This adds tests for get_object presigned URLs
using signature v2.
Also code formatting.
Signed-off-by: Tobias Urdin <tobias.urdin@binero.com>
(cherry picked from commit ac71900ffb)
the before-call hook url-encodes the ':' part of tenanted bucket names
to resolve SignatureDoesNotMatch errors
removed the list-v2 version of the test since it isn't relevant to
bucket policy test coverage
add a new test case that creates the bucket under the tenanted user,
then uses the main client to access it
Signed-off-by: Casey Bodley <cbodley@redhat.com>
(cherry picked from commit 2e41494293)
test_multipart_get_part() tests 'normal' multipart uploads. add a new
test case for a multipart upload with a single part to tests the fix
for https://tracker.ceph.com/issues/66705
Signed-off-by: Casey Bodley <cbodley@redhat.com>
(cherry picked from commit bebdfd1ba7)
this tests a two-megabyte binary upload with validated
(awscli-computed) SHA256 checksum, and also verifies failure when
a bad checksum is provided
Signed-off-by: Matt Benjamin <mbenjamin@redhat.com>
(cherry picked from commit 95df503ced)
tests a full multipart upload cycle with 3 unique parts, which
verifies composite checksum computation and the logic to propagate
parts_count to ComleteMultipart
Signed-off-by: Matt Benjamin <mbenjamin@redhat.com>
(cherry picked from commit 9577cde013)
As described in https://tracker.ceph.com/issues/65746, retrying complete-multipart
after having attempted to complete the same upload with a bad checksum argument
fails with an internal error.
The status code is 500, but I'm unsure if it can be retried again, or whether
the upload can be aborted later.
Signed-off-by: Matt Benjamin <mbenjamin@redhat.com>
(cherry picked from commit a3dbac7115)
TestName:
s3tests_boto3.functional.test_s3:test_buckets_list_ctime
Problem:
The test creates 5 buckets for a user but in an assertion check,
it asserts false if any bucket of the user has CreationTime less
than a day prior to current time.
Due to this reason the test fails if the user has pre-existing
buckets older than a day.
Solution:
Assert only on the CreationTime of buckets that were created with
test execution.
Signed-off-by: Sumedh A. Kulkarni <sumedh.a.kulkarni@seagate.com>
Co-developed-by: Bob Ham <bham12@bloomberg.net>
Signed-off-by: Bob Ham <bham12@bloomberg.net>
(cherry picked from commit e9c5cc29e9)
test the [iam alt root] user's access to buckets owned by [iam root]
using various policy principals and acl grantees
Signed-off-by: Casey Bodley <cbodley@redhat.com>
(cherry picked from commit ba292fbf59)
adds test cases for the following iam actions:
* PutRolePolicy
* GetRolePolicy
* DeleteRolePolicy
* ListRolePolicies
verified to pass against aws when an account root user's credentials are
provided in the [iam] section of s3tests.conf
Signed-off-by: Casey Bodley <cbodley@redhat.com>
(cherry picked from commit cefea0fd26)
adds test cases for the following iam actions:
* CreateRole
* GetRole
* ListRoles
* DeleteRole
* UpdateRole
verified to pass against aws when an account root user's credentials are
provided in the [iam] section of s3tests.conf
Signed-off-by: Casey Bodley <cbodley@redhat.com>
(cherry picked from commit d4ada317e1)
adds test cases for the following iam actions:
* PutUserPolicy
* GetUserPolicy
* DeleteUserPolicy
* ListUserPolicies
verified to pass against aws when an account root user's credentials are
provided in the [iam] section of s3tests.conf
Signed-off-by: Casey Bodley <cbodley@redhat.com>
(cherry picked from commit 364f29d087)
adds test cases for the following iam actions:
* CreateAccessKey
* UpdateAccessKey
* DeleteAccessKey
* ListAccessKeys
verified to pass against aws when an account root user's credentials are
provided in the [iam] section of s3tests.conf
Signed-off-by: Casey Bodley <cbodley@redhat.com>
(cherry picked from commit db76dfe791)
adds test cases for the following iam actions:
* CreateUser
* GetUser
* UpdateUser
* DeleteUser
* ListUsers
verified to pass against aws when an account root user's credentials are
provided in the [iam] section of s3tests.conf
Signed-off-by: Casey Bodley <cbodley@redhat.com>
(cherry picked from commit d8becad96a)
differentiate the test cases that expect a tenant-wide IAM api from new
ones that expect an account-wide api
Signed-off-by: Casey Bodley <cbodley@redhat.com>
(cherry picked from commit a35b3c609a)
Add tests for the new ObjectSizeGreaterThan and
ObjectSizeLessThan lifecycle operators.
