import random import allure import pytest from frostfs_testlib import reporter from frostfs_testlib.cli.frostfs_cli.cli import FrostfsCli from frostfs_testlib.resources.error_patterns import SESSION_NOT_FOUND from frostfs_testlib.steps.cli.object import delete_object, put_object, put_object_to_random_node from frostfs_testlib.steps.session_token import create_session_token from frostfs_testlib.storage.dataclasses.object_size import ObjectSize from frostfs_testlib.storage.dataclasses.wallet import WalletInfo from frostfs_testlib.testing.cluster_test_base import ClusterTestBase from frostfs_testlib.utils.file_utils import generate_file from workspace.frostfs_testcases.pytest_tests.helpers.container_creation import create_container_with_ape from workspace.frostfs_testcases.pytest_tests.helpers.container_request import APE_OWNER_ALLOW_ALL, ContainerRequest @pytest.mark.nightly @pytest.mark.sanity @pytest.mark.session_token class TestDynamicObjectSession(ClusterTestBase): @allure.title("Object Operations with Session Token (obj_size={object_size})") @pytest.mark.parametrize("user_tag", ["TestDynamicObjectSession"], indirect=True) # provide dedicated user with no APE side-policies def test_object_session_token(self, wallet: WalletInfo, frostfs_cli: FrostfsCli, object_size: ObjectSize): """ Test how operations over objects are executed with a session token Steps: 1. Create a private container 2. Obj operation requests to the node which IS NOT in the container but granted with a session token 3. Obj operation requests to the node which IS in the container and NOT granted with a session token 4. Obj operation requests to the node which IS NOT in the container and NOT granted with a session token """ with reporter.step("Nodes Settlements"): session_token_node, container_node, non_container_node = random.sample(self.cluster.storage_nodes, 3) with reporter.step("Create Session Token"): session_token = create_session_token( shell=self.shell, owner=wallet.get_address(), wallet=wallet, rpc_endpoint=session_token_node.get_rpc_endpoint(), ) with reporter.step("Create Private Container"): un_locode = container_node.get_un_locode() locode = "SPB" if un_locode == "RU LED" else un_locode.split()[1] placement_policy = ( f"REP 1 IN LOC_{locode}_PLACE CBF 1 SELECT 1 FROM LOC_{locode} " f'AS LOC_{locode}_PLACE FILTER "UN-LOCODE" ' f'EQ "{un_locode}" AS LOC_{locode}' ) cid = create_container_with_ape( ContainerRequest(placement_policy, APE_OWNER_ALLOW_ALL), frostfs_cli, wallet, self.shell, self.cluster, self.cluster.default_rpc_endpoint, ) with reporter.step("Put Objects"): file_path = generate_file(object_size.value) oid = put_object_to_random_node( wallet=wallet, path=file_path, cid=cid, shell=self.shell, cluster=self.cluster, ) oid_delete = put_object_to_random_node( wallet=wallet, path=file_path, cid=cid, shell=self.shell, cluster=self.cluster, ) with reporter.step("Node not in container but granted a session token"): put_object( wallet=wallet, path=file_path, cid=cid, shell=self.shell, endpoint=session_token_node.get_rpc_endpoint(), session=session_token, ) delete_object( wallet=wallet, cid=cid, oid=oid_delete, shell=self.shell, endpoint=session_token_node.get_rpc_endpoint(), session=session_token, ) with reporter.step("Node in container and not granted a session token"): with pytest.raises(Exception, match=SESSION_NOT_FOUND): put_object( wallet=wallet, path=file_path, cid=cid, shell=self.shell, endpoint=container_node.get_rpc_endpoint(), session=session_token, ) with pytest.raises(Exception, match=SESSION_NOT_FOUND): delete_object( wallet=wallet, cid=cid, oid=oid, shell=self.shell, endpoint=container_node.get_rpc_endpoint(), session=session_token, ) with reporter.step("Node not in container and not granted a session token"): with pytest.raises(Exception, match=SESSION_NOT_FOUND): put_object( wallet=wallet, path=file_path, cid=cid, shell=self.shell, endpoint=non_container_node.get_rpc_endpoint(), session=session_token, ) with pytest.raises(Exception, match=SESSION_NOT_FOUND): delete_object( wallet=wallet, cid=cid, oid=oid, shell=self.shell, endpoint=non_container_node.get_rpc_endpoint(), session=session_token, )