forked from TrueCloudLab/s3-tests
4cf38b4138
Fixes: https://tracker.ceph.com/issues/55193 Signed-off-by: Casey Bodley <cbodley@redhat.com>
779 lines
26 KiB
Python
779 lines
26 KiB
Python
import boto3
|
|
from nose.tools import eq_ as eq
|
|
from nose.plugins.attrib import attr
|
|
import nose
|
|
from botocore.exceptions import ClientError
|
|
from email.utils import formatdate
|
|
|
|
from .utils import assert_raises
|
|
from .utils import _get_status_and_error_code
|
|
from .utils import _get_status
|
|
|
|
from . import (
|
|
get_client,
|
|
get_v2_client,
|
|
get_new_bucket,
|
|
get_new_bucket_name,
|
|
)
|
|
|
|
def _add_header_create_object(headers, client=None):
|
|
""" Create a new bucket, add an object w/header customizations
|
|
"""
|
|
bucket_name = get_new_bucket()
|
|
if client == None:
|
|
client = get_client()
|
|
key_name = 'foo'
|
|
|
|
# pass in custom headers before PutObject call
|
|
add_headers = (lambda **kwargs: kwargs['params']['headers'].update(headers))
|
|
client.meta.events.register('before-call.s3.PutObject', add_headers)
|
|
client.put_object(Bucket=bucket_name, Key=key_name)
|
|
|
|
return bucket_name, key_name
|
|
|
|
|
|
def _add_header_create_bad_object(headers, client=None):
|
|
""" Create a new bucket, add an object with a header. This should cause a failure
|
|
"""
|
|
bucket_name = get_new_bucket()
|
|
if client == None:
|
|
client = get_client()
|
|
key_name = 'foo'
|
|
|
|
# pass in custom headers before PutObject call
|
|
add_headers = (lambda **kwargs: kwargs['params']['headers'].update(headers))
|
|
client.meta.events.register('before-call.s3.PutObject', add_headers)
|
|
e = assert_raises(ClientError, client.put_object, Bucket=bucket_name, Key=key_name, Body='bar')
|
|
|
|
return e
|
|
|
|
|
|
def _remove_header_create_object(remove, client=None):
|
|
""" Create a new bucket, add an object without a header
|
|
"""
|
|
bucket_name = get_new_bucket()
|
|
if client == None:
|
|
client = get_client()
|
|
key_name = 'foo'
|
|
|
|
# remove custom headers before PutObject call
|
|
def remove_header(**kwargs):
|
|
if (remove in kwargs['params']['headers']):
|
|
del kwargs['params']['headers'][remove]
|
|
|
|
client.meta.events.register('before-call.s3.PutObject', remove_header)
|
|
client.put_object(Bucket=bucket_name, Key=key_name)
|
|
|
|
return bucket_name, key_name
|
|
|
|
def _remove_header_create_bad_object(remove, client=None):
|
|
""" Create a new bucket, add an object without a header. This should cause a failure
|
|
"""
|
|
bucket_name = get_new_bucket()
|
|
if client == None:
|
|
client = get_client()
|
|
key_name = 'foo'
|
|
|
|
# remove custom headers before PutObject call
|
|
def remove_header(**kwargs):
|
|
if (remove in kwargs['params']['headers']):
|
|
del kwargs['params']['headers'][remove]
|
|
|
|
client.meta.events.register('before-call.s3.PutObject', remove_header)
|
|
e = assert_raises(ClientError, client.put_object, Bucket=bucket_name, Key=key_name, Body='bar')
|
|
|
|
return e
|
|
|
|
|
|
def _add_header_create_bucket(headers, client=None):
|
|
""" Create a new bucket, w/header customizations
|
|
"""
|
|
bucket_name = get_new_bucket_name()
|
|
if client == None:
|
|
client = get_client()
|
|
|
|
# pass in custom headers before PutObject call
|
|
add_headers = (lambda **kwargs: kwargs['params']['headers'].update(headers))
|
|
client.meta.events.register('before-call.s3.CreateBucket', add_headers)
|
|
client.create_bucket(Bucket=bucket_name)
|
|
|
|
return bucket_name
|
|
|
|
|
|
def _add_header_create_bad_bucket(headers=None, client=None):
|
|
""" Create a new bucket, w/header customizations that should cause a failure
|
|
"""
|
|
bucket_name = get_new_bucket_name()
|
|
if client == None:
|
|
