[#282] Minor APE tests update
Some checks reported warnings
DCO check / Commits Check (pull_request) Has been cancelled
Some checks reported warnings
DCO check / Commits Check (pull_request) Has been cancelled
This commit is contained in:
parent
79882345e9
commit
e78cdbd5b8
2 changed files with 32 additions and 25 deletions
|
|
@ -22,6 +22,8 @@ from pytest_tests.helpers.container_access import (
|
||||||
assert_no_access_to_container,
|
assert_no_access_to_container,
|
||||||
)
|
)
|
||||||
|
|
||||||
|
# TODO: Revert to just OBJECT_ACCESS_DENIED when the issue is fixed
|
||||||
|
# https://git.frostfs.info/TrueCloudLab/frostfs-node/issues/1297
|
||||||
OBJECT_NO_ACCESS = f"(?:{OBJECT_NOT_FOUND}|{OBJECT_ACCESS_DENIED})"
|
OBJECT_NO_ACCESS = f"(?:{OBJECT_NOT_FOUND}|{OBJECT_ACCESS_DENIED})"
|
||||||
|
|
||||||
|
|
||||||
|
|
@ -120,7 +122,7 @@ class TestApeFilters(ClusterTestBase):
|
||||||
endpoint = self.cluster.default_rpc_endpoint
|
endpoint = self.cluster.default_rpc_endpoint
|
||||||
|
|
||||||
with reporter.step("Deny all operations for others via APE with request condition"):
|
with reporter.step("Deny all operations for others via APE with request condition"):
|
||||||
request_condition = ape.Condition('"check_key"', '"check_value"', ape.ConditionType.REQUEST, match_type)
|
request_condition = ape.Condition('"frostfs:xheader/check_key"', '"check_value"', ape.ConditionType.REQUEST, match_type)
|
||||||
role_condition = ape.Condition.by_role(ape.Role.OTHERS)
|
role_condition = ape.Condition.by_role(ape.Role.OTHERS)
|
||||||
deny_rule = ape.Rule(ape.Verb.DENY, ALL_OBJECT_OPERATIONS, [request_condition, role_condition])
|
deny_rule = ape.Rule(ape.Verb.DENY, ALL_OBJECT_OPERATIONS, [request_condition, role_condition])
|
||||||
|
|
||||||
|
|
@ -168,15 +170,15 @@ class TestApeFilters(ClusterTestBase):
|
||||||
# TODO: Refactor this to be fixtures, not test logic
|
# TODO: Refactor this to be fixtures, not test logic
|
||||||
(
|
(
|
||||||
cid,
|
cid,
|
||||||
objects_with_header,
|
objects_with_attributes,
|
||||||
objects_with_other_header,
|
objects_with_other_attributes,
|
||||||
objs_without_header,
|
objs_without_attributes,
|
||||||
file_path,
|
file_path,
|
||||||
) = public_container_with_objects
|
) = public_container_with_objects
|
||||||
endpoint = self.cluster.default_rpc_endpoint
|
endpoint = self.cluster.default_rpc_endpoint
|
||||||
|
|
||||||
allow_objects = objects_with_other_header if match_type == ape.MatchType.EQUAL else objects_with_header
|
allow_objects = objects_with_other_attributes if match_type == ape.MatchType.EQUAL else objects_with_attributes
|
||||||
deny_objects = objects_with_header if match_type == ape.MatchType.EQUAL else objects_with_other_header
|
deny_objects = objects_with_attributes if match_type == ape.MatchType.EQUAL else objects_with_other_attributes
|
||||||
|
|
||||||
# When there is no attribute on the object, it's the same as "", and "" is not equal to "<some_value>"
|
# When there is no attribute on the object, it's the same as "", and "" is not equal to "<some_value>"
|
||||||
# So it's the same as deny_objects
|
# So it's the same as deny_objects
|
||||||
|
|
@ -222,7 +224,7 @@ class TestApeFilters(ClusterTestBase):
|
||||||
no_attributes_access[match_type],
|
no_attributes_access[match_type],
|
||||||
other_wallet,
|
other_wallet,
|
||||||
cid,
|
cid,
|
||||||
objs_without_header.pop(),
|
objs_without_attributes.pop(),
|
||||||
file_path,
|
file_path,
|
||||||
self.shell,
|
self.shell,
|
||||||
self.cluster,
|
self.cluster,
|
||||||
|
|
@ -268,23 +270,25 @@ class TestApeFilters(ClusterTestBase):
