db/pgbackrest
1
0
Fork 0
mirror of https://github.com/pgbackrest/pgbackrest.git synced 2025-01-06 03:53:59 +02:00
Code Issues Releases Activity

Simplify S3 configuration tests and add security token tests.

Browse Source 
Rather than calling storageS3New() directly, create the storage by loading a configuration and calling repoStorageGet(). This is a better end-to-end test and cuts down on a lot of redundant tests.

Add tests that include security tokens in error messages to ensure they are redacted.
This commit is contained in:
David Steele 2020-08-08 15:52:33 -04:00
parent 38f66d4bd3
commit 8b34f854f3
2 changed files with 132 additions and 168 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
test/define.yaml
View File

@ -466,7 +466,7 @@ unit:
# ---------------------------------------------------------------------------------------------------------------------------- # ----------------------------------------------------------------------------------------------------------------------------
- name: s3 - name: s3
total: 3 total: 2
coverage: coverage:
storage/s3/read: full storage/s3/read: full

298
test/src/module/storage/s3Test.c
View File

@ -31,21 +31,28 @@ typedef struct TestRequestParam
static void static void
testRequest(Storage *s3, const char *verb, const char *uri, TestRequestParam param) testRequest(Storage *s3, const char *verb, const char *uri, TestRequestParam param)
{ {
// Get S3 driver
StorageS3 *driver = (StorageS3 *)storageDriver(s3);
// Add authorization string // Add authorization string
String *request = strNewFmt( String *request = strNewFmt(
"%s %s HTTP/1.1\r\n" "%s %s HTTP/1.1\r\n"
"authorization:AWS4-HMAC-SHA256 Credential=AKIAIOSFODNN7EXAMPLE/\?\?\?\?\?\?\?\?/us-east-1/s3/aws4_request," "authorization:AWS4-HMAC-SHA256 Credential=AKIAIOSFODNN7EXAMPLE/\?\?\?\?\?\?\?\?/us-east-1/s3/aws4_request,"
"SignedHeaders=content-length;", "SignedHeaders=content-length",
verb, uri); verb, uri);
if (param.content != NULL) if (param.content != NULL)
strCatZ(request, "content-md5;"); strCatZ(request, ";content-md5");
strCatFmt( strCatZ(request, ";host;x-amz-content-sha256;x-amz-date");
request,
"host;x-amz-content-sha256;x-amz-date,Signature=????????????????????????????????????????????????????????????????\r\n" if (driver->securityToken != NULL)
"content-length:%zu\r\n", strCatZ(request, ";x-amz-security-token");
param.content == NULL ? 0 : strlen(param.content));
strCatZ(request, ",Signature=????????????????????????????????????????????????????????????????\r\n");
// Add content-length
strCatFmt(request, "content-length:%zu\r\n", param.content != NULL ? strlen(param.content) : 0);
// Add md5 // Add md5
if (param.content != NULL) if (param.content != NULL)
@ -56,7 +63,7 @@ testRequest(Storage *s3, const char *verb, const char *uri, TestRequestParam par
} }
// Add host // Add host
if (((StorageS3 *)storageDriver(s3))->uriStyle == storageS3UriStyleHost) if (driver->uriStyle == storageS3UriStyleHost)
strCatFmt(request, "host:bucket." S3_TEST_HOST "\r\n"); strCatFmt(request, "host:bucket." S3_TEST_HOST "\r\n");
else else
strCatFmt(request, "host:" S3_TEST_HOST "\r\n"); strCatFmt(request, "host:" S3_TEST_HOST "\r\n");
@ -65,11 +72,16 @@ testRequest(Storage *s3, const char *verb, const char *uri, TestRequestParam par
strCatFmt( strCatFmt(
