🥒 CCC.ObjStor Test: finos-ccc-integration-container-main

Test Parameters

ServiceTypeobject-storage
ProviderServiceTypeMicrosoft.Storage/storageAccounts
CatalogTypesCCC.ObjStor
TagFilter@object-storage, @PerService, @Behavioural
UID/subscriptions/c1cedd8e-bf91-4d7d-a4cc-45700402a2a1/resourceGroups/finos-ccc-integration-rg/providers/Microsoft.Storage/storageAccounts/finoscccintegrationmain
ResourceNamefinos-ccc-integration-container-main
ReportFilefinos-ccc-integration-container-main-service
ReportTitlefinos-ccc-integration-container-main
Config
{}
azure-log-analytics-workspace-ided1b3630-9d61-4d00-bb4f-c02e360147d8
azure-resource-groupfinos-ccc-integration-rg
azure-storage-accountfinoscccintegrationmain
azure-subscription-idc1cedd8e-bf91-4d7d-a4cc-45700402a2a1
azure-tenant-idfa193ac0-9c06-4111-bf55-341e4db193d3
catalog-versions
{
  "CCC.Core": "v2025.10",
  "CCC.ObjStor": "DEV"
}
default-containerfinos-ccc-integration-container-main
object-storage-retention-period-days2
permitted-regions
[
  "westus2",
  "westus"
]
providerazure
regionwestus2
replication-locations
[
  "westus2",
  "westus"
]
resourcefinos-ccc-integration-container-main
serviceobject-storage
service-typeobject-storage
tags@Behavioural

Summary

Generated: 2026-06-16 16:34:05

Total Run Time: 55s

Features: 28

Scenarios: 41 (✅ 21 | ❌ 20)

Steps: 397 (✅ 333 | ❌ 20 | ⏭️ 40 | ❓ 4)

Feature: CCC.Core.CN02.AR01 - Data Encryption at Rest
Scenario: Verify objects are encrypted at rest @CCC.Core @CCC.Core.CN02 @PerService @tlp-amber @tlp-green @tlp-red @Behavioural @object-storage
Given a cloud api for "{config}" in "api"40µs
Given I call "{api}" with "GetServiceAPI" using argument "object-storage"112µs
And I refer to "{result}" as "storage"21µs
And "{result}" is not an error30µs
When I call "{storage}" with "CreateObject" using arguments "{resource-name}", "test-encryption-check={timestamp}.txt", and "encryption test data"425ms
Then "{result}" is not an error34µs
And I refer to "{result}" as "uploadResult"23µs
And "{uploadResult.Encryption}" is not null33µs
And "{uploadResult.EncryptionAlgorithm}" is "AES256"202µs
And I attach "{uploadResult}" to the test output as "Upload Result with Encryption Details"83µs
📎 Attachments:
Upload Result with Encryption Details
View JSON (260 bytes)
{"ID":"test-encryption-check=1781627645451.txt","BucketID":"finos-ccc-integration-container-main","Name":"test-encryption-check=1781627645451.txt","Size":20,"Data":["encryption test data"],"Encryption":"Microsoft","EncryptionAlgorithm":"AES256","VersionID":""}
Feature: CCC.Core.CN05.AR01 - Block Unauthorized Data Modification
Scenario: Service prevents data modification by user with no access @CCC.Core @CCC.Core.CN05 @PerService @tlp-amber @tlp-clear @tlp-green @tlp-red @Destructive @Behavioural @object-storage
Given a cloud api for "{config}" in "api"56µs
And I call "{api}" with "GetServiceAPI" using argument "object-storage"53µs
And I refer to "{result}" as "storage"36µs
And I call "{api}" with "GetServiceAPIWithIdentity" using arguments "object-storage" and "test-user-no-access"333µs
And "{result}" is not an error48µs
And I refer to "{result}" as "userStorage"34µs
When I call "{userStorage}" with "CreateObject" using arguments "{resource-name}", "test-cn05-unauthorized-modify={timestamp}.txt", and "unauthorized data"248ms
Then "{result}" is an error48µs
And I attach "{result}" to the test output as "no-access-create-error.txt"31µs
📎 Attachments:
no-access-create-error.txt
View Content (879 bytes)
failed to upload blob test-cn05-unauthorized-modify=1781627645878.txt: PUT https://finoscccintegrationmain.blob.core.windows.net/finos-ccc-integration-container-main/test-cn05-unauthorized-modify=1781627645878.txt
--------------------------------------------------------------------------------
RESPONSE 403: 403 This request is not authorized to perform this operation using this permission.
ERROR CODE: AuthorizationPermissionMismatch
--------------------------------------------------------------------------------
AuthorizationPermissionMismatchThis request is not authorized to perform this operation using this permission.
RequestId:d3a0da98-501e-0009-38ad-fde848000000
Time:2026-06-16T16:34:06.1038977Z
--------------------------------------------------------------------------------
Scenario: Service allows data modification by user with write access @CCC.Core @CCC.Core.CN05 @PerService @tlp-amber @tlp-clear @tlp-green @tlp-red @Destructive @Behavioural @object-storage
Given a cloud api for "{config}" in "api"29µs
And I call "{api}" with "GetServiceAPI" using argument "object-storage"40µs
And I refer to "{result}" as "storage"24µs
And I call "{api}" with "GetServiceAPIWithIdentity" using arguments "object-storage" and "test-user-write"174µs
And "{result}" is not an error28µs
And I refer to "{result}" as "userStorage"21µs
When I call "{userStorage}" with "CreateObject" using arguments "{resource-name}", "test-cn05-authorized-modify={timestamp}.txt", and "authorized data"259ms
Then "{result}" is not an error52µs
expected {result} to not be an error, but got: failed to upload blob test-cn05-authorized-modify=1781627646129.txt: PUT https://finoscccintegrationmain.blob.core.windows.net/finos-ccc-integration-container-main/test-cn05-authorized-modify=1781627646129.txt -------------------------------------------------------------------------------- RESPONSE 403: 403 This request is not authorized to perform this operation using this permission. ERROR CODE: AuthorizationPermissionMismatch -------------------------------------------------------------------------------- AuthorizationPermissionMismatchThis request is not authorized to perform this operation using this permission. RequestId:d3a0dba3-501e-0009-20ad-fde848000000 Time:2026-06-16T16:34:06.3636196Z --------------------------------------------------------------------------------
And I attach "{result}" to the test output as "write-create-object-result.json"18µs
Feature: CCC.Core.CN05.AR02 - Block Unauthorized Administrative Access
Scenario: Service prevents administrative action (creating a new bucket) by user with no access @CCC.Core @CCC.Core.CN05 @PerService @tlp-amber @tlp-clear @tlp-green @tlp-red @Destructive @Behavioural @object-storage
Given a cloud api for "{config}" in "api"30µs
And I call "{api}" with "GetServiceAPI" using argument "object-storage"24µs
And I refer to "{result}" as "storage"15µs
And I call "{api}" with "GetServiceAPIWithIdentity" using arguments "object-storage" and "test-user-no-access"47µs
And "{result}" is not an error27µs
And I refer to "{result}" as "userStorage"22µs
When I call "{userStorage}" with "CreateBucket" using argument "test-cn05-unauthorized-admin-container"52ms
Then "{result}" is an error30µs
And I attach "{result}" to the test output as "no-admin-create-bucket-error.txt"60µs
📎 Attachments:
no-admin-create-bucket-error.txt
View Content (791 bytes)
failed to create container: failed to create container test-cn05-unauthorized-admin-container: PUT https://finoscccintegrationmain.blob.core.windows.net/test-cn05-unauthorized-admin-container
--------------------------------------------------------------------------------
RESPONSE 403: 403 This request is not authorized to perform this operation.
