forked from TrueCloudLab/frostfs-node
[#1243] object: Make APE checker set x-headers to request properties
* Update go.mod, go.sum; * Add x-headers to request properties; * Add a unit-test. Signed-off-by: Airat Arifullin <a.arifullin@yadro.com>
This commit is contained in:
parent
39866a957c
commit
d5dc14c639
6 changed files with 71 additions and 3 deletions
|
|
@ -10,6 +10,7 @@ import (
|
|||
|
||||
"git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/object"
|
||||
"git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/refs"
|
||||
"git.frostfs.info/TrueCloudLab/frostfs-api-go/v2/session"
|
||||
"git.frostfs.info/TrueCloudLab/frostfs-contract/frostfsid/client"
|
||||
"git.frostfs.info/TrueCloudLab/frostfs-node/pkg/core/container"
|
||||
frostfsidcore "git.frostfs.info/TrueCloudLab/frostfs-node/pkg/core/frostfsid"
|
||||
|
|
@ -240,6 +241,7 @@ var apeCheckTestCases = []struct {
|
|||
object *string
|
||||
methods []string
|
||||
header testHeader
|
||||
xHeaders []session.XHeader
|
||||
containerRules []chain.Rule
|
||||
groupidRules []chain.Rule
|
||||
expectAPEErr bool
|
||||
|
|
@ -367,6 +369,52 @@ var apeCheckTestCases = []struct {
|
|||
},
|
||||
expectAPEErr: true,
|
||||
},
|
||||
{
|
||||
name: "oid required requests are denied by xheader",
|
||||
container: containerID,
|
||||
object: stringPtr(objectID),
|
||||
methods: methodsRequiredOID,
|
||||
header: testHeader{
|
||||
headerObjSDK: &headerObjectSDKParams{
|
||||
attributes: []struct {
|
||||
key string
|
||||
val string
|
||||
}{
|
||||
{
|
||||
key: "attr1",
|
||||
val: "attribute_value",
|
||||
},
|
||||
},
|
||||
},
|
||||
fromHeaderProvider: true,
|
||||
},
|
||||
xHeaders: []session.XHeader{
|
||||
func() (xhead session.XHeader) {
|
||||
xhead.SetKey("X-Test-ID")
|
||||
xhead.SetValue("aezakmi")
|
||||
return
|
||||
}(),
|
||||
},
|
||||
containerRules: []chain.Rule{
|
||||
{
|
||||
Status: chain.AccessDenied,
|
||||
Actions: chain.Actions{Names: methodsRequiredOID},
|
||||
Resources: chain.Resources{
|
||||
Names: []string{fmt.Sprintf(nativeschema.ResourceFormatRootContainerObject, containerID, objectID)},
|
||||
},
|
||||
Any: true,
|
||||
Condition: []chain.Condition{
|
||||
{
|
||||
Op: chain.CondStringLike,
|
||||
Kind: chain.KindRequest,
|
||||
Key: fmt.Sprintf(commonschema.PropertyKeyFrostFSXHeader, "X-Test-ID"),
|
||||
Value: "aezakmi",
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
expectAPEErr: true,
|
||||
},
|
||||
{
|
||||
name: "optional oid requests reached quota limit by an attribute",
|
||||
container: containerID,
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue