blob: b5ca04359a05edd9a19b94127644534e0092bc82 [file] [log] [blame]
// Copyright 2019 Google LLC
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package storage
import (
"context"
"encoding/base64"
"encoding/json"
"fmt"
"io/ioutil"
"net/url"
"os"
"strconv"
"strings"
"testing"
"time"
storage_v1_tests "cloud.google.com/go/storage/internal/test/conformance"
"github.com/google/go-cmp/cmp"
"google.golang.org/api/option"
"google.golang.org/protobuf/encoding/protojson"
)
func TestPostPolicyV4Conformance(t *testing.T) {
oldUTCNow := utcNow
defer func() {
utcNow = oldUTCNow
}()
googleAccessID, privateKey, testFiles := parseFiles(t)
for _, testFile := range testFiles {
for _, tc := range testFile.PostPolicyV4Tests {
t.Run(tc.Description, func(t *testing.T) {
pin := tc.PolicyInput
utcNow = func() time.Time {
return time.Unix(pin.GetTimestamp().GetSeconds(), 0).UTC()
}
var style URLStyle
switch pin.UrlStyle {
case storage_v1_tests.UrlStyle_PATH_STYLE:
style = PathStyle()
case storage_v1_tests.UrlStyle_VIRTUAL_HOSTED_STYLE:
style = VirtualHostedStyle()
case storage_v1_tests.UrlStyle_BUCKET_BOUND_HOSTNAME:
style = BucketBoundHostname(pin.BucketBoundHostname)
}
var conditions []PostPolicyV4Condition
// Build the various conditions.
pinConds := pin.Conditions
if pinConds != nil {
if clr := pinConds.ContentLengthRange; len(clr) > 0 {
conditions = append(conditions, ConditionContentLengthRange(uint64(clr[0]), uint64(clr[1])))
}
if sw := pinConds.StartsWith; len(sw) > 0 {
conditions = append(conditions, ConditionStartsWith(sw[0], sw[1]))
}
}
metadata := make(map[string]string, len(pin.Fields))
for key, value := range pin.Fields {
if strings.HasPrefix(key, "x-goog-meta") {
metadata[key] = value
}
}
got, err := GenerateSignedPostPolicyV4(pin.Bucket, pin.Object, &PostPolicyV4Options{
GoogleAccessID: googleAccessID,
PrivateKey: []byte(privateKey),
Expires: utcNow().Add(time.Duration(pin.Expiration) * time.Second),
Style: style,
Insecure: pin.Scheme == "http",
Conditions: conditions,
Fields: &PolicyV4Fields{
ACL: pin.Fields["acl"],
CacheControl: pin.Fields["cache-control"],
ContentEncoding: pin.Fields["content-encoding"],
ContentDisposition: pin.Fields["content-disposition"],
ContentType: pin.Fields["content-type"],
Metadata: metadata,
RedirectToURLOnSuccess: strings.TrimSpace(pin.Fields["success_action_redirect"]),
StatusCodeOnSuccess: mustInt(t, pin.Fields["success_action_status"]),
},
})
if err != nil {
t.Fatal(err)
}
want := tc.PolicyOutput
switch wantURL, err := url.Parse(want.Url); {
case err != nil:
t.Errorf("Failed to parse want.Url: %v", err)
default:
// Sort the headers.
