1 // Copyright (C) The Arvados Authors. All rights reserved.
3 // SPDX-License-Identifier: AGPL-3.0
23 "git.arvados.org/arvados.git/sdk/go/arvados"
24 "git.arvados.org/arvados.git/sdk/go/arvadosclient"
25 "git.arvados.org/arvados.git/sdk/go/arvadostest"
26 "git.arvados.org/arvados.git/sdk/go/keepclient"
27 "github.com/AdRoll/goamz/aws"
28 "github.com/AdRoll/goamz/s3"
29 aws_aws "github.com/aws/aws-sdk-go/aws"
30 aws_credentials "github.com/aws/aws-sdk-go/aws/credentials"
31 aws_session "github.com/aws/aws-sdk-go/aws/session"
32 aws_s3 "github.com/aws/aws-sdk-go/service/s3"
33 check "gopkg.in/check.v1"
38 ac *arvadosclient.ArvadosClient
39 kc *keepclient.KeepClient
42 coll arvados.Collection
46 func (s *IntegrationSuite) s3setup(c *check.C) s3stage {
47 var proj arvados.Group
48 var coll arvados.Collection
49 arv := arvados.NewClientFromEnv()
50 arv.AuthToken = arvadostest.ActiveToken
51 err := arv.RequestAndDecode(&proj, "POST", "arvados/v1/groups", nil, map[string]interface{}{
52 "group": map[string]interface{}{
53 "group_class": "project",
54 "name": "keep-web s3 test",
56 "ensure_unique_name": true,
58 c.Assert(err, check.IsNil)
59 err = arv.RequestAndDecode(&coll, "POST", "arvados/v1/collections", nil, map[string]interface{}{"collection": map[string]interface{}{
60 "owner_uuid": proj.UUID,
61 "name": "keep-web s3 test collection",
62 "manifest_text": ". d41d8cd98f00b204e9800998ecf8427e+0 0:0:emptyfile\n./emptydir d41d8cd98f00b204e9800998ecf8427e+0 0:0:.\n",
64 c.Assert(err, check.IsNil)
65 ac, err := arvadosclient.New(arv)
66 c.Assert(err, check.IsNil)
67 kc, err := keepclient.MakeKeepClient(ac)
68 c.Assert(err, check.IsNil)
69 fs, err := coll.FileSystem(arv, kc)
70 c.Assert(err, check.IsNil)
71 f, err := fs.OpenFile("sailboat.txt", os.O_CREATE|os.O_WRONLY, 0644)
72 c.Assert(err, check.IsNil)
73 _, err = f.Write([]byte("⛵\n"))
74 c.Assert(err, check.IsNil)
76 c.Assert(err, check.IsNil)
78 c.Assert(err, check.IsNil)
79 err = arv.RequestAndDecode(&coll, "GET", "arvados/v1/collections/"+coll.UUID, nil, nil)
80 c.Assert(err, check.IsNil)
82 auth := aws.NewAuth(arvadostest.ActiveTokenUUID, arvadostest.ActiveToken, "", time.Now().Add(time.Hour))
85 S3Endpoint: "http://" + s.testServer.Addr,
87 client := s3.New(*auth, region)
88 client.Signature = aws.V4Signature
94 projbucket: &s3.Bucket{
99 collbucket: &s3.Bucket{
106 func (stage s3stage) teardown(c *check.C) {
107 if stage.coll.UUID != "" {
108 err := stage.arv.RequestAndDecode(&stage.coll, "DELETE", "arvados/v1/collections/"+stage.coll.UUID, nil, nil)
109 c.Check(err, check.IsNil)
111 if stage.proj.UUID != "" {
112 err := stage.arv.RequestAndDecode(&stage.proj, "DELETE", "arvados/v1/groups/"+stage.proj.UUID, nil, nil)
113 c.Check(err, check.IsNil)
117 func (s *IntegrationSuite) TestS3Signatures(c *check.C) {
118 stage := s.s3setup(c)
119 defer stage.teardown(c)
121 bucket := stage.collbucket
122 for _, trial := range []struct {
128 {true, aws.V2Signature, arvadostest.ActiveToken, "none"},
129 {true, aws.V2Signature, url.QueryEscape(arvadostest.ActiveTokenV2), "none"},
130 {true, aws.V2Signature, strings.Replace(arvadostest.ActiveTokenV2, "/", "_", -1), "none"},
131 {false, aws.V2Signature, "none", "none"},
132 {false, aws.V2Signature, "none", arvadostest.ActiveToken},
134 {true, aws.V4Signature, arvadostest.ActiveTokenUUID, arvadostest.ActiveToken},
135 {true, aws.V4Signature, arvadostest.ActiveToken, arvadostest.ActiveToken},
136 {true, aws.V4Signature, url.QueryEscape(arvadostest.ActiveTokenV2), url.QueryEscape(arvadostest.ActiveTokenV2)},
137 {true, aws.V4Signature, strings.Replace(arvadostest.ActiveTokenV2, "/", "_", -1), strings.Replace(arvadostest.ActiveTokenV2, "/", "_", -1)},
138 {false, aws.V4Signature, arvadostest.ActiveToken, ""},
139 {false, aws.V4Signature, arvadostest.ActiveToken, "none"},
140 {false, aws.V4Signature, "none", arvadostest.ActiveToken},
141 {false, aws.V4Signature, "none", "none"},
144 bucket.S3.Auth = *(aws.NewAuth(trial.accesskey, trial.secretkey, "", time.Now().Add(time.Hour)))
145 bucket.S3.Signature = trial.signature
146 _, err := bucket.GetReader("emptyfile")
148 c.Check(err, check.IsNil)
150 c.Check(err, check.NotNil)
155 func (s *IntegrationSuite) TestS3HeadBucket(c *check.C) {
156 stage := s.s3setup(c)
157 defer stage.teardown(c)
159 for _, bucket := range []*s3.Bucket{stage.collbucket, stage.projbucket} {
160 c.Logf("bucket %s", bucket.Name)
161 exists, err := bucket.Exists("")
162 c.Check(err, check.IsNil)
163 c.Check(exists, check.Equals, true)
167 func (s *IntegrationSuite) TestS3CollectionGetObject(c *check.C) {
168 stage := s.s3setup(c)
169 defer stage.teardown(c)
170 s.testS3GetObject(c, stage.collbucket, "")
172 func (s *IntegrationSuite) TestS3ProjectGetObject(c *check.C) {
173 stage := s.s3setup(c)
174 defer stage.teardown(c)
175 s.testS3GetObject(c, stage.projbucket, stage.coll.Name+"/")
177 func (s *IntegrationSuite) testS3GetObject(c *check.C, bucket *s3.Bucket, prefix string) {
178 rdr, err := bucket.GetReader(prefix + "emptyfile")
179 c.Assert(err, check.IsNil)
180 buf, err := ioutil.ReadAll(rdr)
181 c.Check(err, check.IsNil)
182 c.Check(len(buf), check.Equals, 0)
184 c.Check(err, check.IsNil)
187 rdr, err = bucket.GetReader(prefix + "missingfile")
188 c.Check(err.(*s3.Error).StatusCode, check.Equals, 404)
189 c.Check(err.(*s3.Error).Code, check.Equals, `NoSuchKey`)
190 c.Check(err, check.ErrorMatches, `The specified key does not exist.`)
193 exists, err := bucket.Exists(prefix + "missingfile")
194 c.Check(err, check.IsNil)
195 c.Check(exists, check.Equals, false)
198 rdr, err = bucket.GetReader(prefix + "sailboat.txt")
199 c.Assert(err, check.IsNil)
200 buf, err = ioutil.ReadAll(rdr)
201 c.Check(err, check.IsNil)
202 c.Check(buf, check.DeepEquals, []byte("⛵\n"))
204 c.Check(err, check.IsNil)
207 resp, err := bucket.Head(prefix+"sailboat.txt", nil)
208 c.Check(err, check.IsNil)
209 c.Check(resp.StatusCode, check.Equals, http.StatusOK)
210 c.Check(resp.ContentLength, check.Equals, int64(4))
212 // HeadObject with superfluous leading slashes
213 exists, err = bucket.Exists(prefix + "//sailboat.txt")
214 c.Check(err, check.IsNil)
215 c.Check(exists, check.Equals, true)
218 func (s *IntegrationSuite) TestS3CollectionPutObjectSuccess(c *check.C) {
219 stage := s.s3setup(c)
220 defer stage.teardown(c)
221 s.testS3PutObjectSuccess(c, stage.collbucket, "")
223 func (s *IntegrationSuite) TestS3ProjectPutObjectSuccess(c *check.C) {
224 stage := s.s3setup(c)
225 defer stage.teardown(c)
226 s.testS3PutObjectSuccess(c, stage.projbucket, stage.coll.Name+"/")
228 func (s *IntegrationSuite) testS3PutObjectSuccess(c *check.C, bucket *s3.Bucket, prefix string) {
229 for _, trial := range []struct {
237 contentType: "application/octet-stream",
239 path: "newdir/newfile",
241 contentType: "application/octet-stream",
245 contentType: "application/octet-stream",
249 contentType: "application/octet-stream",
253 contentType: "application/x-directory",
255 path: "newdir1/newdir2/newfile",
257 contentType: "application/octet-stream",
259 path: "newdir1/newdir2/newdir3/",
261 contentType: "application/x-directory",
264 c.Logf("=== %v", trial)
266 objname := prefix + trial.path
268 _, err := bucket.GetReader(objname)
269 if !c.Check(err, check.NotNil) {
272 c.Check(err.(*s3.Error).StatusCode, check.Equals, 404)
273 c.Check(err.(*s3.Error).Code, check.Equals, `NoSuchKey`)
274 if !c.Check(err, check.ErrorMatches, `The specified key does not exist.`) {
278 buf := make([]byte, trial.size)
281 err = bucket.PutReader(objname, bytes.NewReader(buf), int64(len(buf)), trial.contentType, s3.Private, s3.Options{})
282 c.Check(err, check.IsNil)
284 rdr, err := bucket.GetReader(objname)
285 if strings.HasSuffix(trial.path, "/") && !s.testServer.Config.cluster.Collections.S3FolderObjects {
286 c.Check(err, check.NotNil)
288 } else if !c.Check(err, check.IsNil) {
291 buf2, err := ioutil.ReadAll(rdr)
292 c.Check(err, check.IsNil)
293 c.Check(buf2, check.HasLen, len(buf))
294 c.Check(bytes.Equal(buf, buf2), check.Equals, true)
298 func (s *IntegrationSuite) TestS3ProjectPutObjectNotSupported(c *check.C) {
299 stage := s.s3setup(c)
300 defer stage.teardown(c)
301 bucket := stage.projbucket
303 for _, trial := range []struct {
311 contentType: "application/octet-stream",
313 path: "newdir/newfile",
315 contentType: "application/octet-stream",
319 contentType: "application/x-directory",
322 c.Logf("=== %v", trial)
324 _, err := bucket.GetReader(trial.path)
325 c.Check(err.(*s3.Error).StatusCode, check.Equals, 404)
326 c.Check(err.(*s3.Error).Code, check.Equals, `NoSuchKey`)
327 c.Assert(err, check.ErrorMatches, `The specified key does not exist.`)
329 buf := make([]byte, trial.size)
332 err = bucket.PutReader(trial.path, bytes.NewReader(buf), int64(len(buf)), trial.contentType, s3.Private, s3.Options{})
