[#162] eACL: Create eACL with neofs-cli

Signed-off-by: Elizaveta Chichindaeva <elizaveta@nspcc.ru>
This commit is contained in:
Elizaveta Chichindaeva 2022-02-17 12:52:48 +03:00
parent d66ae5b7fc
commit e5d6662905
22 changed files with 121 additions and 175 deletions

View file

@ -67,6 +67,22 @@ def _encode_cid_for_eacl(cid: str) -> str:
cid_base58 = base58.b58decode(cid)
return base64.b64encode(cid_base58).decode("utf-8")
@keyword('Create eACL')
def create_eacl(cid: str, rules_list: list):
table = f"{os.getcwd()}/{ASSETS_DIR}/eacl_table_{str(uuid.uuid4())}.json"
rules = ""
for rule in rules_list:
# TODO: check if $Object: is still necessary for filtering in the newest releases
rules += f"--rule '{rule}' "
cmd = (
f"{NEOFS_CLI_EXEC} acl extended create --cid {cid} "
f"{rules}--out {table}"
)
logger.info(f"cmd: {cmd}")
_cmd_run(cmd)
return table
@keyword('Form BearerToken File')
def form_bearertoken_file(wif: str, cid: str, eacl_records: list) -> str:
@ -153,48 +169,3 @@ def sign_bearer_token(wif: str, eacl_rules_file: str):
)
logger.info(f"cmd: {cmd}")
_cmd_run(cmd)
@keyword('Form eACL JSON Common File')
def form_eacl_json_common_file(eacl_records: list) -> str:
# Input role can be Role (USER, SYSTEM, OTHERS) or public key.
eacl = {"records":[]}
file_path = f"{os.getcwd()}/{ASSETS_DIR}/{str(uuid.uuid4())}"
for record in eacl_records:
op_data = dict()
if Role(record['Role']):
op_data = {
"operation": record['Operation'],
"action": record['Access'],
"filters": [],
"targets": [
{
"role": record['Role']
}
]
}
else:
op_data = {
"operation": record['Operation'],
"action": record['Access'],
"filters": [],
"targets": [
{
"keys": [ record['Role'] ]
}
]
}
if 'Filters' in record.keys():
op_data["filters"].append(record['Filters'])
eacl["records"].append(op_data)
logger.info(f"Got these extended ACL records: {eacl}")
with open(file_path, 'w', encoding='utf-8') as eacl_file:
json.dump(eacl, eacl_file, ensure_ascii=False, indent=4)
return file_path

View file

@ -27,21 +27,22 @@ Generate file
Prepare eACL Role rules
[Arguments] ${CID}
Log Set eACL for different Role cases
# eACL rules for all operations and similar permissions
@{Roles} = Create List OTHERS USER SYSTEM
@{Roles} = Create List others user system
FOR ${role} IN @{Roles}
${rule1} = Create Dictionary Operation=GET Access=DENY Role=${role}
${rule2} = Create Dictionary Operation=HEAD Access=DENY Role=${role}
${rule3} = Create Dictionary Operation=PUT Access=DENY Role=${role}
${rule4} = Create Dictionary Operation=DELETE Access=DENY Role=${role}
${rule5} = Create Dictionary Operation=SEARCH Access=DENY Role=${role}
${rule6} = Create Dictionary Operation=GETRANGE Access=DENY Role=${role}
${rule7} = Create Dictionary Operation=GETRANGEHASH Access=DENY Role=${role}
${rule1} = Set Variable deny get ${role}
${rule2} = Set Variable deny head ${role}
${rule3} = Set Variable deny put ${role}
${rule4} = Set Variable deny delete ${role}
${rule5} = Set Variable deny search ${role}
${rule6} = Set Variable deny getrange ${role}
${rule7} = Set Variable deny getrangehash ${role}
${eACL_gen} = Create List ${rule1} ${rule2} ${rule3} ${rule4} ${rule5} ${rule6} ${rule7}
${EACL_FILE} = Form eACL JSON Common File ${eACL_gen}
${EACL_FILE} = Create eACL ${CID} ${eACL_gen}
Set Global Variable ${EACL_DENY_ALL_${role}} ${EACL_FILE}
END
[Return] gen_eacl_deny_all_${role}

