🥒 CCC.ObjStor Test: finos-ccc-integration-container-main

Test Parameters

ServiceTypeobject-storage
ProviderServiceTypeMicrosoft.Storage/storageAccounts
CatalogTypesCCC.ObjStor
TagFilter@object-storage, @PerService, @Behavioural
UID/subscriptions/c1cedd8e-bf91-4d7d-a4cc-45700402a2a1/resourceGroups/finos-ccc-integration-rg/providers/Microsoft.Storage/storageAccounts/finoscccintegrationmain
ResourceNamefinos-ccc-integration-container-main
ReportFilefinos-ccc-integration-container-main-service
ReportTitlefinos-ccc-integration-container-main
Config
{}
azure-log-analytics-workspace-ided1b3630-9d61-4d00-bb4f-c02e360147d8
azure-resource-groupfinos-ccc-integration-rg
azure-storage-accountfinoscccintegrationmain
azure-subscription-idc1cedd8e-bf91-4d7d-a4cc-45700402a2a1
azure-tenant-idfa193ac0-9c06-4111-bf55-341e4db193d3
catalog-versions
{
  "CCC.Core": "v2025.10",
  "CCC.ObjStor": "DEV"
}
default-containerfinos-ccc-integration-container-main
object-storage-retention-period-days2
permitted-regions
[
  "westus2",
  "westus"
]
providerazure
regionwestus2
replication-locations
[
  "westus2",
  "westus"
]
resourcefinos-ccc-integration-container-main
serviceobject-storage
service-typeobject-storage
tags@Behavioural

Summary

Generated: 2026-06-22 17:49:04

Total Run Time: 56s

Features: 28

Scenarios: 41 (✅ 21 | ❌ 20)

Steps: 397 (✅ 333 | ❌ 20 | ⏭️ 40 | ❓ 4)

Feature: CCC.Core.CN02.AR01 - Data Encryption at Rest
Scenario: Verify objects are encrypted at rest @CCC.Core @CCC.Core.CN02 @PerService @tlp-amber @tlp-green @tlp-red @Behavioural @object-storage
Given a cloud api for "{config}" in "api"56µs
Given I call "{api}" with "GetServiceAPI" using argument "object-storage"110µs
And I refer to "{result}" as "storage"14µs
And "{result}" is not an error27µs
When I call "{storage}" with "CreateObject" using arguments "{resource-name}", "test-encryption-check={timestamp}.txt", and "encryption test data"435ms
Then "{result}" is not an error38µs
And I refer to "{result}" as "uploadResult"15µs
And "{uploadResult.Encryption}" is not null50µs
And "{uploadResult.EncryptionAlgorithm}" is "AES256"24µs
And I attach "{uploadResult}" to the test output as "Upload Result with Encryption Details"83µs
📎 Attachments:
Upload Result with Encryption Details
View JSON (260 bytes)
{"ID":"test-encryption-check=1782150544909.txt","BucketID":"finos-ccc-integration-container-main","Name":"test-encryption-check=1782150544909.txt","Size":20,"Data":["encryption test data"],"Encryption":"Microsoft","EncryptionAlgorithm":"AES256","VersionID":""}
Feature: CCC.Core.CN05.AR01 - Block Unauthorized Data Modification
Scenario: Service prevents data modification by user with no access @CCC.Core @CCC.Core.CN05 @PerService @tlp-amber @tlp-clear @tlp-green @tlp-red @Destructive @Behavioural @object-storage
Given a cloud api for "{config}" in "api"38µs
And I call "{api}" with "GetServiceAPI" using argument "object-storage"36µs
And I refer to "{result}" as "storage"13µs
And I call "{api}" with "GetServiceAPIWithIdentity" using arguments "object-storage" and "test-user-no-access"208µs
And "{result}" is not an error18µs
And I refer to "{result}" as "userStorage"15µs
When I call "{userStorage}" with "CreateObject" using arguments "{resource-name}", "test-cn05-unauthorized-modify={timestamp}.txt", and "unauthorized data"547ms
Then "{result}" is an error26µs
And I attach "{result}" to the test output as "no-access-create-error.txt"29µs
📎 Attachments:
no-access-create-error.txt
View Content (879 bytes)
failed to upload blob test-cn05-unauthorized-modify=1782150545345.txt: PUT https://finoscccintegrationmain.blob.core.windows.net/finos-ccc-integration-container-main/test-cn05-unauthorized-modify=1782150545345.txt
--------------------------------------------------------------------------------
RESPONSE 403: 403 This request is not authorized to perform this operation using this permission.
ERROR CODE: AuthorizationPermissionMismatch
--------------------------------------------------------------------------------
AuthorizationPermissionMismatchThis request is not authorized to perform this operation using this permission.
RequestId:c795ccf9-601e-0070-326f-02146c000000
Time:2026-06-22T17:49:05.8602909Z
--------------------------------------------------------------------------------
Scenario: Service allows data modification by user with write access @CCC.Core @CCC.Core.CN05 @PerService @tlp-amber @tlp-clear @tlp-green @tlp-red @Destructive @Behavioural @object-storage
Given a cloud api for "{config}" in "api"29µs
And I call "{api}" with "GetServiceAPI" using argument "object-storage"37µs
And I refer to "{result}" as "storage"19µs
And I call "{api}" with "GetServiceAPIWithIdentity" using arguments "object-storage" and "test-user-write"172µs
And "{result}" is not an error23µs
And I refer to "{result}" as "userStorage"19µs
When I call "{userStorage}" with "CreateObject" using arguments "{resource-name}", "test-cn05-authorized-modify={timestamp}.txt", and "authorized data"410ms
Then "{result}" is not an error33µs
expected {result} to not be an error, but got: failed to upload blob test-cn05-authorized-modify=1782150545893.txt: PUT https://finoscccintegrationmain.blob.core.windows.net/finos-ccc-integration-container-main/test-cn05-authorized-modify=1782150545893.txt -------------------------------------------------------------------------------- RESPONSE 403: 403 This request is not authorized to perform this operation using this permission. ERROR CODE: AuthorizationPermissionMismatch -------------------------------------------------------------------------------- AuthorizationPermissionMismatchThis request is not authorized to perform this operation using this permission. RequestId:c795ce02-601e-0070-086f-02146c000000 Time:2026-06-22T17:49:06.2714691Z --------------------------------------------------------------------------------
And I attach "{result}" to the test output as "write-create-object-result.json"15µs
Feature: CCC.Core.CN05.AR02 - Block Unauthorized Administrative Access
Scenario: Service prevents administrative action (creating a new bucket) by user with no access @CCC.Core @CCC.Core.CN05 @PerService @tlp-amber @tlp-clear @tlp-green @tlp-red @Destructive @Behavioural @object-storage
Given a cloud api for "{config}" in "api"52µs
And I call "{api}" with "GetServiceAPI" using argument "object-storage"25µs
And I refer to "{result}" as "storage"13µs
And I call "{api}" with "GetServiceAPIWithIdentity" using arguments "object-storage" and "test-user-no-access"46µs
And "{result}" is not an error21µs
And I refer to "{result}" as "userStorage"18µs
When I call "{userStorage}" with "CreateBucket" using argument "test-cn05-unauthorized-admin-container"69ms
Then "{result}" is an error24µs
And I attach "{result}" to the test output as "no-admin-create-bucket-error.txt"27µs
📎 Attachments:
no-admin-create-bucket-error.txt
View Content (791 bytes)
failed to create container: failed to create container test-cn05-unauthorized-admin-container: PUT https://finoscccintegrationmain.blob.core.windows.net/test-cn05-unauthorized-admin-container
--------------------------------------------------------------------------------
RESPONSE 403: 403 This request is not authorized to perform this operation.
ERROR CODE: AuthorizationFailure
--------------------------------------------------------------------------------
AuthorizationFailureThis request is not authorized to perform this operation.
RequestId:c795ce28-601e-0070-2c6f-02146c000000
Time:2026-06-22T17:49:06.3432566Z
--------------------------------------------------------------------------------
Scenario: Service prevents administrative action (creating a new bucket) by user with read-only access @CCC.Core @CCC.Core.CN05 @PerService @tlp-amber @tlp-clear @tlp-green @tlp-red @Destructive @Behavioural @object-storage
Given a cloud api for "{config}" in "api"28µs
And I call "{api}" with "GetServiceAPI" using argument "object-storage"39µs
And I refer to "{result}" as "storage"21µs
And I call "{api}" with "GetServiceAPIWithIdentity" using arguments "object-storage" and "test-user-read"162µs
And "{result}" is not an error28µs
And I refer to "{result}" as "userStorage"25µs
When I call "{userStorage}" with "CreateBucket" using argument "test-cn05-read-only-create-container"424ms
Then "{result}" is an error38µs
And I attach "{result}" to the test output as "read-only-create-bucket-error.txt"41µs
📎 Attachments:
read-only-create-bucket-error.txt
View Content (787 bytes)
failed to create container: failed to create container test-cn05-read-only-create-container: PUT https://finoscccintegrationmain.blob.core.windows.net/test-cn05-read-only-create-container
--------------------------------------------------------------------------------
RESPONSE 403: 403 This request is not authorized to perform this operation.
ERROR CODE: AuthorizationFailure
--------------------------------------------------------------------------------
AuthorizationFailureThis request is not authorized to perform this operation.
RequestId:c795cf25-601e-0070-786f-02146c000000
Time:2026-06-22T17:49:06.7690261Z
--------------------------------------------------------------------------------
Scenario: Service allows administrative action (creating a new bucket) by user with admin access @CCC.Core @CCC.Core.CN05 @PerService @tlp-amber @tlp-clear @tlp-green @tlp-red @Behavioural @object-storage
Given a cloud api for "{config}" in "api"45µs
And I call "{api}" with "GetServiceAPI" using argument "object-storage"30µs
And I refer to "{result}" as "storage"14µs
And I call "{api}" with "GetServiceAPIWithIdentity" using arguments "object-storage" and "test-user-admin"176µs
And "{result}" is not an error30µs
And I refer to "{result}" as "userStorage"16µs
When I call "{userStorage}" with "CreateBucket" using argument "test-cn05-authorized-admin-container"460ms
Then "{result}" is not an error31µs
expected {result} to not be an error, but got: failed to create container: failed to create container test-cn05-authorized-admin-container: PUT https://finoscccintegrationmain.blob.core.windows.net/test-cn05-authorized-admin-container -------------------------------------------------------------------------------- RESPONSE 403: 403 This request is not authorized to perform this operation. ERROR CODE: AuthorizationFailure -------------------------------------------------------------------------------- AuthorizationFailureThis request is not authorized to perform this operation. RequestId:c795d04f-601e-0070-676f-02146c000000 Time:2026-06-22T17:49:07.2307992Z --------------------------------------------------------------------------------
And I attach "{result}" to the test output as "admin-create-bucket-result.json"17µs
And I call "{storage}" with "DeleteBucket" using argument "test-cn05-authorized-admin-container"15µs
Feature: CCC.Core.CN06.AR02 - Child Resource Location Compliance
Scenario: Child resource region compliance @CCC.Core @CCC.Core.CN06 @PerService @tlp-amber @tlp-clear @tlp-green @tlp-red @Behavioural @NotTestable @object-storage
Given a cloud api for "{config}" in "api"31µs
Then no-op required21µs
Feature: CCC.Core.CN08.AR01 - Data Replication and Redundancy
Scenario: Bucket data is replicated to physically separate locations @CCC.Core @CCC.Core.CN08 @PerService @tlp-amber @tlp-green @tlp-red @Behavioural @object-storage
Given a cloud api for "{config}" in "api"71µs
And I call "{api}" with "GetServiceAPI" using argument "object-storage"49µs
And I refer to "{result}" as "storage"35µs
When I call "{storage}" with "GetReplicationStatus" using argument "{resource-name}"121ms
And I refer to "{result}" as "replicationStatus"22µs
And I refer to "{replicationStatus.Locations}" as "locations"21µs
And I attach "{replicationStatus}" to the test output as "Replication Status"68µs
Then "{locations}" is an array of objects with length "2"23µs
expected length 2, got 1
And "{permitted-regions}" is an array of objects with at least the following contents20µs
value
{locations[0]}
And "{permitted-regions}" is an array of objects with at least the following contents21µs
value
{locations[1]}
📎 Attachments:
Replication Status
View JSON (78 bytes)
{"Locations":[{"value":"westus2"}],"Status":"Disabled","SyncStatus":"Unknown"}
Feature: CCC.Core.CN08.AR02 - Replication Status Visibility
Scenario: Replication status can be retrieved for monitoring @CCC.Core @CCC.Core.CN08 @PerService @tlp-amber @tlp-green @tlp-red @Behavioural @object-storage
Given a cloud api for "{config}" in "api"30µs
And I call "{api}" with "GetServiceAPI" using argument "object-storage"39µs
And I refer to "{result}" as "storage"20µs
When I call "{storage}" with "GetReplicationStatus" using argument "{resource-name}"286ms
And I refer to "{result}" as "replicationStatus"25µs
And I attach "{replicationStatus}" to the test output as "Replication Status"49µs
And I refer to "{replicationStatus.Locations}" as "locations"22µs
Then "{locations}" is an array of objects with at least the following contents132µs
value
{replication-locations[0]}
{replication-locations[1]}
expected row not found: map[value:{replication-locations[0]}]
📎 Attachments:
Replication Status
View JSON (78 bytes)
{"Locations":[{"value":"westus2"}],"Status":"Disabled","SyncStatus":"Unknown"}
Feature: CCC.ObjStor.CN01.AR01
Scenario: Service prevents reading bucket with no access @CCC.ObjStor @CCC.ObjStor.CN01 @PerService @object-storage @tlp-amber @tlp-red @Behavioural
Given a cloud api for "{config}" in "api"55µs
And I call "{api}" with "GetServiceAPI" using argument "object-storage"43µs
And I refer to "{result}" as "storage"22µs
And I call "{api}" with "GetServiceAPIWithIdentity" using arguments "object-storage" and "test-user-no-access"46µs
And "{result}" is not an error27µs
And I refer to "{result}" as "userStorage"25µs
When I call "{userStorage}" with "ListObjects" using argument "{resource-name}"69ms
Then "{result}" is an error26µs
And I attach "{result}" to the test output as "no-access-list-error.txt"44µs
📎 Attachments:
no-access-list-error.txt
View Content (782 bytes)
failed to list blobs: GET https://finoscccintegrationmain.blob.core.windows.net/finos-ccc-integration-container-main
--------------------------------------------------------------------------------
RESPONSE 403: 403 This request is not authorized to perform this operation using this permission.
ERROR CODE: AuthorizationPermissionMismatch
--------------------------------------------------------------------------------
AuthorizationPermissionMismatchThis request is not authorized to perform this operation using this permission.
RequestId:c795d1b5-601e-0070-0e6f-02146c000000
Time:2026-06-22T17:49:07.7120085Z
--------------------------------------------------------------------------------
Scenario: Service allows reading bucket with read access @CCC.ObjStor @CCC.ObjStor.CN01 @PerService @object-storage @tlp-amber @tlp-red @Behavioural
Given a cloud api for "{config}" in "api"44µs
And I call "{api}" with "GetServiceAPI" using argument "object-storage"30µs
And I refer to "{result}" as "storage"13µs
And I call "{api}" with "GetServiceAPIWithIdentity" using arguments "object-storage" and "test-user-read"40µs
And "{result}" is not an error18µs
And I attach "{result}" to the test output as "read-storage-service.json"58µs
And I refer to "{result}" as "userStorage"21µs
When I call "{userStorage}" with "ListObjects" using argument "{resource-name}"68ms
Then "{result}" is not an error29µs
expected {result} to not be an error, but got: failed to list blobs: GET https://finoscccintegrationmain.blob.core.windows.net/finos-ccc-integration-container-main -------------------------------------------------------------------------------- RESPONSE 403: 403 This request is not authorized to perform this operation using this permission. ERROR CODE: AuthorizationPermissionMismatch -------------------------------------------------------------------------------- AuthorizationPermissionMismatchThis request is not authorized to perform this operation using this permission. RequestId:c795d1e8-601e-0070-3b6f-02146c000000 Time:2026-06-22T17:49:07.7817923Z --------------------------------------------------------------------------------
And I attach "{result}" to the test output as "read-list-objects-result.json"19µs
📎 Attachments:
read-storage-service.json
View JSON (2 bytes)
{}
Feature: CCC.ObjStor.CN01.AR02
Scenario: Service prevents reading object with no access @CCC.ObjStor @CCC.ObjStor.CN01 @PerService @object-storage @tlp-amber @tlp-red @Behavioural
Given a cloud api for "{config}" in "api"64µs
And I call "{api}" with "GetServiceAPI" using argument "object-storage"53µs
And I refer to "{result}" as "storage"35µs
And I call "{storage}" with "CreateObject" using arguments "{resource-name}", "test-object={timestamp}.txt", and "test content"437ms
And "{result}" is not an error27µs
And I call "{api}" with "GetServiceAPIWithIdentity" using arguments "object-storage" and "test-user-no-access"45µs
And "{result}" is not an error19µs
And I refer to "{result}" as "userStorage"19µs
When I call "{userStorage}" with "ReadObject" using arguments "{resource-name}" and "test-object={timestamp}.txt"69ms
Then "{result}" is an error27µs
And I attach "{result}" to the test output as "no-access-read-object-error.txt"31µs
📎 Attachments:
no-access-read-object-error.txt
View Content (845 bytes)
failed to download blob test-object=1782150547815.txt: GET https://finoscccintegrationmain.blob.core.windows.net/finos-ccc-integration-container-main/test-object=1782150547815.txt
--------------------------------------------------------------------------------
RESPONSE 403: 403 This request is not authorized to perform this operation using this permission.
ERROR CODE: AuthorizationPermissionMismatch
--------------------------------------------------------------------------------
AuthorizationPermissionMismatchThis request is not authorized to perform this operation using this permission.
RequestId:c795d35b-601e-0070-716f-02146c000000
Time:2026-06-22T17:49:08.2896483Z
--------------------------------------------------------------------------------
Scenario: Service allows reading object with read access @CCC.ObjStor @CCC.ObjStor.CN01 @PerService @object-storage @tlp-amber @tlp-red @Behavioural
Given a cloud api for "{config}" in "api"33µs
And I call "{api}" with "GetServiceAPI" using argument "object-storage"38µs
And I refer to "{result}" as "storage"23µs
And I call "{storage}" with "CreateObject" using arguments "{resource-name}", "test-object={timestamp}.txt", and "test content"435ms
And "{result}" is not an error30µs
And I call "{api}" with "GetServiceAPIWithIdentity" using arguments "object-storage" and "test-user-read"48µs
And "{result}" is not an error46µs
And I attach "{result}" to the test output as "read-storage-service.json"48µs
And I refer to "{result}" as "userStorage"25µs
When I call "{userStorage}" with "ReadObject" using arguments "{resource-name}" and "test-object={timestamp}.txt"69ms
Then "{result}" is not an error36µs
expected {result} to not be an error, but got: failed to download blob test-object=1782150548323.txt: GET https://finoscccintegrationmain.blob.core.windows.net/finos-ccc-integration-container-main/test-object=1782150548323.txt -------------------------------------------------------------------------------- RESPONSE 403: 403 This request is not authorized to perform this operation using this permission. ERROR CODE: AuthorizationPermissionMismatch -------------------------------------------------------------------------------- AuthorizationPermissionMismatchThis request is not authorized to perform this operation using this permission. RequestId:c795d4b9-601e-0070-196f-02146c000000 Time:2026-06-22T17:49:08.7948275Z --------------------------------------------------------------------------------
And I attach "{result}" to the test output as "read-read-object-result.json"18µs
📎 Attachments:
read-storage-service.json
View JSON (2 bytes)
{}
Feature: CCC.ObjStor.CN01.AR03
Scenario: Service prevents creating bucket with no access @CCC.ObjStor @CCC.ObjStor.CN01 @PerService @object-storage @tlp-amber @tlp-clear @tlp-green @tlp-red @Behavioural
Given a cloud api for "{config}" in "api"33µs
And I call "{api}" with "GetServiceAPI" using argument "object-storage"26µs
And I refer to "{result}" as "storage"24µs
And I call "{api}" with "GetServiceAPIWithIdentity" using arguments "object-storage" and "test-user-no-access"45µs
And "{result}" is not an error28µs
And I refer to "{result}" as "userStorage"21µs
When I call "{userStorage}" with "CreateBucket" using argument "test-bucket-no-access"69ms
Then "{result}" is an error47µs
And I attach "{result}" to the test output as "no-access-create-bucket-error.txt"33µs
📎 Attachments:
no-access-create-bucket-error.txt
View Content (757 bytes)
failed to create container: failed to create container test-bucket-no-access: PUT https://finoscccintegrationmain.blob.core.windows.net/test-bucket-no-access
--------------------------------------------------------------------------------
RESPONSE 403: 403 This request is not authorized to perform this operation.
ERROR CODE: AuthorizationFailure
--------------------------------------------------------------------------------
AuthorizationFailureThis request is not authorized to perform this operation.
