From de13220c6ccf8c49b2300a78e30fe91635361e05 Mon Sep 17 00:00:00 2001 From: Clay Gerrard Date: Fri, 3 Jun 2022 15:53:06 -0500 Subject: [PATCH] more tests for canned acls Change-Id: Iebde15499cce24f8e82ed1f4068cb0b5f71c05de --- .../common/middleware/s3api/test_acl_utils.py | 57 ++++++++++++------- 1 file changed, 38 insertions(+), 19 deletions(-) diff --git a/test/unit/common/middleware/s3api/test_acl_utils.py b/test/unit/common/middleware/s3api/test_acl_utils.py index a29f07f2e3..9a8ee1a749 100644 --- a/test/unit/common/middleware/s3api/test_acl_utils.py +++ b/test/unit/common/middleware/s3api/test_acl_utils.py @@ -16,6 +16,7 @@ import unittest from swift.common.swob import Request +from swift.common.middleware.s3api import s3response from swift.common.middleware.s3api.acl_utils import handle_acl_header from test.unit.common.middleware.s3api import S3ApiTestCase @@ -26,29 +27,47 @@ class TestS3ApiAclUtils(S3ApiTestCase): def setUp(self): super(TestS3ApiAclUtils, self).setUp() - def test_handle_acl_header(self): - def check_generated_acl_header(acl, targets): - req = Request.blank('/bucket', - headers={'X-Amz-Acl': acl}) + def check_generated_acl_header(self, acl, expected): + req = Request.blank('/bucket', + headers={'X-Amz-Acl': acl}) + try: handle_acl_header(req) - for target in targets: + except s3response.ErrorResponse as e: + if isinstance(e, expected): + self.assertEqual(expected._status, e._status) + else: + raise + else: + for target in expected: self.assertTrue(target[0] in req.headers) self.assertEqual(req.headers[target[0]], target[1]) - check_generated_acl_header('public-read', - [('X-Container-Read', '.r:*,.rlistings')]) - check_generated_acl_header('public-read-write', - [('X-Container-Read', '.r:*,.rlistings'), - ('X-Container-Write', '.r:*')]) - check_generated_acl_header('private', - [('X-Container-Read', '.'), - ('X-Container-Write', '.')]) - check_generated_acl_header('bucket-owner-full-control', - [('X-Container-Read', '.'), - ('X-Container-Write', '.')]) - check_generated_acl_header('bucket-owner-read', - [('X-Container-Read', '.'), - ('X-Container-Write', '.')]) + def test_canned_acl_header(self): + # https://docs.aws.amazon.com/AmazonS3/latest/userguide/acl-overview.html#canned-acl + self.check_generated_acl_header( + 'private', + [('X-Container-Read', '.'), ('X-Container-Write', '.')]) + self.check_generated_acl_header( + 'public-read', [('X-Container-Read', '.r:*,.rlistings')]) + self.check_generated_acl_header( + 'public-read-write', [('X-Container-Read', '.r:*,.rlistings'), + ('X-Container-Write', '.r:*')]) + self.check_generated_acl_header( + 'aws-exec-read', s3response.InvalidArgument) + self.check_generated_acl_header( + 'authenticated-read', s3response.S3NotImplemented) + self.check_generated_acl_header( + 'bucket-owner-read', [('X-Container-Read', '.'), + ('X-Container-Write', '.')]) + self.check_generated_acl_header( + 'bucket-owner-full-control', [('X-Container-Read', '.'), + ('X-Container-Write', '.')]) + self.check_generated_acl_header( + 'log-delivery-write', s3response.S3NotImplemented) + + # the 400 response is the catch all + self.check_generated_acl_header( + 'some-non-sense', s3response.InvalidArgument) if __name__ == '__main__':