2021-04-26 17:48:43 +00:00
|
|
|
*** Settings ***
|
|
|
|
|
Variables ../../../variables/common.py
|
|
|
|
|
|
2021-02-08 05:05:17 +00:00
|
|
|
*** Variables ***
|
|
|
|
|
${FILE_USR_HEADER} = key1=1,key2=abc
|
|
|
|
|
${FILE_USR_HEADER_DEL} = key1=del,key2=del
|
|
|
|
|
${FILE_OTH_HEADER} = key1=oth,key2=oth
|
|
|
|
|
${RULE_FOR_ALL} = REP 2 IN X CBF 1 SELECT 4 FROM * AS X
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
*** Keywords ***
|
|
|
|
|
|
2021-06-01 12:07:31 +00:00
|
|
|
Generate eACL Keys
|
2021-02-08 05:05:17 +00:00
|
|
|
${EACL_KEY_GEN} = Form WIF from String 782676b81a35c5f07325ec523e8521ee4946b6e5d4c6cd652dd0c3ba51ce03de
|
|
|
|
|
Set Global Variable ${EACL_KEY} ${EACL_KEY_GEN}
|
2021-06-01 12:07:31 +00:00
|
|
|
Set Global Variable ${SYSTEM_KEY} ${NEOFS_IR_WIF}
|
2021-02-08 05:05:17 +00:00
|
|
|
|
|
|
|
|
Create Container Public
|
|
|
|
|
Log Create Public Container
|
|
|
|
|
${PUBLIC_CID_GEN} = Create container ${USER_KEY} 0x4FFFFFFF ${RULE_FOR_ALL}
|
|
|
|
|
[Return] ${PUBLIC_CID_GEN}
|
2021-04-26 17:48:43 +00:00
|
|
|
|
|
|
|
|
|
2021-02-08 05:05:17 +00:00
|
|
|
Generate files
|
|
|
|
|
[Arguments] ${SIZE}
|
|
|
|
|
${FILE_S_GEN_1} = Generate file of bytes ${SIZE}
|
|
|
|
|
${FILE_S_GEN_2} = Generate file of bytes ${SIZE}
|
|
|
|
|
Set Global Variable ${FILE_S} ${FILE_S_GEN_1}
|
|
|
|
|
Set Global Variable ${FILE_S_2} ${FILE_S_GEN_2}
|
2021-04-26 17:48:43 +00:00
|
|
|
|
2021-02-08 05:05:17 +00:00
|
|
|
|
|
|
|
|
Prepare eACL Role rules
|
|
|
|
|
Log Set eACL for different Role cases
|
|
|
|
|
|
|
|
|
|
# eACL rules for all operations and similar permissions
|
|
|
|
|
@{Roles} = Create List OTHERS USER SYSTEM
|
|
|
|
|
FOR ${role} IN @{Roles}
|
2021-04-26 17:48:43 +00:00
|
|
|
${rule1}= Create Dictionary Operation=GET Access=DENY Role=${role}
|
|
|
|
|
${rule2}= Create Dictionary Operation=HEAD Access=DENY Role=${role}
|
|
|
|
|
${rule3}= Create Dictionary Operation=PUT Access=DENY Role=${role}
|
|
|
|
|
${rule4}= Create Dictionary Operation=DELETE Access=DENY Role=${role}
|
2021-02-08 05:05:17 +00:00
|
|
|
${rule5}= Create Dictionary Operation=SEARCH Access=DENY Role=${role}
|
|
|
|
|
${rule6}= Create Dictionary Operation=GETRANGE Access=DENY Role=${role}
|
|
|
|
|
${rule7}= Create Dictionary Operation=GETRANGEHASH Access=DENY Role=${role}
|
|
|
|
|
|
|
|
|
|
${eACL_gen}= Create List ${rule1} ${rule2} ${rule3} ${rule4} ${rule5} ${rule6} ${rule7}
|
|
|
|
|
Form eACL json common file gen_eacl_deny_all_${role} ${eACL_gen}
|
|
|
|
|
END
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
FOR ${role} IN @{Roles}
|
2021-04-26 17:48:43 +00:00
|
|
|
${rule1}= Create Dictionary Operation=GET Access=ALLOW Role=${role}
|
|
|
|
|
${rule2}= Create Dictionary Operation=HEAD Access=ALLOW Role=${role}
|
|
|
|
|
${rule3}= Create Dictionary Operation=PUT Access=ALLOW Role=${role}
|
|
|
|
|