wantURL.RawQuery = wantURL.Query().Encode()
if diff := cmp.Diff(got.URL, wantURL.String()); diff != "" {
t.Errorf("URL mismatch: got - want +\n%s", diff)
}
}
gotPolicy := b64Decode(t, got.Fields["policy"], "got")
wantPolicy := want.ExpectedDecodedPolicy
if diff := cmp.Diff(gotPolicy, wantPolicy); diff != "" {
t.Fatalf("Policy mismatch: got - want +\n%s", diff)
}
})
}
}
}
func b64Decode(t *testing.T, b64Str, name string) string {
dec, err := base64.StdEncoding.DecodeString(b64Str)
if err != nil {
t.Fatalf("%q: Base64 decoding failed: %v", name, err)
}
return string(dec)
}
func mustInt(t *testing.T, s string) int {
if s == "" {
return 0
}
i, err := strconv.ParseInt(s, 10, 64)
if err != nil {
t.Fatal(err)
}
return int(i)
}
func TestSigningV4Conformance(t *testing.T) {
oldUTCNow := utcNow
defer func() {
utcNow = oldUTCNow
}()
googleAccessID, privateKey, testFiles := parseFiles(t)
for _, testFile := range testFiles {
for _, tc := range testFile.SigningV4Tests {
t.Run(tc.Description, func(t *testing.T) {
utcNow = func() time.Time {
return time.Unix(tc.Timestamp.Seconds, 0).UTC()
}
qp := url.Values{}
if tc.QueryParameters != nil {
for k, v := range tc.QueryParameters {
qp.Add(k, v)
}
}
var style URLStyle
switch tc.UrlStyle {
case storage_v1_tests.UrlStyle_PATH_STYLE:
style = PathStyle()
case storage_v1_tests.UrlStyle_VIRTUAL_HOSTED_STYLE:
style = VirtualHostedStyle()
case storage_v1_tests.UrlStyle_BUCKET_BOUND_HOSTNAME:
style = BucketBoundHostname(tc.BucketBoundHostname)
}
t.Setenv("STORAGE_EMULATOR_HOST", tc.EmulatorHostname)
opts := []option.ClientOption{option.WithoutAuthentication()}
if tc.ClientEndpoint != "" {
opts = append(opts, option.WithEndpoint(tc.ClientEndpoint))
}
if tc.UniverseDomain != "" {
opts = append(opts, option.WithUniverseDomain(tc.UniverseDomain))
}
c, err := NewClient(context.Background(), opts...)
if err != nil {
t.Fatalf("NewClient: %v", err)
}
gotURL, err := c.Bucket(tc.Bucket).SignedURL(tc.Object, &SignedURLOptions{
GoogleAccessID: googleAccessID,
PrivateKey: []byte(privateKey),
Method: tc.Method,
Expires: utcNow().Add(time.Duration(tc.Expiration) * time.Second),
Scheme: SigningSchemeV4,
Headers: headersAsSlice(tc.Headers),
QueryParameters: qp,
Style: style,
Insecure: tc.Scheme == "http",
Hostname: tc.Hostname,
})
if err != nil {
t.Fatal(err)
}
wantURL, err := url.Parse(tc.ExpectedUrl)
if err != nil {
t.Fatal(err)
}
// Sort the headers.
wantURL.RawQuery = wantURL.Query().Encode()
if gotURL != wantURL.String() {
t.Fatalf("\nwant:\t%s\ngot:\t%s", wantURL.String(), gotURL)
}
})
}
}
}
func headersAsSlice(m map[string]string) []string {
var s []string
for k, v := range m {
s = append(s, fmt.Sprintf("%s:%s", k, v))
}
return s
}
func parseFiles(t *testing.T) (googleAccessID, privateKey string, testFiles []*storage_v1_tests.TestFile) {
dir := "internal/test/conformance"
inBytes, err := ioutil.ReadFile(dir + "/service-account")
if err != nil {
t.Fatal(err)
}
serviceAccount := map[string]string{}
if err := json.Unmarshal(inBytes, &serviceAccount); err != nil {
t.Fatal(err)
}
googleAccessID = serviceAccount["client_email"]
privateKey = serviceAccount["private_key"]
files, err := os.ReadDir(dir)
if err != nil {
t.Fatal(err)
}
for _, f := range files {
if !strings.HasSuffix(f.Name(), ".json") {
continue
}
inBytes, err := os.ReadFile(dir + "/" + f.Name())
if err != nil {
t.Fatalf("%s: %v", f.Name(), err)
}
testFile := new(storage_v1_tests.TestFile)
if err := protojson.Unmarshal(inBytes, testFile); err != nil {
t.Fatalf("unmarshalling %s: %v", f.Name(), err)
}
testFiles = append(testFiles, testFile)
}
return
}