2022-08-25 10:57:55 +00:00
|
|
|
import allure
|
|
|
|
import pytest
|
2023-05-15 09:59:33 +00:00
|
|
|
from frostfs_testlib.resources.wellknown_acl import PUBLIC_ACL
|
|
|
|
from frostfs_testlib.steps.acl import create_eacl, set_eacl, wait_for_cache_expired
|
|
|
|
from frostfs_testlib.steps.cli.container import create_container
|
|
|
|
from frostfs_testlib.steps.cli.object import put_object_to_random_node
|
|
|
|
from frostfs_testlib.steps.node_management import drop_object
|
|
|
|
from frostfs_testlib.storage.dataclasses.acl import EACLAccess, EACLOperation, EACLRole, EACLRule
|
|
|
|
from frostfs_testlib.testing.cluster_test_base import ClusterTestBase
|
|
|
|
from frostfs_testlib.utils.failover_utils import wait_object_replication
|
2023-02-27 16:54:27 +00:00
|
|
|
|
|
|
|
from pytest_tests.helpers.container_access import (
|
2022-09-05 12:12:56 +00:00
|
|
|
check_full_access_to_container,
|
|
|
|
check_no_access_to_container,
|
|
|
|
)
|
2023-02-27 16:54:27 +00:00
|
|
|
from pytest_tests.helpers.object_access import (
|
2022-09-19 15:54:00 +00:00
|
|
|
can_delete_object,
|
|
|
|
can_get_head_object,
|
2022-09-28 12:07:16 +00:00
|
|
|
can_get_object,
|
2022-09-19 15:54:00 +00:00
|
|
|
can_get_range_hash_of_object,
|
|
|
|
can_get_range_of_object,
|
2022-09-28 12:07:16 +00:00
|
|
|
can_put_object,
|
2022-09-19 15:54:00 +00:00
|
|
|
can_search_object,
|
|
|
|
)
|
2023-05-15 09:59:33 +00:00
|
|
|
from pytest_tests.testsuites.acl.conftest import Wallets
|
2022-08-25 10:57:55 +00:00
|
|
|
|
|
|
|
|
|
|
|
@pytest.mark.sanity
|
|
|
|
@pytest.mark.acl
|
2022-09-05 12:12:56 +00:00
|
|
|
@pytest.mark.acl_extended
|
2022-12-05 22:31:45 +00:00
|
|
|
class TestEACLContainer(ClusterTestBase):
|
2022-09-05 12:12:56 +00:00
|
|
|
@pytest.fixture(scope="function")
|
2023-05-15 09:59:33 +00:00
|
|
|
def eacl_full_placement_container_with_object(self, wallets: Wallets, file_path: str) -> str:
|
2022-08-25 10:57:55 +00:00
|
|
|
user_wallet = wallets.get_wallet()
|
2022-12-05 22:31:45 +00:00
|
|
|
storage_nodes = self.cluster.storage_nodes
|
|
|
|
node_count = len(storage_nodes)
|
2022-09-05 12:12:56 +00:00
|
|
|
with allure.step("Create eACL public container with full placement rule"):
|
2022-12-05 22:31:45 +00:00
|
|
|
full_placement_rule = f"REP {node_count} IN X CBF 1 SELECT {node_count} FROM * AS X"
|
2022-09-05 12:12:56 +00:00
|
|
|
cid = create_container(
|
2022-10-19 14:22:54 +00:00
|
|
|
wallet=user_wallet.wallet_path,
|
|
|
|
rule=full_placement_rule,
|
2022-10-13 18:53:44 +00:00
|
|
|
basic_acl=PUBLIC_ACL,
|
2022-12-05 22:31:45 +00:00
|
|
|
shell=self.shell,
|
|
|
|
endpoint=self.cluster.default_rpc_endpoint,
|
2022-09-05 12:12:56 +00:00
|
|
|
)
|
|
|
|
|
|
|
|
with allure.step("Add test object to container"):
|
2022-12-05 22:31:45 +00:00
|
|
|
oid = put_object_to_random_node(
|
|
|
|
user_wallet.wallet_path, file_path, cid, shell=self.shell, cluster=self.cluster
|
|
|
|
)
|
|
|
|
wait_object_replication(
|
|
|
|
cid,
|
|
|
|
oid,
|
|
|
|
node_count,
|
|
|
|
shell=self.shell,
|
|
|
|
nodes=storage_nodes,
|
2022-10-18 07:10:58 +00:00
|
|
|
)
|
2022-08-25 10:57:55 +00:00
|
|
|
|
|
|
|
yield cid, oid, file_path
|
|
|
|
|
2022-09-05 12:12:56 +00:00
|
|
|
@pytest.mark.parametrize("deny_role", [EACLRole.USER, EACLRole.OTHERS])
|
|
|
|
def test_extended_acl_deny_all_operations(
|
2023-05-15 09:59:33 +00:00
|
|
|
self,
|
|
|
|
wallets: Wallets,
|
|
|
|
eacl_container_with_objects: tuple[str, list[str], str],
|
|
|
|
deny_role: EACLRole,
|
2022-09-05 12:12:56 +00:00
|
|
|
):
|
2022-08-25 10:57:55 +00:00
|
|
|
user_wallet = wallets.get_wallet()
|
|
|
|
other_wallet = wallets.get_wallet(EACLRole.OTHERS)
|
|
|
|
deny_role_wallet = other_wallet if deny_role == EACLRole.OTHERS else user_wallet
|
2022-09-19 15:54:00 +00:00
|
|
|
not_deny_role_wallet = user_wallet if deny_role == EACLRole.OTHERS else other_wallet
|
2022-09-05 12:12:56 +00:00
|
|
|
deny_role_str = "all others" if deny_role == EACLRole.OTHERS else "user"
|
|
|
|
not_deny_role_str = "user" if deny_role == EACLRole.OTHERS else "all others"
|
2023-01-09 12:46:03 +00:00
|
|
|
allure.dynamic.title(f"Testcase to deny FrostFS operations for {deny_role_str}.")
|
2022-08-25 10:57:55 +00:00
|
|
|
cid, object_oids, file_path = eacl_container_with_objects
|
|
|
|
|
2022-09-05 12:12:56 +00:00
|
|
|
with allure.step(f"Deny all operations for {deny_role_str} via eACL"):
|
|
|
|
eacl_deny = [
|
|
|
|
EACLRule(access=EACLAccess.DENY, role=deny_role, operation=op)
|
|
|
|
for op in EACLOperation
|
|
|
|
]
|
2022-10-13 18:53:44 +00:00
|
|
|
set_eacl(
|
|
|
|
user_wallet.wallet_path,
|
|
|
|
cid,
|
2022-12-05 22:31:45 +00:00
|
|
|
create_eacl(cid, eacl_deny, shell=self.shell),
|
|
|
|
shell=self.shell,
|
|
|
|
endpoint=self.cluster.default_rpc_endpoint,
|
2022-10-13 18:53:44 +00:00
|
|
|
)
|
2022-08-25 10:57:55 +00:00
|
|
|
wait_for_cache_expired()
|
|
|
|
|
2022-09-19 15:54:00 +00:00
|
|
|
with allure.step(f"Check only {not_deny_role_str} has full access to container"):
|
2022-09-05 12:12:56 +00:00
|
|
|
with allure.step(
|
|
|
|
f"Check {deny_role_str} has not access to any operations with container"
|
|
|
|
):
|
|
|
|
check_no_access_to_container(
|
2022-10-13 18:53:44 +00:00
|
|
|
deny_role_wallet.wallet_path,
|
|
|
|
cid,
|
|
|
|
object_oids[0],
|
|
|
|
file_path,
|
2022-12-05 22:31:45 +00:00
|
|
|
shell=self.shell,
|
|
|
|
cluster=self.cluster,
|
2022-09-05 12:12:56 +00:00
|
|
|
)
|
|
|
|
|
|
|
|
with allure.step(
|
|
|
|
f"Check {not_deny_role_wallet} has full access to eACL public container"
|
|
|
|
):
|
|
|
|
check_full_access_to_container(
|
2022-10-13 18:53:44 +00:00
|
|
|
not_deny_role_wallet.wallet_path,
|
|
|
|
cid,
|
|
|
|
object_oids.pop(),
|
|
|
|
file_path,
|
2022-12-05 22:31:45 +00:00
|
|
|
shell=self.shell,
|
|
|
|
cluster=self.cluster,
|
2022-09-05 12:12:56 +00:00
|
|
|
)
|
|
|
|
|
|
|
|
with allure.step(f"Allow all operations for {deny_role_str} via eACL"):
|
|
|
|
eacl_deny = [
|
|
|
|
EACLRule(access=EACLAccess.ALLOW, role=deny_role, operation=op)
|
|
|
|
for op in EACLOperation
|
|
|
|
]
|
2022-10-13 18:53:44 +00:00
|
|
|
set_eacl(
|
|
|
|
user_wallet.wallet_path,
|
|
|
|
cid,
|
2022-12-05 22:31:45 +00:00
|
|
|
create_eacl(cid, eacl_deny, shell=self.shell),
|
|
|
|
shell=self.shell,
|
|
|
|
endpoint=self.cluster.default_rpc_endpoint,
|
2022-10-13 18:53:44 +00:00
|
|
|
)
|
2022-08-25 10:57:55 +00:00
|
|
|
wait_for_cache_expired()
|
|
|
|
|
2022-12-05 22:31:45 +00:00
|
|
|
with allure.step("Check all have full access to eACL public container"):
|
2022-09-05 12:12:56 +00:00
|
|
|
check_full_access_to_container(
|
2022-10-13 18:53:44 +00:00
|
|
|
user_wallet.wallet_path,
|
|
|
|
cid,
|
|
|
|
object_oids.pop(),
|
|
|
|
file_path,
|
2022-12-05 22:31:45 +00:00
|
|
|
shell=self.shell,
|
|
|
|
cluster=self.cluster,
|
2022-09-05 12:12:56 +00:00
|
|
|
)
|
|
|
|
check_full_access_to_container(
|
2022-10-13 18:53:44 +00:00
|
|
|
other_wallet.wallet_path,
|
|
|
|
cid,
|
|
|
|
object_oids.pop(),
|
|
|
|
file_path,
|
2022-12-05 22:31:45 +00:00
|
|
|
shell=self.shell,
|
|
|
|
cluster=self.cluster,
|
2022-09-05 12:12:56 +00:00
|
|
|
)
|
|
|
|
|
2023-01-09 12:46:03 +00:00
|
|
|
@allure.title("Testcase to allow FrostFS operations for only one other pubkey.")
