123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706 |
- package s3acl
- import (
- "bytes"
- "encoding/json"
- "github.com/aws/aws-sdk-go/service/s3"
- "github.com/seaweedfs/seaweedfs/weed/pb/filer_pb"
- "github.com/seaweedfs/seaweedfs/weed/s3api/s3_constants"
- "github.com/seaweedfs/seaweedfs/weed/s3api/s3account"
- "github.com/seaweedfs/seaweedfs/weed/s3api/s3err"
- "io"
- "net/http"
- "testing"
- )
- var (
- accountManager = &s3account.AccountManager{
- IdNameMapping: map[string]string{
- s3account.AccountAdmin.Id: s3account.AccountAdmin.Name,
- s3account.AccountAnonymous.Id: s3account.AccountAnonymous.Name,
- "accountA": "accountA",
- "accountB": "accountB",
- },
- EmailIdMapping: map[string]string{
- s3account.AccountAdmin.EmailAddress: s3account.AccountAdmin.Id,
- s3account.AccountAnonymous.EmailAddress: s3account.AccountAnonymous.Id,
- "accountA@example.com": "accountA",
- "accountBexample.com": "accountB",
- },
- }
- )
- func TestGetAccountId(t *testing.T) {
- req := &http.Request{
- Header: make(map[string][]string),
- }
- //case1
- //accountId: "admin"
- req.Header.Set(s3_constants.AmzAccountId, s3account.AccountAdmin.Id)
- if GetAccountId(req) != s3account.AccountAdmin.Id {
- t.Fatal("expect accountId: admin")
- }
- //case2
- //accountId: "anoymous"
- req.Header.Set(s3_constants.AmzAccountId, s3account.AccountAnonymous.Id)
- if GetAccountId(req) != s3account.AccountAnonymous.Id {
- t.Fatal("expect accountId: anonymous")
- }
- //case3
- //accountId is nil => "anonymous"
- req.Header.Del(s3_constants.AmzAccountId)
- if GetAccountId(req) != s3account.AccountAnonymous.Id {
- t.Fatal("expect accountId: anonymous")
- }
- }
- func TestExtractAcl(t *testing.T) {
- type Case struct {
- id int
- resultErrCode, expectErrCode s3err.ErrorCode
- resultGrants, expectGrants []*s3.Grant
- }
- testCases := make([]*Case, 0)
- accountAdminId := "admin"
- {
- //case1 (good case)
- //parse acp from request body
- req := &http.Request{
- Header: make(map[string][]string),
- }
- req.Body = io.NopCloser(bytes.NewReader([]byte(`
- <AccessControlPolicy xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
- <Owner>
- <ID>admin</ID>
- <DisplayName>admin</DisplayName>
- </Owner>
- <AccessControlList>
- <Grant>
- <Grantee xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="CanonicalUser">
- <ID>admin</ID>
- </Grantee>
- <Permission>FULL_CONTROL</Permission>
- </Grant>
- <Grant>
- <Grantee xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="Group">
- <URI>http://acs.amazonaws.com/groups/global/AllUsers</URI>
- </Grantee>
- <Permission>FULL_CONTROL</Permission>
- </Grant>
- </AccessControlList>
- </AccessControlPolicy>
- `)))
- objectWriter := "accountA"
- grants, errCode := ExtractAcl(req, accountManager, s3_constants.OwnershipObjectWriter, accountAdminId, accountAdminId, objectWriter)
- testCases = append(testCases, &Case{
- 1,
- errCode, s3err.ErrNone,
- grants, []*s3.Grant{
- {
- Grantee: &s3.Grantee{
- Type: &s3_constants.GrantTypeCanonicalUser,
- ID: &accountAdminId,
- },
- Permission: &s3_constants.PermissionFullControl,
- },
- {
- Grantee: &s3.Grantee{
- Type: &s3_constants.GrantTypeGroup,
- URI: &s3_constants.GranteeGroupAllUsers,
- },
- Permission: &s3_constants.PermissionFullControl,
- },
- },
- })
- }
- {
- //case2 (good case)
- //parse acp from header (cannedAcl)
- req := &http.Request{
- Header: make(map[string][]string),
- }
- req.Body = nil
- req.Header.Set(s3_constants.AmzCannedAcl, s3_constants.CannedAclPrivate)
- objectWriter := "accountA"
- grants, errCode := ExtractAcl(req, accountManager, s3_constants.OwnershipObjectWriter, accountAdminId, accountAdminId, objectWriter)
- testCases = append(testCases, &Case{
- 2,
- errCode, s3err.ErrNone,
- grants, []*s3.Grant{
- {
- Grantee: &s3.Grantee{
- Type: &s3_constants.GrantTypeCanonicalUser,
- ID: &objectWriter,
- },
- Permission: &s3_constants.PermissionFullControl,
- },
- },
- })
- }
- {
- //case3 (bad case)
- //parse acp from request body (content is invalid)
- req := &http.Request{
- Header: make(map[string][]string),
- }
- req.Body = io.NopCloser(bytes.NewReader([]byte("zdfsaf")))
- req.Header.Set(s3_constants.AmzCannedAcl, s3_constants.CannedAclPrivate)
- objectWriter := "accountA"
- _, errCode := ExtractAcl(req, accountManager, s3_constants.OwnershipObjectWriter, accountAdminId, accountAdminId, objectWriter)
- testCases = append(testCases, &Case{
- id: 3,
- resultErrCode: errCode, expectErrCode: s3err.ErrInvalidRequest,
- })
- }
- //case4 (bad case)
- //parse acp from header (cannedAcl is invalid)
- req := &http.Request{
- Header: make(map[string][]string),
- }
- req.Body = nil
- req.Header.Set(s3_constants.AmzCannedAcl, "dfaksjfk")
- objectWriter := "accountA"
- _, errCode := ExtractAcl(req, accountManager, s3_constants.OwnershipObjectWriter, accountAdminId, "", objectWriter)
- testCases = append(testCases, &Case{
- id: 4,
- resultErrCode: errCode, expectErrCode: s3err.ErrInvalidRequest,
- })
- {
- //case5 (bad case)
- //parse acp from request body: owner is inconsistent
- req.Body = io.NopCloser(bytes.NewReader([]byte(`
- <AccessControlPolicy xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
- <Owner>
- <ID>admin</ID>
- <DisplayName>admin</DisplayName>
- </Owner>
- <AccessControlList>
- <Grant>
- <Grantee xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="CanonicalUser">
- <ID>admin</ID>
- </Grantee>
- <Permission>FULL_CONTROL</Permission>
- </Grant>
- <Grant>
- <Grantee xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="Group">
- <URI>http://acs.amazonaws.com/groups/global/AllUsers</URI>
- </Grantee>
- <Permission>FULL_CONTROL</Permission>
- </Grant>
- </AccessControlList>
- </AccessControlPolicy>
- `)))
- objectWriter = "accountA"
- _, errCode := ExtractAcl(req, accountManager, s3_constants.OwnershipObjectWriter, accountAdminId, objectWriter, objectWriter)
- testCases = append(testCases, &Case{
- id: 5,
- resultErrCode: errCode, expectErrCode: s3err.ErrAccessDenied,
- })
- }
- for _, tc := range testCases {
- if tc.resultErrCode != tc.expectErrCode {
- t.Fatalf("case[%d]: errorCode not expect", tc.id)
- }
- if !grantsEquals(tc.resultGrants, tc.expectGrants) {
- t.Fatalf("case[%d]: grants not expect", tc.id)
- }
- }
- }
- func TestParseAndValidateAclHeaders(t *testing.T) {
- type Case struct {
- id int
- resultOwner, expectOwner string
- resultErrCode, expectErrCode s3err.ErrorCode
- resultGrants, expectGrants []*s3.Grant
- }
- testCases := make([]*Case, 0)
- bucketOwner := "admin"
- {
- //case1 (good case)
- //parse custom acl
- req := &http.Request{
- Header: make(map[string][]string),
- }
- objectWriter := "accountA"
- req.Header.Set(s3_constants.AmzAclFullControl, `uri="http://acs.amazonaws.com/groups/global/AllUsers", id="anonymous", emailAddress="admin@example.com"`)
- ownerId, grants, errCode := ParseAndValidateAclHeaders(req, accountManager, s3_constants.OwnershipObjectWriter, bucketOwner, objectWriter, false)
- testCases = append(testCases, &Case{
- 1,
- ownerId, objectWriter,
- errCode, s3err.ErrNone,
- grants, []*s3.Grant{
- {
- Grantee: &s3.Grantee{
- Type: &s3_constants.GrantTypeGroup,
- URI: &s3_constants.GranteeGroupAllUsers,
- },
- Permission: &s3_constants.PermissionFullControl,
- },
- {
- Grantee: &s3.Grantee{
- Type: &s3_constants.GrantTypeCanonicalUser,
- ID: &s3account.AccountAnonymous.Id,
- },
- Permission: &s3_constants.PermissionFullControl,
- },
- {
- Grantee: &s3.Grantee{
- Type: &s3_constants.GrantTypeCanonicalUser,
- ID: &s3account.AccountAdmin.Id,
- },
- Permission: &s3_constants.PermissionFullControl,
- },
- },
- })
- }
- {
- //case2 (good case)
- //parse canned acl (ownership=ObjectWriter)
- req := &http.Request{
- Header: make(map[string][]string),
- }
- objectWriter := "accountA"
- req.Header.Set(s3_constants.AmzCannedAcl, s3_constants.CannedAclBucketOwnerFullControl)
- ownerId, grants, errCode := ParseAndValidateAclHeaders(req, accountManager, s3_constants.OwnershipObjectWriter, bucketOwner, objectWriter, false)
- testCases = append(testCases, &Case{
- 2,
- ownerId, objectWriter,
- errCode, s3err.ErrNone,
- grants, []*s3.Grant{
- {
- Grantee: &s3.Grantee{
- Type: &s3_constants.GrantTypeCanonicalUser,
- ID: &objectWriter,
- },
- Permission: &s3_constants.PermissionFullControl,
- },
- {
- Grantee: &s3.Grantee{
- Type: &s3_constants.GrantTypeCanonicalUser,
- ID: &bucketOwner,
- },
- Permission: &s3_constants.PermissionFullControl,
- },
- },
- })
- }
- {
- //case3 (good case)
- //parse canned acl (ownership=OwnershipBucketOwnerPreferred)
- req := &http.Request{
- Header: make(map[string][]string),
- }
- objectWriter := "accountA"
- req.Header.Set(s3_constants.AmzCannedAcl, s3_constants.CannedAclBucketOwnerFullControl)
- ownerId, grants, errCode := ParseAndValidateAclHeaders(req, accountManager, s3_constants.OwnershipBucketOwnerPreferred, bucketOwner, objectWriter, false)
- testCases = append(testCases, &Case{
- 3,
- ownerId, bucketOwner,
- errCode, s3err.ErrNone,
- grants, []*s3.Grant{
- {
- Grantee: &s3.Grantee{
- Type: &s3_constants.GrantTypeCanonicalUser,
- ID: &bucketOwner,
- },
- Permission: &s3_constants.PermissionFullControl,
- },
- },
- })
- }
- {
- //case4 (bad case)
- //parse custom acl (grantee id not exists)
- req := &http.Request{
- Header: make(map[string][]string),
- }
- objectWriter := "accountA"
- req.Header.Set(s3_constants.AmzAclFullControl, `uri="http://acs.amazonaws.com/groups/global/AllUsers", id="notExistsAccount", emailAddress="admin@example.com"`)
