From c8af5a2dcdd752e9362bf897be6c672ab835371a Mon Sep 17 00:00:00 2001
From: Federica Agostini <federica.agostini@cnaf.infn.it>
Date: Thu, 14 Nov 2024 18:05:43 +0100
Subject: [PATCH] Restore StoRM WebDAV testsuite

This commit restores the StoRM WebDAV test-suite continuous integration tests.
All tests from the legacy StoRM test-suite have been migrated/added.
Fined grained authorization tests added too.
---
 .github/workflows/run-testsuite.yml           |  52 ++++
 .gitignore                                    |   2 +
 Dockerfile                                    |  35 +++
 compose/.env                                  |   8 +
 compose/README.md                             |  25 ++
 compose/assets/certs/hostcert.pem             | 121 +++++-----
 compose/assets/certs/hostkey.pem              |  50 ++--
 compose/assets/etc/storm/webdav/README.md     |  19 --
 .../webdav/config/application-issuers.yml     |   6 +
 .../webdav/config/application-policies.yml    |  54 +++++
 .../etc/storm/webdav/sa.d/auth.properties     |  24 --
 .../etc/storm/webdav/sa.d/fga.properties      |  13 +-
 ...uthz.properties => oauth-authz.properties} |   2 +-
 .../storm/webdav/sa.d/sa.properties.template  |  29 ---
 ...{test_vo.properties => test.vo.properties} |   0
 .../etc/storm/webdav/vo-mapfiles.d/README.md  |  39 ---
 compose/assets/nginx/nginx.conf               |  17 +-
 compose/assets/nginx/srm.conf                 |  13 +-
 compose/assets/oidc-agent/dev-wlcg            |   7 +
 compose/assets/scripts/ci-run-testsuite.sh    |  17 ++
 compose/assets/scripts/init-certs.sh          |   7 -
 compose/assets/scripts/init-sa-config.sh      |  11 -
 compose/assets/scripts/init-storage.sh        |   2 +-
 compose/assets/scripts/init-usercerts.sh      |   3 +-
 compose/assets/scripts/run-service.sh         |  35 ---
 compose/assets/scripts/run.sh                 |   5 -
 compose/assets/scripts/setup.sh               |   6 -
 compose/assets/scripts/unpack-tarball.sh      |   9 -
 .../assets/scripts/wait-and-run-testsuite.sh  |  18 --
 compose/assets/scripts/wait-for-it.sh         | 177 --------------
 compose/assets/usercerts/test0.p12            | Bin 2533 -> 2533 bytes
 .../test.vo.2/vgrid02.cnaf.infn.it.lsc        |   2 -
 .../assets/vomsdir/test.vo.2/voms.example.lsc |   2 -
 .../vomsdir/test.vo/vgrid02.cnaf.infn.it.lsc  |   2 -
 .../test.vo/voms-dev.cloud.cnaf.infn.it.lsc   |   2 +
 .../assets/vomsdir/test.vo/voms.example.lsc   |   2 -
 compose/assets/vomses/test.vo                 |   2 +-
 compose/docker-compose.yml                    | 107 +++++----
 docker/testsuite/Dockerfile                   |   7 -
 docker/testsuite/build-image.sh               |   3 -
 docker/webdav-centos7/Dockerfile              |   3 +-
 robot/.gitignore                              |   3 -
 robot/README.md                               |  94 ++++++++
 robot/assets/README.md                        |   1 -
 .../default/config/application-hackathon.yml  |  70 ------
 .../default/config/application-oidc.yml       |  24 --
 .../fixtures/default/config/application.yml   |  62 -----
 robot/assets/fixtures/default/sa.d/README.md  |   2 -
 .../fixtures/default/sa.d/auth.properties     |   7 -
 .../fixtures/default/sa.d/fga.properties      |   5 -
 .../fixtures/default/sa.d/noauth.properties   |   7 -
 .../default/sa.d/oauth_authz.properties       |   8 -
 .../fixtures/default/sa.d/test_vo.properties  |   9 -
 .../fixtures/default/sa.d/tf.properties       |  12 -
 .../redirector/config/application-oidc.yml    |  24 --
 .../redirector/config/application.yml         |  70 ------
 .../assets/fixtures/redirector/sa.d/README.md |   2 -
 .../fixtures/redirector/sa.d/auth.properties  |   7 -
 .../fixtures/redirector/sa.d/fga.properties   |   5 -
 .../redirector/sa.d/noauth.properties         |   7 -
 .../redirector/sa.d/oauth_authz.properties    |   8 -
 .../redirector/sa.d/test_vo.properties        |   9 -
 .../fixtures/redirector/sa.d/tf.properties    |  12 -
 .../fixtures/redirector/sa.d/wlcg.properties  |  12 -
 robot/common/credentials.robot                |  26 +-
 robot/common/curl.robot                       |  59 ++++-
 robot/common/oidc-agent.robot                 |  16 ++
 robot/common/setup_and_teardown.robot         |  30 +++
 robot/common/storage_areas.robot              |  13 +-
 robot/common/utils.robot                      |   4 +
 robot/reports/.gitignore                      |   3 -
 robot/run-testsuite.sh                        |   6 +-
 robot/test/authorization.robot                | 223 ++++++++++++++++++
 robot/test/basic_tests.robot                  | 160 ++-----------
 robot/test/checksum.robot                     |  46 ++--
 robot/test/copy.robot                         |  93 +++++---
 robot/test/delete.robot                       |  51 ++++
 robot/test/get.robot                          |  56 +++++
 robot/test/head.robot                         |  65 +++++
 robot/test/mkcol.robot                        |  38 +++
 robot/test/move.robot                         |  96 +++++---
 robot/test/oauth.robot                        |   5 +-
 robot/test/options.robot                      |  39 +++
 robot/test/partial_transfer.robot             |  93 ++++++++
 robot/test/propfind.robot                     |  74 ++++++
 robot/test/put.robot                          |  67 ++++++
 robot/test/token_request.robot                |   4 +-
 robot/test/tpc.robot                          |   6 +-
 88 files changed, 1480 insertions(+), 1191 deletions(-)
 create mode 100644 .github/workflows/run-testsuite.yml
 create mode 100644 Dockerfile
 create mode 100644 compose/README.md
 create mode 100644 compose/assets/etc/storm/webdav/config/application-issuers.yml
 create mode 100644 compose/assets/etc/storm/webdav/config/application-policies.yml
 delete mode 100644 compose/assets/etc/storm/webdav/sa.d/auth.properties
 rename robot/assets/fixtures/default/sa.d/wlcg.properties => compose/assets/etc/storm/webdav/sa.d/fga.properties (61%)
 rename compose/assets/etc/storm/webdav/sa.d/{oauth_authz.properties => oauth-authz.properties} (91%)
 delete mode 100644 compose/assets/etc/storm/webdav/sa.d/sa.properties.template
 rename compose/assets/etc/storm/webdav/sa.d/{test_vo.properties => test.vo.properties} (100%)
 delete mode 100644 compose/assets/etc/storm/webdav/vo-mapfiles.d/README.md
 create mode 100644 compose/assets/oidc-agent/dev-wlcg
 create mode 100755 compose/assets/scripts/ci-run-testsuite.sh
 delete mode 100755 compose/assets/scripts/init-certs.sh
 delete mode 100755 compose/assets/scripts/init-sa-config.sh
 delete mode 100755 compose/assets/scripts/run-service.sh
 delete mode 100755 compose/assets/scripts/run.sh
 delete mode 100755 compose/assets/scripts/setup.sh
 delete mode 100755 compose/assets/scripts/unpack-tarball.sh
 delete mode 100755 compose/assets/scripts/wait-and-run-testsuite.sh
 delete mode 100755 compose/assets/scripts/wait-for-it.sh
 delete mode 100644 compose/assets/vomsdir/test.vo.2/vgrid02.cnaf.infn.it.lsc
 delete mode 100644 compose/assets/vomsdir/test.vo.2/voms.example.lsc
 delete mode 100644 compose/assets/vomsdir/test.vo/vgrid02.cnaf.infn.it.lsc
 create mode 100644 compose/assets/vomsdir/test.vo/voms-dev.cloud.cnaf.infn.it.lsc
 delete mode 100644 compose/assets/vomsdir/test.vo/voms.example.lsc
 delete mode 100644 docker/testsuite/Dockerfile
 delete mode 100755 docker/testsuite/build-image.sh
 delete mode 100644 robot/.gitignore
 delete mode 100644 robot/assets/README.md
 delete mode 100644 robot/assets/fixtures/default/config/application-hackathon.yml
 delete mode 100644 robot/assets/fixtures/default/config/application-oidc.yml
 delete mode 100644 robot/assets/fixtures/default/config/application.yml
 delete mode 100644 robot/assets/fixtures/default/sa.d/README.md
 delete mode 100644 robot/assets/fixtures/default/sa.d/auth.properties
 delete mode 100644 robot/assets/fixtures/default/sa.d/fga.properties
 delete mode 100644 robot/assets/fixtures/default/sa.d/noauth.properties
 delete mode 100644 robot/assets/fixtures/default/sa.d/oauth_authz.properties
 delete mode 100644 robot/assets/fixtures/default/sa.d/test_vo.properties
 delete mode 100644 robot/assets/fixtures/default/sa.d/tf.properties
 delete mode 100644 robot/assets/fixtures/redirector/config/application-oidc.yml
 delete mode 100644 robot/assets/fixtures/redirector/config/application.yml
 delete mode 100644 robot/assets/fixtures/redirector/sa.d/README.md
 delete mode 100644 robot/assets/fixtures/redirector/sa.d/auth.properties
 delete mode 100644 robot/assets/fixtures/redirector/sa.d/fga.properties
 delete mode 100644 robot/assets/fixtures/redirector/sa.d/noauth.properties
 delete mode 100644 robot/assets/fixtures/redirector/sa.d/oauth_authz.properties
 delete mode 100644 robot/assets/fixtures/redirector/sa.d/test_vo.properties
 delete mode 100644 robot/assets/fixtures/redirector/sa.d/tf.properties
 delete mode 100644 robot/assets/fixtures/redirector/sa.d/wlcg.properties
 create mode 100644 robot/common/oidc-agent.robot
 create mode 100644 robot/common/setup_and_teardown.robot
 delete mode 100644 robot/reports/.gitignore
 create mode 100644 robot/test/authorization.robot
 create mode 100644 robot/test/delete.robot
 create mode 100644 robot/test/get.robot
 create mode 100644 robot/test/head.robot
 create mode 100644 robot/test/mkcol.robot
 create mode 100644 robot/test/options.robot
 create mode 100644 robot/test/partial_transfer.robot
 create mode 100644 robot/test/propfind.robot
 create mode 100644 robot/test/put.robot

diff --git a/.github/workflows/run-testsuite.yml b/.github/workflows/run-testsuite.yml
new file mode 100644
index 00000000..fd97bcaa
--- /dev/null
+++ b/.github/workflows/run-testsuite.yml
@@ -0,0 +1,52 @@
+name: Run testsuite
+
+on:
+  push:
+
+jobs:
+  run-testsuite:
+    name: WebDAV test suite
+
+    runs-on: ubuntu-latest
+
+    env:
+      ARTIFACTS: ${HOME}/artifacts
+      ROBOT_ARGS: -L DEBUG --variable dav.host:storm.test.example --variable remote.dav.host:storm-alias.test.example --variable remote.davs.port:443 --exclude known-issue
+      OIDC_AGENT_SECRET: ${{ secrets.OIDC_AGENT_SECRET }}
+    
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Provide trustanchors
+        working-directory: compose
+        run: docker compose up trust
+
+      - name: Start services
+        working-directory: compose
+        run: docker compose up --build -d storage-setup webdav nginx
+
+      - name: Run testsuite
+        working-directory: compose
+        run: |
+          docker compose up -d ts
+          docker compose exec -T ts bash -c '/scripts/ci-run-testsuite.sh'
+        continue-on-error: true
+
+      - name: Create artifacts directory
+        if: ${{ always() }}
+        run: mkdir -p ${ARTIFACTS}
+
+      - name: Collect test reports
+        run: docker cp storm-webdav-ts-1:/home/test/robot/reports ${ARTIFACTS}
+
+      - name: Collect service log
+        if: ${{ always() }}
+        run: docker logs storm-webdav-webdav-1 > ${ARTIFACTS}/storm-webdav-server.log 2>&1
+
+      - name: Archive reports
+        if: ${{ always() }}
+        uses: actions/upload-artifact@v4
+        with:
+          name: logs-and-reports
+          path: ${{ env.ARTIFACTS }}
diff --git a/.gitignore b/.gitignore
index c8aa1829..2a738a16 100644
--- a/.gitignore
+++ b/.gitignore
@@ -6,3 +6,5 @@
 .springBeans
 .idea
 storm-webdav-server.iml
+/robot/reports
+.vscode
diff --git a/Dockerfile b/Dockerfile
new file mode 100644
index 00000000..21fd5b1d
--- /dev/null
+++ b/Dockerfile
@@ -0,0 +1,35 @@
+# https://spring.io/guides/topicals/spring-boot-docker#_multi_stage_build
+FROM eclipse-temurin:11-jdk-alpine as build
+WORKDIR /workspace/app
+RUN apk add maven
+COPY pom.xml .
+COPY maven maven
+RUN mvn dependency:resolve -s maven/cnaf-mirror-settings.xml
+RUN mvn dependency:resolve-plugins -s maven/cnaf-mirror-settings.xml
+COPY .git .git
+COPY etc etc
+COPY src src
+RUN mvn package -s maven/cnaf-mirror-settings.xml -Dmaven.test.skip
+RUN mkdir -p target/dependency && (cd target/dependency; jar -xf ../*.jar)
+
+FROM eclipse-temurin:11-centos7
+ENV STORM_WEBDAV_JVM_OPTS="-Dspring.profiles.active=dev"
+ARG DEPENDENCY=/workspace/app/target/dependency
+
+#WORKDIR /app
+COPY --from=build ${DEPENDENCY}/BOOT-INF/lib /app/lib
+COPY --from=build ${DEPENDENCY}/META-INF /app/META-INF
+COPY --from=build ${DEPENDENCY}/BOOT-INF/classes /app
+COPY src src
+
+ARG USERNAME=storm
+ARG USER_UID=1000
+ARG USER_GID=${USER_UID}
+
+RUN groupadd --gid ${USER_GID} ${USERNAME}
+RUN useradd --uid ${USER_UID} --gid ${USER_GID} -m ${USERNAME}
+RUN echo ${USERNAME} ALL=\(root\) NOPASSWD:ALL > /etc/sudoers
+RUN chmod 0440 /etc/sudoers
+USER ${USERNAME}
+
+ENTRYPOINT java ${STORM_WEBDAV_JVM_OPTS} -cp app:app/lib/* org.italiangrid.storm.webdav.WebdavService
diff --git a/compose/.env b/compose/.env
index 80bf19fb..27d31cbe 100644
--- a/compose/.env
+++ b/compose/.env
@@ -1 +1,9 @@
 COMPOSE_PROJECT_NAME=storm-webdav
+TRUST_IMAGE=indigoiam/egi-trustanchors
+TRUST_IMAGE_TAG=igi-test-ca
+WEBDAV_IMAGE=italiangrid/storm-webdav-centos7
+WEBDAV_IMAGE_TAG=latest
+TS_IMAGE=indigoiam/robot-framework
+TS_IMAGE_TAG=latest
+NGINX_IMAGE=baltig.infn.it:4567/cnafsd/ngx_http_voms_module/nginx-httpg-voms
+NGINX_IMAGE_TAG=latest
\ No newline at end of file
diff --git a/compose/README.md b/compose/README.md
new file mode 100644
index 00000000..057b2dc2
--- /dev/null
+++ b/compose/README.md
@@ -0,0 +1,25 @@
+# Docker compose for StoRM WebDAV
+
+Run the services with
+
+```
+$ docker-compose up -d
+```
+
+The docker-compose contains several services:
+
+* `trust`: docker image for the GRID CA certificates, mounted in the `/etc/grid-security/certificates` path of the other services. The _igi-test-ca_ used in this deployment is also present in that path
+* `storage-setup`: sidecar container, used to allocate proper volumes (i.e. storage areas) owned by _storm_
+* `webdav`: is the main service, also known as StoRM WebDAV. The StoRM WebDAV base URL is https://storm.test.example:8443. It serves the following storage areas:
+  * `test.vo` for users presenting a proxy issued by a _test.vo_ VO
+  * `noauth`: which allows read/write mode also to anonymous users
+  * `fga`: for a fined grained authorization storage area. Its access policies are set in the [application](./assets/etc/storm/webdav/config/application-policies.yml) file
+  * `oauth-authz`: for users presenting a token issued by the [IAM DEV](https://iam-dev.cloud.cnaf.infn.it)
+* `ts`: used for running the StoRM WebDAV testsuite. It shares the storage with the `webdav` service, to run local tests
+* `nginx`: is the NGINX service supporting VOMS authentication, used as remote StoRM server for WebDAV calls. It does not forward requests to StoRM WebDAV, but just serves local resources in a separate storage. URL of this service is https://storm-alias.test.example. In the testsuite, the local resources are served by an `oauth-authz` endpoint, that does not require authentication.
+
+To resolve the hostname of the service, add a line in your `/etc/hosts` file with
+
+```
+127.0.0.1	storm.test.example    storm-alias.test.example
+```
\ No newline at end of file
diff --git a/compose/assets/certs/hostcert.pem b/compose/assets/certs/hostcert.pem
index c97b8a7b..3cbd4774 100644
--- a/compose/assets/certs/hostcert.pem
+++ b/compose/assets/certs/hostcert.pem
@@ -1,86 +1,85 @@
 Certificate:
     Data:
         Version: 3 (0x2)
-        Serial Number: 801 (0x321)
+        Serial Number: 19 (0x13)
     Signature Algorithm: sha512WithRSAEncryption
         Issuer: C=IT, O=IGI, CN=Test CA
         Validity
-            Not Before: Oct 15 15:57:05 2018 GMT
-            Not After : Oct 12 15:57:05 2028 GMT
-        Subject: C=IT, O=IGI, CN=storm dev
+            Not Before: Oct 19 08:55:57 2022 GMT
+            Not After : Oct 16 08:55:57 2032 GMT
+        Subject: C=IT, O=IGI, CN=*.test.example
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
                 Public-Key: (2048 bit)
                 Modulus:
-                    00:cb:98:91:d4:9f:f5:a7:0a:1c:cf:b8:51:7d:2e:
-                    fa:a9:c7:df:74:75:bb:81:1a:52:e0:a5:1e:48:56:
-                    c5:85:39:bf:90:4a:2b:be:c5:ef:83:0a:4a:e0:86:
-                    84:81:79:14:4f:8e:70:ba:8a:a3:68:07:a3:2c:be:
-                    76:d6:fc:28:bf:91:31:67:45:eb:2e:b6:ce:31:bd:
-                    32:d1:f4:a0:88:0c:e9:2f:a0:ee:77:8f:da:c1:1b:
-                    50:ba:0d:09:05:29:12:b1:4c:98:28:fd:6a:c0:fc:
-                    9b:d1:40:cd:5c:59:c4:7d:49:bf:c1:0f:a5:3a:42:
-                    7c:41:0d:1e:25:2e:2e:2e:3d:0c:23:fb:9f:1f:46:
-                    ec:f3:62:aa:a6:ca:85:a9:ea:ec:51:98:26:6e:1a:
-                    bd:cd:0e:eb:22:49:b2:e6:c4:99:2f:6b:3c:ba:82:
-                    09:46:74:b3:19:a6:dc:b9:a1:83:6d:d5:28:62:43:
-                    ba:1b:f3:e1:1d:61:61:87:b2:cb:1b:14:49:02:de:
-                    d9:10:ca:d7:0c:da:c6:c3:1c:f2:ab:48:27:8d:10:
-                    17:8b:56:cb:5d:d4:f6:19:65:4c:78:25:cb:3d:be:
-                    a5:93:77:ce:a2:77:97:de:b4:24:8e:aa:3b:dc:c6:
-                    f8:57:d9:a9:ba:42:d9:7a:77:a4:4a:dc:76:07:2b:
-                    43:c3
+                    00:e7:3a:01:a8:93:12:08:f4:a6:c9:89:10:a2:f6:
+                    6a:6a:d3:93:98:c7:31:c0:e5:8a:3a:44:9b:cf:ef:
+                    b9:3d:05:86:03:61:0e:6e:fc:c6:f9:9a:9e:35:d6:
+                    3d:38:27:48:cb:77:26:97:15:34:a0:0b:1d:97:31:
+                    dd:18:ec:bf:78:d9:32:9e:00:1a:44:6a:78:15:1f:
+                    ac:7b:3e:bb:ad:b2:b4:32:75:8c:11:d8:31:ec:19:
+                    7d:bf:ba:5d:1e:70:38:62:10:cf:3a:8a:a4:98:83:
+                    b4:df:e0:50:3b:e5:ec:24:a0:89:14:2c:19:27:48:
+                    66:c3:d4:1d:74:63:be:63:38:95:3f:64:d0:91:ac:
+                    95:f7:d9:ca:96:b5:1b:e7:71:70:7b:5f:3b:12:30:
+                    2c:b8:3a:28:79:84:9c:81:12:db:38:31:6d:2d:2a:
+                    e2:80:05:5c:29:77:53:58:10:19:ee:f9:50:e1:8d:
+                    3b:2b:e2:c0:0b:d2:9f:3c:a0:95:33:f8:33:17:ce:
+                    23:0e:31:e8:1e:3d:7e:6a:c9:6d:83:9e:0b:fa:43:
+                    d2:4a:3f:be:d3:19:07:1e:8c:e4:f6:dc:8f:c3:3e:
+                    3a:8e:66:4a:87:ef:0b:39:db:e8:3e:30:1c:91:9e:
+                    b3:1e:d3:a0:1e:1b:9a:b1:58:99:de:a5:bb:53:3b:
+                    3b:5d
                 Exponent: 65537 (0x10001)
         X509v3 extensions:
             X509v3 Basic Constraints: critical
                 CA:FALSE
             X509v3 Subject Key Identifier: 
-                AF:52:EA:AC:22:88:70:E5:C6:AA:AE:CC:AD:FB:CA:95:EB:17:3B:15
+                60:FA:21:CE:1C:B5:31:8D:9B:01:F6:08:5B:72:4D:59:5A:F8:71:8C
             X509v3 Key Usage: critical
                 Digital Signature, Non Repudiation, Key Encipherment
             X509v3 Extended Key Usage: 
                 TLS Web Server Authentication, TLS Web Client Authentication, Microsoft Server Gated Crypto, Netscape Server Gated Crypto, E-mail Protection
             X509v3 Authority Key Identifier: 
-                keyid:91:77:36:7B:2E:B4:69:F3:27:EA:B7:F6:08:8B:4A:23:A2:11:49:C6
+                keyid:50:9B:6F:74:01:E3:1A:03:57:AB:D9:D5:7D:15:64:4C:25:F3:F8:F4
 