|
2022-09-05 12:12:56 +00:00
|
|
|
def test_extended_acl_deny_all_operations_exclude_pubkey(
|
2023-05-15 09:59:33 +00:00
|
|
|
self, wallets: Wallets, eacl_container_with_objects: tuple[str, list[str], str]
|
2022-09-05 12:12:56 +00:00
|
|
|
):
|
2022-08-25 10:57:55 +00:00
|
|
|
user_wallet = wallets.get_wallet()
|
2022-09-19 15:54:00 +00:00
|
|
|
other_wallet, other_wallet_allow = wallets.get_wallets_list(EACLRole.OTHERS)[0:2]
|
2022-08-25 10:57:55 +00:00
|
|
|
cid, object_oids, file_path = eacl_container_with_objects
|
|
|
|
|
2022-09-19 15:54:00 +00:00
|
|
|
with allure.step("Deny all operations for others except single wallet via eACL"):
|
2022-09-05 12:12:56 +00:00
|
|
|
eacl = [
|
|
|
|
EACLRule(
|
|
|
|
access=EACLAccess.ALLOW,
|
|
|
|
role=other_wallet_allow.wallet_path,
|
|
|
|
operation=op,
|
|
|
|
)
|
|
|
|
for op in EACLOperation
|
|
|
|
]
|
|
|
|
eacl += [
|
|
|
|
EACLRule(access=EACLAccess.DENY, role=EACLRole.OTHERS, operation=op)
|
|
|
|
for op in EACLOperation
|
|
|
|
]
|
2022-10-13 18:53:44 +00:00
|
|
|
set_eacl(
|
|
|
|
user_wallet.wallet_path,
|
|
|
|
cid,
|
2022-12-05 22:31:45 +00:00
|
|
|
create_eacl(cid, eacl, shell=self.shell),
|
|
|
|
shell=self.shell,
|
|
|
|
endpoint=self.cluster.default_rpc_endpoint,
|
2022-10-13 18:53:44 +00:00
|
|
|
)
|
2022-08-25 10:57:55 +00:00
|
|
|
wait_for_cache_expired()
|
|
|
|
|
2022-09-19 15:54:00 +00:00
|
|
|
with allure.step("Check only owner and allowed other have full access to public container"):
|
2022-09-05 12:12:56 +00:00
|
|
|
with allure.step("Check other has not access to operations with container"):
|
|
|
|
check_no_access_to_container(
|
2022-10-13 18:53:44 +00:00
|
|
|
other_wallet.wallet_path,
|
|
|
|
cid,
|
|
|
|
object_oids[0],
|
|
|
|
file_path,
|
2022-12-05 22:31:45 +00:00
|
|
|
shell=self.shell,
|
|
|
|
cluster=self.cluster,
|
2022-09-05 12:12:56 +00:00
|
|
|
)
|
|
|
|
|
|
|
|
with allure.step("Check owner has full access to public container"):
|
|
|
|
check_full_access_to_container(
|
2022-10-13 18:53:44 +00:00
|
|
|
user_wallet.wallet_path,
|
|
|
|
cid,
|
|
|
|
object_oids.pop(),
|
|
|
|
file_path,
|
2022-12-05 22:31:45 +00:00
|
|
|
shell=self.shell,
|
|
|
|
cluster=self.cluster,
|
2022-09-05 12:12:56 +00:00
|
|
|
)
|
|
|
|
|
|
|
|
with allure.step("Check allowed other has full access to public container"):
|
|
|
|
check_full_access_to_container(
|
2022-10-13 18:53:44 +00:00
|
|
|
other_wallet_allow.wallet_path,
|
|
|
|
cid,
|
|
|
|
object_oids.pop(),
|
|
|
|
file_path,
|
2022-12-05 22:31:45 +00:00
|
|
|
shell=self.shell,
|
|
|
|
cluster=self.cluster,
|
2022-09-05 12:12:56 +00:00
|
|
|
)
|
|
|
|
|
2023-01-09 12:46:03 +00:00
|
|
|
@allure.title("Testcase to validate FrostFS replication with eACL deny rules.")
|
2022-09-05 12:12:56 +00:00
|
|
|
def test_extended_acl_deny_replication(
|
2022-10-13 16:13:45 +00:00
|
|
|
self,
|
2023-05-15 09:59:33 +00:00
|
|
|
wallets: Wallets,
|
|
|
|
eacl_full_placement_container_with_object: tuple[str, list[str], str],
|
2022-09-05 12:12:56 +00:00
|
|
|
):
|
2022-08-25 10:57:55 +00:00
|
|
|
user_wallet = wallets.get_wallet()
|
|
|
|
cid, oid, file_path = eacl_full_placement_container_with_object
|
2022-12-05 22:31:45 +00:00
|
|
|
storage_nodes = self.cluster.storage_nodes
|
|
|
|
storage_node = self.cluster.storage_nodes[0]
|
2022-08-25 10:57:55 +00:00
|
|
|
|
2022-09-05 12:12:56 +00:00
|
|
|
with allure.step("Deny all operations for user via eACL"):
|
|
|
|
eacl_deny = [
|
|
|
|
EACLRule(access=EACLAccess.DENY, role=EACLRole.USER, operation=op)
|
|
|
|
for op in EACLOperation
|
|
|
|
]
|
|
|
|
eacl_deny += [
|
|
|
|
EACLRule(access=EACLAccess.DENY, role=EACLRole.OTHERS, operation=op)
|
|
|
|
for op in EACLOperation
|
|
|
|
]
|
2022-10-13 18:53:44 +00:00
|
|
|
set_eacl(
|
|
|
|
user_wallet.wallet_path,
|
|
|
|
cid,
|
2022-12-05 22:31:45 +00:00
|
|
|
create_eacl(cid, eacl_deny, shell=self.shell),
|
|
|
|
shell=self.shell,
|
|
|
|
endpoint=self.cluster.default_rpc_endpoint,
|
2022-10-13 18:53:44 +00:00
|
|
|
)
|
2022-08-25 10:57:55 +00:00
|
|
|
wait_for_cache_expired()
|
|
|
|
|
2022-09-05 12:12:56 +00:00
|
|
|
with allure.step("Drop object to check replication"):
|
2022-12-05 22:31:45 +00:00
|
|
|
drop_object(storage_node, cid=cid, oid=oid)
|
2022-08-25 10:57:55 +00:00
|
|
|
|
2022-12-05 22:31:45 +00:00
|
|
|
storage_wallet_path = storage_node.get_wallet_path()
|
2022-09-05 12:12:56 +00:00
|
|
|
with allure.step("Wait for dropped object replicated"):
|
2022-12-05 22:31:45 +00:00
|
|
|
wait_object_replication(
|
|
|
|
cid,
|
|
|
|
oid,
|
|
|
|
len(storage_nodes),
|
|
|
|
self.shell,
|
|
|
|
storage_nodes,
|
2022-10-18 07:10:58 +00:00
|
|
|
)
|
2022-09-19 15:54:00 +00:00
|
|
|
|
2023-01-09 12:46:03 +00:00
|
|
|
@allure.title("Testcase to validate FrostFS system operations with extended ACL")
|
2023-05-15 09:59:33 +00:00
|
|
|
def test_extended_actions_system(
|
|
|
|
self, wallets: Wallets, eacl_container_with_objects: tuple[str, list[str], str]
|
|
|
|
):
|
2022-09-19 15:54:00 +00:00
|
|
|
user_wallet = wallets.get_wallet()
|
|
|
|
ir_wallet, storage_wallet = wallets.get_wallets_list(role=EACLRole.SYSTEM)[:2]
|
|
|
|
|
|
|
|
cid, object_oids, file_path = eacl_container_with_objects
|
2022-12-05 22:31:45 +00:00
|
|
|
endpoint = self.cluster.default_rpc_endpoint
|
2022-09-19 15:54:00 +00:00
|
|
|
|
|
|
|
with allure.step("Check IR and STORAGE rules compliance"):
|
2022-10-04 08:22:04 +00:00
|
|
|
assert not can_put_object(
|
2022-10-13 18:53:44 +00:00
|
|
|
ir_wallet.wallet_path,
|
|
|
|
cid,
|
|
|
|
file_path,
|
2022-12-05 22:31:45 +00:00
|
|
|
shell=self.shell,
|
|
|
|
cluster=self.cluster,
|
2022-10-13 18:53:44 +00:00
|
|
|
wallet_config=ir_wallet.config_path,
|
2022-10-04 08:22:04 +00:00
|
|
|
)
|
|
|
|
assert can_put_object(
|
2022-10-13 18:53:44 +00:00
|
|
|
storage_wallet.wallet_path,
|
|
|
|
cid,
|
|
|
|
file_path,
|
2022-12-05 22:31:45 +00:00
|
|
|
shell=self.shell,
|
|
|
|
cluster=self.cluster,
|
2022-10-13 18:53:44 +00:00
|
|
|
wallet_config=storage_wallet.config_path,
|
2022-10-04 08:22:04 +00:00
|
|
|
)
|
2022-09-19 15:54:00 +00:00
|
|
|
|
2022-10-04 08:22:04 +00:00
|
|
|
assert can_get_object(
|
|
|
|
ir_wallet.wallet_path,
|
|
|
|
cid,
|
|
|
|
object_oids[0],
|
|
|
|
file_path,
|
2022-12-05 22:31:45 +00:00
|
|
|
shell=self.shell,
|
|
|
|
cluster=self.cluster,
|
2022-10-04 08:22:04 +00:00
|
|
|
wallet_config=ir_wallet.config_path,
|
|
|
|
)
|
|
|
|
assert can_get_object(
|
|
|
|
storage_wallet.wallet_path,
|
|
|
|
cid,
|
|
|
|
object_oids[0],
|
|
|
|
file_path,
|
2022-12-05 22:31:45 +00:00
|
|
|
shell=self.shell,
|
|
|
|
cluster=self.cluster,
|
2022-10-04 08:22:04 +00:00
|
|
|
wallet_config=storage_wallet.config_path,
|
|
|
|
)
|
2022-09-19 15:54:00 +00:00
|
|
|
|
2022-10-04 08:22:04 +00:00
|
|
|
assert can_get_head_object(
|
2022-10-13 18:53:44 +00:00
|
|
|
ir_wallet.wallet_path,
|
|
|
|
cid,
|
|
|
|
object_oids[0],
|
2022-12-05 22:31:45 +00:00
|
|
|
shell=self.shell,
|
|
|
|
endpoint=endpoint,
|
2022-10-13 18:53:44 +00:00
|
|
|
wallet_config=ir_wallet.config_path,
|
2022-10-04 08:22:04 +00:00
|
|
|
)
|
|
|
|
assert can_get_head_object(
|
|
|
|
storage_wallet.wallet_path,
|
|
|
|
cid,
|
|
|
|
object_oids[0],
|
2022-12-05 22:31:45 +00:00
|
|
|
shell=self.shell,
|
|
|
|
endpoint=endpoint,
|
2022-10-04 08:22:04 +00:00
|
|
|
wallet_config=storage_wallet.config_path,
|
|
|
|
)
|
2022-09-19 15:54:00 +00:00
|
|
|
|
2022-10-04 08:22:04 +00:00
|
|
|
assert can_search_object(
|
2022-10-13 18:53:44 +00:00
|
|
|
ir_wallet.wallet_path,
|
|
|
|
cid,
|
2022-12-05 22:31:45 +00:00
|
|
|
shell=self.shell,
|
|
|
|
endpoint=endpoint,
|
2022-10-13 18:53:44 +00:00
|
|
|
oid=object_oids[0],
|
|
|
|
wallet_config=ir_wallet.config_path,
|
2022-10-04 08:22:04 +00:00
|
|
|
)
|
|
|
|
assert can_search_object(
|
|
|
|
storage_wallet.wallet_path,
|
|
|
|
cid,
|
2022-12-05 22:31:45 +00:00
|
|
|
shell=self.shell,
|
|
|
|
endpoint=endpoint,
|
2022-10-13 18:53:44 +00:00
|
|
|
oid=object_oids[0],
|
2022-10-04 08:22:04 +00:00
|
|
|
wallet_config=storage_wallet.config_path,
|
|
|
|
)
|
2022-09-19 15:54:00 +00:00
|
|
|
|
|
|
|
with pytest.raises(AssertionError):
|
2022-10-04 08:22:04 +00:00
|
|
|
assert can_get_range_of_object(
|
2022-10-13 18:53:44 +00:00
|
|
|
wallet=ir_wallet.wallet_path,
|
|
|
|
cid=cid,
|
|
|
|
oid=object_oids[0],
|
2022-12-05 22:31:45 +00:00
|
|
|
shell=self.shell,
|
|
|
|
endpoint=endpoint,
|
2022-10-13 18:53:44 +00:00
|
|
|
wallet_config=ir_wallet.config_path,
|
2022-10-04 08:22:04 +00:00
|
|
|
)
|
2022-09-19 15:54:00 +00:00
|
|
|
with pytest.raises(AssertionError):
|
2022-10-04 08:22:04 +00:00
|
|
|
assert can_get_range_of_object(
|
2022-10-13 18:53:44 +00:00
|
|
|
wallet=storage_wallet.wallet_path,
|
|
|
|
cid=cid,
|
|
|
|
oid=object_oids[0],
|
2022-12-05 22:31:45 +00:00
|
|
|
shell=self.shell,
|
|
|
|
endpoint=endpoint,
|
2022-10-04 08:22:04 +00:00
|
|
|
wallet_config=storage_wallet.config_path,
|
|
|
|
)
|
2022-09-19 15:54:00 +00:00
|
|
|
|
2022-10-19 14:22:54 +00:00
|
|
|
assert can_get_range_hash_of_object(
|
|
|
|
wallet=ir_wallet.wallet_path,
|
|
|
|
cid=cid,
|
|
|
|
oid=object_oids[0],
|
2022-12-05 22:31:45 +00:00
|
|
|
shell=self.shell,
|
|
|
|
endpoint=endpoint,
|
2022-10-19 14:22:54 +00:00
|
|
|
wallet_config=ir_wallet.config_path,
|
|
|
|
)
|
|
|
|
|
|
|
|
assert can_get_range_hash_of_object(
|
|
|
|
wallet=storage_wallet.wallet_path,
|
|
|
|
cid=cid,
|
|
|
|
oid=object_oids[0],
|
2022-12-05 22:31:45 +00:00
|
|
|
shell=self.shell,
|
|
|
|
endpoint=endpoint,
|
2022-10-19 14:22:54 +00:00
|
|
|
wallet_config=storage_wallet.config_path,
|
|
|
|
)
|
2022-09-19 15:54:00 +00:00
|
|
|
|
|
|
|
with pytest.raises(AssertionError):
|
2022-10-04 08:22:04 +00:00
|
|
|
assert can_delete_object(
|
2022-10-13 18:53:44 +00:00
|
|
|
wallet=ir_wallet.wallet_path,
|
|
|
|
cid=cid,
|
|
|
|
oid=object_oids[0],
|
2022-12-05 22:31:45 +00:00
|
|
|
shell=self.shell,
|
|
|
|
endpoint=endpoint,
|
2022-10-13 18:53:44 +00:00
|
|
|
wallet_config=ir_wallet.config_path,
|
2022-10-04 08:22:04 +00:00
|
|
|
)
|
2022-09-19 15:54:00 +00:00
|
|
|
with pytest.raises(AssertionError):
|
2022-10-04 08:22:04 +00:00
|
|
|
assert can_delete_object(
|
2022-10-13 18:53:44 +00:00
|
|
|
wallet=storage_wallet.wallet_path,
|
|
|
|
cid=cid,
|
|
|
|
oid=object_oids[0],
|
2022-12-05 22:31:45 +00:00
|
|
|
shell=self.shell,
|
|
|
|
endpoint=endpoint,
|
2022-10-04 08:22:04 +00:00
|
|
|
wallet_config=storage_wallet.config_path,
|
|
|
|
)
|
2022-09-19 15:54:00 +00:00
|
|
|
|
|
|
|
with allure.step("Deny all operations for SYSTEM via eACL"):
|
|
|
|
set_eacl(
|
|
|
|
user_wallet.wallet_path,
|
|
|
|
cid,
|
|
|
|
create_eacl(
|
2022-10-13 18:53:44 +00:00
|
|
|
cid=cid,
|
|
|
|
rules_list=[
|
2022-09-19 15:54:00 +00:00
|
|
|
EACLRule(access=EACLAccess.DENY, role=EACLRole.SYSTEM, operation=op)
|
|
|
|
for op in EACLOperation
|
|
|
|
],
|
2022-12-05 22:31:45 +00:00
|
|
|
shell=self.shell,
|
2022-09-19 15:54:00 +00:00
|
|
|
),
|
2022-12-05 22:31:45 +00:00
|
|
|
shell=self.shell,
|
|
|
|
endpoint=endpoint,
|
2022-09-19 15:54:00 +00:00
|
|
|
)
|
|
|
|
wait_for_cache_expired()
|
|
|
|
|
|
|
|
with allure.step("Check IR and STORAGE rules compliance with deny eACL"):
|
2022-10-04 08:22:04 +00:00
|
|
|
assert not can_put_object(
|
2022-10-13 18:53:44 +00:00
|
|
|
wallet=ir_wallet.wallet_path,
|
|
|
|
cid=cid,
|
|
|
|
file_name=file_path,
|
2022-12-05 22:31:45 +00:00
|
|
|
shell=self.shell,
|
|
|
|
cluster=self.cluster,
|
2022-10-13 18:53:44 +00:00
|
|
|
wallet_config=ir_wallet.config_path,
|
2022-10-04 08:22:04 +00:00
|
|
|
)
|
|
|
|
assert not can_put_object(
|
2022-10-13 18:53:44 +00:00
|
|
|
wallet=storage_wallet.wallet_path,
|
|
|
|
cid=cid,
|
|
|
|
file_name=file_path,
|
2022-12-05 22:31:45 +00:00
|
|
|
shell=self.shell,
|
|
|
|
cluster=self.cluster,
|
2022-10-13 18:53:44 +00:00
|
|
|
wallet_config=storage_wallet.config_path,
|
2022-10-04 08:22:04 +00:00
|
|
|
)
|
2022-09-19 15:54:00 +00:00
|
|
|
|
|
|
|
with pytest.raises(AssertionError):
|
2022-10-04 08:22:04 +00:00
|
|
|
assert can_get_object(
|
2022-10-13 18:53:44 +00:00
|
|
|
wallet=ir_wallet.wallet_path,
|
|
|
|
cid=cid,
|
|
|
|
oid=object_oids[0],
|
|
|
|
file_name=file_path,
|
2022-12-05 22:31:45 +00:00
|
|
|
shell=self.shell,
|
|
|
|
cluster=self.cluster,
|
2022-10-04 08:22:04 +00:00
|
|
|
wallet_config=ir_wallet.config_path,
|
|
|
|
)
|
2022-09-19 15:54:00 +00:00
|
|
|
with pytest.raises(AssertionError):
|
2022-10-04 08:22:04 +00:00
|
|
|
assert can_get_object(
|
2022-10-13 18:53:44 +00:00
|
|
|
wallet=storage_wallet.wallet_path,
|
|
|
|
cid=cid,
|
|
|
|
oid=object_oids[0],
|
|
|
|
file_name=file_path,
|
2022-12-05 22:31:45 +00:00
|
|
|
shell=self.shell,
|
|
|
|
cluster=self.cluster,
|
2022-10-04 08:22:04 +00:00
|
|
|
wallet_config=storage_wallet.config_path,
|
|
|
|
)
|
2022-09-19 15:54:00 +00:00
|
|
|
|
|
|
|
with pytest.raises(AssertionError):
|
2022-10-04 08:22:04 +00:00
|
|
|
assert can_get_head_object(
|
2022-10-13 18:53:44 +00:00
|
|
|
wallet=ir_wallet.wallet_path,
|
|
|
|
cid=cid,
|
|
|
|
oid=object_oids[0],
|
2022-12-05 22:31:45 +00:00
|
|
|
shell=self.shell,
|
|
|
|
endpoint=endpoint,
|
2022-10-13 18:53:44 +00:00
|
|
|
wallet_config=ir_wallet.config_path,
|
2022-10-04 08:22:04 +00:00
|
|
|
)
|
2022-09-19 15:54:00 +00:00
|
|
|
with pytest.raises(AssertionError):
|
2022-10-04 08:22:04 +00:00
|
|
|
assert can_get_head_object(
|
2022-10-13 18:53:44 +00:00
|
|
|
wallet=storage_wallet.wallet_path,
|
|
|
|
cid=cid,
|
|
|
|
oid=object_oids[0],
|
2022-12-05 22:31:45 +00:00
|
|
|
shell=self.shell,
|
|
|
|
endpoint=endpoint,
|
2022-10-04 08:22:04 +00:00
|
|
|
wallet_config=storage_wallet.config_path,
|
|
|
|
)
|
2022-09-19 15:54:00 +00:00
|
|
|
|
|
|
|
with pytest.raises(AssertionError):
|
2022-10-04 08:22:04 +00:00
|
|
|
assert can_search_object(
|
2022-10-13 18:53:44 +00:00
|
|
|
wallet=ir_wallet.wallet_path,
|
|
|
|
cid=cid,
|
2022-12-05 22:31:45 +00:00
|
|
|
shell=self.shell,
|
|
|
|
endpoint=endpoint,
|
2022-10-13 18:53:44 +00:00
|
|
|
oid=object_oids[0],
|
|
|
|
wallet_config=ir_wallet.config_path,
|
2022-10-04 08:22:04 +00:00
|
|
|
)
|
2022-09-19 15:54:00 +00:00
|
|
|
with pytest.raises(AssertionError):
|
2022-10-04 08:22:04 +00:00
|
|
|
assert can_search_object(
|
2022-10-13 18:53:44 +00:00
|
|
|
wallet=storage_wallet.wallet_path,
|
|
|
|
cid=cid,
|
2022-12-05 22:31:45 +00:00
|
|
|
shell=self.shell,
|
|
|
|
endpoint=endpoint,
|
2022-10-13 18:53:44 +00:00
|
|
|
oid=object_oids[0],
|
2022-10-04 08:22:04 +00:00
|
|
|
wallet_config=storage_wallet.config_path,
|
|
|
|
)
|
2022-09-19 15:54:00 +00:00
|
|
|
|
|
|
|
with pytest.raises(AssertionError):
|
2022-10-04 08:22:04 +00:00
|
|
|
assert can_get_range_of_object(
|
2022-10-13 18:53:44 +00:00
|
|
|
wallet=ir_wallet.wallet_path,
|
|
|
|
cid=cid,
|
|
|
|
oid=object_oids[0],
|
2022-12-05 22:31:45 +00:00
|
|
|
shell=self.shell,
|
|
|
|
endpoint=endpoint,
|
2022-10-13 18:53:44 +00:00
|
|
|
wallet_config=ir_wallet.config_path,
|
2022-10-04 08:22:04 +00:00
|
|
|
)
|
2022-09-19 15:54:00 +00:00
|
|
|
with pytest.raises(AssertionError):
|
2022-10-04 08:22:04 +00:00
|
|
|
assert can_get_range_of_object(
|
2022-10-13 18:53:44 +00:00
|
|
|
wallet=storage_wallet.wallet_path,
|
|
|
|
cid=cid,
|
|
|
|
oid=object_oids[0],
|
2022-12-05 22:31:45 +00:00
|
|
|
shell=self.shell,
|
|
|
|
endpoint=endpoint,
|
2022-10-04 08:22:04 +00:00
|
|
|
wallet_config=storage_wallet.config_path,
|
|
|
|
)
|
2022-09-19 15:54:00 +00:00
|
|
|
|
|
|
|
with pytest.raises(AssertionError):
|
2022-10-04 08:22:04 +00:00
|
|
|
assert can_get_range_hash_of_object(
|
2022-10-13 18:53:44 +00:00
|
|
|
wallet=ir_wallet.wallet_path,
|
|
|
|
cid=cid,
|
|
|
|
oid=object_oids[0],
|
2022-12-05 22:31:45 +00:00
|
|
|
shell=self.shell,
|
|
|
|
endpoint=endpoint,
|
2022-10-13 18:53:44 +00:00
|
|
|
wallet_config=ir_wallet.config_path,
|
2022-10-04 08:22:04 +00:00
|
|
|
)
|
2022-09-19 15:54:00 +00:00
|
|
|
with pytest.raises(AssertionError):
|
2022-10-04 08:22:04 +00:00
|
|
|
assert can_get_range_hash_of_object(
|
2022-10-13 18:53:44 +00:00
|
|
|
wallet=storage_wallet.wallet_path,
|
|
|
|
cid=cid,
|
|
|
|
oid=object_oids[0],
|
2022-12-05 22:31:45 +00:00
|
|
|
shell=self.shell,
|
|
|
|
endpoint=endpoint,
|
2022-10-04 08:22:04 +00:00
|
|
|
wallet_config=storage_wallet.config_path,
|
|
|
|
)
|
2022-09-19 15:54:00 +00:00
|
|
|
|
|
|
|
with pytest.raises(AssertionError):
|
2022-10-04 08:22:04 +00:00
|
|
|
assert can_delete_object(
|
2022-10-13 18:53:44 +00:00
|
|
|
wallet=ir_wallet.wallet_path,
|
|
|
|
cid=cid,
|
|
|
|
oid=object_oids[0],
|
2022-12-05 22:31:45 +00:00
|
|
|
shell=self.shell,
|
|
|
|
endpoint=endpoint,
|
2022-10-13 18:53:44 +00:00
|
|
|
wallet_config=ir_wallet.config_path,
|
2022-10-04 08:22:04 +00:00
|
|
|
)
|
2022-09-19 15:54:00 +00:00
|
|
|
with pytest.raises(AssertionError):
|
2022-10-04 08:22:04 +00:00
|
|
|
assert can_delete_object(
|
2022-10-13 18:53:44 +00:00
|
|
|
wallet=storage_wallet.wallet_path,
|
|
|
|
cid=cid,
|
|
|
|
oid=object_oids[0],
|
2022-12-05 22:31:45 +00:00
|
|
|
shell=self.shell,
|
|
|
|
endpoint=endpoint,
|
2022-10-04 08:22:04 +00:00
|
|
|
wallet_config=storage_wallet.config_path,
|
|
|
|
)
|
2022-09-19 15:54:00 +00:00
|
|
|
|
|
|
|
with allure.step("Allow all operations for SYSTEM via eACL"):
|
|
|
|
set_eacl(
|
|
|
|
user_wallet.wallet_path,
|
|
|
|
cid,
|
|
|
|
create_eacl(
|
2022-10-13 18:53:44 +00:00
|
|
|
cid=cid,
|
|
|
|
rules_list=[
|
2022-09-19 15:54:00 +00:00
|
|
|
EACLRule(access=EACLAccess.ALLOW, role=EACLRole.SYSTEM, operation=op)
|
|
|
|
for op in EACLOperation
|
|
|
|
],
|
2022-12-05 22:31:45 +00:00
|
|
|
shell=self.shell,
|
2022-09-19 15:54:00 +00:00
|
|
|
),
|
2022-12-05 22:31:45 +00:00
|
|
|
shell=self.shell,
|
|
|
|
endpoint=endpoint,
|
2022-09-05 12:12:56 +00:00
|
|
|
)
|
2022-09-19 15:54:00 +00:00
|
|
|
wait_for_cache_expired()
|
|
|
|
|
|
|
|
with allure.step("Check IR and STORAGE rules compliance with allow eACL"):
|
2022-10-04 08:22:04 +00:00
|
|
|
assert not can_put_object(
|
2022-10-13 18:53:44 +00:00
|
|
|
wallet=ir_wallet.wallet_path,
|
|
|
|
cid=cid,
|
|
|
|
file_name=file_path,
|
2022-12-05 22:31:45 +00:00
|
|
|
shell=self.shell,
|
|
|
|
cluster=self.cluster,
|
2022-10-13 18:53:44 +00:00
|
|
|
wallet_config=ir_wallet.config_path,
|
2022-10-04 08:22:04 +00:00
|
|
|
)
|
|
|
|
assert can_put_object(
|
2022-10-13 18:53:44 +00:00
|
|
|
wallet=storage_wallet.wallet_path,
|
|
|
|
cid=cid,
|
|
|
|
file_name=file_path,
|
2022-12-05 22:31:45 +00:00
|
|
|
shell=self.shell,
|
|
|
|
cluster=self.cluster,
|
2022-10-13 18:53:44 +00:00
|
|
|
wallet_config=storage_wallet.config_path,
|
2022-10-04 08:22:04 +00:00
|
|
|
)
|
2022-09-19 15:54:00 +00:00
|
|
|
|
2022-10-04 08:22:04 +00:00
|
|
|
assert can_get_object(
|
2022-10-13 18:53:44 +00:00
|
|
|
wallet=ir_wallet.wallet_path,
|
|
|
|
cid=cid,
|
|
|
|
oid=object_oids[0],
|
|
|
|
file_name=file_path,
|
2022-12-05 22:31:45 +00:00
|
|
|
shell=self.shell,
|
|
|
|
cluster=self.cluster,
|
2022-10-04 08:22:04 +00:00
|
|
|
wallet_config=ir_wallet.config_path,
|
|
|
|
)
|
|
|
|
assert can_get_object(
|
2022-10-13 18:53:44 +00:00
|
|
|
wallet=storage_wallet.wallet_path,
|
|
|
|
cid=cid,
|
|
|
|
oid=object_oids[0],
|
|
|
|
file_name=file_path,
|
2022-12-05 22:31:45 +00:00
|
|
|
shell=self.shell,
|
|
|
|
cluster=self.cluster,
|
2022-10-04 08:22:04 +00:00
|
|
|
wallet_config=storage_wallet.config_path,
|
|
|
|
)
|
2022-09-19 15:54:00 +00:00
|
|
|
|
