S3UTILS-211: ft tests for listObjectsByReplicationStatus

tcarmet · tcarmet · commit 283b5e01f97e · 2025-12-23T22:13:31.000Z
diff --git a/tests/functional/listObjectsByReplicationStatus.js b/tests/functional/listObjectsByReplicationStatus.js
@@ -0,0 +1,369 @@
+const vaultclient = require('vaultclient');
+const { promisify } = require('util');
+const AWS = require('aws-sdk');
+const { Logger } = require('werelogs');
+const { listObjectsByReplicationStatus } = require('../../listObjectsByReplicationStatus');
+const admincredentials = require('../../node_modules/vaultclient/tests/utils/admincredentials.json');
+
+const log = new Logger('listObjectsByReplicationStatus:test');
+
+const iamHost = process.env.IAM_HOST || 'localhost';
+const iamPort = process.env.IAM_PORT || 8600;
+const s3Host = process.env.S3_HOST || 'localhost';
+const s3Port = process.env.S3_PORT || 8000;
+
+const adminAccessKeyId = process.env.ADMIN_ACCESS_KEY_ID || Object.keys(admincredentials)[0];
+const adminSecretAccessKey = process.env.ADMIN_SECRET_ACCESS_KEY || admincredentials[adminAccessKeyId];
+const region = 'us-east-1';
+
+describe('listObjectsByReplicationStatus', () => {
+    let vaultClient;
+    let accountSource;
+    let accountDest;
+
+    beforeAll(async () => {
+        vaultClient = new vaultclient.Client(
+            iamHost,
+            iamPort,
+            false,
+            undefined,
+            undefined,
+            undefined,
+            undefined,
+            adminAccessKeyId,
+            adminSecretAccessKey
+        );
+    });
+
+    beforeEach(async () => {
+        log.info('Setting up test accounts and buckets');
+        accountSource = await createTestAccount(vaultClient);
+        accountDest = await createTestAccount(vaultClient);
+        log.info(`Account source: ${accountSource.accountName} and dest: ${accountDest.accountName} were created`);
+        log.info('Configuring CRR between source and destination buckets');
+        await configureCrr(accountSource, accountDest);
+    });
+
+    afterEach(async () => {
+        log.info('Cleaning up test accounts');
+        await removeCrrConfiguration(accountSource);
+        await removeCrrConfiguration(accountDest);
+        await deleteTestAccount(vaultClient, accountSource);
+        await deleteTestAccount(vaultClient, accountDest);
+        log.info('Test accounts deleted');
+    });
+
+    it('should list objects by replication status', async () => {
+        // Add data to source bucket
+        log.info('Uploading test objects to source bucket');
+        const testObjects = [
+            { Key: 'test-object-1', Body: 'data to replicate 1' },
+            { Key: 'test-object-2', Body: 'data to replicate 2' },
+            { Key: 'test-object-3', Body: 'data to replicate 3' },
+        ];
+
+        for (const obj of testObjects) {
+            await accountSource.s3Client.putObject({
+                Bucket: accountSource.bucketName,
+                Key: obj.Key,
+                Body: obj.Body,
+            }).promise();
+            log.info('Uploaded object', { key: obj.Key });
+        }
+
+        // Verify objects have replication status
+        log.info('Verifying objects have replication status');
+        for (const obj of testObjects) {
+            const headResult = await accountSource.s3Client.headObject({
+                Bucket: accountSource.bucketName,
+                Key: obj.Key,
+            }).promise();
+            log.info('Object metadata', {
+                key: obj.Key,
+                replicationStatus: headResult.ReplicationStatus,
+                versionId: headResult.VersionId
+            });
+        }
+
+        // Execute the listObjectsByReplicationStatus function directly
+        log.info('Executing listObjectsByReplicationStatus function');
+        const endpoint = `http://${s3Host}:${s3Port}`;
+
+        // Call the function directly for coverage
+        await listObjectsByReplicationStatus({
+            buckets: accountSource.bucketName,
+            accessKey: accountSource.accountAccessKey,
+            secretKey: accountSource.accountSecretKey,
+            endpoint,
+            replicationStatus: 'PENDING,FAILED,COMPLETED',
+            logger: log,
+        });
+
+        log.info('Function execution completed successfully');
+    }, 30000); // Increase timeout for script execution
+});
+
+async function configureCrr(accountSource, accountDest) {
+    // activate bucket versionning on source and destination buckets