             X509v3 Subject Alternative Name: 
-                DNS:storm.example, DNS:storm-alias.example, DNS:other.example, DNS:localhost
+                DNS:*.test.example
     Signature Algorithm: sha512WithRSAEncryption
-         b5:36:9a:2d:e4:79:56:1a:1c:d0:34:e4:d8:06:2a:03:94:65:
-         cc:a7:71:bf:88:c6:f9:1d:bf:20:18:d4:25:6a:8a:a5:5e:97:
-         64:8e:23:d2:51:0a:fb:3a:96:68:f6:a3:75:bd:74:6d:3d:4d:
-         05:54:1c:b4:43:ee:33:bd:66:80:ee:81:50:f4:9c:ea:38:74:
-         22:f3:ab:b1:41:04:7f:f5:64:07:49:78:9e:73:a5:00:0d:8f:
-         e6:c9:ec:bc:3b:f7:00:7e:9e:09:1a:9b:a4:40:a7:39:90:1c:
-         fa:ca:ec:31:53:52:27:93:88:db:18:b3:f0:b7:7f:65:4e:06:
-         c5:f5:b4:9e:6c:af:69:ef:da:ea:4c:e8:50:ed:dc:49:a7:fe:
-         69:90:cf:77:69:58:49:0a:1c:50:5e:ab:26:b0:52:31:ca:6f:
-         8a:11:78:80:c5:9e:4f:43:40:60:f3:99:46:4d:8d:51:5a:e5:
-         04:90:9e:ce:40:4a:c5:35:b1:f1:d1:63:86:8b:42:73:79:7a:
-         f7:33:d3:69:22:45:a2:82:0c:05:69:7d:00:2b:e5:c9:44:38:
-         f8:ae:e1:81:71:04:b8:48:bf:51:91:22:4e:90:c6:ad:91:cc:
-         30:a5:e8:53:4f:64:b1:3d:7a:c8:cd:ae:b6:b8:7c:dc:c7:98:
-         36:eb:a5:e4
+         79:82:f2:54:44:98:96:25:c2:83:c9:0f:19:69:1c:f6:a7:19:
+         0d:61:90:f9:96:23:e2:ab:5a:30:db:55:d7:4f:b0:ff:b2:7b:
+         41:da:35:97:47:86:e4:85:00:6d:11:64:ee:32:a4:64:ee:fe:
+         b2:83:a5:24:4a:ce:c3:91:ae:db:3d:5b:af:fa:7e:81:1a:1c:
+         69:d0:1a:9e:70:0e:9e:74:85:6b:48:90:6a:1b:62:ff:6e:b3:
+         84:30:b7:7f:fa:c0:3e:ee:91:70:0b:f2:13:ea:c8:2c:aa:d8:
+         cb:3c:60:b1:08:f9:8e:bf:c2:e4:ce:92:6a:7e:0a:41:49:94:
+         8f:e5:6e:71:f9:47:04:1a:18:1f:65:47:d6:1c:ea:a9:90:71:
+         82:1b:3b:1f:a5:f2:02:ce:5c:d6:2e:5d:1e:05:c4:92:9e:3d:
+         8e:ce:fa:00:83:01:d5:c3:c1:cf:e2:e5:fb:08:80:08:f4:6c:
+         26:64:96:db:cd:be:4c:e7:bc:8f:af:3d:0e:0c:f7:d2:52:15:
+         9c:d5:15:0d:51:b3:95:72:78:1d:8c:ca:37:55:7a:c0:b0:0f:
+         18:ae:de:d0:27:6f:1b:e4:5d:1d:4b:f9:4c:5d:44:49:ed:cf:
+         c2:9e:e7:c6:55:72:ce:2f:43:a7:2f:88:de:b7:da:9f:82:a6:
+         54:77:c2:2e
 -----BEGIN CERTIFICATE-----
-MIIDwzCCAqugAwIBAgICAyEwDQYJKoZIhvcNAQENBQAwLTELMAkGA1UEBhMCSVQx
-DDAKBgNVBAoMA0lHSTEQMA4GA1UEAwwHVGVzdCBDQTAeFw0xODEwMTUxNTU3MDVa
-Fw0yODEwMTIxNTU3MDVaMC8xCzAJBgNVBAYTAklUMQwwCgYDVQQKDANJR0kxEjAQ
-BgNVBAMMCXN0b3JtIGRldjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
-AMuYkdSf9acKHM+4UX0u+qnH33R1u4EaUuClHkhWxYU5v5BKK77F74MKSuCGhIF5
-FE+OcLqKo2gHoyy+dtb8KL+RMWdF6y62zjG9MtH0oIgM6S+g7neP2sEbULoNCQUp
-ErFMmCj9asD8m9FAzVxZxH1Jv8EPpTpCfEENHiUuLi49DCP7nx9G7PNiqqbKhanq
-7FGYJm4avc0O6yJJsubEmS9rPLqCCUZ0sxmm3Lmhg23VKGJDuhvz4R1hYYeyyxsU
-SQLe2RDK1wzaxsMc8qtIJ40QF4tWy13U9hllTHglyz2+pZN3zqJ3l960JI6qO9zG
-+FfZqbpC2Xp3pErcdgcrQ8MCAwEAAaOB6jCB5zAMBgNVHRMBAf8EAjAAMB0GA1Ud
-DgQWBBSvUuqsIohw5caqrsyt+8qV6xc7FTAOBgNVHQ8BAf8EBAMCBeAwPgYDVR0l
-BDcwNQYIKwYBBQUHAwEGCCsGAQUFBwMCBgorBgEEAYI3CgMDBglghkgBhvhCBAEG
-CCsGAQUFBwMEMB8GA1UdIwQYMBaAFJF3NnsutGnzJ+q39giLSiOiEUnGMEcGA1Ud
-EQRAMD6CDXN0b3JtLmV4YW1wbGWCE3N0b3JtLWFsaWFzLmV4YW1wbGWCDW90aGVy
-LmV4YW1wbGWCCWxvY2FsaG9zdDANBgkqhkiG9w0BAQ0FAAOCAQEAtTaaLeR5Vhoc
-0DTk2AYqA5RlzKdxv4jG+R2/IBjUJWqKpV6XZI4j0lEK+zqWaPajdb10bT1NBVQc
-tEPuM71mgO6BUPSc6jh0IvOrsUEEf/VkB0l4nnOlAA2P5snsvDv3AH6eCRqbpECn
-OZAc+srsMVNSJ5OI2xiz8Ld/ZU4GxfW0nmyvae/a6kzoUO3cSaf+aZDPd2lYSQoc
-UF6rJrBSMcpvihF4gMWeT0NAYPOZRk2NUVrlBJCezkBKxTWx8dFjhotCc3l69zPT
-aSJFooIMBWl9ACvlyUQ4+K7hgXEEuEi/UZEiTpDGrZHMMKXoU09ksT16yM2utrh8
-3MeYNuul5A==
+MIIDmTCCAoGgAwIBAgIBEzANBgkqhkiG9w0BAQ0FADAtMQswCQYDVQQGEwJJVDEM
+MAoGA1UECgwDSUdJMRAwDgYDVQQDDAdUZXN0IENBMB4XDTIyMTAxOTA4NTU1N1oX
+DTMyMTAxNjA4NTU1N1owNDELMAkGA1UEBhMCSVQxDDAKBgNVBAoMA0lHSTEXMBUG
+A1UEAwwOKi50ZXN0LmV4YW1wbGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
+AoIBAQDnOgGokxII9KbJiRCi9mpq05OYxzHA5Yo6RJvP77k9BYYDYQ5u/Mb5mp41
+1j04J0jLdyaXFTSgCx2XMd0Y7L942TKeABpEangVH6x7PrutsrQydYwR2DHsGX2/
+ul0ecDhiEM86iqSYg7Tf4FA75ewkoIkULBknSGbD1B10Y75jOJU/ZNCRrJX32cqW
+tRvncXB7XzsSMCy4Oih5hJyBEts4MW0tKuKABVwpd1NYEBnu+VDhjTsr4sAL0p88
+oJUz+DMXziMOMegePX5qyW2Dngv6Q9JKP77TGQcejOT23I/DPjqOZkqH7ws52+g+
+MByRnrMe06AeG5qxWJnepbtTOztdAgMBAAGjgbwwgbkwDAYDVR0TAQH/BAIwADAd
+BgNVHQ4EFgQUYPohzhy1MY2bAfYIW3JNWVr4cYwwDgYDVR0PAQH/BAQDAgXgMD4G
+A1UdJQQ3MDUGCCsGAQUFBwMBBggrBgEFBQcDAgYKKwYBBAGCNwoDAwYJYIZIAYb4
+QgQBBggrBgEFBQcDBDAfBgNVHSMEGDAWgBRQm290AeMaA1er2dV9FWRMJfP49DAZ
+BgNVHREEEjAQgg4qLnRlc3QuZXhhbXBsZTANBgkqhkiG9w0BAQ0FAAOCAQEAeYLy
+VESYliXCg8kPGWkc9qcZDWGQ+ZYj4qtaMNtV10+w/7J7Qdo1l0eG5IUAbRFk7jKk
+ZO7+soOlJErOw5Gu2z1br/p+gRocadAannAOnnSFa0iQahti/26zhDC3f/rAPu6R
+cAvyE+rILKrYyzxgsQj5jr/C5M6San4KQUmUj+VucflHBBoYH2VH1hzqqZBxghs7
+H6XyAs5c1i5dHgXEkp49js76AIMB1cPBz+Ll+wiACPRsJmSW282+TOe8j689Dgz3
+0lIVnNUVDVGzlXJ4HYzKN1V6wLAPGK7e0CdvG+RdHUv5TF1ESe3Pwp7nxlVyzi9D
+py+I3rfan4KmVHfCLg==
 -----END CERTIFICATE-----
diff --git a/compose/assets/certs/hostkey.pem b/compose/assets/certs/hostkey.pem
index c0c7d06e..610502b8 100644
--- a/compose/assets/certs/hostkey.pem
+++ b/compose/assets/certs/hostkey.pem
@@ -1,27 +1,27 @@
 -----BEGIN RSA PRIVATE KEY-----
-MIIEpAIBAAKCAQEAy5iR1J/1pwocz7hRfS76qcffdHW7gRpS4KUeSFbFhTm/kEor
-vsXvgwpK4IaEgXkUT45wuoqjaAejLL521vwov5ExZ0XrLrbOMb0y0fSgiAzpL6Du
-d4/awRtQug0JBSkSsUyYKP1qwPyb0UDNXFnEfUm/wQ+lOkJ8QQ0eJS4uLj0MI/uf
-H0bs82KqpsqFqersUZgmbhq9zQ7rIkmy5sSZL2s8uoIJRnSzGabcuaGDbdUoYkO6
-G/PhHWFhh7LLGxRJAt7ZEMrXDNrGwxzyq0gnjRAXi1bLXdT2GWVMeCXLPb6lk3fO
-oneX3rQkjqo73Mb4V9mpukLZenekStx2BytDwwIDAQABAoIBAHFYwWeEnniekqe6
-T/PHodm/4tGtcfRQOW/DvXY8iL7BBbtI783H2K41nrYdbcu/IuWfwXa5FHwoNFoG
-t5a8z9rG9KAwNtzM/UKHuLFW5cCYn4HasKhzuC/mCy1pcGolEbkPkW7QlwxWFlGL
-KEmP2GqAEndjRHOI7DAzI2NDsIYgjBARGCWLURcjohr8q5Z1EC9B8ClmzA94f7EZ
-RZ61mN3oOZiJtulGRnmn70lIdcJ4sWMlJbrLtKsPK0rHAv8U5Yjs+TSsrz4lYTVa
-5sdp9nhr5GpZ3W+JDEq0ZyeiJ5FxyR4krcIj8HVVDVavauW4vRu9CeqnDwDunPl6
-L14O/uECgYEA75RpcfM4bzULJpVbLNHZTkClZtWNyY77rDkfvrOjlsD06QMDBeQh
-vFxiNxwO2JqSKoJf1vay8Hn7un9NSm5x8MgRfrMjhsG6MzavycrxESRFtq5Adkdk
-3lQyn0WGYsPHFLVs/tx1GtdzCqU5SyBUkeLCqMNaARV1xmD4AjFcaasCgYEA2YzM
-ZZ8Z4aAqkv6gJiZTN1gQxMO8nPiCwY8NefI/Mm1U+X6j4ZYRkqTcvdsJzFtnj+ab
-rrguS1AOuyDMID2NKjQTrzJLBUhNYzbo7YeMsY2U+k9z0fvM3WGzX0YBvcxtnqXm
-BLMKHjbF0YvzEbu0qD1dWj5CZ6e/+DXfK5QlZkkCgYAEAa9hwHeJJJHzKzxDG59O
-t7YMajXc0Q9UagAl6EssEj4GR46dYptN0x2xXj7BUJRxMYz4w1dqvh9/lvFr9Tzi
-kfX48HX/ou3CPX/jGAnAB6NC0tcxIzCEp1PRZhBBRpTlu8L+4CD1OfUqkGjM4NWJ
-OwmWWO4AZqN5ldWP89Nf0QKBgQDUR1RHMNljVRNV/gmtUCZRUaiDJ3ALR17nmjwP
-KzdJcG/DSDSHchTRn/cZdvt3ohVK0D5HXccmjAbjx9wG9aiibtBqWsvjaqrAzhq5
-dFPwCPQ+z3p3gpljx+rsY3ZdinXIoZ7yJPYRh2a90y6qthtRMxe9cBUB6iki/QY4
-EsXvqQKBgQCUokN2XeonTeJCIDKU7XKd5JNOuWFWCz/tsBu2lnMSr/2txiL3cCgt
-BNJw+rbZ08hMMNeD871lsYKTrPigEXKpMlHlC8RodWK7XEGhTL4nHoZQ/PE8Zq71
-Q6+DM27CV0IU7/78rrWO0YdHii2pE72Fp05i/X16apjTSFi9InL6ZQ==
+MIIEowIBAAKCAQEA5zoBqJMSCPSmyYkQovZqatOTmMcxwOWKOkSbz++5PQWGA2EO
+bvzG+ZqeNdY9OCdIy3cmlxU0oAsdlzHdGOy/eNkyngAaRGp4FR+sez67rbK0MnWM
+Edgx7Bl9v7pdHnA4YhDPOoqkmIO03+BQO+XsJKCJFCwZJ0hmw9QddGO+YziVP2TQ
+kayV99nKlrUb53Fwe187EjAsuDooeYScgRLbODFtLSrigAVcKXdTWBAZ7vlQ4Y07
+K+LAC9KfPKCVM/gzF84jDjHoHj1+asltg54L+kPSSj++0xkHHozk9tyPwz46jmZK
+h+8LOdvoPjAckZ6zHtOgHhuasViZ3qW7Uzs7XQIDAQABAoIBAAx5xL0jskVpbdZR
+3uPsB7Hb2IrVtImD2QFr0jxV4ti4A5MLGYxDdzjgbsjY1lTBSdwwgZSFQGGiN+aA
+ej1uCKaskV6VAtXOKMx6+QNtTxMAIVjXnscXsxnaBj7h/0Q1KdWgso2mDVttP8UU
+hT+2GBeh0cOU3YaREXpfZ3dwKkWQHbtO/UYwVzu+XVFt8kApPoLMMHoXZfetP6Yp
+7YSCuI6id44mwqkP7aY8iGhcUpVTkP3LD7z8nUp4LaG9my6T1Wev8x7hstb/NIsZ
+DPiXAzfDUkHWqpMthnoWyOdghGc6JzKGFeJVHqrW4byJ4hNU3WvNIdvZ8tyIEpd1
+56uP/gECgYEA92oUhzHjvw87qfo6tPDai2I8AghXJoPGB6xYYhchlirYMGPx9fU/
+rcVEGbmSBDqXMg9eZUqiXB+E/hukCOrFZJt4kt656Nm/Xy68IDwSifmf5vcUde6q
+j0pD6i0vwJFjYWBjjS7gRBK83pr/jHhy8aK1+79lZ0GfbQkLxF/2TxkCgYEA70Af
+A387tHDmct7ZH0gAZx9QKYZhtS+WWVCIoZ81028DEeGri0By83KFkU0QZ9RfWKQi
+RajBYkB35xJFv4fSX5s4+tcVaTVJKOn7V5YGmUIxrGY3IMuE77+h9SEHd8GY723q
+9qgwTF5SQP3cGiVpGFB99M44CBuHbbypFh67iuUCgYEA3Zp6QI2C/AJc4mZqZt7E
+IMwgC4IE7U5h9UV89H7banF9qfobIr5EBxUFZjU8f+Uqv3/cgMVUn0bsC94eEo6V
+twM5//LWeaVvL4Xgos6rnEGl422zOd5HjohqRDms58JRTUrUYAR4gwB1gr0530uT
+SLMAZTiNTusMLNFJZN6+8yECgYAulAY1sRSXmY9T98y/iU4CxZberrnhA2W697HR
+/WQGSMuJNK0oDCEVAku8sQsrm64AXNwLQcJ8dV6iju0jT7cGQ/sA4tTZSbV3kK4N
+LDkWp0tya+f5q4WzA1Ttm0OP7hHvMzAWW0Ij7A0JeCLcuEHQqQMMoQVJlspz89Hb
+a5pJfQKBgFZb6XnLMTSCs/SQe38PQiawIQcA+zXmhG83xkEKspQGm2KqyJL+AdKQ
+fXQKoKa/Ubyp7PKRJVZ8raX1/kvtFDQIQ+G3L/hps5rhZgDh5S2n0xd4zlbK/Sw6
+l3RjOUpHSe8oz+X3Jinl/Rwr39I9hrRAW2xj7vkFb84IE98mJu2X
 -----END RSA PRIVATE KEY-----
diff --git a/compose/assets/etc/storm/webdav/README.md b/compose/assets/etc/storm/webdav/README.md
index fe79a8f1..a45eefb2 100644
--- a/compose/assets/etc/storm/webdav/README.md
+++ b/compose/assets/etc/storm/webdav/README.md
@@ -11,22 +11,3 @@ service.
 
 Storage area configuration lives in the `sa.d` directory.
 For more information see the README.md file there.
-
-## VOMS map files configuration
-
-VOMS map files contains the list of VO members as obtained by running the
-voms-admin list-users command.
-
-When VOMS mapfiles are enabled, users can authenticate to the StoRM webdav
-service using the certificate in their browser and be granted VOMS attributes
-if their subject is listed in one of the supported VOMS mapfile.
-
-For each supported VO, a file having the same name as the VO is put in the
-voms-mapfiles directory.
-
-*Example*: to generate a VOMS mapfile for the `cms` VO, run the following
-command
-
-```bash
-voms-admin --host voms.cern.ch --vo cms list-users > cms
-```
diff --git a/compose/assets/etc/storm/webdav/config/application-issuers.yml b/compose/assets/etc/storm/webdav/config/application-issuers.yml
new file mode 100644
index 00000000..275750b9
--- /dev/null
+++ b/compose/assets/etc/storm/webdav/config/application-issuers.yml
@@ -0,0 +1,6 @@
+oauth:
+  issuers:
+    - name: egi-checkin
+      issuer: https://egi-checkin.example/
+    - name: dev
+      issuer: https://iam-dev.cloud.cnaf.infn.it/
\ No newline at end of file
diff --git a/compose/assets/etc/storm/webdav/config/application-policies.yml b/compose/assets/etc/storm/webdav/config/application-policies.yml
new file mode 100644
index 00000000..0ef9a668
--- /dev/null
+++ b/compose/assets/etc/storm/webdav/config/application-policies.yml
@@ -0,0 +1,54 @@
+storm:
+  authz:
+    policies:
+    - sa: fga
+      actions:
+      - all
+      effect: permit
+      description: Grant read/write access to test.vo VOMS users
+      principals:
+      - type: vo
+        params:
+          vo: test.vo
+    - sa: fga
+      actions:
+      - list
+      - read
+      effect: permit
+      description: Grant read access to anyone to the public area
+      paths:
+      - /public/**
+      principals:
+      - type: anyone
+    - sa: fga
+      actions:
+      - all
+      effect: permit
+      description: Grant read/write to the "cms" token (default) group in the cms namespace
+      paths:
+      - /cms/**
+      principals:
+      - type: jwt-group
+        params:
+          iss: https://iam-dev.cloud.cnaf.infn.it/
+          group: /cms
+    - sa: fga
+      actions:
+      - all
+      effect: permit
+      description: Grant read/write to the "data-manager" token (optional) group
+      principals:
+      - type: jwt-group
+        params:
+          iss: https://iam-dev.cloud.cnaf.infn.it/
+          group: /data-manager
+    - sa: fga
+      actions:
+      - list
+      - read
+      effect: permit
+      description: Grant read access to tokens issued by iam-dev
+      principals:
+      - type: jwt-issuer
+        params:
+          iss: https://iam-dev.cloud.cnaf.infn.it/
diff --git a/compose/assets/etc/storm/webdav/sa.d/auth.properties b/compose/assets/etc/storm/webdav/sa.d/auth.properties
deleted file mode 100644
index a740ef11..00000000
--- a/compose/assets/etc/storm/webdav/sa.d/auth.properties
+++ /dev/null
@@ -1,24 +0,0 @@
-#
-# Copyright (c) Istituto Nazionale di Fisica Nucleare, 2018.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
-name=auth
-rootPath=/storage/auth
-filesystemType=posixfs
-accessPoints=/auth
-vos=test.vo
-authenticatedReadEnabled=true
-anonymousReadEnabled=false
-voMapGrantsWritePermission=false
diff --git a/robot/assets/fixtures/default/sa.d/wlcg.properties b/compose/assets/etc/storm/webdav/sa.d/fga.properties
similarity index 61%
rename from robot/assets/fixtures/default/sa.d/wlcg.properties
rename to compose/assets/etc/storm/webdav/sa.d/fga.properties
index 0d635e49..7da65f4d 100644
--- a/robot/assets/fixtures/default/sa.d/wlcg.properties
+++ b/compose/assets/etc/storm/webdav/sa.d/fga.properties
@@ -1,12 +1,11 @@
-name=wlcg
-rootPath=/storage/wlcg
+name=fga
+rootPath=/storage/fga
 filesystemType=posixfs
-accessPoints=/wlcg
-orgs=https://wlcg.cloud.cnaf.infn.it/
+accessPoints=/fga
 authenticatedReadEnabled=false
 anonymousReadEnabled=false
-voMapGrantsWritePermission=false
-wlcgScopeAuthzEnabled=true
-fineGrainedAuthzEnabled=true
+orgs=https://iam-dev.cloud.cnaf.infn.it/,https://egi-checkin.example/
 orgsGrantReadPermission=false
 orgsGrantWritePermission=false
+fineGrainedAuthzEnabled=true
+wlcgScopeAuthzEnabled=true
diff --git a/compose/assets/etc/storm/webdav/sa.d/oauth_authz.properties b/compose/assets/etc/storm/webdav/sa.d/oauth-authz.properties
similarity index 91%
rename from compose/assets/etc/storm/webdav/sa.d/oauth_authz.properties
rename to compose/assets/etc/storm/webdav/sa.d/oauth-authz.properties
index 4985fffa..a09cd12f 100644
--- a/compose/assets/etc/storm/webdav/sa.d/oauth_authz.properties
+++ b/compose/assets/etc/storm/webdav/sa.d/oauth-authz.properties
@@ -18,7 +18,7 @@ name=oauth-authz
 rootPath=/storage/oauth-authz
 filesystemType=posixfs
 accessPoints=/oauth-authz
-orgs=https://iam-test.indigo-datacloud.eu/
+orgs=https://iam-dev.cloud.cnaf.infn.it/,https://egi-checkin.example/
 authenticatedReadEnabled=false
 anonymousReadEnabled=false
 voMapGrantsWritePermission=false
diff --git a/compose/assets/etc/storm/webdav/sa.d/sa.properties.template b/compose/assets/etc/storm/webdav/sa.d/sa.properties.template
deleted file mode 100644
index 64cc965c..00000000
--- a/compose/assets/etc/storm/webdav/sa.d/sa.properties.template
+++ /dev/null
@@ -1,29 +0,0 @@
-# This is an example of StoRM WebDAV storage area configuration
-
-# Name of the storage area
-name=sa
-
-# Root path for the storage area. Files will be served from this path, which must exist and
-# must be accessible from the user that runs the storm webdav service
-rootPath=/tmp
-
-# Comma separated list of storage area access points. 
-accessPoints=/sa
-
-# Comma separated list of VOMS VOs supported in this storage area
-vos=testers.eu-emi.eu
-
-# Enables read access to users authenticated with an X.509 certificate issued by
-# a trusted CA (users without VOMS credentials).
-# Defaults to false, which means that all users need to authenticate with a VOMS credential
-# authenticatedReadEnabled=false
-
-# Enables read access to anonymous users. Defaults to false. 
-# anonymousReadEnabled=false
-
-# Enables VO map files for this storage area. Defaults to true. 
-# voMapEnabled=true
-
-# VO map normally grants read-only access to storage area files. To grant 
-# write access set this flag to true. Defaults to false. 
-# voMapGrantsWriteAccess=false
diff --git a/compose/assets/etc/storm/webdav/sa.d/test_vo.properties b/compose/assets/etc/storm/webdav/sa.d/test.vo.properties
similarity index 100%
rename from compose/assets/etc/storm/webdav/sa.d/test_vo.properties
rename to compose/assets/etc/storm/webdav/sa.d/test.vo.properties
diff --git a/compose/assets/etc/storm/webdav/vo-mapfiles.d/README.md b/compose/assets/etc/storm/webdav/vo-mapfiles.d/README.md
deleted file mode 100644
index 922f3c14..00000000
--- a/compose/assets/etc/storm/webdav/vo-mapfiles.d/README.md
+++ /dev/null
@@ -1,39 +0,0 @@
-## VO map files configuration
-VO map files contains the list of the members of a VOMS-managed Virtual Organization (VO).
-
-## What are VO map files
-
-When VO map files are enabled, users can authenticate to the StoRM webdav
-service using the certificate in their browser and be granted VOMS attributes
-if their subject is listed in one of the supported VO mapfile.
-
-This mechanism is very similar to the traditional Gridmap file but is just used
-to know whether a given user is registered as a member in a VOMS managed VO and
-not to map his/her certificate subject to a local unix account.
-
-### How to enable VO map files
-
-VO map files support is disabled by default in StoRM WebDAV.
-
-Set `STORM_WEBDAV_VO_MAP_FILES_ENABLE=true`` in /etc/sysconfig/storm-webdav
-to enable VO map file support.
-
-### How to generate VO map files
-
-VO map files are generated using the voms-admin list-users command.
-
-For each supported VO, a file named:
-
-<voname>.vomap
-
-is put in the voms-mapfiles.d directory.
-
-*Example*: to generate a VO mapfile for the `cms` VO, run the following
-command
-
-```bash
-voms-admin --vo cms list-users > /etc/storm/webdav/vo-mapfiles.d/cms.vomap
-```
-
-*N.B.:* Ensure that vo map files are readable by the user that runs the StORM
-WebDAV service (by default, the `storm` user).
diff --git a/compose/assets/nginx/nginx.conf b/compose/assets/nginx/nginx.conf
index 5b77bc4f..e92b74b3 100644
--- a/compose/assets/nginx/nginx.conf
+++ b/compose/assets/nginx/nginx.conf
@@ -1,10 +1,4 @@
-user build;
-worker_processes  1;
-
-env OPENSSL_ALLOW_PROXY_CERTS=1;
-env X509_VOMS_DIR=/vomsdir;
-
-error_log /home/build/local/openresty/nginx/logs/error.log  warn;
+load_module modules/ngx_http_voms_module.so;
 
 events {
   worker_connections 1024;
@@ -12,9 +6,11 @@ events {
 
 http {
 
-    include      /home/build/local/openresty/nginx/conf/mime.types;
+    include      mime.types;
     default_type  application/octet-stream;
 