request, request,
"x-amz-content-sha256:%s\r\n" "x-amz-content-sha256:%s\r\n"
"x-amz-date:????????T??????Z" "\r\n" "x-amz-date:????????T??????Z" "\r\n",
"\r\n",
param.content == NULL ? HASH_TYPE_SHA256_ZERO : strZ(bufHex(cryptoHashOne(HASH_TYPE_SHA256_STR, param.content == NULL ? HASH_TYPE_SHA256_ZERO : strZ(bufHex(cryptoHashOne(HASH_TYPE_SHA256_STR,
BUFSTRZ(param.content))))); BUFSTRZ(param.content)))));
if (driver->securityToken != NULL)
strCatFmt(request, "x-amz-security-token:%s\r\n", strZ(driver->securityToken));
// Add final \r\n
strCatZ(request, "\r\n");
// Add content // Add content
if (param.content != NULL) if (param.content != NULL)
strCatZ(request, param.content); strCatZ(request, param.content);
@ -161,140 +173,21 @@ testRun(void)
"kPpKPi/kMcGdQrmGdeehM4IC1NtBmUpp2wUE8phUZampKsburEDy0KPkyQDYwT7WZ0wq5VSXDvp75YU9HFvlRd8Tx6q6fE8YQcHNVXAkiY9q6d+xo0rKwT38xV" "kPpKPi/kMcGdQrmGdeehM4IC1NtBmUpp2wUE8phUZampKsburEDy0KPkyQDYwT7WZ0wq5VSXDvp75YU9HFvlRd8Tx6q6fE8YQcHNVXAkiY9q6d+xo0rKwT38xV"
"qr7ZD0u0iPPkUL64lIZbqBAz+scqKmlzm8FDrypNC9Yjc8fPOLn9FX9KSYvKTr4rvx3iSIlTJabIQwj2ICCR/oLxBA=="); "qr7ZD0u0iPPkUL64lIZbqBAz+scqKmlzm8FDrypNC9Yjc8fPOLn9FX9KSYvKTr4rvx3iSIlTJabIQwj2ICCR/oLxBA==");
// ***************************************************************************************************************************** // Config settings that are required for every test (without endpoint for special tests)
if (testBegin("storageS3New() and storageRepoGet()")) StringList *commonArgWithoutEndpointList = strLstNew();
{ strLstAddZ(commonArgWithoutEndpointList, "--" CFGOPT_STANZA "=db");
// Only required options strLstAddZ(commonArgWithoutEndpointList, "--" CFGOPT_REPO1_TYPE "=s3");
// ------------------------------------------------------------------------------------------------------------------------- strLstAdd(commonArgWithoutEndpointList, strNewFmt("--" CFGOPT_REPO1_PATH "=%s", strZ(path)));
StringList *argList = strLstNew(); strLstAdd(commonArgWithoutEndpointList, strNewFmt("--" CFGOPT_REPO1_S3_BUCKET "=%s", strZ(bucket)));
strLstAddZ(argList, "--stanza=db"); strLstAdd(commonArgWithoutEndpointList, strNewFmt("--" CFGOPT_REPO1_S3_REGION "=%s", strZ(region)));
strLstAddZ(argList, "--" CFGOPT_PG1_PATH "=/path/to/pg");
strLstAddZ(argList, "--repo1-type=s3");
strLstAdd(argList, strNewFmt("--repo1-path=%s", strZ(path)));
strLstAdd(argList, strNewFmt("--repo1-s3-bucket=%s", strZ(bucket)));
strLstAdd(argList, strNewFmt("--repo1-s3-region=%s", strZ(region)));
strLstAdd(argList, strNewFmt("--repo1-s3-endpoint=%s", strZ(endPoint)));
setenv("PGBACKREST_REPO1_S3_KEY", strZ(accessKey), true);
setenv("PGBACKREST_REPO1_S3_KEY_SECRET", strZ(secretAccessKey), true);
harnessCfgLoad(cfgCmdArchiveGet, argList);
Storage *storage = NULL; // TLS can only be verified in a container
TEST_ASSIGN(storage, storageRepoGet(strNew(STORAGE_S3_TYPE), false), "get S3 repo storage"); if (!testContainer())
TEST_RESULT_STR(storage->path, path, " check path"); strLstAddZ(commonArgWithoutEndpointList, "--no-" CFGOPT_REPO1_S3_VERIFY_TLS);
TEST_RESULT_STR(((StorageS3 *)storage->driver)->bucket, bucket, " check bucket");
TEST_RESULT_STR(((StorageS3 *)storage->driver)->region, region, " check region");
TEST_RESULT_STR(
((StorageS3 *)storage->driver)->bucketEndpoint, strNewFmt("%s.%s", strZ(bucket), strZ(endPoint)), " check host");
