TrueCloudLab/s3-tests
7
0
Fork 1
mirror of https://github.com/ceph/s3-tests.git synced 2025-02-21 05:28:06 +00:00
Code Issues 2 Projects Releases Packages Wiki Activity

add acl grant userid tests

Browse source 
* Refactor some acl grant user_id code and run through the full suite of
  acls
This commit is contained in:
Stephon Striplin 2011-07-15 14:34:08 -07:00
parent 3303b0f33b
commit 03a80e6121
1 changed files with 64 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

67
s3tests/functional/test_s3.py
View file

@ -801,11 +801,11 @@ def test_object_acl_xml_readacp():
_build_object_acl_xml('READ_ACP') _build_object_acl_xml('READ_ACP')
def test_bucket_acl_grant_userid(): def _bucket_acl_grant_userid(permission):
bucket = get_new_bucket() bucket = get_new_bucket()
# add alt user # add alt user
policy = bucket.get_acl() policy = bucket.get_acl()
policy.acl.add_user_grant('FULL_CONTROL', config.alt.user_id) policy.acl.add_user_grant(permission, config.alt.user_id)
bucket.set_acl(policy) bucket.set_acl(policy)
policy = bucket.get_acl() policy = bucket.get_acl()
check_grants( check_grants(
@ -820,7 +820,7 @@ def test_bucket_acl_grant_userid():
type='CanonicalUser', type='CanonicalUser',
), ),
dict( dict(
permission='FULL_CONTROL', permission=permission,
id=config.alt.user_id, id=config.alt.user_id,
display_name=config.alt.display_name, display_name=config.alt.display_name,
uri=None, uri=None,
@ -830,12 +830,73 @@ def test_bucket_acl_grant_userid():
], ],
) )
return bucket
def test_bucket_acl_grant_userid_fullcontrol():
bucket = _bucket_acl_grant_userid('FULL_CONTROL')
# alt user can write # alt user can write
bucket2 = s3.alt.get_bucket(bucket.name) bucket2 = s3.alt.get_bucket(bucket.name)
key = bucket2.new_key('foo') key = bucket2.new_key('foo')
key.set_contents_from_string('bar') key.set_contents_from_string('bar')
def test_bucket_acl_grant_userid_read():
bucket = _bucket_acl_grant_userid('READ')
# alt user can read but not write
bucket2 = s3.alt.get_bucket(bucket.name)
# can't read acl
check_access_denied(bucket2.get_acl)
# can't write
key = bucket2.new_key('foo')
check_access_denied(key.set_contents_from_string, 'bar')
def test_bucket_acl_grant_userid_readacp():
bucket = _bucket_acl_grant_userid('READ_ACP')
# alt user can read the acl
bucket2 = s3.alt.get_bucket(bucket.name, validate=False)
bucket2.get_acl()
# can't write
key = bucket2.new_key('foo')
check_access_denied(key.set_contents_from_string, 'bar')
def test_bucket_acl_grant_userid_write():
bucket = _bucket_acl_grant_userid('WRITE')
# alt user shouldn't have read access
check_access_denied(s3.alt.get_bucket, bucket.name)
bucket2 = s3.alt.get_bucket(bucket.name, validate=False)
key = bucket2.new_key('foo')
# can't modify acl
check_access_denied(key.set_acl, 'public-read')
# can write
key.set_contents_from_string('bar')
@attr('fails_on_dho')
def test_bucket_acl_grant_nonexist_user():
bucket = get_new_bucket()
# add alt user
bad_user_id = 'foo'
policy = bucket.get_acl()
policy.acl.add_user_grant('FULL_CONTROL', bad_user_id)
print policy.to_xml()
e = assert_raises(boto.exception.S3ResponseError, bucket.set_acl, policy)
eq(e.status, 400)
eq(e.reason, 'Bad Request')
# This test will fail on DH Objects. DHO allows multiple users with one account, which # This test will fail on DH Objects. DHO allows multiple users with one account, which
# would violate the uniqueness requirement of a user's email. As such, DHO users are # would violate the uniqueness requirement of a user's email. As such, DHO users are
# created without an email. # created without an email.