openstack/swift
Code Issues Proposed changes

Add functests for disallowed COPYs into a versioned container

Browse Source 
While we're at it, have copy and copy_account raise ResponseErrors
on failure, similar to cluster_info, update_metadata, containers, info,
files, delete, initialize, read, sync_metadata, write, and post.

Related-Change: Ia8b92251718d10b1eb44a456f28d3d2569a30003
Change-Id: I9ef42d922a6b7dbf253f2f8f5df83965d8f47e0f
This commit is contained in:
Tim Burke 2017-03-28 23:26:05 +00:00
parent 6cbf1c52e1
commit d8c7d21cfc
4 changed files with 85 additions and 54 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
test/functional/swift_test_client.py
View File

@ -723,8 +723,11 @@ class File(Base):
if 'Destination' in headers: if 'Destination' in headers:
headers['Destination'] = urllib.parse.quote(headers['Destination']) headers['Destination'] = urllib.parse.quote(headers['Destination'])
return self.conn.make_request('COPY', self.path, hdrs=headers, if self.conn.make_request('COPY', self.path, hdrs=headers,
parms=parms) == 201 cfg=cfg, parms=parms) != 201:
raise ResponseError(self.conn.response, 'COPY',
self.conn.make_path(self.path))
return True
def copy_account(self, dest_account, dest_cont, dest_file, def copy_account(self, dest_account, dest_cont, dest_file,
hdrs=None, parms=None, cfg=None): hdrs=None, parms=None, cfg=None):
@ -749,8 +752,11 @@ class File(Base):
if 'Destination' in headers: if 'Destination' in headers:
headers['Destination'] = urllib.parse.quote(headers['Destination']) headers['Destination'] = urllib.parse.quote(headers['Destination'])
return self.conn.make_request('COPY', self.path, hdrs=headers, if self.conn.make_request('COPY', self.path, hdrs=headers,
parms=parms) == 201 cfg=cfg, parms=parms) != 201:
raise ResponseError(self.conn.response, 'COPY',
self.conn.make_path(self.path))
return True
def delete(self, hdrs=None, parms=None, cfg=None): def delete(self, hdrs=None, parms=None, cfg=None):
if hdrs is None: if hdrs is None:

12
test/functional/test_slo.py
View File

@ -753,9 +753,9 @@ class TestSlo(Base):
# manifest copy will fail because there is no read access to segments # manifest copy will fail because there is no read access to segments
# in destination account # in destination account
file_item.copy_account( self.assertRaises(ResponseError, file_item.copy_account,
acct, dest_cont, "copied-abcde-manifest-only", acct, dest_cont, "copied-abcde-manifest-only",
parms={'multipart-manifest': 'get'}) parms={'multipart-manifest': 'get'})
self.assertEqual(400, file_item.conn.response.status) self.assertEqual(400, file_item.conn.response.status)
resp_body = file_item.conn.response.read() resp_body = file_item.conn.response.read()
self.assertEqual(5, resp_body.count('403 Forbidden'), self.assertEqual(5, resp_body.count('403 Forbidden'),
@ -769,9 +769,9 @@ class TestSlo(Base):
# manifest copy will still fail because there are no segments in # manifest copy will still fail because there are no segments in
# destination account # destination account
file_item.copy_account( self.assertRaises(ResponseError, file_item.copy_account,
acct, dest_cont, "copied-abcde-manifest-only", acct, dest_cont, "copied-abcde-manifest-only",
parms={'multipart-manifest': 'get'}) parms={'multipart-manifest': 'get'})
self.assertEqual(400, file_item.conn.response.status) self.assertEqual(400, file_item.conn.response.status)
resp_body = file_item.conn.response.read() resp_body = file_item.conn.response.read()
self.assertEqual(5, resp_body.count('404 Not Found'), self.assertEqual(5, resp_body.count('404 Not Found'),

