diff --git a/lib/api/apiUtils/bucket/bucketDeletion.js b/lib/api/apiUtils/bucket/bucketDeletion.js index 9c5fe60fe5..5b8225c136 100644 --- a/lib/api/apiUtils/bucket/bucketDeletion.js +++ b/lib/api/apiUtils/bucket/bucketDeletion.js @@ -24,7 +24,7 @@ function _deleteMPUbucket(destinationBucketName, log, cb) { }); } -function _deleteOngoingMPUs(authInfo, bucketName, bucketMD, mpus, log, cb) { +function _deleteOngoingMPUs(authInfo, bucketName, bucketMD, mpus, request, log, cb) { async.mapLimit(mpus, 1, (mpu, next) => { const splitterChar = mpu.key.includes(oldSplitter) ? oldSplitter : splitter; @@ -40,7 +40,7 @@ function _deleteOngoingMPUs(authInfo, bucketName, bucketMD, mpus, log, cb) { byteLength: partSizeSum, }); next(err); - }); + }, request); }, cb); } /** @@ -49,11 +49,13 @@ function _deleteOngoingMPUs(authInfo, bucketName, bucketMD, mpus, log, cb) { * @param {object} bucketMD - bucket attributes/metadata * @param {string} bucketName - bucket in which objectMetadata is stored * @param {string} canonicalID - account canonicalID of requester + * @param {object} request - request object given by router + * including normalized headers * @param {object} log - Werelogs logger * @param {function} cb - callback from async.waterfall in bucketDelete * @return {undefined} */ -function deleteBucket(authInfo, bucketMD, bucketName, canonicalID, log, cb) { +function deleteBucket(authInfo, bucketMD, bucketName, canonicalID, request, log, cb) { log.trace('deleting bucket from metadata'); assert.strictEqual(typeof bucketName, 'string'); assert.strictEqual(typeof canonicalID, 'string'); @@ -100,7 +102,7 @@ function deleteBucket(authInfo, bucketMD, bucketName, canonicalID, log, cb) { } if (objectsListRes.Contents.length) { return _deleteOngoingMPUs(authInfo, bucketName, - bucketMD, objectsListRes.Contents, log, err => { + bucketMD, objectsListRes.Contents, request, log, err => { if (err) { return next(err); } diff --git a/lib/api/bucketDelete.js b/lib/api/bucketDelete.js index 56553d827b..636dcff151 100644 --- a/lib/api/bucketDelete.js +++ b/lib/api/bucketDelete.js @@ -31,7 +31,7 @@ function bucketDelete(authInfo, request, log, cb) { request, }; - return metadataValidateBucket(metadataValParams, log, + return metadataValidateBucket(metadataValParams, request.actionImplicitDenies, log, (err, bucketMD) => { const corsHeaders = collectCorsHeaders(request.headers.origin, request.method, bucketMD); @@ -43,7 +43,7 @@ function bucketDelete(authInfo, request, log, cb) { log.trace('passed checks', { method: 'metadataValidateBucket' }); return deleteBucket(authInfo, bucketMD, bucketName, - authInfo.getCanonicalID(), log, err => { + authInfo.getCanonicalID(), request, log, err => { if (err) { return cb(err, corsHeaders); } diff --git a/lib/api/bucketDeleteCors.js b/lib/api/bucketDeleteCors.js index 9518229a24..007c229a03 100644 --- a/lib/api/bucketDeleteCors.js +++ b/lib/api/bucketDeleteCors.js @@ -33,7 +33,8 @@ function bucketDeleteCors(authInfo, request, log, callback) { } log.trace('found bucket in metadata'); - if (!isBucketAuthorized(bucket, requestType, canonicalID, authInfo, log, request)) { + if (!isBucketAuthorized(bucket, requestType, canonicalID, authInfo, + request.actionImplicitDenies, log, request)) { log.debug('access denied for user on bucket', { requestType, method: 'bucketDeleteCors', diff --git a/lib/api/bucketDeleteEncryption.js b/lib/api/bucketDeleteEncryption.js index 793516fc53..5ec5442da1 100644 --- a/lib/api/bucketDeleteEncryption.js +++ b/lib/api/bucketDeleteEncryption.js @@ -26,7 +26,7 @@ function bucketDeleteEncryption(authInfo, request, log, callback) { }; return async.waterfall([ - next => metadataValidateBucket(metadataValParams, log, next), + next => metadataValidateBucket(metadataValParams, request.actionImplicitDenies, log, next), (bucket, next) => checkExpectedBucketOwner(request.headers, bucket, log, err => next(err, bucket)), (bucket, next) => { const sseConfig = bucket.getServerSideEncryption(); diff --git a/lib/api/bucketDeleteLifecycle.js b/lib/api/bucketDeleteLifecycle.js index 0d6bd4037c..c1e7e9fc66 100644 --- a/lib/api/bucketDeleteLifecycle.js +++ b/lib/api/bucketDeleteLifecycle.js @@ -20,7 +20,7 @@ function bucketDeleteLifecycle(authInfo, request, log, callback) { requestType: 'bucketDeleteLifecycle', request, }; - return metadataValidateBucket(metadataValParams, log, (err, bucket) => { + return metadataValidateBucket(metadataValParams, request.actionImplicitDenies, log, (err, bucket) => { const corsHeaders = collectCorsHeaders(headers.origin, method, bucket); if (err) { log.debug('error processing request', { diff --git a/lib/api/bucketDeletePolicy.js b/lib/api/bucketDeletePolicy.js index d5a85d0bbd..0c509af630 100644 --- a/lib/api/bucketDeletePolicy.js +++ b/lib/api/bucketDeletePolicy.js @@ -19,7 +19,7 @@ function bucketDeletePolicy(authInfo, request, log, callback) { requestType: 'bucketDeletePolicy', request, }; - return metadataValidateBucket(metadataValParams, log, (err, bucket) => { + return metadataValidateBucket(metadataValParams, request.actionImplicitDenies, log, (err, bucket) => { const corsHeaders = collectCorsHeaders(headers.origin, method, bucket); if (err) { log.debug('error processing request', { diff --git a/lib/api/bucketDeleteReplication.js b/lib/api/bucketDeleteReplication.js index 4a93a9bcb9..5fb58783bd 100644 --- a/lib/api/bucketDeleteReplication.js +++ b/lib/api/bucketDeleteReplication.js @@ -20,7 +20,7 @@ function bucketDeleteReplication(authInfo, request, log, callback) { requestType: 'bucketDeleteReplication', request, }; - return metadataValidateBucket(metadataValParams, log, (err, bucket) => { + return metadataValidateBucket(metadataValParams, request.actionImplicitDenies, log, (err, bucket) => { const corsHeaders = collectCorsHeaders(headers.origin, method, bucket); if (err) { log.debug('error processing request', { diff --git a/lib/api/bucketDeleteWebsite.js b/lib/api/bucketDeleteWebsite.js index 587517a730..74a0c415ca 100644 --- a/lib/api/bucketDeleteWebsite.js +++ b/lib/api/bucketDeleteWebsite.js @@ -25,7 +25,8 @@ function bucketDeleteWebsite(authInfo, request, log, callback) { } log.trace('found bucket in metadata'); - if (!isBucketAuthorized(bucket, requestType, canonicalID, authInfo, log, request)) { + if (!isBucketAuthorized(bucket, requestType, canonicalID, authInfo, + request.actionImplicitDenies, log, request)) { log.debug('access denied for user on bucket', { requestType, method: 'bucketDeleteWebsite', diff --git a/lib/api/multiObjectDelete.js b/lib/api/multiObjectDelete.js index 85a794754e..3715e3fb80 100644 --- a/lib/api/multiObjectDelete.js +++ b/lib/api/multiObjectDelete.js @@ -504,7 +504,8 @@ function multiObjectDelete(authInfo, request, log, callback) { return next(null, quietSetting, errorResults, inPlay, bucketMD); } - if (!isBucketAuthorized(bucketMD, 'objectDelete', canonicalID, authInfo, log, request)) { + if (!isBucketAuthorized(bucketMD, 'objectDelete', canonicalID, authInfo, + request.actionImplicitDenies, log, request)) { log.trace("access denied due to bucket acl's"); // if access denied at the bucket level, no access for // any of the objects so all results will be error results diff --git a/lib/api/objectDelete.js b/lib/api/objectDelete.js index 34e09dfe0d..ee47a83cd5 100644 --- a/lib/api/objectDelete.js +++ b/lib/api/objectDelete.js @@ -56,8 +56,8 @@ function objectDelete(authInfo, request, log, cb) { const canonicalID = authInfo.getCanonicalID(); return async.waterfall([ function validateBucketAndObj(next) { - return metadataValidateBucketAndObj(valParams, log, - (err, bucketMD, objMD) => { + return metadataValidateBucketAndObj(valParams, request.actionImplicitDenies, log, + (err, bucketMD, objMD) => { if (err) { return next(err, bucketMD); } diff --git a/lib/api/objectDeleteTagging.js b/lib/api/objectDeleteTagging.js index c5618a840b..f9aa5ad809 100644 --- a/lib/api/objectDeleteTagging.js +++ b/lib/api/objectDeleteTagging.js @@ -46,7 +46,7 @@ function objectDeleteTagging(authInfo, request, log, callback) { }; return async.waterfall([ - next => metadataValidateBucketAndObj(metadataValParams, log, + next => metadataValidateBucketAndObj(metadataValParams, request.actionImplicitDenies, log, (err, bucket, objectMD) => { if (err) { log.trace('request authorization failed', diff --git a/tests/unit/api/bucketDelete.js b/tests/unit/api/bucketDelete.js index 5bda7d2e63..c0f49df2bf 100644 --- a/tests/unit/api/bucketDelete.js +++ b/tests/unit/api/bucketDelete.js @@ -77,8 +77,7 @@ function createMPU(testRequest, initiateRequest, deleteOverviewMPUObj, cb) { }); }); } -// TODO CLDSRV-430 remove skip -describe.skip('bucketDelete API', () => { +describe('bucketDelete API', () => { beforeEach(() => { cleanup(); }); @@ -88,6 +87,7 @@ describe.skip('bucketDelete API', () => { namespace, headers: {}, url: `/${bucketName}`, + actionImplicitDenies: false, }; const initiateRequest = { @@ -96,6 +96,7 @@ describe.skip('bucketDelete API', () => { objectKey: objectName, headers: { host: `${bucketName}.s3.amazonaws.com` }, url: `/${objectName}?uploads`, + actionImplicitDenies: false, }; it('should return an error if the bucket is not empty', done => { @@ -128,7 +129,8 @@ describe.skip('bucketDelete API', () => { }); }); - it('should not return an error if the bucket has an initiated mpu', + // TODO CLDSRV-431 remove skip + it.skip('should not return an error if the bucket has an initiated mpu', done => { bucketPut(authInfo, testRequest, log, err => { assert.strictEqual(err, null); @@ -158,11 +160,13 @@ describe.skip('bucketDelete API', () => { }); }); - it('should delete a bucket even if the bucket has ongoing mpu', + // TODO CLDSRV-431 remove skip + it.skip('should delete a bucket even if the bucket has ongoing mpu', done => createMPU(testRequest, initiateRequest, false, done)); + // TODO CLDSRV-431 remove skip // if only part object (and no overview objects) is in mpu shadow bucket - it('should delete a bucket even if the bucket has an orphan part', + it.skip('should delete a bucket even if the bucket has an orphan part', done => createMPU(testRequest, initiateRequest, true, done)); diff --git a/tests/unit/api/bucketDeleteCors.js b/tests/unit/api/bucketDeleteCors.js index 8fea77d29e..e1685bcd9c 100644 --- a/tests/unit/api/bucketDeleteCors.js +++ b/tests/unit/api/bucketDeleteCors.js @@ -19,13 +19,13 @@ const testBucketPutRequest = { bucketName, headers: { host: `${bucketName}.s3.amazonaws.com` }, url: '/', + actionImplicitDenies: false, }; const testBucketPutCorsRequest = corsUtil.createBucketCorsRequest('PUT', bucketName); const testBucketDeleteCorsRequest = corsUtil.createBucketCorsRequest('DELETE', bucketName); -// TODO CLDSRV-430 remove skip -describe.skip('deleteBucketCors API', () => { +describe('deleteBucketCors API', () => { beforeEach(done => { cleanup(); bucketPut(authInfo, testBucketPutRequest, log, () => { diff --git a/tests/unit/api/bucketDeleteEncryption.js b/tests/unit/api/bucketDeleteEncryption.js index da443334d5..2084b32024 100644 --- a/tests/unit/api/bucketDeleteEncryption.js +++ b/tests/unit/api/bucketDeleteEncryption.js @@ -13,9 +13,9 @@ const bucketPutRequest = { bucketName, headers: { host: `${bucketName}.s3.amazonaws.com` }, url: '/', + actionImplicitDenies: false, }; -// TODO CLDSRV-430 remove skip -describe.skip('bucketDeleteEncryption API', () => { +describe('bucketDeleteEncryption API', () => { before(() => cleanup()); beforeEach(done => bucketPut(authInfo, bucketPutRequest, log, done)); diff --git a/tests/unit/api/bucketDeleteLifecycle.js b/tests/unit/api/bucketDeleteLifecycle.js index 7a65cf2148..d407d4cf9a 100644 --- a/tests/unit/api/bucketDeleteLifecycle.js +++ b/tests/unit/api/bucketDeleteLifecycle.js @@ -19,6 +19,7 @@ function _makeRequest(includeXml) { bucketName, headers: { host: `${bucketName}.s3.amazonaws.com` }, url: '/', + actionImplicitDenies: false, }; if (includeXml) { request.post = ' { +describe('deleteBucketLifecycle API', () => { before(() => cleanup()); beforeEach(done => bucketPut(authInfo, _makeRequest(), log, done)); afterEach(() => cleanup()); diff --git a/tests/unit/api/bucketDeletePolicy.js b/tests/unit/api/bucketDeletePolicy.js index a5afbf5659..153aced7e8 100644 --- a/tests/unit/api/bucketDeletePolicy.js +++ b/tests/unit/api/bucketDeletePolicy.js @@ -19,6 +19,7 @@ function _makeRequest(includePolicy) { bucketName, headers: { host: `${bucketName}.s3.amazonaws.com` }, url: '/', + actionImplicitDenies: false, }; if (includePolicy) { const examplePolicy = { @@ -36,8 +37,7 @@ function _makeRequest(includePolicy) { } return request; } -// TODO CLDSRV-430 remove skip -describe.skip('deleteBucketPolicy API', () => { +describe('deleteBucketPolicy API', () => { before(() => cleanup()); beforeEach(done => bucketPut(authInfo, _makeRequest(), log, done)); afterEach(() => cleanup()); diff --git a/tests/unit/api/bucketDeleteWebsite.js b/tests/unit/api/bucketDeleteWebsite.js index 00eca5b4ab..ff4ff5aadb 100644 --- a/tests/unit/api/bucketDeleteWebsite.js +++ b/tests/unit/api/bucketDeleteWebsite.js @@ -20,6 +20,7 @@ const testBucketPutRequest = { bucketName, headers: { host: `${bucketName}.s3.amazonaws.com` }, url: '/', + actionImplicitDenies: false, }; const testBucketDeleteWebsiteRequest = { bucketName, @@ -28,11 +29,11 @@ const testBucketDeleteWebsiteRequest = { }, url: '/?website', query: { website: '' }, + actionImplicitDenies: false, }; const testBucketPutWebsiteRequest = Object.assign({ post: config.getXml() }, testBucketDeleteWebsiteRequest); -// TODO CLDSRV-430 remove skip -describe.skip('deleteBucketWebsite API', () => { +describe('deleteBucketWebsite API', () => { beforeEach(done => { cleanup(); bucketPut(authInfo, testBucketPutRequest, log, () => { diff --git a/tests/unit/api/objectDelete.js b/tests/unit/api/objectDelete.js index da1b414bef..fa5514ebf7 100644 --- a/tests/unit/api/objectDelete.js +++ b/tests/unit/api/objectDelete.js @@ -39,8 +39,7 @@ function testAuth(bucketOwner, authUser, bucketPutReq, objPutReq, objDelReq, }); }); } -// TODO CLDSRV-430 remove skip -describe.skip('objectDelete API', () => { +describe('objectDelete API', () => { let testPutObjectRequest; before(() => { @@ -85,7 +84,8 @@ describe.skip('objectDelete API', () => { url: `/${bucketName}/${objectKey}`, }); - it('should delete an object', done => { + // TODO CLDSRV-429 remove skip - skipped due to get at the end + it.skip('should delete an object', done => { bucketPut(authInfo, testBucketPutRequest, log, () => { objectPut(authInfo, testPutObjectRequest, undefined, log, () => { @@ -102,7 +102,8 @@ describe.skip('objectDelete API', () => { }); }); - it('should delete a 0 bytes object', done => { + // TODO CLDSRV-429 remove skip - skipped due to get at the end + it.skip('should delete a 0 bytes object', done => { const testPutObjectRequest = new DummyRequest({ bucketName, namespace, @@ -128,7 +129,8 @@ describe.skip('objectDelete API', () => { }); }); - it('should delete a multipart upload and send `uploadId` as `replayId` to deleteObject', done => { + // TODO CLDSRV-431 remove skip - skipped due to MPU call + it.skip('should delete a multipart upload and send `uploadId` as `replayId` to deleteObject', done => { bucketPut(authInfo, testBucketPutRequest, log, () => { mpuUtils.createMPU(namespace, bucketName, objectKey, log, (err, testUploadId) => { diff --git a/tests/unit/api/objectDeleteTagging.js b/tests/unit/api/objectDeleteTagging.js index bfa5e78748..c4c956265e 100644 --- a/tests/unit/api/objectDeleteTagging.js +++ b/tests/unit/api/objectDeleteTagging.js @@ -22,6 +22,7 @@ const testBucketPutRequest = { bucketName, headers: { host: `${bucketName}.s3.amazonaws.com` }, url: '/', + actionImplicitDenies: false, }; const testPutObjectRequest = new DummyRequest({ @@ -31,8 +32,7 @@ const testPutObjectRequest = new DummyRequest({ headers: {}, url: `/${bucketName}/${objectName}`, }, postBody); -// TODO CLDSRV-430 remove skip -describe.skip('deleteObjectTagging API', () => { +describe('deleteObjectTagging API', () => { beforeEach(done => { cleanup(); bucketPut(authInfo, testBucketPutRequest, log, err => {