frostfs-testcases/pytest_tests/testsuites/acl/test_bearer.py

import allure
import pytest
from frostfs_testlib.steps.acl import (
    create_eacl,
    form_bearertoken_file,
    set_eacl,
    wait_for_cache_expired,
)
from frostfs_testlib.storage.dataclasses.acl import EACLAccess, EACLOperation, EACLRole, EACLRule
from frostfs_testlib.testing.cluster_test_base import ClusterTestBase

from pytest_tests.helpers.container_access import (
    check_custom_access_to_container,
    check_full_access_to_container,
    check_no_access_to_container,
)
from pytest_tests.testsuites.acl.conftest import Wallets


@pytest.mark.sanity
@pytest.mark.acl
@pytest.mark.acl_bearer
class TestACLBearer(ClusterTestBase):
    @allure.title("Operations with BearerToken (role={role.value}, obj_size={object_size})")
    @pytest.mark.parametrize("role", [EACLRole.USER, EACLRole.OTHERS])
    def test_bearer_token_operations(
        self,
        wallets: Wallets,
        eacl_container_with_objects: tuple[str, list[str], str],
        role: EACLRole,
    ):
        cid, objects_oids, file_path = eacl_container_with_objects
        user_wallet = wallets.get_wallet()
        deny_wallet = wallets.get_wallet(role)
        endpoint = self.cluster.default_rpc_endpoint

        with allure.step(f"Check {role.value} has full access to container without bearer token"):
            check_full_access_to_container(
                deny_wallet.wallet_path,
                cid,
                objects_oids.pop(),
                file_path,
                wallet_config=deny_wallet.config_path,
                shell=self.shell,
                cluster=self.cluster,
            )

        with allure.step(f"Set deny all operations for {role.value} via eACL"):
            eacl = [
                EACLRule(access=EACLAccess.DENY, role=role, operation=op) for op in EACLOperation
            ]
            eacl_file = create_eacl(cid, eacl, shell=self.shell)
            set_eacl(user_wallet.wallet_path, cid, eacl_file, shell=self.shell, endpoint=endpoint)
            wait_for_cache_expired()

        with allure.step(f"Create bearer token for {role.value} with all operations allowed"):
            bearer = form_bearertoken_file(
                user_wallet.wallet_path,
                cid,
                [
                    EACLRule(operation=op, access=EACLAccess.ALLOW, role=role)
                    for op in EACLOperation
                ],
                shell=self.shell,
                endpoint=self.cluster.default_rpc_endpoint,
            )

        with allure.step(
            f"Check {role.value} without token has no access to all operations with container"
        ):
            check_no_access_to_container(
                deny_wallet.wallet_path,
                cid,
                objects_oids.pop(),
                file_path,
                wallet_config=deny_wallet.config_path,
                shell=self.shell,
                cluster=self.cluster,
            )

        with allure.step(
            f"Check {role.value} with token has access to all operations with container"
        ):
            check_full_access_to_container(
                deny_wallet.wallet_path,
                cid,
                objects_oids.pop(),
                file_path,
                bearer=bearer,
                wallet_config=deny_wallet.config_path,
                shell=self.shell,
                cluster=self.cluster,
            )

        with allure.step(f"Set allow all operations for {role.value} via eACL"):
            eacl = [
                EACLRule(access=EACLAccess.ALLOW, role=role, operation=op) for op in EACLOperation
            ]
            eacl_file = create_eacl(cid, eacl, shell=self.shell)
            set_eacl(user_wallet.wallet_path, cid, eacl_file, shell=self.shell, endpoint=endpoint)
            wait_for_cache_expired()

        with allure.step(
            f"Check {role.value} without token has access to all operations with container"
        ):
            check_full_access_to_container(
                deny_wallet.wallet_path,
                cid,
                objects_oids.pop(),
                file_path,
                wallet_config=deny_wallet.config_path,
                shell=self.shell,
                cluster=self.cluster,
            )

    @allure.title("BearerToken for compound operations (obj_size={object_size})")
    def test_bearer_token_compound_operations(self, wallets, eacl_container_with_objects):
        endpoint = self.cluster.default_rpc_endpoint
        cid, objects_oids, file_path = eacl_container_with_objects
        user_wallet = wallets.get_wallet()
        other_wallet = wallets.get_wallet(role=EACLRole.OTHERS)

        # Operations that we will deny for each role via eACL
        deny_map = {
            EACLRole.USER: [EACLOperation.DELETE],
            EACLRole.OTHERS: [
                EACLOperation.SEARCH,
                EACLOperation.GET_RANGE_HASH,
                EACLOperation.GET_RANGE,
            ],
        }

        # Operations that we will allow for each role with bearer token
        bearer_map = {
            EACLRole.USER: [
                EACLOperation.DELETE,
                EACLOperation.PUT,
                EACLOperation.GET_RANGE,
            ],
            EACLRole.OTHERS: [
                EACLOperation.GET,
                EACLOperation.GET_RANGE,
                EACLOperation.GET_RANGE_HASH,
            ],
        }

        deny_map_with_bearer = {
            EACLRole.USER: [
                op for op in deny_map[EACLRole.USER] if op not in bearer_map[EACLRole.USER]
            ],
            EACLRole.OTHERS: [
                op for op in deny_map[EACLRole.OTHERS] if op not in bearer_map[EACLRole.OTHERS]
            ],
        }

        eacl_deny = []
        for role, operations in deny_map.items():
            eacl_deny += [
                EACLRule(access=EACLAccess.DENY, role=role, operation=op) for op in operations
            ]
        set_eacl(
            user_wallet.wallet_path,
            cid,
            eacl_table_path=create_eacl(cid, eacl_deny, shell=self.shell),
            shell=self.shell,
            endpoint=endpoint,
        )
        wait_for_cache_expired()

        with allure.step("Check rule consistency without bearer"):
            check_custom_access_to_container(
                user_wallet.wallet_path,
                cid,
                objects_oids.pop(),
                file_path,
                deny_operations=deny_map[EACLRole.USER],
                wallet_config=user_wallet.config_path,
                shell=self.shell,
                cluster=self.cluster,
            )
            check_custom_access_to_container(
                other_wallet.wallet_path,
                cid,
                objects_oids.pop(),
                file_path,
                deny_operations=deny_map[EACLRole.OTHERS],
                wallet_config=other_wallet.config_path,
                shell=self.shell,
                cluster=self.cluster,
            )

        with allure.step("Check rule consistency using bearer token"):
            bearer_user = form_bearertoken_file(
                user_wallet.wallet_path,
                cid,
                [
                    EACLRule(operation=op, access=EACLAccess.ALLOW, role=EACLRole.USER)
                    for op in bearer_map[EACLRole.USER]
                ],
                shell=self.shell,
                endpoint=self.cluster.default_rpc_endpoint,
            )

            bearer_other = form_bearertoken_file(
                user_wallet.wallet_path,
                cid,
                [
                    EACLRule(operation=op, access=EACLAccess.ALLOW, role=EACLRole.OTHERS)
                    for op in bearer_map[EACLRole.OTHERS]
                ],
                shell=self.shell,
                endpoint=self.cluster.default_rpc_endpoint,
            )

            check_custom_access_to_container(
                user_wallet.wallet_path,
                cid,
                objects_oids.pop(),
                file_path,
                deny_operations=deny_map_with_bearer[EACLRole.USER],
                bearer=bearer_user,
                wallet_config=user_wallet.config_path,
                shell=self.shell,
                cluster=self.cluster,
            )
            check_custom_access_to_container(
                other_wallet.wallet_path,
                cid,
                objects_oids.pop(),
                file_path,
                deny_operations=deny_map_with_bearer[EACLRole.OTHERS],
                bearer=bearer_other,
                wallet_config=other_wallet.config_path,
                shell=self.shell,
                cluster=self.cluster,
            )
Add ACL and eACL PyTest tests Signed-off-by: Vladimir Avdeev <v.avdeev@yadro.com> 2022-08-25 10:57:55 +00:00			`import allure`
			`import pytest`
Move shared code to testlib Signed-off-by: Andrey Berezin <a.berezin@yadro.com> 2023-05-15 09:59:33 +00:00			`from frostfs_testlib.steps.acl import (`
Add eACL tests using bearer token Signed-off-by: Vladimir Avdeev <v.avdeev@yadro.com> 2022-09-05 12:12:56 +00:00			`create_eacl,`
			`form_bearertoken_file,`
			`set_eacl,`
			`wait_for_cache_expired,`
			`)`
Move shared code to testlib Signed-off-by: Andrey Berezin <a.berezin@yadro.com> 2023-05-15 09:59:33 +00:00			`from frostfs_testlib.storage.dataclasses.acl import EACLAccess, EACLOperation, EACLRole, EACLRule`
			`from frostfs_testlib.testing.cluster_test_base import ClusterTestBase`

