def test_invalid_acls(self): if tf.skip: raise SkipTest def post(url, token, parsed, conn, headers): new_headers = dict({'X-Auth-Token': token}, **headers) conn.request('POST', parsed.path, '', new_headers) return check_response(conn) # needs to be an acceptable header size num_keys = 8 max_key_size = load_constraint('max_header_size') / num_keys acl = {'admin': [c * max_key_size for c in letters[:num_keys]]} headers = { 'x-account-access-control': format_acl(version=2, acl_dict=acl) } resp = retry(post, headers=headers, use_account=1) resp.read() self.assertEqual(resp.status, 400) # and again a touch smaller acl = {'admin': [c * max_key_size for c in letters[:num_keys - 1]]} headers = { 'x-account-access-control': format_acl(version=2, acl_dict=acl) } resp = retry(post, headers=headers, use_account=1) resp.read() self.assertEqual(resp.status, 204)
def test_bad_metadata(self): if tf.skip: raise SkipTest def post(url, token, parsed, conn, extra_headers): headers = {'X-Auth-Token': token} headers.update(extra_headers) conn.request('POST', parsed.path, '', headers) return check_response(conn) resp = retry(post, {'X-Account-Meta-' + ( 'k' * self.max_meta_name_length): 'v'}) resp.read() self.assertEqual(resp.status, 204) resp = retry( post, {'X-Account-Meta-' + ('k' * ( self.max_meta_name_length + 1)): 'v'}) resp.read() self.assertEqual(resp.status, 400) resp = retry(post, {'X-Account-Meta-Too-Long': ( 'k' * self.max_meta_value_length)}) resp.read() self.assertEqual(resp.status, 204) resp = retry( post, {'X-Account-Meta-Too-Long': 'k' * ( self.max_meta_value_length + 1)}) resp.read() self.assertEqual(resp.status, 400)
def test_if_none_match(self): def put(url, token, parsed, conn): conn.request( 'PUT', '%s/%s/%s' % (parsed.path, self.container, 'if_none_match_test'), '', { 'X-Auth-Token': token, 'Content-Length': '0', 'If-None-Match': '*' }) return check_response(conn) resp = retry(put) resp.read() self.assertEqual(resp.status, 201) resp = retry(put) resp.read() self.assertEqual(resp.status, 412) def put(url, token, parsed, conn): conn.request( 'PUT', '%s/%s/%s' % (parsed.path, self.container, 'if_none_match_test'), '', { 'X-Auth-Token': token, 'Content-Length': '0', 'If-None-Match': 'somethingelse' }) return check_response(conn) resp = retry(put) resp.read() self.assertEqual(resp.status, 400)
def test_multi_metadata(self): if tf.skip: raise SkipTest def post(url, token, parsed, conn, name, value): conn.request('POST', parsed.path, '', { 'X-Auth-Token': token, name: value }) return check_response(conn) def head(url, token, parsed, conn): conn.request('HEAD', parsed.path, '', {'X-Auth-Token': token}) return check_response(conn) resp = retry(post, 'X-Account-Meta-One', '1') resp.read() self.assertEqual(resp.status, 204) resp = retry(head) resp.read() self.assert_(resp.status in (200, 204), resp.status) self.assertEqual(resp.getheader('x-account-meta-one'), '1') resp = retry(post, 'X-Account-Meta-Two', '2') resp.read() self.assertEqual(resp.status, 204) resp = retry(head) resp.read() self.assert_(resp.status in (200, 204), resp.status) self.assertEqual(resp.getheader('x-account-meta-one'), '1') self.assertEqual(resp.getheader('x-account-meta-two'), '2')
def _create_container(self, name=None, headers=None, use_account=1): if not name: name = uuid4().hex self.containers.append(name) headers = headers or {} def put(url, token, parsed, conn, name): new_headers = dict({'X-Auth-Token': token}, **headers) conn.request('PUT', parsed.path + '/' + name, '', new_headers) return check_response(conn) resp = retry(put, name, use_account=use_account) resp.read() self.assertEqual(resp.status, 201) # With keystoneauth we need the accounts to have had the project # domain id persisted as sysmeta prior to testing ACLs. This may # not be the case if, for example, the account was created using # a request with reseller_admin role, when project domain id may # not have been known. So we ensure that the project domain id is # in sysmeta by making a POST to the accounts using an admin role. def post(url, token, parsed, conn): conn.request('POST', parsed.path, '', {'X-Auth-Token': token}) return check_response(conn) resp = retry(post, use_account=use_account) resp.read() self.assertEqual(resp.status, 204) return name
def test_multi_metadata(self): if tf.skip: raise SkipTest def post(url, token, parsed, conn, name, value): conn.request('POST', parsed.path, '', {'X-Auth-Token': token, name: value}) return check_response(conn) def head(url, token, parsed, conn): conn.request('HEAD', parsed.path, '', {'X-Auth-Token': token}) return check_response(conn) resp = retry(post, 'X-Account-Meta-One', '1') resp.read() self.assertEqual(resp.status, 204) resp = retry(head) resp.read() self.assert_(resp.status in (200, 204), resp.status) self.assertEqual(resp.getheader('x-account-meta-one'), '1') resp = retry(post, 'X-Account-Meta-Two', '2') resp.read() self.assertEqual(resp.status, 204) resp = retry(head) resp.read() self.assert_(resp.status in (200, 204), resp.status) self.assertEqual(resp.getheader('x-account-meta-one'), '1') self.assertEqual(resp.getheader('x-account-meta-two'), '2')
def test_bad_metadata2(self): if tf.skip: raise SkipTest def post(url, token, parsed, conn, extra_headers): headers = {'X-Auth-Token': token} headers.update(extra_headers) conn.request('POST', parsed.path, '', headers) return check_response(conn) # TODO: Find the test that adds these and remove them. headers = {'x-remove-account-meta-temp-url-key': 'remove', 'x-remove-account-meta-temp-url-key-2': 'remove'} resp = retry(post, headers) headers = {} for x in xrange(self.max_meta_count): headers['X-Account-Meta-%d' % x] = 'v' resp = retry(post, headers) resp.read() self.assertEqual(resp.status, 204) headers = {} for x in xrange(self.max_meta_count + 1): headers['X-Account-Meta-%d' % x] = 'v' resp = retry(post, headers) resp.read() self.assertEqual(resp.status, 400)
