mirror of
https://github.com/versity/versitygw.git
synced 2026-01-07 12:15:18 +00:00
116 lines
3.4 KiB
Bash
116 lines
3.4 KiB
Bash
#!/usr/bin/env bash
|
|
|
|
# Copyright 2024 Versity Software
|
|
# This file is licensed under the Apache License, Version 2.0
|
|
# (the "License"); you may not use this file except in compliance
|
|
# with the License. You may obtain a copy of the License at
|
|
#
|
|
# http:#www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing,
|
|
# software distributed under the License is distributed on an
|
|
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
|
# KIND, either express or implied. See the License for the
|
|
# specific language governing permissions and limitations
|
|
# under the License.
|
|
|
|
# params: bucket name
|
|
# return 0 for success, 1 for error
|
|
add_governance_bypass_policy() {
|
|
if [[ $# -ne 1 ]]; then
|
|
log 2 "'add governance bypass policy' command requires bucket name"
|
|
return 1
|
|
fi
|
|
cat <<EOF > "$TEST_FILE_FOLDER/policy-bypass-governance.txt"
|
|
{
|
|
"Version": "2012-10-17",
|
|
"Statement": [
|
|
{
|
|
"Effect": "Allow",
|
|
"Principal": "*",
|
|
"Action": "s3:BypassGovernanceRetention",
|
|
"Resource": "arn:aws:s3:::$1/*"
|
|
}
|
|
]
|
|
}
|
|
EOF
|
|
if ! put_bucket_policy "s3api" "$1" "$TEST_FILE_FOLDER/policy-bypass-governance.txt"; then
|
|
log 2 "error putting governance bypass policy"
|
|
return 1
|
|
fi
|
|
return 0
|
|
}
|
|
|
|
# params: bucket, object, possible WORM error after deletion attempt
|
|
# return 0 for success, 1 for no WORM protection, 2 for error
|
|
check_for_and_remove_worm_protection() {
|
|
if [ $# -ne 3 ]; then
|
|
log 2 "'check_for_and_remove_worm_protection' command requires bucket, object, error"
|
|
return 2
|
|
fi
|
|
|
|
if [[ $3 == *"WORM"* ]]; then
|
|
log 5 "WORM protection found"
|
|
if ! put_object_legal_hold "$1" "$2" "OFF"; then
|
|
log 2 "error removing object legal hold"
|
|
return 2
|
|
fi
|
|
sleep 1
|
|
if [[ $LOG_LEVEL_INT -ge 5 ]]; then
|
|
log_worm_protection "$1" "$2"
|
|
fi
|
|
if ! add_governance_bypass_policy "$1"; then
|
|
log 2 "error adding new governance bypass policy"
|
|
return 2
|
|
fi
|
|
if ! delete_object_bypass_retention "$1" "$2" "$AWS_ACCESS_KEY_ID" "$AWS_SECRET_ACCESS_KEY"; then
|
|
log 2 "error deleting object after legal hold removal"
|
|
return 2
|
|
fi
|
|
else
|
|
log 5 "no WORM protection found"
|
|
return 1
|
|
fi
|
|
return 0
|
|
}
|
|
|
|
# params: bucket name, object
|
|
log_worm_protection() {
|
|
if ! get_object_legal_hold "$1" "$2"; then
|
|
log 2 "error getting object legal hold status"
|
|
return
|
|
fi
|
|
# shellcheck disable=SC2154
|
|
log 5 "LEGAL HOLD: $legal_hold"
|
|
if ! get_object_retention "$1" "$2"; then
|
|
log 2 "error getting object retention"
|
|
# shellcheck disable=SC2154
|
|
if [[ $get_object_retention_error != *"NoSuchObjectLockConfiguration"* ]]; then
|
|
return
|
|
fi
|
|
fi
|
|
# shellcheck disable=SC2154
|
|
log 5 "RETENTION: $retention"
|
|
}
|
|
|
|
retention_rest_without_request_body() {
|
|
if [ $# -ne 2 ]; then
|
|
log 2 "'retention_rest_without_request_body' requires bucket name, key"
|
|
return 1
|
|
fi
|
|
if ! result=$(COMMAND_LOG="$COMMAND_LOG" BUCKET_NAME="$1" OBJECT_KEY="$2" OMIT_PAYLOAD="true" OUTPUT_FILE="$TEST_FILE_FOLDER/result.txt" ./tests/rest_scripts/put_object_retention.sh); then
|
|
log 2 "error: $result"
|
|
return 1
|
|
fi
|
|
if [ "$result" != "400" ]; then
|
|
log 2 "expected '400', was '$result'"
|
|
return 1
|
|
fi
|
|
log 5 "result: $result ($(cat "$TEST_FILE_FOLDER/result.txt"))"
|
|
if ! check_xml_error_contains "$TEST_FILE_FOLDER/result.txt" "MalformedXML" "The XML you provided"; then
|
|
log 2 "error checking xml reply"
|
|
return 1
|
|
fi
|
|
return 0
|
|
}
|