(#116): fixed eACL tests; refactored acl keywords
Signed-off-by: anastasia prasolova <anastasia@nspcc.ru>
This commit is contained in:
parent
19f9d97328
commit
7552a742f3
16 changed files with 772 additions and 678 deletions
199
robot/resources/lib/acl.py
Normal file
199
robot/resources/lib/acl.py
Normal file
|
@ -0,0 +1,199 @@
|
|||
#!/usr/bin/python3.8
|
||||
|
||||
from enum import Enum, auto
|
||||
import json
|
||||
import os
|
||||
import re
|
||||
import uuid
|
||||
|
||||
import base64
|
||||
import base58
|
||||
from cli_helpers import _cmd_run
|
||||
from common import ASSETS_DIR, NEOFS_ENDPOINT
|
||||
from robot.api.deco import keyword
|
||||
from robot.api import logger
|
||||
|
||||
|
||||
"""
|
||||
Robot Keywords and helper functions for work with NeoFS ACL.
|
||||
"""
|
||||
|
||||
|
||||
ROBOT_AUTO_KEYWORDS = False
|
||||
|
||||
# path to neofs-cli executable
|
||||
NEOFS_CLI_EXEC = os.getenv('NEOFS_CLI_EXEC', 'neofs-cli')
|
||||
EACL_LIFETIME = 100500
|
||||
|
||||
class AutoName(Enum):
|
||||
def _generate_next_value_(name, start, count, last_values):
|
||||
return name
|
||||
|
||||
class Role(AutoName):
|
||||
USER = auto()
|
||||
SYSTEM = auto()
|
||||
OTHERS = auto()
|
||||
|
||||
|
||||
@keyword('Get eACL')
|
||||
def get_eacl(wif: str, cid: str):
|
||||
cmd = (
|
||||
f'{NEOFS_CLI_EXEC} --rpc-endpoint {NEOFS_ENDPOINT} --wif {wif} '
|
||||
f'container get-eacl --cid {cid}'
|
||||
)
|
||||
logger.info(f"cmd: {cmd}")
|
||||
try:
|
||||
output = _cmd_run(cmd)
|
||||
if re.search(r'extended ACL table is not set for this container', output):
|
||||
return None
|
||||
return output
|
||||
except RuntimeError as exc:
|
||||
logger.info("Extended ACL table is not set for this container")
|
||||
logger.info(f"Got exception while getting eacl: {exc}")
|
||||
return None
|
||||
|
||||
|
||||
@keyword('Set eACL')
|
||||
def set_eacl(wif: str, cid: str, eacl_table_path: str):
|
||||
cmd = (
|
||||
f'{NEOFS_CLI_EXEC} --rpc-endpoint {NEOFS_ENDPOINT} --wif {wif} '
|
||||
f'container set-eacl --cid {cid} --table {eacl_table_path} --await'
|
||||
)
|
||||
logger.info(f"cmd: {cmd}")
|
||||
_cmd_run(cmd)
|
||||
|
||||
|
||||
def _encode_cid_for_eacl(cid: str) -> str:
|
||||
cid_base58 = base58.b58decode(cid)
|
||||
return base64.b64encode(cid_base58).decode("utf-8")
|
||||
|
||||
|
||||
@keyword('Form BearerToken File')
|
||||
def form_bearertoken_file(wif: str, cid: str, eacl_records: list) -> str:
|
||||
"""
|
||||
This function fetches eACL for given <cid> on behalf of <wif>,
|
||||
then extends it with filters taken from <eacl_records>, signs
|
||||
with bearer token and writes to file
|
||||
"""
|
||||
enc_cid = _encode_cid_for_eacl(cid)
|
||||
file_path = f"{os.getcwd()}/{ASSETS_DIR}/{str(uuid.uuid4())}"
|
||||
|
||||
eacl = get_eacl(wif, cid)
|
||||
json_eacl = dict()
|
||||
if eacl:
|
||||
eacl = eacl.replace('eACL: ', '')
|
||||
eacl = eacl.split('Signature')[0]
|
||||
json_eacl = json.loads(eacl)
|
||||
logger.info(json_eacl)
|
||||
eacl_result = {
|
||||
"body":
|
||||
{
|
||||
"eaclTable":
|
||||
{
|
||||
"containerID":
|
||||
{
|
||||
"value": enc_cid
|
||||
},
|
||||
"records": []
|
||||
},
|
||||
"lifetime":
|
||||
{
|
||||
"exp": EACL_LIFETIME,
|
||||
"nbf": "1",
|
||||
"iat": "0"
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if not eacl_records:
|
||||
raise(f"Got empty eacl_records list: {eacl_records}")
|
||||
for record in eacl_records:
|
||||
op_data = {
|
||||
"operation": record['Operation'],
|
||||
"action": record['Access'],
|
||||
"filters": [],
|
||||
"targets": []
|
||||
}
|
||||
|
||||
if Role(record['Role']):
|
||||
op_data['targets'] = [
|
||||
{
|
||||
"role": record['Role']
|
||||
}
|
||||
]
|
||||
else:
|
||||
op_data['targets'] = [
|
||||
{
|
||||
"keys": [ record['Role'] ]
|
||||
}
|
||||
]
|
||||
|
||||
if 'Filters' in record.keys():
|
||||
op_data["filters"].append(record['Filters'])
|
||||
|
||||
eacl_result["body"]["eaclTable"]["records"].append(op_data)
|
||||
|
||||
# Add records from current eACL
|
||||
if "records" in json_eacl.keys():
|
||||
for record in json_eacl["records"]:
|
||||
eacl_result["body"]["eaclTable"]["records"].append(record)
|
||||
|
||||
with open(file_path, 'w', encoding='utf-8') as eacl_file:
|
||||
json.dump(eacl_result, eacl_file, ensure_ascii=False, indent=4)
|
||||
|
||||
logger.info(f"Got these extended ACL records: {eacl_result}")
|
||||
sign_bearer_token(wif, file_path)
|
||||
return file_path
|
||||
|
||||
|
||||
def sign_bearer_token(wif: str, eacl_rules_file: str):
|
||||
cmd = (
|
||||
f'{NEOFS_CLI_EXEC} util sign bearer-token --from {eacl_rules_file} '
|
||||
f'--to {eacl_rules_file} --wif {wif} --json'
|
||||
)
|
||||
logger.info(f"cmd: {cmd}")
|
||||
_cmd_run(cmd)
|
||||
|
||||
|
||||
@keyword('Form eACL json common file')
|
||||
def form_eacl_json_common_file(file_path: str, eacl_records: list) -> str:
|
||||
# Input role can be Role (USER, SYSTEM, OTHERS) or public key.
|
||||
eacl = {"records":[]}
|
||||
|
||||
for record in eacl_records:
|
||||
op_data = dict()
|
||||
|
||||
if record['Role'] == "USER" or record['Role'] == "SYSTEM" or record['Role'] == "OTHERS":
|
||||
op_data = {
|
||||
"operation": record['Operation'],
|
||||
"action": record['Access'],
|
||||
"filters": [],
|
||||
"targets": [
|
||||
{
|
||||
"role": record['Role']
|
||||
}
|
||||
]
|
||||
}
|
||||
else:
|
||||
op_data = {
|
||||
"operation": record['Operation'],
|
||||
"action": record['Access'],
|
||||
"filters": [],
|
||||
"targets": [
|
||||
{
|
||||
"keys": [ record['Role'] ]
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
if 'Filters' in record.keys():
|
||||
op_data["filters"].append(record['Filters'])
|
||||
|
||||
eacl["records"].append(op_data)
|
||||
|
||||
logger.info(f"Got these extended ACL records: {eacl}")
|
||||
|
||||
with open(file_path, 'w', encoding='utf-8') as eacl_file:
|
||||
json.dump(eacl, eacl_file, ensure_ascii=False, indent=4)
|
||||
|
||||
return file_path
|
29
robot/resources/lib/cli_helpers.py
Normal file
29
robot/resources/lib/cli_helpers.py
Normal file
|
@ -0,0 +1,29 @@
|
|||
#!/usr/bin/python3.8
|
||||
|
||||
"""
|
||||
Helper functions to use with `neofs-cli`, `neo-go`
|
||||
and other CLIs.
|
||||
"""
|
||||
|
||||
import subprocess
|
||||
|
||||
from robot.api import logger
|
||||
|
||||
ROBOT_AUTO_KEYWORDS = False
|
||||
|
||||
|
||||
def _cmd_run(cmd):
|
||||
"""
|
||||
Runs given shell command <cmd>, in case of success returns its stdout,
|
||||
in case of failure returns error message.
|
||||
"""
|
||||
try:
|
||||
compl_proc = subprocess.run(cmd, check=True, universal_newlines=True,
|
||||
stdout=subprocess.PIPE, stderr=subprocess.STDOUT, timeout=30,
|
||||
shell=True)
|
||||
output = compl_proc.stdout
|
||||
logger.info(f"Output: {output}")
|
||||
return output
|
||||
except subprocess.CalledProcessError as exc:
|
||||
raise RuntimeError(f"Error:\nreturn code: {exc.returncode} "
|
||||
f"\nOutput: {exc.output}") from exc
|
|
@ -17,6 +17,7 @@ from robot.api.deco import keyword
|
|||
from robot.api import logger
|
||||
|
||||
from common import *
|
||||
from cli_helpers import _cmd_run
|
||||
|
||||
ROBOT_AUTO_KEYWORDS = False
|
||||
|
||||
|
@ -120,115 +121,12 @@ def validate_storage_policy_for_object(private_key: str, expected_copies: int, c
|
|||
raise Exception(f"Found node list '{found_nodes}' is not equal to expected list '{expected_node_list}'")
|
||||
|
||||
|
||||
@keyword('Get eACL')
|
||||
def get_eacl(private_key: str, cid: str):
|
||||
|
||||
Cmd = (
|
||||
f'{NEOFS_CLI_EXEC} --rpc-endpoint {NEOFS_ENDPOINT} --wif {private_key} '
|
||||
f'container get-eacl --cid {cid}'
|
||||
)
|
||||
logger.info(f"Cmd: {Cmd}")
|
||||
output = _cmd_run(Cmd)
|
||||
if re.search(r'extended ACL table is not set for this container', output):
|
||||
logger.info("Extended ACL table is not set for this container.")
|
||||
|
||||
|
||||
@keyword('Set eACL')
|
||||
def set_eacl(private_key: str, cid: str, eacl_table_path: str):
|
||||
cmd = (
|
||||
f'{NEOFS_CLI_EXEC} --rpc-endpoint {NEOFS_ENDPOINT} --wif {private_key} '
|
||||
f'container set-eacl --cid {cid} --table {eacl_table_path} --await'
|
||||
)
|
||||
logger.info(f"Cmd: {cmd}")
|
||||
_cmd_run(cmd)
|
||||
|
||||
|
||||
@keyword('Form BearerToken file')
|
||||
def form_bearertoken_file(private_key: str, cid: str, file_name: str, eacl_oper_list,
|
||||
lifetime_exp: str ):
|
||||
cid_base58_b = base58.b58decode(cid)
|
||||
cid_base64 = base64.b64encode(cid_base58_b).decode("utf-8")
|
||||
eacl = get_eacl(private_key, cid)
|
||||
json_eacl = {}
|
||||
file_path = f"{ASSETS_DIR}/{file_name}"
|
||||
|
||||
if eacl:
|
||||
res_json = re.split(r'[\s\n]+Signature:', eacl)
|
||||
input_eacl = res_json[0].replace('eACL: ', '')
|
||||
json_eacl = json.loads(input_eacl)
|
||||
|
||||
eacl_result = {"body":{ "eaclTable": { "containerID": { "value": cid_base64 }, "records": [] }, "lifetime": {"exp": lifetime_exp, "nbf": "1", "iat": "0"} } }
|
||||
|
||||
if eacl_oper_list:
|
||||
for record in eacl_oper_list:
|
||||
op_data = dict()
|
||||
|
||||
if record['Role'] == "USER" or record['Role'] == "SYSTEM" or record['Role'] == "OTHERS":
|
||||
op_data = {"operation":record['Operation'],"action":record['Access'],"filters": [],"targets":[{"role":record['Role']}]}
|
||||
else:
|
||||
op_data = {"operation":record['Operation'],"action":record['Access'],"filters": [],"targets":[{"keys": [ record['Role'] ]}]}
|
||||
|
||||
if 'Filters' in record.keys():
|
||||
op_data["filters"].append(record['Filters'])
|
||||
|
||||
eacl_result["body"]["eaclTable"]["records"].append(op_data)
|
||||
|
||||
# Add records from current eACL
|
||||
if "records" in json_eacl.keys():
|
||||
for record in json_eacl["records"]:
|
||||
eacl_result["body"]["eaclTable"]["records"].append(record)
|
||||
|
||||
with open(file_path, 'w', encoding='utf-8') as f:
|
||||
json.dump(eacl_result, f, ensure_ascii=False, indent=4)
|
||||
|
||||
logger.info(eacl_result)
|
||||
|
||||
# Sign bearer token
|
||||
Cmd = (
|
||||
f'{NEOFS_CLI_EXEC} util sign bearer-token --from {file_path} '
|
||||
f'--to {file_path} --wif {private_key} --json'
|
||||
)
|
||||
logger.info(f"Cmd: {Cmd}")
|
||||
_cmd_run(Cmd)
|
||||
|
||||
return file_path
|
||||
|
||||
|
||||
@keyword('Form eACL json common file')
|
||||
def form_eacl_json_common_file(file_path, eacl_oper_list ):
