2022-10-27 16:42:05 +00:00
|
|
|
import time
|
|
|
|
from datetime import datetime, timedelta
|
|
|
|
|
|
|
|
import allure
|
|
|
|
import pytest
|
2023-11-29 13:34:59 +00:00
|
|
|
from frostfs_testlib import reporter
|
2023-10-31 14:51:09 +00:00
|
|
|
from frostfs_testlib.s3 import S3ClientWrapper
|
2023-05-15 09:59:33 +00:00
|
|
|
from frostfs_testlib.steps.s3 import s3_helper
|
2023-08-02 11:54:03 +00:00
|
|
|
from frostfs_testlib.storage.dataclasses.object_size import ObjectSize
|
2023-05-15 09:59:33 +00:00
|
|
|
from frostfs_testlib.utils.file_utils import generate_file, generate_file_with_content
|
2022-10-27 16:42:05 +00:00
|
|
|
|
|
|
|
|
2024-06-24 23:27:54 +00:00
|
|
|
@allure.title("[Module] Create bucket with object_lock_enabled_for_bucket")
|
|
|
|
@pytest.fixture(scope="module")
|
|
|
|
def bucket_w_lock(s3_client: S3ClientWrapper):
|
|
|
|
return s3_client.create_bucket(object_lock_enabled_for_bucket=True)
|
|
|
|
|
|
|
|
|
|
|
|
@allure.title("[Module] Create bucket without object_lock_enabled_for_bucket")
|
|
|
|
@pytest.fixture(scope="module")
|
|
|
|
def bucket_no_lock(s3_client: S3ClientWrapper):
|
|
|
|
return s3_client.create_bucket(object_lock_enabled_for_bucket=False)
|
|
|
|
|
|
|
|
|
2022-10-27 16:42:05 +00:00
|
|
|
@pytest.mark.s3_gate
|
2022-11-10 05:27:52 +00:00
|
|
|
@pytest.mark.s3_gate_locking
|
2022-10-27 16:42:05 +00:00
|
|
|
@pytest.mark.parametrize("version_id", [None, "second"])
|
2023-05-15 09:59:33 +00:00
|
|
|
class TestS3GateLocking:
|
2023-10-31 14:51:09 +00:00
|
|
|
@allure.title("Retention period and legal lock on object (version_id={version_id}, s3_client={s3_client})")
|
2024-06-24 23:27:54 +00:00
|
|
|
def test_s3_object_locking(
|
|
|
|
self, s3_client: S3ClientWrapper, bucket_w_lock: str, version_id: str, simple_object_size: ObjectSize
|
|
|
|
):
|
2023-08-02 11:54:03 +00:00
|
|
|
file_path = generate_file(simple_object_size.value)
|
2023-05-15 09:59:33 +00:00
|
|
|
file_name = s3_helper.object_key_from_file_path(file_path)
|
2022-10-27 16:42:05 +00:00
|
|
|
retention_period = 2
|
|
|
|
|
2023-11-29 13:34:59 +00:00
|
|
|
with reporter.step("Put several versions of object into bucket"):
|
2024-06-24 23:27:54 +00:00
|
|
|
s3_client.put_object(bucket_w_lock, file_path)
|
2023-08-02 11:54:03 +00:00
|
|
|
file_name_1 = generate_file_with_content(simple_object_size.value, file_path=file_path)
|
2024-06-24 23:27:54 +00:00
|
|
|
version_id_2 = s3_client.put_object(bucket_w_lock, file_name_1)
|
2022-10-27 16:42:05 +00:00
|
|
|
if version_id:
|
|
|
|
version_id = version_id_2
|
|
|
|
|
2023-11-29 13:34:59 +00:00
|
|
|
with reporter.step(f"Put retention period {retention_period}min to object {file_name}"):
|
2022-10-27 16:42:05 +00:00
|
|
|
date_obj = datetime.utcnow() + timedelta(minutes=retention_period)
|
|
|
|
retention = {
|
|
|
|
"Mode": "COMPLIANCE",
|
|
|
|
"RetainUntilDate": date_obj,
|
|
|
|
}
|
2024-06-24 23:27:54 +00:00
|
|
|
s3_client.put_object_retention(bucket_w_lock, file_name, retention, version_id)
|
|
|
|
s3_helper.assert_object_lock_mode(s3_client, bucket_w_lock, file_name, "COMPLIANCE", date_obj, "OFF")
|
2022-10-27 16:42:05 +00:00
|
|
|
|
2023-11-29 13:34:59 +00:00
|
|
|
with reporter.step(f"Put legal hold to object {file_name}"):
|
2024-06-24 23:27:54 +00:00
|
|
|
s3_client.put_object_legal_hold(bucket_w_lock, file_name, "ON", version_id)
|
|
|
|
s3_helper.assert_object_lock_mode(s3_client, bucket_w_lock, file_name, "COMPLIANCE", date_obj, "ON")
|
2022-10-27 16:42:05 +00:00
|
|
|
|
2023-11-29 13:34:59 +00:00
|
|
|
with reporter.step("Fail with deleting object with legal hold and retention period"):
|
2022-10-27 16:42:05 +00:00
|
|
|
if version_id:
|
|
|
|
with pytest.raises(Exception):