Change all imports to imports from root and remove robot Signed-off-by: Aleksei Chetaev <alex.chetaev@gmail.com> 2023-02-27 16:54:27 +00:00			`from pytest_tests.helpers.container_access import (`
Add eACL tests using bearer token Signed-off-by: Vladimir Avdeev <v.avdeev@yadro.com> 2022-09-05 12:12:56 +00:00			`check_custom_access_to_container,`
			`check_full_access_to_container,`
			`check_no_access_to_container,`
			`)`
Move shared code to testlib Signed-off-by: Andrey Berezin <a.berezin@yadro.com> 2023-05-15 09:59:33 +00:00			`from pytest_tests.testsuites.acl.conftest import Wallets`
Add ACL and eACL PyTest tests Signed-off-by: Vladimir Avdeev <v.avdeev@yadro.com> 2022-08-25 10:57:55 +00:00

			`@pytest.mark.sanity`
			`@pytest.mark.acl`
			`@pytest.mark.acl_bearer`
Refactor for cluster usage Signed-off-by: Andrey Berezin <a.berezin@yadro.com> 2022-12-05 22:31:45 +00:00			`class TestACLBearer(ClusterTestBase):`
Update test titles to conform standard 2023-09-08 10:35:34 +00:00			`@allure.title("Operations with BearerToken (role={role.value}, obj_size={object_size})")`
Add eACL tests using bearer token Signed-off-by: Vladimir Avdeev <v.avdeev@yadro.com> 2022-09-05 12:12:56 +00:00			`@pytest.mark.parametrize("role", [EACLRole.USER, EACLRole.OTHERS])`
Move shared code to testlib Signed-off-by: Andrey Berezin <a.berezin@yadro.com> 2023-05-15 09:59:33 +00:00			`def test_bearer_token_operations(`
			`self,`
			`wallets: Wallets,`
			`eacl_container_with_objects: tuple[str, list[str], str],`
			`role: EACLRole,`
			`):`
Add ACL and eACL PyTest tests Signed-off-by: Vladimir Avdeev <v.avdeev@yadro.com> 2022-08-25 10:57:55 +00:00			`cid, objects_oids, file_path = eacl_container_with_objects`
			`user_wallet = wallets.get_wallet()`
			`deny_wallet = wallets.get_wallet(role)`
Refactor for cluster usage Signed-off-by: Andrey Berezin <a.berezin@yadro.com> 2022-12-05 22:31:45 +00:00			`endpoint = self.cluster.default_rpc_endpoint`
Add ACL and eACL PyTest tests Signed-off-by: Vladimir Avdeev <v.avdeev@yadro.com> 2022-08-25 10:57:55 +00:00
[#314] Format all files with black and isort Signed-off-by: Vladimir Domnich <v.domnich@yadro.com> 2022-09-28 12:07:16 +00:00			`with allure.step(f"Check {role.value} has full access to container without bearer token"):`
Add eACL tests using bearer token Signed-off-by: Vladimir Avdeev <v.avdeev@yadro.com> 2022-09-05 12:12:56 +00:00			`check_full_access_to_container(`
			`deny_wallet.wallet_path,`
			`cid,`
			`objects_oids.pop(),`
			`file_path,`
			`wallet_config=deny_wallet.config_path,`
Refactor for cluster usage Signed-off-by: Andrey Berezin <a.berezin@yadro.com> 2022-12-05 22:31:45 +00:00			`shell=self.shell,`
			`cluster=self.cluster,`
Add eACL tests using bearer token Signed-off-by: Vladimir Avdeev <v.avdeev@yadro.com> 2022-09-05 12:12:56 +00:00			`)`

			`with allure.step(f"Set deny all operations for {role.value} via eACL"):`
			`eacl = [`
[#314] Format all files with black and isort Signed-off-by: Vladimir Domnich <v.domnich@yadro.com> 2022-09-28 12:07:16 +00:00			`EACLRule(access=EACLAccess.DENY, role=role, operation=op) for op in EACLOperation`
Add eACL tests using bearer token Signed-off-by: Vladimir Avdeev <v.avdeev@yadro.com> 2022-09-05 12:12:56 +00:00			`]`
Refactor for cluster usage Signed-off-by: Andrey Berezin <a.berezin@yadro.com> 2022-12-05 22:31:45 +00:00			`eacl_file = create_eacl(cid, eacl, shell=self.shell)`
			`set_eacl(user_wallet.wallet_path, cid, eacl_file, shell=self.shell, endpoint=endpoint)`
Add ACL and eACL PyTest tests Signed-off-by: Vladimir Avdeev <v.avdeev@yadro.com> 2022-08-25 10:57:55 +00:00			`wait_for_cache_expired()`

[#314] Format all files with black and isort Signed-off-by: Vladimir Domnich <v.domnich@yadro.com> 2022-09-28 12:07:16 +00:00			`with allure.step(f"Create bearer token for {role.value} with all operations allowed"):`
Rename bearer_token to bearer Signed-off-by: Vladimir Avdeev <v.avdeev@yadro.com> 2022-10-18 10:39:39 +00:00			`bearer = form_bearertoken_file(`
Add eACL tests using bearer token Signed-off-by: Vladimir Avdeev <v.avdeev@yadro.com> 2022-09-05 12:12:56 +00:00			`user_wallet.wallet_path,`
			`cid,`
			`[`
			`EACLRule(operation=op, access=EACLAccess.ALLOW, role=role)`
			`for op in EACLOperation`
			`],`
Refactor for cluster usage Signed-off-by: Andrey Berezin <a.berezin@yadro.com> 2022-12-05 22:31:45 +00:00			`shell=self.shell,`
			`endpoint=self.cluster.default_rpc_endpoint,`
Add eACL tests using bearer token Signed-off-by: Vladimir Avdeev <v.avdeev@yadro.com> 2022-09-05 12:12:56 +00:00			`)`

			`with allure.step(`
			`f"Check {role.value} without token has no access to all operations with container"`
			`):`
Add ACL and eACL PyTest tests Signed-off-by: Vladimir Avdeev <v.avdeev@yadro.com> 2022-08-25 10:57:55 +00:00			`check_no_access_to_container(`
Add eACL tests using bearer token Signed-off-by: Vladimir Avdeev <v.avdeev@yadro.com> 2022-09-05 12:12:56 +00:00			`deny_wallet.wallet_path,`
			`cid,`
			`objects_oids.pop(),`
			`file_path,`
			`wallet_config=deny_wallet.config_path,`
Refactor for cluster usage Signed-off-by: Andrey Berezin <a.berezin@yadro.com> 2022-12-05 22:31:45 +00:00			`shell=self.shell,`
			`cluster=self.cluster,`
Add eACL tests using bearer token Signed-off-by: Vladimir Avdeev <v.avdeev@yadro.com> 2022-09-05 12:12:56 +00:00			`)`

			`with allure.step(`
			`f"Check {role.value} with token has access to all operations with container"`
			`):`
			`check_full_access_to_container(`
			`deny_wallet.wallet_path,`
			`cid,`
			`objects_oids.pop(),`
			`file_path,`
Rename bearer_token to bearer Signed-off-by: Vladimir Avdeev <v.avdeev@yadro.com> 2022-10-18 10:39:39 +00:00			`bearer=bearer,`
Add eACL tests using bearer token Signed-off-by: Vladimir Avdeev <v.avdeev@yadro.com> 2022-09-05 12:12:56 +00:00			`wallet_config=deny_wallet.config_path,`
Refactor for cluster usage Signed-off-by: Andrey Berezin <a.berezin@yadro.com> 2022-12-05 22:31:45 +00:00			`shell=self.shell,`
			`cluster=self.cluster,`
Add eACL tests using bearer token Signed-off-by: Vladimir Avdeev <v.avdeev@yadro.com> 2022-09-05 12:12:56 +00:00			`)`

