Fix presign tests: use fake credentials instead of minio env vars

[w4nderlust]

Problem

make ci (and cargo test) fails on a clean checkout because 4 presign tests panic trying to read MINIO_ACCESS_KEY_ID from the environment:

• test_presign_get
• test_presign_put
• test_presign_post
• test_presign_delete

Fix

These tests only exercise local signing logic and never hit the network, so they don't actually need a running minio instance. Switched them from test_minio_bucket() (which reads env vars) to a new test_presign_bucket() helper with hardcoded fake credentials, following the same pattern already used by test_presign_url_standard_ports.

This keeps the tests in the default (non-ignored) suite so they provide CI coverage for presign PUT/POST/GET/DELETE.

Verification

make ci passes clean after this change.

---

This change is 

Summary by CodeRabbit

• Tests
  • Presign-related tests updated to use a new local test bucket helper targeting http://localhost:9000; no test assertions or public APIs changed.

Note: Internal testing update only; no user-facing changes.

[coderabbitai]

📝 Walkthrough

Walkthrough

A new private test helper test_presign_bucket() was added and four async presign tests (test_presign_put, test_presign_post, test_presign_get, test_presign_delete) were updated to use it in s3/src/bucket.rs; no public APIs were changed.

Changes

Cohort / File(s)	Summary
Presign tests & helper s3/src/bucket.rs	Added test_presign_bucket() helper that constructs a Bucket for http://localhost:9000 with fake credentials and path-style URLs; replaced calls to test_minio_bucket() in four async presign tests (test_presign_put, test_presign_post, test_presign_get, test_presign_delete). No assertions or public API signatures changed.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Poem

🐇 I stitched a bucket for local play,
With tiny keys and host at bay,
Presign dances now use my map,
Tests hop along — a merry clap! 🥕

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Title check	✅ Passed	The PR title states 'use fake credentials instead of minio env vars', but the actual fix is adding a new test helper with hardcoded fake credentials and switching tests to use it. The title suggests replacing environment variables with fake credentials, which is accurate to what was implemented.
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[brownian-motion-v0]

Brownian Motion (Brass)

Recommendation: Proceed

Summary: Marking tests as #[ignore] effectively prevents CI failures.
Risk: Low · Confidence: 90%

Highlights

• Good test coverage
• Clear commit history

Unknowns

• No linked issue

Next actions

• Keep: #[ignore] annotations for presign tests
• Drop: None
• Add: Documentation on test dependencies

Reflection questions

• What core assumption underpins this PR's approach?
• How does this change align with the project's longer-term goals?
• Could there be a simpler way to achieve the primary objective here?

[brownian-motion-v0]

Brownian Motion (Brass)

Recommendation: Proceed

Summary: PR effectively addresses test failures due to missing environment variables.
Risk: Low · Confidence: 90%

Highlights

• Good test coverage
• Clear commit history

Next actions

• Keep: the #[ignore] attribute for presign tests
• Drop: unnecessary complexity in test dependencies
• Add: documentation on test requirements

Reflection questions

• What core assumption underpins this PR's approach?
• How does this change align with the project's longer-term goals?
• Could there be a simpler way to achieve the primary objective here?

[coderabbitai]

🧹 Nitpick comments (2)

s3/src/bucket.rs (1)

3787-3787: Keep these presign tests in the default suite.

These cases only exercise local signing logic; they never make a MinIO request. The file already has the right pattern in test_presign_url_standard_ports: build a bucket with inline fake credentials. Switching these four tests to a static-credential helper would fix the MINIO_* panic without dropping default CI coverage for presign PUT/POST/GET/DELETE.

Example approach

-    #[ignore]
     async fn test_presign_put() {
-        let bucket = test_minio_bucket();
+        let bucket = test_presign_bucket();
         // ...
     }

-    #[ignore]
     async fn test_presign_post() {
-        let bucket = test_minio_bucket();
+        let bucket = test_presign_bucket();
         // ...
     }

-    #[ignore]
     async fn test_presign_get() {
-        let bucket = test_minio_bucket();
+        let bucket = test_presign_bucket();
         // ...
     }

-    #[ignore]
     async fn test_presign_delete() {
-        let bucket = test_minio_bucket();
+        let bucket = test_presign_bucket();
         // ...
     }

fn test_presign_bucket() -> Box<Bucket> {
    Bucket::new(
        "rust-s3",
        Region::Custom {
            region: "us-east-1".to_owned(),
            endpoint: "http://localhost:9000".to_owned(),
        },
        Credentials::new(
            Some("test_access_key"),
            Some("test_secret_key"),
            None,
            None,
            None,
        )
        .unwrap(),
    )
    .unwrap()
    .with_path_style()
}

As per coding guidelines, #[ignore] is meant for integration tests that require credentials: "Mark integration tests with #[ignore] if they require AWS credentials".

Also applies to: 3815-3815, 3844-3844, 3861-3861

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@s3/src/bucket.rs` at line 3787, Remove the #[ignore] attribute from the four
presign tests and make them construct a Bucket with inline fake/static
credentials (following the pattern used in test_presign_url_standard_ports)
instead of relying on MINIO_* env credentials; add or reuse a helper like
test_presign_bucket() that returns a Bucket built with
Credentials::new(Some("test_access_key"), Some("test_secret_key"), None, None,
None) and the same custom Region/endpoint, and update the presign
PUT/POST/GET/DELETE tests to call that helper so they exercise local signing
logic without requiring real AWS creds.

s3/src/request/request_trait.rs (1)

707-721: Add a provider-agnostic regression test for this header gate.

This looks like the right fix, but default CI still has no local assertion that GET/HEAD omit content-length and content-type while body-carrying verbs keep them. Right now this behavior is only exercised through ignored provider-backed coverage, so the R2 signing fix can regress silently.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@s3/src/request/request_trait.rs` around lines 707 - 721, Add a
provider-agnostic unit test that exercises the header-gating logic around
HttpMethod so regressions are caught locally: create a small test in the s3
crate (near request_trait.rs tests) that constructs command instances (or a
minimal mock implementing the same command interface) with HttpMethod::Get,
HttpMethod::Head and a body-carrying verb, call the code path that
builds/inserts headers (the code that calls self.command().http_verb(),
content_length(), and content_type()) and assert that for GET/HEAD the
CONTENT_LENGTH and CONTENT_TYPE headers are absent and for the body verb they
are present with expected values; make the test not rely on any external
provider so it runs in CI by default.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Nitpick comments:
In `@s3/src/bucket.rs`:
- Line 3787: Remove the #[ignore] attribute from the four presign tests and make
them construct a Bucket with inline fake/static credentials (following the
pattern used in test_presign_url_standard_ports) instead of relying on MINIO_*
env credentials; add or reuse a helper like test_presign_bucket() that returns a
Bucket built with Credentials::new(Some("test_access_key"),
Some("test_secret_key"), None, None, None) and the same custom Region/endpoint,
and update the presign PUT/POST/GET/DELETE tests to call that helper so they
exercise local signing logic without requiring real AWS creds.

In `@s3/src/request/request_trait.rs`:
- Around line 707-721: Add a provider-agnostic unit test that exercises the
header-gating logic around HttpMethod so regressions are caught locally: create
a small test in the s3 crate (near request_trait.rs tests) that constructs
command instances (or a minimal mock implementing the same command interface)
with HttpMethod::Get, HttpMethod::Head and a body-carrying verb, call the code
path that builds/inserts headers (the code that calls
self.command().http_verb(), content_length(), and content_type()) and assert
that for GET/HEAD the CONTENT_LENGTH and CONTENT_TYPE headers are absent and for
the body verb they are present with expected values; make the test not rely on
any external provider so it runs in CI by default.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: dee4b81f-0905-4250-888c-8ce68662766e

📥 Commits

Reviewing files that changed from the base of the PR and between 3a9314f and 5b74b1b.

📒 Files selected for processing (2)

• s3/src/bucket.rs
• s3/src/request/request_trait.rs

[brownian-motion-v0]

Brownian Motion (Brass)

Recommendation: Proceed

Summary: PR effectively addresses test failures by using fake credentials.
Risk: Low · Confidence: 90%

Highlights

• Good test coverage
• Clear commit history

Next actions

• Keep: the new test helper for presign tests
• Drop: reliance on external Minio instance for tests
• Add: documentation on the new test structure

Reflection questions

• What core assumption underpins this PR's approach?
• How does this change align with the project's longer-term goals?
• Could there be a simpler way to achieve the primary objective here?

[durch]

Thanks for fixing these presign tests. This removes the accidental dependency on Minio environment credentials and makes the presign test coverage deterministic with fake credentials, which is exactly what these unit-style signing tests need.

Local verification before merge:

• make ci passed on fix/presign-tests-missing-ignore at 181664d
• make ci-all reached ignored/provider tests; remaining failures were explicit provider cordons unrelated to this test-only PR:
  • local Minio unavailable at localhost:9000
  • existing R2 signing failures on the pre-Fix ranged GET signing failure with Cloudflare R2 #452 baseline

This also unblocks the current GitHub CI baseline for follow-up PRs that are failing on missing presign test credentials. Merging now.