From da334c3bc1eb4db693a25553fdf73880f7062919 Mon Sep 17 00:00:00 2001 From: "anatoly@nspcc.ru" Date: Fri, 14 Aug 2020 01:09:00 +0300 Subject: [PATCH 1/2] update --- README.md | 10 + robot/resources/lib/neofs.py | 74 ++- robot/testsuites/integration/acl_basic.robot | 55 ++- .../testsuites/integration/acl_extended.robot | 433 ++++++++++++++++++ 4 files changed, 558 insertions(+), 14 deletions(-) create mode 100644 robot/testsuites/integration/acl_extended.robot diff --git a/README.md b/README.md index 3710c60..a65c021 100644 --- a/README.md +++ b/README.md @@ -13,6 +13,16 @@ 3. Логи будут доступны в папке artifacts/ после завершения тестов с любым из статусов. +### Запуск произвольного тесткейса +Для запуска произвольного тесткейса нужно выполнить команду: +`robot --timestampoutputs --outputdir artifacts/ robot/testsuites/integration/.robot ` + +Для запуска доступны следущие сценарии: + * acl_basic.robot - базовый ACL + * acl_extended.robot - extended ACL + * object_complex.robot - операции над простым объектом + * object_simple.robot - операции над большим объектом + ### Запуск тесткейсов в докере 1. Задать переменные окружения для работы с dev-env: diff --git a/robot/resources/lib/neofs.py b/robot/resources/lib/neofs.py index fbc5c7d..a6ac4e3 100644 --- a/robot/resources/lib/neofs.py +++ b/robot/resources/lib/neofs.py @@ -62,10 +62,31 @@ def validate_storage_policy_for_object(private_key: bytes, expected_copies: int, raise Exception("Not enough object copies to match storage policyю Found: %s, expexted: %s." % (copies, expected_copies)) +# docker exec neofs-cli neofs-cli --host 192.168.123.71:8080 --key 1ed43848107fd2d513c38ebfba3bb8c33d5abd2b6a99fafb09d07a30191989af container set-eacl --cid DNG1DCV3PTfxuYCLdbdMpRmrumfvacyWmyqLzNrV1koi --eacl 0a4b080210021a1e080310011a0a686561646572206b6579220c6865616465722076616c7565222508031221031a6c6fbbdf02ca351745fa86b9ba5a9452d785ac4f7fc2b7548ca2a46c4fcf4a +# Updating ACL rules of container... + +@keyword('Get eACL') +def get_eacl(private_key: bytes, cid: str): + + Cmd = f'{CLI_PREFIX}neofs-cli --host {NEOFS_ENDPOINT} --key {binascii.hexlify(private_key).decode()} container get-eacl --cid {cid}' + logger.info("Cmd: %s" % Cmd) + complProc = subprocess.run(Cmd, check=True, universal_newlines=True, + stdout=subprocess.PIPE, stderr=subprocess.PIPE, timeout=150, shell=True) + output = complProc.stdout + logger.info("Output: %s" % output) + + +@keyword('Set eACL') +def set_eacl(private_key: bytes, cid: str, eacl: str): + + Cmd = f'{CLI_PREFIX}neofs-cli --host {NEOFS_ENDPOINT} --key {binascii.hexlify(private_key).decode()} container set-eacl --cid {cid} --eacl {eacl}' + logger.info("Cmd: %s" % Cmd) + complProc = subprocess.run(Cmd, check=True, universal_newlines=True, + stdout=subprocess.PIPE, stderr=subprocess.PIPE, timeout=150, shell=True) + output = complProc.stdout + logger.info("Output: %s" % output) + -#docker exec neofs-cli neofs-cli --host 192.168.123.71:8080 --key 22b2f3faea9383e27262364c96d8e5ef7e893abf7a6ad7bf31ee1f2c2b3cfc42 -# object get-range --cid 4H9iChvzYdBg6qntfYUWGWCzsJFBDdo99KegefsD721Q --oid a101d078-b3d4-4325-8fe8-41dce6917097 0:10 -#fead193c1f6f488255f7 @keyword('Get Range') def get_range(private_key: bytes, cid: str, oid: str, range_cut: str): @@ -300,9 +321,56 @@ def head_object(private_key: bytes, cid: str, oid: str, full_headers:bool=False, else: raise Exception("User header %s was not found in the command output: \t%s" % (user_header, complProc.stdout)) + return complProc.stdout + except subprocess.CalledProcessError as e: raise Exception("command '{}' return with error (code {}): {}".format(e.cmd, e.returncode, e.output)) + + + +@keyword('Parse Object Header') +def parse_object_header(header: str): + result_header = dict() + + #SystemHeader + result_header['ID'] = _parse_oid(header) + result_header['CID'] = _parse_cid(header) + + logger.info("Result: %s" % result_header) + + + + m = re.search(r'ID: ([a-zA-Z0-9-]+)', header) + if m.start() != m.end(): # e.g., if match found something + oid = m.group(1) + else: + raise Exception("no OID was parsed from command output: \t%s" % output) + + return oid + + return +# SystemHeader: +# - ID=c9fdc3e8-6576-4822-9bc4-2a0addcbf105 +# - CID=42n81QNr7o513t2pTGuzM2PPFiHLhJ1MeSCJzizQW1wP +# - OwnerID=ANwbVH8nyWfTg7G6L9uzZxfXhKUhdjTYDa +# - Version=1 +# - PayloadLength=1024 +# - CreatedAt={UnixTime=1597330026 Epoch=2427} +# ExtendedHeaders: +# - Type=UserHeader +# Value={Key=key1 Val=1} +# - Type=UserHeader +# Value={Key=key2 Val='abc1'} +# - Type=Token +# Value={ID=6143e50f-5dbf-4964-ba16-266517e4fe9a Verb=Put} +# - Type=HomoHash +# Value=4c3304688e23b884f29a3e50cb65e067357d074f52e1e634a940a7488f40a3f53ffb0cb94d4b9c619432307fa615eb076d0c3d153acdd77835acac0553992238 +# - Type=PayloadChecksum +# Value=776bc1c03d2c72885c4976b000e2483df57275964308cc67eb36a829cad9a2c3 +# - Type=Integrity +# Value={Checksum=45859b067c6525b6f9fa78b9764ceca0a0eeb506cefd71c374aabd4cfd773430 Signature=04e80f81919fa14879b04fcad0fab411ebb0b7c38f00f030c98a4813ae402300b79b666c705317b358a17963d50ee5dceab4f6f3599e54da210b860df2f8b2a63c} + @keyword('Delete object') def delete_object(private_key: bytes, cid: str, oid: str): diff --git a/robot/testsuites/integration/acl_basic.robot b/robot/testsuites/integration/acl_basic.robot index a58dbbd..4546c03 100644 --- a/robot/testsuites/integration/acl_basic.robot +++ b/robot/testsuites/integration/acl_basic.robot @@ -31,10 +31,12 @@ Generate Keys ${USER_KEY_GEN} = Generate Neo private key ${OTHER_KEY_GEN} = Generate Neo private key ${SYSTEM_KEY_GEN} = Form Privkey from String c428b4a06f166fde9f8afcf918194acdde35aa2612ecf42fe0c94273425ded21 + ${SYSTEM_KEY_GEN_SN} = Form Privkey from String 0fa21a94be2227916284e4b3495180d9c93d04f095fe9d5a86f22044f5c411d2 - Set Global Variable ${USER_KEY} ${USER_KEY_GEN} - Set Global Variable ${OTHER_KEY} ${OTHER_KEY_GEN} - Set Global Variable ${SYSTEM_KEY} ${SYSTEM_KEY_GEN} + Set Global Variable ${USER_KEY} ${USER_KEY_GEN} + Set Global Variable ${OTHER_KEY} ${OTHER_KEY_GEN} + Set Global Variable ${SYSTEM_KEY} ${SYSTEM_KEY_GEN} + Set Global Variable ${SYSTEM_KEY_STOR_NODE} ${SYSTEM_KEY_GEN_SN} # Basic ACL manual page: https://neospcc.atlassian.net/wiki/spaces/NEOF/pages/362348545/NeoFS+ACL # TODO: X - Sticky bit validation on public container!!! @@ -42,7 +44,7 @@ Generate Keys Create Containers # Create containers: Log Create Private Container - ${PRIV_CID_GEN} = Create container ${USER_KEY} 0x1C8C8CCC + ${PRIV_CID_GEN} = Create container ${USER_KEY} 0x1C8C8CCC Container Existing ${USER_KEY} ${PRIV_CID_GEN} Log Create Public Container @@ -50,7 +52,7 @@ Create Containers Container Existing ${USER_KEY} ${PUBLIC_CID_GEN} Log Create Read-Only Container - ${READONLY_CID_GEN} = Create container ${USER_KEY} 0x1FFFCCFF + ${READONLY_CID_GEN} = Create container ${USER_KEY} 0x1FFF8CFF Container Existing ${USER_KEY} ${READONLY_CID_GEN} Set Global Variable ${PRIV_CID} ${PRIV_CID_GEN} @@ -76,6 +78,9 @@ Check Private Container ... Put object to NeoFS ${OTHER_KEY} ${FILE_S} ${PRIV_CID} Run Keyword And Expect Error * ... Put object to NeoFS ${SYSTEM_KEY} ${FILE_S} ${PRIV_CID} + ${S_OID_SYS_SN} = Put object to NeoFS ${SYSTEM_KEY_STOR_NODE} ${FILE_S} ${PRIV_CID} + + # Get @@ -83,7 +88,8 @@ Check Private Container Run Keyword And Expect Error * ... Get object from NeoFS ${OTHER_KEY} ${PRIV_CID} ${S_OID_USER} s_file_read Run Keyword And Expect Error * - ... Get object from NeoFS ${SYSTEM_KEY} ${PRIV_CID} ${S_OID_USER} s_file_read + ... Get object from NeoFS ${SYSTEM_KEY} ${PRIV_CID} ${S_OID_USER} s_file_read + Get object from NeoFS ${SYSTEM_KEY_STOR_NODE} ${PRIV_CID} ${S_OID_USER} s_file_read # Get Range Get Range ${USER_KEY} ${PRIV_CID} ${S_OID_USER} 0:256 @@ -91,6 +97,8 @@ Check Private Container ... Get Range ${OTHER_KEY} ${PRIV_CID} ${S_OID_USER} 0:256 Run Keyword And Expect Error * ... Get Range ${SYSTEM_KEY} ${PRIV_CID} ${S_OID_USER} 0:256 + Run Keyword And Expect Error * + ... Get Range ${SYSTEM_KEY_STOR_NODE} ${PRIV_CID} ${S_OID_USER} 0:256 # TODO: GetRangeHash # get-range-hash --cid --oid [--bearer ] [--verify --file ] [--salt ] [: [...]] @@ -100,11 +108,12 @@ Check Private Container # Search - @{S_OBJ_PRIV} = Create List ${S_OID_USER} - Search object ${USER_KEY} ${PRIV_CID} ${EMPTY} @{S_OBJ_PRIV} + @{S_OBJ_PRIV} = Create List ${S_OID_USER} ${S_OID_SYS_SN} + Search object ${USER_KEY} ${PRIV_CID} ${EMPTY} @{S_OBJ_PRIV} Run Keyword And Expect Error * ... Search object ${OTHER_KEY} ${PRIV_CID} ${EMPTY} @{S_OBJ_PRIV} Search object ${SYSTEM_KEY} ${PRIV_CID} ${EMPTY} @{S_OBJ_PRIV} + Search object ${SYSTEM_KEY_STOR_NODE} ${PRIV_CID} ${EMPTY} @{S_OBJ_PRIV} # Head @@ -112,6 +121,8 @@ Check Private Container Run Keyword And Expect Error * ... Head object ${OTHER_KEY} ${PRIV_CID} ${S_OBJ_PRIV} ${True} Head object ${SYSTEM_KEY} ${PRIV_CID} ${S_OBJ_PRIV} ${True} + Head object ${SYSTEM_KEY_STOR_NODE} ${PRIV_CID} ${S_OBJ_PRIV} ${True} + # Delete @@ -120,6 +131,8 @@ Check Private Container ... Delete object ${OTHER_KEY} ${PRIV_CID} ${S_OID_USER} Run Keyword And Expect Error * ... Delete object ${SYSTEM_KEY} ${PRIV_CID} ${S_OID_USER} + Run Keyword And Expect Error * + ... Delete object ${SYSTEM_KEY_STOR_NODE} ${PRIV_CID} ${S_OID_USER} @@ -133,6 +146,7 @@ Check Public Container # By discussion, IR can not make any operations instead of HEAD, SEARCH and GET RANGE HASH at the current moment Run Keyword And Expect Error * ... Put object to NeoFS ${SYSTEM_KEY} ${FILE_S} ${PUBLIC_CID} + ${S_OID_SYS_SN} = Put object to NeoFS ${SYSTEM_KEY_STOR_NODE} ${FILE_S} ${PUBLIC_CID} # Get Get object from NeoFS ${USER_KEY} ${PUBLIC_CID} ${S_OID_USER} s_file_read @@ -140,6 +154,7 @@ Check Public Container # By discussion, IR can not make any operations instead of HEAD, SEARCH and GET RANGE HASH at the current moment Run Keyword And Expect Error * ... Get object from NeoFS ${SYSTEM_KEY} ${PUBLIC_CID} ${S_OID_USER} s_file_read + Get object from NeoFS ${SYSTEM_KEY_STOR_NODE} ${PUBLIC_CID} ${S_OID_USER} s_file_read # Get Range Get Range ${USER_KEY} ${PUBLIC_CID} ${S_OID_USER} 0:256 @@ -147,6 +162,7 @@ Check Public Container # By discussion, IR can not make any operations instead of HEAD, SEARCH and GET RANGE HASH at the current moment Run Keyword And Expect Error * ... Get Range ${SYSTEM_KEY} ${PUBLIC_CID} ${S_OID_USER} 0:256 + Get Range ${SYSTEM_KEY_STOR_NODE} ${PUBLIC_CID} ${S_OID_USER} 0:256 # TODO: GetRangeHash # get-range-hash --cid --oid [--bearer ] [--verify --file ] [--salt ] [: [...]] @@ -156,26 +172,36 @@ Check Public Container # Search - @{S_OBJ_PRIV} = Create List ${S_OID_USER} ${S_OID_OTHER} + @{S_OBJ_PRIV} = Create List ${S_OID_USER} ${S_OID_OTHER} ${S_OID_SYS_SN} Search object ${USER_KEY} ${PUBLIC_CID} ${EMPTY} @{S_OBJ_PRIV} Search object ${OTHER_KEY} ${PUBLIC_CID} ${EMPTY} @{S_OBJ_PRIV} Search object ${SYSTEM_KEY} ${PUBLIC_CID} ${EMPTY} @{S_OBJ_PRIV} + Search object ${SYSTEM_KEY_STOR_NODE} ${PUBLIC_CID} ${EMPTY} @{S_OBJ_PRIV} # Head Head object ${USER_KEY} ${PUBLIC_CID} ${S_OID_USER} ${True} Head object ${OTHER_KEY} ${PUBLIC_CID} ${S_OID_USER} ${True} Head object ${SYSTEM_KEY} ${PUBLIC_CID} ${S_OID_USER} ${True} + Head object ${SYSTEM_KEY_STOR_NODE} ${PUBLIC_CID} ${S_OID_USER} ${True} Head object ${USER_KEY} ${PUBLIC_CID} ${S_OID_OTHER} ${True} Head object ${OTHER_KEY} ${PUBLIC_CID} ${S_OID_OTHER} ${True} Head object ${SYSTEM_KEY} ${PUBLIC_CID} ${S_OID_OTHER} ${True} + Head object ${SYSTEM_KEY_STOR_NODE} ${PUBLIC_CID} ${S_OID_OTHER} ${True} + + Head object ${USER_KEY} ${PUBLIC_CID} ${S_OID_SYS_SN} ${True} + Head object ${OTHER_KEY} ${PUBLIC_CID} ${S_OID_SYS_SN} ${True} + Head object ${SYSTEM_KEY} ${PUBLIC_CID} ${S_OID_SYS_SN} ${True} + Head object ${SYSTEM_KEY_STOR_NODE} ${PUBLIC_CID} ${S_OID_SYS_SN} ${True} + # Delete Delete object ${USER_KEY} ${PUBLIC_CID} ${S_OID_USER} Delete object ${OTHER_KEY} ${PUBLIC_CID} ${S_OID_USER} Run Keyword And Expect Error * ... Delete object ${SYSTEM_KEY} ${PUBLIC_CID} ${S_OID_USER} + Delete object ${SYSTEM_KEY_STOR_NODE} ${PUBLIC_CID} ${S_OID_USER} Check Read-Only Container @@ -187,6 +213,7 @@ Check Read-Only Container ... Put object to NeoFS ${OTHER_KEY} ${FILE_S} ${READONLY_CID} Run Keyword And Expect Error * ... Put object to NeoFS ${SYSTEM_KEY} ${FILE_S} ${READONLY_CID} + ${S_OID_SYS_SN} = Put object to NeoFS ${SYSTEM_KEY_STOR_NODE} ${FILE_S} ${READONLY_CID} # Get Get object from NeoFS ${USER_KEY} ${READONLY_CID} ${S_OID_USER} s_file_read @@ -194,6 +221,7 @@ Check Read-Only Container # By discussion, IR can not make any operations instead of HEAD, SEARCH and GET RANGE HASH at the current moment Run Keyword And Expect Error * ... Get object from NeoFS ${SYSTEM_KEY} ${READONLY_CID} ${S_OID_USER} s_file_read + Get object from NeoFS ${SYSTEM_KEY_STOR_NODE} ${READONLY_CID} ${S_OID_USER} s_file_read # Get Range Get Range ${USER_KEY} ${READONLY_CID} ${S_OID_USER} 0:256 @@ -201,6 +229,7 @@ Check Read-Only Container # By discussion, IR can not make any operations instead of HEAD, SEARCH and GET RANGE HASH at the current moment Run Keyword And Expect Error * ... Get Range ${SYSTEM_KEY} ${READONLY_CID} ${S_OID_USER} 0:256 + Get Range ${SYSTEM_KEY_STOR_NODE} ${READONLY_CID} ${S_OID_USER} 0:256 # TODO: GetRangeHash # get-range-hash --cid --oid [--bearer ] [--verify --file ] [--salt ] [: [...]] @@ -210,20 +239,24 @@ Check Read-Only Container # Search - @{S_OBJ_RO} = Create List ${S_OID_USER} + @{S_OBJ_RO} = Create List ${S_OID_USER} ${S_OID_SYS_SN} Search object ${USER_KEY} ${READONLY_CID} ${EMPTY} @{S_OBJ_RO} Search object ${OTHER_KEY} ${READONLY_CID} ${EMPTY} @{S_OBJ_RO} Search object ${SYSTEM_KEY} ${READONLY_CID} ${EMPTY} @{S_OBJ_RO} + Search object ${SYSTEM_KEY_STOR_NODE} ${READONLY_CID} ${EMPTY} @{S_OBJ_RO} # Head Head object ${USER_KEY} ${READONLY_CID} ${S_OID_USER} ${True} Head object ${OTHER_KEY} ${READONLY_CID} ${S_OID_USER} ${True} Head object ${SYSTEM_KEY} ${READONLY_CID} ${S_OID_USER} ${True} + Head object ${SYSTEM_KEY_STOR_NODE} ${READONLY_CID} ${S_OID_USER} ${True} # Delete Delete object ${USER_KEY} ${READONLY_CID} ${S_OID_USER} Run Keyword And Expect Error * ... Delete object ${OTHER_KEY} ${READONLY_CID} ${S_OID_USER} Run Keyword And Expect Error * - ... Delete object ${SYSTEM_KEY} ${READONLY_CID} ${S_OID_USER} \ No newline at end of file + ... Delete object ${SYSTEM_KEY} ${READONLY_CID} ${S_OID_USER} + Run Keyword And Expect Error * + ... Delete object ${SYSTEM_KEY_STOR_NODE} ${READONLY_CID} ${S_OID_USER} \ No newline at end of file diff --git a/robot/testsuites/integration/acl_extended.robot b/robot/testsuites/integration/acl_extended.robot new file mode 100644 index 0000000..e66e3eb --- /dev/null +++ b/robot/testsuites/integration/acl_extended.robot @@ -0,0 +1,433 @@ +*** Settings *** +Variables ../../variables/common.py + + +Library ${RESOURCES}/environment.py +Library ${RESOURCES}/neo.py +Library ${RESOURCES}/neofs.py +Library ${RESOURCES}/payment.py +Library ${RESOURCES}/assertions.py +Library ${RESOURCES}/neo.py + + +*** Variables *** +&{FILE_USR_HEADER} = key1=1 key2='abc1' +&{FILE_USR_HEADER_DEL} = key1=del key2=del +&{FILE_OTH_HEADER} = key1=oth key2=oth + +*** Test cases *** +Basic ACL Operations + [Documentation] Testcase to validate NeoFS operations with extended ACL. + [Tags] ACL NeoFS NeoCLI + [Timeout] 20 min + + Generate Keys + Generate file + Prepare eACL rules + +# Check Filters + Check Actions + + + + +*** Keywords *** + +Check Actions + Check eACL Deny and Allow All Other + Check eACL Deny and Allow All User + Check eACL Deny and Allow All System + + Check eACL Deny All Other and Allow All Pubkey + + + + +Check Filters + Check eACL MatchType String + + + +Check eACL MatchType String + ${CID} = Create Container Public + ${S_OID_USER} = Put object to NeoFS ${USER_KEY} ${FILE_S} ${CID} &{FILE_USR_HEADER} + ${HEADER} = Head object ${SYSTEM_KEY} ${CID} ${S_OID_USER} ${True} + Get nodes with object ${SYSTEM_KEY} ${CID} ${S_OID_USER} + Parse Object Header ${HEADER} + + +#### Format +# +#{ +# "Records": [ +# { +# "Operation": OPERATION, +# "Action": ACTION, +# "Filters": [ +# { +# "HeaderType": HEADER_TYPE, +# "MatchType": MATCH_TYPE, +# "Name": {HeaderType = ObjectSystem ? SYSTEM_HEADER : ANY_STRING}, +# "Value": ANY_STRING, +# } +# ], +# "Targets": [ +# { +# "Role": ROLE, +# "Keys": BASE64_STRING[...] +# } +# ] +# } +# ] +#} + + +# * ANY_STRING - any JSON string value +# * BASE64_STRING - any Base64 string (RFC 4648) +# * ACTION - string, one of +# * Deny +# * Allow + + +# * ROLE - string, one of +# * User +# * System +# * Others +# * Pubkey +# * OPERATION - string, one of +# * GET +# * HEAD +# * PUT +# * DELETE +# * SEARCH +# * GETRANGE +# * GETRANGEHASH + + + +# * HEADER_TYPE - string, one of +# * Request +# * ObjectSystem +# * ObjectUser + + +# * MATCH_TYPE - string, one of +# * StringEqual +# * StringNotEqual + + +# * SYSTEM_HEADER - string one of +# * ID +# * CID +# * OWNER_ID +# * VERSION +# * PAYLOAD_LENGTH +# * CREATED_UNIX +# * CREATED_EPOCH +# * LINK_PREV +# * LINK_NEXT +# * LINK_CHILD +# * LINK_PAR +# * LINK_SG + + + + + + +Generate Keys + ${USER_KEY_GEN} = Generate Neo private key + ${OTHER_KEY_GEN} = Generate Neo private key + ${EACL_KEY_GEN} = Form Privkey from String 782676b81a35c5f07325ec523e8521ee4946b6e5d4c6cd652dd0c3ba51ce03de + Get Neo public key ${EACL_KEY_GEN} + ${SYSTEM_KEY_GEN} = Form Privkey from String c428b4a06f166fde9f8afcf918194acdde35aa2612ecf42fe0c94273425ded21 + + + ${SYSTEM_KEY_GEN_SN} = Form Privkey from String 0fa21a94be2227916284e4b3495180d9c93d04f095fe9d5a86f22044f5c411d2 + + + Set Global Variable ${USER_KEY} ${USER_KEY_GEN} + Set Global Variable ${OTHER_KEY} ${OTHER_KEY_GEN} + Set Global Variable ${EACL_KEY} ${EACL_KEY_GEN} + Set Global Variable ${SYSTEM_KEY} ${SYSTEM_KEY_GEN} + + Set Global Variable ${SYSTEM_KEY_SN} ${SYSTEM_KEY_GEN_SN} + + + + +Create Container Public + Log Create Public Container + ${PUBLIC_CID_GEN} = Create container ${USER_KEY} 0x2FFFFFFF + [Return] ${PUBLIC_CID_GEN} + + + +Generate file + # Generate small file + ${FILE_S_GEN} = Generate file of bytes 1024 + ${FILE_S_HASH_GEN} = Get file hash ${FILE_S_GEN} + + Set Global Variable ${FILE_S} ${FILE_S_GEN} + Set Global Variable ${FILE_S_HASH} ${FILE_S_HASH_GEN} + +Prepare eACL rules + Log Set eACL for different cases + Set Global Variable ${EACL_DENY_ALL_OTHER} 0007000000020000000100000001000000030000000000020000000300000001000000030000000000020000000200000001000000030000000000020000000500000001000000030000000000020000000400000001000000030000000000020000000600000001000000030000000000020000000700000001000000030000 + Set Global Variable ${EACL_ALLOW_ALL_OTHER} 0007000000010000000100000001000000030000000000010000000300000001000000030000000000010000000200000001000000030000000000010000000500000001000000030000000000010000000400000001000000030000000000010000000600000001000000030000000000010000000700000001000000030000 + + Set Global Variable ${EACL_DENY_ALL_USER} 0007000000020000000100000001000000010000000000020000000300000001000000010000000000020000000200000001000000010000000000020000000500000001000000010000000000020000000400000001000000010000000000020000000600000001000000010000000000020000000700000001000000010000 + Set Global Variable ${EACL_ALLOW_ALL_USER} 0007000000010000000100000001000000010000000000010000000300000001000000010000000000010000000200000001000000010000000000010000000500000001000000010000000000010000000400000001000000010000000000010000000600000001000000010000000000010000000700000001000000010000 + + Set Global Variable ${EACL_DENY_ALL_SYSTEM} 0007000000020000000100000001000000020000000000020000000300000001000000020000000000020000000200000001000000020000000000020000000500000001000000020000000000020000000400000001000000020000000000020000000600000001000000020000000000020000000700000001000000020000 + Set Global Variable ${EACL_ALLOW_ALL_SYSTEM} 0007000000010000000100000001000000020000000000010000000300000001000000020000000000010000000200000001000000020000000000010000000500000001000000020000000000010000000400000001000000020000000000010000000600000001000000020000000000010000000700000001000000020000 + + + Set Global Variable ${EACL_ALLOW_ALL_Pubkey} 000e000000010000000100000001000000000001002103db43cba61ef948a65c20b326b9409911341436478dfdd7472c9af6b10bb60000000000010000000300000001000000000001002103db43cba61ef948a65c20b326b9409911341436478dfdd7472c9af6b10bb60000000000010000000200000001000000000001002103db43cba61ef948a65c20b326b9409911341436478dfdd7472c9af6b10bb60000000000010000000500000001000000000001002103db43cba61ef948a65c20b326b9409911341436478dfdd7472c9af6b10bb60000000000010000000400000001000000000001002103db43cba61ef948a65c20b326b9409911341436478dfdd7472c9af6b10bb60000000000010000000600000001000000000001002103db43cba61ef948a65c20b326b9409911341436478dfdd7472c9af6b10bb60000000000010000000700000001000000000001002103db43cba61ef948a65c20b326b9409911341436478dfdd7472c9af6b10bb60000000000020000000100000001000000030000000000020000000300000001000000030000000000020000000200000001000000030000000000020000000500000001000000030000000000020000000400000001000000030000000000020000000600000001000000030000000000020000000700000001000000030000 + + + +Check eACL Deny and Allow All User + Check eACL Deny and Allow All ${USER_KEY} ${EACL_DENY_ALL_USER} ${EACL_ALLOW_ALL_USER} + + +Check eACL Deny and Allow All Other + Check eACL Deny and Allow All ${OTHER_KEY} ${EACL_DENY_ALL_OTHER} ${EACL_ALLOW_ALL_OTHER} + + +Check eACL Deny and Allow All System + + + ${CID} = Create Container Public + ${S_OID_USER} = Put object to NeoFS ${USER_KEY} ${FILE_S} ${CID} &{FILE_USR_HEADER} + ${D_OID_USER} = Put object to NeoFS ${USER_KEY} ${FILE_S} ${CID} &{FILE_USR_HEADER_DEL} + @{S_OBJ_H} = Create List ${S_OID_USER} + + # By discussion, IR can not make any operations instead of HEAD, SEARCH and GET RANGE HASH at the current moment + Run Keyword And Expect Error * + ... Put object to NeoFS ${SYSTEM_KEY} ${FILE_S} ${CID} &{FILE_OTH_HEADER} + Put object to NeoFS ${SYSTEM_KEY_SN} ${FILE_S} ${CID} &{FILE_OTH_HEADER} + + Run Keyword And Expect Error * + ... Get object from NeoFS ${SYSTEM_KEY} ${CID} ${S_OID_USER} local_file_eacl + + Get object from NeoFS ${SYSTEM_KEY_SN} ${CID} ${S_OID_USER} local_file_eacl + + Search object ${SYSTEM_KEY} ${CID} ${EMPTY} @{S_OBJ_H} &{FILE_USR_HEADER} + Search object ${SYSTEM_KEY_SN} ${CID} ${EMPTY} @{S_OBJ_H} &{FILE_USR_HEADER} + + + Head object ${SYSTEM_KEY} ${CID} ${S_OID_USER} ${True} + Head object ${SYSTEM_KEY_SN} ${CID} ${S_OID_USER} ${True} + + + Run Keyword And Expect Error * + ... Get Range ${SYSTEM_KEY} ${CID} ${S_OID_USER} 0:256 + Get Range ${SYSTEM_KEY_SN} ${CID} ${S_OID_USER} 0:256 + + Run Keyword And Expect Error * + ... Delete object ${SYSTEM_KEY} ${CID} ${D_OID_USER} + Delete object ${SYSTEM_KEY_SN} ${CID} ${D_OID_USER} + + + Set eACL ${USER_KEY} ${CID} ${EACL_DENY_ALL_SYSTEM} + Sleep 30sec + + + + Run Keyword And Expect Error * + ... Put object to NeoFS ${SYSTEM_KEY} ${FILE_S} ${CID} &{FILE_OTH_HEADER} + Run Keyword And Expect Error * + ... Put object to NeoFS ${SYSTEM_KEY_SN} ${FILE_S} ${CID} &{FILE_OTH_HEADER} + + Run Keyword And Expect Error * + ... Get object from NeoFS ${SYSTEM_KEY} ${CID} ${S_OID_USER} local_file_eacl + Run Keyword And Expect Error * + ... Get object from NeoFS ${SYSTEM_KEY_SN} ${CID} ${S_OID_USER} local_file_eacl + + Run Keyword And Expect Error * + ... Search object ${SYSTEM_KEY} ${CID} ${EMPTY} @{S_OBJ_H} &{FILE_USR_HEADER} + Run Keyword And Expect Error * + ... Search object ${SYSTEM_KEY_SN} ${CID} ${EMPTY} @{S_OBJ_H} &{FILE_USR_HEADER} + + + Run Keyword And Expect Error * + ... Head object ${SYSTEM_KEY} ${CID} ${S_OID_USER} ${True} + Run Keyword And Expect Error * + ... Head object ${SYSTEM_KEY_SN} ${CID} ${S_OID_USER} ${True} + + Run Keyword And Expect Error * + ... Get Range ${SYSTEM_KEY} ${CID} ${S_OID_USER} 0:256 + Run Keyword And Expect Error * + ... Get Range ${SYSTEM_KEY_SN} ${CID} ${S_OID_USER} 0:256 + + Run Keyword And Expect Error * + ... Delete object ${SYSTEM_KEY} ${CID} ${S_OID_USER} + Run Keyword And Expect Error * + ... Delete object ${SYSTEM_KEY_SN} ${CID} ${S_OID_USER} + + + Set eACL ${USER_KEY} ${CID} ${EACL_ALLOW_ALL_SYSTEM} + Sleep 30sec + + + Run Keyword And Expect Error * + ... Put object to NeoFS ${SYSTEM_KEY} ${FILE_S} ${CID} &{FILE_OTH_HEADER} + Put object to NeoFS ${SYSTEM_KEY_SN} ${FILE_S} ${CID} &{FILE_OTH_HEADER} + + Run Keyword And Expect Error * + ... Get object from NeoFS ${SYSTEM_KEY} ${CID} ${S_OID_USER} local_file_eacl + + Get object from NeoFS ${SYSTEM_KEY_SN} ${CID} ${S_OID_USER} local_file_eacl + + Search object ${SYSTEM_KEY} ${CID} ${EMPTY} @{S_OBJ_H} &{FILE_USR_HEADER} + Search object ${SYSTEM_KEY_SN} ${CID} ${EMPTY} @{S_OBJ_H} &{FILE_USR_HEADER} + + + Head object ${SYSTEM_KEY} ${CID} ${S_OID_USER} ${True} + Head object ${SYSTEM_KEY_SN} ${CID} ${S_OID_USER} ${True} + + + Run Keyword And Expect Error * + ... Get Range ${SYSTEM_KEY} ${CID} ${S_OID_USER} 0:256 + Get Range ${SYSTEM_KEY_SN} ${CID} ${S_OID_USER} 0:256 + + Run Keyword And Expect Error * + ... Delete object ${SYSTEM_KEY} ${CID} ${D_OID_USER} + Delete object ${SYSTEM_KEY_SN} ${CID} ${D_OID_USER} + + + + + +Check eACL Deny All Other and Allow All Pubkey + + ${CID} = Create Container Public + ${S_OID_USER} = Put object to NeoFS ${USER_KEY} ${FILE_S} ${CID} &{FILE_USR_HEADER} + ${D_OID_USER} = Put object to NeoFS ${USER_KEY} ${FILE_S} ${CID} &{FILE_USR_HEADER_DEL} + @{S_OBJ_H} = Create List ${S_OID_USER} + + Put object to NeoFS ${EACL_KEY} ${FILE_S} ${CID} &{FILE_OTH_HEADER} + Get object from NeoFS ${EACL_KEY} ${CID} ${S_OID_USER} local_file_eacl + Search object ${EACL_KEY} ${CID} ${EMPTY} @{S_OBJ_H} &{FILE_USR_HEADER} + Head object ${EACL_KEY} ${CID} ${S_OID_USER} ${True} + Get Range ${EACL_KEY} ${CID} ${S_OID_USER} 0:256 + Delete object ${EACL_KEY} ${CID} ${D_OID_USER} + + Set eACL ${USER_KEY} ${CID} ${EACL_ALLOW_ALL_Pubkey} + Sleep 30sec + + + + Run Keyword And Expect Error * + ... Put object to NeoFS ${OTHER_KEY} ${FILE_S} ${CID} &{FILE_USR_HEADER} + Run Keyword And Expect Error * + ... Get object from NeoFS ${OTHER_KEY} ${CID} ${S_OID_USER} local_file_eacl + Run Keyword And Expect Error * + ... Search object ${OTHER_KEY} ${CID} ${EMPTY} @{S_OBJ_H} &{FILE_USR_HEADER} + Run Keyword And Expect Error * + ... Head object ${OTHER_KEY} ${CID} ${S_OID_USER} ${True} + Run Keyword And Expect Error * + ... Get Range ${OTHER_KEY} ${CID} ${S_OID_USER} 0:256 + Run Keyword And Expect Error * + ... Delete object ${OTHER_KEY} ${CID} ${S_OID_USER} + + Put object to NeoFS ${EACL_KEY} ${FILE_S} ${CID} &{FILE_OTH_HEADER} + Get object from NeoFS ${EACL_KEY} ${CID} ${S_OID_USER} local_file_eacl + Search object ${EACL_KEY} ${CID} ${EMPTY} @{S_OBJ_H} &{FILE_USR_HEADER} + Head object ${EACL_KEY} ${CID} ${S_OID_USER} ${True} + Get Range ${EACL_KEY} ${CID} ${S_OID_USER} 0:256 + Delete object ${EACL_KEY} ${CID} ${D_OID_USER} + + + + +Check eACL Deny and Allow All + [Arguments] ${KEY} ${DENY_EACL} ${ALLOW_EACL} + + ${CID} = Create Container Public + ${S_OID_USER} = Put object to NeoFS ${USER_KEY} ${FILE_S} ${CID} &{FILE_USR_HEADER} + ${D_OID_USER} = Put object to NeoFS ${USER_KEY} ${FILE_S} ${CID} &{FILE_USR_HEADER_DEL} + @{S_OBJ_H} = Create List ${S_OID_USER} + + Put object to NeoFS ${KEY} ${FILE_S} ${CID} &{FILE_OTH_HEADER} + Get object from NeoFS ${KEY} ${CID} ${S_OID_USER} local_file_eacl + Search object ${KEY} ${CID} ${EMPTY} @{S_OBJ_H} &{FILE_USR_HEADER} + Head object ${KEY} ${CID} ${S_OID_USER} ${True} + Get Range ${KEY} ${CID} ${S_OID_USER} 0:256 + Delete object ${KEY} ${CID} ${D_OID_USER} + + Set eACL ${USER_KEY} ${CID} ${DENY_EACL} + Sleep 30sec + + Run Keyword And Expect Error * + ... Put object to NeoFS ${KEY} ${FILE_S} ${CID} &{FILE_USR_HEADER} + Run Keyword And Expect Error * + ... Get object from NeoFS ${KEY} ${CID} ${S_OID_USER} local_file_eacl + Run Keyword And Expect Error * + ... Search object ${KEY} ${CID} ${EMPTY} @{S_OBJ_H} &{FILE_USR_HEADER} + Run Keyword And Expect Error * + ... Head object ${KEY} ${CID} ${S_OID_USER} ${True} + Run Keyword And Expect Error * + ... Get Range ${KEY} ${CID} ${S_OID_USER} 0:256 + Run Keyword And Expect Error * + ... Delete object ${KEY} ${CID} ${S_OID_USER} + + + Set eACL ${USER_KEY} ${CID} ${ALLOW_EACL} + Sleep 30sec + + + Put object to NeoFS ${KEY} ${FILE_S} ${CID} &{FILE_OTH_HEADER} + Get object from NeoFS ${KEY} ${CID} ${S_OID_USER} local_file_eacl + Search object ${KEY} ${CID} ${EMPTY} @{S_OBJ_H} &{FILE_USR_HEADER} + Head object ${KEY} ${CID} ${S_OID_USER} ${True} + Get Range ${KEY} ${CID} ${S_OID_USER} 0:256 + Delete object ${KEY} ${CID} ${D_OID_USER} + + + + + + + + + + + + + + +# docker exec neofs-cli neofs-cli --host 192.168.123.71:8080 --key 13a75c3bc71865ef9474f314dedb7aa9e2b22048a86bd431578abc30971f319a container set-eacl --cid 8PD2SdxUB1P6122mHP14XcRkQtWg2XPHaeDysWKz3ARy --eacl 0a4b080210021a1e080310011a0a686561646572206b6579220c6865616465722076616c7565222508031221031a6c6fbbdf02ca351745fa86b9ba5a9452d785ac4f7fc2b7548ca2a46c4fcf4a +# docker exec neofs-cli neofs-cli --host 192.168.123.71:8080 --key 13a75c3bc71865ef9474f314dedb7aa9e2b22048a86bd431578abc30971f319a container set-eacl --cid 8PD2SdxUB1P6122mHP14XcRkQtWg2XPHaeDysWKz3ARy --eacl 0a4a080210021a1e080310011a0a686561646572206b6579220c6865616465722076616c75652224080312200eef0860d2f81ed724ee45e7275a6a917791503582202c47459804192e1ba04a + +# docker exec neofs-cli neofs-cli --host 192.168.123.71:8080 --key 13a75c3bc71865ef9474f314dedb7aa9e2b22048a86bd431578abc30971f319a container get-eacl --cid 8PD2SdxUB1P6122mHP14XcRkQtWg2XPHaeDysWKz3ARy + + + + + +######################################## +######################################## + +Create Containers DELETE + # Create containers: + + Log Create Private Container + ${INCOR_CID_GEN} = Create container ${USER_KEY} 0x3FFFFFFF + Container Existing ${USER_KEY} ${INCOR_CID_GEN} + + + + Log Create Private Container + ${PRIV_CID_GEN} = Create container ${USER_KEY} 0x0C8C8CCC + Container Existing ${USER_KEY} ${PRIV_CID_GEN} + + Log Create None Container + ${NONE_CID_GEN} = Create container ${USER_KEY} 0x2000000 + Container Existing ${USER_KEY} ${NONE_CID_GEN} + + Set Global Variable ${INCOR_CID} ${INCOR_CID_GEN} + Set Global Variable ${PUBLIC_CID} ${PUBLIC_CID_GEN} + Set Global Variable ${PRIV_CID} ${PRIV_CID_GEN} + Set Global Variable ${NONE_CID} ${NONE_CID_GEN} \ No newline at end of file From d9ceb2523390073015fbb6b9b117c850b6aa3f36 Mon Sep 17 00:00:00 2001 From: "anatoly@nspcc.ru" Date: Thu, 20 Aug 2020 01:31:16 +0300 Subject: [PATCH 2/2] eACL updated version has been added --- robot/resources/lib/neofs.py | 114 ++++++- .../testsuites/integration/acl_extended.robot | 319 +++++++++--------- 2 files changed, 267 insertions(+), 166 deletions(-) diff --git a/robot/resources/lib/neofs.py b/robot/resources/lib/neofs.py index a6ac4e3..cf46a4e 100644 --- a/robot/resources/lib/neofs.py +++ b/robot/resources/lib/neofs.py @@ -76,6 +76,30 @@ def get_eacl(private_key: bytes, cid: str): logger.info("Output: %s" % output) + +@keyword('Convert Str to Hex Str with Len') +def conver_str_to_hex(string_convert: str): + converted = binascii.hexlify(bytes(string_convert, encoding= 'utf-8')).decode("utf-8") + prev_len_2 = '{:04x}'.format(int(len(converted)/2)) + + return str(prev_len_2)+str(converted) + + +@keyword('Set custom eACL') +def set_custom_eacl(private_key: bytes, cid: str, eacl_prefix: str, eacl_slice: str, eacl_postfix: str): + + logger.info(str(eacl_prefix)) + logger.info(str(eacl_slice)) + logger.info(str(eacl_postfix)) + + eacl = str(eacl_prefix) + str(eacl_slice) + str(eacl_postfix) + logger.info("Custom eACL: %s" % eacl) + + set_eacl(private_key, cid, eacl) + return + + + @keyword('Set eACL') def set_eacl(private_key: bytes, cid: str, eacl: str): @@ -329,27 +353,67 @@ def head_object(private_key: bytes, cid: str, oid: str, full_headers:bool=False, -@keyword('Parse Object Header') -def parse_object_header(header: str): +@keyword('Parse Object System Header') +def parse_object_system_header(header: str): result_header = dict() #SystemHeader - result_header['ID'] = _parse_oid(header) - result_header['CID'] = _parse_cid(header) + logger.info("Input: %s" % header) + # ID + m = re.search(r'- ID=([a-zA-Z0-9-]+)', header) + if m.start() != m.end(): # e.g., if match found something + result_header['ID'] = m.group(1) + else: + raise Exception("no ID was parsed from object header: \t%s" % output) + + # CID + m = re.search(r'- CID=([a-zA-Z0-9]+)', header) + if m.start() != m.end(): # e.g., if match found something + result_header['CID'] = m.group(1) + else: + raise Exception("no CID was parsed from object header: \t%s" % output) + + # Owner + m = re.search(r'- OwnerID=([a-zA-Z0-9]+)', header) + if m.start() != m.end(): # e.g., if match found something + result_header['OwnerID'] = m.group(1) + else: + raise Exception("no OwnerID was parsed from object header: \t%s" % output) + + # Version + m = re.search(r'- Version=(\d+)', header) + if m.start() != m.end(): # e.g., if match found something + result_header['Version'] = m.group(1) + else: + raise Exception("no Version was parsed from object header: \t%s" % output) + + + # PayloadLength + m = re.search(r'- PayloadLength=(\d+)', header) + if m.start() != m.end(): # e.g., if match found something + result_header['PayloadLength'] = m.group(1) + else: + raise Exception("no PayloadLength was parsed from object header: \t%s" % output) + + + + # CreatedAtUnixTime + m = re.search(r'- CreatedAt={UnixTime=(\d+)', header) + if m.start() != m.end(): # e.g., if match found something + result_header['CreatedAtUnixTime'] = m.group(1) + else: + raise Exception("no CreatedAtUnixTime was parsed from object header: \t%s" % output) + + # CreatedAtEpoch + m = re.search(r'- CreatedAt={UnixTime=\d+ Epoch=(\d+)', header) + if m.start() != m.end(): # e.g., if match found something + result_header['CreatedAtEpoch'] = m.group(1) + else: + raise Exception("no CreatedAtEpoch was parsed from object header: \t%s" % output) logger.info("Result: %s" % result_header) - - - - m = re.search(r'ID: ([a-zA-Z0-9-]+)', header) - if m.start() != m.end(): # e.g., if match found something - oid = m.group(1) - else: - raise Exception("no OID was parsed from command output: \t%s" % output) - - return oid + return result_header - return # SystemHeader: # - ID=c9fdc3e8-6576-4822-9bc4-2a0addcbf105 # - CID=42n81QNr7o513t2pTGuzM2PPFiHLhJ1MeSCJzizQW1wP @@ -357,6 +421,26 @@ def parse_object_header(header: str): # - Version=1 # - PayloadLength=1024 # - CreatedAt={UnixTime=1597330026 Epoch=2427} + + +@keyword('Parse Object Extended Header') +def parse_object_extended_header(header: str): + result_header = dict() + + + pattern = re.compile(r'- Type=(\w+)\n.+Value=(.+)\n') + # key in dict.keys() + + for (f_type, f_val) in re.findall(pattern, header): + logger.info("found: %s - %s" % (f_type, f_val)) + if f_type not in result_header.keys(): + result_header[f_type] = [] + + # if {} -> dict -> if re.search(r'(%s)' % cid, output): + result_header[f_type].append(f_val) + + logger.info("Result: %s" % result_header) + return result_header # ExtendedHeaders: # - Type=UserHeader # Value={Key=key1 Val=1} diff --git a/robot/testsuites/integration/acl_extended.robot b/robot/testsuites/integration/acl_extended.robot index e66e3eb..717bb1f 100644 --- a/robot/testsuites/integration/acl_extended.robot +++ b/robot/testsuites/integration/acl_extended.robot @@ -1,13 +1,10 @@ *** Settings *** Variables ../../variables/common.py - +Library Collections Library ${RESOURCES}/environment.py Library ${RESOURCES}/neo.py Library ${RESOURCES}/neofs.py -Library ${RESOURCES}/payment.py -Library ${RESOURCES}/assertions.py -Library ${RESOURCES}/neo.py *** Variables *** @@ -16,20 +13,18 @@ Library ${RESOURCES}/neo.py &{FILE_OTH_HEADER} = key1=oth key2=oth *** Test cases *** -Basic ACL Operations +Extended ACL Operations [Documentation] Testcase to validate NeoFS operations with extended ACL. [Tags] ACL NeoFS NeoCLI [Timeout] 20 min Generate Keys Generate file - Prepare eACL rules - -# Check Filters + Prepare eACL Role rules Check Actions + Check Filters + - - *** Keywords *** @@ -37,102 +32,184 @@ Check Actions Check eACL Deny and Allow All Other Check eACL Deny and Allow All User Check eACL Deny and Allow All System - Check eACL Deny All Other and Allow All Pubkey - - Check Filters - Check eACL MatchType String + Check eACL MatchType String Equal + Check eACL MatchType String Not Equal - -Check eACL MatchType String +Check eACL MatchType String Equal ${CID} = Create Container Public ${S_OID_USER} = Put object to NeoFS ${USER_KEY} ${FILE_S} ${CID} &{FILE_USR_HEADER} - ${HEADER} = Head object ${SYSTEM_KEY} ${CID} ${S_OID_USER} ${True} - Get nodes with object ${SYSTEM_KEY} ${CID} ${S_OID_USER} - Parse Object Header ${HEADER} + + ${HEADER} = Head object ${USER_KEY} ${CID} ${S_OID_USER} ${True} + &{SYS_HEADER_PARSED} = Parse Object System Header ${HEADER} + Get object from NeoFS ${OTHER_KEY} ${CID} ${S_OID_USER} local_file_eacl -#### Format -# -#{ -# "Records": [ -# { -# "Operation": OPERATION, -# "Action": ACTION, -# "Filters": [ -# { -# "HeaderType": HEADER_TYPE, -# "MatchType": MATCH_TYPE, -# "Name": {HeaderType = ObjectSystem ? SYSTEM_HEADER : ANY_STRING}, -# "Value": ANY_STRING, -# } -# ], -# "Targets": [ -# { -# "Role": ROLE, -# "Keys": BASE64_STRING[...] -# } -# ] -# } -# ] -#} + Log Set eACL for Deny GET operation with StringEqual Object ID + ${ID_value} = Get From Dictionary ${SYS_HEADER_PARSED} ID + ${ID_value_hex} = Convert Str to Hex Str with Len ${ID_value} + Set custom eACL ${USER_KEY} ${CID} 000100000002000000010001000000020000000100024944 ${ID_value_hex} 0001000000030000 + Sleep 15sec + Run Keyword And Expect Error * + ... Get object from NeoFS ${OTHER_KEY} ${CID} ${S_OID_USER} local_file_eacl -# * ANY_STRING - any JSON string value -# * BASE64_STRING - any Base64 string (RFC 4648) -# * ACTION - string, one of -# * Deny -# * Allow + Log Set eACL for Deny GET operation with StringEqual Object CID + ${CID_value} = Get From Dictionary ${SYS_HEADER_PARSED} CID + ${CID_value_hex} = Convert Str to Hex Str with Len ${CID_value} + Set custom eACL ${USER_KEY} ${CID} 00010000000200000001000100000002000000010003434944 ${CID_value_hex} 0001000000030000 + Sleep 15sec + Run Keyword And Expect Error * + ... Get object from NeoFS ${OTHER_KEY} ${CID} ${S_OID_USER} local_file_eacl -# * ROLE - string, one of -# * User -# * System -# * Others -# * Pubkey -# * OPERATION - string, one of -# * GET -# * HEAD -# * PUT -# * DELETE -# * SEARCH -# * GETRANGE -# * GETRANGEHASH + Log Set eACL for Deny GET operation with StringEqual Object OwnerID + ${OwnerID_value} = Get From Dictionary ${SYS_HEADER_PARSED} OwnerID + ${OwnerID_value_hex} = Convert Str to Hex Str with Len ${OwnerID_value} + Set custom eACL ${USER_KEY} ${CID} 000100000002000000010001000000020000000100084f574e45525f4944 ${OwnerID_value_hex} 0001000000030000 + Sleep 15sec + Run Keyword And Expect Error * + ... Get object from NeoFS ${OTHER_KEY} ${CID} ${S_OID_USER} local_file_eacl + + + Log Set eACL for Deny GET operation with StringEqual Object Version + ${Version_value} = Get From Dictionary ${SYS_HEADER_PARSED} Version + ${Version_value_hex} = Convert Str to Hex Str with Len ${Version_value} + Set custom eACL ${USER_KEY} ${CID} 0001000000020000000100010000000200000001000756455253494f4e ${Version_value_hex} 0001000000030000 + Sleep 15sec + Run Keyword And Expect Error * + ... Get object from NeoFS ${OTHER_KEY} ${CID} ${S_OID_USER} local_file_eacl + + + Log Set eACL for Deny GET operation with StringEqual Object PayloadLength + ${Payload_value} = Get From Dictionary ${SYS_HEADER_PARSED} PayloadLength + ${Payload_value_hex} = Convert Str to Hex Str with Len ${Payload_value} + Set custom eACL ${USER_KEY} ${CID} 0001000000020000000100010000000200000001000e5041594c4f41445f4c454e475448 ${Payload_value_hex} 0001000000030000 + Sleep 15sec + Run Keyword And Expect Error * + ... Get object from NeoFS ${OTHER_KEY} ${CID} ${S_OID_USER} local_file_eacl + + Log Set eACL for Deny GET operation with StringEqual Object CreatedAtUnixTime + ${AtUnixTime_value} = Get From Dictionary ${SYS_HEADER_PARSED} CreatedAtUnixTime + ${AtUnixTime_value_hex} = Convert Str to Hex Str with Len ${AtUnixTime_value} + Set custom eACL ${USER_KEY} ${CID} 0001000000020000000100010000000200000001000c435245415445445f554e4958 ${AtUnixTime_value_hex} 0001000000030000 + Sleep 15sec + Run Keyword And Expect Error * + ... Get object from NeoFS ${OTHER_KEY} ${CID} ${S_OID_USER} local_file_eacl + + + Log Set eACL for Deny GET operation with StringEqual Object CreatedAtEpoch + ${AtEpoch_value} = Get From Dictionary ${SYS_HEADER_PARSED} CreatedAtEpoch + ${AtEpoch_value_hex} = Convert Str to Hex Str with Len ${AtEpoch_value} + Set custom eACL ${USER_KEY} ${CID} 0001000000020000000100010000000200000001000d435245415445445f45504f4348 ${AtEpoch_value_hex} 0001000000030000 + Sleep 15sec + Run Keyword And Expect Error * + ... Get object from NeoFS ${OTHER_KEY} ${CID} ${S_OID_USER} local_file_eacl + + + Log Set eACL for Deny GET operation with StringEqual Object Extended User Header + ${S_OID_USER_OTH} = Put object to NeoFS ${USER_KEY} ${FILE_S} ${CID} &{FILE_OTH_HEADER} + Set eACL ${USER_KEY} ${CID} 000100000002000000010001000000030000000100046b65793200062761626331270001000000030000 + Sleep 15sec + Run Keyword And Expect Error * + ... Get object from NeoFS ${OTHER_KEY} ${CID} ${S_OID_USER} local_file_eacl + Get object from NeoFS ${OTHER_KEY} ${CID} ${S_OID_USER_OTH} local_file_eacl + + +Check eACL MatchType String Not Equal + ${CID} = Create Container Public + ${FILE_S_2} = Generate file of bytes 2048 + ${S_OID_USER} = Put object to NeoFS ${USER_KEY} ${FILE_S} ${CID} &{FILE_USR_HEADER} + # Sleep for 1 epoch + Sleep 30sec + ${S_OID_OTHER} = Put object to NeoFS ${OTHER_KEY} ${FILE_S_2} ${CID} &{FILE_OTH_HEADER} + ${HEADER} = Head object ${USER_KEY} ${CID} ${S_OID_USER} ${True} + Head object ${USER_KEY} ${CID} ${S_OID_OTHER} ${True} + &{SYS_HEADER_PARSED} = Parse Object System Header ${HEADER} + + Get object from NeoFS ${OTHER_KEY} ${CID} ${S_OID_USER} local_file_eacl + Get object from NeoFS ${OTHER_KEY} ${CID} ${S_OID_OTHER} local_file_eacl + + Log Set eACL for Deny GET operation with StringNotEqual Object ID + ${ID_value} = Get From Dictionary ${SYS_HEADER_PARSED} ID + ${ID_value_hex} = Convert Str to Hex Str with Len ${ID_value} + Set custom eACL ${USER_KEY} ${CID} 000100000002000000010001000000020000000200024944 ${ID_value_hex} 0001000000030000 + + Sleep 15sec + Run Keyword And Expect Error * + ... Get object from NeoFS ${OTHER_KEY} ${CID} ${S_OID_OTHER} local_file_eacl + Get object from NeoFS ${OTHER_KEY} ${CID} ${S_OID_USER} local_file_eacl -# * HEADER_TYPE - string, one of -# * Request -# * ObjectSystem -# * ObjectUser + Log Set eACL for Deny GET operation with StringEqual Object CID + ${CID_value} = Get From Dictionary ${SYS_HEADER_PARSED} CID + ${CID_value_hex} = Convert Str to Hex Str with Len ${CID_value} + Set custom eACL ${USER_KEY} ${CID} 00010000000200000001000100000002000000020003434944 ${CID_value_hex} 0001000000030000 + Sleep 15sec + Get object from NeoFS ${OTHER_KEY} ${CID} ${S_OID_OTHER} local_file_eacl + Get object from NeoFS ${OTHER_KEY} ${CID} ${S_OID_USER} local_file_eacl -# * MATCH_TYPE - string, one of -# * StringEqual -# * StringNotEqual + Log Set eACL for Deny GET operation with StringEqual Object OwnerID + ${OwnerID_value} = Get From Dictionary ${SYS_HEADER_PARSED} OwnerID + ${OwnerID_value_hex} = Convert Str to Hex Str with Len ${OwnerID_value} + Set custom eACL ${USER_KEY} ${CID} 000100000002000000010001000000020000000200084f574e45525f4944 ${OwnerID_value_hex} 0001000000030000 + Sleep 15sec + Run Keyword And Expect Error * + ... Get object from NeoFS ${OTHER_KEY} ${CID} ${S_OID_OTHER} local_file_eacl + Get object from NeoFS ${OTHER_KEY} ${CID} ${S_OID_USER} local_file_eacl -# * SYSTEM_HEADER - string one of -# * ID -# * CID -# * OWNER_ID -# * VERSION -# * PAYLOAD_LENGTH -# * CREATED_UNIX -# * CREATED_EPOCH -# * LINK_PREV -# * LINK_NEXT -# * LINK_CHILD -# * LINK_PAR -# * LINK_SG + Log Set eACL for Deny GET operation with StringEqual Object Version + ${Version_value} = Get From Dictionary ${SYS_HEADER_PARSED} Version + ${Version_value_hex} = Convert Str to Hex Str with Len ${Version_value} + Set custom eACL ${USER_KEY} ${CID} 0001000000020000000100010000000200000002000756455253494f4e ${Version_value_hex} 0001000000030000 + Sleep 15sec + Get object from NeoFS ${OTHER_KEY} ${CID} ${S_OID_OTHER} local_file_eacl + Get object from NeoFS ${OTHER_KEY} ${CID} ${S_OID_USER} local_file_eacl + Log Set eACL for Deny GET operation with StringEqual Object PayloadLength + ${Payload_value} = Get From Dictionary ${SYS_HEADER_PARSED} PayloadLength + ${Payload_value_hex} = Convert Str to Hex Str with Len ${Payload_value} + Set custom eACL ${USER_KEY} ${CID} 0001000000020000000100010000000200000002000e5041594c4f41445f4c454e475448 ${Payload_value_hex} 0001000000030000 + Sleep 15sec + Run Keyword And Expect Error * + ... Get object from NeoFS ${OTHER_KEY} ${CID} ${S_OID_OTHER} local_file_eacl + Get object from NeoFS ${OTHER_KEY} ${CID} ${S_OID_USER} local_file_eacl + + Log Set eACL for Deny GET operation with StringEqual Object CreatedAtUnixTime + ${AtUnixTime_value} = Get From Dictionary ${SYS_HEADER_PARSED} CreatedAtUnixTime + ${AtUnixTime_value_hex} = Convert Str to Hex Str with Len ${AtUnixTime_value} + Set custom eACL ${USER_KEY} ${CID} 0001000000020000000100010000000200000002000c435245415445445f554e4958 ${AtUnixTime_value_hex} 0001000000030000 + Sleep 15sec + Run Keyword And Expect Error * + ... Get object from NeoFS ${OTHER_KEY} ${CID} ${S_OID_OTHER} local_file_eacl + Get object from NeoFS ${OTHER_KEY} ${CID} ${S_OID_USER} local_file_eacl + Log Set eACL for Deny GET operation with StringEqual Object CreatedAtEpoch + ${AtEpoch_value} = Get From Dictionary ${SYS_HEADER_PARSED} CreatedAtEpoch + ${AtEpoch_value_hex} = Convert Str to Hex Str with Len ${AtEpoch_value} + Set custom eACL ${USER_KEY} ${CID} 0001000000020000000100010000000200000002000d435245415445445f45504f4348 ${AtEpoch_value_hex} 0001000000030000 + Sleep 15sec + Run Keyword And Expect Error * + ... Get object from NeoFS ${OTHER_KEY} ${CID} ${S_OID_OTHER} local_file_eacl + Get object from NeoFS ${OTHER_KEY} ${CID} ${S_OID_USER} local_file_eacl + + + Log Set eACL for Deny GET operation with StringEqual Object Extended User Header + ${S_OID_USER_OTH} = Put object to NeoFS ${USER_KEY} ${FILE_S} ${CID} &{FILE_OTH_HEADER} + Set eACL ${USER_KEY} ${CID} 000100000002000000010001000000030000000200046b65793200062761626331270001000000030000 + Sleep 15sec + Run Keyword And Expect Error * + ... Get object from NeoFS ${OTHER_KEY} ${CID} ${S_OID_OTHER} local_file_eacl + Get object from NeoFS ${OTHER_KEY} ${CID} ${S_OID_USER} local_file_eacl Generate Keys @@ -154,25 +231,20 @@ Generate Keys Set Global Variable ${SYSTEM_KEY_SN} ${SYSTEM_KEY_GEN_SN} - - Create Container Public Log Create Public Container ${PUBLIC_CID_GEN} = Create container ${USER_KEY} 0x2FFFFFFF [Return] ${PUBLIC_CID_GEN} - Generate file # Generate small file ${FILE_S_GEN} = Generate file of bytes 1024 - ${FILE_S_HASH_GEN} = Get file hash ${FILE_S_GEN} - Set Global Variable ${FILE_S} ${FILE_S_GEN} - Set Global Variable ${FILE_S_HASH} ${FILE_S_HASH_GEN} + -Prepare eACL rules - Log Set eACL for different cases +Prepare eACL Role rules + Log Set eACL for different Role cases Set Global Variable ${EACL_DENY_ALL_OTHER} 0007000000020000000100000001000000030000000000020000000300000001000000030000000000020000000200000001000000030000000000020000000500000001000000030000000000020000000400000001000000030000000000020000000600000001000000030000000000020000000700000001000000030000 Set Global Variable ${EACL_ALLOW_ALL_OTHER} 0007000000010000000100000001000000030000000000010000000300000001000000030000000000010000000200000001000000030000000000010000000500000001000000030000000000010000000400000001000000030000000000010000000600000001000000030000000000010000000700000001000000030000 @@ -196,8 +268,6 @@ Check eACL Deny and Allow All Other Check eACL Deny and Allow All System - - ${CID} = Create Container Public ${S_OID_USER} = Put object to NeoFS ${USER_KEY} ${FILE_S} ${CID} &{FILE_USR_HEADER} ${D_OID_USER} = Put object to NeoFS ${USER_KEY} ${FILE_S} ${CID} &{FILE_USR_HEADER_DEL} @@ -231,10 +301,9 @@ Check eACL Deny and Allow All System Set eACL ${USER_KEY} ${CID} ${EACL_DENY_ALL_SYSTEM} - Sleep 30sec + Sleep 15sec - Run Keyword And Expect Error * ... Put object to NeoFS ${SYSTEM_KEY} ${FILE_S} ${CID} &{FILE_OTH_HEADER} Run Keyword And Expect Error * @@ -268,7 +337,7 @@ Check eACL Deny and Allow All System Set eACL ${USER_KEY} ${CID} ${EACL_ALLOW_ALL_SYSTEM} - Sleep 30sec + Sleep 15sec Run Keyword And Expect Error * @@ -298,8 +367,6 @@ Check eACL Deny and Allow All System - - Check eACL Deny All Other and Allow All Pubkey ${CID} = Create Container Public @@ -315,12 +382,10 @@ Check eACL Deny All Other and Allow All Pubkey Delete object ${EACL_KEY} ${CID} ${D_OID_USER} Set eACL ${USER_KEY} ${CID} ${EACL_ALLOW_ALL_Pubkey} - Sleep 30sec - - + Sleep 15sec Run Keyword And Expect Error * - ... Put object to NeoFS ${OTHER_KEY} ${FILE_S} ${CID} &{FILE_USR_HEADER} + ... Put object to NeoFS ${OTHER_KEY} ${FILE_S} ${CID} &{FILE_USR_HEADER} Run Keyword And Expect Error * ... Get object from NeoFS ${OTHER_KEY} ${CID} ${S_OID_USER} local_file_eacl Run Keyword And Expect Error * @@ -332,7 +397,7 @@ Check eACL Deny All Other and Allow All Pubkey Run Keyword And Expect Error * ... Delete object ${OTHER_KEY} ${CID} ${S_OID_USER} - Put object to NeoFS ${EACL_KEY} ${FILE_S} ${CID} &{FILE_OTH_HEADER} + Put object to NeoFS ${EACL_KEY} ${FILE_S} ${CID} &{FILE_OTH_HEADER} Get object from NeoFS ${EACL_KEY} ${CID} ${S_OID_USER} local_file_eacl Search object ${EACL_KEY} ${CID} ${EMPTY} @{S_OBJ_H} &{FILE_USR_HEADER} Head object ${EACL_KEY} ${CID} ${S_OID_USER} ${True} @@ -340,8 +405,6 @@ Check eACL Deny All Other and Allow All Pubkey Delete object ${EACL_KEY} ${CID} ${D_OID_USER} - - Check eACL Deny and Allow All [Arguments] ${KEY} ${DENY_EACL} ${ALLOW_EACL} @@ -358,7 +421,7 @@ Check eACL Deny and Allow All Delete object ${KEY} ${CID} ${D_OID_USER} Set eACL ${USER_KEY} ${CID} ${DENY_EACL} - Sleep 30sec + Sleep 15sec Run Keyword And Expect Error * ... Put object to NeoFS ${KEY} ${FILE_S} ${CID} &{FILE_USR_HEADER} @@ -375,7 +438,7 @@ Check eACL Deny and Allow All Set eACL ${USER_KEY} ${CID} ${ALLOW_EACL} - Sleep 30sec + Sleep 15sec Put object to NeoFS ${KEY} ${FILE_S} ${CID} &{FILE_OTH_HEADER} @@ -385,49 +448,3 @@ Check eACL Deny and Allow All Get Range ${KEY} ${CID} ${S_OID_USER} 0:256 Delete object ${KEY} ${CID} ${D_OID_USER} - - - - - - - - - - - - - -# docker exec neofs-cli neofs-cli --host 192.168.123.71:8080 --key 13a75c3bc71865ef9474f314dedb7aa9e2b22048a86bd431578abc30971f319a container set-eacl --cid 8PD2SdxUB1P6122mHP14XcRkQtWg2XPHaeDysWKz3ARy --eacl 0a4b080210021a1e080310011a0a686561646572206b6579220c6865616465722076616c7565222508031221031a6c6fbbdf02ca351745fa86b9ba5a9452d785ac4f7fc2b7548ca2a46c4fcf4a -# docker exec neofs-cli neofs-cli --host 192.168.123.71:8080 --key 13a75c3bc71865ef9474f314dedb7aa9e2b22048a86bd431578abc30971f319a container set-eacl --cid 8PD2SdxUB1P6122mHP14XcRkQtWg2XPHaeDysWKz3ARy --eacl 0a4a080210021a1e080310011a0a686561646572206b6579220c6865616465722076616c75652224080312200eef0860d2f81ed724ee45e7275a6a917791503582202c47459804192e1ba04a - -# docker exec neofs-cli neofs-cli --host 192.168.123.71:8080 --key 13a75c3bc71865ef9474f314dedb7aa9e2b22048a86bd431578abc30971f319a container get-eacl --cid 8PD2SdxUB1P6122mHP14XcRkQtWg2XPHaeDysWKz3ARy - - - - - -######################################## -######################################## - -Create Containers DELETE - # Create containers: - - Log Create Private Container - ${INCOR_CID_GEN} = Create container ${USER_KEY} 0x3FFFFFFF - Container Existing ${USER_KEY} ${INCOR_CID_GEN} - - - - Log Create Private Container - ${PRIV_CID_GEN} = Create container ${USER_KEY} 0x0C8C8CCC - Container Existing ${USER_KEY} ${PRIV_CID_GEN} - - Log Create None Container - ${NONE_CID_GEN} = Create container ${USER_KEY} 0x2000000 - Container Existing ${USER_KEY} ${NONE_CID_GEN} - - Set Global Variable ${INCOR_CID} ${INCOR_CID_GEN} - Set Global Variable ${PUBLIC_CID} ${PUBLIC_CID_GEN} - Set Global Variable ${PRIV_CID} ${PRIV_CID_GEN} - Set Global Variable ${NONE_CID} ${NONE_CID_GEN} \ No newline at end of file