1# Copyright (c) 2010 Mitch Garnaat http://garnaat.org/
2# Copyright (c) 2010, Eucalyptus Systems, Inc.
3# All rights reserved.
4#
5# Permission is hereby granted, free of charge, to any person obtaining a
6# copy of this software and associated documentation files (the
7# "Software"), to deal in the Software without restriction, including
8# without limitation the rights to use, copy, modify, merge, publish, dis-
9# tribute, sublicense, and/or sell copies of the Software, and to permit
10# persons to whom the Software is furnished to do so, subject to the fol-
11# lowing conditions:
12#
13# The above copyright notice and this permission notice shall be included
14# in all copies or substantial portions of the Software.
15#
16# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
17# OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABIL-
18# ITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT
19# SHALL THE AUTHOR BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
20# WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
21# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
22# IN THE SOFTWARE.
23
24"""
25Some unit tests for S3 MfaDelete with versioning
26"""
27
28import unittest
29import time
30from nose.plugins.attrib import attr
31
32from boto.s3.connection import S3Connection
33from boto.exception import S3ResponseError
34from boto.s3.deletemarker import DeleteMarker
35
36
37@attr('notdefault', 's3mfa')
38class S3MFATest (unittest.TestCase):
39
40    def setUp(self):
41        self.conn = S3Connection()
42        self.bucket_name = 'mfa-%d' % int(time.time())
43        self.bucket = self.conn.create_bucket(self.bucket_name)
44
45    def tearDown(self):
46        for k in self.bucket.list_versions():
47            self.bucket.delete_key(k.name, version_id=k.version_id)
48        self.bucket.delete()
49
50    def test_mfadel(self):
51        # Enable Versioning with MfaDelete
52        mfa_sn = raw_input('MFA S/N: ')
53        mfa_code = raw_input('MFA Code: ')
54        self.bucket.configure_versioning(True, mfa_delete=True, mfa_token=(mfa_sn, mfa_code))
55
56        # Check enabling mfa worked.
57        i = 0
58        for i in range(1, 8):
59            time.sleep(2**i)
60            d = self.bucket.get_versioning_status()
61            if d['Versioning'] == 'Enabled' and d['MfaDelete'] == 'Enabled':
62                break
63        self.assertEqual('Enabled', d['Versioning'])
64        self.assertEqual('Enabled', d['MfaDelete'])
65
66        # Add a key to the bucket
67        k = self.bucket.new_key('foobar')
68        s1 = 'This is v1'
69        k.set_contents_from_string(s1)
70        v1 = k.version_id
71
72        # Now try to delete v1 without the MFA token
73        try:
74            self.bucket.delete_key('foobar', version_id=v1)
75            self.fail("Must fail if not using MFA token")
76        except S3ResponseError:
77            pass
78
79        # Now try delete again with the MFA token
80        mfa_code = raw_input('MFA Code: ')
81        self.bucket.delete_key('foobar', version_id=v1, mfa_token=(mfa_sn, mfa_code))
82
83        # Next suspend versioning and disable MfaDelete on the bucket
84        mfa_code = raw_input('MFA Code: ')
85        self.bucket.configure_versioning(False, mfa_delete=False, mfa_token=(mfa_sn, mfa_code))
86
87        # Lastly, check disabling mfa worked.
88        i = 0
89        for i in range(1, 8):
90            time.sleep(2**i)
91            d = self.bucket.get_versioning_status()
92            if d['Versioning'] == 'Suspended' and d['MfaDelete'] != 'Enabled':
93                break
94        self.assertEqual('Suspended', d['Versioning'])
95        self.assertNotEqual('Enabled', d['MfaDelete'])
96