From fb5da3dc214b505b2bd9396f1d5e1b212d1f394d Mon Sep 17 00:00:00 2001 From: anatoly-bogatyrev <45566606+anatoly-bogatyrev@users.noreply.github.com> Date: Tue, 29 Dec 2020 22:55:33 +0300 Subject: [PATCH] Feature/acl extension operations (#17) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - Add bearer token coverage with the request filter #8 - Add eACL coverage with the request filter #9 - Add Bearer token coverage of the case with different permissions for operations in the complex operations #15 (Check Сompound Operations) - Add eACL token coverage of the case with different permissions for operations in the complex operations - Add latest nodes and services logs to the artifacts in case of failure #10 - Prepare neofs-testcases repository for the public #11 - new eACL and bearer token generation by rules. - Readme update - Fixes and additional extensions of the existed test cases - Large file size has been changed from 20mb to 10mb --- README.md | 4 +- .../resources/lib/eacl/eacl_encoded_allow_all | 69 --- .../lib/eacl/eacl_encoded_allow_all_pubkey | 132 ----- .../lib/eacl/eacl_encoded_allow_all_sys | 68 --- .../lib/eacl/eacl_encoded_allow_all_user | 68 --- .../resources/lib/eacl/eacl_encoded_deny_all | 68 --- .../lib/eacl/eacl_encoded_deny_all_sys | 68 --- .../lib/eacl/eacl_encoded_deny_all_user | 68 --- .../lib/eacl/eacl_encoded_deny_filter | 21 - .../lib/eacl/eacl_encoded_deny_filter_check | 68 --- robot/resources/lib/neofs.py | 435 ++++---------- robot/resources/lib/neofs_int_vars.py | 3 +- robot/resources/lib/payment_neogo.py | 12 +- robot/resources/lib/selectelcdn_smoke_vars.py | 3 +- robot/testsuites/integration/acl_basic.robot | 38 +- robot/testsuites/integration/acl_bearer.robot | 561 +++++++++++++++--- .../testsuites/integration/acl_extended.robot | 408 +++++++++++-- robot/testsuites/integration/http_gate.robot | 27 +- .../integration/netmap_simple.robot | 6 +- .../integration/object_complex.robot | 13 +- .../integration/object_simple.robot | 7 +- .../testsuites/integration/replication.robot | 6 +- robot/testsuites/integration/s3_gate.robot | 14 +- robot/testsuites/integration/withdraw.robot | 12 +- 24 files changed, 1028 insertions(+), 1151 deletions(-) delete mode 100755 robot/resources/lib/eacl/eacl_encoded_allow_all delete mode 100755 robot/resources/lib/eacl/eacl_encoded_allow_all_pubkey delete mode 100755 robot/resources/lib/eacl/eacl_encoded_allow_all_sys delete mode 100755 robot/resources/lib/eacl/eacl_encoded_allow_all_user delete mode 100755 robot/resources/lib/eacl/eacl_encoded_deny_all delete mode 100755 robot/resources/lib/eacl/eacl_encoded_deny_all_sys delete mode 100755 robot/resources/lib/eacl/eacl_encoded_deny_all_user delete mode 100755 robot/resources/lib/eacl/eacl_encoded_deny_filter delete mode 100755 robot/resources/lib/eacl/eacl_encoded_deny_filter_check diff --git a/README.md b/README.md index baf696c..9ee191a 100644 --- a/README.md +++ b/README.md @@ -35,7 +35,7 @@ In this case, dev-env should be running with the tested environment. ### Running an arbitrary test case To run an arbitrary testcase, you need to run the command: -`robot --timestampoutputs --outputdir artifacts/ robot/testsuites/integration/.robot ` +`robot --outputdir artifacts/ robot/testsuites/integration/.robot ` The following scripts are available for execution: @@ -76,7 +76,7 @@ Dev-env is not needed. But you need to install neo-go. - `make` - `sudo cp bin/neo-go /usr/local/bin/neo-go` or add alias path to bin/neo-go -3. To run smoke test: `robot --timestampoutputs --outputdir artifacts/ robot/testsuites/smoke/selectelcdn_smoke.robot` +3. To run smoke test: `robot --outputdir artifacts/ robot/testsuites/smoke/selectelcdn_smoke.robot` ## Generation of documentation diff --git a/robot/resources/lib/eacl/eacl_encoded_allow_all b/robot/resources/lib/eacl/eacl_encoded_allow_all deleted file mode 100755 index ff2631e..0000000 --- a/robot/resources/lib/eacl/eacl_encoded_allow_all +++ /dev/null @@ -1,69 +0,0 @@ -{ - "records": [ - { - "operation": "GET", - "action": "ALLOW", - "targets": [ - { - "role": "OTHERS" - } - ] - }, - { - "operation": "HEAD", - "action": "ALLOW", - "targets": [ - { - "role": "OTHERS" - } - ] - }, - { - "operation": "PUT", - "action": "ALLOW", - "targets": [ - { - "role": "OTHERS" - } - ] - }, - { - "operation": "DELETE", - "action": "ALLOW", - "targets": [ - { - "role": "OTHERS" - } - ] - }, - { - "operation": "SEARCH", - "action": "ALLOW", - "targets": [ - { - "role": "OTHERS" - } - ] - }, - { - "operation": "GETRANGE", - "action": "ALLOW", - "targets": [ - { - "role": "OTHERS" - } - ] - }, - { - "operation": "GETRANGEHASH", - "action": "ALLOW", - "targets": [ - { - "role": "OTHERS" - } - ] - } - ] -} - - diff --git a/robot/resources/lib/eacl/eacl_encoded_allow_all_pubkey b/robot/resources/lib/eacl/eacl_encoded_allow_all_pubkey deleted file mode 100755 index 7b6774e..0000000 --- a/robot/resources/lib/eacl/eacl_encoded_allow_all_pubkey +++ /dev/null @@ -1,132 +0,0 @@ -{ - "records": [ - { - "operation": "GET", - "action": "ALLOW", - "targets": [ - { - "keys": [ "A9tDy6Ye+UimXCCzJrlAmRE0FDZHjf3XRyya9rELtgAA" ] - } - ] - }, - { - "operation": "HEAD", - "action": "ALLOW", - "targets": [ - { - "keys": [ "A9tDy6Ye+UimXCCzJrlAmRE0FDZHjf3XRyya9rELtgAA" ] - } - ] - }, - { - "operation": "PUT", - "action": "ALLOW", - "targets": [ - { - "keys": [ "A9tDy6Ye+UimXCCzJrlAmRE0FDZHjf3XRyya9rELtgAA" ] - } - ] - }, - { - "operation": "DELETE", - "action": "ALLOW", - "targets": [ - { - "keys": [ "A9tDy6Ye+UimXCCzJrlAmRE0FDZHjf3XRyya9rELtgAA" ] - } - ] - }, - { - "operation": "SEARCH", - "action": "ALLOW", - "targets": [ - { - "keys": [ "A9tDy6Ye+UimXCCzJrlAmRE0FDZHjf3XRyya9rELtgAA" ] - } - ] - }, - { - "operation": "GETRANGE", - "action": "ALLOW", - "targets": [ - { - "keys": [ "A9tDy6Ye+UimXCCzJrlAmRE0FDZHjf3XRyya9rELtgAA" ] - } - ] - }, - { - "operation": "GETRANGEHASH", - "action": "ALLOW", - "targets": [ - { - "keys": [ "A9tDy6Ye+UimXCCzJrlAmRE0FDZHjf3XRyya9rELtgAA" ] - } - ] - }, - { - "operation": "GET", - "action": "DENY", - "targets": [ - { - "role": "OTHERS" - } - ] - }, - { - "operation": "HEAD", - "action": "DENY", - "targets": [ - { - "role": "OTHERS" - } - ] - }, - { - "operation": "PUT", - "action": "DENY", - "targets": [ - { - "role": "OTHERS" - } - ] - }, - { - "operation": "DELETE", - "action": "DENY", - "targets": [ - { - "role": "OTHERS" - } - ] - }, - { - "operation": "SEARCH", - "action": "DENY", - "targets": [ - { - "role": "OTHERS" - } - ] - }, - { - "operation": "GETRANGE", - "action": "DENY", - "targets": [ - { - "role": "OTHERS" - } - ] - }, - { - "operation": "GETRANGEHASH", - "action": "DENY", - "targets": [ - { - "role": "OTHERS" - } - ] - } - - ] -} - diff --git a/robot/resources/lib/eacl/eacl_encoded_allow_all_sys b/robot/resources/lib/eacl/eacl_encoded_allow_all_sys deleted file mode 100755 index ab8d9cd..0000000 --- a/robot/resources/lib/eacl/eacl_encoded_allow_all_sys +++ /dev/null @@ -1,68 +0,0 @@ -{ - "records": [ - { - "operation": "GET", - "action": "ALLOW", - "targets": [ - { - "role": "SYSTEM" - } - ] - }, - { - "operation": "HEAD", - "action": "ALLOW", - "targets": [ - { - "role": "SYSTEM" - } - ] - }, - { - "operation": "PUT", - "action": "ALLOW", - "targets": [ - { - "role": "SYSTEM" - } - ] - }, - { - "operation": "DELETE", - "action": "ALLOW", - "targets": [ - { - "role": "SYSTEM" - } - ] - }, - { - "operation": "SEARCH", - "action": "ALLOW", - "targets": [ - { - "role": "SYSTEM" - } - ] - }, - { - "operation": "GETRANGE", - "action": "ALLOW", - "targets": [ - { - "role": "SYSTEM" - } - ] - }, - { - "operation": "GETRANGEHASH", - "action": "ALLOW", - "targets": [ - { - "role": "SYSTEM" - } - ] - } - ] -} - diff --git a/robot/resources/lib/eacl/eacl_encoded_allow_all_user b/robot/resources/lib/eacl/eacl_encoded_allow_all_user deleted file mode 100755 index 1186a55..0000000 --- a/robot/resources/lib/eacl/eacl_encoded_allow_all_user +++ /dev/null @@ -1,68 +0,0 @@ -{ - "records": [ - { - "operation": "GET", - "action": "ALLOW", - "targets": [ - { - "role": "USER" - } - ] - }, - { - "operation": "HEAD", - "action": "ALLOW", - "targets": [ - { - "role": "USER" - } - ] - }, - { - "operation": "PUT", - "action": "ALLOW", - "targets": [ - { - "role": "USER" - } - ] - }, - { - "operation": "DELETE", - "action": "ALLOW", - "targets": [ - { - "role": "USER" - } - ] - }, - { - "operation": "SEARCH", - "action": "ALLOW", - "targets": [ - { - "role": "USER" - } - ] - }, - { - "operation": "GETRANGE", - "action": "ALLOW", - "targets": [ - { - "role": "USER" - } - ] - }, - { - "operation": "GETRANGEHASH", - "action": "ALLOW", - "targets": [ - { - "role": "USER" - } - ] - } - ] -} - diff --git a/robot/resources/lib/eacl/eacl_encoded_deny_all b/robot/resources/lib/eacl/eacl_encoded_deny_all deleted file mode 100755 index 5e63d2b..0000000 --- a/robot/resources/lib/eacl/eacl_encoded_deny_all +++ /dev/null @@ -1,68 +0,0 @@ -{ - "records": [ - { - "operation": "GET", - "action": "DENY", - "targets": [ - { - "role": "OTHERS" - } - ] - }, - { - "operation": "HEAD", - "action": "DENY", - "targets": [ - { - "role": "OTHERS" - } - ] - }, - { - "operation": "PUT", - "action": "DENY", - "targets": [ - { - "role": "OTHERS" - } - ] - }, - { - "operation": "DELETE", - "action": "DENY", - "targets": [ - { - "role": "OTHERS" - } - ] - }, - { - "operation": "SEARCH", - "action": "DENY", - "targets": [ - { - "role": "OTHERS" - } - ] - }, - { - "operation": "GETRANGE", - "action": "DENY", - "targets": [ - { - "role": "OTHERS" - } - ] - }, - { - "operation": "GETRANGEHASH", - "action": "DENY", - "targets": [ - { - "role": "OTHERS" - } - ] - } - ] -} - diff --git a/robot/resources/lib/eacl/eacl_encoded_deny_all_sys b/robot/resources/lib/eacl/eacl_encoded_deny_all_sys deleted file mode 100755 index 83e31f9..0000000 --- a/robot/resources/lib/eacl/eacl_encoded_deny_all_sys +++ /dev/null @@ -1,68 +0,0 @@ -{ - "records": [ - { - "operation": "GET", - "action": "DENY", - "targets": [ - { - "role": "SYSTEM" - } - ] - }, - { - "operation": "HEAD", - "action": "DENY", - "targets": [ - { - "role": "SYSTEM" - } - ] - }, - { - "operation": "PUT", - "action": "DENY", - "targets": [ - { - "role": "SYSTEM" - } - ] - }, - { - "operation": "DELETE", - "action": "DENY", - "targets": [ - { - "role": "SYSTEM" - } - ] - }, - { - "operation": "SEARCH", - "action": "DENY", - "targets": [ - { - "role": "SYSTEM" - } - ] - }, - { - "operation": "GETRANGE", - "action": "DENY", - "targets": [ - { - "role": "SYSTEM" - } - ] - }, - { - "operation": "GETRANGEHASH", - "action": "DENY", - "targets": [ - { - "role": "SYSTEM" - } - ] - } - ] -} - diff --git a/robot/resources/lib/eacl/eacl_encoded_deny_all_user b/robot/resources/lib/eacl/eacl_encoded_deny_all_user deleted file mode 100755 index 05dde4c..0000000 --- a/robot/resources/lib/eacl/eacl_encoded_deny_all_user +++ /dev/null @@ -1,68 +0,0 @@ -{ - "records": [ - { - "operation": "GET", - "action": "DENY", - "targets": [ - { - "role": "USER" - } - ] - }, - { - "operation": "HEAD", - "action": "DENY", - "targets": [ - { - "role": "USER" - } - ] - }, - { - "operation": "PUT", - "action": "DENY", - "targets": [ - { - "role": "USER" - } - ] - }, - { - "operation": "DELETE", - "action": "DENY", - "targets": [ - { - "role": "USER" - } - ] - }, - { - "operation": "SEARCH", - "action": "DENY", - "targets": [ - { - "role": "USER" - } - ] - }, - { - "operation": "GETRANGE", - "action": "DENY", - "targets": [ - { - "role": "USER" - } - ] - }, - { - "operation": "GETRANGEHASH", - "action": "DENY", - "targets": [ - { - "role": "USER" - } - ] - } - ] -} - diff --git a/robot/resources/lib/eacl/eacl_encoded_deny_filter b/robot/resources/lib/eacl/eacl_encoded_deny_filter deleted file mode 100755 index 90b2c28..0000000 --- a/robot/resources/lib/eacl/eacl_encoded_deny_filter +++ /dev/null @@ -1,21 +0,0 @@ -{ - "records": [ - { - "operation": "GET", - "action": "DENY", - "filters": [ - { - "headerType": "OBJECT", - "matchType": "STRING_NOT_EQUAL", - "key": "$Object:objectID", - "value": "X" - } - ], - "targets": [ - { - "role": "OTHERS" - } - ] - } - ] -} diff --git a/robot/resources/lib/eacl/eacl_encoded_deny_filter_check b/robot/resources/lib/eacl/eacl_encoded_deny_filter_check deleted file mode 100755 index 5e63d2b..0000000 --- a/robot/resources/lib/eacl/eacl_encoded_deny_filter_check +++ /dev/null @@ -1,68 +0,0 @@ -{ - "records": [ - { - "operation": "GET", - "action": "DENY", - "targets": [ - { - "role": "OTHERS" - } - ] - }, - { - "operation": "HEAD", - "action": "DENY", - "targets": [ - { - "role": "OTHERS" - } - ] - }, - { - "operation": "PUT", - "action": "DENY", - "targets": [ - { - "role": "OTHERS" - } - ] - }, - { - "operation": "DELETE", - "action": "DENY", - "targets": [ - { - "role": "OTHERS" - } - ] - }, - { - "operation": "SEARCH", - "action": "DENY", - "targets": [ - { - "role": "OTHERS" - } - ] - }, - { - "operation": "GETRANGE", - "action": "DENY", - "targets": [ - { - "role": "OTHERS" - } - ] - }, - { - "operation": "GETRANGEHASH", - "action": "DENY", - "targets": [ - { - "role": "OTHERS" - } - ] - } - ] -} - diff --git a/robot/resources/lib/neofs.py b/robot/resources/lib/neofs.py index be3be6e..f84b912 100644 --- a/robot/resources/lib/neofs.py +++ b/robot/resources/lib/neofs.py @@ -13,6 +13,7 @@ import base64 import base58 import docker import json +import tarfile if os.getenv('ROBOT_PROFILE') == 'selectel_smoke': from selectelcdn_smoke_vars import (NEOGO_CLI_PREFIX, NEO_MAINNET_ENDPOINT, @@ -166,7 +167,7 @@ def get_eacl(private_key: str, cid: str): except subprocess.CalledProcessError as e: if re.search(r'extended ACL table is not set for this container', e.output): - logger.info("Server is not presented in container.") + logger.info("Extended ACL table is not set for this container.") else: raise Exception("command '{}' return with error (code {}): {}".format(e.cmd, e.returncode, e.output)) @@ -184,329 +185,99 @@ def set_eacl(private_key: str, cid: str, eacl: str, add_keys: str = ""): -@keyword('Form BearerToken file for all ops') -def form_bearertoken_file_for_all_ops(file_name: str, private_key: str, cid: str, action: str, target_role: str, lifetime_exp: str ): - +@keyword('Form BearerToken file') +def form_bearertoken_file(private_key: str, cid: str, file_name: str, eacl_oper_list, lifetime_exp: str ): + + cid_base58_b = base58.b58decode(cid) + cid_base64 = base64.b64encode(cid_base58_b).decode("utf-8") eacl = get_eacl(private_key, cid) - input_records = "" + json_eacl = {} + + if eacl: + res_json = re.split(r'[\s\n]+Signature:', eacl) + input_eacl = res_json[0].replace('eACL: ', '') + json_eacl = json.loads(input_eacl) + + eacl_result = {"body":{ "eaclTable": { "containerID": { "value": cid_base64 }, "records": [] }, "lifetime": {"exp": lifetime_exp, "nbf": "1", "iat": "0"} } } + + if eacl_oper_list: + for record in eacl_oper_list: + op_data = dict() + + if record['Role'] == "USER" or record['Role'] == "SYSTEM" or record['Role'] == "OTHERS": + op_data = {"operation":record['Operation'],"action":record['Access'],"filters": [],"targets":[{"role":record['Role']}]} + else: + op_data = {"operation":record['Operation'],"action":record['Access'],"filters": [],"targets":[{"keys": [ record['Role'] ]}]} + + if 'Filters' in record.keys(): + op_data["filters"].append(record['Filters']) + + eacl_result["body"]["eaclTable"]["records"].append(op_data) + + # Add records from current eACL + if "records" in json_eacl.keys(): + for record in json_eacl["records"]: + eacl_result["body"]["eaclTable"]["records"].append(record) + + with open(file_name, 'w', encoding='utf-8') as f: + json.dump(eacl_result, f, ensure_ascii=False, indent=4) + + logger.info(eacl_result) + + # Sign bearer token + Cmd = f'neofs-cli util sign bearer-token --from {file_name} --to {file_name} --key {private_key} --json' + logger.info("Cmd: %s" % Cmd) + + try: + complProc = subprocess.run(Cmd, check=True, universal_newlines=True, + stdout=subprocess.PIPE, stderr=subprocess.PIPE, timeout=15, shell=True) + output = complProc.stdout + logger.info("Output: %s" % str(output)) + except subprocess.CalledProcessError as e: + raise Exception("command '{}' return with error (code {}): {}".format(e.cmd, e.returncode, e.output)) + + return file_name + + + +@keyword('Form eACL json common file') +def form_eacl_json_common_file(file_name, eacl_oper_list ): + # Input role can be Role (USER, SYSTEM, OTHERS) or public key. - cid_base58_b = base58.b58decode(cid) - cid_base64 = base64.b64encode(cid_base58_b).decode("utf-8") + eacl = {"records":[]} - if eacl: - res_json = re.split(r'[\s\n]+\][\s\n]+\}[\s\n]+Signature:', eacl) - records = re.split(r'"records": \[', res_json[0]) - input_records = ",\n" + records[1] + logger.info(eacl_oper_list) - myjson = """ -{ - "body": { - "eaclTable": { - "containerID": { - "value": \"""" + str(cid_base64) + """" - }, - "records": [ - { - "operation": "GET", - "action": \"""" + action + """", - "targets": [ - { - "role": \"""" + target_role + """" - } - ] - }, - { - "operation": "PUT", - "action": \"""" + action + """", - "targets": [ - { - "role": \"""" + target_role + """" - } - ] - }, - { - "operation": "HEAD", - "action": \"""" + action + """", - "targets": [ - { - "role": \"""" + target_role + """" - } - ] - }, - { - "operation": "DELETE", - "action": \"""" + action + """", - "targets": [ - { - "role": \"""" + target_role + """" - } - ] - }, - { - "operation": "SEARCH", - "action": \"""" + action + """", - "targets": [ - { - "role": \"""" + target_role + """" - } - ] - }, - { - "operation": "GETRANGE", - "action": \"""" + action + """", - "targets": [ - { - "role": \"""" + target_role + """" - } - ] - }, - { - "operation": "GETRANGEHASH", - "action": \"""" + action + """", - "targets": [ - { - "role": \"""" + target_role + """" - } - ] - }""" + input_records + """ - ] - }, - "lifetime": { - "exp": \"""" + lifetime_exp + """", - "nbf": "1", - "iat": "0" - } - } -} -""" - with open(file_name,'w') as out: - out.write(myjson) - logger.info("Output: %s" % myjson) + if eacl_oper_list: + for record in eacl_oper_list: + op_data = dict() - # Sign bearer token - Cmd = f'neofs-cli util sign bearer-token --from {file_name} --to {file_name} --key {private_key} --json' - logger.info("Cmd: %s" % Cmd) + if record['Role'] == "USER" or record['Role'] == "SYSTEM" or record['Role'] == "OTHERS": + op_data = {"operation":record['Operation'],"action":record['Access'],"filters": [],"targets":[{"role":record['Role']}]} + else: + op_data = {"operation":record['Operation'],"action":record['Access'],"filters": [],"targets":[{"keys": [ record['Role'] ]}]} + + if 'Filters' in record.keys(): + op_data["filters"].append(record['Filters']) - try: - complProc = subprocess.run(Cmd, check=True, universal_newlines=True, - stdout=subprocess.PIPE, stderr=subprocess.PIPE, timeout=15, shell=True) - output = complProc.stdout - logger.info("Output: %s" % str(output)) - except subprocess.CalledProcessError as e: - raise Exception("command '{}' return with error (code {}): {}".format(e.cmd, e.returncode, e.output)) + eacl["records"].append(op_data) + + logger.info(eacl) + + with open(file_name, 'w', encoding='utf-8') as f: + json.dump(eacl, f, ensure_ascii=False, indent=4) return file_name - -@keyword('Form BearerToken file filter for all ops') -def form_bearertoken_file_filter_for_all_ops(file_name: str, private_key: str, cid: str, action: str, target_role: str, lifetime_exp: str, matchType: str, key: str, value: str): - - # SEARCH should be allowed without filters to use GET, HEAD, DELETE, and SEARCH? Need to clarify. - - eacl = get_eacl(private_key, cid) - - cid_base58_b = base58.b58decode(cid) - cid_base64 = base64.b64encode(cid_base58_b).decode("utf-8") - - input_records = "" - if eacl: - res_json = re.split(r'[\s\n]+\][\s\n]+\}[\s\n]+Signature:', eacl) - records = re.split(r'"records": \[', res_json[0]) - input_records = ",\n" + records[1] - - myjson = """ -{ - "body": { - "eaclTable": { - "containerID": { - "value": \"""" + str(cid_base64) + """" - }, - "records": [ - { - "operation": "GET", - "action": \"""" + action + """", - "filters": [ - { - "headerType": "OBJECT", - "matchType": \"""" + matchType + """", - "key": \"""" + key + """", - "value": \"""" + value + """" - } - ], - "targets": [ - { - "role": \"""" + target_role + """" - } - ] - }, - { - "operation": "PUT", - "action": \"""" + action + """", - "filters": [ - { - "headerType": "OBJECT", - "matchType": \"""" + matchType + """", - "key": \"""" + key + """", - "value": \"""" + value + """" - } - ], - "targets": [ - { - "role": \"""" + target_role + """" - } - ] - }, - { - "operation": "HEAD", - "action": \"""" + action + """", - "filters": [ - { - "headerType": "OBJECT", - "matchType": \"""" + matchType + """", - "key": \"""" + key + """", - "value": \"""" + value + """" - } - ], - "targets": [ - { - "role": \"""" + target_role + """" - } - ] - }, - { - "operation": "DELETE", - "action": \"""" + action + """", - "filters": [ - { - "headerType": "OBJECT", - "matchType": \"""" + matchType + """", - "key": \"""" + key + """", - "value": \"""" + value + """" - } - ], - "targets": [ - { - "role": \"""" + target_role + """" - } - ] - }, - { - "operation": "SEARCH", - "action": \"""" + action + """", - "targets": [ - { - "role": \"""" + target_role + """" - } - ] - }, - { - "operation": "GETRANGE", - "action": \"""" + action + """", - "filters": [ - { - "headerType": "OBJECT", - "matchType": \"""" + matchType + """", - "key": \"""" + key + """", - "value": \"""" + value + """" - } - ], - "targets": [ - { - "role": \"""" + target_role + """" - } - ] - }, - { - "operation": "GETRANGEHASH", - "action": \"""" + action + """", - "filters": [ - { - "headerType": "OBJECT", - "matchType": \"""" + matchType + """", - "key": \"""" + key + """", - "value": \"""" + value + """" - } - ], - "targets": [ - { - "role": \"""" + target_role + """" - } - ] - }""" + input_records + """ - ] - }, - "lifetime": { - "exp": \"""" + lifetime_exp + """", - "nbf": "1", - "iat": "0" - } - } -} -""" - with open(file_name,'w') as out: - out.write(myjson) - logger.info("Output: %s" % myjson) - - # Sign bearer token - Cmd = f'neofs-cli util sign bearer-token --from {file_name} --to {file_name} --key {private_key} --json' - logger.info("Cmd: %s" % Cmd) - - try: - complProc = subprocess.run(Cmd, check=True, universal_newlines=True, - stdout=subprocess.PIPE, stderr=subprocess.PIPE, timeout=15, shell=True) - output = complProc.stdout - logger.info("Output: %s" % str(output)) - except subprocess.CalledProcessError as e: - raise Exception("command '{}' return with error (code {}): {}".format(e.cmd, e.returncode, e.output)) - - return file_name - - - -@keyword('Form eACL json file') -def form_eacl_json_file(file_name: str, operation: str, action: str, matchType: str, key: str, value: str, target_role: str): - - myjson = """ -{ - "records": [ - { - "operation": \"""" + operation + """", - "action": \"""" + action + """", - "filters": [ - { - "headerType": "OBJECT", - "matchType": \"""" + matchType + """", - "key": \"""" + key + """", - "value": \"""" + value + """" - } - ], - "targets": [ - { - "role": \"""" + target_role + """" - } - ] - } - ] -} -""" - with open(file_name,'w') as out: - out.write(myjson) - logger.info("Output: %s" % myjson) - - return file_name - - - - @keyword('Get Range') -def get_range(private_key: str, cid: str, oid: str, range_file: str, bearer: str, range_cut: str): +def get_range(private_key: str, cid: str, oid: str, range_file: str, bearer: str, range_cut: str, options:str=""): bearer_token = "" if bearer: bearer_token = f"--bearer {bearer}" - Cmd = f'neofs-cli --rpc-endpoint {NEOFS_ENDPOINT} --key {private_key} object range --cid {cid} --oid {oid} {bearer_token} --range {range_cut} --file {range_file} ' + Cmd = f'neofs-cli --rpc-endpoint {NEOFS_ENDPOINT} --key {private_key} object range --cid {cid} --oid {oid} {bearer_token} --range {range_cut} --file {range_file} {options}' logger.info("Cmd: %s" % Cmd) try: @@ -582,7 +353,7 @@ def generate_file_of_bytes(size): @keyword('Search object') -def search_object(private_key: str, cid: str, keys: str, bearer: str, filters: str, *expected_objects_list ): +def search_object(private_key: str, cid: str, keys: str, bearer: str, filters: str, expected_objects_list=[], options:str=""): bearer_token = "" if bearer: @@ -591,7 +362,7 @@ def search_object(private_key: str, cid: str, keys: str, bearer: str, filters: s if filters: filters = f"--filters {filters}" - ObjectCmd = f'neofs-cli --rpc-endpoint {NEOFS_ENDPOINT} --key {private_key} object search {keys} --cid {cid} {bearer_token} {filters}' + ObjectCmd = f'neofs-cli --rpc-endpoint {NEOFS_ENDPOINT} --key {private_key} object search {keys} --cid {cid} {bearer_token} {filters} {options}' logger.info("Cmd: %s" % ObjectCmd) try: complProc = subprocess.run(ObjectCmd, check=True, universal_newlines=True, @@ -733,6 +504,26 @@ def _verify_child_link(private_key: str, cid: str, oid: str, header_last_parsed: return final_verif_data +@keyword('Get Docker Logs') +def get_container_logs(testcase_name: str): + #client = docker.APIClient() + client = docker.from_env() + + tar_name = "artifacts/dockerlogs("+testcase_name+").tar.gz" + tar = tarfile.open(tar_name, "w:gz") + + for container in client.containers.list(): + file_name = "artifacts/docker_log_" + container.name + with open(file_name,'wb') as out: + out.write(container.logs()) + logger.info(container.name) + + tar.add(file_name) + os.remove(file_name) + + tar.close() + + return 1 @keyword('Verify Head Tombstone') def verify_head_tombstone(private_key: str, cid: str, oid_ts: str, oid: str, addr: str): @@ -793,8 +584,7 @@ def _json_cli_decode(data: str): return base58.b58encode(base64.b64decode(data)).decode("utf-8") @keyword('Head object') -def head_object(private_key: str, cid: str, oid: str, bearer_token: str="", user_headers:str="", keys:str="", endpoint: str="", ignore_failure: bool = False): - options = "" +def head_object(private_key: str, cid: str, oid: str, bearer_token: str="", user_headers:str="", options:str="", endpoint: str="", ignore_failure: bool = False): if bearer_token: bearer_token = f"--bearer {bearer_token}" @@ -802,7 +592,7 @@ def head_object(private_key: str, cid: str, oid: str, bearer_token: str="", user if endpoint == "": endpoint = NEOFS_ENDPOINT - ObjectCmd = f'neofs-cli --rpc-endpoint {endpoint} --key {private_key} object head --cid {cid} --oid {oid} {bearer_token} {keys}' + ObjectCmd = f'neofs-cli --rpc-endpoint {endpoint} --key {private_key} object head --cid {cid} --oid {oid} {bearer_token} {options}' logger.info("Cmd: %s" % ObjectCmd) try: complProc = subprocess.run(ObjectCmd, check=True, universal_newlines=True, @@ -941,13 +731,13 @@ def parse_object_system_header(header: str): @keyword('Delete object') -def delete_object(private_key: str, cid: str, oid: str, bearer: str): +def delete_object(private_key: str, cid: str, oid: str, bearer: str, options: str=""): bearer_token = "" if bearer: bearer_token = f"--bearer {bearer}" - ObjectCmd = f'neofs-cli --rpc-endpoint {NEOFS_ENDPOINT} --key {private_key} object delete --cid {cid} --oid {oid} {bearer_token}' + ObjectCmd = f'neofs-cli --rpc-endpoint {NEOFS_ENDPOINT} --key {private_key} object delete --cid {cid} --oid {oid} {bearer_token} {options}' logger.info("Cmd: %s" % ObjectCmd) try: complProc = subprocess.run(ObjectCmd, check=True, universal_newlines=True, @@ -997,7 +787,7 @@ def cleanup_file(*filename_list): @keyword('Put object to NeoFS') -def put_object(private_key: str, path: str, cid: str, bearer: str, user_headers: str, endpoint: str="" ): +def put_object(private_key: str, path: str, cid: str, bearer: str, user_headers: str, endpoint: str="", options: str="" ): logger.info("Going to put the object") if not endpoint: @@ -1009,7 +799,7 @@ def put_object(private_key: str, path: str, cid: str, bearer: str, user_headers: if bearer: bearer = f"--bearer {bearer}" - putObjectCmd = f'neofs-cli --rpc-endpoint {endpoint} --key {private_key} object put --file {path} --cid {cid} {bearer} {user_headers}' + putObjectCmd = f'neofs-cli --rpc-endpoint {endpoint} --key {private_key} object put --file {path} --cid {cid} {bearer} {user_headers} {options}' logger.info("Cmd: %s" % putObjectCmd) try: @@ -1024,12 +814,12 @@ def put_object(private_key: str, path: str, cid: str, bearer: str, user_headers: @keyword('Get Range Hash') -def get_range_hash(private_key: str, cid: str, oid: str, bearer_token: str, range_cut: str): +def get_range_hash(private_key: str, cid: str, oid: str, bearer_token: str, range_cut: str, options: str=""): if bearer_token: - bearer_token = f"--bearer {bearer}" + bearer_token = f"--bearer {bearer_token}" - ObjectCmd = f'neofs-cli --rpc-endpoint {NEOFS_ENDPOINT} --key {private_key} object hash --cid {cid} --oid {oid} --range {range_cut} {bearer_token}' + ObjectCmd = f'neofs-cli --rpc-endpoint {NEOFS_ENDPOINT} --key {private_key} object hash --cid {cid} --oid {oid} --range {range_cut} {bearer_token} {options}' logger.info("Cmd: %s" % ObjectCmd) try: @@ -1041,8 +831,7 @@ def get_range_hash(private_key: str, cid: str, oid: str, bearer_token: str, rang @keyword('Get object from NeoFS') -def get_object(private_key: str, cid: str, oid: str, bearer_token: str, read_object: str, endpoint: str="" ): - # TODO: add object return instead of read_object (uuid) +def get_object(private_key: str, cid: str, oid: str, bearer_token: str, write_object: str, endpoint: str="", options: str="" ): logger.info("Going to put the object") @@ -1053,7 +842,7 @@ def get_object(private_key: str, cid: str, oid: str, bearer_token: str, read_obj if bearer_token: bearer_token = f"--bearer {bearer_token}" - ObjectCmd = f'neofs-cli --rpc-endpoint {endpoint} --key {private_key} object get --cid {cid} --oid {oid} --file {read_object} {bearer_token}' + ObjectCmd = f'neofs-cli --rpc-endpoint {endpoint} --key {private_key} object get --cid {cid} --oid {oid} --file {write_object} {bearer_token} {options}' logger.info("Cmd: %s" % ObjectCmd) try: diff --git a/robot/resources/lib/neofs_int_vars.py b/robot/resources/lib/neofs_int_vars.py index f003a8d..ce63c8d 100644 --- a/robot/resources/lib/neofs_int_vars.py +++ b/robot/resources/lib/neofs_int_vars.py @@ -10,4 +10,5 @@ HTTP_GATE = 'http://http.neofs.devenv' S3_GATE = 'https://s3.neofs.devenv:8080' NEOFS_NETMAP = ['s01.neofs.devenv:8080', 's02.neofs.devenv:8080','s03.neofs.devenv:8080','s04.neofs.devenv:8080'] -GAS_HASH = '0xb5df804bbadefea726afb5d3f4e8a6f6d32d2a20' \ No newline at end of file +GAS_HASH = '0xa6a6c15dcdc9b997dac448b6926522d22efeedfb' +NEOFS_CONTRACT = "e11db12b0df3b3c05e6ed5f85e5cf53236e9dbeb" \ No newline at end of file diff --git a/robot/resources/lib/payment_neogo.py b/robot/resources/lib/payment_neogo.py index 5be6d42..34b1c5f 100644 --- a/robot/resources/lib/payment_neogo.py +++ b/robot/resources/lib/payment_neogo.py @@ -15,14 +15,14 @@ import robot.errors from robot.libraries.BuiltIn import BuiltIn ROBOT_AUTO_KEYWORDS = False -NEOFS_CONTRACT = "ce96811ca25577c058484dab10dd8db2defc5eed" + if os.getenv('ROBOT_PROFILE') == 'selectel_smoke': from selectelcdn_smoke_vars import (NEOGO_CLI_PREFIX, NEO_MAINNET_ENDPOINT, - NEOFS_NEO_API_ENDPOINT, NEOFS_ENDPOINT, GAS_HASH) + NEOFS_NEO_API_ENDPOINT, NEOFS_ENDPOINT, GAS_HASH, NEOFS_CONTRACT) else: from neofs_int_vars import (NEOGO_CLI_PREFIX, NEO_MAINNET_ENDPOINT, - NEOFS_NEO_API_ENDPOINT, NEOFS_ENDPOINT, GAS_HASH) + NEOFS_NEO_API_ENDPOINT, NEOFS_ENDPOINT, GAS_HASH, NEOFS_CONTRACT) @keyword('Init wallet') @@ -141,8 +141,10 @@ def mainnet_balance(address: str): status code: {response.status_code} {response.reason}""") m = re.search(rf'"{GAS_HASH}","amount":"([\d\.]+)"', response.text) - if not m.start() != m.end(): - raise Exception("Can not get mainnet gas balance.") + if not m: + raise Exception("Can not get mainnet gas balance. Output: %s" % response.text ) + else: + logger.info("Output: %s" % response.text) amount = m.group(1) diff --git a/robot/resources/lib/selectelcdn_smoke_vars.py b/robot/resources/lib/selectelcdn_smoke_vars.py index 64aa738..4143cf5 100644 --- a/robot/resources/lib/selectelcdn_smoke_vars.py +++ b/robot/resources/lib/selectelcdn_smoke_vars.py @@ -10,4 +10,5 @@ HTTP_GATE = 'http://92.53.71.51:38080' S3_GATE = 'https://92.53.71.51:28080' NEOFS_NETMAP = ['92.53.71.51:18080', '92.53.71.52:18080','92.53.71.53:18080','92.53.71.54:18080', '92.53.71.55:18080'] -GAS_HASH = '668e0c1f9d7b70a99dd9e06eadd4c784d641afbc' \ No newline at end of file +GAS_HASH = '668e0c1f9d7b70a99dd9e06eadd4c784d641afbc' +NEOFS_CONTRACT = "ce96811ca25577c058484dab10dd8db2defc5eed" \ No newline at end of file diff --git a/robot/testsuites/integration/acl_basic.robot b/robot/testsuites/integration/acl_basic.robot index 9010c26..3a202f4 100644 --- a/robot/testsuites/integration/acl_basic.robot +++ b/robot/testsuites/integration/acl_basic.robot @@ -107,8 +107,6 @@ Generate file Check Private Container # Check Private: - # Expected: User - pass, Other - fail, System(IR) - pass (+ System(Container node) - pass, Non-container node - fail). - # Put ${S_OID_USER} = Put object to NeoFS ${USER_KEY} ${FILE_S} ${PRIV_CID} ${EMPTY} ${EMPTY} Run Keyword And Expect Error * @@ -118,14 +116,11 @@ Check Private Container ${S_OID_SYS_SN} = Put object to NeoFS ${SYSTEM_KEY_SN} ${FILE_S} ${PRIV_CID} ${EMPTY} ${EMPTY} - - # Get Get object from NeoFS ${USER_KEY} ${PRIV_CID} ${S_OID_USER} ${EMPTY} s_file_read Run Keyword And Expect Error * ... Get object from NeoFS ${OTHER_KEY} ${PRIV_CID} ${S_OID_USER} ${EMPTY} s_file_read - Run Keyword And Expect Error * - ... Get object from NeoFS ${SYSTEM_KEY_IR} ${PRIV_CID} ${S_OID_USER} ${EMPTY} s_file_read + Get object from NeoFS ${SYSTEM_KEY_IR} ${PRIV_CID} ${S_OID_USER} ${EMPTY} s_file_read Get object from NeoFS ${SYSTEM_KEY_SN} ${PRIV_CID} ${S_OID_USER} ${EMPTY} s_file_read # Get Range @@ -146,11 +141,11 @@ Check Private Container # Search @{S_OBJ_PRIV} = Create List ${S_OID_USER} ${S_OID_SYS_SN} - Search object ${USER_KEY} ${PRIV_CID} ${EMPTY} ${EMPTY} ${EMPTY} @{S_OBJ_PRIV} + Search object ${USER_KEY} ${PRIV_CID} ${EMPTY} ${EMPTY} ${EMPTY} ${S_OBJ_PRIV} Run Keyword And Expect Error * - ... Search object ${OTHER_KEY} ${PRIV_CID} ${EMPTY} ${EMPTY} ${EMPTY} @{S_OBJ_PRIV} - Search object ${SYSTEM_KEY_IR} ${PRIV_CID} ${EMPTY} ${EMPTY} ${EMPTY} @{S_OBJ_PRIV} - Search object ${SYSTEM_KEY_SN} ${PRIV_CID} ${EMPTY} ${EMPTY} ${EMPTY} @{S_OBJ_PRIV} + ... Search object ${OTHER_KEY} ${PRIV_CID} ${EMPTY} ${EMPTY} ${EMPTY} ${S_OBJ_PRIV} + Search object ${SYSTEM_KEY_IR} ${PRIV_CID} ${EMPTY} ${EMPTY} ${EMPTY} ${S_OBJ_PRIV} + Search object ${SYSTEM_KEY_SN} ${PRIV_CID} ${EMPTY} ${EMPTY} ${EMPTY} ${S_OBJ_PRIV} # Head @@ -176,7 +171,6 @@ Check Public Container # Put ${S_OID_USER} = Put object to NeoFS ${USER_KEY} ${FILE_S} ${PUBLIC_CID} ${EMPTY} ${EMPTY} ${S_OID_OTHER} = Put object to NeoFS ${OTHER_KEY} ${FILE_S} ${PUBLIC_CID} ${EMPTY} ${EMPTY} - # https://github.com/nspcc-dev/neofs-node/issues/178 ${S_OID_SYS_IR} = Put object to NeoFS ${SYSTEM_KEY_IR} ${FILE_S} ${PUBLIC_CID} ${EMPTY} ${EMPTY} ${S_OID_SYS_SN} = Put object to NeoFS ${SYSTEM_KEY_SN} ${FILE_S} ${PUBLIC_CID} ${EMPTY} ${EMPTY} @@ -201,10 +195,10 @@ Check Public Container # Search @{S_OBJ_PRIV} = Create List ${S_OID_USER} ${S_OID_OTHER} ${S_OID_SYS_SN} ${S_OID_SYS_IR} - Search object ${USER_KEY} ${PUBLIC_CID} ${EMPTY} ${EMPTY} ${EMPTY} @{S_OBJ_PRIV} - Search object ${OTHER_KEY} ${PUBLIC_CID} ${EMPTY} ${EMPTY} ${EMPTY} @{S_OBJ_PRIV} - Search object ${SYSTEM_KEY_IR} ${PUBLIC_CID} ${EMPTY} ${EMPTY} ${EMPTY} @{S_OBJ_PRIV} - Search object ${SYSTEM_KEY_SN} ${PUBLIC_CID} ${EMPTY} ${EMPTY} ${EMPTY} @{S_OBJ_PRIV} + Search object ${USER_KEY} ${PUBLIC_CID} ${EMPTY} ${EMPTY} ${EMPTY} ${S_OBJ_PRIV} + Search object ${OTHER_KEY} ${PUBLIC_CID} ${EMPTY} ${EMPTY} ${EMPTY} ${S_OBJ_PRIV} + Search object ${SYSTEM_KEY_IR} ${PUBLIC_CID} ${EMPTY} ${EMPTY} ${EMPTY} ${S_OBJ_PRIV} + Search object ${SYSTEM_KEY_SN} ${PUBLIC_CID} ${EMPTY} ${EMPTY} ${EMPTY} ${S_OBJ_PRIV} # Head Head object ${USER_KEY} ${PUBLIC_CID} ${S_OID_USER} ${EMPTY} ${EMPTY} @@ -224,7 +218,6 @@ Check Public Container # Delete - # https://github.com/nspcc-dev/neofs-node/issues/178 Delete object ${USER_KEY} ${PUBLIC_CID} ${S_OID_SYS_IR} ${EMPTY} Delete object ${OTHER_KEY} ${PUBLIC_CID} ${S_OID_SYS_SN} ${EMPTY} Delete object ${SYSTEM_KEY_IR} ${PUBLIC_CID} ${S_OID_USER} ${EMPTY} @@ -263,10 +256,10 @@ Check Read-Only Container # Search @{S_OBJ_RO} = Create List ${S_OID_USER} ${S_OID_SYS_SN} - Search object ${USER_KEY} ${READONLY_CID} ${EMPTY} ${EMPTY} ${EMPTY} @{S_OBJ_RO} - Search object ${OTHER_KEY} ${READONLY_CID} ${EMPTY} ${EMPTY} ${EMPTY} @{S_OBJ_RO} - Search object ${SYSTEM_KEY_IR} ${READONLY_CID} ${EMPTY} ${EMPTY} ${EMPTY} @{S_OBJ_RO} - Search object ${SYSTEM_KEY_SN} ${READONLY_CID} ${EMPTY} ${EMPTY} ${EMPTY} @{S_OBJ_RO} + Search object ${USER_KEY} ${READONLY_CID} ${EMPTY} ${EMPTY} ${EMPTY} ${S_OBJ_RO} + Search object ${OTHER_KEY} ${READONLY_CID} ${EMPTY} ${EMPTY} ${EMPTY} ${S_OBJ_RO} + Search object ${SYSTEM_KEY_IR} ${READONLY_CID} ${EMPTY} ${EMPTY} ${EMPTY} ${S_OBJ_RO} + Search object ${SYSTEM_KEY_SN} ${READONLY_CID} ${EMPTY} ${EMPTY} ${EMPTY} ${S_OBJ_RO} # Head @@ -287,5 +280,6 @@ Check Read-Only Container Cleanup - @{CLEANUP_FILES} = Create List ${FILE_S} s_file_read s_get_range - Cleanup Files @{CLEANUP_FILES} \ No newline at end of file + @{CLEANUP_FILES} = Create List ${FILE_S} s_file_read s_get_range + Cleanup Files @{CLEANUP_FILES} + Get Docker Logs acl_basic \ No newline at end of file diff --git a/robot/testsuites/integration/acl_bearer.robot b/robot/testsuites/integration/acl_bearer.robot index 1a23e70..e73e7fa 100644 --- a/robot/testsuites/integration/acl_bearer.robot +++ b/robot/testsuites/integration/acl_bearer.robot @@ -21,7 +21,6 @@ BearerToken Operations Generate Keys Prepare eACL Role rules - Log Check Bearer token with simple object Generate file 1024 Check Container Inaccessible and Allow All Bearer @@ -29,16 +28,26 @@ BearerToken Operations Check eACL Deny and Allow All Bearer Filter OID Equal Check eACL Deny and Allow All Bearer Filter OID NotEqual Check eACL Deny and Allow All Bearer Filter UserHeader Equal + Check eACL Deny and Allow All Bearer Filter UserHeader NotEqual + Check eACL Allow All Bearer Filter Requst Equal Deny + Check eACL Deny and Allow All Bearer Filter Requst Equal + Check eACL Deny and Allow All Bearer Filter Requst NotEqual + Check Сompound Operations + + # TODO: - Log Check Bearer token with complex object Cleanup Files ${FILE_S} - Generate file 20e+6 + Generate file 10e+6 Check Container Inaccessible and Allow All Bearer Check eACL Deny and Allow All Bearer Check eACL Deny and Allow All Bearer Filter OID Equal Check eACL Deny and Allow All Bearer Filter OID NotEqual Check eACL Deny and Allow All Bearer Filter UserHeader Equal + Check eACL Deny and Allow All Bearer Filter UserHeader NotEqual + Check eACL Deny and Allow All Bearer Filter Requst Equal + Check eACL Deny and Allow All Bearer Filter Requst NotEqual + Check Сompound Operations [Teardown] Cleanup @@ -58,9 +67,9 @@ Generate Keys ${OTHER_KEY_GEN} = Dump PrivKey ${WALLET_OTH} ${ADDR_OTH} - ${EACL_KEY_GEN} = Form WIF from String 782676b81a35c5f07325ec523e8521ee4946b6e5d4c6cd652dd0c3ba51ce03de - ${SYSTEM_KEY_GEN} = Form WIF from String c428b4a06f166fde9f8afcf918194acdde35aa2612ecf42fe0c94273425ded21 - ${SYSTEM_KEY_GEN_SN} = Form WIF from String 0fa21a94be2227916284e4b3495180d9c93d04f095fe9d5a86f22044f5c411d2 + ${EACL_KEY_GEN} = Form WIF from String 782676b81a35c5f07325ec523e8521ee4946b6e5d4c6cd652dd0c3ba51ce03de + ${SYSTEM_KEY_GEN} = Form WIF from String c428b4a06f166fde9f8afcf918194acdde35aa2612ecf42fe0c94273425ded21 + ${SYSTEM_KEY_GEN_SN} = Form WIF from String 0fa21a94be2227916284e4b3495180d9c93d04f095fe9d5a86f22044f5c411d2 Set Global Variable ${USER_KEY} ${USER_KEY_GEN} Set Global Variable ${OTHER_KEY} ${OTHER_KEY_GEN} @@ -89,8 +98,6 @@ Payment Operations Get Transaction ${TX_DEPOSIT} - - Create Container Public Log Create Public Container ${PUBLIC_CID_GEN} = Create container ${USER_KEY} 0x0FFFFFFF @@ -103,7 +110,6 @@ Create Container Inaccessible [Return] ${PUBLIC_CID_GEN} - Generate file [Arguments] ${SIZE} @@ -113,77 +119,101 @@ Generate file Prepare eACL Role rules Log Set eACL for different Role cases - Set Global Variable ${EACL_DENY_ALL_OTHER} robot/resources/lib/eacl/eacl_encoded_deny_all - Set Global Variable ${EACL_ALLOW_ALL_OTHER} robot/resources/lib/eacl/eacl_encoded_allow_all - - Set Global Variable ${EACL_DENY_ALL_USER} robot/resources/lib/eacl/eacl_encoded_deny_all_user - Set Global Variable ${EACL_ALLOW_ALL_USER} robot/resources/lib/eacl/eacl_encoded_allow_all_user - Set Global Variable ${EACL_DENY_ALL_SYSTEM} robot/resources/lib/eacl/eacl_encoded_deny_all_sys - Set Global Variable ${EACL_ALLOW_ALL_SYSTEM} robot/resources/lib/eacl/eacl_encoded_allow_all_sys - - Set Global Variable ${EACL_ALLOW_ALL_Pubkey} robot/resources/lib/eacl/eacl_encoded_allow_all_pubkey - + # eACL rules for all operations and similar permissions + @{Roles} = Create List OTHERS USER SYSTEM + FOR ${role} IN @{Roles} + ${rule1} = Create Dictionary Operation=GET Access=DENY Role=${role} + ${rule2} = Create Dictionary Operation=HEAD Access=DENY Role=${role} + ${rule3} = Create Dictionary Operation=PUT Access=DENY Role=${role} + ${rule4} = Create Dictionary Operation=DELETE Access=DENY Role=${role} + ${rule5} = Create Dictionary Operation=SEARCH Access=DENY Role=${role} + ${rule6} = Create Dictionary Operation=GETRANGE Access=DENY Role=${role} + ${rule7} = Create Dictionary Operation=GETRANGEHASH Access=DENY Role=${role} + + ${eACL_gen} = Create List ${rule1} ${rule2} ${rule3} ${rule4} ${rule5} ${rule6} ${rule7} + Form eACL json common file gen_eacl_deny_all_${role} ${eACL_gen} + Set Global Variable ${EACL_DENY_ALL_${role}} gen_eacl_deny_all_${role} + END Check Container Inaccessible and Allow All Bearer ${CID} = Create Container Inaccessible Run Keyword And Expect Error * - ... Put object to NeoFS ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER} + ... Put object to NeoFS ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER} Run Keyword And Expect Error * - ... Search object ${USER_KEY} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER} - - Form BearerToken file for all ops bearer_allow_all_user ${USER_KEY} ${CID} ALLOW USER 100500 + ... Get object from NeoFS ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl + Run Keyword And Expect Error * + ... Search object ${USER_KEY} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER} + Run Keyword And Expect Error * + ... Head object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} + Run Keyword And Expect Error * + ... Get Range ${USER_KEY} ${CID} ${S_OID_USER} s_get_range ${EMPTY} 0:256 + Run Keyword And Expect Error * + ... Delete object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} + + ${rule1}= Create Dictionary Operation=PUT Access=ALLOW Role=USER + ${rule2}= Create Dictionary Operation=SEARCH Access=ALLOW