From 11bb947a0b93caa8c3fa5d662daad3fa59f71ce4 Mon Sep 17 00:00:00 2001 From: "Javier M. Mellid" Date: Wed, 27 Jan 2016 02:19:20 +0000 Subject: [PATCH] rgw: add X-Amz-Expires test cases Test X-Amz-Expires under AWS4 auth. Signed-off-by: Javier M. Mellid --- s3tests/functional/test_s3.py | 66 +++++++++++++++++++++++++++++++++++ 1 file changed, 66 insertions(+) diff --git a/s3tests/functional/test_s3.py b/s3tests/functional/test_s3.py index 47ab6d6..74b195d 100644 --- a/s3tests/functional/test_s3.py +++ b/s3tests/functional/test_s3.py @@ -86,6 +86,17 @@ def check_grants(got, want): eq(g.type, w.pop('type')) eq(w, {}) +def check_aws4_support(): + if 'S3_USE_SIGV4' not in os.environ: + raise SkipTest + +def tag(*tags): + def wrap(func): + for tag in tags: + setattr(func, tag, True) + return func + return wrap + @attr(resource='bucket') @attr(method='get') @attr(operation='list') @@ -2714,6 +2725,61 @@ def test_object_raw_authenticated_object_gone(): eq(res.reason, 'Not Found') +@tag('auth_aws4') +@attr(resource='object') +@attr(method='get') +@attr(operation='x-amz-expires check not expired') +@attr(assertion='succeeds') +def test_object_raw_get_x_amz_expires_not_expired(): + check_aws4_support() + (bucket, key) = _setup_request('public-read', 'public-read') + + res = _make_request('GET', bucket, key, authenticated=True, expires_in=100000) + eq(res.status, 200) + + +@tag('auth_aws4') +@attr(resource='object') +@attr(method='get') +@attr(operation='check x-amz-expires value out of range zero') +@attr(assertion='fails 403') +def test_object_raw_get_x_amz_expires_out_range_zero(): + check_aws4_support() + (bucket, key) = _setup_request('public-read', 'public-read') + + res = _make_request('GET', bucket, key, authenticated=True, expires_in=0) + eq(res.status, 403) + eq(res.reason, 'Forbidden') + + +@tag('auth_aws4') +@attr(resource='object') +@attr(method='get') +@attr(operation='check x-amz-expires value out of max range') +@attr(assertion='fails 403') +def test_object_raw_get_x_amz_expires_out_max_range(): + check_aws4_support() + (bucket, key) = _setup_request('public-read', 'public-read') + + res = _make_request('GET', bucket, key, authenticated=True, expires_in=604801) + eq(res.status, 403) + eq(res.reason, 'Forbidden') + + +@tag('auth_aws4') +@attr(resource='object') +@attr(method='get') +@attr(operation='check x-amz-expires value out of positive range') +@attr(assertion='succeeds') +def test_object_raw_get_x_amz_expires_out_positive_range(): + check_aws4_support() + (bucket, key) = _setup_request('public-read', 'public-read') + + res = _make_request('GET', bucket, key, authenticated=True, expires_in=-7) + eq(res.status, 403) + eq(res.reason, 'Forbidden') + + @attr(resource='object') @attr(method='put') @attr(operation='unauthenticated, no object acls')