def _test_object_PUT_copy(self, head_resp, put_header={}):
account = 'test:tester'
grants = [Grant(User(account), 'FULL_CONTROL')]
head_headers = \
encode_acl('object',
ACL(Owner(account, account), grants))
head_headers.update({'last-modified': self.last_modified})
self.swift.register('HEAD', '/v1/AUTH_test/some/source', head_resp,
head_headers, None)
put_headers = {
'Authorization': 'AWS test:tester:hmac',
'X-Amz-Copy-Source': '/some/source',
'Date': self.get_date_header()
}
put_headers.update(put_header)
req = Request.blank('/bucket/object',
environ={'REQUEST_METHOD': 'PUT'},
headers=put_headers)
req.date = datetime.now()
req.content_type = 'text/plain'
with patch('swift3.utils.time.time', return_value=1396353600.000000):
return self.call_swift3(req)
def _test_set_container_permission(self, account, permission):
grants = [Grant(User(account), permission)]
headers = \
encode_acl('container',
ACL(Owner('test:tester', 'test:tester'), grants))
self.swift.register('HEAD', '/v1/AUTH_test/bucket',
swob.HTTPNoContent, headers, None)
def _test_set_container_permission(self, account, permission):
grants = [Grant(User(account), permission)]
headers = \
encode_acl('container',
ACL(Owner('test:tester', 'test:tester'), grants))
self.swift.register('HEAD', '/v1/AUTH_test/bucket',
swob.HTTPNoContent, headers, None)
def _gen_test_acl_header(owner, permission=None, grantee=None,
resource='container'):
if permission is None:
return ACL(owner, [])
if grantee is None:
grantee = User('test:tester')
return encode_acl(resource, ACL(owner, [Grant(grantee, permission)]))
def _gen_test_acl_header(owner, permission=None, grantee=None,
resource='container'):
if permission is None:
return ACL(owner, [])
if grantee is None:
grantee = User('test:tester')
return encode_acl(resource, ACL(owner, [Grant(grantee, permission)]))
def PUT(self, app):
if not self.obj:
# Initiate Multipart Uploads (put +segment container)
resp = self._handle_acl(app, 'HEAD')
req_acl = ACL.from_headers(self.req.headers, resp.bucket_acl.owner,
Owner(self.user_id, self.user_id))
acl_headers = encode_acl('object', req_acl)
self.req.headers[sysmeta_header('object', 'tmpacl')] = \
acl_headers[sysmeta_header('object', 'acl')]
def test_encode_acl_object(self):
acl = ACLPrivate(Owner(id='test:tester', name='test:tester'))
acp = encode_acl('object', acl)
header_value = json.loads(acp[sysmeta_header('object', 'acl')])
self.assertTrue('Owner' in header_value)
self.assertTrue('Grant' in header_value)
self.assertEqual('test:tester', header_value['Owner'])
self.assertEqual(len(header_value['Grant']), 1)
def test_object_PUT_copy_without_dst_obj_permission(self):
account = 'test:other'
grants = [Grant(User(account), 'WRITE')]
headers = encode_acl('container', ACL(Owner(account, account), grants))
self.swift.register('HEAD', '/v1/AUTH_test/bucket', swob.HTTPNoContent,
headers, None)
status, headers, body = \
self._test_object_copy_for_s3acl(account, 'READ')
self.assertEquals(status.split()[0], '403')
def PUT(self, app):
if not self.acl_checked:
resp = self._handle_acl(app, 'HEAD', obj='')
req_acl = ACL.from_headers(self.req.headers, resp.bucket_acl.owner,
Owner(self.user_id, self.user_id))
acl_headers = encode_acl('object', req_acl)
self.req.headers[sysmeta_header('object', 'tmpacl')] = \
acl_headers[sysmeta_header('object', 'acl')]
self.acl_checked = True
def _test_object_PUT_copy_self(self, head_resp, put_header={}):
account = 'test:tester'
grants = [Grant(User(account), 'FULL_CONTROL')]
head_headers = \
encode_acl('object',
ACL(Owner(account, account), grants))
head_headers.update({'last-modified': self.last_modified})
