[#191] EACL_KEY -> WALLET_ALLOW
Signed-off-by: Elizaveta Chichindaeva <elizaveta@nspcc.ru>
This commit is contained in:
parent
dddffdc95a
commit
6394d9e362
5 changed files with 58 additions and 204 deletions
|
@ -1,158 +0,0 @@
|
|||
{
|
||||
"records": [
|
||||
{
|
||||
"operation": "GET",
|
||||
"action": "ALLOW",
|
||||
"filters": [],
|
||||
"targets": [
|
||||
{
|
||||
"keys": [
|
||||
"A9tDy6Ye+UimXCCzJrlAmRE0FDZHjf3XRyya9rELtgAA"
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"operation": "HEAD",
|
||||
"action": "ALLOW",
|
||||
"filters": [],
|
||||
"targets": [
|
||||
{
|
||||
"keys": [
|
||||
"A9tDy6Ye+UimXCCzJrlAmRE0FDZHjf3XRyya9rELtgAA"
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"operation": "PUT",
|
||||
"action": "ALLOW",
|
||||
"filters": [],
|
||||
"targets": [
|
||||
{
|
||||
"keys": [
|
||||
"A9tDy6Ye+UimXCCzJrlAmRE0FDZHjf3XRyya9rELtgAA"
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"operation": "DELETE",
|
||||
"action": "ALLOW",
|
||||
"filters": [],
|
||||
"targets": [
|
||||
{
|
||||
"keys": [
|
||||
"A9tDy6Ye+UimXCCzJrlAmRE0FDZHjf3XRyya9rELtgAA"
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"operation": "SEARCH",
|
||||
"action": "ALLOW",
|
||||
"filters": [],
|
||||
"targets": [
|
||||
{
|
||||
"keys": [
|
||||
"A9tDy6Ye+UimXCCzJrlAmRE0FDZHjf3XRyya9rELtgAA"
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"operation": "GETRANGE",
|
||||
"action": "ALLOW",
|
||||
"filters": [],
|
||||
"targets": [
|
||||
{
|
||||
"keys": [
|
||||
"A9tDy6Ye+UimXCCzJrlAmRE0FDZHjf3XRyya9rELtgAA"
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"operation": "GETRANGEHASH",
|
||||
"action": "ALLOW",
|
||||
"filters": [],
|
||||
"targets": [
|
||||
{
|
||||
"keys": [
|
||||
"A9tDy6Ye+UimXCCzJrlAmRE0FDZHjf3XRyya9rELtgAA"
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"operation": "GET",
|
||||
"action": "DENY",
|
||||
"filters": [],
|
||||
"targets": [
|
||||
{
|
||||
"role": "OTHERS"
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"operation": "HEAD",
|
||||
"action": "DENY",
|
||||
"filters": [],
|
||||
"targets": [
|
||||
{
|
||||
"role": "OTHERS"
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"operation": "PUT",
|
||||
"action": "DENY",
|
||||
"filters": [],
|
||||
"targets": [
|
||||
{
|
||||
"role": "OTHERS"
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"operation": "DELETE",
|
||||
"action": "DENY",
|
||||
"filters": [],
|
||||
"targets": [
|
||||
{
|
||||
"role": "OTHERS"
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"operation": "SEARCH",
|
||||
"action": "DENY",
|
||||
"filters": [],
|
||||
"targets": [
|
||||
{
|
||||
"role": "OTHERS"
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"operation": "GETRANGE",
|
||||
"action": "DENY",
|
||||
"filters": [],
|
||||
"targets": [
|
||||
{
|
||||
"role": "OTHERS"
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"operation": "GETRANGEHASH",
|
||||
"action": "DENY",
|
||||
"filters": [],
|
||||
"targets": [
|
||||
{
|
||||
"role": "OTHERS"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
|
@ -10,6 +10,7 @@ from enum import Enum, auto
|
|||
import base58
|
||||
from cli_helpers import _cmd_run
|
||||
from common import ASSETS_DIR, NEOFS_ENDPOINT, WALLET_CONFIG
|
||||
from neo3 import wallet
|
||||
from robot.api import logger
|
||||
from robot.api.deco import keyword
|
||||
|
||||
|
@ -36,9 +37,9 @@ class Role(AutoName):
|
|||
|
||||
|
||||
@keyword('Get eACL')
|
||||
def get_eacl(wallet: str, cid: str):
|
||||
def get_eacl(wallet_path: str, cid: str):
|
||||
cmd = (
|
||||
f'{NEOFS_CLI_EXEC} --rpc-endpoint {NEOFS_ENDPOINT} --wallet {wallet} '
|
||||
f'{NEOFS_CLI_EXEC} --rpc-endpoint {NEOFS_ENDPOINT} --wallet {wallet_path} '
|
||||
f'container get-eacl --cid {cid} --config {WALLET_CONFIG}'
|
||||
)
|
||||
try:
|
||||
|
@ -53,9 +54,9 @@ def get_eacl(wallet: str, cid: str):
|
|||
|
||||
|
||||
@keyword('Set eACL')
|
||||
def set_eacl(wallet: str, cid: str, eacl_table_path: str):
|
||||
def set_eacl(wallet_path: str, cid: str, eacl_table_path: str):
|
||||
cmd = (
|
||||
f'{NEOFS_CLI_EXEC} --rpc-endpoint {NEOFS_ENDPOINT} --wallet {wallet} '
|
||||
f'{NEOFS_CLI_EXEC} --rpc-endpoint {NEOFS_ENDPOINT} --wallet {wallet_path} '
|
||||
f'container set-eacl --cid {cid} --table {eacl_table_path} --config {WALLET_CONFIG} --await'
|
||||
)
|
||||
_cmd_run(cmd)
|
||||
|
@ -159,10 +160,37 @@ def form_bearertoken_file(wif: str, cid: str, eacl_records: list) -> str:
|
|||
sign_bearer_token(wif, file_path)
|
||||
return file_path
|
||||
|
||||
@keyword('EACL Rules')
|
||||
def eacl_rules(access: str, verbs: list, user: str):
|
||||
"""
|
||||
This function creates a list of eACL rules.
|
||||
Args:
|
||||
access (str): identifies if the following operation(s)
|
||||
is allowed or denied
|
||||
verbs (list): a list of operations to set rules for
|
||||
user (str): a group of users (user/others) or a wallet of
|
||||
a certain user for whom rules are set
|
||||
Returns:
|
||||
(list): a list of eACL rules
|
||||
"""
|
||||
if user not in ('others', 'user'):
|
||||
wallet_content = ''
|
||||
with open(user) as out:
|
||||
wallet_content = json.load(out)
|
||||
wallet_from_json = wallet.Wallet.from_json(wallet_content, password="")
|
||||
pub_key_64 = str(wallet_from_json.accounts[0].public_key)
|
||||
user = f"pubkey:{pub_key_64}"
|
||||
|
||||
def sign_bearer_token(wallet: str, eacl_rules_file: str):
|
||||
rules = []
|
||||
for verb in verbs:
|
||||
elements = [access, verb, user]
|
||||
rules.append(' '.join(elements))
|
||||
return rules
|
||||
|
||||
|
||||
def sign_bearer_token(wallet_path: str, eacl_rules_file: str):
|
||||
cmd = (
|
||||
f'{NEOFS_CLI_EXEC} util sign bearer-token --from {eacl_rules_file} '
