🥒 CCC.ObjStor Test: finos-ccc-integration-container-main

Test Parameters

ServiceTypeobject-storage
ProviderServiceTypeMicrosoft.Storage/storageAccounts
CatalogTypesCCC.ObjStor
TagFilter@object-storage, @PerService, @Behavioural
UID/subscriptions/c1cedd8e-bf91-4d7d-a4cc-45700402a2a1/resourceGroups/finos-ccc-integration-rg/providers/Microsoft.Storage/storageAccounts/finoscccintegrationmain
ResourceNamefinos-ccc-integration-container-main
ReportFilefinos-ccc-integration-container-main-service
ReportTitlefinos-ccc-integration-container-main
Config
{}
azure-log-analytics-workspace-ided1b3630-9d61-4d00-bb4f-c02e360147d8
azure-resource-groupfinos-ccc-integration-rg
azure-storage-accountfinoscccintegrationmain
azure-subscription-idc1cedd8e-bf91-4d7d-a4cc-45700402a2a1
azure-tenant-idfa193ac0-9c06-4111-bf55-341e4db193d3
catalog-versions
{
  "CCC.Core": "v2025.10",
  "CCC.ObjStor": "DEV"
}
default-containerfinos-ccc-integration-container-main
object-storage-retention-period-days2
permitted-regions
[
  "westus2",
  "westus"
]
providerazure
regionwestus2
replication-locations
[
  "westus2",
  "westus"
]
resourcefinos-ccc-integration-container-main
serviceobject-storage
service-typeobject-storage
tags@Behavioural

Summary

Generated: 2026-06-16 15:50:52

Total Run Time: 59s

Features: 28

Scenarios: 41 (✅ 21 | ❌ 20)

Steps: 397 (✅ 333 | ❌ 20 | ⏭️ 40 | ❓ 4)

Feature: CCC.Core.CN02.AR01 - Data Encryption at Rest
Scenario: Verify objects are encrypted at rest @CCC.Core @CCC.Core.CN02 @PerService @tlp-amber @tlp-green @tlp-red @Behavioural @object-storage
Given a cloud api for "{config}" in "api"50µs
Given I call "{api}" with "GetServiceAPI" using argument "object-storage"131µs
And I refer to "{result}" as "storage"24µs
And "{result}" is not an error36µs
When I call "{storage}" with "CreateObject" using arguments "{resource-name}", "test-encryption-check={timestamp}.txt", and "encryption test data"459ms
Then "{result}" is not an error49µs
And I refer to "{result}" as "uploadResult"12µs
And "{uploadResult.Encryption}" is not null20µs
And "{uploadResult.EncryptionAlgorithm}" is "AES256"33µs
And I attach "{uploadResult}" to the test output as "Upload Result with Encryption Details"58µs
📎 Attachments:
Upload Result with Encryption Details
View JSON (260 bytes)
{"ID":"test-encryption-check=1781625052981.txt","BucketID":"finos-ccc-integration-container-main","Name":"test-encryption-check=1781625052981.txt","Size":20,"Data":["encryption test data"],"Encryption":"Microsoft","EncryptionAlgorithm":"AES256","VersionID":""}
Feature: CCC.Core.CN05.AR01 - Block Unauthorized Data Modification
Scenario: Service prevents data modification by user with no access @CCC.Core @CCC.Core.CN05 @PerService @tlp-amber @tlp-clear @tlp-green @tlp-red @Destructive @Behavioural @object-storage
Given a cloud api for "{config}" in "api"34µs
And I call "{api}" with "GetServiceAPI" using argument "object-storage"34µs
And I refer to "{result}" as "storage"17µs
And I call "{api}" with "GetServiceAPIWithIdentity" using arguments "object-storage" and "test-user-no-access"216µs
And "{result}" is not an error25µs
And I refer to "{result}" as "userStorage"18µs
When I call "{userStorage}" with "CreateObject" using arguments "{resource-name}", "test-cn05-unauthorized-modify={timestamp}.txt", and "unauthorized data"602ms
Then "{result}" is an error26µs
And I attach "{result}" to the test output as "no-access-create-error.txt"30µs
📎 Attachments:
no-access-create-error.txt
View Content (879 bytes)
failed to upload blob test-cn05-unauthorized-modify=1781625053444.txt: PUT https://finoscccintegrationmain.blob.core.windows.net/finos-ccc-integration-container-main/test-cn05-unauthorized-modify=1781625053444.txt
--------------------------------------------------------------------------------
RESPONSE 403: 403 This request is not authorized to perform this operation using this permission.
ERROR CODE: AuthorizationPermissionMismatch
--------------------------------------------------------------------------------
AuthorizationPermissionMismatchThis request is not authorized to perform this operation using this permission.
RequestId:ff4e6257-601e-0070-54a7-fd146c000000
Time:2026-06-16T15:50:54.0124167Z
--------------------------------------------------------------------------------
Scenario: Service allows data modification by user with write access @CCC.Core @CCC.Core.CN05 @PerService @tlp-amber @tlp-clear @tlp-green @tlp-red @Destructive @Behavioural @object-storage
Given a cloud api for "{config}" in "api"30µs
And I call "{api}" with "GetServiceAPI" using argument "object-storage"38µs
And I refer to "{result}" as "storage"21µs
And I call "{api}" with "GetServiceAPIWithIdentity" using arguments "object-storage" and "test-user-write"162µs
And "{result}" is not an error25µs
And I refer to "{result}" as "userStorage"22µs
When I call "{userStorage}" with "CreateObject" using arguments "{resource-name}", "test-cn05-authorized-modify={timestamp}.txt", and "authorized data"448ms
Then "{result}" is not an error40µs
expected {result} to not be an error, but got: failed to upload blob test-cn05-authorized-modify=1781625054048.txt: PUT https://finoscccintegrationmain.blob.core.windows.net/finos-ccc-integration-container-main/test-cn05-authorized-modify=1781625054048.txt -------------------------------------------------------------------------------- RESPONSE 403: 403 This request is not authorized to perform this operation using this permission. ERROR CODE: AuthorizationPermissionMismatch -------------------------------------------------------------------------------- AuthorizationPermissionMismatchThis request is not authorized to perform this operation using this permission. RequestId:ff4e63e3-601e-0070-27a7-fd146c000000 Time:2026-06-16T15:50:54.4618283Z --------------------------------------------------------------------------------
And I attach "{result}" to the test output as "write-create-object-result.json"15µs
Feature: CCC.Core.CN05.AR02 - Block Unauthorized Administrative Access
Scenario: Service prevents administrative action (creating a new bucket) by user with no access @CCC.Core @CCC.Core.CN05 @PerService @tlp-amber @tlp-clear @tlp-green @tlp-red @Destructive @Behavioural @object-storage
Given a cloud api for "{config}" in "api"39µs
And I call "{api}" with "GetServiceAPI" using argument "object-storage"36µs
And I refer to "{result}" as "storage"23µs
And I call "{api}" with "GetServiceAPIWithIdentity" using arguments "object-storage" and "test-user-no-access"45µs
And "{result}" is not an error17µs
And I refer to "{result}" as "userStorage"12µs
When I call "{userStorage}" with "CreateBucket" using argument "test-cn05-unauthorized-admin-container"74ms
Then "{result}" is an error27µs
And I attach "{result}" to the test output as "no-admin-create-bucket-error.txt"32µs
📎 Attachments:
no-admin-create-bucket-error.txt
View Content (791 bytes)
failed to create container: failed to create container test-cn05-unauthorized-admin-container: PUT https://finoscccintegrationmain.blob.core.windows.net/test-cn05-unauthorized-admin-container
--------------------------------------------------------------------------------
RESPONSE 403: 403 This request is not authorized to perform this operation.