self.swift.register('HEAD', '/v1/AUTH_test/bucket/object', head_resp,
head_headers, None)
return self._call_object_copy('/bucket/object', put_header)
def _test_object_PUT_copy_self(self, head_resp, put_header={}):
account = 'test:tester'
grants = [Grant(User(account), 'FULL_CONTROL')]
head_headers = \
encode_acl('object',
ACL(Owner(account, account), grants))
head_headers.update({'last-modified': self.last_modified})
self.swift.register('HEAD', '/v1/AUTH_test/bucket/object',
head_resp, head_headers, None)
return self._call_object_copy('/bucket/object', put_header)
def test_encode_acl_object(self):
acl = ACLPrivate(Owner(id='test:tester',
name='test:tester'))
acp = encode_acl('object', acl)
header_value = json.loads(acp[sysmeta_header('object', 'acl')])
self.assertTrue('Owner' in header_value)
self.assertTrue('Grant' in header_value)
self.assertEqual('test:tester', header_value['Owner'])
self.assertEqual(len(header_value['Grant']), 1)
def PUT(self, app):
if not self.obj:
# Initiate Multipart Uploads (put +segment container)
resp = self._handle_acl(app, 'HEAD')
req_acl = ACL.from_headers(self.req.headers,
resp.bucket_acl.owner,
Owner(self.user_id, self.user_id))
acl_headers = encode_acl('object', req_acl)
self.req.headers[sysmeta_header('object', 'tmpacl')] = \
acl_headers[sysmeta_header('object', 'acl')]
def test_object_PUT_copy_without_dst_obj_permission(self):
account = 'test:other'
grants = [Grant(User(account), 'WRITE')]
headers = encode_acl('container',
ACL(Owner(account, account), grants))
self.swift.register('HEAD', '/v1/AUTH_test/bucket',
swob.HTTPNoContent, headers, None)
status, headers, body = \
self._test_object_copy_for_s3acl(account, 'READ')
self.assertEquals(status.split()[0], '403')
def _test_object_PUT_copy(self, head_resp, put_header=None,
src_path='/some/source', timestamp=None):
account = 'test:tester'
grants = [Grant(User(account), 'FULL_CONTROL')]
head_headers = \
encode_acl('object',
ACL(Owner(account, account), grants))
head_headers.update({'last-modified': self.last_modified})
self.swift.register('HEAD', '/v1/AUTH_test/some/source',
head_resp, head_headers, None)
put_header = put_header or {}
return self._call_object_copy(src_path, put_header, timestamp)
def _test_object_copy_for_s3acl(self, account, src_permission=None, src_path="/src_bucket/src_obj"):
owner = "test:tester"
grants = [Grant(User(account), src_permission)] if src_permission else [Grant(User(owner), "FULL_CONTROL")]
src_o_headers = encode_acl("object", ACL(Owner(owner, owner), grants))
src_o_headers.update({"last-modified": self.last_modified})
self.swift.register("HEAD", join("/v1/AUTH_test", src_path.lstrip("/")), swob.HTTPOk, src_o_headers, None)
req = Request.blank(
"/bucket/object",
environ={"REQUEST_METHOD": "PUT"},
headers={"Authorization": "AWS %s:hmac" % account, "X-Amz-Copy-Source": src_path},
)
return self.call_swift3(req)
def test_bucket_PUT_with_canned_s3acl(self):
account = 'test:tester'
acl = \
encode_acl('container', ACLPublicRead(Owner(account, account)))
req = Request.blank('/bucket',
environ={'REQUEST_METHOD': 'PUT'},
headers={'Authorization': 'AWS test:tester:hmac',
'X-Amz-Acl': 'public-read'})
status, headers, body = self.call_swift3(req)
self.assertEquals(status.split()[0], '200')
_, _, headers = self.swift.calls_with_headers[-1]
self.assertTrue('X-Container-Read' not in headers)
self.assertTrue('X-Container-Sysmeta-Swift3-Acl' in headers)
self.assertEquals(headers.get('X-Container-Sysmeta-Swift3-Acl'),
acl['x-container-sysmeta-swift3-acl'])
def _test_object_PUT_copy(self, head_resp, put_header={}):
account = "test:tester"
grants = [Grant(User(account), "FULL_CONTROL")]
head_headers = encode_acl("object", ACL(Owner(account, account), grants))
head_headers.update({"last-modified": self.last_modified})
self.swift.register("HEAD", "/v1/AUTH_test/some/source", head_resp, head_headers, None)
put_headers = {"Authorization": "AWS test:tester:hmac", "X-Amz-Copy-Source": "/some/source"}
put_headers.update(put_header)
req = Request.blank("/bucket/object", environ={"REQUEST_METHOD": "PUT"}, headers=put_headers)
req.date = datetime.now()
req.content_type = "text/plain"
return self.call_swift3(req)
def test_bucket_PUT_with_canned_s3acl(self):
account = 'test:tester'
acl = \
encode_acl('container', ACLPublicRead(Owner(account, account)))
req = Request.blank('/bucket',
environ={'REQUEST_METHOD': 'PUT'},
headers={'Authorization': 'AWS test:tester:hmac',
'Date': self.get_date_header(),
'X-Amz-Acl': 'public-read'})
status, headers, body = self.call_swift3(req)
self.assertEqual(status.split()[0], '200')
_, _, headers = self.swift.calls_with_headers[-1]
self.assertTrue('X-Container-Read' not in headers)
self.assertTrue('X-Container-Sysmeta-Swift3-Acl' in headers)
self.assertEqual(headers.get('X-Container-Sysmeta-Swift3-Acl'),
acl['x-container-sysmeta-swift3-acl'])
def test_encode_acl_many_grant(self):
headers = {}
users = []
for i in range(0, 99):
users.append('id=test:tester%s' % str(i))
users = ','.join(users)
headers['x-amz-grant-read'] = users
acl = ACL.from_headers(headers, Owner('test:tester', 'test:tester'))
acp = encode_acl('container', acl)
header_value = acp[sysmeta_header('container', 'acl')]
header_value = json.loads(header_value)
self.assertTrue('Owner' in header_value)
self.assertTrue('Grant' in header_value)
self.assertEqual('test:tester', header_value['Owner'])
self.assertEqual(len(header_value['Grant']), 99)
def test_encode_acl_many_grant(self):
headers = {}
users = []
for i in range(0, 99):
users.append('id=test:tester%s' % str(i))
users = ','.join(users)
headers['x-amz-grant-read'] = users
acl = ACL.from_headers(headers, Owner('test:tester', 'test:tester'))
acp = encode_acl('container', acl)
header_value = acp[sysmeta_header('container', 'acl')]
header_value = json.loads(header_value)
self.assertTrue('Owner' in header_value)
self.assertTrue('Grant' in header_value)
self.assertEqual('test:tester', header_value['Owner'])
self.assertEqual(len(header_value['Grant']), 99)
def _test_object_copy_for_s3acl(self, account, src_permission=None,
src_path='/src_bucket/src_obj'):
owner = 'test:tester'
grants = [Grant(User(account), src_permission)] \
if src_permission else [Grant(User(owner), 'FULL_CONTROL')]
src_o_headers = \
encode_acl('object', ACL(Owner(owner, owner), grants))
self.swift.register(
'HEAD', join('/v1/AUTH_test', src_path.lstrip('/')),
swob.HTTPOk, src_o_headers, None)
req = Request.blank(
'/bucket/object',
environ={'REQUEST_METHOD': 'PUT'},
headers={'Authorization': 'AWS %s:hmac' % account,
'X-Amz-Copy-Source': src_path})
return self.call_swift3(req)
def _test_object_copy_for_s3acl(self, account, src_permission=None,
src_path='/src_bucket/src_obj'):
owner = 'test:tester'
grants = [Grant(User(account), src_permission)] \
if src_permission else [Grant(User(owner), 'FULL_CONTROL')]
src_o_headers = \
encode_acl('object', ACL(Owner(owner, owner), grants))
self.swift.register(
'HEAD', join('/v1/AUTH_test', src_path.lstrip('/')),
swob.HTTPOk, src_o_headers, None)
req = Request.blank(
'/bucket/object',
environ={'REQUEST_METHOD': 'PUT'},
headers={'Authorization': 'AWS %s:hmac' % account,
'X-Amz-Copy-Source': src_path})
return self.call_swift3(req)
def _test_object_PUT_copy(self, head_resp, put_header={}):
