TrueCloudLab/s3-tests
7
0
Fork 1
mirror of https://github.com/ceph/s3-tests.git synced 2024-11-24 19:30:38 +00:00
Code Issues 1 Projects Releases Packages Wiki Activity

refactor and fix some acl_grant tests

Browse source
This commit is contained in:
Stephon Striplin 2011-07-19 10:38:55 -07:00
parent fe749adebf
commit 510b6e91d4
1 changed files with 82 additions and 28 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

110
s3tests/functional/test_s3.py
View file

@ -833,55 +833,109 @@ def _bucket_acl_grant_userid(permission):
return bucket return bucket
def _check_bucket_acl_grant_can_read(bucket):
bucket2 = s3.alt.get_bucket(bucket.name)
def _check_bucket_acl_grant_cant_read(bucket):
check_access_denied(s3.alt.get_bucket, bucket.name)
def _check_bucket_acl_grant_can_readacp(bucket):
bucket2 = s3.alt.get_bucket(bucket.name, validate=False)
bucket2.get_acl()
def _check_bucket_acl_grant_cant_readacp(bucket):
bucket2 = s3.alt.get_bucket(bucket.name, validate=False)
check_access_denied(bucket2.get_acl)
def _check_bucket_acl_grant_can_write(bucket):
bucket2 = s3.alt.get_bucket(bucket.name, validate=False)
key = bucket2.new_key('foo-write')
key.set_contents_from_string('bar')
def _check_bucket_acl_grant_cant_write(bucket):
bucket2 = s3.alt.get_bucket(bucket.name, validate=False)
key = bucket2.new_key('foo-write')
check_access_denied(key.set_contents_from_string, 'bar')
def _check_bucket_acl_grant_can_writeacp(bucket):
bucket2 = s3.alt.get_bucket(bucket.name, validate=False)
bucket2.set_acl('public-read')
def _check_bucket_acl_grant_cant_writeacp(bucket):
bucket2 = s3.alt.get_bucket(bucket.name, validate=False)
check_access_denied(bucket2.set_acl, 'public-read')
def test_bucket_acl_grant_userid_fullcontrol(): def test_bucket_acl_grant_userid_fullcontrol():
bucket = _bucket_acl_grant_userid('FULL_CONTROL') bucket = _bucket_acl_grant_userid('FULL_CONTROL')
# alt user can write # alt user can read
bucket2 = s3.alt.get_bucket(bucket.name) _check_bucket_acl_grant_can_read(bucket)
key = bucket2.new_key('foo') # can read acl
key.set_contents_from_string('bar') _check_bucket_acl_grant_can_readacp(bucket)
# can write
_check_bucket_acl_grant_can_write(bucket)
# can write acl
_check_bucket_acl_grant_can_writeacp(bucket)
def test_bucket_acl_grant_userid_read(): def test_bucket_acl_grant_userid_read():
bucket = _bucket_acl_grant_userid('READ') bucket = _bucket_acl_grant_userid('READ')
# alt user can read but not write # alt user can read
bucket2 = s3.alt.get_bucket(bucket.name) _check_bucket_acl_grant_can_read(bucket)
# can't read acl # can't read acl
check_access_denied(bucket2.get_acl) _check_bucket_acl_grant_cant_readacp(bucket)
# can't write # can't write
key = bucket2.new_key('foo') _check_bucket_acl_grant_cant_write(bucket)
check_access_denied(key.set_contents_from_string, 'bar') # can't write acl
_check_bucket_acl_grant_cant_writeacp(bucket)
def test_bucket_acl_grant_userid_readacp(): def test_bucket_acl_grant_userid_readacp():
bucket = _bucket_acl_grant_userid('READ_ACP') bucket = _bucket_acl_grant_userid('READ_ACP')
# alt user can read the acl # alt user can't read
bucket2 = s3.alt.get_bucket(bucket.name, validate=False) _check_bucket_acl_grant_cant_read(bucket)
bucket2.get_acl() # can read acl
_check_bucket_acl_grant_can_readacp(bucket)
# can't write # can't write
key = bucket2.new_key('foo') _check_bucket_acl_grant_cant_write(bucket)
check_access_denied(key.set_contents_from_string, 'bar') # can't write acp
#_check_bucket_acl_grant_cant_writeacp_can_readacp(bucket)
_check_bucket_acl_grant_cant_writeacp(bucket)
def test_bucket_acl_grant_userid_write(): def test_bucket_acl_grant_userid_write():
bucket = _bucket_acl_grant_userid('WRITE') bucket = _bucket_acl_grant_userid('WRITE')
# alt user shouldn't have read access # alt user can't read
check_access_denied(s3.alt.get_bucket, bucket.name) _check_bucket_acl_grant_cant_read(bucket)
# can't read acl
bucket2 = s3.alt.get_bucket(bucket.name, validate=False) _check_bucket_acl_grant_cant_readacp(bucket)
key = bucket2.new_key('foo')
# can't modify acl
check_access_denied(key.set_acl, 'public-read')
# can write # can write
key.set_contents_from_string('bar') _check_bucket_acl_grant_can_write(bucket)
# can't write acl
_check_bucket_acl_grant_cant_writeacp(bucket)
def test_bucket_acl_grant_userid_writeacp():
bucket = _bucket_acl_grant_userid('WRITE_ACP')
# alt user can't read
_check_bucket_acl_grant_cant_read(bucket)
# can't read acl
_check_bucket_acl_grant_cant_readacp(bucket)
# can't write
_check_bucket_acl_grant_cant_write(bucket)
# can write acl
_check_bucket_acl_grant_can_writeacp(bucket)
@attr('fails_on_dho') @attr('fails_on_dho')