Signed-off-by: Matt Benjamin <mbenjamin@redhat.com>
(cherry picked from commit f752d6b6d8)
This verifies the new NewerNoncurrentVersions lifecycle filter
operator.
Signed-off-by: Matt Benjamin <mbenjamin@redhat.com>
(cherry picked from commit a5aa59df04)
Make sure 403 is returned when access is denied via s3:GetBucketPublicAccessBlock action on GetBucketPublicAccessBlock
Refs: https://github.com/ceph/ceph/pull/55652
Signed-off-by: Seena Fallah <seenafallah@gmail.com>
(cherry picked from commit 3af42312bf)
Make sure NoSuchPublicAccessBlockConfiguration is returned when no public block is configured on bucket:
Refs: https://github.com/ceph/ceph/pull/55652
Signed-off-by: Seena Fallah <seenafallah@gmail.com>
(cherry picked from commit 3056e6d039)
This improves the testing for presigned URLs for
both get_object and put_object when using
generate_presigned_url().
It covers the case where you pass for example
a x-amz-acl (ACL in params for generated_presigned_url)
header that should be signed.
Tests the regression in [1].
[1] https://tracker.ceph.com/issues/64308
Signed-off-by: Tobias Urdin <tobias.urdin@binero.se>
(cherry picked from commit 055451f666)
when the local timezone is not UTC and if it is a day behind,
lifecycle_header tests fails with 2 days not equal to 1
so replacing datetime.now() with datetime.utcnow()
Signed-off-by: Ali Maredia <amaredia@redhat.com>
(cherry picked from commit 4744808eda)
https://tracker.ceph.com/issues/63537 reported that large dates (with
year after 2107) got truncated when written. test with a later date, and
check that get_object_retention() gives back the date we put
Signed-off-by: Casey Bodley <cbodley@redhat.com>
(cherry picked from commit 40182ce26f)
some boto2 storage class tests are failing because the list returned by
configured_storage_classes() included an empty string
the boto3 version had an extra line that removes empty values; copy that
for boto2
Signed-off-by: Casey Bodley <cbodley@redhat.com>
the storage class tests were failing on comparisons between the input
data and output data:
AssertionError: assert 'oFbdZvtRj' == b'oFbdZvtRj'
convert the byte representation back to string for comparison
Signed-off-by: Casey Bodley <cbodley@redhat.com>
Object mtime should not change for any attr changes unless
its a copy operation. Verify the same using PutObjectACL op.
Signed-off-by: Soumya Koduri <skoduri@redhat.com>
(cherry picked from commit 10f3f7620d)
stop using head_bucket() to fetch these response headers, and use
list_objects_v2() instead to count objects and sizes
Fixes: #315
Signed-off-by: Casey Bodley <cbodley@redhat.com>
(cherry picked from commit 188b392131)
This is to avoid a get_object call for every range check as the object size will
not change during this duration and we'd most likely already know the object
sizes beforehand
Signed-off-by: Abhishek Lekshmanan <abhishek@suse.com>
(cherry picked from commit 741f2cbc9e)
Tests that concurrent multi-object delete requests which specify
the same versioned object instances return successful object
responses within response body.
