forked from TrueCloudLab/frostfs-testcases
[#303] add morph and local deny ape tests
This commit is contained in:
parent
73eb3dc31a
commit
093b16c279
1 changed files with 261 additions and 3 deletions
|
@ -75,7 +75,7 @@ def remove_rule_ape_in_system(cluster: Cluster) -> None:
|
||||||
parallel(local_overrides_on_node, cluster.cluster_nodes)
|
parallel(local_overrides_on_node, cluster.cluster_nodes)
|
||||||
|
|
||||||
|
|
||||||
def pre_create_container_object_cli_object_cli(
|
def pre_create_container_object_cli(
|
||||||
default_user: User,
|
default_user: User,
|
||||||
remote_frostfs_cli_first_node: FrostfsCli,
|
remote_frostfs_cli_first_node: FrostfsCli,
|
||||||
frostfs_cli: FrostfsCli,
|
frostfs_cli: FrostfsCli,
|
||||||
|
@ -138,7 +138,7 @@ def pre_create_container_object_adm(
|
||||||
cid = (
|
cid = (
|
||||||
frostfs_cli.container.create(
|
frostfs_cli.container.create(
|
||||||
rpc_endpoint=cluster.storage_nodes[0].get_rpc_endpoint(),
|
rpc_endpoint=cluster.storage_nodes[0].get_rpc_endpoint(),
|
||||||
policy="REP 1 IN MOW CBF 1 SELECT 1 FROM MSK AS MOW FILTER SubDivCode EQ MOW AS MSK",
|
policy="REP 4",
|
||||||
name="dcl1",
|
name="dcl1",
|
||||||
await_mode=True,
|
await_mode=True,
|
||||||
basic_acl="0",
|
basic_acl="0",
|
||||||
|
@ -158,7 +158,7 @@ def pre_create_container_object_adm(
|
||||||
|
|
||||||
with reporter.step("Put objects in container on the first node"):
|
with reporter.step("Put objects in container on the first node"):
|
||||||
oid_1 = put_object(default_user.wallet, test_file, cid, shell, cluster.storage_nodes[0].get_rpc_endpoint())
|
oid_1 = put_object(default_user.wallet, test_file, cid, shell, cluster.storage_nodes[0].get_rpc_endpoint())
|
||||||
oid_2 = put_object(default_user.wallet, test_file, cid, shell, cluster.storage_nodes[0].get_rpc_endpoint())
|
oid_2 = put_object(default_user.wallet, test_file, cid, shell, cluster.storage_nodes[0].get_rpc_endpoint(), copies_number=3)
|
||||||
|
|
||||||
with reporter.step("Create a namespace rule for the first node"):
|
with reporter.step("Create a namespace rule for the first node"):
|
||||||
remote_frostfs_adm_first_node.morph.remove_rule(
|
remote_frostfs_adm_first_node.morph.remove_rule(
|
||||||
|
@ -757,6 +757,264 @@ class TestApeMorphRuleChain(ClusterTestBase):
|
||||||
with expect_not_raises():
|
with expect_not_raises():
|
||||||
delete_object(default_user.wallet, cid, oid_1, self.shell, self.cluster.storage_nodes[0].get_rpc_endpoint())
|
delete_object(default_user.wallet, cid, oid_1, self.shell, self.cluster.storage_nodes[0].get_rpc_endpoint())
|
||||||
|
|
||||||
|
@allure.title("MorphRuleChain: Allow to GetObject in root tenant")
|
||||||
|
def test_morph_rule_chain_allow_to_get_object_root(
|
||||||
|
self,
|
||||||
|
default_user: User,
|
||||||
|
remote_frostfs_adm_first_node: FrostfsAdm,
|
||||||
|
frostfs_cli: FrostfsCli,
|
||||||
|
simple_object_size: ObjectSize,
|
||||||
|
):
|
||||||
|
cid, oids = pre_create_container_object_adm(
|
||||||
|
default_user, remote_frostfs_adm_first_node, frostfs_cli, simple_object_size, self.shell, self.cluster
|
||||||
|
)
|
||||||
|
|
||||||
|
with reporter.step("Create a namespace rule for the first node"):
|
||||||
|
remote_frostfs_adm_first_node.morph.add_rule(
|
||||||
|
target_type="container",
|
||||||
|
target_name=f"{cid}",
|
||||||
|
chain_id="allowGetObject",
|
||||||
|
rule=f"allow Object.Get *",
|
||||||
|
)
|
||||||
|
|
||||||
|
with reporter.step("Check get object from container on the first node, allow expected"):
|
||||||
|
with expect_not_raises():
|
||||||
|
get_object(default_user.wallet, cid, oids[0], self.shell, self.cluster.storage_nodes[0].get_rpc_endpoint())