def test_if_none_match(self): def put(url, token, parsed, conn): conn.request('PUT', '%s/%s/%s' % ( parsed.path, self.container, 'if_none_match_test'), '', {'X-Auth-Token': token, 'Content-Length': '0', 'If-None-Match': '*'}) return check_response(conn) resp = retry(put) resp.read() self.assertEquals(resp.status, 201) resp = retry(put) resp.read() self.assertEquals(resp.status, 412) def put(url, token, parsed, conn): conn.request('PUT', '%s/%s/%s' % ( parsed.path, self.container, 'if_none_match_test'), '', {'X-Auth-Token': token, 'Content-Length': '0', 'If-None-Match': 'somethingelse'}) return check_response(conn) resp = retry(put) resp.read() self.assertEquals(resp.status, 400)
def tearDown(self): if tf.skip: raise SkipTest def get(url, token, parsed, conn): conn.request('GET', parsed.path + '/' + self.name + '?format=json', '', {'X-Auth-Token': token}) return check_response(conn) def delete(url, token, parsed, conn, obj): conn.request('DELETE', '/'.join([parsed.path, self.name, obj['name']]), '', {'X-Auth-Token': token}) return check_response(conn) while True: resp = retry(get) body = resp.read() self.assert_(resp.status // 100 == 2, resp.status) objs = json.loads(body) if not objs: break for obj in objs: resp = retry(delete, obj) resp.read() self.assertEqual(resp.status, 204) def delete(url, token, parsed, conn): conn.request('DELETE', parsed.path + '/' + self.name, '', {'X-Auth-Token': token}) return check_response(conn) resp = retry(delete) resp.read() self.assertEqual(resp.status, 204)
def test_multi_metadata(self): if tf.skip: raise SkipTest def post(url, token, parsed, conn, name, value): conn.request("POST", parsed.path, "", {"X-Auth-Token": token, name: value}) return check_response(conn) def head(url, token, parsed, conn): conn.request("HEAD", parsed.path, "", {"X-Auth-Token": token}) return check_response(conn) resp = retry(post, "X-Account-Meta-One", "1") resp.read() self.assertEqual(resp.status, 204) resp = retry(head) resp.read() self.assertIn(resp.status, (200, 204)) self.assertEqual(resp.getheader("x-account-meta-one"), "1") resp = retry(post, "X-Account-Meta-Two", "2") resp.read() self.assertEqual(resp.status, 204) resp = retry(head) resp.read() self.assertIn(resp.status, (200, 204)) self.assertEqual(resp.getheader("x-account-meta-one"), "1") self.assertEqual(resp.getheader("x-account-meta-two"), "2")
def test_bad_metadata2(self): if tf.skip: raise SkipTest def post(url, token, parsed, conn, extra_headers): headers = {"X-Auth-Token": token} headers.update(extra_headers) conn.request("POST", parsed.path, "", headers) return check_response(conn) # TODO: Find the test that adds these and remove them. headers = {"x-remove-account-meta-temp-url-key": "remove", "x-remove-account-meta-temp-url-key-2": "remove"} resp = retry(post, headers) headers = {} for x in range(self.max_meta_count): headers["X-Account-Meta-%d" % x] = "v" resp = retry(post, headers) resp.read() self.assertEqual(resp.status, 204) headers = {} for x in range(self.max_meta_count + 1): headers["X-Account-Meta-%d" % x] = "v" resp = retry(post, headers) resp.read() self.assertEqual(resp.status, 400)
def test_bad_metadata3(self): if tf.skip: raise SkipTest def post(url, token, parsed, conn, extra_headers): headers = {'X-Auth-Token': token} headers.update(extra_headers) conn.request('POST', parsed.path, '', headers) return check_response(conn) headers = {} header_value = 'k' * self.max_meta_value_length size = 0 x = 0 while size < (self.max_meta_overall_size - 4 - self.max_meta_value_length): size += 4 + self.max_meta_value_length headers['X-Account-Meta-%04d' % x] = header_value x += 1 if self.max_meta_overall_size - size > 1: headers['X-Account-Meta-k'] = \ 'v' * (self.max_meta_overall_size - size - 1) resp = retry(post, headers) resp.read() self.assertEqual(resp.status, 204) headers['X-Account-Meta-k'] = \ 'v' * (self.max_meta_overall_size - size) resp = retry(post, headers) resp.read() self.assertEqual(resp.status, 400)
def tearDown(self): if tf.skip: raise SkipTest def delete(url, token, parsed, conn, obj): conn.request("DELETE", "%s/%s/%s" % (parsed.path, self.container, obj), "", {"X-Auth-Token": token}) return check_response(conn) # get list of objects in container def list(url, token, parsed, conn): conn.request("GET", "%s/%s" % (parsed.path, self.container), "", {"X-Auth-Token": token}) return check_response(conn) resp = retry(list) object_listing = resp.read() self.assertEqual(resp.status, 200) # iterate over object listing and delete all objects for obj in object_listing.splitlines(): resp = retry(delete, obj) resp.read() self.assertEqual(resp.status, 204) # delete the container def delete(url, token, parsed, conn): conn.request("DELETE", parsed.path + "/" + self.container, "", {"X-Auth-Token": token}) return check_response(conn) resp = retry(delete) resp.read() self.assertEqual(resp.status, 204)
def test_if_none_match(self): def put(url, token, parsed, conn): conn.request( "PUT", "%s/%s/%s" % (parsed.path, self.container, "if_none_match_test"), "", {"X-Auth-Token": token, "Content-Length": "0", "If-None-Match": "*"}, ) return check_response(conn) resp = retry(put) resp.read() self.assertEquals(resp.status, 201) resp = retry(put) resp.read() self.assertEquals(resp.status, 412) def put(url, token, parsed, conn): conn.request( "PUT", "%s/%s/%s" % (parsed.path, self.container, "if_none_match_test"), "", {"X-Auth-Token": token, "Content-Length": "0", "If-None-Match": "somethingelse"}, ) return check_response(conn) resp = retry(put) resp.read() self.assertEquals(resp.status, 400)
def test_bad_metadata2(self): if tf.skip: raise SkipTest def post(url, token, parsed, conn, extra_headers): headers = {'X-Auth-Token': token} headers.update(extra_headers) conn.request('POST', parsed.path, '', headers) return check_response(conn) # TODO: Find the test that adds these and remove them. headers = { 'x-remove-account-meta-temp-url-key': 'remove', 'x-remove-account-meta-temp-url-key-2': 'remove' } resp = retry(post, headers) headers = {} for x in range(self.max_meta_count): headers['X-Account-Meta-%d' % x] = 'v' resp = retry(post, headers) resp.read() self.assertEqual(resp.status, 204) headers = {} for x in range(self.max_meta_count + 1): headers['X-Account-Meta-%d' % x] = 'v' resp = retry(post, headers) resp.read() self.assertEqual(resp.status, 400)
