From 64a96fec42288a6709a304abc37b9559b7571949 Mon Sep 17 00:00:00 2001 From: Luke McCrone Date: Tue, 18 Feb 2025 18:58:02 -0300 Subject: [PATCH 1/2] test: initial checksum tests, REST script additions --- .../commands/get_object_lock_configuration.sh | 31 +--- tests/commands/list_objects.sh | 42 ++--- tests/rest_scripts/get_object_lock_config.sh | 41 +++++ tests/rest_scripts/head_object.sh | 27 ++-- tests/rest_scripts/put_object.sh | 25 ++- tests/run.sh | 2 + tests/test_rest.sh | 151 ++++++++---------- tests/test_rest_checksum.sh | 48 +++++- tests/test_rest_versioning.sh | 106 ++++++++++++ tests/util/util_head_object.sh | 35 +++- tests/util/util_list_objects.sh | 28 ++++ tests/util/util_lock_config.sh | 2 +- tests/util/util_object.sh | 74 ++++++++- tests/util/util_xml.sh | 2 +- 14 files changed, 442 insertions(+), 172 deletions(-) create mode 100755 tests/rest_scripts/get_object_lock_config.sh create mode 100755 tests/test_rest_versioning.sh diff --git a/tests/commands/get_object_lock_configuration.sh b/tests/commands/get_object_lock_configuration.sh index 145b13c9f..eb3ebfa67 100644 --- a/tests/commands/get_object_lock_configuration.sh +++ b/tests/commands/get_object_lock_configuration.sh @@ -36,35 +36,12 @@ get_object_lock_configuration_rest() { log 2 "'get_object_lock_configuration_rest' requires bucket name" return 1 fi - - current_date_time=$(date -u +"%Y%m%dT%H%M%SZ") - aws_endpoint_url_address=${AWS_ENDPOINT_URL#*//} - header=$(echo "$AWS_ENDPOINT_URL" | awk -F: '{print $1}') - # shellcheck disable=SC2154 - canonical_request="GET -/$1 -object-lock= -host:$aws_endpoint_url_address -x-amz-content-sha256:UNSIGNED-PAYLOAD -x-amz-date:$current_date_time - -host;x-amz-content-sha256;x-amz-date -UNSIGNED-PAYLOAD" - - if ! generate_sts_string "$current_date_time" "$canonical_request"; then - log 2 "error generating sts string" + if ! result=$(COMMAND_LOG="$COMMAND_LOG" BUCKET_NAME="$1" OUTPUT_FILE="$TEST_FILE_FOLDER/object-lock-config.txt" ./tests/rest_scripts/get_object_lock_config.sh); then + log 2 "error getting lock configuration: $result" return 1 fi - get_signature - # shellcheck disable=SC2154 - reply=$(send_command curl -w "%{http_code}" -ks "$header://$aws_endpoint_url_address/$1?object-lock" \ - -H "Authorization: AWS4-HMAC-SHA256 Credential=$AWS_ACCESS_KEY_ID/$ymd/$AWS_REGION/s3/aws4_request,SignedHeaders=host;x-amz-content-sha256;x-amz-date,Signature=$signature" \ - -H "x-amz-content-sha256: UNSIGNED-PAYLOAD" \ - -H "x-amz-date: $current_date_time" \ - -o "$TEST_FILE_FOLDER/object-lock-config.txt" 2>&1) - log 5 "reply: $reply" - if [[ "$reply" != "200" ]]; then - log 2 "get object command returned error: $(cat "$TEST_FILE_FOLDER/object-lock-config.txt")" + if [[ "$result" != "200" ]]; then + log 2 "expected '200', returned '$result': $(cat "$TEST_FILE_FOLDER/object-lock-config.txt")" return 1 fi return 0 diff --git a/tests/commands/list_objects.sh b/tests/commands/list_objects.sh index 3b09f90be..efb7dbf2c 100644 --- a/tests/commands/list_objects.sh +++ b/tests/commands/list_objects.sh @@ -138,35 +138,19 @@ list_objects_rest() { log 2 "'list_objects_rest' requires bucket name" return 1 fi - - generate_hash_for_payload "" - - current_date_time=$(date -u +"%Y%m%dT%H%M%SZ") - aws_endpoint_url_address=${AWS_ENDPOINT_URL#*//} - header=$(echo "$AWS_ENDPOINT_URL" | awk -F: '{print $1}') - # shellcheck disable=SC2154 - canonical_request="GET -/$1 - -host:$aws_endpoint_url_address -x-amz-content-sha256:$payload_hash -x-amz-date:$current_date_time - -host;x-amz-content-sha256;x-amz-date -$payload_hash" - - log 5 "canonical request: $canonical_request" - - if ! generate_sts_string "$current_date_time" "$canonical_request"; then - log 2 "error generating sts string" + log 5 "bucket name: $1" + if ! result=$(COMMAND_LOG="$COMMAND_LOG" BUCKET_NAME="$1" OUTPUT_FILE="$TEST_FILE_FOLDER/objects.txt" ./tests/rest_scripts/list_objects.sh); then + log 2 "error listing objects: $result" + return 1 + fi + if [ "$result" != "200" ]; then + log 2 "expected '200', was '$result' ($(cat "$TEST_FILE_FOLDER/objects.txt"))" + return 1 + fi + # shellcheck disable=SC2034 + reply=$(cat "$TEST_FILE_FOLDER/objects.txt") + if ! parse_objects_list_rest; then + log 2 "error parsing list objects" return 1 fi - get_signature - # shellcheck disable=SC2154 - reply=$(send_command curl -ks "$header://$aws_endpoint_url_address/$1" \ - -H "Authorization: AWS4-HMAC-SHA256 Credential=$AWS_ACCESS_KEY_ID/$ymd/$AWS_REGION/s3/aws4_request,SignedHeaders=host;x-amz-content-sha256;x-amz-date,Signature=$signature" \ - -H "x-amz-content-sha256: $payload_hash" \ - -H "x-amz-date: $current_date_time" 2>&1) - log 5 "reply: $reply" - parse_objects_list_rest } diff --git a/tests/rest_scripts/get_object_lock_config.sh b/tests/rest_scripts/get_object_lock_config.sh new file mode 100755 index 000000000..c33eb07e4 --- /dev/null +++ b/tests/rest_scripts/get_object_lock_config.sh @@ -0,0 +1,41 @@ +#!/usr/bin/env bash + +# Copyright 2024 Versity Software +# This file is licensed under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http:#www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. + +# Fields + +source ./tests/rest_scripts/rest.sh + +# shellcheck disable=SC2153 +bucket_name="$BUCKET_NAME" + +current_date_time=$(date -u +"%Y%m%dT%H%M%SZ") +canonical_request_data=("GET" "/$bucket_name" "object-lock=" "host:$host") +canonical_request_data+=("x-amz-content-sha256:UNSIGNED-PAYLOAD" "x-amz-date:$current_date_time") +if ! build_canonical_request "${canonical_request_data[@]}"; then + log_rest 2 "error building request" + exit 1 +fi +echo "$canonical_request" > "cr.txt" + +# shellcheck disable=SC2119 +create_canonical_hash_sts_and_signature + +# shellcheck disable=SC2154 +curl_command+=(curl -ks -w "\"%{http_code}\"" "$AWS_ENDPOINT_URL/$bucket_name?object-lock") +curl_command+=(-H "\"Authorization: AWS4-HMAC-SHA256 Credential=$AWS_ACCESS_KEY_ID/$year_month_day/$AWS_REGION/s3/aws4_request,SignedHeaders=$param_list,Signature=$signature\"") +curl_command+=("${header_fields[@]}") +curl_command+=(-o "$OUTPUT_FILE") +eval "${curl_command[*]}" 2>&1 \ No newline at end of file diff --git a/tests/rest_scripts/head_object.sh b/tests/rest_scripts/head_object.sh index 4ff71a0dc..a1527ddd4 100755 --- a/tests/rest_scripts/head_object.sh +++ b/tests/rest_scripts/head_object.sh @@ -22,21 +22,18 @@ source ./tests/rest_scripts/rest.sh bucket_name="$BUCKET_NAME" # shellcheck disable=SC2154 key="$OBJECT_KEY" +# shellcheck disable=SC2153 +version_id="$VERSION_ID" current_date_time=$(date -u +"%Y%m%dT%H%M%SZ") -#x-amz-object-attributes:ETag -canonical_request="HEAD -/$bucket_name/$key - -host:$host -x-amz-content-sha256:UNSIGNED-PAYLOAD -x-amz-date:$current_date_time - -host;x-amz-content-sha256;x-amz-date -UNSIGNED-PAYLOAD" - -canonical_request_data=("HEAD" "/$bucket_name/$key" "" "host:$host") +canonical_request_data=("HEAD" "/$bucket_name/$key") +if [ "$version_id" != "" ]; then + canonical_request_data+=("versionId=$version_id") +else + canonical_request_data+=("") +fi +canonical_request_data+=("host:$host") if [ "$CHECKSUM" == "true" ]; then canonical_request_data+=("x-amz-checksum-mode:ENABLED") fi @@ -48,7 +45,11 @@ fi # shellcheck disable=SC2119 create_canonical_hash_sts_and_signature -curl_command+=(curl -ksI -w "\"%{http_code}\"" "$AWS_ENDPOINT_URL/$bucket_name/$key" +url="$AWS_ENDPOINT_URL/$bucket_name/$key" +if [ "$version_id" != "" ]; then + url+="?versionId=$version_id" +fi +curl_command+=(curl -ksI -w "\"%{http_code}\"" "$url" -H "\"Authorization: AWS4-HMAC-SHA256 Credential=$aws_access_key_id/$year_month_day/$aws_region/s3/aws4_request,SignedHeaders=$param_list,Signature=$signature\"") curl_command+=("${header_fields[@]}") curl_command+=(-o "$OUTPUT_FILE") diff --git a/tests/rest_scripts/put_object.sh b/tests/rest_scripts/put_object.sh index a55815431..f4085e48f 100755 --- a/tests/rest_scripts/put_object.sh +++ b/tests/rest_scripts/put_object.sh @@ -25,15 +25,32 @@ bucket_name="$BUCKET_NAME" # shellcheck disable=SC2153 key="$OBJECT_KEY" # shellcheck disable=SC2153,SC2154 -checksum="$CHECKSUM" +checksum_type="$CHECKSUM_TYPE" +# shellcheck disable=SC2153 +payload="$PAYLOAD" + +# use this parameter to check incorrect checksums +# shellcheck disable=SC2153,SC2154 +checksum_hash="$CHECKSUM" current_date_time=$(date -u +"%Y%m%dT%H%M%SZ") -payload_hash="$(sha256sum "$data_file" | awk '{print $1}')" +if [ "$payload" == "" ]; then + payload_hash="$(sha256sum "$data_file" | awk '{print $1}')" +else + payload_hash="$payload" +fi cr_data=("PUT" "/$bucket_name/$key" "" "host:$host") -if [ "$checksum" == "true" ]; then - checksum_hash="$(echo -n "$payload_hash" | xxd -r -p | base64)" +if [ "$checksum_type" == "sha256" ]; then + if [ -z "$checksum_hash" ]; then + checksum_hash="$(sha256sum "$data_file" | awk '{print $1}' | xxd -r -p | base64)" + fi cr_data+=("x-amz-checksum-sha256:$checksum_hash") +elif [ "$checksum_type" == "crc32" ]; then + if [ -z "$checksum_hash" ]; then + checksum_hash="$(gzip -c -1 "$data_file" | tail -c8 | od -t x4 -N 4 -A n | awk '{print $1}' | xxd -r -p | base64)" + fi + cr_data+=("x-amz-checksum-crc32:$checksum_hash") fi cr_data+=("x-amz-content-sha256:$payload_hash" "x-amz-date:$current_date_time") build_canonical_request "${cr_data[@]}" diff --git a/tests/run.sh b/tests/run.sh index 359327610..565719332 100755 --- a/tests/run.sh +++ b/tests/run.sh @@ -149,6 +149,8 @@ run_suite() { exit_code=1 elif ! "$HOME"/bin/bats ./tests/test_rest_checksum.sh; then exit_code=1 + elif ! "$HOME"/bin/bats ./tests/test_rest_versioning.sh; then + exit_code=1 fi ;; s3api-user) diff --git a/tests/test_rest.sh b/tests/test_rest.sh index 676eb059b..e806e575d 100755 --- a/tests/test_rest.sh +++ b/tests/test_rest.sh @@ -147,28 +147,6 @@ export RUN_USERS=true assert_success } -@test "REST - check, enable, suspend versioning" { - run setup_bucket "s3api" "$BUCKET_ONE_NAME" - assert_success - - log 5 "get versioning" - - run check_versioning_status_rest "$BUCKET_ONE_NAME" "" - assert_success - - run put_bucket_versioning_rest "$BUCKET_ONE_NAME" "Enabled" - assert_success - - run check_versioning_status_rest "$BUCKET_ONE_NAME" "Enabled" - assert_success - - run put_bucket_versioning_rest "$BUCKET_ONE_NAME" "Suspended" - assert_success - - run check_versioning_status_rest "$BUCKET_ONE_NAME" "Suspended" - assert_success -} - @test "test_rest_set_get_lock_config" { run setup_bucket "s3api" "$BUCKET_ONE_NAME" assert_success @@ -189,66 +167,6 @@ export RUN_USERS=true assert_success } -@test "test_rest_versioning" { - test_file="test_file" - run setup_bucket_and_file "$BUCKET_ONE_NAME" "$test_file" - assert_success - - run put_object "rest" "$TEST_FILE_FOLDER/$test_file" "$BUCKET_ONE_NAME" "$test_file" - assert_success - - run get_and_check_versions_rest "$BUCKET_ONE_NAME" "$test_file" "1" "true" "true" - assert_success - - run put_bucket_versioning "s3api" "$BUCKET_ONE_NAME" "Enabled" - assert_success - - run get_and_check_versions_rest "$BUCKET_ONE_NAME" "$test_file" "1" "true" "true" - assert_success - - run put_object "rest" "$TEST_FILE_FOLDER/$test_file" "$BUCKET_ONE_NAME" "$test_file" - assert_success - - run get_and_check_versions_rest "$BUCKET_ONE_NAME" "$test_file" "2" "true" "false" "false" "true" - assert_success -} - -@test "versioning - add version, then delete and check for marker" { - test_file="test_file" - run setup_bucket_and_file "$BUCKET_ONE_NAME" "$test_file" - assert_success - - run put_object "rest" "$TEST_FILE_FOLDER/$test_file" "$BUCKET_ONE_NAME" "$test_file" - assert_success - - run put_bucket_versioning "s3api" "$BUCKET_ONE_NAME" "Enabled" - assert_success - - run delete_object_rest "$BUCKET_ONE_NAME" "$test_file" - assert_success - - run check_versions_after_file_deletion "$BUCKET_ONE_NAME" "$test_file" - assert_success -} - -@test "versioning - retrieve after delete" { - test_file="test_file" - run setup_bucket_and_file "$BUCKET_ONE_NAME" "$test_file" - assert_success - - run put_object "s3api" "$TEST_FILE_FOLDER/$test_file" "$BUCKET_ONE_NAME" "$test_file" - assert_success - - run put_bucket_versioning "s3api" "$BUCKET_ONE_NAME" "Enabled" - assert_success - - run delete_object "s3api" "$BUCKET_ONE_NAME" "$test_file" - assert_success - - run get_object "s3api" "$BUCKET_ONE_NAME" "$test_file" "$TEST_FILE_FOLDER/$test_file-copy" - assert_failure -} - @test "REST - legal hold, get without config" { test_file="test_file" run setup_bucket_and_file "$BUCKET_ONE_NAME" "$test_file" @@ -534,3 +452,72 @@ export RUN_USERS=true run verify_object_not_found "$BUCKET_ONE_NAME" "$test_file_two" assert_success } + +@test "REST - put object w/STREAMING-AWS4-HMAC-SHA256-PAYLOAD without content length" { + if [ "$DIRECT" != "true" ]; then + skip "https://github.com/versity/versitygw/issues/1043" + fi + test_file="test_file" + run setup_bucket_and_file "$BUCKET_ONE_NAME" "$test_file" + assert_success + + run put_object_rest_chunked_payload_type_without_content_length "$TEST_FILE_FOLDER/$test_file" "$BUCKET_ONE_NAME" "$test_file" + assert_success +} + +@test "REST - HeadObject does not return 405 with versioning, after file deleted" { + if [ "$DIRECT" != "true" ]; then + skip "https://github.com/versity/versitygw/issues/1029" + fi + if [ "$RECREATE_BUCKETS" == "false" ] || [[ ( -z "$VERSIONING_DIR" ) && ( "$DIRECT" != "true" ) ]]; then + skip + fi + run bucket_cleanup_if_bucket_exists "s3api" "$BUCKET_ONE_NAME" + assert_success + + # in static bucket config, bucket will still exist + if ! bucket_exists "s3api" "$BUCKET_ONE_NAME"; then + run create_bucket_object_lock_enabled "$BUCKET_ONE_NAME" + assert_success + fi + + test_file="test_file" + run create_test_files "$test_file" + assert_success + + run put_object "s3api" "$TEST_FILE_FOLDER/$test_file" "$BUCKET_ONE_NAME" "$test_file" + assert_success + + run delete_object "s3api" "$BUCKET_ONE_NAME" "$test_file" + assert_success + + run verify_object_not_found "$BUCKET_ONE_NAME" "$test_file" + assert_success +} + +@test "REST - HeadObject returns 405 when querying DeleteMarker" { + if [ "$RECREATE_BUCKETS" == "false" ] || [[ ( -z "$VERSIONING_DIR" ) && ( "$DIRECT" != "true" ) ]]; then + skip + fi + run bucket_cleanup_if_bucket_exists "s3api" "$BUCKET_ONE_NAME" + assert_success + + # in static bucket config, bucket will still exist + if ! bucket_exists "s3api" "$BUCKET_ONE_NAME"; then + run create_bucket_object_lock_enabled "$BUCKET_ONE_NAME" + assert_success + fi + + test_file="test_file" + run create_test_files "$test_file" + assert_success + + run put_object "s3api" "$TEST_FILE_FOLDER/$test_file" "$BUCKET_ONE_NAME" "$test_file" + assert_success + + run delete_object "s3api" "$BUCKET_ONE_NAME" "$test_file" + assert_success + + run get_delete_marker_and_verify_405 "$BUCKET_ONE_NAME" "$test_file" + assert_success +} diff --git a/tests/test_rest_checksum.sh b/tests/test_rest_checksum.sh index bd375b860..5d060528e 100755 --- a/tests/test_rest_checksum.sh +++ b/tests/test_rest_checksum.sh @@ -22,16 +22,52 @@ source ./tests/util/util_head_object.sh source ./tests/util/util_setup.sh @test "REST - HeadObject