TEST_RESULT_STR(((StorageS3 *)storage->driver)->accessKey, accessKey, " check access key");
TEST_RESULT_STR(((StorageS3 *)storage->driver)->secretAccessKey, secretAccessKey, " check secret access key");
TEST_RESULT_STR(((StorageS3 *)storage->driver)->securityToken, NULL, " check security token");
TEST_RESULT_BOOL(storageFeature(storage, storageFeaturePath), false, " check path feature");
TEST_RESULT_BOOL(storageFeature(storage, storageFeatureCompress), false, " check compress feature");
// Add default options // Config settings that are required for every test (with endpoint)
// ------------------------------------------------------------------------------------------------------------------------- StringList *commonArgList = strLstDup(commonArgWithoutEndpointList);
argList = strLstNew(); strLstAdd(commonArgList, strNewFmt("--" CFGOPT_REPO1_S3_ENDPOINT "=%s", strZ(endPoint)));
strLstAddZ(argList, "--stanza=db");
strLstAddZ(argList, "--" CFGOPT_PG1_PATH "=/path/to/pg");
strLstAddZ(argList, "--repo1-type=s3");
strLstAdd(argList, strNewFmt("--repo1-path=%s", strZ(path)));
strLstAdd(argList, strNewFmt("--repo1-s3-bucket=%s", strZ(bucket)));
strLstAdd(argList, strNewFmt("--repo1-s3-region=%s", strZ(region)));
strLstAdd(argList, strNewFmt("--repo1-s3-endpoint=%s", strZ(endPoint)));
strLstAdd(argList, strNewFmt("--repo1-s3-host=%s", strZ(host)));
#ifdef TEST_CONTAINER_REQUIRED
strLstAddZ(argList, "--repo1-s3-ca-path=" TLS_CERT_FAKE_PATH);
strLstAddZ(argList, "--repo1-s3-ca-file=" TLS_CERT_TEST_CERT);
#endif
setenv("PGBACKREST_REPO1_S3_KEY", strZ(accessKey), true);
setenv("PGBACKREST_REPO1_S3_KEY_SECRET", strZ(secretAccessKey), true);
setenv("PGBACKREST_REPO1_S3_TOKEN", strZ(securityToken), true);
harnessCfgLoad(cfgCmdArchiveGet, argList);
TEST_ASSIGN(storage, storageRepoGet(strNew(STORAGE_S3_TYPE), false), "get S3 repo storage with options");
TEST_RESULT_STR(((StorageS3 *)storage->driver)->bucket, bucket, " check bucket");
TEST_RESULT_STR(((StorageS3 *)storage->driver)->region, region, " check region");
TEST_RESULT_STR(
((StorageS3 *)storage->driver)->bucketEndpoint, strNewFmt("%s.%s", strZ(bucket), strZ(endPoint)), " check host");
TEST_RESULT_STR(((StorageS3 *)storage->driver)->accessKey, accessKey, " check access key");
TEST_RESULT_STR(((StorageS3 *)storage->driver)->secretAccessKey, secretAccessKey, " check secret access key");
TEST_RESULT_STR(((StorageS3 *)storage->driver)->securityToken, securityToken, " check security token");
// Add a port to the endpoint
// -------------------------------------------------------------------------------------------------------------------------
argList = strLstNew();
strLstAddZ(argList, "--stanza=db");
strLstAddZ(argList, "--" CFGOPT_PG1_PATH "=/path/to/pg");
strLstAddZ(argList, "--repo1-type=s3");
strLstAdd(argList, strNewFmt("--repo1-path=%s", strZ(path)));
strLstAdd(argList, strNewFmt("--repo1-s3-bucket=%s", strZ(bucket)));
strLstAdd(argList, strNewFmt("--repo1-s3-region=%s", strZ(region)));
strLstAdd(argList, strNewFmt("--repo1-s3-endpoint=%s:999", strZ(endPoint)));
setenv("PGBACKREST_REPO1_S3_KEY", strZ(accessKey), true);
setenv("PGBACKREST_REPO1_S3_KEY_SECRET", strZ(secretAccessKey), true);
setenv("PGBACKREST_REPO1_S3_TOKEN", strZ(securityToken), true);
harnessCfgLoad(cfgCmdArchiveGet, argList);
TEST_ASSIGN(storage, storageRepoGet(strNew(STORAGE_S3_TYPE), false), "get S3 repo storage with options");
TEST_RESULT_STR(((StorageS3 *)storage->driver)->bucket, bucket, " check bucket");
TEST_RESULT_STR(((StorageS3 *)storage->driver)->region, region, " check region");
TEST_RESULT_STR(
((StorageS3 *)storage->driver)->bucketEndpoint, strNewFmt("%s.%s", strZ(bucket), strZ(endPoint)), " check host");
TEST_RESULT_STR(((StorageS3 *)storage->driver)->accessKey, accessKey, " check access key");
TEST_RESULT_STR(((StorageS3 *)storage->driver)->secretAccessKey, secretAccessKey, " check secret access key");
TEST_RESULT_STR(((StorageS3 *)storage->driver)->securityToken, securityToken, " check security token");
// Also add port to the host
// -------------------------------------------------------------------------------------------------------------------------
argList = strLstNew();
strLstAddZ(argList, "--stanza=db");
strLstAddZ(argList, "--" CFGOPT_PG1_PATH "=/path/to/pg");
strLstAddZ(argList, "--repo1-type=s3");
strLstAdd(argList, strNewFmt("--repo1-path=%s", strZ(path)));
strLstAdd(argList, strNewFmt("--repo1-s3-bucket=%s", strZ(bucket)));
strLstAdd(argList, strNewFmt("--repo1-s3-region=%s", strZ(region)));
strLstAdd(argList, strNewFmt("--repo1-s3-endpoint=%s:999", strZ(endPoint)));
strLstAdd(argList, strNewFmt("--repo1-s3-host=%s:7777", strZ(host)));
setenv("PGBACKREST_REPO1_S3_KEY", strZ(accessKey), true);
setenv("PGBACKREST_REPO1_S3_KEY_SECRET", strZ(secretAccessKey), true);
setenv("PGBACKREST_REPO1_S3_TOKEN", strZ(securityToken), true);
harnessCfgLoad(cfgCmdArchiveGet, argList);
TEST_ASSIGN(storage, storageRepoGet(strNew(STORAGE_S3_TYPE), false), "get S3 repo storage with options");
TEST_RESULT_STR(((StorageS3 *)storage->driver)->bucket, bucket, " check bucket");
TEST_RESULT_STR(((StorageS3 *)storage->driver)->region, region, " check region");
TEST_RESULT_STR(
((StorageS3 *)storage->driver)->bucketEndpoint, strNewFmt("%s.%s", strZ(bucket), strZ(endPoint)), " check host");
TEST_RESULT_STR(((StorageS3 *)storage->driver)->accessKey, accessKey, " check access key");
TEST_RESULT_STR(((StorageS3 *)storage->driver)->secretAccessKey, secretAccessKey, " check secret access key");
TEST_RESULT_STR(((StorageS3 *)storage->driver)->securityToken, securityToken, " check security token");
// Use the port option to override both
// -------------------------------------------------------------------------------------------------------------------------
argList = strLstNew();
strLstAddZ(argList, "--stanza=db");
strLstAddZ(argList, "--" CFGOPT_PG1_PATH "=/path/to/pg");
strLstAddZ(argList, "--repo1-type=s3");
strLstAdd(argList, strNewFmt("--repo1-path=%s", strZ(path)));
strLstAdd(argList, strNewFmt("--repo1-s3-bucket=%s", strZ(bucket)));
strLstAdd(argList, strNewFmt("--repo1-s3-region=%s", strZ(region)));
strLstAdd(argList, strNewFmt("--repo1-s3-endpoint=%s:999", strZ(endPoint)));
strLstAdd(argList, strNewFmt("--repo1-s3-host=%s:7777", strZ(host)));
strLstAddZ(argList, "--repo1-s3-port=9001");
setenv("PGBACKREST_REPO1_S3_KEY", strZ(accessKey), true);
setenv("PGBACKREST_REPO1_S3_KEY_SECRET", strZ(secretAccessKey), true);
setenv("PGBACKREST_REPO1_S3_TOKEN", strZ(securityToken), true);
harnessCfgLoad(cfgCmdArchiveGet, argList);