def test_invalid_acls(self): if tf.skip: raise SkipTest def post(url, token, parsed, conn, headers): new_headers = dict({'X-Auth-Token': token}, **headers) conn.request('POST', parsed.path, '', new_headers) return check_response(conn) # needs to be an acceptable header size num_keys = 8 max_key_size = load_constraint('max_header_size') / num_keys acl = {'admin': [c * max_key_size for c in letters[:num_keys]]} headers = {'x-account-access-control': format_acl( version=2, acl_dict=acl)} resp = retry(post, headers=headers, use_account=1) resp.read() self.assertEqual(resp.status, 400) # and again a touch smaller acl = {'admin': [c * max_key_size for c in letters[:num_keys - 1]]} headers = {'x-account-access-control': format_acl( version=2, acl_dict=acl)} resp = retry(post, headers=headers, use_account=1) resp.read() self.assertEqual(resp.status, 204)
def test_delete_if_delete_at_bad(self): if tf.skip: raise SkipTest def put(url, token, parsed, conn): conn.request('PUT', '%s/%s/hi-delete-bad' % (parsed.path, self.container), 'there', {'X-Auth-Token': token}) return check_response(conn) resp = retry(put) resp.read() self.assertEqual(resp.status, 201) def delete(url, token, parsed, conn): conn.request('DELETE', '%s/%s/hi' % (parsed.path, self.container), '', { 'X-Auth-Token': token, 'X-If-Delete-At': 'bad' }) return check_response(conn) resp = retry(delete) resp.read() self.assertEqual(resp.status, 400)
def tearDown(self): if tf.skip: raise SkipTest def delete(url, token, parsed, conn, obj): conn.request('DELETE', '%s/%s/%s' % (parsed.path, self.container, obj), '', {'X-Auth-Token': token}) return check_response(conn) # get list of objects in container def list(url, token, parsed, conn): conn.request('GET', '%s/%s' % (parsed.path, self.container), '', {'X-Auth-Token': token}) return check_response(conn) resp = retry(list) object_listing = resp.read() self.assertEqual(resp.status, 200) # iterate over object listing and delete all objects for obj in object_listing.splitlines(): resp = retry(delete, obj) resp.read() self.assertEqual(resp.status, 204) # delete the container def delete(url, token, parsed, conn): conn.request('DELETE', parsed.path + '/' + self.container, '', {'X-Auth-Token': token}) return check_response(conn) resp = retry(delete) resp.read() self.assertEqual(resp.status, 204)
def test_cross_policy_copy(self): # create container in first policy policy = self.policies.select() container = self._create_container( headers={'X-Storage-Policy': policy['name']}) obj = uuid4().hex # create a container in second policy other_policy = self.policies.exclude(name=policy['name']).select() other_container = self._create_container( headers={'X-Storage-Policy': other_policy['name']}) other_obj = uuid4().hex def put_obj(url, token, parsed, conn, container, obj): # to keep track of things, use the original path as the body content = '%s/%s' % (container, obj) path = '%s/%s' % (parsed.path, content) conn.request('PUT', path, content, {'X-Auth-Token': token}) return check_response(conn) # create objects for c, o in zip((container, other_container), (obj, other_obj)): resp = retry(put_obj, c, o) resp.read() self.assertEqual(resp.status, 201) def put_copy_from(url, token, parsed, conn, container, obj, source): dest_path = '%s/%s/%s' % (parsed.path, container, obj) conn.request( 'PUT', dest_path, '', { 'X-Auth-Token': token, 'Content-Length': '0', 'X-Copy-From': source }) return check_response(conn) copy_requests = ( (container, other_obj, '%s/%s' % (other_container, other_obj)), (other_container, obj, '%s/%s' % (container, obj)), ) # copy objects for c, o, source in copy_requests: resp = retry(put_copy_from, c, o, source) resp.read() self.assertEqual(resp.status, 201) def get_obj(url, token, parsed, conn, container, obj): path = '%s/%s/%s' % (parsed.path, container, obj) conn.request('GET', path, '', {'X-Auth-Token': token}) return check_response(conn) # validate contents, contents should be source validate_requests = copy_requests for c, o, body in validate_requests: resp = retry(get_obj, c, o) self.assertEqual(resp.status, 200) self.assertEqual(body, resp.read())
def test_cross_policy_copy(self): # create container in first policy policy = self.policies.select() container = self._create_container( headers={'X-Storage-Policy': policy['name']}) obj = uuid4().hex # create a container in second policy other_policy = self.policies.exclude(name=policy['name']).select() other_container = self._create_container( headers={'X-Storage-Policy': other_policy['name']}) other_obj = uuid4().hex def put_obj(url, token, parsed, conn, container, obj): # to keep track of things, use the original path as the body content = '%s/%s' % (container, obj) path = '%s/%s' % (parsed.path, content) conn.request('PUT', path, content, {'X-Auth-Token': token}) return check_response(conn) # create objects for c, o in zip((container, other_container), (obj, other_obj)): resp = retry(put_obj, c, o) resp.read() self.assertEqual(resp.status, 201) def put_copy_from(url, token, parsed, conn, container, obj, source): dest_path = '%s/%s/%s' % (parsed.path, container, obj) conn.request('PUT', dest_path, '', {'X-Auth-Token': token, 'Content-Length': '0', 'X-Copy-From': source}) return check_response(conn) copy_requests = ( (container, other_obj, '%s/%s' % (other_container, other_obj)), (other_container, obj, '%s/%s' % (container, obj)), ) # copy objects for c, o, source in copy_requests: resp = retry(put_copy_from, c, o, source) resp.read() self.assertEqual(resp.status, 201) def get_obj(url, token, parsed, conn, container, obj): path = '%s/%s/%s' % (parsed.path, container, obj) conn.request('GET', path, '', {'X-Auth-Token': token}) return check_response(conn) # validate contents, contents should be source validate_requests = copy_requests for c, o, body in validate_requests: resp = retry(get_obj, c, o) self.assertEqual(resp.status, 200) self.assertEqual(body, resp.read())