returns x-amz-checksum-sha256" { - if [ "$DIRECT" != "true" ]; then - skip "https://github.com/versity/versitygw/issues/1070" - fi test_file="test_file" run setup_bucket_and_file "$BUCKET_ONE_NAME" "$test_file" assert_success - run put_object_rest_sha256_checksum "$TEST_FILE_FOLDER/$test_file" "$BUCKET_ONE_NAME" "$test_file" + run put_object_rest_checksum "$TEST_FILE_FOLDER/$test_file" "$BUCKET_ONE_NAME" "$test_file" "sha256" assert_success - run check_checksum_rest "$BUCKET_ONE_NAME" "$test_file" "$TEST_FILE_FOLDER/$test_file" + run check_checksum_rest_sha256 "$BUCKET_ONE_NAME" "$test_file" "$TEST_FILE_FOLDER/$test_file" assert_success -} \ No newline at end of file +} + +@test "REST - PutObject rejects invalid sha256 checksum" { + test_file="test_file" + run setup_bucket_and_file "$BUCKET_ONE_NAME" "$test_file" + assert_success + + run put_object_rest_sha256_invalid "$TEST_FILE_FOLDER/$test_file" "$BUCKET_ONE_NAME" "$test_file" + assert_success +} + +@test "REST - PutObject rejects incorrect sha256 checksum" { + test_file="test_file" + run setup_bucket_and_file "$BUCKET_ONE_NAME" "$test_file" + assert_success + + run put_object_rest_sha256_incorrect "$TEST_FILE_FOLDER/$test_file" "$BUCKET_ONE_NAME" "$test_file" + assert_success +} + +@test "REST - crc32 checksum - success" { + test_file="test_file" + run setup_bucket_and_file "$BUCKET_ONE_NAME" "$test_file" + assert_success + + run put_object_rest_checksum "$TEST_FILE_FOLDER/$test_file" "$BUCKET_ONE_NAME" "$test_file" "crc32" + assert_success +} + +@test "REST - crc32 checksum - correct" { + test_file="test_file" + run setup_bucket_and_file "$BUCKET_ONE_NAME" "$test_file" + assert_success + + run put_object_rest_checksum "$TEST_FILE_FOLDER/$test_file" "$BUCKET_ONE_NAME" "$test_file" "crc32" + assert_success + + run check_checksum_rest_crc32 "$BUCKET_ONE_NAME" "$test_file" "$TEST_FILE_FOLDER/$test_file" + assert_success +} diff --git a/tests/test_rest_versioning.sh b/tests/test_rest_versioning.sh new file mode 100755 index 000000000..de07386d4 --- /dev/null +++ b/tests/test_rest_versioning.sh @@ -0,0 +1,106 @@ +#!/usr/bin/env bats + +# Copyright 2024 Versity Software +# This file is licensed under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http:#www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. + +load ./bats-support/load +load ./bats-assert/load + +source ./tests/setup.sh +source ./tests/commands/get_object.sh +source ./tests/commands/put_object.sh +source ./tests/util/util_rest.sh +source ./tests/util/util_setup.sh + +@test "REST - check, enable, suspend versioning" { + run setup_bucket "s3api" "$BUCKET_ONE_NAME" + assert_success + + log 5 "get versioning" + + run check_versioning_status_rest "$BUCKET_ONE_NAME" "" + assert_success + + run put_bucket_versioning_rest "$BUCKET_ONE_NAME" "Enabled" + assert_success + + run check_versioning_status_rest "$BUCKET_ONE_NAME" "Enabled" + assert_success + + run put_bucket_versioning_rest "$BUCKET_ONE_NAME" "Suspended" + assert_success + + run check_versioning_status_rest "$BUCKET_ONE_NAME" "Suspended" + assert_success +} + +@test "test_rest_versioning" { + test_file="test_file" + run setup_bucket_and_file "$BUCKET_ONE_NAME" "$test_file" + assert_success + + run put_object "rest" "$TEST_FILE_FOLDER/$test_file" "$BUCKET_ONE_NAME" "$test_file" + assert_success + + run get_and_check_versions_rest "$BUCKET_ONE_NAME" "$test_file" "1" "true" "true" + assert_success + + run put_bucket_versioning "s3api" "$BUCKET_ONE_NAME" "Enabled" + assert_success + + run get_and_check_versions_rest "$BUCKET_ONE_NAME" "$test_file" "1" "true" "true" + assert_success + + run put_object "rest" "$TEST_FILE_FOLDER/$test_file" "$BUCKET_ONE_NAME" "$test_file" + assert_success + + run get_and_check_versions_rest "$BUCKET_ONE_NAME" "$test_file" "2" "true" "false" "false" "true" + assert_success +} + +@test "versioning - add version, then delete and check for marker" { + test_file="test_file" + run setup_bucket_and_file "$BUCKET_ONE_NAME" "$test_file" + assert_success + + run put_object "rest" "$TEST_FILE_FOLDER/$test_file" "$BUCKET_ONE_NAME" "$test_file" + assert_success + + run put_bucket_versioning "s3api" "$BUCKET_ONE_NAME" "Enabled" + assert_success + + run delete_object_rest "$BUCKET_ONE_NAME" "$test_file" + assert_success + + run check_versions_after_file_deletion "$BUCKET_ONE_NAME" "$test_file" + assert_success +} + +@test "versioning - retrieve after delete" { + test_file="test_file" + run setup_bucket_and_file "$BUCKET_ONE_NAME" "$test_file" + assert_success + + run put_object "s3api" "$TEST_FILE_FOLDER/$test_file" "$BUCKET_ONE_NAME" "$test_file" + assert_success + + run put_bucket_versioning "s3api" "$BUCKET_ONE_NAME" "Enabled" + assert_success + + run delete_object "s3api" "$BUCKET_ONE_NAME" "$test_file" + assert_success + + run get_object "s3api" "$BUCKET_ONE_NAME" "$test_file" "$TEST_FILE_FOLDER/$test_file-copy" + assert_failure +} diff --git a/tests/util/util_head_object.sh b/tests/util/util_head_object.sh index 9488183f1..3814f6ac6 100644 --- a/tests/util/util_head_object.sh +++ b/tests/util/util_head_object.sh @@ -122,8 +122,8 @@ verify_object_exists() { } check_checksum_rest() { - if [ $# -ne 3 ]; then - log 2 "'check_checksum_rest' requires bucket, file, local file" + if [ $# -ne 4 ]; then + log 2 "'check_checksum_rest' requires bucket, file, expected checksum, header key" return 1 fi if ! result=$(COMMAND_LOG="$COMMAND_LOG" BUCKET_NAME="$1" OBJECT_KEY="$2" CHECKSUM="true" OUTPUT_FILE="$TEST_FILE_FOLDER/result.txt" ./tests/rest_scripts/head_object.sh 2>&1); then @@ -134,10 +134,35 @@ check_checksum_rest() { log 2 "expected response code '200', was '$result'" return 1 fi - head_checksum=$(grep "x-amz-checksum-sha256" "$TEST_FILE_FOLDER/result.txt" | awk '{print $2}' | sed 's/\r$//') - file_checksum="$(sha256sum "$3" | awk '{print $1}' | xxd -r -p | base64)" - if [ "$file_checksum" != "$head_checksum" ]; then + head_checksum=$(grep -i "$4" "$TEST_FILE_FOLDER/result.txt" | awk '{print $2}' | sed 's/\r$//') + if [ "$3" != "$head_checksum" ]; then log 2 "'checksum mismatch (head '$head_checksum', local '$file_checksum')" return 1 fi } + +check_checksum_rest_sha256() { + if [ $# -ne 3 ]; then + log 2 "'check_checksum_rest_sha256' requires bucket, file, local file" + return 1 + fi + file_checksum="$(sha256sum "$3" | awk '{print $1}' | xxd -r -p | base64)" + if ! check_checksum_rest "$1" "$2" "$file_checksum" "x-amz-checksum-sha256"; then + log 2 "error checking checksum" + return 1 + fi + return 0 +} + +check_checksum_rest_crc32() { + if [ $# -ne 3 ]; then + log 2 "'check_checksum_rest_crc32' requires bucket, file, local file" + return 1 + fi + file_checksum="$(gzip -c -1 "$3" | tail -c8 | od -t x4 -N 4 -A n | awk '{print $1}' | xxd -r -p | base64)" + if ! check_checksum_rest "$1" "$2" "$file_checksum" "x-amz-checksum-crc32"; then + log 2 "error checking checksum" + return 1 + fi + return 0 +} diff --git a/tests/util/util_list_objects.sh b/tests/util/util_list_objects.sh index 804eb3dbf..eae84fcbd 100644 --- a/tests/util/util_list_objects.sh +++ b/tests/util/util_list_objects.sh @@ -328,3 +328,31 @@ list_objects_v1_check_nextmarker_empty() { fi return 0 } + +get_delete_marker_and_verify_405() { + if [ $# -ne 2 ]; then + log 2 "'get_delete_marker_and_verify_405' requires bucket name, file name" + return 1 + fi + if ! list_object_versions_rest "$1"; then + log 2 "error listing REST object versions" + return 1 + fi + log 5 "versions: $(cat "$TEST_FILE_FOLDER/object_versions.txt")" + + if ! version_id=$(xmllint --xpath "//*[local-name()=\"DeleteMarker\"]/*[local-name()=\"VersionId\"]/text()" "$TEST_FILE_FOLDER/object_versions.txt" 2>&1); then + log 2 "error getting XML value: $version_id" + return 1 + fi + log 5 "xml val: $version_id" + + if ! result=$(OUTPUT_FILE="$TEST_FILE_FOLDER/result.txt" COMMAND_LOG="$COMMAND_LOG" BUCKET_NAME="$BUCKET_ONE_NAME" OBJECT_KEY="$2" VERSION_ID="$version_id" ./tests/rest_scripts/head_object.sh); then + log 2 "error getting result: $result" + return 1 + fi + if [ "$result" != "405" ]; then + log 2 "expected '405', was '$result' ($(cat "$TEST_FILE_FOLDER/result.txt"))" + return 1 + fi + return 0 +} diff --git a/tests/util/util_lock_config.sh b/tests/util/util_lock_config.sh index 02b310bb3..0fc94cc9a 100644 --- a/tests/util/util_lock_config.sh +++ b/tests/util/util_lock_config.sh @@ -96,7 +96,7 @@ check_no_object_lock_config_rest() { fi log 5 "object lock config: $(cat "$TEST_FILE_FOLDER/object-lock-config.txt")" # shellcheck disable=SC2154 - if [[ "$reply" != "404" ]]; then + if [[ "$result" != "404" ]]; then log 2 "incorrect response code: $reply" return 1 fi diff --git a/tests/util/util_object.sh b/tests/util/util_object.sh index 6b2188ee4..12ea09a45 100644 --- a/tests/util/util_object.sh +++ b/tests/util/util_object.sh @@ -297,12 +297,32 @@ list_and_check_directory_obj() { return 0 } -put_object_rest_sha256_checksum() { - if [ $# -ne 3 ]; then - log 2 "'put_object_rest_sha256_checksum' requires data file, bucket name, key" +check_sha256_invalid_or_incorrect() { + if [ $# -ne 5 ]; then + log 2 "'check_sha256_invalid_or_incorrect' requires data file, bucket name, key, checksum, expected error" return 1 fi - if ! result=$(COMMAND_LOG="$COMMAND_LOG" DATA_FILE="$1" BUCKET_NAME="$2" OBJECT_KEY="$3" OUTPUT_FILE="$TEST_FILE_FOLDER/result.txt" CHECKSUM="true" ./tests/rest_scripts/put_object.sh 2>&1); then + if ! result=$(COMMAND_LOG="$COMMAND_LOG" DATA_FILE="$1" BUCKET_NAME="$2" OBJECT_KEY="$3" OUTPUT_FILE="$TEST_FILE_FOLDER/result.txt" CHECKSUM_TYPE="sha256" CHECKSUM="$4" ./tests/rest_scripts/put_object.sh 2>&1); then + log 2 "error: $result" + return 1 + fi + if [ "$result" != "400" ]; then + log 2 "expected response code of '400', was '$result' (response: $(cat "$TEST_FILE_FOLDER/result.txt")" + return 1 + fi + if ! check_xml_element "$TEST_FILE_FOLDER/result.txt" "$5" "Error" "Message"; then + log 2 "xml error message mismatch" + return 1 + fi + return 0 +} + +put_object_rest_checksum() { + if [ $# -ne 4 ]; then + log 2 "'put_object_rest_sha256_checksum' requires data file, bucket name, key, checksum type" + return 1 + fi + if ! result=$(COMMAND_LOG="$COMMAND_LOG" DATA_FILE="$1" BUCKET_NAME="$2" OBJECT_KEY="$3" OUTPUT_FILE="$TEST_FILE_FOLDER/result.txt" CHECKSUM_TYPE="$4" ./tests/rest_scripts/put_object.sh 2>&1); then log 2 "error: $result" return 1 fi @@ -313,3 +333,49 @@ put_object_rest_sha256_checksum() { log 5 "result: $(cat "$TEST_FILE_FOLDER/result.txt")" return 0 } + +put_object_rest_sha256_invalid() { + if [ $# -ne 3 ]; then + log 2 "'put_object_rest_sha256_invalid' requires data file, bucket name, key" + return 1 + fi + if ! check_sha256_invalid_or_incorrect "$1" "$2" "$3" "dummy" "Value for x-amz-checksum-sha256 header is invalid."; then + log 2 "error checking checksum" + return 1 + fi + return 0 +} + +put_object_rest_sha256_incorrect() { + if [ $# -ne 3 ]; then + log 2 "'put_object_rest_sha256_invalid' requires data file, bucket name, key" + return 1 + fi + if [ "$DIRECT" == "true" ]; then + error_message="The SHA256 you specified did not match the calculated checksum." + else + error_message="The sha256 you specified did not match the calculated checksum." + fi + incorrect_checksum="$(echo -n "dummy" | sha256sum | awk '{print $1}' | xxd -r -p | base64)" + if ! check_sha256_invalid_or_incorrect "$1" "$2" "$3" "$incorrect_checksum" "$error_message"; then + log 2 "error checking checksum" + return 1 + fi + return 0 +} + +put_object_rest_chunked_payload_type_without_content_length() { + if [ $# -ne 3 ]; then + log 2 "'put_object_rest_diff_payload_type' requires data file, bucket name, key" + return 1 + fi + if ! result=$(COMMAND_LOG="$COMMAND_LOG" DATA_FILE="$1" BUCKET_NAME="$2" OBJECT_KEY="$3" OUTPUT_FILE="$TEST_FILE_FOLDER/result.txt" PAYLOAD="STREAMING-AWS4-HMAC-SHA256-PAYLOAD" ./tests/rest_scripts/put_object.sh 2>&1); then + log 2 "error: $result" + return 1 + fi + if [ "$result" != "411" ]; then + log 2 "expected response code of '411', was '$result' ($(cat "$TEST_FILE_FOLDER/result.txt"))" + return 1 + fi + return 0 +} diff --git a/tests/util/util_xml.sh b/tests/util/util_xml.sh index 1cad8c2b1..ff837ede8 100644 --- a/tests/util/util_xml.sh +++ b/tests/util/util_xml.sh @@ -19,4 +19,4 @@ check_xml_element() { return 1 fi return 0 -} \ No newline at end of file +} From d10bd4d12bd09ec460009c9423462b0939b7b455 Mon Sep 17 00:00:00 2001 From: Luke McCrone Date: Thu, 27 Feb 2025 20:21:07 -0300 Subject: [PATCH 2/2] test: crc64nvme checksum --- tests/rest_scripts/calculate_crc64nvme.sh | 50 +++++++++++++++++ tests/rest_scripts/get_object_lock_config.sh | 1 - tests/rest_scripts/put_object.sh | 8 +++ tests/test_rest_checksum.sh | 26 +++++++-- tests/util/util_acl.sh | 19 ++++--- tests/util/util_head_object.sh | 10 ++++ tests/util/util_object.sh | 56 +++++++++++++++++--- tests/util/util_policy.sh | 14 +++-- 8 files changed, 160 insertions(+), 24 deletions(-) create mode 100755 tests/rest_scripts/calculate_crc64nvme.sh diff --git a/tests/rest_scripts/calculate_crc64nvme.sh b/tests/rest_scripts/calculate_crc64nvme.sh new file mode 100755 index 000000000..836a45312 --- /dev/null +++ b/tests/rest_scripts/calculate_crc64nvme.sh @@ -0,0 +1,50 @@ +#!/usr/bin/env bash + +# Copyright 2024 Versity Software +# This file is licensed under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http:#www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. + +source ./tests/rest_scripts/rest.sh + +if [ -z "$TEST_FILE_FOLDER" ] || [ -z "$DATA_FILE" ]; then + log_rest 2 "TEST_FILE_FOLDER and DATA_FILE params required for crc64nvme checksum (for python virtual env)" + exit 1 +fi +if ! python3 -m venv "$TEST_FILE_FOLDER/env" 1>/dev/null; then + log_rest 2 "error creating python virtual environment" + exit 1 +fi +if ! source "$TEST_FILE_FOLDER/env/bin/activate" 1>/dev/null; then + log_rest 2 "error activating virtual environment" + exit 1 +fi +if ! python3 -m pip install awscrt 1>/dev/null 2>&1; then + log_rest 2 "error installing awscrt" + exit 1 +fi +if ! checksum_decimal=$(python3 -c " +import sys +from awscrt import checksums + +with open(sys.argv[1], 'rb') as f: + print(checksums.crc64nvme(f.read()))" "$DATA_FILE" 2>&1); then + log_rest 2 "error calculating checksum: $checksum_decimal" + exit 1 +fi +log 5 "decimal checksum: $checksum_decimal" +if ! deactivate 1>/dev/null; then + log_rest 2 "error deactivating virtual environment" + exit 1 +fi +checksum_hash=$(printf "%016x" "$checksum_decimal" | xxd -r -p | base64) +echo "$checksum_hash" \ No newline at end of file diff --git a/tests/rest_scripts/get_object_lock_config.sh b/tests/rest_scripts/get_object_lock_config.sh index c33eb07e4..a8147add0 100755 --- a/tests/rest_scripts/get_object_lock_config.sh +++ b/tests/rest_scripts/get_object_lock_config.sh @@ -28,7 +28,6 @@ if ! build_canonical_request "${canonical_request_data[@]}"; then log_rest 2 "error building request" exit 1 fi -echo "$canonical_request" > "cr.txt" # shellcheck disable=SC2119 create_canonical_hash_sts_and_signature diff --git a/tests/rest_scripts/put_object.sh