// Copyright 2023 Versity Software // This file is licensed under the Apache License, Version 2.0 // (the "License"); you may not use this file except in compliance // with the License. You may obtain a copy of the License at // // http://www.apache.org/licenses/LICENSE-2.0 // // Unless required by applicable law or agreed to in writing, // software distributed under the License is distributed on an // "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY // KIND, either express or implied. See the License for the // specific language governing permissions and limitations // under the License. package integration import ( "context" "fmt" "time" "github.com/aws/aws-sdk-go-v2/service/s3" "github.com/aws/aws-sdk-go-v2/service/s3/types" "github.com/versity/versitygw/s3err" ) func PutObjectRetention_non_existing_bucket(s *S3Conf) error { testName := "PutObjectRetention_non_existing_bucket" return actionHandler(s, testName, func(s3client *s3.Client, bucket string) error { ctx, cancel := context.WithTimeout(context.Background(), shortTimeout) _, err := s3client.PutObjectRetention(ctx, &s3.PutObjectRetentionInput{ Bucket: getPtr(getBucketName()), Key: getPtr("my-obj"), }) cancel() if err := checkApiErr(err, s3err.GetAPIError(s3err.ErrNoSuchBucket)); err != nil { return err } return nil }) } func PutObjectRetention_non_existing_object(s *S3Conf) error { testName := "PutObjectRetention_non_existing_object" return actionHandler(s, testName, func(s3client *s3.Client, bucket string) error { date := time.Now().Add(time.Hour * 3) ctx, cancel := context.WithTimeout(context.Background(), shortTimeout) _, err := s3client.PutObjectRetention(ctx, &s3.PutObjectRetentionInput{ Bucket: &bucket, Key: getPtr("my-obj"), Retention: &types.ObjectLockRetention{ Mode: types.ObjectLockRetentionModeCompliance, RetainUntilDate: &date, }, }) cancel() if err := checkApiErr(err, s3err.GetAPIError(s3err.ErrNoSuchKey)); err != nil { return err } return nil }, withLock()) } func PutObjectRetention_unset_bucket_object_lock_config(s *S3Conf) error { testName := "PutObjectRetention_unset_bucket_object_lock_config" return actionHandler(s, testName, func(s3client *s3.Client, bucket string) error { date := time.Now().Add(time.Hour * 3) key := "my-obj" _, err := putObjects(s3client, []string{key}, bucket) if err != nil { return err } ctx, cancel := context.WithTimeout(context.Background(), shortTimeout) _, err = s3client.PutObjectRetention(ctx, &s3.PutObjectRetentionInput{ Bucket: &bucket, Key: &key, Retention: &types.ObjectLockRetention{ Mode: types.ObjectLockRetentionModeCompliance, RetainUntilDate: &date, }, }) cancel() if err := checkApiErr(err, s3err.GetAPIError(s3err.ErrInvalidBucketObjectLockConfiguration)); err != nil { return err } return nil }) } func PutObjectRetention_expired_retain_until_date(s *S3Conf) error { testName := "PutObjectRetention_expired_retain_until_date" return actionHandler(s, testName, func(s3client *s3.Client, bucket string) error { date := time.Now().Add(-time.Hour * 3) ctx, cancel := context.WithTimeout(context.Background(), shortTimeout) _, err := s3client.PutObjectRetention(ctx, &s3.PutObjectRetentionInput{ Bucket: &bucket, Key: getPtr("my-obj"), Retention: &types.ObjectLockRetention{ Mode: types.ObjectLockRetentionModeCompliance, RetainUntilDate: &date, }, }) cancel() if err := checkApiErr(err, s3err.GetAPIError(s3err.ErrPastObjectLockRetainDate)); err != nil { return err } return nil }, withLock()) } func PutObjectRetention_invalid_mode(s *S3Conf) error { testName := "PutObjectRetention_invalid_mode" return actionHandler(s, testName, func(s3client *s3.Client, bucket string) error { date := time.Now().Add(time.Hour * 