diff --git a/tests/rest_scripts/calculate_checksum.py b/tests/rest_scripts/calculate_checksum.py
new file mode 100644
index 0000000..dcf3254
--- /dev/null
+++ b/tests/rest_scripts/calculate_checksum.py
@@ -0,0 +1,21 @@
+import sys
+from awscrt import checksums
+
+def get_call(checksum_type):
+ if checksum_type == "crc32c":
+ return checksums.crc32c
+ elif checksum_type == "crc64nvme":
+ return checksums.crc64nvme
+ sys.stderr.write("unrecognized checksum type " + checksum_type)
+ sys.exit(1)
+
+def main():
+ if len(sys.argv) != 3:
+ sys.stderr.write('Checksum type, data file path required')
+ sys.exit(1)
+ with open(sys.argv[2], 'rb') as f:
+ function = get_call(sys.argv[1])
+ print(function(f.read()))
+
+if __name__ == "__main__":
+ main()
diff --git a/tests/rest_scripts/calculate_checksum.sh b/tests/rest_scripts/calculate_checksum.sh
index 6409c9c..a846585 100755
--- a/tests/rest_scripts/calculate_checksum.sh
+++ b/tests/rest_scripts/calculate_checksum.sh
@@ -16,29 +16,59 @@
source ./tests/rest_scripts/rest.sh
-if ! DEACTIVATE=false source ./tests/rest_scripts/init_python_env.sh; then
- log_rest 2 "error initializing python environment"
- exit 1
-fi
-if ! checksum_decimal=$(python3 -c "
-import sys
-from awscrt import checksums
+calculate_checksum_python() {
+ if [ "$#" -ne 2 ]; then
+ log 2 "'calculate_checksum_python' requires checksum type, data file"
+ return 1
+ fi
+ if ! DEACTIVATE=false source ./tests/rest_scripts/init_python_env.sh; then
+ log_rest 2 "error initializing python environment"
+ return 1
+ fi
+ if ! checksum_decimal=$(python3 ./tests/rest_scripts/calculate_checksum.py "$1" "$2" 2>&1); then
+ log_rest 2 "error calculating checksum: $checksum_decimal"
+ return 1
+ fi
+ log 5 "decimal checksum: $checksum_decimal"
+ if ! deactivate 1>/dev/null; then
+ log_rest 2 "error deactivating virtual environment"
+ return 1
+ fi
+ if [ "$CHECKSUM_TYPE" == "crc64nvme" ]; then
+ hex_format="%016x"
+ else
+ hex_format="%08x"
+ fi
+ # shellcheck disable=SC2059
+ checksum=$(printf "$hex_format" "$checksum_decimal" | xxd -r -p | base64)
+ echo "$checksum"
+}
-with open(sys.argv[1], 'rb') as f:
- print(checksums.${CHECKSUM_TYPE}(f.read()))" "$DATA_FILE" 2>&1); then
- log_rest 2 "error calculating checksum: $checksum_decimal"
+case "$CHECKSUM_TYPE" in
+"crc32c")
+ if ! checksum=$(calculate_checksum_python "crc32c" "$DATA_FILE" 2>&1); then
+ log_rest 2 "error getting checksum: $checksum"
+ exit 1
+ fi
+ ;;
+"crc64nvme")
+ if ! checksum=$(calculate_checksum_python "crc64nvme" "$DATA_FILE" 2>&1); then
+ log 2 "error calculating checksum: $checksum"
+ exit 1
+ fi
+ ;;
+"sha256")
+ checksum="$(sha256sum "$DATA_FILE" | awk '{print $1}' | xxd -r -p | base64)"
+ ;;
+"sha1")
+ checksum="$(sha1sum "$DATA_FILE" | awk '{print $1}' | xxd -r -p | base64)"
+ ;;
+"crc32")
+ checksum="$(gzip -c -1 "$DATA_FILE" | tail -c8 | od -t x4 -N 4 -A n | awk '{print $1}' | xxd -r -p | base64)"
+ ;;
+*)
+ log_rest 2 "invalid checksum type: '$CHECKSUM_TYPE'"
exit 1
-fi
-log 5 "decimal checksum: $checksum_decimal"
-if ! deactivate 1>/dev/null; then
- log_rest 2 "error deactivating virtual environment"
- exit 1
-fi
-if [ "$CHECKSUM_TYPE" == "crc64nvme" ]; then
- hex_format="%016x"
-else
- hex_format="%08x"
-fi
-# shellcheck disable=SC2059
-checksum_hash=$(printf "$hex_format" "$checksum_decimal" | xxd -r -p | base64)
-echo "$checksum_hash"
\ No newline at end of file
+ ;;
+esac
+echo "$checksum"
diff --git a/tests/rest_scripts/put_object.sh b/tests/rest_scripts/put_object.sh
index 43b91a2..cd14a0c 100755
--- a/tests/rest_scripts/put_object.sh
+++ b/tests/rest_scripts/put_object.sh
@@ -49,35 +49,12 @@ if [ -n "$expires" ]; then
cr_data+=("expires:$expires")
fi
cr_data+=("host:$host")
-if [ "$checksum_type" == "sha256" ]; then
- if [ -z "$checksum_hash" ]; then
- checksum_hash="$(sha256sum "$data_file" | awk '{print $1}' | xxd -r -p | base64)"
- fi
- cr_data+=("x-amz-checksum-sha256:$checksum_hash")
-elif [ "$checksum_type" == "sha1" ]; then
- if [ -z "$checksum_hash" ]; then
- checksum_hash="$(sha1sum "$data_file" | awk '{print $1}' | xxd -r -p | base64)"
- fi
- cr_data+=("x-amz-checksum-sha1:$checksum_hash")
-elif [ "$checksum_type" == "crc32" ]; then
- if [ -z "$checksum_hash" ]; then
- checksum_hash="$(gzip -c -1 "$data_file" | tail -c8 | od -t x4 -N 4 -A n | awk '{print $1}' | xxd -r -p | base64)"
- fi
- cr_data+=("x-amz-checksum-crc32:$checksum_hash")
-elif [ "$checksum_type" == "crc64nvme" ]; then
- if [ -z "$checksum_hash" ] && ! checksum_hash=$(DATA_FILE="$data_file" TEST_FILE_FOLDER="$TEST_FILE_FOLDER" CHECKSUM_TYPE="crc64nvme" ./tests/rest_scripts/calculate_checksum.sh 2>&1); then
- log_rest 2 "error calculating crc64nvme checksum: $checksum_hash"
+if [ "$checksum_type" != "" ]; then
+ if [ "$checksum_hash" == "" ] && ! checksum_hash=$(DATA_FILE="$data_file" CHECKSUM_TYPE="$checksum_type" ./tests/rest_scripts/calculate_checksum.sh 2>&1); then
+ log_rest 2 "error calculating checksum hash"
exit 1
fi
- cr_data+=("x-amz-checksum-crc64nvme:$checksum_hash")
-elif [ "$checksum_type" == "crc32c" ]; then
- if [ -z "$checksum_hash" ] && ! checksum_hash=$(DATA_FILE="$data_file" TEST_FILE_FOLDER="$TEST_FILE_FOLDER" CHECKSUM_TYPE="crc32c" ./tests/rest_scripts/calculate_checksum.sh 2>&1); then
- log_rest 2 "error calculating crc32c checksum: $checksum_hash"
- exit 1
- fi
- cr_data+=("x-amz-checksum-crc32c:$checksum_hash")
-elif [ "$checksum_type" != "" ]; then
- cr_data+=("x-amz-checksum-$checksum_type:$checksum_hash")
+ cr_data+=("x-amz-checksum-${checksum_type}:$checksum_hash")
fi
cr_data+=("x-amz-content-sha256:$payload_hash" "x-amz-date:$current_date_time")
build_canonical_request "${cr_data[@]}"
diff --git a/tests/rest_scripts/put_object_legal_hold.sh b/tests/rest_scripts/put_object_legal_hold.sh
new file mode 100755
index 0000000..1886243
--- /dev/null
+++ b/tests/rest_scripts/put_object_legal_hold.sh
@@ -0,0 +1,65 @@
+#!/usr/bin/env bash
+
+# Copyright 2024 Versity Software
+# This file is licensed under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http:#www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+source ./tests/rest_scripts/rest.sh
+
+# Fields
+
+# shellcheck disable=SC2153
+bucket_name="$BUCKET_NAME"
+# shellcheck disable=SC2153
+key="$OBJECT_KEY"
+# shellcheck disable=SC2153
+status="$STATUS"
+# shellcheck disable=SC2153
+omit_payload="${OMIT_PAYLOAD:=false}"
+
+if [ "$omit_payload" == "false" ]; then
+ payload="
+
+ $status
+"
+fi
+
+payload_hash="$(echo -n "$payload" | sha256sum | awk '{print $1}')"
+content_md5=$(echo -n "$payload" | openssl dgst -binary -md5 | openssl base64)
+current_date_time=$(date -u +"%Y%m%dT%H%M%SZ")
+
+canonical_request="PUT
+/$bucket_name/$key
+legal-hold=
+content-md5:$content_md5
+host:$host
+x-amz-content-sha256:$payload_hash
+x-amz-date:$current_date_time
+
+content-md5;host;x-amz-content-sha256;x-amz-date
+$payload_hash"
+
+# shellcheck disable=SC2119
+create_canonical_hash_sts_and_signature
+
+curl_command+=(curl -ks -w "\"%{http_code}\"" -X PUT "$AWS_ENDPOINT_URL/$bucket_name/$key?legal-hold="
+-H "\"Authorization: AWS4-HMAC-SHA256 Credential=$aws_access_key_id/$year_month_day/$aws_region/s3/aws4_request,SignedHeaders=content-md5;host;x-amz-content-sha256;x-amz-date,Signature=$signature\""
+-H "\"Content-MD5: $content_md5\""
+-H "\"x-amz-content-sha256: $payload_hash\""
+-H "\"x-amz-date: $current_date_time\"")
+if [ "$omit_payload" == "false" ]; then
+ curl_command+=(-d "\"${payload//\"/\\\"}\"")
+fi
+curl_command+=(-o "$OUTPUT_FILE")
+# shellcheck disable=SC2154
+eval "${curl_command[*]}" 2>&1
diff --git a/tests/rest_scripts/put_object_openssl_chunked_example.sh b/tests/rest_scripts/put_object_openssl_chunked_example.sh
index e3da71c..d21880d 100755
--- a/tests/rest_scripts/put_object_openssl_chunked_example.sh
+++ b/tests/rest_scripts/put_object_openssl_chunked_example.sh
@@ -23,6 +23,7 @@ load_parameters() {
test_mode=${TEST_MODE:=true}
# shellcheck disable=SC2034
command_file="${COMMAND_FILE:=command.txt}"
+ no_content_length="${NO_CONTENT_LENGTH:=false}"
readonly signature_no_data="e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855"
@@ -163,8 +164,15 @@ content-length:$content_length
host:$host
x-amz-content-sha256:STREAMING-AWS4-HMAC-SHA256-PAYLOAD
x-amz-date:$current_date_time
-x-amz-decoded-content-length:$file_size
-x-amz-storage-class:REDUCED_REDUNDANCY
+"
+if [ "$no_content_length" == "false" ]; then
+ canonical_request+="x-amz-decoded-content-length:$file_size
+"
+else
+ canonical_request+="x-amz-decoded-content-length:
+"
+fi
+canonical_request+="x-amz-storage-class:REDUCED_REDUNDANCY
content-encoding;content-length;host;x-amz-content-sha256;x-amz-date;x-amz-decoded-content-length;x-amz-storage-class
STREAMING-AWS4-HMAC-SHA256-PAYLOAD"
@@ -322,8 +330,12 @@ x-amz-storage-class: REDUCED_REDUNDANCY\r
Authorization: AWS4-HMAC-SHA256 Credential=$aws_access_key_id/$year_month_day/$aws_region/s3/aws4_request,SignedHeaders=content-encoding;content-length;host;x-amz-content-sha256;x-amz-date;x-amz-decoded-content-length;x-amz-storage-class,Signature=$first_signature\r
x-amz-content-sha256: STREAMING-AWS4-HMAC-SHA256-PAYLOAD\r
Content-Encoding: aws-chunked\r
-x-amz-decoded-content-length: $file_size\r
-Content-Length: $content_length\r
+"
+if [ "$no_content_length" == "false" ]; then
+ command+="x-amz-decoded-content-length: $file_size\r
+"
+fi
+command+="Content-Length: $content_length\r
\r\n"
if [ "$test_mode" == "true" ] && [ "$command" != "$expected_command" ]; then
diff --git a/tests/rest_scripts/put_object_openssl_chunked_trailer_example.sh b/tests/rest_scripts/put_object_openssl_chunked_trailer_example.sh
index 444c07d..dec3455 100755
--- a/tests/rest_scripts/put_object_openssl_chunked_trailer_example.sh
+++ b/tests/rest_scripts/put_object_openssl_chunked_trailer_example.sh
@@ -53,13 +53,15 @@ load_parameters() {
final_signature="$FINAL_SIGNATURE"
# shellcheck disable=SC2153
trailer="$TRAILER"
+ # shellcheck disable=SC2153
+ checksum="$CHECKSUM"
fi
readonly initial_sts_data="AWS4-HMAC-SHA256-PAYLOAD
$current_date_time
$year_month_day/$aws_region/s3/aws4_request"
- readonly initial_trailer_sts_data="AWS4-HMAC-SHA256-TRAILER
+ readonly trailer_sts_data="AWS4-HMAC-SHA256-TRAILER
$current_date_time
$year_month_day/$aws_region/s3/aws4_request"
@@ -95,7 +97,7 @@ e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855"
- readonly expected_sts_chunk_final="AWS4-HMAC-SHA256-PAYLOAD
+ readonly expected_sts_chunk_final="AWS4-HMAC-SHA256-TRAILER
20130524T000000Z
20130524/us-east-1/s3/aws4_request
2ca2aba2005185cf7159c6277faf83795951dd77a3a99e6e65d5c9f85863f992
@@ -124,7 +126,7 @@ x-amz-content-sha256: STREAMING-AWS4-HMAC-SHA256-PAYLOAD-TRAILER\r
Content-Encoding: aws-chunked\r
x-amz-decoded-content-length: 66560\r
x-amz-trailer: x-amz-checksum-crc32c\r
-Content-Length: 66824\r
+Content-Length: 66946\r
\r\n"
}
@@ -141,42 +143,26 @@ get_file_size_and_content_length() {
get_chunk_sizes
log_rest 5 "signature string length: ${#signature_string}"
content_length=$((length+file_size+${#signature_string}+92))
- if [ "$test_mode" == "true" ] && [ "$content_length" != 66824 ]; then
+ if [ "$test_mode" == "true" ] && [ "$content_length" != 66946 ]; then
log_rest 2 "content length mismatch ($content_length)"
return 1
fi
}
calculate_checksum() {
- case "$TRAILER" in
- "x-amz-checksum-crc32c")
- if ! checksum=$(DATA_FILE=$data_file TEST_FILE_FOLDER="$TEST_FILE_FOLDER" CHECKSUM_TYPE="crc32c" ./tests/rest_scripts/calculate_checksum.sh 2>&1); then
+ checksum_type="${trailer/x-amz-checksum-/}"
+ log_rest 5 "checksum type: $checksum_type"
+ if [ "$CHECKSUM" == "" ]; then
+ if ! checksum=$(DATA_FILE="$data_file" CHECKSUM_TYPE="$checksum_type" ./tests/rest_scripts/calculate_checksum.sh 2>&1); then
log_rest 2 "error getting checksum: $checksum"
return 1
fi
- ;;
- "x-amz-checksum-crc64nvme")
