static eacl tables
Signed-off-by: anastasia prasolova <anastasia@nspcc.ru>
This commit is contained in:
parent
28af257f8f
commit
a3f7583706
37 changed files with 1607 additions and 281 deletions
74
robot/resources/files/eacl_tables/gen_eacl_allow_all_OTHERS
Normal file
74
robot/resources/files/eacl_tables/gen_eacl_allow_all_OTHERS
Normal file
|
@ -0,0 +1,74 @@
|
||||||
|
{
|
||||||
|
"records": [
|
||||||
|
{
|
||||||
|
"operation": "GET",
|
||||||
|
"action": "ALLOW",
|
||||||
|
"filters": [],
|
||||||
|
"targets": [
|
||||||
|
{
|
||||||
|
"role": "OTHERS"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"operation": "HEAD",
|
||||||
|
"action": "ALLOW",
|
||||||
|
"filters": [],
|
||||||
|
"targets": [
|
||||||
|
{
|
||||||
|
"role": "OTHERS"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"operation": "PUT",
|
||||||
|
"action": "ALLOW",
|
||||||
|
"filters": [],
|
||||||
|
"targets": [
|
||||||
|
{
|
||||||
|
"role": "OTHERS"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"operation": "DELETE",
|
||||||
|
"action": "ALLOW",
|
||||||
|
"filters": [],
|
||||||
|
"targets": [
|
||||||
|
{
|
||||||
|
"role": "OTHERS"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"operation": "SEARCH",
|
||||||
|
"action": "ALLOW",
|
||||||
|
"filters": [],
|
||||||
|
"targets": [
|
||||||
|
{
|
||||||
|
"role": "OTHERS"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"operation": "GETRANGE",
|
||||||
|
"action": "ALLOW",
|
||||||
|
"filters": [],
|
||||||
|
"targets": [
|
||||||
|
{
|
||||||
|
"role": "OTHERS"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"operation": "GETRANGEHASH",
|
||||||
|
"action": "ALLOW",
|
||||||
|
"filters": [],
|
||||||
|
"targets": [
|
||||||
|
{
|
||||||
|
"role": "OTHERS"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
74
robot/resources/files/eacl_tables/gen_eacl_allow_all_SYSTEM
Normal file
74
robot/resources/files/eacl_tables/gen_eacl_allow_all_SYSTEM
Normal file
|
@ -0,0 +1,74 @@
|
||||||
|
{
|
||||||
|
"records": [
|
||||||
|
{
|
||||||
|
"operation": "GET",
|
||||||
|
"action": "ALLOW",
|
||||||
|
"filters": [],
|
||||||
|
"targets": [
|
||||||
|
{
|
||||||
|
"role": "SYSTEM"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"operation": "HEAD",
|
||||||
|
"action": "ALLOW",
|
||||||
|
"filters": [],
|
||||||
|
"targets": [
|
||||||
|
{
|
||||||
|
"role": "SYSTEM"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"operation": "PUT",
|
||||||
|
"action": "ALLOW",
|
||||||
|
"filters": [],
|
||||||
|
"targets": [
|
||||||
|
{
|
||||||
|
"role": "SYSTEM"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"operation": "DELETE",
|
||||||
|
"action": "ALLOW",
|
||||||
|
"filters": [],
|
||||||
|
"targets": [
|
||||||
|
{
|
||||||
|
"role": "SYSTEM"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"operation": "SEARCH",
|
||||||
|
"action": "ALLOW",
|
||||||
|
"filters": [],
|
||||||
|
"targets": [
|
||||||
|
{
|
||||||
|
"role": "SYSTEM"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"operation": "GETRANGE",
|
||||||
|
"action": "ALLOW",
|
||||||
|
"filters": [],
|
||||||
|
"targets": [
|
||||||
|
{
|
||||||
|
"role": "SYSTEM"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"operation": "GETRANGEHASH",
|
||||||
|
"action": "ALLOW",
|
||||||
|
"filters": [],
|
||||||
|
"targets": [
|
||||||
|
{
|
||||||
|
"role": "SYSTEM"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
74
robot/resources/files/eacl_tables/gen_eacl_allow_all_USER
Normal file
74
robot/resources/files/eacl_tables/gen_eacl_allow_all_USER
Normal file
|
@ -0,0 +1,74 @@
|
||||||
|
{
|
||||||
|
"records": [
|
||||||
|
{
|
||||||
|
"operation": "GET",
|
||||||
|
"action": "ALLOW",
|
||||||
|
"filters": [],
|
||||||
|
"targets": [
|
||||||
|
{
|
||||||
|
"role": "USER"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"operation": "HEAD",
|
||||||
|
"action": "ALLOW",
|
||||||
|
"filters": [],
|
||||||
|
"targets": [
|
||||||
|
{
|
||||||
|
"role": "USER"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"operation": "PUT",
|
||||||
|
"action": "ALLOW",
|
||||||
|
"filters": [],
|
||||||
|
"targets": [
|
||||||
|
{
|
||||||
|
"role": "USER"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"operation": "DELETE",
|
||||||
|
"action": "ALLOW",
|
||||||
|
"filters": [],
|
||||||
|
"targets": [
|
||||||
|
{
|
||||||
|
"role": "USER"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"operation": "SEARCH",
|
||||||
|
"action": "ALLOW",
|
||||||
|
"filters": [],
|
||||||
|
"targets": [
|
||||||
|
{
|
||||||
|
"role": "USER"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"operation": "GETRANGE",
|
||||||
|
"action": "ALLOW",
|
||||||
|
"filters": [],
|
||||||
|
"targets": [
|
||||||
|
{
|
||||||
|
"role": "USER"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"operation": "GETRANGEHASH",
|
||||||
|
"action": "ALLOW",
|
||||||
|
"filters": [],
|
||||||
|
"targets": [
|
||||||
|
{
|
||||||
|
"role": "USER"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
|
@ -0,0 +1,158 @@
|
||||||
|
{
|
||||||
|
"records": [
|
||||||
|
{
|
||||||
|
"operation": "GET",
|
||||||
|
"action": "ALLOW",
|
||||||
|
"filters": [],
|
||||||
|
"targets": [
|
||||||
|
{
|
||||||
|
"keys": [
|
||||||
|
"A9tDy6Ye+UimXCCzJrlAmRE0FDZHjf3XRyya9rELtgAA"
|
||||||
|
]
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"operation": "HEAD",
|
||||||
|
"action": "ALLOW",
|
||||||
|
"filters": [],
|
||||||
|
"targets": [
|
||||||
|
{
|
||||||
|
"keys": [
|
||||||
|
"A9tDy6Ye+UimXCCzJrlAmRE0FDZHjf3XRyya9rELtgAA"
|
||||||
|
]
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"operation": "PUT",
|
||||||
|
"action": "ALLOW",
|
||||||
|
"filters": [],
|
||||||
|
"targets": [
|
||||||
|
{
|
||||||
|
"keys": [
|
||||||
|
"A9tDy6Ye+UimXCCzJrlAmRE0FDZHjf3XRyya9rELtgAA"
|
||||||
|
]
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"operation": "DELETE",
|
||||||
|
"action": "ALLOW",
|
||||||
|
"filters": [],
|
||||||
|
"targets": [
|
||||||
|
{
|
||||||
|
"keys": [
|
||||||
|
"A9tDy6Ye+UimXCCzJrlAmRE0FDZHjf3XRyya9rELtgAA"
|
||||||
|
]
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"operation": "SEARCH",
|
||||||
|
"action": "ALLOW",
|
||||||
|
"filters": [],
|
||||||
|
"targets": [
|
||||||
|
{
|
||||||
|
"keys": [
|
||||||
|
"A9tDy6Ye+UimXCCzJrlAmRE0FDZHjf3XRyya9rELtgAA"
|
||||||
|
]
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"operation": "GETRANGE",
|
||||||
|
"action": "ALLOW",
|
||||||
|
"filters": [],
|
||||||
|
"targets": [
|
||||||
|
{
|
||||||
|
"keys": [
|
||||||
|
"A9tDy6Ye+UimXCCzJrlAmRE0FDZHjf3XRyya9rELtgAA"
|
||||||
|
]
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"operation": "GETRANGEHASH",
|
||||||
|
"action": "ALLOW",
|
||||||
|
"filters": [],
|
||||||
|
"targets": [
|
||||||
|
{
|
||||||
|
"keys": [
|
||||||
|
"A9tDy6Ye+UimXCCzJrlAmRE0FDZHjf3XRyya9rELtgAA"
|
||||||
|
]
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"operation": "GET",
|
||||||
|
"action": "DENY",
|
||||||
|
"filters": [],
|
||||||
|
"targets": [
|
||||||
|
{
|
||||||
|
"role": "OTHERS"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"operation": "HEAD",
|
||||||
|
"action": "DENY",
|
||||||
|
"filters": [],
|
||||||
|
"targets": [
|
||||||
|
{
|
||||||
|
"role": "OTHERS"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"operation": "PUT",
|
||||||
|
"action": "DENY",
|
||||||
|
"filters": [],
|
||||||
|
"targets": [
|
||||||
|
{
|
||||||
|
"role": "OTHERS"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"operation": "DELETE",
|
||||||
|
"action": "DENY",
|
||||||
|
"filters": [],
|
||||||
|
"targets": [
|
||||||
|
{
|
||||||
|
"role": "OTHERS"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"operation": "SEARCH",
|
||||||
|
"action": "DENY",
|
||||||
|
"filters": [],
|
||||||
|
"targets": [
|
||||||
|
{
|
||||||
|
"role": "OTHERS"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"operation": "GETRANGE",
|
||||||
|
"action": "DENY",
|
||||||
|
"filters": [],
|
||||||
|
"targets": [
|
||||||
|
{
|
||||||
|
"role": "OTHERS"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"operation": "GETRANGEHASH",
|
||||||
|
"action": "DENY",
|
||||||
|
"filters": [],
|
||||||
|
"targets": [
|
||||||
|
{
|
||||||
|
"role": "OTHERS"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
|
@ -0,0 +1,34 @@
|
||||||
|
{
|
||||||
|
"records": [
|
||||||
|
{
|
||||||
|
"operation": "DELETE",
|
||||||
|
"action": "ALLOW",
|
||||||
|
"filters": [],
|
||||||
|
"targets": [
|
||||||
|
{
|
||||||
|
"role": "OTHERS"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"operation": "PUT",
|
||||||
|
"action": "DENY",
|
||||||
|
"filters": [],
|
||||||
|
"targets": [
|
||||||
|
{
|
||||||
|
"role": "OTHERS"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"operation": "HEAD",
|
||||||
|
"action": "DENY",
|
||||||
|
"filters": [],
|
||||||
|
"targets": [
|
||||||
|
{
|
||||||
|
"role": "OTHERS"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
|
@ -0,0 +1,34 @@
|
||||||
|
{
|
||||||
|
"records": [
|
||||||
|
{
|
||||||
|
"operation": "DELETE",
|
||||||
|
"action": "ALLOW",
|
||||||
|
"filters": [],
|
||||||
|
"targets": [
|
||||||
|
{
|
||||||
|
"role": "SYSTEM"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"operation": "PUT",
|
||||||
|
"action": "DENY",
|
||||||
|
"filters": [],
|
||||||
|
"targets": [
|
||||||
|
{
|
||||||
|
"role": "SYSTEM"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"operation": "HEAD",
|
||||||
|
"action": "DENY",
|
||||||
|
"filters": [],
|
||||||
|
"targets": [
|
||||||
|
{
|
||||||
|
"role": "SYSTEM"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
34
robot/resources/files/eacl_tables/gen_eacl_compound_del_USER
Normal file
34
robot/resources/files/eacl_tables/gen_eacl_compound_del_USER
Normal file
|
@ -0,0 +1,34 @@
|
||||||
|
{
|
||||||
|
"records": [
|
||||||
|
{
|
||||||
|
"operation": "DELETE",
|
||||||
|
"action": "ALLOW",
|
||||||
|
"filters": [],
|
||||||
|
"targets": [
|
||||||
|
{
|
||||||
|
"role": "USER"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"operation": "PUT",
|
||||||
|
"action": "DENY",
|
||||||
|
"filters": [],
|
||||||
|
"targets": [
|
||||||
|
{
|
||||||
|
"role": "USER"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"operation": "HEAD",
|
||||||
|
"action": "DENY",
|
||||||
|
"filters": [],
|
||||||
|
"targets": [
|
||||||
|
{
|
||||||
|
"role": "USER"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
|
@ -0,0 +1,44 @@
|
||||||
|
{
|
||||||
|
"records": [
|
||||||
|
{
|
||||||
|
"operation": "GET",
|
||||||
|
"action": "ALLOW",
|
||||||
|
"filters": [],
|
||||||
|
"targets": [
|
||||||
|
{
|
||||||
|
"role": "OTHERS"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"operation": "GETRANGE",
|
||||||
|
"action": "ALLOW",
|
||||||
|
"filters": [],
|
||||||
|
"targets": [
|
||||||
|
{
|
||||||
|
"role": "OTHERS"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"operation": "GETRANGEHASH",
|
||||||
|
"action": "ALLOW",
|
||||||
|
"filters": [],
|
||||||
|
"targets": [
|
||||||
|
{
|
||||||
|
"role": "OTHERS"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"operation": "HEAD",
|
||||||
|
"action": "DENY",
|
||||||
|
"filters": [],
|
||||||
|
"targets": [
|
||||||
|
{
|
||||||
|
"role": "OTHERS"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
|
@ -0,0 +1,44 @@
|
||||||
|
{
|
||||||
|
"records": [
|
||||||
|
{
|
||||||
|
"operation": "GET",
|
||||||
|
"action": "ALLOW",
|
||||||
|
"filters": [],
|
||||||
|
"targets": [
|
||||||
|
{
|
||||||
|
"role": "SYSTEM"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"operation": "GETRANGE",
|
||||||
|
"action": "ALLOW",
|
||||||
|
"filters": [],
|
||||||
|
"targets": [
|
||||||
|
{
|
||||||
|
"role": "SYSTEM"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"operation": "GETRANGEHASH",
|
||||||
|
"action": "ALLOW",
|
||||||
|
"filters": [],
|
||||||
|
"targets": [
|
||||||
|
{
|
||||||
|
"role": "SYSTEM"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"operation": "HEAD",
|
||||||
|
"action": "DENY",
|
||||||
|
"filters": [],
|
||||||
|
"targets": [
|
||||||
|
{
|
||||||
|
"role": "SYSTEM"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
44
robot/resources/files/eacl_tables/gen_eacl_compound_get_USER
Normal file
44
robot/resources/files/eacl_tables/gen_eacl_compound_get_USER
Normal file
|
@ -0,0 +1,44 @@
|
||||||
|
{
|
||||||
|
"records": [
|
||||||
|
{
|
||||||
|
"operation": "GET",
|
||||||
|
"action": "ALLOW",
|
||||||
|
"filters": [],
|
||||||
|
"targets": [
|
||||||
|
{
|
||||||
|
"role": "USER"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"operation": "GETRANGE",
|
||||||
|
"action": "ALLOW",
|
||||||
|
"filters": [],
|
||||||
|
"targets": [
|
||||||
|
{
|
||||||
|
"role": "USER"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"operation": "GETRANGEHASH",
|
||||||
|
"action": "ALLOW",
|
||||||
|
"filters": [],
|
||||||
|
"targets": [
|
||||||
|
{
|
||||||
|
"role": "USER"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"operation": "HEAD",
|
||||||
|
"action": "DENY",
|
||||||
|
"filters": [],
|
||||||
|
"targets": [
|
||||||
|
{
|
||||||
|
"role": "USER"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
|
@ -0,0 +1,34 @@
|
||||||
|
{
|
||||||
|
"records": [
|
||||||
|
{
|
||||||
|
"operation": "GETRANGEHASH",
|
||||||
|
"action": "ALLOW",
|
||||||
|
"filters": [],
|
||||||
|
"targets": [
|
||||||
|
{
|
||||||
|
"role": "OTHERS"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"operation": "GETRANGE",
|
||||||
|
"action": "DENY",
|
||||||
|
"filters": [],
|
||||||
|
"targets": [
|
||||||
|
{
|
||||||
|
"role": "OTHERS"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"operation": "GET",
|
||||||
|
"action": "DENY",
|
||||||
|
"filters": [],
|
||||||
|
"targets": [
|
||||||
|
{
|
||||||
|
"role": "OTHERS"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
|
@ -0,0 +1,34 @@
|
||||||
|
{
|
||||||
|
"records": [
|
||||||
|
{
|
||||||
|
"operation": "GETRANGEHASH",
|
||||||
|
"action": "ALLOW",
|
||||||
|
"filters": [],
|
||||||
|
"targets": [
|
||||||
|
{
|
||||||
|
"role": "SYSTEM"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"operation": "GETRANGE",
|
||||||
|
"action": "DENY",
|
||||||
|
"filters": [],
|
||||||
|
"targets": [
|
||||||
|
{
|
||||||
|
"role": "SYSTEM"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"operation": "GET",
|
||||||
|
"action": "DENY",
|
||||||
|
"filters": [],
|
||||||
|
"targets": [
|
||||||
|
{
|
||||||
|
"role": "SYSTEM"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
|
@ -0,0 +1,34 @@
|
||||||
|
{
|
||||||
|
"records": [
|
||||||
|
{
|
||||||
|
"operation": "GETRANGEHASH",
|
||||||
|
"action": "ALLOW",
|
||||||
|
"filters": [],
|
||||||
|
"targets": [
|
||||||
|
{
|
||||||
|
"role": "USER"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"operation": "GETRANGE",
|
||||||
|
"action": "DENY",
|
||||||
|
"filters": [],
|
||||||
|
"targets": [
|
||||||
|
{
|
||||||
|
"role": "USER"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"operation": "GET",
|
||||||
|
"action": "DENY",
|
||||||
|
"filters": [],
|
||||||
|
"targets": [
|
||||||
|
{
|
||||||
|
"role": "USER"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
74
robot/resources/files/eacl_tables/gen_eacl_deny_all_OTHERS
Normal file
74
robot/resources/files/eacl_tables/gen_eacl_deny_all_OTHERS
Normal file
|
@ -0,0 +1,74 @@
|
||||||
|
{
|
||||||
|
"records": [
|
||||||
|
{
|
||||||
|
"operation": "GET",
|
||||||
|
"action": "DENY",
|
||||||
|
"filters": [],
|
||||||
|
"targets": [
|
||||||
|
{
|
||||||
|
"role": "OTHERS"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"operation": "HEAD",
|
||||||
|
"action": "DENY",
|
||||||
|
"filters": [],
|
||||||
|
"targets": [
|
||||||
|
{
|
||||||
|
"role": "OTHERS"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"operation": "PUT",
|
||||||
|
"action": "DENY",
|
||||||
|
"filters": [],
|
||||||
|
"targets": [
|
||||||
|
{
|
||||||
|
"role": "OTHERS"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"operation": "DELETE",
|
||||||
|
"action": "DENY",
|
||||||
|
"filters": [],
|
||||||
|
"targets": [
|
||||||
|
{
|
||||||
|
"role": "OTHERS"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"operation": "SEARCH",
|
||||||
|
"action": "DENY",
|
||||||
|
"filters": [],
|
||||||
|
"targets": [
|
||||||
|
{
|
||||||
|
"role": "OTHERS"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"operation": "GETRANGE",
|
||||||
|
"action": "DENY",
|
||||||
|
"filters": [],
|
||||||
|
"targets": [
|
||||||
|
{
|
||||||
|
"role": "OTHERS"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"operation": "GETRANGEHASH",
|
||||||
|
"action": "DENY",
|
||||||
|
"filters": [],
|
||||||
|
"targets": [
|
||||||
|
{
|
||||||
|
"role": "OTHERS"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
74
robot/resources/files/eacl_tables/gen_eacl_deny_all_SYSTEM
Normal file
74
robot/resources/files/eacl_tables/gen_eacl_deny_all_SYSTEM
Normal file
|
@ -0,0 +1,74 @@
|
||||||
|
{
|
||||||
|
"records": [
|
||||||
|
{
|
||||||
|
"operation": "GET",
|
||||||
|
"action": "DENY",
|
||||||
|
"filters": [],
|
||||||
|
"targets": [
|
||||||
|
{
|
||||||
|
"role": "SYSTEM"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"operation": "HEAD",
|
||||||
|
"action": "DENY",
|
||||||
|
"filters": [],
|
||||||
|
"targets": [
|
||||||
|
{
|
||||||
|
"role": "SYSTEM"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"operation": "PUT",
|
||||||
|
"action": "DENY",
|
||||||
|
"filters": [],
|
||||||
|
"targets": [
|
||||||
|
{
|
||||||
|
"role": "SYSTEM"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"operation": "DELETE",
|
||||||
|
"action": "DENY",
|
||||||
|
"filters": [],
|
||||||
|
"targets": [
|
||||||
|
{
|
||||||
|
"role": "SYSTEM"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"operation": "SEARCH",
|
||||||
|
"action": "DENY",
|
||||||
|
"filters": [],
|
||||||
|
"targets": [
|
||||||
|
{
|
||||||
|
"role": "SYSTEM"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"operation": "GETRANGE",
|
||||||
|
"action": "DENY",
|
||||||
|
"filters": [],
|
||||||
|
"targets": [
|
||||||
|
{
|
||||||
|
"role": "SYSTEM"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"operation": "GETRANGEHASH",
|
||||||
|
"action": "DENY",
|
||||||
|
"filters": [],
|
||||||
|
"targets": [
|
||||||
|
{
|
||||||
|
"role": "SYSTEM"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
74
robot/resources/files/eacl_tables/gen_eacl_deny_all_USER
Normal file
74
robot/resources/files/eacl_tables/gen_eacl_deny_all_USER
Normal file
|
@ -0,0 +1,74 @@
|
||||||
|
{
|
||||||
|
"records": [
|
||||||
|
{
|
||||||
|
"operation": "GET",
|
||||||
|
"action": "DENY",
|
||||||
|
"filters": [],
|
||||||
|
"targets": [
|
||||||
|
{
|
||||||
|
"role": "USER"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"operation": "HEAD",
|
||||||
|
"action": "DENY",
|
||||||
|
"filters": [],
|
||||||
|
"targets": [
|
||||||
|
{
|
||||||
|
"role": "USER"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"operation": "PUT",
|
||||||
|
"action": "DENY",
|
||||||
|
"filters": [],
|
||||||
|
"targets": [
|
||||||
|
{
|
||||||
|
"role": "USER"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"operation": "DELETE",
|
||||||
|
"action": "DENY",
|
||||||
|
"filters": [],
|
||||||
|
"targets": [
|
||||||
|
{
|
||||||
|
"role": "USER"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"operation": "SEARCH",
|
||||||
|
"action": "DENY",
|
||||||
|
"filters": [],
|
||||||
|
"targets": [
|
||||||
|
{
|
||||||
|
"role": "USER"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"operation": "GETRANGE",
|
||||||
|
"action": "DENY",
|
||||||
|
"filters": [],
|
||||||
|
"targets": [
|
||||||
|
{
|
||||||
|
"role": "USER"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"operation": "GETRANGEHASH",
|
||||||
|
"action": "DENY",
|
||||||
|
"filters": [],
|
||||||
|
"targets": [
|
||||||
|
{
|
||||||
|
"role": "USER"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
193
robot/resources/files/eacl_tables/gen_eacl_xheader_allow_all
Normal file
193
robot/resources/files/eacl_tables/gen_eacl_xheader_allow_all
Normal file
|
@ -0,0 +1,193 @@
|
||||||
|
{
|
||||||
|
"records": [
|
||||||
|
{
|
||||||
|
"operation": "GET",
|
||||||
|
"action": "ALLOW",
|
||||||
|
"filters": [
|
||||||
|
{
|
||||||
|
"headerType": "REQUEST",
|
||||||
|
"matchType": "STRING_EQUAL",
|
||||||
|
"key": "a",
|
||||||
|
"value": "2"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"targets": [
