From b61dd7b39cc11ce0f628f253bb53b77afcfe8401 Mon Sep 17 00:00:00 2001 From: Andrey Berezin Date: Mon, 11 Mar 2024 19:34:54 +0300 Subject: [PATCH] [#206] Overhaul credentials work Signed-off-by: Andrey Berezin --- pytest_tests/helpers/container_access.py | 82 +++------ pytest_tests/helpers/object_access.py | 29 +--- pytest_tests/testsuites/acl/conftest.py | 51 ++---- pytest_tests/testsuites/acl/test_acl.py | 34 ++-- pytest_tests/testsuites/acl/test_bearer.py | 38 ++-- pytest_tests/testsuites/acl/test_eacl.py | 162 +++++++----------- .../testsuites/acl/test_eacl_filters.py | 80 ++++----- pytest_tests/testsuites/conftest.py | 57 +++--- .../testsuites/container/test_container.py | 11 +- .../failovers/test_failover_network.py | 15 +- .../failovers/test_failover_server.py | 12 +- .../failovers/test_failover_storage.py | 6 +- .../management/test_node_management.py | 13 +- .../testsuites/object/test_object_api.py | 29 ++-- .../object/test_object_api_bearer.py | 14 +- .../testsuites/object/test_object_lifetime.py | 3 +- .../testsuites/object/test_object_lock.py | 96 +++++------ .../replication/test_replication.py | 4 +- .../services/http_gate/test_http_bearer.py | 2 +- .../services/http_gate/test_http_headers.py | 2 +- .../services/s3_gate/test_s3_multipart.py | 3 +- .../services/s3_gate/test_s3_policy.py | 5 +- .../testsuites/session_token/conftest.py | 34 ++-- .../test_object_session_token.py | 10 +- .../test_static_object_session_token.py | 50 +++--- .../test_static_session_token_container.py | 30 ++-- .../testsuites/shard/test_control_shard.py | 6 +- 27 files changed, 384 insertions(+), 494 deletions(-) diff --git a/pytest_tests/helpers/container_access.py b/pytest_tests/helpers/container_access.py index dac73d5a..0c1416e2 100644 --- a/pytest_tests/helpers/container_access.py +++ b/pytest_tests/helpers/container_access.py @@ -3,6 +3,7 @@ from typing import List, Optional from frostfs_testlib.shell import Shell from frostfs_testlib.storage.cluster import Cluster from frostfs_testlib.storage.dataclasses.acl import EACLOperation +from frostfs_testlib.storage.dataclasses.wallet import WalletInfo from pytest_tests.helpers.object_access import ( can_delete_object, @@ -16,57 +17,47 @@ from pytest_tests.helpers.object_access import ( def check_full_access_to_container( - wallet: str, + wallet: WalletInfo, cid: str, oid: str, file_name: str, shell: Shell, cluster: Cluster, bearer: Optional[str] = None, - wallet_config: Optional[str] = None, xhdr: Optional[dict] = None, ): endpoint = cluster.default_rpc_endpoint - assert can_put_object(wallet, cid, file_name, shell, cluster, bearer, wallet_config, xhdr) - assert can_get_head_object(wallet, cid, oid, shell, endpoint, bearer, wallet_config, xhdr) - assert can_get_range_of_object(wallet, cid, oid, shell, endpoint, bearer, wallet_config, xhdr) - assert can_get_range_hash_of_object( - wallet, cid, oid, shell, endpoint, bearer, wallet_config, xhdr - ) - assert can_search_object(wallet, cid, shell, endpoint, oid, bearer, wallet_config, xhdr) - assert can_get_object(wallet, cid, oid, file_name, shell, cluster, bearer, wallet_config, xhdr) - assert can_delete_object(wallet, cid, oid, shell, endpoint, bearer, wallet_config, xhdr) + assert can_put_object(wallet, cid, file_name, shell, cluster, bearer, xhdr) + assert can_get_head_object(wallet, cid, oid, shell, endpoint, bearer, xhdr) + assert can_get_range_of_object(wallet, cid, oid, shell, endpoint, bearer, xhdr) + assert can_get_range_hash_of_object(wallet, cid, oid, shell, endpoint, bearer, xhdr) + assert can_search_object(wallet, cid, shell, endpoint, oid, bearer, xhdr) + assert can_get_object(wallet, cid, oid, file_name, shell, cluster, bearer, xhdr) + assert can_delete_object(wallet, cid, oid, shell, endpoint, bearer, xhdr) def check_no_access_to_container( - wallet: str, + wallet: WalletInfo, cid: str, oid: str, file_name: str, shell: Shell, cluster: Cluster, bearer: Optional[str] = None, - wallet_config: Optional[str] = None, xhdr: Optional[dict] = None, ): endpoint = cluster.default_rpc_endpoint - assert not can_put_object(wallet, cid, file_name, shell, cluster, bearer, wallet_config, xhdr) - assert not can_get_head_object(wallet, cid, oid, shell, endpoint, bearer, wallet_config, xhdr) - assert not can_get_range_of_object( - wallet, cid, oid, shell, endpoint, bearer, wallet_config, xhdr - ) - assert not can_get_range_hash_of_object( - wallet, cid, oid, shell, endpoint, bearer, wallet_config, xhdr - ) - assert not can_search_object(wallet, cid, shell, endpoint, oid, bearer, wallet_config, xhdr) - assert not can_get_object( - wallet, cid, oid, file_name, shell, cluster, bearer, wallet_config, xhdr - ) - assert not can_delete_object(wallet, cid, oid, shell, endpoint, bearer, wallet_config, xhdr) + assert not can_put_object(wallet, cid, file_name, shell, cluster, bearer, xhdr) + assert not can_get_head_object(wallet, cid, oid, shell, endpoint, bearer, xhdr) + assert not can_get_range_of_object(wallet, cid, oid, shell, endpoint, bearer, xhdr) + assert not can_get_range_hash_of_object(wallet, cid, oid, shell, endpoint, bearer, xhdr) + assert not can_search_object(wallet, cid, shell, endpoint, oid, bearer, xhdr) + assert not can_get_object(wallet, cid, oid, file_name, shell, cluster, bearer, xhdr) + assert not can_delete_object(wallet, cid, oid, shell, endpoint, bearer, xhdr) def check_custom_access_to_container( - wallet: str, + wallet: WalletInfo, cid: str, oid: str, file_name: str, @@ -75,7 +66,6 @@ def check_custom_access_to_container( deny_operations: Optional[List[EACLOperation]] = None, ignore_operations: Optional[List[EACLOperation]] = None, bearer: Optional[str] = None, - wallet_config: Optional[str] = None, xhdr: Optional[dict] = None, ): endpoint = cluster.default_rpc_endpoint @@ -83,56 +73,39 @@ def check_custom_access_to_container( ignore_operations = [op.value for op in ignore_operations or []] checks: dict = {} if EACLOperation.PUT.value not in ignore_operations: - checks[EACLOperation.PUT.value] = can_put_object( - wallet, cid, file_name, shell, cluster, bearer, wallet_config, xhdr - ) + checks[EACLOperation.PUT.value] = can_put_object(wallet, cid, file_name, shell, cluster, bearer, xhdr) if EACLOperation.HEAD.value not in ignore_operations: - checks[EACLOperation.HEAD.value] = can_get_head_object( - wallet, cid, oid, shell, endpoint, bearer, wallet_config, xhdr - ) + checks[EACLOperation.HEAD.value] = can_get_head_object(wallet, cid, oid, shell, endpoint, bearer, xhdr) if EACLOperation.GET_RANGE.value not in ignore_operations: - checks[EACLOperation.GET_RANGE.value] = can_get_range_of_object( - wallet, cid, oid, shell, endpoint, bearer, wallet_config, xhdr - ) + checks[EACLOperation.GET_RANGE.value] = can_get_range_of_object(wallet, cid, oid, shell, endpoint, bearer, xhdr) if EACLOperation.GET_RANGE_HASH.value not in ignore_operations: checks[EACLOperation.GET_RANGE_HASH.value] = can_get_range_hash_of_object( - wallet, cid, oid, shell, endpoint, bearer, wallet_config, xhdr + wallet, cid, oid, shell, endpoint, bearer, xhdr ) if EACLOperation.SEARCH.value not in ignore_operations: - checks[EACLOperation.SEARCH.value] = can_search_object( - wallet, cid, shell, endpoint, oid, bearer, wallet_config, xhdr - ) + checks[EACLOperation.SEARCH.value] = can_search_object(wallet, cid, shell, endpoint, oid, bearer, xhdr) if EACLOperation.GET.value not in ignore_operations: - checks[EACLOperation.GET.value] = can_get_object( - wallet, cid, oid, file_name, shell, cluster, bearer, wallet_config, xhdr - ) + checks[EACLOperation.GET.value] = can_get_object(wallet, cid, oid, file_name, shell, cluster, bearer, xhdr) if EACLOperation.DELETE.value not in ignore_operations: - checks[EACLOperation.DELETE.value] = can_delete_object( - wallet, cid, oid, shell, endpoint, bearer, wallet_config, xhdr - ) + checks[EACLOperation.DELETE.value] = can_delete_object(wallet, cid, oid, shell, endpoint, bearer, xhdr) failed_checks = [ f"allowed {action} failed" for action, success in checks.items() if not success and action not in deny_operations - ] + [ - f"denied {action} succeeded" - for action, success in checks.items() - if success and action in deny_operations - ] + ] + [f"denied {action} succeeded" for action, success in checks.items() if success and action in deny_operations] assert not failed_checks, ", ".join(failed_checks) def check_read_only_container( - wallet: str, + wallet: WalletInfo, cid: str, oid: str, file_name: str, shell: Shell, cluster: Cluster, bearer: Optional[str] = None, - wallet_config: Optional[str] = None, xhdr: Optional[dict] = None, ): return check_custom_access_to_container( @@ -142,7 +115,6 @@ def check_read_only_container( file_name, deny_operations=[EACLOperation.PUT, EACLOperation.DELETE], bearer=bearer, - wallet_config=wallet_config, xhdr=xhdr, shell=shell, cluster=cluster, diff --git a/pytest_tests/helpers/object_access.py b/pytest_tests/helpers/object_access.py index f4744400..7c00f80e 100644 --- a/pytest_tests/helpers/object_access.py +++ b/pytest_tests/helpers/object_access.py @@ -14,6 +14,7 @@ from frostfs_testlib.steps.cli.object import ( search_object, ) from frostfs_testlib.storage.cluster import Cluster +from frostfs_testlib.storage.dataclasses.wallet import WalletInfo from frostfs_testlib.utils import string_utils from frostfs_testlib.utils.file_utils import get_file_hash @@ -21,14 +22,13 @@ OPERATION_ERROR_TYPE = RuntimeError def can_get_object( - wallet: str, + wallet: WalletInfo, cid: str, oid: str, file_name: str, shell: Shell, cluster: Cluster, bearer: Optional[str] = None, - wallet_config: Optional[str] = None, xhdr: Optional[dict] = None, ) -> bool: with reporter.step("Try get object from container"): @@ -38,7 +38,6 @@ def can_get_object( cid, oid, bearer=bearer, - wallet_config=wallet_config, xhdr=xhdr, shell=shell, cluster=cluster, @@ -53,13 +52,12 @@ def can_get_object( def can_put_object( - wallet: str, + wallet: WalletInfo, cid: str, file_name: str, shell: Shell, cluster: Cluster, bearer: Optional[str] = None, - wallet_config: Optional[str] = None, xhdr: Optional[dict] = None, attributes: Optional[dict] = None, ) -> bool: @@ -70,7 +68,6 @@ def can_put_object( file_name, cid, bearer=bearer, - wallet_config=wallet_config, xhdr=xhdr, attributes=attributes, shell=shell, @@ -85,13 +82,12 @@ def can_put_object( def can_delete_object( - wallet: str, + wallet: WalletInfo, cid: str, oid: str, shell: Shell, endpoint: str, bearer: Optional[str] = None, - wallet_config: Optional[str] = None, xhdr: Optional[dict] = None, ) -> bool: with reporter.step("Try delete object from container"): @@ -101,7 +97,6 @@ def can_delete_object( cid, oid, bearer=bearer, - wallet_config=wallet_config, xhdr=xhdr, shell=shell, endpoint=endpoint, @@ -115,13 +110,12 @@ def can_delete_object( def can_get_head_object( - wallet: str, + wallet: WalletInfo, cid: str, oid: str, shell: Shell, endpoint: str, bearer: Optional[str] = None, - wallet_config: Optional[str] = None, xhdr: Optional[dict] = None, timeout: Optional[str] = CLI_DEFAULT_TIMEOUT, ) -> bool: @@ -132,7 +126,6 @@ def can_get_head_object( cid, oid, bearer=bearer, - wallet_config=wallet_config, xhdr=xhdr, shell=shell, endpoint=endpoint, @@ -147,13 +140,12 @@ def can_get_head_object( def can_get_range_of_object( - wallet: str, + wallet: WalletInfo, cid: str, oid: str, shell: Shell, endpoint: str, bearer: Optional[str] = None, - wallet_config: Optional[str] = None, xhdr: Optional[dict] = None, timeout: Optional[str] = CLI_DEFAULT_TIMEOUT, ) -> bool: @@ -165,7 +157,6 @@ def can_get_range_of_object( oid, bearer=bearer, range_cut="0:10", - wallet_config=wallet_config, xhdr=xhdr, shell=shell, endpoint=endpoint, @@ -180,13 +171,12 @@ def can_get_range_of_object( def can_get_range_hash_of_object( - wallet: str, + wallet: WalletInfo, cid: str, oid: str, shell: Shell, endpoint: str, bearer: Optional[str] = None, - wallet_config: Optional[str] = None, xhdr: Optional[dict] = None, timeout: Optional[str] = CLI_DEFAULT_TIMEOUT, ) -> bool: @@ -198,7 +188,6 @@ def can_get_range_hash_of_object( oid, bearer=bearer, range_cut="0:10", - wallet_config=wallet_config, xhdr=xhdr, shell=shell, endpoint=endpoint, @@ -213,13 +202,12 @@ def can_get_range_hash_of_object( def can_search_object( - wallet: str, + wallet: WalletInfo, cid: str, shell: Shell, endpoint: str, oid: Optional[str] = None, bearer: Optional[str] = None, - wallet_config: Optional[str] = None, xhdr: Optional[dict] = None, timeout: Optional[str] = CLI_DEFAULT_TIMEOUT, ) -> bool: @@ -229,7 +217,6 @@ def can_search_object( wallet, cid, bearer=bearer, - wallet_config=wallet_config, xhdr=xhdr, shell=shell, endpoint=endpoint, diff --git a/pytest_tests/testsuites/acl/conftest.py b/pytest_tests/testsuites/acl/conftest.py index 1c3f6e21..84e17016 100644 --- a/pytest_tests/testsuites/acl/conftest.py +++ b/pytest_tests/testsuites/acl/conftest.py @@ -1,11 +1,10 @@ import os -import uuid from dataclasses import dataclass -from typing import Optional +from datetime import datetime import pytest from frostfs_testlib import reporter -from frostfs_testlib.resources.common import DEFAULT_WALLET_CONFIG, DEFAULT_WALLET_PASS +from frostfs_testlib.credentials.interfaces import CredentialsProvider, User from frostfs_testlib.resources.wellknown_acl import PUBLIC_ACL from frostfs_testlib.shell import Shell from frostfs_testlib.steps.cli.container import create_container @@ -14,54 +13,40 @@ from frostfs_testlib.storage.cluster import Cluster from frostfs_testlib.storage.dataclasses.acl import EACLRole from frostfs_testlib.storage.dataclasses.frostfs_services import InnerRing, StorageNode from frostfs_testlib.storage.dataclasses.object_size import ObjectSize -from frostfs_testlib.utils import wallet_utils +from frostfs_testlib.storage.dataclasses.wallet import WalletInfo from frostfs_testlib.utils.file_utils import generate_file OBJECT_COUNT = 5 -@dataclass -class Wallet: - wallet_path: Optional[str] = None - config_path: Optional[str] = None - - @dataclass class Wallets: - wallets: dict[EACLRole, list[Wallet]] + wallets: dict[EACLRole, list[WalletInfo]] - def get_wallet(self, role: EACLRole = EACLRole.USER) -> Wallet: + def get_wallet(self, role: EACLRole = EACLRole.USER) -> WalletInfo: return self.wallets[role][0] - def get_wallets_list(self, role: EACLRole = EACLRole.USER) -> list[Wallet]: + def get_wallets_list(self, role: EACLRole = EACLRole.USER) -> list[WalletInfo]: return self.wallets[role] @pytest.fixture(scope="module") -def wallets(default_wallet: str, temp_directory: str, cluster: Cluster) -> Wallets: - other_wallets_paths = [os.path.join(temp_directory, f"{str(uuid.uuid4())}.json") for _ in range(2)] - for other_wallet_path in other_wallets_paths: - wallet_utils.init_wallet(other_wallet_path, DEFAULT_WALLET_PASS) +def wallets(default_wallet: WalletInfo, credentials_provider: CredentialsProvider, cluster: Cluster) -> Wallets: + other_wallets: list = [] + for _ in range(2): + user = User(f"user_{hex(int(datetime.now().timestamp() * 1000000))}") + other_wallets.append(credentials_provider.GRPC.provide(user, cluster.cluster_nodes[0])) ir_node: InnerRing = cluster.ir_nodes[0] storage_node: StorageNode = cluster.storage_nodes[0] - ir_wallet_path = ir_node.get_wallet_path() - ir_wallet_config = ir_node.get_wallet_config_path() - - storage_wallet_path = storage_node.get_wallet_path() - storage_wallet_config = storage_node.get_wallet_config_path() - wallets_collection = Wallets( wallets={ - EACLRole.USER: [Wallet(wallet_path=default_wallet, config_path=DEFAULT_WALLET_CONFIG)], - EACLRole.OTHERS: [ - Wallet(wallet_path=other_wallet_path, config_path=DEFAULT_WALLET_CONFIG) - for other_wallet_path in other_wallets_paths - ], + EACLRole.USER: [default_wallet], + EACLRole.OTHERS: other_wallets, EACLRole.SYSTEM: [ - Wallet(wallet_path=ir_wallet_path, config_path=ir_wallet_config), - Wallet(wallet_path=storage_wallet_path, config_path=storage_wallet_config), + WalletInfo.from_node(ir_node), + WalletInfo.from_node(storage_node), ], } ) @@ -70,7 +55,7 @@ def wallets(default_wallet: str, temp_directory: str, cluster: Cluster) -> Walle if role == EACLRole.SYSTEM: continue for wallet in wallets: - reporter.attach(wallet.wallet_path, os.path.basename(wallet.wallet_path)) + reporter.attach(wallet.path, os.path.basename(wallet.path)) return wallets_collection @@ -87,7 +72,7 @@ def eacl_container_with_objects( user_wallet = wallets.get_wallet() with reporter.step("Create eACL public container"): cid = create_container( - user_wallet.wallet_path, + user_wallet, basic_acl=PUBLIC_ACL, shell=client_shell, endpoint=cluster.default_rpc_endpoint, @@ -96,7 +81,7 @@ def eacl_container_with_objects( with reporter.step("Add test objects to container"): objects_oids = [ put_object_to_random_node( - user_wallet.wallet_path, + user_wallet, file_path, cid, attributes={"key1": "val1", "key": val, "key2": "abc"}, diff --git a/pytest_tests/testsuites/acl/test_acl.py b/pytest_tests/testsuites/acl/test_acl.py index aa608b4d..a50e29e0 100644 --- a/pytest_tests/testsuites/acl/test_acl.py +++ b/pytest_tests/testsuites/acl/test_acl.py @@ -22,11 +22,11 @@ from pytest_tests.testsuites.acl.conftest import Wallets @pytest.mark.acl_basic class TestACLBasic(ClusterTestBase): @pytest.fixture(scope="function") - def public_container(self, wallets): + def public_container(self, wallets: Wallets): user_wallet = wallets.get_wallet() with reporter.step("Create public container"): cid_public = create_container( - user_wallet.wallet_path, + user_wallet, basic_acl=PUBLIC_ACL_F, shell=self.shell, endpoint=self.cluster.default_rpc_endpoint, @@ -35,14 +35,14 @@ class TestACLBasic(ClusterTestBase): yield cid_public # with reporter.step('Delete public container'): - # delete_container(user_wallet.wallet_path, cid_public) + # delete_container(user_wallet, cid_public) @pytest.fixture(scope="function") def private_container(self, wallets: Wallets): user_wallet = wallets.get_wallet() with reporter.step("Create private container"): cid_private = create_container( - user_wallet.wallet_path, + user_wallet, basic_acl=PRIVATE_ACL_F, shell=self.shell, endpoint=self.cluster.default_rpc_endpoint, @@ -51,14 +51,14 @@ class TestACLBasic(ClusterTestBase): yield cid_private # with reporter.step('Delete private container'): - # delete_container(user_wallet.wallet_path, cid_private) + # delete_container(user_wallet, cid_private) @pytest.fixture(scope="function") def read_only_container(self, wallets: Wallets): user_wallet = wallets.get_wallet() with reporter.step("Create public readonly container"): cid_read_only = create_container( - user_wallet.wallet_path, + user_wallet, basic_acl=READONLY_ACL_F, shell=self.shell, endpoint=self.cluster.default_rpc_endpoint, @@ -67,7 +67,7 @@ class TestACLBasic(ClusterTestBase): yield cid_read_only # with reporter.step('Delete public readonly container'): - # delete_container(user_wallet.wallet_path, cid_read_only) + # delete_container(user_wallet, cid_read_only) @allure.title("Operations with basic ACL on public container (obj_size={object_size})") def test_basic_acl_public(self, wallets: Wallets, public_container: str, file_path: str): @@ -82,7 +82,7 @@ class TestACLBasic(ClusterTestBase): # We create new objects for each wallet because check_full_access_to_container # deletes the object owner_object_oid = put_object_to_random_node( - user_wallet.wallet_path, + user_wallet, file_path, cid, shell=self.shell, @@ -90,7 +90,7 @@ class TestACLBasic(ClusterTestBase): attributes={"created": "owner"}, ) other_object_oid = put_object_to_random_node( - other_wallet.wallet_path, + other_wallet, file_path, cid, shell=self.shell, @@ -99,7 +99,7 @@ class TestACLBasic(ClusterTestBase): ) with reporter.step(f"Check {desc} has full access to public container"): check_full_access_to_container( - wallet.wallet_path, + wallet, cid, owner_object_oid, file_path, @@ -107,7 +107,7 @@ class TestACLBasic(ClusterTestBase): cluster=self.cluster, ) check_full_access_to_container( - wallet.wallet_path, + wallet, cid, other_object_oid, file_path, @@ -125,13 +125,13 @@ class TestACLBasic(ClusterTestBase): cid = private_container with reporter.step("Add test objects to container"): owner_object_oid = put_object_to_random_node( - user_wallet.wallet_path, file_path, cid, shell=self.shell, cluster=self.cluster + user_wallet, file_path, cid, shell=self.shell, cluster=self.cluster ) with reporter.step("Check only owner has full access to private container"): with reporter.step("Check no one except owner has access to operations with container"): check_no_access_to_container( - other_wallet.wallet_path, + other_wallet, cid, owner_object_oid, file_path, @@ -141,7 +141,7 @@ class TestACLBasic(ClusterTestBase): with reporter.step("Check owner has full access to private container"): check_full_access_to_container( - user_wallet.wallet_path, + user_wallet, cid, owner_object_oid, file_path, @@ -160,12 +160,12 @@ class TestACLBasic(ClusterTestBase): with reporter.step("Add test objects to container"): object_oid = put_object_to_random_node( - user_wallet.wallet_path, file_path, cid, shell=client_shell, cluster=self.cluster + user_wallet, file_path, cid, shell=client_shell, cluster=self.cluster ) with reporter.step("Check other has read-only access to operations with container"): check_read_only_container( - other_wallet.wallet_path, + other_wallet, cid, object_oid, file_path, @@ -175,7 +175,7 @@ class TestACLBasic(ClusterTestBase): with reporter.step("Check owner has full access to public container"): check_full_access_to_container( - user_wallet.wallet_path, + user_wallet, cid, object_oid, file_path, diff --git a/pytest_tests/testsuites/acl/test_bearer.py b/pytest_tests/testsuites/acl/test_bearer.py index ecc20ca6..e0f5f8ad 100644 --- a/pytest_tests/testsuites/acl/test_bearer.py +++ b/pytest_tests/testsuites/acl/test_bearer.py @@ -32,11 +32,10 @@ class TestACLBearer(ClusterTestBase): with reporter.step(f"Check {role.value} has full access to container without bearer token"): check_full_access_to_container( - deny_wallet.wallet_path, + deny_wallet, cid, objects_oids.pop(), file_path, - wallet_config=deny_wallet.config_path, shell=self.shell, cluster=self.cluster, ) @@ -44,12 +43,12 @@ class TestACLBearer(ClusterTestBase): with reporter.step(f"Set deny all operations for {role.value} via eACL"): eacl = [EACLRule(access=EACLAccess.DENY, role=role, operation=op) for op in EACLOperation] eacl_file = create_eacl(cid, eacl, shell=self.shell) - set_eacl(user_wallet.wallet_path, cid, eacl_file, shell=self.shell, endpoint=endpoint) + set_eacl(user_wallet, cid, eacl_file, shell=self.shell, endpoint=endpoint) wait_for_cache_expired() with reporter.step(f"Create bearer token for {role.value} with all operations allowed"): bearer = form_bearertoken_file( - user_wallet.wallet_path, + user_wallet, cid, [EACLRule(operation=op, access=EACLAccess.ALLOW, role=role) for op in EACLOperation], shell=self.shell, @@ -58,23 +57,21 @@ class TestACLBearer(ClusterTestBase): with reporter.step(f"Check {role.value} without token has no access to all operations with container"): check_no_access_to_container( - deny_wallet.wallet_path, + deny_wallet, cid, objects_oids.pop(), file_path, - wallet_config=deny_wallet.config_path, shell=self.shell, cluster=self.cluster, ) with reporter.step(f"Check {role.value} with token has access to all operations with container"): check_full_access_to_container( - deny_wallet.wallet_path, + deny_wallet, cid, objects_oids.pop(), file_path, bearer=bearer, - wallet_config=deny_wallet.config_path, shell=self.shell, cluster=self.cluster, ) @@ -82,22 +79,21 @@ class TestACLBearer(ClusterTestBase): with reporter.step(f"Set allow all operations for {role.value} via eACL"): eacl = [EACLRule(access=EACLAccess.ALLOW, role=role, operation=op) for op in EACLOperation] eacl_file = create_eacl(cid, eacl, shell=self.shell) - set_eacl(user_wallet.wallet_path, cid, eacl_file, shell=self.shell, endpoint=endpoint) + set_eacl(user_wallet, cid, eacl_file, shell=self.shell, endpoint=endpoint) wait_for_cache_expired() with reporter.step(f"Check {role.value} without token has access to all operations with container"): check_full_access_to_container( - deny_wallet.wallet_path, + deny_wallet, cid, objects_oids.pop(), file_path, - wallet_config=deny_wallet.config_path, shell=self.shell, cluster=self.cluster, ) @allure.title("BearerToken for compound operations (obj_size={object_size})") - def test_bearer_token_compound_operations(self, wallets, eacl_container_with_objects): + def test_bearer_token_compound_operations(self, wallets: Wallets, eacl_container_with_objects): endpoint = self.cluster.default_rpc_endpoint cid, objects_oids, file_path = eacl_container_with_objects user_wallet = wallets.get_wallet() @@ -136,7 +132,7 @@ class TestACLBearer(ClusterTestBase): for role, operations in deny_map.items(): eacl_deny += [EACLRule(access=EACLAccess.DENY, role=role, operation=op) for op in operations] set_eacl( - user_wallet.wallet_path, + user_wallet, cid, eacl_table_path=create_eacl(cid, eacl_deny, shell=self.shell), shell=self.shell, @@ -146,29 +142,27 @@ class TestACLBearer(ClusterTestBase): with reporter.step("Check rule consistency without bearer"): check_custom_access_to_container( - user_wallet.wallet_path, + user_wallet, cid, objects_oids.pop(), file_path, deny_operations=deny_map[EACLRole.USER], - wallet_config=user_wallet.config_path, shell=self.shell, cluster=self.cluster, ) check_custom_access_to_container( - other_wallet.wallet_path, + other_wallet, cid, objects_oids.pop(), file_path, deny_operations=deny_map[EACLRole.OTHERS], - wallet_config=other_wallet.config_path, shell=self.shell, cluster=self.cluster, ) with reporter.step("Check rule consistency using bearer token"): bearer_user = form_bearertoken_file( - user_wallet.wallet_path, + user_wallet, cid, [ EACLRule(operation=op, access=EACLAccess.ALLOW, role=EACLRole.USER) @@ -179,7 +173,7 @@ class TestACLBearer(ClusterTestBase): ) bearer_other = form_bearertoken_file( - user_wallet.wallet_path, + user_wallet, cid, [ EACLRule(operation=op, access=EACLAccess.ALLOW, role=EACLRole.OTHERS) @@ -190,24 +184,22 @@ class TestACLBearer(ClusterTestBase): ) check_custom_access_to_container( - user_wallet.wallet_path, + user_wallet, cid, objects_oids.pop(), file_path, deny_operations=deny_map_with_bearer[EACLRole.USER], bearer=bearer_user, - wallet_config=user_wallet.config_path, shell=self.shell, cluster=self.cluster, ) check_custom_access_to_container( - other_wallet.wallet_path, + other_wallet, cid, objects_oids.pop(), file_path, deny_operations=deny_map_with_bearer[EACLRole.OTHERS], bearer=bearer_other, - wallet_config=other_wallet.config_path, shell=self.shell, cluster=self.cluster, ) diff --git a/pytest_tests/testsuites/acl/test_eacl.py b/pytest_tests/testsuites/acl/test_eacl.py index 8f3014ab..15310547 100644 --- a/pytest_tests/testsuites/acl/test_eacl.py +++ b/pytest_tests/testsuites/acl/test_eacl.py @@ -27,14 +27,14 @@ from pytest_tests.testsuites.acl.conftest import Wallets @pytest.mark.acl_extended class TestEACLContainer(ClusterTestBase): @pytest.fixture(scope="function") - def eacl_full_placement_container_with_object(self, wallets: Wallets, file_path: str) -> str: + def eacl_full_placement_container_with_object(self, wallets: Wallets, file_path: str) -> tuple[str, str, str]: user_wallet = wallets.get_wallet() storage_nodes = self.cluster.storage_nodes node_count = len(storage_nodes) with reporter.step("Create eACL public container with full placement rule"): full_placement_rule = f"REP {node_count} IN X CBF 1 SELECT {node_count} FROM * AS X" cid = create_container( - wallet=user_wallet.wallet_path, + wallet=user_wallet, rule=full_placement_rule, basic_acl=PUBLIC_ACL, shell=self.shell, @@ -42,9 +42,7 @@ class TestEACLContainer(ClusterTestBase): ) with reporter.step("Add test object to container"): - oid = put_object_to_random_node( - user_wallet.wallet_path, file_path, cid, shell=self.shell, cluster=self.cluster - ) + oid = put_object_to_random_node(user_wallet, file_path, cid, shell=self.shell, cluster=self.cluster) wait_object_replication( cid, oid, @@ -75,7 +73,7 @@ class TestEACLContainer(ClusterTestBase): with reporter.step(f"Deny all operations for {deny_role_str} via eACL"): eacl_deny = [EACLRule(access=EACLAccess.DENY, role=deny_role, operation=op) for op in EACLOperation] set_eacl( - user_wallet.wallet_path, + user_wallet, cid, create_eacl(cid, eacl_deny, shell=self.shell), shell=self.shell, @@ -86,7 +84,7 @@ class TestEACLContainer(ClusterTestBase): with reporter.step(f"Check only {not_deny_role_str} has full access to container"): with reporter.step(f"Check {deny_role_str} has not access to any operations with container"): check_no_access_to_container( - deny_role_wallet.wallet_path, + deny_role_wallet, cid, object_oids[0], file_path, @@ -96,7 +94,7 @@ class TestEACLContainer(ClusterTestBase): with reporter.step(f"Check {not_deny_role_wallet} has full access to eACL public container"): check_full_access_to_container( - not_deny_role_wallet.wallet_path, + not_deny_role_wallet, cid, object_oids.pop(), file_path, @@ -107,7 +105,7 @@ class TestEACLContainer(ClusterTestBase): with reporter.step(f"Allow all operations for {deny_role_str} via eACL"): eacl_deny = [EACLRule(access=EACLAccess.ALLOW, role=deny_role, operation=op) for op in EACLOperation] set_eacl( - user_wallet.wallet_path, + user_wallet, cid, create_eacl(cid, eacl_deny, shell=self.shell), shell=self.shell, @@ -117,7 +115,7 @@ class TestEACLContainer(ClusterTestBase): with reporter.step("Check all have full access to eACL public container"): check_full_access_to_container( - user_wallet.wallet_path, + user_wallet, cid, object_oids.pop(), file_path, @@ -125,7 +123,7 @@ class TestEACLContainer(ClusterTestBase): cluster=self.cluster, ) check_full_access_to_container( - other_wallet.wallet_path, + other_wallet, cid, object_oids.pop(), file_path, @@ -145,14 +143,14 @@ class TestEACLContainer(ClusterTestBase): eacl = [ EACLRule( access=EACLAccess.ALLOW, - role=other_wallet_allow.wallet_path, + role=other_wallet_allow, operation=op, ) for op in EACLOperation ] eacl += [EACLRule(access=EACLAccess.DENY, role=EACLRole.OTHERS, operation=op) for op in EACLOperation] set_eacl( - user_wallet.wallet_path, + user_wallet, cid, create_eacl(cid, eacl, shell=self.shell), shell=self.shell, @@ -163,7 +161,7 @@ class TestEACLContainer(ClusterTestBase): with reporter.step("Check only owner and allowed other have full access to public container"): with reporter.step("Check other has not access to operations with container"): check_no_access_to_container( - other_wallet.wallet_path, + other_wallet, cid, object_oids[0], file_path, @@ -173,7 +171,7 @@ class TestEACLContainer(ClusterTestBase): with reporter.step("Check owner has full access to public container"): check_full_access_to_container( - user_wallet.wallet_path, + user_wallet, cid, object_oids.pop(), file_path, @@ -183,7 +181,7 @@ class TestEACLContainer(ClusterTestBase): with reporter.step("Check allowed other has full access to public container"): check_full_access_to_container( - other_wallet_allow.wallet_path, + other_wallet_allow, cid, object_oids.pop(), file_path, @@ -206,7 +204,7 @@ class TestEACLContainer(ClusterTestBase): eacl_deny = [EACLRule(access=EACLAccess.DENY, role=EACLRole.USER, operation=op) for op in EACLOperation] eacl_deny += [EACLRule(access=EACLAccess.DENY, role=EACLRole.OTHERS, operation=op) for op in EACLOperation] set_eacl( - user_wallet.wallet_path, + user_wallet, cid, create_eacl(cid, eacl_deny, shell=self.shell), shell=self.shell, @@ -237,134 +235,120 @@ class TestEACLContainer(ClusterTestBase): with reporter.step("Check IR and STORAGE rules compliance"): assert not can_put_object( - ir_wallet.wallet_path, + ir_wallet, cid, file_path, shell=self.shell, cluster=self.cluster, - wallet_config=ir_wallet.config_path, ) assert can_put_object( - storage_wallet.wallet_path, + storage_wallet, cid, file_path, shell=self.shell, cluster=self.cluster, - wallet_config=storage_wallet.config_path, ) assert can_get_object( - ir_wallet.wallet_path, + ir_wallet, cid, object_oids[0], file_path, shell=self.shell, cluster=self.cluster, - wallet_config=ir_wallet.config_path, ) assert can_get_object( - storage_wallet.wallet_path, + storage_wallet, cid, object_oids[0], file_path, shell=self.shell, cluster=self.cluster, - wallet_config=storage_wallet.config_path, ) assert can_get_head_object( - ir_wallet.wallet_path, + ir_wallet, cid, object_oids[0], shell=self.shell, endpoint=endpoint, - wallet_config=ir_wallet.config_path, ) assert can_get_head_object( - storage_wallet.wallet_path, + storage_wallet, cid, object_oids[0], shell=self.shell, endpoint=endpoint, - wallet_config=storage_wallet.config_path, ) assert can_search_object( - ir_wallet.wallet_path, + ir_wallet, cid, shell=self.shell, endpoint=endpoint, oid=object_oids[0], - wallet_config=ir_wallet.config_path, ) assert can_search_object( - storage_wallet.wallet_path, + storage_wallet, cid, shell=self.shell, endpoint=endpoint, oid=object_oids[0], - wallet_config=storage_wallet.config_path, ) with pytest.raises(AssertionError): assert can_get_range_of_object( - wallet=ir_wallet.wallet_path, + wallet=ir_wallet, cid=cid, oid=object_oids[0], shell=self.shell, endpoint=endpoint, - wallet_config=ir_wallet.config_path, ) with pytest.raises(AssertionError): assert can_get_range_of_object( - wallet=storage_wallet.wallet_path, + wallet=storage_wallet, cid=cid, oid=object_oids[0], shell=self.shell, endpoint=endpoint, - wallet_config=storage_wallet.config_path, ) assert can_get_range_hash_of_object( - wallet=ir_wallet.wallet_path, + wallet=ir_wallet, cid=cid, oid=object_oids[0], shell=self.shell, endpoint=endpoint, - wallet_config=ir_wallet.config_path, ) assert can_get_range_hash_of_object( - wallet=storage_wallet.wallet_path, + wallet=storage_wallet, cid=cid, oid=object_oids[0], shell=self.shell, endpoint=endpoint, - wallet_config=storage_wallet.config_path, ) with pytest.raises(AssertionError): assert can_delete_object( - wallet=ir_wallet.wallet_path, + wallet=ir_wallet, cid=cid, oid=object_oids[0], shell=self.shell, endpoint=endpoint, - wallet_config=ir_wallet.config_path, ) with pytest.raises(AssertionError): assert can_delete_object( - wallet=storage_wallet.wallet_path, + wallet=storage_wallet, cid=cid, oid=object_oids[0], shell=self.shell, endpoint=endpoint, - wallet_config=storage_wallet.config_path, ) with reporter.step("Deny all operations for SYSTEM via eACL"): set_eacl( - user_wallet.wallet_path, + user_wallet, cid, create_eacl( cid=cid, @@ -380,141 +364,127 @@ class TestEACLContainer(ClusterTestBase): with reporter.step("Check IR and STORAGE rules compliance with deny eACL"): assert not can_put_object( - wallet=ir_wallet.wallet_path, + wallet=ir_wallet, cid=cid, file_name=file_path, shell=self.shell, cluster=self.cluster, - wallet_config=ir_wallet.config_path, ) assert not can_put_object( - wallet=storage_wallet.wallet_path, + wallet=storage_wallet, cid=cid, file_name=file_path, shell=self.shell, cluster=self.cluster, - wallet_config=storage_wallet.config_path, ) with pytest.raises(AssertionError): assert can_get_object( - wallet=ir_wallet.wallet_path, + wallet=ir_wallet, cid=cid, oid=object_oids[0], file_name=file_path, shell=self.shell, cluster=self.cluster, - wallet_config=ir_wallet.config_path, ) with pytest.raises(AssertionError): assert can_get_object( - wallet=storage_wallet.wallet_path, + wallet=storage_wallet, cid=cid, oid=object_oids[0], file_name=file_path, shell=self.shell, cluster=self.cluster, - wallet_config=storage_wallet.config_path, ) with pytest.raises(AssertionError): assert can_get_head_object( - wallet=ir_wallet.wallet_path, + wallet=ir_wallet, cid=cid, oid=object_oids[0], shell=self.shell, endpoint=endpoint, - wallet_config=ir_wallet.config_path, ) with pytest.raises(AssertionError): assert can_get_head_object( - wallet=storage_wallet.wallet_path, + wallet=storage_wallet, cid=cid, oid=object_oids[0], shell=self.shell, endpoint=endpoint, - wallet_config=storage_wallet.config_path, ) with pytest.raises(AssertionError): assert can_search_object( - wallet=ir_wallet.wallet_path, + wallet=ir_wallet, cid=cid, shell=self.shell, endpoint=endpoint, oid=object_oids[0], - wallet_config=ir_wallet.config_path, ) with pytest.raises(AssertionError): assert can_search_object( - wallet=storage_wallet.wallet_path, + wallet=storage_wallet, cid=cid, shell=self.shell, endpoint=endpoint, oid=object_oids[0], - wallet_config=storage_wallet.config_path, ) with pytest.raises(AssertionError): assert can_get_range_of_object( - wallet=ir_wallet.wallet_path, + wallet=ir_wallet, cid=cid, oid=object_oids[0], shell=self.shell, endpoint=endpoint, - wallet_config=ir_wallet.config_path, ) with pytest.raises(AssertionError): assert can_get_range_of_object( - wallet=storage_wallet.wallet_path, + wallet=storage_wallet, cid=cid, oid=object_oids[0], shell=self.shell, endpoint=endpoint, - wallet_config=storage_wallet.config_path, ) with pytest.raises(AssertionError): assert can_get_range_hash_of_object( - wallet=ir_wallet.wallet_path, + wallet=ir_wallet, cid=cid, oid=object_oids[0], shell=self.shell, endpoint=endpoint, - wallet_config=ir_wallet.config_path, ) with pytest.raises(AssertionError): assert can_get_range_hash_of_object( - wallet=storage_wallet.wallet_path, + wallet=storage_wallet, cid=cid, oid=object_oids[0], shell=self.shell, endpoint=endpoint, - wallet_config=storage_wallet.config_path, ) with pytest.raises(AssertionError): assert can_delete_object( - wallet=ir_wallet.wallet_path, + wallet=ir_wallet, cid=cid, oid=object_oids[0], shell=self.shell, endpoint=endpoint, - wallet_config=ir_wallet.config_path, ) with pytest.raises(AssertionError): assert can_delete_object( - wallet=storage_wallet.wallet_path, + wallet=storage_wallet, cid=cid, oid=object_oids[0], shell=self.shell, endpoint=endpoint, - wallet_config=storage_wallet.config_path, ) with reporter.step("Allow all operations for SYSTEM via eACL"): set_eacl( - user_wallet.wallet_path, + user_wallet, cid, create_eacl( cid=cid, @@ -530,127 +500,113 @@ class TestEACLContainer(ClusterTestBase): with reporter.step("Check IR and STORAGE rules compliance with allow eACL"): assert not can_put_object( - wallet=ir_wallet.wallet_path, + wallet=ir_wallet, cid=cid, file_name=file_path, shell=self.shell, cluster=self.cluster, - wallet_config=ir_wallet.config_path, ) assert can_put_object( - wallet=storage_wallet.wallet_path, + wallet=storage_wallet, cid=cid, file_name=file_path, shell=self.shell, cluster=self.cluster, - wallet_config=storage_wallet.config_path, ) assert can_get_object( - wallet=ir_wallet.wallet_path, + wallet=ir_wallet, cid=cid, oid=object_oids[0], file_name=file_path, shell=self.shell, cluster=self.cluster, - wallet_config=ir_wallet.config_path, ) assert can_get_object( - wallet=storage_wallet.wallet_path, + wallet=storage_wallet, cid=cid, oid=object_oids[0], file_name=file_path, shell=self.shell, cluster=self.cluster, - wallet_config=storage_wallet.config_path, ) assert can_get_head_object( - wallet=ir_wallet.wallet_path, + wallet=ir_wallet, cid=cid, oid=object_oids[0], shell=self.shell, endpoint=endpoint, - wallet_config=ir_wallet.config_path, ) assert can_get_head_object( - wallet=storage_wallet.wallet_path, + wallet=storage_wallet, cid=cid, oid=object_oids[0], shell=self.shell, endpoint=endpoint, - wallet_config=storage_wallet.config_path, ) assert can_search_object( - wallet=ir_wallet.wallet_path, + wallet=ir_wallet, cid=cid, shell=self.shell, oid=object_oids[0], endpoint=endpoint, - wallet_config=ir_wallet.config_path, ) assert can_search_object( - wallet=storage_wallet.wallet_path, + wallet=storage_wallet, cid=cid, shell=self.shell, oid=object_oids[0], endpoint=endpoint, - wallet_config=storage_wallet.config_path, ) with pytest.raises(AssertionError): assert can_get_range_of_object( - wallet=ir_wallet.wallet_path, + wallet=ir_wallet, cid=cid, oid=object_oids[0], shell=self.shell, endpoint=endpoint, - wallet_config=ir_wallet.config_path, ) with pytest.raises(AssertionError): assert can_get_range_of_object( - wallet=storage_wallet.wallet_path, + wallet=storage_wallet, cid=cid, oid=object_oids[0], shell=self.shell, endpoint=endpoint, - wallet_config=storage_wallet.config_path, ) assert can_get_range_hash_of_object( - wallet=ir_wallet.wallet_path, + wallet=ir_wallet, cid=cid, oid=object_oids[0], shell=self.shell, endpoint=endpoint, - wallet_config=ir_wallet.config_path, ) assert can_get_range_hash_of_object( - wallet=storage_wallet.wallet_path, + wallet=storage_wallet, cid=cid, oid=object_oids[0], shell=self.shell, endpoint=endpoint, - wallet_config=storage_wallet.config_path, ) with pytest.raises(AssertionError): assert can_delete_object( - wallet=ir_wallet.wallet_path, + wallet=ir_wallet, cid=cid, oid=object_oids[0], shell=self.shell, endpoint=endpoint, - wallet_config=ir_wallet.config_path, ) with pytest.raises(AssertionError): assert can_delete_object( - wallet=storage_wallet.wallet_path, + wallet=storage_wallet, cid=cid, oid=object_oids[0], shell=self.shell, endpoint=endpoint, - wallet_config=storage_wallet.config_path, ) diff --git a/pytest_tests/testsuites/acl/test_eacl_filters.py b/pytest_tests/testsuites/acl/test_eacl_filters.py index edb7e061..e7932d42 100644 --- a/pytest_tests/testsuites/acl/test_eacl_filters.py +++ b/pytest_tests/testsuites/acl/test_eacl_filters.py @@ -64,7 +64,7 @@ class TestEACLFilters(ClusterTestBase): user_wallet = wallets.get_wallet() with reporter.step("Create eACL public container"): cid = create_container( - user_wallet.wallet_path, + user_wallet, basic_acl=PUBLIC_ACL, shell=self.shell, endpoint=self.cluster.default_rpc_endpoint, @@ -73,7 +73,7 @@ class TestEACLFilters(ClusterTestBase): with reporter.step("Add test objects to container"): objects_with_header = [ put_object_to_random_node( - user_wallet.wallet_path, + user_wallet, file_path, cid, shell=self.shell, @@ -85,7 +85,7 @@ class TestEACLFilters(ClusterTestBase): objects_with_other_header = [ put_object_to_random_node( - user_wallet.wallet_path, + user_wallet, file_path, cid, shell=self.shell, @@ -97,7 +97,7 @@ class TestEACLFilters(ClusterTestBase): objects_without_header = [ put_object_to_random_node( - user_wallet.wallet_path, + user_wallet, file_path, cid, shell=self.shell, @@ -110,7 +110,7 @@ class TestEACLFilters(ClusterTestBase): with reporter.step("Delete eACL public container"): delete_container( - user_wallet.wallet_path, + user_wallet, cid, shell=self.shell, endpoint=self.cluster.default_rpc_endpoint, @@ -148,7 +148,7 @@ class TestEACLFilters(ClusterTestBase): for op in EACLOperation ] set_eacl( - user_wallet.wallet_path, + user_wallet, cid, create_eacl(cid, eacl_deny, shell=self.shell), shell=self.shell, @@ -171,7 +171,7 @@ class TestEACLFilters(ClusterTestBase): ): with reporter.step("Check other has full access when sending request without headers"): check_full_access_to_container( - other_wallet.wallet_path, + other_wallet, cid, oid.pop(), file_path, @@ -181,7 +181,7 @@ class TestEACLFilters(ClusterTestBase): with reporter.step("Check other has full access when sending request with allowed headers"): check_full_access_to_container( - other_wallet.wallet_path, + other_wallet, cid, oid.pop(), file_path, @@ -192,7 +192,7 @@ class TestEACLFilters(ClusterTestBase): with reporter.step("Check other has no access when sending request with denied headers"): check_no_access_to_container( - other_wallet.wallet_path, + other_wallet, cid, oid.pop(), file_path, @@ -205,14 +205,14 @@ class TestEACLFilters(ClusterTestBase): "Check other has full access when sending request " "with denied headers and using bearer token" ): bearer_other = form_bearertoken_file( - user_wallet.wallet_path, + user_wallet, cid, [EACLRule(operation=op, access=EACLAccess.ALLOW, role=EACLRole.OTHERS) for op in EACLOperation], shell=self.shell, endpoint=self.cluster.default_rpc_endpoint, ) check_full_access_to_container( - other_wallet.wallet_path, + other_wallet, cid, oid.pop(), file_path, @@ -253,7 +253,7 @@ class TestEACLFilters(ClusterTestBase): for op in self.OBJECT_ATTRIBUTES_FILTER_SUPPORTED_OPERATIONS ] set_eacl( - user_wallet.wallet_path, + user_wallet, cid, create_eacl(cid, eacl_deny, shell=self.shell), shell=self.shell, @@ -270,7 +270,7 @@ class TestEACLFilters(ClusterTestBase): for xhdr in (self.ATTRIBUTE, self.OTHER_ATTRIBUTE, None): with reporter.step("Check other have full access to objects without attributes"): check_full_access_to_container( - other_wallet.wallet_path, + other_wallet, cid, objs_without_header.pop(), file_path, @@ -281,7 +281,7 @@ class TestEACLFilters(ClusterTestBase): with reporter.step("Check other have full access to objects without deny attribute"): check_full_access_to_container( - other_wallet.wallet_path, + other_wallet, cid, allow_objects.pop(), file_path, @@ -293,7 +293,7 @@ class TestEACLFilters(ClusterTestBase): with reporter.step("Check other have no access to objects with deny attribute"): with pytest.raises(AssertionError): assert can_get_head_object( - other_wallet.wallet_path, + other_wallet, cid, deny_objects[0], shell=self.shell, @@ -302,7 +302,7 @@ class TestEACLFilters(ClusterTestBase): ) with pytest.raises(AssertionError): assert can_get_object( - other_wallet.wallet_path, + other_wallet, cid, deny_objects[0], file_path, @@ -313,7 +313,7 @@ class TestEACLFilters(ClusterTestBase): with reporter.step("Check other have access to objects with deny attribute and using bearer token"): bearer_other = form_bearertoken_file( - user_wallet.wallet_path, + user_wallet, cid, [ EACLRule( @@ -327,7 +327,7 @@ class TestEACLFilters(ClusterTestBase): endpoint=self.cluster.default_rpc_endpoint, ) check_full_access_to_container( - other_wallet.wallet_path, + other_wallet, cid, deny_objects.pop(), file_path, @@ -340,20 +340,20 @@ class TestEACLFilters(ClusterTestBase): allow_attribute = self.OTHER_ATTRIBUTE if match_type == EACLMatchType.STRING_EQUAL else self.ATTRIBUTE with reporter.step("Check other can PUT objects without denied attribute"): assert can_put_object( - other_wallet.wallet_path, + other_wallet, cid, file_path, shell=self.shell, cluster=self.cluster, attributes=allow_attribute, ) - assert can_put_object(other_wallet.wallet_path, cid, file_path, shell=self.shell, cluster=self.cluster) + assert can_put_object(other_wallet, cid, file_path, shell=self.shell, cluster=self.cluster) deny_attribute = self.ATTRIBUTE if match_type == EACLMatchType.STRING_EQUAL else self.OTHER_ATTRIBUTE with reporter.step("Check other can not PUT objects with denied attribute"): with pytest.raises(AssertionError): assert can_put_object( - other_wallet.wallet_path, + other_wallet, cid, file_path, shell=self.shell, @@ -363,7 +363,7 @@ class TestEACLFilters(ClusterTestBase): with reporter.step("Check other can PUT objects with denied attribute and using bearer token"): bearer_other_for_put = form_bearertoken_file( - user_wallet.wallet_path, + user_wallet, cid, [ EACLRule( @@ -376,7 +376,7 @@ class TestEACLFilters(ClusterTestBase): endpoint=self.cluster.default_rpc_endpoint, ) assert can_put_object( - other_wallet.wallet_path, + other_wallet, cid, file_path, shell=self.shell, @@ -419,7 +419,7 @@ class TestEACLFilters(ClusterTestBase): for op in self.OBJECT_ATTRIBUTES_FILTER_SUPPORTED_OPERATIONS ] set_eacl( - user_wallet.wallet_path, + user_wallet, cid, create_eacl(cid, eacl, shell=self.shell), shell=self.shell, @@ -442,7 +442,7 @@ class TestEACLFilters(ClusterTestBase): oid = objects_without_header.pop() with pytest.raises(AssertionError): assert can_get_head_object( - other_wallet.wallet_path, + other_wallet, cid, oid, shell=self.shell, @@ -450,7 +450,7 @@ class TestEACLFilters(ClusterTestBase): ) with pytest.raises(AssertionError): assert can_get_object( - other_wallet.wallet_path, + other_wallet, cid, oid, file_path, @@ -458,11 +458,11 @@ class TestEACLFilters(ClusterTestBase): cluster=self.cluster, ) with pytest.raises(AssertionError): - assert can_put_object(other_wallet.wallet_path, cid, file_path, shell=self.shell, cluster=self.cluster) + assert can_put_object(other_wallet, cid, file_path, shell=self.shell, cluster=self.cluster) with reporter.step("Check other can get and put objects without attributes and using bearer token"): bearer_other = form_bearertoken_file( - user_wallet.wallet_path, + user_wallet, cid, [ EACLRule( @@ -476,7 +476,7 @@ class TestEACLFilters(ClusterTestBase): endpoint=self.cluster.default_rpc_endpoint, ) assert can_get_head_object( - other_wallet.wallet_path, + other_wallet, cid, objects_without_header[0], shell=self.shell, @@ -484,7 +484,7 @@ class TestEACLFilters(ClusterTestBase): bearer=bearer_other, ) assert can_get_object( - other_wallet.wallet_path, + other_wallet, cid, objects_without_header[0], file_path, @@ -493,7 +493,7 @@ class TestEACLFilters(ClusterTestBase): bearer=bearer_other, ) assert can_put_object( - other_wallet.wallet_path, + other_wallet, cid, file_path, shell=self.shell, @@ -504,14 +504,14 @@ class TestEACLFilters(ClusterTestBase): with reporter.step("Check other can get objects with attributes matching the filter"): oid = allow_objects.pop() assert can_get_head_object( - other_wallet.wallet_path, + other_wallet, cid, oid, shell=self.shell, endpoint=self.cluster.default_rpc_endpoint, ) assert can_get_object( - other_wallet.wallet_path, + other_wallet, cid, oid, file_path, @@ -519,7 +519,7 @@ class TestEACLFilters(ClusterTestBase): cluster=self.cluster, ) assert can_put_object( - other_wallet.wallet_path, + other_wallet, cid, file_path, shell=self.shell, @@ -530,7 +530,7 @@ class TestEACLFilters(ClusterTestBase): with reporter.step("Check other cannot get objects without attributes matching the filter"): with pytest.raises(AssertionError): assert can_get_head_object( - other_wallet.wallet_path, + other_wallet, cid, deny_objects[0], shell=self.shell, @@ -538,7 +538,7 @@ class TestEACLFilters(ClusterTestBase): ) with pytest.raises(AssertionError): assert can_get_object( - other_wallet.wallet_path, + other_wallet, cid, deny_objects[0], file_path, @@ -547,7 +547,7 @@ class TestEACLFilters(ClusterTestBase): ) with pytest.raises(AssertionError): assert can_put_object( - other_wallet.wallet_path, + other_wallet, cid, file_path, attributes=deny_attribute, @@ -560,7 +560,7 @@ class TestEACLFilters(ClusterTestBase): ): oid = deny_objects.pop() assert can_get_head_object( - other_wallet.wallet_path, + other_wallet, cid, oid, shell=self.shell, @@ -568,7 +568,7 @@ class TestEACLFilters(ClusterTestBase): bearer=bearer_other, ) assert can_get_object( - other_wallet.wallet_path, + other_wallet, cid, oid, file_path, @@ -577,7 +577,7 @@ class TestEACLFilters(ClusterTestBase): bearer=bearer_other, ) assert can_put_object( - other_wallet.wallet_path, + other_wallet, cid, file_path, shell=self.shell, diff --git a/pytest_tests/testsuites/conftest.py b/pytest_tests/testsuites/conftest.py index ce85d623..20acd485 100644 --- a/pytest_tests/testsuites/conftest.py +++ b/pytest_tests/testsuites/conftest.py @@ -11,7 +11,7 @@ import pytest import yaml from dateutil import parser from frostfs_testlib import plugins, reporter -from frostfs_testlib.credentials.interfaces import CredentialsProvider +from frostfs_testlib.credentials.interfaces import CredentialsProvider, User from frostfs_testlib.healthcheck.interfaces import Healthcheck from frostfs_testlib.hosting import Hosting from frostfs_testlib.reporter import AllureHandler, StepsLogger @@ -19,7 +19,6 @@ from frostfs_testlib.resources.common import ( ASSETS_DIR, COMPLEX_OBJECT_CHUNKS_COUNT, COMPLEX_OBJECT_TAIL_SIZE, - DEFAULT_WALLET_PASS, SIMPLE_OBJECT_SIZE, ) from frostfs_testlib.s3 import AwsCliClient, Boto3ClientWrapper, S3ClientWrapper, VersioningStatus @@ -31,7 +30,7 @@ from frostfs_testlib.storage.cluster import Cluster, ClusterNode from frostfs_testlib.storage.controllers.cluster_state_controller import ClusterStateController from frostfs_testlib.storage.dataclasses.frostfs_services import StorageNode from frostfs_testlib.storage.dataclasses.object_size import ObjectSize -from frostfs_testlib.storage.dataclasses.wallet import WalletFactory, WalletInfo +from frostfs_testlib.storage.dataclasses.wallet import WalletInfo from frostfs_testlib.testing.cluster_test_base import ClusterTestBase from frostfs_testlib.testing.parallel import parallel from frostfs_testlib.testing.test_control import wait_for_success @@ -174,9 +173,9 @@ def require_multiple_interfaces(cluster: Cluster): @pytest.fixture(scope="session") def max_object_size(cluster: Cluster, client_shell: Shell) -> int: storage_node = cluster.storage_nodes[0] + wallet = WalletInfo.from_node(storage_node) net_info = get_netmap_netinfo( - wallet=storage_node.get_wallet_path(), - wallet_config=storage_node.get_wallet_config_path(), + wallet=wallet, endpoint=storage_node.get_rpc_endpoint(), shell=client_shell, ) @@ -210,11 +209,6 @@ def object_size( return complex_object_size -@pytest.fixture(scope="session") -def wallet_factory(temp_directory: str, client_shell: Shell, cluster: Cluster) -> WalletFactory: - return WalletFactory(temp_directory, client_shell, cluster) - - @pytest.fixture(scope="session") def cluster(temp_directory: str, hosting: Hosting, client_shell: Shell) -> Cluster: cluster = Cluster(hosting) @@ -253,6 +247,11 @@ def cluster_state_controller(client_shell: Shell, cluster: Cluster, healthcheck: yield controller +@pytest.fixture(scope="session") +def credentials_provider(cluster: Cluster) -> CredentialsProvider: + return CredentialsProvider(cluster) + + @reporter.step("[Class]: Create S3 client") @pytest.fixture( scope="class", @@ -262,25 +261,19 @@ def cluster_state_controller(client_shell: Shell, cluster: Cluster, healthcheck: ], ) def s3_client( - default_wallet: str, - client_shell: Shell, + default_user: User, s3_policy: Optional[str], cluster: Cluster, request: pytest.FixtureRequest, + credentials_provider: CredentialsProvider, ) -> S3ClientWrapper: - wallet = WalletInfo(path=default_wallet, password=DEFAULT_WALLET_PASS) node = cluster.cluster_nodes[0] - - credentials_provider = CredentialsProvider(node.host.config.s3_creds_plugin_name) - credentials_provider.stash["cluster"] = cluster - credentials_provider.stash["wallet"] = wallet - credentials_provider.stash["shell"] = client_shell - credentials_provider.stash["location_constraints"] = s3_policy - - access_key_id, secret_access_key = credentials_provider.S3.provide(node) + credentials_provider.S3.provide(default_user, node, s3_policy) s3_client_cls = request.param - client = s3_client_cls(access_key_id, secret_access_key, cluster.default_s3_gate_endpoint) + client = s3_client_cls( + default_user.s3_credentials.access_key, default_user.s3_credentials.secret_key, cluster.default_s3_gate_endpoint + ) return client @@ -405,12 +398,22 @@ def run_health_check(healthcheck: Healthcheck, cluster: Cluster, request: pytest parallel(healthcheck.storage_healthcheck, cluster.cluster_nodes) -@reporter.step("Prepare wallet and deposit") +@reporter.step("Prepare default user with wallet") @pytest.fixture(scope="session") -def default_wallet(wallet_factory: WalletFactory) -> str: - wallet = wallet_factory.create_wallet(password=DEFAULT_WALLET_PASS) - reporter.attach(wallet.path, os.path.basename(wallet.path)) - return wallet.path +def default_user(credentials_provider: CredentialsProvider, cluster: Cluster) -> User: + # always unique username + user = User(f"user_{hex(int(datetime.now().timestamp() * 1000000))}") + node = cluster.cluster_nodes[0] + + credentials_provider.GRPC.provide(user, node) + + return user + + +@reporter.step("Get wallet for default user") +@pytest.fixture(scope="session") +def default_wallet(default_user: User) -> WalletInfo: + return default_user.wallet @pytest.fixture() diff --git a/pytest_tests/testsuites/container/test_container.py b/pytest_tests/testsuites/container/test_container.py index c3bbcac4..8dc07699 100644 --- a/pytest_tests/testsuites/container/test_container.py +++ b/pytest_tests/testsuites/container/test_container.py @@ -1,5 +1,3 @@ -import json - import allure import pytest from frostfs_testlib import reporter @@ -12,6 +10,7 @@ from frostfs_testlib.steps.cli.container import ( wait_for_container_creation, wait_for_container_deletion, ) +from frostfs_testlib.storage.dataclasses.wallet import WalletInfo from frostfs_testlib.testing.cluster_test_base import ClusterTestBase from pytest_tests.helpers.utility import placement_policy_from_container @@ -22,13 +21,11 @@ from pytest_tests.helpers.utility import placement_policy_from_container class TestContainer(ClusterTestBase): @pytest.mark.parametrize("name", ["", "test-container"], ids=["No name", "Set particular name"]) @pytest.mark.smoke - def test_container_creation(self, default_wallet: str, name: str): + def test_container_creation(self, default_wallet: WalletInfo, name: str): scenario_title = "with name" if name else "without name" allure.dynamic.title(f"Create container {scenario_title}") wallet = default_wallet - with open(wallet) as file: - json_wallet = json.load(file) placement_rule = "REP 2 IN X CBF 1 SELECT 2 FROM * AS X" cid = create_container( @@ -53,7 +50,7 @@ class TestContainer(ClusterTestBase): info_to_check = { f"basic ACL: {PRIVATE_ACL_F} (private)", - f"owner ID: {json_wallet.get('accounts')[0].get('address')}", + f"owner ID: {wallet.get_address_from_json(0)}", f"CID: {cid}", } if name: @@ -82,7 +79,7 @@ class TestContainer(ClusterTestBase): wait_for_container_deletion(wallet, cid, shell=self.shell, endpoint=self.cluster.default_rpc_endpoint) @allure.title("Parallel container creation and deletion") - def test_container_creation_deletion_parallel(self, default_wallet: str): + def test_container_creation_deletion_parallel(self, default_wallet: WalletInfo): containers_count = 3 wallet = default_wallet placement_rule = "REP 2 IN X CBF 1 SELECT 2 FROM * AS X" diff --git a/pytest_tests/testsuites/failovers/test_failover_network.py b/pytest_tests/testsuites/failovers/test_failover_network.py index 833771ba..5c141582 100644 --- a/pytest_tests/testsuites/failovers/test_failover_network.py +++ b/pytest_tests/testsuites/failovers/test_failover_network.py @@ -21,6 +21,7 @@ from frostfs_testlib.storage.cluster import ClusterNode from frostfs_testlib.storage.controllers import ClusterStateController from frostfs_testlib.storage.dataclasses.object_size import ObjectSize from frostfs_testlib.storage.dataclasses.storage_object_info import Interfaces, StorageObjectInfo +from frostfs_testlib.storage.dataclasses.wallet import WalletInfo from frostfs_testlib.testing.cluster_test_base import ClusterTestBase from frostfs_testlib.testing.parallel import parallel from frostfs_testlib.utils.failover_utils import wait_object_replication @@ -74,7 +75,7 @@ class TestFailoverNetwork(ClusterTestBase): def storage_objects( self, simple_object_size: ObjectSize, - default_wallet: str, + default_wallet: WalletInfo, ) -> list[StorageObjectInfo]: file_path = generate_file(simple_object_size.value) @@ -105,7 +106,7 @@ class TestFailoverNetwork(ClusterTestBase): storage_object = StorageObjectInfo(cid=cid, oid=oid) storage_object.size = simple_object_size.value - storage_object.wallet_file_path = default_wallet + storage_object.wallet = default_wallet storage_object.file_path = file_path storage_object.file_hash = file_hash storage_object.attributes = attribute @@ -119,7 +120,7 @@ class TestFailoverNetwork(ClusterTestBase): @allure.title("Block Storage node traffic") def test_block_storage_node_traffic( self, - default_wallet: str, + default_wallet: WalletInfo, require_multiple_hosts, simple_object_size: ObjectSize, cluster_state_controller: ClusterStateController, @@ -201,7 +202,7 @@ class TestFailoverNetwork(ClusterTestBase): def test_block_data_interface( self, cluster_state_controller: ClusterStateController, - default_wallet: str, + default_wallet: WalletInfo, restore_down_interfaces: None, delete_file_after_test: None, storage_objects: list[StorageObjectInfo], @@ -258,7 +259,7 @@ class TestFailoverNetwork(ClusterTestBase): def test_block_internal_interface( self, cluster_state_controller: ClusterStateController, - default_wallet: str, + default_wallet: WalletInfo, restore_down_interfaces: None, delete_file_after_test: None, storage_objects: list[StorageObjectInfo], @@ -342,7 +343,7 @@ class TestFailoverNetwork(ClusterTestBase): self, require_multiple_interfaces, cluster_state_controller: ClusterStateController, - default_wallet: str, + default_wallet: WalletInfo, simple_object_size: ObjectSize, delete_file_after_test: None, restore_down_interfaces: None, @@ -398,7 +399,7 @@ class TestFailoverNetwork(ClusterTestBase): self, require_multiple_interfaces, cluster_state_controller: ClusterStateController, - default_wallet: str, + default_wallet: WalletInfo, simple_object_size: ObjectSize, delete_file_after_test: None, restore_down_interfaces: None, diff --git a/pytest_tests/testsuites/failovers/test_failover_server.py b/pytest_tests/testsuites/failovers/test_failover_server.py index c5b5c411..f67ebb47 100644 --- a/pytest_tests/testsuites/failovers/test_failover_server.py +++ b/pytest_tests/testsuites/failovers/test_failover_server.py @@ -41,7 +41,7 @@ class TestFailoverServer(ClusterTestBase): def containers( self, request: FixtureRequest, - default_wallet: str, + default_wallet: WalletInfo, ) -> list[StorageContainer]: placement_rule = "REP 2 CBF 2 SELECT 2 FROM *" @@ -66,7 +66,7 @@ class TestFailoverServer(ClusterTestBase): @reporter.step("Creation container") @pytest.fixture() - def container(self, default_wallet: str) -> StorageContainer: + def container(self, default_wallet: WalletInfo) -> StorageContainer: select = len(self.cluster.cluster_nodes) placement_rule = f"REP {select - 1} CBF 1 SELECT {select} FROM *" cont_id = create_container( @@ -120,7 +120,7 @@ class TestFailoverServer(ClusterTestBase): for storage_object in storage_objects: try: got_file_path = get_object( - storage_object.wallet_file_path, + storage_object.wallet, storage_object.cid, storage_object.oid, endpoint=node.get_rpc_endpoint(), @@ -152,7 +152,7 @@ class TestFailoverServer(ClusterTestBase): @pytest.fixture() def object_and_nodes( - self, simple_object_size: ObjectSize, container: StorageContainer, default_wallet: str + self, simple_object_size: ObjectSize, container: StorageContainer ) -> tuple[StorageObjectInfo, list[ClusterNode]]: object_info = container.generate_object(simple_object_size.value) object_nodes = get_object_nodes( @@ -240,7 +240,7 @@ class TestFailoverServer(ClusterTestBase): self, container: list[StorageContainer], object_and_nodes: tuple[StorageObjectInfo, list[ClusterNode]], - default_wallet: str, + default_wallet: WalletInfo, cluster_state_controller: ClusterStateController, simple_file: str, up_stop_nodes: None, @@ -283,7 +283,7 @@ class TestFailoverServer(ClusterTestBase): @allure.title("Not enough nodes in the container with policy - 'REP 2 CBF 2 SELECT 4 FROM *'") def test_not_enough_nodes_in_container_rep_2( self, - default_wallet: str, + default_wallet: WalletInfo, cluster_state_controller: ClusterStateController, simple_file: str, up_stop_nodes: None, diff --git a/pytest_tests/testsuites/failovers/test_failover_storage.py b/pytest_tests/testsuites/failovers/test_failover_storage.py index 9924ef62..405b290a 100644 --- a/pytest_tests/testsuites/failovers/test_failover_storage.py +++ b/pytest_tests/testsuites/failovers/test_failover_storage.py @@ -127,7 +127,7 @@ class TestFailoverStorage(ClusterTestBase): def test_unhealthy_tree( self, s3_client: S3ClientWrapper, - default_wallet: str, + default_wallet: WalletInfo, simple_object_size: ObjectSize, cluster_state_controller: ClusterStateController, after_run_return_all_stopped_services, @@ -536,7 +536,7 @@ class TestStorageDataLoss(ClusterTestBase): simple_object_size: ObjectSize, cluster_state_controller: ClusterStateController, shards_watcher: ShardsWatcher, - default_wallet: str, + default_wallet: WalletInfo, test_start_time: datetime, after_run_return_all_stopped_services: str, ): @@ -585,7 +585,7 @@ class TestStorageDataLoss(ClusterTestBase): with reporter.step("Objects should be available"): for storage_object in storage_objects: get_object( - storage_object.wallet_file_path, + storage_object.wallet, container.get_id(), storage_object.oid, self.shell, diff --git a/pytest_tests/testsuites/management/test_node_management.py b/pytest_tests/testsuites/management/test_node_management.py index 8c7a635f..1dc41d5b 100644 --- a/pytest_tests/testsuites/management/test_node_management.py +++ b/pytest_tests/testsuites/management/test_node_management.py @@ -40,6 +40,7 @@ from frostfs_testlib.storage.cluster import ClusterNode, StorageNode from frostfs_testlib.storage.controllers import ClusterStateController from frostfs_testlib.storage.dataclasses.object_size import ObjectSize from frostfs_testlib.storage.dataclasses.storage_object_info import ModeNode +from frostfs_testlib.storage.dataclasses.wallet import WalletInfo from frostfs_testlib.testing.cluster_test_base import ClusterTestBase from frostfs_testlib.utils import datetime_utils, string_utils from frostfs_testlib.utils.failover_utils import wait_object_replication @@ -58,7 +59,7 @@ class TestNodeManagement(ClusterTestBase): @pytest.fixture @allure.title("Create container and pick the node with data") def create_container_and_pick_node( - self, default_wallet: str, simple_object_size: ObjectSize + self, default_wallet: WalletInfo, simple_object_size: ObjectSize ) -> Tuple[str, StorageNode]: file_path = generate_file(simple_object_size.value) placement_rule = "REP 1 IN X CBF 1 SELECT 1 FROM * AS X" @@ -133,7 +134,7 @@ class TestNodeManagement(ClusterTestBase): @pytest.mark.add_nodes def test_add_nodes( self, - default_wallet: str, + default_wallet: WalletInfo, simple_object_size: ObjectSize, return_nodes_after_test_run, ): @@ -356,7 +357,7 @@ class TestMaintenanceMode(ClusterTestBase): return cli @pytest.fixture() - def restore_online_mode_node(self, cluster_state_controller: ClusterStateController, default_wallet: str): + def restore_online_mode_node(self, cluster_state_controller: ClusterStateController, default_wallet: WalletInfo): yield cluster_state_controller.set_mode_node(cluster_node=self.change_node, wallet=default_wallet, status="online") self.tick_epoch(wait_block=2) @@ -383,7 +384,7 @@ class TestMaintenanceMode(ClusterTestBase): @allure.title("Test of basic node operations in maintenance mode") def test_maintenance_mode( self, - default_wallet: str, + default_wallet: WalletInfo, simple_object_size: ObjectSize, cluster_state_controller: ClusterStateController, restore_online_mode_node: None, @@ -444,7 +445,7 @@ class TestMaintenanceMode(ClusterTestBase): self, cluster_state_controller: ClusterStateController, node_under_test: ClusterNode, - default_wallet: str, + default_wallet: WalletInfo, frostfs_cli: FrostfsCli, restore_online_mode_node: None, ): @@ -595,7 +596,7 @@ class TestMaintenanceMode(ClusterTestBase): node_under_test: ClusterNode, frostfs_cli_remote: FrostfsCli, frostfs_cli: FrostfsCli, - default_wallet: str, + default_wallet: WalletInfo, restore_online_mode_node: None, ): self.change_node = node_under_test diff --git a/pytest_tests/testsuites/object/test_object_api.py b/pytest_tests/testsuites/object/test_object_api.py index 700cdb4a..658c9d4b 100755 --- a/pytest_tests/testsuites/object/test_object_api.py +++ b/pytest_tests/testsuites/object/test_object_api.py @@ -28,6 +28,7 @@ from frostfs_testlib.steps.storage_policy import get_complex_object_copies, get_ from frostfs_testlib.storage.cluster import Cluster from frostfs_testlib.storage.dataclasses.object_size import ObjectSize from frostfs_testlib.storage.dataclasses.storage_object_info import StorageObjectInfo +from frostfs_testlib.storage.dataclasses.wallet import WalletInfo from frostfs_testlib.testing.cluster_test_base import ClusterTestBase from frostfs_testlib.utils.file_utils import generate_file, get_file_content, get_file_hash @@ -92,7 +93,7 @@ def generate_ranges( scope="module" ) def storage_objects( - default_wallet: str, client_shell: Shell, cluster: Cluster, object_size: ObjectSize + default_wallet: WalletInfo, client_shell: Shell, cluster: Cluster, object_size: ObjectSize ) -> list[StorageObjectInfo]: wallet = default_wallet # Separate containers for complex/simple objects to avoid side-effects @@ -117,7 +118,7 @@ def storage_objects( storage_object = StorageObjectInfo(cid, storage_object_id) storage_object.size = object_size.value - storage_object.wallet_file_path = wallet + storage_object.wallet = wallet storage_object.file_path = file_path storage_object.file_hash = file_hash storage_object.attributes = attributes @@ -147,7 +148,7 @@ class TestObjectApi(ClusterTestBase): for storage_object in storage_objects: if storage_object.size == simple_object_size.value: copies = get_simple_object_copies( - storage_object.wallet_file_path, + storage_object.wallet, storage_object.cid, storage_object.oid, shell=self.shell, @@ -155,7 +156,7 @@ class TestObjectApi(ClusterTestBase): ) else: copies = get_complex_object_copies( - storage_object.wallet_file_path, + storage_object.wallet, storage_object.cid, storage_object.oid, shell=self.shell, @@ -172,7 +173,7 @@ class TestObjectApi(ClusterTestBase): with reporter.step("Get objects and compare hashes"): for storage_object in storage_objects: file_path = get_object_from_random_node( - storage_object.wallet_file_path, + storage_object.wallet, storage_object.cid, storage_object.oid, self.shell, @@ -192,14 +193,14 @@ class TestObjectApi(ClusterTestBase): with reporter.step("Head object and validate"): head_object( - storage_object_1.wallet_file_path, + storage_object_1.wallet, storage_object_1.cid, storage_object_1.oid, shell=self.shell, endpoint=self.cluster.default_rpc_endpoint, ) head_info = head_object( - storage_object_2.wallet_file_path, + storage_object_2.wallet, storage_object_2.cid, storage_object_2.oid, shell=self.shell, @@ -214,7 +215,7 @@ class TestObjectApi(ClusterTestBase): """ oids = [storage_object.oid for storage_object in storage_objects] - wallet = storage_objects[0].wallet_file_path + wallet = storage_objects[0].wallet cid = storage_objects[0].cid test_table = [ @@ -249,7 +250,7 @@ class TestObjectApi(ClusterTestBase): assert sorted(expected_oids) == sorted(result) @allure.title("Search objects with removed items (obj_size={object_size})") - def test_object_search_should_return_tombstone_items(self, default_wallet: str, object_size: ObjectSize): + def test_object_search_should_return_tombstone_items(self, default_wallet: WalletInfo, object_size: ObjectSize): """ Validate object search with removed items """ @@ -265,7 +266,7 @@ class TestObjectApi(ClusterTestBase): cid=cid, oid=put_object_to_random_node(wallet, file_path, cid, self.shell, self.cluster), size=object_size.value, - wallet_file_path=wallet, + wallet=wallet, file_path=file_path, file_hash=file_hash, ) @@ -308,7 +309,7 @@ class TestObjectApi(ClusterTestBase): Validate get_range_hash for object by native gRPC API """ - wallet = storage_objects[0].wallet_file_path + wallet = storage_objects[0].wallet cid = storage_objects[0].cid oids = [storage_object.oid for storage_object in storage_objects[:2]] file_path = storage_objects[0].file_path @@ -339,7 +340,7 @@ class TestObjectApi(ClusterTestBase): Validate get_range for object by native gRPC API """ - wallet = storage_objects[0].wallet_file_path + wallet = storage_objects[0].wallet cid = storage_objects[0].cid oids = [storage_object.oid for storage_object in storage_objects[:2]] file_path = storage_objects[0].file_path @@ -374,7 +375,7 @@ class TestObjectApi(ClusterTestBase): Validate get_range negative for object by native gRPC API """ - wallet = storage_objects[0].wallet_file_path + wallet = storage_objects[0].wallet cid = storage_objects[0].cid oids = [storage_object.oid for storage_object in storage_objects[:2]] file_size = storage_objects[0].size @@ -421,7 +422,7 @@ class TestObjectApi(ClusterTestBase): Validate get_range_hash negative for object by native gRPC API """ - wallet = storage_objects[0].wallet_file_path + wallet = storage_objects[0].wallet cid = storage_objects[0].cid oids = [storage_object.oid for storage_object in storage_objects[:2]] file_size = storage_objects[0].size diff --git a/pytest_tests/testsuites/object/test_object_api_bearer.py b/pytest_tests/testsuites/object/test_object_api_bearer.py index f2f03cd8..c6e09cd8 100644 --- a/pytest_tests/testsuites/object/test_object_api_bearer.py +++ b/pytest_tests/testsuites/object/test_object_api_bearer.py @@ -25,7 +25,7 @@ from pytest import FixtureRequest @pytest.fixture(scope="module") @allure.title("Create bearer token for OTHERS with all operations allowed for all containers") -def bearer_token_file_all_allow(default_wallet: str, client_shell: Shell, cluster: Cluster) -> str: +def bearer_token_file_all_allow(default_wallet: WalletInfo, client_shell: Shell, cluster: Cluster) -> str: bearer = form_bearertoken_file( default_wallet, "", @@ -40,7 +40,7 @@ def bearer_token_file_all_allow(default_wallet: str, client_shell: Shell, cluste @pytest.fixture(scope="module") @allure.title("Create user container for bearer token usage") def user_container( - default_wallet: str, client_shell: Shell, cluster: Cluster, request: FixtureRequest + default_wallet: WalletInfo, client_shell: Shell, cluster: Cluster, request: FixtureRequest ) -> StorageContainer: container_id = create_container( default_wallet, @@ -94,18 +94,17 @@ class TestObjectApiWithBearerToken(ClusterTestBase): storage_objects: list[StorageObjectInfo], bearer_token_file_all_allow: str, ): - s3_gate_wallet = self.cluster.s3_gates[0] + s3_gate_wallet = WalletInfo.from_node(self.cluster.s3_gates[0]) with reporter.step("Try to delete each object from first storage node"): for storage_object in storage_objects: with expect_not_raises(): delete_object( - s3_gate_wallet.get_wallet_path(), + s3_gate_wallet, storage_object.cid, storage_object.oid, self.shell, endpoint=self.cluster.default_rpc_endpoint, bearer=bearer_token_file_all_allow, - wallet_config=s3_gate_wallet.get_wallet_config_path(), ) @allure.title("Object can be fetched from any node using s3gate wallet with bearer token (obj_size={object_size})") @@ -120,7 +119,7 @@ class TestObjectApiWithBearerToken(ClusterTestBase): object_size: ObjectSize, bearer_token_file_all_allow: str, ): - s3_gate_wallet = self.cluster.s3_gates[0] + s3_gate_wallet = WalletInfo.from_node(self.cluster.s3_gates[0]) with reporter.step("Put one object to container"): epoch = self.get_epoch() storage_object = user_container.generate_object( @@ -131,11 +130,10 @@ class TestObjectApiWithBearerToken(ClusterTestBase): for node in self.cluster.storage_nodes: with expect_not_raises(): get_object( - s3_gate_wallet.get_wallet_path(), + s3_gate_wallet, storage_object.cid, storage_object.oid, self.shell, endpoint=node.get_rpc_endpoint(), bearer=bearer_token_file_all_allow, - wallet_config=s3_gate_wallet.get_wallet_config_path(), ) diff --git a/pytest_tests/testsuites/object/test_object_lifetime.py b/pytest_tests/testsuites/object/test_object_lifetime.py index 934e463e..09536d54 100644 --- a/pytest_tests/testsuites/object/test_object_lifetime.py +++ b/pytest_tests/testsuites/object/test_object_lifetime.py @@ -8,6 +8,7 @@ from frostfs_testlib.steps.cli.container import create_container from frostfs_testlib.steps.cli.object import get_object_from_random_node, head_object, put_object_to_random_node from frostfs_testlib.steps.epoch import get_epoch from frostfs_testlib.storage.dataclasses.object_size import ObjectSize +from frostfs_testlib.storage.dataclasses.wallet import WalletInfo from frostfs_testlib.testing.cluster_test_base import ClusterTestBase from frostfs_testlib.utils.file_utils import generate_file, get_file_hash @@ -20,7 +21,7 @@ logger = logging.getLogger("NeoLogger") @pytest.mark.grpc_api class TestObjectApiLifetime(ClusterTestBase): @allure.title("Object is removed when lifetime expired (obj_size={object_size})") - def test_object_api_lifetime(self, default_wallet: str, object_size: ObjectSize): + def test_object_api_lifetime(self, default_wallet: WalletInfo, object_size: ObjectSize): """ Test object deleted after expiration epoch. """ diff --git a/pytest_tests/testsuites/object/test_object_lock.py b/pytest_tests/testsuites/object/test_object_lock.py index b3cb946b..ea78d9da 100755 --- a/pytest_tests/testsuites/object/test_object_lock.py +++ b/pytest_tests/testsuites/object/test_object_lock.py @@ -1,9 +1,11 @@ import logging import re +from datetime import datetime import allure import pytest from frostfs_testlib import reporter +from frostfs_testlib.credentials.interfaces import CredentialsProvider, User from frostfs_testlib.resources.common import STORAGE_GC_TIME from frostfs_testlib.resources.error_patterns import ( LIFETIME_REQUIRED, @@ -25,7 +27,7 @@ from frostfs_testlib.steps.storage_policy import get_nodes_with_object from frostfs_testlib.storage.cluster import Cluster from frostfs_testlib.storage.dataclasses.object_size import ObjectSize from frostfs_testlib.storage.dataclasses.storage_object_info import LockObjectInfo, StorageObjectInfo -from frostfs_testlib.storage.dataclasses.wallet import WalletFactory, WalletInfo +from frostfs_testlib.storage.dataclasses.wallet import WalletInfo from frostfs_testlib.testing.cluster_test_base import ClusterTestBase from frostfs_testlib.testing.test_control import expect_not_raises, wait_for_success from frostfs_testlib.utils import datetime_utils @@ -38,26 +40,20 @@ FIXTURE_LOCK_LIFETIME = 5 FIXTURE_OBJECT_LIFETIME = 10 -@pytest.fixture( - scope="module", -) -def user_wallet(wallet_factory: WalletFactory): +@pytest.fixture(scope="module") +def user_wallet(credentials_provider: CredentialsProvider, cluster: Cluster) -> WalletInfo: with reporter.step("Create user wallet with container"): - wallet_file = wallet_factory.create_wallet() - return wallet_file + user = User(f"user_{hex(int(datetime.now().timestamp() * 1000000))}") + return credentials_provider.GRPC.provide(user, cluster.cluster_nodes[0]) -@pytest.fixture( - scope="module", -) +@pytest.fixture(scope="module") def user_container(user_wallet: WalletInfo, client_shell: Shell, cluster: Cluster): - container_id = create_container(user_wallet.path, shell=client_shell, endpoint=cluster.default_rpc_endpoint) + container_id = create_container(user_wallet, shell=client_shell, endpoint=cluster.default_rpc_endpoint) return StorageContainer(StorageContainerInfo(container_id, user_wallet), client_shell, cluster) -@pytest.fixture( - scope="module", -) +@pytest.fixture(scope="module") def locked_storage_object( user_container: StorageContainer, client_shell: Shell, @@ -75,7 +71,7 @@ def locked_storage_object( object_size.value, expire_at=current_epoch + FIXTURE_OBJECT_LIFETIME ) lock_object_id = lock_object( - storage_object.wallet_file_path, + storage_object.wallet, storage_object.cid, storage_object.oid, client_shell, @@ -98,7 +94,7 @@ def locked_storage_object( tick_epoch(client_shell, cluster) try: delete_object( - storage_object.wallet_file_path, + storage_object.wallet, storage_object.cid, storage_object.oid, client_shell, @@ -113,10 +109,10 @@ def locked_storage_object( @wait_for_success(datetime_utils.parse_time(STORAGE_GC_TIME)) -def check_object_not_found(wallet_file_path: str, cid: str, oid: str, shell: Shell, rpc_endpoint: str): +def check_object_not_found(wallet: WalletInfo, cid: str, oid: str, shell: Shell, rpc_endpoint: str): with pytest.raises(Exception, match=OBJECT_NOT_FOUND): head_object( - wallet_file_path, + wallet, cid, oid, shell, @@ -124,10 +120,10 @@ def check_object_not_found(wallet_file_path: str, cid: str, oid: str, shell: She ) -def verify_object_available(wallet_file_path: str, cid: str, oid: str, shell: Shell, rpc_endpoint: str): +def verify_object_available(wallet: WalletInfo, cid: str, oid: str, shell: Shell, rpc_endpoint: str): with expect_not_raises(): head_object( - wallet_file_path, + wallet, cid, oid, shell, @@ -150,7 +146,7 @@ class TestObjectLockWithGrpc(ClusterTestBase): object_size.value, expire_at=current_epoch + FIXTURE_OBJECT_LIFETIME ) lock_object( - storage_object.wallet_file_path, + storage_object.wallet, storage_object.cid, storage_object.oid, self.shell, @@ -170,7 +166,7 @@ class TestObjectLockWithGrpc(ClusterTestBase): """ with pytest.raises(Exception, match=OBJECT_IS_LOCKED): delete_object( - locked_storage_object.wallet_file_path, + locked_storage_object.wallet, locked_storage_object.cid, locked_storage_object.oid, self.shell, @@ -189,7 +185,7 @@ class TestObjectLockWithGrpc(ClusterTestBase): """ lock_object = locked_storage_object.locks[0] - wallet_path = locked_storage_object.wallet_file_path + wallet_path = locked_storage_object.wallet with pytest.raises(Exception, match=LOCK_OBJECT_REMOVAL): delete_object( @@ -212,7 +208,7 @@ class TestObjectLockWithGrpc(ClusterTestBase): """ lock_object_info = locked_storage_object.locks[0] - wallet_path = locked_storage_object.wallet_file_path + wallet_path = locked_storage_object.wallet with pytest.raises(Exception, match=LOCK_NON_REGULAR_OBJECT): lock_object( @@ -252,7 +248,7 @@ class TestObjectLockWithGrpc(ClusterTestBase): """ lock_object_info = locked_storage_object.locks[0] - wallet_path = locked_storage_object.wallet_file_path + wallet_path = locked_storage_object.wallet with pytest.raises(Exception, match=expected_error): lock_object( @@ -281,7 +277,7 @@ class TestObjectLockWithGrpc(ClusterTestBase): with reporter.step("Lock object for couple epochs"): lock_object( - storage_object.wallet_file_path, + storage_object.wallet, storage_object.cid, storage_object.oid, self.shell, @@ -289,7 +285,7 @@ class TestObjectLockWithGrpc(ClusterTestBase): lifetime=2, ) lock_object( - storage_object.wallet_file_path, + storage_object.wallet, storage_object.cid, storage_object.oid, self.shell, @@ -303,7 +299,7 @@ class TestObjectLockWithGrpc(ClusterTestBase): wait_for_gc_pass_on_storage_nodes() with expect_not_raises(): head_object( - storage_object.wallet_file_path, + storage_object.wallet, storage_object.cid, storage_object.oid, self.shell, @@ -313,7 +309,7 @@ class TestObjectLockWithGrpc(ClusterTestBase): with reporter.step("Wait for object to be deleted after third epoch"): self.tick_epoch() check_object_not_found( - storage_object.wallet_file_path, + storage_object.wallet, storage_object.cid, storage_object.oid, self.shell, @@ -338,7 +334,7 @@ class TestObjectLockWithGrpc(ClusterTestBase): storage_objects.append(user_container.generate_object(object_size.value, expire_at=current_epoch + 5)) lock_object( - storage_objects[0].wallet_file_path, + storage_objects[0].wallet, storage_objects[0].cid, ",".join([storage_object.oid for storage_object in storage_objects]), self.shell, @@ -350,7 +346,7 @@ class TestObjectLockWithGrpc(ClusterTestBase): with reporter.step(f"Try to delete object {storage_object.oid}"): with