View file

@ -89,22 +89,22 @@ Check eACL Deny and Allow All
Delete object ${KEY} ${CID} ${S_OID_USER}
Compose eACL Custom
[Arguments] ${HEADER_DICT} ${MATCH_TYPE} ${FILTER} ${ACCESS} ${ROLE}
[Arguments] ${CID} ${HEADER_DICT} ${MATCH_TYPE} ${FILTER} ${ACCESS} ${ROLE}
${filter_value} = Get From dictionary ${HEADER_DICT}[header] ${EACL_OBJ_FILTERS}[${FILTER}]
${filters} = Create Dictionary headerType=OBJECT matchType=${MATCH_TYPE} key=${FILTER} value=${filter_value}
${rule_get}= Create Dictionary Operation=GET Access=${ACCESS} Role=${ROLE} Filters=${filters}
${rule_head}= Create Dictionary Operation=HEAD Access=${ACCESS} Role=${ROLE} Filters=${filters}
${rule_put}= Create Dictionary Operation=PUT Access=${ACCESS} Role=${ROLE} Filters=${filters}
${rule_del}= Create Dictionary Operation=DELETE Access=${ACCESS} Role=${ROLE} Filters=${filters}
${rule_search}= Create Dictionary Operation=SEARCH Access=${ACCESS} Role=${ROLE} Filters=${filters}
${rule_range}= Create Dictionary Operation=GETRANGE Access=${ACCESS} Role=${ROLE} Filters=${filters}
${rule_rangehash}= Create Dictionary Operation=GETRANGEHASH Access=${ACCESS} Role=${ROLE} Filters=${filters}
${filters} = Set Variable obj:${FILTER}${MATCH_TYPE}${filter_value}
${rule_get}= Set Variable ${ACCESS} get ${filters} ${ROLE}
${rule_head}= Set Variable ${ACCESS} head ${filters} ${ROLE}
${rule_put}= Set Variable ${ACCESS} put ${filters} ${ROLE}
${rule_del}= Set Variable ${ACCESS} delete ${filters} ${ROLE}
${rule_search}= Set Variable ${ACCESS} search ${filters} ${ROLE}
${rule_range}= Set Variable ${ACCESS} getrange ${filters} ${ROLE}
${rule_rangehash}= Set Variable ${ACCESS} getrangehash ${filters} ${ROLE}
${eACL_gen}= Create List ${rule_get} ${rule_head} ${rule_put} ${rule_del}
... ${rule_search} ${rule_range} ${rule_rangehash}
${EACL_CUSTOM} = Form eACL JSON Common File ${eACL_gen}
${EACL_CUSTOM} = Create eACL ${CID} ${eACL_gen}
[Return] ${EACL_CUSTOM}
@ -136,8 +136,9 @@ Check eACL Filters with MatchType String Equal
Delete Object ${OTHER_KEY} ${CID} ${D_OID_USER}
&{HEADER_DICT} = Object Header Decoded ${USER_KEY} ${CID} ${S_OID_USER}
${EACL_CUSTOM} = Compose eACL Custom ${HEADER_DICT} STRING_EQUAL ${FILTER} DENY OTHERS
${EACL_CUSTOM} = Compose eACL Custom ${CID} ${HEADER_DICT} = ${FILTER} deny others
Set eACL ${USER_KEY} ${CID} ${EACL_CUSTOM}
Sleep ${MORPH_BLOCK_TIME}
IF 'GET' in ${VERB_FILTER_DEP}[${FILTER}]
Run Keyword And Expect Error ${EACL_ERR_MSG}
@ -185,7 +186,7 @@ Check eACL Filters with MatchType String Not Equal
Get Range Hash ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} 0:256
&{HEADER_DICT} = Object Header Decoded ${USER_KEY} ${CID} ${S_OID_USER}
${EACL_CUSTOM} = Compose eACL Custom ${HEADER_DICT} STRING_NOT_EQUAL ${FILTER} DENY OTHERS
${EACL_CUSTOM} = Compose eACL Custom ${CID} ${HEADER_DICT} != ${FILTER} deny others
Set eACL ${USER_KEY} ${CID} ${EACL_CUSTOM}
IF 'GET' in ${VERB_FILTER_DEP}[${FILTER}]

View file

@ -25,7 +25,6 @@ BearerToken Operations
[Setup] Setup
${_} ${_} ${USER_KEY} = Prepare Wallet And Deposit
Prepare eACL Role rules
Log Check Bearer token with simple object
${FILE_S} = Generate file ${SIMPLE_OBJ_SIZE}
@ -46,6 +45,7 @@ Check eACL Deny and Allow All Bearer
[Arguments] ${USER_KEY} ${FILE_S}
${CID} = Create Container Public ${USER_KEY}
Prepare eACL Role rules ${CID}
${S_OID_USER} = Put object ${USER_KEY} ${FILE_S} ${CID} user_headers=${USER_HEADER}
${D_OID_USER} = Put object ${USER_KEY} ${FILE_S} ${CID} user_headers=${USER_HEADER_DEL}
@{S_OBJ_H} = Create List ${S_OID_USER}