			`with allure.step(f"Set allow all operations for {role.value} via eACL"):`
			`eacl = [`
[#314] Format all files with black and isort Signed-off-by: Vladimir Domnich <v.domnich@yadro.com> 2022-09-28 12:07:16 +00:00			`EACLRule(access=EACLAccess.ALLOW, role=role, operation=op) for op in EACLOperation`
Add eACL tests using bearer token Signed-off-by: Vladimir Avdeev <v.avdeev@yadro.com> 2022-09-05 12:12:56 +00:00			`]`
Refactor for cluster usage Signed-off-by: Andrey Berezin <a.berezin@yadro.com> 2022-12-05 22:31:45 +00:00			`eacl_file = create_eacl(cid, eacl, shell=self.shell)`
			`set_eacl(user_wallet.wallet_path, cid, eacl_file, shell=self.shell, endpoint=endpoint)`
Add ACL and eACL PyTest tests Signed-off-by: Vladimir Avdeev <v.avdeev@yadro.com> 2022-08-25 10:57:55 +00:00			`wait_for_cache_expired()`

Add eACL tests using bearer token Signed-off-by: Vladimir Avdeev <v.avdeev@yadro.com> 2022-09-05 12:12:56 +00:00			`with allure.step(`
			`f"Check {role.value} without token has access to all operations with container"`
			`):`
			`check_full_access_to_container(`
			`deny_wallet.wallet_path,`
			`cid,`
			`objects_oids.pop(),`
			`file_path,`
			`wallet_config=deny_wallet.config_path,`
Refactor for cluster usage Signed-off-by: Andrey Berezin <a.berezin@yadro.com> 2022-12-05 22:31:45 +00:00			`shell=self.shell,`
			`cluster=self.cluster,`
Add eACL tests using bearer token Signed-off-by: Vladimir Avdeev <v.avdeev@yadro.com> 2022-09-05 12:12:56 +00:00			`)`

Update test titles to conform standard 2023-09-08 10:35:34 +00:00			`@allure.title("BearerToken for compound operations (obj_size={object_size})")`
Refactor for cluster usage Signed-off-by: Andrey Berezin <a.berezin@yadro.com> 2022-12-05 22:31:45 +00:00			`def test_bearer_token_compound_operations(self, wallets, eacl_container_with_objects):`
			`endpoint = self.cluster.default_rpc_endpoint`
Add ACL and eACL PyTest tests Signed-off-by: Vladimir Avdeev <v.avdeev@yadro.com> 2022-08-25 10:57:55 +00:00			`cid, objects_oids, file_path = eacl_container_with_objects`
			`user_wallet = wallets.get_wallet()`
			`other_wallet = wallets.get_wallet(role=EACLRole.OTHERS)`

			`# Operations that we will deny for each role via eACL`
			`deny_map = {`
			`EACLRole.USER: [EACLOperation.DELETE],`
Add eACL tests using bearer token Signed-off-by: Vladimir Avdeev <v.avdeev@yadro.com> 2022-09-05 12:12:56 +00:00			`EACLRole.OTHERS: [`
			`EACLOperation.SEARCH,`
			`EACLOperation.GET_RANGE_HASH,`
			`EACLOperation.GET_RANGE,`
			`],`
Add ACL and eACL PyTest tests Signed-off-by: Vladimir Avdeev <v.avdeev@yadro.com> 2022-08-25 10:57:55 +00:00			`}`

			`# Operations that we will allow for each role with bearer token`
			`bearer_map = {`
Add eACL tests using bearer token Signed-off-by: Vladimir Avdeev <v.avdeev@yadro.com> 2022-09-05 12:12:56 +00:00			`EACLRole.USER: [`
			`EACLOperation.DELETE,`
			`EACLOperation.PUT,`
			`EACLOperation.GET_RANGE,`
			`],`
			`EACLRole.OTHERS: [`
			`EACLOperation.GET,`
			`EACLOperation.GET_RANGE,`
			`EACLOperation.GET_RANGE_HASH,`
			`],`
Add ACL and eACL PyTest tests Signed-off-by: Vladimir Avdeev <v.avdeev@yadro.com> 2022-08-25 10:57:55 +00:00			`}`

