* fixed ACL tests with IAM user to use bucket owner instead of constructing a CanonicalUser based on the access key

* enhanced bucket cleanup for unit tests to detect if object lock is enabled on the bucket and 1) disable legal hold on all versions to delete, 2) set bypass-governance on all delete calls
* ignored testSingleMultipartUploadWithRetention() and testCopyObjectWithLegalHoldON() in encryption client tests, because those operations are not supported in the encryption client

Author: Stu Arnett

src/test/java/com/emc/object/s3/AbstractS3ClientTest.java

@@ -29,12 +29,12 @@
 import com.emc.object.AbstractClientTest;
 import com.emc.object.ObjectConfig;
 import com.emc.object.Protocol;
-import com.emc.object.s3.bean.AbstractVersion;
-import com.emc.object.s3.bean.EncodingType;
-import com.emc.object.s3.bean.S3Object;
+import com.emc.object.s3.bean.*;
 import com.emc.object.s3.jersey.S3JerseyClient;
+import com.emc.object.s3.request.DeleteObjectRequest;
 import com.emc.object.s3.request.ListObjectsRequest;
 import com.emc.object.s3.request.ListVersionsRequest;
+import com.emc.object.s3.request.SetObjectLegalHoldRequest;
 import com.emc.object.util.TestProperties;
 import com.emc.rest.smart.LoadBalancer;
 import com.emc.rest.smart.ecs.Vdc;
@@ -55,6 +55,7 @@ public abstract class AbstractS3ClientTest extends AbstractClientTest {
      * may be null
      */
     protected String ecsVersion;
+    protected CanonicalUser bucketOwner;
 
     protected abstract S3Client createS3Client() throws Exception;
 
@@ -83,14 +84,22 @@ public void shutdownClient() {
     @Override
     protected void createBucket(String bucketName) throws Exception {
         client.createBucket(bucketName);
+        this.bucketOwner = client.getBucketAcl(bucketName).getOwner();
     }
 
     @Override
     protected void cleanUpBucket(String bucketName) {
         if (client != null && client.bucketExists(bucketName)) {
+            boolean objectLockEnabled = client.getObjectLockConfiguration(bucketName) != null;
             if (client.getBucketVersioning(bucketName).getStatus() != null) {
                 for (AbstractVersion version : client.listVersions(new ListVersionsRequest(bucketName).withEncodingType(EncodingType.url)).getVersions()) {
-                    client.deleteVersion(bucketName, version.getKey(), version.getVersionId());
+                    DeleteObjectRequest deleteRequest = new DeleteObjectRequest(bucketName, version.getKey()).withVersionId(version.getVersionId());
+                    if (objectLockEnabled) {
+                        client.setObjectLegalHold(new SetObjectLegalHoldRequest(bucketName, version.getKey()).withVersionId(version.getVersionId())
+                                .withLegalHold(new ObjectLockLegalHold().withStatus(ObjectLockLegalHold.Status.OFF)));
+                        deleteRequest.withBypassGovernanceRetention(true);
+                    }
+                    client.deleteObject(deleteRequest);
                 }
             } else {
                 for (S3Object object : client.listObjects(new ListObjectsRequest(bucketName).withEncodingType(EncodingType.url)).getObjects()) {

src/test/java/com/emc/object/s3/S3EncryptionClientBasicTest.java

@@ -562,6 +562,16 @@ public void testExtendObjectRetentionPeriod() {
     public void testPreSignedUrlHeaderOverrides() throws Exception {
     }
 
+    @Ignore
+    @Override
+    public void testSingleMultipartUploadWithRetention() {
+    }
+
+    @Ignore
+    @Override
+    public void testCopyObjectWithLegalHoldON() {
+    }
+
     @Override
     public void testGetPutDeleteObjectWithTagging() {
         // set up env

src/test/java/com/emc/object/s3/S3JerseyClientTest.java

@@ -2384,11 +2384,9 @@ public void testSetObjectAcl() throws Exception {
         String testObject = "/objectPrefix/testObject1";
         client.putObject(getTestBucket(), testObject, "Hello ACLs!", "text/plain");
 
-        String identity = createS3Config().getIdentity();
-        CanonicalUser owner = new CanonicalUser(identity, identity);
         AccessControlList acl = new AccessControlList();
-        acl.setOwner(owner);
-        acl.addGrants(new Grant(owner, Permission.FULL_CONTROL));
+        acl.setOwner(bucketOwner);
+        acl.addGrants(new Grant(bucketOwner, Permission.FULL_CONTROL));
 
         client.setObjectAcl(getTestBucket(), testObject, acl);
         assertAclEquals(acl, client.getBucketAcl(getTestBucket()));
@@ -2409,11 +2407,9 @@ public void testSetObjectAclRequestAcl() throws Exception {
         String content = "Object Content";
         client.putObject(getTestBucket(), testObject, content, "text/plain");
 
-        String identity = createS3Config().getIdentity();
-        CanonicalUser owner = new CanonicalUser(identity, identity);
         AccessControlList acl = new AccessControlList();
-        acl.setOwner(owner);
-        acl.addGrants(new Grant(owner, Permission.FULL_CONTROL));
+        acl.setOwner(bucketOwner);
+        acl.addGrants(new Grant(bucketOwner, Permission.FULL_CONTROL));
 
         SetObjectAclRequest request = new SetObjectAclRequest(getTestBucket(), testObject);
         log.debug("JMC calling request.setAcl");

src/test/resources/test.properties.template

@@ -12,6 +12,9 @@ s3.secret_key=<secretkey>
 ## Endpoint to the S3 Access Point
 s3.endpoint=http[s]://<ecshost>[:9020|:9021]
 
+## Specified if the use is an IAM user
+s3.iam_user=false
+
 
 ### STS test part, uncomment the following to test STS