relates to: https://tracker.ceph.com/issues/56646
Signed-off-by: Cory Snyder <csnyder@iland.com>
(cherry picked from commit e18ea7fac4)
alignment of some of the test routines upon removing the XML tags(<Payload><Records><Payload>) from the s3select results. (Json s3tests #506)
Signed-off-by: galsalomon66 <gal.salomon@gmail.com>
Before the RGW fix PR was responding with 411 instead of 200
RGW fix PR: https://github.com/ceph/ceph/pull/50235
Signed-off-by: Mark Kogan <mkogan@redhat.com>
(cherry picked from commit 13a9bfc00a)
when the tests were converted from boto2, they were rewritten as loops
over client.delete_object(). switch back to multi-delete
Signed-off-by: Casey Bodley <cbodley@redhat.com>
(cherry picked from commit 787dc6bd43)
Few checks were incorrectly mapped when switched to 'assert'. This
commit fixes the same.
Signed-off-by: Soumya Koduri <skoduri@redhat.com>
(cherry picked from commit 29b0e27e49)
Mark testcase "test_lifecycle_expiration_header_and_tags_head" as
fails_on_dbstore
Signed-off-by: Soumya Koduri <skoduri@redhat.com>
(cherry picked from commit d976f47d74)
- Fix tox.ini syntax
Modern tox versions require the expected environment variables to be
listed one by one on separate lines in tox.ini
- Add `venv` to list of ignored names for git
This is a common name for a local Python virtual environment. Less
typing than `virtualenv`
- Add `tox` to requirements.txt
Installing `tox` via `pip` has the advantage of including it in the
virtual environment, thus avoiding trouble on operating systems shipping
by default with python3.6 or older. It's also nice that `pip install -r
requirements.txt` is now sufficient to set up the testing environment,
after initializing the virtual environment with a moder-enough python
version.
Signed-off-by: Moritz Röhrich <moritz.rohrich@suse.com>
(cherry picked from commit 3a0f1f0ead)
also, give more accurate instruction on how to run the tests
Signed-off-by: Yuval Lifshitz <ylifshit@redhat.com>
(cherry picked from commit 3437cda73d)
`ERR_TOO_SMALL` is wrongly returned if all of the following are true,
- the get_data returns multiple items (chunks)
- the length of the last item is smaller than the POST Policy's min
value for content-length-range.
The check should be `(ofs < min_len)` instead of `(len < min_len)`
This is further confirmed by the next line of `s->obj_size = ofs`
Move the `int len` scope inside loop to try and prevent the bug in
future.
The bug was refactored in 2016, but was introduced in Oct 2012, when
this functionality was first added to RGW in commit 7bb3504d3f0974e9863f536e9af0ce8889d6888f.
Reference: 933a42f9af/src/rgw/rgw_op.cc (L4474-L4513)
Reference: 7bb3504d3f
Signed-off-by: Robin H. Johnson <rjohnson@digitalocean.com>
(cherry picked from commit 5914eb2005)
this has been failing consistently in local testing. test_sts.py has
lots of user policy test coverage, so this test case in test_s3.py is
superfluous
Fixes: https://tracker.ceph.com/issues/58365
Signed-off-by: Casey Bodley <cbodley@redhat.com>
(cherry picked from commit 18a41ab63f)
i don't think any of our CopyObj test cases were large enough to have
tail objects, so weren't exercising our tail object ref counting
strategy
Signed-off-by: Casey Bodley <cbodley@redhat.com>
(cherry picked from commit defb8eb977)
Tag/Untag testcases failing on dbstore as per latest run against main
Signed-off-by: Soumya Koduri <skoduri@redhat.com>
(cherry picked from commit a8ee732732)
case.
Updated test_set_bucket_tagging test for verifying the http status code
for DeleteBucketTagging case.
Related CEPH PR: https://github.com/ceph/ceph/pull/47262
Signed-off-by: Shriya Deshmukh <shriya.deshmukh@seagate.com>
(cherry picked from commit c8fc8cd7c8)
Tag User policy tests failing on dbstore as 'fails_on_dbstore'
Signed-off-by: Soumya Koduri <skoduri@redhat.com>
(cherry picked from commit 5d63ebf83d)
original tests by Priya Sehgal <priya.sehgal@flipkart.com>:
rgw/s3_boto3: Tests added for SSE-S3 (GET, PUT, HEAD, MPU).
