[#191] EACL_KEY -> WALLET_ALLOW
Signed-off-by: Elizaveta Chichindaeva <elizaveta@nspcc.ru>
This commit is contained in:
parent
dddffdc95a
commit
6394d9e362
5 changed files with 58 additions and 204 deletions
|
@ -1,158 +0,0 @@
|
||||||
{
|
|
||||||
"records": [
|
|
||||||
{
|
|
||||||
"operation": "GET",
|
|
||||||
"action": "ALLOW",
|
|
||||||
"filters": [],
|
|
||||||
"targets": [
|
|
||||||
{
|
|
||||||
"keys": [
|
|
||||||
"A9tDy6Ye+UimXCCzJrlAmRE0FDZHjf3XRyya9rELtgAA"
|
|
||||||
]
|
|
||||||
}
|
|
||||||
]
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"operation": "HEAD",
|
|
||||||
"action": "ALLOW",
|
|
||||||
"filters": [],
|
|
||||||
"targets": [
|
|
||||||
{
|
|
||||||
"keys": [
|
|
||||||
"A9tDy6Ye+UimXCCzJrlAmRE0FDZHjf3XRyya9rELtgAA"
|
|
||||||
]
|
|
||||||
}
|
|
||||||
]
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"operation": "PUT",
|
|
||||||
"action": "ALLOW",
|
|
||||||
"filters": [],
|
|
||||||
"targets": [
|
|
||||||
{
|
|
||||||
"keys": [
|
|
||||||
"A9tDy6Ye+UimXCCzJrlAmRE0FDZHjf3XRyya9rELtgAA"
|
|
||||||
]
|
|
||||||
}
|
|
||||||
]
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"operation": "DELETE",
|
|
||||||
"action": "ALLOW",
|
|
||||||
"filters": [],
|
|
||||||
"targets": [
|
|
||||||
{
|
|
||||||
"keys": [
|
|
||||||
"A9tDy6Ye+UimXCCzJrlAmRE0FDZHjf3XRyya9rELtgAA"
|
|
||||||
]
|
|
||||||
}
|
|
||||||
]
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"operation": "SEARCH",
|
|
||||||
"action": "ALLOW",
|
|
||||||
"filters": [],
|
|
||||||
"targets": [
|
|
||||||
{
|
|
||||||
"keys": [
|
|
||||||
"A9tDy6Ye+UimXCCzJrlAmRE0FDZHjf3XRyya9rELtgAA"
|
|
||||||
]
|
|
||||||
}
|
|
||||||
]
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"operation": "GETRANGE",
|
|
||||||
"action": "ALLOW",
|
|
||||||
"filters": [],
|
|
||||||
"targets": [
|
|
||||||
{
|
|
||||||
"keys": [
|
|
||||||
"A9tDy6Ye+UimXCCzJrlAmRE0FDZHjf3XRyya9rELtgAA"
|
|
||||||
]
|
|
||||||
}
|
|
||||||
]
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"operation": "GETRANGEHASH",
|
|
||||||
"action": "ALLOW",
|
|
||||||
"filters": [],
|
|
||||||
"targets": [
|
|
||||||
{
|
|
||||||
"keys": [
|
|
||||||
"A9tDy6Ye+UimXCCzJrlAmRE0FDZHjf3XRyya9rELtgAA"
|
|
||||||
]
|
|
||||||
}
|
|
||||||
]
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"operation": "GET",
|
|
||||||
"action": "DENY",
|
|
||||||
"filters": [],
|
|
||||||
"targets": [
|
|
||||||
{
|
|
||||||
"role": "OTHERS"
|
|
||||||
}
|
|
||||||
]
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"operation": "HEAD",
|
|
||||||
"action": "DENY",
|
|
||||||
"filters": [],
|
|
||||||
"targets": [
|
|
||||||
{
|
|
||||||
"role": "OTHERS"
|
|
||||||
}
|
|
||||||
]
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"operation": "PUT",
|
|
||||||
"action": "DENY",
|
|
||||||
"filters": [],
|
|
||||||
"targets": [
|
|
||||||
{
|
|
||||||
"role": "OTHERS"
|
|
||||||
}
|
|
||||||
]
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"operation": "DELETE",
|
|
||||||
"action": "DENY",
|
