Feature/acl extension operations (#17)

- Add bearer token coverage with the request filter #8
- Add eACL coverage with the request filter #9
- Add Bearer token coverage of the case with different permissions for operations in the complex operations #15 (Check Сompound Operations)
- Add eACL token coverage of the case with different permissions for operations in the complex operations
- Add latest nodes and services logs to the artifacts in case of failure #10
- Prepare neofs-testcases repository for the public #11 - new eACL and bearer token generation by rules.
- Readme update
- Fixes and additional extensions of the existed test cases
- Large file size has been changed from 20mb to 10mb
This commit is contained in:
anatoly-bogatyrev 2020-12-29 22:55:33 +03:00 committed by GitHub
parent 708bf2a012
commit fb5da3dc21
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
24 changed files with 1028 additions and 1151 deletions

View file

@ -35,7 +35,7 @@ In this case, dev-env should be running with the tested environment.
### Running an arbitrary test case
To run an arbitrary testcase, you need to run the command:
`robot --timestampoutputs --outputdir artifacts/ robot/testsuites/integration/<testsuite name>.robot `
`robot --outputdir artifacts/ robot/testsuites/integration/<testsuite name>.robot `
The following scripts are available for execution:
@ -76,7 +76,7 @@ Dev-env is not needed. But you need to install neo-go.
- `make`
- `sudo cp bin/neo-go /usr/local/bin/neo-go` or add alias path to bin/neo-go
3. To run smoke test: `robot --timestampoutputs --outputdir artifacts/ robot/testsuites/smoke/selectelcdn_smoke.robot`
3. To run smoke test: `robot --outputdir artifacts/ robot/testsuites/smoke/selectelcdn_smoke.robot`
## Generation of documentation

View file

@ -1,69 +0,0 @@
{
"records": [
{
"operation": "GET",
"action": "ALLOW",
"targets": [
{
"role": "OTHERS"
}
]
},
{
"operation": "HEAD",
"action": "ALLOW",
"targets": [
{
"role": "OTHERS"
}
]
},
{
"operation": "PUT",
"action": "ALLOW",
"targets": [
{
"role": "OTHERS"
}
]
},
{
"operation": "DELETE",
"action": "ALLOW",
"targets": [
{
"role": "OTHERS"
}
]
},
{
"operation": "SEARCH",
"action": "ALLOW",
"targets": [
{
"role": "OTHERS"
}
]
},
{
"operation": "GETRANGE",
"action": "ALLOW",
"targets": [
{
"role": "OTHERS"
}
]
},
{
"operation": "GETRANGEHASH",
"action": "ALLOW",
"targets": [
{
"role": "OTHERS"
}
]
}
]
}

View file

@ -1,132 +0,0 @@
{
"records": [
{
"operation": "GET",
"action": "ALLOW",
"targets": [
{
"keys": [ "A9tDy6Ye+UimXCCzJrlAmRE0FDZHjf3XRyya9rELtgAA" ]
}
]
},
{
"operation": "HEAD",
"action": "ALLOW",
"targets": [
{
"keys": [ "A9tDy6Ye+UimXCCzJrlAmRE0FDZHjf3XRyya9rELtgAA" ]
}
]
},
{
"operation": "PUT",
"action": "ALLOW",
"targets": [
{
"keys": [ "A9tDy6Ye+UimXCCzJrlAmRE0FDZHjf3XRyya9rELtgAA" ]
}
]
},
{
"operation": "DELETE",
"action": "ALLOW",
"targets": [
{
"keys": [ "A9tDy6Ye+UimXCCzJrlAmRE0FDZHjf3XRyya9rELtgAA" ]
}
]
},
{
"operation": "SEARCH",
"action": "ALLOW",
"targets": [
{
"keys": [ "A9tDy6Ye+UimXCCzJrlAmRE0FDZHjf3XRyya9rELtgAA" ]
}
]
},
{
"operation": "GETRANGE",
"action": "ALLOW",
"targets": [
{
"keys": [ "A9tDy6Ye+UimXCCzJrlAmRE0FDZHjf3XRyya9rELtgAA" ]
}
]
},
{
"operation": "GETRANGEHASH",
"action": "ALLOW",
"targets": [
{
"keys": [ "A9tDy6Ye+UimXCCzJrlAmRE0FDZHjf3XRyya9rELtgAA" ]
}
]
},
{
"operation": "GET",
"action": "DENY",
"targets": [
{
"role": "OTHERS"
}
]
},
{
"operation": "HEAD",
"action": "DENY",
"targets": [
{
"role": "OTHERS"
}
]
},
{
"operation": "PUT",
"action": "DENY",
"targets": [
{
"role": "OTHERS"
}
]
},
{
"operation": "DELETE",
"action": "DENY",
"targets": [
{
"role": "OTHERS"
}
]
},
{
"operation": "SEARCH",
"action": "DENY",
"targets": [
{
"role": "OTHERS"
}
]
},
{
"operation": "GETRANGE",
"action": "DENY",
"targets": [
{
"role": "OTHERS"
}
]
},
{
"operation": "GETRANGEHASH",
"action": "DENY",
"targets": [
{
"role": "OTHERS"
}
]
}
]
}

View file

@ -1,68 +0,0 @@
{
"records": [
{
"operation": "GET",
"action": "ALLOW",
"targets": [
{
"role": "SYSTEM"
}
]
},
{
"operation": "HEAD",
"action": "ALLOW",
"targets": [
{
"role": "SYSTEM"
}
]
},
{
"operation": "PUT",
"action": "ALLOW",
"targets": [
{
"role": "SYSTEM"
}
]
},
{
"operation": "DELETE",
"action": "ALLOW",
"targets": [
{
"role": "SYSTEM"
}
]
},
{
"operation": "SEARCH",
"action": "ALLOW",
"targets": [
{
"role": "SYSTEM"
}
]
},
{
"operation": "GETRANGE",
"action": "ALLOW",
"targets": [
{
"role": "SYSTEM"
}
]
},
{
"operation": "GETRANGEHASH",
"action": "ALLOW",
"targets": [
{
"role": "SYSTEM"
}
]
}
]
}

View file

@ -1,68 +0,0 @@
{
"records": [
{
"operation": "GET",
"action": "ALLOW",
"targets": [
{
"role": "USER"
}
]
},
{
"operation": "HEAD",
"action": "ALLOW",
"targets": [
{
"role": "USER"
}
]
},
{
"operation": "PUT",
"action": "ALLOW",
"targets": [
{
"role": "USER"
}
]
},
{
"operation": "DELETE",
"action": "ALLOW",
"targets": [
{
"role": "USER"
}
]
},
{
"operation": "SEARCH",
"action": "ALLOW",
"targets": [
{
"role": "USER"
}
]
},
{
"operation": "GETRANGE",
"action": "ALLOW",
"targets": [
{
"role": "USER"
}
]
},
{
"operation": "GETRANGEHASH",
"action": "ALLOW",
"targets": [
{
"role": "USER"
}
]
}
]
}

View file

@ -1,68 +0,0 @@
{
"records": [
{
"operation": "GET",
"action": "DENY",
"targets": [
{
"role": "OTHERS"
}
]
},
{
"operation": "HEAD",
"action": "DENY",
"targets": [
{
"role": "OTHERS"
}
]
},
{
"operation": "PUT",
"action": "DENY",
"targets": [
{
"role": "OTHERS"
}
]
},
{
"operation": "DELETE",
"action": "DENY",
"targets": [
{
"role": "OTHERS"
}
]
},
{
"operation": "SEARCH",
"action": "DENY",
"targets": [
{
"role": "OTHERS"
}
]
},
{
"operation": "GETRANGE",
"action": "DENY",
"targets": [
{
"role": "OTHERS"
}
]
},
{
"operation": "GETRANGEHASH",
"action": "DENY",
"targets": [
{
"role": "OTHERS"
}
]
}
]
}

View file

@ -1,68 +0,0 @@
{
"records": [
{
"operation": "GET",
"action": "DENY",
"targets": [
{
"role": "SYSTEM"
}
]
},
{
"operation": "HEAD",
"action": "DENY",
"targets": [
{
"role": "SYSTEM"
}
]
},
{
"operation": "PUT",
"action": "DENY",
"targets": [
{
"role": "SYSTEM"
}
]
},
{
"operation": "DELETE",
"action": "DENY",
"targets": [
{
"role": "SYSTEM"
}
]
},
{
"operation": "SEARCH",
"action": "DENY",
"targets": [
{
"role": "SYSTEM"
}
]
},
{
"operation": "GETRANGE",
"action": "DENY",
"targets": [
{
"role": "SYSTEM"
}
]
},
{
"operation": "GETRANGEHASH",
"action": "DENY",
"targets": [
{
"role": "SYSTEM"
}
]
}
]
}

View file

@ -1,68 +0,0 @@
{
"records": [
{
"operation": "GET",
"action": "DENY",
"targets": [
{
"role": "USER"
}
]
},
{
"operation": "HEAD",
"action": "DENY",
"targets": [
{
"role": "USER"
}
]
},
{
"operation": "PUT",
"action": "DENY",
"targets": [
{
"role": "USER"
}
]
},
{
"operation": "DELETE",
"action": "DENY",
"targets": [
{
"role": "USER"
}
]
},
{
"operation": "SEARCH",
"action": "DENY",
"targets": [
{
"role": "USER"
}
]
},
{
"operation": "GETRANGE",
"action": "DENY",
"targets": [
{
"role": "USER"
}
]
},
{
"operation": "GETRANGEHASH",
"action": "DENY",
"targets": [
{
"role": "USER"
}
]
}
]
}

View file

@ -1,21 +0,0 @@
{
"records": [
{
"operation": "GET",
"action": "DENY",
"filters": [
{
"headerType": "OBJECT",
"matchType": "STRING_NOT_EQUAL",
"key": "$Object:objectID",
"value": "X"
}
],
"targets": [
{
"role": "OTHERS"
}
]
}
]
}

View file

@ -1,68 +0,0 @@
{
"records": [
{
"operation": "GET",
"action": "DENY",
"targets": [
{
"role": "OTHERS"
}
]
},
{
"operation": "HEAD",
"action": "DENY",
"targets": [
{
"role": "OTHERS"
}
]
},
{
"operation": "PUT",
"action": "DENY",
"targets": [
{
"role": "OTHERS"
}
]
},
{
"operation": "DELETE",
"action": "DENY",
"targets": [
{
"role": "OTHERS"
}
]
},
{
"operation": "SEARCH",
"action": "DENY",
"targets": [
{
"role": "OTHERS"
}
]
},
{
"operation": "GETRANGE",
"action": "DENY",
"targets": [
{
"role": "OTHERS"
}
]
},
{
"operation": "GETRANGEHASH",
"action": "DENY",
"targets": [
{
"role": "OTHERS"
}
]
}
]
}