def test_bad_metadata3(self): if tf.skip: raise SkipTest if tf.in_process: tf.skip_if_no_xattrs() def post(url, token, parsed, conn, extra_headers): headers = {'X-Auth-Token': token} headers.update(extra_headers) conn.request('POST', parsed.path, '', headers) return check_response(conn) headers = {} header_value = 'k' * self.max_meta_value_length size = 0 x = 0 while size < (self.max_meta_overall_size - 4 - self.max_meta_value_length): size += 4 + self.max_meta_value_length headers['X-Account-Meta-%04d' % x] = header_value x += 1 if self.max_meta_overall_size - size > 1: headers['X-Account-Meta-k'] = \ 'v' * (self.max_meta_overall_size - size - 1) resp = retry(post, headers) resp.read() self.assertEqual(resp.status, 204) # this POST includes metadata size that is over limit headers['X-Account-Meta-k'] = \ 'x' * (self.max_meta_overall_size - size) resp = retry(post, headers) resp.read() self.assertEqual(resp.status, 400) # this POST would be ok and the aggregate backend metadata # size is on the border headers = { 'X-Account-Meta-k': 'y' * (self.max_meta_overall_size - size - 1) } resp = retry(post, headers) resp.read() self.assertEqual(resp.status, 204) # this last POST would be ok by itself but takes the aggregate # backend metadata size over limit headers = { 'X-Account-Meta-k': 'z' * (self.max_meta_overall_size - size) } resp = retry(post, headers) resp.read() self.assertEqual(resp.status, 400)
def test_bad_metadata3(self): if tf.skip: raise SkipTest if tf.in_process: tf.skip_if_no_xattrs() def post(url, token, parsed, conn, extra_headers): headers = {'X-Auth-Token': token} headers.update(extra_headers) conn.request('POST', parsed.path, '', headers) return check_response(conn) headers = {} header_value = 'k' * self.max_meta_value_length size = 0 x = 0 while size < (self.max_meta_overall_size - 4 - self.max_meta_value_length): size += 4 + self.max_meta_value_length headers['X-Account-Meta-%04d' % x] = header_value x += 1 if self.max_meta_overall_size - size > 1: headers['X-Account-Meta-k'] = \ 'v' * (self.max_meta_overall_size - size - 1) resp = retry(post, headers) resp.read() self.assertEqual(resp.status, 204) # this POST includes metadata size that is over limit headers['X-Account-Meta-k'] = \ 'x' * (self.max_meta_overall_size - size) resp = retry(post, headers) resp.read() self.assertEqual(resp.status, 400) # this POST would be ok and the aggregate backend metadata # size is on the border headers = {'X-Account-Meta-k': 'y' * (self.max_meta_overall_size - size - 1)} resp = retry(post, headers) resp.read() self.assertEqual(resp.status, 204) # this last POST would be ok by itself but takes the aggregate # backend metadata size over limit headers = {'X-Account-Meta-k': 'z' * (self.max_meta_overall_size - size)} resp = retry(post, headers) resp.read() self.assertEqual(resp.status, 400)
def test_PUT_metadata(self): if tf.skip: raise SkipTest def put(url, token, parsed, conn, name, value): conn.request('PUT', parsed.path + '/' + name, '', { 'X-Auth-Token': token, 'X-Container-Meta-Test': value }) return check_response(conn) def head(url, token, parsed, conn, name): conn.request('HEAD', parsed.path + '/' + name, '', {'X-Auth-Token': token}) return check_response(conn) def get(url, token, parsed, conn, name): conn.request('GET', parsed.path + '/' + name, '', {'X-Auth-Token': token}) return check_response(conn) def delete(url, token, parsed, conn, name): conn.request('DELETE', parsed.path + '/' + name, '', {'X-Auth-Token': token}) return check_response(conn) name = uuid4().hex resp = retry(put, name, 'Value') resp.read() self.assertEqual(resp.status, 201) resp = retry(head, name) resp.read() self.assert_(resp.status in (200, 204), resp.status) self.assertEqual(resp.getheader('x-container-meta-test'), 'Value') resp = retry(get, name) resp.read() self.assert_(resp.status in (200, 204), resp.status) self.assertEqual(resp.getheader('x-container-meta-test'), 'Value') resp = retry(delete, name) resp.read() self.assertEqual(resp.status, 204) name = uuid4().hex resp = retry(put, name, '') resp.read() self.assertEqual(resp.status, 201) resp = retry(head, name) resp.read() self.assert_(resp.status in (200, 204), resp.status) self.assertEqual(resp.getheader('x-container-meta-test'), None) resp = retry(get, name) resp.read() self.assert_(resp.status in (200, 204), resp.status) self.assertEqual(resp.getheader('x-container-meta-test'), None) resp = retry(delete, name) resp.read() self.assertEqual(resp.status, 204)
def test_PUT_metadata(self): if tf.skip: raise SkipTest def put(url, token, parsed, conn, name, value): conn.request('PUT', parsed.path + '/' + name, '', {'X-Auth-Token': token, 'X-Container-Meta-Test': value}) return check_response(conn) def head(url, token, parsed, conn, name): conn.request('HEAD', parsed.path + '/' + name, '', {'X-Auth-Token': token}) return check_response(conn) def get(url, token, parsed, conn, name): conn.request('GET', parsed.path + '/' + name, '', {'X-Auth-Token': token}) return check_response(conn) def delete(url, token, parsed, conn, name): conn.request('DELETE', parsed.path + '/' + name, '', {'X-Auth-Token': token}) return check_response(conn) name = uuid4().hex resp = retry(put, name, 'Value') resp.read() self.assertEqual(resp.status, 201) resp = retry(head, name) resp.read() self.assert_(resp.status in (200, 204), resp.status) self.assertEqual(resp.getheader('x-container-meta-test'), 'Value') resp = retry(get, name) resp.read() self.assert_(resp.status in (200, 204), resp.status) self.assertEqual(resp.getheader('x-container-meta-test'), 'Value') resp = retry(delete, name) resp.read() self.assertEqual(resp.status, 204) name = uuid4().hex resp = retry(put, name, '') resp.read() self.assertEqual(resp.status, 201) resp = retry(head, name) resp.read() self.assert_(resp.status in (200, 204), resp.status) self.assertEqual(resp.getheader('x-container-meta-test'), None) resp = retry(get, name) resp.read() self.assert_(resp.status in (200, 204), resp.status) self.assertEqual(resp.getheader('x-container-meta-test'), None) resp = retry(delete, name) resp.read() self.assertEqual(resp.status, 204)
