[#103] Test to check eACL filter keys for objects

Signed-off-by: Elizaveta Chichindaeva <elizaveta@nspcc.ru>
This commit is contained in:
Elizaveta Chichindaeva 2021-10-12 14:11:31 +03:00
parent dcab3a5745
commit d6a73a2b23
14 changed files with 569 additions and 37 deletions

View file

@ -1,4 +1,4 @@
robotframework==3.2.1 robotframework==4.1.2
requests==2.25.1 requests==2.25.1
pexpect==4.8.0 pexpect==4.8.0
boto3==1.16.33 boto3==1.16.33

View file

@ -569,63 +569,74 @@ def decode_object_system_header_json(header):
# Header - Constant attributes # Header - Constant attributes
# ID # ID
ID = json_header["objectID"]["value"] oid = json_header["objectID"]["value"]
if ID is not None: if oid is not None:
result_header["ID"] = _json_cli_decode(ID) result_header["ID"] = _json_cli_decode(oid)
else: else:
raise Exception(f"no ID was parsed from header: \t{header}" ) raise Exception(f"no ID was parsed from header: \t{header}" )
# CID # CID
CID = json_header["header"]["containerID"]["value"] cid = json_header["header"]["containerID"]["value"]
if CID is not None: if cid is not None:
result_header["CID"] = _json_cli_decode(CID) result_header["CID"] = _json_cli_decode(cid)
else: else:
raise Exception(f"no CID was parsed from header: \t{header}") raise Exception(f"no CID was parsed from header: \t{header}")
# OwnerID # OwnerID
OwnerID = json_header["header"]["ownerID"]["value"] owner_id = json_header["header"]["ownerID"]["value"]
if OwnerID is not None: if owner_id is not None:
result_header["OwnerID"] = _json_cli_decode(OwnerID) result_header["OwnerID"] = _json_cli_decode(owner_id)
else: else:
raise Exception(f"no OwnerID was parsed from header: \t{header}") raise Exception(f"no OwnerID was parsed from header: \t{header}")
# CreatedAtEpoch # CreatedAtEpoch
CreatedAtEpoch = json_header["header"]["creationEpoch"] created_at_epoch = json_header["header"]["creationEpoch"]
if CreatedAtEpoch is not None: if created_at_epoch is not None:
result_header["CreatedAtEpoch"] = CreatedAtEpoch result_header["CreatedAtEpoch"] = created_at_epoch
else: else:
raise Exception(f"no CreatedAtEpoch was parsed from header: \t{header}") raise Exception(f"no CreatedAtEpoch was parsed from header: \t{header}")
# PayloadLength # PayloadLength
PayloadLength = json_header["header"]["payloadLength"] payload_length = json_header["header"]["payloadLength"]
if PayloadLength is not None: if payload_length is not None:
result_header["PayloadLength"] = PayloadLength result_header["PayloadLength"] = payload_length
else: else:
raise Exception(f"no PayloadLength was parsed from header: \t{header}") raise Exception(f"no PayloadLength was parsed from header: \t{header}")
# HomoHash # HomoHash
HomoHash = json_header["header"]["homomorphicHash"]["sum"] homo_hash = json_header["header"]["homomorphicHash"]["sum"]
if HomoHash is not None: if homo_hash is not None:
result_header["HomoHash"] = _json_cli_decode(HomoHash) homo_hash_64_d = base64.b64decode(homo_hash)
homo_hash_bytes = binascii.hexlify(homo_hash_64_d)
result_header["HomoHash"] = bytes.decode(homo_hash_bytes)
else: else:
raise Exception(f"no HomoHash was parsed from header: \t{header}") raise Exception(f"no HomoHash was parsed from header: \t{header}")
# Checksum # PayloadHash
Checksum = json_header["header"]["payloadHash"]["sum"] payload_hash = json_header["header"]["payloadHash"]["sum"]
if Checksum is not None: if payload_hash is not None:
Checksum_64_d = base64.b64decode(Checksum) payload_hash_64_d = base64.b64decode(payload_hash)
result_header["Checksum"] = binascii.hexlify(Checksum_64_d) payload_hash_bytes = binascii.hexlify(payload_hash_64_d)
result_header["PayloadHash"] = bytes.decode(payload_hash_bytes)
else: else:
raise Exception(f"no Checksum was parsed from header: \t{header}") raise Exception(f"no Checksum was parsed from header: \t{header}")
# Type # Type
Type = json_header["header"]["objectType"] object_type = json_header["header"]["objectType"]
if Type is not None: if object_type is not None:
result_header["Type"] = Type result_header["Type"] = object_type
else: else:
raise Exception(f"no Type was parsed from header: \t{header}") raise Exception(f"no Type was parsed from header: \t{header}")
# Version
version = json_header["header"]["version"]
if version is not None:
version_full = f'v{version["major"]}.{version["minor"]}'
result_header["Version"] = version_full
else:
raise Exception(f"no version was parsed from header: \t{header}" )
# Header - Optional attributes # Header - Optional attributes
# Attributes # Attributes
@ -762,7 +773,6 @@ def get_control_endpoint_with_wif(endpoint_number: str = ''):
return endpoint_num, endpoint_control, wif return endpoint_num, endpoint_control, wif
@keyword('Get Locode') @keyword('Get Locode')
def get_locode(): def get_locode():
endpoint_values = random.choice(list(NEOFS_NETMAP_DICT.values())) endpoint_values = random.choice(list(NEOFS_NETMAP_DICT.values()))

