2 * Copyright (c) 2014 Samsung Electronics Co., Ltd
4 * Licensed under the Apache License, Version 2.0 (the License);
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an AS IS BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
18 * @file test_cases.cpp
19 * @author Aleksander Zdyb <a.zdyb@partner.samsung.com>
20 * @author Marcin Niesluchowski <m.niesluchow@samsung.com>
22 * @brief Tests for libcynara-client and libcynara-admin
25 #include <dpl/exception.h>
26 #include <tests_common.h>
27 #include <cynara_test_client.h>
28 #include <cynara_test_admin.h>
29 #include <cynara_test_env.h>
34 void environmentWrap(const char *testName, const std::function<void(void)> &func)
36 CynaraTestEnv env(testName);
41 } catch (const DPL::Test::TestRunner::TestFailed &e) {
44 } catch (const DPL::Test::TestRunner::Ignored &e) {
47 } catch (const DPL::Exception &e) {
50 } catch (const std::exception &e) {
55 throw std::runtime_error("Unknown exception");
60 #define RUN_CYNARA_TEST(Proc) \
63 environmentWrap(#Proc, Proc##_func); \
66 void tc01_cynara_initialize_func()
71 void tc02_admin_initialize_func()
73 CynaraTestAdmin admin;
76 void tc03_cynara_check_invalid_params_func()
78 CynaraTestClient cynara;
80 const char *client = "client03";
81 const char *user = "user03";
82 const char *privilege = "privilege03";
83 const char *session = "session03";
85 cynara.check(nullptr, session, user, privilege, CYNARA_API_INVALID_PARAM);
86 cynara.check(client, nullptr, user, privilege, CYNARA_API_INVALID_PARAM);
87 cynara.check(client, session, nullptr, privilege, CYNARA_API_INVALID_PARAM);
88 cynara.check(client, session, user, nullptr, CYNARA_API_INVALID_PARAM);
91 void checkInvalidPolicy(CynaraTestAdmin &admin,
95 const char *privilege,
97 const char *resultExtra)
99 CynaraPoliciesContainer cp;
100 cp.add(bucket, client, user, privilege, result, resultExtra);
102 admin.setPolicies(cp, CYNARA_API_INVALID_PARAM);
105 void tc04_admin_set_policies_invalid_params_func()
107 CynaraTestAdmin admin;
109 const char *bucket = CYNARA_ADMIN_DEFAULT_BUCKET;
110 const char *client = "client04";
111 const char *user = "user04";
112 const char *privilege = "privilege04";
113 const int resultAllow = CYNARA_ADMIN_ALLOW;
114 const int resultBucket = CYNARA_ADMIN_BUCKET;
115 const int resultNone = CYNARA_ADMIN_NONE;
116 const char *resultExtra = nullptr;
118 checkInvalidPolicy(admin, nullptr, client, user, privilege, resultAllow, resultExtra);
119 checkInvalidPolicy(admin, bucket, nullptr, user, privilege, resultAllow, resultExtra);
120 checkInvalidPolicy(admin, bucket, client, nullptr, privilege, resultAllow, resultExtra);
121 checkInvalidPolicy(admin, bucket, client, user, nullptr, resultAllow, resultExtra);
122 checkInvalidPolicy(admin, bucket, client, user, privilege, INT_MAX, resultExtra);
123 checkInvalidPolicy(admin, bucket, client, user, privilege, resultBucket, nullptr );
124 checkInvalidPolicy(admin, bucket, client, user, privilege, resultNone, resultExtra);
127 void tc05_admin_set_bucket_invalid_params_func()
129 CynaraTestAdmin admin;
131 const char *bucket = CYNARA_ADMIN_DEFAULT_BUCKET;
132 const int operationAllow = CYNARA_ADMIN_ALLOW;
133 const int operationDelete = CYNARA_ADMIN_DELETE;
134 const int operationNone = CYNARA_ADMIN_NONE;
135 const char *extra = nullptr;
137 admin.setBucket(nullptr, operationAllow, extra, CYNARA_API_INVALID_PARAM);
138 admin.setBucket(bucket, INT_MAX, extra, CYNARA_API_INVALID_PARAM);
