mirrors/seaweedfs
1
0
Fork 0
mirror of https://github.com/chrislusf/seaweedfs synced 2025-07-25 21:12:47 +02:00
Code Issues Projects Releases Wiki Activity
seaweedfs/test/s3/versioning/s3_versioning_object_lock_test.go
Chris Lu a524b4f485
Object locking need to persist the tags and set the headers (#6994) 
* fix object locking read and write

No logic to include object lock metadata in HEAD/GET response headers
No logic to extract object lock metadata from PUT request headers

* add tests for object locking

* Update weed/s3api/s3api_object_handlers_put.go

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

* Update weed/s3api/s3api_object_handlers.go

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

* refactor

* add unit tests

* sync versions

* Update s3_worm_integration_test.go

* fix legal hold values

* lint

* fix tests

* racing condition when enable versioning

* fix tests

* validate put object lock header

* allow check lock permissions for PUT

* default to OFF legal hold

* only set object lock headers for objects that are actually from object lock-enabled buckets

fix     --- FAIL: TestAddObjectLockHeadersToResponse/Handle_entry_with_no_object_lock_metadata (0.00s)

* address comments

* fix tests

* purge

* fix

* refactoring

* address comment

* address comment

* Update weed/s3api/s3api_object_handlers_put.go

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

* Update weed/s3api/s3api_object_handlers_put.go

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

* Update weed/s3api/s3api_object_handlers.go

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

* avoid nil

* ensure locked objects cannot be overwritten

---------

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
2025-07-16 23:00:25 -07:00

160 lines
6.4 KiB
Go
Raw Permalink Blame History

package s3api
import (
"context"
"strings"
"testing"
"time"
"github.com/aws/aws-sdk-go-v2/aws"
"github.com/aws/aws-sdk-go-v2/service/s3"
"github.com/aws/aws-sdk-go-v2/service/s3/types"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
)
// TestVersioningWithObjectLockHeaders ensures that versioned objects properly
// handle object lock headers in PUT requests and return them in HEAD/GET responses.
// This test would have caught the bug where object lock metadata was not returned
// in HEAD/GET responses.
func TestVersioningWithObjectLockHeaders(t *testing.T) {
client := getS3Client(t)
bucketName := getNewBucketName()
// Create bucket with object lock and versioning enabled
createBucketWithObjectLock(t, client, bucketName)
defer deleteBucket(t, client, bucketName)
key := "versioned-object-with-lock"
content1 := "version 1 content"
content2 := "version 2 content"
// PUT first version with object lock headers
retainUntilDate1 := time.Now().Add(12 * time.Hour)
putResp1, err := client.PutObject(context.TODO(), &s3.PutObjectInput{
Bucket: aws.String(bucketName),
Key: aws.String(key),
Body: strings.NewReader(content1),
ObjectLockMode: types.ObjectLockModeGovernance,
ObjectLockRetainUntilDate: aws.Time(retainUntilDate1),
})
require.NoError(t, err)
require.NotNil(t, putResp1.VersionId)
// PUT second version with different object lock settings
retainUntilDate2 := time.Now().Add(24 * time.Hour)
putResp2, err := client.PutObject(context.TODO(), &s3.PutObjectInput{
Bucket: aws.String(bucketName),
Key: aws.String(key),
Body: strings.NewReader(content2),
ObjectLockMode: types.ObjectLockModeCompliance,
ObjectLockRetainUntilDate: aws.Time(retainUntilDate2),
ObjectLockLegalHoldStatus: types.ObjectLockLegalHoldStatusOn,
})
require.NoError(t, err)
require.NotNil(t, putResp2.VersionId)
require.NotEqual(t, *putResp1.VersionId, *putResp2.VersionId)
// Test HEAD latest version returns correct object lock metadata
t.Run("HEAD latest version", func(t *testing.T) {
headResp, err := client.HeadObject(context.TODO(), &s3.HeadObjectInput{
Bucket: aws.String(bucketName),
Key: aws.String(key),
})
require.NoError(t, err)
// Should return metadata for version 2 (latest)
