Пример #1
0
// New gives new uploader built from the given options.
func New(cfg *Options) *Uploader {
	log := defaultLog
	if l, ok := cfg.Log.(logging.Logger); ok {
		log = l
	}

	up := &Uploader{
		cfg: cfg,
		rotate: &logrotate.Uploader{
			UserBucket: keygen.NewUserBucket(&keygen.Config{
				ServerURL: cfg.KeygenURL,
				Kite:      cfg.Kite,
				Bucket:    cfg.Bucket,
				Region:    cfg.Region,
				Log:       log,
			}),
			MetaStore: storage.NewEncodingStorage(cfg.DB, []byte("uploader.metadata")),
		},
		req:   make(chan *request),
		close: make(chan struct{}),
	}

	go up.process()

	return up
}
Пример #2
0
func TestKeygen_UserBucket(t *testing.T) {
	var f keygentest.Flags

	if err := keygentest.ParseFlags(&f); err != nil {
		t.Fatal(err)
	}

	// to cleanup after tests
	rootS3 := s3.New(session.New(f.AWSConfig()))
	drv := &keygentest.Driver{ChanCap: 1}
	cfg := f.Config()

	defer drv.Server(cfg)()

	populate := map[string][]struct {
		Key     string
		Content string
	}{
		"testuser1": {
			{"user", "testuser1"},
			{"time", time.Now().String()},
		},
		"testuser2": {
			{"user", "testuser2"},
			{"time", time.Now().String()},
		},
		"testuser3": {
			{"user", "testuser3"},
			{"time", time.Now().String()},
		},
	}

	for username, files := range populate {
		ub := keygen.NewUserBucket(drv.Kite(cfg, username))

		for _, file := range files {
			if _, err := ub.Put(file.Key, strings.NewReader(file.Content)); err != nil {
				t.Fatalf("%s: Put(%s)=%s", username, file.Key, err)
			}

			defer rootS3.DeleteObject(&s3.DeleteObjectInput{
				Bucket: &cfg.Bucket,
				Key:    aws.String(username + "/" + file.Key),
			})
		}

		for otherUser, files := range populate {
			for _, file := range files {
				key := otherUser + "/" + file.Key

				// Ensure current user has no permission to upload to other user directories.
				if username != otherUser {
					_, err := ub.UserPut(key, strings.NewReader(file.Content))

					if e := testErrorCode(err, "AccessDenied"); e != nil {
						t.Errorf("%s -> %s: PutObject: %s", username, otherUser, e)
					}
				}

				// Ensure current user has no permissions to delete objects.
				_, err := ub.S3().DeleteObject(&s3.DeleteObjectInput{
					Bucket: &cfg.Bucket,
					Key:    &key,
				})

				if e := testErrorCode(err, "AccessDenied"); e != nil {
					t.Errorf("%s -> %s: DeleteObject: %s", username, otherUser, e)
				}

				// Ensure current user has no permissions to get objects.
				_, err = ub.S3().GetObject(&s3.GetObjectInput{
					Bucket: &cfg.Bucket,
					Key:    &key,
				})

				if e := testErrorCode(err, "AccessDenied"); e != nil {
					t.Errorf("%s -> %s: GetObject: %s", username, otherUser, e)
				}

				// Ensure current user has no permissions to list objects.
				_, err = ub.S3().ListObjects(&s3.ListObjectsInput{
					Bucket: &cfg.Bucket,
					Prefix: &key,
				})

				if e := testErrorCode(err, "AccessDenied"); e != nil {
					t.Errorf("%s -> %s: ListObjects: %s", username, otherUser, e)
				}
			}
		}
	}
}