def get_meta(cls): def head(url, token, parsed, conn): conn.request('HEAD', parsed.path, '', {'X-Auth-Token': token}) return check_response(conn) resp = retry(head) resp.read() return dict((k, v) for k, v in resp.getheaders() if k.lower().startswith('x-account-meta'))
def test_swift_account_acls(self): if tf.skip: raise SkipTest def post(url, token, parsed, conn, headers): new_headers = dict({"X-Auth-Token": token}, **headers) conn.request("POST", parsed.path, "", new_headers) return check_response(conn) def head(url, token, parsed, conn): conn.request("HEAD", parsed.path, "", {"X-Auth-Token": token}) return check_response(conn) def get(url, token, parsed, conn): conn.request("GET", parsed.path, "", {"X-Auth-Token": token}) return check_response(conn) try: # User1 can POST to their own account resp = retry(post, headers={"X-Account-Access-Control": "{}"}) resp.read() self.assertEqual(resp.status, 204) self.assertIsNone(resp.getheader("X-Account-Access-Control")) # User1 can GET their own empty account resp = retry(get) resp.read() self.assertEqual(resp.status // 100, 2) self.assertIsNone(resp.getheader("X-Account-Access-Control")) # User1 can POST non-empty data acl_json = '{"admin":["bob"]}' resp = retry(post, headers={"X-Account-Access-Control": acl_json}) resp.read() self.assertEqual(resp.status, 204) # User1 can GET the non-empty data resp = retry(get) resp.read() self.assertEqual(resp.status // 100, 2) self.assertEqual(resp.getheader("X-Account-Access-Control"), acl_json) # POST non-JSON ACL should fail resp = retry(post, headers={"X-Account-Access-Control": "yuck"}) resp.read() # resp.status will be 400 if tempauth or some other ACL-aware # auth middleware rejects it, or 200 (but silently swallowed by # core Swift) if ACL-unaware auth middleware approves it. # A subsequent GET should show the old, valid data, not the garbage resp = retry(get) resp.read() self.assertEqual(resp.status // 100, 2) self.assertEqual(resp.getheader("X-Account-Access-Control"), acl_json) finally: # Make sure to clean up even if tests fail -- User2 should not # have access to User1's account in other functional tests! resp = retry(post, headers={"X-Account-Access-Control": "{}"}) resp.read()
def test_bad_metadata(self): if tf.skip: raise SkipTest def post(url, token, parsed, conn, extra_headers): headers = {"X-Auth-Token": token} headers.update(extra_headers) conn.request("POST", parsed.path, "", headers) return check_response(conn) resp = retry(post, {"X-Account-Meta-" + ("k" * self.max_meta_name_length): "v"}) resp.read() self.assertEqual(resp.status, 204) resp = retry(post, {"X-Account-Meta-" + ("k" * (self.max_meta_name_length + 1)): "v"}) resp.read() self.assertEqual(resp.status, 400) resp = retry(post, {"X-Account-Meta-Too-Long": ("k" * self.max_meta_value_length)}) resp.read() self.assertEqual(resp.status, 204) resp = retry(post, {"X-Account-Meta-Too-Long": "k" * (self.max_meta_value_length + 1)}) resp.read() self.assertEqual(resp.status, 400) headers = {} for x in xrange(self.max_meta_count): headers["X-Account-Meta-%d" % x] = "v" resp = retry(post, headers) resp.read() self.assertEqual(resp.status, 204) headers = {} for x in xrange(self.max_meta_count + 1): headers["X-Account-Meta-%d" % x] = "v" resp = retry(post, headers) resp.read() self.assertEqual(resp.status, 400) headers = {} header_value = "k" * self.max_meta_value_length size = 0 x = 0 while size < (self.max_meta_overall_size - 4 - self.max_meta_value_length): size += 4 + self.max_meta_value_length headers["X-Account-Meta-%04d" % x] = header_value x += 1 if self.max_meta_overall_size - size > 1: headers["X-Account-Meta-k"] = "v" * (self.max_meta_overall_size - size - 1) resp = retry(post, headers) resp.read() self.assertEqual(resp.status, 204) headers["X-Account-Meta-k"] = "v" * (self.max_meta_overall_size - size) resp = retry(post, headers) resp.read() self.assertEqual(resp.status, 400)
def test_public_object(self): if tf.skip: raise SkipTest def get(url, token, parsed, conn): conn.request('GET', '%s/%s/%s' % (parsed.path, self.container, self.obj)) return check_response(conn) try: resp = retry(get) raise Exception('Should not have been able to GET') except Exception as err: self.assertTrue(str(err).startswith('No result after ')) def post(url, token, parsed, conn): conn.request('POST', parsed.path + '/' + self.container, '', { 'X-Auth-Token': token, 'X-Container-Read': '.r:*' }) return check_response(conn) resp = retry(post) resp.read() self.assertEqual(resp.status, 204) resp = retry(get) resp.read() self.assertEqual(resp.status, 200) def post(url, token, parsed, conn): conn.request('POST', parsed.path + '/' + self.container, '', { 'X-Auth-Token': token, 'X-Container-Read': '' }) return check_response(conn) resp = retry(post) resp.read() self.assertEqual(resp.status, 204) try: resp = retry(get) raise Exception('Should not have been able to GET') except Exception as err: self.assertTrue(str(err).startswith('No result after '))
def tearDown(self): if tf.skip: raise SkipTest # get list of objects in container def get(url, token, parsed, conn, container): conn.request( 'GET', parsed.path + '/' + container + '?format=json', '', {'X-Auth-Token': token}) return check_response(conn) # delete an object def delete(url, token, parsed, conn, container, obj): conn.request( 'DELETE', '/'.join([parsed.path, container, obj['name']]), '', {'X-Auth-Token': token}) return check_response(conn) for container in self.containers: while True: resp = retry(get, container) body = resp.read() if resp.status == 404: break self.assert_(resp.status // 100 == 2, resp.status) objs = json.loads(body) if not objs: break for obj in objs: resp = retry(delete, container, obj) resp.read() self.assertEqual(resp.status, 204) # delete the container def delete(url, token, parsed, conn, name): conn.request('DELETE', parsed.path + '/' + name, '', {'X-Auth-Token': token}) return check_response(conn) for container in self.containers: resp = retry(delete, container) resp.read() self.assert_(resp.status in (204, 404))