ERROR CODE: AuthorizationFailure
--------------------------------------------------------------------------------
AuthorizationFailureThis request is not authorized to perform this operation.
RequestId:d3a0dbcf-501e-0009-48ad-fde848000000
Time:2026-06-16T16:34:06.4179760Z
--------------------------------------------------------------------------------
Scenario: Service prevents administrative action (creating a new bucket) by user with read-only access @CCC.Core @CCC.Core.CN05 @PerService @tlp-amber @tlp-clear @tlp-green @tlp-red @Destructive @Behavioural @object-storage
Given a cloud api for "{config}" in "api"32µs
And I call "{api}" with "GetServiceAPI" using argument "object-storage"27µs
And I refer to "{result}" as "storage"26µs
And I call "{api}" with "GetServiceAPIWithIdentity" using arguments "object-storage" and "test-user-read"170µs
And "{result}" is not an error29µs
And I refer to "{result}" as "userStorage"23µs
When I call "{userStorage}" with "CreateBucket" using argument "test-cn05-read-only-create-container"283ms
Then "{result}" is an error35µs
And I attach "{result}" to the test output as "read-only-create-bucket-error.txt"48µs
📎 Attachments:
read-only-create-bucket-error.txt
View Content (787 bytes)
failed to create container: failed to create container test-cn05-read-only-create-container: PUT https://finoscccintegrationmain.blob.core.windows.net/test-cn05-read-only-create-container
--------------------------------------------------------------------------------
RESPONSE 403: 403 This request is not authorized to perform this operation.
ERROR CODE: AuthorizationFailure
--------------------------------------------------------------------------------
AuthorizationFailureThis request is not authorized to perform this operation.
RequestId:d3a0dca2-501e-0009-03ad-fde848000000
Time:2026-06-16T16:34:06.7021528Z
--------------------------------------------------------------------------------
Scenario: Service allows administrative action (creating a new bucket) by user with admin access @CCC.Core @CCC.Core.CN05 @PerService @tlp-amber @tlp-clear @tlp-green @tlp-red @Behavioural @object-storage
Given a cloud api for "{config}" in "api"170µs
And I call "{api}" with "GetServiceAPI" using argument "object-storage"68µs
And I refer to "{result}" as "storage"39µs
And I call "{api}" with "GetServiceAPIWithIdentity" using arguments "object-storage" and "test-user-admin"239µs
And "{result}" is not an error42µs
And I refer to "{result}" as "userStorage"39µs
When I call "{userStorage}" with "CreateBucket" using argument "test-cn05-authorized-admin-container"151ms
Then "{result}" is not an error30µs
expected {result} to not be an error, but got: failed to create container: failed to create container test-cn05-authorized-admin-container: PUT https://finoscccintegrationmain.blob.core.windows.net/test-cn05-authorized-admin-container -------------------------------------------------------------------------------- RESPONSE 403: 403 This request is not authorized to perform this operation. ERROR CODE: AuthorizationFailure -------------------------------------------------------------------------------- AuthorizationFailureThis request is not authorized to perform this operation. RequestId:d3a0dd11-501e-0009-5fad-fde848000000 Time:2026-06-16T16:34:06.8549106Z --------------------------------------------------------------------------------
And I attach "{result}" to the test output as "admin-create-bucket-result.json"19µs
And I call "{storage}" with "DeleteBucket" using argument "test-cn05-authorized-admin-container"19µs
Feature: CCC.Core.CN06.AR02 - Child Resource Location Compliance
Scenario: Child resource region compliance @CCC.Core @CCC.Core.CN06 @PerService @tlp-amber @tlp-clear @tlp-green @tlp-red @Behavioural @NotTestable @object-storage
Given a cloud api for "{config}" in "api"30µs
Then no-op required18µs
Feature: CCC.Core.CN08.AR01 - Data Replication and Redundancy
Scenario: Bucket data is replicated to physically separate locations @CCC.Core @CCC.Core.CN08 @PerService @tlp-amber @tlp-green @tlp-red @Behavioural @object-storage
Given a cloud api for "{config}" in "api"26µs
And I call "{api}" with "GetServiceAPI" using argument "object-storage"39µs
And I refer to "{result}" as "storage"21µs
When I call "{storage}" with "GetReplicationStatus" using argument "{resource-name}"117ms
And I refer to "{result}" as "replicationStatus"27µs
And I refer to "{replicationStatus.Locations}" as "locations"76µs
And I attach "{replicationStatus}" to the test output as "Replication Status"90µs
Then "{locations}" is an array of objects with length "2"32µs
expected length 2, got 1
And "{permitted-regions}" is an array of objects with at least the following contents30µs
value
{locations[0]}
And "{permitted-regions}" is an array of objects with at least the following contents18µs
value
{locations[1]}
📎 Attachments:
Replication Status
View JSON (78 bytes)
{"Locations":[{"value":"westus2"}],"Status":"Disabled","SyncStatus":"Unknown"}
Feature: CCC.Core.CN08.AR02 - Replication Status Visibility
Scenario: Replication status can be retrieved for monitoring @CCC.Core @CCC.Core.CN08 @PerService @tlp-amber @tlp-green @tlp-red @Behavioural @object-storage
Given a cloud api for "{config}" in "api"44µs
And I call "{api}" with "GetServiceAPI" using argument "object-storage"44µs
And I refer to "{result}" as "storage"17µs
When I call "{storage}" with "GetReplicationStatus" using argument "{resource-name}"135ms
And I refer to "{result}" as "replicationStatus"33µs
And I attach "{replicationStatus}" to the test output as "Replication Status"65µs
And I refer to "{replicationStatus.Locations}" as "locations"39µs
Then "{locations}" is an array of objects with at least the following contents83µs
value
{replication-locations[0]}
{replication-locations[1]}
expected row not found: map[value:{replication-locations[0]}]
📎 Attachments:
Replication Status
View JSON (78 bytes)
{"Locations":[{"value":"westus2"}],"Status":"Disabled","SyncStatus":"Unknown"}
Feature: CCC.ObjStor.CN01.AR01
Scenario: Service prevents reading bucket with no access @CCC.ObjStor @CCC.ObjStor.CN01 @PerService @object-storage @tlp-amber @tlp-red @Behavioural
Given a cloud api for "{config}" in "api"48µs
And I call "{api}" with "GetServiceAPI" using argument "object-storage"42µs
And I refer to "{result}" as "storage"17µs
And I call "{api}" with "GetServiceAPIWithIdentity" using arguments "object-storage" and "test-user-no-access"30µs
And "{result}" is not an error29µs
And I refer to "{result}" as "userStorage"18µs
When I call "{userStorage}" with "ListObjects" using argument "{resource-name}"52ms
Then "{result}" is an error29µs
And I attach "{result}" to the test output as "no-access-list-error.txt"35µs
📎 Attachments:
no-access-list-error.txt
View Content (782 bytes)
failed to list blobs: GET https://finoscccintegrationmain.blob.core.windows.net/finos-ccc-integration-container-main
--------------------------------------------------------------------------------
RESPONSE 403: 403 This request is not authorized to perform this operation using this permission.
ERROR CODE: AuthorizationPermissionMismatch
--------------------------------------------------------------------------------
AuthorizationPermissionMismatchThis request is not authorized to perform this operation using this permission.
