Verify that no access to ESCAPE storage area is granted to clients presenting a IAM escape token without group or storage.* scopes
andreaceccanti opened this issue · comments
Andrea Ceccanti commented
Federica Agostini commented
Implemented test for verifying that the reading permissions are denied to IAM ESCAPE tokens with openid scope.
Implemented also a couple of group base authz tests:
- read only access is granted to default groups
- full access (read, make directory, remove) is granted to the /escape/data-manager group
The testsuite uses gfal as utils for auth tests; don't know if it is better to use curl.