- _, _, errCode := ParseAndValidateAclHeaders(req, accountManager, s3_constants.OwnershipObjectWriter, bucketOwner, objectWriter, false)
- testCases = append(testCases, &Case{
- id: 4,
- resultErrCode: errCode, expectErrCode: s3err.ErrInvalidRequest,
- })
- }
- {
- //case5 (bad case)
- //parse custom acl (invalid format)
- req := &http.Request{
- Header: make(map[string][]string),
- }
- objectWriter := "accountA"
- req.Header.Set(s3_constants.AmzAclFullControl, `uri="http:sfasf"`)
- _, _, errCode := ParseAndValidateAclHeaders(req, accountManager, s3_constants.OwnershipObjectWriter, bucketOwner, objectWriter, false)
- testCases = append(testCases, &Case{
- id: 5,
- resultErrCode: errCode, expectErrCode: s3err.ErrInvalidRequest,
- })
- }
- {
- //case6 (bad case)
- //parse canned acl (invalid value)
- req := &http.Request{
- Header: make(map[string][]string),
- }
- objectWriter := "accountA"
- req.Header.Set(s3_constants.AmzCannedAcl, `uri="http:sfasf"`)
- _, _, errCode := ParseAndValidateAclHeaders(req, accountManager, s3_constants.OwnershipObjectWriter, bucketOwner, objectWriter, false)
- testCases = append(testCases, &Case{
- id: 5,
- resultErrCode: errCode, expectErrCode: s3err.ErrInvalidRequest,
- })
- }
- for _, tc := range testCases {
- if tc.expectErrCode != tc.resultErrCode {
- t.Errorf("case[%d]: errCode unexpect", tc.id)
- }
- if tc.resultOwner != tc.expectOwner {
- t.Errorf("case[%d]: ownerId unexpect", tc.id)
- }
- if !grantsEquals(tc.resultGrants, tc.expectGrants) {
- t.Fatalf("case[%d]: grants not expect", tc.id)
- }
- }
- }
- func grantsEquals(a, b []*s3.Grant) bool {
- if len(a) != len(b) {
- return false
- }
- for i, grant := range a {
- if !GrantEquals(grant, b[i]) {
- return false
- }
- }
- return true
- }
- func TestDetermineReqGrants(t *testing.T) {
- {
- //case1: request account is anonymous
- accountId := s3account.AccountAnonymous.Id
- reqPermission := s3_constants.PermissionRead
- resultGrants := DetermineReqGrants(accountId, reqPermission)
- expectGrants := []*s3.Grant{
- {
- Grantee: &s3.Grantee{
- Type: &s3_constants.GrantTypeGroup,
- URI: &s3_constants.GranteeGroupAllUsers,
- },
- Permission: &reqPermission,
- },
- {
- Grantee: &s3.Grantee{
- Type: &s3_constants.GrantTypeGroup,
- URI: &s3_constants.GranteeGroupAllUsers,
- },
- Permission: &s3_constants.PermissionFullControl,
- },
- {
- Grantee: &s3.Grantee{
- Type: &s3_constants.GrantTypeCanonicalUser,
- ID: &accountId,
- },
- Permission: &reqPermission,
- },
- {
- Grantee: &s3.Grantee{
- Type: &s3_constants.GrantTypeCanonicalUser,
- ID: &accountId,
- },
- Permission: &s3_constants.PermissionFullControl,
- },
- }
- if !grantsEquals(resultGrants, expectGrants) {
- t.Fatalf("grants not expect")
- }
- }
- {
- //case2: request account is not anonymous (Iam authed)
- accountId := "accountX"
- reqPermission := s3_constants.PermissionRead
- resultGrants := DetermineReqGrants(accountId, reqPermission)
- expectGrants := []*s3.Grant{
- {
- Grantee: &s3.Grantee{
- Type: &s3_constants.GrantTypeGroup,
- URI: &s3_constants.GranteeGroupAllUsers,
- },
- Permission: &reqPermission,
- },
- {
- Grantee: &s3.Grantee{
- Type: &s3_constants.GrantTypeGroup,
- URI: &s3_constants.GranteeGroupAllUsers,
- },
- Permission: &s3_constants.PermissionFullControl,
- },
- {
- Grantee: &s3.Grantee{
- Type: &s3_constants.GrantTypeCanonicalUser,
- ID: &accountId,
- },
- Permission: &reqPermission,
- },
- {
- Grantee: &s3.Grantee{
- Type: &s3_constants.GrantTypeCanonicalUser,
- ID: &accountId,
- },
- Permission: &s3_constants.PermissionFullControl,
- },
- {
- Grantee: &s3.Grantee{
- Type: &s3_constants.GrantTypeGroup,
- URI: &s3_constants.GranteeGroupAuthenticatedUsers,
- },
- Permission: &reqPermission,
- },
- {
- Grantee: &s3.Grantee{
- Type: &s3_constants.GrantTypeGroup,
- URI: &s3_constants.GranteeGroupAuthenticatedUsers,
- },
- Permission: &s3_constants.PermissionFullControl,
- },
- }
- if !grantsEquals(resultGrants, expectGrants) {
- t.Fatalf("grants not expect")
- }
- }
- }
- func TestAssembleEntryWithAcp(t *testing.T) {
- defaultOwner := "admin"
- //case1
- //assemble with non-empty grants
- expectOwner := "accountS"
- expectGrants := []*s3.Grant{
- {
- Permission: &s3_constants.PermissionRead,
- Grantee: &s3.Grantee{
- Type: &s3_constants.GrantTypeGroup,
- ID: &s3account.AccountAdmin.Id,
- URI: &s3_constants.GranteeGroupAllUsers,
- },
- },
- }
- entry := &filer_pb.Entry{}
- AssembleEntryWithAcp(entry, expectOwner, expectGrants)
- resultOwner := GetAcpOwner(entry.Extended, defaultOwner)
- if resultOwner != expectOwner {
- t.Fatalf("owner not expect")
- }
- resultGrants := GetAcpGrants(entry.Extended)
- if !grantsEquals(resultGrants, expectGrants) {
- t.Fatal("grants not expect")
- }
- //case2
- //assemble with empty grants (override)
- AssembleEntryWithAcp(entry, "", nil)
- resultOwner = GetAcpOwner(entry.Extended, defaultOwner)
- if resultOwner != defaultOwner {
- t.Fatalf("owner not expect")
- }
- resultGrants = GetAcpGrants(entry.Extended)
- if len(resultGrants) != 0 {
- t.Fatal("grants not expect")
- }
- }
- func TestGrantEquals(t *testing.T) {
- testCases := map[bool]bool{
- GrantEquals(nil, nil): true,
- GrantEquals(&s3.Grant{}, nil): false,
- GrantEquals(&s3.Grant{}, &s3.Grant{}): true,
- GrantEquals(&s3.Grant{
- Permission: &s3_constants.PermissionRead,
- }, &s3.Grant{}): false,
- GrantEquals(&s3.Grant{
- Permission: &s3_constants.PermissionRead,
- }, &s3.Grant{
- Permission: &s3_constants.PermissionRead,
- }): true,
- GrantEquals(&s3.Grant{
- Permission: &s3_constants.PermissionRead,
- Grantee: &s3.Grantee{},
- }, &s3.Grant{
- Permission: &s3_constants.PermissionRead,
- Grantee: &s3.Grantee{},
- }): true,
- GrantEquals(&s3.Grant{
- Permission: &s3_constants.PermissionRead,
- Grantee: &s3.Grantee{
- Type: &s3_constants.GrantTypeGroup,
- },
- }, &s3.Grant{
- Permission: &s3_constants.PermissionRead,
- Grantee: &s3.Grantee{},
- }): false,
- //type not present, compare other fields of grant is meaningless
- GrantEquals(&s3.Grant{
- Permission: &s3_constants.PermissionRead,
- Grantee: &s3.Grantee{
- ID: &s3account.AccountAdmin.Id,
- EmailAddress: &s3account.AccountAdmin.EmailAddress,
- },
- }, &s3.Grant{