|
||||||
"filters": [],
|
|
||||||
"targets": [
|
|
||||||
{
|
|
||||||
"role": "OTHERS"
|
|
||||||
}
|
|
||||||
]
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"operation": "SEARCH",
|
|
||||||
"action": "DENY",
|
|
||||||
"filters": [],
|
|
||||||
"targets": [
|
|
||||||
{
|
|
||||||
"role": "OTHERS"
|
|
||||||
}
|
|
||||||
]
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"operation": "GETRANGE",
|
|
||||||
"action": "DENY",
|
|
||||||
"filters": [],
|
|
||||||
"targets": [
|
|
||||||
{
|
|
||||||
"role": "OTHERS"
|
|
||||||
}
|
|
||||||
]
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"operation": "GETRANGEHASH",
|
|
||||||
"action": "DENY",
|
|
||||||
"filters": [],
|
|
||||||
"targets": [
|
|
||||||
{
|
|
||||||
"role": "OTHERS"
|
|
||||||
}
|
|
||||||
]
|
|
||||||
}
|
|
||||||
]
|
|
||||||
}
|
|
|
@ -10,6 +10,7 @@ from enum import Enum, auto
|
||||||
import base58
|
import base58
|
||||||
from cli_helpers import _cmd_run
|
from cli_helpers import _cmd_run
|
||||||
from common import ASSETS_DIR, NEOFS_ENDPOINT, WALLET_CONFIG
|
from common import ASSETS_DIR, NEOFS_ENDPOINT, WALLET_CONFIG
|
||||||
|
from neo3 import wallet
|
||||||
from robot.api import logger
|
from robot.api import logger
|
||||||
from robot.api.deco import keyword
|
from robot.api.deco import keyword
|
||||||
|
|
||||||
|
@ -36,9 +37,9 @@ class Role(AutoName):
|
||||||
|
|
||||||
|
|
||||||
@keyword('Get eACL')
|
@keyword('Get eACL')
|
||||||
def get_eacl(wallet: str, cid: str):
|
def get_eacl(wallet_path: str, cid: str):
|
||||||
cmd = (
|
cmd = (
|
||||||
f'{NEOFS_CLI_EXEC} --rpc-endpoint {NEOFS_ENDPOINT} --wallet {wallet} '
|
f'{NEOFS_CLI_EXEC} --rpc-endpoint {NEOFS_ENDPOINT} --wallet {wallet_path} '
|
||||||
f'container get-eacl --cid {cid} --config {WALLET_CONFIG}'
|
f'container get-eacl --cid {cid} --config {WALLET_CONFIG}'
|
||||||
)
|
)
|
||||||
try:
|
try:
|
||||||
|
@ -53,9 +54,9 @@ def get_eacl(wallet: str, cid: str):
|
||||||
|
|
||||||
|
|
||||||
@keyword('Set eACL')
|
@keyword('Set eACL')
|
||||||
def set_eacl(wallet: str, cid: str, eacl_table_path: str):
|
def set_eacl(wallet_path: str, cid: str, eacl_table_path: str):
|
||||||
cmd = (
|
cmd = (
|
||||||
f'{NEOFS_CLI_EXEC} --rpc-endpoint {NEOFS_ENDPOINT} --wallet {wallet} '
|
f'{NEOFS_CLI_EXEC} --rpc-endpoint {NEOFS_ENDPOINT} --wallet {wallet_path} '
|
||||||
f'container set-eacl --cid {cid} --table {eacl_table_path} --config {WALLET_CONFIG} --await'
|
f'container set-eacl --cid {cid} --table {eacl_table_path} --config {WALLET_CONFIG} --await'
|
||||||
)
|
)
|
||||||
_cmd_run(cmd)
|
_cmd_run(cmd)
|
||||||
|
@ -159,10 +160,37 @@ def form_bearertoken_file(wif: str, cid: str, eacl_records: list) -> str:
|
||||||
sign_bearer_token(wif, file_path)
|
sign_bearer_token(wif, file_path)
|
||||||
return file_path
|
return file_path
|
||||||
|
|
||||||
|
@keyword('EACL Rules')
|
||||||
|
def eacl_rules(access: str, verbs: list, user: str):
|
||||||
|
"""
|
||||||
|
This function creates a list of eACL rules.