|
||||
f'--to {eacl_rules_file} --wallet {wallet} --config {WALLET_CONFIG} --json'
|
||||
f'--to {eacl_rules_file} --wallet {wallet_path} --config {WALLET_CONFIG} --json'
|
||||
)
|
||||
_cmd_run(cmd)
|
||||
|
|
|
@ -9,12 +9,11 @@ import uuid
|
|||
import docker
|
||||
import wallet
|
||||
from common import ASSETS_DIR, SIMPLE_OBJ_SIZE
|
||||
from cli_helpers import _cmd_run
|
||||
from robot.api import logger
|
||||
from robot.api.deco import keyword
|
||||
from robot.libraries.BuiltIn import BuiltIn
|
||||
|
||||
from cli_helpers import _cmd_run
|
||||
|
||||
ROBOT_AUTO_KEYWORDS = False
|
||||
|
||||
|
||||
|
@ -71,13 +70,6 @@ def generate_wallet():
|
|||
return wallet.init_wallet(ASSETS_DIR)
|
||||
|
||||
|
||||
# TODO: should be deleted in the scope
|
||||
# of https://github.com/nspcc-dev/neofs-testcases/issues/191
|
||||
@keyword('Init Wallet from WIF')
|
||||
def init_wallet_from_wif(dir_path: str, wif: str):
|
||||
return wallet.init_wallet_from_wif(dir_path, wif)
|
||||
|
||||
|
||||
@keyword('Get Docker Logs')
|
||||
def get_container_logs(testcase_name: str) -> None:
|
||||
client = docker.APIClient(base_url='unix://var/run/docker.sock')
|
||||
|
|
|
@ -20,15 +20,3 @@ Prepare Wallet And Deposit
|
|||
Sleep ${MORPH_BLOCK_TIME}
|
||||
|
||||
[Return] ${WALLET} ${ADDR} ${WIF}
|
||||
|
||||
# TODO: should be deleted in the scope of https://github.com/nspcc-dev/neofs-testcases/issues/191
|
||||
Prepare Wallet with WIF And Deposit
|
||||
[Arguments] ${WIF} ${DEPOSIT}=${30}
|
||||
|
||||
${WALLET}
|
||||
... ${ADDR} = Init Wallet from WIF ${ASSETS_DIR} ${WIF}
|
||||
Transfer Mainnet Gas ${WALLET} ${DEPOSIT+1}
|
||||
NeoFS Deposit ${WALLET} ${DEPOSIT}
|
||||
Sleep ${MORPH_BLOCK_TIME}
|
||||
|
||||
[Return] ${WALLET} ${ADDR}
|
||||
|
|
|
@ -5,6 +5,7 @@ Library acl.py
|
|||
Library container.py
|
||||
Library neofs_verbs.py
|
||||
Library utility_keywords.py
|
||||
Library Collections
|
||||
|
||||
Resource common_steps_acl_extended.robot
|
||||
Resource payment_operations.robot
|
||||
|
@ -12,7 +13,6 @@ Resource setup_teardown.robot
|
|||
Resource eacl_tables.robot
|
||||
|
||||
*** Variables ***
|
||||
${EACL_KEY} = L1FGTLE6shum3EC7mNTPArUqSCKnmtEweRzyuawtYRZwGjpeRuw1
|
||||
&{USER_HEADER} = key1=1 key2=abc
|
||||
&{USER_HEADER_DEL} = key1=del key2=del
|
||||
&{ANOTHER_HEADER} = key1=oth key2=oth
|
||||
|
@ -50,18 +50,22 @@ Check eACL Deny All Other and Allow All Pubkey
|
|||
${D_OID_USER} = Put object ${USER_WALLET} ${FILE_S} ${CID} user_headers=${USER_HEADER_DEL}
|
||||
@{S_OBJ_H} = Create List ${S_OID_USER}
|
||||
|
||||
# TODO: should be deleted in the scope of https://github.com/nspcc-dev/neofs-testcases/issues/191
|
||||
${WALLET_EACL} ${_} = Prepare Wallet with WIF And Deposit ${EACL_KEY}
|
||||
${WALLET_ALLOW} ${_} ${_} = Prepare Wallet And Deposit
|
||||
|
||||
Put object ${WALLET_EACL} ${FILE_S} ${CID} user_headers=${ANOTHER_HEADER}
|
||||
Get object ${WALLET_EACL} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl
|
||||
Search object ${WALLET_EACL} ${CID} ${EMPTY} ${EMPTY} ${USER_HEADER} ${S_OBJ_H}
|
||||
Head object ${WALLET_EACL} ${CID} ${S_OID_USER}
|
||||
Get Range ${WALLET_EACL} ${CID} ${S_OID_USER} s_get_range ${EMPTY} 0:256
|
||||
Get Range Hash ${WALLET_EACL} ${CID} ${S_OID_USER} ${EMPTY} 0:256
|
||||
Delete object ${WALLET_EACL} ${CID} ${D_OID_USER}
|
||||
Put object ${WALLET_ALLOW} ${FILE_S} ${CID} user_headers=${ANOTHER_HEADER}
|
||||
Get object ${WALLET_ALLOW} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl
|
||||
Search object ${WALLET_ALLOW} ${CID} ${EMPTY} ${EMPTY} ${USER_HEADER} ${S_OBJ_H}
|
||||
Head object ${WALLET_ALLOW} ${CID} ${S_OID_USER}
|
||||
Get Range ${WALLET_ALLOW} ${CID} ${S_OID_USER} s_get_range ${EMPTY} 0:256
|
||||
Get Range Hash ${WALLET_ALLOW} ${CID} ${S_OID_USER} ${EMPTY} 0:256
|
||||
Delete object ${WALLET_ALLOW} ${CID} ${D_OID_USER}
|
||||
|
||||
Set eACL ${USER_WALLET} ${CID} ${EACL_ALLOW_ALL_Pubkey}
|
||||
@{VERBS} = Create List get head put delete search getrange getrangehash
|
||||
${RULES_OTH} = EACL Rules deny ${VERBS} others
|
||||
${RULES_PUB} = EACL Rules allow ${VERBS} ${WALLET_ALLOW}
|
||||
${eACL_gen} = Combine Lists ${RULES_PUB} ${RULES_OTH}
|
||||
${EACL_TABLE} = Create eACL ${CID} ${eACL_gen}
|
||||
Set EACL ${USER_WALLET} ${CID} ${EACL_TABLE}
|
||||
|
||||
# The current ACL cache lifetime is 30 sec
|
||||
Sleep ${NEOFS_CONTRACT_CACHE_TIMEOUT}
|
||||
|
@ -83,10 +87,10 @@ Check eACL Deny All Other and Allow All Pubkey
|
|||
Run Keyword And Expect Error *
|
||||
... Delete object ${WALLET_OTH} ${CID} ${S_OID_USER}
|
||||
|
||||
Put object ${WALLET_EACL} ${FILE_S} ${CID} user_headers=${ANOTHER_HEADER}
|
||||
Get object ${WALLET_EACL} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl
|
||||
Search object ${WALLET_EACL} ${CID} ${EMPTY} ${EMPTY} ${USER_HEADER} ${S_OBJ_H}
|
||||
Head object ${WALLET_EACL} ${CID} ${S_OID_USER}
|
||||
Get Range ${WALLET_EACL} ${CID} ${S_OID_USER} s_get_range ${EMPTY} 0:256
|
||||
Get Range Hash ${WALLET_EACL} ${CID} ${S_OID_USER} ${EMPTY} 0:256
|
||||
Delete object ${WALLET_EACL} ${CID} ${S_OID_USER}
|
||||
Put object ${WALLET_ALLOW} ${FILE_S} ${CID} user_headers=${ANOTHER_HEADER}
|
||||
Get object ${WALLET_ALLOW} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl
|
||||
Search object ${WALLET_ALLOW} ${CID} ${EMPTY} ${EMPTY} ${USER_HEADER} ${S_OBJ_H}
|
||||
Head object ${WALLET_ALLOW} ${CID} ${S_OID_USER}
|
||||
Get Range ${WALLET_ALLOW} ${CID} ${S_OID_USER} s_get_range ${EMPTY} 0:256
|
||||
Get Range Hash ${WALLET_ALLOW} ${CID} ${S_OID_USER} ${EMPTY} 0:256
|
||||
Delete object ${WALLET_ALLOW} ${CID} ${S_OID_USER}
|
||||
|
|
Loading…
Reference in a new issue