diff --git a/test/functional/test_access_control.py b/test/functional/test_access_control.py index 78a4384416..a1cd42fdb1 100644 --- a/test/functional/test_access_control.py +++ b/test/functional/test_access_control.py @@ -20,6 +20,7 @@ import unittest import uuid from random import shuffle +from keystoneclient.v3 import client from nose import SkipTest from swiftclient import get_auth, http_connection @@ -1096,9 +1097,1873 @@ RBAC_OPTIONS_WITH_SERVICE_PREFIX = [ ] -class SwiftClient(object): - _tokens = {} +# A scenario of put for container ACL +ACL_PUT = [ + ('PUT', + None, + None, 'UUID', 'UUID', + {'X-Container-Read': 'test:tester3'}, + None, 'tester3', 'tester3', None, 403), + ('PUT', + None, + None, 'UUID', 'UUID', + {'X-Container-Read': 'test:%(tester3_id)s'}, + None, 'tester3', 'tester3', None, 403), + ('PUT', + None, + None, 'UUID', 'UUID', + {'X-Container-Read': '%(test_id)s:tester3'}, + None, 'tester3', 'tester3', None, 403), + ('PUT', + None, + None, 'UUID', 'UUID', + {'X-Container-Read': '%(test_id)s:%(tester3_id)s'}, + None, 'tester3', 'tester3', None, 403), + ('PUT', + None, + None, 'UUID', 'UUID', + {'X-Container-Read': 'test:tester2'}, + None, 'tester3', 'tester3', None, 403), + ('PUT', + None, + None, 'UUID', 'UUID', + {'X-Container-Read': 'test:*'}, + None, 'tester3', 'tester3', None, 403), + ('PUT', + None, + None, 'UUID', 'UUID', + {'X-Container-Read': 'test'}, + None, 'tester3', 'tester3', None, 403), + ('PUT', + None, + None, 'UUID', 'UUID', + {'X-Container-Read': '%(test_id)s'}, + None, 'tester3', 'tester3', None, 403), + ('PUT', + None, + None, 'UUID', 'UUID', + {'X-Container-Read': 'test2:tester3'}, + None, 'tester3', 'tester3', None, 403), + ('PUT', + None, + None, 'UUID', 'UUID', + {'X-Container-Read': 'test2:tester2'}, + None, 'tester3', 'tester3', None, 403), + ('PUT', + None, + None, 'UUID', 'UUID', + {'X-Container-Read': 'test2:*'}, + None, 'tester3', 'tester3', None, 403), + ('PUT', + None, + None, 'UUID', 'UUID', + {'X-Container-Read': 'test2'}, + None, 'tester3', 'tester3', None, 403), + ('PUT', + None, + None, 'UUID', 'UUID', + {'X-Container-Read': '*:tester3'}, + None, 'tester3', 'tester3', None, 403), + ('PUT', + None, + None, 'UUID', 'UUID', + {'X-Container-Read': '*:tester2'}, + None, 'tester3', 'tester3', None, 403), + ('PUT', + None, + None, 'UUID', 'UUID', + {'X-Container-Read': '*:*'}, + None, 'tester3', 'tester3', None, 403), + ('PUT', + None, + None, 'UUID', 'UUID', + {'X-Container-Read': '*'}, + None, 'tester3', 'tester3', None, 403), + ('PUT', + None, + None, 'UUID', 'UUID', + {'X-Container-Read': '.r:*'}, + None, 'tester3', 'tester3', None, 403), + ('PUT', + None, + None, 'UUID', 'UUID', + {'X-Container-Read': '.r:*,.rlistings'}, + None, 'tester3', 'tester3', None, 403), + ('PUT', + None, + None, 'UUID', 'UUID', + {'X-Container-Read': '.r:invalid.domain.com'}, + None, 'tester3', 'tester3', None, 403), + ('PUT', + None, + None, 'UUID', 'UUID', + {'X-Container-Read': '.r:invalid.domain.com,.rlistings'}, + None, 'tester3', 'tester3', None, 403), + ('PUT', + None, + None, 'UUID', 'UUID', + {'X-Container-Read': '.rlistings'}, + None, 'tester3', 'tester3', None, 403), + ('PUT', + None, + None, 'UUID', 'UUID', + {'X-Container-Write': 'test:tester3'}, + None, 'tester3', 'tester3', None, 201), + ('PUT', + None, + None, 'UUID', 'UUID', + {'X-Container-Write': 'test:%(tester3_id)s'}, + None, 'tester3', 'tester3', None, 201), + ('PUT', + None, + None, 'UUID', 'UUID', + {'X-Container-Write': '%(test_id)s:tester3'}, + None, 'tester3', 'tester3', None, 201), + ('PUT', + None, + None, 'UUID', 'UUID', + {'X-Container-Write': '%(test_id)s:%(tester3_id)s'}, + None, 'tester3', 'tester3', None, 201), + ('PUT', + None, + None, 'UUID', 'UUID', + {'X-Container-Write': 'test:tester2'}, + None, 'tester3', 'tester3', None, 403), + ('PUT', + None, + None, 'UUID', 'UUID', + {'X-Container-Write': 'test:*'}, + None, 'tester3', 'tester3', None, 201), + ('PUT', + None, + None, 'UUID', 'UUID', + {'X-Container-Write': 'test'}, + None, 'tester3', 'tester3', None, 403), + ('PUT', + None, + None, 'UUID', 'UUID', + {'X-Container-Write': '%(test_id)s'}, + None, 'tester3', 'tester3', None, 403), + ('PUT', + None, + None, 'UUID', 'UUID', + {'X-Container-Write': 'test2:tester3'}, + None, 'tester3', 'tester3', None, 403), + ('PUT', + None, + None, 'UUID', 'UUID', + {'X-Container-Write': 'test2:tester2'}, + None, 'tester3', 'tester3', None, 403), + ('PUT', + None, + None, 'UUID', 'UUID', + {'X-Container-Write': 'test2:*'}, + None, 'tester3', 'tester3', None, 403), + ('PUT', + None, + None, 'UUID', 'UUID', + {'X-Container-Write': 'test2'}, + None, 'tester3', 'tester3', None, 403), + ('PUT', + None, + None, 'UUID', 'UUID', + {'X-Container-Write': '*:tester3'}, + None, 'tester3', 'tester3', None, 201), + ('PUT', + None, + None, 'UUID', 'UUID', + {'X-Container-Write': '*:tester2'}, + None, 'tester3', 'tester3', None, 403), + ('PUT', + None, + None, 'UUID', 'UUID', + {'X-Container-Write': '*:*'}, + None, 'tester3', 'tester3', None, 201), + ('PUT', + None, + None, 'UUID', 'UUID', + {'X-Container-Write': '*'}, + None, 'tester3', 'tester3', None, 403), + ('PUT', + None, + None, 'UUID', 'UUID', + None, + None, 'tester3', 'tester3', None, 403) +] + +# A scenario of delete for container ACL +ACL_DELETE = [ + ('DELETE', + None, + None, 'UUID', 'UUID', + {'X-Container-Read': 'test:tester3'}, + None, 'tester3', 'tester3', None, 403), + ('DELETE', + None, + None, 'UUID', 'UUID', + {'X-Container-Read': 'test:%(tester3_id)s'}, + None, 'tester3', 'tester3', None, 403), + ('DELETE', + None, + None, 'UUID', 'UUID', + {'X-Container-Read': '%(test_id)s:tester3'}, + None, 'tester3', 'tester3', None, 403), + ('DELETE', + None, + None, 'UUID', 'UUID', + {'X-Container-Read': '%(test_id)s:%(tester3_id)s'}, + None, 'tester3', 'tester3', None, 403), + ('DELETE', + None, + None, 'UUID', 'UUID', + {'X-Container-Read': 'test:tester2'}, + None, 'tester3', 'tester3', None, 403), + ('DELETE', + None, + None, 'UUID', 'UUID', + {'X-Container-Read': 'test:*'}, + None, 'tester3', 'tester3', None, 