+    resolver 127.0.0.11 ipv6=off;
+
     log_format storm '$time_iso8601 [$request_id] $remote_addr - $remote_user "$request" <$upstream_response_time> '
                     '$ssl_protocol/$ssl_cipher '
                     '"$ssl_client_s_dn" '
@@ -22,15 +18,14 @@ http {
                     '$status $body_bytes_sent "$http_referer" '
                     '"$http_user_agent" "$http_x_forwarded_for"';
 
-    access_log /home/build/local/openresty/nginx/logs/access.log  storm;
+    access_log /var/log/nginx/access.log  storm;
 
     sendfile        on;
     #tcp_nopush     on;
 
     keepalive_timeout  65;
 
-    #gzip  on;
-
     client_max_body_size 10000m;
+
     include /etc/nginx/conf.d/*.conf;
 }
diff --git a/compose/assets/nginx/srm.conf b/compose/assets/nginx/srm.conf
index 6d58e8b0..69ed1160 100644
--- a/compose/assets/nginx/srm.conf
+++ b/compose/assets/nginx/srm.conf
@@ -1,27 +1,26 @@
 server {
 
-  root /tmp/storage;
-  error_log /home/build/local/openresty/nginx/logs/error.log info;
-  access_log /home/build/local/openresty/nginx/logs/access.log storm;
+  root /storage;
 
   listen 443 ssl;
-  server_name storm-alias.example;
+  server_name storm-alias.test.example;
 
-  ssl on;
   ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
 
   ssl_certificate      /certs/hostcert.pem;
   ssl_certificate_key  /certs/hostkey.pem;
-  ssl_client_certificate  /etc/pki/tls/certs/ca-bundle.crt;
+  ssl_client_certificate  /etc/pki/ca-trust/extracted/pem/tls-ca-bundle-all.pem;
 
   ssl_verify_client optional;
   ssl_verify_depth 100;
   ssl_session_cache shared:SSL:10m;
   ssl_session_timeout 10m;
 
+  client_max_body_size 10000m;
+
   location / {
     autoindex on;
-    dav_methods PUT DELETE MKCOL;
+    dav_methods PUT DELETE MKCOL COPY;
     create_full_put_path  on;
     dav_access            group:rw  all:r;
   }
diff --git a/compose/assets/oidc-agent/dev-wlcg b/compose/assets/oidc-agent/dev-wlcg
new file mode 100644
index 00000000..a833aaea
--- /dev/null
+++ b/compose/assets/oidc-agent/dev-wlcg
@@ -0,0 +1,7 @@
+1010
+1wOf9Pq+mNOxYk3ym2359qDJSF1ovSOG
+wIrQxktFUUgtmo0blww69A==
+24:16:16:32:1:2:67108864:2
+AkHRbL2GnV8kvBCvd+MMw5YL4nD6XmfUXT9t9GOH/y8jTmULDI7mPtLvm1/jLHA2xCuoQrz0BxPeez/glOuFzAovFeoJYP9GYRfDRNuOUdavH1aTNBCqQ5Mj+uIW7RgkKrS+/hxPcng6QCaYyJVF9RmlpHE6YZd36sFA6T2NO0rSX9xKmD2An/zcdK+6AM6iLc91PKzWEGYiLnBJ5pUem+kiS7ZhHN5wC2s/fEQ6RqCNcs0iQNUixGNU+q+WjHNHXpS2UPs6PEsH/XrFC0sfpaz8rAoDDvEBf3as1rPMI9wyyNVEDBgq33t+5mCH0F+bQfCRNxNXkCik0VQrsb3dK7/wiQ6wIrnqVLO9jQO6esWAwCOqbD+ek4v1wb8NEcP79RO5IVP3srsXTyoteHNepr/fXVYDc4HfOC93wBjppZxISP15t+kVPHoeLHgTidFcOsJ1RrpWaMfrFMUUEbGvf4IcvJDBpPiorUXSI7cpVYM/c0FvWJDyUo7JxBF4H7nX8KLGlbaB5b3Hpv85CqWMaohmSgfRlX2t3xby2OuPaMaQ/rrI34nikn+hUObH3tqOJNIdoJ9AE3Z7P327QkzGZOTRgC3TO7cOLBaJm7p06jsUqMGpu7x10Of9sXsQKA6+pG+QqHx6O/lw2OE0e9hOUbt/PF7mkb/tVn6+uzf4TbLSzLHmML4hupSK4ze1FW3Tp4+rCQSrtGK7WOz/l+Nw3qIa7lUZ+Muglb5s38wMCFUMTaSbToKfcj0zmD4X8c2cUB4e9p8LbsgFcOfBrBHSwvmyVa+emNNxxyXqYLiAr+Obdjyu29LbSz0FyDxeb1natBzFPYdxA0Mag7mdPxgmMzBIVHuFl5A7QrhW/kZxdyVWCcePG+aGGQPv1gJ3yopBcp6PZHzSLS6EOmevDIh3djzIMIn9GKl4nYX8mi7Pmtx4D//Ir3QWYI0HeP/n7cHAD8lCPRds0v0L7KzYjY9/68bmWjjhvsJZgA+IrmHZHiawVvfRt1Jr+r4SgmAcwkrba6/H4YKjPMprDhxrNtYaekxjyGMnkkAs7hNziwtOcp5JDh+ZZ9ZYhTtteYfY8k1XwIAKEqdfS+JRzfb63rc81O8jVTMIbC132+UiFn/J48cjiqoPYAKUUo9PtSWIcfHjhZlqidYv9tRzqRo0GB4Guj8/BZu5dBu3ck04U8u1rrDahfuVUZiiSNwy4PAqv+nYzwDiRQlIuq5i6aGEvz9tMgG9NCMc2w0g7w7UYh8Pd46TsowhraiKHcWjgCNjPX3iooD6zLggzYY4NKZsBpyhssKD0CKmAOJciormsuSkzpmw6MFpwtQ+hfFWzooRfYdP1O8=
+/cas1Kw7WNA/XxuxTBfggLhgDYlQGYE/SepMVvBh1y0=
+Generated using version: 4.5.1
\ No newline at end of file
diff --git a/compose/assets/scripts/ci-run-testsuite.sh b/compose/assets/scripts/ci-run-testsuite.sh
new file mode 100755
index 00000000..e79799ff
--- /dev/null
+++ b/compose/assets/scripts/ci-run-testsuite.sh
@@ -0,0 +1,17 @@
+#!/usr/bin/env bash
+set -ex
+
+OIDC_AGENT_ALIAS=${OIDC_AGENT_ALIAS:-dev-wlcg}
+
+eval $(oidc-agent --no-autoload)
+oidc-add --pw-cmd='echo ${OIDC_AGENT_SECRET}' ${OIDC_AGENT_ALIAS}
+export IAM_ACCESS_TOKEN=$(oidc-token -s openid ${OIDC_AGENT_ALIAS})
+
+/scripts/init-usercerts.sh
+echo "pass123" | voms-proxy-init --cert /tmp/usercerts/test0.p12 -voms test.vo --pwstdin
+
+cp -r /code/robot .
+
+pushd robot
+
+sh run-testsuite.sh
diff --git a/compose/assets/scripts/init-certs.sh b/compose/assets/scripts/init-certs.sh
deleted file mode 100755
index 63f5451c..00000000
--- a/compose/assets/scripts/init-certs.sh
+++ /dev/null
@@ -1,7 +0,0 @@
-#!/bin/bash
-set -ex
-
-CERT_DIR=${CERT_DIR:-/certs}
-
-cp ${CERT_DIR}/* /etc/grid-security/storm-webdav/
-chown -R storm:storm /etc/grid-security/storm-webdav
diff --git a/compose/assets/scripts/init-sa-config.sh b/compose/assets/scripts/init-sa-config.sh
deleted file mode 100755
index 876bac16..00000000
--- a/compose/assets/scripts/init-sa-config.sh
+++ /dev/null
@@ -1,11 +0,0 @@
-#!/bin/bash
-set -ex
-
-SA_CONFIG_DIR=${SA_CONFIG_DIR:-/sa.d}
-VOMAP_CONFIG_DIR=${VOMAP_CONFIG_DIR:-/vo-mapfiles.d}
-
-cp ${SA_CONFIG_DIR}/* /etc/storm/webdav/sa.d
-chown -R storm:storm /etc/storm/webdav/sa.d
-
-cp ${VOMAP_CONFIG_DIR}/* /etc/storm/webdav/vo-mapfiles.d
-chown -R storm:storm /etc/storm/webdav/vo-mapfiles.d
diff --git a/compose/assets/scripts/init-storage.sh b/compose/assets/scripts/init-storage.sh
index 03431990..a0c63ee7 100755
--- a/compose/assets/scripts/init-storage.sh
+++ b/compose/assets/scripts/init-storage.sh
@@ -1,4 +1,4 @@
-#!/bin/bash 
+#!/usr/bin/env bash
 set -ex
 
 STORAGE_DIR=${STORAGE_DIR:-/storage}
diff --git a/compose/assets/scripts/init-usercerts.sh b/compose/assets/scripts/init-usercerts.sh
index 00fc19bb..d56dce68 100755
--- a/compose/assets/scripts/init-usercerts.sh
+++ b/compose/assets/scripts/init-usercerts.sh
@@ -1,8 +1,7 @@
-#!/bin/bash
+#!/usr/bin/env bash
 set -ex
 
 USER_CERTS_DIR=${USER_CERTS_DIR:-/usercerts}
 mkdir -p /tmp/usercerts
 cp ${USER_CERTS_DIR}/* /tmp/usercerts
-chown -R storm:storm /tmp/usercerts
 chmod 600 /tmp/usercerts/*
diff --git a/compose/assets/scripts/run-service.sh b/compose/assets/scripts/run-service.sh
deleted file mode 100755
index 944587b6..00000000
--- a/compose/assets/scripts/run-service.sh
+++ /dev/null
@@ -1,35 +0,0 @@
-#!/bin/bash
-set -ex
-
-JARDIR=/usr/share/java/storm-webdav
-JVM_OPTS=${STORM_WEBDAV_JVM_OPTS:-}
-
-if [ -n "$ENABLE_JREBEL" ]; then
-  JVM_OPTS="-javaagent:/opt/jrebel/jrebel.jar -Drebel.stats=false -Drebel.usage_reporting=false -Drebel.struts2_plugin=true -Drebel.tiles2_plugin=true -Drebel.license=/home/storm/.jrebel/jrebel.lic $JVM_OPTS"
-  
-  mkdir -p /home/storm
-  cp -r /mnt/.jrebel /home/storm
-  chown -R storm.storm /home/storm
-  chmod 755 /home/storm/.jrebel
-  chmod 644 /home/storm/.jrebel/*
-fi
-
-if [ -z "$DEBUG_PORT" ]; then
-  DEBUG_PORT=1044
-fi
-
-if [ -z "$DEBUG_SUSPEND" ]; then
-  DEBUG_SUSPEND="n"
-fi
-
-if [ ! -z "$DEBUG" ]; then
-  JVM_OPTS="-Xdebug -Xrunjdwp:server=y,transport=dt_socket,address=$DEBUG_PORT,suspend=$DEBUG_SUSPEND $JVM_OPTS"
-fi
-
-if [ -n "$ENABLE_JMX" ]; then
-  JVM_OPTS="-Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.port=6002 -Dcom.sun.management.jmxremote.rmi.port=6002 -Djava.rmi.server.hostname=dev.local.io -Dcom.sun.management.jmxremote.authenticate=false -Dcom.sun.management.jmxremote.ssl=false $JVM_OPTS"
-fi
-
-if [ -z "${DONT_START_SERVICE}" ]; then
-  su storm -s /bin/bash -c "java $JVM_OPTS -jar $JARDIR/storm-webdav-server.jar"
-fi
diff --git a/compose/assets/scripts/run.sh b/compose/assets/scripts/run.sh
deleted file mode 100755
index a8934982..00000000
--- a/compose/assets/scripts/run.sh
+++ /dev/null
@@ -1,5 +0,0 @@
-#!/bin/bash
-set -ex
-
-/scripts/unpack-tarball.sh
-/scripts/run-service.sh
diff --git a/compose/assets/scripts/setup.sh b/compose/assets/scripts/setup.sh
deleted file mode 100755
index e1ca14ef..00000000
--- a/compose/assets/scripts/setup.sh
+++ /dev/null
@@ -1,6 +0,0 @@
-#!/bin/bash
-set -ex
-
-/scripts/init-certs.sh
-/scripts/init-sa-config.sh
-/scripts/init-storage.sh
diff --git a/compose/assets/scripts/unpack-tarball.sh b/compose/assets/scripts/unpack-tarball.sh
deleted file mode 100755
index cbb73855..00000000
--- a/compose/assets/scripts/unpack-tarball.sh
+++ /dev/null
@@ -1,9 +0,0 @@
-#!/bin/bash
-set -ex
-
-JARDIR=/usr/share/java/storm-webdav
-
-if [ -z "${DONT_UNPACK_TARBALL}" ]; then
-  TARFILE="target/storm-webdav-server.tar.gz"
-  tar -C / --owner=storm --group=storm -xvzf /code/$TARFILE
-fi
diff --git a/compose/assets/scripts/wait-and-run-testsuite.sh b/compose/assets/scripts/wait-and-run-testsuite.sh
deleted file mode 100755
index 8c6c14b2..00000000
--- a/compose/assets/scripts/wait-and-run-testsuite.sh
+++ /dev/null
@@ -1,18 +0,0 @@
-#!/bin/bash 
-set -ex
-
-export X509_USER_PROXY=${X509_USER_PROXY:-/tmp/x509up_u$(id -u)}
-DAV_HOST=${DAV_HOST:-storm.example}
-WAIT_TIMEOUT=${WAIT_TIMEOUT:-30}
-
-/scripts/init-usercerts.sh
-echo "pass" | voms-proxy-init --cert /tmp/usercerts/test0.p12 -voms test.vo --pwstdin
-
-/scripts/wait-for-it.sh ${DAV_HOST}:8085 --timeout=${WAIT_TIMEOUT}
-
-rsync -avhu --exclude='.git/' /code/robot .
-
-pushd robot
-
-
-sh run-testsuite.sh
diff --git a/compose/assets/scripts/wait-for-it.sh b/compose/assets/scripts/wait-for-it.sh
deleted file mode 100755
index bbe40432..00000000
--- a/compose/assets/scripts/wait-for-it.sh
+++ /dev/null
@@ -1,177 +0,0 @@
-#!/usr/bin/env bash
-#   Use this script to test if a given TCP host/port are available
-
-cmdname=$(basename $0)
-
-echoerr() { if [[ $QUIET -ne 1 ]]; then echo "$@" 1>&2; fi }
-
-usage()
-{
-    cat << USAGE >&2
-Usage:
-    $cmdname host:port [-s] [-t timeout] [-- command args]
-    -h HOST | --host=HOST       Host or IP under test
-    -p PORT | --port=PORT       TCP port under test
-                                Alternatively, you specify the host and port as host:port
-    -s | --strict               Only execute subcommand if the test succeeds
-    -q | --quiet                Don't output any status messages
-    -t TIMEOUT | --timeout=TIMEOUT
-                                Timeout in seconds, zero for no timeout
-    -- COMMAND ARGS             Execute command with args after the test finishes
-USAGE
-    exit 1
-}
-
-wait_for()
-{
-    if [[ $TIMEOUT -gt 0 ]]; then
-        echoerr "$cmdname: waiting $TIMEOUT seconds for $HOST:$PORT"
-    else
-        echoerr "$cmdname: waiting for $HOST:$PORT without a timeout"
-    fi
-    start_ts=$(date +%s)
-    while :
-    do
-        if [[ $ISBUSY -eq 1 ]]; then
-            nc -z $HOST $PORT
-            result=$?
-        else
-            (echo > /dev/tcp/$HOST/$PORT) >/dev/null 2>&1
-            result=$?
-        fi
-        if [[ $result -eq 0 ]]; then
-            end_ts=$(date +%s)
-            echoerr "$cmdname: $HOST:$PORT is available after $((end_ts - start_ts)) seconds"
-            break
-        fi
-        sleep 1
-    done
-    return $result
-}
-
-wait_for_wrapper()
-{
-    # In order to support SIGINT during timeout: http://unix.stackexchange.com/a/57692
-    if [[ $QUIET -eq 1 ]]; then
-        timeout $BUSYTIMEFLAG $TIMEOUT $0 --quiet --child --host=$HOST --port=$PORT --timeout=$TIMEOUT &
-    else
-        timeout $BUSYTIMEFLAG $TIMEOUT $0 --child --host=$HOST --port=$PORT --timeout=$TIMEOUT &
-    fi
-    PID=$!
-    trap "kill -INT -$PID" INT
-    wait $PID
-    RESULT=$?
-    if [[ $RESULT -ne 0 ]]; then
-        echoerr "$cmdname: timeout occurred after waiting $TIMEOUT seconds for $HOST:$PORT"
-    fi
-    return $RESULT
-}
-
-# process arguments
-while [[ $# -gt 0 ]]
-do
-    case "$1" in
-        *:* )
-        hostport=(${1//:/ })
-        HOST=${hostport[0]}
-        PORT=${hostport[1]}
-        shift 1
-        ;;
-        --child)
-        CHILD=1
-        shift 1
-        ;;
-        -q | --quiet)
-        QUIET=1
-        shift 1
-        ;;
-        -s | --strict)
-        STRICT=1
-        shift 1
-        ;;
-        -h)
-        HOST="$2"
-        if [[ $HOST == "" ]]; then break; fi
-        shift 2
-        ;;
-        --host=*)
-        HOST="${1#*=}"
-        shift 1
-        ;;
-        -p)
-        PORT="$2"
-        if [[ $PORT == "" ]]; then break; fi
-        shift 2
-        ;;
-        --port=*)
-        PORT="${1#*=}"
-        shift 1
-        ;;
-        -t)
-        TIMEOUT="$2"
-        if [[ $TIMEOUT == "" ]]; then break; fi
-        shift 2
-        ;;
-        --timeout=*)
-        TIMEOUT="${1#*=}"
-        shift 1
-        ;;
-        --)
-        shift
-        CLI=("$@")
-        break
-        ;;
-        --help)
-        usage
-        ;;
-        *)
-        echoerr "Unknown argument: $1"
-        usage
-        ;;
-    esac
-done
-
-if [[ "$HOST" == "" || "$PORT" == "" ]]; then
-    echoerr "Error: you need to provide a host and port to test."
-    usage
-fi
-
-TIMEOUT=${TIMEOUT:-15}
-STRICT=${STRICT:-0}
-CHILD=${CHILD:-0}
-QUIET=${QUIET:-0}
-
-# check to see if timeout is from busybox?
-# check to see if timeout is from busybox?
-TIMEOUT_PATH=$(realpath $(which timeout))
-if [[ $TIMEOUT_PATH =~ "busybox" ]]; then
-        ISBUSY=1
-        BUSYTIMEFLAG="-t"
-else
-        ISBUSY=0
-        BUSYTIMEFLAG=""
-fi
-
-if [[ $CHILD -gt 0 ]]; then
-    wait_for
-    RESULT=$?
-    exit $RESULT
-else
-    if [[ $TIMEOUT -gt 0 ]]; then
-        wait_for_wrapper
-        RESULT=$?
-    else
-        wait_for
-        RESULT=$?
-    fi
-fi
-
-if [[ $CLI != "" ]]; then
-    if [[ $RESULT -ne 0 && $STRICT -eq 1 ]]; then
-        echoerr "$cmdname: strict mode, refusing to execute subprocess"
-        exit $RESULT
-    fi
-    exec "${CLI[@]}"
-else
-    exit $RESULT
-fi
diff --git a/compose/assets/usercerts/test0.p12 b/compose/assets/usercerts/test0.p12
index 1c97d37226171077c98e89c5d9f23932895fb137..3ce35f01cc03c7a0ab37426fff579a91016b14d7 100644
GIT binary patch
delta 2400
zcmV-m37_`m6Xg?-U4L!b{47kiKZODU2mpYB1OO}pm++;TIV#WqNohKu{9)J(RqAcs
zIhsnW-I9mZwMTH7oFFN)#2kzb@pHv>0(6acN-ND$1MKMA1OE&R?)mLRk)$yRtG*(g
z8&~r;8d%DTV$A8~^9Y<J|M>2JWl~jw>FkzIJgmFj)jGl1dw=k?ELTgvRqmPK326C(
zpjeFrWKB)oiD!R>hYE%_AK<G#y3b3@tdp3#wc={jA!xq2e?20GWlm9_R!l}xALWE`
zKSgf-D0m(0thml#KJzil>U{OEaFk}puW{*2e*gx;HbsOdF4{wL!*5>%NH+J)n42x4
zF&1yA)PE7Gvw!{-*4ul)EDYM^+@Ogc3)|(Q!~-w<)?Z3T?87dH{OSWutQVy<4IHoo
zK#6BGLFp>S63e^2&OWl%xBG?g=iL?KU=e}(0}reMbX7HC`w7^m4OdEV>tz;2!Rg1(
zdy|2;q`|H~y){I^6|~l2e47*ScB}ekpQ)%F*W*4!&ws`cI0DKnK4)QCC65?js-xSm
zK#zb_n9t+om62_vB*^OAaz6EaA`cpfkJQoxnz*!h2iXTA>ZF#Iq*1nT&|ahZw`JW-
zWJD&y51-Nwbqk%ee`#(BwkoGx-|wIb`mfxfcO`@9wdj7kHRLrkU<`SXs5lrV#ivXU
zDar9!hkxGGuTQwfY+^450$))>Qz$@{(u%&JZKF;;$=l=Rl_&kgI>(6^?Nh3#mNxZ<
z%vy*KKV_(p3<d>VUn&zKb~-ruVQH~ZUFZ5-^W&vPgIGnKz&L^jQDuI#qs9hgBuzk!
ziQI%|2(<Dk_xVcO;XHn@o_io++Q}1Fz*Qrw&3^^_l@`ty6OY^k%u&}#C5BH%Y0w}3
zB@I(8i|kXO+Hq-*M78~5`Eb+ti;-#O1x|(<oB%(!ox-gOzt_e0t0tcCoOy8+!6Ado
z`Nj`P{8K_|wr3aT0#CE0(#2^Sz~$q@d-Xjpj6sg;hzy1d`cLEwY9g%l{s%C4@n0T2
zGJo8iiVlOjvu~bFSJ+vT+78<DxyKPWuZ#d5WGu<~oM^^u;m-piM{FO)6(oaN$@GPf
z^3t;S6`9U=ygrKo!0q;!avy_>*=kvz?jGatS)?dyaI8M8Ffr@8|JqbQ#Bghgfjt0^
zR&r)_D!PY?_fa&el0;v6yrl6#G}d@C8-K4NL*p6F<I!aph0oRvsR#ELx)J5Ay8KJb
z0q}^IUe=dQH#Q_4E{1AIrjn=+_O3~9;b_AOIrTmZF3MdW76>%;T>M$%?stxlu9Dk(
z)$DKRr5lLin8mc}I7MvV_iSe#HIzv}$>wLq7dFmsIe+%%%DogwZ-DX6Q$_>yLKs=1
zV*8-jDPMSdZykNMre4U1+BE4?|2dOw1V(>(AJda@b8BS+0tf&Ef&|DSOetg2aKcrf
zTuTU=y?z*?qPc5Zf6If-z)EhOQS3Lc`Y#R97Vu(JPQ6x@e);Pwwo-N9I;m5V%s;?%
zPF|rSF%zTt`jL5-$yBV|dH1n=h^1hIZJcps;59zt`O~|@$DhgtR}g9(RD_?)9q4~m
zjbN_#hW4MST+X`dS%|2nh1!=7-`M=!e4f(+Goa8Bb~*CcP<<uh8LOn6VE~(GRX3pc
zZI47~b3d~6RGlH-ExU?6SY{v(do_ixv<Xb>BEEcjXnmh@JY(Aob_##Wjpr1zZyVlU
z6XGYt0X(CO-U*F{2@tmDVTgZ7d$E5GAG;+pn5a#kWV5>4ALdaed->S0DU4$O{@8%_
zS)Lcz)e4AUtU_3a$Q!f91d*xBV4@=jmpjq`f5ehn9>fTUPbNVU@7JLC;ODz_=P8@h
zyvYX2BNqg7yRn@5!^hd_fExWUJ-d;g)gL=i;NiEYkAOJx%nIX`AHnyU+z@}ta2R1v
zY{%v^V@Iv0=XP2^olKPt<dER<w{_$TCuR%az5q$JbEc~!QP2V!C)Qv}xO*rTeZ25G
zysg7_O#``JmIy1%l~68&600@x)fUH4KWdHY6)DXtrqP-l3-xE-#mQwb5bWuSBBw`q
z_(JXl3c@?x;gvP{UO}Y5xov;f=$ev^nI4&;YvvbUi)^~G&f;7%$~t1or}*WhlKw8X
zKwIw)N_Kp+&l6Rw#$E;d=>V6qHU`8ZRzUvXo01>v5OCGkBjSCLp^@vt1=(WobC=v<
zS>B-<_YN4g-6ATL_@$7GqrU6<SB=n(8`OLrmMLxj_}sNzH2&y#lSO~TxFWu>NIdr>
z0|>Q`T=kr24FimM@h|3)+X<^;l6EvO7@i-^->1I-W3!_&9#cRn<XFgQU`HK%AEEQZ
zAwnZeUJT5XVs(8qyFLBD&RS>$M?`L)KOS@ql$kIbrKQ*O|C1j+1w4$DysowY_JxB8
zokzH*WXY%uPFx`eo3(#3L?YYdTWMS>PTO*r7OER>s61fbO4m<D_;*(LoqEY>kquq>
z6WfUig<t>y%XZ+GF`ZJ8sJ9CyXuC8N8vEjt=tkdW<DZ7y?2$OdTZBF`?+QWZCuW=e
zM{=lBr|byTkfxg<ogeR#x3a``&9b&<Mn3FS+KsR<E8wKjw`_mXBz`Y=g7n+<q4=!{
zOf?ZAdao=3L?lbzokL+4;6OuTPke<Ib8DzviSO_;Q~H#)fg7697+I%cC{|OjP99k(
zMPe$ejr$Uh>IJkDx!Cw}QWl(&GTyT&pg8{3*-J*JI62gn!aU48L}E^VgkIrmk=YUz
zDFsdT(OdHw#4&$;r`*yE*95~KLl!4t3eDub@}!#kxbt9NE#xfCG8FMeJGONB?im;N
zJ(40m9o1{X01D5-YqM=uT2R~>t&aJ$z5N^uKT(Owm9Ob|joD_sJl@JmaHQ1}mJphg
z9s9p-xTeJu3~MNYKdNALUYT2cDo}Ca^JatPp+)_(zsrC7qLdmo)A;eFc&e9sb2q!<
znn!g&w2p;QD7SJxV^0l^DrSP?7u)9?33@ejyo{psjyACoMnH~kZky+Ni6O%=K6K?k
zS#B=V#dM3p&NZdxYb{ylANXK&N7z8@x$0?iF(oh~1_>&LNQU<f0SOf`76cUamFxV0
z7cB5t&$T>g?E!}d=bp*rFflM8FbM_)D-Ht!8U+9Z6g}%fUWP%u6~C=N6c-;Z%u@|=
STLcK!4*iui2lGk-0tf)XqNN4^

delta 2400
zcmV-m37_`m6Xg?-U4Pc93_ynw`)>jQ2mpYB1OR7p1uaz{z9Kp`NmronWuF)Q23{73
zi%dP3u(gZ_t%uP^r*GowDOWmshRK)|YbDP_``kP*8k`+OM8sc%sbv1c^C+y=G}WF}
zA<W$pgtUuIfk4fb8YkgW02NOLw|O=veq{pn4h#i%L2sjZYkwXS#KKPAZbqZZ$=9q!
zANt+wK`>TwTT<9dqFK216&YnG{%52f)VC;rN{@J*A0z?>R?+QfDkrh*Q2=D)_p=<I
zkkdKru$R~q1!|tFZhz;X_<2H8s6BwWj)G!PbYv#-D$prBmwp*6XQcbh%``zBFM9*~
zN1~7=f%Y&X1%E(vfjZoyM;1m4w5@S;qL6@#1)G{M-5NXsW3BC~Eeabl{ZbO-u<A^t
zoycOI=chwdA+rf$DO-e>+dmB)fu^X%&x@tNj#rn1vZAzA+2Rl0yx_k!$|Bw1u(cv8
zT)Ei-zAj!jj#MBwJ@KjWE5cDq?g9KToqE(Zl=l6TR)15o?Jr*L1&e6_*vv{{R&_WN
zlrN0tpLQPF<vo2)2!!3CWhK?gOYj`!aj1UJfdD?B9Xe2MKB^kJfPjb=$+Ra--JM&U
z#QCEamwNx`9b=x#w2mBB7T&A3>jqE22Q11Y@3rO?#Dai+=mw_5%W)>LyUWl;edaOr
zcnQD(BY*Qrw{1rfVrfCbTdkRG;%Bcz`#83h3P^1+G6l6c%E0~<Fhcj~Yw9*#Oagc&
zCGg}5(LVQOCK4hX5HDn6zym){1#~g)grXV06cd=NA+95gkc!U}yi9bKwL%<Zjj3#n
z?@q>+RoJl~QERQI2fWTpxEI=_5v9xd%gwcp8Gi--2am{?l_Y^YA*;F^gnrS+WQmWp
znXwr;F$<%SR^z5NeNorZRO}xZ3@vmFG&Eq5+p(;G#aqvVu!+K_z3(>IaSs4X)}=+~
zaQGs9)hGUxHERzik@v3;{rlA`{dGOieH*HrP_g4u977^@9446?6C|Z4c|;KzLYT3R
z`G0|mF%cU?f|JUGa0yQPhxg3i)^>9sp*x4A9ek&Ao+L$#=i$iU4>xBV-8CuD5#tlD
zd2OVrO2DnjDFbCK%KCXRzGAYq?`#H<Rt5e-dQ<9wN(Ky5HTSmF^>`uZ8_$dQw2L@3
zQ_QCPIpiHwJN%LnQ<fTT4!=H?qpWtUR)3ug^gj=ryp7EoiY~y9R0&_(i;l6mCpqTp
zxn@(3aa11sTY(4S%H!;11UU9=wTp<YPr@KJ$3vws%QmYT+cOH_X``6hO=aN6v1`^6
z14j)%cpaPQx4)BRJiJ`KJI^sj*dG!wSLD$b%Af0~Ih<Ukb~)w}dE>|+;L(r~L>K}%
zY$07~T?Vw+PY*QW%*EwZV8#5nlB<(#1V(=tnmhnsQl&`(0tf&Ef&|F3yV`ta%ldv;
z!;GY8B&P-?D}HdLXzuDG>soIYo?GkgSxT1rC9rum(@z&?2NdHZetzgYpNycN{(X1#
z-BK<z2I<r1>l7h41xgi}o}UG8v4pnal-hxIi`+Jl)aKUWu<!BWPvax`SnV5~17Uvv
zVp9C>6$P*P@(gIx;!HR=)uX5B?U#<>Xt38N=4J&p3Id|_Beb*>UG~$*i{4M3pqs0$
z6-b3@v0w5k&aM@%Vih{-?hunipu8nldh(IRYbAm#b~@y02P2cKG_J|=Z=8F~Uef#y
z+Z2c_6;g~}w_9oc0qzM8OV)^q<W+yOCocZmE=06(oF=UVePp)AxpsTf=z&K3sz2Mu
zF~8{3zP7Vn6T(2{Z7$`Chi)RiPx3!lt}Ia(lYP^>{Vm@dR>s7DQ~~#z1Kzlqy~~>B
zVW3|WT$yvFYin~wUz~Dixm$YSVj^L(5M+;<HbcDvL((0RCr{P1(5l%8j9Gu_47!-{
znavJhuf#zcfn_fI@tAG|_`tnuXv=pEt3(EAd0)TrW`j$)T0l-89eDAr;A?&W`qAM@
zV+4qwxZ^Y$&=2+U#YMeg+6D~ARe;rjdV?SPTyj?B)~_ZMKXF+0IpBkEM;29NWIq$b
z+mY0=w(kmye3ojUNmAmVAVhz-0Lk=AckrD`R=!j0F0%LIvGVN>-Djkl280a3BQaX7
z>iaZ1pl_A18r|7bbcgk@+%8z7%(O-7i<e-7Yge!Nm3rh<HP!6tF3+IYD8D_iFtywp
zWOS(I6S9k2b|{EvHxXDqB1VFvEpESBy6t-K4fCz2@#(%UOP+365AT0GqO)7JlcHd5
z9aS7A>gSk9xOvzj0v*G=O5#-J1R7xc?;=2V&^~9E&$=`SwS|v>95yNXs>1jqkN`GB
zu}s5_X<$D+Y$^JN<f)40GnUh1gOWGi6$ZE&l5H4^R)DBM2%lq=-WZku^rt4pB~3r#
z*3txFazc;w`s5D@=BIz;+>lw*L#WQCu@Uge8;Fkk@O0a+g!qL)_E=<Pw^hpw<H5Rp
zWXH#d`98ackB`-I49}huiqpjdI2C*p0xCBn=YvDOR_4Er4hRwPZD~e=`&&cvDy7#u
z?=5L9vB+onFMgrRn!LbY#(^dqNX(8W%>0y$$XR_r-H%VJef57AAa4T+$MAO>sS)om
zyCCu5$dRm3!BuLbU~Xb9OH-tSCorQhK*!=KIyv0?`F^>WY9!z%M_2BD&_Qrw=W(L9
z+mf#k&LCP_CQfjN6?<m2lf~x1C|*}N|LZVVP{=O@-~K`rGaK_z{+DkRLr8dU4g4BK
zU16m3%49||mal*Ks|`83%`TQ|bhJ%_9xmA9HZ1(^(0&G8kYt^jCM#|OvTpeF#F*5P
zM4daU433ceKk1*cTGhR9Hn*_TF*e6+fzyzZM~ZP2v~~n_E1)dm#3l}+s}X*zx}J^D
zA@P_jUhz6XVs3|ceUpqw8W%E*kK=deB>p{Y6h$}8(l37|1ti{54l7b}&4UU#okN}>
zyDEDdj~(zh<c?9)uq`tCE-sEajPlcAeF9~lRp-SAy;-V7aKDjtYRr9*KFl6gJ4OAK
z@)e@as(lEz@|b#EFMh>zZhPO#Wg@(mdqenxF(oh~1_>&LNQU<f0SOf`76cTiHMH<r
z0O+I=GO0YHCJ5}!437E>FflM8FbM_)D-Ht!8U+9Z6unjn*yx^bNUn<RpsPKfyCj@~
Sk^~6C{i7X$6{^Jo0tf&n;EP58

diff --git a/compose/assets/vomsdir/test.vo.2/vgrid02.cnaf.infn.it.lsc b/compose/assets/vomsdir/test.vo.2/vgrid02.cnaf.infn.it.lsc
deleted file mode 100644
index 11316e3d..00000000
--- a/compose/assets/vomsdir/test.vo.2/vgrid02.cnaf.infn.it.lsc
+++ /dev/null
@@ -1,2 +0,0 @@
-/C=IT/O=INFN/OU=Host/L=CNAF/CN=vgrid02.cnaf.infn.it
-/C=IT/O=INFN/CN=INFN Certification Authority
diff --git a/compose/assets/vomsdir/test.vo.2/voms.example.lsc b/compose/assets/vomsdir/test.vo.2/voms.example.lsc
deleted file mode 100644
index 0121b810..00000000
--- a/compose/assets/vomsdir/test.vo.2/voms.example.lsc
+++ /dev/null
@@ -1,2 +0,0 @@
-/C=IT/O=IGI/CN=voms.example
-/C=IT/O=IGI/CN=Test CA
diff --git a/compose/assets/vomsdir/test.vo/vgrid02.cnaf.infn.it.lsc b/compose/assets/vomsdir/test.vo/vgrid02.cnaf.infn.it.lsc
deleted file mode 100644
index 11316e3d..00000000
--- a/compose/assets/vomsdir/test.vo/vgrid02.cnaf.infn.it.lsc
+++ /dev/null
@@ -1,2 +0,0 @@
-/C=IT/O=INFN/OU=Host/L=CNAF/CN=vgrid02.cnaf.infn.it
-/C=IT/O=INFN/CN=INFN Certification Authority
diff --git a/compose/assets/vomsdir/test.vo/voms-dev.cloud.cnaf.infn.it.lsc b/compose/assets/vomsdir/test.vo/voms-dev.cloud.cnaf.infn.it.lsc
new file mode 100644
index 00000000..f6319aaf
--- /dev/null
+++ b/compose/assets/vomsdir/test.vo/voms-dev.cloud.cnaf.infn.it.lsc
@@ -0,0 +1,2 @@
+/DC=org/DC=terena/DC=tcs/C=IT/ST=Roma/O=Istituto Nazionale di Fisica Nucleare/CN=voms-dev.cloud.cnaf.infn.it
+/C=NL/O=GEANT Vereniging/CN=GEANT eScience SSL CA 4
diff --git a/compose/assets/vomsdir/test.vo/voms.example.lsc b/compose/assets/vomsdir/test.vo/voms.example.lsc
deleted file mode 100644
index 0121b810..00000000
--- a/compose/assets/vomsdir/test.vo/voms.example.lsc
+++ /dev/null
@@ -1,2 +0,0 @@
-/C=IT/O=IGI/CN=voms.example
-/C=IT/O=IGI/CN=Test CA
diff --git a/compose/assets/vomses/test.vo b/compose/assets/vomses/test.vo
index 8b7420f9..2c2b10e8 100644
--- a/compose/assets/vomses/test.vo
+++ b/compose/assets/vomses/test.vo
@@ -1 +1 @@
-"test.vo" "vgrid02.cnaf.infn.it" "15000" "/C=IT/O=INFN/OU=Host/L=CNAF/CN=vgrid02.cnaf.infn.it" "test.vo"
+"test.vo" "voms-dev.cloud.cnaf.infn.it" "15004" "/DC=org/DC=terena/DC=tcs/C=IT/ST=Roma/O=Istituto Nazionale di Fisica Nucleare/CN=voms-dev.cloud.cnaf.infn.it" "test.vo"
\ No newline at end of file
diff --git a/compose/docker-compose.yml b/compose/docker-compose.yml
index 47f5e450..1b73e387 100644
--- a/compose/docker-compose.yml
+++ b/compose/docker-compose.yml
@@ -1,90 +1,92 @@
-version: "3"
-
 volumes:
   trustanchors:
   cabundle:
   storage:
   storage2:
-  hostcert:
-  saconfig:
-  mapfilesconfig:
+
 
 services:
   trust:
-    image: indigoiam/trustanchors:latest
+    image: ${TRUST_IMAGE}:${TRUST_IMAGE_TAG}
     volumes:
       - trustanchors:/etc/grid-security/certificates
       - cabundle:/etc/pki
     environment:
       FORCE_TRUST_ANCHORS_UPDATE: 1
 
-  webdav-setup:
-    image: italiangrid/storm-webdav:latest
+  storage-setup:
+    image: ${WEBDAV_IMAGE}:${WEBDAV_IMAGE_TAG}
     environment:
       TZ: UTC
 
     volumes:
-      - ./assets/certs/:/certs:ro 
       - ./assets/scripts:/scripts:ro
-      - ./assets/etc/storm/webdav/sa.d/:/sa.d:ro
-      - ./assets/etc/storm/webdav/vo-mapfiles.d/:/vo-mapfiles.d:ro
-      - hostcert:/etc/grid-security/storm-webdav
-      - saconfig:/etc/storm/webdav/sa.d
-      - mapfilesconfig:/etc/storm/webdav/vo-mapfiles.d
+      - ./assets/etc/storm/webdav/sa.d/:/etc/storm/webdav/sa.d/:ro
       - storage:/storage
-
+    user: root
     entrypoint:
-      - /scripts/setup.sh
+      - /scripts/init-storage.sh
 
   webdav:
-    image: italiangrid/storm-webdav:latest
-    dns_search: example
+    build:
+      context: ../
+      dockerfile: Dockerfile
     ports:
-      - "9443:8443"
-      - "9444:1044"
+      - "8443:8443"
+      - "8085:8085"
 
     depends_on:
-      - trust
-      - webdav-setup
+      trust:
+        condition: service_completed_successfully
+      storage-setup:
+        condition: service_completed_successfully
 
     environment:
       TZ: UTC
       STORM_WEBDAV_REQUIRE_CLIENT_CERT: "false"
-      STORM_WEBDAV_HOSTNAME_0: storm.example
-      STORM_WEBDAV_USE_CONSCRYPT: "true"
-      STORM_WEBDAV_JVM_OPTS: -Dspring.profiles.active=test
-      #DEBUG: y
-      #DEBUG_SUSPEND: y
+      STORM_WEBDAV_HOSTNAME_0: storm.test.example
+      STORM_WEBDAV_AUTHZ_SERVER_ENABLE: true
+      STORM_WEBDAV_AUTHZ_SERVER_ISSUER: https://storm.test.example:8443
+      STORM_WEBDAV_JVM_OPTS: -Dspring.profiles.active=policies,issuers
 
     volumes:
       - storage:/storage
       - cabundle:/etc/pki
       - trustanchors:/etc/grid-security/certificates
-      - hostcert:/etc/grid-security/storm-webdav
-      - saconfig:/etc/storm/webdav/sa.d
-      - mapfilesconfig:/etc/storm/webdav/vo-mapfiles.d
+      - ./assets/certs/:/etc/grid-security/storm-webdav/:ro 
       - ./assets/vomsdir:/etc/grid-security/vomsdir:ro
       - ./assets/scripts:/scripts:ro
-      - ${HOME}/git/storm-webdav:/code:ro
-
-    entrypoint:
-      - /scripts/run.sh
+      - ./assets/etc/storm/webdav/sa.d/:/etc/storm/webdav/sa.d/:ro
+      - ./assets/etc/storm/webdav/config/application-policies.yml:/app/application-policies.yml:ro
+      - ./assets/etc/storm/webdav/config/application-issuers.yml:/app/application-issuers.yml:ro
+      - ../:/code:ro
+
+    healthcheck:
+      test: curl https://storm.test.example:8443/actuator/health --fail || exit 1
+      interval: 5s
+      timeout: 3s
+      retries: 10
+      start_period: 5s
 
     networks:
       default:
         aliases:
-          - storm.example
+          - storm.test.example
 
   ts:
-    image: italiangrid/storm-webdav-ts:latest
+    image: ${TS_IMAGE}:${TS_IMAGE_TAG}
     environment:
+      - TZ=UTC
+      - ROBOT_ARGS
+      - OIDC_AGENT_ALIAS
+      - OIDC_AGENT_SECRET
       - IAM_ACCESS_TOKEN
-      - TZ=UTC 
-      - DAV_HOST=storm.example
-      - REMOTE_DAV_HOST=storm-alias.example
 
     depends_on:
-      - webdav 
+      webdav:
+        condition: service_healthy
+      trust:
+        condition: service_completed_successfully
 
     volumes:
       - storage:/storage
@@ -94,41 +96,38 @@ services:
       - ./assets/vomsdir:/etc/grid-security/vomsdir
       - ./assets/scripts:/scripts:ro
       - ./assets/usercerts/:/usercerts:ro
-      - ${HOME}/git/storm-webdav:/code:ro
+      - ./assets/oidc-agent:/home/test/.config/oidc-agent
+      - ../:/code:ro
 
     entrypoint:  sleep infinity
-    
-    #entrypoint: 
-    # - /scripts/wait-and-run-testsuite.sh
 
     networks:
       default:
 
   nginx:
-    image: storm2/ngx-voms:latest
-    dns_search: example 
-
+    image: ${NGINX_IMAGE}:${NGINX_IMAGE_TAG}
     ports:
-      - "9553:443"
+      - "443:443"
 
     depends_on:
-      - trust
-      - webdav-setup
+      webdav:
+        condition: service_started
+      trust:
+        condition: service_completed_successfully
 
     environment:
       TZ: UTC
-      X509_VOMS_DIR: /vomsdir
 
     volumes:
       - cabundle:/etc/pki
       - trustanchors:/etc/grid-security/certificates
       - ./assets/certs:/certs
       - ./assets/vomsdir:/vomsdir
-      - ./assets/nginx/nginx.conf:/home/storm/local/openresty/nginx/conf/nginx.conf:ro
+      - ./assets/nginx/nginx.conf:/etc/nginx/nginx.conf:ro
       - ./assets/nginx/srm.conf:/etc/nginx/conf.d/srm.conf:ro
-      - storage2:/storage
+      - storage2:/storage/oauth-authz
 
     networks:
       default:
         aliases:
-          - storm-alias.example
+          - storm-alias.test.example
diff --git a/docker/testsuite/Dockerfile b/docker/testsuite/Dockerfile
deleted file mode 100644
index 1c07aa03..00000000
--- a/docker/testsuite/Dockerfile
+++ /dev/null
@@ -1,7 +0,0 @@
-FROM italiangrid/storm-webdav:latest
-
-RUN mkdir /home/testsuite && chown storm:storm /home/testsuite
-
-USER storm
-
-WORKDIR /home/testsuite
diff --git a/docker/testsuite/build-image.sh b/docker/testsuite/build-image.sh
deleted file mode 100755
index 35bc82cb..00000000
--- a/docker/testsuite/build-image.sh
+++ /dev/null
@@ -1,3 +0,0 @@
-#!/bin/bash
-
-docker build -t italiangrid/storm-webdav-ts .
diff --git a/docker/webdav-centos7/Dockerfile b/docker/webdav-centos7/Dockerfile
index 7699aa33..097ad79e 100644
--- a/docker/webdav-centos7/Dockerfile
+++ b/docker/webdav-centos7/Dockerfile
@@ -12,8 +12,9 @@ RUN \
   yum install -y http://repository.egi.eu/sw/production/umd/4/centos7/x86_64/updates/umd-release-4.1.3-1.el7.centos.noarch.rpm && \
   adduser --uid ${STORM_USER_UID} storm && \
   usermod -a -G wheel storm && \
-  yum-config-manager --add-repo https://repo.cloud.cnaf.infn.it/repository/storm/nightly/storm-nightly-centos7.repo && \
+  yum-config-manager --add-repo https://repo.cloud.cnaf.infn.it/repository/storm/storm-nightly-centos7.repo && \
   yum install -y storm-webdav voms-clients-java jq && \
+  yum install -y java-11-openjdk-devel && yes 1 | update-alternatives --config java && \
   yum clean all
 
 ADD ./run.sh /
diff --git a/robot/.gitignore b/robot/.gitignore
deleted file mode 100644
index 21c3e1f4..00000000
--- a/robot/.gitignore
+++ /dev/null
@@ -1,3 +0,0 @@
-log.html
-output.xml
-report.html
diff --git a/robot/README.md b/robot/README.md
index 3a5bb830..d805c9dd 100644
--- a/robot/README.md
+++ b/robot/README.md
@@ -1 +1,95 @@
 # StoRM WebDAV robot testsuite
+
+## Run test suite
+
+The [compose](../compose/README.md) folder already includes all services necessary to run the testsuite.
+
+Start all services with
+
+```
+cd compose
+docker-compose up -d
+```
+
+In case of _Error response from daemon: failed to create symlink_ error, please run the `trust` container first.
+
+Enter into the testsuite container with
+
+```
+docker-compose exec ts bash 
+```
+
+To perform token based authorization, the testsuite requires a valid oidc-agent client
+registered in the [IAM DEV](https://iam-dev.cloud.cnaf.infn.it).
+
+Please set the following environment variable to allow the token credential setup
+
+```
+export OIDC_AGENT_ALIAS=<your-client-alias>
+export OIDC_AGENT_SECRET=<your-client-secret>
+```
+
+Set the minimum arguments required by the testsuite to run against the two StoRM WebDAV
+servers deployed into the compose:
+
+```
+export ROBOT_ARGS="--variable dav.host:storm.test.example --variable remote.dav.host:storm-alias.test.example --variable remote.davs.port:443"
+```
+
+Now you can run the test suite with
+
+```
+/scripts/ci-run-testsuite.sh
+```
+
+The default path for the test suite report is `/home/test/robot/reports`;
+in case you want to copy it locally, run
+
+```
+docker cp storm-webdav-ts-1:/home/test/robot/reports .
+```
+
+### Testsuite parameters
+
+| Parameter name | Description                        | Default value                                                                                                    |
+| -------------- | ---------------------------------- | ---------------------------------------------------------------------------------------------------------------- |
+| `dav.host`     | Hostname of the WebDAV server considered as running locally  | localhost                                                                                             |
+| `dav.port`     | Schema of the WebDAV server considered as running locally | 8085                                                                                             |
+| `davs.port`     | Schema of the WebDAV server considered as running locally with HTTPS | 8443                                                                                             |
+| `remote.dav.host`     | Hostname of the WebDAV server considered as running remotely  | localhost                                                                                             |
+| `remote.dav.port`     | Schema of the WebDAV server considered as running remotely | 8085                                                                                             |
+| `remote.davs.port`     | Schema of the WebDAV server considered as running remotely with HTTPS | 8443                                                                                             |
+| `token.endpoint`     | WebDAV endpoint for the locally issued tokens | https://localhost:8443/oauth/token                                                                                             |
+| `cred.oauth.env_var_name`     | Environment variable for an OAuth access token | IAM_ACCESS_TOKEN                                                                                             |
+| `cred.voms.use_os`     | Use `/tmp/x509up_u<user-id>` as proxy path | True                                                                                             |
+| `oidc-agent.alias`     | Alias for the oidc-agent client | dev-wlcg                                                                                               |
+| `oauth.group.claim`     | Claim for the token group | wlcg.groups                                                                                               |
+| `oauth.optional.group.claim`     | Claim for the optional token group. In IAM, optional groups appears in the token only if explicitly requested | wlcg.groups:/data-manager                                                                                               |
+
+For other parameters, see the [variables file](./test/variables.robot).
+
+
+### Enable custom token issuers
+
+In order for authorization tests being executed with custom token issuers, one needs to modify
+the StoRM WebDAV configuration as follow:
+
+* append the custom token issuer among the `orgs` comma separated list, in the [fga.property](../compose/assets/etc/storm/webdav/sa.d/fga.properties) and [oauth-authz.properties](../compose/assets/etc/storm/webdav/sa.d/oauth-authz.properties) files
+* include the custom token issuer in the [application-issuers.yml](../compose/assets/etc/storm/webdav/config/application-issuers.yml) file
+* write down authorization policies for the `fga` storage area indicating your token issuer in the [application-policies.yml](../compose/assets/etc/storm/webdav/config/application-policies.yml) file. The default behavior is:
+  * users presenting a VOMS proxy released by a `test.vo` can read/write in the SA
+  * anyone can read in the `/public` folder and sub-folders
+  * users presenting a JWT token which embeds the `/cms` group have read/write access in the `/cms` folder and sub-folders
+  * users presenting a JWT token which embeds the `/data-manager` group have read/write access in the SA.
+
+In case the group claim in your token is not `wlcg.groups`, please append among the `ROBOT_ARGS`
+
+```
+--variable oauth.group.claim:<your-token-group-claim> --variable oauth.optional.group.claim:<may-be-equal-to-oauth.group.claim>
+```
+
+Remember to set the proper oidc-agent alias appending also
+
+```
+--variable oidc-agent.alias:<your-client-alias>
+```
\ No newline at end of file
diff --git a/robot/assets/README.md b/robot/assets/README.md
deleted file mode 100644
index 80998f3d..00000000
--- a/robot/assets/README.md
+++ /dev/null
@@ -1 +0,0 @@
-This folder contains assets useful for the execution of the storm-webdav suite
diff --git a/robot/assets/fixtures/default/config/application-hackathon.yml b/robot/assets/fixtures/default/config/application-hackathon.yml
deleted file mode 100644
index 54fa7ab9..00000000
--- a/robot/assets/fixtures/default/config/application-hackathon.yml
+++ /dev/null
@@ -1,70 +0,0 @@
-spring:
-  profiles:
-    active: oidc
-
-oauth:
-  enable-oidc: true
-
-  issuers:
-    - name: iam-test
-      issuer: https://iam-test.indigo-datacloud.eu/
-
-    - name: wlcg
-      issuer: https://wlcg.cloud.cnaf.infn.it/
-
-    - name: tf-local
-      issuer: http://localhost:8080
-
-    - name: tf
-      issuer: https://tf.cloud.cnaf.infn.it
-
-storm:
-  authz:
-    policies:
-    - sa: tf
-      description: Grant read access to the SA to tf members
-      actions:
-        - list
-        - read
-      effect: permit
-      principals:
-        - type: jwt-issuer
-          params:
-            iss: https://tf.cloud.cnaf.infn.it
-    - sa: wlcg
-      description: Grant read access to the SA to wlcg members
-      actions:
-        - list
-        - read
-      effect: permit
-      principals:
-        - type: vo
-          params:
-            vo: wlcg
-        - type: jwt-issuer
-          params:
-            iss: https://wlcg.cloud.cnaf.infn.it/
-    - sa: wlcg
-      description: Grant all access to /wlcg/protected to /wlcg/test members
-      actions:
-        - all
-      paths:
-        - protected/**
-      effect: permit
-      principals:
-        - type: fqan
-          params:
-            fqan: /wlcg/Role=test
-        - type: jwt-group
-          params:
-            iss: https://wlcg.cloud.cnaf.infn.it/
-            group: /wlcg/test
-    - sa: wlcg
-      description: Grant all access to /wlcg VOMS members
-      actions:
-        - all
-      effect: permit
-      principals:
-        - type: vo
-          params:
-            vo: wlcg
diff --git a/robot/assets/fixtures/default/config/application-oidc.yml b/robot/assets/fixtures/default/config/application-oidc.yml
deleted file mode 100644
index 5351068b..00000000
--- a/robot/assets/fixtures/default/config/application-oidc.yml
+++ /dev/null
@@ -1,24 +0,0 @@
-spring:
-  security:
-    oauth2:
-      client:
-        registration:
-          iam-test:
-            provider: indigo
-            authorization-grant-type: authorization_code
-            client-name: INDIGO IAM test instance
-            client-id: ${IAM_TEST_CLIENT_ID}
-            client-secret: ${IAM_TEST_CLIENT_SECRET}
-            scope:
-            - openid
-            - profile
-          wlcg:
-            provider: wlcg
-            authorization-grant-type: authorization_code
-            client-name: WLCG IAM
-            client-id: ${WLCG_CLIENT_ID}
-            client-secret: ${WLCG_CLIENT_SECRET}
-            scope:
-            - openid
-            - profile
-            - wlcg.groups
diff --git a/robot/assets/fixtures/default/config/application.yml b/robot/assets/fixtures/default/config/application.yml
deleted file mode 100644
index 6f190f59..00000000
--- a/robot/assets/fixtures/default/config/application.yml
+++ /dev/null
@@ -1,62 +0,0 @@
-spring:
-  profiles:
-    active: oidc
-
-oauth:
-  enable-oidc: true
-
-  issuers:
-    - name: iam-test
-      issuer: https://iam-test.indigo-datacloud.eu/
-
-    - name: wlcg
-      issuer: https://wlcg.cloud.cnaf.infn.it/
-
-    - name: tf-local
-      issuer: http://localhost:8080
-
-    - name: tf
-      issuer: https://tf.cloud.cnaf.infn.it
-
-storm:
-  authz:
-    policies:
-    - sa: fga
-      actions:
-      - list
-      - read
-      effect: permit
-      description: Grant read access to anyone to the public area
-      paths:
-      - /public/**
-      principals:
-      - type: anyone
-    - sa: fga
-      actions:
-      - all
-      effect: permit
-      description: Grant read/write access to test.vo and WLCG VOMS vo users
-      principals:
-      - type: vo
-        params:
-          vo: test.vo
-      - type: vo
-        params:
-          vo: wlcg
-      - type: jwt-group
-        params:
-          iss: https://wlcg.cloud.cnaf.infn.it/
-          group: /wlcg
-    - sa: wlcg
-      actions:
-      - all
-      effect: permit
-      description: Grant read/write access to WLCG VOMS vo users
-      principals:
-      - type: vo
-        params:
-          vo: wlcg
-      - type: jwt-group
-        params:
-          iss: https://wlcg.cloud.cnaf.infn.it/
-          group: /wlcg/xfers
diff --git a/robot/assets/fixtures/default/sa.d/README.md b/robot/assets/fixtures/default/sa.d/README.md
deleted file mode 100644
index d158bf4f..00000000
--- a/robot/assets/fixtures/default/sa.d/README.md
+++ /dev/null
@@ -1,2 +0,0 @@
-This folder contains the storage area configuration required for a default execution
-of the storm-webdav testsuite
diff --git a/robot/assets/fixtures/default/sa.d/auth.properties b/robot/assets/fixtures/default/sa.d/auth.properties
deleted file mode 100644
index a0fe26f7..00000000
--- a/robot/assets/fixtures/default/sa.d/auth.properties
+++ /dev/null
@@ -1,7 +0,0 @@
-name=auth
-rootPath=/storage/auth
-filesystemType=posixfs
-accessPoints=/auth
-authenticatedReadEnabled=true
-anonymousReadEnabled=false
-voMapGrantsWritePermission=false
diff --git a/robot/assets/fixtures/default/sa.d/fga.properties b/robot/assets/fixtures/default/sa.d/fga.properties
deleted file mode 100644
index afda19f1..00000000
--- a/robot/assets/fixtures/default/sa.d/fga.properties
+++ /dev/null
@@ -1,5 +0,0 @@
-name=fga
-rootPath=/storage/fga
-filesystemType=posixfs
-accessPoints=/fga
-fineGrainedAuthzEnabled=true
diff --git a/robot/assets/fixtures/default/sa.d/noauth.properties b/robot/assets/fixtures/default/sa.d/noauth.properties
deleted file mode 100644
index 7af45b9c..00000000
--- a/robot/assets/fixtures/default/sa.d/noauth.properties
+++ /dev/null
@@ -1,7 +0,0 @@
-name=noauth
-rootPath=/storage/noauth
-filesystemType=posixfs
-accessPoints=/noauth
-authenticatedReadEnabled=true
-anonymousReadEnabled=true
-voMapGrantsWritePermission=false
diff --git a/robot/assets/fixtures/default/sa.d/oauth_authz.properties b/robot/assets/fixtures/default/sa.d/oauth_authz.properties
deleted file mode 100644
index 81171037..00000000
--- a/robot/assets/fixtures/default/sa.d/oauth_authz.properties
+++ /dev/null
@@ -1,8 +0,0 @@
-name=oauth-authz
-rootPath=/storage/oauth-authz
-filesystemType=posixfs
-accessPoints=/oauth-authz
-orgs=https://iam-test.indigo-datacloud.eu/
-authenticatedReadEnabled=false
-anonymousReadEnabled=false
-voMapGrantsWritePermission=false
diff --git a/robot/assets/fixtures/default/sa.d/test_vo.properties b/robot/assets/fixtures/default/sa.d/test_vo.properties
deleted file mode 100644
index ee96ca81..00000000
--- a/robot/assets/fixtures/default/sa.d/test_vo.properties
+++ /dev/null
@@ -1,9 +0,0 @@
-name=test.vo
-rootPath=/storage/test.vo
-filesystemType=posixfs
-accessPoints=/test.vo,/ciccio
-vos=test.vo,local
-orgs=https://iam-test.indigo-datacloud.eu/
-authenticatedReadEnabled=false
-anonymousReadEnabled=false
-voMapGrantsWritePermission=false
diff --git a/robot/assets/fixtures/default/sa.d/tf.properties b/robot/assets/fixtures/default/sa.d/tf.properties
deleted file mode 100644
index fed2e0b6..00000000
--- a/robot/assets/fixtures/default/sa.d/tf.properties
+++ /dev/null
@@ -1,12 +0,0 @@
-name=tf
-rootPath=/storage/tf
-filesystemType=posixfs
-accessPoints=/tf
-orgs=http://localhost:8080,https://tf.cloud.cnaf.infn.it
-authenticatedReadEnabled=false
-anonymousReadEnabled=false
-voMapGrantsWritePermission=false
-wlcgScopeAuthzEnabled=true
-fineGrainedAuthzEnabled=false
-orgsGrantReadPermission=false
-orgsGrantWritePermission=false
diff --git a/robot/assets/fixtures/redirector/config/application-oidc.yml b/robot/assets/fixtures/redirector/config/application-oidc.yml
deleted file mode 100644
index 5351068b..00000000
--- a/robot/assets/fixtures/redirector/config/application-oidc.yml
+++ /dev/null
@@ -1,24 +0,0 @@
-spring:
-  security:
-    oauth2:
-      client:
-        registration:
-          iam-test:
-            provider: indigo
-            authorization-grant-type: authorization_code
-            client-name: INDIGO IAM test instance
-            client-id: ${IAM_TEST_CLIENT_ID}
-            client-secret: ${IAM_TEST_CLIENT_SECRET}
-            scope:
-            - openid
-            - profile
-          wlcg:
-            provider: wlcg
-            authorization-grant-type: authorization_code
-            client-name: WLCG IAM
-            client-id: ${WLCG_CLIENT_ID}
-            client-secret: ${WLCG_CLIENT_SECRET}
-            scope:
-            - openid
-            - profile
-            - wlcg.groups
diff --git a/robot/assets/fixtures/redirector/config/application.yml b/robot/assets/fixtures/redirector/config/application.yml
deleted file mode 100644
index 6a75854e..00000000
--- a/robot/assets/fixtures/redirector/config/application.yml
+++ /dev/null
@@ -1,70 +0,0 @@
-spring:
-  profiles:
-    active: oidc
-
-oauth:
-  enable-oidc: true
-
-  issuers:
-    - name: iam-test
-      issuer: https://iam-test.indigo-datacloud.eu/
-
-    - name: wlcg
-      issuer: https://wlcg.cloud.cnaf.infn.it/
-
-    - name: tf-local
-      issuer: http://localhost:8080
-
-    - name: tf
-      issuer: https://tf.cloud.cnaf.infn.it
-
-storm:
-
-  redirector:
-    enabled: true
-    max-token-lifetime-secs: 600
-    pool:
-      endpoints:
-      - endpoint: http://storm.example:8085
-
-  authz:
-    policies:
-    - sa: fga
-      actions:
-      - list
-      - read
-      effect: permit
-      description: Grant read access to anyone to the public area
-      paths:
-      - /public/**
-      principals:
-      - type: anyone
-    - sa: fga
-      actions:
-      - all
-      effect: permit
-      description: Grant read/write access to test.vo and WLCG VOMS vo users
-      principals:
-      - type: vo
-        params:
-          vo: test.vo
-      - type: vo
-        params:
-          vo: wlcg
-      - type: jwt-group
-        params:
-          iss: https://wlcg.cloud.cnaf.infn.it/
-          group: /wlcg
-    - sa: wlcg
-      actions:
-      - all
-      effect: permit
-      description: Grant read/write access to WLCG VOMS vo users
-      principals:
-      - type: vo
-        params:
-          vo: wlcg
-      - type: jwt-group
-        params:
-          iss: https://wlcg.cloud.cnaf.infn.it/
-          group: /wlcg/xfers
diff --git a/robot/assets/fixtures/redirector/sa.d/README.md b/robot/assets/fixtures/redirector/sa.d/README.md
deleted file mode 100644
index d158bf4f..00000000
--- a/robot/assets/fixtures/redirector/sa.d/README.md
+++ /dev/null
@@ -1,2 +0,0 @@
-This folder contains the storage area configuration required for a default execution
-of the storm-webdav testsuite
diff --git a/robot/assets/fixtures/redirector/sa.d/auth.properties b/robot/assets/fixtures/redirector/sa.d/auth.properties
deleted file mode 100644
index a0fe26f7..00000000
--- a/robot/assets/fixtures/redirector/sa.d/auth.properties
+++ /dev/null
@@ -1,7 +0,0 @@
-name=auth
-rootPath=/storage/auth
-filesystemType=posixfs
-accessPoints=/auth
-authenticatedReadEnabled=true
-anonymousReadEnabled=false
-voMapGrantsWritePermission=false
diff --git a/robot/assets/fixtures/redirector/sa.d/fga.properties b/robot/assets/fixtures/redirector/sa.d/fga.properties
deleted file mode 100644
index afda19f1..00000000
--- a/robot/assets/fixtures/redirector/sa.d/fga.properties
+++ /dev/null
@@ -1,5 +0,0 @@
-name=fga
-rootPath=/storage/fga
-filesystemType=posixfs
-accessPoints=/fga
-fineGrainedAuthzEnabled=true
diff --git a/robot/assets/fixtures/redirector/sa.d/noauth.properties b/robot/assets/fixtures/redirector/sa.d/noauth.properties
deleted file mode 100644
index 7af45b9c..00000000
--- a/robot/assets/fixtures/redirector/sa.d/noauth.properties
+++ /dev/null
@@ -1,7 +0,0 @@
-name=noauth
-rootPath=/storage/noauth
-filesystemType=posixfs
-accessPoints=/noauth
-authenticatedReadEnabled=true
-anonymousReadEnabled=true
-voMapGrantsWritePermission=false
diff --git a/robot/assets/fixtures/redirector/sa.d/oauth_authz.properties b/robot/assets/fixtures/redirector/sa.d/oauth_authz.properties
deleted file mode 100644
index 81171037..00000000
--- a/robot/assets/fixtures/redirector/sa.d/oauth_authz.properties
+++ /dev/null
@@ -1,8 +0,0 @@
-name=oauth-authz
-rootPath=/storage/oauth-authz
-filesystemType=posixfs
-accessPoints=/oauth-authz
-orgs=https://iam-test.indigo-datacloud.eu/
-authenticatedReadEnabled=false
-anonymousReadEnabled=false
-voMapGrantsWritePermission=false
diff --git a/robot/assets/fixtures/redirector/sa.d/test_vo.properties b/robot/assets/fixtures/redirector/sa.d/test_vo.properties
deleted file mode 100644
index ee96ca81..00000000
--- a/robot/assets/fixtures/redirector/sa.d/test_vo.properties
+++ /dev/null
@@ -1,9 +0,0 @@
-name=test.vo
-rootPath=/storage/test.vo
-filesystemType=posixfs
-accessPoints=/test.vo,/ciccio
-vos=test.vo,local
-orgs=https://iam-test.indigo-datacloud.eu/
-authenticatedReadEnabled=false
-anonymousReadEnabled=false
-voMapGrantsWritePermission=false
diff --git a/robot/assets/fixtures/redirector/sa.d/tf.properties b/robot/assets/fixtures/redirector/sa.d/tf.properties
deleted file mode 100644
index fed2e0b6..00000000
--- a/robot/assets/fixtures/redirector/sa.d/tf.properties
+++ /dev/null
@@ -1,12 +0,0 @@
-name=tf
-rootPath=/storage/tf
-filesystemType=posixfs
-accessPoints=/tf
-orgs=http://localhost:8080,https://tf.cloud.cnaf.infn.it
-authenticatedReadEnabled=false
-anonymousReadEnabled=false
-voMapGrantsWritePermission=false
-wlcgScopeAuthzEnabled=true
-fineGrainedAuthzEnabled=false
-orgsGrantReadPermission=false
-orgsGrantWritePermission=false
diff --git a/robot/assets/fixtures/redirector/sa.d/wlcg.properties b/robot/assets/fixtures/redirector/sa.d/wlcg.properties
deleted file mode 100644
index 0d635e49..00000000
--- a/robot/assets/fixtures/redirector/sa.d/wlcg.properties
+++ /dev/null
@@ -1,12 +0,0 @@
-name=wlcg
-rootPath=/storage/wlcg
-filesystemType=posixfs
-accessPoints=/wlcg
-orgs=https://wlcg.cloud.cnaf.infn.it/
-authenticatedReadEnabled=false
-anonymousReadEnabled=false
-voMapGrantsWritePermission=false
-wlcgScopeAuthzEnabled=true
-fineGrainedAuthzEnabled=true
-orgsGrantReadPermission=false
-orgsGrantWritePermission=false
diff --git a/robot/common/credentials.robot b/robot/common/credentials.robot
index 2e53a682..80ad3f06 100644
--- a/robot/common/credentials.robot
+++ b/robot/common/credentials.robot
@@ -4,34 +4,14 @@ Library  VOMSHelperLibrary
 
 *** Variables ***
 
-${cred.voms.use_os}   True
-
 ## Where the testsuite should look for an OAuth 
 ## access token
 ${cred.oauth.env_var_name}  IAM_ACCESS_TOKEN
 
-## Embedded VOMS proxies
-${cred.voms.1}   assets/certs/voms.1 
-${cred.voms.2}   assets/certs/voms.2
-
-${cred.voms.default}   ${cred.voms.1}
-
-## Embedded GRID proxies
-${cred.grid.1}   assets/certs/grid.1 
-${cred.grid.default}   ${cred.grid.1}
-
-## Embedded X.509 certs
-${cred.cert.1.p12}   assets/certs/test0.p12
-${cred.cert.1.cert}   assets/certs/test0.pem
-${cred.cert.1.password}   pass   
-
-${cred.cert.2.p12}   assets/certs/test1.p12
-${cred.cert.2.cert}   assets/certs/test1.pem
-${cred.cert.2.password}   pass   
+${cred.voms.use_os}   True
 
-${cred.cert.default.p12}   ${cred.cert.1.p12}
-${cred.cert.default.cert}   ${cred.cert.1.cert}
-${cred.cert.default.password}   ${cred.cert.1.password}
+## Embedded VOMS proxies
+${cred.voms.default}   assets/certs/voms.1
 
 *** Keywords ***
 Default Proxy Path
diff --git a/robot/common/curl.robot b/robot/common/curl.robot
index e527b422..7a464572 100644
--- a/robot/common/curl.robot
+++ b/robot/common/curl.robot
@@ -10,7 +10,10 @@ ${x509.trustdir}  /etc/grid-security/certificates
 
 *** Keywords ***
 Curl   [Arguments]  ${url}  ${opts}=${curl.opts.default}
-    ${rc}   ${out}    Run and Return RC And Output   curl ${url} ${opts}
+    ${cmd}   Set Variable  curl ${url} ${opts}
+    Log   ${cmd}   level=debug
+    ${rc}   ${out}    Run and Return RC And Output   ${cmd}
+    Log   ${out}   level=debug
     [Return]  ${rc}  ${out}
 
 Curl Success  [Arguments]  ${url}  ${opts}=${curl.opts.default}
@@ -32,18 +35,36 @@ Curl Voms HEAD Success  [Arguments]  ${url}  ${opts}=${curl.opts.default}
     ${rc}  ${out}  Curl Success  ${url} ${all_opts}
     [Return]  ${rc}  ${out}
 
