def _test_object_PUT_copy(self, head_resp, put_header={}): account = 'test:tester' grants = [Grant(User(account), 'FULL_CONTROL')] head_headers = \ encode_acl('object', ACL(Owner(account, account), grants)) head_headers.update({'last-modified': self.last_modified}) self.swift.register('HEAD', '/v1/AUTH_test/some/source', head_resp, head_headers, None) put_headers = { 'Authorization': 'AWS test:tester:hmac', 'X-Amz-Copy-Source': '/some/source', 'Date': self.get_date_header() } put_headers.update(put_header) req = Request.blank('/bucket/object', environ={'REQUEST_METHOD': 'PUT'}, headers=put_headers) req.date = datetime.now() req.content_type = 'text/plain' with patch('swift3.utils.time.time', return_value=1396353600.000000): return self.call_swift3(req)
def _test_set_container_permission(self, account, permission): grants = [Grant(User(account), permission)] headers = \ encode_acl('container', ACL(Owner('test:tester', 'test:tester'), grants)) self.swift.register('HEAD', '/v1/AUTH_test/bucket', swob.HTTPNoContent, headers, None)
def _gen_test_acl_header(owner, permission=None, grantee=None, resource='container'): if permission is None: return ACL(owner, []) if grantee is None: grantee = User('test:tester') return encode_acl(resource, ACL(owner, [Grant(grantee, permission)]))
def PUT(self, app): if not self.obj: # Initiate Multipart Uploads (put +segment container) resp = self._handle_acl(app, 'HEAD') req_acl = ACL.from_headers(self.req.headers, resp.bucket_acl.owner, Owner(self.user_id, self.user_id)) acl_headers = encode_acl('object', req_acl) self.req.headers[sysmeta_header('object', 'tmpacl')] = \ acl_headers[sysmeta_header('object', 'acl')]
def test_encode_acl_object(self): acl = ACLPrivate(Owner(id='test:tester', name='test:tester')) acp = encode_acl('object', acl) header_value = json.loads(acp[sysmeta_header('object', 'acl')]) self.assertTrue('Owner' in header_value) self.assertTrue('Grant' in header_value) self.assertEqual('test:tester', header_value['Owner']) self.assertEqual(len(header_value['Grant']), 1)
def test_object_PUT_copy_without_dst_obj_permission(self): account = 'test:other' grants = [Grant(User(account), 'WRITE')] headers = encode_acl('container', ACL(Owner(account, account), grants)) self.swift.register('HEAD', '/v1/AUTH_test/bucket', swob.HTTPNoContent, headers, None) status, headers, body = \ self._test_object_copy_for_s3acl(account, 'READ') self.assertEquals(status.split()[0], '403')
def PUT(self, app): if not self.acl_checked: resp = self._handle_acl(app, 'HEAD', obj='') req_acl = ACL.from_headers(self.req.headers, resp.bucket_acl.owner, Owner(self.user_id, self.user_id)) acl_headers = encode_acl('object', req_acl) self.req.headers[sysmeta_header('object', 'tmpacl')] = \ acl_headers[sysmeta_header('object', 'acl')] self.acl_checked = True
def _test_object_PUT_copy_self(self, head_resp, put_header={}): account = 'test:tester' grants = [Grant(User(account), 'FULL_CONTROL')] head_headers = \ encode_acl('object', ACL(Owner(account, account), grants)) head_headers.update({'last-modified': self.last_modified}) self.swift.register('HEAD', '/v1/AUTH_test/bucket/object', head_resp, head_headers, None) return self._call_object_copy('/bucket/object', put_header)
