1 // Copyright (C) The Arvados Authors. All rights reserved.
3 // SPDX-License-Identifier: AGPL-3.0
19 "git.arvados.org/arvados.git/sdk/go/arvados"
20 "git.arvados.org/arvados.git/sdk/go/arvadosclient"
21 "git.arvados.org/arvados.git/sdk/go/arvadostest"
22 "git.arvados.org/arvados.git/sdk/go/keepclient"
23 "github.com/AdRoll/goamz/aws"
24 "github.com/AdRoll/goamz/s3"
25 check "gopkg.in/check.v1"
30 ac *arvadosclient.ArvadosClient
31 kc *keepclient.KeepClient
34 coll arvados.Collection
38 func (s *IntegrationSuite) s3setup(c *check.C) s3stage {
39 var proj arvados.Group
40 var coll arvados.Collection
41 arv := arvados.NewClientFromEnv()
42 arv.AuthToken = arvadostest.ActiveToken
43 err := arv.RequestAndDecode(&proj, "POST", "arvados/v1/groups", nil, map[string]interface{}{
44 "group": map[string]interface{}{
45 "group_class": "project",
46 "name": "keep-web s3 test",
48 "ensure_unique_name": true,
50 c.Assert(err, check.IsNil)
51 err = arv.RequestAndDecode(&coll, "POST", "arvados/v1/collections", nil, map[string]interface{}{"collection": map[string]interface{}{
52 "owner_uuid": proj.UUID,
53 "name": "keep-web s3 test collection",
54 "manifest_text": ". d41d8cd98f00b204e9800998ecf8427e+0 0:0:emptyfile\n./emptydir d41d8cd98f00b204e9800998ecf8427e+0 0:0:.\n",
56 c.Assert(err, check.IsNil)
57 ac, err := arvadosclient.New(arv)
58 c.Assert(err, check.IsNil)
59 kc, err := keepclient.MakeKeepClient(ac)
60 c.Assert(err, check.IsNil)
61 fs, err := coll.FileSystem(arv, kc)
62 c.Assert(err, check.IsNil)
63 f, err := fs.OpenFile("sailboat.txt", os.O_CREATE|os.O_WRONLY, 0644)
64 c.Assert(err, check.IsNil)
65 _, err = f.Write([]byte("⛵\n"))
66 c.Assert(err, check.IsNil)
68 c.Assert(err, check.IsNil)
70 c.Assert(err, check.IsNil)
71 err = arv.RequestAndDecode(&coll, "GET", "arvados/v1/collections/"+coll.UUID, nil, nil)
72 c.Assert(err, check.IsNil)
74 auth := aws.NewAuth(arvadostest.ActiveTokenUUID, arvadostest.ActiveToken, "", time.Now().Add(time.Hour))
76 Name: s.testServer.Addr,
77 S3Endpoint: "http://" + s.testServer.Addr,
79 client := s3.New(*auth, region)
80 client.Signature = aws.V4Signature
86 projbucket: &s3.Bucket{
91 collbucket: &s3.Bucket{
98 func (stage s3stage) teardown(c *check.C) {
99 if stage.coll.UUID != "" {
100 err := stage.arv.RequestAndDecode(&stage.coll, "DELETE", "arvados/v1/collections/"+stage.coll.UUID, nil, nil)
101 c.Check(err, check.IsNil)
103 if stage.proj.UUID != "" {
104 err := stage.arv.RequestAndDecode(&stage.proj, "DELETE", "arvados/v1/groups/"+stage.proj.UUID, nil, nil)
105 c.Check(err, check.IsNil)
109 func (s *IntegrationSuite) TestS3Signatures(c *check.C) {
110 stage := s.s3setup(c)
111 defer stage.teardown(c)
113 bucket := stage.collbucket
114 for _, trial := range []struct {
120 {true, aws.V2Signature, arvadostest.ActiveToken, "none"},
121 {false, aws.V2Signature, "none", "none"},
122 {false, aws.V2Signature, "none", arvadostest.ActiveToken},
124 {true, aws.V4Signature, arvadostest.ActiveTokenUUID, arvadostest.ActiveToken},
125 {true, aws.V4Signature, arvadostest.ActiveToken, arvadostest.ActiveToken},
126 {false, aws.V4Signature, arvadostest.ActiveToken, ""},
127 {false, aws.V4Signature, arvadostest.ActiveToken, "none"},
128 {false, aws.V4Signature, "none", arvadostest.ActiveToken},
129 {false, aws.V4Signature, "none", "none"},
132 bucket.S3.Auth = *(aws.NewAuth(trial.accesskey, trial.secretkey, "", time.Now().Add(time.Hour)))
133 bucket.S3.Signature = trial.signature
134 _, err := bucket.GetReader("emptyfile")
136 c.Check(err, check.IsNil)
138 c.Check(err, check.NotNil)
143 func (s *IntegrationSuite) TestS3HeadBucket(c *check.C) {
144 stage := s.s3setup(c)
145 defer stage.teardown(c)
147 for _, bucket := range []*s3.Bucket{stage.collbucket, stage.projbucket} {
148 c.Logf("bucket %s", bucket.Name)
149 exists, err := bucket.Exists("")
150 c.Check(err, check.IsNil)
151 c.Check(exists, check.Equals, true)
155 func (s *IntegrationSuite) TestS3CollectionGetObject(c *check.C) {
156 stage := s.s3setup(c)
157 defer stage.teardown(c)
158 s.testS3GetObject(c, stage.collbucket, "")
160 func (s *IntegrationSuite) TestS3ProjectGetObject(c *check.C) {
161 stage := s.s3setup(c)
162 defer stage.teardown(c)
163 s.testS3GetObject(c, stage.projbucket, stage.coll.Name+"/")
165 func (s *IntegrationSuite) testS3GetObject(c *check.C, bucket *s3.Bucket, prefix string) {
166 rdr, err := bucket.GetReader(prefix + "emptyfile")
167 c.Assert(err, check.IsNil)
168 buf, err := ioutil.ReadAll(rdr)
169 c.Check(err, check.IsNil)
170 c.Check(len(buf), check.Equals, 0)
172 c.Check(err, check.IsNil)
175 rdr, err = bucket.GetReader(prefix + "missingfile")
176 c.Check(err, check.ErrorMatches, `404 Not Found`)
179 exists, err := bucket.Exists(prefix + "missingfile")
180 c.Check(err, check.IsNil)
181 c.Check(exists, check.Equals, false)
184 rdr, err = bucket.GetReader(prefix + "sailboat.txt")
185 c.Assert(err, check.IsNil)
186 buf, err = ioutil.ReadAll(rdr)
187 c.Check(err, check.IsNil)
188 c.Check(buf, check.DeepEquals, []byte("⛵\n"))
190 c.Check(err, check.IsNil)
193 resp, err := bucket.Head(prefix+"sailboat.txt", nil)
194 c.Check(err, check.IsNil)
195 c.Check(resp.StatusCode, check.Equals, http.StatusOK)
196 c.Check(resp.ContentLength, check.Equals, int64(4))
199 func (s *IntegrationSuite) TestS3CollectionPutObjectSuccess(c *check.C) {
200 stage := s.s3setup(c)
201 defer stage.teardown(c)
202 s.testS3PutObjectSuccess(c, stage.collbucket, "")
204 func (s *IntegrationSuite) TestS3ProjectPutObjectSuccess(c *check.C) {
205 stage := s.s3setup(c)
206 defer stage.teardown(c)
207 s.testS3PutObjectSuccess(c, stage.projbucket, stage.coll.Name+"/")
209 func (s *IntegrationSuite) testS3PutObjectSuccess(c *check.C, bucket *s3.Bucket, prefix string) {
210 for _, trial := range []struct {
218 contentType: "application/octet-stream",
220 path: "newdir/newfile",
222 contentType: "application/octet-stream",
224 path: "newdir1/newdir2/newfile",
226 contentType: "application/octet-stream",
228 path: "newdir1/newdir2/newdir3/",
230 contentType: "application/x-directory",
233 c.Logf("=== %v", trial)
235 objname := prefix + trial.path
237 _, err := bucket.GetReader(objname)
238 c.Assert(err, check.ErrorMatches, `404 Not Found`)