assert.Equal(t, types.ObjectLockModeCompliance, headResp.ObjectLockMode)
assert.NotNil(t, headResp.ObjectLockRetainUntilDate)
assert.WithinDuration(t, retainUntilDate2, *headResp.ObjectLockRetainUntilDate, 5*time.Second)
assert.Equal(t, types.ObjectLockLegalHoldStatusOn, headResp.ObjectLockLegalHoldStatus)
})
// Test HEAD specific version returns correct object lock metadata
t.Run("HEAD specific version", func(t *testing.T) {
headResp, err := client.HeadObject(context.TODO(), &s3.HeadObjectInput{
Bucket: aws.String(bucketName),
Key: aws.String(key),
VersionId: putResp1.VersionId,
})
require.NoError(t, err)
// Should return metadata for version 1
assert.Equal(t, types.ObjectLockModeGovernance, headResp.ObjectLockMode)
assert.NotNil(t, headResp.ObjectLockRetainUntilDate)
assert.WithinDuration(t, retainUntilDate1, *headResp.ObjectLockRetainUntilDate, 5*time.Second)
// Version 1 was created without legal hold, so AWS S3 defaults it to "OFF"
assert.Equal(t, types.ObjectLockLegalHoldStatusOff, headResp.ObjectLockLegalHoldStatus)
})
// Test GET latest version returns correct object lock metadata
t.Run("GET latest version", func(t *testing.T) {
getResp, err := client.GetObject(context.TODO(), &s3.GetObjectInput{
Bucket: aws.String(bucketName),
Key: aws.String(key),
})
require.NoError(t, err)
defer getResp.Body.Close()
// Should return metadata for version 2 (latest)
assert.Equal(t, types.ObjectLockModeCompliance, getResp.ObjectLockMode)
assert.NotNil(t, getResp.ObjectLockRetainUntilDate)
assert.WithinDuration(t, retainUntilDate2, *getResp.ObjectLockRetainUntilDate, 5*time.Second)
assert.Equal(t, types.ObjectLockLegalHoldStatusOn, getResp.ObjectLockLegalHoldStatus)
})
// Test GET specific version returns correct object lock metadata
t.Run("GET specific version", func(t *testing.T) {
getResp, err := client.GetObject(context.TODO(), &s3.GetObjectInput{
Bucket: aws.String(bucketName),
Key: aws.String(key),
VersionId: putResp1.VersionId,
})
require.NoError(t, err)
defer getResp.Body.Close()
// Should return metadata for version 1
assert.Equal(t, types.ObjectLockModeGovernance, getResp.ObjectLockMode)
assert.NotNil(t, getResp.ObjectLockRetainUntilDate)
assert.WithinDuration(t, retainUntilDate1, *getResp.ObjectLockRetainUntilDate, 5*time.Second)
// Version 1 was created without legal hold, so AWS S3 defaults it to "OFF"
assert.Equal(t, types.ObjectLockLegalHoldStatusOff, getResp.ObjectLockLegalHoldStatus)
})
}
// waitForVersioningToBeEnabled polls the bucket versioning status until it's enabled
// This helps avoid race conditions where object lock is configured but versioning
// isn't immediately available
func waitForVersioningToBeEnabled(t *testing.T, client *s3.Client, bucketName string) {
timeout := time.Now().Add(10 * time.Second)
for time.Now().Before(timeout) {
resp, err := client.GetBucketVersioning(context.TODO(), &s3.GetBucketVersioningInput{
Bucket: aws.String(bucketName),
})
if err == nil && resp.Status == types.BucketVersioningStatusEnabled {
return // Versioning is enabled
}
time.Sleep(100 * time.Millisecond)
}
t.Fatalf("Timeout waiting for versioning to be enabled on bucket %s", bucketName)
}
// Helper function for creating buckets with object lock enabled
func createBucketWithObjectLock(t *testing.T, client *s3.Client, bucketName string) {
_, err := client.CreateBucket(context.TODO(), &s3.CreateBucketInput{
Bucket: aws.String(bucketName),
ObjectLockEnabledForBucket: aws.Bool(true),
})
require.NoError(t, err)
// Wait for versioning to be automatically enabled by object lock
waitForVersioningToBeEnabled(t, client, bucketName)
// Verify that object lock was actually enabled
t.Logf("Verifying object lock configuration for bucket %s", bucketName)
_, err = client.GetObjectLockConfiguration(context.TODO(), &s3.GetObjectLockConfigurationInput{
Bucket: aws.String(bucketName),
})
require.NoError(t, err, "Object lock should be configured for bucket %s", bucketName)
}
Reference in a new issue View git blame Copy permalink