|
||||||
|
Args:
|
||||||
|
access (str): identifies if the following operation(s)
|
||||||
|
is allowed or denied
|
||||||
|
verbs (list): a list of operations to set rules for
|
||||||
|
user (str): a group of users (user/others) or a wallet of
|
||||||
|
a certain user for whom rules are set
|
||||||
|
Returns:
|
||||||
|
(list): a list of eACL rules
|
||||||
|
"""
|
||||||
|
if user not in ('others', 'user'):
|
||||||
|
wallet_content = ''
|
||||||
|
with open(user) as out:
|
||||||
|
wallet_content = json.load(out)
|
||||||
|
wallet_from_json = wallet.Wallet.from_json(wallet_content, password="")
|
||||||
|
pub_key_64 = str(wallet_from_json.accounts[0].public_key)
|
||||||
|
user = f"pubkey:{pub_key_64}"
|
||||||
|
|
||||||
def sign_bearer_token(wallet: str, eacl_rules_file: str):
|
rules = []
|
||||||
|
for verb in verbs:
|
||||||
|
elements = [access, verb, user]
|
||||||
|
rules.append(' '.join(elements))
|
||||||
|
return rules
|
||||||
|
|
||||||
|
|
||||||
|
def sign_bearer_token(wallet_path: str, eacl_rules_file: str):
|
||||||
cmd = (
|
cmd = (
|
||||||
f'{NEOFS_CLI_EXEC} util sign bearer-token --from {eacl_rules_file} '
|
f'{NEOFS_CLI_EXEC} util sign bearer-token --from {eacl_rules_file} '
|
||||||
f'--to {eacl_rules_file} --wallet {wallet} --config {WALLET_CONFIG} --json'
|
f'--to {eacl_rules_file} --wallet {wallet_path} --config {WALLET_CONFIG} --json'
|
||||||
)
|
)
|
||||||
_cmd_run(cmd)
|
_cmd_run(cmd)
|
||||||
|
|
|
@ -9,12 +9,11 @@ import uuid
|
||||||
import docker
|
import docker
|
||||||
import wallet
|
import wallet
|
||||||
from common import ASSETS_DIR, SIMPLE_OBJ_SIZE
|
from common import ASSETS_DIR, SIMPLE_OBJ_SIZE
|
||||||
|
from cli_helpers import _cmd_run
|
||||||
from robot.api import logger
|
from robot.api import logger
|
||||||
from robot.api.deco import keyword
|
from robot.api.deco import keyword
|
||||||
from robot.libraries.BuiltIn import BuiltIn
|
from robot.libraries.BuiltIn import BuiltIn
|
||||||
|
|
||||||
from cli_helpers import _cmd_run
|
|
||||||
|
|
||||||
ROBOT_AUTO_KEYWORDS = False
|
ROBOT_AUTO_KEYWORDS = False
|
||||||
|
|
||||||
|
|
||||||
|
@ -71,13 +70,6 @@ def generate_wallet():
|
||||||
return wallet.init_wallet(ASSETS_DIR)
|
return wallet.init_wallet(ASSETS_DIR)
|
||||||
|
|
||||||
|
|
||||||
# TODO: should be deleted in the scope
|
|
||||||
# of https://github.com/nspcc-dev/neofs-testcases/issues/191
|
|
||||||
@keyword('Init Wallet from WIF')
|
|
||||||
def init_wallet_from_wif(dir_path: str, wif: str):
|
|
||||||
return wallet.init_wallet_from_wif(dir_path, wif)
|
|
||||||
|
|
||||||
|
|
||||||
@keyword('Get Docker Logs')
|
@keyword('Get Docker Logs')
|
||||||
def get_container_logs(testcase_name: str) -> None:
|
def get_container_logs(testcase_name: str) -> None:
|
||||||
client = docker.APIClient(base_url='unix://var/run/docker.sock')
|
