test: GetBucketPolicy - test w/o policy

tests/commands/copy_object.sh

@@ -24,7 +24,7 @@ copy_object() {
   record_command "copy-object" "client:$1"
   if [[ $1 == 's3' ]]; then
     error=$(send_command aws --no-verify-ssl s3 cp "$2" s3://"$3/$4" 2>&1) || exit_code=$?
-  elif [[ $1 == 's3api' ]] || [[ $1 == 'aws' ]]; then
+  elif [[ $1 == 's3api' ]]; then
     error=$(send_command aws --no-verify-ssl s3api copy-object --copy-source "$2" --bucket "$3" --key "$4" 2>&1) || exit_code=$?
   elif [[ $1 == 's3cmd' ]]; then
     log 5 "s3cmd ${S3CMD_OPTS[*]} --no-check-certificate cp s3://$2 s3://$3/$4"

tests/commands/create_bucket.sh

@@ -31,7 +31,7 @@ create_bucket() {
   log 6 "create bucket"
   if [[ $1 == 's3' ]]; then
     error=$(send_command aws --no-verify-ssl s3 mb s3://"$2" 2>&1) || exit_code=$?
-  elif [[ $1 == "aws" ]] || [[ $1 == 's3api' ]]; then
+  elif [[ $1 == 's3api' ]]; then
     error=$(send_command aws --no-verify-ssl s3api create-bucket --bucket "$2" 2>&1) || exit_code=$?
   elif [[ $1 == "s3cmd" ]]; then
     log 5 "s3cmd ${S3CMD_OPTS[*]} --no-check-certificate mb s3://$2"

tests/commands/create_presigned_url.sh

@@ -7,7 +7,7 @@ create_presigned_url() {
   fi
 
   local presign_result=0
-  if [[ $1 == 'aws' ]]; then
+  if [[ $1 == 's3api' ]]; then
     presigned_url=$(send_command aws s3 presign "s3://$2/$3" --expires-in 900) || presign_result=$?
   elif [[ $1 == 's3cmd' ]]; then
     presigned_url=$(send_command s3cmd --no-check-certificate "${S3CMD_OPTS[@]}" signurl "s3://$2/$3" "$(echo "$(date +%s)" + 900 | bc)") || presign_result=$?

tests/commands/delete_bucket.sh

@@ -32,7 +32,7 @@ delete_bucket() {
   exit_code=0
   if [[ $1 == 's3' ]]; then
     error=$(send_command aws --no-verify-ssl s3 rb s3://"$2") || exit_code=$?
-  elif [[ $1 == 'aws' ]] || [[ $1 == 's3api' ]]; then
+  elif [[ $1 == 's3api' ]]; then
     error=$(send_command aws --no-verify-ssl s3api delete-bucket --bucket "$2" 2>&1) || exit_code=$?
   elif [[ $1 == 's3cmd' ]]; then
     error=$(send_command s3cmd "${S3CMD_OPTS[@]}" --no-check-certificate rb s3://"$2" 2>&1) || exit_code=$?

tests/commands/delete_bucket_policy.sh

@@ -21,7 +21,7 @@ delete_bucket_policy() {
     return 1
   fi
   local delete_result=0
-  if [[ $1 == 'aws' ]] || [[ $1 == 's3api' ]] || [[ $1 == 's3' ]]; then
+  if [[ $1 == 's3api' ]] || [[ $1 == 's3' ]]; then
     error=$(send_command aws --no-verify-ssl s3api delete-bucket-policy --bucket "$2" 2>&1) || delete_result=$?
   elif [[ $1 == 's3cmd' ]]; then
     error=$(send_command s3cmd "${S3CMD_OPTS[@]}" --no-check-certificate delpolicy "s3://$2" 2>&1) || delete_result=$?

tests/commands/delete_bucket_tagging.sh

@@ -21,7 +21,7 @@ delete_bucket_tagging() {
     return 1
   fi
   local result
-  if [[ $1 == 'aws' ]]; then
+  if [[ $1 == 's3api' ]]; then
     tags=$(send_command aws --no-verify-ssl s3api delete-bucket-tagging --bucket "$2" 2>&1) || result=$?
   elif [[ $1 == 'mc' ]]; then
     tags=$(send_command mc --insecure tag remove "$MC_ALIAS"/"$2" 2>&1) || result=$?

tests/commands/delete_object.sh

@@ -25,7 +25,7 @@ delete_object() {
   local exit_code=0
   if [[ $1 == 's3' ]]; then
     delete_object_error=$(send_command aws --no-verify-ssl s3 rm "s3://$2/$3" 2>&1) || exit_code=$?
-  elif [[ $1 == 's3api' ]] || [[ $1 == 'aws' ]]; then
+  elif [[ $1 == 's3api' ]]; then
     delete_object_error=$(send_command aws --no-verify-ssl s3api delete-object --bucket "$2" --key "$3" 2>&1) || exit_code=$?
   elif [[ $1 == 's3cmd' ]]; then
     delete_object_error=$(send_command s3cmd "${S3CMD_OPTS[@]}" --no-check-certificate rm "s3://$2/$3" 2>&1) || exit_code=$?

tests/commands/delete_object_tagging.sh

@@ -21,7 +21,7 @@ delete_object_tagging() {
     return 1
   fi
   delete_result=0
-  if [[ $1 == 'aws' ]]; then
+  if [[ $1 == 's3api' ]]; then
     error=$(send_command aws --no-verify-ssl s3api delete-object-tagging --bucket "$2" --key "$3" 2>&1) || delete_result=$?
   elif [[ $1 == 'mc' ]]; then
     error=$(send_command mc --insecure tag remove "$MC_ALIAS/$2/$3") || delete_result=$?

tests/commands/get_bucket_acl.sh

@@ -21,7 +21,7 @@ get_bucket_acl() {
     return 1
   fi
   local exit_code=0
-  if [[ $1 == 'aws' ]] || [[ $1 == 's3api' ]]; then
+  if [[ $1 == 's3api' ]]; then
     acl=$(send_command aws --no-verify-ssl s3api get-bucket-acl --bucket "$2" 2>&1) || exit_code="$?"
   elif [[ $1 == 's3cmd' ]]; then
     acl=$(send_command s3cmd "${S3CMD_OPTS[@]}" --no-check-certificate info "s3://$2" 2>&1) || exit_code="$?"

tests/commands/get_bucket_location.sh

@@ -21,7 +21,7 @@ get_bucket_location() {
     return 1
   fi
   get_result=0
-  if [[ $1 == 'aws' ]]; then
+  if [[ $1 == 's3api' ]]; then
     get_bucket_location_aws "$2" || get_result=$?
   elif [[ $1 == 's3cmd' ]]; then
     get_bucket_location_s3cmd "$2" || get_result=$?

tests/commands/get_bucket_policy.sh

@@ -21,7 +21,7 @@ get_bucket_policy() {
     return 1
   fi
   local get_bucket_policy_result=0
-  if [[ $1 == 'aws' ]] || [[ $1 == 's3api' ]]; then
+  if [[ $1 == 's3api' ]]; then
     get_bucket_policy_aws "$2" || get_bucket_policy_result=$?
   elif [[ $1 == 's3cmd' ]]; then
     get_bucket_policy_s3cmd "$2" || get_bucket_policy_result=$?

tests/commands/get_bucket_tagging.sh

@@ -21,7 +21,7 @@ get_bucket_tagging() {
   assert [ $# -eq 2 ]
   record_command "get-bucket-tagging" "client:$1"
   local result
-  if [[ $1 == 'aws' ]]; then
+  if [[ $1 == 's3api' ]]; then
     tags=$(send_command aws --no-verify-ssl s3api get-bucket-tagging --bucket "$2" 2>&1) || result=$?
   elif [[ $1 == 'mc' ]]; then
     tags=$(send_command mc --insecure tag list "$MC_ALIAS"/"$2" 2>&1) || result=$?

tests/commands/get_object.sh

@@ -24,7 +24,7 @@ get_object() {
   local exit_code=0
   if [[ $1 == 's3' ]]; then
     get_object_error=$(send_command aws --no-verify-ssl s3 mv "s3://$2/$3" "$4" 2>&1) || exit_code=$?
-  elif [[ $1 == 's3api' ]] || [[ $1 == 'aws' ]]; then
+  elif [[ $1 == 's3api' ]]; then
     get_object_error=$(send_command aws --no-verify-ssl s3api get-object --bucket "$2" --key "$3" "$4" 2>&1) || exit_code=$?
   elif [[ $1 == 's3cmd' ]]; then
     get_object_error=$(send_command s3cmd "${S3CMD_OPTS[@]}" --no-check-certificate get "s3://$2/$3" "$4" 2>&1) || exit_code=$?

tests/commands/get_object_tagging.sh

@@ -21,7 +21,7 @@ get_object_tagging() {
     return 1
   fi
   local result
-  if [[ "$1" == 'aws' ]] || [[ $1 == 's3api' ]]; then
+  if [[ $1 == 's3api' ]]; then
     tags=$(send_command aws --no-verify-ssl s3api get-object-tagging --bucket "$2" --key "$3" 2>&1) || result=$?
   elif [[ "$1" == 'mc' ]]; then
     tags=$(send_command mc --insecure tag list "$MC_ALIAS"/"$2"/"$3" 2>&1) || result=$?

tests/commands/head_bucket.sh

@@ -29,7 +29,7 @@ head_bucket() {
     return 1
   fi
   local exit_code=0
-  if [[ $1 == "aws" ]] || [[ $1 == 's3api' ]] || [[ $1 == 's3' ]]; then
+  if [[ $1 == 's3api' ]] || [[ $1 == 's3' ]]; then
     bucket_info=$(send_command aws --no-verify-ssl s3api head-bucket --bucket "$2" 2>&1) || exit_code=$?
   elif [[ $1 == "s3cmd" ]]; then
     bucket_info=$(send_command s3cmd --no-check-certificate info "s3://$2" 2>&1) || exit_code=$?

tests/commands/head_object.sh

@@ -21,7 +21,7 @@ head_object() {
     return 2
   fi
   local exit_code=0
-  if [[ $1 == 'aws' ]] || [[ $1 == 's3api' ]] || [[ $1 == 's3' ]]; then
+  if [[ $1 == 's3api' ]] || [[ $1 == 's3' ]]; then
     metadata=$(send_command aws --no-verify-ssl s3api head-object --bucket "$2" --key "$3" 2>&1) || exit_code="$?"
   elif [[ $1 == 's3cmd' ]]; then
     metadata=$(send_command s3cmd "${S3CMD_OPTS[@]}" --no-check-certificate info s3://"$2/$3" 2>&1) || exit_code="$?"

tests/commands/list_buckets.sh

@@ -25,7 +25,7 @@ list_buckets() {
   local exit_code=0
   if [[ $1 == 's3' ]]; then
     buckets=$(send_command aws --no-verify-ssl s3 ls 2>&1 s3://) || exit_code=$?
-  elif [[ $1 == 's3api' ]] || [[ $1 == 'aws' ]]; then
+  elif [[ $1 == 's3api' ]]; then
     list_buckets_s3api "$AWS_ACCESS_KEY_ID" "$AWS_SECRET_ACCESS_KEY" || exit_code=$?
   elif [[ $1 == 's3cmd' ]]; then
     buckets=$(send_command s3cmd "${S3CMD_OPTS[@]}" --no-check-certificate ls s3:// 2>&1) || exit_code=$?

tests/commands/list_objects.sh

@@ -1,6 +1,6 @@
 #!/usr/bin/env bash
 
-source ./tests/util_list_objects.sh
+source ./tests/util/util_list_objects.sh
 source ./tests/commands/command.sh
 
 # Copyright 2024 Versity Software
@@ -29,7 +29,7 @@ list_objects() {
 
   local output
   local result=0
-  if [[ $1 == "aws" ]] || [[ $1 == 's3' ]]; then
+  if [[ $1 == 's3' ]]; then
     output=$(send_command aws --no-verify-ssl s3 ls s3://"$2" 2>&1) || result=$?
   elif [[ $1 == 's3api' ]]; then
     list_objects_s3api "$2" || result=$?

tests/commands/put_bucket_acl.sh

@@ -14,7 +14,7 @@
 # specific language governing permissions and limitations
 # under the License.
 
-source ./tests/util_file.sh
+source ./tests/util/util_file.sh
 source ./tests/commands/command.sh
 
 put_bucket_acl_s3api() {

tests/commands/put_bucket_policy.sh

@@ -21,7 +21,7 @@ put_bucket_policy() {
     return 1
   fi
   local put_policy_result=0
-  if [[ $1 == 'aws' ]] || [[ $1 == 's3api' ]]; then
+  if [[ $1 == 's3api' ]]; then
     policy=$(send_command aws --no-verify-ssl s3api put-bucket-policy --bucket "$2" --policy "file://$3" 2>&1) || put_policy_result=$?
   elif [[ $1 == 's3cmd' ]]; then
     policy=$(send_command s3cmd "${S3CMD_OPTS[@]}" --no-check-certificate setpolicy "$3" "s3://$2" 2>&1) || put_policy_result=$?

tests/commands/put_bucket_tagging.sh

@@ -23,7 +23,7 @@ put_bucket_tagging() {
   local error
   local result=0
   record_command "put-bucket-tagging" "client:$1"
-  if [[ $1 == 'aws' ]] || [[ $1 == 's3api' ]]; then
+  if [[ $1 == 's3api' ]]; then
     error=$(send_command aws --no-verify-ssl s3api put-bucket-tagging --bucket "$2" --tagging "TagSet=[{Key=$3,Value=$4}]") || result=$?
   elif [[ $1 == 'mc' ]]; then
     error=$(send_command mc --insecure tag set "$MC_ALIAS"/"$2" "$3=$4" 2>&1) || result=$?

tests/commands/put_object.sh

@@ -27,7 +27,7 @@ put_object() {
   local error
   if [[ $1 == 's3' ]]; then
     error=$(send_command aws --no-verify-ssl s3 mv "$2" s3://"$3/$4" 2>&1) || exit_code=$?
-  elif [[ $1 == 's3api' ]] || [[ $1 == 'aws' ]]; then
+  elif [[ $1 == 's3api' ]]; then
     error=$(send_command aws --no-verify-ssl s3api put-object --body "$2" --bucket "$3" --key "$4" 2>&1) || exit_code=$?
   elif [[ $1 == 's3cmd' ]]; then
     error=$(send_command s3cmd "${S3CMD_OPTS[@]}" --no-check-certificate put "$2" s3://"$3/$4" 2>&1) || exit_code=$?

tests/commands/put_object_tagging.sh

@@ -22,7 +22,7 @@ put_object_tagging() {
   local error
   local result
   record_command "put-object-tagging" "client:$1"
-  if [[ $1 == 'aws' ]]; then
+  if [[ $1 == 's3api' ]]; then
     error=$(send_command aws --no-verify-ssl s3api put-object-tagging --bucket "$2" --key "$3" --tagging "TagSet=[{Key=$4,Value=$5}]" 2>&1) || result=$?
   elif [[ $1 == 'mc' ]]; then
     error=$(send_command mc --insecure tag set "$MC_ALIAS"/"$2"/"$3" "$4=$5" 2>&1) || result=$?

tests/remove_static.sh

@@ -15,7 +15,7 @@
 # under the License.
 
 source ./tests/setup.sh
-source ./tests/util.sh
+source ./tests/util/util.sh
 
 delete_bucket_if_exists() {
   if [[ $# -ne 2 ]]; then

tests/rest_scripts/get_bucket_policy.sh

@@ -0,0 +1,43 @@
+#!/usr/bin/env bash
+
+# Copyright 2024 Versity Software
+# This file is licensed under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http:#www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+source ./tests/rest_scripts/rest.sh
+
+# Fields
+# shellcheck disable=SC2153
+bucket_name="$BUCKET_NAME"
+
+current_date_time=$(date -u +"%Y%m%dT%H%M%SZ")
+
+canonical_request="GET
+/$bucket_name
+policy=
+host:$host
+x-amz-content-sha256:UNSIGNED-PAYLOAD
+x-amz-date:$current_date_time
+
+host;x-amz-content-sha256;x-amz-date
+UNSIGNED-PAYLOAD"
+
+create_canonical_hash_sts_and_signature
+
+curl_command+=(curl -ks -w "\"%{http_code}\"" "$AWS_ENDPOINT_URL/$bucket_name?policy="
+-H "\"Authorization: AWS4-HMAC-SHA256 Credential=$aws_access_key_id/$year_month_day/$aws_region/s3/aws4_request,SignedHeaders=host;x-amz-content-sha256;x-amz-date,Signature=$signature\""
+-H "\"x-amz-content-sha256: UNSIGNED-PAYLOAD\""
+-H "\"x-amz-date: $current_date_time\""
+-o "$OUTPUT_FILE")
+# shellcheck disable=SC2154
+eval "${curl_command[*]}" 2>&1

tests/setup.sh

@@ -20,7 +20,7 @@ load ./bats-assert/load
 source ./tests/env.sh
 source ./tests/report.sh
 source ./tests/setup_mc.sh
-source ./tests/util.sh
+source ./tests/util/util.sh
 source ./tests/versity.sh
 
 # bats setup function

tests/setup_static.sh

@@ -15,7 +15,7 @@
 # under the License.
 
 source ./tests/env.sh
-source ./tests/util.sh
+source ./tests/util/util.sh
 source ./tests/commands/create_bucket.sh
 
 create_bucket_if_not_exists() {

tests/teardown_static.sh

@@ -15,7 +15,7 @@
 # under the License.
 
