From 1fe540fce981f87f44e16eca24de152179083878 Mon Sep 17 00:00:00 2001 From: Anatoly Bogatyrev Date: Thu, 7 Oct 2021 14:28:31 +0300 Subject: [PATCH] Add replication test with deny eACL (#133) * Add replication test with deny eACL --- robot/resources/lib/storage.robot | 16 +++++ .../acl/acl_extended_deny_replication.robot | 63 +++++++++++++++++++ .../acl/common_steps_acl_basic.robot | 3 - .../acl/common_steps_acl_bearer.robot | 1 - .../acl/common_steps_acl_extended.robot | 1 - robot/variables/common.py | 2 + 6 files changed, 81 insertions(+), 5 deletions(-) create mode 100644 robot/resources/lib/storage.robot create mode 100644 robot/testsuites/integration/acl/acl_extended_deny_replication.robot diff --git a/robot/resources/lib/storage.robot b/robot/resources/lib/storage.robot new file mode 100644 index 00000000..841d3d5f --- /dev/null +++ b/robot/resources/lib/storage.robot @@ -0,0 +1,16 @@ + +*** Settings *** +Variables ../../variables/common.py + +Library Process + +*** Keywords *** + +Drop object + [Arguments] ${NODE} ${WIF_STORAGE} ${CID} ${OID} + + ${DROP_SIMPLE} = Run Process neofs-cli control drop-objects -r ${NODE} --wif ${WIF_STORAGE} -o ${CID}/${OID} shell=True + Log Many stdout: ${DROP_SIMPLE.stdout} stderr: ${DROP_SIMPLE.stderr} + Should Be Equal As Integers ${DROP_SIMPLE.rc} 0 + + diff --git a/robot/testsuites/integration/acl/acl_extended_deny_replication.robot b/robot/testsuites/integration/acl/acl_extended_deny_replication.robot new file mode 100644 index 00000000..3b1f6d4d --- /dev/null +++ b/robot/testsuites/integration/acl/acl_extended_deny_replication.robot @@ -0,0 +1,63 @@ +*** Settings *** +Variables ../../../variables/common.py + +Library Collections +Library neofs.py +Library acl.py +Library payment_neogo.py + +Library contract_keywords.py + +Resource ../../../variables/eacl_tables.robot +Resource common_steps_acl_bearer.robot +Resource payment_operations.robot +Resource setup_teardown.robot +Resource storage.robot + +*** Variables *** +${FULL_PLACEMENT_RULE} = REP 4 IN X CBF 1 SELECT 4 FROM * AS X +${EXPECTED_COPIES} = ${4} + + +*** Test cases *** +eACL Deny Replication Operations + [Documentation] Testcase to validate NeoFS replication with eACL deny rules. + [Tags] ACL NeoFS_CLI Replication + [Timeout] 20 min + + [Setup] Setup + + ${NODE_NUM} ${NODE} ${WIF_STORAGE} = Get control endpoint with wif + ${WALLET} ${ADDR} ${WIF_USER} = Prepare Wallet And Deposit + + Prepare eACL Role rules + + Log Check Replication with eACL deny - object should be replicated + # https://github.com/nspcc-dev/neofs-node/issues/881 + + ${FILE} = Generate file of bytes ${SIMPLE_OBJ_SIZE} + + ${CID} = Create container ${WIF_USER} 0x0FFFFFFF ${FULL_PLACEMENT_RULE} + Wait Until Keyword Succeeds ${MORPH_BLOCK_TIME} ${CONTAINER_WAIT_INTERVAL} + ... Container Existing ${WIF_USER} ${CID} + + ${OID} = Put object ${WIF_USER} ${FILE} ${CID} ${EMPTY} ${FILE_USR_HEADER} + + Validate storage policy for object ${WIF_USER} ${EXPECTED_COPIES} ${CID} ${OID} + + Set eACL ${WIF_USER} ${CID} ${EACL_DENY_ALL_USER} + + Run Keyword And Expect Error * + ... Put object ${WIF_USER} ${FILE} ${CID} ${EMPTY} ${FILE_USR_HEADER} + + # Drop object to check replication + Drop object ${NODE} ${WIF_STORAGE} ${CID} ${OID} + + Tick Epoch + + # We assume that during one epoch object should be replicated + Wait Until Keyword Succeeds ${NEOFS_EPOCH_TIMEOUT} 1m + ... Validate storage policy for object ${WIF_STORAGE} ${EXPECTED_COPIES} ${CID} ${OID} + + [Teardown] Teardown acl_deny_replication + diff --git a/robot/testsuites/integration/acl/common_steps_acl_basic.robot b/robot/testsuites/integration/acl/common_steps_acl_basic.robot index 7aab9f93..d5ef9e1d 100644 --- a/robot/testsuites/integration/acl/common_steps_acl_basic.robot +++ b/robot/testsuites/integration/acl/common_steps_acl_basic.robot @@ -2,9 +2,6 @@ Variables ../../../variables/common.py Variables ../../../variables/acl.py -*** Variables *** -${CONTAINER_WAIT_INTERVAL} = 1 min - *** Keywords *** Create Private Container diff --git a/robot/testsuites/integration/acl/common_steps_acl_bearer.robot b/robot/testsuites/integration/acl/common_steps_acl_bearer.robot index 5352fa36..2fd24642 100644 --- a/robot/testsuites/integration/acl/common_steps_acl_bearer.robot +++ b/robot/testsuites/integration/acl/common_steps_acl_bearer.robot @@ -6,7 +6,6 @@ Variables ../../../variables/acl.py ${FILE_USR_HEADER} = key1=1,key2=abc ${FILE_USR_HEADER_DEL} = key1=del,key2=del ${FILE_OTH_HEADER} = key1=oth,key2=oth -${CONTAINER_WAIT_INTERVAL} = 1 min *** Keywords *** Create Container Public diff --git a/robot/testsuites/integration/acl/common_steps_acl_extended.robot b/robot/testsuites/integration/acl/common_steps_acl_extended.robot index a57a8481..7e9316a6 100644 --- a/robot/testsuites/integration/acl/common_steps_acl_extended.robot +++ b/robot/testsuites/integration/acl/common_steps_acl_extended.robot @@ -7,7 +7,6 @@ Library acl.py ${FILE_USR_HEADER} = key1=1,key2=abc ${FILE_USR_HEADER_DEL} = key1=del,key2=del ${FILE_OTH_HEADER} = key1=oth,key2=oth -${CONTAINER_WAIT_INTERVAL} = 1 min *** Keywords *** diff --git a/robot/variables/common.py b/robot/variables/common.py index 5b72fd63..e79756a5 100644 --- a/robot/variables/common.py +++ b/robot/variables/common.py @@ -8,6 +8,8 @@ CERT="%s/../../ca" % ROOT # Common NeoFS variables can be declared from neofs-dev-env env variables. # High priority is accepted for those envs. +CONTAINER_WAIT_INTERVAL = "1m" + NEOFS_EPOCH_TIMEOUT = (os.getenv("NEOFS_EPOCH_TIMEOUT") if os.getenv("NEOFS_EPOCH_TIMEOUT") else os.getenv("NEOFS_IR_TIMERS_EPOCH", "300s"))