mirror of
https://github.com/ceph/s3-tests.git
synced 2024-11-24 19:30:38 +00:00
policy: test metadta copy key
Signed-off-by: Abhishek Lekshmanan <abhishek@suse.com>
This commit is contained in:
parent
35cd3f77af
commit
35c9fcd6ae
1 changed files with 40 additions and 0 deletions
|
@ -9823,3 +9823,43 @@ def test_bucket_policy_put_obj_copy_source():
|
||||||
eq(key.get_contents_as_string(), 'public/bar')
|
eq(key.get_contents_as_string(), 'public/bar')
|
||||||
|
|
||||||
check_access_denied(alt_bucket.copy_key,'new_foo2', bucket_source.name, 'private/foo')
|
check_access_denied(alt_bucket.copy_key,'new_foo2', bucket_source.name, 'private/foo')
|
||||||
|
|
||||||
|
|
||||||
|
@attr(resource='object')
|
||||||
|
@attr(method='put')
|
||||||
|
@attr(operation='Test copy-source conditional on put obj')
|
||||||
|
@attr(assertion='success')
|
||||||
|
@attr('tagging')
|
||||||
|
@attr('bucket-policy')
|
||||||
|
def test_bucket_policy_put_obj_copy_source_meta():
|
||||||
|
|
||||||
|
bucket_source = _create_keys(keys=['public/foo', 'public/bar'])
|
||||||
|
src_resource = _make_arn_resource("{}/{}".format(bucket_source.name, "*"))
|
||||||
|
# lets make the source objects public for now
|
||||||
|
policy_document = make_json_policy("s3:GetObject",
|
||||||
|
src_resource
|
||||||
|
)
|
||||||
|
|
||||||
|
bucket_source.set_policy(policy_document)
|
||||||
|
|
||||||
|
bucket = get_new_bucket()
|
||||||
|
|
||||||
|
tag_conditional = {"StringEquals": {
|
||||||
|
"s3:x-amz-metadata-directive" : "COPY"
|
||||||
|
}}
|
||||||
|
|
||||||
|
resource = _make_arn_resource("{}/{}".format(bucket.name, "*"))
|
||||||
|
policy_document = make_json_policy("s3:PutObject",
|
||||||
|
resource,
|
||||||
|
conditions=tag_conditional)
|
||||||
|
|
||||||
|
bucket.set_policy(policy_document)
|
||||||
|
|
||||||
|
new_conn = _get_alt_connection()
|
||||||
|
alt_bucket = new_conn.get_bucket(bucket.name, validate=False)
|
||||||
|
key = alt_bucket.copy_key('new_foo', bucket_source.name, 'public/foo', headers={"x-metadata-directive" : "COPY"})
|
||||||
|
# This is possible because we are still the owner, see the grants with
|
||||||
|
# policy on how to do this right
|
||||||
|
eq(key.get_contents_as_string(), 'public/foo')
|
||||||
|
|
||||||
|
check_access_denied(alt_bucket.copy_key, 'new_foo2', bucket_source.name, 'public/bar', metadata={"foo" : "bar"})
|
||||||
|
|
Loading…
Reference in a new issue