2 * Copyright (c) 2014 Samsung Electronics Co., Ltd
4 * Licensed under the Apache License, Version 2.0 (the License);
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an AS IS BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
18 * @file test_cases.cpp
19 * @author Aleksander Zdyb <a.zdyb@partner.samsung.com>
20 * @author Marcin Niesluchowski <m.niesluchow@samsung.com>
22 * @brief Tests for libcynara-client and libcynara-admin
25 #include <tests_common.h>
26 #include <cynara_test_client.h>
27 #include <cynara_test_admin.h>
31 RUNNER_TEST_GROUP_INIT(cynara_tests)
33 RUNNER_TEST(tc01_cynara_initialize) {
34 CynaraTestClient cynara;
37 RUNNER_TEST(tc02_admin_initialize) {
38 CynaraTestAdmin admin;
41 RUNNER_TEST(tc03_cynara_check_invalid_params) {
42 CynaraTestClient cynara;
44 const char *client = "client03";
45 const char *user = "user03";
46 const char *privilege = "privilege03";
47 const char *session = "session03";
49 cynara.check(nullptr, session, user, privilege, CYNARA_API_INVALID_PARAM);
50 cynara.check(client, nullptr, user, privilege, CYNARA_API_INVALID_PARAM);
51 cynara.check(client, session, nullptr, privilege, CYNARA_API_INVALID_PARAM);
52 cynara.check(client, session, user, nullptr, CYNARA_API_INVALID_PARAM);
55 void checkInvalidPolicy(CynaraTestAdmin &admin,
59 const char *privilege,
61 const char *resultExtra)
63 CynaraPoliciesContainer cp;
64 cp.add(bucket, client, user, privilege, result, resultExtra);
66 admin.setPolicies(cp, CYNARA_ADMIN_API_INVALID_PARAM);
69 RUNNER_TEST(tc04_admin_set_policies_invalid_params) {
70 CynaraTestAdmin admin;
72 const char *bucket = CYNARA_ADMIN_DEFAULT_BUCKET;
73 const char *client = "client04";
74 const char *user = "user04";
75 const char *privilege = "privilege04";
76 const int resultAllow = CYNARA_ADMIN_ALLOW;
77 const int resultBucket = CYNARA_ADMIN_BUCKET;
78 const char *resultExtra = nullptr;
80 checkInvalidPolicy(admin, nullptr, client, user, privilege, resultAllow, resultExtra);
81 checkInvalidPolicy(admin, bucket, nullptr, user, privilege, resultAllow, resultExtra);
82 checkInvalidPolicy(admin, bucket, client, nullptr, privilege, resultAllow, resultExtra);
83 checkInvalidPolicy(admin, bucket, client, user, nullptr, resultAllow, resultExtra);
84 checkInvalidPolicy(admin, bucket, client, user, privilege, INT_MAX, resultExtra);
85 checkInvalidPolicy(admin, bucket, client, user, privilege, resultBucket, nullptr );
88 RUNNER_TEST(tc05_admin_set_bucket_invalid_params) {
89 CynaraTestAdmin admin;
91 const char *bucket = CYNARA_ADMIN_DEFAULT_BUCKET;
92 const int operationAllow = CYNARA_ADMIN_ALLOW;
93 const int operationDelete = CYNARA_ADMIN_DELETE;
94 const char *extra = nullptr;
96 admin.setBucket(nullptr, operationAllow, extra, CYNARA_ADMIN_API_INVALID_PARAM);
97 admin.setBucket(bucket, INT_MAX, extra, CYNARA_ADMIN_API_INVALID_PARAM);
98 admin.setBucket(bucket, operationDelete, extra, CYNARA_ADMIN_API_OPERATION_NOT_ALLOWED);
101 RUNNER_TEST(tc06_cynara_check_empty_admin1)
103 CynaraTestClient cynara;
105 const char *client = "client06_1";
106 const char *session = "session06_1";
107 const char *user = "user06_1";
108 const char *privilege = "privilege06_1";
110 cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_DENIED);
113 RUNNER_TEST(tc06_cynara_check_empty_admin2)
115 CynaraTestClient cynara;
117 const char *client = CYNARA_ADMIN_WILDCARD;
118 const char *session = "session06_2";
119 const char *user = CYNARA_ADMIN_WILDCARD;
120 const char *privilege = CYNARA_ADMIN_WILDCARD;
122 cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_DENIED);
125 RUNNER_TEST(tc07_admin_set_bucket_admin_allow_deny)
127 CynaraTestAdmin admin;
128 CynaraTestClient cynara;
130 const char *bucket = CYNARA_ADMIN_DEFAULT_BUCKET;
131 const char *client = "client07";
132 const char *session = "session07";
133 const char *user = "user07";
134 const char *privilege = "privilege07";
135 const char *extra = nullptr;
137 admin.setBucket(bucket, CYNARA_ADMIN_ALLOW, extra);
139 cynara.check(client, session, user, privilege, CYNARA_API_SUCCESS);
141 admin.setBucket(bucket, CYNARA_ADMIN_DENY, extra);
143 cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_DENIED);
146 RUNNER_TEST(tc08_admin_set_policies_allow_remove1)
148 CynaraTestAdmin admin;
149 CynaraTestClient cynara;
151 const char *bucket = CYNARA_ADMIN_DEFAULT_BUCKET;
152 const char *session = "session08_1";
153 const int resultAllow = CYNARA_ADMIN_ALLOW;
154 const int resultDelete = CYNARA_ADMIN_DELETE;
155 const char *resultExtra = nullptr;
157 const std::vector< std::vector<const char *> > data = {
