def _test_set_container_permission(self, account, permission): grants = [Grant(User(account), permission)] headers = \ encode_acl('container', ACL(Owner('test:tester', 'test:tester'), grants)) self.swift.register('HEAD', '/v1/AUTH_test/bucket', swob.HTTPNoContent, headers, None)
def _gen_test_acl_header(owner, permission=None, grantee=None, resource='container'): if permission is None: return ACL(owner, []) if grantee is None: grantee = User('test:tester') return encode_acl(resource, ACL(owner, [Grant(grantee, permission)]))
def generate_ossacl_environ(account, swift, owner): def gen_grant(permission): # generate Grant with a grantee named by "permission" account_name = '%s:%s' % (account, permission.lower()) return Grant(User(account_name), permission) grants = map(gen_grant, PERMISSIONS) container_headers = _gen_test_headers(owner, grants) object_headers = _gen_test_headers(owner, grants, 'object') object_body = 'hello' object_headers['Content-Length'] = len(object_body) # TEST method is used to resolve a tenant name swift.register('TEST', '/v1/AUTH_test', swob.HTTPMethodNotAllowed, {}, None) swift.register('TEST', '/v1/AUTH_X', swob.HTTPMethodNotAllowed, {}, None) # for bucket swift.register('HEAD', '/v1/AUTH_test/bucket', swob.HTTPNoContent, container_headers, None) swift.register('HEAD', '/v1/AUTH_test/bucket+segments', swob.HTTPNoContent, container_headers, None) swift.register('PUT', '/v1/AUTH_test/bucket', swob.HTTPCreated, {}, None) swift.register('GET', '/v1/AUTH_test/bucket', swob.HTTPNoContent, container_headers, json.dumps([])) swift.register('POST', '/v1/AUTH_test/bucket', swob.HTTPNoContent, {}, None) swift.register('DELETE', '/v1/AUTH_test/bucket', swob.HTTPNoContent, {}, None) # necessary for canned-acl tests public_headers = _gen_test_headers(owner, [Grant(AllUsers(), 'READ')]) swift.register('GET', '/v1/AUTH_test/public', swob.HTTPNoContent, public_headers, json.dumps([])) authenticated_headers = _gen_test_headers( owner, [Grant(AuthenticatedUsers(), 'READ')], 'bucket') swift.register('GET', '/v1/AUTH_test/authenticated', swob.HTTPNoContent, authenticated_headers, json.dumps([])) # for object swift.register('HEAD', '/v1/AUTH_test/bucket/object', swob.HTTPOk, object_headers, None)
def _test_object_acl_PUT(self, account, permission='FULL_CONTROL'): acl = ACL(self.default_owner, [Grant(User(account), permission)]) req = Request.blank('/bucket/object?acl', environ={'REQUEST_METHOD': 'PUT'}, headers={ 'Authorization': 'OSS %s:hmac' % account, 'Date': self.get_date_header() }, body=tostring(acl.elem())) return self.call_oss2swift(req)
def _test_object_copy_for_ossacl(self, account, src_permission=None, src_path='/src_bucket/src_obj'): owner = 'test:tester' grants = [Grant(User(account), src_permission)] \ if src_permission else [Grant(User(owner), 'FULL_CONTROL')] src_o_headers = \ encode_acl('object', ACL(Owner(owner, owner), grants)) src_o_headers.update({'last-modified': self.last_modified}) self.swift.register( 'HEAD', join('/v1/AUTH_test', src_path.lstrip('/')), swob.HTTPOk, src_o_headers, None) req = Request.blank( '/bucket/object', environ={'REQUEST_METHOD': 'PUT'}, headers={'Authorization': 'OSS %s:hmac' % account, 'X-Oss-Copy-Source': src_path, 'Date': self.get_date_header()}) return self.call_oss2swift(req)
def _test_object_PUT_copy_self(self, head_resp, put_header=None, timestamp=None): account = 'test:tester' grants = [Grant(User(account), 'FULL_CONTROL')] head_headers = \ encode_acl('object', ACL(Owner(account, account), grants)) head_headers.update({'last-modified': self.last_modified}) self.swift.register('HEAD', '/v1/AUTH_test/bucket/object', head_resp, head_headers, None) put_header = put_header or {} return self._call_object_copy('/bucket/object', put_header, timestamp)
def _gen_test_headers(owner, grants=[], resource='container'): if not grants: grants = [Grant(User('test:tester'), 'FULL_CONTROL')] return encode_acl(resource, ACL(owner, grants))
def gen_grant(permission): # generate Grant with a grantee named by "permission" account_name = '%s:%s' % (account, permission.lower()) return Grant(User(account_name), permission)