pytest.raises(Exception, match=OBJECT_IS_LOCKED): delete_object( - storage_object.wallet_file_path, + storage_object.wallet, storage_object.cid, storage_object.oid, self.shell, @@ -384,7 +380,7 @@ class TestObjectLockWithGrpc(ClusterTestBase): match=LOCK_OBJECT_EXPIRATION.format(expiration_epoch=expiration_epoch, current_epoch=current_epoch), ): lock_object( - storage_object.wallet_file_path, + storage_object.wallet, storage_object.cid, storage_object.oid, self.shell, @@ -408,7 +404,7 @@ class TestObjectLockWithGrpc(ClusterTestBase): storage_object = user_container.generate_object(object_size.value, expire_at=current_epoch + 5) lock_object( - storage_object.wallet_file_path, + storage_object.wallet, storage_object.cid, storage_object.oid, self.shell, @@ -419,7 +415,7 @@ class TestObjectLockWithGrpc(ClusterTestBase): self.tick_epochs(2) with expect_not_raises(): delete_object( - storage_object.wallet_file_path, + storage_object.wallet, storage_object.cid, storage_object.oid, self.shell, @@ -442,7 +438,7 @@ class TestObjectLockWithGrpc(ClusterTestBase): storage_object = user_container.generate_object(object_size.value, expire_at=current_epoch + 5) lock_object( - storage_object.wallet_file_path, + storage_object.wallet, storage_object.cid, storage_object.oid, self.shell, @@ -454,7 +450,7 @@ class TestObjectLockWithGrpc(ClusterTestBase): with expect_not_raises(): delete_object( - storage_object.wallet_file_path, + storage_object.wallet, storage_object.cid, storage_object.oid, self.shell, @@ -481,7 +477,7 @@ class TestObjectLockWithGrpc(ClusterTestBase): with reporter.step(f"Try to delete chunk object {chunk_object_id}"): with pytest.raises(Exception, match=OBJECT_IS_LOCKED): delete_object( - locked_storage_object.wallet_file_path, + locked_storage_object.wallet, locked_storage_object.cid, chunk_object_id, self.shell, @@ -498,7 +494,7 @@ class TestObjectLockWithGrpc(ClusterTestBase): ) def test_link_object_of_locked_complex_object_can_be_dropped(self, new_locked_storage_object: StorageObjectInfo): link_object_id = get_link_object( - new_locked_storage_object.wallet_file_path, + new_locked_storage_object.wallet, new_locked_storage_object.cid, new_locked_storage_object.oid, self.shell, @@ -569,7 +565,7 @@ class TestObjectLockWithGrpc(ClusterTestBase): """ link_object_id = get_link_object( - locked_storage_object.wallet_file_path, + locked_storage_object.wallet, locked_storage_object.cid, locked_storage_object.oid, self.shell, @@ -579,7 +575,7 @@ class TestObjectLockWithGrpc(ClusterTestBase): with reporter.step(f"Try to delete link object {link_object_id}"): with pytest.raises(Exception, match=OBJECT_IS_LOCKED): delete_object( - locked_storage_object.wallet_file_path, + locked_storage_object.wallet, locked_storage_object.cid, link_object_id, self.shell, @@ -597,7 +593,7 @@ class TestObjectLockWithGrpc(ClusterTestBase): with reporter.step("Apply first lock to object for 3 epochs"): lock_object_id_0 = lock_object( - storage_object.wallet_file_path, + storage_object.wallet, storage_object.cid, storage_object.oid, self.shell, @@ -609,7 +605,7 @@ class TestObjectLockWithGrpc(ClusterTestBase): with reporter.step("Check first lock is still available"): verify_object_available( - storage_object.wallet_file_path, + storage_object.wallet, storage_object.cid, lock_object_id_0, self.shell, @@ -618,7 +614,7 @@ class TestObjectLockWithGrpc(ClusterTestBase): with reporter.step("Apply second lock to object for 3 more epochs"): lock_object_id_1 = lock_object( - storage_object.wallet_file_path, + storage_object.wallet, storage_object.cid, storage_object.oid, self.shell, @@ -630,7 +626,7 @@ class TestObjectLockWithGrpc(ClusterTestBase): with reporter.step("Verify first lock is expired and removed"): check_object_not_found( - storage_object.wallet_file_path, + storage_object.wallet, storage_object.cid, lock_object_id_0, self.shell, @@ -639,7 +635,7 @@ class TestObjectLockWithGrpc(ClusterTestBase): with reporter.step("Verify second lock is still available"): verify_object_available( - storage_object.wallet_file_path, + storage_object.wallet, storage_object.cid, lock_object_id_1, self.shell, @@ -648,7 +644,7 @@ class TestObjectLockWithGrpc(ClusterTestBase): with reporter.step("Apply third lock to object for 3 more epochs"): lock_object( - storage_object.wallet_file_path, + storage_object.wallet, storage_object.cid, storage_object.oid, self.shell, @@ -659,7 +655,7 @@ class TestObjectLockWithGrpc(ClusterTestBase): with reporter.step("Verify object is deleted after all locks are expired"): self.tick_epochs(4) check_object_not_found( - storage_object.wallet_file_path, + storage_object.wallet, storage_object.cid, storage_object.oid, self.shell, @@ -687,7 +683,7 @@ class TestObjectLockWithGrpc(ClusterTestBase): with reporter.step("Lock objects for 4 epochs"): lock_object( - storage_objects[0].wallet_file_path, + storage_objects[0].wallet, storage_objects[0].cid, ",".join([storage_object.oid for storage_object in storage_objects]), self.shell, @@ -701,7 +697,7 @@ class TestObjectLockWithGrpc(ClusterTestBase): with reporter.step(f"Check objects at epoch {current_epoch + epoch_i + 2}"): for storage_object in storage_objects: verify_object_available( - storage_object.wallet_file_path, + storage_object.wallet, storage_object.cid, storage_object.oid, self.shell, @@ -712,7 +708,7 @@ class TestObjectLockWithGrpc(ClusterTestBase): self.tick_epoch() for storage_object in storage_objects: check_object_not_found( - storage_object.wallet_file_path, + storage_object.wallet, storage_object.cid, storage_object.oid, self.shell, diff --git a/pytest_tests/testsuites/replication/test_replication.py b/pytest_tests/testsuites/replication/test_replication.py index a4bdefc8..7e7676f5 100644 --- a/pytest_tests/testsuites/replication/test_replication.py +++ b/pytest_tests/testsuites/replication/test_replication.py @@ -1,6 +1,5 @@ import logging import random -from time import sleep import allure import pytest @@ -11,6 +10,7 @@ from frostfs_testlib.steps.cli.object import delete_object, head_object, put_obj from frostfs_testlib.storage.cluster import Cluster from frostfs_testlib.storage.controllers.cluster_state_controller import ClusterStateController from frostfs_testlib.storage.dataclasses.object_size import ObjectSize +from frostfs_testlib.storage.dataclasses.wallet import WalletInfo from frostfs_testlib.testing.cluster_test_base import ClusterTestBase from frostfs_testlib.utils.failover_utils import wait_object_replication from frostfs_testlib.utils.file_utils import generate_file @@ -33,7 +33,7 @@ class TestReplication(ClusterTestBase): @allure.title("Replication (obj_size={object_size})") def test_replication( self, - default_wallet: str, + default_wallet: WalletInfo, client_shell: Shell, cluster: Cluster, object_size: ObjectSize, diff --git a/pytest_tests/testsuites/services/http_gate/test_http_bearer.py b/pytest_tests/testsuites/services/http_gate/test_http_bearer.py index 1479a564..4fc291b8 100644 --- a/pytest_tests/testsuites/services/http_gate/test_http_bearer.py +++ b/pytest_tests/testsuites/services/http_gate/test_http_bearer.py @@ -70,7 +70,7 @@ class Test_http_bearer(ClusterTestBase): bearer_signed = f"{bearer}_signed" sign_bearer( shell=self.shell, - wallet_path=self.wallet, + wallet=self.wallet, eacl_rules_file_from=bearer, eacl_rules_file_to=bearer_signed, json=False, diff --git a/pytest_tests/testsuites/services/http_gate/test_http_headers.py b/pytest_tests/testsuites/services/http_gate/test_http_headers.py index 77fed399..ca943190 100644 --- a/pytest_tests/testsuites/services/http_gate/test_http_headers.py +++ b/pytest_tests/testsuites/services/http_gate/test_http_headers.py @@ -70,7 +70,7 @@ class Test_http_headers(ClusterTestBase): ) storage_object = StorageObjectInfo(cid, storage_object_id) storage_object.size = os.path.getsize(file_path) - storage_object.wallet_file_path = wallet + storage_object.wallet = wallet storage_object.file_path = file_path storage_object.attributes = attributes diff --git a/pytest_tests/testsuites/services/s3_gate/test_s3_multipart.py b/pytest_tests/testsuites/services/s3_gate/test_s3_multipart.py index c6e28bb4..927e570d 100644 --- a/pytest_tests/testsuites/services/s3_gate/test_s3_multipart.py +++ b/pytest_tests/testsuites/services/s3_gate/test_s3_multipart.py @@ -5,6 +5,7 @@ from frostfs_testlib.s3 import S3ClientWrapper, VersioningStatus from frostfs_testlib.steps.cli.container import list_objects, search_container_by_name from frostfs_testlib.steps.s3 import s3_helper from frostfs_testlib.storage.dataclasses.object_size import ObjectSize +from frostfs_testlib.storage.dataclasses.wallet import WalletInfo from frostfs_testlib.testing.cluster_test_base import ClusterTestBase from frostfs_testlib.utils.file_utils import generate_file, get_file_hash, split_file @@ -54,7 +55,7 @@ class TestS3GateMultipart(ClusterTestBase): def test_s3_abort_multipart( self, s3_client: S3ClientWrapper, - default_wallet: str, + default_wallet: WalletInfo, bucket: str, simple_object_size: ObjectSize, complex_object_size: ObjectSize, diff --git a/pytest_tests/testsuites/services/s3_gate/test_s3_policy.py b/pytest_tests/testsuites/services/s3_gate/test_s3_policy.py index 5e72f7eb..a0d4c1a7 100644 --- a/pytest_tests/testsuites/services/s3_gate/test_s3_policy.py +++ b/pytest_tests/testsuites/services/s3_gate/test_s3_policy.py @@ -8,6 +8,7 @@ from frostfs_testlib.steps.cli.container import search_container_by_name from frostfs_testlib.steps.s3 import s3_helper from frostfs_testlib.steps.storage_policy import get_simple_object_copies from frostfs_testlib.storage.dataclasses.object_size import ObjectSize +from frostfs_testlib.storage.dataclasses.wallet import WalletInfo from frostfs_testlib.testing.cluster_test_base import ClusterTestBase from frostfs_testlib.testing.test_control import expect_not_raises from frostfs_testlib.utils.file_utils import generate_file @@ -17,7 +18,9 @@ from frostfs_testlib.utils.file_utils import generate_file @pytest.mark.parametrize("s3_policy", ["pytest_tests/resources/files/policy.json"], indirect=True) class TestS3GatePolicy(ClusterTestBase): @allure.title("Bucket creation with retention policy applied (s3_client={s3_client})") - def test_s3_bucket_location(self, default_wallet: str, s3_client: S3ClientWrapper, simple_object_size: ObjectSize): + def test_s3_bucket_location( + self, default_wallet: WalletInfo, s3_client: S3ClientWrapper, simple_object_size: ObjectSize + ): file_path_1 = generate_file(simple_object_size.value) file_name_1 = s3_helper.object_key_from_file_path(file_path_1) file_path_2 = generate_file(simple_object_size.value) diff --git a/pytest_tests/testsuites/session_token/conftest.py b/pytest_tests/testsuites/session_token/conftest.py index 41623101..faf173d0 100644 --- a/pytest_tests/testsuites/session_token/conftest.py +++ b/pytest_tests/testsuites/session_token/conftest.py @@ -1,26 +1,28 @@ +from datetime import datetime + import pytest -from frostfs_testlib.storage.dataclasses.wallet import WalletFactory, WalletInfo +from frostfs_testlib import reporter +from frostfs_testlib.credentials.interfaces import CredentialsProvider, User +from frostfs_testlib.storage.cluster import Cluster +from frostfs_testlib.storage.dataclasses.wallet import WalletInfo @pytest.fixture(scope="module") -def owner_wallet(wallet_factory: WalletFactory) -> WalletInfo: - """ - Returns wallet which owns containers and objects - """ - return wallet_factory.create_wallet() +def owner_wallet(credentials_provider: CredentialsProvider, cluster: Cluster) -> WalletInfo: + with reporter.step("Create user wallet which owns containers and objects"): + user = User(f"user_{hex(int(datetime.now().timestamp() * 1000000))}") + return credentials_provider.GRPC.provide(user, cluster.cluster_nodes[0]) @pytest.fixture(scope="module") -def user_wallet(wallet_factory: WalletFactory) -> WalletInfo: - """ - Returns wallet which will use objects from owner via static session - """ - return wallet_factory.create_wallet() +def user_wallet(credentials_provider: CredentialsProvider, cluster: Cluster) -> WalletInfo: + with reporter.step("Create user wallet which will use objects from owner via static session"): + user = User(f"user_{hex(int(datetime.now().timestamp() * 1000000))}") + return credentials_provider.GRPC.provide(user, cluster.cluster_nodes[0]) @pytest.fixture(scope="module") -def stranger_wallet(wallet_factory: WalletFactory) -> WalletInfo: - """ - Returns stranger wallet which should fail to obtain data - """ - return wallet_factory.create_wallet() +def stranger_wallet(credentials_provider: CredentialsProvider, cluster: Cluster) -> WalletInfo: + with reporter.step("Create stranger user wallet which should fail to obtain data"): + user = User(f"user_{hex(int(datetime.now().timestamp() * 1000000))}") + return credentials_provider.GRPC.provide(user, cluster.cluster_nodes[0]) diff --git a/pytest_tests/testsuites/session_token/test_object_session_token.py b/pytest_tests/testsuites/session_token/test_object_session_token.py index c49a0a86..7eaa43b8 100644 --- a/pytest_tests/testsuites/session_token/test_object_session_token.py +++ b/pytest_tests/testsuites/session_token/test_object_session_token.py @@ -3,12 +3,12 @@ import random import allure import pytest from frostfs_testlib import reporter -from frostfs_testlib.resources.common import DEFAULT_WALLET_PASS from frostfs_testlib.resources.error_patterns import SESSION_NOT_FOUND from frostfs_testlib.steps.cli.container import create_container from frostfs_testlib.steps.cli.object import delete_object, put_object, put_object_to_random_node from frostfs_testlib.steps.session_token import create_session_token from frostfs_testlib.storage.dataclasses.object_size import ObjectSize +from frostfs_testlib.storage.dataclasses.wallet import WalletInfo from frostfs_testlib.testing.cluster_test_base