View file

@ -21,8 +21,7 @@ BearerToken Operations
[Setup] Setup
${WALLET} ${ADDR} ${USER_KEY} = Prepare Wallet And Deposit
Prepare eACL Role rules
Log Check Bearer token with simple object
${FILE_S} = Generate file ${SIMPLE_OBJ_SIZE}
Check eACL Deny and Allow All Bearer Simple ${USER_KEY} ${FILE_S}
@ -43,6 +42,7 @@ Check eACL Deny and Allow All Bearer
${CID} = Create Container Public ${USER_KEY}
${S_OID_USER} = Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER}
Prepare eACL Role rules ${CID}
# Storage group Operations (Put, List, Get, Delete)

View file

@ -26,7 +26,6 @@ BearerToken Operations for Сompound Operations
${_} ${_} ${USER_KEY} = Prepare Wallet And Deposit
${_} ${_} ${OTHER_KEY} = Prepare Wallet And Deposit
Prepare eACL Role rules
Log Check Bearer token with simple object
${FILE_S} = Generate file ${SIMPLE_OBJ_SIZE}
@ -58,8 +57,9 @@ Check Bearer Сompound Get
[Arguments] ${KEY} ${DENY_GROUP} ${DENY_EACL} ${FILE_S} ${USER_KEY}
${CID} = Create Container Public ${USER_KEY}
Prepare eACL Role rules ${CID}
${S_OID_USER} = Put object ${USER_KEY} ${FILE_S} ${CID} user_headers=${USER_HEADER}
@{S_OBJ_H} = Create List ${S_OID_USER}
@{S_OBJ_H} = Create List ${S_OID_USER}
${S_OID_USER} = Put object ${USER_KEY} ${FILE_S} ${CID} user_headers=${USER_HEADER}
Put object ${KEY} ${FILE_S} ${CID} user_headers=${ANOTHER_HEADER}
@ -92,6 +92,7 @@ Check Bearer Сompound Delete
[Arguments] ${KEY} ${DENY_GROUP} ${DENY_EACL} ${FILE_S} ${USER_KEY}
${CID} = Create Container Public ${USER_KEY}
Prepare eACL Role rules ${CID}
${S_OID_USER} = Put object ${USER_KEY} ${FILE_S} ${CID} user_headers=${USER_HEADER}
${D_OID_USER} = Put object ${USER_KEY} ${FILE_S} ${CID}
Put object ${KEY} ${FILE_S} ${CID} user_headers=${ANOTHER_HEADER}
@ -126,6 +127,7 @@ Check Bearer Сompound Get Range Hash
[Arguments] ${KEY} ${DENY_GROUP} ${DENY_EACL} ${FILE_S} ${USER_KEY}
${CID} = Create Container Public ${USER_KEY}
Prepare eACL Role rules ${CID}
${S_OID_USER} = Put object ${USER_KEY} ${FILE_S} ${CID} user_headers=${USER_HEADER}
Put object ${KEY} ${FILE_S} ${CID} user_headers=${ANOTHER_HEADER}

View file

@ -26,7 +26,7 @@ BearerToken Operations with Filter OID Equal
${WALLET} ${ADDR} ${USER_KEY} = Prepare Wallet And Deposit
${WALLET_OTH} ${ADDR_OTH} ${OTHER_KEY} = Prepare Wallet And Deposit
Prepare eACL Role rules
Log Check Bearer token with simple object
${FILE_S} = Generate file ${SIMPLE_OBJ_SIZE}
Check eACL Deny and Allow All Bearer Filter OID Equal ${USER_KEY} ${FILE_S}
@ -46,10 +46,11 @@ Check eACL Deny and Allow All Bearer Filter OID Equal
[Arguments] ${USER_KEY} ${FILE_S}
${CID} = Create Container Public ${USER_KEY}
Prepare eACL Role rules ${CID}
${S_OID_USER} = Put object ${USER_KEY} ${FILE_S} ${CID} user_headers=${USER_HEADER}
${S_OID_USER_2} = Put object ${USER_KEY} ${FILE_S} ${CID}
${D_OID_USER} = Put object ${USER_KEY} ${FILE_S} ${CID} user_headers=${USER_HEADER_DEL}
@{S_OBJ_H} = Create List ${S_OID_USER}
@{S_OBJ_H} = Create List ${S_OID_USER}
Put object ${USER_KEY} ${FILE_S} ${CID} user_headers=${ANOTHER_HEADER}
Get object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl

View file

@ -24,7 +24,6 @@ BearerToken Operations with Filter OID NotEqual
[Setup] Setup
${_} ${_} ${USER_KEY} = Prepare Wallet And Deposit
Prepare eACL Role rules
Log Check Bearer token with simple object
${FILE_S} = Generate file ${SIMPLE_OBJ_SIZE}
@ -44,10 +43,11 @@ Check eACL Deny and Allow All Bearer Filter OID NotEqual
[Arguments] ${USER_KEY} ${FILE_S}
${CID} = Create Container Public ${USER_KEY}
Prepare eACL Role rules ${CID}
${S_OID_USER} = Put object ${USER_KEY} ${FILE_S} ${CID} user_headers=${USER_HEADER}
${S_OID_USER_2} = Put object ${USER_KEY} ${FILE_S} ${CID}
${D_OID_USER} = Put object ${USER_KEY} ${FILE_S} ${CID}
@{S_OBJ_H} = Create List ${S_OID_USER}
@{S_OBJ_H} = Create List ${S_OID_USER}
Put object ${USER_KEY} ${FILE_S} ${CID}
Get object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl
@ -58,8 +58,8 @@ Check eACL Deny and Allow All Bearer Filter OID NotEqual
Set eACL ${USER_KEY} ${CID} ${EACL_DENY_ALL_USER}
# The current ACL cache lifetime is 30 sec
Sleep ${NEOFS_CONTRACT_CACHE_TIMEOUT}
# The current ACL cache lifetime is 30 sec
Sleep ${NEOFS_CONTRACT_CACHE_TIMEOUT}
${filters}= Create Dictionary headerType=OBJECT matchType=STRING_NOT_EQUAL key=$Object:objectID value=${S_OID_USER_2}

View file

@ -25,7 +25,6 @@ BearerToken Operations with Filter UserHeader Equal
[Setup] Setup
${_} ${_} ${USER_KEY} = Prepare Wallet And Deposit
Prepare eACL Role rules
Log Check Bearer token with simple object
${FILE_S} = Generate file ${SIMPLE_OBJ_SIZE}
@ -42,10 +41,11 @@ BearerToken Operations with Filter UserHeader Equal
Check eACL Deny and Allow All Bearer Filter UserHeader Equal
[Arguments] ${USER_KEY} ${FILE_S}
${CID} = Create Container Public ${USER_KEY}
Prepare eACL Role rules ${CID}
${S_OID_USER} = Put object ${USER_KEY} ${FILE_S} ${CID} user_headers=${USER_HEADER}
${S_OID_USER_2} = Put object ${USER_KEY} ${FILE_S} ${CID}
${D_OID_USER} = Put object ${USER_KEY} ${FILE_S} ${CID} user_headers=${USER_HEADER_DEL}
@{S_OBJ_H} = Create List ${S_OID_USER}
@{S_OBJ_H} = Create List ${S_OID_USER}
Put object ${USER_KEY} ${FILE_S} ${CID} user_headers=${ANOTHER_HEADER}
Get object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl

View file

@ -25,7 +25,6 @@ BearerToken Operations Filter UserHeader NotEqual
[Setup] Setup
${_} ${_} ${USER_KEY} = Prepare Wallet And Deposit
Prepare eACL Role rules
Log Check Bearer token with simple object
${FILE_S} = Generate file ${SIMPLE_OBJ_SIZE}
@ -43,10 +42,11 @@ Check eACL Deny and Allow All Bearer Filter UserHeader NotEqual
[Arguments] ${USER_KEY} ${FILE_S}
${CID} = Create Container Public ${USER_KEY}
Prepare eACL Role rules ${CID}
${S_OID_USER} = Put object ${USER_KEY} ${FILE_S} ${CID} user_headers=${ANOTHER_HEADER}
${S_OID_USER_2} = Put object ${USER_KEY} ${FILE_S} ${CID} user_headers=${USER_HEADER}
${D_OID_USER} = Put object ${USER_KEY} ${FILE_S} ${CID} user_headers=${USER_HEADER_DEL}
@{S_OBJ_H} = Create List ${S_OID_USER_2}
@{S_OBJ_H} = Create List ${S_OID_USER_2}
Put object ${USER_KEY} ${FILE_S} ${CID}
Get object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl

View file

@ -20,7 +20,6 @@ BearerToken Operations for Inaccessible Container
[Setup] Setup
${_} ${_} ${USER_KEY} = Prepare Wallet And Deposit
Prepare eACL Role rules
Log Check Bearer token with simple object
${FILE_S} = Generate file ${SIMPLE_OBJ_SIZE}
@ -38,6 +37,7 @@ Check Container Inaccessible and Allow All Bearer
[Arguments] ${USER_KEY} ${FILE_S}
${CID} = Create Container Inaccessible ${USER_KEY}
Prepare eACL Role rules ${CID}
Run Keyword And Expect Error *
... Put object ${USER_KEY} ${FILE_S} ${CID} user_headers=${FILE_USR_HEADER}

View file

@ -25,7 +25,6 @@ BearerToken Operations
[Setup] Setup
${_} ${_} ${USER_KEY} = Prepare Wallet And Deposit
Prepare eACL Role rules
Log Check Bearer token with simple object
${FILE_S} = Generate file ${SIMPLE_OBJ_SIZE}
@ -45,6 +44,7 @@ Check eACL Allow All Bearer Filter Requst Equal Deny
[Arguments] ${USER_KEY} ${FILE_S}
${CID} = Create Container Public ${USER_KEY}
Prepare eACL Role rules ${CID}
${S_OID_USER} = Put object ${USER_KEY} ${FILE_S} ${CID} user_headers=${USER_HEADER}
${S_OID_USER_2} = Put object ${USER_KEY} ${FILE_S} ${CID}
${D_OID_USER} = Put object ${USER_KEY} ${FILE_S} ${CID} user_headers=${USER_HEADER_DEL}

View file

@ -25,7 +25,6 @@ BearerToken Operations with Filter Requst Equal
[Setup] Setup
${_} ${_} ${USER_KEY} = Prepare Wallet And Deposit
Prepare eACL Role rules
Log Check Bearer token with simple object
${FILE_S} = Generate file ${SIMPLE_OBJ_SIZE}
@ -45,10 +44,11 @@ Check eACL Deny and Allow All Bearer Filter Requst Equal
[Arguments] ${USER_KEY} ${FILE_S}
${CID} = Create Container Public ${USER_KEY}
Prepare eACL Role rules ${CID}
${S_OID_USER} = Put object ${USER_KEY} ${FILE_S} ${CID} user_headers=${USER_HEADER}
${S_OID_USER_2} = Put object ${USER_KEY} ${FILE_S} ${CID}
${D_OID_USER} = Put object ${USER_KEY} ${FILE_S} ${CID} user_headers=${USER_HEADER_DEL}
@{S_OBJ_H} = Create List ${S_OID_USER}
@{S_OBJ_H} = Create List ${S_OID_USER}
Put object ${USER_KEY} ${FILE_S} ${CID}
Get object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl
@ -71,6 +71,7 @@ Check eACL Deny and Allow All Bearer Filter Requst Equal
${rule6}= Create Dictionary Operation=GETRANGE Access=ALLOW Role=USER Filters=${filters}
${rule7}= Create Dictionary Operation=GETRANGEHASH Access=ALLOW Role=USER Filters=${filters}
${eACL_gen}= Create List ${rule1} ${rule2} ${rule3} ${rule4} ${rule5} ${rule6} ${rule7}
${EACL_TOKEN} = Form BearerToken File ${USER_KEY} ${CID} ${eACL_gen}
Run Keyword And Expect Error ${EACL_ERROR_MSG}

View file

@ -24,8 +24,7 @@ BearerToken Operations with Filter Requst NotEqual
[Setup] Setup
${WALLET} ${ADDR} ${USER_KEY} = Prepare Wallet And Deposit
Prepare eACL Role rules
${_} ${_} ${USER_KEY} = Prepare Wallet And Deposit
Log Check Bearer token with simple object
${FILE_S} = Generate file ${SIMPLE_OBJ_SIZE}
@ -47,7 +46,7 @@ Check eACL Deny and Allow All Bearer Filter Requst NotEqual
${S_OID_USER} = Put object ${USER_KEY} ${FILE_S} ${CID} user_headers=${USER_HEADER}
${S_OID_USER_2} = Put object ${USER_KEY} ${FILE_S} ${CID}
${D_OID_USER} = Put object ${USER_KEY} ${FILE_S} ${CID} user_headers=${USER_HEADER_DEL}
@{S_OBJ_H} = Create List ${S_OID_USER}
@{S_OBJ_H} = Create List ${S_OID_USER}
Put object ${USER_KEY} ${FILE_S} ${CID} user_headers=${ANOTHER_USER_HEADER}
Get object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl

View file

@ -37,4 +37,4 @@ Extended ACL Operations
Check eACL Deny and Allow All Other
[Arguments] ${USER_KEY} ${OTHER_KEY}
Check eACL Deny and Allow All ${OTHER_KEY} ${EACL_DENY_ALL_OTHER} ${EACL_ALLOW_ALL_OTHER} ${USER_KEY}
Check eACL Deny and Allow All ${OTHER_KEY} ${EACL_DENY_ALL_OTHERS} ${EACL_ALLOW_ALL_OTHERS} ${USER_KEY}