|
||||||
# TODO: Refactor this to be fixtures, not test logic!
|
# TODO: Refactor this to be fixtures, not test logic!
|
||||||
(
|
(
|
||||||
cid,
|
cid,
|
||||||
objects_with_header,
|
objects_with_attributes,
|
||||||
objects_with_other_header,
|
objects_with_other_attributes,
|
||||||
objects_without_header,
|
objects_without_attributes,
|
||||||
file_path,
|
file_path,
|
||||||
) = container_with_objects
|
) = container_with_objects
|
||||||
endpoint = self.cluster.default_rpc_endpoint
|
endpoint = self.cluster.default_rpc_endpoint
|
||||||
|
|
||||||
if match_type == ape.MatchType.EQUAL:
|
if match_type == ape.MatchType.EQUAL:
|
||||||
allow_objects = objects_with_header
|
allow_objects = objects_with_attributes
|
||||||
deny_objects = objects_with_other_header
|
deny_objects = objects_with_other_attributes
|
||||||
allow_attribute = self.HEADER
|
allow_attribute = self.HEADER
|
||||||
deny_attribute = self.OTHER_HEADER
|
deny_attribute = self.OTHER_HEADER
|
||||||
|
no_attributes_match_context = pytest.raises(Exception, match=OBJECT_NO_ACCESS)
|
||||||
else:
|
else:
|
||||||
allow_objects = objects_with_other_header
|
allow_objects = objects_with_other_attributes
|
||||||
deny_objects = objects_with_header
|
deny_objects = objects_with_attributes
|
||||||
allow_attribute = self.OTHER_HEADER
|
allow_attribute = self.OTHER_HEADER
|
||||||
deny_attribute = self.HEADER
|
deny_attribute = self.HEADER
|
||||||
|
no_attributes_match_context = expect_not_raises()
|
||||||
# End of refactor block
|
# End of refactor block
|
||||||
|
|
||||||
with reporter.step("Allow operations for others except few operations by resource condition via APE"):
|
with reporter.step("Allow operations for others except few operations by resource condition via APE"):
|
||||||
|
|
@ -297,15 +301,15 @@ class TestApeFilters(ClusterTestBase):
|
||||||
with reporter.step("Wait for one block"):
|
with reporter.step("Wait for one block"):
|
||||||
self.wait_for_blocks()
|
self.wait_for_blocks()
|
||||||
|
|
||||||
with reporter.step("Check others cannot get and put objects without attributes"):
|
with reporter.step("Check GET, PUT and HEAD operations with objects without attributes for OTHERS role"):
|
||||||
oid = objects_without_header.pop()
|
oid = objects_without_attributes.pop()
|
||||||
with pytest.raises(Exception, match=OBJECT_ACCESS_DENIED):
|
with no_attributes_match_context:
|
||||||
assert head_object(other_wallet, cid, oid, self.shell, endpoint)
|
assert head_object(other_wallet, cid, oid, self.shell, endpoint)
|
||||||
|
|
||||||
with pytest.raises(Exception, match=OBJECT_ACCESS_DENIED):
|
with no_attributes_match_context:
|
||||||
assert get_object_from_random_node(other_wallet, cid, oid, self.shell, self.cluster)
|
assert get_object_from_random_node(other_wallet, cid, oid, self.shell, self.cluster)
|
||||||
|
|
||||||
with pytest.raises(Exception, match=OBJECT_ACCESS_DENIED):
|
with no_attributes_match_context:
|
||||||
assert put_object_to_random_node(other_wallet, file_path, cid, self.shell, self.cluster)
|
assert put_object_to_random_node(other_wallet, file_path, cid, self.shell, self.cluster)
|
