CAPPL-847: storage test policy (#1891)

mchain0 · web-flow · commit d6febbda2d62 · 2025-06-12T10:19:54.000+02:00
* CAPPL-847: storage test policy
diff --git a/framework/.changeset/v0.9.4.md b/framework/.changeset/v0.9.4.md
@@ -0,0 +1 @@
+- Test local S3 provider: public bucket policy
diff --git a/framework/components/s3provider/minio.go b/framework/components/s3provider/minio.go
@@ -244,6 +244,36 @@ func (mf MinioFactory) run(m *Minio) (Provider, error) {
 		return nil, err
 	}
 
+	myPolicy := fmt.Sprintf(`
+		{
+			"Version": "2012-10-17",
+			"Statement": [
+				{
+					"Action": [
+						"s3:GetObject"
+					],
+					"Effect": "Allow",
+					"Principal": {
+						"AWS": [
+							"*"
+						]
+					},
+					"Resource": [
+						"arn:aws:s3:::%s/*"
+					],
+					"Sid": ""
+				}
+			]
+		}
+	`, m.GetBucket())
+
+	err = minioClient.SetBucketPolicy(ctx, m.GetBucket(), myPolicy)
+	if err != nil {
+		framework.L.Warn().Str("error", err.Error()).Msg("failed to set public policy to minio bucket")
+
+		return nil, err
+	}
+
 	return m, nil
 }
 
diff --git a/framework/components/s3provider/minio_test.go b/framework/components/s3provider/minio_test.go
@@ -3,6 +3,8 @@ package s3provider
 import (
 	"context"
 	"fmt"
+	"io"
+	"net/http"
 	"testing"
 
 	"github.com/google/go-cmp/cmp"
@@ -27,17 +29,19 @@ func TestNew(t *testing.T) {
 
 	// Test Output
 	output := s3provider.Output()
-	require.True(t,
-		cmp.Equal(&Output{
-			AccessKey:    accessKey,
-			SecretKey:    secretKey,
-			Bucket:       DefaultBucket,
-			ConsoleURL:   s3provider.GetConsoleURL(),
-			Endpoint:     s3provider.GetEndpoint(),
-			BaseEndpoint: fmt.Sprintf("%s:%d", DefaultHost, port),
-			Region:       s3provider.GetRegion(),
-			UseCache:     false,
-		}, output))
+	expected := &Output{
+		AccessKey:      accessKey,
+		SecretKey:      secretKey,
+		Bucket:         DefaultBucket,
+		ConsoleURL:     s3provider.GetConsoleURL(),
+		ConsoleBaseURL: s3provider.GetConsoleBaseURL(),
+		Endpoint:       s3provider.GetEndpoint(),
+		BaseEndpoint:   fmt.Sprintf("%s:%d", DefaultHost, port),
+		Region:         s3provider.GetRegion(),
+		UseCache:       false,
+	}
+	fmt.Printf("%#v\n%#v\n", expected, output)
+	require.True(t, cmp.Equal(expected, output))
 	require.Len(t, output.AccessKey, accessKeyLength)
 	require.Len(t, output.SecretKey, secretKeyLength)
 
@@ -48,7 +52,20 @@ func TestNew(t *testing.T) {
 	})
 	require.NoError(t, err)
 
-	helperUploadFile(t, minioClient, s3provider.GetBucket())
+	info, err := helperUploadFile(minioClient, s3provider.GetBucket())
+	require.NoError(t, err)
+	require.Equal(t, int64(7), info.Size)
+
+	statusCode, err := helperDownloadFile(
+		fmt.Sprintf(
+			"http://%s/%s/%s",
+			output.Endpoint,
+			output.Bucket,
+			info.Key,
+		),
+	)
+	require.NoError(t, err)
+	require.Equal(t, http.StatusOK, statusCode)
 }
 
 func TestNewFrom(t *testing.T) {
@@ -64,16 +81,17 @@ func TestNewFrom(t *testing.T) {
 	require.NoError(t, err)
 
 	// Test Output
-	fmt.Printf("%#v\n", output)
-	require.True(t,
-		cmp.Equal(&Output{
-			Bucket:       DefaultBucket,
-			ConsoleURL:   fmt.Sprintf("http://%s:%d", "127.0.0.1", consolePort),
-			Endpoint:     fmt.Sprintf("%s:%d", "127.0.0.1", port),
-			BaseEndpoint: fmt.Sprintf("%s:%d", "minio", port),
-			Region:       DefaultRegion,
-			UseCache:     false,
-		}, output, cmpopts.IgnoreFields(Output{}, "AccessKey", "SecretKey")))
+	expected := &Output{
+		Bucket:         DefaultBucket,
+		ConsoleURL:     fmt.Sprintf("http://%s:%d", "127.0.0.1", consolePort),
+		ConsoleBaseURL: fmt.Sprintf("http://%s:%d", DefaultHost, consolePort),
+		Endpoint:       fmt.Sprintf("%s:%d", "127.0.0.1", port),
+		BaseEndpoint:   fmt.Sprintf("%s:%d", DefaultHost, port),
+		Region:         DefaultRegion,
+		UseCache:       false,
+	}
+	fmt.Printf("%#v\n%#v\n", expected, output)
+	require.True(t, cmp.Equal(expected, output, cmpopts.IgnoreFields(Output{}, "AccessKey", "SecretKey")))
 	require.Len(t, output.AccessKey, accessKeyLength)
 	require.Len(t, output.SecretKey, secretKeyLength)
 
@@ -84,10 +102,23 @@ func TestNewFrom(t *testing.T) {
 	})
 	require.NoError(t, err)
 
-	helperUploadFile(t, minioClient, output.Bucket)
+	info, err := helperUploadFile(minioClient, output.Bucket)
+	require.NoError(t, err)
+	require.Equal(t, int64(7), info.Size)
+
+	statusCode, err := helperDownloadFile(
+		fmt.Sprintf(
+			"http://%s/%s/%s",
+			output.Endpoint,
+			output.Bucket,
+			info.Key,
+		),
+	)
+	require.NoError(t, err)
+	require.Equal(t, http.StatusOK, statusCode)
 }
 
-func helperUploadFile(t *testing.T, minioClient *minio.Client, bucket string) {
+func helperUploadFile(minioClient *minio.Client, bucket string) (*minio.UploadInfo, error) {
 	// Test file upload
 	filename := "test.txt"
 	filePath := "./" + filename
@@ -99,6 +130,23 @@ func helperUploadFile(t *testing.T, minioClient *minio.Client, bucket string) {
 		filePath,
 		minio.PutObjectOptions{ContentType: contentType},
 	)
-	require.NoError(t, err)
-	require.Equal(t, int64(7), info.Size)
+	if err != nil {
+		return nil, err
+	}
+	return &info, nil
+}
+
+func helperDownloadFile(url string) (int, error) {
+	fmt.Printf("Downloading: %s\n", url)
+	resp, err := http.Get(url) //nolint:gosec //ignoring G107
+	if err != nil {
+		return 0, err
+	}
+	defer func(Body io.ReadCloser) {
+		err := Body.Close()
+		if err != nil {
+			panic(err)
+		}
+	}(resp.Body)
+	return resp.StatusCode, nil
 }

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1 @@`
	`1`	`+- Test local S3 provider: public bucket policy`