def test_project_domain_id_header(self): # make sure account exists (assumes account auto create) def post(url, token, parsed, conn): conn.request("POST", parsed.path, "", {"X-Auth-Token": token}) return check_response(conn) resp = retry(post, use_account=4) resp.read() self.assertEqual(resp.status, 204) # account in non-default domain should have a project domain id def head(url, token, parsed, conn): conn.request("HEAD", parsed.path, "", {"X-Auth-Token": token}) return check_response(conn) resp = retry(head, use_account=4) resp.read() self.assertEqual(resp.status, 204) self.assertIn("X-Account-Project-Domain-Id", resp.headers)
def test_invalid_acl_keys(self): def post(url, token, parsed, conn, headers): new_headers = dict({"X-Auth-Token": token}, **headers) conn.request("POST", parsed.path, "", new_headers) return check_response(conn) # needs to be json resp = retry(post, headers={"X-Account-Access-Control": "invalid"}, use_account=1) resp.read() self.assertEqual(resp.status, 400) acl_user = tf.swift_test_user[1] acl = {"admin": [acl_user], "invalid_key": "invalid_value"} headers = {"x-account-access-control": format_acl(version=2, acl_dict=acl)} resp = retry(post, headers, use_account=1) resp.read() self.assertEqual(resp.status, 400) self.assertIsNone(resp.getheader("X-Account-Access-Control"))
def test_public_container(self): if tf.skip: raise SkipTest def get(url, token, parsed, conn): conn.request('GET', parsed.path + '/' + self.name) return check_response(conn) try: resp = retry(get) raise Exception('Should not have been able to GET') except Exception as err: self.assert_(str(err).startswith('No result after '), err) def post(url, token, parsed, conn): conn.request('POST', parsed.path + '/' + self.name, '', { 'X-Auth-Token': token, 'X-Container-Read': '.r:*,.rlistings' }) return check_response(conn) resp = retry(post) resp.read() self.assertEqual(resp.status, 204) resp = retry(get) resp.read() self.assertEqual(resp.status, 204) def post(url, token, parsed, conn): conn.request('POST', parsed.path + '/' + self.name, '', { 'X-Auth-Token': token, 'X-Container-Read': '' }) return check_response(conn) resp = retry(post) resp.read() self.assertEqual(resp.status, 204) try: resp = retry(get) raise Exception('Should not have been able to GET') except Exception as err: self.assert_(str(err).startswith('No result after '), err)
def test_project_domain_id_header(self): # make sure account exists (assumes account auto create) def post(url, token, parsed, conn): conn.request('POST', parsed.path, '', {'X-Auth-Token': token}) return check_response(conn) resp = retry(post, use_account=4) resp.read() self.assertEqual(resp.status, 204) # account in non-default domain should have a project domain id def head(url, token, parsed, conn): conn.request('HEAD', parsed.path, '', {'X-Auth-Token': token}) return check_response(conn) resp = retry(head, use_account=4) resp.read() self.assertEqual(resp.status, 204) self.assertTrue('X-Account-Project-Domain-Id' in resp.headers)
def tearDown(self): if tf.skip: raise SkipTest # get list of objects in container def get(url, token, parsed, conn, container): conn.request('GET', parsed.path + '/' + container + '?format=json', '', {'X-Auth-Token': token}) return check_response(conn) # delete an object def delete(url, token, parsed, conn, container, obj): conn.request('DELETE', '/'.join([parsed.path, container, obj['name']]), '', {'X-Auth-Token': token}) return check_response(conn) for container in self.containers: while True: resp = retry(get, container) body = resp.read() if resp.status == 404: break self.assertTrue(resp.status // 100 == 2, resp.status) objs = json.loads(body) if not objs: break for obj in objs: resp = retry(delete, container, obj) resp.read() self.assertEqual(resp.status, 204) # delete the container def delete(url, token, parsed, conn, name): conn.request('DELETE', parsed.path + '/' + name, '', {'X-Auth-Token': token}) return check_response(conn) for container in self.containers: resp = retry(delete, container) resp.read() self.assertIn(resp.status, (204, 404))
def clear_meta(cls, remove_metadata_keys): def post(url, token, parsed, conn, hdr_keys): headers = {'X-Auth-Token': token} headers.update((k, '') for k in hdr_keys) conn.request('POST', parsed.path, '', headers) return check_response(conn) buckets = (len(remove_metadata_keys) - 1) // 90 + 1 for batch in distribute_evenly(remove_metadata_keys, buckets): resp = retry(post, batch) resp.read()
def clear_meta(cls, remove_metadata_keys): def post(url, token, parsed, conn, hdr_keys): headers = {'X-Auth-Token': token} headers.update((k, '') for k in hdr_keys) conn.request('POST', parsed.path, '', headers) return check_response(conn) for i in range(0, len(remove_metadata_keys), 90): batch = remove_metadata_keys[i:i + 90] resp = retry(post, batch) resp.read()
def test_delete_content_type(self): if tf.skip: raise SkipTest def put(url, token, parsed, conn): conn.request("PUT", "%s/%s/hi" % (parsed.path, self.container), "there", {"X-Auth-Token": token}) return check_response(conn) resp = retry(put) resp.read() self.assertEqual(resp.status, 201) def delete(url, token, parsed, conn): conn.request("DELETE", "%s/%s/hi" % (parsed.path, self.container), "", {"X-Auth-Token": token}) return check_response(conn) resp = retry(delete) resp.read() self.assertEqual(resp.status, 204) self.assertEqual(resp.getheader("Content-Type"), "text/html; charset=UTF-8")
def set_meta(cls, metadata): def post(url, token, parsed, conn, meta_hdrs): headers = {'X-Auth-Token': token} headers.update(meta_hdrs) conn.request('POST', parsed.path, '', headers) return check_response(conn) if not metadata: return resp = retry(post, metadata) resp.read()