240 buf := make([]byte, trial.size)
243 err = bucket.PutReader(objname, bytes.NewReader(buf), int64(len(buf)), trial.contentType, s3.Private, s3.Options{})
244 c.Check(err, check.IsNil)
246 rdr, err := bucket.GetReader(objname)
247 if strings.HasSuffix(trial.path, "/") && !s.testServer.Config.cluster.Collections.S3FolderObjects {
248 c.Check(err, check.NotNil)
250 } else if !c.Check(err, check.IsNil) {
253 buf2, err := ioutil.ReadAll(rdr)
254 c.Check(err, check.IsNil)
255 c.Check(buf2, check.HasLen, len(buf))
256 c.Check(bytes.Equal(buf, buf2), check.Equals, true)
260 func (s *IntegrationSuite) TestS3ProjectPutObjectNotSupported(c *check.C) {
261 stage := s.s3setup(c)
262 defer stage.teardown(c)
263 bucket := stage.projbucket
265 for _, trial := range []struct {
273 contentType: "application/octet-stream",
275 path: "newdir/newfile",
277 contentType: "application/octet-stream",
281 contentType: "application/x-directory",
284 c.Logf("=== %v", trial)
286 _, err := bucket.GetReader(trial.path)
287 c.Assert(err, check.ErrorMatches, `404 Not Found`)
289 buf := make([]byte, trial.size)
292 err = bucket.PutReader(trial.path, bytes.NewReader(buf), int64(len(buf)), trial.contentType, s3.Private, s3.Options{})
293 c.Check(err, check.ErrorMatches, `400 Bad Request`)
295 _, err = bucket.GetReader(trial.path)
296 c.Assert(err, check.ErrorMatches, `404 Not Found`)
300 func (s *IntegrationSuite) TestS3CollectionDeleteObject(c *check.C) {
301 stage := s.s3setup(c)
302 defer stage.teardown(c)
303 s.testS3DeleteObject(c, stage.collbucket, "")
305 func (s *IntegrationSuite) TestS3ProjectDeleteObject(c *check.C) {
306 stage := s.s3setup(c)
307 defer stage.teardown(c)
308 s.testS3DeleteObject(c, stage.projbucket, stage.coll.Name+"/")
310 func (s *IntegrationSuite) testS3DeleteObject(c *check.C, bucket *s3.Bucket, prefix string) {
311 s.testServer.Config.cluster.Collections.S3FolderObjects = true
312 for _, trial := range []struct {
323 objname := prefix + trial.path
324 comment := check.Commentf("objname %q", objname)
326 err := bucket.Del(objname)
327 if trial.path == "/" {
328 c.Check(err, check.NotNil)
331 c.Check(err, check.IsNil, comment)
332 _, err = bucket.GetReader(objname)
333 c.Check(err, check.NotNil, comment)
337 func (s *IntegrationSuite) TestS3CollectionPutObjectFailure(c *check.C) {
338 stage := s.s3setup(c)
339 defer stage.teardown(c)
340 s.testS3PutObjectFailure(c, stage.collbucket, "")
342 func (s *IntegrationSuite) TestS3ProjectPutObjectFailure(c *check.C) {
343 stage := s.s3setup(c)
344 defer stage.teardown(c)
345 s.testS3PutObjectFailure(c, stage.projbucket, stage.coll.Name+"/")
347 func (s *IntegrationSuite) testS3PutObjectFailure(c *check.C, bucket *s3.Bucket, prefix string) {
348 s.testServer.Config.cluster.Collections.S3FolderObjects = false
350 // Can't use V4 signature for these tests, because
351 // double-slash is incorrectly cleaned by the aws.V4Signature,
352 // resulting in a "bad signature" error. (Cleaning the path is
353 // appropriate for other services, but not in S3 where object
354 // names "foo//bar" and "foo/bar" are semantically different.)
355 bucket.S3.Auth = *(aws.NewAuth(arvadostest.ActiveToken, "none", "", time.Now().Add(time.Hour)))
356 bucket.S3.Signature = aws.V2Signature
358 var wg sync.WaitGroup
359 for _, trial := range []struct {
363 path: "emptyfile/newname", // emptyfile exists, see s3setup()
365 path: "emptyfile/", // emptyfile exists, see s3setup()
367 path: "emptydir", // dir already exists, see s3setup()
390 c.Logf("=== %v", trial)
392 objname := prefix + trial.path
394 buf := make([]byte, 1234)
397 err := bucket.PutReader(objname, bytes.NewReader(buf), int64(len(buf)), "application/octet-stream", s3.Private, s3.Options{})
398 if !c.Check(err, check.ErrorMatches, `400 Bad.*`, check.Commentf("PUT %q should fail", objname)) {
402 if objname != "" && objname != "/" {
403 _, err = bucket.GetReader(objname)
404 c.Check(err, check.ErrorMatches, `404 Not Found`, check.Commentf("GET %q should return 404", objname))
411 func (stage *s3stage) writeBigDirs(c *check.C, dirs int, filesPerDir int) {
412 fs, err := stage.coll.FileSystem(stage.arv, stage.kc)
413 c.Assert(err, check.IsNil)
414 for d := 0; d < dirs; d++ {
415 dir := fmt.Sprintf("dir%d", d)
416 c.Assert(fs.Mkdir(dir, 0755), check.IsNil)
417 for i := 0; i < filesPerDir; i++ {
418 f, err := fs.OpenFile(fmt.Sprintf("%s/file%d.txt", dir, i), os.O_CREATE|os.O_WRONLY, 0644)
419 c.Assert(err, check.IsNil)
420 c.Assert(f.Close(), check.IsNil)
423 c.Assert(fs.Sync(), check.IsNil)
426 func (s *IntegrationSuite) TestS3GetBucketVersioning(c *check.C) {
427 stage := s.s3setup(c)
428 defer stage.teardown(c)
429 for _, bucket := range []*s3.Bucket{stage.collbucket, stage.projbucket} {
430 req, err := http.NewRequest("GET", bucket.URL("/"), nil)
431 c.Check(err, check.IsNil)
432 req.Header.Set("Authorization", "AWS "+arvadostest.ActiveTokenV2+":none")
433 req.URL.RawQuery = "versioning"
434 resp, err := http.DefaultClient.Do(req)
435 c.Assert(err, check.IsNil)
436 c.Check(resp.Header.Get("Content-Type"), check.Equals, "application/xml")
437 buf, err := ioutil.ReadAll(resp.Body)
438 c.Assert(err, check.IsNil)
439 c.Check(string(buf), check.Equals, "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<VersioningConfiguration xmlns=\"http://s3.amazonaws.com/doc/2006-03-01/\"/>\n")
443 // If there are no CommonPrefixes entries, the CommonPrefixes XML tag
444 // should not appear at all.
445 func (s *IntegrationSuite) TestS3ListNoCommonPrefixes(c *check.C) {
446 stage := s.s3setup(c)
447 defer stage.teardown(c)
449 req, err := http.NewRequest("GET", stage.collbucket.URL("/"), nil)
450 c.Assert(err, check.IsNil)
451 req.Header.Set("Authorization", "AWS "+arvadostest.ActiveTokenV2+":none")
452 req.URL.RawQuery = "prefix=asdfasdfasdf&delimiter=/"
453 resp, err := http.DefaultClient.Do(req)
454 c.Assert(err, check.IsNil)
455 buf, err := ioutil.ReadAll(resp.Body)
456 c.Assert(err, check.IsNil)
457 c.Check(string(buf), check.Not(check.Matches), `(?ms).*CommonPrefixes.*`)
460 // If there is no delimiter in the request, or the results are not
461 // truncated, the NextMarker XML tag should not appear in the response
463 func (s *IntegrationSuite) TestS3ListNoNextMarker(c *check.C) {
464 stage := s.s3setup(c)
465 defer stage.teardown(c)
467 for _, query := range []string{"prefix=e&delimiter=/", ""} {
468 req, err := http.NewRequest("GET", stage.collbucket.URL("/"), nil)
469 c.Assert(err, check.IsNil)
470 req.Header.Set("Authorization", "AWS "+arvadostest.ActiveTokenV2+":none")
471 req.URL.RawQuery = query
472 resp, err := http.DefaultClient.Do(req)
473 c.Assert(err, check.IsNil)
474 buf, err := ioutil.ReadAll(resp.Body)
475 c.Assert(err, check.IsNil)
476 c.Check(string(buf), check.Not(check.Matches), `(?ms).*NextMarker.*`)
480 func (s *IntegrationSuite) TestS3CollectionList(c *check.C) {
481 stage := s.s3setup(c)
482 defer stage.teardown(c)
485 for markers, s.testServer.Config.cluster.Collections.S3FolderObjects = range []bool{false, true} {
488 stage.writeBigDirs(c, dirs, filesPerDir)
489 // Total # objects is:
490 // 2 file entries from s3setup (emptyfile and sailboat.txt)
491 // +1 fake "directory" marker from s3setup (emptydir) (if enabled)
492 // +dirs fake "directory" marker from writeBigDirs (dir0/, dir1/) (if enabled)
493 // +filesPerDir*dirs file entries from writeBigDirs (dir0/file0.txt, etc.)
494 s.testS3List(c, stage.collbucket, "", 4000, markers+2+(filesPerDir+markers)*dirs)
495 s.testS3List(c, stage.collbucket, "", 131, markers+2+(filesPerDir+markers)*dirs)
496 s.testS3List(c, stage.collbucket, "dir0/", 71, filesPerDir+markers)
499 func (s *IntegrationSuite) testS3List(c *check.C, bucket *s3.Bucket, prefix string, pageSize, expectFiles int) {
500 c.Logf("testS3List: prefix=%q pageSize=%d S3FolderObjects=%v", prefix, pageSize, s.testServer.Config.cluster.Collections.S3FolderObjects)
501 expectPageSize := pageSize
502 if expectPageSize > 1000 {
503 expectPageSize = 1000
505 gotKeys := map[string]s3.Key{}
509 resp, err := bucket.List(prefix, "", nextMarker, pageSize)
510 if !c.Check(err, check.IsNil) {
513 c.Check(len(resp.Contents) <= expectPageSize, check.Equals, true)
514 if pages++; !c.Check(pages <= (expectFiles/expectPageSize)+1, check.Equals, true) {
517 for _, key := range resp.Contents {
518 gotKeys[key.Key] = key
519 if strings.Contains(key.Key, "sailboat.txt") {
520 c.Check(key.Size, check.Equals, int64(4))
523 if !resp.IsTruncated {
524 c.Check(resp.NextMarker, check.Equals, "")
527 if !c.Check(resp.NextMarker, check.Not(check.Equals), "") {
530 nextMarker = resp.NextMarker
532 c.Check(len(gotKeys), check.Equals, expectFiles)
535 func (s *IntegrationSuite) TestS3CollectionListRollup(c *check.C) {
536 for _, s.testServer.Config.cluster.Collections.S3FolderObjects = range []bool{false, true} {
537 s.testS3CollectionListRollup(c)
541 func (s *IntegrationSuite) testS3CollectionListRollup(c *check.C) {
542 stage := s.s3setup(c)
543 defer stage.teardown(c)
547 stage.writeBigDirs(c, dirs, filesPerDir)
548 err := stage.collbucket.PutReader("dingbats", &bytes.Buffer{}, 0, "application/octet-stream", s3.Private, s3.Options{})
549 c.Assert(err, check.IsNil)
550 var allfiles []string
551 for marker := ""; ; {
552 resp, err := stage.collbucket.List("", "", marker, 20000)
553 c.Check(err, check.IsNil)
554 for _, key := range resp.Contents {
555 if len(allfiles) == 0 || allfiles[len(allfiles)-1] != key.Key {
556 allfiles = append(allfiles, key.Key)
559 marker = resp.NextMarker
565 if s.testServer.Config.cluster.Collections.S3FolderObjects {
568 c.Check(allfiles, check.HasLen, dirs*(filesPerDir+markers)+3+markers)
570 gotDirMarker := map[string]bool{}
571 for _, name := range allfiles {
572 isDirMarker := strings.HasSuffix(name, "/")
574 c.Check(isDirMarker, check.Equals, false, check.Commentf("name %q", name))
575 } else if isDirMarker {
576 gotDirMarker[name] = true
577 } else if i := strings.LastIndex(name, "/"); i >= 0 {
578 c.Check(gotDirMarker[name[:i+1]], check.Equals, true, check.Commentf("name %q", name))
579 gotDirMarker[name[:i+1]] = true // skip redundant complaints about this dir marker
583 for _, trial := range []struct {
598 {"dir0", "/", "dir0/file14.txt"}, // no commonprefixes
599 {"", "", "dir0/file14.txt"}, // middle page, skip walking dir1
600 {"", "", "dir1/file14.txt"}, // middle page, skip walking dir0
601 {"", "", "dir1/file498.txt"}, // last page of results
602 {"dir1/file", "", "dir1/file498.txt"}, // last page of results, with prefix
603 {"dir1/file", "/", "dir1/file498.txt"}, // last page of results, with prefix + delimiter
604 {"dir1", "Z", "dir1/file498.txt"}, // delimiter "Z" never appears
605 {"dir2", "/", ""}, // prefix "dir2" does not exist
608 c.Logf("\n\n=== trial %+v markers=%d", trial, markers)
611 resp, err := stage.collbucket.List(trial.prefix, trial.delimiter, trial.marker, maxKeys)
612 c.Check(err, check.IsNil)
613 if resp.IsTruncated && trial.delimiter == "" {
614 // goamz List method fills in the missing
615 // NextMarker field if resp.IsTruncated, so
616 // now we can't really tell whether it was
617 // sent by the server or by goamz. In cases
618 // where it should be empty but isn't, assume
619 // it's goamz's fault.
623 var expectKeys []string
624 var expectPrefixes []string
625 var expectNextMarker string
626 var expectTruncated bool
627 for _, key := range allfiles {
628 full := len(expectKeys)+len(expectPrefixes) >= maxKeys
629 if !strings.HasPrefix(key, trial.prefix) || key < trial.marker {
631 } else if idx := strings.Index(key[len(trial.prefix):], trial.delimiter); trial.delimiter != "" && idx >= 0 {
632 prefix := key[:len(trial.prefix)+idx+1]
633 if len(expectPrefixes) > 0 && expectPrefixes[len(expectPrefixes)-1] == prefix {
634 // same prefix as previous key
636 expectNextMarker = key
637 expectTruncated = true
639 expectPrefixes = append(expectPrefixes, prefix)
642 if trial.delimiter != "" {
643 expectNextMarker = key
645 expectTruncated = true
648 expectKeys = append(expectKeys, key)
653 for _, key := range resp.Contents {
654 gotKeys = append(gotKeys, key.Key)
656 var gotPrefixes []string
657 for _, prefix := range resp.CommonPrefixes {
658 gotPrefixes = append(gotPrefixes, prefix)
660 commentf := check.Commentf("trial %+v markers=%d", trial, markers)
661 c.Check(gotKeys, check.DeepEquals, expectKeys, commentf)
662 c.Check(gotPrefixes, check.DeepEquals, expectPrefixes, commentf)
663 c.Check(resp.NextMarker, check.Equals, expectNextMarker, commentf)
664 c.Check(resp.IsTruncated, check.Equals, expectTruncated, commentf)
665 c.Logf("=== trial %+v keys %q prefixes %q nextMarker %q", trial, gotKeys, gotPrefixes, resp.NextMarker)
669 func (s *IntegrationSuite) TestS3cmd(c *check.C) {
670 if _, err := exec.LookPath("s3cmd"); err != nil {
671 c.Skip("s3cmd not found")
675 stage := s.s3setup(c)
676 defer stage.teardown(c)
678 cmd := exec.Command("s3cmd", "--no-ssl", "--host="+s.testServer.Addr, "--host-bucket="+s.testServer.Addr, "--access_key="+arvadostest.ActiveTokenUUID, "--secret_key="+arvadostest.ActiveToken, "ls", "s3://"+arvadostest.FooCollection)
679 buf, err := cmd.CombinedOutput()
680 c.Check(err, check.IsNil)
681 c.Check(string(buf), check.Matches, `.* 3 +s3://`+arvadostest.FooCollection+`/foo\n`)