From 776c2d7b90330f8f6818fe532c9f81aa1fa5eb20 Mon Sep 17 00:00:00 2001 From: "anatoly@nspcc.ru" Date: Thu, 26 Nov 2020 11:32:18 +0300 Subject: [PATCH] update --- robot/resources/lib/eacl/bearer_token | 25 + .../resources/lib/eacl/eacl_encoded_allow_all | 69 +++ .../lib/eacl/eacl_encoded_allow_all_pubkey | 132 +++++ .../lib/eacl/eacl_encoded_allow_all_sys | 68 +++ .../lib/eacl/eacl_encoded_allow_all_user | 68 +++ .../resources/lib/eacl/eacl_encoded_deny_all | 68 +++ .../lib/eacl/eacl_encoded_deny_all_pubkey | 68 +++ .../lib/eacl/eacl_encoded_deny_all_sys | 68 +++ .../lib/eacl/eacl_encoded_deny_all_user | 68 +++ .../lib/eacl/eacl_encoded_deny_filter | 21 + .../lib/eacl/eacl_encoded_deny_filter_check | 68 +++ robot/resources/lib/neofs.py | 391 ++++++++++++-- .../integration/acl_basic_api2.robot | 45 +- .../integration/acl_bearer_api2.robot | 229 +++++++++ .../integration/acl_extended_api2.robot | 481 ++++++++++++++++++ .../integration/object_complex_api2.robot | 21 +- .../integration/object_simple_api2.robot | 29 +- 17 files changed, 1849 insertions(+), 70 deletions(-) create mode 100644 robot/resources/lib/eacl/bearer_token create mode 100755 robot/resources/lib/eacl/eacl_encoded_allow_all create mode 100755 robot/resources/lib/eacl/eacl_encoded_allow_all_pubkey create mode 100755 robot/resources/lib/eacl/eacl_encoded_allow_all_sys create mode 100755 robot/resources/lib/eacl/eacl_encoded_allow_all_user create mode 100755 robot/resources/lib/eacl/eacl_encoded_deny_all create mode 100755 robot/resources/lib/eacl/eacl_encoded_deny_all_pubkey create mode 100755 robot/resources/lib/eacl/eacl_encoded_deny_all_sys create mode 100755 robot/resources/lib/eacl/eacl_encoded_deny_all_user create mode 100755 robot/resources/lib/eacl/eacl_encoded_deny_filter create mode 100755 robot/resources/lib/eacl/eacl_encoded_deny_filter_check create mode 100644 robot/testsuites/integration/acl_bearer_api2.robot create mode 100644 robot/testsuites/integration/acl_extended_api2.robot diff --git a/robot/resources/lib/eacl/bearer_token b/robot/resources/lib/eacl/bearer_token new file mode 100644 index 00000000..2f7f7468 --- /dev/null +++ b/robot/resources/lib/eacl/bearer_token @@ -0,0 +1,25 @@ +{ + "body": { + "eaclTable": { + "containerID": { + "value": "5nWjhWaME7krQsEKwwczsxAatT4SNqB1bnxKR36Szwtb" + }, + "records": [ + { + "operation": "GET", + "action": "ALLOW", + "targets": [ + { + "role": "OTHERS" + } + ] + } + ] + }, + "lifetime": { + "exp": "100500", + "nbf": "1", + "iat": "0" + } + } +} diff --git a/robot/resources/lib/eacl/eacl_encoded_allow_all b/robot/resources/lib/eacl/eacl_encoded_allow_all new file mode 100755 index 00000000..ff2631e4 --- /dev/null +++ b/robot/resources/lib/eacl/eacl_encoded_allow_all @@ -0,0 +1,69 @@ +{ + "records": [ + { + "operation": "GET", + "action": "ALLOW", + "targets": [ + { + "role": "OTHERS" + } + ] + }, + { + "operation": "HEAD", + "action": "ALLOW", + "targets": [ + { + "role": "OTHERS" + } + ] + }, + { + "operation": "PUT", + "action": "ALLOW", + "targets": [ + { + "role": "OTHERS" + } + ] + }, + { + "operation": "DELETE", + "action": "ALLOW", + "targets": [ + { + "role": "OTHERS" + } + ] + }, + { + "operation": "SEARCH", + "action": "ALLOW", + "targets": [ + { + "role": "OTHERS" + } + ] + }, + { + "operation": "GETRANGE", + "action": "ALLOW", + "targets": [ + { + "role": "OTHERS" + } + ] + }, + { + "operation": "GETRANGEHASH", + "action": "ALLOW", + "targets": [ + { + "role": "OTHERS" + } + ] + } + ] +} + + diff --git a/robot/resources/lib/eacl/eacl_encoded_allow_all_pubkey b/robot/resources/lib/eacl/eacl_encoded_allow_all_pubkey new file mode 100755 index 00000000..359f0e57 --- /dev/null +++ b/robot/resources/lib/eacl/eacl_encoded_allow_all_pubkey @@ -0,0 +1,132 @@ +{ + "records": [ + { + "operation": "GET", + "action": "ALLOW", + "targets": [ + { + "keys": [ "NSNKmYXGM6TUH4AjAbtC2afxbJMV87XdDT" ] + } + ] + }, + { + "operation": "HEAD", + "action": "ALLOW", + "targets": [ + { + "keys": [ "NSNKmYXGM6TUH4AjAbtC2afxbJMV87XdDT" ] + } + ] + }, + { + "operation": "PUT", + "action": "ALLOW", + "targets": [ + { + "keys": [ "NSNKmYXGM6TUH4AjAbtC2afxbJMV87XdDT" ] + } + ] + }, + { + "operation": "DELETE", + "action": "ALLOW", + "targets": [ + { + "keys": [ "NSNKmYXGM6TUH4AjAbtC2afxbJMV87XdDT" ] + } + ] + }, + { + "operation": "SEARCH", + "action": "ALLOW", + "targets": [ + { + "keys": [ "NSNKmYXGM6TUH4AjAbtC2afxbJMV87XdDT" ] + } + ] + }, + { + "operation": "GETRANGE", + "action": "ALLOW", + "targets": [ + { + "keys": [ "NSNKmYXGM6TUH4AjAbtC2afxbJMV87XdDT" ] + } + ] + }, + { + "operation": "GETRANGEHASH", + "action": "ALLOW", + "targets": [ + { + "keys": [ "NSNKmYXGM6TUH4AjAbtC2afxbJMV87XdDT" ] + } + ] + }, + { + "operation": "GET", + "action": "DENY", + "targets": [ + { + "role": "OTHERS" + } + ] + }, + { + "operation": "HEAD", + "action": "DENY", + "targets": [ + { + "role": "OTHERS" + } + ] + }, + { + "operation": "PUT", + "action": "DENY", + "targets": [ + { + "role": "OTHERS" + } + ] + }, + { + "operation": "DELETE", + "action": "DENY", + "targets": [ + { + "role": "OTHERS" + } + ] + }, + { + "operation": "SEARCH", + "action": "DENY", + "targets": [ + { + "role": "OTHERS" + } + ] + }, + { + "operation": "GETRANGE", + "action": "DENY", + "targets": [ + { + "role": "OTHERS" + } + ] + }, + { + "operation": "GETRANGEHASH", + "action": "DENY", + "targets": [ + { + "role": "OTHERS" + } + ] + } + + ] +} + diff --git a/robot/resources/lib/eacl/eacl_encoded_allow_all_sys b/robot/resources/lib/eacl/eacl_encoded_allow_all_sys new file mode 100755 index 00000000..ab8d9cd6 --- /dev/null +++ b/robot/resources/lib/eacl/eacl_encoded_allow_all_sys @@ -0,0 +1,68 @@ +{ + "records": [ + { + "operation": "GET", + "action": "ALLOW", + "targets": [ + { + "role": "SYSTEM" + } + ] + }, + { + "operation": "HEAD", + "action": "ALLOW", + "targets": [ + { + "role": "SYSTEM" + } + ] + }, + { + "operation": "PUT", + "action": "ALLOW", + "targets": [ + { + "role": "SYSTEM" + } + ] + }, + { + "operation": "DELETE", + "action": "ALLOW", + "targets": [ + { + "role": "SYSTEM" + } + ] + }, + { + "operation": "SEARCH", + "action": "ALLOW", + "targets": [ + { + "role": "SYSTEM" + } + ] + }, + { + "operation": "GETRANGE", + "action": "ALLOW", + "targets": [ + { + "role": "SYSTEM" + } + ] + }, + { + "operation": "GETRANGEHASH", + "action": "ALLOW", + "targets": [ + { + "role": "SYSTEM" + } + ] + } + ] +} + diff --git a/robot/resources/lib/eacl/eacl_encoded_allow_all_user b/robot/resources/lib/eacl/eacl_encoded_allow_all_user new file mode 100755 index 00000000..1186a55b --- /dev/null +++ b/robot/resources/lib/eacl/eacl_encoded_allow_all_user @@ -0,0 +1,68 @@ +{ + "records": [ + { + "operation": "GET", + "action": "ALLOW", + "targets": [ + { + "role": "USER" + } + ] + }, + { + "operation": "HEAD", + "action": "ALLOW", + "targets": [ + { + "role": "USER" + } + ] + }, + { + "operation": "PUT", + "action": "ALLOW", + "targets": [ + { + "role": "USER" + } + ] + }, + { + "operation": "DELETE", + "action": "ALLOW", + "targets": [ + { + "role": "USER" + } + ] + }, + { + "operation": "SEARCH", + "action": "ALLOW", + "targets": [ + { + "role": "USER" + } + ] + }, + { + "operation": "GETRANGE", + "action": "ALLOW", + "targets": [ + { + "role": "USER" + } + ] + }, + { + "operation": "GETRANGEHASH", + "action": "ALLOW", + "targets": [ + { + "role": "USER" + } + ] + } + ] +} + diff --git a/robot/resources/lib/eacl/eacl_encoded_deny_all b/robot/resources/lib/eacl/eacl_encoded_deny_all new file mode 100755 index 00000000..5e63d2b4 --- /dev/null +++ b/robot/resources/lib/eacl/eacl_encoded_deny_all @@ -0,0 +1,68 @@ +{ + "records": [ + { + "operation": "GET", + "action": "DENY", + "targets": [ + { + "role": "OTHERS" + } + ] + }, + { + "operation": "HEAD", + "action": "DENY", + "targets": [ + { + "role": "OTHERS" + } + ] + }, + { + "operation": "PUT", + "action": "DENY", + "targets": [ + { + "role": "OTHERS" + } + ] + }, + { + "operation": "DELETE", + "action": "DENY", + "targets": [ + { + "role": "OTHERS" + } + ] + }, + { + "operation": "SEARCH", + "action": "DENY", + "targets": [ + { + "role": "OTHERS" + } + ] + }, + { + "operation": "GETRANGE", + "action": "DENY", + "targets": [ + { + "role": "OTHERS" + } + ] + }, + { + "operation": "GETRANGEHASH", + "action": "DENY", + "targets": [ + { + "role": "OTHERS" + } + ] + } + ] +} + diff --git a/robot/resources/lib/eacl/eacl_encoded_deny_all_pubkey b/robot/resources/lib/eacl/eacl_encoded_deny_all_pubkey new file mode 100755 index 00000000..e570cc19 --- /dev/null +++ b/robot/resources/lib/eacl/eacl_encoded_deny_all_pubkey @@ -0,0 +1,68 @@ +{ + "records": [ + { + "operation": "GET", + "action": "DENY", + "targets": [ + { + "keys": [ "NSNKmYXGM6TUH4AjAbtC2afxbJMV87XdDT" ] + } + ] + }, + { + "operation": "HEAD", + "action": "DENY", + "targets": [ + { + "keys": [ "NSNKmYXGM6TUH4AjAbtC2afxbJMV87XdDT" ] + } + ] + }, + { + "operation": "PUT", + "action": "DENY", + "targets": [ + { + "keys": [ "NSNKmYXGM6TUH4AjAbtC2afxbJMV87XdDT" ] + } + ] + }, + { + "operation": "DELETE", + "action": "DENY", + "targets": [ + { + "keys": [ "NSNKmYXGM6TUH4AjAbtC2afxbJMV87XdDT" ] + } + ] + }, + { + "operation": "SEARCH", + "action": "DENY", + "targets": [ + { + "keys": [ "NSNKmYXGM6TUH4AjAbtC2afxbJMV87XdDT" ] + } + ] + }, + { + "operation": "GETRANGE", + "action": "DENY", + "targets": [ + { + "keys": [ "NSNKmYXGM6TUH4AjAbtC2afxbJMV87XdDT" ] + } + ] + }, + { + "operation": "GETRANGEHASH", + "action": "DENY", + "targets": [ + { + "keys": [ "NSNKmYXGM6TUH4AjAbtC2afxbJMV87XdDT" ] + } + ] + } + ] +} + diff --git a/robot/resources/lib/eacl/eacl_encoded_deny_all_sys b/robot/resources/lib/eacl/eacl_encoded_deny_all_sys new file mode 100755 index 00000000..83e31f96 --- /dev/null +++ b/robot/resources/lib/eacl/eacl_encoded_deny_all_sys @@ -0,0 +1,68 @@ +{ + "records": [ + { + "operation": "GET", + "action": "DENY", + "targets": [ + { + "role": "SYSTEM" + } + ] + }, + { + "operation": "HEAD", + "action": "DENY", + "targets": [ + { + "role": "SYSTEM" + } + ] + }, + { + "operation": "PUT", + "action": "DENY", + "targets": [ + { + "role": "SYSTEM" + } + ] + }, + { + "operation": "DELETE", + "action": "DENY", + "targets": [ + { + "role": "SYSTEM" + } + ] + }, + { + "operation": "SEARCH", + "action": "DENY", + "targets": [ + { + "role": "SYSTEM" + } + ] + }, + { + "operation": "GETRANGE", + "action": "DENY", + "targets": [ + { + "role": "SYSTEM" + } + ] + }, + { + "operation": "GETRANGEHASH", + "action": "DENY", + "targets": [ + { + "role": "SYSTEM" + } + ] + } + ] +} + diff --git a/robot/resources/lib/eacl/eacl_encoded_deny_all_user b/robot/resources/lib/eacl/eacl_encoded_deny_all_user new file mode 100755 index 00000000..05dde4cd --- /dev/null +++ b/robot/resources/lib/eacl/eacl_encoded_deny_all_user @@ -0,0 +1,68 @@ +{ + "records": [ + { + "operation": "GET", + "action": "DENY", + "targets": [ + { + "role": "USER" + } + ] + }, + { + "operation": "HEAD", + "action": "DENY", + "targets": [ + { + "role": "USER" + } + ] + }, + { + "operation": "PUT", + "action": "DENY", + "targets": [ + { + "role": "USER" + } + ] + }, + { + "operation": "DELETE", + "action": "DENY", + "targets": [ + { + "role": "USER" + } + ] + }, + { + "operation": "SEARCH", + "action": "DENY", + "targets": [ + { + "role": "USER" + } + ] + }, + { + "operation": "GETRANGE", + "action": "DENY", + "targets": [ + { + "role": "USER" + } + ] + }, + { + "operation": "GETRANGEHASH", + "action": "DENY", + "targets": [ + { + "role": "USER" + } + ] + } + ] +} + diff --git a/robot/resources/lib/eacl/eacl_encoded_deny_filter b/robot/resources/lib/eacl/eacl_encoded_deny_filter new file mode 100755 index 00000000..90b2c285 --- /dev/null +++ b/robot/resources/lib/eacl/eacl_encoded_deny_filter @@ -0,0 +1,21 @@ +{ + "records": [ + { + "operation": "GET", + "action": "DENY", + "filters": [ + { + "headerType": "OBJECT", + "matchType": "STRING_NOT_EQUAL", + "key": "$Object:objectID", + "value": "X" + } + ], + "targets": [ + { + "role": "OTHERS" + } + ] + } + ] +} diff --git a/robot/resources/lib/eacl/eacl_encoded_deny_filter_check b/robot/resources/lib/eacl/eacl_encoded_deny_filter_check new file mode 100755 index 00000000..5e63d2b4 --- /dev/null +++ b/robot/resources/lib/eacl/eacl_encoded_deny_filter_check @@ -0,0 +1,68 @@ +{ + "records": [ + { + "operation": "GET", + "action": "DENY", + "targets": [ + { + "role": "OTHERS" + } + ] + }, + { + "operation": "HEAD", + "action": "DENY", + "targets": [ + { + "role": "OTHERS" + } + ] + }, + { + "operation": "PUT", + "action": "DENY", + "targets": [ + { + "role": "OTHERS" + } + ] + }, + { + "operation": "DELETE", + "action": "DENY", + "targets": [ + { + "role": "OTHERS" + } + ] + }, + { + "operation": "SEARCH", + "action": "DENY", + "targets": [ + { + "role": "OTHERS" + } + ] + }, + { + "operation": "GETRANGE", + "action": "DENY", + "targets": [ + { + "role": "OTHERS" + } + ] + }, + { + "operation": "GETRANGEHASH", + "action": "DENY", + "targets": [ + { + "role": "OTHERS" + } + ] + } + ] +} + diff --git a/robot/resources/lib/neofs.py b/robot/resources/lib/neofs.py index 3e7089ed..e4362d21 100644 --- a/robot/resources/lib/neofs.py +++ b/robot/resources/lib/neofs.py @@ -8,7 +8,7 @@ import uuid import hashlib from robot.api.deco import keyword from robot.api import logger - +import json ROBOT_AUTO_KEYWORDS = False @@ -122,13 +122,23 @@ def validate_storage_policy_for_object(private_key: str, expected_copies: int, c @keyword('Get eACL') def get_eacl(private_key: bytes, cid: str): - Cmd = f'{CLI_PREFIX}neofs-cli --host {NEOFS_ENDPOINT} --key {binascii.hexlify(private_key).decode()} container get-eacl --cid {cid}' + Cmd = f'neofs-cli --rpc-endpoint {NEOFS_ENDPOINT} --key {private_key} container get-eacl --cid {cid}' logger.info("Cmd: %s" % Cmd) - complProc = subprocess.run(Cmd, check=True, universal_newlines=True, - stdout=subprocess.PIPE, stderr=subprocess.PIPE, timeout=150, shell=True) - output = complProc.stdout - logger.info("Output: %s" % output) + try: + complProc = subprocess.run(Cmd, check=True, universal_newlines=True, + stdout=subprocess.PIPE, stderr=subprocess.PIPE, timeout=150, shell=True) + output = complProc.stdout + logger.info("Output: %s" % output) + + return output + except subprocess.CalledProcessError as e: + if re.search(r'extended ACL table is not set for this container', e.output): + logger.info("Server is not presented in container.") + else: + raise Exception("command '{}' return with error (code {}): {}".format(e.cmd, e.returncode, e.output)) + + @keyword('Convert Str to Hex Str with Len') @@ -139,25 +149,12 @@ def conver_str_to_hex(string_convert: str): return str(prev_len_2)+str(converted) -@keyword('Set custom eACL') -def set_custom_eacl(private_key: bytes, cid: str, eacl_prefix: str, eacl_slice: str, eacl_postfix: str): - - logger.info(str(eacl_prefix)) - logger.info(str(eacl_slice)) - logger.info(str(eacl_postfix)) - - eacl = str(eacl_prefix) + str(eacl_slice) + str(eacl_postfix) - logger.info("Custom eACL: %s" % eacl) - - set_eacl(private_key, cid, eacl) - return - @keyword('Set eACL') -def set_eacl(private_key: bytes, cid: str, eacl: str): +def set_eacl(private_key: str, cid: str, eacl: str, add_keys: str = ""): - Cmd = f'{CLI_PREFIX}neofs-cli --host {NEOFS_ENDPOINT} --key {binascii.hexlify(private_key).decode()} container set-eacl --cid {cid} --eacl {eacl}' + Cmd = f'neofs-cli --rpc-endpoint {NEOFS_ENDPOINT} --key {private_key} container set-eacl --cid {cid} --table {eacl} {add_keys}' logger.info("Cmd: %s" % Cmd) complProc = subprocess.run(Cmd, check=True, universal_newlines=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE, timeout=150, shell=True) @@ -166,19 +163,322 @@ def set_eacl(private_key: bytes, cid: str, eacl: str): +@keyword('Form BearerToken file for all ops') +def form_bearertoken_file_for_all_ops(file_name: str, private_key: str, cid: str, action: str, target_role: str, lifetime_exp: str ): + + eacl = get_eacl(private_key, cid) + input_records = "" + if eacl: + res_json = re.split(r'[\s\n]+\][\s\n]+\}[\s\n]+Signature:', eacl) + records = re.split(r'"records": \[', res_json[0]) + input_records = ",\n" + records[1] + + myjson = """ +{ + "body": { + "eaclTable": { + "containerID": { + "value": \"""" + cid + """" + }, + "records": [ + { + "operation": "GET", + "action": \"""" + action + """", + "targets": [ + { + "role": \"""" + target_role + """" + } + ] + }, + { + "operation": "PUT", + "action": \"""" + action + """", + "targets": [ + { + "role": \"""" + target_role + """" + } + ] + }, + { + "operation": "HEAD", + "action": \"""" + action + """", + "targets": [ + { + "role": \"""" + target_role + """" + } + ] + }, + { + "operation": "DELETE", + "action": \"""" + action + """", + "targets": [ + { + "role": \"""" + target_role + """" + } + ] + }, + { + "operation": "SEARCH", + "action": \"""" + action + """", + "targets": [ + { + "role": \"""" + target_role + """" + } + ] + }, + { + "operation": "GETRANGE", + "action": \"""" + action + """", + "targets": [ + { + "role": \"""" + target_role + """" + } + ] + }, + { + "operation": "GETRANGEHASH", + "action": \"""" + action + """", + "targets": [ + { + "role": \"""" + target_role + """" + } + ] + }""" + input_records + """ + ] + }, + "lifetime": { + "exp": \"""" + lifetime_exp + """", + "nbf": "1", + "iat": "0" + } + } +} +""" + with