tests: Adding anonymous requests tests for bucket policy handlers. (#2882)

master
Karthic Rao 8 years ago committed by Harshavardhana
parent 8f4cf2a7d0
commit 09463265ce
  1. 52
      cmd/bucket-policy-handlers_test.go
  2. 32
      cmd/object-handlers_test.go
  3. 5
      cmd/test-utils_test.go

@ -298,6 +298,23 @@ func testPutBucketPolicyHandler(obj ObjectLayer, instanceType, bucketName string
} }
} }
// Test for Anonymous/unsigned http request.
// Bucket policy related functions doesn't support anonymous requests, setting policies shouldn't make a difference.
bucketPolicyStr := fmt.Sprintf(bucketPolicyTemplate, bucketName, bucketName)
// create unsigned HTTP request for PutBucketPolicyHandler.
anonReq, err := newTestRequest("PUT", getPutPolicyURL("", bucketName),
int64(len(bucketPolicyStr)), bytes.NewReader([]byte(bucketPolicyStr)))
if err != nil {
t.Fatalf("Minio %s: Failed to create an anonymous request for bucket \"%s\": <ERROR> %v",
instanceType, bucketName, err)
}
// ExecObjectLayerAPIAnonTest - Calls the HTTP API handler using the anonymous request, validates the ErrAccessDeniedResponse,
// sets the bucket policy using the policy statement generated from `getWriteOnlyObjectStatement` so that the
// unsigned request goes through and its validated again.
ExecObjectLayerAPIAnonTest(t, "PutBucketPolicyHandler", bucketName, "", instanceType, apiRouter, anonReq, getWriteOnlyObjectStatement)
// HTTP request for testing when `objectLayer` is set to `nil`. // HTTP request for testing when `objectLayer` is set to `nil`.
// There is no need to use an existing bucket and valid input for creating the request // There is no need to use an existing bucket and valid input for creating the request
// since the `objectLayer==nil` check is performed before any other checks inside the handlers. // since the `objectLayer==nil` check is performed before any other checks inside the handlers.
@ -308,7 +325,7 @@ func testPutBucketPolicyHandler(obj ObjectLayer, instanceType, bucketName string
0, nil, "", "") 0, nil, "", "")
if err != nil { if err != nil {
t.Errorf("Minio %s: Failed to create HTTP request for testing the reponse when object Layer is set to `nil`.", instanceType) t.Errorf("Minio %s: Failed to create HTTP request for testing the response when object Layer is set to `nil`.", instanceType)
} }
// execute the object layer set to `nil` test. // execute the object layer set to `nil` test.
// `ExecObjectLayerAPINilTest` manages the operation. // `ExecObjectLayerAPINilTest` manages the operation.
@ -442,6 +459,21 @@ func testGetBucketPolicyHandler(obj ObjectLayer, instanceType, bucketName string
} }
} }
// Test for Anonymous/unsigned http request.
// Bucket policy related functions doesn't support anonymous requests, setting policies shouldn't make a difference.
// create unsigned HTTP request for PutBucketPolicyHandler.
anonReq, err := newTestRequest("GET", getPutPolicyURL("", bucketName), 0, nil)
if err != nil {
t.Fatalf("Minio %s: Failed to create an anonymous request for bucket \"%s\": <ERROR> %v",
instanceType, bucketName, err)
}
// ExecObjectLayerAPIAnonTest - Calls the HTTP API handler using the anonymous request, validates the ErrAccessDeniedResponse,
// sets the bucket policy using the policy statement generated from `getWriteOnlyObjectStatement` so that the
// unsigned request goes through and its validated again.
ExecObjectLayerAPIAnonTest(t, "GetBucketPolicyHandler", bucketName, "", instanceType, apiRouter, anonReq, getReadOnlyObjectStatement)
// HTTP request for testing when `objectLayer` is set to `nil`. // HTTP request for testing when `objectLayer` is set to `nil`.
// There is no need to use an existing bucket and valid input for creating the request // There is no need to use an existing bucket and valid input for creating the request
// since the `objectLayer==nil` check is performed before any other checks inside the handlers. // since the `objectLayer==nil` check is performed before any other checks inside the handlers.
@ -452,7 +484,7 @@ func testGetBucketPolicyHandler(obj ObjectLayer, instanceType, bucketName string
0, nil, "", "") 0, nil, "", "")
if err != nil { if err != nil {
t.Errorf("Minio %s: Failed to create HTTP request for testing the reponse when object Layer is set to `nil`.", instanceType) t.Errorf("Minio %s: Failed to create HTTP request for testing the response when object Layer is set to `nil`.", instanceType)
} }
// execute the object layer set to `nil` test. // execute the object layer set to `nil` test.
// `ExecObjectLayerAPINilTest` manages the operation. // `ExecObjectLayerAPINilTest` manages the operation.
@ -607,6 +639,20 @@ func testDeleteBucketPolicyHandler(obj ObjectLayer, instanceType, bucketName str
t.Fatalf("Case %d: Expected the response status to be `%d`, but instead found `%d`", i+1, testCase.expectedRespStatus, recV2.Code) t.Fatalf("Case %d: Expected the response status to be `%d`, but instead found `%d`", i+1, testCase.expectedRespStatus, recV2.Code)
} }
} }
// Test for Anonymous/unsigned http request.
// Bucket policy related functions doesn't support anonymous requests, setting policies shouldn't make a difference.
// create unsigned HTTP request for PutBucketPolicyHandler.
anonReq, err := newTestRequest("DELETE", getPutPolicyURL("", bucketName), 0, nil)
if err != nil {
t.Fatalf("Minio %s: Failed to create an anonymous request for bucket \"%s\": <ERROR> %v",
instanceType, bucketName, err)
}
// ExecObjectLayerAPIAnonTest - Calls the HTTP API handler using the anonymous request, validates the ErrAccessDeniedResponse,
// sets the bucket policy using the policy statement generated from `getWriteOnlyObjectStatement` so that the
// unsigned request goes through and its validated again.
ExecObjectLayerAPIAnonTest(t, "DeleteBucketPolicyHandler", bucketName, "", instanceType, apiRouter, anonReq, getReadOnlyObjectStatement)
// HTTP request for testing when `objectLayer` is set to `nil`. // HTTP request for testing when `objectLayer` is set to `nil`.
// There is no need to use an existing bucket and valid input for creating the request // There is no need to use an existing bucket and valid input for creating the request
@ -618,7 +664,7 @@ func testDeleteBucketPolicyHandler(obj ObjectLayer, instanceType, bucketName str
0, nil, "", "") 0, nil, "", "")
if err != nil { if err != nil {
t.Errorf("Minio %s: Failed to create HTTP request for testing the reponse when object Layer is set to `nil`.", instanceType) t.Errorf("Minio %s: Failed to create HTTP request for testing the response when object Layer is set to `nil`.", instanceType)
} }
// execute the object layer set to `nil` test. // execute the object layer set to `nil` test.
// `ExecObjectLayerAPINilTest` manages the operation. // `ExecObjectLayerAPINilTest` manages the operation.

@ -177,7 +177,7 @@ func testAPIGetObjectHandler(obj ObjectLayer, instanceType, bucketName string, a
anonReq, err := newTestRequest("GET", getGetObjectURL("", bucketName, objectName), 0, nil) anonReq, err := newTestRequest("GET", getGetObjectURL("", bucketName, objectName), 0, nil)
if err != nil { if err != nil {
t.Fatalf("Minio %s: Failed to create an anonymous request to upload part for %s/%s: <ERROR> %v", t.Fatalf("Minio %s: Failed to create an anonymous request for %s/%s: <ERROR> %v",
instanceType, bucketName, objectName, err) instanceType, bucketName, objectName, err)
} }
@ -197,7 +197,7 @@ func testAPIGetObjectHandler(obj ObjectLayer, instanceType, bucketName string, a
0, nil, "", "") 0, nil, "", "")
if err != nil { if err != nil {
t.Errorf("Minio %s: Failed to create HTTP request for testing the reponse when object Layer is set to `nil`.", instanceType) t.Errorf("Minio %s: Failed to create HTTP request for testing the response when object Layer is set to `nil`.", instanceType)
} }
// execute the object layer set to `nil` test. // execute the object layer set to `nil` test.
// `ExecObjectLayerAPINilTest` manages the operation. // `ExecObjectLayerAPINilTest` manages the operation.
@ -435,7 +435,7 @@ func testAPIPutObjectHandler(obj ObjectLayer, instanceType, bucketName string, a
anonReq, err := newTestRequest("PUT", getPutObjectURL("", bucketName, objectName), anonReq, err := newTestRequest("PUT", getPutObjectURL("", bucketName, objectName),
int64(len("hello")), bytes.NewReader([]byte("hello"))) int64(len("hello")), bytes.NewReader([]byte("hello")))
if err != nil { if err != nil {
t.Fatalf("Minio %s: Failed to create an anonymous request to upload part for %s/%s: <ERROR> %v", t.Fatalf("Minio %s: Failed to create an anonymous request for %s/%s: <ERROR> %v",
instanceType, bucketName, objectName, err) instanceType, bucketName, objectName, err)
} }
@ -455,7 +455,7 @@ func testAPIPutObjectHandler(obj ObjectLayer, instanceType, bucketName string, a
0, nil, "", "") 0, nil, "", "")
if err != nil { if err != nil {
t.Errorf("Minio %s: Failed to create HTTP request for testing the reponse when object Layer is set to `nil`.", instanceType) t.Errorf("Minio %s: Failed to create HTTP request for testing the response when object Layer is set to `nil`.", instanceType)
} }
// execute the object layer set to `nil` test. // execute the object layer set to `nil` test.
// `ExecObjectLayerAPINilTest` manages the operation. // `ExecObjectLayerAPINilTest` manages the operation.
@ -614,7 +614,7 @@ func testAPICopyObjectHandler(obj ObjectLayer, instanceType, bucketName string,
newCopyAnonObject := "new-anon-obj" newCopyAnonObject := "new-anon-obj"
anonReq, err := newTestRequest("PUT", getCopyObjectURL("", bucketName, newCopyAnonObject), 0, nil) anonReq, err := newTestRequest("PUT", getCopyObjectURL("", bucketName, newCopyAnonObject), 0, nil)
if err != nil { if err != nil {
t.Fatalf("Minio %s: Failed to create an anonymous request to upload part for %s/%s: <ERROR> %v", t.Fatalf("Minio %s: Failed to create an anonymous request for %s/%s: <ERROR> %v",
instanceType, bucketName, "new-anon-obj", err) instanceType, bucketName, "new-anon-obj", err)
} }
@ -642,7 +642,7 @@ func testAPICopyObjectHandler(obj ObjectLayer, instanceType, bucketName string,
// Its necessary to set the "X-Amz-Copy-Source" header for the request to be accepted by the handler. // Its necessary to set the "X-Amz-Copy-Source" header for the request to be accepted by the handler.
nilReq.Header.Set("X-Amz-Copy-Source", url.QueryEscape("/"+nilBucket+"/"+nilObject)) nilReq.Header.Set("X-Amz-Copy-Source", url.QueryEscape("/"+nilBucket+"/"+nilObject))
if err != nil { if err != nil {
t.Errorf("Minio %s: Failed to create HTTP request for testing the reponse when object Layer is set to `nil`.", instanceType) t.Errorf("Minio %s: Failed to create HTTP request for testing the response when object Layer is set to `nil`.", instanceType)
} }
// execute the object layer set to `nil` test. // execute the object layer set to `nil` test.
@ -695,7 +695,7 @@ func testAPINewMultipartHandler(obj ObjectLayer, instanceType, bucketName string
anonReq, err := newTestRequest("POST", getNewMultipartURL("", bucketName, objectName), 0, nil) anonReq, err := newTestRequest("POST", getNewMultipartURL("", bucketName, objectName), 0, nil)
if err != nil { if err != nil {
t.Fatalf("Minio %s: Failed to create an anonymous request to upload part for %s/%s: <ERROR> %v", t.Fatalf("Minio %s: Failed to create an anonymous request for %s/%s: <ERROR> %v",
instanceType, bucketName, objectName, err) instanceType, bucketName, objectName, err)
} }
@ -715,7 +715,7 @@ func testAPINewMultipartHandler(obj ObjectLayer, instanceType, bucketName string
0, nil, "", "") 0, nil, "", "")
if err != nil { if err != nil {
t.Errorf("Minio %s: Failed to create HTTP request for testing the reponse when object Layer is set to `nil`.", instanceType) t.Errorf("Minio %s: Failed to create HTTP request for testing the response when object Layer is set to `nil`.", instanceType)
} }
// execute the object layer set to `nil` test. // execute the object layer set to `nil` test.
// `ExecObjectLayerAPINilTest` manages the operation. // `ExecObjectLayerAPINilTest` manages the operation.
@ -1069,7 +1069,7 @@ func testAPICompleteMultipartHandler(obj ObjectLayer, instanceType, bucketName s
anonReq, err := newTestRequest("POST", getCompleteMultipartUploadURL("", bucketName, objectName, uploadIDs[1]), anonReq, err := newTestRequest("POST", getCompleteMultipartUploadURL("", bucketName, objectName, uploadIDs[1]),
int64(len(completeBytes)), bytes.NewReader(completeBytes)) int64(len(completeBytes)), bytes.NewReader(completeBytes))
if err != nil { if err != nil {
t.Fatalf("Minio %s: Failed to create an anonymous request to upload part for %s/%s: <ERROR> %v", t.Fatalf("Minio %s: Failed to create an anonymous request for %s/%s: <ERROR> %v",
instanceType, bucketName, objectName, err) instanceType, bucketName, objectName, err)
} }
@ -1091,7 +1091,7 @@ func testAPICompleteMultipartHandler(obj ObjectLayer, instanceType, bucketName s
0, nil, "", "") 0, nil, "", "")
if err != nil { if err != nil {
t.Errorf("Minio %s: Failed to create HTTP request for testing the reponse when object Layer is set to `nil`.", instanceType) t.Errorf("Minio %s: Failed to create HTTP request for testing the response when object Layer is set to `nil`.", instanceType)
} }
// execute the object layer set to `nil` test. // execute the object layer set to `nil` test.
// `ExecObjectLayerAPINilTest` manages the operation. // `ExecObjectLayerAPINilTest` manages the operation.
@ -1198,7 +1198,7 @@ func testAPIDeleteObjectHandler(obj ObjectLayer, instanceType, bucketName string
// Test for Anonymous/unsigned http request. // Test for Anonymous/unsigned http request.
anonReq, err := newTestRequest("DELETE", getDeleteObjectURL("", bucketName, anonObjectName), 0, nil) anonReq, err := newTestRequest("DELETE", getDeleteObjectURL("", bucketName, anonObjectName), 0, nil)
if err != nil { if err != nil {
t.Fatalf("Minio %s: Failed to create an anonymous request to upload part for %s/%s: <ERROR> %v", t.Fatalf("Minio %s: Failed to create an anonymous request for %s/%s: <ERROR> %v",
instanceType, bucketName, anonObjectName, err) instanceType, bucketName, anonObjectName, err)
} }
@ -1219,7 +1219,7 @@ func testAPIDeleteObjectHandler(obj ObjectLayer, instanceType, bucketName string
0, nil, "", "") 0, nil, "", "")
if err != nil { if err != nil {
t.Errorf("Minio %s: Failed to create HTTP request for testing the reponse when object Layer is set to `nil`.", instanceType) t.Errorf("Minio %s: Failed to create HTTP request for testing the response when object Layer is set to `nil`.", instanceType)
} }
// execute the object layer set to `nil` test. // execute the object layer set to `nil` test.
// `ExecObjectLayerAPINilTest` manages the operation. // `ExecObjectLayerAPINilTest` manages the operation.
@ -1615,7 +1615,7 @@ func testAPIPutObjectPartHandler(obj ObjectLayer, instanceType, bucketName strin
anonReq, err := newTestRequest("PUT", getPutObjectPartURL("", bucketName, testObject, uploadIDCopy, "1"), anonReq, err := newTestRequest("PUT", getPutObjectPartURL("", bucketName, testObject, uploadIDCopy, "1"),
int64(len("hello")), bytes.NewReader([]byte("hello"))) int64(len("hello")), bytes.NewReader([]byte("hello")))
if err != nil { if err != nil {
t.Fatalf("Minio %s: Failed to create an anonymous request to upload part for %s/%s: <ERROR> %v", t.Fatalf("Minio %s: Failed to create an anonymous request for %s/%s: <ERROR> %v",
instanceType, bucketName, testObject, err) instanceType, bucketName, testObject, err)
} }
@ -1635,7 +1635,7 @@ func testAPIPutObjectPartHandler(obj ObjectLayer, instanceType, bucketName strin
0, bytes.NewReader([]byte("testNilObjLayer")), "", "") 0, bytes.NewReader([]byte("testNilObjLayer")), "", "")
if err != nil { if err != nil {
t.Errorf("Minio %s: Failed to create http request for testing the reponse when object Layer is set to `nil`.", instanceType) t.Errorf("Minio %s: Failed to create http request for testing the response when object Layer is set to `nil`.", instanceType)
} }
// execute the object layer set to `nil` test. // execute the object layer set to `nil` test.
