2019-06-11 22:24:35 +00:00
|
|
|
require "helper"
|
|
|
|
require "inspec/resource"
|
|
|
|
require "resources/aws/aws_s3_bucket_object"
|
2018-03-19 17:10:17 +00:00
|
|
|
|
2019-06-11 22:24:35 +00:00
|
|
|
require "resource_support/aws"
|
|
|
|
require "resources/aws/aws_s3_bucket_object"
|
2019-05-21 00:19:38 +00:00
|
|
|
|
2018-03-19 17:10:17 +00:00
|
|
|
# MSBOSB = MockS3BucketObjectSingleBackend
|
|
|
|
# Abbreviation not used outside this file
|
|
|
|
|
|
|
|
#=============================================================================#
|
|
|
|
# Constructor Tests
|
|
|
|
#=============================================================================#
|
|
|
|
class AwsS3BucketObjectConstructor < Minitest::Test
|
|
|
|
def setup
|
|
|
|
AwsS3BucketObject::BackendFactory.select(AwsMSBOSB::Basic)
|
|
|
|
end
|
|
|
|
|
|
|
|
def test_constructor_no_args_raises
|
|
|
|
assert_raises(ArgumentError) { AwsS3BucketObject.new }
|
|
|
|
end
|
|
|
|
|
|
|
|
def test_constructor_no_bucket_name_arg_raises
|
2019-06-11 22:24:35 +00:00
|
|
|
assert_raises(ArgumentError) { AwsS3BucketObject.new(:key, "key") }
|
2018-03-19 17:10:17 +00:00
|
|
|
end
|
|
|
|
|
|
|
|
def test_constructor_no_key_arg_raises
|
2019-06-11 22:24:35 +00:00
|
|
|
assert_raises(ArgumentError) { AwsS3BucketObject.new(:bucket_name, "bucket") }
|
2018-03-19 17:10:17 +00:00
|
|
|
end
|
|
|
|
|
|
|
|
def test_constructor_expected_well_formed_args
|
2019-06-11 22:24:35 +00:00
|
|
|
AwsS3BucketObject.new(bucket_name: "Public Bucket", key: "public_file.jpg")
|
2018-03-19 17:10:17 +00:00
|
|
|
end
|
|
|
|
|
|
|
|
def test_constructor_reject_unknown_resource_params
|
2019-06-11 22:24:35 +00:00
|
|
|
assert_raises(ArgumentError) { AwsS3BucketObject.new(bla: "NonExistingBucket") }
|
2018-03-19 17:10:17 +00:00
|
|
|
end
|
|
|
|
|
|
|
|
def test_constructor_reject_bucket_not_given
|
2019-06-11 22:24:35 +00:00
|
|
|
assert_raises(ArgumentError) { AwsS3BucketObject.new(key: "public_file.jpg") }
|
2018-03-19 17:10:17 +00:00
|
|
|
end
|
2019-06-11 22:24:35 +00:00
|
|
|
|
2018-03-19 17:10:17 +00:00
|
|
|
def test_constructor_reject_key_not_given
|
2019-06-11 22:24:35 +00:00
|
|
|
assert_raises(ArgumentError) { AwsS3BucketObject.new(bucket_name: "Public Bucket") }
|
2018-03-19 17:10:17 +00:00
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
#=============================================================================#
|
|
|
|
# Recall
|
|
|
|
#=============================================================================#
|
|
|
|
|
|
|
|
class AwsS3BucketObjectRecallTest < Minitest::Test
|
|
|
|
def setup
|
|
|
|
AwsS3BucketObject::BackendFactory.select(AwsMSBOSB::Basic)
|
|
|
|
end
|
|
|
|
|
|
|
|
def test_searching
|
2019-06-11 22:24:35 +00:00
|
|
|
assert(AwsS3BucketObject.new(bucket_name: "Public Bucket", key: "public_file.jpg").exists?)
|
|
|
|
refute(AwsS3BucketObject.new(bucket_name: "Public Bucket", key: "NonExistingObject").exists?)
|
|
|
|
refute(AwsS3BucketObject.new(bucket_name: "NonExistingBucket", key: "public_file.jpg").exists?)
|
2018-03-19 17:10:17 +00:00
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
#=============================================================================#
|
|
|
|
# Properties
|
|
|
|
#=============================================================================#
|
|
|
|
|
|
|
|
class AwsS3BucketTestProperties < Minitest::Test
|
|
|
|
def setup
|
|
|
|
AwsS3BucketObject::BackendFactory.select(AwsMSBOSB::Basic)
|
|
|
|
end
|
|
|
|
|
2019-06-11 22:24:35 +00:00
|
|
|
#---------------------Bucket Name----------------------------#
|
2018-03-19 17:10:17 +00:00
|
|
|
def test_property_bucket_name
|
2019-06-11 22:24:35 +00:00
|
|
|
assert_equal("Public Bucket", AwsS3BucketObject.new(bucket_name: "Public Bucket", key: "public_file.jpg").bucket_name)
|
2018-03-19 17:10:17 +00:00
|
|
|
end
|
|
|
|
|
2019-06-11 22:24:35 +00:00
|
|
|
#--------------------- Key ----------------------------#
|
2018-03-19 17:10:17 +00:00
|
|
|
def test_property_key
|
2019-06-11 22:24:35 +00:00
|
|
|
assert_equal("public_file.jpg", AwsS3BucketObject.new(bucket_name: "Public Bucket", key: "public_file.jpg").key)
|
2018-03-19 17:10:17 +00:00
|
|
|
end
|
|
|
|
|
|
|
|
#---------------------- object_acl -------------------------------#
|
|
|
|
def test_property_object_acl_structure
|
2019-06-11 22:24:35 +00:00
|
|
|
object_acl = AwsS3BucketObject.new(bucket_name: "Public Bucket", key: "public_file.jpg").object_acl
|
2018-03-19 17:10:17 +00:00
|
|
|
|
|
|
|
assert_kind_of(Array, object_acl)
|
|
|
|
assert(object_acl.size > 0)
|
2019-06-11 22:24:35 +00:00
|
|
|
assert(object_acl.all? { |g| g.respond_to?(:permission) })
|
|
|
|
assert(object_acl.all? { |g| g.respond_to?(:grantee) })
|
|
|
|
assert(object_acl.all? { |g| g.grantee.respond_to?(:type) })
|
2018-03-19 17:10:17 +00:00
|
|
|
end
|
|
|
|
|
|
|
|
def test_property_object_acl_public
|
2019-06-11 22:24:35 +00:00
|
|
|
bucket_acl = AwsS3BucketObject.new(bucket_name: "Public Bucket", key: "public_file.jpg").object_acl
|
|
|
|
|
2018-03-19 17:10:17 +00:00
|
|
|
public_grants = bucket_acl.select do |g|
|
2019-06-11 22:24:35 +00:00
|
|
|
g.grantee.type == "Group" && g.grantee.uri =~ /AllUsers/
|
2018-03-19 17:10:17 +00:00
|
|
|
end
|
|
|
|
refute_empty(public_grants)
|
|
|
|
end
|
|
|
|
|
|
|
|
def test_property_object_acl_private
|
2019-06-11 22:24:35 +00:00
|
|
|
bucket_acl = AwsS3BucketObject.new(bucket_name: "Public Bucket", key: "private_file.jpg").object_acl
|
2018-03-19 17:10:17 +00:00
|
|
|
|
|
|
|
public_grants = bucket_acl.select do |g|
|
2019-06-11 22:24:35 +00:00
|
|
|
g.grantee.type == "Group" && g.grantee.uri =~ /AllUsers/
|
2018-03-19 17:10:17 +00:00
|
|
|
end
|
|
|
|
assert_empty(public_grants)
|
2019-06-11 22:24:35 +00:00
|
|
|
|
2018-03-19 17:10:17 +00:00
|
|
|
auth_users_grants = bucket_acl.select do |g|
|
2019-06-11 22:24:35 +00:00
|
|
|
g.grantee.type == "Group" && g.grantee.uri =~ /AuthenticatedUsers/
|
2018-03-19 17:10:17 +00:00
|
|
|
end
|
|
|
|
assert_empty(auth_users_grants)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
#=============================================================================#
|
|
|
|
# Matchers
|
|
|
|
#=============================================================================#
|
|
|
|
|
|
|
|
class AwsS3BucketMatchersTest < Minitest::Test
|
|
|
|
def setup
|
|
|
|
AwsS3BucketObject::BackendFactory.select(AwsMSBOSB::Basic)
|
|
|
|
end
|
2019-06-11 22:24:35 +00:00
|
|
|
|
2018-03-19 17:10:17 +00:00
|
|
|
def test_matcher_public
|
2019-06-11 22:24:35 +00:00
|
|
|
assert_equal(true, AwsS3BucketObject.new(bucket_name: "Public Bucket", key: "public_file.jpg").public?)
|
|
|
|
assert_equal(false, AwsS3BucketObject.new(bucket_name: "Public Bucket", key: "private_file.jpg").public?)
|
2018-03-19 17:10:17 +00:00
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
#=============================================================================#
|
|
|
|
# Test Fixtures
|
|
|
|
#=============================================================================#
|
|
|
|
|
|
|
|
module AwsMSBOSB
|
|
|
|
class Basic < AwsBackendBase
|
|
|
|
def get_object_acl(query)
|
|
|
|
buckets = {
|
2019-06-11 22:24:35 +00:00
|
|
|
"Public Bucket" => OpenStruct.new({
|
|
|
|
"public_file.jpg" => OpenStruct.new({
|
|
|
|
grants: [
|
2018-03-19 17:10:17 +00:00
|
|
|
OpenStruct.new({
|
2019-06-11 22:24:35 +00:00
|
|
|
"grantee" => OpenStruct.new({
|
|
|
|
type: "CanonicalUser",
|
2018-03-19 17:10:17 +00:00
|
|
|
}),
|
2019-06-11 22:24:35 +00:00
|
|
|
permission: "FULL_CONTROL",
|
2018-03-19 17:10:17 +00:00
|
|
|
}),
|
|
|
|
OpenStruct.new({
|
2019-06-11 22:24:35 +00:00
|
|
|
"grantee" => OpenStruct.new({
|
|
|
|
type: "AmazonCustomerByEmail",
|
2018-03-19 17:10:17 +00:00
|
|
|
}),
|
2019-06-11 22:24:35 +00:00
|
|
|
permission: "READ",
|
2018-03-19 17:10:17 +00:00
|
|
|
}),
|
|
|
|
OpenStruct.new({
|
2019-06-11 22:24:35 +00:00
|
|
|
"grantee" => OpenStruct.new({
|
|
|
|
type: "Group",
|
|
|
|
uri: "http://acs.amazonaws.com/groups/global/AllUsers",
|
2018-03-19 17:10:17 +00:00
|
|
|
}),
|
2019-06-11 22:24:35 +00:00
|
|
|
permission: "READ",
|
2018-03-19 17:10:17 +00:00
|
|
|
}),
|
2019-06-11 22:24:35 +00:00
|
|
|
],
|
2018-03-19 17:10:17 +00:00
|
|
|
}),
|
2019-06-11 22:24:35 +00:00
|
|
|
"private_file.jpg" => OpenStruct.new({
|
|
|
|
grants: [
|
2018-03-19 17:10:17 +00:00
|
|
|
OpenStruct.new({
|
2019-06-11 22:24:35 +00:00
|
|
|
"grantee" => OpenStruct.new({
|
|
|
|
type: "CanonicalUser",
|
2018-03-19 17:10:17 +00:00
|
|
|
}),
|
2019-06-11 22:24:35 +00:00
|
|
|
permission: "FULL_CONTROL",
|
2018-03-19 17:10:17 +00:00
|
|
|
}),
|
2019-06-11 22:24:35 +00:00
|
|
|
],
|
2018-03-19 17:10:17 +00:00
|
|
|
}),
|
2019-06-11 22:24:35 +00:00
|
|
|
}),
|
2018-03-19 17:10:17 +00:00
|
|
|
}
|
|
|
|
buckets[query[:bucket]][query[:key]]
|
|
|
|
end
|
2019-06-11 22:24:35 +00:00
|
|
|
|
2018-03-19 17:10:17 +00:00
|
|
|
def get_object(query)
|
|
|
|
buckets = {
|
2019-06-11 22:24:35 +00:00
|
|
|
"Public Bucket" => OpenStruct.new({
|
|
|
|
"public_file.jpg" => OpenStruct.new({
|
2018-03-19 17:10:17 +00:00
|
|
|
}),
|
2019-06-11 22:24:35 +00:00
|
|
|
"private_file.jpg" => OpenStruct.new({
|
2018-03-19 17:10:17 +00:00
|
|
|
}),
|
2019-06-11 22:24:35 +00:00
|
|
|
}),
|
2018-03-19 17:10:17 +00:00
|
|
|
}
|
|
|
|
bucket = buckets[query[:bucket]]
|
|
|
|
raise Aws::S3::Errors::NoSuchBucket.new(Seahorse::Client::Http::Request, "Bucket does not exist") if bucket.nil?
|
2019-07-09 00:20:30 +00:00
|
|
|
|
2018-03-19 17:10:17 +00:00
|
|
|
object = bucket[query[:key]]
|
|
|
|
raise Aws::S3::Errors::NoSuchKey.new(Seahorse::Client::Http::Request, "Key does not exist") if object.nil?
|
2019-07-09 00:20:30 +00:00
|
|
|
|
2018-03-19 17:10:17 +00:00
|
|
|
object
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|