+Curl Voms HEAD Failure  [Arguments]  ${url}  ${opts}=${curl.opts.default}
+    ${voms_opts}  Get Curl Voms Proxy Options
+    ${all_opts}   Set variable   --HEAD ${opts} ${voms_opts}
+    ${rc}  ${out}  Curl Error  ${url} ${all_opts}
+    [Return]  ${rc}  ${out}
+
 Curl Voms Get Success  [Arguments]  ${url}  ${opts}=${curl.opts.default}
     ${voms_opts}  Get Curl Voms Proxy Options
     ${all_opts}   Set variable   -X GET ${opts} ${voms_opts}
     ${rc}  ${out}  Curl Success  ${url}  ${all_opts}
     [Return]  ${rc}  ${out}
 
+Curl Voms Get Failure  [Arguments]  ${url}  ${opts}=${curl.opts.default}
+    ${voms_opts}  Get Curl Voms Proxy Options
+    ${all_opts}   Set variable   -X GET ${opts} ${voms_opts}
+    ${rc}  ${out}  Curl Error  ${url}  ${all_opts}
+    [Return]  ${rc}  ${out}
+
 Curl Voms MKCOL Success  [Arguments]  ${url}  ${opts}=${curl.opts.default}
     ${voms_opts}  Get Curl Voms Proxy Options
     ${all_opts}   Set variable   -X MKCOL ${opts} ${voms_opts}
     ${rc}  ${out}  Curl Success  ${url}  ${all_opts}
     [Return]  ${rc}  ${out}
 
+Curl Voms MKCOL Failure  [Arguments]  ${url}  ${opts}=${curl.opts.default}
+    ${voms_opts}  Get Curl Voms Proxy Options
+    ${all_opts}   Set variable   -X MKCOL ${opts} ${voms_opts}
+    ${rc}  ${out}  Curl Error  ${url}  ${all_opts}
+    [Return]  ${rc}  ${out}
+
 Curl Voms Pull COPY Success   [Arguments]  ${dest}  ${source}  ${opts}=${curl.opts.default}
     ${voms_opts}  Get Curl Voms Proxy Options
     ${all_opts}   Set variable   -X COPY -H "Source: ${source}" ${opts} ${voms_opts}
@@ -80,6 +101,12 @@ Curl Voms PUT Success  [Arguments]  ${file}  ${url}  ${opts}=${curl.opts.default
     ${rc}  ${out}  Curl Success  ${url}  ${all_opts}
     [Return]  ${rc}  ${out}
 
+Curl Voms PUT Failure  [Arguments]  ${file}  ${url}  ${opts}=${curl.opts.default}
+    ${voms_opts}  Get Curl Voms Proxy Options
+    ${all_opts}   Set variable   -X PUT -T ${file} ${opts} ${voms_opts}
+    ${rc}  ${out}  Curl Error  ${url}  ${all_opts}
+    [Return]  ${rc}  ${out}
+
 Curl Voms POST Success  [Arguments]  ${url}  ${opts}=${curl.opts.default}
     ${voms_opts}  Get Curl Voms Proxy Options
     ${all_opts}   Set variable   -X POST ${opts} ${voms_opts}
@@ -92,18 +119,42 @@ Curl Voms POST Failure  [Arguments]  ${url}  ${opts}=${curl.opts.default}
     ${rc}  ${out}  Curl Error  ${url}  ${all_opts}
     [Return]  ${rc}  ${out}
 
+Curl Voms DELETE Success  [Arguments]  ${url}  ${opts}=${curl.opts.default}
+    ${voms_opts}  Get Curl Voms Proxy Options
+    ${all_opts}   Set variable   -X DELETE ${opts} ${voms_opts}
+    ${rc}  ${out}  Curl Success  ${url}  ${all_opts}
+    [Return]  ${rc}  ${out}
+
+Curl Voms DELETE Failure  [Arguments]  ${url}  ${opts}=${curl.opts.default}
+    ${voms_opts}  Get Curl Voms Proxy Options
+    ${all_opts}   Set variable   -X DELETE ${opts} ${voms_opts}
+    ${rc}  ${out}  Curl Error  ${url}  ${all_opts}
+    [Return]  ${rc}  ${out}
+
 Curl Voms MOVE Success   [Arguments]  ${dest}  ${source}  ${opts}=${curl.opts.default}
     ${voms_opts}  Get Curl Voms Proxy Options
     ${all_opts}   Set variable   -X MOVE -H "Destination: ${dest}" ${opts} ${voms_opts}
     ${rc}  ${out}  Curl Success  ${source}  ${all_opts}
     [Return]  ${rc}  ${out}
 
+Curl Voms MOVE Failure   [Arguments]  ${dest}  ${source}  ${opts}=${curl.opts.default}
+    ${voms_opts}  Get Curl Voms Proxy Options
+    ${all_opts}   Set variable   -X MOVE -H "Destination: ${dest}" ${opts} ${voms_opts}
+    ${rc}  ${out}  Curl Error  ${source}  ${all_opts}
+    [Return]  ${rc}  ${out}
+
 Curl Voms MOVE  [Arguments]  ${dest}  ${source}  ${opts}=-s -L -i
     ${voms_opts}  Get Curl Voms Proxy Options
     ${all_opts}   Set variable   -X MOVE -H "Destination: ${dest}" ${opts} ${voms_opts}
     ${rc}  ${out}  Curl  ${source}  ${all_opts}
     [Return]  ${rc}  ${out}
 
+Curl Voms OPTIONS  [Arguments]  ${url}  ${opts}=-s -L -i
+    ${voms_opts}  Get Curl Voms Proxy Options
+    ${all_opts}   Set variable   -X OPTIONS ${voms_opts}
+    ${rc}  ${out}  Curl  ${url}  ${all_opts}
+    [Return]  ${rc}  ${out}
+
 Curl pull COPY Success  [Arguments]  ${dest}  ${source}  ${opts}=${curl.opts.default}
     ${all_opts}   Set variable   -X COPY -H "Source: ${source}" ${opts}
     ${rc}  ${out}  Curl Success  ${dest}  ${all_opts}
@@ -112,4 +163,10 @@ Curl pull COPY Success  [Arguments]  ${dest}  ${source}  ${opts}=${curl.opts.def
 Curl push COPY Success  [Arguments]  ${dest}  ${source}  ${opts}=${curl.opts.default}
     ${all_opts}   Set variable   -X COPY -H "Destination: ${dest}" ${opts}
     ${rc}  ${out}  Curl Success  ${source}  ${all_opts}
+    [Return]  ${rc}  ${out}
+
+Curl Voms PROPFIND  [Arguments]  ${url}  ${body}  ${opts}=${curl.opts.default}
+    ${voms_opts}  Get Curl Voms Proxy Options
+    ${all_opts}   Set variable   -X PROPFIND ${opts} ${voms_opts} --data ${body}
+    ${rc}  ${out}  Curl  ${url}  ${all_opts}
     [Return]  ${rc}  ${out}
\ No newline at end of file
diff --git a/robot/common/oidc-agent.robot b/robot/common/oidc-agent.robot
new file mode 100644
index 00000000..ea126e51
--- /dev/null
+++ b/robot/common/oidc-agent.robot
@@ -0,0 +1,16 @@
+*** Settings ***
+
+Resource   common/credentials.robot
+
+*** Variables ***
+
+${oidc-agent.scope.default}   -s openid
+${oidc-agent.alias}  dev-wlcg
+
+
+*** Keywords ***
+
+Get token   [Arguments]   ${scope}=${oidc-agent.scope.default}  ${issuer}=${oidc-agent.alias}  ${opts}=${EMPTY}
+    ${rc}  ${out}   Execute and Check Success   oidc-token ${scope} ${opts} ${issuer} 
+    Set Environment Variable   ${cred.oauth.env_var_name}   ${out}
+    [Return]   ${out}
\ No newline at end of file
diff --git a/robot/common/setup_and_teardown.robot b/robot/common/setup_and_teardown.robot
new file mode 100644
index 00000000..e579684a
--- /dev/null
+++ b/robot/common/setup_and_teardown.robot
@@ -0,0 +1,30 @@
+*** Keywords ***
+
+Default Setup
+    Default VOMS credential
+
+Default Teardown
+    Unset VOMS credential
+
+Setup file  [Arguments]  ${file_name}  ${content}=Hello World!
+    Default Setup
+    Create Test File   ${file_name}  ${content}
+
+Setup directory  [Arguments]  ${dir_name}
+    Default Setup
+    Create Test Directory   ${dir_name}
+
+Teardown file  [Arguments]  ${file_name}
+    Default Teardown
+    Remove Test File   ${file_name}
+    Remove Test File   ${file_name}.dest
+
+Teardown file cross sa  [Arguments]  ${file_name}
+    Default Teardown
+    Remove Test File   ${file_name}
+    Remove Test File   ${file_name}.dest  sa=${sa.oauth}
+
+Teardown directory  [Arguments]  ${dir_name}
+    Default Teardown
+    Remove Test Directory   ${dir_name}
+    Remove Test Directory   ${dir_name}.dest
\ No newline at end of file
diff --git a/robot/common/storage_areas.robot b/robot/common/storage_areas.robot
index 0455379d..1ba23ed6 100644
--- a/robot/common/storage_areas.robot
+++ b/robot/common/storage_areas.robot
@@ -6,11 +6,9 @@ Resource   common/utils.robot
 *** Variables ***
 
 ${sa.default}   test.vo
-${sa.auth}      auth
 ${sa.noauth}    noauth
 ${sa.fga}       fga
 ${sa.oauth}     oauth-authz
-${sa.wlcg}      wlcg
 
 ${storage.root}   /storage
 
@@ -29,11 +27,16 @@ Create 1MB Test File  [Arguments]  ${file}  ${sa}=${sa.default}
     ${path}=   Normalize Path   ${storage.root}/${sa}/${file}
     File Should Not Exist   ${path}
     ${rc}  ${out}  Execute and Check Success  dd if=/dev/zero of=${path} bs=1 count=0 seek=1048576
+
+Create Test Directory  [Arguments]  ${directory}  ${sa}=${sa.default}
+    ${path}=   Normalize Path   ${storage.root}/${sa}/${directory}
+    Directory Should Not Exist   ${path}
+    Create Directory   ${path}
     
 Remove Test File  [Arguments]  ${file}  ${sa}=${sa.default}
     ${path}=   Normalize Path   ${storage.root}/${sa}/${file}
     Remove file  ${path}
 
-Remove Test Directory  [Arguments]  ${file}  ${sa}=${sa.default}
-    ${path}=   Normalize Path   ${storage.root}/${sa}/${file}
-    Remove Directory  ${path}
\ No newline at end of file
+Remove Test Directory  [Arguments]  ${directory}  ${sa}=${sa.default}
+    ${path}=   Normalize Path   ${storage.root}/${sa}/${directory}
+    Remove Directory  ${path}  recursive=true
\ No newline at end of file
diff --git a/robot/common/utils.robot b/robot/common/utils.robot
index 6e07c0c9..40d141ef 100644
--- a/robot/common/utils.robot
+++ b/robot/common/utils.robot
@@ -1,12 +1,16 @@
 *** Keywords ***
 
 Execute and Check Success   [Arguments]   ${cmd}
+    Log   ${cmd}   level=debug
     ${rc}   ${output}    Run and Return RC And Output   ${cmd}
+    Log   ${output}   level=debug
     Should Be Equal As Integers   ${rc}   0   ${cmd} exited with status ${rc} != 0 : ${output}   False
     [Return]   ${rc}  ${output}
 
 Execute and Check Failure   [Arguments]   ${cmd}
+    Log   ${cmd}   level=debug
     ${rc}   ${output}    Run and Return RC And Output   ${cmd}
+    Log   ${output}   level=debug
     Should Not Be Equal As Integers   ${rc}   0   ${cmd} exited with 0 : ${output}   False
     [Return]   ${rc}  ${output}
 
diff --git a/robot/reports/.gitignore b/robot/reports/.gitignore
deleted file mode 100644
index ced4d9da..00000000
--- a/robot/reports/.gitignore
+++ /dev/null
@@ -1,3 +0,0 @@
-./log.html
-./output.xml
-./report.html
diff --git a/robot/run-testsuite.sh b/robot/run-testsuite.sh
index 42fb8c8f..b8472441 100755
--- a/robot/run-testsuite.sh
+++ b/robot/run-testsuite.sh
@@ -16,15 +16,11 @@
 #
 set -ex
 
-DAV_HOST=${DAV_HOST:-localhost}
-
-REMOTE_DAV_HOST=${REMOTE_DAV_HOST:-${DAV_HOST:-localhost}}
-
 REPORTS_DIR=${REPORTS_DIR:-reports}
 
 ROBOT_ARGS=${ROBOT_ARGS:-}
 
-DEFAULT_ARGS="--pythonpath .:common --variable dav.host:${DAV_HOST} --variable remote.dav.host:${REMOTE_DAV_HOST} -d ${REPORTS_DIR}"
+DEFAULT_ARGS="--pythonpath .:common -d ${REPORTS_DIR}"
 
 ARGS=${DEFAULT_ARGS}
 
diff --git a/robot/test/authorization.robot b/robot/test/authorization.robot
new file mode 100644
index 00000000..4cdd367f
--- /dev/null
+++ b/robot/test/authorization.robot
@@ -0,0 +1,223 @@
+*** Settings ***
+Resource    common/storage_areas.robot
+Resource    common/credentials.robot
+Resource    common/davix.robot
+Resource    common/curl.robot
+Resource    common/setup_and_teardown.robot
+Resource    common/oidc-agent.robot
+Resource    test/variables.robot
+
+Test Setup  Get token
+Test Teardown   Get token
+
+*** Variables ***
+
+${oauth.group.claim}   wlcg.groups
+${oauth.group.value}   cms
+
+${oauth.optional.group.claim}   ${oauth.group.claim}:/${oauth.optional.group.value}
+${oauth.optional.group.value}   data-manager
+
+
+*** Keywords ***
+
+Setup directory fga  [Arguments]  ${dir_name}  ${file_name}=test_file
+    Create Test Directory   ${dir_name}   ${sa.fga}
+    Create Test File  ${dir_name}/${file_name}   Hello world!   ${sa.fga}
+
+Teardown file fga  [Arguments]  ${file_name}
+    Remove Test File  ${file_name}  ${sa.fga}
+
+Teardown directory fga  [Arguments]  ${dir_name}
+    Remove Test Directory  ${dir_name}  ${sa.fga}
+
+
+*** Test cases ***
+
+Read access allowed to anyone to the public area
+    [Tags]  fga  get
+    [Setup]  Setup directory fga  public
+    ${url}   DAVS URL  public/test_file  ${sa.fga}
+    ${rc}  ${out}  Curl Success   ${url}  ${curl.opts.default}
+    Should Contain   ${out}  Hello world!
+    [Teardown]  Teardown directory fga  public
+
+List access allowed to anyone to the public area
+    [Tags]  fga  propfind
+    [Setup]  Setup directory fga  public
+    ${url}   DAVS URL  public  ${sa.fga}
+    ${rc}  ${out}  Curl Success   ${url}  -X PROPFIND ${curl.opts.default}
+    Should Contain   ${out}  test_file
+    [Teardown]  Teardown directory fga  public
+
+Anonymous put not allowed to the public area
+    [Tags]  fga  put
+    [Setup]  Run Keywords  Create Temporary File   put_not_allowed   123456789
+    ...      AND           Setup directory fga  public
+    ${url}  DAVS URL   public/put_not_allowed  ${sa.fga}
+    ${rc}  ${out}  Curl Error  ${url}  -X PUT -T ${TEMPDIR}/put_not_allowed ${curl.opts.default}
+    Should Match Regexp  ${out}  401|403
+    [Teardown]  Run Keywords  Remove Temporary File  put_not_allowed
+    ...         AND           Teardown directory fga  public
+
+Anonymous mkcol not allowed to the public area
+    [Tags]  fga  mkcol
+    [Setup]  Setup directory fga  public
+    ${url}  DAVS URL  public/mkcol_not_allowed  ${sa.fga}
+    ${rc}  ${out}  Curl Error  ${url}  -X MKCOL ${curl.opts.default}
+    Should Match Regexp  ${out}  401|403
+    [Teardown]  Teardown directory fga  public
+
+Anonymous read not allowed outside the public area
+    [Tags]  fga  get
+    [Setup]  Setup directory fga  anonymous
+    ${url}   DAVS URL  anonymous/test_file  ${sa.fga}
+    ${rc}  ${out}  Curl Error   ${url}  ${curl.opts.default}
+    Should Match Regexp  ${out}  401|403
+    [Teardown]  Teardown directory fga  anonymous
+
+Anonymous list not allowed outside the public area
+    [Tags]  fga  propfind
+    [Setup]  Setup directory fga  anonymous
+    ${url}   DAVS URL  anonymous  ${sa.fga}
+    ${rc}  ${out}  Curl Error   ${url}  -X PROPFIND ${curl.opts.default}
+    Should Match Regexp  ${out}  401|403
+    [Teardown]  Teardown directory fga  anonymous
+
+Read access allowed to trusted issued tokens
+    [Tags]  fga  get  oauth
+    [Setup]  Setup directory fga  trusted_issuer
+    ${token}  Get token  scope=-s openid
+    ${curl.opts.oauth}  Set Variable  -H "Authorization: Bearer %{${cred.oauth.env_var_name}}"
+    ${url}   DAVS URL  trusted_issuer/test_file  ${sa.fga}
+    ${rc}  ${out}  Curl Success   ${url}  ${curl.opts.oauth} ${curl.opts.default}
+    Should Contain   ${out}   Hello world!
+    [Teardown]  Teardown directory fga  trusted_issuer
+
+List access allowed to trusted issued tokens
+    [Tags]  fga  propfind  oauth
+    [Setup]  Setup directory fga  trusted_issuer
+    ${token}  Get token  scope=-s openid
+    ${curl.opts.oauth}  Set Variable  -H "Authorization: Bearer %{${cred.oauth.env_var_name}}"
+    ${url}   DAVS URL  trusted_issuer  ${sa.fga}
+    ${rc}  ${out}  Curl Success   ${url}  -X PROPFIND ${curl.opts.oauth} ${curl.opts.default}
+    Should Contain   ${out}  test_file
+    [Teardown]  Teardown directory fga  trusted_issuer
+
+Put not allowed to the trusted issued tokens
+    [Tags]  fga  put  oauth
+    [Setup]  Create Temporary File   trusted_issuer   123456789
+    ${token}  Get token  scope=-s openid
+    ${curl.opts.oauth}  Set Variable  -H "Authorization: Bearer %{${cred.oauth.env_var_name}}"
+    ${url}  DAVS URL  trusted_issuer  ${sa.fga}
+    ${rc}  ${out}  Curl Error  ${url}  -X PUT -T ${TEMPDIR}/trusted_issuer ${curl.opts.oauth} ${curl.opts.default}
+    Should Match Regexp  ${out}  401|403
+    [Teardown]   Remove Temporary File  trusted_issuer
+
+Mkcol not allowed to the trusted issued tokens
+    [Tags]  fga  mkcol  oauth
+    ${token}  Get token  scope=-s openid
+    ${curl.opts.oauth}  Set Variable  -H "Authorization: Bearer %{${cred.oauth.env_var_name}}"
+    ${url}  DAVS URL  trusted_issuer  ${sa.fga}
+    ${rc}  ${out}  Curl Error  ${url}  -X MKCOL ${curl.opts.oauth} ${curl.opts.default}
+    Should Match Regexp  ${out}  401|403
+
+Read access allowed to the cms group in the namespace
+    [Tags]  fga  get  oauth
+    [Setup]  Setup directory fga  cms
+    ${token}  Get token  scope=-s ${oauth.group.claim}
+    ${curl.opts.oauth}  Set Variable  -H "Authorization: Bearer %{${cred.oauth.env_var_name}}"
+    ${url}   DAVS URL  cms/test_file  ${sa.fga}
+    ${rc}  ${out}  Curl Success   ${url}  ${curl.opts.oauth} ${curl.opts.default}
+    Should Contain   ${out}   Hello world!
+    [Teardown]  Teardown directory fga  cms
+
+List access allowed to the cms group in the namespace
+    [Tags]  fga  propfind  oaut
+    [Setup]  Setup directory fga  cms
+    ${token}  Get token  scope=-s ${oauth.group.claim}
+    ${curl.opts.oauth}  Set Variable  -H "Authorization: Bearer %{${cred.oauth.env_var_name}}"
+    ${url}   DAVS URL  cms  ${sa.fga}
+    ${rc}  ${out}  Curl Success   ${url}  -X PROPFIND ${curl.opts.oauth} ${curl.opts.default}
+    Should Contain   ${out}  test_file
+    [Teardown]  Teardown directory fga  cms
+
+Put allowed to the cms group in the namespace
+    [Tags]  fga  put  oauth
+    [Setup]  Run Keywords  Create Temporary File   cms_group   123456789
+    ...      AND           Setup directory fga  cms
+    ${token}  Get token  scope=-s ${oauth.group.claim}
+    ${curl.opts.oauth}  Set Variable  -H "Authorization: Bearer %{${cred.oauth.env_var_name}}"
+    ${url}  DAVS URL  cms/cms_group  ${sa.fga}
+    ${rc}  ${out}  Curl Success  ${url}  -X PUT -T ${TEMPDIR}/cms_group ${curl.opts.oauth} ${curl.opts.default}
+    Should Contain   ${out}   201 Created
+    [Teardown]   Run Keywords  Remove Temporary File  cms_group
+    ...          AND           Teardown directory fga  cms
+
+Mkcol allowed to the cms group in the namespace
+    [Tags]  fga  mkcol  oauth
+    [Setup]  Setup directory fga  cms
+    ${token}  Get token  scope=-s ${oauth.group.claim}
+    ${curl.opts.oauth}  Set Variable  -H "Authorization: Bearer %{${cred.oauth.env_var_name}}"
+    ${url}  DAVS URL  cms/cms_group  ${sa.fga}
+    Curl Success  ${url}  -X MKCOL ${curl.opts.oauth} ${curl.opts.default}
+    [Teardown]   Teardown directory fga  cms
+
+Put denied to the cms group outside the namespace
+    [Tags]  fga  put  oauth
+    [Setup]  Run Keywords  Create Temporary File   denied   123456789
+    ...      AND           Setup directory fga  denied
+    ${token}  Get token  scope=-s ${oauth.group.claim}
+    ${curl.opts.oauth}  Set Variable  -H "Authorization: Bearer %{${cred.oauth.env_var_name}}"
+    ${url}  DAVS URL  denied/denied  ${sa.fga}
+    ${rc}  ${out}  Curl Error  ${url}  -X PUT -T ${TEMPDIR}/denied ${curl.opts.oauth} ${curl.opts.default}
+    Should Match Regexp  ${out}  401|403
+    [Teardown]   Run Keywords  Remove Temporary File  denied
+    ...          AND           Teardown directory fga  denied
+
+Mkcol denied to the cms group outside the namespace
+    [Tags]  fga  mkcol  oauth
+    ${token}  Get token  scope=-s ${oauth.group.claim}
+    ${curl.opts.oauth}  Set Variable  -H "Authorization: Bearer %{${cred.oauth.env_var_name}}"
+    ${url}  DAVS URL  denied  ${sa.fga}
+    ${rc}  ${out}  Curl Error  ${url}  -X MKCOL ${curl.opts.oauth} ${curl.opts.default}
+    Should Match Regexp  ${out}  401|403
+
+Read access allowed to data-manager group
+    [Tags]  fga  get  oauth
+    [Setup]  Setup directory fga  data-manager
+    ${token}  Get token  scope=-s ${oauth.optional.group.claim}
+    ${curl.opts.oauth}  Set Variable  -H "Authorization: Bearer %{${cred.oauth.env_var_name}}"
+    ${url}   DAVS URL  data-manager/test_file  ${sa.fga}
+    ${rc}  ${out}  Curl Success   ${url}  ${curl.opts.oauth} ${curl.opts.default}
+    Should Contain   ${out}   Hello world!
+    [Teardown]  Teardown directory fga  data-manager
+
+List access allowed to data-manager group
+    [Tags]  fga  propfind  oauth
+    [Setup]  Setup directory fga  data-manager
+    ${token}  Get token  scope=-s ${oauth.optional.group.claim}
+    ${curl.opts.oauth}  Set Variable  -H "Authorization: Bearer %{${cred.oauth.env_var_name}}"
+    ${url}   DAVS URL  data-manager  ${sa.fga}
+    ${rc}  ${out}  Curl Success   ${url}  -X PROPFIND ${curl.opts.oauth} ${curl.opts.default}
+    Should Contain   ${out}  test_file
+    [Teardown]  Teardown directory fga  data-manager
+
+Put allowed to data-manager group
+    [Tags]  fga  put  oauth
+    [Setup]  Create Temporary File   data-manager   123456789
+    ${token}  Get token  scope=-s ${oauth.optional.group.claim}
+    ${curl.opts.oauth}  Set Variable  -H "Authorization: Bearer %{${cred.oauth.env_var_name}}"
+    ${url}  DAVS URL  data-manager  ${sa.fga}
+    ${rc}  ${out}  Curl Success  ${url}  -X PUT -T ${TEMPDIR}/data-manager ${curl.opts.oauth} ${curl.opts.default}
+    Should Contain   ${out}   201 Created
+    [Teardown]   Run Keywords   Remove Temporary File  data-manager
+    ...          AND            Teardown file fga  data-manager
+
+Mkcol allowed to data-manager group
+    [Tags]  fga  mkcol  oauth
+    ${token}  Get token  scope=-s ${oauth.optional.group.claim}
+    ${curl.opts.oauth}  Set Variable  -H "Authorization: Bearer %{${cred.oauth.env_var_name}}"
+    ${url}  DAVS URL  data-manager  ${sa.fga}
+    ${rc}  ${out}  Curl Success  ${url}  -X MKCOL ${curl.opts.oauth} ${curl.opts.default}
+    [Teardown]   Teardown directory fga  data-manager
\ No newline at end of file
diff --git a/robot/test/basic_tests.robot b/robot/test/basic_tests.robot
index 5ecfa8af..6af1dc68 100644
--- a/robot/test/basic_tests.robot
+++ b/robot/test/basic_tests.robot
@@ -3,149 +3,39 @@ Resource    common/storage_areas.robot
 Resource    common/credentials.robot
 Resource    common/davix.robot
 Resource    common/curl.robot
+Resource    common/setup_and_teardown.robot
 Resource    test/variables.robot
 
