anurindm/frostfs-testcases
1
0
Fork 0
forked from TrueCloudLab/frostfs-testcases
Code Pull requests Activity

(#116): fixed eACL tests; refactored acl keywords

Browse source 
Signed-off-by: anastasia prasolova <anastasia@nspcc.ru>
This commit is contained in:
anastasia prasolova 2021-09-10 15:44:40 +03:00 committed by Anastasia Prasolova
parent 19f9d97328
commit 7552a742f3
16 changed files with 772 additions and 678 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

199
robot/resources/lib/acl.py Normal file
View file

@ -0,0 +1,199 @@
#!/usr/bin/python3.8
from enum import Enum, auto
import json
import os
import re
import uuid
import base64
import base58
from cli_helpers import _cmd_run
from common import ASSETS_DIR, NEOFS_ENDPOINT
from robot.api.deco import keyword
from robot.api import logger
"""
Robot Keywords and helper functions for work with NeoFS ACL.
"""
ROBOT_AUTO_KEYWORDS = False
# path to neofs-cli executable
NEOFS_CLI_EXEC = os.getenv('NEOFS_CLI_EXEC', 'neofs-cli')
EACL_LIFETIME = 100500
class AutoName(Enum):
def _generate_next_value_(name, start, count, last_values):
return name
class Role(AutoName):
USER = auto()
SYSTEM = auto()
OTHERS = auto()
@keyword('Get eACL')
def get_eacl(wif: str, cid: str):
cmd = (
f'{NEOFS_CLI_EXEC} --rpc-endpoint {NEOFS_ENDPOINT} --wif {wif} '
f'container get-eacl --cid {cid}'
)
logger.info(f"cmd: {cmd}")
try:
output = _cmd_run(cmd)
if re.search(r'extended ACL table is not set for this container', output):
return None
return output
except RuntimeError as exc:
logger.info("Extended ACL table is not set for this container")
logger.info(f"Got exception while getting eacl: {exc}")
return None
@keyword('Set eACL')
def set_eacl(wif: str, cid: str, eacl_table_path: str):
cmd = (
f'{NEOFS_CLI_EXEC} --rpc-endpoint {NEOFS_ENDPOINT} --wif {wif} '
f'container set-eacl --cid {cid} --table {eacl_table_path} --await'
)
logger.info(f"cmd: {cmd}")
_cmd_run(cmd)
def _encode_cid_for_eacl(cid: str) -> str:
cid_base58 = base58.b58decode(cid)
return base64.b64encode(cid_base58).decode("utf-8")
@keyword('Form BearerToken File')
def form_bearertoken_file(wif: str, cid: str, eacl_records: list) -> str:
"""
This function fetches eACL for given <cid> on behalf of <wif>,
then extends it with filters taken from <eacl_records>, signs
with bearer token and writes to file
"""
enc_cid = _encode_cid_for_eacl(cid)
file_path = f"{os.getcwd()}/{ASSETS_DIR}/{str(uuid.uuid4())}"
eacl = get_eacl(wif, cid)
json_eacl = dict()
if eacl:
eacl = eacl.replace('eACL: ', '')
eacl = eacl.split('Signature')[0]
json_eacl = json.loads(eacl)
logger.info(json_eacl)
eacl_result = {
"body":
{
"eaclTable":
{
"containerID":
{
"value": enc_cid
},
"records": []
},
"lifetime":
{
"exp": EACL_LIFETIME,
"nbf": "1",
"iat": "0"
}
}
}
if not eacl_records:
raise(f"Got empty eacl_records list: {eacl_records}")
for record in eacl_records:
op_data = {
"operation": record['Operation'],
"action": record['Access'],
"filters": [],
"targets": []
}
if Role(record['Role']):
op_data['targets'] = [
{
"role": record['Role']
}
]
else:
op_data['targets'] = [
{
"keys": [ record['Role'] ]
}
]
if 'Filters' in record.keys():
op_data["filters"].append(record['Filters'])
eacl_result["body"]["eaclTable"]["records"].append(op_data)
# Add records from current eACL
if "records" in json_eacl.keys():
for record in json_eacl["records"]:
eacl_result["body"]["eaclTable"]["records"].append(record)
with open(file_path, 'w', encoding='utf-8') as eacl_file:
json.dump(eacl_result, eacl_file, ensure_ascii=False, indent=4)
logger.info(f"Got these extended ACL records: {eacl_result}")
sign_bearer_token(wif, file_path)
return file_path
def sign_bearer_token(wif: str, eacl_rules_file: str):
cmd = (
f'{NEOFS_CLI_EXEC} util sign bearer-token --from {eacl_rules_file} '
f'--to {eacl_rules_file} --wif {wif} --json'
)
logger.info(f"cmd: {cmd}")
_cmd_run(cmd)
@keyword('Form eACL json common file')
def form_eacl_json_common_file(file_path: str, eacl_records: list) -> str:
# Input role can be Role (USER, SYSTEM, OTHERS) or public key.
eacl = {"records":[]}
for record in eacl_records:
op_data = dict()
if record['Role'] == "USER" or record['Role'] == "SYSTEM" or record['Role'] == "OTHERS":
op_data = {
"operation": record['Operation'],
"action": record['Access'],
"filters": [],
"targets": [
{
"role": record['Role']
}
]
}
else:
op_data = {
"operation": record['Operation'],
"action": record['Access'],
"filters": [],
"targets": [
{
"keys": [ record['Role'] ]
}
]
}
if 'Filters' in record.keys():
op_data["filters"].append(record['Filters'])
eacl["records"].append(op_data)
logger.info(f"Got these extended ACL records: {eacl}")
with open(file_path, 'w', encoding='utf-8') as eacl_file:
json.dump(eacl, eacl_file, ensure_ascii=False, indent=4)
return file_path

29
robot/resources/lib/cli_helpers.py Normal file
View file

@ -0,0 +1,29 @@
#!/usr/bin/python3.8
"""
Helper functions to use with `neofs-cli`, `neo-go`
and other CLIs.
"""
import subprocess
from robot.api import logger
ROBOT_AUTO_KEYWORDS = False
def _cmd_run(cmd):
"""
Runs given shell command <cmd>, in case of success returns its stdout,
in case of failure returns error message.
"""
try:
compl_proc = subprocess.run(cmd, check=True, universal_newlines=True,
stdout=subprocess.PIPE, stderr=subprocess.STDOUT, timeout=30,
shell=True)
output = compl_proc.stdout
logger.info(f"Output: {output}")
return output
except subprocess.CalledProcessError as exc:
raise RuntimeError(f"Error:\nreturn code: {exc.returncode} "
f"\nOutput: {exc.output}") from exc

153
robot/resources/lib/neofs.py
View file

@ -17,6 +17,7 @@ from robot.api.deco import keyword
from robot.api import logger from robot.api import logger
from common import * from common import *
from cli_helpers import _cmd_run
ROBOT_AUTO_KEYWORDS = False ROBOT_AUTO_KEYWORDS = False
@ -120,115 +121,12 @@ def validate_storage_policy_for_object(private_key: str, expected_copies: int, c
raise Exception(f"Found node list '{found_nodes}' is not equal to expected list '{expected_node_list}'") raise Exception(f"Found node list '{found_nodes}' is not equal to expected list '{expected_node_list}'")
@keyword('Get eACL')
def get_eacl(private_key: str, cid: str):
Cmd = (
f'{NEOFS_CLI_EXEC} --rpc-endpoint {NEOFS_ENDPOINT} --wif {private_key} '
f'container get-eacl --cid {cid}'
)
logger.info(f"Cmd: {Cmd}")
output = _cmd_run(Cmd)
if re.search(r'extended ACL table is not set for this container', output):
logger.info("Extended ACL table is not set for this container.")
@keyword('Set eACL')
def set_eacl(private_key: str, cid: str, eacl_table_path: str):
cmd = (
f'{NEOFS_CLI_EXEC} --rpc-endpoint {NEOFS_ENDPOINT} --wif {private_key} '
f'container set-eacl --cid {cid} --table {eacl_table_path} --await'
)
logger.info(f"Cmd: {cmd}")
_cmd_run(cmd)
@keyword('Form BearerToken file')
def form_bearertoken_file(private_key: str, cid: str, file_name: str, eacl_oper_list,
lifetime_exp: str ):
cid_base58_b = base58.b58decode(cid)
cid_base64 = base64.b64encode(cid_base58_b).decode("utf-8")
eacl = get_eacl(private_key, cid)
json_eacl = {}
file_path = f"{ASSETS_DIR}/{file_name}"
if eacl:
res_json = re.split(r'[\s\n]+Signature:', eacl)
input_eacl = res_json[0].replace('eACL: ', '')
json_eacl = json.loads(input_eacl)
eacl_result = {"body":{ "eaclTable": { "containerID": { "value": cid_base64 }, "records": [] }, "lifetime": {"exp": lifetime_exp, "nbf": "1", "iat": "0"} } }
if eacl_oper_list:
for record in eacl_oper_list:
op_data = dict()
if record['Role'] == "USER" or record['Role'] == "SYSTEM" or record['Role'] == "OTHERS":
op_data = {"operation":record['Operation'],"action":record['Access'],"filters": [],"targets":[{"role":record['Role']}]}
else:
op_data = {"operation":record['Operation'],"action":record['Access'],"filters": [],"targets":[{"keys": [ record['Role'] ]}]}
if 'Filters' in record.keys():
op_data["filters"].append(record['Filters'])
eacl_result["body"]["eaclTable"]["records"].append(op_data)
# Add records from current eACL
if "records" in json_eacl.keys():
for record in json_eacl["records"]:
eacl_result["body"]["eaclTable"]["records"].append(record)
with open(file_path, 'w', encoding='utf-8') as f:
json.dump(eacl_result, f, ensure_ascii=False, indent=4)
logger.info(eacl_result)
# Sign bearer token
Cmd = (
f'{NEOFS_CLI_EXEC} util sign bearer-token --from {file_path} '
f'--to {file_path} --wif {private_key} --json'
)
logger.info(f"Cmd: {Cmd}")
_cmd_run(Cmd)
return file_path
@keyword('Form eACL json common file')
def form_eacl_json_common_file(file_path, eacl_oper_list ):
# Input role can be Role (USER, SYSTEM, OTHERS) or public key.
eacl = {"records":[]}
logger.info(eacl_oper_list)
if eacl_oper_list:
for record in eacl_oper_list:
op_data = dict()
if record['Role'] == "USER" or record['Role'] == "SYSTEM" or record['Role'] == "OTHERS":
op_data = {"operation":record['Operation'],"action":record['Access'],"filters": [],"targets":[{"role":record['Role']}]}
else:
op_data = {"operation":record['Operation'],"action":record['Access'],"filters": [],"targets":[{"keys": [ record['Role'] ]}]}
if 'Filters' in record.keys():
op_data["filters"].append(record['Filters'])
eacl["records"].append(op_data)
logger.info(eacl)
with open(file_path, 'w', encoding='utf-8') as f:
json.dump(eacl, f, ensure_ascii=False, indent=4)
return file_path
@keyword('Get Range') @keyword('Get Range')
def get_range(private_key: str, cid: str, oid: str, range_file: str, bearer: str, def get_range(private_key: str, cid: str, oid: str, range_file: str, bearer: str,
range_cut: str, options:str=""): range_cut: str, options:str=""):
bearer_token = "" bearer_token = ""
if bearer: if bearer:
bearer_token = f"--bearer {ASSETS_DIR}/{bearer}" bearer_token = f"--bearer {bearer}"
Cmd = ( Cmd = (
f'{NEOFS_CLI_EXEC} --rpc-endpoint {NEOFS_ENDPOINT} --wif {private_key} ' f'{NEOFS_CLI_EXEC} --rpc-endpoint {NEOFS_ENDPOINT} --wif {private_key} '
@ -237,7 +135,7 @@ def get_range(private_key: str, cid: str, oid: str, range_file: str, bearer: str
) )
logger.info(f"Cmd: {Cmd}") logger.info(f"Cmd: {Cmd}")
_cmd_run(Cmd) _cmd_run(Cmd)
@keyword('Create container') @keyword('Create container')
def create_container(private_key: str, basic_acl:str, rule:str, user_headers: str=''): def create_container(private_key: str, basic_acl:str, rule:str, user_headers: str=''):
@ -294,7 +192,7 @@ def search_object(private_key: str, cid: str, keys: str, bearer: str, filters: s
filters_result = "" filters_result = ""
if bearer: if bearer:
bearer_token = f"--bearer {ASSETS_DIR}/{bearer}" bearer_token = f"--bearer {bearer}"
if filters: if filters:
for filter_item in filters.split(','): for filter_item in filters.split(','):
filter_item = re.sub(r'=', ' EQ ', filter_item) filter_item = re.sub(r'=', ' EQ ', filter_item)
@ -380,8 +278,8 @@ def verify_split_chain(private_key: str, cid: str, oid: str):
parsed_header_virtual = parse_object_virtual_raw_header(header_virtual) parsed_header_virtual = parse_object_virtual_raw_header(header_virtual)
if 'Last object' in parsed_header_virtual.keys(): if 'Last object' in parsed_header_virtual.keys():
header_last = head_object(private_key, cid, header_last = head_object(private_key, cid,
parsed_header_virtual['Last object'], parsed_header_virtual['Last object'],
'', '', '--raw') '', '', '--raw')
header_last_parsed = _get_raw_split_information(header_last) header_last_parsed = _get_raw_split_information(header_last)
marker_last_obj = 1 marker_last_obj = 1
@ -402,8 +300,8 @@ def verify_split_chain(private_key: str, cid: str, oid: str):
parsed_header_virtual = parse_object_virtual_raw_header(header_virtual) parsed_header_virtual = parse_object_virtual_raw_header(header_virtual)
if 'Linking object' in parsed_header_virtual.keys(): if 'Linking object' in parsed_header_virtual.keys():
header_link = head_object(private_key, cid, header_link = head_object(private_key, cid,
parsed_header_virtual['Linking object'], parsed_header_virtual['Linking object'],
'', '', '--raw') '', '', '--raw')
header_link_parsed = _get_raw_split_information(header_link) header_link_parsed = _get_raw_split_information(header_link)
marker_link_obj = 1 marker_link_obj = 1
@ -601,7 +499,7 @@ def head_object(private_key: str, cid: str, oid: str, bearer_token: str="",
user_headers:str="", options:str="", endpoint: str="", json_output: bool = False): user_headers:str="", options:str="", endpoint: str="", json_output: bool = False):
if bearer_token: if bearer_token:
bearer_token = f"--bearer {ASSETS_DIR}/{bearer_token}" bearer_token = f"--bearer {bearer_token}"
if endpoint == "": if endpoint == "":
endpoint = NEOFS_ENDPOINT endpoint = NEOFS_ENDPOINT
@ -770,7 +668,7 @@ def verify_head_attribute(header, attribute):
def delete_object(private_key: str, cid: str, oid: str, bearer: str, options: str=""): def delete_object(private_key: str, cid: str, oid: str, bearer: str, options: str=""):
bearer_token = "" bearer_token = ""
if bearer: if bearer:
bearer_token = f"--bearer {ASSETS_DIR}/{bearer}" bearer_token = f"--bearer {bearer}"
object_cmd = ( object_cmd = (
f'{NEOFS_CLI_EXEC} --rpc-endpoint {NEOFS_ENDPOINT} --wif {private_key} ' f'{NEOFS_CLI_EXEC} --rpc-endpoint {NEOFS_ENDPOINT} --wif {private_key} '
@ -779,7 +677,7 @@ def delete_object(private_key: str, cid: str, oid: str, bearer: str, options: st
logger.info(f"Cmd: {object_cmd}") logger.info(f"Cmd: {object_cmd}")
output = _cmd_run(object_cmd) output = _cmd_run(object_cmd)
tombstone = _parse_oid(output) tombstone = _parse_oid(output)
return tombstone return tombstone
@ -805,7 +703,7 @@ def get_file_name(filepath):
def get_file_hash(filename : str): def get_file_hash(filename : str):
file_hash = _get_file_hash(filename) file_hash = _get_file_hash(filename)
return file_hash return file_hash
@keyword('Verify file hash') @keyword('Verify file hash')
def verify_file_hash(filename, expected_hash): def verify_file_hash(filename, expected_hash):
@ -828,7 +726,7 @@ def put_object(private_key: str, path: str, cid: str, bearer: str, user_headers:
user_headers = f"--attributes {user_headers}" user_headers = f"--attributes {user_headers}"
if bearer: if bearer:
bearer = f"--bearer {ASSETS_DIR}/{bearer}" bearer = f"--bearer {bearer}"
putobject_cmd = ( putobject_cmd = (
f'{NEOFS_CLI_EXEC} --rpc-endpoint {endpoint} --wif {private_key} object ' f'{NEOFS_CLI_EXEC} --rpc-endpoint {endpoint} --wif {private_key} object '
@ -905,7 +803,7 @@ def find_in_nodes_Log(line: str, nodes_logs_time: dict):
def get_range_hash(private_key: str, cid: str, oid: str, bearer_token: str, def get_range_hash(private_key: str, cid: str, oid: str, bearer_token: str,
range_cut: str, options: str=""): range_cut: str, options: str=""):
if bearer_token: if bearer_token:
bearer_token = f"--bearer {ASSETS_DIR}/{bearer_token}" bearer_token = f"--bearer {bearer_token}"
object_cmd = ( object_cmd = (
f'{NEOFS_CLI_EXEC} --rpc-endpoint {NEOFS_ENDPOINT} --wif {private_key} ' f'{NEOFS_CLI_EXEC} --rpc-endpoint {NEOFS_ENDPOINT} --wif {private_key} '
@ -914,7 +812,7 @@ def get_range_hash(private_key: str, cid: str, oid: str, bearer_token: str,
) )
logger.info(f"Cmd: {object_cmd}") logger.info(f"Cmd: {object_cmd}")
_cmd_run(object_cmd) _cmd_run(object_cmd)
@keyword('Get object') @keyword('Get object')
def get_object(private_key: str, cid: str, oid: str, bearer_token: str, def get_object(private_key: str, cid: str, oid: str, bearer_token: str,
@ -928,7 +826,7 @@ def get_object(private_key: str, cid: str, oid: str, bearer_token: str,
if bearer_token: if bearer_token:
bearer_token = f"--bearer {ASSETS_DIR}/{bearer_token}" bearer_token = f"--bearer {bearer_token}"
object_cmd = ( object_cmd = (
f'{NEOFS_CLI_EXEC} --rpc-endpoint {endpoint} --wif {private_key} ' f'{NEOFS_CLI_EXEC} --rpc-endpoint {endpoint} --wif {private_key} '
@ -947,7 +845,7 @@ def put_storagegroup(private_key: str, cid: str, bearer_token: str="", *oid_list
cmd_oid_line = ",".join(oid_list) cmd_oid_line = ",".join(oid_list)
if bearer_token: if bearer_token:
bearer_token = f"--bearer {ASSETS_DIR}/{bearer_token}" bearer_token = f"--bearer {bearer_token}"
object_cmd = ( object_cmd = (
f'{NEOFS_CLI_EXEC} --rpc-endpoint {NEOFS_ENDPOINT} --wif {private_key} storagegroup ' f'{NEOFS_CLI_EXEC} --rpc-endpoint {NEOFS_ENDPOINT} --wif {private_key} storagegroup '
@ -964,7 +862,7 @@ def put_storagegroup(private_key: str, cid: str, bearer_token: str="", *oid_list
def list_storagegroup(private_key: str, cid: str, bearer_token: str="", *expected_list): def list_storagegroup(private_key: str, cid: str, bearer_token: str="", *expected_list):
if bearer_token: if bearer_token:
bearer_token = f"--bearer {ASSETS_DIR}/{bearer_token}" bearer_token = f"--bearer {bearer_token}"
object_cmd = ( object_cmd = (
f'{NEOFS_CLI_EXEC} --rpc-endpoint {NEOFS_ENDPOINT} --wif {private_key} ' f'{NEOFS_CLI_EXEC} --rpc-endpoint {NEOFS_ENDPOINT} --wif {private_key} '
@ -988,7 +886,7 @@ def list_storagegroup(private_key: str, cid: str, bearer_token: str="", *expecte
def get_storagegroup(private_key: str, cid: str, oid: str, bearer_token: str, expected_size, *expected_objects_list): def get_storagegroup(private_key: str, cid: str, oid: str, bearer_token: str, expected_size, *expected_objects_list):
if bearer_token: if bearer_token:
bearer_token = f"--bearer {ASSETS_DIR}/{bearer_token}" bearer_token = f"--bearer {bearer_token}"
object_cmd = f'{NEOFS_CLI_EXEC} --rpc-endpoint {NEOFS_ENDPOINT} --wif {private_key} storagegroup get --cid {cid} --id {oid} {bearer_token}' object_cmd = f'{NEOFS_CLI_EXEC} --rpc-endpoint {NEOFS_ENDPOINT} --wif {private_key} storagegroup get --cid {cid} --id {oid} {bearer_token}'
logger.info(f"Cmd: {object_cmd}") logger.info(f"Cmd: {object_cmd}")
@ -1013,7 +911,7 @@ def get_storagegroup(private_key: str, cid: str, oid: str, bearer_token: str, ex
def delete_storagegroup(private_key: str, cid: str, oid: str, bearer_token: str=""): def delete_storagegroup(private_key: str, cid: str, oid: str, bearer_token: str=""):
if bearer_token: if bearer_token:
bearer_token = f"--bearer {ASSETS_DIR}/{bearer_token}" bearer_token = f"--bearer {bearer_token}"
object_cmd = ( object_cmd = (
f'{NEOFS_CLI_EXEC} --rpc-endpoint {NEOFS_ENDPOINT} --wif {private_key} storagegroup ' f'{NEOFS_CLI_EXEC} --rpc-endpoint {NEOFS_ENDPOINT} --wif {private_key} storagegroup '
@ -1118,14 +1016,3 @@ def _search_object(node:str, private_key: str, cid:str, oid: str):
logger.info("Server is not presented in container.") logger.info("Server is not presented in container.")
elif ( re.search(r'timed out after 30 seconds', output) or re.search(r'no route to host', output) or re.search(r'i/o timeout', output)): elif ( re.search(r'timed out after 30 seconds', output) or re.search(r'no route to host', output) or re.search(r'i/o timeout', output)):
logger.warn("Node is unavailable") logger.warn("Node is unavailable")
def _cmd_run(cmd):
try:
complProc = subprocess.run(cmd, check=True, universal_newlines=True,
stdout=subprocess.PIPE, stderr=subprocess.STDOUT, timeout=30, shell=True)
output = complProc.stdout
logger.info(f"Output: {output}")
return output
except subprocess.CalledProcessError as e:
raise Exception(f"Error:\nreturn code: {e.returncode} \nOutput: {e.output}")

