142 lines
5.9 KiB
Python
142 lines
5.9 KiB
Python
# -*- coding: utf-8 -*-
|
|
# Copyright 2018 Google Inc. All Rights Reserved.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
"""Integration tests for pap command."""
|
|
|
|
from __future__ import absolute_import
|
|
|
|
import gslib.tests.testcase as testcase
|
|
from gslib.tests.testcase.integration_testcase import SkipForGS
|
|
from gslib.tests.testcase.integration_testcase import SkipForJSON
|
|
from gslib.tests.testcase.integration_testcase import SkipForXML
|
|
from gslib.tests.util import ObjectToURI as suri
|
|
from gslib.tests.util import SetBotoConfigForTest
|
|
|
|
|
|
class TestPublicAccessPrevention(testcase.GsUtilIntegrationTestCase):
|
|
"""Integration tests for pap command."""
|
|
|
|
_set_pap_cmd = ['pap', 'set']
|
|
_get_pap_cmd = ['pap', 'get']
|
|
|
|
@SkipForXML('Public access prevention only runs on GCS JSON API')
|
|
def test_off_on_default_buckets(self):
|
|
bucket_uri = self.CreateBucket()
|
|
self.VerifyPublicAccessPreventionValue(bucket_uri, 'inherited')
|
|
|
|
@SkipForXML('Public access prevention only runs on GCS JSON API')
|
|
def test_turning_off_on_enabled_buckets(self):
|
|
bucket_uri = self.CreateBucket(public_access_prevention='enforced',
|
|
prefer_json_api=True)
|
|
self.VerifyPublicAccessPreventionValue(bucket_uri, 'enforced')
|
|
|
|
self.RunGsUtil(self._set_pap_cmd + ['inherited', suri(bucket_uri)])
|
|
self.VerifyPublicAccessPreventionValue(bucket_uri, 'inherited')
|
|
|
|
@SkipForXML('Public access prevention only runs on GCS JSON API')
|
|
def test_turning_on(self):
|
|
bucket_uri = self.CreateBucket()
|
|
self.RunGsUtil(self._set_pap_cmd + ['enforced', suri(bucket_uri)])
|
|
self.VerifyPublicAccessPreventionValue(bucket_uri, 'enforced')
|
|
|
|
@SkipForXML('Public access prevention only runs on GCS JSON API')
|
|
def test_turning_on_and_off(self):
|
|
bucket_uri = self.CreateBucket()
|
|
|
|
self.RunGsUtil(self._set_pap_cmd + ['enforced', suri(bucket_uri)])
|
|
self.VerifyPublicAccessPreventionValue(bucket_uri, 'enforced')
|
|
|
|
self.RunGsUtil(self._set_pap_cmd + ['inherited', suri(bucket_uri)])
|
|
self.VerifyPublicAccessPreventionValue(bucket_uri, 'inherited')
|
|
|
|
@SkipForXML('Public access prevention only runs on GCS JSON API')
|
|
def test_multiple_buckets(self):
|
|
bucket_uri1 = self.CreateBucket()
|
|
bucket_uri2 = self.CreateBucket()
|
|
stdout = self.RunGsUtil(
|
|
self._get_pap_cmd +
|
|
[suri(bucket_uri1), suri(bucket_uri2)],
|
|
return_stdout=True)
|
|
self.assertRegex(stdout, r'%s:\s+inherited' % suri(bucket_uri1))
|
|
self.assertRegex(stdout, r'%s:\s+inherited' % suri(bucket_uri2))
|
|
|
|
@SkipForJSON('Testing XML only behavior')
|
|
def test_xml_fails(self):
|
|
# use HMAC for force XML API
|
|
boto_config_hmac_auth_only = [
|
|
# Overwrite other credential types.
|
|
('Credentials', 'gs_oauth2_refresh_token', None),
|
|
('Credentials', 'gs_service_client_id', None),
|
|
('Credentials', 'gs_service_key_file', None),
|
|
('Credentials', 'gs_service_key_file_password', None),
|
|
# Add hmac credentials.
|
|
('Credentials', 'gs_access_key_id', 'dummykey'),
|
|
('Credentials', 'gs_secret_access_key', 'dummysecret'),
|
|
]
|
|
with SetBotoConfigForTest(boto_config_hmac_auth_only):
|
|
bucket_uri = 'gs://any-bucket-name'
|
|
stderr = self.RunGsUtil(self._set_pap_cmd + ['inherited', bucket_uri],
|
|
return_stderr=True,
|
|
expected_status=1)
|
|
self.assertIn('command can only be with the Cloud Storage JSON API',
|
|
stderr)
|
|
|
|
stderr = self.RunGsUtil(self._get_pap_cmd + [bucket_uri],
|
|
return_stderr=True,
|
|
expected_status=1)
|
|
self.assertIn('command can only be with the Cloud Storage JSON API',
|
|
stderr)
|
|
|
|
@SkipForGS('Testing S3 only behavior')
|
|
def test_s3_fails(self):
|
|
bucket_uri = self.CreateBucket()
|
|
stderr = self.RunGsUtil(self._set_pap_cmd +
|
|
['inherited', suri(bucket_uri)],
|
|
return_stderr=True,
|
|
expected_status=1)
|
|
if self._use_gcloud_storage:
|
|
self.assertIn('Flags disallowed for S3', stderr)
|
|
else:
|
|
self.assertIn('command can only be used for GCS Buckets', stderr)
|
|
|
|
if not self._use_gcloud_storage:
|
|
# gcloud storage uses a generic buckets describe command for this, and it
|
|
# would not print a result instead of erroring.
|
|
stderr = self.RunGsUtil(self._get_pap_cmd + [suri(bucket_uri)],
|
|
return_stderr=True,
|
|
expected_status=1)
|
|
self.assertIn('command can only be used for GCS Buckets', stderr)
|
|
|
|
def test_set_too_few_arguments_fails(self):
|
|
stderr = self.RunGsUtil(self._set_pap_cmd,
|
|
return_stderr=True,
|
|
expected_status=1)
|
|
self.assertIn('command requires at least', stderr)
|
|
|
|
def test_get_too_few_arguments_fails(self):
|
|
stderr = self.RunGsUtil(self._get_pap_cmd,
|
|
return_stderr=True,
|
|
expected_status=1)
|
|
self.assertIn('command requires at least', stderr)
|
|
|
|
def test_no_subcommand_fails(self):
|
|
stderr = self.RunGsUtil(['pap'], return_stderr=True, expected_status=1)
|
|
self.assertIn('command requires at least', stderr)
|
|
|
|
def test_invalid_subcommand_fails(self):
|
|
stderr = self.RunGsUtil(['pap', 'fakecommand', 'test'],
|
|
return_stderr=True,
|
|
expected_status=1)
|
|
self.assertIn('Invalid subcommand', stderr)
|