Merge "Add functests for disallowed COPYs into a versioned container"

This commit is contained in:
Jenkins 2017-08-18 03:04:11 +00:00 committed by Gerrit Code Review
commit cb1c438006
4 changed files with 85 additions and 54 deletions

View File

@ -723,8 +723,11 @@ class File(Base):
if 'Destination' in headers:
headers['Destination'] = urllib.parse.quote(headers['Destination'])
return self.conn.make_request('COPY', self.path, hdrs=headers,
parms=parms) == 201
if self.conn.make_request('COPY', self.path, hdrs=headers,
cfg=cfg, parms=parms) != 201:
raise ResponseError(self.conn.response, 'COPY',
self.conn.make_path(self.path))
return True
def copy_account(self, dest_account, dest_cont, dest_file,
hdrs=None, parms=None, cfg=None):
@ -749,8 +752,11 @@ class File(Base):
if 'Destination' in headers:
headers['Destination'] = urllib.parse.quote(headers['Destination'])
return self.conn.make_request('COPY', self.path, hdrs=headers,
parms=parms) == 201
if self.conn.make_request('COPY', self.path, hdrs=headers,
cfg=cfg, parms=parms) != 201:
raise ResponseError(self.conn.response, 'COPY',
self.conn.make_path(self.path))
return True
def delete(self, hdrs=None, parms=None, cfg=None):
if hdrs is None:

View File

@ -753,7 +753,7 @@ class TestSlo(Base):
# manifest copy will fail because there is no read access to segments
# in destination account
file_item.copy_account(
self.assertRaises(ResponseError, file_item.copy_account,
acct, dest_cont, "copied-abcde-manifest-only",
parms={'multipart-manifest': 'get'})
self.assertEqual(400, file_item.conn.response.status)
@ -769,7 +769,7 @@ class TestSlo(Base):
# manifest copy will still fail because there are no segments in
# destination account
file_item.copy_account(
self.assertRaises(ResponseError, file_item.copy_account,
acct, dest_cont, "copied-abcde-manifest-only",
parms={'multipart-manifest': 'get'})
self.assertEqual(400, file_item.conn.response.status)

View File

@ -486,12 +486,21 @@ class TestObjectVersioning(Base):
break
self.assertEqual(backup_file.read(), "never argue with the data")
# user3 (some random user with no access to anything)
# user3 (some random user with no access to any of account1)
# tries to read from versioned container
self.assertRaises(ResponseError, backup_file.read,
cfg={'use_token': self.env.storage_token3})
# user3 cannot write or delete from source container either
# create an object user3 can try to copy
a2_container = self.env.account2.container(Utils.create_name())
a2_container.create(
hdrs={'X-Container-Read': self.env.conn3.user_acl},
cfg={'use_token': self.env.storage_token2})
a2_obj = a2_container.file(Utils.create_name())
self.assertTrue(a2_obj.write("unused",
cfg={'use_token': self.env.storage_token2}))
# user3 cannot write, delete, or copy to/from source container either
number_of_versions = versions_container.info()['object_count']
self.assertRaises(ResponseError, versioned_obj.write,
"some random user trying to write data",
@ -502,6 +511,19 @@ class TestObjectVersioning(Base):
cfg={'use_token': self.env.storage_token3})
self.assertEqual(number_of_versions,
versions_container.info()['object_count'])
self.assertRaises(
ResponseError, versioned_obj.write,
hdrs={'X-Copy-From': '%s/%s' % (a2_container.name, a2_obj.name),
'X-Copy-From-Account': self.env.conn2.account_name},
cfg={'use_token': self.env.storage_token3})
self.assertEqual(number_of_versions,
versions_container.info()['object_count'])
self.assertRaises(
ResponseError, a2_obj.copy_account,
self.env.conn.account_name, container.name, obj_name,
cfg={'use_token': self.env.storage_token3})
self.assertEqual(number_of_versions,
versions_container.info()['object_count'])
# user2 can't read or delete from versions-location
self.assertRaises(ResponseError, backup_file.read,
@ -518,6 +540,7 @@ class TestObjectVersioning(Base):
# tear-down since we create these containers here
# and not in self.env
a2_container.delete_recursive()
versions_container.delete_recursive()
container.delete_recursive()

View File

@ -1534,31 +1534,33 @@ class TestFile(Base):
# invalid source container
source_cont = self.env.account.container(Utils.create_name())
file_item = source_cont.file(source_filename)
self.assertFalse(file_item.copy(
self.assertRaises(ResponseError, file_item.copy,
'%s%s' % (prefix, self.env.container),
Utils.create_name()))
Utils.create_name())
self.assert_status(404)
self.assertFalse(file_item.copy('%s%s' % (prefix, dest_cont),
Utils.create_name()))
self.assertRaises(ResponseError, file_item.copy,
'%s%s' % (prefix, dest_cont),
Utils.create_name())
self.assert_status(404)
# invalid source object
file_item = self.env.container.file(Utils.create_name())
self.assertFalse(file_item.copy(
self.assertRaises(ResponseError, file_item.copy,
'%s%s' % (prefix, self.env.container),
Utils.create_name()))
Utils.create_name())
self.assert_status(404)
self.assertFalse(file_item.copy('%s%s' % (prefix, dest_cont),
Utils.create_name()))
self.assertRaises(ResponseError, file_item.copy,
'%s%s' % (prefix, dest_cont),
Utils.create_name())
self.assert_status(404)
# invalid destination container
file_item = self.env.container.file(source_filename)
self.assertFalse(file_item.copy(
self.assertRaises(ResponseError, file_item.copy,
'%s%s' % (prefix, Utils.create_name()),
Utils.create_name()))
Utils.create_name())
def testCopyAccount404s(self):
acct = self.env.conn.account_name
@ -1582,44 +1584,44 @@ class TestFile(Base):
# invalid source container
source_cont = self.env.account.container(Utils.create_name())
file_item = source_cont.file(source_filename)
self.assertFalse(file_item.copy_account(
self.assertRaises(ResponseError, file_item.copy_account,
acct,
'%s%s' % (prefix, self.env.container),
Utils.create_name()))
Utils.create_name())
# there is no such source container but user has
# permissions to do a GET (done internally via COPY) for
# objects in his own account.
self.assert_status(404)
self.assertFalse(file_item.copy_account(
self.assertRaises(ResponseError, file_item.copy_account,
acct,
'%s%s' % (prefix, cont),
Utils.create_name()))
Utils.create_name())
self.assert_status(404)
# invalid source object
file_item = self.env.container.file(Utils.create_name())
self.assertFalse(file_item.copy_account(
self.assertRaises(ResponseError, file_item.copy_account,
acct,
'%s%s' % (prefix, self.env.container),
Utils.create_name()))
Utils.create_name())
# there is no such source container but user has
# permissions to do a GET (done internally via COPY) for
# objects in his own account.
self.assert_status(404)
self.assertFalse(file_item.copy_account(
self.assertRaises(ResponseError, file_item.copy_account,
acct,
'%s%s' % (prefix, cont),
Utils.create_name()))
Utils.create_name())
self.assert_status(404)
# invalid destination container
file_item = self.env.container.file(source_filename)
self.assertFalse(file_item.copy_account(
self.assertRaises(ResponseError, file_item.copy_account,
acct,
'%s%s' % (prefix, Utils.create_name()),
Utils.create_name()))
Utils.create_name())
if acct == acct2:
# there is no such destination container
# and foreign user can have no permission to write there
@ -1633,9 +1635,9 @@ class TestFile(Base):
file_item.write_random()
file_item = self.env.container.file(source_filename)
self.assertFalse(file_item.copy(Utils.create_name(),
self.assertRaises(ResponseError, file_item.copy, Utils.create_name(),
Utils.create_name(),
cfg={'no_destination': True}))
cfg={'no_destination': True})
self.assert_status(412)
def testCopyDestinationSlashProblems(self):
@ -1644,15 +1646,15 @@ class TestFile(Base):
file_item.write_random()
# no slash
self.assertFalse(file_item.copy(Utils.create_name(),
self.assertRaises(ResponseError, file_item.copy, Utils.create_name(),
Utils.create_name(),
cfg={'destination': Utils.create_name()}))
cfg={'destination': Utils.create_name()})
self.assert_status(412)
# too many slashes
self.assertFalse(file_item.copy(Utils.create_name(),
self.assertRaises(ResponseError, file_item.copy, Utils.create_name(),
Utils.create_name(),
cfg={'destination': '//%s' % Utils.create_name()}))
cfg={'destination': '//%s' % Utils.create_name()})
self.assert_status(412)
def testCopyFromHeader(self):