${rule4}= Create Dictionary Operation=DELETE Access=ALLOW Role=${role}
|
2021-02-08 05:05:17 +00:00
|
|
|
${rule5}= Create Dictionary Operation=SEARCH Access=ALLOW Role=${role}
|
|
|
|
|
${rule6}= Create Dictionary Operation=GETRANGE Access=ALLOW Role=${role}
|
|
|
|
|
${rule7}= Create Dictionary Operation=GETRANGEHASH Access=ALLOW Role=${role}
|
|
|
|
|
|
|
|
|
|
${eACL_gen}= Create List ${rule1} ${rule2} ${rule3} ${rule4} ${rule5} ${rule6} ${rule7}
|
|
|
|
|
Form eACL json common file gen_eacl_allow_all_${role} ${eACL_gen}
|
|
|
|
|
END
|
|
|
|
|
|
|
|
|
|
|
2021-04-26 17:48:43 +00:00
|
|
|
${rule1}= Create Dictionary Operation=GET Access=ALLOW Role=A9tDy6Ye+UimXCCzJrlAmRE0FDZHjf3XRyya9rELtgAA
|
|
|
|
|
${rule2}= Create Dictionary Operation=HEAD Access=ALLOW Role=A9tDy6Ye+UimXCCzJrlAmRE0FDZHjf3XRyya9rELtgAA
|
|
|
|
|
${rule3}= Create Dictionary Operation=PUT Access=ALLOW Role=A9tDy6Ye+UimXCCzJrlAmRE0FDZHjf3XRyya9rELtgAA
|
|
|
|
|
${rule4}= Create Dictionary Operation=DELETE Access=ALLOW Role=A9tDy6Ye+UimXCCzJrlAmRE0FDZHjf3XRyya9rELtgAA
|
|
|
|
|
${rule5}= Create Dictionary Operation=SEARCH Access=ALLOW Role=A9tDy6Ye+UimXCCzJrlAmRE0FDZHjf3XRyya9rELtgAA
|
|
|
|
|
${rule6}= Create Dictionary Operation=GETRANGE Access=ALLOW Role=A9tDy6Ye+UimXCCzJrlAmRE0FDZHjf3XRyya9rELtgAA
|
|
|
|
|
${rule7}= Create Dictionary Operation=GETRANGEHASH Access=ALLOW Role=A9tDy6Ye+UimXCCzJrlAmRE0FDZHjf3XRyya9rELtgAA
|
2021-02-08 05:05:17 +00:00
|
|
|
${rule8}= Create Dictionary Operation=GET Access=DENY Role=OTHERS
|
|
|
|
|
${rule9}= Create Dictionary Operation=HEAD Access=DENY Role=OTHERS
|
2021-04-26 17:48:43 +00:00
|
|
|
${rule10}= Create Dictionary Operation=PUT Access=DENY Role=OTHERS
|
|
|
|
|
${rule11}= Create Dictionary Operation=DELETE Access=DENY Role=OTHERS
|
2021-02-08 05:05:17 +00:00
|
|
|
${rule12}= Create Dictionary Operation=SEARCH Access=DENY Role=OTHERS
|
|
|
|
|
${rule13}= Create Dictionary Operation=GETRANGE Access=DENY Role=OTHERS
|
|
|
|
|
${rule14}= Create Dictionary Operation=GETRANGEHASH Access=DENY Role=OTHERS
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
${eACL_gen}= Create List ${rule1} ${rule2} ${rule3} ${rule4} ${rule5} ${rule6} ${rule7}
|
|
|
|
|
... ${rule8} ${rule9} ${rule10} ${rule11} ${rule12} ${rule13} ${rule14}
|
|
|
|
|
Form eACL json common file gen_eacl_allow_pubkey_deny_OTHERS ${eACL_gen}
|
|
|
|
|
|
|
|
|
|
Set Global Variable ${EACL_DENY_ALL_OTHER} gen_eacl_deny_all_OTHERS
|
|
|
|
|
Set Global Variable ${EACL_ALLOW_ALL_OTHER} gen_eacl_allow_all_OTHERS
|
2021-04-26 17:48:43 +00:00
|
|
|
|
2021-02-08 05:05:17 +00:00
|
|
|
Set Global Variable ${EACL_DENY_ALL_USER} gen_eacl_deny_all_USER
|
|
|
|
|
Set Global Variable ${EACL_ALLOW_ALL_USER} gen_eacl_allow_all_USER
|
|
|
|
|
|
|
|
|
|
Set Global Variable ${EACL_DENY_ALL_SYSTEM} gen_eacl_deny_all_SYSTEM
|
|
|
|
|
Set Global Variable ${EACL_ALLOW_ALL_SYSTEM} gen_eacl_allow_all_SYSTEM
|
2021-04-26 17:48:43 +00:00
|
|
|
|
2021-02-08 05:05:17 +00:00
|
|
|
Set Global Variable ${EACL_ALLOW_ALL_Pubkey} gen_eacl_allow_pubkey_deny_OTHERS
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# eACL rules for Compound operations: GET/GetRange/GetRangeHash
|
|
|
|
|
@{Roles} = Create List OTHERS USER SYSTEM
|
|
|
|
|
FOR ${role} IN @{Roles}
|
2021-04-26 17:48:43 +00:00
|
|
|
${rule1}= Create Dictionary Operation=GET Access=ALLOW Role=${role}
|
|
|
|
|
${rule2}= Create Dictionary Operation=GETRANGE Access=ALLOW Role=${role}
|
|
|
|
|
${rule3}= Create Dictionary Operation=GETRANGEHASH Access=ALLOW Role=${role}
|
2021-02-08 05:05:17 +00:00
|
|
|
${rule4}= Create Dictionary Operation=HEAD Access=DENY Role=${role}
|
|
|
|
|
${eACL_gen}= Create List ${rule1} ${rule2} ${rule3} ${rule4}
|
|
|
|
|
Form eACL json common file gen_eacl_compound_get_${role} ${eACL_gen}
|
|
|
|
|
Set Global Variable ${EACL_COMPOUND_GET_${role}} gen_eacl_compound_get_${role}
|
|
|
|
|
END
|
|
|
|
|
|
|
|
|
|
# eACL rules for Compound operations: DELETE
|
|
|
|
|
@{Roles} = Create List OTHERS USER SYSTEM
|
|
|
|
|
FOR ${role} IN @{Roles}
|
2021-04-26 17:48:43 +00:00
|
|
|
${rule1}= Create Dictionary Operation=DELETE Access=ALLOW Role=${role}
|
|
|
|
|
${rule2}= Create Dictionary Operation=PUT Access=DENY Role=${role}
|
|
|
|
|
${rule3}= Create Dictionary Operation=HEAD Access=DENY Role=${role}
|
|
|
|
|
${eACL_gen}= Create List ${rule1} ${rule2} ${rule3}
|
2021-02-08 05:05:17 +00:00
|
|
|
Form eACL json common file gen_eacl_compound_del_${role} ${eACL_gen}
|
|
|
|
|
Set Global Variable ${EACL_COMPOUND_DELETE_${role}} gen_eacl_compound_del_${role}
|
|
|
|
|
END
|
|
|
|
|
|
|
|
|
|
# eACL rules for Compound operations: GETRANGEHASH
|
|
|
|
|
@{Roles} = Create List OTHERS USER SYSTEM
|
|
|
|
|
FOR ${role} IN @{Roles}
|
2021-04-26 17:48:43 +00:00
|
|
|
${rule1}= Create Dictionary Operation=GETRANGEHASH Access=ALLOW Role=${role}
|
|
|
|
|
${rule2}= Create Dictionary Operation=GETRANGE Access=DENY Role=${role}
|
|
|
|
|
${rule3}= Create Dictionary Operation=GET Access=DENY Role=${role}
|
|
|
|
|
${eACL_gen}= Create List ${rule1} ${rule2} ${rule3}
|
2021-02-08 05:05:17 +00:00
|
|
|
Form eACL json common file gen_eacl_compound_get_hash_${role} ${eACL_gen}
|
|
|
|
|
Set Global Variable ${EACL_COMPOUND_GET_HASH_${role}} gen_eacl_compound_get_hash_${role}
|
|
|
|
|
END
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# eACL for X-Header Other DENY and ALLOW for all
|
|
|
|
|
${filters}= Create Dictionary headerType=REQUEST matchType=STRING_EQUAL key=a value=2
|
|
|
|
|
|
|
|
|
|
${rule1}= Create Dictionary Operation=GET Access=DENY Role=OTHERS Filters=${filters}
|
|
|
|
|
${rule2}= Create Dictionary Operation=HEAD Access=DENY Role=OTHERS Filters=${filters}
|
|
|
|
|
