forked from TrueCloudLab/frostfs-testcases
[#271] Migrate eACL tests to APE
Signed-off-by: a.berezin <a.berezin@yadro.com>
This commit is contained in:
parent
6e4c3c33a5
commit
fe17f2236b
20 changed files with 1133 additions and 1946 deletions
|
|
@ -1,8 +1,9 @@
|
|||
from typing import List, Optional
|
||||
import functools
|
||||
from typing import Optional
|
||||
|
||||
from frostfs_testlib.shell import Shell
|
||||
from frostfs_testlib.storage.cluster import Cluster
|
||||
from frostfs_testlib.storage.dataclasses.acl import EACLOperation
|
||||
from frostfs_testlib.storage.dataclasses import ape
|
||||
from frostfs_testlib.storage.dataclasses.wallet import WalletInfo
|
||||
|
||||
from pytest_tests.helpers.object_access import (
|
||||
|
|
@ -15,8 +16,15 @@ from pytest_tests.helpers.object_access import (
|
|||
can_search_object,
|
||||
)
|
||||
|
||||
ALL_OBJECT_OPERATIONS = ape.ObjectOperations.get_all()
|
||||
|
||||
def check_full_access_to_container(
|
||||
FULL_ACCESS = {op: True for op in ALL_OBJECT_OPERATIONS}
|
||||
NO_ACCESS = {op: False for op in ALL_OBJECT_OPERATIONS}
|
||||
RO_ACCESS = {op: True if op not in [ape.ObjectOperations.PUT, ape.ObjectOperations.DELETE] else False for op in ALL_OBJECT_OPERATIONS}
|
||||
|
||||
|
||||
def assert_access_to_container(
|
||||
access_matrix: dict[ape.ObjectOperations, bool],
|
||||
wallet: WalletInfo,
|
||||
cid: str,
|
||||
oid: str,
|
||||
|
|
@ -27,95 +35,23 @@ def check_full_access_to_container(
|
|||
xhdr: Optional[dict] = None,
|
||||
):
|
||||
endpoint = cluster.default_rpc_endpoint
|
||||
assert can_put_object(wallet, cid, file_name, shell, cluster, bearer, xhdr)
|
||||
assert can_get_head_object(wallet, cid, oid, shell, endpoint, bearer, xhdr)
|
||||
assert can_get_range_of_object(wallet, cid, oid, shell, endpoint, bearer, xhdr)
|
||||
assert can_get_range_hash_of_object(wallet, cid, oid, shell, endpoint, bearer, xhdr)
|
||||
assert can_search_object(wallet, cid, shell, endpoint, oid, bearer, xhdr)
|
||||
assert can_get_object(wallet, cid, oid, file_name, shell, cluster, bearer, xhdr)
|
||||
assert can_delete_object(wallet, cid, oid, shell, endpoint, bearer, xhdr)
|
||||
results: dict = {}
|
||||
|
||||
|
||||
def check_no_access_to_container(
|
||||
wallet: WalletInfo,
|
||||
cid: str,
|
||||
oid: str,
|
||||
file_name: str,
|
||||
shell: Shell,
|
||||
cluster: Cluster,
|
||||
bearer: Optional[str] = None,
|
||||
xhdr: Optional[dict] = None,
|
||||
):
|
||||
endpoint = cluster.default_rpc_endpoint
|
||||
assert not can_put_object(wallet, cid, file_name, shell, cluster, bearer, xhdr)
|
||||
assert not can_get_head_object(wallet, cid, oid, shell, endpoint, bearer, xhdr)
|
||||
assert not can_get_range_of_object(wallet, cid, oid, shell, endpoint, bearer, xhdr)
|
||||
assert not can_get_range_hash_of_object(wallet, cid, oid, shell, endpoint, bearer, xhdr)
|
||||
assert not can_search_object(wallet, cid, shell, endpoint, oid, bearer, xhdr)
|
||||
assert not can_get_object(wallet, cid, oid, file_name, shell, cluster, bearer, xhdr)
|
||||
assert not can_delete_object(wallet, cid, oid, shell, endpoint, bearer, xhdr)
|
||||
|
||||
|
||||
def check_custom_access_to_container(
|
||||
wallet: WalletInfo,
|
||||
cid: str,
|
||||
oid: str,
|
||||
file_name: str,
|
||||
shell: Shell,
|
||||
cluster: Cluster,
|
||||
deny_operations: Optional[List[EACLOperation]] = None,
|
||||
ignore_operations: Optional[List[EACLOperation]] = None,
|
||||
bearer: Optional[str] = None,
|
||||
xhdr: Optional[dict] = None,
|
||||
):
|
||||
endpoint = cluster.default_rpc_endpoint
|
||||
deny_operations = [op.value for op in deny_operations or []]
|
||||