- if ! checksum=$(DATA_FILE="$data_file" TEST_FILE_FOLDER="$TEST_FILE_FOLDER" CHECKSUM_TYPE="crc64nvme" ./tests/rest_scripts/calculate_checksum.sh 2>&1); then
- log 2 "error calculating checksum: $checksum"
- return 1
- fi
- ;;
- "x-amz-checksum-sha256")
- checksum="$(sha256sum "$data_file" | awk '{print $1}' | xxd -r -p | base64)"
- ;;
- "x-amz-checksum-sha1")
- checksum="$(sha1sum "$data_file" | awk '{print $1}' | xxd -r -p | base64)"
- ;;
- "x-amz-checksum-crc32")
- checksum="$(gzip -c -1 "$data_file" | tail -c8 | od -t x4 -N 4 -A n | awk '{print $1}' | xxd -r -p | base64)"
- ;;
- *)
- log_rest 2 "invalid trailer type: '$TRAILER'"
- return 1
- ;;
- esac
- signature_string="$TRAILER:$checksum"
+ else
+ checksum="$CHECKSUM"
+ fi
+ signature_string="$trailer:$checksum"
trailer_payload_hash="$(echo "$signature_string" | sha256sum | awk '{print $1}')"
+ return 0
}
get_chunk_sizes() {
@@ -317,7 +303,7 @@ build_chunk() {
build_trailer() {
log_rest 5 "payload hash: $payload_hash"
- final_sts_data="$initial_trailer_sts_data
+ final_sts_data="$trailer_sts_data
$signature
$trailer_payload_hash"
log_rest 5 "$final_sts_data"
@@ -422,7 +408,7 @@ load_parameters
if ! calculate_checksum; then
log_rest 2 "error calculating trailer checksum"
- return 1
+ exit 1
fi
if ! get_file_size_and_content_length; then
log_rest 2 "error getting file size and content length"
diff --git a/tests/rest_scripts/put_object_retention.sh b/tests/rest_scripts/put_object_retention.sh
index 6cf092d..8b55023 100755
--- a/tests/rest_scripts/put_object_retention.sh
+++ b/tests/rest_scripts/put_object_retention.sh
@@ -26,12 +26,16 @@ key="$OBJECT_KEY"
mode="$RETENTION_MODE"
# shellcheck disable=SC2153
retain_until_date="$RETAIN_UNTIL_DATE"
+# shellcheck disable=SC2153
+omit_payload="${OMIT_PAYLOAD:=false}"
-payload="
-
- $mode
- $retain_until_date
-"
+if [ "$omit_payload" == "false" ]; then
+ payload="
+
+ $mode
+ $retain_until_date
+ "
+fi
payload_hash="$(echo -n "$payload" | sha256sum | awk '{print $1}')"
content_md5=$(echo -n "$payload" | openssl dgst -binary -md5 | openssl base64)
@@ -55,8 +59,10 @@ curl_command+=(curl -ks -w "\"%{http_code}\"" -X PUT "$AWS_ENDPOINT_URL/$bucket_
-H "\"Authorization: AWS4-HMAC-SHA256 Credential=$aws_access_key_id/$year_month_day/$aws_region/s3/aws4_request,SignedHeaders=content-md5;host;x-amz-content-sha256;x-amz-date,Signature=$signature\""
-H "\"Content-MD5: $content_md5\""
-H "\"x-amz-content-sha256: $payload_hash\""
--H "\"x-amz-date: $current_date_time\""
--d "\"${payload//\"/\\\"}\""
--o "$OUTPUT_FILE")
+-H "\"x-amz-date: $current_date_time\"")
+if [ "$omit_payload" == "false" ]; then
+ curl_command+=(-d "\"${payload//\"/\\\"}\"")
+fi
+curl_command+=(-o "$OUTPUT_FILE")
# shellcheck disable=SC2154
eval "${curl_command[*]}" 2>&1
diff --git a/tests/run.sh b/tests/run.sh
index 5657193..81c5001 100755
--- a/tests/run.sh
+++ b/tests/run.sh
@@ -151,6 +151,8 @@ run_suite() {
exit_code=1
elif ! "$HOME"/bin/bats ./tests/test_rest_versioning.sh; then
exit_code=1
+ elif ! "$HOME"/bin/bats ./tests/test_rest_bucket.sh; then
+ exit_code=1
fi
;;
s3api-user)
diff --git a/tests/test_rest.sh b/tests/test_rest.sh
index 32a0fa6..0e97f29 100755
--- a/tests/test_rest.sh
+++ b/tests/test_rest.sh
@@ -66,14 +66,6 @@ test_file="test_file"
assert_success
}
-@test "test_rest_list_buckets" {
- run setup_bucket "s3api" "$BUCKET_ONE_NAME"
- assert_success
-
- run list_check_buckets_rest
- assert_success
-}
-
@test "test_rest_delete_object" {
run setup_bucket_and_file "$BUCKET_ONE_NAME" "$test_file"
assert_success
@@ -144,26 +136,6 @@ test_file="test_file"
assert_success
}
-@test "test_rest_set_get_lock_config" {
- run setup_bucket "s3api" "$BUCKET_ONE_NAME"
- assert_success
-
- run check_no_object_lock_config_rest "$BUCKET_ONE_NAME"
- assert_success
-
- run bucket_cleanup_if_bucket_exists "s3api" "$BUCKET_ONE_NAME"
- assert_success
-
- # in static bucket config, bucket will still exist
- if ! bucket_exists "rest" "$BUCKET_ONE_NAME"; then
- run create_bucket_object_lock_enabled "$BUCKET_ONE_NAME"
- assert_success
- fi
-
- run check_object_lock_config_enabled_rest "$BUCKET_ONE_NAME"
- assert_success
-}
-
@test "REST - legal hold, get without config" {
run setup_bucket_and_file "$BUCKET_ONE_NAME" "$test_file"
assert_success
@@ -233,9 +205,6 @@ test_file="test_file"
}
@test "REST - attributes - checksum" {
- if [ "$DIRECT" != "true" ]; then
- skip "https://github.com/versity/versitygw/issues/1006"
- fi
run setup_bucket_and_file "$BUCKET_ONE_NAME" "$test_file"
assert_success
@@ -243,39 +212,6 @@ test_file="test_file"
assert_success
}
-@test "REST - bucket tagging - no tags" {
- run setup_bucket "s3api" "$BUCKET_ONE_NAME"
- assert_success
-
- run verify_no_bucket_tags_rest "$BUCKET_ONE_NAME"
- assert_success
-}
-
-@test "REST - bucket tagging - tags" {
- test_key="testKey"
- test_value="testValue"
-
- run setup_bucket "s3api" "$BUCKET_ONE_NAME"
- assert_success
-
- run add_verify_bucket_tags_rest "$BUCKET_ONE_NAME" "$test_key" "$test_value"
- assert_success
-}
-
-@test "REST - get, put bucket ownership controls" {
- run setup_bucket "s3api" "$BUCKET_ONE_NAME"
- assert_success
-
- run get_and_check_ownership_controls "$BUCKET_ONE_NAME" "BucketOwnerEnforced"
- assert_success
-
- run put_bucket_ownership_controls_rest "$BUCKET_ONE_NAME" "BucketOwnerPreferred"
- assert_success
-
- run get_and_check_ownership_controls "$BUCKET_ONE_NAME" "BucketOwnerPreferred"
- assert_success
-}
-
@test "REST - get policy w/o policy" {
if [ "$DIRECT" != "true" ]; then
skip "https://github.com/versity/versitygw/issues/959"
@@ -374,9 +310,6 @@ test_file="test_file"
}
@test "REST - head object" {
- if [ "$DIRECT" != "true" ]; then
- skip "https://github.com/versity/versitygw/issues/1114"
- fi
run setup_bucket_and_file "$BUCKET_ONE_NAME" "$test_file"
assert_success
@@ -391,6 +324,17 @@ test_file="test_file"
assert_success
}
+@test "REST - HeadObject - default crc64nvme checksum" {
+ run setup_bucket_and_file "$BUCKET_ONE_NAME" "$test_file"
+ assert_success
+
+ run put_object "rest" "$TEST_FILE_FOLDER/$test_file" "$BUCKET_ONE_NAME" "$test_file"
+ assert_success
+
+ run check_default_checksum "$BUCKET_ONE_NAME" "$test_file" "$TEST_FILE_FOLDER/$test_file"
+ assert_success
+}
+
@test "REST - POST call on root endpoint" {
if [ "$DIRECT" != "true" ]; then
skip "https://github.com/versity/versitygw/issues/1036"
@@ -508,19 +452,6 @@ test_file="test_file"
assert_success
}
-@test "REST - HeadBucket" {
- run setup_bucket "s3api" "$BUCKET_ONE_NAME"
- assert_success
-
- run head_bucket_rest "$BUCKET_ONE_NAME"
- assert_success
-}
-
-@test "REST - HeadBucket - doesn't exist" {
- run head_bucket_rest "$BUCKET_ONE_NAME"
- assert_failure 1
-}
-
@test "REST - PutObject with user permission - admin user" {
run setup_bucket_file_and_user "$BUCKET_ONE_NAME" "$test_file" "$USERNAME_ONE" "$PASSWORD_ONE" "admin"
assert_success
@@ -551,3 +482,54 @@ test_file="test_file"
run put_object_rest_user_bad_signature "$username" "$password" "$TEST_FILE_FOLDER/$test_file" "$BUCKET_ONE_NAME" "$test_file"
assert_success
}
+
+@test "REST - PutObjectRetention - w/o request body" {
+ if [ "$DIRECT" != "true" ]; then
+ skip "https://github.com/versity/versitygw/issues/1185"
+ fi
+ run setup_bucket_object_lock_enabled "$BUCKET_ONE_NAME"
+ assert_success
+
+ run create_test_file "$test_file"
+ assert_success
+
+ run put_object "rest" "$TEST_FILE_FOLDER/$test_file" "$BUCKET_ONE_NAME" "$test_file"
+ assert_success
+
+ run retention_rest_without_request_body "$BUCKET_ONE_NAME" "$test_file"
+ assert_success
+}
+
+@test "REST - PutObjectLegalHold w/o payload" {
+ if [ "$DIRECT" != "true" ]; then
+ skip "https://github.com/versity/versitygw/issues/1191"
+ fi
+ run setup_bucket_object_lock_enabled "$BUCKET_ONE_NAME"
+ assert_success
+
+ run create_test_file "$test_file"
+ assert_success
+
+ run put_object "rest" "$TEST_FILE_FOLDER/$test_file" "$BUCKET_ONE_NAME" "$test_file"
+ assert_success
+
+ run check_legal_hold_without_payload "$BUCKET_ONE_NAME" "$test_file"
+ assert_success
+}
+
+@test "REST - PutObjectLegalHold - success" {
+ if [ "$DIRECT" != "true" ]; then
+ skip "https://github.com/versity/versitygw/issues/1193"
+ fi
+ run setup_bucket_object_lock_enabled "$BUCKET_ONE_NAME"
+ assert_success
+
+ run create_test_file "$test_file"
+ assert_success
+
+ run put_object "rest" "$TEST_FILE_FOLDER/$test_file" "$BUCKET_ONE_NAME" "$test_file"
+ assert_success
+
+ run rest_check_legal_hold "$BUCKET_ONE_NAME" "$test_file"
+ assert_success
+}
diff --git a/tests/test_rest_bucket.sh b/tests/test_rest_bucket.sh
new file mode 100755
index 0000000..2acdb1d
--- /dev/null
+++ b/tests/test_rest_bucket.sh
@@ -0,0 +1,104 @@
+#!/usr/bin/env bats
+
+# Copyright 2024 Versity Software
+# This file is licensed under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http:#www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+load ./bats-support/load
+load ./bats-assert/load
+
+source ./tests/commands/get_object_lock_configuration.sh
+source ./tests/commands/head_bucket.sh
+source ./tests/commands/list_buckets.sh
+source ./tests/logger.sh
+source ./tests/setup.sh
+source ./tests/util/util_bucket.sh
+source ./tests/util/util_list_buckets.sh
+source ./tests/util/util_lock_config.sh
+source ./tests/util/util_ownership.sh
+source ./tests/util/util_rest.sh
+source ./tests/util/util_tags.sh
+
+@test "REST - HeadBucket" {
+ run setup_bucket "s3api" "$BUCKET_ONE_NAME"
+ assert_success
+
+ run head_bucket_rest "$BUCKET_ONE_NAME"
+ assert_success
+}
+
+@test "REST - HeadBucket - doesn't exist" {
+ run head_bucket_rest "$BUCKET_ONE_NAME"
+ assert_failure 1
+}
+
+@test "REST - bucket tagging - no tags" {
+ run setup_bucket "s3api" "$BUCKET_ONE_NAME"
+ assert_success
+
+ run verify_no_bucket_tags_rest "$BUCKET_ONE_NAME"
+ assert_success
+}
+
+@test "REST - bucket tagging - tags" {
+ test_key="testKey"
+ test_value="testValue"
+
+ run setup_bucket "s3api" "$BUCKET_ONE_NAME"
+ assert_success
+
+ run add_verify_bucket_tags_rest "$BUCKET_ONE_NAME" "$test_key" "$test_value"
+ assert_success
+}
+
+@test "test_rest_list_buckets" {
+ run setup_bucket "s3api" "$BUCKET_ONE_NAME"
+ assert_success
+
+ run list_check_buckets_rest
+ assert_success
+}
+
+@test "REST - get, put bucket ownership controls" {
+ run setup_bucket "s3api" "$BUCKET_ONE_NAME"
+ assert_success
+
+ run get_and_check_ownership_controls "$BUCKET_ONE_NAME" "BucketOwnerEnforced"
+ assert_success
+
+ run put_bucket_ownership_controls_rest "$BUCKET_ONE_NAME" "BucketOwnerPreferred"
+ assert_success
+
+ run get_and_check_ownership_controls "$BUCKET_ONE_NAME" "BucketOwnerPreferred"
+ assert_success
+}
+
+@test "test_rest_set_get_lock_config" {
+ run setup_bucket "s3api" "$BUCKET_ONE_NAME"
+ assert_success
+
+ run check_no_object_lock_config_rest "$BUCKET_ONE_NAME"
+ assert_success
+
+ run bucket_cleanup_if_bucket_exists "s3api" "$BUCKET_ONE_NAME"
+ assert_success
+
+ # in static bucket config, bucket will still exist
+ if ! bucket_exists "rest" "$BUCKET_ONE_NAME"; then
+ run create_bucket_object_lock_enabled "$BUCKET_ONE_NAME"
+ assert_success
+ fi
+
+ run check_object_lock_config_enabled_rest "$BUCKET_ONE_NAME"
+ assert_success
+}
diff --git a/tests/test_rest_chunked.sh b/tests/test_rest_chunked.sh
index 467a485..ec82fd9 100755
--- a/tests/test_rest_chunked.sh
+++ b/tests/test_rest_chunked.sh
@@ -26,20 +26,15 @@ source ./tests/util/util_head_object.sh
source ./tests/util/util_setup.sh
@test "REST - chunked upload, no content length" {
- if [ "$DIRECT" != "true" ]; then
- skip "https://github.com/versity/versitygw/issues/1043"
- fi
+ test_file="test-file"
run setup_bucket_and_file "$BUCKET_ONE_NAME" "$test_file"
assert_success
- run attempt_seed_signature_without_content_length "$BUCKET_ONE_NAME" "$test_file" "$TEST_FILE_FOLDER/$test_file"
+ run attempt_seed_signature_without_content_length "$TEST_FILE_FOLDER/$test_file" "$BUCKET_ONE_NAME" "$test_file"
assert_success
}
@test "REST - chunked upload, signature error" {
- if [ "$DIRECT" != "true" ]; then
- skip "https://github.com/versity/versitygw/issues/1123"
- fi
run setup_bucket "s3api" "$BUCKET_ONE_NAME"
assert_success
@@ -162,3 +157,68 @@ source ./tests/util/util_setup.sh
run put_chunked_upload_trailer_invalid "$TEST_FILE_FOLDER/$test_file" "$BUCKET_ONE_NAME" "$test_file"
assert_success
}
+
+@test "test - REST chunked upload - sha1 trailer - invalid" {
+ if [ "$DIRECT" != "true" ]; then
+ skip "https://github.com/versity/versitygw/issues/1165"
+ fi
+ run chunked_upload_trailer_invalid_checksum "sha1"
+ assert_success
+}
+
+@test "test - REST chunked upload - sha256 trailer - invalid" {
+ if [ "$DIRECT" != "true" ]; then
+ skip "https://github.com/versity/versitygw/issues/1165"
+ fi
+ run chunked_upload_trailer_invalid_checksum "sha256"
+ assert_success
+}
+
+@test "test - REST chunked upload - crc32 trailer - invalid" {
+ if [ "$DIRECT" != "true" ]; then
+ skip "https://github.com/versity/versitygw/issues/1165"
+ fi
+ run chunked_upload_trailer_invalid_checksum "crc32"
+ assert_success
+}
+
+@test "test - REST chunked upload - crc32c trailer - invalid" {
+ if [ "$DIRECT" != "true" ]; then
+ skip "https://github.com/versity/versitygw/issues/1165"
+ fi
+ run chunked_upload_trailer_invalid_checksum "crc32c"
+ assert_success
+}
+
+@test "test - REST chunked upload - crc64nvme trailer - invalid" {
+ if [ "$DIRECT" != "true" ]; then
+ skip "https://github.com/versity/versitygw/issues/1165"
+ fi
+ run chunked_upload_trailer_invalid_checksum "crc64nvme"
+ assert_success
+}
+
+@test "test - REST chunked upload - sha1 trailer - incorrect" {
+ run chunked_upload_trailer_incorrect_checksum "sha1"
+ assert_success
+}
+
+@test "test - REST chunked upload - sha256 trailer - incorrect" {
+ run chunked_upload_trailer_incorrect_checksum "sha256"
+ assert_success
+}
+
+@test "test - REST chunked upload - crc32 trailer - incorrect" {
+ run chunked_upload_trailer_incorrect_checksum "crc32"
+ assert_success
+}
+
+@test "test - REST chunked upload - crc32c trailer - incorrect" {
+ run chunked_upload_trailer_incorrect_checksum "crc32c"
+ assert_success
+}
+
+@test "test - REST chunked upload - crc64nvme trailer - incorrect" {
+ run chunked_upload_trailer_incorrect_checksum "crc64nvme"
+ assert_success
+}
diff --git a/tests/test_user_common.sh b/tests/test_user_common.sh
index e4eca07..24d068e 100755
--- a/tests/test_user_common.sh
+++ b/tests/test_user_common.sh
@@ -23,10 +23,6 @@ source ./tests/util/util_users.sh
source ./tests/commands/list_buckets.sh
test_admin_user() {
- if [[ $# -ne 1 ]]; then
- fail "test admin user command requires command type"
- fi
-
admin_username="$USERNAME_ONE"
admin_password="$PASSWORD_ONE"
user_username="$USERNAME_TWO"
@@ -63,8 +59,6 @@ test_admin_user() {
}
test_create_user_already_exists() {
- assert [ $# -eq 1 ]
-
username="$USERNAME_ONE"
password="$PASSWORD_ONE"
@@ -80,10 +74,6 @@ test_user_user() {
skip
fi
- if [[ $# -ne 1 ]]; then
- fail "test admin user command requires command type"
- fi
-
username="$USERNAME_ONE"
password="$PASSWORD_ONE"
@@ -115,10 +105,6 @@ test_user_user() {
}
test_userplus_operation() {
- if [[ $# -ne 1 ]]; then
- fail "test admin user command requires command type"
- fi
-
username="$USERNAME_ONE"
password="$PASSWORD_ONE"
diff --git a/tests/util/util_attributes.sh b/tests/util/util_attributes.sh
index d909b4d..c456c99 100644
--- a/tests/util/util_attributes.sh
+++ b/tests/util/util_attributes.sh
@@ -87,7 +87,7 @@ add_and_check_checksum() {
log 2 "'add_and_check_checksum' requires data file, key"
return 1
fi
- if ! result=$(COMMAND_LOG="$COMMAND_LOG" DATA_FILE="$1" BUCKET_NAME="$BUCKET_ONE_NAME" OBJECT_KEY="$2" CHECKSUM="true" OUTPUT_FILE="$TEST_FILE_FOLDER/result.txt" ./tests/rest_scripts/put_object.sh); then
+ if ! result=$(COMMAND_LOG="$COMMAND_LOG" DATA_FILE="$1" BUCKET_NAME="$BUCKET_ONE_NAME" OBJECT_KEY="$2" CHECKSUM_TYPE="sha256" OUTPUT_FILE="$TEST_FILE_FOLDER/result.txt" ./tests/rest_scripts/put_object.sh); then
log 2 "error sending object file: $result"
return 1
fi
diff --git a/tests/util/util_bucket.sh b/tests/util/util_bucket.sh
index 4450c84..c677575 100644
--- a/tests/util/util_bucket.sh
+++ b/tests/util/util_bucket.sh
@@ -278,7 +278,7 @@ setup_bucket() {
# bucket creation and resets take longer to propagate in direct mode
if [ "$DIRECT" == "true" ]; then
- sleep 10
+ sleep 15
fi
if [[ $1 == "s3cmd" ]]; then
diff --git a/tests/util/util_chunked_upload.sh b/tests/util/util_chunked_upload.sh
index e44bb16..38bd14c 100644
--- a/tests/util/util_chunked_upload.sh
+++ b/tests/util/util_chunked_upload.sh
@@ -5,12 +5,18 @@ attempt_seed_signature_without_content_length() {
log 2 "'attempt_seed_signature_without_content_length' requires bucket name, key, data file"
return 1
fi
- if ! result=$(COMMAND_LOG="$COMMAND_LOG" CONTENT_ENCODING="aws-chunked" BUCKET_NAME="$1" OBJECT_KEY="$2" DATA_FILE="$3" OUTPUT_FILE="$TEST_FILE_FOLDER/result.txt" ./tests/rest_scripts/put_object.sh); then
- log 2 "error putting object: $result"
+ if ! result=$(COMMAND_LOG="$COMMAND_LOG" \
+ AWS_ACCESS_KEY_ID="$AWS_ACCESS_KEY_ID" \
+ AWS_SECRET_ACCESS_KEY="$AWS_SECRET_ACCESS_KEY" \
+ AWS_ENDPOINT_URL="$AWS_ENDPOINT_URL" \
+ DATA_FILE="$1" \
+ BUCKET_NAME="$2" \
+ OBJECT_KEY="$3" CHUNK_SIZE=8192 TEST_MODE=false COMMAND_FILE="$TEST_FILE_FOLDER/command.txt" NO_CONTENT_LENGTH="true" ./tests/rest_scripts/put_object_openssl_chunked_example.sh 2>&1); then
+ log 2 "error creating command: $result"
return 1
fi
- if [ "$result" != 411 ]; then
- log 2 "expected '411', actual '$result' ($(cat "$TEST_FILE_FOLDER/result.txt"))"
+ if ! send_via_openssl_and_check_code "$TEST_FILE_FOLDER/command.txt" 411; then
+ log 2 "error in sending or checking response code"
return 1
fi
return 0
@@ -32,12 +38,8 @@ attempt_chunked_upload_with_bad_first_signature() {
return 1
fi
- host="${AWS_ENDPOINT_URL#http*://}"
- if [ "$host" == "s3.amazonaws.com" ]; then
- host+=":443"
- fi
- if ! result=$(openssl s_client -connect "$host" -ign_eof < "$TEST_FILE_FOLDER/command.txt" 2>&1); then
- log 2 "error sending openssl command: $result"
+ if ! result=$(send_via_openssl "$TEST_FILE_FOLDER/command.txt"); then
+ log 2 "error sending command via openssl"
return 1
fi
response_code="$(echo "$result" | grep "HTTP" | awk '{print $2}')"
@@ -46,7 +48,9 @@ attempt_chunked_upload_with_bad_first_signature() {
log 2 "expected code '403', was '$response_code'"
return 1
fi
- response_data="$(echo "$result" | grep "<")"
+ log 5 "result: $result"
+ response_data="$(echo "$result" | grep "")"
+ response_data="${response_data/---/}"
log 5 "response data: $response_data"
log 5 "END"
if ! check_xml_element <(echo "$response_data") "SignatureDoesNotMatch" "Error" "Code"; then
@@ -72,17 +76,8 @@ chunked_upload_success() {
return 1
fi
- host="${AWS_ENDPOINT_URL#http*://}"
- if [ "$host" == "s3.amazonaws.com" ]; then
- host+=":443"
- fi
- if ! result=$(openssl s_client -connect "$host" -ign_eof < "$TEST_FILE_FOLDER/command.txt" 2>&1); then
- log 2 "error sending openssl command: $result"
- return 1
- fi
- response_code="$(echo "$result" | grep "HTTP" | awk '{print $2}')"
- if [ "$response_code" != "200" ]; then
- log 2 "expected response '200', was '$response_code'"
+ if ! send_via_openssl_and_check_code "$TEST_FILE_FOLDER/command.txt" 200; then
+ log 2 "error sending command via openssl or checking response code"
return 1
fi
return 0
@@ -107,12 +102,8 @@ attempt_chunked_upload_with_bad_final_signature() {
log 2 "error creating command: $result"
return 1
fi
- host="${AWS_ENDPOINT_URL#http*://}"
- if [ "$host" == "s3.amazonaws.com" ]; then
- host+=":443"
- fi
- if ! result=$(openssl s_client -connect "$host" -ign_eof < "$TEST_FILE_FOLDER/command.txt" 2>&1); then
- log 2 "error sending openssl command: $result"
+ if ! result=$(send_via_openssl "$TEST_FILE_FOLDER/command.txt"); then
+ log 2 "error sending command via openssl"
return 1
fi
response_code="$(echo "$result" | grep "HTTP" | awk '{print $2}')"
@@ -144,25 +135,15 @@ put_object_chunked_trailer_success() {
DATA_FILE="$1" \
BUCKET_NAME="$2" \
OBJECT_KEY="$3" CHUNK_SIZE=8192 TEST_MODE=false TRAILER="x-amz-checksum-$4" TEST_FILE_FOLDER="$TEST_FILE_FOLDER" COMMAND_FILE="$TEST_FILE_FOLDER/command.txt" ./tests/rest_scripts/put_object_openssl_chunked_trailer_example.sh 2>&1); then
- log 2 "error creating command: $result"
- return 1
- fi
+ log 2 "error creating command: $result"
+ return 1
+ fi
- host="${AWS_ENDPOINT_URL#http*://}"
- if [ "$host" == "s3.amazonaws.com" ]; then
- host+=":443"
- fi
- if ! result=$(openssl s_client -connect "$host" -ign_eof < "$TEST_FILE_FOLDER/command.txt" 2>&1); then
- log 2 "error sending openssl command: $result"
- return 1
- fi
- log 5 "result: $result"
- response_code="$(echo "$result" | grep "HTTP" | awk '{print $2}')"
- if [ "$response_code" != "200" ]; then
- log 2 "expected response '200', was '$response_code'"
- return 1
- fi
- return 0
+ if ! send_via_openssl_and_check_code "$TEST_FILE_FOLDER/command.txt" 200; then
+ log 2 "error sending command via openssl or checking response code"
+ return 1
+ fi
+ return 0
}
put_chunked_upload_trailer_invalid() {
@@ -182,12 +163,8 @@ put_chunked_upload_trailer_invalid() {
return 1
fi
- host="${AWS_ENDPOINT_URL#http*://}"
- if [ "$host" == "s3.amazonaws.com" ]; then
- host+=":443"
- fi
- if ! result=$(openssl s_client -connect "$host" -ign_eof < "$TEST_FILE_FOLDER/command.txt" 2>&1); then
- log 2 "error sending openssl command: $result"
+ if ! result=$(send_via_openssl "$TEST_FILE_FOLDER/command.txt"); then
+ log 2 "error sending command via openssl"
return 1
fi
response_code="$(echo "$result" | grep "HTTP" | awk '{print $2}')"
@@ -196,8 +173,9 @@ put_chunked_upload_trailer_invalid() {
return 1
fi
error_data="$(echo "$result" | grep "")"
- if ! check_xml_element <(echo -n "$error_data") "InvalidRequest" "Error" "Code"; then
- log 2 "error checking xml element"
+ echo -n "$error_data" > "$TEST_FILE_FOLDER/error-data.txt"
+ if ! check_xml_error_contains "$TEST_FILE_FOLDER/error-data.txt" "InvalidRequest" "The value specified in the x-amz-trailer header is not supported"; then
+ log 2 "error checking xml error, message"
return 1
fi
return 0
@@ -227,3 +205,123 @@ chunked_upload_trailer_success() {
fi
return 0
}
+
+chunked_upload_trailer_invalid_checksum() {
+ if [ "$#" -ne 1 ]; then
+ log 2 "'chunked_upload_trailer_invalid_checksum' requires checksum"
+ return 1
+ fi
+ if ! setup_bucket "s3api" "$BUCKET_ONE_NAME"; then
+ log 2 "error setting up bucket"
+ return 1
+ fi
+ test_file="test-file"
+ if ! create_test_file "$test_file" 10000; then
+ log 2 "error creating test file"
+ return 1
+ fi
+ # shellcheck disable=SC2097,SC2098
+ if ! result=$(COMMAND_LOG="$COMMAND_LOG" \
+ AWS_ACCESS_KEY_ID="$AWS_ACCESS_KEY_ID" \
+ AWS_SECRET_ACCESS_KEY="$AWS_SECRET_ACCESS_KEY" \
+ AWS_ENDPOINT_URL="$AWS_ENDPOINT_URL" \
+ DATA_FILE="$TEST_FILE_FOLDER/$test_file" \
+ BUCKET_NAME="$BUCKET_ONE_NAME" \
+ OBJECT_KEY="$test_file" CHUNK_SIZE=8192 TEST_MODE=false TRAILER="x-amz-checksum-$1" CHECKSUM="a" TEST_FILE_FOLDER="$TEST_FILE_FOLDER" COMMAND_FILE="$TEST_FILE_FOLDER/command.txt" ./tests/rest_scripts/put_object_openssl_chunked_trailer_example.sh 2>&1); then
+ log 2 "error creating command: $result"
+ return 1
+ fi
+ if ! send_via_openssl_check_code_error_contains "$TEST_FILE_FOLDER/command.txt" "400" "InvalidRequest" "Value for x-amz-checksum-$1 trailing header is invalid."; then
+ log 2 "error sending openssl and checking response"
+ return 1
+ fi
+ return 0
+}
+
+chunked_upload_trailer_incorrect_checksum() {
+ if [ "$#" -ne 1 ]; then
+ log 2 "'chunked_upload_trailer_invalid_checksum' requires checksum"
+ return 1
+ fi
+ if ! setup_bucket "s3api" "$BUCKET_ONE_NAME"; then
+ log 2 "error setting up bucket"
+ return 1
+ fi
+ test_file="test-file"
+ if ! create_test_file "$test_file" 10000; then
+ log 2 "error creating test file"
+ return 1
+ fi
+ if ! checksum=$(calculate_incorrect_checksum "$1" "$test_file"); then
+ log 2 "error calculating incorrect checksum"
+ return 1
+ fi
+ # shellcheck disable=SC2097,SC2098
+ if ! result=$(COMMAND_LOG="$COMMAND_LOG" \
+ AWS_ACCESS_KEY_ID="$AWS_ACCESS_KEY_ID" \
+ AWS_SECRET_ACCESS_KEY="$AWS_SECRET_ACCESS_KEY" \
+ AWS_ENDPOINT_URL="$AWS_ENDPOINT_URL" \
+ DATA_FILE="$TEST_FILE_FOLDER/$test_file" \
+ BUCKET_NAME="$BUCKET_ONE_NAME" \
+ OBJECT_KEY="$test_file" CHUNK_SIZE=8192 TEST_MODE=false TRAILER="x-amz-checksum-$1" CHECKSUM="$checksum" TEST_FILE_FOLDER="$TEST_FILE_FOLDER" COMMAND_FILE="$TEST_FILE_FOLDER/command.txt" ./tests/rest_scripts/put_object_openssl_chunked_trailer_example.sh 2>&1); then
+ log 2 "error creating command: $result"
+ return 1
+ fi
+ uppercase_type="$(echo "$1" | tr '[:lower:]' '[:upper:]')"
+ if ! send_via_openssl_check_code_error_contains "$TEST_FILE_FOLDER/command.txt" "400" "BadDigest" "The $uppercase_type you specified did not match the calculated checksum."; then
+ log 2 "error sending openssl and checking response"
+ return 1
+ fi
+ return 0
+}
+
+send_via_openssl() {
+ if [ "$#" -ne 1 ]; then
+ log 2 "'send_via_openssl' requires command file"
+ return 1
+ fi
+ host="${AWS_ENDPOINT_URL#http*://}"
+ if [ "$host" == "s3.amazonaws.com" ]; then
+ host+=":443"
+ fi
+ if ! result=$(openssl s_client -connect "$host" -ign_eof < "$1" 2>&1); then
+ log 2 "error sending openssl command: $result"
+ return 1
+ fi
+ echo "$result"
+}
+
+send_via_openssl_and_check_code() {
+ if [ "$#" -ne 2 ]; then
+ log 2 "'send_via_openssl_and_check_code' requires command file, expected code"
+ return 1
+ fi
+ if ! result=$(send_via_openssl "$1"); then
+ log 2 "error sending command via openssl"
+ return 1
+ fi
+ response_code="$(echo "$result" | grep "HTTP/" | awk '{print $2}')"
+ if [ "$response_code" != "$2" ]; then
+ log 2 "expected '$2', actual '$response_code' (error response: '$result')"
+ return 1
+ fi
+ echo "$result"
+}
+
+send_via_openssl_check_code_error_contains() {
+ if [ "$#" -ne 4 ]; then
+ log 2 "'send_via_openssl_check_code_error_contains' requires command file, expected code, error, message"
+ return 1
+ fi
+ if ! result=$(send_via_openssl_and_check_code "$1" "$2"); then
+ log 2 "error sending and checking code"
+ return 1
+ fi
+ error_data="$(echo "$result" | grep "" | sed 's/---//')"
+ echo -n "$error_data" > "$TEST_FILE_FOLDER/error-data.txt"
+ if ! check_xml_error_contains "$TEST_FILE_FOLDER/error-data.txt" "$3" "$4"; then
+ log 2 "error checking xml error, message"
+ return 1
+ fi
+ return 0
+}
diff --git a/tests/util/util_head_object.sh b/tests/util/util_head_object.sh
index a70d525..03d1bb9 100644
--- a/tests/util/util_head_object.sh
+++ b/tests/util/util_head_object.sh
@@ -192,3 +192,30 @@ head_object_without_and_with_checksum() {
fi
return 0
}
+
+check_default_checksum() {
+ if [ $# -ne 3 ]; then
+ log 2 "'head_object_without_checksum' requires bucket, file, local file"
+ return 1
+ fi
+ if ! result=$(OUTPUT_FILE="$TEST_FILE_FOLDER/result.txt" COMMAND_LOG="$COMMAND_LOG" BUCKET_NAME="$1" OBJECT_KEY="$2" ./tests/rest_scripts/head_object.sh); then
+ log 2 "error getting result: $result"
+ return 1
+ fi
+ if ! result=$(OUTPUT_FILE="$TEST_FILE_FOLDER/result.txt" COMMAND_LOG="$COMMAND_LOG" BUCKET_NAME="$1" OBJECT_KEY="$2" CHECKSUM="true" ./tests/rest_scripts/head_object.sh); then
+ log 2 "error getting result: $result"
+ return 1
+ fi
+ log 5 "result: $(cat "$TEST_FILE_FOLDER/result.txt")"
+ head_checksum=$(grep -i "x-amz-checksum-crc64nvme" "$TEST_FILE_FOLDER/result.txt" | awk '{print $2}' | sed 's/\r$//')
+ log 5 "checksum: $head_checksum"
+ if ! checksum=$(CHECKSUM_TYPE="crc64nvme" DATA_FILE="$3" TEST_FILE_FOLDER="$TEST_FILE_FOLDER" ./tests/rest_scripts/calculate_checksum.sh); then
+ log 2 "error calculating local checksum: $checksum"
+ return 1
+ fi
+ if [ "$head_checksum" != "$checksum" ]; then
+ log 2 "checksum mismatch (returned: '$head_checksum', local: '$checksum')"
+ return 1
+ fi
+ return 0
+}
diff --git a/tests/util/util_legal_hold.sh b/tests/util/util_legal_hold.sh
index 31f504a..e381a28 100644
--- a/tests/util/util_legal_hold.sh
+++ b/tests/util/util_legal_hold.sh
@@ -57,3 +57,73 @@ check_legal_hold_without_lock_enabled() {
fi
return 0
}
+
+check_remove_legal_hold_versions() {
+ if [ $# -ne 3 ]; then
+ log 2 "'check_remove_legal_hold_versions' requires bucket, key, version ID"
+ return 1
+ fi
+ if ! legal_hold=$(get_object_legal_hold_version_id "$1" "$2" "$3"); then
+ if [[ "$legal_hold" != *"MethodNotAllowed"* ]]; then
+ log 2 "error getting object legal hold status with version id"
+ return 1
+ fi
+ return 0
+ fi
+ log 5 "legal hold: $legal_hold"
+ if ! status="$(echo "$legal_hold" | grep -v "InsecureRequestWarning" | jq -r '.LegalHold.Status' 2>&1)"; then
+ log 2 "error getting legal hold status: $status"
+ return 1
+ fi
+ if [ "$status" == "ON" ]; then
+ if ! put_object_legal_hold_version_id "$1" "$2" "$3" "OFF"; then
+ log 2 "error removing legal hold of version ID"
+ return 1
+ fi
+ fi
+ return 0
+}
+
+check_legal_hold_without_payload() {
+ if [ $# -ne 2 ]; then
+ log 2 "'check_legal_hold_without_payload' requires bucket name, key"
+ return 1
+ fi
+ if ! result=$(COMMAND_LOG="$COMMAND_LOG" BUCKET_NAME="$1" OBJECT_KEY="$2" OMIT_PAYLOAD="true" OUTPUT_FILE="$TEST_FILE_FOLDER/result.txt" ./tests/rest_scripts/put_object_legal_hold.sh); then
+ log 2 "error: $result"
+ return 1
+ fi
+ if [ "$result" != "400" ]; then
+ log 2 "expected '400', was '$result' ($(cat "$TEST_FILE_FOLDER/result.txt"))"
+ return 1
+ fi
+ if ! check_xml_error_contains "$TEST_FILE_FOLDER/result.txt" "MalformedXML" "The XML you provided"; then
+ log 2 "error checking xml error, message"
+ return 1
+ fi
+ return 0
+}
+
+rest_check_legal_hold() {
+ if [ $# -ne 2 ]; then
+ log 2 "'rest_check_legal_hold' requires bucket name, key"
+ return 1
+ fi
+ if ! result=$(COMMAND_LOG="$COMMAND_LOG" BUCKET_NAME="$1" OBJECT_KEY="$2" STATUS="ON" OUTPUT_FILE="$TEST_FILE_FOLDER/result.txt" ./tests/rest_scripts/put_object_legal_hold.sh); then
+ log 2 "error: $result"
+ return 1
+ fi
+ if [ "$result" != "200" ]; then
+ log 2 "expected '200', was '$result' ($(cat "$TEST_FILE_FOLDER/result.txt"))"
+ return 1
+ fi
+ if ! result=$(COMMAND_LOG="$COMMAND_LOG" BUCKET_NAME="$1" OBJECT_KEY="$2" OUTPUT_FILE="$TEST_FILE_FOLDER/result.txt" ./tests/rest_scripts/get_object_legal_hold.sh); then
+ log 2 "error: $result"
+ return 1
+ fi
+ if ! check_xml_element "$TEST_FILE_FOLDER/result.txt" "ON" "LegalHold" "Status"; then
+ log 2 "error checking legal hold status"
+ return 1
+ fi
+ return 0
+}
diff --git a/tests/util/util_object.sh b/tests/util/util_object.sh
index 5dcc6af..68128eb 100644
--- a/tests/util/util_object.sh
+++ b/tests/util/util_object.sh
@@ -336,7 +336,7 @@ put_object_rest_checksum() {
check_checksum_rest_invalid() {
if [ $# -ne 1 ]; then
- log 2 "'put_object_rest_sha256_invalid' requires checksum type"
+ log 2 "'check_checksum_rest_invalid' requires checksum type"
return 1
fi
test_file="test_file"
@@ -405,6 +405,7 @@ calculate_incorrect_checksum() {
log 2 "invalid checksum type: $1"
return 1
esac
+ echo "$incorrect_checksum"
return 0
}
diff --git a/tests/util/util_retention.sh b/tests/util/util_retention.sh
index dec3a07..64557c5 100644
--- a/tests/util/util_retention.sh
+++ b/tests/util/util_retention.sh
@@ -92,3 +92,24 @@ log_worm_protection() {
# shellcheck disable=SC2154
log 5 "RETENTION: $retention"
}
+
+retention_rest_without_request_body() {
+ if [ $# -ne 2 ]; then
+ log 2 "'retention_rest_without_request_body' requires bucket name, key"
+ return 1
+ fi
+ if ! result=$(COMMAND_LOG="$COMMAND_LOG" BUCKET_NAME="$1" OBJECT_KEY="$2" OMIT_PAYLOAD="true" OUTPUT_FILE="$TEST_FILE_FOLDER/result.txt" ./tests/rest_scripts/put_object_retention.sh); then
+ log 2 "error: $result"
+ return 1
+ fi
+ if [ "$result" != "400" ]; then
+ log 2 "expected '400', was '$result'"
+ return 1
+ fi
+ log 5 "result: $result ($(cat "$TEST_FILE_FOLDER/result.txt"))"
+ if ! check_xml_error_contains "$TEST_FILE_FOLDER/result.txt" "MalformedXML" "The XML you provided"; then
+ log 2 "error checking xml reply"
+ return 1
+ fi
+ return 0
+}
diff --git a/tests/util/util_setup.sh b/tests/util/util_setup.sh
index 9f6b9b6..6c58e9e 100644
--- a/tests/util/util_setup.sh
+++ b/tests/util/util_setup.sh
@@ -77,3 +77,23 @@ setup_bucket_file_and_user() {
echo "$result"
return 0
}
+
+setup_bucket_object_lock_enabled() {
+ if [ $# -ne 1 ]; then
+ log 2 "'setup_bucket_object_lock_enabled' requires bucket name"
+ return 1
+ fi
+ if ! bucket_cleanup_if_bucket_exists "s3api" "$1"; then
+ log 2 "error cleaning up bucket"
+ return 1
+ fi
+
+ # in static bucket config, bucket will still exist
+ if ! bucket_exists "rest" "$1"; then
+ if ! create_bucket_object_lock_enabled "$1"; then
+ log 2 "error creating bucket with object lock enabled"
+ return 1
+ fi
+ fi
+ return 0
+}
diff --git a/tests/util/util_versioning.sh b/tests/util/util_versioning.sh
index 244b825..6833570 100644
--- a/tests/util/util_versioning.sh
+++ b/tests/util/util_versioning.sh
@@ -65,8 +65,14 @@ delete_object_version_with_or_without_retention() {
log 5 "version ID: ${version_ids[$idx]}"
# shellcheck disable=SC2154
if [ "$lock_config_exists" == "true" ]; then
+ if ! check_remove_legal_hold_versions "$1" "${version_keys[$idx]}" "${version_ids[$idx]}"; then
+ log 2 "error checking, removing legal hold versions"
+ fi
+ if ! put_object_legal_hold_version_id "$1" "${version_keys[$idx]}" "${version_ids[$idx]}" "OFF"; then
+ log 2 "error turning off object legal hold"
+ fi
if ! delete_object_version_bypass_retention "$1" "${version_keys[$idx]}" "${version_ids[$idx]}"; then
- log 2 "error deleting object version"
+ log 2 "error deleting object version, bypassing retention"
return 1
fi
else
diff --git a/tests/util/util_xml.sh b/tests/util/util_xml.sh
index ff837ed..77da803 100644
--- a/tests/util/util_xml.sh
+++ b/tests/util/util_xml.sh
@@ -1,17 +1,29 @@
#!/usr/bin/env bash
+get_element_text() {
+ if [ $# -lt 2 ]; then
+ log 2 "'get_element_text' requires data source, XML tree"
+ return 1
+ fi
+ local xpath='//'
+ for tree_val in "${@:2}"; do
+ xpath+='*[local-name()="'$tree_val'"]/'
+ done
+ xpath+='text()'
+ if ! xml_val=$(xmllint --xpath "$xpath" "$1" 2>&1); then
+ log 2 "error getting XML value matching $xpath: $xml_val (file data: $(cat "$1"))"
+ return 1
+ fi
+ echo "$xml_val"
+}
+
check_xml_element() {
if [ $# -lt 3 ]; then
log 2 "'check_xml_element' requires data source, expected value, XML tree"
return 1
fi
- local xpath='//'
- for tree_val in "${@:3}"; do
- xpath+='*[local-name()="'$tree_val'"]/'
- done
- xpath+='text()'
- if ! xml_val=$(xmllint --xpath "$xpath" "$1" 2>&1); then
- log 2 "error getting XML value matching $xpath: $xml_val"
+ if ! xml_val=$(get_element_text "$1" "${@:3}"); then
+ log 2 "error getting element text"
return 1
fi
if [ "$2" != "$xml_val" ]; then
@@ -20,3 +32,35 @@ check_xml_element() {
fi
return 0
}
+
+check_xml_element_contains() {
+ if [ $# -lt 3 ]; then
+ log 2 "'check_xml_element_contains' requires data source, expected value, XML tree"
+ return 1
+ fi
+ if ! xml_val=$(get_element_text "$1" "${@:3}"); then
+ log 2 "error getting element text"
+ return 1
+ fi
+ if [[ "$xml_val" != *"$2"* ]]; then
+ log 2 "XML data mismatch, expected '$2', actual '$xml_val'"
+ return 1
+ fi
+ return 0
+}
+
+check_xml_error_contains() {
+ if [ "$#" -ne 3 ]; then
+ log 2 "'check_xml_code_error_contains' requires data source, expected error, string"
+ return 1
+ fi
+ if ! check_xml_element "$1" "$2" "Error" "Code"; then
+ log 2 "error checking xml error code"
+ return 1
+ fi
+ if ! check_xml_element_contains "$1" "$3" "Error" "Message"; then
+ log 2 "error checking xml element"
+ return 1
+ fi
+ return 0
+}