- Permission: &s3_constants.PermissionRead,
- Grantee: &s3.Grantee{
- ID: &s3account.AccountAdmin.Id,
- },
- }): true,
- GrantEquals(&s3.Grant{
- Permission: &s3_constants.PermissionRead,
- Grantee: &s3.Grantee{
- Type: &s3_constants.GrantTypeGroup,
- },
- }, &s3.Grant{
- Permission: &s3_constants.PermissionRead,
- Grantee: &s3.Grantee{
- Type: &s3_constants.GrantTypeGroup,
- },
- }): true,
- GrantEquals(&s3.Grant{
- Permission: &s3_constants.PermissionRead,
- Grantee: &s3.Grantee{
- Type: &s3_constants.GrantTypeGroup,
- URI: &s3_constants.GranteeGroupAllUsers,
- },
- }, &s3.Grant{
- Permission: &s3_constants.PermissionRead,
- Grantee: &s3.Grantee{
- Type: &s3_constants.GrantTypeGroup,
- URI: &s3_constants.GranteeGroupAllUsers,
- },
- }): true,
- GrantEquals(&s3.Grant{
- Permission: &s3_constants.PermissionWrite,
- Grantee: &s3.Grantee{
- Type: &s3_constants.GrantTypeGroup,
- URI: &s3_constants.GranteeGroupAllUsers,
- },
- }, &s3.Grant{
- Permission: &s3_constants.PermissionRead,
- Grantee: &s3.Grantee{
- Type: &s3_constants.GrantTypeGroup,
- URI: &s3_constants.GranteeGroupAllUsers,
- },
- }): false,
- GrantEquals(&s3.Grant{
- Permission: &s3_constants.PermissionRead,
- Grantee: &s3.Grantee{
- Type: &s3_constants.GrantTypeGroup,
- ID: &s3account.AccountAdmin.Id,
- },
- }, &s3.Grant{
- Permission: &s3_constants.PermissionRead,
- Grantee: &s3.Grantee{
- Type: &s3_constants.GrantTypeGroup,
- ID: &s3account.AccountAdmin.Id,
- },
- }): true,
- GrantEquals(&s3.Grant{
- Permission: &s3_constants.PermissionRead,
- Grantee: &s3.Grantee{
- Type: &s3_constants.GrantTypeGroup,
- ID: &s3account.AccountAdmin.Id,
- URI: &s3_constants.GranteeGroupAllUsers,
- },
- }, &s3.Grant{
- Permission: &s3_constants.PermissionRead,
- Grantee: &s3.Grantee{
- Type: &s3_constants.GrantTypeGroup,
- ID: &s3account.AccountAdmin.Id,
- },
- }): false,
- GrantEquals(&s3.Grant{
- Permission: &s3_constants.PermissionRead,
- Grantee: &s3.Grantee{
- Type: &s3_constants.GrantTypeGroup,
- ID: &s3account.AccountAdmin.Id,
- URI: &s3_constants.GranteeGroupAllUsers,
- },
- }, &s3.Grant{
- Permission: &s3_constants.PermissionRead,
- Grantee: &s3.Grantee{
- Type: &s3_constants.GrantTypeGroup,
- URI: &s3_constants.GranteeGroupAllUsers,
- },
- }): true,
- }
- for tc, expect := range testCases {
- if tc != expect {
- t.Fatal("TestGrantEquals not expect!")
- }
- }
- }
- func TestSetAcpOwnerHeader(t *testing.T) {
- ownerId := "accountZ"
- req := &http.Request{
- Header: make(map[string][]string),
- }
- SetAcpOwnerHeader(req, ownerId)
- if req.Header.Get(s3_constants.ExtAmzOwnerKey) != ownerId {
- t.Fatalf("owner unexpect")
- }
- }
- func TestSetAcpGrantsHeader(t *testing.T) {
- req := &http.Request{
- Header: make(map[string][]string),
- }
- grants := []*s3.Grant{
- {
- Permission: &s3_constants.PermissionRead,
- Grantee: &s3.Grantee{
- Type: &s3_constants.GrantTypeGroup,
- ID: &s3account.AccountAdmin.Id,
- URI: &s3_constants.GranteeGroupAllUsers,
- },
- },
- }
- SetAcpGrantsHeader(req, grants)
- grantsJson, _ := json.Marshal(grants)
- if req.Header.Get(s3_constants.ExtAmzAclKey) != string(grantsJson) {
- t.Fatalf("owner unexpect")
- }
- }
|