139 admin.setBucket(bucket, operationDelete, extra, CYNARA_API_OPERATION_NOT_ALLOWED);
140 admin.setBucket(bucket, operationNone, extra, CYNARA_API_OPERATION_NOT_ALLOWED);
143 void tc06_cynara_check_empty_admin1_func()
145 CynaraTestClient cynara;
147 const char *client = "client06_1";
148 const char *session = "session06_1";
149 const char *user = "user06_1";
150 const char *privilege = "privilege06_1";
152 cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_DENIED);
155 void tc06_cynara_check_empty_admin2_func()
157 CynaraTestClient cynara;
159 const char *client = CYNARA_ADMIN_WILDCARD;
160 const char *session = "session06_2";
161 const char *user = CYNARA_ADMIN_WILDCARD;
162 const char *privilege = CYNARA_ADMIN_WILDCARD;
164 cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_DENIED);
167 void tc07_admin_set_bucket_admin_allow_deny_func()
169 CynaraTestAdmin admin;
170 CynaraTestClient cynara;
172 const char *bucket = CYNARA_ADMIN_DEFAULT_BUCKET;
173 const char *client = "client07";
174 const char *session = "session07";
175 const char *user = "user07";
176 const char *privilege = "privilege07";
177 const char *extra = nullptr;
179 admin.setBucket(bucket, CYNARA_ADMIN_ALLOW, extra);
181 cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_ALLOWED);
183 admin.setBucket(bucket, CYNARA_ADMIN_DENY, extra);
185 cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_DENIED);
188 void tc08_admin_set_policies_allow_remove1_func()
190 CynaraTestAdmin admin;
191 CynaraTestClient cynara;
193 const char *bucket = CYNARA_ADMIN_DEFAULT_BUCKET;
194 const char *session = "session08_1";
195 const int resultAllow = CYNARA_ADMIN_ALLOW;
196 const int resultDelete = CYNARA_ADMIN_DELETE;
197 const char *resultExtra = nullptr;
199 const std::vector< std::vector<const char *> > data = {
200 { "client08_1_a", "user08_1_a", "privilege08_1_a" },
201 { "client08_1_b", "user08_1_b", "privilege08_1_b" },
204 cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_DENIED);
205 cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED);
207 // allow first policy
209 CynaraPoliciesContainer cp;
210 cp.add(bucket, data[0][0], data[0][1], data[0][2], resultAllow, resultExtra);
211 admin.setPolicies(cp);
213 cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_ALLOWED);
214 cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED);
216 // allow second policy
218 CynaraPoliciesContainer cp;
219 cp.add(bucket, data[1][0], data[1][1], data[1][2], resultAllow, resultExtra);
220 admin.setPolicies(cp);
222 cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_ALLOWED);
223 cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_ALLOWED);
225 // delete first policy
227 CynaraPoliciesContainer cp;
228 cp.add(bucket, data[0][0], data[0][1], data[0][2], resultDelete, resultExtra);
229 admin.setPolicies(cp);
231 cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_DENIED);
232 cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_ALLOWED);
234 // delete second policy
236 CynaraPoliciesContainer cp;
237 cp.add(bucket, data[1][0], data[1][1], data[1][2], resultDelete, resultExtra);
238 admin.setPolicies(cp);
240 cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_DENIED);
241 cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED);
244 void tc08_admin_set_policies_allow_remove2_func()
246 CynaraTestAdmin admin;
247 CynaraTestClient cynara;
249 const char *bucket = CYNARA_ADMIN_DEFAULT_BUCKET;
250 const char *session = "session08_2";
251 const int resultAllow = CYNARA_ADMIN_ALLOW;
252 const int resultDelete = CYNARA_ADMIN_DELETE;
253 const char *resultExtra = nullptr;
255 const std::vector< std::vector<const char *> > data = {
256 { "client08_2_a", "user08_2_a", "privilege08_2_a" },
257 { "client08_2_b", "user08_2_b", "privilege08_2_b" },
260 cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_DENIED);
261 cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED);
263 // allow first policy
265 CynaraPoliciesContainer cp;
266 cp.add(bucket, data[0][0], data[0][1], data[0][2], resultAllow, resultExtra);
267 admin.setPolicies(cp);
269 cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_ALLOWED);
270 cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED);
272 // delete first, allow second policy
274 CynaraPoliciesContainer cp;
275 cp.add(bucket, data[0][0], data[0][1], data[0][2], resultDelete, resultExtra);
276 cp.add(bucket, data[1][0], data[1][1], data[1][2], resultAllow, resultExtra);
277 admin.setPolicies(cp);
279 cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_DENIED);
280 cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_ALLOWED);
282 // delete second policy
284 CynaraPoliciesContainer cp;
285 cp.add(bucket, data[1][0], data[1][1], data[1][2], resultDelete, resultExtra);
286 admin.setPolicies(cp);
289 cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_DENIED);
290 cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED);
293 void tc08_admin_set_policies_allow_remove3_func()
295 CynaraTestAdmin admin;
296 CynaraTestClient cynara;
298 const char *bucket = CYNARA_ADMIN_DEFAULT_BUCKET;
299 const char *session = "session08_3";
300 const int resultAllow = CYNARA_ADMIN_ALLOW;
301 const int resultDelete = CYNARA_ADMIN_DELETE;
302 const char *resultExtra = nullptr;
304 const std::vector< std::vector<const char *> > data = {
305 { "client08_3_a", "user08_3_a", "privilege08_3_a" },
306 { "client08_3_b", "user08_3_b", "privilege08_3_b" },
309 cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_DENIED);
310 cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED);
312 // allow first and second policy
314 CynaraPoliciesContainer cp;
315 cp.add(bucket, data[0][0], data[0][1], data[0][2], resultAllow, resultExtra);
316 cp.add(bucket, data[1][0], data[1][1], data[1][2], resultAllow, resultExtra);
317 admin.setPolicies(cp);
319 cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_ALLOWED);
320 cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_ALLOWED);
322 // delete first and second policy
324 CynaraPoliciesContainer cp;
325 cp.add(bucket, data[0][0], data[0][1], data[0][2], resultDelete, resultExtra);
326 cp.add(bucket, data[1][0], data[1][1], data[1][2], resultDelete, resultExtra);
327 admin.setPolicies(cp);
330 cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_DENIED);
331 cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED);
334 void checkAllDeny(const std::vector< std::vector<const char *> > &data,
337 CynaraTestClient cynara;
339 for (auto it = data.begin(); it != data.end(); ++it) {
340 RUNNER_ASSERT_MSG(it->size() == 3, "Wrong test data size");
343 for (auto itClient = data.begin(); itClient != data.end(); ++itClient) {
344 for (auto itUser = data.begin(); itUser != data.end(); ++itUser) {
345 for (auto itPrivilege = data.begin(); itPrivilege != data.end(); ++itPrivilege) {
346 cynara.check(itClient->at(0), session, itUser->at(1), itPrivilege->at(2), CYNARA_API_ACCESS_DENIED);
352 void checkSingleWildcardData(const std::vector< std::vector<const char *> > &data)
354 RUNNER_ASSERT_MSG(data.size() == 3, "Wrong test data size");
355 for (auto it = data.begin(); it != data.end(); ++it) {
356 RUNNER_ASSERT_MSG(it->size() == 3, "Wrong test data size");
360 void checkSingleWildcardAllowRestDeny(const std::vector< std::vector<const char *> > &data,
363 CynaraTestClient cynara;
365 checkSingleWildcardData(data);
367 for (size_t c = 0; c < data.size(); ++c) {
368 for (size_t u = 0; u < data.size(); ++u) {
369 for (size_t p = 0; p < data.size(); ++p) {
370 if ((u == 0 && p == 0)
371 || (c == 1 && p == 1)
372 || (c == 2 && u == 2)) {
373 cynara.check(data[c][0], session, data[u][1], data[p][2], CYNARA_API_ACCESS_ALLOWED);
375 cynara.check(data[c][0], session, data[u][1], data[p][2], CYNARA_API_ACCESS_DENIED);
382 void setSingleWildcardPolicies(const char *bucket,
383 const std::vector< std::vector<const char *> > &data,
384 const int result, const char* resultExtra)
386 CynaraTestAdmin admin;
387 CynaraPoliciesContainer cp;
389 checkSingleWildcardData(data);
392 CYNARA_ADMIN_WILDCARD, data[0][1], data[0][2],
393 result, resultExtra);
395 data[1][0], CYNARA_ADMIN_WILDCARD, data[1][2],
396 result, resultExtra);
398 data[2][0], data[2][1], CYNARA_ADMIN_WILDCARD,
399 result, resultExtra);
401 admin.setPolicies(cp);
404 void tc09_admin_set_policies_wildcard_accesses_func()
406 const char *bucket = CYNARA_ADMIN_DEFAULT_BUCKET;
407 const char *session = "session09";
408 const char *resultExtra = nullptr;
410 const std::vector< std::vector<const char *> > data = {
411 { "client09_a", "user09_a", "privilege09_a" },
412 { "client09_b", "user09_b", "privilege09_b" },
413 { "client09_c", "user09_c", "privilege09_c" }
416 checkAllDeny(data, session);
418 setSingleWildcardPolicies(bucket, data, CYNARA_ADMIN_ALLOW, resultExtra);
420 checkSingleWildcardAllowRestDeny(data, session);
422 setSingleWildcardPolicies(bucket, data, CYNARA_ADMIN_DELETE, resultExtra);
424 checkAllDeny(data, session);
427 void tc10_admin_change_extra_bucket_func()
429 CynaraTestAdmin admin;
430 CynaraTestClient cynara;
432 const char *bucketDefault = CYNARA_ADMIN_DEFAULT_BUCKET;
433 const char *bucket = "bucket10";
434 const char *session = "session10";
435 const char *extra = nullptr;
436 const char *extraResult = nullptr;
439 const std::vector< std::vector<const char *> > data = {
440 { "client10_a", "user10_a", "privilege10_a" },
441 { "client10_b", "user10_b", "privilege10_b" }
444 cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_DENIED);
445 cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED);
447 admin.setBucket(bucket, CYNARA_ADMIN_ALLOW, extra);
449 cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_DENIED);
450 cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED);
453 CynaraPoliciesContainer cp;
454 cp.add(bucketDefault,
455 data[0][0], data[0][1], data[0][2],
456 CYNARA_ADMIN_BUCKET, bucket);
457 admin.setPolicies(cp);
460 cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_ALLOWED);
461 cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED);
463 admin.setBucket(bucket, CYNARA_ADMIN_DENY, extra);
465 cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_DENIED);
466 cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED);
468 admin.setBucket(bucket, CYNARA_ADMIN_ALLOW, extra);
470 cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_ALLOWED);
471 cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED);
474 CynaraPoliciesContainer cp;
475 cp.add(bucketDefault,
476 data[0][0], data[0][1], data[0][2],
477 CYNARA_ADMIN_DELETE, extraResult);
478 admin.setPolicies(cp);
481 cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_DENIED);
482 cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED);
484 admin.setBucket(bucket, CYNARA_ADMIN_DELETE, extra);
487 void tc11_admin_bucket_not_found_func()
489 CynaraTestAdmin admin;
490 CynaraTestClient cynara;
492 const char *bucketDefault = CYNARA_ADMIN_DEFAULT_BUCKET;
493 const char *bucket = "bucket11";
494 const char *client = "client11";
495 const char *session = "session11";
496 const char *user = "user11";
497 const char *privilege = "privilege11";
499 cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_DENIED);
502 CynaraPoliciesContainer cp;
503 cp.add(bucketDefault,
504 client, user, privilege,
505 CYNARA_ADMIN_BUCKET, bucket);
506 admin.setPolicies(cp, CYNARA_API_BUCKET_NOT_FOUND);
508 cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_DENIED);
511 void tc12_admin_delete_bucket_with_policies_pointing_to_it_func()
513 CynaraTestAdmin admin;
514 CynaraTestClient cynara;
516 const char *bucketDefault = CYNARA_ADMIN_DEFAULT_BUCKET;
517 const char *bucket = "bucket12";
518 const char *client = "client12";
519 const char *session = "session12";
520 const char *user = "user12";
521 const char *privilege = "privilege12";
522 const char *extra = nullptr;
524 admin.setBucket(bucket, CYNARA_ADMIN_ALLOW, extra);
527 CynaraPoliciesContainer cp;
528 cp.add(bucketDefault,
529 client, user, privilege,
530 CYNARA_ADMIN_BUCKET, bucket);
531 admin.setPolicies(cp);
533 cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_ALLOWED);
535 admin.setBucket(bucket, CYNARA_ADMIN_DELETE, extra);
536 cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_DENIED);
538 admin.setBucket(bucket, CYNARA_ADMIN_ALLOW, extra);
539 cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_DENIED);
541 admin.setBucket(bucket, CYNARA_ADMIN_DELETE, extra);
542 cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_DENIED);
545 void tc13_admin_set_policies_to_extra_bucket_func()
547 CynaraTestAdmin admin;
548 CynaraTestClient cynara;
550 const char *bucketDefault = CYNARA_ADMIN_DEFAULT_BUCKET;
551 const char *bucket = "bucket13";
552 const char *client = "client13";
553 const char *session = "session13";
554 const char *user = "user13";
555 const char *privilege = "privilege13";
556 const char *extra = nullptr;
557 const char *extraResult = nullptr;
559 admin.setBucket(bucket, CYNARA_ADMIN_DENY, extra);
560 cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_DENIED);
563 CynaraPoliciesContainer cp;
564 cp.add(bucketDefault,
565 client, user, privilege,
566 CYNARA_ADMIN_BUCKET, bucket);
568 client, user, privilege,
569 CYNARA_ADMIN_ALLOW, extraResult);
570 admin.setPolicies(cp);
572 cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_ALLOWED);
574 admin.setBucket(bucket, CYNARA_ADMIN_DELETE, extra);
575 cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_DENIED);
578 void tc14_admin_set_policies_integrity_func()
580 const char *bucketDefault = CYNARA_ADMIN_DEFAULT_BUCKET;
581 const char *bucket = "bucket14";
582 const char *client = "client14";
583 const char *session = "session14";
584 const char *user = "user14";
585 const char *privilege = "privilege14";
586 const char *extraResult = nullptr;
589 CynaraTestClient cynara;
590 cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_DENIED);
594 CynaraTestAdmin admin;
595 CynaraPoliciesContainer cp;
596 cp.add(bucketDefault,
597 client, user, privilege,
598 CYNARA_ADMIN_ALLOW, extraResult);
600 client, user, privilege,
601 CYNARA_ADMIN_ALLOW, extraResult);
602 admin.setPolicies(cp, CYNARA_API_BUCKET_NOT_FOUND);
606 CynaraTestClient cynara;
607 cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_DENIED);
611 void tc15_admin_set_bucket_admin_none1_func()
613 CynaraTestAdmin admin;
614 CynaraTestClient cynara;
616 const char *bucketDefault = CYNARA_ADMIN_DEFAULT_BUCKET;
617 const char *bucket = "bucket15_1";
618 const char *client = "client15_1";
619 const char *session = "session15_1";
620 const char *user = "user15_1";
621 const char *privilege = "privilege15_1";
622 const char *extra = nullptr;
623 const char *extraResult = nullptr;
625 admin.setBucket(bucket, CYNARA_ADMIN_NONE, extra);
628 CynaraPoliciesContainer cp;
629 cp.add(bucketDefault,
630 client, user, privilege,
631 CYNARA_ADMIN_BUCKET, bucket);
633 client, user, privilege,
634 CYNARA_ADMIN_ALLOW, extraResult);
635 admin.setPolicies(cp);
637 cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_ALLOWED);
640 void tc15_admin_set_bucket_admin_none2_func()
642 CynaraTestAdmin admin;
643 CynaraTestClient cynara;
645 const char *bucketDefault = CYNARA_ADMIN_DEFAULT_BUCKET;
646 const char *bucket = "bucket15_2";
647 const char *client = "client15_2";
648 const char *session = "session15_2";
649 const char *user = "user15_2";
650 const char *privilege = "privilege15_2";
651 const char *extra = nullptr;
653 admin.setBucket(bucket, CYNARA_ADMIN_NONE, extra);
656 CynaraPoliciesContainer cp;
657 cp.add(bucketDefault,
658 client, user, privilege,
659 CYNARA_ADMIN_BUCKET, bucket);
660 admin.setPolicies(cp);
662 cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_DENIED);
665 void tc15_admin_set_bucket_admin_none3_func()
667 CynaraTestAdmin admin;
668 CynaraTestClient cynara;
670 const char *bucketDefault = CYNARA_ADMIN_DEFAULT_BUCKET;
671 const char *bucket = "bucket15_3";
672 const char *client = "client15_3";
673 const char *session = "session15_3";
674 const char *user = "user15_3";
675 const char *privilege = "privilege15_3";
676 const char *extra = nullptr;
677 const char *extraResult = nullptr;
679 admin.setBucket(bucket, CYNARA_ADMIN_NONE, extra);
682 CynaraPoliciesContainer cp;
683 cp.add(bucketDefault,
684 client, user, privilege,
685 CYNARA_ADMIN_BUCKET, bucket);
686 cp.add(bucketDefault,
687 client, user, CYNARA_ADMIN_WILDCARD,
688 CYNARA_ADMIN_ALLOW, extraResult);
689 admin.setPolicies(cp);
691 cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_ALLOWED);
694 void tc16_admin_check_single_bucket_func()
696 const char *bucketDefault = CYNARA_ADMIN_DEFAULT_BUCKET;
697 const char *client = "client16";
698 const char *user = "user16";
699 const char *privilege = "privilege16";
700 const char *extraResult = nullptr;
702 int notrecursive = 0;
704 CynaraTestAdmin admin;
706 admin.adminCheck(bucketDefault, recursive, client, user, privilege,
707 CYNARA_ADMIN_DENY, nullptr, CYNARA_API_SUCCESS);
708 admin.adminCheck(bucketDefault, notrecursive, client, user, privilege,
709 CYNARA_ADMIN_DENY, nullptr, CYNARA_API_SUCCESS);
711 CynaraPoliciesContainer cp;
712 cp.add(bucketDefault,
713 client, user, privilege,
714 CYNARA_ADMIN_ALLOW, extraResult);
715 admin.setPolicies(cp);
717 admin.adminCheck(bucketDefault, recursive, client, user, privilege,
718 CYNARA_ADMIN_ALLOW, nullptr, CYNARA_API_SUCCESS);
719 admin.adminCheck(bucketDefault, notrecursive, client, user, privilege,
720 CYNARA_ADMIN_ALLOW, nullptr, CYNARA_API_SUCCESS);
723 void tc17_admin_check_nested_bucket_func()
725 const char *bucketDefault = CYNARA_ADMIN_DEFAULT_BUCKET;
726 const char *bucket = "bucket17";
727 const char *client = "client17";
728 const char *user = "user17";
729 const char *privilege = "privilege17";
730 const char *extra = nullptr;
731 const char *extraResult = nullptr;
733 int notrecursive = 0;
735 CynaraTestAdmin admin;
736 admin.setBucket(bucket, CYNARA_ADMIN_DENY, extra);
738 admin.adminCheck(bucketDefault, recursive, client, user, privilege,
739 CYNARA_ADMIN_DENY, nullptr, CYNARA_API_SUCCESS);
740 admin.adminCheck(bucketDefault, notrecursive, client, user, privilege,
741 CYNARA_ADMIN_DENY, nullptr, CYNARA_API_SUCCESS);
742 admin.adminCheck(bucket, recursive, client, user, privilege,
743 CYNARA_ADMIN_DENY, nullptr, CYNARA_API_SUCCESS);
744 admin.adminCheck(bucket, notrecursive, client, user, privilege,
745 CYNARA_ADMIN_DENY, nullptr, CYNARA_API_SUCCESS);
748 CynaraPoliciesContainer cp;
749 cp.add(bucketDefault,
750 client, user, privilege,
751 CYNARA_ADMIN_BUCKET, bucket);
753 client, user, privilege,
754 CYNARA_ADMIN_ALLOW, extraResult);
755 admin.setPolicies(cp);
758 admin.adminCheck(bucketDefault, recursive, client, user, privilege,
759 CYNARA_ADMIN_ALLOW, nullptr, CYNARA_API_SUCCESS);
760 admin.adminCheck(bucketDefault, notrecursive, client, user, privilege,
761 CYNARA_ADMIN_DENY, nullptr, CYNARA_API_SUCCESS);
762 admin.adminCheck(bucket, recursive, client, user, privilege,
763 CYNARA_ADMIN_ALLOW, nullptr, CYNARA_API_SUCCESS);
764 admin.adminCheck(bucket, notrecursive, client, user, privilege,
765 CYNARA_ADMIN_ALLOW, nullptr, CYNARA_API_SUCCESS);
768 void tc18_admin_check_multiple_matches_func()
770 const char *bucketDefault = CYNARA_ADMIN_DEFAULT_BUCKET;
771 const char *client = "client18";
772 const char *user = "user18";
773 const char *privilege = "privilege18";
774 const char *wildcard = CYNARA_ADMIN_WILDCARD;
775 const char *extra = nullptr;
776 const char *extraResult = nullptr;
778 int notrecursive = 0;
780 CynaraTestAdmin admin;
782 auto check = [&](int expected_result)
784 admin.adminCheck(bucketDefault, recursive, client, user, privilege,
785 expected_result, nullptr, CYNARA_API_SUCCESS);
786 admin.adminCheck(bucketDefault, notrecursive, client, user, privilege,
787 expected_result, nullptr, CYNARA_API_SUCCESS);
790 check(CYNARA_ADMIN_DENY);
793 CynaraPoliciesContainer cp;
794 cp.add(bucketDefault,
795 client, user, privilege,
796 CYNARA_ADMIN_ALLOW, extraResult);
797 admin.setPolicies(cp);
800 check(CYNARA_ADMIN_ALLOW);
803 CynaraPoliciesContainer cp;
804 cp.add(bucketDefault,
805 wildcard, user, privilege,
806 CYNARA_ADMIN_DENY, extraResult);
807 admin.setPolicies(cp);
810 check(CYNARA_ADMIN_DENY);
812 admin.setBucket(bucketDefault, CYNARA_ADMIN_ALLOW, extra);
814 check(CYNARA_ADMIN_DENY);
817 CynaraPoliciesContainer cp;
818 cp.add(bucketDefault,
819 client, user, privilege,
820 CYNARA_ADMIN_DELETE, extraResult);
821 admin.setPolicies(cp);
824 check(CYNARA_ADMIN_DENY);
827 CynaraPoliciesContainer cp;
828 cp.add(bucketDefault,
829 wildcard, user, privilege,
830 CYNARA_ADMIN_DELETE, extraResult);
831 admin.setPolicies(cp);
834 check(CYNARA_ADMIN_ALLOW);
837 void tc19_admin_check_none_bucket_func()
839 const char *bucketDefault = CYNARA_ADMIN_DEFAULT_BUCKET;
840 const char *bucket1 = "bucket19_a";
