pierre/MinioK8sBuckets
1
0
Fork 0
Code Issues Pull Requests 9 Packages Projects Releases Wiki Activity

Test properly anonymous access

Browse Source
This commit is contained in:
Pierre HUBERT 2023-05-08 14:23:30 +02:00
parent f779715d65
commit fb2a9f39fb
1 changed files with 132 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

151
src/minio.rs
View File

@ -74,6 +74,11 @@ struct MinioVersioning {
pub status: String, pub status: String,
} }
#[derive(Debug, Clone, Deserialize)]
struct MinioAnonymousAccess {
pub permission: String,
}
impl BasicMinioResult { impl BasicMinioResult {
pub fn success(&self) -> bool { pub fn success(&self) -> bool {
self.status == "success" self.status == "success"
@ -206,20 +211,9 @@ impl MinioService {
} }
self.bucket_set_versioning(&b.name, b.versioning).await?; self.bucket_set_versioning(&b.name, b.versioning).await?;
self.bucket_set_anonymous_access(&b.name, b.anonymous_read_access)
// Enable anonymous access, eg. public hosting
if b.anonymous_read_access {
let target = format!("{}/*", bucket_name);
let res = self
.exec_mc_cmd::<BasicMinioResult>(&["anonymous", "set", "download", target.as_str()])
.await?; .await?;
if res.get(0).map(|r| r.success()) != Some(true) {
return Err(MinioError::SetAnonymousAcccessFailed.into());
}
}
// Set quota, if requested // Set quota, if requested
if let Some(quota) = &b.quota { if let Some(quota) = &b.quota {
let quota = format!("{}MB", quota); let quota = format!("{}MB", quota);
@ -289,13 +283,52 @@ impl MinioService {
/// Get current bucket versioning status /// Get current bucket versioning status
pub async fn bucket_get_versioning(&self, bucket_name: &str) -> anyhow::Result<bool> { pub async fn bucket_get_versioning(&self, bucket_name: &str) -> anyhow::Result<bool> {
let bucket_name = self.absolute_bucket_name(bucket_name); let bucket_name = self.absolute_bucket_name(bucket_name);
Ok(self.exec_mc_cmd::<MinioGetVersioningResult>(&["version", "info", bucket_name.as_str()]) Ok(self
.exec_mc_cmd::<MinioGetVersioningResult>(&["version", "info", bucket_name.as_str()])
.await? .await?
.remove(0) .remove(0)
.versioning .versioning
.map(|v| v.status.to_lowercase().eq("enabled")) .map(|v| v.status.to_lowercase().eq("enabled"))
.unwrap_or_default()) .unwrap_or_default())
} }
/// Set bucket anonymous access
pub async fn bucket_set_anonymous_access(
&self,
bucket_name: &str,
access: bool,
) -> anyhow::Result<()> {
let target = self.absolute_bucket_name(bucket_name);
let res = self
.exec_mc_cmd::<BasicMinioResult>(&[
"anonymous",
"set",
match access {
true => "download",
false => "private",
},
target.as_str(),
])
.await?;
if res.get(0).map(|r| r.success()) != Some(true) {
return Err(MinioError::SetAnonymousAcccessFailed.into());
}
Ok(())
}
/// Get current bucket anonymous access status
pub async fn bucket_get_anonymous_access(&self, bucket_name: &str) -> anyhow::Result<bool> {
let bucket_name = self.absolute_bucket_name(bucket_name);
Ok(self
.exec_mc_cmd::<MinioAnonymousAccess>(&["anonymous", "get", bucket_name.as_str()])
.await?
.remove(0)
.permission
== "download")
}
} }
#[cfg(test)] #[cfg(test)]
@ -361,6 +394,10 @@ mod test {
.unwrap(); .unwrap();
assert!(service.bucket_exists(TEST_BUCKET_NAME).await.unwrap()); assert!(service.bucket_exists(TEST_BUCKET_NAME).await.unwrap());
assert!(service
.bucket_get_anonymous_access(TEST_BUCKET_NAME)
.await
.unwrap());
assert_eq!( assert_eq!(
reqwest::get(format!("{}/{}/test", service.hostname, TEST_BUCKET_NAME)) reqwest::get(format!("{}/{}/test", service.hostname, TEST_BUCKET_NAME))
.await .await
@ -402,6 +439,59 @@ mod test {
); );
} }
#[tokio::test]
async fn bucket_creation_without_anonymous_access_updating_status() {
let _ = env_logger::builder().is_test(true).try_init();
let srv = MinioTestServer::start().await.unwrap();
let service = srv.as_service();
service
.create_bucket(&MinioBucketSpec {
instance: "".to_string(),
name: TEST_BUCKET_NAME.to_string(),
secret: "".to_string(),
anonymous_read_access: false,
versioning: false,
quota: None,
lock: false,
retention: None,
})
.await
.unwrap();
assert!(service.bucket_exists(TEST_BUCKET_NAME).await.unwrap());
let test_url = format!("{}/{}/test", service.hostname, TEST_BUCKET_NAME);
assert_eq!(
reqwest::get(&test_url).await.unwrap().status().as_u16(),
403
);
service
.bucket_set_anonymous_access(TEST_BUCKET_NAME, true)
.await
.unwrap();
assert!(service
.bucket_get_anonymous_access(TEST_BUCKET_NAME)
.await
.unwrap());
assert_eq!(
reqwest::get(&test_url).await.unwrap().status().as_u16(),
404
);
service
.bucket_set_anonymous_access(TEST_BUCKET_NAME, false)
.await
.unwrap();
assert!(!service
.bucket_get_anonymous_access(TEST_BUCKET_NAME)
.await
.unwrap());
assert_eq!(
reqwest::get(&test_url).await.unwrap().status().as_u16(),
403
);
}
// With versioning // With versioning
#[tokio::test] #[tokio::test]
async fn bucket_with_versioning() { async fn bucket_with_versioning() {
@ -424,7 +514,10 @@ mod test {
.unwrap(); .unwrap();
assert!(service.bucket_exists(TEST_BUCKET_NAME).await.unwrap()); assert!(service.bucket_exists(TEST_BUCKET_NAME).await.unwrap());
assert!(service.bucket_get_versioning(TEST_BUCKET_NAME).await.unwrap()); assert!(service
.bucket_get_versioning(TEST_BUCKET_NAME)
.await
.unwrap());
} }
#[tokio::test] #[tokio::test]
@ -448,7 +541,10 @@ mod test {
.unwrap(); .unwrap();
assert!(service.bucket_exists(TEST_BUCKET_NAME).await.unwrap()); assert!(service.bucket_exists(TEST_BUCKET_NAME).await.unwrap());
assert!(!service.bucket_get_versioning(TEST_BUCKET_NAME).await.unwrap()); assert!(!service
.bucket_get_versioning(TEST_BUCKET_NAME)
.await
.unwrap());
} }
#[tokio::test] #[tokio::test]
@ -472,11 +568,26 @@ mod test {
.unwrap(); .unwrap();
assert!(service.bucket_exists(TEST_BUCKET_NAME).await.unwrap()); assert!(service.bucket_exists(TEST_BUCKET_NAME).await.unwrap());
assert!(!service.bucket_get_versioning(TEST_BUCKET_NAME).await.unwrap()); assert!(!service
service.bucket_set_versioning(TEST_BUCKET_NAME, true).await.unwrap(); .bucket_get_versioning(TEST_BUCKET_NAME)
assert!(service.bucket_get_versioning(TEST_BUCKET_NAME).await.unwrap()); .await
service.bucket_set_versioning(TEST_BUCKET_NAME, false).await.unwrap(); .unwrap());
assert!(!service.bucket_get_versioning(TEST_BUCKET_NAME).await.unwrap()); service
.bucket_set_versioning(TEST_BUCKET_NAME, true)
.await
.unwrap();
assert!(service
.bucket_get_versioning(TEST_BUCKET_NAME)
.await
.unwrap());
service
.bucket_set_versioning(TEST_BUCKET_NAME, false)
.await
.unwrap();
assert!(!service
.bucket_get_versioning(TEST_BUCKET_NAME)
.await
.unwrap());
} }
// TODO : with quota // TODO : with quota