ape: Fix EC chunk test #1478

Merged
dstepanov-yadro merged 1 commit from dstepanov-yadro/frostfs-node:fix/ec_chunk_ape_test into master 2024-11-07 14:18:55 +00:00

View file

@ -652,7 +652,7 @@ func (s *testContainerSource) DeletionInfo(cid.ID) (*container.DelInfo, error) {
return nil, nil
}
func TestPutECChunk(t *testing.T) {
func TestGetECChunk(t *testing.T) {
headerProvider := newHeaderProviderMock()
frostfsidProvider := newFrostfsIDProviderMock(t)
@ -666,11 +666,10 @@ func TestPutECChunk(t *testing.T) {
Rules: []chain.Rule{
{
Status: chain.AccessDenied,
Actions: chain.Actions{Names: methodsOptionalOID},
Actions: chain.Actions{Names: methodsRequiredOID},
Resources: chain.Resources{
Names: []string{fmt.Sprintf(nativeschema.ResourceFormatRootContainerObjects, containerID)},
},
Any: true,
Condition: []chain.Condition{
{
Op: chain.CondStringEquals,
@ -680,17 +679,27 @@ func TestPutECChunk(t *testing.T) {
},
},
},
{
Status: chain.Allow,
Actions: chain.Actions{Names: methodsRequiredOID},
Resources: chain.Resources{
Names: []string{fmt.Sprintf(nativeschema.ResourceFormatRootContainerObjects, containerID)},
},
},
},
MatchType: chain.MatchTypeFirstMatch,
})
node1Key, err := keys.NewPrivateKey()
require.NoError(t, err)
node1 := netmapSDK.NodeInfo{}
node1.SetPublicKey(node1Key.PublicKey().Bytes())
node2Key, err := keys.NewPrivateKey()
require.NoError(t, err)
node2 := netmapSDK.NodeInfo{}
node2.SetPublicKey(node1Key.PublicKey().Bytes())
netmap := &netmapSDK.NetMap{}
netmap.SetEpoch(100)
netmap.SetNodes([]netmapSDK.NodeInfo{node1})
netmap.SetNodes([]netmapSDK.NodeInfo{node1, node2})
nm := &netmapStub{
currentEpoch: 100,
@ -703,7 +712,7 @@ func TestPutECChunk(t *testing.T) {
cont := containerSDK.Container{}
cont.Init()
pp := netmapSDK.PlacementPolicy{}
require.NoError(t, pp.DecodeString("REP 1"))
require.NoError(t, pp.DecodeString("EC 1.1"))
cont.SetPlacementPolicy(pp)
cs := &testContainerSource{
containers: map[cid.ID]*container.Container{
@ -719,7 +728,7 @@ func TestPutECChunk(t *testing.T) {
chunkHeader := newHeaderObjectSDK(cnr, obj, nil).ToV2().GetHeader()
ecHeader := object.ECHeader{
Index: 1,
Total: 5,
Total: 2,
Parent: &refs.ObjectID{},
}
chunkHeader.SetEC(&ecHeader)
@ -738,32 +747,33 @@ func TestPutECChunk(t *testing.T) {
})
headerProvider.addHeader(cnr, ecParentID, parentHeader)
t.Run("access denied for container node", func(t *testing.T) {
// container node requests EC parent headers, so container node denies access by matching attribute key/value
t.Run("access denied on container node", func(t *testing.T) {
prm := Prm{
Method: nativeschema.MethodPutObject,
Method: nativeschema.MethodGetObject,
Container: cnr,
Object: obj,
Role: role,
SenderKey: senderKey,
SenderKey: hex.EncodeToString(node2Key.PublicKey().Bytes()),
Header: chunkHeader,
SoftAPECheck: true,
}
err = checker.CheckAPE(context.Background(), prm)
require.Error(t, err)
})
t.Run("access allowed for non container node", func(t *testing.T) {
// non container node has no access rights to collect EC parent header, so it uses EC chunk headers
t.Run("access allowed on non container node", func(t *testing.T) {
otherKey, err := keys.NewPrivateKey()
require.NoError(t, err)
checker = NewChecker(ls, ms, headerProvider, frostfsidProvider, nm, &stMock{}, cs, otherKey.PublicKey().Bytes())
prm := Prm{
Method: nativeschema.MethodPutObject,
Method: nativeschema.MethodGetObject,
Container: cnr,
Object: obj,
Role: nativeschema.PropertyValueContainerRoleOthers,
SenderKey: senderKey,
Header: chunkHeader,
SoftAPECheck: true,
}
err = checker.CheckAPE(context.Background(), prm)