mirrors/versitygw
1
0
Fork 0
mirror of https://github.com/versity/versitygw.git synced 2026-01-10 13:27:21 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #1225 from versity/test/direct_user_policy_bucket

Browse Source 
test: more user test updates, skip removals
This commit is contained in:
Ben McClelland
2025-04-21 11:50:12 -07:00
committed by GitHub
parent 1f8a7d11eb 1ba370421b
commit a31fd1a9c3
12 changed files with 211 additions and 131 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
.github/workflows/system.yml vendored
View File

@@ -12,66 +12,79 @@ jobs:
IAM_TYPE: folder
RUN_SET: "mc-non-file-count"
RECREATE_BUCKETS: "true"
DELETE_BUCKETS_AFTER_TEST: "true"
BACKEND: "posix"
- set: "mc, posix, file count, non-static, folder IAM"
IAM_TYPE: folder
RUN_SET: "mc-file-count"
RECREATE_BUCKETS: "true"
DELETE_BUCKETS_AFTER_TEST: "true"
BACKEND: "posix"
- set: "REST, posix, non-static, all, folder IAM"
IAM_TYPE: folder
RUN_SET: "rest"
RECREATE_BUCKETS: "true"
DELETE_BUCKETS_AFTER_TEST: "true"
BACKEND: "posix"
- set: "s3, posix, non-file count, non-static, folder IAM"
IAM_TYPE: folder
RUN_SET: "s3-non-file-count"
RECREATE_BUCKETS: "true"
DELETE_BUCKETS_AFTER_TEST: "true"
BACKEND: "posix"
- set: "s3, posix, file count, non-static, folder IAM"
IAM_TYPE: folder
RUN_SET: "s3-file-count"
RECREATE_BUCKETS: "true"
DELETE_BUCKETS_AFTER_TEST: "true"
BACKEND: "posix"
- set: "s3api, posix, bucket|object|multipart, non-static, folder IAM"
IAM_TYPE: folder
RUN_SET: "s3api-bucket,s3api-object,s3api-multipart"
RECREATE_BUCKETS: "true"
DELETE_BUCKETS_AFTER_TEST: "true"
BACKEND: "posix"
- set: "s3api, posix, policy, non-static, folder IAM"
IAM_TYPE: folder
RUN_SET: "s3api-policy"
RECREATE_BUCKETS: "true"
DELETE_BUCKETS_AFTER_TEST: "true"
BACKEND: "posix"
- set: "s3api, posix, user, non-static, s3 IAM"
IAM_TYPE: s3
RUN_SET: "s3api-user"
RECREATE_BUCKETS: "true"
DELETE_BUCKETS_AFTER_TEST: "true"
BACKEND: "posix"
- set: "s3api, posix, bucket, static, folder IAM"
IAM_TYPE: folder
RUN_SET: "s3api-bucket"
RECREATE_BUCKETS: "false"
DELETE_BUCKETS_AFTER_TEST: "false"
BACKEND: "posix"
- set: "s3api, posix, multipart, static, folder IAM"
IAM_TYPE: folder
RUN_SET: "s3api-multipart"
RECREATE_BUCKETS: "false"
DELETE_BUCKETS_AFTER_TEST: "false"
BACKEND: "posix"
- set: "s3api, posix, object, static, folder IAM"
IAM_TYPE: folder
RUN_SET: "s3api-object"
RECREATE_BUCKETS: "false"
DELETE_BUCKETS_AFTER_TEST: "false"
BACKEND: "posix"
- set: "s3api, posix, policy, static, folder IAM"
IAM_TYPE: folder
RUN_SET: "s3api-policy"
RECREATE_BUCKETS: "false"
DELETE_BUCKETS_AFTER_TEST: "false"
BACKEND: "posix"
- set: "s3api, posix, user, static, folder IAM"
IAM_TYPE: folder
RUN_SET: "s3api-user"
RECREATE_BUCKETS: "false"
DELETE_BUCKETS_AFTER_TEST: "false"
BACKEND: "posix"
# TODO fix/debug s3 gateway
#- set: "s3api, s3, multipart|object, non-static, folder IAM"
@@ -88,16 +101,19 @@ jobs:
IAM_TYPE: folder
RUN_SET: "s3cmd-file-count"
RECREATE_BUCKETS: "true"
DELETE_BUCKETS_AFTER_TEST: "true"
BACKEND: "posix"
- set: "s3cmd, posix, non-user, non-static, folder IAM"
IAM_TYPE: folder
RUN_SET: "s3cmd-non-user"
RECREATE_BUCKETS: "true"
DELETE_BUCKETS_AFTER_TEST: "true"
BACKEND: "posix"
- set: "s3cmd, posix, user, non-static, folder IAM"
IAM_TYPE: folder
RUN_SET: "s3cmd-user"
RECREATE_BUCKETS: "true"
DELETE_BUCKETS_AFTER_TEST: "true"
BACKEND: "posix"
steps:
- name: Check out code into the Go module directory
@@ -150,6 +166,7 @@ jobs:
RUN_VERSITYGW: true
BACKEND: ${{ matrix.BACKEND }}
RECREATE_BUCKETS: ${{ matrix.RECREATE_BUCKETS }}
DELETE_BUCKETS_AFTER_TEST: ${{ matrix.DELETE_BUCKETS_AFTER_TEST }}
CERT: ${{ github.workspace }}/cert.pem
KEY: ${{ github.workspace }}/versitygw.pem
LOCAL_FOLDER: /tmp/gw

