testsuite/server: add test for bypass governance retention removal

Change-Id: Id64318dd1e37fa8ada80f6e3c3b24c24413cc05f
storj · Sep 27, 2024 · 1910142 · 1910142
1 parent 4af8947
commit 1910142
Showing 1 changed file with 34 additions and 14 deletions.
diff --git a/testsuite/server/integration_test.go b/testsuite/server/integration_test.go
@@ -73,7 +73,6 @@ func TestObjectLockRestrictedPermissions(t *testing.T) {
 			Satellite: func(log *zap.Logger, index int, config *satellite.Config) {
 				config.Metainfo.ObjectLockEnabled = true
 				config.Metainfo.UseBucketLevelObjectVersioning = true
-				config.Metainfo.ProjectLimits.MaxBuckets = 20
 			},
 			Uplink: func(log *zap.Logger, index int, config *testplanet.UplinkConfig) {
 				config.APIKeyVersion = macaroon.APIKeyVersionObjectLock
@@ -209,7 +208,6 @@ func TestObjectLock(t *testing.T) {
 			Satellite: func(log *zap.Logger, index int, config *satellite.Config) {
 				config.Metainfo.ObjectLockEnabled = true
 				config.Metainfo.UseBucketLevelObjectVersioning = true
-				config.Metainfo.ProjectLimits.MaxBuckets = 100
 			},
 			Uplink: func(log *zap.Logger, index int, config *testplanet.UplinkConfig) {
 				config.APIKeyVersion = macaroon.APIKeyVersionObjectLock
@@ -477,6 +475,22 @@ func TestObjectLock(t *testing.T) {
 			}
 		})
 
+		runRetentionModeTest("bypass governance remove retention", func(t *testing.T, mode string) {
+			putResp, err := putObjectWithRetention(ctx, client, bucket, objKey1, mode, retainUntil)
+			require.NoError(t, err)
+
+			_, err = putObjectRetention(ctx, client, bucket, objKey1, "", time.Time{}, *putResp.VersionId)
+			requireS3Error(t, err, http.StatusBadRequest, "InvalidRequest")
+
+			_, err = putObjectRetentionBypassGovernance(ctx, client, bucket, objKey1, "", time.Time{}, *putResp.VersionId)
+			if mode == lockModeGovernance {
+				require.NoError(t, err)
+				require.NoError(t, deleteObject(ctx, client, bucket, objKey1, *putResp.VersionId))
+			} else {
+				requireS3Error(t, err, http.StatusForbidden, "AccessDenied")
+			}
+		})
+
 		runRetentionModeTest("object lock settings in object info", func(t *testing.T, mode string) {
 			putResp, err := putObjectWithRetention(ctx, client, bucket, objKey1, mode, retainUntil)
 			require.NoError(t, err)
@@ -1419,32 +1433,38 @@ func getObjectRetention(ctx context.Context, client *s3.S3, bucket, key, version
 
 func putObjectRetention(ctx context.Context, client *s3.S3, bucket, key, lockMode string, retainUntil time.Time, versionID string) (*s3.PutObjectRetentionOutput, error) {
 	input := s3.PutObjectRetentionInput{
-		Bucket: aws.String(bucket),
-		Key:    aws.String(key),
-		Retention: &s3.ObjectLockRetention{
-			Mode:            aws.String(lockMode),
-			RetainUntilDate: aws.Time(retainUntil),
-		},
+		Bucket:    aws.String(bucket),
+		Key:       aws.String(key),
+		Retention: &s3.ObjectLockRetention{},
 	}
 	if versionID != "" {
 		input.VersionId = aws.String(versionID)
 	}
+	if lockMode != "" {
+		input.Retention.Mode = aws.String(lockMode)
+	}
+	if !retainUntil.IsZero() {
+		input.Retention.RetainUntilDate = aws.Time(retainUntil)
+	}
 	return client.PutObjectRetentionWithContext(ctx, &input)
 }
 
 func putObjectRetentionBypassGovernance(ctx context.Context, client *s3.S3, bucket, key, lockMode string, retainUntil time.Time, versionID string) (*s3.PutObjectRetentionOutput, error) {
 	input := s3.PutObjectRetentionInput{
-		Bucket: aws.String(bucket),
-		Key:    aws.String(key),
-		Retention: &s3.ObjectLockRetention{
-			Mode:            aws.String(lockMode),
-			RetainUntilDate: aws.Time(retainUntil),
-		},
+		Bucket:                    aws.String(bucket),
+		Key:                       aws.String(key),
 		BypassGovernanceRetention: aws.Bool(true),
+		Retention:                 &s3.ObjectLockRetention{},
 	}
 	if versionID != "" {
 		input.VersionId = aws.String(versionID)
 	}
+	if lockMode != "" {
+		input.Retention.Mode = aws.String(lockMode)
+	}
+	if !retainUntil.IsZero() {
+		input.Retention.RetainUntilDate = aws.Time(retainUntil)
+	}
 	return client.PutObjectRetentionWithContext(ctx, &input)
 }