X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/90639f0e5d620b660a3f94d89682b57335b5a0ab..b041a675c577e174680913e0da0bf69b1cca83b6:/services/keep-web/s3_test.go

diff --git a/services/keep-web/s3_test.go b/services/keep-web/s3_test.go
index 4f70168b56..b25ef972dc 100644
--- a/services/keep-web/s3_test.go
+++ b/services/keep-web/s3_test.go
@@ -2,7 +2,7 @@
 //
 // SPDX-License-Identifier: AGPL-3.0
 
-package main
+package keepweb
 
 import (
 	"bytes"
@@ -39,12 +39,13 @@ type s3stage struct {
 	kc         *keepclient.KeepClient
 	proj       arvados.Group
 	projbucket *s3.Bucket
+	subproj    arvados.Group
 	coll       arvados.Collection
 	collbucket *s3.Bucket
 }
 
 func (s *IntegrationSuite) s3setup(c *check.C) s3stage {
-	var proj arvados.Group
+	var proj, subproj arvados.Group
 	var coll arvados.Collection
 	arv := arvados.NewClientFromEnv()
 	arv.AuthToken = arvadostest.ActiveToken
@@ -52,14 +53,34 @@ func (s *IntegrationSuite) s3setup(c *check.C) s3stage {
 		"group": map[string]interface{}{
 			"group_class": "project",
 			"name":        "keep-web s3 test",
+			"properties": map[string]interface{}{
+				"project-properties-key": "project properties value",
+			},
 		},
 		"ensure_unique_name": true,
 	})
 	c.Assert(err, check.IsNil)
+	err = arv.RequestAndDecode(&subproj, "POST", "arvados/v1/groups", nil, map[string]interface{}{
+		"group": map[string]interface{}{
+			"owner_uuid":  proj.UUID,
+			"group_class": "project",
+			"name":        "keep-web s3 test subproject",
+			"properties": map[string]interface{}{
+				"subproject_properties_key": "subproject properties value",
+				"invalid header key":        "this value will not be returned because key contains spaces",
+			},
+		},
+	})
+	c.Assert(err, check.IsNil)
 	err = arv.RequestAndDecode(&coll, "POST", "arvados/v1/collections", nil, map[string]interface{}{"collection": map[string]interface{}{
 		"owner_uuid":    proj.UUID,
 		"name":          "keep-web s3 test collection",
 		"manifest_text": ". d41d8cd98f00b204e9800998ecf8427e+0 0:0:emptyfile\n./emptydir d41d8cd98f00b204e9800998ecf8427e+0 0:0:.\n",
+		"properties": map[string]interface{}{
+			"string": "string value",
+			"array":  []string{"element1", "element2"},
+			"object": map[string]interface{}{"key": map[string]interface{}{"key2": "value"}},
+		},
 	}})
 	c.Assert(err, check.IsNil)
 	ac, err := arvadosclient.New(arv)
@@ -82,7 +103,7 @@ func (s *IntegrationSuite) s3setup(c *check.C) s3stage {
 	auth := aws.NewAuth(arvadostest.ActiveTokenUUID, arvadostest.ActiveToken, "", time.Now().Add(time.Hour))
 	region := aws.Region{
 		Name:       "zzzzz",
-		S3Endpoint: "http://" + s.testServer.Addr,
+		S3Endpoint: s.testServer.URL,
 	}
 	client := s3.New(*auth, region)
 	client.Signature = aws.V4Signature
@@ -95,7 +116,8 @@ func (s *IntegrationSuite) s3setup(c *check.C) s3stage {
 			S3:   client,
 			Name: proj.UUID,
 		},
-		coll: coll,
+		subproj: subproj,
+		coll:    coll,
 		collbucket: &s3.Bucket{
 			S3:   client,
 			Name: coll.UUID,
@@ -215,6 +237,72 @@ func (s *IntegrationSuite) testS3GetObject(c *check.C, bucket *s3.Bucket, prefix
 	c.Check(exists, check.Equals, true)
 }
 
+func (s *IntegrationSuite) checkMetaEquals(c *check.C, hdr http.Header, expect map[string]string) {
+	got := map[string]string{}
+	for hk, hv := range hdr {
+		if k := strings.TrimPrefix(hk, "X-Amz-Meta-"); k != hk && len(hv) == 1 {
+			got[k] = hv[0]
+		}
+	}
+	c.Check(got, check.DeepEquals, expect)
+}
+
+func (s *IntegrationSuite) TestS3PropertiesAsMetadata(c *check.C) {
+	stage := s.s3setup(c)
+	defer stage.teardown(c)
+
+	expectCollectionTags := map[string]string{
+		"String": "string value",
+		"Array":  `["element1","element2"]`,
+		"Object": `{"key":{"key2":"value"}}`,
+	}
+	expectSubprojectTags := map[string]string{
+		"Subproject_properties_key": "subproject properties value",
+	}
+	expectProjectTags := map[string]string{
+		"Project-Properties-Key": "project properties value",
+	}
+
+	c.Log("HEAD object with metadata from collection")
+	resp, err := stage.collbucket.Head("sailboat.txt", nil)
+	c.Assert(err, check.IsNil)
+	s.checkMetaEquals(c, resp.Header, expectCollectionTags)
+
+	c.Log("GET object with metadata from collection")
+	rdr, hdr, err := stage.collbucket.GetReaderWithHeaders("sailboat.txt")
+	c.Assert(err, check.IsNil)
+	content, err := ioutil.ReadAll(rdr)
+	c.Check(err, check.IsNil)
+	rdr.Close()
+	c.Check(content, check.HasLen, 4)
+	s.checkMetaEquals(c, hdr, expectCollectionTags)
+
+	c.Log("HEAD bucket with metadata from collection")
+	resp, err = stage.collbucket.Head("/", nil)
+	c.Assert(err, check.IsNil)
+	s.checkMetaEquals(c, resp.Header, expectCollectionTags)
+
+	c.Log("HEAD directory placeholder with metadata from collection")
+	resp, err = stage.projbucket.Head("keep-web s3 test collection/", nil)
+	c.Assert(err, check.IsNil)
+	s.checkMetaEquals(c, resp.Header, expectCollectionTags)
+
+	c.Log("HEAD file with metadata from collection")
+	resp, err = stage.projbucket.Head("keep-web s3 test collection/sailboat.txt", nil)
+	c.Assert(err, check.IsNil)
+	s.checkMetaEquals(c, resp.Header, expectCollectionTags)
+
+	c.Log("HEAD directory placeholder with metadata from subproject")
+	resp, err = stage.projbucket.Head("keep-web s3 test subproject/", nil)
+	c.Assert(err, check.IsNil)
+	s.checkMetaEquals(c, resp.Header, expectSubprojectTags)
+
+	c.Log("HEAD bucket with metadata from project")
+	resp, err = stage.projbucket.Head("/", nil)
+	c.Assert(err, check.IsNil)
+	s.checkMetaEquals(c, resp.Header, expectProjectTags)
+}
+
 func (s *IntegrationSuite) TestS3CollectionPutObjectSuccess(c *check.C) {
 	stage := s.s3setup(c)
 	defer stage.teardown(c)
@@ -282,7 +370,7 @@ func (s *IntegrationSuite) testS3PutObjectSuccess(c *check.C, bucket *s3.Bucket,
 		c.Check(err, check.IsNil)
 
 		rdr, err := bucket.GetReader(objname)
-		if strings.HasSuffix(trial.path, "/") && !s.testServer.Config.cluster.Collections.S3FolderObjects {
+		if strings.HasSuffix(trial.path, "/") && !s.handler.Cluster.Collections.S3FolderObjects {
 			c.Check(err, check.NotNil)
 			continue
 		} else if !c.Check(err, check.IsNil) {
@@ -332,7 +420,7 @@ func (s *IntegrationSuite) TestS3ProjectPutObjectNotSupported(c *check.C) {
 		err = bucket.PutReader(trial.path, bytes.NewReader(buf), int64(len(buf)), trial.contentType, s3.Private, s3.Options{})
 		c.Check(err.(*s3.Error).StatusCode, check.Equals, 400)
 		c.Check(err.(*s3.Error).Code, check.Equals, `InvalidArgument`)
-		c.Check(err, check.ErrorMatches, `(mkdir "/by_id/zzzzz-j7d0g-[a-z0-9]{15}/newdir2?"|open "/zzzzz-j7d0g-[a-z0-9]{15}/newfile") failed: invalid argument`)
+		c.Check(err, check.ErrorMatches, `(mkdir "/by_id/zzzzz-j7d0g-[a-z0-9]{15}/newdir2?"|open "/zzzzz-j7d0g-[a-z0-9]{15}/newfile") failed: invalid (argument|operation)`)
 
 		_, err = bucket.GetReader(trial.path)
 		c.Check(err.(*s3.Error).StatusCode, check.Equals, 404)
@@ -352,7 +440,7 @@ func (s *IntegrationSuite) TestS3ProjectDeleteObject(c *check.C) {
 	s.testS3DeleteObject(c, stage.projbucket, stage.coll.Name+"/")
 }
 func (s *IntegrationSuite) testS3DeleteObject(c *check.C, bucket *s3.Bucket, prefix string) {
-	s.testServer.Config.cluster.Collections.S3FolderObjects = true
+	s.handler.Cluster.Collections.S3FolderObjects = true
 	for _, trial := range []struct {
 		path string
 	}{
@@ -389,7 +477,7 @@ func (s *IntegrationSuite) TestS3ProjectPutObjectFailure(c *check.C) {
 	s.testS3PutObjectFailure(c, stage.projbucket, stage.coll.Name+"/")
 }
 func (s *IntegrationSuite) testS3PutObjectFailure(c *check.C, bucket *s3.Bucket, prefix string) {
-	s.testServer.Config.cluster.Collections.S3FolderObjects = false
+	s.handler.Cluster.Collections.S3FolderObjects = false
 
 	var wg sync.WaitGroup
 	for _, trial := range []struct {
@@ -540,7 +628,7 @@ func (s *IntegrationSuite) TestS3VirtualHostStyleRequests(c *check.C) {
 		c.Assert(err, check.IsNil)
 		s.sign(c, req, arvadostest.ActiveTokenUUID, arvadostest.ActiveToken)
 		rr := httptest.NewRecorder()
-		s.testServer.Server.Handler.ServeHTTP(rr, req)
+		s.handler.ServeHTTP(rr, req)
 		resp := rr.Result()
 		c.Check(resp.StatusCode, check.Equals, trial.responseCode)
 		body, err := ioutil.ReadAll(resp.Body)
@@ -558,12 +646,15 @@ func (s *IntegrationSuite) TestS3NormalizeURIForSignature(c *check.C) {
 		rawPath        string
 		normalizedPath string
 	}{
-		{"/foo", "/foo"},             // boring case
-		{"/foo%5fbar", "/foo_bar"},   // _ must not be escaped
-		{"/foo%2fbar", "/foo/bar"},   // / must not be escaped
-		{"/(foo)", "/%28foo%29"},     // () must be escaped
-		{"/foo%5bbar", "/foo%5Bbar"}, // %XX must be uppercase
+		{"/foo", "/foo"},                           // boring case
+		{"/foo%5fbar", "/foo_bar"},                 // _ must not be escaped
+		{"/foo%2fbar", "/foo/bar"},                 // / must not be escaped
+		{"/(foo)/[];,", "/%28foo%29/%5B%5D%3B%2C"}, // ()[];, must be escaped
+		{"/foo%5bbar", "/foo%5Bbar"},               // %XX must be uppercase
+		{"//foo///.bar", "/foo/.bar"},              // "//" and "///" must be squashed to "/"
 	} {
+		c.Logf("trial %q", trial)
+
 		date := time.Now().UTC().Format("20060102T150405Z")
 		scope := "20200202/zzzzz/S3/aws4_request"
 		canonicalRequest := fmt.Sprintf("%s\n%s\n%s\n%s\n%s\n%s", "GET", trial.normalizedPath, "", "host:host.example.com\n", "host", "")
@@ -707,7 +798,7 @@ func (s *IntegrationSuite) TestS3CollectionList(c *check.C) {
 	defer stage.teardown(c)
 
 	var markers int
-	for markers, s.testServer.Config.cluster.Collections.S3FolderObjects = range []bool{false, true} {
+	for markers, s.handler.Cluster.Collections.S3FolderObjects = range []bool{false, true} {
 		dirs := 2
 		filesPerDir := 1001
 		stage.writeBigDirs(c, dirs, filesPerDir)
@@ -722,7 +813,7 @@ func (s *IntegrationSuite) TestS3CollectionList(c *check.C) {
 	}
 }
 func (s *IntegrationSuite) testS3List(c *check.C, bucket *s3.Bucket, prefix string, pageSize, expectFiles int) {
-	c.Logf("testS3List: prefix=%q pageSize=%d S3FolderObjects=%v", prefix, pageSize, s.testServer.Config.cluster.Collections.S3FolderObjects)
+	c.Logf("testS3List: prefix=%q pageSize=%d S3FolderObjects=%v", prefix, pageSize, s.handler.Cluster.Collections.S3FolderObjects)
 	expectPageSize := pageSize
 	if expectPageSize > 1000 {
 		expectPageSize = 1000
@@ -758,7 +849,7 @@ func (s *IntegrationSuite) testS3List(c *check.C, bucket *s3.Bucket, prefix stri
 }
 
