diff --git a/pytest_tests/helpers/object_access.py b/pytest_tests/helpers/object_access.py index f49c385a..9fc873bc 100644 --- a/pytest_tests/helpers/object_access.py +++ b/pytest_tests/helpers/object_access.py @@ -2,7 +2,7 @@ from typing import Optional from frostfs_testlib import reporter from frostfs_testlib.resources.cli import CLI_DEFAULT_TIMEOUT -from frostfs_testlib.resources.error_patterns import OBJECT_ACCESS_DENIED, OBJECT_NOT_FOUND +from frostfs_testlib.resources.error_patterns import OBJECT_ACCESS_DENIED from frostfs_testlib.shell import Shell from frostfs_testlib.steps.cli.object import ( delete_object, @@ -20,10 +20,6 @@ from frostfs_testlib.utils.file_utils import get_file_hash OPERATION_ERROR_TYPE = RuntimeError -# TODO: Revert to just OBJECT_ACCESS_DENIED when the issue is fixed -# https://git.frostfs.info/TrueCloudLab/frostfs-node/issues/1297 -OBJECT_NO_ACCESS = rf"(?:{OBJECT_NOT_FOUND}|{OBJECT_ACCESS_DENIED})" - def can_get_object( wallet: WalletInfo, @@ -47,7 +43,7 @@ def can_get_object( cluster=cluster, ) except OPERATION_ERROR_TYPE as err: - assert string_utils.is_str_match_pattern(err, OBJECT_NO_ACCESS), f"Expected {err} to match {OBJECT_NO_ACCESS}" + assert string_utils.is_str_match_pattern(err, OBJECT_ACCESS_DENIED), f"Expected {err} to match {OBJECT_ACCESS_DENIED}" return False assert get_file_hash(file_name) == get_file_hash(got_file_path) return True @@ -102,7 +98,7 @@ def can_delete_object( endpoint=endpoint, ) except OPERATION_ERROR_TYPE as err: - assert string_utils.is_str_match_pattern(err, OBJECT_NO_ACCESS), f"Expected {err} to match {OBJECT_NO_ACCESS}" + assert string_utils.is_str_match_pattern(err, OBJECT_ACCESS_DENIED), f"Expected {err} to match {OBJECT_ACCESS_DENIED}" return False return True @@ -130,7 +126,7 @@ def can_get_head_object( timeout=timeout, ) except OPERATION_ERROR_TYPE as err: - assert string_utils.is_str_match_pattern(err, OBJECT_NO_ACCESS), f"Expected {err} to match {OBJECT_NO_ACCESS}" + assert string_utils.is_str_match_pattern(err, OBJECT_ACCESS_DENIED), f"Expected {err} to match {OBJECT_ACCESS_DENIED}" return False return True @@ -159,7 +155,7 @@ def can_get_range_of_object( timeout=timeout, ) except OPERATION_ERROR_TYPE as err: - assert string_utils.is_str_match_pattern(err, OBJECT_NO_ACCESS), f"Expected {err} to match {OBJECT_NO_ACCESS}" + assert string_utils.is_str_match_pattern(err, OBJECT_ACCESS_DENIED), f"Expected {err} to match {OBJECT_ACCESS_DENIED}" return False return True @@ -188,7 +184,7 @@ def can_get_range_hash_of_object( timeout=timeout, ) except OPERATION_ERROR_TYPE as err: - assert string_utils.is_str_match_pattern(err, OBJECT_NO_ACCESS), f"Expected {err} to match {OBJECT_NO_ACCESS}" + assert string_utils.is_str_match_pattern(err, OBJECT_ACCESS_DENIED), f"Expected {err} to match {OBJECT_ACCESS_DENIED}" return False return True @@ -215,7 +211,7 @@ def can_search_object( timeout=timeout, ) except OPERATION_ERROR_TYPE as err: - assert string_utils.is_str_match_pattern(err, OBJECT_NO_ACCESS), f"Expected {err} to match {OBJECT_NO_ACCESS}" + assert string_utils.is_str_match_pattern(err, OBJECT_ACCESS_DENIED), f"Expected {err} to match {OBJECT_ACCESS_DENIED}" return False if oid: return oid in oids diff --git a/pytest_tests/testsuites/access/ape/test_ape_filters.py b/pytest_tests/testsuites/access/ape/test_ape_filters.py index faedcf44..2a0d5422 100644 --- a/pytest_tests/testsuites/access/ape/test_ape_filters.py +++ b/pytest_tests/testsuites/access/ape/test_ape_filters.py @@ -18,7 +18,7 @@ from pytest_tests.helpers.container_access import ( assert_full_access_to_container, assert_no_access_to_container, ) -from pytest_tests.helpers.object_access import OBJECT_NO_ACCESS +from pytest_tests.helpers.object_access import OBJECT_ACCESS_DENIED from ....helpers.container_spec import ContainerSpec @@ -216,10 +216,10 @@ class TestApeFilters(ClusterTestBase): ) with reporter.step("Check others have no access to objects with deny attribute"): - with pytest.raises(Exception, match=OBJECT_NO_ACCESS): + with pytest.raises(Exception, match=OBJECT_ACCESS_DENIED): head_object(other_wallet, container, deny_objects[0], self.shell, rpc_endpoint, xhdr=xhdr) - with pytest.raises(Exception, match=OBJECT_NO_ACCESS): + with pytest.raises(Exception, match=OBJECT_ACCESS_DENIED): get_object_from_random_node(other_wallet, container, deny_objects[0], self.shell, self.cluster, xhdr=xhdr) with reporter.step("Check others have access to objects with deny attribute and using bearer token"): @@ -261,7 +261,7 @@ class TestApeFilters(ClusterTestBase): deny_objects = objects_with_other_attributes allow_attribute = self.HEADER deny_attribute = self.OTHER_HEADER - no_attributes_match_context = pytest.raises(Exception, match=OBJECT_NO_ACCESS) + no_attributes_match_context = pytest.raises(Exception, match=OBJECT_ACCESS_DENIED) else: allow_objects = objects_with_other_attributes deny_objects = objects_with_attributes @@ -321,13 +321,13 @@ class TestApeFilters(ClusterTestBase): with reporter.step("Check others cannot get and put objects without attributes matching the filter"): oid = deny_objects[0] - with pytest.raises(Exception, match=OBJECT_NO_ACCESS): + with pytest.raises(Exception, match=OBJECT_ACCESS_DENIED): head_object(other_wallet, container, oid, self.shell, rpc_endpoint) - with pytest.raises(Exception, match=OBJECT_NO_ACCESS): + with pytest.raises(Exception, match=OBJECT_ACCESS_DENIED): assert get_object_from_random_node(other_wallet, container, oid, self.shell, self.cluster) - with pytest.raises(Exception, match=OBJECT_NO_ACCESS): + with pytest.raises(Exception, match=OBJECT_ACCESS_DENIED): assert put_object_to_random_node(other_wallet, file_path, container, self.shell, self.cluster, attributes=deny_attribute) with reporter.step("Check others can get and put objects without attributes matching the filter with bearer token"): @@ -366,7 +366,7 @@ class TestApeFilters(ClusterTestBase): put_object_to_random_node(other_wallet, file_path, container, self.shell, self.cluster, bearer) with reporter.step("Others should not be able to get object matching the filter"): - with pytest.raises(Exception, match=OBJECT_NO_ACCESS): + with pytest.raises(Exception, match=OBJECT_ACCESS_DENIED): get_object_from_random_node(other_wallet, container, oid, self.shell, self.cluster, bearer) @allure.title("PUT and GET object using bearer with objectID in filter (obj_size={object_size}, match_type=EQUAL)") @@ -390,7 +390,7 @@ class TestApeFilters(ClusterTestBase): bearer = create_bearer_token(frostfs_cli, temp_directory, container, rule, self.cluster.default_rpc_endpoint) with reporter.step("Others should not be able to put object using bearer token"): - with pytest.raises(Exception, match=OBJECT_NO_ACCESS): + with pytest.raises(Exception, match=OBJECT_ACCESS_DENIED): put_object_to_random_node(other_wallet, file_path, container, self.shell, self.cluster, bearer) with reporter.step("Others should be able to get object matching the filter"):