ERROR CODE: AuthorizationFailure
--------------------------------------------------------------------------------
AuthorizationFailureThis request is not authorized to perform this operation.
RequestId:ff4e641c-601e-0070-55a7-fd146c000000
Time:2026-06-16T15:50:54.5372123Z
--------------------------------------------------------------------------------
Scenario: Service prevents administrative action (creating a new bucket) by user with read-only access @CCC.Core @CCC.Core.CN05 @PerService @tlp-amber @tlp-clear @tlp-green @tlp-red @Destructive @Behavioural @object-storage
Given a cloud api for "{config}" in "api"44µs
And I call "{api}" with "GetServiceAPI" using argument "object-storage"62µs
And I refer to "{result}" as "storage"16µs
And I call "{api}" with "GetServiceAPIWithIdentity" using arguments "object-storage" and "test-user-read"142µs
And "{result}" is not an error27µs
And I refer to "{result}" as "userStorage"14µs
When I call "{userStorage}" with "CreateBucket" using argument "test-cn05-read-only-create-container"423ms
Then "{result}" is an error30µs
And I attach "{result}" to the test output as "read-only-create-bucket-error.txt"31µs
📎 Attachments:
read-only-create-bucket-error.txt
View Content (787 bytes)
failed to create container: failed to create container test-cn05-read-only-create-container: PUT https://finoscccintegrationmain.blob.core.windows.net/test-cn05-read-only-create-container
--------------------------------------------------------------------------------
RESPONSE 403: 403 This request is not authorized to perform this operation.
ERROR CODE: AuthorizationFailure
--------------------------------------------------------------------------------
AuthorizationFailureThis request is not authorized to perform this operation.
RequestId:ff4e6509-601e-0070-1ba7-fd146c000000
Time:2026-06-16T15:50:54.9631520Z
--------------------------------------------------------------------------------
Scenario: Service allows administrative action (creating a new bucket) by user with admin access @CCC.Core @CCC.Core.CN05 @PerService @tlp-amber @tlp-clear @tlp-green @tlp-red @Behavioural @object-storage
Given a cloud api for "{config}" in "api"31µs
And I call "{api}" with "GetServiceAPI" using argument "object-storage"44µs
And I refer to "{result}" as "storage"21µs
And I call "{api}" with "GetServiceAPIWithIdentity" using arguments "object-storage" and "test-user-admin"169µs
And "{result}" is not an error28µs
And I refer to "{result}" as "userStorage"21µs
When I call "{userStorage}" with "CreateBucket" using argument "test-cn05-authorized-admin-container"418ms
Then "{result}" is not an error34µs
expected {result} to not be an error, but got: failed to create container: failed to create container test-cn05-authorized-admin-container: PUT https://finoscccintegrationmain.blob.core.windows.net/test-cn05-authorized-admin-container -------------------------------------------------------------------------------- RESPONSE 403: 403 This request is not authorized to perform this operation. ERROR CODE: AuthorizationFailure -------------------------------------------------------------------------------- AuthorizationFailureThis request is not authorized to perform this operation. RequestId:ff4e6638-601e-0070-17a7-fd146c000000 Time:2026-06-16T15:50:55.3823605Z --------------------------------------------------------------------------------
And I attach "{result}" to the test output as "admin-create-bucket-result.json"18µs
And I call "{storage}" with "DeleteBucket" using argument "test-cn05-authorized-admin-container"15µs
Feature: CCC.Core.CN06.AR02 - Child Resource Location Compliance
Scenario: Child resource region compliance @CCC.Core @CCC.Core.CN06 @PerService @tlp-amber @tlp-clear @tlp-green @tlp-red @Behavioural @NotTestable @object-storage
Given a cloud api for "{config}" in "api"36µs
Then no-op required21µs
Feature: CCC.Core.CN08.AR01 - Data Replication and Redundancy
Scenario: Bucket data is replicated to physically separate locations @CCC.Core @CCC.Core.CN08 @PerService @tlp-amber @tlp-green @tlp-red @Behavioural @object-storage
Given a cloud api for "{config}" in "api"25µs
And I call "{api}" with "GetServiceAPI" using argument "object-storage"38µs
And I refer to "{result}" as "storage"21µs
When I call "{storage}" with "GetReplicationStatus" using argument "{resource-name}"343ms
And I refer to "{result}" as "replicationStatus"24µs
And I refer to "{replicationStatus.Locations}" as "locations"19µs
And I attach "{replicationStatus}" to the test output as "Replication Status"62µs
Then "{locations}" is an array of objects with length "2"24µs
expected length 2, got 1
And "{permitted-regions}" is an array of objects with at least the following contents18µs
value
{locations[0]}
And "{permitted-regions}" is an array of objects with at least the following contents21µs
value
{locations[1]}
📎 Attachments:
Replication Status
View JSON (78 bytes)
{"Locations":[{"value":"westus2"}],"Status":"Disabled","SyncStatus":"Unknown"}
Feature: CCC.Core.CN08.AR02 - Replication Status Visibility
Scenario: Replication status can be retrieved for monitoring @CCC.Core @CCC.Core.CN08 @PerService @tlp-amber @tlp-green @tlp-red @Behavioural @object-storage
Given a cloud api for "{config}" in "api"68µs
And I call "{api}" with "GetServiceAPI" using argument "object-storage"56µs
And I refer to "{result}" as "storage"106µs
When I call "{storage}" with "GetReplicationStatus" using argument "{resource-name}"238ms
And I refer to "{result}" as "replicationStatus"23µs
And I attach "{replicationStatus}" to the test output as "Replication Status"39µs
And I refer to "{replicationStatus.Locations}" as "locations"22µs
Then "{locations}" is an array of objects with at least the following contents84µs
value
{replication-locations[0]}
{replication-locations[1]}
expected row not found: map[value:{replication-locations[0]}]
📎 Attachments:
Replication Status
View JSON (78 bytes)
{"Locations":[{"value":"westus2"}],"Status":"Disabled","SyncStatus":"Unknown"}
Feature: CCC.ObjStor.CN01.AR01
Scenario: Service prevents reading bucket with no access @CCC.ObjStor @CCC.ObjStor.CN01 @PerService @object-storage @tlp-amber @tlp-red @Behavioural
Given a cloud api for "{config}" in "api"45µs
And I call "{api}" with "GetServiceAPI" using argument "object-storage"40µs
And I refer to "{result}" as "storage"19µs
And I call "{api}" with "GetServiceAPIWithIdentity" using arguments "object-storage" and "test-user-no-access"32µs
And "{result}" is not an error25µs
And I refer to "{result}" as "userStorage"15µs
When I call "{userStorage}" with "ListObjects" using argument "{resource-name}"74ms
Then "{result}" is an error31µs
And I attach "{result}" to the test output as "no-access-list-error.txt"32µs
📎 Attachments:
no-access-list-error.txt
View Content (782 bytes)
failed to list blobs: GET https://finoscccintegrationmain.blob.core.windows.net/finos-ccc-integration-container-main
--------------------------------------------------------------------------------
RESPONSE 403: 403 This request is not authorized to perform this operation using this permission.
ERROR CODE: AuthorizationPermissionMismatch
--------------------------------------------------------------------------------
AuthorizationPermissionMismatchThis request is not authorized to perform this operation using this permission.