client = get_client()
|
|
|
|
# pass in custom headers before PutObject call
|
|
add_headers = (lambda **kwargs: kwargs['params']['headers'].update(headers))
|
|
client.meta.events.register('before-call.s3.CreateBucket', add_headers)
|
|
e = assert_raises(ClientError, client.create_bucket, Bucket=bucket_name)
|
|
|
|
return e
|
|
|
|
|
|
def _remove_header_create_bucket(remove, client=None):
|
|
""" Create a new bucket, without a header
|
|
"""
|
|
bucket_name = get_new_bucket_name()
|
|
if client == None:
|
|
client = get_client()
|
|
|
|
# remove custom headers before PutObject call
|
|
def remove_header(**kwargs):
|
|
if (remove in kwargs['params']['headers']):
|
|
del kwargs['params']['headers'][remove]
|
|
|
|
client.meta.events.register('before-call.s3.CreateBucket', remove_header)
|
|
client.create_bucket(Bucket=bucket_name)
|
|
|
|
return bucket_name
|
|
|
|
def _remove_header_create_bad_bucket(remove, client=None):
|
|
""" Create a new bucket, without a header. This should cause a failure
|
|
"""
|
|
bucket_name = get_new_bucket_name()
|
|
if client == None:
|
|
client = get_client()
|
|
|
|
# remove custom headers before PutObject call
|
|
def remove_header(**kwargs):
|
|
if (remove in kwargs['params']['headers']):
|
|
del kwargs['params']['headers'][remove]
|
|
|
|
client.meta.events.register('before-call.s3.CreateBucket', remove_header)
|
|
e = assert_raises(ClientError, client.create_bucket, Bucket=bucket_name)
|
|
|
|
return e
|
|
|
|
def tag(*tags):
|
|
def wrap(func):
|
|
for tag in tags:
|
|
setattr(func, tag, True)
|
|
return func
|
|
return wrap
|
|
|
|
#
|
|
# common tests
|
|
#
|
|
|
|
@tag('auth_common')
|
|
@attr(resource='object')
|
|
@attr(method='put')
|
|
@attr(operation='create w/invalid MD5')
|
|
@attr(assertion='fails 400')
|
|
def test_object_create_bad_md5_invalid_short():
|
|
e = _add_header_create_bad_object({'Content-MD5':'YWJyYWNhZGFicmE='})
|
|
status, error_code = _get_status_and_error_code(e.response)
|
|
eq(status, 400)
|
|
eq(error_code, 'InvalidDigest')
|
|
|
|
@tag('auth_common')
|
|
@attr(resource='object')
|
|
@attr(method='put')
|
|
@attr(operation='create w/mismatched MD5')
|
|
@attr(assertion='fails 400')
|
|
def test_object_create_bad_md5_bad():
|
|
e = _add_header_create_bad_object({'Content-MD5':'rL0Y20xC+Fzt72VPzMSk2A=='})
|
|
status, error_code = _get_status_and_error_code(e.response)
|
|
eq(status, 400)
|
|
eq(error_code, 'BadDigest')
|
|
|
|
@tag('auth_common')
|
|
@attr(resource='object')
|
|
@attr(method='put')
|
|
@attr(operation='create w/empty MD5')
|
|
@attr(assertion='fails 400')
|
|
def test_object_create_bad_md5_empty():
|
|
e = _add_header_create_bad_object({'Content-MD5':''})
|
|
status, error_code = _get_status_and_error_code(e.response)
|
|
eq(status, 400)
|
|
eq(error_code, 'InvalidDigest')
|
|
|
|
@tag('auth_common')
|
|
@attr(resource='object')
|
|
@attr(method='put')
|
|
@attr(operation='create w/no MD5 header')
|
|
@attr(assertion='succeeds')
|
|
def test_object_create_bad_md5_none():
|
|
bucket_name, key_name = _remove_header_create_object('Content-MD5')
|
|
client = get_client()
|
|
client.put_object(Bucket=bucket_name, Key=key_name, Body='bar')
|
|
|
|
@tag('auth_common')
|
|
@attr(resource='object')
|
|
@attr(method='put')
|
|
@attr(operation='create w/Expect 200')
|
|
@attr(assertion='garbage, but S3 succeeds!')
|
|
def test_object_create_bad_expect_mismatch():
|
|
bucket_name, key_name = _add_header_create_object({'Expect': 200})
|
|
client = get_client()
|
|
client.put_object(Bucket=bucket_name, Key=key_name, Body='bar')
|
|
|
|
@tag('auth_common')
|
|
@attr(resource='object')
|
|
@attr(method='put')
|
|
@attr(operation='create w/empty expect')
|
|
@attr(assertion='succeeds ... should it?')
