frostfs-testcases/pytest_tests/testsuites/services/s3_gate/test_s3_ACL.py

import allure
import pytest
from frostfs_testlib import reporter
from frostfs_testlib.resources.error_patterns import S3_BUCKET_DOES_NOT_ALLOW_ACL
from frostfs_testlib.resources.s3_acl_grants import PRIVATE_GRANTS, PUBLIC_READ_GRANTS, PUBLIC_READ_WRITE_GRANTS
from frostfs_testlib.s3 import S3ClientWrapper
from frostfs_testlib.steps.s3 import s3_helper
from frostfs_testlib.storage.dataclasses.object_size import ObjectSize
from frostfs_testlib.utils.file_utils import generate_file


@pytest.mark.acl
@pytest.mark.s3_gate
class TestS3GateACL:
    @allure.title("Object ACL (s3_client={s3_client})")
    def test_s3_object_ACL(self, s3_client: S3ClientWrapper, bucket: str, simple_object_size: ObjectSize):
        file_path = generate_file(simple_object_size.value)
        file_name = s3_helper.object_key_from_file_path(file_path)

        with reporter.step("Put object into bucket"):
            s3_client.put_object(bucket, file_path)

        with reporter.step("Verify private ACL is default"):
            object_grants = s3_client.get_object_acl(bucket, file_name)
            s3_helper.verify_acl_permissions(object_grants, PRIVATE_GRANTS)

        with reporter.step("Verify put object ACL is restricted"):
            with pytest.raises(Exception, match=S3_BUCKET_DOES_NOT_ALLOW_ACL):
                object_grants = s3_client.put_object_acl(bucket, file_name, acl="public-read")

    @allure.title("Create Bucket with different ACL (s3_client={s3_client})")
    def test_s3_create_bucket_with_ACL(self, s3_client: S3ClientWrapper):
        with reporter.step("Create bucket with ACL private"):
            bucket = s3_client.create_bucket(object_lock_enabled_for_bucket=True, acl="private")
            bucket_grants = s3_client.get_bucket_acl(bucket)
            s3_helper.verify_acl_permissions(bucket_grants, PRIVATE_GRANTS)

        with reporter.step("Create bucket with ACL public-read"):
            read_bucket = s3_client.create_bucket(object_lock_enabled_for_bucket=True, acl="public-read")
            bucket_grants = s3_client.get_bucket_acl(read_bucket)
            s3_helper.verify_acl_permissions(bucket_grants, PUBLIC_READ_GRANTS)

        with reporter.step("Create bucket with ACL public-read-write"):
            public_rw_bucket = s3_client.create_bucket(object_lock_enabled_for_bucket=True, acl="public-read-write")
            bucket_grants = s3_client.get_bucket_acl(public_rw_bucket)
            s3_helper.verify_acl_permissions(bucket_grants, PUBLIC_READ_WRITE_GRANTS)

    @allure.title("Bucket ACL (s3_client={s3_client})")
    def test_s3_bucket_ACL(self, s3_client: S3ClientWrapper):
        with reporter.step("Create bucket with public-read-write ACL"):
            bucket = s3_client.create_bucket(object_lock_enabled_for_bucket=True, acl="public-read-write")
            bucket_grants = s3_client.get_bucket_acl(bucket)
            s3_helper.verify_acl_permissions(bucket_grants, PUBLIC_READ_WRITE_GRANTS)

        with reporter.step("Change bucket ACL to private"):
            s3_client.put_bucket_acl(bucket, acl="private")
            bucket_grants = s3_client.get_bucket_acl(bucket)
            s3_helper.verify_acl_permissions(bucket_grants, PRIVATE_GRANTS)