account = 'test:tester'
grants = [Grant(User(account), 'FULL_CONTROL')]
head_headers = \
encode_acl('object',
ACL(Owner(account, account), grants))
self.swift.register('HEAD', '/v1/AUTH_test/some/source',
head_resp, head_headers, None)
put_headers = {'Authorization': 'AWS test:tester:hmac',
'X-Amz-Copy-Source': '/some/source'}
put_headers.update(put_header)
req = Request.blank('/bucket/object',
environ={'REQUEST_METHOD': 'PUT'},
headers=put_headers)
req.date = datetime.now()
req.content_type = 'text/plain'
return self.call_swift3(req)
def test_service_GET_without_owner_bucket(self):
bucket_list = []
for var in range(0, 10):
user_id = 'test:other'
bucket = 'bucket%s' % var
owner = Owner(user_id, user_id)
headers = encode_acl('container', ACL(owner, []))
self.swift.register('HEAD', '/v1/AUTH_test/%s' % bucket,
swob.HTTPNoContent, headers, None)
bucket_list.append((bucket, var, 300 + var))
status, headers, body = \
self._test_service_GET_for_check_bucket_owner(bucket_list)
self.assertEquals(status.split()[0], '200')
elem = fromstring(body, 'ListAllMyBucketsResult')
resp_buckets = elem.find('./Buckets')
buckets = resp_buckets.iterchildren('Bucket')
self.assertEquals(len(list(buckets)), 0)
def test_service_GET_without_owner_bucket(self):
bucket_list = []
for var in range(0, 10):
user_id = 'test:other'
bucket = 'bucket%s' % var
owner = Owner(user_id, user_id)
headers = encode_acl('container', ACL(owner, []))
self.swift.register('HEAD', '/v1/AUTH_test/%s' % bucket,
swob.HTTPNoContent, headers, None)
bucket_list.append((bucket, var, 300 + var))
status, headers, body = \
self._test_service_GET_for_check_bucket_owner(bucket_list)
self.assertEquals(status.split()[0], '200')
elem = fromstring(body, 'ListAllMyBucketsResult')
resp_buckets = elem.find('./Buckets')
buckets = resp_buckets.iterchildren('Bucket')
self.assertEquals(len(list(buckets)), 0)
def test_object_multipart_upload_initiate_s3acl(self):
req = Request.blank('/bucket/object?uploads',
environ={'REQUEST_METHOD': 'POST'},
headers={
'Authorization': 'AWS test:tester:hmac',
'x-amz-acl': 'public-read',
'x-amz-meta-foo': 'bar'
})
status, headers, body = self.call_swift3(req)
fromstring(body, 'InitiateMultipartUploadResult')
self.assertEquals(status.split()[0], '200')
_, _, req_headers = self.swift.calls_with_headers[-1]
self.assertEquals(req_headers.get('X-Object-Meta-Foo'), 'bar')
tmpacl_header = req_headers.get(sysmeta_header('object', 'tmpacl'))
self.assertTrue(tmpacl_header)
acl_header = encode_acl(
'object', ACLPublicRead(Owner('test:tester', 'test:tester')))
self.assertEquals(acl_header.get(sysmeta_header('object', 'acl')),
tmpacl_header)
def test_service_GET_bucekt_list(self):
bucket_list = []
for var in range(0, 10):
if var % 3 == 0:
user_id = 'test:tester'
else:
user_id = 'test:other'
bucket = 'bucket%s' % var
owner = Owner(user_id, user_id)
headers = encode_acl('container', ACL(owner, []))
# set register to get owner of buckets
if var % 3 == 2:
self.swift.register('HEAD', '/v1/AUTH_test/%s' % bucket,
swob.HTTPNotFound, {}, None)
else:
self.swift.register('HEAD', '/v1/AUTH_test/%s' % bucket,
swob.HTTPNoContent, headers, None)
bucket_list.append((bucket, var, 300 + var))
status, headers, body = \
self._test_service_GET_for_check_bucket_owner(bucket_list)
self.assertEquals(status.split()[0], '200')
elem = fromstring(body, 'ListAllMyBucketsResult')
resp_buckets = elem.find('./Buckets')
buckets = resp_buckets.iterchildren('Bucket')
listing = list(list(buckets)[0])
self.assertEquals(len(listing), 2)
names = []
for b in resp_buckets.iterchildren('Bucket'):
names.append(b.find('./Name').text)