TEST_ASSIGN(storage, storageRepoGet(strNew(STORAGE_S3_TYPE), false), "get S3 repo storage with options");
TEST_RESULT_STR(((StorageS3 *)storage->driver)->bucket, bucket, " check bucket");
TEST_RESULT_STR(((StorageS3 *)storage->driver)->region, region, " check region");
TEST_RESULT_STR(
((StorageS3 *)storage->driver)->bucketEndpoint, strNewFmt("%s.%s", strZ(bucket), strZ(endPoint)), " check host");
TEST_RESULT_STR(((StorageS3 *)storage->driver)->accessKey, accessKey, " check access key");
TEST_RESULT_STR(((StorageS3 *)storage->driver)->secretAccessKey, secretAccessKey, " check secret access key");
TEST_RESULT_STR(((StorageS3 *)storage->driver)->securityToken, securityToken, " check security token");
}
// ***************************************************************************************************************************** // *****************************************************************************************************************************
if (testBegin("storageS3DateTime() and storageS3Auth()")) if (testBegin("storageS3DateTime() and storageS3Auth()"))
@ -302,13 +195,33 @@ testRun(void)
TEST_RESULT_STR_Z(storageS3DateTime(1491267845), "20170404T010405Z", "static date"); TEST_RESULT_STR_Z(storageS3DateTime(1491267845), "20170404T010405Z", "static date");
// ------------------------------------------------------------------------------------------------------------------------- // -------------------------------------------------------------------------------------------------------------------------
StorageS3 *driver = (StorageS3 *)storageDriver( TEST_TITLE("config without token");
storageS3New(
path, true, NULL, bucket, endPoint, storageS3UriStyleHost, region, accessKey, secretAccessKey, NULL, 16, 2, NULL, 0, StringList *argList = strLstDup(commonArgList);
0, testContainer(), NULL, NULL)); setenv("PGBACKREST_" CFGOPT_REPO1_S3_KEY, strZ(accessKey), true);
setenv("PGBACKREST_" CFGOPT_REPO1_S3_KEY_SECRET, strZ(secretAccessKey), true);
harnessCfgLoad(cfgCmdArchivePush, argList);
StorageS3 *driver = (StorageS3 *)storageDriver(storageRepoGet(STORAGE_S3_TYPE_STR, false));
TEST_RESULT_STR(driver->bucket, bucket, "check bucket");
TEST_RESULT_STR(driver->region, region, "check region");
TEST_RESULT_STR(driver->bucketEndpoint, strNewFmt("%s.%s", strZ(bucket), strZ(endPoint)), "check host");
TEST_RESULT_STR(driver->accessKey, accessKey, "check access key");
TEST_RESULT_STR(driver->secretAccessKey, secretAccessKey, "check secret access key");
TEST_RESULT_STR(driver->securityToken, NULL, "check security token");
TEST_RESULT_STR(
httpClientToLog(driver->httpClient),
strNewFmt(
"{ioClient: {type: tls, driver: {socketClient: {host: bucket.s3.amazonaws.com, port: 443, timeout: 60000}"
", timeout: 60000, verifyPeer: %s}}, reusable: 0, timeout: 60000}",
cvtBoolToConstZ(testContainer())),
"check http client");
// -------------------------------------------------------------------------------------------------------------------------
TEST_TITLE("auth with token");
HttpHeader *header = httpHeaderNew(NULL); HttpHeader *header = httpHeaderNew(NULL);
HttpQuery *query = httpQueryNewP(); HttpQuery *query = httpQueryNewP();
httpQueryAdd(query, strNew("list-type"), strNew("2")); httpQueryAdd(query, strNew("list-type"), strNew("2"));