View file

@ -13,6 +13,7 @@ import base64
import base58
import docker
import json
import tarfile
if os.getenv('ROBOT_PROFILE') == 'selectel_smoke':
from selectelcdn_smoke_vars import (NEOGO_CLI_PREFIX, NEO_MAINNET_ENDPOINT,
@ -166,7 +167,7 @@ def get_eacl(private_key: str, cid: str):
except subprocess.CalledProcessError as e:
if re.search(r'extended ACL table is not set for this container', e.output):
logger.info("Server is not presented in container.")
logger.info("Extended ACL table is not set for this container.")
else:
raise Exception("command '{}' return with error (code {}): {}".format(e.cmd, e.returncode, e.output))
@ -184,329 +185,99 @@ def set_eacl(private_key: str, cid: str, eacl: str, add_keys: str = ""):
@keyword('Form BearerToken file for all ops')
def form_bearertoken_file_for_all_ops(file_name: str, private_key: str, cid: str, action: str, target_role: str, lifetime_exp: str ):
@keyword('Form BearerToken file')
def form_bearertoken_file(private_key: str, cid: str, file_name: str, eacl_oper_list, lifetime_exp: str ):
cid_base58_b = base58.b58decode(cid)
cid_base64 = base64.b64encode(cid_base58_b).decode("utf-8")
eacl = get_eacl(private_key, cid)
input_records = ""
json_eacl = {}
if eacl:
res_json = re.split(r'[\s\n]+Signature:', eacl)
input_eacl = res_json[0].replace('eACL: ', '')
json_eacl = json.loads(input_eacl)
eacl_result = {"body":{ "eaclTable": { "containerID": { "value": cid_base64 }, "records": [] }, "lifetime": {"exp": lifetime_exp, "nbf": "1", "iat": "0"} } }
if eacl_oper_list:
for record in eacl_oper_list:
op_data = dict()
if record['Role'] == "USER" or record['Role'] == "SYSTEM" or record['Role'] == "OTHERS":
op_data = {"operation":record['Operation'],"action":record['Access'],"filters": [],"targets":[{"role":record['Role']}]}
else:
op_data = {"operation":record['Operation'],"action":record['Access'],"filters": [],"targets":[{"keys": [ record['Role'] ]}]}
if 'Filters' in record.keys():
op_data["filters"].append(record['Filters'])
eacl_result["body"]["eaclTable"]["records"].append(op_data)
# Add records from current eACL
if "records" in json_eacl.keys():
for record in json_eacl["records"]:
eacl_result["body"]["eaclTable"]["records"].append(record)
with open(file_name, 'w', encoding='utf-8') as f:
json.dump(eacl_result, f, ensure_ascii=False, indent=4)
logger.info(eacl_result)
# Sign bearer token
Cmd = f'neofs-cli util sign bearer-token --from {file_name} --to {file_name} --key {private_key} --json'
logger.info("Cmd: %s" % Cmd)
try:
complProc = subprocess.run(Cmd, check=True, universal_newlines=True,
stdout=subprocess.PIPE, stderr=subprocess.PIPE, timeout=15, shell=True)
output = complProc.stdout
logger.info("Output: %s" % str(output))
except subprocess.CalledProcessError as e:
raise Exception("command '{}' return with error (code {}): {}".format(e.cmd, e.returncode, e.output))
return file_name
@keyword('Form eACL json common file')
def form_eacl_json_common_file(file_name, eacl_oper_list ):
# Input role can be Role (USER, SYSTEM, OTHERS) or public key.
cid_base58_b = base58.b58decode(cid)
cid_base64 = base64.b64encode(cid_base58_b).decode("utf-8")
eacl = {"records":[]}
if eacl:
res_json = re.split(r'[\s\n]+\][\s\n]+\}[\s\n]+Signature:', eacl)
records = re.split(r'"records": \[', res_json[0])
input_records = ",\n" + records[1]
logger.info(eacl_oper_list)
myjson = """
{
"body": {
"eaclTable": {
"containerID": {
"value": \"""" + str(cid_base64) + """"
},
"records": [
{
"operation": "GET",
"action": \"""" + action + """",
"targets": [
{
"role": \"""" + target_role + """"
}
]
},
{
"operation": "PUT",
"action": \"""" + action + """",
"targets": [
{
"role": \"""" + target_role + """"
}
]
},
{
"operation": "HEAD",
"action": \"""" + action + """",
"targets": [
{
"role": \"""" + target_role + """"
}
]
},
{
"operation": "DELETE",
"action": \"""" + action + """",
"targets": [
{
"role": \"""" + target_role + """"
}
]
},
{
"operation": "SEARCH",
"action": \"""" + action + """",
"targets": [
{
"role": \"""" + target_role + """"
}
]
},
{
"operation": "GETRANGE",
"action": \"""" + action + """",
"targets": [
{
"role": \"""" + target_role + """"
}
]
},
{
"operation": "GETRANGEHASH",
"action": \"""" + action + """",
"targets": [
{
"role": \"""" + target_role + """"
}
]
}""" + input_records + """
]
},
"lifetime": {
"exp": \"""" + lifetime_exp + """",
"nbf": "1",
"iat": "0"
}
}
}
"""
with open(file_name,'w') as out:
out.write(myjson)
logger.info("Output: %s" % myjson)
if eacl_oper_list:
for record in eacl_oper_list:
op_data = dict()
# Sign bearer token
Cmd = f'neofs-cli util sign bearer-token --from {file_name} --to {file_name} --key {private_key} --json'
logger.info("Cmd: %s" % Cmd)
if record['Role'] == "USER" or record['Role'] == "SYSTEM" or record['Role'] == "OTHERS":
op_data = {"operation":record['Operation'],"action":record['Access'],"filters": [],"targets":[{"role":record['Role']}]}
else:
op_data = {"operation":record['Operation'],"action":record['Access'],"filters": [],"targets":[{"keys": [ record['Role'] ]}]}
if 'Filters' in record.keys():
op_data["filters"].append(record['Filters'])
try:
complProc = subprocess.run(Cmd, check=True, universal_newlines=True,
stdout=subprocess.PIPE, stderr=subprocess.PIPE, timeout=15, shell=True)
output = complProc.stdout
logger.info("Output: %s" % str(output))
except subprocess.CalledProcessError as e:
raise Exception("command '{}' return with error (code {}): {}".format(e.cmd, e.returncode, e.output))
eacl["records"].append(op_data)
logger.info(eacl)
with open(file_name, 'w', encoding='utf-8') as f:
json.dump(eacl, f, ensure_ascii=False, indent=4)
return file_name
@keyword('Form BearerToken file filter for all ops')
def form_bearertoken_file_filter_for_all_ops(file_name: str, private_key: str, cid: str, action: str, target_role: str, lifetime_exp: str, matchType: str, key: str, value: str):
# SEARCH should be allowed without filters to use GET, HEAD, DELETE, and SEARCH? Need to clarify.
eacl = get_eacl(private_key, cid)
cid_base58_b = base58.b58decode(cid)
cid_base64 = base64.b64encode(cid_base58_b).decode("utf-8")
input_records = ""
if eacl:
res_json = re.split(r'[\s\n]+\][\s\n]+\}[\s\n]+Signature:', eacl)
records = re.split(r'"records": \[', res_json[0])
input_records = ",\n" + records[1]
myjson = """
{
"body": {
"eaclTable": {
"containerID": {
"value": \"""" + str(cid_base64) + """"
},
"records": [
{
"operation": "GET",
"action": \"""" + action + """",
"filters": [
{
"headerType": "OBJECT",
"matchType": \"""" + matchType + """",
"key": \"""" + key + """",
"value": \"""" + value + """"
}
],
"targets": [
{
"role": \"""" + target_role + """"
}
]
},
{
"operation": "PUT",
"action": \"""" + action + """",
"filters": [
{
"headerType": "OBJECT",
"matchType": \"""" + matchType + """",
"key": \"""" + key + """",
"value": \"""" + value + """"
}
],
"targets": [
{
"role": \"""" + target_role + """"
}
]
},
{
"operation": "HEAD",
"action": \"""" + action + """",
"filters": [
{
"headerType": "OBJECT",
"matchType": \"""" + matchType + """",
"key": \"""" + key + """",
"value": \"""" + value + """"
}
],
"targets": [
{
"role": \"""" + target_role + """"
}
]
},
{
"operation": "DELETE",
"action": \"""" + action + """",
"filters": [
{
"headerType": "OBJECT",
"matchType": \"""" + matchType + """",
"key": \"""" + key + """",
"value": \"""" + value + """"
}
],
"targets": [
{
"role": \"""" + target_role + """"
}
]
},
{
"operation": "SEARCH",
"action": \"""" + action + """",
"targets": [
{
"role": \"""" + target_role + """"
}
]
},
{
"operation": "GETRANGE",
"action": \"""" + action + """",
"filters": [
{
"headerType": "OBJECT",
"matchType": \"""" + matchType + """",
"key": \"""" + key + """",
"value": \"""" + value + """"
}
],
"targets": [
{
"role": \"""" + target_role + """"
}
]
},
{
"operation": "GETRANGEHASH",
"action": \"""" + action + """",
"filters": [
{
"headerType": "OBJECT",
"matchType": \"""" + matchType + """",
"key": \"""" + key + """",
"value": \"""" + value + """"
}
],
"targets": [
{
"role": \"""" + target_role + """"
}
]
}""" + input_records + """
]
},
"lifetime": {
"exp": \"""" + lifetime_exp + """",
"nbf": "1",
"iat": "0"
}
}
}
"""
with open(file_name,'w') as out:
out.write(myjson)
logger.info("Output: %s" % myjson)
# Sign bearer token
Cmd = f'neofs-cli util sign bearer-token --from {file_name} --to {file_name} --key {private_key} --json'
logger.info("Cmd: %s" % Cmd)
try:
complProc = subprocess.run(Cmd, check=True, universal_newlines=True,
stdout=subprocess.PIPE, stderr=subprocess.PIPE, timeout=15, shell=True)
output = complProc.stdout
logger.info("Output: %s" % str(output))
except subprocess.CalledProcessError as e:
raise Exception("command '{}' return with error (code {}): {}".format(e.cmd, e.returncode, e.output))
return file_name
@keyword('Form eACL json file')
def form_eacl_json_file(file_name: str, operation: str, action: str, matchType: str, key: str, value: str, target_role: str):
myjson = """
{
"records": [
{
"operation": \"""" + operation + """",
"action": \"""" + action + """",
"filters": [
{
"headerType": "OBJECT",
"matchType": \"""" + matchType + """",
"key": \"""" + key + """",
"value": \"""" + value + """"
}
],
"targets": [
{
"role": \"""" + target_role + """"
}
]
}
]
}
"""
with open(file_name,'w') as out:
out.write(myjson)
logger.info("Output: %s" % myjson)
return file_name
@keyword('Get Range')
def get_range(private_key: str, cid: str, oid: str, range_file: str, bearer: str, range_cut: str):
def get_range(private_key: str, cid: str, oid: str, range_file: str, bearer: str, range_cut: str, options:str=""):
bearer_token = ""
if bearer:
bearer_token = f"--bearer {bearer}"
Cmd = f'neofs-cli --rpc-endpoint {NEOFS_ENDPOINT} --key {private_key} object range --cid {cid} --oid {oid} {bearer_token} --range {range_cut} --file {range_file} '
Cmd = f'neofs-cli --rpc-endpoint {NEOFS_ENDPOINT} --key {private_key} object range --cid {cid} --oid {oid} {bearer_token} --range {range_cut} --file {range_file} {options}'
logger.info("Cmd: %s" % Cmd)
try:
@ -582,7 +353,7 @@ def generate_file_of_bytes(size):
@keyword('Search object')
def search_object(private_key: str, cid: str, keys: str, bearer: str, filters: str, *expected_objects_list ):
def search_object(private_key: str, cid: str, keys: str, bearer: str, filters: str, expected_objects_list=[], options:str=""):
bearer_token = ""
if bearer:
@ -591,7 +362,7 @@ def search_object(private_key: str, cid: str, keys: str, bearer: str, filters: s
if filters:
filters = f"--filters {filters}"
ObjectCmd = f'neofs-cli --rpc-endpoint {NEOFS_ENDPOINT} --key {private_key} object search {keys} --cid {cid} {bearer_token} {filters}'
ObjectCmd = f'neofs-cli --rpc-endpoint {NEOFS_ENDPOINT} --key {private_key} object search {keys} --cid {cid} {bearer_token} {filters} {options}'
logger.info("Cmd: %s" % ObjectCmd)
try:
complProc = subprocess.run(ObjectCmd, check=True, universal_newlines=True,
@ -733,6 +504,26 @@ def _verify_child_link(private_key: str, cid: str, oid: str, header_last_parsed:
return final_verif_data
@keyword('Get Docker Logs')
def get_container_logs(testcase_name: str):
#client = docker.APIClient()
client = docker.from_env()
tar_name = "artifacts/dockerlogs("+testcase_name+").tar.gz"
tar = tarfile.open(tar_name, "w:gz")
for container in client.containers.list():
file_name = "artifacts/docker_log_" + container.name
with open(file_name,'wb') as out:
out.write(container.logs())
logger.info(container.name)
tar.add(file_name)
os.remove(file_name)
tar.close()
return 1
@keyword('Verify Head Tombstone')
def verify_head_tombstone(private_key: str, cid: str, oid_ts: str, oid: str, addr: str):
@ -793,8 +584,7 @@ def _json_cli_decode(data: str):
return base58.b58encode(base64.b64decode(data)).decode("utf-8")
@keyword('Head object')
def head_object(private_key: str, cid: str, oid: str, bearer_token: str="", user_headers:str="", keys:str="", endpoint: str="", ignore_failure: bool = False):
options = ""
def head_object(private_key: str, cid: str, oid: str, bearer_token: str="", user_headers:str="", options:str="", endpoint: str="", ignore_failure: bool = False):
if bearer_token:
bearer_token = f"--bearer {bearer_token}"
@ -802,7 +592,7 @@ def head_object(private_key: str, cid: str, oid: str, bearer_token: str="", user
if endpoint == "":
endpoint = NEOFS_ENDPOINT
ObjectCmd = f'neofs-cli --rpc-endpoint {endpoint} --key {private_key} object head --cid {cid} --oid {oid} {bearer_token} {keys}'
ObjectCmd = f'neofs-cli --rpc-endpoint {endpoint} --key {private_key} object head --cid {cid} --oid {oid} {bearer_token} {options}'
logger.info("Cmd: %s" % ObjectCmd)
try:
complProc = subprocess.run(ObjectCmd, check=True, universal_newlines=True,
@ -941,13 +731,13 @@ def parse_object_system_header(header: str):
@keyword('Delete object')
def delete_object(private_key: str, cid: str, oid: str, bearer: str):
def delete_object(private_key: str, cid: str, oid: str, bearer: str, options: str=""):
bearer_token = ""
if bearer:
bearer_token = f"--bearer {bearer}"
ObjectCmd = f'neofs-cli --rpc-endpoint {NEOFS_ENDPOINT} --key {private_key} object delete --cid {cid} --oid {oid} {bearer_token}'
ObjectCmd = f'neofs-cli --rpc-endpoint {NEOFS_ENDPOINT} --key {private_key} object delete --cid {cid} --oid {oid} {bearer_token} {options}'
logger.info("Cmd: %s" % ObjectCmd)
try:
complProc = subprocess.run(ObjectCmd, check=True, universal_newlines=True,
@ -997,7 +787,7 @@ def cleanup_file(*filename_list):
@keyword('Put object to NeoFS')
def put_object(private_key: str, path: str, cid: str, bearer: str, user_headers: str, endpoint: str="" ):
def put_object(private_key: str, path: str, cid: str, bearer: str, user_headers: str, endpoint: str="", options: str="" ):
logger.info("Going to put the object")
if not endpoint:
@ -1009,7 +799,7 @@ def put_object(private_key: str, path: str, cid: str, bearer: str, user_headers:
if bearer:
bearer = f"--bearer {bearer}"
putObjectCmd = f'neofs-cli --rpc-endpoint {endpoint} --key {private_key} object put --file {path} --cid {cid} {bearer} {user_headers}'
putObjectCmd = f'neofs-cli --rpc-endpoint {endpoint} --key {private_key} object put --file {path} --cid {cid} {bearer} {user_headers} {options}'
logger.info("Cmd: %s" % putObjectCmd)
try:
@ -1024,12 +814,12 @@ def put_object(private_key: str, path: str, cid: str, bearer: str, user_headers:
@keyword('Get Range Hash')
def get_range_hash(private_key: str, cid: str, oid: str, bearer_token: str, range_cut: str):
def get_range_hash(private_key: str, cid: str, oid: str, bearer_token: str, range_cut: str, options: str=""):
if bearer_token:
bearer_token = f"--bearer {bearer}"
bearer_token = f"--bearer {bearer_token}"
ObjectCmd = f'neofs-cli --rpc-endpoint {NEOFS_ENDPOINT} --key {private_key} object hash --cid {cid} --oid {oid} --range {range_cut} {bearer_token}'
ObjectCmd = f'neofs-cli --rpc-endpoint {NEOFS_ENDPOINT} --key {private_key} object hash --cid {cid} --oid {oid} --range {range_cut} {bearer_token} {options}'
logger.info("Cmd: %s" % ObjectCmd)
try:
@ -1041,8 +831,7 @@ def get_range_hash(private_key: str, cid: str, oid: str, bearer_token: str, rang
@keyword('Get object from NeoFS')
def get_object(private_key: str, cid: str, oid: str, bearer_token: str, read_object: str, endpoint: str="" ):
# TODO: add object return instead of read_object (uuid)
def get_object(private_key: str, cid: str, oid: str, bearer_token: str, write_object: str, endpoint: str="", options: str="" ):
logger.info("Going to put the object")
@ -1053,7 +842,7 @@ def get_object(private_key: str, cid: str, oid: str, bearer_token: str, read_obj
if bearer_token:
bearer_token = f"--bearer {bearer_token}"
ObjectCmd = f'neofs-cli --rpc-endpoint {endpoint} --key {private_key} object get --cid {cid} --oid {oid} --file {read_object} {bearer_token}'
ObjectCmd = f'neofs-cli --rpc-endpoint {endpoint} --key {private_key} object get --cid {cid} --oid {oid} --file {write_object} {bearer_token} {options}'
logger.info("Cmd: %s" % ObjectCmd)
try:

View file

@ -10,4 +10,5 @@ HTTP_GATE = 'http://http.neofs.devenv'
S3_GATE = 'https://s3.neofs.devenv:8080'
NEOFS_NETMAP = ['s01.neofs.devenv:8080', 's02.neofs.devenv:8080','s03.neofs.devenv:8080','s04.neofs.devenv:8080']
GAS_HASH = '0xb5df804bbadefea726afb5d3f4e8a6f6d32d2a20'
GAS_HASH = '0xa6a6c15dcdc9b997dac448b6926522d22efeedfb'
NEOFS_CONTRACT = "e11db12b0df3b3c05e6ed5f85e5cf53236e9dbeb"

View file

@ -15,14 +15,14 @@ import robot.errors
from robot.libraries.BuiltIn import BuiltIn
ROBOT_AUTO_KEYWORDS = False
NEOFS_CONTRACT = "ce96811ca25577c058484dab10dd8db2defc5eed"
if os.getenv('ROBOT_PROFILE') == 'selectel_smoke':
from selectelcdn_smoke_vars import (NEOGO_CLI_PREFIX, NEO_MAINNET_ENDPOINT,
NEOFS_NEO_API_ENDPOINT, NEOFS_ENDPOINT, GAS_HASH)
NEOFS_NEO_API_ENDPOINT, NEOFS_ENDPOINT, GAS_HASH, NEOFS_CONTRACT)
else:
from neofs_int_vars import (NEOGO_CLI_PREFIX, NEO_MAINNET_ENDPOINT,
NEOFS_NEO_API_ENDPOINT, NEOFS_ENDPOINT, GAS_HASH)
NEOFS_NEO_API_ENDPOINT, NEOFS_ENDPOINT, GAS_HASH, NEOFS_CONTRACT)
@keyword('Init wallet')
@ -141,8 +141,10 @@ def mainnet_balance(address: str):
status code: {response.status_code} {response.reason}""")
m = re.search(rf'"{GAS_HASH}","amount":"([\d\.]+)"', response.text)
if not m.start() != m.end():
raise Exception("Can not get mainnet gas balance.")
if not m:
raise Exception("Can not get mainnet gas balance. Output: %s" % response.text )
else:
logger.info("Output: %s" % response.text)
amount = m.group(1)

View file

@ -10,4 +10,5 @@ HTTP_GATE = 'http://92.53.71.51:38080'
S3_GATE = 'https://92.53.71.51:28080'
NEOFS_NETMAP = ['92.53.71.51:18080', '92.53.71.52:18080','92.53.71.53:18080','92.53.71.54:18080', '92.53.71.55:18080']
GAS_HASH = '668e0c1f9d7b70a99dd9e06eadd4c784d641afbc'
GAS_HASH = '668e0c1f9d7b70a99dd9e06eadd4c784d641afbc'
NEOFS_CONTRACT = "ce96811ca25577c058484dab10dd8db2defc5eed"

