diff --git a/tests/rest_scripts/get_bucket_tagging.sh b/tests/rest_scripts/get_bucket_tagging.sh new file mode 100755 index 0000000..779835a --- /dev/null +++ b/tests/rest_scripts/get_bucket_tagging.sh @@ -0,0 +1,43 @@ +#!/usr/bin/env bash + +# Copyright 2024 Versity Software +# This file is licensed under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http:#www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. + +source ./tests/rest_scripts/rest.sh + +# Fields +# shellcheck disable=SC2153 +bucket_name="$BUCKET_NAME" + +current_date_time=$(date -u +"%Y%m%dT%H%M%SZ") + +canonical_request="GET +/$bucket_name +tagging= +host:$host +x-amz-content-sha256:UNSIGNED-PAYLOAD +x-amz-date:$current_date_time + +host;x-amz-content-sha256;x-amz-date +UNSIGNED-PAYLOAD" + +create_canonical_hash_sts_and_signature + +curl_command+=(curl -ks -w "\"%{http_code}\"" "$AWS_ENDPOINT_URL/$bucket_name?tagging=" +-H "\"Authorization: AWS4-HMAC-SHA256 Credential=$aws_access_key_id/$year_month_day/$aws_region/s3/aws4_request,SignedHeaders=host;x-amz-content-sha256;x-amz-date,Signature=$signature\"" +-H "\"x-amz-content-sha256: UNSIGNED-PAYLOAD\"" +-H "\"x-amz-date: $current_date_time\"" +-o "$OUTPUT_FILE") +# shellcheck disable=SC2154 +eval "${curl_command[*]}" 2>&1 \ No newline at end of file diff --git a/tests/rest_scripts/put_bucket_tagging.sh b/tests/rest_scripts/put_bucket_tagging.sh new file mode 100755 index 0000000..43ab5d5 --- /dev/null +++ b/tests/rest_scripts/put_bucket_tagging.sh @@ -0,0 +1,64 @@ +#!/usr/bin/env bash + +# Copyright 2024 Versity Software +# This file is licensed under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http:#www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. + +source ./tests/rest_scripts/rest.sh + +# Fields + +# shellcheck disable=SC2153 +bucket_name="$BUCKET_NAME" +# shellcheck disable=SC2153 +key="$TAG_KEY" +# shellcheck disable=SC2153 +value="$TAG_VALUE" + +payload=" + + + + $key + $value + + +" + +content_md5=$(echo -n "$payload" | openssl dgst -binary -md5 | openssl base64) +payload_hash="$(echo -n "$payload" | sha256sum | awk '{print $1}')" +current_date_time=$(date -u +"%Y%m%dT%H%M%SZ") + +canonical_request="PUT +/$bucket_name +tagging= +content-md5:$content_md5 +host:$host +x-amz-content-sha256:$payload_hash +x-amz-date:$current_date_time + +content-md5;host;x-amz-content-sha256;x-amz-date +$payload_hash" + +create_canonical_hash_sts_and_signature + +curl_command+=(curl -ks -w "\"%{http_code}\"" -X PUT "$AWS_ENDPOINT_URL/$bucket_name?tagging=" +-H "\"Authorization: AWS4-HMAC-SHA256 Credential=$aws_access_key_id/$year_month_day/$aws_region/s3/aws4_request,SignedHeaders=content-md5;host;x-amz-content-sha256;x-amz-date,Signature=$signature\"" +-H "\"Content-MD5: $content_md5\"" +-H "\"x-amz-content-sha256: $payload_hash\"" +-H "\"x-amz-date: $current_date_time\"" +-d "\"${payload//\"/\\\"}\"" +-o "$OUTPUT_FILE") + +# shellcheck disable=SC2154 +eval "${curl_command[*]}" 2>&1 \ No newline at end of file diff --git a/tests/test_rest.sh b/tests/test_rest.sh index 130b4c3..a9247ee 100755 --- a/tests/test_rest.sh +++ b/tests/test_rest.sh @@ -373,3 +373,25 @@ source ./tests/util_versioning.sh run add_and_check_checksum "$TEST_FILE_FOLDER/$test_file" "$test_file" assert_success } + +@test "REST - bucket tagging - no tags" { + run setup_bucket "s3api" "$BUCKET_ONE_NAME" + assert_success + + run verify_no_bucket_tags_rest "$BUCKET_ONE_NAME" + assert_success +} + +@test "REST - bucket tagging - tags" { + if [ "$DIRECT" != "true" ]; then + skip "https://github.com/versity/versitygw/issues/932" + fi + test_key="testKey" + test_value="testValue" + + run setup_bucket "s3api" "$BUCKET_ONE_NAME" + assert_success + + run add_verify_bucket_tags_rest "$BUCKET_ONE_NAME" "$test_key" "$test_value" + assert_success +} \ No newline at end of file diff --git a/tests/test_s3api.sh b/tests/test_s3api.sh index d63b8df..402c666 100755 --- a/tests/test_s3api.sh +++ b/tests/test_s3api.sh @@ -293,18 +293,11 @@ export RUN_USERS=true run setup_bucket "aws" "$BUCKET_ONE_NAME" assert_success - put_object "aws" "$TEST_FILE_FOLDER/$folder_name/$object_name" "$BUCKET_ONE_NAME" "$folder_name/$object_name" || fail "failed to add object to bucket" + run put_object "aws" "$TEST_FILE_FOLDER/$folder_name/$object_name" "$BUCKET_ONE_NAME" "$folder_name/$object_name" + assert_success - list_objects_s3api_v1 "$BUCKET_ONE_NAME" "/" - prefix=$(echo "${objects[@]}" | jq -r ".CommonPrefixes[0].Prefix" 2>&1) || fail "error getting object prefix from object list: $prefix" - [[ $prefix == "$folder_name/" ]] || fail "prefix doesn't match (expected $prefix, actual $folder_name/)" - - list_objects_s3api_v1 "$BUCKET_ONE_NAME" "#" - key=$(echo "${objects[@]}" | jq -r ".Contents[0].Key" 2>&1) || fail "error getting key from object list: $key" - [[ $key == "$folder_name/$object_name" ]] || fail "key doesn't match (expected $key, actual $folder_name/$object_name)" - - bucket_cleanup "aws" "$BUCKET_ONE_NAME" - delete_test_files $folder_name + run check_object_listing_with_prefixes "$BUCKET_ONE_NAME" "$folder_name" "$object_name" + assert_success } # ensure that lists of files greater than a size of 1000 (pagination) are returned properly diff --git a/tests/test_s3api_policy.sh b/tests/test_s3api_policy.sh index 91e793d..223e1b8 100755 --- a/tests/test_s3api_policy.sh +++ b/tests/test_s3api_policy.sh @@ -182,7 +182,8 @@ test_s3api_policy_invalid_action() { resource="arn:aws:s3:::$BUCKET_ONE_NAME/*" # shellcheck disable=SC2154 - setup_policy_with_single_statement "$TEST_FILE_FOLDER/$policy_file" "dummy" "$effect" "$principal" "$action" "$resource" + run setup_policy_with_single_statement "$TEST_FILE_FOLDER/$policy_file" "dummy" "$effect" "$principal" "$action" "$resource" + assert_success run setup_bucket "s3api" "$BUCKET_ONE_NAME" assert_success @@ -190,13 +191,8 @@ test_s3api_policy_invalid_action() { run check_for_empty_policy "s3api" "$BUCKET_ONE_NAME" assert_success - if put_bucket_policy "s3api" "$BUCKET_ONE_NAME" "$TEST_FILE_FOLDER/$policy_file"; then - fail "put succeeded despite malformed policy" - fi - # shellcheck disable=SC2154 - [[ "$put_bucket_policy_error" == *"MalformedPolicy"*"invalid action"* ]] || fail "invalid policy error: $put_bucket_policy_error" - bucket_cleanup "aws" "$BUCKET_ONE_NAME" - delete_test_files "$policy_file" + run put_and_check_for_malformed_policy "$BUCKET_ONE_NAME" "$TEST_FILE_FOLDER/$policy_file" + assert_success } test_s3api_policy_get_object_with_user() { @@ -214,30 +210,26 @@ test_s3api_policy_get_object_with_user() { action="s3:GetObject" resource="arn:aws:s3:::$BUCKET_ONE_NAME/$test_file" - setup_policy_with_single_statement "$TEST_FILE_FOLDER/$policy_file" "2012-10-17" "$effect" "$principal" "$action" "$resource" || fail "failed to set up policy" - run setup_bucket "s3api" "$BUCKET_ONE_NAME" assert_success - put_object "s3api" "$TEST_FILE_FOLDER/$test_file" "$BUCKET_ONE_NAME" "$test_file" || fail "error copying object" - - if ! check_for_empty_policy "s3api" "$BUCKET_ONE_NAME"; then - delete_bucket_policy "s3api" "$BUCKET_ONE_NAME" || fail "error deleting policy" - check_for_empty_policy "s3api" "$BUCKET_ONE_NAME" || fail "policy not empty after deletion" - fi - - setup_user "$username" "$password" "user" || fail "error creating user" - if get_object_with_user "s3api" "$BUCKET_ONE_NAME" "$test_file" "$TEST_FILE_FOLDER/$test_file-copy" "$username" "$password"; then - fail "get object with user succeeded despite lack of permissions" - fi - # shellcheck disable=SC2154 - [[ "$get_object_error" == *"Access Denied"* ]] || fail "invalid get object error: $get_object_error" - - put_bucket_policy "s3api" "$BUCKET_ONE_NAME" "$TEST_FILE_FOLDER/$policy_file" || fail "error putting policy" - run download_and_compare_file_with_user "s3api" "$TEST_FILE_FOLDER/$test_file" "$BUCKET_ONE_NAME" "$test_file" "$TEST_FILE_FOLDER/$test_file-copy" "$username" "$password" + run put_object "s3api" "$TEST_FILE_FOLDER/$test_file" "$BUCKET_ONE_NAME" "$test_file" assert_success - bucket_cleanup "aws" "$BUCKET_ONE_NAME" + run setup_user "$username" "$password" "user" + assert_success + + run verify_user_cant_get_object "s3api" "$BUCKET_ONE_NAME" "$test_file" "$TEST_FILE_FOLDER/$test_file-copy" "$username" "$password" + assert_success + + run setup_policy_with_single_statement "$TEST_FILE_FOLDER/$policy_file" "2012-10-17" "$effect" "$principal" "$action" "$resource" + assert_success + + run put_bucket_policy "s3api" "$BUCKET_ONE_NAME" "$TEST_FILE_FOLDER/$policy_file" + assert_success + + run download_and_compare_file_with_user "s3api" "$TEST_FILE_FOLDER/$test_file" "$BUCKET_ONE_NAME" "$test_file" "$TEST_FILE_FOLDER/$test_file-copy" "$username" "$password" + assert_success } test_s3api_policy_get_object_specific_file() { @@ -269,12 +261,8 @@ test_s3api_policy_get_object_specific_file() { run download_and_compare_file_with_user "s3api" "$TEST_FILE_FOLDER/$test_file" "$BUCKET_ONE_NAME" "$test_file" "$TEST_FILE_FOLDER/$test_file-copy" "$username" "$password" assert_success - if get_object_with_user "s3api" "$BUCKET_ONE_NAME" "$test_file_two" "$TEST_FILE_FOLDER/$test_file_two-copy" "$username" "$password"; then - fail "get object with user succeeded despite lack of permissions" - fi - # shellcheck disable=SC2154 - [[ "$get_object_error" == *"Access Denied"* ]] || fail "invalid get object error: $get_object_error" - bucket_cleanup "aws" "$BUCKET_ONE_NAME" + run verify_user_cant_get_object "s3api" "$BUCKET_ONE_NAME" "$test_file_two" "$TEST_FILE_FOLDER/$test_file_two-copy" "$username" "$password" + assert_success } test_s3api_policy_get_object_file_wildcard() { @@ -292,17 +280,23 @@ test_s3api_policy_get_object_file_wildcard() { action="s3:GetObject" resource="arn:aws:s3:::$BUCKET_ONE_NAME/policy_file*" - setup_user "$username" "$password" "user" || fail "error creating user account" + run setup_user "$username" "$password" "user" + assert_success run setup_bucket "s3api" "$BUCKET_ONE_NAME" assert_success - setup_policy_with_single_statement "$TEST_FILE_FOLDER/$policy_file" "dummy" "$effect" "$principal" "$action" "$resource" || fail "failed to set up policy" - put_bucket_policy "s3api" "$BUCKET_ONE_NAME" "$TEST_FILE_FOLDER/$policy_file" || fail "error putting policy" + run setup_policy_with_single_statement "$TEST_FILE_FOLDER/$policy_file" "dummy" "$effect" "$principal" "$action" "$resource" + assert_success + run put_bucket_policy "s3api" "$BUCKET_ONE_NAME" "$TEST_FILE_FOLDER/$policy_file" + assert_success - put_object "s3api" "$TEST_FILE_FOLDER/$policy_file" "$BUCKET_ONE_NAME" "$policy_file" || fail "error copying object one" - put_object "s3api" "$TEST_FILE_FOLDER/$policy_file_two" "$BUCKET_ONE_NAME" "$policy_file_two" || fail "error copying object two" - put_object "s3api" "$TEST_FILE_FOLDER/$policy_file_three" "$BUCKET_ONE_NAME" "$policy_file_three" || fail "error copying object three" + run put_object "s3api" "$TEST_FILE_FOLDER/$policy_file" "$BUCKET_ONE_NAME" "$policy_file" + assert_success + run put_object "s3api" "$TEST_FILE_FOLDER/$policy_file_two" "$BUCKET_ONE_NAME" "$policy_file_two" + assert_success + run put_object "s3api" "$TEST_FILE_FOLDER/$policy_file_three" "$BUCKET_ONE_NAME" "$policy_file_three" + assert_success run download_and_compare_file_with_user "s3api" "$TEST_FILE_FOLDER/$policy_file" "$BUCKET_ONE_NAME" "$policy_file" "$TEST_FILE_FOLDER/$policy_file-copy" "$username" "$password" assert_success @@ -310,12 +304,8 @@ test_s3api_policy_get_object_file_wildcard() { run download_and_compare_file_with_user "s3api" "$TEST_FILE_FOLDER/$policy_file_two" "$BUCKET_ONE_NAME" "$policy_file_two" "$TEST_FILE_FOLDER/$policy_file_two-copy" "$username" "$password" assert_success - if get_object_with_user "s3api" "$BUCKET_ONE_NAME" "$policy_file_three" "$TEST_FILE_FOLDER/$policy_file_three" "$username" "$password"; then - fail "get object three with user succeeded despite lack of permissions" - fi - [[ "$get_object_error" == *"Access Denied"* ]] || fail "invalid get object error: $get_object_error" - - bucket_cleanup "aws" "$BUCKET_ONE_NAME" + run verify_user_cant_get_object "s3api" "$BUCKET_ONE_NAME" "$policy_file_three" "$TEST_FILE_FOLDER/$policy_file_three" "$username" "$password" + assert_success } test_s3api_policy_get_object_folder_wildcard() { @@ -364,25 +354,25 @@ test_s3api_policy_allow_deny() { run create_test_files "$policy_file" "$test_file" assert_success - setup_user "$username" "$password" "user" || fail "error creating user" + run setup_user "$username" "$password" "user" + assert_success run setup_bucket "s3api" "$BUCKET_ONE_NAME" assert_success - setup_policy_with_double_statement "$TEST_FILE_FOLDER/$policy_file" "dummy" \ + run setup_policy_with_double_statement "$TEST_FILE_FOLDER/$policy_file" "dummy" \ "Deny" "$username" "s3:GetObject" "arn:aws:s3:::$BUCKET_ONE_NAME/$test_file" \ "Allow" "$username" "s3:GetObject" "arn:aws:s3:::$BUCKET_ONE_NAME/$test_file" + assert_success - put_bucket_policy "s3api" "$BUCKET_ONE_NAME" "$TEST_FILE_FOLDER/$policy_file" || fail "error putting policy" - put_object "s3api" "$TEST_FILE_FOLDER/$test_file" "$BUCKET_ONE_NAME" "$test_file" || fail "error copying object to bucket" + run put_bucket_policy "s3api" "$BUCKET_ONE_NAME" "$TEST_FILE_FOLDER/$policy_file" + assert_success - if get_object_with_user "s3api" "$BUCKET_ONE_NAME" "$test_file" "$TEST_FILE_FOLDER/$test_file-copy" "$username" "$password"; then - fail "able to get object despite deny statement" - fi - [[ "$get_object_error" == *"Access Denied"* ]] || fail "invalid get object error: $get_object_error" + run put_object "s3api" "$TEST_FILE_FOLDER/$test_file" "$BUCKET_ONE_NAME" "$test_file" + assert_success - bucket_cleanup "aws" "$BUCKET_ONE_NAME" - delete_test_files "$test_file" "$test_file-copy" "$policy_file" + run verify_user_cant_get_object "s3api" "$BUCKET_ONE_NAME" "$test_file" "$TEST_FILE_FOLDER/$test_file-copy" "$username" "$password" + assert_success } test_s3api_policy_deny() { @@ -409,12 +399,9 @@ test_s3api_policy_deny() { put_object "s3api" "$TEST_FILE_FOLDER/$test_file_one" "$BUCKET_ONE_NAME" "$test_file_one" || fail "error copying object one" put_object "s3api" "$TEST_FILE_FOLDER/$test_file_one" "$BUCKET_ONE_NAME" "$test_file_two" || fail "error copying object two" get_object_with_user "s3api" "$BUCKET_ONE_NAME" "$test_file_one" "$TEST_FILE_FOLDER/$test_file_one-copy" "$username" "$password" || fail "error getting object" - if get_object_with_user "s3api" "$BUCKET_ONE_NAME" "$test_file_two" "$TEST_FILE_FOLDER/$test_file_two-copy" "$username" "$password"; then - fail "able to get object despite deny statement" - fi - [[ "$get_object_error" == *"Access Denied"* ]] || fail "invalid get object error: $get_object_error" - bucket_cleanup "aws" "$BUCKET_ONE_NAME" - delete_test_files "$test_file_one" "$test_file_two" "$test_file_one-copy" "$test_file_two-copy" "$policy_file" + + run verify_user_cant_get_object "s3api" "$BUCKET_ONE_NAME" "$test_file_two" "$TEST_FILE_FOLDER/$test_file_two-copy" "$username" "$password" + assert_success } test_s3api_policy_put_wildcard() { @@ -447,13 +434,11 @@ test_s3api_policy_put_wildcard() { # shellcheck disable=SC2154 [[ "$put_object_error" == *"Access Denied"* ]] || fail "invalid put object error: $put_object_error" put_object_with_user "s3api" "$TEST_FILE_FOLDER/$test_folder/$test_file" "$BUCKET_ONE_NAME" "$test_folder/$test_file" "$username" "$password" || fail "error putting file despite policy permissions" - if get_object_with_user "s3api" "$BUCKET_ONE_NAME" "$test_folder/$test_file" "$test_folder/$test_file-copy" "$username" "$password"; then - fail "able to get object without permissions" - fi - [[ "$get_object_error" == *"Access Denied"* ]] || fail "invalid get object error: $get_object_error" + + run verify_user_cant_get_object "s3api" "$BUCKET_ONE_NAME" "$test_folder/$test_file" "$test_folder/$test_file-copy" "$username" "$password" + assert_success + download_and_compare_file "s3api" "$TEST_FILE_FOLDER/$test_folder/$test_file" "$BUCKET_ONE_NAME" "$test_folder/$test_file" "$TEST_FILE_FOLDER/$test_file-copy" || fail "files don't match" - bucket_cleanup "aws" "$BUCKET_ONE_NAME" - delete_test_files "$test_folder/$test_file" "$test_file-copy" "$policy_file" } test_s3api_policy_delete() { @@ -488,8 +473,6 @@ test_s3api_policy_delete() { # shellcheck disable=SC2154 [[ "$delete_object_error" == *"Access Denied"* ]] || fail "invalid delete object error: $delete_object_error" delete_object_with_user "s3api" "$BUCKET_ONE_NAME" "$test_file_two" "$username" "$password" || fail "error deleting object despite permissions" - bucket_cleanup "aws" "$BUCKET_ONE_NAME" - delete_test_files "$test_file_one" "$test_file_two" "$policy_file" } test_s3api_policy_get_bucket_policy() { @@ -522,8 +505,6 @@ test_s3api_policy_get_bucket_policy() { log 5 "ORIG: $(cat "$TEST_FILE_FOLDER/$policy_file")" log 5 "COPY: $(cat "$TEST_FILE_FOLDER/$policy_file-copy")" compare_files "$TEST_FILE_FOLDER/$policy_file" "$TEST_FILE_FOLDER/$policy_file-copy" || fail "policies not equal" - bucket_cleanup "aws" "$BUCKET_ONE_NAME" - delete_test_files "$policy_file" "$policy_file-copy" } test_s3api_policy_list_multipart_uploads() { @@ -567,8 +548,6 @@ test_s3api_policy_list_multipart_uploads() { log 5 "$uploads" upload_key=$(echo "$uploads" | grep -v "InsecureRequestWarning" | jq -r ".Uploads[0].Key" 2>&1) || fail "error parsing upload key from uploads message: $upload_key" [[ $upload_key == "$test_file" ]] || fail "upload key doesn't match file marked as being uploaded" - bucket_cleanup "aws" "$BUCKET_ONE_NAME" - delete_test_files "$policy_file" "$test_file" } test_s3api_policy_put_bucket_policy() { @@ -604,8 +583,6 @@ test_s3api_policy_put_bucket_policy() { log 5 "ORIG: $(cat "$TEST_FILE_FOLDER/$policy_file_two")" log 5 "COPY: $(cat "$TEST_FILE_FOLDER/$policy_file-copy")" compare_files "$TEST_FILE_FOLDER/$policy_file_two" "$TEST_FILE_FOLDER/$policy_file-copy" || fail "policies not equal" - bucket_cleanup "aws" "$BUCKET_ONE_NAME" - delete_test_files "$policy_file" "$policy_file_two" "$policy_file-copy" } test_s3api_policy_delete_bucket_policy() { @@ -632,8 +609,6 @@ test_s3api_policy_delete_bucket_policy() { setup_policy_with_single_statement "$TEST_FILE_FOLDER/$policy_file" "dummy" "$effect" "$principal" "$action" "$resource" || fail "failed to set up policy" put_bucket_policy "s3api" "$BUCKET_ONE_NAME" "$TEST_FILE_FOLDER/$policy_file" || fail "error putting policy" delete_bucket_policy_with_user "$BUCKET_ONE_NAME" "$username" "$password" || fail "unable to delete bucket policy" - bucket_cleanup "aws" "$BUCKET_ONE_NAME" - delete_test_files "$policy_file" } test_s3api_policy_get_bucket_acl() { @@ -706,9 +681,6 @@ test_s3api_policy_abort_multipart_upload() { put_bucket_policy "s3api" "$BUCKET_ONE_NAME" "$TEST_FILE_FOLDER/$policy_file" || fail "error putting policy" abort_multipart_upload_with_user "$BUCKET_ONE_NAME" "$test_file" "$upload_id" "$username" "$password" || fail "error aborting multipart upload despite permissions" - - bucket_cleanup "aws" "$BUCKET_ONE_NAME" - delete_test_files "$policy_file" "$test_file" } test_s3api_policy_two_principals() { @@ -741,9 +713,6 @@ test_s3api_policy_two_principals() { assert_success "error getting object with user $USERNAME_ONE" run get_object_with_user "s3api" "$BUCKET_ONE_NAME" "$test_file" "$TEST_FILE_FOLDER/copy_two" "$USERNAME_TWO" "$PASSWORD_TWO" assert_success "error getting object with user $USERNAME_TWO" - - delete_test_files "$test_file" "$policy_file" "$TEST_FILE_FOLDER/copy_one" "$TEST_FILE_FOLDER/copy_two" - bucket_cleanup "s3api" "$BUCKET_ONE_NAME" } test_s3api_policy_put_bucket_tagging() { @@ -767,9 +736,8 @@ test_s3api_policy_put_bucket_tagging() { run put_bucket_tagging_with_user "$BUCKET_ONE_NAME" "$tag_key" "$tag_value" "$USERNAME_ONE" "$PASSWORD_ONE" assert_success "unable to put bucket tagging despite user permissions" - get_and_check_bucket_tags "$BUCKET_ONE_NAME" "$tag_key" "$tag_value" - - bucket_cleanup "s3api" "$BUCKET_ONE_NAME" + run