Beispiel #1
0
    def test_acl_canonical_user(self):
        grantee = User('test:tester')

        self.assertTrue('test:tester' in grantee)
        self.assertTrue('test:tester2' not in grantee)
        self.assertEquals(str(grantee), 'test:tester')
        self.assertEquals(grantee.elem().find('./ID').text, 'test:tester')
Beispiel #2
0
    def test_acl_canonical_user(self):
        grantee = User('test:tester')

        self.assertTrue('test:tester' in grantee)
        self.assertTrue('test:tester2' not in grantee)
        self.assertEquals(str(grantee), 'test:tester')
        self.assertEquals(grantee.elem().find('./ID').text, 'test:tester')
Beispiel #3
0
    def _test_object_PUT_copy(self, head_resp, put_header={}):
        account = 'test:tester'
        grants = [Grant(User(account), 'FULL_CONTROL')]
        head_headers = \
            encode_acl('object',
                       ACL(Owner(account, account), grants))
        head_headers.update({'last-modified': self.last_modified})
        self.swift.register('HEAD', '/v1/AUTH_test/some/source', head_resp,
                            head_headers, None)

        put_headers = {
            'Authorization': 'AWS test:tester:hmac',
            'X-Amz-Copy-Source': '/some/source',
            'Date': self.get_date_header()
        }
        put_headers.update(put_header)

        req = Request.blank('/bucket/object',
                            environ={'REQUEST_METHOD': 'PUT'},
                            headers=put_headers)

        req.date = datetime.now()
        req.content_type = 'text/plain'
        with patch('swift3.utils.time.time', return_value=1396353600.000000):
            return self.call_swift3(req)
Beispiel #4
0
 def _test_set_container_permission(self, account, permission):
     grants = [Grant(User(account), permission)]
     headers = \
         encode_acl('container',
                    ACL(Owner('test:tester', 'test:tester'), grants))
     self.swift.register('HEAD', '/v1/AUTH_test/bucket',
                         swob.HTTPNoContent, headers, None)
    def _test_object_acl_PUT(self, account, permission='FULL_CONTROL'):
        acl = ACL(self.default_owner, [Grant(User(account), permission)])
        req = Request.blank('/bucket/object?acl',
                            environ={'REQUEST_METHOD': 'PUT'},
                            headers={'Authorization': 'AWS %s:hmac' % account},
                            body=tostring(acl.elem()))

        return self.call_swift3(req)
Beispiel #6
0
def _gen_test_acl_header(owner, permission=None, grantee=None,
                         resource='container'):
    if permission is None:
        return ACL(owner, [])

    if grantee is None:
        grantee = User('test:tester')
    return encode_acl(resource, ACL(owner, [Grant(grantee, permission)]))
 def test_object_PUT_copy_without_dst_obj_permission(self):
     account = 'test:other'
     grants = [Grant(User(account), 'WRITE')]
     headers = encode_acl('container', ACL(Owner(account, account), grants))
     self.swift.register('HEAD', '/v1/AUTH_test/bucket', swob.HTTPNoContent,
                         headers, None)
     status, headers, body = \
         self._test_object_copy_for_s3acl(account, 'READ')
     self.assertEquals(status.split()[0], '403')
Beispiel #8
0
    def _test_object_copy_for_s3acl(self, account, src_permission=None,
                                    src_path='/src_bucket/src_obj'):
        owner = 'test:tester'
        grants = [Grant(User(account), src_permission)] \
            if src_permission else [Grant(User(owner), 'FULL_CONTROL')]
        src_o_headers = \
            encode_acl('object', ACL(Owner(owner, owner), grants))
        self.swift.register(
            'HEAD', join('/v1/AUTH_test', src_path.lstrip('/')),
            swob.HTTPOk, src_o_headers, None)

        req = Request.blank(
            '/bucket/object',
            environ={'REQUEST_METHOD': 'PUT'},
            headers={'Authorization': 'AWS %s:hmac' % account,
                     'X-Amz-Copy-Source': src_path})

        return self.call_swift3(req)
Beispiel #9
0
 def _test_object_PUT_copy_self(self, head_resp, put_header={}):
     account = 'test:tester'
     grants = [Grant(User(account), 'FULL_CONTROL')]
     head_headers = \
         encode_acl('object',
                    ACL(Owner(account, account), grants))
     head_headers.update({'last-modified': self.last_modified})
     self.swift.register('HEAD', '/v1/AUTH_test/bucket/object', head_resp,
                         head_headers, None)
     return self._call_object_copy('/bucket/object', put_header)
Beispiel #10
0
 def _test_object_PUT_copy(self, head_resp, put_header=None,
                           src_path='/some/source', timestamp=None):
     account = 'test:tester'
     grants = [Grant(User(account), 'FULL_CONTROL')]
     head_headers = \
         encode_acl('object',
                    ACL(Owner(account, account), grants))
     head_headers.update({'last-modified': self.last_modified})
     self.swift.register('HEAD', '/v1/AUTH_test/some/source',
                         head_resp, head_headers, None)
     put_header = put_header or {}
     return self._call_object_copy(src_path, put_header, timestamp)
Beispiel #11
0
    def _test_copy_for_s3acl(self,
                             account,
                             src_permission=None,
                             src_path='/src_bucket/src_obj',
                             head_resp=swob.HTTPOk,
                             put_header={}):
        owner = 'test:tester'
        grants = [Grant(User(account), src_permission)] \
            if src_permission else [Grant(User(owner), 'FULL_CONTROL')]
        src_o_headers = encode_acl('object', ACL(Owner(owner, owner), grants))
        self.swift.register('HEAD', '/v1/AUTH_test/src_bucket/src_obj',
                            head_resp, src_o_headers, None)

        put_headers = {
            'Authorization': 'AWS %s:hmac' % account,
            'X-Amz-Copy-Source': src_path
        }
        put_headers.update(put_header)
        req = Request.blank('/bucket/object?partNumber=1&uploadId=X',
                            environ={'REQUEST_METHOD': 'PUT'},
                            headers=put_headers)
        return self.call_swift3(req)
Beispiel #12
0
    def _test_object_PUT_copy(self, head_resp, put_header={}):
        account = 'test:tester'
        grants = [Grant(User(account), 'FULL_CONTROL')]
        head_headers = \
            encode_acl('object',
                       ACL(Owner(account, account), grants))
        self.swift.register('HEAD', '/v1/AUTH_test/some/source',
                            head_resp, head_headers, None)

        put_headers = {'Authorization': 'AWS test:tester:hmac',
                       'X-Amz-Copy-Source': '/some/source'}
        put_headers.update(put_header)

        req = Request.blank('/bucket/object',
                            environ={'REQUEST_METHOD': 'PUT'},
                            headers=put_headers)

        req.date = datetime.now()
        req.content_type = 'text/plain'
        return self.call_swift3(req)
Beispiel #13
0
def _gen_test_headers(owner, grants=[], resource='container'):
    if not grants:
        grants = [Grant(User('test:tester'), 'FULL_CONTROL')]
    return encode_acl(resource, ACL(owner, grants))
Beispiel #14
0
 def gen_grant(permission):
     # generate Grant with a grantee named by "permission"
     account_name = '%s:%s' % (account, permission.lower())
     return Grant(User(account_name), permission)