3
tests/.env.docker.default
View File

@@ -25,5 +25,8 @@ USERNAME_TWO=HIJKLMN
PASSWORD_TWO=OPQRSTU
TEST_FILE_FOLDER=$PWD/versity-gwtest-files
RECREATE_BUCKETS=true
DELETE_BUCKETS_AFTER_TEST=true
REMOVE_TEST_FILE_FOLDER=true
AUTOGENERATE_USERS=true
USER_AUTOGENERATION_PREFIX=versitygw-docker-
VERSIONING_DIR=/tmp/versioning

4
tests/commands/put_bucket_policy.sh
View File

@@ -37,6 +37,10 @@ put_bucket_policy() {
export put_bucket_policy_error
return 1
fi
# direct can take some time to take effect
if [ "$DIRECT" == "true" ]; then
sleep 10
fi
return 0
}

20
tests/env.sh
View File

@@ -97,16 +97,12 @@ check_bucket_vars() {
log 1 "BUCKET_TWO_NAME missing"
exit 1
fi
if [ -z "$RECREATE_BUCKETS" ]; then
log 1 "RECREATE_BUCKETS missing"
exit 1
fi
if [ "$RECREATE_BUCKETS" != "true" ] && [ "$RECREATE_BUCKETS" != "false" ]; then
log 1 "RECREATE_BUCKETS must be 'true' or 'false'"
exit 1
fi
if [ "$RECREATE_BUCKETS" != "true" ] && [ "$RECREATE_BUCKETS" != "false" ]; then
log 1 "RECREATE_BUCKETS must be 'true' or 'false'"
if [ "$DELETE_BUCKETS_AFTER_TEST" != "true" ] && [ "$DELETE_BUCKETS_AFTER_TEST" != "false" ]; then
log 1 "DELETE_BUCKETS_AFTER_TEST must be 'true' or 'false'"
exit 1
fi
if [ "$RECREATE_BUCKETS" == "false" ] && [ "$DELETE_BUCKETS_AFTER_TEST" == "true" ]; then
@@ -238,6 +234,18 @@ check_user_vars() {
log 1 "PASSWORD_TWO missing"
exit 1
fi
if [ "$AUTOGENERATE_USERS" != "true" ] && [ "$AUTOGENERATE_USERS" != "false" ]; then
log 1 "AUTOGENERATE_USERS must be 'true' or 'false'"
return 1
fi
if [ "$AUTOGENERATE_USERS" == "true" ] && [ "$USER_AUTOGENERATION_PREFIX" == "" ]; then
log 1 "USER_AUTOGENERATION_PREFIX is required if AUTOGENERATE_USERS is 'true'"
return 1
fi
if [ "$AUTOGENERATE_USERS" == "false" ] && [ "$CREATE_STATIC_USERS_IF_NONEXISTENT" != "true" ] && [ "$CREATE_STATIC_USERS_IF_NONEXISTENT" != "false" ]; then
log 1 "If AUTOGENERATE_USERS is 'false', 'CREATE_STATIC_USERS_IF_NONEXISTENT' must be true or false"
return 1
fi
if [[ -z "$IAM_TYPE" ]]; then
export IAM_TYPE="folder"