|
|
def test_object_create_bad_expect_empty():
|
|
bucket_name, key_name = _add_header_create_object({'Expect': ''})
|
|
client = get_client()
|
|
client.put_object(Bucket=bucket_name, Key=key_name, Body='bar')
|
|
|
|
@tag('auth_common')
|
|
@attr(resource='object')
|
|
@attr(method='put')
|
|
@attr(operation='create w/no expect')
|
|
@attr(assertion='succeeds')
|
|
def test_object_create_bad_expect_none():
|
|
bucket_name, key_name = _remove_header_create_object('Expect')
|
|
client = get_client()
|
|
client.put_object(Bucket=bucket_name, Key=key_name, Body='bar')
|
|
|
|
@tag('auth_common')
|
|
@attr(resource='object')
|
|
@attr(method='put')
|
|
@attr(operation='create w/empty content length')
|
|
@attr(assertion='fails 400')
|
|
# TODO: remove 'fails_on_rgw' and once we have learned how to remove the content-length header
|
|
@attr('fails_on_rgw')
|
|
def test_object_create_bad_contentlength_empty():
|
|
e = _add_header_create_bad_object({'Content-Length':''})
|
|
status, error_code = _get_status_and_error_code(e.response)
|
|
eq(status, 400)
|
|
|
|
@tag('auth_common')
|
|
@attr(resource='object')
|
|
@attr(method='put')
|
|
@attr(operation='create w/negative content length')
|
|
@attr(assertion='fails 400')
|
|
@attr('fails_on_mod_proxy_fcgi')
|
|
def test_object_create_bad_contentlength_negative():
|
|
client = get_client()
|
|
bucket_name = get_new_bucket()
|
|
key_name = 'foo'
|
|
e = assert_raises(ClientError, client.put_object, Bucket=bucket_name, Key=key_name, ContentLength=-1)
|
|
status = _get_status(e.response)
|
|
eq(status, 400)
|
|
|
|
@tag('auth_common')
|
|
@attr(resource='object')
|
|
@attr(method='put')
|
|
@attr(operation='create w/no content length')
|
|
@attr(assertion='fails 411')
|
|
# TODO: remove 'fails_on_rgw' and once we have learned how to remove the content-length header
|
|
@attr('fails_on_rgw')
|
|
def test_object_create_bad_contentlength_none():
|
|
remove = 'Content-Length'
|
|
e = _remove_header_create_bad_object('Content-Length')
|
|
status, error_code = _get_status_and_error_code(e.response)
|
|
eq(status, 411)
|
|
eq(error_code, 'MissingContentLength')
|
|
|
|
@tag('auth_common')
|
|
@attr(resource='object')
|
|
@attr(method='put')
|
|
@attr(operation='create w/content type text/plain')
|
|
@attr(assertion='succeeds')
|
|
def test_object_create_bad_contenttype_invalid():
|
|
bucket_name, key_name = _add_header_create_object({'Content-Type': 'text/plain'})
|
|
client = get_client()
|
|
client.put_object(Bucket=bucket_name, Key=key_name, Body='bar')
|
|
|
|
@tag('auth_common')
|
|
@attr(resource='object')
|
|
@attr(method='put')
|
|
@attr(operation='create w/empty content type')
|
|
@attr(assertion='succeeds')
|
|
def test_object_create_bad_contenttype_empty():
|
|
client = get_client()
|
|
key_name = 'foo'
|
|
bucket_name = get_new_bucket()
|
|
client.put_object(Bucket=bucket_name, Key=key_name, Body='bar', ContentType='')
|
|
|
|
@tag('auth_common')
|
|
@attr(resource='object')
|
|
@attr(method='put')
|
|
@attr(operation='create w/no content type')
|
|
@attr(assertion='succeeds')
|
|
def test_object_create_bad_contenttype_none():
|
|
bucket_name = get_new_bucket()
|
|
key_name = 'foo'
|
|
client = get_client()
|
|
# as long as ContentType isn't specified in put_object it isn't going into the request
|
|
client.put_object(Bucket=bucket_name, Key=key_name, Body='bar')
|
|
|
|
|
|
@tag('auth_common')
|
|
@attr(resource='object')
|
|
@attr(method='put')
|
|
@attr(operation='create w/empty authorization')
|
|
@attr(assertion='fails 403')
|
|
# TODO: remove 'fails_on_rgw' and once we have learned how to remove the authorization header
|
|
@attr('fails_on_rgw')
|
|
def test_object_create_bad_authorization_empty():
|
|
e = _add_header_create_bad_object({'Authorization': ''})
|
|
status, error_code = _get_status_and_error_code(e.response)
|
|
eq(status, 403)
|
|
|
|
@tag('auth_common')
|
|
@attr(resource='object')
|
|
@attr(method='put')
|
|
@attr(operation='create w/date and x-amz-date')
|
|
@attr(assertion='succeeds')
|
|
# TODO: remove 'fails_on_rgw' and once we have learned how to pass both the 'Date' and 'X-Amz-Date' header during signing and not 'X-Amz-Date' before
|
|
@attr('fails_on_rgw')
|
|
def test_object_create_date_and_amz_date():
|
|
date = formatdate(usegmt=True)
|
|
bucket_name, key_name = _add_header_create_object({'Date': date, 'X-Amz-Date': date})
|
|
client = get_client()
|
|
client.put_object(Bucket=bucket_name, Key=key_name, Body='bar')
|
|
|
|
@tag('auth_common')
|
|
@attr(resource='object')
|
|
@attr(method='put')
|
|
@attr(operation='create w/x-amz-date and no date')
|
|
@attr(assertion='succeeds')
|
|
# TODO: remove 'fails_on_rgw' and once we have learned how to pass both the 'Date' and 'X-Amz-Date' header during signing and not 'X-Amz-Date' before
|
|
@attr('fails_on_rgw')
|
|
def test_object_create_amz_date_and_no_date():
|
|
date = formatdate(usegmt=True)
|
|
bucket_name, key_name = _add_header_create_object({'Date': '', 'X-Amz-Date': date})
|
|
client = get_client()
|
|
client.put_object(Bucket=bucket_name, Key=key_name, Body='bar')
|
|
|
|
# the teardown is really messed up here. check it out
|
|
@tag('auth_common')
|
|
@attr(resource='object')
|
|
@attr(method='put')
|
|
@attr(operation='create w/no authorization')
|
|
@attr(assertion='fails 403')
|
|
# TODO: remove 'fails_on_rgw' and once we have learned how to remove the authorization header
|
|
@attr('fails_on_rgw')
|
|
def test_object_create_bad_authorization_none():
|
|
e = _remove_header_create_bad_object('Authorization')
|
|
status, error_code = _get_status_and_error_code(e.response)
|
|
eq(status, 403)
|
|
|
|
@tag('auth_common')
|
|
@attr(resource='bucket')
|
|
@attr(method='put')
|
|
@attr(operation='create w/no content length')
|
|
@attr(assertion='succeeds')
|
|
# TODO: remove 'fails_on_rgw' and once we have learned how to remove the content-length header
|
|
@attr('fails_on_rgw')
|
|
def test_bucket_create_contentlength_none():
|
|
remove = 'Content-Length'
|
|
_remove_header_create_bucket(remove)
|
|
|
|
@tag('auth_common')
|
|
@attr(resource='bucket')
|
|
@attr(method='acls')
|
|
@attr(operation='set w/no content length')
|
|
@attr(assertion='succeeds')
|
|
# TODO: remove 'fails_on_rgw' and once we have learned how to remove the content-length header
|
|
@attr('fails_on_rgw')
|
|
def test_object_acl_create_contentlength_none():
|
|
bucket_name = get_new_bucket()
|
|
client = get_client()
|
|
client.put_object(Bucket=bucket_name, Key='foo', Body='bar')
|
|
|
|
remove = 'Content-Length'
|
|
def remove_header(**kwargs):
|
|
if (remove in kwargs['params']['headers']):
|
|
del kwargs['params']['headers'][remove]
|
|
|
|
client.meta.events.register('before-call.s3.PutObjectAcl', remove_header)
|
|
client.put_object_acl(Bucket=bucket_name, Key='foo', ACL='public-read')
|
|
|
|
@tag('auth_common')
|
|
@attr(resource='bucket')
|
|
@attr(method='acls')
|
|
@attr(operation='set w/invalid permission')
|
|
@attr(assertion='fails 400')
|
|
def test_bucket_put_bad_canned_acl():
|
|
bucket_name = get_new_bucket()
|
|
client = get_client()
|
|
|
|
headers = {'x-amz-acl': 'public-ready'}
|
|
add_headers = (lambda **kwargs: kwargs['params']['headers'].update(headers))
|
|
client.meta.events.register('before-call.s3.PutBucketAcl', add_headers)
|
|
|
|
e = assert_raises(ClientError, client.put_bucket_acl, Bucket=bucket_name, ACL='public-read')
|
|
status = _get_status(e.response)
|
|
eq(status, 400)
|
|
|
|
@tag('auth_common')
|
|
@attr(resource='bucket')
|
|
@attr(method='put')
|
|
@attr(operation='create w/expect 200')
|
|
@attr(assertion='garbage, but S3 succeeds!')
