Compare commits

...

1 Commits

Author SHA1 Message Date
Cristian Tovar cc21581faa improvement: CLDSRV-419 improve test coverage for object lock 2023-09-21 08:45:41 -07:00
2 changed files with 319 additions and 365 deletions

View File

@ -99,7 +99,12 @@ describe('DELETE object', () => {
const bucketName = 'testdeleteobjectlockbucket'; const bucketName = 'testdeleteobjectlockbucket';
let versionIdOne; let versionIdOne;
let versionIdTwo; let versionIdTwo;
const retainDate = moment().add(10, 'days').toISOString(); [
{ bucketMode: 'GOVERNANCE', ratainDate: moment().add(5, 'days').toISOString(), putObjectLock: false },
{ bucketMode: 'COMPLIANCE', ratainDate: moment().add(5, 'days').toISOString(), putObjectLock: false },
{ bucketMode: 'GOVERNANCE', ratainDate: moment().add(90, 'days').toISOString(), putObjectLock: true },
{ bucketMode: 'COMPLIANCE', ratainDate: moment().add(90, 'days').toISOString(), putObjectLock: true },
].forEach((response) => {
before(() => { before(() => {
process.stdout.write('creating bucket\n'); process.stdout.write('creating bucket\n');
return s3.createBucket({ return s3.createBucket({
@ -110,6 +115,26 @@ describe('DELETE object', () => {
process.stdout.write(`Error creating bucket ${err}\n`); process.stdout.write(`Error creating bucket ${err}\n`);
throw err; throw err;
}) })
.then(() => {
process.stdout.write('putting object lock configuration\n');
return response.putObjectLock ?
s3.putObjectLockConfiguration({
Bucket: bucketName,
ObjectLockConfiguration: {
ObjectLockEnabled: 'Enabled',
Rule: {
DefaultRetention: {
Mode: response.bucketMode,
Days: parseInt(response.ratainDate, 0),
},
},
},
}).promise() : true;
})
.catch(err => {
process.stdout.write('Error putting object lock configuration\n');
throw err;
})
.then(() => { .then(() => {
process.stdout.write('putting object\n'); process.stdout.write('putting object\n');
return s3.putObject({ return s3.putObject({
@ -124,14 +149,16 @@ describe('DELETE object', () => {
.then(res => { .then(res => {
versionIdOne = res.VersionId; versionIdOne = res.VersionId;
process.stdout.write('putting object retention\n'); process.stdout.write('putting object retention\n');
return s3.putObjectRetention({ return !response.putObjectLock ?
s3.putObjectRetention({
Bucket: bucketName, Bucket: bucketName,
Key: objectName, Key: objectName,
Retention: { Retention: {
Mode: 'GOVERNANCE', Mode: response.bucketMode,
RetainUntilDate: retainDate, RetainUntilDate: response.ratainDate,
}, },
}).promise(); }).promise()
: true;
}) })
.catch(err => { .catch(err => {
process.stdout.write('Err putting object retention\n'); process.stdout.write('Err putting object retention\n');
@ -200,7 +227,7 @@ describe('DELETE object', () => {
}); });
}); });
it('should delete locked object version with GOVERNANCE ' + it(`should delete locked object version with ${response.bucketMode} ` +
'retention mode and correct header', done => { 'retention mode and correct header', done => {
s3.deleteObject({ s3.deleteObject({
Bucket: bucketName, Bucket: bucketName,
@ -228,88 +255,13 @@ describe('DELETE object', () => {
}], '', done); }], '', done);
}); });
}); });
});
describe('with object lock and legal hold', () => { it(`should not delete locked object version with ${response.bucketMode} ` +
const bucketName = 'testdeletelocklegalholdbucket';
const objectName = 'key';
let versionId;
before(() => {
process.stdout.write('creating bucket\n');
return s3.createBucket({
Bucket: bucketName,
ObjectLockEnabledForBucket: true,
}).promise()
.catch(err => {
process.stdout.write(`Error creating bucket ${err}\n`);
throw err;
})
.then(() => {
process.stdout.write('putting object lock configuration\n');
return s3.putObjectLockConfiguration({
Bucket: bucketName,
ObjectLockConfiguration: {
ObjectLockEnabled: 'Enabled',
Rule: {
DefaultRetention: {
Mode: 'GOVERNANCE',
Days: 1,
},
},
},
}).promise();
})
.catch(err => {
process.stdout.write('Error putting object lock configuration\n');
throw err;
})
.then(() => {
process.stdout.write('putting object\n');
return s3.putObject({
Bucket: bucketName,
Key: objectName,
}).promise();
})
.catch(err => {
process.stdout.write('Error putting object');
throw err;
})
.then(res => {
versionId = res.VersionId;
process.stdout.write('putting object legal hold\n');
return s3.putObjectLegalHold({
Bucket: bucketName,
Key: objectName,
LegalHold: {
Status: 'ON',
},
}).promise();
})
.catch(err => {
process.stdout.write('Err putting object legal hold\n');
throw err;
});
});
after(() => {
process.stdout.write('Emptying bucket\n');
return bucketUtil.empty(bucketName)
.then(() => {
process.stdout.write('Deleting bucket\n');
return bucketUtil.deleteOne(bucketName);
})
.catch(err => {
process.stdout.write('Error in after\n');
throw err;
});
});
it('should not delete locked object version with GOVERNANCE ' +
'retention mode and bypass header when object is legal-hold enabled', done => 'retention mode and bypass header when object is legal-hold enabled', done =>
s3.deleteObject({ s3.deleteObject({
Bucket: bucketName, Bucket: bucketName,
Key: objectName, Key: objectName,
VersionId: versionId, VersionId: versionIdOne,
BypassGovernanceRetention: true, BypassGovernanceRetention: true,
}, err => { }, err => {
assert.strictEqual(err.code, 'AccessDenied'); assert.strictEqual(err.code, 'AccessDenied');
@ -317,10 +269,21 @@ describe('DELETE object', () => {
[{ [{
bucket: bucketName, bucket: bucketName,
key: objectName, key: objectName,
versionId, versionIdOne,
}], '', done); }], '', done);
} }
)); ));
it(`should delete object in ${response.bucketMode} mode`, () => {
s3.deleteObject({
Bucket: bucketName,
Key: objectName,
VersionId: versionIdOne,
}, err => {
assert.ifError(err);
});
});
});
}); });
}); });
}); });

View File

@ -210,24 +210,49 @@ describe('Multi-Object Delete Error Responses', () => {
}); });
}); });
describe('Multi-Object Delete Access', function access() { describe('Delete Multi Object', function access() {
this.timeout(360000); this.timeout(360000);
let bucketUtil; let bucketUtil;
let s3; let s3;
const versionIds = [];
const parameters = [
{ bucketMode: 'GOVERNANCE', ObjectLock: true, ratainDate: moment().add(5, 'days').toISOString() },
{ bucketMode: 'COMPLIANCE', ObjectLock: true, ratainDate: moment().add(5, 'days').toISOString() },
{ bucketMode: 'GOVERNANCE', ObjectLock: false, ratainDate: moment().add(5, 'days').toISOString() },
{ bucketMode: 'COMPLIANCE', ObjectLock: false, ratainDate: moment().add(5, 'days').toISOString() },
];
parameters.forEach(response => {
before(() => { before(() => {
const createObjects = []; const createObjects = [];
bucketUtil = new BucketUtility('default', { bucketUtil = new BucketUtility('default', {
signatureVersion: 'v4', signatureVersion: 'v4',
}); });
s3 = bucketUtil.s3; s3 = bucketUtil.s3;
return s3.createBucket({ Bucket: bucketName }).promise() return s3.createBucket({
Bucket: bucketName,
ObjectLockEnabledForBucket: response.ObjectLock,
}).promise()
.then(() => {
process.stdout.write('putting object lock configuration\n');
return response.ObjectLock ? s3.putObjectLockConfiguration({
Bucket: bucketName,
ObjectLockConfiguration: {
ObjectLockEnabled: 'Enabled',
Rule: {
DefaultRetention: {
Days: parseInt(response.ratainDate, 0),
Mode: response.bucketMode,
},
},
},
}).promise() : true;
})
.catch(err => { .catch(err => {
process.stdout.write(`Error creating bucket: ${err}\n`); process.stdout.write(`Error creating bucket: ${err}\n`);
throw err; throw err;
}) })
.then(() => { .then(() => {
for (let i = 1; i < 501; i++) { for (let i = 1; i < 6; i++) {
createObjects.push(s3.putObject({ createObjects.push(s3.putObject({
Bucket: bucketName, Bucket: bucketName,
Key: `${key}${i}`, Key: `${key}${i}`,
@ -235,6 +260,11 @@ describe('Multi-Object Delete Access', function access() {
}).promise()); }).promise());
} }
return Promise.all(createObjects) return Promise.all(createObjects)
.then(res => {
res.forEach(r => {
versionIds.push(r.VersionId);
});
})
.catch(err => { .catch(err => {
process.stdout.write(`Error creating objects: ${err}\n`); process.stdout.write(`Error creating objects: ${err}\n`);
throw err; throw err;
@ -244,6 +274,108 @@ describe('Multi-Object Delete Access', function access() {
after(() => s3.deleteBucket({ Bucket: bucketName }).promise()); after(() => s3.deleteBucket({ Bucket: bucketName }).promise());
it(`delete objects in ${response.bucketMode}`, () => {
const objects = createObjectsList(5, versionIds);
return s3.deleteObjects({
Bucket: bucketName,
Delete: {
Objects: objects,
Quiet: false,
},
}).promise().then(res => {
assert.strictEqual(res.Errors.length, 5);
res.Errors.forEach(err => assert.strictEqual(err.Code, 'AccessDenied'));
});
});
it('should not delete locked objects', () => {
const objects = createObjectsList(5, versionIds);
return s3.deleteObjects({
Bucket: bucketName,
Delete: {
Objects: objects,
Quiet: false,
},
}).promise().then(res => {
assert.strictEqual(res.Errors.length, 5);
res.Errors.forEach(err => assert.strictEqual(err.Code, 'AccessDenied'));
});
});
it(`should not delete locked objects with ${response.bucketMode} ` +
'retention mode and bypass header when object is legal hold enabled', () => {
const objects = createObjectsList(5, versionIds);
const putObjectLegalHolds = [];
for (let i = 1; i < 6; i++) {
putObjectLegalHolds.push(s3.putObjectLegalHold({
Bucket: bucketName,
Key: `${key}${i}`,
LegalHold: {
Status: 'ON',
},
}).promise());
}
return Promise.all(putObjectLegalHolds)
.then(() => s3.deleteObjects({
Bucket: bucketName,
Delete: {
Objects: objects,
Quiet: false,
},
BypassGovernanceRetention: true,
}).promise()).then(res => {
assert.strictEqual(res.Errors.length, 5);
res.Errors.forEach(err => assert.strictEqual(err.Code, 'AccessDenied'));
});
});
it('should delete locked objects after retention period has expired', () => {
const objects = createObjectsList(5, versionIds);
const objectsCopy = JSON.parse(JSON.stringify(objects));
for (let i = 0; i < objectsCopy.length; i++) {
objectsCopy[i].key = objectsCopy[i].Key;
objectsCopy[i].versionId = objectsCopy[i].VersionId;
objectsCopy[i].bucket = bucketName;
delete objectsCopy[i].Key;
delete objectsCopy[i].VersionId;
}
const newRetention = {
mode: response.bucketMode,
date: moment().subtract(10, 'days').toISOString(),
};
return changeLockPromise(objectsCopy, newRetention)
.then(() => s3.deleteObjects({
Bucket: bucketName,
Delete: {
Objects: objects,
Quiet: false,
},
}).promise()).then(res => {
assert.strictEqual(res.Deleted.length, 5);
assert.strictEqual(res.Errors.length, 0);
}).catch(err => {
checkNoError(err);
});
});
it(`should delete locked objects with ${response.bucketMode} ` +
'retention mode and bypass header', () => {
const objects = createObjectsList(5, versionIds);
return s3.deleteObjects({
Bucket: bucketName,
Delete: {
Objects: objects,
Quiet: false,
},
BypassGovernanceRetention: true,
}).promise().then(res => {
assert.strictEqual(res.Deleted.length, 5);
assert.strictEqual(res.Errors.length, 0);
}).catch(err => {
checkNoError(err);
});
});
it('should return access denied error for each object where no acl ' + it('should return access denied error for each object where no acl ' +
'permission', () => { 'permission', () => {
const objects = createObjectsList(500); const objects = createObjectsList(500);
@ -284,147 +416,6 @@ describe('Multi-Object Delete Access', function access() {
checkNoError(err); checkNoError(err);
}); });
}); });
});
describe('Multi-Object Delete with Object Lock', () => {
let bucketUtil;
let s3;
const versionIds = [];
before(() => {
const createObjects = [];
bucketUtil = new BucketUtility('default', {
signatureVersion: 'v4',
});
s3 = bucketUtil.s3;
return s3.createBucket({
Bucket: bucketName,
ObjectLockEnabledForBucket: true,
}).promise()
.then(() => s3.putObjectLockConfiguration({
Bucket: bucketName,
ObjectLockConfiguration: {
ObjectLockEnabled: 'Enabled',
Rule: {
DefaultRetention: {
Days: 1,
Mode: 'GOVERNANCE',
},
},
},
}).promise())
.catch(err => {
process.stdout.write(`Error creating bucket: ${err}\n`);
throw err;
})
.then(() => {
for (let i = 1; i < 6; i++) {
createObjects.push(s3.putObject({
Bucket: bucketName,
Key: `${key}${i}`,
Body: 'somebody',
}).promise());
}
return Promise.all(createObjects)
.then(res => {
res.forEach(r => {
versionIds.push(r.VersionId);
});
})
.catch(err => {
process.stdout.write(`Error creating objects: ${err}\n`);
throw err;
});
});
});
after(() => s3.deleteBucket({ Bucket: bucketName }).promise());
it('should not delete locked objects', () => {
const objects = createObjectsList(5, versionIds);
return s3.deleteObjects({
Bucket: bucketName,
Delete: {
Objects: objects,
Quiet: false,
},
}).promise().then(res => {
assert.strictEqual(res.Errors.length, 5);
res.Errors.forEach(err => assert.strictEqual(err.Code, 'AccessDenied'));
});
});
it('should not delete locked objects with GOVERNANCE ' +
'retention mode and bypass header when object is legal hold enabled', () => {
const objects = createObjectsList(5, versionIds);
const putObjectLegalHolds = [];
for (let i = 1; i < 6; i++) {
putObjectLegalHolds.push(s3.putObjectLegalHold({
Bucket: bucketName,
Key: `${key}${i}`,
LegalHold: {
Status: 'ON',
},
}).promise());
}
return Promise.all(putObjectLegalHolds)
.then(() => s3.deleteObjects({
Bucket: bucketName,
Delete: {
Objects: objects,
Quiet: false,
},
BypassGovernanceRetention: true,
}).promise()).then(res => {
assert.strictEqual(res.Errors.length, 5);
res.Errors.forEach(err => assert.strictEqual(err.Code, 'AccessDenied'));
});
});
it('should delete locked objects after retention period has expired', () => {
const objects = createObjectsList(5, versionIds);
const objectsCopy = JSON.parse(JSON.stringify(objects));
for (let i = 0; i < objectsCopy.length; i++) {
objectsCopy[i].key = objectsCopy[i].Key;
objectsCopy[i].versionId = objectsCopy[i].VersionId;
objectsCopy[i].bucket = bucketName;
delete objectsCopy[i].Key;
delete objectsCopy[i].VersionId;
}
const newRetention = {
mode: 'GOVERNANCE',
date: moment().subtract(10, 'days').toISOString(),
};
return changeLockPromise(objectsCopy, newRetention)
.then(() => s3.deleteObjects({
Bucket: bucketName,
Delete: {
Objects: objects,
Quiet: false,
},
}).promise()).then(res => {
assert.strictEqual(res.Deleted.length, 5);
assert.strictEqual(res.Errors.length, 0);
}).catch(err => {
checkNoError(err);
});
});
it('should delete locked objects with GOVERNANCE ' +
'retention mode and bypass header', () => {
const objects = createObjectsList(5, versionIds);
return s3.deleteObjects({
Bucket: bucketName,
Delete: {
Objects: objects,
Quiet: false,
},
BypassGovernanceRetention: true,
}).promise().then(res => {
assert.strictEqual(res.Deleted.length, 5);
assert.strictEqual(res.Errors.length, 0);
}).catch(err => {
checkNoError(err);
});
}); });
}); });