158 { "client08_1_a", "user08_1_a", "privilege08_1_a" },
159 { "client08_1_b", "user08_1_b", "privilege08_1_b" },
162 cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_DENIED);
163 cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED);
165 // allow first policy
167 CynaraPoliciesContainer cp;
168 cp.add(bucket, data[0][0], data[0][1], data[0][2], resultAllow, resultExtra);
169 admin.setPolicies(cp);
171 cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_SUCCESS);
172 cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED);
174 // allow second policy
176 CynaraPoliciesContainer cp;
177 cp.add(bucket, data[1][0], data[1][1], data[1][2], resultAllow, resultExtra);
178 admin.setPolicies(cp);
180 cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_SUCCESS);
181 cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_SUCCESS);
183 // delete first policy
185 CynaraPoliciesContainer cp;
186 cp.add(bucket, data[0][0], data[0][1], data[0][2], resultDelete, resultExtra);
187 admin.setPolicies(cp);
189 cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_DENIED);
190 cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_SUCCESS);
192 // delete second policy
194 CynaraPoliciesContainer cp;
195 cp.add(bucket, data[1][0], data[1][1], data[1][2], resultDelete, resultExtra);
196 admin.setPolicies(cp);
198 cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_DENIED);
199 cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED);
202 RUNNER_TEST(tc08_admin_set_policies_allow_remove2)
204 CynaraTestAdmin admin;
205 CynaraTestClient cynara;
207 const char *bucket = CYNARA_ADMIN_DEFAULT_BUCKET;
208 const char *session = "session08_2";
209 const int resultAllow = CYNARA_ADMIN_ALLOW;
210 const int resultDelete = CYNARA_ADMIN_DELETE;
211 const char *resultExtra = nullptr;
213 const std::vector< std::vector<const char *> > data = {
214 { "client08_2_a", "user08_2_a", "privilege08_2_a" },
215 { "client08_2_b", "user08_2_b", "privilege08_2_b" },
218 cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_DENIED);
219 cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED);
221 // allow first policy
223 CynaraPoliciesContainer cp;
224 cp.add(bucket, data[0][0], data[0][1], data[0][2], resultAllow, resultExtra);
225 admin.setPolicies(cp);
227 cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_SUCCESS);
228 cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED);
230 // delete first, allow second policy
232 CynaraPoliciesContainer cp;
233 cp.add(bucket, data[0][0], data[0][1], data[0][2], resultDelete, resultExtra);
234 cp.add(bucket, data[1][0], data[1][1], data[1][2], resultAllow, resultExtra);
235 admin.setPolicies(cp);
237 cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_DENIED);
238 cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_SUCCESS);
240 // delete second policy
242 CynaraPoliciesContainer cp;
243 cp.add(bucket, data[1][0], data[1][1], data[1][2], resultDelete, resultExtra);
244 admin.setPolicies(cp);
247 cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_DENIED);
248 cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED);
251 RUNNER_TEST(tc08_admin_set_policies_allow_remove3)
253 CynaraTestAdmin admin;
254 CynaraTestClient cynara;
256 const char *bucket = CYNARA_ADMIN_DEFAULT_BUCKET;
257 const char *session = "session08_3";
258 const int resultAllow = CYNARA_ADMIN_ALLOW;
259 const int resultDelete = CYNARA_ADMIN_DELETE;
260 const char *resultExtra = nullptr;
262 const std::vector< std::vector<const char *> > data = {
263 { "client08_3_a", "user08_3_a", "privilege08_3_a" },
264 { "client08_3_b", "user08_3_b", "privilege08_3_b" },
267 cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_DENIED);
268 cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED);
270 // allow first and second policy
272 CynaraPoliciesContainer cp;
273 cp.add(bucket, data[0][0], data[0][1], data[0][2], resultAllow, resultExtra);
274 cp.add(bucket, data[1][0], data[1][1], data[1][2], resultAllow, resultExtra);
275 admin.setPolicies(cp);
277 cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_SUCCESS);
278 cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_SUCCESS);
280 // delete first and second policy
282 CynaraPoliciesContainer cp;
283 cp.add(bucket, data[0][0], data[0][1], data[0][2], resultDelete, resultExtra);
284 cp.add(bucket, data[1][0], data[1][1], data[1][2], resultDelete, resultExtra);
285 admin.setPolicies(cp);
288 cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_DENIED);
289 cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED);
projects / platform / core / test / security-tests.git / blob