// New gives new uploader built from the given options.
func New(cfg *Options) *Uploader {
log := defaultLog
if l, ok := cfg.Log.(logging.Logger); ok {
log = l
}
up := &Uploader{
cfg: cfg,
rotate: &logrotate.Uploader{
UserBucket: keygen.NewUserBucket(&keygen.Config{
ServerURL: cfg.KeygenURL,
Kite: cfg.Kite,
Bucket: cfg.Bucket,
Region: cfg.Region,
Log: log,
}),
MetaStore: storage.NewEncodingStorage(cfg.DB, []byte("uploader.metadata")),
},
req: make(chan *request),
close: make(chan struct{}),
}
go up.process()
return up
}
func TestKeygen_UserBucket(t *testing.T) {
var f keygentest.Flags
if err := keygentest.ParseFlags(&f); err != nil {
t.Fatal(err)
}
// to cleanup after tests
rootS3 := s3.New(session.New(f.AWSConfig()))
drv := &keygentest.Driver{ChanCap: 1}
cfg := f.Config()
defer drv.Server(cfg)()
populate := map[string][]struct {
Key string
Content string
}{
"testuser1": {
{"user", "testuser1"},
{"time", time.Now().String()},
},
"testuser2": {
{"user", "testuser2"},
{"time", time.Now().String()},
},
"testuser3": {
{"user", "testuser3"},
{"time", time.Now().String()},
},
}
for username, files := range populate {
ub := keygen.NewUserBucket(drv.Kite(cfg, username))
for _, file := range files {
if _, err := ub.Put(file.Key, strings.NewReader(file.Content)); err != nil {
t.Fatalf("%s: Put(%s)=%s", username, file.Key, err)
}
defer rootS3.DeleteObject(&s3.DeleteObjectInput{
Bucket: &cfg.Bucket,
Key: aws.String(username + "/" + file.Key),
})
}
for otherUser, files := range populate {
for _, file := range files {
key := otherUser + "/" + file.Key
// Ensure current user has no permission to upload to other user directories.
if username != otherUser {
_, err := ub.UserPut(key, strings.NewReader(file.Content))
if e := testErrorCode(err, "AccessDenied"); e != nil {
t.Errorf("%s -> %s: PutObject: %s", username, otherUser, e)
}
}
// Ensure current user has no permissions to delete objects.
_, err := ub.S3().DeleteObject(&s3.DeleteObjectInput{
Bucket: &cfg.Bucket,
Key: &key,
})
if e := testErrorCode(err, "AccessDenied"); e != nil {
t.Errorf("%s -> %s: DeleteObject: %s", username, otherUser, e)
}
// Ensure current user has no permissions to get objects.
_, err = ub.S3().GetObject(&s3.GetObjectInput{
Bucket: &cfg.Bucket,
Key: &key,
})
if e := testErrorCode(err, "AccessDenied"); e != nil {
t.Errorf("%s -> %s: GetObject: %s", username, otherUser, e)
}
// Ensure current user has no permissions to list objects.
_, err = ub.S3().ListObjects(&s3.ListObjectsInput{
Bucket: &cfg.Bucket,
Prefix: &key,
})
if e := testErrorCode(err, "AccessDenied"); e != nil {
t.Errorf("%s -> %s: ListObjects: %s", username, otherUser, e)
}
}
}
}
}