ignore_operations = [op.value for op in ignore_operations or []]
|
||||
checks: dict = {}
|
||||
if EACLOperation.PUT.value not in ignore_operations:
|
||||
checks[EACLOperation.PUT.value] = can_put_object(wallet, cid, file_name, shell, cluster, bearer, xhdr)
|
||||
if EACLOperation.HEAD.value not in ignore_operations:
|
||||
checks[EACLOperation.HEAD.value] = can_get_head_object(wallet, cid, oid, shell, endpoint, bearer, xhdr)
|
||||
if EACLOperation.GET_RANGE.value not in ignore_operations:
|
||||
checks[EACLOperation.GET_RANGE.value] = can_get_range_of_object(wallet, cid, oid, shell, endpoint, bearer, xhdr)
|
||||
if EACLOperation.GET_RANGE_HASH.value not in ignore_operations:
|
||||
checks[EACLOperation.GET_RANGE_HASH.value] = can_get_range_hash_of_object(
|
||||
wallet, cid, oid, shell, endpoint, bearer, xhdr
|
||||
)
|
||||
if EACLOperation.SEARCH.value not in ignore_operations:
|
||||
checks[EACLOperation.SEARCH.value] = can_search_object(wallet, cid, shell, endpoint, oid, bearer, xhdr)
|
||||
if EACLOperation.GET.value not in ignore_operations:
|
||||
checks[EACLOperation.GET.value] = can_get_object(wallet, cid, oid, file_name, shell, cluster, bearer, xhdr)
|
||||
if EACLOperation.DELETE.value not in ignore_operations:
|
||||
checks[EACLOperation.DELETE.value] = can_delete_object(wallet, cid, oid, shell, endpoint, bearer, xhdr)
|
||||
results[ape.ObjectOperations.PUT] = can_put_object(wallet, cid, file_name, shell, cluster, bearer, xhdr)
|
||||
results[ape.ObjectOperations.HEAD] = can_get_head_object(wallet, cid, oid, shell, endpoint, bearer, xhdr)
|
||||
results[ape.ObjectOperations.GET_RANGE] = can_get_range_of_object(wallet, cid, oid, shell, endpoint, bearer, xhdr)
|
||||
results[ape.ObjectOperations.GET_RANGE_HASH] = can_get_range_hash_of_object(wallet, cid, oid, shell, endpoint, bearer, xhdr)
|
||||
results[ape.ObjectOperations.SEARCH] = can_search_object(wallet, cid, shell, endpoint, oid, bearer, xhdr)
|
||||
results[ape.ObjectOperations.GET] = can_get_object(wallet, cid, oid, file_name, shell, cluster, bearer, xhdr)
|
||||
results[ape.ObjectOperations.DELETE] = can_delete_object(wallet, cid, oid, shell, endpoint, bearer, xhdr)
|
||||
|
||||
failed_checks = [
|
||||
f"allowed {action} failed"
|
||||
for action, success in checks.items()
|
||||
if not success and action not in deny_operations
|
||||
] + [f"denied {action} succeeded" for action, success in checks.items() if success and action in deny_operations]
|
||||
f"allowed {action} failed" for action, success in results.items() if not success and access_matrix[action] != results[action]
|
||||
] + [f"denied {action} succeeded" for action, success in results.items() if success and access_matrix[action] != results[action]]
|
||||
|
||||
assert not failed_checks, ", ".join(failed_checks)
|
||||
|
||||
|
||||
def check_read_only_container(
|
||||
wallet: WalletInfo,
|
||||
cid: str,
|
||||
oid: str,
|
||||
file_name: str,
|
||||
shell: Shell,
|
||||
cluster: Cluster,
|
||||
bearer: Optional[str] = None,
|
||||
xhdr: Optional[dict] = None,
|
||||
):
|
||||
return check_custom_access_to_container(
|
||||
wallet,
|
||||
cid,
|
||||
oid,
|
||||
file_name,
|
||||
deny_operations=[EACLOperation.PUT, EACLOperation.DELETE],
|
||||
bearer=bearer,
|
||||
xhdr=xhdr,
|
||||
shell=shell,
|
||||
cluster=cluster,
|
||||
)
|
||||
assert_full_access_to_container = functools.partial(assert_access_to_container, FULL_ACCESS)
|
||||
assert_no_access_to_container = functools.partial(assert_access_to_container, NO_ACCESS)
|
||||
assert_read_only_container = functools.partial(assert_access_to_container, RO_ACCESS)
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue