import allure import pytest from frostfs_testlib import reporter from frostfs_testlib.resources.error_patterns import ADD_CHAIN_ERROR from frostfs_testlib.storage.grpc_operations.client_wrappers import CliClientWrapper from frostfs_testlib.testing.cluster_test_base import ClusterTestBase @pytest.mark.ape @pytest.mark.ape_iam class TestApeIAM(ClusterTestBase): @allure.title("[NEGATIVE] Create policy using another user wallet") def test_negative_policy_another_user_wallet_frostfs_cli( self, grpc_client: CliClientWrapper, grpc_second_client: CliClientWrapper, ): with reporter.step("Create container for first user"): cid = grpc_client.container.create( endpoint=self.cluster.storage_nodes[0].get_rpc_endpoint(), policy="REP 2 IN X CBF 1 SELECT 2 FROM * AS X", await_mode=True, ) with reporter.step("[NEGATIVE] Create policy using another user wallet"): with pytest.raises(RuntimeError, match=ADD_CHAIN_ERROR): grpc_second_client.cli.ape_manager.add( rpc_endpoint=self.cluster.default_rpc_endpoint, target_type="container", target_name=f"{cid}", chain_id="allowDeleteObject", rule=f"allow Object.Head Object.Delete kapusta/{cid}/*", )