From 9374389f873ca0dc2306d81506fa7aef799e7c5a Mon Sep 17 00:00:00 2001 From: Quentin Dufour Date: Fri, 14 Jan 2022 11:47:27 +0100 Subject: [PATCH] Add tests for CORS --- doc/book/src/quick_start/index.md | 4 ++-- script/dev-bucket.sh | 2 +- script/dev-cluster.sh | 3 ++- script/test-smoke.sh | 25 ++++++++++++++++++++++--- 4 files changed, 27 insertions(+), 7 deletions(-) diff --git a/doc/book/src/quick_start/index.md b/doc/book/src/quick_start/index.md index ffb3ebbe..ae71bd67 100644 --- a/doc/book/src/quick_start/index.md +++ b/doc/book/src/quick_start/index.md @@ -49,11 +49,11 @@ bootstrap_peers = [] [s3_api] s3_region = "garage" api_bind_addr = "[::]:3900" -root_domain = ".s3.garage" +root_domain = ".s3.garage.localhost" [s3_web] bind_addr = "[::]:3902" -root_domain = ".web.garage" +root_domain = ".web.garage.localhost" index = "index.html" ``` diff --git a/script/dev-bucket.sh b/script/dev-bucket.sh index 0ce998a1..b777d214 100755 --- a/script/dev-bucket.sh +++ b/script/dev-bucket.sh @@ -13,7 +13,7 @@ garage -c /tmp/config.1.toml bucket create eprouvette KEY_INFO=$(garage -c /tmp/config.1.toml key new --name opérateur) ACCESS_KEY=`echo $KEY_INFO|grep -Po 'GK[a-f0-9]+'` SECRET_KEY=`echo $KEY_INFO|grep -Po 'Secret key: [a-f0-9]+'|grep -Po '[a-f0-9]+$'` -garage -c /tmp/config.1.toml bucket allow eprouvette --read --write --key $ACCESS_KEY +garage -c /tmp/config.1.toml bucket allow eprouvette --owner --read --write --key $ACCESS_KEY echo "$ACCESS_KEY $SECRET_KEY" > /tmp/garage.s3 echo "Bucket s3://eprouvette created. Credentials stored in /tmp/garage.s3." diff --git a/script/dev-cluster.sh b/script/dev-cluster.sh index c631d6c0..c1ffb355 100755 --- a/script/dev-cluster.sh +++ b/script/dev-cluster.sh @@ -38,10 +38,11 @@ rpc_secret = "$NETWORK_SECRET" [s3_api] api_bind_addr = "0.0.0.0:$((3910+$count))" # the S3 API port, HTTP without TLS. Add a reverse proxy for the TLS part. s3_region = "garage" # set this to anything. S3 API calls will fail if they are not made against the region set here. +root_domain = ".s3.garage.localhost" [s3_web] bind_addr = "0.0.0.0:$((3920+$count))" -root_domain = ".garage.tld" +root_domain = ".web.garage.localhost" index = "index.html" EOF diff --git a/script/test-smoke.sh b/script/test-smoke.sh index b85d9ed5..2c623e8a 100755 --- a/script/test-smoke.sh +++ b/script/test-smoke.sh @@ -302,6 +302,25 @@ EOF rm /tmp/garage.test_multipart rm /tmp/garage.test_multipart_reference rm /tmp/garage.test_multipart_diff + + echo "Test CORS endpoints" + # @FIXME remove bucket allow if/when testing on s3 endpoint + garage -c /tmp/config.1.toml bucket website --allow eprouvette + aws s3api put-object --bucket eprouvette --key index.html + CORS='{"CORSRules":[{"AllowedHeaders":["*"],"AllowedMethods":["GET","PUT"],"AllowedOrigins":["*"]}]}' + aws s3api put-bucket-cors --bucket eprouvette --cors-configuration $CORS + [ `aws s3api get-bucket-cors --bucket eprouvette | jq -c` == $CORS ] + + # @FIXME should we really return these CORS on the WEB endpoint and not on the S3 endpoint? + curl -s -i -H 'Origin: http://example.com' http://eprouvette.web.garage.localhost:3921 | grep access-control-allow-origin + curl -s -i -X OPTIONS -H 'Access-Control-Request-Method: PUT' -H 'Origin: http://example.com' http://eprouvette.web.garage.localhost:3921|grep access-control-allow-methods + curl -s -i -X OPTIONS -H 'Access-Control-Request-Method: DELETE' -H 'Origin: http://example.com' http://eprouvette.web.garage.localhost:3921 |grep '403 Forbidden' + + aws s3api delete-bucket-cors --bucket eprouvette + ! [ -s `aws s3api get-bucket-cors --bucket eprouvette` ] + curl -s -i -X OPTIONS -H 'Access-Control-Request-Method: PUT' -H 'Origin: http://example.com' http://eprouvette.web.garage.localhost:3921|grep '403 Forbidden' + aws s3api delete-object --bucket eprouvette --key index.html + garage -c /tmp/config.1.toml bucket website --deny eprouvette fi rm /tmp/garage.{1..3}.{rnd,b64} @@ -325,11 +344,11 @@ if [ -z "$SKIP_AWS" ]; then echo "🧪 Website Testing" echo "

hello world

" > /tmp/garage-index.html aws s3 cp /tmp/garage-index.html s3://eprouvette/index.html - [ `curl -s -o /dev/null -w "%{http_code}" --header "Host: eprouvette.garage.tld" http://127.0.0.1:3921/ ` == 404 ] + [ `curl -s -o /dev/null -w "%{http_code}" --header "Host: eprouvette.web.garage.localhost" http://127.0.0.1:3921/ ` == 404 ] garage -c /tmp/config.1.toml bucket website --allow eprouvette - [ `curl -s -o /dev/null -w "%{http_code}" --header "Host: eprouvette.garage.tld" http://127.0.0.1:3921/ ` == 200 ] + [ `curl -s -o /dev/null -w "%{http_code}" --header "Host: eprouvette.web.garage.localhost" http://127.0.0.1:3921/ ` == 200 ] garage -c /tmp/config.1.toml bucket website --deny eprouvette - [ `curl -s -o /dev/null -w "%{http_code}" --header "Host: eprouvette.garage.tld" http://127.0.0.1:3921/ ` == 404 ] + [ `curl -s -o /dev/null -w "%{http_code}" --header "Host: eprouvette.web.garage.localhost" http://127.0.0.1:3921/ ` == 404 ] aws s3 rm s3://eprouvette/index.html rm /tmp/garage-index.html fi