From e78cdbd5b886afda5abe94a1d69b233f69469da5 Mon Sep 17 00:00:00 2001
From: "a.berezin" <a.berezin@yadro.com>
Date: Tue, 6 Aug 2024 17:50:33 +0300
Subject: [PATCH] [#282] Minor APE tests update

---
 .../testsuites/access/ape/test_ape_filters.py | 52 ++++++++++---------
 pytest_tests/testsuites/conftest.py           |  5 +-
 2 files changed, 32 insertions(+), 25 deletions(-)

diff --git a/pytest_tests/testsuites/access/ape/test_ape_filters.py b/pytest_tests/testsuites/access/ape/test_ape_filters.py
index 0b0555cb..54f21eda 100644
--- a/pytest_tests/testsuites/access/ape/test_ape_filters.py
+++ b/pytest_tests/testsuites/access/ape/test_ape_filters.py
@@ -22,6 +22,8 @@ from pytest_tests.helpers.container_access import (
     assert_no_access_to_container,
 )
 
+# TODO: Revert to just OBJECT_ACCESS_DENIED when the issue is fixed
+# https://git.frostfs.info/TrueCloudLab/frostfs-node/issues/1297
 OBJECT_NO_ACCESS = f"(?:{OBJECT_NOT_FOUND}|{OBJECT_ACCESS_DENIED})"
 
 
@@ -120,7 +122,7 @@ class TestApeFilters(ClusterTestBase):
         endpoint = self.cluster.default_rpc_endpoint
 
         with reporter.step("Deny all operations for others via APE with request condition"):
-            request_condition = ape.Condition('"check_key"', '"check_value"', ape.ConditionType.REQUEST, match_type)
+            request_condition = ape.Condition('"frostfs:xheader/check_key"', '"check_value"', ape.ConditionType.REQUEST, match_type)
             role_condition = ape.Condition.by_role(ape.Role.OTHERS)
             deny_rule = ape.Rule(ape.Verb.DENY, ALL_OBJECT_OPERATIONS, [request_condition, role_condition])
 
@@ -168,15 +170,15 @@ class TestApeFilters(ClusterTestBase):
         # TODO: Refactor this to be fixtures, not test logic
         (
             cid,
-            objects_with_header,
-            objects_with_other_header,
-            objs_without_header,
+            objects_with_attributes,
+            objects_with_other_attributes,
+            objs_without_attributes,
             file_path,
         ) = public_container_with_objects
         endpoint = self.cluster.default_rpc_endpoint
 
-        allow_objects = objects_with_other_header if match_type == ape.MatchType.EQUAL else objects_with_header
-        deny_objects = objects_with_header if match_type == ape.MatchType.EQUAL else objects_with_other_header
+        allow_objects = objects_with_other_attributes if match_type == ape.MatchType.EQUAL else objects_with_attributes
+        deny_objects = objects_with_attributes if match_type == ape.MatchType.EQUAL else objects_with_other_attributes
 
         # When there is no attribute on the object, it's the same as "", and "" is not equal to "<some_value>"
         # So it's the same as deny_objects
@@ -222,7 +224,7 @@ class TestApeFilters(ClusterTestBase):
                     no_attributes_access[match_type],
                     other_wallet,
                     cid,
-                    objs_without_header.pop(),
+                    objs_without_attributes.pop(),
                     file_path,
                     self.shell,
                     self.cluster,
@@ -268,23 +270,25 @@ class TestApeFilters(ClusterTestBase):
         # TODO: Refactor this to be fixtures, not test logic!
         (
             cid,
-            objects_with_header,
-            objects_with_other_header,
-            objects_without_header,
+            objects_with_attributes,
+            objects_with_other_attributes,
+            objects_without_attributes,
             file_path,
         ) = container_with_objects
         endpoint = self.cluster.default_rpc_endpoint
 
         if match_type == ape.MatchType.EQUAL:
-            allow_objects = objects_with_header
-            deny_objects = objects_with_other_header
+            allow_objects = objects_with_attributes
+            deny_objects = objects_with_other_attributes
             allow_attribute = self.HEADER
             deny_attribute = self.OTHER_HEADER
+            no_attributes_match_context = pytest.raises(Exception, match=OBJECT_NO_ACCESS)
         else:
-            allow_objects = objects_with_other_header
-            deny_objects = objects_with_header
+            allow_objects = objects_with_other_attributes
+            deny_objects = objects_with_attributes
             allow_attribute = self.OTHER_HEADER
             deny_attribute = self.HEADER
+            no_attributes_match_context = expect_not_raises()
         # End of refactor block
 
         with reporter.step("Allow operations for others except few operations by resource condition via APE"):
@@ -297,15 +301,15 @@ class TestApeFilters(ClusterTestBase):
         with reporter.step("Wait for one block"):
             self.wait_for_blocks()
 
-        with reporter.step("Check others cannot get and put objects without attributes"):
-            oid = objects_without_header.pop()
-            with pytest.raises(Exception, match=OBJECT_ACCESS_DENIED):
+        with reporter.step("Check GET, PUT and HEAD operations with objects without attributes for OTHERS role"):
+            oid = objects_without_attributes.pop()
+            with no_attributes_match_context:
                 assert head_object(other_wallet, cid, oid, self.shell, endpoint)
 
-            with pytest.raises(Exception, match=OBJECT_ACCESS_DENIED):
+            with no_attributes_match_context:
                 assert get_object_from_random_node(other_wallet, cid, oid, self.shell, self.cluster)
 
-            with pytest.raises(Exception, match=OBJECT_ACCESS_DENIED):
+            with no_attributes_match_context:
                 assert put_object_to_random_node(other_wallet, file_path, cid, self.shell, self.cluster)
 
         with reporter.step("Create bearer token with everything allowed for others role"):
@@ -314,7 +318,7 @@ class TestApeFilters(ClusterTestBase):
             bearer = create_bearer_token(frostfs_cli, temp_directory, cid, rule, endpoint)
 
         with reporter.step("Check others can get and put objects without attributes and using bearer token"):
-            oid = objects_without_header[0]
+            oid = objects_without_attributes[0]
             with expect_not_raises():
                 head_object(other_wallet, cid, oid, self.shell, endpoint, bearer)
 
@@ -337,13 +341,13 @@ class TestApeFilters(ClusterTestBase):
 
         with reporter.step("Check others cannot get and put objects without attributes matching the filter"):
             oid = deny_objects[0]
-            with pytest.raises(Exception, match=OBJECT_ACCESS_DENIED):
+            with pytest.raises(Exception, match=OBJECT_NO_ACCESS):
                 head_object(other_wallet, cid, oid, self.shell, endpoint)
 
-            with pytest.raises(Exception, match=OBJECT_ACCESS_DENIED):
-                assert get_object_from_random_node(other_wallet, cid, oid, file_path, self.shell, self.cluster)
+            with pytest.raises(Exception, match=OBJECT_NO_ACCESS):
+                assert get_object_from_random_node(other_wallet, cid, oid, self.shell, self.cluster)
 
-            with pytest.raises(Exception, match=OBJECT_ACCESS_DENIED):
+            with pytest.raises(Exception, match=OBJECT_NO_ACCESS):
                 assert put_object_to_random_node(other_wallet, file_path, cid, self.shell, self.cluster, attributes=deny_attribute)
 
         with reporter.step("Check others can get and put objects without attributes matching the filter with bearer token"):
diff --git a/pytest_tests/testsuites/conftest.py b/pytest_tests/testsuites/conftest.py
index 696f06ec..357368c9 100644
--- a/pytest_tests/testsuites/conftest.py
+++ b/pytest_tests/testsuites/conftest.py
@@ -13,6 +13,7 @@ from frostfs_testlib.cli import FrostfsCli
 from frostfs_testlib.credentials.interfaces import CredentialsProvider, User
 from frostfs_testlib.healthcheck.interfaces import Healthcheck
 from frostfs_testlib.hosting import Hosting
+from frostfs_testlib.resources import optionals
 from frostfs_testlib.resources.common import ASSETS_DIR, COMPLEX_OBJECT_CHUNKS_COUNT, COMPLEX_OBJECT_TAIL_SIZE, SIMPLE_OBJECT_SIZE
 from frostfs_testlib.s3 import AwsCliClient, Boto3ClientWrapper, S3ClientWrapper, VersioningStatus
 from frostfs_testlib.shell import LocalShell, Shell
@@ -27,7 +28,7 @@ from frostfs_testlib.storage.dataclasses.policy import PlacementPolicy
 from frostfs_testlib.storage.dataclasses.wallet import WalletInfo
 from frostfs_testlib.testing.cluster_test_base import ClusterTestBase
 from frostfs_testlib.testing.parallel import parallel
-from frostfs_testlib.testing.test_control import wait_for_success
+from frostfs_testlib.testing.test_control import run_optionally, wait_for_success
 from frostfs_testlib.utils import env_utils, string_utils, version_utils
 from frostfs_testlib.utils.file_utils import TestFile, generate_file
 
@@ -347,6 +348,7 @@ def two_buckets(buckets_pool: list[str], s3_client: S3ClientWrapper) -> list[str
 
 @allure.title("[Autouse/Session] Collect binary versions")
 @pytest.fixture(scope="session", autouse=True)
+@run_optionally(optionals.OPTIONAL_AUTOUSE_FIXTURES_ENABLED)
 def collect_binary_versions(hosting: Hosting, client_shell: Shell, request: pytest.FixtureRequest):
     environment_dir = request.config.getoption("--alluredir")
     if not environment_dir:
@@ -392,6 +394,7 @@ def session_start_time(configure_testlib):
 
 @allure.title("[Autouse/Session] After deploy healthcheck")
 @pytest.fixture(scope="session", autouse=True)
+@run_optionally(optionals.OPTIONAL_AUTOUSE_FIXTURES_ENABLED)
 def after_deploy_healthcheck(cluster: Cluster):
     with reporter.step("Wait for cluster readiness after deploy"):
         parallel(readiness_on_node, cluster.cluster_nodes)