70
tests/setup.sh
View File

@@ -106,6 +106,42 @@ delete_temp_log_if_exists() {
return 0
}
post_versity_cleanup() {
if [[ $LOG_LEVEL -ge 5 ]] || [[ -n "$TIME_LOG" ]]; then
end_time=$(date +%s)
total_time=$((end_time - start_time))
log 4 "Total test time: $total_time"
if [[ -n "$TIME_LOG" ]]; then
echo "$BATS_TEST_NAME: ${total_time}s" >> "$TIME_LOG"
fi
fi
if [[ -n "$COVERAGE_DB" ]]; then
record_result
fi
if [[ "$BATS_TEST_COMPLETED" -ne 1 ]]; then
if [[ -e "$COMMAND_LOG" ]]; then
cat "$COMMAND_LOG"
echo "**********************************************************************************"
fi
if [[ -e "$TEST_LOG_FILE.tmp" ]]; then
echo "********************************** LOG *******************************************"
cat "$TEST_LOG_FILE.tmp"
echo "**********************************************************************************"
fi
fi
if ! delete_command_log; then
log 3 "error deleting command log"
fi
if [ -e "$TEST_LOG_FILE.tmp" ]; then
if ! error=$(cat "$TEST_LOG_FILE.tmp" >> "$TEST_LOG_FILE" 2>&1); then
log 3 "error appending temp log to main log: $error"
fi
if ! delete_temp_log_if_exists; then
log 3 "error deleting temp log"
fi
fi
}
# bats teardown function
teardown() {
# shellcheck disable=SC2154
@@ -135,37 +171,5 @@ teardown() {
fi
fi
stop_versity
if [[ $LOG_LEVEL -ge 5 ]] || [[ -n "$TIME_LOG" ]]; then
end_time=$(date +%s)
total_time=$((end_time - start_time))
log 4 "Total test time: $total_time"
if [[ -n "$TIME_LOG" ]]; then
echo "$BATS_TEST_NAME: ${total_time}s" >> "$TIME_LOG"
fi
fi
if [[ -n "$COVERAGE_DB" ]]; then
record_result
fi
if [[ "$BATS_TEST_COMPLETED" -ne 1 ]]; then
if [[ -e "$COMMAND_LOG" ]]; then
cat "$COMMAND_LOG"
echo "**********************************************************************************"
fi
if [[ -e "$TEST_LOG_FILE.tmp" ]]; then
echo "********************************** LOG *******************************************"
cat "$TEST_LOG_FILE.tmp"
echo "**********************************************************************************"
fi
fi
if ! delete_command_log; then
log 3 "error deleting command log"
fi
if [ -e "$TEST_LOG_FILE.tmp" ]; then
if ! error=$(cat "$TEST_LOG_FILE.tmp" >> "$TEST_LOG_FILE" 2>&1); then
log 2 "error appending temp log to main log: $error"
fi
if ! delete_temp_log_if_exists; then
log 2 "error deleting temp log"
fi
fi
post_versity_cleanup
}

18
tests/test_common_acl.sh
View File

@@ -43,6 +43,16 @@ test_put_bucket_acl_s3cmd() {
assert_success
}
get_grantee_type_and_id() {
if [[ $DIRECT == "true" ]]; then
grantee_type="Group"
grantee_id="http://acs.amazonaws.com/groups/global/AllUsers"
else
grantee_type="CanonicalUser"
grantee_id="$username"
fi
}
test_common_put_bucket_acl() {
assert [ $# -eq 1 ]
@@ -61,13 +71,7 @@ test_common_put_bucket_acl() {
run create_test_files "$acl_file"
assert_success
if [[ $DIRECT == "true" ]]; then
grantee_type="Group"
grantee_id="http://acs.amazonaws.com/groups/global/AllUsers"
else
grantee_type="CanonicalUser"
grantee_id="$username"
fi
get_grantee_type_and_id
run setup_acl_json "$TEST_FILE_FOLDER/$acl_file" "$grantee_type" "$grantee_id" "READ" "$AWS_ACCESS_KEY_ID"
assert_success

2
tests/test_rest.sh
View File

@@ -175,7 +175,7 @@ test_file="test_file"
@test "REST - get object attributes" {
if [ "$DIRECT" != "true" ]; then
skip "https://github.com/versity/versitygw/issues/1000"
skip "https://github.com/versity/versitygw/issues/1001"
fi
run setup_bucket_and_large_file "$BUCKET_ONE_NAME" "$test_file"
assert_success

43
tests/test_s3api_object.sh
View File

@@ -236,30 +236,25 @@ export RUN_USERS=true
assert_output -p "Directory object contains data payload"
}
#@test "objects containing data can't be copied to directory objects" {
# # TODO finish test after https://github.com/versity/versitygw/issues/1021
# skip "https://github.com/versity/versitygw/issues/1021"
# test_file="a"
#
# run create_test_file "$test_file" 0
# assert_success
#
# run setup_bucket "s3api" "$BUCKET_ONE_NAME"
# assert_success
#
# run put_object "s3api" "$TEST_FILE_FOLDER/$test_file" "$BUCKET_ONE_NAME" "$test_file"
# assert_success
#
# if ! result=$(COMMAND_LOG="$COMMAND_LOG" BUCKET_NAME="$BUCKET_ONE_NAME" OBJECT_KEY="$test_file/" COPY_SOURCE="$BUCKET_ONE_NAME/$test_file" OUTPUT_FILE="$TEST_FILE_FOLDER/result.txt" ./tests/rest_scripts/copy_object.sh); then
# log 2 "error listing multipart upload parts: $result"
# return 1
# fi
# if [ "$result" != "400" ]; then
# log 2 "response code '$result': $(cat "$TEST_FILE_FOLDER/result.txt")"
# return 1
# fi
# return 0
#}
@test "objects containing data can't be copied to directory objects with same name" {
# operation is legal (though discouraged) for direct
if [ "$DIRECT" == "true" ]; then
skip
fi
test_file="a"
run create_test_file "$test_file" 0
assert_success
run setup_bucket "s3api" "$BUCKET_ONE_NAME"
assert_success
run put_object "s3api" "$TEST_FILE_FOLDER/$test_file" "$BUCKET_ONE_NAME" "$test_file"
assert_success
run attempt_copy_object_to_directory_with_same_name "$BUCKET_ONE_NAME" "$test_file" "$BUCKET_ONE_NAME/$test_file"
assert_success
}
@test "directory object - create multipart upload" {
run setup_bucket "s3api" "$BUCKET_ONE_NAME"