View file

@ -141,14 +141,14 @@ Check eACL MatchType String Equal Object
[Arguments] ${USER_KEY} ${OTHER_KEY} [Arguments] ${USER_KEY} ${OTHER_KEY}
${CID} = Create Container Public ${USER_KEY} ${CID} = Create Container Public ${USER_KEY}
${S_OID_USER} = Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER} ${S_OID_USER} = Put Object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER}
${HEADER} = Head object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} json_output=True ${HEADER} = Head Object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} json_output=True
&{HEADER_DICT} = Decode Object System Header Json ${HEADER} &{HEADER_DICT} = Decode Object System Header Json ${HEADER}
Get object ${OTHER_KEY} ${CID} ${S_OID_USER} ${EMPTY} ${PATH} Get Object ${OTHER_KEY} ${CID} ${S_OID_USER} ${EMPTY} ${PATH}
Log Set eACL for Deny GET operation with StringEqual Object ID Log Set eACL for Deny GET operation with StringEqual Object ID
${ID_value} = Get From Dictionary ${HEADER_DICT} ID ${ID_value} = Get From Dictionary ${HEADER_DICT} ID
${filters} = Create Dictionary headerType=OBJECT matchType=STRING_EQUAL key=$Object:objectID value=${ID_value} ${filters} = Create Dictionary headerType=OBJECT matchType=STRING_EQUAL key=$Object:objectID value=${ID_value}
@ -158,22 +158,22 @@ Check eACL MatchType String Equal Object
Set eACL ${USER_KEY} ${CID} ${EACL_CUSTOM} Set eACL ${USER_KEY} ${CID} ${EACL_CUSTOM}
Run Keyword And Expect Error * Run Keyword And Expect Error *
... Get object ${OTHER_KEY} ${CID} ${S_OID_USER} ${EMPTY} ${PATH} ... Get object ${OTHER_KEY} ${CID} ${S_OID_USER} ${EMPTY} ${PATH}
Log Set eACL for Deny GET operation with StringEqual Object Extended User Header Log Set eACL for Deny GET operation with StringEqual Object Extended User Header
${S_OID_USER_OTH} = Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_OTH_HEADER} ${S_OID_USER_OTH} = Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_OTH_HEADER}
${filters} = Create Dictionary headerType=OBJECT matchType=STRING_EQUAL key=key1 value=1 ${filters} = Create Dictionary headerType=OBJECT matchType=STRING_EQUAL key=key1 value=1
${rule1} = Create Dictionary Operation=GET Access=DENY Role=OTHERS Filters=${filters} ${rule1} = Create Dictionary Operation=GET Access=DENY Role=OTHERS Filters=${filters}
${eACL_gen} = Create List ${rule1} ${eACL_gen} = Create List ${rule1}
${EACL_CUSTOM} = Form eACL JSON Common File ${eACL_gen} ${EACL_CUSTOM} = Form eACL JSON Common File ${eACL_gen}
Set eACL ${USER_KEY} ${CID} ${EACL_CUSTOM} Set eACL ${USER_KEY} ${CID} ${EACL_CUSTOM}
Run Keyword And Expect Error * Run Keyword And Expect Error *
... Get object ${OTHER_KEY} ${CID} ${S_OID_USER} ${EMPTY} ${PATH} ... Get object ${OTHER_KEY} ${CID} ${S_OID_USER} ${EMPTY} ${PATH}
Get object ${OTHER_KEY} ${CID} ${S_OID_USER_OTH} ${EMPTY} ${PATH} Get object ${OTHER_KEY} ${CID} ${S_OID_USER_OTH} ${EMPTY} ${PATH}