 func (s *IntegrationSuite) TestS3CollectionListRollup(c *check.C) {
-	for _, s.testServer.Config.cluster.Collections.S3FolderObjects = range []bool{false, true} {
+	for _, s.handler.Cluster.Collections.S3FolderObjects = range []bool{false, true} {
 		s.testS3CollectionListRollup(c)
 	}
 }
@@ -787,7 +878,7 @@ func (s *IntegrationSuite) testS3CollectionListRollup(c *check.C) {
 		}
 	}
 	markers := 0
-	if s.testServer.Config.cluster.Collections.S3FolderObjects {
+	if s.handler.Cluster.Collections.S3FolderObjects {
 		markers = 1
 	}
 	c.Check(allfiles, check.HasLen, dirs*(filesPerDir+markers)+3+markers)
@@ -900,7 +991,7 @@ func (s *IntegrationSuite) TestS3ListObjectsV2(c *check.C) {
 
 	sess := aws_session.Must(aws_session.NewSession(&aws_aws.Config{
 		Region:           aws_aws.String("auto"),
-		Endpoint:         aws_aws.String("http://" + s.testServer.Addr),
+		Endpoint:         aws_aws.String(s.testServer.URL),
 		Credentials:      aws_credentials.NewStaticCredentials(url.QueryEscape(arvadostest.ActiveTokenV2), url.QueryEscape(arvadostest.ActiveTokenV2), ""),
 		S3ForcePathStyle: aws_aws.Bool(true),
 	}))
@@ -1046,7 +1137,7 @@ func (s *IntegrationSuite) TestS3ListObjectsV2EncodingTypeURL(c *check.C) {
 
 	sess := aws_session.Must(aws_session.NewSession(&aws_aws.Config{
 		Region:           aws_aws.String("auto"),
-		Endpoint:         aws_aws.String("http://" + s.testServer.Addr),
+		Endpoint:         aws_aws.String(s.testServer.URL),
 		Credentials:      aws_credentials.NewStaticCredentials(url.QueryEscape(arvadostest.ActiveTokenV2), url.QueryEscape(arvadostest.ActiveTokenV2), ""),
 		S3ForcePathStyle: aws_aws.Bool(true),
 	}))
@@ -1094,10 +1185,20 @@ func (s *IntegrationSuite) TestS3cmd(c *check.C) {
 	stage := s.s3setup(c)
 	defer stage.teardown(c)
 
-	cmd := exec.Command("s3cmd", "--no-ssl", "--host="+s.testServer.Addr, "--host-bucket="+s.testServer.Addr, "--access_key="+arvadostest.ActiveTokenUUID, "--secret_key="+arvadostest.ActiveToken, "ls", "s3://"+arvadostest.FooCollection)
+	cmd := exec.Command("s3cmd", "--no-ssl", "--host="+s.testServer.URL[7:], "--host-bucket="+s.testServer.URL[7:], "--access_key="+arvadostest.ActiveTokenUUID, "--secret_key="+arvadostest.ActiveToken, "ls", "s3://"+arvadostest.FooCollection)
 	buf, err := cmd.CombinedOutput()
 	c.Check(err, check.IsNil)
 	c.Check(string(buf), check.Matches, `.* 3 +s3://`+arvadostest.FooCollection+`/foo\n`)
+
+	// This tests whether s3cmd's path normalization agrees with
+	// keep-web's signature verification wrt chars like "|"
+	// (neither reserved nor unreserved) and "," (not normally
+	// percent-encoded in a path).
+	tmpfile := c.MkDir() + "/dstfile"
+	cmd = exec.Command("s3cmd", "--no-ssl", "--host="+s.testServer.URL[7:], "--host-bucket="+s.testServer.URL[7:], "--access_key="+arvadostest.ActiveTokenUUID, "--secret_key="+arvadostest.ActiveToken, "get", "s3://"+arvadostest.FooCollection+"/foo,;$[|]bar", tmpfile)
+	buf, err = cmd.CombinedOutput()
+	c.Check(err, check.NotNil)
+	c.Check(string(buf), check.Matches, `(?ms).*NoSuchKey.*\n`)
 }
 
 func (s *IntegrationSuite) TestS3BucketInHost(c *check.C) {