+    log.info('Enabling bucket versioning on source and destination buckets');
+    await accountSource.s3Client.putBucketVersioning({
+        Bucket: accountSource.bucketName,
+        VersioningConfiguration: {
+            Status: 'Enabled',
+        },
+    }).promise();
+
+    await accountDest.s3Client.putBucketVersioning({
+        Bucket: accountDest.bucketName,
+        VersioningConfiguration: {
+            Status: 'Enabled',
+        },
+    }).promise();
+
+    log.info('Creating IAM policies and roles for CRR');
+    // create policy
+    const policy = {
+        Version:'2012-10-17',
+        Statement:[
+            {
+                Effect:'Allow',
+                Action:[
+                    's3:GetObjectVersion',
+                    's3:GetObjectVersionAcl',
+                    's3:ReplicateObject'
+                ],
+                Resource:[
+                    `arn:aws:s3:::${accountSource.bucketName}/*`
+                ]
+            },
+            {
+                Effect:'Allow',
+                Action:[
+                    's3:ListBucket',
+                    's3:GetReplicationConfiguration'
+                ],
+                Resource:[
+                    'arn:aws:s3:::source'
+                ]
+            },
+            {
+                Effect:'Allow',
+                Action:[
+                    's3:ReplicateObject',
+                    's3:ReplicateDelete'
+                ],
+                Resource:`arn:aws:s3:::${accountDest.bucketName}/*`
+            }
+        ]
+    };
+    await accountSource.iamClient.createPolicy({
+        PolicyName: 'crr-policy',
+        PolicyDocument: JSON.stringify(policy),
+    }).promise();
+
+    await accountDest.iamClient.createPolicy({
+        PolicyName: 'crr-policy',
+        PolicyDocument: JSON.stringify(policy),
+    }).promise();
+
+    log.info('Creating IAM roles');
+    // create trust
+    const trust = {
+        Version:'2012-10-17',
+        Statement:[
+            {
+                Effect:'Allow',
+                Principal:{
+                    Service:'backbeat'
+                },
+                Action:'sts:AssumeRole'
+            }
+        ]
+    };
+    await accountSource.iamClient.createRole({
+        RoleName: 'crr-trust-role',
+        AssumeRolePolicyDocument: JSON.stringify(trust),
+    }).promise();
+    await accountDest.iamClient.createRole({
+        RoleName: 'crr-trust-role',
+        AssumeRolePolicyDocument: JSON.stringify(trust),
+    }).promise();
+
+    log.info('Attaching policies to roles');
+    // attach role to policy
+    await accountSource.iamClient.attachRolePolicy({
+        RoleName: 'crr-trust-role',
+        PolicyArn: `arn:aws:iam::${accountSource.account.account.id}:policy/crr-policy`,
+    }).promise();
+    await accountDest.iamClient.attachRolePolicy({
+        RoleName: 'crr-trust-role',
+        PolicyArn: `arn:aws:iam::${accountDest.account.account.id}:policy/crr-policy`,
+    }).promise();
+
+    log.info('Setting bucket replication configuration on source bucket');
+    const replication = {
+        Role: `arn:aws:iam::${accountSource.account.account.id}:role/crr-trust-role,arn:aws:iam::${accountDest.account.account.id}:role/crr-trust-role`,
+        Rules: [
+            {
+                Prefix: '',
+                Status: 'Enabled',
+                Destination: {
+                    Bucket: `arn:aws:s3:::${accountDest.bucketName}`
+                }
+            }
+        ]
+    };
+    await accountSource.s3Client.putBucketReplication({
+        Bucket: accountSource.bucketName,
+        ReplicationConfiguration: replication
+    }).promise();
+
+}
+
+async function createTestAccount(vaultClient) {
+    const iamEndpoint = new AWS.Endpoint(`http://${iamHost}:${iamPort}`);
+    const s3Endpoint = new AWS.Endpoint(`http://${s3Host}:${s3Port}`);
+    const accountName = `test-account-${Math.random().toString(36).substring(2, 8)}`;
+    const accountEmail = `${accountName}@example.com`;
+    const bucketName = accountName;
+    const iamUser = `${accountName}-user`;
+    // Create account with vaultclient
+    const account = await promisify(vaultClient.createAccount.bind(vaultClient))(
+        accountName, { email: accountEmail });
+    // Create account access key
+    const credentials = await promisify(vaultClient.generateAccountAccessKey.bind(
+        vaultClient))(accountName);
+    const accountAccessKey = credentials.id;
+    const accountSecretKey = credentials.value;
+
+    const iamClient = new AWS.IAM({