RequestId:ff4e6859-601e-0070-03a7-fd146c000000
Time:2026-06-16T15:50:56.0431403Z
--------------------------------------------------------------------------------
Scenario: Service allows reading bucket with read access @CCC.ObjStor @CCC.ObjStor.CN01 @PerService @object-storage @tlp-amber @tlp-red @Behavioural
Given a cloud api for "{config}" in "api"34µs
And I call "{api}" with "GetServiceAPI" using argument "object-storage"41µs
And I refer to "{result}" as "storage"24µs
And I call "{api}" with "GetServiceAPIWithIdentity" using arguments "object-storage" and "test-user-read"46µs
And "{result}" is not an error29µs
And I attach "{result}" to the test output as "read-storage-service.json"59µs
And I refer to "{result}" as "userStorage"26µs
When I call "{userStorage}" with "ListObjects" using argument "{resource-name}"73ms
Then "{result}" is not an error38µs
expected {result} to not be an error, but got: failed to list blobs: GET https://finoscccintegrationmain.blob.core.windows.net/finos-ccc-integration-container-main -------------------------------------------------------------------------------- RESPONSE 403: 403 This request is not authorized to perform this operation using this permission. ERROR CODE: AuthorizationPermissionMismatch -------------------------------------------------------------------------------- AuthorizationPermissionMismatchThis request is not authorized to perform this operation using this permission. RequestId:ff4e68ba-601e-0070-5ea7-fd146c000000 Time:2026-06-16T15:50:56.1181795Z --------------------------------------------------------------------------------
And I attach "{result}" to the test output as "read-list-objects-result.json"20µs
📎 Attachments:
read-storage-service.json
View JSON (2 bytes)
{}
Feature: CCC.ObjStor.CN01.AR02
Scenario: Service prevents reading object with no access @CCC.ObjStor @CCC.ObjStor.CN01 @PerService @object-storage @tlp-amber @tlp-red @Behavioural
Given a cloud api for "{config}" in "api"36µs
And I call "{api}" with "GetServiceAPI" using argument "object-storage"35µs
And I refer to "{result}" as "storage"23µs
And I call "{storage}" with "CreateObject" using arguments "{resource-name}", "test-object={timestamp}.txt", and "test content"462ms
And "{result}" is not an error24µs
And I call "{api}" with "GetServiceAPIWithIdentity" using arguments "object-storage" and "test-user-no-access"49µs
And "{result}" is not an error18µs
And I refer to "{result}" as "userStorage"19µs
When I call "{userStorage}" with "ReadObject" using arguments "{resource-name}" and "test-object={timestamp}.txt"73ms
Then "{result}" is an error29µs
And I attach "{result}" to the test output as "no-access-read-object-error.txt"64µs
📎 Attachments:
no-access-read-object-error.txt
View Content (845 bytes)
failed to download blob test-object=1781625056153.txt: GET https://finoscccintegrationmain.blob.core.windows.net/finos-ccc-integration-container-main/test-object=1781625056153.txt
--------------------------------------------------------------------------------
RESPONSE 403: 403 This request is not authorized to perform this operation using this permission.
ERROR CODE: AuthorizationPermissionMismatch
--------------------------------------------------------------------------------
AuthorizationPermissionMismatchThis request is not authorized to perform this operation using this permission.
RequestId:ff4e6a40-601e-0070-20a7-fd146c000000
Time:2026-06-16T15:50:56.6549154Z
--------------------------------------------------------------------------------
Scenario: Service allows reading object with read access @CCC.ObjStor @CCC.ObjStor.CN01 @PerService @object-storage @tlp-amber @tlp-red @Behavioural
Given a cloud api for "{config}" in "api"68µs
And I call "{api}" with "GetServiceAPI" using argument "object-storage"70µs
And I refer to "{result}" as "storage"96µs
And I call "{storage}" with "CreateObject" using arguments "{resource-name}", "test-object={timestamp}.txt", and "test content"465ms
And "{result}" is not an error30µs
And I call "{api}" with "GetServiceAPIWithIdentity" using arguments "object-storage" and "test-user-read"44µs
And "{result}" is not an error19µs
And I attach "{result}" to the test output as "read-storage-service.json"43µs
And I refer to "{result}" as "userStorage"20µs
When I call "{userStorage}" with "ReadObject" using arguments "{resource-name}" and "test-object={timestamp}.txt"74ms
Then "{result}" is not an error33µs
expected {result} to not be an error, but got: failed to download blob test-object=1781625056691.txt: GET https://finoscccintegrationmain.blob.core.windows.net/finos-ccc-integration-container-main/test-object=1781625056691.txt -------------------------------------------------------------------------------- RESPONSE 403: 403 This request is not authorized to perform this operation using this permission. ERROR CODE: AuthorizationPermissionMismatch -------------------------------------------------------------------------------- AuthorizationPermissionMismatchThis request is not authorized to perform this operation using this permission. RequestId:ff4e6bed-601e-0070-0aa7-fd146c000000 Time:2026-06-16T15:50:57.1956291Z --------------------------------------------------------------------------------
And I attach "{result}" to the test output as "read-read-object-result.json"19µs
📎 Attachments:
read-storage-service.json
View JSON (2 bytes)
{}
Feature: CCC.ObjStor.CN01.AR03
Scenario: Service prevents creating bucket with no access @CCC.ObjStor @CCC.ObjStor.CN01 @PerService @object-storage @tlp-amber @tlp-clear @tlp-green @tlp-red @Behavioural
Given a cloud api for "{config}" in "api"35µs
And I call "{api}" with "GetServiceAPI" using argument "object-storage"30µs
And I refer to "{result}" as "storage"25µs
And I call "{api}" with "GetServiceAPIWithIdentity" using arguments "object-storage" and "test-user-no-access"41µs
And "{result}" is not an error26µs
And I refer to "{result}" as "userStorage"21µs
When I call "{userStorage}" with "CreateBucket" using argument "test-bucket-no-access"74ms
Then "{result}" is an error30µs
And I attach "{result}" to the test output as "no-access-create-bucket-error.txt"31µs
📎 Attachments:
no-access-create-bucket-error.txt
View Content (757 bytes)
failed to create container: failed to create container test-bucket-no-access: PUT https://finoscccintegrationmain.blob.core.windows.net/test-bucket-no-access
--------------------------------------------------------------------------------
RESPONSE 403: 403 This request is not authorized to perform this operation.
ERROR CODE: AuthorizationFailure
--------------------------------------------------------------------------------
AuthorizationFailureThis request is not authorized to perform this operation.
RequestId:ff4e6c46-601e-0070-58a7-fd146c000000
Time:2026-06-16T15:50:57.2711206Z
--------------------------------------------------------------------------------
Scenario: Service allows creating bucket with write access @CCC.ObjStor @CCC.ObjStor.CN01 @PerService @object-storage @tlp-amber @tlp-clear @tlp-green @tlp-red @Behavioural
Given a cloud api for "{config}" in "api"42µs
And I call "{api}" with "GetServiceAPI" using argument "object-storage"41µs
And I refer to "{result}" as "storage"23µs
And I call "{api}" with "GetServiceAPIWithIdentity" using arguments "object-storage" and "test-user-write"53µs
And "{result}" is not an error29µs
And I attach "{result}" to the test output as "write-storage-service.json"35µs
And I refer to "{result}" as "userStorage"24µs
When I call "{userStorage}" with "CreateBucket" using argument "test-bucket-write"75ms
Then "{result}" is not an error37µs
expected {result} to not be an error, but got: failed to create container: failed to create container test-bucket-write: PUT https://finoscccintegrationmain.blob.core.windows.net/test-bucket-write -------------------------------------------------------------------------------- RESPONSE 403: 403 This request is not authorized to perform this operation. ERROR CODE: AuthorizationFailure -------------------------------------------------------------------------------- AuthorizationFailureThis request is not authorized to perform this operation. RequestId:ff4e6c88-601e-0070-18a7-fd146c000000 Time:2026-06-16T15:50:57.3471600Z --------------------------------------------------------------------------------
And I attach "{result}" to the test output as "write-create-bucket-result.json"18µs
And I call "{storage}" with "DeleteBucket" using argument "{result.ID}"17µs
📎 Attachments:
write-storage-service.json
View JSON (2 bytes)
{}
Feature: CCC.ObjStor.CN01.AR04
Scenario: Service prevents writing object with read-only access @CCC.ObjStor @CCC.ObjStor.CN01 @PerService @object-storage @tlp-amber @tlp-clear @tlp-green @tlp-red @Behavioural
Given a cloud api for "{config}" in "api"30µs
And I call "{api}" with "GetServiceAPI" using argument "object-storage"27µs
And I refer to "{result}" as "storage"14µs
And "{result}" is not an error28µs
And I call "{api}" with "GetServiceAPIWithIdentity" using arguments "object-storage" and "test-user-read"44µs
And "{result}" is not an error23µs
And I refer to "{result}" as "userStorage"14µs
When I call "{userStorage}" with "CreateObject" using arguments "{resource-name}", "test-write-object={timestamp}.txt", and "test content"74ms
Then "{result}" is an error40µs
And I attach "{result}" to the test output as "read-create-object-error.txt"57µs
📎 Attachments:
read-create-object-error.txt
View Content (855 bytes)
failed to upload blob test-write-object=1781625057382.txt: PUT https://finoscccintegrationmain.blob.core.windows.net/finos-ccc-integration-container-main/test-write-object=1781625057382.txt
--------------------------------------------------------------------------------
RESPONSE 403: 403 This request is not authorized to perform this operation using this permission.
ERROR CODE: AuthorizationPermissionMismatch
--------------------------------------------------------------------------------
AuthorizationPermissionMismatchThis request is not authorized to perform this operation using this permission.
RequestId:ff4e6cd3-601e-0070-5da7-fd146c000000
Time:2026-06-16T15:50:57.4228012Z
--------------------------------------------------------------------------------
Scenario: Service allows writing object with write access @CCC.ObjStor @CCC.ObjStor.CN01 @PerService @object-storage @tlp-amber @tlp-clear @tlp-green @tlp-red @Behavioural
Given a cloud api for "{config}" in "api"45µs
And I call "{api}" with "GetServiceAPI" using argument "object-storage"40µs
And I refer to "{result}" as "storage"20µs
And "{result}" is not an error26µs
And I call "{api}" with "GetServiceAPIWithIdentity" using arguments "object-storage" and "test-user-write"45µs
And "{result}" is not an error25µs
And I attach "{result}" to the test output as "write-storage-service.json"36µs
And I refer to "{result}" as "userStorage"21µs
When I call "{userStorage}" with "CreateObject" using arguments "{resource-name}", "test-write-object={timestamp}.txt", and "test content"74ms
Then "{result}" is not an error775µs
expected {result} to not be an error, but got: failed to upload blob test-write-object=1781625057458.txt: PUT https://finoscccintegrationmain.blob.core.windows.net/finos-ccc-integration-container-main/test-write-object=1781625057458.txt -------------------------------------------------------------------------------- RESPONSE 403: 403 This request is not authorized to perform this operation using this permission. ERROR CODE: AuthorizationPermissionMismatch -------------------------------------------------------------------------------- AuthorizationPermissionMismatchThis request is not authorized to perform this operation using this permission. RequestId:ff4e6d1d-601e-0070-1ca7-fd146c000000 Time:2026-06-16T15:50:57.4988273Z --------------------------------------------------------------------------------
And I attach "{result}" to the test output as "write-create-object-result.json"46µs
📎 Attachments:
write-storage-service.json
View JSON (2 bytes)
{}
Feature: CCC.ObjStor.CN02.AR01 - Uniform Bucket-Level Access (Consistent Allow)
Scenario: Service enforces uniform bucket-level access by rejecting object-level permissions @CCC.ObjStor @CCC.ObjStor.CN02 @PerService @object-storage @tlp-amber @tlp-red @Behavioural
Given a cloud api for "{config}" in "api"41µs
And I call "{api}" with "GetServiceAPI" using argument "object-storage"25µs
And I refer to "{result}" as "storage"18µs
When I call "{storage}" with "CreateObject" using arguments "{resource-name}", "test-object={timestamp}.txt", and "test data"458ms
Then "{result}" is not an error43µs
And I call "{api}" with "GetServiceAPIWithIdentity" using arguments "object-storage" and "test-user-read"49µs
And "{result}" is not an error18µs
And I refer to "{result}" as "userStorage"15µs
When I call "{userStorage}" with "ReadObject" using arguments "{resource-name}" and "test-object={timestamp}.txt"74ms
Then "{result}" is not an error50µs
expected {result} to not be an error, but got: failed to download blob test-object=1781625057536.txt: GET https://finoscccintegrationmain.blob.core.windows.net/finos-ccc-integration-container-main/test-object=1781625057536.txt -------------------------------------------------------------------------------- RESPONSE 403: 403 This request is not authorized to perform this operation using this permission. ERROR CODE: AuthorizationPermissionMismatch -------------------------------------------------------------------------------- AuthorizationPermissionMismatchThis request is not authorized to perform this operation using this permission. RequestId:ff4e6f01-601e-0070-40a7-fd146c000000 Time:2026-06-16T15:50:58.0336434Z --------------------------------------------------------------------------------
When I call "{storage}" with "SetObjectPermission" using arguments "{resource-name}", "test-object={timestamp}.txt", and "none"24µs
Then "{result}" is an error23µs
And I attach "{result}" to the test output as "set-object-permission-error.txt"16µs
When I call "{userStorage}" with "ReadObject" using arguments "{resource-name}" and "test-object={timestamp}.txt"28µs
Then "{result}" is not an error17µs
Feature: CCC.ObjStor.CN02.AR02 - Uniform Bucket-Level Access (Consistent Deny)
Scenario: Service enforces uniform bucket-level access denial @CCC.ObjStor @CCC.ObjStor.CN02 @PerService @object-storage @tlp-amber @tlp-red @Behavioural
Given a cloud api for "{config}" in "api"45µs
And I call "{api}" with "GetServiceAPI" using argument "object-storage"32µs
