// Copyright 2023 Versity Software // This file is licensed under the Apache License, Version 2.0 // (the "License"); you may not use this file except in compliance // with the License. You may obtain a copy of the License at // // http://www.apache.org/licenses/LICENSE-2.0 // // Unless required by applicable law or agreed to in writing, // software distributed under the License is distributed on an // "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY // KIND, either express or implied. See the License for the // specific language governing permissions and limitations // under the License. package integration import ( "context" "fmt" "github.com/aws/aws-sdk-go-v2/service/s3" "github.com/aws/aws-sdk-go-v2/service/s3/types" "github.com/versity/versitygw/s3err" ) func GetBucketAcl_non_existing_bucket(s *S3Conf) error { testName := "GetBucketAcl_non_existing_bucket" return actionHandler(s, testName, func(s3client *s3.Client, bucket string) error { ctx, cancel := context.WithTimeout(context.Background(), shortTimeout) _, err := s3client.GetBucketAcl(ctx, &s3.GetBucketAclInput{ Bucket: getPtr(getBucketName()), }) cancel() if err := checkApiErr(err, s3err.GetAPIError(s3err.ErrNoSuchBucket)); err != nil { return err } return nil }) } func GetBucketAcl_translation_canned_public_read(s *S3Conf) error { testName := "GetBucketAcl_translation_canned_public_read" return actionHandler(s, testName, func(s3client *s3.Client, bucket string) error { grants := []types.Grant{ { Grantee: &types.Grantee{ ID: &s.awsID, Type: types.TypeCanonicalUser, }, Permission: types.PermissionFullControl, }, { Grantee: &types.Grantee{ ID: getPtr("all-users"), Type: types.TypeGroup, }, Permission: types.PermissionRead, }, } ctx, cancel := context.WithTimeout(context.Background(), shortTimeout) _, err := s3client.PutBucketAcl(ctx, &s3.PutBucketAclInput{ Bucket: &bucket, ACL: types.BucketCannedACLPublicRead, }) cancel() if err != nil { return err } ctx, cancel = context.WithTimeout(context.Background(), shortTimeout) out, err := s3client.GetBucketAcl(ctx, &s3.GetBucketAclInput{ Bucket: &bucket, }) cancel() if err != nil { return err } if ok := compareGrants(out.Grants, grants); !ok { return fmt.Errorf("expected grants to be %v, instead got %v", grants, out.Grants) } if getString(out.Owner.ID) != s.awsID { return fmt.Errorf("expected bucket owner to be %v, instead got %v", s.awsID, getString(out.Owner.ID)) } return nil }, withOwnership(types.ObjectOwnershipBucketOwnerPreferred)) } func GetBucketAcl_translation_canned_public_read_write(s *S3Conf) error { testName := "GetBucketAcl_translation_canned_public_read_write" return actionHandler(s, testName, func(s3client *s3.Client, bucket string) error { grants := []types.Grant{ { Grantee: &types.Grantee{ ID: &s.awsID, Type: types.TypeCanonicalUser, }, Permission: types.PermissionFullControl, }, { Grantee: &types.Grantee{ ID: getPtr("all-users"), Type: types.TypeGroup, }, Permission: types.PermissionRead, }, { Grantee: &types.Grantee{ ID: getPtr("all-users"), Type: types.TypeGroup, }, Permission: types.PermissionWrite, }, } ctx, cancel := context.WithTimeout(context.Background(), shortTimeout) _, err := s3client.PutBucketAcl(ctx, &s3.PutBucketAclInput{ Bucket: &bucket, ACL: types.BucketCannedACLPublicReadWrite, }) cancel() if err != nil { return err } ctx, cancel = context.WithTimeout(context.Background(), shortTimeout) out, err := s3client.GetBucketAcl(ctx, &s3.GetBucketAclInput{ Bucket: &bucket, }) cancel() if err != nil { return err } if ok := compareGrants(out.Grants, grants); !ok { return fmt.Errorf("expected grants to be %v, instead got %v", grants, out.Grants) } if getString(out.Owner.ID) != s.awsID { return fmt.Errorf("expected bucket owner to be %v, instead got %v", s.awsID, getString(out.Owner.ID)) } return nil }, withOwnership(types.ObjectOwnershipBucketOwnerPreferred)) } func GetBucketAcl_translation_canned_private(s *S3Conf) error { testName := "GetBucketAcl_translation_canned_private" return actionHandler(s, testName, func(s3client *s3.Client, bucket string) error { grants := []types.Grant{ { Grantee: &types.Grantee{ ID: &s.awsID, Type: types.TypeCanonicalUser, }, Permission: types.PermissionFullControl, }, } ctx, cancel := context.WithTimeout(context.Background(), shortTimeout) _, err := s3client.PutBucketAcl(ctx, &s3.PutBucketAclInput{ Bucket: &bucket, ACL: types.BucketCannedACLPrivate, }) cancel() if err != nil { return err } ctx, cancel = context.WithTimeout(context.Background(), shortTimeout) out, err := s3client.GetBucketAcl(ctx, &s3.GetBucketAclInput{ Bucket: &bucket, }) cancel() if err != nil { return err } if ok := compareGrants(out.Grants, grants); !ok { return fmt.Errorf("expected grants to be %v, instead got %v", grants, out.Grants) } if getString(out.Owner.ID) != s.awsID { return fmt.Errorf("expected bucket owner to be %v, instead got %v", s.awsID, getString(out.Owner.ID)) } return nil }, withOwnership(types.ObjectOwnershipBucketOwnerPreferred)) } func GetBucketAcl_access_denied(s *S3Conf) error { testName := "GetBucketAcl_access_denied" return actionHandler(s, testName, func(s3client *s3.Client, bucket string) error { testuser := getUser("user") err := createUsers(s, []user{testuser}) if err != nil { return err } userClient := s.getUserClient(testuser) ctx, cancel := context.WithTimeout(context.Background(), shortTimeout) _, err = userClient.GetBucketAcl(ctx, &s3.GetBucketAclInput{ Bucket: &bucket, }) cancel() if err := checkApiErr(err, s3err.GetAPIError(s3err.ErrAccessDenied)); err != nil { return err } return nil }) } func GetBucketAcl_success(s *S3Conf) error { testName := "GetBucketAcl_success" return actionHandler(s, testName, func(s3client *s3.Client, bucket string) error { testuser1, testuser2, testuser3 := getUser("user"), getUser("user"), getUser("user") err := createUsers(s, []user{testuser1, testuser2, testuser3}) if err != nil { return err } grants := []types.Grant{ { Grantee: &types.Grantee{ ID: &testuser1.access, Type: types.TypeCanonicalUser, }, Permission: types.PermissionFullControl, }, { Grantee: &types.Grantee{ ID: &testuser2.access, Type: types.TypeCanonicalUser, }, Permission: types.PermissionReadAcp, }, { Grantee: &types.Grantee{ ID: &testuser3.access, Type: types.TypeCanonicalUser, }, Permission: types.PermissionWrite, }, } ctx, cancel := context.WithTimeout(context.Background(), shortTimeout) _, err = s3client.PutBucketAcl(ctx, &s3.PutBucketAclInput{ Bucket: &bucket, AccessControlPolicy: &types.AccessControlPolicy{ Grants: grants, Owner: &types.Owner{ ID: &s.awsID, }, }, }) cancel() if err != nil { return err } ctx, cancel = context.WithTimeout(context.Background(), shortTimeout) out, err := s3client.GetBucketAcl(ctx, &s3.GetBucketAclInput{ Bucket: &bucket, }) cancel() if err != nil { return err } grants = append([]types.Grant{ { Grantee: &types.Grantee{ ID: &s.awsID, Type: types.TypeCanonicalUser, }, Permission: types.PermissionFullControl, }, }, grants...) if ok := compareGrants(out.Grants, grants); !ok { return fmt.Errorf("expected grants to be %v, instead got %v", grants, out.Grants) } if getString(out.Owner.ID) != s.awsID { return fmt.Errorf("expected bucket owner to be %v, instead got %v", s.awsID, getString(out.Owner.ID)) } return nil }, withOwnership(types.ObjectOwnershipBucketOwnerPreferred)) }