From 7552a742f374dbd00f6cff9d99e960554352f3e3 Mon Sep 17 00:00:00 2001 From: anastasia prasolova Date: Fri, 10 Sep 2021 15:44:40 +0300 Subject: [PATCH] (#116): fixed eACL tests; refactored acl keywords Signed-off-by: anastasia prasolova --- robot/resources/lib/acl.py | 199 ++++++++++++++++++ robot/resources/lib/cli_helpers.py | 29 +++ robot/resources/lib/neofs.py | 153 ++------------ .../integration/acl/acl_bearer_allow.robot | 91 ++++---- .../acl/acl_bearer_allow_storagegroup.robot | 73 ++++--- .../integration/acl/acl_bearer_compound.robot | 137 ++++++------ .../acl/acl_bearer_filter_oid_equal.robot | 80 +++---- .../acl/acl_bearer_filter_oid_not_equal.robot | 128 +++++------ .../acl_bearer_filter_userheader_equal.robot | 130 +++++------- ...l_bearer_filter_userheader_not_equal.robot | 128 +++++------ .../acl/acl_bearer_inaccessible.robot | 54 ++--- ...l_bearer_request_filter_xheader_deny.robot | 60 +++--- ..._bearer_request_filter_xheader_equal.robot | 89 ++++---- ...rer_request_filter_xheader_not_equal.robot | 89 ++++---- .../acl/acl_extended_actions_pubkey.robot | 5 +- .../acl/acl_extended_filters.robot | 5 +- 16 files changed, 772 insertions(+), 678 deletions(-) create mode 100644 robot/resources/lib/acl.py create mode 100644 robot/resources/lib/cli_helpers.py diff --git a/robot/resources/lib/acl.py b/robot/resources/lib/acl.py new file mode 100644 index 0000000..29a8770 --- /dev/null +++ b/robot/resources/lib/acl.py @@ -0,0 +1,199 @@ +#!/usr/bin/python3.8 + +from enum import Enum, auto +import json +import os +import re +import uuid + +import base64 +import base58 +from cli_helpers import _cmd_run +from common import ASSETS_DIR, NEOFS_ENDPOINT +from robot.api.deco import keyword +from robot.api import logger + + +""" +Robot Keywords and helper functions for work with NeoFS ACL. +""" + + +ROBOT_AUTO_KEYWORDS = False + +# path to neofs-cli executable +NEOFS_CLI_EXEC = os.getenv('NEOFS_CLI_EXEC', 'neofs-cli') +EACL_LIFETIME = 100500 + +class AutoName(Enum): + def _generate_next_value_(name, start, count, last_values): + return name + +class Role(AutoName): + USER = auto() + SYSTEM = auto() + OTHERS = auto() + + +@keyword('Get eACL') +def get_eacl(wif: str, cid: str): + cmd = ( + f'{NEOFS_CLI_EXEC} --rpc-endpoint {NEOFS_ENDPOINT} --wif {wif} ' + f'container get-eacl --cid {cid}' + ) + logger.info(f"cmd: {cmd}") + try: + output = _cmd_run(cmd) + if re.search(r'extended ACL table is not set for this container', output): + return None + return output + except RuntimeError as exc: + logger.info("Extended ACL table is not set for this container") + logger.info(f"Got exception while getting eacl: {exc}") + return None + + +@keyword('Set eACL') +def set_eacl(wif: str, cid: str, eacl_table_path: str): + cmd = ( + f'{NEOFS_CLI_EXEC} --rpc-endpoint {NEOFS_ENDPOINT} --wif {wif} ' + f'container set-eacl --cid {cid} --table {eacl_table_path} --await' + ) + logger.info(f"cmd: {cmd}") + _cmd_run(cmd) + + +def _encode_cid_for_eacl(cid: str) -> str: + cid_base58 = base58.b58decode(cid) + return base64.b64encode(cid_base58).decode("utf-8") + + +@keyword('Form BearerToken File') +def form_bearertoken_file(wif: str, cid: str, eacl_records: list) -> str: + """ + This function fetches eACL for given on behalf of , + then extends it with filters taken from , signs + with bearer token and writes to file + """ + enc_cid = _encode_cid_for_eacl(cid) + file_path = f"{os.getcwd()}/{ASSETS_DIR}/{str(uuid.uuid4())}" + + eacl = get_eacl(wif, cid) + json_eacl = dict() + if eacl: + eacl = eacl.replace('eACL: ', '') + eacl = eacl.split('Signature')[0] + json_eacl = json.loads(eacl) + logger.info(json_eacl) + eacl_result = { + "body": + { + "eaclTable": + { + "containerID": + { + "value": enc_cid + }, + "records": [] + }, + "lifetime": + { + "exp": EACL_LIFETIME, + "nbf": "1", + "iat": "0" + } + } + } + + if not eacl_records: + raise(f"Got empty eacl_records list: {eacl_records}") + for record in eacl_records: + op_data = { + "operation": record['Operation'], + "action": record['Access'], + "filters": [], + "targets": [] + } + + if Role(record['Role']): + op_data['targets'] = [ + { + "role": record['Role'] + } + ] + else: + op_data['targets'] = [ + { + "keys": [ record['Role'] ] + } + ] + + if 'Filters' in record.keys(): + op_data["filters"].append(record['Filters']) + + eacl_result["body"]["eaclTable"]["records"].append(op_data) + + # Add records from current eACL + if "records" in json_eacl.keys(): + for record in json_eacl["records"]: + eacl_result["body"]["eaclTable"]["records"].append(record) + + with open(file_path, 'w', encoding='utf-8') as eacl_file: + json.dump(eacl_result, eacl_file, ensure_ascii=False, indent=4) + + logger.info(f"Got these extended ACL records: {eacl_result}") + sign_bearer_token(wif, file_path) + return file_path + + +def sign_bearer_token(wif: str, eacl_rules_file: str): + cmd = ( + f'{NEOFS_CLI_EXEC} util sign bearer-token --from {eacl_rules_file} ' + f'--to {eacl_rules_file} --wif {wif} --json' + ) + logger.info(f"cmd: {cmd}") + _cmd_run(cmd) + + +@keyword('Form eACL json common file') +def form_eacl_json_common_file(file_path: str, eacl_records: list) -> str: + # Input role can be Role (USER, SYSTEM, OTHERS) or public key. + eacl = {"records":[]} + + for record in eacl_records: + op_data = dict() + + if record['Role'] == "USER" or record['Role'] == "SYSTEM" or record['Role'] == "OTHERS": + op_data = { + "operation": record['Operation'], + "action": record['Access'], + "filters": [], + "targets": [ + { + "role": record['Role'] + } + ] + } + else: + op_data = { + "operation": record['Operation'], + "action": record['Access'], + "filters": [], + "targets": [ + { + "keys": [ record['Role'] ] + } + ] + } + + if 'Filters' in record.keys(): + op_data["filters"].append(record['Filters']) + + eacl["records"].append(op_data) + + logger.info(f"Got these extended ACL records: {eacl}") + + with open(file_path, 'w', encoding='utf-8') as eacl_file: + json.dump(eacl, eacl_file, ensure_ascii=False, indent=4) + + return file_path diff --git a/robot/resources/lib/cli_helpers.py b/robot/resources/lib/cli_helpers.py new file mode 100644 index 0000000..86dac3a --- /dev/null +++ b/robot/resources/lib/cli_helpers.py @@ -0,0 +1,29 @@ +#!/usr/bin/python3.8 + +""" +Helper functions to use with `neofs-cli`, `neo-go` +and other CLIs. +""" + +import subprocess + +from robot.api import logger + +ROBOT_AUTO_KEYWORDS = False + + +def _cmd_run(cmd): + """ + Runs given shell command , in case of success returns its stdout, + in case of failure returns error message. + """ + try: + compl_proc = subprocess.run(cmd, check=True, universal_newlines=True, + stdout=subprocess.PIPE, stderr=subprocess.STDOUT, timeout=30, + shell=True) + output = compl_proc.stdout + logger.info(f"Output: {output}") + return output + except subprocess.CalledProcessError as exc: + raise RuntimeError(f"Error:\nreturn code: {exc.returncode} " + f"\nOutput: {exc.output}") from exc diff --git a/robot/resources/lib/neofs.py b/robot/resources/lib/neofs.py index 6840cff..134508c 100644 --- a/robot/resources/lib/neofs.py +++ b/robot/resources/lib/neofs.py @@ -17,6 +17,7 @@ from robot.api.deco import keyword from robot.api import logger from common import * +from cli_helpers import _cmd_run ROBOT_AUTO_KEYWORDS = False @@ -120,115 +121,12 @@ def validate_storage_policy_for_object(private_key: str, expected_copies: int, c raise Exception(f"Found node list '{found_nodes}' is not equal to expected list '{expected_node_list}'") -@keyword('Get eACL') -def get_eacl(private_key: str, cid: str): - - Cmd = ( - f'{NEOFS_CLI_EXEC} --rpc-endpoint {NEOFS_ENDPOINT} --wif {private_key} ' - f'container get-eacl --cid {cid}' - ) - logger.info(f"Cmd: {Cmd}") - output = _cmd_run(Cmd) - if re.search(r'extended ACL table is not set for this container', output): - logger.info("Extended ACL table is not set for this container.") - - -@keyword('Set eACL') -def set_eacl(private_key: str, cid: str, eacl_table_path: str): - cmd = ( - f'{NEOFS_CLI_EXEC} --rpc-endpoint {NEOFS_ENDPOINT} --wif {private_key} ' - f'container set-eacl --cid {cid} --table {eacl_table_path} --await' - ) - logger.info(f"Cmd: {cmd}") - _cmd_run(cmd) - - -@keyword('Form BearerToken file') -def form_bearertoken_file(private_key: str, cid: str, file_name: str, eacl_oper_list, - lifetime_exp: str ): - cid_base58_b = base58.b58decode(cid) - cid_base64 = base64.b64encode(cid_base58_b).decode("utf-8") - eacl = get_eacl(private_key, cid) - json_eacl = {} - file_path = f"{ASSETS_DIR}/{file_name}" - - if eacl: - res_json = re.split(r'[\s\n]+Signature:', eacl) - input_eacl = res_json[0].replace('eACL: ', '') - json_eacl = json.loads(input_eacl) - - eacl_result = {"body":{ "eaclTable": { "containerID": { "value": cid_base64 }, "records": [] }, "lifetime": {"exp": lifetime_exp, "nbf": "1", "iat": "0"} } } - - if eacl_oper_list: - for record in eacl_oper_list: - op_data = dict() - - if record['Role'] == "USER" or record['Role'] == "SYSTEM" or record['Role'] == "OTHERS": - op_data = {"operation":record['Operation'],"action":record['Access'],"filters": [],"targets":[{"role":record['Role']}]} - else: - op_data = {"operation":record['Operation'],"action":record['Access'],"filters": [],"targets":[{"keys": [ record['Role'] ]}]} - - if 'Filters' in record.keys(): - op_data["filters"].append(record['Filters']) - - eacl_result["body"]["eaclTable"]["records"].append(op_data) - - # Add records from current eACL - if "records" in json_eacl.keys(): - for record in json_eacl["records"]: - eacl_result["body"]["eaclTable"]["records"].append(record) - - with open(file_path, 'w', encoding='utf-8') as f: - json.dump(eacl_result, f, ensure_ascii=False, indent=4) - - logger.info(eacl_result) - - # Sign bearer token - Cmd = ( - f'{NEOFS_CLI_EXEC} util sign bearer-token --from {file_path} ' - f'--to {file_path} --wif {private_key} --json' - ) - logger.info(f"Cmd: {Cmd}") - _cmd_run(Cmd) - - return file_path - - -@keyword('Form eACL json common file') -def form_eacl_json_common_file(file_path, eacl_oper_list ): - # Input role can be Role (USER, SYSTEM, OTHERS) or public key. - eacl = {"records":[]} - - logger.info(eacl_oper_list) - - if eacl_oper_list: - for record in eacl_oper_list: - op_data = dict() - - if record['Role'] == "USER" or record['Role'] == "SYSTEM" or record['Role'] == "OTHERS": - op_data = {"operation":record['Operation'],"action":record['Access'],"filters": [],"targets":[{"role":record['Role']}]} - else: - op_data = {"operation":record['Operation'],"action":record['Access'],"filters": [],"targets":[{"keys": [ record['Role'] ]}]} - - if 'Filters' in record.keys(): - op_data["filters"].append(record['Filters']) - - eacl["records"].append(op_data) - - logger.info(eacl) - - with open(file_path, 'w', encoding='utf-8') as f: - json.dump(eacl, f, ensure_ascii=False, indent=4) - - return file_path - - @keyword('Get Range') def get_range(private_key: str, cid: str, oid: str, range_file: str, bearer: str, range_cut: str, options:str=""): bearer_token = "" if bearer: - bearer_token = f"--bearer {ASSETS_DIR}/{bearer}" + bearer_token = f"--bearer {bearer}" Cmd = ( f'{NEOFS_CLI_EXEC} --rpc-endpoint {NEOFS_ENDPOINT} --wif {private_key} ' @@ -237,7 +135,7 @@ def get_range(private_key: str, cid: str, oid: str, range_file: str, bearer: str ) logger.info(f"Cmd: {Cmd}") _cmd_run(Cmd) - + @keyword('Create container') def create_container(private_key: str, basic_acl:str, rule:str, user_headers: str=''): @@ -294,7 +192,7 @@ def search_object(private_key: str, cid: str, keys: str, bearer: str, filters: s filters_result = "" if bearer: - bearer_token = f"--bearer {ASSETS_DIR}/{bearer}" + bearer_token = f"--bearer {bearer}" if filters: for filter_item in filters.split(','): filter_item = re.sub(r'=', ' EQ ', filter_item) @@ -380,8 +278,8 @@ def verify_split_chain(private_key: str, cid: str, oid: str): parsed_header_virtual = parse_object_virtual_raw_header(header_virtual) if 'Last object' in parsed_header_virtual.keys(): - header_last = head_object(private_key, cid, - parsed_header_virtual['Last object'], + header_last = head_object(private_key, cid, + parsed_header_virtual['Last object'], '', '', '--raw') header_last_parsed = _get_raw_split_information(header_last) marker_last_obj = 1 @@ -402,8 +300,8 @@ def verify_split_chain(private_key: str, cid: str, oid: str): parsed_header_virtual = parse_object_virtual_raw_header(header_virtual) if 'Linking object' in parsed_header_virtual.keys(): - header_link = head_object(private_key, cid, - parsed_header_virtual['Linking object'], + header_link = head_object(private_key, cid, + parsed_header_virtual['Linking object'], '', '', '--raw') header_link_parsed = _get_raw_split_information(header_link) marker_link_obj = 1 @@ -601,7 +499,7 @@ def head_object(private_key: str, cid: str, oid: str, bearer_token: str="", user_headers:str="", options:str="", endpoint: str="", json_output: bool = False): if bearer_token: - bearer_token = f"--bearer {ASSETS_DIR}/{bearer_token}" + bearer_token = f"--bearer {bearer_token}" if endpoint == "": endpoint = NEOFS_ENDPOINT @@ -770,7 +668,7 @@ def verify_head_attribute(header, attribute): def delete_object(private_key: str, cid: str, oid: str, bearer: str, options: str=""): bearer_token = "" if bearer: - bearer_token = f"--bearer {ASSETS_DIR}/{bearer}" + bearer_token = f"--bearer {bearer}" object_cmd = ( f'{NEOFS_CLI_EXEC} --rpc-endpoint {NEOFS_ENDPOINT} --wif {private_key} ' @@ -779,7 +677,7 @@ def delete_object(private_key: str, cid: str, oid: str, bearer: str, options: st logger.info(f"Cmd: {object_cmd}") output = _cmd_run(object_cmd) tombstone = _parse_oid(output) - + return tombstone @@ -805,7 +703,7 @@ def get_file_name(filepath): def get_file_hash(filename : str): file_hash = _get_file_hash(filename) return file_hash - + @keyword('Verify file hash') def verify_file_hash(filename, expected_hash): @@ -828,7 +726,7 @@ def put_object(private_key: str, path: str, cid: str, bearer: str, user_headers: user_headers = f"--attributes {user_headers}" if bearer: - bearer = f"--bearer {ASSETS_DIR}/{bearer}" + bearer = f"--bearer {bearer}" putobject_cmd = ( f'{NEOFS_CLI_EXEC} --rpc-endpoint {endpoint} --wif {private_key} object ' @@ -905,7 +803,7 @@ def find_in_nodes_Log(line: str, nodes_logs_time: dict): def get_range_hash(private_key: str, cid: str, oid: str, bearer_token: str, range_cut: str, options: str=""): if bearer_token: - bearer_token = f"--bearer {ASSETS_DIR}/{bearer_token}" + bearer_token = f"--bearer {bearer_token}" object_cmd = ( f'{NEOFS_CLI_EXEC} --rpc-endpoint {NEOFS_ENDPOINT} --wif {private_key} ' @@ -914,7 +812,7 @@ def get_range_hash(private_key: str, cid: str, oid: str, bearer_token: str, ) logger.info(f"Cmd: {object_cmd}") _cmd_run(object_cmd) - + @keyword('Get object') def get_object(private_key: str, cid: str, oid: str, bearer_token: str, @@ -928,7 +826,7 @@ def get_object(private_key: str, cid: str, oid: str, bearer_token: str, if bearer_token: - bearer_token = f"--bearer {ASSETS_DIR}/{bearer_token}" + bearer_token = f"--bearer {bearer_token}" object_cmd = ( f'{NEOFS_CLI_EXEC} --rpc-endpoint {endpoint} --wif {private_key} ' @@ -947,7 +845,7 @@ def put_storagegroup(private_key: str, cid: str, bearer_token: str="", *oid_list cmd_oid_line = ",".join(oid_list) if bearer_token: - bearer_token = f"--bearer {ASSETS_DIR}/{bearer_token}" + bearer_token = f"--bearer {bearer_token}" object_cmd = ( f'{NEOFS_CLI_EXEC} --rpc-endpoint {NEOFS_ENDPOINT} --wif {private_key} storagegroup ' @@ -964,7 +862,7 @@ def put_storagegroup(private_key: str, cid: str, bearer_token: str="", *oid_list def list_storagegroup(private_key: str, cid: str, bearer_token: str="", *expected_list): if bearer_token: - bearer_token = f"--bearer {ASSETS_DIR}/{bearer_token}" + bearer_token = f"--bearer {bearer_token}" object_cmd = ( f'{NEOFS_CLI_EXEC} --rpc-endpoint {NEOFS_ENDPOINT} --wif {private_key} ' @@ -988,7 +886,7 @@ def list_storagegroup(private_key: str, cid: str, bearer_token: str="", *expecte def get_storagegroup(private_key: str, cid: str, oid: str, bearer_token: str, expected_size, *expected_objects_list): if bearer_token: - bearer_token = f"--bearer {ASSETS_DIR}/{bearer_token}" + bearer_token = f"--bearer {bearer_token}" object_cmd = f'{NEOFS_CLI_EXEC} --rpc-endpoint {NEOFS_ENDPOINT} --wif {private_key} storagegroup get --cid {cid} --id {oid} {bearer_token}' logger.info(f"Cmd: {object_cmd}") @@ -1013,7 +911,7 @@ def get_storagegroup(private_key: str, cid: str, oid: str, bearer_token: str, ex def delete_storagegroup(private_key: str, cid: str, oid: str, bearer_token: str=""): if bearer_token: - bearer_token = f"--bearer {ASSETS_DIR}/{bearer_token}" + bearer_token = f"--bearer {bearer_token}" object_cmd = ( f'{NEOFS_CLI_EXEC} --rpc-endpoint {NEOFS_ENDPOINT} --wif {private_key} storagegroup ' @@ -1118,14 +1016,3 @@ def _search_object(node:str, private_key: str, cid:str, oid: str): logger.info("Server is not presented in container.") elif ( re.search(r'timed out after 30 seconds', output) or re.search(r'no route to host', output) or re.search(r'i/o timeout', output)): logger.warn("Node is unavailable") - - -def _cmd_run(cmd): - try: - complProc = subprocess.run(cmd, check=True, universal_newlines=True, - stdout=subprocess.PIPE, stderr=subprocess.STDOUT, timeout=30, shell=True) - output = complProc.stdout - logger.info(f"Output: {output}") - return output - except subprocess.CalledProcessError as e: - raise Exception(f"Error:\nreturn code: {e.returncode} \nOutput: {e.output}") diff --git a/robot/testsuites/integration/acl/acl_bearer_allow.robot b/robot/testsuites/integration/acl/acl_bearer_allow.robot index 3b7ec8b..b746bfa 100644 --- a/robot/testsuites/integration/acl/acl_bearer_allow.robot +++ b/robot/testsuites/integration/acl/acl_bearer_allow.robot @@ -1,9 +1,12 @@ *** Settings *** Variables ../../../variables/common.py -Library ../${RESOURCES}/neofs.py -Library ../${RESOURCES}/payment_neogo.py -Library Collections +Library Collections +Library neofs.py +Library acl.py +Library payment_neogo.py + +Resource ../../../variables/eacl_tables.robot Resource common_steps_acl_bearer.robot Resource ../${RESOURCES}/payment_operations.robot Resource ../${RESOURCES}/setup_teardown.robot @@ -37,52 +40,52 @@ BearerToken Operations Check eACL Deny and Allow All Bearer - ${CID} = Create Container Public - ${S_OID_USER} = Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER} - ${D_OID_USER} = Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER_DEL} - @{S_OBJ_H} = Create List ${S_OID_USER} + ${CID} = Create Container Public + ${S_OID_USER} = Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER} + ${D_OID_USER} = Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER_DEL} + @{S_OBJ_H} = Create List ${S_OID_USER} - Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_OTH_HEADER} - Get object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl - Search object ${USER_KEY} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER} ${S_OBJ_H} - Head object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} - Get Range ${USER_KEY} ${CID} ${S_OID_USER} s_get_range ${EMPTY} 0:256 - Delete object ${USER_KEY} ${CID} ${D_OID_USER} ${EMPTY} + Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_OTH_HEADER} + Get object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl + Search object ${USER_KEY} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER} ${S_OBJ_H} + Head object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} + Get Range ${USER_KEY} ${CID} ${S_OID_USER} s_get_range ${EMPTY} 0:256 + Delete object ${USER_KEY} ${CID} ${D_OID_USER} ${EMPTY} - Set eACL ${USER_KEY} ${CID} ${EACL_DENY_ALL_USER} + Set eACL ${USER_KEY} ${CID} ${EACL_DENY_ALL_USER} - # The current ACL cache lifetime is 30 sec - Sleep ${NEOFS_CONTRACT_CACHE_TIMEOUT} + # The current ACL cache lifetime is 30 sec + Sleep ${NEOFS_CONTRACT_CACHE_TIMEOUT} - ${rule1}= Create Dictionary Operation=GET Access=ALLOW Role=USER - ${rule2}= Create Dictionary Operation=HEAD Access=ALLOW Role=USER - ${rule3}= Create Dictionary Operation=PUT Access=ALLOW Role=USER - ${rule4}= Create Dictionary Operation=DELETE Access=ALLOW Role=USER - ${rule5}= Create Dictionary Operation=SEARCH Access=ALLOW Role=USER - ${rule6}= Create Dictionary Operation=GETRANGE Access=ALLOW Role=USER - ${rule7}= Create Dictionary Operation=GETRANGEHASH Access=ALLOW Role=USER + ${rule1}= Create Dictionary Operation=GET Access=ALLOW Role=USER + ${rule2}= Create Dictionary Operation=HEAD Access=ALLOW Role=USER + ${rule3}= Create Dictionary Operation=PUT Access=ALLOW Role=USER + ${rule4}= Create Dictionary Operation=DELETE Access=ALLOW Role=USER + ${rule5}= Create Dictionary Operation=SEARCH Access=ALLOW Role=USER + ${rule6}= Create Dictionary Operation=GETRANGE Access=ALLOW Role=USER + ${rule7}= Create Dictionary Operation=GETRANGEHASH Access=ALLOW Role=USER - ${eACL_gen}= Create List ${rule1} ${rule2} ${rule3} ${rule4} ${rule5} ${rule6} ${rule7} + ${eACL_gen}= Create List ${rule1} ${rule2} ${rule3} ${rule4} ${rule5} ${rule6} ${rule7} - Form BearerToken file ${USER_KEY} ${CID} bearer_allow_all_user ${eACL_gen} 100500 + ${EACL_TOKEN} = Form BearerToken File ${USER_KEY} ${CID} ${eACL_gen} - Run Keyword And Expect Error * - ... Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER} - Run Keyword And Expect Error * - ... Get object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl - Run Keyword And Expect Error * - ... Search object ${USER_KEY} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER} ${S_OBJ_H} - Run Keyword And Expect Error * - ... Head object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} - Run Keyword And Expect Error * - ... Get Range ${USER_KEY} ${CID} ${S_OID_USER} s_get_range ${EMPTY} 0:256 - Run Keyword And Expect Error * - ... Delete object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} + Run Keyword And Expect Error * + ... Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER} + Run Keyword And Expect Error * + ... Get object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl + Run Keyword And Expect Error * + ... Search object ${USER_KEY} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER} ${S_OBJ_H} + Run Keyword And Expect Error * + ... Head object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} + Run Keyword And Expect Error * + ... Get Range ${USER_KEY} ${CID} ${S_OID_USER} s_get_range ${EMPTY} 0:256 + Run Keyword And Expect Error * + ... Delete object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} - # All operations on object should be passed with bearer token - Put object ${USER_KEY} ${FILE_S} ${CID} bearer_allow_all_user ${FILE_OTH_HEADER} - Get object ${USER_KEY} ${CID} ${S_OID_USER} bearer_allow_all_user local_file_eacl - Search object ${USER_KEY} ${CID} ${EMPTY} bearer_allow_all_user ${FILE_USR_HEADER} ${S_OBJ_H} - Head object ${USER_KEY} ${CID} ${S_OID_USER} bearer_allow_all_user - Get Range ${USER_KEY} ${CID} ${S_OID_USER} s_get_range bearer_allow_all_user 0:256 - Delete object ${USER_KEY} ${CID} ${S_OID_USER} bearer_allow_all_user + # All operations on object should be passed with bearer token + Put object ${USER_KEY} ${FILE_S} ${CID} ${EACL_TOKEN} ${FILE_OTH_HEADER} + Get object ${USER_KEY} ${CID} ${S_OID_USER} ${EACL_TOKEN} local_file_eacl + Search object ${USER_KEY} ${CID} ${EMPTY} ${EACL_TOKEN} ${FILE_USR_HEADER} ${S_OBJ_H} + Head object ${USER_KEY} ${CID} ${S_OID_USER} ${EACL_TOKEN} + Get Range ${USER_KEY} ${CID} ${S_OID_USER} s_get_range ${EACL_TOKEN} 0:256 + Delete object ${USER_KEY} ${CID} ${S_OID_USER} ${EACL_TOKEN} diff --git a/robot/testsuites/integration/acl/acl_bearer_allow_storagegroup.robot b/robot/testsuites/integration/acl/acl_bearer_allow_storagegroup.robot index 801614b..e40b133 100644 --- a/robot/testsuites/integration/acl/acl_bearer_allow_storagegroup.robot +++ b/robot/testsuites/integration/acl/acl_bearer_allow_storagegroup.robot @@ -1,9 +1,12 @@ *** Settings *** Variables ../../../variables/common.py -Library ../${RESOURCES}/neofs.py -Library ../${RESOURCES}/payment_neogo.py Library Collections +Library acl.py +Library neofs.py +Library payment_neogo.py + +Resource ../../../variables/eacl_tables.robot