2024-07-17 20:56:05 +00:00
|
|
|
import functools
|
|
|
|
|
from typing import Optional
|
2022-08-25 10:57:55 +00:00
|
|
|
|
2023-01-09 12:46:03 +00:00
|
|
|
from frostfs_testlib.shell import Shell
|
2023-05-15 09:59:33 +00:00
|
|
|
from frostfs_testlib.storage.cluster import Cluster
|
2024-07-17 20:56:05 +00:00
|
|
|
from frostfs_testlib.storage.dataclasses import ape
|
2024-03-11 16:34:54 +00:00
|
|
|
from frostfs_testlib.storage.dataclasses.wallet import WalletInfo
|
2023-02-27 16:54:27 +00:00
|
|
|
|
|
|
|
|
from pytest_tests.helpers.object_access import (
|
2022-09-28 12:07:16 +00:00
|
|
|
can_delete_object,
|
|
|
|
|
can_get_head_object,
|
|
|
|
|
can_get_object,
|
|
|
|
|
can_get_range_hash_of_object,
|
|
|
|
|
can_get_range_of_object,
|
|
|
|
|
can_put_object,
|
|
|
|
|
can_search_object,
|
|
|
|
|
)
|
2022-08-25 10:57:55 +00:00
|
|
|
|
2024-07-17 20:56:05 +00:00
|
|
|
ALL_OBJECT_OPERATIONS = ape.ObjectOperations.get_all()
|
2022-08-25 10:57:55 +00:00
|
|
|
|
2024-07-17 20:56:05 +00:00
|
|
|
FULL_ACCESS = {op: True for op in ALL_OBJECT_OPERATIONS}
|
|
|
|
|
NO_ACCESS = {op: False for op in ALL_OBJECT_OPERATIONS}
|
|
|
|
|
RO_ACCESS = {op: True if op not in [ape.ObjectOperations.PUT, ape.ObjectOperations.DELETE] else False for op in ALL_OBJECT_OPERATIONS}
|
2022-08-25 10:57:55 +00:00
|
|
|
|
|
|
|
|
|
2024-07-17 20:56:05 +00:00
|
|
|
def assert_access_to_container(
|
|
|
|
|
access_matrix: dict[ape.ObjectOperations, bool],
|
2024-03-11 16:34:54 +00:00
|
|
|
wallet: WalletInfo,
|
2022-09-28 12:07:16 +00:00
|
|
|
cid: str,
|
|
|
|
|
oid: str,
|
|
|
|
|
file_name: str,
|
2022-10-13 18:53:44 +00:00
|
|
|
shell: Shell,
|
2022-12-05 22:31:45 +00:00
|
|
|
cluster: Cluster,
|
2022-09-28 12:07:16 +00:00
|
|
|
bearer: Optional[str] = None,
|
|
|
|
|
xhdr: Optional[dict] = None,
|
|
|
|
|
):
|
2022-12-05 22:31:45 +00:00
|
|
|
endpoint = cluster.default_rpc_endpoint
|
2024-07-17 20:56:05 +00:00
|
|
|
results: dict = {}
|
2022-08-25 10:57:55 +00:00
|
|
|
|
2024-07-17 20:56:05 +00:00
|
|
|
results[ape.ObjectOperations.PUT] = can_put_object(wallet, cid, file_name, shell, cluster, bearer, xhdr)
|
|
|
|
|
results[ape.ObjectOperations.HEAD] = can_get_head_object(wallet, cid, oid, shell, endpoint, bearer, xhdr)
|
|
|
|
|
results[ape.ObjectOperations.GET_RANGE] = can_get_range_of_object(wallet, cid, oid, shell, endpoint, bearer, xhdr)
|
|
|
|
|
results[ape.ObjectOperations.GET_RANGE_HASH] = can_get_range_hash_of_object(wallet, cid, oid, shell, endpoint, bearer, xhdr)
|
|
|
|
|
results[ape.ObjectOperations.SEARCH] = can_search_object(wallet, cid, shell, endpoint, oid, bearer, xhdr)
|
|
|
|
|
results[ape.ObjectOperations.GET] = can_get_object(wallet, cid, oid, file_name, shell, cluster, bearer, xhdr)
|
|
|
|
|
results[ape.ObjectOperations.DELETE] = can_delete_object(wallet, cid, oid, shell, endpoint, bearer, xhdr)
|
2022-08-25 10:57:55 +00:00
|
|
|
|
2022-09-28 12:07:16 +00:00
|
|
|
failed_checks = [
|
2024-07-17 20:56:05 +00:00
|
|
|
f"allowed {action} failed" for action, success in results.items() if not success and access_matrix[action] != results[action]
|
|
|
|
|
] + [f"denied {action} succeeded" for action, success in results.items() if success and access_matrix[action] != results[action]]
|
2022-08-25 10:57:55 +00:00
|
|
|
|
|
|
|
|
assert not failed_checks, ", ".join(failed_checks)
|
|
|
|
|
|
|
|
|
|
|
2024-07-17 20:56:05 +00:00
|
|
|
assert_full_access_to_container = functools.partial(assert_access_to_container, FULL_ACCESS)
|
|
|
|
|
assert_no_access_to_container = functools.partial(assert_access_to_container, NO_ACCESS)
|
|
|
|
|
assert_read_only_container = functools.partial(assert_access_to_container, RO_ACCESS)
|