# Check whether getting bucket only locate in multiples of 3 in
# bucket_list which mean requested user is owner.
expected_buckets = [b for i, b in enumerate(bucket_list)
if i % 3 == 0]
self.assertEquals(len(names), len(expected_buckets))
for i in expected_buckets:
self.assertTrue(i[0] in names)
self.assertEquals(len(self.swift.calls_with_headers), 11)
def _test_object_PUT_copy(self, head_resp, put_header={}):
account = 'test:tester'
grants = [Grant(User(account), 'FULL_CONTROL')]
head_headers = \
encode_acl('object',
ACL(Owner(account, account), grants))
head_headers.update({'last-modified': self.last_modified})
self.swift.register('HEAD', '/v1/AUTH_test/some/source',
head_resp, head_headers, None)
put_headers = {'Authorization': 'AWS test:tester:hmac',
'X-Amz-Copy-Source': '/some/source'}
put_headers.update(put_header)
req = Request.blank('/bucket/object',
environ={'REQUEST_METHOD': 'PUT'},
headers=put_headers)
req.date = datetime.now()
req.content_type = 'text/plain'
return self.call_swift3(req)
def test_service_GET_bucekt_list(self):
bucket_list = []
for var in range(0, 10):
if var % 3 == 0:
user_id = 'test:tester'
else:
user_id = 'test:other'
bucket = 'bucket%s' % var
owner = Owner(user_id, user_id)
headers = encode_acl('container', ACL(owner, []))
# set register to get owner of buckets
if var % 3 == 2:
self.swift.register('HEAD', '/v1/AUTH_test/%s' % bucket,
swob.HTTPNotFound, {}, None)
else:
self.swift.register('HEAD', '/v1/AUTH_test/%s' % bucket,
swob.HTTPNoContent, headers, None)
bucket_list.append((bucket, var, 300 + var))
status, headers, body = \
self._test_service_GET_for_check_bucket_owner(bucket_list)
self.assertEquals(status.split()[0], '200')
elem = fromstring(body, 'ListAllMyBucketsResult')
resp_buckets = elem.find('./Buckets')
buckets = resp_buckets.iterchildren('Bucket')
listing = list(list(buckets)[0])
self.assertEquals(len(listing), 2)
names = []
for b in resp_buckets.iterchildren('Bucket'):
names.append(b.find('./Name').text)
# Check whether getting bucket only locate in multiples of 3 in
# bucket_list which mean requested user is owner.
expected_buckets = [b for i, b in enumerate(bucket_list) if i % 3 == 0]
self.assertEquals(len(names), len(expected_buckets))
for i in expected_buckets:
self.assertTrue(i[0] in names)
self.assertEquals(len(self.swift.calls_with_headers), 11)
def _test_copy_for_s3acl(self,
account,
src_permission=None,
src_path='/src_bucket/src_obj',
head_resp=swob.HTTPOk,
put_header={}):
owner = 'test:tester'
grants = [Grant(User(account), src_permission)] \
if src_permission else [Grant(User(owner), 'FULL_CONTROL')]
src_o_headers = encode_acl('object', ACL(Owner(owner, owner), grants))
self.swift.register('HEAD', '/v1/AUTH_test/src_bucket/src_obj',
head_resp, src_o_headers, None)
put_headers = {
'Authorization': 'AWS %s:hmac' % account,
'X-Amz-Copy-Source': src_path
}
put_headers.update(put_header)
req = Request.blank('/bucket/object?partNumber=1&uploadId=X',
environ={'REQUEST_METHOD': 'PUT'},
headers=put_headers)
return self.call_swift3(req)
def test_object_multipart_upload_complete_s3acl(self):
acl_headers = encode_acl(
'object', ACLPublicRead(Owner('test:tester', 'test:tester')))
headers = {}
headers[sysmeta_header('object', 'tmpacl')] = \
acl_headers.get(sysmeta_header('object', 'acl'))
headers['X-Object-Meta-Foo'] = 'bar'
self.swift.register('HEAD', '/v1/AUTH_test/bucket+segments/object/X',
swob.HTTPOk, headers, None)
req = Request.blank('/bucket/object?uploadId=X',
environ={'REQUEST_METHOD': 'POST'},
headers={'Authorization': 'AWS test:tester:hmac'},
body=xml)
status, headers, body = self.call_swift3(req)
fromstring(body, 'CompleteMultipartUploadResult')
self.assertEquals(status.split()[0], '200')
_, _, headers = self.swift.calls_with_headers[-2]
self.assertEquals(headers.get('X-Object-Meta-Foo'), 'bar')
self.assertEquals(
tostring(
ACLPublicRead(Owner('test:tester', 'test:tester')).elem()),
tostring(decode_acl('object', headers).elem()))
def setter(self, value):
self.headers.update(encode_acl(resource, value))
setattr(self, '_%s' % resource, value)
def _gen_test_headers(owner, grants=[], resource='container'):
if not grants:
grants = [Grant(User('test:tester'), 'FULL_CONTROL')]
return encode_acl(resource, ACL(owner, grants))
def setter(self, value):
self.headers.update(encode_acl(resource, value))
setattr(self, '_%s' % resource, value)
def _test_set_container_permission(self, account, permission):
grants = [Grant(User(account), permission)]
headers = encode_acl("container", ACL(Owner("test:tester", "test:tester"), grants))
self.swift.register("HEAD", "/v1/AUTH_test/bucket", swob.HTTPNoContent, headers, None)