View file

@ -1,12 +1,20 @@
*** Settings *** *** Settings ***
Variables ../../../variables/common.py Variables ../../../variables/common.py
Variables ../../../variables/eacl_object_filters.py
Library acl.py Library acl.py
Library neofs.py
Library Collections
Resource common_steps_acl_basic.robot
Resource ../${RESOURCES}/payment_operations.robot
*** Variables *** *** Variables ***
${FILE_USR_HEADER} = key1=1,key2=abc ${FILE_USR_HEADER} = key1=1,key2=abc
${FILE_USR_HEADER_DEL} = key1=del,key2=del ${FILE_USR_HEADER_DEL} = key1=del,key2=del
${FILE_OTH_HEADER} = key1=oth,key2=oth ${FILE_OTH_HEADER} = key1=oth,key2=oth
${OBJECT_PATH} = testfile
${EACL_ERR_MSG} = *
*** Keywords *** *** Keywords ***
@ -80,3 +88,134 @@ Check eACL Deny and Allow All
Get Range Hash ${KEY} ${CID} ${S_OID_USER} ${EMPTY} 0:256 Get Range Hash ${KEY} ${CID} ${S_OID_USER} ${EMPTY} 0:256
Delete object ${KEY} ${CID} ${S_OID_USER} ${EMPTY} Delete object ${KEY} ${CID} ${S_OID_USER} ${EMPTY}
Compose eACL Custom
[Arguments] ${HEADER_DICT} ${MATCH_TYPE} ${FILTER} ${ACCESS} ${ROLE}
${filter_value} = Get From dictionary ${HEADER_DICT} ${EACL_OBJ_FILTERS}[${FILTER}]
${filters} = Create Dictionary headerType=OBJECT matchType=${MATCH_TYPE} key=${FILTER} value=${filter_value}
${rule_get}= Create Dictionary Operation=GET Access=${ACCESS} Role=${ROLE} Filters=${filters}
${rule_head}= Create Dictionary Operation=HEAD Access=${ACCESS} Role=${ROLE} Filters=${filters}
${rule_put}= Create Dictionary Operation=PUT Access=${ACCESS} Role=${ROLE} Filters=${filters}
${rule_del}= Create Dictionary Operation=DELETE Access=${ACCESS} Role=${ROLE} Filters=${filters}
${rule_search}= Create Dictionary Operation=SEARCH Access=${ACCESS} Role=${ROLE} Filters=${filters}
${rule_range}= Create Dictionary Operation=GETRANGE Access=${ACCESS} Role=${ROLE} Filters=${filters}
${rule_rangehash}= Create Dictionary Operation=GETRANGEHASH Access=${ACCESS} Role=${ROLE} Filters=${filters}
${eACL_gen}= Create List ${rule_get} ${rule_head} ${rule_put} ${rule_del}
... ${rule_search} ${rule_range} ${rule_rangehash}
${EACL_CUSTOM} = Form eACL JSON Common File ${eACL_gen}
[Return] ${EACL_CUSTOM}
Object Header Decoded
[Arguments] ${USER_KEY} ${CID} ${S_OID_USER}
${HEADER} = Head Object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} json_output=True
&{HEADER_DICT} = Decode Object System Header Json ${HEADER}
[Return] &{HEADER_DICT}
Check eACL Filters with MatchType String Equal
[Arguments] ${FILTER}
${_} ${_} ${USER_KEY} = Prepare Wallet And Deposit
${_} ${_} ${OTHER_KEY} = Prepare Wallet And Deposit
${CID} = Create Container Public ${USER_KEY}
${FILE_S} ${_} = Generate file ${SIMPLE_OBJ_SIZE}
${S_OID_USER} = Put Object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER}
${D_OID_USER} = Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY}
@{S_OBJ_H} = Create List ${S_OID_USER}
Get Object ${OTHER_KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl
Search Object ${OTHER_KEY} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER} ${S_OBJ_H}
Head Object ${OTHER_KEY} ${CID} ${S_OID_USER} ${EMPTY}
Get Range ${OTHER_KEY} ${CID} ${S_OID_USER} s_get_range ${EMPTY} 0:256
Get Range Hash ${OTHER_KEY} ${CID} ${S_OID_USER} ${EMPTY} 0:256
Delete Object ${OTHER_KEY} ${CID} ${D_OID_USER} ${EMPTY}
&{HEADER_DICT} = Object Header Decoded ${USER_KEY} ${CID} ${S_OID_USER}
${EACL_CUSTOM} = Compose eACL Custom ${HEADER_DICT} STRING_EQUAL ${FILTER} DENY OTHERS
Set eACL ${USER_KEY} ${CID} ${EACL_CUSTOM}
IF 'GET' in ${VERB_FILTER_DEP}[${FILTER}]