|
|
def test_bucket_create_bad_expect_mismatch():
|
|
bucket_name = get_new_bucket_name()
|
|
client = get_client()
|
|
|
|
headers = {'Expect': 200}
|
|
add_headers = (lambda **kwargs: kwargs['params']['headers'].update(headers))
|
|
client.meta.events.register('before-call.s3.CreateBucket', add_headers)
|
|
client.create_bucket(Bucket=bucket_name)
|
|
|
|
@tag('auth_common')
|
|
@attr(resource='bucket')
|
|
@attr(method='put')
|
|
@attr(operation='create w/expect empty')
|
|
@attr(assertion='garbage, but S3 succeeds!')
|
|
def test_bucket_create_bad_expect_empty():
|
|
headers = {'Expect': ''}
|
|
_add_header_create_bucket(headers)
|
|
|
|
@tag('auth_common')
|
|
@attr(resource='bucket')
|
|
@attr(method='put')
|
|
@attr(operation='create w/empty content length')
|
|
@attr(assertion='fails 400')
|
|
# TODO: The request isn't even making it to the RGW past the frontend
|
|
# This test had 'fails_on_rgw' before the move to boto3
|
|
@attr('fails_on_rgw')
|
|
def test_bucket_create_bad_contentlength_empty():
|
|
headers = {'Content-Length': ''}
|
|
e = _add_header_create_bad_bucket(headers)
|
|
status, error_code = _get_status_and_error_code(e.response)
|
|
eq(status, 400)
|
|
|
|
@tag('auth_common')
|
|
@attr(resource='bucket')
|
|
@attr(method='put')
|
|
@attr(operation='create w/negative content length')
|
|
@attr(assertion='fails 400')
|
|
@attr('fails_on_mod_proxy_fcgi')
|
|
def test_bucket_create_bad_contentlength_negative():
|
|
headers = {'Content-Length': '-1'}
|
|
e = _add_header_create_bad_bucket(headers)
|
|
status = _get_status(e.response)
|
|
eq(status, 400)
|
|
|
|
@tag('auth_common')
|
|
@attr(resource='bucket')
|
|
@attr(method='put')
|
|
@attr(operation='create w/no content length')
|
|
@attr(assertion='succeeds')
|
|
# TODO: remove 'fails_on_rgw' and once we have learned how to remove the content-length header
|
|
@attr('fails_on_rgw')
|
|
def test_bucket_create_bad_contentlength_none():
|
|
remove = 'Content-Length'
|
|
_remove_header_create_bucket(remove)
|
|
|
|
@tag('auth_common')
|
|
@attr(resource='bucket')
|
|
@attr(method='put')
|
|
@attr(operation='create w/empty authorization')
|
|
@attr(assertion='fails 403')
|
|
# TODO: remove 'fails_on_rgw' and once we have learned how to manipulate the authorization header
|
|
@attr('fails_on_rgw')
|
|
def test_bucket_create_bad_authorization_empty():
|
|
headers = {'Authorization': ''}
|
|
e = _add_header_create_bad_bucket(headers)
|
|
status, error_code = _get_status_and_error_code(e.response)
|
|
eq(status, 403)
|
|
eq(error_code, 'AccessDenied')
|
|
|
|
@tag('auth_common')
|
|
@attr(resource='bucket')
|
|
@attr(method='put')
|
|
@attr(operation='create w/no authorization')
|
|
@attr(assertion='fails 403')
|
|
# TODO: remove 'fails_on_rgw' and once we have learned how to manipulate the authorization header
|
|
@attr('fails_on_rgw')
|
|
def test_bucket_create_bad_authorization_none():
|
|
e = _remove_header_create_bad_bucket('Authorization')
|
|
status, error_code = _get_status_and_error_code(e.response)
|
|
eq(status, 403)
|
|
eq(error_code, 'AccessDenied')
|
|
|
|
@tag('auth_aws2')
|
|
@attr(resource='object')
|
|
@attr(method='put')
|
|
@attr(operation='create w/invalid MD5')
|
|
@attr(assertion='fails 400')
|
|
@attr('fails_on_dbstore')
|
|
def test_object_create_bad_md5_invalid_garbage_aws2():
|
|
v2_client = get_v2_client()
|
|
headers = {'Content-MD5': 'AWS HAHAHA'}
|
|
e = _add_header_create_bad_object(headers, v2_client)
|
|
status, error_code = _get_status_and_error_code(e.response)
|
|
eq(status, 400)
|
|
eq(error_code, 'InvalidDigest')
|
|
|
|
@tag('auth_aws2')
|
|
@attr(resource='object')
|
|
@attr(method='put')
|
|
@attr(operation='create w/content length too short')
|
|
@attr(assertion='fails 400')
|
|
# TODO: remove 'fails_on_rgw' and once we have learned how to manipulate the Content-Length header
|
|
@attr('fails_on_rgw')
|
|
def test_object_create_bad_contentlength_mismatch_below_aws2():
|
|
v2_client = get_v2_client()
|
|
content = 'bar'
|
|
length = len(content) - 1
|
|
headers = {'Content-Length': str(length)}
|
|
e = _add_header_create_bad_object(headers, v2_client)
|
|
status, error_code = _get_status_and_error_code(e.response)
|
|
eq(status, 400)
|
|
eq(error_code, 'BadDigest')
|
|
|
|
@tag('auth_aws2')
|
|
@attr(resource='object')
|
|
@attr(method='put')
|
|
@attr(operation='create w/incorrect authorization')
|
|
@attr(assertion='fails 403')
|
|
# TODO: remove 'fails_on_rgw' and once we have learned how to manipulate the authorization header
|
|
@attr('fails_on_rgw')
|
|
def test_object_create_bad_authorization_incorrect_aws2():
|
|
v2_client = get_v2_client()
|
|
headers = {'Authorization': 'AWS AKIAIGR7ZNNBHC5BKSUB:FWeDfwojDSdS2Ztmpfeubhd9isU='}
|
|
e = _add_header_create_bad_object(headers, v2_client)
|
|
status, error_code = _get_status_and_error_code(e.response)
|
|
eq(status, 403)
|
|
eq(error_code, 'InvalidDigest')
|
|
|
|
@tag('auth_aws2')
|
|
@attr(resource='object')
|
|
@attr(method='put')
|
|
@attr(operation='create w/invalid authorization')
|
|
@attr(assertion='fails 400')
|
|
# TODO: remove 'fails_on_rgw' and once we have learned how to manipulate the authorization header
|
|
@attr('fails_on_rgw')
|
|
def test_object_create_bad_authorization_invalid_aws2():
|
|
v2_client = get_v2_client()
|
|
headers = {'Authorization': 'AWS HAHAHA'}
|
|
e = _add_header_create_bad_object(headers, v2_client)
|
|
status, error_code = _get_status_and_error_code(e.response)
|
|
eq(status, 400)
|
|
eq(error_code, 'InvalidArgument')
|
|
|
|
@tag('auth_aws2')
|
|
@attr(resource='object')
|
|
@attr(method='put')
|
|
@attr(operation='create w/empty user agent')
|
|
@attr(assertion='succeeds')
|
|
@attr('fails_on_dbstore')
|
|
def test_object_create_bad_ua_empty_aws2():
|
|
v2_client = get_v2_client()
|
|
headers = {'User-Agent': ''}
|
|
bucket_name, key_name = _add_header_create_object(headers, v2_client)
|
|
v2_client.put_object(Bucket=bucket_name, Key=key_name, Body='bar')
|
|
|
|
@tag('auth_aws2')
|
|
@attr(resource='object')
|
|
@attr(method='put')
|
|
@attr(operation='create w/no user agent')
|
|
@attr(assertion='succeeds')
|
|
@attr('fails_on_dbstore')
|
|
def test_object_create_bad_ua_none_aws2():
|
|
v2_client = get_v2_client()
|
|
remove = 'User-Agent'
|
|
bucket_name, key_name = _remove_header_create_object(remove, v2_client)
|
|
v2_client.put_object(Bucket=bucket_name, Key=key_name, Body='bar')
|
|
|
|
@tag('auth_aws2')
|
|
@attr(resource='object')
|
|
@attr(method='put')
|
|
@attr(operation='create w/invalid date')
|
|
@attr(assertion='fails 403')
|
|
@attr('fails_on_dbstore')
|
|
def test_object_create_bad_date_invalid_aws2():
|
|
v2_client = get_v2_client()
|
|
headers = {'x-amz-date': 'Bad Date'}
|
|
e = _add_header_create_bad_object(headers, v2_client)
|
|
status, error_code = _get_status_and_error_code(e.response)