841 const char *bucket2 = "bucket19_b";
842 const char *client = "client19";
843 const char *user = "user19";
844 const char *privilege = "privilege19";
845 const char *extra = nullptr;
847 int notrecursive = 0;
849 CynaraTestAdmin admin;
850 admin.setBucket(bucket1, CYNARA_ADMIN_NONE, extra);
851 admin.setBucket(bucket2, CYNARA_ADMIN_ALLOW, extra);
853 admin.adminCheck(bucketDefault, recursive, client, user, privilege,
854 CYNARA_ADMIN_DENY, nullptr, CYNARA_API_SUCCESS);
855 admin.adminCheck(bucketDefault, notrecursive, client, user, privilege,
856 CYNARA_ADMIN_DENY, nullptr, CYNARA_API_SUCCESS);
857 admin.adminCheck(bucket1, recursive, client, user, privilege,
858 CYNARA_ADMIN_NONE, nullptr, CYNARA_API_SUCCESS);
859 admin.adminCheck(bucket1, notrecursive, client, user, privilege,
860 CYNARA_ADMIN_NONE, nullptr, CYNARA_API_SUCCESS);
861 admin.adminCheck(bucket2, recursive, client, user, privilege,
862 CYNARA_ADMIN_ALLOW, nullptr, CYNARA_API_SUCCESS);
863 admin.adminCheck(bucket2, notrecursive, client, user, privilege,
864 CYNARA_ADMIN_ALLOW, nullptr, CYNARA_API_SUCCESS);
867 CynaraPoliciesContainer cp;
868 cp.add(bucketDefault,
869 client, user, privilege,
870 CYNARA_ADMIN_BUCKET, bucket1);
872 client, user, privilege,
873 CYNARA_ADMIN_BUCKET, bucket2);
874 admin.setPolicies(cp);
877 admin.adminCheck(bucketDefault, recursive, client, user, privilege,
878 CYNARA_ADMIN_ALLOW, nullptr, CYNARA_API_SUCCESS);
879 admin.adminCheck(bucketDefault, notrecursive, client, user, privilege,
880 CYNARA_ADMIN_DENY, nullptr, CYNARA_API_SUCCESS);
881 admin.adminCheck(bucket1, recursive, client, user, privilege,
882 CYNARA_ADMIN_ALLOW, nullptr, CYNARA_API_SUCCESS);
883 admin.adminCheck(bucket1, notrecursive, client, user, privilege,
884 CYNARA_ADMIN_NONE, nullptr, CYNARA_API_SUCCESS);
885 admin.adminCheck(bucket2, recursive, client, user, privilege,
886 CYNARA_ADMIN_ALLOW, nullptr, CYNARA_API_SUCCESS);
887 admin.adminCheck(bucket2, notrecursive, client, user, privilege,
888 CYNARA_ADMIN_ALLOW, nullptr, CYNARA_API_SUCCESS);
891 RUNNER_TEST_GROUP_INIT(cynara_tests)
893 RUN_CYNARA_TEST(tc01_cynara_initialize)
894 RUN_CYNARA_TEST(tc02_admin_initialize)
895 RUN_CYNARA_TEST(tc03_cynara_check_invalid_params)
896 RUN_CYNARA_TEST(tc04_admin_set_policies_invalid_params)
897 RUN_CYNARA_TEST(tc05_admin_set_bucket_invalid_params)
898 RUN_CYNARA_TEST(tc06_cynara_check_empty_admin1)
899 RUN_CYNARA_TEST(tc06_cynara_check_empty_admin2)
900 RUN_CYNARA_TEST(tc07_admin_set_bucket_admin_allow_deny)
901 RUN_CYNARA_TEST(tc08_admin_set_policies_allow_remove1)
902 RUN_CYNARA_TEST(tc08_admin_set_policies_allow_remove2)
903 RUN_CYNARA_TEST(tc08_admin_set_policies_allow_remove3)
904 RUN_CYNARA_TEST(tc09_admin_set_policies_wildcard_accesses)
905 RUN_CYNARA_TEST(tc10_admin_change_extra_bucket)
906 RUN_CYNARA_TEST(tc11_admin_bucket_not_found)
907 RUN_CYNARA_TEST(tc12_admin_delete_bucket_with_policies_pointing_to_it)
908 RUN_CYNARA_TEST(tc13_admin_set_policies_to_extra_bucket)
909 RUN_CYNARA_TEST(tc14_admin_set_policies_integrity)
910 RUN_CYNARA_TEST(tc15_admin_set_bucket_admin_none1)
911 RUN_CYNARA_TEST(tc15_admin_set_bucket_admin_none2)
912 RUN_CYNARA_TEST(tc15_admin_set_bucket_admin_none3)
913 RUN_CYNARA_TEST(tc16_admin_check_single_bucket)
914 RUN_CYNARA_TEST(tc17_admin_check_nested_bucket)
915 RUN_CYNARA_TEST(tc18_admin_check_multiple_matches)
916 RUN_CYNARA_TEST(tc19_admin_check_none_bucket)
projects / platform / core / test / security-tests.git / blob