RequestId:c795d4dd-601e-0070-346f-02146c000000
Time:2026-06-22T17:49:08.8650520Z
--------------------------------------------------------------------------------
Scenario: Service allows creating bucket with write access @CCC.ObjStor @CCC.ObjStor.CN01 @PerService @object-storage @tlp-amber @tlp-clear @tlp-green @tlp-red @Behavioural
Given a cloud api for "{config}" in "api"35µs
And I call "{api}" with "GetServiceAPI" using argument "object-storage"37µs
And I refer to "{result}" as "storage"23µs
And I call "{api}" with "GetServiceAPIWithIdentity" using arguments "object-storage" and "test-user-write"47µs
And "{result}" is not an error18µs
And I attach "{result}" to the test output as "write-storage-service.json"28µs
And I refer to "{result}" as "userStorage"23µs
When I call "{userStorage}" with "CreateBucket" using argument "test-bucket-write"69ms
Then "{result}" is not an error34µs
expected {result} to not be an error, but got: failed to create container: failed to create container test-bucket-write: PUT https://finoscccintegrationmain.blob.core.windows.net/test-bucket-write -------------------------------------------------------------------------------- RESPONSE 403: 403 This request is not authorized to perform this operation. ERROR CODE: AuthorizationFailure -------------------------------------------------------------------------------- AuthorizationFailureThis request is not authorized to perform this operation. RequestId:c795d50d-601e-0070-5e6f-02146c000000 Time:2026-06-22T17:49:08.9352355Z --------------------------------------------------------------------------------
And I attach "{result}" to the test output as "write-create-bucket-result.json"15µs
And I call "{storage}" with "DeleteBucket" using argument "{result.ID}"15µs
📎 Attachments:
write-storage-service.json
View JSON (2 bytes)
{}
Feature: CCC.ObjStor.CN01.AR04
Scenario: Service prevents writing object with read-only access @CCC.ObjStor @CCC.ObjStor.CN01 @PerService @object-storage @tlp-amber @tlp-clear @tlp-green @tlp-red @Behavioural
Given a cloud api for "{config}" in "api"110µs
And I call "{api}" with "GetServiceAPI" using argument "object-storage"47µs
And I refer to "{result}" as "storage"31µs
And "{result}" is not an error141µs
And I call "{api}" with "GetServiceAPIWithIdentity" using arguments "object-storage" and "test-user-read"100µs
And "{result}" is not an error42µs
And I refer to "{result}" as "userStorage"35µs
When I call "{userStorage}" with "CreateObject" using arguments "{resource-name}", "test-write-object={timestamp}.txt", and "test content"70ms
Then "{result}" is an error24µs
And I attach "{result}" to the test output as "read-create-object-error.txt"29µs
📎 Attachments:
read-create-object-error.txt
View Content (855 bytes)
failed to upload blob test-write-object=1782150548969.txt: PUT https://finoscccintegrationmain.blob.core.windows.net/finos-ccc-integration-container-main/test-write-object=1782150548969.txt
--------------------------------------------------------------------------------
RESPONSE 403: 403 This request is not authorized to perform this operation using this permission.
ERROR CODE: AuthorizationPermissionMismatch
--------------------------------------------------------------------------------
AuthorizationPermissionMismatchThis request is not authorized to perform this operation using this permission.
RequestId:c795d539-601e-0070-046f-02146c000000
Time:2026-06-22T17:49:09.0072215Z
--------------------------------------------------------------------------------
Scenario: Service allows writing object with write access @CCC.ObjStor @CCC.ObjStor.CN01 @PerService @object-storage @tlp-amber @tlp-clear @tlp-green @tlp-red @Behavioural
Given a cloud api for "{config}" in "api"26µs
And I call "{api}" with "GetServiceAPI" using argument "object-storage"36µs
And I refer to "{result}" as "storage"18µs
And "{result}" is not an error23µs
And I call "{api}" with "GetServiceAPIWithIdentity" using arguments "object-storage" and "test-user-write"32µs
And "{result}" is not an error15µs
And I attach "{result}" to the test output as "write-storage-service.json"26µs
And I refer to "{result}" as "userStorage"23µs
When I call "{userStorage}" with "CreateObject" using arguments "{resource-name}", "test-write-object={timestamp}.txt", and "test content"71ms
Then "{result}" is not an error41µs
expected {result} to not be an error, but got: failed to upload blob test-write-object=1782150549040.txt: PUT https://finoscccintegrationmain.blob.core.windows.net/finos-ccc-integration-container-main/test-write-object=1782150549040.txt -------------------------------------------------------------------------------- RESPONSE 403: 403 This request is not authorized to perform this operation using this permission. ERROR CODE: AuthorizationPermissionMismatch -------------------------------------------------------------------------------- AuthorizationPermissionMismatchThis request is not authorized to perform this operation using this permission. RequestId:c795d57a-601e-0070-396f-02146c000000 Time:2026-06-22T17:49:09.0790260Z --------------------------------------------------------------------------------
And I attach "{result}" to the test output as "write-create-object-result.json"19µs
📎 Attachments:
write-storage-service.json
View JSON (2 bytes)
{}
Feature: CCC.ObjStor.CN02.AR01 - Uniform Bucket-Level Access (Consistent Allow)
Scenario: Service enforces uniform bucket-level access by rejecting object-level permissions @CCC.ObjStor @CCC.ObjStor.CN02 @PerService @object-storage @tlp-amber @tlp-red @Behavioural
Given a cloud api for "{config}" in "api"40µs
And I call "{api}" with "GetServiceAPI" using argument "object-storage"42µs
And I refer to "{result}" as "storage"25µs
When I call "{storage}" with "CreateObject" using arguments "{resource-name}", "test-object={timestamp}.txt", and "test data"433ms
Then "{result}" is not an error29µs
And I call "{api}" with "GetServiceAPIWithIdentity" using arguments "object-storage" and "test-user-read"50µs
And "{result}" is not an error20µs
And I refer to "{result}" as "userStorage"18µs
When I call "{userStorage}" with "ReadObject" using arguments "{resource-name}" and "test-object={timestamp}.txt"69ms
Then "{result}" is not an error67µs
expected {result} to not be an error, but got: failed to download blob test-object=1782150549112.txt: GET https://finoscccintegrationmain.blob.core.windows.net/finos-ccc-integration-container-main/test-object=1782150549112.txt -------------------------------------------------------------------------------- RESPONSE 403: 403 This request is not authorized to perform this operation using this permission. ERROR CODE: AuthorizationPermissionMismatch -------------------------------------------------------------------------------- AuthorizationPermissionMismatchThis request is not authorized to perform this operation using this permission. RequestId:c795d692-601e-0070-236f-02146c000000 Time:2026-06-22T17:49:09.5819909Z --------------------------------------------------------------------------------
When I call "{storage}" with "SetObjectPermission" using arguments "{resource-name}", "test-object={timestamp}.txt", and "none"19µs
Then "{result}" is an error17µs
And I attach "{result}" to the test output as "set-object-permission-error.txt"16µs
When I call "{userStorage}" with "ReadObject" using arguments "{resource-name}" and "test-object={timestamp}.txt"17µs
Then "{result}" is not an error17µs
Feature: CCC.ObjStor.CN02.AR02 - Uniform Bucket-Level Access (Consistent Deny)
Scenario: Service enforces uniform bucket-level access denial @CCC.ObjStor @CCC.ObjStor.CN02 @PerService @object-storage @tlp-amber @tlp-red @Behavioural
Given a cloud api for "{config}" in "api"33µs
And I call "{api}" with "GetServiceAPI" using argument "object-storage"26µs
And I refer to "{result}" as "storage"14µs
When I call "{storage}" with "CreateObject" using arguments "{resource-name}", "test-object={timestamp}.txt", and "test data"438ms
Then "{result}" is not an error31µs
And I call "{api}" with "GetServiceAPIWithIdentity" using arguments "object-storage" and "test-user-no-access"46µs
And "{result}" is not an error20µs
And I refer to "{result}" as "userStorage"15µs
When I call "{userStorage}" with "ReadObject" using arguments "{resource-name}" and "test-object={timestamp}.txt"68ms
Then "{result}" is an error30µs
When I call "{storage}" with "SetObjectPermission" using arguments "{resource-name}", "test-object={timestamp}.txt", and "read"52µs
Then "{result}" is an error19µs
And I attach "{result}" to the test output as "set-object-permission-error.txt"31µs
When I call "{userStorage}" with "ReadObject" using arguments "{resource-name}" and "test-object={timestamp}.txt"68ms
Then "{result}" is an error25µs
📎 Attachments:
set-object-permission-error.txt
View Content (111 bytes)
azure Blob Storage does not support object-level permissions - uniform bucket-level access is enforced via RBAC
Feature: CCC.ObjStor.CN03.AR01 - Bucket Soft Delete and Recovery
Scenario: Service supports bucket soft delete and recovery @CCC.ObjStor @CCC.ObjStor.CN03 @PerService @object-storage @tlp-amber @tlp-red @Behavioural
Given a cloud api for "{config}" in "api"59µs
And I call "{api}" with "GetServiceAPI" using argument "object-storage"55µs
And I refer to "{result}" as "storage"39µs
When I call "{storage}" with "CreateBucket" using argument "ccc-test-soft-delete"434ms
Then "{result}" is not an error42µs
And I refer to "{result}" as "testBucket"16µs
And I attach "{result}" to the test output as "created-bucket.json"60µs
When I call "{storage}" with "DeleteBucket" using argument "ccc-test-soft-delete"434ms
Then "{result}" is not an error26µs
When I call "{storage}" with "ListDeletedBuckets"427ms
Then "{result}" is not an error27µs
And I attach "{result}" to the test output as "deleted-buckets.json"61µs
And "{result}" is an array of objects with length "1"30µs
expected length 1, got 0
When I call "{storage}" with "RestoreBucket" using argument "ccc-test-soft-delete"25µs
Then "{result}" is not an error30µs
When I call "{storage}" with "ListBuckets"14µs
Then "{result}" is not an error16µs
And I attach "{result}" to the test output as "restored-buckets.json"24µs
When I call "{storage}" with "DeleteBucket" using argument "ccc-test-soft-delete"19µs
Then "{result}" is not an error20µs
📎 Attachments:
created-bucket.json
View JSON (78 bytes)
{"ID":"ccc-test-soft-delete","Name":"ccc-test-soft-delete","Region":"westus2"}
deleted-buckets.json
View JSON (4 bytes)
null
Feature: CCC.ObjStor.CN03.AR02 - Immutable Bucket Retention Policy
Scenario: Service prevents modification of locked retention policy @CCC.ObjStor @CCC.ObjStor.CN03 @PerService @object-storage @tlp-amber @tlp-red @Behavioural
Given a cloud api for "{config}" in "api"47µs
And I call "{api}" with "GetServiceAPI" using argument "object-storage"31µs
And I refer to "{result}" as "storage"24µs
When I call "{storage}" with "GetBucketRetentionDurationDays" using argument "{resource-name}"449ms
Then "{result}" is not an error45µs
And I refer to "{result}" as "originalRetention"22µs
And I attach "{result}" to the test output as "original-retention-days.txt"44µs
And "{result}" should be greater than "0"19µs
When I call "{storage}" with "SetBucketRetentionDurationDays" using arguments "{resource-name}" and "1"835ms
Then "{result}" is an error42µs
expected {result} to be an error, got
And I attach "{result}" to the test output as "set-retention-error.txt"27µs
When I call "{storage}" with "GetBucketRetentionDurationDays" using argument "{resource-name}"20µs
Then "{result}" is not an error22µs
And "{result}" should be greater than "0"19µs
📎 Attachments:
original-retention-days.txt
View JSON (1 bytes)
2
Feature: CCC.ObjStor.CN04.AR01
Scenario: Service applies default retention policy to newly uploaded object @CCC.ObjStor @CCC.ObjStor.CN04 @PerService @object-storage @tlp-amber @tlp-clear @tlp-green @tlp-red @Behavioural
Given a cloud api for "{config}" in "api"46µs
And I call "{api}" with "GetServiceAPI" using argument "object-storage"42µs
And I refer to "{result}" as "storage"24µs
And I call "{api}" with "GetServiceAPIWithIdentity" using arguments "object-storage" and "test-user-write"33µs
And "{result}" is not an error48µs
And I refer to "{result}" as "userStorage"15µs
When I call "{userStorage}" with "CreateObject" using arguments "{resource-name}", "test-retention-object={timestamp}.txt", and "protected data"69ms
And I attach "{result}" to the test output as "uploaded-object.json"70µs
And I call "{userStorage}" with "GetObjectRetentionDurationDays" using arguments "{resource-name}" and "test-retention-object={timestamp}.txt"68ms
Then "{result}" should be greater than "1"66µs
cannot parse {result} as number: strconv.ParseFloat: parsing "failed to get blob properties: HEAD https://finoscccintegrationmain.blob.core.windows.net/finos-ccc-integration-container-main/test-retention-object=1782150552775.txt\n--------------------------------------------------------------------------------\nRESPONSE 403: 403 This request is not authorized to perform this operation using this permission.\nERROR CODE: AuthorizationPermissionMismatch\n--------------------------------------------------------------------------------\nResponse contained no body\n--------------------------------------------------------------------------------\n": invalid syntax
📎 Attachments:
uploaded-object.json
View Content (863 bytes)
failed to upload blob test-retention-object=1782150552775.txt: PUT https://finoscccintegrationmain.blob.core.windows.net/finos-ccc-integration-container-main/test-retention-object=1782150552775.txt
--------------------------------------------------------------------------------
RESPONSE 403: 403 This request is not authorized to perform this operation using this permission.
ERROR CODE: AuthorizationPermissionMismatch
--------------------------------------------------------------------------------
AuthorizationPermissionMismatchThis request is not authorized to perform this operation using this permission.
RequestId:c795dfd5-601e-0070-176f-02146c000000
Time:2026-06-22T17:49:12.8118799Z
--------------------------------------------------------------------------------
Scenario: Service enforces retention policy on newly created objects @CCC.ObjStor @CCC.ObjStor.CN04 @PerService @object-storage @tlp-amber @tlp-clear @tlp-green @tlp-red @Behavioural
Given a cloud api for "{config}" in "api"33µs
And I call "{api}" with "GetServiceAPI" using argument "object-storage"39µs
And I refer to "{result}" as "storage"19µs
When I call "{storage}" with "CreateObject" using arguments "{resource-name}", "immediate-delete-test={timestamp}.txt", and "test content"432ms
Then "{result}" is not an error30µs
When I call "{storage}" with "DeleteObject" using arguments "{resource-name}" and "immediate-delete-test={timestamp}.txt"440ms
Then "{result}" is an error41µs
And I attach "{result}" to the test output as "immediate-delete-error.txt"44µs
📎 Attachments:
immediate-delete-error.txt
View Content (840 bytes)
failed to delete blob immediate-delete-test=1782150552913.txt: DELETE https://finoscccintegrationmain.blob.core.windows.net/finos-ccc-integration-container-main/immediate-delete-test=1782150552913.txt
--------------------------------------------------------------------------------
RESPONSE 409: 409 This operation is not permitted as the blob is immutable due to a policy.
ERROR CODE: BlobImmutableDueToPolicy
--------------------------------------------------------------------------------
BlobImmutableDueToPolicyThis operation is not permitted as the blob is immutable due to a policy.
RequestId:c795e218-601e-0070-706f-02146c000000
Time:2026-06-22T17:49:13.7537501Z
--------------------------------------------------------------------------------
Scenario: Service validates retention period meets minimum requirements @CCC.ObjStor @CCC.ObjStor.CN04 @PerService @object-storage @tlp-amber @tlp-clear @tlp-green @tlp-red @Behavioural
Given a cloud api for "{config}" in "api"29µs
And I call "{api}" with "GetServiceAPI" using argument "object-storage"35µs
And I refer to "{result}" as "storage"21µs
When I call "{storage}" with "CreateObject" using arguments "{resource-name}", "retention-period-test={timestamp}.txt", and "compliance data"436ms
And I call "{storage}" with "GetObjectRetentionDurationDays" using arguments "{resource-name}" and "retention-period-test={timestamp}.txt"870ms
Then "{result}" should be greater than "1"30µs
And I attach "{result}" to the test output as "retention-period-days.json"32µs
📎 Attachments:
retention-period-days.json
View JSON (1 bytes)
2
Feature: CCC.ObjStor.CN04.AR02
Scenario: Service prevents object deletion by write user during retention period @CCC.ObjStor @CCC.ObjStor.CN04 @PerService @object-storage @tlp-amber @tlp-clear @tlp-green @tlp-red @Behavioural
Given a cloud api for "{config}" in "api"44µs
And I call "{api}" with "GetServiceAPI" using argument "object-storage"39µs
And I refer to "{result}" as "storage"22µs
And I call "{api}" with "GetServiceAPIWithIdentity" using arguments "object-storage" and "test-user-write"47µs
And "{result}" is not an error29µs
And I refer to "{result}" as "userStorage"20µs
When I call "{userStorage}" with "CreateObject" using arguments "{resource-name}", "protected-object={timestamp}.txt", and "immutable data"69ms
Then "{result}" is not an error33µs
expected {result} to not be an error, but got: failed to upload blob protected-object=1782150555094.txt: PUT https://finoscccintegrationmain.blob.core.windows.net/finos-ccc-integration-container-main/protected-object=1782150555094.txt -------------------------------------------------------------------------------- RESPONSE 403: 403 This request is not authorized to perform this operation using this permission. ERROR CODE: AuthorizationPermissionMismatch -------------------------------------------------------------------------------- AuthorizationPermissionMismatchThis request is not authorized to perform this operation using this permission. RequestId:c795e5f2-601e-0070-416f-02146c000000 Time:2026-06-22T17:49:15.1312588Z --------------------------------------------------------------------------------
And I attach "{result}" to the test output as "protected-object.json"17µs
When I call "{userStorage}" with "DeleteObject" using arguments "{resource-name}" and "protected-object={timestamp}.txt"20µs
Then "{result}" is an error15µs
And I attach "{result}" to the test output as "delete-protected-error.txt"20µs
And "{result}" should contain one of "retention, locked, immutable, protected"22µs
Scenario: Service prevents object deletion by admin user during retention period @CCC.ObjStor @CCC.ObjStor.CN04 @PerService @object-storage @tlp-amber @tlp-clear @tlp-green @tlp-red @Behavioural
Given a cloud api for "{config}" in "api"35µs
And I call "{api}" with "GetServiceAPI" using argument "object-storage"43µs
And I refer to "{result}" as "storage"23µs
When I call "{storage}" with "CreateObject" using arguments "{resource-name}", "admin-protected-object={timestamp}.txt", and "compliance data"432ms
Then "{result}" is not an error42µs
When I call "{storage}" with "DeleteObject" using arguments "{resource-name}" and "admin-protected-object={timestamp}.txt"437ms
Then "{result}" is an error31µs
And I attach "{result}" to the test output as "admin-delete-protected-error.txt"34µs
📎 Attachments:
admin-delete-protected-error.txt
View Content (842 bytes)
failed to delete blob admin-protected-object=1782150555164.txt: DELETE https://finoscccintegrationmain.blob.core.windows.net/finos-ccc-integration-container-main/admin-protected-object=1782150555164.txt
--------------------------------------------------------------------------------
RESPONSE 409: 409 This operation is not permitted as the blob is immutable due to a policy.
ERROR CODE: BlobImmutableDueToPolicy
--------------------------------------------------------------------------------
BlobImmutableDueToPolicyThis operation is not permitted as the blob is immutable due to a policy.
RequestId:c795e8cc-601e-0070-706f-02146c000000
Time:2026-06-22T17:49:16.0009298Z
--------------------------------------------------------------------------------
Scenario: Service prevents object modification during retention period @CCC.ObjStor @CCC.ObjStor.CN04 @PerService @object-storage @tlp-amber @tlp-clear @tlp-green @tlp-red @Behavioural
Given a cloud api for "{config}" in "api"36µs
And I call "{api}" with "GetServiceAPI" using argument "object-storage"32µs
And I refer to "{result}" as "storage"15µs
And I call "{api}" with "GetServiceAPIWithIdentity" using arguments "object-storage" and "test-user-write"44µs
And "{result}" is not an error18µs
And I refer to "{result}" as "userStorage"23µs
When I call "{userStorage}" with "CreateObject" using arguments "{resource-name}", "modify-test-object={timestamp}.txt", and "original content"69ms
Then "{result}" is not an error37µs
expected {result} to not be an error, but got: failed to upload blob modify-test-object=1782150556034.txt: PUT https://finoscccintegrationmain.blob.core.windows.net/finos-ccc-integration-container-main/modify-test-object=1782150556034.txt -------------------------------------------------------------------------------- RESPONSE 403: 403 This request is not authorized to perform this operation using this permission. ERROR CODE: AuthorizationPermissionMismatch -------------------------------------------------------------------------------- AuthorizationPermissionMismatchThis request is not authorized to perform this operation using this permission. RequestId:c795e902-601e-0070-1c6f-02146c000000 Time:2026-06-22T17:49:16.0714645Z --------------------------------------------------------------------------------
And I attach "{result}" to the test output as "original-object.json"16µs
When I call "{userStorage}" with "CreateObject" using arguments "{resource-name}", "modify-test-object={timestamp}.txt", and "modified content"20µs
Then "{result}" is an error16µs
And I attach "{result}" to the test output as "modify-protected-error.txt"17µs
And "{result}" should contain one of "retention, locked, immutable, protected, exists"21µs
Scenario: Service allows object read access during retention period @CCC.ObjStor @CCC.ObjStor.CN04 @PerService @object-storage @tlp-amber @tlp-clear @tlp-green @tlp-red @Behavioural
Given a cloud api for "{config}" in "api"42µs
And I call "{api}" with "GetServiceAPI" using argument "object-storage"34µs
And I refer to "{result}" as "storage"23µs
When I call "{storage}" with "CreateObject" using arguments "{resource-name}", "readable-protected-object={timestamp}.txt", and "readable data"429ms
Then "{result}" is not an error29µs
And I call "{api}" with "GetServiceAPIWithIdentity" using arguments "object-storage" and "test-user-read"50µs
And "{result}" is not an error19µs
And I refer to "{result}" as "userStorage"16µs
When I call "{userStorage}" with "ReadObject" using arguments "{resource-name}" and "readable-protected-object={timestamp}.txt"69ms
Then "{result}" is not an error47µs
expected {result} to not be an error, but got: failed to download blob readable-protected-object=1782150556104.txt: GET https://finoscccintegrationmain.blob.core.windows.net/finos-ccc-integration-container-main/readable-protected-object=1782150556104.txt -------------------------------------------------------------------------------- RESPONSE 403: 403 This request is not authorized to perform this operation using this permission. ERROR CODE: AuthorizationPermissionMismatch -------------------------------------------------------------------------------- AuthorizationPermissionMismatchThis request is not authorized to perform this operation using this permission. RequestId:c795ea2f-601e-0070-136f-02146c000000 Time:2026-06-22T17:49:16.5710447Z --------------------------------------------------------------------------------
And I refer to "{result}" as "readResult"16µs
And I attach "{result}" to the test output as "read-protected-object.json"17µs
And "{readResult.Name}" is "readable-protected-object={timestamp}.txt"23µs
Feature: CCC.ObjStor.CN05.AR01 - Versioning with Unique Identifiers
Scenario: Service enables versioning and objects receive unique version identifiers @CCC.ObjStor @CCC.ObjStor.CN05 @PerService @object-storage @tlp-amber @tlp-clear @tlp-green @tlp-red @Behavioural
Given a cloud api for "{config}" in "api"69µs
And I call "{api}" with "GetServiceAPI" using argument "object-storage"49µs
And I refer to "{result}" as "storage"37µs
When I call "{storage}" with "IsBucketVersioningEnabled" using argument "{resource-name}"44µs
Then "{result}" is true39µs
When I call "{storage}" with "CreateObject" using arguments "{resource-name}", "versioned-object.txt", and "test content"873ms
And I refer to "{result}" as "createdObject"37µs
Then "{createdObject.VersionID}" is not empty38µs
And I attach "{result}" to the test output as "versioned-object.json"16µs
Feature: CCC.ObjStor.CN05.AR02 - New Version ID on Modification
Scenario: Modified objects receive new version identifiers @CCC.ObjStor @CCC.ObjStor.CN05 @PerService @object-storage @tlp-amber @tlp-clear @tlp-green @tlp-red @Behavioural
Given a cloud api for "{config}" in "api"45µs
And I call "{api}" with "GetServiceAPI" using argument "object-storage"33µs
And I refer to "{result}" as "storage"22µs
When I call "{storage}" with "CreateObject" using arguments "{resource-name}", "version-test-object={timestamp}.txt", and "original content"433ms
And I refer to "{result.VersionID}" as "version1"42µs
And I call "{storage}" with "CreateObject" using arguments "{resource-name}", "version-test-object={timestamp}.txt", and "modified content"861ms
And I refer to "{result.VersionID}" as "version2"39µs
Then "{version1}" is not equal to "{version2}"29µs
Feature: CCC.ObjStor.CN05.AR03 - Recovery of Previous Versions
Scenario: Modified objects receive new version identifiers @CCC.ObjStor @CCC.ObjStor.CN05 @PerService @object-storage @tlp-amber @tlp-clear @tlp-green @tlp-red @Behavioural
Given a cloud api for "{config}" in "api"47µs
And I call "{api}" with "GetServiceAPI" using argument "object-storage"41µs
And I refer to "{result}" as "storage"22µs
When I call "{storage}" with "CreateObject" using arguments "{resource-name}", "version-test-object={timestamp}.txt", and "original content"440ms
And I refer to "{result.VersionID}" as "version1"71µs
And I call "{storage}" with "CreateObject" using arguments "{resource-name}", "version-test-object={timestamp}.txt", and "modified content"924ms
And I refer to "{result.VersionID}" as "version2"33µs
And I call "{storage}" with "ReadObjectAtVersion" using arguments "{resource-name}", "version-test-object={timestamp}.txt", and "{version1}"439ms
And I attach "{result}" to the test output as "original-content.json"82µs
Then "{result.Data}" contains "original content"35µs
When I call "{storage}" with "ReadObjectAtVersion" using arguments "{resource-name}", "version-test-object={timestamp}.txt", and "{version2}"435ms
Then "{result.Data}" contains "modified content"44µs
expected {result.Data} to contain 'modified content', but got '[original content]'
And I attach "{result}" to the test output as "modified-content.json"19µs
📎 Attachments:
original-content.json
View JSON (237 bytes)
{"ID":"version-test-object=1782150558774.txt","BucketID":"finos-ccc-integration-container-main","Name":"version-test-object=1782150558774.txt","Size":16,"Data":["original content"],"Encryption":"","EncryptionAlgorithm":"","VersionID":""}
Feature: CCC.ObjStor.CN05.AR04 - Retain Versions on Delete
Scenario: Deleted object data can be reloaded from previous version @CCC.ObjStor @CCC.ObjStor.CN05 @PerService @object-storage @tlp-amber @tlp-clear @tlp-green @tlp-red @Behavioural
Given a cloud api for "{config}" in "api"36µs
And I call "{api}" with "GetServiceAPI" using argument "object-storage"37µs
And I refer to "{result}" as "storage"17µs
When I call "{storage}" with "CreateObject" using arguments "{resource-name}", "recover-deleted-object={timestamp}.txt", and "data to retain"435ms
And I refer to "{result.VersionID}" as "retainedVersionId"59µs
When I call "{storage}" with "DeleteObject" using arguments "{resource-name}" and "recover-deleted-object={timestamp}.txt"431ms
When I call "{storage}" with "ReadObjectAtVersion" using arguments "{resource-name}", "recover-deleted-object={timestamp}.txt", and "{retainedVersionId}"442ms
Then "{result.Data}" contains "data to retain"36µs
And I attach "{result}" to the test output as "recovered-deleted-version.json"40µs
📎 Attachments:
recovered-deleted-version.json
View JSON (241 bytes)
{"ID":"recover-deleted-object=1782150561015.txt","BucketID":"finos-ccc-integration-container-main","Name":"recover-deleted-object=1782150561015.txt","Size":14,"Data":["data to retain"],"Encryption":"","EncryptionAlgorithm":"","VersionID":""}
Scenario: Deleted object version remains in version list @CCC.ObjStor @CCC.ObjStor.CN05 @PerService @object-storage @tlp-amber @tlp-clear @tlp-green @tlp-red @Behavioural
Given a cloud api for "{config}" in "api"30µs
And I call "{api}" with "GetServiceAPI" using argument "object-storage"41µs
And I refer to "{result}" as "storage"22µs
When I call "{storage}" with "CreateObject" using arguments "{resource-name}", "list-deleted-versions-object={timestamp}.txt", and "versioned data"439ms
And I refer to "{result.VersionID}" as "listedVersionId"28µs
When I call "{storage}" with "DeleteObject" using arguments "{resource-name}" and "list-deleted-versions-object={timestamp}.txt"435ms
When I call "{storage}" with "ListObjectVersions" using arguments "{resource-name}" and "list-deleted-versions-object={timestamp}.txt"436ms
And "{result}" is an array of objects with at least the following contents47µs
VersionIDObjectID
{listedVersionId}list-deleted-versions-object={timestamp}.txt
expected row not found: map[ObjectID:list-deleted-versions-object={timestamp}.txt VersionID:{listedVersionId}]
And I attach "{result}" to the test output as "versions-after-delete.json"16µs
Feature: CCC.Core.CN03.AR01 - Multi-Factor Authentication for Destructive Operations
Scenario: MFA requirement for destructive operations cannot be tested automatically @CCC.Core @CCC.Core.CN03 @PerService @tlp-amber @tlp-green @tlp-red @Behavioural @object-storage @load-balancer @virtual-machines @serverless-computing @NotTestable
Given a cloud api for "{config}" in "api"85µs
Then no-op required47µs
Feature: CCC.Core.CN04.AR01 - Log Administrative Access Attempts
Scenario: Verify admin actions are logged with identity and timestamp @CCC.Core @CCC.Core.CN04 @PerService @tlp-amber @tlp-clear @tlp-green @tlp-red @Behavioural @object-storage @virtual-machines @serverless-computing
Given a cloud api for "{config}" in "api"39µs
And I call "{api}" with "GetServiceAPI" using argument "{service-type}"39µs
And I refer to "{result}" as "theService"23µs
Given I call "{api}" with "GetServiceAPI" using argument "logging"136µs
And I refer to "{result}" as "loggingService"21µs
When I call "{theService}" with "UpdateResourcePolicy"1s
Then "{result}" is not an error27µs
And I attach "{result}" to the test output as "Policy Update Result"46µs
And we wait for a period of "10000" ms10s
When I call "{loggingService}" with "QueryLogs" using arguments "{resource-name}", "admin", and "{20}"2s
Then "{result}" is not an error64µs
And I refer to "{result}" as "adminLogs"23µs
And I attach "{adminLogs}" to the test output as "Admin Activity Logs"84µs
Then "{adminLogs}" is an array of objects with at least the following contents42µs
result
Succeeded
expected row not found: map[result:Succeeded]
📎 Attachments:
Policy Update Result
View JSON (4 bytes)
null
Admin Activity Logs
View JSON (2 bytes)
[]
Feature: CCC.Core.CN04.AR02 - Log Data Modification Attempts
Scenario: Verify data modifications are logged with identity and timestamp @CCC.Core @CCC.Core.CN04 @PerService @tlp-amber @tlp-red @Behavioural @object-storage @virtual-machines @serverless-computing
Given a cloud api for "{config}" in "api"43µs
Given I call "{api}" with "GetServiceAPI" using argument "{service-type}"48µs
And I refer to "{result}" as "theService"29µs
And I call "{api}" with "GetServiceAPI" using argument "logging"33µs
And I refer to "{result}" as "loggingService"27µs
When I call "{theService}" with "TriggerDataWrite" using argument "{resource-name}"438ms
And I attach "{result}" to the test output as "Data Write Trigger Result"45µs
And we wait for a period of "10000" ms10s
Then I call "{loggingService}" with "QueryLogs" using arguments "{resource-name}", "data-write", and "{20}"3s
And I refer to "{result}" as "dataLogs"32µs
And I attach "{dataLogs}" to the test output as "Data Write Logs"46µs
Then "{dataLogs}" is an array of objects with at least the following contents33µs
result
Succeeded
expected row not found: map[result:Succeeded]
📎 Attachments:
Data Write Trigger Result
View JSON (4 bytes)
null
Data Write Logs
View JSON (2 bytes)
[]
Feature: CCC.Core.CN04.AR03 - Log Data Read Attempts
Scenario: Verify data read operations are logged with identity and timestamp @CCC.Core @CCC.Core.CN04 @PerService @tlp-red @Behavioural @object-storage @virtual-machines @serverless-computing
Given a cloud api for "{config}" in "api"46µs
Given I call "{api}" with "GetServiceAPI" using argument "{service-type}"40µs
And I refer to "{result}" as "theService"28µs
And I call "{api}" with "GetServiceAPI" using argument "logging"33µs
And I refer to "{result}" as "loggingService"22µs
When I call "{theService}" with "TriggerDataRead" using argument "{resource-name}"867ms
And I attach "{result}" to the test output as "Data Read Trigger Result"63µs
And we wait for a period of "10000" ms10s
When I call "{loggingService}" with "QueryLogs" using arguments "{resource-name}", "data-read", and "{20}"788ms
Then "{result}" is not an error29µs
And I refer to "{result}" as "readLogs"30µs
And I attach "{readLogs}" to the test output as "Data Read Logs"36µs
Then "{readLogs}" is an array of objects with at least the following contents39µs
result
Succeeded
expected row not found: map[result:Succeeded]
📎 Attachments:
Data Read Trigger Result
View JSON (4 bytes)
null
Data Read Logs
View JSON (2 bytes)
[]
Feature: CCC.Core.CN05.AR06 - Block All Unauthorized Requests
Scenario: Service prevents data read by user with no access @CCC.Core @CCC.Core.CN05 @PerService @tlp-amber @tlp-green @tlp-red @Destructive @Behavioural @object-storage @virtual-machines @serverless-computing
Given a cloud api for "{config}" in "api"42µs
And I call "{api}" with "GetServiceAPIWithIdentity" using arguments "{service-type}" and "test-user-no-access"62µs
And "{result}" is not an error27µs
And I refer to "{result}" as "userReadableService"25µs
When I call "{userReadableService}" with "TriggerDataRead" using argument "{resource-name}"68ms
Then "{result}" is an error39µs
And I attach "{result}" to the test output as "no-access-trigger-data-read-error.txt"40µs
📎 Attachments:
no-access-trigger-data-read-error.txt
View Content (849 bytes)
failed to download blob cfi-trigger-data-read-probe.txt: GET https://finoscccintegrationmain.blob.core.windows.net/finos-ccc-integration-container-main/cfi-trigger-data-read-probe.txt
--------------------------------------------------------------------------------
RESPONSE 403: 403 This request is not authorized to perform this operation using this permission.
ERROR CODE: AuthorizationPermissionMismatch
--------------------------------------------------------------------------------
AuthorizationPermissionMismatchThis request is not authorized to perform this operation using this permission.
RequestId:c7967cb3-601e-0070-2a6f-02146c000000
Time:2026-06-22T17:50:01.2661342Z
--------------------------------------------------------------------------------
Feature: CCC.Core.CN07.AR01 - Publish Enumeration Activity Events
Scenario: Enumeration event publishing cannot be tested automatically @CCC.Core @CCC.Core.CN07 @PerService @tlp-amber @tlp-red @Behavioural @NotTestable @object-storage @virtual-machines @serverless-computing
Given a cloud api for "{config}" in "api"45µs
Then no-op required30µs
Feature: CCC.Core.CN07.AR02 - Log Enumeration Activities
Scenario: Enumeration logging cannot be verified automatically @CCC.Core @CCC.Core.CN07 @PerService @tlp-amber @tlp-clear @tlp-green @tlp-red @Behavioural @NotTestable @object-storage @virtual-machines @serverless-computing
Given a cloud api for "{config}" in "api"129µs
Then no-op required64µs
Feature: CCC.Core.CN10.AR01 - Replication Destination Trust
Scenario: Replication destination trust cannot be verified automatically @CCC.Core @CCC.Core.CN10 @PerService @tlp-amber @tlp-green @tlp-red @Behavioural @NotTestable @object-storage @virtual-machines @serverless-computing
Given a cloud api for "{config}" in "api"43µs
Then no-op required20µs