${rule3}= Create Dictionary Operation=PUT Access=DENY Role=OTHERS Filters=${filters}
|
|
|
|
|
${rule4}= Create Dictionary Operation=DELETE Access=DENY Role=OTHERS Filters=${filters}
|
|
|
|
|
${rule5}= Create Dictionary Operation=SEARCH Access=DENY Role=OTHERS Filters=${filters}
|
|
|
|
|
${rule6}= Create Dictionary Operation=GETRANGE Access=DENY Role=OTHERS Filters=${filters}
|
|
|
|
|
${rule7}= Create Dictionary Operation=GETRANGEHASH Access=DENY Role=OTHERS Filters=${filters}
|
|
|
|
|
${eACL_gen}= Create List ${rule1} ${rule2} ${rule3} ${rule4} ${rule5} ${rule6} ${rule7}
|
|
|
|
|
Form eACL json common file gen_eacl_xheader_deny_all ${eACL_gen}
|
|
|
|
|
Set Global Variable ${EACL_XHEADER_DENY_ALL} gen_eacl_xheader_deny_all
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# eACL for X-Header Other ALLOW and DENY for all
|
|
|
|
|
${filters}= Create Dictionary headerType=REQUEST matchType=STRING_EQUAL key=a value=2
|
|
|
|
|
|
|
|
|
|
${rule1}= Create Dictionary Operation=GET Access=ALLOW Role=OTHERS Filters=${filters}
|
|
|
|
|
${rule2}= Create Dictionary Operation=HEAD Access=ALLOW Role=OTHERS Filters=${filters}
|
|
|
|
|
${rule3}= Create Dictionary Operation=PUT Access=ALLOW Role=OTHERS Filters=${filters}
|
|
|
|
|
${rule4}= Create Dictionary Operation=DELETE Access=ALLOW Role=OTHERS Filters=${filters}
|
|
|
|
|
${rule5}= Create Dictionary Operation=SEARCH Access=ALLOW Role=OTHERS Filters=${filters}
|
|
|
|
|
${rule6}= Create Dictionary Operation=GETRANGE Access=ALLOW Role=OTHERS Filters=${filters}
|
|
|
|
|
${rule7}= Create Dictionary Operation=GETRANGEHASH Access=ALLOW Role=OTHERS Filters=${filters}
|
2021-04-26 17:48:43 +00:00
|
|
|
${rule8}= Create Dictionary Operation=GET Access=DENY Role=OTHERS
|
|
|
|
|
${rule9}= Create Dictionary Operation=HEAD Access=DENY Role=OTHERS
|
|
|
|
|
${rule10}= Create Dictionary Operation=PUT Access=DENY Role=OTHERS
|
|
|
|
|
${rule11}= Create Dictionary Operation=DELETE Access=DENY Role=OTHERS
|
|
|
|
|
${rule12}= Create Dictionary Operation=SEARCH Access=DENY Role=OTHERS
|
|
|
|
|
${rule13}= Create Dictionary Operation=GETRANGE Access=DENY Role=OTHERS
|
|
|
|
|
${rule14}= Create Dictionary Operation=GETRANGEHASH Access=DENY Role=OTHERS
|
2021-02-08 05:05:17 +00:00
|
|
|
${eACL_gen}= Create List ${rule1} ${rule2} ${rule3} ${rule4} ${rule5} ${rule6} ${rule7}
|
|
|
|
|
... ${rule8} ${rule9} ${rule10} ${rule11} ${rule12} ${rule13} ${rule14}
|
|
|
|
|
Form eACL json common file gen_eacl_xheader_allow_all ${eACL_gen}
|
|
|
|
|
Set Global Variable ${EACL_XHEADER_ALLOW_ALL} gen_eacl_xheader_allow_all
|
2021-04-02 14:29:41 +00:00
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Check eACL Deny and Allow All
|
|
|
|
|
[Arguments] ${KEY} ${DENY_EACL} ${ALLOW_EACL}
|
|
|
|
|
|
|
|
|
|
${CID} = Create Container Public
|
2021-04-26 17:48:43 +00:00
|
|
|
${S_OID_USER} = Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER}
