From 8431ba2a212b5295dbba46afa7fc79f8f88bb2bb Mon Sep 17 00:00:00 2001 From: Luke McCrone Date: Tue, 25 Mar 2025 20:29:48 -0300 Subject: [PATCH] test: chunked upload - invalid checksums, retention, legal hold tests --- tests/commands/create_bucket.sh | 3 + tests/commands/get_object_legal_hold.sh | 16 +- tests/commands/put_object_legal_hold.sh | 20 +- tests/rest_scripts/calculate_checksum.py | 21 ++ tests/rest_scripts/calculate_checksum.sh | 78 +++++-- tests/rest_scripts/put_object.sh | 31 +-- tests/rest_scripts/put_object_legal_hold.sh | 65 ++++++ .../put_object_openssl_chunked_example.sh | 20 +- ..._object_openssl_chunked_trailer_example.sh | 48 ++-- tests/rest_scripts/put_object_retention.sh | 22 +- tests/run.sh | 2 + tests/test_rest.sh | 142 ++++++------ tests/test_rest_bucket.sh | 104 +++++++++ tests/test_rest_chunked.sh | 74 ++++++- tests/test_user_common.sh | 14 -- tests/util/util_attributes.sh | 2 +- tests/util/util_bucket.sh | 2 +- tests/util/util_chunked_upload.sh | 206 +++++++++++++----- tests/util/util_head_object.sh | 27 +++ tests/util/util_legal_hold.sh | 70 ++++++ tests/util/util_object.sh | 3 +- tests/util/util_retention.sh | 21 ++ tests/util/util_setup.sh | 20 ++ tests/util/util_versioning.sh | 8 +- tests/util/util_xml.sh | 58 ++++- 25 files changed, 812 insertions(+), 265 deletions(-) create mode 100644 tests/rest_scripts/calculate_checksum.py create mode 100755 tests/rest_scripts/put_object_legal_hold.sh create mode 100755 tests/test_rest_bucket.sh diff --git a/tests/commands/create_bucket.sh b/tests/commands/create_bucket.sh index 99c173c..f191b26 100644 --- a/tests/commands/create_bucket.sh +++ b/tests/commands/create_bucket.sh @@ -85,5 +85,8 @@ create_bucket_object_lock_enabled() { log 2 "error creating bucket: $error" return 1 fi + if [ "$DIRECT" == "true" ]; then + sleep 15 + fi return 0 } diff --git a/tests/commands/get_object_legal_hold.sh b/tests/commands/get_object_legal_hold.sh index 269a9ff..edef8e3 100644 --- a/tests/commands/get_object_legal_hold.sh +++ b/tests/commands/get_object_legal_hold.sh @@ -42,4 +42,18 @@ get_object_legal_hold_rest() { return 1 fi return 0 -} \ No newline at end of file +} + +get_object_legal_hold_version_id() { + if [[ $# -ne 3 ]]; then + log 2 "'get_object_legal_hold_version_id' command requires bucket, key, version id" + return 1 + fi + record_command "get-object-legal-hold" "client:s3api" + if ! legal_hold=$(send_command aws --no-verify-ssl s3api get-object-legal-hold --bucket "$1" --key "$2" --version-id "$3" 2>&1); then + log 2 "error getting object legal hold w/version id: $legal_hold" + return 1 + fi + echo "$legal_hold" + return 0 +} diff --git a/tests/commands/put_object_legal_hold.sh b/tests/commands/put_object_legal_hold.sh index 8a65fd6..0c9f253 100644 --- a/tests/commands/put_object_legal_hold.sh +++ b/tests/commands/put_object_legal_hold.sh @@ -20,11 +20,23 @@ put_object_legal_hold() { log 2 "'put object legal hold' command requires bucket, key, hold status ('ON' or 'OFF')" return 1 fi - local error="" - error=$(send_command aws --no-verify-ssl s3api put-object-legal-hold --bucket "$1" --key "$2" --legal-hold "{\"Status\": \"$3\"}" 2>&1) || local put_hold_result=$? - if [[ $put_hold_result -ne 0 ]]; then + if ! error=$(send_command aws --no-verify-ssl s3api put-object-legal-hold --bucket "$1" --key "$2" --legal-hold "{\"Status\": \"$3\"}" 2>&1); then log 2 "error putting object legal hold: $error" return 1 fi return 0 -} \ No newline at end of file +} + +put_object_legal_hold_version_id() { + record_command "put-object-legal-hold" "client:s3api" + if [[ $# -ne 4 ]]; then + log 2 "'put_object_legal_hold_version_id' command requires bucket, key, version ID, hold status ('ON' or 'OFF')" + return 1 + fi + local error="" + if ! error=$(send_command aws --no-verify-ssl s3api put-object-legal-hold --bucket "$1" --key "$2" --version-id "$3" --legal-hold "{\"Status\": \"$4\"}" 2>&1); then + log 2 "error putting object legal hold w/version ID: $error" + return 1 + fi + return 0 +} diff --git a/tests/rest_scripts/calculate_checksum.py b/tests/rest_scripts/calculate_checksum.py new file mode 100644 index 0000000..dcf3254 --- /dev/null +++ b/tests/rest_scripts/calculate_checksum.py @@ -0,0 +1,21 @@ +import sys +from awscrt import checksums + +def get_call(checksum_type): + if checksum_type == "crc32c": + return checksums.crc32c + elif checksum_type == "crc64nvme": + return checksums.crc64nvme + sys.stderr.write("unrecognized checksum type " + checksum_type) + sys.exit(1) + +def main(): + if len(sys.argv) != 3: + sys.stderr.write('Checksum type, data file path required') + sys.exit(1) + with open(sys.argv[2], 'rb') as f: + function = get_call(sys.argv[1]) + print(function(f.read())) + +if __name__ == "__main__": + main() diff --git a/tests/rest_scripts/calculate_checksum.sh b/tests/rest_scripts/calculate_checksum.sh index 6409c9c..a846585 100755 --- a/tests/rest_scripts/calculate_checksum.sh +++ b/tests/rest_scripts/calculate_checksum.sh @@ -16,29 +16,59 @@ source ./tests/rest_scripts/rest.sh -if ! DEACTIVATE=false source ./tests/rest_scripts/init_python_env.sh; then - log_rest 2 "error initializing python environment" - exit 1 -fi -if ! checksum_decimal=$(python3 -c " -import sys -from awscrt import checksums +calculate_checksum_python() { + if [ "$#" -ne 2 ]; then + log 2 "'calculate_checksum_python' requires checksum type, data file" + return 1 + fi + if ! DEACTIVATE=false source ./tests/rest_scripts/init_python_env.sh; then + log_rest 2 "error initializing python environment" + return 1 + fi + if ! checksum_decimal=$(python3 ./tests/rest_scripts/calculate_checksum.py "$1" "$2" 2>&1); then + log_rest 2 "error calculating checksum: $checksum_decimal" + return 1 + fi + log 5 "decimal checksum: $checksum_decimal" + if ! deactivate 1>/dev/null; then + log_rest 2 "error deactivating virtual environment" + return 1 + fi + if [ "$CHECKSUM_TYPE" == "crc64nvme" ]; then + hex_format="%016x" + else + hex_format="%08x" + fi + # shellcheck disable=SC2059 + checksum=$(printf "$hex_format" "$checksum_decimal" | xxd -r -p | base64) + echo "$checksum" +} -with open(sys.argv[1], 'rb') as f: - print(checksums.${CHECKSUM_TYPE}(f.read()))" "$DATA_FILE" 2>&1); then - log_rest 2 "error calculating checksum: $checksum_decimal" +case "$CHECKSUM_TYPE" in +"crc32c") + if ! checksum=$(calculate_checksum_python "crc32c" "$DATA_FILE" 2>&1); then + log_rest 2 "error getting checksum: $checksum" + exit 1 + fi + ;; +"crc64nvme") + if ! checksum=$(calculate_checksum_python "crc64nvme" "$DATA_FILE" 2>&1); then + log 2 "error calculating checksum: $checksum" + exit 1 + fi + ;; +"sha256") + checksum="$(sha256sum "$DATA_FILE" | awk '{print $1}' | xxd -r -p | base64)" + ;; +"sha1") + checksum="$(sha1sum "$DATA_FILE" | awk '{print $1}' | xxd -r -p | base64)" + ;; +"crc32") + checksum="$(gzip -c -1 "$DATA_FILE" | tail -c8 | od -t x4 -N 4 -A n | awk '{print $1}' | xxd -r -p | base64)" + ;; +*) + log_rest 2 "invalid checksum type: '$CHECKSUM_TYPE'" exit 1 -fi -log 5 "decimal checksum: $checksum_decimal" -if ! deactivate 1>/dev/null; then - log_rest 2 "error deactivating virtual environment" - exit 1 -fi -if [ "$CHECKSUM_TYPE" == "crc64nvme" ]; then - hex_format="%016x" -else - hex_format="%08x" -fi -# shellcheck disable=SC2059 -checksum_hash=$(printf "$hex_format" "$checksum_decimal" | xxd -r -p | base64) -echo "$checksum_hash" \ No newline at end of file + ;; +esac +echo "$checksum" diff --git a/tests/rest_scripts/put_object.sh b/tests/rest_scripts/put_object.sh index 43b91a2..cd14a0c 100755 --- a/tests/rest_scripts/put_object.sh +++ b/tests/rest_scripts/put_object.sh @@ -49,35 +49,12 @@ if [ -n "$expires" ]; then cr_data+=("expires:$expires") fi cr_data+=("host:$host") -if [ "$checksum_type" == "sha256" ]; then - if [ -z "$checksum_hash" ]; then - checksum_hash="$(sha256sum "$data_file" | awk '{print $1}' | xxd -r -p | base64)" - fi - cr_data+=("x-amz-checksum-sha256:$checksum_hash") -elif [ "$checksum_type" == "sha1" ]; then - if [ -z "$checksum_hash" ]; then - checksum_hash="$(sha1sum "$data_file" | awk '{print $1}' | xxd -r -p | base64)" - fi - cr_data+=("x-amz-checksum-sha1:$checksum_hash") -elif [ "$checksum_type" == "crc32" ]; then - if [ -z "$checksum_hash" ]; then - checksum_hash="$(gzip -c -1 "$data_file" | tail -c8 | od -t x4 -N 4 -A n | awk '{print $1}' | xxd -r -p | base64)" - fi - cr_data+=("x-amz-checksum-crc32:$checksum_hash") -elif [ "$checksum_type" == "crc64nvme" ]; then - if [ -z "$checksum_hash" ] && ! checksum_hash=$(DATA_FILE="$data_file" TEST_FILE_FOLDER="$TEST_FILE_FOLDER" CHECKSUM_TYPE="crc64nvme" ./tests/rest_scripts/calculate_checksum.sh 2>&1); then - log_rest 2 "error calculating crc64nvme checksum: $checksum_hash" +if [ "$checksum_type" != "" ]; then + if [ "$checksum_hash" == "" ] && ! checksum_hash=$(DATA_FILE="$data_file" CHECKSUM_TYPE="$checksum_type" ./tests/rest_scripts/calculate_checksum.sh 2>&1); then + log_rest 2 "error calculating checksum hash" exit 1 fi - cr_data+=("x-amz-checksum-crc64nvme:$checksum_hash") -elif [ "$checksum_type" == "crc32c" ]; then - if [ -z "$checksum_hash" ] && ! checksum_hash=$(DATA_FILE="$data_file" TEST_FILE_FOLDER="$TEST_FILE_FOLDER" CHECKSUM_TYPE="crc32c" ./tests/rest_scripts/calculate_checksum.sh 2>&1); then - log_rest 2 "error calculating crc32c checksum: $checksum_hash" - exit 1 - fi - cr_data+=("x-amz-checksum-crc32c:$checksum_hash") -elif [ "$checksum_type" != "" ]; then - cr_data+=("x-amz-checksum-$checksum_type:$checksum_hash") + cr_data+=("x-amz-checksum-${checksum_type}:$checksum_hash") fi cr_data+=("x-amz-content-sha256:$payload_hash" "x-amz-date:$current_date_time") build_canonical_request "${cr_data[@]}" diff --git a/tests/rest_scripts/put_object_legal_hold.sh b/tests/rest_scripts/put_object_legal_hold.sh new file mode 100755 index 0000000..1886243 --- /dev/null +++ b/tests/rest_scripts/put_object_legal_hold.sh @@ -0,0 +1,65 @@ +#!/usr/bin/env bash + +# Copyright 2024 Versity Software +# This file is licensed under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http:#www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. + +source ./tests/rest_scripts/rest.sh + +# Fields + +# shellcheck disable=SC2153 +bucket_name="$BUCKET_NAME" +# shellcheck disable=SC2153 +key="$OBJECT_KEY" +# shellcheck disable=SC2153 +status="$STATUS" +# shellcheck disable=SC2153 +omit_payload="${OMIT_PAYLOAD:=false}" + +if [ "$omit_payload" == "false" ]; then + payload=" + + $status +" +fi + +payload_hash="$(echo -n "$payload" | sha256sum | awk '{print $1}')" +content_md5=$(echo -n "$payload" | openssl dgst -binary -md5 | openssl base64) +current_date_time=$(date -u +"%Y%m%dT%H%M%SZ") + +canonical_request="PUT +/$bucket_name/$key +legal-hold= +content-md5:$content_md5 +host:$host +x-amz-content-sha256:$payload_hash +x-amz-date:$current_date_time + +content-md5;host;x-amz-content-sha256;x-amz-date +$payload_hash" + +# shellcheck disable=SC2119 +create_canonical_hash_sts_and_signature + +curl_command+=(curl -ks -w "\"%{http_code}\"" -X PUT "$AWS_ENDPOINT_URL/$bucket_name/$key?legal-hold=" +-H "\"Authorization: AWS4-HMAC-SHA256 Credential=$aws_access_key_id/$year_month_day/$aws_region/s3/aws4_request,SignedHeaders=content-md5;host;x-amz-content-sha256;x-amz-date,Signature=$signature\"" +-H "\"Content-MD5: $content_md5\"" +-H "\"x-amz-content-sha256: $payload_hash\"" +-H "\"x-amz-date: $current_date_time\"") +if [ "$omit_payload" == "false" ]; then + curl_command+=(-d "\"${payload//\"/\\\"}\"") +fi +curl_command+=(-o "$OUTPUT_FILE") +# shellcheck disable=SC2154 +eval "${curl_command[*]}" 2>&1 diff --git a/tests/rest_scripts/put_object_openssl_chunked_example.sh b/tests/rest_scripts/put_object_openssl_chunked_example.sh index e3da71c..d21880d 100755 --- a/tests/rest_scripts/put_object_openssl_chunked_example.sh +++ b/tests/rest_scripts/put_object_openssl_chunked_example.sh @@ -23,6 +23,7 @@ load_parameters() { test_mode=${TEST_MODE:=true} # shellcheck disable=SC2034 command_file="${COMMAND_FILE:=command.txt}" + no_content_length="${NO_CONTENT_LENGTH:=false}" readonly signature_no_data="e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855" @@ -163,8 +164,15 @@ content-length:$content_length host:$host x-amz-content-sha256:STREAMING-AWS4-HMAC-SHA256-PAYLOAD x-amz-date:$current_date_time -x-amz-decoded-content-length:$file_size -x-amz-storage-class:REDUCED_REDUNDANCY +" +if [ "$no_content_length" == "false" ]; then + canonical_request+="x-amz-decoded-content-length:$file_size +" +else + canonical_request+="x-amz-decoded-content-length: +" +fi +canonical_request+="x-amz-storage-class:REDUCED_REDUNDANCY content-encoding;content-length;host;x-amz-content-sha256;x-amz-date;x-amz-decoded-content-length;x-amz-storage-class STREAMING-AWS4-HMAC-SHA256-PAYLOAD" @@ -322,8 +330,12 @@ x-amz-storage-class: REDUCED_REDUNDANCY\r Authorization: AWS4-HMAC-SHA256 Credential=$aws_access_key_id/$year_month_day/$aws_region/s3/aws4_request,SignedHeaders=content-encoding;content-length;host;x-amz-content-sha256;x-amz-date;x-amz-decoded-content-length;x-amz-storage-class,Signature=$first_signature\r x-amz-content-sha256: STREAMING-AWS4-HMAC-SHA256-PAYLOAD\r Content-Encoding: aws-chunked\r -x-amz-decoded-content-length: $file_size\r -Content-Length: $content_length\r +" +if [ "$no_content_length" == "false" ]; then + command+="x-amz-decoded-content-length: $file_size\r +" +fi +command+="Content-Length: $content_length\r \r\n" if [ "$test_mode" == "true" ] && [ "$command" != "$expected_command" ]; then diff --git a/tests/rest_scripts/put_object_openssl_chunked_trailer_example.sh b/tests/rest_scripts/put_object_openssl_chunked_trailer_example.sh index 444c07d..dec3455 100755 --- a/tests/rest_scripts/put_object_openssl_chunked_trailer_example.sh +++ b/tests/rest_scripts/put_object_openssl_chunked_trailer_example.sh @@ -53,13 +53,15 @@ load_parameters() { final_signature="$FINAL_SIGNATURE" # shellcheck disable=SC2153 trailer="$TRAILER" + # shellcheck disable=SC2153 + checksum="$CHECKSUM" fi readonly initial_sts_data="AWS4-HMAC-SHA256-PAYLOAD $current_date_time $year_month_day/$aws_region/s3/aws4_request" - readonly initial_trailer_sts_data="AWS4-HMAC-SHA256-TRAILER + readonly trailer_sts_data="AWS4-HMAC-SHA256-TRAILER $current_date_time $year_month_day/$aws_region/s3/aws4_request" @@ -95,7 +97,7 @@ e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855" - readonly expected_sts_chunk_final="AWS4-HMAC-SHA256-PAYLOAD + readonly expected_sts_chunk_final="AWS4-HMAC-SHA256-TRAILER 20130524T000000Z 20130524/us-east-1/s3/aws4_request 2ca2aba2005185cf7159c6277faf83795951dd77a3a99e6e65d5c9f85863f992 @@ -124,7 +126,7 @@ x-amz-content-sha256: STREAMING-AWS4-HMAC-SHA256-PAYLOAD-TRAILER\r Content-Encoding: aws-chunked\r x-amz-decoded-content-length: 66560\r x-amz-trailer: x-amz-checksum-crc32c\r -Content-Length: 66824\r +Content-Length: 66946\r \r\n" } @@ -141,42 +143,26 @@ get_file_size_and_content_length() { get_chunk_sizes log_rest 5 "signature string length: ${#signature_string}" content_length=$((length+file_size+${#signature_string}+92)) - if [ "$test_mode" == "true" ] && [ "$content_length" != 66824 ]; then + if [ "$test_mode" == "true" ] && [ "$content_length" != 66946 ]; then log_rest 2 "content length mismatch ($content_length)" return 1 fi } calculate_checksum() { - case "$TRAILER" in - "x-amz-checksum-crc32c") - if ! checksum=$(DATA_FILE=$data_file TEST_FILE_FOLDER="$TEST_FILE_FOLDER" CHECKSUM_TYPE="crc32c" ./tests/rest_scripts/calculate_checksum.sh 2>&1); then + checksum_type="${trailer/x-amz-checksum-/}" + log_rest 5 "checksum type: $checksum_type" + if [ "$CHECKSUM" == "" ]; then + if ! checksum=$(DATA_FILE="$data_file" CHECKSUM_TYPE="$checksum_type" ./tests/rest_scripts/calculate_checksum.sh 2>&1); then log_rest 2 "error getting checksum: $checksum" return 1 fi - ;; - "x-amz-checksum-crc64nvme") - if ! checksum=$(DATA_FILE="$data_file" TEST_FILE_FOLDER="$TEST_FILE_FOLDER" CHECKSUM_TYPE="crc64nvme" ./tests/rest_scripts/calculate_checksum.sh 2>&1); then - log 2 "error calculating checksum: $checksum" - return 1 - fi - ;; - "x-amz-checksum-sha256") - checksum="$(sha256sum "$data_file" | awk '{print $1}' | xxd -r -p | base64)" - ;; - "x-amz-checksum-sha1") - checksum="$(sha1sum "$data_file" | awk '{print $1}' | xxd -r -p | base64)" - ;; - "x-amz-checksum-crc32") - checksum="$(gzip -c -1 "$data_file" | tail -c8 | od -t x4 -N 4 -A n | awk '{print $1}' | xxd -r -p | base64)" - ;; - *) - log_rest 2 "invalid trailer type: '$TRAILER'" - return 1 - ;; - esac - signature_string="$TRAILER:$checksum" + else + checksum="$CHECKSUM" + fi + signature_string="$trailer:$checksum" trailer_payload_hash="$(echo "$signature_string" | sha256sum | awk '{print $1}')" + return 0 } get_chunk_sizes() { @@ -317,7 +303,7 @@ build_chunk() { build_trailer() { log_rest 5 "payload hash: $payload_hash" - final_sts_data="$initial_trailer_sts_data + final_sts_data="$trailer_sts_data $signature $trailer_payload_hash" log_rest 5 "$final_sts_data" @@ -422,7 +408,7 @@ load_parameters if ! calculate_checksum; then log_rest 2 "error calculating trailer checksum" - return 1 + exit 1 fi if ! get_file_size_and_content_length; then log_rest 2 "error getting file size and content length" diff --git a/tests/rest_scripts/put_object_retention.sh b/tests/rest_scripts/put_object_retention.sh index 6cf092d..8b55023 100755 --- a/tests/rest_scripts/put_object_retention.sh +++ b/tests/rest_scripts/put_object_retention.sh @@ -26,12 +26,16 @@ key="$OBJECT_KEY" mode="$RETENTION_MODE" # shellcheck disable=SC2153 retain_until_date="$RETAIN_UNTIL_DATE" +# shellcheck disable=SC2153 +omit_payload="${OMIT_PAYLOAD:=false}" -payload=" - - $mode - $retain_until_date -" +if [ "$omit_payload" == "false" ]; then + payload=" + + $mode + $retain_until_date + " +fi payload_hash="$(echo -n "$payload" | sha256sum | awk '{print $1}')" content_md5=$(echo -n "$payload" | openssl dgst -binary -md5 | openssl base64) @@ -55,8 +59,10 @@ curl_command+=(curl -ks -w "\"%{http_code}\"" -X PUT "$AWS_ENDPOINT_URL/$bucket_ -H "\"Authorization: AWS4-HMAC-SHA256 Credential=$aws_access_key_id/$year_month_day/$aws_region/s3/aws4_request,SignedHeaders=content-md5;host;x-amz-content-sha256;x-amz-date,Signature=$signature\"" -H "\"Content-MD5: $content_md5\"" -H "\"x-amz-content-sha256: $payload_hash\"" --H "\"x-amz-date: $current_date_time\"" --d "\"${payload//\"/\\\"}\"" --o "$OUTPUT_FILE") +-H "\"x-amz-date: $current_date_time\"") +if [ "$omit_payload" == "false" ]; then + curl_command+=(-d "\"${payload//\"/\\\"}\"") +fi +curl_command+=(-o "$OUTPUT_FILE") # shellcheck disable=SC2154 eval "${curl_command[*]}" 2>&1 diff --git a/tests/run.sh b/tests/run.sh index 5657193..81c5001 100755 --- a/tests/run.sh +++ b/tests/run.sh @@ -151,6 +151,8 @@ run_suite() { exit_code=1 elif ! "$HOME"/bin/bats ./tests/test_rest_versioning.sh; then exit_code=1 + elif ! "$HOME"/bin/bats ./tests/test_rest_bucket.sh; then + exit_code=1 fi ;; s3api-user) diff --git a/tests/test_rest.sh b/tests/test_rest.sh index 32a0fa6..0e97f29 100755 --- a/tests/test_rest.sh +++ b/tests/test_rest.sh @@ -66,14 +66,6 @@ test_file="test_file" assert_success } -@test "test_rest_list_buckets" { - run setup_bucket "s3api" "$BUCKET_ONE_NAME" - assert_success - - run list_check_buckets_rest - assert_success -} - @test "test_rest_delete_object" { run setup_bucket_and_file "$BUCKET_ONE_NAME" "$test_file" assert_success @@ -144,26 +136,6 @@ test_file="test_file" assert_success } -@test "test_rest_set_get_lock_config" { - run setup_bucket "s3api" "$BUCKET_ONE_NAME" - assert_success - - run check_no_object_lock_config_rest "$BUCKET_ONE_NAME" - assert_success - - run bucket_cleanup_if_bucket_exists "s3api" "$BUCKET_ONE_NAME" - assert_success - - # in static bucket config, bucket will still exist - if ! bucket_exists "rest" "$BUCKET_ONE_NAME"; then - run create_bucket_object_lock_enabled "$BUCKET_ONE_NAME" - assert_success - fi - - run check_object_lock_config_enabled_rest "$BUCKET_ONE_NAME" - assert_success -} - @test "REST - legal hold, get without config" { run setup_bucket_and_file "$BUCKET_ONE_NAME" "$test_file" assert_success @@ -233,9 +205,6 @@ test_file="test_file" } @test "REST - attributes - checksum" { - if [ "$DIRECT" != "true" ]; then - skip "https://github.com/versity/versitygw/issues/1006" - fi run setup_bucket_and_file "$BUCKET_ONE_NAME" "$test_file" assert_success @@ -243,39 +212,6 @@ test_file="test_file" assert_success } -@test "REST - bucket tagging - no tags" { - run setup_bucket "s3api" "$BUCKET_ONE_NAME" - assert_success - - run verify_no_bucket_tags_rest "$BUCKET_ONE_NAME" - assert_success -} - -@test "REST - bucket tagging - tags" { - test_key="testKey" - test_value="testValue" - - run setup_bucket "s3api" "$BUCKET_ONE_NAME" - assert_success - - run add_verify_bucket_tags_rest "$BUCKET_ONE_NAME" "$test_key" "$test_value" - assert_success -} - -@test "REST - get, put bucket ownership controls" { - run setup_bucket "s3api" "$BUCKET_ONE_NAME" - assert_success - - run get_and_check_ownership_controls "$BUCKET_ONE_NAME" "BucketOwnerEnforced" - assert_success - - run put_bucket_ownership_controls_rest "$BUCKET_ONE_NAME" "BucketOwnerPreferred" - assert_success - - run get_and_check_ownership_controls "$BUCKET_ONE_NAME" "BucketOwnerPreferred" - assert_success -} - @test "REST - get policy w/o policy" { if [ "$DIRECT" != "true" ]; then skip "https://github.com/versity/versitygw/issues/959" @@ -374,9 +310,6 @@ test_file="test_file" } @test "REST - head object" { - if [ "$DIRECT" != "true" ]; then - skip "https://github.com/versity/versitygw/issues/1114" - fi run setup_bucket_and_file "$BUCKET_ONE_NAME" "$test_file" assert_success @@ -391,6 +324,17 @@ test_file="test_file" assert_success } +@test "REST - HeadObject - default crc64nvme checksum" { + run setup_bucket_and_file "$BUCKET_ONE_NAME" "$test_file" + assert_success + + run put_object "rest" "$TEST_FILE_FOLDER/$test_file" "$BUCKET_ONE_NAME" "$test_file" + assert_success + + run check_default_checksum "$BUCKET_ONE_NAME" "$test_file" "$TEST_FILE_FOLDER/$test_file" + assert_success +} + @test "REST - POST call on root endpoint" { if [ "$DIRECT" != "true" ]; then skip "https://github.com/versity/versitygw/issues/1036" @@ -508,19 +452,6 @@ test_file="test_file" assert_success } -@test "REST - HeadBucket" { - run setup_bucket "s3api" "$BUCKET_ONE_NAME" - assert_success - - run head_bucket_rest "$BUCKET_ONE_NAME" - assert_success -} - -@test "REST - HeadBucket - doesn't exist" { - run head_bucket_rest "$BUCKET_ONE_NAME" - assert_failure 1 -} - @test "REST - PutObject with user permission - admin user" { run setup_bucket_file_and_user "$BUCKET_ONE_NAME" "$test_file" "$USERNAME_ONE" "$PASSWORD_ONE" "admin" assert_success @@ -551,3 +482,54 @@ test_file="test_file" run put_object_rest_user_bad_signature "$username" "$password" "$TEST_FILE_FOLDER/$test_file" "$BUCKET_ONE_NAME" "$test_file" assert_success } + +@test "REST - PutObjectRetention - w/o request body" { + if [ "$DIRECT" != "true" ]; then + skip "https://github.com/versity/versitygw/issues/1185" + fi + run setup_bucket_object_lock_enabled "$BUCKET_ONE_NAME" + assert_success + + run create_test_file "$test_file" + assert_success + + run put_object "rest" "$TEST_FILE_FOLDER/$test_file" "$BUCKET_ONE_NAME" "$test_file" + assert_success + + run retention_rest_without_request_body "$BUCKET_ONE_NAME" "$test_file" + assert_success +} + +@test "REST - PutObjectLegalHold w/o payload" { + if [ "$DIRECT" != "true" ]; then + skip "https://github.com/versity/versitygw/issues/1191" + fi + run setup_bucket_object_lock_enabled "$BUCKET_ONE_NAME" + assert_success + + run create_test_file "$test_file" + assert_success + + run put_object "rest" "$TEST_FILE_FOLDER/$test_file" "$BUCKET_ONE_NAME" "$test_file" + assert_success + + run check_legal_hold_without_payload "$BUCKET_ONE_NAME" "$test_file" + assert_success +} + +@test "REST - PutObjectLegalHold - success" { + if [ "$DIRECT" != "true" ]; then + skip "https://github.com/versity/versitygw/issues/1193" + fi + run setup_bucket_object_lock_enabled "$BUCKET_ONE_NAME" + assert_success + + run create_test_file "$test_file" + assert_success + + run put_object "rest" "$TEST_FILE_FOLDER/$test_file" "$BUCKET_ONE_NAME" "$test_file" + assert_success + + run rest_check_legal_hold "$BUCKET_ONE_NAME" "$test_file" + assert_success +} diff --git a/tests/test_rest_bucket.sh b/tests/test_rest_bucket.sh new file mode 100755 index 0000000..2acdb1d --- /dev/null +++ b/tests/test_rest_bucket.sh @@ -0,0 +1,104 @@ +#!/usr/bin/env bats + +# Copyright 2024 Versity Software +# This file is licensed under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http:#www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. + +load ./bats-support/load +load ./bats-assert/load + +source ./tests/commands/get_object_lock_configuration.sh +source ./tests/commands/head_bucket.sh +source ./tests/commands/list_buckets.sh +source ./tests/logger.sh +source ./tests/setup.sh +source ./tests/util/util_bucket.sh +source ./tests/util/util_list_buckets.sh +source ./tests/util/util_lock_config.sh +source ./tests/util/util_ownership.sh +source ./tests/util/util_rest.sh +source ./tests/util/util_tags.sh + +@test "REST - HeadBucket" { + run setup_bucket "s3api" "$BUCKET_ONE_NAME" + assert_success + + run head_bucket_rest "$BUCKET_ONE_NAME" + assert_success +} + +@test "REST - HeadBucket - doesn't exist" { + run head_bucket_rest "$BUCKET_ONE_NAME" + assert_failure 1 +} + +@test "REST - bucket tagging - no tags" { + run setup_bucket "s3api" "$BUCKET_ONE_NAME" + assert_success + + run verify_no_bucket_tags_rest "$BUCKET_ONE_NAME" + assert_success +} + +@test "REST - bucket tagging - tags" { + test_key="testKey" + test_value="testValue" + + run setup_bucket "s3api" "$BUCKET_ONE_NAME" + assert_success + + run add_verify_bucket_tags_rest "$BUCKET_ONE_NAME" "$test_key" "$test_value" + assert_success +} + +@test "test_rest_list_buckets" { + run setup_bucket "s3api" "$BUCKET_ONE_NAME" + assert_success + + run list_check_buckets_rest + assert_success +} + +@test "REST - get, put bucket ownership controls" { + run setup_bucket "s3api" "$BUCKET_ONE_NAME" + assert_success + + run get_and_check_ownership_controls "$BUCKET_ONE_NAME" "BucketOwnerEnforced" + assert_success + + run put_bucket_ownership_controls_rest "$BUCKET_ONE_NAME" "BucketOwnerPreferred" + assert_success + + run get_and_check_ownership_controls "$BUCKET_ONE_NAME" "BucketOwnerPreferred" + assert_success +} + +@test "test_rest_set_get_lock_config" { + run setup_bucket "s3api" "$BUCKET_ONE_NAME" + assert_success + + run check_no_object_lock_config_rest "$BUCKET_ONE_NAME" + assert_success + + run bucket_cleanup_if_bucket_exists "s3api" "$BUCKET_ONE_NAME" + assert_success + + # in static bucket config, bucket will still exist + if ! bucket_exists "rest" "$BUCKET_ONE_NAME"; then + run create_bucket_object_lock_enabled "$BUCKET_ONE_NAME" + assert_success + fi + + run check_object_lock_config_enabled_rest "$BUCKET_ONE_NAME" + assert_success +} diff --git a/tests/test_rest_chunked.sh b/tests/test_rest_chunked.sh index 467a485..ec82fd9 100755 --- a/tests/test_rest_chunked.sh +++ b/tests/test_rest_chunked.sh @@ -26,20 +26,15 @@ source ./tests/util/util_head_object.sh source ./tests/util/util_setup.sh @test "REST - chunked upload, no content length" { - if [ "$DIRECT" != "true" ]; then - skip "https://github.com/versity/versitygw/issues/1043" - fi + test_file="test-file" run setup_bucket_and_file "$BUCKET_ONE_NAME" "$test_file" assert_success - run attempt_seed_signature_without_content_length "$BUCKET_ONE_NAME" "$test_file" "$TEST_FILE_FOLDER/$test_file" + run attempt_seed_signature_without_content_length "$TEST_FILE_FOLDER/$test_file" "$BUCKET_ONE_NAME" "$test_file" assert_success } @test "REST - chunked upload, signature error" { - if [ "$DIRECT" != "true" ]; then - skip "https://github.com/versity/versitygw/issues/1123" - fi run setup_bucket "s3api" "$BUCKET_ONE_NAME" assert_success @@ -162,3 +157,68 @@ source ./tests/util/util_setup.sh run put_chunked_upload_trailer_invalid "$TEST_FILE_FOLDER/$test_file" "$BUCKET_ONE_NAME" "$test_file" assert_success } + +@test "test - REST chunked upload - sha1 trailer - invalid" { + if [ "$DIRECT" != "true" ]; then + skip "https://github.com/versity/versitygw/issues/1165" + fi + run chunked_upload_trailer_invalid_checksum "sha1" + assert_success +} + +@test "test - REST chunked upload - sha256 trailer - invalid" { + if [ "$DIRECT" != "true" ]; then + skip "https://github.com/versity/versitygw/issues/1165" + fi + run chunked_upload_trailer_invalid_checksum "sha256" + assert_success +} + +@test "test - REST chunked upload - crc32 trailer - invalid" { + if [ "$DIRECT" != "true" ]; then + skip "https://github.com/versity/versitygw/issues/1165" + fi + run chunked_upload_trailer_invalid_checksum "crc32" + assert_success +} + +@test "test - REST chunked upload - crc32c trailer - invalid" { + if [ "$DIRECT" != "true" ]; then + skip "https://github.com/versity/versitygw/issues/1165" + fi + run chunked_upload_trailer_invalid_checksum "crc32c" + assert_success +} + +@test "test - REST chunked upload - crc64nvme trailer - invalid" { + if [ "$DIRECT" != "true" ]; then + skip "https://github.com/versity/versitygw/issues/1165" + fi + run chunked_upload_trailer_invalid_checksum "crc64nvme" + assert_success +} + +@test "test - REST chunked upload - sha1 trailer - incorrect" { + run chunked_upload_trailer_incorrect_checksum "sha1" + assert_success +} + +@test "test - REST chunked upload - sha256 trailer - incorrect" { + run chunked_upload_trailer_incorrect_checksum "sha256" + assert_success +} + +@test "test - REST chunked upload - crc32 trailer - incorrect" { + run chunked_upload_trailer_incorrect_checksum "crc32" + assert_success +} + +@test "test - REST chunked upload - crc32c trailer - incorrect" { + run chunked_upload_trailer_incorrect_checksum "crc32c" + assert_success +} + +@test "test - REST chunked upload - crc64nvme trailer - incorrect" { + run chunked_upload_trailer_incorrect_checksum "crc64nvme" + assert_success +} diff --git a/tests/test_user_common.sh b/tests/test_user_common.sh index e4eca07..24d068e 100755 --- a/tests/test_user_common.sh +++ b/tests/test_user_common.sh @@ -23,10 +23,6 @@ source ./tests/util/util_users.sh source ./tests/commands/list_buckets.sh test_admin_user() { - if [[ $# -ne 1 ]]; then - fail "test admin user command requires command type" - fi - admin_username="$USERNAME_ONE" admin_password="$PASSWORD_ONE" user_username="$USERNAME_TWO" @@ -63,8 +59,6 @@ test_admin_user() { } test_create_user_already_exists() { - assert [ $# -eq 1 ] - username="$USERNAME_ONE" password="$PASSWORD_ONE" @@ -80,10 +74,6 @@ test_user_user() { skip fi - if [[ $# -ne 1 ]]; then - fail "test admin user command requires command type" - fi - username="$USERNAME_ONE" password="$PASSWORD_ONE" @@ -115,10 +105,6 @@ test_user_user() { } test_userplus_operation() { - if [[ $# -ne 1 ]]; then - fail "test admin user command requires command type" - fi - username="$USERNAME_ONE" password="$PASSWORD_ONE" diff --git a/tests/util/util_attributes.sh b/tests/util/util_attributes.sh index d909b4d..c456c99 100644 --- a/tests/util/util_attributes.sh +++ b/tests/util/util_attributes.sh @@ -87,7 +87,7 @@ add_and_check_checksum() { log 2 "'add_and_check_checksum' requires data file, key" return 1 fi - if ! result=$(COMMAND_LOG="$COMMAND_LOG" DATA_FILE="$1" BUCKET_NAME="$BUCKET_ONE_NAME" OBJECT_KEY="$2" CHECKSUM="true" OUTPUT_FILE="$TEST_FILE_FOLDER/result.txt" ./tests/rest_scripts/put_object.sh); then + if ! result=$(COMMAND_LOG="$COMMAND_LOG" DATA_FILE="$1" BUCKET_NAME="$BUCKET_ONE_NAME" OBJECT_KEY="$2" CHECKSUM_TYPE="sha256" OUTPUT_FILE="$TEST_FILE_FOLDER/result.txt" ./tests/rest_scripts/put_object.sh); then log 2 "error sending object file: $result" return 1 fi diff --git a/tests/util/util_bucket.sh b/tests/util/util_bucket.sh index 4450c84..c677575 100644 --- a/tests/util/util_bucket.sh +++ b/tests/util/util_bucket.sh @@ -278,7 +278,7 @@ setup_bucket() { # bucket creation and resets take longer to propagate in direct mode if [ "$DIRECT" == "true" ]; then - sleep 10 + sleep 15 fi if [[ $1 == "s3cmd" ]]; then diff --git a/tests/util/util_chunked_upload.sh b/tests/util/util_chunked_upload.sh index e44bb16..38bd14c 100644 --- a/tests/util/util_chunked_upload.sh +++ b/tests/util/util_chunked_upload.sh @@ -5,12 +5,18 @@ attempt_seed_signature_without_content_length() { log 2 "'attempt_seed_signature_without_content_length' requires bucket name, key, data file" return 1 fi - if ! result=$(COMMAND_LOG="$COMMAND_LOG" CONTENT_ENCODING="aws-chunked" BUCKET_NAME="$1" OBJECT_KEY="$2" DATA_FILE="$3" OUTPUT_FILE="$TEST_FILE_FOLDER/result.txt" ./tests/rest_scripts/put_object.sh); then - log 2 "error putting object: $result" + if ! result=$(COMMAND_LOG="$COMMAND_LOG" \ + AWS_ACCESS_KEY_ID="$AWS_ACCESS_KEY_ID" \ + AWS_SECRET_ACCESS_KEY="$AWS_SECRET_ACCESS_KEY" \ + AWS_ENDPOINT_URL="$AWS_ENDPOINT_URL" \ + DATA_FILE="$1" \ + BUCKET_NAME="$2" \ + OBJECT_KEY="$3" CHUNK_SIZE=8192 TEST_MODE=false COMMAND_FILE="$TEST_FILE_FOLDER/command.txt" NO_CONTENT_LENGTH="true" ./tests/rest_scripts/put_object_openssl_chunked_example.sh 2>&1); then + log 2 "error creating command: $result" return 1 fi - if [ "$result" != 411 ]; then - log 2 "expected '411', actual '$result' ($(cat "$TEST_FILE_FOLDER/result.txt"))" + if ! send_via_openssl_and_check_code "$TEST_FILE_FOLDER/command.txt" 411; then + log 2 "error in sending or checking response code" return 1 fi return 0 @@ -32,12 +38,8 @@ attempt_chunked_upload_with_bad_first_signature() { return 1 fi - host="${AWS_ENDPOINT_URL#http*://}" - if [ "$host" == "s3.amazonaws.com" ]; then - host+=":443" - fi - if ! result=$(openssl s_client -connect "$host" -ign_eof < "$TEST_FILE_FOLDER/command.txt" 2>&1); then - log 2 "error sending openssl command: $result" + if ! result=$(send_via_openssl "$TEST_FILE_FOLDER/command.txt"); then + log 2 "error sending command via openssl" return 1 fi response_code="$(echo "$result" | grep "HTTP" | awk '{print $2}')" @@ -46,7 +48,9 @@ attempt_chunked_upload_with_bad_first_signature() { log 2 "expected code '403', was '$response_code'" return 1 fi - response_data="$(echo "$result" | grep "<")" + log 5 "result: $result" + response_data="$(echo "$result" | grep "")" + response_data="${response_data/---/}" log 5 "response data: $response_data" log 5 "END" if ! check_xml_element <(echo "$response_data") "SignatureDoesNotMatch" "Error" "Code"; then @@ -72,17 +76,8 @@ chunked_upload_success() { return 1 fi - host="${AWS_ENDPOINT_URL#http*://}" - if [ "$host" == "s3.amazonaws.com" ]; then - host+=":443" - fi - if ! result=$(openssl s_client -connect "$host" -ign_eof < "$TEST_FILE_FOLDER/command.txt" 2>&1); then - log 2 "error sending openssl command: $result" - return 1 - fi - response_code="$(echo "$result" | grep "HTTP" | awk '{print $2}')" - if [ "$response_code" != "200" ]; then - log 2 "expected response '200', was '$response_code'" + if ! send_via_openssl_and_check_code "$TEST_FILE_FOLDER/command.txt" 200; then + log 2 "error sending command via openssl or checking response code" return 1 fi return 0 @@ -107,12 +102,8 @@ attempt_chunked_upload_with_bad_final_signature() { log 2 "error creating command: $result" return 1 fi - host="${AWS_ENDPOINT_URL#http*://}" - if [ "$host" == "s3.amazonaws.com" ]; then - host+=":443" - fi - if ! result=$(openssl s_client -connect "$host" -ign_eof < "$TEST_FILE_FOLDER/command.txt" 2>&1); then - log 2 "error sending openssl command: $result" + if ! result=$(send_via_openssl "$TEST_FILE_FOLDER/command.txt"); then + log 2 "error sending command via openssl" return 1 fi response_code="$(echo "$result" | grep "HTTP" | awk '{print $2}')" @@ -144,25 +135,15 @@ put_object_chunked_trailer_success() { DATA_FILE="$1" \ BUCKET_NAME="$2" \ OBJECT_KEY="$3" CHUNK_SIZE=8192 TEST_MODE=false TRAILER="x-amz-checksum-$4" TEST_FILE_FOLDER="$TEST_FILE_FOLDER" COMMAND_FILE="$TEST_FILE_FOLDER/command.txt" ./tests/rest_scripts/put_object_openssl_chunked_trailer_example.sh 2>&1); then - log 2 "error creating command: $result" - return 1 - fi + log 2 "error creating command: $result" + return 1 + fi - host="${AWS_ENDPOINT_URL#http*://}" - if [ "$host" == "s3.amazonaws.com" ]; then - host+=":443" - fi - if ! result=$(openssl s_client -connect "$host" -ign_eof < "$TEST_FILE_FOLDER/command.txt" 2>&1); then - log 2 "error sending openssl command: $result" - return 1 - fi - log 5 "result: $result" - response_code="$(echo "$result" | grep "HTTP" | awk '{print $2}')" - if [ "$response_code" != "200" ]; then - log 2 "expected response '200', was '$response_code'" - return 1 - fi - return 0 + if ! send_via_openssl_and_check_code "$TEST_FILE_FOLDER/command.txt" 200; then + log 2 "error sending command via openssl or checking response code" + return 1 + fi + return 0 } put_chunked_upload_trailer_invalid() { @@ -182,12 +163,8 @@ put_chunked_upload_trailer_invalid() { return 1 fi - host="${AWS_ENDPOINT_URL#http*://}" - if [ "$host" == "s3.amazonaws.com" ]; then - host+=":443" - fi - if ! result=$(openssl s_client -connect "$host" -ign_eof < "$TEST_FILE_FOLDER/command.txt" 2>&1); then - log 2 "error sending openssl command: $result" + if ! result=$(send_via_openssl "$TEST_FILE_FOLDER/command.txt"); then + log 2 "error sending command via openssl" return 1 fi response_code="$(echo "$result" | grep "HTTP" | awk '{print $2}')" @@ -196,8 +173,9 @@ put_chunked_upload_trailer_invalid() { return 1 fi error_data="$(echo "$result" | grep "")" - if ! check_xml_element <(echo -n "$error_data") "InvalidRequest" "Error" "Code"; then - log 2 "error checking xml element" + echo -n "$error_data" > "$TEST_FILE_FOLDER/error-data.txt" + if ! check_xml_error_contains "$TEST_FILE_FOLDER/error-data.txt" "InvalidRequest" "The value specified in the x-amz-trailer header is not supported"; then + log 2 "error checking xml error, message" return 1 fi return 0 @@ -227,3 +205,123 @@ chunked_upload_trailer_success() { fi return 0 } + +chunked_upload_trailer_invalid_checksum() { + if [ "$#" -ne 1 ]; then + log 2 "'chunked_upload_trailer_invalid_checksum' requires checksum" + return 1 + fi + if ! setup_bucket "s3api" "$BUCKET_ONE_NAME"; then + log 2 "error setting up bucket" + return 1 + fi + test_file="test-file" + if ! create_test_file "$test_file" 10000; then + log 2 "error creating test file" + return 1 + fi + # shellcheck disable=SC2097,SC2098 + if ! result=$(COMMAND_LOG="$COMMAND_LOG" \ + AWS_ACCESS_KEY_ID="$AWS_ACCESS_KEY_ID" \ + AWS_SECRET_ACCESS_KEY="$AWS_SECRET_ACCESS_KEY" \ + AWS_ENDPOINT_URL="$AWS_ENDPOINT_URL" \ + DATA_FILE="$TEST_FILE_FOLDER/$test_file" \ + BUCKET_NAME="$BUCKET_ONE_NAME" \ + OBJECT_KEY="$test_file" CHUNK_SIZE=8192 TEST_MODE=false TRAILER="x-amz-checksum-$1" CHECKSUM="a" TEST_FILE_FOLDER="$TEST_FILE_FOLDER" COMMAND_FILE="$TEST_FILE_FOLDER/command.txt" ./tests/rest_scripts/put_object_openssl_chunked_trailer_example.sh 2>&1); then + log 2 "error creating command: $result" + return 1 + fi + if ! send_via_openssl_check_code_error_contains "$TEST_FILE_FOLDER/command.txt" "400" "InvalidRequest" "Value for x-amz-checksum-$1 trailing header is invalid."; then + log 2 "error sending openssl and checking response" + return 1 + fi + return 0 +} + +chunked_upload_trailer_incorrect_checksum() { + if [ "$#" -ne 1 ]; then + log 2 "'chunked_upload_trailer_invalid_checksum' requires checksum" + return 1 + fi + if ! setup_bucket "s3api" "$BUCKET_ONE_NAME"; then + log 2 "error setting up bucket" + return 1 + fi + test_file="test-file" + if ! create_test_file "$test_file" 10000; then + log 2 "error creating test file" + return 1 + fi + if ! checksum=$(calculate_incorrect_checksum "$1" "$test_file"); then + log 2 "error calculating incorrect checksum" + return 1 + fi + # shellcheck disable=SC2097,SC2098 + if ! result=$(COMMAND_LOG="$COMMAND_LOG" \ + AWS_ACCESS_KEY_ID="$AWS_ACCESS_KEY_ID" \ + AWS_SECRET_ACCESS_KEY="$AWS_SECRET_ACCESS_KEY" \ + AWS_ENDPOINT_URL="$AWS_ENDPOINT_URL" \ + DATA_FILE="$TEST_FILE_FOLDER/$test_file" \ + BUCKET_NAME="$BUCKET_ONE_NAME" \ + OBJECT_KEY="$test_file" CHUNK_SIZE=8192 TEST_MODE=false TRAILER="x-amz-checksum-$1" CHECKSUM="$checksum" TEST_FILE_FOLDER="$TEST_FILE_FOLDER" COMMAND_FILE="$TEST_FILE_FOLDER/command.txt" ./tests/rest_scripts/put_object_openssl_chunked_trailer_example.sh 2>&1); then + log 2 "error creating command: $result" + return 1 + fi + uppercase_type="$(echo "$1" | tr '[:lower:]' '[:upper:]')" + if ! send_via_openssl_check_code_error_contains "$TEST_FILE_FOLDER/command.txt" "400" "BadDigest" "The $uppercase_type you specified did not match the calculated checksum."; then + log 2 "error sending openssl and checking response" + return 1 + fi + return 0 +} + +send_via_openssl() { + if [ "$#" -ne 1 ]; then + log 2 "'send_via_openssl' requires command file" + return 1 + fi + host="${AWS_ENDPOINT_URL#http*://}" + if [ "$host" == "s3.amazonaws.com" ]; then + host+=":443" + fi + if ! result=$(openssl s_client -connect "$host" -ign_eof < "$1" 2>&1); then + log 2 "error sending openssl command: $result" + return 1 + fi + echo "$result" +} + +send_via_openssl_and_check_code() { + if [ "$#" -ne 2 ]; then + log 2 "'send_via_openssl_and_check_code' requires command file, expected code" + return 1 + fi + if ! result=$(send_via_openssl "$1"); then + log 2 "error sending command via openssl" + return 1 + fi + response_code="$(echo "$result" | grep "HTTP/" | awk '{print $2}')" + if [ "$response_code" != "$2" ]; then + log 2 "expected '$2', actual '$response_code' (error response: '$result')" + return 1 + fi + echo "$result" +} + +send_via_openssl_check_code_error_contains() { + if [ "$#" -ne 4 ]; then + log 2 "'send_via_openssl_check_code_error_contains' requires command file, expected code, error, message" + return 1 + fi + if ! result=$(send_via_openssl_and_check_code "$1" "$2"); then + log 2 "error sending and checking code" + return 1 + fi + error_data="$(echo "$result" | grep "" | sed 's/---//')" + echo -n "$error_data" > "$TEST_FILE_FOLDER/error-data.txt" + if ! check_xml_error_contains "$TEST_FILE_FOLDER/error-data.txt" "$3" "$4"; then + log 2 "error checking xml error, message" + return 1 + fi + return 0 +} diff --git a/tests/util/util_head_object.sh b/tests/util/util_head_object.sh index a70d525..03d1bb9 100644 --- a/tests/util/util_head_object.sh +++ b/tests/util/util_head_object.sh @@ -192,3 +192,30 @@ head_object_without_and_with_checksum() { fi return 0 } + +check_default_checksum() { + if [ $# -ne 3 ]; then + log 2 "'head_object_without_checksum' requires bucket, file, local file" + return 1 + fi + if ! result=$(OUTPUT_FILE="$TEST_FILE_FOLDER/result.txt" COMMAND_LOG="$COMMAND_LOG" BUCKET_NAME="$1" OBJECT_KEY="$2" ./tests/rest_scripts/head_object.sh); then + log 2 "error getting result: $result" + return 1 + fi + if ! result=$(OUTPUT_FILE="$TEST_FILE_FOLDER/result.txt" COMMAND_LOG="$COMMAND_LOG" BUCKET_NAME="$1" OBJECT_KEY="$2" CHECKSUM="true" ./tests/rest_scripts/head_object.sh); then + log 2 "error getting result: $result" + return 1 + fi + log 5 "result: $(cat "$TEST_FILE_FOLDER/result.txt")" + head_checksum=$(grep -i "x-amz-checksum-crc64nvme" "$TEST_FILE_FOLDER/result.txt" | awk '{print $2}' | sed 's/\r$//') + log 5 "checksum: $head_checksum" + if ! checksum=$(CHECKSUM_TYPE="crc64nvme" DATA_FILE="$3" TEST_FILE_FOLDER="$TEST_FILE_FOLDER" ./tests/rest_scripts/calculate_checksum.sh); then + log 2 "error calculating local checksum: $checksum" + return 1 + fi + if [ "$head_checksum" != "$checksum" ]; then + log 2 "checksum mismatch (returned: '$head_checksum', local: '$checksum')" + return 1 + fi + return 0 +} diff --git a/tests/util/util_legal_hold.sh b/tests/util/util_legal_hold.sh index 31f504a..e381a28 100644 --- a/tests/util/util_legal_hold.sh +++ b/tests/util/util_legal_hold.sh @@ -57,3 +57,73 @@ check_legal_hold_without_lock_enabled() { fi return 0 } + +check_remove_legal_hold_versions() { + if [ $# -ne 3 ]; then + log 2 "'check_remove_legal_hold_versions' requires bucket, key, version ID" + return 1 + fi + if ! legal_hold=$(get_object_legal_hold_version_id "$1" "$2" "$3"); then + if [[ "$legal_hold" != *"MethodNotAllowed"* ]]; then + log 2 "error getting object legal hold status with version id" + return 1 + fi + return 0 + fi + log 5 "legal hold: $legal_hold" + if ! status="$(echo "$legal_hold" | grep -v "InsecureRequestWarning" | jq -r '.LegalHold.Status' 2>&1)"; then + log 2 "error getting legal hold status: $status" + return 1 + fi + if [ "$status" == "ON" ]; then + if ! put_object_legal_hold_version_id "$1" "$2" "$3" "OFF"; then + log 2 "error removing legal hold of version ID" + return 1 + fi + fi + return 0 +} + +check_legal_hold_without_payload() { + if [ $# -ne 2 ]; then + log 2 "'check_legal_hold_without_payload' requires bucket name, key" + return 1 + fi + if ! result=$(COMMAND_LOG="$COMMAND_LOG" BUCKET_NAME="$1" OBJECT_KEY="$2" OMIT_PAYLOAD="true" OUTPUT_FILE="$TEST_FILE_FOLDER/result.txt" ./tests/rest_scripts/put_object_legal_hold.sh); then + log 2 "error: $result" + return 1 + fi + if [ "$result" != "400" ]; then + log 2 "expected '400', was '$result' ($(cat "$TEST_FILE_FOLDER/result.txt"))" + return 1 + fi + if ! check_xml_error_contains "$TEST_FILE_FOLDER/result.txt" "MalformedXML" "The XML you provided"; then + log 2 "error checking xml error, message" + return 1 + fi + return 0 +} + +rest_check_legal_hold() { + if [ $# -ne 2 ]; then + log 2 "'rest_check_legal_hold' requires bucket name, key" + return 1 + fi + if ! result=$(COMMAND_LOG="$COMMAND_LOG" BUCKET_NAME="$1" OBJECT_KEY="$2" STATUS="ON" OUTPUT_FILE="$TEST_FILE_FOLDER/result.txt" ./tests/rest_scripts/put_object_legal_hold.sh); then + log 2 "error: $result" + return 1 + fi + if [ "$result" != "200" ]; then + log 2 "expected '200', was '$result' ($(cat "$TEST_FILE_FOLDER/result.txt"))" + return 1 + fi + if ! result=$(COMMAND_LOG="$COMMAND_LOG" BUCKET_NAME="$1" OBJECT_KEY="$2" OUTPUT_FILE="$TEST_FILE_FOLDER/result.txt" ./tests/rest_scripts/get_object_legal_hold.sh); then + log 2 "error: $result" + return 1 + fi + if ! check_xml_element "$TEST_FILE_FOLDER/result.txt" "ON" "LegalHold" "Status"; then + log 2 "error checking legal hold status" + return 1 + fi + return 0 +} diff --git a/tests/util/util_object.sh b/tests/util/util_object.sh index 5dcc6af..68128eb 100644 --- a/tests/util/util_object.sh +++ b/tests/util/util_object.sh @@ -336,7 +336,7 @@ put_object_rest_checksum() { check_checksum_rest_invalid() { if [ $# -ne 1 ]; then - log 2 "'put_object_rest_sha256_invalid' requires checksum type" + log 2 "'check_checksum_rest_invalid' requires checksum type" return 1 fi test_file="test_file" @@ -405,6 +405,7 @@ calculate_incorrect_checksum() { log 2 "invalid checksum type: $1" return 1 esac + echo "$incorrect_checksum" return 0 } diff --git a/tests/util/util_retention.sh b/tests/util/util_retention.sh index dec3a07..64557c5 100644 --- a/tests/util/util_retention.sh +++ b/tests/util/util_retention.sh @@ -92,3 +92,24 @@ log_worm_protection() { # shellcheck disable=SC2154 log 5 "RETENTION: $retention" } + +retention_rest_without_request_body() { + if [ $# -ne 2 ]; then + log 2 "'retention_rest_without_request_body' requires bucket name, key" + return 1 + fi + if ! result=$(COMMAND_LOG="$COMMAND_LOG" BUCKET_NAME="$1" OBJECT_KEY="$2" OMIT_PAYLOAD="true" OUTPUT_FILE="$TEST_FILE_FOLDER/result.txt" ./tests/rest_scripts/put_object_retention.sh); then + log 2 "error: $result" + return 1 + fi + if [ "$result" != "400" ]; then + log 2 "expected '400', was '$result'" + return 1 + fi + log 5 "result: $result ($(cat "$TEST_FILE_FOLDER/result.txt"))" + if ! check_xml_error_contains "$TEST_FILE_FOLDER/result.txt" "MalformedXML" "The XML you provided"; then + log 2 "error checking xml reply" + return 1 + fi + return 0 +} diff --git a/tests/util/util_setup.sh b/tests/util/util_setup.sh index 9f6b9b6..6c58e9e 100644 --- a/tests/util/util_setup.sh +++ b/tests/util/util_setup.sh @@ -77,3 +77,23 @@ setup_bucket_file_and_user() { echo "$result" return 0 } + +setup_bucket_object_lock_enabled() { + if [ $# -ne 1 ]; then + log 2 "'setup_bucket_object_lock_enabled' requires bucket name" + return 1 + fi + if ! bucket_cleanup_if_bucket_exists "s3api" "$1"; then + log 2 "error cleaning up bucket" + return 1 + fi + + # in static bucket config, bucket will still exist + if ! bucket_exists "rest" "$1"; then + if ! create_bucket_object_lock_enabled "$1"; then + log 2 "error creating bucket with object lock enabled" + return 1 + fi + fi + return 0 +} diff --git a/tests/util/util_versioning.sh b/tests/util/util_versioning.sh index 244b825..6833570 100644 --- a/tests/util/util_versioning.sh +++ b/tests/util/util_versioning.sh @@ -65,8 +65,14 @@ delete_object_version_with_or_without_retention() { log 5 "version ID: ${version_ids[$idx]}" # shellcheck disable=SC2154 if [ "$lock_config_exists" == "true" ]; then + if ! check_remove_legal_hold_versions "$1" "${version_keys[$idx]}" "${version_ids[$idx]}"; then + log 2 "error checking, removing legal hold versions" + fi + if ! put_object_legal_hold_version_id "$1" "${version_keys[$idx]}" "${version_ids[$idx]}" "OFF"; then + log 2 "error turning off object legal hold" + fi if ! delete_object_version_bypass_retention "$1" "${version_keys[$idx]}" "${version_ids[$idx]}"; then - log 2 "error deleting object version" + log 2 "error deleting object version, bypassing retention" return 1 fi else diff --git a/tests/util/util_xml.sh b/tests/util/util_xml.sh index ff837ed..77da803 100644 --- a/tests/util/util_xml.sh +++ b/tests/util/util_xml.sh @@ -1,17 +1,29 @@ #!/usr/bin/env bash +get_element_text() { + if [ $# -lt 2 ]; then + log 2 "'get_element_text' requires data source, XML tree" + return 1 + fi + local xpath='//' + for tree_val in "${@:2}"; do + xpath+='*[local-name()="'$tree_val'"]/' + done + xpath+='text()' + if ! xml_val=$(xmllint --xpath "$xpath" "$1" 2>&1); then + log 2 "error getting XML value matching $xpath: $xml_val (file data: $(cat "$1"))" + return 1 + fi + echo "$xml_val" +} + check_xml_element() { if [ $# -lt 3 ]; then log 2 "'check_xml_element' requires data source, expected value, XML tree" return 1 fi - local xpath='//' - for tree_val in "${@:3}"; do - xpath+='*[local-name()="'$tree_val'"]/' - done - xpath+='text()' - if ! xml_val=$(xmllint --xpath "$xpath" "$1" 2>&1); then - log 2 "error getting XML value matching $xpath: $xml_val" + if ! xml_val=$(get_element_text "$1" "${@:3}"); then + log 2 "error getting element text" return 1 fi if [ "$2" != "$xml_val" ]; then @@ -20,3 +32,35 @@ check_xml_element() { fi return 0 } + +check_xml_element_contains() { + if [ $# -lt 3 ]; then + log 2 "'check_xml_element_contains' requires data source, expected value, XML tree" + return 1 + fi + if ! xml_val=$(get_element_text "$1" "${@:3}"); then + log 2 "error getting element text" + return 1 + fi + if [[ "$xml_val" != *"$2"* ]]; then + log 2 "XML data mismatch, expected '$2', actual '$xml_val'" + return 1 + fi + return 0 +} + +check_xml_error_contains() { + if [ "$#" -ne 3 ]; then + log 2 "'check_xml_code_error_contains' requires data source, expected error, string" + return 1 + fi + if ! check_xml_element "$1" "$2" "Error" "Code"; then + log 2 "error checking xml error code" + return 1 + fi + if ! check_xml_element_contains "$1" "$3" "Error" "Message"; then + log 2 "error checking xml element" + return 1 + fi + return 0 +}