get_and_check_bucket_tags "$BUCKET_ONE_NAME" "$tag_key" "$tag_value" + assert_success } test_s3api_policy_put_acl() { @@ -812,8 +780,6 @@ test_s3api_policy_put_acl() { id=$(echo "$second_grantee" | jq -r ".ID" 2>&1) || fail "error getting ID: $id" [[ $id == "all-users" ]] || fail "unexpected ID: $id" fi - bucket_cleanup "aws" "$BUCKET_ONE_NAME" - delete_test_files "$policy_file" } test_s3api_policy_get_bucket_tagging() { @@ -842,11 +808,9 @@ test_s3api_policy_get_bucket_tagging() { run put_bucket_policy "s3api" "$BUCKET_ONE_NAME" "$TEST_FILE_FOLDER/$policy_file" assert_success "error putting policy" + run get_and_check_bucket_tags_with_user "$USERNAME_ONE" "$PASSWORD_ONE" "$BUCKET_ONE_NAME" "$tag_key" "$tag_value" assert_success "get and check bucket tags failed" - - bucket_cleanup "s3api" "$BUCKET_ONE_NAME" - delete_test_files "$policy_file" } test_s3api_policy_list_upload_parts() { @@ -875,7 +839,4 @@ test_s3api_policy_list_upload_parts() { run create_upload_and_test_parts_listing "$test_file" "$policy_file" assert_success "error creating upload and testing parts listing" - - bucket_cleanup "s3api" "$BUCKET_ONE_NAME" - delete_test_files "$policy_file" "$test_file" } diff --git a/tests/test_user_common.sh b/tests/test_user_common.sh index 6a0fdb9..ee7c7f2 100755 --- a/tests/test_user_common.sh +++ b/tests/test_user_common.sh @@ -70,7 +70,9 @@ test_create_user_already_exists() { username="$USERNAME_ONE" password="$PASSWORD_ONE" - setup_user "$username" "123456" "admin" || fail "error setting up user" + run setup_user "$username" "123456" "admin" + assert_success "error setting up user" + if create_user "$username" "123456" "admin"; then fail "'user already exists' error not returned" fi diff --git a/tests/util_list_objects.sh b/tests/util_list_objects.sh index abf192a..eeed367 100644 --- a/tests/util_list_objects.sh +++ b/tests/util_list_objects.sh @@ -166,3 +166,35 @@ list_objects_check_file_count() { fi return 0 } + +check_object_listing_with_prefixes() { + if [ $# -ne 3 ]; then + log 2 "'check_object_listing_with_prefixes' requires bucket name, folder name, object name" + return 1 + fi + if ! list_objects_s3api_v1 "$BUCKET_ONE_NAME" "/"; then + log 2 "error listing objects with delimiter '/'" + return 1 + fi + if ! prefix=$(echo "${objects[@]}" | jq -r ".CommonPrefixes[0].Prefix" 2>&1); then + log 2 "error getting object prefix from object list: $prefix" + return 1 + fi + if [[ $prefix != "$2/" ]]; then + log 2 "prefix doesn't match (expected $2, actual $prefix/)" + return 1 + fi + if ! list_objects_s3api_v1 "$BUCKET_ONE_NAME" "#"; then + log 2 "error listing objects with delimiter '#" + return 1 + fi + if ! key=$(echo "${objects[@]}" | jq -r ".Contents[0].Key" 2>&1); then + log 2 "error getting key from object list: $key" + return 1 + fi + if [[ $key != "$2/$3" ]]; then + log 2 "key doesn't match (expected $key, actual $2/$3)" + return 1 + fi + return 0 +} diff --git a/tests/util_policy.sh b/tests/util_policy.sh index 1823e61..d51823a 100644 --- a/tests/util_policy.sh +++ b/tests/util_policy.sh @@ -205,3 +205,20 @@ get_and_check_policy() { fi return 0 } + +put_and_check_for_malformed_policy() { + if [ $# -ne 2 ]; then + log 2 "'put_and_check_for_malformed_policy' requires bucket name, policy file" + return 1 + fi + if put_bucket_policy "s3api" "$1" "$2"; then + log 2 "put