 Test Setup  Default Setup
 Test Teardown   Default Teardown
 
-*** Keywords ***
-Default Setup
-    Default VOMS credential
-
-Default Teardown
-    Unset VOMS credential
-
-Get works Setup
-    Default Setup
-    Create Test File   get_test
-
-Get works Teardown
-    Default Teardown
-    Remove Test File   get_test
-
-Put works Setup
-    Default Setup
-    Create Temporary File   put_test   123456789
-
-Put works Teardown
-    Default Teardown
-    Remove Temporary File   put_test
-
-Rm works Setup
-    Default Setup
-    Create Test File   rm_test
-
-Rm works Teardown
-    Default Setup
-    Remove Test File   rm_test
-
-Mkdir works Teardown
-    Default Teardown
-    Remove Test Directory   mkdir_test
-
-Partial Get Works Setup
-    Default Setup
-    Create Test File   pget_test   1x2y456789
-
-Partial Get Works Teardown
-    Default Setup
-    Remove Test File   pget_test
-
-Partial Put Works Setup
-    Default Setup
-    Create Temporary File  pput0_test   0000000000
-    Create Temporary File  pput1_test   1111111111
-
-Partial Put Works Teardown
-    Default Teardown
-    Remove Test File  pput_test
-    Remove Temporary File  pput0_test
-    Remove Temporary File  pput1_test
-
-Single Test File Setup  [Arguments]  ${file_name}
-    Default Setup
-    Create Test File  ${file_name}
-
-Single Test File Teardown  [Arguments]  ${file_name}
-    Default Teardown
-    Remove Test File  ${file_name}
-  
-Head works on large files setup   [Arguments]   ${file_name}
-    Default setup
-    Create Test File With Size  ${file_name}  2g
-
-Head works on large files teardown   [Arguments]   ${file_name}
-    Default Teardown
-    Remove Test File  ${file_name}
-
 *** Test cases ***
 
-Get works
-    [Tags]   voms  get
-    [Setup]   Get works Setup
-    Davix Get Success   ${davs.endpoint}/${sa.default}/get_test
-    [Teardown]   Get works Teardown
-
-Get returns 404 for file that does not exist
-    [Tags]   voms  get
-    ${rc}  ${out}   Davix Get Failure   ${davs.endpoint}/${sa.default}/does_not_exist
-    Should Contain  ${out}   404
-    ${rc}  ${out}   Davix Get Failure   ${davs.endpoint}/${sa.default}/does_not_exist/also
-    Should Contain  ${out}   404
-
-Put works
-    [Tags]  voms  put
-    [Setup]  Put works Setup
-    Davix Put Success  ${TEMPDIR}/put_test  ${davs.endpoint}/${sa.default}/put_test
-    Davix Get Success  ${davs.endpoint}/${sa.default}/put_test
-    Remove File   put_test
-    [Teardown]  Put works Teardown
-
-Rm works
-    [Tags]  voms  rm
-    [Setup]  Rm works Setup
-    Davix Get Success   ${davs.endpoint}/${sa.default}/rm_test
-    Davix Rm Success   ${davs.endpoint}/${sa.default}/rm_test
-    ${rc}  ${out}   Davix Get Failure   ${davs.endpoint}/${sa.default}/rm_test
-    Should Contain  ${out}   404
-    [Teardown]   Rm works teardown
-
-Mkdir works
-    [Tags]  voms  Mkdir
-    ## There's a bug in Davix which returns 0 even if the mkdir call fails
-    ## Davix Mkdir Success   ${davs.endpoint}/${sa.default}/mkdir_test
-    ${rc}  ${out}  Curl Voms MKCOL Success   ${davs.endpoint}/${sa.default}/mkdir_test
-    [Teardown]   Mkdir works teardown
-
-Partial Get works
-    [Tags]  voms  get  partial
-    [Setup]  Partial Get Works Setup
-    ${opts}  Set Variable  -H "Range: 0-3" ${curl.opts.default}
-    ${rc}  ${out}  Curl Voms Get Success   ${davs.endpoint}/${sa.default}/pget_test  ${opts}
-    Should Contain  ${out}  1x2y  
-    Should Contain  ${out}  ength: 4
-    [Teardown]  Partial Get Works Teardown
-
-Partial Put works
-    [Tags]  voms  put  partial  
-    [Setup]  Partial Put Works Setup
-    ${opts}  Set Variable  -H "Content-Range: bytes=0-3/*" ${curl.opts.default}
-    ${dest}  DAVS Url  pput_test
-    ${rc}  ${out}  Curl Voms Put Success  ${TEMPDIR}/pput0_test  ${dest}  
-    ${rc}  ${out}  Curl Voms Put Success  ${TEMPDIR}/pput1_test  ${dest}  ${opts}
-    [Teardown]  Partial Put Works Teardown
-
 Post not allowed on content
     [Tags]  voms  post
-    [Setup]  Single Test File Setup   test_post_not_allowed
+    [Setup]  Setup file   test_post_not_allowed
     ${url}  DAVS Url   test_post_not_allowed
     ${rc}  ${out}  Curl Voms Post Failure  ${url}
-    Should Contain  ${out}  405
-    [Teardown]   Single Test File Teardown  test_post_not_allowed
-
-Head works on large files
-    [Tags]  voms  head
-    [Setup]  Head works on large files setup  hwlf
-    ${rc}  ${out}  Curl Voms HEAD Success  ${davs.endpoint}/${sa.default}/hwlf
-    Should Contain  ${out}  ength: 2147483648
-    [Teardown]   Head works on large files teardown   hwlf
\ No newline at end of file
+    Should Contain  ${out}  405 Method Not Allowed
+    [Teardown]   Teardown file  test_post_not_allowed
+
+Rename file with missing parent
+    [Tags]   voms
+    [Setup]   Setup file  rename-me
+    ${source}  DAVS URL  rename-me
+    ${dest}  DAVS URL  /parent-dir/child-dir/rename-me
+    ${rc}  ${out}  Curl Voms GET Success  ${source}
+    Should Contain  ${out}  Hello World!
+    ${rc}  ${out}  Curl Voms HEAD Failure  ${dest}
+    Should Contain  ${out}  404
+    ${rc}  ${out}  Curl Voms HEAD Failure  ${davs.endpoint}/${sa.default}/parent-dir/child-dir
+    Should Contain  ${out}  404
+    ${rc}  ${out}  Curl Voms HEAD Failure  ${davs.endpoint}/${sa.default}/parent-dir
+    Should Contain  ${out}  404
+    Curl Voms MKCOL Success  ${davs.endpoint}/${sa.default}/parent-dir
+    Curl Voms MKCOL Success  ${davs.endpoint}/${sa.default}/parent-dir/child-dir
+    ${rc}  ${out}  Curl Voms MOVE Success  ${dest}  ${source}
+    Davix Get Success   ${dest}  ${davix.opts.voms}
+    [Teardown]   Run Keywords  Default Teardown
+    ...          AND           Remove Test File   rename-me
+    ...          AND           Remove Test Directory   parent-dir
\ No newline at end of file
diff --git a/robot/test/checksum.robot b/robot/test/checksum.robot
index 1007a32f..0a0cdd01 100644
--- a/robot/test/checksum.robot
+++ b/robot/test/checksum.robot
@@ -3,38 +3,42 @@ Resource    common/storage_areas.robot
 Resource    common/credentials.robot
 Resource    common/davix.robot
 Resource    common/curl.robot
+Resource    common/setup_and_teardown.robot
 Resource    test/variables.robot
 
 Test Setup  Default Setup
 Test Teardown   Default Teardown
 
-*** Keywords ***
-Default Setup
-    Default VOMS credential
-
-Default Teardown
-    Unset VOMS credential
-
-Set extended attr  [Arguments]  ${file}  ${attr}  ${attr_value}
+Default Tags   checksum
 
-Set checksum attr  [Arguments]  ${file}  ${checksum}
+*** Keywords ***
 
-Get checksum works setup
+Setup file for checksum  [Arguments]  ${file_name}  ${content}=Hello World!
     Default Setup
-    Create Temporary File  checksum_test  123456789
+    Create Temporary File   ${file_name}  ${content}
 
-Get checksum works Teardown
+Teardown file for checksum  [Arguments]  ${file_name}
     Default Teardown
-    Remove Test File  checksum_test
-    Remove Temporary File   checksum_test
+    Teardown file   ${file_name}
+    Remove Temporary File   ${file_name}
+
 
 *** Test cases ***
 
 Get checksum works
-    [Setup]  Get checksum works setup
-    [Tags]  voms  checksum  put
-    ${dst}  DAVS Url  checksum_test
-    Davix Put Success  ${TEMPDIR}/checksum_test  ${dst}
-    ${rc}  ${out}  Curl Voms Get Success  ${dst}
-    Should Contain  ${out}  Digest: adler32=91e01de
-    [Teardown]  Get checksum works Teardown
\ No newline at end of file
+    [Setup]  Setup file for checksum  checksum_works  123456789
+    [Tags]  voms  get
+    ${url}  DAVS URL  checksum_works
+    Davix Put Success  ${TEMPDIR}/checksum_works  ${url}
+    ${rc}  ${out}  Curl Voms GET Success  ${url}
+    Should Contain  ${out}  Digest: adler32=091e01de
+    [Teardown]  Teardown file for checksum   checksum_works
+
+Head checksum works
+    [Setup]  Setup file for checksum  checksum_works  test123456789
+    [Tags]  voms  put
+    ${url}  DAVS URL  checksum_works
+    Davix Put Success  ${TEMPDIR}/checksum_works  ${url}
+    ${rc}  ${out}  Curl Voms HEAD Success  ${url}
+    Should Contain  ${out}  Digest: adler32=1d3b039e
+    [Teardown]  Teardown file for checksum   checksum_works
\ No newline at end of file
diff --git a/robot/test/copy.robot b/robot/test/copy.robot
index e8068752..2456bc34 100644
--- a/robot/test/copy.robot
+++ b/robot/test/copy.robot
@@ -3,6 +3,7 @@ Resource    common/storage_areas.robot
 Resource    common/credentials.robot
 Resource    common/davix.robot
 Resource    common/curl.robot
+Resource    common/setup_and_teardown.robot
 Resource    test/variables.robot
 
 Test Setup  Default Setup
@@ -10,45 +11,83 @@ Test Teardown   Default Teardown
 
 Default Tags   copy
 
-*** Keywords ***
+*** Test cases ***
 
-Default Setup
-    Default VOMS credential
+Copy works
+    [Tags]  voms
+    [Setup]  Setup file  copy_works
+    ${dest}  DAVS URL  copy_works.dest
+    ${source}  DAVS URL  copy_works
+    ${rc}  ${out}  Curl Voms Push COPY Success  ${dest}  ${source}
+    Davix Get Success   ${dest}  ${davix.opts.voms}
+    [Teardown]   Teardown file  copy_works
 
-Default Teardown
-    Unset VOMS credential
+Copy directory works
+    [Tags]  voms
+    [Setup]  Setup directory  copy_works
+    ${dest}  DAVS URL  copy_works.dest
+    ${source}  DAVS URL  copy_works
+    ${rc}  ${out}  Curl Voms Push COPY Success  ${dest}  ${source}
+    Davix Get Success   ${dest}  ${davix.opts.voms}
+    [Teardown]   Teardown directory  copy_works
 
-Setup copy file  [Arguments]  ${file_name}
-    Default Setup
-    Create Test File   ${file_name}  content=Hello World!
+Copy not empty directory works
+    [Tags]  voms
+    [Setup]  Run Keywords   Setup directory  copy_works
+    ...      AND            Create Test File   copy_works/file_copy_works
+    ${dest}  DAVS URL  copy_works.dest
+    ${source}  DAVS URL  copy_works
+    ${rc}  ${out}  Curl Voms Push COPY Success  ${dest}  ${source}
+    Davix Get Success   ${dest}  ${davix.opts.voms}
+    [Teardown]   Teardown directory  copy_works
 
-Teardown copy file  [Arguments]  ${file_name}
-    Default Teardown
-    Remove Test File   ${file_name}
-    Remove Test File   ${file_name}.copied
+Copy override works
+    [Tags]  voms
+    [Setup]  Setup file  copy_works
+    ${dest}  DAVS URL  copy_works.dest
+    ${source}  DAVS URL  copy_works
+    Curl Voms Push COPY Success  ${dest}  ${source}
+    ${overwriteHeader}  Set variable  --header "Overwrite: T"
+    ${rc}  ${out}  Curl Voms Push COPY Success  ${dest}  ${source}  ${curl.opts.default} ${overwriteHeader}
+    Davix Get Success   ${dest}  ${davix.opts.voms}
+    [Teardown]   Teardown file  copy_works
 
-Teardown copy file cross sa  [Arguments]  ${file_name}
-    Default Teardown
-    Remove Test File   ${file_name}
-    Remove Test File   ${file_name}.copied  sa=${sa.oauth}
+Copy override fails
+    [Tags]  voms
+    [Setup]  Setup file  copy_works
+    ${dest}  DAVS URL  copy_works.dest
+    ${source}  DAVS URL  copy_works
+    Curl Voms Push COPY Success  ${dest}  ${source}
+    ${overwriteHeader}  Set variable  --header "Overwrite: F"
+    ${rc}  ${out}  Curl Voms Push COPY Failure  ${dest}  ${source}  ${curl.opts.default} ${overwriteHeader}
+    Should Contain  ${out}  412 Precondition Failed
+    [Teardown]   Teardown file  copy_works
 
-*** Test cases ***
+Copy not existent resource
+    [Tags]  voms
+    [Setup]  Default Setup
+    ${dest}  DAVS URL  copy_works.dest
+    ${source}  DAVS URL  copy_works
+    ${rc}  ${out}  Curl Voms Push COPY Failure  ${dest}  ${source}
+    Should Contain  ${out}  404 Not Found
+    [Teardown]   Default Teardown
 
-Local copy works
+Copy with destination equal to source
     [Tags]  voms
-    [Setup]  Setup copy file  copy_works
-    ${dest}  DAVS URL  copy_works.copied
+    [Setup]  Setup file  copy_works
+    ${dest}  DAVS URL  copy_works
     ${source}  DAVS URL  copy_works
-    ${rc}  ${out}  Curl Voms Push COPY Success  ${dest}  ${source}
-    Davix Get Success   ${dest}  ${davix.opts.voms}
-    [Teardown]   Teardown copy file  copy_works
+    ${overwriteHeader}  Set variable  --header "Overwrite: T"
+    ${rc}  ${out}  Curl Voms Push COPY Failure  ${dest}  ${source}  ${curl.opts.default} ${overwriteHeader}
+    Should Contain  ${out}  403
+    [Teardown]   Teardown file  copy_works
 
-Local copy across storage areas fails
+Copy across storage areas fails
     [Tags]  voms
-    [Setup]  Setup copy file  copy_x_sa_works
-    ${dest}  DAVS URL  copy_x_sa_works.copied  sa=${sa.oauth}
+    [Setup]  Setup file  copy_x_sa_works
+    ${dest}  DAVS URL  copy_x_sa_works.dest  sa=${sa.oauth}
     ${source}  DAVS URL  copy_x_sa_works
     ${rc}  ${out}  Curl Voms Push COPY  ${dest}  ${source}
     Should Contain  ${out}   400
     Should Contain  ${out}   Local copy across storage areas is not supported
-    [Teardown]   Teardown copy file cross sa   copy_x_sa_works
+    [Teardown]   Teardown file cross sa   copy_x_sa_works
\ No newline at end of file
diff --git a/robot/test/delete.robot b/robot/test/delete.robot
new file mode 100644
index 00000000..de0111cd
--- /dev/null
+++ b/robot/test/delete.robot
@@ -0,0 +1,51 @@
+*** Settings ***
+Resource    common/storage_areas.robot
+Resource    common/credentials.robot
+Resource    common/davix.robot
+Resource    common/curl.robot
+Resource    common/setup_and_teardown.robot
+Resource    test/variables.robot
+
+Test Setup  Default Setup
+Test Teardown   Default Teardown
+
+Default Tags   delete
+
+
+*** Test cases ***
+
+Delete works
+    [Tags]  voms
+    [Setup]  Setup file  delete_works
+    ${url}  DAVS URL  delete_works
+    ${rc}  ${out}  Curl Voms DELETE Success  ${url}
+    ${rc}  ${out}   Davix Get Failure   ${url}  ${davix.opts.voms}
+    Should Contain  ${out}   404
+    [Teardown]   Teardown file  delete_works
+
+Delete directory works
+    [Tags]  voms
+    [Setup]  Setup directory  delete_works
+    ${url}  DAVS URL  delete_works
+    ${rc}  ${out}  Curl Voms DELETE Success  ${url}
+    ${rc}  ${out}   Davix Get Failure   ${url}  ${davix.opts.voms}
+    Should Contain  ${out}   404
+    [Teardown]   Teardown directory  delete_works
+
+Delete not empty directory fails
+    [Documentation]  Since v1.3.1 removing not empty directories is not allowed
+    [Tags]  voms
+    [Setup]  Run Keywords   Setup directory  delete_works
+    ...      AND            Create Test File   delete_works/file_delete_works
+    ${url}  DAVS URL  delete_works
+    ${rc}  ${out}  Curl Voms DELETE Failure  ${url}
+    Should Contain  ${out}  412 Precondition Failed
+    [Teardown]   Teardown directory  delete_works
+
+Delete not existent resource
+    [Tags]  voms
+    [Setup]  Default Setup
+    ${url}  DAVS URL  delete_works
+    ${rc}  ${out}  Curl Voms DELETE Failure  ${url}
+    Should Contain  ${out}  404 Not Found
+    [Teardown]   Default Teardown
\ No newline at end of file
diff --git a/robot/test/get.robot b/robot/test/get.robot
new file mode 100644
index 00000000..e489d78c
--- /dev/null
+++ b/robot/test/get.robot
@@ -0,0 +1,56 @@
+*** Settings ***
+Resource    common/storage_areas.robot
+Resource    common/credentials.robot
+Resource    common/davix.robot
+Resource    common/curl.robot
+Resource    common/setup_and_teardown.robot
+Resource    test/variables.robot
+
+Test Setup  Default Setup
+Test Teardown   Default Teardown
+
+Default Tags   get
+
+
+*** Test cases ***
+
+Get works
+    [Tags]   voms
+    [Setup]   Setup file  get_works
+    ${url}  DAVS URL  get_works
+    ${rc}  ${out}  Curl Voms GET Success  ${url}
+    Should Contain  ${out}  Hello World!
+    Davix Get Success   ${url}  ${davix.opts.voms}
+    [Teardown]   Teardown file  get_works
+
+Get directory works
+    [Tags]  voms
+    [Setup]  Setup directory  get_works
+    ${url}  DAVS URL  get_works
+    ${rc}  ${out}  Curl Voms GET Success  ${url}
+    Davix Get Success   ${url}  ${davix.opts.voms}
+    [Teardown]   Teardown directory  get_works
+
+Get not empty directory works
+    [Tags]  voms
+    [Setup]  Run Keywords   Setup directory  get_works
+    ...      AND            Create Test File   get_works/file_get_works
+    ${url}  DAVS URL  get_works
+    ${rc}  ${out}  Curl Voms GET Success  ${url}
+    Davix Get Success   ${url}  ${davix.opts.voms}
+    [Teardown]   Teardown directory  get_works
+
+Get root directory works
+    [Tags]  voms
+    [Setup]  Default Setup
+    ${url}  Set Variable  ${davs.endpoint}/${sa.default}
+    ${rc}  ${out}  Curl Voms GET Success  ${url}
+    Davix Get Success   ${url}  ${davix.opts.voms}
+    [Teardown]   Default Teardown
+
+Get not existent resource
+    [Tags]   voms
+    ${rc}  ${out}   Davix Get Failure   ${davs.endpoint}/${sa.default}/does_not_exist
+    Should Contain  ${out}   404
+    ${rc}  ${out}   Davix Get Failure   ${davs.endpoint}/${sa.default}/does_not_exist/also
+    Should Contain  ${out}   404
\ No newline at end of file
diff --git a/robot/test/head.robot b/robot/test/head.robot
new file mode 100644
index 00000000..f1a0d8e5
--- /dev/null
+++ b/robot/test/head.robot
@@ -0,0 +1,65 @@
+*** Settings ***
+Resource    common/storage_areas.robot
+Resource    common/credentials.robot
+Resource    common/davix.robot
+Resource    common/curl.robot
+Resource    common/setup_and_teardown.robot
+Resource    test/variables.robot
+
+Test Setup  Default Setup
+Test Teardown   Default Teardown
+
+Default Tags   head
+
+
+*** Test cases ***
+
+Head works
+    [Tags]  voms
+    [Setup]  Setup file  head_works
+    ${url}  DAVS URL  head_works
+    ${rc}  ${out}  Curl Voms HEAD Success  ${url}
+    Should Contain  ${out}  Content-Length: 12
+    [Teardown]   Teardown file  head_works
+
+Head directory works
+    [Tags]  voms
+    [Setup]  Setup directory  head_works
+    ${url}  DAVS URL  head_works
+    ${rc}  ${out}  Curl Voms HEAD Success  ${url}
+    Should Contain  ${out}  Content-Length: 4096
+    [Teardown]   Teardown directory  head_works
+
+Head not empty directory works
+    [Tags]  voms
+    [Setup]  Run Keywords   Setup directory  head_works
+    ...      AND            Create Test File   head_works/file_head_works   some-text
+    ${url}  DAVS URL  head_works
+    ${rc}  ${out}  Curl Voms HEAD Success  ${url}
+    Should Contain  ${out}  Content-Length: 4096
+    ${rc}  ${out}  Curl Voms HEAD Success  ${url}/file_head_works
+    Should Contain  ${out}  Content-Length: 9
+    [Teardown]   Teardown directory  head_works
+
+Head root directory works
+    [Tags]  voms
+    [Setup]  Default Setup
+    ${url}  Set Variable  ${davs.endpoint}/${sa.default}
+    ${rc}  ${out}  Curl Voms HEAD Success  ${url}
+    Should Contain  ${out}  Content-Length: 4096
+    [Teardown]   Default Teardown
+
+Head not existent resource
+    [Tags]   voms
+    ${rc}  ${out}   Curl Voms HEAD Failure   ${davs.endpoint}/${sa.default}/does_not_exist
+    Should Contain  ${out}   404
+    ${rc}  ${out}   Curl Voms HEAD Failure   ${davs.endpoint}/${sa.default}/does_not_exist/also
+    Should Contain  ${out}   404
+
+Head works on large files
+    [Tags]  voms
+    [Setup]  Run Keywords  Default setup
+    ...      AND  Create Test File With Size  hwlf  2G
+    ${rc}  ${out}  Curl Voms HEAD Success  ${davs.endpoint}/${sa.default}/hwlf
+    Should Contain  ${out}  ength: 2147483648
+    [Teardown]   Teardown file  hwlf
\ No newline at end of file
diff --git a/robot/test/mkcol.robot b/robot/test/mkcol.robot
new file mode 100644
index 00000000..bf744f52
--- /dev/null
+++ b/robot/test/mkcol.robot
@@ -0,0 +1,38 @@
+*** Settings ***
+Resource    common/storage_areas.robot
+Resource    common/credentials.robot
+Resource    common/davix.robot
+Resource    common/curl.robot
+Resource    common/setup_and_teardown.robot
+Resource    test/variables.robot
+
+Test Setup  Default Setup
+Test Teardown   Default Teardown
+
+Default Tags   mkcol
+
+
+*** Test cases ***
+
+Mkcol works
+    [Tags]  voms
+    ${url}  DAVS URL  mkcol_works
+    Curl Voms MKCOL Success   ${url}
+    ${rc}  ${out}  Curl Voms HEAD Success  ${url}
+    Should Contain  ${out}  Content-Length: 4096
+    [Teardown]   Teardown directory  mkcol_works
+
+Mkcol with missing parent
+    [Tags]  voms
+    ${url}  DAVS URL  missing-dir/mkcol_works
+    ${rc}  ${out}  Curl Voms MKCOL Failure   ${url}
+    Should Contain  ${out}  409 Conflict
+    [Teardown]   Teardown directory  missing-dir
+
+Mkcol on existent resource
+    [Tags]  voms
+    [Setup]  Setup directory  mkcol_works
+    ${url}  DAVS URL  mkcol_works
+    ${rc}  ${out}  Curl Voms MKCOL Failure   ${url}
+    Should Contain  ${out}  405 Method Not Allowed
+    [Teardown]   Teardown directory  mkcol_works
\ No newline at end of file
diff --git a/robot/test/move.robot b/robot/test/move.robot
index 9cf2f989..de7a2b94 100644
--- a/robot/test/move.robot
+++ b/robot/test/move.robot
@@ -3,6 +3,7 @@ Resource    common/storage_areas.robot
 Resource    common/credentials.robot
 Resource    common/davix.robot
 Resource    common/curl.robot
+Resource    common/setup_and_teardown.robot
 Resource    test/variables.robot
 