def _test_object_PUT_copy(self, head_resp, put_header=None, src_path='/some/source', timestamp=None): account = 'test:tester' grants = [Grant(User(account), 'FULL_CONTROL')] head_headers = \ encode_acl('object', ACL(Owner(account, account), grants)) head_headers.update({'last-modified': self.last_modified}) self.swift.register('HEAD', '/v1/AUTH_test/some/source', head_resp, head_headers, None) put_header = put_header or {} return self._call_object_copy(src_path, put_header, timestamp)
def _test_object_copy_for_s3acl(self, account, src_permission=None, src_path="/src_bucket/src_obj"): owner = "test:tester" grants = [Grant(User(account), src_permission)] if src_permission else [Grant(User(owner), "FULL_CONTROL")] src_o_headers = encode_acl("object", ACL(Owner(owner, owner), grants)) src_o_headers.update({"last-modified": self.last_modified}) self.swift.register("HEAD", join("/v1/AUTH_test", src_path.lstrip("/")), swob.HTTPOk, src_o_headers, None) req = Request.blank( "/bucket/object", environ={"REQUEST_METHOD": "PUT"}, headers={"Authorization": "AWS %s:hmac" % account, "X-Amz-Copy-Source": src_path}, ) return self.call_swift3(req)
def test_bucket_PUT_with_canned_s3acl(self): account = 'test:tester' acl = \ encode_acl('container', ACLPublicRead(Owner(account, account))) req = Request.blank('/bucket', environ={'REQUEST_METHOD': 'PUT'}, headers={'Authorization': 'AWS test:tester:hmac', 'X-Amz-Acl': 'public-read'}) status, headers, body = self.call_swift3(req) self.assertEquals(status.split()[0], '200') _, _, headers = self.swift.calls_with_headers[-1] self.assertTrue('X-Container-Read' not in headers) self.assertTrue('X-Container-Sysmeta-Swift3-Acl' in headers) self.assertEquals(headers.get('X-Container-Sysmeta-Swift3-Acl'), acl['x-container-sysmeta-swift3-acl'])
def _test_object_PUT_copy(self, head_resp, put_header={}): account = "test:tester" grants = [Grant(User(account), "FULL_CONTROL")] head_headers = encode_acl("object", ACL(Owner(account, account), grants)) head_headers.update({"last-modified": self.last_modified}) self.swift.register("HEAD", "/v1/AUTH_test/some/source", head_resp, head_headers, None) put_headers = {"Authorization": "AWS test:tester:hmac", "X-Amz-Copy-Source": "/some/source"} put_headers.update(put_header) req = Request.blank("/bucket/object", environ={"REQUEST_METHOD": "PUT"}, headers=put_headers) req.date = datetime.now() req.content_type = "text/plain" return self.call_swift3(req)
def test_bucket_PUT_with_canned_s3acl(self): account = 'test:tester' acl = \ encode_acl('container', ACLPublicRead(Owner(account, account))) req = Request.blank('/bucket', environ={'REQUEST_METHOD': 'PUT'}, headers={'Authorization': 'AWS test:tester:hmac', 'Date': self.get_date_header(), 'X-Amz-Acl': 'public-read'}) status, headers, body = self.call_swift3(req) self.assertEqual(status.split()[0], '200') _, _, headers = self.swift.calls_with_headers[-1] self.assertTrue('X-Container-Read' not in headers) self.assertTrue('X-Container-Sysmeta-Swift3-Acl' in headers) self.assertEqual(headers.get('X-Container-Sysmeta-Swift3-Acl'), acl['x-container-sysmeta-swift3-acl'])
def test_encode_acl_many_grant(self): headers = {} users = [] for i in range(0, 99): users.append('id=test:tester%s' % str(i)) users = ','.join(users) headers['x-amz-grant-read'] = users acl = ACL.from_headers(headers, Owner('test:tester', 'test:tester')) acp = encode_acl('container', acl) header_value = acp[sysmeta_header('container', 'acl')] header_value = json.loads(header_value) self.assertTrue('Owner' in header_value) self.assertTrue('Grant' in header_value) self.assertEqual('test:tester', header_value['Owner']) self.assertEqual(len(header_value['Grant']), 99)
