[#191] EACL_KEY -> WALLET_ALLOW

Signed-off-by: Elizaveta Chichindaeva <elizaveta@nspcc.ru>
This commit is contained in:
Elizaveta Chichindaeva 2022-07-18 13:19:05 +03:00
parent dddffdc95a
commit 6394d9e362
5 changed files with 58 additions and 204 deletions

View file

@ -1,158 +0,0 @@
{
"records": [
{
"operation": "GET",
"action": "ALLOW",
"filters": [],
"targets": [
{
"keys": [
"A9tDy6Ye+UimXCCzJrlAmRE0FDZHjf3XRyya9rELtgAA"
]
}
]
},
{
"operation": "HEAD",
"action": "ALLOW",
"filters": [],
"targets": [
{
"keys": [
"A9tDy6Ye+UimXCCzJrlAmRE0FDZHjf3XRyya9rELtgAA"
]
}
]
},
{
"operation": "PUT",
"action": "ALLOW",
"filters": [],
"targets": [
{
"keys": [
"A9tDy6Ye+UimXCCzJrlAmRE0FDZHjf3XRyya9rELtgAA"
]
}
]
},
{
"operation": "DELETE",
"action": "ALLOW",
"filters": [],
"targets": [
{
"keys": [
"A9tDy6Ye+UimXCCzJrlAmRE0FDZHjf3XRyya9rELtgAA"
]
}
]
},
{
"operation": "SEARCH",
"action": "ALLOW",
"filters": [],
"targets": [
{
"keys": [
"A9tDy6Ye+UimXCCzJrlAmRE0FDZHjf3XRyya9rELtgAA"
]
}
]
},
{
"operation": "GETRANGE",
"action": "ALLOW",
"filters": [],
"targets": [
{
"keys": [
"A9tDy6Ye+UimXCCzJrlAmRE0FDZHjf3XRyya9rELtgAA"
]
}
]
},
{
"operation": "GETRANGEHASH",
"action": "ALLOW",
"filters": [],
"targets": [
{
"keys": [
"A9tDy6Ye+UimXCCzJrlAmRE0FDZHjf3XRyya9rELtgAA"
]
}
]
},
{
"operation": "GET",
"action": "DENY",
"filters": [],
"targets": [
{
"role": "OTHERS"
}
]
},
{
"operation": "HEAD",
"action": "DENY",
"filters": [],
"targets": [
{
"role": "OTHERS"
}
]
},
{
"operation": "PUT",
"action": "DENY",
"filters": [],
"targets": [
{
"role": "OTHERS"
}
]
},
{
"operation": "DELETE",
"action": "DENY",
"filters": [],
"targets": [
{
"role": "OTHERS"
}
]
},
{
"operation": "SEARCH",
"action": "DENY",
"filters": [],
"targets": [
{
"role": "OTHERS"
}
]
},
{
"operation": "GETRANGE",
"action": "DENY",
"filters": [],
"targets": [
{
"role": "OTHERS"
}
]
},
{
"operation": "GETRANGEHASH",
"action": "DENY",
"filters": [],
"targets": [
{
"role": "OTHERS"
}
]
}
]
}

View file

@ -10,6 +10,7 @@ from enum import Enum, auto
import base58 import base58
from cli_helpers import _cmd_run from cli_helpers import _cmd_run
from common import ASSETS_DIR, NEOFS_ENDPOINT, WALLET_CONFIG from common import ASSETS_DIR, NEOFS_ENDPOINT, WALLET_CONFIG
from neo3 import wallet
from robot.api import logger from robot.api import logger
from robot.api.deco import keyword from robot.api.deco import keyword
@ -36,9 +37,9 @@ class Role(AutoName):
@keyword('Get eACL') @keyword('Get eACL')
def get_eacl(wallet: str, cid: str): def get_eacl(wallet_path: str, cid: str):
cmd = ( cmd = (
f'{NEOFS_CLI_EXEC} --rpc-endpoint {NEOFS_ENDPOINT} --wallet {wallet} ' f'{NEOFS_CLI_EXEC} --rpc-endpoint {NEOFS_ENDPOINT} --wallet {wallet_path} '
f'container get-eacl --cid {cid} --config {WALLET_CONFIG}' f'container get-eacl --cid {cid} --config {WALLET_CONFIG}'
) )
try: try:
@ -53,9 +54,9 @@ def get_eacl(wallet: str, cid: str):
@keyword('Set eACL') @keyword('Set eACL')
def set_eacl(wallet: str, cid: str, eacl_table_path: str): def set_eacl(wallet_path: str, cid: str, eacl_table_path: str):
cmd = ( cmd = (
f'{NEOFS_CLI_EXEC} --rpc-endpoint {NEOFS_ENDPOINT} --wallet {wallet} ' f'{NEOFS_CLI_EXEC} --rpc-endpoint {NEOFS_ENDPOINT} --wallet {wallet_path} '
f'container set-eacl --cid {cid} --table {eacl_table_path} --config {WALLET_CONFIG} --await' f'container set-eacl --cid {cid} --table {eacl_table_path} --config {WALLET_CONFIG} --await'
) )
_cmd_run(cmd) _cmd_run(cmd)
@ -159,10 +160,37 @@ def form_bearertoken_file(wif: str, cid: str, eacl_records: list) -> str:
sign_bearer_token(wif, file_path) sign_bearer_token(wif, file_path)
return file_path return file_path
@keyword('EACL Rules')
def eacl_rules(access: str, verbs: list, user: str):
"""
This function creates a list of eACL rules.
Args:
access (str): identifies if the following operation(s)
is allowed or denied
verbs (list): a list of operations to set rules for
user (str): a group of users (user/others) or a wallet of
a certain user for whom rules are set
Returns:
(list): a list of eACL rules
"""
if user not in ('others', 'user'):
wallet_content = ''
with open(user) as out:
wallet_content = json.load(out)
wallet_from_json = wallet.Wallet.from_json(wallet_content, password="")
pub_key_64 = str(wallet_from_json.accounts[0].public_key)
user = f"pubkey:{pub_key_64}"
def sign_bearer_token(wallet: str, eacl_rules_file: str): rules = []
for verb in verbs:
elements = [access, verb, user]
rules.append(' '.join(elements))
return rules
def sign_bearer_token(wallet_path: str, eacl_rules_file: str):
cmd = ( cmd = (
f'{NEOFS_CLI_EXEC} util sign bearer-token --from {eacl_rules_file} ' f'{NEOFS_CLI_EXEC} util sign bearer-token --from {eacl_rules_file} '
f'--to {eacl_rules_file} --wallet {wallet} --config {WALLET_CONFIG} --json' f'--to {eacl_rules_file} --wallet {wallet_path} --config {WALLET_CONFIG} --json'
) )
_cmd_run(cmd) _cmd_run(cmd)

View file

@ -9,12 +9,11 @@ import uuid
import docker import docker
import wallet import wallet
from common import ASSETS_DIR, SIMPLE_OBJ_SIZE from common import ASSETS_DIR, SIMPLE_OBJ_SIZE
from cli_helpers import _cmd_run
from robot.api import logger from robot.api import logger
from robot.api.deco import keyword from robot.api.deco import keyword
from robot.libraries.BuiltIn import BuiltIn from robot.libraries.BuiltIn import BuiltIn
from cli_helpers import _cmd_run
ROBOT_AUTO_KEYWORDS = False ROBOT_AUTO_KEYWORDS = False
@ -71,13 +70,6 @@ def generate_wallet():
return wallet.init_wallet(ASSETS_DIR) return wallet.init_wallet(ASSETS_DIR)
# TODO: should be deleted in the scope
# of https://github.com/nspcc-dev/neofs-testcases/issues/191
@keyword('Init Wallet from WIF')
def init_wallet_from_wif(dir_path: str, wif: str):
return wallet.init_wallet_from_wif(dir_path, wif)
@keyword('Get Docker Logs') @keyword('Get Docker Logs')
def get_container_logs(testcase_name: str) -> None: def get_container_logs(testcase_name: str) -> None:
client = docker.APIClient(base_url='unix://var/run/docker.sock') client = docker.APIClient(base_url='unix://var/run/docker.sock')

View file

@ -20,15 +20,3 @@ Prepare Wallet And Deposit
Sleep ${MORPH_BLOCK_TIME} Sleep ${MORPH_BLOCK_TIME}
[Return] ${WALLET} ${ADDR} ${WIF} [Return] ${WALLET} ${ADDR} ${WIF}
# TODO: should be deleted in the scope of https://github.com/nspcc-dev/neofs-testcases/issues/191
Prepare Wallet with WIF And Deposit
[Arguments] ${WIF} ${DEPOSIT}=${30}
${WALLET}
... ${ADDR} = Init Wallet from WIF ${ASSETS_DIR} ${WIF}
Transfer Mainnet Gas ${WALLET} ${DEPOSIT+1}
NeoFS Deposit ${WALLET} ${DEPOSIT}
Sleep ${MORPH_BLOCK_TIME}
[Return] ${WALLET} ${ADDR}

View file

@ -5,6 +5,7 @@ Library acl.py
Library container.py Library container.py
Library neofs_verbs.py Library neofs_verbs.py
Library utility_keywords.py Library utility_keywords.py
Library Collections
Resource common_steps_acl_extended.robot Resource common_steps_acl_extended.robot
Resource payment_operations.robot Resource payment_operations.robot
@ -12,7 +13,6 @@ Resource setup_teardown.robot
Resource eacl_tables.robot Resource eacl_tables.robot
*** Variables *** *** Variables ***
${EACL_KEY} = L1FGTLE6shum3EC7mNTPArUqSCKnmtEweRzyuawtYRZwGjpeRuw1
&{USER_HEADER} = key1=1 key2=abc &{USER_HEADER} = key1=1 key2=abc
&{USER_HEADER_DEL} = key1=del key2=del &{USER_HEADER_DEL} = key1=del key2=del
&{ANOTHER_HEADER} = key1=oth key2=oth &{ANOTHER_HEADER} = key1=oth key2=oth
@ -50,18 +50,22 @@ Check eACL Deny All Other and Allow All Pubkey
${D_OID_USER} = Put object ${USER_WALLET} ${FILE_S} ${CID} user_headers=${USER_HEADER_DEL} ${D_OID_USER} = Put object ${USER_WALLET} ${FILE_S} ${CID} user_headers=${USER_HEADER_DEL}
@{S_OBJ_H} = Create List ${S_OID_USER} @{S_OBJ_H} = Create List ${S_OID_USER}
# TODO: should be deleted in the scope of https://github.com/nspcc-dev/neofs-testcases/issues/191 ${WALLET_ALLOW} ${_} ${_} = Prepare Wallet And Deposit
${WALLET_EACL} ${_} = Prepare Wallet with WIF And Deposit ${EACL_KEY}
Put object ${WALLET_EACL} ${FILE_S} ${CID} user_headers=${ANOTHER_HEADER} Put object ${WALLET_ALLOW} ${FILE_S} ${CID} user_headers=${ANOTHER_HEADER}
Get object ${WALLET_EACL} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl Get object ${WALLET_ALLOW} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl
Search object ${WALLET_EACL} ${CID} ${EMPTY} ${EMPTY} ${USER_HEADER} ${S_OBJ_H} Search object ${WALLET_ALLOW} ${CID} ${EMPTY} ${EMPTY} ${USER_HEADER} ${S_OBJ_H}
Head object ${WALLET_EACL} ${CID} ${S_OID_USER} Head object ${WALLET_ALLOW} ${CID} ${S_OID_USER}
Get Range ${WALLET_EACL} ${CID} ${S_OID_USER} s_get_range ${EMPTY} 0:256 Get Range ${WALLET_ALLOW} ${CID} ${S_OID_USER} s_get_range ${EMPTY} 0:256
Get Range Hash ${WALLET_EACL} ${CID} ${S_OID_USER} ${EMPTY} 0:256 Get Range Hash ${WALLET_ALLOW} ${CID} ${S_OID_USER} ${EMPTY} 0:256
Delete object ${WALLET_EACL} ${CID} ${D_OID_USER} Delete object ${WALLET_ALLOW} ${CID} ${D_OID_USER}
Set eACL ${USER_WALLET} ${CID} ${EACL_ALLOW_ALL_Pubkey} @{VERBS} = Create List get head put delete search getrange getrangehash
${RULES_OTH} = EACL Rules deny ${VERBS} others
${RULES_PUB} = EACL Rules allow ${VERBS} ${WALLET_ALLOW}
${eACL_gen} = Combine Lists ${RULES_PUB} ${RULES_OTH}
${EACL_TABLE} = Create eACL ${CID} ${eACL_gen}
Set EACL ${USER_WALLET} ${CID} ${EACL_TABLE}
# The current ACL cache lifetime is 30 sec # The current ACL cache lifetime is 30 sec
Sleep ${NEOFS_CONTRACT_CACHE_TIMEOUT} Sleep ${NEOFS_CONTRACT_CACHE_TIMEOUT}
@ -83,10 +87,10 @@ Check eACL Deny All Other and Allow All Pubkey
Run Keyword And Expect Error * Run Keyword And Expect Error *
... Delete object ${WALLET_OTH} ${CID} ${S_OID_USER} ... Delete object ${WALLET_OTH} ${CID} ${S_OID_USER}
Put object ${WALLET_EACL} ${FILE_S} ${CID} user_headers=${ANOTHER_HEADER} Put object ${WALLET_ALLOW} ${FILE_S} ${CID} user_headers=${ANOTHER_HEADER}
Get object ${WALLET_EACL} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl Get object ${WALLET_ALLOW} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl
Search object ${WALLET_EACL} ${CID} ${EMPTY} ${EMPTY} ${USER_HEADER} ${S_OBJ_H} Search object ${WALLET_ALLOW} ${CID} ${EMPTY} ${EMPTY} ${USER_HEADER} ${S_OBJ_H}
Head object ${WALLET_EACL} ${CID} ${S_OID_USER} Head object ${WALLET_ALLOW} ${CID} ${S_OID_USER}
Get Range ${WALLET_EACL} ${CID} ${S_OID_USER} s_get_range ${EMPTY} 0:256 Get Range ${WALLET_ALLOW} ${CID} ${S_OID_USER} s_get_range ${EMPTY} 0:256
Get Range Hash ${WALLET_EACL} ${CID} ${S_OID_USER} ${EMPTY} 0:256 Get Range Hash ${WALLET_ALLOW} ${CID} ${S_OID_USER} ${EMPTY} 0:256
Delete object ${WALLET_EACL} ${CID} ${S_OID_USER} Delete object ${WALLET_ALLOW} ${CID} ${S_OID_USER}