RequestId:d3a0de1a-501e-0009-42ad-fde848000000
Time:2026-06-16T16:34:07.1632375Z
--------------------------------------------------------------------------------
Scenario: Service allows reading bucket with read access @CCC.ObjStor @CCC.ObjStor.CN01 @PerService @object-storage @tlp-amber @tlp-red @Behavioural
Given a cloud api for "{config}" in "api"69µs
And I call "{api}" with "GetServiceAPI" using argument "object-storage"56µs
And I refer to "{result}" as "storage"39µs
And I call "{api}" with "GetServiceAPIWithIdentity" using arguments "object-storage" and "test-user-read"77µs
And "{result}" is not an error42µs
And I attach "{result}" to the test output as "read-storage-service.json"74µs
And I refer to "{result}" as "userStorage"56µs
When I call "{userStorage}" with "ListObjects" using argument "{resource-name}"51ms
Then "{result}" is not an error63µs
expected {result} to not be an error, but got: failed to list blobs: GET https://finoscccintegrationmain.blob.core.windows.net/finos-ccc-integration-container-main -------------------------------------------------------------------------------- RESPONSE 403: 403 This request is not authorized to perform this operation using this permission. ERROR CODE: AuthorizationPermissionMismatch -------------------------------------------------------------------------------- AuthorizationPermissionMismatchThis request is not authorized to perform this operation using this permission. RequestId:d3a0de35-501e-0009-5aad-fde848000000 Time:2026-06-16T16:34:07.2170317Z --------------------------------------------------------------------------------
And I attach "{result}" to the test output as "read-list-objects-result.json"21µs
📎 Attachments:
read-storage-service.json
View JSON (2 bytes)
{}
Feature: CCC.ObjStor.CN01.AR02
Scenario: Service prevents reading object with no access @CCC.ObjStor @CCC.ObjStor.CN01 @PerService @object-storage @tlp-amber @tlp-red @Behavioural
Given a cloud api for "{config}" in "api"31µs
And I call "{api}" with "GetServiceAPI" using argument "object-storage"38µs
And I refer to "{result}" as "storage"23µs
And I call "{storage}" with "CreateObject" using arguments "{resource-name}", "test-object={timestamp}.txt", and "test content"419ms
And "{result}" is not an error41µs
And I call "{api}" with "GetServiceAPIWithIdentity" using arguments "object-storage" and "test-user-no-access"42µs
And "{result}" is not an error25µs
And I refer to "{result}" as "userStorage"23µs
When I call "{userStorage}" with "ReadObject" using arguments "{resource-name}" and "test-object={timestamp}.txt"51ms
Then "{result}" is an error31µs
And I attach "{result}" to the test output as "no-access-read-object-error.txt"36µs
📎 Attachments:
no-access-read-object-error.txt
View Content (845 bytes)
failed to download blob test-object=1781627647242.txt: GET https://finoscccintegrationmain.blob.core.windows.net/finos-ccc-integration-container-main/test-object=1781627647242.txt
--------------------------------------------------------------------------------
RESPONSE 403: 403 This request is not authorized to perform this operation using this permission.
ERROR CODE: AuthorizationPermissionMismatch
--------------------------------------------------------------------------------
AuthorizationPermissionMismatchThis request is not authorized to perform this operation using this permission.
RequestId:d3a0df85-501e-0009-72ad-fde848000000
Time:2026-06-16T16:34:07.6882659Z
--------------------------------------------------------------------------------
Scenario: Service allows reading object with read access @CCC.ObjStor @CCC.ObjStor.CN01 @PerService @object-storage @tlp-amber @tlp-red @Behavioural
Given a cloud api for "{config}" in "api"30µs
And I call "{api}" with "GetServiceAPI" using argument "object-storage"43µs
And I refer to "{result}" as "storage"23µs
And I call "{storage}" with "CreateObject" using arguments "{resource-name}", "test-object={timestamp}.txt", and "test content"423ms
And "{result}" is not an error28µs
And I call "{api}" with "GetServiceAPIWithIdentity" using arguments "object-storage" and "test-user-read"39µs
And "{result}" is not an error18µs
And I attach "{result}" to the test output as "read-storage-service.json"37µs
And I refer to "{result}" as "userStorage"15µs
When I call "{userStorage}" with "ReadObject" using arguments "{resource-name}" and "test-object={timestamp}.txt"52ms
Then "{result}" is not an error59µs
expected {result} to not be an error, but got: failed to download blob test-object=1781627647713.txt: GET https://finoscccintegrationmain.blob.core.windows.net/finos-ccc-integration-container-main/test-object=1781627647713.txt -------------------------------------------------------------------------------- RESPONSE 403: 403 This request is not authorized to perform this operation using this permission. ERROR CODE: AuthorizationPermissionMismatch -------------------------------------------------------------------------------- AuthorizationPermissionMismatchThis request is not authorized to perform this operation using this permission. RequestId:d3a0e0a7-501e-0009-73ad-fde848000000 Time:2026-06-16T16:34:08.1652485Z --------------------------------------------------------------------------------
And I attach "{result}" to the test output as "read-read-object-result.json"24µs
📎 Attachments:
read-storage-service.json
View JSON (2 bytes)
{}
Feature: CCC.ObjStor.CN01.AR03
Scenario: Service prevents creating bucket with no access @CCC.ObjStor @CCC.ObjStor.CN01 @PerService @object-storage @tlp-amber @tlp-clear @tlp-green @tlp-red @Behavioural
Given a cloud api for "{config}" in "api"38µs
And I call "{api}" with "GetServiceAPI" using argument "object-storage"57µs
And I refer to "{result}" as "storage"32µs
And I call "{api}" with "GetServiceAPIWithIdentity" using arguments "object-storage" and "test-user-no-access"62µs
And "{result}" is not an error27µs
And I refer to "{result}" as "userStorage"16µs
When I call "{userStorage}" with "CreateBucket" using argument "test-bucket-no-access"53ms
Then "{result}" is an error26µs
And I attach "{result}" to the test output as "no-access-create-bucket-error.txt"44µs
📎 Attachments:
no-access-create-bucket-error.txt
View Content (757 bytes)
failed to create container: failed to create container test-bucket-no-access: PUT https://finoscccintegrationmain.blob.core.windows.net/test-bucket-no-access
--------------------------------------------------------------------------------
RESPONSE 403: 403 This request is not authorized to perform this operation.
ERROR CODE: AuthorizationFailure
--------------------------------------------------------------------------------
AuthorizationFailureThis request is not authorized to perform this operation.
RequestId:d3a0e0cd-501e-0009-16ad-fde848000000
Time:2026-06-16T16:34:08.2192910Z
--------------------------------------------------------------------------------
Scenario: Service allows creating bucket with write access @CCC.ObjStor @CCC.ObjStor.CN01 @PerService @object-storage @tlp-amber @tlp-clear @tlp-green @tlp-red @Behavioural
Given a cloud api for "{config}" in "api"32µs
And I call "{api}" with "GetServiceAPI" using argument "object-storage"39µs
And I refer to "{result}" as "storage"23µs
And I call "{api}" with "GetServiceAPIWithIdentity" using arguments "object-storage" and "test-user-write"38µs
And "{result}" is not an error18µs
And I attach "{result}" to the test output as "write-storage-service.json"24µs
And I refer to "{result}" as "userStorage"14µs
When I call "{userStorage}" with "CreateBucket" using argument "test-bucket-write"52ms
Then "{result}" is not an error38µs
expected {result} to not be an error, but got: failed to create container: failed to create container test-bucket-write: PUT https://finoscccintegrationmain.blob.core.windows.net/test-bucket-write -------------------------------------------------------------------------------- RESPONSE 403: 403 This request is not authorized to perform this operation. ERROR CODE: AuthorizationFailure -------------------------------------------------------------------------------- AuthorizationFailureThis request is not authorized to perform this operation. RequestId:d3a0e0e5-501e-0009-29ad-fde848000000 Time:2026-06-16T16:34:08.2729515Z --------------------------------------------------------------------------------
And I attach "{result}" to the test output as "write-create-bucket-result.json"20µs
And I call "{storage}" with "DeleteBucket" using argument "{result.ID}"16µs
📎 Attachments:
write-storage-service.json
View JSON (2 bytes)
{}
Feature: CCC.ObjStor.CN01.AR04
Scenario: Service prevents writing object with read-only access @CCC.ObjStor @CCC.ObjStor.CN01 @PerService @object-storage @tlp-amber @tlp-clear @tlp-green @tlp-red @Behavioural
Given a cloud api for "{config}" in "api"42µs
And I call "{api}" with "GetServiceAPI" using argument "object-storage"37µs
And I refer to "{result}" as "storage"14µs
And "{result}" is not an error16µs
And I call "{api}" with "GetServiceAPIWithIdentity" using arguments "object-storage" and "test-user-read"27µs
And "{result}" is not an error15µs
And I refer to "{result}" as "userStorage"12µs
When I call "{userStorage}" with "CreateObject" using arguments "{resource-name}", "test-write-object={timestamp}.txt", and "test content"53ms
Then "{result}" is an error26µs
And I attach "{result}" to the test output as "read-create-object-error.txt"50µs
📎 Attachments:
read-create-object-error.txt
View Content (855 bytes)
failed to upload blob test-write-object=1781627648300.txt: PUT https://finoscccintegrationmain.blob.core.windows.net/finos-ccc-integration-container-main/test-write-object=1781627648300.txt
--------------------------------------------------------------------------------
RESPONSE 403: 403 This request is not authorized to perform this operation using this permission.
ERROR CODE: AuthorizationPermissionMismatch
--------------------------------------------------------------------------------
AuthorizationPermissionMismatchThis request is not authorized to perform this operation using this permission.
RequestId:d3a0e101-501e-0009-41ad-fde848000000
Time:2026-06-16T16:34:08.3290437Z
--------------------------------------------------------------------------------
Scenario: Service allows writing object with write access @CCC.ObjStor @CCC.ObjStor.CN01 @PerService @object-storage @tlp-amber @tlp-clear @tlp-green @tlp-red @Behavioural
Given a cloud api for "{config}" in "api"41µs
And I call "{api}" with "GetServiceAPI" using argument "object-storage"41µs
And I refer to "{result}" as "storage"22µs
And "{result}" is not an error18µs
And I call "{api}" with "GetServiceAPIWithIdentity" using arguments "object-storage" and "test-user-write"32µs
And "{result}" is not an error30µs
And I attach "{result}" to the test output as "write-storage-service.json"40µs
And I refer to "{result}" as "userStorage"26µs
When I call "{userStorage}" with "CreateObject" using arguments "{resource-name}", "test-write-object={timestamp}.txt", and "test content"53ms
Then "{result}" is not an error57µs
expected {result} to not be an error, but got: failed to upload blob test-write-object=1781627648354.txt: PUT https://finoscccintegrationmain.blob.core.windows.net/finos-ccc-integration-container-main/test-write-object=1781627648354.txt -------------------------------------------------------------------------------- RESPONSE 403: 403 This request is not authorized to perform this operation using this permission. ERROR CODE: AuthorizationPermissionMismatch -------------------------------------------------------------------------------- AuthorizationPermissionMismatchThis request is not authorized to perform this operation using this permission. RequestId:d3a0e11c-501e-0009-58ad-fde848000000 Time:2026-06-16T16:34:08.3836395Z --------------------------------------------------------------------------------
And I attach "{result}" to the test output as "write-create-object-result.json"88µs
📎 Attachments:
write-storage-service.json
View JSON (2 bytes)
{}
Feature: CCC.ObjStor.CN02.AR01 - Uniform Bucket-Level Access (Consistent Allow)
Scenario: Service enforces uniform bucket-level access by rejecting object-level permissions @CCC.ObjStor @CCC.ObjStor.CN02 @PerService @object-storage @tlp-amber @tlp-red @Behavioural
Given a cloud api for "{config}" in "api"31µs
And I call "{api}" with "GetServiceAPI" using argument "object-storage"24µs
And I refer to "{result}" as "storage"27µs
When I call "{storage}" with "CreateObject" using arguments "{resource-name}", "test-object={timestamp}.txt", and "test data"421ms
Then "{result}" is not an error52µs
And I call "{api}" with "GetServiceAPIWithIdentity" using arguments "object-storage" and "test-user-read"74µs
And "{result}" is not an error40µs
And I refer to "{result}" as "userStorage"34µs
When I call "{userStorage}" with "ReadObject" using arguments "{resource-name}" and "test-object={timestamp}.txt"51ms
Then "{result}" is not an error38µs
expected {result} to not be an error, but got: failed to download blob test-object=1781627648409.txt: GET https://finoscccintegrationmain.blob.core.windows.net/finos-ccc-integration-container-main/test-object=1781627648409.txt -------------------------------------------------------------------------------- RESPONSE 403: 403 This request is not authorized to perform this operation using this permission. ERROR CODE: AuthorizationPermissionMismatch -------------------------------------------------------------------------------- AuthorizationPermissionMismatchThis request is not authorized to perform this operation using this permission. RequestId:d3a0e25e-501e-0009-75ad-fde848000000 Time:2026-06-16T16:34:08.8568180Z --------------------------------------------------------------------------------
When I call "{storage}" with "SetObjectPermission" using arguments "{resource-name}", "test-object={timestamp}.txt", and "none"25µs
Then "{result}" is an error19µs
And I attach "{result}" to the test output as "set-object-permission-error.txt"20µs
When I call "{userStorage}" with "ReadObject" using arguments "{resource-name}" and "test-object={timestamp}.txt"22µs
Then "{result}" is not an error17µs
Feature: CCC.ObjStor.CN02.AR02 - Uniform Bucket-Level Access (Consistent Deny)
Scenario: Service enforces uniform bucket-level access denial @CCC.ObjStor @CCC.ObjStor.CN02 @PerService @object-storage @tlp-amber @tlp-red @Behavioural
Given a cloud api for "{config}" in "api"34µs
And I call "{api}" with "GetServiceAPI" using argument "object-storage"42µs
And I refer to "{result}" as "storage"21µs
When I call "{storage}" with "CreateObject" using arguments "{resource-name}", "test-object={timestamp}.txt", and "test data"430ms
Then "{result}" is not an error26µs
And I call "{api}" with "GetServiceAPIWithIdentity" using arguments "object-storage" and "test-user-no-access"40µs
And "{result}" is not an error17µs
And I refer to "{result}" as "userStorage"14µs
When I call "{userStorage}" with "ReadObject" using arguments "{resource-name}" and "test-object={timestamp}.txt"51ms
Then "{result}" is an error39µs
When I call "{storage}" with "SetObjectPermission" using arguments "{resource-name}", "test-object={timestamp}.txt", and "read"70µs
Then "{result}" is an error16µs
And I attach "{result}" to the test output as "set-object-permission-error.txt"29µs
When I call "{userStorage}" with "ReadObject" using arguments "{resource-name}" and "test-object={timestamp}.txt"51ms
Then "{result}" is an error27µs
📎 Attachments:
set-object-permission-error.txt
View Content (111 bytes)
azure Blob Storage does not support object-level permissions - uniform bucket-level access is enforced via RBAC
Feature: CCC.ObjStor.CN03.AR01 - Bucket Soft Delete and Recovery
Scenario: Service supports bucket soft delete and recovery @CCC.ObjStor @CCC.ObjStor.CN03 @PerService @object-storage @tlp-amber @tlp-red @Behavioural
Given a cloud api for "{config}" in "api"527µs
And I call "{api}" with "GetServiceAPI" using argument "object-storage"136µs
And I refer to "{result}" as "storage"51µs
When I call "{storage}" with "CreateBucket" using argument "ccc-test-soft-delete"439ms
Then "{result}" is not an error34µs
And I refer to "{result}" as "testBucket"24µs
And I attach "{result}" to the test output as "created-bucket.json"67µs
When I call "{storage}" with "DeleteBucket" using argument "ccc-test-soft-delete"419ms
Then "{result}" is not an error39µs
When I call "{storage}" with "ListDeletedBuckets"418ms
Then "{result}" is not an error29µs
And I attach "{result}" to the test output as "deleted-buckets.json"90µs
And "{result}" is an array of objects with length "1"36µs
expected length 1, got 0
When I call "{storage}" with "RestoreBucket" using argument "ccc-test-soft-delete"35µs
Then "{result}" is not an error17µs
When I call "{storage}" with "ListBuckets"14µs
Then "{result}" is not an error18µs
And I attach "{result}" to the test output as "restored-buckets.json"17µs
When I call "{storage}" with "DeleteBucket" using argument "ccc-test-soft-delete"17µs
Then "{result}" is not an error16µs
📎 Attachments:
created-bucket.json
View JSON (78 bytes)
{"ID":"ccc-test-soft-delete","Name":"ccc-test-soft-delete","Region":"westus2"}
deleted-buckets.json
View JSON (4 bytes)
null
Feature: CCC.ObjStor.CN03.AR02 - Immutable Bucket Retention Policy
Scenario: Service prevents modification of locked retention policy @CCC.ObjStor @CCC.ObjStor.CN03 @PerService @object-storage @tlp-amber @tlp-red @Behavioural
Given a cloud api for "{config}" in "api"47µs
And I call "{api}" with "GetServiceAPI" using argument "object-storage"41µs
And I refer to "{result}" as "storage"23µs
When I call "{storage}" with "GetBucketRetentionDurationDays" using argument "{resource-name}"420ms
Then "{result}" is not an error51µs
And I refer to "{result}" as "originalRetention"23µs
And I attach "{result}" to the test output as "original-retention-days.txt"56µs
And "{result}" should be greater than "0"40µs
When I call "{storage}" with "SetBucketRetentionDurationDays" using arguments "{resource-name}" and "1"681ms
Then "{result}" is an error49µs
expected {result} to be an error, got
And I attach "{result}" to the test output as "set-retention-error.txt"34µs
When I call "{storage}" with "GetBucketRetentionDurationDays" using argument "{resource-name}"32µs
Then "{result}" is not an error35µs
And "{result}" should be greater than "0"37µs
📎 Attachments:
original-retention-days.txt
View JSON (1 bytes)
2
Feature: CCC.ObjStor.CN04.AR01
Scenario: Service applies default retention policy to newly uploaded object @CCC.ObjStor @CCC.ObjStor.CN04 @PerService @object-storage @tlp-amber @tlp-clear @tlp-green @tlp-red @Behavioural
Given a cloud api for "{config}" in "api"45µs
And I call "{api}" with "GetServiceAPI" using argument "object-storage"60µs
And I refer to "{result}" as "storage"25µs
And I call "{api}" with "GetServiceAPIWithIdentity" using arguments "object-storage" and "test-user-write"44µs
And "{result}" is not an error18µs
And I refer to "{result}" as "userStorage"16µs
When I call "{userStorage}" with "CreateObject" using arguments "{resource-name}", "test-retention-object={timestamp}.txt", and "protected data"52ms
And I attach "{result}" to the test output as "uploaded-object.json"46µs
And I call "{userStorage}" with "GetObjectRetentionDurationDays" using arguments "{resource-name}" and "test-retention-object={timestamp}.txt"52ms
Then "{result}" should be greater than "1"46µs
cannot parse {result} as number: strconv.ParseFloat: parsing "failed to get blob properties: HEAD https://finoscccintegrationmain.blob.core.windows.net/finos-ccc-integration-container-main/test-retention-object=1781627651796.txt\n--------------------------------------------------------------------------------\nRESPONSE 403: 403 This request is not authorized to perform this operation using this permission.\nERROR CODE: AuthorizationPermissionMismatch\n--------------------------------------------------------------------------------\nResponse contained no body\n--------------------------------------------------------------------------------\n": invalid syntax
📎 Attachments:
uploaded-object.json
View Content (863 bytes)
failed to upload blob test-retention-object=1781627651796.txt: PUT https://finoscccintegrationmain.blob.core.windows.net/finos-ccc-integration-container-main/test-retention-object=1781627651796.txt
--------------------------------------------------------------------------------
RESPONSE 403: 403 This request is not authorized to perform this operation using this permission.
ERROR CODE: AuthorizationPermissionMismatch
--------------------------------------------------------------------------------
AuthorizationPermissionMismatchThis request is not authorized to perform this operation using this permission.
RequestId:d3a0ea32-501e-0009-38ad-fde848000000
Time:2026-06-16T16:34:11.8246980Z
--------------------------------------------------------------------------------
Scenario: Service enforces retention policy on newly created objects @CCC.ObjStor @CCC.ObjStor.CN04 @PerService @object-storage @tlp-amber @tlp-clear @tlp-green @tlp-red @Behavioural
Given a cloud api for "{config}" in "api"45µs
And I call "{api}" with "GetServiceAPI" using argument "object-storage"72µs
And I refer to "{result}" as "storage"17µs
When I call "{storage}" with "CreateObject" using arguments "{resource-name}", "immediate-delete-test={timestamp}.txt", and "test content"417ms
Then "{result}" is not an error49µs
When I call "{storage}" with "DeleteObject" using arguments "{resource-name}" and "immediate-delete-test={timestamp}.txt"420ms
Then "{result}" is an error38µs
And I attach "{result}" to the test output as "immediate-delete-error.txt"39µs
📎 Attachments:
immediate-delete-error.txt
View Content (840 bytes)
failed to delete blob immediate-delete-test=1781627651901.txt: DELETE https://finoscccintegrationmain.blob.core.windows.net/finos-ccc-integration-container-main/immediate-delete-test=1781627651901.txt
--------------------------------------------------------------------------------
RESPONSE 409: 409 This operation is not permitted as the blob is immutable due to a policy.
ERROR CODE: BlobImmutableDueToPolicy
--------------------------------------------------------------------------------
BlobImmutableDueToPolicyThis operation is not permitted as the blob is immutable due to a policy.
RequestId:d3a0ec88-501e-0009-2ead-fde848000000
Time:2026-06-16T16:34:12.7143082Z
--------------------------------------------------------------------------------
Scenario: Service validates retention period meets minimum requirements @CCC.ObjStor @CCC.ObjStor.CN04 @PerService @object-storage @tlp-amber @tlp-clear @tlp-green @tlp-red @Behavioural
Given a cloud api for "{config}" in "api"448µs
And I call "{api}" with "GetServiceAPI" using argument "object-storage"66µs
And I refer to "{result}" as "storage"38µs
When I call "{storage}" with "CreateObject" using arguments "{resource-name}", "retention-period-test={timestamp}.txt", and "compliance data"431ms
And I call "{storage}" with "GetObjectRetentionDurationDays" using arguments "{resource-name}" and "retention-period-test={timestamp}.txt"834ms
Then "{result}" should be greater than "1"41µs
And I attach "{result}" to the test output as "retention-period-days.json"81µs
📎 Attachments:
retention-period-days.json
View JSON (1 bytes)
2
Feature: CCC.ObjStor.CN04.AR02
Scenario: Service prevents object deletion by write user during retention period @CCC.ObjStor @CCC.ObjStor.CN04 @PerService @object-storage @tlp-amber @tlp-clear @tlp-green @tlp-red @Behavioural
Given a cloud api for "{config}" in "api"50µs
And I call "{api}" with "GetServiceAPI" using argument "object-storage"45µs
And I refer to "{result}" as "storage"28µs
And I call "{api}" with "GetServiceAPIWithIdentity" using arguments "object-storage" and "test-user-write"54µs
And "{result}" is not an error41µs
And I refer to "{result}" as "userStorage"26µs
When I call "{userStorage}" with "CreateObject" using arguments "{resource-name}", "protected-object={timestamp}.txt", and "immutable data"51ms
Then "{result}" is not an error57µs
expected {result} to not be an error, but got: failed to upload blob protected-object=1781627654006.txt: PUT https://finoscccintegrationmain.blob.core.windows.net/finos-ccc-integration-container-main/protected-object=1781627654006.txt -------------------------------------------------------------------------------- RESPONSE 403: 403 This request is not authorized to perform this operation using this permission. ERROR CODE: AuthorizationPermissionMismatch -------------------------------------------------------------------------------- AuthorizationPermissionMismatchThis request is not authorized to perform this operation using this permission. RequestId:d3a0efea-501e-0009-1dad-fde848000000 Time:2026-06-16T16:34:14.0330667Z --------------------------------------------------------------------------------
And I attach "{result}" to the test output as "protected-object.json"23µs
When I call "{userStorage}" with "DeleteObject" using arguments "{resource-name}" and "protected-object={timestamp}.txt"23µs
Then "{result}" is an error28µs
And I attach "{result}" to the test output as "delete-protected-error.txt"21µs
And "{result}" should contain one of "retention, locked, immutable, protected"37µs
Scenario: Service prevents object deletion by admin user during retention period @CCC.ObjStor @CCC.ObjStor.CN04 @PerService @object-storage @tlp-amber @tlp-clear @tlp-green @tlp-red @Behavioural
Given a cloud api for "{config}" in "api"51µs
And I call "{api}" with "GetServiceAPI" using argument "object-storage"41µs
And I refer to "{result}" as "storage"28µs
When I call "{storage}" with "CreateObject" using arguments "{resource-name}", "admin-protected-object={timestamp}.txt", and "compliance data"425ms
Then "{result}" is not an error29µs
When I call "{storage}" with "DeleteObject" using arguments "{resource-name}" and "admin-protected-object={timestamp}.txt"420ms
Then "{result}" is an error36µs
And I attach "{result}" to the test output as "admin-delete-protected-error.txt"51µs
📎 Attachments:
admin-delete-protected-error.txt
View Content (842 bytes)
failed to delete blob admin-protected-object=1781627654058.txt: DELETE https://finoscccintegrationmain.blob.core.windows.net/finos-ccc-integration-container-main/admin-protected-object=1781627654058.txt
--------------------------------------------------------------------------------
RESPONSE 409: 409 This operation is not permitted as the blob is immutable due to a policy.
ERROR CODE: BlobImmutableDueToPolicy
--------------------------------------------------------------------------------
BlobImmutableDueToPolicyThis operation is not permitted as the blob is immutable due to a policy.
RequestId:d3a0f25a-501e-0009-21ad-fde848000000
Time:2026-06-16T16:34:14.8801501Z
--------------------------------------------------------------------------------
Scenario: Service prevents object modification during retention period @CCC.ObjStor @CCC.ObjStor.CN04 @PerService @object-storage @tlp-amber @tlp-clear @tlp-green @tlp-red @Behavioural
Given a cloud api for "{config}" in "api"50µs
And I call "{api}" with "GetServiceAPI" using argument "object-storage"45µs
And I refer to "{result}" as "storage"24µs
And I call "{api}" with "GetServiceAPIWithIdentity" using arguments "object-storage" and "test-user-write"51µs
And "{result}" is not an error26µs
And I refer to "{result}" as "userStorage"16µs
When I call "{userStorage}" with "CreateObject" using arguments "{resource-name}", "modify-test-object={timestamp}.txt", and "original content"52ms
Then "{result}" is not an error56µs
expected {result} to not be an error, but got: failed to upload blob modify-test-object=1781627654905.txt: PUT https://finoscccintegrationmain.blob.core.windows.net/finos-ccc-integration-container-main/modify-test-object=1781627654905.txt -------------------------------------------------------------------------------- RESPONSE 403: 403 This request is not authorized to perform this operation using this permission. ERROR CODE: AuthorizationPermissionMismatch -------------------------------------------------------------------------------- AuthorizationPermissionMismatchThis request is not authorized to perform this operation using this permission. RequestId:d3a0f27d-501e-0009-40ad-fde848000000 Time:2026-06-16T16:34:14.9331924Z --------------------------------------------------------------------------------
And I attach "{result}" to the test output as "original-object.json"36µs
When I call "{userStorage}" with "CreateObject" using arguments "{resource-name}", "modify-test-object={timestamp}.txt", and "modified content"77µs
Then "{result}" is an error37µs
And I attach "{result}" to the test output as "modify-protected-error.txt"29µs
And "{result}" should contain one of "retention, locked, immutable, protected, exists"42µs
Scenario: Service allows object read access during retention period @CCC.ObjStor @CCC.ObjStor.CN04 @PerService @object-storage @tlp-amber @tlp-clear @tlp-green @tlp-red @Behavioural
Given a cloud api for "{config}" in "api"47µs
And I call "{api}" with "GetServiceAPI" using argument "object-storage"39µs
And I refer to "{result}" as "storage"25µs
When I call "{storage}" with "CreateObject" using arguments "{resource-name}", "readable-protected-object={timestamp}.txt", and "readable data"429ms
Then "{result}" is not an error46µs
And I call "{api}" with "GetServiceAPIWithIdentity" using arguments "object-storage" and "test-user-read"64µs
And "{result}" is not an error33µs
And I refer to "{result}" as "userStorage"50µs
When I call "{userStorage}" with "ReadObject" using arguments "{resource-name}" and "readable-protected-object={timestamp}.txt"52ms
Then "{result}" is not an error85µs
expected {result} to not be an error, but got: failed to download blob readable-protected-object=1781627654959.txt: GET https://finoscccintegrationmain.blob.core.windows.net/finos-ccc-integration-container-main/readable-protected-object=1781627654959.txt -------------------------------------------------------------------------------- RESPONSE 403: 403 This request is not authorized to perform this operation using this permission. ERROR CODE: AuthorizationPermissionMismatch -------------------------------------------------------------------------------- AuthorizationPermissionMismatchThis request is not authorized to perform this operation using this permission. RequestId:d3a0f3ef-501e-0009-05ad-fde848000000 Time:2026-06-16T16:34:15.4164090Z --------------------------------------------------------------------------------
And I refer to "{result}" as "readResult"317µs
And I attach "{result}" to the test output as "read-protected-object.json"57µs
And "{readResult.Name}" is "readable-protected-object={timestamp}.txt"60µs
Feature: CCC.ObjStor.CN05.AR01 - Versioning with Unique Identifiers
Scenario: Service enables versioning and objects receive unique version identifiers @CCC.ObjStor @CCC.ObjStor.CN05 @PerService @object-storage @tlp-amber @tlp-clear @tlp-green @tlp-red @Behavioural
Given a cloud api for "{config}" in "api"49µs
And I call "{api}" with "GetServiceAPI" using argument "object-storage"52µs
And I refer to "{result}" as "storage"60µs
When I call "{storage}" with "IsBucketVersioningEnabled" using argument "{resource-name}"43µs
Then "{result}" is true41µs
When I call "{storage}" with "CreateObject" using arguments "{resource-name}", "versioned-object.txt", and "test content"848ms
And I refer to "{result}" as "createdObject"40µs
Then "{createdObject.VersionID}" is not empty30µs
And I attach "{result}" to the test output as "versioned-object.json"27µs
Feature: CCC.ObjStor.CN05.AR02 - New Version ID on Modification
Scenario: Modified objects receive new version identifiers @CCC.ObjStor @CCC.ObjStor.CN05 @PerService @object-storage @tlp-amber @tlp-clear @tlp-green @tlp-red @Behavioural
Given a cloud api for "{config}" in "api"50µs
And I call "{api}" with "GetServiceAPI" using argument "object-storage"40µs
And I refer to "{result}" as "storage"26µs
When I call "{storage}" with "CreateObject" using arguments "{resource-name}", "version-test-object={timestamp}.txt", and "original content"434ms
And I refer to "{result.VersionID}" as "version1"47µs
And I call "{storage}" with "CreateObject" using arguments "{resource-name}", "version-test-object={timestamp}.txt", and "modified content"836ms
And I refer to "{result.VersionID}" as "version2"42µs
Then "{version1}" is not equal to "{version2}"29µs
Feature: CCC.ObjStor.CN05.AR03 - Recovery of Previous Versions
Scenario: Modified objects receive new version identifiers @CCC.ObjStor @CCC.ObjStor.CN05 @PerService @object-storage @tlp-amber @tlp-clear @tlp-green @tlp-red @Behavioural
Given a cloud api for "{config}" in "api"45µs
And I call "{api}" with "GetServiceAPI" using argument "object-storage"42µs
And I refer to "{result}" as "storage"26µs
When I call "{storage}" with "CreateObject" using arguments "{resource-name}", "version-test-object={timestamp}.txt", and "original content"420ms
And I refer to "{result.VersionID}" as "version1"46µs
And I call "{storage}" with "CreateObject" using arguments "{resource-name}", "version-test-object={timestamp}.txt", and "modified content"848ms
And I refer to "{result.VersionID}" as "version2"31µs
And I call "{storage}" with "ReadObjectAtVersion" using arguments "{resource-name}", "version-test-object={timestamp}.txt", and "{version1}"418ms
And I attach "{result}" to the test output as "original-content.json"75µs
Then "{result.Data}" contains "original content"50µs
When I call "{storage}" with "ReadObjectAtVersion" using arguments "{resource-name}", "version-test-object={timestamp}.txt", and "{version2}"418ms
Then "{result.Data}" contains "modified content"60µs
expected {result.Data} to contain 'modified content', but got '[original content]'
And I attach "{result}" to the test output as "modified-content.json"35µs
📎 Attachments:
original-content.json
View JSON (237 bytes)
{"ID":"version-test-object=1781627657565.txt","BucketID":"finos-ccc-integration-container-main","Name":"version-test-object=1781627657565.txt","Size":16,"Data":["original content"],"Encryption":"","EncryptionAlgorithm":"","VersionID":""}
Feature: CCC.ObjStor.CN05.AR04 - Retain Versions on Delete
Scenario: Deleted object data can be reloaded from previous version @CCC.ObjStor @CCC.ObjStor.CN05 @PerService @object-storage @tlp-amber @tlp-clear @tlp-green @tlp-red @Behavioural
Given a cloud api for "{config}" in "api"33µs
And I call "{api}" with "GetServiceAPI" using argument "object-storage"33µs
And I refer to "{result}" as "storage"24µs
When I call "{storage}" with "CreateObject" using arguments "{resource-name}", "recover-deleted-object={timestamp}.txt", and "data to retain"421ms
And I refer to "{result.VersionID}" as "retainedVersionId"25µs
When I call "{storage}" with "DeleteObject" using arguments "{resource-name}" and "recover-deleted-object={timestamp}.txt"431ms
When I call "{storage}" with "ReadObjectAtVersion" using arguments "{resource-name}", "recover-deleted-object={timestamp}.txt", and "{retainedVersionId}"418ms
Then "{result.Data}" contains "data to retain"61µs
And I attach "{result}" to the test output as "recovered-deleted-version.json"78µs
📎 Attachments:
recovered-deleted-version.json
View JSON (241 bytes)
{"ID":"recover-deleted-object=1781627659671.txt","BucketID":"finos-ccc-integration-container-main","Name":"recover-deleted-object=1781627659671.txt","Size":14,"Data":["data to retain"],"Encryption":"","EncryptionAlgorithm":"","VersionID":""}
Scenario: Deleted object version remains in version list @CCC.ObjStor @CCC.ObjStor.CN05 @PerService @object-storage @tlp-amber @tlp-clear @tlp-green @tlp-red @Behavioural
Given a cloud api for "{config}" in "api"33µs
And I call "{api}" with "GetServiceAPI" using argument "object-storage"43µs
And I refer to "{result}" as "storage"29µs
When I call "{storage}" with "CreateObject" using arguments "{resource-name}", "list-deleted-versions-object={timestamp}.txt", and "versioned data"427ms
And I refer to "{result.VersionID}" as "listedVersionId"49µs
When I call "{storage}" with "DeleteObject" using arguments "{resource-name}" and "list-deleted-versions-object={timestamp}.txt"421ms
When I call "{storage}" with "ListObjectVersions" using arguments "{resource-name}" and "list-deleted-versions-object={timestamp}.txt"415ms
And "{result}" is an array of objects with at least the following contents39µs
VersionIDObjectID
{listedVersionId}list-deleted-versions-object={timestamp}.txt
expected row not found: map[ObjectID:list-deleted-versions-object={timestamp}.txt VersionID:{listedVersionId}]
And I attach "{result}" to the test output as "versions-after-delete.json"18µs
Feature: CCC.Core.CN03.AR01 - Multi-Factor Authentication for Destructive Operations
Scenario: MFA requirement for destructive operations cannot be tested automatically @CCC.Core @CCC.Core.CN03 @PerService @tlp-amber @tlp-green @tlp-red @Behavioural @object-storage @load-balancer @virtual-machines @serverless-computing @NotTestable
Given a cloud api for "{config}" in "api"35µs
Then no-op required14µs
Feature: CCC.Core.CN04.AR01 - Log Administrative Access Attempts
Scenario: Verify admin actions are logged with identity and timestamp @CCC.Core @CCC.Core.CN04 @PerService @tlp-amber @tlp-clear @tlp-green @tlp-red @Behavioural @object-storage @virtual-machines @serverless-computing
Given a cloud api for "{config}" in "api"48µs
And I call "{api}" with "GetServiceAPI" using argument "{service-type}"40µs
And I refer to "{result}" as "theService"27µs
Given I call "{api}" with "GetServiceAPI" using argument "logging"150µs
And I refer to "{result}" as "loggingService"28µs
When I call "{theService}" with "UpdateResourcePolicy"1s
Then "{result}" is not an error30µs
And I attach "{result}" to the test output as "Policy Update Result"67µs
And we wait for a period of "10000" ms10s
When I call "{loggingService}" with "QueryLogs" using arguments "{resource-name}", "admin", and "{20}"1s
Then "{result}" is not an error27µs
And I refer to "{result}" as "adminLogs"17µs
And I attach "{adminLogs}" to the test output as "Admin Activity Logs"89µs
Then "{adminLogs}" is an array of objects with at least the following contents89µs
result
Succeeded
expected row not found: map[result:Succeeded]
📎 Attachments:
Policy Update Result
View JSON (4 bytes)
null
Admin Activity Logs
View JSON (870 bytes)
[{"identity":"02d55131-c257-44f6-af4e-edb89ce735e7","action":"Put blob container immutability policy","resource":"/subscriptions/c1cedd8e-bf91-4d7d-a4cc-45700402a2a1/resourceGroups/finos-ccc-integration-rg/providers/Microsoft.Storage/storageAccounts/finoscccintegrationmain/blobServices/default/containers/finos-ccc-integration-container-main/immutabilityPolicies/default","timestamp":"2026-06-16T16:31:06.2276627Z","result":"Failed"},{"identity":"02d55131-c257-44f6-af4e-edb89ce735e7","action":"Put blob container immutability policy","resource":"/subscriptions/c1cedd8e-bf91-4d7d-a4cc-45700402a2a1/resourceGroups/finos-ccc-integration-rg/providers/Microsoft.Storage/storageAccounts/finoscccintegrationmain/blobServices/default/containers/finos-ccc-integration-container-main/immutabilityPolicies/default","timestamp":"2026-06-16T16:31:05.9932816Z","result":"Started"}]
Feature: CCC.Core.CN04.AR02 - Log Data Modification Attempts
Scenario: Verify data modifications are logged with identity and timestamp @CCC.Core @CCC.Core.CN04 @PerService @tlp-amber @tlp-red @Behavioural @object-storage @virtual-machines @serverless-computing
Given a cloud api for "{config}" in "api"35µs
Given I call "{api}" with "GetServiceAPI" using argument "{service-type}"46µs
And I refer to "{result}" as "theService"17µs
And I call "{api}" with "GetServiceAPI" using argument "logging"20µs
And I refer to "{result}" as "loggingService"15µs
When I call "{theService}" with "TriggerDataWrite" using argument "{resource-name}"425ms
And I attach "{result}" to the test output as "Data Write Trigger Result"44µs
And we wait for a period of "10000" ms10s
Then I call "{loggingService}" with "QueryLogs" using arguments "{resource-name}", "data-write", and "{20}"3s
And I refer to "{result}" as "dataLogs"31µs
And I attach "{dataLogs}" to the test output as "Data Write Logs"62µs
Then "{dataLogs}" is an array of objects with at least the following contents49µs
result
Succeeded
expected row not found: map[result:Succeeded]
📎 Attachments:
Data Write Trigger Result
View JSON (4 bytes)
null
Data Write Logs
View JSON (2 bytes)
[]
Feature: CCC.Core.CN04.AR03 - Log Data Read Attempts
Scenario: Verify data read operations are logged with identity and timestamp @CCC.Core @CCC.Core.CN04 @PerService @tlp-red @Behavioural @object-storage @virtual-machines @serverless-computing
Given a cloud api for "{config}" in "api"56µs
Given I call "{api}" with "GetServiceAPI" using argument "{service-type}"55µs
And I refer to "{result}" as "theService"18µs
And I call "{api}" with "GetServiceAPI" using argument "logging"21µs
And I refer to "{result}" as "loggingService"15µs
When I call "{theService}" with "TriggerDataRead" using argument "{resource-name}"839ms
And I attach "{result}" to the test output as "Data Read Trigger Result"62µs
And we wait for a period of "10000" ms10s
When I call "{loggingService}" with "QueryLogs" using arguments "{resource-name}", "data-read", and "{20}"602ms
Then "{result}" is not an error37µs
And I refer to "{result}" as "readLogs"23µs
And I attach "{readLogs}" to the test output as "Data Read Logs"41µs
Then "{readLogs}" is an array of objects with at least the following contents35µs
result
Succeeded
expected row not found: map[result:Succeeded]
📎 Attachments:
Data Read Trigger Result
View JSON (4 bytes)
null
Data Read Logs
View JSON (2 bytes)
[]
Feature: CCC.Core.CN05.AR06 - Block All Unauthorized Requests
Scenario: Service prevents data read by user with no access @CCC.Core @CCC.Core.CN05 @PerService @tlp-amber @tlp-green @tlp-red @Destructive @Behavioural @object-storage @virtual-machines @serverless-computing
Given a cloud api for "{config}" in "api"35µs
And I call "{api}" with "GetServiceAPIWithIdentity" using arguments "{service-type}" and "test-user-no-access"58µs
And "{result}" is not an error33µs
And I refer to "{result}" as "userReadableService"51µs
When I call "{userReadableService}" with "TriggerDataRead" using argument "{resource-name}"51ms
Then "{result}" is an error40µs
And I attach "{result}" to the test output as "no-access-trigger-data-read-error.txt"44µs
📎 Attachments:
no-access-trigger-data-read-error.txt
View Content (849 bytes)
failed to download blob cfi-trigger-data-read-probe.txt: GET https://finoscccintegrationmain.blob.core.windows.net/finos-ccc-integration-container-main/cfi-trigger-data-read-probe.txt
--------------------------------------------------------------------------------
RESPONSE 403: 403 This request is not authorized to perform this operation using this permission.
ERROR CODE: AuthorizationPermissionMismatch
--------------------------------------------------------------------------------
AuthorizationPermissionMismatchThis request is not authorized to perform this operation using this permission.
RequestId:d3a16c08-501e-0009-31ae-fde848000000
Time:2026-06-16T16:34:59.9445912Z
--------------------------------------------------------------------------------
Feature: CCC.Core.CN07.AR01 - Publish Enumeration Activity Events
Scenario: Enumeration event publishing cannot be tested automatically @CCC.Core @CCC.Core.CN07 @PerService @tlp-amber @tlp-red @Behavioural @NotTestable @object-storage @virtual-machines @serverless-computing
Given a cloud api for "{config}" in "api"44µs
Then no-op required31µs
Feature: CCC.Core.CN07.AR02 - Log Enumeration Activities
Scenario: Enumeration logging cannot be verified automatically @CCC.Core @CCC.Core.CN07 @PerService @tlp-amber @tlp-clear @tlp-green @tlp-red @Behavioural @NotTestable @object-storage @virtual-machines @serverless-computing
Given a cloud api for "{config}" in "api"71µs
Then no-op required46µs
Feature: CCC.Core.CN10.AR01 - Replication Destination Trust
Scenario: Replication destination trust cannot be verified automatically @CCC.Core @CCC.Core.CN10 @PerService @tlp-amber @tlp-green @tlp-red @Behavioural @NotTestable @object-storage @virtual-machines @serverless-computing
Given a cloud api for "{config}" in "api"46µs
Then no-op required28µs