||||||
|
|
||||||
with reporter.step("Create bearer token with everything allowed for others role"):
|
with reporter.step("Create bearer token with everything allowed for others role"):
|
||||||
|
|
@ -314,7 +318,7 @@ class TestApeFilters(ClusterTestBase):
|
||||||
bearer = create_bearer_token(frostfs_cli, temp_directory, cid, rule, endpoint)
|
bearer = create_bearer_token(frostfs_cli, temp_directory, cid, rule, endpoint)
|
||||||
|
|
||||||
with reporter.step("Check others can get and put objects without attributes and using bearer token"):
|
with reporter.step("Check others can get and put objects without attributes and using bearer token"):
|
||||||
oid = objects_without_header[0]
|
oid = objects_without_attributes[0]
|
||||||
with expect_not_raises():
|
with expect_not_raises():
|
||||||
head_object(other_wallet, cid, oid, self.shell, endpoint, bearer)
|
head_object(other_wallet, cid, oid, self.shell, endpoint, bearer)
|
||||||
|
|
||||||
|
|
@ -337,13 +341,13 @@ class TestApeFilters(ClusterTestBase):
|
||||||
|
|
||||||
with reporter.step("Check others cannot get and put objects without attributes matching the filter"):
|
with reporter.step("Check others cannot get and put objects without attributes matching the filter"):
|
||||||
oid = deny_objects[0]
|
oid = deny_objects[0]
|
||||||
with pytest.raises(Exception, match=OBJECT_ACCESS_DENIED):
|
with pytest.raises(Exception, match=OBJECT_NO_ACCESS):
|
||||||
head_object(other_wallet, cid, oid, self.shell, endpoint)
|
head_object(other_wallet, cid, oid, self.shell, endpoint)
|
||||||
|
|
||||||
with pytest.raises(Exception, match=OBJECT_ACCESS_DENIED):
|
with pytest.raises(Exception, match=OBJECT_NO_ACCESS):
|
||||||
assert get_object_from_random_node(other_wallet, cid, oid, file_path, self.shell, self.cluster)
|
assert get_object_from_random_node(other_wallet, cid, oid, self.shell, self.cluster)
|
||||||
|
|
||||||
with pytest.raises(Exception, match=OBJECT_ACCESS_DENIED):
|
with pytest.raises(Exception, match=OBJECT_NO_ACCESS):
|
||||||
assert put_object_to_random_node(other_wallet, file_path, cid, self.shell, self.cluster, attributes=deny_attribute)
|
assert put_object_to_random_node(other_wallet, file_path, cid, self.shell, self.cluster, attributes=deny_attribute)
|
||||||
|
|
||||||
with reporter.step("Check others can get and put objects without attributes matching the filter with bearer token"):
|
with reporter.step("Check others can get and put objects without attributes matching the filter with bearer token"):
|
||||||
|
|
|
||||||
|
|
@ -13,6 +13,7 @@ from frostfs_testlib.cli import FrostfsCli
|
||||||
from frostfs_testlib.credentials.interfaces import CredentialsProvider, User
|
from frostfs_testlib.credentials.interfaces import CredentialsProvider, User
|
||||||
from frostfs_testlib.healthcheck.interfaces import Healthcheck
|
from frostfs_testlib.healthcheck.interfaces import Healthcheck
|
||||||
from frostfs_testlib.hosting import Hosting
|
from frostfs_testlib.hosting import Hosting
|
||||||
|
from frostfs_testlib.resources import optionals
|
||||||
from frostfs_testlib.resources.common import ASSETS_DIR, COMPLEX_OBJECT_CHUNKS_COUNT, COMPLEX_OBJECT_TAIL_SIZE, SIMPLE_OBJECT_SIZE