			`deny_map_with_bearer = {`
Add eACL tests using bearer token Signed-off-by: Vladimir Avdeev <v.avdeev@yadro.com> 2022-09-05 12:12:56 +00:00			`EACLRole.USER: [`
[#314] Format all files with black and isort Signed-off-by: Vladimir Domnich <v.domnich@yadro.com> 2022-09-28 12:07:16 +00:00			`op for op in deny_map[EACLRole.USER] if op not in bearer_map[EACLRole.USER]`
Add eACL tests using bearer token Signed-off-by: Vladimir Avdeev <v.avdeev@yadro.com> 2022-09-05 12:12:56 +00:00			`],`
			`EACLRole.OTHERS: [`
[#314] Format all files with black and isort Signed-off-by: Vladimir Domnich <v.domnich@yadro.com> 2022-09-28 12:07:16 +00:00			`op for op in deny_map[EACLRole.OTHERS] if op not in bearer_map[EACLRole.OTHERS]`
Add eACL tests using bearer token Signed-off-by: Vladimir Avdeev <v.avdeev@yadro.com> 2022-09-05 12:12:56 +00:00			`],`
Add ACL and eACL PyTest tests Signed-off-by: Vladimir Avdeev <v.avdeev@yadro.com> 2022-08-25 10:57:55 +00:00			`}`

			`eacl_deny = []`
			`for role, operations in deny_map.items():`
Add eACL tests using bearer token Signed-off-by: Vladimir Avdeev <v.avdeev@yadro.com> 2022-09-05 12:12:56 +00:00			`eacl_deny += [`
[#314] Format all files with black and isort Signed-off-by: Vladimir Domnich <v.domnich@yadro.com> 2022-09-28 12:07:16 +00:00			`EACLRule(access=EACLAccess.DENY, role=role, operation=op) for op in operations`
Add eACL tests using bearer token Signed-off-by: Vladimir Avdeev <v.avdeev@yadro.com> 2022-09-05 12:12:56 +00:00			`]`
Use neofs-testlib Signed-off-by: Vladimir Avdeev <v.avdeev@yadro.com> 2022-10-13 18:53:44 +00:00			`set_eacl(`
			`user_wallet.wallet_path,`
			`cid,`
Refactor for cluster usage Signed-off-by: Andrey Berezin <a.berezin@yadro.com> 2022-12-05 22:31:45 +00:00			`eacl_table_path=create_eacl(cid, eacl_deny, shell=self.shell),`
			`shell=self.shell,`
			`endpoint=endpoint,`
Use neofs-testlib Signed-off-by: Vladimir Avdeev <v.avdeev@yadro.com> 2022-10-13 18:53:44 +00:00			`)`
Add ACL and eACL PyTest tests Signed-off-by: Vladimir Avdeev <v.avdeev@yadro.com> 2022-08-25 10:57:55 +00:00			`wait_for_cache_expired()`

Add eACL tests using bearer token Signed-off-by: Vladimir Avdeev <v.avdeev@yadro.com> 2022-09-05 12:12:56 +00:00			`with allure.step("Check rule consistency without bearer"):`
			`check_custom_access_to_container(`
			`user_wallet.wallet_path,`
			`cid,`
			`objects_oids.pop(),`
			`file_path,`
			`deny_operations=deny_map[EACLRole.USER],`
			`wallet_config=user_wallet.config_path,`
Refactor for cluster usage Signed-off-by: Andrey Berezin <a.berezin@yadro.com> 2022-12-05 22:31:45 +00:00			`shell=self.shell,`
			`cluster=self.cluster,`
Add eACL tests using bearer token Signed-off-by: Vladimir Avdeev <v.avdeev@yadro.com> 2022-09-05 12:12:56 +00:00			`)`
			`check_custom_access_to_container(`
			`other_wallet.wallet_path,`
			`cid,`
			`objects_oids.pop(),`
			`file_path,`
			`deny_operations=deny_map[EACLRole.OTHERS],`
			`wallet_config=other_wallet.config_path,`
Refactor for cluster usage Signed-off-by: Andrey Berezin <a.berezin@yadro.com> 2022-12-05 22:31:45 +00:00			`shell=self.shell,`
			`cluster=self.cluster,`
Add eACL tests using bearer token Signed-off-by: Vladimir Avdeev <v.avdeev@yadro.com> 2022-09-05 12:12:56 +00:00			`)`

			`with allure.step("Check rule consistency using bearer token"):`
Rename bearer_token to bearer Signed-off-by: Vladimir Avdeev <v.avdeev@yadro.com> 2022-10-18 10:39:39 +00:00			`bearer_user = form_bearertoken_file(`
Add eACL tests using bearer token Signed-off-by: Vladimir Avdeev <v.avdeev@yadro.com> 2022-09-05 12:12:56 +00:00			`user_wallet.wallet_path,`
			`cid,`
			`[`
			`EACLRule(operation=op, access=EACLAccess.ALLOW, role=EACLRole.USER)`
			`for op in bearer_map[EACLRole.USER]`
			`],`
Refactor for cluster usage Signed-off-by: Andrey Berezin <a.berezin@yadro.com> 2022-12-05 22:31:45 +00:00			`shell=self.shell,`
			`endpoint=self.cluster.default_rpc_endpoint,`
Add eACL tests using bearer token Signed-off-by: Vladimir Avdeev <v.avdeev@yadro.com> 2022-09-05 12:12:56 +00:00			`)`

Rename bearer_token to bearer Signed-off-by: Vladimir Avdeev <v.avdeev@yadro.com> 2022-10-18 10:39:39 +00:00			`bearer_other = form_bearertoken_file(`
Add eACL tests using bearer token Signed-off-by: Vladimir Avdeev <v.avdeev@yadro.com> 2022-09-05 12:12:56 +00:00			`user_wallet.wallet_path,`
			`cid,`
			`[`
[#314] Format all files with black and isort Signed-off-by: Vladimir Domnich <v.domnich@yadro.com> 2022-09-28 12:07:16 +00:00			`EACLRule(operation=op, access=EACLAccess.ALLOW, role=EACLRole.OTHERS)`
Add eACL tests using bearer token Signed-off-by: Vladimir Avdeev <v.avdeev@yadro.com> 2022-09-05 12:12:56 +00:00			`for op in bearer_map[EACLRole.OTHERS]`
			`],`
Refactor for cluster usage Signed-off-by: Andrey Berezin <a.berezin@yadro.com> 2022-12-05 22:31:45 +00:00			`shell=self.shell,`
			`endpoint=self.cluster.default_rpc_endpoint,`
Add eACL tests using bearer token Signed-off-by: Vladimir Avdeev <v.avdeev@yadro.com> 2022-09-05 12:12:56 +00:00			`)`

			`check_custom_access_to_container(`
			`user_wallet.wallet_path,`
			`cid,`
			`objects_oids.pop(),`
			`file_path,`
			`deny_operations=deny_map_with_bearer[EACLRole.USER],`
Rename bearer_token to bearer Signed-off-by: Vladimir Avdeev <v.avdeev@yadro.com> 2022-10-18 10:39:39 +00:00			`bearer=bearer_user,`
Add eACL tests using bearer token Signed-off-by: Vladimir Avdeev <v.avdeev@yadro.com> 2022-09-05 12:12:56 +00:00			`wallet_config=user_wallet.config_path,`
Refactor for cluster usage Signed-off-by: Andrey Berezin <a.berezin@yadro.com> 2022-12-05 22:31:45 +00:00			`shell=self.shell,`
			`cluster=self.cluster,`
Add eACL tests using bearer token Signed-off-by: Vladimir Avdeev <v.avdeev@yadro.com> 2022-09-05 12:12:56 +00:00			`)`
			`check_custom_access_to_container(`
			`other_wallet.wallet_path,`
			`cid,`
			`objects_oids.pop(),`
			`file_path,`
			`deny_operations=deny_map_with_bearer[EACLRole.OTHERS],`
Rename bearer_token to bearer Signed-off-by: Vladimir Avdeev <v.avdeev@yadro.com> 2022-10-18 10:39:39 +00:00			`bearer=bearer_other,`
Add eACL tests using bearer token Signed-off-by: Vladimir Avdeev <v.avdeev@yadro.com> 2022-09-05 12:12:56 +00:00			`wallet_config=other_wallet.config_path,`
Refactor for cluster usage Signed-off-by: Andrey Berezin <a.berezin@yadro.com> 2022-12-05 22:31:45 +00:00			`shell=self.shell,`
			`cluster=self.cluster,`
Add eACL tests using bearer token Signed-off-by: Vladimir Avdeev <v.avdeev@yadro.com> 2022-09-05 12:12:56 +00:00			`)`