|
|
|
|
# An error occurred (AccessDenied) when calling the DeleteObject operation (reached max retries: 0): Access Denied.
|
2024-06-24 23:27:54 +00:00
|
|
|
s3_client.delete_object(bucket_w_lock, file_name, version_id)
|
2022-10-27 16:42:05 +00:00
|
|
|
|
2023-11-29 13:34:59 +00:00
|
|
|
with reporter.step("Check retention period is no longer set on the uploaded object"):
|
2022-10-27 16:42:05 +00:00
|
|
|
time.sleep((retention_period + 1) * 60)
|
2024-06-24 23:27:54 +00:00
|
|
|
s3_helper.assert_object_lock_mode(s3_client, bucket_w_lock, file_name, "COMPLIANCE", date_obj, "ON")
|
2022-10-27 16:42:05 +00:00
|
|
|
|
2023-11-29 13:34:59 +00:00
|
|
|
with reporter.step("Fail with deleting object with legal hold and retention period"):
|
2022-10-27 16:42:05 +00:00
|
|
|
if version_id:
|
|
|
|
with pytest.raises(Exception):
|
|
|
|
# An error occurred (AccessDenied) when calling the DeleteObject operation (reached max retries: 0): Access Denied.
|
2024-06-24 23:27:54 +00:00
|
|
|
s3_client.delete_object(bucket_w_lock, file_name, version_id)
|
2022-10-27 16:42:05 +00:00
|
|
|
else:
|
2024-06-24 23:27:54 +00:00
|
|
|
s3_client.delete_object(bucket_w_lock, file_name, version_id)
|
2022-10-27 16:42:05 +00:00
|
|
|
|
2023-10-31 14:51:09 +00:00
|
|
|
@allure.title("Impossible to change retention mode COMPLIANCE (version_id={version_id}, s3_client={s3_client})")
|
2024-06-24 23:27:54 +00:00
|
|
|
def test_s3_mode_compliance(
|
|
|
|
self, s3_client: S3ClientWrapper, bucket_w_lock: str, version_id: str, simple_object_size: ObjectSize
|
|
|
|
):
|
2023-08-02 11:54:03 +00:00
|
|
|
file_path = generate_file(simple_object_size.value)
|
2023-05-15 09:59:33 +00:00
|
|
|
file_name = s3_helper.object_key_from_file_path(file_path)
|
2022-10-27 16:42:05 +00:00
|
|
|
retention_period = 2
|
|
|
|
retention_period_1 = 1
|
|
|
|
|
2023-11-29 13:34:59 +00:00
|
|
|
with reporter.step("Put object into bucket"):
|
2024-06-24 23:27:54 +00:00
|
|
|
obj_version = s3_client.put_object(bucket_w_lock, file_path)
|
2022-10-27 16:42:05 +00:00
|
|
|
if version_id:
|
|
|
|
version_id = obj_version
|
|
|
|
|
2023-11-29 13:34:59 +00:00
|
|
|
with reporter.step(f"Put retention period {retention_period}min to object {file_name}"):
|
2022-10-27 16:42:05 +00:00
|
|
|
date_obj = datetime.utcnow() + timedelta(minutes=retention_period)
|
|
|
|
retention = {
|
|
|
|
"Mode": "COMPLIANCE",
|
|
|
|
"RetainUntilDate": date_obj,
|
|
|
|
}
|
2024-06-24 23:27:54 +00:00
|
|
|
s3_client.put_object_retention(bucket_w_lock, file_name, retention, version_id)
|
|
|
|
s3_helper.assert_object_lock_mode(s3_client, bucket_w_lock, file_name, "COMPLIANCE", date_obj, "OFF")
|
2022-10-27 16:42:05 +00:00
|
|
|
|
2023-11-29 13:34:59 +00:00
|
|
|
with reporter.step(f"Try to change retention period {retention_period_1}min to object {file_name}"):
|
2022-10-27 16:42:05 +00:00
|
|
|
date_obj = datetime.utcnow() + timedelta(minutes=retention_period_1)
|
|
|
|
retention = {
|
|
|
|
"Mode": "COMPLIANCE",
|
|
|
|
"RetainUntilDate": date_obj,
|
|
|
|
}
|
|
|
|
with pytest.raises(Exception):
|
2024-06-24 23:27:54 +00:00
|
|
|
