diff --git a/robot/resources/files/eacl_tables/gen_eacl_allow_pubkey_deny_OTHERS b/robot/resources/files/eacl_tables/gen_eacl_allow_pubkey_deny_OTHERS deleted file mode 100644 index 5d78dacd..00000000 --- a/robot/resources/files/eacl_tables/gen_eacl_allow_pubkey_deny_OTHERS +++ /dev/null @@ -1,158 +0,0 @@ -{ - "records": [ - { - "operation": "GET", - "action": "ALLOW", - "filters": [], - "targets": [ - { - "keys": [ - "A9tDy6Ye+UimXCCzJrlAmRE0FDZHjf3XRyya9rELtgAA" - ] - } - ] - }, - { - "operation": "HEAD", - "action": "ALLOW", - "filters": [], - "targets": [ - { - "keys": [ - "A9tDy6Ye+UimXCCzJrlAmRE0FDZHjf3XRyya9rELtgAA" - ] - } - ] - }, - { - "operation": "PUT", - "action": "ALLOW", - "filters": [], - "targets": [ - { - "keys": [ - "A9tDy6Ye+UimXCCzJrlAmRE0FDZHjf3XRyya9rELtgAA" - ] - } - ] - }, - { - "operation": "DELETE", - "action": "ALLOW", - "filters": [], - "targets": [ - { - "keys": [ - "A9tDy6Ye+UimXCCzJrlAmRE0FDZHjf3XRyya9rELtgAA" - ] - } - ] - }, - { - "operation": "SEARCH", - "action": "ALLOW", - "filters": [], - "targets": [ - { - "keys": [ - "A9tDy6Ye+UimXCCzJrlAmRE0FDZHjf3XRyya9rELtgAA" - ] - } - ] - }, - { - "operation": "GETRANGE", - "action": "ALLOW", - "filters": [], - "targets": [ - { - "keys": [ - "A9tDy6Ye+UimXCCzJrlAmRE0FDZHjf3XRyya9rELtgAA" - ] - } - ] - }, - { - "operation": "GETRANGEHASH", - "action": "ALLOW", - "filters": [], - "targets": [ - { - "keys": [ - "A9tDy6Ye+UimXCCzJrlAmRE0FDZHjf3XRyya9rELtgAA" - ] - } - ] - }, - { - "operation": "GET", - "action": "DENY", - "filters": [], - "targets": [ - { - "role": "OTHERS" - } - ] - }, - { - "operation": "HEAD", - "action": "DENY", - "filters": [], - "targets": [ - { - "role": "OTHERS" - } - ] - }, - { - "operation": "PUT", - "action": "DENY", - "filters": [], - "targets": [ - { - "role": "OTHERS" - } - ] - }, - { - "operation": "DELETE", - "action": "DENY", - "filters": [], - "targets": [ - { - "role": "OTHERS" - } - ] - }, - { - "operation": "SEARCH", - "action": "DENY", - "filters": [], - "targets": [ - { - "role": "OTHERS" - } - ] - }, - { - "operation": "GETRANGE", - "action": "DENY", - "filters": [], - "targets": [ - { - "role": "OTHERS" - } - ] - }, - { - "operation": "GETRANGEHASH", - "action": "DENY", - "filters": [], - "targets": [ - { - "role": "OTHERS" - } - ] - } - ] -} \ No newline at end of file diff --git a/robot/resources/lib/python_keywords/acl.py b/robot/resources/lib/python_keywords/acl.py index db32e133..f5b62cd8 100644 --- a/robot/resources/lib/python_keywords/acl.py +++ b/robot/resources/lib/python_keywords/acl.py @@ -10,6 +10,7 @@ from enum import Enum, auto import base58 from cli_helpers import _cmd_run from common import ASSETS_DIR, NEOFS_ENDPOINT, WALLET_CONFIG +from neo3 import wallet from robot.api import logger from robot.api.deco import keyword @@ -36,9 +37,9 @@ class Role(AutoName): @keyword('Get eACL') -def get_eacl(wallet: str, cid: str): +def get_eacl(wallet_path: str, cid: str): cmd = ( - f'{NEOFS_CLI_EXEC} --rpc-endpoint {NEOFS_ENDPOINT} --wallet {wallet} ' + f'{NEOFS_CLI_EXEC} --rpc-endpoint {NEOFS_ENDPOINT} --wallet {wallet_path} ' f'container get-eacl --cid {cid} --config {WALLET_CONFIG}' ) try: @@ -53,9 +54,9 @@ def get_eacl(wallet: str, cid: str): @keyword('Set eACL') -def set_eacl(wallet: str, cid: str, eacl_table_path: str): +def set_eacl(wallet_path: str, cid: str, eacl_table_path: str): cmd = ( - f'{NEOFS_CLI_EXEC} --rpc-endpoint {NEOFS_ENDPOINT} --wallet {wallet} ' + f'{NEOFS_CLI_EXEC} --rpc-endpoint {NEOFS_ENDPOINT} --wallet {wallet_path} ' f'container set-eacl --cid {cid} --table {eacl_table_path} --config {WALLET_CONFIG} --await' ) _cmd_run(cmd) @@ -159,10 +160,37 @@ def form_bearertoken_file(wif: str, cid: str, eacl_records: list) -> str: sign_bearer_token(wif, file_path) return file_path +@keyword('EACL Rules') +def eacl_rules(access: str, verbs: list, user: str): + """ + This function creates a list of eACL rules. + Args: + access (str): identifies if the following operation(s) + is allowed or denied + verbs (list): a list of operations to set rules for + user (str): a group of users (user/others) or a wallet of + a certain user for whom rules are set + Returns: + (list): a list of eACL rules + """ + if user not in ('others', 'user'): + wallet_content = '' + with open(user) as out: + wallet_content = json.load(out) + wallet_from_json = wallet.Wallet.from_json(wallet_content, password="") + pub_key_64 = str(wallet_from_json.accounts[0].public_key) + user = f"pubkey:{pub_key_64}" -def sign_bearer_token(wallet: str, eacl_rules_file: str): + rules = [] + for verb in verbs: + elements = [access, verb, user] + rules.append(' '.join(elements)) + return rules + + +def sign_bearer_token(wallet_path: str, eacl_rules_file: str): cmd = ( f'{NEOFS_CLI_EXEC} util sign bearer-token --from {eacl_rules_file} ' - f'--to {eacl_rules_file} --wallet {wallet} --config {WALLET_CONFIG} --json' + f'--to {eacl_rules_file} --wallet {wallet_path} --config {WALLET_CONFIG} --json' ) _cmd_run(cmd) diff --git a/robot/resources/lib/python_keywords/utility_keywords.py b/robot/resources/lib/python_keywords/utility_keywords.py index bd85691f..86742baf 100644 --- a/robot/resources/lib/python_keywords/utility_keywords.py +++ b/robot/resources/lib/python_keywords/utility_keywords.py @@ -9,12 +9,11 @@ import uuid import docker import wallet from common import ASSETS_DIR, SIMPLE_OBJ_SIZE +from cli_helpers import _cmd_run from robot.api import logger from robot.api.deco import keyword from robot.libraries.BuiltIn import BuiltIn -from cli_helpers import _cmd_run - ROBOT_AUTO_KEYWORDS = False @@ -71,13 +70,6 @@ def generate_wallet(): return wallet.init_wallet(ASSETS_DIR) -# TODO: should be deleted in the scope -# of https://github.com/nspcc-dev/neofs-testcases/issues/191 -@keyword('Init Wallet from WIF') -def init_wallet_from_wif(dir_path: str, wif: str): - return wallet.init_wallet_from_wif(dir_path, wif) - - @keyword('Get Docker Logs') def get_container_logs(testcase_name: str) -> None: client = docker.APIClient(base_url='unix://var/run/docker.sock') diff --git a/robot/resources/lib/robot/payment_operations.robot b/robot/resources/lib/robot/payment_operations.robot index affe0f99..39a88144 100644 --- a/robot/resources/lib/robot/payment_operations.robot +++ b/robot/resources/lib/robot/payment_operations.robot @@ -20,15 +20,3 @@ Prepare Wallet And Deposit Sleep ${MORPH_BLOCK_TIME} [Return] ${WALLET} ${ADDR} ${WIF} - -# TODO: should be deleted in the scope of https://github.com/nspcc-dev/neofs-testcases/issues/191 -Prepare Wallet with WIF And Deposit - [Arguments] ${WIF} ${DEPOSIT}=${30} - - ${WALLET} - ... ${ADDR} = Init Wallet from WIF ${ASSETS_DIR} ${WIF} - Transfer Mainnet Gas ${WALLET} ${DEPOSIT+1} - NeoFS Deposit ${WALLET} ${DEPOSIT} - Sleep ${MORPH_BLOCK_TIME} - - [Return] ${WALLET} ${ADDR} diff --git a/robot/testsuites/integration/acl/acl_extended_actions_pubkey.robot b/robot/testsuites/integration/acl/acl_extended_actions_pubkey.robot index 7f75cba7..eba44e8b 100644 --- a/robot/testsuites/integration/acl/acl_extended_actions_pubkey.robot +++ b/robot/testsuites/integration/acl/acl_extended_actions_pubkey.robot @@ -5,6 +5,7 @@ Library acl.py Library container.py Library neofs_verbs.py Library utility_keywords.py +Library Collections Resource common_steps_acl_extended.robot Resource payment_operations.robot @@ -12,7 +13,6 @@ Resource setup_teardown.robot Resource eacl_tables.robot *** Variables *** -${EACL_KEY} = L1FGTLE6shum3EC7mNTPArUqSCKnmtEweRzyuawtYRZwGjpeRuw1 &{USER_HEADER} = key1=1 key2=abc &{USER_HEADER_DEL} = key1=del key2=del &{ANOTHER_HEADER} = key1=oth key2=oth @@ -48,20 +48,24 @@ Check eACL Deny All Other and Allow All Pubkey ${CID} = Create Container ${USER_WALLET} basic_acl=eacl-public-read-write ${S_OID_USER} = Put object ${USER_WALLET} ${FILE_S} ${CID} user_headers=${USER_HEADER} ${D_OID_USER} = Put object ${USER_WALLET} ${FILE_S} ${CID} user_headers=${USER_HEADER_DEL} - @{S_OBJ_H} = Create List ${S_OID_USER} + @{S_OBJ_H} = Create List ${S_OID_USER} - # TODO: should be deleted in the scope of https://github.com/nspcc-dev/neofs-testcases/issues/191 - ${WALLET_EACL} ${_} = Prepare Wallet with WIF And Deposit ${EACL_KEY} + ${WALLET_ALLOW} ${_} ${_} = Prepare Wallet And Deposit - Put object ${WALLET_EACL} ${FILE_S} ${CID} user_headers=${ANOTHER_HEADER} - Get object ${WALLET_EACL} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl - Search object ${WALLET_EACL} ${CID} ${EMPTY} ${EMPTY} ${USER_HEADER} ${S_OBJ_H} - Head object ${WALLET_EACL} ${CID} ${S_OID_USER} - Get Range ${WALLET_EACL} ${CID} ${S_OID_USER} s_get_range ${EMPTY} 0:256 - Get Range Hash ${WALLET_EACL} ${CID} ${S_OID_USER} ${EMPTY} 0:256 - Delete object ${WALLET_EACL} ${CID} ${D_OID_USER} + Put object ${WALLET_ALLOW} ${FILE_S} ${CID} user_headers=${ANOTHER_HEADER} + Get object ${WALLET_ALLOW} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl + Search object ${WALLET_ALLOW} ${CID} ${EMPTY} ${EMPTY} ${USER_HEADER} ${S_OBJ_H} + Head object ${WALLET_ALLOW} ${CID} ${S_OID_USER} + Get Range ${WALLET_ALLOW} ${CID} ${S_OID_USER} s_get_range ${EMPTY} 0:256 + Get Range Hash ${WALLET_ALLOW} ${CID} ${S_OID_USER} ${EMPTY} 0:256 + Delete object ${WALLET_ALLOW} ${CID} ${D_OID_USER} - Set eACL ${USER_WALLET} ${CID} ${EACL_ALLOW_ALL_Pubkey} + @{VERBS} = Create List get head put delete search getrange getrangehash + ${RULES_OTH} = EACL Rules deny ${VERBS} others + ${RULES_PUB} = EACL Rules allow ${VERBS} ${WALLET_ALLOW} + ${eACL_gen} = Combine Lists ${RULES_PUB} ${RULES_OTH} + ${EACL_TABLE} = Create eACL ${CID} ${eACL_gen} + Set EACL ${USER_WALLET} ${CID} ${EACL_TABLE} # The current ACL cache lifetime is 30 sec Sleep ${NEOFS_CONTRACT_CACHE_TIMEOUT} @@ -83,10 +87,10 @@ Check eACL Deny All Other and Allow All Pubkey Run Keyword And Expect Error * ... Delete object ${WALLET_OTH} ${CID} ${S_OID_USER} - Put object ${WALLET_EACL} ${FILE_S} ${CID} user_headers=${ANOTHER_HEADER} - Get object ${WALLET_EACL} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl - Search object ${WALLET_EACL} ${CID} ${EMPTY} ${EMPTY} ${USER_HEADER} ${S_OBJ_H} - Head object ${WALLET_EACL} ${CID} ${S_OID_USER} - Get Range ${WALLET_EACL} ${CID} ${S_OID_USER} s_get_range ${EMPTY} 0:256 - Get Range Hash ${WALLET_EACL} ${CID} ${S_OID_USER} ${EMPTY} 0:256 - Delete object ${WALLET_EACL} ${CID} ${S_OID_USER} + Put object ${WALLET_ALLOW} ${FILE_S} ${CID} user_headers=${ANOTHER_HEADER} + Get object ${WALLET_ALLOW} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl + Search object ${WALLET_ALLOW} ${CID} ${EMPTY} ${EMPTY} ${USER_HEADER} ${S_OBJ_H} + Head object ${WALLET_ALLOW} ${CID} ${S_OID_USER} + Get Range ${WALLET_ALLOW} ${CID} ${S_OID_USER} s_get_range ${EMPTY} 0:256 + Get Range Hash ${WALLET_ALLOW} ${CID} ${S_OID_USER} ${EMPTY} 0:256 + Delete object ${WALLET_ALLOW} ${CID} ${S_OID_USER}