root
/
minio
mirror of https://github.com/minio/minio.git
1
0
Fork 0
Code Issues Actions 1 Packages Projects Releases Wiki Activity
minio/cmd/bucket-policy-handlers_test.go

777 lines
33 KiB
Go
Raw Normal View History

update license change for MinIO Signed-off-by: Harshavardhana <harsha@minio.io>
2021-04-19 03:41:13 +08:00
// Copyright (c) 2015-2021 MinIO, Inc.
//
// This file is part of MinIO Object Storage stack
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
Resource matching fix to overcome issues with regular expression based match (#1476)
2016-05-05 07:56:57 +08:00
server: Move all the top level files into cmd folder. (#2490) This change brings a change which was done for the 'mc' package to allow for clean repo and have a cleaner github drop in experience.
2016-08-19 07:23:42 +08:00
package cmd
Resource matching fix to overcome issues with regular expression based match (#1476)
2016-05-05 07:56:57 +08:00
import (
api/bucket-policy: Refactor, Handler test. (#2071) PR contains, - New setup utilities for running object handler tests. Here is why they are essential, - Unit tests have to be run in isolation without being have to be associated with other functionalities which are not under test. - The integration tests follows the philosophy of running a Test Server and registers all handlers and fires HTTP requests over the socket to simulate the system functionality under usual work load scenarios and test for correctness. But this philosophy cannot be adopted for running unit tests for HTTP handlers. - Running Unit tests for API handlers, - Shouldn't run a test server. Should purely call the handlers `ServeHTTP` under isolation. - Shouldn't register all handlers, should only register handlers under test and so that the system is close to be in an isolated setup. - As an example PutBucketPolicy test is illustrated using the new setup. Exhaustive cases has to be added and has been listen in TODO for now.
2016-07-03 10:05:16 +08:00
"bytes"
Resource matching fix to overcome issues with regular expression based match (#1476)
2016-05-05 07:56:57 +08:00
"fmt"
tests: Enhance coverage for bucket policy handlers. (#2895)
2016-10-11 00:29:56 +08:00
"io"
Api/Bucket-Policy: Handler tests (#2074)
2016-07-04 13:35:30 +08:00
"io/ioutil"
api/bucket-policy: Refactor, Handler test. (#2071) PR contains, - New setup utilities for running object handler tests. Here is why they are essential, - Unit tests have to be run in isolation without being have to be associated with other functionalities which are not under test. - The integration tests follows the philosophy of running a Test Server and registers all handlers and fires HTTP requests over the socket to simulate the system functionality under usual work load scenarios and test for correctness. But this philosophy cannot be adopted for running unit tests for HTTP handlers. - Running Unit tests for API handlers, - Shouldn't run a test server. Should purely call the handlers `ServeHTTP` under isolation. - Shouldn't register all handlers, should only register handlers under test and so that the system is close to be in an isolated setup. - As an example PutBucketPolicy test is illustrated using the new setup. Exhaustive cases has to be added and has been listen in TODO for now.
2016-07-03 10:05:16 +08:00
"net/http"
"net/http/httptest"
Enhance policy handling to support SSE and WORM (#5790) - remove old bucket policy handling - add new policy handling - add new policy handling unit tests This patch brings support to bucket policy to have more control not limiting to anonymous. Bucket owner controls to allow/deny any rest API. For example server side encryption can be controlled by allowing PUT/GET objects with encryptions including bucket owner.
2018-04-25 06:53:30 +08:00
"reflect"
"strings"
Lock while creating buckets (#12999) Ensure that one call will succeed and others will serialize Example failure without code in place: ``` bucket-policy-handlers_test.go:120: unexpected error: cmd.InsufficientWriteQuorum: Storage resources are insufficient for the write operation doz2wjqaovp5kvlrv11fyacowgcvoziszmkmzzz9nk9au946qwhci4zkane5-1/ bucket-policy-handlers_test.go:120: unexpected error: cmd.InsufficientWriteQuorum: Storage resources are insufficient for the write operation doz2wjqaovp5kvlrv11fyacowgcvoziszmkmzzz9nk9au946qwhci4zkane5-1/ bucket-policy-handlers_test.go:135: want 1 ok, got 0 ```
2021-08-20 04:21:02 +08:00
"sync"
Resource matching fix to overcome issues with regular expression based match (#1476)
2016-05-05 07:56:57 +08:00
"testing"
api/bucketPolicy: Use minio-go/pkg/set and fix bucket policy regression. (#2506) Current master has a regression 'mc policy <policy-type> alias/bucket/prefix' does not work anymore, due to the way new minio-go changes do json marshalling. This led to a regression on server side when a ``prefix`` is provided policy is rejected as malformed from th server which is not the case with AWS S3. This patch uses the new ``minio-go/pkg/set`` package to address the unmarshalling problems. Fixes #2503
2016-08-20 18:16:38 +08:00
rename all remaining packages to internal/ (#12418) This is to ensure that there are no projects that try to import `minio/minio/pkg` into their own repo. Any such common packages should go to `https://github.com/minio/pkg`
2021-06-02 05:59:40 +08:00
"github.com/minio/minio/internal/auth"
move to iam, bucket policy from minio/pkg (#12400)
2021-05-30 12:16:42 +08:00
"github.com/minio/pkg/bucket/policy"
"github.com/minio/pkg/bucket/policy/condition"
Resource matching fix to overcome issues with regular expression based match (#1476)
2016-05-05 07:56:57 +08:00
)
Enhance policy handling to support SSE and WORM (#5790) - remove old bucket policy handling - add new policy handling - add new policy handling unit tests This patch brings support to bucket policy to have more control not limiting to anonymous. Bucket owner controls to allow/deny any rest API. For example server side encryption can be controlled by allowing PUT/GET objects with encryptions including bucket owner.
2018-04-25 06:53:30 +08:00
func getAnonReadOnlyBucketPolicy(bucketName string) *policy.Policy {
return &policy.Policy{
Version: policy.DefaultVersion,
do not remove Sid from svcaccount policies (#14064) fixes #13905
2022-01-11 06:26:26 +08:00
Statements: []policy.Statement{
policy.NewStatement(
"",
policy.Allow,
policy.NewPrincipal("*"),
policy.NewActionSet(policy.GetBucketLocationAction, policy.ListBucketAction),
policy.NewResourceSet(policy.NewResource(bucketName, "")),
condition.NewFunctions(),
),
},
Resource matching fix to overcome issues with regular expression based match (#1476)
2016-05-05 07:56:57 +08:00
}
Enhance policy handling to support SSE and WORM (#5790) - remove old bucket policy handling - add new policy handling - add new policy handling unit tests This patch brings support to bucket policy to have more control not limiting to anonymous. Bucket owner controls to allow/deny any rest API. For example server side encryption can be controlled by allowing PUT/GET objects with encryptions including bucket owner.
2018-04-25 06:53:30 +08:00
}
Resource matching fix to overcome issues with regular expression based match (#1476)
2016-05-05 07:56:57 +08:00
Enhance policy handling to support SSE and WORM (#5790) - remove old bucket policy handling - add new policy handling - add new policy handling unit tests This patch brings support to bucket policy to have more control not limiting to anonymous. Bucket owner controls to allow/deny any rest API. For example server side encryption can be controlled by allowing PUT/GET objects with encryptions including bucket owner.
2018-04-25 06:53:30 +08:00
func getAnonWriteOnlyBucketPolicy(bucketName string) *policy.Policy {
return &policy.Policy{
Version: policy.DefaultVersion,
do not remove Sid from svcaccount policies (#14064) fixes #13905
2022-01-11 06:26:26 +08:00
Statements: []policy.Statement{
policy.NewStatement(
"",
policy.Allow,
policy.NewPrincipal("*"),
policy.NewActionSet(
policy.GetBucketLocationAction,
policy.ListBucketMultipartUploadsAction,
),
policy.NewResourceSet(policy.NewResource(bucketName, "")),
condition.NewFunctions(),
Enhance policy handling to support SSE and WORM (#5790) - remove old bucket policy handling - add new policy handling - add new policy handling unit tests This patch brings support to bucket policy to have more control not limiting to anonymous. Bucket owner controls to allow/deny any rest API. For example server side encryption can be controlled by allowing PUT/GET objects with encryptions including bucket owner.
2018-04-25 06:53:30 +08:00
),
do not remove Sid from svcaccount policies (#14064) fixes #13905
2022-01-11 06:26:26 +08:00
},
Resource matching fix to overcome issues with regular expression based match (#1476)
2016-05-05 07:56:57 +08:00
}
Enhance policy handling to support SSE and WORM (#5790) - remove old bucket policy handling - add new policy handling - add new policy handling unit tests This patch brings support to bucket policy to have more control not limiting to anonymous. Bucket owner controls to allow/deny any rest API. For example server side encryption can be controlled by allowing PUT/GET objects with encryptions including bucket owner.
2018-04-25 06:53:30 +08:00
}
Resource matching fix to overcome issues with regular expression based match (#1476)
2016-05-05 07:56:57 +08:00
Enhance policy handling to support SSE and WORM (#5790) - remove old bucket policy handling - add new policy handling - add new policy handling unit tests This patch brings support to bucket policy to have more control not limiting to anonymous. Bucket owner controls to allow/deny any rest API. For example server side encryption can be controlled by allowing PUT/GET objects with encryptions including bucket owner.
2018-04-25 06:53:30 +08:00
func getAnonReadOnlyObjectPolicy(bucketName, prefix string) *policy.Policy {
return &policy.Policy{
Version: policy.DefaultVersion,
do not remove Sid from svcaccount policies (#14064) fixes #13905
2022-01-11 06:26:26 +08:00
Statements: []policy.Statement{
policy.NewStatement(
"",
policy.Allow,
policy.NewPrincipal("*"),
policy.NewActionSet(policy.GetObjectAction),
policy.NewResourceSet(policy.NewResource(bucketName, prefix)),
condition.NewFunctions(),
),
},
Resource matching fix to overcome issues with regular expression based match (#1476)
2016-05-05 07:56:57 +08:00
}
}
api/bucket-policy: Add unit tests for more coverage, fixes couple of bugs. (#2055) Changes to ResourceMatch logic. Test for action match function.
2016-07-01 14:49:59 +08:00
Enhance policy handling to support SSE and WORM (#5790) - remove old bucket policy handling - add new policy handling - add new policy handling unit tests This patch brings support to bucket policy to have more control not limiting to anonymous. Bucket owner controls to allow/deny any rest API. For example server side encryption can be controlled by allowing PUT/GET objects with encryptions including bucket owner.
2018-04-25 06:53:30 +08:00
func getAnonWriteOnlyObjectPolicy(bucketName, prefix string) *policy.Policy {
return &policy.Policy{
Version: policy.DefaultVersion,
do not remove Sid from svcaccount policies (#14064) fixes #13905
2022-01-11 06:26:26 +08:00
Statements: []policy.Statement{
policy.NewStatement(
"",
policy.Allow,
policy.NewPrincipal("*"),
policy.NewActionSet(
policy.AbortMultipartUploadAction,
policy.DeleteObjectAction,
policy.ListMultipartUploadPartsAction,
policy.PutObjectAction,
),
policy.NewResourceSet(policy.NewResource(bucketName, prefix)),
condition.NewFunctions(),
Enhance policy handling to support SSE and WORM (#5790) - remove old bucket policy handling - add new policy handling - add new policy handling unit tests This patch brings support to bucket policy to have more control not limiting to anonymous. Bucket owner controls to allow/deny any rest API. For example server side encryption can be controlled by allowing PUT/GET objects with encryptions including bucket owner.
2018-04-25 06:53:30 +08:00
),
do not remove Sid from svcaccount policies (#14064) fixes #13905
2022-01-11 06:26:26 +08:00
},
api/bucket-policy: Add unit tests for more coverage, fixes couple of bugs. (#2055) Changes to ResourceMatch logic. Test for action match function.
2016-07-01 14:49:59 +08:00
}
api/bucket-policy: Refactor, Handler test. (#2071) PR contains, - New setup utilities for running object handler tests. Here is why they are essential, - Unit tests have to be run in isolation without being have to be associated with other functionalities which are not under test. - The integration tests follows the philosophy of running a Test Server and registers all handlers and fires HTTP requests over the socket to simulate the system functionality under usual work load scenarios and test for correctness. But this philosophy cannot be adopted for running unit tests for HTTP handlers. - Running Unit tests for API handlers, - Shouldn't run a test server. Should purely call the handlers `ServeHTTP` under isolation. - Shouldn't register all handlers, should only register handlers under test and so that the system is close to be in an isolated setup. - As an example PutBucketPolicy test is illustrated using the new setup. Exhaustive cases has to be added and has been listen in TODO for now.
2016-07-03 10:05:16 +08:00
}
api/bucket-policy: Add unit tests for more coverage, fixes couple of bugs. (#2055) Changes to ResourceMatch logic. Test for action match function.
2016-07-01 14:49:59 +08:00
Lock while creating buckets (#12999) Ensure that one call will succeed and others will serialize Example failure without code in place: ``` bucket-policy-handlers_test.go:120: unexpected error: cmd.InsufficientWriteQuorum: Storage resources are insufficient for the write operation doz2wjqaovp5kvlrv11fyacowgcvoziszmkmzzz9nk9au946qwhci4zkane5-1/ bucket-policy-handlers_test.go:120: unexpected error: cmd.InsufficientWriteQuorum: Storage resources are insufficient for the write operation doz2wjqaovp5kvlrv11fyacowgcvoziszmkmzzz9nk9au946qwhci4zkane5-1/ bucket-policy-handlers_test.go:135: want 1 ok, got 0 ```
2021-08-20 04:21:02 +08:00
// Wrapper for calling Create Bucket and ensure we get one and only one success.
func TestCreateBucket(t *testing.T) {
ExecObjectLayerAPITest(t, testCreateBucket, []string{"MakeBucketWithLocation"})
}
// testCreateBucket - Test for calling Create Bucket and ensure we get one and only one success.
func testCreateBucket(obj ObjectLayer, instanceType, bucketName string, apiRouter http.Handler,
credentials auth.Credentials, t *testing.T) {
bucketName1 := fmt.Sprintf("%s-1", bucketName)
const n = 100
run gofumpt cleanup across code-base (#14015)
2022-01-03 01:15:06 +08:00
start := make(chan struct{})
Lock while creating buckets (#12999) Ensure that one call will succeed and others will serialize Example failure without code in place: ``` bucket-policy-handlers_test.go:120: unexpected error: cmd.InsufficientWriteQuorum: Storage resources are insufficient for the write operation doz2wjqaovp5kvlrv11fyacowgcvoziszmkmzzz9nk9au946qwhci4zkane5-1/ bucket-policy-handlers_test.go:120: unexpected error: cmd.InsufficientWriteQuorum: Storage resources are insufficient for the write operation doz2wjqaovp5kvlrv11fyacowgcvoziszmkmzzz9nk9au946qwhci4zkane5-1/ bucket-policy-handlers_test.go:135: want 1 ok, got 0 ```
2021-08-20 04:21:02 +08:00
var ok, errs int
var wg sync.WaitGroup
var mu sync.Mutex
wg.Add(n)
for i := 0; i < n; i++ {
go func() {
defer wg.Done()
// Sync start.
<-start
if err := obj.MakeBucketWithLocation(GlobalContext, bucketName1, BucketOptions{}); err != nil {
if _, ok := err.(BucketExists); !ok {
t.Logf("unexpected error: %T: %v", err, err)
return
}
mu.Lock()
errs++
mu.Unlock()
return
}
mu.Lock()
ok++
mu.Unlock()
}()
}
close(start)
wg.Wait()
if ok != 1 {
t.Fatalf("want 1 ok, got %d", ok)
}
if errs != n-1 {
t.Fatalf("want %d errors, got %d", n-1, errs)
}
}
Support bucket versioning (#9377) - Implement a new xl.json 2.0.0 format to support, this moves the entire marshaling logic to POSIX layer, top layer always consumes a common FileInfo construct which simplifies the metadata reads. - Implement list object versions - Migrate to siphash from crchash for new deployments for object placements. Fixes #2111
2020-06-13 11:04:01 +08:00
// Wrapper for calling Put Bucket Policy HTTP handler tests for both Erasure multiple disks and single node setup.
api/bucket-policy: Refactor, Handler test. (#2071) PR contains, - New setup utilities for running object handler tests. Here is why they are essential, - Unit tests have to be run in isolation without being have to be associated with other functionalities which are not under test. - The integration tests follows the philosophy of running a Test Server and registers all handlers and fires HTTP requests over the socket to simulate the system functionality under usual work load scenarios and test for correctness. But this philosophy cannot be adopted for running unit tests for HTTP handlers. - Running Unit tests for API handlers, - Shouldn't run a test server. Should purely call the handlers `ServeHTTP` under isolation. - Shouldn't register all handlers, should only register handlers under test and so that the system is close to be in an isolated setup. - As an example PutBucketPolicy test is illustrated using the new setup. Exhaustive cases has to be added and has been listen in TODO for now.
2016-07-03 10:05:16 +08:00
func TestPutBucketPolicyHandler(t *testing.T) {
Refactor bucket policy handler test to use API test initializer. (#2859)
2016-10-06 17:02:42 +08:00
ExecObjectLayerAPITest(t, testPutBucketPolicyHandler, []string{"PutBucketPolicy"})
api/bucket-policy: Refactor, Handler test. (#2071) PR contains, - New setup utilities for running object handler tests. Here is why they are essential, - Unit tests have to be run in isolation without being have to be associated with other functionalities which are not under test. - The integration tests follows the philosophy of running a Test Server and registers all handlers and fires HTTP requests over the socket to simulate the system functionality under usual work load scenarios and test for correctness. But this philosophy cannot be adopted for running unit tests for HTTP handlers. - Running Unit tests for API handlers, - Shouldn't run a test server. Should purely call the handlers `ServeHTTP` under isolation. - Shouldn't register all handlers, should only register handlers under test and so that the system is close to be in an isolated setup. - As an example PutBucketPolicy test is illustrated using the new setup. Exhaustive cases has to be added and has been listen in TODO for now.
2016-07-03 10:05:16 +08:00
}
// testPutBucketPolicyHandler - Test for Bucket policy end point.
Refactor bucket policy handler test to use API test initializer. (#2859)
2016-10-06 17:02:42 +08:00
func testPutBucketPolicyHandler(obj ObjectLayer, instanceType, bucketName string, apiRouter http.Handler,
run gofumpt cleanup across code-base (#14015)
2022-01-03 01:15:06 +08:00
credentials auth.Credentials, t *testing.T,
) {
xl/bootup: Server bootup shouldn't return for missing buckets. (#3255) Ref #3196
2016-11-15 07:45:00 +08:00
bucketName1 := fmt.Sprintf("%s-1", bucketName)
Support bucket versioning (#9377) - Implement a new xl.json 2.0.0 format to support, this moves the entire marshaling logic to POSIX layer, top layer always consumes a common FileInfo construct which simplifies the metadata reads. - Implement list object versions - Migrate to siphash from crchash for new deployments for object placements. Fixes #2111
2020-06-13 11:04:01 +08:00
if err := obj.MakeBucketWithLocation(GlobalContext, bucketName1, BucketOptions{}); err != nil {
xl/bootup: Server bootup shouldn't return for missing buckets. (#3255) Ref #3196
2016-11-15 07:45:00 +08:00
t.Fatal(err)
}
api/bucket-policy: Refactor, Handler test. (#2071) PR contains, - New setup utilities for running object handler tests. Here is why they are essential, - Unit tests have to be run in isolation without being have to be associated with other functionalities which are not under test. - The integration tests follows the philosophy of running a Test Server and registers all handlers and fires HTTP requests over the socket to simulate the system functionality under usual work load scenarios and test for correctness. But this philosophy cannot be adopted for running unit tests for HTTP handlers. - Running Unit tests for API handlers, - Shouldn't run a test server. Should purely call the handlers `ServeHTTP` under isolation. - Shouldn't register all handlers, should only register handlers under test and so that the system is close to be in an isolated setup. - As an example PutBucketPolicy test is illustrated using the new setup. Exhaustive cases has to be added and has been listen in TODO for now.
2016-07-03 10:05:16 +08:00
// template for constructing HTTP request body for PUT bucket policy.
api: refactor the bucket policy reading and writing. (#2395) Policies are read once during server startup and subsequently managed through in memory map. In-memory map is updated as and when there are new changes coming in.
2016-08-11 11:10:48 +08:00
bucketPolicyTemplate := `{"Version":"2012-10-17","Statement":[{"Sid":"","Effect":"Allow","Principal":{"AWS":["*"]},"Action":["s3:GetBucketLocation","s3:ListBucket"],"Resource":["arn:aws:s3:::%s"]},{"Sid":"","Effect":"Allow","Principal":{"AWS":["*"]},"Action":["s3:GetObject"],"Resource":["arn:aws:s3:::%s/this*"]}]}`
api/bucket-policy: Refactor, Handler test. (#2071) PR contains, - New setup utilities for running object handler tests. Here is why they are essential, - Unit tests have to be run in isolation without being have to be associated with other functionalities which are not under test. - The integration tests follows the philosophy of running a Test Server and registers all handlers and fires HTTP requests over the socket to simulate the system functionality under usual work load scenarios and test for correctness. But this philosophy cannot be adopted for running unit tests for HTTP handlers. - Running Unit tests for API handlers, - Shouldn't run a test server. Should purely call the handlers `ServeHTTP` under isolation. - Shouldn't register all handlers, should only register handlers under test and so that the system is close to be in an isolated setup. - As an example PutBucketPolicy test is illustrated using the new setup. Exhaustive cases has to be added and has been listen in TODO for now.
2016-07-03 10:05:16 +08:00
Support migrating inconsistent bucket policies (#5855) Previously we used allow bucket policies without `Version` field to be set to any given value, but this behavior is inconsistent with AWS S3. PR #5790 addressed this by making bucket policies stricter and cleaner, but this causes a breaking change causing any existing policies perhaps without `Version` field or the field to be empty to fail upon server startup. This PR brings a code to migrate under these scenarios as a one time operation.
2018-04-28 06:02:54 +08:00
bucketPolicyTemplateWithoutVersion := `{"Version":"","Statement":[{"Sid":"","Effect":"Allow","Principal":{"AWS":["*"]},"Action":["s3:GetBucketLocation","s3:ListBucket"],"Resource":["arn:aws:s3:::%s"]},{"Sid":"","Effect":"Allow","Principal":{"AWS":["*"]},"Action":["s3:GetObject"],"Resource":["arn:aws:s3:::%s/this*"]}]}`
api/bucket-policy: Refactor, Handler test. (#2071) PR contains, - New setup utilities for running object handler tests. Here is why they are essential, - Unit tests have to be run in isolation without being have to be associated with other functionalities which are not under test. - The integration tests follows the philosophy of running a Test Server and registers all handlers and fires HTTP requests over the socket to simulate the system functionality under usual work load scenarios and test for correctness. But this philosophy cannot be adopted for running unit tests for HTTP handlers. - Running Unit tests for API handlers, - Shouldn't run a test server. Should purely call the handlers `ServeHTTP` under isolation. - Shouldn't register all handlers, should only register handlers under test and so that the system is close to be in an isolated setup. - As an example PutBucketPolicy test is illustrated using the new setup. Exhaustive cases has to be added and has been listen in TODO for now.
2016-07-03 10:05:16 +08:00
// test cases with sample input and expected output.
testCases := []struct {
bucketName string
tests: Enhance coverage for bucket policy handlers. (#2895)
2016-10-11 00:29:56 +08:00
// bucket policy to be set,
// set as request body.
bucketPolicyReader io.ReadSeeker
// length in bytes of the bucket policy being set.
policyLen int
accessKey string
secretKey string
api/bucket-policy: Refactor, Handler test. (#2071) PR contains, - New setup utilities for running object handler tests. Here is why they are essential, - Unit tests have to be run in isolation without being have to be associated with other functionalities which are not under test. - The integration tests follows the philosophy of running a Test Server and registers all handlers and fires HTTP requests over the socket to simulate the system functionality under usual work load scenarios and test for correctness. But this philosophy cannot be adopted for running unit tests for HTTP handlers. - Running Unit tests for API handlers, - Shouldn't run a test server. Should purely call the handlers `ServeHTTP` under isolation. - Shouldn't register all handlers, should only register handlers under test and so that the system is close to be in an isolated setup. - As an example PutBucketPolicy test is illustrated using the new setup. Exhaustive cases has to be added and has been listen in TODO for now.
2016-07-03 10:05:16 +08:00
// expected Response.
expectedRespStatus int
}{
tests: Enhance coverage for bucket policy handlers. (#2895)
2016-10-11 00:29:56 +08:00
// Test case - 1.
{
bucketName: bucketName,
bucketPolicyReader: bytes.NewReader([]byte(fmt.Sprintf(bucketPolicyTemplate, bucketName, bucketName))),
policyLen: len(fmt.Sprintf(bucketPolicyTemplate, bucketName, bucketName)),
Generate and use access/secret keys properly (#3498)
2016-12-27 02:21:23 +08:00
accessKey: credentials.AccessKey,
secretKey: credentials.SecretKey,
tests: Enhance coverage for bucket policy handlers. (#2895)
2016-10-11 00:29:56 +08:00
expectedRespStatus: http.StatusNoContent,
},
// Test case - 2.
// Setting the content length to be more than max allowed size.
// Expecting StatusBadRequest (400).
{
bucketName: bucketName,
bucketPolicyReader: bytes.NewReader([]byte(fmt.Sprintf(bucketPolicyTemplate, bucketName, bucketName))),
Enhance policy handling to support SSE and WORM (#5790) - remove old bucket policy handling - add new policy handling - add new policy handling unit tests This patch brings support to bucket policy to have more control not limiting to anonymous. Bucket owner controls to allow/deny any rest API. For example server side encryption can be controlled by allowing PUT/GET objects with encryptions including bucket owner.
2018-04-25 06:53:30 +08:00
policyLen: maxBucketPolicySize + 1,
Generate and use access/secret keys properly (#3498)
2016-12-27 02:21:23 +08:00
accessKey: credentials.AccessKey,
secretKey: credentials.SecretKey,
tests: Enhance coverage for bucket policy handlers. (#2895)
2016-10-11 00:29:56 +08:00
expectedRespStatus: http.StatusBadRequest,
},
// Test case - 3.
// Case with content-length of the HTTP request set to 0.
// Expecting the HTTP response status to be StatusLengthRequired (411).
{
bucketName: bucketName,
bucketPolicyReader: bytes.NewReader([]byte(fmt.Sprintf(bucketPolicyTemplate, bucketName, bucketName))),
policyLen: 0,
Generate and use access/secret keys properly (#3498)
2016-12-27 02:21:23 +08:00
accessKey: credentials.AccessKey,
secretKey: credentials.SecretKey,
tests: Enhance coverage for bucket policy handlers. (#2895)
2016-10-11 00:29:56 +08:00
expectedRespStatus: http.StatusLengthRequired,
},
// Test case - 4.
// setting the readSeeker to `nil`, bucket policy parser will fail.
{
bucketName: bucketName,
bucketPolicyReader: nil,
policyLen: 10,
Generate and use access/secret keys properly (#3498)
2016-12-27 02:21:23 +08:00
accessKey: credentials.AccessKey,
secretKey: credentials.SecretKey,
tests: Enhance coverage for bucket policy handlers. (#2895)
2016-10-11 00:29:56 +08:00
expectedRespStatus: http.StatusBadRequest,
},
// Test case - 5.
// setting the keys to be empty.
// Expecting statusForbidden.
{
bucketName: bucketName,
bucketPolicyReader: nil,
policyLen: 10,
accessKey: "",
secretKey: "",
expectedRespStatus: http.StatusForbidden,
},
// Test case - 6.
// setting an invalid bucket policy.
// the bucket policy parser will fail.
{
xl/bootup: Server bootup shouldn't return for missing buckets. (#3255) Ref #3196
2016-11-15 07:45:00 +08:00
bucketName: bucketName,
tests: Enhance coverage for bucket policy handlers. (#2895)
2016-10-11 00:29:56 +08:00
bucketPolicyReader: bytes.NewReader([]byte("dummy-policy")),
policyLen: len([]byte("dummy-policy")),
Generate and use access/secret keys properly (#3498)
2016-12-27 02:21:23 +08:00
accessKey: credentials.AccessKey,
secretKey: credentials.SecretKey,
tests: Enhance coverage for bucket policy handlers. (#2895)
2016-10-11 00:29:56 +08:00
expectedRespStatus: http.StatusBadRequest,
},
// Test case - 7.
// Different bucket name used in the HTTP request and the policy string.
// checkBucketPolicyResources should fail.
{
xl/bootup: Server bootup shouldn't return for missing buckets. (#3255) Ref #3196
2016-11-15 07:45:00 +08:00
bucketName: bucketName1,
tests: Enhance coverage for bucket policy handlers. (#2895)
2016-10-11 00:29:56 +08:00
bucketPolicyReader: bytes.NewReader([]byte(fmt.Sprintf(bucketPolicyTemplate, bucketName, bucketName))),
policyLen: len(fmt.Sprintf(bucketPolicyTemplate, bucketName, bucketName)),
Generate and use access/secret keys properly (#3498)
2016-12-27 02:21:23 +08:00
accessKey: credentials.AccessKey,
secretKey: credentials.SecretKey,
tests: Enhance coverage for bucket policy handlers. (#2895)
2016-10-11 00:29:56 +08:00
expectedRespStatus: http.StatusBadRequest,
},
// Test case - 8.
// non-existent bucket is used.
// writing BucketPolicy should fail.
Support migrating inconsistent bucket policies (#5855) Previously we used allow bucket policies without `Version` field to be set to any given value, but this behavior is inconsistent with AWS S3. PR #5790 addressed this by making bucket policies stricter and cleaner, but this causes a breaking change causing any existing policies perhaps without `Version` field or the field to be empty to fail upon server startup. This PR brings a code to migrate under these scenarios as a one time operation.
2018-04-28 06:02:54 +08:00
// should result in 404 StatusNotFound
tests: Enhance coverage for bucket policy handlers. (#2895)
2016-10-11 00:29:56 +08:00
{
bucketName: "non-existent-bucket",
bucketPolicyReader: bytes.NewReader([]byte(fmt.Sprintf(bucketPolicyTemplate, "non-existent-bucket", "non-existent-bucket"))),
policyLen: len(fmt.Sprintf(bucketPolicyTemplate, bucketName, bucketName)),
Generate and use access/secret keys properly (#3498)
2016-12-27 02:21:23 +08:00
accessKey: credentials.AccessKey,
secretKey: credentials.SecretKey,
xl/bootup: Server bootup shouldn't return for missing buckets. (#3255) Ref #3196
2016-11-15 07:45:00 +08:00
expectedRespStatus: http.StatusNotFound,
tests: Enhance coverage for bucket policy handlers. (#2895)
2016-10-11 00:29:56 +08:00
},
// Test case - 9.
Fix s3 compatibility fixes for getBucketLocation,headBucket,deleteBucket (#5842) - getBucketLocation - headBucket - deleteBucket Should return 404 or NoSuchBucket even for invalid bucket names, invalid bucket names are only validated during MakeBucket operation
2018-04-24 11:27:33 +08:00
// non-existent bucket is used (with invalid bucket name)
tests: Enhance coverage for bucket policy handlers. (#2895)
2016-10-11 00:29:56 +08:00
// writing BucketPolicy should fail.
Support migrating inconsistent bucket policies (#5855) Previously we used allow bucket policies without `Version` field to be set to any given value, but this behavior is inconsistent with AWS S3. PR #5790 addressed this by making bucket policies stricter and cleaner, but this causes a breaking change causing any existing policies perhaps without `Version` field or the field to be empty to fail upon server startup. This PR brings a code to migrate under these scenarios as a one time operation.