client = docker.APIClient(base_url='unix://var/run/docker.sock')
|
||||||
|
|
|
@ -20,15 +20,3 @@ Prepare Wallet And Deposit
|
||||||
Sleep ${MORPH_BLOCK_TIME}
|
Sleep ${MORPH_BLOCK_TIME}
|
||||||
|
|
||||||
[Return] ${WALLET} ${ADDR} ${WIF}
|
[Return] ${WALLET} ${ADDR} ${WIF}
|
||||||
|
|
||||||
# TODO: should be deleted in the scope of https://github.com/nspcc-dev/neofs-testcases/issues/191
|
|
||||||
Prepare Wallet with WIF And Deposit
|
|
||||||
[Arguments] ${WIF} ${DEPOSIT}=${30}
|
|
||||||
|
|
||||||
${WALLET}
|
|
||||||
... ${ADDR} = Init Wallet from WIF ${ASSETS_DIR} ${WIF}
|
|
||||||
Transfer Mainnet Gas ${WALLET} ${DEPOSIT+1}
|
|
||||||
NeoFS Deposit ${WALLET} ${DEPOSIT}
|
|
||||||
Sleep ${MORPH_BLOCK_TIME}
|
|
||||||
|
|
||||||
[Return] ${WALLET} ${ADDR}
|
|
||||||
|
|
|
@ -5,6 +5,7 @@ Library acl.py
|
||||||
Library container.py
|
Library container.py
|
||||||
Library neofs_verbs.py
|
Library neofs_verbs.py
|
||||||
Library utility_keywords.py
|
Library utility_keywords.py
|
||||||
|
Library Collections
|
||||||
|
|
||||||
Resource common_steps_acl_extended.robot
|
Resource common_steps_acl_extended.robot
|
||||||
Resource payment_operations.robot
|
Resource payment_operations.robot
|
||||||
|
@ -12,7 +13,6 @@ Resource setup_teardown.robot
|
||||||
Resource eacl_tables.robot
|
Resource eacl_tables.robot
|
||||||
|
|
||||||
*** Variables ***
|
*** Variables ***
|
||||||
${EACL_KEY} = L1FGTLE6shum3EC7mNTPArUqSCKnmtEweRzyuawtYRZwGjpeRuw1
|
|
||||||
&{USER_HEADER} = key1=1 key2=abc
|
&{USER_HEADER} = key1=1 key2=abc
|
||||||
&{USER_HEADER_DEL} = key1=del key2=del
|
&{USER_HEADER_DEL} = key1=del key2=del
|
||||||
&{ANOTHER_HEADER} = key1=oth key2=oth
|
&{ANOTHER_HEADER} = key1=oth key2=oth
|
||||||
|
@ -48,20 +48,24 @@ Check eACL Deny All Other and Allow All Pubkey
|
||||||
${CID} = Create Container ${USER_WALLET} basic_acl=eacl-public-read-write
|
${CID} = Create Container ${USER_WALLET} basic_acl=eacl-public-read-write
|
||||||
${S_OID_USER} = Put object ${USER_WALLET} ${FILE_S} ${CID} user_headers=${USER_HEADER}
|
${S_OID_USER} = Put object ${USER_WALLET} ${FILE_S} ${CID} user_headers=${USER_HEADER}
|
||||||
${D_OID_USER} = Put object ${USER_WALLET} ${FILE_S} ${CID} user_headers=${USER_HEADER_DEL}
|
${D_OID_USER} = Put object ${USER_WALLET} ${FILE_S} ${CID} user_headers=${USER_HEADER_DEL}
|
||||||
@{S_OBJ_H} = Create List ${S_OID_USER}
|
@{S_OBJ_H} = Create List ${S_OID_USER}
|
||||||
|
|
||||||
# TODO: should be deleted in the scope of https://github.com/nspcc-dev/neofs-testcases/issues/191
|
${WALLET_ALLOW} ${_} ${_} = Prepare Wallet And Deposit
|
||||||
${WALLET_EACL} ${_} = Prepare Wallet with WIF And Deposit ${EACL_KEY}
|
|
||||||
|
|
||||||
Put object ${WALLET_EACL} ${FILE_S} ${CID} user_headers=${ANOTHER_HEADER}
|
Put object ${WALLET_ALLOW} ${FILE_S} ${CID} user_headers=${ANOTHER_HEADER}
|
||||||