View file

@ -30,8 +30,6 @@ eACL Deny Replication Operations
${NODE_NUM} ${NODE} ${WIF_STORAGE} = Get control endpoint with wif
${WALLET} ${ADDR} ${WIF_USER} = Prepare Wallet And Deposit
Prepare eACL Role rules
Log Check Replication with eACL deny - object should be replicated
# https://github.com/nspcc-dev/neofs-node/issues/881
@ -41,14 +39,16 @@ eACL Deny Replication Operations
Wait Until Keyword Succeeds ${MORPH_BLOCK_TIME} ${CONTAINER_WAIT_INTERVAL}
... Container Existing ${WIF_USER} ${CID}
${OID} = Put object ${WIF_USER} ${FILE} ${CID} ${EMPTY} ${FILE_USR_HEADER}
Prepare eACL Role rules ${CID}
${OID} = Put object ${WIF_USER} ${FILE} ${CID}
Validate storage policy for object ${WIF_USER} ${EXPECTED_COPIES} ${CID} ${OID}
Set eACL ${WIF_USER} ${CID} ${EACL_DENY_ALL_USER}
Run Keyword And Expect Error *
... Put object ${WIF_USER} ${FILE} ${CID} ${EMPTY} ${FILE_USR_HEADER}
... Put object ${WIF_USER} ${FILE} ${CID}
# Drop object to check replication
Drop object ${NODE} ${WIF_STORAGE} ${CID} ${OID}

View file

@ -16,6 +16,8 @@ Resource eacl_tables.robot
${PATH} = testfile
&{USER_HEADER} = key1=1 key2=abc
&{ANOTHER_HEADER} = key1=oth key2=oth
${ID_FILTER} = $Object:objectID
${CUSTOM_FILTER} = $Object:key1
*** Test cases ***
Extended ACL Operations
@ -94,7 +96,7 @@ Check eACL MatchType String Equal Request Allow
${CID} = Create Container Public ${USER_KEY}
${S_OID_USER} = Put Object ${USER_KEY} ${FILE_S} ${CID}
Get Object ${OTHER_KEY} ${CID} ${S_OID_USER} ${EMPTY} ${PATH}
Set eACL ${USER_KEY} ${CID} ${EACL_XHEADER_ALLOW_ALL}
# The current ACL cache lifetime is 30 sec
@ -136,27 +138,27 @@ Check eACL MatchType String Equal Object
Get Object ${OTHER_KEY} ${CID} ${S_OID_USER} ${EMPTY} ${PATH}
Log Set eACL for Deny GET operation with StringEqual Object ID
&{HEADER_DICT} = Head Object ${USER_KEY} ${CID} ${S_OID_USER}
${ID_value} = Get From dictionary ${HEADER_DICT} objectID
${filters} = Create Dictionary headerType=OBJECT matchType=STRING_EQUAL key=$Object:objectID value=${ID_value}
${rule1} = Create Dictionary Operation=GET Access=DENY Role=OTHERS Filters=${filters}
${eACL_gen} = Create List ${rule1}
${EACL_CUSTOM} = Form eACL JSON Common File ${eACL_gen}
Set eACL ${USER_KEY} ${CID} ${EACL_CUSTOM}
${ID_value} = Get From dictionary ${HEADER_DICT} ${EACL_OBJ_FILTERS}[${ID_FILTER}]
${filters} = Set Variable obj:${ID_FILTER}=${ID_value}
${rule1} = Set Variable deny get ${filters} others
${eACL_gen} = Create List ${rule1}
${EACL_CUSTOM} = Create eACL ${CID} ${eACL_gen}
Set eACL ${USER_KEY} ${CID} ${EACL_CUSTOM}
Run Keyword And Expect Error *
... Get object ${OTHER_KEY} ${CID} ${S_OID_USER} ${EMPTY} ${PATH}
... Get object ${OTHER_KEY} ${CID} ${S_OID_USER} ${EMPTY} ${PATH}
Log Set eACL for Deny GET operation with StringEqual Object Extended User Header
${S_OID_USER_OTH} = Put object ${USER_KEY} ${FILE_S} ${CID} user_headers=${ANOTHER_HEADER}
${filters} = Create Dictionary headerType=OBJECT matchType=STRING_EQUAL key=key1 value=1
${rule1} = Create Dictionary Operation=GET Access=DENY Role=OTHERS Filters=${filters}
${eACL_gen} = Create List ${rule1}
${EACL_CUSTOM} = Form eACL JSON Common File ${eACL_gen}
${filters} = Set Variable obj:${CUSTOM_FILTER}=1
${rule1} = Set Variable deny get ${filters} others
${eACL_gen} = Create List ${rule1}
${EACL_CUSTOM} = Create eACL ${CID} ${eACL_gen}
Set eACL ${USER_KEY} ${CID} ${EACL_CUSTOM}
Run Keyword And Expect Error *
@ -176,29 +178,30 @@ Check eACL MatchType String Not Equal Object
Get object ${OTHER_KEY} ${CID} ${S_OID_OTHER} ${EMPTY} ${PATH}
Log Set eACL for Deny GET operation with StringNotEqual Object ID
&{HEADER_DICT} = Head object ${USER_KEY} ${CID} ${S_OID_USER}
${ID_value} = Get From Dictionary ${HEADER_DICT} objectID
${ID_value} = Get From Dictionary ${HEADER_DICT} ${EACL_OBJ_FILTERS}[${ID_FILTER}]
${filters} = Set Variable obj:${ID_FILTER}!=${ID_value}
${rule1} = Set Variable deny get ${filters} others
${eACL_gen} = Create List ${rule1}
${EACL_CUSTOM} = Create eACL ${CID} ${eACL_gen}
${filters} = Create Dictionary headerType=OBJECT matchType=STRING_NOT_EQUAL key=$Object:objectID value=${ID_value}
${rule1} = Create Dictionary Operation=GET Access=DENY Role=OTHERS Filters=${filters}
${eACL_gen} = Create List ${rule1}
${EACL_CUSTOM} = Form eACL JSON Common File ${eACL_gen}
Set eACL ${USER_KEY} ${CID} ${EACL_CUSTOM}
Set eACL ${USER_KEY} ${CID} ${EACL_CUSTOM}
Run Keyword And Expect Error *
... Get object ${OTHER_KEY} ${CID} ${S_OID_OTHER} ${EMPTY} ${PATH}
Get object ${OTHER_KEY} ${CID} ${S_OID_USER} ${EMPTY} ${PATH}
Log Set eACL for Deny GET operation with StringEqual Object Extended User Header
${S_OID_USER_OTH} = Put object ${USER_KEY} ${FILE_S} ${CID} user_headers=${ANOTHER_HEADER}
${S_OID_USER_OTH} = Put object ${USER_KEY} ${FILE_S} ${CID} user_headers=${ANOTHER_HEADER}
${filters} = Set Variable obj:${CUSTOM_FILTER}!=1
${rule1} = Set Variable deny get ${filters} others
${eACL_gen} = Create List ${rule1}
${EACL_CUSTOM} = Create eACL ${CID} ${eACL_gen}
${filters} = Create Dictionary headerType=OBJECT matchType=STRING_NOT_EQUAL key=key1 value=1
${rule1} = Create Dictionary Operation=GET Access=DENY Role=OTHERS Filters=${filters}
${eACL_gen} = Create List ${rule1}
${EACL_CUSTOM} = Form eACL JSON Common File ${eACL_gen}
Set eACL ${USER_KEY} ${CID} ${EACL_CUSTOM}
Set eACL ${USER_KEY} ${CID} ${EACL_CUSTOM}
Run Keyword And Expect Error *
... Get object ${OTHER_KEY} ${CID} ${S_OID_USER_OTH} ${EMPTY} ${PATH}
Get object ${OTHER_KEY} ${CID} ${S_OID_USER} ${EMPTY} ${PATH}