Role=USER + + ${eACL_gen}= Create List ${rule1} ${rule2} + + Form BearerToken file ${USER_KEY} ${CID} bearer_allow_all_user ${eACL_gen} 100500 Run Keyword And Expect Error * - ... Put object to NeoFS ${USER_KEY} ${FILE_S} ${CID} bearer_allow_all_user ${FILE_USR_HEADER} + ... Put object to NeoFS ${USER_KEY} ${FILE_S} ${CID} bearer_allow_all_user ${FILE_USR_HEADER} Run Keyword And Expect Error * - ... Search object ${USER_KEY} ${CID} ${EMPTY} bearer_allow_all_user ${FILE_USR_HEADER} - - + ... Search object ${USER_KEY} ${CID} ${EMPTY} bearer_allow_all_user ${FILE_USR_HEADER} + Check eACL Deny and Allow All Bearer ${CID} = Create Container Public - ${S_OID_USER} = Put object to NeoFS ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER} - ${D_OID_USER} = Put object to NeoFS ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER_DEL} + ${S_OID_USER} = Put object to NeoFS ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER} + ${D_OID_USER} = Put object to NeoFS ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER_DEL} @{S_OBJ_H} = Create List ${S_OID_USER} - Put object to NeoFS ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_OTH_HEADER} - Get object from NeoFS ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl - Search object ${USER_KEY} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER} @{S_OBJ_H} - Head object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} - Get Range ${USER_KEY} ${CID} ${S_OID_USER} s_get_range ${EMPTY} 0:256 - Delete object ${USER_KEY} ${CID} ${D_OID_USER} ${EMPTY} + Put object to NeoFS ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_OTH_HEADER} + Get object from NeoFS ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl + Search object ${USER_KEY} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER} ${S_OBJ_H} + Head object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} + Get Range ${USER_KEY} ${CID} ${S_OID_USER} s_get_range ${EMPTY} 0:256 + Delete object ${USER_KEY} ${CID} ${D_OID_USER} ${EMPTY} - Set eACL ${USER_KEY} ${CID} ${EACL_DENY_ALL_USER} --await + Set eACL ${USER_KEY} ${CID} ${EACL_DENY_ALL_USER} --await - Form BearerToken file for all ops bearer_allow_all_user ${USER_KEY} ${CID} ALLOW USER 100500 + + ${rule1}= Create Dictionary Operation=GET Access=ALLOW Role=USER + ${rule2}= Create Dictionary Operation=HEAD Access=ALLOW Role=USER + ${rule3}= Create Dictionary Operation=PUT Access=ALLOW Role=USER + ${rule4}= Create Dictionary Operation=DELETE Access=ALLOW Role=USER + ${rule5}= Create Dictionary Operation=SEARCH Access=ALLOW Role=USER + ${rule6}= Create Dictionary Operation=GETRANGE Access=ALLOW Role=USER + ${rule7}= Create Dictionary Operation=GETRANGEHASH Access=ALLOW Role=USER + + ${eACL_gen}= Create List ${rule1} ${rule2} ${rule3} ${rule4} ${rule5} ${rule6} ${rule7} + + Form BearerToken file ${USER_KEY} ${CID} bearer_allow_all_user ${eACL_gen} 100500 Run Keyword And Expect Error * - ... Put object to NeoFS ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER} + ... Put object to NeoFS ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER} Run Keyword And Expect Error * - ... Get object from NeoFS ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl + ... Get object from NeoFS ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl Run Keyword And Expect Error * - ... Search object ${USER_KEY} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER} @{S_OBJ_H} + ... Search object ${USER_KEY} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER} ${S_OBJ_H} Run Keyword And Expect Error * - ... Head object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} + ... Head object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} Run Keyword And Expect Error * - ... Get Range ${USER_KEY} ${CID} ${S_OID_USER} s_get_range ${EMPTY} 0:256 + ... Get Range ${USER_KEY} ${CID} ${S_OID_USER} s_get_range ${EMPTY} 0:256 Run Keyword And Expect Error * - ... Delete object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} - - - Put object to NeoFS ${USER_KEY} ${FILE_S} ${CID} bearer_allow_all_user ${FILE_OTH_HEADER} - Get object from NeoFS ${USER_KEY} ${CID} ${S_OID_USER} bearer_allow_all_user local_file_eacl - Search object ${USER_KEY} ${CID} ${EMPTY} bearer_allow_all_user ${FILE_USR_HEADER} @{S_OBJ_H} - Head object ${USER_KEY} ${CID} ${S_OID_USER} bearer_allow_all_user - Get Range ${USER_KEY} ${CID} ${S_OID_USER} s_get_range bearer_allow_all_user 0:256 - Delete object ${USER_KEY} ${CID} ${S_OID_USER} bearer_allow_all_user - - + ... Delete object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} + Put object to NeoFS ${USER_KEY} ${FILE_S} ${CID} bearer_allow_all_user ${FILE_OTH_HEADER} + Get object from NeoFS ${USER_KEY} ${CID} ${S_OID_USER} bearer_allow_all_user local_file_eacl + Search object ${USER_KEY} ${CID} ${EMPTY} bearer_allow_all_user ${FILE_USR_HEADER} ${S_OBJ_H} + Head object ${USER_KEY} ${CID} ${S_OID_USER} bearer_allow_all_user + Get Range ${USER_KEY} ${CID} ${S_OID_USER} s_get_range bearer_allow_all_user 0:256 + Delete object ${USER_KEY} ${CID} ${S_OID_USER} bearer_allow_all_user Check eACL Deny and Allow All Bearer Filter OID Equal @@ -193,34 +223,43 @@ Check eACL Deny and Allow All Bearer Filter OID Equal ${D_OID_USER} = Put object to NeoFS ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER_DEL} @{S_OBJ_H} = Create List ${S_OID_USER} - Put object to NeoFS ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_OTH_HEADER} Get object from NeoFS ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl - Search object ${USER_KEY} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER} @{S_OBJ_H} + Search object ${USER_KEY} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER} ${S_OBJ_H} Head object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} Get Range ${USER_KEY} ${CID} ${S_OID_USER} s_get_range ${EMPTY} 0:256 Delete object ${USER_KEY} ${CID} ${D_OID_USER} ${EMPTY} - Set eACL ${USER_KEY} ${CID} ${EACL_DENY_ALL_USER} --await + Set eACL ${USER_KEY} ${CID} ${EACL_DENY_ALL_USER} --await - Form BearerToken file filter for all ops bearer_allow_all_user ${USER_KEY} ${CID} ALLOW USER 100500 STRING_EQUAL $Object:objectID ${S_OID_USER} + ${filters}= Create Dictionary headerType=OBJECT matchType=STRING_EQUAL key=$Object:objectID value=${S_OID_USER} + + ${rule1}= Create Dictionary Operation=GET Access=ALLOW Role=USER Filters=${filters} + ${rule2}= Create Dictionary Operation=HEAD Access=ALLOW Role=USER Filters=${filters} + ${rule3}= Create Dictionary Operation=PUT Access=ALLOW Role=USER Filters=${filters} + ${rule4}= Create Dictionary Operation=DELETE Access=ALLOW Role=USER Filters=${filters} + ${rule5}= Create Dictionary Operation=SEARCH Access=ALLOW Role=USER Filters=${filters} + ${rule6}= Create Dictionary Operation=GETRANGE Access=ALLOW Role=USER Filters=${filters} + ${rule7}= Create Dictionary Operation=GETRANGEHASH Access=ALLOW Role=USER Filters=${filters} + + ${eACL_gen}= Create List ${rule1} ${rule2} ${rule3} ${rule4} ${rule5} ${rule6} ${rule7} + + Form BearerToken file ${USER_KEY} ${CID} bearer_allow_all_user ${eACL_gen} 100500 Run Keyword And Expect Error * - ... Put object to NeoFS ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER} + ... Put object to NeoFS ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER} Run Keyword And Expect Error * - ... Get object from NeoFS ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl + ... Get object from NeoFS ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl Run Keyword And Expect Error * - ... Search object ${USER_KEY} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER} @{S_OBJ_H} + ... Search object ${USER_KEY} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER} ${S_OBJ_H} Run Keyword And Expect Error * - ... Head object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} + ... Head object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} Run Keyword And Expect Error * - ... Get Range ${USER_KEY} ${CID} ${S_OID_USER} s_get_range ${EMPTY} 0:256 + ... Get Range ${USER_KEY} ${CID} ${S_OID_USER} s_get_range ${EMPTY} 0:256 Run Keyword And Expect Error * - ... Delete object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} - - # Search is allowed without filter condition. - Search object ${USER_KEY} ${CID} ${EMPTY} bearer_allow_all_user ${FILE_USR_HEADER} @{S_OBJ_H} - + ... Delete object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} + Run Keyword And Expect Error * + ... Search object ${USER_KEY} ${CID} ${EMPTY} bearer_allow_all_user ${FILE_USR_HEADER} ${S_OBJ_H} Run Keyword And Expect Error * ... Put object to NeoFS ${USER_KEY} ${FILE_S} ${CID} bearer_allow_all_user ${FILE_OTH_HEADER} Run Keyword And Expect Error * @@ -246,30 +285,41 @@ Check eACL Deny and Allow All Bearer Filter OID NotEqual Put object to NeoFS ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_OTH_HEADER} Get object from NeoFS ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl - Search object ${USER_KEY} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER} @{S_OBJ_H} + Search object ${USER_KEY} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER} ${S_OBJ_H} Head object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} Get Range ${USER_KEY} ${CID} ${S_OID_USER} s_get_range ${EMPTY} 0:256 Delete object ${USER_KEY} ${CID} ${D_OID_USER} ${EMPTY} - Set eACL ${USER_KEY} ${CID} ${EACL_DENY_ALL_USER} --await + Set eACL ${USER_KEY} ${CID} ${EACL_DENY_ALL_USER} --await - Form BearerToken file filter for all ops bearer_allow_all_user ${USER_KEY} ${CID} ALLOW USER 100500 STRING_NOT_EQUAL $Object:objectID ${S_OID_USER_2} + ${filters}= Create Dictionary headerType=OBJECT matchType=STRING_NOT_EQUAL key=$Object:objectID value=${S_OID_USER_2} + + ${rule1}= Create Dictionary Operation=GET Access=ALLOW Role=USER Filters=${filters} + ${rule2}= Create Dictionary Operation=HEAD Access=ALLOW Role=USER Filters=${filters} + ${rule3}= Create Dictionary Operation=PUT Access=ALLOW Role=USER Filters=${filters} + ${rule4}= Create Dictionary Operation=DELETE Access=ALLOW Role=USER Filters=${filters} + ${rule5}= Create Dictionary Operation=SEARCH Access=ALLOW Role=USER Filters=${filters} + ${rule6}= Create Dictionary Operation=GETRANGE Access=ALLOW Role=USER Filters=${filters} + ${rule7}= Create Dictionary Operation=GETRANGEHASH Access=ALLOW Role=USER Filters=${filters} + + ${eACL_gen}= Create List ${rule1} ${rule2} ${rule3} ${rule4} ${rule5} ${rule6} ${rule7} + + Form BearerToken file ${USER_KEY} ${CID} bearer_allow_all_user ${eACL_gen} 100500 Run Keyword And Expect Error * - ... Put object to NeoFS ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER} + ... Put object to NeoFS ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER} Run Keyword And Expect Error * - ... Get object from NeoFS ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl + ... Get object from NeoFS ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl Run Keyword And Expect Error * - ... Search object ${USER_KEY} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER} @{S_OBJ_H} + ... Search object ${USER_KEY} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER} ${S_OBJ_H} Run Keyword And Expect Error * - ... Head object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} + ... Head object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} Run Keyword And Expect Error * - ... Get Range ${USER_KEY} ${CID} ${S_OID_USER} s_get_range ${EMPTY} 0:256 + ... Get Range ${USER_KEY} ${CID} ${S_OID_USER} s_get_range ${EMPTY} 0:256 Run Keyword And Expect Error * - ... Delete object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} - - # Search is allowed without filter condition. - Search object ${USER_KEY} ${CID} ${EMPTY} bearer_allow_all_user ${FILE_USR_HEADER} @{S_OBJ_H} + ... Delete object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} + Run Keyword And Expect Error * + ... Search object ${USER_KEY} ${CID} ${EMPTY} bearer_allow_all_user ${FILE_USR_HEADER} ${S_OBJ_H} Put object to NeoFS ${USER_KEY} ${FILE_S} ${CID} bearer_allow_all_user ${FILE_OTH_HEADER} @@ -292,6 +342,148 @@ Check eACL Deny and Allow All Bearer Filter OID NotEqual + +Check eACL Allow All Bearer Filter Requst Equal Deny + ${CID} = Create Container Public + ${S_OID_USER} = Put object to NeoFS ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER} + ${S_OID_USER_2} = Put object to NeoFS ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${EMPTY} + ${D_OID_USER} = Put object to NeoFS ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER_DEL} + @{S_OBJ_H} = Create List ${S_OID_USER} + + + ${filters}= Create Dictionary headerType=REQUEST matchType=STRING_EQUAL key=a value=256 + ${rule1}= Create Dictionary Operation=GET Access=DENY Role=USER Filters=${filters} + ${rule2}= Create Dictionary Operation=HEAD Access=DENY Role=USER Filters=${filters} + ${rule3}= Create Dictionary Operation=PUT Access=DENY Role=USER Filters=${filters} + ${rule4}= Create Dictionary Operation=DELETE Access=DENY Role=USER Filters=${filters} + ${rule5}= Create Dictionary Operation=SEARCH Access=DENY Role=USER Filters=${filters} + ${rule6}= Create Dictionary Operation=GETRANGE Access=DENY Role=USER Filters=${filters} + ${rule7}= Create Dictionary Operation=GETRANGEHASH Access=DENY Role=USER Filters=${filters} + ${eACL_gen}= Create List ${rule1} ${rule2} ${rule3} ${rule4} ${rule5} ${rule6} ${rule7} + Form BearerToken file ${USER_KEY} ${CID} bearer_allow_all_user ${eACL_gen} 100500 + + Put object to NeoFS ${USER_KEY} ${FILE_S} ${CID} bearer_allow_all_user ${FILE_OTH_HEADER} ${EMPTY} --xhdr a=2 + Get object from NeoFS ${USER_KEY} ${CID} ${S_OID_USER} bearer_allow_all_user local_file_eacl ${EMPTY} --xhdr a=2 + Search object ${USER_KEY} ${CID} ${EMPTY} bearer_allow_all_user ${FILE_USR_HEADER} ${S_OBJ_H} --xhdr a=2 + Head object ${USER_KEY} ${CID} ${S_OID_USER} bearer_allow_all_user ${EMPTY} --xhdr a=2 + Get Range ${USER_KEY} ${CID} ${S_OID_USER} s_get_range bearer_allow_all_user 0:256 --xhdr a=2 + Get Range Hash ${USER_KEY} ${CID} ${S_OID_USER} bearer_allow_all_user 0:256 --xhdr a=2 + Delete object ${USER_KEY} ${CID} ${D_OID_USER} bearer_allow_all_user --xhdr a=2 + + Run Keyword And Expect Error * + ... Put object to NeoFS ${USER_KEY} ${FILE_S} ${CID} bearer_allow_all_user ${FILE_USR_HEADER} ${EMPTY} --xhdr a=256 + Run Keyword And Expect Error * + ... Get object from NeoFS ${USER_KEY} ${CID} ${S_OID_USER} bearer_allow_all_user local_file_eacl ${EMPTY} --xhdr a=256 + Run Keyword And Expect Error * + ... Search object ${USER_KEY} ${CID} ${EMPTY} bearer_allow_all_user ${FILE_USR_HEADER} ${EMPTY} --xhdr a=256 + Run Keyword And Expect Error * + ... Head object ${USER_KEY} ${CID} ${S_OID_USER} bearer_allow_all_user ${EMPTY} --xhdr a=256 + Run Keyword And Expect Error * + ... Get Range ${USER_KEY} ${CID} ${S_OID_USER} s_get_range bearer_allow_all_user 0:256 --xhdr a=256 + Run Keyword And Expect Error * + ... Get Range Hash ${USER_KEY} ${CID} ${S_OID_USER} bearer_allow_all_user 0:256 --xhdr a=256 + Run Keyword And Expect Error * + ... Delete object ${USER_KEY} ${CID} ${S_OID_USER} bearer_allow_all_user --xhdr a=256 + + +Check eACL Deny and Allow All Bearer Filter Requst NotEqual + ${CID} = Create Container Public + ${S_OID_USER} = Put object to NeoFS ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER} + ${S_OID_USER_2} = Put object to NeoFS ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${EMPTY} + ${D_OID_USER} = Put object to NeoFS ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER_DEL} + @{S_OBJ_H} = Create List ${S_OID_USER} + + Put object to NeoFS ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_OTH_HEADER} + Get object from NeoFS ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl + Search object ${USER_KEY} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER} ${S_OBJ_H} + Head object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} + Get Range ${USER_KEY} ${CID} ${S_OID_USER} s_get_range ${EMPTY} 0:256 + Delete object ${USER_KEY} ${CID} ${D_OID_USER} ${EMPTY} + + Set eACL ${USER_KEY} ${CID} ${EACL_DENY_ALL_USER} --await + + ${filters}= Create Dictionary headerType=REQUEST matchType=STRING_NOT_EQUAL key=a value=256 + ${rule1}= Create Dictionary Operation=GET Access=ALLOW Role=USER Filters=${filters} + ${rule2}= Create Dictionary Operation=HEAD Access=ALLOW Role=USER Filters=${filters} + ${rule3}= Create Dictionary Operation=PUT Access=ALLOW Role=USER Filters=${filters} + ${rule4}= Create Dictionary Operation=DELETE Access=ALLOW Role=USER Filters=${filters} + ${rule5}= Create Dictionary Operation=SEARCH Access=ALLOW Role=USER Filters=${filters} + ${rule6}= Create Dictionary Operation=GETRANGE Access=ALLOW Role=USER Filters=${filters} + ${rule7}= Create Dictionary Operation=GETRANGEHASH Access=ALLOW Role=USER Filters=${filters} + ${eACL_gen}= Create List ${rule1} ${rule2} ${rule3} ${rule4} ${rule5} ${rule6} ${rule7} + Form BearerToken file ${USER_KEY} ${CID} bearer_allow_all_user ${eACL_gen} 100500 + + Run Keyword And Expect Error * + ... Put object to NeoFS ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER} + Run Keyword And Expect Error * + ... Get object from NeoFS ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl + #Run Keyword And Expect Error * + #... Search object ${USER_KEY} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER} ${S_OBJ_H} + Run Keyword And Expect Error * + ... Head object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} + Run Keyword And Expect Error * + ... Get Range ${USER_KEY} ${CID} ${S_OID_USER} s_get_range ${EMPTY} 0:256 + Run Keyword And Expect Error * + ... Delete object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} + + Put object to NeoFS ${USER_KEY} ${FILE_S} ${CID} bearer_allow_all_user ${FILE_USR_HEADER} ${EMPTY} --xhdr a=2 + Get object from NeoFS ${USER_KEY} ${CID} ${S_OID_USER} bearer_allow_all_user local_file_eacl ${EMPTY} --xhdr a=2 + Search object ${USER_KEY} ${CID} ${EMPTY} bearer_allow_all_user ${FILE_USR_HEADER} ${EMPTY} --xhdr a=2 + Head object ${USER_KEY} ${CID} ${S_OID_USER} bearer_allow_all_user ${EMPTY} --xhdr a=2 + Get Range ${USER_KEY} ${CID} ${S_OID_USER} s_get_range bearer_allow_all_user 0:256 --xhdr a=2 + Get Range Hash ${USER_KEY} ${CID} ${S_OID_USER} bearer_allow_all_user 0:256 --xhdr a=2 + Delete object ${USER_KEY} ${CID} ${S_OID_USER} bearer_allow_all_user --xhdr a=2 + + +Check eACL Deny and Allow All Bearer Filter Requst Equal + ${CID} = Create Container Public + ${S_OID_USER} = Put object to NeoFS ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER} + ${S_OID_USER_2} = Put object to NeoFS ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${EMPTY} + ${D_OID_USER} = Put object to NeoFS ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER_DEL} + @{S_OBJ_H} = Create List ${S_OID_USER} + + Put object to NeoFS ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_OTH_HEADER} + Get object from NeoFS ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl + Search object ${USER_KEY} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER} ${S_OBJ_H} + Head object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} + Get Range ${USER_KEY} ${CID} ${S_OID_USER} s_get_range ${EMPTY} 0:256 + Delete object ${USER_KEY} ${CID} ${D_OID_USER} ${EMPTY} + + Set eACL ${USER_KEY} ${CID} ${EACL_DENY_ALL_USER} --await + + ${filters}= Create Dictionary headerType=REQUEST matchType=STRING_EQUAL key=a value=256 + ${rule1}= Create Dictionary Operation=GET Access=ALLOW Role=USER Filters=${filters} + ${rule2}= Create Dictionary Operation=HEAD Access=ALLOW Role=USER Filters=${filters} + ${rule3}= Create Dictionary Operation=PUT Access=ALLOW Role=USER Filters=${filters} + ${rule4}= Create Dictionary Operation=DELETE Access=ALLOW Role=USER Filters=${filters} + ${rule5}= Create Dictionary Operation=SEARCH Access=ALLOW Role=USER Filters=${filters} + ${rule6}= Create Dictionary Operation=GETRANGE Access=ALLOW Role=USER Filters=${filters} + ${rule7}= Create Dictionary Operation=GETRANGEHASH Access=ALLOW Role=USER Filters=${filters} + ${eACL_gen}= Create List ${rule1} ${rule2} ${rule3} ${rule4} ${rule5} ${rule6} ${rule7} + Form BearerToken file ${USER_KEY} ${CID} bearer_allow_all_user ${eACL_gen} 100500 + + Run Keyword And Expect Error * + ... Put object to NeoFS ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER} + Run Keyword And Expect Error * + ... Get object from NeoFS ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl + Run Keyword And Expect Error * + ... Search object ${USER_KEY} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER} ${S_OBJ_H} + Run Keyword And Expect Error * + ... Head object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} + Run Keyword And Expect Error * + ... Get Range ${USER_KEY} ${CID} ${S_OID_USER} s_get_range ${EMPTY} 0:256 + Run Keyword And Expect Error * + ... Delete object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} + + Put object to NeoFS ${USER_KEY} ${FILE_S} ${CID} bearer_allow_all_user ${FILE_USR_HEADER} ${EMPTY} --xhdr a=256 + Get object from NeoFS ${USER_KEY} ${CID} ${S_OID_USER} bearer_allow_all_user local_file_eacl ${EMPTY} --xhdr a=256 + Search object ${USER_KEY} ${CID} ${EMPTY} bearer_allow_all_user ${FILE_USR_HEADER} ${EMPTY} --xhdr a=256 + Head object ${USER_KEY} ${CID} ${S_OID_USER} bearer_allow_all_user ${EMPTY} --xhdr a=256 + Get Range ${USER_KEY} ${CID} ${S_OID_USER} s_get_range bearer_allow_all_user 0:256 --xhdr a=256 + Get Range Hash ${USER_KEY} ${CID} ${S_OID_USER} bearer_allow_all_user 0:256 --xhdr a=256 + Delete object ${USER_KEY} ${CID} ${S_OID_USER} bearer_allow_all_user --xhdr a=256 + + Check eACL Deny and Allow All Bearer Filter UserHeader Equal ${CID} = Create Container Public ${S_OID_USER} = Put object to NeoFS ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER} @@ -302,30 +494,42 @@ Check eACL Deny and Allow All Bearer Filter UserHeader Equal Put object to NeoFS ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_OTH_HEADER} Get object from NeoFS ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl - Search object ${USER_KEY} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER} @{S_OBJ_H} + Search object ${USER_KEY} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER} ${S_OBJ_H} Head object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} Get Range ${USER_KEY} ${CID} ${S_OID_USER} s_get_range ${EMPTY} 0:256 Delete object ${USER_KEY} ${CID} ${D_OID_USER} ${EMPTY} - Set eACL ${USER_KEY} ${CID} ${EACL_DENY_ALL_USER} --await + Set eACL ${USER_KEY} ${CID} ${EACL_DENY_ALL_USER} --await - Form BearerToken file filter for all ops bearer_allow_all_user ${USER_KEY} ${CID} ALLOW USER 100500 STRING_EQUAL key2 abc + + ${filters}= Create Dictionary headerType=OBJECT matchType=STRING_EQUAL key=key2 value=abc + + ${rule1}= Create Dictionary Operation=GET Access=ALLOW Role=USER Filters=${filters} + ${rule2}= Create Dictionary Operation=HEAD Access=ALLOW Role=USER Filters=${filters} + ${rule3}= Create Dictionary Operation=PUT Access=ALLOW Role=USER Filters=${filters} + ${rule4}= Create Dictionary Operation=DELETE Access=ALLOW Role=USER Filters=${filters} + ${rule5}= Create Dictionary Operation=SEARCH Access=ALLOW Role=USER Filters=${filters} + ${rule6}= Create Dictionary Operation=GETRANGE Access=ALLOW Role=USER Filters=${filters} + ${rule7}= Create Dictionary Operation=GETRANGEHASH Access=ALLOW Role=USER Filters=${filters} + + ${eACL_gen}= Create List ${rule1} ${rule2} ${rule3} ${rule4} ${rule5} ${rule6} ${rule7} + + Form BearerToken file ${USER_KEY} ${CID} bearer_allow_all_user ${eACL_gen} 100500 Run Keyword And Expect Error * - ... Put object to NeoFS ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER} + ... Put object to NeoFS ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER} Run Keyword And Expect Error * - ... Get object from NeoFS ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl + ... Get object from NeoFS ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl Run Keyword And Expect Error * - ... Search object ${USER_KEY} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER} @{S_OBJ_H} + ... Search object ${USER_KEY} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER} ${S_OBJ_H} Run Keyword And Expect Error * - ... Head object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} + ... Head object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} Run Keyword And Expect Error * - ... Get Range ${USER_KEY} ${CID} ${S_OID_USER} s_get_range ${EMPTY} 0:256 + ... Get Range ${USER_KEY} ${CID} ${S_OID_USER} s_get_range ${EMPTY} 0:256 Run Keyword And Expect Error * - ... Delete object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} - - # Search is allowed without filter condition. - Search object ${USER_KEY} ${CID} ${EMPTY} bearer_allow_all_user ${FILE_USR_HEADER} @{S_OBJ_H} + ... Delete object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} + Run Keyword And Expect Error * + ... Search object ${USER_KEY} ${CID} ${EMPTY} bearer_allow_all_user ${FILE_USR_HEADER} ${S_OBJ_H} Run Keyword And Expect Error * ... Put object to NeoFS ${USER_KEY} ${FILE_S} ${CID} bearer_allow_all_user ${FILE_OTH_HEADER} @@ -346,14 +550,181 @@ Check eACL Deny and Allow All Bearer Filter UserHeader Equal # Delete can not be filtered by UserHeader. Run Keyword And Expect Error * - ... Delete object ${USER_KEY} ${CID} ${S_OID_USER} bearer_allow_all_user + ... Delete object ${USER_KEY} ${CID} ${S_OID_USER} bearer_allow_all_user Run Keyword And Expect Error * ... Delete object ${USER_KEY} ${CID} ${S_OID_USER_2} bearer_allow_all_user -# Check eACL Deny and Allow All Bearer Filter UserHeader NotEqual +Check eACL Deny and Allow All Bearer Filter UserHeader NotEqual + ${CID} = Create Container Public + ${S_OID_USER} = Put object to NeoFS ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_OTH_HEADER} + ${S_OID_USER_2} = Put object to NeoFS ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER} + ${D_OID_USER} = Put object to NeoFS ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER_DEL} + @{S_OBJ_H} = Create List ${S_OID_USER_2} + + + Put object to NeoFS ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_OTH_HEADER} + Get object from NeoFS ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl + Search object ${USER_KEY} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER} ${S_OBJ_H} + Head object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} + Get Range ${USER_KEY} ${CID} ${S_OID_USER} s_get_range ${EMPTY} 0:256 + Delete object ${USER_KEY} ${CID} ${D_OID_USER} ${EMPTY} + + Set eACL ${USER_KEY} ${CID} ${EACL_DENY_ALL_USER} --await + + + ${filters}= Create Dictionary headerType=OBJECT matchType=STRING_NOT_EQUAL key=key2 value=abc + + ${rule1}= Create Dictionary Operation=GET Access=ALLOW Role=USER Filters=${filters} + ${rule2}= Create Dictionary Operation=HEAD Access=ALLOW Role=USER Filters=${filters} + ${rule3}= Create Dictionary Operation=PUT Access=ALLOW Role=USER Filters=${filters} + ${rule4}= Create Dictionary Operation=DELETE Access=ALLOW Role=USER Filters=${filters} + ${rule5}= Create Dictionary Operation=SEARCH Access=ALLOW Role=USER Filters=${filters} + ${rule6}= Create Dictionary Operation=GETRANGE Access=ALLOW Role=USER Filters=${filters} + ${rule7}= Create Dictionary Operation=GETRANGEHASH Access=ALLOW Role=USER Filters=${filters} + + ${eACL_gen}= Create List ${rule1} ${rule2} ${rule3} ${rule4} ${rule6} ${rule7} + + Form BearerToken file ${USER_KEY} ${CID} bearer_allow_all_user ${eACL_gen} 100500 + + Run Keyword And Expect Error * + ... Put object to NeoFS ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER} + Run Keyword And Expect Error * + ... Get object from NeoFS ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl + Run Keyword And Expect Error * + ... Search object ${USER_KEY} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER} ${S_OBJ_H} + Run Keyword And Expect Error * + ... Head object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} + Run Keyword And Expect Error * + ... Get Range ${USER_KEY} ${CID} ${S_OID_USER} s_get_range ${EMPTY} 0:256 + Run Keyword And Expect Error * + ... Delete object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} + + # Search can not use filter by headers + Run Keyword And Expect Error * + ... Search object ${USER_KEY} ${CID} ${EMPTY} bearer_allow_all_user ${FILE_USR_HEADER} ${S_OBJ_H} + + # Different behaviour for big and small objects! + # Put object to NeoFS ${USER_KEY} ${FILE_S} ${CID} bearer_allow_all_user ${FILE_OTH_HEADER} + Run Keyword And Expect Error * + ... Put object to NeoFS ${USER_KEY} ${FILE_S} ${CID} bearer_allow_all_user ${EMPTY} + + Get object from NeoFS ${USER_KEY} ${CID} ${S_OID_USER} bearer_allow_all_user local_file_eacl + Run Keyword And Expect Error * + ... Get object from NeoFS ${USER_KEY} ${CID} ${S_OID_USER_2} bearer_allow_all_user local_file_eacl + + Run Keyword And Expect Error * + ... Get Range ${USER_KEY} ${CID} ${S_OID_USER} s_get_range bearer_allow_all_user 0:256 + + Run Keyword And Expect Error * + ... Get Range Hash ${USER_KEY} ${CID} ${S_OID_USER} bearer_allow_all_user 0:256 + + Head object ${USER_KEY} ${CID} ${S_OID_USER} bearer_allow_all_user + Run Keyword And Expect Error * + ... Head object ${USER_KEY} ${CID} ${S_OID_USER_2} bearer_allow_all_user + + # Delete can not be filtered by UserHeader. + Run Keyword And Expect Error * + ... Delete object ${USER_KEY} ${CID} ${S_OID_USER} bearer_allow_all_user + Run Keyword And Expect Error * + ... Delete object ${USER_KEY} ${CID} ${S_OID_USER_2} bearer_allow_all_user + + +Check Сompound Operations + Check Bearer Сompound Get ${OTHER_KEY} OTHERS ${EACL_DENY_ALL_OTHERS} + Check Bearer Сompound Get ${USER_KEY} USER ${EACL_DENY_ALL_USER} + Check Bearer Сompound Get ${SYSTEM_KEY} SYSTEM ${EACL_DENY_ALL_SYSTEM} + + Check Bearer Сompound Delete ${OTHER_KEY} OTHERS ${EACL_DENY_ALL_OTHERS} + Check Bearer Сompound Delete ${USER_KEY} USER ${EACL_DENY_ALL_USER} + Check Bearer Сompound Delete ${SYSTEM_KEY} SYSTEM ${EACL_DENY_ALL_SYSTEM} + + Check Bearer Сompound Get Range Hash ${OTHER_KEY} OTHERS ${EACL_DENY_ALL_OTHERS} + Check Bearer Сompound Get Range Hash ${USER_KEY} USER ${EACL_DENY_ALL_USER} + Check Bearer Сompound Get Range Hash ${SYSTEM_KEY} SYSTEM ${EACL_DENY_ALL_SYSTEM} + + +Check Bearer Сompound Get + [Arguments] ${KEY} ${DENY_GROUP} ${DENY_EACL} + + ${CID} = Create Container Public + ${S_OID_USER} = Put object to NeoFS ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER} + @{S_OBJ_H} = Create List ${S_OID_USER} + + ${S_OID_USER} = Put object to NeoFS ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER} + Put object to NeoFS ${KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_OTH_HEADER} + Get object from NeoFS ${KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl + Set eACL ${USER_KEY} ${CID} ${DENY_EACL} --await + + ${rule1}= Create Dictionary Operation=GET Access=ALLOW Role=${DENY_GROUP} + ${rule2}= Create Dictionary Operation=GETRANGE Access=ALLOW Role=${DENY_GROUP} + ${rule3}= Create Dictionary Operation=GETRANGEHASH Access=ALLOW Role=${DENY_GROUP} + ${eACL_gen}= Create List ${rule1} ${rule2} ${rule3} + Form BearerToken file ${USER_KEY} ${CID} bearer_allow ${eACL_gen} 100500 + + Run Keyword And Expect Error * + ... Head object ${KEY} ${CID} ${S_OID_USER} bearer_allow + + Get object from NeoFS ${KEY} ${CID} ${S_OID_USER} bearer_allow local_file_eacl + Get Range ${KEY} ${CID} ${S_OID_USER} s_get_range bearer_allow 0:256 + Get Range Hash ${KEY} ${CID} ${S_OID_USER} bearer_allow 0:256 + + +Check Bearer Сompound Delete + [Arguments] ${KEY} ${DENY_GROUP} ${DENY_EACL} + + ${CID} = Create Container Public + + ${S_OID_USER} = Put object to NeoFS ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER} + ${D_OID_USER} = Put object to NeoFS ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${EMPTY} + Put object to NeoFS ${KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_OTH_HEADER} + Delete object ${KEY} ${CID} ${D_OID_USER} ${EMPTY} + + Set eACL ${USER_KEY} ${CID} ${DENY_EACL} --await + + ${rule1} = Create Dictionary Operation=DELETE Access=ALLOW Role=${DENY_GROUP} + ${rule2} = Create Dictionary Operation=PUT Access=DENY Role=${DENY_GROUP} + ${rule3} = Create Dictionary Operation=HEAD Access=DENY Role=${DENY_GROUP} + ${eACL_gen} = Create List ${rule1} ${rule2} ${rule3} + Form BearerToken file ${USER_KEY} ${CID} bearer_allow ${eACL_gen} 100500 + + Run Keyword And Expect Error * + ... Head object ${KEY} ${CID} ${S_OID_USER} bearer_allow + Run Keyword And Expect Error * + ... Put object to NeoFS ${KEY} ${FILE_S} ${CID} bearer_allow ${FILE_OTH_HEADER} + + Delete object ${KEY} ${CID} ${S_OID_USER} bearer_allow + + + +Check Bearer Сompound Get Range Hash + [Arguments] ${KEY} ${DENY_GROUP} ${DENY_EACL} + + ${CID} = Create Container Public + + ${S_OID_USER} = Put object to NeoFS ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER} + Put object to NeoFS ${KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_OTH_HEADER} + Get Range Hash ${SYSTEM_KEY_SN} ${CID} ${S_OID_USER} ${EMPTY} 0:256 + + Set eACL ${USER_KEY} ${CID} ${DENY_EACL} --await + + ${rule1} = Create Dictionary Operation=GETRANGEHASH Access=ALLOW Role=${DENY_GROUP} + ${rule2} = Create Dictionary Operation=GETRANGE Access=DENY Role=${DENY_GROUP} + ${rule3} = Create Dictionary Operation=GET Access=DENY Role=${DENY_GROUP} + ${eACL_gen} = Create List ${rule1} ${rule2} ${rule3} + Form BearerToken file ${USER_KEY} ${CID} bearer_allow ${eACL_gen} 100500 + + Run Keyword And Expect Error * + ... Get Range ${KEY} ${CID} ${S_OID_USER} s_get_range bearer_allow 0:256 + Run Keyword And Expect Error * + ... Get object from NeoFS ${KEY} ${CID} ${S_OID_USER} bearer_allow local_file_eacl + + Get Range Hash ${KEY} ${CID} ${S_OID_USER} bearer_allow 0:256 + Cleanup - @{CLEANUP_FILES} = Create List ${FILE_S} local_file_eacl s_get_range bearer_allow_all_user - Cleanup Files @{CLEANUP_FILES} \ No newline at end of file + @{CLEANUP_FILES} = Create List ${FILE_S} local_file_eacl s_get_range + ... bearer_allow_all_user gen_eacl_deny_all_USER bearer_allow + Cleanup Files @{CLEANUP_FILES} + Get Docker Logs acl_bearer \ No newline at end of file diff --git a/robot/testsuites/integration/acl_extended.robot b/robot/testsuites/integration/acl_extended.robot index 0d89197..17aaa67 100644 --- a/robot/testsuites/integration/acl_extended.robot +++ b/robot/testsuites/integration/acl_extended.robot @@ -20,18 +20,22 @@ Extended ACL Operations Prepare eACL Role rules Log Check extended ACL with simple object + Generate files 1024 + Check Actions Check Filters - + Check Сompound Operations + Cleanup Files ${FILE_S} ${FILE_S_2} Log Check extended ACL with complex object - Generate files 20e+6 + Generate files 10e+6 Check Actions Check Filters - - [Teardown] Cleanup + Check Сompound Operations + + #[Teardown] Cleanup *** Keywords *** @@ -44,11 +48,168 @@ Check Actions Check Filters - Check eACL MatchType String Equal - Check eACL MatchType String Not Equal + Check eACL MatchType String Equal Object + Check eACL MatchType String Not Equal Object + Check eACL MatchType String Equal Request Deny + Check eACL MatchType String Equal Request Allow + +Check Сompound Operations + Check eACL Сompound Get ${OTHER_KEY} ${EACL_COMPOUND_GET_OTHERS} + Check eACL Сompound Get ${USER_KEY} ${EACL_COMPOUND_GET_USER} + Check eACL Сompound Get ${SYSTEM_KEY} ${EACL_COMPOUND_GET_SYSTEM} + + Check eACL Сompound Delete ${OTHER_KEY} ${EACL_COMPOUND_DELETE_OTHERS} + Check eACL Сompound Delete ${USER_KEY} ${EACL_COMPOUND_DELETE_USER} + Check eACL Сompound Delete ${SYSTEM_KEY} ${EACL_COMPOUND_DELETE_SYSTEM} + + Check eACL Сompound Get Range Hash ${OTHER_KEY} ${EACL_COMPOUND_GET_HASH_OTHERS} + Check eACL Сompound Get Range Hash ${USER_KEY} ${EACL_COMPOUND_GET_HASH_USER} + Check eACL Сompound Get Range Hash ${SYSTEM_KEY} ${EACL_COMPOUND_GET_HASH_SYSTEM} + +Check eACL Сompound Get + [Arguments] ${KEY} ${DENY_EACL} + + ${CID} = Create Container Public + + ${S_OID_USER} = Put object to NeoFS ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER} + Put object to NeoFS ${KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_OTH_HEADER} + Get object from NeoFS ${KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl + Set eACL ${USER_KEY} ${CID} ${DENY_EACL} --await + + Run Keyword And Expect Error * + ... Head object ${KEY} ${CID} ${S_OID_USER} ${EMPTY} + + Get object from NeoFS ${KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl + Get Range ${KEY} ${CID} ${S_OID_USER} s_get_range ${EMPTY} 0:256 + Get Range Hash ${KEY} ${CID} ${S_OID_USER} ${EMPTY} 0:256 -Check eACL MatchType String Equal +Check eACL Сompound Delete + [Arguments] ${KEY} ${DENY_EACL} + + ${CID} = Create Container Public + + ${S_OID_USER} = Put object to NeoFS ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER} + ${D_OID_USER} = Put object to NeoFS ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${EMPTY} + Put object to NeoFS ${KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_OTH_HEADER} + Delete object ${KEY} ${CID} ${D_OID_USER} ${EMPTY} + + Set eACL ${USER_KEY} ${CID} ${DENY_EACL} --await + + Run Keyword And Expect Error * + ... Head object ${KEY} ${CID} ${S_OID_USER} ${EMPTY} + Run Keyword And Expect Error * + ... Put object to NeoFS ${KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_OTH_HEADER} + + Delete object ${KEY} ${CID} ${S_OID_USER} ${EMPTY} + + + +Check eACL Сompound Get Range Hash + [Arguments] ${KEY} ${DENY_EACL} + + ${CID} = Create Container Public + + ${S_OID_USER} = Put object to NeoFS ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER} + Put object to NeoFS ${KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_OTH_HEADER} + Get Range Hash ${SYSTEM_KEY_SN} ${CID} ${S_OID_USER} ${EMPTY} 0:256 + + Set eACL ${USER_KEY} ${CID} ${DENY_EACL} --await + + Run Keyword And Expect Error * + ... Get Range ${KEY} ${CID} ${S_OID_USER} s_get_range ${EMPTY} 0:256 + Run Keyword And Expect Error * + ... Get object from NeoFS ${KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl + + Get Range Hash ${KEY} ${CID} ${S_OID_USER} ${EMPTY} 0:256 + + + +Check eACL MatchType String Equal Request Deny + ${CID} = Create Container Public + ${S_OID_USER} = Put object to NeoFS ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER} + + ${HEADER} = Head object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} + &{HEADER_DICT} = Parse Object System Header ${HEADER} + Get object from NeoFS ${OTHER_KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl + + + ${ID_value} = Get From Dictionary ${HEADER_DICT} ID + + Set eACL ${USER_KEY} ${CID} ${EACL_XHEADER_DENY_ALL} --await + + Run Keyword And Expect Error * + ... Get object from NeoFS ${OTHER_KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl ${EMPTY} --xhdr a=2 + Get object from NeoFS ${OTHER_KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl ${EMPTY} --xhdr a=256 + + Run Keyword And Expect Error * + ... Put object to NeoFS ${OTHER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_OTH_HEADER} ${EMPTY} --xhdr a=2 + Run Keyword And Expect Error * + ... Get object from NeoFS ${OTHER_KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl ${EMPTY} --xhdr a=2 + Run Keyword And Expect Error * + ... Search object ${OTHER_KEY} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER} ${EMPTY} --xhdr a=2 + Run Keyword And Expect Error * + ... Head object ${OTHER_KEY} ${CID} ${S_OID_USER} ${EMPTY} ${EMPTY} --xhdr a=2 + Run Keyword And Expect Error * + ... Get Range ${OTHER_KEY} ${CID} ${S_OID_USER} s_get_range ${EMPTY} 0:256 --xhdr a="2" + Run Keyword And Expect Error * + ... Get Range Hash ${OTHER_KEY} ${CID} ${S_OID_USER} ${EMPTY} 0:256 --xhdr a=2 + Run Keyword And Expect Error * + ... Delete object ${OTHER_KEY} ${CID} ${S_OID_USER} ${EMPTY} --xhdr a=2 + + Put object to NeoFS ${OTHER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_OTH_HEADER} ${EMPTY} --xhdr a=256 + Get object from NeoFS ${OTHER_KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl ${EMPTY} --xhdr a=* + Search object ${OTHER_KEY} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER} ${EMPTY} --xhdr a= + Head object ${OTHER_KEY} ${CID} ${S_OID_USER} ${EMPTY} ${EMPTY} --xhdr a=.* + Get Range ${OTHER_KEY} ${CID} ${S_OID_USER} s_get_range ${EMPTY} 0:256 --xhdr a="2 2" + Get Range Hash ${OTHER_KEY} ${CID} ${S_OID_USER} ${EMPTY} 0:256 --xhdr a=256 + Delete object ${OTHER_KEY} ${CID} ${S_OID_USER} ${EMPTY} --xhdr a=22 + + + +Check eACL MatchType String Equal Request Allow + ${CID} = Create Container Public + ${S_OID_USER} = Put object to NeoFS ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER} + + ${HEADER} = Head object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} + &{HEADER_DICT} = Parse Object System Header ${HEADER} + Get object from NeoFS ${OTHER_KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl + + + ${ID_value} = Get From Dictionary ${HEADER_DICT} ID + + Set eACL ${USER_KEY} ${CID} ${EACL_XHEADER_ALLOW_ALL} --await + Get eACL ${USER_KEY} ${CID} + + Run Keyword And Expect Error * + ... Get object from NeoFS ${OTHER_KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl ${EMPTY} + Run Keyword And Expect Error * + ... Put object to NeoFS ${OTHER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_OTH_HEADER} ${EMPTY} + Run Keyword And Expect Error * + ... Get object from NeoFS ${OTHER_KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl ${EMPTY} + Run Keyword And Expect Error * + ... Search object ${OTHER_KEY} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER} ${EMPTY} + Run Keyword And Expect Error * + ... Head object ${OTHER_KEY} ${CID} ${S_OID_USER} ${EMPTY} ${EMPTY} + Run Keyword And Expect Error * + ... Get Range ${OTHER_KEY} ${CID} ${S_OID_USER} s_get_range ${EMPTY} 0:256 + Run Keyword And Expect Error * + ... Get Range Hash ${OTHER_KEY} ${CID} ${S_OID_USER} ${EMPTY} 0:256 + Run Keyword And Expect Error * + ... Delete object ${OTHER_KEY} ${CID} ${S_OID_USER} ${EMPTY} + + Put object to NeoFS ${OTHER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_OTH_HEADER} ${EMPTY} --xhdr a=2 + Get object from NeoFS ${OTHER_KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl ${EMPTY} --xhdr a=2 + Search object ${OTHER_KEY} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER} ${EMPTY} --xhdr a=2 + Head object ${OTHER_KEY} ${CID} ${S_OID_USER} ${EMPTY} ${EMPTY} --xhdr a=2 + Get Range ${OTHER_KEY} ${CID} ${S_OID_USER} s_get_range ${EMPTY} 0:256 --xhdr a=2 + Get Range Hash ${OTHER_KEY} ${CID} ${S_OID_USER} ${EMPTY} 0:256 --xhdr a=2 + Delete object ${OTHER_KEY} ${CID} ${S_OID_USER} ${EMPTY} --xhdr a=2 + + + + +Check eACL MatchType String Equal Object ${CID} = Create Container Public ${S_OID_USER} = Put object to NeoFS ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER} @@ -59,7 +220,12 @@ Check eACL MatchType String Equal Log Set eACL for Deny GET operation with StringEqual Object ID ${ID_value} = Get From Dictionary ${HEADER_DICT} ID - ${EACL_CUSTOM} = Form eACL json file eacl_custom GET DENY STRING_EQUAL $Object:objectID ${ID_value} OTHERS + + ${filters} = Create Dictionary headerType=OBJECT matchType=STRING_EQUAL key=$Object:objectID value=${ID_value} + ${rule1} = Create Dictionary Operation=GET Access=DENY Role=OTHERS Filters=${filters} + ${eACL_gen} = Create List ${rule1} + ${EACL_CUSTOM} = Form eACL json common file eacl_custom ${eACL_gen} + Set eACL ${USER_KEY} ${CID} ${EACL_CUSTOM} --await Run Keyword And Expect Error * ... Get object from NeoFS ${OTHER_KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl @@ -67,15 +233,21 @@ Check eACL MatchType String Equal Log Set eACL for Deny GET operation with StringEqual Object Extended User Header ${S_OID_USER_OTH} = Put object to NeoFS ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_OTH_HEADER} - ${EACL_CUSTOM} = Form eACL json file eacl_custom GET DENY STRING_EQUAL key1 1 OTHERS + + ${filters} = Create Dictionary headerType=OBJECT matchType=STRING_EQUAL key=key1 value=1 + ${rule1} = Create Dictionary Operation=GET Access=DENY Role=OTHERS Filters=${filters} + ${eACL_gen} = Create List ${rule1} + ${EACL_CUSTOM} = Form eACL json common file eacl_custom ${eACL_gen} + + Set eACL ${USER_KEY} ${CID} ${EACL_CUSTOM} --await Run Keyword And Expect Error * ... Get object from NeoFS ${OTHER_KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl Get object from NeoFS ${OTHER_KEY} ${CID} ${S_OID_USER_OTH} ${EMPTY} local_file_eacl + - -Check eACL MatchType String Not Equal +Check eACL MatchType String Not Equal Object ${CID} = Create Container Public ${S_OID_USER} = Put object to NeoFS ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER} @@ -84,14 +256,19 @@ Check eACL MatchType String Not Equal ${HEADER} = Head object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} Head object ${USER_KEY} ${CID} ${S_OID_OTHER} ${EMPTY} - &{HEADER_DICT} = Parse Object System Header ${HEADER} + &{HEADER_DICT} = Parse Object System Header ${HEADER} Get object from NeoFS ${OTHER_KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl Get object from NeoFS ${OTHER_KEY} ${CID} ${S_OID_OTHER} ${EMPTY} local_file_eacl Log Set eACL for Deny GET operation with StringNotEqual Object ID ${ID_value} = Get From Dictionary ${HEADER_DICT} ID - ${EACL_CUSTOM} = Form eACL json file eacl_custom GET DENY STRING_NOT_EQUAL $Object:objectID ${ID_value} OTHERS + + ${filters} = Create Dictionary headerType=OBJECT matchType=STRING_NOT_EQUAL key=$Object:objectID value=${ID_value} + ${rule1} = Create Dictionary Operation=GET Access=DENY Role=OTHERS Filters=${filters} + ${eACL_gen} = Create List ${rule1} + ${EACL_CUSTOM} = Form eACL json common file eacl_custom ${eACL_gen} + Set eACL ${USER_KEY} ${CID} ${EACL_CUSTOM} --await Run Keyword And Expect Error * ... Get object from NeoFS ${OTHER_KEY} ${CID} ${S_OID_OTHER} ${EMPTY} local_file_eacl @@ -100,7 +277,12 @@ Check eACL MatchType String Not Equal Log Set eACL for Deny GET operation with StringEqual Object Extended User Header ${S_OID_USER_OTH} = Put object to NeoFS ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_OTH_HEADER} - ${EACL_CUSTOM} = Form eACL json file eacl_custom GET DENY STRING_NOT_EQUAL key1 1 OTHERS + + ${filters} = Create Dictionary headerType=OBJECT matchType=STRING_NOT_EQUAL key=key1 value=1 + ${rule1} = Create Dictionary Operation=GET Access=DENY Role=OTHERS Filters=${filters} + ${eACL_gen} = Create List ${rule1} + ${EACL_CUSTOM} = Form eACL json common file eacl_custom ${eACL_gen} + Set eACL ${USER_KEY} ${CID} ${EACL_CUSTOM} --await Run Keyword And Expect Error * ... Get object from NeoFS ${OTHER_KEY} ${CID} ${S_OID_USER_OTH} ${EMPTY} local_file_eacl @@ -170,17 +352,145 @@ Generate files Prepare eACL Role rules Log Set eACL for different Role cases - Set Global Variable ${EACL_DENY_ALL_OTHER} robot/resources/lib/eacl/eacl_encoded_deny_all - Set Global Variable ${EACL_ALLOW_ALL_OTHER} robot/resources/lib/eacl/eacl_encoded_allow_all - - Set Global Variable ${EACL_DENY_ALL_USER} robot/resources/lib/eacl/eacl_encoded_deny_all_user - Set Global Variable ${EACL_ALLOW_ALL_USER} robot/resources/lib/eacl/eacl_encoded_allow_all_user + # eACL rules for all operations and similar permissions + @{Roles} = Create List OTHERS USER SYSTEM + FOR ${role} IN @{Roles} + ${rule1}= Create Dictionary Operation=GET Access=DENY Role=${role} + ${rule2}= Create Dictionary Operation=HEAD Access=DENY Role=${role} + ${rule3}= Create Dictionary Operation=PUT Access=DENY Role=${role} + ${rule4}= Create Dictionary Operation=DELETE Access=DENY Role=${role} + ${rule5}= Create Dictionary Operation=SEARCH Access=DENY Role=${role} + ${rule6}= Create Dictionary Operation=GETRANGE Access=DENY Role=${role} + ${rule7}= Create Dictionary Operation=GETRANGEHASH Access=DENY Role=${role} - Set Global Variable ${EACL_DENY_ALL_SYSTEM} robot/resources/lib/eacl/eacl_encoded_deny_all_sys - Set Global Variable ${EACL_ALLOW_ALL_SYSTEM} robot/resources/lib/eacl/eacl_encoded_allow_all_sys + ${eACL_gen}= Create List ${rule1} ${rule2} ${rule3} ${rule4} ${rule5} ${rule6} ${rule7} + Form eACL json common file gen_eacl_deny_all_${role} ${eACL_gen} + END + + + FOR ${role} IN @{Roles} + ${rule1}= Create Dictionary Operation=GET Access=ALLOW Role=${role} + ${rule2}= Create Dictionary Operation=HEAD Access=ALLOW Role=${role} + ${rule3}= Create Dictionary Operation=PUT Access=ALLOW Role=${role} + ${rule4}= Create Dictionary Operation=DELETE Access=ALLOW Role=${role} + ${rule5}= Create Dictionary Operation=SEARCH Access=ALLOW Role=${role} + ${rule6}= Create Dictionary Operation=GETRANGE Access=ALLOW Role=${role} + ${rule7}= Create Dictionary Operation=GETRANGEHASH Access=ALLOW Role=${role} + + ${eACL_gen}= Create List ${rule1} ${rule2} ${rule3} ${rule4} ${rule5} ${rule6} ${rule7} + Form eACL json common file gen_eacl_allow_all_${role} ${eACL_gen} + END + + + ${rule1}= Create Dictionary Operation=GET Access=ALLOW Role=A9tDy6Ye+UimXCCzJrlAmRE0FDZHjf3XRyya9rELtgAA + ${rule2}= Create Dictionary Operation=HEAD Access=ALLOW Role=A9tDy6Ye+UimXCCzJrlAmRE0FDZHjf3XRyya9rELtgAA + ${rule3}= Create Dictionary Operation=PUT Access=ALLOW Role=A9tDy6Ye+UimXCCzJrlAmRE0FDZHjf3XRyya9rELtgAA + ${rule4}= Create Dictionary Operation=DELETE Access=ALLOW Role=A9tDy6Ye+UimXCCzJrlAmRE0FDZHjf3XRyya9rELtgAA + ${rule5}= Create Dictionary Operation=SEARCH Access=ALLOW Role=A9tDy6Ye+UimXCCzJrlAmRE0FDZHjf3XRyya9rELtgAA + ${rule6}= Create Dictionary Operation=GETRANGE Access=ALLOW Role=A9tDy6Ye+UimXCCzJrlAmRE0FDZHjf3XRyya9rELtgAA + ${rule7}= Create Dictionary Operation=GETRANGEHASH Access=ALLOW Role=A9tDy6Ye+UimXCCzJrlAmRE0FDZHjf3XRyya9rELtgAA + ${rule8}= Create Dictionary Operation=GET Access=DENY Role=OTHERS + ${rule9}= Create Dictionary Operation=HEAD Access=DENY Role=OTHERS + ${rule10}= Create Dictionary Operation=PUT Access=DENY Role=OTHERS + ${rule11}= Create Dictionary Operation=DELETE Access=DENY Role=OTHERS + ${rule12}= Create Dictionary Operation=SEARCH Access=DENY Role=OTHERS + ${rule13}= Create Dictionary Operation=GETRANGE Access=DENY Role=OTHERS + ${rule14}= Create Dictionary Operation=GETRANGEHASH Access=DENY Role=OTHERS + + + ${eACL_gen}= Create List ${rule1} ${rule2} ${rule3} ${rule4} ${rule5} ${rule6} ${rule7} + ... ${rule8} ${rule9} ${rule10} ${rule11} ${rule12} ${rule13} ${rule14} + Form eACL json common file gen_eacl_allow_pubkey_deny_OTHERS ${eACL_gen} + + Set Global Variable ${EACL_DENY_ALL_OTHER} gen_eacl_deny_all_OTHERS + Set Global Variable ${EACL_ALLOW_ALL_OTHER} gen_eacl_allow_all_OTHERS + + Set Global Variable ${EACL_DENY_ALL_USER} gen_eacl_deny_all_USER + Set Global Variable ${EACL_ALLOW_ALL_USER} gen_eacl_allow_all_USER + + Set Global Variable ${EACL_DENY_ALL_SYSTEM} gen_eacl_deny_all_SYSTEM + Set Global Variable ${EACL_ALLOW_ALL_SYSTEM} gen_eacl_allow_all_SYSTEM - Set Global Variable ${EACL_ALLOW_ALL_Pubkey} robot/resources/lib/eacl/eacl_encoded_allow_all_pubkey - + Set Global Variable ${EACL_ALLOW_ALL_Pubkey} gen_eacl_allow_pubkey_deny_OTHERS + + + # eACL rules for Compound operations: GET/GetRange/GetRangeHash + @{Roles} = Create List OTHERS USER SYSTEM + FOR ${role} IN @{Roles} + ${rule1}= Create Dictionary Operation=GET Access=ALLOW Role=${role} + ${rule2}= Create Dictionary Operation=GETRANGE Access=ALLOW Role=${role} + ${rule3}= Create Dictionary Operation=GETRANGEHASH Access=ALLOW Role=${role} + ${rule4}= Create Dictionary Operation=HEAD Access=DENY Role=${role} + ${eACL_gen}= Create List ${rule1} ${rule2} ${rule3} ${rule4} + Form eACL json common file gen_eacl_compound_get_${role} ${eACL_gen} + Set Global Variable ${EACL_COMPOUND_GET_${role}} gen_eacl_compound_get_${role} + END + + # eACL rules for Compound operations: DELETE + @{Roles} = Create List OTHERS USER SYSTEM + FOR ${role} IN @{Roles} + ${rule1}= Create Dictionary Operation=DELETE Access=ALLOW Role=${role} + ${rule2}= Create Dictionary Operation=PUT Access=DENY Role=${role} + ${rule3}= Create Dictionary Operation=HEAD Access=DENY Role=${role} + ${eACL_gen}= Create List ${rule1} ${rule2} ${rule3} + Form eACL json common file gen_eacl_compound_del_${role} ${eACL_gen} + Set Global Variable ${EACL_COMPOUND_DELETE_${role}} gen_eacl_compound_del_${role} + END + + # eACL rules for Compound operations: GETRANGEHASH + @{Roles} = Create List OTHERS USER SYSTEM + FOR ${role} IN @{Roles} + ${rule1}= Create Dictionary Operation=GETRANGEHASH Access=ALLOW Role=${role} + ${rule2}= Create Dictionary Operation=GETRANGE Access=DENY Role=${role} + ${rule3}= Create Dictionary Operation=GET Access=DENY Role=${role} + ${eACL_gen}= Create List ${rule1} ${rule2} ${rule3} + Form eACL json common file gen_eacl_compound_get_hash_${role} ${eACL_gen} + Set Global Variable ${EACL_COMPOUND_GET_HASH_${role}} gen_eacl_compound_get_hash_${role} + END + + + + # eACL for X-Header Other DENY and ALLOW for all + ${filters}= Create Dictionary headerType=REQUEST matchType=STRING_EQUAL key=a value=2 + + ${rule1}= Create Dictionary Operation=GET Access=DENY Role=OTHERS Filters=${filters} + ${rule2}= Create Dictionary Operation=HEAD Access=DENY Role=OTHERS Filters=${filters} + ${rule3}= Create Dictionary Operation=PUT Access=DENY Role=OTHERS Filters=${filters} + ${rule4}= Create Dictionary Operation=DELETE Access=DENY Role=OTHERS Filters=${filters} + ${rule5}= Create Dictionary Operation=SEARCH Access=DENY Role=OTHERS Filters=${filters} + ${rule6}= Create Dictionary Operation=GETRANGE Access=DENY Role=OTHERS Filters=${filters} + ${rule7}= Create Dictionary Operation=GETRANGEHASH Access=DENY Role=OTHERS Filters=${filters} + ${eACL_gen}= Create List ${rule1} ${rule2} ${rule3} ${rule4} ${rule5} ${rule6} ${rule7} + Form eACL json common file gen_eacl_xheader_deny_all ${eACL_gen} + Set Global Variable ${EACL_XHEADER_DENY_ALL} gen_eacl_xheader_deny_all + + + + # eACL for X-Header Other ALLOW and DENY for all + ${filters}= Create Dictionary headerType=REQUEST matchType=STRING_EQUAL key=a value=2 + + ${rule1}= Create Dictionary Operation=GET Access=ALLOW Role=OTHERS Filters=${filters} + ${rule2}= Create Dictionary Operation=HEAD Access=ALLOW Role=OTHERS Filters=${filters} + ${rule3}= Create Dictionary Operation=PUT Access=ALLOW Role=OTHERS Filters=${filters} + ${rule4}= Create Dictionary Operation=DELETE Access=ALLOW Role=OTHERS Filters=${filters} + ${rule5}= Create Dictionary Operation=SEARCH Access=ALLOW Role=OTHERS Filters=${filters} + ${rule6}= Create Dictionary Operation=GETRANGE Access=ALLOW Role=OTHERS Filters=${filters} + ${rule7}= Create Dictionary Operation=GETRANGEHASH Access=ALLOW Role=OTHERS Filters=${filters} + ${rule8}= Create Dictionary Operation=GET Access=DENY Role=OTHERS + ${rule9}= Create Dictionary Operation=HEAD Access=DENY Role=OTHERS + ${rule10}= Create Dictionary Operation=PUT Access=DENY Role=OTHERS + ${rule11}= Create Dictionary Operation=DELETE Access=DENY Role=OTHERS + ${rule12}= Create Dictionary Operation=SEARCH Access=DENY Role=OTHERS + ${rule13}= Create Dictionary Operation=GETRANGE Access=DENY Role=OTHERS + ${rule14}= Create Dictionary Operation=GETRANGEHASH Access=DENY Role=OTHERS + ${eACL_gen}= Create List ${rule1} ${rule2} ${rule3} ${rule4} ${rule5} ${rule6} ${rule7} + ... ${rule8} ${rule9} ${rule10} ${rule11} ${rule12} ${rule13} ${rule14} + Form eACL json common file gen_eacl_xheader_allow_all ${eACL_gen} + Set Global Variable ${EACL_XHEADER_ALLOW_ALL} gen_eacl_xheader_allow_all + + + + Check eACL Deny and Allow All User Check eACL Deny and Allow All ${USER_KEY} ${EACL_DENY_ALL_USER} ${EACL_ALLOW_ALL_USER} @@ -205,8 +515,8 @@ Check eACL Deny and Allow All System Get object from NeoFS ${SYSTEM_KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl Get object from NeoFS ${SYSTEM_KEY_SN} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl - Search object ${SYSTEM_KEY} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER} @{S_OBJ_H} - Search object ${SYSTEM_KEY_SN} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER} @{S_OBJ_H} + Search object ${SYSTEM_KEY} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER} ${S_OBJ_H} + Search object ${SYSTEM_KEY_SN} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER} ${S_OBJ_H} Head object ${SYSTEM_KEY} ${CID} ${S_OID_USER} ${EMPTY} Head object ${SYSTEM_KEY_SN} ${CID} ${S_OID_USER} ${EMPTY} @@ -220,11 +530,7 @@ Check eACL Deny and Allow All System Delete object ${SYSTEM_KEY} ${CID} ${D_OID_USER_S} ${EMPTY} Delete object ${SYSTEM_KEY_SN} ${CID} ${D_OID_USER_SN} ${EMPTY} - - Set eACL ${USER_KEY} ${CID} ${EACL_DENY_ALL_SYSTEM} - Sleep ${MORPH_BLOCK_TIMEOUT} - - + Set eACL ${USER_KEY} ${CID} ${EACL_DENY_ALL_SYSTEM} --await Run Keyword And Expect Error * ... Put object to NeoFS ${SYSTEM_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_OTH_HEADER} @@ -237,9 +543,9 @@ Check eACL Deny and Allow All System ... Get object from NeoFS ${SYSTEM_KEY_SN} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl Run Keyword And Expect Error * - ... Search object ${SYSTEM_KEY} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER} @{S_OBJ_H} + ... Search object ${SYSTEM_KEY} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER} ${S_OBJ_H} Run Keyword And Expect Error * - ... Search object ${SYSTEM_KEY_SN} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER} @{S_OBJ_H} + ... Search object ${SYSTEM_KEY_SN} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER} ${S_OBJ_H} Run Keyword And Expect Error * @@ -265,8 +571,8 @@ Check eACL Deny and Allow All System ... Delete object ${SYSTEM_KEY_SN} ${CID} ${S_OID_USER} ${EMPTY} - Set eACL ${USER_KEY} ${CID} ${EACL_ALLOW_ALL_SYSTEM} - Sleep ${MORPH_BLOCK_TIMEOUT} + Set eACL ${USER_KEY} ${CID} ${EACL_ALLOW_ALL_SYSTEM} --await + ${D_OID_USER_S} = Put object to NeoFS ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER_DEL} ${D_OID_USER_SN} = Put object to NeoFS ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER_DEL} @@ -278,8 +584,8 @@ Check eACL Deny and Allow All System Get object from NeoFS ${SYSTEM_KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl Get object from NeoFS ${SYSTEM_KEY_SN} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl - Search object ${SYSTEM_KEY} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER} @{S_OBJ_H} - Search object ${SYSTEM_KEY_SN} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER} @{S_OBJ_H} + Search object ${SYSTEM_KEY} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER} ${S_OBJ_H} + Search object ${SYSTEM_KEY_SN} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER} ${S_OBJ_H} Head object ${SYSTEM_KEY} ${CID} ${S_OID_USER} ${EMPTY} Head object ${SYSTEM_KEY_SN} ${CID} ${S_OID_USER} ${EMPTY} @@ -304,7 +610,7 @@ Check eACL Deny All Other and Allow All Pubkey Put object to NeoFS ${EACL_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_OTH_HEADER} Get object from NeoFS ${EACL_KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl - Search object ${EACL_KEY} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER} @{S_OBJ_H} + Search object ${EACL_KEY} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER} ${S_OBJ_H} Head object ${EACL_KEY} ${CID} ${S_OID_USER} ${EMPTY} Get Range ${EACL_KEY} ${CID} ${S_OID_USER} s_get_range ${EMPTY} 0:256 Get Range Hash ${EACL_KEY} ${CID} ${S_OID_USER} ${EMPTY} 0:256 @@ -318,7 +624,7 @@ Check eACL Deny All Other and Allow All Pubkey Run Keyword And Expect Error * ... Get object from NeoFS ${OTHER_KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl Run Keyword And Expect Error * - ... Search object ${OTHER_KEY} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER} @{S_OBJ_H} + ... Search object ${OTHER_KEY} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER} ${S_OBJ_H} Run Keyword And Expect Error * ... Head object ${OTHER_KEY} ${CID} ${S_OID_USER} ${EMPTY} Run Keyword And Expect Error * @@ -330,7 +636,7 @@ Check eACL Deny All Other and Allow All Pubkey Put object to NeoFS ${EACL_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_OTH_HEADER} Get object from NeoFS ${EACL_KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl - Search object ${EACL_KEY} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER} @{S_OBJ_H} + Search object ${EACL_KEY} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER} ${S_OBJ_H} Head object ${EACL_KEY} ${CID} ${S_OID_USER} ${EMPTY} Get Range ${EACL_KEY} ${CID} ${S_OID_USER} s_get_range ${EMPTY} 0:256 Get Range Hash ${EACL_KEY} ${CID} ${S_OID_USER} ${EMPTY} 0:256 @@ -348,22 +654,21 @@ Check eACL Deny and Allow All Put object to NeoFS ${KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_OTH_HEADER} Get object from NeoFS ${KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl - Search object ${KEY} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER} @{S_OBJ_H} + Search object ${KEY} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER} ${S_OBJ_H} Head object ${KEY} ${CID} ${S_OID_USER} ${EMPTY} Get Range ${KEY} ${CID} ${S_OID_USER} s_get_range ${EMPTY} 0:256 Get Range Hash ${KEY} ${CID} ${S_OID_USER} ${EMPTY} 0:256 Delete object ${KEY} ${CID} ${D_OID_USER} ${EMPTY} - Set eACL ${USER_KEY} ${CID} ${DENY_EACL} - Sleep ${MORPH_BLOCK_TIMEOUT} + Set eACL ${USER_KEY} ${CID} ${DENY_EACL} --await Run Keyword And Expect Error * ... Put object to NeoFS ${KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER} Run Keyword And Expect Error * ... Get object from NeoFS ${KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl Run Keyword And Expect Error * - ... Search object ${KEY} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER} @{S_OBJ_H} + ... Search object ${KEY} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER} ${S_OBJ_H} Run Keyword And Expect Error * ... Head object ${KEY} ${CID} ${S_OID_USER} ${EMPTY} Run Keyword And Expect Error * @@ -373,17 +678,24 @@ Check eACL Deny and Allow All Run Keyword And Expect Error * ... Delete object ${KEY} ${CID} ${S_OID_USER} ${EMPTY} - Set eACL ${USER_KEY} ${CID} ${ALLOW_EACL} - Sleep ${MORPH_BLOCK_TIMEOUT} + Set eACL ${USER_KEY} ${CID} ${ALLOW_EACL} --await + Put object to NeoFS ${KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_OTH_HEADER} Get object from NeoFS ${KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl - Search object ${KEY} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER} @{S_OBJ_H} + Search object ${KEY} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER} ${S_OBJ_H} Head object ${KEY} ${CID} ${S_OID_USER} ${EMPTY} Get Range ${KEY} ${CID} ${S_OID_USER} s_get_range ${EMPTY} 0:256 Get Range Hash ${KEY} ${CID} ${S_OID_USER} ${EMPTY} 0:256 Delete object ${KEY} ${CID} ${S_OID_USER} ${EMPTY} Cleanup - @{CLEANUP_FILES} = Create List ${FILE_S} ${FILE_S_2} local_file_eacl eacl_custom s_get_range - Cleanup Files @{CLEANUP_FILES} \ No newline at end of file + @{CLEANUP_FILES} = Create List ${FILE_S} ${FILE_S_2} local_file_eacl eacl_custom s_get_range + ... gen_eacl_allow_all_OTHERS gen_eacl_deny_all_USER gen_eacl_allow_all_USER + ... gen_eacl_deny_all_SYSTEM gen_eacl_allow_all_SYSTEM gen_eacl_allow_pubkey_deny_OTHERS + ... gen_eacl_deny_all_OTHERS + ... gen_eacl_compound_del_SYSTEM gen_eacl_compound_del_USER gen_eacl_compound_del_OTHERS + ... gen_eacl_compound_get_hash_OTHERS gen_eacl_compound_get_hash_SYSTEM gen_eacl_compound_get_hash_USER + ... gen_eacl_compound_get_OTHERS gen_eacl_compound_get_SYSTEM gen_eacl_compound_get_USER + Cleanup Files @{CLEANUP_FILES} + Get Docker Logs acl_extended diff --git a/robot/testsuites/integration/http_gate.robot b/robot/testsuites/integration/http_gate.robot index 750d929..00c8e71 100644 --- a/robot/testsuites/integration/http_gate.robot +++ b/robot/testsuites/integration/http_gate.robot @@ -36,9 +36,12 @@ NeoFS HTTP Gateway ... Container Existing ${PRIV_KEY} ${CID} ${FILE} = Generate file of bytes 1024 + ${FILE_L} = Generate file of bytes 10e+6 ${FILE_HASH} = Get file hash ${FILE} + ${FILE_L_HASH} = Get file hash ${FILE_L} - ${S_OID} = Put object to NeoFS ${PRIV_KEY} ${FILE} ${CID} ${EMPTY} ${EMPTY} + ${S_OID} = Put object to NeoFS ${PRIV_KEY} ${FILE} ${CID} ${EMPTY} ${EMPTY} + ${L_OID} = Put object to NeoFS ${PRIV_KEY} ${FILE_L} ${CID} ${EMPTY} ${EMPTY} # By request from Service team - try to GET object from the node without object @@ -50,5 +53,23 @@ NeoFS HTTP Gateway Verify file hash s_file_read ${FILE_HASH} Verify file hash ${FILEPATH} ${FILE_HASH} - - [Teardown] Cleanup Files ${FILEPATH} ${FILE} s_file_read + + @{GET_NODE_LIST} = Get nodes without object ${PRIV_KEY} ${CID} ${L_OID} + ${NODE} = Evaluate random.choice($GET_NODE_LIST) random + + Get object from NeoFS ${PRIV_KEY} ${CID} ${L_OID} ${EMPTY} l_file_read ${NODE} + ${FILEPATH} = Get via HTTP Gate ${CID} ${L_OID} + + Verify file hash l_file_read ${FILE_L_HASH} + Verify file hash ${FILEPATH} ${FILE_L_HASH} + + [Teardown] Cleanup ${FILEPATH} ${FILE} + + + +*** Keywords *** + +Cleanup + [Arguments] ${FILEPATH} ${FILE} + Cleanup Files ${FILEPATH} ${FILE} s_file_read l_file_read + Get Docker Logs http_gate \ No newline at end of file diff --git a/robot/testsuites/integration/netmap_simple.robot b/robot/testsuites/integration/netmap_simple.robot index 38b58f4..5e93051 100644 --- a/robot/testsuites/integration/netmap_simple.robot +++ b/robot/testsuites/integration/netmap_simple.robot @@ -60,7 +60,7 @@ NeoFS Simple Netmap Run Keyword And Expect Error * ... Validate Policy REP 2 IN X CBF 2 SELECT 6 FROM * AS X 2 @{EMPTY} - [Teardown] Cleanup Files ${FILE} + [Teardown] Cleanup ${FILE} *** Keywords *** @@ -107,3 +107,7 @@ Validate Policy Validate storage policy for object ${PRIV_KEY} ${EXPECTED_VAL} ${CID} ${S_OID} @{EXPECTED_LIST} +Cleanup + [Arguments] ${FILE} + Cleanup Files ${FILE} + Get Docker Logs netmap_simple \ No newline at end of file diff --git a/robot/testsuites/integration/object_complex.robot b/robot/testsuites/integration/object_complex.robot index 4a9739b..50ab314 100644 --- a/robot/testsuites/integration/object_complex.robot +++ b/robot/testsuites/integration/object_complex.robot @@ -41,8 +41,7 @@ NeoFS Complex Object Operations Wait Until Keyword Succeeds 2 min 30 sec ... Expected Balance ${PRIV_KEY} 50 -7e-08 - ${SIZE} = Set Variable 20e+6 - ${FILE} = Generate file of bytes ${SIZE} + ${FILE} = Generate file of bytes 10e+6 ${FILE_HASH} = Get file hash ${FILE} ${S_OID} = Put object to NeoFS ${PRIV_KEY} ${FILE} ${CID} ${EMPTY} ${EMPTY} @@ -60,7 +59,7 @@ NeoFS Complex Object Operations @{S_OBJ_H_OTH} = Create List ${H_OID_OTH} Run Keyword And Expect Error * - ... Search object ${PRIV_KEY} ${CID} ${EMPTY} ${EMPTY} ${EMPTY} @{S_OBJ_ALL} + ... Search object ${PRIV_KEY} ${CID} ${EMPTY} ${EMPTY} ${EMPTY} ${S_OBJ_ALL} Get object from NeoFS ${PRIV_KEY} ${CID} ${S_OID} ${EMPTY} s_file_read Get object from NeoFS ${PRIV_KEY} ${CID} ${H_OID} ${EMPTY} h_file_read @@ -74,9 +73,9 @@ NeoFS Complex Object Operations Get Range ${PRIV_KEY} ${CID} ${S_OID} s_get_range ${EMPTY} 0:10 Get Range ${PRIV_KEY} ${CID} ${H_OID} h_get_range ${EMPTY} 0:10 - Search object ${PRIV_KEY} ${CID} --root ${EMPTY} ${EMPTY} @{S_OBJ_ALL} - Search object ${PRIV_KEY} ${CID} --root ${EMPTY} ${FILE_USR_HEADER} @{S_OBJ_H} - Search object ${PRIV_KEY} ${CID} --root ${EMPTY} ${FILE_USR_HEADER_OTH} @{S_OBJ_H_OTH} + Search object ${PRIV_KEY} ${CID} --root ${EMPTY} ${EMPTY} ${S_OBJ_ALL} + Search object ${PRIV_KEY} ${CID} --root ${EMPTY} ${FILE_USR_HEADER} ${S_OBJ_H} + Search object ${PRIV_KEY} ${CID} --root ${EMPTY} ${FILE_USR_HEADER_OTH} ${S_OBJ_H_OTH} Head object ${PRIV_KEY} ${CID} ${S_OID} ${EMPTY} Head object ${PRIV_KEY} ${CID} ${H_OID} ${EMPTY} ${FILE_USR_HEADER} @@ -105,9 +104,9 @@ NeoFS Complex Object Operations Cleanup [Arguments] ${FILE} - @{CLEANUP_FILES} = Create List ${FILE} s_file_read h_file_read s_get_range h_get_range Cleanup Files @{CLEANUP_FILES} + Get Docker Logs object_complex diff --git a/robot/testsuites/integration/object_simple.robot b/robot/testsuites/integration/object_simple.robot index 6dd1970..0e9d7d7 100644 --- a/robot/testsuites/integration/object_simple.robot +++ b/robot/testsuites/integration/object_simple.robot @@ -68,9 +68,9 @@ NeoFS Simple Object Operations Get Range ${PRIV_KEY} ${CID} ${S_OID} s_get_range ${EMPTY} 0:10 Get Range ${PRIV_KEY} ${CID} ${H_OID} h_get_range ${EMPTY} 0:10 - Search object ${PRIV_KEY} ${CID} ${EMPTY} ${EMPTY} ${EMPTY} @{S_OBJ_ALL} - Search object ${PRIV_KEY} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER} @{S_OBJ_H} - Search object ${PRIV_KEY} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER_OTH} @{S_OBJ_H_OTH} + Search object ${PRIV_KEY} ${CID} ${EMPTY} ${EMPTY} ${EMPTY} ${S_OBJ_ALL} + Search object ${PRIV_KEY} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER} ${S_OBJ_H} + Search object ${PRIV_KEY} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER_OTH} ${S_OBJ_H_OTH} Head object ${PRIV_KEY} ${CID} ${S_OID} ${EMPTY} Head object ${PRIV_KEY} ${CID} ${H_OID} ${EMPTY} ${FILE_USR_HEADER} @@ -100,6 +100,7 @@ Cleanup @{CLEANUP_FILES} = Create List ${FILE} s_file_read h_file_read s_get_range h_get_range Cleanup Files @{CLEANUP_FILES} + Get Docker Logs object_simple diff --git a/robot/testsuites/integration/replication.robot b/robot/testsuites/integration/replication.robot index 3378dc1..b0cd2eb 100644 --- a/robot/testsuites/integration/replication.robot +++ b/robot/testsuites/integration/replication.robot @@ -41,9 +41,8 @@ NeoFS Object Replication @{NODES_OBJ} = Get nodes with object ${PRIV_KEY} ${CID} ${S_OID} @{NODES_OBJ_STOPPED} = Stop nodes 1 @{NODES_OBJ} - Sleep 1 min - - Validate storage policy for object ${PRIV_KEY} 2 ${CID} ${S_OID} + Wait Until Keyword Succeeds 10 min 1 min + ... Validate storage policy for object ${PRIV_KEY} 2 ${CID} ${S_OID} Start nodes @{NODES_OBJ_STOPPED} [Teardown] Cleanup ${FILE} @{NODES_OBJ_STOPPED} @@ -55,5 +54,6 @@ Cleanup [Arguments] ${FILE} @{NODES_OBJ_STOPPED} Start nodes @{NODES_OBJ_STOPPED} Cleanup Files ${FILE} + Get Docker Logs replication diff --git a/robot/testsuites/integration/s3_gate.robot b/robot/testsuites/integration/s3_gate.robot index ff2ae25..d7306e3 100644 --- a/robot/testsuites/integration/s3_gate.robot +++ b/robot/testsuites/integration/s3_gate.robot @@ -25,11 +25,11 @@ NeoFS S3 Gateway ... Transaction accepted in block ${TX_DEPOSIT} Get Transaction ${TX_DEPOSIT} - ${FILE_S3} = Generate file of bytes 20e+6 + ${FILE_S3} = Generate file of bytes 10e+6 ${FILE_S3_HASH} = Get file hash ${FILE_S3} ${FILE_S3_NAME} = Get file name ${FILE_S3} - ${FILE_FS} = Generate file of bytes 20e+6 + ${FILE_FS} = Generate file of bytes 10e+6 ${FILE_FS_HASH} = Get file hash ${FILE_FS} ${FILE_FS_NAME} = Get file name ${FILE_FS} @@ -85,6 +85,12 @@ NeoFS S3 Gateway ${LIST_S3_OBJECTS} = List objects S3 ${S3_CLIENT} ${BUCKET} List Should Not Contain Value ${LIST_S3_OBJECTS} FILE_S3_NAME - [Teardown] Cleanup Files s3_obj_get_fs fs_obj_get_fs s3_obj_get_s3 fs_obj_get_s3 - ... ${FILE_S3} ${FILE_FS} + [Teardown] Cleanup ${FILE_S3} ${FILE_FS} +*** Keywords *** + +Cleanup + [Arguments] ${FILE_S3} ${FILE_FS} + Cleanup Files s3_obj_get_fs fs_obj_get_fs s3_obj_get_s3 fs_obj_get_s3 + ... ${FILE_S3} ${FILE_FS} + Get Docker Logs s3_gate \ No newline at end of file diff --git a/robot/testsuites/integration/withdraw.robot b/robot/testsuites/integration/withdraw.robot index a96062b..67c5bd4 100644 --- a/robot/testsuites/integration/withdraw.robot +++ b/robot/testsuites/integration/withdraw.robot @@ -30,7 +30,7 @@ NeoFS Deposit and Withdraw Sleep 1 min - Expexted Mainnet Balance ${ADDR} 4.84454920 + Expexted Mainnet Balance ${ADDR} 4.85019610 ${NEOFS_BALANCE} = Get Balance ${PRIV_KEY} ${TX} = Withdraw Mainnet Gas ${WALLET} ${ADDR} ${SCRIPT_HASH} 50 @@ -40,5 +40,11 @@ NeoFS Deposit and Withdraw Sleep 1 min Get Balance ${PRIV_KEY} Expected Balance ${PRIV_KEY} ${NEOFS_BALANCE} -50 - Expexted Mainnet Balance ${ADDR} 54.80800160 - \ No newline at end of file + Expexted Mainnet Balance ${ADDR} 54.81699450 + + [Teardown] Cleanup + +*** Keywords *** + +Cleanup + Get Docker Logs withdraw \ No newline at end of file