 Test Setup  Default Setup
@@ -10,45 +11,84 @@ Test Teardown   Default Teardown
 
 Default Tags   move
 
-*** Keywords ***
 
-Default Setup
-    Default VOMS credential
+*** Test cases ***
+
+Move works
+    [Tags]  voms
+    [Setup]  Setup file  move_works
+    ${dest}  DAVS URL  move_works.dest
+    ${source}  DAVS URL  move_works
+    ${rc}  ${out}  Curl Voms MOVE Success  ${dest}  ${source}
+    Davix Get Success   ${dest}  ${davix.opts.voms}
+    [Teardown]   Teardown file  move_works
 
-Default Teardown
-    Unset VOMS credential
+Move directory works
+    [Tags]  voms
+    [Setup]  Setup directory  move_works
+    ${dest}  DAVS URL  move_works.dest
+    ${source}  DAVS URL  move_works
+    ${rc}  ${out}  Curl Voms MOVE Success  ${dest}  ${source}
+    Davix Get Success   ${dest}  ${davix.opts.voms}
+    [Teardown]   Teardown directory  move_works
 
-Setup move file  [Arguments]  ${file_name}
-    Default Setup
-    Create Test File   ${file_name}  content=Hello World!
+Move not empty directory works
+    [Tags]  voms
+    [Setup]  Run Keywords   Setup directory  move_works
+    ...      AND            Create Test File   move_works/file_move_works
+    ${dest}  DAVS URL  move_works.dest
+    ${source}  DAVS URL  move_works
+    ${rc}  ${out}  Curl Voms MOVE Success  ${dest}  ${source}
+    Davix Get Success   ${dest}  ${davix.opts.voms}
+    [Teardown]   Teardown directory  move_works
 
-Teardown move file  [Arguments]  ${file_name}
-    Default Teardown
-    Remove Test File   ${file_name}
-    Remove Test File   ${file_name}.moved
+Move override works
+    [Tags]  voms
+    [Setup]  Setup file  move_works
+    ${dest}  DAVS URL  move_works.dest
+    ${source}  DAVS URL  move_works
+    Curl Voms Push COPY Success  ${dest}  ${source}
+    ${overwriteHeader}  Set variable  --header "Overwrite: T"
+    ${rc}  ${out}  Curl Voms MOVE Success  ${dest}  ${source}  ${curl.opts.default} ${overwriteHeader}
+    Davix Get Success   ${dest}  ${davix.opts.voms}
+    [Teardown]   Teardown file  move_works
 
-Teardown move file cross sa  [Arguments]  ${file_name}
-    Default Teardown
-    Remove Test File   ${file_name}
-    Remove Test File   ${file_name}.moved  sa=${sa.oauth}
+Move override fails
+    [Tags]  voms
+    [Setup]  Setup file  move_works
+    ${dest}  DAVS URL  move_works.dest
+    ${source}  DAVS URL  move_works
+    Curl Voms Push COPY Success  ${dest}  ${source}
+    ${overwriteHeader}  Set variable  --header "Overwrite: F"
+    ${rc}  ${out}  Curl Voms MOVE Failure  ${dest}  ${source}  ${curl.opts.default} ${overwriteHeader}
+    Should Contain  ${out}  412 Precondition Failed
+    [Teardown]   Teardown file  move_works
 
-*** Test cases ***
+Move not existent resource
+    [Tags]  voms
+    [Setup]  Default Setup
+    ${dest}  DAVS URL  move_works.dest
+    ${source}  DAVS URL  move_works
+    ${rc}  ${out}  Curl Voms MOVE Failure  ${dest}  ${source}
+    Should Contain  ${out}  404 Not Found
+    [Teardown]   Default Teardown
 
-Move works
-    [Tags]  voms  move
-    [Setup]  Setup move file  move_works
-    ${dest}  DAVS URL  move_works.moved
+Move with destination equal to source
+    [Tags]  voms
+    [Setup]  Setup file  move_works
+    ${dest}  DAVS URL  move_works
     ${source}  DAVS URL  move_works
-    ${rc}  ${out}  Curl Voms MOVE Success  ${dest}  ${source}
-    Davix Get Success   ${dest}  ${davix.opts.voms}
-    [Teardown]   Teardown move file  move_works
+    ${overwriteHeader}  Set variable  --header "Overwrite: T"
+    ${rc}  ${out}  Curl Voms MOVE Failure  ${dest}  ${source}  ${curl.opts.default} ${overwriteHeader}
+    Should Contain  ${out}  403
+    [Teardown]   Teardown file  move_works
 
 Move across storage areas fails
-    [Tags]  voms  move
-    [Setup]  Setup move file  move_x_sa_works
-    ${dest}  DAVS URL  move_x_sa_works.moved  sa=${sa.oauth}
+    [Tags]  voms
+    [Setup]  Setup file  move_x_sa_works
+    ${dest}  DAVS URL  move_x_sa_works.dest  sa=${sa.oauth}
     ${source}  DAVS URL  move_works
     ${rc}  ${out}  Curl Voms MOVE  ${dest}  ${source}
     Should Contain  ${out}   400
     Should Contain  ${out}   Move across storage areas is not supported
-    [Teardown]   Teardown move file cross sa   move_x_sa_works
+    [Teardown]   Teardown file cross sa   move_x_sa_works
diff --git a/robot/test/oauth.robot b/robot/test/oauth.robot
index ef64b75c..a3dd9553 100644
--- a/robot/test/oauth.robot
+++ b/robot/test/oauth.robot
@@ -8,9 +8,6 @@ Resource    test/variables.robot
 Test Setup  Default Setup
 Test Teardown   Default Teardown
 
-*** Keywords ***
-OAuth Get Works Setup
-
 
 *** Test cases ***
 
@@ -27,5 +24,5 @@ OAuth Put works
     ${url}  DAVS URL  oauth_put_test  ${sa.oauth}
     Davix Put Success  ${TEMPDIR}/oauth_put_test  ${url}  ${davix.opts.oauth}
     Davix Get Success  ${url}  ${davix.opts.oauth}
-    Remove File   oauth_put_test
+    Remove Test File   oauth_put_test  ${sa.oauth}
     [Teardown]  Remove Temporary File  oauth_put_test
\ No newline at end of file
diff --git a/robot/test/options.robot b/robot/test/options.robot
new file mode 100644
index 00000000..b984c409
--- /dev/null
+++ b/robot/test/options.robot
@@ -0,0 +1,39 @@
+*** Settings ***
+Resource    common/storage_areas.robot
+Resource    common/credentials.robot
+Resource    common/davix.robot
+Resource    common/curl.robot
+Resource    common/setup_and_teardown.robot
+Resource    test/variables.robot
+
+Test Setup  Default Setup
+Test Teardown   Default Teardown
+
+Default Tags   options
+
+
+*** Test cases ***
+
+Options on storage area root works
+    [Tags]  voms
+    [Setup]  Default Setup
+    ${url}  Set Variable  ${davs.endpoint}/${sa.default}
+    ${rc}  ${out}  Curl Voms OPTIONS  ${url}
+    Should Be Equal As Integers   ${rc}   0
+    [Teardown]   Default Teardown
+
+Options on file works
+    [Tags]  voms
+    [Setup]  Setup file  option_works
+     ${url}  DAVS URL  option_works
+    ${rc}  ${out}  Curl Voms OPTIONS  ${url}
+    Should Be Equal As Integers   ${rc}   0
+    [Teardown]   Teardown file  option_works
+
+Options on directory works
+    [Tags]  voms
+    [Setup]  Setup directory  option_works
+     ${url}  DAVS URL  option_works
+    ${rc}  ${out}  Curl Voms OPTIONS  ${url}
+    Should Be Equal As Integers   ${rc}   0
+    [Teardown]   Teardown directory  option_works
\ No newline at end of file
diff --git a/robot/test/partial_transfer.robot b/robot/test/partial_transfer.robot
new file mode 100644
index 00000000..0f1642ce
--- /dev/null
+++ b/robot/test/partial_transfer.robot
@@ -0,0 +1,93 @@
+*** Settings ***
+Resource    common/storage_areas.robot
+Resource    common/credentials.robot
+Resource    common/davix.robot
+Resource    common/curl.robot
+Resource    common/setup_and_teardown.robot
+Resource    test/variables.robot
+
+Test Setup  Default Setup
+Test Teardown   Default Teardown
+
+Default Tags   partial
+
+*** Keywords ***
+
+Partial Put Setup
+    Default Setup
+    Create Temporary File  pput0_test   0000000000
+    Create Temporary File  pput1_test   1111111111
+
+Partial Put Teardown
+    Default Teardown
+    Remove Test File  pput_test
+    Remove Temporary File  pput0_test
+    Remove Temporary File  pput1_test
+
+*** Test cases ***
+
+Partial Get works
+    [Tags]  voms  get
+    [Setup]  Setup file  partial_works  test123456789
+    ${url}  DAVS URL  partial_works
+    ${rc}  ${out}  Curl Voms Get Success   ${url}  ${curl.opts.default} -H "Range: 0-3"
+    Should Contain  ${out}  test
+    Should Not Contain  ${out}  123456789
+    Should Contain  ${out}  Content-Length: 4
+    ${rc}  ${out}  Curl Voms Get Success   ${url}  ${curl.opts.default} -H "Range: 4-7"
+    Should Contain  ${out}  1234
+    Should Contain  ${out}  Content-Length: 4
+    ${rc}  ${out}  Curl Voms Get Success   ${url}  ${curl.opts.default} -H "Range: 9-12"
+    Should Contain  ${out}  6789
+    Should Contain  ${out}  Content-Length: 4
+    [Teardown]  Teardown file  partial_works
+
+Partial Get with multiple range
+    [Tags]  voms  get
+    [Setup]  Setup file  partial_works  test123456789
+    ${url}  DAVS URL  partial_works
+    ${rc}  ${out}  Curl Voms Get Success   ${url}  ${curl.opts.default} -H "Range: 1-3,5-7,10-11"
+    Should Contain  ${out}  Content-Range: bytes 1-3/13
+    Should Contain  ${out}  est
+    Should Contain  ${out}  Content-Range: bytes 5-7/13
+    Should Contain  ${out}  234
+    Should Contain  ${out}  Content-Range: bytes 10-11/13
+    Should Contain  ${out}  78
+    [Teardown]  Teardown file  partial_works
+
+Partial Get not entirely on range
+    [Tags]  voms  get
+    [Setup]  Setup file  partial_works  test123456789
+    ${url}  DAVS URL  partial_works
+    ${rc}  ${out}  Curl Voms Get Success   ${url}  ${curl.opts.default} -H "Range: 11-13"
+    Should Contain  ${out}  Content-Range: bytes 11-12/13
+    Should Contain  ${out}  89
+    Should Contain  ${out}  Content-Length: 2
+    [Teardown]  Teardown file  partial_works
+
+Partial Get out of range
+    [Tags]  voms  get
+    [Setup]  Setup file  partial_works  test123456789
+    ${url}  DAVS URL  partial_works
+    ${rc}  ${out}  Curl Voms Get Failure   ${url}  ${curl.opts.default} -H "Range: 20-24"
+    Should Match Regexp  ${out}  416 Requested Range Not Satisfiable|416 Range Not Satisfiable
+    [Teardown]  Teardown file  partial_works
+
+Partial Get out in one of multiple range
+    [Tags]  voms  get
+    [Setup]  Setup file  partial_works  test123456789
+    ${url}  DAVS URL  partial_works
+    ${rc}  ${out}  Curl Voms Get Success   ${url}  ${curl.opts.default} -H "Range: 1-3,20-24"
+    Should Contain  ${out}  Content-Range: bytes 1-3/13
+    Should Contain  ${out}  est
+    Should Contain  ${out}  Content-Length: 3
+    [Teardown]  Teardown file  partial_works
+
+Partial Put works
+    [Tags]  voms  put
+    [Setup]  Partial Put Setup
+    ${opts}  Set Variable  -H "Content-Range: bytes=0-3/*" ${curl.opts.default}
+    ${dest}  DAVS Url  pput_test
+    ${rc}  ${out}  Curl Voms Put Success  ${TEMPDIR}/pput0_test  ${dest}  
+    ${rc}  ${out}  Curl Voms Put Success  ${TEMPDIR}/pput1_test  ${dest}  ${opts}
+    [Teardown]  Partial Put Teardown
\ No newline at end of file
diff --git a/robot/test/propfind.robot b/robot/test/propfind.robot
new file mode 100644
index 00000000..113aad9a
--- /dev/null
+++ b/robot/test/propfind.robot
@@ -0,0 +1,74 @@
+*** Settings ***
+Resource    common/storage_areas.robot
+Resource    common/credentials.robot
+Resource    common/davix.robot
+Resource    common/curl.robot
+Resource    common/setup_and_teardown.robot
+Resource    test/variables.robot
+
+Test Setup  Default Setup
+Test Teardown   Default Teardown
+
+Default Tags   propfind
+
+*** Keywords ***
+
+Get PROPFIND ALLPROP body
+  ${output}  Set variable  "<?xml version='1.0' encoding='utf-8' ?><D:propfind xmlns:D='DAV:'><D:allprop/></D:propfind>"
+  [Return]  ${output}
+
+Get PROPFIND PROPNAME body
+  ${output}  Set variable  "<?xml version='1.0' encoding='utf-8' ?><D:propfind xmlns:D='DAV:'><D:propname/></D:propfind>"
+  [Return]  ${output}
+
+Get PROPFIND PROP body  [Arguments]  ${propname}
+  ${output}  Set variable  "<?xml version='1.0' encoding='utf-8' ?><D:propfind xmlns:D='DAV:'><D:prop><D:${propname}/><prop/></D:propfind>"
+  [Return]  ${output}
+
+
+*** Test cases ***
+
+Propfind allprop works
+    [Tags]   voms
+    [Setup]   Setup file  propfind_works
+    ${url}  DAVS URL  propfind_works
+    ${body}  Get PROPFIND ALLPROP body
+    ${rc}  ${out}  Curl Voms PROPFIND  ${url}  ${body}
+    Should Contain  ${out}  <ns1:Checksum></ns1:Checksum>
+    Should Contain  ${out}  <d:iscollection>FALSE</d:iscollection>
+    Should Contain  ${out}  <d:displayname>propfind_works</d:displayname> 
+    Should Contain  ${out}  <d:status>HTTP/1.1 200 OK</d:status>
+    Should Contain  ${out}  <d:getcontentlength>12</d:getcontentlength>
+    [Teardown]   Teardown file  propfind_works
+
+Propfind allprop not empty directory works
+    [Tags]  voms
+    [Setup]  Run Keywords   Setup directory  propfind_works
+    ...      AND            Create Test File   propfind_works/file_propfind_works
+    ${url}  DAVS URL  propfind_works
+    ${body}  Get PROPFIND ALLPROP body
+    ${rc}  ${out}  Curl Voms PROPFIND  ${url}  ${body}
+    Should Contain  ${out}  <ns1:Checksum></ns1:Checksum>
+    Should Contain  ${out}  <d:iscollection>FALSE</d:iscollection><d:displayname>file_propfind_works</d:displayname>
+    Should Contain  ${out}  <d:iscollection>TRUE</d:iscollection><d:displayname>propfind_works</d:displayname>
+    Should Contain  ${out}  <d:status>HTTP/1.1 200 OK</d:status>
+    Should Contain  ${out}  <d:getcontentlength>0</d:getcontentlength>
+    [Teardown]   Teardown directory  propfind_works
+
+Propfind propname works
+    [Tags]   voms
+    [Setup]   Setup file  propfind_works
+    ${url}  DAVS URL  propfind_works
+    ${body}  Get PROPFIND PROPNAME body
+    ${rc}  ${out}  Curl Voms PROPFIND  ${url}  ${body}
+    Should Contain  ${out}  <d:displayname>propfind_works</d:displayname> 
+    [Teardown]   Teardown file  propfind_works
+
+Propfind status property works
+    [Tags]   voms
+    [Setup]   Setup file  propfind_works
+    ${url}  DAVS URL  propfind_works
+    ${body}  Get PROPFIND PROP body  status
+    ${rc}  ${out}  Curl Voms PROPFIND  ${url}  ${body}
+    Should Contain  ${out}  <d:status>HTTP/1.1 200 OK</d:status>
+    [Teardown]   Teardown file  propfind_works
\ No newline at end of file
diff --git a/robot/test/put.robot b/robot/test/put.robot
new file mode 100644
index 00000000..b04cbb39
--- /dev/null
+++ b/robot/test/put.robot
@@ -0,0 +1,67 @@
+*** Settings ***
+Resource    common/storage_areas.robot
+Resource    common/credentials.robot
+Resource    common/davix.robot
+Resource    common/curl.robot
+Resource    common/setup_and_teardown.robot
+Resource    test/variables.robot
+
+Test Setup  Default Setup
+Test Teardown   Default Teardown
+
+Default Tags   put
+
+*** Keywords ***
+
+Put Setup  [Arguments]  ${file_name}
+    Default Setup
+    Create Temporary File   ${file_name}   123456789
+
+Put Teardown  [Arguments]  ${file_name}
+    Default Teardown
+    Remove Temporary File   ${file_name}
+    Remove Test File   ${file_name}
+
+Put directory Teardown  [Arguments]  ${file_name}  ${directory_name}=${file_name}
+    Default Teardown
+    Remove Temporary File   ${file_name}
+    Remove Test Directory  ${directory_name}
+
+*** Test cases ***
+
+Put works
+    [Tags]  voms
+    [Setup]  Put Setup   put_works
+    ${url}  DAVS URL  put_works
+    ${rc}  ${out}  Curl Voms PUT Success  ${TEMPDIR}/put_works  ${url}
+	Should Contain  ${out}  201 Created
+    ${rc}  ${out}  Curl Voms Get Success  ${url}
+    Should Contain  ${out}  123456789
+    [Teardown]  Put Teardown   put_works
+
+Put override works
+    [Tags]  voms
+    [Setup]  Put Setup   put_works
+    ${url}  DAVS URL  put_works
+    Curl Voms PUT Success  ${TEMPDIR}/put_works  ${url}
+    ${rc}  ${out}  Curl Voms PUT Success  ${TEMPDIR}/put_works  ${url}
+    Should Contain  ${out}  204 No Content
+    [Teardown]  Put Teardown   put_works
+
+Put with missing parent works
+    [Tags]  voms
+    [Setup]  Put Setup   put_works
+    ${url}  DAVS URL  put-directory/put_works
+    ${rc}  ${out}  Curl Voms PUT Success  ${TEMPDIR}/put_works  ${url}
+    Should Contain  ${out}  201 Created
+    [Teardown]  Run Keywords  Put Teardown   put_works
+    ...         AND           Remove Test Directory  put-directory
+
+Put over directory not allowed
+    [Tags]  voms  known-issue
+    [Setup]  Run Keywords  Setup directory  put_works
+    ...      AND           Put Setup  put_works
+    ${url}  DAVS URL  put_works
+    ${rc}  ${out}  Curl Voms PUT Failure  ${TEMPDIR}/put_works  ${url}
+    Should Contain  ${out}  405 Method not allowed
+    [Teardown]  Put directory Teardown  put_works
\ No newline at end of file
diff --git a/robot/test/token_request.robot b/robot/test/token_request.robot
index 269416cf..c3d15d31 100644
--- a/robot/test/token_request.robot
+++ b/robot/test/token_request.robot
@@ -77,7 +77,7 @@ Put works with locally issued token
     ${opts}  Set variable  -H "Authorization: Bearer ${token}" --capath /etc/grid-security/certificates
     Davix Put Success  ${TEMPDIR}/token_put_test  ${url}  ${opts}
     Davix Get Success  ${url}  ${opts}
-    Remove file  token_put_test
+    Remove Test File  token_put_test
     [Teardown]  Put works with locally issued token Teardown
 
 Get works with locally issued token fga
@@ -97,5 +97,5 @@ Put works with locally issued token fga
     ${opts}  Set variable  -H "Authorization: Bearer ${token}" --capath /etc/grid-security/certificates
     Davix Put Success  ${TEMPDIR}/token_put_test  ${url}  ${opts}
     Davix Get Success  ${url}  ${opts}
-    Remove file  token_put_test
+    Remove Test File  token_put_test  ${sa.fga}
     [Teardown]  Put works with locally issued token fga Teardown
diff --git a/robot/test/tpc.robot b/robot/test/tpc.robot
index 601f94fe..658b56ce 100644
--- a/robot/test/tpc.robot
+++ b/robot/test/tpc.robot
@@ -90,7 +90,7 @@ Pull copy works
     [Teardown]  Pull copy works Teardown
 
 Pull copy works https
-    [Tags]   voms  tpc  dbg
+    [Tags]   voms  tpc
     [Setup]  Pull copy works https Setup
     ${dest}  DAVS URL  tpc_test_https
     ${src}  Remote DAVS URL  tpc_test_https   sa=${sa.noauth}
@@ -120,7 +120,7 @@ Pull copy works oauth and https
     [Teardown]  Pull copy works oauth and https Teardown
 
 Push copy works
-    [Tags]  voms  oauth  tpc  push  kk
+    [Tags]  voms  oauth  tpc  push
     [Setup]  Push copy works Setup
     ${dst}  Remote DAVS URL  tpc_test_push  sa=${sa.oauth}
     ${src}  DAVS URL  tpc_test_push
@@ -131,7 +131,7 @@ Push copy works
     [Teardown]  Push copy works Teardown
 
 Oauth pull copy works
-    [Tags]   oauth  tpc  pull  maghe987
+    [Tags]   oauth  tpc  pull
     [Setup]   Oauth pull copy works Setup 
     ${src}  Remote DAVS URL  oauth_pull_copy_works  sa=${sa.oauth}
     ${dst}   DAVS URL   oauth_pull_copy_works.copy  sa=${sa.oauth}