tests/s3/website.rs: Added website hosting authorization check tests.

This commit is contained in:
Jonathan Davies 2023-01-12 17:13:03 +00:00
parent 100b01e859
commit 4962b88f8b
2 changed files with 138 additions and 0 deletions

View file

@ -25,6 +25,7 @@ pub struct Instance {
pub s3_port: u16, pub s3_port: u16,
pub k2v_port: u16, pub k2v_port: u16,
pub web_port: u16, pub web_port: u16,
pub admin_port: u16,
} }
impl Instance { impl Instance {
@ -105,6 +106,7 @@ api_bind_addr = "127.0.0.1:{admin_port}"
s3_port: port, s3_port: port,
k2v_port: port + 1, k2v_port: port + 1,
web_port: port + 3, web_port: port + 3,
admin_port: port + 4,
} }
} }

View file

@ -1,5 +1,8 @@
use crate::common; use crate::common;
use crate::common::ext::*; use crate::common::ext::*;
use crate::k2v::json_body;
use assert_json_diff::assert_json_eq;
use aws_sdk_s3::{ use aws_sdk_s3::{
model::{CorsConfiguration, CorsRule, ErrorDocument, IndexDocument, WebsiteConfiguration}, model::{CorsConfiguration, CorsRule, ErrorDocument, IndexDocument, WebsiteConfiguration},
types::ByteStream, types::ByteStream,
@ -9,6 +12,7 @@ use hyper::{
body::{to_bytes, Body}, body::{to_bytes, Body},
Client, Client,
}; };
use serde_json::json;
const BODY: &[u8; 16] = b"<h1>bonjour</h1>"; const BODY: &[u8; 16] = b"<h1>bonjour</h1>";
const BODY_ERR: &[u8; 6] = b"erreur"; const BODY_ERR: &[u8; 6] = b"erreur";
@ -49,6 +53,28 @@ async fn test_website() {
BODY.as_ref() BODY.as_ref()
); /* check that we do not leak body */ ); /* check that we do not leak body */
let admin_req = || {
Request::builder()
.method("GET")
.uri(format!("http://127.0.0.1:{}/check", ctx.garage.admin_port))
.header("domain", format!("{}", BCKT_NAME))
.body(Body::empty())
.unwrap()
};
let admin_resp = client.request(admin_req()).await.unwrap();
assert_eq!(admin_resp.status(), StatusCode::BAD_REQUEST);
let res_body = json_body(admin_resp).await;
assert_json_eq!(
res_body,
json!({
"code": "InvalidRequest",
"message": "Bad request: Bucket is not authorized for website hosting",
"region": "garage-integ-test",
"path": "/check",
})
);
ctx.garage ctx.garage
.command() .command()
.args(["bucket", "website", "--allow", BCKT_NAME]) .args(["bucket", "website", "--allow", BCKT_NAME])
@ -62,6 +88,22 @@ async fn test_website() {
BODY.as_ref() BODY.as_ref()
); );
let admin_req = || {
Request::builder()
.method("GET")
.uri(format!("http://127.0.0.1:{}/check", ctx.garage.admin_port))
.header("domain", format!("{}", BCKT_NAME))
.body(Body::empty())
.unwrap()
};
let mut admin_resp = client.request(admin_req()).await.unwrap();
assert_eq!(admin_resp.status(), StatusCode::OK);
assert_eq!(
to_bytes(admin_resp.body_mut()).await.unwrap().as_ref(),
b"Bucket authorized for website hosting"
);
ctx.garage ctx.garage
.command() .command()
.args(["bucket", "website", "--deny", BCKT_NAME]) .args(["bucket", "website", "--deny", BCKT_NAME])
@ -74,6 +116,28 @@ async fn test_website() {
to_bytes(resp.body_mut()).await.unwrap().as_ref(), to_bytes(resp.body_mut()).await.unwrap().as_ref(),
BODY.as_ref() BODY.as_ref()
); /* check that we do not leak body */ ); /* check that we do not leak body */
let admin_req = || {
Request::builder()
.method("GET")
.uri(format!("http://127.0.0.1:{}/check", ctx.garage.admin_port))
.header("domain", format!("{}", BCKT_NAME))
.body(Body::empty())
.unwrap()
};
let admin_resp = client.request(admin_req()).await.unwrap();
assert_eq!(admin_resp.status(), StatusCode::BAD_REQUEST);
let res_body = json_body(admin_resp).await;
assert_json_eq!(
res_body,
json!({
"code": "InvalidRequest",
"message": "Bad request: Bucket is not authorized for website hosting",
"region": "garage-integ-test",
"path": "/check",
})
);
} }
#[tokio::test] #[tokio::test]
@ -322,3 +386,75 @@ async fn test_website_s3_api() {
); );
} }
} }
#[tokio::test]
async fn test_website_check_website_enabled() {
let ctx = common::context();
let client = Client::new();
let admin_req = || {
Request::builder()
.method("GET")
.uri(format!("http://127.0.0.1:{}/check", ctx.garage.admin_port))
.body(Body::empty())
.unwrap()
};
let admin_resp = client.request(admin_req()).await.unwrap();
assert_eq!(admin_resp.status(), StatusCode::BAD_REQUEST);
let res_body = json_body(admin_resp).await;
assert_json_eq!(
res_body,
json!({
"code": "InvalidRequest",
"message": "Bad request: No domain header found",
"region": "garage-integ-test",
"path": "/check",
})
);
let admin_req = || {
Request::builder()
.method("GET")
.uri(format!("http://127.0.0.1:{}/check", ctx.garage.admin_port))
.header("domain", "foobar")
.body(Body::empty())
.unwrap()
};
let admin_resp = client.request(admin_req()).await.unwrap();
assert_eq!(admin_resp.status(), StatusCode::NOT_FOUND);
let res_body = json_body(admin_resp).await;
assert_json_eq!(
res_body,
json!({
"code": "NoSuchBucket",
"message": "Bucket not found: foobar",
"region": "garage-integ-test",
"path": "/check",
})
);
let admin_req = || {
Request::builder()
.method("GET")
.uri(format!("http://127.0.0.1:{}/check", ctx.garage.admin_port))
.header("domain", "")
.body(Body::empty())
.unwrap()
};
let admin_resp = client.request(admin_req()).await.unwrap();
assert_eq!(admin_resp.status(), StatusCode::BAD_REQUEST);
let res_body = json_body(admin_resp).await;
assert_json_eq!(
res_body,
json!({
"code": "InvalidRequest",
"message": "Bad request: Invalid characters found in domain header: failed to convert header to a str",
"region": "garage-integ-test",
"path": "/check",
})
);
}