|
||||||
|
|
||||||
|
with reporter.step("Check get object from container on the second node, allow expected"):
|
||||||
|
with expect_not_raises():
|
||||||
|
get_object(default_user.wallet, cid, oids[0], self.shell, self.cluster.storage_nodes[1].get_rpc_endpoint())
|
||||||
|
|
||||||
|
with reporter.step("Delete a rule"):
|
||||||
|
remote_frostfs_adm_first_node.morph.remove_rule(
|
||||||
|
target_type="namespace",
|
||||||
|
target_name=f"kapusta",
|
||||||
|
chain_id="allowGetObject",
|
||||||
|
)
|
||||||
|
|
||||||
|
@allure.title("MorphRuleChain: allow to PutObject in root tenant")
|
||||||
|
def test_morph_rule_chain_allow_to_put_object_root(
|
||||||
|
self,
|
||||||
|
default_user: User,
|
||||||
|
remote_frostfs_adm_first_node: FrostfsAdm,
|
||||||
|
frostfs_cli: FrostfsCli,
|
||||||
|
simple_object_size: ObjectSize,
|
||||||
|
):
|
||||||
|
|
||||||
|
test_file = generate_file(simple_object_size.value)
|
||||||
|
|
||||||
|
with reporter.step("Create a container on the first node"):
|
||||||
|
cid = (
|
||||||
|
frostfs_cli.container.create(
|
||||||
|
rpc_endpoint=self.cluster.storage_nodes[0].get_rpc_endpoint(),
|
||||||
|
policy="REP 1 IN MOW CBF 1 SELECT 1 FROM MSK AS MOW FILTER SubDivCode EQ MOW AS MSK",
|
||||||
|
name="dcl1",
|
||||||
|
await_mode=True,
|
||||||
|
basic_acl="0",
|
||||||
|
)
|
||||||
|
.stdout.split(" ")[1]
|
||||||
|
.strip()
|
||||||
|
.split("\n")[0]
|
||||||
|
)
|
||||||
|
|
||||||
|
with reporter.step("Create a namespace rule for the first node"):
|
||||||
|
remote_frostfs_adm_first_node.morph.add_rule(
|
||||||
|
target_type="container",
|
||||||
|
target_name=f"{cid}",
|
||||||
|
chain_id="allowPutObject",
|
||||||
|
rule=f"allow Object.Put *",
|
||||||
|
)
|
||||||
|
|
||||||
|
with reporter.step("Check put object to container on the first node, allow expected"):
|
||||||
|
with expect_not_raises():
|
||||||
|
put_object(default_user.wallet, test_file, cid, self.shell, self.cluster.storage_nodes[0].get_rpc_endpoint())
|
||||||
|
|
||||||
|
with reporter.step("Check put object to container on the second node, allow expected"):
|
||||||
|
with expect_not_raises():
|
||||||
|
put_object(default_user.wallet, test_file, cid, self.shell, self.cluster.storage_nodes[1].get_rpc_endpoint())
|
||||||
|
|
||||||
|
with reporter.step("Delete a rule"):
|
||||||
|
remote_frostfs_adm_first_node.morph.remove_rule(
|
||||||
|
target_type="container",
|
||||||
|
target_name=f"{cid}",
|
||||||
|
chain_id="allowPutObject",
|
||||||
|
)
|
||||||
|
|
||||||
|
@allure.title("MorphRuleChain: Allow to HeadObject in root tenant")
|
||||||
|
def test_morph_rule_chain_allow_to_head_object_root(
|
||||||
|
self,
|
||||||
|
default_user: User,
|
||||||
|
remote_frostfs_adm_first_node: FrostfsAdm,
|
||||||
|
frostfs_cli: FrostfsCli,
|
||||||
|
simple_object_size: ObjectSize,
|
||||||
|
):
|
||||||
|
cid, oids = pre_create_container_object_adm(
|
||||||
|
default_user, remote_frostfs_adm_first_node, frostfs_cli, simple_object_size, self.shell, self.cluster
|
||||||
|
)
|
||||||
|
|
||||||
|
with reporter.step("Create a namespace rule for the first node"):
|
||||||
|
remote_frostfs_adm_first_node.morph.add_rule(
|
||||||
|
target_type="container",
|
||||||
|
target_name=f"{cid}",
|
||||||
|
chain_id="allowHeadObject",
|
||||||
|
rule=f"allow Object.Head *",
|
||||||
|
)
|
||||||
|
|
||||||
|
with reporter.step("Check head object from container on the first node, allow expected"):
|
||||||
|
with expect_not_raises():
|
||||||
|
head_object(default_user.wallet, cid, oids[0], self.shell, self.cluster.storage_nodes[0].get_rpc_endpoint())
