1# Copyright (c) 2010 Mitch Garnaat http://garnaat.org/ 2# Copyright (c) 2010, Eucalyptus Systems, Inc. 3# All rights reserved. 4# 5# Permission is hereby granted, free of charge, to any person obtaining a 6# copy of this software and associated documentation files (the 7# "Software"), to deal in the Software without restriction, including 8# without limitation the rights to use, copy, modify, merge, publish, dis- 9# tribute, sublicense, and/or sell copies of the Software, and to permit 10# persons to whom the Software is furnished to do so, subject to the fol- 11# lowing conditions: 12# 13# The above copyright notice and this permission notice shall be included 14# in all copies or substantial portions of the Software. 15# 16# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS 17# OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABIL- 18# ITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT 19# SHALL THE AUTHOR BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, 20# WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 21# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS 22# IN THE SOFTWARE. 23 24""" 25Some unit tests for S3 MfaDelete with versioning 26""" 27 28import unittest 29import time 30from nose.plugins.attrib import attr 31 32from boto.s3.connection import S3Connection 33from boto.exception import S3ResponseError 34from boto.s3.deletemarker import DeleteMarker 35 36 37@attr('notdefault', 's3mfa') 38class S3MFATest (unittest.TestCase): 39 40 def setUp(self): 41 self.conn = S3Connection() 42 self.bucket_name = 'mfa-%d' % int(time.time()) 43 self.bucket = self.conn.create_bucket(self.bucket_name) 44 45 def tearDown(self): 46 for k in self.bucket.list_versions(): 47 self.bucket.delete_key(k.name, version_id=k.version_id) 48 self.bucket.delete() 49 50 def test_mfadel(self): 51 # Enable Versioning with MfaDelete 52 mfa_sn = raw_input('MFA S/N: ') 53 mfa_code = raw_input('MFA Code: ') 54 self.bucket.configure_versioning(True, mfa_delete=True, mfa_token=(mfa_sn, mfa_code)) 55 56 # Check enabling mfa worked. 57 i = 0 58 for i in range(1, 8): 59 time.sleep(2**i) 60 d = self.bucket.get_versioning_status() 61 if d['Versioning'] == 'Enabled' and d['MfaDelete'] == 'Enabled': 62 break 63 self.assertEqual('Enabled', d['Versioning']) 64 self.assertEqual('Enabled', d['MfaDelete']) 65 66 # Add a key to the bucket 67 k = self.bucket.new_key('foobar') 68 s1 = 'This is v1' 69 k.set_contents_from_string(s1) 70 v1 = k.version_id 71 72 # Now try to delete v1 without the MFA token 73 try: 74 self.bucket.delete_key('foobar', version_id=v1) 75 self.fail("Must fail if not using MFA token") 76 except S3ResponseError: 77 pass 78 79 # Now try delete again with the MFA token 80 mfa_code = raw_input('MFA Code: ') 81 self.bucket.delete_key('foobar', version_id=v1, mfa_token=(mfa_sn, mfa_code)) 82 83 # Next suspend versioning and disable MfaDelete on the bucket 84 mfa_code = raw_input('MFA Code: ') 85 self.bucket.configure_versioning(False, mfa_delete=False, mfa_token=(mfa_sn, mfa_code)) 86 87 # Lastly, check disabling mfa worked. 88 i = 0 89 for i in range(1, 8): 90 time.sleep(2**i) 91 d = self.bucket.get_versioning_status() 92 if d['Versioning'] == 'Suspended' and d['MfaDelete'] != 'Enabled': 93 break 94 self.assertEqual('Suspended', d['Versioning']) 95 self.assertNotEqual('Enabled', d['MfaDelete']) 96