[#162] eACL: Create eACL with neofs-cli
Signed-off-by: Elizaveta Chichindaeva <elizaveta@nspcc.ru>
This commit is contained in:
parent
d66ae5b7fc
commit
e5d6662905
22 changed files with 121 additions and 175 deletions
|
@ -67,6 +67,22 @@ def _encode_cid_for_eacl(cid: str) -> str:
|
|||
cid_base58 = base58.b58decode(cid)
|
||||
return base64.b64encode(cid_base58).decode("utf-8")
|
||||
|
||||
@keyword('Create eACL')
|
||||
def create_eacl(cid: str, rules_list: list):
|
||||
table = f"{os.getcwd()}/{ASSETS_DIR}/eacl_table_{str(uuid.uuid4())}.json"
|
||||
rules = ""
|
||||
for rule in rules_list:
|
||||
# TODO: check if $Object: is still necessary for filtering in the newest releases
|
||||
rules += f"--rule '{rule}' "
|
||||
cmd = (
|
||||
f"{NEOFS_CLI_EXEC} acl extended create --cid {cid} "
|
||||
f"{rules}--out {table}"
|
||||
)
|
||||
logger.info(f"cmd: {cmd}")
|
||||
_cmd_run(cmd)
|
||||
|
||||
return table
|
||||
|
||||
|
||||
@keyword('Form BearerToken File')
|
||||
def form_bearertoken_file(wif: str, cid: str, eacl_records: list) -> str:
|
||||
|
@ -153,48 +169,3 @@ def sign_bearer_token(wif: str, eacl_rules_file: str):
|
|||
)
|
||||
logger.info(f"cmd: {cmd}")
|
||||
_cmd_run(cmd)
|
||||
|
||||
|
||||
@keyword('Form eACL JSON Common File')
|
||||
def form_eacl_json_common_file(eacl_records: list) -> str:
|
||||
# Input role can be Role (USER, SYSTEM, OTHERS) or public key.
|
||||
eacl = {"records":[]}
|
||||
file_path = f"{os.getcwd()}/{ASSETS_DIR}/{str(uuid.uuid4())}"
|
||||
|
||||
for record in eacl_records:
|
||||
op_data = dict()
|
||||
|
||||
if Role(record['Role']):
|
||||
op_data = {
|
||||
"operation": record['Operation'],
|
||||
"action": record['Access'],
|
||||
"filters": [],
|
||||
"targets": [
|
||||
{
|
||||
"role": record['Role']
|
||||
}
|
||||
]
|
||||
}
|
||||
else:
|
||||
op_data = {
|
||||
"operation": record['Operation'],
|
||||
"action": record['Access'],
|
||||
"filters": [],
|
||||
"targets": [
|
||||
{
|
||||
"keys": [ record['Role'] ]
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
if 'Filters' in record.keys():
|
||||
op_data["filters"].append(record['Filters'])
|
||||
|
||||
eacl["records"].append(op_data)
|
||||
|
||||
logger.info(f"Got these extended ACL records: {eacl}")
|
||||
|
||||
with open(file_path, 'w', encoding='utf-8') as eacl_file:
|
||||
json.dump(eacl, eacl_file, ensure_ascii=False, indent=4)
|
||||
|
||||
return file_path
|
||||
|
|
|
@ -27,21 +27,22 @@ Generate file
|
|||
|
||||
|
||||
Prepare eACL Role rules
|
||||
[Arguments] ${CID}
|
||||
Log Set eACL for different Role cases
|
||||
|
||||
# eACL rules for all operations and similar permissions
|
||||
@{Roles} = Create List OTHERS USER SYSTEM
|
||||
@{Roles} = Create List others user system
|
||||
FOR ${role} IN @{Roles}
|
||||
${rule1} = Create Dictionary Operation=GET Access=DENY Role=${role}
|
||||
${rule2} = Create Dictionary Operation=HEAD Access=DENY Role=${role}
|
||||
${rule3} = Create Dictionary Operation=PUT Access=DENY Role=${role}
|
||||
${rule4} = Create Dictionary Operation=DELETE Access=DENY Role=${role}
|
||||
${rule5} = Create Dictionary Operation=SEARCH Access=DENY Role=${role}
|
||||
${rule6} = Create Dictionary Operation=GETRANGE Access=DENY Role=${role}
|
||||
${rule7} = Create Dictionary Operation=GETRANGEHASH Access=DENY Role=${role}
|
||||
${rule1} = Set Variable deny get ${role}
|
||||
${rule2} = Set Variable deny head ${role}
|
||||
${rule3} = Set Variable deny put ${role}
|
||||
${rule4} = Set Variable deny delete ${role}
|
||||
${rule5} = Set Variable deny search ${role}
|
||||
${rule6} = Set Variable deny getrange ${role}
|
||||
${rule7} = Set Variable deny getrangehash ${role}
|
||||
|
||||
${eACL_gen} = Create List ${rule1} ${rule2} ${rule3} ${rule4} ${rule5} ${rule6} ${rule7}
|
||||
${EACL_FILE} = Form eACL JSON Common File ${eACL_gen}
|
||||
${EACL_FILE} = Create eACL ${CID} ${eACL_gen}
|
||||
Set Global Variable ${EACL_DENY_ALL_${role}} ${EACL_FILE}
|
||||
END
|
||||
[Return] gen_eacl_deny_all_${role}
|
||||
|
|
|
@ -89,22 +89,22 @@ Check eACL Deny and Allow All
|
|||
Delete object ${KEY} ${CID} ${S_OID_USER}
|
||||
|
||||
Compose eACL Custom
|
||||
[Arguments] ${HEADER_DICT} ${MATCH_TYPE} ${FILTER} ${ACCESS} ${ROLE}
|
||||
[Arguments] ${CID} ${HEADER_DICT} ${MATCH_TYPE} ${FILTER} ${ACCESS} ${ROLE}
|
||||
|
||||
${filter_value} = Get From dictionary ${HEADER_DICT}[header] ${EACL_OBJ_FILTERS}[${FILTER}]
|
||||
|
||||
${filters} = Create Dictionary headerType=OBJECT matchType=${MATCH_TYPE} key=${FILTER} value=${filter_value}
|
||||
${rule_get}= Create Dictionary Operation=GET Access=${ACCESS} Role=${ROLE} Filters=${filters}
|
||||
${rule_head}= Create Dictionary Operation=HEAD Access=${ACCESS} Role=${ROLE} Filters=${filters}
|
||||
${rule_put}= Create Dictionary Operation=PUT Access=${ACCESS} Role=${ROLE} Filters=${filters}
|
||||
${rule_del}= Create Dictionary Operation=DELETE Access=${ACCESS} Role=${ROLE} Filters=${filters}
|
||||
${rule_search}= Create Dictionary Operation=SEARCH Access=${ACCESS} Role=${ROLE} Filters=${filters}
|
||||
${rule_range}= Create Dictionary Operation=GETRANGE Access=${ACCESS} Role=${ROLE} Filters=${filters}
|
||||
${rule_rangehash}= Create Dictionary Operation=GETRANGEHASH Access=${ACCESS} Role=${ROLE} Filters=${filters}
|
||||
${filters} = Set Variable obj:${FILTER}${MATCH_TYPE}${filter_value}
|
||||
${rule_get}= Set Variable ${ACCESS} get ${filters} ${ROLE}
|
||||
${rule_head}= Set Variable ${ACCESS} head ${filters} ${ROLE}
|
||||
${rule_put}= Set Variable ${ACCESS} put ${filters} ${ROLE}
|
||||
${rule_del}= Set Variable ${ACCESS} delete ${filters} ${ROLE}
|
||||
${rule_search}= Set Variable ${ACCESS} search ${filters} ${ROLE}
|
||||
${rule_range}= Set Variable ${ACCESS} getrange ${filters} ${ROLE}
|
||||
${rule_rangehash}= Set Variable ${ACCESS} getrangehash ${filters} ${ROLE}
|
||||
|
||||
${eACL_gen}= Create List ${rule_get} ${rule_head} ${rule_put} ${rule_del}
|
||||
... ${rule_search} ${rule_range} ${rule_rangehash}
|
||||
${EACL_CUSTOM} = Form eACL JSON Common File ${eACL_gen}
|
||||
${EACL_CUSTOM} = Create eACL ${CID} ${eACL_gen}
|
||||
|
||||
[Return] ${EACL_CUSTOM}
|
||||
|
||||
|
@ -136,8 +136,9 @@ Check eACL Filters with MatchType String Equal
|
|||
Delete Object ${OTHER_KEY} ${CID} ${D_OID_USER}
|
||||
|
||||
&{HEADER_DICT} = Object Header Decoded ${USER_KEY} ${CID} ${S_OID_USER}
|
||||
${EACL_CUSTOM} = Compose eACL Custom ${HEADER_DICT} STRING_EQUAL ${FILTER} DENY OTHERS
|
||||
${EACL_CUSTOM} = Compose eACL Custom ${CID} ${HEADER_DICT} = ${FILTER} deny others
|
||||
Set eACL ${USER_KEY} ${CID} ${EACL_CUSTOM}
|
||||
Sleep ${MORPH_BLOCK_TIME}
|
||||
|
||||
IF 'GET' in ${VERB_FILTER_DEP}[${FILTER}]
|
||||
Run Keyword And Expect Error ${EACL_ERR_MSG}
|
||||
|
@ -185,7 +186,7 @@ Check eACL Filters with MatchType String Not Equal
|
|||
Get Range Hash ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} 0:256
|
||||
|
||||
&{HEADER_DICT} = Object Header Decoded ${USER_KEY} ${CID} ${S_OID_USER}
|
||||
${EACL_CUSTOM} = Compose eACL Custom ${HEADER_DICT} STRING_NOT_EQUAL ${FILTER} DENY OTHERS
|
||||
${EACL_CUSTOM} = Compose eACL Custom ${CID} ${HEADER_DICT} != ${FILTER} deny others
|
||||
Set eACL ${USER_KEY} ${CID} ${EACL_CUSTOM}
|
||||
|
||||
IF 'GET' in ${VERB_FILTER_DEP}[${FILTER}]
|
||||
|
|
|
@ -25,7 +25,6 @@ BearerToken Operations
|
|||
[Setup] Setup
|
||||
|
||||
${_} ${_} ${USER_KEY} = Prepare Wallet And Deposit
|
||||
Prepare eACL Role rules
|
||||
|
||||
Log Check Bearer token with simple object
|
||||
${FILE_S} = Generate file ${SIMPLE_OBJ_SIZE}
|
||||
|
@ -46,6 +45,7 @@ Check eACL Deny and Allow All Bearer
|
|||
[Arguments] ${USER_KEY} ${FILE_S}
|
||||
|
||||
${CID} = Create Container Public ${USER_KEY}
|
||||
Prepare eACL Role rules ${CID}
|
||||
${S_OID_USER} = Put object ${USER_KEY} ${FILE_S} ${CID} user_headers=${USER_HEADER}