// `ExecObjectLayerAPINilTest` manages the operation. // `ExecObjectLayerAPINilTest` manages the operation.
@ -1853,7 +1853,7 @@ func testAPIListObjectPartsHandler(obj ObjectLayer, instanceType, bucketName str
anonReq, err := newTestRequest("GET", anonReq, err := newTestRequest("GET",
getListMultipartURLWithParams("", bucketName, testObject, uploadIDCopy, "", "", ""), 0, nil) getListMultipartURLWithParams("", bucketName, testObject, uploadIDCopy, "", "", ""), 0, nil)
if err != nil { if err != nil {
t.Fatalf("Minio %s: Failed to create an anonymous request to upload part for %s/%s: <ERROR> %v", t.Fatalf("Minio %s: Failed to create an anonymous request for %s/%s: <ERROR> %v",
instanceType, bucketName, testObject, err) instanceType, bucketName, testObject, err)
} }
@ -1873,7 +1873,7 @@ func testAPIListObjectPartsHandler(obj ObjectLayer, instanceType, bucketName str
getListMultipartURLWithParams("", nilBucket, nilObject, "dummy-uploadID", "0", "0", ""), getListMultipartURLWithParams("", nilBucket, nilObject, "dummy-uploadID", "0", "0", ""),
0, nil, "", "") 0, nil, "", "")
if err != nil { if err != nil {
t.Errorf("Minio %s:Failed to create http request for testing the reponse when object Layer is set to `nil`.", instanceType) t.Errorf("Minio %s:Failed to create http request for testing the response when object Layer is set to `nil`.", instanceType)
} }
// execute the object layer set to `nil` test. // execute the object layer set to `nil` test.
// `ExecObjectLayerAPINilTest` sets the Object Layer to `nil` and calls the handler. // `ExecObjectLayerAPINilTest` sets the Object Layer to `nil` and calls the handler.

@ -1444,6 +1444,7 @@ func ExecObjectLayerAPIAnonTest(t *testing.T, testName, bucketName, objectName,
Version: "1.0", Version: "1.0",
Statements: []policyStatement{policyFunc(bucketName, "")}, Statements: []policyStatement{policyFunc(bucketName, "")},
} }
globalBucketPolicies.SetBucketPolicy(bucketName, &policy) globalBucketPolicies.SetBucketPolicy(bucketName, &policy)
// now call the handler again with the unsigned/anonymous request, it should be accepted. // now call the handler again with the unsigned/anonymous request, it should be accepted.
rec = httptest.NewRecorder() rec = httptest.NewRecorder()
@ -1456,10 +1457,14 @@ func ExecObjectLayerAPIAnonTest(t *testing.T, testName, bucketName, objectName,
// expectedHTTPStatus returns 204 (http.StatusNoContent) on success. // expectedHTTPStatus returns 204 (http.StatusNoContent) on success.
if testName == "TestAPIDeleteObjectHandler" { if testName == "TestAPIDeleteObjectHandler" {
expectedHTTPStatus = http.StatusNoContent expectedHTTPStatus = http.StatusNoContent
} else if strings.Contains(testName, "BucketPolicyHandler") {
// BucketPolicyHandler's doesn't support anonymous request, policy changes should allow unsigned requests.
expectedHTTPStatus = http.StatusForbidden
} else { } else {
// other API handlers return 200OK on success. // other API handlers return 200OK on success.
expectedHTTPStatus = http.StatusOK expectedHTTPStatus = http.StatusOK
} }
// compare the HTTP response status code with the expected one. // compare the HTTP response status code with the expected one.
if rec.Code != expectedHTTPStatus { if rec.Code != expectedHTTPStatus {
failTest(fmt.Sprintf("Expected the anonymous HTTP request to be served after the policy changes\n,Expected response HTTP status code to be %d, got %d.", failTest(fmt.Sprintf("Expected the anonymous HTTP request to be served after the policy changes\n,Expected response HTTP status code to be %d, got %d.",

Loading…
Cancel
Save