2018-04-28 06:02:54 +08:00
// should result in 404 StatusNotFound
tests: Enhance coverage for bucket policy handlers. (#2895)
2016-10-11 00:29:56 +08:00
{
bucketName: ".invalid-bucket",
bucketPolicyReader: bytes.NewReader([]byte(fmt.Sprintf(bucketPolicyTemplate, ".invalid-bucket", ".invalid-bucket"))),
policyLen: len(fmt.Sprintf(bucketPolicyTemplate, bucketName, bucketName)),
Generate and use access/secret keys properly (#3498)
2016-12-27 02:21:23 +08:00
accessKey: credentials.AccessKey,
secretKey: credentials.SecretKey,
Fix s3 compatibility fixes for getBucketLocation,headBucket,deleteBucket (#5842) - getBucketLocation - headBucket - deleteBucket Should return 404 or NoSuchBucket even for invalid bucket names, invalid bucket names are only validated during MakeBucket operation
2018-04-24 11:27:33 +08:00
expectedRespStatus: http.StatusNotFound,
tests: Enhance coverage for bucket policy handlers. (#2895)
2016-10-11 00:29:56 +08:00
},
Support migrating inconsistent bucket policies (#5855) Previously we used allow bucket policies without `Version` field to be set to any given value, but this behavior is inconsistent with AWS S3. PR #5790 addressed this by making bucket policies stricter and cleaner, but this causes a breaking change causing any existing policies perhaps without `Version` field or the field to be empty to fail upon server startup. This PR brings a code to migrate under these scenarios as a one time operation.
2018-04-28 06:02:54 +08:00
// Test case - 10.
// Existent bucket with policy with Version field empty.
// writing BucketPolicy should fail.
// should result in 400 StatusBadRequest.
{
bucketName: bucketName,
bucketPolicyReader: bytes.NewReader([]byte(fmt.Sprintf(bucketPolicyTemplateWithoutVersion, bucketName, bucketName))),
policyLen: len(fmt.Sprintf(bucketPolicyTemplateWithoutVersion, bucketName, bucketName)),
accessKey: credentials.AccessKey,
secretKey: credentials.SecretKey,
expectedRespStatus: http.StatusBadRequest,
},
api/bucket-policy: Refactor, Handler test. (#2071) PR contains, - New setup utilities for running object handler tests. Here is why they are essential, - Unit tests have to be run in isolation without being have to be associated with other functionalities which are not under test. - The integration tests follows the philosophy of running a Test Server and registers all handlers and fires HTTP requests over the socket to simulate the system functionality under usual work load scenarios and test for correctness. But this philosophy cannot be adopted for running unit tests for HTTP handlers. - Running Unit tests for API handlers, - Shouldn't run a test server. Should purely call the handlers `ServeHTTP` under isolation. - Shouldn't register all handlers, should only register handlers under test and so that the system is close to be in an isolated setup. - As an example PutBucketPolicy test is illustrated using the new setup. Exhaustive cases has to be added and has been listen in TODO for now.
2016-07-03 10:05:16 +08:00
}
// Iterating over the test cases, calling the function under test and asserting the response.
for i, testCase := range testCases {
// obtain the put bucket policy request body.
// initialize HTTP NewRecorder, this records any mutations to response writer inside the handler.
signature: Add legacy signature v2 support transparently. (#2811) Add new tests as well.
2016-10-01 05:32:13 +08:00
recV4 := httptest.NewRecorder()
api/bucket-policy: Refactor, Handler test. (#2071) PR contains, - New setup utilities for running object handler tests. Here is why they are essential, - Unit tests have to be run in isolation without being have to be associated with other functionalities which are not under test. - The integration tests follows the philosophy of running a Test Server and registers all handlers and fires HTTP requests over the socket to simulate the system functionality under usual work load scenarios and test for correctness. But this philosophy cannot be adopted for running unit tests for HTTP handlers. - Running Unit tests for API handlers, - Shouldn't run a test server. Should purely call the handlers `ServeHTTP` under isolation. - Shouldn't register all handlers, should only register handlers under test and so that the system is close to be in an isolated setup. - As an example PutBucketPolicy test is illustrated using the new setup. Exhaustive cases has to be added and has been listen in TODO for now.
2016-07-03 10:05:16 +08:00
// construct HTTP request for PUT bucket policy endpoint.
feat: Add notification support for bucketCreates and removal (#10075)
2020-07-21 03:52:49 +08:00
reqV4, err := newTestSignedRequestV4(http.MethodPut, getPutPolicyURL("", testCase.bucketName),
Add GetObjectNInfo to object layer (#6449) The new call combines GetObjectInfo and GetObject, and returns an object with a ReadCloser interface. Also adds a number of end-to-end encryption tests at the handler level.
2018-09-21 10:22:09 +08:00
int64(testCase.policyLen), testCase.bucketPolicyReader, testCase.accessKey, testCase.secretKey, nil)
api/bucket-policy: Refactor, Handler test. (#2071) PR contains, - New setup utilities for running object handler tests. Here is why they are essential, - Unit tests have to be run in isolation without being have to be associated with other functionalities which are not under test. - The integration tests follows the philosophy of running a Test Server and registers all handlers and fires HTTP requests over the socket to simulate the system functionality under usual work load scenarios and test for correctness. But this philosophy cannot be adopted for running unit tests for HTTP handlers. - Running Unit tests for API handlers, - Shouldn't run a test server. Should purely call the handlers `ServeHTTP` under isolation. - Shouldn't register all handlers, should only register handlers under test and so that the system is close to be in an isolated setup. - As an example PutBucketPolicy test is illustrated using the new setup. Exhaustive cases has to be added and has been listen in TODO for now.
2016-07-03 10:05:16 +08:00
if err != nil {
distribute: Make server work with multiple remote disks This change initializes rpc servers associated with disks that are local. It makes object layer initialization on demand, namely on the first request to the object layer. Also adds lock RPC service vendorized minio/dsync
2016-08-01 05:11:14 +08:00
t.Fatalf("Test %d: %s: Failed to create HTTP request for PutBucketPolicyHandler: <ERROR> %v", i+1, instanceType, err)
api/bucket-policy: Refactor, Handler test. (#2071) PR contains, - New setup utilities for running object handler tests. Here is why they are essential, - Unit tests have to be run in isolation without being have to be associated with other functionalities which are not under test. - The integration tests follows the philosophy of running a Test Server and registers all handlers and fires HTTP requests over the socket to simulate the system functionality under usual work load scenarios and test for correctness. But this philosophy cannot be adopted for running unit tests for HTTP handlers. - Running Unit tests for API handlers, - Shouldn't run a test server. Should purely call the handlers `ServeHTTP` under isolation. - Shouldn't register all handlers, should only register handlers under test and so that the system is close to be in an isolated setup. - As an example PutBucketPolicy test is illustrated using the new setup. Exhaustive cases has to be added and has been listen in TODO for now.
2016-07-03 10:05:16 +08:00
}
// Since `apiRouter` satisfies `http.Handler` it has a ServeHTTP to execute the logic ofthe handler.
// Call the ServeHTTP to execute the handler.
signature: Add legacy signature v2 support transparently. (#2811) Add new tests as well.
2016-10-01 05:32:13 +08:00
apiRouter.ServeHTTP(recV4, reqV4)
if recV4.Code != testCase.expectedRespStatus {
t.Errorf("Test %d: %s: Expected the response status to be `%d`, but instead found `%d`", i+1, instanceType, testCase.expectedRespStatus, recV4.Code)
}
// initialize HTTP NewRecorder, this records any mutations to response writer inside the handler.
recV2 := httptest.NewRecorder()
// construct HTTP request for PUT bucket policy endpoint.
feat: Add notification support for bucketCreates and removal (#10075)
2020-07-21 03:52:49 +08:00
reqV2, err := newTestSignedRequestV2(http.MethodPut, getPutPolicyURL("", testCase.bucketName),
Add GetObjectNInfo to object layer (#6449) The new call combines GetObjectInfo and GetObject, and returns an object with a ReadCloser interface. Also adds a number of end-to-end encryption tests at the handler level.
2018-09-21 10:22:09 +08:00
int64(testCase.policyLen), testCase.bucketPolicyReader, testCase.accessKey, testCase.secretKey, nil)
signature: Add legacy signature v2 support transparently. (#2811) Add new tests as well.
2016-10-01 05:32:13 +08:00
if err != nil {
t.Fatalf("Test %d: %s: Failed to create HTTP request for PutBucketPolicyHandler: <ERROR> %v", i+1, instanceType, err)
}
// Since `apiRouter` satisfies `http.Handler` it has a ServeHTTP to execute the logic ofthe handler.
// Call the ServeHTTP to execute the handler.
apiRouter.ServeHTTP(recV2, reqV2)
if recV2.Code != testCase.expectedRespStatus {
t.Errorf("Test %d: %s: Expected the response status to be `%d`, but instead found `%d`", i+1, instanceType, testCase.expectedRespStatus, recV2.Code)
api/bucket-policy: Refactor, Handler test. (#2071) PR contains, - New setup utilities for running object handler tests. Here is why they are essential, - Unit tests have to be run in isolation without being have to be associated with other functionalities which are not under test. - The integration tests follows the philosophy of running a Test Server and registers all handlers and fires HTTP requests over the socket to simulate the system functionality under usual work load scenarios and test for correctness. But this philosophy cannot be adopted for running unit tests for HTTP handlers. - Running Unit tests for API handlers, - Shouldn't run a test server. Should purely call the handlers `ServeHTTP` under isolation. - Shouldn't register all handlers, should only register handlers under test and so that the system is close to be in an isolated setup. - As an example PutBucketPolicy test is illustrated using the new setup. Exhaustive cases has to be added and has been listen in TODO for now.
2016-07-03 10:05:16 +08:00
}
}
- Test utility function for easy asserting of cases wherein objectLayer (#2865) is `nil` in API handlers. - Remove the existing tests for the `nil` check and use the new method to test for object layer being `nil`.
2016-10-07 04:34:33 +08:00
tests: Adding anonymous requests tests for bucket policy handlers. (#2882)
2016-10-08 16:04:26 +08:00
// Test for Anonymous/unsigned http request.
// Bucket policy related functions doesn't support anonymous requests, setting policies shouldn't make a difference.
bucketPolicyStr := fmt.Sprintf(bucketPolicyTemplate, bucketName, bucketName)
// create unsigned HTTP request for PutBucketPolicyHandler.
feat: Add notification support for bucketCreates and removal (#10075)
2020-07-21 03:52:49 +08:00
anonReq, err := newTestRequest(http.MethodPut, getPutPolicyURL("", bucketName),
tests: Adding anonymous requests tests for bucket policy handlers. (#2882)
2016-10-08 16:04:26 +08:00
int64(len(bucketPolicyStr)), bytes.NewReader([]byte(bucketPolicyStr)))
if err != nil {
Replace Minio refs in docs with MinIO and links (#7494)
2019-04-10 02:39:42 +08:00
t.Fatalf("MinIO %s: Failed to create an anonymous request for bucket \"%s\": <ERROR> %v",
tests: Adding anonymous requests tests for bucket policy handlers. (#2882)
2016-10-08 16:04:26 +08:00
instanceType, bucketName, err)
}
// ExecObjectLayerAPIAnonTest - Calls the HTTP API handler using the anonymous request, validates the ErrAccessDeniedResponse,
// sets the bucket policy using the policy statement generated from `getWriteOnlyObjectStatement` so that the
// unsigned request goes through and its validated again.
Enhance policy handling to support SSE and WORM (#5790) - remove old bucket policy handling - add new policy handling - add new policy handling unit tests This patch brings support to bucket policy to have more control not limiting to anonymous. Bucket owner controls to allow/deny any rest API. For example server side encryption can be controlled by allowing PUT/GET objects with encryptions including bucket owner.
2018-04-25 06:53:30 +08:00
ExecObjectLayerAPIAnonTest(t, obj, "PutBucketPolicyHandler", bucketName, "", instanceType, apiRouter, anonReq, getAnonWriteOnlyBucketPolicy(bucketName))
tests: Adding anonymous requests tests for bucket policy handlers. (#2882)
2016-10-08 16:04:26 +08:00
- Test utility function for easy asserting of cases wherein objectLayer (#2865) is `nil` in API handlers. - Remove the existing tests for the `nil` check and use the new method to test for object layer being `nil`.
2016-10-07 04:34:33 +08:00
// HTTP request for testing when `objectLayer` is set to `nil`.
// There is no need to use an existing bucket and valid input for creating the request
// since the `objectLayer==nil` check is performed before any other checks inside the handlers.
// The only aim is to generate an HTTP request in a way that the relevant/registered end point is evoked/called.
nilBucket := "dummy-bucket"
feat: Add notification support for bucketCreates and removal (#10075)
2020-07-21 03:52:49 +08:00
nilReq, err := newTestSignedRequestV4(http.MethodPut, getPutPolicyURL("", nilBucket),
Add GetObjectNInfo to object layer (#6449) The new call combines GetObjectInfo and GetObject, and returns an object with a ReadCloser interface. Also adds a number of end-to-end encryption tests at the handler level.
2018-09-21 10:22:09 +08:00
0, nil, "", "", nil)
- Test utility function for easy asserting of cases wherein objectLayer (#2865) is `nil` in API handlers. - Remove the existing tests for the `nil` check and use the new method to test for object layer being `nil`.
2016-10-07 04:34:33 +08:00
if err != nil {
Replace Minio refs in docs with MinIO and links (#7494)
2019-04-10 02:39:42 +08:00
t.Errorf("MinIO %s: Failed to create HTTP request for testing the response when object Layer is set to `nil`.", instanceType)
- Test utility function for easy asserting of cases wherein objectLayer (#2865) is `nil` in API handlers. - Remove the existing tests for the `nil` check and use the new method to test for object layer being `nil`.
2016-10-07 04:34:33 +08:00
}
// execute the object layer set to `nil` test.
// `ExecObjectLayerAPINilTest` manages the operation.
ExecObjectLayerAPINilTest(t, nilBucket, "", instanceType, apiRouter, nilReq)
api/bucket-policy: Add unit tests for more coverage, fixes couple of bugs. (#2055) Changes to ResourceMatch logic. Test for action match function.
2016-07-01 14:49:59 +08:00
}
Api/Bucket-Policy: Handler tests (#2074)
2016-07-04 13:35:30 +08:00
Support bucket versioning (#9377) - Implement a new xl.json 2.0.0 format to support, this moves the entire marshaling logic to POSIX layer, top layer always consumes a common FileInfo construct which simplifies the metadata reads. - Implement list object versions - Migrate to siphash from crchash for new deployments for object placements. Fixes #2111
2020-06-13 11:04:01 +08:00
// Wrapper for calling Get Bucket Policy HTTP handler tests for both Erasure multiple disks and single node setup.
Api/Bucket-Policy: Handler tests (#2074)
2016-07-04 13:35:30 +08:00
func TestGetBucketPolicyHandler(t *testing.T) {
Refactor bucket policy handler test to use API test initializer. (#2859)
2016-10-06 17:02:42 +08:00
ExecObjectLayerAPITest(t, testGetBucketPolicyHandler, []string{"PutBucketPolicy", "GetBucketPolicy"})
Api/Bucket-Policy: Handler tests (#2074)
2016-07-04 13:35:30 +08:00
}
// testGetBucketPolicyHandler - Test for end point which fetches the access policy json of the given bucket.
Refactor bucket policy handler test to use API test initializer. (#2859)
2016-10-06 17:02:42 +08:00
func testGetBucketPolicyHandler(obj ObjectLayer, instanceType, bucketName string, apiRouter http.Handler,
move credentials as separate package (#5115)
2017-11-01 02:54:32 +08:00
credentials auth.Credentials, t *testing.T) {
Api/Bucket-Policy: Handler tests (#2074)
2016-07-04 13:35:30 +08:00
// template for constructing HTTP request body for PUT bucket policy.
Enhance policy handling to support SSE and WORM (#5790) - remove old bucket policy handling - add new policy handling - add new policy handling unit tests This patch brings support to bucket policy to have more control not limiting to anonymous. Bucket owner controls to allow/deny any rest API. For example server side encryption can be controlled by allowing PUT/GET objects with encryptions including bucket owner.
2018-04-25 06:53:30 +08:00
bucketPolicyTemplate := `{"Version":"2012-10-17","Statement":[{"Action":["s3:GetBucketLocation","s3:ListBucket"],"Effect":"Allow","Principal":{"AWS":["*"]},"Resource":["arn:aws:s3:::%s"]},{"Action":["s3:GetObject"],"Effect":"Allow","Principal":{"AWS":["*"]},"Resource":["arn:aws:s3:::%s/this*"]}]}`
Api/Bucket-Policy: Handler tests (#2074)
2016-07-04 13:35:30 +08:00
// Writing bucket policy before running test on GetBucketPolicy.
putTestPolicies := []struct {
bucketName string
accessKey string
secretKey string
// expected Response.
expectedRespStatus int
}{
Generate and use access/secret keys properly (#3498)
2016-12-27 02:21:23 +08:00
{bucketName, credentials.AccessKey, credentials.SecretKey, http.StatusNoContent},
Api/Bucket-Policy: Handler tests (#2074)
2016-07-04 13:35:30 +08:00
}
// Iterating over the cases and writing the bucket policy.
// its required to write the policies first before running tests on GetBucketPolicy.
for i, testPolicy := range putTestPolicies {
// obtain the put bucket policy request body.
bucketPolicyStr := fmt.Sprintf(bucketPolicyTemplate, testPolicy.bucketName, testPolicy.bucketName)
// initialize HTTP NewRecorder, this records any mutations to response writer inside the handler.
signature: Add legacy signature v2 support transparently. (#2811) Add new tests as well.
2016-10-01 05:32:13 +08:00
recV4 := httptest.NewRecorder()
Api/Bucket-Policy: Handler tests (#2074)
2016-07-04 13:35:30 +08:00
// construct HTTP request for PUT bucket policy endpoint.
feat: Add notification support for bucketCreates and removal (#10075)
2020-07-21 03:52:49 +08:00
reqV4, err := newTestSignedRequestV4(http.MethodPut, getPutPolicyURL("", testPolicy.bucketName),
Add GetObjectNInfo to object layer (#6449) The new call combines GetObjectInfo and GetObject, and returns an object with a ReadCloser interface. Also adds a number of end-to-end encryption tests at the handler level.
2018-09-21 10:22:09 +08:00
int64(len(bucketPolicyStr)), bytes.NewReader([]byte(bucketPolicyStr)), testPolicy.accessKey, testPolicy.secretKey, nil)
Api/Bucket-Policy: Handler tests (#2074)
2016-07-04 13:35:30 +08:00
if err != nil {
t.Fatalf("Test %d: Failed to create HTTP request for PutBucketPolicyHandler: <ERROR> %v", i+1, err)
}
// Since `apiRouter` satisfies `http.Handler` it has a ServeHTTP to execute the logic ofthe handler.
// Call the ServeHTTP to execute the handler.
signature: Add legacy signature v2 support transparently. (#2811) Add new tests as well.
2016-10-01 05:32:13 +08:00
apiRouter.ServeHTTP(recV4, reqV4)
if recV4.Code != testPolicy.expectedRespStatus {
t.Fatalf("Case %d: Expected the response status to be `%d`, but instead found `%d`", i+1, testPolicy.expectedRespStatus, recV4.Code)
}
// initialize HTTP NewRecorder, this records any mutations to response writer inside the handler.
recV2 := httptest.NewRecorder()
// construct HTTP request for PUT bucket policy endpoint.
feat: Add notification support for bucketCreates and removal (#10075)
2020-07-21 03:52:49 +08:00
reqV2, err := newTestSignedRequestV2(http.MethodPut, getPutPolicyURL("", testPolicy.bucketName),
Add GetObjectNInfo to object layer (#6449) The new call combines GetObjectInfo and GetObject, and returns an object with a ReadCloser interface. Also adds a number of end-to-end encryption tests at the handler level.
2018-09-21 10:22:09 +08:00
int64(len(bucketPolicyStr)), bytes.NewReader([]byte(bucketPolicyStr)), testPolicy.accessKey, testPolicy.secretKey, nil)
signature: Add legacy signature v2 support transparently. (#2811) Add new tests as well.
2016-10-01 05:32:13 +08:00
if err != nil {
t.Fatalf("Test %d: Failed to create HTTP request for PutBucketPolicyHandler: <ERROR> %v", i+1, err)
}
// Since `apiRouter` satisfies `http.Handler` it has a ServeHTTP to execute the logic ofthe handler.
// Call the ServeHTTP to execute the handler.
apiRouter.ServeHTTP(recV2, reqV2)
if recV2.Code != testPolicy.expectedRespStatus {
t.Fatalf("Case %d: Expected the response status to be `%d`, but instead found `%d`", i+1, testPolicy.expectedRespStatus, recV2.Code)
Api/Bucket-Policy: Handler tests (#2074)
2016-07-04 13:35:30 +08:00
}
}
// test cases with inputs and expected result for GetBucketPolicyHandler.
testCases := []struct {
bucketName string
accessKey string
secretKey string
// expected output.
expectedBucketPolicy string
expectedRespStatus int
}{
tests: Enhance coverage for bucket policy handlers. (#2895)
2016-10-11 00:29:56 +08:00
// Test case - 1.
// Case which valid inputs, expected to return success status of 200OK.
{
bucketName: bucketName,
Generate and use access/secret keys properly (#3498)
2016-12-27 02:21:23 +08:00
accessKey: credentials.AccessKey,
secretKey: credentials.SecretKey,
tests: Enhance coverage for bucket policy handlers. (#2895)
2016-10-11 00:29:56 +08:00
expectedBucketPolicy: bucketPolicyTemplate,
expectedRespStatus: http.StatusOK,
},
// Test case - 2.
// Case with non-existent bucket name.
{
bucketName: "non-existent-bucket",
Generate and use access/secret keys properly (#3498)
2016-12-27 02:21:23 +08:00
accessKey: credentials.AccessKey,
secretKey: credentials.SecretKey,
tests: Enhance coverage for bucket policy handlers. (#2895)
2016-10-11 00:29:56 +08:00
expectedBucketPolicy: bucketPolicyTemplate,
xl/bootup: Server bootup shouldn't return for missing buckets. (#3255) Ref #3196
2016-11-15 07:45:00 +08:00
expectedRespStatus: http.StatusNotFound,
tests: Enhance coverage for bucket policy handlers. (#2895)
2016-10-11 00:29:56 +08:00
},
// Test case - 3.
Fix s3 compatibility fixes for getBucketLocation,headBucket,deleteBucket (#5842) - getBucketLocation - headBucket - deleteBucket Should return 404 or NoSuchBucket even for invalid bucket names, invalid bucket names are only validated during MakeBucket operation
2018-04-24 11:27:33 +08:00
// Case with non-existent bucket name.
tests: Enhance coverage for bucket policy handlers. (#2895)
2016-10-11 00:29:56 +08:00
{
bucketName: ".invalid-bucket-name",
Generate and use access/secret keys properly (#3498)
2016-12-27 02:21:23 +08:00
accessKey: credentials.AccessKey,
secretKey: credentials.SecretKey,
tests: Enhance coverage for bucket policy handlers. (#2895)
2016-10-11 00:29:56 +08:00
expectedBucketPolicy: "",
Fix s3 compatibility fixes for getBucketLocation,headBucket,deleteBucket (#5842) - getBucketLocation - headBucket - deleteBucket Should return 404 or NoSuchBucket even for invalid bucket names, invalid bucket names are only validated during MakeBucket operation
2018-04-24 11:27:33 +08:00
expectedRespStatus: http.StatusNotFound,
tests: Enhance coverage for bucket policy handlers. (#2895)
2016-10-11 00:29:56 +08:00
},
Api/Bucket-Policy: Handler tests (#2074)
2016-07-04 13:35:30 +08:00
}
// Iterating over the cases, fetching the policy and validating the response.
for i, testCase := range testCases {
// expected bucket policy json string.
expectedBucketPolicyStr := fmt.Sprintf(testCase.expectedBucketPolicy, testCase.bucketName, testCase.bucketName)
// initialize HTTP NewRecorder, this records any mutations to response writer inside the handler.
signature: Add legacy signature v2 support transparently. (#2811) Add new tests as well.
2016-10-01 05:32:13 +08:00
recV4 := httptest.NewRecorder()
Api/Bucket-Policy: Handler tests (#2074)
2016-07-04 13:35:30 +08:00
// construct HTTP request for PUT bucket policy endpoint.
feat: Add notification support for bucketCreates and removal (#10075)
2020-07-21 03:52:49 +08:00
reqV4, err := newTestSignedRequestV4(http.MethodGet, getGetPolicyURL("", testCase.bucketName),
Add GetObjectNInfo to object layer (#6449) The new call combines GetObjectInfo and GetObject, and returns an object with a ReadCloser interface. Also adds a number of end-to-end encryption tests at the handler level.
2018-09-21 10:22:09 +08:00
0, nil, testCase.accessKey, testCase.secretKey, nil)
Api/Bucket-Policy: Handler tests (#2074)
2016-07-04 13:35:30 +08:00
if err != nil {
t.Fatalf("Test %d: Failed to create HTTP request for GetBucketPolicyHandler: <ERROR> %v", i+1, err)
}
// Since `apiRouter` satisfies `http.Handler` it has a ServeHTTP to execute the logic of the handler.
// Call the ServeHTTP to execute the handler, GetBucketPolicyHandler handles the request.
signature: Add legacy signature v2 support transparently. (#2811) Add new tests as well.
2016-10-01 05:32:13 +08:00
apiRouter.ServeHTTP(recV4, reqV4)
// Assert the response code with the expected status.
if recV4.Code != testCase.expectedRespStatus {
t.Fatalf("Case %d: Expected the response status to be `%d`, but instead found `%d`", i+1, testCase.expectedRespStatus, recV4.Code)
}
// read the response body.
bucketPolicyReadBuf, err := ioutil.ReadAll(recV4.Body)
if err != nil {
t.Fatalf("Test %d: %s: Failed parsing response body: <ERROR> %v", i+1, instanceType, err)
}
tests: Enhance coverage for bucket policy handlers. (#2895)
2016-10-11 00:29:56 +08:00
if recV4.Code != testCase.expectedRespStatus {
// Verify whether the bucket policy fetched is same as the one inserted.
Fix make test failure (#6185) Fix shadowing errors.
2018-07-25 05:17:58 +08:00
var expectedPolicy *policy.Policy
expectedPolicy, err = policy.ParseConfig(strings.NewReader(expectedBucketPolicyStr), testCase.bucketName)
Enhance policy handling to support SSE and WORM (#5790) - remove old bucket policy handling - add new policy handling - add new policy handling unit tests This patch brings support to bucket policy to have more control not limiting to anonymous. Bucket owner controls to allow/deny any rest API. For example server side encryption can be controlled by allowing PUT/GET objects with encryptions including bucket owner.
2018-04-25 06:53:30 +08:00
if err != nil {
t.Fatalf("unexpected error. %v", err)
}
Fix make test failure (#6185) Fix shadowing errors.
2018-07-25 05:17:58 +08:00
var gotPolicy *policy.Policy
gotPolicy, err = policy.ParseConfig(bytes.NewReader(bucketPolicyReadBuf), testCase.bucketName)
Enhance policy handling to support SSE and WORM (#5790) - remove old bucket policy handling - add new policy handling - add new policy handling unit tests This patch brings support to bucket policy to have more control not limiting to anonymous. Bucket owner controls to allow/deny any rest API. For example server side encryption can be controlled by allowing PUT/GET objects with encryptions including bucket owner.
2018-04-25 06:53:30 +08:00
if err != nil {
t.Fatalf("unexpected error. %v", err)
}
if !reflect.DeepEqual(expectedPolicy, gotPolicy) {
tests: Enhance coverage for bucket policy handlers. (#2895)
2016-10-11 00:29:56 +08:00
t.Errorf("Test %d: %s: Bucket policy differs from expected value.", i+1, instanceType)
}
signature: Add legacy signature v2 support transparently. (#2811) Add new tests as well.
2016-10-01 05:32:13 +08:00
}
// initialize HTTP NewRecorder, this records any mutations to response writer inside the handler.
recV2 := httptest.NewRecorder()
// construct HTTP request for PUT bucket policy endpoint.
feat: Add notification support for bucketCreates and removal (#10075)
2020-07-21 03:52:49 +08:00
reqV2, err := newTestSignedRequestV2(http.MethodGet, getGetPolicyURL("", testCase.bucketName),
Add GetObjectNInfo to object layer (#6449) The new call combines GetObjectInfo and GetObject, and returns an object with a ReadCloser interface. Also adds a number of end-to-end encryption tests at the handler level.
2018-09-21 10:22:09 +08:00
0, nil, testCase.accessKey, testCase.secretKey, nil)
signature: Add legacy signature v2 support transparently. (#2811) Add new tests as well.
2016-10-01 05:32:13 +08:00
if err != nil {
t.Fatalf("Test %d: Failed to create HTTP request for GetBucketPolicyHandler: <ERROR> %v", i+1, err)
}
// Since `apiRouter` satisfies `http.Handler` it has a ServeHTTP to execute the logic of the handler.
// Call the ServeHTTP to execute the handler, GetBucketPolicyHandler handles the request.
apiRouter.ServeHTTP(recV2, reqV2)
Api/Bucket-Policy: Handler tests (#2074)
2016-07-04 13:35:30 +08:00
// Assert the response code with the expected status.
signature: Add legacy signature v2 support transparently. (#2811) Add new tests as well.
2016-10-01 05:32:13 +08:00
if recV2.Code != testCase.expectedRespStatus {
t.Fatalf("Case %d: Expected the response status to be `%d`, but instead found `%d`", i+1, testCase.expectedRespStatus, recV2.Code)
Api/Bucket-Policy: Handler tests (#2074)
2016-07-04 13:35:30 +08:00
}
// read the response body.
signature: Add legacy signature v2 support transparently. (#2811) Add new tests as well.
2016-10-01 05:32:13 +08:00
bucketPolicyReadBuf, err = ioutil.ReadAll(recV2.Body)
Api/Bucket-Policy: Handler tests (#2074)
2016-07-04 13:35:30 +08:00
if err != nil {
t.Fatalf("Test %d: %s: Failed parsing response body: <ERROR> %v", i+1, instanceType, err)
}
tests: Enhance coverage for bucket policy handlers. (#2895)
2016-10-11 00:29:56 +08:00
if recV2.Code == http.StatusOK {
// Verify whether the bucket policy fetched is same as the one inserted.
Enhance policy handling to support SSE and WORM (#5790) - remove old bucket policy handling - add new policy handling - add new policy handling unit tests This patch brings support to bucket policy to have more control not limiting to anonymous. Bucket owner controls to allow/deny any rest API. For example server side encryption can be controlled by allowing PUT/GET objects with encryptions including bucket owner.
2018-04-25 06:53:30 +08:00
expectedPolicy, err := policy.ParseConfig(strings.NewReader(expectedBucketPolicyStr), testCase.bucketName)
if err != nil {
t.Fatalf("unexpected error. %v", err)
}
gotPolicy, err := policy.ParseConfig(bytes.NewReader(bucketPolicyReadBuf), testCase.bucketName)
if err != nil {
t.Fatalf("unexpected error. %v", err)
}
if !reflect.DeepEqual(expectedPolicy, gotPolicy) {
tests: Enhance coverage for bucket policy handlers. (#2895)
2016-10-11 00:29:56 +08:00
t.Errorf("Test %d: %s: Bucket policy differs from expected value.", i+1, instanceType)
}
Api/Bucket-Policy: Handler tests (#2074)
2016-07-04 13:35:30 +08:00
}
}
- Test utility function for easy asserting of cases wherein objectLayer (#2865) is `nil` in API handlers. - Remove the existing tests for the `nil` check and use the new method to test for object layer being `nil`.
2016-10-07 04:34:33 +08:00
tests: Adding anonymous requests tests for bucket policy handlers. (#2882)
2016-10-08 16:04:26 +08:00
// Test for Anonymous/unsigned http request.
// Bucket policy related functions doesn't support anonymous requests, setting policies shouldn't make a difference.
// create unsigned HTTP request for PutBucketPolicyHandler.
feat: Add notification support for bucketCreates and removal (#10075)
2020-07-21 03:52:49 +08:00
anonReq, err := newTestRequest(http.MethodGet, getPutPolicyURL("", bucketName), 0, nil)
tests: Adding anonymous requests tests for bucket policy handlers. (#2882)
2016-10-08 16:04:26 +08:00
if err != nil {
Replace Minio refs in docs with MinIO and links (#7494)
2019-04-10 02:39:42 +08:00
t.Fatalf("MinIO %s: Failed to create an anonymous request for bucket \"%s\": <ERROR> %v",
tests: Adding anonymous requests tests for bucket policy handlers. (#2882)
2016-10-08 16:04:26 +08:00
instanceType, bucketName, err)
}
// ExecObjectLayerAPIAnonTest - Calls the HTTP API handler using the anonymous request, validates the ErrAccessDeniedResponse,
// sets the bucket policy using the policy statement generated from `getWriteOnlyObjectStatement` so that the
// unsigned request goes through and its validated again.
Enhance policy handling to support SSE and WORM (#5790) - remove old bucket policy handling - add new policy handling - add new policy handling unit tests This patch brings support to bucket policy to have more control not limiting to anonymous. Bucket owner controls to allow/deny any rest API. For example server side encryption can be controlled by allowing PUT/GET objects with encryptions including bucket owner.
2018-04-25 06:53:30 +08:00
ExecObjectLayerAPIAnonTest(t, obj, "GetBucketPolicyHandler", bucketName, "", instanceType, apiRouter, anonReq, getAnonReadOnlyBucketPolicy(bucketName))
tests: Adding anonymous requests tests for bucket policy handlers. (#2882)
2016-10-08 16:04:26 +08:00
- Test utility function for easy asserting of cases wherein objectLayer (#2865) is `nil` in API handlers. - Remove the existing tests for the `nil` check and use the new method to test for object layer being `nil`.
2016-10-07 04:34:33 +08:00
// HTTP request for testing when `objectLayer` is set to `nil`.
// There is no need to use an existing bucket and valid input for creating the request
// since the `objectLayer==nil` check is performed before any other checks inside the handlers.
// The only aim is to generate an HTTP request in a way that the relevant/registered end point is evoked/called.
nilBucket := "dummy-bucket"
feat: Add notification support for bucketCreates and removal (#10075)
2020-07-21 03:52:49 +08:00
nilReq, err := newTestSignedRequestV4(http.MethodGet, getGetPolicyURL("", nilBucket),
Add GetObjectNInfo to object layer (#6449) The new call combines GetObjectInfo and GetObject, and returns an object with a ReadCloser interface. Also adds a number of end-to-end encryption tests at the handler level.
2018-09-21 10:22:09 +08:00
0, nil, "", "", nil)
- Test utility function for easy asserting of cases wherein objectLayer (#2865) is `nil` in API handlers. - Remove the existing tests for the `nil` check and use the new method to test for object layer being `nil`.
2016-10-07 04:34:33 +08:00
if err != nil {
Replace Minio refs in docs with MinIO and links (#7494)
2019-04-10 02:39:42 +08:00
t.Errorf("MinIO %s: Failed to create HTTP request for testing the response when object Layer is set to `nil`.", instanceType)
- Test utility function for easy asserting of cases wherein objectLayer (#2865) is `nil` in API handlers. - Remove the existing tests for the `nil` check and use the new method to test for object layer being `nil`.
2016-10-07 04:34:33 +08:00
}
// execute the object layer set to `nil` test.
// `ExecObjectLayerAPINilTest` manages the operation.
ExecObjectLayerAPINilTest(t, nilBucket, "", instanceType, apiRouter, nilReq)
Api/Bucket-Policy: Handler tests (#2074)
2016-07-04 13:35:30 +08:00
}
Support bucket versioning (#9377) - Implement a new xl.json 2.0.0 format to support, this moves the entire marshaling logic to POSIX layer, top layer always consumes a common FileInfo construct which simplifies the metadata reads. - Implement list object versions - Migrate to siphash from crchash for new deployments for object placements. Fixes #2111
2020-06-13 11:04:01 +08:00
// Wrapper for calling Delete Bucket Policy HTTP handler tests for both Erasure multiple disks and single node setup.
Api/Bucket-Policy: Handler tests (#2074)
2016-07-04 13:35:30 +08:00
func TestDeleteBucketPolicyHandler(t *testing.T) {
Refactor bucket policy handler test to use API test initializer. (#2859)
2016-10-06 17:02:42 +08:00
ExecObjectLayerAPITest(t, testDeleteBucketPolicyHandler, []string{"PutBucketPolicy", "DeleteBucketPolicy"})
Api/Bucket-Policy: Handler tests (#2074)
2016-07-04 13:35:30 +08:00
}
// testDeleteBucketPolicyHandler - Test for Delete bucket policy end point.
Refactor bucket policy handler test to use API test initializer. (#2859)
2016-10-06 17:02:42 +08:00
func testDeleteBucketPolicyHandler(obj ObjectLayer, instanceType, bucketName string, apiRouter http.Handler,
run gofumpt cleanup across code-base (#14015)
2022-01-03 01:15:06 +08:00
credentials auth.Credentials, t *testing.T,
) {
Api/Bucket-Policy: Handler tests (#2074)
2016-07-04 13:35:30 +08:00
// template for constructing HTTP request body for PUT bucket policy.
bucketPolicyTemplate := `{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"s3:GetBucketLocation",
"s3:ListBucket"
],
"Effect": "Allow",
"Principal": {
"AWS": [
"*"
]
},
"Resource": [
"arn:aws:s3:::%s"
]
},
{
"Action": [
"s3:GetObject"
],
"Effect": "Allow",
"Principal": {
"AWS": [
"*"
]
},
"Resource": [
"arn:aws:s3:::%s/this*"
]
}
]
}`
// Writing bucket policy before running test on DeleteBucketPolicy.
putTestPolicies := []struct {
bucketName string
accessKey string
secretKey string
// expected Response.
expectedRespStatus int
}{
tests: Enhance coverage for bucket policy handlers. (#2895)
2016-10-11 00:29:56 +08:00
{
bucketName: bucketName,
Generate and use access/secret keys properly (#3498)
2016-12-27 02:21:23 +08:00
accessKey: credentials.AccessKey,
secretKey: credentials.SecretKey,
tests: Enhance coverage for bucket policy handlers. (#2895)
2016-10-11 00:29:56 +08:00
expectedRespStatus: http.StatusNoContent,
},
Api/Bucket-Policy: Handler tests (#2074)
2016-07-04 13:35:30 +08:00
}
// Iterating over the cases and writing the bucket policy.
// its required to write the policies first before running tests on GetBucketPolicy.
for i, testPolicy := range putTestPolicies {
// obtain the put bucket policy request body.
bucketPolicyStr := fmt.Sprintf(bucketPolicyTemplate, testPolicy.bucketName, testPolicy.bucketName)
// initialize HTTP NewRecorder, this records any mutations to response writer inside the handler.
signature: Add legacy signature v2 support transparently. (#2811) Add new tests as well.
2016-10-01 05:32:13 +08:00
recV4 := httptest.NewRecorder()
Api/Bucket-Policy: Handler tests (#2074)
2016-07-04 13:35:30 +08:00
// construct HTTP request for PUT bucket policy endpoint.
feat: Add notification support for bucketCreates and removal (#10075)
2020-07-21 03:52:49 +08:00
reqV4, err := newTestSignedRequestV4(http.MethodPut, getPutPolicyURL("", testPolicy.bucketName),
Add GetObjectNInfo to object layer (#6449) The new call combines GetObjectInfo and GetObject, and returns an object with a ReadCloser interface. Also adds a number of end-to-end encryption tests at the handler level.
2018-09-21 10:22:09 +08:00
int64(len(bucketPolicyStr)), bytes.NewReader([]byte(bucketPolicyStr)), testPolicy.accessKey, testPolicy.secretKey, nil)
Api/Bucket-Policy: Handler tests (#2074)
2016-07-04 13:35:30 +08:00
if err != nil {
t.Fatalf("Test %d: Failed to create HTTP request for PutBucketPolicyHandler: <ERROR> %v", i+1, err)
}
// Since `apiRouter` satisfies `http.Handler` it has a ServeHTTP to execute the logic of the handler.
// Call the ServeHTTP to execute the handler.
signature: Add legacy signature v2 support transparently. (#2811) Add new tests as well.
2016-10-01 05:32:13 +08:00
apiRouter.ServeHTTP(recV4, reqV4)
if recV4.Code != testPolicy.expectedRespStatus {
t.Fatalf("Case %d: Expected the response status to be `%d`, but instead found `%d`", i+1, testPolicy.expectedRespStatus, recV4.Code)
Api/Bucket-Policy: Handler tests (#2074)
2016-07-04 13:35:30 +08:00
}
}
signature: Add legacy signature v2 support transparently. (#2811) Add new tests as well.
2016-10-01 05:32:13 +08:00
Api/Bucket-Policy: Handler tests (#2074)
2016-07-04 13:35:30 +08:00
// testcases with input and expected output for DeleteBucketPolicyHandler.
testCases := []struct {
bucketName string
accessKey string
secretKey string
tests: Enhance coverage for bucket policy handlers. (#2895)
2016-10-11 00:29:56 +08:00
// expected response.
Api/Bucket-Policy: Handler tests (#2074)
2016-07-04 13:35:30 +08:00
expectedRespStatus int
}{
tests: Enhance coverage for bucket policy handlers. (#2895)
2016-10-11 00:29:56 +08:00
// Test case - 1.
{
bucketName: bucketName,
Generate and use access/secret keys properly (#3498)
2016-12-27 02:21:23 +08:00
accessKey: credentials.AccessKey,
secretKey: credentials.SecretKey,
tests: Enhance coverage for bucket policy handlers. (#2895)
2016-10-11 00:29:56 +08:00
expectedRespStatus: http.StatusNoContent,
},
// Test case - 2.
// Case with non-existent-bucket.
{
bucketName: "non-existent-bucket",
Generate and use access/secret keys properly (#3498)
2016-12-27 02:21:23 +08:00
accessKey: credentials.AccessKey,
secretKey: credentials.SecretKey,
xl/bootup: Server bootup shouldn't return for missing buckets. (#3255) Ref #3196
2016-11-15 07:45:00 +08:00
expectedRespStatus: http.StatusNotFound,
tests: Enhance coverage for bucket policy handlers. (#2895)
2016-10-11 00:29:56 +08:00
},
// Test case - 3.
Fix s3 compatibility fixes for getBucketLocation,headBucket,deleteBucket (#5842) - getBucketLocation - headBucket - deleteBucket Should return 404 or NoSuchBucket even for invalid bucket names, invalid bucket names are only validated during MakeBucket operation
2018-04-24 11:27:33 +08:00
// Case with non-existent-bucket.
tests: Enhance coverage for bucket policy handlers. (#2895)
2016-10-11 00:29:56 +08:00
{
bucketName: ".invalid-bucket-name",
Generate and use access/secret keys properly (#3498)
2016-12-27 02:21:23 +08:00
accessKey: credentials.AccessKey,
secretKey: credentials.SecretKey,
Fix s3 compatibility fixes for getBucketLocation,headBucket,deleteBucket (#5842) - getBucketLocation - headBucket - deleteBucket Should return 404 or NoSuchBucket even for invalid bucket names, invalid bucket names are only validated during MakeBucket operation
2018-04-24 11:27:33 +08:00
expectedRespStatus: http.StatusNotFound,
tests: Enhance coverage for bucket policy handlers. (#2895)
2016-10-11 00:29:56 +08:00
},
Api/Bucket-Policy: Handler tests (#2074)
2016-07-04 13:35:30 +08:00
}
// Iterating over the cases and deleting the bucket policy and then asserting response.
for i, testCase := range testCases {
// initialize HTTP NewRecorder, this records any mutations to response writer inside the handler.
signature: Add legacy signature v2 support transparently. (#2811) Add new tests as well.
2016-10-01 05:32:13 +08:00
recV4 := httptest.NewRecorder()
Api/Bucket-Policy: Handler tests (#2074)
2016-07-04 13:35:30 +08:00
// construct HTTP request for Delete bucket policy endpoint.
feat: Add notification support for bucketCreates and removal (#10075)
2020-07-21 03:52:49 +08:00
reqV4, err := newTestSignedRequestV4(http.MethodDelete, getDeletePolicyURL("", testCase.bucketName),
Add GetObjectNInfo to object layer (#6449) The new call combines GetObjectInfo and GetObject, and returns an object with a ReadCloser interface. Also adds a number of end-to-end encryption tests at the handler level.
2018-09-21 10:22:09 +08:00
0, nil, testCase.accessKey, testCase.secretKey, nil)
Api/Bucket-Policy: Handler tests (#2074)
2016-07-04 13:35:30 +08:00
if err != nil {
t.Fatalf("Test %d: Failed to create HTTP request for GetBucketPolicyHandler: <ERROR> %v", i+1, err)
}
// Since `apiRouter` satisfies `http.Handler` it has a ServeHTTP to execute the logic of the handler.
// Call the ServeHTTP to execute the handler, DeleteBucketPolicyHandler handles the request.
signature: Add legacy signature v2 support transparently. (#2811) Add new tests as well.
2016-10-01 05:32:13 +08:00
apiRouter.ServeHTTP(recV4, reqV4)
Api/Bucket-Policy: Handler tests (#2074)
2016-07-04 13:35:30 +08:00
// Assert the response code with the expected status.
signature: Add legacy signature v2 support transparently. (#2811) Add new tests as well.
2016-10-01 05:32:13 +08:00
if recV4.Code != testCase.expectedRespStatus {
t.Fatalf("Case %d: Expected the response status to be `%d`, but instead found `%d`", i+1, testCase.expectedRespStatus, recV4.Code)
Api/Bucket-Policy: Handler tests (#2074)
2016-07-04 13:35:30 +08:00
}
signature: Add legacy signature v2 support transparently. (#2811) Add new tests as well.
2016-10-01 05:32:13 +08:00
}
Api/Bucket-Policy: Handler tests (#2074)
2016-07-04 13:35:30 +08:00
signature: Add legacy signature v2 support transparently. (#2811) Add new tests as well.
2016-10-01 05:32:13 +08:00
// Iterating over the cases and writing the bucket policy.
// its required to write the policies first before running tests on GetBucketPolicy.
for i, testPolicy := range putTestPolicies {
// obtain the put bucket policy request body.
bucketPolicyStr := fmt.Sprintf(bucketPolicyTemplate, testPolicy.bucketName, testPolicy.bucketName)
// initialize HTTP NewRecorder, this records any mutations to response writer inside the handler.
recV2 := httptest.NewRecorder()
// construct HTTP request for PUT bucket policy endpoint.
feat: Add notification support for bucketCreates and removal (#10075)
2020-07-21 03:52:49 +08:00
reqV2, err := newTestSignedRequestV2(http.MethodPut, getPutPolicyURL("", testPolicy.bucketName),
Add GetObjectNInfo to object layer (#6449) The new call combines GetObjectInfo and GetObject, and returns an object with a ReadCloser interface. Also adds a number of end-to-end encryption tests at the handler level.
2018-09-21 10:22:09 +08:00
int64(len(bucketPolicyStr)), bytes.NewReader([]byte(bucketPolicyStr)), testPolicy.accessKey, testPolicy.secretKey, nil)
signature: Add legacy signature v2 support transparently. (#2811) Add new tests as well.
2016-10-01 05:32:13 +08:00
if err != nil {
t.Fatalf("Test %d: Failed to create HTTP request for PutBucketPolicyHandler: <ERROR> %v", i+1, err)
}
// Since `apiRouter` satisfies `http.Handler` it has a ServeHTTP to execute the logic of the handler.
// Call the ServeHTTP to execute the handler.
apiRouter.ServeHTTP(recV2, reqV2)
if recV2.Code != testPolicy.expectedRespStatus {
t.Fatalf("Case %d: Expected the response status to be `%d`, but instead found `%d`", i+1, testPolicy.expectedRespStatus, recV2.Code)
}
}
for i, testCase := range testCases {
// initialize HTTP NewRecorder, this records any mutations to response writer inside the handler.
recV2 := httptest.NewRecorder()
// construct HTTP request for Delete bucket policy endpoint.
feat: Add notification support for bucketCreates and removal (#10075)
2020-07-21 03:52:49 +08:00
reqV2, err := newTestSignedRequestV2(http.MethodDelete, getDeletePolicyURL("", testCase.bucketName),
Add GetObjectNInfo to object layer (#6449) The new call combines GetObjectInfo and GetObject, and returns an object with a ReadCloser interface. Also adds a number of end-to-end encryption tests at the handler level.
2018-09-21 10:22:09 +08:00
0, nil, testCase.accessKey, testCase.secretKey, nil)
signature: Add legacy signature v2 support transparently. (#2811) Add new tests as well.
2016-10-01 05:32:13 +08:00
if err != nil {
t.Fatalf("Test %d: Failed to create HTTP request for GetBucketPolicyHandler: <ERROR> %v", i+1, err)
}
// Since `apiRouter` satisfies `http.Handler` it has a ServeHTTP to execute the logic of the handler.
// Call the ServeHTTP to execute the handler, DeleteBucketPolicyHandler handles the request.
apiRouter.ServeHTTP(recV2, reqV2)
// Assert the response code with the expected status.
if recV2.Code != testCase.expectedRespStatus {
t.Fatalf("Case %d: Expected the response status to be `%d`, but instead found `%d`", i+1, testCase.expectedRespStatus, recV2.Code)
}
Api/Bucket-Policy: Handler tests (#2074)
2016-07-04 13:35:30 +08:00
}
tests: Adding anonymous requests tests for bucket policy handlers. (#2882)
2016-10-08 16:04:26 +08:00
// Test for Anonymous/unsigned http request.
// Bucket policy related functions doesn't support anonymous requests, setting policies shouldn't make a difference.
// create unsigned HTTP request for PutBucketPolicyHandler.
feat: Add notification support for bucketCreates and removal (#10075)
2020-07-21 03:52:49 +08:00
anonReq, err := newTestRequest(http.MethodDelete, getPutPolicyURL("", bucketName), 0, nil)
tests: Adding anonymous requests tests for bucket policy handlers. (#2882)
2016-10-08 16:04:26 +08:00
if err != nil {
Replace Minio refs in docs with MinIO and links (#7494)
2019-04-10 02:39:42 +08:00
t.Fatalf("MinIO %s: Failed to create an anonymous request for bucket \"%s\": <ERROR> %v",
tests: Adding anonymous requests tests for bucket policy handlers. (#2882)
2016-10-08 16:04:26 +08:00
instanceType, bucketName, err)
}
// ExecObjectLayerAPIAnonTest - Calls the HTTP API handler using the anonymous request, validates the ErrAccessDeniedResponse,
// sets the bucket policy using the policy statement generated from `getWriteOnlyObjectStatement` so that the
// unsigned request goes through and its validated again.
Enhance policy handling to support SSE and WORM (#5790) - remove old bucket policy handling - add new policy handling - add new policy handling unit tests This patch brings support to bucket policy to have more control not limiting to anonymous. Bucket owner controls to allow/deny any rest API. For example server side encryption can be controlled by allowing PUT/GET objects with encryptions including bucket owner.
2018-04-25 06:53:30 +08:00
ExecObjectLayerAPIAnonTest(t, obj, "DeleteBucketPolicyHandler", bucketName, "", instanceType, apiRouter, anonReq, getAnonWriteOnlyBucketPolicy(bucketName))
- Test utility function for easy asserting of cases wherein objectLayer (#2865) is `nil` in API handlers. - Remove the existing tests for the `nil` check and use the new method to test for object layer being `nil`.
2016-10-07 04:34:33 +08:00
// HTTP request for testing when `objectLayer` is set to `nil`.
// There is no need to use an existing bucket and valid input for creating the request
// since the `objectLayer==nil` check is performed before any other checks inside the handlers.
// The only aim is to generate an HTTP request in a way that the relevant/registered end point is evoked/called.
nilBucket := "dummy-bucket"
feat: Add notification support for bucketCreates and removal (#10075)
2020-07-21 03:52:49 +08:00
nilReq, err := newTestSignedRequestV4(http.MethodDelete, getDeletePolicyURL("", nilBucket),
Add GetObjectNInfo to object layer (#6449) The new call combines GetObjectInfo and GetObject, and returns an object with a ReadCloser interface. Also adds a number of end-to-end encryption tests at the handler level.
2018-09-21 10:22:09 +08:00
0, nil, "", "", nil)
- Test utility function for easy asserting of cases wherein objectLayer (#2865) is `nil` in API handlers. - Remove the existing tests for the `nil` check and use the new method to test for object layer being `nil`.
2016-10-07 04:34:33 +08:00
if err != nil {
Replace Minio refs in docs with MinIO and links (#7494)
2019-04-10 02:39:42 +08:00
t.Errorf("MinIO %s: Failed to create HTTP request for testing the response when object Layer is set to `nil`.", instanceType)
- Test utility function for easy asserting of cases wherein objectLayer (#2865) is `nil` in API handlers. - Remove the existing tests for the `nil` check and use the new method to test for object layer being `nil`.
2016-10-07 04:34:33 +08:00
}
// execute the object layer set to `nil` test.
// `ExecObjectLayerAPINilTest` manages the operation.
ExecObjectLayerAPINilTest(t, nilBucket, "", instanceType, apiRouter, nilReq)
Api/Bucket-Policy: Handler tests (#2074)
2016-07-04 13:35:30 +08:00
}