@ -320,7 +233,7 @@ testRun(void)
"AWS4-HMAC-SHA256 Credential=AKIAIOSFODNN7EXAMPLE/20170606/us-east-1/s3/aws4_request," "AWS4-HMAC-SHA256 Credential=AKIAIOSFODNN7EXAMPLE/20170606/us-east-1/s3/aws4_request,"
"SignedHeaders=host;x-amz-content-sha256;x-amz-date," "SignedHeaders=host;x-amz-content-sha256;x-amz-date,"
"Signature=cb03bf1d575c1f8904dabf0e573990375340ab293ef7ad18d049fc1338fd89b3", "Signature=cb03bf1d575c1f8904dabf0e573990375340ab293ef7ad18d049fc1338fd89b3",
" check authorization header"); "check authorization header");
// Test again to be sure cache signing key is used // Test again to be sure cache signing key is used
const Buffer *lastSigningKey = driver->signingKey; const Buffer *lastSigningKey = driver->signingKey;
@ -333,27 +246,48 @@ testRun(void)
"AWS4-HMAC-SHA256 Credential=AKIAIOSFODNN7EXAMPLE/20170606/us-east-1/s3/aws4_request," "AWS4-HMAC-SHA256 Credential=AKIAIOSFODNN7EXAMPLE/20170606/us-east-1/s3/aws4_request,"
"SignedHeaders=host;x-amz-content-sha256;x-amz-date," "SignedHeaders=host;x-amz-content-sha256;x-amz-date,"
"Signature=cb03bf1d575c1f8904dabf0e573990375340ab293ef7ad18d049fc1338fd89b3", "Signature=cb03bf1d575c1f8904dabf0e573990375340ab293ef7ad18d049fc1338fd89b3",
" check authorization header"); "check authorization header");
TEST_RESULT_BOOL(driver->signingKey == lastSigningKey, true, " check signing key was reused"); TEST_RESULT_BOOL(driver->signingKey == lastSigningKey, true, "check signing key was reused");
// -------------------------------------------------------------------------------------------------------------------------
TEST_TITLE("change date to generate new signing key");
// Change the date to generate a new signing key
TEST_RESULT_VOID( TEST_RESULT_VOID(
storageS3Auth(driver, strNew("GET"), strNew("/"), query, strNew("20180814T080808Z"), header, HASH_TYPE_SHA256_ZERO_STR), storageS3Auth(driver, strNew("GET"), strNew("/"), query, strNew("20180814T080808Z"), header, HASH_TYPE_SHA256_ZERO_STR),
" generate authorization"); "generate authorization");
TEST_RESULT_STR_Z( TEST_RESULT_STR_Z(
httpHeaderGet(header, strNew("authorization")), httpHeaderGet(header, strNew("authorization")),
"AWS4-HMAC-SHA256 Credential=AKIAIOSFODNN7EXAMPLE/20180814/us-east-1/s3/aws4_request," "AWS4-HMAC-SHA256 Credential=AKIAIOSFODNN7EXAMPLE/20180814/us-east-1/s3/aws4_request,"
"SignedHeaders=host;x-amz-content-sha256;x-amz-date," "SignedHeaders=host;x-amz-content-sha256;x-amz-date,"
"Signature=d0fa9c36426eb94cdbaf287a7872c7a3b6c913f523163d0d7debba0758e36f49", "Signature=d0fa9c36426eb94cdbaf287a7872c7a3b6c913f523163d0d7debba0758e36f49",
" check authorization header"); "check authorization header");
TEST_RESULT_BOOL(driver->signingKey != lastSigningKey, true, " check signing key was regenerated"); TEST_RESULT_BOOL(driver->signingKey != lastSigningKey, true, "check signing key was regenerated");
// Test with security token
// ------------------------------------------------------------------------------------------------------------------------- // -------------------------------------------------------------------------------------------------------------------------
driver = (StorageS3 *)storageDriver( TEST_TITLE("config with token, endpoint with custom port, and ca-file/path");
storageS3New(