b/tests/rest_scripts/put_object.sh index f4085e48f..21336de8f 100755 --- a/tests/rest_scripts/put_object.sh +++ b/tests/rest_scripts/put_object.sh @@ -51,6 +51,14 @@ elif [ "$checksum_type" == "crc32" ]; then checksum_hash="$(gzip -c -1 "$data_file" | tail -c8 | od -t x4 -N 4 -A n | awk '{print $1}' | xxd -r -p | base64)" fi cr_data+=("x-amz-checksum-crc32:$checksum_hash") +elif [ "$checksum_type" == "crc64nvme" ]; then + if [ -z "$checksum_hash" ]; then + if ! checksum_hash=$(DATA_FILE="$data_file" TEST_FILE_FOLDER="$TEST_FILE_FOLDER" ./tests/rest_scripts/calculate_crc64nvme.sh 2>&1); then + log_rest 2 "error calculating crc64nvme checksum: $checksum_hash" + exit 1 + fi + fi + cr_data+=("x-amz-checksum-crc64nvme:$checksum_hash") fi cr_data+=("x-amz-content-sha256:$payload_hash" "x-amz-date:$current_date_time") build_canonical_request "${cr_data[@]}" diff --git a/tests/test_rest_checksum.sh b/tests/test_rest_checksum.sh index 5d060528e..97dc0ef60 100755 --- a/tests/test_rest_checksum.sh +++ b/tests/test_rest_checksum.sh @@ -51,23 +51,41 @@ source ./tests/util/util_setup.sh assert_success } -@test "REST - crc32 checksum - success" { +@test "REST - crc32 checksum - correct" { test_file="test_file" run setup_bucket_and_file "$BUCKET_ONE_NAME" "$test_file" assert_success run put_object_rest_checksum "$TEST_FILE_FOLDER/$test_file" "$BUCKET_ONE_NAME" "$test_file" "crc32" assert_success + + run check_checksum_rest_crc32 "$BUCKET_ONE_NAME" "$test_file" "$TEST_FILE_FOLDER/$test_file" + assert_success } -@test "REST - crc32 checksum - correct" { +@test "REST - crc32 checksum - incorrect" { test_file="test_file" run setup_bucket_and_file "$BUCKET_ONE_NAME" "$test_file" assert_success - run put_object_rest_checksum "$TEST_FILE_FOLDER/$test_file" "$BUCKET_ONE_NAME" "$test_file" "crc32" + run put_object_rest_crc32_incorrect "$TEST_FILE_FOLDER/$test_file" "$BUCKET_ONE_NAME" "$test_file" assert_success +} - run check_checksum_rest_crc32 "$BUCKET_ONE_NAME" "$test_file" "$TEST_FILE_FOLDER/$test_file" +@test "REST - crc64nvme checksum - correct" { + test_file="test_file" + run setup_bucket_and_file "$BUCKET_ONE_NAME" "$test_file" + assert_success + + run put_object_rest_checksum "$TEST_FILE_FOLDER/$test_file" "$BUCKET_ONE_NAME" "$test_file" "crc64nvme" + assert_success +} + +@test "REST - crc64nvme checksum - incorrect" { + test_file="test_file" + run setup_bucket_and_file "$BUCKET_ONE_NAME" "$test_file" + assert_success + + run put_object_rest_crc64nvme_incorrect "$TEST_FILE_FOLDER/$test_file" "$BUCKET_ONE_NAME" "$test_file" assert_success } diff --git a/tests/util/util_acl.sh b/tests/util/util_acl.sh index 6e67035d1..87e4c1d0e 100644 --- a/tests/util/util_acl.sh +++ b/tests/util/util_acl.sh @@ -216,6 +216,17 @@ get_check_acl_after_policy() { fi } +check_direct_display_name() { + if ! display_name=$(echo "$owner" | xmllint --xpath '//*[local-name()="DisplayName"]/text()' - 2>&1); then + log 2 "error getting display name: $display_name" + return 1 + fi + if [ "$display_name" != "$DIRECT_DISPLAY_NAME" ]; then + log 2 "display name mismatch (expected '$DIRECT_DISPLAY_NAME', actual '$display_name')" + return 1 + fi +} + get_and_check_acl_rest() { if [ $# -ne 1 ]; then log 2 "'get_and_check_acl_rest' requires bucket name" @@ -239,12 +250,8 @@ get_and_check_acl_rest() { return 1 fi if [ "$DIRECT" == "true" ]; then - if ! display_name=$(echo "$owner" | xmllint --xpath '//*[local-name()="DisplayName"]/text()' - 2>&1); then - log 2 "error getting display name: $display_name" - return 1 - fi - if [ "$display_name" != "$DIRECT_DISPLAY_NAME" ]; then - log 2 "display name mismatch (expected '$DIRECT_DISPLAY_NAME', actual '$display_name')" + if ! check_direct_display_name; then + log 2 "error checking direct display name" return 1 fi else diff --git a/tests/util/util_head_object.sh b/tests/util/util_head_object.sh index 3814f6ac6..f73811205 100644 --- a/tests/util/util_head_object.sh +++ b/tests/util/util_head_object.sh @@ -166,3 +166,13 @@ check_checksum_rest_crc32() { fi return 0 } + +crc64_file() { + source ./env/bin/activate + python3 -m pip install awscrt + if ! checksum=$(python3 -c "import sys;from awscrt import checksums;crc64nvme_value = checksums.crc64nvme(sys.argv[1]);print(crc64nvme_value)" "$1"); then + return 1 + fi + log 5 "checksum: $checksum" + deactivate +} diff --git a/tests/util/util_object.sh b/tests/util/util_object.sh index 12ea09a45..87e8a0401 100644 --- a/tests/util/util_object.sh +++ b/tests/util/util_object.sh @@ -297,12 +297,12 @@ list_and_check_directory_obj() { return 0 } -check_sha256_invalid_or_incorrect() { - if [ $# -ne 5 ]; then - log 2 "'check_sha256_invalid_or_incorrect' requires data file, bucket name, key, checksum, expected error" +check_checksum_invalid_or_incorrect() { + if [ $# -ne 6 ]; then + log 2 "'check_sha256_invalid_or_incorrect' requires data file, bucket name, key, checksum type, checksum, expected error" return 1 fi - if ! result=$(COMMAND_LOG="$COMMAND_LOG" DATA_FILE="$1" BUCKET_NAME="$2" OBJECT_KEY="$3" OUTPUT_FILE="$TEST_FILE_FOLDER/result.txt" CHECKSUM_TYPE="sha256" CHECKSUM="$4" ./tests/rest_scripts/put_object.sh 2>&1); then + if ! result=$(COMMAND_LOG="$COMMAND_LOG" DATA_FILE="$1" BUCKET_NAME="$2" OBJECT_KEY="$3" OUTPUT_FILE="$TEST_FILE_FOLDER/result.txt" CHECKSUM_TYPE="$4" CHECKSUM="$5" ./tests/rest_scripts/put_object.sh 2>&1); then log 2 "error: $result" return 1 fi @@ -310,7 +310,7 @@ check_sha256_invalid_or_incorrect() { log 2 "expected response code of '400', was '$result' (response: $(cat "$TEST_FILE_FOLDER/result.txt")" return 1 fi - if ! check_xml_element "$TEST_FILE_FOLDER/result.txt" "$5" "Error" "Message"; then + if ! check_xml_element "$TEST_FILE_FOLDER/result.txt" "$6" "Error" "Message"; then log 2 "xml error message mismatch" return 1 fi @@ -322,7 +322,8 @@ put_object_rest_checksum() { log 2 "'put_object_rest_sha256_checksum' requires data file, bucket name, key, checksum type" return 1 fi - if ! result=$(COMMAND_LOG="$COMMAND_LOG" DATA_FILE="$1" BUCKET_NAME="$2" OBJECT_KEY="$3" OUTPUT_FILE="$TEST_FILE_FOLDER/result.txt" CHECKSUM_TYPE="$4" ./tests/rest_scripts/put_object.sh 2>&1); then + # shellcheck disable=SC2097,SC2098 + if ! result=$(COMMAND_LOG="$COMMAND_LOG" DATA_FILE="$1" BUCKET_NAME="$2" OBJECT_KEY="$3" TEST_FILE_FOLDER="$TEST_FILE_FOLDER" OUTPUT_FILE="$TEST_FILE_FOLDER/result.txt" CHECKSUM_TYPE="$4" ./tests/rest_scripts/put_object.sh 2>&1); then log 2 "error: $result" return 1 fi @@ -339,7 +340,7 @@ put_object_rest_sha256_invalid() { log 2 "'put_object_rest_sha256_invalid' requires data file, bucket name, key" return 1 fi - if ! check_sha256_invalid_or_incorrect "$1" "$2" "$3" "dummy" "Value for x-amz-checksum-sha256 header is invalid."; then + if ! check_checksum_invalid_or_incorrect "$1" "$2" "$3" "sha256" "dummy" "Value for x-amz-checksum-sha256 header is invalid."; then log 2 "error checking checksum" return 1 fi @@ -357,7 +358,7 @@ put_object_rest_sha256_incorrect() { error_message="The sha256 you specified did not match the calculated checksum." fi incorrect_checksum="$(echo -n "dummy" | sha256sum | awk '{print $1}' | xxd -r -p | base64)" - if ! check_sha256_invalid_or_incorrect "$1" "$2" "$3" "$incorrect_checksum" "$error_message"; then + if ! check_checksum_invalid_or_incorrect "$1" "$2" "$3" "sha256" "$incorrect_checksum" "$error_message"; then log 2 "error checking checksum" return 1 fi @@ -379,3 +380,42 @@ put_object_rest_chunked_payload_type_without_content_length() { fi return 0 } + +put_object_rest_crc32_incorrect() { + if [ $# -ne 3 ]; then + log 2 "'put_object_rest_crc32_incorrect' requires data file, bucket name, key" + return 1 + fi + if [ "$DIRECT" == "true" ]; then + error_message="The CRC32 you specified did not match the calculated checksum." + else + error_message="The crc32 you specified did not match the calculated checksum." + fi + incorrect_checksum="$(echo -n "dummy" | gzip -c -1 | tail -c8 | od -t x4 -N 4 -A n | awk '{print $1}' | xxd -r -p | base64)" + if ! check_checksum_invalid_or_incorrect "$1" "$2" "$3" "crc32" "$incorrect_checksum" "$error_message"; then + log 2 "error checking checksum" + return 1 + fi + return 0 +} + +put_object_rest_crc64nvme_incorrect() { + if [ $# -ne 3 ]; then + log 2 "'put_object_rest_crc64nvme_incorrect' requires data file, bucket name, key" + return 1 + fi + if [ "$DIRECT" == "true" ]; then + error_message="The CRC64NVME you specified did not match the calculated checksum." + else + error_message="The crc64nvme you specified did not match the calculated checksum." + fi + if ! incorrect_checksum=$(DATA_FILE=<(echo -n "dummy") TEST_FILE_FOLDER="$TEST_FILE_FOLDER" ./tests/rest_scripts/calculate_crc64nvme.sh 2>&1); then + log 2 "error calculating checksum: $incorrect_checksum" + return 1 + fi + if ! check_checksum_invalid_or_incorrect "$1" "$2" "$3" "crc64nvme" "$incorrect_checksum" "$error_message"; then + log 2 "error checking checksum" + return 1 + fi + return 0 +} diff --git a/tests/util/util_policy.sh b/tests/util/util_policy.sh index 9b386868a..b59b61aae 100644 --- a/tests/util/util_policy.sh +++ b/tests/util/util_policy.sh @@ -42,6 +42,14 @@ check_for_empty_policy() { return 0 } +add_direct_user_to_principal() { + if [ "${principals[$idx]}" == "*" ]; then + modified_principal+="{\"AWS\": \"arn:aws:iam::$DIRECT_AWS_USER_ID:user/$DIRECT_S3_ROOT_ACCOUNT_NAME\"}" + else + modified_principal+="{\"AWS\": \"arn:aws:iam::$DIRECT_AWS_USER_ID:user/${principals[$idx]}\"}" + fi +} + get_modified_principal() { log 6 "get_modified_principal" if [ $# -ne 1 ]; then @@ -55,11 +63,7 @@ get_modified_principal() { fi for ((idx=0; idx<${#principals[@]}; idx++)); do if [ "$DIRECT" == "true" ]; then - if [ "${principals[$idx]}" == "*" ]; then - modified_principal+="{\"AWS\": \"arn:aws:iam::$DIRECT_AWS_USER_ID:user/$DIRECT_S3_ROOT_ACCOUNT_NAME\"}" - else - modified_principal+="{\"AWS\": \"arn:aws:iam::$DIRECT_AWS_USER_ID:user/${principals[$idx]}\"}" - fi + add_direct_user_to_principal else # shellcheck disable=SC2089 modified_principal+="\"${principals[$idx]}\""