open(file_name,'w') as out: + out.write(myjson) + logger.info("Output: %s" % myjson) + + # Sign bearer token + Cmd = f'neofs-cli util sign bearer-token --from {file_name} --to {file_name} --key {private_key} --json' + logger.info("Cmd: %s" % Cmd) + + try: + complProc = subprocess.run(Cmd, check=True, universal_newlines=True, + stdout=subprocess.PIPE, stderr=subprocess.PIPE, timeout=15, shell=True) + output = complProc.stdout + logger.info("Output: %s" % str(output)) + except subprocess.CalledProcessError as e: + raise Exception("command '{}' return with error (code {}): {}".format(e.cmd, e.returncode, e.output)) + + return file_name + + + +@keyword('Form BearerToken file filter for all ops') +def form_bearertoken_file_filter_for_all_ops(file_name: str, private_key: str, cid: str, action: str, target_role: str, lifetime_exp: str, matchType: str, key: str, value: str): + + # SEARCH should be allowed without filters to use GET, HEAD, DELETE, and SEARCH. + + eacl = get_eacl(private_key, cid) + input_records = "" + if eacl: + res_json = re.split(r'[\s\n]+\][\s\n]+\}[\s\n]+Signature:', eacl) + records = re.split(r'"records": \[', res_json[0]) + input_records = ",\n" + records[1] + + myjson = """ +{ + "body": { + "eaclTable": { + "containerID": { + "value": \"""" + cid + """" + }, + "records": [ + { + "operation": "GET", + "action": \"""" + action + """", + "filters": [ + { + "headerType": "OBJECT", + "matchType": \"""" + matchType + """", + "key": \"""" + key + """", + "value": \"""" + value + """" + } + ], + "targets": [ + { + "role": \"""" + target_role + """" + } + ] + }, + { + "operation": "PUT", + "action": \"""" + action + """", + "targets": [ + { + "role": \"""" + target_role + """" + } + ] + }, + { + "operation": "HEAD", + "action": \"""" + action + """", + "filters": [ + { + "headerType": "OBJECT", + "matchType": \"""" + matchType + """", + "key": \"""" + key + """", + "value": \"""" + value + """" + } + ], + "targets": [ + { + "role": \"""" + target_role + """" + } + ] + }, + { + "operation": "DELETE", + "action": \"""" + action + """", + "filters": [ + { + "headerType": "OBJECT", + "matchType": \"""" + matchType + """", + "key": \"""" + key + """", + "value": \"""" + value + """" + } + ], + "targets": [ + { + "role": \"""" + target_role + """" + } + ] + }, + { + "operation": "SEARCH", + "action": \"""" + action + """", + "targets": [ + { + "role": \"""" + target_role + """" + } + ] + }, + { + "operation": "GETRANGE", + "action": \"""" + action + """", + "filters": [ + { + "headerType": "OBJECT", + "matchType": \"""" + matchType + """", + "key": \"""" + key + """", + "value": \"""" + value + """" + } + ], + "targets": [ + { + "role": \"""" + target_role + """" + } + ] + }, + { + "operation": "GETRANGEHASH", + "action": \"""" + action + """", + "filters": [ + { + "headerType": "OBJECT", + "matchType": \"""" + matchType + """", + "key": \"""" + key + """", + "value": \"""" + value + """" + } + ], + "targets": [ + { + "role": \"""" + target_role + """" + } + ] + }""" + input_records + """ + ] + }, + "lifetime": { + "exp": \"""" + lifetime_exp + """", + "nbf": "1", + "iat": "0" + } + } +} +""" + with open(file_name,'w') as out: + out.write(myjson) + logger.info("Output: %s" % myjson) + + # Sign bearer token + Cmd = f'neofs-cli util sign bearer-token --from {file_name} --to {file_name} --key {private_key} --json' + logger.info("Cmd: %s" % Cmd) + + try: + complProc = subprocess.run(Cmd, check=True, universal_newlines=True, + stdout=subprocess.PIPE, stderr=subprocess.PIPE, timeout=15, shell=True) + output = complProc.stdout + logger.info("Output: %s" % str(output)) + except subprocess.CalledProcessError as e: + raise Exception("command '{}' return with error (code {}): {}".format(e.cmd, e.returncode, e.output)) + + return file_name + + + +@keyword('Form eACL json file') +def form_eacl_json_file(file_name: str, operation: str, action: str, matchType: str, key: str, value: str, target_role: str): + + myjson = """ +{ + "records": [ + { + "operation": \"""" + operation + """", + "action": \"""" + action + """", + "filters": [ + { + "headerType": "OBJECT", + "matchType": \"""" + matchType + """", + "key": \"""" + key + """", + "value": \"""" + value + """" + } + ], + "targets": [ + { + "role": \"""" + target_role + """" + } + ] + } + ] +} +""" + with open(file_name,'w') as out: + out.write(myjson) + logger.info("Output: %s" % myjson) + + return file_name + + + + @keyword('Get Range') -def get_range(private_key: str, cid: str, oid: str, bearer: str, range_cut: str): +def get_range(private_key: str, cid: str, oid: str, range_file: str, bearer: str, range_cut: str): bearer_token = "" if bearer: bearer_token = f"--bearer {bearer}" - Cmd = f'neofs-cli --rpc-endpoint {NEOFS_ENDPOINT} --key {binascii.hexlify(private_key).decode()} object get-range --cid {cid} --oid {oid} {bearer_token} {range_cut} ' + Cmd = f'neofs-cli --rpc-endpoint {NEOFS_ENDPOINT} --key {private_key} object range --cid {cid} --oid {oid} {bearer_token} --range {range_cut} --file {range_file} ' logger.info("Cmd: %s" % Cmd) - complProc = subprocess.run(Cmd, check=True, universal_newlines=True, - stdout=subprocess.PIPE, stderr=subprocess.PIPE, timeout=150, shell=True) - output = complProc.stdout - logger.info("Output: %s" % output) + + try: + complProc = subprocess.run(Cmd, check=True, universal_newlines=True, + stdout=subprocess.PIPE, stderr=subprocess.PIPE, timeout=150, shell=True) + output = complProc.stdout + logger.info("Output: %s" % str(output)) + except subprocess.CalledProcessError as e: + raise Exception("command '{}' return with error (code {}): {}".format(e.cmd, e.returncode, e.output)) @keyword('Create container') @@ -425,36 +725,28 @@ def parse_object_system_header(header: str): #SystemHeader logger.info("Input: %s" % header) # ID - m = re.search(r'- ID=([a-zA-Z0-9-]+)', header) + m = re.search(r'ID: (\w+)', header) if m.start() != m.end(): # e.g., if match found something result_header['ID'] = m.group(1) else: raise Exception("no ID was parsed from object header: \t%s" % output) # CID - m = re.search(r'- CID=([a-zA-Z0-9]+)', header) + m = re.search(r'CID: (\w+)', header) if m.start() != m.end(): # e.g., if match found something result_header['CID'] = m.group(1) else: raise Exception("no CID was parsed from object header: \t%s" % output) # Owner - m = re.search(r'- OwnerID=([a-zA-Z0-9]+)', header) + m = re.search(r'Owner: ([a-zA-Z0-9]+)', header) if m.start() != m.end(): # e.g., if match found something result_header['OwnerID'] = m.group(1) else: raise Exception("no OwnerID was parsed from object header: \t%s" % output) - # Version - m = re.search(r'- Version=(\d+)', header) - if m.start() != m.end(): # e.g., if match found something - result_header['Version'] = m.group(1) - else: - raise Exception("no Version was parsed from object header: \t%s" % output) - - # PayloadLength - m = re.search(r'- PayloadLength=(\d+)', header) + m = re.search(r'Size: (\d+)', header) if m.start() != m.end(): # e.g., if match found something result_header['PayloadLength'] = m.group(1) else: @@ -462,15 +754,15 @@ def parse_object_system_header(header: str): - # CreatedAtUnixTime - m = re.search(r'- CreatedAt={UnixTime=(\d+)', header) + # CreatedAtUnixTime + m = re.search(r'Timestamp=(\d+)', header) if m.start() != m.end(): # e.g., if match found something result_header['CreatedAtUnixTime'] = m.group(1) else: raise Exception("no CreatedAtUnixTime was parsed from object header: \t%s" % output) # CreatedAtEpoch - m = re.search(r'- CreatedAt={UnixTime=\d+ Epoch=(\d+)', header) + m = re.search(r'CreatedAt: (\d+)', header) if m.start() != m.end(): # e.g., if match found something result_header['CreatedAtEpoch'] = m.group(1) else: @@ -584,11 +876,16 @@ def put_object(private_key: str, path: str, cid: str, bearer: str, user_headers: putObjectCmd = f'neofs-cli --rpc-endpoint {NEOFS_ENDPOINT} --key {private_key} object put --file {path} --cid {cid} {bearer} {user_headers}' logger.info("Cmd: %s" % putObjectCmd) - complProc = subprocess.run(putObjectCmd, check=True, universal_newlines=True, - stdout=subprocess.PIPE, stderr=subprocess.PIPE, timeout=60, shell=True) - logger.info("Output: %s" % complProc.stdout) - oid = _parse_oid(complProc.stdout) - return oid + + try: + complProc = subprocess.run(putObjectCmd, check=True, universal_newlines=True, + stdout=subprocess.PIPE, stderr=subprocess.PIPE, timeout=60, shell=True) + logger.info("Output: %s" % complProc.stdout) + oid = _parse_oid(complProc.stdout) + return oid + except subprocess.CalledProcessError as e: + raise Exception("command '{}' return with error (code {}): {}".format(e.cmd, e.returncode, e.output)) + @keyword('Get