diff --git a/pytest_tests/testsuites/ape/test_ape.py b/pytest_tests/testsuites/ape/test_ape.py index 6a0e45f..1b70d4a 100644 --- a/pytest_tests/testsuites/ape/test_ape.py +++ b/pytest_tests/testsuites/ape/test_ape.py @@ -1024,3 +1024,646 @@ class TestApeMorphRuleChain(ClusterTestBase): target_name=f"kapusta", chain_id="allowDeleteObject", ) + + +@pytest.mark.ape +@pytest.mark.ape_local +class TestApeLocalOverride(ClusterTestBase): + @allure.title("LocalOverride: Deny to GetContainer in root tenant") + def test_local_override_deny_to_get_container_root( + self, + remote_frostfs_cli_first_node: FrostfsCli, + frostfs_cli: FrostfsCli, + remove_rule_ape_in_local_override: None, + ): + chain_id = "denyContainerGet" + remove_rule_ape_in_local_override.append(chain_id) + + with reporter.step("Create a container on the first node"): + cid = ( + frostfs_cli.container.create( + rpc_endpoint=self.cluster.storage_nodes[0].get_rpc_endpoint(), + policy="REP 4", + name="dcl1", + await_mode=True, + basic_acl="public-read-write", + ) + .stdout.split(" ")[1] + .strip() + .split("\n")[0] + ) + + with reporter.step("Create a namespace rule for the first node"): + remote_frostfs_cli_first_node.control.add_rule( + endpoint=self.cluster.storage_nodes[0].get_control_endpoint(), + target_type="namespace", + target_name="root", + chain_id=chain_id, + rule="deny Container.Get *", + ) + + with reporter.step("[NEGATIVE] Check get the container property on the first node"): + with pytest.raises(RuntimeError, match=RULE_ACCESS_DENIED_CONTAINER.format(operation=Operations.GET_CONTAINER.value)): + frostfs_cli.container.get(self.cluster.storage_nodes[0].get_rpc_endpoint(), cid) + + with reporter.step("Check get the container property on the second node"): + with expect_not_raises(): + frostfs_cli.container.get(self.cluster.storage_nodes[1].get_rpc_endpoint(), cid) + + with reporter.step("Delete a rule"): + remote_frostfs_cli_first_node.control.remove_rule( + endpoint=self.cluster.storage_nodes[0].get_control_endpoint(), + target_type="namespace", + target_name="root", + chain_id=chain_id, + ) + + with reporter.step("Wait for one block"): + time.sleep(datetime_utils.parse_time(MORPH_BLOCK_TIME)) + + with reporter.step("Check get the container property on the first node"): + with expect_not_raises(): + frostfs_cli.container.get(self.cluster.storage_nodes[0].get_rpc_endpoint(), cid) + + @allure.title("LocalOverride: Deny to PutContainer in root tenant") + def test_local_override_deny_to_put_container_root( + self, + remote_frostfs_cli_first_node: FrostfsCli, + frostfs_cli: FrostfsCli, + remove_rule_ape_in_local_override: None, + ): + + chain_id = "denyContainerPut" + remove_rule_ape_in_local_override.append(chain_id) + + with reporter.step("Create a namespace rule for the first node"): + remote_frostfs_cli_first_node.control.add_rule( + endpoint=self.cluster.storage_nodes[0].get_control_endpoint(), + target_type="namespace", + target_name="root", + chain_id=chain_id, + rule="deny Container.Put *", + ) + + with reporter.step("[NEGATIVE] Check create container on the first node"): + with pytest.raises(RuntimeError, match=RULE_ACCESS_DENIED_CONTAINER.format(operation=Operations.PUT_CONTAINER.value)): + frostfs_cli.container.create( + rpc_endpoint=self.cluster.storage_nodes[0].get_rpc_endpoint(), + policy="REP 4", + name="dcl1", + await_mode=True, + basic_acl="public-read-write", + ) + + with reporter.step("Check create a container on the second node"): + with expect_not_raises(): + frostfs_cli.container.create( + rpc_endpoint=self.cluster.storage_nodes[1].get_rpc_endpoint(), + policy="REP 4", + name="dcl2", + await_mode=True, + basic_acl="public-read-write", + ) + + with reporter.step("Delete a rule"): + remote_frostfs_cli_first_node.control.remove_rule( + endpoint=self.cluster.storage_nodes[0].get_control_endpoint(), + target_type="namespace", + target_name="root", + chain_id=chain_id, + ) + + with reporter.step("Wait for one block"): + time.sleep(datetime_utils.parse_time(MORPH_BLOCK_TIME)) + + with reporter.step("Check create a container on the first node"): + with expect_not_raises(): + frostfs_cli.container.create( + rpc_endpoint=self.cluster.storage_nodes[0].get_rpc_endpoint(), + policy="REP 4", + name="dcl3", + await_mode=True, + basic_acl="public-read-write", + ) + + @allure.title("LocalOverride: Deny to ListContainer in root tenant") + def test_local_override_deny_to_list_container_root( + self, + remote_frostfs_cli_first_node: FrostfsCli, + frostfs_cli: FrostfsCli, + remove_rule_ape_in_local_override: None, + ): + + chain_id = "denyContainerList" + remove_rule_ape_in_local_override.append(chain_id) + + with reporter.step("Create a namespace rule for the first node"): + remote_frostfs_cli_first_node.control.add_rule( + endpoint=self.cluster.storage_nodes[0].get_control_endpoint(), + target_type="namespace", + target_name="root", + chain_id=chain_id, + rule="deny Container.List *", + ) + + with reporter.step("[NEGATIVE] Check list the container properties on the first node"): + with pytest.raises(RuntimeError, match=RULE_ACCESS_DENIED_CONTAINER.format(operation=Operations.LIST_CONTAINER.value)): + frostfs_cli.container.list(rpc_endpoint=self.cluster.storage_nodes[0].get_rpc_endpoint(), ttl=1) + + with reporter.step("Check list the container properties on the second node"): + with expect_not_raises(): + frostfs_cli.container.list(rpc_endpoint=self.cluster.storage_nodes[1].get_rpc_endpoint(), ttl=1) + + with reporter.step("Delete a rule"): + remote_frostfs_cli_first_node.control.remove_rule( + endpoint=self.cluster.storage_nodes[0].get_control_endpoint(), + target_type="namespace", + target_name="root", + chain_id=chain_id, + ) + + with reporter.step("Wait for one block"): + time.sleep(datetime_utils.parse_time(MORPH_BLOCK_TIME)) + + with reporter.step("Check display a list of containers on the first node"): + with expect_not_raises(): + frostfs_cli.container.list(rpc_endpoint=self.cluster.storage_nodes[0].get_rpc_endpoint(), ttl=1) + + @allure.title("LocalOverride: Deny to DeleteContainer in root tenant") + def test_local_override_deny_to_delete_container_root( + self, + remote_frostfs_cli_first_node: FrostfsCli, + frostfs_cli: FrostfsCli, + remove_rule_ape_in_local_override: None, + ): + + chain_id = "denyContainerDelete" + remove_rule_ape_in_local_override.append(chain_id) + + with reporter.step("Create a namespace rule for the first node"): + remote_frostfs_cli_first_node.control.add_rule( + endpoint=self.cluster.storage_nodes[0].get_control_endpoint(), + target_type="namespace", + target_name="root", + chain_id=chain_id, + rule="deny Container.Delete *", + ) + + with reporter.step("Create containers on the first node"): + cid_1 = ( + frostfs_cli.container.create( + rpc_endpoint=self.cluster.storage_nodes[0].get_rpc_endpoint(), + policy="REP 4", + name="dcl1", + await_mode=True, + basic_acl="public-read-write", + ) + .stdout.split(" ")[1] + .strip() + .split("\n")[0] + ) + + cid_2 = ( + frostfs_cli.container.create( + rpc_endpoint=self.cluster.storage_nodes[0].get_rpc_endpoint(), + policy="REP 4", + name="dcl2", + await_mode=True, + basic_acl="public-read-write", + ) + .stdout.split(" ")[1] + .strip() + .split("\n")[0] + ) + + with reporter.step("[NEGATIVE] Check delete first container from the first node"): + with pytest.raises(RuntimeError, match=RULE_ACCESS_DENIED_CONTAINER.format(operation=Operations.DELETE_CONTAINER.value)): + frostfs_cli.container.delete(self.cluster.storage_nodes[0].get_rpc_endpoint(), cid_1, ttl=1) + + with reporter.step("Check delete a second container from the second node"): + with expect_not_raises(): + frostfs_cli.container.delete(self.cluster.storage_nodes[1].get_rpc_endpoint(), cid_2, ttl=1) + + with reporter.step("Delete a rule"): + remote_frostfs_cli_first_node.control.remove_rule( + endpoint=self.cluster.storage_nodes[0].get_control_endpoint(), + target_type="namespace", + target_name="root", + chain_id=chain_id, + ) + + with reporter.step("Wait for one block"): + time.sleep(datetime_utils.parse_time(MORPH_BLOCK_TIME)) + + with reporter.step("Check delete first container from the first node"): + with expect_not_raises(): + frostfs_cli.container.delete(self.cluster.storage_nodes[0].get_rpc_endpoint(), cid_1, ttl=1) + + @allure.title("LocalOverride: Deny to GetObject in root tenant") + def test_local_override_deny_to_get_object_root( + self, + default_user: User, + remote_frostfs_cli_first_node: FrostfsCli, + frostfs_cli: FrostfsCli, + simple_object_size: ObjectSize, + ): + test_file = generate_file(simple_object_size.value) + + with reporter.step("Create a container on the first node"): + cid = ( + frostfs_cli.container.create( + rpc_endpoint=self.cluster.storage_nodes[0].get_rpc_endpoint(), + policy="REP 4", + name="dcl1", + await_mode=True, + basic_acl="public-read-write", + ) + .stdout.split(" ")[1] + .strip() + .split("\n")[0] + ) + + with reporter.step("Create a container rule for the first node"): + remote_frostfs_cli_first_node.control.add_rule( + endpoint=self.cluster.storage_nodes[0].get_control_endpoint(), + target_type="container", + target_name=f"{cid}", + chain_id="denyGetObject", + rule=f"deny Object.Get /{cid}/*", + ) + + with reporter.step("Put object in container on the first node"): + oid = put_object(default_user.wallet, test_file, cid, self.shell, self.cluster.storage_nodes[0].get_rpc_endpoint()) + + with reporter.step("[NEGATIVE] Check get object from container on the first node"): + with pytest.raises(RuntimeError, match=RULE_ACCESS_DENIED_OBJECT.format(operation=Operations.GET_OBJECT.value)): + get_object(default_user.wallet, cid, oid, self.shell, self.cluster.storage_nodes[0].get_rpc_endpoint()) + + with reporter.step("Check get object from container on the second node"): + with expect_not_raises(): + get_object(default_user.wallet, cid, oid, self.shell, self.cluster.storage_nodes[1].get_rpc_endpoint()) + + with reporter.step("Delete a rule"): + remote_frostfs_cli_first_node.control.remove_rule( + endpoint=self.cluster.storage_nodes[0].get_control_endpoint(), + target_type="container", + target_name=f"{cid}", + chain_id="denyGetObject", + ) + + with reporter.step("Check get object in container on the first node"): + with expect_not_raises(): + get_object(default_user.wallet, cid, oid, self.shell, self.cluster.storage_nodes[0].get_rpc_endpoint()) + + @allure.title("LocalOverride: Deny to PutObject in root tenant") + def test_local_override_deny_to_put_object_root( + self, + default_user: User, + remote_frostfs_cli_first_node: FrostfsCli, + frostfs_cli: FrostfsCli, + simple_object_size: ObjectSize, + ): + + test_file = generate_file(simple_object_size.value) + + with reporter.step("Create a container on the first node"): + cid = ( + frostfs_cli.container.create( + rpc_endpoint=self.cluster.storage_nodes[0].get_rpc_endpoint(), + policy="REP 4", + name="dcl1", + await_mode=True, + basic_acl="public-read-write", + ) + .stdout.split(" ")[1] + .strip() + .split("\n")[0] + ) + + with reporter.step("Create a container rule for the first node"): + remote_frostfs_cli_first_node.control.add_rule( + endpoint=self.cluster.storage_nodes[0].get_control_endpoint(), + target_type="container", + target_name=f"{cid}", + chain_id="denyPutObject", + rule=f"deny Object.Put /{cid}/*", + ) + + with reporter.step("[NEGATIVE] Check put object from container on the first node"): + with pytest.raises(RuntimeError, match=RULE_ACCESS_DENIED_OBJECT.format(operation=Operations.PUT_OBJECT.value)): + put_object(default_user.wallet, test_file, cid, self.shell, self.cluster.storage_nodes[0].get_rpc_endpoint()) + + with reporter.step("Check put object from container on the second node"): + with expect_not_raises(): + put_object( + default_user.wallet, test_file, cid, self.shell, self.cluster.storage_nodes[1].get_rpc_endpoint(), copies_number=3 + ) + + with reporter.step("Delete a rule"): + remote_frostfs_cli_first_node.control.remove_rule( + endpoint=self.cluster.storage_nodes[0].get_control_endpoint(), + target_type="container", + target_name=f"{cid}", + chain_id="denyPutObject", + ) + + with reporter.step("Check get object in container on the first node"): + with expect_not_raises(): + put_object(default_user.wallet, test_file, cid, self.shell, self.cluster.storage_nodes[0].get_rpc_endpoint()) + + @allure.title("LocalOverride: Deny to HeadObject in root tenant") + def test_local_override_deny_to_head_object_root( + self, + default_user: User, + remote_frostfs_cli_first_node: FrostfsCli, + frostfs_cli: FrostfsCli, + simple_object_size: ObjectSize, + ): + + test_file = generate_file(simple_object_size.value) + + with reporter.step("Create a container on the first node"): + cid = ( + frostfs_cli.container.create( + rpc_endpoint=self.cluster.storage_nodes[0].get_rpc_endpoint(), + policy="REP 2", + name="dcl1", + await_mode=True, + basic_acl="public-read-write", + ) + .stdout.split(" ")[1] + .strip() + .split("\n")[0] + ) + + with reporter.step("Create a container rule for the first node"): + remote_frostfs_cli_first_node.control.add_rule( + endpoint=self.cluster.storage_nodes[0].get_control_endpoint(), + target_type="container", + target_name=f"{cid}", + chain_id="denyHeadObject", + rule=f"deny Object.Head /{cid}/*", + ) + + with reporter.step("Put object in container on the first node"): + oid = put_object(default_user.wallet, test_file, cid, self.shell, self.cluster.storage_nodes[0].get_rpc_endpoint()) + + with reporter.step("[NEGATIVE] Check head object from container on the first node"): + with pytest.raises(RuntimeError, match=RULE_ACCESS_DENIED_OBJECT.format(operation=Operations.HEAD_OBJECT.value)): + head_object(default_user.wallet, cid, oid, self.shell, self.cluster.storage_nodes[0].get_rpc_endpoint()) + + with reporter.step("Check head object from container on the second node"): + with expect_not_raises(): + head_object(default_user.wallet, cid, oid, self.shell, self.cluster.storage_nodes[1].get_rpc_endpoint()) + + with reporter.step("Delete a rule"): + remote_frostfs_cli_first_node.control.remove_rule( + endpoint=self.cluster.storage_nodes[0].get_control_endpoint(), + target_type="container", + target_name=f"{cid}", + chain_id="denyHeadObject", + ) + + with reporter.step("Check head object in container on the first node"): + with expect_not_raises(): + head_object(default_user.wallet, cid, oid, self.shell, self.cluster.storage_nodes[0].get_rpc_endpoint()) + + @allure.title("LocalOverride: Deny to SearchObject in root tenant") + def test_local_override_deny_to_search_object_root( + self, + default_user: User, + remote_frostfs_cli_first_node: FrostfsCli, + frostfs_cli: FrostfsCli, + simple_object_size: ObjectSize, + ): + + test_file = generate_file(simple_object_size.value) + + with reporter.step("Create a container on the first node"): + cid = ( + frostfs_cli.container.create( + rpc_endpoint=self.cluster.storage_nodes[0].get_rpc_endpoint(), + policy="REP 2", + name="dcl1", + await_mode=True, + basic_acl="public-read-write", + ) + .stdout.split(" ")[1] + .strip() + .split("\n")[0] + ) + + with reporter.step("Create a container rule for the first node"): + remote_frostfs_cli_first_node.control.add_rule( + endpoint=self.cluster.storage_nodes[0].get_control_endpoint(), + target_type="container", + target_name=f"{cid}", + chain_id="denySearchObject", + rule=f"deny Object.Search /{cid}/*", + ) + + with reporter.step("[NEGATIVE] Check search object from container on the first node"): + with pytest.raises(RuntimeError, match=RULE_ACCESS_DENIED_OBJECT.format(operation=Operations.SEARCH_OBJECT.value)): + search_object(default_user.wallet, cid, self.shell, self.cluster.storage_nodes[0].get_rpc_endpoint()) + + with reporter.step("Check search object from container on the second node"): + with expect_not_raises(): + search_object(default_user.wallet, cid, self.shell, self.cluster.storage_nodes[1].get_rpc_endpoint()) + + with reporter.step("Delete a rule"): + remote_frostfs_cli_first_node.control.remove_rule( + endpoint=self.cluster.storage_nodes[0].get_control_endpoint(), + target_type="container", + target_name=f"{cid}", + chain_id="denySearchObject", + ) + + with reporter.step("Check search object in container on the first node"): + with expect_not_raises(): + search_object(default_user.wallet, cid, self.shell, self.cluster.storage_nodes[0].get_rpc_endpoint()) + + @allure.title("LocalOverride: Deny to RangeObject in root tenant") + def test_local_override_deny_to_range_object_root( + self, + default_user: User, + remote_frostfs_cli_first_node: FrostfsCli, + frostfs_cli: FrostfsCli, + simple_object_size: ObjectSize, + ): + test_file = generate_file(simple_object_size.value) + + with reporter.step("Create a container on the first node"): + cid = ( + frostfs_cli.container.create( + rpc_endpoint=self.cluster.storage_nodes[0].get_rpc_endpoint(), + policy="REP 2", + name="dcl1", + await_mode=True, + basic_acl="public-read-write", + ) + .stdout.split(" ")[1] + .strip() + .split("\n")[0] + ) + + with reporter.step("Create a container rule for the first node"): + remote_frostfs_cli_first_node.control.add_rule( + endpoint=self.cluster.storage_nodes[0].get_control_endpoint(), + target_type="container", + target_name=f"{cid}", + chain_id="denyRangeObject", + rule=f"deny Object.Range /{cid}/*", + ) + + with reporter.step("Put object in container on the first node"): + oid = put_object(default_user.wallet, test_file, cid, self.shell, self.cluster.storage_nodes[0].get_rpc_endpoint()) + + with reporter.step("[NEGATIVE] Check range object from container on the first node"): + with pytest.raises(RuntimeError, match=RULE_ACCESS_DENIED_OBJECT.format(operation=Operations.RANGE_OBJECT.value)): + get_range(default_user.wallet, cid, oid, "0:10", self.shell, self.cluster.storage_nodes[0].get_rpc_endpoint()) + + with reporter.step("Check get range object from container on the second node"): + with expect_not_raises(): + get_range(default_user.wallet, cid, oid, "0:10", self.shell, self.cluster.storage_nodes[1].get_rpc_endpoint()) + + with reporter.step("Delete a rule"): + remote_frostfs_cli_first_node.control.remove_rule( + endpoint=self.cluster.storage_nodes[0].get_control_endpoint(), + target_type="container", + target_name=f"{cid}", + chain_id="denyRangeObject", + ) + + with reporter.step("Check get range object in container on the first node"): + with expect_not_raises(): + get_range(default_user.wallet, cid, oid, "0:10", self.shell, self.cluster.storage_nodes[0].get_rpc_endpoint()) + + @allure.title("LocalOverride: Deny to HashObject in root tenant") + def test_local_override_deny_to_hash_object_root( + self, + default_user: User, + remote_frostfs_cli_first_node: FrostfsCli, + frostfs_cli: FrostfsCli, + simple_object_size: ObjectSize, + ): + + test_file = generate_file(simple_object_size.value) + + with reporter.step("Create a container on the first node"): + cid = ( + frostfs_cli.container.create( + rpc_endpoint=self.cluster.storage_nodes[0].get_rpc_endpoint(), + policy="REP 2", + name="dcl1", + await_mode=True, + basic_acl="public-read-write", + ) + .stdout.split(" ")[1] + .strip() + .split("\n")[0] + ) + + with reporter.step("Create a container rule for the first node"): + remote_frostfs_cli_first_node.control.add_rule( + endpoint=self.cluster.storage_nodes[0].get_control_endpoint(), + target_type="container", + target_name=f"{cid}", + chain_id="denyHashObject", + rule=f"deny Object.Hash /{cid}/*", + ) + + with reporter.step("Put object in container on the first node"): + oid = put_object(default_user.wallet, test_file, cid, self.shell, self.cluster.storage_nodes[0].get_rpc_endpoint()) + + with reporter.step("[NEGATIVE] Check get range hash object from container on the first node"): + with