[#1278] containerSvc: Validate FrostFSID subject exitence on Put

Signed-off-by: Dmitrii Stepanov <d.stepanov@yadro.com>
2024-07-29 13:03:55 +03:00 · 2024-07-29 13:03:55 +03:00 · 7e04083c27
commit 7e04083c27
parent a12c39667d
2 changed files with 30 additions and 6 deletions
--- a/pkg/services/container/ape_test.go
+++ b/pkg/services/container/ape_test.go
@ -765,17 +765,22 @@ func testDenyPutContainerForOthersSessionToken(t *testing.T) {
 		keys: [][]byte{},
 	}
 	nm := &netmapStub{}
-	frostfsIDSubjectReader := &frostfsidStub{
-		subjects: map[util.Uint160]*client.Subject{},
-	}
-	apeSrv := NewAPEServer(router, contRdr, ir, nm, frostfsIDSubjectReader, srv)

 	testContainer := containertest.Container()
+	owner := testContainer.Owner()
+	ownerAddr, err := owner.ScriptHash()
+	require.NoError(t, err)
+	frostfsIDSubjectReader := &frostfsidStub{
+		subjects: map[util.Uint160]*client.Subject{
+			ownerAddr: {},
+		},
+	}
+	apeSrv := NewAPEServer(router, contRdr, ir, nm, frostfsIDSubjectReader, srv)

 	nm.currentEpoch = 100
 	nm.netmaps = map[uint64]*netmap.NetMap{}

-	_, _, err := router.MorphRuleChainStorage().AddMorphRuleChain(chain.Ingress, engine.NamespaceTarget(""), &chain.Chain{
+	_, _, err = router.MorphRuleChainStorage().AddMorphRuleChain(chain.Ingress, engine.NamespaceTarget(""), &chain.Chain{
 		Rules: []chain.Rule{
 			{
 				Status: chain.AccessDenied,