def test_acl_canonical_user(self): grantee = User('test:tester') self.assertTrue('test:tester' in grantee) self.assertTrue('test:tester2' not in grantee) self.assertEquals(str(grantee), 'test:tester') self.assertEquals(grantee.elem().find('./ID').text, 'test:tester')
def _test_object_PUT_copy(self, head_resp, put_header={}): account = 'test:tester' grants = [Grant(User(account), 'FULL_CONTROL')] head_headers = \ encode_acl('object', ACL(Owner(account, account), grants)) head_headers.update({'last-modified': self.last_modified}) self.swift.register('HEAD', '/v1/AUTH_test/some/source', head_resp, head_headers, None) put_headers = { 'Authorization': 'AWS test:tester:hmac', 'X-Amz-Copy-Source': '/some/source', 'Date': self.get_date_header() } put_headers.update(put_header) req = Request.blank('/bucket/object', environ={'REQUEST_METHOD': 'PUT'}, headers=put_headers) req.date = datetime.now() req.content_type = 'text/plain' with patch('swift3.utils.time.time', return_value=1396353600.000000): return self.call_swift3(req)
def _test_set_container_permission(self, account, permission): grants = [Grant(User(account), permission)] headers = \ encode_acl('container', ACL(Owner('test:tester', 'test:tester'), grants)) self.swift.register('HEAD', '/v1/AUTH_test/bucket', swob.HTTPNoContent, headers, None)
def _test_object_acl_PUT(self, account, permission='FULL_CONTROL'): acl = ACL(self.default_owner, [Grant(User(account), permission)]) req = Request.blank('/bucket/object?acl', environ={'REQUEST_METHOD': 'PUT'}, headers={'Authorization': 'AWS %s:hmac' % account}, body=tostring(acl.elem())) return self.call_swift3(req)
def _gen_test_acl_header(owner, permission=None, grantee=None, resource='container'): if permission is None: return ACL(owner, []) if grantee is None: grantee = User('test:tester') return encode_acl(resource, ACL(owner, [Grant(grantee, permission)]))
def test_object_PUT_copy_without_dst_obj_permission(self): account = 'test:other' grants = [Grant(User(account), 'WRITE')] headers = encode_acl('container', ACL(Owner(account, account), grants)) self.swift.register('HEAD', '/v1/AUTH_test/bucket', swob.HTTPNoContent, headers, None) status, headers, body = \ self._test_object_copy_for_s3acl(account, 'READ') self.assertEquals(status.split()[0], '403')
def _test_object_copy_for_s3acl(self, account, src_permission=None, src_path='/src_bucket/src_obj'): owner = 'test:tester' grants = [Grant(User(account), src_permission)] \ if src_permission else [Grant(User(owner), 'FULL_CONTROL')] src_o_headers = \ encode_acl('object', ACL(Owner(owner, owner), grants)) self.swift.register( 'HEAD', join('/v1/AUTH_test', src_path.lstrip('/')), swob.HTTPOk, src_o_headers, None) req = Request.blank( '/bucket/object', environ={'REQUEST_METHOD': 'PUT'}, headers={'Authorization': 'AWS %s:hmac' % account, 'X-Amz-Copy-Source': src_path}) return self.call_swift3(req)
def _test_object_PUT_copy_self(self, head_resp, put_header={}): account = 'test:tester' grants = [Grant(User(account), 'FULL_CONTROL')] head_headers = \ encode_acl('object', ACL(Owner(account, account), grants)) head_headers.update({'last-modified': self.last_modified}) self.swift.register('HEAD', '/v1/AUTH_test/bucket/object', head_resp, head_headers, None) return self._call_object_copy('/bucket/object', put_header)
def _test_object_PUT_copy(self, head_resp, put_header=None, src_path='/some/source', timestamp=None): account = 'test:tester' grants = [Grant(User(account), 'FULL_CONTROL')] head_headers = \ encode_acl('object', ACL(Owner(account, account), grants)) head_headers.update({'last-modified': self.last_modified}) self.swift.register('HEAD', '/v1/AUTH_test/some/source', head_resp, head_headers, None) put_header = put_header or {} return self._call_object_copy(src_path, put_header, timestamp)
def _test_copy_for_s3acl(self, account, src_permission=None, src_path='/src_bucket/src_obj', head_resp=swob.HTTPOk, put_header={}): owner = 'test:tester' grants = [Grant(User(account), src_permission)] \ if src_permission else [Grant(User(owner), 'FULL_CONTROL')] src_o_headers = encode_acl('object', ACL(Owner(owner, owner), grants)) self.swift.register('HEAD', '/v1/AUTH_test/src_bucket/src_obj', head_resp, src_o_headers, None) put_headers = { 'Authorization': 'AWS %s:hmac' % account, 'X-Amz-Copy-Source': src_path } put_headers.update(put_header) req = Request.blank('/bucket/object?partNumber=1&uploadId=X', environ={'REQUEST_METHOD': 'PUT'}, headers=put_headers) return self.call_swift3(req)
def _test_object_PUT_copy(self, head_resp, put_header={}): account = 'test:tester' grants = [Grant(User(account), 'FULL_CONTROL')] head_headers = \ encode_acl('object', ACL(Owner(account, account), grants)) self.swift.register('HEAD', '/v1/AUTH_test/some/source', head_resp, head_headers, None) put_headers = {'Authorization': 'AWS test:tester:hmac', 'X-Amz-Copy-Source': '/some/source'} put_headers.update(put_header) req = Request.blank('/bucket/object', environ={'REQUEST_METHOD': 'PUT'}, headers=put_headers) req.date = datetime.now() req.content_type = 'text/plain' return self.call_swift3(req)
def _gen_test_headers(owner, grants=[], resource='container'): if not grants: grants = [Grant(User('test:tester'), 'FULL_CONTROL')] return encode_acl(resource, ACL(owner, grants))
def gen_grant(permission): # generate Grant with a grantee named by "permission" account_name = '%s:%s' % (account, permission.lower()) return Grant(User(account_name), permission)