Range Hash') diff --git a/robot/testsuites/integration/acl_basic_api2.robot b/robot/testsuites/integration/acl_basic_api2.robot index d6f28005..c32621ef 100644 --- a/robot/testsuites/integration/acl_basic_api2.robot +++ b/robot/testsuites/integration/acl_basic_api2.robot @@ -56,7 +56,7 @@ Generate Keys Payment Operations ${WALLET_OTH} ${ADDR_OTH} ${OTHER_KEY} # Basic ACL manual page: https://neospcc.atlassian.net/wiki/spaces/NEOF/pages/362348545/NeoFS+ACL - # TODO: X - Sticky bit validation on public container!!! + # TODO: X - Sticky bit validation on public container Payment Operations @@ -84,7 +84,7 @@ Create Containers Log Create Private Container - ${PRIV_CID_GEN} = Create container ${USER_KEY} 0x1C8C8CCC ${RULE_FOR_ALL} + ${PRIV_CID_GEN} = Create container ${USER_KEY} 0x18888888 ${RULE_FOR_ALL} Container Existing ${USER_KEY} ${PRIV_CID_GEN} Log Create Public Container @@ -92,7 +92,7 @@ Create Containers Container Existing ${USER_KEY} ${PUBLIC_CID_GEN} Log Create Read-Only Container - ${READONLY_CID_GEN} = Create container ${USER_KEY} 0x1FFF8CFF ${RULE_FOR_ALL} + ${READONLY_CID_GEN} = Create container ${USER_KEY} 0x1FFF88FF ${RULE_FOR_ALL} Container Existing ${USER_KEY} ${READONLY_CID_GEN} Set Global Variable ${PRIV_CID} ${PRIV_CID_GEN} @@ -115,9 +115,9 @@ Check Private Container # Put ${S_OID_USER} = Put object to NeoFS ${USER_KEY} ${FILE_S} ${PRIV_CID} ${EMPTY} ${EMPTY} Run Keyword And Expect Error * - ... Put object to NeoFS ${OTHER_KEY} ${FILE_S} ${PRIV_CID} ${EMPTY} ${EMPTY} - # https://github.com/nspcc-dev/neofs-node/issues/178 - ${S_OID_SYS_IR} = Put object to NeoFS ${SYSTEM_KEY} ${FILE_S} ${PRIV_CID} ${EMPTY} ${EMPTY} + ... Put object to NeoFS ${OTHER_KEY} ${FILE_S} ${PRIV_CID} ${EMPTY} ${EMPTY} + Run Keyword And Expect Error * + ... Put object to NeoFS ${SYSTEM_KEY} ${FILE_S} ${PRIV_CID} ${EMPTY} ${EMPTY} ${S_OID_SYS_SN} = Put object to NeoFS ${SYSTEM_KEY_STOR_NODE} ${FILE_S} ${PRIV_CID} ${EMPTY} ${EMPTY} @@ -127,9 +127,19 @@ Check Private Container Get object from NeoFS ${USER_KEY} ${PRIV_CID} ${S_OID_USER} ${EMPTY} s_file_read Run Keyword And Expect Error * ... Get object from NeoFS ${OTHER_KEY} ${PRIV_CID} ${S_OID_USER} ${EMPTY} s_file_read - Get object from NeoFS ${SYSTEM_KEY} ${PRIV_CID} ${S_OID_USER} ${EMPTY} s_file_read + Run Keyword And Expect Error * + ... Get object from NeoFS ${SYSTEM_KEY} ${PRIV_CID} ${S_OID_USER} ${EMPTY} s_file_read Get object from NeoFS ${SYSTEM_KEY_STOR_NODE} ${PRIV_CID} ${S_OID_USER} ${EMPTY} s_file_read + # Get Range + Get Range ${USER_KEY} ${PRIV_CID} ${S_OID_USER} s_get_range ${EMPTY} 0:256 + Run Keyword And Expect Error * + ... Get Range ${OTHER_KEY} ${PRIV_CID} ${S_OID_USER} s_get_range ${EMPTY} 0:256 + Run Keyword And Expect Error * + ... Get Range ${SYSTEM_KEY} ${PRIV_CID} ${S_OID_USER} s_get_range ${EMPTY} 0:256 + Run Keyword And Expect Error * + ... Get Range ${SYSTEM_KEY_STOR_NODE} ${PRIV_CID} ${S_OID_USER} s_get_range ${EMPTY} 0:256 + # Get Range Hash Get Range Hash ${USER_KEY} ${PRIV_CID} ${S_OID_USER} ${EMPTY} 0:256 Run Keyword And Expect Error * @@ -140,7 +150,7 @@ Check Private Container # TODO: GetRange https://github.com/nspcc-dev/neofs-node/issues/179 # Search - @{S_OBJ_PRIV} = Create List ${S_OID_USER} ${S_OID_SYS_SN} ${S_OID_SYS_IR} + @{S_OBJ_PRIV} = Create List ${S_OID_USER} ${S_OID_SYS_SN} Search object ${USER_KEY} ${PRIV_CID} ${EMPTY} ${EMPTY} ${EMPTY} @{S_OBJ_PRIV} Run Keyword And Expect Error * ... Search object ${OTHER_KEY} ${PRIV_CID} ${EMPTY} ${EMPTY} ${EMPTY} @{S_OBJ_PRIV} @@ -184,6 +194,13 @@ Check Public Container Get object from NeoFS ${SYSTEM_KEY} ${PUBLIC_CID} ${S_OID_USER} ${EMPTY} s_file_read Get object from NeoFS ${SYSTEM_KEY_STOR_NODE} ${PUBLIC_CID} ${S_OID_USER} ${EMPTY} s_file_read + # Get Range + Get Range ${USER_KEY} ${PUBLIC_CID} ${S_OID_USER} s_get_range ${EMPTY} 0:256 + Get Range ${OTHER_KEY} ${PUBLIC_CID} ${S_OID_USER} s_get_range ${EMPTY} 0:256 + Get Range ${SYSTEM_KEY} ${PUBLIC_CID} ${S_OID_USER} s_get_range ${EMPTY} 0:256 + Get Range ${SYSTEM_KEY_STOR_NODE} ${PUBLIC_CID} ${S_OID_USER} s_get_range ${EMPTY} 0:256 + + # Get Range Hash Get Range Hash ${USER_KEY} ${PUBLIC_CID} ${S_OID_USER} ${EMPTY} 0:256 Get Range Hash ${OTHER_KEY} ${PUBLIC_CID} ${S_OID_USER} ${EMPTY} 0:256 @@ -229,7 +246,8 @@ Check Read-Only Container ${S_OID_USER} = Put object to NeoFS ${USER_KEY} ${FILE_S} ${READONLY_CID} ${EMPTY} ${EMPTY} Run Keyword And Expect Error * ... Put object to NeoFS ${OTHER_KEY} ${FILE_S} ${READONLY_CID} ${EMPTY} ${EMPTY} - ${S_OID_SYS_IR} = Put object to NeoFS ${SYSTEM_KEY} ${FILE_S} ${READONLY_CID} ${EMPTY} ${EMPTY} + Run Keyword And Expect Error * + ... Put object to NeoFS ${SYSTEM_KEY} ${FILE_S} ${READONLY_CID} ${EMPTY} ${EMPTY} ${S_OID_SYS_SN} = Put object to NeoFS ${SYSTEM_KEY_STOR_NODE} ${FILE_S} ${READONLY_CID} ${EMPTY} ${EMPTY} # Get @@ -238,6 +256,13 @@ Check Read-Only Container Get object from NeoFS ${SYSTEM_KEY} ${READONLY_CID} ${S_OID_USER} ${EMPTY} s_file_read Get object from NeoFS ${SYSTEM_KEY_STOR_NODE} ${READONLY_CID} ${S_OID_USER} ${EMPTY} s_file_read + # Get Range + Get Range ${USER_KEY} ${READONLY_CID} ${S_OID_USER} s_get_range ${EMPTY} 0:256 + Get Range ${OTHER_KEY} ${READONLY_CID} ${S_OID_USER} s_get_range ${EMPTY} 0:256 + Get Range ${SYSTEM_KEY} ${READONLY_CID} ${S_OID_USER} s_get_range ${EMPTY} 0:256 + Get Range ${SYSTEM_KEY_STOR_NODE} ${READONLY_CID} ${S_OID_USER} s_get_range ${EMPTY} 0:256 + + # Get Range Hash Get Range Hash ${USER_KEY} ${READONLY_CID} ${S_OID_USER} ${EMPTY} 0:256 Get Range Hash ${OTHER_KEY} ${READONLY_CID} ${S_OID_USER} ${EMPTY} 0:256 @@ -245,7 +270,7 @@ Check Read-Only Container Get Range Hash ${SYSTEM_KEY_STOR_NODE} ${READONLY_CID} ${S_OID_USER} ${EMPTY} 0:256 # Search - @{S_OBJ_RO} = Create List ${S_OID_USER} ${S_OID_SYS_SN} ${S_OID_SYS_IR} + @{S_OBJ_RO} = Create List ${S_OID_USER} ${S_OID_SYS_SN} Search object ${USER_KEY} ${READONLY_CID} ${EMPTY} ${EMPTY} ${EMPTY} @{S_OBJ_RO} Search object ${OTHER_KEY} ${READONLY_CID} ${EMPTY} ${EMPTY} ${EMPTY} @{S_OBJ_RO} Search object ${SYSTEM_KEY} ${READONLY_CID} ${EMPTY} ${EMPTY} ${EMPTY} @{S_OBJ_RO} diff --git a/robot/testsuites/integration/acl_bearer_api2.robot b/robot/testsuites/integration/acl_bearer_api2.robot new file mode 100644 index 00000000..e7ee4001 --- /dev/null +++ b/robot/testsuites/integration/acl_bearer_api2.robot @@ -0,0 +1,229 @@ +*** Settings *** +Variables ../../variables/common.py + +Library Collections +Library ${RESOURCES}/environment.py +Library ${RESOURCES}/neo.py +Library ${RESOURCES}/neofs.py +Library ${RESOURCES}/payment_neogo.py + +*** Variables *** +${FILE_USR_HEADER} = key1=1,key2=abc +${FILE_USR_HEADER_DEL} = key1=del,key2=del +${FILE_OTH_HEADER} = key1=oth,key2=oth +${RULE_FOR_ALL} = REP 2 IN X CBF 1 SELECT 4 FROM * AS X + +*** Test cases *** +BearerToken Operations + [Documentation] Testcase to validate NeoFS operations with BearerToken. + [Tags] ACL NeoFS NeoCLI BearerToken + [Timeout] 20 min + + Generate Keys + Generate file + Prepare eACL Role rules + Check Bearer + + + +*** Keywords *** + + +Check Bearer + Check Container Inaccessible and Allow All Bearer + Check eACL Deny and Allow All Bearer + Check eACL Deny and Allow All Bearer Filter OID + + + + + + +Generate Keys + ${WALLET} = Init wallet + Generate wallet ${WALLET} + ${ADDR} = Dump Address ${WALLET} + ${USER_KEY_GEN} = Dump PrivKey ${WALLET} ${ADDR} + + ${WALLET_OTH} = Init wallet + Generate wallet ${WALLET_OTH} + ${ADDR_OTH} = Dump Address ${WALLET_OTH} + ${OTHER_KEY_GEN} = Dump PrivKey ${WALLET_OTH} ${ADDR_OTH} + + + ${EACL_KEY_GEN} = Form WIF from String 782676b81a35c5f07325ec523e8521ee4946b6e5d4c6cd652dd0c3ba51ce03de + ${SYSTEM_KEY_GEN} = Form WIF from String c428b4a06f166fde9f8afcf918194acdde35aa2612ecf42fe0c94273425ded21 + ${SYSTEM_KEY_GEN_SN} = Form WIF from String 0fa21a94be2227916284e4b3495180d9c93d04f095fe9d5a86f22044f5c411d2 + + Set Global Variable ${USER_KEY} ${USER_KEY_GEN} + Set Global Variable ${OTHER_KEY} ${OTHER_KEY_GEN} + Set Global Variable ${SYSTEM_KEY} ${SYSTEM_KEY_GEN} + Set Global Variable ${SYSTEM_KEY_SN} ${SYSTEM_KEY_GEN_SN} + Set Global Variable ${EACL_KEY} ${EACL_KEY_GEN} + + Payment Operations ${WALLET} ${ADDR} ${USER_KEY} + Payment Operations ${WALLET_OTH} ${ADDR_OTH} ${OTHER_KEY} + + +Payment Operations + [Arguments] ${WALLET} ${ADDR} ${KEY} + + ${TX} = Transfer Mainnet Gas wallets/wallet.json NTrezR3C4X8aMLVg7vozt5wguyNfFhwuFx ${ADDR} 55 + Wait Until Keyword Succeeds 1 min 15 sec + ... Transaction accepted in block ${TX} + Get Transaction ${TX} + Expexted Mainnet Balance ${ADDR} 55 + + ${SCRIPT_HASH} = Get ScripHash ${KEY} + + ${TX_DEPOSIT} = NeoFS Deposit ${WALLET} ${ADDR} ${SCRIPT_HASH} 50 + Wait Until Keyword Succeeds 1 min 15 sec + ... Transaction accepted in block ${TX_DEPOSIT} + Get Transaction ${TX_DEPOSIT} + + + + +Create Container Public + Log Create Public Container + ${PUBLIC_CID_GEN} = Create container ${USER_KEY} 0x0FFFFFFF + [Return] ${PUBLIC_CID_GEN} + + +Create Container Inaccessible + Log Create Inaccessible Container + ${PUBLIC_CID_GEN} = Create container ${USER_KEY} 0x40000000 + [Return] ${PUBLIC_CID_GEN} + + + +Generate file + # Generate small file + ${FILE_S_GEN} = Generate file of bytes 1024 + Set Global Variable ${FILE_S} ${FILE_S_GEN} + + +Prepare eACL Role rules + Log Set eACL for different Role cases + Set Global Variable ${EACL_DENY_ALL_OTHER} robot/resources/lib/eacl/eacl_encoded_deny_all + Set Global Variable ${EACL_ALLOW_ALL_OTHER} robot/resources/lib/eacl/eacl_encoded_allow_all + + Set Global Variable ${EACL_DENY_ALL_USER} robot/resources/lib/eacl/eacl_encoded_deny_all_user + Set Global Variable ${EACL_ALLOW_ALL_USER} robot/resources/lib/eacl/eacl_encoded_allow_all_user + + Set Global Variable ${EACL_DENY_ALL_SYSTEM} robot/resources/lib/eacl/eacl_encoded_deny_all_sys + Set Global Variable ${EACL_ALLOW_ALL_SYSTEM} robot/resources/lib/eacl/eacl_encoded_allow_all_sys + + Set Global Variable ${EACL_ALLOW_ALL_Pubkey} robot/resources/lib/eacl/eacl_encoded_allow_all_pubkey + + + +Check Container Inaccessible and Allow All Bearer + ${CID} = Create Container Inaccessible + + Run Keyword And Expect Error * + ... Put object to NeoFS ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER} + Run Keyword And Expect Error * + ... Search object ${USER_KEY} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER} + + Form BearerToken file for all ops bearer_allow_all_user ${USER_KEY} ${CID} ALLOW USER 100500 + + Run Keyword And Expect Error * + ... Put object to NeoFS ${USER_KEY} ${FILE_S} ${CID} bearer_allow_all_user ${FILE_USR_HEADER} + Run Keyword And Expect Error * + ... Search object ${USER_KEY} ${CID} ${EMPTY} bearer_allow_all_user ${FILE_USR_HEADER} + + + +Check eACL Deny and Allow All Bearer + ${CID} = Create Container Public + ${S_OID_USER} = Put object to NeoFS ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER} + ${D_OID_USER} = Put object to NeoFS ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER_DEL} + @{S_OBJ_H} = Create List ${S_OID_USER} + + + Put object to NeoFS ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_OTH_HEADER} + Get object from NeoFS ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl + Search object ${USER_KEY} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER} @{S_OBJ_H} + Head object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} + Get Range ${USER_KEY} ${CID} ${S_OID_USER} s_get_range ${EMPTY} 0:256 + Delete object ${USER_KEY} ${CID} ${D_OID_USER} ${EMPTY} + + Set eACL ${USER_KEY} ${CID} ${EACL_DENY_ALL_USER} --await + + Form BearerToken file for all ops bearer_allow_all_user ${USER_KEY} ${CID} ALLOW USER 100500 + + Run Keyword And Expect Error * + ... Put object to NeoFS ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER} + Run Keyword And Expect Error * + ... Get object from NeoFS ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl + Run Keyword And Expect Error * + ... Search object ${USER_KEY} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER} @{S_OBJ_H} + Run Keyword And Expect Error * + ... Head object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} + Run Keyword And Expect Error * + ... Get Range ${USER_KEY} ${CID} ${S_OID_USER} s_get_range ${EMPTY} 0:256 + Run Keyword And Expect Error * + ... Delete object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} + + + Put object to NeoFS ${USER_KEY} ${FILE_S} ${CID} bearer_allow_all_user ${FILE_OTH_HEADER} + Get object from NeoFS ${USER_KEY} ${CID} ${S_OID_USER} bearer_allow_all_user local_file_eacl + Search object ${USER_KEY} ${CID} ${EMPTY} bearer_allow_all_user ${FILE_USR_HEADER} @{S_OBJ_H} + Head object ${USER_KEY} ${CID} ${S_OID_USER} bearer_allow_all_user + Get Range ${USER_KEY} ${CID} ${S_OID_USER} s_get_range bearer_allow_all_user 0:256 + Delete object ${USER_KEY} ${CID} ${S_OID_USER} bearer_allow_all_user + + + + + +Check eACL Deny and Allow All Bearer Filter OID + ${CID} = Create Container Public + ${S_OID_USER} = Put object to NeoFS ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER} + ${S_OID_USER_2} = Put object to NeoFS ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${EMPTY} + ${D_OID_USER} = Put object to NeoFS ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER_DEL} + @{S_OBJ_H} = Create List ${S_OID_USER} + + + Put object to NeoFS ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_OTH_HEADER} + Get object from NeoFS ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl + Search object ${USER_KEY} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER} @{S_OBJ_H} + Head object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} + Get Range ${USER_KEY} ${CID} ${S_OID_USER} s_get_range ${EMPTY} 0:256 + Delete object ${USER_KEY} ${CID} ${D_OID_USER} ${EMPTY} + + Set eACL ${USER_KEY} ${CID} ${EACL_DENY_ALL_USER} --await + + Form BearerToken file filter for all ops bearer_allow_all_user ${USER_KEY} ${CID} ALLOW USER 100500 STRING_EQUAL $Object:objectID ${S_OID_USER} + + Run Keyword And Expect Error * + ... Put object to NeoFS ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER} + Run Keyword And Expect Error * + ... Get object from NeoFS ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl + Run Keyword And Expect Error * + ... Search object ${USER_KEY} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER} @{S_OBJ_H} + Run Keyword And Expect Error * + ... Head object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} + Run Keyword And Expect Error * + ... Get Range ${USER_KEY} ${CID} ${S_OID_USER} s_get_range ${EMPTY} 0:256 + Run Keyword And Expect Error * + ... Delete object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} + + + + # eacl_encoded_deny_all_user + Put object to NeoFS ${USER_KEY} ${FILE_S} ${CID} bearer_allow_all_user ${FILE_OTH_HEADER} + + Run Keyword And Expect Error * + ... Get object from NeoFS ${USER_KEY} ${CID} ${S_OID_USER_2} bearer_allow_all_user local_file_eacl + Get object from NeoFS ${USER_KEY} ${CID} ${S_OID_USER} bearer_allow_all_user local_file_eacl + Get Range ${USER_KEY} ${CID} ${S_OID_USER} s_get_range bearer_allow_all_user 0:256 + + + Search object ${USER_KEY} ${CID} ${EMPTY} bearer_allow_all_user ${FILE_USR_HEADER} @{S_OBJ_H} + Head object ${USER_KEY} ${CID} ${S_OID_USER} bearer_allow_all_user + + Delete object ${USER_KEY} ${CID} ${D_OID_USER} bearer_allow_all_user + + \ No newline at end of file diff --git a/robot/testsuites/integration/acl_extended_api2.robot b/robot/testsuites/integration/acl_extended_api2.robot new file mode 100644 index 00000000..44c239ec --- /dev/null +++ b/robot/testsuites/integration/acl_extended_api2.robot @@ -0,0 +1,481 @@ +*** Settings *** +Variables ../../variables/common.py + +Library Collections +Library ${RESOURCES}/environment.py +Library ${RESOURCES}/neo.py +Library ${RESOURCES}/neofs.py +Library ${RESOURCES}/payment_neogo.py + +*** Variables *** +${FILE_USR_HEADER} = key1=1,key2=abc +${FILE_USR_HEADER_DEL} = key1=del,key2=del +${FILE_OTH_HEADER} = key1=oth,key2=oth +${RULE_FOR_ALL} = REP 2 IN X CBF 1 SELECT 4 FROM * AS X + +*** Test cases *** +Extended ACL Operations + [Documentation] Testcase to validate NeoFS operations with extended ACL. + [Tags] ACL eACL NeoFS NeoCLI + [Timeout] 20 min + + Generate Keys + Generate file + Prepare eACL Role rules + + Check Actions + Check Filters + + + +*** Keywords *** + +Check Actions + Check eACL Deny and Allow All Other + Check eACL Deny and Allow All User + Check eACL Deny and Allow All System + + #https://github.com/nspcc-dev/neofs-node/issues/212 + #Check eACL Deny All Other and Allow All Pubkey + + +Check Filters + Check eACL MatchType String Equal + Check eACL MatchType String Not Equal + + +Check eACL MatchType String Equal + ${CID} = Create Container Public + ${S_OID_USER} = Put object to NeoFS ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER} + + ${HEADER} = Head object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} + &{SYS_HEADER_PARSED} = Parse Object System Header ${HEADER} + + Get object from NeoFS ${OTHER_KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl + + Log Set eACL for Deny GET operation with StringEqual Object ID + ${ID_value} = Get From Dictionary ${SYS_HEADER_PARSED} ID + ${EACL_CUSTOM} = Form eACL json file eacl_custom GET DENY STRING_EQUAL $Object:objectID ${ID_value} OTHERS + Set eACL ${USER_KEY} ${CID} ${EACL_CUSTOM} --await + Run Keyword And Expect Error * + ... Get object from NeoFS ${OTHER_KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl + + Log Set eACL for Deny GET operation with StringEqual Object Extended User Header + ${S_OID_USER_OTH} = Put object to NeoFS ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_OTH_HEADER} + ${EACL_CUSTOM} = Form eACL json file eacl_custom GET DENY STRING_EQUAL key1 1 OTHERS + Set eACL ${USER_KEY} ${CID} ${EACL_CUSTOM} --await + Run Keyword And Expect Error * + ... Get object from NeoFS ${OTHER_KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl + Get object from NeoFS ${OTHER_KEY} ${CID} ${S_OID_USER_OTH} ${EMPTY} local_file_eacl + + +# +Check eACL MatchType String Equal REMOVED TEMPORARY + Log Set eACL for Deny GET operation with StringEqual Object CID + ${CID_value} = Get From Dictionary ${SYS_HEADER_PARSED} CID + ${CID_value_hex} = Convert Str to Hex Str with Len ${CID_value} + Set custom eACL ${USER_KEY} ${CID} 00010000000200000001000100000002000000010003434944 ${CID_value_hex} 0001000000030000 + Sleep ${MORPH_BLOCK_TIMEOUT} + Run Keyword And Expect Error * + ... Get object from NeoFS ${OTHER_KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl + + + Log Set eACL for Deny GET operation with StringEqual Object OwnerID + ${OwnerID_value} = Get From Dictionary ${SYS_HEADER_PARSED} OwnerID + ${OwnerID_value_hex} = Convert Str to Hex Str with Len ${OwnerID_value} + Set custom eACL ${USER_KEY} ${CID} 000100000002000000010001000000020000000100084f574e45525f4944 ${OwnerID_value_hex} 0001000000030000 + Sleep ${MORPH_BLOCK_TIMEOUT} + Run Keyword And Expect Error * + ... Get object from NeoFS ${OTHER_KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl + + + Log Set eACL for Deny GET operation with StringEqual Object Version + ${Version_value} = Get From Dictionary ${SYS_HEADER_PARSED} Version + ${Version_value_hex} = Convert Str to Hex Str with Len ${Version_value} + Set custom eACL ${USER_KEY} ${CID} 0001000000020000000100010000000200000001000756455253494f4e ${Version_value_hex} 0001000000030000 + Sleep ${MORPH_BLOCK_TIMEOUT} + Run Keyword And Expect Error * + ... Get object from NeoFS ${OTHER_KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl + + + Log Set eACL for Deny GET operation with StringEqual Object PayloadLength + ${Payload_value} = Get From Dictionary ${SYS_HEADER_PARSED} PayloadLength + ${Payload_value_hex} = Convert Str to Hex Str with Len ${Payload_value} + Set custom eACL ${USER_KEY} ${CID} 0001000000020000000100010000000200000001000e5041594c4f41445f4c454e475448 ${Payload_value_hex} 0001000000030000 + Sleep ${MORPH_BLOCK_TIMEOUT} + Run Keyword And Expect Error * + ... Get object from NeoFS ${OTHER_KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl + + Log Set eACL for Deny GET operation with StringEqual Object CreatedAtUnixTime + ${AtUnixTime_value} = Get From Dictionary ${SYS_HEADER_PARSED} CreatedAtUnixTime + ${AtUnixTime_value_hex} = Convert Str to Hex Str with Len ${AtUnixTime_value} + Set custom eACL ${USER_KEY} ${CID} 0001000000020000000100010000000200000001000c435245415445445f554e4958 ${AtUnixTime_value_hex} 0001000000030000 + Sleep ${MORPH_BLOCK_TIMEOUT} + Run Keyword And Expect Error * + ... Get object from NeoFS ${OTHER_KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl + + + Log Set eACL for Deny GET operation with StringEqual Object CreatedAtEpoch + ${AtEpoch_value} = Get From Dictionary ${SYS_HEADER_PARSED} CreatedAtEpoch + ${AtEpoch_value_hex} = Convert Str to Hex Str with Len ${AtEpoch_value} + Set custom eACL ${USER_KEY} ${CID} 0001000000020000000100010000000200000001000d435245415445445f45504f4348 ${AtEpoch_value_hex} 0001000000030000 + Sleep ${MORPH_BLOCK_TIMEOUT} + Run Keyword And Expect Error * + ... Get object from NeoFS ${OTHER_KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl + + + + +Check eACL MatchType String Not Equal + ${CID} = Create Container Public + ${FILE_S_2} = Generate file of bytes 2048 + ${S_OID_USER} = Put object to NeoFS ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER} + # Sleep for 1 epoch + Sleep ${NEOFS_EPOCH_TIMEOUT} + ${S_OID_OTHER} = Put object to NeoFS ${OTHER_KEY} ${FILE_S_2} ${CID} ${EMPTY} ${FILE_OTH_HEADER} + ${HEADER} = Head object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} + Head object ${USER_KEY} ${CID} ${S_OID_OTHER} ${EMPTY} + &{SYS_HEADER_PARSED} = Parse Object System Header ${HEADER} + + Get object from NeoFS ${OTHER_KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl + Get object from NeoFS ${OTHER_KEY} ${CID} ${S_OID_OTHER} ${EMPTY} local_file_eacl + + + Log Set eACL for Deny GET operation with StringNotEqual Object ID + ${ID_value} = Get From Dictionary ${SYS_HEADER_PARSED} ID + ${EACL_CUSTOM} = Form eACL json file eacl_custom GET DENY STRING_NOT_EQUAL $Object:objectID ${ID_value} OTHERS + Set eACL ${USER_KEY} ${CID} ${EACL_CUSTOM} --await + Run Keyword And Expect Error * + ... Get object from NeoFS ${OTHER_KEY} ${CID} ${S_OID_OTHER} ${EMPTY} local_file_eacl + Get object from NeoFS ${OTHER_KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl + + + Log Set eACL for Deny GET operation with StringEqual Object Extended User Header + ${S_OID_USER_OTH} = Put object to NeoFS ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_OTH_HEADER} + ${EACL_CUSTOM} = Form eACL json file eacl_custom GET DENY STRING_NOT_EQUAL key1 1 OTHERS + Set eACL ${USER_KEY} ${CID} ${EACL_CUSTOM} --await + Run Keyword And Expect Error * + ... Get object from NeoFS ${OTHER_KEY} ${CID} ${S_OID_USER_OTH} ${EMPTY} local_file_eacl + Get object from NeoFS ${OTHER_KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl + + + + +# +Check eACL MatchType String Not Equal REMOVED TEMPORARY + + Log Set eACL for Deny GET operation with StringEqual Object CID + ${CID_value} = Get From Dictionary ${SYS_HEADER_PARSED} CID + ${CID_value_hex} = Convert Str to Hex Str with Len ${CID_value} + Set custom eACL ${USER_KEY} ${CID} 00010000000200000001000100000002000000020003434944 ${CID_value_hex} 0001000000030000 + Sleep ${MORPH_BLOCK_TIMEOUT} + Get object from NeoFS ${OTHER_KEY} ${CID} ${S_OID_OTHER} ${EMPTY} local_file_eacl + Get object from NeoFS ${OTHER_KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl + + + Log Set eACL for Deny GET operation with StringEqual Object OwnerID + ${OwnerID_value} = Get From Dictionary ${SYS_HEADER_PARSED} OwnerID + ${OwnerID_value_hex} = Convert Str to Hex Str with Len ${OwnerID_value} + Set custom eACL ${USER_KEY} ${CID} 000100000002000000010001000000020000000200084f574e45525f4944 ${OwnerID_value_hex} 0001000000030000 + Sleep ${MORPH_BLOCK_TIMEOUT} + Run Keyword And Expect Error * + ... Get object from NeoFS ${OTHER_KEY} ${CID} ${S_OID_OTHER} ${EMPTY} local_file_eacl + Get object from NeoFS ${OTHER_KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl + + + Log Set eACL for Deny GET operation with StringEqual Object Version + ${Version_value} = Get From Dictionary ${SYS_HEADER_PARSED} Version + ${Version_value_hex} = Convert Str to Hex Str with Len ${Version_value} + Set custom eACL ${USER_KEY} ${CID} 0001000000020000000100010000000200000002000756455253494f4e ${Version_value_hex} 0001000000030000 + Sleep ${MORPH_BLOCK_TIMEOUT} + Get object from NeoFS ${OTHER_KEY} ${CID} ${S_OID_OTHER} ${EMPTY} local_file_eacl + Get object from NeoFS ${OTHER_KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl + + + Log Set eACL for Deny GET operation with StringEqual Object PayloadLength + ${Payload_value} = Get From Dictionary ${SYS_HEADER_PARSED} PayloadLength + ${Payload_value_hex} = Convert Str to Hex Str with Len ${Payload_value} + Set custom eACL ${USER_KEY} ${CID} 0001000000020000000100010000000200000002000e5041594c4f41445f4c454e475448 ${Payload_value_hex} 0001000000030000 + Sleep ${MORPH_BLOCK_TIMEOUT} + Run Keyword And Expect Error * + ... Get object from NeoFS ${OTHER_KEY} ${CID} ${S_OID_OTHER} ${EMPTY} local_file_eacl + Get object from NeoFS ${OTHER_KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl + + Log Set eACL for Deny GET operation with StringEqual Object CreatedAtUnixTime + ${AtUnixTime_value} = Get From Dictionary ${SYS_HEADER_PARSED} CreatedAtUnixTime + ${AtUnixTime_value_hex} = Convert Str to Hex Str with Len ${AtUnixTime_value} + Set custom eACL ${USER_KEY} ${CID} 0001000000020000000100010000000200000002000c435245415445445f554e4958 ${AtUnixTime_value_hex} 0001000000030000 + Sleep ${MORPH_BLOCK_TIMEOUT} + Run Keyword And Expect Error * + ... Get object from NeoFS ${OTHER_KEY} ${CID} ${S_OID_OTHER} ${EMPTY} local_file_eacl + Get object from NeoFS ${OTHER_KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl + + + Log Set eACL for Deny GET operation with StringEqual Object CreatedAtEpoch + ${AtEpoch_value} = Get From Dictionary ${SYS_HEADER_PARSED} CreatedAtEpoch + ${AtEpoch_value_hex} = Convert Str to Hex Str with Len ${AtEpoch_value} + Set custom eACL ${USER_KEY} ${CID} 0001000000020000000100010000000200000002000d435245415445445f45504f4348 ${AtEpoch_value_hex} 0001000000030000 + Sleep ${MORPH_BLOCK_TIMEOUT} + Run Keyword And Expect Error * + ... Get object from NeoFS ${OTHER_KEY} ${CID} ${S_OID_OTHER} ${EMPTY} local_file_eacl + Get object from NeoFS ${OTHER_KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl + + + + +Generate Keys + ${WALLET} = Init wallet + Generate wallet ${WALLET} + ${ADDR} = Dump Address ${WALLET} + ${USER_KEY_GEN} = Dump PrivKey ${WALLET} ${ADDR} + + ${WALLET_OTH} = Init wallet + Generate wallet ${WALLET_OTH} + ${ADDR_OTH} = Dump Address ${WALLET_OTH} + ${OTHER_KEY_GEN} = Dump PrivKey ${WALLET_OTH} ${ADDR_OTH} + + + ${EACL_KEY_GEN} = Form WIF from String 782676b81a35c5f07325ec523e8521ee4946b6e5d4c6cd652dd0c3ba51ce03de + ${SYSTEM_KEY_GEN} = Form WIF from String c428b4a06f166fde9f8afcf918194acdde35aa2612ecf42fe0c94273425ded21 + ${SYSTEM_KEY_GEN_SN} = Form WIF from String 0fa21a94be2227916284e4b3495180d9c93d04f095fe9d5a86f22044f5c411d2 + + Set Global Variable ${USER_KEY} ${USER_KEY_GEN} + Set Global Variable ${OTHER_KEY} ${OTHER_KEY_GEN} + Set Global Variable ${SYSTEM_KEY} ${SYSTEM_KEY_GEN} + Set Global Variable ${SYSTEM_KEY_SN} ${SYSTEM_KEY_GEN_SN} + Set Global Variable ${EACL_KEY} ${EACL_KEY_GEN} + + Payment Operations ${WALLET} ${ADDR} ${USER_KEY} + Payment Operations ${WALLET_OTH} ${ADDR_OTH} ${OTHER_KEY} + + +Payment Operations + [Arguments] ${WALLET} ${ADDR} ${KEY} + + ${TX} = Transfer Mainnet Gas wallets/wallet.json NTrezR3C4X8aMLVg7vozt5wguyNfFhwuFx ${ADDR} 55 + Wait Until Keyword Succeeds 1 min 15 sec + ... Transaction accepted in block ${TX} + Get Transaction ${TX} + Expexted Mainnet Balance ${ADDR} 55 + + ${SCRIPT_HASH} = Get ScripHash ${KEY} + + ${TX_DEPOSIT} = NeoFS Deposit ${WALLET} ${ADDR} ${SCRIPT_HASH} 50 + Wait Until Keyword Succeeds 1 min 15 sec + ... Transaction accepted in block ${TX_DEPOSIT} + Get Transaction ${TX_DEPOSIT} + + + + +Create Container Public + Log Create Public Container + ${PUBLIC_CID_GEN} = Create container ${USER_KEY} 0x4FFFFFFF ${RULE_FOR_ALL} + [Return] ${PUBLIC_CID_GEN} + + +Generate file + # Generate small file + ${FILE_S_GEN} = Generate file of bytes 1024 + Set Global Variable ${FILE_S} ${FILE_S_GEN} + + +Prepare eACL Role rules + Log Set eACL for different Role cases + Set Global Variable ${EACL_DENY_ALL_OTHER} robot/resources/lib/eacl/eacl_encoded_deny_all + Set Global Variable ${EACL_ALLOW_ALL_OTHER} robot/resources/lib/eacl/eacl_encoded_allow_all + + Set Global Variable ${EACL_DENY_ALL_USER} robot/resources/lib/eacl/eacl_encoded_deny_all_user + Set Global Variable ${EACL_ALLOW_ALL_USER} robot/resources/lib/eacl/eacl_encoded_allow_all_user + + Set Global Variable ${EACL_DENY_ALL_SYSTEM} robot/resources/lib/eacl/eacl_encoded_deny_all_sys + Set Global Variable ${EACL_ALLOW_ALL_SYSTEM} robot/resources/lib/eacl/eacl_encoded_allow_all_sys + + Set Global Variable ${EACL_ALLOW_ALL_Pubkey} robot/resources/lib/eacl/eacl_encoded_allow_all_pubkey + + +Check eACL Deny and Allow All User + Check eACL Deny and Allow All ${USER_KEY} ${EACL_DENY_ALL_USER} ${EACL_ALLOW_ALL_USER} + + +Check eACL Deny and Allow All Other + Check eACL Deny and Allow All ${OTHER_KEY} ${EACL_DENY_ALL_OTHER} ${EACL_ALLOW_ALL_OTHER} + + +Check eACL Deny and Allow All System + ${CID} = Create Container Public + ${S_OID_USER} = Put object to NeoFS ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER} + ${D_OID_USER_S} = Put object to NeoFS ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER_DEL} + ${D_OID_USER_SN} = Put object to NeoFS ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER_DEL} + + @{S_OBJ_H} = Create List ${S_OID_USER} + + # By discussion, IR can not make any operations instead of HEAD, SEARCH and GET RANGE HASH at the current moment + Put object to NeoFS ${SYSTEM_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_OTH_HEADER} + Put object to NeoFS ${SYSTEM_KEY_SN} ${FILE_S} ${CID} ${EMPTY} ${FILE_OTH_HEADER} + + Get object from NeoFS ${SYSTEM_KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl + Get object from NeoFS ${SYSTEM_KEY_SN} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl + + Search object ${SYSTEM_KEY} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER} @{S_OBJ_H} + Search object ${SYSTEM_KEY_SN} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER} @{S_OBJ_H} + + + Head object ${SYSTEM_KEY} ${CID} ${S_OID_USER} ${EMPTY} + Head object ${SYSTEM_KEY_SN} ${CID} ${S_OID_USER} ${EMPTY} + + + Get Range ${SYSTEM_KEY} ${CID} ${S_OID_USER} s_get_range ${EMPTY} 0:256 + Get Range ${SYSTEM_KEY_SN} ${CID} ${S_OID_USER} s_get_range ${EMPTY} 0:256 + + Delete object ${SYSTEM_KEY} ${CID} ${D_OID_USER_S} ${EMPTY} + Delete object ${SYSTEM_KEY_SN} ${CID} ${D_OID_USER_SN} ${EMPTY} + + + Set eACL ${USER_KEY} ${CID} ${EACL_DENY_ALL_SYSTEM} + Sleep ${MORPH_BLOCK_TIMEOUT} + + + Run Keyword And Expect Error * + ... Put object to NeoFS ${SYSTEM_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_OTH_HEADER} + Run Keyword And Expect Error * + ... Put object to NeoFS ${SYSTEM_KEY_SN} ${FILE_S} ${CID} ${EMPTY} ${FILE_OTH_HEADER} + + Run Keyword And Expect Error * + ... Get object from NeoFS ${SYSTEM_KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl + Run Keyword And Expect Error * + ... Get object from NeoFS ${SYSTEM_KEY_SN} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl + + Run Keyword And Expect Error * + ... Search object ${SYSTEM_KEY} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER} @{S_OBJ_H} + Run Keyword And Expect Error * + ... Search object ${SYSTEM_KEY_SN} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER} @{S_OBJ_H} + + + Run Keyword And Expect Error * + ... Head object ${SYSTEM_KEY} ${CID} ${S_OID_USER} ${EMPTY} + Run Keyword And Expect Error * + ... Head object ${SYSTEM_KEY_SN} ${CID} ${S_OID_USER} ${EMPTY} + + Run Keyword And Expect Error * + ... Get Range ${SYSTEM_KEY} ${CID} ${S_OID_USER} s_get_range ${EMPTY} 0:256 + Run Keyword And Expect Error * + ... Get Range ${SYSTEM_KEY_SN} ${CID} ${S_OID_USER} s_get_range ${EMPTY} 0:256 + + Run Keyword And Expect Error * + ... Delete object ${SYSTEM_KEY} ${CID} ${S_OID_USER} ${EMPTY} + Run Keyword And Expect Error * + ... Delete object ${SYSTEM_KEY_SN} ${CID} ${S_OID_USER} ${EMPTY} + + + Set eACL ${USER_KEY} ${CID} ${EACL_ALLOW_ALL_SYSTEM} + Sleep ${MORPH_BLOCK_TIMEOUT} + + ${D_OID_USER_S} = Put object to NeoFS ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER_DEL} + ${D_OID_USER_SN} = Put object to NeoFS ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER_DEL} + + + Put object to NeoFS ${SYSTEM_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_OTH_HEADER} + Put object to NeoFS ${SYSTEM_KEY_SN} ${FILE_S} ${CID} ${EMPTY} ${FILE_OTH_HEADER} + + Get object from NeoFS ${SYSTEM_KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl + Get object from NeoFS ${SYSTEM_KEY_SN} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl + + Search object ${SYSTEM_KEY} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER} @{S_OBJ_H} + Search object ${SYSTEM_KEY_SN} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER} @{S_OBJ_H} + + Head object ${SYSTEM_KEY} ${CID} ${S_OID_USER} ${EMPTY} + Head object ${SYSTEM_KEY_SN} ${CID} ${S_OID_USER} ${EMPTY} + + Get Range ${SYSTEM_KEY} ${CID} ${S_OID_USER} s_get_range ${EMPTY} 0:256 + Get Range ${SYSTEM_KEY_SN} ${CID} ${S_OID_USER} s_get_range ${EMPTY} 0:256 + + Delete object ${SYSTEM_KEY} ${CID} ${D_OID_USER_S} ${EMPTY} + Delete object ${SYSTEM_KEY_SN} ${CID} ${D_OID_USER_SN} ${EMPTY} + + + +Check eACL Deny All Other and Allow All Pubkey + + ${CID} = Create Container Public + ${S_OID_USER} = Put object to NeoFS ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER} + ${D_OID_USER} = Put object to NeoFS ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER_DEL} + @{S_OBJ_H} = Create List ${S_OID_USER} + + Put object to NeoFS ${EACL_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_OTH_HEADER} + Get object from NeoFS ${EACL_KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl + Search object ${EACL_KEY} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER} @{S_OBJ_H} + Head object ${EACL_KEY} ${CID} ${S_OID_USER} ${EMPTY} + Get Range ${EACL_KEY} ${CID} ${S_OID_USER} s_get_range ${EMPTY} 0:256 + Delete object ${EACL_KEY} ${CID} ${D_OID_USER} ${EMPTY} + + Set eACL ${USER_KEY} ${CID} ${EACL_ALLOW_ALL_Pubkey} + Sleep ${MORPH_BLOCK_TIMEOUT} + + Run Keyword And Expect Error * + ... Put object to NeoFS ${OTHER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER} + Run Keyword And Expect Error * + ... Get object from NeoFS ${OTHER_KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl + Run Keyword And Expect Error * + ... Search object ${OTHER_KEY} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER} @{S_OBJ_H} + Run Keyword And Expect Error * + ... Head object ${OTHER_KEY} ${CID} ${S_OID_USER} ${EMPTY} + Run Keyword And Expect Error * + ... Get Range ${OTHER_KEY} ${CID} ${S_OID_USER} s_get_range ${EMPTY} 0:256 + Run Keyword And Expect Error * + ... Delete object ${OTHER_KEY} ${CID} ${S_OID_USER} ${EMPTY} + + Put object to NeoFS ${EACL_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_OTH_HEADER} + Get object from NeoFS ${EACL_KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl + Search object ${EACL_KEY} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER} @{S_OBJ_H} + Head object ${EACL_KEY} ${CID} ${S_OID_USER} ${EMPTY} + Get Range ${EACL_KEY} ${CID} ${S_OID_USER} s_get_range ${EMPTY} 0:256 + Delete object ${EACL_KEY} ${CID} ${D_OID_USER} ${EMPTY} + + +Check eACL Deny and Allow All + [Arguments] ${KEY} ${DENY_EACL} ${ALLOW_EACL} + + ${CID} = Create Container Public + ${S_OID_USER} = Put object to NeoFS ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER} + ${D_OID_USER} = Put object to NeoFS ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER_DEL} + @{S_OBJ_H} = Create List ${S_OID_USER} + + Put object to NeoFS ${KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_OTH_HEADER} + + Get object from NeoFS ${KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl + Search object ${KEY} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER} @{S_OBJ_H} + Head object ${KEY} ${CID} ${S_OID_USER} ${EMPTY} + + + Get Range ${KEY} ${CID} ${S_OID_USER} s_get_range ${EMPTY} 0:256 + Delete object ${KEY} ${CID} ${D_OID_USER} ${EMPTY} + + Set eACL ${USER_KEY} ${CID} ${DENY_EACL} + Sleep ${MORPH_BLOCK_TIMEOUT} + + Run Keyword And Expect Error * + ... Put object to NeoFS ${KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER} + Run Keyword And Expect Error * + ... Get object from NeoFS ${KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl + Run Keyword And Expect Error * + ... Search object ${KEY} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER} @{S_OBJ_H} + Run Keyword And Expect Error * + ... Head object ${KEY} ${CID} ${S_OID_USER} ${EMPTY} + Run Keyword And Expect Error * + ... Get Range ${KEY} ${CID} ${S_OID_USER} s_get_range ${EMPTY} 0:256 + Run Keyword And Expect Error * + ... Delete object ${KEY} ${CID} ${S_OID_USER} ${EMPTY} + + + Set eACL ${USER_KEY} ${CID} ${ALLOW_EACL} + Sleep ${MORPH_BLOCK_TIMEOUT} + + + Put object to NeoFS ${KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_OTH_HEADER} + Get object from NeoFS ${KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl + Search object ${KEY} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER} @{S_OBJ_H} + Head object ${KEY} ${CID} ${S_OID_USER} ${EMPTY} + Get Range ${KEY} ${CID} ${S_OID_USER} s_get_range ${EMPTY} 0:256 + Delete object ${KEY} ${CID} ${S_OID_USER} ${EMPTY} + diff --git a/robot/testsuites/integration/object_complex_api2.robot b/robot/testsuites/integration/object_complex_api2.robot index efab2bcb..a670e5d3 100644 --- a/robot/testsuites/integration/object_complex_api2.robot +++ b/robot/testsuites/integration/object_complex_api2.robot @@ -9,7 +9,8 @@ Library ${RESOURCES}/assertions.py Library ${RESOURCES}/neo.py *** Variables *** -${FILE_USR_HEADER} = key1=1,key2=abc +${FILE_USR_HEADER} = key1=1,key2=abc +${FILE_USR_HEADER_OTH} = key1=2 *** Test cases *** @@ -51,9 +52,11 @@ NeoFS Simple Object Operations ${S_OID} = Put object to NeoFS ${PRIV_KEY} ${FILE} ${CID} ${EMPTY} ${EMPTY} ${H_OID} = Put object to NeoFS ${PRIV_KEY} ${FILE} ${CID} ${EMPTY} ${FILE_USR_HEADER} + ${H_OID_OTH} = Put object to NeoFS ${PRIV_KEY} ${FILE} ${CID} ${EMPTY} ${FILE_USR_HEADER_OTH} Validate storage policy for object ${PRIV_KEY} 2 ${CID} ${S_OID} Validate storage policy for object ${PRIV_KEY} 2 ${CID} ${H_OID} + Validate storage policy for object ${PRIV_KEY} 2 ${CID} ${H_OID_OTH} # @{Link_obj_S} = Verify linked objects ${PRIV_KEY} ${CID} ${S_OID} ${SIZE} @@ -67,17 +70,25 @@ NeoFS Simple Object Operations - @{S_OBJ_ALL} = Create List ${S_OID} ${H_OID} + @{S_OBJ_ALL} = Create List ${S_OID} ${H_OID} ${H_OID_OTH} @{S_OBJ_H} = Create List ${H_OID} + @{S_OBJ_H_OTH} = Create List ${H_OID_OTH} Get object from NeoFS ${PRIV_KEY} ${CID} ${S_OID} ${EMPTY} s_file_read - Get object from NeoFS ${PRIV_KEY} ${CID} ${S_OID} ${EMPTY} h_file_read + Get object from NeoFS ${PRIV_KEY} ${CID} ${H_OID} ${EMPTY} h_file_read Verify file hash s_file_read ${FILE_HASH} Verify file hash h_file_read ${FILE_HASH} + Get Range Hash ${PRIV_KEY} ${CID} ${S_OID} ${EMPTY} 0:10 + Get Range Hash ${PRIV_KEY} ${CID} ${H_OID} ${EMPTY} 0:10 + + Get Range ${PRIV_KEY} ${CID} ${S_OID} s_get_range ${EMPTY} 0:10 + Get Range ${PRIV_KEY} ${CID} ${H_OID} h_get_range ${EMPTY} 0:10 + Search object ${PRIV_KEY} ${CID} --root ${EMPTY} ${EMPTY} @{S_OBJ_ALL} - Search object ${PRIV_KEY} ${CID} --root ${EMPTY} ${FILE_USR_HEADER} @{S_OBJ_H} + Search object ${PRIV_KEY} ${CID} --root ${EMPTY} ${FILE_USR_HEADER} @{S_OBJ_H} + Search object ${PRIV_KEY} ${CID} --root ${EMPTY} ${FILE_USR_HEADER_OTH} @{S_OBJ_H_OTH} Head object ${PRIV_KEY} ${CID} ${S_OID} ${EMPTY} Head object ${PRIV_KEY} ${CID} ${H_OID} ${EMPTY} ${FILE_USR_HEADER} @@ -96,6 +107,8 @@ NeoFS Simple Object Operations Cleanup File ${FILE} Cleanup File s_file_read Cleanup File h_file_read + Cleanup File s_get_range + Cleanup File h_get_range # 4.86192020 diff --git a/robot/testsuites/integration/object_simple_api2.robot b/robot/testsuites/integration/object_simple_api2.robot index cd35db47..d870c6e2 100644 --- a/robot/testsuites/integration/object_simple_api2.robot +++ b/robot/testsuites/integration/object_simple_api2.robot @@ -2,15 +2,14 @@ Variables ../../variables/common.py Library ${RESOURCES}/environment.py -Library ${RESOURCES}/neo.py Library ${RESOURCES}/neofs.py Library ${RESOURCES}/payment_neogo.py Library ${RESOURCES}/assertions.py Library ${RESOURCES}/neo.py *** Variables *** -${FILE_USR_HEADER} = key1=1,key2=abc - +${FILE_USR_HEADER} = key1=1,key2=abc +${FILE_USR_HEADER_OTH} = key1=2 *** Test cases *** NeoFS Simple Object Operations @@ -50,27 +49,37 @@ NeoFS Simple Object Operations ${S_OID} = Put object to NeoFS ${PRIV_KEY} ${FILE} ${CID} ${EMPTY} ${EMPTY} ${H_OID} = Put object to NeoFS ${PRIV_KEY} ${FILE} ${CID} ${EMPTY} ${FILE_USR_HEADER} + ${H_OID_OTH} = Put object to NeoFS ${PRIV_KEY} ${FILE} ${CID} ${EMPTY} ${FILE_USR_HEADER_OTH} Validate storage policy for object ${PRIV_KEY} 2 ${CID} ${S_OID} Validate storage policy for object ${PRIV_KEY} 2 ${CID} ${H_OID} + Validate storage policy for object ${PRIV_KEY} 2 ${CID} ${H_OID_OTH} - @{S_OBJ_ALL} = Create List ${S_OID} ${H_OID} + @{S_OBJ_ALL} = Create List ${S_OID} ${H_OID} ${H_OID_OTH} @{S_OBJ_H} = Create List ${H_OID} + @{S_OBJ_H_OTH} = Create List ${H_OID_OTH} Get object from NeoFS ${PRIV_KEY} ${CID} ${S_OID} ${EMPTY} s_file_read - Get object from NeoFS ${PRIV_KEY} ${CID} ${S_OID} ${EMPTY} h_file_read + Get object from NeoFS ${PRIV_KEY} ${CID} ${H_OID} ${EMPTY} h_file_read Verify file hash s_file_read ${FILE_HASH} Verify file hash h_file_read ${FILE_HASH} - Search object ${PRIV_KEY} ${CID} ${EMPTY} ${EMPTY} ${EMPTY} @{S_OBJ_ALL} - Search object ${PRIV_KEY} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER} @{S_OBJ_H} - + Get Range Hash ${PRIV_KEY} ${CID} ${S_OID} ${EMPTY} 0:10 + Get Range Hash ${PRIV_KEY} ${CID} ${H_OID} ${EMPTY} 0:10 + + Get Range ${PRIV_KEY} ${CID} ${S_OID} s_get_range ${EMPTY} 0:10 + Get Range ${PRIV_KEY} ${CID} ${H_OID} h_get_range ${EMPTY} 0:10 + + Search object ${PRIV_KEY} ${CID} ${EMPTY} ${EMPTY} ${EMPTY} @{S_OBJ_ALL} + Search object ${PRIV_KEY} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER} @{S_OBJ_H} + Search object ${PRIV_KEY} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER_OTH} @{S_OBJ_H_OTH} + Head object ${PRIV_KEY} ${CID} ${S_OID} ${EMPTY} Head object ${PRIV_KEY} ${CID} ${H_OID} ${EMPTY} ${FILE_USR_HEADER} Delete object ${PRIV_KEY} ${CID} ${S_OID} ${EMPTY} - Delete object ${PRIV_KEY} ${CID} ${S_OID} ${EMPTY} + Delete object ${PRIV_KEY} ${CID} ${H_OID} ${EMPTY} #Verify Head tombstone ${PRIV_KEY} ${CID} ${S_OID} Sleep 2min @@ -84,6 +93,8 @@ NeoFS Simple Object Operations Cleanup File ${FILE} Cleanup File s_file_read Cleanup File h_file_read + Cleanup File s_get_range + Cleanup File h_get_range # 4.86192020