Add Hetzner Object Storage bucket-cataloger module (#1876)#3073
Add Hetzner Object Storage bucket-cataloger module (#1876)#3073ChrisJr404 wants to merge 3 commits intoblacklanternsecurity:devfrom
Conversation
…ity#1876) Closes blacklanternsecurity#1876. Hetzner offers S3-compatible Object Storage at three locations (Falkenstein fsn1, Nuremberg nbg1, Helsinki hel1), addressed at https://<bucket>.<location>.your-objectstorage.com/. cloudcheck already ships a Hetzner provider, so this just plugs a new bucket_hetzner module into the existing bucket_template: - regions = ['fsn1', 'nbg1', 'hel1'] - all three Object Storage locations documented at https://docs.hetzner.com/storage/object-storage/overview/ - base_domains = ['your-objectstorage.com'] - supports_open_check = True (S3 list-bucket protocol) Adds a focused smoke test verifying the module wires up to the cloudcheck Hetzner provider and emits the documented URL shape. The shared Bucket_Amazon_Base inherited test pattern depends on the cloudcheck regex capturing bucket + host as separate groups, but Hetzner's current cloudcheck regex matches <bucket>.your-objectstorage.com without a region segment - so the smoke-test layout is used here until the cloudcheck regex is region-aware.
|
@ChrisJr404 Thanks for doing this!! I'll see about updating the regexes on the cloudcheck side, then circle back around. |
|
Upstream cloudcheck PR: |
|
I have read the CLA Document and I hereby sign the CLA 1 out of 2 committers have signed the CLA. |
Codecov Report❌ Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## dev #3073 +/- ##
=====================================
- Coverage 91% 91% -0%
=====================================
Files 437 439 +2
Lines 37509 37533 +24
=====================================
+ Hits 33925 33943 +18
- Misses 3584 3590 +6 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
|
I have read the CLA Document and I hereby sign the CLA |
2 participants
Summary
Closes #1876 ("Module TODO: Hetzner Buckets", filed by @TheTechromancer).
Hetzner offers S3-compatible Object Storage at three locations (Falkenstein fsn1, Nuremberg nbg1, Helsinki hel1), addressed at
https://<bucket>.<location>.your-objectstorage.com/. cloudcheck already ships aHetznerprovider, so this PR just plugs a newbucket_hetznermodule into the existingbucket_template.Module
bbot/modules/bucket_hetzner.py— same shape asbucket_digitalocean.py:regions = ['fsn1', 'nbg1', 'hel1']— all three Hetzner Object Storage locations documented here.base_domains = ['your-objectstorage.com']supports_open_check = True(S3-styleListBucketResultprotocol).delimiters = ('', '-')— Hetzner bucket names allow dot/hyphen/underscore ([a-z0-9][a-z0-9-_\\.]{1,61}[a-z0-9]per cloudcheck regex), but only the no-delimiter and single-hyphen forms are useful for permutation enum.Tests
test_module_bucket_hetzner.pyis a focused smoke test:cloudcheck_provider_name == 'Hetzner',base_domains,regionsmatch expectationsbuild_url('examplebucket', 'your-objectstorage.com', 'fsn1')returns'https://examplebucket.fsn1.your-objectstorage.com/'Note for the maintainer
I started by extending `Bucket_Amazon_Base` like the other bucket tests, but the shared base depends on the cloudcheck provider regex separating bucket name and host into two groups. The current cloudcheck Hetzner regex matches `.your-objectstorage.com` without a region segment, so a fixture URL of `.fsn1.your-objectstorage.com` (which is what real Hetzner buckets look like) gets parsed with bucket-name = `.fsn1`, and the bucket-template's brute force then explodes the storage-bucket count past the asserts in the shared base test. Two ways to handle that down the road:
Happy to do (1) as a follow-up MR against
blacklanternsecurity/cloudcheckif you'd prefer that path before this lands.