Get object ${WALLET_EACL} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl
|
Get object ${WALLET_ALLOW} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl
|
||||||
Search object ${WALLET_EACL} ${CID} ${EMPTY} ${EMPTY} ${USER_HEADER} ${S_OBJ_H}
|
Search object ${WALLET_ALLOW} ${CID} ${EMPTY} ${EMPTY} ${USER_HEADER} ${S_OBJ_H}
|
||||||
Head object ${WALLET_EACL} ${CID} ${S_OID_USER}
|
Head object ${WALLET_ALLOW} ${CID} ${S_OID_USER}
|
||||||
Get Range ${WALLET_EACL} ${CID} ${S_OID_USER} s_get_range ${EMPTY} 0:256
|
Get Range ${WALLET_ALLOW} ${CID} ${S_OID_USER} s_get_range ${EMPTY} 0:256
|
||||||
Get Range Hash ${WALLET_EACL} ${CID} ${S_OID_USER} ${EMPTY} 0:256
|
Get Range Hash ${WALLET_ALLOW} ${CID} ${S_OID_USER} ${EMPTY} 0:256
|
||||||
Delete object ${WALLET_EACL} ${CID} ${D_OID_USER}
|
Delete object ${WALLET_ALLOW} ${CID} ${D_OID_USER}
|
||||||
|
|
||||||
Set eACL ${USER_WALLET} ${CID} ${EACL_ALLOW_ALL_Pubkey}
|
@{VERBS} = Create List get head put delete search getrange getrangehash
|
||||||
|
${RULES_OTH} = EACL Rules deny ${VERBS} others
|
||||||
|
${RULES_PUB} = EACL Rules allow ${VERBS} ${WALLET_ALLOW}
|
||||||
|
${eACL_gen} = Combine Lists ${RULES_PUB} ${RULES_OTH}
|
||||||
|
${EACL_TABLE} = Create eACL ${CID} ${eACL_gen}
|
||||||
|
Set EACL ${USER_WALLET} ${CID} ${EACL_TABLE}
|
||||||
|
|
||||||
# The current ACL cache lifetime is 30 sec
|
# The current ACL cache lifetime is 30 sec
|
||||||
Sleep ${NEOFS_CONTRACT_CACHE_TIMEOUT}
|
Sleep ${NEOFS_CONTRACT_CACHE_TIMEOUT}
|
||||||
|
@ -83,10 +87,10 @@ Check eACL Deny All Other and Allow All Pubkey
|
||||||
Run Keyword And Expect Error *
|
Run Keyword And Expect Error *
|
||||||
... Delete object ${WALLET_OTH} ${CID} ${S_OID_USER}
|
... Delete object ${WALLET_OTH} ${CID} ${S_OID_USER}
|
||||||
|
|
||||||
Put object ${WALLET_EACL} ${FILE_S} ${CID} user_headers=${ANOTHER_HEADER}
|
Put object ${WALLET_ALLOW} ${FILE_S} ${CID} user_headers=${ANOTHER_HEADER}
|
||||||
Get object ${WALLET_EACL} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl
|
Get object ${WALLET_ALLOW} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl
|
||||||
Search object ${WALLET_EACL} ${CID} ${EMPTY} ${EMPTY} ${USER_HEADER} ${S_OBJ_H}
|
Search object ${WALLET_ALLOW} ${CID} ${EMPTY} ${EMPTY} ${USER_HEADER} ${S_OBJ_H}
|
||||||
Head object ${WALLET_EACL} ${CID} ${S_OID_USER}
|
Head object ${WALLET_ALLOW} ${CID} ${S_OID_USER}
|
||||||
Get Range ${WALLET_EACL} ${CID} ${S_OID_USER} s_get_range ${EMPTY} 0:256
|
Get Range ${WALLET_ALLOW} ${CID} ${S_OID_USER} s_get_range ${EMPTY} 0:256
|
||||||
Get Range Hash ${WALLET_EACL} ${CID} ${S_OID_USER} ${EMPTY} 0:256
|
Get Range Hash ${WALLET_ALLOW} ${CID} ${S_OID_USER} ${EMPTY} 0:256
|
||||||
Delete object ${WALLET_EACL} ${CID} ${S_OID_USER}
|
Delete object ${WALLET_ALLOW} ${CID} ${S_OID_USER}
|
||||||
|
|
Loading…
Reference in a new issue