import ClusterTestBase from frostfs_testlib.utils import wallet_utils from frostfs_testlib.utils.file_utils import generate_file @@ -18,7 +18,7 @@ from frostfs_testlib.utils.file_utils import generate_file @pytest.mark.session_token class TestDynamicObjectSession(ClusterTestBase): @allure.title("Object Operations with Session Token (obj_size={object_size})") - def test_object_session_token(self, default_wallet: str, object_size: ObjectSize): + def test_object_session_token(self, default_wallet: WalletInfo, object_size: ObjectSize): """ Test how operations over objects are executed with a session token @@ -34,7 +34,6 @@ class TestDynamicObjectSession(ClusterTestBase): with reporter.step("Init wallet"): wallet = default_wallet - address = wallet_utils.get_last_address_from_wallet(wallet, "") with reporter.step("Nodes Settlements"): session_token_node, container_node, non_container_node = random.sample(self.cluster.storage_nodes, 3) @@ -42,9 +41,8 @@ class TestDynamicObjectSession(ClusterTestBase): with reporter.step("Create Session Token"): session_token = create_session_token( shell=self.shell, - owner=address, - wallet_path=wallet, - wallet_password=DEFAULT_WALLET_PASS, + owner=default_wallet.get_address(), + wallet=default_wallet, rpc_endpoint=session_token_node.get_rpc_endpoint(), ) diff --git a/pytest_tests/testsuites/session_token/test_static_object_session_token.py b/pytest_tests/testsuites/session_token/test_static_object_session_token.py index 7c8e2ac5..466986e1 100644 --- a/pytest_tests/testsuites/session_token/test_static_object_session_token.py +++ b/pytest_tests/testsuites/session_token/test_static_object_session_token.py @@ -50,8 +50,8 @@ RANGE_OFFSET_FOR_COMPLEX_OBJECT = 200 @pytest.fixture(scope="module") def storage_containers(owner_wallet: WalletInfo, client_shell: Shell, cluster: Cluster) -> list[str]: - cid = create_container(owner_wallet.path, shell=client_shell, endpoint=cluster.default_rpc_endpoint) - other_cid = create_container(owner_wallet.path, shell=client_shell, endpoint=cluster.default_rpc_endpoint) + cid = create_container(owner_wallet, shell=client_shell, endpoint=cluster.default_rpc_endpoint) + other_cid = create_container(owner_wallet, shell=client_shell, endpoint=cluster.default_rpc_endpoint) yield [cid, other_cid] @@ -74,7 +74,7 @@ def storage_objects( # upload couple objects for _ in range(3): storage_object_id = put_object_to_random_node( - wallet=owner_wallet.path, + wallet=owner_wallet, path=file_path, cid=storage_containers[0], shell=client_shell, @@ -83,7 +83,7 @@ def storage_objects( storage_object = StorageObjectInfo(storage_containers[0], storage_object_id) storage_object.size = object_size.value - storage_object.wallet_file_path = owner_wallet.path + storage_object.wallet = owner_wallet storage_object.file_path = file_path storage_objects.append(storage_object) @@ -163,7 +163,7 @@ class TestObjectStaticSession(ClusterTestBase): for node in self.cluster.storage_nodes: for storage_object in storage_objects[0:2]: method_under_test( - wallet=user_wallet.path, + wallet=user_wallet, cid=storage_object.cid, oid=storage_object.oid, shell=self.shell, @@ -196,7 +196,7 @@ class TestObjectStaticSession(ClusterTestBase): with reporter.step(f"Check range {range_to_test}"): with expect_not_raises(): method_under_test( - user_wallet.path, + user_wallet, storage_object.cid, storage_object.oid, shell=self.shell, @@ -219,7 +219,7 @@ class TestObjectStaticSession(ClusterTestBase): cid = storage_objects[0].cid expected_object_ids = [storage_object.oid for storage_object in storage_objects[0:2]] actual_object_ids = search_object( - user_wallet.path, + user_wallet, cid, self.shell, endpoint=self.cluster.default_rpc_endpoint, @@ -240,7 +240,7 @@ class TestObjectStaticSession(ClusterTestBase): """ with pytest.raises(Exception, match=UNRELATED_OBJECT): head_object( - user_wallet.path, + user_wallet, storage_objects[2].cid, storage_objects[2].oid, self.shell, @@ -262,7 +262,7 @@ class TestObjectStaticSession(ClusterTestBase): with pytest.raises(Exception, match=UNRELATED_KEY): head_object( - stranger_wallet.path, + stranger_wallet, storage_object.cid, storage_object.oid, self.shell, @@ -284,7 +284,7 @@ class TestObjectStaticSession(ClusterTestBase): with pytest.raises(Exception, match=WRONG_VERB): get_object( - user_wallet.path, + user_wallet, storage_object.cid, storage_object.oid, self.shell, @@ -307,7 +307,7 @@ class TestObjectStaticSession(ClusterTestBase): with pytest.raises(Exception, match=UNRELATED_CONTAINER): get_object_from_random_node( - user_wallet.path, + user_wallet, storage_containers[1], storage_object.oid, self.shell, @@ -341,7 +341,7 @@ class TestObjectStaticSession(ClusterTestBase): signed_token_file = sign_session_token(self.shell, session_token_file, stranger_wallet) with pytest.raises(Exception, match=OBJECT_ACCESS_DENIED): head_object( - user_wallet.path, + user_wallet, storage_object.cid, storage_object.oid, self.shell, @@ -375,7 +375,7 @@ class TestObjectStaticSession(ClusterTestBase): signed_token_file = sign_session_token(self.shell, session_token_file, owner_wallet) with pytest.raises(Exception, match=OBJECT_NOT_FOUND): head_object( - user_wallet.path, + user_wallet, container, storage_object.oid, self.shell, @@ -407,7 +407,7 @@ class TestObjectStaticSession(ClusterTestBase): ) with pytest.raises(Exception, match=INVALID_SIGNATURE): head_object( - user_wallet.path, + user_wallet, storage_object.cid, storage_object.oid, self.shell, @@ -448,7 +448,7 @@ class TestObjectStaticSession(ClusterTestBase): with reporter.step("Object should be available with session token after token creation"): with expect_not_raises(): head_object( - user_wallet.path, + user_wallet, container, object_id, self.shell, @@ -460,7 +460,7 @@ class TestObjectStaticSession(ClusterTestBase): self.tick_epoch() with expect_not_raises(): head_object( - user_wallet.path, + user_wallet, container, object_id, self.shell, @@ -472,7 +472,7 @@ class TestObjectStaticSession(ClusterTestBase): self.tick_epoch() with pytest.raises(Exception, match=EXPIRED_SESSION_TOKEN): head_object( - user_wallet.path, + user_wallet, container, object_id, self.shell, @@ -514,7 +514,7 @@ class TestObjectStaticSession(ClusterTestBase): with reporter.step("Object should NOT be available with session token after token creation"): with pytest.raises(Exception, match=MALFORMED_REQUEST): head_object( - user_wallet.path, + user_wallet, container, object_id, self.shell, @@ -526,7 +526,7 @@ class TestObjectStaticSession(ClusterTestBase): self.tick_epoch() with expect_not_raises(): head_object( - user_wallet.path, + user_wallet, container, object_id, self.shell, @@ -538,7 +538,7 @@ class TestObjectStaticSession(ClusterTestBase): self.tick_epoch() with expect_not_raises(): head_object( - user_wallet.path, + user_wallet, container, object_id, self.shell, @@ -550,7 +550,7 @@ class TestObjectStaticSession(ClusterTestBase): self.tick_epoch() with pytest.raises(Exception, match=EXPIRED_SESSION_TOKEN): head_object( - user_wallet.path, + user_wallet, container, object_id, self.shell, @@ -589,7 +589,7 @@ class TestObjectStaticSession(ClusterTestBase): with pytest.raises(Exception, match=EXPIRED_SESSION_TOKEN): head_object( - user_wallet.path, + user_wallet, container, object_id, self.shell, @@ -610,7 +610,7 @@ class TestObjectStaticSession(ClusterTestBase): storage_object = storage_objects[0] with pytest.raises(Exception, match=OBJECT_ACCESS_DENIED): delete_object( - user_wallet.path, + user_wallet, storage_object.cid, storage_object.oid, self.shell, @@ -632,7 +632,7 @@ class TestObjectStaticSession(ClusterTestBase): storage_object = storage_objects[0] with pytest.raises(Exception, match=OBJECT_ACCESS_DENIED): put_object_to_random_node( - user_wallet.path, + user_wallet, storage_object.file_path, storage_object.cid, self.shell, @@ -671,7 +671,7 @@ class TestObjectStaticSession(ClusterTestBase): with pytest.raises(Exception, match=MALFORMED_REQUEST): head_object( - user_wallet.path, + user_wallet, container, object_id, self.shell, diff --git a/pytest_tests/testsuites/session_token/test_static_session_token_container.py b/pytest_tests/testsuites/session_token/test_static_session_token_container.py index c6cc2597..266a9379 100644 --- a/pytest_tests/testsuites/session_token/test_static_session_token_container.py +++ b/pytest_tests/testsuites/session_token/test_static_session_token_container.py @@ -43,7 +43,7 @@ class TestSessionTokenContainer(ClusterTestBase): """ with reporter.step("Create container with static session token"): cid = create_container( - user_wallet.path, + user_wallet, session_token=static_sessions[ContainerVerb.CREATE], shell=self.shell, endpoint=self.cluster.default_rpc_endpoint, @@ -51,14 +51,12 @@ class TestSessionTokenContainer(ClusterTestBase): ) container_info: dict[str, str] = get_container( - owner_wallet.path, cid, shell=self.shell, endpoint=self.cluster.default_rpc_endpoint + owner_wallet, cid, shell=self.shell, endpoint=self.cluster.default_rpc_endpoint ) assert container_info["ownerID"] == owner_wallet.get_address() - assert cid not in list_containers( - user_wallet.path, shell=self.shell, endpoint=self.cluster.default_rpc_endpoint - ) - assert cid in list_containers(owner_wallet.path, shell=self.shell, endpoint=self.cluster.default_rpc_endpoint) + assert cid not in list_containers(user_wallet, shell=self.shell, endpoint=self.cluster.default_rpc_endpoint) + assert cid in list_containers(owner_wallet, shell=self.shell, endpoint=self.cluster.default_rpc_endpoint) def test_static_session_token_container_create_with_other_verb( self, @@ -72,7 +70,7 @@ class TestSessionTokenContainer(ClusterTestBase): for verb in [verb for verb in ContainerVerb if verb != ContainerVerb.CREATE]: with pytest.raises(Exception): create_container( - user_wallet.path, + user_wallet, session_token=static_sessions[verb], shell=self.shell, endpoint=self.cluster.default_rpc_endpoint, @@ -90,7 +88,7 @@ class TestSessionTokenContainer(ClusterTestBase): with reporter.step("Try create container with static session token without PUT rule"): with pytest.raises(Exception): create_container( - stranger_wallet.path, + stranger_wallet, session_token=static_sessions[ContainerVerb.CREATE], shell=self.shell, endpoint=self.cluster.default_rpc_endpoint, @@ -108,14 +106,14 @@ class TestSessionTokenContainer(ClusterTestBase): """ with reporter.step("Create container"): cid = create_container( - owner_wallet.path, + owner_wallet, shell=self.shell, endpoint=self.cluster.default_rpc_endpoint, wait_for_creation=False, ) with reporter.step("Delete container with static session token"): delete_container( - wallet=user_wallet.path, + wallet=user_wallet, cid=cid, session_token=static_sessions[ContainerVerb.DELETE], shell=self.shell, @@ -123,9 +121,7 @@ class TestSessionTokenContainer(ClusterTestBase): await_mode=True, ) - assert cid not in list_containers( - owner_wallet.path, shell=self.shell, endpoint=self.cluster.default_rpc_endpoint - ) + assert cid not in list_containers(owner_wallet, shell=self.shell, endpoint=self.cluster.default_rpc_endpoint) @pytest.mark.sanity def test_static_session_token_container_set_eacl( @@ -141,18 +137,18 @@ class TestSessionTokenContainer(ClusterTestBase): """ with reporter.step("Create container"): cid = create_container( - owner_wallet.path, + owner_wallet, basic_acl=PUBLIC_ACL, shell=self.shell, endpoint=self.cluster.default_rpc_endpoint, ) file_path = generate_file(simple_object_size.value) - assert can_put_object(stranger_wallet.path, cid, file_path, self.shell, self.cluster) + assert can_put_object(stranger_wallet, cid, file_path, self.shell, self.cluster) with reporter.step("Deny all operations for other via eACL"): eacl_deny = [EACLRule(access=EACLAccess.DENY, role=EACLRole.OTHERS, operation=op) for op in EACLOperation] set_eacl( - user_wallet.path, + user_wallet, cid, create_eacl(cid, eacl_deny, shell=self.shell), shell=self.shell, @@ -161,4 +157,4 @@ class TestSessionTokenContainer(ClusterTestBase): ) wait_for_cache_expired() - assert not can_put_object(stranger_wallet.path, cid, file_path, self.shell, self.cluster) + assert not can_put_object(stranger_wallet, cid, file_path, self.shell, self.cluster) diff --git a/pytest_tests/testsuites/shard/test_control_shard.py b/pytest_tests/testsuites/shard/test_control_shard.py index 7f2cf4f6..9ed13539 100644 --- a/pytest_tests/testsuites/shard/test_control_shard.py +++ b/pytest_tests/testsuites/shard/test_control_shard.py @@ -1,5 +1,4 @@ import json -import pathlib import allure import pytest @@ -14,6 +13,7 @@ from frostfs_testlib.storage.cluster import Cluster, ClusterNode, StorageNode from frostfs_testlib.storage.controllers import ClusterStateController, ShardsWatcher from frostfs_testlib.storage.controllers.state_managers.config_state_manager import ConfigStateManager from frostfs_testlib.storage.dataclasses.shard import Shard +from frostfs_testlib.storage.dataclasses.wallet import WalletInfo from frostfs_testlib.testing import parallel from frostfs_testlib.testing.cluster_test_base import ClusterTestBase from frostfs_testlib.utils.file_utils import generate_file @@ -50,7 +50,7 @@ class TestControlShard(ClusterTestBase): parallel(self.set_shard_rw_mode, self.cluster.cluster_nodes) @pytest.fixture() - def oid_cid_node(self, default_wallet: str) -> tuple[str, str, ClusterNode]: + def oid_cid_node(self, default_wallet: WalletInfo) -> tuple[str, str, ClusterNode]: with reporter.step("Create container, and put object"): cid = create_container( wallet=default_wallet, @@ -114,7 +114,7 @@ class TestControlShard(ClusterTestBase): @pytest.mark.failover def test_shard_errors( self, - default_wallet: str, + default_wallet: WalletInfo, oid_cid_node: tuple[str, str, ClusterNode], change_config_storage: None, revert_all_shards_mode: None,