s3tests: add tests of acl settings by alt user

verify ownership

Signed-off-by: Yehuda Sadeh <yehuda@redhat.com>

diff --git a/s3tests/functional/test_s3.py b/s3tests/functional/test_s3.py
index 550f107befa7340d74624b15bbfef70881bca3b5..67d4d1d85e2b29a39eb05f95d0d85711ff044805 100644 (file)
--- a/s3tests/functional/test_s3.py
+++ b/s3tests/functional/test_s3.py
@@ -3302,6 +3302,27 @@ def test_object_acl_canned_bucketownerfullcontrol():
     key.delete()
     bucket.delete()
 
+@attr(resource='object.acls')
+@attr(method='put')
+@attr(operation='set write-acp')
+@attr(assertion='does not modify owner')
+def test_object_acl_full_control_verify_owner():
+    bucket = get_new_bucket(targets.main.default)
+    bucket.set_acl('public-read-write')
+
+    key = bucket.new_key('foo')
+    key.set_contents_from_string('bar')
+
+    key.add_user_grant(permission='FULL_CONTROL', user_id=config.alt.user_id)
+
+    k2 = s3.alt.get_bucket(bucket.name).get_key('foo')
+
+    k2.add_user_grant(permission='READ_ACP', user_id=config.alt.user_id)
+
+    policy = k2.get_acl()
+    eq(policy.owner.id, config.main.user_id)
+
+
 @attr(resource='bucket')
 @attr(method='ACLs')
 @attr(operation='set acl private')
@@ -3573,6 +3594,12 @@ def test_bucket_acl_grant_userid_fullcontrol():
     # can write acl
     _check_bucket_acl_grant_can_writeacp(bucket)
 
+    # verify owner did not change
+    bucket2 = s3.main.get_bucket(bucket.name)
+    policy = bucket2.get_acl()
+    eq(policy.owner.id, config.main.user_id)
+    eq(policy.owner.display_name, config.main.display_name)
+
 
 @attr(resource='bucket')
 @attr(method='ACLs')