91
robot/testsuites/integration/acl/acl_bearer_allow.robot
View file

@ -1,9 +1,12 @@
*** Settings *** *** Settings ***
Variables ../../../variables/common.py Variables ../../../variables/common.py
Library ../${RESOURCES}/neofs.py
Library ../${RESOURCES}/payment_neogo.py
Library Collections
Library Collections
Library neofs.py
Library acl.py
Library payment_neogo.py
Resource ../../../variables/eacl_tables.robot
Resource common_steps_acl_bearer.robot Resource common_steps_acl_bearer.robot
Resource ../${RESOURCES}/payment_operations.robot Resource ../${RESOURCES}/payment_operations.robot
Resource ../${RESOURCES}/setup_teardown.robot Resource ../${RESOURCES}/setup_teardown.robot
@ -37,52 +40,52 @@ BearerToken Operations
Check eACL Deny and Allow All Bearer Check eACL Deny and Allow All Bearer
${CID} = Create Container Public ${CID} = Create Container Public
${S_OID_USER} = Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER} ${S_OID_USER} = Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER}
${D_OID_USER} = Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER_DEL} ${D_OID_USER} = Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER_DEL}
@{S_OBJ_H} = Create List ${S_OID_USER} @{S_OBJ_H} = Create List ${S_OID_USER}
Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_OTH_HEADER} Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_OTH_HEADER}
Get object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl Get object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl
Search object ${USER_KEY} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER} ${S_OBJ_H} Search object ${USER_KEY} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER} ${S_OBJ_H}
Head object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} Head object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY}
Get Range ${USER_KEY} ${CID} ${S_OID_USER} s_get_range ${EMPTY} 0:256 Get Range ${USER_KEY} ${CID} ${S_OID_USER} s_get_range ${EMPTY} 0:256
Delete object ${USER_KEY} ${CID} ${D_OID_USER} ${EMPTY} Delete object ${USER_KEY} ${CID} ${D_OID_USER} ${EMPTY}
Set eACL ${USER_KEY} ${CID} ${EACL_DENY_ALL_USER} Set eACL ${USER_KEY} ${CID} ${EACL_DENY_ALL_USER}
# The current ACL cache lifetime is 30 sec # The current ACL cache lifetime is 30 sec
Sleep ${NEOFS_CONTRACT_CACHE_TIMEOUT} Sleep ${NEOFS_CONTRACT_CACHE_TIMEOUT}
${rule1}= Create Dictionary Operation=GET Access=ALLOW Role=USER ${rule1}= Create Dictionary Operation=GET Access=ALLOW Role=USER
${rule2}= Create Dictionary Operation=HEAD Access=ALLOW Role=USER ${rule2}= Create Dictionary Operation=HEAD Access=ALLOW Role=USER
${rule3}= Create Dictionary Operation=PUT Access=ALLOW Role=USER ${rule3}= Create Dictionary Operation=PUT Access=ALLOW Role=USER
${rule4}= Create Dictionary Operation=DELETE Access=ALLOW Role=USER ${rule4}= Create Dictionary Operation=DELETE Access=ALLOW Role=USER
${rule5}= Create Dictionary Operation=SEARCH Access=ALLOW Role=USER ${rule5}= Create Dictionary Operation=SEARCH Access=ALLOW Role=USER
${rule6}= Create Dictionary Operation=GETRANGE Access=ALLOW Role=USER ${rule6}= Create Dictionary Operation=GETRANGE Access=ALLOW Role=USER
${rule7}= Create Dictionary Operation=GETRANGEHASH Access=ALLOW Role=USER ${rule7}= Create Dictionary Operation=GETRANGEHASH Access=ALLOW Role=USER
${eACL_gen}= Create List ${rule1} ${rule2} ${rule3} ${rule4} ${rule5} ${rule6} ${rule7} ${eACL_gen}= Create List ${rule1} ${rule2} ${rule3} ${rule4} ${rule5} ${rule6} ${rule7}
Form BearerToken file ${USER_KEY} ${CID} bearer_allow_all_user ${eACL_gen} 100500 ${EACL_TOKEN} = Form BearerToken File ${USER_KEY} ${CID} ${eACL_gen}
Run Keyword And Expect Error * Run Keyword And Expect Error *
... Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER} ... Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER}
Run Keyword And Expect Error * Run Keyword And Expect Error *
... Get object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl ... Get object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl
Run Keyword And Expect Error * Run Keyword And Expect Error *
... Search object ${USER_KEY} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER} ${S_OBJ_H} ... Search object ${USER_KEY} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER} ${S_OBJ_H}
Run Keyword And Expect Error * Run Keyword And Expect Error *
... Head object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} ... Head object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY}
Run Keyword And Expect Error * Run Keyword And Expect Error *
... Get Range ${USER_KEY} ${CID} ${S_OID_USER} s_get_range ${EMPTY} 0:256 ... Get Range ${USER_KEY} ${CID} ${S_OID_USER} s_get_range ${EMPTY} 0:256
Run Keyword And Expect Error * Run Keyword And Expect Error *
... Delete object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} ... Delete object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY}
# All operations on object should be passed with bearer token # All operations on object should be passed with bearer token
Put object ${USER_KEY} ${FILE_S} ${CID} bearer_allow_all_user ${FILE_OTH_HEADER} Put object ${USER_KEY} ${FILE_S} ${CID} ${EACL_TOKEN} ${FILE_OTH_HEADER}
Get object ${USER_KEY} ${CID} ${S_OID_USER} bearer_allow_all_user local_file_eacl Get object ${USER_KEY} ${CID} ${S_OID_USER} ${EACL_TOKEN} local_file_eacl
Search object ${USER_KEY} ${CID} ${EMPTY} bearer_allow_all_user ${FILE_USR_HEADER} ${S_OBJ_H} Search object ${USER_KEY} ${CID} ${EMPTY} ${EACL_TOKEN} ${FILE_USR_HEADER} ${S_OBJ_H}
Head object ${USER_KEY} ${CID} ${S_OID_USER} bearer_allow_all_user Head object ${USER_KEY} ${CID} ${S_OID_USER} ${EACL_TOKEN}
Get Range ${USER_KEY} ${CID} ${S_OID_USER} s_get_range bearer_allow_all_user 0:256 Get Range ${USER_KEY} ${CID} ${S_OID_USER} s_get_range ${EACL_TOKEN} 0:256
Delete object ${USER_KEY} ${CID} ${S_OID_USER} bearer_allow_all_user Delete object ${USER_KEY} ${CID} ${S_OID_USER} ${EACL_TOKEN}

73
robot/testsuites/integration/acl/acl_bearer_allow_storagegroup.robot
View file

@ -1,9 +1,12 @@
*** Settings *** *** Settings ***
Variables ../../../variables/common.py Variables ../../../variables/common.py
Library ../${RESOURCES}/neofs.py
Library ../${RESOURCES}/payment_neogo.py
Library Collections Library Collections
Library acl.py
Library neofs.py
Library payment_neogo.py
Resource ../../../variables/eacl_tables.robot
Resource common_steps_acl_bearer.robot Resource common_steps_acl_bearer.robot
Resource ../${RESOURCES}/payment_operations.robot Resource ../${RESOURCES}/payment_operations.robot
Resource ../${RESOURCES}/setup_teardown.robot Resource ../${RESOURCES}/setup_teardown.robot
@ -42,43 +45,43 @@ Check eACL Deny and Allow All Bearer
# Storage group Operations (Put, List, Get, Delete) # Storage group Operations (Put, List, Get, Delete)
${SG_OID_INV} = Put Storagegroup ${USER_KEY} ${CID} ${EMPTY} ${S_OID_USER} ${SG_OID_INV} = Put Storagegroup ${USER_KEY} ${CID} ${EMPTY} ${S_OID_USER}
${SG_OID_1} = Put Storagegroup ${USER_KEY} ${CID} ${EMPTY} ${S_OID_USER} ${SG_OID_1} = Put Storagegroup ${USER_KEY} ${CID} ${EMPTY} ${S_OID_USER}
List Storagegroup ${USER_KEY} ${CID} ${EMPTY} ${SG_OID_1} ${SG_OID_INV} List Storagegroup ${USER_KEY} ${CID} ${EMPTY} ${SG_OID_1} ${SG_OID_INV}
@{EXPECTED_OIDS} = Run Keyword If "${RUN_TYPE}" == "Complex" Get Split objects ${USER_KEY} ${CID} ${S_OID_USER} @{EXPECTED_OIDS} = Run Keyword If "${RUN_TYPE}" == "Complex" Get Split objects ${USER_KEY} ${CID} ${S_OID_USER}
... ELSE IF "${RUN_TYPE}" == "Simple" Create List ${S_OID_USER} ... ELSE IF "${RUN_TYPE}" == "Simple" Create List ${S_OID_USER}
Get Storagegroup ${USER_KEY} ${CID} ${SG_OID_1} ${EMPTY} ${EMPTY} @{EXPECTED_OIDS} Get Storagegroup ${USER_KEY} ${CID} ${SG_OID_1} ${EMPTY} ${EMPTY} @{EXPECTED_OIDS}
Delete Storagegroup ${USER_KEY} ${CID} ${SG_OID_1} ${EMPTY} Delete Storagegroup ${USER_KEY} ${CID} ${SG_OID_1} ${EMPTY}
Set eACL ${USER_KEY} ${CID} ${EACL_DENY_ALL_USER} Set eACL ${USER_KEY} ${CID} ${EACL_DENY_ALL_USER}
# The current ACL cache lifetime is 30 sec # The current ACL cache lifetime is 30 sec
Sleep ${NEOFS_CONTRACT_CACHE_TIMEOUT} Sleep ${NEOFS_CONTRACT_CACHE_TIMEOUT}
${rule1}= Create Dictionary Operation=GET Access=ALLOW Role=USER ${rule1}= Create Dictionary Operation=GET Access=ALLOW Role=USER
${rule2}= Create Dictionary Operation=HEAD Access=ALLOW Role=USER ${rule2}= Create Dictionary Operation=HEAD Access=ALLOW Role=USER
${rule3}= Create Dictionary Operation=PUT Access=ALLOW Role=USER ${rule3}= Create Dictionary Operation=PUT Access=ALLOW Role=USER
${rule4}= Create Dictionary Operation=DELETE Access=ALLOW Role=USER ${rule4}= Create Dictionary Operation=DELETE Access=ALLOW Role=USER
${rule5}= Create Dictionary Operation=SEARCH Access=ALLOW Role=USER ${rule5}= Create Dictionary Operation=SEARCH Access=ALLOW Role=USER
${rule6}= Create Dictionary Operation=GETRANGE Access=ALLOW Role=USER ${rule6}= Create Dictionary Operation=GETRANGE Access=ALLOW Role=USER
${rule7}= Create Dictionary Operation=GETRANGEHASH Access=ALLOW Role=USER ${rule7}= Create Dictionary Operation=GETRANGEHASH Access=ALLOW Role=USER
${eACL_gen}= Create List ${rule1} ${rule2} ${rule3} ${rule4} ${rule5} ${rule6} ${rule7} ${eACL_gen}= Create List ${rule1} ${rule2} ${rule3} ${rule4} ${rule5} ${rule6} ${rule7}
Form BearerToken file ${USER_KEY} ${CID} bearer_allow_all_user ${eACL_gen} 100500 ${EACL_TOKEN} = Form BearerToken File ${USER_KEY} ${CID} ${eACL_gen}
# All storage groups should fail without bearer token # All storage groups should fail without bearer token
Run Keyword And Expect Error * Run Keyword And Expect Error *
... Put Storagegroup ${USER_KEY} ${CID} ${EMPTY} ${S_OID_USER} ... Put Storagegroup ${USER_KEY} ${CID} ${EMPTY} ${S_OID_USER}
Run Keyword And Expect Error * Run Keyword And Expect Error *
... List Storagegroup ${USER_KEY} ${CID} ${EMPTY} ${SG_OID_1} ${SG_OID_INV} ... List Storagegroup ${USER_KEY} ${CID} ${EMPTY} ${SG_OID_1} ${SG_OID_INV}
Run Keyword And Expect Error * Run Keyword And Expect Error *
... Get Storagegroup ${USER_KEY} ${CID} ${SG_OID_1} ${EMPTY} ${EMPTY} @{EXPECTED_OIDS} ... Get Storagegroup ${USER_KEY} ${CID} ${SG_OID_1} ${EMPTY} ${EMPTY} @{EXPECTED_OIDS}
Run Keyword And Expect Error * Run Keyword And Expect Error *
... Delete Storagegroup ${USER_KEY} ${CID} ${SG_OID_1} ${EMPTY} ... Delete Storagegroup ${USER_KEY} ${CID} ${SG_OID_1} ${EMPTY}
# Storagegroup should passed with User group key and bearer token # Storagegroup should passed with User group key and bearer token
${SG_OID_NEW} = Put Storagegroup ${USER_KEY} ${CID} bearer_allow_all_user ${S_OID_USER} ${SG_OID_NEW} = Put Storagegroup ${USER_KEY} ${CID} ${EACL_TOKEN} ${S_OID_USER}
List Storagegroup ${USER_KEY} ${CID} bearer_allow_all_user ${SG_OID_NEW} ${SG_OID_INV} List Storagegroup ${USER_KEY} ${CID} ${EACL_TOKEN} ${SG_OID_NEW} ${SG_OID_INV}
Get Storagegroup ${USER_KEY} ${CID} ${SG_OID_INV} bearer_allow_all_user ${EMPTY} @{EXPECTED_OIDS} Get Storagegroup ${USER_KEY} ${CID} ${SG_OID_INV} ${EACL_TOKEN} ${EMPTY} @{EXPECTED_OIDS}
Delete Storagegroup ${USER_KEY} ${CID} ${SG_OID_INV} bearer_allow_all_user Delete Storagegroup ${USER_KEY} ${CID} ${SG_OID_INV} ${EACL_TOKEN}

137
robot/testsuites/integration/acl/acl_bearer_compound.robot
View file

@ -1,10 +1,12 @@
*** Settings *** *** Settings ***
Variables ../../../variables/common.py Variables ../../../variables/common.py
Library ../${RESOURCES}/neofs.py
Library ../${RESOURCES}/payment_neogo.py
Library Collections Library Collections
Library acl.py
Library neofs.py
Library payment_neogo.py
Resource ../../../variables/eacl_tables.robot
Resource common_steps_acl_bearer.robot Resource common_steps_acl_bearer.robot
Resource ../${RESOURCES}/payment_operations.robot Resource ../${RESOURCES}/payment_operations.robot
Resource ../${RESOURCES}/setup_teardown.robot Resource ../${RESOURCES}/setup_teardown.robot
@ -15,7 +17,7 @@ ${SYSTEM_KEY} = ${NEOFS_IR_WIF}
*** Test cases *** *** Test cases ***
BearerToken Operations for Сompound Operations BearerToken Operations for Сompound Operations
[Documentation] Testcase to validate NeoFS operations with BearerToken for Сompound Operations. [Documentation] Testcase to validate NeoFS operations with BearerToken for Сompound Operations.
[Tags] ACL NeoFS NeoCLI BearerToken [Tags] ACL NeoFSCLI BearerToken
[Timeout] 20 min [Timeout] 20 min
[Setup] Setup [Setup] Setup
@ -28,7 +30,6 @@ BearerToken Operations for Сompound Operations
Check Сompound Operations Check Сompound Operations
Log Check Bearer token with complex object Log Check Bearer token with complex object
Generate file ${COMPLEX_OBJ_SIZE} Generate file ${COMPLEX_OBJ_SIZE}
Check Сompound Operations Check Сompound Operations
@ -38,101 +39,101 @@ BearerToken Operations for Сompound Operations
*** Keywords *** *** Keywords ***
Check Сompound Operations Check Сompound Operations
Check Bearer Сompound Get ${OTHER_KEY} OTHERS ${EACL_DENY_ALL_OTHERS} Check Bearer Сompound Get ${OTHER_KEY} OTHERS ${EACL_DENY_ALL_OTHERS}
Check Bearer Сompound Get ${USER_KEY} USER ${EACL_DENY_ALL_USER} Check Bearer Сompound Get ${USER_KEY} USER ${EACL_DENY_ALL_USER}
Check Bearer Сompound Get ${SYSTEM_KEY} SYSTEM ${EACL_DENY_ALL_SYSTEM} Check Bearer Сompound Get ${SYSTEM_KEY} SYSTEM ${EACL_DENY_ALL_SYSTEM}
Check Bearer Сompound Delete ${OTHER_KEY} OTHERS ${EACL_DENY_ALL_OTHERS} Check Bearer Сompound Delete ${OTHER_KEY} OTHERS ${EACL_DENY_ALL_OTHERS}
Check Bearer Сompound Delete ${USER_KEY} USER ${EACL_DENY_ALL_USER} Check Bearer Сompound Delete ${USER_KEY} USER ${EACL_DENY_ALL_USER}
Check Bearer Сompound Delete ${SYSTEM_KEY} SYSTEM ${EACL_DENY_ALL_SYSTEM} Check Bearer Сompound Delete ${SYSTEM_KEY} SYSTEM ${EACL_DENY_ALL_SYSTEM}
Check Bearer Сompound Get Range Hash ${OTHER_KEY} OTHERS ${EACL_DENY_ALL_OTHERS} Check Bearer Сompound Get Range Hash ${OTHER_KEY} OTHERS ${EACL_DENY_ALL_OTHERS}
Check Bearer Сompound Get Range Hash ${USER_KEY} USER ${EACL_DENY_ALL_USER} Check Bearer Сompound Get Range Hash ${USER_KEY} USER ${EACL_DENY_ALL_USER}
Check Bearer Сompound Get Range Hash ${SYSTEM_KEY} SYSTEM ${EACL_DENY_ALL_SYSTEM} Check Bearer Сompound Get Range Hash ${SYSTEM_KEY} SYSTEM ${EACL_DENY_ALL_SYSTEM}
Check Bearer Сompound Get Check Bearer Сompound Get
[Arguments] ${KEY} ${DENY_GROUP} ${DENY_EACL} [Arguments] ${KEY} ${DENY_GROUP} ${DENY_EACL}
${CID} = Create Container Public ${CID} = Create Container Public
${S_OID_USER} = Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER} ${S_OID_USER} = Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER}
@{S_OBJ_H} = Create List ${S_OID_USER} @{S_OBJ_H} = Create List ${S_OID_USER}
${S_OID_USER} = Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER} ${S_OID_USER} = Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER}
Put object ${KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_OTH_HEADER} Put object ${KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_OTH_HEADER}
Get object ${KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl Get object ${KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl
Set eACL ${USER_KEY} ${CID} ${DENY_EACL} Set eACL ${USER_KEY} ${CID} ${DENY_EACL}
# The current ACL cache lifetime is 30 sec # The current ACL cache lifetime is 30 sec
Sleep ${NEOFS_CONTRACT_CACHE_TIMEOUT} Sleep ${NEOFS_CONTRACT_CACHE_TIMEOUT}
${rule1}= Create Dictionary Operation=GET Access=ALLOW Role=${DENY_GROUP} ${rule1}= Create Dictionary Operation=GET Access=ALLOW Role=${DENY_GROUP}
${rule2}= Create Dictionary Operation=GETRANGE Access=ALLOW Role=${DENY_GROUP} ${rule2}= Create Dictionary Operation=GETRANGE Access=ALLOW Role=${DENY_GROUP}
${rule3}= Create Dictionary Operation=GETRANGEHASH Access=ALLOW Role=${DENY_GROUP} ${rule3}= Create Dictionary Operation=GETRANGEHASH Access=ALLOW Role=${DENY_GROUP}
${eACL_gen}= Create List ${rule1} ${rule2} ${rule3} ${eACL_gen}= Create List ${rule1} ${rule2} ${rule3}
Form BearerToken file ${USER_KEY} ${CID} bearer_allow ${eACL_gen} 100500 ${EACL_TOKEN} = Form BearerToken File ${USER_KEY} ${CID} ${eACL_gen}
Run Keyword And Expect Error * Run Keyword And Expect Error *
... Head object ${KEY} ${CID} ${S_OID_USER} bearer_allow ... Head object ${KEY} ${CID} ${S_OID_USER} ${EACL_TOKEN}
Get object ${KEY} ${CID} ${S_OID_USER} bearer_allow local_file_eacl Get object ${KEY} ${CID} ${S_OID_USER} ${EACL_TOKEN} local_file_eacl
Get Range ${KEY} ${CID} ${S_OID_USER} s_get_range bearer_allow 0:256 Get Range ${KEY} ${CID} ${S_OID_USER} s_get_range ${EACL_TOKEN} 0:256
Get Range Hash ${KEY} ${CID} ${S_OID_USER} bearer_allow 0:256 Get Range Hash ${KEY} ${CID} ${S_OID_USER} ${EACL_TOKEN} 0:256
Check Bearer Сompound Delete Check Bearer Сompound Delete
[Arguments] ${KEY} ${DENY_GROUP} ${DENY_EACL} [Arguments] ${KEY} ${DENY_GROUP} ${DENY_EACL}
${CID} = Create Container Public ${CID} = Create Container Public
${S_OID_USER} = Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER} ${S_OID_USER} = Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER}
${D_OID_USER} = Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${EMPTY} ${D_OID_USER} = Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${EMPTY}
Put object ${KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_OTH_HEADER} Put object ${KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_OTH_HEADER}
Delete object ${KEY} ${CID} ${D_OID_USER} ${EMPTY} Delete object ${KEY} ${CID} ${D_OID_USER} ${EMPTY}
Set eACL ${USER_KEY} ${CID} ${DENY_EACL} Set eACL ${USER_KEY} ${CID} ${DENY_EACL}
# The current ACL cache lifetime is 30 sec # The current ACL cache lifetime is 30 sec
Sleep ${NEOFS_CONTRACT_CACHE_TIMEOUT} Sleep ${NEOFS_CONTRACT_CACHE_TIMEOUT}
${rule1} = Create Dictionary Operation=DELETE Access=ALLOW Role=${DENY_GROUP} ${rule1} = Create Dictionary Operation=DELETE Access=ALLOW Role=${DENY_GROUP}
${rule2} = Create Dictionary Operation=PUT Access=DENY Role=${DENY_GROUP} ${rule2} = Create Dictionary Operation=PUT Access=DENY Role=${DENY_GROUP}
${rule3} = Create Dictionary Operation=HEAD Access=DENY Role=${DENY_GROUP} ${rule3} = Create Dictionary Operation=HEAD Access=DENY Role=${DENY_GROUP}
${eACL_gen} = Create List ${rule1} ${rule2} ${rule3} ${eACL_gen} = Create List ${rule1} ${rule2} ${rule3}
Form BearerToken file ${USER_KEY} ${CID} bearer_allow ${eACL_gen} 100500 ${EACL_TOKEN} = Form BearerToken File ${USER_KEY} ${CID} ${eACL_gen}
Run Keyword And Expect Error * Run Keyword And Expect Error *
... Head object ${KEY} ${CID} ${S_OID_USER} bearer_allow ... Head object ${KEY} ${CID} ${S_OID_USER} ${EACL_TOKEN}
Run Keyword And Expect Error * Run Keyword And Expect Error *
... Put object ${KEY} ${FILE_S} ${CID} bearer_allow ${FILE_OTH_HEADER} ... Put object ${KEY} ${FILE_S} ${CID} ${EACL_TOKEN} ${FILE_OTH_HEADER}
Delete object ${KEY} ${CID} ${S_OID_USER} bearer_allow Delete object ${KEY} ${CID} ${S_OID_USER} ${EACL_TOKEN}
Check Bearer Сompound Get Range Hash Check Bearer Сompound Get Range Hash
[Arguments] ${KEY} ${DENY_GROUP} ${DENY_EACL} [Arguments] ${KEY} ${DENY_GROUP} ${DENY_EACL}
${CID} = Create Container Public ${CID} = Create Container Public
${S_OID_USER} = Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER} ${S_OID_USER} = Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER}
Put object ${KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_OTH_HEADER} Put object ${KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_OTH_HEADER}
Get Range Hash ${SYSTEM_KEY_SN} ${CID} ${S_OID_USER} ${EMPTY} 0:256 Get Range Hash ${SYSTEM_KEY_SN} ${CID} ${S_OID_USER} ${EMPTY} 0:256
Set eACL ${USER_KEY} ${CID} ${DENY_EACL} Set eACL ${USER_KEY} ${CID} ${DENY_EACL}
# The current ACL cache lifetime is 30 sec # The current ACL cache lifetime is 30 sec
Sleep ${NEOFS_CONTRACT_CACHE_TIMEOUT} Sleep ${NEOFS_CONTRACT_CACHE_TIMEOUT}
${rule1} = Create Dictionary Operation=GETRANGEHASH Access=ALLOW Role=${DENY_GROUP} ${rule1} = Create Dictionary Operation=GETRANGEHASH Access=ALLOW Role=${DENY_GROUP}
${rule2} = Create Dictionary Operation=GETRANGE Access=DENY Role=${DENY_GROUP} ${rule2} = Create Dictionary Operation=GETRANGE Access=DENY Role=${DENY_GROUP}
${rule3} = Create Dictionary Operation=GET Access=DENY Role=${DENY_GROUP} ${rule3} = Create Dictionary Operation=GET Access=DENY Role=${DENY_GROUP}
${eACL_gen} = Create List ${rule1} ${rule2} ${rule3} ${eACL_gen} = Create List ${rule1} ${rule2} ${rule3}
Form BearerToken file ${USER_KEY} ${CID} bearer_allow ${eACL_gen} 100500 ${EACL_TOKEN} = Form BearerToken File ${USER_KEY} ${CID} ${eACL_gen}
Run Keyword And Expect Error * Run Keyword And Expect Error *
... Get Range ${KEY} ${CID} ${S_OID_USER} s_get_range bearer_allow 0:256 ... Get Range ${KEY} ${CID} ${S_OID_USER} s_get_range ${EACL_TOKEN} 0:256
Run Keyword And Expect Error * Run Keyword And Expect Error *
... Get object ${KEY} ${CID} ${S_OID_USER} bearer_allow local_file_eacl ... Get object ${KEY} ${CID} ${S_OID_USER} ${EACL_TOKEN} local_file_eacl
Get Range Hash ${KEY} ${CID} ${S_OID_USER} bearer_allow 0:256 Get Range Hash ${KEY} ${CID} ${S_OID_USER} ${EACL_TOKEN} 0:256