333 c.Check(err.(*s3.Error).StatusCode, check.Equals, 400)
334 c.Check(err.(*s3.Error).Code, check.Equals, `InvalidArgument`)
335 c.Check(err, check.ErrorMatches, `(mkdir "/by_id/zzzzz-j7d0g-[a-z0-9]{15}/newdir2?"|open "/zzzzz-j7d0g-[a-z0-9]{15}/newfile") failed: invalid (argument|operation)`)
337 _, err = bucket.GetReader(trial.path)
338 c.Check(err.(*s3.Error).StatusCode, check.Equals, 404)
339 c.Check(err.(*s3.Error).Code, check.Equals, `NoSuchKey`)
340 c.Assert(err, check.ErrorMatches, `The specified key does not exist.`)
344 func (s *IntegrationSuite) TestS3CollectionDeleteObject(c *check.C) {
345 stage := s.s3setup(c)
346 defer stage.teardown(c)
347 s.testS3DeleteObject(c, stage.collbucket, "")
349 func (s *IntegrationSuite) TestS3ProjectDeleteObject(c *check.C) {
350 stage := s.s3setup(c)
351 defer stage.teardown(c)
352 s.testS3DeleteObject(c, stage.projbucket, stage.coll.Name+"/")
354 func (s *IntegrationSuite) testS3DeleteObject(c *check.C, bucket *s3.Bucket, prefix string) {
355 s.testServer.Config.cluster.Collections.S3FolderObjects = true
356 for _, trial := range []struct {
367 objname := prefix + trial.path
368 comment := check.Commentf("objname %q", objname)
370 err := bucket.Del(objname)
371 if trial.path == "/" {
372 c.Check(err, check.NotNil)
375 c.Check(err, check.IsNil, comment)
376 _, err = bucket.GetReader(objname)
377 c.Check(err, check.NotNil, comment)
381 func (s *IntegrationSuite) TestS3CollectionPutObjectFailure(c *check.C) {
382 stage := s.s3setup(c)
383 defer stage.teardown(c)
384 s.testS3PutObjectFailure(c, stage.collbucket, "")
386 func (s *IntegrationSuite) TestS3ProjectPutObjectFailure(c *check.C) {
387 stage := s.s3setup(c)
388 defer stage.teardown(c)
389 s.testS3PutObjectFailure(c, stage.projbucket, stage.coll.Name+"/")
391 func (s *IntegrationSuite) testS3PutObjectFailure(c *check.C, bucket *s3.Bucket, prefix string) {
392 s.testServer.Config.cluster.Collections.S3FolderObjects = false
394 var wg sync.WaitGroup
395 for _, trial := range []struct {
399 path: "emptyfile/newname", // emptyfile exists, see s3setup()
401 path: "emptyfile/", // emptyfile exists, see s3setup()
403 path: "emptydir", // dir already exists, see s3setup()
424 c.Logf("=== %v", trial)
426 objname := prefix + trial.path
428 buf := make([]byte, 1234)
431 err := bucket.PutReader(objname, bytes.NewReader(buf), int64(len(buf)), "application/octet-stream", s3.Private, s3.Options{})
432 if !c.Check(err, check.ErrorMatches, `(invalid object name.*|open ".*" failed.*|object name conflicts with existing object|Missing object name in PUT request.)`, check.Commentf("PUT %q should fail", objname)) {
436 if objname != "" && objname != "/" {
437 _, err = bucket.GetReader(objname)
438 c.Check(err.(*s3.Error).StatusCode, check.Equals, 404)
439 c.Check(err.(*s3.Error).Code, check.Equals, `NoSuchKey`)
440 c.Check(err, check.ErrorMatches, `The specified key does not exist.`, check.Commentf("GET %q should return 404", objname))
447 func (stage *s3stage) writeBigDirs(c *check.C, dirs int, filesPerDir int) {
448 fs, err := stage.coll.FileSystem(stage.arv, stage.kc)
449 c.Assert(err, check.IsNil)
450 for d := 0; d < dirs; d++ {
451 dir := fmt.Sprintf("dir%d", d)
452 c.Assert(fs.Mkdir(dir, 0755), check.IsNil)
453 for i := 0; i < filesPerDir; i++ {
454 f, err := fs.OpenFile(fmt.Sprintf("%s/file%d.txt", dir, i), os.O_CREATE|os.O_WRONLY, 0644)
455 c.Assert(err, check.IsNil)
456 c.Assert(f.Close(), check.IsNil)
459 c.Assert(fs.Sync(), check.IsNil)
462 func (s *IntegrationSuite) sign(c *check.C, req *http.Request, key, secret string) {
463 scope := "20200202/zzzzz/service/aws4_request"
464 signedHeaders := "date"
465 req.Header.Set("Date", time.Now().UTC().Format(time.RFC1123))
466 stringToSign, err := s3stringToSign(s3SignAlgorithm, scope, signedHeaders, req)
467 c.Assert(err, check.IsNil)
468 sig, err := s3signature(secret, scope, signedHeaders, stringToSign)
469 c.Assert(err, check.IsNil)
470 req.Header.Set("Authorization", s3SignAlgorithm+" Credential="+key+"/"+scope+", SignedHeaders="+signedHeaders+", Signature="+sig)
473 func (s *IntegrationSuite) TestS3VirtualHostStyleRequests(c *check.C) {
474 stage := s.s3setup(c)
475 defer stage.teardown(c)
476 for _, trial := range []struct {
481 responseRegexp []string
484 url: "https://" + stage.collbucket.Name + ".example.com/",
