2022-12-06 15:06:39 +00:00
|
|
|
import allure
|
|
|
|
import pytest
|
2023-11-29 13:34:59 +00:00
|
|
|
from frostfs_testlib import reporter
|
2024-07-17 20:56:05 +00:00
|
|
|
from frostfs_testlib.cli import FrostfsCli
|
|
|
|
from frostfs_testlib.resources.wellknown_acl import PUBLIC_ACL
|
2023-01-09 12:46:03 +00:00
|
|
|
from frostfs_testlib.shell import Shell
|
2023-05-15 09:59:33 +00:00
|
|
|
from frostfs_testlib.steps.cli.container import (
|
2023-02-27 16:54:27 +00:00
|
|
|
REP_2_FOR_3_NODES_PLACEMENT_RULE,
|
|
|
|
SINGLE_PLACEMENT_RULE,
|
|
|
|
StorageContainer,
|
|
|
|
StorageContainerInfo,
|
|
|
|
create_container,
|
|
|
|
)
|
2023-05-15 09:59:33 +00:00
|
|
|
from frostfs_testlib.steps.cli.object import delete_object, get_object
|
|
|
|
from frostfs_testlib.steps.storage_object import StorageObjectInfo
|
|
|
|
from frostfs_testlib.storage.cluster import Cluster
|
2024-07-17 20:56:05 +00:00
|
|
|
from frostfs_testlib.storage.dataclasses import ape
|
2023-08-02 11:54:03 +00:00
|
|
|
from frostfs_testlib.storage.dataclasses.object_size import ObjectSize
|
2023-05-15 09:59:33 +00:00
|
|
|
from frostfs_testlib.storage.dataclasses.wallet import WalletInfo
|
|
|
|
from frostfs_testlib.testing.cluster_test_base import ClusterTestBase
|
|
|
|
from frostfs_testlib.testing.test_control import expect_not_raises
|
|
|
|
from pytest import FixtureRequest
|
2022-12-06 15:06:39 +00:00
|
|
|
|
2024-10-29 10:32:07 +00:00
|
|
|
from ...helpers.bearer_token import create_bearer_token
|
|
|
|
from ...helpers.container_access import assert_full_access_to_container
|
2022-12-06 15:06:39 +00:00
|
|
|
|
|
|
|
|
2024-07-17 20:56:05 +00:00
|
|
|
@pytest.fixture(scope="session")
|
2022-12-06 15:06:39 +00:00
|
|
|
@allure.title("Create user container for bearer token usage")
|
2024-07-17 20:56:05 +00:00
|
|
|
def user_container(default_wallet: WalletInfo, client_shell: Shell, cluster: Cluster, request: FixtureRequest) -> StorageContainer:
|
|
|
|
rule = request.param if "param" in request.__dict__ else SINGLE_PLACEMENT_RULE
|
|
|
|
container_id = create_container(default_wallet, client_shell, cluster.default_rpc_endpoint, rule, PUBLIC_ACL)
|
|
|
|
|
2022-12-06 15:06:39 +00:00
|
|
|
# Deliberately using s3gate wallet here to test bearer token
|
2024-07-17 20:56:05 +00:00
|
|
|
s3_gate_wallet = WalletInfo.from_node(cluster.s3_gates[0])
|
|
|
|
return StorageContainer(StorageContainerInfo(container_id, s3_gate_wallet), client_shell, cluster)
|
|
|
|
|
|
|
|
|
|
|
|
@pytest.fixture(scope="session")
|
|
|
|
@allure.title("Create bearer token with allowed put for container")
|
|
|
|
def bearer_token(frostfs_cli: FrostfsCli, temp_directory: str, user_container: StorageContainer, cluster: Cluster) -> str:
|
|
|
|
rule = ape.Rule(ape.Verb.ALLOW, ape.ObjectOperations.WILDCARD_ALL)
|
|
|
|
return create_bearer_token(frostfs_cli, temp_directory, user_container.get_id(), rule, cluster.default_rpc_endpoint)
|
2022-12-06 15:06:39 +00:00
|
|
|
|
|
|
|
|
|
|
|
@pytest.fixture()
|
|
|
|
def storage_objects(
|
|
|
|
user_container: StorageContainer,
|
2024-07-17 20:56:05 +00:00
|
|
|
bearer_token: str,
|
2023-09-08 10:35:34 +00:00
|
|
|
object_size: ObjectSize,
|
2022-12-06 15:06:39 +00:00
|
|
|
cluster: Cluster,
|
|
|
|
) -> list[StorageObjectInfo]:
|
|
|
|
storage_objects: list[StorageObjectInfo] = []
|
|
|
|
for node in cluster.storage_nodes:
|
|
|
|
storage_objects.append(
|
|
|
|
user_container.generate_object(
|
2023-08-02 11:54:03 +00:00
|
|
|
object_size.value,
|
2024-07-17 20:56:05 +00:00
|
|
|
bearer_token=bearer_token,
|
2022-12-06 15:06:39 +00:00
|
|
|
endpoint=node.get_rpc_endpoint(),
|
|
|
|
)
|
|
|
|
)
|
|
|
|
return storage_objects
|
|
|
|
|
|
|
|
|
2024-10-11 09:30:23 +00:00
|
|
|
@pytest.mark.nightly
|
2022-12-06 15:06:39 +00:00
|
|
|
@pytest.mark.bearer
|
2024-07-17 20:56:05 +00:00
|
|
|
@pytest.mark.ape
|
2022-12-06 15:06:39 +00:00
|
|
|
class TestObjectApiWithBearerToken(ClusterTestBase):
|
2023-10-31 14:51:09 +00:00
|
|
|
@allure.title("Object can be deleted from any node using s3gate wallet with bearer token (obj_size={object_size})")
|
2022-12-06 15:06:39 +00:00
|
|
|
@pytest.mark.parametrize(
|
2023-09-08 10:35:34 +00:00
|
|
|
"user_container",
|
|
|
|
[SINGLE_PLACEMENT_RULE],
|
2022-12-06 15:06:39 +00:00
|
|
|
indirect=True,
|
|
|
|
)
|
|
|
|
def test_delete_object_with_s3_wallet_bearer(
|
|
|
|
self,
|
|
|
|
storage_objects: list[StorageObjectInfo],
|
2024-07-17 20:56:05 +00:00
|
|
|
bearer_token: str,
|
2022-12-06 15:06:39 +00:00
|
|
|
):
|
2024-03-11 16:34:54 +00:00
|
|
|
s3_gate_wallet = WalletInfo.from_node(self.cluster.s3_gates[0])
|
2024-07-17 20:56:05 +00:00
|
|
|
with reporter.step("Delete each object from first storage node"):
|
2022-12-06 15:06:39 +00:00
|
|
|
for storage_object in storage_objects:
|
|
|
|
with expect_not_raises():
|
|
|
|
delete_object(
|
2024-03-11 16:34:54 +00:00
|
|
|
s3_gate_wallet,
|
2022-12-06 15:06:39 +00:00
|
|
|
storage_object.cid,
|
|
|
|
storage_object.oid,
|
|
|
|
self.shell,
|
|
|
|
endpoint=self.cluster.default_rpc_endpoint,
|
2024-07-17 20:56:05 +00:00
|
|
|
bearer=bearer_token,
|
2022-12-06 15:06:39 +00:00
|
|
|
)
|
|
|
|
|
2023-10-31 14:51:09 +00:00
|
|
|
@allure.title("Object can be fetched from any node using s3gate wallet with bearer token (obj_size={object_size})")
|
2022-12-06 15:06:39 +00:00
|
|
|
@pytest.mark.parametrize(
|
2023-09-08 10:35:34 +00:00
|
|
|
"user_container",
|
|
|
|
[REP_2_FOR_3_NODES_PLACEMENT_RULE],
|
|
|
|
indirect=True,
|
2022-12-06 15:06:39 +00:00
|
|
|
)
|
|
|
|
def test_get_object_with_s3_wallet_bearer_from_all_nodes(
|
|
|
|
self,
|
|
|
|
user_container: StorageContainer,
|
2023-08-02 11:54:03 +00:00
|
|
|
object_size: ObjectSize,
|
2024-07-17 20:56:05 +00:00
|
|
|
bearer_token: str,
|
2022-12-06 15:06:39 +00:00
|
|
|
):
|
2024-03-11 16:34:54 +00:00
|
|
|
s3_gate_wallet = WalletInfo.from_node(self.cluster.s3_gates[0])
|
2024-07-17 20:56:05 +00:00
|
|
|
with reporter.step("Put object to container"):
|
2022-12-06 15:06:39 +00:00
|
|
|
storage_object = user_container.generate_object(
|
2024-07-17 20:56:05 +00:00
|
|
|
object_size.value,
|
|
|
|
bearer_token=bearer_token,
|
|
|
|
endpoint=self.cluster.default_rpc_endpoint,
|
2022-12-06 15:06:39 +00:00
|
|
|
)
|
|
|
|
|
2024-07-17 20:56:05 +00:00
|
|
|
with reporter.step("Get object from each storage node"):
|
2022-12-06 15:06:39 +00:00
|
|
|
for node in self.cluster.storage_nodes:
|
|
|
|
with expect_not_raises():
|
|
|
|
get_object(
|
2024-03-11 16:34:54 +00:00
|
|
|
s3_gate_wallet,
|
2022-12-06 15:06:39 +00:00
|
|
|
storage_object.cid,
|
|
|
|
storage_object.oid,
|
|
|
|
self.shell,
|
2024-07-17 20:56:05 +00:00
|
|
|
node.get_rpc_endpoint(),
|
|
|
|
bearer_token,
|
2022-12-06 15:06:39 +00:00
|
|
|
)
|
2024-07-17 20:56:05 +00:00
|
|
|
|
|
|
|
@allure.title("Wildcard APE rule contains all permissions (obj_size={object_size})")
|
|
|
|
def test_ape_wildcard_contains_all_rules(
|
|
|
|
self,
|
|
|
|
other_wallet: WalletInfo,
|
|
|
|
storage_objects: list[StorageObjectInfo],
|
|
|
|
bearer_token: str,
|
|
|
|
):
|
|
|
|
obj = storage_objects.pop()
|
|
|
|
with reporter.step(f"Assert all operations available with object"):
|
|
|
|
assert_full_access_to_container(other_wallet, obj.cid, obj.oid, obj.file_path, self.shell, self.cluster, bearer_token)
|