403), + ('DELETE', + None, + None, 'UUID', 'UUID', + {'X-Container-Read': 'test'}, + None, 'tester3', 'tester3', None, 403), + ('DELETE', + None, + None, 'UUID', 'UUID', + {'X-Container-Read': '%(test_id)s'}, + None, 'tester3', 'tester3', None, 403), + ('DELETE', + None, + None, 'UUID', 'UUID', + {'X-Container-Read': 'test2:tester3'}, + None, 'tester3', 'tester3', None, 403), + ('DELETE', + None, + None, 'UUID', 'UUID', + {'X-Container-Read': 'test2:tester2'}, + None, 'tester3', 'tester3', None, 403), + ('DELETE', + None, + None, 'UUID', 'UUID', + {'X-Container-Read': 'test2:*'}, + None, 'tester3', 'tester3', None, 403), + ('DELETE', + None, + None, 'UUID', 'UUID', + {'X-Container-Read': 'test2'}, + None, 'tester3', 'tester3', None, 403), + ('DELETE', + None, + None, 'UUID', 'UUID', + {'X-Container-Read': '*:tester3'}, + None, 'tester3', 'tester3', None, 403), + ('DELETE', + None, + None, 'UUID', 'UUID', + {'X-Container-Read': '*:tester2'}, + None, 'tester3', 'tester3', None, 403), + ('DELETE', + None, + None, 'UUID', 'UUID', + {'X-Container-Read': '*:*'}, + None, 'tester3', 'tester3', None, 403), + ('DELETE', + None, + None, 'UUID', 'UUID', + {'X-Container-Read': '*'}, + None, 'tester3', 'tester3', None, 403), + ('DELETE', + None, + None, 'UUID', 'UUID', + {'X-Container-Read': '.r:*'}, + None, 'tester3', 'tester3', None, 403), + ('DELETE', + None, + None, 'UUID', 'UUID', + {'X-Container-Read': '.r:*,.rlistings'}, + None, 'tester3', 'tester3', None, 403), + ('DELETE', + None, + None, 'UUID', 'UUID', + {'X-Container-Read': '.r:invalid.domain.com'}, + None, 'tester3', 'tester3', None, 403), + ('DELETE', + None, + None, 'UUID', 'UUID', + {'X-Container-Read': '.r:invalid.domain.com,.rlistings'}, + None, 'tester3', 'tester3', None, 403), + ('DELETE', + None, + None, 'UUID', 'UUID', + {'X-Container-Read': '.rlistings'}, + None, 'tester3', 'tester3', None, 403), + ('DELETE', + None, + None, 'UUID', 'UUID', + {'X-Container-Write': 'test:tester3'}, + None, 'tester3', 'tester3', None, 204), + ('DELETE', + None, + None, 'UUID', 'UUID', + {'X-Container-Write': 'test:%(tester3_id)s'}, + None, 'tester3', 'tester3', None, 204), + ('DELETE', + None, + None, 'UUID', 'UUID', + {'X-Container-Write': '%(test_id)s:tester3'}, + None, 'tester3', 'tester3', None, 204), + ('DELETE', + None, + None, 'UUID', 'UUID', + {'X-Container-Write': '%(test_id)s:%(tester3_id)s'}, + None, 'tester3', 'tester3', None, 204), + ('DELETE', + None, + None, 'UUID', 'UUID', + {'X-Container-Write': 'test:tester2'}, + None, 'tester3', 'tester3', None, 403), + ('DELETE', + None, + None, 'UUID', 'UUID', + {'X-Container-Write': 'test:*'}, + None, 'tester3', 'tester3', None, 204), + ('DELETE', + None, + None, 'UUID', 'UUID', + {'X-Container-Write': 'test'}, + None, 'tester3', 'tester3', None, 403), + ('DELETE', + None, + None, 'UUID', 'UUID', + {'X-Container-Write': '%(test_id)s'}, + None, 'tester3', 'tester3', None, 403), + ('DELETE', + None, + None, 'UUID', 'UUID', + {'X-Container-Write': 'test2:tester3'}, + None, 'tester3', 'tester3', None, 403), + ('DELETE', + None, + None, 'UUID', 'UUID', + {'X-Container-Write': 'test2:tester2'}, + None, 'tester3', 'tester3', None, 403), + ('DELETE', + None, + None, 'UUID', 'UUID', + {'X-Container-Write': 'test2:*'}, + None, 'tester3', 'tester3', None, 403), + ('DELETE', + None, + None, 'UUID', 'UUID', + {'X-Container-Write': 'test2'}, + None, 'tester3', 'tester3', None, 403), + ('DELETE', + None, + None, 'UUID', 'UUID', + {'X-Container-Write': '*:tester3'}, + None, 'tester3', 'tester3', None, 204), + ('DELETE', + None, + None, 'UUID', 'UUID', + {'X-Container-Write': '*:tester2'}, + None, 'tester3', 'tester3', None, 403), + ('DELETE', + None, + None, 'UUID', 'UUID', + {'X-Container-Write': '*:*'}, + None, 'tester3', 'tester3', None, 204), + ('DELETE', + None, + None, 'UUID', 'UUID', + {'X-Container-Write': '*'}, + None, 'tester3', 'tester3', None, 403), + ('DELETE', + None, + None, 'UUID', 'UUID', + None, + None, 'tester3', 'tester3', None, 403) +] + + +# A scenario of get for container ACL +ACL_GET = [ + ('GET', + None, + None, 'UUID', None, + {'X-Container-Read': 'test:tester3'}, + None, 'tester3', 'tester3', None, 200), + ('GET', + None, + None, 'UUID', None, + {'X-Container-Read': 'test:%(tester3_id)s'}, + None, 'tester3', 'tester3', None, 200), + ('GET', + None, + None, 'UUID', None, + {'X-Container-Read': '%(test_id)s:tester3'}, + None, 'tester3', 'tester3', None, 200), + ('GET', + None, + None, 'UUID', None, + {'X-Container-Read': '%(test_id)s:%(tester3_id)s'}, + None, 'tester3', 'tester3', None, 200), + ('GET', + None, + None, 'UUID', None, + {'X-Container-Read': 'test:tester2'}, + None, 'tester3', 'tester3', None, 403), + ('GET', + None, + None, 'UUID', None, + {'X-Container-Read': 'test:*'}, + None, 'tester3', 'tester3', None, 200), + ('GET', + None, + None, 'UUID', None, + {'X-Container-Read': 'test'}, + None, 'tester3', 'tester3', None, 403), + ('GET', + None, + None, 'UUID', None, + {'X-Container-Read': '%(test_id)s'}, + None, 'tester3', 'tester3', None, 403), + ('GET', + None, + None, 'UUID', None, + {'X-Container-Read': 'test2:tester3'}, + None, 'tester3', 'tester3', None, 403), + ('GET', + None, + None, 'UUID', None, + {'X-Container-Read': 'test2:tester2'}, + None, 'tester3', 'tester3', None, 403), + ('GET', + None, + None, 'UUID', None, + {'X-Container-Read': 'test2:*'}, + None, 'tester3', 'tester3', None, 403), + ('GET', + None, + None, 'UUID', None, + {'X-Container-Read': 'test2'}, + None, 'tester3', 'tester3', None, 403), + ('GET', + None, + None, 'UUID', None, + {'X-Container-Read': '*:tester3'}, + None, 'tester3', 'tester3', None, 200), + ('GET', + None, + None, 'UUID', None, + {'X-Container-Read': '*:tester2'}, + None, 'tester3', 'tester3', None, 403), + ('GET', + None, + None, 'UUID', None, + {'X-Container-Read': '*:*'}, + None, 'tester3', 'tester3', None, 200), + ('GET', + None, + None, 'UUID', None, + {'X-Container-Read': '*'}, + None, 'tester3', 'tester3', None, 403), + ('GET', + None, + None, 'UUID', None, + {'X-Container-Read': '.r:*'}, + None, 