Add tests

Signed-off-by: Oleg Kulachenko <[email protected]>

pytest_tests/testsuites/session_token/test_static_session_token_container.py

@@ -38,6 +38,15 @@ def static_sessions(
         """
         Returns dict with static session token file paths for all verbs with default lifetime
         """
+        return self.static_session_token(owner_wallet, user_wallet, client_shell, temp_directory)
+
+    def static_session_token(
+        self,
+        owner_wallet: WalletFile,
+        user_wallet: WalletFile,
+        client_shell: Shell,
+        temp_directory: str,
+    ) -> dict[ContainerVerb, str]:
         return {
             verb: get_container_signed_token(
                 owner_wallet, user_wallet, verb, client_shell, temp_directory
@@ -142,6 +151,47 @@ def test_static_session_token_container_delete(
             owner_wallet.path, shell=self.shell, endpoint=self.cluster.default_rpc_endpoint
         )
 
+    def test_static_session_token_container_delete_only_owner(
+            self,
+            owner_wallet: WalletFile,
+            user_wallet: WalletFile,
+            stranger_wallet: WalletFile,
+            static_sessions: dict[ContainerVerb, str],
+            temp_directory: str,
+            not_owner_wallet,
+    ):
+        """
+        container MUST NOT be removed/setEACLed by anyone except:
+        owner (creator)
+        trusted party proved by the container owner via session token
+
+        It's a true-negative test case:
+        issue session on behalf of any party other than container owner (i.e. sign via non-owner key)
+        sent removal request with token of this session
+        expect operation failure
+        """
+        with allure.step("Create container"):
+            cid = create_container(
+                owner_wallet.path,
+                shell=self.shell,
+                endpoint=self.cluster.default_rpc_endpoint,
+            )
+
+        user_token = self.static_session_token(owner_wallet, user_wallet, self.shell, temp_directory)
+        stranger_token = self.static_session_token(user_wallet, stranger_wallet, self.shell, temp_directory)
+
+        with allure.step("Try to delete container using stranger token"):
+            with pytest.raises(RuntimeError):
+                delete_container(
+                    wallet=user_wallet.path,
+                    cid=cid,
+                    session_token=stranger_token[ContainerVerb.DELETE],
+                    shell=self.shell,
+                    endpoint=self.cluster.default_rpc_endpoint,
+                    await_mode=True,
+                )
+
+
     def test_static_session_token_container_set_eacl(
         self,
         owner_wallet: WalletFile,
@@ -179,3 +229,14 @@ def test_static_session_token_container_set_eacl(
             wait_for_cache_expired()
 
         assert not can_put_object(stranger_wallet.path, cid, file_path, self.shell, self.cluster)
+
+    def test_static_session_token_container_set_eacl_only_owner(
+            self,
+            owner_wallet: WalletFile,
+            user_wallet: WalletFile,
+            stranger_wallet: WalletFile,
+            static_sessions: dict[ContainerVerb, str],
+            temp_directory: str,
+            not_owner_wallet,
+    ):
+        pass