+        credentials: {
+            accessKeyId: accountAccessKey,
+            secretAccessKey: accountSecretKey
+        },
+        endpoint: iamEndpoint.href,
+        region,
+    });
+
+    const s3Client = new AWS.S3({
+        accessKeyId: accountAccessKey,
+        secretAccessKey: accountSecretKey,
+        region,
+        endpoint: s3Endpoint.href
+    });
+
+    await s3Client.createBucket({ Bucket: bucketName }).promise();
+    await iamClient.createUser({ UserName: iamUser }).promise();
+
+    return {
+        accountName,
+        accountEmail,
+        account,
+        bucketName,
+        accountAccessKey,
+        accountSecretKey,
+        iamUser,
+        iamClient,
+        s3Client,
+    };
+
+}
+
+async function removeCrrConfiguration(account) {
+    log.info('Removing bucket crr configuration', { bucket: account.bucketName });
+    try {
+        await account.s3Client.deleteBucketReplication({ Bucket: account.bucketName }).promise();
+    } catch (err) {
+        log.error('Error removing bucket replication configuration', {
+            bucket: account.bucketName,
+            error: err.message,
+        });
+    }
+    // remove versioning
+    await account.s3Client.putBucketVersioning({
+        Bucket: account.bucketName,
+        VersioningConfiguration: {
+            Status: 'Suspended',
+        },
+    }).promise();
+
+    // Clean up IAM resources first (roles and policies must be deleted before account)
+    log.info('Cleaning up IAM resources', { account: account.accountName });
+    try {
+        // Detach policy from role
+        await account.iamClient.detachRolePolicy({
+            RoleName: 'crr-trust-role',
+            PolicyArn: `arn:aws:iam::${account.account.account.id}:policy/crr-policy`,
+        }).promise();
+        log.info('Detached policy from role');
+    } catch (err) {
+        log.error('Error detaching policy from role', { error: err.message });
+    }
+
+    try {
+        // Delete role
+        await account.iamClient.deleteRole({ RoleName: 'crr-trust-role' }).promise();
+        log.info('Deleted IAM role');
+    } catch (err) {
+        log.error('Error deleting role', { error: err.message });
+    }
+
+    try {
+        // Delete policy
+        await account.iamClient.deletePolicy({
+            PolicyArn: `arn:aws:iam::${account.account.account.id}:policy/crr-policy`,
+        }).promise();
+        log.info('Deleted IAM policy');
+    } catch (err) {
+        log.error('Error deleting policy', { error: err.message });
+    }
+
+    try {
+        // Delete IAM user
+        await account.iamClient.deleteUser({ UserName: account.iamUser }).promise();
+        log.info('Deleted IAM user');
+    } catch (err) {
+        log.error('Error deleting IAM user', { error: err.message });
+    }
+}
+
+async function deleteTestAccount(vaultClient, account) {
+    // Delete bucket
+    log.info('Deleting bucket', { bucket: account.bucketName });
+    // empty bucket - need to delete all versions and delete markers for versioned buckets
+    const listedObjects = await account.s3Client.listObjectVersions({ Bucket: account.bucketName }).promise();
+
+    const objectsToDelete = [];
+
+    // Add all object versions
+    if (listedObjects.Versions && listedObjects.Versions.length > 0) {
+        listedObjects.Versions.forEach(({ Key, VersionId }) => {
+            log.info('Scheduling object version for deletion', { key: Key, versionId: VersionId });
+            objectsToDelete.push({ Key, VersionId });
+        });
+    }
+
+    // Add all delete markers
+    if (listedObjects.DeleteMarkers && listedObjects.DeleteMarkers.length > 0) {
+        listedObjects.DeleteMarkers.forEach(({ Key, VersionId }) => {
+            log.info('Scheduling delete marker for deletion', { key: Key, versionId: VersionId });
+            objectsToDelete.push({ Key, VersionId });
+        });
+    }
+
+    // Delete all versions and markers
+    if (objectsToDelete.length > 0) {
+        const deleteParams = {
+            Bucket: account.bucketName,
+            Delete: { Objects: objectsToDelete }
+        };
+        await account.s3Client.deleteObjects(deleteParams).promise();
+    }
+
+    await account.s3Client.deleteBucket({ Bucket: account.bucketName }).promise();
+    log.info('Deleted bucket', { bucket: account.bucketName });
+
+    // Delete account with vaultclient
+    await promisify(vaultClient.deleteAccount.bind(vaultClient))(account.accountName);
+    log.info('Deleted account', { account: account.accountName });
+}