And I refer to "{result}" as "storage"23µs
When I call "{storage}" with "CreateObject" using arguments "{resource-name}", "test-object={timestamp}.txt", and "test data"468ms
Then "{result}" is not an error31µs
And I call "{api}" with "GetServiceAPIWithIdentity" using arguments "object-storage" and "test-user-no-access"44µs
And "{result}" is not an error20µs
And I refer to "{result}" as "userStorage"19µs
When I call "{userStorage}" with "ReadObject" using arguments "{resource-name}" and "test-object={timestamp}.txt"73ms
Then "{result}" is an error307µs
When I call "{storage}" with "SetObjectPermission" using arguments "{resource-name}", "test-object={timestamp}.txt", and "read"62µs
Then "{result}" is an error102µs
And I attach "{result}" to the test output as "set-object-permission-error.txt"37µs
When I call "{userStorage}" with "ReadObject" using arguments "{resource-name}" and "test-object={timestamp}.txt"73ms
Then "{result}" is an error33µs
📎 Attachments:
set-object-permission-error.txt
View Content (111 bytes)
azure Blob Storage does not support object-level permissions - uniform bucket-level access is enforced via RBAC
Feature: CCC.ObjStor.CN03.AR01 - Bucket Soft Delete and Recovery
Scenario: Service supports bucket soft delete and recovery @CCC.ObjStor @CCC.ObjStor.CN03 @PerService @object-storage @tlp-amber @tlp-red @Behavioural
Given a cloud api for "{config}" in "api"45µs
And I call "{api}" with "GetServiceAPI" using argument "object-storage"44µs
And I refer to "{result}" as "storage"23µs
When I call "{storage}" with "CreateBucket" using argument "ccc-test-soft-delete"484ms
Then "{result}" is not an error36µs
And I refer to "{result}" as "testBucket"26µs
And I attach "{result}" to the test output as "created-bucket.json"69µs
When I call "{storage}" with "DeleteBucket" using argument "ccc-test-soft-delete"459ms
Then "{result}" is not an error28µs
When I call "{storage}" with "ListDeletedBuckets"456ms
Then "{result}" is not an error26µs
And I attach "{result}" to the test output as "deleted-buckets.json"60µs
And "{result}" is an array of objects with length "1"29µs
expected length 1, got 0
When I call "{storage}" with "RestoreBucket" using argument "ccc-test-soft-delete"26µs
Then "{result}" is not an error18µs
When I call "{storage}" with "ListBuckets"13µs
Then "{result}" is not an error15µs
And I attach "{result}" to the test output as "restored-buckets.json"14µs
When I call "{storage}" with "DeleteBucket" using argument "ccc-test-soft-delete"15µs
Then "{result}" is not an error15µs
📎 Attachments:
created-bucket.json
View JSON (78 bytes)
{"ID":"ccc-test-soft-delete","Name":"ccc-test-soft-delete","Region":"westus2"}
deleted-buckets.json
View JSON (4 bytes)
null
Feature: CCC.ObjStor.CN03.AR02 - Immutable Bucket Retention Policy
Scenario: Service prevents modification of locked retention policy @CCC.ObjStor @CCC.ObjStor.CN03 @PerService @object-storage @tlp-amber @tlp-red @Behavioural
Given a cloud api for "{config}" in "api"43µs
And I call "{api}" with "GetServiceAPI" using argument "object-storage"35µs
And I refer to "{result}" as "storage"23µs
When I call "{storage}" with "GetBucketRetentionDurationDays" using argument "{resource-name}"467ms
Then "{result}" is not an error52µs
And I refer to "{result}" as "originalRetention"22µs
And I attach "{result}" to the test output as "original-retention-days.txt"43µs
And "{result}" should be greater than "0"29µs
When I call "{storage}" with "SetBucketRetentionDurationDays" using arguments "{resource-name}" and "1"954ms
Then "{result}" is an error43µs
expected {result} to be an error, got
And I attach "{result}" to the test output as "set-retention-error.txt"24µs
When I call "{storage}" with "GetBucketRetentionDurationDays" using argument "{resource-name}"49µs
Then "{result}" is not an error16µs
And "{result}" should be greater than "0"17µs
📎 Attachments:
original-retention-days.txt
View JSON (1 bytes)
2
Feature: CCC.ObjStor.CN04.AR01
Scenario: Service applies default retention policy to newly uploaded object @CCC.ObjStor @CCC.ObjStor.CN04 @PerService @object-storage @tlp-amber @tlp-clear @tlp-green @tlp-red @Behavioural
Given a cloud api for "{config}" in "api"35µs
And I call "{api}" with "GetServiceAPI" using argument "object-storage"55µs
And I refer to "{result}" as "storage"22µs
And I call "{api}" with "GetServiceAPIWithIdentity" using arguments "object-storage" and "test-user-write"38µs
And "{result}" is not an error19µs
And I refer to "{result}" as "userStorage"19µs
When I call "{userStorage}" with "CreateObject" using arguments "{resource-name}", "test-retention-object={timestamp}.txt", and "protected data"75ms
And I attach "{result}" to the test output as "uploaded-object.json"56µs
And I call "{userStorage}" with "GetObjectRetentionDurationDays" using arguments "{resource-name}" and "test-retention-object={timestamp}.txt"74ms
Then "{result}" should be greater than "1"65µs
cannot parse {result} as number: strconv.ParseFloat: parsing "failed to get blob properties: HEAD https://finoscccintegrationmain.blob.core.windows.net/finos-ccc-integration-container-main/test-retention-object=1781625061510.txt\n--------------------------------------------------------------------------------\nRESPONSE 403: 403 This request is not authorized to perform this operation using this permission.\nERROR CODE: AuthorizationPermissionMismatch\n--------------------------------------------------------------------------------\nResponse contained no body\n--------------------------------------------------------------------------------\n": invalid syntax
📎 Attachments:
uploaded-object.json
View Content (863 bytes)
failed to upload blob test-retention-object=1781625061510.txt: PUT https://finoscccintegrationmain.blob.core.windows.net/finos-ccc-integration-container-main/test-retention-object=1781625061510.txt
--------------------------------------------------------------------------------
RESPONSE 403: 403 This request is not authorized to perform this operation using this permission.
ERROR CODE: AuthorizationPermissionMismatch
--------------------------------------------------------------------------------
AuthorizationPermissionMismatchThis request is not authorized to perform this operation using this permission.
RequestId:ff4e79b5-601e-0070-54a7-fd146c000000
Time:2026-06-16T15:51:01.5508990Z
--------------------------------------------------------------------------------
Scenario: Service enforces retention policy on newly created objects @CCC.ObjStor @CCC.ObjStor.CN04 @PerService @object-storage @tlp-amber @tlp-clear @tlp-green @tlp-red @Behavioural
Given a cloud api for "{config}" in "api"50µs
And I call "{api}" with "GetServiceAPI" using argument "object-storage"43µs
And I refer to "{result}" as "storage"23µs
When I call "{storage}" with "CreateObject" using arguments "{resource-name}", "immediate-delete-test={timestamp}.txt", and "test content"458ms
Then "{result}" is not an error29µs
When I call "{storage}" with "DeleteObject" using arguments "{resource-name}" and "immediate-delete-test={timestamp}.txt"451ms
Then "{result}" is an error41µs
And I attach "{result}" to the test output as "immediate-delete-error.txt"61µs
📎 Attachments:
immediate-delete-error.txt
View Content (840 bytes)
failed to delete blob immediate-delete-test=1781625061660.txt: DELETE https://finoscccintegrationmain.blob.core.windows.net/finos-ccc-integration-container-main/immediate-delete-test=1781625061660.txt
--------------------------------------------------------------------------------
RESPONSE 409: 409 This operation is not permitted as the blob is immutable due to a policy.
ERROR CODE: BlobImmutableDueToPolicy
--------------------------------------------------------------------------------
BlobImmutableDueToPolicyThis operation is not permitted as the blob is immutable due to a policy.
RequestId:ff4e7cda-601e-0070-68a7-fd146c000000
Time:2026-06-16T15:51:02.5358082Z
--------------------------------------------------------------------------------
Scenario: Service validates retention period meets minimum requirements @CCC.ObjStor @CCC.ObjStor.CN04 @PerService @object-storage @tlp-amber @tlp-clear @tlp-green @tlp-red @Behavioural
Given a cloud api for "{config}" in "api"43µs
And I call "{api}" with "GetServiceAPI" using argument "object-storage"37µs
And I refer to "{result}" as "storage"18µs
When I call "{storage}" with "CreateObject" using arguments "{resource-name}", "retention-period-test={timestamp}.txt", and "compliance data"454ms
And I call "{storage}" with "GetObjectRetentionDurationDays" using arguments "{resource-name}" and "retention-period-test={timestamp}.txt"908ms
Then "{result}" should be greater than "1"30µs
And I attach "{result}" to the test output as "retention-period-days.json"43µs
📎 Attachments:
retention-period-days.json
View JSON (1 bytes)
2
Feature: CCC.ObjStor.CN04.AR02
Scenario: Service prevents object deletion by write user during retention period @CCC.ObjStor @CCC.ObjStor.CN04 @PerService @object-storage @tlp-amber @tlp-clear @tlp-green @tlp-red @Behavioural
Given a cloud api for "{config}" in "api"76µs
And I call "{api}" with "GetServiceAPI" using argument "object-storage"57µs
And I refer to "{result}" as "storage"290µs
And I call "{api}" with "GetServiceAPIWithIdentity" using arguments "object-storage" and "test-user-write"75µs
And "{result}" is not an error44µs
And I refer to "{result}" as "userStorage"40µs
When I call "{userStorage}" with "CreateObject" using arguments "{resource-name}", "protected-object={timestamp}.txt", and "immutable data"75ms
Then "{result}" is not an error39µs
expected {result} to not be an error, but got: failed to upload blob protected-object=1781625063935.txt: PUT https://finoscccintegrationmain.blob.core.windows.net/finos-ccc-integration-container-main/protected-object=1781625063935.txt -------------------------------------------------------------------------------- RESPONSE 403: 403 This request is not authorized to perform this operation using this permission. ERROR CODE: AuthorizationPermissionMismatch -------------------------------------------------------------------------------- AuthorizationPermissionMismatchThis request is not authorized to perform this operation using this permission. RequestId:ff4e8119-601e-0070-7aa7-fd146c000000 Time:2026-06-16T15:51:03.9766456Z --------------------------------------------------------------------------------
And I attach "{result}" to the test output as "protected-object.json"17µs
When I call "{userStorage}" with "DeleteObject" using arguments "{resource-name}" and "protected-object={timestamp}.txt"18µs
Then "{result}" is an error17µs
And I attach "{result}" to the test output as "delete-protected-error.txt"16µs
And "{result}" should contain one of "retention, locked, immutable, protected"20µs
Scenario: Service prevents object deletion by admin user during retention period @CCC.ObjStor @CCC.ObjStor.CN04 @PerService @object-storage @tlp-amber @tlp-clear @tlp-green @tlp-red @Behavioural
Given a cloud api for "{config}" in "api"32µs
And I call "{api}" with "GetServiceAPI" using argument "object-storage"44µs
And I refer to "{result}" as "storage"21µs
When I call "{storage}" with "CreateObject" using arguments "{resource-name}", "admin-protected-object={timestamp}.txt", and "compliance data"455ms
Then "{result}" is not an error28µs
When I call "{storage}" with "DeleteObject" using arguments "{resource-name}" and "admin-protected-object={timestamp}.txt"455ms
Then "{result}" is an error29µs
And I attach "{result}" to the test output as "admin-delete-protected-error.txt"32µs
📎 Attachments:
admin-delete-protected-error.txt
View Content (842 bytes)
failed to delete blob admin-protected-object=1781625064012.txt: DELETE https://finoscccintegrationmain.blob.core.windows.net/finos-ccc-integration-container-main/admin-protected-object=1781625064012.txt
--------------------------------------------------------------------------------
RESPONSE 409: 409 This operation is not permitted as the blob is immutable due to a policy.
ERROR CODE: BlobImmutableDueToPolicy
--------------------------------------------------------------------------------
BlobImmutableDueToPolicyThis operation is not permitted as the blob is immutable due to a policy.
RequestId:ff4e843d-601e-0070-2ca7-fd146c000000
Time:2026-06-16T15:51:04.8875674Z
--------------------------------------------------------------------------------
Scenario: Service prevents object modification during retention period @CCC.ObjStor @CCC.ObjStor.CN04 @PerService @object-storage @tlp-amber @tlp-clear @tlp-green @tlp-red @Behavioural
Given a cloud api for "{config}" in "api"46µs
And I call "{api}" with "GetServiceAPI" using argument "object-storage"44µs
And I refer to "{result}" as "storage"25µs
And I call "{api}" with "GetServiceAPIWithIdentity" using arguments "object-storage" and "test-user-write"51µs
And "{result}" is not an error32µs
And I refer to "{result}" as "userStorage"18µs
When I call "{userStorage}" with "CreateObject" using arguments "{resource-name}", "modify-test-object={timestamp}.txt", and "original content"73ms
Then "{result}" is not an error36µs
expected {result} to not be an error, but got: failed to upload blob modify-test-object=1781625064923.txt: PUT https://finoscccintegrationmain.blob.core.windows.net/finos-ccc-integration-container-main/modify-test-object=1781625064923.txt -------------------------------------------------------------------------------- RESPONSE 403: 403 This request is not authorized to perform this operation using this permission. ERROR CODE: AuthorizationPermissionMismatch -------------------------------------------------------------------------------- AuthorizationPermissionMismatchThis request is not authorized to perform this operation using this permission. RequestId:ff4e847b-601e-0070-60a7-fd146c000000 Time:2026-06-16T15:51:04.9622031Z --------------------------------------------------------------------------------
And I attach "{result}" to the test output as "original-object.json"19µs
When I call "{userStorage}" with "CreateObject" using arguments "{resource-name}", "modify-test-object={timestamp}.txt", and "modified content"20µs
Then "{result}" is an error17µs
And I attach "{result}" to the test output as "modify-protected-error.txt"15µs
And "{result}" should contain one of "retention, locked, immutable, protected, exists"22µs
Scenario: Service allows object read access during retention period @CCC.ObjStor @CCC.ObjStor.CN04 @PerService @object-storage @tlp-amber @tlp-clear @tlp-green @tlp-red @Behavioural
Given a cloud api for "{config}" in "api"47µs
And I call "{api}" with "GetServiceAPI" using argument "object-storage"39µs
And I refer to "{result}" as "storage"26µs
When I call "{storage}" with "CreateObject" using arguments "{resource-name}", "readable-protected-object={timestamp}.txt", and "readable data"456ms
Then "{result}" is not an error41µs
And I call "{api}" with "GetServiceAPIWithIdentity" using arguments "object-storage" and "test-user-read"62µs
And "{result}" is not an error24µs
And I refer to "{result}" as "userStorage"25µs
When I call "{userStorage}" with "ReadObject" using arguments "{resource-name}" and "readable-protected-object={timestamp}.txt"74ms
Then "{result}" is not an error36µs