'tester3', 'tester3', None, 403), + ('GET', + None, + None, 'UUID', None, + {'X-Container-Read': '.r:*,.rlistings'}, + None, 'tester3', 'tester3', None, 200), + ('GET', + None, + None, 'UUID', None, + {'X-Container-Read': '.r:invalid.domain.com'}, + None, 'tester3', 'tester3', None, 403), + ('GET', + None, + None, 'UUID', None, + {'X-Container-Read': '.r:invalid.domain.com,.rlistings'}, + None, 'tester3', 'tester3', None, 403), + ('GET', + None, + None, 'UUID', None, + {'X-Container-Read': '.rlistings'}, + None, 'tester3', 'tester3', None, 403), + ('GET', + None, + None, 'UUID', None, + {'X-Container-Write': 'test:tester3'}, + None, 'tester3', 'tester3', None, 403), + ('GET', + None, + None, 'UUID', None, + {'X-Container-Write': 'test:%(tester3_id)s'}, + None, 'tester3', 'tester3', None, 403), + ('GET', + None, + None, 'UUID', None, + {'X-Container-Write': '%(test_id)s:tester3'}, + None, 'tester3', 'tester3', None, 403), + ('GET', + None, + None, 'UUID', None, + {'X-Container-Write': '%(test_id)s:%(tester3_id)s'}, + None, 'tester3', 'tester3', None, 403), + ('GET', + None, + None, 'UUID', None, + {'X-Container-Write': 'test:tester2'}, + None, 'tester3', 'tester3', None, 403), + ('GET', + None, + None, 'UUID', None, + {'X-Container-Write': 'test:*'}, + None, 'tester3', 'tester3', None, 403), + ('GET', + None, + None, 'UUID', None, + {'X-Container-Write': 'test'}, + None, 'tester3', 'tester3', None, 403), + ('GET', + None, + None, 'UUID', None, + {'X-Container-Write': '%(test_id)s'}, + None, 'tester3', 'tester3', None, 403), + ('GET', + None, + None, 'UUID', None, + {'X-Container-Write': 'test2:tester3'}, + None, 'tester3', 'tester3', None, 403), + ('GET', + None, + None, 'UUID', None, + {'X-Container-Write': 'test2:tester2'}, + None, 'tester3', 'tester3', None, 403), + ('GET', + None, + None, 'UUID', None, + {'X-Container-Write': 'test2:*'}, + None, 'tester3', 'tester3', None, 403), + ('GET', + None, + None, 'UUID', None, + {'X-Container-Write': 'test2'}, + None, 'tester3', 'tester3', None, 403), + ('GET', + None, + None, 'UUID', None, + {'X-Container-Write': '*:tester3'}, + None, 'tester3', 'tester3', None, 403), + ('GET', + None, + None, 'UUID', None, + {'X-Container-Write': '*:tester2'}, + None, 'tester3', 'tester3', None, 403), + ('GET', + None, + None, 'UUID', None, + {'X-Container-Write': '*:*'}, + None, 'tester3', 'tester3', None, 403), + ('GET', + None, + None, 'UUID', None, + {'X-Container-Write': '*'}, + None, 'tester3', 'tester3', None, 403), + ('GET', + None, + None, 'UUID', None, + None, + None, 'tester3', 'tester3', None, 403), + ('GET', + None, + None, 'UUID', 'UUID', + {'X-Container-Read': 'test:tester3'}, + None, 'tester3', 'tester3', None, 200), + ('GET', + None, + None, 'UUID', 'UUID', + {'X-Container-Read': 'test:%(tester3_id)s'}, + None, 'tester3', 'tester3', None, 200), + ('GET', + None, + None, 'UUID', 'UUID', + {'X-Container-Read': '%(test_id)s:tester3'}, + None, 'tester3', 'tester3', None, 200), + ('GET', + None, + None, 'UUID', 'UUID', + {'X-Container-Read': '%(test_id)s:%(tester3_id)s'}, + None, 'tester3', 'tester3', None, 200), + ('GET', + None, + None, 'UUID', 'UUID', + {'X-Container-Read': 'test:tester2'}, + None, 'tester3', 'tester3', None, 403), + ('GET', + None, + None, 'UUID', 'UUID', + {'X-Container-Read': 'test:*'}, + None, 'tester3', 'tester3', None, 200), + ('GET', + None, + None, 'UUID', 'UUID', + {'X-Container-Read': 'test'}, + None, 'tester3', 'tester3', None, 403), + ('GET', + None, + None, 'UUID', 'UUID', + {'X-Container-Read': '%(test_id)s'}, + None, 'tester3', 'tester3', None, 403), + ('GET', + None, + None, 'UUID', 'UUID', + {'X-Container-Read': 'test2:tester3'}, + None, 'tester3', 'tester3', None, 403), + ('GET', + None, + None, 'UUID', 'UUID', + {'X-Container-Read': 'test2:tester2'}, + None, 'tester3', 'tester3', None, 403), + ('GET', + None, + None, 'UUID', 'UUID', + {'X-Container-Read': 'test2:*'}, + None, 'tester3', 'tester3', None, 403), + ('GET', + None, + None, 'UUID', 'UUID', + {'X-Container-Read': 'test2'}, + None, 'tester3', 'tester3', None, 403), + ('GET', + None, + None, 'UUID', 'UUID', + {'X-Container-Read': '*:tester3'}, + None, 'tester3', 'tester3', None, 200), + ('GET', + None, + None, 'UUID', 'UUID', + {'X-Container-Read': '*:tester2'}, + None, 'tester3', 'tester3', None, 403), + ('GET', + None, + None, 'UUID', 'UUID', + {'X-Container-Read': '*:*'}, + None, 'tester3', 'tester3', None, 200), + ('GET', + None, + None, 'UUID', 'UUID', + {'X-Container-Read': '*'}, + None, 'tester3', 'tester3', None, 403), + ('GET', + None, + None, 'UUID', 'UUID', + {'X-Container-Read': '.r:*'}, + None, 'tester3', 'tester3', None, 200), + ('GET', + None, + None, 'UUID', 'UUID', + {'X-Container-Read': '.r:*,.rlistings'}, + None, 'tester3', 'tester3', None, 200), + ('GET', + None, + None, 'UUID', 'UUID', + {'X-Container-Read': '.r:invalid.domain.com'}, + None, 'tester3', 'tester3', None, 403), + ('GET', + None, + None, 'UUID', 'UUID', + {'X-Container-Read': '.r:invalid.domain.com,.rlistings'}, + None, 'tester3', 'tester3', None, 403), + ('GET', + None, + None, 'UUID', 'UUID', + {'X-Container-Read': '.rlistings'}, + None, 'tester3', 'tester3', None, 403), + ('GET', + None, + None, 'UUID', 'UUID', + {'X-Container-Write': 'test:tester3'}, + None, 'tester3', 'tester3', None, 403), + ('GET', + None, + None, 'UUID', 'UUID', + {'X-Container-Write': 'test:%(tester3_id)s'}, + None, 'tester3', 'tester3', None, 403), + ('GET', + None, + None, 'UUID', 'UUID', + {'X-Container-Write': '%(test_id)s:tester3'}, + None, 'tester3', 'tester3', None, 403), + ('GET', + None, + None, 'UUID', 'UUID', + {'X-Container-Write': '%(test_id)s:%(tester3_id)s'}, + None, 'tester3', 'tester3', None, 403), + ('GET', + None, + None, 'UUID', 'UUID', + {'X-Container-Write': 'test:tester2'}, + None, 'tester3', 'tester3', None, 403), + ('GET', + None, + None, 'UUID', 'UUID', + {'X-Container-Write': 'test:*'}, + None, 'tester3', 'tester3', None, 403), + ('GET', + None, + None, 'UUID', 'UUID', + {'X-Container-Write': 'test'}, + None, 'tester3', 'tester3', None, 403), + ('GET', + None, + None, 'UUID', 'UUID', + {'X-Container-Write': '%(test_id)s'}, + None, 'tester3', 'tester3', None, 403), + ('GET', + None, + None, 'UUID', 'UUID', + {'X-Container-Write': 'test2:tester3'}, + None, 'tester3', 'tester3', None, 403), + ('GET', + None, + None, 'UUID', 'UUID', + {'X-Container-Write': 'test2:tester2'}, + None, 'tester3', 'tester3', None, 403), + ('GET', + None, + None, 'UUID', 'UUID', + {'X-Container-Write': 'test2:*'}, + None, 'tester3', 'tester3', None, 403), + ('GET', + None, + None, 'UUID', 'UUID', + {'X-Container-Write': 'test2'}, + None, 'tester3', 'tester3', None, 403), + ('GET', + None, + None, 'UUID', 'UUID', + {'X-Container-Write': '*:tester3'}, + None, 'tester3', 'tester3', None, 403), + ('GET', + None, + None, 'UUID', 'UUID', + {'X-Container-Write': '*:tester2'}, + None, 'tester3', 'tester3', None, 403), + ('GET', + None, + None, 'UUID', 'UUID', + {'X-Container-Write': '*:*'}, + None, 'tester3', 'tester3', None, 403), + ('GET', + None, + None, 'UUID', 'UUID', + {'X-Container-Write': '*'}, + None, 'tester3', 'tester3', None, 403), + ('GET', + None, + None, 'UUID', 'UUID', + None, + None, 'tester3', 'tester3', None, 403) +] + + +# A scenario of head for container ACL +ACL_HEAD = [ + ('HEAD', + None, + None, 'UUID', None, + {'X-Container-Read': 'test:tester3'}, + None, 'tester3', 'tester3', None, 204), + ('HEAD', + None, + None, 'UUID', None, + {'X-Container-Read': 'test:%(tester3_id)s'}, + None, 'tester3', 'tester3', None, 204), + ('HEAD', + None, + None, 'UUID', None, + {'X-Container-Read': '%(test_id)s:tester3'}, + None, 'tester3', 'tester3', None, 204), + ('HEAD', + None, + None, 'UUID', None, + {'X-Container-Read': '%(test_id)s:%(tester3_id)s'}, + None, 'tester3', 'tester3', None, 204), + ('HEAD', + None, + None, 'UUID', None, + {'X-Container-Read': 'test:tester2'}, + None, 'tester3', 'tester3', None, 403), + ('HEAD', + None, + None, 'UUID', None, + {'X-Container-Read': 'test:*'}, + None, 'tester3', 'tester3', None, 204), + ('HEAD', + None, + None, 'UUID', None, + {'X-Container-Read': 'test'}, + None, 'tester3', 'tester3', None, 403), + ('HEAD', + None, + None, 'UUID', None, + {'X-Container-Read': '%(test_id)s'}, + None, 'tester3', 'tester3', None, 403), + ('HEAD', + None, + None, 'UUID', None, + {'X-Container-Read': 'test2:tester3'}, + None, 'tester3', 'tester3', None, 403), + ('HEAD', + None, + None, 'UUID', None, + {'X-Container-Read': 'test2:tester2'}, + None, 'tester3', 'tester3', None, 403), + ('HEAD', + None, + None, 'UUID', None, + {'X-Container-Read': 'test2:*'}, + None, 'tester3', 'tester3', None, 403), + ('HEAD', + None, + None, 'UUID', None, + {'X-Container-Read': 'test2'}, + None, 'tester3', 'tester3', None, 403), + ('HEAD', + None, + None, 'UUID', None, + {'X-Container-Read': '*:tester3'}, + None, 'tester3', 'tester3', None, 204), + ('HEAD', + None, + None, 'UUID', None, + {'X-Container-Read': '*:tester2'}, + None, 'tester3', 'tester3', None, 403), + ('HEAD', + None, + None, 'UUID', None, + {'X-Container-Read': '*:*'}, + None, 'tester3', 'tester3', None, 204), + ('HEAD', + None, + None, 'UUID', None, + {'X-Container-Read': '*'}, + None, 'tester3', 'tester3', None, 403), + ('HEAD', + None, + None, 'UUID', None, + {'X-Container-Read': '.r:*'}, + None, 'tester3', 'tester3', None, 403), + ('HEAD', + None, + None, 'UUID', None, + {'X-Container-Read': '.r:*,.rlistings'}, + None, 'tester3', 'tester3', None, 204), + ('HEAD', + None, + None, 'UUID', None, + {'X-Container-Read': '.r:invalid.domain.com'}, + None, 'tester3', 'tester3', None, 403), + ('HEAD', + None, + None, 'UUID', None, + {'X-Container-Read': '.r:invalid.domain.com,.rlistings'}, + None, 'tester3', 'tester3', None, 403), + ('HEAD', + None, + None, 'UUID', None, + {'X-Container-Read': '.rlistings'}, + None, 'tester3', 'tester3', None, 403), + ('HEAD', + None, + None, 'UUID', None, + {'X-Container-Write': 'test:tester3'}, + None, 'tester3', 'tester3', None, 403), + ('HEAD', + None, + None, 'UUID', None, + {'X-Container-Write': 'test:%(tester3_id)s'}, + None, 'tester3', 'tester3', None, 403), + ('HEAD', + None, + None, 'UUID', None, + {'X-Container-Write': '%(test_id)s:tester3'}, + None, 'tester3', 'tester3', None, 403), + ('HEAD', + None, + None, 'UUID', None, + {'X-Container-Write': '%(test_id)s:%(tester3_id)s'}, + None, 'tester3', 'tester3', None, 403), + ('HEAD', + None, + None, 'UUID', None, + {'X-Container-Write': 'test:tester2'}, + None, 'tester3', 'tester3', None, 403), + ('HEAD', + None, + None, 'UUID', None, + {'X-Container-Write': 'test:*'}, + None, 'tester3', 'tester3', None, 403), + ('HEAD', + None, + None, 'UUID', None, + {'X-Container-Write': 'test'}, + None, 'tester3', 'tester3', None, 403), + ('HEAD', + None, + None, 'UUID', None, + {'X-Container-Write': '%(test_id)s'}, + None, 'tester3', 'tester3', None, 403), + ('HEAD', + None, + None, 'UUID', None, + {'X-Container-Write': 'test2:tester3'}, + None, 'tester3', 'tester3', None, 403), + ('HEAD', + None, + None, 'UUID', None, + {'X-Container-Write': 'test2:tester2'}, + None, 'tester3', 'tester3', None, 403), + ('HEAD', + None, + None, 'UUID', None, + {'X-Container-Write': 'test2:*'}, + None, 'tester3', 'tester3', None, 403), + ('HEAD', + None, + None, 'UUID', None, + {'X-Container-Write': 'test2'}, + None, 'tester3', 'tester3', None, 403), + ('HEAD', + None, + None, 'UUID', None, + {'X-Container-Write': '*:tester3'}, + None, 'tester3', 'tester3', None, 403), + ('HEAD', + None, + None, 'UUID', None, + {'X-Container-Write': '*:tester2'}, + None, 'tester3', 'tester3', None, 403), + ('HEAD', + None, + None, 'UUID', None, + {'X-Container-Write': '*:*'}, + None, 'tester3', 'tester3', None, 403), + ('HEAD', + None, + None, 'UUID', None, + {'X-Container-Write': '*'}, + None, 'tester3', 'tester3', None, 403), + ('HEAD', + None, + None, 'UUID', None, + None, + None, 'tester3', 'tester3', None, 403), + ('HEAD', + None, + None, 'UUID', 'UUID', + {'X-Container-Read': 'test:tester3'}, + None, 'tester3', 'tester3', None, 200), + ('HEAD', + None, + None, 'UUID', 'UUID', + {'X-Container-Read': 'test:%(tester3_id)s'}, + None, 'tester3', 'tester3', None, 200), + ('HEAD', + None, + None, 'UUID', 'UUID', + {'X-Container-Read': '%(test_id)s:tester3'}, + None, 'tester3', 'tester3', None, 200), + ('HEAD', + None, + None, 'UUID', 'UUID', + {'X-Container-Read': '%(test_id)s:%(tester3_id)s'}, + None, 'tester3', 'tester3', None, 200), + ('HEAD', + None, + None, 'UUID', 'UUID', + {'X-Container-Read': 'test:tester2'}, + None, 'tester3', 'tester3', None, 403), + ('HEAD', + None, + None, 'UUID', 'UUID', + {'X-Container-Read': 'test:*'}, + None, 'tester3', 'tester3', None, 200), + ('HEAD', + None, + None, 'UUID', 'UUID', + {'X-Container-Read': 'test'}, + None, 'tester3', 'tester3', None, 403), + ('HEAD', + None, + None, 'UUID', 'UUID', + {'X-Container-Read': '%(test_id)s'}, + None, 'tester3', 'tester3', None, 403), + ('HEAD', + None, + None, 'UUID', 'UUID', + {'X-Container-Read': 'test2:tester3'}, + None, 'tester3', 'tester3', None, 403), + ('HEAD', + None, + None, 'UUID', 'UUID', + {'X-Container-Read': 'test2:tester2'}, + None, 'tester3', 'tester3', None, 403), + ('HEAD', + None, + None, 'UUID', 'UUID', + {'X-Container-Read': 'test2:*'}, + None, 'tester3', 'tester3', None, 403), + ('HEAD', + None, + None, 'UUID', 'UUID', + {'X-Container-Read': 'test2'}, + None, 'tester3', 'tester3', None, 403), + ('HEAD', + None, + None, 'UUID', 'UUID', + {'X-Container-Read': '*:tester3'}, + None, 'tester3', 'tester3', None, 200), + ('HEAD', + None, + None, 'UUID', 'UUID', + {'X-Container-Read': '*:tester2'}, + None, 'tester3', 'tester3', None, 403), + ('HEAD', + None, + None, 'UUID', 'UUID', + {'X-Container-Read': '*:*'}, + None, 'tester3', 'tester3', None, 200), + ('HEAD', + None, + None, 'UUID', 'UUID', + {'X-Container-Read': '*'}, + None, 'tester3', 'tester3', None, 403), + ('HEAD', + None, + None, 'UUID', 'UUID', + {'X-Container-Read': '.r:*'}, + None, 'tester3', 'tester3', None, 200), + ('HEAD', + None, + None, 'UUID', 'UUID', + {'X-Container-Read': '.r:*,.rlistings'}, + None, 'tester3', 'tester3', None, 200), + ('HEAD', + None, + None, 'UUID', 'UUID', + {'X-Container-Read': '.r:invalid.domain.com'}, + None, 'tester3', 'tester3', None, 403), + ('HEAD', + None, + None, 'UUID', 'UUID', + {'X-Container-Read': '.r:invalid.domain.com,.rlistings'}, + None, 'tester3', 'tester3', None, 403), + ('HEAD', + None, + None, 'UUID', 'UUID', + {'X-Container-Read': '.rlistings'}, + None, 'tester3', 'tester3', None, 403), + ('HEAD', + None, + None, 'UUID', 'UUID', + {'X-Container-Write': 'test:tester3'}, + None, 'tester3', 'tester3', None, 403), + ('HEAD', + None, + None, 'UUID', 'UUID', + {'X-Container-Write': 'test:%(tester3_id)s'}, + None, 'tester3', 'tester3', None, 403), + ('HEAD', + None, + None, 'UUID', 'UUID', + {'X-Container-Write': '%(test_id)s:tester3'}, + None, 'tester3', 'tester3', None, 403), + ('HEAD', + None, + None, 'UUID', 'UUID', + {'X-Container-Write': '%(test_id)s:%(tester3_id)s'}, + None, 'tester3', 'tester3', None, 403), + ('HEAD', + None, + None, 'UUID', 'UUID', + {'X-Container-Write': 'test:tester2'}, + None, 'tester3', 'tester3', None, 403), + ('HEAD', + None, + None, 'UUID', 'UUID', + {'X-Container-Write': 'test:*'}, + None, 'tester3', 'tester3', None, 403), + ('HEAD', + None, + None, 'UUID', 'UUID', + {'X-Container-Write': 'test'}, + None, 'tester3', 'tester3', None, 403), + ('HEAD', + None, + None, 'UUID', 'UUID', + {'X-Container-Write': '%(test_id)s'}, + None, 'tester3', 'tester3', None, 403), + ('HEAD', + None, + None, 'UUID', 'UUID', + {'X-Container-Write': 'test2:tester3'}, + None, 'tester3', 'tester3', None, 403), + ('HEAD', + None, + None, 'UUID', 'UUID', + {'X-Container-Write': 'test2:tester2'}, + None, 'tester3', 'tester3', None, 403), + ('HEAD', + None, + None, 'UUID', 'UUID', + {'X-Container-Write': 'test2:*'}, + None, 'tester3', 'tester3', None, 403), + ('HEAD', + None, + None, 'UUID', 'UUID', + {'X-Container-Write': 'test2'}, + None, 'tester3', 'tester3', None, 403), + ('HEAD', + None, + None, 'UUID', 'UUID', + {'X-Container-Write': '*:tester3'}, + None, 'tester3', 'tester3', None, 403), + ('HEAD', + None, + None, 'UUID', 'UUID', + {'X-Container-Write': '*:tester2'}, + None, 'tester3', 'tester3', None, 403), + ('HEAD', + None, + None, 'UUID', 'UUID', + {'X-Container-Write': '*:*'}, + None, 'tester3', 'tester3', None, 403), + ('HEAD', + None, + None, 'UUID', 'UUID', + {'X-Container-Write': '*'}, + None, 'tester3', 'tester3', None, 403), + ('HEAD', + None, + None, 'UUID', 'UUID', + None, + None, 'tester3', 'tester3', None, 403) +] + + +# A scenario of post for container ACL +ACL_POST = [ + ('POST', + None, + None, 'UUID', 'UUID', + {'X-Container-Read': 'test:tester3'}, + None, 'tester3', 'tester3', None, 403), + ('POST', + None, + None, 'UUID', 'UUID', + {'X-Container-Read': 'test:%(tester3_id)s'}, + None, 'tester3', 'tester3', None, 403), + ('POST', + None, + None, 'UUID', 'UUID', + {'X-Container-Read': '%(test_id)s:tester3'}, + None, 'tester3', 'tester3', None, 403), + ('POST', + None, + None, 'UUID', 'UUID', + {'X-Container-Read': '%(test_id)s:%(tester3_id)s'}, + None, 'tester3', 'tester3', None, 403), + ('POST', + None, + None, 'UUID', 'UUID', + {'X-Container-Read': 'test:tester2'}, + None, 'tester3', 'tester3', None, 403), + ('POST', + None, + None, 'UUID', 'UUID', + {'X-Container-Read': 'test:*'}, + None, 'tester3', 'tester3', None, 403), + ('POST', + None, + None, 'UUID', 'UUID', + {'X-Container-Read': 'test'}, + None, 'tester3', 'tester3', None, 403), + ('POST', + None, + None, 'UUID', 'UUID', + {'X-Container-Read': '%(test_id)s'}, + None, 'tester3', 'tester3', None, 403), + ('POST', + None, + None, 'UUID', 'UUID', + {'X-Container-Read': 'test2:tester3'}, + None, 'tester3', 'tester3', None, 403), + ('POST', + None, + None, 'UUID', 'UUID', + {'X-Container-Read': 'test2:tester2'}, + None, 'tester3', 'tester3', None, 403), + ('POST', + None, + None, 'UUID', 'UUID', + {'X-Container-Read': 'test2:*'}, + None, 'tester3', 'tester3', None, 403), + ('POST', + None, + None, 'UUID', 'UUID', + {'X-Container-Read': 'test2'}, + None, 'tester3', 'tester3', None, 