        with reporter.step("Change bucket ACL to public-read"):
            s3_client.put_bucket_acl(bucket, acl="public-read")
            bucket_grants = s3_client.get_bucket_acl(bucket)
            s3_helper.verify_acl_permissions(bucket_grants, PUBLIC_READ_GRANTS)
[#312] add new ACL test to s3 Signed-off-by: Yulia Kovshova <y.kovshova@yadro.com> 2022-09-23 11:09:41 +00:00			`import allure`
			`import pytest`
[#161] Improve logging Signed-off-by: Andrey Berezin <a.berezin@yadro.com> 2023-11-29 13:34:59 +00:00			`from frostfs_testlib import reporter`
[#246] Fix ACL and Policy tests Signed-off-by: a.berezin <a.berezin@yadro.com> 2024-06-05 10:07:07 +00:00			`from frostfs_testlib.resources.error_patterns import S3_BUCKET_DOES_NOT_ALLOW_ACL`
			`from frostfs_testlib.resources.s3_acl_grants import PRIVATE_GRANTS, PUBLIC_READ_GRANTS, PUBLIC_READ_WRITE_GRANTS`
[#258] Speed up tests by removing cleanup and per test healthcheck Signed-off-by: a.berezin <a.berezin@yadro.com> 2024-06-24 23:27:54 +00:00			`from frostfs_testlib.s3 import S3ClientWrapper`
Move shared code to testlib Signed-off-by: Andrey Berezin <a.berezin@yadro.com> 2023-05-15 09:59:33 +00:00			`from frostfs_testlib.steps.s3 import s3_helper`
Changes for object size usage Signed-off-by: Andrey Berezin <a.berezin@yadro.com> 2023-08-02 11:54:03 +00:00			`from frostfs_testlib.storage.dataclasses.object_size import ObjectSize`
Move shared code to testlib Signed-off-by: Andrey Berezin <a.berezin@yadro.com> 2023-05-15 09:59:33 +00:00			`from frostfs_testlib.utils.file_utils import generate_file`
[#312] add new ACL test to s3 Signed-off-by: Yulia Kovshova <y.kovshova@yadro.com> 2022-09-23 11:09:41 +00:00

Add new testmarks Signed-off-by: Vladimir Avdeev <v.avdeev@yadro.com> 2022-11-10 05:27:52 +00:00			`@pytest.mark.acl`
[#312] add new ACL test to s3 Signed-off-by: Yulia Kovshova <y.kovshova@yadro.com> 2022-09-23 11:09:41 +00:00			`@pytest.mark.s3_gate`
Move shared code to testlib Signed-off-by: Andrey Berezin <a.berezin@yadro.com> 2023-05-15 09:59:33 +00:00			`class TestS3GateACL:`
Update test titles to conform standard 2023-09-08 10:35:34 +00:00			`@allure.title("Object ACL (s3_client={s3_client})")`
Skip teardown if sanity in markexpr 2023-11-01 16:20:15 +00:00			`def test_s3_object_ACL(self, s3_client: S3ClientWrapper, bucket: str, simple_object_size: ObjectSize):`
Changes for object size usage Signed-off-by: Andrey Berezin <a.berezin@yadro.com> 2023-08-02 11:54:03 +00:00			`file_path = generate_file(simple_object_size.value)`
Move shared code to testlib Signed-off-by: Andrey Berezin <a.berezin@yadro.com> 2023-05-15 09:59:33 +00:00			`file_name = s3_helper.object_key_from_file_path(file_path)`
[#312] add new ACL test to s3 Signed-off-by: Yulia Kovshova <y.kovshova@yadro.com> 2022-09-23 11:09:41 +00:00
[#246] Fix ACL and Policy tests Signed-off-by: a.berezin <a.berezin@yadro.com> 2024-06-05 10:07:07 +00:00			`with reporter.step("Put object into bucket"):`
Move shared code to testlib Signed-off-by: Andrey Berezin <a.berezin@yadro.com> 2023-05-15 09:59:33 +00:00			`s3_client.put_object(bucket, file_path)`
[#246] Fix ACL and Policy tests Signed-off-by: a.berezin <a.berezin@yadro.com> 2024-06-05 10:07:07 +00:00
			`with reporter.step("Verify private ACL is default"):`
			`object_grants = s3_client.get_object_acl(bucket, file_name)`
			`s3_helper.verify_acl_permissions(object_grants, PRIVATE_GRANTS)`