2022-10-04 08:22:04 +00:00
|
|
|
assert can_get_head_object(
|
2022-10-13 18:53:44 +00:00
|
|
|
wallet=ir_wallet.wallet_path,
|
|
|
|
cid=cid,
|
|
|
|
oid=object_oids[0],
|
2022-12-05 22:31:45 +00:00
|
|
|
shell=self.shell,
|
|
|
|
endpoint=endpoint,
|
2022-10-13 18:53:44 +00:00
|
|
|
wallet_config=ir_wallet.config_path,
|
2022-10-04 08:22:04 +00:00
|
|
|
)
|
|
|
|
assert can_get_head_object(
|
2022-10-13 18:53:44 +00:00
|
|
|
wallet=storage_wallet.wallet_path,
|
|
|
|
cid=cid,
|
|
|
|
oid=object_oids[0],
|
2022-12-05 22:31:45 +00:00
|
|
|
shell=self.shell,
|
|
|
|
endpoint=endpoint,
|
2022-10-04 08:22:04 +00:00
|
|
|
wallet_config=storage_wallet.config_path,
|
|
|
|
)
|
2022-09-19 15:54:00 +00:00
|
|
|
|
2022-10-04 08:22:04 +00:00
|
|
|
assert can_search_object(
|
2022-10-13 18:53:44 +00:00
|
|
|
wallet=ir_wallet.wallet_path,
|
|
|
|
cid=cid,
|
2022-12-05 22:31:45 +00:00
|
|
|
shell=self.shell,
|
2022-10-13 18:53:44 +00:00
|
|
|
oid=object_oids[0],
|
2022-12-05 22:31:45 +00:00
|
|
|
endpoint=endpoint,
|
2022-10-13 18:53:44 +00:00
|
|
|
wallet_config=ir_wallet.config_path,
|
2022-10-04 08:22:04 +00:00
|
|
|
)
|
|
|
|
assert can_search_object(
|
2022-10-13 18:53:44 +00:00
|
|
|
wallet=storage_wallet.wallet_path,
|
|
|
|
cid=cid,
|
2022-12-05 22:31:45 +00:00
|
|
|
shell=self.shell,
|
2022-10-13 18:53:44 +00:00
|
|
|
oid=object_oids[0],
|
2022-12-05 22:31:45 +00:00
|
|
|
endpoint=endpoint,
|
2022-10-04 08:22:04 +00:00
|
|
|
wallet_config=storage_wallet.config_path,
|
|
|
|
)
|
2022-09-19 15:54:00 +00:00
|
|
|
|
|
|
|
with pytest.raises(AssertionError):
|
2022-10-04 08:22:04 +00:00
|
|
|
assert can_get_range_of_object(
|
2022-10-13 18:53:44 +00:00
|
|
|
wallet=ir_wallet.wallet_path,
|
|
|
|
cid=cid,
|
|
|
|
oid=object_oids[0],
|
2022-12-05 22:31:45 +00:00
|
|
|
shell=self.shell,
|
|
|
|
endpoint=endpoint,
|
2022-10-13 18:53:44 +00:00
|
|
|
wallet_config=ir_wallet.config_path,
|
2022-10-04 08:22:04 +00:00
|
|
|
)
|
2022-09-19 15:54:00 +00:00
|
|
|
with pytest.raises(AssertionError):
|
2022-10-04 08:22:04 +00:00
|
|
|
assert can_get_range_of_object(
|
2022-10-13 18:53:44 +00:00
|
|
|
wallet=storage_wallet.wallet_path,
|
|
|
|
cid=cid,
|
|
|
|
oid=object_oids[0],
|
2022-12-05 22:31:45 +00:00
|
|
|
shell=self.shell,
|
|
|
|
endpoint=endpoint,
|
2022-10-04 08:22:04 +00:00
|
|
|
wallet_config=storage_wallet.config_path,
|
|
|
|
)
|
2022-09-19 15:54:00 +00:00
|
|
|
|
2022-10-19 14:22:54 +00:00
|
|
|
assert can_get_range_hash_of_object(
|
|
|
|
wallet=ir_wallet.wallet_path,
|
|
|
|
cid=cid,
|
|
|
|
oid=object_oids[0],
|
2022-12-05 22:31:45 +00:00
|
|
|
shell=self.shell,
|
|
|
|
endpoint=endpoint,
|
2022-10-19 14:22:54 +00:00
|
|
|
wallet_config=ir_wallet.config_path,
|
|
|
|
)
|
|
|
|
|
|
|
|
assert can_get_range_hash_of_object(
|
|
|
|
wallet=storage_wallet.wallet_path,
|
|
|
|
cid=cid,
|
|
|
|
oid=object_oids[0],
|
2022-12-05 22:31:45 +00:00
|
|
|
shell=self.shell,
|
|
|
|
endpoint=endpoint,
|
2022-10-19 14:22:54 +00:00
|
|
|
wallet_config=storage_wallet.config_path,
|
|
|
|
)
|
2022-09-19 15:54:00 +00:00
|
|
|
|
|
|
|
with pytest.raises(AssertionError):
|
2022-10-04 08:22:04 +00:00
|
|
|
assert can_delete_object(
|
2022-10-13 18:53:44 +00:00
|
|
|
wallet=ir_wallet.wallet_path,
|
|
|
|
cid=cid,
|
|
|
|
oid=object_oids[0],
|
2022-12-05 22:31:45 +00:00
|
|
|
shell=self.shell,
|
|
|
|
endpoint=endpoint,
|
2022-10-13 18:53:44 +00:00
|
|
|
wallet_config=ir_wallet.config_path,
|
2022-10-04 08:22:04 +00:00
|
|
|
)
|
2022-09-19 15:54:00 +00:00
|
|
|
with pytest.raises(AssertionError):
|
2022-10-04 08:22:04 +00:00
|
|
|
assert can_delete_object(
|
2022-10-13 18:53:44 +00:00
|
|
|
wallet=storage_wallet.wallet_path,
|
|
|
|
cid=cid,
|
|
|
|
oid=object_oids[0],
|
2022-12-05 22:31:45 +00:00
|
|
|
shell=self.shell,
|
|
|
|
endpoint=endpoint,
|
2022-10-04 08:22:04 +00:00
|
|
|
wallet_config=storage_wallet.config_path,
|
|
|
|
)
|