|
||||
# Input role can be Role (USER, SYSTEM, OTHERS) or public key.
|
||||
eacl = {"records":[]}
|
||||
|
||||
logger.info(eacl_oper_list)
|
||||
|
||||
if eacl_oper_list:
|
||||
for record in eacl_oper_list:
|
||||
op_data = dict()
|
||||
|
||||
if record['Role'] == "USER" or record['Role'] == "SYSTEM" or record['Role'] == "OTHERS":
|
||||
op_data = {"operation":record['Operation'],"action":record['Access'],"filters": [],"targets":[{"role":record['Role']}]}
|
||||
else:
|
||||
op_data = {"operation":record['Operation'],"action":record['Access'],"filters": [],"targets":[{"keys": [ record['Role'] ]}]}
|
||||
|
||||
if 'Filters' in record.keys():
|
||||
op_data["filters"].append(record['Filters'])
|
||||
|
||||
eacl["records"].append(op_data)
|
||||
|
||||
logger.info(eacl)
|
||||
|
||||
with open(file_path, 'w', encoding='utf-8') as f:
|
||||
json.dump(eacl, f, ensure_ascii=False, indent=4)
|
||||
|
||||
return file_path
|
||||
|
||||
|
||||
@keyword('Get Range')
|
||||
def get_range(private_key: str, cid: str, oid: str, range_file: str, bearer: str,
|
||||
range_cut: str, options:str=""):
|
||||
bearer_token = ""
|
||||
if bearer:
|
||||
bearer_token = f"--bearer {ASSETS_DIR}/{bearer}"
|
||||
bearer_token = f"--bearer {bearer}"
|
||||
|
||||
Cmd = (
|
||||
f'{NEOFS_CLI_EXEC} --rpc-endpoint {NEOFS_ENDPOINT} --wif {private_key} '
|
||||
|
@ -237,7 +135,7 @@ def get_range(private_key: str, cid: str, oid: str, range_file: str, bearer: str
|
|||
)
|
||||
logger.info(f"Cmd: {Cmd}")
|
||||
_cmd_run(Cmd)
|
||||
|
||||
|
||||
|
||||
@keyword('Create container')
|
||||
def create_container(private_key: str, basic_acl:str, rule:str, user_headers: str=''):
|
||||
|
@ -294,7 +192,7 @@ def search_object(private_key: str, cid: str, keys: str, bearer: str, filters: s
|
|||
filters_result = ""
|
||||
|
||||
if bearer:
|
||||
bearer_token = f"--bearer {ASSETS_DIR}/{bearer}"
|
||||
bearer_token = f"--bearer {bearer}"
|
||||
if filters:
|
||||
for filter_item in filters.split(','):
|
||||
filter_item = re.sub(r'=', ' EQ ', filter_item)
|
||||
|
@ -380,8 +278,8 @@ def verify_split_chain(private_key: str, cid: str, oid: str):
|
|||
parsed_header_virtual = parse_object_virtual_raw_header(header_virtual)
|
||||
|
||||
if 'Last object' in parsed_header_virtual.keys():
|
||||
header_last = head_object(private_key, cid,
|
||||
parsed_header_virtual['Last object'],
|
||||
header_last = head_object(private_key, cid,
|
||||
parsed_header_virtual['Last object'],
|
||||
'', '', '--raw')
|
||||
header_last_parsed = _get_raw_split_information(header_last)
|
||||
marker_last_obj = 1
|
||||
|
@ -402,8 +300,8 @@ def verify_split_chain(private_key: str, cid: str, oid: str):
|
|||
parsed_header_virtual = parse_object_virtual_raw_header(header_virtual)
|
||||
if 'Linking object' in parsed_header_virtual.keys():
|
||||
|
||||
header_link = head_object(private_key, cid,
|
||||
parsed_header_virtual['Linking object'],
|
||||
header_link = head_object(private_key, cid,
|
||||
parsed_header_virtual['Linking object'],
|
||||
'', '', '--raw')
|
||||
header_link_parsed = _get_raw_split_information(header_link)
|
||||
marker_link_obj = 1
|
||||
|
@ -601,7 +499,7 @@ def head_object(private_key: str, cid: str, oid: str, bearer_token: str="",
|
|||
user_headers:str="", options:str="", endpoint: str="", json_output: bool = False):
|
||||
|
||||
if bearer_token:
|
||||
bearer_token = f"--bearer {ASSETS_DIR}/{bearer_token}"
|
||||
bearer_token = f"--bearer {bearer_token}"
|
||||
if endpoint == "":
|
||||
endpoint = NEOFS_ENDPOINT
|
||||
|
||||
|
@ -770,7 +668,7 @@ def verify_head_attribute(header, attribute):
|
|||
def delete_object(private_key: str, cid: str, oid: str, bearer: str, options: str=""):
|
||||
bearer_token = ""
|
||||
if bearer:
|
||||
bearer_token = f"--bearer {ASSETS_DIR}/{bearer}"
|
||||
bearer_token = f"--bearer {bearer}"
|
||||
|
||||
object_cmd = (
|
||||
f'{NEOFS_CLI_EXEC} --rpc-endpoint {NEOFS_ENDPOINT} --wif {private_key} '
|
||||
|
@ -779,7 +677,7 @@ def delete_object(private_key: str, cid: str, oid: str, bearer: str, options: st
|
|||
logger.info(f"Cmd: {object_cmd}")
|
||||
output = _cmd_run(object_cmd)
|
||||
tombstone = _parse_oid(output)
|
||||
|
||||
|
||||
return tombstone
|
||||
|
||||
|
||||
|
@ -805,7 +703,7 @@ def get_file_name(filepath):
|
|||
def get_file_hash(filename : str):
|
||||
file_hash = _get_file_hash(filename)
|
||||
return file_hash
|
||||
|
||||
|
||||
|
||||
@keyword('Verify file hash')
|
||||
def verify_file_hash(filename, expected_hash):
|
||||
|
@ -828,7 +726,7 @@ def put_object(private_key: str, path: str, cid: str, bearer: str, user_headers:
|
|||
user_headers = f"--attributes {user_headers}"
|
||||
|
||||
if bearer:
|
||||
bearer = f"--bearer {ASSETS_DIR}/{bearer}"
|
||||
bearer = f"--bearer {bearer}"
|
||||
|
||||
putobject_cmd = (
|
||||
f'{NEOFS_CLI_EXEC} --rpc-endpoint {endpoint} --wif {private_key} object '
|
||||
|
@ -905,7 +803,7 @@ def find_in_nodes_Log(line: str, nodes_logs_time: dict):
|
|||
def get_range_hash(private_key: str, cid: str, oid: str, bearer_token: str,
|
||||
range_cut: str, options: str=""):
|
||||
if bearer_token:
|
||||
bearer_token = f"--bearer {ASSETS_DIR}/{bearer_token}"
|
||||
bearer_token = f"--bearer {bearer_token}"
|
||||
|
||||
object_cmd = (
|
||||
f'{NEOFS_CLI_EXEC} --rpc-endpoint {NEOFS_ENDPOINT} --wif {private_key} '
|
||||
|
@ -914,7 +812,7 @@ def get_range_hash(private_key: str, cid: str, oid: str, bearer_token: str,
|
|||
)
|
||||
logger.info(f"Cmd: {object_cmd}")
|
||||
_cmd_run(object_cmd)
|
||||
|
||||
|
||||
|
||||
@keyword('Get object')
|
||||
def get_object(private_key: str, cid: str, oid: str, bearer_token: str,
|
||||
|
@ -928,7 +826,7 @@ def get_object(private_key: str, cid: str, oid: str, bearer_token: str,
|
|||
|
||||
|
||||
if bearer_token:
|
||||
bearer_token = f"--bearer {ASSETS_DIR}/{bearer_token}"
|
||||
bearer_token = f"--bearer {bearer_token}"
|
||||
|
||||
object_cmd = (
|
||||
f'{NEOFS_CLI_EXEC} --rpc-endpoint {endpoint} --wif {private_key} '
|
||||
|
@ -947,7 +845,7 @@ def put_storagegroup(private_key: str, cid: str, bearer_token: str="", *oid_list
|
|||
cmd_oid_line = ",".join(oid_list)
|
||||
|
||||
if bearer_token:
|
||||
bearer_token = f"--bearer {ASSETS_DIR}/{bearer_token}"
|
||||
bearer_token = f"--bearer {bearer_token}"
|
||||
|
||||
object_cmd = (
|
||||
f'{NEOFS_CLI_EXEC} --rpc-endpoint {NEOFS_ENDPOINT} --wif {private_key} storagegroup '
|
||||
|
@ -964,7 +862,7 @@ def put_storagegroup(private_key: str, cid: str, bearer_token: str="", *oid_list
|
|||
def list_storagegroup(private_key: str, cid: str, bearer_token: str="", *expected_list):
|
||||
|
||||
if bearer_token:
|
||||
bearer_token = f"--bearer {ASSETS_DIR}/{bearer_token}"
|
||||
bearer_token = f"--bearer {bearer_token}"
|
||||
|
||||
object_cmd = (
|
||||
f'{NEOFS_CLI_EXEC} --rpc-endpoint {NEOFS_ENDPOINT} --wif {private_key} '
|
||||
|
@ -988,7 +886,7 @@ def list_storagegroup(private_key: str, cid: str, bearer_token: str="", *expecte
|
|||
def get_storagegroup(private_key: str, cid: str, oid: str, bearer_token: str, expected_size, *expected_objects_list):
|
||||
|
||||
if bearer_token:
|
||||
bearer_token = f"--bearer {ASSETS_DIR}/{bearer_token}"
|
||||
bearer_token = f"--bearer {bearer_token}"
|
||||
|
||||
object_cmd = f'{NEOFS_CLI_EXEC} --rpc-endpoint {NEOFS_ENDPOINT} --wif {private_key} storagegroup get --cid {cid} --id {oid} {bearer_token}'
|
||||
logger.info(f"Cmd: {object_cmd}")
|
||||
|
@ -1013,7 +911,7 @@ def get_storagegroup(private_key: str, cid: str, oid: str, bearer_token: str, ex
|
|||
def delete_storagegroup(private_key: str, cid: str, oid: str, bearer_token: str=""):
|
||||
|
||||
if bearer_token:
|
||||
bearer_token = f"--bearer {ASSETS_DIR}/{bearer_token}"
|
||||
bearer_token = f"--bearer {bearer_token}"
|
||||
|
||||
object_cmd = (
|
||||
f'{NEOFS_CLI_EXEC} --rpc-endpoint {NEOFS_ENDPOINT} --wif {private_key} storagegroup '
|
||||
|
@ -1118,14 +1016,3 @@ def _search_object(node:str, private_key: str, cid:str, oid: str):
|
|||
logger.info("Server is not presented in container.")
|
||||
elif ( re.search(r'timed out after 30 seconds', output) or re.search(r'no route to host', output) or re.search(r'i/o timeout', output)):
|
||||
logger.warn("Node is unavailable")
|
||||
|
||||
|
||||
def _cmd_run(cmd):
|
||||
try:
|
||||
complProc = subprocess.run(cmd, check=True, universal_newlines=True,
|
||||
stdout=subprocess.PIPE, stderr=subprocess.STDOUT, timeout=30, shell=True)
|
||||
output = complProc.stdout
|
||||
logger.info(f"Output: {output}")
|
||||
return output
|
||||
except subprocess.CalledProcessError as e:
|
||||
raise Exception(f"Error:\nreturn code: {e.returncode} \nOutput: {e.output}")
|
||||
|
|
|
@ -1,9 +1,12 @@
|
|||
*** Settings ***
|
||||
Variables ../../../variables/common.py
|
||||
Library ../${RESOURCES}/neofs.py
|
||||
Library ../${RESOURCES}/payment_neogo.py
|
||||
Library Collections
|
||||
|
||||
Library Collections
|
||||
Library neofs.py
|
||||
Library acl.py
|
||||
Library payment_neogo.py
|
||||
|
||||
Resource ../../../variables/eacl_tables.robot
|
||||
Resource common_steps_acl_bearer.robot
|
||||
Resource ../${RESOURCES}/payment_operations.robot
|
||||
Resource ../${RESOURCES}/setup_teardown.robot
|
||||
|
@ -37,52 +40,52 @@ BearerToken Operations
|
|||
|
||||
Check eACL Deny and Allow All Bearer
|
||||
|
||||
${CID} = Create Container Public
|
||||
${S_OID_USER} = Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER}
|
||||
${D_OID_USER} = Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER_DEL}
|
||||
@{S_OBJ_H} = Create List ${S_OID_USER}
|
||||
${CID} = Create Container Public
|
||||
${S_OID_USER} = Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER}
|
||||
${D_OID_USER} = Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER_DEL}
|
||||
@{S_OBJ_H} = Create List ${S_OID_USER}
|
||||
|
||||
Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_OTH_HEADER}
|
||||
Get object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl
|
||||
Search object ${USER_KEY} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER} ${S_OBJ_H}
|
||||
Head object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY}
|
||||
Get Range ${USER_KEY} ${CID} ${S_OID_USER} s_get_range ${EMPTY} 0:256
|
||||
Delete object ${USER_KEY} ${CID} ${D_OID_USER} ${EMPTY}
|
||||
Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_OTH_HEADER}
|
||||
Get object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl
|
||||
Search object ${USER_KEY} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER} ${S_OBJ_H}
|
||||
Head object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY}
|
||||
Get Range ${USER_KEY} ${CID} ${S_OID_USER} s_get_range ${EMPTY} 0:256
|
||||
Delete object ${USER_KEY} ${CID} ${D_OID_USER} ${EMPTY}
|
||||
|
||||
Set eACL ${USER_KEY} ${CID} ${EACL_DENY_ALL_USER}
|
||||
Set eACL ${USER_KEY} ${CID} ${EACL_DENY_ALL_USER}
|
||||
|
||||
# The current ACL cache lifetime is 30 sec
|
||||
Sleep ${NEOFS_CONTRACT_CACHE_TIMEOUT}
|
||||
# The current ACL cache lifetime is 30 sec
|
||||
Sleep ${NEOFS_CONTRACT_CACHE_TIMEOUT}
|
||||
|
||||
${rule1}= Create Dictionary Operation=GET Access=ALLOW Role=USER
|
||||
${rule2}= Create Dictionary Operation=HEAD Access=ALLOW Role=USER
|
||||
${rule3}= Create Dictionary Operation=PUT Access=ALLOW Role=USER
|
||||
${rule4}= Create Dictionary Operation=DELETE Access=ALLOW Role=USER
|
||||
${rule5}= Create Dictionary Operation=SEARCH Access=ALLOW Role=USER
|
||||
${rule6}= Create Dictionary Operation=GETRANGE Access=ALLOW Role=USER
|
||||
${rule7}= Create Dictionary Operation=GETRANGEHASH Access=ALLOW Role=USER
|
||||
${rule1}= Create Dictionary Operation=GET Access=ALLOW Role=USER
|
||||
${rule2}= Create Dictionary Operation=HEAD Access=ALLOW Role=USER
|
||||
${rule3}= Create Dictionary Operation=PUT Access=ALLOW Role=USER
|
||||
${rule4}= Create Dictionary Operation=DELETE Access=ALLOW Role=USER
|
||||
${rule5}= Create Dictionary Operation=SEARCH Access=ALLOW Role=USER
|
||||
${rule6}= Create Dictionary Operation=GETRANGE Access=ALLOW Role=USER
|
||||
${rule7}= Create Dictionary Operation=GETRANGEHASH Access=ALLOW Role=USER
|
||||
|
||||
${eACL_gen}= Create List ${rule1} ${rule2} ${rule3} ${rule4} ${rule5} ${rule6} ${rule7}
|
||||
${eACL_gen}= Create List ${rule1} ${rule2} ${rule3} ${rule4} ${rule5} ${rule6} ${rule7}
|
||||
|
||||
Form BearerToken file ${USER_KEY} ${CID} bearer_allow_all_user ${eACL_gen} 100500
|
||||
${EACL_TOKEN} = Form BearerToken File ${USER_KEY} ${CID} ${eACL_gen}
|
||||
|
||||
Run Keyword And Expect Error *
|
||||
... Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER}
|
||||
Run Keyword And Expect Error *
|
||||
... Get object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl
|
||||
Run Keyword And Expect Error *
|
||||
... Search object ${USER_KEY} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER} ${S_OBJ_H}
|
||||
Run Keyword And Expect Error *
|
||||
... Head object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY}
|
||||
Run Keyword And Expect Error *
|
||||
... Get Range ${USER_KEY} ${CID} ${S_OID_USER} s_get_range ${EMPTY} 0:256
|
||||
Run Keyword And Expect Error *
|
||||
... Delete object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY}
|
||||
Run Keyword And Expect Error *
|
||||
... Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER}
|
||||
Run Keyword And Expect Error *
|
||||
... Get object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl
|
||||
Run Keyword And Expect Error *
|
||||
... Search object ${USER_KEY} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER} ${S_OBJ_H}
|
||||
Run Keyword And Expect Error *
|
||||
... Head object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY}
|
||||
Run Keyword And Expect Error *
|
||||
... Get Range ${USER_KEY} ${CID} ${S_OID_USER} s_get_range ${EMPTY} 0:256
|
||||
Run Keyword And Expect Error *
|
||||
... Delete object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY}
|
||||
|
||||
# All operations on object should be passed with bearer token
|
||||
Put object ${USER_KEY} ${FILE_S} ${CID} bearer_allow_all_user ${FILE_OTH_HEADER}
|
||||
Get object ${USER_KEY} ${CID} ${S_OID_USER} bearer_allow_all_user local_file_eacl
|
||||
Search object ${USER_KEY} ${CID} ${EMPTY} bearer_allow_all_user ${FILE_USR_HEADER} ${S_OBJ_H}
|
||||
Head object ${USER_KEY} ${CID} ${S_OID_USER} bearer_allow_all_user
|
||||
Get Range ${USER_KEY} ${CID} ${S_OID_USER} s_get_range bearer_allow_all_user 0:256
|
||||
Delete object ${USER_KEY} ${CID} ${S_OID_USER} bearer_allow_all_user
|
||||
# All operations on object should be passed with bearer token
|
||||
Put object ${USER_KEY} ${FILE_S} ${CID} ${EACL_TOKEN} ${FILE_OTH_HEADER}
|
||||
Get object ${USER_KEY} ${CID} ${S_OID_USER} ${EACL_TOKEN} local_file_eacl
|
||||
Search object ${USER_KEY} ${CID} ${EMPTY} ${EACL_TOKEN} ${FILE_USR_HEADER} ${S_OBJ_H}
|
||||
Head object ${USER_KEY} ${CID} ${S_OID_USER} ${EACL_TOKEN}
|
||||
Get Range ${USER_KEY} ${CID} ${S_OID_USER} s_get_range ${EACL_TOKEN} 0:256
|
||||
Delete object ${USER_KEY} ${CID} ${S_OID_USER} ${EACL_TOKEN}
|
||||
|
|
|
@ -1,9 +1,12 @@
|
|||
*** Settings ***
|
||||
Variables ../../../variables/common.py
|
||||
Library ../${RESOURCES}/neofs.py
|
||||
Library ../${RESOURCES}/payment_neogo.py
|
||||
|
||||
Library Collections
|
||||
Library acl.py
|
||||
Library neofs.py
|
||||
Library payment_neogo.py
|
||||
|
||||
Resource ../../../variables/eacl_tables.robot
|
||||
Resource common_steps_acl_bearer.robot
|
||||
Resource ../${RESOURCES}/payment_operations.robot
|
||||
Resource ../${RESOURCES}/setup_teardown.robot
|
||||
|
@ -42,43 +45,43 @@ Check eACL Deny and Allow All Bearer
|
|||
|
||||
|
||||
# Storage group Operations (Put, List, Get, Delete)
|
||||
${SG_OID_INV} = Put Storagegroup ${USER_KEY} ${CID} ${EMPTY} ${S_OID_USER}
|
||||
${SG_OID_1} = Put Storagegroup ${USER_KEY} ${CID} ${EMPTY} ${S_OID_USER}
|
||||
List Storagegroup ${USER_KEY} ${CID} ${EMPTY} ${SG_OID_1} ${SG_OID_INV}
|
||||
@{EXPECTED_OIDS} = Run Keyword If "${RUN_TYPE}" == "Complex" Get Split objects ${USER_KEY} ${CID} ${S_OID_USER}
|
||||
... ELSE IF "${RUN_TYPE}" == "Simple" Create List ${S_OID_USER}
|
||||
Get Storagegroup ${USER_KEY} ${CID} ${SG_OID_1} ${EMPTY} ${EMPTY} @{EXPECTED_OIDS}
|
||||
Delete Storagegroup ${USER_KEY} ${CID} ${SG_OID_1} ${EMPTY}
|
||||
${SG_OID_INV} = Put Storagegroup ${USER_KEY} ${CID} ${EMPTY} ${S_OID_USER}
|
||||
${SG_OID_1} = Put Storagegroup ${USER_KEY} ${CID} ${EMPTY} ${S_OID_USER}
|
||||
List Storagegroup ${USER_KEY} ${CID} ${EMPTY} ${SG_OID_1} ${SG_OID_INV}
|
||||
@{EXPECTED_OIDS} = Run Keyword If "${RUN_TYPE}" == "Complex" Get Split objects ${USER_KEY} ${CID} ${S_OID_USER}
|
||||
... ELSE IF "${RUN_TYPE}" == "Simple" Create List ${S_OID_USER}
|
||||
Get Storagegroup ${USER_KEY} ${CID} ${SG_OID_1} ${EMPTY} ${EMPTY} @{EXPECTED_OIDS}
|
||||
Delete Storagegroup ${USER_KEY} ${CID} ${SG_OID_1} ${EMPTY}
|
||||
|
||||
Set eACL ${USER_KEY} ${CID} ${EACL_DENY_ALL_USER}
|
||||
Set eACL ${USER_KEY} ${CID} ${EACL_DENY_ALL_USER}
|
||||
|
||||
# The current ACL cache lifetime is 30 sec
|
||||
Sleep ${NEOFS_CONTRACT_CACHE_TIMEOUT}
|
||||
# The current ACL cache lifetime is 30 sec
|
||||
Sleep ${NEOFS_CONTRACT_CACHE_TIMEOUT}
|
||||
|
||||
${rule1}= Create Dictionary Operation=GET Access=ALLOW Role=USER
|
||||
${rule2}= Create Dictionary Operation=HEAD Access=ALLOW Role=USER
|
||||
${rule3}= Create Dictionary Operation=PUT Access=ALLOW Role=USER
|
||||
${rule4}= Create Dictionary Operation=DELETE Access=ALLOW Role=USER
|
||||
${rule5}= Create Dictionary Operation=SEARCH Access=ALLOW Role=USER
|
||||
${rule6}= Create Dictionary Operation=GETRANGE Access=ALLOW Role=USER
|
||||
${rule7}= Create Dictionary Operation=GETRANGEHASH Access=ALLOW Role=USER
|
||||
${rule1}= Create Dictionary Operation=GET Access=ALLOW Role=USER
|
||||
${rule2}= Create Dictionary Operation=HEAD Access=ALLOW Role=USER
|
||||
${rule3}= Create Dictionary Operation=PUT Access=ALLOW Role=USER
|
||||
${rule4}= Create Dictionary Operation=DELETE Access=ALLOW Role=USER
|
||||
${rule5}= Create Dictionary Operation=SEARCH Access=ALLOW Role=USER
|
||||
${rule6}= Create Dictionary Operation=GETRANGE Access=ALLOW Role=USER
|
||||
${rule7}= Create Dictionary Operation=GETRANGEHASH Access=ALLOW Role=USER
|
||||
|
||||
${eACL_gen}= Create List ${rule1} ${rule2} ${rule3} ${rule4} ${rule5} ${rule6} ${rule7}
|
||||
${eACL_gen}= Create List ${rule1} ${rule2} ${rule3} ${rule4} ${rule5} ${rule6} ${rule7}
|
||||
|
||||
Form BearerToken file ${USER_KEY} ${CID} bearer_allow_all_user ${eACL_gen} 100500
|
||||
${EACL_TOKEN} = Form BearerToken File ${USER_KEY} ${CID} ${eACL_gen}
|
||||
|
||||
# All storage groups should fail without bearer token
|
||||
Run Keyword And Expect Error *
|
||||
... Put Storagegroup ${USER_KEY} ${CID} ${EMPTY} ${S_OID_USER}
|
||||
Run Keyword And Expect Error *
|
||||
... List Storagegroup ${USER_KEY} ${CID} ${EMPTY} ${SG_OID_1} ${SG_OID_INV}
|
||||
Run Keyword And Expect Error *
|
||||
... Get Storagegroup ${USER_KEY} ${CID} ${SG_OID_1} ${EMPTY} ${EMPTY} @{EXPECTED_OIDS}
|
||||
Run Keyword And Expect Error *
|
||||
... Delete Storagegroup ${USER_KEY} ${CID} ${SG_OID_1} ${EMPTY}
|
||||
# All storage groups should fail without bearer token
|
||||
Run Keyword And Expect Error *
|
||||
... Put Storagegroup ${USER_KEY} ${CID} ${EMPTY} ${S_OID_USER}
|
||||
Run Keyword And Expect Error *
|
||||
... List Storagegroup ${USER_KEY} ${CID} ${EMPTY} ${SG_OID_1} ${SG_OID_INV}
|
||||
Run Keyword And Expect Error *
|
||||
... Get Storagegroup ${USER_KEY} ${CID} ${SG_OID_1} ${EMPTY} ${EMPTY} @{EXPECTED_OIDS}
|
||||
Run Keyword And Expect Error *
|
||||
... Delete Storagegroup ${USER_KEY} ${CID} ${SG_OID_1} ${EMPTY}
|
||||
|
||||
# Storagegroup should passed with User group key and bearer token
|
||||
${SG_OID_NEW} = Put Storagegroup ${USER_KEY} ${CID} bearer_allow_all_user ${S_OID_USER}
|
||||
List Storagegroup ${USER_KEY} ${CID} bearer_allow_all_user ${SG_OID_NEW} ${SG_OID_INV}
|
||||
Get Storagegroup ${USER_KEY} ${CID} ${SG_OID_INV} bearer_allow_all_user ${EMPTY} @{EXPECTED_OIDS}
|
||||
Delete Storagegroup ${USER_KEY} ${CID} ${SG_OID_INV} bearer_allow_all_user
|
||||
# Storagegroup should passed with User group key and bearer token
|
||||
${SG_OID_NEW} = Put Storagegroup ${USER_KEY} ${CID} ${EACL_TOKEN} ${S_OID_USER}
|
||||
List Storagegroup ${USER_KEY} ${CID} ${EACL_TOKEN} ${SG_OID_NEW} ${SG_OID_INV}
|
||||
Get Storagegroup ${USER_KEY} ${CID} ${SG_OID_INV} ${EACL_TOKEN} ${EMPTY} @{EXPECTED_OIDS}
|
||||
Delete Storagegroup ${USER_KEY} ${CID} ${SG_OID_INV} ${EACL_TOKEN}
|
||||
|
|
|
@ -1,10 +1,12 @@
|
|||
*** Settings ***
|
||||
Variables ../../../variables/common.py
|
||||
Library ../${RESOURCES}/neofs.py
|
||||
Library ../${RESOURCES}/payment_neogo.py
|
||||
|
||||
Library Collections
|
||||
Library acl.py
|
||||
Library neofs.py
|
||||
Library payment_neogo.py
|
||||
|
||||
Resource ../../../variables/eacl_tables.robot
|
||||
Resource common_steps_acl_bearer.robot
|
||||
Resource ../${RESOURCES}/payment_operations.robot
|
||||
Resource ../${RESOURCES}/setup_teardown.robot
|
||||
|
@ -15,7 +17,7 @@ ${SYSTEM_KEY} = ${NEOFS_IR_WIF}
|
|||
*** Test cases ***
|
||||
BearerToken Operations for Сompound Operations
|
||||
[Documentation] Testcase to validate NeoFS operations with BearerToken for Сompound Operations.
|
||||
[Tags] ACL NeoFS NeoCLI BearerToken
|
||||
[Tags] ACL NeoFSCLI BearerToken
|
||||
[Timeout] 20 min
|
||||
|
||||
[Setup] Setup
|
||||
|
@ -28,7 +30,6 @@ BearerToken Operations for Сompound Operations
|
|||
Check Сompound Operations
|
||||
|
||||
Log Check Bearer token with complex object
|
||||
|
||||
Generate file ${COMPLEX_OBJ_SIZE}
|
||||
Check Сompound Operations
|
||||
|
||||
|
@ -38,101 +39,101 @@ BearerToken Operations for Сompound Operations
|
|||
*** Keywords ***
|
||||
|
||||
Check Сompound Operations
|
||||
Check Bearer Сompound Get ${OTHER_KEY} OTHERS ${EACL_DENY_ALL_OTHERS}
|
||||
Check Bearer Сompound Get ${USER_KEY} USER ${EACL_DENY_ALL_USER}
|
||||
Check Bearer Сompound Get ${SYSTEM_KEY} SYSTEM ${EACL_DENY_ALL_SYSTEM}
|
||||
Check Bearer Сompound Get ${OTHER_KEY} OTHERS ${EACL_DENY_ALL_OTHERS}
|
||||
Check Bearer Сompound Get ${USER_KEY} USER ${EACL_DENY_ALL_USER}
|
||||
Check Bearer Сompound Get ${SYSTEM_KEY} SYSTEM ${EACL_DENY_ALL_SYSTEM}
|
||||
|
||||
Check Bearer Сompound Delete ${OTHER_KEY} OTHERS ${EACL_DENY_ALL_OTHERS}
|
||||
Check Bearer Сompound Delete ${USER_KEY} USER ${EACL_DENY_ALL_USER}
|
||||
Check Bearer Сompound Delete ${SYSTEM_KEY} SYSTEM ${EACL_DENY_ALL_SYSTEM}
|
||||
Check Bearer Сompound Delete ${OTHER_KEY} OTHERS ${EACL_DENY_ALL_OTHERS}
|
||||
Check Bearer Сompound Delete ${USER_KEY} USER ${EACL_DENY_ALL_USER}
|
||||
Check Bearer Сompound Delete ${SYSTEM_KEY} SYSTEM ${EACL_DENY_ALL_SYSTEM}
|
||||
|
||||
Check Bearer Сompound Get Range Hash ${OTHER_KEY} OTHERS ${EACL_DENY_ALL_OTHERS}
|
||||
Check Bearer Сompound Get Range Hash ${USER_KEY} USER ${EACL_DENY_ALL_USER}
|
||||
Check Bearer Сompound Get Range Hash ${SYSTEM_KEY} SYSTEM ${EACL_DENY_ALL_SYSTEM}
|
||||
Check Bearer Сompound Get Range Hash ${OTHER_KEY} OTHERS ${EACL_DENY_ALL_OTHERS}
|
||||
Check Bearer Сompound Get Range Hash ${USER_KEY} USER ${EACL_DENY_ALL_USER}
|
||||
Check Bearer Сompound Get Range Hash ${SYSTEM_KEY} SYSTEM ${EACL_DENY_ALL_SYSTEM}
|
||||
|
||||
|
||||
Check Bearer Сompound Get
|
||||
[Arguments] ${KEY} ${DENY_GROUP} ${DENY_EACL}
|
||||
|
||||
${CID} = Create Container Public
|
||||
${S_OID_USER} = Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER}
|
||||
@{S_OBJ_H} = Create List ${S_OID_USER}
|
||||
${CID} = Create Container Public
|
||||
${S_OID_USER} = Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER}
|
||||
@{S_OBJ_H} = Create List ${S_OID_USER}
|
||||
|
||||
${S_OID_USER} = Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER}
|
||||
Put object ${KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_OTH_HEADER}
|
||||
Get object ${KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl
|
||||
Set eACL ${USER_KEY} ${CID} ${DENY_EACL}
|
||||
${S_OID_USER} = Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER}
|
||||
Put object ${KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_OTH_HEADER}
|
||||
Get object ${KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl
|
||||
Set eACL ${USER_KEY} ${CID} ${DENY_EACL}
|
||||
|
||||
# The current ACL cache lifetime is 30 sec
|
||||
Sleep ${NEOFS_CONTRACT_CACHE_TIMEOUT}
|
||||
# The current ACL cache lifetime is 30 sec
|
||||
Sleep ${NEOFS_CONTRACT_CACHE_TIMEOUT}
|
||||
|
||||
${rule1}= Create Dictionary Operation=GET Access=ALLOW Role=${DENY_GROUP}
|
||||
${rule2}= Create Dictionary Operation=GETRANGE Access=ALLOW Role=${DENY_GROUP}
|
||||
${rule3}= Create Dictionary Operation=GETRANGEHASH Access=ALLOW Role=${DENY_GROUP}
|
||||
${eACL_gen}= Create List ${rule1} ${rule2} ${rule3}
|
||||
Form BearerToken file ${USER_KEY} ${CID} bearer_allow ${eACL_gen} 100500
|
||||
${rule1}= Create Dictionary Operation=GET Access=ALLOW Role=${DENY_GROUP}
|
||||
${rule2}= Create Dictionary Operation=GETRANGE Access=ALLOW Role=${DENY_GROUP}
|
||||
${rule3}= Create Dictionary Operation=GETRANGEHASH Access=ALLOW Role=${DENY_GROUP}
