2 * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
17 * @file test/storage/storage/check.cpp
18 * @author Aleksander Zdyb <a.zdyb@samsung.com>
20 * @brief Tests of check in Storage
23 #include <gtest/gtest.h>
24 #include <gmock/gmock.h>
26 #include "types/PolicyType.h"
27 #include "types/PolicyKey.h"
28 #include "types/PolicyResult.h"
29 #include "types/PolicyCollection.h"
30 #include "types/pointers.h"
31 #include "exceptions/DefaultBucketDeletionException.h"
32 #include "storage/Storage.h"
33 #include "storage/StorageBackend.h"
35 #include "fakestoragebackend.h"
36 #include "../../helpers.h"
41 using namespace Cynara;
43 TEST(storage, checkEmpty) {
44 using ::testing::ReturnPointee;
46 PolicyBucket emptyBucket("empty");
48 FakeStorageBackend backend;
49 Cynara::Storage storage(backend);
50 PolicyKey pk = Helpers::generatePolicyKey();
52 EXPECT_CALL(backend, searchBucket(defaultPolicyBucketId, pk))
53 .WillOnce(ReturnPointee(&emptyBucket));
55 // Default bucket empty -- return DENY
56 auto policyAnswer = storage.checkPolicy(pk);
57 ASSERT_EQ(PredefinedPolicyType::DENY, policyAnswer.policyType());
60 TEST(storage, checkSimple) {
61 using ::testing::ReturnPointee;
63 PolicyBucket bucket(defaultPolicyBucketId);
64 FakeStorageBackend backend;
66 Cynara::Storage storage(backend);
67 PolicyKey pk = Helpers::generatePolicyKey();
69 EXPECT_CALL(backend, searchBucket(defaultPolicyBucketId, pk))
70 .WillRepeatedly(ReturnPointee(&bucket));
72 // Default bucket empty -- return DENY
73 ASSERT_EQ(PredefinedPolicyType::DENY, storage.checkPolicy(pk).policyType());
75 // Add ALLOW to default bucket -- return ALLOW
76 bucket.insertPolicy(Policy::simpleWithKey(pk, PredefinedPolicyType::ALLOW));
77 ASSERT_EQ(PredefinedPolicyType::ALLOW, storage.checkPolicy(pk).policyType());
79 // Add DENY to default bucket -- return DENY
80 bucket.insertPolicy(Policy::simpleWithKey(pk, PredefinedPolicyType::DENY));
81 ASSERT_EQ(PredefinedPolicyType::DENY, storage.checkPolicy(pk).policyType());
84 // TODO: Refactorize to resemble checkNonrecursive()
85 TEST(storage, checkBucket) {
86 using ::testing::ReturnPointee;
88 const PolicyBucketId additionalBucketId = "additional-bucket";
90 FakeStorageBackend backend;
91 Cynara::Storage storage(backend);
92 PolicyKey pk = Helpers::generatePolicyKey();
94 PolicyBucket defaultBucket(defaultPolicyBucketId, PolicyCollection({
95 Policy::simpleWithKey(pk, PredefinedPolicyType::ALLOW),
96 Policy::bucketWithKey(pk, additionalBucketId)
99 PolicyBucket additionalBucket("additional");
101 EXPECT_CALL(backend, searchBucket(defaultPolicyBucketId, pk))
102 .WillRepeatedly(ReturnPointee(&defaultBucket));
104 EXPECT_CALL(backend, searchBucket(additionalBucketId, pk))
105 .WillRepeatedly(ReturnPointee(&additionalBucket));
108 // Bucket empty -- should return DENY as default bucket value
109 ASSERT_EQ(PredefinedPolicyType::DENY, storage.checkPolicy(pk).policyType());
111 // Add ALLOW to bucket, so return ALLOW
112 additionalBucket.insertPolicy(Policy::simpleWithKey(pk, PredefinedPolicyType::ALLOW));
113 ASSERT_EQ(PredefinedPolicyType::ALLOW, storage.checkPolicy(pk).policyType());
115 // Add DENY to default bucket -- return DENY, even though ALLOW in other bucket
116 defaultBucket.insertPolicy(Policy::simpleWithKey(pk, PredefinedPolicyType::DENY));
117 ASSERT_EQ(PredefinedPolicyType::DENY, storage.checkPolicy(pk).policyType());
120 // Catch a bug, where consecutive buckets were filtered with wildcard policies' keys
121 // instead of original key being checked
122 TEST(storage, checkBucketWildcard) {
123 using ::testing::Return;
124 using ::testing::ReturnPointee;
126 const PolicyBucketId additionalBucketId = "additional-bucket";
127 const PolicyKey defaultBucketKey = PolicyKey("c", "*", "p");
128 const PolicyKey checkKey = PolicyKey("c", "u1", "p");
130 PolicyBucket defaultBucket(defaultPolicyBucketId, PolicyCollection({
131 Policy::bucketWithKey(defaultBucketKey, additionalBucketId)
134 FakeStorageBackend backend;
135 Cynara::Storage storage(backend);
137 EXPECT_CALL(backend, searchBucket(defaultPolicyBucketId, checkKey))
138 .WillRepeatedly(ReturnPointee(&defaultBucket));
140 // Check, if next bucket is filtered with original key
141 EXPECT_CALL(backend, searchBucket(additionalBucketId, checkKey))
142 .WillRepeatedly(Return(PolicyBucket("id"))); // additional bucket would yield no records
144 // Should return additional bucket's default policy
145 ASSERT_EQ(PredefinedPolicyType::DENY, storage.checkPolicy(checkKey));
148 TEST(storage, checkBucketWildcardOtherDefault) {
149 using ::testing::ReturnPointee;
151 const PolicyBucketId additionalBucketId = "additional-bucket";
152 const PolicyKey defaultBucketKey = PolicyKey("c", "*", "p");
153 const PolicyKey checkKey = PolicyKey("c", "u1", "p");
155 PolicyBucket defaultBucket(defaultPolicyBucketId, PolicyCollection({
156 Policy::bucketWithKey(defaultBucketKey, additionalBucketId)
159 PolicyBucket additionalBucket(additionalBucketId, PredefinedPolicyType::ALLOW);
161 FakeStorageBackend backend;
162 Cynara::Storage storage(backend);
164 EXPECT_CALL(backend, searchBucket(defaultPolicyBucketId, checkKey))
165 .WillRepeatedly(ReturnPointee(&defaultBucket));
167 // Check, if next bucket is filtered with original key
168 EXPECT_CALL(backend, searchBucket(additionalBucketId, checkKey))
169 .WillRepeatedly(ReturnPointee(&additionalBucket));
171 // Should return additional bucket's default policy
172 ASSERT_EQ(PredefinedPolicyType::ALLOW, storage.checkPolicy(checkKey));
175 TEST(storage, checkNonrecursive) {
176 using ::testing::ReturnPointee;
178 PolicyKey pk = Helpers::generatePolicyKey();
179 PolicyBucketId bucketId = "a-bucket";
181 PolicyBucket bucket(bucketId, PredefinedPolicyType::ALLOW,
182 { Policy::bucketWithKey(pk, "must-not-be-touched") });
183 FakeStorageBackend backend;
185 Cynara::Storage storage(backend);
187 EXPECT_CALL(backend, searchBucket(bucketId, pk))
188 .WillOnce(ReturnPointee(&bucket));
190 ASSERT_EQ(PredefinedPolicyType::ALLOW, storage.checkPolicy(pk, bucketId, false));
194 * bucket1 contains policy (with key pk) pointing to bucket2
195 * bucket2 is empty and it's default policy is NONE
196 * Because NONE policy in bucket2, check should yield default policy of bucket1 and not of bucket2
198 TEST(storage, noneBucket) {
199 using ::testing::ReturnPointee;
200 using PredefinedPolicyType::ALLOW;
201 using PredefinedPolicyType::NONE;
203 auto pk = Helpers::generatePolicyKey();
205 PolicyBucket bucket2("bucket-2", NONE);
206 PolicyBucket bucket1("bucket-1", ALLOW, { Policy::bucketWithKey(pk, bucket2.id()) });
208 FakeStorageBackend backend;
209 Cynara::Storage storage(backend);
211 EXPECT_CALL(backend, searchBucket(bucket1.id(), pk))
212 .WillOnce(ReturnPointee(&bucket1));
213 EXPECT_CALL(backend, searchBucket(bucket2.id(), pk))
214 .WillOnce(ReturnPointee(&bucket2));
216 ASSERT_EQ(ALLOW, storage.checkPolicy(pk, bucket1.id(), true));
220 * Scenario similar to noneBucket, but bucket2 contains matching policy.
221 * In this case this policy should be returned.
223 TEST(storage, noneBucketNotEmpty) {
224 using ::testing::ReturnPointee;
225 using PredefinedPolicyType::ALLOW;
226 using PredefinedPolicyType::DENY;
227 using PredefinedPolicyType::NONE;
229 auto pk = Helpers::generatePolicyKey();
231 PolicyBucket bucket2("bucket-2", NONE, { Policy::simpleWithKey(pk, DENY) });
232 PolicyBucket bucket1("bucket-1", ALLOW, { Policy::bucketWithKey(pk, bucket2.id()) });
234 FakeStorageBackend backend;
235 Cynara::Storage storage(backend);
237 EXPECT_CALL(backend, searchBucket(bucket1.id(), pk))
238 .WillOnce(ReturnPointee(&bucket1));
239 EXPECT_CALL(backend, searchBucket(bucket2.id(), pk))
240 .WillOnce(ReturnPointee(&bucket2));
242 ASSERT_EQ(DENY, storage.checkPolicy(pk, bucket1.id(), true));
246 * Single empty bucket with default policy of NONE
247 * -- searching for any key should yield NONE
249 TEST(storage, singleNoneBucket) {
250 using ::testing::ReturnPointee;
251 using PredefinedPolicyType::NONE;
253 auto pk = Helpers::generatePolicyKey();
255 PolicyBucket bucket("bucket", NONE, {});
257 FakeStorageBackend backend;
258 Cynara::Storage storage(backend);
260 EXPECT_CALL(backend, searchBucket(bucket.id(), pk))
261 .WillOnce(ReturnPointee(&bucket));
263 ASSERT_EQ(NONE, storage.checkPolicy(pk, bucket.id(), true));