pytest.raises(RuntimeError, match=RULE_ACCESS_DENIED_OBJECT.format(operation=Operations.HASH_OBJECT.value)): + get_range_hash(default_user.wallet, cid, oid, "0:10", self.shell, self.cluster.storage_nodes[0].get_rpc_endpoint()) + + with reporter.step("Check get range hash object from container on the second node"): + with expect_not_raises(): + get_range_hash(default_user.wallet, cid, oid, "0:10", self.shell, self.cluster.storage_nodes[1].get_rpc_endpoint()) + + with reporter.step("Delete a rule"): + remote_frostfs_cli_first_node.control.remove_rule( + endpoint=self.cluster.storage_nodes[0].get_control_endpoint(), + target_type="container", + target_name=f"{cid}", + chain_id="denyHashObject", + ) + + with reporter.step("Check get range hash object in container on the first node"): + with expect_not_raises(): + get_range_hash(default_user.wallet, cid, oid, "0:10", self.shell, self.cluster.storage_nodes[0].get_rpc_endpoint()) + + @allure.title("LocalOverride: Deny to DeleteObject in root tenant") + def test_local_override_deny_to_delete_object_root( + self, + default_user: User, + remote_frostfs_cli_first_node: FrostfsCli, + frostfs_cli: FrostfsCli, + simple_object_size: ObjectSize, + ): + + test_file = generate_file(simple_object_size.value) + + with reporter.step("Create a container on the first node"): + cid = ( + frostfs_cli.container.create( + rpc_endpoint=self.cluster.storage_nodes[0].get_rpc_endpoint(), + policy="REP 2", + name="dcl1", + await_mode=True, + basic_acl="public-read-write", + ) + .stdout.split(" ")[1] + .strip() + .split("\n")[0] + ) + + with reporter.step("Create a container rule for the first node"): + remote_frostfs_cli_first_node.control.add_rule( + endpoint=self.cluster.storage_nodes[0].get_control_endpoint(), + target_type="container", + target_name=f"{cid}", + chain_id="denyDeleteObject", + rule=f"deny Object.Delete /{cid}/*", + ) + + with reporter.step("Put objects in container on the first node"): + oid_1 = put_object(default_user.wallet, test_file, cid, self.shell, self.cluster.storage_nodes[0].get_rpc_endpoint()) + + oid_2 = put_object(default_user.wallet, test_file, cid, self.shell, self.cluster.storage_nodes[0].get_rpc_endpoint()) + + with reporter.step("Search object in container on the first node"): + search_object_in_container_1 = search_object( + default_user.wallet, cid, self.shell, self.cluster.storage_nodes[0].get_rpc_endpoint() + ) + assert oid_1 in search_object_in_container_1, f"Object {oid_1} was not found" + assert oid_2 in search_object_in_container_1, f"Object {oid_2} was not found" + + with reporter.step("Search object from container on the second node"): + search_object_in_container_2 = search_object( + default_user.wallet, cid, self.shell, self.cluster.storage_nodes[1].get_rpc_endpoint() + ) + assert oid_1 in search_object_in_container_2, f"Object {oid_1} was not found" + assert oid_2 in search_object_in_container_2, f"Object {oid_2} was not found" + + with reporter.step("[NEGATIVE] Check delete object from container on the first node"): + with pytest.raises(RuntimeError, match=RULE_ACCESS_DENIED_OBJECT.format(operation=Operations.DELETE_OBJECT.value)): + delete_object(default_user.wallet, cid, oid_1, self.shell, self.cluster.storage_nodes[0].get_rpc_endpoint()) + + with reporter.step("Check delete object from container on the second node"): + with expect_not_raises(): + delete_object(default_user.wallet, cid, oid_2, self.shell, self.cluster.storage_nodes[1].get_rpc_endpoint()) + + with reporter.step("Delete a rule"): + remote_frostfs_cli_first_node.control.remove_rule( + endpoint=self.cluster.storage_nodes[0].get_control_endpoint(), + target_type="container", + target_name=f"{cid}", + chain_id="denyDeleteObject", + ) + + with reporter.step("Check delete object in container on the first node"): + with expect_not_raises(): + delete_object(default_user.wallet, cid, oid_1, self.shell, self.cluster.storage_nodes[0].get_rpc_endpoint())