|
||||
${eACL_gen}= Create List ${rule1} ${rule2} ${rule3}
|
||||
${EACL_TOKEN} = Form BearerToken File ${USER_KEY} ${CID} ${eACL_gen}
|
||||
|
||||
Run Keyword And Expect Error *
|
||||
... Head object ${KEY} ${CID} ${S_OID_USER} bearer_allow
|
||||
Run Keyword And Expect Error *
|
||||
... Head object ${KEY} ${CID} ${S_OID_USER} ${EACL_TOKEN}
|
||||
|
||||
Get object ${KEY} ${CID} ${S_OID_USER} bearer_allow local_file_eacl
|
||||
Get Range ${KEY} ${CID} ${S_OID_USER} s_get_range bearer_allow 0:256
|
||||
Get Range Hash ${KEY} ${CID} ${S_OID_USER} bearer_allow 0:256
|
||||
Get object ${KEY} ${CID} ${S_OID_USER} ${EACL_TOKEN} local_file_eacl
|
||||
Get Range ${KEY} ${CID} ${S_OID_USER} s_get_range ${EACL_TOKEN} 0:256
|
||||
Get Range Hash ${KEY} ${CID} ${S_OID_USER} ${EACL_TOKEN} 0:256
|
||||
|
||||
|
||||
Check Bearer Сompound Delete
|
||||
[Arguments] ${KEY} ${DENY_GROUP} ${DENY_EACL}
|
||||
|
||||
${CID} = Create Container Public
|
||||
${CID} = Create Container Public
|
||||
|
||||
${S_OID_USER} = Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER}
|
||||
${D_OID_USER} = Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${EMPTY}
|
||||
Put object ${KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_OTH_HEADER}
|
||||
Delete object ${KEY} ${CID} ${D_OID_USER} ${EMPTY}
|
||||
${S_OID_USER} = Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER}
|
||||
${D_OID_USER} = Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${EMPTY}
|
||||
Put object ${KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_OTH_HEADER}
|
||||
Delete object ${KEY} ${CID} ${D_OID_USER} ${EMPTY}
|
||||
|
||||
Set eACL ${USER_KEY} ${CID} ${DENY_EACL}
|
||||
Set eACL ${USER_KEY} ${CID} ${DENY_EACL}
|
||||
|
||||
# The current ACL cache lifetime is 30 sec
|
||||
Sleep ${NEOFS_CONTRACT_CACHE_TIMEOUT}
|
||||
# The current ACL cache lifetime is 30 sec
|
||||
Sleep ${NEOFS_CONTRACT_CACHE_TIMEOUT}
|
||||
|
||||
${rule1} = Create Dictionary Operation=DELETE Access=ALLOW Role=${DENY_GROUP}
|
||||
${rule2} = Create Dictionary Operation=PUT Access=DENY Role=${DENY_GROUP}
|
||||
${rule3} = Create Dictionary Operation=HEAD Access=DENY Role=${DENY_GROUP}
|
||||
${eACL_gen} = Create List ${rule1} ${rule2} ${rule3}
|
||||
Form BearerToken file ${USER_KEY} ${CID} bearer_allow ${eACL_gen} 100500
|
||||
${rule1} = Create Dictionary Operation=DELETE Access=ALLOW Role=${DENY_GROUP}
|
||||
${rule2} = Create Dictionary Operation=PUT Access=DENY Role=${DENY_GROUP}
|
||||
${rule3} = Create Dictionary Operation=HEAD Access=DENY Role=${DENY_GROUP}
|
||||
${eACL_gen} = Create List ${rule1} ${rule2} ${rule3}
|
||||
${EACL_TOKEN} = Form BearerToken File ${USER_KEY} ${CID} ${eACL_gen}
|
||||
|
||||
Run Keyword And Expect Error *
|
||||
... Head object ${KEY} ${CID} ${S_OID_USER} bearer_allow
|
||||
Run Keyword And Expect Error *
|
||||
... Put object ${KEY} ${FILE_S} ${CID} bearer_allow ${FILE_OTH_HEADER}
|
||||
Run Keyword And Expect Error *
|
||||
... Head object ${KEY} ${CID} ${S_OID_USER} ${EACL_TOKEN}
|
||||
Run Keyword And Expect Error *
|
||||
... Put object ${KEY} ${FILE_S} ${CID} ${EACL_TOKEN} ${FILE_OTH_HEADER}
|
||||
|
||||
Delete object ${KEY} ${CID} ${S_OID_USER} bearer_allow
|
||||
Delete object ${KEY} ${CID} ${S_OID_USER} ${EACL_TOKEN}
|
||||
|
||||
|
||||
|
||||
Check Bearer Сompound Get Range Hash
|
||||
[Arguments] ${KEY} ${DENY_GROUP} ${DENY_EACL}
|
||||
[Arguments] ${KEY} ${DENY_GROUP} ${DENY_EACL}
|
||||
|
||||
${CID} = Create Container Public
|
||||
${CID} = Create Container Public
|
||||
|
||||
${S_OID_USER} = Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER}
|
||||
Put object ${KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_OTH_HEADER}
|
||||
Get Range Hash ${SYSTEM_KEY_SN} ${CID} ${S_OID_USER} ${EMPTY} 0:256
|
||||
${S_OID_USER} = Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER}
|
||||
Put object ${KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_OTH_HEADER}
|
||||
Get Range Hash ${SYSTEM_KEY_SN} ${CID} ${S_OID_USER} ${EMPTY} 0:256
|
||||
|
||||
Set eACL ${USER_KEY} ${CID} ${DENY_EACL}
|
||||
Set eACL ${USER_KEY} ${CID} ${DENY_EACL}
|
||||
|
||||
# The current ACL cache lifetime is 30 sec
|
||||
Sleep ${NEOFS_CONTRACT_CACHE_TIMEOUT}
|
||||
# The current ACL cache lifetime is 30 sec
|
||||
Sleep ${NEOFS_CONTRACT_CACHE_TIMEOUT}
|
||||
|
||||
${rule1} = Create Dictionary Operation=GETRANGEHASH Access=ALLOW Role=${DENY_GROUP}
|
||||
${rule2} = Create Dictionary Operation=GETRANGE Access=DENY Role=${DENY_GROUP}
|
||||
${rule3} = Create Dictionary Operation=GET Access=DENY Role=${DENY_GROUP}
|
||||
${eACL_gen} = Create List ${rule1} ${rule2} ${rule3}
|
||||
Form BearerToken file ${USER_KEY} ${CID} bearer_allow ${eACL_gen} 100500
|
||||
${rule1} = Create Dictionary Operation=GETRANGEHASH Access=ALLOW Role=${DENY_GROUP}
|
||||
${rule2} = Create Dictionary Operation=GETRANGE Access=DENY Role=${DENY_GROUP}
|
||||
${rule3} = Create Dictionary Operation=GET Access=DENY Role=${DENY_GROUP}
|
||||
${eACL_gen} = Create List ${rule1} ${rule2} ${rule3}
|
||||
${EACL_TOKEN} = Form BearerToken File ${USER_KEY} ${CID} ${eACL_gen}
|
||||
|
||||
Run Keyword And Expect Error *
|
||||
... Get Range ${KEY} ${CID} ${S_OID_USER} s_get_range bearer_allow 0:256
|
||||
Run Keyword And Expect Error *
|
||||
... Get object ${KEY} ${CID} ${S_OID_USER} bearer_allow local_file_eacl
|
||||
Run Keyword And Expect Error *
|
||||
... Get Range ${KEY} ${CID} ${S_OID_USER} s_get_range ${EACL_TOKEN} 0:256
|
||||
Run Keyword And Expect Error *
|
||||
... Get object ${KEY} ${CID} ${S_OID_USER} ${EACL_TOKEN} local_file_eacl
|
||||
|
||||
Get Range Hash ${KEY} ${CID} ${S_OID_USER} bearer_allow 0:256
|
||||
Get Range Hash ${KEY} ${CID} ${S_OID_USER} ${EACL_TOKEN} 0:256
|
||||
|
|
|
@ -1,12 +1,15 @@
|
|||
*** Settings ***
|
||||
Variables ../../../variables/common.py
|
||||
Library ../${RESOURCES}/neofs.py
|
||||
Library ../${RESOURCES}/payment_neogo.py
|
||||
|
||||
Library Collections
|
||||
Library neofs.py
|
||||
Library acl.py
|
||||
Library payment_neogo.py
|
||||
|
||||
Resource ../../../variables/eacl_tables.robot
|
||||
Resource common_steps_acl_bearer.robot
|
||||
Resource ../${RESOURCES}/payment_operations.robot
|
||||
Resource ../${RESOURCES}/setup_teardown.robot
|
||||
Resource payment_operations.robot
|
||||
Resource setup_teardown.robot
|
||||
|
||||
|
||||
*** Test cases ***
|
||||
|
@ -18,7 +21,6 @@ BearerToken Operations with Filter OID Equal
|
|||
[Setup] Setup
|
||||
|
||||
Generate Keys
|
||||
Prepare eACL Role rules
|
||||
|
||||
Log Check Bearer token with simple object
|
||||
Generate file ${SIMPLE_OBJ_SIZE}
|
||||
|
@ -54,43 +56,43 @@ Check eACL Deny and Allow All Bearer Filter OID Equal
|
|||
# The current ACL cache lifetime is 30 sec
|
||||
Sleep ${NEOFS_CONTRACT_CACHE_TIMEOUT}
|
||||
|
||||
${filters}= Create Dictionary headerType=OBJECT matchType=STRING_EQUAL key=$Object:objectID value=${S_OID_USER}
|
||||
${filters}= Create Dictionary headerType=OBJECT matchType=STRING_EQUAL key=$Object:objectID value=${S_OID_USER}
|
||||
|
||||
${rule1}= Create Dictionary Operation=GET Access=ALLOW Role=USER Filters=${filters}
|
||||
${rule2}= Create Dictionary Operation=HEAD Access=ALLOW Role=USER Filters=${filters}
|
||||
${rule3}= Create Dictionary Operation=PUT Access=ALLOW Role=USER Filters=${filters}
|
||||
${rule4}= Create Dictionary Operation=DELETE Access=ALLOW Role=USER Filters=${filters}
|
||||
${rule5}= Create Dictionary Operation=SEARCH Access=ALLOW Role=USER Filters=${filters}
|
||||
${rule6}= Create Dictionary Operation=GETRANGE Access=ALLOW Role=USER Filters=${filters}
|
||||
${rule7}= Create Dictionary Operation=GETRANGEHASH Access=ALLOW Role=USER Filters=${filters}
|
||||
${rule1}= Create Dictionary Operation=GET Access=ALLOW Role=USER Filters=${filters}
|
||||
${rule2}= Create Dictionary Operation=HEAD Access=ALLOW Role=USER Filters=${filters}
|
||||
${rule3}= Create Dictionary Operation=PUT Access=ALLOW Role=USER Filters=${filters}
|
||||
${rule4}= Create Dictionary Operation=DELETE Access=ALLOW Role=USER Filters=${filters}
|
||||
${rule5}= Create Dictionary Operation=SEARCH Access=ALLOW Role=USER Filters=${filters}
|
||||
${rule6}= Create Dictionary Operation=GETRANGE Access=ALLOW Role=USER Filters=${filters}
|
||||
${rule7}= Create Dictionary Operation=GETRANGEHASH Access=ALLOW Role=USER Filters=${filters}
|
||||
|
||||
${eACL_gen}= Create List ${rule1} ${rule2} ${rule3} ${rule4} ${rule5} ${rule6} ${rule7}
|
||||
${eACL_gen}= Create List ${rule1} ${rule2} ${rule3} ${rule4} ${rule5} ${rule6} ${rule7}
|
||||
|
||||
Form BearerToken file ${USER_KEY} ${CID} bearer_allow_all_user ${eACL_gen} 100500
|
||||
${EACL_TOKEN} = Form BearerToken File ${USER_KEY} ${CID} ${eACL_gen}
|
||||
|
||||
Run Keyword And Expect Error *
|
||||
... Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER}
|
||||
Run Keyword And Expect Error *
|
||||
... Get object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl
|
||||
Run Keyword And Expect Error *
|
||||
... Search object ${USER_KEY} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER} ${S_OBJ_H}
|
||||
Run Keyword And Expect Error *
|
||||
... Head object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY}
|
||||
Run Keyword And Expect Error *
|
||||
... Get Range ${USER_KEY} ${CID} ${S_OID_USER} s_get_range ${EMPTY} 0:256
|
||||
Run Keyword And Expect Error *
|
||||
... Delete object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY}
|
||||
Run Keyword And Expect Error *
|
||||
... Search object ${USER_KEY} ${CID} ${EMPTY} bearer_allow_all_user ${FILE_USR_HEADER} ${S_OBJ_H}
|
||||
Run Keyword And Expect Error *
|
||||
... Put object ${USER_KEY} ${FILE_S} ${CID} bearer_allow_all_user ${FILE_OTH_HEADER}
|
||||
Run Keyword And Expect Error *
|
||||
... Get object ${USER_KEY} ${CID} ${S_OID_USER_2} bearer_allow_all_user local_file_eacl
|
||||
Run Keyword And Expect Error *
|
||||
... Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER}
|
||||
Run Keyword And Expect Error *
|
||||
... Get object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl
|
||||
Run Keyword And Expect Error *
|
||||
... Search object ${USER_KEY} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER} ${S_OBJ_H}
|
||||
Run Keyword And Expect Error *
|
||||
... Head object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY}
|
||||
Run Keyword And Expect Error *
|
||||
... Get Range ${USER_KEY} ${CID} ${S_OID_USER} s_get_range ${EMPTY} 0:256
|
||||
Run Keyword And Expect Error *
|
||||
... Delete object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY}
|
||||
Run Keyword And Expect Error *
|
||||
... Search object ${USER_KEY} ${CID} ${EMPTY} ${EACL_TOKEN} ${FILE_USR_HEADER} ${S_OBJ_H}
|
||||
Run Keyword And Expect Error *
|
||||
... Put object ${USER_KEY} ${FILE_S} ${CID} ${EACL_TOKEN} ${FILE_OTH_HEADER}
|
||||
Run Keyword And Expect Error *
|
||||
... Get object ${USER_KEY} ${CID} ${S_OID_USER_2} ${EACL_TOKEN} local_file_eacl
|
||||
|
||||
Get object ${USER_KEY} ${CID} ${S_OID_USER} bearer_allow_all_user local_file_eacl
|
||||
Get Range ${USER_KEY} ${CID} ${S_OID_USER} s_get_range bearer_allow_all_user 0:256
|
||||
Get object ${USER_KEY} ${CID} ${S_OID_USER} ${EACL_TOKEN} local_file_eacl
|
||||
Get Range ${USER_KEY} ${CID} ${S_OID_USER} s_get_range ${EACL_TOKEN} 0:256
|
||||
|
||||
Head object ${USER_KEY} ${CID} ${S_OID_USER} bearer_allow_all_user
|
||||
Delete object ${USER_KEY} ${CID} ${S_OID_USER} bearer_allow_all_user
|
||||
Run Keyword And Expect Error *
|
||||
... Delete object ${USER_KEY} ${CID} ${D_OID_USER} bearer_allow_all_user
|
||||
Head object ${USER_KEY} ${CID} ${S_OID_USER} ${EACL_TOKEN}
|
||||
Delete object ${USER_KEY} ${CID} ${S_OID_USER} ${EACL_TOKEN}
|
||||
Run Keyword And Expect Error *
|
||||
... Delete object ${USER_KEY} ${CID} ${D_OID_USER} ${EACL_TOKEN}
|
||||
|
|
|
@ -1,10 +1,12 @@
|
|||
*** Settings ***
|
||||
Variables ../../../variables/common.py
|
||||
Library ../${RESOURCES}/neofs.py
|
||||
Library ../${RESOURCES}/payment_neogo.py
|
||||
|
||||
Library Collections
|
||||
Library neofs.py
|
||||
Library acl.py
|
||||
Library payment_neogo.py
|
||||
|
||||
Resource ../../../variables/eacl_tables.robot
|
||||
Resource common_steps_acl_bearer.robot
|
||||
Resource ../${RESOURCES}/payment_operations.robot
|
||||
Resource ../${RESOURCES}/setup_teardown.robot
|
||||
|
@ -13,20 +15,18 @@ Resource ../${RESOURCES}/setup_teardown.robot
|
|||
*** Test cases ***
|
||||
BearerToken Operations with Filter OID NotEqual
|
||||
[Documentation] Testcase to validate NeoFS operations with BearerToken with Filter OID NotEqual.
|
||||
[Tags] ACL NeoFS NeoCLI BearerToken
|
||||
[Tags] ACL NeoFSCLI BearerToken
|
||||
[Timeout] 20 min
|
||||
|
||||
[Setup] Setup
|
||||
|
||||
Generate Keys
|
||||
Prepare eACL Role rules
|
||||
|
||||
Log Check Bearer token with simple object
|
||||
Generate file ${SIMPLE_OBJ_SIZE}
|
||||
Check eACL Deny and Allow All Bearer Filter OID NotEqual
|
||||
|
||||
Log Check Bearer token with complex object
|
||||
|
||||
Generate file ${COMPLEX_OBJ_SIZE}
|
||||
Check eACL Deny and Allow All Bearer Filter OID NotEqual
|
||||
|
||||
|
@ -36,90 +36,70 @@ BearerToken Operations with Filter OID NotEqual
|
|||
|
||||
*** Keywords ***
|
||||
|
||||
|
||||
Prepare eACL Role rules
|
||||
Log Set eACL for different Role cases
|
||||
|
||||
# eACL rules for all operations and similar permissions
|
||||
@{Roles} = Create List OTHERS USER SYSTEM
|
||||
FOR ${role} IN @{Roles}
|
||||
${rule1} = Create Dictionary Operation=GET Access=DENY Role=${role}
|
||||
${rule2} = Create Dictionary Operation=HEAD Access=DENY Role=${role}
|
||||
${rule3} = Create Dictionary Operation=PUT Access=DENY Role=${role}
|
||||
${rule4} = Create Dictionary Operation=DELETE Access=DENY Role=${role}
|
||||
${rule5} = Create Dictionary Operation=SEARCH Access=DENY Role=${role}
|
||||
${rule6} = Create Dictionary Operation=GETRANGE Access=DENY Role=${role}
|
||||
${rule7} = Create Dictionary Operation=GETRANGEHASH Access=DENY Role=${role}
|
||||
|
||||
${eACL_gen} = Create List ${rule1} ${rule2} ${rule3} ${rule4} ${rule5} ${rule6} ${rule7}
|
||||
Form eACL json common file gen_eacl_deny_all_${role} ${eACL_gen}
|
||||
Set Global Variable ${EACL_DENY_ALL_${role}} gen_eacl_deny_all_${role}
|
||||
END
|
||||
|
||||
Check eACL Deny and Allow All Bearer Filter OID NotEqual
|
||||
${CID} = Create Container Public
|
||||
${S_OID_USER} = Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER}
|
||||
${S_OID_USER_2} = Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${EMPTY}
|
||||
${D_OID_USER} = Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER_DEL}
|
||||
@{S_OBJ_H} = Create List ${S_OID_USER}
|
||||
${S_OID_USER} = Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER}
|
||||
${S_OID_USER_2} = Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${EMPTY}
|
||||
${D_OID_USER} = Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER_DEL}
|
||||
@{S_OBJ_H} = Create List ${S_OID_USER}
|
||||
|
||||
Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_OTH_HEADER}
|
||||
Get object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl
|
||||
Search object ${USER_KEY} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER} ${S_OBJ_H}
|
||||
Head object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY}
|
||||
Get Range ${USER_KEY} ${CID} ${S_OID_USER} s_get_range ${EMPTY} 0:256
|
||||
Delete object ${USER_KEY} ${CID} ${D_OID_USER} ${EMPTY}
|
||||
|
||||
Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_OTH_HEADER}
|
||||
Get object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl
|
||||
Search object ${USER_KEY} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER} ${S_OBJ_H}
|
||||
Head object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY}
|
||||
Get Range ${USER_KEY} ${CID} ${S_OID_USER} s_get_range ${EMPTY} 0:256
|
||||
Delete object ${USER_KEY} ${CID} ${D_OID_USER} ${EMPTY}
|
||||
|
||||
Set eACL ${USER_KEY} ${CID} ${EACL_DENY_ALL_USER}
|
||||
Set eACL ${USER_KEY} ${CID} ${EACL_DENY_ALL_USER}
|
||||
|
||||
# The current ACL cache lifetime is 30 sec
|
||||
Sleep ${NEOFS_CONTRACT_CACHE_TIMEOUT}
|
||||
|
||||
${filters}= Create Dictionary headerType=OBJECT matchType=STRING_NOT_EQUAL key=$Object:objectID value=${S_OID_USER_2}
|
||||
${filters}= Create Dictionary headerType=OBJECT matchType=STRING_NOT_EQUAL key=$Object:objectID value=${S_OID_USER_2}
|
||||
|
||||
${rule1}= Create Dictionary Operation=GET Access=ALLOW Role=USER Filters=${filters}
|
||||
${rule2}= Create Dictionary Operation=HEAD Access=ALLOW Role=USER Filters=${filters}
|
||||
${rule3}= Create Dictionary Operation=PUT Access=ALLOW Role=USER Filters=${filters}
|
||||
${rule4}= Create Dictionary Operation=DELETE Access=ALLOW Role=USER Filters=${filters}
|
||||
${rule5}= Create Dictionary Operation=SEARCH Access=ALLOW Role=USER Filters=${filters}
|
||||
${rule6}= Create Dictionary Operation=GETRANGE Access=ALLOW Role=USER Filters=${filters}
|
||||
${rule7}= Create Dictionary Operation=GETRANGEHASH Access=ALLOW Role=USER Filters=${filters}
|
||||
${rule1}= Create Dictionary Operation=GET Access=ALLOW Role=USER Filters=${filters}
|
||||
${rule2}= Create Dictionary Operation=HEAD Access=ALLOW Role=USER Filters=${filters}
|
||||
${rule3}= Create Dictionary Operation=PUT Access=ALLOW Role=USER Filters=${filters}
|
||||
${rule4}= Create Dictionary Operation=DELETE Access=ALLOW Role=USER Filters=${filters}
|
||||
${rule5}= Create Dictionary Operation=SEARCH Access=ALLOW Role=USER Filters=${filters}
|
||||
${rule6}= Create Dictionary Operation=GETRANGE Access=ALLOW Role=USER Filters=${filters}
|
||||
${rule7}= Create Dictionary Operation=GETRANGEHASH Access=ALLOW Role=USER Filters=${filters}
|
||||
|
||||
${eACL_gen}= Create List ${rule1} ${rule2} ${rule3} ${rule4} ${rule5} ${rule6} ${rule7}
|
||||
${eACL_gen}= Create List ${rule1} ${rule2} ${rule3} ${rule4} ${rule5} ${rule6} ${rule7}
|
||||
|
||||
Form BearerToken file ${USER_KEY} ${CID} bearer_allow_all_user ${eACL_gen} 100500
|
||||
${EACL_TOKEN} = Form BearerToken File ${USER_KEY} ${CID} ${eACL_gen}
|
||||
|
||||
Run Keyword And Expect Error *
|
||||
... Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER}
|
||||
Run Keyword And Expect Error *
|
||||
... Get object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl
|
||||
Run Keyword And Expect Error *
|
||||
... Search object ${USER_KEY} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER} ${S_OBJ_H}
|
||||
Run Keyword And Expect Error *
|
||||
... Head object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY}
|
||||
Run Keyword And Expect Error *
|
||||
... Get Range ${USER_KEY} ${CID} ${S_OID_USER} s_get_range ${EMPTY} 0:256
|
||||
Run Keyword And Expect Error *
|
||||
... Delete object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY}
|
||||
Run Keyword And Expect Error *
|
||||
... Search object ${USER_KEY} ${CID} ${EMPTY} bearer_allow_all_user ${FILE_USR_HEADER} ${S_OBJ_H}
|
||||
Run Keyword And Expect Error *
|
||||
... Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER}
|
||||
Run Keyword And Expect Error *
|
||||
... Get object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl
|
||||
Run Keyword And Expect Error *
|
||||
... Search object ${USER_KEY} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER} ${S_OBJ_H}
|
||||
Run Keyword And Expect Error *
|
||||
... Head object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY}
|
||||
Run Keyword And Expect Error *
|
||||
... Get Range ${USER_KEY} ${CID} ${S_OID_USER} s_get_range ${EMPTY} 0:256
|
||||
Run Keyword And Expect Error *
|
||||
... Delete object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY}
|
||||
|
||||
Put object ${USER_KEY} ${FILE_S} ${CID} bearer_allow_all_user ${FILE_OTH_HEADER}
|
||||
Put object ${USER_KEY} ${FILE_S} ${CID} ${EACL_TOKEN} ${FILE_OTH_HEADER}
|
||||
|
||||
Get object ${USER_KEY} ${CID} ${S_OID_USER} bearer_allow_all_user local_file_eacl
|
||||
Run Keyword And Expect Error *
|
||||
... Get object ${USER_KEY} ${CID} ${S_OID_USER_2} bearer_allow_all_user local_file_eacl
|
||||
Get object ${USER_KEY} ${CID} ${S_OID_USER} ${EACL_TOKEN} local_file_eacl
|
||||
Run Keyword And Expect Error *
|
||||
... Get object ${USER_KEY} ${CID} ${S_OID_USER_2} ${EACL_TOKEN} local_file_eacl
|
||||
|
||||
Get Range ${USER_KEY} ${CID} ${S_OID_USER} s_get_range bearer_allow_all_user 0:256
|
||||
Run Keyword And Expect Error *
|
||||
... Get Range ${USER_KEY} ${CID} ${S_OID_USER_2} s_get_range bearer_allow_all_user 0:256
|
||||
Get Range ${USER_KEY} ${CID} ${S_OID_USER} s_get_range ${EACL_TOKEN} 0:256
|
||||
Run Keyword And Expect Error *
|
||||
... Get Range ${USER_KEY} ${CID} ${S_OID_USER_2} s_get_range ${EACL_TOKEN} 0:256
|
||||
|
||||
Head object ${USER_KEY} ${CID} ${S_OID_USER} bearer_allow_all_user
|
||||
Run Keyword And Expect Error *
|
||||
... Head object ${USER_KEY} ${CID} ${S_OID_USER_2} bearer_allow_all_user
|
||||
Head object ${USER_KEY} ${CID} ${S_OID_USER} ${EACL_TOKEN}
|
||||
Run Keyword And Expect Error *
|
||||
... Head object ${USER_KEY} ${CID} ${S_OID_USER_2} ${EACL_TOKEN}
|
||||
|
||||
Delete object ${USER_KEY} ${CID} ${S_OID_USER} bearer_allow_all_user
|
||||
Run Keyword And Expect Error *
|
||||
... Search object ${USER_KEY} ${CID} ${EMPTY} ${EACL_TOKEN} ${FILE_USR_HEADER} ${S_OBJ_H}
|
||||
|
||||
Run Keyword And Expect Error *
|
||||
... Delete object ${USER_KEY} ${CID} ${D_OID_USER_2} bearer_allow_all_user
|
||||
Delete object ${USER_KEY} ${CID} ${S_OID_USER} ${EACL_TOKEN}
|
||||
|
||||
Run Keyword And Expect Error *
|
||||
... Delete object ${USER_KEY} ${CID} ${D_OID_USER_2} ${EACL_TOKEN}
|
||||
|
|
|
@ -1,10 +1,12 @@
|
|||
*** Settings ***
|
||||
Variables ../../../variables/common.py
|
||||
Library ../${RESOURCES}/neofs.py
|
||||
Library ../${RESOURCES}/payment_neogo.py
|
||||
|
||||
Library Collections
|
||||
Library acl.py
|
||||
Library neofs.py
|
||||
Library payment_neogo.py
|
||||
|
||||
Resource ../../../variables/eacl_tables.robot
|
||||
Resource common_steps_acl_bearer.robot
|
||||
Resource ../${RESOURCES}/payment_operations.robot
|
||||
Resource ../${RESOURCES}/setup_teardown.robot
|
||||
|
@ -12,7 +14,7 @@ Resource ../${RESOURCES}/setup_teardown.robot
|
|||
*** Test cases ***
|
||||
BearerToken Operations with Filter UserHeader Equal
|
||||
[Documentation] Testcase to validate NeoFS operations with BearerToken with Filter UserHeader Equal.
|
||||
[Tags] ACL NeoFS NeoCLI BearerToken
|
||||
[Tags] ACL NeoFSCLI BearerToken
|
||||
[Timeout] 20 min
|
||||
|
||||
[Setup] Setup
|
||||
|
@ -33,91 +35,73 @@ BearerToken Operations with Filter UserHeader Equal
|
|||
|
||||
*** Keywords ***
|
||||
|
||||
Prepare eACL Role rules
|
||||
Log Set eACL for different Role cases
|
||||
# eACL rules for all operations and similar permissions
|
||||
@{Roles} = Create List OTHERS USER SYSTEM
|
||||
FOR ${role} IN @{Roles}
|
||||
${rule1} = Create Dictionary Operation=GET Access=DENY Role=${role}
|
||||
${rule2} = Create Dictionary Operation=HEAD Access=DENY Role=${role}
|
||||
${rule3} = Create Dictionary Operation=PUT Access=DENY Role=${role}
|
||||
${rule4} = Create Dictionary Operation=DELETE Access=DENY Role=${role}
|
||||
${rule5} = Create Dictionary Operation=SEARCH Access=DENY Role=${role}
|
||||
${rule6} = Create Dictionary Operation=GETRANGE Access=DENY Role=${role}
|
||||
${rule7} = Create Dictionary Operation=GETRANGEHASH Access=DENY Role=${role}
|
||||
|
||||
${eACL_gen} = Create List ${rule1} ${rule2} ${rule3} ${rule4} ${rule5} ${rule6} ${rule7}
|
||||
Form eACL json common file gen_eacl_deny_all_${role} ${eACL_gen}
|
||||
Set Global Variable ${EACL_DENY_ALL_${role}} gen_eacl_deny_all_${role}
|
||||
END
|
||||
|
||||
Check eACL Deny and Allow All Bearer Filter UserHeader Equal
|
||||
${CID} = Create Container Public
|
||||
${S_OID_USER} = Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER}
|
||||
${S_OID_USER_2} = Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${EMPTY}
|
||||
${D_OID_USER} = Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER_DEL}
|
||||
@{S_OBJ_H} = Create List ${S_OID_USER}
|
||||
${S_OID_USER} = Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER}
|
||||
${S_OID_USER_2} = Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${EMPTY}
|
||||
${D_OID_USER} = Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER_DEL}
|
||||
@{S_OBJ_H} = Create List ${S_OID_USER}
|
||||
|
||||
Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_OTH_HEADER}
|
||||
Get object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl
|
||||
Search object ${USER_KEY} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER} ${S_OBJ_H}
|
||||
Head object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY}
|
||||
Get Range ${USER_KEY} ${CID} ${S_OID_USER} s_get_range ${EMPTY} 0:256
|
||||
Delete object ${USER_KEY} ${CID} ${D_OID_USER} ${EMPTY}
|
||||
Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_OTH_HEADER}
|
||||
Get object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl
|
||||
Search object ${USER_KEY} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER} ${S_OBJ_H}
|
||||
Head object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY}
|
||||
Get Range ${USER_KEY} ${CID} ${S_OID_USER} s_get_range ${EMPTY} 0:256
|
||||
Delete object ${USER_KEY} ${CID} ${D_OID_USER} ${EMPTY}
|
||||
|
||||
Set eACL ${USER_KEY} ${CID} ${EACL_DENY_ALL_USER}
|
||||
Set eACL ${USER_KEY} ${CID} ${EACL_DENY_ALL_USER}
|
||||
|
||||
# The current ACL cache lifetime is 30 sec
|
||||
Sleep ${NEOFS_CONTRACT_CACHE_TIMEOUT}
|
||||
|
||||
${filters}= Create Dictionary headerType=OBJECT matchType=STRING_EQUAL key=key2 value=abc
|
||||
${filters}= Create Dictionary headerType=OBJECT matchType=STRING_EQUAL key=key2 value=abc
|
||||
|
||||
${rule1}= Create Dictionary Operation=GET Access=ALLOW Role=USER Filters=${filters}
|
||||
${rule2}= Create Dictionary Operation=HEAD Access=ALLOW Role=USER Filters=${filters}
|
||||
${rule3}= Create Dictionary Operation=PUT Access=ALLOW Role=USER Filters=${filters}
|
||||
${rule4}= Create Dictionary Operation=DELETE Access=ALLOW Role=USER Filters=${filters}
|
||||
${rule5}= Create Dictionary Operation=SEARCH Access=ALLOW Role=USER Filters=${filters}
|
||||
${rule6}= Create Dictionary Operation=GETRANGE Access=ALLOW Role=USER Filters=${filters}
|
||||
${rule7}= Create Dictionary Operation=GETRANGEHASH Access=ALLOW Role=USER Filters=${filters}
|
||||
${rule1}= Create Dictionary Operation=GET Access=ALLOW Role=USER Filters=${filters}
|
||||
${rule2}= Create Dictionary Operation=HEAD Access=ALLOW Role=USER Filters=${filters}
|
||||
${rule3}= Create Dictionary Operation=PUT Access=ALLOW Role=USER Filters=${filters}
|
||||
${rule4}= Create Dictionary Operation=DELETE Access=ALLOW Role=USER Filters=${filters}
|
||||
${rule5}= Create Dictionary Operation=SEARCH Access=ALLOW Role=USER Filters=${filters}
|
||||
${rule6}= Create Dictionary Operation=GETRANGE Access=ALLOW Role=USER Filters=${filters}
|
||||
${rule7}= Create Dictionary Operation=GETRANGEHASH Access=ALLOW Role=USER Filters=${filters}
|
||||
|
||||
${eACL_gen}= Create List ${rule1} ${rule2} ${rule3} ${rule4} ${rule5} ${rule6} ${rule7}
|
||||
${eACL_gen}= Create List ${rule1} ${rule2} ${rule3} ${rule4} ${rule5} ${rule6} ${rule7}
|
||||
|
||||
Form BearerToken file ${USER_KEY} ${CID} bearer_allow_all_user ${eACL_gen} 100500
|
||||
${EACL_TOKEN} = Form BearerToken File ${USER_KEY} ${CID} ${eACL_gen}
|
||||
|
||||
Run Keyword And Expect Error *
|
||||
... Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER}
|
||||
Run Keyword And Expect Error *
|
||||
... Get object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl
|
||||
Run Keyword And Expect Error *
|
||||
... Search object ${USER_KEY} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER} ${S_OBJ_H}
|
||||
Run Keyword And Expect Error *
|
||||
... Head object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY}
|
||||
Run Keyword And Expect Error *
|
||||
... Get Range ${USER_KEY} ${CID} ${S_OID_USER} s_get_range ${EMPTY} 0:256
|
||||
Run Keyword And Expect Error *
|
||||
... Delete object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY}
|
||||
Run Keyword And Expect Error *
|
||||
... Search object ${USER_KEY} ${CID} ${EMPTY} bearer_allow_all_user ${FILE_USR_HEADER} ${S_OBJ_H}
|
||||
Run Keyword And Expect Error *
|
||||
... Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER}
|
||||
Run Keyword And Expect Error *
|
||||
... Get object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl
|
||||
Run Keyword And Expect Error *
|
||||
... Search object ${USER_KEY} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER} ${S_OBJ_H}
|
||||
Run Keyword And Expect Error *
|
||||
... Head object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY}
|
||||
Run Keyword And Expect Error *
|
||||
... Get Range ${USER_KEY} ${CID} ${S_OID_USER} s_get_range ${EMPTY} 0:256
|
||||
Run Keyword And Expect Error *
|
||||
... Delete object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY}
|
||||
Run Keyword And Expect Error *
|
||||
... Search object ${USER_KEY} ${CID} ${EMPTY} ${EACL_TOKEN} ${FILE_USR_HEADER} ${S_OBJ_H}
|
||||
|
||||
Run Keyword And Expect Error *
|
||||
... Put object ${USER_KEY} ${FILE_S} ${CID} bearer_allow_all_user ${FILE_OTH_HEADER}
|
||||
Run Keyword And Expect Error *
|
||||
... Put object ${USER_KEY} ${FILE_S} ${CID} ${EACL_TOKEN} ${FILE_OTH_HEADER}
|
||||
|
||||
Get object ${USER_KEY} ${CID} ${S_OID_USER} bearer_allow_all_user local_file_eacl
|
||||
Run Keyword And Expect Error *
|
||||
... Get object ${USER_KEY} ${CID} ${S_OID_USER_2} bearer_allow_all_user local_file_eacl
|
||||
Get object ${USER_KEY} ${CID} ${S_OID_USER} ${EACL_TOKEN} local_file_eacl
|
||||
Run Keyword And Expect Error *
|
||||
... Get object ${USER_KEY} ${CID} ${S_OID_USER_2} ${EACL_TOKEN} local_file_eacl
|
||||
|
||||
Run Keyword And Expect Error *
|
||||
... Get Range ${USER_KEY} ${CID} ${S_OID_USER} s_get_range bearer_allow_all_user 0:256