Run Keyword And Expect Error ${EACL_ERR_MSG}
... Get object ${OTHER_KEY} ${CID} ${S_OID_USER} ${EMPTY} ${OBJECT_PATH}
END
IF 'HEAD' in ${VERB_FILTER_DEP}[${FILTER}]
Run Keyword And Expect error ${EACL_ERR_MSG}
... Head object ${OTHER_KEY} ${CID} ${S_OID_USER} ${EMPTY}
END
IF 'RANGE' in ${VERB_FILTER_DEP}[${FILTER}]
Run Keyword And Expect error ${EACL_ERR_MSG}
... Get Range ${OTHER_KEY} ${CID} ${S_OID_USER} s_get_range ${EMPTY} 0:256
END
IF 'SEARCH' in ${VERB_FILTER_DEP}[${FILTER}]
Run Keyword And Expect Error ${EACL_ERR_MSG}
... Search Object ${OTHER_KEY} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER} ${S_OBJ_H}
END
IF 'RANGEHASH' in ${VERB_FILTER_DEP}[${FILTER}]
Run Keyword And Expect error ${EACL_ERR_MSG}
... Get Range Hash ${OTHER_KEY} ${CID} ${S_OID_USER} ${EMPTY} 0:256
END
IF 'DELETE' in ${VERB_FILTER_DEP}[${FILTER}]
Run Keyword And Expect error ${EACL_ERR_MSG}
... Delete Object ${OTHER_KEY} ${CID} ${S_OID_USER} ${EMPTY}
END
Check eACL Filters with MatchType String Not Equal
[Arguments] ${FILTER}
${_} ${_} ${USER_KEY} = Prepare Wallet And Deposit
${_} ${_} ${OTHER_KEY} = Prepare Wallet And Deposit
${CID} = Create Container Public ${USER_KEY}
${FILE_S} ${_} = Generate file ${SIMPLE_OBJ_SIZE}
${S_OID_OTH} = Put Object ${OTHER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_OTH_HEADER}
${S_OID_USER} = Put Object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER}
${D_OID_USER} = Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY}
@{S_OBJ_H} = Create List ${S_OID_USER}
Get Object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl
Head Object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY}
Search Object ${USER_KEY} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER} ${S_OBJ_H}
Get Range ${USER_KEY} ${CID} ${S_OID_USER} s_get_range ${EMPTY} 0:256
Get Range Hash ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} 0:256
&{HEADER_DICT} = Object Header Decoded ${USER_KEY} ${CID} ${S_OID_USER}
${EACL_CUSTOM} = Compose eACL Custom ${HEADER_DICT} STRING_NOT_EQUAL ${FILTER} DENY OTHERS
Set eACL ${USER_KEY} ${CID} ${EACL_CUSTOM}
IF 'GET' in ${VERB_FILTER_DEP}[${FILTER}]
Run Keyword And Expect Error ${EACL_ERR_MSG}
... Get object ${OTHER_KEY} ${CID} ${S_OID_OTH} ${EMPTY} ${OBJECT_PATH}
Get object ${OTHER_KEY} ${CID} ${S_OID_USER} ${EMPTY} ${OBJECT_PATH}
END
IF 'HEAD' in ${VERB_FILTER_DEP}[${FILTER}]
Run Keyword And Expect error ${EACL_ERR_MSG}
... Head object ${OTHER_KEY} ${CID} ${S_OID_OTH} ${EMPTY}
Head object ${OTHER_KEY} ${CID} ${S_OID_USER} ${EMPTY}
END
IF 'SEARCH' in ${VERB_FILTER_DEP}[${FILTER}]
Run Keyword And Expect error ${EACL_ERR_MSG}
... Search object ${OTHER_KEY} ${CID} ${EMPTY} ${EMPTY} ${FILE_OTH_HEADER} ${S_OBJ_H}
Search object ${OTHER_KEY} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER} ${S_OBJ_H}
END
IF 'RANGE' in ${VERB_FILTER_DEP}[${FILTER}]
Run Keyword And Expect error ${EACL_ERR_MSG}
... Get Range ${OTHER_KEY} ${CID} ${S_OID_OTH} s_get_range ${EMPTY} 0:256
Get Range ${OTHER_KEY} ${CID} ${S_OID_USER} s_get_range ${EMPTY} 0:256
END
IF 'RANGEHASH' in ${VERB_FILTER_DEP}[${FILTER}]
Run Keyword And Expect error ${EACL_ERR_MSG}
... Get Range Hash ${OTHER_KEY} ${CID} ${S_OID_OTH} ${EMPTY} 0:256
Get Range Hash ${OTHER_KEY} ${CID} ${S_OID_USER} ${EMPTY} 0:256
END
IF 'DELETE' in ${VERB_FILTER_DEP}[${FILTER}]
Run Keyword And Expect error ${EACL_ERR_MSG}
... Delete Object ${OTHER_KEY} ${CID} ${S_OID_OTH} ${EMPTY}
Delete Object ${OTHER_KEY} ${CID} ${S_OID_USER} ${EMPTY}
END