 source ./tests/setup.sh
-source ./tests/util.sh
+source ./tests/util/util.sh
 
 if ! base_setup; then
   log 2 "error starting versity to set up static buckets"

tests/test_common.sh

@@ -15,13 +15,13 @@
 # under the License.
 
 source ./tests/setup.sh
-source ./tests/util.sh
-source ./tests/util_acl.sh
-source ./tests/util_bucket_location.sh
-source ./tests/util_file.sh
-source ./tests/util_list_buckets.sh
-source ./tests/util_policy.sh
-source ./tests/util_presigned_url.sh
+source ./tests/util/util.sh
+source ./tests/util/util_acl.sh
+source ./tests/util/util_bucket_location.sh
+source ./tests/util/util_file.sh
+source ./tests/util/util_list_buckets.sh
+source ./tests/util/util_policy.sh
+source ./tests/util/util_presigned_url.sh
 source ./tests/commands/copy_object.sh
 source ./tests/commands/delete_bucket_tagging.sh
 source ./tests/commands/delete_object_tagging.sh

tests/test_common_acl.sh

@@ -15,13 +15,11 @@
 # under the License.
 
 test_put_bucket_acl_s3cmd() {
-  if [[ $DIRECT != "true" ]]; then
-    skip "https://github.com/versity/versitygw/issues/695"
+  if [ "$DIRECT" != "true" ]; then
+    skip "https://github.com/versity/versitygw/issues/963"
   fi
-  run setup_bucket "s3cmd" "$BUCKET_ONE_NAME"
-  assert_success
 
-  run put_bucket_ownership_controls "$BUCKET_ONE_NAME" "BucketOwnerPreferred"
+  run setup_bucket "s3cmd" "$BUCKET_ONE_NAME"
   assert_success
 
   username=$USERNAME_ONE

tests/test_mc.sh

@@ -16,9 +16,9 @@
 
 source ./tests/test_common.sh
 source ./tests/setup.sh
-source ./tests/util_create_bucket.sh
-source ./tests/util_head_bucket.sh
-source ./tests/util_tags.sh
+source ./tests/util/util_create_bucket.sh
+source ./tests/util/util_head_bucket.sh
+source ./tests/util/util_tags.sh
 source ./tests/commands/delete_bucket_policy.sh
 source ./tests/commands/get_bucket_policy.sh
 source ./tests/commands/put_bucket_policy.sh

tests/test_rest.sh

@@ -28,18 +28,19 @@ source ./tests/commands/put_object_retention.sh
 source ./tests/commands/put_object_tagging.sh
 source ./tests/logger.sh
 source ./tests/setup.sh
-source ./tests/util.sh
-source ./tests/util_attributes.sh
-source ./tests/util_legal_hold.sh
-source ./tests/util_list_buckets.sh
-source ./tests/util_list_objects.sh
-source ./tests/util_list_parts.sh
-source ./tests/util_lock_config.sh
-source ./tests/util_ownership.sh
-source ./tests/util_rest.sh
-source ./tests/util_tags.sh
-source ./tests/util_time.sh
-source ./tests/util_versioning.sh
+source ./tests/util/util.sh
+source ./tests/util/util_attributes.sh
+source ./tests/util/util_legal_hold.sh
+source ./tests/util/util_list_buckets.sh
+source ./tests/util/util_list_objects.sh
+source ./tests/util/util_list_parts.sh
+source ./tests/util/util_lock_config.sh
+source ./tests/util/util_ownership.sh
+source ./tests/util/util_policy.sh
+source ./tests/util/util_rest.sh
+source ./tests/util/util_tags.sh
+source ./tests/util/util_time.sh
+source ./tests/util/util_versioning.sh
 
 @test "test_rest_list_objects" {
   run setup_bucket "s3api" "$BUCKET_ONE_NAME"
@@ -409,4 +410,16 @@ source ./tests/util_versioning.sh
 
   run get_and_check_ownership_controls "$BUCKET_ONE_NAME" "BucketOwnerPreferred"
   assert_success
+}
+
+@test "REST - get policy w/o policy" {
+  if [ "$DIRECT" != "true" ]; then
+    skip "https://github.com/versity/versitygw/issues/959"
+  fi
+
+  run setup_bucket "s3api" "$BUCKET_ONE_NAME"
+  assert_success
+
+  run get_and_check_no_policy_error "$BUCKET_ONE_NAME"
+  assert_success
 }