|
||||
Run Keyword And Expect Error *
|
||||
... Get Range ${USER_KEY} ${CID} ${S_OID_USER} s_get_range ${EACL_TOKEN} 0:256
|
||||
|
||||
Run Keyword And Expect Error *
|
||||
... Get Range Hash ${USER_KEY} ${CID} ${S_OID_USER} bearer_allow_all_user 0:256
|
||||
Run Keyword And Expect Error *
|
||||
... Get Range Hash ${USER_KEY} ${CID} ${S_OID_USER} ${EACL_TOKEN} 0:256
|
||||
|
||||
Head object ${USER_KEY} ${CID} ${S_OID_USER} bearer_allow_all_user
|
||||
Run Keyword And Expect Error *
|
||||
... Head object ${USER_KEY} ${CID} ${S_OID_USER_2} bearer_allow_all_user
|
||||
Head object ${USER_KEY} ${CID} ${S_OID_USER} ${EACL_TOKEN}
|
||||
Run Keyword And Expect Error *
|
||||
... Head object ${USER_KEY} ${CID} ${S_OID_USER_2} ${EACL_TOKEN}
|
||||
|
||||
# Delete can not be filtered by UserHeader.
|
||||
Run Keyword And Expect Error *
|
||||
... Delete object ${USER_KEY} ${CID} ${S_OID_USER} bearer_allow_all_user
|
||||
Run Keyword And Expect Error *
|
||||
... Delete object ${USER_KEY} ${CID} ${S_OID_USER_2} bearer_allow_all_user
|
||||
# Delete can not be filtered by UserHeader.
|
||||
Run Keyword And Expect Error *
|
||||
... Delete object ${USER_KEY} ${CID} ${S_OID_USER} ${EACL_TOKEN}
|
||||
Run Keyword And Expect Error *
|
||||
... Delete object ${USER_KEY} ${CID} ${S_OID_USER_2} ${EACL_TOKEN}
|
||||
|
|
|
@ -1,30 +1,31 @@
|
|||
*** Settings ***
|
||||
Variables ../../../variables/common.py
|
||||
Library ../${RESOURCES}/neofs.py
|
||||
Library ../${RESOURCES}/payment_neogo.py
|
||||
|
||||
Library Collections
|
||||
Library neofs.py
|
||||
Library acl.py
|
||||
Library payment_neogo.py
|
||||
|
||||
Resource common_steps_acl_bearer.robot
|
||||
Resource ../../../variables/eacl_tables.robot
|
||||
Resource ../${RESOURCES}/payment_operations.robot
|
||||
Resource ../${RESOURCES}/setup_teardown.robot
|
||||
|
||||
*** Test cases ***
|
||||
BearerToken Operations Filter UserHeader NotEqual
|
||||
[Documentation] Testcase to validate NeoFS operations with BearerToken Filter UserHeader NotEqual.
|
||||
[Tags] ACL NeoFS NeoCLI BearerToken
|
||||
[Tags] ACL NeoFSCLI BearerToken
|
||||
[Timeout] 20 min
|
||||
|
||||
[Setup] Setup
|
||||
|
||||
Generate Keys
|
||||
Prepare eACL Role rules
|
||||
|
||||
Log Check Bearer token with simple object
|
||||
Generate file ${SIMPLE_OBJ_SIZE}
|
||||
Check eACL Deny and Allow All Bearer Filter UserHeader NotEqual
|
||||
|
||||
Log Check Bearer token with complex object
|
||||
|
||||
Generate file ${COMPLEX_OBJ_SIZE}
|
||||
Check eACL Deny and Allow All Bearer Filter UserHeader NotEqual
|
||||
|
||||
|
@ -33,77 +34,76 @@ BearerToken Operations Filter UserHeader NotEqual
|
|||
*** Keywords ***
|
||||
|
||||
Check eACL Deny and Allow All Bearer Filter UserHeader NotEqual
|
||||
${CID} = Create Container Public
|
||||
${S_OID_USER} = Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_OTH_HEADER}
|
||||
${S_OID_USER_2} = Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER}
|
||||
${D_OID_USER} = Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER_DEL}
|
||||
@{S_OBJ_H} = Create List ${S_OID_USER_2}
|
||||
${CID} = Create Container Public
|
||||
${S_OID_USER} = Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_OTH_HEADER}
|
||||
${S_OID_USER_2} = Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER}
|
||||
${D_OID_USER} = Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER_DEL}
|
||||
@{S_OBJ_H} = Create List ${S_OID_USER_2}
|
||||
|
||||
Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_OTH_HEADER}
|
||||
Get object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl
|
||||
Search object ${USER_KEY} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER} ${S_OBJ_H}
|
||||
Head object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY}
|
||||
Get Range ${USER_KEY} ${CID} ${S_OID_USER} s_get_range ${EMPTY} 0:256
|
||||
Delete object ${USER_KEY} ${CID} ${D_OID_USER} ${EMPTY}
|
||||
|
||||
Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_OTH_HEADER}
|
||||
Get object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl
|
||||
Search object ${USER_KEY} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER} ${S_OBJ_H}
|
||||
Head object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY}
|
||||
Get Range ${USER_KEY} ${CID} ${S_OID_USER} s_get_range ${EMPTY} 0:256
|
||||
Delete object ${USER_KEY} ${CID} ${D_OID_USER} ${EMPTY}
|
||||
Set eACL ${USER_KEY} ${CID} ${EACL_DENY_ALL_USER}
|
||||
|
||||
Set eACL ${USER_KEY} ${CID} ${EACL_DENY_ALL_USER}
|
||||
# The current ACL cache lifetime is 30 sec
|
||||
Sleep ${NEOFS_CONTRACT_CACHE_TIMEOUT}
|
||||
|
||||
# The current ACL cache lifetime is 30 sec
|
||||
Sleep ${NEOFS_CONTRACT_CACHE_TIMEOUT}
|
||||
${filters}= Create Dictionary headerType=OBJECT matchType=STRING_NOT_EQUAL key=key2 value=abc
|
||||
|
||||
${filters}= Create Dictionary headerType=OBJECT matchType=STRING_NOT_EQUAL key=key2 value=abc
|
||||
${rule1}= Create Dictionary Operation=GET Access=ALLOW Role=USER Filters=${filters}
|
||||
${rule2}= Create Dictionary Operation=HEAD Access=ALLOW Role=USER Filters=${filters}
|
||||
${rule3}= Create Dictionary Operation=PUT Access=ALLOW Role=USER Filters=${filters}
|
||||
${rule4}= Create Dictionary Operation=DELETE Access=ALLOW Role=USER Filters=${filters}
|
||||
${rule5}= Create Dictionary Operation=SEARCH Access=ALLOW Role=USER Filters=${filters}
|
||||
${rule6}= Create Dictionary Operation=GETRANGE Access=ALLOW Role=USER Filters=${filters}
|
||||
${rule7}= Create Dictionary Operation=GETRANGEHASH Access=ALLOW Role=USER Filters=${filters}
|
||||
|
||||
${rule1}= Create Dictionary Operation=GET Access=ALLOW Role=USER Filters=${filters}
|
||||
${rule2}= Create Dictionary Operation=HEAD Access=ALLOW Role=USER Filters=${filters}
|
||||
${rule3}= Create Dictionary Operation=PUT Access=ALLOW Role=USER Filters=${filters}
|
||||
${rule4}= Create Dictionary Operation=DELETE Access=ALLOW Role=USER Filters=${filters}
|
||||
${rule5}= Create Dictionary Operation=SEARCH Access=ALLOW Role=USER Filters=${filters}
|
||||
${rule6}= Create Dictionary Operation=GETRANGE Access=ALLOW Role=USER Filters=${filters}
|
||||
${rule7}= Create Dictionary Operation=GETRANGEHASH Access=ALLOW Role=USER Filters=${filters}
|
||||
${eACL_gen}= Create List ${rule1} ${rule2} ${rule3} ${rule4} ${rule6} ${rule7}
|
||||
|
||||
${eACL_gen}= Create List ${rule1} ${rule2} ${rule3} ${rule4} ${rule6} ${rule7}
|
||||
${EACL_TOKEN} = Form BearerToken File ${USER_KEY} ${CID} ${eACL_gen}
|
||||
|
||||
Form BearerToken file ${USER_KEY} ${CID} bearer_allow_all_user ${eACL_gen} 100500
|
||||
Run Keyword And Expect Error *
|
||||
... Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER}
|
||||
Run Keyword And Expect Error *
|
||||
... Get object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl
|
||||
Run Keyword And Expect Error *
|
||||
... Search object ${USER_KEY} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER} ${S_OBJ_H}
|
||||
Run Keyword And Expect Error *
|
||||
... Head object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY}
|
||||
Run Keyword And Expect Error *
|
||||
... Get Range ${USER_KEY} ${CID} ${S_OID_USER} s_get_range ${EMPTY} 0:256
|
||||
Run Keyword And Expect Error *
|
||||
... Delete object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY}
|
||||
|
||||
Run Keyword And Expect Error *
|
||||
... Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER}
|
||||
Run Keyword And Expect Error *
|
||||
... Get object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl
|
||||
Run Keyword And Expect Error *
|
||||
... Search object ${USER_KEY} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER} ${S_OBJ_H}
|
||||
Run Keyword And Expect Error *
|
||||
... Head object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY}
|
||||
Run Keyword And Expect Error *
|
||||
... Get Range ${USER_KEY} ${CID} ${S_OID_USER} s_get_range ${EMPTY} 0:256
|
||||
Run Keyword And Expect Error *
|
||||
... Delete object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY}
|
||||
# Search can not use filter by headers
|
||||
Run Keyword And Expect Error *
|
||||
... Search object ${USER_KEY} ${CID} ${EMPTY} ${EACL_TOKEN} ${FILE_USR_HEADER} ${S_OBJ_H}
|
||||
|
||||
# Search can not use filter by headers
|
||||
Run Keyword And Expect Error *
|
||||
... Search object ${USER_KEY} ${CID} ${EMPTY} bearer_allow_all_user ${FILE_USR_HEADER} ${S_OBJ_H}
|
||||
# Different behaviour for big and small objects!
|
||||
# Put object ${USER_KEY} ${FILE_S} ${CID} ${EACL_TOKEN} ${FILE_OTH_HEADER}
|
||||
Run Keyword And Expect Error *
|
||||
... Put object ${USER_KEY} ${FILE_S} ${CID} ${EACL_TOKEN} ${EMPTY}
|
||||
|
||||
# Different behaviour for big and small objects!
|
||||
# Put object ${USER_KEY} ${FILE_S} ${CID} bearer_allow_all_user ${FILE_OTH_HEADER}
|
||||
Run Keyword And Expect Error *
|
||||
... Put object ${USER_KEY} ${FILE_S} ${CID} bearer_allow_all_user ${EMPTY}
|
||||
Get object ${USER_KEY} ${CID} ${S_OID_USER} ${EACL_TOKEN} local_file_eacl
|
||||
Run Keyword And Expect Error *
|
||||
... Get object ${USER_KEY} ${CID} ${S_OID_USER_2} ${EACL_TOKEN} local_file_eacl
|
||||
|
||||
Get object ${USER_KEY} ${CID} ${S_OID_USER} bearer_allow_all_user local_file_eacl
|
||||
Run Keyword And Expect Error *
|
||||
... Get object ${USER_KEY} ${CID} ${S_OID_USER_2} bearer_allow_all_user local_file_eacl
|
||||
Run Keyword And Expect Error *
|
||||
... Get Range ${USER_KEY} ${CID} ${S_OID_USER} s_get_range ${EACL_TOKEN} 0:256
|
||||
|
||||
Run Keyword And Expect Error *
|
||||
... Get Range ${USER_KEY} ${CID} ${S_OID_USER} s_get_range bearer_allow_all_user 0:256
|
||||
Run Keyword And Expect Error *
|
||||
... Get Range Hash ${USER_KEY} ${CID} ${S_OID_USER} ${EACL_TOKEN} 0:256
|
||||
|
||||
Run Keyword And Expect Error *
|
||||
... Get Range Hash ${USER_KEY} ${CID} ${S_OID_USER} bearer_allow_all_user 0:256
|
||||
Head object ${USER_KEY} ${CID} ${S_OID_USER} ${EACL_TOKEN}
|
||||
Run Keyword And Expect Error *
|
||||
... Head object ${USER_KEY} ${CID} ${S_OID_USER_2} ${EACL_TOKEN}
|
||||
|
||||
Head object ${USER_KEY} ${CID} ${S_OID_USER} bearer_allow_all_user
|
||||
Run Keyword And Expect Error *
|
||||
... Head object ${USER_KEY} ${CID} ${S_OID_USER_2} bearer_allow_all_user
|
||||
|
||||
# Delete can not be filtered by UserHeader.
|
||||
Run Keyword And Expect Error *
|
||||
... Delete object ${USER_KEY} ${CID} ${S_OID_USER} bearer_allow_all_user
|
||||
Run Keyword And Expect Error *
|
||||
... Delete object ${USER_KEY} ${CID} ${S_OID_USER_2} bearer_allow_all_user
|
||||
# Delete can not be filtered by UserHeader.
|
||||
Run Keyword And Expect Error *
|
||||
... Delete object ${USER_KEY} ${CID} ${S_OID_USER} ${EACL_TOKEN}
|
||||
Run Keyword And Expect Error *
|
||||
... Delete object ${USER_KEY} ${CID} ${S_OID_USER_2} ${EACL_TOKEN}
|
||||
|
|
|
@ -1,10 +1,13 @@
|
|||
*** Settings ***
|
||||
|
||||
Variables ../../../variables/common.py
|
||||
Library ../${RESOURCES}/neofs.py
|
||||
Library ../${RESOURCES}/payment_neogo.py
|
||||
|
||||
Library Collections
|
||||
Library neofs.py
|
||||
Library acl.py
|
||||
Library payment_neogo.py
|
||||
|
||||
Resource ../../../variables/eacl_tables.robot
|
||||
Resource common_steps_acl_bearer.robot
|
||||
Resource ../${RESOURCES}/payment_operations.robot
|
||||
Resource ../${RESOURCES}/setup_teardown.robot
|
||||
|
@ -12,20 +15,18 @@ Resource ../${RESOURCES}/setup_teardown.robot
|
|||
*** Test cases ***
|
||||
BearerToken Operations for Inaccessible Container
|
||||
[Documentation] Testcase to validate NeoFS operations with BearerToken for Inaccessible Container.