def _test_object_copy_for_s3acl(self, account, src_permission=None, src_path='/src_bucket/src_obj'): owner = 'test:tester' grants = [Grant(User(account), src_permission)] \ if src_permission else [Grant(User(owner), 'FULL_CONTROL')] src_o_headers = \ encode_acl('object', ACL(Owner(owner, owner), grants)) self.swift.register( 'HEAD', join('/v1/AUTH_test', src_path.lstrip('/')), swob.HTTPOk, src_o_headers, None) req = Request.blank( '/bucket/object', environ={'REQUEST_METHOD': 'PUT'}, headers={'Authorization': 'AWS %s:hmac' % account, 'X-Amz-Copy-Source': src_path}) return self.call_swift3(req)
def _test_object_PUT_copy(self, head_resp, put_header={}): account = 'test:tester' grants = [Grant(User(account), 'FULL_CONTROL')] head_headers = \ encode_acl('object', ACL(Owner(account, account), grants)) self.swift.register('HEAD', '/v1/AUTH_test/some/source', head_resp, head_headers, None) put_headers = {'Authorization': 'AWS test:tester:hmac', 'X-Amz-Copy-Source': '/some/source'} put_headers.update(put_header) req = Request.blank('/bucket/object', environ={'REQUEST_METHOD': 'PUT'}, headers=put_headers) req.date = datetime.now() req.content_type = 'text/plain' return self.call_swift3(req)
def test_service_GET_without_owner_bucket(self): bucket_list = [] for var in range(0, 10): user_id = 'test:other' bucket = 'bucket%s' % var owner = Owner(user_id, user_id) headers = encode_acl('container', ACL(owner, [])) self.swift.register('HEAD', '/v1/AUTH_test/%s' % bucket, swob.HTTPNoContent, headers, None) bucket_list.append((bucket, var, 300 + var)) status, headers, body = \ self._test_service_GET_for_check_bucket_owner(bucket_list) self.assertEquals(status.split()[0], '200') elem = fromstring(body, 'ListAllMyBucketsResult') resp_buckets = elem.find('./Buckets') buckets = resp_buckets.iterchildren('Bucket') self.assertEquals(len(list(buckets)), 0)
def test_object_multipart_upload_initiate_s3acl(self): req = Request.blank('/bucket/object?uploads', environ={'REQUEST_METHOD': 'POST'}, headers={ 'Authorization': 'AWS test:tester:hmac', 'x-amz-acl': 'public-read', 'x-amz-meta-foo': 'bar' }) status, headers, body = self.call_swift3(req) fromstring(body, 'InitiateMultipartUploadResult') self.assertEquals(status.split()[0], '200') _, _, req_headers = self.swift.calls_with_headers[-1] self.assertEquals(req_headers.get('X-Object-Meta-Foo'), 'bar') tmpacl_header = req_headers.get(sysmeta_header('object', 'tmpacl')) self.assertTrue(tmpacl_header) acl_header = encode_acl( 'object', ACLPublicRead(Owner('test:tester', 'test:tester'))) self.assertEquals(acl_header.get(sysmeta_header('object', 'acl')), tmpacl_header)
def test_service_GET_bucekt_list(self): bucket_list = [] for var in range(0, 10): if var % 3 == 0: user_id = 'test:tester' else: user_id = 'test:other' bucket = 'bucket%s' % var owner = Owner(user_id, user_id) headers = encode_acl('container', ACL(owner, [])) # set register to get owner of buckets if var % 3 == 2: self.swift.register('HEAD', '/v1/AUTH_test/%s' % bucket, swob.HTTPNotFound, {}, None) else: self.swift.register('HEAD', '/v1/AUTH_test/%s' % bucket, swob.HTTPNoContent, headers, None) bucket_list.append((bucket, var, 300 + var)) status, headers, body = \ self._test_service_GET_for_check_bucket_owner(bucket_list) self.assertEquals(status.split()[0], '200') elem = fromstring(body, 'ListAllMyBucketsResult') resp_buckets = elem.find('./Buckets') buckets = resp_buckets.iterchildren('Bucket') listing = list(list(buckets)[0]) self.assertEquals(len(listing), 2) names = [] for b in resp_buckets.iterchildren('Bucket'): names.append(b.find('./Name').text) # Check whether getting bucket only locate in multiples of 3 in # bucket_list which mean requested user is owner. expected_buckets = [b for i, b in enumerate(bucket_list) if i % 3 == 0] self.assertEquals(len(names), len(expected_buckets)) for i in expected_buckets: self.assertTrue(i[0] in names) self.assertEquals(len(self.swift.calls_with_headers), 11)
def _test_object_PUT_copy(self, head_resp, put_header={}): account = 'test:tester' grants = [Grant(User(account), 'FULL_CONTROL')] head_headers = \ encode_acl('object', ACL(Owner(account, account), grants)) head_headers.update({'last-modified': self.last_modified}) self.swift.register('HEAD', '/v1/AUTH_test/some/source', head_resp, head_headers, None) put_headers = {'Authorization': 'AWS test:tester:hmac', 'X-Amz-Copy-Source': '/some/source'} put_headers.update(put_header) req = Request.blank('/bucket/object', environ={'REQUEST_METHOD': 'PUT'}, headers=put_headers) req.date = datetime.now() req.content_type = 'text/plain' return self.call_swift3(req)
def _test_copy_for_s3acl(self, account, src_permission=None, src_path='/src_bucket/src_obj', head_resp=swob.HTTPOk, put_header={}): owner = 'test:tester' grants = [Grant(User(account), src_permission)] \ if src_permission else [Grant(User(owner), 'FULL_CONTROL')] src_o_headers = encode_acl('object', ACL(Owner(owner, owner), grants)) self.swift.register('HEAD', '/v1/AUTH_test/src_bucket/src_obj', head_resp, src_o_headers, None) put_headers = { 'Authorization': 'AWS %s:hmac' % account, 'X-Amz-Copy-Source': src_path } put_headers.update(put_header) req = Request.blank('/bucket/object?partNumber=1&uploadId=X', environ={'REQUEST_METHOD': 'PUT'}, headers=put_headers) return self.call_swift3(req)
def test_object_multipart_upload_complete_s3acl(self): acl_headers = encode_acl( 'object', ACLPublicRead(Owner('test:tester', 'test:tester'))) headers = {} headers[sysmeta_header('object', 'tmpacl')] = \ acl_headers.get(sysmeta_header('object', 'acl')) headers['X-Object-Meta-Foo'] = 'bar' self.swift.register('HEAD', '/v1/AUTH_test/bucket+segments/object/X', swob.HTTPOk, headers, None) req = Request.blank('/bucket/object?uploadId=X', environ={'REQUEST_METHOD': 'POST'}, headers={'Authorization': 'AWS test:tester:hmac'}, body=xml) status, headers, body = self.call_swift3(req) fromstring(body, 'CompleteMultipartUploadResult') self.assertEquals(status.split()[0], '200') _, _, headers = self.swift.calls_with_headers[-2] self.assertEquals(headers.get('X-Object-Meta-Foo'), 'bar') self.assertEquals( tostring( ACLPublicRead(Owner('test:tester', 'test:tester')).elem()), tostring(decode_acl('object', headers).elem()))
def setter(self, value): self.headers.update(encode_acl(resource, value)) setattr(self, '_%s' % resource, value)
def _gen_test_headers(owner, grants=[], resource='container'): if not grants: grants = [Grant(User('test:tester'), 'FULL_CONTROL')] return encode_acl(resource, ACL(owner, grants))
def _test_set_container_permission(self, account, permission): grants = [Grant(User(account), permission)] headers = encode_acl("container", ACL(Owner("test:tester", "test:tester"), grants)) self.swift.register("HEAD", "/v1/AUTH_test/bucket", swob.HTTPNoContent, headers, None)