test/rgw/multisite: test error handling of forwarded s3:PutBucketPolicy

PutBucketPolicy doesn't parse the given policy until after it's
forwarded and applied on the master zone, so add a test that sends a
non-json policy document that will fail to parse

without the fix to rgw_forward_request_to_master(), the InvalidArgument
error Code is still mapped correctly, but the error Message is not
preserved:

>     assert e.response['Error']['Message']
> AssertionError

Signed-off-by: Casey Bodley <cbodley@redhat.com>

diff --git a/src/test/rgw/rgw_multi/tests.py b/src/test/rgw/rgw_multi/tests.py
index 4f5e6714e427873cb4a8a9b14023d7b0feed9d91..b2855e11cacfa246f7983d28dd8d0464b218705c 100644 (file)
--- a/src/test/rgw/rgw_multi/tests.py
+++ b/src/test/rgw/rgw_multi/tests.py
@@ -2210,6 +2210,27 @@ def test_role_delete_sync():
                       zone.iam_conn.get_role, RoleName=role_name)
         log.info(f'success, zone: {zone.name} does not have role: {role_name}')
 
+def test_forwarded_put_bucket_policy_error():
+    zonegroup = realm.master_zonegroup()
+    zonegroup_conns = ZonegroupConns(zonegroup)
+    primary = zonegroup_conns.rw_zones[0]
+
+    # create a bucket that blocks public policy
+    bucket = gen_bucket_name()
+    primary.create_bucket(bucket)
+    realm_meta_checkpoint(realm)
+
+    # try to write a policy that can't be parsed
+    policy = 'Invalid policy document'
+    try:
+        for zone in zonegroup_conns.rw_zones:
+            e = assert_raises(ClientError, zone.s3_client.put_bucket_policy,
+                              Bucket=bucket, Policy=policy)
+            eq(e.response['Error']['Code'], 'InvalidArgument')
+            assert e.response['Error']['Message']
+    finally:
+        zonegroup_conns.rw_zones[0].delete_bucket(bucket)
+        realm_meta_checkpoint(realm)
 
 def test_replication_status():
     zonegroup = realm.master_zonegroup()