|
|
eq(status, 403)
|
|
eq(error_code, 'AccessDenied')
|
|
|
|
@tag('auth_aws2')
|
|
@attr(resource='object')
|
|
@attr(method='put')
|
|
@attr(operation='create w/empty date')
|
|
@attr(assertion='fails 403')
|
|
@attr('fails_on_dbstore')
|
|
def test_object_create_bad_date_empty_aws2():
|
|
v2_client = get_v2_client()
|
|
headers = {'x-amz-date': ''}
|
|
e = _add_header_create_bad_object(headers, v2_client)
|
|
status, error_code = _get_status_and_error_code(e.response)
|
|
eq(status, 403)
|
|
eq(error_code, 'AccessDenied')
|
|
|
|
@tag('auth_aws2')
|
|
@attr(resource='object')
|
|
@attr(method='put')
|
|
@attr(operation='create w/no date')
|
|
@attr(assertion='fails 403')
|
|
# TODO: remove 'fails_on_rgw' and once we have learned how to remove the date header
|
|
@attr('fails_on_rgw')
|
|
def test_object_create_bad_date_none_aws2():
|
|
v2_client = get_v2_client()
|
|
remove = 'x-amz-date'
|
|
e = _remove_header_create_bad_object(remove, v2_client)
|
|
status, error_code = _get_status_and_error_code(e.response)
|
|
eq(status, 403)
|
|
eq(error_code, 'AccessDenied')
|
|
|
|
@tag('auth_aws2')
|
|
@attr(resource='object')
|
|
@attr(method='put')
|
|
@attr(operation='create w/date in past')
|
|
@attr(assertion='fails 403')
|
|
@attr('fails_on_dbstore')
|
|
def test_object_create_bad_date_before_today_aws2():
|
|
v2_client = get_v2_client()
|
|
headers = {'x-amz-date': 'Tue, 07 Jul 2010 21:53:04 GMT'}
|
|
e = _add_header_create_bad_object(headers, v2_client)
|
|
status, error_code = _get_status_and_error_code(e.response)
|
|
eq(status, 403)
|
|
eq(error_code, 'RequestTimeTooSkewed')
|
|
|
|
@tag('auth_aws2')
|
|
@attr(resource='object')
|
|
@attr(method='put')
|
|
@attr(operation='create w/date before epoch')
|
|
@attr(assertion='fails 403')
|
|
@attr('fails_on_dbstore')
|
|
def test_object_create_bad_date_before_epoch_aws2():
|
|
v2_client = get_v2_client()
|
|
headers = {'x-amz-date': 'Tue, 07 Jul 1950 21:53:04 GMT'}
|
|
e = _add_header_create_bad_object(headers, v2_client)
|
|
status, error_code = _get_status_and_error_code(e.response)
|
|
eq(status, 403)
|
|
eq(error_code, 'AccessDenied')
|
|
|
|
@tag('auth_aws2')
|
|
@attr(resource='object')
|
|
@attr(method='put')
|
|
@attr(operation='create w/date after 9999')
|
|
@attr(assertion='fails 403')
|
|
@attr('fails_on_dbstore')
|
|
def test_object_create_bad_date_after_end_aws2():
|
|
v2_client = get_v2_client()
|
|
headers = {'x-amz-date': 'Tue, 07 Jul 9999 21:53:04 GMT'}
|
|
e = _add_header_create_bad_object(headers, v2_client)
|
|
status, error_code = _get_status_and_error_code(e.response)
|
|
eq(status, 403)
|
|
eq(error_code, 'RequestTimeTooSkewed')
|
|
|
|
@tag('auth_aws2')
|
|
@attr(resource='bucket')
|
|
@attr(method='put')
|
|
@attr(operation='create w/invalid authorization')
|
|
@attr(assertion='fails 400')
|
|
# TODO: remove 'fails_on_rgw' and once we have learned how to remove the date header
|
|
@attr('fails_on_rgw')
|
|
def test_bucket_create_bad_authorization_invalid_aws2():
|
|
v2_client = get_v2_client()
|
|
headers = {'Authorization': 'AWS HAHAHA'}
|
|
e = _add_header_create_bad_bucket(headers, v2_client)
|
|
status, error_code = _get_status_and_error_code(e.response)
|
|
eq(status, 400)
|
|
eq(error_code, 'InvalidArgument')
|
|
|
|
@tag('auth_aws2')
|
|
@attr(resource='bucket')
|
|
@attr(method='put')
|
|
@attr(operation='create w/empty user agent')
|
|
@attr(assertion='succeeds')