Additions by Casey Bodley <cbodley@redhat.com>:
add 'sse-s3' tag to test cases
sse: add _put_bucket_encryption() helper function
sse: document test cases with default bucket encryption
sse: expects encryption response header on put/get
sse: add 8MB default-encrypted upload
sse: test uploads that request x-amz-server-side-encryption=AES256
Lastly all my changes (Marcus Watts <mwatts@redhat.com>):
remove obsolete test - do it only in boto3 now.
Combine or rename duplicated function names.
Giving more than one test the same name is a Bad Thing(tm).
sse: expand test_bucket_policy_put_obj_enc, and _put_bucket_encryption
test_bucket_policy_put_obj_enc was testing too many things at once.
new tests:
* customer encryption and sse-s3: should fail
* customer encryption and sse-kms: should fail
* deny if not sse-s3: no-enc fails, sse-s3 succeeds.
* deny if not sse-s3: kms fails
deny if not sse-ksm: no-enc fails, sse-kms succeeds.
deny if not sse-ksm: s3 fails
_put_bucket_encryption was only testing sse-s3.
* test both these variations: sse-s3 and sse-kms
Note:
* these tests will fail on pre-sse-s3 ceph.
python3: comment out all boto3.set_stream_logger() calls
They made too much output.
Signed-off-by: Marcus Watts <mwatts@redhat.com>
(cherry picked from commit dd7cac25f5)
To be able to successfully run s3tests on dbstore backend in teuthology,
mark all the s3-tests currently failing on it with 'fails_on_dbstore' attr
Signed-off-by: Soumya Koduri <skoduri@redhat.com>
This solves: https://tracker.ceph.com/issues/53090
The solution is: We need to delete the role_policy and
user_policy attached user which was causing the failure.
Signed-off-by: Kalpesh Pandya <kapandya@redhat.com>
skip output-serial test. the results from both queries are not equal, thus it raise an assert. the problem seems to be the formatting before the comparision
remove test_output_serial_expressions until fixing the test
experiment pyarrow for parquet testing, adding arrow/parquet to bootstrap, installing pyarrow,pandas for reading/writing parquet
Signed-off-by: gal salomon <gal.salomon@gmail.com>
new test case test_list_multipart_upload_owner() uses two different
users to initiate multipart uploads, then tests that
list_multipart_uploads() shows the correct user ids and display names
for each upload
Signed-off-by: Casey Bodley <cbodley@redhat.com>
(cherry picked from commit 490d0a4c4f)
condition element of the role's trust policy and the role's
permission policy.
Signed-off-by: Pritha Srivastava <prsrivas@redhat.com>
(cherry picked from commit bf43a4a10a)
Run: S3TEST_CONF=your.conf ./virtualenv/bin/nosetests s3tests.functional.test_s3:test_bucket_list_empty
But get an error: "ERROR: Failure: ValueError (No such test test_bucket_list_empty)".
Because test_bucket_list_empty is a test case in s3tests_boto3 directory.
Signed-off-by: Liu Lan <liulan_yewu@cmss.chinamobile.com>
(cherry picked from commit 9ac8aef12b)
objects locked in GOVERNANCE mode can be removed with
BypassGovernanceRetention, but some tests may leave an object locked in
COMPLIANCE mode, which blocks deletion until the retention period
expires
nuke_prefixed_buckets now checks the retention policy of objects that it
fails to delete with AccessDenied, and will wait up to 60 seconds for
locks to expire before retrying the deletes. if the wait exceeds 60
seconds, it instead throws an error without deleting the bucket
instead of doing this in nuke_prefixed_buckets, we could potentially
have each object-lock test case handle this manually, but that would
add a separate delay to each test case
Signed-off-by: Casey Bodley <cbodley@redhat.com>
(cherry picked from commit 9c4f15a47e)
speed up the cleanup by using delete_objects() with batches of 128
Signed-off-by: Casey Bodley <cbodley@redhat.com>
(cherry picked from commit bb995c2aeb)
Tests are added for GetBucketEncryption, PutBucketEncryption,
and DeleteBucketEncryption APIs.
Related PR: https://github.com/ceph/ceph/pull/42222
Signed-off-by: Rahul Dev Parashar <rahul.dev@flipkart.com>
(cherry picked from commit 44643af0b0)
In the function of nuke_prefixed_buckets, if some err is thrown when deleting buckets, the left buckets remain uncleaned.
It is kind of resoruce leak on some charged platform. We have to clear them manually.
I know the original code is meant to give the user some hint by rasing error. But the resource leak of left buckets is a little annoying.
This PR would skip the problem point and continue the teardown process. The last client error would be saved and re-raised after the loop completes.
Signed-off-by: Pei <huangp0600@126.com>
Signed-off-by: Pei <phuang1@dev-new-3-3854897.slc07.dev.ebayc3.com>
(cherry picked from commit 713012c178)
Signed-off-by: Kalpesh Pandya <kapandya@redhat.com>
Few main changes/additions:
1. Webidentity test addition to test_sts.py.
2. A function named check_webidentity() added to __init__.py in order to check for section presence.
3. Few lines shifted from setup() to get_iam_client() to make them execute only when sts-tests run.
4. Documentation update (for sts section)
5. Changes in s3tests.conf.SAMPLE regarding sts sections
This is the fix for the issue reported (https://tracker.ceph.com/issues/47588). The issue was with the argument which was passed to the function. After removing that argument (as it's already an optional argument) the issue is fixed.
Signed-off-by: Kalpesh Pandya <kapandya@redhat.com>
(cherry picked from commit daf9062a22)
Create 10 object versions (9 noncurrent). Install a noncurrent
version expiration at 4 days. Verify that 10 versions exist at
T+20, and only 1 (current) at T+60.
Signed-off-by: Matt Benjamin <mbenjamin@redhat.com>
By design this test duplicates test_lifecycle_expiration_tags2,
but enables object versioning on the bucket.
The tests install a rule which requires -2- tags to be matched,
and creates 2 objects, one matching only 1 of the required tags,
the other matching both. Only the 2nd object should expire.
Signed-off-by: Matt Benjamin <mbenjamin@redhat.com>
Note that the 1-tag case contains a filter prefix--which exposes
an apparent bug parsing Filter when it contains a Prefix element
and a single Tag element (without And).
Signed-off-by: Matt Benjamin <mbenjamin@redhat.com>
In fact test_lifecycle_expiration_days0 is should fail, as 0-day
expiration is permitted for transition rules but not expiration
rules.
Signed-off-by: Matt Benjamin <mbenjamin@redhat.com>
Primarily fixes the expiration header() verifier function
check_lifecycle_expiration_header, but also cleans up
prefix handling in setup_lifecycle_expiration().
Signed-off-by: Matt Benjamin <mbenjamin@redhat.com>
1. fix a python3-related KeyError exception
2. note here: AWS documentation includes examples of "Days 0"
in use, but boto3 will not accept them--this is why the days0
test currently sets Days 1
3. delay increased to 30s, to avoid occasional failures due to
jitter
Signed-off-by: Matt Benjamin <mbenjamin@redhat.com>
Commit bf956df71e adding
listobvjectsv2 tests inadvertently changed the v1
test_lifecycle_expiration test, which it had copied to
create a v2 version. Revert this.
Signed-off-by: Matt Benjamin <mbenjamin@redhat.com>
this fails on Ubuntu 20.04:
> virtualenv: error: unrecognized arguments: --no-site-packages --distribute
according to `virtualenv -h`:
> --no-site-packages DEPRECATED. Retained only for backward compatibility.
> Not having access to global site-packages is now the
> default behavior.
> --distribute DEPRECATED. Retained only for backward compatibility.
> This option has no effect.
Signed-off-by: Casey Bodley <cbodley@redhat.com>
(cherry picked from commit a0c15c80ad)
This should be a temporary workaround until #42208 is fixed
Signed-off-by: Abhishek Lekshmanan <abhishek@suse.com>
(cherry picked from commit d02c1819f6)