expected {result} to not be an error, but got: failed to download blob readable-protected-object=1781625064997.txt: GET https://finoscccintegrationmain.blob.core.windows.net/finos-ccc-integration-container-main/readable-protected-object=1781625064997.txt -------------------------------------------------------------------------------- RESPONSE 403: 403 This request is not authorized to perform this operation using this permission. ERROR CODE: AuthorizationPermissionMismatch -------------------------------------------------------------------------------- AuthorizationPermissionMismatchThis request is not authorized to perform this operation using this permission. RequestId:ff4e8604-601e-0070-29a7-fd146c000000 Time:2026-06-16T15:51:05.4938957Z --------------------------------------------------------------------------------
And I refer to "{result}" as "readResult"43µs
And I attach "{result}" to the test output as "read-protected-object.json"19µs
And "{readResult.Name}" is "readable-protected-object={timestamp}.txt"23µs
Feature: CCC.ObjStor.CN05.AR01 - Versioning with Unique Identifiers
Scenario: Service enables versioning and objects receive unique version identifiers @CCC.ObjStor @CCC.ObjStor.CN05 @PerService @object-storage @tlp-amber @tlp-clear @tlp-green @tlp-red @Behavioural
Given a cloud api for "{config}" in "api"49µs
And I call "{api}" with "GetServiceAPI" using argument "object-storage"33µs
And I refer to "{result}" as "storage"19µs
When I call "{storage}" with "IsBucketVersioningEnabled" using argument "{resource-name}"24µs
Then "{result}" is true20µs
When I call "{storage}" with "CreateObject" using arguments "{resource-name}", "versioned-object.txt", and "test content"926ms
And I refer to "{result}" as "createdObject"34µs
Then "{createdObject.VersionID}" is not empty26µs
And I attach "{result}" to the test output as "versioned-object.json"21µs
Feature: CCC.ObjStor.CN05.AR02 - New Version ID on Modification
Scenario: Modified objects receive new version identifiers @CCC.ObjStor @CCC.ObjStor.CN05 @PerService @object-storage @tlp-amber @tlp-clear @tlp-green @tlp-red @Behavioural
Given a cloud api for "{config}" in "api"40µs
And I call "{api}" with "GetServiceAPI" using argument "object-storage"35µs
And I refer to "{result}" as "storage"17µs
When I call "{storage}" with "CreateObject" using arguments "{resource-name}", "version-test-object={timestamp}.txt", and "original content"466ms
And I refer to "{result.VersionID}" as "version1"37µs
And I call "{storage}" with "CreateObject" using arguments "{resource-name}", "version-test-object={timestamp}.txt", and "modified content"933ms
And I refer to "{result.VersionID}" as "version2"30µs
Then "{version1}" is not equal to "{version2}"28µs
Feature: CCC.ObjStor.CN05.AR03 - Recovery of Previous Versions
Scenario: Modified objects receive new version identifiers @CCC.ObjStor @CCC.ObjStor.CN05 @PerService @object-storage @tlp-amber @tlp-clear @tlp-green @tlp-red @Behavioural
Given a cloud api for "{config}" in "api"48µs
And I call "{api}" with "GetServiceAPI" using argument "object-storage"39µs
And I refer to "{result}" as "storage"25µs
When I call "{storage}" with "CreateObject" using arguments "{resource-name}", "version-test-object={timestamp}.txt", and "original content"465ms
And I refer to "{result.VersionID}" as "version1"39µs
And I call "{storage}" with "CreateObject" using arguments "{resource-name}", "version-test-object={timestamp}.txt", and "modified content"920ms
And I refer to "{result.VersionID}" as "version2"40µs
And I call "{storage}" with "ReadObjectAtVersion" using arguments "{resource-name}", "version-test-object={timestamp}.txt", and "{version1}"460ms
And I attach "{result}" to the test output as "original-content.json"73µs
Then "{result.Data}" contains "original content"41µs
When I call "{storage}" with "ReadObjectAtVersion" using arguments "{resource-name}", "version-test-object={timestamp}.txt", and "{version2}"459ms
Then "{result.Data}" contains "modified content"68µs
expected {result.Data} to contain 'modified content', but got '[original content]'
And I attach "{result}" to the test output as "modified-content.json"22µs
📎 Attachments:
original-content.json
View JSON (237 bytes)
{"ID":"version-test-object=1781625067857.txt","BucketID":"finos-ccc-integration-container-main","Name":"version-test-object=1781625067857.txt","Size":16,"Data":["original content"],"Encryption":"","EncryptionAlgorithm":"","VersionID":""}
Feature: CCC.ObjStor.CN05.AR04 - Retain Versions on Delete
Scenario: Deleted object data can be reloaded from previous version @CCC.ObjStor @CCC.ObjStor.CN05 @PerService @object-storage @tlp-amber @tlp-clear @tlp-green @tlp-red @Behavioural
Given a cloud api for "{config}" in "api"35µs
And I call "{api}" with "GetServiceAPI" using argument "object-storage"47µs
And I refer to "{result}" as "storage"28µs
When I call "{storage}" with "CreateObject" using arguments "{resource-name}", "recover-deleted-object={timestamp}.txt", and "data to retain"461ms
And I refer to "{result.VersionID}" as "retainedVersionId"37µs
When I call "{storage}" with "DeleteObject" using arguments "{resource-name}" and "recover-deleted-object={timestamp}.txt"464ms
When I call "{storage}" with "ReadObjectAtVersion" using arguments "{resource-name}", "recover-deleted-object={timestamp}.txt", and "{retainedVersionId}"463ms
Then "{result.Data}" contains "data to retain"47µs
And I attach "{result}" to the test output as "recovered-deleted-version.json"54µs
📎 Attachments:
recovered-deleted-version.json
View JSON (241 bytes)
{"ID":"recover-deleted-object=1781625070162.txt","BucketID":"finos-ccc-integration-container-main","Name":"recover-deleted-object=1781625070162.txt","Size":14,"Data":["data to retain"],"Encryption":"","EncryptionAlgorithm":"","VersionID":""}
Scenario: Deleted object version remains in version list @CCC.ObjStor @CCC.ObjStor.CN05 @PerService @object-storage @tlp-amber @tlp-clear @tlp-green @tlp-red @Behavioural
Given a cloud api for "{config}" in "api"38µs
And I call "{api}" with "GetServiceAPI" using argument "object-storage"42µs
And I refer to "{result}" as "storage"26µs
When I call "{storage}" with "CreateObject" using arguments "{resource-name}", "list-deleted-versions-object={timestamp}.txt", and "versioned data"460ms
And I refer to "{result.VersionID}" as "listedVersionId"44µs
When I call "{storage}" with "DeleteObject" using arguments "{resource-name}" and "list-deleted-versions-object={timestamp}.txt"464ms
When I call "{storage}" with "ListObjectVersions" using arguments "{resource-name}" and "list-deleted-versions-object={timestamp}.txt"468ms
And "{result}" is an array of objects with at least the following contents37µs
VersionIDObjectID
{listedVersionId}list-deleted-versions-object={timestamp}.txt
expected row not found: map[ObjectID:list-deleted-versions-object={timestamp}.txt VersionID:{listedVersionId}]
And I attach "{result}" to the test output as "versions-after-delete.json"17µs
Feature: CCC.Core.CN03.AR01 - Multi-Factor Authentication for Destructive Operations
Scenario: MFA requirement for destructive operations cannot be tested automatically @CCC.Core @CCC.Core.CN03 @PerService @tlp-amber @tlp-green @tlp-red @Behavioural @object-storage @load-balancer @virtual-machines @serverless-computing @NotTestable
Given a cloud api for "{config}" in "api"35µs
Then no-op required25µs
Feature: CCC.Core.CN04.AR01 - Log Administrative Access Attempts
Scenario: Verify admin actions are logged with identity and timestamp @CCC.Core @CCC.Core.CN04 @PerService @tlp-amber @tlp-clear @tlp-green @tlp-red @Behavioural @object-storage @virtual-machines @serverless-computing
Given a cloud api for "{config}" in "api"73µs
And I call "{api}" with "GetServiceAPI" using argument "{service-type}"65µs
And I refer to "{result}" as "theService"43µs