403), + ('POST', + None, + None, 'UUID', 'UUID', + {'X-Container-Read': '*:tester3'}, + None, 'tester3', 'tester3', None, 403), + ('POST', + None, + None, 'UUID', 'UUID', + {'X-Container-Read': '*:tester2'}, + None, 'tester3', 'tester3', None, 403), + ('POST', + None, + None, 'UUID', 'UUID', + {'X-Container-Read': '*:*'}, + None, 'tester3', 'tester3', None, 403), + ('POST', + None, + None, 'UUID', 'UUID', + {'X-Container-Read': '*'}, + None, 'tester3', 'tester3', None, 403), + ('POST', + None, + None, 'UUID', 'UUID', + {'X-Container-Read': '.r:*'}, + None, 'tester3', 'tester3', None, 403), + ('POST', + None, + None, 'UUID', 'UUID', + {'X-Container-Read': '.r:*,.rlistings'}, + None, 'tester3', 'tester3', None, 403), + ('POST', + None, + None, 'UUID', 'UUID', + {'X-Container-Read': '.r:invalid.domain.com'}, + None, 'tester3', 'tester3', None, 403), + ('POST', + None, + None, 'UUID', 'UUID', + {'X-Container-Read': '.r:invalid.domain.com,.rlistings'}, + None, 'tester3', 'tester3', None, 403), + ('POST', + None, + None, 'UUID', 'UUID', + {'X-Container-Read': '.rlistings'}, + None, 'tester3', 'tester3', None, 403), + ('POST', + None, + None, 'UUID', 'UUID', + {'X-Container-Write': 'test:tester3'}, + None, 'tester3', 'tester3', None, 202), + ('POST', + None, + None, 'UUID', 'UUID', + {'X-Container-Write': 'test:%(tester3_id)s'}, + None, 'tester3', 'tester3', None, 202), + ('POST', + None, + None, 'UUID', 'UUID', + {'X-Container-Write': '%(test_id)s:tester3'}, + None, 'tester3', 'tester3', None, 202), + ('POST', + None, + None, 'UUID', 'UUID', + {'X-Container-Write': '%(test_id)s:%(tester3_id)s'}, + None, 'tester3', 'tester3', None, 202), + ('POST', + None, + None, 'UUID', 'UUID', + {'X-Container-Write': 'test:tester2'}, + None, 'tester3', 'tester3', None, 403), + ('POST', + None, + None, 'UUID', 'UUID', + {'X-Container-Write': 'test:*'}, + None, 'tester3', 'tester3', None, 202), + ('POST', + None, + None, 'UUID', 'UUID', + {'X-Container-Write': 'test'}, + None, 'tester3', 'tester3', None, 403), + ('POST', + None, + None, 'UUID', 'UUID', + {'X-Container-Write': '%(test_id)s'}, + None, 'tester3', 'tester3', None, 403), + ('POST', + None, + None, 'UUID', 'UUID', + {'X-Container-Write': 'test2:tester3'}, + None, 'tester3', 'tester3', None, 403), + ('POST', + None, + None, 'UUID', 'UUID', + {'X-Container-Write': 'test2:tester2'}, + None, 'tester3', 'tester3', None, 403), + ('POST', + None, + None, 'UUID', 'UUID', + {'X-Container-Write': 'test2:*'}, + None, 'tester3', 'tester3', None, 403), + ('POST', + None, + None, 'UUID', 'UUID', + {'X-Container-Write': 'test2'}, + None, 'tester3', 'tester3', None, 403), + ('POST', + None, + None, 'UUID', 'UUID', + {'X-Container-Write': '*:tester3'}, + None, 'tester3', 'tester3', None, 202), + ('POST', + None, + None, 'UUID', 'UUID', + {'X-Container-Write': '*:tester2'}, + None, 'tester3', 'tester3', None, 403), + ('POST', + None, + None, 'UUID', 'UUID', + {'X-Container-Write': '*:*'}, + None, 'tester3', 'tester3', None, 202), + ('POST', + None, + None, 'UUID', 'UUID', + {'X-Container-Write': '*'}, + None, 'tester3', 'tester3', None, 403), + ('POST', + None, + None, 'UUID', 'UUID', + None, + None, 'tester3', 'tester3', None, 403), + ('POST', + None, + None, 'UUID', 'UUID', + {'X-Container-Read': 'test', + 'X-Container-Write': 'test:tester3'}, + None, 'tester3', 'tester3', None, 202), + ('POST', + None, + None, 'UUID', 'UUID', + {'X-Container-Read': 'test:tester3', + 'X-Container-Write': 'test:tester3'}, + None, 'tester3', 'tester3', None, 202), + ('POST', + None, + None, 'UUID', 'UUID', + {'X-Container-Read': 'test:tester2', + 'X-Container-Write': 'test:tester3'}, + None, 'tester3', 'tester3', None, 202), + ('POST', + None, + None, 'UUID', 'UUID', + {'X-Container-Read': 'test:%(tester3_id)s', + 'X-Container-Write': 'test:tester3'}, + None, 'tester3', 'tester3', None, 202), + ('POST', + None, + None, 'UUID', 'UUID', + {'X-Container-Read': 'test:*', + 'X-Container-Write': 'test:tester3'}, + None, 'tester3', 'tester3', None, 202), + ('POST', + None, + None, 'UUID', 'UUID', + {'X-Container-Read': 'test2', + 'X-Container-Write': 'test:tester3'}, + None, 'tester3', 'tester3', None, 202), + ('POST', + None, + None, 'UUID', 'UUID', + {'X-Container-Read': 'test2:tester3', + 'X-Container-Write': 'test:tester3'}, + None, 'tester3', 'tester3', None, 202), + ('POST', + None, + None, 'UUID', 'UUID', + {'X-Container-Read': 'test2:tester2', + 'X-Container-Write': 'test:tester3'}, + None, 'tester3', 'tester3', None, 202), + ('POST', + None, + None, 'UUID', 'UUID', + {'X-Container-Read': 'test2:*', + 'X-Container-Write': 'test:tester3'}, + None, 'tester3', 'tester3', None, 202), + ('POST', + None, + None, 'UUID', 'UUID', + {'X-Container-Read': '%(test_id)s', + 'X-Container-Write': 'test:tester3'}, + None, 'tester3', 'tester3', None, 202), + ('POST', + None, + None, 'UUID', 'UUID', + {'X-Container-Read': '%(test_id)s:tester3', + 'X-Container-Write': 'test:tester3'}, + None, 'tester3', 'tester3', None, 202), + ('POST', + None, + None, 'UUID', 'UUID', + {'X-Container-Read': '%(test_id)s:%(tester3_id)s', + 'X-Container-Write': 'test:tester3'}, + None, 'tester3', 'tester3', None, 202), + ('POST', + None, + None, 'UUID', 'UUID', + {'X-Container-Read': '*', + 'X-Container-Write': 'test:tester3'}, + None, 'tester3', 'tester3', None, 202), + ('POST', + None, + None, 'UUID', 'UUID', + {'X-Container-Read': '*:tester3', + 'X-Container-Write': 'test:tester3'}, + None, 'tester3', 'tester3', None, 202), + ('POST', + None, + None, 'UUID', 'UUID', + {'X-Container-Read': '*:tester2', + 'X-Container-Write': 'test:tester3'}, + None, 'tester3', 'tester3', None, 202), + ('POST', + None, + None, 'UUID', 'UUID', + {'X-Container-Read': '*:*', + 'X-Container-Write': 'test:tester3'}, + None, 'tester3', 'tester3', None, 202), + ('POST', + None, + None, 'UUID', 'UUID', + {'X-Container-Read': '.rlistings', + 'X-Container-Write': 'test:tester3'}, + None, 'tester3', 'tester3', None, 202), + ('POST', + None, + None, 'UUID', 'UUID', + {'X-Container-Read': '.r:*', + 'X-Container-Write': 