test the [iam alt root] user's access to buckets owned by [iam root]
using various policy principals and acl grantees
Signed-off-by: Casey Bodley <cbodley@redhat.com>
(cherry picked from commit ba292fbf59)
adds test cases for the following iam actions:
* PutRolePolicy
* GetRolePolicy
* DeleteRolePolicy
* ListRolePolicies
verified to pass against aws when an account root user's credentials are
provided in the [iam] section of s3tests.conf
Signed-off-by: Casey Bodley <cbodley@redhat.com>
(cherry picked from commit cefea0fd26)
adds test cases for the following iam actions:
* CreateRole
* GetRole
* ListRoles
* DeleteRole
* UpdateRole
verified to pass against aws when an account root user's credentials are
provided in the [iam] section of s3tests.conf
Signed-off-by: Casey Bodley <cbodley@redhat.com>
(cherry picked from commit d4ada317e1)
adds test cases for the following iam actions:
* PutUserPolicy
* GetUserPolicy
* DeleteUserPolicy
* ListUserPolicies
verified to pass against aws when an account root user's credentials are
provided in the [iam] section of s3tests.conf
Signed-off-by: Casey Bodley <cbodley@redhat.com>
(cherry picked from commit 364f29d087)
adds test cases for the following iam actions:
* CreateAccessKey
* UpdateAccessKey
* DeleteAccessKey
* ListAccessKeys
verified to pass against aws when an account root user's credentials are
provided in the [iam] section of s3tests.conf
Signed-off-by: Casey Bodley <cbodley@redhat.com>
(cherry picked from commit db76dfe791)
adds test cases for the following iam actions:
* CreateUser
* GetUser
* UpdateUser
* DeleteUser
* ListUsers
verified to pass against aws when an account root user's credentials are
provided in the [iam] section of s3tests.conf
Signed-off-by: Casey Bodley <cbodley@redhat.com>
(cherry picked from commit d8becad96a)
differentiate the test cases that expect a tenant-wide IAM api from new
ones that expect an account-wide api
Signed-off-by: Casey Bodley <cbodley@redhat.com>
(cherry picked from commit a35b3c609a)
Add tests for the new ObjectSizeGreaterThan and
ObjectSizeLessThan lifecycle operators.
Signed-off-by: Matt Benjamin <mbenjamin@redhat.com>
(cherry picked from commit f752d6b6d8)
This verifies the new NewerNoncurrentVersions lifecycle filter
operator.
Signed-off-by: Matt Benjamin <mbenjamin@redhat.com>
(cherry picked from commit a5aa59df04)
Make sure 403 is returned when access is denied via s3:GetBucketPublicAccessBlock action on GetBucketPublicAccessBlock
Refs: https://github.com/ceph/ceph/pull/55652
Signed-off-by: Seena Fallah <seenafallah@gmail.com>
(cherry picked from commit 3af42312bf)
Make sure NoSuchPublicAccessBlockConfiguration is returned when no public block is configured on bucket:
Refs: https://github.com/ceph/ceph/pull/55652
Signed-off-by: Seena Fallah <seenafallah@gmail.com>
(cherry picked from commit 3056e6d039)
This improves the testing for presigned URLs for
both get_object and put_object when using
generate_presigned_url().
It covers the case where you pass for example
a x-amz-acl (ACL in params for generated_presigned_url)
header that should be signed.
Tests the regression in [1].
[1] https://tracker.ceph.com/issues/64308
Signed-off-by: Tobias Urdin <tobias.urdin@binero.se>
(cherry picked from commit 055451f666)
when the local timezone is not UTC and if it is a day behind,
lifecycle_header tests fails with 2 days not equal to 1
so replacing datetime.now() with datetime.utcnow()
Signed-off-by: Ali Maredia <amaredia@redhat.com>
(cherry picked from commit 4744808eda)
https://tracker.ceph.com/issues/63537 reported that large dates (with
year after 2107) got truncated when written. test with a later date, and
check that get_object_retention() gives back the date we put
Signed-off-by: Casey Bodley <cbodley@redhat.com>
(cherry picked from commit 40182ce26f)
some boto2 storage class tests are failing because the list returned by
configured_storage_classes() included an empty string
the boto3 version had an extra line that removes empty values; copy that
for boto2
Signed-off-by: Casey Bodley <cbodley@redhat.com>
the storage class tests were failing on comparisons between the input
data and output data:
AssertionError: assert 'oFbdZvtRj' == b'oFbdZvtRj'
convert the byte representation back to string for comparison
Signed-off-by: Casey Bodley <cbodley@redhat.com>
Object mtime should not change for any attr changes unless
its a copy operation. Verify the same using PutObjectACL op.
Signed-off-by: Soumya Koduri <skoduri@redhat.com>
(cherry picked from commit 10f3f7620d)
stop using head_bucket() to fetch these response headers, and use
list_objects_v2() instead to count objects and sizes
Fixes: #315
Signed-off-by: Casey Bodley <cbodley@redhat.com>
(cherry picked from commit 188b392131)
This is to avoid a get_object call for every range check as the object size will
not change during this duration and we'd most likely already know the object
sizes beforehand
Signed-off-by: Abhishek Lekshmanan <abhishek@suse.com>
(cherry picked from commit 741f2cbc9e)
Tests that concurrent multi-object delete requests which specify
the same versioned object instances return successful object
responses within response body.
relates to: https://tracker.ceph.com/issues/56646
Signed-off-by: Cory Snyder <csnyder@iland.com>
(cherry picked from commit e18ea7fac4)
alignment of some of the test routines upon removing the XML tags(<Payload><Records><Payload>) from the s3select results. (Json s3tests #506)
Signed-off-by: galsalomon66 <gal.salomon@gmail.com>
Before the RGW fix PR was responding with 411 instead of 200
RGW fix PR: https://github.com/ceph/ceph/pull/50235
Signed-off-by: Mark Kogan <mkogan@redhat.com>
(cherry picked from commit 13a9bfc00a)
when the tests were converted from boto2, they were rewritten as loops
over client.delete_object(). switch back to multi-delete
Signed-off-by: Casey Bodley <cbodley@redhat.com>
(cherry picked from commit 787dc6bd43)
Few checks were incorrectly mapped when switched to 'assert'. This
commit fixes the same.
Signed-off-by: Soumya Koduri <skoduri@redhat.com>
(cherry picked from commit 29b0e27e49)
Mark testcase "test_lifecycle_expiration_header_and_tags_head" as
fails_on_dbstore
Signed-off-by: Soumya Koduri <skoduri@redhat.com>
(cherry picked from commit d976f47d74)
- Fix tox.ini syntax
Modern tox versions require the expected environment variables to be
listed one by one on separate lines in tox.ini
- Add `venv` to list of ignored names for git
This is a common name for a local Python virtual environment. Less
typing than `virtualenv`
- Add `tox` to requirements.txt
Installing `tox` via `pip` has the advantage of including it in the
virtual environment, thus avoiding trouble on operating systems shipping
by default with python3.6 or older. It's also nice that `pip install -r
requirements.txt` is now sufficient to set up the testing environment,
after initializing the virtual environment with a moder-enough python
version.
Signed-off-by: Moritz Röhrich <moritz.rohrich@suse.com>
(cherry picked from commit 3a0f1f0ead)
