[#103] Test to check eACL filter keys for objects
Signed-off-by: Elizaveta Chichindaeva <elizaveta@nspcc.ru>
This commit is contained in:
parent
dcab3a5745
commit
d6a73a2b23
14 changed files with 569 additions and 37 deletions
|
@ -1,4 +1,4 @@
|
||||||
robotframework==3.2.1
|
robotframework==4.1.2
|
||||||
requests==2.25.1
|
requests==2.25.1
|
||||||
pexpect==4.8.0
|
pexpect==4.8.0
|
||||||
boto3==1.16.33
|
boto3==1.16.33
|
||||||
|
|
|
@ -569,63 +569,74 @@ def decode_object_system_header_json(header):
|
||||||
# Header - Constant attributes
|
# Header - Constant attributes
|
||||||
|
|
||||||
# ID
|
# ID
|
||||||
ID = json_header["objectID"]["value"]
|
oid = json_header["objectID"]["value"]
|
||||||
if ID is not None:
|
if oid is not None:
|
||||||
result_header["ID"] = _json_cli_decode(ID)
|
result_header["ID"] = _json_cli_decode(oid)
|
||||||
else:
|
else:
|
||||||
raise Exception(f"no ID was parsed from header: \t{header}" )
|
raise Exception(f"no ID was parsed from header: \t{header}" )
|
||||||
|
|
||||||
# CID
|
# CID
|
||||||
CID = json_header["header"]["containerID"]["value"]
|
cid = json_header["header"]["containerID"]["value"]
|
||||||
if CID is not None:
|
if cid is not None:
|
||||||
result_header["CID"] = _json_cli_decode(CID)
|
result_header["CID"] = _json_cli_decode(cid)
|
||||||
else:
|
else:
|
||||||
raise Exception(f"no CID was parsed from header: \t{header}")
|
raise Exception(f"no CID was parsed from header: \t{header}")
|
||||||
|
|
||||||
# OwnerID
|
# OwnerID
|
||||||
OwnerID = json_header["header"]["ownerID"]["value"]
|
owner_id = json_header["header"]["ownerID"]["value"]
|
||||||
if OwnerID is not None:
|
if owner_id is not None:
|
||||||
result_header["OwnerID"] = _json_cli_decode(OwnerID)
|
result_header["OwnerID"] = _json_cli_decode(owner_id)
|
||||||
else:
|
else:
|
||||||
raise Exception(f"no OwnerID was parsed from header: \t{header}")
|
raise Exception(f"no OwnerID was parsed from header: \t{header}")
|
||||||
|
|
||||||
# CreatedAtEpoch
|
# CreatedAtEpoch
|
||||||
CreatedAtEpoch = json_header["header"]["creationEpoch"]
|
created_at_epoch = json_header["header"]["creationEpoch"]
|
||||||
if CreatedAtEpoch is not None:
|
if created_at_epoch is not None:
|
||||||
result_header["CreatedAtEpoch"] = CreatedAtEpoch
|
result_header["CreatedAtEpoch"] = created_at_epoch
|
||||||
else:
|
else:
|
||||||
raise Exception(f"no CreatedAtEpoch was parsed from header: \t{header}")
|
raise Exception(f"no CreatedAtEpoch was parsed from header: \t{header}")
|
||||||
|
|
||||||
# PayloadLength
|
# PayloadLength
|
||||||
PayloadLength = json_header["header"]["payloadLength"]
|
payload_length = json_header["header"]["payloadLength"]
|
||||||
if PayloadLength is not None:
|
if payload_length is not None:
|
||||||
result_header["PayloadLength"] = PayloadLength
|
result_header["PayloadLength"] = payload_length
|
||||||
else:
|
else:
|
||||||
raise Exception(f"no PayloadLength was parsed from header: \t{header}")
|
raise Exception(f"no PayloadLength was parsed from header: \t{header}")
|
||||||
|
|
||||||
|
|
||||||
# HomoHash
|
# HomoHash
|
||||||
HomoHash = json_header["header"]["homomorphicHash"]["sum"]
|
homo_hash = json_header["header"]["homomorphicHash"]["sum"]
|
||||||
if HomoHash is not None:
|
if homo_hash is not None:
|
||||||
result_header["HomoHash"] = _json_cli_decode(HomoHash)
|
homo_hash_64_d = base64.b64decode(homo_hash)
|
||||||
|
homo_hash_bytes = binascii.hexlify(homo_hash_64_d)
|
||||||
|
result_header["HomoHash"] = bytes.decode(homo_hash_bytes)
|
||||||
else:
|
else:
|
||||||
raise Exception(f"no HomoHash was parsed from header: \t{header}")
|
raise Exception(f"no HomoHash was parsed from header: \t{header}")
|
||||||
|
|
||||||
# Checksum
|
# PayloadHash
|
||||||
Checksum = json_header["header"]["payloadHash"]["sum"]
|
payload_hash = json_header["header"]["payloadHash"]["sum"]
|
||||||
if Checksum is not None:
|
if payload_hash is not None:
|
||||||
Checksum_64_d = base64.b64decode(Checksum)
|
payload_hash_64_d = base64.b64decode(payload_hash)
|
||||||
result_header["Checksum"] = binascii.hexlify(Checksum_64_d)
|
payload_hash_bytes = binascii.hexlify(payload_hash_64_d)
|
||||||
|
result_header["PayloadHash"] = bytes.decode(payload_hash_bytes)
|
||||||
else:
|
else:
|
||||||
raise Exception(f"no Checksum was parsed from header: \t{header}")
|
raise Exception(f"no Checksum was parsed from header: \t{header}")
|
||||||
|
|
||||||
# Type
|
# Type
|
||||||
Type = json_header["header"]["objectType"]
|
object_type = json_header["header"]["objectType"]