3) ctx, cancel := context.WithTimeout(context.Background(), shortTimeout) _, err := s3client.PutObjectRetention(ctx, &s3.PutObjectRetentionInput{ Bucket: &bucket, Key: getPtr("my-obj"), Retention: &types.ObjectLockRetention{ Mode: types.ObjectLockRetentionMode("invalid_mode"), RetainUntilDate: &date, }, }) cancel() if err := checkApiErr(err, s3err.GetAPIError(s3err.ErrMalformedXML)); err != nil { return err } return nil }, withLock()) } func PutObjectRetention_overwrite_compliance_mode(s *S3Conf) error { testName := "PutObjectRetention_overwrite_compliance_mode" return actionHandler(s, testName, func(s3client *s3.Client, bucket string) error { date := time.Now().Add(time.Hour * 3) obj := "my-obj" _, err := putObjects(s3client, []string{obj}, bucket) if err != nil { return err } ctx, cancel := context.WithTimeout(context.Background(), shortTimeout) _, err = s3client.PutObjectRetention(ctx, &s3.PutObjectRetentionInput{ Bucket: &bucket, Key: &obj, Retention: &types.ObjectLockRetention{ Mode: types.ObjectLockRetentionModeCompliance, RetainUntilDate: &date, }, }) cancel() if err != nil { return err } ctx, cancel = context.WithTimeout(context.Background(), shortTimeout) _, err = s3client.PutObjectRetention(ctx, &s3.PutObjectRetentionInput{ Bucket: &bucket, Key: &obj, Retention: &types.ObjectLockRetention{ Mode: types.ObjectLockRetentionModeGovernance, RetainUntilDate: &date, }, }) cancel() if err := checkApiErr(err, s3err.GetAPIError(s3err.ErrObjectLocked)); err != nil { return err } return cleanupLockedObjects(s3client, bucket, []objToDelete{{key: obj, isCompliance: true}}) }, withLock()) } func PutObjectRetention_overwrite_compliance_with_compliance(s *S3Conf) error { testName := "PutObjectRetention_overwrite_compliance_with_compliance" return actionHandler(s, testName, func(s3client *s3.Client, bucket string) error { date := time.Now().Add(time.Hour * 200) obj := "my-obj" _, err := putObjects(s3client, []string{obj}, bucket) if err != nil { return err } ctx, cancel := context.WithTimeout(context.Background(), shortTimeout) _, err = s3client.PutObjectRetention(ctx, &s3.PutObjectRetentionInput{ Bucket: &bucket, Key: &obj, Retention: &types.ObjectLockRetention{ Mode: types.ObjectLockRetentionModeCompliance, RetainUntilDate: &date, }, }) cancel() if err != nil { return err } newDate := date.AddDate(2, 0, 0) ctx, cancel = context.WithTimeout(context.Background(), shortTimeout) _, err = s3client.PutObjectRetention(ctx, &s3.PutObjectRetentionInput{ Bucket: &bucket, Key: &obj, Retention: &types.ObjectLockRetention{ Mode: types.ObjectLockRetentionModeCompliance, RetainUntilDate: &newDate, }, }) cancel() if err != nil { return err } return cleanupLockedObjects(s3client, bucket, []objToDelete{{key: obj, isCompliance: true}}) }, withLock()) } func PutObjectRetention_overwrite_governance_with_governance(s *S3Conf) error { testName := "PutObjectRetention_overwrite_governance_with_governance" return actionHandler(s, testName, func(s3client *s3.Client, bucket string) error { date := time.Now().Add(time.Hour * 200) obj := "my-obj" _, err := putObjects(s3client, []string{obj}, bucket) if err != nil { return err } ctx, cancel := context.WithTimeout(context.Background(), shortTimeout) _, err = s3client.PutObjectRetention(ctx, &s3.PutObjectRetentionInput{ Bucket: &bucket, Key: &obj, Retention: &types.ObjectLockRetention{ Mode: types.ObjectLockRetentionModeGovernance, RetainUntilDate: &date, }, }) cancel() if err != nil { return err } newDate := date.AddDate(2, 0, 0) ctx, cancel = context.WithTimeout(context.Background(), shortTimeout) _, err = s3client.PutObjectRetention(ctx, &s3.PutObjectRetentionInput{ Bucket: &bucket, Key: &obj, Retention: &types.ObjectLockRetention{ Mode: types.ObjectLockRetentionModeGovernance, RetainUntilDate: &newDate, }, }) cancel() if err != nil { return err } return cleanupLockedObjects(s3client, bucket, []objToDelete{{key: obj}}) }, withLock()) } func PutObjectRetention_overwrite_governance_without_bypass_specified(s *S3Conf) error { testName := "PutObjectRetention_overwrite_governance_without_bypass_specified" return actionHandler(s, testName, func(s3client *s3.Client, bucket string) error { date := time.Now().Add(time.Hour * 3) obj := "my-obj" _, err := putObjects(s3client, []string{obj}, bucket) if err != nil { return err } ctx, cancel := context.WithTimeout(context.Background(), shortTimeout) _, err = s3client.PutObjectRetention(ctx, &s3.PutObjectRetentionInput{ Bucket: &bucket, Key: &obj, Retention: &types.ObjectLockRetention{ Mode: types.ObjectLockRetentionModeGovernance, RetainUntilDate: &date, }, }) cancel() if err != nil { return err } ctx, cancel = context.WithTimeout(context.Background(), shortTimeout) _, err = s3client.PutObjectRetention(ctx, &s3.PutObjectRetentionInput{ Bucket: &bucket, Key: &obj, Retention: &types.ObjectLockRetention{ Mode: types.ObjectLockRetentionModeCompliance, RetainUntilDate: &date, }, }) cancel() if err := checkApiErr(err, s3err.GetAPIError(s3err.ErrObjectLocked)); err != nil { return err } return cleanupLockedObjects(s3client, bucket, []objToDelete{{key: obj}}) }, withLock()) } func PutObjectRetention_overwrite_governance_with_permission(s *S3Conf) error { testName := "PutObjectRetention_overwrite_governance_with_permission" return actionHandler(s, testName, func(s3client *s3.Client, bucket string) error { date := time.Now().Add(time.Hour * 3) obj := "my-obj" _, err := putObjects(s3client, []string{obj}, bucket) if err != nil { return err } ctx, cancel := context.WithTimeout(context.Background(), shortTimeout) _, err = s3client.PutObjectRetention(ctx, &s3.PutObjectRetentionInput{ Bucket: &bucket, Key: &obj, Retention: &types.ObjectLockRetention{ Mode: types.ObjectLockRetentionModeGovernance, RetainUntilDate: &date, }, }) cancel() if err != nil { return err } policy := genPolicyDoc("Allow", `"*"`, `["s3:BypassGovernanceRetention"]`, fmt.Sprintf(`"arn:aws:s3:::%v/*"`, bucket)) bypass := true ctx, cancel = context.WithTimeout(context.Background(), shortTimeout) _, err = s3client.PutBucketPolicy(ctx, &s3.PutBucketPolicyInput{ Bucket: &bucket, Policy: &policy, }) cancel() if err != nil { return err } ctx, cancel = context.WithTimeout(context.Background(), shortTimeout) _, err = s3client.PutObjectRetention(ctx, &s3.PutObjectRetentionInput{ Bucket: &bucket, Key: &obj, Retention: &types.ObjectLockRetention{ Mode: types.ObjectLockRetentionModeCompliance, RetainUntilDate: &date, }, BypassGovernanceRetention: &bypass, }) cancel() if err != nil { return err } return cleanupLockedObjects(s3client, bucket, []objToDelete{{key: obj, isCompliance: true}}) }, withLock()) } func PutObjectRetention_success(s *S3Conf) error { testName := "PutObjectRetention_success" return actionHandler(s, testName, func(s3client *s3.Client, bucket string) error { date := time.Now().Add(time.Hour * 3) key := "my-obj" _, err := putObjects(s3client, []string{key}, bucket) if err != nil { return err } ctx, cancel := context.WithTimeout(context.Background(), shortTimeout) _, err = s3client.PutObjectRetention(ctx, &s3.PutObjectRetentionInput{ Bucket: &bucket, Key: &key, Retention: &types.ObjectLockRetention{ Mode: types.ObjectLockRetentionModeCompliance, RetainUntilDate: &date, }, }) cancel() if err != nil { return err } return cleanupLockedObjects(s3client, bucket, []objToDelete{{key: key, isCompliance: true}}) }, withLock()) }