def test_admin_acl(self): if tf.skip3: raise SkipTest def get(url, token, parsed, conn): conn.request('GET', parsed.path, '', {'X-Auth-Token': token}) return check_response(conn) def post(url, token, parsed, conn, headers): new_headers = dict({'X-Auth-Token': token}, **headers) conn.request('POST', parsed.path, '', new_headers) return check_response(conn) # cannot read account resp = retry(get, use_account=3) resp.read() self.assertEquals(resp.status, 403) # grant admin access acl_user = tf.swift_test_user[2] acl = {'admin': [acl_user]} acl_json_str = format_acl(version=2, acl_dict=acl) headers = {'x-account-access-control': acl_json_str} resp = retry(post, headers=headers, use_account=1) resp.read() self.assertEqual(resp.status, 204) # admin can read account headers resp = retry(get, use_account=3) resp.read() self.assert_(resp.status in (200, 204)) # including acls self.assertEqual(resp.getheader('X-Account-Access-Control'), acl_json_str) # admin can write account metadata value = str(uuid4()) headers = {'x-account-meta-test': value} resp = retry(post, headers=headers, use_account=3) resp.read() self.assertEqual(resp.status, 204) resp = retry(get, use_account=3) resp.read() self.assert_(resp.status in (200, 204)) self.assertEqual(resp.getheader('X-Account-Meta-Test'), value) # admin can even revoke their own access headers = {'x-account-access-control': '{}'} resp = retry(post, headers=headers, use_account=3) resp.read() self.assertEqual(resp.status, 204) # and again, cannot read account resp = retry(get, use_account=3) resp.read() self.assertEquals(resp.status, 403)
def test_public_object(self): if tf.skip: raise SkipTest def get(url, token, parsed, conn): conn.request("GET", "%s/%s/%s" % (parsed.path, self.container, self.obj)) return check_response(conn) try: resp = retry(get) raise Exception("Should not have been able to GET") except Exception as err: self.assert_(str(err).startswith("No result after ")) def post(url, token, parsed, conn): conn.request( "POST", parsed.path + "/" + self.container, "", {"X-Auth-Token": token, "X-Container-Read": ".r:*"} ) return check_response(conn) resp = retry(post) resp.read() self.assertEqual(resp.status, 204) resp = retry(get) resp.read() self.assertEqual(resp.status, 200) def post(url, token, parsed, conn): conn.request( "POST", parsed.path + "/" + self.container, "", {"X-Auth-Token": token, "X-Container-Read": ""} ) return check_response(conn) resp = retry(post) resp.read() self.assertEqual(resp.status, 204) try: resp = retry(get) raise Exception("Should not have been able to GET") except Exception as err: self.assert_(str(err).startswith("No result after "))
def test_invalid_acl_keys(self): def post(url, token, parsed, conn, headers): new_headers = dict({'X-Auth-Token': token}, **headers) conn.request('POST', parsed.path, '', new_headers) return check_response(conn) # needs to be json resp = retry(post, headers={'X-Account-Access-Control': 'invalid'}, use_account=1) resp.read() self.assertEqual(resp.status, 400) acl_user = tf.swift_test_user[1] acl = {'admin': [acl_user], 'invalid_key': 'invalid_value'} headers = {'x-account-access-control': format_acl( version=2, acl_dict=acl)} resp = retry(post, headers, use_account=1) resp.read() self.assertEqual(resp.status, 400) self.assertEqual(resp.getheader('X-Account-Access-Control'), None)
def tearDown(self): def head(url, token, parsed, conn): conn.request('HEAD', parsed.path, '', {'X-Auth-Token': token}) return check_response(conn) resp = retry(head) resp.read() new_metadata = set( [k for k, v in resp.getheaders() if k.lower().startswith('x-account-meta')]) def clear_meta(url, token, parsed, conn, remove_metadata_keys): headers = {'X-Auth-Token': token} headers.update((k, '') for k in remove_metadata_keys) conn.request('POST', parsed.path, '', headers) return check_response(conn) extra_metadata = list(self.existing_metadata ^ new_metadata) for i in range(0, len(extra_metadata), 90): batch = extra_metadata[i:i + 90] resp = retry(clear_meta, batch) resp.read() self.assertEqual(resp.status // 100, 2)
def test_delete_if_delete_at_bad(self): if tf.skip: raise SkipTest def put(url, token, parsed, conn): conn.request('PUT', '%s/%s/hi-delete-bad' % (parsed.path, self.container), 'there', {'X-Auth-Token': token}) return check_response(conn) resp = retry(put) resp.read() self.assertEqual(resp.status, 201) def delete(url, token, parsed, conn): conn.request('DELETE', '%s/%s/hi' % (parsed.path, self.container), '', {'X-Auth-Token': token, 'X-If-Delete-At': 'bad'}) return check_response(conn) resp = retry(delete) resp.read() self.assertEqual(resp.status, 400)
def tearDown(self): def head(url, token, parsed, conn): conn.request("HEAD", parsed.path, "", {"X-Auth-Token": token}) return check_response(conn) resp = retry(head) resp.read() new_metadata = set([k for k, v in resp.getheaders() if k.lower().startswith("x-account-meta")]) def clear_meta(url, token, parsed, conn, remove_metadata_keys): headers = {"X-Auth-Token": token} headers.update((k, "") for k in remove_metadata_keys) conn.request("POST", parsed.path, "", headers) return check_response(conn) extra_metadata = list(self.existing_metadata ^ new_metadata) for i in range(0, len(extra_metadata), 90): batch = extra_metadata[i : i + 90] resp = retry(clear_meta, batch) resp.read() self.assertEqual(resp.status // 100, 2)
def test_invalid_acl_keys(self): def post(url, token, parsed, conn, headers): new_headers = dict({'X-Auth-Token': token}, **headers) conn.request('POST', parsed.path, '', new_headers) return check_response(conn) # needs to be json resp = retry(post, headers={'X-Account-Access-Control': 'invalid'}, use_account=1) resp.read() self.assertEqual(resp.status, 400) acl_user = tf.swift_test_user[1] acl = {'admin': [acl_user], 'invalid_key': 'invalid_value'} headers = {'x-account-access-control': format_acl( version=2, acl_dict=acl)} resp = retry(post, headers, use_account=1) resp.read() self.assertEqual(resp.status, 400) self.assertIsNone(resp.getheader('X-Account-Access-Control'))
def setUp(self): self.max_meta_count = load_constraint("max_meta_count") self.max_meta_name_length = load_constraint("max_meta_name_length") self.max_meta_overall_size = load_constraint("max_meta_overall_size") self.max_meta_value_length = load_constraint("max_meta_value_length") def head(url, token, parsed, conn): conn.request("HEAD", parsed.path, "", {"X-Auth-Token": token}) return check_response(conn) resp = retry(head) self.existing_metadata = set([k for k, v in resp.getheaders() if k.lower().startswith("x-account-meta")])
def test_cross_account_container(self): if tf.skip or tf.skip2: raise SkipTest # Obtain the first account's string first_account = ['unknown'] def get1(url, token, parsed, conn): first_account[0] = parsed.path conn.request('HEAD', parsed.path + '/' + self.name, '', {'X-Auth-Token': token}) return check_response(conn) resp = retry(get1) resp.read() # Ensure we can't access the container with the second account def get2(url, token, parsed, conn): conn.request('GET', first_account[0] + '/' + self.name, '', {'X-Auth-Token': token}) return check_response(conn) resp = retry(get2, use_account=2) resp.read() self.assertEqual(resp.status, 403) # Make the container accessible by the second account def post(url, token, parsed, conn): conn.request( 'POST', parsed.path + '/' + self.name, '', { 'X-Auth-Token': token, 'X-Container-Read': tf.swift_test_perm[1], 'X-Container-Write': tf.swift_test_perm[1] }) return check_response(conn) resp = retry(post) resp.read() self.assertEqual(resp.status, 204) # Ensure we can now use the container with the second account resp = retry(get2, use_account=2) resp.read() self.assertEqual(resp.status, 204) # Make the container private again def post(url, token, parsed, conn): conn.request( 'POST', parsed.path + '/' + self.name, '', { 'X-Auth-Token': token, 'X-Container-Read': '', 'X-Container-Write': '' }) return check_response(conn) resp = retry(post) resp.read() self.assertEqual(resp.status, 204) # Ensure we can't access the container with the second account again resp = retry(get2, use_account=2) resp.read() self.assertEqual(resp.status, 403)
def test_POST_metadata(self): if tf.skip: raise SkipTest def post(url, token, parsed, conn, value): conn.request('POST', parsed.path + '/' + self.name, '', { 'X-Auth-Token': token, 'X-Container-Meta-Test': value }) return check_response(conn) def head(url, token, parsed, conn): conn.request('HEAD', parsed.path + '/' + self.name, '', {'X-Auth-Token': token}) return check_response(conn) def get(url, token, parsed, conn): conn.request('GET', parsed.path + '/' + self.name, '', {'X-Auth-Token': token}) return check_response(conn) resp = retry(head) resp.read() self.assert_(resp.status in (200, 204), resp.status) self.assertEqual(resp.getheader('x-container-meta-test'), None) resp = retry(get) resp.read() self.assert_(resp.status in (200, 204), resp.status) self.assertEqual(resp.getheader('x-container-meta-test'), None) resp = retry(post, 'Value') resp.read() self.assertEqual(resp.status, 204) resp = retry(head) resp.read() self.assert_(resp.status in (200, 204), resp.status) self.assertEqual(resp.getheader('x-container-meta-test'), 'Value') resp = retry(get) resp.read() self.assert_(resp.status in (200, 204), resp.status) self.assertEqual(resp.getheader('x-container-meta-test'), 'Value')
def test_read_write_acl(self): if tf.skip3: raise SkipTest def get(url, token, parsed, conn): conn.request('GET', parsed.path, '', {'X-Auth-Token': token}) return check_response(conn) def post(url, token, parsed, conn, headers): new_headers = dict({'X-Auth-Token': token}, **headers) conn.request('POST', parsed.path, '', new_headers) return check_response(conn) # cannot read account resp = retry(get, use_account=3) resp.read() self.assertEquals(resp.status, 403) # grant read-write access acl_user = tf.swift_test_user[2] acl = {'read-write': [acl_user]} headers = { 'x-account-access-control': format_acl(version=2, acl_dict=acl) } resp = retry(post, headers=headers, use_account=1) resp.read() self.assertEqual(resp.status, 204) # read-write can read account headers resp = retry(get, use_account=3) resp.read() self.assert_(resp.status in (200, 204)) # but not acls self.assertEqual(resp.getheader('X-Account-Access-Control'), None) # read-write can not write account metadata headers = {'x-account-meta-test': 'value'} resp = retry(post, headers=headers, use_account=3) resp.read() self.assertEqual(resp.status, 403)
def setUp(self): self.max_meta_count = load_constraint('max_meta_count') self.max_meta_name_length = load_constraint('max_meta_name_length') self.max_meta_overall_size = load_constraint('max_meta_overall_size') self.max_meta_value_length = load_constraint('max_meta_value_length') def head(url, token, parsed, conn): conn.request('HEAD', parsed.path, '', {'X-Auth-Token': token}) return check_response(conn) resp = retry(head) self.existing_metadata = set([ k for k, v in resp.getheaders() if k.lower().startswith('x-account-meta')])
def test_bad_metadata2(self): if tf.skip: raise SkipTest def post(url, token, parsed, conn, extra_headers): headers = {'X-Auth-Token': token} headers.update(extra_headers) conn.request('POST', parsed.path, '', headers) return check_response(conn) headers = {} for x in range(self.max_meta_count): headers['X-Account-Meta-%d' % x] = 'v' resp = retry(post, headers) resp.read() self.assertEqual(resp.status, 204) headers = {} for x in range(self.max_meta_count + 1): headers['X-Account-Meta-%d' % x] = 'v' resp = retry(post, headers) resp.read() self.assertEqual(resp.status, 400)
def test_delete_content_type(self): if tf.skip: raise SkipTest def put(url, token, parsed, conn): conn.request('PUT', '%s/%s/hi' % (parsed.path, self.container), 'there', {'X-Auth-Token': token}) return check_response(conn) resp = retry(put) resp.read() self.assertEqual(resp.status, 201) def delete(url, token, parsed, conn): conn.request('DELETE', '%s/%s/hi' % (parsed.path, self.container), '', {'X-Auth-Token': token}) return check_response(conn) resp = retry(delete) resp.read() self.assertEqual(resp.status, 204) self.assertEqual(resp.getheader('Content-Type'), 'text/html; charset=UTF-8')