|
||||
[Tags] ACL NeoFS NeoCLI BearerToken
|
||||
[Tags] ACL NeoFSCLI BearerToken
|
||||
[Timeout] 20 min
|
||||
|
||||
[Setup] Setup
|
||||
|
||||
Generate Keys
|
||||
Prepare eACL Role rules
|
||||
|
||||
Log Check Bearer token with simple object
|
||||
Generate file ${SIMPLE_OBJ_SIZE}
|
||||
Check Container Inaccessible and Allow All Bearer
|
||||
|
||||
Log Check Bearer token with complex object
|
||||
|
||||
Generate file ${COMPLEX_OBJ_SIZE}
|
||||
Check Container Inaccessible and Allow All Bearer
|
||||
|
||||
|
@ -34,29 +35,28 @@ BearerToken Operations for Inaccessible Container
|
|||
*** Keywords ***
|
||||
|
||||
Check Container Inaccessible and Allow All Bearer
|
||||
${CID} = Create Container Inaccessible
|
||||
${CID} = Create Container Inaccessible
|
||||
|
||||
Run Keyword And Expect Error *
|
||||
... Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER}
|
||||
Run Keyword And Expect Error *
|
||||
... Get object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl
|
||||
Run Keyword And Expect Error *
|
||||
... Search object ${USER_KEY} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER}
|
||||
Run Keyword And Expect Error *
|
||||
... Head object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY}
|
||||
Run Keyword And Expect Error *
|
||||
... Get Range ${USER_KEY} ${CID} ${S_OID_USER} s_get_range ${EMPTY} 0:256
|
||||
Run Keyword And Expect Error *
|
||||
... Delete object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY}
|
||||
Run Keyword And Expect Error *
|
||||
... Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER}
|
||||
Run Keyword And Expect Error *
|
||||
... Get object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl
|
||||
Run Keyword And Expect Error *
|
||||
... Search object ${USER_KEY} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER}
|
||||
Run Keyword And Expect Error *
|
||||
... Head object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY}
|
||||
Run Keyword And Expect Error *
|
||||
... Get Range ${USER_KEY} ${CID} ${S_OID_USER} s_get_range ${EMPTY} 0:256
|
||||
Run Keyword And Expect Error *
|
||||
... Delete object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY}
|
||||
|
||||
${rule1}= Create Dictionary Operation=PUT Access=ALLOW Role=USER
|
||||
${rule2}= Create Dictionary Operation=SEARCH Access=ALLOW Role=USER
|
||||
${rule1} = Create Dictionary Operation=PUT Access=ALLOW Role=USER
|
||||
${rule2} = Create Dictionary Operation=SEARCH Access=ALLOW Role=USER
|
||||
${eACL_gen} = Create List ${rule1} ${rule2}
|
||||
|
||||
${eACL_gen}= Create List ${rule1} ${rule2}
|
||||
${EACL_TOKEN} = Form BearerToken File ${USER_KEY} ${CID} ${eACL_gen}
|
||||
|
||||
Form BearerToken file ${USER_KEY} ${CID} bearer_allow_all_user ${eACL_gen} 100500
|
||||
|
||||
Run Keyword And Expect Error *
|
||||
... Put object ${USER_KEY} ${FILE_S} ${CID} bearer_allow_all_user ${FILE_USR_HEADER}
|
||||
Run Keyword And Expect Error *
|
||||
... Search object ${USER_KEY} ${CID} ${EMPTY} bearer_allow_all_user ${FILE_USR_HEADER}
|
||||
Run Keyword And Expect Error *
|
||||
... Put object ${USER_KEY} ${FILE_S} ${CID} ${EACL_TOKEN} ${FILE_USR_HEADER}
|
||||
Run Keyword And Expect Error *
|
||||
... Search object ${USER_KEY} ${CID} ${EMPTY} ${EACL_TOKEN} ${FILE_USR_HEADER}
|
||||
|
|
|
@ -1,10 +1,12 @@
|
|||
*** Settings ***
|
||||
Variables ../../../variables/common.py
|
||||
Library ../${RESOURCES}/neofs.py
|
||||
Library ../${RESOURCES}/payment_neogo.py
|
||||
|
||||
Library Collections
|
||||
Library neofs.py
|
||||
Library acl.py
|
||||
Library payment_neogo.py
|
||||
|
||||
Resource ../../../variables/eacl_tables.robot
|
||||
Resource common_steps_acl_bearer.robot
|
||||
Resource ../${RESOURCES}/payment_operations.robot
|
||||
Resource ../${RESOURCES}/setup_teardown.robot
|
||||
|
@ -25,7 +27,6 @@ BearerToken Operations
|
|||
Check eACL Allow All Bearer Filter Requst Equal Deny
|
||||
|
||||
Log Check Bearer token with complex object
|
||||
|
||||
Generate file ${COMPLEX_OBJ_SIZE}
|
||||
Check eACL Allow All Bearer Filter Requst Equal Deny
|
||||
|
||||
|
@ -37,10 +38,10 @@ BearerToken Operations
|
|||
|
||||
Check eACL Allow All Bearer Filter Requst Equal Deny
|
||||
${CID} = Create Container Public
|
||||
${S_OID_USER} = Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER}
|
||||
${S_OID_USER_2} = Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${EMPTY}
|
||||
${D_OID_USER} = Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER_DEL}
|
||||
@{S_OBJ_H} = Create List ${S_OID_USER}
|
||||
${S_OID_USER} = Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER}
|
||||
${S_OID_USER_2} = Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${EMPTY}
|
||||
${D_OID_USER} = Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER_DEL}
|
||||
@{S_OBJ_H} = Create List ${S_OID_USER}
|
||||
|
||||
|
||||
${filters}= Create Dictionary headerType=REQUEST matchType=STRING_EQUAL key=a value=256
|
||||
|
@ -52,27 +53,28 @@ Check eACL Allow All Bearer Filter Requst Equal Deny
|
|||
${rule6}= Create Dictionary Operation=GETRANGE Access=DENY Role=USER Filters=${filters}
|
||||
${rule7}= Create Dictionary Operation=GETRANGEHASH Access=DENY Role=USER Filters=${filters}
|
||||
${eACL_gen}= Create List ${rule1} ${rule2} ${rule3} ${rule4} ${rule5} ${rule6} ${rule7}
|
||||
Form BearerToken file ${USER_KEY} ${CID} bearer_allow_all_user ${eACL_gen} 100500
|
||||
|
||||
Put object ${USER_KEY} ${FILE_S} ${CID} bearer_allow_all_user ${FILE_OTH_HEADER} ${EMPTY} --xhdr a=2
|
||||
Get object ${USER_KEY} ${CID} ${S_OID_USER} bearer_allow_all_user local_file_eacl ${EMPTY} --xhdr a=2
|
||||
Search object ${USER_KEY} ${CID} ${EMPTY} bearer_allow_all_user ${FILE_USR_HEADER} ${S_OBJ_H} --xhdr a=2
|
||||
Head object ${USER_KEY} ${CID} ${S_OID_USER} bearer_allow_all_user ${EMPTY} --xhdr a=2
|
||||
Get Range ${USER_KEY} ${CID} ${S_OID_USER} s_get_range bearer_allow_all_user 0:256 --xhdr a=2
|
||||
Get Range Hash ${USER_KEY} ${CID} ${S_OID_USER} bearer_allow_all_user 0:256 --xhdr a=2
|
||||
Delete object ${USER_KEY} ${CID} ${D_OID_USER} bearer_allow_all_user --xhdr a=2
|
||||
${EACL_TOKEN} = Form BearerToken File ${USER_KEY} ${CID} ${eACL_gen}
|
||||
|
||||
Run Keyword And Expect Error *
|
||||
... Put object ${USER_KEY} ${FILE_S} ${CID} bearer_allow_all_user ${FILE_USR_HEADER} ${EMPTY} --xhdr a=256
|
||||
Run Keyword And Expect Error *
|
||||
... Get object ${USER_KEY} ${CID} ${S_OID_USER} bearer_allow_all_user local_file_eacl ${EMPTY} --xhdr a=256
|
||||
Run Keyword And Expect Error *
|
||||
... Search object ${USER_KEY} ${CID} ${EMPTY} bearer_allow_all_user ${FILE_USR_HEADER} ${EMPTY} --xhdr a=256
|
||||
Run Keyword And Expect Error *
|
||||
... Head object ${USER_KEY} ${CID} ${S_OID_USER} bearer_allow_all_user ${EMPTY} --xhdr a=256
|
||||
Run Keyword And Expect Error *
|
||||
... Get Range ${USER_KEY} ${CID} ${S_OID_USER} s_get_range bearer_allow_all_user 0:256 --xhdr a=256
|
||||
Run Keyword And Expect Error *
|
||||
... Get Range Hash ${USER_KEY} ${CID} ${S_OID_USER} bearer_allow_all_user 0:256 --xhdr a=256
|
||||
Run Keyword And Expect Error *
|
||||
... Delete object ${USER_KEY} ${CID} ${S_OID_USER} bearer_allow_all_user --xhdr a=256
|
||||
Put object ${USER_KEY} ${FILE_S} ${CID} ${EACL_TOKEN} ${FILE_OTH_HEADER} ${EMPTY} --xhdr a=2
|
||||
Get object ${USER_KEY} ${CID} ${S_OID_USER} ${EACL_TOKEN} local_file_eacl ${EMPTY} --xhdr a=2
|
||||
Search object ${USER_KEY} ${CID} ${EMPTY} ${EACL_TOKEN} ${FILE_USR_HEADER} ${S_OBJ_H} --xhdr a=2
|
||||
Head object ${USER_KEY} ${CID} ${S_OID_USER} ${EACL_TOKEN} ${EMPTY} --xhdr a=2
|
||||
Get Range ${USER_KEY} ${CID} ${S_OID_USER} s_get_range ${EACL_TOKEN} 0:256 --xhdr a=2
|
||||
Get Range Hash ${USER_KEY} ${CID} ${S_OID_USER} ${EACL_TOKEN} 0:256 --xhdr a=2
|
||||
Delete object ${USER_KEY} ${CID} ${D_OID_USER} ${EACL_TOKEN} --xhdr a=2
|
||||
|
||||
Run Keyword And Expect Error *
|
||||
... Put object ${USER_KEY} ${FILE_S} ${CID} ${EACL_TOKEN} ${FILE_USR_HEADER} ${EMPTY} --xhdr a=256
|
||||
Run Keyword And Expect Error *
|
||||
... Get object ${USER_KEY} ${CID} ${S_OID_USER} ${EACL_TOKEN} local_file_eacl ${EMPTY} --xhdr a=256
|
||||
Run Keyword And Expect Error *
|
||||
... Search object ${USER_KEY} ${CID} ${EMPTY} ${EACL_TOKEN} ${FILE_USR_HEADER} ${EMPTY} --xhdr a=256
|
||||
Run Keyword And Expect Error *
|
||||
... Head object ${USER_KEY} ${CID} ${S_OID_USER} ${EACL_TOKEN} ${EMPTY} --xhdr a=256
|
||||
Run Keyword And Expect Error *
|
||||
... Get Range ${USER_KEY} ${CID} ${S_OID_USER} s_get_range ${EACL_TOKEN} 0:256 --xhdr a=256
|
||||
Run Keyword And Expect Error *
|
||||
... Get Range Hash ${USER_KEY} ${CID} ${S_OID_USER} ${EACL_TOKEN} 0:256 --xhdr a=256
|
||||
Run Keyword And Expect Error *
|
||||
... Delete object ${USER_KEY} ${CID} ${S_OID_USER} ${EACL_TOKEN} --xhdr a=256
|
||||
|
|
|
@ -1,10 +1,12 @@
|
|||
*** Settings ***
|
||||
Variables ../../../variables/common.py
|
||||
Library ../${RESOURCES}/neofs.py
|
||||
Library ../${RESOURCES}/payment_neogo.py
|
||||
|
||||
Library Collections
|
||||
Library acl.py
|
||||
Library neofs.py
|
||||
Library payment_neogo.py
|
||||
|
||||
Resource ../../../variables/eacl_tables.robot
|
||||
Resource common_steps_acl_bearer.robot
|
||||
Resource ../${RESOURCES}/payment_operations.robot
|
||||
Resource ../${RESOURCES}/setup_teardown.robot
|
||||
|
@ -13,7 +15,7 @@ Resource ../${RESOURCES}/setup_teardown.robot
|
|||
*** Test cases ***
|
||||
BearerToken Operations with Filter Requst Equal
|
||||
[Documentation] Testcase to validate NeoFS operations with BearerToken with Filter Requst Equal.
