mirror of
https://github.com/versity/versitygw.git
synced 2026-04-23 06:00:30 +00:00
5c918f3682
The logic to return a `NotImplemented` error on object upload operations, when any ACL header is present has been removed. Now all object ACL headers are by default ignored. The `-noacl` flag is preserved to disabled bucket ACLs. **Testing** The Put/Get object ACL tests are moved to `NotImplemented` integration tests group as a default gateway behavior. The existing `_acl_not_supported` tests are modified to expect no error, when ACLs are used on object uploads.
94 lines
2.8 KiB
Go
94 lines
2.8 KiB
Go
// Copyright 2026 Versity Software
|
|
// This file is licensed under the Apache License, Version 2.0
|
|
// (the "License"); you may not use this file except in compliance
|
|
// with the License. You may obtain a copy of the License at
|
|
//
|
|
// http://www.apache.org/licenses/LICENSE-2.0
|
|
//
|
|
// Unless required by applicable law or agreed to in writing,
|
|
// software distributed under the License is distributed on an
|
|
// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
|
// KIND, either express or implied. See the License for the
|
|
// specific language governing permissions and limitations
|
|
// under the License.
|
|
|
|
package integration
|
|
|
|
import (
|
|
"context"
|
|
"fmt"
|
|
|
|
"github.com/aws/aws-sdk-go-v2/service/s3"
|
|
"github.com/aws/aws-sdk-go-v2/service/s3/types"
|
|
"github.com/versity/versitygw/s3err"
|
|
)
|
|
|
|
func NoAclMode_CreateBucket_with_acl(s *S3Conf) error {
|
|
testName := "NoAclMode_CreateBucket_with_acl"
|
|
return actionHandlerNoSetup(s, testName, func(s3client *s3.Client, bucket string) error {
|
|
u := getUser("user")
|
|
err := createUsers(s, []user{u})
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
ctx, cancel := context.WithTimeout(context.Background(), shortTimeout)
|
|
_, err = s3client.CreateBucket(ctx, &s3.CreateBucketInput{
|
|
Bucket: &bucket,
|
|
ACL: types.BucketCannedACLPublicReadWrite,
|
|
GrantFullControl: &u.access,
|
|
GrantRead: &u.access,
|
|
GrantReadACP: &u.access,
|
|
GrantWrite: &u.access,
|
|
GrantWriteACP: &u.access,
|
|
})
|
|
cancel()
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
ctx, cancel = context.WithTimeout(context.Background(), shortTimeout)
|
|
out, err := s3client.GetBucketAcl(ctx, &s3.GetBucketAclInput{
|
|
Bucket: &bucket,
|
|
})
|
|
cancel()
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
if getString(out.Owner.ID) != s.awsID {
|
|
return fmt.Errorf("expected bucket owner to be %v, instead got %v",
|
|
s.awsID, getString(out.Owner.ID))
|
|
}
|
|
if len(out.Grants) != 1 {
|
|
return fmt.Errorf("expected grants length to be 1, instead got %v",
|
|
len(out.Grants))
|
|
}
|
|
grt := out.Grants[0]
|
|
if grt.Permission != types.PermissionFullControl {
|
|
return fmt.Errorf("expected the grantee to have full-control permission, instead got %v",
|
|
grt.Permission)
|
|
}
|
|
if getString(grt.Grantee.ID) != s.awsID {
|
|
return fmt.Errorf("expected the grantee id to be %v, instead got %v",
|
|
s.awsID, getString(grt.Grantee.ID))
|
|
}
|
|
|
|
return teardown(s, bucket)
|
|
})
|
|
}
|
|
|
|
func NoAclMode_PutBucketAcl(s *S3Conf) error {
|
|
testName := "NoAclMode_PutBucketAcl"
|
|
return actionHandler(s, testName, func(s3client *s3.Client, bucket string) error {
|
|
ctx, cancel := context.WithTimeout(context.Background(), shortTimeout)
|
|
_, err := s3client.PutBucketAcl(ctx, &s3.PutBucketAclInput{
|
|
Bucket: &bucket,
|
|
ACL: types.BucketCannedACLPrivate,
|
|
})
|
|
cancel()
|
|
|
|
return checkApiErr(err, s3err.GetAPIError(s3err.ErrACLsDisabled))
|
|
})
|
|
}
|