From 445d0808268547f0b6a478713e27f6607f2de43c Mon Sep 17 00:00:00 2001 From: iternity-dotcom <79988904+iternity-dotcom@users.noreply.github.com> Date: Tue, 20 Apr 2021 18:39:29 +0200 Subject: [PATCH] Mint - Add AWS SDK Go versioning tests (#12096) * Add aws-sdk-go tests (/mint/build/versioning): extend testLockingRetentionGovernance * Add aws-sdk-go tests (/mint/build/versioning): extend testLockingLegalhold Co-authored-by: Andre Bruch Signed-off-by: Harshavardhana --- mint/build/versioning/legalhold.go | 144 +++++++++++++++++++++++++++++ mint/build/versioning/retention.go | 28 ++++++ 2 files changed, 172 insertions(+) diff --git a/mint/build/versioning/legalhold.go b/mint/build/versioning/legalhold.go index dfa677abb..cf765ee3b 100644 --- a/mint/build/versioning/legalhold.go +++ b/mint/build/versioning/legalhold.go @@ -26,6 +26,8 @@ import ( "time" "github.com/aws/aws-sdk-go/aws" + "github.com/aws/aws-sdk-go/aws/credentials" + "github.com/aws/aws-sdk-go/aws/session" "github.com/aws/aws-sdk-go/service/s3" ) @@ -119,6 +121,22 @@ func testLockingLegalhold() { } } + for i := range uploads { + if uploads[i].deleteMarker || uploads[i].legalhold == "OFF" { + continue + } + input := &s3.GetObjectLegalHoldInput{ + Bucket: aws.String(bucket), + Key: aws.String(object), + VersionId: aws.String(uploads[i].versionId), + } + _, err := s3Client.GetObjectLegalHold(input) + if err != nil { + failureLog(function, args, startTime, "", fmt.Sprintf("GetObjectLegalHold expected to succeed but got %v", err), err).Fatal() + return + } + } + for i := range uploads { if uploads[i].deleteMarker || uploads[i].legalhold == "OFF" { continue @@ -136,5 +154,131 @@ func testLockingLegalhold() { } } + // Error cases + + // object-handlers.go > GetObjectLegalHoldHandler > getObjectInfo + for i := range uploads { + if uploads[i].legalhold == "" || uploads[i].legalhold == "OFF" { + input := &s3.GetObjectLegalHoldInput{ + Bucket: aws.String(bucket), + Key: aws.String(object), + VersionId: aws.String(uploads[i].versionId), + } + // legalhold = "off" => The specified version does not exist. + // legalhold = "" => The specified method is not allowed against this resource. + _, err := s3Client.GetObjectLegalHold(input) + if err == nil { + failureLog(function, args, startTime, "", fmt.Sprintf("GetObjectLegalHold expected to fail but got %v", err), err).Fatal() + return + } + } + } + + // Second client + creds := credentials.NewStaticCredentials("test", "test", "") + newSession, err := session.NewSession() + if err != nil { + failureLog(function, args, startTime, "", fmt.Sprintf("NewSession expected to succeed but got %v", err), err).Fatal() + return + } + s3Config := s3Client.Config + s3Config.Credentials = creds + s3ClientTest := s3.New(newSession, &s3Config) + + // Check with a second client: object-handlers.go > GetObjectLegalHoldHandler > checkRequestAuthType + input := &s3.GetObjectLegalHoldInput{ + Bucket: aws.String(bucket), + Key: aws.String(object), + } + // The Access Key Id you provided does not exist in our records. + _, err = s3ClientTest.GetObjectLegalHold(input) + if err == nil { + failureLog(function, args, startTime, "", fmt.Sprintf("GetObjectLegalHold expected to fail but got %v", err), err).Fatal() + return + } + + // object-handlers.go > GetObjectLegalHoldHandler > globalBucketObjectLockSys.Get(bucket); !rcfg.LockEnabled + bucketWithoutLock := bucket + "-without-lock" + _, err = s3Client.CreateBucket(&s3.CreateBucketInput{ + Bucket: aws.String(bucketWithoutLock), + ObjectLockEnabledForBucket: aws.Bool(false), + }) + if err != nil { + failureLog(function, args, startTime, "", "CreateBucket failed", err).Fatal() + return + } + defer cleanupBucket(bucketWithoutLock, function, args, startTime) + + input = &s3.GetObjectLegalHoldInput{ + Bucket: aws.String(bucketWithoutLock), + Key: aws.String(object), + } + // Bucket is missing ObjectLockConfiguration + _, err = s3Client.GetObjectLegalHold(input) + if err == nil { + failureLog(function, args, startTime, "", fmt.Sprintf("GetObjectLegalHold expected to fail but got %v", err), err).Fatal() + return + } + + // Check with a second client: object-handlers.go > PutObjectLegalHoldHandler > checkRequestAuthType + for i := range uploads { + if uploads[i].deleteMarker || uploads[i].legalhold == "OFF" { + continue + } + input := &s3.PutObjectLegalHoldInput{ + Bucket: aws.String(bucket), + Key: aws.String(object), + } + // The Access Key Id you provided does not exist in our records. + _, err := s3ClientTest.PutObjectLegalHold(input) + if err == nil { + failureLog(function, args, startTime, "", fmt.Sprintf("Turning off legalhold expected to fail but got %v", err), err).Fatal() + return + } + } + + // object-handlers.go > PutObjectLegalHoldHandler > globalBucketObjectLockSys.Get(bucket); !rcfg.LockEnabled + for i := range uploads { + if uploads[i].deleteMarker || uploads[i].legalhold == "OFF" { + continue + } + input := &s3.PutObjectLegalHoldInput{ + Bucket: aws.String(bucketWithoutLock), + Key: aws.String(object), + } + // Bucket is missing ObjectLockConfiguration + _, err := s3Client.PutObjectLegalHold(input) + if err == nil { + failureLog(function, args, startTime, "", fmt.Sprintf("Turning off legalhold expected to fail but got %v", err), err).Fatal() + return + } + } + + // object-handlers.go > PutObjectLegalHoldHandler > objectlock.ParseObjectLegalHold + putInput := &s3.PutObjectInput{ + Body: aws.ReadSeekCloser(strings.NewReader("content")), + Bucket: aws.String(bucket), + Key: aws.String(object), + ObjectLockLegalHoldStatus: aws.String("test"), + } + output, err := s3Client.PutObject(putInput) + if err != nil { + failureLog(function, args, startTime, "", fmt.Sprintf("PUT expected to succeed but got %v", err), err).Fatal() + return + } + uploads[0].versionId = *output.VersionId + + polhInput := &s3.PutObjectLegalHoldInput{ + Bucket: aws.String(bucket), + Key: aws.String(object), + VersionId: aws.String(uploads[0].versionId), + } + // We encountered an internal error, please try again.: cause(EOF) + _, err = s3Client.PutObjectLegalHold(polhInput) + if err == nil { + failureLog(function, args, startTime, "", fmt.Sprintf("PutObjectLegalHold expected to fail but got %v", err), err).Fatal() + return + } + successLogger(function, args, startTime).Info() } diff --git a/mint/build/versioning/retention.go b/mint/build/versioning/retention.go index 5e9e6c966..fe6acac75 100644 --- a/mint/build/versioning/retention.go +++ b/mint/build/versioning/retention.go @@ -90,6 +90,34 @@ func testLockingRetentionGovernance() { uploads[i].versionId = *output.VersionId } + // Change RetainUntilDate + retentionUntil := time.Now().UTC().Add(time.Hour).Truncate(time.Second) + putRetentionInput := &s3.PutObjectRetentionInput{ + Bucket: aws.String(bucket), + Key: aws.String(object), + VersionId: &uploads[1].versionId, + Retention: &s3.ObjectLockRetention{ + Mode: aws.String(uploads[1].retention), + RetainUntilDate: aws.Time(retentionUntil), + }, + } + _, err = s3Client.PutObjectRetention(putRetentionInput) + if err != nil { + failureLog(function, args, startTime, "", fmt.Sprintf("PutObjectRetention expected to succeed but got %v", err), err).Fatal() + return + } + + getRetentionInput := &s3.GetObjectRetentionInput{ + Bucket: aws.String(bucket), + Key: aws.String(object), + VersionId: aws.String(uploads[1].versionId), + } + retentionOutput, err := s3Client.GetObjectRetention(getRetentionInput) + if err != nil || retentionOutput.Retention.RetainUntilDate.String() != retentionUntil.String() { + failureLog(function, args, startTime, "", fmt.Sprintf("GetObjectRetention expected to succeed but got %v", err), err).Fatal() + return + } + // In all cases, we can remove an object by creating a delete marker // First delete without version ID deleteInput := &s3.DeleteObjectInput{