Not working static session token for delete container operation

[yadro-vavdeev]

Delete container operation returned code "2" with stderr output: code = 2048

neofs-cli --config wallet_config.yml container delete --rpc-endpoint 'node1:8081' --wallet 'wallet.json' --cid 'B1pGbB9XttGntTSDtnVdk7ugeepUScm8jb8Pecr3EryX' --session '99e660d6-12e8-4890-91c2-e4de9177374b'
Error:
return code: 2
output: can't search for LOCK objects: read object list: status: code = 2048 message = access to object operation denied: access to operation OBJECT_SEARCH is denied by basic ACL check

Expected Behavior

Container delete operation completed successfully

Current Behavior

Container delete operation failed

Autotest

Validate static session with delete operation (test_static_session_token_container_delete)
See details in last Allure report

Steps to Reproduce (for bugs)

1. Generate Session Token For Container ({'container': {'verb': 'DELETE', 'wildcard': False}})
2. Sign Session Token
3. Create container
4. Other user try delete container with static session token

Environment

neo-go 1.0.0
neofs-authmate 0.25.0-18-g92a5e092-dirty
neofs-cli 0.34.0-103-gcb43a6ae-dirty
neofs-adm 0.34.0-103-gcb43a6ae-dirty

[fyrchik]

@yadro-vavdeev, does it work with --force flag?

[fyrchik]

When searching for LOCK objects we need session token with object context. I propose to:

1. Add verbose log about skipping LOCK check because we attached session token.
2. Do not perform check in this case.

@carpawell @acid-ant

[carpawell]

My vote is for 1. (also such a log should say about the --force flag).

[fyrchik]

They are not mutually exclusive, should do both :)

[carpawell]

@fyrchik, so you mean skipping checks without any confirmation, just with verbose logs? What the force flag is for then?

[fyrchik]

We also have container owner check which is not skipped.

[anikeev-yadro]

This is the automatic test testsuites.session_token.test_static_session_token_container.TestSessionTokenContainer#test_static_session_token_container_delete
Now we have other behavior of delete operation: container was not deleted.
Steps:

1. Create container:

COMMAND: neofs-cli --config /home/ci/jenkins_home/workspace/neofs-testcases_run/tmp.9KWLOGi2ey/neofs-testcases/wallet_config.yml container create --rpc-endpoint 'obj-nn-test-node2.spb.yadro.com:8081' --wallet '/home/ci/jenkins_home/workspace/neofs-testcases_run/tmp.9KWLOGi2ey/neofs-testcases/TemporaryDir/fe3e8992-a606-40cb-851e-242a71a2b5ea.json' --await --policy 'REP 2 IN X CBF 1 SELECT 4 FROM * AS X'
RETCODE: 0

STDOUT:
container ID: CeJstmJGwt5Dv4cQ5Fwsms7pvvvooqWHRtHL3n4SacQo
awaiting...
container has been persisted on sidechain

STDERR:
Start / End / Elapsed	 04:08:09.614478 / 04:08:11.060253 / 0:00:01.445775

2. Delete container without any errors:

COMMAND: neofs-cli --config /home/ci/jenkins_home/workspace/neofs-testcases_run/tmp.9KWLOGi2ey/neofs-testcases/wallet_config.yml container delete --rpc-endpoint 'obj-nn-test-node2.spb.yadro.com:8081' --wallet '/home/ci/jenkins_home/workspace/neofs-testcases_run/tmp.9KWLOGi2ey/neofs-testcases/TemporaryDir/e4b4b05c-43c5-4129-bee2-b58646209c71.json' --cid 'CeJstmJGwt5Dv4cQ5Fwsms7pvvvooqWHRtHL3n4SacQo' --session '/home/ci/jenkins_home/workspace/neofs-testcases_run/tmp.9KWLOGi2ey/neofs-testcases/TemporaryDir/2024fe52-af2f-417c-a331-5aa005484c40'
RETCODE: 0

STDOUT:
container delete method invoked

STDERR:
Start / End / Elapsed	 04:08:11.064469 / 04:08:11.477761 / 0:00:00.413292

3. After this we saw this container in list:

COMMAND: neofs-cli --config /home/ci/jenkins_home/workspace/neofs-testcases_run/tmp.9KWLOGi2ey/neofs-testcases/wallet_config.yml container list --rpc-endpoint 'obj-nn-test-node2.spb.yadro.com:8081' --wallet '/home/ci/jenkins_home/workspace/neofs-testcases_run/tmp.9KWLOGi2ey/neofs-testcases/TemporaryDir/fe3e8992-a606-40cb-851e-242a71a2b5ea.json'
RETCODE: 0

STDOUT:
CeJstmJGwt5Dv4cQ5Fwsms7pvvvooqWHRtHL3n4SacQo
FQkAMexrLAxFW3iuH1kaR8aT9K9ZDtbNB9ZQHgHVwgdA

STDERR:
Start / End / Elapsed	 04:08:11.483622 / 04:08:11.890612 / 0:00:00.406990

Logs: e3e8b4267810db6.zip
Version: 0.34.0-126-gcde6b893

[acid-ant]

@anikeev-yadro delete command executed too fast 0:00:00.413292, without --await flag. Was this manual testing? If not can you add in a test script await option for delete command?

[anikeev-yadro]

@anikeev-yadro delete command executed too fast 0:00:00.413292, without --await flag. Was this manual testing? If not can you add in a test script await option for delete command?

This was automatic test.
Added nspcc-dev/neofs-testcases#485