View file

@ -0,0 +1,17 @@
*** Settings ***
Resource ../common_steps_acl_extended.robot
Resource ../../${RESOURCES}/setup_teardown.robot
*** Test cases ***
Container ID Object Filter for Extended ACL
[Documentation] Testcase to validate if $Object:containerID eACL filter is correctly handled.
[Tags] ACL eACL NeoFS NeoCLI
[Timeout] 20 min
[Setup] Setup
Log Check eACL containerID Filter with MatchType String Equal
Check eACL Filters with MatchType String Equal $Object:containerID
[Teardown] Teardown container_id_filter

View file

@ -0,0 +1,62 @@
*** Settings ***
Variables ../../../../variables/common.py
Variables ../../../../variables/eacl_object_filters.py
Library acl.py
Library neofs.py
Library Collections
Library contract_keywords.py
Resource ../common_steps_acl_extended.robot
Resource ../common_steps_acl_basic.robot
Resource ../../${RESOURCES}/payment_operations.robot
Resource ../../${RESOURCES}/setup_teardown.robot
*** Variables ***
${OBJECT_PATH} = testfile
${EACL_ERR_MSG} = *
*** Test cases ***
Creation Epoch Object Filter for Extended ACL
[Documentation] Testcase to validate if $Object:creationEpoch eACL filter is correctly handled.
[Tags] ACL eACL NeoFS NeoCLI
[Timeout] 20 min
[Setup] Setup
Log Check eACL creationEpoch Filter with MatchType String Equal
Check eACL Filters with MatchType String Equal $Object:creationEpoch
Log Check eACL creationEpoch Filter with MatchType String Not Equal
Check $Object:creationEpoch Filter with MatchType String Not Equal $Object:creationEpoch
*** Keywords ***
Check $Object:creationEpoch Filter with MatchType String Not Equal
[Arguments] ${FILTER}
${_} ${_} ${USER_KEY} = Prepare Wallet And Deposit
${_} ${_} ${OTHER_KEY} = Prepare Wallet And Deposit
${CID} = Create Container Public ${USER_KEY}
${FILE_S} ${_} = Generate file ${SIMPLE_OBJ_SIZE}
${S_OID} = Put Object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY}
Tick Epoch
${S_OID_NEW} = Put Object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY}
Get Object ${USER_KEY} ${CID} ${S_OID_NEW} ${EMPTY} local_file_eacl
Head Object ${USER_KEY} ${CID} ${S_OID_NEW} ${EMPTY}
&{HEADER_DICT} = Object Header Decoded ${USER_KEY} ${CID} ${S_OID_NEW}
${EACL_CUSTOM} = Compose eACL Custom ${HEADER_DICT} STRING_NOT_EQUAL ${FILTER} DENY OTHERS
Set eACL ${USER_KEY} ${CID} ${EACL_CUSTOM}
Run Keyword And Expect Error ${EACL_ERR_MSG}
... Get object ${OTHER_KEY} ${CID} ${S_OID} ${EMPTY} ${OBJECT_PATH}
Get object ${OTHER_KEY} ${CID} ${S_OID_NEW} ${EMPTY} ${OBJECT_PATH}
Run Keyword And Expect error ${EACL_ERR_MSG}
... Head object ${OTHER_KEY} ${CID} ${S_OID} ${EMPTY}
Head object ${OTHER_KEY} ${CID} ${S_OID_NEW} ${EMPTY}
[Teardown] Teardown creation_epoch_filter

View file

@ -0,0 +1,17 @@
*** Settings ***
Resource ../common_steps_acl_extended.robot
Resource ../../${RESOURCES}/setup_teardown.robot
*** Test cases ***
Homomorphic Hash Object Filter for Extended ACL
[Documentation] Testcase to validate if $Object:homomorphicHash eACL filter is correctly handled.
[Tags] ACL eACL NeoFS NeoCLI
[Timeout] 20 min
[Setup] Setup
Log Check eACL homomorphicHash Filter with MatchType String Equal
Check eACL Filters with MatchType String Equal $Object:homomorphicHash
[Teardown] Teardown homomorphic_hash_filter

View file

@ -0,0 +1,134 @@
*** Settings ***
Variables ../../../../variables/common.py
Variables ../../../../variables/eacl_object_filters.py
Library acl.py
Library neofs.py
Library Collections
Resource ../common_steps_acl_extended.robot
Resource ../common_steps_acl_basic.robot
Resource ../../${RESOURCES}/payment_operations.robot
Resource ../../${RESOURCES}/setup_teardown.robot
*** Variables ***
${OBJECT_PATH} = testfile
${EACL_ERR_MSG} = *
*** Test cases ***
Object ID Object Filter for Extended ACL
[Documentation] Testcase to validate if $Object:objectID eACL filter is correctly handled.
[Tags] ACL eACL NeoFS NeoCLI
[Timeout] 20 min
[Setup] Setup
Log Check eACL objectID Filter with MatchType String Equal
Check eACL Filters with MatchType String Equal $Object:objectID
Log Check eACL objectID Filter with MatchType String Not Equal
Check eACL Filters with MatchType String Not Equal $Object:objectID
#################################################################################
# If the first eACL rule contradicts the second, the second one won't be applied
#################################################################################
Log Check if the second rule that contradicts the first is not applied
Check eACL Filters with MatchType String Equal with two contradicting filters $Object:objectID
###########################################################################################################################
# If both STRING_EQUAL and STRING_NOT_EQUAL matchTypes are applied for the same filter value, no object can be operated on
###########################################################################################################################
Log Check two matchTypes applied
Check eACL Filters, two matchTypes $Object:objectID
*** Keywords ***
Check eACL Filters with MatchType String Equal with two contradicting filters
[Arguments] ${FILTER}
${_} ${_} ${USER_KEY} = Prepare Wallet And Deposit
${_} ${_} ${OTHER_KEY} = Prepare Wallet And Deposit
${CID} = Create Container Public ${USER_KEY}
${FILE_S_USER} ${_} = Generate file ${SIMPLE_OBJ_SIZE}
${S_OID_USER} = Put Object ${USER_KEY} ${FILE_S_USER} ${CID} ${EMPTY}
&{HEADER_DICT_USER} = Object Header Decoded ${USER_KEY} ${CID} ${S_OID_USER}
Get Object ${OTHER_KEY} ${CID} ${S_OID_USER} ${EMPTY} ${OBJECT_PATH}
${filter_value} = Get From Dictionary ${HEADER_DICT_USER} ${EACL_OBJ_FILTERS}[${FILTER}]
${filters} = Create Dictionary
... headerType=OBJECT
... matchType=STRING_EQUAL
... key=${FILTER}
... value=${filter_value}
${rule} = Create Dictionary
... Operation=GET
... Access=ALLOW
... Role=OTHERS
... Filters=${filters}
${contradicting_filters} = Create Dictionary
... headerType=OBJECT
... matchType=STRING_EQUAL
... key=$Object:payloadLength
... value=${SIMPLE_OBJ_SIZE}
${contradicting_rule} = Create Dictionary
... Operation=GET
... Access=DENY
... Role=OTHERS
... Filters=${contradicting_filters}
${eACL_gen} = Create List ${rule} ${contradicting_rule}
${EACL_CUSTOM} = Form eACL JSON Common File ${eACL_gen}
Set eACL ${USER_KEY} ${CID} ${EACL_CUSTOM}
Get object ${OTHER_KEY} ${CID} ${S_OID_USER} ${EMPTY} ${OBJECT_PATH}
Check eACL Filters, two matchTypes
[Arguments] ${FILTER}
${_} ${_} ${USER_KEY} = Prepare Wallet And Deposit
${_} ${_} ${OTHER_KEY} = Prepare Wallet And Deposit
${CID} = Create Container Public ${USER_KEY}
${FILE_S} ${_} = Generate file ${SIMPLE_OBJ_SIZE}
${S_OID_USER} = Put Object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY}
${S_OID_OTHER} = Put Object ${OTHER_KEY} ${FILE_S} ${CID} ${EMPTY}
&{HEADER_DICT_USER} = Object Header Decoded ${USER_KEY} ${CID} ${S_OID_USER}
Get Object ${OTHER_KEY} ${CID} ${S_OID_USER} ${EMPTY} ${OBJECT_PATH}
Get Object ${OTHER_KEY} ${CID} ${S_OID_OTHER} ${EMPTY} ${OBJECT_PATH}
${filter_value} = Get From Dictionary ${HEADER_DICT_USER} ${EACL_OBJ_FILTERS}[${FILTER}]
${noneq_filters} = Create Dictionary
... headerType=OBJECT
... matchType=STRING_NOT_EQUAL
... key=${FILTER}
... value=${filter_value}
${rule_noneq_filter} = Create Dictionary
... Operation=GET
... Access=DENY
... Role=OTHERS
... Filters=${noneq_filters}
${eq_filters} = Create Dictionary
... headerType=OBJECT
... matchType=STRING_EQUAL
... key=${FILTER}
... value=${filter_value}
${rule_eq_filter} = Create Dictionary
... Operation=GET
... Access=DENY
... Role=OTHERS
... Filters=${eq_filters}
${eACL_gen} = Create List ${rule_noneq_filter} ${rule_eq_filter}
${EACL_CUSTOM} = Form eACL JSON Common File ${eACL_gen}
Set eACL ${USER_KEY} ${CID} ${EACL_CUSTOM}
Run Keyword And Expect Error *
... Get object ${OTHER_KEY} ${CID} ${S_OID_OTHER} ${EMPTY} ${OBJECT_PATH}
Run Keyword And Expect Error *
... Get Object ${OTHER_KEY} ${CID} ${S_OID_USER} ${EMPTY} ${OBJECT_PATH}
[Teardown] Teardown object_id

View file

@ -0,0 +1,17 @@
*** Settings ***
Resource ../common_steps_acl_extended.robot
Resource ../../${RESOURCES}/setup_teardown.robot
*** Test cases ***
Object Type Object Filter for Extended ACL
[Documentation] Testcase to validate if $Object:objectType eACL filter is correctly handled.
[Tags] ACL eACL NeoFS NeoCLI
[Timeout] 20 min
[Setup] Setup
Log Check eACL objectType Filter with MatchType String Equal
Check eACL Filters with MatchType String Equal $Object:objectType
[Teardown] Teardown object_type_filter

View file

@ -0,0 +1,19 @@
*** Settings ***
Resource ../common_steps_acl_extended.robot
Resource ../../${RESOURCES}/setup_teardown.robot
*** Test cases ***
Owner ID Object Filter for Extended ACL
[Documentation] Testcase to validate if $Object:ownerID eACL filter is correctly handled.
[Tags] ACL eACL NeoFS NeoCLI
[Timeout] 20 min
[Setup] Setup
Log Check eACL ownerID Filter with MatchType String Equal
Check eACL Filters with MatchType String Equal $Object:ownerID
Log Check eACL ownerID Filter with MatchType String Not Equal
Check eACL Filters with MatchType String Not Equal $Object:ownerID
[Teardown] Teardown owner_id_filter

View file

@ -0,0 +1,17 @@
*** Settings ***
Resource ../common_steps_acl_extended.robot
Resource ../../${RESOURCES}/setup_teardown.robot
*** Test cases ***
Payload Hash Object Filter for Extended ACL
[Documentation] Testcase to validate if $Object:payloadHash eACL filter is correctly handled.
[Tags] ACL eACL NeoFS NeoCLI
[Timeout] 20 min
[Setup] Setup
Log Check eACL payloadHash Filter with MatchType String Equal
Check eACL Filters with MatchType String Equal $Object:payloadHash
[Teardown] Teardown payload_hash_filter

View file

@ -0,0 +1,62 @@
*** Settings ***
Variables ../../../../variables/common.py
Variables ../../../../variables/eacl_object_filters.py
Library acl.py
Library neofs.py
Library Collections
Resource ../common_steps_acl_extended.robot
Resource ../common_steps_acl_basic.robot
Resource ../../${RESOURCES}/payment_operations.robot
Resource ../../${RESOURCES}/setup_teardown.robot
*** Variables ***
${OBJECT_PATH} = testfile
${EACL_ERR_MSG} = *
*** Test cases ***
Payload Length Object Filter for Extended ACL
[Documentation] Testcase to validate if $Object:payloadLength eACL filter is correctly handled.
[Tags] ACL eACL NeoFS NeoCLI
[Timeout] 20 min
[Setup] Setup
Log Check eACL payloadLength Filter with MatchType String Equal
Check eACL Filters with MatchType String Equal $Object:payloadLength
Log Check eACL payloadLength Filter with MatchType String Not Equal
Check $Object:payloadLength Filter with MatchType String Not Equal $Object:payloadLength
*** Keywords ***
Check $Object:payloadLength Filter with MatchType String Not Equal
[Arguments] ${FILTER}
${_} ${_} ${USER_KEY} = Prepare Wallet And Deposit
${_} ${_} ${OTHER_KEY} = Prepare Wallet And Deposit
${CID} = Create Container Public ${USER_KEY}
${FILE_S} ${_} = Generate file ${SIMPLE_OBJ_SIZE}
${FILE_0} ${_} = Generate file ${0}
${S_OID_0} = Put Object ${USER_KEY} ${FILE_0} ${CID} ${EMPTY}
${S_OID} = Put Object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY}
Get Object ${USER_KEY} ${CID} ${S_OID} ${EMPTY} local_file_eacl
Head Object ${USER_KEY} ${CID} ${S_OID} ${EMPTY}
&{HEADER_DICT} = Object Header Decoded ${USER_KEY} ${CID} ${S_OID}
${EACL_CUSTOM} = Compose eACL Custom ${HEADER_DICT} STRING_NOT_EQUAL ${FILTER} DENY OTHERS
Set eACL ${USER_KEY} ${CID} ${EACL_CUSTOM}
Run Keyword And Expect Error ${EACL_ERR_MSG}
... Get object ${OTHER_KEY} ${CID} ${S_OID_0} ${EMPTY} ${OBJECT_PATH}
Get object ${OTHER_KEY} ${CID} ${S_OID} ${EMPTY} ${OBJECT_PATH}
Run Keyword And Expect error ${EACL_ERR_MSG}
... Head object ${OTHER_KEY} ${CID} ${S_OID_0} ${EMPTY}
Head object ${OTHER_KEY} ${CID} ${S_OID} ${EMPTY}
[Teardown] Teardown payload_length_filter

View file

@ -0,0 +1,17 @@
*** Settings ***
Resource ../common_steps_acl_extended.robot
Resource ../../${RESOURCES}/setup_teardown.robot
*** Test cases ***
Version Object Filter for Extended ACL
[Documentation] Testcase to validate if $Object:version eACL filter is correctly handled.
[Tags] ACL eACL NeoFS NeoCLI
[Timeout] 20 min
[Setup] Setup
Log Check eACL version Filter with MatchType String Equal
Check eACL Filters with MatchType String Equal $Object:version
[Teardown] Teardown version_filter

View file

@ -0,0 +1,21 @@
EACL_OBJ_FILTERS = {'$Object:objectID': 'ID',
'$Object:containerID': 'CID',
'$Object:ownerID': 'OwnerID',
'$Object:creationEpoch': 'CreatedAtEpoch',
'$Object:payloadLength': 'PayloadLength',
'$Object:payloadHash': 'PayloadHash',
'$Object:objectType': 'Type',
'$Object:homomorphicHash': 'HomoHash',
'$Object:version': 'Version'}
VERB_FILTER_DEP = {
'$Object:objectID': ['GET', 'HEAD', 'DELETE', 'RANGE', 'RANGEHASH'],
'$Object:containerID': ['GET', 'PUT', 'HEAD', 'DELETE', 'SEARCH', 'RANGE', 'RANGEHASH'],
'$Object:ownerID': ['GET', 'HEAD'],
'$Object:creationEpoch': ['GET', 'PUT', 'HEAD'],
'$Object:payloadLength': ['GET', 'PUT', 'HEAD'],
'$Object:payloadHash': ['GET', 'PUT', 'HEAD'],
'$Object:objectType': ['GET', 'PUT', 'HEAD'],
'$Object:homomorphicHash': ['GET', 'PUT', 'HEAD'],
'$Object:version': ['GET', 'PUT', 'HEAD']
}