'test:tester3'}, + None, 'tester3', 'tester3', None, 202), + ('POST', + None, + None, 'UUID', 'UUID', + {'X-Container-Read': '.r:*,.rlistings', + 'X-Container-Write': 'test:tester3'}, + None, 'tester3', 'tester3', None, 202), + ('POST', + None, + None, 'UUID', 'UUID', + {'X-Container-Read': '.r:invalid.domain.com', + 'X-Container-Write': 'test:tester3'}, + None, 'tester3', 'tester3', None, 202), + ('POST', + None, + None, 'UUID', 'UUID', + {'X-Container-Read': '.r:invalid.domain.com,.rlistings', + 'X-Container-Write': 'test:tester3'}, + None, 'tester3', 'tester3', None, 202) +] + + +# A scenario of options for container ACL +ACL_OPTIONS = [ + ('OPTIONS', + None, + None, 'UUID', None, + {'X-Container-Read': 'test:tester3'}, + None, 'tester3', 'tester3', None, 200), + ('OPTIONS', + None, + None, 'UUID', None, + {'X-Container-Read': 'test:%(tester3_id)s'}, + None, 'tester3', 'tester3', None, 200), + ('OPTIONS', + None, + None, 'UUID', None, + {'X-Container-Read': '%(test_id)s:tester3'}, + None, 'tester3', 'tester3', None, 200), + ('OPTIONS', + None, + None, 'UUID', None, + {'X-Container-Read': '%(test_id)s:%(tester3_id)s'}, + None, 'tester3', 'tester3', None, 200), + ('OPTIONS', + None, + None, 'UUID', None, + {'X-Container-Read': 'test:tester2'}, + None, 'tester3', 'tester3', None, 200), + ('OPTIONS', + None, + None, 'UUID', None, + {'X-Container-Read': 'test:*'}, + None, 'tester3', 'tester3', None, 200), + ('OPTIONS', + None, + None, 'UUID', None, + {'X-Container-Read': 'test'}, + None, 'tester3', 'tester3', None, 200), + ('OPTIONS', + None, + None, 'UUID', None, + {'X-Container-Read': '%(test_id)s'}, + None, 'tester3', 'tester3', None, 200), + ('OPTIONS', + None, + None, 'UUID', None, + {'X-Container-Read': 'test2:tester3'}, + None, 'tester3', 'tester3', None, 200), + ('OPTIONS', + None, + None, 'UUID', None, + {'X-Container-Read': 'test2:tester2'}, + None, 'tester3', 'tester3', None, 200), + ('OPTIONS', + None, + None, 'UUID', None, + {'X-Container-Read': 'test2:*'}, + None, 'tester3', 'tester3', None, 200), + ('OPTIONS', + None, + None, 'UUID', None, + {'X-Container-Read': 'test2'}, + None, 'tester3', 'tester3', None, 200), + ('OPTIONS', + None, + None, 'UUID', None, + {'X-Container-Read': '*:tester3'}, + None, 'tester3', 'tester3', None, 200), + ('OPTIONS', + None, + None, 'UUID', None, + {'X-Container-Read': '*:tester2'}, + None, 'tester3', 'tester3', None, 200), + ('OPTIONS', + None, + None, 'UUID', None, + {'X-Container-Read': '*:*'}, + None, 'tester3', 'tester3', None, 200), + ('OPTIONS', + None, + None, 'UUID', None, + {'X-Container-Read': '*'}, + None, 'tester3', 'tester3', None, 200), + ('OPTIONS', + None, + None, 'UUID', None, + {'X-Container-Read': '.r:*'}, + None, 'tester3', 'tester3', None, 200), + ('OPTIONS', + None, + None, 'UUID', None, + {'X-Container-Read': '.r:*,.rlistings'}, + None, 'tester3', 'tester3', None, 200), + ('OPTIONS', + None, + None, 'UUID', None, + {'X-Container-Read': '.r:invalid.domain.com'}, + None, 'tester3', 'tester3', None, 200), + ('OPTIONS', + None, + None, 'UUID', None, + {'X-Container-Read': '.r:invalid.domain.com,.rlistings'}, + None, 'tester3', 'tester3', None, 200), + ('OPTIONS', + None, + None, 'UUID', None, + {'X-Container-Read': '.rlistings'}, + None, 'tester3', 'tester3', None, 200), + ('OPTIONS', + None, + None, 'UUID', None, + {'X-Container-Write': 'test:tester3'}, + None, 'tester3', 'tester3', None, 200), + ('OPTIONS', + None, + None, 'UUID', None, + {'X-Container-Write': 'test:%(tester3_id)s'}, + None, 'tester3', 'tester3', None, 200), + ('OPTIONS', + None, + None, 'UUID', None, + {'X-Container-Write': '%(test_id)s:tester3'}, + None, 'tester3', 'tester3', None, 200), + ('OPTIONS', + None, + None, 'UUID', None, + {'X-Container-Write': '%(test_id)s:%(tester3_id)s'}, + None, 'tester3', 'tester3', None, 200), + ('OPTIONS', + None, + None, 'UUID', None, + {'X-Container-Write': 'test:tester2'}, + None, 'tester3', 'tester3', None, 200), + ('OPTIONS', + None, + None, 'UUID', None, + {'X-Container-Write': 'test:*'}, + None, 'tester3', 'tester3', None, 200), + ('OPTIONS', + None, + None, 'UUID', None, + {'X-Container-Write': 'test'}, + None, 'tester3', 'tester3', None, 200), + ('OPTIONS', + None, + None, 'UUID', None, + {'X-Container-Write': '%(test_id)s'}, + None, 'tester3', 'tester3', None, 200), + ('OPTIONS', + None, + None, 'UUID', None, + {'X-Container-Write': 'test2:tester3'}, + None, 'tester3', 'tester3', None, 200), + ('OPTIONS', + None, + None, 'UUID', None, + {'X-Container-Write': 'test2:tester2'}, + None, 'tester3', 'tester3', None, 200), + ('OPTIONS', + None, + None, 'UUID', None, + {'X-Container-Write': 'test2:*'}, + None, 'tester3', 'tester3', None, 200), + ('OPTIONS', + None, + None, 'UUID', None, + {'X-Container-Write': 'test2'}, + None, 'tester3', 'tester3', None, 200), + ('OPTIONS', + None, + None, 'UUID', None, + {'X-Container-Write': '*:tester3'}, + None, 'tester3', 'tester3', None, 200), + ('OPTIONS', + None, + None, 'UUID', None, + {'X-Container-Write': '*:tester2'}, + None, 'tester3', 'tester3', None, 200), + ('OPTIONS', + None, + None, 'UUID', None, + {'X-Container-Write': '*:*'}, + None, 'tester3', 'tester3', None, 200), + ('OPTIONS', + None, + None, 'UUID', None, + {'X-Container-Write': '*'}, + None, 'tester3', 'tester3', None, 200), + ('OPTIONS', + None, + None, 'UUID', None, + None, + None, 'tester3', 'tester3', None, 200), + ('OPTIONS', + None, + None, 'UUID', 'UUID', + {'X-Container-Read': 'test:tester3'}, + None, 'tester3', 'tester3', None, 200), + ('OPTIONS', + None, + None, 'UUID', 'UUID', + {'X-Container-Read': 'test:%(tester3_id)s'}, + None, 'tester3', 'tester3', None, 200), + ('OPTIONS', + None, + None, 'UUID', 'UUID', + {'X-Container-Read': '%(test_id)s:tester3'}, + None, 'tester3', 'tester3', None, 200), + ('OPTIONS', + None, + None, 'UUID', 'UUID', + {'X-Container-Read': '%(test_id)s:%(tester3_id)s'}, + None, 'tester3', 'tester3', None, 200), + ('OPTIONS', + None, + None, 'UUID', 'UUID', + {'X-Container-Read': 'test:tester2'}, + None, 'tester3', 'tester3', None, 200), + ('OPTIONS', + None, + None, 'UUID', 'UUID', + {'X-Container-Read': 'test:*'}, + None, 'tester3', 'tester3', None, 200), + ('OPTIONS', + None, + None, 'UUID', 'UUID', + {'X-Container-Read': 'test'}, + None, 'tester3', 'tester3', None, 200), + ('OPTIONS', + None, + None, 'UUID', 'UUID', + {'X-Container-Read': '%(test_id)s'}, + None, 'tester3', 'tester3', None, 200), + ('OPTIONS', + None, + None, 'UUID', 'UUID', + {'X-Container-Read': 'test2:tester3'}, + None, 'tester3', 'tester3', None, 200), + ('OPTIONS', + None, + None, 'UUID', 'UUID', + {'X-Container-Read': 'test2:tester2'}, + None, 'tester3', 'tester3', None, 200), + ('OPTIONS', + None, + None, 'UUID', 'UUID', + {'X-Container-Read': 'test2:*'}, + None, 'tester3', 'tester3', None, 200), + ('OPTIONS', + None, + None, 'UUID', 'UUID', + {'X-Container-Read': 'test2'}, + None, 'tester3', 'tester3', None, 200), + ('OPTIONS', + None, + None, 'UUID', 'UUID', + {'X-Container-Read': '*:tester3'}, + None, 'tester3', 'tester3', None, 200), + ('OPTIONS', + None, + None, 'UUID', 'UUID', + {'X-Container-Read': '*:tester2'}, + None, 'tester3', 'tester3', None, 200), + ('OPTIONS', + None, + None, 'UUID', 'UUID', + {'X-Container-Read': '*:*'}, + None, 'tester3', 'tester3', None, 200), + ('OPTIONS', + None, + None, 'UUID', 'UUID', + {'X-Container-Read': '*'}, + None, 'tester3', 'tester3', None, 200), + ('OPTIONS', + None, + None, 'UUID', 'UUID', + {'X-Container-Read': '.r:*'}, + None, 'tester3', 'tester3', None, 200), + ('OPTIONS', + None, + None, 'UUID', 'UUID', + {'X-Container-Read': '.r:*,.rlistings'}, + None, 'tester3', 'tester3', None, 200), + ('OPTIONS', + None, + None, 'UUID', 'UUID', + {'X-Container-Read': '.r:invalid.domain.com'}, + None, 'tester3', 'tester3', None, 200), + ('OPTIONS', + None, + None, 'UUID', 'UUID', + {'X-Container-Read': '.r:invalid.domain.com,.rlistings'}, + None, 'tester3', 'tester3', None, 200), + ('OPTIONS', + None, + None, 'UUID', 'UUID', + {'X-Container-Read': '.rlistings'}, + None, 'tester3', 'tester3', None, 200), + ('OPTIONS', + None, + None, 'UUID', 'UUID', + {'X-Container-Write': 'test:tester3'}, + None, 'tester3', 'tester3', None, 200), + ('OPTIONS', + None, + None, 'UUID', 'UUID', + {'X-Container-Write': 'test:%(tester3_id)s'}, + None, 'tester3', 'tester3', None, 200), + ('OPTIONS', + None, + None, 'UUID', 'UUID', + {'X-Container-Write': '%(test_id)s:tester3'}, + None, 'tester3', 'tester3', None, 200), + ('OPTIONS', + None, + None, 'UUID', 'UUID', + {'X-Container-Write': '%(test_id)s:%(tester3_id)s'}, + None, 'tester3', 'tester3', None, 200), + ('OPTIONS', + None, + None, 'UUID', 'UUID', + {'X-Container-Write': 'test:tester2'}, + None, 'tester3', 'tester3', None, 200), + ('OPTIONS', + None, + None, 'UUID', 'UUID', + {'X-Container-Write': 'test:*'}, + None, 'tester3', 'tester3', None, 200), + ('OPTIONS', + None, + None, 'UUID', 'UUID', + {'X-Container-Write': 'test'}, + None, 'tester3', 'tester3', None, 200), + ('OPTIONS', + None, + None, 'UUID', 'UUID', + {'X-Container-Write': '%(test_id)s'}, + None, 'tester3', 'tester3', None, 200), + ('OPTIONS', + None, + None, 'UUID', 'UUID', + {'X-Container-Write': 'test2:tester3'}, + None, 'tester3', 'tester3', None, 200), + ('OPTIONS', + None, + None, 'UUID', 'UUID', + {'X-Container-Write': 'test2:tester2'}, + None, 'tester3', 'tester3', None, 200), + ('OPTIONS', + None, + None, 'UUID', 'UUID', + {'X-Container-Write': 'test2:*'}, + None, 'tester3', 'tester3', None, 200), + ('OPTIONS', + None, + None, 'UUID', 'UUID', + {'X-Container-Write': 'test2'}, + None, 'tester3', 'tester3', None, 200), + ('OPTIONS', + None, + None, 'UUID', 'UUID', + {'X-Container-Write': '*:tester3'}, + None, 'tester3', 'tester3', None, 200), + ('OPTIONS', + None, + None, 'UUID', 'UUID', + {'X-Container-Write': '*:tester2'}, + None, 'tester3', 'tester3', None, 200), + ('OPTIONS', + None, + None, 'UUID', 'UUID', + {'X-Container-Write': '*:*'}, + None, 'tester3', 'tester3', None, 200), + ('OPTIONS', + None, + None, 'UUID', 'UUID', + {'X-Container-Write': '*'}, + None, 'tester3', 'tester3', None, 200), + ('OPTIONS', + None, + None, 'UUID', 'UUID', + None, + None, 'tester3', 'tester3', None, 200) +] + + +class BaseClient(object): def __init__(self): self._set_users() self.auth_url = tf.swift_test_auth @@ -1113,6 +2978,33 @@ class SwiftClient(object): 'password': tf.swift_test_key[index], 'domain': tf.swift_test_domain[index]} + +class KeystoneClient(BaseClient): + def get_id_info(self): + id_info = {} + for user_name, user_info in self.users.iteritems(): + if user_name != '': + user_id, project_id = self._get_id(user_name) + id_info[user_name + '_id'] = user_id + id_info[user_info['account'] + '_id'] = project_id + return id_info + + def _get_id(self, user_name): + info = self.users.get(user_name) + keystone_client = client.Client( + auth_url=self.auth_url, + version=(self.auth_version,), + username=user_name, + password=info['password'], + project_name=info['account'], + project_domain_name=info['domain'], + user_domain_name=info['domain']) + return keystone_client.user_id, keystone_client.project_id + + +class SwiftClient(BaseClient): + _tokens = {} + def _get_auth(self, user_name): info = self.users.get(user_name) if info is None: @@ -1307,5 +3199,26 @@ class TestRBAC(BaseTestAC): self._run_scenario(scenario_rbac) +class TestContainerACL(BaseTestAC): + + def _convert_data(self, data): + test_case = super(TestContainerACL, self)._convert_data(data) + prep_container_header = test_case['prep_container_header'] + if prep_container_header is not None: + for header, header_val in prep_container_header.iteritems(): + prep_container_header[header] = header_val % self.id_info + return test_case + + def test_container_acl(self): + if any((tf.skip, tf.skip2, tf.skip3, tf.skip_if_not_v3, + tf.skip_if_no_reseller_admin)): + raise SkipTest + self.id_info = KeystoneClient().get_id_info() + scenario_container_acl = ACL_PUT + ACL_DELETE + ACL_GET +\ + ACL_HEAD + ACL_POST + ACL_OPTIONS + shuffle(scenario_container_acl) + self._run_scenario(scenario_container_acl) + + if __name__ == '__main__': unittest.main()