2022-05-27 14:42:42 +00:00
|
|
|
import base64
|
|
|
|
import json
|
2022-09-20 15:03:52 +00:00
|
|
|
import logging
|
2022-05-27 14:42:42 +00:00
|
|
|
import os
|
|
|
|
import uuid
|
2022-11-10 14:56:25 +00:00
|
|
|
from dataclasses import dataclass
|
2022-11-30 08:26:38 +00:00
|
|
|
from enum import Enum
|
|
|
|
from typing import Any, Optional
|
2022-05-27 14:42:42 +00:00
|
|
|
|
2022-09-20 15:03:52 +00:00
|
|
|
import allure
|
2023-01-09 12:46:03 +00:00
|
|
|
from frostfs_testlib.cli import FrostfsCli
|
|
|
|
from frostfs_testlib.shell import Shell
|
2023-02-19 23:58:07 +00:00
|
|
|
from frostfs_testlib.utils import json_utils, wallet_utils
|
2023-02-27 16:54:27 +00:00
|
|
|
|
|
|
|
from pytest_tests.helpers.storage_object_info import StorageObjectInfo
|
|
|
|
from pytest_tests.helpers.wallet import WalletFile
|
|
|
|
from pytest_tests.resources.common import ASSETS_DIR, FROSTFS_CLI_EXEC, WALLET_CONFIG
|
2022-06-09 13:08:11 +00:00
|
|
|
|
2022-09-20 15:03:52 +00:00
|
|
|
logger = logging.getLogger("NeoLogger")
|
2022-05-27 14:42:42 +00:00
|
|
|
|
2022-11-10 14:56:25 +00:00
|
|
|
UNRELATED_KEY = "unrelated key in the session"
|
|
|
|
UNRELATED_OBJECT = "unrelated object in the session"
|
|
|
|
UNRELATED_CONTAINER = "unrelated container in the session"
|
|
|
|
WRONG_VERB = "wrong verb of the session"
|
|
|
|
INVALID_SIGNATURE = "invalid signature of the session data"
|
|
|
|
|
|
|
|
|
2022-11-30 08:26:38 +00:00
|
|
|
class ObjectVerb(Enum):
|
|
|
|
PUT = "PUT"
|
|
|
|
DELETE = "DELETE"
|
|
|
|
GET = "GET"
|
|
|
|
RANGEHASH = "RANGEHASH"
|
|
|
|
RANGE = "RANGE"
|
|
|
|
HEAD = "HEAD"
|
|
|
|
SEARCH = "SEARCH"
|
|
|
|
|
|
|
|
|
|
|
|
class ContainerVerb(Enum):
|
|
|
|
CREATE = "PUT"
|
|
|
|
DELETE = "DELETE"
|
|
|
|
SETEACL = "SETEACL"
|
|
|
|
|
|
|
|
|
2022-11-10 14:56:25 +00:00
|
|
|
@dataclass
|
|
|
|
class Lifetime:
|
|
|
|
exp: int = 100000000
|
|
|
|
nbf: int = 0
|
|
|
|
iat: int = 0
|
|
|
|
|
2022-05-27 14:42:42 +00:00
|
|
|
|
2022-09-20 15:03:52 +00:00
|
|
|
@allure.step("Generate Session Token")
|
2022-11-30 08:26:38 +00:00
|
|
|
def generate_session_token(
|
|
|
|
owner_wallet: WalletFile,
|
|
|
|
session_wallet: WalletFile,
|
|
|
|
session: dict[str, dict[str, Any]],
|
|
|
|
tokens_dir: str,
|
|
|
|
lifetime: Optional[Lifetime] = None,
|
|
|
|
) -> str:
|
2022-05-27 14:42:42 +00:00
|
|
|
"""
|
2022-11-30 08:26:38 +00:00
|
|
|
This function generates session token and writes it to the file.
|
2022-09-05 09:35:46 +00:00
|
|
|
Args:
|
2022-11-30 08:26:38 +00:00
|
|
|
owner_wallet: wallet of container owner
|
|
|
|
session_wallet: wallet to which we grant the access via session token
|
|
|
|
session: Contains allowed operation with parameters
|
|
|
|
tokens_dir: Dir for token
|
|
|
|
lifetime: lifetime options for session
|
2022-09-05 09:35:46 +00:00
|
|
|
Returns:
|
2022-11-30 08:26:38 +00:00
|
|
|
The path to the generated session token file
|
2022-05-27 14:42:42 +00:00
|
|
|
"""
|
2022-11-30 08:26:38 +00:00
|
|
|
|
|
|
|
file_path = os.path.join(tokens_dir, str(uuid.uuid4()))
|
|
|
|
|
2023-02-19 23:58:07 +00:00
|
|
|
pub_key_64 = wallet_utils.get_wallet_public_key(
|
|
|
|
session_wallet.path, session_wallet.password, "base64"
|
|
|
|
)
|
2022-11-30 08:26:38 +00:00
|
|
|
|
|
|
|
lifetime = lifetime or Lifetime()
|
2022-05-27 14:42:42 +00:00
|
|
|
|
|
|
|
session_token = {
|
2022-06-09 13:08:11 +00:00
|
|
|
"body": {
|
|
|
|
"id": f"{base64.b64encode(uuid.uuid4().bytes).decode('utf-8')}",
|
2023-02-19 23:58:07 +00:00
|
|
|
"ownerID": {"value": f"{json_utils.encode_for_json(owner_wallet.get_address())}"},
|
2022-11-30 08:26:38 +00:00
|
|
|
"lifetime": {
|
|
|
|
"exp": f"{lifetime.exp}",
|
|
|
|
"nbf": f"{lifetime.nbf}",
|
|
|
|
"iat": f"{lifetime.iat}",
|
2022-11-10 14:56:25 +00:00
|
|
|
},
|
2022-11-30 08:26:38 +00:00
|
|
|
"sessionKey": pub_key_64,
|
2022-11-10 14:56:25 +00:00
|
|
|
}
|
|
|
|
}
|
2022-11-30 08:26:38 +00:00
|
|
|
session_token["body"].update(session)
|
2022-11-10 14:56:25 +00:00
|
|
|
|
|
|
|
logger.info(f"Got this Session Token: {session_token}")
|
|
|
|
with open(file_path, "w", encoding="utf-8") as session_token_file:
|
|
|
|
json.dump(session_token, session_token_file, ensure_ascii=False, indent=4)
|
|
|
|
|
|
|
|
return file_path
|
|
|
|
|
|
|
|
|
2022-11-30 08:26:38 +00:00
|
|
|
@allure.step("Generate Session Token For Container")
|
|
|
|
def generate_container_session_token(
|
|
|
|
owner_wallet: WalletFile,
|
|
|
|
session_wallet: WalletFile,
|
|
|
|
verb: ContainerVerb,
|
|
|
|
tokens_dir: str,
|
|
|
|
lifetime: Optional[Lifetime] = None,
|
|
|
|
cid: Optional[str] = None,
|
|
|
|
) -> str:
|
|
|
|
"""
|
|
|
|
This function generates session token for ContainerSessionContext
|
|
|
|
and writes it to the file. It is able to prepare session token file
|
|
|
|
for a specific container (<cid>) or for every container (adds
|
|
|
|
"wildcard" field).
|
|
|
|
Args:
|
|
|
|
owner_wallet: wallet of container owner.
|
|
|
|
session_wallet: wallet to which we grant the access via session token.
|
|
|
|
verb: verb to grant access to.
|
|
|
|
lifetime: lifetime options for session.
|
|
|
|
cid: container ID of the container
|
|
|
|
Returns:
|
|
|
|
The path to the generated session token file
|
|
|
|
"""
|
|
|
|
session = {
|
|
|
|
"container": {
|
|
|
|
"verb": verb.value,
|
2022-12-16 11:20:43 +00:00
|
|
|
"wildcard": cid is None,
|
2023-02-19 23:58:07 +00:00
|
|
|
**(
|
|
|
|
{"containerID": {"value": f"{json_utils.encode_for_json(cid)}"}}
|
|
|
|
if cid is not None
|
|
|
|
else {}
|
|
|
|
),
|
2022-11-30 08:26:38 +00:00
|
|
|
},
|
|
|
|
}
|
|
|
|
|
|
|
|
return generate_session_token(
|
|
|
|
owner_wallet=owner_wallet,
|
|
|
|
session_wallet=session_wallet,
|
|
|
|
session=session,
|
|
|
|
tokens_dir=tokens_dir,
|
|
|
|
lifetime=lifetime,
|
|
|
|
)
|
|
|
|
|
|
|
|
|
2022-11-10 14:56:25 +00:00
|
|
|
@allure.step("Generate Session Token For Object")
|
|
|
|
def generate_object_session_token(
|
|
|
|
owner_wallet: WalletFile,
|
|
|
|
session_wallet: WalletFile,
|
|
|
|
oids: list[str],
|
|
|
|
cid: str,
|
2022-11-30 08:26:38 +00:00
|
|
|
verb: ObjectVerb,
|
2022-11-10 14:56:25 +00:00
|
|
|
tokens_dir: str,
|
|
|
|
lifetime: Optional[Lifetime] = None,
|
|
|
|
) -> str:
|
|
|
|
"""
|
|
|
|
This function generates session token for ObjectSessionContext
|
2022-11-30 08:26:38 +00:00
|
|
|
and writes it to the file.
|
2022-11-10 14:56:25 +00:00
|
|
|
Args:
|
|
|
|
owner_wallet: wallet of container owner
|
2022-11-30 08:26:38 +00:00
|
|
|
session_wallet: wallet to which we grant the access via session token
|
2022-11-10 14:56:25 +00:00
|
|
|
cid: container ID of the container
|
|
|
|
oids: list of objectIDs to put into session
|
2022-11-30 08:26:38 +00:00
|
|
|
verb: verb to grant access to; Valid verbs are: ObjectVerb.
|
2022-11-10 14:56:25 +00:00
|
|
|
lifetime: lifetime options for session
|
|
|
|
Returns:
|
|
|
|
The path to the generated session token file
|
|
|
|
"""
|
2022-11-30 08:26:38 +00:00
|
|
|
session = {
|
|
|
|
"object": {
|
|
|
|
"verb": verb.value,
|
|
|
|
"target": {
|
2023-02-19 23:58:07 +00:00
|
|
|
"container": {"value": json_utils.encode_for_json(cid)},
|
|
|
|
"objects": [{"value": json_utils.encode_for_json(oid)} for oid in oids],
|
2022-11-10 14:56:25 +00:00
|
|
|
},
|
2022-11-30 08:26:38 +00:00
|
|
|
},
|
2022-06-09 13:08:11 +00:00
|
|
|
}
|
2022-05-27 14:42:42 +00:00
|
|
|
|
2022-11-30 08:26:38 +00:00
|
|
|
return generate_session_token(
|
|
|
|
owner_wallet=owner_wallet,
|
|
|
|
session_wallet=session_wallet,
|
|
|
|
session=session,
|
|
|
|
tokens_dir=tokens_dir,
|
|
|
|
lifetime=lifetime,
|
|
|
|
)
|
2022-05-27 14:42:42 +00:00
|
|
|
|
2022-11-30 08:26:38 +00:00
|
|
|
|
2022-12-05 22:31:45 +00:00
|
|
|
@allure.step("Get signed token for container session")
|
2022-11-30 08:26:38 +00:00
|
|
|
def get_container_signed_token(
|
|
|
|
owner_wallet: WalletFile,
|
|
|
|
user_wallet: WalletFile,
|
|
|
|
verb: ContainerVerb,
|
|
|
|
shell: Shell,
|
|
|
|
tokens_dir: str,
|
|
|
|
lifetime: Optional[Lifetime] = None,
|
|
|
|
) -> str:
|
|
|
|
"""
|
2022-12-05 22:31:45 +00:00
|
|
|
Returns signed token file path for static container session
|
2022-11-30 08:26:38 +00:00
|
|
|
"""
|
|
|
|
session_token_file = generate_container_session_token(
|
|
|
|
owner_wallet=owner_wallet,
|
|
|
|
session_wallet=user_wallet,
|
|
|
|
verb=verb,
|
|
|
|
tokens_dir=tokens_dir,
|
|
|
|
lifetime=lifetime,
|
|
|
|
)
|
|
|
|
return sign_session_token(shell, session_token_file, owner_wallet)
|
2022-05-27 14:42:42 +00:00
|
|
|
|
|
|
|
|
2022-11-10 14:56:25 +00:00
|
|
|
@allure.step("Get signed token for object session")
|
|
|
|
def get_object_signed_token(
|
|
|
|
owner_wallet: WalletFile,
|
|
|
|
user_wallet: WalletFile,
|
2022-11-30 08:26:38 +00:00
|
|
|
cid: str,
|
2022-11-10 14:56:25 +00:00
|
|
|
storage_objects: list[StorageObjectInfo],
|
2022-11-30 08:26:38 +00:00
|
|
|
verb: ObjectVerb,
|
2022-11-10 14:56:25 +00:00
|
|
|
shell: Shell,
|
|
|
|
tokens_dir: str,
|
|
|
|
lifetime: Optional[Lifetime] = None,
|
|
|
|
) -> str:
|
|
|
|
"""
|
|
|
|
Returns signed token file path for static object session
|
|
|
|
"""
|
|
|
|
storage_object_ids = [storage_object.oid for storage_object in storage_objects]
|
|
|
|
session_token_file = generate_object_session_token(
|
2022-11-30 08:26:38 +00:00
|
|
|
owner_wallet=owner_wallet,
|
|
|
|
session_wallet=user_wallet,
|
|
|
|
oids=storage_object_ids,
|
|
|
|
cid=cid,
|
|
|
|
verb=verb,
|
|
|
|
tokens_dir=tokens_dir,
|
2022-11-10 14:56:25 +00:00
|
|
|
lifetime=lifetime,
|
|
|
|
)
|
2022-11-30 08:26:38 +00:00
|
|
|
return sign_session_token(shell, session_token_file, owner_wallet)
|
2022-11-10 14:56:25 +00:00
|
|
|
|
|
|
|
|
2022-09-20 15:03:52 +00:00
|
|
|
@allure.step("Create Session Token")
|
2022-11-01 09:30:05 +00:00
|
|
|
def create_session_token(
|
|
|
|
shell: Shell,
|
|
|
|
owner: str,
|
|
|
|
wallet_path: str,
|
|
|
|
wallet_password: str,
|
2022-12-05 22:31:45 +00:00
|
|
|
rpc_endpoint: str,
|
2022-11-01 09:30:05 +00:00
|
|
|
) -> str:
|
2022-09-05 09:35:46 +00:00
|
|
|
"""
|
|
|
|
Create session token for an object.