486 responseCode: http.StatusOK,
487 responseRegexp: []string{`(?ms).*sailboat\.txt.*`},
490 url: "https://" + strings.Replace(stage.coll.PortableDataHash, "+", "-", -1) + ".example.com/",
492 responseCode: http.StatusOK,
493 responseRegexp: []string{`(?ms).*sailboat\.txt.*`},
496 url: "https://" + stage.projbucket.Name + ".example.com/?prefix=" + stage.coll.Name + "/&delimiter=/",
498 responseCode: http.StatusOK,
499 responseRegexp: []string{`(?ms).*sailboat\.txt.*`},
502 url: "https://" + stage.projbucket.Name + ".example.com/" + stage.coll.Name + "/sailboat.txt",
504 responseCode: http.StatusOK,
505 responseRegexp: []string{`⛵\n`},
508 url: "https://" + stage.projbucket.Name + ".example.com/" + stage.coll.Name + "/beep",
511 responseCode: http.StatusOK,
514 url: "https://" + stage.projbucket.Name + ".example.com/" + stage.coll.Name + "/beep",
516 responseCode: http.StatusOK,
517 responseRegexp: []string{`boop`},
520 url: "https://" + stage.projbucket.Name + ".example.com/" + stage.coll.Name + "//boop",
522 responseCode: http.StatusNotFound,
525 url: "https://" + stage.projbucket.Name + ".example.com/" + stage.coll.Name + "//boop",
528 responseCode: http.StatusOK,
531 url: "https://" + stage.projbucket.Name + ".example.com/" + stage.coll.Name + "//boop",
533 responseCode: http.StatusOK,
534 responseRegexp: []string{`boop`},
537 url, err := url.Parse(trial.url)
538 c.Assert(err, check.IsNil)
539 req, err := http.NewRequest(trial.method, url.String(), bytes.NewReader([]byte(trial.body)))
540 c.Assert(err, check.IsNil)
541 s.sign(c, req, arvadostest.ActiveTokenUUID, arvadostest.ActiveToken)
542 rr := httptest.NewRecorder()
543 s.testServer.Server.Handler.ServeHTTP(rr, req)
545 c.Check(resp.StatusCode, check.Equals, trial.responseCode)
546 body, err := ioutil.ReadAll(resp.Body)
547 c.Assert(err, check.IsNil)
548 for _, re := range trial.responseRegexp {
549 c.Check(string(body), check.Matches, re)
554 func (s *IntegrationSuite) TestS3NormalizeURIForSignature(c *check.C) {
555 stage := s.s3setup(c)
556 defer stage.teardown(c)
557 for _, trial := range []struct {
559 normalizedPath string
561 {"/foo", "/foo"}, // boring case
562 {"/foo%5fbar", "/foo_bar"}, // _ must not be escaped
563 {"/foo%2fbar", "/foo/bar"}, // / must not be escaped
564 {"/(foo)/[];,", "/%28foo%29/%5B%5D%3B%2C"}, // ()[];, must be escaped
565 {"/foo%5bbar", "/foo%5Bbar"}, // %XX must be uppercase
566 {"//foo///.bar", "/foo/.bar"}, // "//" and "///" must be squashed to "/"
568 c.Logf("trial %q", trial)
570 date := time.Now().UTC().Format("20060102T150405Z")
571 scope := "20200202/zzzzz/S3/aws4_request"
572 canonicalRequest := fmt.Sprintf("%s\n%s\n%s\n%s\n%s\n%s", "GET", trial.normalizedPath, "", "host:host.example.com\n", "host", "")
573 c.Logf("canonicalRequest %q", canonicalRequest)
574 expect := fmt.Sprintf("%s\n%s\n%s\n%s", s3SignAlgorithm, date, scope, hashdigest(sha256.New(), canonicalRequest))
575 c.Logf("expected stringToSign %q", expect)
577 req, err := http.NewRequest("GET", "https://host.example.com"+trial.rawPath, nil)
578 req.Header.Set("X-Amz-Date", date)
579 req.Host = "host.example.com"
580 c.Assert(err, check.IsNil)
582 obtained, err := s3stringToSign(s3SignAlgorithm, scope, "host", req)
583 if !c.Check(err, check.IsNil) {
586 c.Check(obtained, check.Equals, expect)
590 func (s *IntegrationSuite) TestS3GetBucketLocation(c *check.C) {
591 stage := s.s3setup(c)
592 defer stage.teardown(c)
593 for _, bucket := range []*s3.Bucket{stage.collbucket, stage.projbucket} {
594 req, err := http.NewRequest("GET", bucket.URL("/"), nil)
595 c.Check(err, check.IsNil)
596 req.Header.Set("Authorization", "AWS "+arvadostest.ActiveTokenV2+":none")
597 req.URL.RawQuery = "location"
598 resp, err := http.DefaultClient.Do(req)
599 c.Assert(err, check.IsNil)
600 c.Check(resp.Header.Get("Content-Type"), check.Equals, "application/xml")
601 buf, err := ioutil.ReadAll(resp.Body)
602 c.Assert(err, check.IsNil)
603 c.Check(string(buf), check.Equals, "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<LocationConstraint><LocationConstraint xmlns=\"http://s3.amazonaws.com/doc/2006-03-01/\">zzzzz</LocationConstraint></LocationConstraint>\n")
607 func (s *IntegrationSuite) TestS3GetBucketVersioning(c *check.C) {
608 stage := s.s3setup(c)
609 defer stage.teardown(c)
610 for _, bucket := range []*s3.Bucket{stage.collbucket, stage.projbucket} {
611 req, err := http.NewRequest("GET", bucket.URL("/"), nil)
612 c.Check(err, check.IsNil)
613 req.Header.Set("Authorization", "AWS "+arvadostest.ActiveTokenV2+":none")
614 req.URL.RawQuery = "versioning"
615 resp, err := http.DefaultClient.Do(req)
616 c.Assert(err, check.IsNil)
617 c.Check(resp.Header.Get("Content-Type"), check.Equals, "application/xml")
618 buf, err := ioutil.ReadAll(resp.Body)
619 c.Assert(err, check.IsNil)
620 c.Check(string(buf), check.Equals, "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<VersioningConfiguration xmlns=\"http://s3.amazonaws.com/doc/2006-03-01/\"/>\n")
624 func (s *IntegrationSuite) TestS3UnsupportedAPIs(c *check.C) {
625 stage := s.s3setup(c)
626 defer stage.teardown(c)
627 for _, trial := range []struct {
632 {"GET", "/", "acl&versionId=1234"}, // GetBucketAcl
633 {"GET", "/foo", "acl&versionId=1234"}, // GetObjectAcl
634 {"PUT", "/", "acl"}, // PutBucketAcl
635 {"PUT", "/foo", "acl"}, // PutObjectAcl
636 {"DELETE", "/", "tagging"}, // DeleteBucketTagging
637 {"DELETE", "/foo", "tagging"}, // DeleteObjectTagging
639 for _, bucket := range []*s3.Bucket{stage.collbucket, stage.projbucket} {
640 c.Logf("trial %v bucket %v", trial, bucket)
641 req, err := http.NewRequest(trial.method, bucket.URL(trial.path), nil)
642 c.Check(err, check.IsNil)
643 req.Header.Set("Authorization", "AWS "+arvadostest.ActiveTokenV2+":none")
644 req.URL.RawQuery = trial.rawquery
645 resp, err := http.DefaultClient.Do(req)
646 c.Assert(err, check.IsNil)
647 c.Check(resp.Header.Get("Content-Type"), check.Equals, "application/xml")
648 buf, err := ioutil.ReadAll(resp.Body)
649 c.Assert(err, check.IsNil)
650 c.Check(string(buf), check.Matches, "(?ms).*InvalidRequest.*API not supported.*")
655 // If there are no CommonPrefixes entries, the CommonPrefixes XML tag
656 // should not appear at all.
657 func (s *IntegrationSuite) TestS3ListNoCommonPrefixes(c *check.C) {
658 stage := s.s3setup(c)
659 defer stage.teardown(c)
661 req, err := http.NewRequest("GET", stage.collbucket.URL("/"), nil)
662 c.Assert(err, check.IsNil)
663 req.Header.Set("Authorization", "AWS "+arvadostest.ActiveTokenV2+":none")
664 req.URL.RawQuery = "prefix=asdfasdfasdf&delimiter=/"
665 resp, err := http.DefaultClient.Do(req)
666 c.Assert(err, check.IsNil)
667 buf, err := ioutil.ReadAll(resp.Body)
668 c.Assert(err, check.IsNil)
669 c.Check(string(buf), check.Not(check.Matches), `(?ms).*CommonPrefixes.*`)
672 // If there is no delimiter in the request, or the results are not
673 // truncated, the NextMarker XML tag should not appear in the response
675 func (s *IntegrationSuite) TestS3ListNoNextMarker(c *check.C) {
676 stage := s.s3setup(c)
677 defer stage.teardown(c)
679 for _, query := range []string{"prefix=e&delimiter=/", ""} {
680 req, err := http.NewRequest("GET", stage.collbucket.URL("/"), nil)
681 c.Assert(err, check.IsNil)
682 req.Header.Set("Authorization", "AWS "+arvadostest.ActiveTokenV2+":none")
683 req.URL.RawQuery = query
684 resp, err := http.DefaultClient.Do(req)
685 c.Assert(err, check.IsNil)
686 buf, err := ioutil.ReadAll(resp.Body)
687 c.Assert(err, check.IsNil)
688 c.Check(string(buf), check.Not(check.Matches), `(?ms).*NextMarker.*`)
692 // List response should include KeyCount field.
693 func (s *IntegrationSuite) TestS3ListKeyCount(c *check.C) {
694 stage := s.s3setup(c)
695 defer stage.teardown(c)
697 req, err := http.NewRequest("GET", stage.collbucket.URL("/"), nil)
698 c.Assert(err, check.IsNil)
699 req.Header.Set("Authorization", "AWS "+arvadostest.ActiveTokenV2+":none")
700 req.URL.RawQuery = "prefix=&delimiter=/"
701 resp, err := http.DefaultClient.Do(req)
702 c.Assert(err, check.IsNil)
703 buf, err := ioutil.ReadAll(resp.Body)
704 c.Assert(err, check.IsNil)
705 c.Check(string(buf), check.Matches, `(?ms).*<KeyCount>2</KeyCount>.*`)
708 func (s *IntegrationSuite) TestS3CollectionList(c *check.C) {
709 stage := s.s3setup(c)
710 defer stage.teardown(c)
713 for markers, s.testServer.Config.cluster.Collections.S3FolderObjects = range []bool{false, true} {
716 stage.writeBigDirs(c, dirs, filesPerDir)
717 // Total # objects is:
718 // 2 file entries from s3setup (emptyfile and sailboat.txt)
719 // +1 fake "directory" marker from s3setup (emptydir) (if enabled)
720 // +dirs fake "directory" marker from writeBigDirs (dir0/, dir1/) (if enabled)
721 // +filesPerDir*dirs file entries from writeBigDirs (dir0/file0.txt, etc.)
722 s.testS3List(c, stage.collbucket, "", 4000, markers+2+(filesPerDir+markers)*dirs)
723 s.testS3List(c, stage.collbucket, "", 131, markers+2+(filesPerDir+markers)*dirs)
724 s.testS3List(c, stage.collbucket, "dir0/", 71, filesPerDir+markers)
727 func (s *IntegrationSuite) testS3List(c *check.C, bucket *s3.Bucket, prefix string, pageSize, expectFiles int) {
728 c.Logf("testS3List: prefix=%q pageSize=%d S3FolderObjects=%v", prefix, pageSize, s.testServer.Config.cluster.Collections.S3FolderObjects)
729 expectPageSize := pageSize
730 if expectPageSize > 1000 {
731 expectPageSize = 1000
733 gotKeys := map[string]s3.Key{}
737 resp, err := bucket.List(prefix, "", nextMarker, pageSize)
738 if !c.Check(err, check.IsNil) {
741 c.Check(len(resp.Contents) <= expectPageSize, check.Equals, true)
742 if pages++; !c.Check(pages <= (expectFiles/expectPageSize)+1, check.Equals, true) {
745 for _, key := range resp.Contents {
746 gotKeys[key.Key] = key
747 if strings.Contains(key.Key, "sailboat.txt") {
748 c.Check(key.Size, check.Equals, int64(4))
751 if !resp.IsTruncated {
752 c.Check(resp.NextMarker, check.Equals, "")
755 if !c.Check(resp.NextMarker, check.Not(check.Equals), "") {
758 nextMarker = resp.NextMarker
760 c.Check(len(gotKeys), check.Equals, expectFiles)
763 func (s *IntegrationSuite) TestS3CollectionListRollup(c *check.C) {
764 for _, s.testServer.Config.cluster.Collections.S3FolderObjects = range []bool{false, true} {
765 s.testS3CollectionListRollup(c)
769 func (s *IntegrationSuite) testS3CollectionListRollup(c *check.C) {
770 stage := s.s3setup(c)
771 defer stage.teardown(c)
775 stage.writeBigDirs(c, dirs, filesPerDir)
776 err := stage.collbucket.PutReader("dingbats", &bytes.Buffer{}, 0, "application/octet-stream", s3.Private, s3.Options{})
777 c.Assert(err, check.IsNil)
778 var allfiles []string
779 for marker := ""; ; {
780 resp, err := stage.collbucket.List("", "", marker, 20000)
781 c.Check(err, check.IsNil)
782 for _, key := range resp.Contents {
783 if len(allfiles) == 0 || allfiles[len(allfiles)-1] != key.Key {
784 allfiles = append(allfiles, key.Key)
787 marker = resp.NextMarker
793 if s.testServer.Config.cluster.Collections.S3FolderObjects {
796 c.Check(allfiles, check.HasLen, dirs*(filesPerDir+markers)+3+markers)
798 gotDirMarker := map[string]bool{}
799 for _, name := range allfiles {
800 isDirMarker := strings.HasSuffix(name, "/")
802 c.Check(isDirMarker, check.Equals, false, check.Commentf("name %q", name))
803 } else if isDirMarker {
804 gotDirMarker[name] = true
805 } else if i := strings.LastIndex(name, "/"); i >= 0 {
806 c.Check(gotDirMarker[name[:i+1]], check.Equals, true, check.Commentf("name %q", name))
807 gotDirMarker[name[:i+1]] = true // skip redundant complaints about this dir marker
811 for _, trial := range []struct {
826 {"dir0", "/", "dir0/file14.txt"}, // no commonprefixes
827 {"", "", "dir0/file14.txt"}, // middle page, skip walking dir1
828 {"", "", "dir1/file14.txt"}, // middle page, skip walking dir0
829 {"", "", "dir1/file498.txt"}, // last page of results
830 {"dir1/file", "", "dir1/file498.txt"}, // last page of results, with prefix
831 {"dir1/file", "/", "dir1/file498.txt"}, // last page of results, with prefix + delimiter
832 {"dir1", "Z", "dir1/file498.txt"}, // delimiter "Z" never appears
833 {"dir2", "/", ""}, // prefix "dir2" does not exist
836 c.Logf("\n\n=== trial %+v markers=%d", trial, markers)
839 resp, err := stage.collbucket.List(trial.prefix, trial.delimiter, trial.marker, maxKeys)
840 c.Check(err, check.IsNil)
841 if resp.IsTruncated && trial.delimiter == "" {
842 // goamz List method fills in the missing
843 // NextMarker field if resp.IsTruncated, so
844 // now we can't really tell whether it was
845 // sent by the server or by goamz. In cases
846 // where it should be empty but isn't, assume
847 // it's goamz's fault.
851 var expectKeys []string
852 var expectPrefixes []string
853 var expectNextMarker string
854 var expectTruncated bool
855 for _, key := range allfiles {
856 full := len(expectKeys)+len(expectPrefixes) >= maxKeys
857 if !strings.HasPrefix(key, trial.prefix) || key < trial.marker {
859 } else if idx := strings.Index(key[len(trial.prefix):], trial.delimiter); trial.delimiter != "" && idx >= 0 {
860 prefix := key[:len(trial.prefix)+idx+1]
861 if len(expectPrefixes) > 0 && expectPrefixes[len(expectPrefixes)-1] == prefix {
862 // same prefix as previous key
864 expectNextMarker = key
865 expectTruncated = true
867 expectPrefixes = append(expectPrefixes, prefix)
870 if trial.delimiter != "" {
871 expectNextMarker = key
873 expectTruncated = true
876 expectKeys = append(expectKeys, key)
881 for _, key := range resp.Contents {
882 gotKeys = append(gotKeys, key.Key)
884 var gotPrefixes []string
885 for _, prefix := range resp.CommonPrefixes {
886 gotPrefixes = append(gotPrefixes, prefix)
888 commentf := check.Commentf("trial %+v markers=%d", trial, markers)
889 c.Check(gotKeys, check.DeepEquals, expectKeys, commentf)
890 c.Check(gotPrefixes, check.DeepEquals, expectPrefixes, commentf)
891 c.Check(resp.NextMarker, check.Equals, expectNextMarker, commentf)
892 c.Check(resp.IsTruncated, check.Equals, expectTruncated, commentf)
893 c.Logf("=== trial %+v keys %q prefixes %q nextMarker %q", trial, gotKeys, gotPrefixes, resp.NextMarker)
897 func (s *IntegrationSuite) TestS3ListObjectsV2(c *check.C) {
898 stage := s.s3setup(c)
899 defer stage.teardown(c)
902 stage.writeBigDirs(c, dirs, filesPerDir)
904 sess := aws_session.Must(aws_session.NewSession(&aws_aws.Config{
905 Region: aws_aws.String("auto"),
906 Endpoint: aws_aws.String("http://" + s.testServer.Addr),
907 Credentials: aws_credentials.NewStaticCredentials(url.QueryEscape(arvadostest.ActiveTokenV2), url.QueryEscape(arvadostest.ActiveTokenV2), ""),
908 S3ForcePathStyle: aws_aws.Bool(true),
911 stringOrNil := func(s string) *string {
919 client := aws_s3.New(sess)
920 ctx := context.Background()
922 for _, trial := range []struct {
928 expectCommonPrefixes map[string]bool
931 // Expect {filesPerDir plus the dir itself}
932 // for each dir, plus emptydir, emptyfile, and
934 expectKeys: (filesPerDir+1)*dirs + 3,
938 expectKeys: (filesPerDir+1)*dirs + 3,
941 startAfter: "dir0/z",
943 // Expect {filesPerDir plus the dir itself}
944 // for each dir except dir0, plus emptydir,
945 // emptyfile, and sailboat.txt.
946 expectKeys: (filesPerDir+1)*(dirs-1) + 3,
951 expectKeys: 2, // emptyfile, sailboat.txt
952 expectCommonPrefixes: map[string]bool{"dir0/": true, "dir1/": true, "emptydir/": true},
955 startAfter: "dir0/z",
958 expectKeys: 2, // emptyfile, sailboat.txt
959 expectCommonPrefixes: map[string]bool{"dir1/": true, "emptydir/": true},
962 startAfter: "dir0/file10.txt",
966 expectCommonPrefixes: map[string]bool{"dir0/": true, "dir1/": true, "emptydir/": true},
969 startAfter: "dir0/file10.txt",
974 expectCommonPrefixes: map[string]bool{"dir0/": true, "dir1/": true},
977 c.Logf("[trial %+v]", trial)
978 params := aws_s3.ListObjectsV2Input{
979 Bucket: aws_aws.String(stage.collbucket.Name),
980 Prefix: stringOrNil(trial.prefix),
981 Delimiter: stringOrNil(trial.delimiter),
982 StartAfter: stringOrNil(trial.startAfter),
983 MaxKeys: aws_aws.Int64(int64(trial.maxKeys)),
985 keySeen := map[string]bool{}
986 prefixSeen := map[string]bool{}
988 result, err := client.ListObjectsV2WithContext(ctx, ¶ms)
989 if !c.Check(err, check.IsNil) {
992 c.Check(result.Name, check.DeepEquals, aws_aws.String(stage.collbucket.Name))
993 c.Check(result.Prefix, check.DeepEquals, aws_aws.String(trial.prefix))
994 c.Check(result.Delimiter, check.DeepEquals, aws_aws.String(trial.delimiter))
995 // The following two fields are expected to be
996 // nil (i.e., no tag in XML response) rather
997 // than "" when the corresponding request
998 // field was empty or nil.
999 c.Check(result.StartAfter, check.DeepEquals, stringOrNil(trial.startAfter))
1000 c.Check(result.ContinuationToken, check.DeepEquals, params.ContinuationToken)
1002 if trial.maxKeys > 0 {
1003 c.Check(result.MaxKeys, check.DeepEquals, aws_aws.Int64(int64(trial.maxKeys)))
1004 c.Check(len(result.Contents)+len(result.CommonPrefixes) <= trial.maxKeys, check.Equals, true)
1006 c.Check(result.MaxKeys, check.DeepEquals, aws_aws.Int64(int64(s3MaxKeys)))
1009 for _, ent := range result.Contents {
1010 c.Assert(ent.Key, check.NotNil)
1011 c.Check(*ent.Key > trial.startAfter, check.Equals, true)
1012 c.Check(keySeen[*ent.Key], check.Equals, false, check.Commentf("dup key %q", *ent.Key))
1013 keySeen[*ent.Key] = true
1015 for _, ent := range result.CommonPrefixes {
1016 c.Assert(ent.Prefix, check.NotNil)
1017 c.Check(strings.HasSuffix(*ent.Prefix, trial.delimiter), check.Equals, true, check.Commentf("bad CommonPrefix %q", *ent.Prefix))
1018 if strings.HasPrefix(trial.startAfter, *ent.Prefix) {
1020 // startAfter=dir0/file10.txt,
1021 // we expect dir0/ to be
1022 // returned as a common prefix
1024 c.Check(*ent.Prefix > trial.startAfter, check.Equals, true)
1026 c.Check(prefixSeen[*ent.Prefix], check.Equals, false, check.Commentf("dup common prefix %q", *ent.Prefix))
1027 prefixSeen[*ent.Prefix] = true
1029 if *result.IsTruncated && c.Check(result.NextContinuationToken, check.Not(check.Equals), "") {
1030 params.ContinuationToken = aws_aws.String(*result.NextContinuationToken)
1035 c.Check(keySeen, check.HasLen, trial.expectKeys)
1036 c.Check(prefixSeen, check.HasLen, len(trial.expectCommonPrefixes))
1037 if len(trial.expectCommonPrefixes) > 0 {
1038 c.Check(prefixSeen, check.DeepEquals, trial.expectCommonPrefixes)
1043 func (s *IntegrationSuite) TestS3ListObjectsV2EncodingTypeURL(c *check.C) {
1044 stage := s.s3setup(c)
1045 defer stage.teardown(c)
1048 stage.writeBigDirs(c, dirs, filesPerDir)
1050 sess := aws_session.Must(aws_session.NewSession(&aws_aws.Config{
1051 Region: aws_aws.String("auto"),
1052 Endpoint: aws_aws.String("http://" + s.testServer.Addr),
1053 Credentials: aws_credentials.NewStaticCredentials(url.QueryEscape(arvadostest.ActiveTokenV2), url.QueryEscape(arvadostest.ActiveTokenV2), ""),
1054 S3ForcePathStyle: aws_aws.Bool(true),
1057 client := aws_s3.New(sess)
1058 ctx := context.Background()
1060 result, err := client.ListObjectsV2WithContext(ctx, &aws_s3.ListObjectsV2Input{
1061 Bucket: aws_aws.String(stage.collbucket.Name),
1062 Prefix: aws_aws.String("dir0/"),
1063 Delimiter: aws_aws.String("/"),
1064 StartAfter: aws_aws.String("dir0/"),
1065 EncodingType: aws_aws.String("url"),
1067 c.Assert(err, check.IsNil)
1068 c.Check(*result.Prefix, check.Equals, "dir0%2F")
1069 c.Check(*result.Delimiter, check.Equals, "%2F")
1070 c.Check(*result.StartAfter, check.Equals, "dir0%2F")
1071 for _, ent := range result.Contents {
1072 c.Check(*ent.Key, check.Matches, "dir0%2F.*")
1074 result, err = client.ListObjectsV2WithContext(ctx, &aws_s3.ListObjectsV2Input{
1075 Bucket: aws_aws.String(stage.collbucket.Name),
1076 Delimiter: aws_aws.String("/"),
1077 EncodingType: aws_aws.String("url"),
1079 c.Assert(err, check.IsNil)
1080 c.Check(*result.Delimiter, check.Equals, "%2F")
1081 c.Check(result.CommonPrefixes, check.HasLen, dirs+1)
1082 for _, ent := range result.CommonPrefixes {
1083 c.Check(*ent.Prefix, check.Matches, ".*%2F")
1087 // TestS3cmd checks compatibility with the s3cmd command line tool, if
1088 // it's installed. As of Debian buster, s3cmd is only in backports, so
1089 // `arvados-server install` don't install it, and this test skips if
1090 // it's not installed.
1091 func (s *IntegrationSuite) TestS3cmd(c *check.C) {
1092 if _, err := exec.LookPath("s3cmd"); err != nil {
1093 c.Skip("s3cmd not found")
1097 stage := s.s3setup(c)
1098 defer stage.teardown(c)
1100 cmd := exec.Command("s3cmd", "--no-ssl", "--host="+s.testServer.Addr, "--host-bucket="+s.testServer.Addr, "--access_key="+arvadostest.ActiveTokenUUID, "--secret_key="+arvadostest.ActiveToken, "ls", "s3://"+arvadostest.FooCollection)
1101 buf, err := cmd.CombinedOutput()
1102 c.Check(err, check.IsNil)
1103 c.Check(string(buf), check.Matches, `.* 3 +s3://`+arvadostest.FooCollection+`/foo\n`)
1105 // This tests whether s3cmd's path normalization agrees with
1106 // keep-web's signature verification wrt chars like "|"
1107 // (neither reserved nor unreserved) and "," (not normally
1108 // percent-encoded in a path).
1109 cmd = exec.Command("s3cmd", "--no-ssl", "--host="+s.testServer.Addr, "--host-bucket="+s.testServer.Addr, "--access_key="+arvadostest.ActiveTokenUUID, "--secret_key="+arvadostest.ActiveToken, "get", "s3://"+arvadostest.FooCollection+"/foo,;$[|]bar")
1110 buf, err = cmd.CombinedOutput()
1111 c.Check(err, check.NotNil)
1112 c.Check(string(buf), check.Matches, `(?ms).*NoSuchKey.*\n`)
1115 func (s *IntegrationSuite) TestS3BucketInHost(c *check.C) {
1116 stage := s.s3setup(c)
1117 defer stage.teardown(c)
1119 hdr, body, _ := s.runCurl(c, "AWS "+arvadostest.ActiveTokenV2+":none", stage.coll.UUID+".collections.example.com", "/sailboat.txt")
1120 c.Check(hdr, check.Matches, `(?s)HTTP/1.1 200 OK\r\n.*`)
1121 c.Check(body, check.Equals, "⛵\n")