|
||||
[Tags] ACL NeoFS NeoCLI BearerToken
|
||||
[Tags] ACL NeoFSCLI BearerToken
|
||||
[Timeout] 20 min
|
||||
|
||||
[Setup] Setup
|
||||
|
@ -26,7 +28,6 @@ BearerToken Operations with Filter Requst Equal
|
|||
Check eACL Deny and Allow All Bearer Filter Requst Equal
|
||||
|
||||
Log Check Bearer token with complex object
|
||||
|
||||
Generate file ${COMPLEX_OBJ_SIZE}
|
||||
Check eACL Deny and Allow All Bearer Filter Requst Equal
|
||||
|
||||
|
@ -38,51 +39,51 @@ BearerToken Operations with Filter Requst Equal
|
|||
|
||||
Check eACL Deny and Allow All Bearer Filter Requst Equal
|
||||
${CID} = Create Container Public
|
||||
${S_OID_USER} = Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER}
|
||||
${S_OID_USER_2} = Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${EMPTY}
|
||||
${D_OID_USER} = Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER_DEL}
|
||||
@{S_OBJ_H} = Create List ${S_OID_USER}
|
||||
${S_OID_USER} = Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER}
|
||||
${S_OID_USER_2} = Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${EMPTY}
|
||||
${D_OID_USER} = Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER_DEL}
|
||||
@{S_OBJ_H} = Create List ${S_OID_USER}
|
||||
|
||||
Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_OTH_HEADER}
|
||||
Get object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl
|
||||
Search object ${USER_KEY} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER} ${S_OBJ_H}
|
||||
Head object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY}
|
||||
Get Range ${USER_KEY} ${CID} ${S_OID_USER} s_get_range ${EMPTY} 0:256
|
||||
Delete object ${USER_KEY} ${CID} ${D_OID_USER} ${EMPTY}
|
||||
Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_OTH_HEADER}
|
||||
Get object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl
|
||||
Search object ${USER_KEY} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER} ${S_OBJ_H}
|
||||
Head object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY}
|
||||
Get Range ${USER_KEY} ${CID} ${S_OID_USER} s_get_range ${EMPTY} 0:256
|
||||
Delete object ${USER_KEY} ${CID} ${D_OID_USER} ${EMPTY}
|
||||
|
||||
Set eACL ${USER_KEY} ${CID} ${EACL_DENY_ALL_USER}
|
||||
Set eACL ${USER_KEY} ${CID} ${EACL_DENY_ALL_USER}
|
||||
|
||||
# The current ACL cache lifetime is 30 sec
|
||||
Sleep ${NEOFS_CONTRACT_CACHE_TIMEOUT}
|
||||
|
||||
${filters}= Create Dictionary headerType=REQUEST matchType=STRING_EQUAL key=a value=256
|
||||
${rule1}= Create Dictionary Operation=GET Access=ALLOW Role=USER Filters=${filters}
|
||||
${rule2}= Create Dictionary Operation=HEAD Access=ALLOW Role=USER Filters=${filters}
|
||||
${rule3}= Create Dictionary Operation=PUT Access=ALLOW Role=USER Filters=${filters}
|
||||
${rule4}= Create Dictionary Operation=DELETE Access=ALLOW Role=USER Filters=${filters}
|
||||
${rule5}= Create Dictionary Operation=SEARCH Access=ALLOW Role=USER Filters=${filters}
|
||||
${rule6}= Create Dictionary Operation=GETRANGE Access=ALLOW Role=USER Filters=${filters}
|
||||
${rule7}= Create Dictionary Operation=GETRANGEHASH Access=ALLOW Role=USER Filters=${filters}
|
||||
${eACL_gen}= Create List ${rule1} ${rule2} ${rule3} ${rule4} ${rule5} ${rule6} ${rule7}
|
||||
Form BearerToken file ${USER_KEY} ${CID} bearer_allow_all_user ${eACL_gen} 100500
|
||||
${filters}= Create Dictionary headerType=REQUEST matchType=STRING_EQUAL key=a value=256
|
||||
${rule1}= Create Dictionary Operation=GET Access=ALLOW Role=USER Filters=${filters}
|
||||
${rule2}= Create Dictionary Operation=HEAD Access=ALLOW Role=USER Filters=${filters}
|
||||
${rule3}= Create Dictionary Operation=PUT Access=ALLOW Role=USER Filters=${filters}
|
||||
${rule4}= Create Dictionary Operation=DELETE Access=ALLOW Role=USER Filters=${filters}
|
||||
${rule5}= Create Dictionary Operation=SEARCH Access=ALLOW Role=USER Filters=${filters}
|
||||
${rule6}= Create Dictionary Operation=GETRANGE Access=ALLOW Role=USER Filters=${filters}
|
||||
${rule7}= Create Dictionary Operation=GETRANGEHASH Access=ALLOW Role=USER Filters=${filters}
|
||||
${eACL_gen}= Create List ${rule1} ${rule2} ${rule3} ${rule4} ${rule5} ${rule6} ${rule7}
|
||||
${EACL_TOKEN} = Form BearerToken File ${USER_KEY} ${CID} ${eACL_gen}
|
||||
|
||||
Run Keyword And Expect Error *
|
||||
... Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER}
|
||||
Run Keyword And Expect Error *
|
||||
... Get object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl
|
||||
Run Keyword And Expect Error *
|
||||
... Search object ${USER_KEY} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER} ${S_OBJ_H}
|
||||
Run Keyword And Expect Error *
|
||||
... Head object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY}
|
||||
Run Keyword And Expect Error *
|
||||
... Get Range ${USER_KEY} ${CID} ${S_OID_USER} s_get_range ${EMPTY} 0:256
|
||||
Run Keyword And Expect Error *
|
||||
... Delete object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY}
|
||||
Run Keyword And Expect Error *
|
||||
... Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER}
|
||||
Run Keyword And Expect Error *
|
||||
... Get object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl
|
||||
Run Keyword And Expect Error *
|
||||
... Search object ${USER_KEY} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER} ${S_OBJ_H}
|
||||
Run Keyword And Expect Error *
|
||||
... Head object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY}
|
||||
Run Keyword And Expect Error *
|
||||
... Get Range ${USER_KEY} ${CID} ${S_OID_USER} s_get_range ${EMPTY} 0:256
|
||||
Run Keyword And Expect Error *
|
||||
... Delete object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY}
|
||||
|
||||
Put object ${USER_KEY} ${FILE_S} ${CID} bearer_allow_all_user ${FILE_USR_HEADER} ${EMPTY} --xhdr a=256
|
||||
Get object ${USER_KEY} ${CID} ${S_OID_USER} bearer_allow_all_user local_file_eacl ${EMPTY} --xhdr a=256
|
||||
Search object ${USER_KEY} ${CID} ${EMPTY} bearer_allow_all_user ${FILE_USR_HEADER} ${EMPTY} --xhdr a=256
|
||||
Head object ${USER_KEY} ${CID} ${S_OID_USER} bearer_allow_all_user ${EMPTY} --xhdr a=256
|
||||
Get Range ${USER_KEY} ${CID} ${S_OID_USER} s_get_range bearer_allow_all_user 0:256 --xhdr a=256
|
||||
Get Range Hash ${USER_KEY} ${CID} ${S_OID_USER} bearer_allow_all_user 0:256 --xhdr a=256
|
||||
Delete object ${USER_KEY} ${CID} ${S_OID_USER} bearer_allow_all_user --xhdr a=256
|
||||
Put object ${USER_KEY} ${FILE_S} ${CID} ${EACL_TOKEN} ${FILE_USR_HEADER} ${EMPTY} --xhdr a=256
|
||||
Get object ${USER_KEY} ${CID} ${S_OID_USER} ${EACL_TOKEN} local_file_eacl ${EMPTY} --xhdr a=256
|
||||
Search object ${USER_KEY} ${CID} ${EMPTY} ${EACL_TOKEN} ${FILE_USR_HEADER} ${EMPTY} --xhdr a=256
|
||||
Head object ${USER_KEY} ${CID} ${S_OID_USER} ${EACL_TOKEN} ${EMPTY} --xhdr a=256
|
||||
Get Range ${USER_KEY} ${CID} ${S_OID_USER} s_get_range ${EACL_TOKEN} 0:256 --xhdr a=256
|
||||
Get Range Hash ${USER_KEY} ${CID} ${S_OID_USER} ${EACL_TOKEN} 0:256 --xhdr a=256
|
||||
Delete object ${USER_KEY} ${CID} ${S_OID_USER} ${EACL_TOKEN} --xhdr a=256
|
||||
|
|
|
@ -1,10 +1,12 @@
|
|||
*** Settings ***
|
||||
Variables ../../../variables/common.py
|
||||
Library ../${RESOURCES}/neofs.py
|
||||
Library ../${RESOURCES}/payment_neogo.py
|
||||
|
||||
Library Collections
|
||||
Library acl.py
|
||||
Library neofs.py
|
||||
Library payment_neogo.py
|
||||
|
||||
Resource ../../../variables/eacl_tables.robot
|
||||
Resource common_steps_acl_bearer.robot
|
||||
Resource ../${RESOURCES}/payment_operations.robot
|
||||
Resource ../${RESOURCES}/setup_teardown.robot
|
||||
|
@ -13,13 +15,12 @@ Resource ../${RESOURCES}/setup_teardown.robot
|
|||
*** Test cases ***
|
||||
BearerToken Operations with Filter Requst NotEqual
|
||||
[Documentation] Testcase to validate NeoFS operations with BearerToken with Filter Requst NotEqual.
|
||||
[Tags] ACL NeoFS NeoCLI BearerToken
|
||||
[Tags] ACL NeoFSCLI BearerToken
|
||||
[Timeout] 20 min
|
||||
|
||||
[Setup] Setup
|
||||
|
||||
Generate Keys
|
||||
Prepare eACL Role rules
|
||||
|
||||
Log Check Bearer token with simple object
|
||||
Generate file ${SIMPLE_OBJ_SIZE}
|
||||
|
@ -36,51 +37,51 @@ BearerToken Operations with Filter Requst NotEqual
|
|||
|
||||
Check eACL Deny and Allow All Bearer Filter Requst NotEqual
|
||||
${CID} = Create Container Public
|
||||
${S_OID_USER} = Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER}
|
||||
${S_OID_USER_2} = Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${EMPTY}
|
||||
${D_OID_USER} = Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER_DEL}
|
||||
@{S_OBJ_H} = Create List ${S_OID_USER}
|
||||
${S_OID_USER} = Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER}
|
||||
${S_OID_USER_2} = Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${EMPTY}
|
||||
${D_OID_USER} = Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER_DEL}
|
||||
@{S_OBJ_H} = Create List ${S_OID_USER}
|
||||
|
||||
Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_OTH_HEADER}
|
||||
Get object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl
|
||||
Search object ${USER_KEY} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER} ${S_OBJ_H}
|
||||
Head object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY}
|
||||
Get Range ${USER_KEY} ${CID} ${S_OID_USER} s_get_range ${EMPTY} 0:256
|
||||
Delete object ${USER_KEY} ${CID} ${D_OID_USER} ${EMPTY}
|
||||
Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_OTH_HEADER}
|
||||
Get object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl
|
||||
Search object ${USER_KEY} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER} ${S_OBJ_H}
|
||||
Head object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY}
|
||||
Get Range ${USER_KEY} ${CID} ${S_OID_USER} s_get_range ${EMPTY} 0:256
|
||||
Delete object ${USER_KEY} ${CID} ${D_OID_USER} ${EMPTY}
|
||||
|
||||
Set eACL ${USER_KEY} ${CID} ${EACL_DENY_ALL_USER}
|
||||
Set eACL ${USER_KEY} ${CID} ${EACL_DENY_ALL_USER}
|
||||
|
||||
# The current ACL cache lifetime is 30 sec
|
||||
Sleep ${NEOFS_CONTRACT_CACHE_TIMEOUT}
|
||||
|
||||
${filters}= Create Dictionary headerType=REQUEST matchType=STRING_NOT_EQUAL key=a value=256
|
||||
${rule1}= Create Dictionary Operation=GET Access=ALLOW Role=USER Filters=${filters}
|
||||
${rule2}= Create Dictionary Operation=HEAD Access=ALLOW Role=USER Filters=${filters}
|
||||
${rule3}= Create Dictionary Operation=PUT Access=ALLOW Role=USER Filters=${filters}
|
||||
${rule4}= Create Dictionary Operation=DELETE Access=ALLOW Role=USER Filters=${filters}
|
||||
${rule5}= Create Dictionary Operation=SEARCH Access=ALLOW Role=USER Filters=${filters}
|
||||
${rule6}= Create Dictionary Operation=GETRANGE Access=ALLOW Role=USER Filters=${filters}
|
||||
${rule7}= Create Dictionary Operation=GETRANGEHASH Access=ALLOW Role=USER Filters=${filters}
|
||||
${eACL_gen}= Create List ${rule1} ${rule2} ${rule3} ${rule4} ${rule5} ${rule6} ${rule7}
|
||||
Form BearerToken file ${USER_KEY} ${CID} bearer_allow_all_user ${eACL_gen} 100500
|
||||
${filters}= Create Dictionary headerType=REQUEST matchType=STRING_NOT_EQUAL key=a value=256
|
||||
${rule1}= Create Dictionary Operation=GET Access=ALLOW Role=USER Filters=${filters}
|
||||
${rule2}= Create Dictionary Operation=HEAD Access=ALLOW Role=USER Filters=${filters}
|
||||
${rule3}= Create Dictionary Operation=PUT Access=ALLOW Role=USER Filters=${filters}
|
||||
${rule4}= Create Dictionary Operation=DELETE Access=ALLOW Role=USER Filters=${filters}
|
||||
${rule5}= Create Dictionary Operation=SEARCH Access=ALLOW Role=USER Filters=${filters}
|
||||
${rule6}= Create Dictionary Operation=GETRANGE Access=ALLOW Role=USER Filters=${filters}
|
||||
${rule7}= Create Dictionary Operation=GETRANGEHASH Access=ALLOW Role=USER Filters=${filters}
|
||||
${eACL_gen}= Create List ${rule1} ${rule2} ${rule3} ${rule4} ${rule5} ${rule6} ${rule7}
|
||||
${EACL_TOKEN} = Form BearerToken File ${USER_KEY} ${CID} ${eACL_gen}
|
||||
|
||||
Run Keyword And Expect Error *
|
||||
... Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER}
|
||||
Run Keyword And Expect Error *
|
||||
... Get object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl
|
||||
#Run Keyword And Expect Error *
|
||||
#... Search object ${USER_KEY} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER} ${S_OBJ_H}
|
||||
Run Keyword And Expect Error *
|
||||
... Head object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY}
|
||||
Run Keyword And Expect Error *
|
||||
... Get Range ${USER_KEY} ${CID} ${S_OID_USER} s_get_range ${EMPTY} 0:256
|
||||
Run Keyword And Expect Error *
|
||||
... Delete object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY}
|
||||
Run Keyword And Expect Error *
|
||||
... Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER}
|
||||
Run Keyword And Expect Error *
|
||||
... Get object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl
|
||||
#Run Keyword And Expect Error *
|
||||
#... Search object ${USER_KEY} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER} ${S_OBJ_H}
|
||||
Run Keyword And Expect Error *
|
||||
... Head object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY}
|
||||
Run Keyword And Expect Error *
|
||||
... Get Range ${USER_KEY} ${CID} ${S_OID_USER} s_get_range ${EMPTY} 0:256
|
||||
Run Keyword And Expect Error *
|
||||
... Delete object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY}
|
||||
|
||||
Put object ${USER_KEY} ${FILE_S} ${CID} bearer_allow_all_user ${FILE_USR_HEADER} ${EMPTY} --xhdr a=2
|
||||
Get object ${USER_KEY} ${CID} ${S_OID_USER} bearer_allow_all_user local_file_eacl ${EMPTY} --xhdr a=2
|
||||
Search object ${USER_KEY} ${CID} ${EMPTY} bearer_allow_all_user ${FILE_USR_HEADER} ${EMPTY} --xhdr a=2
|
||||
Head object ${USER_KEY} ${CID} ${S_OID_USER} bearer_allow_all_user ${EMPTY} --xhdr a=2
|
||||
Get Range ${USER_KEY} ${CID} ${S_OID_USER} s_get_range bearer_allow_all_user 0:256 --xhdr a=2
|
||||
Get Range Hash ${USER_KEY} ${CID} ${S_OID_USER} bearer_allow_all_user 0:256 --xhdr a=2
|
||||
Delete object ${USER_KEY} ${CID} ${S_OID_USER} bearer_allow_all_user --xhdr a=2
|
||||
Put object ${USER_KEY} ${FILE_S} ${CID} ${EACL_TOKEN} ${FILE_USR_HEADER} ${EMPTY} --xhdr a=2
|
||||
Get object ${USER_KEY} ${CID} ${S_OID_USER} ${EACL_TOKEN} local_file_eacl ${EMPTY} --xhdr a=2
|
||||
Search object ${USER_KEY} ${CID} ${EMPTY} ${EACL_TOKEN} ${FILE_USR_HEADER} ${EMPTY} --xhdr a=2
|
||||
Head object ${USER_KEY} ${CID} ${S_OID_USER} ${EACL_TOKEN} ${EMPTY} --xhdr a=2
|
||||
Get Range ${USER_KEY} ${CID} ${S_OID_USER} s_get_range ${EACL_TOKEN} 0:256 --xhdr a=2
|
||||
Get Range Hash ${USER_KEY} ${CID} ${S_OID_USER} ${EACL_TOKEN} 0:256 --xhdr a=2
|
||||
Delete object ${USER_KEY} ${CID} ${S_OID_USER} ${EACL_TOKEN} --xhdr a=2
|
||||
|
|
|
@ -1,9 +1,10 @@
|
|||
*** Settings ***
|
||||
Variables ../../../variables/common.py
|
||||
Library ../${RESOURCES}/neofs.py
|
||||
Library ../${RESOURCES}/payment_neogo.py
|
||||
|
||||
Library Collections
|
||||
Library acl.py
|
||||
Library neofs.py
|
||||
Library payment_neogo.py
|
||||
|
||||
Resource common_steps_acl_extended.robot
|
||||
Resource ../${RESOURCES}/payment_operations.robot
|
||||
|
|
|
@ -1,8 +1,9 @@
|
|||
*** Settings ***
|
||||
Variables ../../../variables/common.py
|
||||
|
||||
Library ../${RESOURCES}/neofs.py
|
||||
Library ../${RESOURCES}/payment_neogo.py
|
||||
Library acl.py
|
||||
Library neofs.py
|
||||
Library payment_neogo.py
|
||||
Library Collections
|
||||
|
||||
Resource common_steps_acl_extended.robot
|
||||
|
|
Loading…
Reference in a new issue