80
robot/testsuites/integration/acl/acl_bearer_filter_oid_equal.robot
View file

@ -1,12 +1,15 @@
*** Settings *** *** Settings ***
Variables ../../../variables/common.py Variables ../../../variables/common.py
Library ../${RESOURCES}/neofs.py
Library ../${RESOURCES}/payment_neogo.py
Library Collections Library Collections
Library neofs.py
Library acl.py
Library payment_neogo.py
Resource ../../../variables/eacl_tables.robot
Resource common_steps_acl_bearer.robot Resource common_steps_acl_bearer.robot
Resource ../${RESOURCES}/payment_operations.robot Resource payment_operations.robot
Resource ../${RESOURCES}/setup_teardown.robot Resource setup_teardown.robot
*** Test cases *** *** Test cases ***
@ -18,7 +21,6 @@ BearerToken Operations with Filter OID Equal
[Setup] Setup [Setup] Setup
Generate Keys Generate Keys
Prepare eACL Role rules
Log Check Bearer token with simple object Log Check Bearer token with simple object
Generate file ${SIMPLE_OBJ_SIZE} Generate file ${SIMPLE_OBJ_SIZE}
@ -54,43 +56,43 @@ Check eACL Deny and Allow All Bearer Filter OID Equal
# The current ACL cache lifetime is 30 sec # The current ACL cache lifetime is 30 sec
Sleep ${NEOFS_CONTRACT_CACHE_TIMEOUT} Sleep ${NEOFS_CONTRACT_CACHE_TIMEOUT}
${filters}= Create Dictionary headerType=OBJECT matchType=STRING_EQUAL key=$Object:objectID value=${S_OID_USER} ${filters}= Create Dictionary headerType=OBJECT matchType=STRING_EQUAL key=$Object:objectID value=${S_OID_USER}
${rule1}= Create Dictionary Operation=GET Access=ALLOW Role=USER Filters=${filters} ${rule1}= Create Dictionary Operation=GET Access=ALLOW Role=USER Filters=${filters}
${rule2}= Create Dictionary Operation=HEAD Access=ALLOW Role=USER Filters=${filters} ${rule2}= Create Dictionary Operation=HEAD Access=ALLOW Role=USER Filters=${filters}
${rule3}= Create Dictionary Operation=PUT Access=ALLOW Role=USER Filters=${filters} ${rule3}= Create Dictionary Operation=PUT Access=ALLOW Role=USER Filters=${filters}
${rule4}= Create Dictionary Operation=DELETE Access=ALLOW Role=USER Filters=${filters} ${rule4}= Create Dictionary Operation=DELETE Access=ALLOW Role=USER Filters=${filters}
${rule5}= Create Dictionary Operation=SEARCH Access=ALLOW Role=USER Filters=${filters} ${rule5}= Create Dictionary Operation=SEARCH Access=ALLOW Role=USER Filters=${filters}
${rule6}= Create Dictionary Operation=GETRANGE Access=ALLOW Role=USER Filters=${filters} ${rule6}= Create Dictionary Operation=GETRANGE Access=ALLOW Role=USER Filters=${filters}
${rule7}= Create Dictionary Operation=GETRANGEHASH Access=ALLOW Role=USER Filters=${filters} ${rule7}= Create Dictionary Operation=GETRANGEHASH Access=ALLOW Role=USER Filters=${filters}
${eACL_gen}= Create List ${rule1} ${rule2} ${rule3} ${rule4} ${rule5} ${rule6} ${rule7} ${eACL_gen}= Create List ${rule1} ${rule2} ${rule3} ${rule4} ${rule5} ${rule6} ${rule7}
Form BearerToken file ${USER_KEY} ${CID} bearer_allow_all_user ${eACL_gen} 100500 ${EACL_TOKEN} = Form BearerToken File ${USER_KEY} ${CID} ${eACL_gen}
Run Keyword And Expect Error * Run Keyword And Expect Error *
... Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER} ... Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER}
Run Keyword And Expect Error * Run Keyword And Expect Error *
... Get object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl ... Get object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl
Run Keyword And Expect Error * Run Keyword And Expect Error *
... Search object ${USER_KEY} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER} ${S_OBJ_H} ... Search object ${USER_KEY} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER} ${S_OBJ_H}
Run Keyword And Expect Error * Run Keyword And Expect Error *
... Head object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} ... Head object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY}
Run Keyword And Expect Error * Run Keyword And Expect Error *
... Get Range ${USER_KEY} ${CID} ${S_OID_USER} s_get_range ${EMPTY} 0:256 ... Get Range ${USER_KEY} ${CID} ${S_OID_USER} s_get_range ${EMPTY} 0:256
Run Keyword And Expect Error * Run Keyword And Expect Error *
... Delete object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} ... Delete object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY}
Run Keyword And Expect Error * Run Keyword And Expect Error *
... Search object ${USER_KEY} ${CID} ${EMPTY} bearer_allow_all_user ${FILE_USR_HEADER} ${S_OBJ_H} ... Search object ${USER_KEY} ${CID} ${EMPTY} ${EACL_TOKEN} ${FILE_USR_HEADER} ${S_OBJ_H}
Run Keyword And Expect Error * Run Keyword And Expect Error *
... Put object ${USER_KEY} ${FILE_S} ${CID} bearer_allow_all_user ${FILE_OTH_HEADER} ... Put object ${USER_KEY} ${FILE_S} ${CID} ${EACL_TOKEN} ${FILE_OTH_HEADER}
Run Keyword And Expect Error * Run Keyword And Expect Error *
... Get object ${USER_KEY} ${CID} ${S_OID_USER_2} bearer_allow_all_user local_file_eacl ... Get object ${USER_KEY} ${CID} ${S_OID_USER_2} ${EACL_TOKEN} local_file_eacl
Get object ${USER_KEY} ${CID} ${S_OID_USER} bearer_allow_all_user local_file_eacl Get object ${USER_KEY} ${CID} ${S_OID_USER} ${EACL_TOKEN} local_file_eacl
Get Range ${USER_KEY} ${CID} ${S_OID_USER} s_get_range bearer_allow_all_user 0:256 Get Range ${USER_KEY} ${CID} ${S_OID_USER} s_get_range ${EACL_TOKEN} 0:256
Head object ${USER_KEY} ${CID} ${S_OID_USER} bearer_allow_all_user Head object ${USER_KEY} ${CID} ${S_OID_USER} ${EACL_TOKEN}
Delete object ${USER_KEY} ${CID} ${S_OID_USER} bearer_allow_all_user Delete object ${USER_KEY} ${CID} ${S_OID_USER} ${EACL_TOKEN}
Run Keyword And Expect Error * Run Keyword And Expect Error *
... Delete object ${USER_KEY} ${CID} ${D_OID_USER} bearer_allow_all_user ... Delete object ${USER_KEY} ${CID} ${D_OID_USER} ${EACL_TOKEN}

128
robot/testsuites/integration/acl/acl_bearer_filter_oid_not_equal.robot
View file

