mirror of
https://github.com/versity/versitygw.git
synced 2026-01-08 12:41:10 +00:00
d05f25f277
All the integration tests used to be in a single file, which had become large, messy, and difficult to maintain. These changes split `tests.go` into multiple files, organized by logical test groups.
180 lines
5.0 KiB
Go
180 lines
5.0 KiB
Go
// Copyright 2023 Versity Software
|
|
// This file is licensed under the Apache License, Version 2.0
|
|
// (the "License"); you may not use this file except in compliance
|
|
// with the License. You may obtain a copy of the License at
|
|
//
|
|
// http://www.apache.org/licenses/LICENSE-2.0
|
|
//
|
|
// Unless required by applicable law or agreed to in writing,
|
|
// software distributed under the License is distributed on an
|
|
// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
|
// KIND, either express or implied. See the License for the
|
|
// specific language governing permissions and limitations
|
|
// under the License.
|
|
|
|
package integration
|
|
|
|
import (
|
|
"context"
|
|
"fmt"
|
|
"strings"
|
|
|
|
"github.com/aws/aws-sdk-go-v2/service/s3"
|
|
"github.com/versity/versitygw/s3err"
|
|
)
|
|
|
|
func IAM_user_access_denied(s *S3Conf) error {
|
|
testName := "IAM_user_access_denied"
|
|
runF(testName)
|
|
|
|
testuser := getUser("user")
|
|
err := createUsers(s, []user{testuser})
|
|
if err != nil {
|
|
failF("%v: %v", testName, err)
|
|
return fmt.Errorf("%v: %w", testName, err)
|
|
}
|
|
|
|
out, err := execCommand(s.getAdminCommand("-a", testuser.access, "-s", testuser.secret, "-er", s.endpoint, "delete-user", "-a", "random_access")...)
|
|
if err == nil {
|
|
failF("%v: expected cmd error", testName)
|
|
return fmt.Errorf("%v: expected cmd error", testName)
|
|
}
|
|
if !strings.Contains(string(out), s3err.GetAPIError(s3err.ErrAdminAccessDenied).Code) {
|
|
failF("%v: expected response error message to be %v, instead got %s",
|
|
testName, s3err.GetAPIError(s3err.ErrAdminAccessDenied).Error(), out)
|
|
return fmt.Errorf("%v: expected response error message to be %v, instead got %s",
|
|
testName, s3err.GetAPIError(s3err.ErrAdminAccessDenied).Error(), out)
|
|
}
|
|
|
|
passF(testName)
|
|
|
|
return nil
|
|
}
|
|
|
|
func IAM_userplus_access_denied(s *S3Conf) error {
|
|
testName := "IAM_userplus_access_denied"
|
|
runF(testName)
|
|
|
|
testuser := getUser("userplus")
|
|
err := createUsers(s, []user{testuser})
|
|
if err != nil {
|
|
failF("%v: %v", testName, err)
|
|
return fmt.Errorf("%v: %w", testName, err)
|
|
}
|
|
|
|
out, err := execCommand(s.getAdminCommand("-a", testuser.access, "-s", testuser.secret, "-er", s.endpoint, "delete-user", "-a", "random_access")...)
|
|
if err == nil {
|
|
failF("%v: expected cmd error", testName)
|
|
return fmt.Errorf("%v: expected cmd error", testName)
|
|
}
|
|
if !strings.Contains(string(out), s3err.GetAPIError(s3err.ErrAdminAccessDenied).Code) {
|
|
failF("%v: expected response error message to be %v, instead got %s",
|
|
testName, s3err.GetAPIError(s3err.ErrAdminAccessDenied).Error(), out)
|
|
return fmt.Errorf("%v: expected response error message to be %v, instead got %s",
|
|
testName, s3err.GetAPIError(s3err.ErrAdminAccessDenied).Error(), out)
|
|
}
|
|
|
|
passF(testName)
|
|
|
|
return nil
|
|
}
|
|
|
|
func IAM_userplus_CreateBucket(s *S3Conf) error {
|
|
testName := "IAM_userplus_CreateBucket"
|
|
return actionHandler(s, testName, func(s3client *s3.Client, bucket string) error {
|
|
testuser := getUser("userplus")
|
|
err := createUsers(s, []user{testuser})
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
cfg := *s
|
|
cfg.awsID = testuser.access
|
|
cfg.awsSecret = testuser.secret
|
|
|
|
bckt := getBucketName()
|
|
err = setup(&cfg, bckt)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
ctx, cancel := context.WithTimeout(context.Background(), shortTimeout)
|
|
_, err = s3client.HeadBucket(ctx, &s3.HeadBucketInput{Bucket: &bckt})
|
|
cancel()
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
err = teardown(&cfg, bckt)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
return nil
|
|
})
|
|
}
|
|
|
|
func IAM_admin_ChangeBucketOwner(s *S3Conf) error {
|
|
testName := "IAM_admin_ChangeBucketOwner"
|
|
return actionHandler(s, testName, func(s3client *s3.Client, bucket string) error {
|
|
testuser, adminuser := getUser("user"), getUser("admin")
|
|
err := createUsers(s, []user{adminuser, testuser})
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
err = changeBucketsOwner(s, []string{bucket}, testuser.access)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
ctx, cancel := context.WithTimeout(context.Background(), shortTimeout)
|
|
resp, err := s3client.GetBucketAcl(ctx, &s3.GetBucketAclInput{Bucket: &bucket})
|
|
cancel()
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
if getString(resp.Owner.ID) != testuser.access {
|
|
return fmt.Errorf("expected the bucket owner to be %v, instead got %v",
|
|
testuser.access, getString(resp.Owner.ID))
|
|
}
|
|
|
|
return nil
|
|
})
|
|
}
|
|
|
|
func IAM_ChangeBucketOwner_back_to_root(s *S3Conf) error {
|
|
testName := "IAM_ChangeBucketOwner_back_to_root"
|
|
return actionHandler(s, testName, func(s3client *s3.Client, bucket string) error {
|
|
testuser := getUser("user")
|
|
if err := createUsers(s, []user{testuser}); err != nil {
|
|
return err
|
|
}
|
|
|
|
// Change the bucket ownership to a random user
|
|
if err := changeBucketsOwner(s, []string{bucket}, testuser.access); err != nil {
|
|
return err
|
|
}
|
|
|
|
// Change the bucket ownership back to the root user
|
|
if err := changeBucketsOwner(s, []string{bucket}, s.awsID); err != nil {
|
|
return err
|
|
}
|
|
|
|
return nil
|
|
})
|
|
}
|
|
|
|
func IAM_ListBuckets(s *S3Conf) error {
|
|
testName := "IAM_ListBuckets"
|
|
return actionHandler(s, testName, func(s3client *s3.Client, bucket string) error {
|
|
err := listBuckets(s)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
return nil
|
|
})
|
|
}
|