|
||||
${D_OID_USER} = Put object ${USER_KEY} ${FILE_S} ${CID} user_headers=${USER_HEADER_DEL}
|
||||
@{S_OBJ_H} = Create List ${S_OID_USER}
|
||||
|
|
|
@ -21,8 +21,7 @@ BearerToken Operations
|
|||
[Setup] Setup
|
||||
|
||||
${WALLET} ${ADDR} ${USER_KEY} = Prepare Wallet And Deposit
|
||||
Prepare eACL Role rules
|
||||
|
||||
|
||||
Log Check Bearer token with simple object
|
||||
${FILE_S} = Generate file ${SIMPLE_OBJ_SIZE}
|
||||
Check eACL Deny and Allow All Bearer Simple ${USER_KEY} ${FILE_S}
|
||||
|
@ -43,6 +42,7 @@ Check eACL Deny and Allow All Bearer
|
|||
|
||||
${CID} = Create Container Public ${USER_KEY}
|
||||
${S_OID_USER} = Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER}
|
||||
Prepare eACL Role rules ${CID}
|
||||
|
||||
|
||||
# Storage group Operations (Put, List, Get, Delete)
|
||||
|
|
|
@ -26,7 +26,6 @@ BearerToken Operations for Сompound Operations
|
|||
|
||||
${_} ${_} ${USER_KEY} = Prepare Wallet And Deposit
|
||||
${_} ${_} ${OTHER_KEY} = Prepare Wallet And Deposit
|
||||
Prepare eACL Role rules
|
||||
|
||||
Log Check Bearer token with simple object
|
||||
${FILE_S} = Generate file ${SIMPLE_OBJ_SIZE}
|
||||
|
@ -58,8 +57,9 @@ Check Bearer Сompound Get
|
|||
[Arguments] ${KEY} ${DENY_GROUP} ${DENY_EACL} ${FILE_S} ${USER_KEY}
|
||||
|
||||
${CID} = Create Container Public ${USER_KEY}
|
||||
Prepare eACL Role rules ${CID}
|
||||
${S_OID_USER} = Put object ${USER_KEY} ${FILE_S} ${CID} user_headers=${USER_HEADER}
|
||||
@{S_OBJ_H} = Create List ${S_OID_USER}
|
||||
@{S_OBJ_H} = Create List ${S_OID_USER}
|
||||
|
||||
${S_OID_USER} = Put object ${USER_KEY} ${FILE_S} ${CID} user_headers=${USER_HEADER}
|
||||
Put object ${KEY} ${FILE_S} ${CID} user_headers=${ANOTHER_HEADER}
|
||||
|
@ -92,6 +92,7 @@ Check Bearer Сompound Delete
|
|||
[Arguments] ${KEY} ${DENY_GROUP} ${DENY_EACL} ${FILE_S} ${USER_KEY}
|
||||
|
||||
${CID} = Create Container Public ${USER_KEY}
|
||||
Prepare eACL Role rules ${CID}
|
||||
${S_OID_USER} = Put object ${USER_KEY} ${FILE_S} ${CID} user_headers=${USER_HEADER}
|
||||
${D_OID_USER} = Put object ${USER_KEY} ${FILE_S} ${CID}
|
||||
Put object ${KEY} ${FILE_S} ${CID} user_headers=${ANOTHER_HEADER}
|
||||
|
@ -126,6 +127,7 @@ Check Bearer Сompound Get Range Hash
|
|||
[Arguments] ${KEY} ${DENY_GROUP} ${DENY_EACL} ${FILE_S} ${USER_KEY}
|
||||
|
||||
${CID} = Create Container Public ${USER_KEY}
|
||||
Prepare eACL Role rules ${CID}
|
||||
|
||||
${S_OID_USER} = Put object ${USER_KEY} ${FILE_S} ${CID} user_headers=${USER_HEADER}
|
||||
Put object ${KEY} ${FILE_S} ${CID} user_headers=${ANOTHER_HEADER}
|
||||
|
|
|
@ -26,7 +26,7 @@ BearerToken Operations with Filter OID Equal
|
|||
|
||||
${WALLET} ${ADDR} ${USER_KEY} = Prepare Wallet And Deposit
|
||||
${WALLET_OTH} ${ADDR_OTH} ${OTHER_KEY} = Prepare Wallet And Deposit
|
||||
Prepare eACL Role rules
|
||||
|
||||
Log Check Bearer token with simple object
|
||||
${FILE_S} = Generate file ${SIMPLE_OBJ_SIZE}
|
||||
Check eACL Deny and Allow All Bearer Filter OID Equal ${USER_KEY} ${FILE_S}
|
||||
|
@ -46,10 +46,11 @@ Check eACL Deny and Allow All Bearer Filter OID Equal
|
|||
[Arguments] ${USER_KEY} ${FILE_S}
|
||||
|
||||
${CID} = Create Container Public ${USER_KEY}
|
||||
Prepare eACL Role rules ${CID}
|
||||
${S_OID_USER} = Put object ${USER_KEY} ${FILE_S} ${CID} user_headers=${USER_HEADER}
|
||||
${S_OID_USER_2} = Put object ${USER_KEY} ${FILE_S} ${CID}
|
||||
${D_OID_USER} = Put object ${USER_KEY} ${FILE_S} ${CID} user_headers=${USER_HEADER_DEL}
|
||||
@{S_OBJ_H} = Create List ${S_OID_USER}
|
||||
@{S_OBJ_H} = Create List ${S_OID_USER}
|
||||
|
||||
Put object ${USER_KEY} ${FILE_S} ${CID} user_headers=${ANOTHER_HEADER}
|
||||
Get object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl
|
||||
|
|
|
@ -24,7 +24,6 @@ BearerToken Operations with Filter OID NotEqual
|
|||
[Setup] Setup
|
||||
|
||||
${_} ${_} ${USER_KEY} = Prepare Wallet And Deposit
|
||||
Prepare eACL Role rules
|
||||
|
||||
Log Check Bearer token with simple object
|
||||
${FILE_S} = Generate file ${SIMPLE_OBJ_SIZE}
|
||||
|
@ -44,10 +43,11 @@ Check eACL Deny and Allow All Bearer Filter OID NotEqual
|
|||
[Arguments] ${USER_KEY} ${FILE_S}
|
||||
|
||||
${CID} = Create Container Public ${USER_KEY}
|
||||
Prepare eACL Role rules ${CID}
|
||||
${S_OID_USER} = Put object ${USER_KEY} ${FILE_S} ${CID} user_headers=${USER_HEADER}
|
||||
${S_OID_USER_2} = Put object ${USER_KEY} ${FILE_S} ${CID}
|
||||
${D_OID_USER} = Put object ${USER_KEY} ${FILE_S} ${CID}
|
||||
@{S_OBJ_H} = Create List ${S_OID_USER}
|
||||
@{S_OBJ_H} = Create List ${S_OID_USER}
|
||||
|
||||
Put object ${USER_KEY} ${FILE_S} ${CID}
|
||||
Get object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl
|
||||
|
@ -58,8 +58,8 @@ Check eACL Deny and Allow All Bearer Filter OID NotEqual
|
|||
|
||||
Set eACL ${USER_KEY} ${CID} ${EACL_DENY_ALL_USER}
|
||||
|
||||
# The current ACL cache lifetime is 30 sec
|
||||
Sleep ${NEOFS_CONTRACT_CACHE_TIMEOUT}
|
||||
# The current ACL cache lifetime is 30 sec
|
||||
Sleep ${NEOFS_CONTRACT_CACHE_TIMEOUT}
|
||||
|
||||
${filters}= Create Dictionary headerType=OBJECT matchType=STRING_NOT_EQUAL key=$Object:objectID value=${S_OID_USER_2}
|
||||
|
||||
|
|
|
@ -25,7 +25,6 @@ BearerToken Operations with Filter UserHeader Equal
|
|||
[Setup] Setup
|
||||
|
||||
${_} ${_} ${USER_KEY} = Prepare Wallet And Deposit
|
||||
Prepare eACL Role rules
|
||||
|
||||
Log Check Bearer token with simple object
|
||||
${FILE_S} = Generate file ${SIMPLE_OBJ_SIZE}
|
||||
|
@ -42,10 +41,11 @@ BearerToken Operations with Filter UserHeader Equal
|
|||
Check eACL Deny and Allow All Bearer Filter UserHeader Equal
|
||||
[Arguments] ${USER_KEY} ${FILE_S}
|
||||
${CID} = Create Container Public ${USER_KEY}
|
||||
Prepare eACL Role rules ${CID}
|
||||
${S_OID_USER} = Put object ${USER_KEY} ${FILE_S} ${CID} user_headers=${USER_HEADER}
|
||||
${S_OID_USER_2} = Put object ${USER_KEY} ${FILE_S} ${CID}
|
||||
${D_OID_USER} = Put object ${USER_KEY} ${FILE_S} ${CID} user_headers=${USER_HEADER_DEL}
|
||||
@{S_OBJ_H} = Create List ${S_OID_USER}
|
||||
@{S_OBJ_H} = Create List ${S_OID_USER}
|
||||
|
||||
Put object ${USER_KEY} ${FILE_S} ${CID} user_headers=${ANOTHER_HEADER}
|
||||
Get object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl
|
||||
|
|
|
@ -25,7 +25,6 @@ BearerToken Operations Filter UserHeader NotEqual
|
|||
[Setup] Setup
|
||||
|
||||
${_} ${_} ${USER_KEY} = Prepare Wallet And Deposit
|
||||
Prepare eACL Role rules
|
||||
|
||||
Log Check Bearer token with simple object
|
||||
${FILE_S} = Generate file ${SIMPLE_OBJ_SIZE}
|
||||
|
@ -43,10 +42,11 @@ Check eACL Deny and Allow All Bearer Filter UserHeader NotEqual
|
|||
[Arguments] ${USER_KEY} ${FILE_S}
|
||||
|
||||
${CID} = Create Container Public ${USER_KEY}
|
||||
Prepare eACL Role rules ${CID}
|
||||
${S_OID_USER} = Put object ${USER_KEY} ${FILE_S} ${CID} user_headers=${ANOTHER_HEADER}
|
||||
${S_OID_USER_2} = Put object ${USER_KEY} ${FILE_S} ${CID} user_headers=${USER_HEADER}
|
||||
${D_OID_USER} = Put object ${USER_KEY} ${FILE_S} ${CID} user_headers=${USER_HEADER_DEL}
|
||||
@{S_OBJ_H} = Create List ${S_OID_USER_2}
|
||||
@{S_OBJ_H} = Create List ${S_OID_USER_2}
|
||||
|
||||
Put object ${USER_KEY} ${FILE_S} ${CID}
|
||||
Get object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl
|
||||
|
|
|
@ -20,7 +20,6 @@ BearerToken Operations for Inaccessible Container
|
|||
[Setup] Setup
|
||||
|
||||
${_} ${_} ${USER_KEY} = Prepare Wallet And Deposit
|
||||
Prepare eACL Role rules
|
||||
|
||||
Log Check Bearer token with simple object
|
||||
${FILE_S} = Generate file ${SIMPLE_OBJ_SIZE}
|
||||
|
@ -38,6 +37,7 @@ Check Container Inaccessible and Allow All Bearer
|
|||
[Arguments] ${USER_KEY} ${FILE_S}
|
||||
|
||||
${CID} = Create Container Inaccessible ${USER_KEY}
|
||||
Prepare eACL Role rules ${CID}
|
||||
|
||||
Run Keyword And Expect Error *
|
||||
... Put object ${USER_KEY} ${FILE_S} ${CID} user_headers=${FILE_USR_HEADER}
|
||||
|
|
|
@ -25,7 +25,6 @@ BearerToken Operations
|
|||
[Setup] Setup
|
||||
|
||||
${_} ${_} ${USER_KEY} = Prepare Wallet And Deposit
|
||||
Prepare eACL Role rules
|
||||
|
||||
Log Check Bearer token with simple object
|
||||
${FILE_S} = Generate file ${SIMPLE_OBJ_SIZE}
|
||||
|
@ -45,6 +44,7 @@ Check eACL Allow All Bearer Filter Requst Equal Deny
|
|||
[Arguments] ${USER_KEY} ${FILE_S}
|
||||
|
||||
${CID} = Create Container Public ${USER_KEY}
|
||||
Prepare eACL Role rules ${CID}
|
||||
${S_OID_USER} = Put object ${USER_KEY} ${FILE_S} ${CID} user_headers=${USER_HEADER}
|
||||
${S_OID_USER_2} = Put object ${USER_KEY} ${FILE_S} ${CID}
|
||||
${D_OID_USER} = Put object ${USER_KEY} ${FILE_S} ${CID} user_headers=${USER_HEADER_DEL}
|
||||
|
|
|
@ -25,7 +25,6 @@ BearerToken Operations with Filter Requst Equal
|
|||
[Setup] Setup
|
||||
|
||||
${_} ${_} ${USER_KEY} = Prepare Wallet And Deposit
|
||||
Prepare eACL Role rules
|
||||
|
||||
Log Check Bearer token with simple object
|
||||
${FILE_S} = Generate file ${SIMPLE_OBJ_SIZE}
|
||||
|
@ -45,10 +44,11 @@ Check eACL Deny and Allow All Bearer Filter Requst Equal
|
|||
[Arguments] ${USER_KEY} ${FILE_S}
|
||||
|
||||
${CID} = Create Container Public ${USER_KEY}
|
||||
Prepare eACL Role rules ${CID}
|
||||
${S_OID_USER} = Put object ${USER_KEY} ${FILE_S} ${CID} user_headers=${USER_HEADER}
|
||||
${S_OID_USER_2} = Put object ${USER_KEY} ${FILE_S} ${CID}
|
||||
${D_OID_USER} = Put object ${USER_KEY} ${FILE_S} ${CID} user_headers=${USER_HEADER_DEL}
|
||||
@{S_OBJ_H} = Create List ${S_OID_USER}
|
||||
@{S_OBJ_H} = Create List ${S_OID_USER}
|
||||
|
||||
Put object ${USER_KEY} ${FILE_S} ${CID}
|
||||
Get object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl
|
||||
|
@ -71,6 +71,7 @@ Check eACL Deny and Allow All Bearer Filter Requst Equal
|
|||
${rule6}= Create Dictionary Operation=GETRANGE Access=ALLOW Role=USER Filters=${filters}
|
||||
${rule7}= Create Dictionary Operation=GETRANGEHASH Access=ALLOW Role=USER Filters=${filters}
|
||||
${eACL_gen}= Create List ${rule1} ${rule2} ${rule3} ${rule4} ${rule5} ${rule6} ${rule7}
|
||||
|
||||
${EACL_TOKEN} = Form BearerToken File ${USER_KEY} ${CID} ${eACL_gen}
|
||||
|
||||
Run Keyword And Expect Error ${EACL_ERROR_MSG}
|
||||
|
|
|
@ -24,8 +24,7 @@ BearerToken Operations with Filter Requst NotEqual
|
|||
|
||||
[Setup] Setup
|
||||
|
||||
${WALLET} ${ADDR} ${USER_KEY} = Prepare Wallet And Deposit
|
||||
Prepare eACL Role rules
|
||||
${_} ${_} ${USER_KEY} = Prepare Wallet And Deposit
|
||||
|
||||
Log Check Bearer token with simple object
|
||||
${FILE_S} = Generate file ${SIMPLE_OBJ_SIZE}
|
||||
|
@ -47,7 +46,7 @@ Check eACL Deny and Allow All Bearer Filter Requst NotEqual
|
|||
${S_OID_USER} = Put object ${USER_KEY} ${FILE_S} ${CID} user_headers=${USER_HEADER}
|
||||
${S_OID_USER_2} = Put object ${USER_KEY} ${FILE_S} ${CID}
|
||||
${D_OID_USER} = Put object ${USER_KEY} ${FILE_S} ${CID} user_headers=${USER_HEADER_DEL}
|
||||
@{S_OBJ_H} = Create List ${S_OID_USER}
|
||||
@{S_OBJ_H} = Create List ${S_OID_USER}
|
||||
|
||||
Put object ${USER_KEY} ${FILE_S} ${CID} user_headers=${ANOTHER_USER_HEADER}
|
||||
Get object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl
|
||||
|
|
|
@ -37,4 +37,4 @@ Extended ACL Operations
|
|||
|
||||
Check eACL Deny and Allow All Other
|
||||
[Arguments] ${USER_KEY} ${OTHER_KEY}
|
||||
Check eACL Deny and Allow All ${OTHER_KEY} ${EACL_DENY_ALL_OTHER} ${EACL_ALLOW_ALL_OTHER} ${USER_KEY}
|
||||
Check eACL Deny and Allow All ${OTHER_KEY} ${EACL_DENY_ALL_OTHERS} ${EACL_ALLOW_ALL_OTHERS} ${USER_KEY}
|
||||
|
|
|
@ -30,8 +30,6 @@ eACL Deny Replication Operations
|
|||
${NODE_NUM} ${NODE} ${WIF_STORAGE} = Get control endpoint with wif
|
||||
${WALLET} ${ADDR} ${WIF_USER} = Prepare Wallet And Deposit
|
||||
|
||||
Prepare eACL Role rules
|
||||
|
||||
Log Check Replication with eACL deny - object should be replicated
|
||||
# https://github.com/nspcc-dev/neofs-node/issues/881
|
||||
|
||||
|
@ -41,14 +39,16 @@ eACL Deny Replication Operations
|
|||
Wait Until Keyword Succeeds ${MORPH_BLOCK_TIME} ${CONTAINER_WAIT_INTERVAL}
|
||||
... Container Existing ${WIF_USER} ${CID}
|
||||
|
||||
${OID} = Put object ${WIF_USER} ${FILE} ${CID} ${EMPTY} ${FILE_USR_HEADER}
|
||||
Prepare eACL Role rules ${CID}
|
||||
|
||||
${OID} = Put object ${WIF_USER} ${FILE} ${CID}
|
||||
|
||||
Validate storage policy for object ${WIF_USER} ${EXPECTED_COPIES} ${CID} ${OID}
|
||||
|
||||
Set eACL ${WIF_USER} ${CID} ${EACL_DENY_ALL_USER}
|
||||
|
||||
Run Keyword And Expect Error *
|
||||
... Put object ${WIF_USER} ${FILE} ${CID} ${EMPTY} ${FILE_USR_HEADER}
|
||||
... Put object ${WIF_USER} ${FILE} ${CID}
|
||||
|
||||
# Drop object to check replication
|
||||
Drop object ${NODE} ${WIF_STORAGE} ${CID} ${OID}
|
||||
|
|
|
@ -16,6 +16,8 @@ Resource eacl_tables.robot
|
|||
${PATH} = testfile
|
||||
&{USER_HEADER} = key1=1 key2=abc
|
||||
&{ANOTHER_HEADER} = key1=oth key2=oth
|
||||
${ID_FILTER} = $Object:objectID
|
||||
${CUSTOM_FILTER} = $Object:key1
|
||||
|
||||
*** Test cases ***
|
||||
Extended ACL Operations
|
||||
|
@ -94,7 +96,7 @@ Check eACL MatchType String Equal Request Allow
|
|||
${CID} = Create Container Public ${USER_KEY}
|
||||
${S_OID_USER} = Put Object ${USER_KEY} ${FILE_S} ${CID}
|
||||
Get Object ${OTHER_KEY} ${CID} ${S_OID_USER} ${EMPTY} ${PATH}
|
||||
|
||||
|
||||
Set eACL ${USER_KEY} ${CID} ${EACL_XHEADER_ALLOW_ALL}
|
||||
|
||||
# The current ACL cache lifetime is 30 sec
|
||||
|
@ -136,27 +138,27 @@ Check eACL MatchType String Equal Object
|
|||
Get Object ${OTHER_KEY} ${CID} ${S_OID_USER} ${EMPTY} ${PATH}
|
||||
|
||||
Log Set eACL for Deny GET operation with StringEqual Object ID
|
||||
|
||||
&{HEADER_DICT} = Head Object ${USER_KEY} ${CID} ${S_OID_USER}
|
||||
${ID_value} = Get From dictionary ${HEADER_DICT} objectID
|
||||
|
||||
${filters} = Create Dictionary headerType=OBJECT matchType=STRING_EQUAL key=$Object:objectID value=${ID_value}
|
||||
${rule1} = Create Dictionary Operation=GET Access=DENY Role=OTHERS Filters=${filters}
|
||||
${eACL_gen} = Create List ${rule1}
|
||||
${EACL_CUSTOM} = Form eACL JSON Common File ${eACL_gen}
|
||||
|
||||
Set eACL ${USER_KEY} ${CID} ${EACL_CUSTOM}
|
||||
${ID_value} = Get From dictionary ${HEADER_DICT} ${EACL_OBJ_FILTERS}[${ID_FILTER}]
|
||||
|
||||
${filters} = Set Variable obj:${ID_FILTER}=${ID_value}
|
||||
${rule1} = Set Variable deny get ${filters} others
|
||||
${eACL_gen} = Create List ${rule1}
|
||||
${EACL_CUSTOM} = Create eACL ${CID} ${eACL_gen}
|
||||
Set eACL ${USER_KEY} ${CID} ${EACL_CUSTOM}
|
||||
Run Keyword And Expect Error *
|
||||
... Get object ${OTHER_KEY} ${CID} ${S_OID_USER} ${EMPTY} ${PATH}
|
||||
... Get object ${OTHER_KEY} ${CID} ${S_OID_USER} ${EMPTY} ${PATH}
|
||||
|
||||
|
||||
Log Set eACL for Deny GET operation with StringEqual Object Extended User Header
|
||||
|
||||
${S_OID_USER_OTH} = Put object ${USER_KEY} ${FILE_S} ${CID} user_headers=${ANOTHER_HEADER}
|
||||
|
||||
${filters} = Create Dictionary headerType=OBJECT matchType=STRING_EQUAL key=key1 value=1
|
||||
${rule1} = Create Dictionary Operation=GET Access=DENY Role=OTHERS Filters=${filters}
|
||||
${eACL_gen} = Create List ${rule1}
|
||||
${EACL_CUSTOM} = Form eACL JSON Common File ${eACL_gen}
|
||||
|
||||
|
||||
${filters} = Set Variable obj:${CUSTOM_FILTER}=1
|
||||
${rule1} = Set Variable deny get ${filters} others
|
||||
${eACL_gen} = Create List ${rule1}
|
||||
${EACL_CUSTOM} = Create eACL ${CID} ${eACL_gen}
|
||||
|
||||
Set eACL ${USER_KEY} ${CID} ${EACL_CUSTOM}
|
||||
Run Keyword And Expect Error *
|
||||
|
@ -176,29 +178,30 @@ Check eACL MatchType String Not Equal Object
|
|||
Get object ${OTHER_KEY} ${CID} ${S_OID_OTHER} ${EMPTY} ${PATH}
|
||||
|
||||
Log Set eACL for Deny GET operation with StringNotEqual Object ID
|
||||
|
||||
&{HEADER_DICT} = Head object ${USER_KEY} ${CID} ${S_OID_USER}
|
||||
${ID_value} = Get From Dictionary ${HEADER_DICT} objectID
|
||||
${ID_value} = Get From Dictionary ${HEADER_DICT} ${EACL_OBJ_FILTERS}[${ID_FILTER}]
|
||||
|
||||
${filters} = Set Variable obj:${ID_FILTER}!=${ID_value}
|
||||
${rule1} = Set Variable deny get ${filters} others
|
||||
${eACL_gen} = Create List ${rule1}
|
||||
${EACL_CUSTOM} = Create eACL ${CID} ${eACL_gen}
|
||||
|
||||
${filters} = Create Dictionary headerType=OBJECT matchType=STRING_NOT_EQUAL key=$Object:objectID value=${ID_value}
|
||||
${rule1} = Create Dictionary Operation=GET Access=DENY Role=OTHERS Filters=${filters}
|
||||
${eACL_gen} = Create List ${rule1}
|
||||
${EACL_CUSTOM} = Form eACL JSON Common File ${eACL_gen}
|
||||
|
||||
Set eACL ${USER_KEY} ${CID} ${EACL_CUSTOM}
|
||||
Set eACL ${USER_KEY} ${CID} ${EACL_CUSTOM}
|
||||
Run Keyword And Expect Error *
|
||||
... Get object ${OTHER_KEY} ${CID} ${S_OID_OTHER} ${EMPTY} ${PATH}
|
||||
Get object ${OTHER_KEY} ${CID} ${S_OID_USER} ${EMPTY} ${PATH}
|
||||
|
||||
|
||||
Log Set eACL for Deny GET operation with StringEqual Object Extended User Header
|
||||
${S_OID_USER_OTH} = Put object ${USER_KEY} ${FILE_S} ${CID} user_headers=${ANOTHER_HEADER}
|
||||
|
||||
${S_OID_USER_OTH} = Put object ${USER_KEY} ${FILE_S} ${CID} user_headers=${ANOTHER_HEADER}
|
||||
${filters} = Set Variable obj:${CUSTOM_FILTER}!=1
|
||||
${rule1} = Set Variable deny get ${filters} others
|
||||
${eACL_gen} = Create List ${rule1}
|
||||
${EACL_CUSTOM} = Create eACL ${CID} ${eACL_gen}
|
||||
|
||||
${filters} = Create Dictionary headerType=OBJECT matchType=STRING_NOT_EQUAL key=key1 value=1
|
||||
${rule1} = Create Dictionary Operation=GET Access=DENY Role=OTHERS Filters=${filters}
|
||||
${eACL_gen} = Create List ${rule1}
|
||||
${EACL_CUSTOM} = Form eACL JSON Common File ${eACL_gen}
|
||||
|
||||
Set eACL ${USER_KEY} ${CID} ${EACL_CUSTOM}
|
||||
Set eACL ${USER_KEY} ${CID} ${EACL_CUSTOM}
|
||||
Run Keyword And Expect Error *
|
||||
... Get object ${OTHER_KEY} ${CID} ${S_OID_USER_OTH} ${EMPTY} ${PATH}
|
||||
Get object ${OTHER_KEY} ${CID} ${S_OID_USER} ${EMPTY} ${PATH}
|
||||
|
|
|
@ -47,7 +47,7 @@ Check $Object:creationEpoch Filter with MatchType String Not Equal
|
|||
Get Object ${USER_KEY} ${CID} ${S_OID_NEW} ${EMPTY} local_file_eacl
|
||||
|
||||
&{HEADER_DICT} = Head Object ${USER_KEY} ${CID} ${S_OID_NEW}
|
||||
${EACL_CUSTOM} = Compose eACL Custom ${HEADER_DICT} STRING_NOT_EQUAL ${FILTER} DENY OTHERS
|
||||
${EACL_CUSTOM} = Compose eACL Custom ${CID} ${HEADER_DICT} != ${FILTER} DENY OTHERS
|
||||
Set eACL ${USER_KEY} ${CID} ${EACL_CUSTOM}
|
||||
|
||||
Run Keyword And Expect Error ${EACL_ERR_MSG}
|
||||
|
|
|
@ -40,6 +40,8 @@ Object ID Object Filter for Extended ACL
|
|||
Log Check two matchTypes applied
|
||||
Check eACL Filters, two matchTypes $Object:objectID
|
||||
|
||||
[Teardown] Teardown object_id
|
||||
|
||||
|
||||
*** Keywords ***
|
||||
|
||||
|
@ -58,28 +60,12 @@ Check eACL Filters with MatchType String Equal with two contradicting filters
|
|||
Get Object ${OTHER_KEY} ${CID} ${S_OID_USER} ${EMPTY} ${OBJECT_PATH}
|
||||
|
||||
${filter_value} = Get From Dictionary ${HEADER_DICT_USER} ${EACL_OBJ_FILTERS}[${FILTER}]
|
||||
${filters} = Create Dictionary
|
||||
... headerType=OBJECT
|
||||
... matchType=STRING_EQUAL
|
||||
... key=${FILTER}
|
||||
... value=${filter_value}
|
||||
${rule} = Create Dictionary
|
||||
... Operation=GET
|
||||
... Access=ALLOW
|
||||
... Role=OTHERS
|
||||
... Filters=${filters}
|
||||
${contradicting_filters} = Create Dictionary
|
||||
... headerType=OBJECT
|
||||
... matchType=STRING_EQUAL
|
||||
... key=$Object:payloadLength
|
||||
... value=${SIMPLE_OBJ_SIZE}
|
||||
${contradicting_rule} = Create Dictionary
|
||||
... Operation=GET
|
||||
... Access=DENY
|
||||
... Role=OTHERS
|
||||
... Filters=${contradicting_filters}
|
||||
${filters} = Set Variable obj:${FILTER}=${filter_value}
|
||||
${rule} = Set Variable allow get ${filters} others
|
||||
${contradicting_filters} = Set Variable obj:$Object:payloadLength=${SIMPLE_OBJ_SIZE}
|
||||
${contradicting_rule} = Set Variable deny get ${contradicting_filters} others
|
||||
${eACL_gen} = Create List ${rule} ${contradicting_rule}
|
||||
${EACL_CUSTOM} = Form eACL JSON Common File ${eACL_gen}
|
||||
${EACL_CUSTOM} = Create eACL ${CID} ${eACL_gen}
|
||||
|
||||
Set eACL ${USER_KEY} ${CID} ${EACL_CUSTOM}
|
||||
Get object ${OTHER_KEY} ${CID} ${S_OID_USER} ${EMPTY} ${OBJECT_PATH}
|
||||
|
@ -101,34 +87,15 @@ Check eACL Filters, two matchTypes
|
|||
Get Object ${OTHER_KEY} ${CID} ${S_OID_OTHER} ${EMPTY} ${OBJECT_PATH}
|
||||
|
||||
${filter_value} = Get From Dictionary ${HEADER_DICT_USER} ${EACL_OBJ_FILTERS}[${FILTER}]
|
||||
${noneq_filters} = Create Dictionary
|
||||
... headerType=OBJECT
|
||||
... matchType=STRING_NOT_EQUAL
|
||||
... key=${FILTER}
|
||||
... value=${filter_value}
|
||||
${rule_noneq_filter} = Create Dictionary
|
||||
... Operation=GET
|
||||
... Access=DENY
|
||||
... Role=OTHERS
|
||||
... Filters=${noneq_filters}
|
||||
${eq_filters} = Create Dictionary
|
||||
... headerType=OBJECT
|
||||
... matchType=STRING_EQUAL
|
||||
... key=${FILTER}
|
||||
... value=${filter_value}
|
||||
${rule_eq_filter} = Create Dictionary
|
||||
... Operation=GET
|
||||
... Access=DENY
|
||||
... Role=OTHERS
|
||||
... Filters=${eq_filters}
|
||||
${noneq_filters} = Set Variable obj:${FILTER}!=${filter_value}
|
||||
${rule_noneq_filter} = Set Variable deny get ${noneq_filters} others
|
||||
${eq_filters} = Set Variable obj:${FILTER}=${filter_value}
|
||||
${rule_eq_filter} = Set Variable deny get ${eq_filters} others
|
||||
${eACL_gen} = Create List ${rule_noneq_filter} ${rule_eq_filter}
|
||||
${EACL_CUSTOM} = Form eACL JSON Common File ${eACL_gen}
|
||||
${EACL_CUSTOM} = Create eACL ${CID} ${eACL_gen}
|
||||
|
||||
Set eACL ${USER_KEY} ${CID} ${EACL_CUSTOM}
|
||||
Run Keyword And Expect Error *
|
||||
... Get object ${OTHER_KEY} ${CID} ${S_OID_OTHER} ${EMPTY} ${OBJECT_PATH}
|
||||
Run Keyword And Expect Error *
|
||||
... Get Object ${OTHER_KEY} ${CID} ${S_OID_USER} ${EMPTY} ${OBJECT_PATH}
|
||||
|
||||
|
||||
[Teardown] Teardown object_id
|
||||
|
|
|
@ -47,7 +47,7 @@ Check $Object:payloadLength Filter with MatchType String Not Equal
|
|||
Head Object ${USER_KEY} ${CID} ${S_OID}
|
||||
|
||||
&{HEADER_DICT} = Object Header Decoded ${USER_KEY} ${CID} ${S_OID}
|
||||
${EACL_CUSTOM} = Compose eACL Custom ${HEADER_DICT} STRING_NOT_EQUAL ${FILTER} DENY OTHERS
|
||||
${EACL_CUSTOM} = Compose eACL Custom ${CID} ${HEADER_DICT} != ${FILTER} DENY OTHERS
|
||||
Set eACL ${USER_KEY} ${CID} ${EACL_CUSTOM}
|
||||
|
||||
Run Keyword And Expect Error ${EACL_ERR_MSG}
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
EACL_OBJ_FILTERS = {'$Object:objectID': 'ID',
|
||||
'$Object:containerID': 'CID',
|
||||
'$Object:ownerID': 'OwnerID',
|
||||
EACL_OBJ_FILTERS = {'$Object:objectID': 'objectID',
|
||||
'$Object:containerID': 'containerID',
|
||||
'$Object:ownerID': 'ownerID',
|
||||
'$Object:creationEpoch': 'creationEpoch',
|
||||
'$Object:payloadLength': 'payloadLength',
|
||||
'$Object:payloadHash': 'payloadHash',
|
||||
|
|
|
@ -2,8 +2,8 @@
|
|||
|
||||
${ACL_TEST_FILES} = robot/resources/files/eacl_tables
|
||||
|
||||
${EACL_DENY_ALL_OTHER} = ${ACL_TEST_FILES}/gen_eacl_deny_all_OTHERS
|
||||
${EACL_ALLOW_ALL_OTHER} = ${ACL_TEST_FILES}/gen_eacl_allow_all_OTHERS
|
||||
${EACL_DENY_ALL_OTHERS} = ${ACL_TEST_FILES}/gen_eacl_deny_all_OTHERS
|
||||
${EACL_ALLOW_ALL_OTHERS} = ${ACL_TEST_FILES}/gen_eacl_allow_all_OTHERS
|
||||
|
||||
${EACL_DENY_ALL_USER} = ${ACL_TEST_FILES}/gen_eacl_deny_all_USER
|
||||
${EACL_ALLOW_ALL_USER} = ${ACL_TEST_FILES}/gen_eacl_allow_all_USER
|
||||
|
|
Loading…
Reference in a new issue