|
||||||
|
|
||||||
|
with reporter.step("Check head object from container on the second node, allow expected"):
|
||||||
|
with expect_not_raises():
|
||||||
|
head_object(default_user.wallet, cid, oids[0], self.shell, self.cluster.storage_nodes[1].get_rpc_endpoint())
|
||||||
|
|
||||||
|
with reporter.step("Delete a rule"):
|
||||||
|
remote_frostfs_adm_first_node.morph.remove_rule(
|
||||||
|
target_type="namespace",
|
||||||
|
target_name=f"kapusta",
|
||||||
|
chain_id="allowHeadObject",
|
||||||
|
)
|
||||||
|
|
||||||
|
@allure.title("MorphRuleChain: Allow to SearchObject in root tenant")
|
||||||
|
def test_morph_rule_chain_allow_to_search_object_root(
|
||||||
|
self,
|
||||||
|
default_user: User,
|
||||||
|
remote_frostfs_adm_first_node: FrostfsAdm,
|
||||||
|
frostfs_cli: FrostfsCli,
|
||||||
|
simple_object_size: ObjectSize,
|
||||||
|
):
|
||||||
|
cid, oids = pre_create_container_object_adm(
|
||||||
|
default_user, remote_frostfs_adm_first_node, frostfs_cli, simple_object_size, self.shell, self.cluster
|
||||||
|
)
|
||||||
|
|
||||||
|
with reporter.step("Create a namespace rule for the first node"):
|
||||||
|
remote_frostfs_adm_first_node.morph.add_rule(
|
||||||
|
target_type="container",
|
||||||
|
target_name=f"{cid}",
|
||||||
|
chain_id="allowSearchObject",
|
||||||
|
rule=f"allow Object.Search *",
|
||||||
|
)
|
||||||
|
|
||||||
|
with reporter.step("Check search object from container on the first node, allow expected"):
|
||||||
|
with expect_not_raises():
|
||||||
|
search_object(default_user.wallet, cid, self.shell, self.cluster.storage_nodes[0].get_rpc_endpoint())
|
||||||
|
|
||||||
|
with reporter.step("Check search object from container on the second node, allow expected"):
|
||||||
|
with expect_not_raises():
|
||||||
|
search_object(default_user.wallet, cid, self.shell, self.cluster.storage_nodes[1].get_rpc_endpoint())
|
||||||
|
|
||||||
|
with reporter.step("Delete a rule"):
|
||||||
|
remote_frostfs_adm_first_node.morph.remove_rule(
|
||||||
|
target_type="namespace",
|
||||||
|
target_name=f"kapusta",
|
||||||
|
chain_id="allowSearchObject",
|
||||||
|
)
|
||||||
|
|
||||||
|
@allure.title("MorphRuleChain: Allow to RangehObject in root tenant")
|
||||||
|
def test_morph_rule_chain_allow_to_range_object_root(
|
||||||
|
self,
|
||||||
|
default_user: User,
|
||||||
|
remote_frostfs_adm_first_node: FrostfsAdm,
|
||||||
|
frostfs_cli: FrostfsCli,
|
||||||
|
simple_object_size: ObjectSize,
|
||||||
|
):
|
||||||
|
cid, oids = pre_create_container_object_adm(
|
||||||
|
default_user, remote_frostfs_adm_first_node, frostfs_cli, simple_object_size, self.shell, self.cluster
|
||||||
|
)
|
||||||
|
|
||||||
|
with reporter.step("Create a namespace rule for the first node"):
|
||||||
|
remote_frostfs_adm_first_node.morph.add_rule(
|
||||||
|
target_type="container",
|
||||||
|
target_name=f"{cid}",
|
||||||
|
chain_id="allowRangeObject",
|
||||||
|
rule=f"allow Object.Range *",
|
||||||
|
)
|
||||||
|
|
||||||
|
with reporter.step("Check range object from container on the first node, allow expected"):
|
||||||
|
with expect_not_raises():
|
||||||
|
get_range(default_user.wallet, cid, oids[0], "0:10", self.shell, self.cluster.storage_nodes[0].get_rpc_endpoint())
|
||||||
|
|
||||||
|
with reporter.step("Check range object from container on the second node, allow expected"):
|
||||||
|
with expect_not_raises():
|
||||||
|
get_range(default_user.wallet, cid, oids[0], "0:10", self.shell, self.cluster.storage_nodes[1].get_rpc_endpoint())
|
||||||
|
|
||||||
|
with reporter.step("Delete a rule"):
|
||||||
|
remote_frostfs_adm_first_node.morph.remove_rule(
|
||||||
|
target_type="namespace",
|
||||||
|
target_name=f"kapusta",
|
||||||
|
chain_id="allowRangeObject",
|
||||||
|
)
|
||||||
|
|
||||||
|
@allure.title("MorphRuleChain: Allow to Hash Object in root tenant")
|
||||||
|
def test_morph_rule_chain_allow_to_hash_object_root(
|
||||||
|
self,
|
||||||
|
default_user: User,
|
||||||
|
remote_frostfs_adm_first_node: FrostfsAdm,
|
||||||
|
frostfs_cli: FrostfsCli,
|
||||||
|
simple_object_size: ObjectSize,
|
||||||
|
):
|
||||||
|
cid, oids = pre_create_container_object_adm(
|
||||||
|
default_user, remote_frostfs_adm_first_node, frostfs_cli, simple_object_size, self.shell, self.cluster
|
||||||
|
)
|
||||||
|
|
||||||
|
with reporter.step("Create a namespace rule for the first node"):
|
||||||
|
remote_frostfs_adm_first_node.morph.add_rule(
|
||||||
|
target_type="container",
|
||||||
|
target_name=f"{cid}",
|
||||||
|
chain_id="allowHashObject",
|
||||||
|
rule=f"allow Object.Hash *",
|
||||||
|
)
|
||||||
|
|
||||||
|
with reporter.step("Check range hash object from container on the first node, allow expected"):
|
||||||
|
with expect_not_raises():
|
||||||
|
get_range_hash(default_user.wallet, cid, oids[0], "0:10", self.shell, self.cluster.storage_nodes[0].get_rpc_endpoint())
|
||||||
|
|
||||||
|
with reporter.step("Check range hash object from container on the second node, allow expected"):
|
||||||
|
with expect_not_raises():
|
||||||
|
get_range_hash(default_user.wallet, cid, oids[0], "0:10", self.shell, self.cluster.storage_nodes[1].get_rpc_endpoint())
|
||||||
|
|
||||||
|
with reporter.step("Delete a rule"):
|
||||||
|
remote_frostfs_adm_first_node.morph.remove_rule(
|
||||||
|
target_type="namespace",
|
||||||
|
target_name=f"kapusta",
|
||||||
|
chain_id="allowHashObject",
|
||||||
|
)
|
||||||
|
|
||||||
|
@allure.title("MorphRuleChain: Allow to Delete Object in root tenant")
|
||||||
|
def test_morph_rule_chain_allow_to_delete_object_root(
|
||||||
|
self,
|
||||||
|
default_user: User,
|
||||||
|
remote_frostfs_adm_first_node: FrostfsAdm,
|
||||||
|
frostfs_cli: FrostfsCli,
|
||||||
|
simple_object_size: ObjectSize,
|
||||||
|
):
|
||||||
|
cid, oids = pre_create_container_object_adm(
|
||||||
|
default_user, remote_frostfs_adm_first_node, frostfs_cli, simple_object_size, self.shell, self.cluster
|
||||||
|
)
|
||||||
|
|
||||||
|
with reporter.step("Create a namespace rule for the first node"):
|
||||||
|
remote_frostfs_adm_first_node.morph.add_rule(
|
||||||
|
target_type="container",
|
||||||
|
target_name=f"{cid}",
|
||||||
|
chain_id="allowDeleteObject",
|
||||||
|
rule=f"allow Object.Head Object.Delete *",
|
||||||
|
)
|
||||||
|
|
||||||
|
with reporter.step("Check delete object from container on the first node, allow expected"):
|
||||||
|
with expect_not_raises():
|
||||||
|
delete_object(default_user.wallet, cid, oids[0], self.shell, self.cluster.storage_nodes[0].get_rpc_endpoint())
|
||||||
|
|
||||||
|
with reporter.step("Check delete object from container on the second node, allow expected"):
|
||||||
|
with expect_not_raises():
|
||||||
|
delete_object(default_user.wallet, cid, oids[1], self.shell, self.cluster.storage_nodes[1].get_rpc_endpoint())
|
||||||
|
|
||||||
|
with reporter.step("Delete a rule"):
|
||||||
|
remote_frostfs_adm_first_node.morph.remove_rule(
|
||||||
|
target_type="namespace",
|
||||||
|
target_name=f"kapusta",
|
||||||
|
chain_id="allowDeleteObject",
|
||||||
|
)
|
||||||
|
|
||||||
|
|
||||||
@pytest.mark.ape
|
@pytest.mark.ape
|
||||||
@pytest.mark.ape_local
|
@pytest.mark.ape_local
|
||||||
|
|
Loading…
Reference in a new issue