Skip to content

Commit

Permalink
testsuite/server: add test for bypass governance retention removal
Browse files Browse the repository at this point in the history
Change-Id: Id64318dd1e37fa8ada80f6e3c3b24c24413cc05f
  • Loading branch information
halkyon committed Sep 27, 2024
1 parent 4af8947 commit 1910142
Showing 1 changed file with 34 additions and 14 deletions.
48 changes: 34 additions & 14 deletions testsuite/server/integration_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -73,7 +73,6 @@ func TestObjectLockRestrictedPermissions(t *testing.T) {
Satellite: func(log *zap.Logger, index int, config *satellite.Config) {
config.Metainfo.ObjectLockEnabled = true
config.Metainfo.UseBucketLevelObjectVersioning = true
config.Metainfo.ProjectLimits.MaxBuckets = 20
},
Uplink: func(log *zap.Logger, index int, config *testplanet.UplinkConfig) {
config.APIKeyVersion = macaroon.APIKeyVersionObjectLock
Expand Down Expand Up @@ -209,7 +208,6 @@ func TestObjectLock(t *testing.T) {
Satellite: func(log *zap.Logger, index int, config *satellite.Config) {
config.Metainfo.ObjectLockEnabled = true
config.Metainfo.UseBucketLevelObjectVersioning = true
config.Metainfo.ProjectLimits.MaxBuckets = 100
},
Uplink: func(log *zap.Logger, index int, config *testplanet.UplinkConfig) {
config.APIKeyVersion = macaroon.APIKeyVersionObjectLock
Expand Down Expand Up @@ -477,6 +475,22 @@ func TestObjectLock(t *testing.T) {
}
})

runRetentionModeTest("bypass governance remove retention", func(t *testing.T, mode string) {
putResp, err := putObjectWithRetention(ctx, client, bucket, objKey1, mode, retainUntil)
require.NoError(t, err)

_, err = putObjectRetention(ctx, client, bucket, objKey1, "", time.Time{}, *putResp.VersionId)
requireS3Error(t, err, http.StatusBadRequest, "InvalidRequest")

_, err = putObjectRetentionBypassGovernance(ctx, client, bucket, objKey1, "", time.Time{}, *putResp.VersionId)
if mode == lockModeGovernance {
require.NoError(t, err)
require.NoError(t, deleteObject(ctx, client, bucket, objKey1, *putResp.VersionId))
} else {
requireS3Error(t, err, http.StatusForbidden, "AccessDenied")
}
})

runRetentionModeTest("object lock settings in object info", func(t *testing.T, mode string) {
putResp, err := putObjectWithRetention(ctx, client, bucket, objKey1, mode, retainUntil)
require.NoError(t, err)
Expand Down Expand Up @@ -1419,32 +1433,38 @@ func getObjectRetention(ctx context.Context, client *s3.S3, bucket, key, version

func putObjectRetention(ctx context.Context, client *s3.S3, bucket, key, lockMode string, retainUntil time.Time, versionID string) (*s3.PutObjectRetentionOutput, error) {
input := s3.PutObjectRetentionInput{
Bucket: aws.String(bucket),
Key: aws.String(key),
Retention: &s3.ObjectLockRetention{
Mode: aws.String(lockMode),
RetainUntilDate: aws.Time(retainUntil),
},
Bucket: aws.String(bucket),
Key: aws.String(key),
Retention: &s3.ObjectLockRetention{},
}
if versionID != "" {
input.VersionId = aws.String(versionID)
}
if lockMode != "" {
input.Retention.Mode = aws.String(lockMode)
}
if !retainUntil.IsZero() {
input.Retention.RetainUntilDate = aws.Time(retainUntil)
}
return client.PutObjectRetentionWithContext(ctx, &input)
}

func putObjectRetentionBypassGovernance(ctx context.Context, client *s3.S3, bucket, key, lockMode string, retainUntil time.Time, versionID string) (*s3.PutObjectRetentionOutput, error) {
input := s3.PutObjectRetentionInput{
Bucket: aws.String(bucket),
Key: aws.String(key),
Retention: &s3.ObjectLockRetention{
Mode: aws.String(lockMode),
RetainUntilDate: aws.Time(retainUntil),
},
Bucket: aws.String(bucket),
Key: aws.String(key),
BypassGovernanceRetention: aws.Bool(true),
Retention: &s3.ObjectLockRetention{},
}
if versionID != "" {
input.VersionId = aws.String(versionID)
}
if lockMode != "" {
input.Retention.Mode = aws.String(lockMode)
}
if !retainUntil.IsZero() {
input.Retention.RetainUntilDate = aws.Time(retainUntil)
}
return client.PutObjectRetentionWithContext(ctx, &input)
}

Expand Down

0 comments on commit 1910142

Please sign in to comment.