path, true, NULL, bucket, endPoint, storageS3UriStyleHost, region, accessKey, secretAccessKey, securityToken, 16, 2, argList = strLstDup(commonArgWithoutEndpointList);
NULL, 0, 0, testContainer(), NULL, NULL)); strLstAddZ(argList, "--" CFGOPT_REPO1_S3_ENDPOINT "=custom.endpoint:333");
strLstAddZ(argList, "--" CFGOPT_REPO1_S3_CA_PATH "=/path/to/cert");
strLstAdd(argList, strNewFmt("--" CFGOPT_REPO1_S3_CA_FILE "=%s/" TEST_CERTIFICATE_PREFIX ".crt", testRepoPath()));
setenv("PGBACKREST_" CFGOPT_REPO1_S3_KEY, strZ(accessKey), true);
setenv("PGBACKREST_" CFGOPT_REPO1_S3_KEY_SECRET, strZ(secretAccessKey), true);
setenv("PGBACKREST_" CFGOPT_REPO1_S3_TOKEN, strZ(securityToken), true);
harnessCfgLoad(cfgCmdArchivePush, argList);
driver = (StorageS3 *)storageDriver(storageRepoGet(STORAGE_S3_TYPE_STR, false));
TEST_RESULT_STR(driver->securityToken, securityToken, "check security token");
TEST_RESULT_STR(
httpClientToLog(driver->httpClient),
strNewFmt(
"{ioClient: {type: tls, driver: {socketClient: {host: bucket.custom.endpoint, port: 333, timeout: 60000}"
", timeout: 60000, verifyPeer: %s}}, reusable: 0, timeout: 60000}",
cvtBoolToConstZ(testContainer())),
"check http client");
// -------------------------------------------------------------------------------------------------------------------------
TEST_TITLE("auth with token");
TEST_RESULT_VOID( TEST_RESULT_VOID(
storageS3Auth(driver, strNew("GET"), strNew("/"), query, strNew("20170606T121212Z"), header, HASH_TYPE_SHA256_ZERO_STR), storageS3Auth(driver, strNew("GET"), strNew("/"), query, strNew("20170606T121212Z"), header, HASH_TYPE_SHA256_ZERO_STR),
@ -362,7 +296,7 @@ testRun(void)
httpHeaderGet(header, strNew("authorization")), httpHeaderGet(header, strNew("authorization")),
"AWS4-HMAC-SHA256 Credential=AKIAIOSFODNN7EXAMPLE/20170606/us-east-1/s3/aws4_request," "AWS4-HMAC-SHA256 Credential=AKIAIOSFODNN7EXAMPLE/20170606/us-east-1/s3/aws4_request,"
"SignedHeaders=host;x-amz-content-sha256;x-amz-date;x-amz-security-token," "SignedHeaders=host;x-amz-content-sha256;x-amz-date;x-amz-security-token,"
"Signature=c12565bf5d7e0ef623f76d66e09e5431aebef803f6a25a01c586525f17e474a3", "Signature=85278841678ccbc0f137759265030d7b5e237868dd36eea658426b18344d1685",
" check authorization header"); " check authorization header");
} }
@ -382,9 +316,25 @@ testRun(void)
{ {
hrnTlsClientBegin(ioFdWriteNew(strNew("s3 client write"), HARNESS_FORK_PARENT_WRITE_PROCESS(0), 2000)); hrnTlsClientBegin(ioFdWriteNew(strNew("s3 client write"), HARNESS_FORK_PARENT_WRITE_PROCESS(0), 2000));
Storage *s3 = storageS3New( // -----------------------------------------------------------------------------------------------------------------
path, true, NULL, bucket, endPoint, storageS3UriStyleHost, region, accessKey, secretAccessKey, NULL, 16, 2, TEST_TITLE("config with keys, token, and host with custom port");
host, port, 5000, testContainer(), NULL, NULL);
StringList *argList = strLstDup(commonArgList);
strLstAdd(argList, strNewFmt("--" CFGOPT_REPO1_S3_HOST "=%s:%u", strZ(host), port));
setenv("PGBACKREST_" CFGOPT_REPO1_S3_KEY, strZ(accessKey), true);
setenv("PGBACKREST_" CFGOPT_REPO1_S3_KEY_SECRET, strZ(secretAccessKey), true);
setenv("PGBACKREST_" CFGOPT_REPO1_S3_TOKEN, strZ(securityToken), true);
harnessCfgLoad(cfgCmdArchivePush, argList);
Storage *s3 = storageRepoGet(STORAGE_S3_TYPE_STR, true);
StorageS3 *driver = (StorageS3 *)s3->driver;
TEST_RESULT_STR(s3->path, path, "check path");
TEST_RESULT_BOOL(storageFeature(s3, storageFeaturePath), false, "check path feature");
TEST_RESULT_BOOL(storageFeature(s3, storageFeatureCompress), false, "check compress feature");
// Set partSize to a small value for testing
driver->partSize = 16;
// Coverage for noop functions // Coverage for noop functions
// ----------------------------------------------------------------------------------------------------------------- // -----------------------------------------------------------------------------------------------------------------
@ -448,6 +398,7 @@ testRun(void)
"host: bucket." S3_TEST_HOST "\n" "host: bucket." S3_TEST_HOST "\n"
"x-amz-content-sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\n" "x-amz-content-sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\n"
"x-amz-date: <redacted>\n" "x-amz-date: <redacted>\n"
"x-amz-security-token: <redacted>\n"
"*** Response Headers ***:\n" "*** Response Headers ***:\n"
"content-length: 7\n" "content-length: 7\n"
"*** Response Content ***:\n" "*** Response Content ***:\n"
@ -610,7 +561,8 @@ testRun(void)
"content-length: 0\n" "content-length: 0\n"
"host: bucket." S3_TEST_HOST "\n" "host: bucket." S3_TEST_HOST "\n"
"x-amz-content-sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\n" "x-amz-content-sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\n"
"x-amz-date: <redacted>"); "x-amz-date: <redacted>\n"
"x-amz-security-token: <redacted>");
// ----------------------------------------------------------------------------------------------------------------- // -----------------------------------------------------------------------------------------------------------------
TEST_TITLE("error with xml"); TEST_TITLE("error with xml");
@ -634,6 +586,7 @@ testRun(void)
"host: bucket." S3_TEST_HOST "\n" "host: bucket." S3_TEST_HOST "\n"
"x-amz-content-sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\n" "x-amz-content-sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855\n"
"x-amz-date: <redacted>\n" "x-amz-date: <redacted>\n"
"x-amz-security-token: <redacted>\n"
"*** Response Headers ***:\n" "*** Response Headers ***:\n"
"content-length: 79\n" "content-length: 79\n"
"*** Response Content ***:\n" "*** Response Content ***:\n"
@ -821,9 +774,20 @@ testRun(void)
hrnTlsServerClose(); hrnTlsServerClose();
s3 = storageS3New( argList = strLstDup(commonArgList);
path, true, NULL, bucket, endPoint, storageS3UriStylePath, region, accessKey, secretAccessKey, NULL, 16, 2, strLstAddZ(argList, "--" CFGOPT_REPO1_S3_URI_STYLE "=" STORAGE_S3_URI_STYLE_PATH);
host, port, 5000, testContainer(), NULL, NULL); strLstAdd(argList, strNewFmt("--" CFGOPT_REPO1_S3_HOST "=%s", strZ(host)));
strLstAdd(argList, strNewFmt("--" CFGOPT_REPO1_S3_PORT "=%u", port));
setenv("PGBACKREST_" CFGOPT_REPO1_S3_KEY, strZ(accessKey), true);
setenv("PGBACKREST_" CFGOPT_REPO1_S3_KEY_SECRET, strZ(secretAccessKey), true);
unsetenv("PGBACKREST_" CFGOPT_REPO1_S3_TOKEN);
harnessCfgLoad(cfgCmdArchivePush, argList);
s3 = storageRepoGet(STORAGE_S3_TYPE_STR, true);
driver = (StorageS3 *)s3->driver;
// Set deleteMax to a small value for testing
driver->deleteMax = 2;
hrnTlsServerAccept(); hrnTlsServerAccept();