Skip to content

Commit

Permalink
test: REST PutBucketAcl command
Browse files Browse the repository at this point in the history
  • Loading branch information
lrm25 committed Dec 9, 2024
1 parent 47a6152 commit 2e22433
Show file tree
Hide file tree
Showing 11 changed files with 374 additions and 66 deletions.
25 changes: 9 additions & 16 deletions tests/commands/put_bucket_acl.sh
Original file line number Diff line number Diff line change
Expand Up @@ -58,22 +58,15 @@ reset_bucket_acl() {
return 1
fi
# shellcheck disable=SC2154
cat <<EOF > "$TEST_FILE_FOLDER/$acl_file"
{
"Grants": [
{
"Grantee": {
"ID": "$AWS_ACCESS_KEY_ID",
"Type": "CanonicalUser"
},
"Permission": "FULL_CONTROL"
}
],
"Owner": {
"ID": "$AWS_ACCESS_KEY_ID"
}
}
EOF
if [ "$DIRECT" != "true" ]; then
if ! setup_acl_json "$TEST_FILE_FOLDER/$acl_file" "ID" "$AWS_ACCESS_KEY_ID" "FULL_CONTROL" "$AWS_ACCESS_KEY_ID"; then
log 2 "error resetting versitygw ACL"
return 1
fi
elif ! setup_acl_json "$TEST_FILE_FOLDER/$acl_file" "ID" "$AWS_CANONICAL_ID" "FULL_CONTROL" "$AWS_CANONICAL_ID"; then
log 2 "error resetting direct ACL"
return 1
fi
if ! put_bucket_acl_s3api "$BUCKET_ONE_NAME" "$TEST_FILE_FOLDER/$acl_file"; then
log 2 "error putting bucket acl (s3api)"
return 1
Expand Down
12 changes: 12 additions & 0 deletions tests/env.sh
Original file line number Diff line number Diff line change
Expand Up @@ -123,6 +123,14 @@ check_universal_vars() {
log 1 "RECREATE_BUCKETS must be 'true' or 'false'"
exit 1
fi
if [ "$RECREATE_BUCKETS" != "true" ] && [ "$RECREATE_BUCKETS" != "false" ]; then
log 1 "RECREATE_BUCKETS must be 'true' or 'false'"
exit 1
fi
if [ "$RECREATE_BUCKETS" == "false" ] && [ "$DELETE_BUCKETS_AFTER_TEST" == "true" ]; then
log 1 "cannot set DELETE_BUCKETS_AFTER_TEST to 'true' if RECREATE_BUCKETS is 'false'"
return 1
fi
if [ -z "$TEST_FILE_FOLDER" ]; then
log 1 "TEST_FILE_FOLDER missing"
exit 1
Expand All @@ -135,6 +143,10 @@ check_universal_vars() {
fi
# exporting these since they're needed for subshells
export AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY AWS_REGION AWS_PROFILE AWS_ENDPOINT_URL
if [ -n "$AWS_CANONICAL_ID" ]; then
log 5 "canonical ID: $AWS_CANONICAL_ID"
export AWS_CANONICAL_ID
fi
}

delete_command_log() {
Expand Down
47 changes: 47 additions & 0 deletions tests/rest_scripts/get_object.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,47 @@
#!/usr/bin/env bash

# Copyright 2024 Versity Software
# This file is licensed under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http:#www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.

source ./tests/rest_scripts/rest.sh

# Fields

# shellcheck disable=SC2153
bucket_name="$BUCKET_NAME"
# shellcheck disable=SC2154
key="$OBJECT_KEY"

current_date_time=$(date -u +"%Y%m%dT%H%M%SZ")

#x-amz-object-attributes:ETag
canonical_request="GET
/$bucket_name/$key
host:$host
x-amz-content-sha256:UNSIGNED-PAYLOAD
x-amz-date:$current_date_time
host;x-amz-content-sha256;x-amz-date
UNSIGNED-PAYLOAD"

create_canonical_hash_sts_and_signature

curl_command+=(curl -ks -w "\"%{http_code}\"" "$AWS_ENDPOINT_URL/$bucket_name/$key"
-H "\"Authorization: AWS4-HMAC-SHA256 Credential=$aws_access_key_id/$year_month_day/$aws_region/s3/aws4_request,SignedHeaders=host;x-amz-content-sha256;x-amz-date,Signature=$signature\""
-H "\"x-amz-content-sha256: UNSIGNED-PAYLOAD\""
-H "\"x-amz-date: $current_date_time\""
-o "$OUTPUT_FILE")
# shellcheck disable=SC2154
eval "${curl_command[*]}" 2>&1
45 changes: 45 additions & 0 deletions tests/rest_scripts/list_objects.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,45 @@
#!/usr/bin/env bash

# Copyright 2024 Versity Software
# This file is licensed under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http:#www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.

source ./tests/rest_scripts/rest.sh

# Fields

# shellcheck disable=SC2153
bucket_name="$BUCKET_NAME"

current_date_time=$(date -u +"%Y%m%dT%H%M%SZ")

#x-amz-object-attributes:ETag
canonical_request="GET
/$bucket_name
host:$host
x-amz-content-sha256:UNSIGNED-PAYLOAD
x-amz-date:$current_date_time
host;x-amz-content-sha256;x-amz-date
UNSIGNED-PAYLOAD"

create_canonical_hash_sts_and_signature

curl_command+=(curl -ks -w "\"%{http_code}\"" "$AWS_ENDPOINT_URL/$bucket_name"
-H "\"Authorization: AWS4-HMAC-SHA256 Credential=$aws_access_key_id/$year_month_day/$aws_region/s3/aws4_request,SignedHeaders=host;x-amz-content-sha256;x-amz-date,Signature=$signature\""
-H "\"x-amz-content-sha256: UNSIGNED-PAYLOAD\""
-H "\"x-amz-date: $current_date_time\""
-o "$OUTPUT_FILE")
# shellcheck disable=SC2154
eval "${curl_command[*]}" 2>&1
51 changes: 51 additions & 0 deletions tests/rest_scripts/put_bucket_acl.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,51 @@
#!/usr/bin/env bash

# Copyright 2024 Versity Software
# This file is licensed under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http:#www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.

source ./tests/rest_scripts/rest.sh

# Fields

# shellcheck disable=SC2153
bucket_name="$BUCKET_NAME"
# shellcheck disable=SC2153
acl_file="$ACL_FILE"

payload="$(cat "$acl_file")"

payload_hash="$(echo -n "$payload" | sha256sum | awk '{print $1}')"
current_date_time=$(date -u +"%Y%m%dT%H%M%SZ")

canonical_request="PUT
/$bucket_name
acl=
host:$host
x-amz-content-sha256:$payload_hash
x-amz-date:$current_date_time
host;x-amz-content-sha256;x-amz-date
$payload_hash"

create_canonical_hash_sts_and_signature

curl_command+=(curl -ks -w "\"%{http_code}\"" -X PUT "$AWS_ENDPOINT_URL/$bucket_name?acl="
-H "\"Authorization: AWS4-HMAC-SHA256 Credential=$aws_access_key_id/$year_month_day/$aws_region/s3/aws4_request,SignedHeaders=host;x-amz-content-sha256;x-amz-date,Signature=$signature\""
-H "\"x-amz-content-sha256: $payload_hash\""
-H "\"x-amz-date: $current_date_time\""
-d "\"${payload//\"/\\\"}\""
-o "$OUTPUT_FILE")

# shellcheck disable=SC2154
eval "${curl_command[*]}" 2>&1
43 changes: 9 additions & 34 deletions tests/test_common_acl.sh
Original file line number Diff line number Diff line change
Expand Up @@ -52,8 +52,7 @@ test_common_put_bucket_acl() {
run put_bucket_ownership_controls "$BUCKET_ONE_NAME" "BucketOwnerPreferred"
assert_success

username=$USERNAME_ONE
run setup_user "$username" "HIJKLMN" "user"
run setup_user "$USERNAME_ONE" "$PASSWORD_ONE" "user"
assert_success

run get_check_acl_id "$1" "$BUCKET_ONE_NAME"
Expand All @@ -64,47 +63,23 @@ test_common_put_bucket_acl() {
assert_success

if [[ $DIRECT == "true" ]]; then
grantee="{\"Type\": \"Group\", \"URI\": \"http://acs.amazonaws.com/groups/global/AllUsers\"}"
grantee_type="Group"
grantee_id="http://acs.amazonaws.com/groups/global/AllUsers"
else
grantee="{\"ID\": \"$username\", \"Type\": \"CanonicalUser\"}"
grantee_type="ID"
grantee_id="$USERNAME_ONE"
fi

cat <<EOF > "$TEST_FILE_FOLDER"/"$acl_file"
{
"Grants": [
{
"Grantee": $grantee,
"Permission": "READ"
}
],
"Owner": {
"ID": "$AWS_ACCESS_KEY_ID"
}
}
EOF
run setup_acl_json "$TEST_FILE_FOLDER/$acl_file" "$grantee_type" "$grantee_id" "READ" "$AWS_ACCESS_KEY_ID"
assert_success

run put_bucket_acl_s3api "$BUCKET_ONE_NAME" "$TEST_FILE_FOLDER"/"$acl_file"
assert_success

run get_check_acl_after_first_put "$1" "$BUCKET_ONE_NAME"
assert_success

cat <<EOF > "$TEST_FILE_FOLDER"/"$acl_file"
{
"Grants": [
{
"Grantee": {
"ID": "$username",
"Type": "CanonicalUser"
},
"Permission": "FULL_CONTROL"
}
],
"Owner": {
"ID": "$AWS_ACCESS_KEY_ID"
}
}
EOF
run setup_acl_json "$TEST_FILE_FOLDER/$acl_file" "ID" "$USERNAME_ONE" "FULL_CONTROL" "$AWS_ACCESS_KEY_ID"
assert_success

run put_bucket_acl_s3api "$BUCKET_ONE_NAME" "$TEST_FILE_FOLDER"/"$acl_file"
assert_success
Expand Down
38 changes: 38 additions & 0 deletions tests/test_rest.sh
Original file line number Diff line number Diff line change
Expand Up @@ -452,4 +452,42 @@ export RUN_USERS=true

run get_and_check_acl_rest "$BUCKET_ONE_NAME"
assert_success
}

@test "REST - put ACL" {
run setup_bucket "s3api" "$BUCKET_ONE_NAME"
assert_success

test_file="test_file"
run create_test_files "$test_file"
assert_success

run put_bucket_ownership_controls "$BUCKET_ONE_NAME" "BucketOwnerPreferred"
assert_success

run put_object "s3api" "$TEST_FILE_FOLDER/$test_file" "$BUCKET_ONE_NAME" "$test_file"
assert_success

run create_versitygw_acl_user_or_get_direct_user "$USERNAME_ONE" "$PASSWORD_ONE"
assert_success
canonical_id=${lines[0]}
user_canonical_id=${lines[1]}
username=${lines[2]}
password=${lines[3]}

run setup_acl "$TEST_FILE_FOLDER/acl-file.txt" "$user_canonical_id" "READ" "$canonical_id"
assert_success

run list_objects_with_user_rest_verify_access_denied "$BUCKET_ONE_NAME" "$username" "$password"
assert_success

run put_acl_rest "$BUCKET_ONE_NAME" "$TEST_FILE_FOLDER/acl-file.txt"
assert_success

if [ "$DIRECT" == "true" ]; then
sleep 5
fi

run list_objects_with_user_rest_verify_success "$BUCKET_ONE_NAME" "$username" "$password" "$test_file"
assert_success
}
7 changes: 1 addition & 6 deletions tests/test_s3api_policy_object.sh
Original file line number Diff line number Diff line change
Expand Up @@ -323,15 +323,10 @@ test_s3api_policy_put_wildcard() {
username=${lines[0]}
password=${lines[1]}

effect="Allow"
principal="$username"
action="s3:PutObject"
resource="arn:aws:s3:::$BUCKET_ONE_NAME/$test_folder/*"

run setup_bucket "s3api" "$BUCKET_ONE_NAME"
assert_success

run setup_policy_with_single_statement "$TEST_FILE_FOLDER/$policy_file" "dummy" "$effect" "$principal" "$action" "$resource"
run setup_policy_with_single_statement "$TEST_FILE_FOLDER/$policy_file" "dummy" "Allow" "$username" "s3:PutObject" "arn:aws:s3:::$BUCKET_ONE_NAME/$test_folder/*"
assert_success

run put_bucket_policy "s3api" "$BUCKET_ONE_NAME" "$TEST_FILE_FOLDER/$policy_file"
Expand Down
Loading

0 comments on commit 2e22433

Please sign in to comment.