|
||||||
|
{
|
||||||
|
"role": "OTHERS"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"operation": "GET",
|
||||||
|
"action": "DENY",
|
||||||
|
"filters": [],
|
||||||
|
"targets": [
|
||||||
|
{
|
||||||
|
"role": "OTHERS"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"operation": "HEAD",
|
||||||
|
"action": "ALLOW",
|
||||||
|
"filters": [
|
||||||
|
{
|
||||||
|
"headerType": "REQUEST",
|
||||||
|
"matchType": "STRING_EQUAL",
|
||||||
|
"key": "a",
|
||||||
|
"value": "2"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"targets": [
|
||||||
|
{
|
||||||
|
"role": "OTHERS"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"operation": "HEAD",
|
||||||
|
"action": "DENY",
|
||||||
|
"filters": [],
|
||||||
|
"targets": [
|
||||||
|
{
|
||||||
|
"role": "OTHERS"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"operation": "PUT",
|
||||||
|
"action": "ALLOW",
|
||||||
|
"filters": [
|
||||||
|
{
|
||||||
|
"headerType": "REQUEST",
|
||||||
|
"matchType": "STRING_EQUAL",
|
||||||
|
"key": "a",
|
||||||
|
"value": "2"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"targets": [
|
||||||
|
{
|
||||||
|
"role": "OTHERS"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"operation": "PUT",
|
||||||
|
"action": "DENY",
|
||||||
|
"filters": [],
|
||||||
|
"targets": [
|
||||||
|
{
|
||||||
|
"role": "OTHERS"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"operation": "DELETE",
|
||||||
|
"action": "ALLOW",
|
||||||
|
"filters": [
|
||||||
|
{
|
||||||
|
"headerType": "REQUEST",
|
||||||
|
"matchType": "STRING_EQUAL",
|
||||||
|
"key": "a",
|
||||||
|
"value": "2"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"targets": [
|
||||||
|
{
|
||||||
|
"role": "OTHERS"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"operation": "DELETE",
|
||||||
|
"action": "DENY",
|
||||||
|
"filters": [],
|
||||||
|
"targets": [
|
||||||
|
{
|
||||||
|
"role": "OTHERS"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"operation": "SEARCH",
|
||||||
|
"action": "ALLOW",
|
||||||
|
"filters": [
|
||||||
|
{
|
||||||
|
"headerType": "REQUEST",
|
||||||
|
"matchType": "STRING_EQUAL",
|
||||||
|
"key": "a",
|
||||||
|
"value": "2"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"targets": [
|
||||||
|
{
|
||||||
|
"role": "OTHERS"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"operation": "SEARCH",
|
||||||
|
"action": "DENY",
|
||||||
|
"filters": [],
|
||||||
|
"targets": [
|
||||||
|
{
|
||||||
|
"role": "OTHERS"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"operation": "GETRANGE",
|
||||||
|
"action": "ALLOW",
|
||||||
|
"filters": [
|
||||||
|
{
|
||||||
|
"headerType": "REQUEST",
|
||||||
|
"matchType": "STRING_EQUAL",
|
||||||
|
"key": "a",
|
||||||
|
"value": "2"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"targets": [
|
||||||
|
{
|
||||||
|
"role": "OTHERS"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"operation": "GETRANGE",
|
||||||
|
"action": "DENY",
|
||||||
|
"filters": [],
|
||||||
|
"targets": [
|
||||||
|
{
|
||||||
|
"role": "OTHERS"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"operation": "GETRANGEHASH",
|
||||||
|
"action": "ALLOW",
|
||||||
|
"filters": [
|
||||||
|
{
|
||||||
|
"headerType": "REQUEST",
|
||||||
|
"matchType": "STRING_EQUAL",
|
||||||
|
"key": "a",
|
||||||
|
"value": "2"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"targets": [
|
||||||
|
{
|
||||||
|
"role": "OTHERS"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"operation": "GETRANGEHASH",
|
||||||
|
"action": "DENY",
|
||||||
|
"filters": [],
|
||||||
|
"targets": [
|
||||||
|
{
|
||||||
|
"role": "OTHERS"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
123
robot/resources/files/eacl_tables/gen_eacl_xheader_deny_all
Normal file
123
robot/resources/files/eacl_tables/gen_eacl_xheader_deny_all
Normal file
|
@ -0,0 +1,123 @@
|
||||||
|
{
|
||||||
|
"records": [
|
||||||
|
{
|
||||||
|
"operation": "GET",
|
||||||
|
"action": "DENY",
|
||||||
|
"filters": [
|
||||||
|
{
|
||||||
|
"headerType": "REQUEST",
|
||||||
|
"matchType": "STRING_EQUAL",
|
||||||
|
"key": "a",
|
||||||
|
"value": "2"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"targets": [
|
||||||
|
{
|
||||||
|
"role": "OTHERS"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"operation": "HEAD",
|
||||||
|
"action": "DENY",
|
||||||
|
"filters": [
|
||||||
|
{
|
||||||
|
"headerType": "REQUEST",
|
||||||
|
"matchType": "STRING_EQUAL",
|
||||||
|
"key": "a",
|
||||||
|
"value": "2"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"targets": [
|
||||||
|
{
|
||||||
|
"role": "OTHERS"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"operation": "PUT",
|
||||||
|
"action": "DENY",
|
||||||
|
"filters": [
|
||||||
|
{
|
||||||
|
"headerType": "REQUEST",
|
||||||
|
"matchType": "STRING_EQUAL",
|
||||||
|
"key": "a",
|
||||||
|
"value": "2"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"targets": [
|
||||||
|
{
|
||||||
|
"role": "OTHERS"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"operation": "DELETE",
|
||||||
|
"action": "DENY",
|
||||||
|
"filters": [
|
||||||
|
{
|
||||||
|
"headerType": "REQUEST",
|
||||||
|
"matchType": "STRING_EQUAL",
|
||||||
|
"key": "a",
|
||||||
|
"value": "2"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"targets": [
|
||||||
|
{
|
||||||
|
"role": "OTHERS"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"operation": "SEARCH",
|
||||||
|
"action": "DENY",
|
||||||
|
"filters": [
|
||||||
|
{
|
||||||
|
"headerType": "REQUEST",
|
||||||
|
"matchType": "STRING_EQUAL",
|
||||||
|
"key": "a",
|
||||||
|
"value": "2"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"targets": [
|
||||||
|
{
|
||||||
|
"role": "OTHERS"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"operation": "GETRANGE",
|
||||||
|
"action": "DENY",
|
||||||
|
"filters": [
|
||||||
|
{
|
||||||
|
"headerType": "REQUEST",
|
||||||
|
"matchType": "STRING_EQUAL",
|
||||||
|
"key": "a",
|
||||||
|
"value": "2"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"targets": [
|
||||||
|
{
|
||||||
|
"role": "OTHERS"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"operation": "GETRANGEHASH",
|
||||||
|
"action": "DENY",
|
||||||
|
"filters": [
|
||||||
|
{
|
||||||
|
"headerType": "REQUEST",
|
||||||
|
"matchType": "STRING_EQUAL",
|
||||||
|
"key": "a",
|
||||||
|
"value": "2"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"targets": [
|
||||||
|
{
|
||||||
|
"role": "OTHERS"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
|
@ -192,11 +192,10 @@ def get_epoch(private_key: str):
|
||||||
raise Exception(f"command '{e.cmd}' return with error (code {e.returncode}): {e.output}")
|
raise Exception(f"command '{e.cmd}' return with error (code {e.returncode}): {e.output}")
|
||||||
|
|
||||||
@keyword('Set eACL')
|
@keyword('Set eACL')
|
||||||
def set_eacl(private_key: str, cid: str, eacl: str, add_keys: str = ""):
|
def set_eacl(private_key: str, cid: str, eacl_table_path: str):
|
||||||
file_path = f"{ASSETS_DIR}/{eacl}"
|
|
||||||
cmd = (
|
cmd = (
|
||||||
f'{NEOFS_CLI_EXEC} --rpc-endpoint {NEOFS_ENDPOINT} --key {private_key} '
|
f'{NEOFS_CLI_EXEC} --rpc-endpoint {NEOFS_ENDPOINT} --key {private_key} '
|
||||||
f'container set-eacl --cid {cid} --table {file_path} {add_keys}'
|
f'container set-eacl --cid {cid} --table {eacl_table_path} --await'
|
||||||
)
|
)
|
||||||
logger.info(f"Cmd: {cmd}")
|
logger.info(f"Cmd: {cmd}")
|
||||||
try:
|
try:
|
||||||
|
@ -265,9 +264,8 @@ def form_bearertoken_file(private_key: str, cid: str, file_name: str, eacl_oper_
|
||||||
return file_path
|
return file_path
|
||||||
|
|
||||||
@keyword('Form eACL json common file')
|
@keyword('Form eACL json common file')
|
||||||
def form_eacl_json_common_file(file_name, eacl_oper_list ):
|
def form_eacl_json_common_file(file_path, eacl_oper_list ):
|
||||||
# Input role can be Role (USER, SYSTEM, OTHERS) or public key.
|
# Input role can be Role (USER, SYSTEM, OTHERS) or public key.
|
||||||
file_path = f"{ASSETS_DIR}/{file_name}"
|
|
||||||
eacl = {"records":[]}
|
eacl = {"records":[]}
|
||||||
|
|
||||||
logger.info(eacl_oper_list)
|
logger.info(eacl_oper_list)
|
||||||
|
@ -291,7 +289,7 @@ def form_eacl_json_common_file(file_name, eacl_oper_list ):
|
||||||
with open(file_path, 'w', encoding='utf-8') as f:
|
with open(file_path, 'w', encoding='utf-8') as f:
|
||||||
json.dump(eacl, f, ensure_ascii=False, indent=4)
|
json.dump(eacl, f, ensure_ascii=False, indent=4)
|
||||||
|
|
||||||
return file_name
|
return file_path
|
||||||
|
|
||||||
|
|
||||||
@keyword('Get Range')
|
@keyword('Get Range')
|
||||||
|
|
185
robot/resources/scripts/acl_tables_generator.py
Executable file
185
robot/resources/scripts/acl_tables_generator.py
Executable file
|
@ -0,0 +1,185 @@
|
||||||
|
#!/usr/bin/python3.8
|
||||||
|
|
||||||
|
###################################
|
||||||
|
# eACL tables generation functions
|
||||||
|
###################################
|
||||||
|
|
||||||
|
import json
|
||||||
|
|
||||||
|
VERBS = [
|
||||||
|
'GET',
|
||||||
|
'HEAD',
|
||||||
|
'PUT',
|
||||||
|
'DELETE',
|
||||||
|
'SEARCH',
|
||||||
|
'GETRANGE',
|
||||||
|
'GETRANGEHASH'
|
||||||
|
]
|
||||||
|
|
||||||
|
ROLES = [
|
||||||
|
'OTHERS',
|
||||||
|
'USER',
|
||||||
|
'SYSTEM'
|
||||||
|
]
|
||||||
|
|
||||||
|
ACCESS = [
|
||||||
|
'DENY',
|
||||||
|
'ALLOW'
|
||||||
|
]
|
||||||
|
|
||||||
|
TABLES_DIR = '../files/eacl_tables/'
|
||||||
|
|
||||||
|
|
||||||
|
def deny_allow_tables_per_role():
|
||||||
|
for a in ACCESS:
|
||||||
|
for r in ROLES:
|
||||||
|
table_dict = {
|
||||||
|
"records": []
|
||||||
|
}
|
||||||
|
for v in VERBS:
|
||||||
|
table_record = {
|
||||||
|
"operation": v,
|
||||||
|
"action": a,
|
||||||
|
"filters": [],
|
||||||
|
"targets": [
|
||||||
|
{
|
||||||
|
"role": r
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
table_dict['records'].append(table_record)
|
||||||
|
with open(f"{TABLES_DIR}/gen_eacl_{a.lower()}_all_{r}", "w+") as f:
|
||||||
|
json.dump(table_dict, f, indent=4)
|
||||||
|
|
||||||
|
def allow_pubkey_deny_others():
|
||||||
|
table_dict = {
|
||||||
|
"records": []
|
||||||
|
}
|
||||||
|
for v in VERBS:
|
||||||
|
table_record = {
|
||||||
|
"operation": v,
|
||||||
|
"action": "ALLOW",
|
||||||
|
"filters": [],
|
||||||
|
"targets": [
|
||||||
|
{
|
||||||
|
# TODO: where do we take this value from?
|
||||||
|
"keys": [ 'A9tDy6Ye+UimXCCzJrlAmRE0FDZHjf3XRyya9rELtgAA' ]
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
table_dict['records'].append(table_record)
|
||||||
|
for v in VERBS:
|
||||||
|
table_record = {
|
||||||
|
"operation": v,
|
||||||
|
"action": "DENY",
|
||||||
|
"filters": [],
|
||||||
|
"targets": [
|
||||||
|
{
|
||||||
|
"role": 'OTHERS'
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
table_dict['records'].append(table_record)
|
||||||
|
with open(f"{TABLES_DIR}/gen_eacl_allow_pubkey_deny_OTHERS", "w+") as f:
|
||||||
|
json.dump(table_dict, f, indent=4)
|
||||||
|
|
||||||
|
def compound_tables():
|
||||||
|
compounds = {
|
||||||
|
'get': {
|
||||||
|
'GET': 'ALLOW',
|
||||||
|
'GETRANGE': 'ALLOW',
|
||||||
|
'GETRANGEHASH': 'ALLOW',
|
||||||
|
'HEAD': 'DENY'
|
||||||
|
},
|
||||||
|
'del': {
|
||||||
|
'DELETE': 'ALLOW',
|
||||||
|
'PUT': 'DENY',
|
||||||
|
'HEAD': 'DENY'
|
||||||
|
},
|
||||||
|
'get_hash': {
|
||||||
|
'GETRANGEHASH': 'ALLOW',
|
||||||
|
'GETRANGE': 'DENY',
|
||||||
|
'GET': 'DENY'
|
||||||
|
}
|
||||||
|
}
|
||||||
|
for op, compound in compounds.items():
|
||||||
|
for r in ROLES:
|
||||||
|
table_dict = {
|
||||||
|
"records": []
|
||||||
|
}
|
||||||
|
for verb, access in compound.items():
|
||||||
|
table_record = {
|
||||||
|
"operation": verb,
|
||||||
|
"action": access,
|
||||||
|
"filters": [],
|
||||||
|
"targets": [
|
||||||
|
{
|
||||||
|
"role": r
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
table_dict['records'].append(table_record)
|
||||||
|
|
||||||
|
with open(f"{TABLES_DIR}/gen_eacl_compound_{op}_{r}", "w+") as f:
|
||||||
|
json.dump(table_dict, f, indent=4)
|
||||||
|
|
||||||
|
def xheader_tables():
|
||||||
|
filters = {
|
||||||
|
'headerType': 'REQUEST',
|
||||||
|
'matchType': 'STRING_EQUAL',
|
||||||
|
'key': 'a',
|
||||||
|
'value': '2'
|
||||||
|
}
|
||||||
|
table_dict = {
|
||||||
|
"records": []
|
||||||
|
}
|
||||||
|
for verb in VERBS:
|
||||||
|
table_record = {
|
||||||
|
"operation": verb,
|
||||||
|
"action": "DENY",
|
||||||
|
"filters": [filters],
|
||||||
|
"targets": [
|
||||||
|
{
|
||||||
|
"role": "OTHERS"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
table_dict['records'].append(table_record)
|
||||||
|
with open(f"{TABLES_DIR}/gen_eacl_xheader_deny_all", "w+") as f:
|
||||||
|
json.dump(table_dict, f, indent=4)
|
||||||
|
|
||||||
|
table_dict = {
|
||||||
|
"records": []
|
||||||
|
}
|
||||||
|
for verb in VERBS:
|
||||||
|
table_record = {
|
||||||
|
"operation": verb,
|
||||||
|
"action": "ALLOW",
|
||||||
|
"filters": [filters],
|
||||||
|
"targets": [
|
||||||
|
{
|
||||||
|
"role": "OTHERS"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
table_dict['records'].append(table_record)
|
||||||
|
|
||||||
|
table_record = {
|
||||||
|
"operation": verb,
|
||||||
|
"action": "DENY",
|
||||||
|
"filters": [],
|
||||||
|
"targets": [
|
||||||
|
{
|
||||||
|
"role": "OTHERS"
|
||||||
|
}
|
||||||
|
]
|
||||||
|
}
|
||||||
|
table_dict['records'].append(table_record)
|
||||||
|
with open(f"{TABLES_DIR}/gen_eacl_xheader_allow_all", "w+") as f:
|
||||||
|
json.dump(table_dict, f, indent=4)
|
||||||
|
|
||||||
|
|
||||||
|
deny_allow_tables_per_role()
|
||||||
|
allow_pubkey_deny_others()
|
||||||
|
compound_tables()
|
||||||
|
xheader_tables()
|
|
@ -50,7 +50,7 @@ Check eACL Deny and Allow All Bearer
|
||||||
Get Range ${USER_KEY} ${CID} ${S_OID_USER} s_get_range ${EMPTY} 0:256
|
Get Range ${USER_KEY} ${CID} ${S_OID_USER} s_get_range ${EMPTY} 0:256
|
||||||
Delete object ${USER_KEY} ${CID} ${D_OID_USER} ${EMPTY}
|
Delete object ${USER_KEY} ${CID} ${D_OID_USER} ${EMPTY}
|
||||||
|
|
||||||
Set eACL ${USER_KEY} ${CID} ${EACL_DENY_ALL_USER} --await
|
Set eACL ${USER_KEY} ${CID} ${EACL_DENY_ALL_USER}
|
||||||
|
|
||||||
# The current ACL cache lifetime is 30 sec
|
# The current ACL cache lifetime is 30 sec
|
||||||
Sleep ${NEOFS_CONTRACT_CACHE_TIMEOUT}
|
Sleep ${NEOFS_CONTRACT_CACHE_TIMEOUT}
|
||||||
|
|
|
@ -51,7 +51,7 @@ Check eACL Deny and Allow All Bearer
|
||||||
Get Storagegroup ${USER_KEY} ${CID} ${SG_OID_1} ${EMPTY} ${EMPTY} @{EXPECTED_OIDS}
|
Get Storagegroup ${USER_KEY} ${CID} ${SG_OID_1} ${EMPTY} ${EMPTY} @{EXPECTED_OIDS}
|
||||||
Delete Storagegroup ${USER_KEY} ${CID} ${SG_OID_1} ${EMPTY}
|
Delete Storagegroup ${USER_KEY} ${CID} ${SG_OID_1} ${EMPTY}
|
||||||
|
|
||||||
Set eACL ${USER_KEY} ${CID} ${EACL_DENY_ALL_USER} --await
|
Set eACL ${USER_KEY} ${CID} ${EACL_DENY_ALL_USER}
|
||||||
|
|
||||||
# The current ACL cache lifetime is 30 sec
|
# The current ACL cache lifetime is 30 sec
|
||||||
Sleep ${NEOFS_CONTRACT_CACHE_TIMEOUT}
|
Sleep ${NEOFS_CONTRACT_CACHE_TIMEOUT}
|
||||||
|
|
|
@ -59,7 +59,7 @@ Check Bearer Сompound Get
|
||||||
${S_OID_USER} = Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER}
|
${S_OID_USER} = Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER}
|
||||||
Put object ${KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_OTH_HEADER}
|
Put object ${KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_OTH_HEADER}
|
||||||
Get object ${KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl
|
Get object ${KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl
|
||||||
Set eACL ${USER_KEY} ${CID} ${DENY_EACL} --await
|
Set eACL ${USER_KEY} ${CID} ${DENY_EACL}
|
||||||
|
|
||||||
# The current ACL cache lifetime is 30 sec
|
# The current ACL cache lifetime is 30 sec
|
||||||
Sleep ${NEOFS_CONTRACT_CACHE_TIMEOUT}
|
Sleep ${NEOFS_CONTRACT_CACHE_TIMEOUT}
|
||||||
|
@ -88,7 +88,7 @@ Check Bearer Сompound Delete
|
||||||
Put object ${KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_OTH_HEADER}
|
Put object ${KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_OTH_HEADER}
|
||||||
Delete object ${KEY} ${CID} ${D_OID_USER} ${EMPTY}
|
Delete object ${KEY} ${CID} ${D_OID_USER} ${EMPTY}
|
||||||
|
|
||||||
Set eACL ${USER_KEY} ${CID} ${DENY_EACL} --await
|
Set eACL ${USER_KEY} ${CID} ${DENY_EACL}
|
||||||
|
|
||||||
# The current ACL cache lifetime is 30 sec
|
# The current ACL cache lifetime is 30 sec
|
||||||
Sleep ${NEOFS_CONTRACT_CACHE_TIMEOUT}
|
Sleep ${NEOFS_CONTRACT_CACHE_TIMEOUT}
|
||||||
|
@ -117,7 +117,7 @@ Check Bearer Сompound Get Range Hash
|
||||||
Put object ${KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_OTH_HEADER}
|
Put object ${KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_OTH_HEADER}
|
||||||
Get Range Hash ${SYSTEM_KEY_SN} ${CID} ${S_OID_USER} ${EMPTY} 0:256
|
Get Range Hash ${SYSTEM_KEY_SN} ${CID} ${S_OID_USER} ${EMPTY} 0:256
|
||||||
|
|
||||||
Set eACL ${USER_KEY} ${CID} ${DENY_EACL} --await
|
Set eACL ${USER_KEY} ${CID} ${DENY_EACL}
|
||||||
|
|
||||||
# The current ACL cache lifetime is 30 sec
|
# The current ACL cache lifetime is 30 sec
|
||||||
Sleep ${NEOFS_CONTRACT_CACHE_TIMEOUT}
|
Sleep ${NEOFS_CONTRACT_CACHE_TIMEOUT}
|
||||||
|
|
|
@ -50,7 +50,7 @@ Check eACL Deny and Allow All Bearer Filter OID Equal
|
||||||
Get Range ${USER_KEY} ${CID} ${S_OID_USER} s_get_range ${EMPTY} 0:256
|
Get Range ${USER_KEY} ${CID} ${S_OID_USER} s_get_range ${EMPTY} 0:256
|
||||||
Delete object ${USER_KEY} ${CID} ${D_OID_USER} ${EMPTY}
|
Delete object ${USER_KEY} ${CID} ${D_OID_USER} ${EMPTY}
|
||||||
|
|
||||||
Set eACL ${USER_KEY} ${CID} ${EACL_DENY_ALL_USER} --await
|
Set eACL ${USER_KEY} ${CID} ${EACL_DENY_ALL_USER}
|
||||||
|
|
||||||
# The current ACL cache lifetime is 30 sec
|
# The current ACL cache lifetime is 30 sec
|
||||||
Sleep ${NEOFS_CONTRACT_CACHE_TIMEOUT}
|
Sleep ${NEOFS_CONTRACT_CACHE_TIMEOUT}
|
||||||
|
|
|
@ -72,7 +72,7 @@ Check eACL Deny and Allow All Bearer Filter OID NotEqual
|
||||||
Get Range ${USER_KEY} ${CID} ${S_OID_USER} s_get_range ${EMPTY} 0:256
|
Get Range ${USER_KEY} ${CID} ${S_OID_USER} s_get_range ${EMPTY} 0:256
|
||||||
Delete object ${USER_KEY} ${CID} ${D_OID_USER} ${EMPTY}
|
Delete object ${USER_KEY} ${CID} ${D_OID_USER} ${EMPTY}
|
||||||
|
|
||||||
Set eACL ${USER_KEY} ${CID} ${EACL_DENY_ALL_USER} --await
|
Set eACL ${USER_KEY} ${CID} ${EACL_DENY_ALL_USER}
|
||||||
|
|
||||||
# The current ACL cache lifetime is 30 sec
|
# The current ACL cache lifetime is 30 sec
|
||||||
Sleep ${NEOFS_CONTRACT_CACHE_TIMEOUT}
|
Sleep ${NEOFS_CONTRACT_CACHE_TIMEOUT}
|
||||||
|
|
|
@ -66,7 +66,7 @@ Check eACL Deny and Allow All Bearer Filter UserHeader Equal
|
||||||
Get Range ${USER_KEY} ${CID} ${S_OID_USER} s_get_range ${EMPTY} 0:256
|
Get Range ${USER_KEY} ${CID} ${S_OID_USER} s_get_range ${EMPTY} 0:256
|
||||||
Delete object ${USER_KEY} ${CID} ${D_OID_USER} ${EMPTY}
|
Delete object ${USER_KEY} ${CID} ${D_OID_USER} ${EMPTY}
|
||||||
|
|
||||||
Set eACL ${USER_KEY} ${CID} ${EACL_DENY_ALL_USER} --await
|
Set eACL ${USER_KEY} ${CID} ${EACL_DENY_ALL_USER}
|
||||||
|
|
||||||
# The current ACL cache lifetime is 30 sec
|
# The current ACL cache lifetime is 30 sec
|
||||||
Sleep ${NEOFS_CONTRACT_CACHE_TIMEOUT}
|
Sleep ${NEOFS_CONTRACT_CACHE_TIMEOUT}
|
||||||
|
|
|
@ -48,7 +48,7 @@ Check eACL Deny and Allow All Bearer Filter UserHeader NotEqual
|
||||||
Get Range ${USER_KEY} ${CID} ${S_OID_USER} s_get_range ${EMPTY} 0:256
|
Get Range ${USER_KEY} ${CID} ${S_OID_USER} s_get_range ${EMPTY} 0:256
|
||||||
Delete object ${USER_KEY} ${CID} ${D_OID_USER} ${EMPTY}
|
Delete object ${USER_KEY} ${CID} ${D_OID_USER} ${EMPTY}
|
||||||
|
|
||||||
Set eACL ${USER_KEY} ${CID} ${EACL_DENY_ALL_USER} --await
|
Set eACL ${USER_KEY} ${CID} ${EACL_DENY_ALL_USER}
|
||||||
|
|
||||||
# The current ACL cache lifetime is 30 sec
|
# The current ACL cache lifetime is 30 sec
|
||||||
Sleep ${NEOFS_CONTRACT_CACHE_TIMEOUT}
|
Sleep ${NEOFS_CONTRACT_CACHE_TIMEOUT}
|
||||||
|
|
|
@ -51,7 +51,7 @@ Check eACL Deny and Allow All Bearer Filter Requst Equal
|
||||||
Get Range ${USER_KEY} ${CID} ${S_OID_USER} s_get_range ${EMPTY} 0:256
|
Get Range ${USER_KEY} ${CID} ${S_OID_USER} s_get_range ${EMPTY} 0:256
|
||||||
Delete object ${USER_KEY} ${CID} ${D_OID_USER} ${EMPTY}
|
Delete object ${USER_KEY} ${CID} ${D_OID_USER} ${EMPTY}
|
||||||
|
|
||||||
Set eACL ${USER_KEY} ${CID} ${EACL_DENY_ALL_USER} --await
|
Set eACL ${USER_KEY} ${CID} ${EACL_DENY_ALL_USER}
|
||||||
|
|
||||||
# The current ACL cache lifetime is 30 sec
|
# The current ACL cache lifetime is 30 sec
|
||||||
Sleep ${NEOFS_CONTRACT_CACHE_TIMEOUT}
|
Sleep ${NEOFS_CONTRACT_CACHE_TIMEOUT}
|
||||||
|
|
|
@ -50,7 +50,7 @@ Check eACL Deny and Allow All Bearer Filter Requst NotEqual
|
||||||
Get Range ${USER_KEY} ${CID} ${S_OID_USER} s_get_range ${EMPTY} 0:256
|
Get Range ${USER_KEY} ${CID} ${S_OID_USER} s_get_range ${EMPTY} 0:256
|
||||||
Delete object ${USER_KEY} ${CID} ${D_OID_USER} ${EMPTY}
|
Delete object ${USER_KEY} ${CID} ${D_OID_USER} ${EMPTY}
|
||||||
|
|
||||||
Set eACL ${USER_KEY} ${CID} ${EACL_DENY_ALL_USER} --await
|
Set eACL ${USER_KEY} ${CID} ${EACL_DENY_ALL_USER}
|
||||||
|
|
||||||
# The current ACL cache lifetime is 30 sec
|
# The current ACL cache lifetime is 30 sec
|
||||||
Sleep ${NEOFS_CONTRACT_CACHE_TIMEOUT}
|
Sleep ${NEOFS_CONTRACT_CACHE_TIMEOUT}
|
||||||
|
|
|
@ -1,5 +1,6 @@
|
||||||
*** Settings ***
|
*** Settings ***
|
||||||
Variables ../../../variables/common.py
|
Variables ../../../variables/common.py
|
||||||
|
|
||||||
Library Collections
|
Library Collections
|
||||||
Library ../${RESOURCES}/neofs.py
|
Library ../${RESOURCES}/neofs.py
|
||||||
Library ../${RESOURCES}/payment_neogo.py
|
Library ../${RESOURCES}/payment_neogo.py
|
||||||
|
@ -7,6 +8,7 @@ Library ../${RESOURCES}/payment_neogo.py
|
||||||
Resource common_steps_acl_extended.robot
|
Resource common_steps_acl_extended.robot
|
||||||
Resource ../${RESOURCES}/payment_operations.robot
|
Resource ../${RESOURCES}/payment_operations.robot
|
||||||
Resource ../${RESOURCES}/setup_teardown.robot
|
Resource ../${RESOURCES}/setup_teardown.robot
|
||||||
|
Resource ../../../variables/eacl_tables.robot
|
||||||
|
|
||||||
*** Test cases ***
|
*** Test cases ***
|
||||||
Extended ACL Operations
|
Extended ACL Operations
|
||||||
|
@ -18,7 +20,6 @@ Extended ACL Operations
|
||||||
|
|
||||||
Generate Keys
|
Generate Keys
|
||||||
Generate eACL Keys
|
Generate eACL Keys
|
||||||
Prepare eACL Role rules
|
|
||||||
|
|
||||||
Log Check extended ACL with simple object
|
Log Check extended ACL with simple object
|
||||||
Generate files ${SIMPLE_OBJ_SIZE}
|
Generate files ${SIMPLE_OBJ_SIZE}
|
||||||
|
|
|
@ -8,6 +8,7 @@ Library Collections
|
||||||
Resource common_steps_acl_extended.robot
|
Resource common_steps_acl_extended.robot
|
||||||
Resource ../${RESOURCES}/payment_operations.robot
|
Resource ../${RESOURCES}/payment_operations.robot
|
||||||
Resource ../${RESOURCES}/setup_teardown.robot
|
Resource ../${RESOURCES}/setup_teardown.robot
|
||||||
|
Resource ../../../variables/eacl_tables.robot
|
||||||
|
|
||||||
*** Test cases ***
|
*** Test cases ***
|
||||||
Extended ACL Operations
|
Extended ACL Operations
|
||||||
|
@ -19,7 +20,6 @@ Extended ACL Operations
|
||||||
|
|
||||||
Generate Keys
|
Generate Keys
|
||||||
Generate eACL Keys
|
Generate eACL Keys
|
||||||
Prepare eACL Role rules
|
|
||||||
|
|
||||||
Log Check extended ACL with simple object
|
Log Check extended ACL with simple object
|
||||||
Generate files ${SIMPLE_OBJ_SIZE}
|
Generate files ${SIMPLE_OBJ_SIZE}
|
||||||
|
@ -50,7 +50,7 @@ Check eACL Deny All Other and Allow All Pubkey
|
||||||
Get Range Hash ${EACL_KEY} ${CID} ${S_OID_USER} ${EMPTY} 0:256
|
Get Range Hash ${EACL_KEY} ${CID} ${S_OID_USER} ${EMPTY} 0:256
|
||||||
Delete object ${EACL_KEY} ${CID} ${D_OID_USER} ${EMPTY}
|
Delete object ${EACL_KEY} ${CID} ${D_OID_USER} ${EMPTY}
|
||||||
|
|
||||||
Set eACL ${USER_KEY} ${CID} ${EACL_ALLOW_ALL_Pubkey} --await
|
Set eACL ${USER_KEY} ${CID} ${EACL_ALLOW_ALL_Pubkey}
|
||||||
|
|
||||||
# The current ACL cache lifetime is 30 sec
|
# The current ACL cache lifetime is 30 sec
|
||||||
Sleep ${NEOFS_CONTRACT_CACHE_TIMEOUT}
|
Sleep ${NEOFS_CONTRACT_CACHE_TIMEOUT}
|
||||||
|
|
|
@ -1,5 +1,6 @@
|
||||||
*** Settings ***
|
*** Settings ***
|
||||||
Variables ../../../variables/common.py
|
Variables ../../../variables/common.py
|
||||||
|
|
||||||
Library Collections
|
Library Collections
|
||||||
Library ../${RESOURCES}/neofs.py
|
Library ../${RESOURCES}/neofs.py
|
||||||
Library ../${RESOURCES}/payment_neogo.py
|
Library ../${RESOURCES}/payment_neogo.py
|
||||||
|
@ -7,6 +8,7 @@ Library ../${RESOURCES}/payment_neogo.py
|
||||||
Resource common_steps_acl_extended.robot
|
Resource common_steps_acl_extended.robot
|
||||||
Resource ../${RESOURCES}/payment_operations.robot
|
Resource ../${RESOURCES}/payment_operations.robot
|
||||||
Resource ../${RESOURCES}/setup_teardown.robot
|
Resource ../${RESOURCES}/setup_teardown.robot
|
||||||
|
Resource ../../../variables/eacl_tables.robot
|
||||||
|
|
||||||
*** Test cases ***
|
*** Test cases ***
|
||||||
Extended ACL Operations
|
Extended ACL Operations
|
||||||
|
@ -18,7 +20,6 @@ Extended ACL Operations
|
||||||
|
|
||||||
Generate Keys
|
Generate Keys
|
||||||
Generate eACL Keys
|
Generate eACL Keys
|
||||||
Prepare eACL Role rules
|
|
||||||
|
|
||||||
Log Check extended ACL with simple object
|
Log Check extended ACL with simple object
|
||||||
Generate files ${SIMPLE_OBJ_SIZE}
|
Generate files ${SIMPLE_OBJ_SIZE}
|
||||||
|
@ -63,7 +64,7 @@ Check eACL Deny and Allow All System
|
||||||
Delete object ${SYSTEM_KEY} ${CID} ${D_OID_USER_S} ${EMPTY}
|
Delete object ${SYSTEM_KEY} ${CID} ${D_OID_USER_S} ${EMPTY}
|
||||||
Delete object ${SYSTEM_KEY_SN} ${CID} ${D_OID_USER_SN} ${EMPTY}
|
Delete object ${SYSTEM_KEY_SN} ${CID} ${D_OID_USER_SN} ${EMPTY}
|
||||||
|
|
||||||
Set eACL ${USER_KEY} ${CID} ${EACL_DENY_ALL_SYSTEM} --await
|
Set eACL ${USER_KEY} ${CID} ${EACL_DENY_ALL_SYSTEM}
|
||||||
|
|
||||||
# The current ACL cache lifetime is 30 sec
|
# The current ACL cache lifetime is 30 sec
|
||||||
Sleep ${NEOFS_CONTRACT_CACHE_TIMEOUT}
|
Sleep ${NEOFS_CONTRACT_CACHE_TIMEOUT}
|
||||||
|
@ -107,7 +108,7 @@ Check eACL Deny and Allow All System
|
||||||
... Delete object ${SYSTEM_KEY_SN} ${CID} ${S_OID_USER} ${EMPTY}
|
... Delete object ${SYSTEM_KEY_SN} ${CID} ${S_OID_USER} ${EMPTY}
|
||||||
|
|
||||||
|
|
||||||
Set eACL ${USER_KEY} ${CID} ${EACL_ALLOW_ALL_SYSTEM} --await
|
Set eACL ${USER_KEY} ${CID} ${EACL_ALLOW_ALL_SYSTEM}
|
||||||
|
|
||||||
# The current ACL cache lifetime is 30 sec
|
# The current ACL cache lifetime is 30 sec
|
||||||
Sleep ${NEOFS_CONTRACT_CACHE_TIMEOUT}
|
Sleep ${NEOFS_CONTRACT_CACHE_TIMEOUT}
|
||||||
|
|
|
@ -7,6 +7,7 @@ Library ../${RESOURCES}/payment_neogo.py
|
||||||
Resource common_steps_acl_extended.robot
|
Resource common_steps_acl_extended.robot
|
||||||
Resource ../${RESOURCES}/payment_operations.robot
|
Resource ../${RESOURCES}/payment_operations.robot
|
||||||
Resource ../${RESOURCES}/setup_teardown.robot
|
Resource ../${RESOURCES}/setup_teardown.robot
|
||||||
|
Resource ../../../variables/eacl_tables.robot
|
||||||
|
|
||||||
*** Test cases ***
|
*** Test cases ***
|
||||||
Extended ACL Operations
|
Extended ACL Operations
|
||||||
|
@ -18,7 +19,6 @@ Extended ACL Operations
|
||||||
|
|
||||||
Generate Keys
|
Generate Keys
|
||||||
Generate eACL Keys
|
Generate eACL Keys
|
||||||
Prepare eACL Role rules
|
|
||||||
|
|
||||||
Log Check extended ACL with simple object
|
Log Check extended ACL with simple object
|
||||||
Generate files ${SIMPLE_OBJ_SIZE}
|
Generate files ${SIMPLE_OBJ_SIZE}
|
||||||
|
|
|
@ -7,6 +7,7 @@ Library ../${RESOURCES}/payment_neogo.py
|
||||||
Resource common_steps_acl_extended.robot
|
Resource common_steps_acl_extended.robot
|
||||||
Resource ../${RESOURCES}/payment_operations.robot
|
Resource ../${RESOURCES}/payment_operations.robot
|
||||||
Resource ../${RESOURCES}/setup_teardown.robot
|
Resource ../${RESOURCES}/setup_teardown.robot
|
||||||
|
Resource ../../../variables/eacl_tables.robot
|
||||||
|
|
||||||
|
|
||||||
*** Test cases ***
|
*** Test cases ***
|
||||||
|
@ -19,14 +20,11 @@ Extended ACL Operations
|
||||||
|
|
||||||
Generate Keys
|
Generate Keys
|
||||||
Generate eACL Keys
|
Generate eACL Keys
|
||||||
Prepare eACL Role rules
|
|
||||||
|
|
||||||
Log Check extended ACL with simple object
|
Log Check extended ACL with simple object
|
||||||
Generate files ${SIMPLE_OBJ_SIZE}
|
Generate files ${SIMPLE_OBJ_SIZE}
|
||||||
Check Сompound Operations
|
Check Сompound Operations
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
Log Check extended ACL with complex object
|
Log Check extended ACL with complex object
|
||||||
Generate files ${COMPLEX_OBJ_SIZE}
|
Generate files ${COMPLEX_OBJ_SIZE}
|
||||||
Check Сompound Operations
|
Check Сompound Operations
|
||||||
|
@ -59,7 +57,7 @@ Check eACL Сompound Get
|
||||||
${S_OID_USER} = Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER}
|
${S_OID_USER} = Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER}
|
||||||
Put object ${KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_OTH_HEADER}
|
Put object ${KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_OTH_HEADER}
|
||||||
Get object ${KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl
|
Get object ${KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl
|
||||||
Set eACL ${USER_KEY} ${CID} ${DENY_EACL} --await
|
Set eACL ${USER_KEY} ${CID} ${DENY_EACL}
|
||||||
|
|
||||||
# The current ACL cache lifetime is 30 sec
|
# The current ACL cache lifetime is 30 sec
|
||||||
Sleep ${NEOFS_CONTRACT_CACHE_TIMEOUT}
|
Sleep ${NEOFS_CONTRACT_CACHE_TIMEOUT}
|
||||||
|
@ -82,7 +80,7 @@ Check eACL Сompound Delete
|
||||||
Put object ${KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_OTH_HEADER}
|
Put object ${KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_OTH_HEADER}
|
||||||
Delete object ${KEY} ${CID} ${D_OID_USER} ${EMPTY}
|
Delete object ${KEY} ${CID} ${D_OID_USER} ${EMPTY}
|
||||||
|
|
||||||
Set eACL ${USER_KEY} ${CID} ${DENY_EACL} --await
|
Set eACL ${USER_KEY} ${CID} ${DENY_EACL}
|
||||||
|
|
||||||
# The current ACL cache lifetime is 30 sec
|
# The current ACL cache lifetime is 30 sec
|
||||||
Sleep ${NEOFS_CONTRACT_CACHE_TIMEOUT}
|
Sleep ${NEOFS_CONTRACT_CACHE_TIMEOUT}
|
||||||
|
@ -105,7 +103,7 @@ Check eACL Сompound Get Range Hash
|
||||||
Put object ${KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_OTH_HEADER}
|
Put object ${KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_OTH_HEADER}
|
||||||
Get Range Hash ${SYSTEM_KEY_SN} ${CID} ${S_OID_USER} ${EMPTY} 0:256
|
Get Range Hash ${SYSTEM_KEY_SN} ${CID} ${S_OID_USER} ${EMPTY} 0:256
|
||||||
|
|
||||||
Set eACL ${USER_KEY} ${CID} ${DENY_EACL} --await
|
Set eACL ${USER_KEY} ${CID} ${DENY_EACL}
|
||||||
|
|
||||||
# The current ACL cache lifetime is 30 sec
|
# The current ACL cache lifetime is 30 sec
|
||||||
Sleep ${NEOFS_CONTRACT_CACHE_TIMEOUT}
|
Sleep ${NEOFS_CONTRACT_CACHE_TIMEOUT}
|
||||||
|
|
|
@ -1,13 +1,14 @@
|
||||||
*** Settings ***
|
*** Settings ***
|
||||||
Variables ../../../variables/common.py
|
Variables ../../../variables/common.py
|
||||||
|
|
||||||
Library ../${RESOURCES}/neofs.py
|
Library ../${RESOURCES}/neofs.py
|
||||||
Library ../${RESOURCES}/payment_neogo.py
|
Library ../${RESOURCES}/payment_neogo.py
|
||||||
|
|
||||||
Library Collections
|
Library Collections
|
||||||
|
|
||||||
Resource common_steps_acl_extended.robot
|
Resource common_steps_acl_extended.robot
|
||||||
Resource ../${RESOURCES}/payment_operations.robot
|
Resource ../${RESOURCES}/payment_operations.robot
|
||||||
Resource ../${RESOURCES}/setup_teardown.robot
|
Resource ../${RESOURCES}/setup_teardown.robot
|
||||||
|
Resource ../../../variables/eacl_tables.robot
|
||||||
|
|
||||||
*** Test cases ***
|
*** Test cases ***
|
||||||
Extended ACL Operations
|
Extended ACL Operations
|
||||||
|
@ -19,7 +20,6 @@ Extended ACL Operations
|
||||||
|
|
||||||
Generate Keys
|
Generate Keys
|
||||||
Generate eACL Keys
|
Generate eACL Keys
|
||||||
Prepare eACL Role rules
|
|
||||||
|
|
||||||
Log Check extended ACL with simple object
|
Log Check extended ACL with simple object
|
||||||
Generate files ${SIMPLE_OBJ_SIZE}
|
Generate files ${SIMPLE_OBJ_SIZE}
|
||||||
|
@ -51,7 +51,7 @@ Check eACL MatchType String Equal Request Deny
|
||||||
|
|
||||||
${ID_value} = Get From Dictionary ${HEADER_DICT} ID
|
${ID_value} = Get From Dictionary ${HEADER_DICT} ID
|
||||||
|
|
||||||
Set eACL ${USER_KEY} ${CID} ${EACL_XHEADER_DENY_ALL} --await
|
Set eACL ${USER_KEY} ${CID} ${EACL_XHEADER_DENY_ALL}
|
||||||
|
|
||||||
# The current ACL cache lifetime is 30 sec
|
# The current ACL cache lifetime is 30 sec
|
||||||
Sleep ${NEOFS_CONTRACT_CACHE_TIMEOUT}
|
Sleep ${NEOFS_CONTRACT_CACHE_TIMEOUT}
|
||||||
|
@ -95,7 +95,7 @@ Check eACL MatchType String Equal Request Allow
|
||||||
|
|
||||||
${ID_value} = Get From Dictionary ${HEADER_DICT} ID
|
${ID_value} = Get From Dictionary ${HEADER_DICT} ID
|
||||||
|
|
||||||
Set eACL ${USER_KEY} ${CID} ${EACL_XHEADER_ALLOW_ALL} --await
|
Set eACL ${USER_KEY} ${CID} ${EACL_XHEADER_ALLOW_ALL}
|
||||||
|
|
||||||
# The current ACL cache lifetime is 30 sec
|
# The current ACL cache lifetime is 30 sec
|
||||||
Sleep ${NEOFS_CONTRACT_CACHE_TIMEOUT}
|
Sleep ${NEOFS_CONTRACT_CACHE_TIMEOUT}
|
||||||
|
@ -143,9 +143,9 @@ Check eACL MatchType String Equal Object
|
||||||
${filters} = Create Dictionary headerType=OBJECT matchType=STRING_EQUAL key=$Object:objectID value=${ID_value}
|
${filters} = Create Dictionary headerType=OBJECT matchType=STRING_EQUAL key=$Object:objectID value=${ID_value}
|
||||||
${rule1} = Create Dictionary Operation=GET Access=DENY Role=OTHERS Filters=${filters}
|
${rule1} = Create Dictionary Operation=GET Access=DENY Role=OTHERS Filters=${filters}
|
||||||
${eACL_gen} = Create List ${rule1}
|
${eACL_gen} = Create List ${rule1}
|
||||||
${EACL_CUSTOM} = Form eACL json common file eacl_custom ${eACL_gen}
|
${EACL_CUSTOM} = Form eACL json common file ${ASSETS_DIR}/eacl_custom ${eACL_gen}
|
||||||
|
|
||||||
Set eACL ${USER_KEY} ${CID} ${EACL_CUSTOM} --await
|
Set eACL ${USER_KEY} ${CID} ${EACL_CUSTOM}
|
||||||
Run Keyword And Expect Error *
|
Run Keyword And Expect Error *
|
||||||
... Get object ${OTHER_KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl
|
... Get object ${OTHER_KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl
|
||||||
|
|
||||||
|
@ -156,10 +156,10 @@ Check eACL MatchType String Equal Object
|
||||||
${filters} = Create Dictionary headerType=OBJECT matchType=STRING_EQUAL key=key1 value=1
|
${filters} = Create Dictionary headerType=OBJECT matchType=STRING_EQUAL key=key1 value=1
|
||||||
${rule1} = Create Dictionary Operation=GET Access=DENY Role=OTHERS Filters=${filters}
|
${rule1} = Create Dictionary Operation=GET Access=DENY Role=OTHERS Filters=${filters}
|
||||||
${eACL_gen} = Create List ${rule1}
|
${eACL_gen} = Create List ${rule1}
|
||||||
${EACL_CUSTOM} = Form eACL json common file eacl_custom ${eACL_gen}
|
${EACL_CUSTOM} = Form eACL json common file ${ASSETS_DIR}/eacl_custom ${eACL_gen}
|
||||||
|
|
||||||
|
|
||||||
Set eACL ${USER_KEY} ${CID} ${EACL_CUSTOM} --await
|
Set eACL ${USER_KEY} ${CID} ${EACL_CUSTOM}
|
||||||
Run Keyword And Expect Error *
|
Run Keyword And Expect Error *
|
||||||
... Get object ${OTHER_KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl
|
... Get object ${OTHER_KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl
|
||||||
Get object ${OTHER_KEY} ${CID} ${S_OID_USER_OTH} ${EMPTY} local_file_eacl
|
Get object ${OTHER_KEY} ${CID} ${S_OID_USER_OTH} ${EMPTY} local_file_eacl
|
||||||
|
@ -186,9 +186,9 @@ Check eACL MatchType String Not Equal Object
|
||||||
${filters} = Create Dictionary headerType=OBJECT matchType=STRING_NOT_EQUAL key=$Object:objectID value=${ID_value}
|
${filters} = Create Dictionary headerType=OBJECT matchType=STRING_NOT_EQUAL key=$Object:objectID value=${ID_value}
|
||||||
${rule1} = Create Dictionary Operation=GET Access=DENY Role=OTHERS Filters=${filters}
|
${rule1} = Create Dictionary Operation=GET Access=DENY Role=OTHERS Filters=${filters}
|
||||||
${eACL_gen} = Create List ${rule1}
|
${eACL_gen} = Create List ${rule1}
|
||||||
${EACL_CUSTOM} = Form eACL json common file eacl_custom ${eACL_gen}
|
${EACL_CUSTOM} = Form eACL json common file ${ASSETS_DIR}/eacl_custom ${eACL_gen}
|
||||||
|
|
||||||
Set eACL ${USER_KEY} ${CID} ${EACL_CUSTOM} --await
|
Set eACL ${USER_KEY} ${CID} ${EACL_CUSTOM}
|
||||||
Run Keyword And Expect Error *
|
Run Keyword And Expect Error *
|
||||||
... Get object ${OTHER_KEY} ${CID} ${S_OID_OTHER} ${EMPTY} local_file_eacl
|
... Get object ${OTHER_KEY} ${CID} ${S_OID_OTHER} ${EMPTY} local_file_eacl
|
||||||
Get object ${OTHER_KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl
|
Get object ${OTHER_KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl
|
||||||
|
@ -200,9 +200,9 @@ Check eACL MatchType String Not Equal Object
|
||||||
${filters} = Create Dictionary headerType=OBJECT matchType=STRING_NOT_EQUAL key=key1 value=1
|
${filters} = Create Dictionary headerType=OBJECT matchType=STRING_NOT_EQUAL key=key1 value=1
|
||||||
${rule1} = Create Dictionary Operation=GET Access=DENY Role=OTHERS Filters=${filters}
|
${rule1} = Create Dictionary Operation=GET Access=DENY Role=OTHERS Filters=${filters}
|
||||||
${eACL_gen} = Create List ${rule1}
|
${eACL_gen} = Create List ${rule1}
|
||||||
${EACL_CUSTOM} = Form eACL json common file eacl_custom ${eACL_gen}
|
${EACL_CUSTOM} = Form eACL json common file ${ASSETS_DIR}/eacl_custom ${eACL_gen}
|
||||||
|
|
||||||
Set eACL ${USER_KEY} ${CID} ${EACL_CUSTOM} --await
|
Set eACL ${USER_KEY} ${CID} ${EACL_CUSTOM}
|
||||||
Run Keyword And Expect Error *
|
Run Keyword And Expect Error *
|
||||||
... Get object ${OTHER_KEY} ${CID} ${S_OID_USER_OTH} ${EMPTY} local_file_eacl
|
... Get object ${OTHER_KEY} ${CID} ${S_OID_USER_OTH} ${EMPTY} local_file_eacl
|
||||||
Get object ${OTHER_KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl
|
Get object ${OTHER_KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl
|
||||||
|
|
|
@ -29,146 +29,6 @@ Generate files
|
||||||
Set Global Variable ${FILE_S_2} ${FILE_S_GEN_2}
|
Set Global Variable ${FILE_S_2} ${FILE_S_GEN_2}
|
||||||
|
|
||||||
|
|
||||||
Prepare eACL Role rules
|
|
||||||
Log Set eACL for different Role cases
|
|
||||||
|
|
||||||
# eACL rules for all operations and similar permissions
|
|
||||||
@{Roles} = Create List OTHERS USER SYSTEM
|
|
||||||
FOR ${role} IN @{Roles}
|
|
||||||
${rule1}= Create Dictionary Operation=GET Access=DENY Role=${role}
|
|
||||||
${rule2}= Create Dictionary Operation=HEAD Access=DENY Role=${role}
|
|
||||||
${rule3}= Create Dictionary Operation=PUT Access=DENY Role=${role}
|
|
||||||
${rule4}= Create Dictionary Operation=DELETE Access=DENY Role=${role}
|
|
||||||
${rule5}= Create Dictionary Operation=SEARCH Access=DENY Role=${role}
|
|
||||||
${rule6}= Create Dictionary Operation=GETRANGE Access=DENY Role=${role}
|
|
||||||
${rule7}= Create Dictionary Operation=GETRANGEHASH Access=DENY Role=${role}
|
|
||||||
|
|
||||||
${eACL_gen}= Create List ${rule1} ${rule2} ${rule3} ${rule4} ${rule5} ${rule6} ${rule7}
|
|
||||||
Form eACL json common file gen_eacl_deny_all_${role} ${eACL_gen}
|
|
||||||
END
|
|
||||||
|
|
||||||
|
|
||||||
FOR ${role} IN @{Roles}
|
|
||||||
${rule1}= Create Dictionary Operation=GET Access=ALLOW Role=${role}
|
|
||||||
${rule2}= Create Dictionary Operation=HEAD Access=ALLOW Role=${role}
|
|
||||||
${rule3}= Create Dictionary Operation=PUT Access=ALLOW Role=${role}
|
|
||||||
${rule4}= Create Dictionary Operation=DELETE Access=ALLOW Role=${role}
|
|
||||||
${rule5}= Create Dictionary Operation=SEARCH Access=ALLOW Role=${role}
|
|
||||||
${rule6}= Create Dictionary Operation=GETRANGE Access=ALLOW Role=${role}
|
|
||||||
${rule7}= Create Dictionary Operation=GETRANGEHASH Access=ALLOW Role=${role}
|
|
||||||
|
|
||||||
${eACL_gen}= Create List ${rule1} ${rule2} ${rule3} ${rule4} ${rule5} ${rule6} ${rule7}
|
|
||||||
Form eACL json common file gen_eacl_allow_all_${role} ${eACL_gen}
|
|
||||||
END
|
|
||||||
|
|
||||||
|
|
||||||
${rule1}= Create Dictionary Operation=GET Access=ALLOW Role=A9tDy6Ye+UimXCCzJrlAmRE0FDZHjf3XRyya9rELtgAA
|
|
||||||
${rule2}= Create Dictionary Operation=HEAD Access=ALLOW Role=A9tDy6Ye+UimXCCzJrlAmRE0FDZHjf3XRyya9rELtgAA
|
|
||||||
${rule3}= Create Dictionary Operation=PUT Access=ALLOW Role=A9tDy6Ye+UimXCCzJrlAmRE0FDZHjf3XRyya9rELtgAA
|
|
||||||
${rule4}= Create Dictionary Operation=DELETE Access=ALLOW Role=A9tDy6Ye+UimXCCzJrlAmRE0FDZHjf3XRyya9rELtgAA
|
|
||||||
${rule5}= Create Dictionary Operation=SEARCH Access=ALLOW Role=A9tDy6Ye+UimXCCzJrlAmRE0FDZHjf3XRyya9rELtgAA
|
|
||||||
${rule6}= Create Dictionary Operation=GETRANGE Access=ALLOW Role=A9tDy6Ye+UimXCCzJrlAmRE0FDZHjf3XRyya9rELtgAA
|
|
||||||
${rule7}= Create Dictionary Operation=GETRANGEHASH Access=ALLOW Role=A9tDy6Ye+UimXCCzJrlAmRE0FDZHjf3XRyya9rELtgAA
|
|
||||||
${rule8}= Create Dictionary Operation=GET Access=DENY Role=OTHERS
|
|
||||||
${rule9}= Create Dictionary Operation=HEAD Access=DENY Role=OTHERS
|
|
||||||
${rule10}= Create Dictionary Operation=PUT Access=DENY Role=OTHERS
|
|
||||||
${rule11}= Create Dictionary Operation=DELETE Access=DENY Role=OTHERS
|
|
||||||
${rule12}= Create Dictionary Operation=SEARCH Access=DENY Role=OTHERS
|
|
||||||
${rule13}= Create Dictionary Operation=GETRANGE Access=DENY Role=OTHERS
|
|
||||||
${rule14}= Create Dictionary Operation=GETRANGEHASH Access=DENY Role=OTHERS
|
|
||||||
|
|
||||||
|
|
||||||
${eACL_gen}= Create List ${rule1} ${rule2} ${rule3} ${rule4} ${rule5} ${rule6} ${rule7}
|
|
||||||
... ${rule8} ${rule9} ${rule10} ${rule11} ${rule12} ${rule13} ${rule14}
|
|
||||||
Form eACL json common file gen_eacl_allow_pubkey_deny_OTHERS ${eACL_gen}
|
|
||||||
|
|
||||||
Set Global Variable ${EACL_DENY_ALL_OTHER} gen_eacl_deny_all_OTHERS
|
|
||||||
Set Global Variable ${EACL_ALLOW_ALL_OTHER} gen_eacl_allow_all_OTHERS
|
|
||||||
|
|
||||||
Set Global Variable ${EACL_DENY_ALL_USER} gen_eacl_deny_all_USER
|
|
||||||
Set Global Variable ${EACL_ALLOW_ALL_USER} gen_eacl_allow_all_USER
|
|
||||||
|
|
||||||
Set Global Variable ${EACL_DENY_ALL_SYSTEM} gen_eacl_deny_all_SYSTEM
|
|
||||||
Set Global Variable ${EACL_ALLOW_ALL_SYSTEM} gen_eacl_allow_all_SYSTEM
|
|
||||||
|
|
||||||
Set Global Variable ${EACL_ALLOW_ALL_Pubkey} gen_eacl_allow_pubkey_deny_OTHERS
|
|
||||||
|
|
||||||
|
|
||||||
# eACL rules for Compound operations: GET/GetRange/GetRangeHash
|
|
||||||
@{Roles} = Create List OTHERS USER SYSTEM
|
|
||||||
FOR ${role} IN @{Roles}
|
|
||||||
${rule1}= Create Dictionary Operation=GET Access=ALLOW Role=${role}
|
|
||||||
${rule2}= Create Dictionary Operation=GETRANGE Access=ALLOW Role=${role}
|
|
||||||
${rule3}= Create Dictionary Operation=GETRANGEHASH Access=ALLOW Role=${role}
|
|
||||||
${rule4}= Create Dictionary Operation=HEAD Access=DENY Role=${role}
|
|
||||||
${eACL_gen}= Create List ${rule1} ${rule2} ${rule3} ${rule4}
|
|
||||||
Form eACL json common file gen_eacl_compound_get_${role} ${eACL_gen}
|
|
||||||
Set Global Variable ${EACL_COMPOUND_GET_${role}} gen_eacl_compound_get_${role}
|
|
||||||
END
|
|
||||||
|
|
||||||
# eACL rules for Compound operations: DELETE
|
|
||||||
@{Roles} = Create List OTHERS USER SYSTEM
|
|
||||||
FOR ${role} IN @{Roles}
|
|
||||||
${rule1}= Create Dictionary Operation=DELETE Access=ALLOW Role=${role}
|
|
||||||
${rule2}= Create Dictionary Operation=PUT Access=DENY Role=${role}
|
|
||||||
${rule3}= Create Dictionary Operation=HEAD Access=DENY Role=${role}
|
|
||||||
${eACL_gen}= Create List ${rule1} ${rule2} ${rule3}
|
|
||||||
Form eACL json common file gen_eacl_compound_del_${role} ${eACL_gen}
|
|
||||||
Set Global Variable ${EACL_COMPOUND_DELETE_${role}} gen_eacl_compound_del_${role}
|
|
||||||
END
|
|
||||||
|
|
||||||
# eACL rules for Compound operations: GETRANGEHASH
|
|
||||||
@{Roles} = Create List OTHERS USER SYSTEM
|
|
||||||
FOR ${role} IN @{Roles}
|
|
||||||
${rule1}= Create Dictionary Operation=GETRANGEHASH Access=ALLOW Role=${role}
|
|
||||||
${rule2}= Create Dictionary Operation=GETRANGE Access=DENY Role=${role}
|
|
||||||
${rule3}= Create Dictionary Operation=GET Access=DENY Role=${role}
|
|
||||||
${eACL_gen}= Create List ${rule1} ${rule2} ${rule3}
|
|
||||||
Form eACL json common file gen_eacl_compound_get_hash_${role} ${eACL_gen}
|
|
||||||
Set Global Variable ${EACL_COMPOUND_GET_HASH_${role}} gen_eacl_compound_get_hash_${role}
|
|
||||||
END
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
# eACL for X-Header Other DENY and ALLOW for all
|
|
||||||
${filters}= Create Dictionary headerType=REQUEST matchType=STRING_EQUAL key=a value=2
|
|
||||||
|
|
||||||
${rule1}= Create Dictionary Operation=GET Access=DENY Role=OTHERS Filters=${filters}
|
|
||||||
${rule2}= Create Dictionary Operation=HEAD Access=DENY Role=OTHERS Filters=${filters}
|
|
||||||
${rule3}= Create Dictionary Operation=PUT Access=DENY Role=OTHERS Filters=${filters}
|
|
||||||
${rule4}= Create Dictionary Operation=DELETE Access=DENY Role=OTHERS Filters=${filters}
|
|
||||||
${rule5}= Create Dictionary Operation=SEARCH Access=DENY Role=OTHERS Filters=${filters}
|
|
||||||
${rule6}= Create Dictionary Operation=GETRANGE Access=DENY Role=OTHERS Filters=${filters}
|
|
||||||
${rule7}= Create Dictionary Operation=GETRANGEHASH Access=DENY Role=OTHERS Filters=${filters}
|
|
||||||
${eACL_gen}= Create List ${rule1} ${rule2} ${rule3} ${rule4} ${rule5} ${rule6} ${rule7}
|
|
||||||
Form eACL json common file gen_eacl_xheader_deny_all ${eACL_gen}
|
|
||||||
Set Global Variable ${EACL_XHEADER_DENY_ALL} gen_eacl_xheader_deny_all
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
# eACL for X-Header Other ALLOW and DENY for all
|
|
||||||
${filters}= Create Dictionary headerType=REQUEST matchType=STRING_EQUAL key=a value=2
|
|
||||||
|
|
||||||
${rule1}= Create Dictionary Operation=GET Access=ALLOW Role=OTHERS Filters=${filters}
|
|
||||||
${rule2}= Create Dictionary Operation=HEAD Access=ALLOW Role=OTHERS Filters=${filters}
|
|
||||||
${rule3}= Create Dictionary Operation=PUT Access=ALLOW Role=OTHERS Filters=${filters}
|
|
||||||
${rule4}= Create Dictionary Operation=DELETE Access=ALLOW Role=OTHERS Filters=${filters}
|
|
||||||
${rule5}= Create Dictionary Operation=SEARCH Access=ALLOW Role=OTHERS Filters=${filters}
|
|
||||||
${rule6}= Create Dictionary Operation=GETRANGE Access=ALLOW Role=OTHERS Filters=${filters}
|
|
||||||
${rule7}= Create Dictionary Operation=GETRANGEHASH Access=ALLOW Role=OTHERS Filters=${filters}
|
|
||||||
${rule8}= Create Dictionary Operation=GET Access=DENY Role=OTHERS
|
|
||||||
${rule9}= Create Dictionary Operation=HEAD Access=DENY Role=OTHERS
|
|
||||||
${rule10}= Create Dictionary Operation=PUT Access=DENY Role=OTHERS
|
|
||||||
${rule11}= Create Dictionary Operation=DELETE Access=DENY Role=OTHERS
|
|
||||||
${rule12}= Create Dictionary Operation=SEARCH Access=DENY Role=OTHERS
|
|
||||||
${rule13}= Create Dictionary Operation=GETRANGE Access=DENY Role=OTHERS
|
|
||||||
${rule14}= Create Dictionary Operation=GETRANGEHASH Access=DENY Role=OTHERS
|
|
||||||
${eACL_gen}= Create List ${rule1} ${rule2} ${rule3} ${rule4} ${rule5} ${rule6} ${rule7}
|
|
||||||
... ${rule8} ${rule9} ${rule10} ${rule11} ${rule12} ${rule13} ${rule14}
|
|
||||||
Form eACL json common file gen_eacl_xheader_allow_all ${eACL_gen}
|
|
||||||
Set Global Variable ${EACL_XHEADER_ALLOW_ALL} gen_eacl_xheader_allow_all
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
Check eACL Deny and Allow All
|
Check eACL Deny and Allow All
|
||||||
[Arguments] ${KEY} ${DENY_EACL} ${ALLOW_EACL}
|
[Arguments] ${KEY} ${DENY_EACL} ${ALLOW_EACL}
|
||||||
|
@ -188,7 +48,7 @@ Check eACL Deny and Allow All
|
||||||
Get Range Hash ${KEY} ${CID} ${S_OID_USER} ${EMPTY} 0:256
|
Get Range Hash ${KEY} ${CID} ${S_OID_USER} ${EMPTY} 0:256
|
||||||
Delete object ${KEY} ${CID} ${D_OID_USER} ${EMPTY}
|
Delete object ${KEY} ${CID} ${D_OID_USER} ${EMPTY}
|
||||||
|
|
||||||
Set eACL ${USER_KEY} ${CID} ${DENY_EACL} --await
|
Set eACL ${USER_KEY} ${CID} ${DENY_EACL}
|
||||||
|
|
||||||
# The current ACL cache lifetime is 30 sec
|
# The current ACL cache lifetime is 30 sec
|
||||||
Sleep ${NEOFS_CONTRACT_CACHE_TIMEOUT}
|
Sleep ${NEOFS_CONTRACT_CACHE_TIMEOUT}
|
||||||
|
@ -208,7 +68,7 @@ Check eACL Deny and Allow All
|
||||||
Run Keyword And Expect Error *
|
Run Keyword And Expect Error *
|
||||||
... Delete object ${KEY} ${CID} ${S_OID_USER} ${EMPTY}
|
... Delete object ${KEY} ${CID} ${S_OID_USER} ${EMPTY}
|
||||||
|
|
||||||
Set eACL ${USER_KEY} ${CID} ${ALLOW_EACL} --await
|
Set eACL ${USER_KEY} ${CID} ${ALLOW_EACL}
|
||||||
|
|
||||||
# The current ACL cache lifetime is 30 sec
|
# The current ACL cache lifetime is 30 sec
|
||||||
Sleep ${NEOFS_CONTRACT_CACHE_TIMEOUT}
|
Sleep ${NEOFS_CONTRACT_CACHE_TIMEOUT}
|
||||||
|
|
29
robot/variables/eacl_tables.robot
Normal file
29
robot/variables/eacl_tables.robot
Normal file
|
@ -0,0 +1,29 @@
|
||||||
|
*** Variables ***
|
||||||
|
|
||||||
|
${ACL_TEST_FILES} = robot/resources/files/eacl_tables
|
||||||
|
|
||||||
|
${EACL_DENY_ALL_OTHER} = ${ACL_TEST_FILES}/gen_eacl_deny_all_OTHERS
|
||||||
|
${EACL_ALLOW_ALL_OTHER} = ${ACL_TEST_FILES}/gen_eacl_allow_all_OTHERS
|
||||||
|
|
||||||
|
${EACL_DENY_ALL_USER} = ${ACL_TEST_FILES}/gen_eacl_deny_all_USER
|
||||||
|
${EACL_ALLOW_ALL_USER} = ${ACL_TEST_FILES}/gen_eacl_allow_all_USER
|
||||||
|
|
||||||
|
${EACL_DENY_ALL_SYSTEM} = ${ACL_TEST_FILES}/gen_eacl_deny_all_SYSTEM
|
||||||
|
${EACL_ALLOW_ALL_SYSTEM} = ${ACL_TEST_FILES}/gen_eacl_allow_all_SYSTEM
|
||||||
|
|
||||||
|
${EACL_ALLOW_ALL_Pubkey} = ${ACL_TEST_FILES}/gen_eacl_allow_pubkey_deny_OTHERS
|
||||||
|
|
||||||
|
${EACL_COMPOUND_GET_OTHERS} = ${ACL_TEST_FILES}/gen_eacl_compound_get_OTHERS
|
||||||
|
${EACL_COMPOUND_GET_USER} = ${ACL_TEST_FILES}/gen_eacl_compound_get_USER
|
||||||
|
${EACL_COMPOUND_GET_SYSTEM} = ${ACL_TEST_FILES}/gen_eacl_compound_get_SYSTEM
|
||||||
|
|
||||||
|
${EACL_COMPOUND_DELETE_OTHERS} = ${ACL_TEST_FILES}/gen_eacl_compound_del_OTHERS
|
||||||
|
${EACL_COMPOUND_DELETE_USER} = ${ACL_TEST_FILES}/gen_eacl_compound_del_USER
|
||||||
|
${EACL_COMPOUND_DELETE_SYSTEM} = ${ACL_TEST_FILES}/gen_eacl_compound_del_SYSTEM
|
||||||
|
|
||||||
|
${EACL_COMPOUND_GET_HASH_OTHERS} = ${ACL_TEST_FILES}/gen_eacl_compound_get_hash_OTHERS
|
||||||
|
${EACL_COMPOUND_GET_HASH_USER} = ${ACL_TEST_FILES}/gen_eacl_compound_get_hash_USER
|
||||||
|
${EACL_COMPOUND_GET_HASH_SYSTEM} = ${ACL_TEST_FILES}/gen_eacl_compound_get_hash_SYSTEM
|
||||||
|
|
||||||
|
${EACL_XHEADER_DENY_ALL} = ${ACL_TEST_FILES}/gen_eacl_xheader_deny_all
|
||||||
|
${EACL_XHEADER_ALLOW_ALL} = ${ACL_TEST_FILES}/gen_eacl_xheader_allow_all
|
Loading…
Reference in a new issue