|
|
|
|
Args:
|
2022-11-01 09:30:05 +00:00
|
|
|
shell: Shell instance.
|
|
|
|
owner: User that writes the token.
|
|
|
|
wallet_path: The path to wallet to which we grant the access via session token.
|
|
|
|
wallet_password: Wallet password.
|
|
|
|
rpc_endpoint: Remote node address (as 'multiaddr' or '<host>:<port>').
|
2022-09-05 09:35:46 +00:00
|
|
|
Returns:
|
2022-11-01 09:30:05 +00:00
|
|
|
The path to the generated session token file.
|
2022-09-05 09:35:46 +00:00
|
|
|
"""
|
2022-10-18 07:11:57 +00:00
|
|
|
session_token = os.path.join(os.getcwd(), ASSETS_DIR, str(uuid.uuid4()))
|
2023-01-09 12:46:03 +00:00
|
|
|
frostfscli = FrostfsCli(shell=shell, frostfs_cli_exec_path=FROSTFS_CLI_EXEC)
|
|
|
|
frostfscli.session.create(
|
2022-11-01 09:30:05 +00:00
|
|
|
rpc_endpoint=rpc_endpoint,
|
|
|
|
address=owner,
|
|
|
|
wallet=wallet_path,
|
|
|
|
wallet_password=wallet_password,
|
|
|
|
out=session_token,
|
2022-09-05 09:35:46 +00:00
|
|
|
)
|
|
|
|
return session_token
|
|
|
|
|
|
|
|
|
2022-09-20 15:03:52 +00:00
|
|
|
@allure.step("Sign Session Token")
|
2022-11-30 08:26:38 +00:00
|
|
|
def sign_session_token(shell: Shell, session_token_file: str, wlt: WalletFile) -> str:
|
2022-05-27 14:42:42 +00:00
|
|
|
"""
|
2022-09-05 09:35:46 +00:00
|
|
|
This function signs the session token by the given wallet.
|
2022-11-01 09:30:05 +00:00
|
|
|
|
2022-09-05 09:35:46 +00:00
|
|
|
Args:
|
2022-11-01 09:30:05 +00:00
|
|
|
shell: Shell instance.
|
|
|
|
session_token_file: The path to the session token file.
|
|
|
|
wlt: The path to the signing wallet.
|
|
|
|
|
2022-09-05 09:35:46 +00:00
|
|
|
Returns:
|
2022-11-01 09:30:05 +00:00
|
|
|
The path to the signed token.
|
2022-05-27 14:42:42 +00:00
|
|
|
"""
|
2022-11-01 09:30:05 +00:00
|
|
|
signed_token_file = os.path.join(os.getcwd(), ASSETS_DIR, str(uuid.uuid4()))
|
2023-01-09 12:46:03 +00:00
|
|
|
frostfscli = FrostfsCli(
|
|
|
|
shell=shell, frostfs_cli_exec_path=FROSTFS_CLI_EXEC, config_file=WALLET_CONFIG
|
|
|
|
)
|
|
|
|
frostfscli.util.sign_session_token(
|
2022-11-30 08:26:38 +00:00
|
|
|
wallet=wlt.path, from_file=session_token_file, to_file=signed_token_file
|
2022-05-27 14:42:42 +00:00
|
|
|
)
|
2022-11-01 09:30:05 +00:00
|
|
|
return signed_token_file
|