			`with reporter.step("Verify put object ACL is restricted"):`
			`with pytest.raises(Exception, match=S3_BUCKET_DOES_NOT_ALLOW_ACL):`
			`object_grants = s3_client.put_object_acl(bucket, file_name, acl="public-read")`
[#312] add new ACL test to s3 Signed-off-by: Yulia Kovshova <y.kovshova@yadro.com> 2022-09-23 11:09:41 +00:00
[#258] Speed up tests by removing cleanup and per test healthcheck Signed-off-by: a.berezin <a.berezin@yadro.com> 2024-06-24 23:27:54 +00:00			`@allure.title("Create Bucket with different ACL (s3_client={s3_client})")`
			`def test_s3_create_bucket_with_ACL(self, s3_client: S3ClientWrapper):`
			`with reporter.step("Create bucket with ACL private"):`
			`bucket = s3_client.create_bucket(object_lock_enabled_for_bucket=True, acl="private")`
			`bucket_grants = s3_client.get_bucket_acl(bucket)`
			`s3_helper.verify_acl_permissions(bucket_grants, PRIVATE_GRANTS)`

			`with reporter.step("Create bucket with ACL public-read"):`
			`read_bucket = s3_client.create_bucket(object_lock_enabled_for_bucket=True, acl="public-read")`
			`bucket_grants = s3_client.get_bucket_acl(read_bucket)`
			`s3_helper.verify_acl_permissions(bucket_grants, PUBLIC_READ_GRANTS)`

			`with reporter.step("Create bucket with ACL public-read-write"):`
			`public_rw_bucket = s3_client.create_bucket(object_lock_enabled_for_bucket=True, acl="public-read-write")`
			`bucket_grants = s3_client.get_bucket_acl(public_rw_bucket)`
			`s3_helper.verify_acl_permissions(bucket_grants, PUBLIC_READ_WRITE_GRANTS)`

Update test titles to conform standard 2023-09-08 10:35:34 +00:00			`@allure.title("Bucket ACL (s3_client={s3_client})")`
Move shared code to testlib Signed-off-by: Andrey Berezin <a.berezin@yadro.com> 2023-05-15 09:59:33 +00:00			`def test_s3_bucket_ACL(self, s3_client: S3ClientWrapper):`
[#246] Fix ACL and Policy tests Signed-off-by: a.berezin <a.berezin@yadro.com> 2024-06-05 10:07:07 +00:00			`with reporter.step("Create bucket with public-read-write ACL"):`
Skip teardown if sanity in markexpr 2023-11-01 16:20:15 +00:00			`bucket = s3_client.create_bucket(object_lock_enabled_for_bucket=True, acl="public-read-write")`
[#246] Fix ACL and Policy tests Signed-off-by: a.berezin <a.berezin@yadro.com> 2024-06-05 10:07:07 +00:00			`bucket_grants = s3_client.get_bucket_acl(bucket)`
			`s3_helper.verify_acl_permissions(bucket_grants, PUBLIC_READ_WRITE_GRANTS)`
[#312] add new ACL test to s3 Signed-off-by: Yulia Kovshova <y.kovshova@yadro.com> 2022-09-23 11:09:41 +00:00
[#161] Improve logging Signed-off-by: Andrey Berezin <a.berezin@yadro.com> 2023-11-29 13:34:59 +00:00			`with reporter.step("Change bucket ACL to private"):`
Move shared code to testlib Signed-off-by: Andrey Berezin <a.berezin@yadro.com> 2023-05-15 09:59:33 +00:00			`s3_client.put_bucket_acl(bucket, acl="private")`
[#246] Fix ACL and Policy tests Signed-off-by: a.berezin <a.berezin@yadro.com> 2024-06-05 10:07:07 +00:00			`bucket_grants = s3_client.get_bucket_acl(bucket)`
			`s3_helper.verify_acl_permissions(bucket_grants, PRIVATE_GRANTS)`

			`with reporter.step("Change bucket ACL to public-read"):`
			`s3_client.put_bucket_acl(bucket, acl="public-read")`
			`bucket_grants = s3_client.get_bucket_acl(bucket)`
			`s3_helper.verify_acl_permissions(bucket_grants, PUBLIC_READ_GRANTS)`