@ -1,10 +1,12 @@
*** Settings *** *** Settings ***
Variables ../../../variables/common.py Variables ../../../variables/common.py
Library ../${RESOURCES}/neofs.py
Library ../${RESOURCES}/payment_neogo.py
Library Collections Library Collections
Library neofs.py
Library acl.py
Library payment_neogo.py
Resource ../../../variables/eacl_tables.robot
Resource common_steps_acl_bearer.robot Resource common_steps_acl_bearer.robot
Resource ../${RESOURCES}/payment_operations.robot Resource ../${RESOURCES}/payment_operations.robot
Resource ../${RESOURCES}/setup_teardown.robot Resource ../${RESOURCES}/setup_teardown.robot
@ -13,20 +15,18 @@ Resource ../${RESOURCES}/setup_teardown.robot
*** Test cases *** *** Test cases ***
BearerToken Operations with Filter OID NotEqual BearerToken Operations with Filter OID NotEqual
[Documentation] Testcase to validate NeoFS operations with BearerToken with Filter OID NotEqual. [Documentation] Testcase to validate NeoFS operations with BearerToken with Filter OID NotEqual.
[Tags] ACL NeoFS NeoCLI BearerToken [Tags] ACL NeoFSCLI BearerToken
[Timeout] 20 min [Timeout] 20 min
[Setup] Setup [Setup] Setup
Generate Keys Generate Keys
Prepare eACL Role rules
Log Check Bearer token with simple object Log Check Bearer token with simple object
Generate file ${SIMPLE_OBJ_SIZE} Generate file ${SIMPLE_OBJ_SIZE}
Check eACL Deny and Allow All Bearer Filter OID NotEqual Check eACL Deny and Allow All Bearer Filter OID NotEqual
Log Check Bearer token with complex object Log Check Bearer token with complex object
Generate file ${COMPLEX_OBJ_SIZE} Generate file ${COMPLEX_OBJ_SIZE}
Check eACL Deny and Allow All Bearer Filter OID NotEqual Check eACL Deny and Allow All Bearer Filter OID NotEqual
@ -36,90 +36,70 @@ BearerToken Operations with Filter OID NotEqual
*** Keywords *** *** Keywords ***
Prepare eACL Role rules
Log Set eACL for different Role cases
# eACL rules for all operations and similar permissions
@{Roles} = Create List OTHERS USER SYSTEM
FOR ${role} IN @{Roles}
${rule1} = Create Dictionary Operation=GET Access=DENY Role=${role}
${rule2} = Create Dictionary Operation=HEAD Access=DENY Role=${role}
${rule3} = Create Dictionary Operation=PUT Access=DENY Role=${role}
${rule4} = Create Dictionary Operation=DELETE Access=DENY Role=${role}
${rule5} = Create Dictionary Operation=SEARCH Access=DENY Role=${role}
${rule6} = Create Dictionary Operation=GETRANGE Access=DENY Role=${role}
${rule7} = Create Dictionary Operation=GETRANGEHASH Access=DENY Role=${role}
${eACL_gen} = Create List ${rule1} ${rule2} ${rule3} ${rule4} ${rule5} ${rule6} ${rule7}
Form eACL json common file gen_eacl_deny_all_${role} ${eACL_gen}
Set Global Variable ${EACL_DENY_ALL_${role}} gen_eacl_deny_all_${role}
END
Check eACL Deny and Allow All Bearer Filter OID NotEqual Check eACL Deny and Allow All Bearer Filter OID NotEqual
${CID} = Create Container Public ${CID} = Create Container Public
${S_OID_USER} = Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER} ${S_OID_USER} = Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER}
${S_OID_USER_2} = Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${EMPTY} ${S_OID_USER_2} = Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${EMPTY}
${D_OID_USER} = Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER_DEL} ${D_OID_USER} = Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER_DEL}
@{S_OBJ_H} = Create List ${S_OID_USER} @{S_OBJ_H} = Create List ${S_OID_USER}
Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_OTH_HEADER}
Get object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl
Search object ${USER_KEY} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER} ${S_OBJ_H}
Head object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY}
Get Range ${USER_KEY} ${CID} ${S_OID_USER} s_get_range ${EMPTY} 0:256
Delete object ${USER_KEY} ${CID} ${D_OID_USER} ${EMPTY}
Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_OTH_HEADER} Set eACL ${USER_KEY} ${CID} ${EACL_DENY_ALL_USER}
Get object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl
Search object ${USER_KEY} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER} ${S_OBJ_H}
Head object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY}
Get Range ${USER_KEY} ${CID} ${S_OID_USER} s_get_range ${EMPTY} 0:256
Delete object ${USER_KEY} ${CID} ${D_OID_USER} ${EMPTY}
Set eACL ${USER_KEY} ${CID} ${EACL_DENY_ALL_USER}
# The current ACL cache lifetime is 30 sec # The current ACL cache lifetime is 30 sec
Sleep ${NEOFS_CONTRACT_CACHE_TIMEOUT} Sleep ${NEOFS_CONTRACT_CACHE_TIMEOUT}
${filters}= Create Dictionary headerType=OBJECT matchType=STRING_NOT_EQUAL key=$Object:objectID value=${S_OID_USER_2} ${filters}= Create Dictionary headerType=OBJECT matchType=STRING_NOT_EQUAL key=$Object:objectID value=${S_OID_USER_2}
${rule1}= Create Dictionary Operation=GET Access=ALLOW Role=USER Filters=${filters} ${rule1}= Create Dictionary Operation=GET Access=ALLOW Role=USER Filters=${filters}
${rule2}= Create Dictionary Operation=HEAD Access=ALLOW Role=USER Filters=${filters} ${rule2}= Create Dictionary Operation=HEAD Access=ALLOW Role=USER Filters=${filters}
${rule3}= Create Dictionary Operation=PUT Access=ALLOW Role=USER Filters=${filters} ${rule3}= Create Dictionary Operation=PUT Access=ALLOW Role=USER Filters=${filters}
${rule4}= Create Dictionary Operation=DELETE Access=ALLOW Role=USER Filters=${filters} ${rule4}= Create Dictionary Operation=DELETE Access=ALLOW Role=USER Filters=${filters}
${rule5}= Create Dictionary Operation=SEARCH Access=ALLOW Role=USER Filters=${filters} ${rule5}= Create Dictionary Operation=SEARCH Access=ALLOW Role=USER Filters=${filters}
${rule6}= Create Dictionary Operation=GETRANGE Access=ALLOW Role=USER Filters=${filters} ${rule6}= Create Dictionary Operation=GETRANGE Access=ALLOW Role=USER Filters=${filters}
${rule7}= Create Dictionary Operation=GETRANGEHASH Access=ALLOW Role=USER Filters=${filters} ${rule7}= Create Dictionary Operation=GETRANGEHASH Access=ALLOW Role=USER Filters=${filters}
${eACL_gen}= Create List ${rule1} ${rule2} ${rule3} ${rule4} ${rule5} ${rule6} ${rule7} ${eACL_gen}= Create List ${rule1} ${rule2} ${rule3} ${rule4} ${rule5} ${rule6} ${rule7}
Form BearerToken file ${USER_KEY} ${CID} bearer_allow_all_user ${eACL_gen} 100500 ${EACL_TOKEN} = Form BearerToken File ${USER_KEY} ${CID} ${eACL_gen}
Run Keyword And Expect Error * Run Keyword And Expect Error *
... Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER} ... Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER}
Run Keyword And Expect Error * Run Keyword And Expect Error *
... Get object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl ... Get object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl
Run Keyword And Expect Error * Run Keyword And Expect Error *
... Search object ${USER_KEY} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER} ${S_OBJ_H} ... Search object ${USER_KEY} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER} ${S_OBJ_H}
Run Keyword And Expect Error * Run Keyword And Expect Error *
... Head object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} ... Head object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY}
Run Keyword And Expect Error * Run Keyword And Expect Error *
... Get Range ${USER_KEY} ${CID} ${S_OID_USER} s_get_range ${EMPTY} 0:256 ... Get Range ${USER_KEY} ${CID} ${S_OID_USER} s_get_range ${EMPTY} 0:256
Run Keyword And Expect Error * Run Keyword And Expect Error *
... Delete object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} ... Delete object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY}
Run Keyword And Expect Error *
... Search object ${USER_KEY} ${CID} ${EMPTY} bearer_allow_all_user ${FILE_USR_HEADER} ${S_OBJ_H}
Put object ${USER_KEY} ${FILE_S} ${CID} bearer_allow_all_user ${FILE_OTH_HEADER} Put object ${USER_KEY} ${FILE_S} ${CID} ${EACL_TOKEN} ${FILE_OTH_HEADER}
Get object ${USER_KEY} ${CID} ${S_OID_USER} bearer_allow_all_user local_file_eacl Get object ${USER_KEY} ${CID} ${S_OID_USER} ${EACL_TOKEN} local_file_eacl
Run Keyword And Expect Error * Run Keyword And Expect Error *
... Get object ${USER_KEY} ${CID} ${S_OID_USER_2} bearer_allow_all_user local_file_eacl ... Get object ${USER_KEY} ${CID} ${S_OID_USER_2} ${EACL_TOKEN} local_file_eacl
Get Range ${USER_KEY} ${CID} ${S_OID_USER} s_get_range bearer_allow_all_user 0:256 Get Range ${USER_KEY} ${CID} ${S_OID_USER} s_get_range ${EACL_TOKEN} 0:256
Run Keyword And Expect Error * Run Keyword And Expect Error *
... Get Range ${USER_KEY} ${CID} ${S_OID_USER_2} s_get_range bearer_allow_all_user 0:256 ... Get Range ${USER_KEY} ${CID} ${S_OID_USER_2} s_get_range ${EACL_TOKEN} 0:256
Head object ${USER_KEY} ${CID} ${S_OID_USER} bearer_allow_all_user Head object ${USER_KEY} ${CID} ${S_OID_USER} ${EACL_TOKEN}
Run Keyword And Expect Error * Run Keyword And Expect Error *
... Head object ${USER_KEY} ${CID} ${S_OID_USER_2} bearer_allow_all_user ... Head object ${USER_KEY} ${CID} ${S_OID_USER_2} ${EACL_TOKEN}
Delete object ${USER_KEY} ${CID} ${S_OID_USER} bearer_allow_all_user Run Keyword And Expect Error *
... Search object ${USER_KEY} ${CID} ${EMPTY} ${EACL_TOKEN} ${FILE_USR_HEADER} ${S_OBJ_H}
Run Keyword And Expect Error * Delete object ${USER_KEY} ${CID} ${S_OID_USER} ${EACL_TOKEN}
... Delete object ${USER_KEY} ${CID} ${D_OID_USER_2} bearer_allow_all_user
Run Keyword And Expect Error *
... Delete object ${USER_KEY} ${CID} ${D_OID_USER_2} ${EACL_TOKEN}

130
robot/testsuites/integration/acl/acl_bearer_filter_userheader_equal.robot
View file

@ -1,10 +1,12 @@
*** Settings *** *** Settings ***
Variables ../../../variables/common.py Variables ../../../variables/common.py
Library ../${RESOURCES}/neofs.py
Library ../${RESOURCES}/payment_neogo.py
Library Collections Library Collections
Library acl.py
Library neofs.py
Library payment_neogo.py
Resource ../../../variables/eacl_tables.robot
Resource common_steps_acl_bearer.robot Resource common_steps_acl_bearer.robot
Resource ../${RESOURCES}/payment_operations.robot Resource ../${RESOURCES}/payment_operations.robot
Resource ../${RESOURCES}/setup_teardown.robot Resource ../${RESOURCES}/setup_teardown.robot
@ -12,7 +14,7 @@ Resource ../${RESOURCES}/setup_teardown.robot
*** Test cases *** *** Test cases ***
BearerToken Operations with Filter UserHeader Equal BearerToken Operations with Filter UserHeader Equal
[Documentation] Testcase to validate NeoFS operations with BearerToken with Filter UserHeader Equal. [Documentation] Testcase to validate NeoFS operations with BearerToken with Filter UserHeader Equal.
[Tags] ACL NeoFS NeoCLI BearerToken [Tags] ACL NeoFSCLI BearerToken
[Timeout] 20 min [Timeout] 20 min
[Setup] Setup [Setup] Setup
@ -33,91 +35,73 @@ BearerToken Operations with Filter UserHeader Equal
*** Keywords *** *** Keywords ***
Prepare eACL Role rules
Log Set eACL for different Role cases
# eACL rules for all operations and similar permissions
@{Roles} = Create List OTHERS USER SYSTEM
FOR ${role} IN @{Roles}
${rule1} = Create Dictionary Operation=GET Access=DENY Role=${role}
${rule2} = Create Dictionary Operation=HEAD Access=DENY Role=${role}
${rule3} = Create Dictionary Operation=PUT Access=DENY Role=${role}
${rule4} = Create Dictionary Operation=DELETE Access=DENY Role=${role}
${rule5} = Create Dictionary Operation=SEARCH Access=DENY Role=${role}
${rule6} = Create Dictionary Operation=GETRANGE Access=DENY Role=${role}
${rule7} = Create Dictionary Operation=GETRANGEHASH Access=DENY Role=${role}
${eACL_gen} = Create List ${rule1} ${rule2} ${rule3} ${rule4} ${rule5} ${rule6} ${rule7}
Form eACL json common file gen_eacl_deny_all_${role} ${eACL_gen}
Set Global Variable ${EACL_DENY_ALL_${role}} gen_eacl_deny_all_${role}
END
Check eACL Deny and Allow All Bearer Filter UserHeader Equal Check eACL Deny and Allow All Bearer Filter UserHeader Equal
${CID} = Create Container Public ${CID} = Create Container Public
${S_OID_USER} = Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER} ${S_OID_USER} = Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER}
${S_OID_USER_2} = Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${EMPTY} ${S_OID_USER_2} = Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${EMPTY}
${D_OID_USER} = Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER_DEL} ${D_OID_USER} = Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER_DEL}
@{S_OBJ_H} = Create List ${S_OID_USER} @{S_OBJ_H} = Create List ${S_OID_USER}
Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_OTH_HEADER} Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_OTH_HEADER}
Get object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl Get object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl
Search object ${USER_KEY} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER} ${S_OBJ_H} Search object ${USER_KEY} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER} ${S_OBJ_H}
Head object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} Head object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY}
Get Range ${USER_KEY} ${CID} ${S_OID_USER} s_get_range ${EMPTY} 0:256 Get Range ${USER_KEY} ${CID} ${S_OID_USER} s_get_range ${EMPTY} 0:256
Delete object ${USER_KEY} ${CID} ${D_OID_USER} ${EMPTY} Delete object ${USER_KEY} ${CID} ${D_OID_USER} ${EMPTY}
Set eACL ${USER_KEY} ${CID} ${EACL_DENY_ALL_USER} Set eACL ${USER_KEY} ${CID} ${EACL_DENY_ALL_USER}
# The current ACL cache lifetime is 30 sec # The current ACL cache lifetime is 30 sec
Sleep ${NEOFS_CONTRACT_CACHE_TIMEOUT} Sleep ${NEOFS_CONTRACT_CACHE_TIMEOUT}
${filters}= Create Dictionary headerType=OBJECT matchType=STRING_EQUAL key=key2 value=abc ${filters}= Create Dictionary headerType=OBJECT matchType=STRING_EQUAL key=key2 value=abc
${rule1}= Create Dictionary Operation=GET Access=ALLOW Role=USER Filters=${filters} ${rule1}= Create Dictionary Operation=GET Access=ALLOW Role=USER Filters=${filters}
${rule2}= Create Dictionary Operation=HEAD Access=ALLOW Role=USER Filters=${filters} ${rule2}= Create Dictionary Operation=HEAD Access=ALLOW Role=USER Filters=${filters}
${rule3}= Create Dictionary Operation=PUT Access=ALLOW Role=USER Filters=${filters} ${rule3}= Create Dictionary Operation=PUT Access=ALLOW Role=USER Filters=${filters}
${rule4}= Create Dictionary Operation=DELETE Access=ALLOW Role=USER Filters=${filters} ${rule4}= Create Dictionary Operation=DELETE Access=ALLOW Role=USER Filters=${filters}
${rule5}= Create Dictionary Operation=SEARCH Access=ALLOW Role=USER Filters=${filters} ${rule5}= Create Dictionary Operation=SEARCH Access=ALLOW Role=USER Filters=${filters}
${rule6}= Create Dictionary Operation=GETRANGE Access=ALLOW Role=USER Filters=${filters} ${rule6}= Create Dictionary Operation=GETRANGE Access=ALLOW Role=USER Filters=${filters}
${rule7}= Create Dictionary Operation=GETRANGEHASH Access=ALLOW Role=USER Filters=${filters} ${rule7}= Create Dictionary Operation=GETRANGEHASH Access=ALLOW Role=USER Filters=${filters}
${eACL_gen}= Create List ${rule1} ${rule2} ${rule3} ${rule4} ${rule5} ${rule6} ${rule7} ${eACL_gen}= Create List ${rule1} ${rule2} ${rule3} ${rule4} ${rule5} ${rule6} ${rule7}
Form BearerToken file ${USER_KEY} ${CID} bearer_allow_all_user ${eACL_gen} 100500 ${EACL_TOKEN} = Form BearerToken File ${USER_KEY} ${CID} ${eACL_gen}
Run Keyword And Expect Error * Run Keyword And Expect Error *
... Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER} ... Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER}
Run Keyword And Expect Error * Run Keyword And Expect Error *
... Get object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl ... Get object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl
Run Keyword And Expect Error * Run Keyword And Expect Error *
... Search object ${USER_KEY} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER} ${S_OBJ_H} ... Search object ${USER_KEY} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER} ${S_OBJ_H}
Run Keyword And Expect Error * Run Keyword And Expect Error *
... Head object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} ... Head object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY}
Run Keyword And Expect Error * Run Keyword And Expect Error *
... Get Range ${USER_KEY} ${CID} ${S_OID_USER} s_get_range ${EMPTY} 0:256 ... Get Range ${USER_KEY} ${CID} ${S_OID_USER} s_get_range ${EMPTY} 0:256
Run Keyword And Expect Error * Run Keyword And Expect Error *
... Delete object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} ... Delete object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY}
Run Keyword And Expect Error * Run Keyword And Expect Error *
... Search object ${USER_KEY} ${CID} ${EMPTY} bearer_allow_all_user ${FILE_USR_HEADER} ${S_OBJ_H} ... Search object ${USER_KEY} ${CID} ${EMPTY} ${EACL_TOKEN} ${FILE_USR_HEADER} ${S_OBJ_H}
Run Keyword And Expect Error * Run Keyword And Expect Error *
... Put object ${USER_KEY} ${FILE_S} ${CID} bearer_allow_all_user ${FILE_OTH_HEADER} ... Put object ${USER_KEY} ${FILE_S} ${CID} ${EACL_TOKEN} ${FILE_OTH_HEADER}
Get object ${USER_KEY} ${CID} ${S_OID_USER} bearer_allow_all_user local_file_eacl Get object ${USER_KEY} ${CID} ${S_OID_USER} ${EACL_TOKEN} local_file_eacl
Run Keyword And Expect Error * Run Keyword And Expect Error *
... Get object ${USER_KEY} ${CID} ${S_OID_USER_2} bearer_allow_all_user local_file_eacl ... Get object ${USER_KEY} ${CID} ${S_OID_USER_2} ${EACL_TOKEN} local_file_eacl
Run Keyword And Expect Error * Run Keyword And Expect Error *
... Get Range ${USER_KEY} ${CID} ${S_OID_USER} s_get_range bearer_allow_all_user 0:256 ... Get Range ${USER_KEY} ${CID} ${S_OID_USER} s_get_range ${EACL_TOKEN} 0:256
Run Keyword And Expect Error * Run Keyword And Expect Error *
... Get Range Hash ${USER_KEY} ${CID} ${S_OID_USER} bearer_allow_all_user 0:256 ... Get Range Hash ${USER_KEY} ${CID} ${S_OID_USER} ${EACL_TOKEN} 0:256
Head object ${USER_KEY} ${CID} ${S_OID_USER} bearer_allow_all_user Head object ${USER_KEY} ${CID} ${S_OID_USER} ${EACL_TOKEN}
Run Keyword And Expect Error * Run Keyword And Expect Error *
... Head object ${USER_KEY} ${CID} ${S_OID_USER_2} bearer_allow_all_user ... Head object ${USER_KEY} ${CID} ${S_OID_USER_2} ${EACL_TOKEN}
# Delete can not be filtered by UserHeader. # Delete can not be filtered by UserHeader.
Run Keyword And Expect Error * Run Keyword And Expect Error *
... Delete object ${USER_KEY} ${CID} ${S_OID_USER} bearer_allow_all_user ... Delete object ${USER_KEY} ${CID} ${S_OID_USER} ${EACL_TOKEN}
Run Keyword And Expect Error * Run Keyword And Expect Error *
... Delete object ${USER_KEY} ${CID} ${S_OID_USER_2} bearer_allow_all_user ... Delete object ${USER_KEY} ${CID} ${S_OID_USER_2} ${EACL_TOKEN}

128
robot/testsuites/integration/acl/acl_bearer_filter_userheader_not_equal.robot
View file

@ -1,30 +1,31 @@
*** Settings *** *** Settings ***
Variables ../../../variables/common.py Variables ../../../variables/common.py
Library ../${RESOURCES}/neofs.py
Library ../${RESOURCES}/payment_neogo.py
Library Collections Library Collections
Library neofs.py
Library acl.py
Library payment_neogo.py
Resource common_steps_acl_bearer.robot Resource common_steps_acl_bearer.robot
Resource ../../../variables/eacl_tables.robot
Resource ../${RESOURCES}/payment_operations.robot Resource ../${RESOURCES}/payment_operations.robot
Resource ../${RESOURCES}/setup_teardown.robot Resource ../${RESOURCES}/setup_teardown.robot
*** Test cases *** *** Test cases ***
BearerToken Operations Filter UserHeader NotEqual BearerToken Operations Filter UserHeader NotEqual
[Documentation] Testcase to validate NeoFS operations with BearerToken Filter UserHeader NotEqual. [Documentation] Testcase to validate NeoFS operations with BearerToken Filter UserHeader NotEqual.
[Tags] ACL NeoFS NeoCLI BearerToken [Tags] ACL NeoFSCLI BearerToken
[Timeout] 20 min [Timeout] 20 min
[Setup] Setup [Setup] Setup
Generate Keys Generate Keys
Prepare eACL Role rules
Log Check Bearer token with simple object Log Check Bearer token with simple object
Generate file ${SIMPLE_OBJ_SIZE} Generate file ${SIMPLE_OBJ_SIZE}
Check eACL Deny and Allow All Bearer Filter UserHeader NotEqual Check eACL Deny and Allow All Bearer Filter UserHeader NotEqual
Log Check Bearer token with complex object Log Check Bearer token with complex object
Generate file ${COMPLEX_OBJ_SIZE} Generate file ${COMPLEX_OBJ_SIZE}
Check eACL Deny and Allow All Bearer Filter UserHeader NotEqual Check eACL Deny and Allow All Bearer Filter UserHeader NotEqual
@ -33,77 +34,76 @@ BearerToken Operations Filter UserHeader NotEqual
*** Keywords *** *** Keywords ***
Check eACL Deny and Allow All Bearer Filter UserHeader NotEqual Check eACL Deny and Allow All Bearer Filter UserHeader NotEqual
${CID} = Create Container Public ${CID} = Create Container Public
${S_OID_USER} = Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_OTH_HEADER} ${S_OID_USER} = Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_OTH_HEADER}
${S_OID_USER_2} = Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER} ${S_OID_USER_2} = Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER}
${D_OID_USER} = Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER_DEL} ${D_OID_USER} = Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER_DEL}
@{S_OBJ_H} = Create List ${S_OID_USER_2} @{S_OBJ_H} = Create List ${S_OID_USER_2}
Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_OTH_HEADER}
Get object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl
Search object ${USER_KEY} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER} ${S_OBJ_H}
Head object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY}
Get Range ${USER_KEY} ${CID} ${S_OID_USER} s_get_range ${EMPTY} 0:256
Delete object ${USER_KEY} ${CID} ${D_OID_USER} ${EMPTY}
Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_OTH_HEADER} Set eACL ${USER_KEY} ${CID} ${EACL_DENY_ALL_USER}
Get object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl
Search object ${USER_KEY} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER} ${S_OBJ_H}
Head object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY}
Get Range ${USER_KEY} ${CID} ${S_OID_USER} s_get_range ${EMPTY} 0:256
Delete object ${USER_KEY} ${CID} ${D_OID_USER} ${EMPTY}
Set eACL ${USER_KEY} ${CID} ${EACL_DENY_ALL_USER} # The current ACL cache lifetime is 30 sec
Sleep ${NEOFS_CONTRACT_CACHE_TIMEOUT}
# The current ACL cache lifetime is 30 sec ${filters}= Create Dictionary headerType=OBJECT matchType=STRING_NOT_EQUAL key=key2 value=abc
Sleep ${NEOFS_CONTRACT_CACHE_TIMEOUT}
${filters}= Create Dictionary headerType=OBJECT matchType=STRING_NOT_EQUAL key=key2 value=abc ${rule1}= Create Dictionary Operation=GET Access=ALLOW Role=USER Filters=${filters}
${rule2}= Create Dictionary Operation=HEAD Access=ALLOW Role=USER Filters=${filters}
${rule3}= Create Dictionary Operation=PUT Access=ALLOW Role=USER Filters=${filters}
${rule4}= Create Dictionary Operation=DELETE Access=ALLOW Role=USER Filters=${filters}
${rule5}= Create Dictionary Operation=SEARCH Access=ALLOW Role=USER Filters=${filters}
${rule6}= Create Dictionary Operation=GETRANGE Access=ALLOW Role=USER Filters=${filters}
${rule7}= Create Dictionary Operation=GETRANGEHASH Access=ALLOW Role=USER Filters=${filters}
${rule1}= Create Dictionary Operation=GET Access=ALLOW Role=USER Filters=${filters} ${eACL_gen}= Create List ${rule1} ${rule2} ${rule3} ${rule4} ${rule6} ${rule7}
${rule2}= Create Dictionary Operation=HEAD Access=ALLOW Role=USER Filters=${filters}
${rule3}= Create Dictionary Operation=PUT Access=ALLOW Role=USER Filters=${filters}
${rule4}= Create Dictionary Operation=DELETE Access=ALLOW Role=USER Filters=${filters}
${rule5}= Create Dictionary Operation=SEARCH Access=ALLOW Role=USER Filters=${filters}
${rule6}= Create Dictionary Operation=GETRANGE Access=ALLOW Role=USER Filters=${filters}
${rule7}= Create Dictionary Operation=GETRANGEHASH Access=ALLOW Role=USER Filters=${filters}
${eACL_gen}= Create List ${rule1} ${rule2} ${rule3} ${rule4} ${rule6} ${rule7} ${EACL_TOKEN} = Form BearerToken File ${USER_KEY} ${CID} ${eACL_gen}
Form BearerToken file ${USER_KEY} ${CID} bearer_allow_all_user ${eACL_gen} 100500 Run Keyword And Expect Error *
... Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER}
Run Keyword And Expect Error *
... Get object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl
Run Keyword And Expect Error *
... Search object ${USER_KEY} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER} ${S_OBJ_H}
Run Keyword And Expect Error *
... Head object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY}
Run Keyword And Expect Error *
... Get Range ${USER_KEY} ${CID} ${S_OID_USER} s_get_range ${EMPTY} 0:256
Run Keyword And Expect Error *
... Delete object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY}
Run Keyword And Expect Error * # Search can not use filter by headers
... Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER} Run Keyword And Expect Error *
Run Keyword And Expect Error * ... Search object ${USER_KEY} ${CID} ${EMPTY} ${EACL_TOKEN} ${FILE_USR_HEADER} ${S_OBJ_H}
... Get object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl
Run Keyword And Expect Error *
... Search object ${USER_KEY} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER} ${S_OBJ_H}
Run Keyword And Expect Error *
... Head object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY}
Run Keyword And Expect Error *
... Get Range ${USER_KEY} ${CID} ${S_OID_USER} s_get_range ${EMPTY} 0:256
Run Keyword And Expect Error *
... Delete object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY}
# Search can not use filter by headers # Different behaviour for big and small objects!
Run Keyword And Expect Error * # Put object ${USER_KEY} ${FILE_S} ${CID} ${EACL_TOKEN} ${FILE_OTH_HEADER}
... Search object ${USER_KEY} ${CID} ${EMPTY} bearer_allow_all_user ${FILE_USR_HEADER} ${S_OBJ_H} Run Keyword And Expect Error *
... Put object ${USER_KEY} ${FILE_S} ${CID} ${EACL_TOKEN} ${EMPTY}
# Different behaviour for big and small objects! Get object ${USER_KEY} ${CID} ${S_OID_USER} ${EACL_TOKEN} local_file_eacl
# Put object ${USER_KEY} ${FILE_S} ${CID} bearer_allow_all_user ${FILE_OTH_HEADER} Run Keyword And Expect Error *
Run Keyword And Expect Error * ... Get object ${USER_KEY} ${CID} ${S_OID_USER_2} ${EACL_TOKEN} local_file_eacl
... Put object ${USER_KEY} ${FILE_S} ${CID} bearer_allow_all_user ${EMPTY}
Get object ${USER_KEY} ${CID} ${S_OID_USER} bearer_allow_all_user local_file_eacl Run Keyword And Expect Error *
Run Keyword And Expect Error * ... Get Range ${USER_KEY} ${CID} ${S_OID_USER} s_get_range ${EACL_TOKEN} 0:256
... Get object ${USER_KEY} ${CID} ${S_OID_USER_2} bearer_allow_all_user local_file_eacl
Run Keyword And Expect Error * Run Keyword And Expect Error *
... Get Range ${USER_KEY} ${CID} ${S_OID_USER} s_get_range bearer_allow_all_user 0:256 ... Get Range Hash ${USER_KEY} ${CID} ${S_OID_USER} ${EACL_TOKEN} 0:256
Run Keyword And Expect Error * Head object ${USER_KEY} ${CID} ${S_OID_USER} ${EACL_TOKEN}
... Get Range Hash ${USER_KEY} ${CID} ${S_OID_USER} bearer_allow_all_user 0:256 Run Keyword And Expect Error *
... Head object ${USER_KEY} ${CID} ${S_OID_USER_2} ${EACL_TOKEN}
Head object ${USER_KEY} ${CID} ${S_OID_USER} bearer_allow_all_user # Delete can not be filtered by UserHeader.
Run Keyword And Expect Error * Run Keyword And Expect Error *
... Head object ${USER_KEY} ${CID} ${S_OID_USER_2} bearer_allow_all_user ... Delete object ${USER_KEY} ${CID} ${S_OID_USER} ${EACL_TOKEN}
Run Keyword And Expect Error *
# Delete can not be filtered by UserHeader. ... Delete object ${USER_KEY} ${CID} ${S_OID_USER_2} ${EACL_TOKEN}
Run Keyword And Expect Error *
... Delete object ${USER_KEY} ${CID} ${S_OID_USER} bearer_allow_all_user
Run Keyword And Expect Error *
... Delete object ${USER_KEY} ${CID} ${S_OID_USER_2} bearer_allow_all_user

54
robot/testsuites/integration/acl/acl_bearer_inaccessible.robot
View file

@ -1,10 +1,13 @@
*** Settings *** *** Settings ***
Variables ../../../variables/common.py Variables ../../../variables/common.py
Library ../${RESOURCES}/neofs.py
Library ../${RESOURCES}/payment_neogo.py
Library Collections Library Collections
Library neofs.py
Library acl.py
Library payment_neogo.py
Resource ../../../variables/eacl_tables.robot
Resource common_steps_acl_bearer.robot Resource common_steps_acl_bearer.robot
Resource ../${RESOURCES}/payment_operations.robot Resource ../${RESOURCES}/payment_operations.robot
Resource ../${RESOURCES}/setup_teardown.robot Resource ../${RESOURCES}/setup_teardown.robot
@ -12,20 +15,18 @@ Resource ../${RESOURCES}/setup_teardown.robot
*** Test cases *** *** Test cases ***
BearerToken Operations for Inaccessible Container BearerToken Operations for Inaccessible Container
[Documentation] Testcase to validate NeoFS operations with BearerToken for Inaccessible Container. [Documentation] Testcase to validate NeoFS operations with BearerToken for Inaccessible Container.
[Tags] ACL NeoFS NeoCLI BearerToken [Tags] ACL NeoFSCLI BearerToken
[Timeout] 20 min [Timeout] 20 min
[Setup] Setup [Setup] Setup
Generate Keys Generate Keys
Prepare eACL Role rules
Log Check Bearer token with simple object Log Check Bearer token with simple object
Generate file ${SIMPLE_OBJ_SIZE} Generate file ${SIMPLE_OBJ_SIZE}
Check Container Inaccessible and Allow All Bearer Check Container Inaccessible and Allow All Bearer
Log Check Bearer token with complex object Log Check Bearer token with complex object
Generate file ${COMPLEX_OBJ_SIZE} Generate file ${COMPLEX_OBJ_SIZE}
Check Container Inaccessible and Allow All Bearer Check Container Inaccessible and Allow All Bearer
@ -34,29 +35,28 @@ BearerToken Operations for Inaccessible Container
*** Keywords *** *** Keywords ***
Check Container Inaccessible and Allow All Bearer Check Container Inaccessible and Allow All Bearer
${CID} = Create Container Inaccessible ${CID} = Create Container Inaccessible
Run Keyword And Expect Error * Run Keyword And Expect Error *
... Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER} ... Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER}
Run Keyword And Expect Error * Run Keyword And Expect Error *
... Get object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl ... Get object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl
Run Keyword And Expect Error * Run Keyword And Expect Error *
... Search object ${USER_KEY} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER} ... Search object ${USER_KEY} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER}
Run Keyword And Expect Error * Run Keyword And Expect Error *
... Head object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} ... Head object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY}
Run Keyword And Expect Error * Run Keyword And Expect Error *
... Get Range ${USER_KEY} ${CID} ${S_OID_USER} s_get_range ${EMPTY} 0:256 ... Get Range ${USER_KEY} ${CID} ${S_OID_USER} s_get_range ${EMPTY} 0:256
Run Keyword And Expect Error * Run Keyword And Expect Error *
... Delete object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} ... Delete object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY}
${rule1}= Create Dictionary Operation=PUT Access=ALLOW Role=USER ${rule1} = Create Dictionary Operation=PUT Access=ALLOW Role=USER
${rule2}= Create Dictionary Operation=SEARCH Access=ALLOW Role=USER ${rule2} = Create Dictionary Operation=SEARCH Access=ALLOW Role=USER
${eACL_gen} = Create List ${rule1} ${rule2}
${eACL_gen}= Create List ${rule1} ${rule2} ${EACL_TOKEN} = Form BearerToken File ${USER_KEY} ${CID} ${eACL_gen}
Form BearerToken file ${USER_KEY} ${CID} bearer_allow_all_user ${eACL_gen} 100500 Run Keyword And Expect Error *
... Put object ${USER_KEY} ${FILE_S} ${CID} ${EACL_TOKEN} ${FILE_USR_HEADER}
Run Keyword And Expect Error * Run Keyword And Expect Error *
... Put object ${USER_KEY} ${FILE_S} ${CID} bearer_allow_all_user ${FILE_USR_HEADER} ... Search object ${USER_KEY} ${CID} ${EMPTY} ${EACL_TOKEN} ${FILE_USR_HEADER}
Run Keyword And Expect Error *
... Search object ${USER_KEY} ${CID} ${EMPTY} bearer_allow_all_user ${FILE_USR_HEADER}

60
robot/testsuites/integration/acl/acl_bearer_request_filter_xheader_deny.robot
View file

@ -1,10 +1,12 @@
*** Settings *** *** Settings ***
Variables ../../../variables/common.py Variables ../../../variables/common.py
Library ../${RESOURCES}/neofs.py
Library ../${RESOURCES}/payment_neogo.py
Library Collections Library Collections
Library neofs.py
Library acl.py
Library payment_neogo.py
Resource ../../../variables/eacl_tables.robot
Resource common_steps_acl_bearer.robot Resource common_steps_acl_bearer.robot
Resource ../${RESOURCES}/payment_operations.robot Resource ../${RESOURCES}/payment_operations.robot
Resource ../${RESOURCES}/setup_teardown.robot Resource ../${RESOURCES}/setup_teardown.robot
@ -25,7 +27,6 @@ BearerToken Operations
Check eACL Allow All Bearer Filter Requst Equal Deny Check eACL Allow All Bearer Filter Requst Equal Deny
Log Check Bearer token with complex object Log Check Bearer token with complex object
Generate file ${COMPLEX_OBJ_SIZE} Generate file ${COMPLEX_OBJ_SIZE}
Check eACL Allow All Bearer Filter Requst Equal Deny Check eACL Allow All Bearer Filter Requst Equal Deny
@ -37,10 +38,10 @@ BearerToken Operations
Check eACL Allow All Bearer Filter Requst Equal Deny Check eACL Allow All Bearer Filter Requst Equal Deny
${CID} = Create Container Public ${CID} = Create Container Public
${S_OID_USER} = Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER} ${S_OID_USER} = Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER}
${S_OID_USER_2} = Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${EMPTY} ${S_OID_USER_2} = Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${EMPTY}
${D_OID_USER} = Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER_DEL} ${D_OID_USER} = Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER_DEL}
@{S_OBJ_H} = Create List ${S_OID_USER} @{S_OBJ_H} = Create List ${S_OID_USER}
${filters}= Create Dictionary headerType=REQUEST matchType=STRING_EQUAL key=a value=256 ${filters}= Create Dictionary headerType=REQUEST matchType=STRING_EQUAL key=a value=256
@ -52,27 +53,28 @@ Check eACL Allow All Bearer Filter Requst Equal Deny
${rule6}= Create Dictionary Operation=GETRANGE Access=DENY Role=USER Filters=${filters} ${rule6}= Create Dictionary Operation=GETRANGE Access=DENY Role=USER Filters=${filters}
${rule7}= Create Dictionary Operation=GETRANGEHASH Access=DENY Role=USER Filters=${filters} ${rule7}= Create Dictionary Operation=GETRANGEHASH Access=DENY Role=USER Filters=${filters}
${eACL_gen}= Create List ${rule1} ${rule2} ${rule3} ${rule4} ${rule5} ${rule6} ${rule7} ${eACL_gen}= Create List ${rule1} ${rule2} ${rule3} ${rule4} ${rule5} ${rule6} ${rule7}
Form BearerToken file ${USER_KEY} ${CID} bearer_allow_all_user ${eACL_gen} 100500
Put object ${USER_KEY} ${FILE_S} ${CID} bearer_allow_all_user ${FILE_OTH_HEADER} ${EMPTY} --xhdr a=2 ${EACL_TOKEN} = Form BearerToken File ${USER_KEY} ${CID} ${eACL_gen}
Get object ${USER_KEY} ${CID} ${S_OID_USER} bearer_allow_all_user local_file_eacl ${EMPTY} --xhdr a=2
Search object ${USER_KEY} ${CID} ${EMPTY} bearer_allow_all_user ${FILE_USR_HEADER} ${S_OBJ_H} --xhdr a=2
Head object ${USER_KEY} ${CID} ${S_OID_USER} bearer_allow_all_user ${EMPTY} --xhdr a=2
Get Range ${USER_KEY} ${CID} ${S_OID_USER} s_get_range bearer_allow_all_user 0:256 --xhdr a=2
Get Range Hash ${USER_KEY} ${CID} ${S_OID_USER} bearer_allow_all_user 0:256 --xhdr a=2
Delete object ${USER_KEY} ${CID} ${D_OID_USER} bearer_allow_all_user --xhdr a=2
Run Keyword And Expect Error * Put object ${USER_KEY} ${FILE_S} ${CID} ${EACL_TOKEN} ${FILE_OTH_HEADER} ${EMPTY} --xhdr a=2
... Put object ${USER_KEY} ${FILE_S} ${CID} bearer_allow_all_user ${FILE_USR_HEADER} ${EMPTY} --xhdr a=256 Get object ${USER_KEY} ${CID} ${S_OID_USER} ${EACL_TOKEN} local_file_eacl ${EMPTY} --xhdr a=2
Run Keyword And Expect Error * Search object ${USER_KEY} ${CID} ${EMPTY} ${EACL_TOKEN} ${FILE_USR_HEADER} ${S_OBJ_H} --xhdr a=2
... Get object ${USER_KEY} ${CID} ${S_OID_USER} bearer_allow_all_user local_file_eacl ${EMPTY} --xhdr a=256 Head object ${USER_KEY} ${CID} ${S_OID_USER} ${EACL_TOKEN} ${EMPTY} --xhdr a=2
Run Keyword And Expect Error * Get Range ${USER_KEY} ${CID} ${S_OID_USER} s_get_range ${EACL_TOKEN} 0:256 --xhdr a=2
... Search object ${USER_KEY} ${CID} ${EMPTY} bearer_allow_all_user ${FILE_USR_HEADER} ${EMPTY} --xhdr a=256 Get Range Hash ${USER_KEY} ${CID} ${S_OID_USER} ${EACL_TOKEN} 0:256 --xhdr a=2
Run Keyword And Expect Error * Delete object ${USER_KEY} ${CID} ${D_OID_USER} ${EACL_TOKEN} --xhdr a=2
... Head object ${USER_KEY} ${CID} ${S_OID_USER} bearer_allow_all_user ${EMPTY} --xhdr a=256
Run Keyword And Expect Error * Run Keyword And Expect Error *
... Get Range ${USER_KEY} ${CID} ${S_OID_USER} s_get_range bearer_allow_all_user 0:256 --xhdr a=256 ... Put object ${USER_KEY} ${FILE_S} ${CID} ${EACL_TOKEN} ${FILE_USR_HEADER} ${EMPTY} --xhdr a=256
Run Keyword And Expect Error * Run Keyword And Expect Error *
... Get Range Hash ${USER_KEY} ${CID} ${S_OID_USER} bearer_allow_all_user 0:256 --xhdr a=256 ... Get object ${USER_KEY} ${CID} ${S_OID_USER} ${EACL_TOKEN} local_file_eacl ${EMPTY} --xhdr a=256
Run Keyword And Expect Error * Run Keyword And Expect Error *
... Delete object ${USER_KEY} ${CID} ${S_OID_USER} bearer_allow_all_user --xhdr a=256 ... Search object ${USER_KEY} ${CID} ${EMPTY} ${EACL_TOKEN} ${FILE_USR_HEADER} ${EMPTY} --xhdr a=256
Run Keyword And Expect Error *
... Head object ${USER_KEY} ${CID} ${S_OID_USER} ${EACL_TOKEN} ${EMPTY} --xhdr a=256
Run Keyword And Expect Error *
... Get Range ${USER_KEY} ${CID} ${S_OID_USER} s_get_range ${EACL_TOKEN} 0:256 --xhdr a=256
Run Keyword And Expect Error *
... Get Range Hash ${USER_KEY} ${CID} ${S_OID_USER} ${EACL_TOKEN} 0:256 --xhdr a=256
Run Keyword And Expect Error *
... Delete object ${USER_KEY} ${CID} ${S_OID_USER} ${EACL_TOKEN} --xhdr a=256

89
robot/testsuites/integration/acl/acl_bearer_request_filter_xheader_equal.robot
View file

@ -1,10 +1,12 @@
*** Settings *** *** Settings ***
Variables ../../../variables/common.py Variables ../../../variables/common.py
Library ../${RESOURCES}/neofs.py
Library ../${RESOURCES}/payment_neogo.py
Library Collections Library Collections
Library acl.py
Library neofs.py
Library payment_neogo.py
Resource ../../../variables/eacl_tables.robot
Resource common_steps_acl_bearer.robot Resource common_steps_acl_bearer.robot
Resource ../${RESOURCES}/payment_operations.robot Resource ../${RESOURCES}/payment_operations.robot
Resource ../${RESOURCES}/setup_teardown.robot Resource ../${RESOURCES}/setup_teardown.robot
@ -13,7 +15,7 @@ Resource ../${RESOURCES}/setup_teardown.robot
*** Test cases *** *** Test cases ***
BearerToken Operations with Filter Requst Equal BearerToken Operations with Filter Requst Equal
[Documentation] Testcase to validate NeoFS operations with BearerToken with Filter Requst Equal. [Documentation] Testcase to validate NeoFS operations with BearerToken with Filter Requst Equal.
[Tags] ACL NeoFS NeoCLI BearerToken [Tags] ACL NeoFSCLI BearerToken
[Timeout] 20 min [Timeout] 20 min
[Setup] Setup [Setup] Setup
@ -26,7 +28,6 @@ BearerToken Operations with Filter Requst Equal
Check eACL Deny and Allow All Bearer Filter Requst Equal Check eACL Deny and Allow All Bearer Filter Requst Equal
Log Check Bearer token with complex object Log Check Bearer token with complex object
Generate file ${COMPLEX_OBJ_SIZE} Generate file ${COMPLEX_OBJ_SIZE}
Check eACL Deny and Allow All Bearer Filter Requst Equal Check eACL Deny and Allow All Bearer Filter Requst Equal
@ -38,51 +39,51 @@ BearerToken Operations with Filter Requst Equal
Check eACL Deny and Allow All Bearer Filter Requst Equal Check eACL Deny and Allow All Bearer Filter Requst Equal
${CID} = Create Container Public ${CID} = Create Container Public
${S_OID_USER} = Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER} ${S_OID_USER} = Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER}
${S_OID_USER_2} = Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${EMPTY} ${S_OID_USER_2} = Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${EMPTY}
${D_OID_USER} = Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER_DEL} ${D_OID_USER} = Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER_DEL}
@{S_OBJ_H} = Create List ${S_OID_USER} @{S_OBJ_H} = Create List ${S_OID_USER}
Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_OTH_HEADER} Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_OTH_HEADER}
Get object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl Get object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl
Search object ${USER_KEY} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER} ${S_OBJ_H} Search object ${USER_KEY} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER} ${S_OBJ_H}
Head object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} Head object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY}
Get Range ${USER_KEY} ${CID} ${S_OID_USER} s_get_range ${EMPTY} 0:256 Get Range ${USER_KEY} ${CID} ${S_OID_USER} s_get_range ${EMPTY} 0:256
Delete object ${USER_KEY} ${CID} ${D_OID_USER} ${EMPTY} Delete object ${USER_KEY} ${CID} ${D_OID_USER} ${EMPTY}
Set eACL ${USER_KEY} ${CID} ${EACL_DENY_ALL_USER} Set eACL ${USER_KEY} ${CID} ${EACL_DENY_ALL_USER}
# The current ACL cache lifetime is 30 sec # The current ACL cache lifetime is 30 sec
Sleep ${NEOFS_CONTRACT_CACHE_TIMEOUT} Sleep ${NEOFS_CONTRACT_CACHE_TIMEOUT}
${filters}= Create Dictionary headerType=REQUEST matchType=STRING_EQUAL key=a value=256 ${filters}= Create Dictionary headerType=REQUEST matchType=STRING_EQUAL key=a value=256
${rule1}= Create Dictionary Operation=GET Access=ALLOW Role=USER Filters=${filters} ${rule1}= Create Dictionary Operation=GET Access=ALLOW Role=USER Filters=${filters}
${rule2}= Create Dictionary Operation=HEAD Access=ALLOW Role=USER Filters=${filters} ${rule2}= Create Dictionary Operation=HEAD Access=ALLOW Role=USER Filters=${filters}
${rule3}= Create Dictionary Operation=PUT Access=ALLOW Role=USER Filters=${filters} ${rule3}= Create Dictionary Operation=PUT Access=ALLOW Role=USER Filters=${filters}
${rule4}= Create Dictionary Operation=DELETE Access=ALLOW Role=USER Filters=${filters} ${rule4}= Create Dictionary Operation=DELETE Access=ALLOW Role=USER Filters=${filters}
${rule5}= Create Dictionary Operation=SEARCH Access=ALLOW Role=USER Filters=${filters} ${rule5}= Create Dictionary Operation=SEARCH Access=ALLOW Role=USER Filters=${filters}
${rule6}= Create Dictionary Operation=GETRANGE Access=ALLOW Role=USER Filters=${filters} ${rule6}= Create Dictionary Operation=GETRANGE Access=ALLOW Role=USER Filters=${filters}
${rule7}= Create Dictionary Operation=GETRANGEHASH Access=ALLOW Role=USER Filters=${filters} ${rule7}= Create Dictionary Operation=GETRANGEHASH Access=ALLOW Role=USER Filters=${filters}
${eACL_gen}= Create List ${rule1} ${rule2} ${rule3} ${rule4} ${rule5} ${rule6} ${rule7} ${eACL_gen}= Create List ${rule1} ${rule2} ${rule3} ${rule4} ${rule5} ${rule6} ${rule7}
Form BearerToken file ${USER_KEY} ${CID} bearer_allow_all_user ${eACL_gen} 100500 ${EACL_TOKEN} = Form BearerToken File ${USER_KEY} ${CID} ${eACL_gen}
Run Keyword And Expect Error * Run Keyword And Expect Error *
... Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER} ... Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER}
Run Keyword And Expect Error * Run Keyword And Expect Error *
... Get object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl ... Get object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl
Run Keyword And Expect Error * Run Keyword And Expect Error *
... Search object ${USER_KEY} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER} ${S_OBJ_H} ... Search object ${USER_KEY} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER} ${S_OBJ_H}
Run Keyword And Expect Error * Run Keyword And Expect Error *
... Head object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} ... Head object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY}
Run Keyword And Expect Error * Run Keyword And Expect Error *
... Get Range ${USER_KEY} ${CID} ${S_OID_USER} s_get_range ${EMPTY} 0:256 ... Get Range ${USER_KEY} ${CID} ${S_OID_USER} s_get_range ${EMPTY} 0:256
Run Keyword And Expect Error * Run Keyword And Expect Error *
... Delete object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} ... Delete object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY}
Put object ${USER_KEY} ${FILE_S} ${CID} bearer_allow_all_user ${FILE_USR_HEADER} ${EMPTY} --xhdr a=256 Put object ${USER_KEY} ${FILE_S} ${CID} ${EACL_TOKEN} ${FILE_USR_HEADER} ${EMPTY} --xhdr a=256
Get object ${USER_KEY} ${CID} ${S_OID_USER} bearer_allow_all_user local_file_eacl ${EMPTY} --xhdr a=256 Get object ${USER_KEY} ${CID} ${S_OID_USER} ${EACL_TOKEN} local_file_eacl ${EMPTY} --xhdr a=256
Search object ${USER_KEY} ${CID} ${EMPTY} bearer_allow_all_user ${FILE_USR_HEADER} ${EMPTY} --xhdr a=256 Search object ${USER_KEY} ${CID} ${EMPTY} ${EACL_TOKEN} ${FILE_USR_HEADER} ${EMPTY} --xhdr a=256
Head object ${USER_KEY} ${CID} ${S_OID_USER} bearer_allow_all_user ${EMPTY} --xhdr a=256 Head object ${USER_KEY} ${CID} ${S_OID_USER} ${EACL_TOKEN} ${EMPTY} --xhdr a=256
Get Range ${USER_KEY} ${CID} ${S_OID_USER} s_get_range bearer_allow_all_user 0:256 --xhdr a=256 Get Range ${USER_KEY} ${CID} ${S_OID_USER} s_get_range ${EACL_TOKEN} 0:256 --xhdr a=256
Get Range Hash ${USER_KEY} ${CID} ${S_OID_USER} bearer_allow_all_user 0:256 --xhdr a=256 Get Range Hash ${USER_KEY} ${CID} ${S_OID_USER} ${EACL_TOKEN} 0:256 --xhdr a=256
Delete object ${USER_KEY} ${CID} ${S_OID_USER} bearer_allow_all_user --xhdr a=256 Delete object ${USER_KEY} ${CID} ${S_OID_USER} ${EACL_TOKEN} --xhdr a=256

89
robot/testsuites/integration/acl/acl_bearer_request_filter_xheader_not_equal.robot
View file

@ -1,10 +1,12 @@
*** Settings *** *** Settings ***
Variables ../../../variables/common.py Variables ../../../variables/common.py
Library ../${RESOURCES}/neofs.py
Library ../${RESOURCES}/payment_neogo.py
Library Collections Library Collections
Library acl.py
Library neofs.py
Library payment_neogo.py
Resource ../../../variables/eacl_tables.robot
Resource common_steps_acl_bearer.robot Resource common_steps_acl_bearer.robot
Resource ../${RESOURCES}/payment_operations.robot Resource ../${RESOURCES}/payment_operations.robot
Resource ../${RESOURCES}/setup_teardown.robot Resource ../${RESOURCES}/setup_teardown.robot
@ -13,13 +15,12 @@ Resource ../${RESOURCES}/setup_teardown.robot
*** Test cases *** *** Test cases ***
BearerToken Operations with Filter Requst NotEqual BearerToken Operations with Filter Requst NotEqual
[Documentation] Testcase to validate NeoFS operations with BearerToken with Filter Requst NotEqual. [Documentation] Testcase to validate NeoFS operations with BearerToken with Filter Requst NotEqual.
[Tags] ACL NeoFS NeoCLI BearerToken [Tags] ACL NeoFSCLI BearerToken
[Timeout] 20 min [Timeout] 20 min
[Setup] Setup [Setup] Setup
Generate Keys Generate Keys
Prepare eACL Role rules
Log Check Bearer token with simple object Log Check Bearer token with simple object
Generate file ${SIMPLE_OBJ_SIZE} Generate file ${SIMPLE_OBJ_SIZE}
@ -36,51 +37,51 @@ BearerToken Operations with Filter Requst NotEqual
Check eACL Deny and Allow All Bearer Filter Requst NotEqual Check eACL Deny and Allow All Bearer Filter Requst NotEqual
${CID} = Create Container Public ${CID} = Create Container Public
${S_OID_USER} = Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER} ${S_OID_USER} = Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER}
${S_OID_USER_2} = Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${EMPTY} ${S_OID_USER_2} = Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${EMPTY}
${D_OID_USER} = Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER_DEL} ${D_OID_USER} = Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER_DEL}
@{S_OBJ_H} = Create List ${S_OID_USER} @{S_OBJ_H} = Create List ${S_OID_USER}
Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_OTH_HEADER} Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_OTH_HEADER}
Get object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl Get object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl
Search object ${USER_KEY} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER} ${S_OBJ_H} Search object ${USER_KEY} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER} ${S_OBJ_H}
Head object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} Head object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY}
Get Range ${USER_KEY} ${CID} ${S_OID_USER} s_get_range ${EMPTY} 0:256 Get Range ${USER_KEY} ${CID} ${S_OID_USER} s_get_range ${EMPTY} 0:256
Delete object ${USER_KEY} ${CID} ${D_OID_USER} ${EMPTY} Delete object ${USER_KEY} ${CID} ${D_OID_USER} ${EMPTY}
Set eACL ${USER_KEY} ${CID} ${EACL_DENY_ALL_USER} Set eACL ${USER_KEY} ${CID} ${EACL_DENY_ALL_USER}
# The current ACL cache lifetime is 30 sec # The current ACL cache lifetime is 30 sec
Sleep ${NEOFS_CONTRACT_CACHE_TIMEOUT} Sleep ${NEOFS_CONTRACT_CACHE_TIMEOUT}
${filters}= Create Dictionary headerType=REQUEST matchType=STRING_NOT_EQUAL key=a value=256 ${filters}= Create Dictionary headerType=REQUEST matchType=STRING_NOT_EQUAL key=a value=256
${rule1}= Create Dictionary Operation=GET Access=ALLOW Role=USER Filters=${filters} ${rule1}= Create Dictionary Operation=GET Access=ALLOW Role=USER Filters=${filters}
${rule2}= Create Dictionary Operation=HEAD Access=ALLOW Role=USER Filters=${filters} ${rule2}= Create Dictionary Operation=HEAD Access=ALLOW Role=USER Filters=${filters}
${rule3}= Create Dictionary Operation=PUT Access=ALLOW Role=USER Filters=${filters} ${rule3}= Create Dictionary Operation=PUT Access=ALLOW Role=USER Filters=${filters}
${rule4}= Create Dictionary Operation=DELETE Access=ALLOW Role=USER Filters=${filters} ${rule4}= Create Dictionary Operation=DELETE Access=ALLOW Role=USER Filters=${filters}
${rule5}= Create Dictionary Operation=SEARCH Access=ALLOW Role=USER Filters=${filters} ${rule5}= Create Dictionary Operation=SEARCH Access=ALLOW Role=USER Filters=${filters}
${rule6}= Create Dictionary Operation=GETRANGE Access=ALLOW Role=USER Filters=${filters} ${rule6}= Create Dictionary Operation=GETRANGE Access=ALLOW Role=USER Filters=${filters}
${rule7}= Create Dictionary Operation=GETRANGEHASH Access=ALLOW Role=USER Filters=${filters} ${rule7}= Create Dictionary Operation=GETRANGEHASH Access=ALLOW Role=USER Filters=${filters}
${eACL_gen}= Create List ${rule1} ${rule2} ${rule3} ${rule4} ${rule5} ${rule6} ${rule7} ${eACL_gen}= Create List ${rule1} ${rule2} ${rule3} ${rule4} ${rule5} ${rule6} ${rule7}
Form BearerToken file ${USER_KEY} ${CID} bearer_allow_all_user ${eACL_gen} 100500 ${EACL_TOKEN} = Form BearerToken File ${USER_KEY} ${CID} ${eACL_gen}
Run Keyword And Expect Error * Run Keyword And Expect Error *
... Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER} ... Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER}
Run Keyword And Expect Error * Run Keyword And Expect Error *
... Get object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl ... Get object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl
#Run Keyword And Expect Error * #Run Keyword And Expect Error *
#... Search object ${USER_KEY} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER} ${S_OBJ_H} #... Search object ${USER_KEY} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER} ${S_OBJ_H}
Run Keyword And Expect Error * Run Keyword And Expect Error *
... Head object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} ... Head object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY}
Run Keyword And Expect Error * Run Keyword And Expect Error *
... Get Range ${USER_KEY} ${CID} ${S_OID_USER} s_get_range ${EMPTY} 0:256 ... Get Range ${USER_KEY} ${CID} ${S_OID_USER} s_get_range ${EMPTY} 0:256
Run Keyword And Expect Error * Run Keyword And Expect Error *
... Delete object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} ... Delete object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY}
Put object ${USER_KEY} ${FILE_S} ${CID} bearer_allow_all_user ${FILE_USR_HEADER} ${EMPTY} --xhdr a=2 Put object ${USER_KEY} ${FILE_S} ${CID} ${EACL_TOKEN} ${FILE_USR_HEADER} ${EMPTY} --xhdr a=2
Get object ${USER_KEY} ${CID} ${S_OID_USER} bearer_allow_all_user local_file_eacl ${EMPTY} --xhdr a=2 Get object ${USER_KEY} ${CID} ${S_OID_USER} ${EACL_TOKEN} local_file_eacl ${EMPTY} --xhdr a=2
Search object ${USER_KEY} ${CID} ${EMPTY} bearer_allow_all_user ${FILE_USR_HEADER} ${EMPTY} --xhdr a=2 Search object ${USER_KEY} ${CID} ${EMPTY} ${EACL_TOKEN} ${FILE_USR_HEADER} ${EMPTY} --xhdr a=2
Head object ${USER_KEY} ${CID} ${S_OID_USER} bearer_allow_all_user ${EMPTY} --xhdr a=2 Head object ${USER_KEY} ${CID} ${S_OID_USER} ${EACL_TOKEN} ${EMPTY} --xhdr a=2
Get Range ${USER_KEY} ${CID} ${S_OID_USER} s_get_range bearer_allow_all_user 0:256 --xhdr a=2 Get Range ${USER_KEY} ${CID} ${S_OID_USER} s_get_range ${EACL_TOKEN} 0:256 --xhdr a=2
Get Range Hash ${USER_KEY} ${CID} ${S_OID_USER} bearer_allow_all_user 0:256 --xhdr a=2 Get Range Hash ${USER_KEY} ${CID} ${S_OID_USER} ${EACL_TOKEN} 0:256 --xhdr a=2
Delete object ${USER_KEY} ${CID} ${S_OID_USER} bearer_allow_all_user --xhdr a=2 Delete object ${USER_KEY} ${CID} ${S_OID_USER} ${EACL_TOKEN} --xhdr a=2

5
robot/testsuites/integration/acl/acl_extended_actions_pubkey.robot
View file

@ -1,9 +1,10 @@
*** Settings *** *** Settings ***
Variables ../../../variables/common.py Variables ../../../variables/common.py
Library ../${RESOURCES}/neofs.py
Library ../${RESOURCES}/payment_neogo.py
Library Collections Library Collections
Library acl.py
Library neofs.py
Library payment_neogo.py
Resource common_steps_acl_extended.robot Resource common_steps_acl_extended.robot
Resource ../${RESOURCES}/payment_operations.robot Resource ../${RESOURCES}/payment_operations.robot

5
robot/testsuites/integration/acl/acl_extended_filters.robot
View file

@ -1,8 +1,9 @@
*** Settings *** *** Settings ***
Variables ../../../variables/common.py Variables ../../../variables/common.py
Library ../${RESOURCES}/neofs.py Library acl.py
Library ../${RESOURCES}/payment_neogo.py Library neofs.py
Library payment_neogo.py
Library Collections Library Collections
Resource common_steps_acl_extended.robot Resource common_steps_acl_extended.robot