|
|
def test_bucket_create_bad_ua_empty_aws2():
|
|
v2_client = get_v2_client()
|
|
headers = {'User-Agent': ''}
|
|
_add_header_create_bucket(headers, v2_client)
|
|
|
|
@tag('auth_aws2')
|
|
@attr(resource='bucket')
|
|
@attr(method='put')
|
|
@attr(operation='create w/no user agent')
|
|
@attr(assertion='succeeds')
|
|
def test_bucket_create_bad_ua_none_aws2():
|
|
v2_client = get_v2_client()
|
|
remove = 'User-Agent'
|
|
_remove_header_create_bucket(remove, v2_client)
|
|
|
|
@tag('auth_aws2')
|
|
@attr(resource='bucket')
|
|
@attr(method='put')
|
|
@attr(operation='create w/invalid date')
|
|
@attr(assertion='fails 403')
|
|
def test_bucket_create_bad_date_invalid_aws2():
|
|
v2_client = get_v2_client()
|
|
headers = {'x-amz-date': 'Bad Date'}
|
|
e = _add_header_create_bad_bucket(headers, v2_client)
|
|
status, error_code = _get_status_and_error_code(e.response)
|
|
eq(status, 403)
|
|
eq(error_code, 'AccessDenied')
|
|
|
|
@tag('auth_aws2')
|
|
@attr(resource='bucket')
|
|
@attr(method='put')
|
|
@attr(operation='create w/empty date')
|
|
@attr(assertion='fails 403')
|
|
def test_bucket_create_bad_date_empty_aws2():
|
|
v2_client = get_v2_client()
|
|
headers = {'x-amz-date': ''}
|
|
e = _add_header_create_bad_bucket(headers, v2_client)
|
|
status, error_code = _get_status_and_error_code(e.response)
|
|
eq(status, 403)
|
|
eq(error_code, 'AccessDenied')
|
|
|
|
@tag('auth_aws2')
|
|
@attr(resource='bucket')
|
|
@attr(method='put')
|
|
@attr(operation='create w/no date')
|
|
@attr(assertion='fails 403')
|
|
# TODO: remove 'fails_on_rgw' and once we have learned how to remove the date header
|
|
@attr('fails_on_rgw')
|
|
def test_bucket_create_bad_date_none_aws2():
|
|
v2_client = get_v2_client()
|
|
remove = 'x-amz-date'
|
|
e = _remove_header_create_bad_bucket(remove, v2_client)
|
|
status, error_code = _get_status_and_error_code(e.response)
|
|
eq(status, 403)
|
|
eq(error_code, 'AccessDenied')
|
|
|
|
@tag('auth_aws2')
|
|
@attr(resource='bucket')
|
|
@attr(method='put')
|
|
@attr(operation='create w/date in past')
|
|
@attr(assertion='fails 403')
|
|
def test_bucket_create_bad_date_before_today_aws2():
|
|
v2_client = get_v2_client()
|
|
headers = {'x-amz-date': 'Tue, 07 Jul 2010 21:53:04 GMT'}
|
|
e = _add_header_create_bad_bucket(headers, v2_client)
|
|
status, error_code = _get_status_and_error_code(e.response)
|
|
eq(status, 403)
|
|
eq(error_code, 'RequestTimeTooSkewed')
|
|
|
|
@tag('auth_aws2')
|
|
@attr(resource='bucket')
|
|
@attr(method='put')
|
|
@attr(operation='create w/date in future')
|
|
@attr(assertion='fails 403')
|
|
def test_bucket_create_bad_date_after_today_aws2():
|
|
v2_client = get_v2_client()
|
|
headers = {'x-amz-date': 'Tue, 07 Jul 2030 21:53:04 GMT'}
|
|
e = _add_header_create_bad_bucket(headers, v2_client)
|
|
status, error_code = _get_status_and_error_code(e.response)
|
|
eq(status, 403)
|
|
eq(error_code, 'RequestTimeTooSkewed')
|
|
|
|
@tag('auth_aws2')
|
|
@attr(resource='bucket')
|
|
@attr(method='put')
|
|
@attr(operation='create w/date before epoch')
|
|
@attr(assertion='fails 403')
|
|
def test_bucket_create_bad_date_before_epoch_aws2():
|
|
v2_client = get_v2_client()
|
|
headers = {'x-amz-date': 'Tue, 07 Jul 1950 21:53:04 GMT'}
|
|
e = _add_header_create_bad_bucket(headers, v2_client)
|
|
status, error_code = _get_status_and_error_code(e.response)
|
|
eq(status, 403)
|
|
eq(error_code, 'AccessDenied')
|