succeeded despite malformed policy" + return 1 + fi + # shellcheck disable=SC2154 + if [[ "$put_bucket_policy_error" != *"MalformedPolicy"*"invalid action"* ]]; then + log 2 "invalid policy error: $put_bucket_policy_error" + return 1 + fi + return 0 +} diff --git a/tests/util_tags.sh b/tests/util_tags.sh index 190384b..82b8633 100644 --- a/tests/util_tags.sh +++ b/tests/util_tags.sh @@ -253,3 +253,60 @@ get_and_verify_object_tags() { fi return 0 } + +verify_no_bucket_tags_rest() { + if [ $# -ne 1 ]; then + log 2 "'verify_no_bucket_tags_rest' requires bucket name" + return 1 + fi + if ! result=$(COMMAND_LOG="$COMMAND_LOG" BUCKET_NAME="$1" OUTPUT_FILE="$TEST_FILE_FOLDER/bucket_tagging.txt" ./tests/rest_scripts/get_bucket_tagging.sh); then + log 2 "error listing bucket tags: $result" + return 1 + fi + if [ "$result" != "404" ]; then + log 2 "expected response code of '404', was '$result' (error: $(cat "$TEST_FILE_FOLDER/bucket_tagging.txt"))" + return 1 + fi + return 0 +} + +add_verify_bucket_tags_rest() { + if [ $# -ne 3 ]; then + log 2 "'add_verify_bucket_tags_rest' requires bucket name, test key, test value" + return 1 + fi + if ! result=$(COMMAND_LOG="$COMMAND_LOG" BUCKET_NAME="$1" TAG_KEY="$2" TAG_VALUE="$3" OUTPUT_FILE="$TEST_FILE_FOLDER/result.txt" ./tests/rest_scripts/put_bucket_tagging.sh); then + log 2 "error putting bucket tags: $result" + return 1 + fi + if [ "$result" != "204" ]; then + log 2 "expected response code of '204', was '$result' (error: $(cat "$TEST_FILE_FOLDER/result.txt"))" + return 1 + fi + if ! result=$(COMMAND_LOG="$COMMAND_LOG" BUCKET_NAME="$BUCKET_ONE_NAME" OUTPUT_FILE="$TEST_FILE_FOLDER/bucket_tagging.txt" ./tests/rest_scripts/get_bucket_tagging.sh); then + log 2 "error listing bucket tags: $result" + return 1 + fi + if [ "$result" != "200" ]; then + log 2 "expected response code of '200', was '$result' (error: $(cat "$TEST_FILE_FOLDER/bucket_tagging.txt"))" + return 1 + fi + log 5 "tags: $(cat "$TEST_FILE_FOLDER/bucket_tagging.txt")" + if ! key=$(xmllint --xpath '//*[local-name()="Key"]/text()' "$TEST_FILE_FOLDER/bucket_tagging.txt" 2>&1); then + log 2 "error retrieving key: $key" + return 1 + fi + if [ "$key" != "$2" ]; then + log 2 "key mismatch (expected '$2', actual '$key')" + return 1 + fi + if ! value=$(xmllint --xpath '//*[local-name()="Value"]/text()' "$TEST_FILE_FOLDER/bucket_tagging.txt" 2>&1); then + log 2 "error retrieving value: $value" + return 1 + fi + if [ "$value" != "$3" ]; then + log 2 "value mismatch (expected '$3', actual '$value')" + return 1 + fi + return 0 +} diff --git a/tests/util_users.sh b/tests/util_users.sh index f9a81d1..3cf6aa8 100644 --- a/tests/util_users.sh +++ b/tests/util_users.sh @@ -399,4 +399,21 @@ get_bucket_owner() { log 3 "bucket owner for bucket '$1' not found" bucket_owner= return 0 +} + +verify_user_cant_get_object() { + if [ $# -ne 6 ]; then + log 2 "'verify_user_cant_get_object' requires client, bucket, key, save file, username, password" + return 1 + fi + if get_object_with_user "$1" "$2" "$3" "$4" "$5" "$6"; then + log 2 "get object with user succeeded despite lack of permissions" + return 1 + fi + # shellcheck disable=SC2154 + if [[ "$get_object_error" != *"Access Denied"* ]]; then + log 2 "invalid get object error: $get_object_error" + return 1 + fi + return 0 } \ No newline at end of file