View file

@ -47,7 +47,7 @@ Check $Object:creationEpoch Filter with MatchType String Not Equal
Get Object ${USER_KEY} ${CID} ${S_OID_NEW} ${EMPTY} local_file_eacl
&{HEADER_DICT} = Head Object ${USER_KEY} ${CID} ${S_OID_NEW}
${EACL_CUSTOM} = Compose eACL Custom ${HEADER_DICT} STRING_NOT_EQUAL ${FILTER} DENY OTHERS
${EACL_CUSTOM} = Compose eACL Custom ${CID} ${HEADER_DICT} != ${FILTER} DENY OTHERS
Set eACL ${USER_KEY} ${CID} ${EACL_CUSTOM}
Run Keyword And Expect Error ${EACL_ERR_MSG}

View file

@ -40,6 +40,8 @@ Object ID Object Filter for Extended ACL
Log Check two matchTypes applied
Check eACL Filters, two matchTypes $Object:objectID
[Teardown] Teardown object_id
*** Keywords ***
@ -58,28 +60,12 @@ Check eACL Filters with MatchType String Equal with two contradicting filters
Get Object ${OTHER_KEY} ${CID} ${S_OID_USER} ${EMPTY} ${OBJECT_PATH}
${filter_value} = Get From Dictionary ${HEADER_DICT_USER} ${EACL_OBJ_FILTERS}[${FILTER}]
${filters} = Create Dictionary
... headerType=OBJECT
... matchType=STRING_EQUAL
... key=${FILTER}
... value=${filter_value}
${rule} = Create Dictionary
... Operation=GET
... Access=ALLOW
... Role=OTHERS
... Filters=${filters}
${contradicting_filters} = Create Dictionary
... headerType=OBJECT
... matchType=STRING_EQUAL
... key=$Object:payloadLength
... value=${SIMPLE_OBJ_SIZE}
${contradicting_rule} = Create Dictionary
... Operation=GET
... Access=DENY
... Role=OTHERS
... Filters=${contradicting_filters}
${filters} = Set Variable obj:${FILTER}=${filter_value}
${rule} = Set Variable allow get ${filters} others
${contradicting_filters} = Set Variable obj:$Object:payloadLength=${SIMPLE_OBJ_SIZE}
${contradicting_rule} = Set Variable deny get ${contradicting_filters} others
${eACL_gen} = Create List ${rule} ${contradicting_rule}
${EACL_CUSTOM} = Form eACL JSON Common File ${eACL_gen}
${EACL_CUSTOM} = Create eACL ${CID} ${eACL_gen}
Set eACL ${USER_KEY} ${CID} ${EACL_CUSTOM}
Get object ${OTHER_KEY} ${CID} ${S_OID_USER} ${EMPTY} ${OBJECT_PATH}
@ -101,34 +87,15 @@ Check eACL Filters, two matchTypes
Get Object ${OTHER_KEY} ${CID} ${S_OID_OTHER} ${EMPTY} ${OBJECT_PATH}
${filter_value} = Get From Dictionary ${HEADER_DICT_USER} ${EACL_OBJ_FILTERS}[${FILTER}]
${noneq_filters} = Create Dictionary
... headerType=OBJECT
... matchType=STRING_NOT_EQUAL
... key=${FILTER}
... value=${filter_value}
${rule_noneq_filter} = Create Dictionary
... Operation=GET
... Access=DENY
... Role=OTHERS
... Filters=${noneq_filters}
${eq_filters} = Create Dictionary
... headerType=OBJECT
... matchType=STRING_EQUAL
... key=${FILTER}
... value=${filter_value}
${rule_eq_filter} = Create Dictionary
... Operation=GET
... Access=DENY
... Role=OTHERS
... Filters=${eq_filters}
${noneq_filters} = Set Variable obj:${FILTER}!=${filter_value}
${rule_noneq_filter} = Set Variable deny get ${noneq_filters} others
${eq_filters} = Set Variable obj:${FILTER}=${filter_value}
${rule_eq_filter} = Set Variable deny get ${eq_filters} others
${eACL_gen} = Create List ${rule_noneq_filter} ${rule_eq_filter}
${EACL_CUSTOM} = Form eACL JSON Common File ${eACL_gen}
${EACL_CUSTOM} = Create eACL ${CID} ${eACL_gen}
Set eACL ${USER_KEY} ${CID} ${EACL_CUSTOM}
Run Keyword And Expect Error *
... Get object ${OTHER_KEY} ${CID} ${S_OID_OTHER} ${EMPTY} ${OBJECT_PATH}
Run Keyword And Expect Error *
... Get Object ${OTHER_KEY} ${CID} ${S_OID_USER} ${EMPTY} ${OBJECT_PATH}
[Teardown] Teardown object_id

View file

@ -47,7 +47,7 @@ Check $Object:payloadLength Filter with MatchType String Not Equal
Head Object ${USER_KEY} ${CID} ${S_OID}
&{HEADER_DICT} = Object Header Decoded ${USER_KEY} ${CID} ${S_OID}
${EACL_CUSTOM} = Compose eACL Custom ${HEADER_DICT} STRING_NOT_EQUAL ${FILTER} DENY OTHERS
${EACL_CUSTOM} = Compose eACL Custom ${CID} ${HEADER_DICT} != ${FILTER} DENY OTHERS
Set eACL ${USER_KEY} ${CID} ${EACL_CUSTOM}
Run Keyword And Expect Error ${EACL_ERR_MSG}

View file

@ -1,6 +1,6 @@
EACL_OBJ_FILTERS = {'$Object:objectID': 'ID',
'$Object:containerID': 'CID',
'$Object:ownerID': 'OwnerID',
EACL_OBJ_FILTERS = {'$Object:objectID': 'objectID',
'$Object:containerID': 'containerID',
'$Object:ownerID': 'ownerID',
'$Object:creationEpoch': 'creationEpoch',
'$Object:payloadLength': 'payloadLength',
'$Object:payloadHash': 'payloadHash',

View file

@ -2,8 +2,8 @@
${ACL_TEST_FILES} = robot/resources/files/eacl_tables
${EACL_DENY_ALL_OTHER} = ${ACL_TEST_FILES}/gen_eacl_deny_all_OTHERS
${EACL_ALLOW_ALL_OTHER} = ${ACL_TEST_FILES}/gen_eacl_allow_all_OTHERS
${EACL_DENY_ALL_OTHERS} = ${ACL_TEST_FILES}/gen_eacl_deny_all_OTHERS
${EACL_ALLOW_ALL_OTHERS} = ${ACL_TEST_FILES}/gen_eacl_allow_all_OTHERS
${EACL_DENY_ALL_USER} = ${ACL_TEST_FILES}/gen_eacl_deny_all_USER
${EACL_ALLOW_ALL_USER} = ${ACL_TEST_FILES}/gen_eacl_allow_all_USER