Resource common_steps_acl_bearer.robot Resource ../${RESOURCES}/payment_operations.robot Resource ../${RESOURCES}/setup_teardown.robot @@ -42,43 +45,43 @@ Check eACL Deny and Allow All Bearer # Storage group Operations (Put, List, Get, Delete) - ${SG_OID_INV} = Put Storagegroup ${USER_KEY} ${CID} ${EMPTY} ${S_OID_USER} - ${SG_OID_1} = Put Storagegroup ${USER_KEY} ${CID} ${EMPTY} ${S_OID_USER} - List Storagegroup ${USER_KEY} ${CID} ${EMPTY} ${SG_OID_1} ${SG_OID_INV} - @{EXPECTED_OIDS} = Run Keyword If "${RUN_TYPE}" == "Complex" Get Split objects ${USER_KEY} ${CID} ${S_OID_USER} - ... ELSE IF "${RUN_TYPE}" == "Simple" Create List ${S_OID_USER} - Get Storagegroup ${USER_KEY} ${CID} ${SG_OID_1} ${EMPTY} ${EMPTY} @{EXPECTED_OIDS} - Delete Storagegroup ${USER_KEY} ${CID} ${SG_OID_1} ${EMPTY} + ${SG_OID_INV} = Put Storagegroup ${USER_KEY} ${CID} ${EMPTY} ${S_OID_USER} + ${SG_OID_1} = Put Storagegroup ${USER_KEY} ${CID} ${EMPTY} ${S_OID_USER} + List Storagegroup ${USER_KEY} ${CID} ${EMPTY} ${SG_OID_1} ${SG_OID_INV} + @{EXPECTED_OIDS} = Run Keyword If "${RUN_TYPE}" == "Complex" Get Split objects ${USER_KEY} ${CID} ${S_OID_USER} + ... ELSE IF "${RUN_TYPE}" == "Simple" Create List ${S_OID_USER} + Get Storagegroup ${USER_KEY} ${CID} ${SG_OID_1} ${EMPTY} ${EMPTY} @{EXPECTED_OIDS} + Delete Storagegroup ${USER_KEY} ${CID} ${SG_OID_1} ${EMPTY} - Set eACL ${USER_KEY} ${CID} ${EACL_DENY_ALL_USER} + Set eACL ${USER_KEY} ${CID} ${EACL_DENY_ALL_USER} - # The current ACL cache lifetime is 30 sec - Sleep ${NEOFS_CONTRACT_CACHE_TIMEOUT} + # The current ACL cache lifetime is 30 sec + Sleep ${NEOFS_CONTRACT_CACHE_TIMEOUT} - ${rule1}= Create Dictionary Operation=GET Access=ALLOW Role=USER - ${rule2}= Create Dictionary Operation=HEAD Access=ALLOW Role=USER - ${rule3}= Create Dictionary Operation=PUT Access=ALLOW Role=USER - ${rule4}= Create Dictionary Operation=DELETE Access=ALLOW Role=USER - ${rule5}= Create Dictionary Operation=SEARCH Access=ALLOW Role=USER - ${rule6}= Create Dictionary Operation=GETRANGE Access=ALLOW Role=USER - ${rule7}= Create Dictionary Operation=GETRANGEHASH Access=ALLOW Role=USER + ${rule1}= Create Dictionary Operation=GET Access=ALLOW Role=USER + ${rule2}= Create Dictionary Operation=HEAD Access=ALLOW Role=USER + ${rule3}= Create Dictionary Operation=PUT Access=ALLOW Role=USER + ${rule4}= Create Dictionary Operation=DELETE Access=ALLOW Role=USER + ${rule5}= Create Dictionary Operation=SEARCH Access=ALLOW Role=USER + ${rule6}= Create Dictionary Operation=GETRANGE Access=ALLOW Role=USER + ${rule7}= Create Dictionary Operation=GETRANGEHASH Access=ALLOW Role=USER - ${eACL_gen}= Create List ${rule1} ${rule2} ${rule3} ${rule4} ${rule5} ${rule6} ${rule7} + ${eACL_gen}= Create List ${rule1} ${rule2} ${rule3} ${rule4} ${rule5} ${rule6} ${rule7} - Form BearerToken file ${USER_KEY} ${CID} bearer_allow_all_user ${eACL_gen} 100500 + ${EACL_TOKEN} = Form BearerToken File ${USER_KEY} ${CID} ${eACL_gen} - # All storage groups should fail without bearer token - Run Keyword And Expect Error * - ... Put Storagegroup ${USER_KEY} ${CID} ${EMPTY} ${S_OID_USER} - Run Keyword And Expect Error * - ... List Storagegroup ${USER_KEY} ${CID} ${EMPTY} ${SG_OID_1} ${SG_OID_INV} - Run Keyword And Expect Error * - ... Get Storagegroup ${USER_KEY} ${CID} ${SG_OID_1} ${EMPTY} ${EMPTY} @{EXPECTED_OIDS} - Run Keyword And Expect Error * - ... Delete Storagegroup ${USER_KEY} ${CID} ${SG_OID_1} ${EMPTY} + # All storage groups should fail without bearer token + Run Keyword And Expect Error * + ... Put Storagegroup ${USER_KEY} ${CID} ${EMPTY} ${S_OID_USER} + Run Keyword And Expect Error * + ... List Storagegroup ${USER_KEY} ${CID} ${EMPTY} ${SG_OID_1} ${SG_OID_INV} + Run Keyword And Expect Error * + ... Get Storagegroup ${USER_KEY} ${CID} ${SG_OID_1} ${EMPTY} ${EMPTY} @{EXPECTED_OIDS} + Run Keyword And Expect Error * + ... Delete Storagegroup ${USER_KEY} ${CID} ${SG_OID_1} ${EMPTY} - # Storagegroup should passed with User group key and bearer token - ${SG_OID_NEW} = Put Storagegroup ${USER_KEY} ${CID} bearer_allow_all_user ${S_OID_USER} - List Storagegroup ${USER_KEY} ${CID} bearer_allow_all_user ${SG_OID_NEW} ${SG_OID_INV} - Get Storagegroup ${USER_KEY} ${CID} ${SG_OID_INV} bearer_allow_all_user ${EMPTY} @{EXPECTED_OIDS} - Delete Storagegroup ${USER_KEY} ${CID} ${SG_OID_INV} bearer_allow_all_user + # Storagegroup should passed with User group key and bearer token + ${SG_OID_NEW} = Put Storagegroup ${USER_KEY} ${CID} ${EACL_TOKEN} ${S_OID_USER} + List Storagegroup ${USER_KEY} ${CID} ${EACL_TOKEN} ${SG_OID_NEW} ${SG_OID_INV} + Get Storagegroup ${USER_KEY} ${CID} ${SG_OID_INV} ${EACL_TOKEN} ${EMPTY} @{EXPECTED_OIDS} + Delete Storagegroup ${USER_KEY} ${CID} ${SG_OID_INV} ${EACL_TOKEN} diff --git a/robot/testsuites/integration/acl/acl_bearer_compound.robot b/robot/testsuites/integration/acl/acl_bearer_compound.robot index 742211c..2b23c0f 100644 --- a/robot/testsuites/integration/acl/acl_bearer_compound.robot +++ b/robot/testsuites/integration/acl/acl_bearer_compound.robot @@ -1,10 +1,12 @@ *** Settings *** Variables ../../../variables/common.py -Library ../${RESOURCES}/neofs.py -Library ../${RESOURCES}/payment_neogo.py Library Collections +Library acl.py +Library neofs.py +Library payment_neogo.py +Resource ../../../variables/eacl_tables.robot Resource common_steps_acl_bearer.robot Resource ../${RESOURCES}/payment_operations.robot Resource ../${RESOURCES}/setup_teardown.robot @@ -15,7 +17,7 @@ ${SYSTEM_KEY} = ${NEOFS_IR_WIF} *** Test cases *** BearerToken Operations for Сompound Operations [Documentation] Testcase to validate NeoFS operations with BearerToken for Сompound Operations. - [Tags] ACL NeoFS NeoCLI BearerToken + [Tags] ACL NeoFSCLI BearerToken [Timeout] 20 min [Setup] Setup @@ -28,7 +30,6 @@ BearerToken Operations for Сompound Operations Check Сompound Operations Log Check Bearer token with complex object - Generate file ${COMPLEX_OBJ_SIZE} Check Сompound Operations @@ -38,101 +39,101 @@ BearerToken Operations for Сompound Operations *** Keywords *** Check Сompound Operations - Check Bearer Сompound Get ${OTHER_KEY} OTHERS ${EACL_DENY_ALL_OTHERS} - Check Bearer Сompound Get ${USER_KEY} USER ${EACL_DENY_ALL_USER} - Check Bearer Сompound Get ${SYSTEM_KEY} SYSTEM ${EACL_DENY_ALL_SYSTEM} + Check Bearer Сompound Get ${OTHER_KEY} OTHERS ${EACL_DENY_ALL_OTHERS} + Check Bearer Сompound Get ${USER_KEY} USER ${EACL_DENY_ALL_USER} + Check Bearer Сompound Get ${SYSTEM_KEY} SYSTEM ${EACL_DENY_ALL_SYSTEM} - Check Bearer Сompound Delete ${OTHER_KEY} OTHERS ${EACL_DENY_ALL_OTHERS} - Check Bearer Сompound Delete ${USER_KEY} USER ${EACL_DENY_ALL_USER} - Check Bearer Сompound Delete ${SYSTEM_KEY} SYSTEM ${EACL_DENY_ALL_SYSTEM} + Check Bearer Сompound Delete ${OTHER_KEY} OTHERS ${EACL_DENY_ALL_OTHERS} + Check Bearer Сompound Delete ${USER_KEY} USER ${EACL_DENY_ALL_USER} + Check Bearer Сompound Delete ${SYSTEM_KEY} SYSTEM ${EACL_DENY_ALL_SYSTEM} - Check Bearer Сompound Get Range Hash ${OTHER_KEY} OTHERS ${EACL_DENY_ALL_OTHERS} - Check Bearer Сompound Get Range Hash ${USER_KEY} USER ${EACL_DENY_ALL_USER} - Check Bearer Сompound Get Range Hash ${SYSTEM_KEY} SYSTEM ${EACL_DENY_ALL_SYSTEM} + Check Bearer Сompound Get Range Hash ${OTHER_KEY} OTHERS ${EACL_DENY_ALL_OTHERS} + Check Bearer Сompound Get Range Hash ${USER_KEY} USER ${EACL_DENY_ALL_USER} + Check Bearer Сompound Get Range Hash ${SYSTEM_KEY} SYSTEM ${EACL_DENY_ALL_SYSTEM} Check Bearer Сompound Get [Arguments] ${KEY} ${DENY_GROUP} ${DENY_EACL} - ${CID} = Create Container Public - ${S_OID_USER} = Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER} - @{S_OBJ_H} = Create List ${S_OID_USER} + ${CID} = Create Container Public + ${S_OID_USER} = Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER} + @{S_OBJ_H} = Create List ${S_OID_USER} - ${S_OID_USER} = Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER} - Put object ${KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_OTH_HEADER} - Get object ${KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl - Set eACL ${USER_KEY} ${CID} ${DENY_EACL} + ${S_OID_USER} = Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER} + Put object ${KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_OTH_HEADER} + Get object ${KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl + Set eACL ${USER_KEY} ${CID} ${DENY_EACL} - # The current ACL cache lifetime is 30 sec - Sleep ${NEOFS_CONTRACT_CACHE_TIMEOUT} + # The current ACL cache lifetime is 30 sec + Sleep ${NEOFS_CONTRACT_CACHE_TIMEOUT} - ${rule1}= Create Dictionary Operation=GET Access=ALLOW Role=${DENY_GROUP} - ${rule2}= Create Dictionary Operation=GETRANGE Access=ALLOW Role=${DENY_GROUP} - ${rule3}= Create Dictionary Operation=GETRANGEHASH Access=ALLOW Role=${DENY_GROUP} - ${eACL_gen}= Create List ${rule1} ${rule2} ${rule3} - Form BearerToken file ${USER_KEY} ${CID} bearer_allow ${eACL_gen} 100500 + ${rule1}= Create Dictionary Operation=GET Access=ALLOW Role=${DENY_GROUP} + ${rule2}= Create Dictionary Operation=GETRANGE Access=ALLOW Role=${DENY_GROUP} + ${rule3}= Create Dictionary Operation=GETRANGEHASH Access=ALLOW Role=${DENY_GROUP} + ${eACL_gen}= Create List ${rule1} ${rule2} ${rule3} + ${EACL_TOKEN} = Form BearerToken File ${USER_KEY} ${CID} ${eACL_gen} - Run Keyword And Expect Error * - ... Head object ${KEY} ${CID} ${S_OID_USER} bearer_allow + Run Keyword And Expect Error * + ... Head object ${KEY} ${CID} ${S_OID_USER} ${EACL_TOKEN} - Get object ${KEY} ${CID} ${S_OID_USER} bearer_allow local_file_eacl - Get Range ${KEY} ${CID} ${S_OID_USER} s_get_range bearer_allow 0:256 - Get Range Hash ${KEY} ${CID} ${S_OID_USER} bearer_allow 0:256 + Get object ${KEY} ${CID} ${S_OID_USER} ${EACL_TOKEN} local_file_eacl + Get Range ${KEY} ${CID} ${S_OID_USER} s_get_range ${EACL_TOKEN} 0:256 + Get Range Hash ${KEY} ${CID} ${S_OID_USER} ${EACL_TOKEN} 0:256 Check Bearer Сompound Delete [Arguments] ${KEY} ${DENY_GROUP} ${DENY_EACL} - ${CID} = Create Container Public + ${CID} = Create Container Public - ${S_OID_USER} = Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER} - ${D_OID_USER} = Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${EMPTY} - Put object ${KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_OTH_HEADER} - Delete object ${KEY} ${CID} ${D_OID_USER} ${EMPTY} + ${S_OID_USER} = Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER} + ${D_OID_USER} = Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${EMPTY} + Put object ${KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_OTH_HEADER} + Delete object ${KEY} ${CID} ${D_OID_USER} ${EMPTY} - Set eACL ${USER_KEY} ${CID} ${DENY_EACL} + Set eACL ${USER_KEY} ${CID} ${DENY_EACL} - # The current ACL cache lifetime is 30 sec - Sleep ${NEOFS_CONTRACT_CACHE_TIMEOUT} + # The current ACL cache lifetime is 30 sec + Sleep ${NEOFS_CONTRACT_CACHE_TIMEOUT} - ${rule1} = Create Dictionary Operation=DELETE Access=ALLOW Role=${DENY_GROUP} - ${rule2} = Create Dictionary Operation=PUT Access=DENY Role=${DENY_GROUP} - ${rule3} = Create Dictionary Operation=HEAD Access=DENY Role=${DENY_GROUP} - ${eACL_gen} = Create List ${rule1} ${rule2} ${rule3} - Form BearerToken file ${USER_KEY} ${CID} bearer_allow ${eACL_gen} 100500 + ${rule1} = Create Dictionary Operation=DELETE Access=ALLOW Role=${DENY_GROUP} + ${rule2} = Create Dictionary Operation=PUT Access=DENY Role=${DENY_GROUP} + ${rule3} = Create Dictionary Operation=HEAD Access=DENY Role=${DENY_GROUP} + ${eACL_gen} = Create List ${rule1} ${rule2} ${rule3} + ${EACL_TOKEN} = Form BearerToken File ${USER_KEY} ${CID} ${eACL_gen} - Run Keyword And Expect Error * - ... Head object ${KEY} ${CID} ${S_OID_USER} bearer_allow - Run Keyword And Expect Error * - ... Put object ${KEY} ${FILE_S} ${CID} bearer_allow ${FILE_OTH_HEADER} + Run Keyword And Expect Error * + ... Head object ${KEY} ${CID} ${S_OID_USER} ${EACL_TOKEN} + Run Keyword And Expect Error * + ... Put object ${KEY} ${FILE_S} ${CID} ${EACL_TOKEN} ${FILE_OTH_HEADER} - Delete object ${KEY} ${CID} ${S_OID_USER} bearer_allow + Delete object ${KEY} ${CID} ${S_OID_USER} ${EACL_TOKEN} Check Bearer Сompound Get Range Hash - [Arguments] ${KEY} ${DENY_GROUP} ${DENY_EACL} + [Arguments] ${KEY} ${DENY_GROUP} ${DENY_EACL} - ${CID} = Create Container Public + ${CID} = Create Container Public - ${S_OID_USER} = Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER} - Put object ${KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_OTH_HEADER} - Get Range Hash ${SYSTEM_KEY_SN} ${CID} ${S_OID_USER} ${EMPTY} 0:256 + ${S_OID_USER} = Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER} + Put object ${KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_OTH_HEADER} + Get Range Hash ${SYSTEM_KEY_SN} ${CID} ${S_OID_USER} ${EMPTY} 0:256 - Set eACL ${USER_KEY} ${CID} ${DENY_EACL} + Set eACL ${USER_KEY} ${CID} ${DENY_EACL} - # The current ACL cache lifetime is 30 sec - Sleep ${NEOFS_CONTRACT_CACHE_TIMEOUT} + # The current ACL cache lifetime is 30 sec + Sleep ${NEOFS_CONTRACT_CACHE_TIMEOUT} - ${rule1} = Create Dictionary Operation=GETRANGEHASH Access=ALLOW Role=${DENY_GROUP} - ${rule2} = Create Dictionary Operation=GETRANGE Access=DENY Role=${DENY_GROUP} - ${rule3} = Create Dictionary Operation=GET Access=DENY Role=${DENY_GROUP} - ${eACL_gen} = Create List ${rule1} ${rule2} ${rule3} - Form BearerToken file ${USER_KEY} ${CID} bearer_allow ${eACL_gen} 100500 + ${rule1} = Create Dictionary Operation=GETRANGEHASH Access=ALLOW Role=${DENY_GROUP} + ${rule2} = Create Dictionary Operation=GETRANGE Access=DENY Role=${DENY_GROUP} + ${rule3} = Create Dictionary Operation=GET Access=DENY Role=${DENY_GROUP} + ${eACL_gen} = Create List ${rule1} ${rule2} ${rule3} + ${EACL_TOKEN} = Form BearerToken File ${USER_KEY} ${CID} ${eACL_gen} - Run Keyword And Expect Error * - ... Get Range ${KEY} ${CID} ${S_OID_USER} s_get_range bearer_allow 0:256 - Run Keyword And Expect Error * - ... Get object ${KEY} ${CID} ${S_OID_USER} bearer_allow local_file_eacl + Run Keyword And Expect Error * + ... Get Range ${KEY} ${CID} ${S_OID_USER} s_get_range ${EACL_TOKEN} 0:256 + Run Keyword And Expect Error * + ... Get object ${KEY} ${CID} ${S_OID_USER} ${EACL_TOKEN} local_file_eacl - Get Range Hash ${KEY} ${CID} ${S_OID_USER} bearer_allow 0:256 + Get Range Hash ${KEY} ${CID} ${S_OID_USER} ${EACL_TOKEN} 0:256 diff --git a/robot/testsuites/integration/acl/acl_bearer_filter_oid_equal.robot b/robot/testsuites/integration/acl/acl_bearer_filter_oid_equal.robot index 5efffe7..c32e83e 100644 --- a/robot/testsuites/integration/acl/acl_bearer_filter_oid_equal.robot +++ b/robot/testsuites/integration/acl/acl_bearer_filter_oid_equal.robot @@ -1,12 +1,15 @@ *** Settings *** Variables ../../../variables/common.py -Library ../${RESOURCES}/neofs.py -Library ../${RESOURCES}/payment_neogo.py Library Collections +Library neofs.py +Library acl.py +Library payment_neogo.py + +Resource ../../../variables/eacl_tables.robot Resource common_steps_acl_bearer.robot -Resource ../${RESOURCES}/payment_operations.robot -Resource ../${RESOURCES}/setup_teardown.robot +Resource payment_operations.robot +Resource setup_teardown.robot *** Test cases *** @@ -18,7 +21,6 @@ BearerToken Operations with Filter OID Equal [Setup] Setup Generate Keys - Prepare eACL Role rules Log Check Bearer token with simple object Generate file ${SIMPLE_OBJ_SIZE} @@ -54,43 +56,43 @@ Check eACL Deny and Allow All Bearer Filter OID Equal # The current ACL cache lifetime is 30 sec Sleep ${NEOFS_CONTRACT_CACHE_TIMEOUT} - ${filters}= Create Dictionary headerType=OBJECT matchType=STRING_EQUAL key=$Object:objectID value=${S_OID_USER} + ${filters}= Create Dictionary headerType=OBJECT matchType=STRING_EQUAL key=$Object:objectID value=${S_OID_USER} - ${rule1}= Create Dictionary Operation=GET Access=ALLOW Role=USER Filters=${filters} - ${rule2}= Create Dictionary Operation=HEAD Access=ALLOW Role=USER Filters=${filters} - ${rule3}= Create Dictionary Operation=PUT Access=ALLOW Role=USER Filters=${filters} - ${rule4}= Create Dictionary Operation=DELETE Access=ALLOW Role=USER Filters=${filters} - ${rule5}= Create Dictionary Operation=SEARCH Access=ALLOW Role=USER Filters=${filters} - ${rule6}= Create Dictionary Operation=GETRANGE Access=ALLOW Role=USER Filters=${filters} - ${rule7}= Create Dictionary Operation=GETRANGEHASH Access=ALLOW Role=USER Filters=${filters} + ${rule1}= Create Dictionary Operation=GET Access=ALLOW Role=USER Filters=${filters} + ${rule2}= Create Dictionary Operation=HEAD Access=ALLOW Role=USER Filters=${filters} + ${rule3}= Create Dictionary Operation=PUT Access=ALLOW Role=USER Filters=${filters} + ${rule4}= Create Dictionary Operation=DELETE Access=ALLOW Role=USER Filters=${filters} + ${rule5}= Create Dictionary Operation=SEARCH Access=ALLOW Role=USER Filters=${filters} + ${rule6}= Create Dictionary Operation=GETRANGE Access=ALLOW Role=USER Filters=${filters} + ${rule7}= Create Dictionary Operation=GETRANGEHASH Access=ALLOW Role=USER Filters=${filters} - ${eACL_gen}= Create List ${rule1} ${rule2} ${rule3} ${rule4} ${rule5} ${rule6} ${rule7} + ${eACL_gen}= Create List ${rule1} ${rule2} ${rule3} ${rule4} ${rule5} ${rule6} ${rule7} - Form BearerToken file ${USER_KEY} ${CID} bearer_allow_all_user ${eACL_gen} 100500 + ${EACL_TOKEN} = Form BearerToken File ${USER_KEY} ${CID} ${eACL_gen} - Run Keyword And Expect Error * - ... Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER} - Run Keyword And Expect Error * - ... Get object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl - Run Keyword And Expect Error * - ... Search object ${USER_KEY} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER} ${S_OBJ_H} - Run Keyword And Expect Error * - ... Head object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} - Run Keyword And Expect Error * - ... Get Range ${USER_KEY} ${CID} ${S_OID_USER} s_get_range ${EMPTY} 0:256 - Run Keyword And Expect Error * - ... Delete object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} - Run Keyword And Expect Error * - ... Search object ${USER_KEY} ${CID} ${EMPTY} bearer_allow_all_user ${FILE_USR_HEADER} ${S_OBJ_H} - Run Keyword And Expect Error * - ... Put object ${USER_KEY} ${FILE_S} ${CID} bearer_allow_all_user ${FILE_OTH_HEADER} - Run Keyword And Expect Error * - ... Get object ${USER_KEY} ${CID} ${S_OID_USER_2} bearer_allow_all_user local_file_eacl + Run Keyword And Expect Error * + ... Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER} + Run Keyword And Expect Error * + ... Get object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl + Run Keyword And Expect Error * + ... Search object ${USER_KEY} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER} ${S_OBJ_H} + Run Keyword And Expect Error * + ... Head object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} + Run Keyword And Expect Error * + ... Get Range ${USER_KEY} ${CID} ${S_OID_USER} s_get_range ${EMPTY} 0:256 + Run Keyword And Expect Error * + ... Delete object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} + Run Keyword And Expect Error * + ... Search object ${USER_KEY} ${CID} ${EMPTY} ${EACL_TOKEN} ${FILE_USR_HEADER} ${S_OBJ_H} + Run Keyword And Expect Error * + ... Put object ${USER_KEY} ${FILE_S} ${CID} ${EACL_TOKEN} ${FILE_OTH_HEADER} + Run Keyword And Expect Error * + ... Get object ${USER_KEY} ${CID} ${S_OID_USER_2} ${EACL_TOKEN} local_file_eacl - Get object ${USER_KEY} ${CID} ${S_OID_USER} bearer_allow_all_user local_file_eacl - Get Range ${USER_KEY} ${CID} ${S_OID_USER} s_get_range bearer_allow_all_user 0:256 + Get object ${USER_KEY} ${CID} ${S_OID_USER} ${EACL_TOKEN} local_file_eacl + Get Range ${USER_KEY} ${CID} ${S_OID_USER} s_get_range ${EACL_TOKEN} 0:256 - Head object ${USER_KEY} ${CID} ${S_OID_USER} bearer_allow_all_user - Delete object ${USER_KEY} ${CID} ${S_OID_USER} bearer_allow_all_user - Run Keyword And Expect Error * - ... Delete object ${USER_KEY} ${CID} ${D_OID_USER} bearer_allow_all_user + Head object ${USER_KEY} ${CID} ${S_OID_USER} ${EACL_TOKEN} + Delete object ${USER_KEY} ${CID} ${S_OID_USER} ${EACL_TOKEN} + Run Keyword And Expect Error * + ... Delete object ${USER_KEY} ${CID} ${D_OID_USER} ${EACL_TOKEN} diff --git a/robot/testsuites/integration/acl/acl_bearer_filter_oid_not_equal.robot b/robot/testsuites/integration/acl/acl_bearer_filter_oid_not_equal.robot index da4adc8..3a4736f 100644 --- a/robot/testsuites/integration/acl/acl_bearer_filter_oid_not_equal.robot +++ b/robot/testsuites/integration/acl/acl_bearer_filter_oid_not_equal.robot @@ -1,10 +1,12 @@ *** Settings *** Variables ../../../variables/common.py -Library ../${RESOURCES}/neofs.py -Library ../${RESOURCES}/payment_neogo.py Library Collections +Library neofs.py +Library acl.py +Library payment_neogo.py +Resource ../../../variables/eacl_tables.robot Resource common_steps_acl_bearer.robot Resource ../${RESOURCES}/payment_operations.robot Resource ../${RESOURCES}/setup_teardown.robot @@ -13,20 +15,18 @@ Resource ../${RESOURCES}/setup_teardown.robot *** Test cases *** BearerToken Operations with Filter OID NotEqual [Documentation] Testcase to validate NeoFS operations with BearerToken with Filter OID NotEqual. - [Tags] ACL NeoFS NeoCLI BearerToken + [Tags] ACL NeoFSCLI BearerToken [Timeout] 20 min [Setup] Setup Generate Keys - Prepare eACL Role rules Log Check Bearer token with simple object Generate file ${SIMPLE_OBJ_SIZE} Check eACL Deny and Allow All Bearer Filter OID NotEqual Log Check Bearer token with complex object - Generate file ${COMPLEX_OBJ_SIZE} Check eACL Deny and Allow All Bearer Filter OID NotEqual @@ -36,90 +36,70 @@ BearerToken Operations with Filter OID NotEqual *** Keywords *** - -Prepare eACL Role rules - Log Set eACL for different Role cases - - # eACL rules for all operations and similar permissions - @{Roles} = Create List OTHERS USER SYSTEM - FOR ${role} IN @{Roles} - ${rule1} = Create Dictionary Operation=GET Access=DENY Role=${role} - ${rule2} = Create Dictionary Operation=HEAD Access=DENY Role=${role} - ${rule3} = Create Dictionary Operation=PUT Access=DENY Role=${role} - ${rule4} = Create Dictionary Operation=DELETE Access=DENY Role=${role} - ${rule5} = Create Dictionary Operation=SEARCH Access=DENY Role=${role} - ${rule6} = Create Dictionary Operation=GETRANGE Access=DENY Role=${role} - ${rule7} = Create Dictionary Operation=GETRANGEHASH Access=DENY Role=${role} - - ${eACL_gen} = Create List ${rule1} ${rule2} ${rule3} ${rule4} ${rule5} ${rule6} ${rule7} - Form eACL json common file gen_eacl_deny_all_${role} ${eACL_gen} - Set Global Variable ${EACL_DENY_ALL_${role}} gen_eacl_deny_all_${role} - END - Check eACL Deny and Allow All Bearer Filter OID NotEqual ${CID} = Create Container Public - ${S_OID_USER} = Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER} - ${S_OID_USER_2} = Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${EMPTY} - ${D_OID_USER} = Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER_DEL} - @{S_OBJ_H} = Create List ${S_OID_USER} + ${S_OID_USER} = Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER} + ${S_OID_USER_2} = Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${EMPTY} + ${D_OID_USER} = Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER_DEL} + @{S_OBJ_H} = Create List ${S_OID_USER} + Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_OTH_HEADER} + Get object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl + Search object ${USER_KEY} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER} ${S_OBJ_H} + Head object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} + Get Range ${USER_KEY} ${CID} ${S_OID_USER} s_get_range ${EMPTY} 0:256 + Delete object ${USER_KEY} ${CID} ${D_OID_USER} ${EMPTY} - Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_OTH_HEADER} - Get object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl - Search object ${USER_KEY} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER} ${S_OBJ_H} - Head object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} - Get Range ${USER_KEY} ${CID} ${S_OID_USER} s_get_range ${EMPTY} 0:256 - Delete object ${USER_KEY} ${CID} ${D_OID_USER} ${EMPTY} - - Set eACL ${USER_KEY} ${CID} ${EACL_DENY_ALL_USER} + Set eACL ${USER_KEY} ${CID} ${EACL_DENY_ALL_USER} # The current ACL cache lifetime is 30 sec Sleep ${NEOFS_CONTRACT_CACHE_TIMEOUT} - ${filters}= Create Dictionary headerType=OBJECT matchType=STRING_NOT_EQUAL key=$Object:objectID value=${S_OID_USER_2} + ${filters}= Create Dictionary headerType=OBJECT matchType=STRING_NOT_EQUAL key=$Object:objectID value=${S_OID_USER_2} - ${rule1}= Create Dictionary Operation=GET Access=ALLOW Role=USER Filters=${filters} - ${rule2}= Create Dictionary Operation=HEAD Access=ALLOW Role=USER Filters=${filters} - ${rule3}= Create Dictionary Operation=PUT Access=ALLOW Role=USER Filters=${filters} - ${rule4}= Create Dictionary Operation=DELETE Access=ALLOW Role=USER Filters=${filters} - ${rule5}= Create Dictionary Operation=SEARCH Access=ALLOW Role=USER Filters=${filters} - ${rule6}= Create Dictionary Operation=GETRANGE Access=ALLOW Role=USER Filters=${filters} - ${rule7}= Create Dictionary Operation=GETRANGEHASH Access=ALLOW Role=USER Filters=${filters} + ${rule1}= Create Dictionary Operation=GET Access=ALLOW Role=USER Filters=${filters} + ${rule2}= Create Dictionary Operation=HEAD Access=ALLOW Role=USER Filters=${filters} + ${rule3}= Create Dictionary Operation=PUT Access=ALLOW Role=USER Filters=${filters} + ${rule4}= Create Dictionary Operation=DELETE Access=ALLOW Role=USER Filters=${filters} + ${rule5}= Create Dictionary Operation=SEARCH Access=ALLOW Role=USER Filters=${filters} + ${rule6}= Create Dictionary Operation=GETRANGE Access=ALLOW Role=USER Filters=${filters} + ${rule7}= Create Dictionary Operation=GETRANGEHASH Access=ALLOW Role=USER Filters=${filters} - ${eACL_gen}= Create List ${rule1} ${rule2} ${rule3} ${rule4} ${rule5} ${rule6} ${rule7} + ${eACL_gen}= Create List ${rule1} ${rule2} ${rule3} ${rule4} ${rule5} ${rule6} ${rule7} - Form BearerToken file ${USER_KEY} ${CID} bearer_allow_all_user ${eACL_gen} 100500 + ${EACL_TOKEN} = Form BearerToken File ${USER_KEY} ${CID} ${eACL_gen} - Run Keyword And Expect Error * - ... Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER} - Run Keyword And Expect Error * - ... Get object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl - Run Keyword And Expect Error * - ... Search object ${USER_KEY} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER} ${S_OBJ_H} - Run Keyword And Expect Error * - ... Head object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} - Run Keyword And Expect Error * - ... Get Range ${USER_KEY} ${CID} ${S_OID_USER} s_get_range ${EMPTY} 0:256 - Run Keyword And Expect Error * - ... Delete object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} - Run Keyword And Expect Error * - ... Search object ${USER_KEY} ${CID} ${EMPTY} bearer_allow_all_user ${FILE_USR_HEADER} ${S_OBJ_H} + Run Keyword And Expect Error * + ... Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER} + Run Keyword And Expect Error * + ... Get object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl + Run Keyword And Expect Error * + ... Search object ${USER_KEY} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER} ${S_OBJ_H} + Run Keyword And Expect Error * + ... Head object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} + Run Keyword And Expect Error * + ... Get Range ${USER_KEY} ${CID} ${S_OID_USER} s_get_range ${EMPTY} 0:256 + Run Keyword And Expect Error * + ... Delete object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} - Put object ${USER_KEY} ${FILE_S} ${CID} bearer_allow_all_user ${FILE_OTH_HEADER} + Put object ${USER_KEY} ${FILE_S} ${CID} ${EACL_TOKEN} ${FILE_OTH_HEADER} - Get object ${USER_KEY} ${CID} ${S_OID_USER} bearer_allow_all_user local_file_eacl - Run Keyword And Expect Error * - ... Get object ${USER_KEY} ${CID} ${S_OID_USER_2} bearer_allow_all_user local_file_eacl + Get object ${USER_KEY} ${CID} ${S_OID_USER} ${EACL_TOKEN} local_file_eacl + Run Keyword And Expect Error * + ... Get object ${USER_KEY} ${CID} ${S_OID_USER_2} ${EACL_TOKEN} local_file_eacl - Get Range ${USER_KEY} ${CID} ${S_OID_USER} s_get_range bearer_allow_all_user 0:256 - Run Keyword And Expect Error * - ... Get Range ${USER_KEY} ${CID} ${S_OID_USER_2} s_get_range bearer_allow_all_user 0:256 + Get Range ${USER_KEY} ${CID} ${S_OID_USER} s_get_range ${EACL_TOKEN} 0:256 + Run Keyword And Expect Error * + ... Get Range ${USER_KEY} ${CID} ${S_OID_USER_2} s_get_range ${EACL_TOKEN} 0:256 - Head object ${USER_KEY} ${CID} ${S_OID_USER} bearer_allow_all_user - Run Keyword And Expect Error * - ... Head object ${USER_KEY} ${CID} ${S_OID_USER_2} bearer_allow_all_user + Head object ${USER_KEY} ${CID} ${S_OID_USER} ${EACL_TOKEN} + Run Keyword And Expect Error * + ... Head object ${USER_KEY} ${CID} ${S_OID_USER_2} ${EACL_TOKEN} - Delete object ${USER_KEY} ${CID} ${S_OID_USER} bearer_allow_all_user + Run Keyword And Expect Error * + ... Search object ${USER_KEY} ${CID} ${EMPTY} ${EACL_TOKEN} ${FILE_USR_HEADER} ${S_OBJ_H} - Run Keyword And Expect Error * - ... Delete object ${USER_KEY} ${CID} ${D_OID_USER_2} bearer_allow_all_user + Delete object ${USER_KEY} ${CID} ${S_OID_USER} ${EACL_TOKEN} + + Run Keyword And Expect Error * + ... Delete object ${USER_KEY} ${CID} ${D_OID_USER_2} ${EACL_TOKEN} diff --git a/robot/testsuites/integration/acl/acl_bearer_filter_userheader_equal.robot b/robot/testsuites/integration/acl/acl_bearer_filter_userheader_equal.robot index 708e678..d493d77 100644 --- a/robot/testsuites/integration/acl/acl_bearer_filter_userheader_equal.robot +++ b/robot/testsuites/integration/acl/acl_bearer_filter_userheader_equal.robot @@ -1,10 +1,12 @@ *** Settings *** Variables ../../../variables/common.py -Library ../${RESOURCES}/neofs.py -Library ../${RESOURCES}/payment_neogo.py Library Collections +Library acl.py +Library neofs.py +Library payment_neogo.py +Resource ../../../variables/eacl_tables.robot Resource common_steps_acl_bearer.robot Resource ../${RESOURCES}/payment_operations.robot Resource ../${RESOURCES}/setup_teardown.robot @@ -12,7 +14,7 @@ Resource ../${RESOURCES}/setup_teardown.robot *** Test cases *** BearerToken Operations with Filter UserHeader Equal [Documentation] Testcase to validate NeoFS operations with BearerToken with Filter UserHeader Equal. - [Tags] ACL NeoFS NeoCLI BearerToken + [Tags] ACL NeoFSCLI BearerToken [Timeout] 20 min [Setup] Setup @@ -33,91 +35,73 @@ BearerToken Operations with Filter UserHeader Equal *** Keywords *** -Prepare eACL Role rules - Log Set eACL for different Role cases - # eACL rules for all operations and similar permissions - @{Roles} = Create List OTHERS USER SYSTEM - FOR ${role} IN @{Roles} - ${rule1} = Create Dictionary Operation=GET Access=DENY Role=${role} - ${rule2} = Create Dictionary Operation=HEAD Access=DENY Role=${role} - ${rule3} = Create Dictionary Operation=PUT Access=DENY Role=${role} - ${rule4} = Create Dictionary Operation=DELETE Access=DENY Role=${role} - ${rule5} = Create Dictionary Operation=SEARCH Access=DENY Role=${role} - ${rule6} = Create Dictionary Operation=GETRANGE Access=DENY Role=${role} - ${rule7} = Create Dictionary Operation=GETRANGEHASH Access=DENY Role=${role} - - ${eACL_gen} = Create List ${rule1} ${rule2} ${rule3} ${rule4} ${rule5} ${rule6} ${rule7} - Form eACL json common file gen_eacl_deny_all_${role} ${eACL_gen} - Set Global Variable ${EACL_DENY_ALL_${role}} gen_eacl_deny_all_${role} - END - Check eACL Deny and Allow All Bearer Filter UserHeader Equal ${CID} = Create Container Public - ${S_OID_USER} = Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER} - ${S_OID_USER_2} = Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${EMPTY} - ${D_OID_USER} = Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER_DEL} - @{S_OBJ_H} = Create List ${S_OID_USER} + ${S_OID_USER} = Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER} + ${S_OID_USER_2} = Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${EMPTY} + ${D_OID_USER} = Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER_DEL} + @{S_OBJ_H} = Create List ${S_OID_USER} - Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_OTH_HEADER} - Get object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl - Search object ${USER_KEY} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER} ${S_OBJ_H} - Head object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} - Get Range ${USER_KEY} ${CID} ${S_OID_USER} s_get_range ${EMPTY} 0:256 - Delete object ${USER_KEY} ${CID} ${D_OID_USER} ${EMPTY} + Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_OTH_HEADER} + Get object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl + Search object ${USER_KEY} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER} ${S_OBJ_H} + Head object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} + Get Range ${USER_KEY} ${CID} ${S_OID_USER} s_get_range ${EMPTY} 0:256 + Delete object ${USER_KEY} ${CID} ${D_OID_USER} ${EMPTY} - Set eACL ${USER_KEY} ${CID} ${EACL_DENY_ALL_USER} + Set eACL ${USER_KEY} ${CID} ${EACL_DENY_ALL_USER} # The current ACL cache lifetime is 30 sec Sleep ${NEOFS_CONTRACT_CACHE_TIMEOUT} - ${filters}= Create Dictionary headerType=OBJECT matchType=STRING_EQUAL key=key2 value=abc + ${filters}= Create Dictionary headerType=OBJECT matchType=STRING_EQUAL key=key2 value=abc - ${rule1}= Create Dictionary Operation=GET Access=ALLOW Role=USER Filters=${filters} - ${rule2}= Create Dictionary Operation=HEAD Access=ALLOW Role=USER Filters=${filters} - ${rule3}= Create Dictionary Operation=PUT Access=ALLOW Role=USER Filters=${filters} - ${rule4}= Create Dictionary Operation=DELETE Access=ALLOW Role=USER Filters=${filters} - ${rule5}= Create Dictionary Operation=SEARCH Access=ALLOW Role=USER Filters=${filters} - ${rule6}= Create Dictionary Operation=GETRANGE Access=ALLOW Role=USER Filters=${filters} - ${rule7}= Create Dictionary Operation=GETRANGEHASH Access=ALLOW Role=USER Filters=${filters} + ${rule1}= Create Dictionary Operation=GET Access=ALLOW Role=USER Filters=${filters} + ${rule2}= Create Dictionary Operation=HEAD Access=ALLOW Role=USER Filters=${filters} + ${rule3}= Create Dictionary Operation=PUT Access=ALLOW Role=USER Filters=${filters} + ${rule4}= Create Dictionary Operation=DELETE Access=ALLOW Role=USER Filters=${filters} + ${rule5}= Create Dictionary Operation=SEARCH Access=ALLOW Role=USER Filters=${filters} + ${rule6}= Create Dictionary Operation=GETRANGE Access=ALLOW Role=USER Filters=${filters} + ${rule7}= Create Dictionary Operation=GETRANGEHASH Access=ALLOW Role=USER Filters=${filters} - ${eACL_gen}= Create List ${rule1} ${rule2} ${rule3} ${rule4} ${rule5} ${rule6} ${rule7} + ${eACL_gen}= Create List ${rule1} ${rule2} ${rule3} ${rule4} ${rule5} ${rule6} ${rule7} - Form BearerToken file ${USER_KEY} ${CID} bearer_allow_all_user ${eACL_gen} 100500 + ${EACL_TOKEN} = Form BearerToken File ${USER_KEY} ${CID} ${eACL_gen} - Run Keyword And Expect Error * - ... Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER} - Run Keyword And Expect Error * - ... Get object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl - Run Keyword And Expect Error * - ... Search object ${USER_KEY} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER} ${S_OBJ_H} - Run Keyword And Expect Error * - ... Head object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} - Run Keyword And Expect Error * - ... Get Range ${USER_KEY} ${CID} ${S_OID_USER} s_get_range ${EMPTY} 0:256 - Run Keyword And Expect Error * - ... Delete object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} - Run Keyword And Expect Error * - ... Search object ${USER_KEY} ${CID} ${EMPTY} bearer_allow_all_user ${FILE_USR_HEADER} ${S_OBJ_H} + Run Keyword And Expect Error * + ... Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER} + Run Keyword And Expect Error * + ... Get object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl + Run Keyword And Expect Error * + ... Search object ${USER_KEY} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER} ${S_OBJ_H} + Run Keyword And Expect Error * + ... Head object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} + Run Keyword And Expect Error * + ... Get Range ${USER_KEY} ${CID} ${S_OID_USER} s_get_range ${EMPTY} 0:256 + Run Keyword And Expect Error * + ... Delete object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} + Run Keyword And Expect Error * + ... Search object ${USER_KEY} ${CID} ${EMPTY} ${EACL_TOKEN} ${FILE_USR_HEADER} ${S_OBJ_H} - Run Keyword And Expect Error * - ... Put object ${USER_KEY} ${FILE_S} ${CID} bearer_allow_all_user ${FILE_OTH_HEADER} + Run Keyword And Expect Error * + ... Put object ${USER_KEY} ${FILE_S} ${CID} ${EACL_TOKEN} ${FILE_OTH_HEADER} - Get object ${USER_KEY} ${CID} ${S_OID_USER} bearer_allow_all_user local_file_eacl - Run Keyword And Expect Error * - ... Get object ${USER_KEY} ${CID} ${S_OID_USER_2} bearer_allow_all_user local_file_eacl + Get object ${USER_KEY} ${CID} ${S_OID_USER} ${EACL_TOKEN} local_file_eacl + Run Keyword And Expect Error * + ... Get object ${USER_KEY} ${CID} ${S_OID_USER_2} ${EACL_TOKEN} local_file_eacl - Run Keyword And Expect Error * - ... Get Range ${USER_KEY} ${CID} ${S_OID_USER} s_get_range bearer_allow_all_user 0:256 + Run Keyword And Expect Error * + ... Get Range ${USER_KEY} ${CID} ${S_OID_USER} s_get_range ${EACL_TOKEN} 0:256 - Run Keyword And Expect Error * - ... Get Range Hash ${USER_KEY} ${CID} ${S_OID_USER} bearer_allow_all_user 0:256 + Run Keyword And Expect Error * + ... Get Range Hash ${USER_KEY} ${CID} ${S_OID_USER} ${EACL_TOKEN} 0:256 - Head object ${USER_KEY} ${CID} ${S_OID_USER} bearer_allow_all_user - Run Keyword And Expect Error * - ... Head object ${USER_KEY} ${CID} ${S_OID_USER_2} bearer_allow_all_user + Head object ${USER_KEY} ${CID} ${S_OID_USER} ${EACL_TOKEN} + Run Keyword And Expect Error * + ... Head object ${USER_KEY} ${CID} ${S_OID_USER_2} ${EACL_TOKEN} - # Delete can not be filtered by UserHeader. - Run Keyword And Expect Error * - ... Delete object ${USER_KEY} ${CID} ${S_OID_USER} bearer_allow_all_user - Run Keyword And Expect Error * - ... Delete object ${USER_KEY} ${CID} ${S_OID_USER_2} bearer_allow_all_user + # Delete can not be filtered by UserHeader. + Run Keyword And Expect Error * + ... Delete object ${USER_KEY} ${CID} ${S_OID_USER} ${EACL_TOKEN} + Run Keyword And Expect Error * + ... Delete object ${USER_KEY} ${CID} ${S_OID_USER_2} ${EACL_TOKEN} diff --git a/robot/testsuites/integration/acl/acl_bearer_filter_userheader_not_equal.robot b/robot/testsuites/integration/acl/acl_bearer_filter_userheader_not_equal.robot index e72e6e0..0155af8 100644 --- a/robot/testsuites/integration/acl/acl_bearer_filter_userheader_not_equal.robot +++ b/robot/testsuites/integration/acl/acl_bearer_filter_userheader_not_equal.robot @@ -1,30 +1,31 @@ *** Settings *** Variables ../../../variables/common.py -Library ../${RESOURCES}/neofs.py -Library ../${RESOURCES}/payment_neogo.py Library Collections +Library neofs.py +Library acl.py +Library payment_neogo.py + Resource common_steps_acl_bearer.robot +Resource ../../../variables/eacl_tables.robot Resource ../${RESOURCES}/payment_operations.robot Resource ../${RESOURCES}/setup_teardown.robot *** Test cases *** BearerToken Operations Filter UserHeader NotEqual [Documentation] Testcase to validate NeoFS operations with BearerToken Filter UserHeader NotEqual. - [Tags] ACL NeoFS NeoCLI BearerToken + [Tags] ACL NeoFSCLI BearerToken [Timeout] 20 min [Setup] Setup Generate Keys - Prepare eACL Role rules Log Check Bearer token with simple object Generate file ${SIMPLE_OBJ_SIZE} Check eACL Deny and Allow All Bearer Filter UserHeader NotEqual Log Check Bearer token with complex object - Generate file ${COMPLEX_OBJ_SIZE} Check eACL Deny and Allow All Bearer Filter UserHeader NotEqual @@ -33,77 +34,76 @@ BearerToken Operations Filter UserHeader NotEqual *** Keywords *** Check eACL Deny and Allow All Bearer Filter UserHeader NotEqual - ${CID} = Create Container Public - ${S_OID_USER} = Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_OTH_HEADER} - ${S_OID_USER_2} = Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER} - ${D_OID_USER} = Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER_DEL} - @{S_OBJ_H} = Create List ${S_OID_USER_2} + ${CID} = Create Container Public + ${S_OID_USER} = Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_OTH_HEADER} + ${S_OID_USER_2} = Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER} + ${D_OID_USER} = Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER_DEL} + @{S_OBJ_H} = Create List ${S_OID_USER_2} + Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_OTH_HEADER} + Get object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl + Search object ${USER_KEY} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER} ${S_OBJ_H} + Head object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} + Get Range ${USER_KEY} ${CID} ${S_OID_USER} s_get_range ${EMPTY} 0:256 + Delete object ${USER_KEY} ${CID} ${D_OID_USER} ${EMPTY} - Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_OTH_HEADER} - Get object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl - Search object ${USER_KEY} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER} ${S_OBJ_H} - Head object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} - Get Range ${USER_KEY} ${CID} ${S_OID_USER} s_get_range ${EMPTY} 0:256 - Delete object ${USER_KEY} ${CID} ${D_OID_USER} ${EMPTY} + Set eACL ${USER_KEY} ${CID} ${EACL_DENY_ALL_USER} - Set eACL ${USER_KEY} ${CID} ${EACL_DENY_ALL_USER} + # The current ACL cache lifetime is 30 sec + Sleep ${NEOFS_CONTRACT_CACHE_TIMEOUT} - # The current ACL cache lifetime is 30 sec - Sleep ${NEOFS_CONTRACT_CACHE_TIMEOUT} + ${filters}= Create Dictionary headerType=OBJECT matchType=STRING_NOT_EQUAL key=key2 value=abc - ${filters}= Create Dictionary headerType=OBJECT matchType=STRING_NOT_EQUAL key=key2 value=abc + ${rule1}= Create Dictionary Operation=GET Access=ALLOW Role=USER Filters=${filters} + ${rule2}= Create Dictionary Operation=HEAD Access=ALLOW Role=USER Filters=${filters} + ${rule3}= Create Dictionary Operation=PUT Access=ALLOW Role=USER Filters=${filters} + ${rule4}= Create Dictionary Operation=DELETE Access=ALLOW Role=USER Filters=${filters} + ${rule5}= Create Dictionary Operation=SEARCH Access=ALLOW Role=USER Filters=${filters} + ${rule6}= Create Dictionary Operation=GETRANGE Access=ALLOW Role=USER Filters=${filters} + ${rule7}= Create Dictionary Operation=GETRANGEHASH Access=ALLOW Role=USER Filters=${filters} - ${rule1}= Create Dictionary Operation=GET Access=ALLOW Role=USER Filters=${filters} - ${rule2}= Create Dictionary Operation=HEAD Access=ALLOW Role=USER Filters=${filters} - ${rule3}= Create Dictionary Operation=PUT Access=ALLOW Role=USER Filters=${filters} - ${rule4}= Create Dictionary Operation=DELETE Access=ALLOW Role=USER Filters=${filters} - ${rule5}= Create Dictionary Operation=SEARCH Access=ALLOW Role=USER Filters=${filters} - ${rule6}= Create Dictionary Operation=GETRANGE Access=ALLOW Role=USER Filters=${filters} - ${rule7}= Create Dictionary Operation=GETRANGEHASH Access=ALLOW Role=USER Filters=${filters} + ${eACL_gen}= Create List ${rule1} ${rule2} ${rule3} ${rule4} ${rule6} ${rule7} - ${eACL_gen}= Create List ${rule1} ${rule2} ${rule3} ${rule4} ${rule6} ${rule7} + ${EACL_TOKEN} = Form BearerToken File ${USER_KEY} ${CID} ${eACL_gen} - Form BearerToken file ${USER_KEY} ${CID} bearer_allow_all_user ${eACL_gen} 100500 + Run Keyword And Expect Error * + ... Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER} + Run Keyword And Expect Error * + ... Get object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl + Run Keyword And Expect Error * + ... Search object ${USER_KEY} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER} ${S_OBJ_H} + Run Keyword And Expect Error * + ... Head object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} + Run Keyword And Expect Error * + ... Get Range ${USER_KEY} ${CID} ${S_OID_USER} s_get_range ${EMPTY} 0:256 + Run Keyword And Expect Error * + ... Delete object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} - Run Keyword And Expect Error * - ... Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER} - Run Keyword And Expect Error * - ... Get object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl - Run Keyword And Expect Error * - ... Search object ${USER_KEY} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER} ${S_OBJ_H} - Run Keyword And Expect Error * - ... Head object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} - Run Keyword And Expect Error * - ... Get Range ${USER_KEY} ${CID} ${S_OID_USER} s_get_range ${EMPTY} 0:256 - Run Keyword And Expect Error * - ... Delete object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} + # Search can not use filter by headers + Run Keyword And Expect Error * + ... Search object ${USER_KEY} ${CID} ${EMPTY} ${EACL_TOKEN} ${FILE_USR_HEADER} ${S_OBJ_H} - # Search can not use filter by headers - Run Keyword And Expect Error * - ... Search object ${USER_KEY} ${CID} ${EMPTY} bearer_allow_all_user ${FILE_USR_HEADER} ${S_OBJ_H} + # Different behaviour for big and small objects! + # Put object ${USER_KEY} ${FILE_S} ${CID} ${EACL_TOKEN} ${FILE_OTH_HEADER} + Run Keyword And Expect Error * + ... Put object ${USER_KEY} ${FILE_S} ${CID} ${EACL_TOKEN} ${EMPTY} - # Different behaviour for big and small objects! - # Put object ${USER_KEY} ${FILE_S} ${CID} bearer_allow_all_user ${FILE_OTH_HEADER} - Run Keyword And Expect Error * - ... Put object ${USER_KEY} ${FILE_S} ${CID} bearer_allow_all_user ${EMPTY} + Get object ${USER_KEY} ${CID} ${S_OID_USER} ${EACL_TOKEN} local_file_eacl + Run Keyword And Expect Error * + ... Get object ${USER_KEY} ${CID} ${S_OID_USER_2} ${EACL_TOKEN} local_file_eacl - Get object ${USER_KEY} ${CID} ${S_OID_USER} bearer_allow_all_user local_file_eacl - Run Keyword And Expect Error * - ... Get object ${USER_KEY} ${CID} ${S_OID_USER_2} bearer_allow_all_user local_file_eacl + Run Keyword And Expect Error * + ... Get Range ${USER_KEY} ${CID} ${S_OID_USER} s_get_range ${EACL_TOKEN} 0:256 - Run Keyword And Expect Error * - ... Get Range ${USER_KEY} ${CID} ${S_OID_USER} s_get_range bearer_allow_all_user 0:256 + Run Keyword And Expect Error * + ... Get Range Hash ${USER_KEY} ${CID} ${S_OID_USER} ${EACL_TOKEN} 0:256 - Run Keyword And Expect Error * - ... Get Range Hash ${USER_KEY} ${CID} ${S_OID_USER} bearer_allow_all_user 0:256 + Head object ${USER_KEY} ${CID} ${S_OID_USER} ${EACL_TOKEN} + Run Keyword And Expect Error * + ... Head object ${USER_KEY} ${CID} ${S_OID_USER_2} ${EACL_TOKEN} - Head object ${USER_KEY} ${CID} ${S_OID_USER} bearer_allow_all_user - Run Keyword And Expect Error * - ... Head object ${USER_KEY} ${CID} ${S_OID_USER_2} bearer_allow_all_user - - # Delete can not be filtered by UserHeader. - Run Keyword And Expect Error * - ... Delete object ${USER_KEY} ${CID} ${S_OID_USER} bearer_allow_all_user - Run Keyword And Expect Error * - ... Delete object ${USER_KEY} ${CID} ${S_OID_USER_2} bearer_allow_all_user + # Delete can not be filtered by UserHeader. + Run Keyword And Expect Error * + ... Delete object ${USER_KEY} ${CID} ${S_OID_USER} ${EACL_TOKEN} + Run Keyword And Expect Error * + ... Delete object ${USER_KEY} ${CID} ${S_OID_USER_2} ${EACL_TOKEN} diff --git a/robot/testsuites/integration/acl/acl_bearer_inaccessible.robot b/robot/testsuites/integration/acl/acl_bearer_inaccessible.robot index b88c3ff..7dde7a2 100644 --- a/robot/testsuites/integration/acl/acl_bearer_inaccessible.robot +++ b/robot/testsuites/integration/acl/acl_bearer_inaccessible.robot @@ -1,10 +1,13 @@ *** Settings *** Variables ../../../variables/common.py -Library ../${RESOURCES}/neofs.py -Library ../${RESOURCES}/payment_neogo.py Library Collections +Library neofs.py +Library acl.py +Library payment_neogo.py + +Resource ../../../variables/eacl_tables.robot Resource common_steps_acl_bearer.robot Resource ../${RESOURCES}/payment_operations.robot Resource ../${RESOURCES}/setup_teardown.robot @@ -12,20 +15,18 @@ Resource ../${RESOURCES}/setup_teardown.robot *** Test cases *** BearerToken Operations for Inaccessible Container [Documentation] Testcase to validate NeoFS operations with BearerToken for Inaccessible Container. - [Tags] ACL NeoFS NeoCLI BearerToken + [Tags] ACL NeoFSCLI BearerToken [Timeout] 20 min [Setup] Setup Generate Keys - Prepare eACL Role rules Log Check Bearer token with simple object Generate file ${SIMPLE_OBJ_SIZE} Check Container Inaccessible and Allow All Bearer Log Check Bearer token with complex object - Generate file ${COMPLEX_OBJ_SIZE} Check Container Inaccessible and Allow All Bearer @@ -34,29 +35,28 @@ BearerToken Operations for Inaccessible Container *** Keywords *** Check Container Inaccessible and Allow All Bearer - ${CID} = Create Container Inaccessible + ${CID} = Create Container Inaccessible - Run Keyword And Expect Error * - ... Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER} - Run Keyword And Expect Error * - ... Get object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl - Run Keyword And Expect Error * - ... Search object ${USER_KEY} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER} - Run Keyword And Expect Error * - ... Head object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} - Run Keyword And Expect Error * - ... Get Range ${USER_KEY} ${CID} ${S_OID_USER} s_get_range ${EMPTY} 0:256 - Run Keyword And Expect Error * - ... Delete object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} + Run Keyword And Expect Error * + ... Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER} + Run Keyword And Expect Error * + ... Get object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl + Run Keyword And Expect Error * + ... Search object ${USER_KEY} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER} + Run Keyword And Expect Error * + ... Head object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} + Run Keyword And Expect Error * + ... Get Range ${USER_KEY} ${CID} ${S_OID_USER} s_get_range ${EMPTY} 0:256 + Run Keyword And Expect Error * + ... Delete object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} - ${rule1}= Create Dictionary Operation=PUT Access=ALLOW Role=USER - ${rule2}= Create Dictionary Operation=SEARCH Access=ALLOW Role=USER + ${rule1} = Create Dictionary Operation=PUT Access=ALLOW Role=USER + ${rule2} = Create Dictionary Operation=SEARCH Access=ALLOW Role=USER + ${eACL_gen} = Create List ${rule1} ${rule2} - ${eACL_gen}= Create List ${rule1} ${rule2} + ${EACL_TOKEN} = Form BearerToken File ${USER_KEY} ${CID} ${eACL_gen} - Form BearerToken file ${USER_KEY} ${CID} bearer_allow_all_user ${eACL_gen} 100500 - - Run Keyword And Expect Error * - ... Put object ${USER_KEY} ${FILE_S} ${CID} bearer_allow_all_user ${FILE_USR_HEADER} - Run Keyword And Expect Error * - ... Search object ${USER_KEY} ${CID} ${EMPTY} bearer_allow_all_user ${FILE_USR_HEADER} + Run Keyword And Expect Error * + ... Put object ${USER_KEY} ${FILE_S} ${CID} ${EACL_TOKEN} ${FILE_USR_HEADER} + Run Keyword And Expect Error * + ... Search object ${USER_KEY} ${CID} ${EMPTY} ${EACL_TOKEN} ${FILE_USR_HEADER} diff --git a/robot/testsuites/integration/acl/acl_bearer_request_filter_xheader_deny.robot b/robot/testsuites/integration/acl/acl_bearer_request_filter_xheader_deny.robot index 8b03098..15fd0e1 100644 --- a/robot/testsuites/integration/acl/acl_bearer_request_filter_xheader_deny.robot +++ b/robot/testsuites/integration/acl/acl_bearer_request_filter_xheader_deny.robot @@ -1,10 +1,12 @@ *** Settings *** Variables ../../../variables/common.py -Library ../${RESOURCES}/neofs.py -Library ../${RESOURCES}/payment_neogo.py Library Collections +Library neofs.py +Library acl.py +Library payment_neogo.py +Resource ../../../variables/eacl_tables.robot Resource common_steps_acl_bearer.robot Resource ../${RESOURCES}/payment_operations.robot Resource ../${RESOURCES}/setup_teardown.robot @@ -25,7 +27,6 @@ BearerToken Operations Check eACL Allow All Bearer Filter Requst Equal Deny Log Check Bearer token with complex object - Generate file ${COMPLEX_OBJ_SIZE} Check eACL Allow All Bearer Filter Requst Equal Deny @@ -37,10 +38,10 @@ BearerToken Operations Check eACL Allow All Bearer Filter Requst Equal Deny ${CID} = Create Container Public - ${S_OID_USER} = Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER} - ${S_OID_USER_2} = Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${EMPTY} - ${D_OID_USER} = Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER_DEL} - @{S_OBJ_H} = Create List ${S_OID_USER} + ${S_OID_USER} = Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER} + ${S_OID_USER_2} = Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${EMPTY} + ${D_OID_USER} = Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER_DEL} + @{S_OBJ_H} = Create List ${S_OID_USER} ${filters}= Create Dictionary headerType=REQUEST matchType=STRING_EQUAL key=a value=256 @@ -52,27 +53,28 @@ Check eACL Allow All Bearer Filter Requst Equal Deny ${rule6}= Create Dictionary Operation=GETRANGE Access=DENY Role=USER Filters=${filters} ${rule7}= Create Dictionary Operation=GETRANGEHASH Access=DENY Role=USER Filters=${filters} ${eACL_gen}= Create List ${rule1} ${rule2} ${rule3} ${rule4} ${rule5} ${rule6} ${rule7} - Form BearerToken file ${USER_KEY} ${CID} bearer_allow_all_user ${eACL_gen} 100500 - Put object ${USER_KEY} ${FILE_S} ${CID} bearer_allow_all_user ${FILE_OTH_HEADER} ${EMPTY} --xhdr a=2 - Get object ${USER_KEY} ${CID} ${S_OID_USER} bearer_allow_all_user local_file_eacl ${EMPTY} --xhdr a=2 - Search object ${USER_KEY} ${CID} ${EMPTY} bearer_allow_all_user ${FILE_USR_HEADER} ${S_OBJ_H} --xhdr a=2 - Head object ${USER_KEY} ${CID} ${S_OID_USER} bearer_allow_all_user ${EMPTY} --xhdr a=2 - Get Range ${USER_KEY} ${CID} ${S_OID_USER} s_get_range bearer_allow_all_user 0:256 --xhdr a=2 - Get Range Hash ${USER_KEY} ${CID} ${S_OID_USER} bearer_allow_all_user 0:256 --xhdr a=2 - Delete object ${USER_KEY} ${CID} ${D_OID_USER} bearer_allow_all_user --xhdr a=2 + ${EACL_TOKEN} = Form BearerToken File ${USER_KEY} ${CID} ${eACL_gen} - Run Keyword And Expect Error * - ... Put object ${USER_KEY} ${FILE_S} ${CID} bearer_allow_all_user ${FILE_USR_HEADER} ${EMPTY} --xhdr a=256 - Run Keyword And Expect Error * - ... Get object ${USER_KEY} ${CID} ${S_OID_USER} bearer_allow_all_user local_file_eacl ${EMPTY} --xhdr a=256 - Run Keyword And Expect Error * - ... Search object ${USER_KEY} ${CID} ${EMPTY} bearer_allow_all_user ${FILE_USR_HEADER} ${EMPTY} --xhdr a=256 - Run Keyword And Expect Error * - ... Head object ${USER_KEY} ${CID} ${S_OID_USER} bearer_allow_all_user ${EMPTY} --xhdr a=256 - Run Keyword And Expect Error * - ... Get Range ${USER_KEY} ${CID} ${S_OID_USER} s_get_range bearer_allow_all_user 0:256 --xhdr a=256 - Run Keyword And Expect Error * - ... Get Range Hash ${USER_KEY} ${CID} ${S_OID_USER} bearer_allow_all_user 0:256 --xhdr a=256 - Run Keyword And Expect Error * - ... Delete object ${USER_KEY} ${CID} ${S_OID_USER} bearer_allow_all_user --xhdr a=256 + Put object ${USER_KEY} ${FILE_S} ${CID} ${EACL_TOKEN} ${FILE_OTH_HEADER} ${EMPTY} --xhdr a=2 + Get object ${USER_KEY} ${CID} ${S_OID_USER} ${EACL_TOKEN} local_file_eacl ${EMPTY} --xhdr a=2 + Search object ${USER_KEY} ${CID} ${EMPTY} ${EACL_TOKEN} ${FILE_USR_HEADER} ${S_OBJ_H} --xhdr a=2 + Head object ${USER_KEY} ${CID} ${S_OID_USER} ${EACL_TOKEN} ${EMPTY} --xhdr a=2 + Get Range ${USER_KEY} ${CID} ${S_OID_USER} s_get_range ${EACL_TOKEN} 0:256 --xhdr a=2 + Get Range Hash ${USER_KEY} ${CID} ${S_OID_USER} ${EACL_TOKEN} 0:256 --xhdr a=2 + Delete object ${USER_KEY} ${CID} ${D_OID_USER} ${EACL_TOKEN} --xhdr a=2 + + Run Keyword And Expect Error * + ... Put object ${USER_KEY} ${FILE_S} ${CID} ${EACL_TOKEN} ${FILE_USR_HEADER} ${EMPTY} --xhdr a=256 + Run Keyword And Expect Error * + ... Get object ${USER_KEY} ${CID} ${S_OID_USER} ${EACL_TOKEN} local_file_eacl ${EMPTY} --xhdr a=256 + Run Keyword And Expect Error * + ... Search object ${USER_KEY} ${CID} ${EMPTY} ${EACL_TOKEN} ${FILE_USR_HEADER} ${EMPTY} --xhdr a=256 + Run Keyword And Expect Error * + ... Head object ${USER_KEY} ${CID} ${S_OID_USER} ${EACL_TOKEN} ${EMPTY} --xhdr a=256 + Run Keyword And Expect Error * + ... Get Range ${USER_KEY} ${CID} ${S_OID_USER} s_get_range ${EACL_TOKEN} 0:256 --xhdr a=256 + Run Keyword And Expect Error * + ... Get Range Hash ${USER_KEY} ${CID} ${S_OID_USER} ${EACL_TOKEN} 0:256 --xhdr a=256 + Run Keyword And Expect Error * + ... Delete object ${USER_KEY} ${CID} ${S_OID_USER} ${EACL_TOKEN} --xhdr a=256 diff --git a/robot/testsuites/integration/acl/acl_bearer_request_filter_xheader_equal.robot b/robot/testsuites/integration/acl/acl_bearer_request_filter_xheader_equal.robot index 966ae55..b751cca 100644 --- a/robot/testsuites/integration/acl/acl_bearer_request_filter_xheader_equal.robot +++ b/robot/testsuites/integration/acl/acl_bearer_request_filter_xheader_equal.robot @@ -1,10 +1,12 @@ *** Settings *** Variables ../../../variables/common.py -Library ../${RESOURCES}/neofs.py -Library ../${RESOURCES}/payment_neogo.py Library Collections +Library acl.py +Library neofs.py +Library payment_neogo.py +Resource ../../../variables/eacl_tables.robot Resource common_steps_acl_bearer.robot Resource ../${RESOURCES}/payment_operations.robot Resource ../${RESOURCES}/setup_teardown.robot @@ -13,7 +15,7 @@ Resource ../${RESOURCES}/setup_teardown.robot *** Test cases *** BearerToken Operations with Filter Requst Equal [Documentation] Testcase to validate NeoFS operations with BearerToken with Filter Requst Equal. - [Tags] ACL NeoFS NeoCLI BearerToken + [Tags] ACL NeoFSCLI BearerToken [Timeout] 20 min [Setup] Setup @@ -26,7 +28,6 @@ BearerToken Operations with Filter Requst Equal Check eACL Deny and Allow All Bearer Filter Requst Equal Log Check Bearer token with complex object - Generate file ${COMPLEX_OBJ_SIZE} Check eACL Deny and Allow All Bearer Filter Requst Equal @@ -38,51 +39,51 @@ BearerToken Operations with Filter Requst Equal Check eACL Deny and Allow All Bearer Filter Requst Equal ${CID} = Create Container Public - ${S_OID_USER} = Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER} - ${S_OID_USER_2} = Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${EMPTY} - ${D_OID_USER} = Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER_DEL} - @{S_OBJ_H} = Create List ${S_OID_USER} + ${S_OID_USER} = Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER} + ${S_OID_USER_2} = Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${EMPTY} + ${D_OID_USER} = Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER_DEL} + @{S_OBJ_H} = Create List ${S_OID_USER} - Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_OTH_HEADER} - Get object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl - Search object ${USER_KEY} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER} ${S_OBJ_H} - Head object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} - Get Range ${USER_KEY} ${CID} ${S_OID_USER} s_get_range ${EMPTY} 0:256 - Delete object ${USER_KEY} ${CID} ${D_OID_USER} ${EMPTY} + Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_OTH_HEADER} + Get object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl + Search object ${USER_KEY} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER} ${S_OBJ_H} + Head object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} + Get Range ${USER_KEY} ${CID} ${S_OID_USER} s_get_range ${EMPTY} 0:256 + Delete object ${USER_KEY} ${CID} ${D_OID_USER} ${EMPTY} - Set eACL ${USER_KEY} ${CID} ${EACL_DENY_ALL_USER} + Set eACL ${USER_KEY} ${CID} ${EACL_DENY_ALL_USER} # The current ACL cache lifetime is 30 sec Sleep ${NEOFS_CONTRACT_CACHE_TIMEOUT} - ${filters}= Create Dictionary headerType=REQUEST matchType=STRING_EQUAL key=a value=256 - ${rule1}= Create Dictionary Operation=GET Access=ALLOW Role=USER Filters=${filters} - ${rule2}= Create Dictionary Operation=HEAD Access=ALLOW Role=USER Filters=${filters} - ${rule3}= Create Dictionary Operation=PUT Access=ALLOW Role=USER Filters=${filters} - ${rule4}= Create Dictionary Operation=DELETE Access=ALLOW Role=USER Filters=${filters} - ${rule5}= Create Dictionary Operation=SEARCH Access=ALLOW Role=USER Filters=${filters} - ${rule6}= Create Dictionary Operation=GETRANGE Access=ALLOW Role=USER Filters=${filters} - ${rule7}= Create Dictionary Operation=GETRANGEHASH Access=ALLOW Role=USER Filters=${filters} - ${eACL_gen}= Create List ${rule1} ${rule2} ${rule3} ${rule4} ${rule5} ${rule6} ${rule7} - Form BearerToken file ${USER_KEY} ${CID} bearer_allow_all_user ${eACL_gen} 100500 + ${filters}= Create Dictionary headerType=REQUEST matchType=STRING_EQUAL key=a value=256 + ${rule1}= Create Dictionary Operation=GET Access=ALLOW Role=USER Filters=${filters} + ${rule2}= Create Dictionary Operation=HEAD Access=ALLOW Role=USER Filters=${filters} + ${rule3}= Create Dictionary Operation=PUT Access=ALLOW Role=USER Filters=${filters} + ${rule4}= Create Dictionary Operation=DELETE Access=ALLOW Role=USER Filters=${filters} + ${rule5}= Create Dictionary Operation=SEARCH Access=ALLOW Role=USER Filters=${filters} + ${rule6}= Create Dictionary Operation=GETRANGE Access=ALLOW Role=USER Filters=${filters} + ${rule7}= Create Dictionary Operation=GETRANGEHASH Access=ALLOW Role=USER Filters=${filters} + ${eACL_gen}= Create List ${rule1} ${rule2} ${rule3} ${rule4} ${rule5} ${rule6} ${rule7} + ${EACL_TOKEN} = Form BearerToken File ${USER_KEY} ${CID} ${eACL_gen} - Run Keyword And Expect Error * - ... Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER} - Run Keyword And Expect Error * - ... Get object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl - Run Keyword And Expect Error * - ... Search object ${USER_KEY} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER} ${S_OBJ_H} - Run Keyword And Expect Error * - ... Head object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} - Run Keyword And Expect Error * - ... Get Range ${USER_KEY} ${CID} ${S_OID_USER} s_get_range ${EMPTY} 0:256 - Run Keyword And Expect Error * - ... Delete object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} + Run Keyword And Expect Error * + ... Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER} + Run Keyword And Expect Error * + ... Get object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl + Run Keyword And Expect Error * + ... Search object ${USER_KEY} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER} ${S_OBJ_H} + Run Keyword And Expect Error * + ... Head object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} + Run Keyword And Expect Error * + ... Get Range ${USER_KEY} ${CID} ${S_OID_USER} s_get_range ${EMPTY} 0:256 + Run Keyword And Expect Error * + ... Delete object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} - Put object ${USER_KEY} ${FILE_S} ${CID} bearer_allow_all_user ${FILE_USR_HEADER} ${EMPTY} --xhdr a=256 - Get object ${USER_KEY} ${CID} ${S_OID_USER} bearer_allow_all_user local_file_eacl ${EMPTY} --xhdr a=256 - Search object ${USER_KEY} ${CID} ${EMPTY} bearer_allow_all_user ${FILE_USR_HEADER} ${EMPTY} --xhdr a=256 - Head object ${USER_KEY} ${CID} ${S_OID_USER} bearer_allow_all_user ${EMPTY} --xhdr a=256 - Get Range ${USER_KEY} ${CID} ${S_OID_USER} s_get_range bearer_allow_all_user 0:256 --xhdr a=256 - Get Range Hash ${USER_KEY} ${CID} ${S_OID_USER} bearer_allow_all_user 0:256 --xhdr a=256 - Delete object ${USER_KEY} ${CID} ${S_OID_USER} bearer_allow_all_user --xhdr a=256 + Put object ${USER_KEY} ${FILE_S} ${CID} ${EACL_TOKEN} ${FILE_USR_HEADER} ${EMPTY} --xhdr a=256 + Get object ${USER_KEY} ${CID} ${S_OID_USER} ${EACL_TOKEN} local_file_eacl ${EMPTY} --xhdr a=256 + Search object ${USER_KEY} ${CID} ${EMPTY} ${EACL_TOKEN} ${FILE_USR_HEADER} ${EMPTY} --xhdr a=256 + Head object ${USER_KEY} ${CID} ${S_OID_USER} ${EACL_TOKEN} ${EMPTY} --xhdr a=256 + Get Range ${USER_KEY} ${CID} ${S_OID_USER} s_get_range ${EACL_TOKEN} 0:256 --xhdr a=256 + Get Range Hash ${USER_KEY} ${CID} ${S_OID_USER} ${EACL_TOKEN} 0:256 --xhdr a=256 + Delete object ${USER_KEY} ${CID} ${S_OID_USER} ${EACL_TOKEN} --xhdr a=256 diff --git a/robot/testsuites/integration/acl/acl_bearer_request_filter_xheader_not_equal.robot b/robot/testsuites/integration/acl/acl_bearer_request_filter_xheader_not_equal.robot index d12d090..7f64d25 100644 --- a/robot/testsuites/integration/acl/acl_bearer_request_filter_xheader_not_equal.robot +++ b/robot/testsuites/integration/acl/acl_bearer_request_filter_xheader_not_equal.robot @@ -1,10 +1,12 @@ *** Settings *** Variables ../../../variables/common.py -Library ../${RESOURCES}/neofs.py -Library ../${RESOURCES}/payment_neogo.py Library Collections +Library acl.py +Library neofs.py +Library payment_neogo.py +Resource ../../../variables/eacl_tables.robot Resource common_steps_acl_bearer.robot Resource ../${RESOURCES}/payment_operations.robot Resource ../${RESOURCES}/setup_teardown.robot @@ -13,13 +15,12 @@ Resource ../${RESOURCES}/setup_teardown.robot *** Test cases *** BearerToken Operations with Filter Requst NotEqual [Documentation] Testcase to validate NeoFS operations with BearerToken with Filter Requst NotEqual. - [Tags] ACL NeoFS NeoCLI BearerToken + [Tags] ACL NeoFSCLI BearerToken [Timeout] 20 min [Setup] Setup Generate Keys - Prepare eACL Role rules Log Check Bearer token with simple object Generate file ${SIMPLE_OBJ_SIZE} @@ -36,51 +37,51 @@ BearerToken Operations with Filter Requst NotEqual Check eACL Deny and Allow All Bearer Filter Requst NotEqual ${CID} = Create Container Public - ${S_OID_USER} = Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER} - ${S_OID_USER_2} = Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${EMPTY} - ${D_OID_USER} = Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER_DEL} - @{S_OBJ_H} = Create List ${S_OID_USER} + ${S_OID_USER} = Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER} + ${S_OID_USER_2} = Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${EMPTY} + ${D_OID_USER} = Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER_DEL} + @{S_OBJ_H} = Create List ${S_OID_USER} - Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_OTH_HEADER} - Get object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl - Search object ${USER_KEY} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER} ${S_OBJ_H} - Head object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} - Get Range ${USER_KEY} ${CID} ${S_OID_USER} s_get_range ${EMPTY} 0:256 - Delete object ${USER_KEY} ${CID} ${D_OID_USER} ${EMPTY} + Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_OTH_HEADER} + Get object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl + Search object ${USER_KEY} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER} ${S_OBJ_H} + Head object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} + Get Range ${USER_KEY} ${CID} ${S_OID_USER} s_get_range ${EMPTY} 0:256 + Delete object ${USER_KEY} ${CID} ${D_OID_USER} ${EMPTY} - Set eACL ${USER_KEY} ${CID} ${EACL_DENY_ALL_USER} + Set eACL ${USER_KEY} ${CID} ${EACL_DENY_ALL_USER} # The current ACL cache lifetime is 30 sec Sleep ${NEOFS_CONTRACT_CACHE_TIMEOUT} - ${filters}= Create Dictionary headerType=REQUEST matchType=STRING_NOT_EQUAL key=a value=256 - ${rule1}= Create Dictionary Operation=GET Access=ALLOW Role=USER Filters=${filters} - ${rule2}= Create Dictionary Operation=HEAD Access=ALLOW Role=USER Filters=${filters} - ${rule3}= Create Dictionary Operation=PUT Access=ALLOW Role=USER Filters=${filters} - ${rule4}= Create Dictionary Operation=DELETE Access=ALLOW Role=USER Filters=${filters} - ${rule5}= Create Dictionary Operation=SEARCH Access=ALLOW Role=USER Filters=${filters} - ${rule6}= Create Dictionary Operation=GETRANGE Access=ALLOW Role=USER Filters=${filters} - ${rule7}= Create Dictionary Operation=GETRANGEHASH Access=ALLOW Role=USER Filters=${filters} - ${eACL_gen}= Create List ${rule1} ${rule2} ${rule3} ${rule4} ${rule5} ${rule6} ${rule7} - Form BearerToken file ${USER_KEY} ${CID} bearer_allow_all_user ${eACL_gen} 100500 + ${filters}= Create Dictionary headerType=REQUEST matchType=STRING_NOT_EQUAL key=a value=256 + ${rule1}= Create Dictionary Operation=GET Access=ALLOW Role=USER Filters=${filters} + ${rule2}= Create Dictionary Operation=HEAD Access=ALLOW Role=USER Filters=${filters} + ${rule3}= Create Dictionary Operation=PUT Access=ALLOW Role=USER Filters=${filters} + ${rule4}= Create Dictionary Operation=DELETE Access=ALLOW Role=USER Filters=${filters} + ${rule5}= Create Dictionary Operation=SEARCH Access=ALLOW Role=USER Filters=${filters} + ${rule6}= Create Dictionary Operation=GETRANGE Access=ALLOW Role=USER Filters=${filters} + ${rule7}= Create Dictionary Operation=GETRANGEHASH Access=ALLOW Role=USER Filters=${filters} + ${eACL_gen}= Create List ${rule1} ${rule2} ${rule3} ${rule4} ${rule5} ${rule6} ${rule7} + ${EACL_TOKEN} = Form BearerToken File ${USER_KEY} ${CID} ${eACL_gen} - Run Keyword And Expect Error * - ... Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER} - Run Keyword And Expect Error * - ... Get object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl - #Run Keyword And Expect Error * - #... Search object ${USER_KEY} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER} ${S_OBJ_H} - Run Keyword And Expect Error * - ... Head object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} - Run Keyword And Expect Error * - ... Get Range ${USER_KEY} ${CID} ${S_OID_USER} s_get_range ${EMPTY} 0:256 - Run Keyword And Expect Error * - ... Delete object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} + Run Keyword And Expect Error * + ... Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER} + Run Keyword And Expect Error * + ... Get object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl + #Run Keyword And Expect Error * + #... Search object ${USER_KEY} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER} ${S_OBJ_H} + Run Keyword And Expect Error * + ... Head object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} + Run Keyword And Expect Error * + ... Get Range ${USER_KEY} ${CID} ${S_OID_USER} s_get_range ${EMPTY} 0:256 + Run Keyword And Expect Error * + ... Delete object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} - Put object ${USER_KEY} ${FILE_S} ${CID} bearer_allow_all_user ${FILE_USR_HEADER} ${EMPTY} --xhdr a=2 - Get object ${USER_KEY} ${CID} ${S_OID_USER} bearer_allow_all_user local_file_eacl ${EMPTY} --xhdr a=2 - Search object ${USER_KEY} ${CID} ${EMPTY} bearer_allow_all_user ${FILE_USR_HEADER} ${EMPTY} --xhdr a=2 - Head object ${USER_KEY} ${CID} ${S_OID_USER} bearer_allow_all_user ${EMPTY} --xhdr a=2 - Get Range ${USER_KEY} ${CID} ${S_OID_USER} s_get_range bearer_allow_all_user 0:256 --xhdr a=2 - Get Range Hash ${USER_KEY} ${CID} ${S_OID_USER} bearer_allow_all_user 0:256 --xhdr a=2 - Delete object ${USER_KEY} ${CID} ${S_OID_USER} bearer_allow_all_user --xhdr a=2 + Put object ${USER_KEY} ${FILE_S} ${CID} ${EACL_TOKEN} ${FILE_USR_HEADER} ${EMPTY} --xhdr a=2 + Get object ${USER_KEY} ${CID} ${S_OID_USER} ${EACL_TOKEN} local_file_eacl ${EMPTY} --xhdr a=2 + Search object ${USER_KEY} ${CID} ${EMPTY} ${EACL_TOKEN} ${FILE_USR_HEADER} ${EMPTY} --xhdr a=2 + Head object ${USER_KEY} ${CID} ${S_OID_USER} ${EACL_TOKEN} ${EMPTY} --xhdr a=2 + Get Range ${USER_KEY} ${CID} ${S_OID_USER} s_get_range ${EACL_TOKEN} 0:256 --xhdr a=2 + Get Range Hash ${USER_KEY} ${CID} ${S_OID_USER} ${EACL_TOKEN} 0:256 --xhdr a=2 + Delete object ${USER_KEY} ${CID} ${S_OID_USER} ${EACL_TOKEN} --xhdr a=2 diff --git a/robot/testsuites/integration/acl/acl_extended_actions_pubkey.robot b/robot/testsuites/integration/acl/acl_extended_actions_pubkey.robot index b9bce18..6d388b0 100644 --- a/robot/testsuites/integration/acl/acl_extended_actions_pubkey.robot +++ b/robot/testsuites/integration/acl/acl_extended_actions_pubkey.robot @@ -1,9 +1,10 @@ *** Settings *** Variables ../../../variables/common.py -Library ../${RESOURCES}/neofs.py -Library ../${RESOURCES}/payment_neogo.py Library Collections +Library acl.py +Library neofs.py +Library payment_neogo.py Resource common_steps_acl_extended.robot Resource ../${RESOURCES}/payment_operations.robot diff --git a/robot/testsuites/integration/acl/acl_extended_filters.robot b/robot/testsuites/integration/acl/acl_extended_filters.robot index e696859..fb1605a 100644 --- a/robot/testsuites/integration/acl/acl_extended_filters.robot +++ b/robot/testsuites/integration/acl/acl_extended_filters.robot @@ -1,8 +1,9 @@ *** Settings *** Variables ../../../variables/common.py -Library ../${RESOURCES}/neofs.py -Library ../${RESOURCES}/payment_neogo.py +Library acl.py +Library neofs.py +Library payment_neogo.py Library Collections Resource common_steps_acl_extended.robot