127
tests/test_s3api_policy_bucket.sh
View File

@@ -14,31 +14,33 @@
# specific language governing permissions and limitations
# under the License.
source ./tests/commands/put_public_access_block.sh
source ./tests/util/util_acl.sh
test_s3api_policy_delete_bucket_policy() {
policy_file="policy_file"
username=$USERNAME_ONE
password=$PASSWORD_ONE
run create_test_file "$policy_file" 0
assert_success
effect="Allow"
principal="$username"
action="s3:DeleteBucketPolicy"
resource="arn:aws:s3:::$BUCKET_ONE_NAME"
run setup_user "$username" "$password" "user"
assert_success
run setup_bucket "s3api" "$BUCKET_ONE_NAME"
assert_success
run setup_user_v2 "user" 1 "$BUCKET_ONE_NAME"
assert_success
user_id=${lines[0]}
username=${lines[1]}
password=${lines[2]}
effect="Allow"
principal="$user_id"
action="s3:DeleteBucketPolicy"
resource="arn:aws:s3:::$BUCKET_ONE_NAME"
run delete_bucket_policy_with_user "$BUCKET_ONE_NAME" "$username" "$password"
assert_failure
run setup_policy_with_single_statement "$TEST_FILE_FOLDER/$policy_file" "dummy" "$effect" "$principal" "$action" "$resource"
run setup_policy_with_single_statement "$TEST_FILE_FOLDER/$policy_file" "2012-10-17" "$effect" "$principal" "$action" "$resource"
assert_success
run put_bucket_policy "s3api" "$BUCKET_ONE_NAME" "$TEST_FILE_FOLDER/$policy_file"
@@ -56,21 +58,24 @@ test_s3api_policy_get_bucket_acl() {
run create_test_file "$policy_file" 0
assert_success
effect="Allow"
principal="$username"
action="s3:GetBucketAcl"
resource="arn:aws:s3:::$BUCKET_ONE_NAME"
run setup_user "$username" "$password" "user"
assert_success
run setup_bucket "s3api" "$BUCKET_ONE_NAME"
assert_success
run setup_user_v2 "user" 1 "$BUCKET_ONE_NAME"
assert_success
user_id=${lines[0]}
username=${lines[1]}
password=${lines[2]}
effect="Allow"
principal="$user_id"
action="s3:GetBucketAcl"
resource="arn:aws:s3:::$BUCKET_ONE_NAME"
run get_bucket_acl_with_user "$BUCKET_ONE_NAME" "$username" "$password"
assert_failure
run setup_policy_with_single_statement "$TEST_FILE_FOLDER/$policy_file" "dummy" "$effect" "$principal" "$action" "$resource"
run setup_policy_with_single_statement "$TEST_FILE_FOLDER/$policy_file" "2012-10-17" "$effect" "$principal" "$action" "$resource"
assert_success
run put_bucket_policy "s3api" "$BUCKET_ONE_NAME" "$TEST_FILE_FOLDER/$policy_file"
@@ -82,24 +87,25 @@ test_s3api_policy_get_bucket_acl() {
test_s3api_policy_get_bucket_policy() {
policy_file="policy_file"
username=$USERNAME_ONE
password=$PASSWORD_ONE
run create_test_file "$policy_file"
assert_success
effect="Allow"
principal="$username"
action="s3:GetBucketPolicy"
resource="arn:aws:s3:::$BUCKET_ONE_NAME"
run setup_user "$username" "$password" "user"
assert_success
run setup_bucket "s3api" "$BUCKET_ONE_NAME"
assert_success
run setup_policy_with_single_statement "$TEST_FILE_FOLDER/$policy_file" "dummy" "$effect" "$principal" "$action" "$resource"
run setup_user_v2 "user" 1 "$BUCKET_ONE_NAME"
assert_success
user_id=${lines[0]}
username=${lines[1]}
password=${lines[2]}
effect="Allow"
principal="$user_id"
action="s3:GetBucketPolicy"
resource="arn:aws:s3:::$BUCKET_ONE_NAME"
run setup_policy_with_single_statement "$TEST_FILE_FOLDER/$policy_file" "2012-10-17" "$effect" "$principal" "$action" "$resource"
assert_success
run get_bucket_policy_with_user "$BUCKET_ONE_NAME" "$username" "$password"
@@ -124,22 +130,25 @@ test_s3api_policy_get_bucket_tagging() {
run setup_bucket "s3api" "$BUCKET_ONE_NAME"
assert_success
run setup_user "$USERNAME_ONE" "$PASSWORD_ONE" "user"
assert_success "error creating user '$USERNAME_ONE'"
run setup_user_v2 "user" 1 "$BUCKET_ONE_NAME"
assert_success
user_id=${lines[0]}
username=${lines[1]}
password=${lines[2]}
run setup_policy_with_single_statement "$TEST_FILE_FOLDER/$policy_file" "2012-10-17" "Allow" "$USERNAME_ONE" "s3:GetBucketTagging" "arn:aws:s3:::$BUCKET_ONE_NAME"
run setup_policy_with_single_statement "$TEST_FILE_FOLDER/$policy_file" "2012-10-17" "Allow" "$user_id" "s3:GetBucketTagging" "arn:aws:s3:::$BUCKET_ONE_NAME"
assert_success "error setting up policy"
run put_bucket_tagging "s3api" "$BUCKET_ONE_NAME" "$tag_key" "$tag_value"
assert_success "unable to put bucket tagging"
run get_bucket_tagging_with_user "$USERNAME_ONE" "$PASSWORD_ONE" "$BUCKET_ONE_NAME"
run get_bucket_tagging_with_user "$username" "$password" "$BUCKET_ONE_NAME"
assert_failure
run put_bucket_policy "s3api" "$BUCKET_ONE_NAME" "$TEST_FILE_FOLDER/$policy_file"
assert_success "error putting policy"
run get_and_check_bucket_tags_with_user "$USERNAME_ONE" "$PASSWORD_ONE" "$BUCKET_ONE_NAME" "$tag_key" "$tag_value"
run get_and_check_bucket_tags_with_user "$username" "$password" "$BUCKET_ONE_NAME" "$tag_key" "$tag_value"
assert_success "get and check bucket tags failed"
}
@@ -158,10 +167,13 @@ test_s3api_policy_put_acl() {
run put_bucket_ownership_controls "$BUCKET_ONE_NAME" "BucketOwnerPreferred"
assert_success
run setup_user "$username" "$password" "user"
run setup_user_v2 "user" 1 "$BUCKET_ONE_NAME"
assert_success
user_id=${lines[0]}
username=${lines[1]}
password=${lines[2]}
run setup_policy_with_single_statement "$TEST_FILE_FOLDER/$policy_file" "2012-10-17" "Allow" "$username" "s3:PutBucketAcl" "arn:aws:s3:::$BUCKET_ONE_NAME"
run setup_policy_with_single_statement "$TEST_FILE_FOLDER/$policy_file" "2012-10-17" "Allow" "$user_id" "s3:PutBucketAcl" "arn:aws:s3:::$BUCKET_ONE_NAME"
assert_success
if [[ $DIRECT == "true" ]]; then
run put_public_access_block_enable_public_acls "$BUCKET_ONE_NAME"
@@ -181,24 +193,25 @@ test_s3api_policy_put_acl() {
test_s3api_policy_put_bucket_policy() {
policy_file="policy_file"
policy_file_two="policy_file_two"
username=$USERNAME_ONE
password=$PASSWORD_ONE
run create_test_file "$policy_file" 0
assert_success
effect="Allow"
principal="$username"
action="s3:PutBucketPolicy"
resource="arn:aws:s3:::$BUCKET_ONE_NAME"
run setup_user "$username" "$password" "user"
assert_success
run setup_bucket "s3api" "$BUCKET_ONE_NAME"
assert_success
run setup_policy_with_single_statement "$TEST_FILE_FOLDER/$policy_file" "dummy" "$effect" "$principal" "$action" "$resource"
run setup_user_v2 "user" 1 "$BUCKET_ONE_NAME"
assert_success
user_id=${lines[0]}
username=${lines[1]}
password=${lines[2]}
effect="Allow"
principal="$user_id"
action="s3:PutBucketPolicy"
resource="arn:aws:s3:::$BUCKET_ONE_NAME"
run setup_policy_with_single_statement "$TEST_FILE_FOLDER/$policy_file" "2012-10-17" "$effect" "$principal" "$action" "$resource"
assert_success
run put_bucket_policy_with_user "$BUCKET_ONE_NAME" "$TEST_FILE_FOLDER/$policy_file" "$username" "$password"
@@ -207,7 +220,7 @@ test_s3api_policy_put_bucket_policy() {
run put_bucket_policy "s3api" "$BUCKET_ONE_NAME" "$TEST_FILE_FOLDER/$policy_file"
assert_success
run setup_policy_with_single_statement "$TEST_FILE_FOLDER/$policy_file_two" "dummy" "$effect" "$principal" "s3:GetBucketPolicy" "$resource"
run setup_policy_with_single_statement "$TEST_FILE_FOLDER/$policy_file_two" "2012-10-17" "$effect" "$principal" "s3:GetBucketPolicy" "$resource"
assert_success
run put_bucket_policy_with_user "$BUCKET_ONE_NAME" "$TEST_FILE_FOLDER/$policy_file_two" "$username" "$password"
@@ -226,16 +239,20 @@ test_s3api_policy_put_bucket_tagging() {
assert_success "error creating test files"
run setup_bucket "s3api" "$BUCKET_ONE_NAME"
assert_success "error setting up bucket"
run setup_user "$USERNAME_ONE" "$PASSWORD_ONE" "user"
assert_success "error setting up user"
run setup_policy_with_single_statement "$TEST_FILE_FOLDER/$policy_file" "2012-10-17" "Allow" "$USERNAME_ONE" "s3:PutBucketTagging" "arn:aws:s3:::$BUCKET_ONE_NAME"
run setup_user_v2 "user" 1 "$BUCKET_ONE_NAME"
assert_success
user_id=${lines[0]}
username=${lines[1]}
password=${lines[2]}
run setup_policy_with_single_statement "$TEST_FILE_FOLDER/$policy_file" "2012-10-17" "Allow" "$user_id" "s3:PutBucketTagging" "arn:aws:s3:::$BUCKET_ONE_NAME"
assert_success "error setting up policy"
run put_bucket_tagging_with_user "$BUCKET_ONE_NAME" "$tag_key" "$tag_value" "$USERNAME_ONE" "$PASSWORD_ONE"
run put_bucket_tagging_with_user "$BUCKET_ONE_NAME" "$tag_key" "$tag_value" "$username" "$password"
assert_failure
run put_bucket_policy "s3api" "$BUCKET_ONE_NAME" "$TEST_FILE_FOLDER/$policy_file"
assert_success "error putting policy"
run put_bucket_tagging_with_user "$BUCKET_ONE_NAME" "$tag_key" "$tag_value" "$USERNAME_ONE" "$PASSWORD_ONE"
run put_bucket_tagging_with_user "$BUCKET_ONE_NAME" "$tag_key" "$tag_value" "$username" "$password"
assert_success "unable to put bucket tagging despite user permissions"
run get_and_check_bucket_tags "$BUCKET_ONE_NAME" "$tag_key" "$tag_value"

2
tests/util/util_attributes.sh
View File

@@ -55,7 +55,7 @@ check_attributes_after_upload() {
log 2 "unexpected parts count, expected 4, was $parts_count"
return 1
fi
return 1
return 0
}
check_attributes_invalid_param() {

19
tests/util/util_object.sh
View File

@@ -484,3 +484,22 @@ put_object_rest_check_expires_header() {
fi
return 0
}
attempt_copy_object_to_directory_with_same_name() {
if [ $# -ne 3 ]; then
log 2 "'attempt_copy_object_to_directory_with_same_name' requires bucket name, key name, copy source"
return 1
fi
if ! result=$(COMMAND_LOG="$COMMAND_LOG" BUCKET_NAME="$1" OBJECT_KEY="$2/" COPY_SOURCE="$3" OUTPUT_FILE="$TEST_FILE_FOLDER/result.txt" ./tests/rest_scripts/copy_object.sh); then
log 2 "error copying object: $result"
return 1
fi
if [ "$result" != "409" ]; then
log 2 "expected '409', was '$result'"
return 1
fi
if ! check_xml_error_contains "$TEST_FILE_FOLDER/result.txt" "ObjectParentIsFile" "Object parent already exists as a file"; then
log 2 "error checking XML"
return 1
fi
}

17
tests/util/util_policy.sh
View File

@@ -288,15 +288,24 @@ get_and_compare_policy_with_file() {
log 2 "'get_and_compare_policies' requires bucket, username, password, filename"
return 1
fi
# shellcheck disable=SC2002
if ! sorted_original=$(cat "$4" | jq -S 2>&1); then
log 2 "error sorting original policy: $sorted_original"
return 1
fi
log 5 "after sort: $sorted_original"
if ! get_bucket_policy_with_user "$1" "$2" "$3"; then
log 2 "error getting bucket policy"
return 1
fi
# shellcheck disable=SC2154
echo -n "$bucket_policy" > "$4-copy"
log 5 "ORIG: $(cat "$4")"
log 5 "COPY: $(cat "$4-copy")"
if ! compare_files "$4" "$4-copy"; then
if ! sorted_copy=$(echo -n "$bucket_policy" | jq -S 2>&1); then
log 2 "error sorting copy: $sorted_copy"
return 1
fi
log 5 "ORIG: $sorted_original"
log 5 "COPY: $sorted_copy"
if ! compare_files <(echo -n "$sorted_original") <(echo -n "$sorted_copy"); then
log 2 "policies not equal"
return 1
fi