|
|
|
|
|
${D_OID_USER} = Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER_DEL}
|
2021-04-02 14:29:41 +00:00
|
|
|
@{S_OBJ_H} = Create List ${S_OID_USER}
|
|
|
|
|
|
2021-04-26 17:48:43 +00:00
|
|
|
Put object ${KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_OTH_HEADER}
|
|
|
|
|
|
2021-04-02 14:29:41 +00:00
|
|
|
Get object ${KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl
|
2021-04-26 17:48:43 +00:00
|
|
|
Search object ${KEY} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER} ${S_OBJ_H}
|
|
|
|
|
Head object ${KEY} ${CID} ${S_OID_USER} ${EMPTY}
|
|
|
|
|
|
2021-04-02 14:29:41 +00:00
|
|
|
Get Range ${KEY} ${CID} ${S_OID_USER} s_get_range ${EMPTY} 0:256
|
|
|
|
|
Get Range Hash ${KEY} ${CID} ${S_OID_USER} ${EMPTY} 0:256
|
|
|
|
|
Delete object ${KEY} ${CID} ${D_OID_USER} ${EMPTY}
|
|
|
|
|
|
|
|
|
|
Set eACL ${USER_KEY} ${CID} ${DENY_EACL} --await
|
|
|
|
|
|
|
|
|
|
# The current ACL cache lifetime is 30 sec
|
|
|
|
|
Sleep ${NEOFS_CONTRACT_CACHE_TIMEOUT}
|
|
|
|
|
|
|
|
|
|
Run Keyword And Expect Error *
|
2021-04-26 17:48:43 +00:00
|
|
|
... Put object ${KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER}
|
2021-04-02 14:29:41 +00:00
|
|
|
Run Keyword And Expect Error *
|
|
|
|
|
... Get object ${KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl
|
|
|
|
|
Run Keyword And Expect Error *
|
2021-04-26 17:48:43 +00:00
|
|
|
... Search object ${KEY} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER} ${S_OBJ_H}
|
2021-04-02 14:29:41 +00:00
|
|
|
Run Keyword And Expect Error *
|
2021-04-26 17:48:43 +00:00
|
|
|
... Head object ${KEY} ${CID} ${S_OID_USER} ${EMPTY}
|
2021-04-02 14:29:41 +00:00
|
|
|
Run Keyword And Expect Error *
|
|
|
|
|
... Get Range ${KEY} ${CID} ${S_OID_USER} s_get_range ${EMPTY} 0:256
|
|
|
|
|
Run Keyword And Expect Error *
|
|
|
|
|
... Get Range Hash ${KEY} ${CID} ${S_OID_USER} ${EMPTY} 0:256
|
|
|
|
|
Run Keyword And Expect Error *
|
|
|
|
|
... Delete object ${KEY} ${CID} ${S_OID_USER} ${EMPTY}
|
|
|
|
|
|
|
|
|
|
Set eACL ${USER_KEY} ${CID} ${ALLOW_EACL} --await
|
|
|
|
|
|
|
|
|
|
# The current ACL cache lifetime is 30 sec
|
|
|
|
|
Sleep ${NEOFS_CONTRACT_CACHE_TIMEOUT}
|
2021-04-26 17:48:43 +00:00
|
|
|
|
|
|
|
|
Put object ${KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_OTH_HEADER}
|
2021-04-02 14:29:41 +00:00
|
|
|
Get object ${KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl
|
2021-04-26 17:48:43 +00:00
|
|
|
Search object ${KEY} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER} ${S_OBJ_H}
|
|
|
|
|
Head object ${KEY} ${CID} ${S_OID_USER} ${EMPTY}
|
2021-04-02 14:29:41 +00:00
|
|
|
Get Range ${KEY} ${CID} ${S_OID_USER} s_get_range ${EMPTY} 0:256
|
|
|
|
|
Get Range Hash ${KEY} ${CID} ${S_OID_USER} ${EMPTY} 0:256
|
|
|
|
|
Delete object ${KEY} ${CID} ${S_OID_USER} ${EMPTY}
|
|
|
|
|
|
