diff options
| author | chrislu <chris.lu@gmail.com> | 2025-07-18 21:32:38 -0700 |
|---|---|---|
| committer | chrislu <chris.lu@gmail.com> | 2025-07-18 21:32:38 -0700 |
| commit | e48681749928de30127a7e0837ecb1d896132636 (patch) | |
| tree | 1e3960acdc7f3a44f4ceeb598eb36f06d35aae0e | |
| parent | aec8542b6ea0586158ea919b394fa5d7a4fe35cf (diff) | |
| download | seaweedfs-e48681749928de30127a7e0837ecb1d896132636.tar.xz seaweedfs-e48681749928de30127a7e0837ecb1d896132636.zip | |
fix tests
| -rw-r--r-- | test/s3/retention/object_lock_validation_test.go | 10 | ||||
| -rw-r--r-- | test/s3/retention/s3_retention_test.go | 65 |
2 files changed, 52 insertions, 23 deletions
diff --git a/test/s3/retention/object_lock_validation_test.go b/test/s3/retention/object_lock_validation_test.go index 6224c7f67..1480f33d4 100644 --- a/test/s3/retention/object_lock_validation_test.go +++ b/test/s3/retention/object_lock_validation_test.go @@ -95,12 +95,14 @@ func TestObjectLockValidation(t *testing.T) { require.Error(t, err, "DELETE with version ID should be blocked by COMPLIANCE retention") t.Log(" ✅ Object version is properly protected by retention policy") - // Verify we can read the object (should still work) + // Verify we can read the object version (should still work) + // Note: Need to specify version ID since latest version is now a delete marker getResp, err := client.GetObject(context.TODO(), &s3.GetObjectInput{ - Bucket: aws.String(bucketName), - Key: aws.String(key), + Bucket: aws.String(bucketName), + Key: aws.String(key), + VersionId: putResp.VersionId, }) - require.NoError(t, err, "Reading protected object should still work") + require.NoError(t, err, "Reading protected object version should still work") defer getResp.Body.Close() t.Log(" ✅ Protected object can still be read") diff --git a/test/s3/retention/s3_retention_test.go b/test/s3/retention/s3_retention_test.go index fd85921b7..5c1f9f3dd 100644 --- a/test/s3/retention/s3_retention_test.go +++ b/test/s3/retention/s3_retention_test.go @@ -318,20 +318,29 @@ func TestRetentionModeCompliance(t *testing.T) { require.NoError(t, err) assert.Equal(t, types.ObjectLockRetentionModeCompliance, retentionResp.Retention.Mode) - // Try to delete object with bypass - should still fail (compliance mode) + // Try simple DELETE - should succeed and create delete marker (AWS S3 behavior) _, err = client.DeleteObject(context.TODO(), &s3.DeleteObjectInput{ - Bucket: aws.String(bucketName), - Key: aws.String(key), - BypassGovernanceRetention: aws.Bool(true), + Bucket: aws.String(bucketName), + Key: aws.String(key), }) - require.Error(t, err) + require.NoError(t, err, "Simple DELETE should succeed and create delete marker") - // Try to delete object without bypass - should also fail + // Try DELETE with version ID - should fail for COMPLIANCE mode _, err = client.DeleteObject(context.TODO(), &s3.DeleteObjectInput{ - Bucket: aws.String(bucketName), - Key: aws.String(key), + Bucket: aws.String(bucketName), + Key: aws.String(key), + VersionId: putResp.VersionId, }) - require.Error(t, err) + require.Error(t, err, "DELETE with version ID should be blocked by COMPLIANCE retention") + + // Try DELETE with version ID and bypass - should still fail (COMPLIANCE mode ignores bypass) + _, err = client.DeleteObject(context.TODO(), &s3.DeleteObjectInput{ + Bucket: aws.String(bucketName), + Key: aws.String(key), + VersionId: putResp.VersionId, + BypassGovernanceRetention: aws.Bool(true), + }) + require.Error(t, err, "COMPLIANCE mode should ignore governance bypass") } // TestLegalHoldWorkflow tests legal hold functionality @@ -368,12 +377,20 @@ func TestLegalHoldWorkflow(t *testing.T) { require.NoError(t, err) assert.Equal(t, types.ObjectLockLegalHoldStatusOn, legalHoldResp.LegalHold.Status) - // Try to delete object - should fail due to legal hold + // Try simple DELETE - should succeed and create delete marker (AWS S3 behavior) _, err = client.DeleteObject(context.TODO(), &s3.DeleteObjectInput{ Bucket: aws.String(bucketName), Key: aws.String(key), }) - require.Error(t, err) + require.NoError(t, err, "Simple DELETE should succeed and create delete marker") + + // Try DELETE with version ID - should fail due to legal hold + _, err = client.DeleteObject(context.TODO(), &s3.DeleteObjectInput{ + Bucket: aws.String(bucketName), + Key: aws.String(key), + VersionId: putResp.VersionId, + }) + require.Error(t, err, "DELETE with version ID should be blocked by legal hold") // Remove legal hold _, err = client.PutObjectLegalHold(context.TODO(), &s3.PutObjectLegalHoldInput{ @@ -393,12 +410,13 @@ func TestLegalHoldWorkflow(t *testing.T) { require.NoError(t, err) assert.Equal(t, types.ObjectLockLegalHoldStatusOff, legalHoldResp.LegalHold.Status) - // Now delete should succeed + // Now DELETE with version ID should succeed _, err = client.DeleteObject(context.TODO(), &s3.DeleteObjectInput{ - Bucket: aws.String(bucketName), - Key: aws.String(key), + Bucket: aws.String(bucketName), + Key: aws.String(key), + VersionId: putResp.VersionId, }) - require.NoError(t, err) + require.NoError(t, err, "DELETE with version ID should succeed after legal hold removed") } // TestObjectLockConfiguration tests bucket object lock configuration @@ -560,13 +578,21 @@ func TestRetentionAndLegalHoldCombination(t *testing.T) { }) require.NoError(t, err) - // Try to delete with bypass governance - should still fail due to legal hold + // Try simple DELETE - should succeed and create delete marker (AWS S3 behavior) + _, err = client.DeleteObject(context.TODO(), &s3.DeleteObjectInput{ + Bucket: aws.String(bucketName), + Key: aws.String(key), + }) + require.NoError(t, err, "Simple DELETE should succeed and create delete marker") + + // Try DELETE with version ID and bypass - should still fail due to legal hold _, err = client.DeleteObject(context.TODO(), &s3.DeleteObjectInput{ Bucket: aws.String(bucketName), Key: aws.String(key), + VersionId: putResp.VersionId, BypassGovernanceRetention: aws.Bool(true), }) - require.Error(t, err) + require.Error(t, err, "Legal hold should prevent deletion even with governance bypass") // Remove legal hold _, err = client.PutObjectLegalHold(context.TODO(), &s3.PutObjectLegalHoldInput{ @@ -578,13 +604,14 @@ func TestRetentionAndLegalHoldCombination(t *testing.T) { }) require.NoError(t, err) - // Now delete with bypass governance should succeed + // Now DELETE with version ID and bypass governance should succeed _, err = client.DeleteObject(context.TODO(), &s3.DeleteObjectInput{ Bucket: aws.String(bucketName), Key: aws.String(key), + VersionId: putResp.VersionId, BypassGovernanceRetention: aws.Bool(true), }) - require.NoError(t, err) + require.NoError(t, err, "DELETE with version ID should succeed after legal hold removed and with governance bypass") } // TestExpiredRetention tests that objects can be deleted after retention expires |