|
||||||
if Type is not None:
|
if object_type is not None:
|
||||||
result_header["Type"] = Type
|
result_header["Type"] = object_type
|
||||||
else:
|
else:
|
||||||
raise Exception(f"no Type was parsed from header: \t{header}")
|
raise Exception(f"no Type was parsed from header: \t{header}")
|
||||||
|
|
||||||
|
# Version
|
||||||
|
version = json_header["header"]["version"]
|
||||||
|
if version is not None:
|
||||||
|
version_full = f'v{version["major"]}.{version["minor"]}'
|
||||||
|
result_header["Version"] = version_full
|
||||||
|
else:
|
||||||
|
raise Exception(f"no version was parsed from header: \t{header}" )
|
||||||
|
|
||||||
# Header - Optional attributes
|
# Header - Optional attributes
|
||||||
|
|
||||||
# Attributes
|
# Attributes
|
||||||
|
@ -762,7 +773,6 @@ def get_control_endpoint_with_wif(endpoint_number: str = ''):
|
||||||
|
|
||||||
return endpoint_num, endpoint_control, wif
|
return endpoint_num, endpoint_control, wif
|
||||||
|
|
||||||
|
|
||||||
@keyword('Get Locode')
|
@keyword('Get Locode')
|
||||||
def get_locode():
|
def get_locode():
|
||||||
endpoint_values = random.choice(list(NEOFS_NETMAP_DICT.values()))
|
endpoint_values = random.choice(list(NEOFS_NETMAP_DICT.values()))
|
||||||
|
|
|
@ -141,14 +141,14 @@ Check eACL MatchType String Equal Object
|
||||||
[Arguments] ${USER_KEY} ${OTHER_KEY}
|
[Arguments] ${USER_KEY} ${OTHER_KEY}
|
||||||
|
|
||||||
${CID} = Create Container Public ${USER_KEY}
|
${CID} = Create Container Public ${USER_KEY}
|
||||||
${S_OID_USER} = Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER}
|
${S_OID_USER} = Put Object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER}
|
||||||
|
|
||||||
${HEADER} = Head object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} json_output=True
|
${HEADER} = Head Object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} json_output=True
|
||||||
&{HEADER_DICT} = Decode Object System Header Json ${HEADER}
|
&{HEADER_DICT} = Decode Object System Header Json ${HEADER}
|
||||||
Get object ${OTHER_KEY} ${CID} ${S_OID_USER} ${EMPTY} ${PATH}
|
Get Object ${OTHER_KEY} ${CID} ${S_OID_USER} ${EMPTY} ${PATH}
|
||||||
|
|
||||||
|
|
||||||
Log Set eACL for Deny GET operation with StringEqual Object ID
|
Log Set eACL for Deny GET operation with StringEqual Object ID
|
||||||
${ID_value} = Get From Dictionary ${HEADER_DICT} ID
|
${ID_value} = Get From Dictionary ${HEADER_DICT} ID
|
||||||
|
|
||||||
${filters} = Create Dictionary headerType=OBJECT matchType=STRING_EQUAL key=$Object:objectID value=${ID_value}
|
${filters} = Create Dictionary headerType=OBJECT matchType=STRING_EQUAL key=$Object:objectID value=${ID_value}
|
||||||
|
@ -158,22 +158,22 @@ Check eACL MatchType String Equal Object
|
||||||
|
|
||||||
Set eACL ${USER_KEY} ${CID} ${EACL_CUSTOM}
|
Set eACL ${USER_KEY} ${CID} ${EACL_CUSTOM}
|
||||||
Run Keyword And Expect Error *
|
Run Keyword And Expect Error *
|
||||||
... Get object ${OTHER_KEY} ${CID} ${S_OID_USER} ${EMPTY} ${PATH}
|
... Get object ${OTHER_KEY} ${CID} ${S_OID_USER} ${EMPTY} ${PATH}
|
||||||
|
|
||||||
|
|
||||||
Log Set eACL for Deny GET operation with StringEqual Object Extended User Header
|
Log Set eACL for Deny GET operation with StringEqual Object Extended User Header
|
||||||
${S_OID_USER_OTH} = Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_OTH_HEADER}
|
${S_OID_USER_OTH} = Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_OTH_HEADER}
|
||||||
|
|
||||||
${filters} = Create Dictionary headerType=OBJECT matchType=STRING_EQUAL key=key1 value=1
|
${filters} = Create Dictionary headerType=OBJECT matchType=STRING_EQUAL key=key1 value=1
|
||||||
${rule1} = Create Dictionary Operation=GET Access=DENY Role=OTHERS Filters=${filters}
|
${rule1} = Create Dictionary Operation=GET Access=DENY Role=OTHERS Filters=${filters}
|
||||||
${eACL_gen} = Create List ${rule1}
|
${eACL_gen} = Create List ${rule1}
|
||||||
${EACL_CUSTOM} = Form eACL JSON Common File ${eACL_gen}
|
${EACL_CUSTOM} = Form eACL JSON Common File ${eACL_gen}
|
||||||
|
|
||||||
|
|
||||||
Set eACL ${USER_KEY} ${CID} ${EACL_CUSTOM}
|
Set eACL ${USER_KEY} ${CID} ${EACL_CUSTOM}
|
||||||
Run Keyword And Expect Error *
|
Run Keyword And Expect Error *
|
||||||
... Get object ${OTHER_KEY} ${CID} ${S_OID_USER} ${EMPTY} ${PATH}
|
... Get object ${OTHER_KEY} ${CID} ${S_OID_USER} ${EMPTY} ${PATH}
|
||||||
Get object ${OTHER_KEY} ${CID} ${S_OID_USER_OTH} ${EMPTY} ${PATH}
|
Get object ${OTHER_KEY} ${CID} ${S_OID_USER_OTH} ${EMPTY} ${PATH}
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -1,12 +1,20 @@