Given I call "{api}" with "GetServiceAPI" using argument "logging"208µs
And I refer to "{result}" as "loggingService"44µs
When I call "{theService}" with "UpdateResourcePolicy"1s
Then "{result}" is not an error25µs
And I attach "{result}" to the test output as "Policy Update Result"72µs
And we wait for a period of "10000" ms10s
When I call "{loggingService}" with "QueryLogs" using arguments "{resource-name}", "admin", and "{20}"1s
Then "{result}" is not an error26µs
And I refer to "{result}" as "adminLogs"23µs
And I attach "{adminLogs}" to the test output as "Admin Activity Logs"99µs
Then "{adminLogs}" is an array of objects with at least the following contents117µs
result
Succeeded
expected row not found: map[result:Succeeded]
📎 Attachments:
Policy Update Result
View JSON (4 bytes)
null
Admin Activity Logs
View JSON (1738 bytes)
[{"identity":"02d55131-c257-44f6-af4e-edb89ce735e7","action":"Put blob container immutability policy","resource":"/subscriptions/c1cedd8e-bf91-4d7d-a4cc-45700402a2a1/resourceGroups/finos-ccc-integration-rg/providers/Microsoft.Storage/storageAccounts/finoscccintegrationmain/blobServices/default/containers/finos-ccc-integration-container-main/immutabilityPolicies/default","timestamp":"2026-06-16T15:42:43.8520607Z","result":"Failed"},{"identity":"02d55131-c257-44f6-af4e-edb89ce735e7","action":"Put blob container immutability policy","resource":"/subscriptions/c1cedd8e-bf91-4d7d-a4cc-45700402a2a1/resourceGroups/finos-ccc-integration-rg/providers/Microsoft.Storage/storageAccounts/finoscccintegrationmain/blobServices/default/containers/finos-ccc-integration-container-main/immutabilityPolicies/default","timestamp":"2026-06-16T15:42:43.621935Z","result":"Started"},{"identity":"02d55131-c257-44f6-af4e-edb89ce735e7","action":"Put blob container immutability policy","resource":"/subscriptions/c1cedd8e-bf91-4d7d-a4cc-45700402a2a1/resourceGroups/finos-ccc-integration-rg/providers/Microsoft.Storage/storageAccounts/finoscccintegrationmain/blobServices/default/containers/finos-ccc-integration-container-main/immutabilityPolicies/default","timestamp":"2026-06-16T15:41:10.6680623Z","result":"Failed"},{"identity":"02d55131-c257-44f6-af4e-edb89ce735e7","action":"Put blob container immutability policy","resource":"/subscriptions/c1cedd8e-bf91-4d7d-a4cc-45700402a2a1/resourceGroups/finos-ccc-integration-rg/providers/Microsoft.Storage/storageAccounts/finoscccintegrationmain/blobServices/default/containers/finos-ccc-integration-container-main/immutabilityPolicies/default","timestamp":"2026-06-16T15:41:10.4649274Z","result":"Started"}]
Feature: CCC.Core.CN04.AR02 - Log Data Modification Attempts
Scenario: Verify data modifications are logged with identity and timestamp @CCC.Core @CCC.Core.CN04 @PerService @tlp-amber @tlp-red @Behavioural @object-storage @virtual-machines @serverless-computing
Given a cloud api for "{config}" in "api"34µs
Given I call "{api}" with "GetServiceAPI" using argument "{service-type}"42µs
And I refer to "{result}" as "theService"25µs
And I call "{api}" with "GetServiceAPI" using argument "logging"32µs
And I refer to "{result}" as "loggingService"17µs
When I call "{theService}" with "TriggerDataWrite" using argument "{resource-name}"471ms
And I attach "{result}" to the test output as "Data Write Trigger Result"57µs
And we wait for a period of "10000" ms10s
Then I call "{loggingService}" with "QueryLogs" using arguments "{resource-name}", "data-write", and "{20}"2s
And I refer to "{result}" as "dataLogs"31µs
And I attach "{dataLogs}" to the test output as "Data Write Logs"52µs
Then "{dataLogs}" is an array of objects with at least the following contents43µs
result
Succeeded
expected row not found: map[result:Succeeded]
📎 Attachments:
Data Write Trigger Result
View JSON (4 bytes)
null
Data Write Logs
View JSON (2 bytes)
[]
Feature: CCC.Core.CN04.AR03 - Log Data Read Attempts
Scenario: Verify data read operations are logged with identity and timestamp @CCC.Core @CCC.Core.CN04 @PerService @tlp-red @Behavioural @object-storage @virtual-machines @serverless-computing
Given a cloud api for "{config}" in "api"46µs
Given I call "{api}" with "GetServiceAPI" using argument "{service-type}"33µs
And I refer to "{result}" as "theService"23µs
And I call "{api}" with "GetServiceAPI" using argument "logging"23µs
And I refer to "{result}" as "loggingService"19µs
When I call "{theService}" with "TriggerDataRead" using argument "{resource-name}"933ms
And I attach "{result}" to the test output as "Data Read Trigger Result"62µs
And we wait for a period of "10000" ms10s
When I call "{loggingService}" with "QueryLogs" using arguments "{resource-name}", "data-read", and "{20}"3s
Then "{result}" is not an error30µs
And I refer to "{result}" as "readLogs"19µs
And I attach "{readLogs}" to the test output as "Data Read Logs"36µs
Then "{readLogs}" is an array of objects with at least the following contents46µs
result
Succeeded
expected row not found: map[result:Succeeded]
📎 Attachments:
Data Read Trigger Result
View JSON (4 bytes)
null
Data Read Logs
View JSON (2 bytes)
[]
Feature: CCC.Core.CN05.AR06 - Block All Unauthorized Requests
Scenario: Service prevents data read by user with no access @CCC.Core @CCC.Core.CN05 @PerService @tlp-amber @tlp-green @tlp-red @Destructive @Behavioural @object-storage @virtual-machines @serverless-computing
Given a cloud api for "{config}" in "api"40µs
And I call "{api}" with "GetServiceAPIWithIdentity" using arguments "{service-type}" and "test-user-no-access"56µs
And "{result}" is not an error28µs
And I refer to "{result}" as "userReadableService"22µs
When I call "{userReadableService}" with "TriggerDataRead" using argument "{resource-name}"73ms
Then "{result}" is an error30µs
And I attach "{result}" to the test output as "no-access-trigger-data-read-error.txt"33µs
📎 Attachments:
no-access-trigger-data-read-error.txt
View Content (849 bytes)
failed to download blob cfi-trigger-data-read-probe.txt: GET https://finoscccintegrationmain.blob.core.windows.net/finos-ccc-integration-container-main/cfi-trigger-data-read-probe.txt
--------------------------------------------------------------------------------
RESPONSE 403: 403 This request is not authorized to perform this operation using this permission.
ERROR CODE: AuthorizationPermissionMismatch
--------------------------------------------------------------------------------
AuthorizationPermissionMismatchThis request is not authorized to perform this operation using this permission.
RequestId:ff4f2527-601e-0070-62a8-fd146c000000
Time:2026-06-16T15:51:52.4217920Z
--------------------------------------------------------------------------------
Feature: CCC.Core.CN07.AR01 - Publish Enumeration Activity Events
Scenario: Enumeration event publishing cannot be tested automatically @CCC.Core @CCC.Core.CN07 @PerService @tlp-amber @tlp-red @Behavioural @NotTestable @object-storage @virtual-machines @serverless-computing
Given a cloud api for "{config}" in "api"39µs
Then no-op required26µs
Feature: CCC.Core.CN07.AR02 - Log Enumeration Activities
Scenario: Enumeration logging cannot be verified automatically @CCC.Core @CCC.Core.CN07 @PerService @tlp-amber @tlp-clear @tlp-green @tlp-red @Behavioural @NotTestable @object-storage @virtual-machines @serverless-computing
Given a cloud api for "{config}" in "api"60µs
Then no-op required36µs
Feature: CCC.Core.CN10.AR01 - Replication Destination Trust
Scenario: Replication destination trust cannot be verified automatically @CCC.Core @CCC.Core.CN10 @PerService @tlp-amber @tlp-green @tlp-red @Behavioural @NotTestable @object-storage @virtual-machines @serverless-computing
Given a cloud api for "{config}" in "api"42µs
Then no-op required22µs