s3_client.put_object_retention(bucket_w_lock, file_name, retention, version_id)
|
2022-10-27 16:42:05 +00:00
|
|
|
|
2023-10-31 14:51:09 +00:00
|
|
|
@allure.title("Change retention mode GOVERNANCE (version_id={version_id}, s3_client={s3_client})")
|
2024-06-24 23:27:54 +00:00
|
|
|
def test_s3_mode_governance(
|
|
|
|
self, s3_client: S3ClientWrapper, bucket_w_lock: str, version_id: str, simple_object_size: ObjectSize
|
|
|
|
):
|
2023-08-02 11:54:03 +00:00
|
|
|
file_path = generate_file(simple_object_size.value)
|
2023-05-15 09:59:33 +00:00
|
|
|
file_name = s3_helper.object_key_from_file_path(file_path)
|
2022-10-27 16:42:05 +00:00
|
|
|
retention_period = 3
|
|
|
|
retention_period_1 = 2
|
|
|
|
retention_period_2 = 5
|
|
|
|
|
2023-11-29 13:34:59 +00:00
|
|
|
with reporter.step("Put object into bucket"):
|
2024-06-24 23:27:54 +00:00
|
|
|
obj_version = s3_client.put_object(bucket_w_lock, file_path)
|
2022-10-27 16:42:05 +00:00
|
|
|
if version_id:
|
|
|
|
version_id = obj_version
|
|
|
|
|
2023-11-29 13:34:59 +00:00
|
|
|
with reporter.step(f"Put retention period {retention_period}min to object {file_name}"):
|
2022-10-27 16:42:05 +00:00
|
|
|
date_obj = datetime.utcnow() + timedelta(minutes=retention_period)
|
|
|
|
retention = {
|
|
|
|
"Mode": "GOVERNANCE",
|
|
|
|
"RetainUntilDate": date_obj,
|
|
|
|
}
|
2024-06-24 23:27:54 +00:00
|
|
|
s3_client.put_object_retention(bucket_w_lock, file_name, retention, version_id)
|
|
|
|
s3_helper.assert_object_lock_mode(s3_client, bucket_w_lock, file_name, "GOVERNANCE", date_obj, "OFF")
|
2022-10-27 16:42:05 +00:00
|
|
|
|
2023-11-29 13:34:59 +00:00
|
|
|
with reporter.step(f"Try to change retention period {retention_period_1}min to object {file_name}"):
|
2022-10-27 16:42:05 +00:00
|
|
|
date_obj = datetime.utcnow() + timedelta(minutes=retention_period_1)
|
|
|
|
retention = {
|
|
|
|
"Mode": "GOVERNANCE",
|
|
|
|
"RetainUntilDate": date_obj,
|
|
|
|
}
|
|
|
|
with pytest.raises(Exception):
|
2024-06-24 23:27:54 +00:00
|
|
|
s3_client.put_object_retention(bucket_w_lock, file_name, retention, version_id)
|
2022-10-27 16:42:05 +00:00
|
|
|
|
2023-11-29 13:34:59 +00:00
|
|
|
with reporter.step(f"Try to change retention period {retention_period_1}min to object {file_name}"):
|
2022-10-27 16:42:05 +00:00
|
|
|
date_obj = datetime.utcnow() + timedelta(minutes=retention_period_1)
|
|
|
|
retention = {
|
|
|
|
"Mode": "GOVERNANCE",
|
|
|
|
"RetainUntilDate": date_obj,
|
|
|
|
}
|
|
|
|
with pytest.raises(Exception):
|
2024-06-24 23:27:54 +00:00
|
|
|
s3_client.put_object_retention(bucket_w_lock, file_name, retention, version_id)
|
2022-10-27 16:42:05 +00:00
|
|
|
|
2023-11-29 13:34:59 +00:00
|
|
|
with reporter.step(f"Put new retention period {retention_period_2}min to object {file_name}"):
|
2022-10-27 16:42:05 +00:00
|
|
|
date_obj = datetime.utcnow() + timedelta(minutes=retention_period_2)
|
|
|
|
retention = {
|
|
|
|
"Mode": "GOVERNANCE",
|
|
|
|
"RetainUntilDate": date_obj,
|
|
|
|
}
|
2024-06-24 23:27:54 +00:00
|
|
|
s3_client.put_object_retention(bucket_w_lock, file_name, retention, version_id, True)
|
|
|
|
s3_helper.assert_object_lock_mode(s3_client, bucket_w_lock, file_name, "GOVERNANCE", date_obj, "OFF")
|
2022-10-27 16:42:05 +00:00
|
|
|
|
2023-09-08 10:35:34 +00:00
|
|
|
@allure.title(
|
|
|
|
"[NEGATIVE] Lock object in bucket with disabled locking (version_id={version_id}, s3_client={s3_client})"
|
|
|
|
)
|
2024-06-24 23:27:54 +00:00
|
|
|
def test_s3_legal_hold(
|
|
|
|
self, s3_client: S3ClientWrapper, bucket_no_lock: str, version_id: str, simple_object_size: ObjectSize
|
|
|
|
):
|
2023-08-02 11:54:03 +00:00
|
|
|
file_path = generate_file(simple_object_size.value)
|
2023-05-15 09:59:33 +00:00
|
|
|
file_name = s3_helper.object_key_from_file_path(file_path)
|
2022-10-27 16:42:05 +00:00
|
|
|
|
2023-11-29 13:34:59 +00:00
|
|
|
with reporter.step("Put object into bucket"):
|
2024-06-24 23:27:54 +00:00
|
|
|
obj_version = s3_client.put_object(bucket_no_lock, file_path)
|
2022-10-27 16:42:05 +00:00
|
|
|
if version_id:
|
|
|
|
version_id = obj_version
|
|
|
|
|
2023-11-29 13:34:59 +00:00
|
|
|
with reporter.step(f"Put legal hold to object {file_name}"):
|
2022-10-27 16:42:05 +00:00
|
|
|
with pytest.raises(Exception):
|
2024-06-24 23:27:54 +00:00
|
|
|
s3_client.put_object_legal_hold(bucket_no_lock, file_name, "ON", version_id)
|
2022-10-27 16:42:05 +00:00
|
|
|
|
|
|
|
|
|
|
|
@pytest.mark.s3_gate
|
2023-05-15 09:59:33 +00:00
|
|
|
class TestS3GateLockingBucket:
|
2023-09-08 10:35:34 +00:00
|
|
|
@allure.title("Bucket Lock (s3_client={s3_client})")
|
2024-06-24 23:27:54 +00:00
|
|
|
def test_s3_bucket_lock(self, s3_client: S3ClientWrapper, bucket_w_lock: str, simple_object_size: ObjectSize):
|
2023-08-02 11:54:03 +00:00
|
|
|
file_path = generate_file(simple_object_size.value)
|
2023-05-15 09:59:33 +00:00
|
|
|
file_name = s3_helper.object_key_from_file_path(file_path)
|
2022-10-27 16:42:05 +00:00
|
|
|
configuration = {"Rule": {"DefaultRetention": {"Mode": "COMPLIANCE", "Days": 1}}}
|
|
|
|
|
2023-11-29 13:34:59 +00:00
|
|
|
with reporter.step("PutObjectLockConfiguration with ObjectLockEnabled=False"):
|
2024-06-24 23:27:54 +00:00
|
|
|
s3_client.put_object_lock_configuration(bucket_w_lock, configuration)
|
2022-10-27 16:42:05 +00:00
|
|
|
|
2023-11-29 13:34:59 +00:00
|
|
|
with reporter.step("PutObjectLockConfiguration with ObjectLockEnabled=True"):
|
2022-10-27 16:42:05 +00:00
|
|
|
configuration["ObjectLockEnabled"] = "Enabled"
|
2024-06-24 23:27:54 +00:00
|
|
|
s3_client.put_object_lock_configuration(bucket_w_lock, configuration)
|
2022-10-27 16:42:05 +00:00
|
|
|
|
2023-11-29 13:34:59 +00:00
|
|
|
with reporter.step("GetObjectLockConfiguration"):
|
2024-06-24 23:27:54 +00:00
|
|
|
config = s3_client.get_object_lock_configuration(bucket_w_lock)
|
2022-10-27 16:42:05 +00:00
|
|
|
configuration["Rule"]["DefaultRetention"]["Years"] = 0
|
|
|
|
assert config == configuration, f"Configurations must be equal {configuration}"
|
|
|
|
|
2023-11-29 13:34:59 +00:00
|
|
|
with reporter.step("Put object into bucket"):
|
2024-06-24 23:27:54 +00:00
|
|
|
s3_client.put_object(bucket_w_lock, file_path)
|
|
|
|
s3_helper.assert_object_lock_mode(s3_client, bucket_w_lock, file_name, "COMPLIANCE", None, "OFF", 1)
|