View file

@ -107,8 +107,6 @@ Generate file
Check Private Container
# Check Private:
# Expected: User - pass, Other - fail, System(IR) - pass (+ System(Container node) - pass, Non-container node - fail).
# Put
${S_OID_USER} = Put object to NeoFS ${USER_KEY} ${FILE_S} ${PRIV_CID} ${EMPTY} ${EMPTY}
Run Keyword And Expect Error *
@ -118,14 +116,11 @@ Check Private Container
${S_OID_SYS_SN} = Put object to NeoFS ${SYSTEM_KEY_SN} ${FILE_S} ${PRIV_CID} ${EMPTY} ${EMPTY}
# Get
Get object from NeoFS ${USER_KEY} ${PRIV_CID} ${S_OID_USER} ${EMPTY} s_file_read
Run Keyword And Expect Error *
... Get object from NeoFS ${OTHER_KEY} ${PRIV_CID} ${S_OID_USER} ${EMPTY} s_file_read
Run Keyword And Expect Error *
... Get object from NeoFS ${SYSTEM_KEY_IR} ${PRIV_CID} ${S_OID_USER} ${EMPTY} s_file_read
Get object from NeoFS ${SYSTEM_KEY_IR} ${PRIV_CID} ${S_OID_USER} ${EMPTY} s_file_read
Get object from NeoFS ${SYSTEM_KEY_SN} ${PRIV_CID} ${S_OID_USER} ${EMPTY} s_file_read
# Get Range
@ -146,11 +141,11 @@ Check Private Container
# Search
@{S_OBJ_PRIV} = Create List ${S_OID_USER} ${S_OID_SYS_SN}
Search object ${USER_KEY} ${PRIV_CID} ${EMPTY} ${EMPTY} ${EMPTY} @{S_OBJ_PRIV}
Search object ${USER_KEY} ${PRIV_CID} ${EMPTY} ${EMPTY} ${EMPTY} ${S_OBJ_PRIV}
Run Keyword And Expect Error *
... Search object ${OTHER_KEY} ${PRIV_CID} ${EMPTY} ${EMPTY} ${EMPTY} @{S_OBJ_PRIV}
Search object ${SYSTEM_KEY_IR} ${PRIV_CID} ${EMPTY} ${EMPTY} ${EMPTY} @{S_OBJ_PRIV}
Search object ${SYSTEM_KEY_SN} ${PRIV_CID} ${EMPTY} ${EMPTY} ${EMPTY} @{S_OBJ_PRIV}
... Search object ${OTHER_KEY} ${PRIV_CID} ${EMPTY} ${EMPTY} ${EMPTY} ${S_OBJ_PRIV}
Search object ${SYSTEM_KEY_IR} ${PRIV_CID} ${EMPTY} ${EMPTY} ${EMPTY} ${S_OBJ_PRIV}
Search object ${SYSTEM_KEY_SN} ${PRIV_CID} ${EMPTY} ${EMPTY} ${EMPTY} ${S_OBJ_PRIV}
# Head
@ -176,7 +171,6 @@ Check Public Container
# Put
${S_OID_USER} = Put object to NeoFS ${USER_KEY} ${FILE_S} ${PUBLIC_CID} ${EMPTY} ${EMPTY}
${S_OID_OTHER} = Put object to NeoFS ${OTHER_KEY} ${FILE_S} ${PUBLIC_CID} ${EMPTY} ${EMPTY}
# https://github.com/nspcc-dev/neofs-node/issues/178
${S_OID_SYS_IR} = Put object to NeoFS ${SYSTEM_KEY_IR} ${FILE_S} ${PUBLIC_CID} ${EMPTY} ${EMPTY}
${S_OID_SYS_SN} = Put object to NeoFS ${SYSTEM_KEY_SN} ${FILE_S} ${PUBLIC_CID} ${EMPTY} ${EMPTY}
@ -201,10 +195,10 @@ Check Public Container
# Search
@{S_OBJ_PRIV} = Create List ${S_OID_USER} ${S_OID_OTHER} ${S_OID_SYS_SN} ${S_OID_SYS_IR}
Search object ${USER_KEY} ${PUBLIC_CID} ${EMPTY} ${EMPTY} ${EMPTY} @{S_OBJ_PRIV}
Search object ${OTHER_KEY} ${PUBLIC_CID} ${EMPTY} ${EMPTY} ${EMPTY} @{S_OBJ_PRIV}
Search object ${SYSTEM_KEY_IR} ${PUBLIC_CID} ${EMPTY} ${EMPTY} ${EMPTY} @{S_OBJ_PRIV}
Search object ${SYSTEM_KEY_SN} ${PUBLIC_CID} ${EMPTY} ${EMPTY} ${EMPTY} @{S_OBJ_PRIV}
Search object ${USER_KEY} ${PUBLIC_CID} ${EMPTY} ${EMPTY} ${EMPTY} ${S_OBJ_PRIV}
Search object ${OTHER_KEY} ${PUBLIC_CID} ${EMPTY} ${EMPTY} ${EMPTY} ${S_OBJ_PRIV}
Search object ${SYSTEM_KEY_IR} ${PUBLIC_CID} ${EMPTY} ${EMPTY} ${EMPTY} ${S_OBJ_PRIV}
Search object ${SYSTEM_KEY_SN} ${PUBLIC_CID} ${EMPTY} ${EMPTY} ${EMPTY} ${S_OBJ_PRIV}
# Head
Head object ${USER_KEY} ${PUBLIC_CID} ${S_OID_USER} ${EMPTY} ${EMPTY}
@ -224,7 +218,6 @@ Check Public Container
# Delete
# https://github.com/nspcc-dev/neofs-node/issues/178
Delete object ${USER_KEY} ${PUBLIC_CID} ${S_OID_SYS_IR} ${EMPTY}
Delete object ${OTHER_KEY} ${PUBLIC_CID} ${S_OID_SYS_SN} ${EMPTY}
Delete object ${SYSTEM_KEY_IR} ${PUBLIC_CID} ${S_OID_USER} ${EMPTY}
@ -263,10 +256,10 @@ Check Read-Only Container
# Search
@{S_OBJ_RO} = Create List ${S_OID_USER} ${S_OID_SYS_SN}
Search object ${USER_KEY} ${READONLY_CID} ${EMPTY} ${EMPTY} ${EMPTY} @{S_OBJ_RO}
Search object ${OTHER_KEY} ${READONLY_CID} ${EMPTY} ${EMPTY} ${EMPTY} @{S_OBJ_RO}
Search object ${SYSTEM_KEY_IR} ${READONLY_CID} ${EMPTY} ${EMPTY} ${EMPTY} @{S_OBJ_RO}
Search object ${SYSTEM_KEY_SN} ${READONLY_CID} ${EMPTY} ${EMPTY} ${EMPTY} @{S_OBJ_RO}
Search object ${USER_KEY} ${READONLY_CID} ${EMPTY} ${EMPTY} ${EMPTY} ${S_OBJ_RO}
Search object ${OTHER_KEY} ${READONLY_CID} ${EMPTY} ${EMPTY} ${EMPTY} ${S_OBJ_RO}
Search object ${SYSTEM_KEY_IR} ${READONLY_CID} ${EMPTY} ${EMPTY} ${EMPTY} ${S_OBJ_RO}
Search object ${SYSTEM_KEY_SN} ${READONLY_CID} ${EMPTY} ${EMPTY} ${EMPTY} ${S_OBJ_RO}
# Head
@ -287,5 +280,6 @@ Check Read-Only Container
Cleanup
@{CLEANUP_FILES} = Create List ${FILE_S} s_file_read s_get_range
Cleanup Files @{CLEANUP_FILES}
@{CLEANUP_FILES} = Create List ${FILE_S} s_file_read s_get_range
Cleanup Files @{CLEANUP_FILES}
Get Docker Logs acl_basic

View file

@ -21,7 +21,6 @@ BearerToken Operations
Generate Keys
Prepare eACL Role rules
Log Check Bearer token with simple object
Generate file 1024
Check Container Inaccessible and Allow All Bearer
@ -29,16 +28,26 @@ BearerToken Operations
Check eACL Deny and Allow All Bearer Filter OID Equal
Check eACL Deny and Allow All Bearer Filter OID NotEqual
Check eACL Deny and Allow All Bearer Filter UserHeader Equal
Check eACL Deny and Allow All Bearer Filter UserHeader NotEqual
Check eACL Allow All Bearer Filter Requst Equal Deny
Check eACL Deny and Allow All Bearer Filter Requst Equal
Check eACL Deny and Allow All Bearer Filter Requst NotEqual
Check Сompound Operations
# TODO:
Log Check Bearer token with complex object
Cleanup Files ${FILE_S}
Generate file 20e+6
Generate file 10e+6
Check Container Inaccessible and Allow All Bearer
Check eACL Deny and Allow All Bearer
Check eACL Deny and Allow All Bearer Filter OID Equal
Check eACL Deny and Allow All Bearer Filter OID NotEqual
Check eACL Deny and Allow All Bearer Filter UserHeader Equal
Check eACL Deny and Allow All Bearer Filter UserHeader NotEqual
Check eACL Deny and Allow All Bearer Filter Requst Equal
Check eACL Deny and Allow All Bearer Filter Requst NotEqual
Check Сompound Operations
[Teardown] Cleanup
@ -58,9 +67,9 @@ Generate Keys
${OTHER_KEY_GEN} = Dump PrivKey ${WALLET_OTH} ${ADDR_OTH}
${EACL_KEY_GEN} = Form WIF from String 782676b81a35c5f07325ec523e8521ee4946b6e5d4c6cd652dd0c3ba51ce03de
${SYSTEM_KEY_GEN} = Form WIF from String c428b4a06f166fde9f8afcf918194acdde35aa2612ecf42fe0c94273425ded21
${SYSTEM_KEY_GEN_SN} = Form WIF from String 0fa21a94be2227916284e4b3495180d9c93d04f095fe9d5a86f22044f5c411d2
${EACL_KEY_GEN} = Form WIF from String 782676b81a35c5f07325ec523e8521ee4946b6e5d4c6cd652dd0c3ba51ce03de
${SYSTEM_KEY_GEN} = Form WIF from String c428b4a06f166fde9f8afcf918194acdde35aa2612ecf42fe0c94273425ded21
${SYSTEM_KEY_GEN_SN} = Form WIF from String 0fa21a94be2227916284e4b3495180d9c93d04f095fe9d5a86f22044f5c411d2
Set Global Variable ${USER_KEY} ${USER_KEY_GEN}
Set Global Variable ${OTHER_KEY} ${OTHER_KEY_GEN}
@ -89,8 +98,6 @@ Payment Operations
Get Transaction ${TX_DEPOSIT}
Create Container Public
Log Create Public Container
${PUBLIC_CID_GEN} = Create container ${USER_KEY} 0x0FFFFFFF
@ -103,7 +110,6 @@ Create Container Inaccessible
[Return] ${PUBLIC_CID_GEN}
Generate file
[Arguments] ${SIZE}
@ -113,77 +119,101 @@ Generate file
Prepare eACL Role rules
Log Set eACL for different Role cases
Set Global Variable ${EACL_DENY_ALL_OTHER} robot/resources/lib/eacl/eacl_encoded_deny_all
Set Global Variable ${EACL_ALLOW_ALL_OTHER} robot/resources/lib/eacl/eacl_encoded_allow_all
Set Global Variable ${EACL_DENY_ALL_USER} robot/resources/lib/eacl/eacl_encoded_deny_all_user
Set Global Variable ${EACL_ALLOW_ALL_USER} robot/resources/lib/eacl/eacl_encoded_allow_all_user
Set Global Variable ${EACL_DENY_ALL_SYSTEM} robot/resources/lib/eacl/eacl_encoded_deny_all_sys
Set Global Variable ${EACL_ALLOW_ALL_SYSTEM} robot/resources/lib/eacl/eacl_encoded_allow_all_sys
Set Global Variable ${EACL_ALLOW_ALL_Pubkey} robot/resources/lib/eacl/eacl_encoded_allow_all_pubkey
# eACL rules for all operations and similar permissions
@{Roles} = Create List OTHERS USER SYSTEM
FOR ${role} IN @{Roles}
${rule1} = Create Dictionary Operation=GET Access=DENY Role=${role}
${rule2} = Create Dictionary Operation=HEAD Access=DENY Role=${role}
${rule3} = Create Dictionary Operation=PUT Access=DENY Role=${role}
${rule4} = Create Dictionary Operation=DELETE Access=DENY Role=${role}
${rule5} = Create Dictionary Operation=SEARCH Access=DENY Role=${role}
${rule6} = Create Dictionary Operation=GETRANGE Access=DENY Role=${role}
${rule7} = Create Dictionary Operation=GETRANGEHASH Access=DENY Role=${role}
${eACL_gen} = Create List ${rule1} ${rule2} ${rule3} ${rule4} ${rule5} ${rule6} ${rule7}
Form eACL json common file gen_eacl_deny_all_${role} ${eACL_gen}
Set Global Variable ${EACL_DENY_ALL_${role}} gen_eacl_deny_all_${role}
END
Check Container Inaccessible and Allow All Bearer
${CID} = Create Container Inaccessible
Run Keyword And Expect Error *
... Put object to NeoFS ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER}
... Put object to NeoFS ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER}
Run Keyword And Expect Error *
... Search object ${USER_KEY} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER}
Form BearerToken file for all ops bearer_allow_all_user ${USER_KEY} ${CID} ALLOW USER 100500
... Get object from NeoFS ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl
Run Keyword And Expect Error *
... Search object ${USER_KEY} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER}
Run Keyword And Expect Error *
... Head object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY}
Run Keyword And Expect Error *
... Get Range ${USER_KEY} ${CID} ${S_OID_USER} s_get_range ${EMPTY} 0:256
Run Keyword And Expect Error *
... Delete object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY}
${rule1}= Create Dictionary Operation=PUT Access=ALLOW Role=USER
${rule2}= Create Dictionary Operation=SEARCH Access=ALLOW Role=USER
${eACL_gen}= Create List ${rule1} ${rule2}
Form BearerToken file ${USER_KEY} ${CID} bearer_allow_all_user ${eACL_gen} 100500
Run Keyword And Expect Error *
... Put object to NeoFS ${USER_KEY} ${FILE_S} ${CID} bearer_allow_all_user ${FILE_USR_HEADER}
... Put object to NeoFS ${USER_KEY} ${FILE_S} ${CID} bearer_allow_all_user ${FILE_USR_HEADER}
Run Keyword And Expect Error *
... Search object ${USER_KEY} ${CID} ${EMPTY} bearer_allow_all_user ${FILE_USR_HEADER}
... Search object ${USER_KEY} ${CID} ${EMPTY} bearer_allow_all_user ${FILE_USR_HEADER}
Check eACL Deny and Allow All Bearer
${CID} = Create Container Public
${S_OID_USER} = Put object to NeoFS ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER}
${D_OID_USER} = Put object to NeoFS ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER_DEL}
${S_OID_USER} = Put object to NeoFS ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER}
${D_OID_USER} = Put object to NeoFS ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER_DEL}
@{S_OBJ_H} = Create List ${S_OID_USER}
Put object to NeoFS ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_OTH_HEADER}
Get object from NeoFS ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl
Search object ${USER_KEY} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER} @{S_OBJ_H}
Head object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY}
Get Range ${USER_KEY} ${CID} ${S_OID_USER} s_get_range ${EMPTY} 0:256
Delete object ${USER_KEY} ${CID} ${D_OID_USER} ${EMPTY}
Put object to NeoFS ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_OTH_HEADER}
Get object from NeoFS ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl
Search object ${USER_KEY} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER} ${S_OBJ_H}
Head object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY}
Get Range ${USER_KEY} ${CID} ${S_OID_USER} s_get_range ${EMPTY} 0:256
Delete object ${USER_KEY} ${CID} ${D_OID_USER} ${EMPTY}
Set eACL ${USER_KEY} ${CID} ${EACL_DENY_ALL_USER} --await
Set eACL ${USER_KEY} ${CID} ${EACL_DENY_ALL_USER} --await
Form BearerToken file for all ops bearer_allow_all_user ${USER_KEY} ${CID} ALLOW USER 100500
${rule1}= Create Dictionary Operation=GET Access=ALLOW Role=USER
${rule2}= Create Dictionary Operation=HEAD Access=ALLOW Role=USER
${rule3}= Create Dictionary Operation=PUT Access=ALLOW Role=USER
${rule4}= Create Dictionary Operation=DELETE Access=ALLOW Role=USER
${rule5}= Create Dictionary Operation=SEARCH Access=ALLOW Role=USER
${rule6}= Create Dictionary Operation=GETRANGE Access=ALLOW Role=USER
${rule7}= Create Dictionary Operation=GETRANGEHASH Access=ALLOW Role=USER
${eACL_gen}= Create List ${rule1} ${rule2} ${rule3} ${rule4} ${rule5} ${rule6} ${rule7}
Form BearerToken file ${USER_KEY} ${CID} bearer_allow_all_user ${eACL_gen} 100500
Run Keyword And Expect Error *
... Put object to NeoFS ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER}
... Put object to NeoFS ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER}
Run Keyword And Expect Error *
... Get object from NeoFS ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl
... Get object from NeoFS ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl
Run Keyword And Expect Error *
... Search object ${USER_KEY} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER} @{S_OBJ_H}
... Search object ${USER_KEY} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER} ${S_OBJ_H}
Run Keyword And Expect Error *
... Head object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY}
... Head object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY}
Run Keyword And Expect Error *
... Get Range ${USER_KEY} ${CID} ${S_OID_USER} s_get_range ${EMPTY} 0:256
... Get Range ${USER_KEY} ${CID} ${S_OID_USER} s_get_range ${EMPTY} 0:256
Run Keyword And Expect Error *
... Delete object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY}
Put object to NeoFS ${USER_KEY} ${FILE_S} ${CID} bearer_allow_all_user ${FILE_OTH_HEADER}
Get object from NeoFS ${USER_KEY} ${CID} ${S_OID_USER} bearer_allow_all_user local_file_eacl
Search object ${USER_KEY} ${CID} ${EMPTY} bearer_allow_all_user ${FILE_USR_HEADER} @{S_OBJ_H}
Head object ${USER_KEY} ${CID} ${S_OID_USER} bearer_allow_all_user
Get Range ${USER_KEY} ${CID} ${S_OID_USER} s_get_range bearer_allow_all_user 0:256
Delete object ${USER_KEY} ${CID} ${S_OID_USER} bearer_allow_all_user
... Delete object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY}
Put object to NeoFS ${USER_KEY} ${FILE_S} ${CID} bearer_allow_all_user ${FILE_OTH_HEADER}
Get object from NeoFS ${USER_KEY} ${CID} ${S_OID_USER} bearer_allow_all_user local_file_eacl
Search object ${USER_KEY} ${CID} ${EMPTY} bearer_allow_all_user ${FILE_USR_HEADER} ${S_OBJ_H}
Head object ${USER_KEY} ${CID} ${S_OID_USER} bearer_allow_all_user
Get Range ${USER_KEY} ${CID} ${S_OID_USER} s_get_range bearer_allow_all_user 0:256
Delete object ${USER_KEY} ${CID} ${S_OID_USER} bearer_allow_all_user
Check eACL Deny and Allow All Bearer Filter OID Equal
@ -193,34 +223,43 @@ Check eACL Deny and Allow All Bearer Filter OID Equal
${D_OID_USER} = Put object to NeoFS ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER_DEL}
@{S_OBJ_H} = Create List ${S_OID_USER}
Put object to NeoFS ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_OTH_HEADER}
Get object from NeoFS ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl
Search object ${USER_KEY} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER} @{S_OBJ_H}
Search object ${USER_KEY} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER} ${S_OBJ_H}
Head object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY}
Get Range ${USER_KEY} ${CID} ${S_OID_USER} s_get_range ${EMPTY} 0:256
Delete object ${USER_KEY} ${CID} ${D_OID_USER} ${EMPTY}
Set eACL ${USER_KEY} ${CID} ${EACL_DENY_ALL_USER} --await
Set eACL ${USER_KEY} ${CID} ${EACL_DENY_ALL_USER} --await
Form BearerToken file filter for all ops bearer_allow_all_user ${USER_KEY} ${CID} ALLOW USER 100500 STRING_EQUAL $Object:objectID ${S_OID_USER}
${filters}= Create Dictionary headerType=OBJECT matchType=STRING_EQUAL key=$Object:objectID value=${S_OID_USER}
${rule1}= Create Dictionary Operation=GET Access=ALLOW Role=USER Filters=${filters}
${rule2}= Create Dictionary Operation=HEAD Access=ALLOW Role=USER Filters=${filters}
${rule3}= Create Dictionary Operation=PUT Access=ALLOW Role=USER Filters=${filters}
${rule4}= Create Dictionary Operation=DELETE Access=ALLOW Role=USER Filters=${filters}
${rule5}= Create Dictionary Operation=SEARCH Access=ALLOW Role=USER Filters=${filters}
${rule6}= Create Dictionary Operation=GETRANGE Access=ALLOW Role=USER Filters=${filters}
${rule7}= Create Dictionary Operation=GETRANGEHASH Access=ALLOW Role=USER Filters=${filters}
${eACL_gen}= Create List ${rule1} ${rule2} ${rule3} ${rule4} ${rule5} ${rule6} ${rule7}
Form BearerToken file ${USER_KEY} ${CID} bearer_allow_all_user ${eACL_gen} 100500
Run Keyword And Expect Error *
... Put object to NeoFS ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER}
... Put object to NeoFS ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER}
Run Keyword And Expect Error *
... Get object from NeoFS ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl
... Get object from NeoFS ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl
Run Keyword And Expect Error *
... Search object ${USER_KEY} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER} @{S_OBJ_H}
... Search object ${USER_KEY} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER} ${S_OBJ_H}
Run Keyword And Expect Error *
... Head object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY}
... Head object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY}
Run Keyword And Expect Error *
... Get Range ${USER_KEY} ${CID} ${S_OID_USER} s_get_range ${EMPTY} 0:256
... Get Range ${USER_KEY} ${CID} ${S_OID_USER} s_get_range ${EMPTY} 0:256
Run Keyword And Expect Error *
... Delete object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY}
# Search is allowed without filter condition.
Search object ${USER_KEY} ${CID} ${EMPTY} bearer_allow_all_user ${FILE_USR_HEADER} @{S_OBJ_H}
... Delete object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY}
Run Keyword And Expect Error *
... Search object ${USER_KEY} ${CID} ${EMPTY} bearer_allow_all_user ${FILE_USR_HEADER} ${S_OBJ_H}
Run Keyword And Expect Error *
... Put object to NeoFS ${USER_KEY} ${FILE_S} ${CID} bearer_allow_all_user ${FILE_OTH_HEADER}
Run Keyword And Expect Error *
@ -246,30 +285,41 @@ Check eACL Deny and Allow All Bearer Filter OID NotEqual
Put object to NeoFS ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_OTH_HEADER}
Get object from NeoFS ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl
Search object ${USER_KEY} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER} @{S_OBJ_H}
Search object ${USER_KEY} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER} ${S_OBJ_H}
Head object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY}
Get Range ${USER_KEY} ${CID} ${S_OID_USER} s_get_range ${EMPTY} 0:256
Delete object ${USER_KEY} ${CID} ${D_OID_USER} ${EMPTY}
Set eACL ${USER_KEY} ${CID} ${EACL_DENY_ALL_USER} --await
Set eACL ${USER_KEY} ${CID} ${EACL_DENY_ALL_USER} --await
Form BearerToken file filter for all ops bearer_allow_all_user ${USER_KEY} ${CID} ALLOW USER 100500 STRING_NOT_EQUAL $Object:objectID ${S_OID_USER_2}
${filters}= Create Dictionary headerType=OBJECT matchType=STRING_NOT_EQUAL key=$Object:objectID value=${S_OID_USER_2}
${rule1}= Create Dictionary Operation=GET Access=ALLOW Role=USER Filters=${filters}
${rule2}= Create Dictionary Operation=HEAD Access=ALLOW Role=USER Filters=${filters}
${rule3}= Create Dictionary Operation=PUT Access=ALLOW Role=USER Filters=${filters}
${rule4}= Create Dictionary Operation=DELETE Access=ALLOW Role=USER Filters=${filters}
${rule5}= Create Dictionary Operation=SEARCH Access=ALLOW Role=USER Filters=${filters}
${rule6}= Create Dictionary Operation=GETRANGE Access=ALLOW Role=USER Filters=${filters}
${rule7}= Create Dictionary Operation=GETRANGEHASH Access=ALLOW Role=USER Filters=${filters}
${eACL_gen}= Create List ${rule1} ${rule2} ${rule3} ${rule4} ${rule5} ${rule6} ${rule7}
Form BearerToken file ${USER_KEY} ${CID} bearer_allow_all_user ${eACL_gen} 100500
Run Keyword And Expect Error *
... Put object to NeoFS ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER}
... Put object to NeoFS ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER}
Run Keyword And Expect Error *
... Get object from NeoFS ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl
... Get object from NeoFS ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl
Run Keyword And Expect Error *
... Search object ${USER_KEY} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER} @{S_OBJ_H}
... Search object ${USER_KEY} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER} ${S_OBJ_H}
Run Keyword And Expect Error *
... Head object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY}
... Head object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY}
Run Keyword And Expect Error *
... Get Range ${USER_KEY} ${CID} ${S_OID_USER} s_get_range ${EMPTY} 0:256
... Get Range ${USER_KEY} ${CID} ${S_OID_USER} s_get_range ${EMPTY} 0:256
Run Keyword And Expect Error *
... Delete object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY}
# Search is allowed without filter condition.
Search object ${USER_KEY} ${CID} ${EMPTY} bearer_allow_all_user ${FILE_USR_HEADER} @{S_OBJ_H}
... Delete object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY}
Run Keyword And Expect Error *
... Search object ${USER_KEY} ${CID} ${EMPTY} bearer_allow_all_user ${FILE_USR_HEADER} ${S_OBJ_H}
Put object to NeoFS ${USER_KEY} ${FILE_S} ${CID} bearer_allow_all_user ${FILE_OTH_HEADER}
@ -292,6 +342,148 @@ Check eACL Deny and Allow All Bearer Filter OID NotEqual
Check eACL Allow All Bearer Filter Requst Equal Deny
${CID} = Create Container Public
${S_OID_USER} = Put object to NeoFS ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER}
${S_OID_USER_2} = Put object to NeoFS ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${EMPTY}
${D_OID_USER} = Put object to NeoFS ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER_DEL}
@{S_OBJ_H} = Create List ${S_OID_USER}
${filters}= Create Dictionary headerType=REQUEST matchType=STRING_EQUAL key=a value=256
${rule1}= Create Dictionary Operation=GET Access=DENY Role=USER Filters=${filters}
${rule2}= Create Dictionary Operation=HEAD Access=DENY Role=USER Filters=${filters}
${rule3}= Create Dictionary Operation=PUT Access=DENY Role=USER Filters=${filters}
${rule4}= Create Dictionary Operation=DELETE Access=DENY Role=USER Filters=${filters}
${rule5}= Create Dictionary Operation=SEARCH Access=DENY Role=USER Filters=${filters}
${rule6}= Create Dictionary Operation=GETRANGE Access=DENY Role=USER Filters=${filters}
${rule7}= Create Dictionary Operation=GETRANGEHASH Access=DENY Role=USER Filters=${filters}
${eACL_gen}= Create List ${rule1} ${rule2} ${rule3} ${rule4} ${rule5} ${rule6} ${rule7}
Form BearerToken file ${USER_KEY} ${CID} bearer_allow_all_user ${eACL_gen} 100500
Put object to NeoFS ${USER_KEY} ${FILE_S} ${CID} bearer_allow_all_user ${FILE_OTH_HEADER} ${EMPTY} --xhdr a=2
Get object from NeoFS ${USER_KEY} ${CID} ${S_OID_USER} bearer_allow_all_user local_file_eacl ${EMPTY} --xhdr a=2
Search object ${USER_KEY} ${CID} ${EMPTY} bearer_allow_all_user ${FILE_USR_HEADER} ${S_OBJ_H} --xhdr a=2
Head object ${USER_KEY} ${CID} ${S_OID_USER} bearer_allow_all_user ${EMPTY} --xhdr a=2
Get Range ${USER_KEY} ${CID} ${S_OID_USER} s_get_range bearer_allow_all_user 0:256 --xhdr a=2
Get Range Hash ${USER_KEY} ${CID} ${S_OID_USER} bearer_allow_all_user 0:256 --xhdr a=2
Delete object ${USER_KEY} ${CID} ${D_OID_USER} bearer_allow_all_user --xhdr a=2
Run Keyword And Expect Error *
... Put object to NeoFS ${USER_KEY} ${FILE_S} ${CID} bearer_allow_all_user ${FILE_USR_HEADER} ${EMPTY} --xhdr a=256
Run Keyword And Expect Error *
... Get object from NeoFS ${USER_KEY} ${CID} ${S_OID_USER} bearer_allow_all_user local_file_eacl ${EMPTY} --xhdr a=256
Run Keyword And Expect Error *
... Search object ${USER_KEY} ${CID} ${EMPTY} bearer_allow_all_user ${FILE_USR_HEADER} ${EMPTY} --xhdr a=256
Run Keyword And Expect Error *
... Head object ${USER_KEY} ${CID} ${S_OID_USER} bearer_allow_all_user ${EMPTY} --xhdr a=256
Run Keyword And Expect Error *
... Get Range ${USER_KEY} ${CID} ${S_OID_USER} s_get_range bearer_allow_all_user 0:256 --xhdr a=256
Run Keyword And Expect Error *
... Get Range Hash ${USER_KEY} ${CID} ${S_OID_USER} bearer_allow_all_user 0:256 --xhdr a=256
Run Keyword And Expect Error *
... Delete object ${USER_KEY} ${CID} ${S_OID_USER} bearer_allow_all_user --xhdr a=256
Check eACL Deny and Allow All Bearer Filter Requst NotEqual
${CID} = Create Container Public
${S_OID_USER} = Put object to NeoFS ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER}
${S_OID_USER_2} = Put object to NeoFS ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${EMPTY}
${D_OID_USER} = Put object to NeoFS ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER_DEL}
@{S_OBJ_H} = Create List ${S_OID_USER}
Put object to NeoFS ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_OTH_HEADER}
Get object from NeoFS ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl
Search object ${USER_KEY} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER} ${S_OBJ_H}
Head object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY}
Get Range ${USER_KEY} ${CID} ${S_OID_USER} s_get_range ${EMPTY} 0:256
Delete object ${USER_KEY} ${CID} ${D_OID_USER} ${EMPTY}
Set eACL ${USER_KEY} ${CID} ${EACL_DENY_ALL_USER} --await
${filters}= Create Dictionary headerType=REQUEST matchType=STRING_NOT_EQUAL key=a value=256
${rule1}= Create Dictionary Operation=GET Access=ALLOW Role=USER Filters=${filters}
${rule2}= Create Dictionary Operation=HEAD Access=ALLOW Role=USER Filters=${filters}
${rule3}= Create Dictionary Operation=PUT Access=ALLOW Role=USER Filters=${filters}
${rule4}= Create Dictionary Operation=DELETE Access=ALLOW Role=USER Filters=${filters}
${rule5}= Create Dictionary Operation=SEARCH Access=ALLOW Role=USER Filters=${filters}
${rule6}= Create Dictionary Operation=GETRANGE Access=ALLOW Role=USER Filters=${filters}
${rule7}= Create Dictionary Operation=GETRANGEHASH Access=ALLOW Role=USER Filters=${filters}
${eACL_gen}= Create List ${rule1} ${rule2} ${rule3} ${rule4} ${rule5} ${rule6} ${rule7}
Form BearerToken file ${USER_KEY} ${CID} bearer_allow_all_user ${eACL_gen} 100500
Run Keyword And Expect Error *
... Put object to NeoFS ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER}
Run Keyword And Expect Error *
... Get object from NeoFS ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl
#Run Keyword And Expect Error *
#... Search object ${USER_KEY} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER} ${S_OBJ_H}
Run Keyword And Expect Error *
... Head object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY}
Run Keyword And Expect Error *
... Get Range ${USER_KEY} ${CID} ${S_OID_USER} s_get_range ${EMPTY} 0:256
Run Keyword And Expect Error *
... Delete object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY}
Put object to NeoFS ${USER_KEY} ${FILE_S} ${CID} bearer_allow_all_user ${FILE_USR_HEADER} ${EMPTY} --xhdr a=2
Get object from NeoFS ${USER_KEY} ${CID} ${S_OID_USER} bearer_allow_all_user local_file_eacl ${EMPTY} --xhdr a=2
Search object ${USER_KEY} ${CID} ${EMPTY} bearer_allow_all_user ${FILE_USR_HEADER} ${EMPTY} --xhdr a=2
Head object ${USER_KEY} ${CID} ${S_OID_USER} bearer_allow_all_user ${EMPTY} --xhdr a=2
Get Range ${USER_KEY} ${CID} ${S_OID_USER} s_get_range bearer_allow_all_user 0:256 --xhdr a=2
Get Range Hash ${USER_KEY} ${CID} ${S_OID_USER} bearer_allow_all_user 0:256 --xhdr a=2
Delete object ${USER_KEY} ${CID} ${S_OID_USER} bearer_allow_all_user --xhdr a=2
Check eACL Deny and Allow All Bearer Filter Requst Equal
${CID} = Create Container Public
${S_OID_USER} = Put object to NeoFS ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER}
${S_OID_USER_2} = Put object to NeoFS ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${EMPTY}
${D_OID_USER} = Put object to NeoFS ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER_DEL}
@{S_OBJ_H} = Create List ${S_OID_USER}
Put object to NeoFS ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_OTH_HEADER}
Get object from NeoFS ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl
Search object ${USER_KEY} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER} ${S_OBJ_H}
Head object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY}
Get Range ${USER_KEY} ${CID} ${S_OID_USER} s_get_range ${EMPTY} 0:256
Delete object ${USER_KEY} ${CID} ${D_OID_USER} ${EMPTY}
Set eACL ${USER_KEY} ${CID} ${EACL_DENY_ALL_USER} --await
${filters}= Create Dictionary headerType=REQUEST matchType=STRING_EQUAL key=a value=256
${rule1}= Create Dictionary Operation=GET Access=ALLOW Role=USER Filters=${filters}
${rule2}= Create Dictionary Operation=HEAD Access=ALLOW Role=USER Filters=${filters}
${rule3}= Create Dictionary Operation=PUT Access=ALLOW Role=USER Filters=${filters}
${rule4}= Create Dictionary Operation=DELETE Access=ALLOW Role=USER Filters=${filters}
${rule5}= Create Dictionary Operation=SEARCH Access=ALLOW Role=USER Filters=${filters}
${rule6}= Create Dictionary Operation=GETRANGE Access=ALLOW Role=USER Filters=${filters}
${rule7}= Create Dictionary Operation=GETRANGEHASH Access=ALLOW Role=USER Filters=${filters}
${eACL_gen}= Create List ${rule1} ${rule2} ${rule3} ${rule4} ${rule5} ${rule6} ${rule7}
Form BearerToken file ${USER_KEY} ${CID} bearer_allow_all_user ${eACL_gen} 100500
Run Keyword And Expect Error *
... Put object to NeoFS ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER}
Run Keyword And Expect Error *
... Get object from NeoFS ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl
Run Keyword And Expect Error *
... Search object ${USER_KEY} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER} ${S_OBJ_H}
Run Keyword And Expect Error *
... Head object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY}
Run Keyword And Expect Error *
... Get Range ${USER_KEY} ${CID} ${S_OID_USER} s_get_range ${EMPTY} 0:256
Run Keyword And Expect Error *
... Delete object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY}
Put object to NeoFS ${USER_KEY} ${FILE_S} ${CID} bearer_allow_all_user ${FILE_USR_HEADER} ${EMPTY} --xhdr a=256
Get object from NeoFS ${USER_KEY} ${CID} ${S_OID_USER} bearer_allow_all_user local_file_eacl ${EMPTY} --xhdr a=256
Search object ${USER_KEY} ${CID} ${EMPTY} bearer_allow_all_user ${FILE_USR_HEADER} ${EMPTY} --xhdr a=256
Head object ${USER_KEY} ${CID} ${S_OID_USER} bearer_allow_all_user ${EMPTY} --xhdr a=256
Get Range ${USER_KEY} ${CID} ${S_OID_USER} s_get_range bearer_allow_all_user 0:256 --xhdr a=256
Get Range Hash ${USER_KEY} ${CID} ${S_OID_USER} bearer_allow_all_user 0:256 --xhdr a=256
Delete object ${USER_KEY} ${CID} ${S_OID_USER} bearer_allow_all_user --xhdr a=256
Check eACL Deny and Allow All Bearer Filter UserHeader Equal
${CID} = Create Container Public
${S_OID_USER} = Put object to NeoFS ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER}
@ -302,30 +494,42 @@ Check eACL Deny and Allow All Bearer Filter UserHeader Equal
Put object to NeoFS ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_OTH_HEADER}
Get object from NeoFS ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl
Search object ${USER_KEY} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER} @{S_OBJ_H}
Search object ${USER_KEY} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER} ${S_OBJ_H}
Head object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY}
Get Range ${USER_KEY} ${CID} ${S_OID_USER} s_get_range ${EMPTY} 0:256
Delete object ${USER_KEY} ${CID} ${D_OID_USER} ${EMPTY}
Set eACL ${USER_KEY} ${CID} ${EACL_DENY_ALL_USER} --await
Set eACL ${USER_KEY} ${CID} ${EACL_DENY_ALL_USER} --await
Form BearerToken file filter for all ops bearer_allow_all_user ${USER_KEY} ${CID} ALLOW USER 100500 STRING_EQUAL key2 abc
${filters}= Create Dictionary headerType=OBJECT matchType=STRING_EQUAL key=key2 value=abc
${rule1}= Create Dictionary Operation=GET Access=ALLOW Role=USER Filters=${filters}
${rule2}= Create Dictionary Operation=HEAD Access=ALLOW Role=USER Filters=${filters}
${rule3}= Create Dictionary Operation=PUT Access=ALLOW Role=USER Filters=${filters}
${rule4}= Create Dictionary Operation=DELETE Access=ALLOW Role=USER Filters=${filters}
${rule5}= Create Dictionary Operation=SEARCH Access=ALLOW Role=USER Filters=${filters}
${rule6}= Create Dictionary Operation=GETRANGE Access=ALLOW Role=USER Filters=${filters}
${rule7}= Create Dictionary Operation=GETRANGEHASH Access=ALLOW Role=USER Filters=${filters}
${eACL_gen}= Create List ${rule1} ${rule2} ${rule3} ${rule4} ${rule5} ${rule6} ${rule7}
Form BearerToken file ${USER_KEY} ${CID} bearer_allow_all_user ${eACL_gen} 100500
Run Keyword And Expect Error *
... Put object to NeoFS ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER}
... Put object to NeoFS ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER}
Run Keyword And Expect Error *
... Get object from NeoFS ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl
... Get object from NeoFS ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl
Run Keyword And Expect Error *
... Search object ${USER_KEY} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER} @{S_OBJ_H}
... Search object ${USER_KEY} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER} ${S_OBJ_H}
Run Keyword And Expect Error *
... Head object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY}
... Head object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY}
Run Keyword And Expect Error *
... Get Range ${USER_KEY} ${CID} ${S_OID_USER} s_get_range ${EMPTY} 0:256
... Get Range ${USER_KEY} ${CID} ${S_OID_USER} s_get_range ${EMPTY} 0:256
Run Keyword And Expect Error *
... Delete object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY}
# Search is allowed without filter condition.
Search object ${USER_KEY} ${CID} ${EMPTY} bearer_allow_all_user ${FILE_USR_HEADER} @{S_OBJ_H}
... Delete object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY}
Run Keyword And Expect Error *
... Search object ${USER_KEY} ${CID} ${EMPTY} bearer_allow_all_user ${FILE_USR_HEADER} ${S_OBJ_H}
Run Keyword And Expect Error *
... Put object to NeoFS ${USER_KEY} ${FILE_S} ${CID} bearer_allow_all_user ${FILE_OTH_HEADER}
@ -346,14 +550,181 @@ Check eACL Deny and Allow All Bearer Filter UserHeader Equal
# Delete can not be filtered by UserHeader.
Run Keyword And Expect Error *
... Delete object ${USER_KEY} ${CID} ${S_OID_USER} bearer_allow_all_user
... Delete object ${USER_KEY} ${CID} ${S_OID_USER} bearer_allow_all_user
Run Keyword And Expect Error *
... Delete object ${USER_KEY} ${CID} ${S_OID_USER_2} bearer_allow_all_user
# Check eACL Deny and Allow All Bearer Filter UserHeader NotEqual
Check eACL Deny and Allow All Bearer Filter UserHeader NotEqual
${CID} = Create Container Public
${S_OID_USER} = Put object to NeoFS ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_OTH_HEADER}
${S_OID_USER_2} = Put object to NeoFS ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER}
${D_OID_USER} = Put object to NeoFS ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER_DEL}
@{S_OBJ_H} = Create List ${S_OID_USER_2}
Put object to NeoFS ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_OTH_HEADER}
Get object from NeoFS ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl
Search object ${USER_KEY} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER} ${S_OBJ_H}
Head object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY}
Get Range ${USER_KEY} ${CID} ${S_OID_USER} s_get_range ${EMPTY} 0:256
Delete object ${USER_KEY} ${CID} ${D_OID_USER} ${EMPTY}
Set eACL ${USER_KEY} ${CID} ${EACL_DENY_ALL_USER} --await
${filters}= Create Dictionary headerType=OBJECT matchType=STRING_NOT_EQUAL key=key2 value=abc
${rule1}= Create Dictionary Operation=GET Access=ALLOW Role=USER Filters=${filters}
${rule2}= Create Dictionary Operation=HEAD Access=ALLOW Role=USER Filters=${filters}
${rule3}= Create Dictionary Operation=PUT Access=ALLOW Role=USER Filters=${filters}
${rule4}= Create Dictionary Operation=DELETE Access=ALLOW Role=USER Filters=${filters}
${rule5}= Create Dictionary Operation=SEARCH Access=ALLOW Role=USER Filters=${filters}
${rule6}= Create Dictionary Operation=GETRANGE Access=ALLOW Role=USER Filters=${filters}
${rule7}= Create Dictionary Operation=GETRANGEHASH Access=ALLOW Role=USER Filters=${filters}
${eACL_gen}= Create List ${rule1} ${rule2} ${rule3} ${rule4} ${rule6} ${rule7}
Form BearerToken file ${USER_KEY} ${CID} bearer_allow_all_user ${eACL_gen} 100500
Run Keyword And Expect Error *
... Put object to NeoFS ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER}
Run Keyword And Expect Error *
... Get object from NeoFS ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl
Run Keyword And Expect Error *
... Search object ${USER_KEY} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER} ${S_OBJ_H}
Run Keyword And Expect Error *
... Head object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY}
Run Keyword And Expect Error *
... Get Range ${USER_KEY} ${CID} ${S_OID_USER} s_get_range ${EMPTY} 0:256
Run Keyword And Expect Error *
... Delete object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY}
# Search can not use filter by headers
Run Keyword And Expect Error *
... Search object ${USER_KEY} ${CID} ${EMPTY} bearer_allow_all_user ${FILE_USR_HEADER} ${S_OBJ_H}
# Different behaviour for big and small objects!
# Put object to NeoFS ${USER_KEY} ${FILE_S} ${CID} bearer_allow_all_user ${FILE_OTH_HEADER}
Run Keyword And Expect Error *
... Put object to NeoFS ${USER_KEY} ${FILE_S} ${CID} bearer_allow_all_user ${EMPTY}
Get object from NeoFS ${USER_KEY} ${CID} ${S_OID_USER} bearer_allow_all_user local_file_eacl
Run Keyword And Expect Error *
... Get object from NeoFS ${USER_KEY} ${CID} ${S_OID_USER_2} bearer_allow_all_user local_file_eacl
Run Keyword And Expect Error *
... Get Range ${USER_KEY} ${CID} ${S_OID_USER} s_get_range bearer_allow_all_user 0:256
Run Keyword And Expect Error *
... Get Range Hash ${USER_KEY} ${CID} ${S_OID_USER} bearer_allow_all_user 0:256
Head object ${USER_KEY} ${CID} ${S_OID_USER} bearer_allow_all_user
Run Keyword And Expect Error *
... Head object ${USER_KEY} ${CID} ${S_OID_USER_2} bearer_allow_all_user
# Delete can not be filtered by UserHeader.
Run Keyword And Expect Error *
... Delete object ${USER_KEY} ${CID} ${S_OID_USER} bearer_allow_all_user
Run Keyword And Expect Error *
... Delete object ${USER_KEY} ${CID} ${S_OID_USER_2} bearer_allow_all_user
Check Сompound Operations
Check Bearer Сompound Get ${OTHER_KEY} OTHERS ${EACL_DENY_ALL_OTHERS}
Check Bearer Сompound Get ${USER_KEY} USER ${EACL_DENY_ALL_USER}
Check Bearer Сompound Get ${SYSTEM_KEY} SYSTEM ${EACL_DENY_ALL_SYSTEM}
Check Bearer Сompound Delete ${OTHER_KEY} OTHERS ${EACL_DENY_ALL_OTHERS}
Check Bearer Сompound Delete ${USER_KEY} USER ${EACL_DENY_ALL_USER}
Check Bearer Сompound Delete ${SYSTEM_KEY} SYSTEM ${EACL_DENY_ALL_SYSTEM}
Check Bearer Сompound Get Range Hash ${OTHER_KEY} OTHERS ${EACL_DENY_ALL_OTHERS}
Check Bearer Сompound Get Range Hash ${USER_KEY} USER ${EACL_DENY_ALL_USER}
Check Bearer Сompound Get Range Hash ${SYSTEM_KEY} SYSTEM ${EACL_DENY_ALL_SYSTEM}
Check Bearer Сompound Get
[Arguments] ${KEY} ${DENY_GROUP} ${DENY_EACL}
${CID} = Create Container Public
${S_OID_USER} = Put object to NeoFS ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER}
@{S_OBJ_H} = Create List ${S_OID_USER}
${S_OID_USER} = Put object to NeoFS ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER}
Put object to NeoFS ${KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_OTH_HEADER}
Get object from NeoFS ${KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl
Set eACL ${USER_KEY} ${CID} ${DENY_EACL} --await
${rule1}= Create Dictionary Operation=GET Access=ALLOW Role=${DENY_GROUP}
${rule2}= Create Dictionary Operation=GETRANGE Access=ALLOW Role=${DENY_GROUP}
${rule3}= Create Dictionary Operation=GETRANGEHASH Access=ALLOW Role=${DENY_GROUP}
${eACL_gen}= Create List ${rule1} ${rule2} ${rule3}
Form BearerToken file ${USER_KEY} ${CID} bearer_allow ${eACL_gen} 100500
Run Keyword And Expect Error *
... Head object ${KEY} ${CID} ${S_OID_USER} bearer_allow
Get object from NeoFS ${KEY} ${CID} ${S_OID_USER} bearer_allow local_file_eacl
Get Range ${KEY} ${CID} ${S_OID_USER} s_get_range bearer_allow 0:256
Get Range Hash ${KEY} ${CID} ${S_OID_USER} bearer_allow 0:256
Check Bearer Сompound Delete
[Arguments] ${KEY} ${DENY_GROUP} ${DENY_EACL}
${CID} = Create Container Public
${S_OID_USER} = Put object to NeoFS ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER}
${D_OID_USER} = Put object to NeoFS ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${EMPTY}
Put object to NeoFS ${KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_OTH_HEADER}
Delete object ${KEY} ${CID} ${D_OID_USER} ${EMPTY}
Set eACL ${USER_KEY} ${CID} ${DENY_EACL} --await
${rule1} = Create Dictionary Operation=DELETE Access=ALLOW Role=${DENY_GROUP}
${rule2} = Create Dictionary Operation=PUT Access=DENY Role=${DENY_GROUP}
${rule3} = Create Dictionary Operation=HEAD Access=DENY Role=${DENY_GROUP}
${eACL_gen} = Create List ${rule1} ${rule2} ${rule3}
Form BearerToken file ${USER_KEY} ${CID} bearer_allow ${eACL_gen} 100500
Run Keyword And Expect Error *
... Head object ${KEY} ${CID} ${S_OID_USER} bearer_allow
Run Keyword And Expect Error *
... Put object to NeoFS ${KEY} ${FILE_S} ${CID} bearer_allow ${FILE_OTH_HEADER}
Delete object ${KEY} ${CID} ${S_OID_USER} bearer_allow
Check Bearer Сompound Get Range Hash
[Arguments] ${KEY} ${DENY_GROUP} ${DENY_EACL}
${CID} = Create Container Public
${S_OID_USER} = Put object to NeoFS ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER}
Put object to NeoFS ${KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_OTH_HEADER}
Get Range Hash ${SYSTEM_KEY_SN} ${CID} ${S_OID_USER} ${EMPTY} 0:256
Set eACL ${USER_KEY} ${CID} ${DENY_EACL} --await
${rule1} = Create Dictionary Operation=GETRANGEHASH Access=ALLOW Role=${DENY_GROUP}
${rule2} = Create Dictionary Operation=GETRANGE Access=DENY Role=${DENY_GROUP}
${rule3} = Create Dictionary Operation=GET Access=DENY Role=${DENY_GROUP}
${eACL_gen} = Create List ${rule1} ${rule2} ${rule3}
Form BearerToken file ${USER_KEY} ${CID} bearer_allow ${eACL_gen} 100500
Run Keyword And Expect Error *
... Get Range ${KEY} ${CID} ${S_OID_USER} s_get_range bearer_allow 0:256
Run Keyword And Expect Error *
... Get object from NeoFS ${KEY} ${CID} ${S_OID_USER} bearer_allow local_file_eacl
Get Range Hash ${KEY} ${CID} ${S_OID_USER} bearer_allow 0:256
Cleanup
@{CLEANUP_FILES} = Create List ${FILE_S} local_file_eacl s_get_range bearer_allow_all_user
Cleanup Files @{CLEANUP_FILES}
@{CLEANUP_FILES} = Create List ${FILE_S} local_file_eacl s_get_range
... bearer_allow_all_user gen_eacl_deny_all_USER bearer_allow
Cleanup Files @{CLEANUP_FILES}
Get Docker Logs acl_bearer

View file

@ -20,18 +20,22 @@ Extended ACL Operations
Prepare eACL Role rules
Log Check extended ACL with simple object
Generate files 1024
Check Actions
Check Filters
Check Сompound Operations
Cleanup Files ${FILE_S} ${FILE_S_2}
Log Check extended ACL with complex object
Generate files 20e+6
Generate files 10e+6
Check Actions
Check Filters
[Teardown] Cleanup
Check Сompound Operations
#[Teardown] Cleanup
*** Keywords ***
@ -44,11 +48,168 @@ Check Actions
Check Filters
Check eACL MatchType String Equal
Check eACL MatchType String Not Equal
Check eACL MatchType String Equal Object
Check eACL MatchType String Not Equal Object
Check eACL MatchType String Equal Request Deny
Check eACL MatchType String Equal Request Allow
Check Сompound Operations
Check eACL Сompound Get ${OTHER_KEY} ${EACL_COMPOUND_GET_OTHERS}
Check eACL Сompound Get ${USER_KEY} ${EACL_COMPOUND_GET_USER}
Check eACL Сompound Get ${SYSTEM_KEY} ${EACL_COMPOUND_GET_SYSTEM}
Check eACL Сompound Delete ${OTHER_KEY} ${EACL_COMPOUND_DELETE_OTHERS}
Check eACL Сompound Delete ${USER_KEY} ${EACL_COMPOUND_DELETE_USER}
Check eACL Сompound Delete ${SYSTEM_KEY} ${EACL_COMPOUND_DELETE_SYSTEM}
Check eACL Сompound Get Range Hash ${OTHER_KEY} ${EACL_COMPOUND_GET_HASH_OTHERS}
Check eACL Сompound Get Range Hash ${USER_KEY} ${EACL_COMPOUND_GET_HASH_USER}
Check eACL Сompound Get Range Hash ${SYSTEM_KEY} ${EACL_COMPOUND_GET_HASH_SYSTEM}
Check eACL Сompound Get
[Arguments] ${KEY} ${DENY_EACL}
${CID} = Create Container Public
${S_OID_USER} = Put object to NeoFS ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER}
Put object to NeoFS ${KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_OTH_HEADER}
Get object from NeoFS ${KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl
Set eACL ${USER_KEY} ${CID} ${DENY_EACL} --await
Run Keyword And Expect Error *
... Head object ${KEY} ${CID} ${S_OID_USER} ${EMPTY}
Get object from NeoFS ${KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl
Get Range ${KEY} ${CID} ${S_OID_USER} s_get_range ${EMPTY} 0:256
Get Range Hash ${KEY} ${CID} ${S_OID_USER} ${EMPTY} 0:256
Check eACL MatchType String Equal
Check eACL Сompound Delete
[Arguments] ${KEY} ${DENY_EACL}
${CID} = Create Container Public
${S_OID_USER} = Put object to NeoFS ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER}
${D_OID_USER} = Put object to NeoFS ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${EMPTY}
Put object to NeoFS ${KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_OTH_HEADER}
Delete object ${KEY} ${CID} ${D_OID_USER} ${EMPTY}
Set eACL ${USER_KEY} ${CID} ${DENY_EACL} --await
Run Keyword And Expect Error *
... Head object ${KEY} ${CID} ${S_OID_USER} ${EMPTY}
Run Keyword And Expect Error *
... Put object to NeoFS ${KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_OTH_HEADER}
Delete object ${KEY} ${CID} ${S_OID_USER} ${EMPTY}
Check eACL Сompound Get Range Hash
[Arguments] ${KEY} ${DENY_EACL}
${CID} = Create Container Public
${S_OID_USER} = Put object to NeoFS ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER}
Put object to NeoFS ${KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_OTH_HEADER}
Get Range Hash ${SYSTEM_KEY_SN} ${CID} ${S_OID_USER} ${EMPTY} 0:256
Set eACL ${USER_KEY} ${CID} ${DENY_EACL} --await
Run Keyword And Expect Error *
... Get Range ${KEY} ${CID} ${S_OID_USER} s_get_range ${EMPTY} 0:256
Run Keyword And Expect Error *
... Get object from NeoFS ${KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl
Get Range Hash ${KEY} ${CID} ${S_OID_USER} ${EMPTY} 0:256
Check eACL MatchType String Equal Request Deny
${CID} = Create Container Public
${S_OID_USER} = Put object to NeoFS ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER}
${HEADER} = Head object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY}
&{HEADER_DICT} = Parse Object System Header ${HEADER}
Get object from NeoFS ${OTHER_KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl
${ID_value} = Get From Dictionary ${HEADER_DICT} ID
Set eACL ${USER_KEY} ${CID} ${EACL_XHEADER_DENY_ALL} --await
Run Keyword And Expect Error *
... Get object from NeoFS ${OTHER_KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl ${EMPTY} --xhdr a=2
Get object from NeoFS ${OTHER_KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl ${EMPTY} --xhdr a=256
Run Keyword And Expect Error *
... Put object to NeoFS ${OTHER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_OTH_HEADER} ${EMPTY} --xhdr a=2
Run Keyword And Expect Error *
... Get object from NeoFS ${OTHER_KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl ${EMPTY} --xhdr a=2
Run Keyword And Expect Error *
... Search object ${OTHER_KEY} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER} ${EMPTY} --xhdr a=2
Run Keyword And Expect Error *
... Head object ${OTHER_KEY} ${CID} ${S_OID_USER} ${EMPTY} ${EMPTY} --xhdr a=2
Run Keyword And Expect Error *
... Get Range ${OTHER_KEY} ${CID} ${S_OID_USER} s_get_range ${EMPTY} 0:256 --xhdr a="2"
Run Keyword And Expect Error *
... Get Range Hash ${OTHER_KEY} ${CID} ${S_OID_USER} ${EMPTY} 0:256 --xhdr a=2
Run Keyword And Expect Error *
... Delete object ${OTHER_KEY} ${CID} ${S_OID_USER} ${EMPTY} --xhdr a=2
Put object to NeoFS ${OTHER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_OTH_HEADER} ${EMPTY} --xhdr a=256
Get object from NeoFS ${OTHER_KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl ${EMPTY} --xhdr a=*
Search object ${OTHER_KEY} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER} ${EMPTY} --xhdr a=
Head object ${OTHER_KEY} ${CID} ${S_OID_USER} ${EMPTY} ${EMPTY} --xhdr a=.*
Get Range ${OTHER_KEY} ${CID} ${S_OID_USER} s_get_range ${EMPTY} 0:256 --xhdr a="2 2"
Get Range Hash ${OTHER_KEY} ${CID} ${S_OID_USER} ${EMPTY} 0:256 --xhdr a=256
Delete object ${OTHER_KEY} ${CID} ${S_OID_USER} ${EMPTY} --xhdr a=22
Check eACL MatchType String Equal Request Allow
${CID} = Create Container Public
${S_OID_USER} = Put object to NeoFS ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER}
${HEADER} = Head object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY}
&{HEADER_DICT} = Parse Object System Header ${HEADER}
Get object from NeoFS ${OTHER_KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl
${ID_value} = Get From Dictionary ${HEADER_DICT} ID
Set eACL ${USER_KEY} ${CID} ${EACL_XHEADER_ALLOW_ALL} --await
Get eACL ${USER_KEY} ${CID}
Run Keyword And Expect Error *
... Get object from NeoFS ${OTHER_KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl ${EMPTY}
Run Keyword And Expect Error *
... Put object to NeoFS ${OTHER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_OTH_HEADER} ${EMPTY}
Run Keyword And Expect Error *
... Get object from NeoFS ${OTHER_KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl ${EMPTY}
Run Keyword And Expect Error *
... Search object ${OTHER_KEY} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER} ${EMPTY}
Run Keyword And Expect Error *
... Head object ${OTHER_KEY} ${CID} ${S_OID_USER} ${EMPTY} ${EMPTY}
Run Keyword And Expect Error *
... Get Range ${OTHER_KEY} ${CID} ${S_OID_USER} s_get_range ${EMPTY} 0:256
Run Keyword And Expect Error *
... Get Range Hash ${OTHER_KEY} ${CID} ${S_OID_USER} ${EMPTY} 0:256
Run Keyword And Expect Error *
... Delete object ${OTHER_KEY} ${CID} ${S_OID_USER} ${EMPTY}
Put object to NeoFS ${OTHER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_OTH_HEADER} ${EMPTY} --xhdr a=2
Get object from NeoFS ${OTHER_KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl ${EMPTY} --xhdr a=2
Search object ${OTHER_KEY} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER} ${EMPTY} --xhdr a=2
Head object ${OTHER_KEY} ${CID} ${S_OID_USER} ${EMPTY} ${EMPTY} --xhdr a=2
Get Range ${OTHER_KEY} ${CID} ${S_OID_USER} s_get_range ${EMPTY} 0:256 --xhdr a=2
Get Range Hash ${OTHER_KEY} ${CID} ${S_OID_USER} ${EMPTY} 0:256 --xhdr a=2
Delete object ${OTHER_KEY} ${CID} ${S_OID_USER} ${EMPTY} --xhdr a=2
Check eACL MatchType String Equal Object
${CID} = Create Container Public
${S_OID_USER} = Put object to NeoFS ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER}
@ -59,7 +220,12 @@ Check eACL MatchType String Equal
Log Set eACL for Deny GET operation with StringEqual Object ID
${ID_value} = Get From Dictionary ${HEADER_DICT} ID
${EACL_CUSTOM} = Form eACL json file eacl_custom GET DENY STRING_EQUAL $Object:objectID ${ID_value} OTHERS
${filters} = Create Dictionary headerType=OBJECT matchType=STRING_EQUAL key=$Object:objectID value=${ID_value}
${rule1} = Create Dictionary Operation=GET Access=DENY Role=OTHERS Filters=${filters}
${eACL_gen} = Create List ${rule1}
${EACL_CUSTOM} = Form eACL json common file eacl_custom ${eACL_gen}
Set eACL ${USER_KEY} ${CID} ${EACL_CUSTOM} --await
Run Keyword And Expect Error *
... Get object from NeoFS ${OTHER_KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl
@ -67,15 +233,21 @@ Check eACL MatchType String Equal
Log Set eACL for Deny GET operation with StringEqual Object Extended User Header
${S_OID_USER_OTH} = Put object to NeoFS ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_OTH_HEADER}
${EACL_CUSTOM} = Form eACL json file eacl_custom GET DENY STRING_EQUAL key1 1 OTHERS
${filters} = Create Dictionary headerType=OBJECT matchType=STRING_EQUAL key=key1 value=1
${rule1} = Create Dictionary Operation=GET Access=DENY Role=OTHERS Filters=${filters}
${eACL_gen} = Create List ${rule1}
${EACL_CUSTOM} = Form eACL json common file eacl_custom ${eACL_gen}
Set eACL ${USER_KEY} ${CID} ${EACL_CUSTOM} --await
Run Keyword And Expect Error *
... Get object from NeoFS ${OTHER_KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl
Get object from NeoFS ${OTHER_KEY} ${CID} ${S_OID_USER_OTH} ${EMPTY} local_file_eacl
Check eACL MatchType String Not Equal
Check eACL MatchType String Not Equal Object
${CID} = Create Container Public
${S_OID_USER} = Put object to NeoFS ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER}
@ -84,14 +256,19 @@ Check eACL MatchType String Not Equal
${HEADER} = Head object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY}
Head object ${USER_KEY} ${CID} ${S_OID_OTHER} ${EMPTY}
&{HEADER_DICT} = Parse Object System Header ${HEADER}
&{HEADER_DICT} = Parse Object System Header ${HEADER}
Get object from NeoFS ${OTHER_KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl
Get object from NeoFS ${OTHER_KEY} ${CID} ${S_OID_OTHER} ${EMPTY} local_file_eacl
Log Set eACL for Deny GET operation with StringNotEqual Object ID
${ID_value} = Get From Dictionary ${HEADER_DICT} ID
${EACL_CUSTOM} = Form eACL json file eacl_custom GET DENY STRING_NOT_EQUAL $Object:objectID ${ID_value} OTHERS
${filters} = Create Dictionary headerType=OBJECT matchType=STRING_NOT_EQUAL key=$Object:objectID value=${ID_value}
${rule1} = Create Dictionary Operation=GET Access=DENY Role=OTHERS Filters=${filters}
${eACL_gen} = Create List ${rule1}
${EACL_CUSTOM} = Form eACL json common file eacl_custom ${eACL_gen}
Set eACL ${USER_KEY} ${CID} ${EACL_CUSTOM} --await
Run Keyword And Expect Error *
... Get object from NeoFS ${OTHER_KEY} ${CID} ${S_OID_OTHER} ${EMPTY} local_file_eacl
@ -100,7 +277,12 @@ Check eACL MatchType String Not Equal
Log Set eACL for Deny GET operation with StringEqual Object Extended User Header
${S_OID_USER_OTH} = Put object to NeoFS ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_OTH_HEADER}
${EACL_CUSTOM} = Form eACL json file eacl_custom GET DENY STRING_NOT_EQUAL key1 1 OTHERS
${filters} = Create Dictionary headerType=OBJECT matchType=STRING_NOT_EQUAL key=key1 value=1
${rule1} = Create Dictionary Operation=GET Access=DENY Role=OTHERS Filters=${filters}
${eACL_gen} = Create List ${rule1}
${EACL_CUSTOM} = Form eACL json common file eacl_custom ${eACL_gen}
Set eACL ${USER_KEY} ${CID} ${EACL_CUSTOM} --await
Run Keyword And Expect Error *
... Get object from NeoFS ${OTHER_KEY} ${CID} ${S_OID_USER_OTH} ${EMPTY} local_file_eacl
@ -170,17 +352,145 @@ Generate files
Prepare eACL Role rules
Log Set eACL for different Role cases
Set Global Variable ${EACL_DENY_ALL_OTHER} robot/resources/lib/eacl/eacl_encoded_deny_all
Set Global Variable ${EACL_ALLOW_ALL_OTHER} robot/resources/lib/eacl/eacl_encoded_allow_all
Set Global Variable ${EACL_DENY_ALL_USER} robot/resources/lib/eacl/eacl_encoded_deny_all_user
Set Global Variable ${EACL_ALLOW_ALL_USER} robot/resources/lib/eacl/eacl_encoded_allow_all_user
# eACL rules for all operations and similar permissions
@{Roles} = Create List OTHERS USER SYSTEM
FOR ${role} IN @{Roles}
${rule1}= Create Dictionary Operation=GET Access=DENY Role=${role}
${rule2}= Create Dictionary Operation=HEAD Access=DENY Role=${role}
${rule3}= Create Dictionary Operation=PUT Access=DENY Role=${role}
${rule4}= Create Dictionary Operation=DELETE Access=DENY Role=${role}
${rule5}= Create Dictionary Operation=SEARCH Access=DENY Role=${role}
${rule6}= Create Dictionary Operation=GETRANGE Access=DENY Role=${role}
${rule7}= Create Dictionary Operation=GETRANGEHASH Access=DENY Role=${role}
Set Global Variable ${EACL_DENY_ALL_SYSTEM} robot/resources/lib/eacl/eacl_encoded_deny_all_sys
Set Global Variable ${EACL_ALLOW_ALL_SYSTEM} robot/resources/lib/eacl/eacl_encoded_allow_all_sys
${eACL_gen}= Create List ${rule1} ${rule2} ${rule3} ${rule4} ${rule5} ${rule6} ${rule7}
Form eACL json common file gen_eacl_deny_all_${role} ${eACL_gen}
END
FOR ${role} IN @{Roles}
${rule1}= Create Dictionary Operation=GET Access=ALLOW Role=${role}
${rule2}= Create Dictionary Operation=HEAD Access=ALLOW Role=${role}
${rule3}= Create Dictionary Operation=PUT Access=ALLOW Role=${role}
${rule4}= Create Dictionary Operation=DELETE Access=ALLOW Role=${role}
${rule5}= Create Dictionary Operation=SEARCH Access=ALLOW Role=${role}
${rule6}= Create Dictionary Operation=GETRANGE Access=ALLOW Role=${role}
${rule7}= Create Dictionary Operation=GETRANGEHASH Access=ALLOW Role=${role}
${eACL_gen}= Create List ${rule1} ${rule2} ${rule3} ${rule4} ${rule5} ${rule6} ${rule7}
Form eACL json common file gen_eacl_allow_all_${role} ${eACL_gen}
END
${rule1}= Create Dictionary Operation=GET Access=ALLOW Role=A9tDy6Ye+UimXCCzJrlAmRE0FDZHjf3XRyya9rELtgAA
${rule2}= Create Dictionary Operation=HEAD Access=ALLOW Role=A9tDy6Ye+UimXCCzJrlAmRE0FDZHjf3XRyya9rELtgAA
${rule3}= Create Dictionary Operation=PUT Access=ALLOW Role=A9tDy6Ye+UimXCCzJrlAmRE0FDZHjf3XRyya9rELtgAA
${rule4}= Create Dictionary Operation=DELETE Access=ALLOW Role=A9tDy6Ye+UimXCCzJrlAmRE0FDZHjf3XRyya9rELtgAA
${rule5}= Create Dictionary Operation=SEARCH Access=ALLOW Role=A9tDy6Ye+UimXCCzJrlAmRE0FDZHjf3XRyya9rELtgAA
${rule6}= Create Dictionary Operation=GETRANGE Access=ALLOW Role=A9tDy6Ye+UimXCCzJrlAmRE0FDZHjf3XRyya9rELtgAA
${rule7}= Create Dictionary Operation=GETRANGEHASH Access=ALLOW Role=A9tDy6Ye+UimXCCzJrlAmRE0FDZHjf3XRyya9rELtgAA
${rule8}= Create Dictionary Operation=GET Access=DENY Role=OTHERS
${rule9}= Create Dictionary Operation=HEAD Access=DENY Role=OTHERS
${rule10}= Create Dictionary Operation=PUT Access=DENY Role=OTHERS
${rule11}= Create Dictionary Operation=DELETE Access=DENY Role=OTHERS
${rule12}= Create Dictionary Operation=SEARCH Access=DENY Role=OTHERS
${rule13}= Create Dictionary Operation=GETRANGE Access=DENY Role=OTHERS
${rule14}= Create Dictionary Operation=GETRANGEHASH Access=DENY Role=OTHERS
${eACL_gen}= Create List ${rule1} ${rule2} ${rule3} ${rule4} ${rule5} ${rule6} ${rule7}
... ${rule8} ${rule9} ${rule10} ${rule11} ${rule12} ${rule13} ${rule14}
Form eACL json common file gen_eacl_allow_pubkey_deny_OTHERS ${eACL_gen}
Set Global Variable ${EACL_DENY_ALL_OTHER} gen_eacl_deny_all_OTHERS
Set Global Variable ${EACL_ALLOW_ALL_OTHER} gen_eacl_allow_all_OTHERS
Set Global Variable ${EACL_DENY_ALL_USER} gen_eacl_deny_all_USER
Set Global Variable ${EACL_ALLOW_ALL_USER} gen_eacl_allow_all_USER
Set Global Variable ${EACL_DENY_ALL_SYSTEM} gen_eacl_deny_all_SYSTEM
Set Global Variable ${EACL_ALLOW_ALL_SYSTEM} gen_eacl_allow_all_SYSTEM
Set Global Variable ${EACL_ALLOW_ALL_Pubkey} robot/resources/lib/eacl/eacl_encoded_allow_all_pubkey
Set Global Variable ${EACL_ALLOW_ALL_Pubkey} gen_eacl_allow_pubkey_deny_OTHERS
# eACL rules for Compound operations: GET/GetRange/GetRangeHash
@{Roles} = Create List OTHERS USER SYSTEM
FOR ${role} IN @{Roles}
${rule1}= Create Dictionary Operation=GET Access=ALLOW Role=${role}
${rule2}= Create Dictionary Operation=GETRANGE Access=ALLOW Role=${role}
${rule3}= Create Dictionary Operation=GETRANGEHASH Access=ALLOW Role=${role}
${rule4}= Create Dictionary Operation=HEAD Access=DENY Role=${role}
${eACL_gen}= Create List ${rule1} ${rule2} ${rule3} ${rule4}
Form eACL json common file gen_eacl_compound_get_${role} ${eACL_gen}
Set Global Variable ${EACL_COMPOUND_GET_${role}} gen_eacl_compound_get_${role}
END
# eACL rules for Compound operations: DELETE
@{Roles} = Create List OTHERS USER SYSTEM
FOR ${role} IN @{Roles}
${rule1}= Create Dictionary Operation=DELETE Access=ALLOW Role=${role}
${rule2}= Create Dictionary Operation=PUT Access=DENY Role=${role}
${rule3}= Create Dictionary Operation=HEAD Access=DENY Role=${role}
${eACL_gen}= Create List ${rule1} ${rule2} ${rule3}
Form eACL json common file gen_eacl_compound_del_${role} ${eACL_gen}
Set Global Variable ${EACL_COMPOUND_DELETE_${role}} gen_eacl_compound_del_${role}
END
# eACL rules for Compound operations: GETRANGEHASH
@{Roles} = Create List OTHERS USER SYSTEM
FOR ${role} IN @{Roles}
${rule1}= Create Dictionary Operation=GETRANGEHASH Access=ALLOW Role=${role}
${rule2}= Create Dictionary Operation=GETRANGE Access=DENY Role=${role}
${rule3}= Create Dictionary Operation=GET Access=DENY Role=${role}
${eACL_gen}= Create List ${rule1} ${rule2} ${rule3}
Form eACL json common file gen_eacl_compound_get_hash_${role} ${eACL_gen}
Set Global Variable ${EACL_COMPOUND_GET_HASH_${role}} gen_eacl_compound_get_hash_${role}
END
# eACL for X-Header Other DENY and ALLOW for all
${filters}= Create Dictionary headerType=REQUEST matchType=STRING_EQUAL key=a value=2
${rule1}= Create Dictionary Operation=GET Access=DENY Role=OTHERS Filters=${filters}
${rule2}= Create Dictionary Operation=HEAD Access=DENY Role=OTHERS Filters=${filters}
${rule3}= Create Dictionary Operation=PUT Access=DENY Role=OTHERS Filters=${filters}
${rule4}= Create Dictionary Operation=DELETE Access=DENY Role=OTHERS Filters=${filters}
${rule5}= Create Dictionary Operation=SEARCH Access=DENY Role=OTHERS Filters=${filters}
${rule6}= Create Dictionary Operation=GETRANGE Access=DENY Role=OTHERS Filters=${filters}
${rule7}= Create Dictionary Operation=GETRANGEHASH Access=DENY Role=OTHERS Filters=${filters}
${eACL_gen}= Create List ${rule1} ${rule2} ${rule3} ${rule4} ${rule5} ${rule6} ${rule7}
Form eACL json common file gen_eacl_xheader_deny_all ${eACL_gen}
Set Global Variable ${EACL_XHEADER_DENY_ALL} gen_eacl_xheader_deny_all
# eACL for X-Header Other ALLOW and DENY for all
${filters}= Create Dictionary headerType=REQUEST matchType=STRING_EQUAL key=a value=2
${rule1}= Create Dictionary Operation=GET Access=ALLOW Role=OTHERS Filters=${filters}
${rule2}= Create Dictionary Operation=HEAD Access=ALLOW Role=OTHERS Filters=${filters}
${rule3}= Create Dictionary Operation=PUT Access=ALLOW Role=OTHERS Filters=${filters}
${rule4}= Create Dictionary Operation=DELETE Access=ALLOW Role=OTHERS Filters=${filters}
${rule5}= Create Dictionary Operation=SEARCH Access=ALLOW Role=OTHERS Filters=${filters}
${rule6}= Create Dictionary Operation=GETRANGE Access=ALLOW Role=OTHERS Filters=${filters}
${rule7}= Create Dictionary Operation=GETRANGEHASH Access=ALLOW Role=OTHERS Filters=${filters}
${rule8}= Create Dictionary Operation=GET Access=DENY Role=OTHERS
${rule9}= Create Dictionary Operation=HEAD Access=DENY Role=OTHERS
${rule10}= Create Dictionary Operation=PUT Access=DENY Role=OTHERS
${rule11}= Create Dictionary Operation=DELETE Access=DENY Role=OTHERS
${rule12}= Create Dictionary Operation=SEARCH Access=DENY Role=OTHERS
${rule13}= Create Dictionary Operation=GETRANGE Access=DENY Role=OTHERS
${rule14}= Create Dictionary Operation=GETRANGEHASH Access=DENY Role=OTHERS
${eACL_gen}= Create List ${rule1} ${rule2} ${rule3} ${rule4} ${rule5} ${rule6} ${rule7}
... ${rule8} ${rule9} ${rule10} ${rule11} ${rule12} ${rule13} ${rule14}
Form eACL json common file gen_eacl_xheader_allow_all ${eACL_gen}
Set Global Variable ${EACL_XHEADER_ALLOW_ALL} gen_eacl_xheader_allow_all
Check eACL Deny and Allow All User
Check eACL Deny and Allow All ${USER_KEY} ${EACL_DENY_ALL_USER} ${EACL_ALLOW_ALL_USER}
@ -205,8 +515,8 @@ Check eACL Deny and Allow All System
Get object from NeoFS ${SYSTEM_KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl
Get object from NeoFS ${SYSTEM_KEY_SN} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl
Search object ${SYSTEM_KEY} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER} @{S_OBJ_H}
Search object ${SYSTEM_KEY_SN} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER} @{S_OBJ_H}
Search object ${SYSTEM_KEY} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER} ${S_OBJ_H}
Search object ${SYSTEM_KEY_SN} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER} ${S_OBJ_H}
Head object ${SYSTEM_KEY} ${CID} ${S_OID_USER} ${EMPTY}
Head object ${SYSTEM_KEY_SN} ${CID} ${S_OID_USER} ${EMPTY}
@ -220,11 +530,7 @@ Check eACL Deny and Allow All System
Delete object ${SYSTEM_KEY} ${CID} ${D_OID_USER_S} ${EMPTY}
Delete object ${SYSTEM_KEY_SN} ${CID} ${D_OID_USER_SN} ${EMPTY}
Set eACL ${USER_KEY} ${CID} ${EACL_DENY_ALL_SYSTEM}
Sleep ${MORPH_BLOCK_TIMEOUT}
Set eACL ${USER_KEY} ${CID} ${EACL_DENY_ALL_SYSTEM} --await
Run Keyword And Expect Error *
... Put object to NeoFS ${SYSTEM_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_OTH_HEADER}
@ -237,9 +543,9 @@ Check eACL Deny and Allow All System
... Get object from NeoFS ${SYSTEM_KEY_SN} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl
Run Keyword And Expect Error *
... Search object ${SYSTEM_KEY} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER} @{S_OBJ_H}
... Search object ${SYSTEM_KEY} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER} ${S_OBJ_H}
Run Keyword And Expect Error *
... Search object ${SYSTEM_KEY_SN} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER} @{S_OBJ_H}
... Search object ${SYSTEM_KEY_SN} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER} ${S_OBJ_H}
Run Keyword And Expect Error *
@ -265,8 +571,8 @@ Check eACL Deny and Allow All System
... Delete object ${SYSTEM_KEY_SN} ${CID} ${S_OID_USER} ${EMPTY}
Set eACL ${USER_KEY} ${CID} ${EACL_ALLOW_ALL_SYSTEM}
Sleep ${MORPH_BLOCK_TIMEOUT}
Set eACL ${USER_KEY} ${CID} ${EACL_ALLOW_ALL_SYSTEM} --await
${D_OID_USER_S} = Put object to NeoFS ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER_DEL}
${D_OID_USER_SN} = Put object to NeoFS ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER_DEL}
@ -278,8 +584,8 @@ Check eACL Deny and Allow All System
Get object from NeoFS ${SYSTEM_KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl
Get object from NeoFS ${SYSTEM_KEY_SN} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl
Search object ${SYSTEM_KEY} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER} @{S_OBJ_H}
Search object ${SYSTEM_KEY_SN} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER} @{S_OBJ_H}
Search object ${SYSTEM_KEY} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER} ${S_OBJ_H}
Search object ${SYSTEM_KEY_SN} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER} ${S_OBJ_H}
Head object ${SYSTEM_KEY} ${CID} ${S_OID_USER} ${EMPTY}
Head object ${SYSTEM_KEY_SN} ${CID} ${S_OID_USER} ${EMPTY}
@ -304,7 +610,7 @@ Check eACL Deny All Other and Allow All Pubkey
Put object to NeoFS ${EACL_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_OTH_HEADER}
Get object from NeoFS ${EACL_KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl
Search object ${EACL_KEY} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER} @{S_OBJ_H}
Search object ${EACL_KEY} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER} ${S_OBJ_H}
Head object ${EACL_KEY} ${CID} ${S_OID_USER} ${EMPTY}
Get Range ${EACL_KEY} ${CID} ${S_OID_USER} s_get_range ${EMPTY} 0:256
Get Range Hash ${EACL_KEY} ${CID} ${S_OID_USER} ${EMPTY} 0:256
@ -318,7 +624,7 @@ Check eACL Deny All Other and Allow All Pubkey
Run Keyword And Expect Error *
... Get object from NeoFS ${OTHER_KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl
Run Keyword And Expect Error *
... Search object ${OTHER_KEY} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER} @{S_OBJ_H}
... Search object ${OTHER_KEY} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER} ${S_OBJ_H}
Run Keyword And Expect Error *
... Head object ${OTHER_KEY} ${CID} ${S_OID_USER} ${EMPTY}
Run Keyword And Expect Error *
@ -330,7 +636,7 @@ Check eACL Deny All Other and Allow All Pubkey
Put object to NeoFS ${EACL_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_OTH_HEADER}
Get object from NeoFS ${EACL_KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl
Search object ${EACL_KEY} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER} @{S_OBJ_H}
Search object ${EACL_KEY} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER} ${S_OBJ_H}
Head object ${EACL_KEY} ${CID} ${S_OID_USER} ${EMPTY}
Get Range ${EACL_KEY} ${CID} ${S_OID_USER} s_get_range ${EMPTY} 0:256
Get Range Hash ${EACL_KEY} ${CID} ${S_OID_USER} ${EMPTY} 0:256
@ -348,22 +654,21 @@ Check eACL Deny and Allow All
Put object to NeoFS ${KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_OTH_HEADER}
Get object from NeoFS ${KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl
Search object ${KEY} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER} @{S_OBJ_H}
Search object ${KEY} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER} ${S_OBJ_H}
Head object ${KEY} ${CID} ${S_OID_USER} ${EMPTY}
Get Range ${KEY} ${CID} ${S_OID_USER} s_get_range ${EMPTY} 0:256
Get Range Hash ${KEY} ${CID} ${S_OID_USER} ${EMPTY} 0:256
Delete object ${KEY} ${CID} ${D_OID_USER} ${EMPTY}
Set eACL ${USER_KEY} ${CID} ${DENY_EACL}
Sleep ${MORPH_BLOCK_TIMEOUT}
Set eACL ${USER_KEY} ${CID} ${DENY_EACL} --await
Run Keyword And Expect Error *
... Put object to NeoFS ${KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER}
Run Keyword And Expect Error *
... Get object from NeoFS ${KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl
Run Keyword And Expect Error *
... Search object ${KEY} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER} @{S_OBJ_H}
... Search object ${KEY} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER} ${S_OBJ_H}
Run Keyword And Expect Error *
... Head object ${KEY} ${CID} ${S_OID_USER} ${EMPTY}
Run Keyword And Expect Error *
@ -373,17 +678,24 @@ Check eACL Deny and Allow All
Run Keyword And Expect Error *
... Delete object ${KEY} ${CID} ${S_OID_USER} ${EMPTY}
Set eACL ${USER_KEY} ${CID} ${ALLOW_EACL}
Sleep ${MORPH_BLOCK_TIMEOUT}
Set eACL ${USER_KEY} ${CID} ${ALLOW_EACL} --await
Put object to NeoFS ${KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_OTH_HEADER}
Get object from NeoFS ${KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl
Search object ${KEY} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER} @{S_OBJ_H}
Search object ${KEY} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER} ${S_OBJ_H}
Head object ${KEY} ${CID} ${S_OID_USER} ${EMPTY}
Get Range ${KEY} ${CID} ${S_OID_USER} s_get_range ${EMPTY} 0:256
Get Range Hash ${KEY} ${CID} ${S_OID_USER} ${EMPTY} 0:256
Delete object ${KEY} ${CID} ${S_OID_USER} ${EMPTY}
Cleanup
@{CLEANUP_FILES} = Create List ${FILE_S} ${FILE_S_2} local_file_eacl eacl_custom s_get_range
Cleanup Files @{CLEANUP_FILES}
@{CLEANUP_FILES} = Create List ${FILE_S} ${FILE_S_2} local_file_eacl eacl_custom s_get_range
... gen_eacl_allow_all_OTHERS gen_eacl_deny_all_USER gen_eacl_allow_all_USER
... gen_eacl_deny_all_SYSTEM gen_eacl_allow_all_SYSTEM gen_eacl_allow_pubkey_deny_OTHERS
... gen_eacl_deny_all_OTHERS
... gen_eacl_compound_del_SYSTEM gen_eacl_compound_del_USER gen_eacl_compound_del_OTHERS
... gen_eacl_compound_get_hash_OTHERS gen_eacl_compound_get_hash_SYSTEM gen_eacl_compound_get_hash_USER
... gen_eacl_compound_get_OTHERS gen_eacl_compound_get_SYSTEM gen_eacl_compound_get_USER
Cleanup Files @{CLEANUP_FILES}
Get Docker Logs acl_extended

View file

@ -36,9 +36,12 @@ NeoFS HTTP Gateway
... Container Existing ${PRIV_KEY} ${CID}
${FILE} = Generate file of bytes 1024
${FILE_L} = Generate file of bytes 10e+6
${FILE_HASH} = Get file hash ${FILE}
${FILE_L_HASH} = Get file hash ${FILE_L}
${S_OID} = Put object to NeoFS ${PRIV_KEY} ${FILE} ${CID} ${EMPTY} ${EMPTY}
${S_OID} = Put object to NeoFS ${PRIV_KEY} ${FILE} ${CID} ${EMPTY} ${EMPTY}
${L_OID} = Put object to NeoFS ${PRIV_KEY} ${FILE_L} ${CID} ${EMPTY} ${EMPTY}
# By request from Service team - try to GET object from the node without object
@ -50,5 +53,23 @@ NeoFS HTTP Gateway
Verify file hash s_file_read ${FILE_HASH}
Verify file hash ${FILEPATH} ${FILE_HASH}
[Teardown] Cleanup Files ${FILEPATH} ${FILE} s_file_read
@{GET_NODE_LIST} = Get nodes without object ${PRIV_KEY} ${CID} ${L_OID}
${NODE} = Evaluate random.choice($GET_NODE_LIST) random
Get object from NeoFS ${PRIV_KEY} ${CID} ${L_OID} ${EMPTY} l_file_read ${NODE}
${FILEPATH} = Get via HTTP Gate ${CID} ${L_OID}
Verify file hash l_file_read ${FILE_L_HASH}
Verify file hash ${FILEPATH} ${FILE_L_HASH}
[Teardown] Cleanup ${FILEPATH} ${FILE}
*** Keywords ***
Cleanup
[Arguments] ${FILEPATH} ${FILE}
Cleanup Files ${FILEPATH} ${FILE} s_file_read l_file_read
Get Docker Logs http_gate

View file

@ -60,7 +60,7 @@ NeoFS Simple Netmap
Run Keyword And Expect Error *
... Validate Policy REP 2 IN X CBF 2 SELECT 6 FROM * AS X 2 @{EMPTY}
[Teardown] Cleanup Files ${FILE}
[Teardown] Cleanup ${FILE}
*** Keywords ***
@ -107,3 +107,7 @@ Validate Policy
Validate storage policy for object ${PRIV_KEY} ${EXPECTED_VAL} ${CID} ${S_OID} @{EXPECTED_LIST}
Cleanup
[Arguments] ${FILE}
Cleanup Files ${FILE}
Get Docker Logs netmap_simple

View file

@ -41,8 +41,7 @@ NeoFS Complex Object Operations
Wait Until Keyword Succeeds 2 min 30 sec
... Expected Balance ${PRIV_KEY} 50 -7e-08
${SIZE} = Set Variable 20e+6
${FILE} = Generate file of bytes ${SIZE}
${FILE} = Generate file of bytes 10e+6
${FILE_HASH} = Get file hash ${FILE}
${S_OID} = Put object to NeoFS ${PRIV_KEY} ${FILE} ${CID} ${EMPTY} ${EMPTY}
@ -60,7 +59,7 @@ NeoFS Complex Object Operations
@{S_OBJ_H_OTH} = Create List ${H_OID_OTH}
Run Keyword And Expect Error *
... Search object ${PRIV_KEY} ${CID} ${EMPTY} ${EMPTY} ${EMPTY} @{S_OBJ_ALL}
... Search object ${PRIV_KEY} ${CID} ${EMPTY} ${EMPTY} ${EMPTY} ${S_OBJ_ALL}
Get object from NeoFS ${PRIV_KEY} ${CID} ${S_OID} ${EMPTY} s_file_read
Get object from NeoFS ${PRIV_KEY} ${CID} ${H_OID} ${EMPTY} h_file_read
@ -74,9 +73,9 @@ NeoFS Complex Object Operations
Get Range ${PRIV_KEY} ${CID} ${S_OID} s_get_range ${EMPTY} 0:10
Get Range ${PRIV_KEY} ${CID} ${H_OID} h_get_range ${EMPTY} 0:10
Search object ${PRIV_KEY} ${CID} --root ${EMPTY} ${EMPTY} @{S_OBJ_ALL}
Search object ${PRIV_KEY} ${CID} --root ${EMPTY} ${FILE_USR_HEADER} @{S_OBJ_H}
Search object ${PRIV_KEY} ${CID} --root ${EMPTY} ${FILE_USR_HEADER_OTH} @{S_OBJ_H_OTH}
Search object ${PRIV_KEY} ${CID} --root ${EMPTY} ${EMPTY} ${S_OBJ_ALL}
Search object ${PRIV_KEY} ${CID} --root ${EMPTY} ${FILE_USR_HEADER} ${S_OBJ_H}
Search object ${PRIV_KEY} ${CID} --root ${EMPTY} ${FILE_USR_HEADER_OTH} ${S_OBJ_H_OTH}
Head object ${PRIV_KEY} ${CID} ${S_OID} ${EMPTY}
Head object ${PRIV_KEY} ${CID} ${H_OID} ${EMPTY} ${FILE_USR_HEADER}
@ -105,9 +104,9 @@ NeoFS Complex Object Operations
Cleanup
[Arguments] ${FILE}
@{CLEANUP_FILES} = Create List ${FILE} s_file_read h_file_read s_get_range h_get_range
Cleanup Files @{CLEANUP_FILES}
Get Docker Logs object_complex

View file

@ -68,9 +68,9 @@ NeoFS Simple Object Operations
Get Range ${PRIV_KEY} ${CID} ${S_OID} s_get_range ${EMPTY} 0:10
Get Range ${PRIV_KEY} ${CID} ${H_OID} h_get_range ${EMPTY} 0:10
Search object ${PRIV_KEY} ${CID} ${EMPTY} ${EMPTY} ${EMPTY} @{S_OBJ_ALL}
Search object ${PRIV_KEY} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER} @{S_OBJ_H}
Search object ${PRIV_KEY} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER_OTH} @{S_OBJ_H_OTH}
Search object ${PRIV_KEY} ${CID} ${EMPTY} ${EMPTY} ${EMPTY} ${S_OBJ_ALL}
Search object ${PRIV_KEY} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER} ${S_OBJ_H}
Search object ${PRIV_KEY} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER_OTH} ${S_OBJ_H_OTH}
Head object ${PRIV_KEY} ${CID} ${S_OID} ${EMPTY}
Head object ${PRIV_KEY} ${CID} ${H_OID} ${EMPTY} ${FILE_USR_HEADER}
@ -100,6 +100,7 @@ Cleanup
@{CLEANUP_FILES} = Create List ${FILE} s_file_read h_file_read s_get_range h_get_range
Cleanup Files @{CLEANUP_FILES}
Get Docker Logs object_simple

View file

@ -41,9 +41,8 @@ NeoFS Object Replication
@{NODES_OBJ} = Get nodes with object ${PRIV_KEY} ${CID} ${S_OID}
@{NODES_OBJ_STOPPED} = Stop nodes 1 @{NODES_OBJ}
Sleep 1 min
Validate storage policy for object ${PRIV_KEY} 2 ${CID} ${S_OID}
Wait Until Keyword Succeeds 10 min 1 min
... Validate storage policy for object ${PRIV_KEY} 2 ${CID} ${S_OID}
Start nodes @{NODES_OBJ_STOPPED}
[Teardown] Cleanup ${FILE} @{NODES_OBJ_STOPPED}
@ -55,5 +54,6 @@ Cleanup
[Arguments] ${FILE} @{NODES_OBJ_STOPPED}
Start nodes @{NODES_OBJ_STOPPED}
Cleanup Files ${FILE}
Get Docker Logs replication

View file

@ -25,11 +25,11 @@ NeoFS S3 Gateway
... Transaction accepted in block ${TX_DEPOSIT}
Get Transaction ${TX_DEPOSIT}
${FILE_S3} = Generate file of bytes 20e+6
${FILE_S3} = Generate file of bytes 10e+6
${FILE_S3_HASH} = Get file hash ${FILE_S3}
${FILE_S3_NAME} = Get file name ${FILE_S3}
${FILE_FS} = Generate file of bytes 20e+6
${FILE_FS} = Generate file of bytes 10e+6
${FILE_FS_HASH} = Get file hash ${FILE_FS}
${FILE_FS_NAME} = Get file name ${FILE_FS}
@ -85,6 +85,12 @@ NeoFS S3 Gateway
${LIST_S3_OBJECTS} = List objects S3 ${S3_CLIENT} ${BUCKET}
List Should Not Contain Value ${LIST_S3_OBJECTS} FILE_S3_NAME
[Teardown] Cleanup Files s3_obj_get_fs fs_obj_get_fs s3_obj_get_s3 fs_obj_get_s3
... ${FILE_S3} ${FILE_FS}
[Teardown] Cleanup ${FILE_S3} ${FILE_FS}
*** Keywords ***
Cleanup
[Arguments] ${FILE_S3} ${FILE_FS}
Cleanup Files s3_obj_get_fs fs_obj_get_fs s3_obj_get_s3 fs_obj_get_s3
... ${FILE_S3} ${FILE_FS}
Get Docker Logs s3_gate

View file

@ -30,7 +30,7 @@ NeoFS Deposit and Withdraw
Sleep 1 min
Expexted Mainnet Balance ${ADDR} 4.84454920
Expexted Mainnet Balance ${ADDR} 4.85019610
${NEOFS_BALANCE} = Get Balance ${PRIV_KEY}
${TX} = Withdraw Mainnet Gas ${WALLET} ${ADDR} ${SCRIPT_HASH} 50
@ -40,5 +40,11 @@ NeoFS Deposit and Withdraw
Sleep 1 min
Get Balance ${PRIV_KEY}
Expected Balance ${PRIV_KEY} ${NEOFS_BALANCE} -50
Expexted Mainnet Balance ${ADDR} 54.80800160
Expexted Mainnet Balance ${ADDR} 54.81699450
[Teardown] Cleanup
*** Keywords ***
Cleanup
Get Docker Logs withdraw