|
from frostfs_testlib.resources.common import ASSETS_DIR, COMPLEX_OBJECT_CHUNKS_COUNT, COMPLEX_OBJECT_TAIL_SIZE, SIMPLE_OBJECT_SIZE
|
||||||
from frostfs_testlib.s3 import AwsCliClient, Boto3ClientWrapper, S3ClientWrapper, VersioningStatus
|
from frostfs_testlib.s3 import AwsCliClient, Boto3ClientWrapper, S3ClientWrapper, VersioningStatus
|
||||||
from frostfs_testlib.shell import LocalShell, Shell
|
from frostfs_testlib.shell import LocalShell, Shell
|
||||||
|
|
@ -27,7 +28,7 @@ from frostfs_testlib.storage.dataclasses.policy import PlacementPolicy
|
||||||
from frostfs_testlib.storage.dataclasses.wallet import WalletInfo
|
from frostfs_testlib.storage.dataclasses.wallet import WalletInfo
|
||||||
from frostfs_testlib.testing.cluster_test_base import ClusterTestBase
|
from frostfs_testlib.testing.cluster_test_base import ClusterTestBase
|
||||||
from frostfs_testlib.testing.parallel import parallel
|
from frostfs_testlib.testing.parallel import parallel
|
||||||
from frostfs_testlib.testing.test_control import wait_for_success
|
from frostfs_testlib.testing.test_control import run_optionally, wait_for_success
|
||||||
from frostfs_testlib.utils import env_utils, string_utils, version_utils
|
from frostfs_testlib.utils import env_utils, string_utils, version_utils
|
||||||
from frostfs_testlib.utils.file_utils import TestFile, generate_file
|
from frostfs_testlib.utils.file_utils import TestFile, generate_file
|
||||||
|
|
||||||
|
|
@ -347,6 +348,7 @@ def two_buckets(buckets_pool: list[str], s3_client: S3ClientWrapper) -> list[str
|
||||||
|
|
||||||
@allure.title("[Autouse/Session] Collect binary versions")
|
@allure.title("[Autouse/Session] Collect binary versions")
|
||||||
@pytest.fixture(scope="session", autouse=True)
|
@pytest.fixture(scope="session", autouse=True)
|
||||||
|
@run_optionally(optionals.OPTIONAL_AUTOUSE_FIXTURES_ENABLED)
|
||||||
def collect_binary_versions(hosting: Hosting, client_shell: Shell, request: pytest.FixtureRequest):
|
def collect_binary_versions(hosting: Hosting, client_shell: Shell, request: pytest.FixtureRequest):
|
||||||
environment_dir = request.config.getoption("--alluredir")
|
environment_dir = request.config.getoption("--alluredir")
|
||||||
if not environment_dir:
|
if not environment_dir:
|
||||||
|
|
@ -392,6 +394,7 @@ def session_start_time(configure_testlib):
|
||||||
|
|
||||||
@allure.title("[Autouse/Session] After deploy healthcheck")
|
@allure.title("[Autouse/Session] After deploy healthcheck")
|
||||||
@pytest.fixture(scope="session", autouse=True)
|
@pytest.fixture(scope="session", autouse=True)
|
||||||
|
@run_optionally(optionals.OPTIONAL_AUTOUSE_FIXTURES_ENABLED)
|
||||||
def after_deploy_healthcheck(cluster: Cluster):
|
def after_deploy_healthcheck(cluster: Cluster):
|
||||||
with reporter.step("Wait for cluster readiness after deploy"):
|
with reporter.step("Wait for cluster readiness after deploy"):
|
||||||
parallel(readiness_on_node, cluster.cluster_nodes)
|
parallel(readiness_on_node, cluster.cluster_nodes)
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue