objects locked in GOVERNANCE mode can be removed with
BypassGovernanceRetention, but some tests may leave an object locked in
COMPLIANCE mode, which blocks deletion until the retention period
expires
nuke_prefixed_buckets now checks the retention policy of objects that it
fails to delete with AccessDenied, and will wait up to 60 seconds for
locks to expire before retrying the deletes. if the wait exceeds 60
seconds, it instead throws an error without deleting the bucket
instead of doing this in nuke_prefixed_buckets, we could potentially
have each object-lock test case handle this manually, but that would
add a separate delay to each test case
Signed-off-by: Casey Bodley <cbodley@redhat.com>
(cherry picked from commit 9c4f15a47e)
speed up the cleanup by using delete_objects() with batches of 128
Signed-off-by: Casey Bodley <cbodley@redhat.com>
(cherry picked from commit bb995c2aeb)
Tests are added for GetBucketEncryption, PutBucketEncryption,
and DeleteBucketEncryption APIs.
Related PR: https://github.com/ceph/ceph/pull/42222
Signed-off-by: Rahul Dev Parashar <rahul.dev@flipkart.com>
(cherry picked from commit 44643af0b0)
In the function of nuke_prefixed_buckets, if some err is thrown when deleting buckets, the left buckets remain uncleaned.
It is kind of resoruce leak on some charged platform. We have to clear them manually.
I know the original code is meant to give the user some hint by rasing error. But the resource leak of left buckets is a little annoying.
This PR would skip the problem point and continue the teardown process. The last client error would be saved and re-raised after the loop completes.
Signed-off-by: Pei <huangp0600@126.com>
Signed-off-by: Pei <phuang1@dev-new-3-3854897.slc07.dev.ebayc3.com>
(cherry picked from commit 713012c178)
Signed-off-by: Kalpesh Pandya <kapandya@redhat.com>
Few main changes/additions:
1. Webidentity test addition to test_sts.py.
2. A function named check_webidentity() added to __init__.py in order to check for section presence.
3. Few lines shifted from setup() to get_iam_client() to make them execute only when sts-tests run.
4. Documentation update (for sts section)
5. Changes in s3tests.conf.SAMPLE regarding sts sections
This is the fix for the issue reported (https://tracker.ceph.com/issues/47588). The issue was with the argument which was passed to the function. After removing that argument (as it's already an optional argument) the issue is fixed.
Signed-off-by: Kalpesh Pandya <kapandya@redhat.com>
(cherry picked from commit daf9062a22)
Create 10 object versions (9 noncurrent). Install a noncurrent
version expiration at 4 days. Verify that 10 versions exist at
T+20, and only 1 (current) at T+60.
Signed-off-by: Matt Benjamin <mbenjamin@redhat.com>
By design this test duplicates test_lifecycle_expiration_tags2,
but enables object versioning on the bucket.
The tests install a rule which requires -2- tags to be matched,
and creates 2 objects, one matching only 1 of the required tags,
the other matching both. Only the 2nd object should expire.
Signed-off-by: Matt Benjamin <mbenjamin@redhat.com>
Note that the 1-tag case contains a filter prefix--which exposes
an apparent bug parsing Filter when it contains a Prefix element
and a single Tag element (without And).
Signed-off-by: Matt Benjamin <mbenjamin@redhat.com>
In fact test_lifecycle_expiration_days0 is should fail, as 0-day
expiration is permitted for transition rules but not expiration
rules.
Signed-off-by: Matt Benjamin <mbenjamin@redhat.com>
Primarily fixes the expiration header() verifier function
check_lifecycle_expiration_header, but also cleans up
prefix handling in setup_lifecycle_expiration().
Signed-off-by: Matt Benjamin <mbenjamin@redhat.com>
1. fix a python3-related KeyError exception
2. note here: AWS documentation includes examples of "Days 0"
in use, but boto3 will not accept them--this is why the days0
test currently sets Days 1
3. delay increased to 30s, to avoid occasional failures due to
jitter
Signed-off-by: Matt Benjamin <mbenjamin@redhat.com>
Commit bf956df71e adding
listobvjectsv2 tests inadvertently changed the v1
test_lifecycle_expiration test, which it had copied to
create a v2 version. Revert this.
Signed-off-by: Matt Benjamin <mbenjamin@redhat.com>
This should be a temporary workaround until #42208 is fixed
Signed-off-by: Abhishek Lekshmanan <abhishek@suse.com>
(cherry picked from commit d02c1819f6)
Add fails_on_rgw to tests not passing. Some
tests from the master branch do not pass on the
rgw yet. Others waiting on rgw tracker issues to
be resolved.
Signed-off-by: Ali Maredia <amaredia@redhat.com>
As per amazon s3 spec -
https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-s3-bucket-naming-requirements.html
The s3 bucket names should not contain upper case letters or underscore.
Name cannot end with dash or have consecutive periods, or dashes adjacent to periods
Name length shouldn't exceed 63 characters.
These rules are being enforced via
- https://github.com/ceph/ceph/pull/26787
This patch is to update the respective testcases as well.
Note: check_invalid_bucket_name() seems to have been broken. It should
try to create bucket using invalid name. Have addressed it in this
patch. Because of this few testcases (which were incorrectly passing
earlier) are failing in validate_bucket_name. Have marked them
'fails_on_rgw' as done for test_bucket_create_naming_bad_punctuation
Signed-off-by: Soumya Koduri <skoduri@redhat.com>
if a bucket delete request times out, the retry will likely get a 404
NoSuchBucket response. ignore that error and treat this as a success
Signed-off-by: Casey Bodley <cbodley@redhat.com>
The assumption that there may be only one rule per prefix has
been removed. The rules specifically tested here--without tag
filters--do overlap but are not in conflict.
I am proposing to remove altogether rather than writing new
deconfliction logic.
Signed-off-by: Matt Benjamin <mbenjamin@redhat.com>
The response to a successful PUT or HEAD (or GET) of/on
an object matching any enabled lifecycle expiration rule should
include an x-amz-expiration header for the object. The
x-amz-expiration header consists of an expiry-date, rule-id tuple
indicating the earliest matching rule and the corresponding
expiration date for the object.
Also, while at it, add test for lifecycle expiration rule with
'Days' : 0, which should both apply and...work.
Signed-off-by: Matt Benjamin <mbenjamin@redhat.com>
Added sample config file for boto3 and vstart.sh
Modified setup.py, requirements.txt, and README
Added an rgw_interactive.py to use interactively
with vstart.sh and python -i
Ported 400+ tests over to boto3 from functional/test_s3.py
Signed-off-by: Ali Maredia <amaredia@redhat.com>