|
||||||
*** Settings ***
|
*** Settings ***
|
||||||
Variables ../../../variables/common.py
|
Variables ../../../variables/common.py
|
||||||
|
Variables ../../../variables/eacl_object_filters.py
|
||||||
|
|
||||||
Library acl.py
|
Library acl.py
|
||||||
|
Library neofs.py
|
||||||
|
Library Collections
|
||||||
|
|
||||||
|
Resource common_steps_acl_basic.robot
|
||||||
|
Resource ../${RESOURCES}/payment_operations.robot
|
||||||
|
|
||||||
*** Variables ***
|
*** Variables ***
|
||||||
${FILE_USR_HEADER} = key1=1,key2=abc
|
${FILE_USR_HEADER} = key1=1,key2=abc
|
||||||
${FILE_USR_HEADER_DEL} = key1=del,key2=del
|
${FILE_USR_HEADER_DEL} = key1=del,key2=del
|
||||||
${FILE_OTH_HEADER} = key1=oth,key2=oth
|
${FILE_OTH_HEADER} = key1=oth,key2=oth
|
||||||
|
${OBJECT_PATH} = testfile
|
||||||
|
${EACL_ERR_MSG} = *
|
||||||
|
|
||||||
*** Keywords ***
|
*** Keywords ***
|
||||||
|
|
||||||
|
@ -80,3 +88,134 @@ Check eACL Deny and Allow All
|
||||||
Get Range Hash ${KEY} ${CID} ${S_OID_USER} ${EMPTY} 0:256
|
Get Range Hash ${KEY} ${CID} ${S_OID_USER} ${EMPTY} 0:256
|
||||||
Delete object ${KEY} ${CID} ${S_OID_USER} ${EMPTY}
|
Delete object ${KEY} ${CID} ${S_OID_USER} ${EMPTY}
|
||||||
|
|
||||||
|
Compose eACL Custom
|
||||||
|
[Arguments] ${HEADER_DICT} ${MATCH_TYPE} ${FILTER} ${ACCESS} ${ROLE}
|
||||||
|
|
||||||
|
${filter_value} = Get From dictionary ${HEADER_DICT} ${EACL_OBJ_FILTERS}[${FILTER}]
|
||||||
|
|
||||||
|
${filters} = Create Dictionary headerType=OBJECT matchType=${MATCH_TYPE} key=${FILTER} value=${filter_value}
|
||||||
|
${rule_get}= Create Dictionary Operation=GET Access=${ACCESS} Role=${ROLE} Filters=${filters}
|
||||||
|
${rule_head}= Create Dictionary Operation=HEAD Access=${ACCESS} Role=${ROLE} Filters=${filters}
|
||||||
|
${rule_put}= Create Dictionary Operation=PUT Access=${ACCESS} Role=${ROLE} Filters=${filters}
|
||||||
|
${rule_del}= Create Dictionary Operation=DELETE Access=${ACCESS} Role=${ROLE} Filters=${filters}
|
||||||
|
${rule_search}= Create Dictionary Operation=SEARCH Access=${ACCESS} Role=${ROLE} Filters=${filters}
|
||||||
|
${rule_range}= Create Dictionary Operation=GETRANGE Access=${ACCESS} Role=${ROLE} Filters=${filters}
|
||||||
|
${rule_rangehash}= Create Dictionary Operation=GETRANGEHASH Access=${ACCESS} Role=${ROLE} Filters=${filters}
|
||||||
|
|
||||||
|
${eACL_gen}= Create List ${rule_get} ${rule_head} ${rule_put} ${rule_del}
|
||||||
|
... ${rule_search} ${rule_range} ${rule_rangehash}
|
||||||
|
${EACL_CUSTOM} = Form eACL JSON Common File ${eACL_gen}
|
||||||
|
|
||||||
|
[Return] ${EACL_CUSTOM}
|
||||||
|
|
||||||
|
Object Header Decoded
|
||||||
|
[Arguments] ${USER_KEY} ${CID} ${S_OID_USER}
|
||||||
|
|
||||||
|
${HEADER} = Head Object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} json_output=True
|
||||||
|
&{HEADER_DICT} = Decode Object System Header Json ${HEADER}
|
||||||
|
|
||||||
|
[Return] &{HEADER_DICT}
|
||||||
|
|
||||||
|
Check eACL Filters with MatchType String Equal
|
||||||
|
[Arguments] ${FILTER}
|
||||||
|
|
||||||
|
${_} ${_} ${USER_KEY} = Prepare Wallet And Deposit
|
||||||
|
${_} ${_} ${OTHER_KEY} = Prepare Wallet And Deposit
|
||||||
|
|
||||||
|
${CID} = Create Container Public ${USER_KEY}
|
||||||
|
${FILE_S} ${_} = Generate file ${SIMPLE_OBJ_SIZE}
|
||||||
|
|
||||||
|
${S_OID_USER} = Put Object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER}
|
||||||
|
${D_OID_USER} = Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY}
|
||||||
|
@{S_OBJ_H} = Create List ${S_OID_USER}
|
||||||
|
|
||||||
|
Get Object ${OTHER_KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl
|
||||||
|
Search Object ${OTHER_KEY} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER} ${S_OBJ_H}
|
||||||
|
Head Object ${OTHER_KEY} ${CID} ${S_OID_USER} ${EMPTY}
|
||||||
|
Get Range ${OTHER_KEY} ${CID} ${S_OID_USER} s_get_range ${EMPTY} 0:256
|
||||||
|
Get Range Hash ${OTHER_KEY} ${CID} ${S_OID_USER} ${EMPTY} 0:256
|
||||||
|
Delete Object ${OTHER_KEY} ${CID} ${D_OID_USER} ${EMPTY}
|
||||||
|
|
||||||
|
&{HEADER_DICT} = Object Header Decoded ${USER_KEY} ${CID} ${S_OID_USER}
|
||||||
|
${EACL_CUSTOM} = Compose eACL Custom ${HEADER_DICT} STRING_EQUAL ${FILTER} DENY OTHERS
|
||||||
|
Set eACL ${USER_KEY} ${CID} ${EACL_CUSTOM}
|
||||||
|
|
||||||
|
IF 'GET' in ${VERB_FILTER_DEP}[${FILTER}]
|
||||||
|
Run Keyword And Expect Error ${EACL_ERR_MSG}
|
||||||
|
... Get object ${OTHER_KEY} ${CID} ${S_OID_USER} ${EMPTY} ${OBJECT_PATH}
|
||||||
|
END
|
||||||
|
IF 'HEAD' in ${VERB_FILTER_DEP}[${FILTER}]
|
||||||
|
Run Keyword And Expect error ${EACL_ERR_MSG}
|
||||||
|
... Head object ${OTHER_KEY} ${CID} ${S_OID_USER} ${EMPTY}
|
||||||
|
END
|
||||||
|
IF 'RANGE' in ${VERB_FILTER_DEP}[${FILTER}]
|
||||||
|
Run Keyword And Expect error ${EACL_ERR_MSG}
|
||||||
|
... Get Range ${OTHER_KEY} ${CID} ${S_OID_USER} s_get_range ${EMPTY} 0:256
|
||||||
|
END
|
||||||
|
IF 'SEARCH' in ${VERB_FILTER_DEP}[${FILTER}]
|
||||||
|
Run Keyword And Expect Error ${EACL_ERR_MSG}
|
||||||
|
... Search Object ${OTHER_KEY} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER} ${S_OBJ_H}
|
||||||
|
END
|
||||||
|
IF 'RANGEHASH' in ${VERB_FILTER_DEP}[${FILTER}]
|
||||||
|
Run Keyword And Expect error ${EACL_ERR_MSG}
|
||||||
|
... Get Range Hash ${OTHER_KEY} ${CID} ${S_OID_USER} ${EMPTY} 0:256
|
||||||
|
END
|
||||||
|
IF 'DELETE' in ${VERB_FILTER_DEP}[${FILTER}]
|
||||||
|
Run Keyword And Expect error ${EACL_ERR_MSG}
|
||||||
|
... Delete Object ${OTHER_KEY} ${CID} ${S_OID_USER} ${EMPTY}
|
||||||
|
END
|
||||||
|
|
||||||
|
Check eACL Filters with MatchType String Not Equal
|
||||||
|
[Arguments] ${FILTER}
|
||||||
|
|
||||||
|
${_} ${_} ${USER_KEY} = Prepare Wallet And Deposit
|
||||||
|
${_} ${_} ${OTHER_KEY} = Prepare Wallet And Deposit
|
||||||
|
|
||||||
|
${CID} = Create Container Public ${USER_KEY}
|
||||||
|
${FILE_S} ${_} = Generate file ${SIMPLE_OBJ_SIZE}
|
||||||
|
|
||||||
|
${S_OID_OTH} = Put Object ${OTHER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_OTH_HEADER}
|
||||||
|
${S_OID_USER} = Put Object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY} ${FILE_USR_HEADER}
|
||||||
|
${D_OID_USER} = Put object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY}
|
||||||
|
@{S_OBJ_H} = Create List ${S_OID_USER}
|
||||||
|
|
||||||
|
Get Object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} local_file_eacl
|
||||||
|
Head Object ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY}
|
||||||
|
Search Object ${USER_KEY} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER} ${S_OBJ_H}
|
||||||
|
Get Range ${USER_KEY} ${CID} ${S_OID_USER} s_get_range ${EMPTY} 0:256
|
||||||
|
Get Range Hash ${USER_KEY} ${CID} ${S_OID_USER} ${EMPTY} 0:256
|
||||||
|
|
||||||
|
&{HEADER_DICT} = Object Header Decoded ${USER_KEY} ${CID} ${S_OID_USER}
|
||||||
|
${EACL_CUSTOM} = Compose eACL Custom ${HEADER_DICT} STRING_NOT_EQUAL ${FILTER} DENY OTHERS
|
||||||
|
Set eACL ${USER_KEY} ${CID} ${EACL_CUSTOM}
|
||||||
|
|
||||||
|
IF 'GET' in ${VERB_FILTER_DEP}[${FILTER}]
|
||||||
|
Run Keyword And Expect Error ${EACL_ERR_MSG}
|
||||||
|
... Get object ${OTHER_KEY} ${CID} ${S_OID_OTH} ${EMPTY} ${OBJECT_PATH}
|
||||||
|
Get object ${OTHER_KEY} ${CID} ${S_OID_USER} ${EMPTY} ${OBJECT_PATH}
|
||||||
|
END
|
||||||
|
IF 'HEAD' in ${VERB_FILTER_DEP}[${FILTER}]
|
||||||
|
Run Keyword And Expect error ${EACL_ERR_MSG}
|
||||||
|
... Head object ${OTHER_KEY} ${CID} ${S_OID_OTH} ${EMPTY}
|
||||||
|
Head object ${OTHER_KEY} ${CID} ${S_OID_USER} ${EMPTY}
|
||||||
|
END
|
||||||
|
IF 'SEARCH' in ${VERB_FILTER_DEP}[${FILTER}]
|
||||||
|
Run Keyword And Expect error ${EACL_ERR_MSG}
|
||||||
|
... Search object ${OTHER_KEY} ${CID} ${EMPTY} ${EMPTY} ${FILE_OTH_HEADER} ${S_OBJ_H}
|
||||||
|
Search object ${OTHER_KEY} ${CID} ${EMPTY} ${EMPTY} ${FILE_USR_HEADER} ${S_OBJ_H}
|
||||||
|
END
|
||||||
|
IF 'RANGE' in ${VERB_FILTER_DEP}[${FILTER}]
|
||||||
|
Run Keyword And Expect error ${EACL_ERR_MSG}
|
||||||
|
... Get Range ${OTHER_KEY} ${CID} ${S_OID_OTH} s_get_range ${EMPTY} 0:256
|
||||||
|
Get Range ${OTHER_KEY} ${CID} ${S_OID_USER} s_get_range ${EMPTY} 0:256
|
||||||
|
END
|
||||||
|
IF 'RANGEHASH' in ${VERB_FILTER_DEP}[${FILTER}]
|
||||||
|
Run Keyword And Expect error ${EACL_ERR_MSG}
|
||||||
|
... Get Range Hash ${OTHER_KEY} ${CID} ${S_OID_OTH} ${EMPTY} 0:256
|
||||||
|
Get Range Hash ${OTHER_KEY} ${CID} ${S_OID_USER} ${EMPTY} 0:256
|
||||||
|
END
|
||||||
|
IF 'DELETE' in ${VERB_FILTER_DEP}[${FILTER}]
|
||||||
|
Run Keyword And Expect error ${EACL_ERR_MSG}
|
||||||
|
... Delete Object ${OTHER_KEY} ${CID} ${S_OID_OTH} ${EMPTY}
|
||||||
|
Delete Object ${OTHER_KEY} ${CID} ${S_OID_USER} ${EMPTY}
|
||||||
|
END
|
||||||
|
|
|
@ -0,0 +1,17 @@
|
||||||
|
*** Settings ***
|
||||||
|
|
||||||
|
Resource ../common_steps_acl_extended.robot
|
||||||
|
Resource ../../${RESOURCES}/setup_teardown.robot
|
||||||
|
|
||||||
|
*** Test cases ***
|
||||||
|
Container ID Object Filter for Extended ACL
|
||||||
|
[Documentation] Testcase to validate if $Object:containerID eACL filter is correctly handled.
|
||||||
|
[Tags] ACL eACL NeoFS NeoCLI
|
||||||
|
[Timeout] 20 min
|
||||||
|
|
||||||
|
[Setup] Setup
|
||||||
|
|
||||||
|
Log Check eACL containerID Filter with MatchType String Equal
|
||||||
|
Check eACL Filters with MatchType String Equal $Object:containerID
|
||||||
|
|
||||||
|
[Teardown] Teardown container_id_filter
|
|
@ -0,0 +1,62 @@
|
||||||
|
*** Settings ***
|
||||||
|
Variables ../../../../variables/common.py
|
||||||
|
Variables ../../../../variables/eacl_object_filters.py
|
||||||
|
|
||||||
|
Library acl.py
|
||||||
|
Library neofs.py
|
||||||
|
Library Collections
|
||||||
|
Library contract_keywords.py
|
||||||
|
|
||||||
|
Resource ../common_steps_acl_extended.robot
|
||||||
|
Resource ../common_steps_acl_basic.robot
|
||||||
|
Resource ../../${RESOURCES}/payment_operations.robot
|
||||||
|
Resource ../../${RESOURCES}/setup_teardown.robot
|
||||||
|
|
||||||
|
*** Variables ***
|
||||||
|
${OBJECT_PATH} = testfile
|
||||||
|
${EACL_ERR_MSG} = *
|
||||||
|
|
||||||
|
*** Test cases ***
|
||||||
|
Creation Epoch Object Filter for Extended ACL
|
||||||
|
[Documentation] Testcase to validate if $Object:creationEpoch eACL filter is correctly handled.
|
||||||
|
[Tags] ACL eACL NeoFS NeoCLI
|
||||||
|
[Timeout] 20 min
|
||||||
|
|
||||||
|
[Setup] Setup
|
||||||
|
|
||||||
|
Log Check eACL creationEpoch Filter with MatchType String Equal
|
||||||
|
Check eACL Filters with MatchType String Equal $Object:creationEpoch
|
||||||
|
Log Check eACL creationEpoch Filter with MatchType String Not Equal
|
||||||
|
Check $Object:creationEpoch Filter with MatchType String Not Equal $Object:creationEpoch
|
||||||
|
|
||||||
|
*** Keywords ***
|
||||||
|
|
||||||
|
Check $Object:creationEpoch Filter with MatchType String Not Equal
|
||||||
|
[Arguments] ${FILTER}
|
||||||
|
|
||||||
|
${_} ${_} ${USER_KEY} = Prepare Wallet And Deposit
|
||||||
|
${_} ${_} ${OTHER_KEY} = Prepare Wallet And Deposit
|
||||||
|
|
||||||
|
${CID} = Create Container Public ${USER_KEY}
|
||||||
|
${FILE_S} ${_} = Generate file ${SIMPLE_OBJ_SIZE}
|
||||||
|
|
||||||
|
${S_OID} = Put Object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY}
|
||||||
|
Tick Epoch
|
||||||
|
${S_OID_NEW} = Put Object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY}
|
||||||
|
|
||||||
|
Get Object ${USER_KEY} ${CID} ${S_OID_NEW} ${EMPTY} local_file_eacl
|
||||||
|
Head Object ${USER_KEY} ${CID} ${S_OID_NEW} ${EMPTY}
|
||||||
|
|
||||||
|
&{HEADER_DICT} = Object Header Decoded ${USER_KEY} ${CID} ${S_OID_NEW}
|
||||||
|
${EACL_CUSTOM} = Compose eACL Custom ${HEADER_DICT} STRING_NOT_EQUAL ${FILTER} DENY OTHERS
|
||||||
|
Set eACL ${USER_KEY} ${CID} ${EACL_CUSTOM}
|
||||||
|
|
||||||
|
|
||||||
|
Run Keyword And Expect Error ${EACL_ERR_MSG}
|
||||||
|
... Get object ${OTHER_KEY} ${CID} ${S_OID} ${EMPTY} ${OBJECT_PATH}
|
||||||
|
Get object ${OTHER_KEY} ${CID} ${S_OID_NEW} ${EMPTY} ${OBJECT_PATH}
|
||||||
|
Run Keyword And Expect error ${EACL_ERR_MSG}
|
||||||
|
... Head object ${OTHER_KEY} ${CID} ${S_OID} ${EMPTY}
|
||||||
|
Head object ${OTHER_KEY} ${CID} ${S_OID_NEW} ${EMPTY}
|
||||||
|
|
||||||
|
[Teardown] Teardown creation_epoch_filter
|
|
@ -0,0 +1,17 @@
|
||||||
|
*** Settings ***
|
||||||
|
|
||||||
|
Resource ../common_steps_acl_extended.robot
|
||||||
|
Resource ../../${RESOURCES}/setup_teardown.robot
|
||||||
|
|
||||||
|
*** Test cases ***
|
||||||
|
Homomorphic Hash Object Filter for Extended ACL
|
||||||
|
[Documentation] Testcase to validate if $Object:homomorphicHash eACL filter is correctly handled.
|
||||||
|
[Tags] ACL eACL NeoFS NeoCLI
|
||||||
|
[Timeout] 20 min
|
||||||
|
|
||||||
|
[Setup] Setup
|
||||||
|
|
||||||
|
Log Check eACL homomorphicHash Filter with MatchType String Equal
|
||||||
|
Check eACL Filters with MatchType String Equal $Object:homomorphicHash
|
||||||
|
|
||||||
|
[Teardown] Teardown homomorphic_hash_filter
|
|
@ -0,0 +1,134 @@
|
||||||
|
*** Settings ***
|
||||||
|
Variables ../../../../variables/common.py
|
||||||
|
Variables ../../../../variables/eacl_object_filters.py
|
||||||
|
|
||||||
|
Library acl.py
|
||||||
|
Library neofs.py
|
||||||
|
Library Collections
|
||||||
|
|
||||||
|
Resource ../common_steps_acl_extended.robot
|
||||||
|
Resource ../common_steps_acl_basic.robot
|
||||||
|
Resource ../../${RESOURCES}/payment_operations.robot
|
||||||
|
Resource ../../${RESOURCES}/setup_teardown.robot
|
||||||
|
|
||||||
|
*** Variables ***
|
||||||
|
${OBJECT_PATH} = testfile
|
||||||
|
${EACL_ERR_MSG} = *
|
||||||
|
|
||||||
|
*** Test cases ***
|
||||||
|
Object ID Object Filter for Extended ACL
|
||||||
|
[Documentation] Testcase to validate if $Object:objectID eACL filter is correctly handled.
|
||||||
|
[Tags] ACL eACL NeoFS NeoCLI
|
||||||
|
[Timeout] 20 min
|
||||||
|
|
||||||
|
[Setup] Setup
|
||||||
|
|
||||||
|
Log Check eACL objectID Filter with MatchType String Equal
|
||||||
|
Check eACL Filters with MatchType String Equal $Object:objectID
|
||||||
|
Log Check eACL objectID Filter with MatchType String Not Equal
|
||||||
|
Check eACL Filters with MatchType String Not Equal $Object:objectID
|
||||||
|
|
||||||
|
#################################################################################
|
||||||
|
# If the first eACL rule contradicts the second, the second one won't be applied
|
||||||
|
#################################################################################
|
||||||
|
Log Check if the second rule that contradicts the first is not applied
|
||||||
|
Check eACL Filters with MatchType String Equal with two contradicting filters $Object:objectID
|
||||||
|
|
||||||
|
###########################################################################################################################
|
||||||
|
# If both STRING_EQUAL and STRING_NOT_EQUAL matchTypes are applied for the same filter value, no object can be operated on
|
||||||
|
###########################################################################################################################
|
||||||
|
Log Check two matchTypes applied
|
||||||
|
Check eACL Filters, two matchTypes $Object:objectID
|
||||||
|
|
||||||
|
|
||||||
|
*** Keywords ***
|
||||||
|
|
||||||
|
Check eACL Filters with MatchType String Equal with two contradicting filters
|
||||||
|
[Arguments] ${FILTER}
|
||||||
|
|
||||||
|
${_} ${_} ${USER_KEY} = Prepare Wallet And Deposit
|
||||||
|
${_} ${_} ${OTHER_KEY} = Prepare Wallet And Deposit
|
||||||
|
|
||||||
|
${CID} = Create Container Public ${USER_KEY}
|
||||||
|
${FILE_S_USER} ${_} = Generate file ${SIMPLE_OBJ_SIZE}
|
||||||
|
|
||||||
|
${S_OID_USER} = Put Object ${USER_KEY} ${FILE_S_USER} ${CID} ${EMPTY}
|
||||||
|
&{HEADER_DICT_USER} = Object Header Decoded ${USER_KEY} ${CID} ${S_OID_USER}
|
||||||
|
|
||||||
|
Get Object ${OTHER_KEY} ${CID} ${S_OID_USER} ${EMPTY} ${OBJECT_PATH}
|
||||||
|
|
||||||
|
${filter_value} = Get From Dictionary ${HEADER_DICT_USER} ${EACL_OBJ_FILTERS}[${FILTER}]
|
||||||
|
${filters} = Create Dictionary
|
||||||
|
... headerType=OBJECT
|
||||||
|
... matchType=STRING_EQUAL
|
||||||
|
... key=${FILTER}
|
||||||
|
... value=${filter_value}
|
||||||
|
${rule} = Create Dictionary
|
||||||
|
... Operation=GET
|
||||||
|
... Access=ALLOW
|
||||||
|
... Role=OTHERS
|
||||||
|
... Filters=${filters}
|
||||||
|
${contradicting_filters} = Create Dictionary
|
||||||
|
... headerType=OBJECT
|
||||||
|
... matchType=STRING_EQUAL
|
||||||
|
... key=$Object:payloadLength
|
||||||
|
... value=${SIMPLE_OBJ_SIZE}
|
||||||
|
${contradicting_rule} = Create Dictionary
|
||||||
|
... Operation=GET
|
||||||
|
... Access=DENY
|
||||||
|
... Role=OTHERS
|
||||||
|
... Filters=${contradicting_filters}
|
||||||
|
${eACL_gen} = Create List ${rule} ${contradicting_rule}
|
||||||
|
${EACL_CUSTOM} = Form eACL JSON Common File ${eACL_gen}
|
||||||
|
|
||||||
|
Set eACL ${USER_KEY} ${CID} ${EACL_CUSTOM}
|
||||||
|
Get object ${OTHER_KEY} ${CID} ${S_OID_USER} ${EMPTY} ${OBJECT_PATH}
|
||||||
|
|
||||||
|
Check eACL Filters, two matchTypes
|
||||||
|
[Arguments] ${FILTER}
|
||||||
|
|
||||||
|
${_} ${_} ${USER_KEY} = Prepare Wallet And Deposit
|
||||||
|
${_} ${_} ${OTHER_KEY} = Prepare Wallet And Deposit
|
||||||
|
|
||||||
|
${CID} = Create Container Public ${USER_KEY}
|
||||||
|
${FILE_S} ${_} = Generate file ${SIMPLE_OBJ_SIZE}
|
||||||
|
|
||||||
|
${S_OID_USER} = Put Object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY}
|
||||||
|
${S_OID_OTHER} = Put Object ${OTHER_KEY} ${FILE_S} ${CID} ${EMPTY}
|
||||||
|
&{HEADER_DICT_USER} = Object Header Decoded ${USER_KEY} ${CID} ${S_OID_USER}
|
||||||
|
|
||||||
|
Get Object ${OTHER_KEY} ${CID} ${S_OID_USER} ${EMPTY} ${OBJECT_PATH}
|
||||||
|
Get Object ${OTHER_KEY} ${CID} ${S_OID_OTHER} ${EMPTY} ${OBJECT_PATH}
|
||||||
|
|
||||||
|
${filter_value} = Get From Dictionary ${HEADER_DICT_USER} ${EACL_OBJ_FILTERS}[${FILTER}]
|
||||||
|
${noneq_filters} = Create Dictionary
|
||||||
|
... headerType=OBJECT
|
||||||
|
... matchType=STRING_NOT_EQUAL
|
||||||
|
... key=${FILTER}
|
||||||
|
... value=${filter_value}
|
||||||
|
${rule_noneq_filter} = Create Dictionary
|
||||||
|
... Operation=GET
|
||||||
|
... Access=DENY
|
||||||
|
... Role=OTHERS
|
||||||
|
... Filters=${noneq_filters}
|
||||||
|
${eq_filters} = Create Dictionary
|
||||||
|
... headerType=OBJECT
|
||||||
|
... matchType=STRING_EQUAL
|
||||||
|
... key=${FILTER}
|
||||||
|
... value=${filter_value}
|
||||||
|
${rule_eq_filter} = Create Dictionary
|
||||||
|
... Operation=GET
|
||||||
|
... Access=DENY
|
||||||
|
... Role=OTHERS
|
||||||
|
... Filters=${eq_filters}
|
||||||
|
${eACL_gen} = Create List ${rule_noneq_filter} ${rule_eq_filter}
|
||||||
|
${EACL_CUSTOM} = Form eACL JSON Common File ${eACL_gen}
|
||||||
|
|
||||||
|
Set eACL ${USER_KEY} ${CID} ${EACL_CUSTOM}
|
||||||
|
Run Keyword And Expect Error *
|
||||||
|
... Get object ${OTHER_KEY} ${CID} ${S_OID_OTHER} ${EMPTY} ${OBJECT_PATH}
|
||||||
|
Run Keyword And Expect Error *
|
||||||
|
... Get Object ${OTHER_KEY} ${CID} ${S_OID_USER} ${EMPTY} ${OBJECT_PATH}
|
||||||
|
|
||||||
|
|
||||||
|
[Teardown] Teardown object_id
|
|
@ -0,0 +1,17 @@
|
||||||
|
*** Settings ***
|
||||||
|
|
||||||
|
Resource ../common_steps_acl_extended.robot
|
||||||
|
Resource ../../${RESOURCES}/setup_teardown.robot
|
||||||
|
|
||||||
|
*** Test cases ***
|
||||||
|
Object Type Object Filter for Extended ACL
|
||||||
|
[Documentation] Testcase to validate if $Object:objectType eACL filter is correctly handled.
|
||||||
|
[Tags] ACL eACL NeoFS NeoCLI
|
||||||
|
[Timeout] 20 min
|
||||||
|
|
||||||
|
[Setup] Setup
|
||||||
|
|
||||||
|
Log Check eACL objectType Filter with MatchType String Equal
|
||||||
|
Check eACL Filters with MatchType String Equal $Object:objectType
|
||||||
|
|
||||||
|
[Teardown] Teardown object_type_filter
|
|
@ -0,0 +1,19 @@
|
||||||
|
*** Settings ***
|
||||||
|
|
||||||
|
Resource ../common_steps_acl_extended.robot
|
||||||
|
Resource ../../${RESOURCES}/setup_teardown.robot
|
||||||
|
|
||||||
|
*** Test cases ***
|
||||||
|
Owner ID Object Filter for Extended ACL
|
||||||
|
[Documentation] Testcase to validate if $Object:ownerID eACL filter is correctly handled.
|
||||||
|
[Tags] ACL eACL NeoFS NeoCLI
|
||||||
|
[Timeout] 20 min
|
||||||
|
|
||||||
|
[Setup] Setup
|
||||||
|
|
||||||
|
Log Check eACL ownerID Filter with MatchType String Equal
|
||||||
|
Check eACL Filters with MatchType String Equal $Object:ownerID
|
||||||
|
Log Check eACL ownerID Filter with MatchType String Not Equal
|
||||||
|
Check eACL Filters with MatchType String Not Equal $Object:ownerID
|
||||||
|
|
||||||
|
[Teardown] Teardown owner_id_filter
|
|
@ -0,0 +1,17 @@
|
||||||
|
*** Settings ***
|
||||||
|
|
||||||
|
Resource ../common_steps_acl_extended.robot
|
||||||
|
Resource ../../${RESOURCES}/setup_teardown.robot
|
||||||
|
|
||||||
|
*** Test cases ***
|
||||||
|
Payload Hash Object Filter for Extended ACL
|
||||||
|
[Documentation] Testcase to validate if $Object:payloadHash eACL filter is correctly handled.
|
||||||
|
[Tags] ACL eACL NeoFS NeoCLI
|
||||||
|
[Timeout] 20 min
|
||||||
|
|
||||||
|
[Setup] Setup
|
||||||
|
|
||||||
|
Log Check eACL payloadHash Filter with MatchType String Equal
|
||||||
|
Check eACL Filters with MatchType String Equal $Object:payloadHash
|
||||||
|
|
||||||
|
[Teardown] Teardown payload_hash_filter
|
|
@ -0,0 +1,62 @@
|
||||||
|
*** Settings ***
|
||||||
|
Variables ../../../../variables/common.py
|
||||||
|
Variables ../../../../variables/eacl_object_filters.py
|
||||||
|
|
||||||
|
Library acl.py
|
||||||
|
Library neofs.py
|
||||||
|
Library Collections
|
||||||
|
|
||||||
|
Resource ../common_steps_acl_extended.robot
|
||||||
|
Resource ../common_steps_acl_basic.robot
|
||||||
|
Resource ../../${RESOURCES}/payment_operations.robot
|
||||||
|
Resource ../../${RESOURCES}/setup_teardown.robot
|
||||||
|
|
||||||
|
*** Variables ***
|
||||||
|
${OBJECT_PATH} = testfile
|
||||||
|
${EACL_ERR_MSG} = *
|
||||||
|
|
||||||
|
*** Test cases ***
|
||||||
|
Payload Length Object Filter for Extended ACL
|
||||||
|
[Documentation] Testcase to validate if $Object:payloadLength eACL filter is correctly handled.
|
||||||
|
[Tags] ACL eACL NeoFS NeoCLI
|
||||||
|
[Timeout] 20 min
|
||||||
|
|
||||||
|
[Setup] Setup
|
||||||
|
|
||||||
|
Log Check eACL payloadLength Filter with MatchType String Equal
|
||||||
|
Check eACL Filters with MatchType String Equal $Object:payloadLength
|
||||||
|
Log Check eACL payloadLength Filter with MatchType String Not Equal
|
||||||
|
Check $Object:payloadLength Filter with MatchType String Not Equal $Object:payloadLength
|
||||||
|
|
||||||
|
*** Keywords ***
|
||||||
|
|
||||||
|
Check $Object:payloadLength Filter with MatchType String Not Equal
|
||||||
|
[Arguments] ${FILTER}
|
||||||
|
|
||||||
|
${_} ${_} ${USER_KEY} = Prepare Wallet And Deposit
|
||||||
|
${_} ${_} ${OTHER_KEY} = Prepare Wallet And Deposit
|
||||||
|
|
||||||
|
${CID} = Create Container Public ${USER_KEY}
|
||||||
|
${FILE_S} ${_} = Generate file ${SIMPLE_OBJ_SIZE}
|
||||||
|
${FILE_0} ${_} = Generate file ${0}
|
||||||
|
|
||||||
|
${S_OID_0} = Put Object ${USER_KEY} ${FILE_0} ${CID} ${EMPTY}
|
||||||
|
${S_OID} = Put Object ${USER_KEY} ${FILE_S} ${CID} ${EMPTY}
|
||||||
|
|
||||||
|
Get Object ${USER_KEY} ${CID} ${S_OID} ${EMPTY} local_file_eacl
|
||||||
|
Head Object ${USER_KEY} ${CID} ${S_OID} ${EMPTY}
|
||||||
|
|
||||||
|
&{HEADER_DICT} = Object Header Decoded ${USER_KEY} ${CID} ${S_OID}
|
||||||
|
${EACL_CUSTOM} = Compose eACL Custom ${HEADER_DICT} STRING_NOT_EQUAL ${FILTER} DENY OTHERS
|
||||||
|
Set eACL ${USER_KEY} ${CID} ${EACL_CUSTOM}
|
||||||
|
|
||||||
|
|
||||||
|
Run Keyword And Expect Error ${EACL_ERR_MSG}
|
||||||
|
... Get object ${OTHER_KEY} ${CID} ${S_OID_0} ${EMPTY} ${OBJECT_PATH}
|
||||||
|
Get object ${OTHER_KEY} ${CID} ${S_OID} ${EMPTY} ${OBJECT_PATH}
|
||||||
|
Run Keyword And Expect error ${EACL_ERR_MSG}
|
||||||
|
... Head object ${OTHER_KEY} ${CID} ${S_OID_0} ${EMPTY}
|
||||||
|
Head object ${OTHER_KEY} ${CID} ${S_OID} ${EMPTY}
|
||||||
|
|
||||||
|
|
||||||
|
[Teardown] Teardown payload_length_filter
|
|
@ -0,0 +1,17 @@
|
||||||
|
*** Settings ***
|
||||||
|
|
||||||
|
Resource ../common_steps_acl_extended.robot
|
||||||
|
Resource ../../${RESOURCES}/setup_teardown.robot
|
||||||
|
|
||||||
|
*** Test cases ***
|
||||||
|
Version Object Filter for Extended ACL
|
||||||
|
[Documentation] Testcase to validate if $Object:version eACL filter is correctly handled.
|
||||||
|
[Tags] ACL eACL NeoFS NeoCLI
|
||||||
|
[Timeout] 20 min
|
||||||
|
|
||||||
|
[Setup] Setup
|
||||||
|
|
||||||
|
Log Check eACL version Filter with MatchType String Equal
|
||||||
|
Check eACL Filters with MatchType String Equal $Object:version
|
||||||
|
|
||||||
|
[Teardown] Teardown version_filter
|
21
robot/variables/eacl_object_filters.py
Normal file
21
robot/variables/eacl_object_filters.py
Normal file
|
@ -0,0 +1,21 @@
|
||||||
|
EACL_OBJ_FILTERS = {'$Object:objectID': 'ID',
|
||||||
|
'$Object:containerID': 'CID',
|
||||||
|
'$Object:ownerID': 'OwnerID',
|
||||||
|
'$Object:creationEpoch': 'CreatedAtEpoch',
|
||||||
|
'$Object:payloadLength': 'PayloadLength',
|
||||||
|
'$Object:payloadHash': 'PayloadHash',
|
||||||
|
'$Object:objectType': 'Type',
|
||||||
|
'$Object:homomorphicHash': 'HomoHash',
|
||||||
|
'$Object:version': 'Version'}
|
||||||
|
|
||||||
|
VERB_FILTER_DEP = {
|
||||||
|
'$Object:objectID': ['GET', 'HEAD', 'DELETE', 'RANGE', 'RANGEHASH'],
|
||||||
|
'$Object:containerID': ['GET', 'PUT', 'HEAD', 'DELETE', 'SEARCH', 'RANGE', 'RANGEHASH'],
|
||||||
|
'$Object:ownerID': ['GET', 'HEAD'],
|
||||||
|
'$Object:creationEpoch': ['GET', 'PUT', 'HEAD'],
|
||||||
|
'$Object:payloadLength': ['GET', 'PUT', 'HEAD'],
|
||||||
|
'$Object:payloadHash': ['GET', 'PUT', 'HEAD'],
|
||||||
|
'$Object:objectType': ['GET', 'PUT', 'HEAD'],
|
||||||
|
'$Object:homomorphicHash': ['GET', 'PUT', 'HEAD'],
|
||||||
|
'$Object:version': ['GET', 'PUT', 'HEAD']
|
||||||
|
}
|
Loading…
Reference in a new issue