def test_get_bucket_vs_certs():
"""Integration test for bucket naming issues."""
import boto.s3.connection
# Add dots to try to trip up TLS certificate validation.
bucket_name = bucket_name_mangle('wal-e.test.dots', delimiter='.')
with pytest.raises(boto.https_connection.InvalidCertificateException):
with FreshBucket(bucket_name, calling_format=SubdomainCallingFormat()):
pass
def test_get_bucket_vs_certs():
"""Integration test for bucket naming issues."""
import boto.s3.connection
aws_access_key = os.getenv('AWS_ACCESS_KEY_ID')
# Add dots to try to trip up TLS certificate validation.
bucket_name = 'wal-e.test.dots.' + aws_access_key.lower()
with pytest.raises(boto.https_connection.InvalidCertificateException):
with FreshBucket(bucket_name, calling_format=SubdomainCallingFormat()):
pass
def test_empty_latest_listing():
"""Test listing a 'backup-list LATEST' on an empty prefix."""
bucket_name = 'wal-e-test-empty-listing'
layout = storage.StorageLayout('s3://{0}/test-prefix'.format(bucket_name))
with FreshBucket(bucket_name,
host='s3.amazonaws.com',
calling_format=OrdinaryCallingFormat()) as fb:
fb.create()
bl = BackupList(fb.conn, layout, False)
found = list(bl.find_all('LATEST'))
assert len(found) == 0
def test_404_termination(tmpdir):
bucket_name = 'wal-e-test-404-termination'
creds = Credentials(os.getenv('AWS_ACCESS_KEY_ID'),
os.getenv('AWS_SECRET_ACCESS_KEY'))
with FreshBucket(bucket_name, host='s3.amazonaws.com',
calling_format=OrdinaryCallingFormat()) as fb:
fb.create()
target = unicode(tmpdir.join('target'))
ret = do_lzop_get(creds, 's3://' + bucket_name + '/not-exist.lzo',
target, False)
assert ret is False
def test_301_redirect():
"""Integration test for bucket naming issues this test."""
import boto.s3.connection
bucket_name = bucket_name_mangle('wal-e-test-301-redirect')
with pytest.raises(boto.exception.S3ResponseError) as e:
# Just initiating the bucket manipulation API calls is enough
# to provoke a 301 redirect.
with FreshBucket(bucket_name,
calling_format=OrdinaryCallingFormat()) as fb:
fb.create(location='us-west-1')
assert e.value.status == 301
def test_301_redirect():
"""Integration test for bucket naming issues this test."""
import boto.s3.connection
aws_access_key = os.getenv('AWS_ACCESS_KEY_ID')
bucket_name = 'wal-e-test-301-redirect' + aws_access_key.lower()
with pytest.raises(boto.exception.S3ResponseError) as e:
# Just initiating the bucket manipulation API calls is enough
# to provoke a 301 redirect.
with FreshBucket(bucket_name,
calling_format=OrdinaryCallingFormat()) as fb:
fb.create(location='us-west-1')
assert e.value.status == 301
def test_classic_get_location():
"""Exercise get location on a s3-classic bucket."""
creds = Credentials(os.getenv('AWS_ACCESS_KEY_ID'),
os.getenv('AWS_SECRET_ACCESS_KEY'))
bucket_name = 'wal-e-test.classic.get.location'
cinfo = calling_format.from_store_name(bucket_name)
with FreshBucket(bucket_name,
host='s3.amazonaws.com',
calling_format=connection.OrdinaryCallingFormat()) as fb:
fb.create()
conn = cinfo.connect(creds)
assert cinfo.region == 'us-standard'
assert cinfo.calling_format is connection.OrdinaryCallingFormat
assert conn.host == 's3.amazonaws.com'
def test_get_location_errors(monkeypatch):
"""Simulate situations where get_location fails
Exercise both the case where IAM refuses the privilege to get the
bucket location and where some other S3ResponseError is raised
instead.
"""
bucket_name = 'wal-e.test.403.get.location'
def just_403(self):
raise boto.exception.S3ResponseError(status=403,
reason=None,
body=None)
def unhandled_404(self):
raise boto.exception.S3ResponseError(status=404,
reason=None,
body=None)
creds = Credentials(os.getenv('AWS_ACCESS_KEY_ID'),
os.getenv('AWS_SECRET_ACCESS_KEY'))
with FreshBucket(bucket_name,
calling_format=connection.OrdinaryCallingFormat()):
cinfo = calling_format.from_store_name(bucket_name)
# Provoke a 403 when trying to get the bucket location.
monkeypatch.setattr(boto.s3.bucket.Bucket, 'get_location', just_403)
cinfo.connect(creds)
assert cinfo.region == 'us-standard'
assert cinfo.calling_format is connection.OrdinaryCallingFormat
cinfo = calling_format.from_store_name(bucket_name)
# Provoke an unhandled S3ResponseError, in this case 404 not
# found.
monkeypatch.setattr(boto.s3.bucket.Bucket, 'get_location',
unhandled_404)
with pytest.raises(boto.exception.S3ResponseError) as e:
cinfo.connect(creds)
assert e.value.status == 404
def test_subdomain_compatible():
"""Exercise a case where connecting is region-oblivious."""
creds = Credentials(os.getenv('AWS_ACCESS_KEY_ID'),
os.getenv('AWS_SECRET_ACCESS_KEY'))
bucket_name = 'wal-e-test-us-west-1-no-dots'
cinfo = calling_format.from_store_name(bucket_name)
with FreshBucket(bucket_name,
host='s3-us-west-1.amazonaws.com',
calling_format=connection.OrdinaryCallingFormat()) as fb:
fb.create(location='us-west-1')
conn = cinfo.connect(creds)
assert cinfo.region is None
assert cinfo.calling_format is connection.SubdomainCallingFormat
assert isinstance(conn.calling_format,
connection.SubdomainCallingFormat)
def test_classic_get_location():
"""Exercise get location on a s3-classic bucket."""
aws_access_key_id = os.getenv('AWS_ACCESS_KEY_ID')
aws_secret_access_key = os.getenv('AWS_SECRET_ACCESS_KEY')
bucket_name = ('wal-e-test.classic.get.location.' +
aws_access_key_id.lower())
cinfo = calling_format.from_bucket_name(bucket_name)
with FreshBucket(bucket_name,
host='s3.amazonaws.com',
calling_format=connection.OrdinaryCallingFormat()) as fb:
fb.create()
conn = cinfo.connect(aws_access_key_id, aws_secret_access_key)
assert cinfo.region == 'us-standard'
assert cinfo.calling_format is connection.OrdinaryCallingFormat
assert conn.host == 's3.amazonaws.com'
def test_subdomain_compatible():
"""Exercise a case where connecting is region-oblivious."""
aws_access_key = os.getenv('AWS_ACCESS_KEY_ID')
bucket_name = 'wal-e-test-us-west-1-no-dots' + aws_access_key.lower()
cinfo = calling_format.from_bucket_name(bucket_name)
aws_access_key_id = os.getenv('AWS_ACCESS_KEY_ID')
aws_secret_access_key = os.getenv('AWS_SECRET_ACCESS_KEY')
with FreshBucket(bucket_name,
host='s3-us-west-1.amazonaws.com',
calling_format=connection.OrdinaryCallingFormat()) as fb:
fb.create(location='us-west-1')
conn = cinfo.connect(aws_access_key_id, aws_secret_access_key)
assert cinfo.region is None
assert cinfo.calling_format is connection.SubdomainCallingFormat
assert isinstance(conn.calling_format,
connection.SubdomainCallingFormat)
def test_backup_list(sts_conn):
"""Test BackupList's compatibility with a test policy."""
bn = 'wal-e.sts.backup.list'
h = 's3-us-west-1.amazonaws.com'
cf = connection.OrdinaryCallingFormat()
fed = sts_conn.get_federation_token('wal-e-test-backup-list',
policy=make_policy(bn, 'test-prefix'))
layout = StorageLayout('s3://{0}/test-prefix'.format(bn))
creds = Credentials(fed.credentials.access_key, fed.credentials.secret_key,
fed.credentials.session_token)
with FreshBucket(bn, calling_format=cf, host=h) as fb:
fb.create(location='us-west-1')
cinfo = calling_format.from_store_name(bn)
conn = cinfo.connect(creds)
conn.host = h
backups = list(BackupList(conn, layout, True))
assert not backups
def test_uri_put_file(sts_conn):
bn = 'wal-e.sts.uri.put.file'
cf = connection.OrdinaryCallingFormat()
policy_text = make_policy(bn, 'test-prefix', allow_get_location=True)
fed = sts_conn.get_federation_token('wal-e-test-uri-put-file',
policy=policy_text)
key_path = 'test-prefix/test-key'
creds = Credentials(fed.credentials.access_key, fed.credentials.secret_key,
fed.credentials.session_token)
with FreshBucket(bn,
keys=[key_path],
calling_format=cf,
host='s3-us-west-1.amazonaws.com') as fb:
fb.create(location='us-west-1')
uri_put_file(creds, 's3://' + bn + '/' + key_path,
StringIO('test-content'))
k = connection.Key(fb.conn.get_bucket(bn, validate=False))
k.name = key_path
assert k.get_contents_as_string() == 'test-content'
def test_real_get_location():
"""Exercise a case where a get location call is needed.
In cases where a bucket has offensive characters -- like dots --
that would otherwise break TLS, test sniffing the right endpoint
so it can be used to address the bucket.
"""
creds = Credentials(os.getenv('AWS_ACCESS_KEY_ID'),
os.getenv('AWS_SECRET_ACCESS_KEY'))
bucket_name = 'wal-e-test-us-west-1.get.location'
cinfo = calling_format.from_store_name(bucket_name)
with FreshBucket(bucket_name,
host='s3-us-west-1.amazonaws.com',
calling_format=connection.OrdinaryCallingFormat()) as fb:
fb.create(location='us-west-1')
conn = cinfo.connect(creds)
assert cinfo.region == 'us-west-1'
assert cinfo.calling_format is connection.OrdinaryCallingFormat
assert conn.host == 's3-us-west-1.amazonaws.com'
def test_policy(sts_conn, monkeypatch):
"""Sanity checks for the intended ACLs of the policy"""
monkeypatch.setenv('AWS_REGION', 'us-west-1')
# Use periods to force OrdinaryCallingFormat when using
# calling_format.from_store_name.
bn = bucket_name_mangle('wal-e.sts.list.test')
h = 's3-us-west-1.amazonaws.com'
cf = connection.OrdinaryCallingFormat()
fed = sts_conn.get_federation_token('wal-e-test-list-bucket',
policy=make_policy(bn, 'test-prefix'))
test_payload = 'wal-e test'
keys = [
'test-prefix/hello', 'test-prefix/world', 'not-in-prefix/goodbye',
'not-in-prefix/world'
]
creds = Credentials(fed.credentials.access_key, fed.credentials.secret_key,
fed.credentials.session_token)
with FreshBucket(bn, keys=keys, calling_format=cf, host=h) as fb:
# Superuser creds, for testing keys not in the prefix.
bucket_superset_creds = fb.create(location='us-west-1')
cinfo = calling_format.from_store_name(bn)
conn = cinfo.connect(creds)
conn.host = h
# Bucket using the token, subject to the policy.
bucket = conn.get_bucket(bn, validate=False)
for name in keys:
if name.startswith('test-prefix/'):
# Test the PUT privilege.
k = connection.Key(bucket)
else:
# Not in the prefix, so PUT will not work.
k = connection.Key(bucket_superset_creds)
k.key = name
k.set_contents_from_string(test_payload)
# Test listing keys within the prefix.
prefix_fetched_keys = list(bucket.list(prefix='test-prefix/'))
assert len(prefix_fetched_keys) == 2
# Test the GET privilege.
for key in prefix_fetched_keys:
assert key.get_contents_as_string() == b'wal-e test'
# Try a bogus listing outside the valid prefix.
with pytest.raises(exception.S3ResponseError) as e:
list(bucket.list(prefix=''))
assert e.value.status == 403
# Test the rejection of PUT outside of prefix.
k = connection.Key(bucket)
k.key = 'not-in-prefix/world'
with pytest.raises(exception.S3ResponseError) as e:
k.set_contents_from_string(test_payload)
assert e.value.status == 403