27
test/functional/test_versioned_writes.py
View File

@ -445,12 +445,21 @@ class TestObjectVersioning(Base):
break break
self.assertEqual(backup_file.read(), "never argue with the data") self.assertEqual(backup_file.read(), "never argue with the data")
# user3 (some random user with no access to anything) # user3 (some random user with no access to any of account1)
# tries to read from versioned container # tries to read from versioned container
self.assertRaises(ResponseError, backup_file.read, self.assertRaises(ResponseError, backup_file.read,
cfg={'use_token': self.env.storage_token3}) cfg={'use_token': self.env.storage_token3})
# user3 cannot write or delete from source container either # create an object user3 can try to copy
a2_container = self.env.account2.container(Utils.create_name())
a2_container.create(
hdrs={'X-Container-Read': self.env.conn3.user_acl},
cfg={'use_token': self.env.storage_token2})
a2_obj = a2_container.file(Utils.create_name())
self.assertTrue(a2_obj.write("unused",
cfg={'use_token': self.env.storage_token2}))
# user3 cannot write, delete, or copy to/from source container either
number_of_versions = versions_container.info()['object_count'] number_of_versions = versions_container.info()['object_count']
self.assertRaises(ResponseError, versioned_obj.write, self.assertRaises(ResponseError, versioned_obj.write,
"some random user trying to write data", "some random user trying to write data",
@ -461,6 +470,19 @@ class TestObjectVersioning(Base):
cfg={'use_token': self.env.storage_token3}) cfg={'use_token': self.env.storage_token3})
self.assertEqual(number_of_versions, self.assertEqual(number_of_versions,
versions_container.info()['object_count']) versions_container.info()['object_count'])
self.assertRaises(
ResponseError, versioned_obj.write,
hdrs={'X-Copy-From': '%s/%s' % (a2_container.name, a2_obj.name),
'X-Copy-From-Account': self.env.conn2.account_name},
cfg={'use_token': self.env.storage_token3})
self.assertEqual(number_of_versions,
versions_container.info()['object_count'])
self.assertRaises(
ResponseError, a2_obj.copy_account,
self.env.conn.account_name, container.name, obj_name,
cfg={'use_token': self.env.storage_token3})
self.assertEqual(number_of_versions,
versions_container.info()['object_count'])
# user2 can't read or delete from versions-location # user2 can't read or delete from versions-location
self.assertRaises(ResponseError, backup_file.read, self.assertRaises(ResponseError, backup_file.read,
@ -477,6 +499,7 @@ class TestObjectVersioning(Base):
# tear-down since we create these containers here # tear-down since we create these containers here
# and not in self.env # and not in self.env
a2_container.delete_recursive()
versions_container.delete_recursive() versions_container.delete_recursive()
container.delete_recursive() container.delete_recursive()

86
test/functional/tests.py
View File

@ -1478,31 +1478,33 @@ class TestFile(Base):
# invalid source container # invalid source container
source_cont = self.env.account.container(Utils.create_name()) source_cont = self.env.account.container(Utils.create_name())
file_item = source_cont.file(source_filename) file_item = source_cont.file(source_filename)
self.assertFalse(file_item.copy( self.assertRaises(ResponseError, file_item.copy,
'%s%s' % (prefix, self.env.container), '%s%s' % (prefix, self.env.container),
Utils.create_name())) Utils.create_name())
self.assert_status(404) self.assert_status(404)
self.assertFalse(file_item.copy('%s%s' % (prefix, dest_cont), self.assertRaises(ResponseError, file_item.copy,
Utils.create_name())) '%s%s' % (prefix, dest_cont),
Utils.create_name())
self.assert_status(404) self.assert_status(404)
# invalid source object # invalid source object
file_item = self.env.container.file(Utils.create_name()) file_item = self.env.container.file(Utils.create_name())
self.assertFalse(file_item.copy( self.assertRaises(ResponseError, file_item.copy,
'%s%s' % (prefix, self.env.container), '%s%s' % (prefix, self.env.container),
Utils.create_name())) Utils.create_name())
self.assert_status(404) self.assert_status(404)
self.assertFalse(file_item.copy('%s%s' % (prefix, dest_cont), self.assertRaises(ResponseError, file_item.copy,
Utils.create_name())) '%s%s' % (prefix, dest_cont),
Utils.create_name())
self.assert_status(404) self.assert_status(404)
# invalid destination container # invalid destination container
file_item = self.env.container.file(source_filename) file_item = self.env.container.file(source_filename)
self.assertFalse(file_item.copy( self.assertRaises(ResponseError, file_item.copy,
'%s%s' % (prefix, Utils.create_name()), '%s%s' % (prefix, Utils.create_name()),
Utils.create_name())) Utils.create_name())
def testCopyAccount404s(self): def testCopyAccount404s(self):
acct = self.env.conn.account_name acct = self.env.conn.account_name
@ -1526,44 +1528,44 @@ class TestFile(Base):
# invalid source container # invalid source container
source_cont = self.env.account.container(Utils.create_name()) source_cont = self.env.account.container(Utils.create_name())
file_item = source_cont.file(source_filename) file_item = source_cont.file(source_filename)
self.assertFalse(file_item.copy_account( self.assertRaises(ResponseError, file_item.copy_account,
acct, acct,
'%s%s' % (prefix, self.env.container), '%s%s' % (prefix, self.env.container),
Utils.create_name())) Utils.create_name())
# there is no such source container but user has # there is no such source container but user has
# permissions to do a GET (done internally via COPY) for # permissions to do a GET (done internally via COPY) for
# objects in his own account. # objects in his own account.
self.assert_status(404) self.assert_status(404)
self.assertFalse(file_item.copy_account( self.assertRaises(ResponseError, file_item.copy_account,
acct, acct,
'%s%s' % (prefix, cont), '%s%s' % (prefix, cont),
Utils.create_name())) Utils.create_name())
self.assert_status(404) self.assert_status(404)
# invalid source object # invalid source object
file_item = self.env.container.file(Utils.create_name()) file_item = self.env.container.file(Utils.create_name())
self.assertFalse(file_item.copy_account( self.assertRaises(ResponseError, file_item.copy_account,
acct, acct,
'%s%s' % (prefix, self.env.container), '%s%s' % (prefix, self.env.container),
Utils.create_name())) Utils.create_name())
# there is no such source container but user has # there is no such source container but user has
# permissions to do a GET (done internally via COPY) for # permissions to do a GET (done internally via COPY) for
# objects in his own account. # objects in his own account.
self.assert_status(404) self.assert_status(404)
self.assertFalse(file_item.copy_account( self.assertRaises(ResponseError, file_item.copy_account,
acct, acct,
'%s%s' % (prefix, cont), '%s%s' % (prefix, cont),
Utils.create_name())) Utils.create_name())
self.assert_status(404) self.assert_status(404)
# invalid destination container # invalid destination container
file_item = self.env.container.file(source_filename) file_item = self.env.container.file(source_filename)
self.assertFalse(file_item.copy_account( self.assertRaises(ResponseError, file_item.copy_account,
acct, acct,
'%s%s' % (prefix, Utils.create_name()), '%s%s' % (prefix, Utils.create_name()),
Utils.create_name())) Utils.create_name())
if acct == acct2: if acct == acct2:
# there is no such destination container # there is no such destination container
# and foreign user can have no permission to write there # and foreign user can have no permission to write there
@ -1577,9 +1579,9 @@ class TestFile(Base):
file_item.write_random() file_item.write_random()
file_item = self.env.container.file(source_filename) file_item = self.env.container.file(source_filename)
self.assertFalse(file_item.copy(Utils.create_name(), self.assertRaises(ResponseError, file_item.copy, Utils.create_name(),
Utils.create_name(), Utils.create_name(),
cfg={'no_destination': True})) cfg={'no_destination': True})
self.assert_status(412) self.assert_status(412)
def testCopyDestinationSlashProblems(self): def testCopyDestinationSlashProblems(self):
@ -1588,15 +1590,15 @@ class TestFile(Base):
file_item.write_random() file_item.write_random()
# no slash # no slash
self.assertFalse(file_item.copy(Utils.create_name(), self.assertRaises(ResponseError, file_item.copy, Utils.create_name(),
Utils.create_name(), Utils.create_name(),
cfg={'destination': Utils.create_name()})) cfg={'destination': Utils.create_name()})
self.assert_status(412) self.assert_status(412)
# too many slashes # too many slashes
self.assertFalse(file_item.copy(Utils.create_name(), self.assertRaises(ResponseError, file_item.copy, Utils.create_name(),
Utils.create_name(), Utils.create_name(),
cfg={'destination': '//%s' % Utils.create_name()})) cfg={'destination': '//%s' % Utils.create_name()})
self.assert_status(412) self.assert_status(412)
def testCopyFromHeader(self): def testCopyFromHeader(self):