2 * Copyright (c) 2014 Samsung Electronics Co., Ltd
4 * Licensed under the Apache License, Version 2.0 (the License);
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an AS IS BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
18 * @file test_cases.cpp
19 * @author Aleksander Zdyb <a.zdyb@partner.samsung.com>
20 * @author Marcin Niesluchowski <m.niesluchow@samsung.com>
22 * @brief Tests for libcynara-client and libcynara-admin
25 #include <tests_common.h>
26 #include <cynara_test_client.h>
27 #include <cynara_test_admin.h>
31 RUNNER_TEST_GROUP_INIT(cynara_tests)
33 RUNNER_TEST(tc01_cynara_initialize) {
34 CynaraTestClient cynara;
37 RUNNER_TEST(tc02_admin_initialize) {
38 CynaraTestAdmin admin;
41 RUNNER_TEST(tc03_cynara_check_invalid_params) {
42 CynaraTestClient cynara;
44 const char *client = "client03";
45 const char *user = "user03";
46 const char *privilege = "privilege03";
47 const char *session = "session03";
49 cynara.check(nullptr, session, user, privilege, CYNARA_API_INVALID_PARAM);
50 cynara.check(client, nullptr, user, privilege, CYNARA_API_INVALID_PARAM);
51 cynara.check(client, session, nullptr, privilege, CYNARA_API_INVALID_PARAM);
52 cynara.check(client, session, user, nullptr, CYNARA_API_INVALID_PARAM);
55 void checkInvalidPolicy(CynaraTestAdmin &admin,
59 const char *privilege,
61 const char *resultExtra)
63 CynaraPoliciesContainer cp;
64 cp.add(bucket, client, user, privilege, result, resultExtra);
66 admin.setPolicies(cp, CYNARA_ADMIN_API_INVALID_PARAM);
69 RUNNER_TEST(tc04_admin_set_policies_invalid_params) {
70 CynaraTestAdmin admin;
72 const char *bucket = CYNARA_ADMIN_DEFAULT_BUCKET;
73 const char *client = "client04";
74 const char *user = "user04";
75 const char *privilege = "privilege04";
76 const int resultAllow = CYNARA_ADMIN_ALLOW;
77 const int resultBucket = CYNARA_ADMIN_BUCKET;
78 const char *resultExtra = nullptr;
80 checkInvalidPolicy(admin, nullptr, client, user, privilege, resultAllow, resultExtra);
81 checkInvalidPolicy(admin, bucket, nullptr, user, privilege, resultAllow, resultExtra);
82 checkInvalidPolicy(admin, bucket, client, nullptr, privilege, resultAllow, resultExtra);
83 checkInvalidPolicy(admin, bucket, client, user, nullptr, resultAllow, resultExtra);
84 checkInvalidPolicy(admin, bucket, client, user, privilege, INT_MAX, resultExtra);
85 checkInvalidPolicy(admin, bucket, client, user, privilege, resultBucket, nullptr );
88 RUNNER_TEST(tc05_admin_set_bucket_invalid_params) {
89 CynaraTestAdmin admin;
91 const char *bucket = CYNARA_ADMIN_DEFAULT_BUCKET;
92 const int operationAllow = CYNARA_ADMIN_ALLOW;
93 const int operationDelete = CYNARA_ADMIN_DELETE;
94 const char *extra = nullptr;
96 admin.setBucket(nullptr, operationAllow, extra, CYNARA_ADMIN_API_INVALID_PARAM);
97 admin.setBucket(bucket, INT_MAX, extra, CYNARA_ADMIN_API_INVALID_PARAM);
98 admin.setBucket(bucket, operationDelete, extra, CYNARA_ADMIN_API_OPERATION_NOT_ALLOWED);
101 RUNNER_TEST(tc06_cynara_check_empty_admin1)
103 CynaraTestClient cynara;
105 const char *client = "client06_1";
106 const char *session = "session06_1";
107 const char *user = "user06_1";
108 const char *privilege = "privilege06_1";
110 cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_DENIED);
113 RUNNER_TEST(tc06_cynara_check_empty_admin2)
115 CynaraTestClient cynara;
117 const char *client = CYNARA_ADMIN_WILDCARD;
118 const char *session = "session06_2";
119 const char *user = CYNARA_ADMIN_WILDCARD;
120 const char *privilege = CYNARA_ADMIN_WILDCARD;
122 cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_DENIED);
125 RUNNER_TEST(tc07_admin_set_bucket_admin_allow_deny)
127 CynaraTestAdmin admin;
128 CynaraTestClient cynara;
130 const char *bucket = CYNARA_ADMIN_DEFAULT_BUCKET;
131 const char *client = "client07";
132 const char *session = "session07";
133 const char *user = "user07";
134 const char *privilege = "privilege07";
135 const char *extra = nullptr;
137 admin.setBucket(bucket, CYNARA_ADMIN_ALLOW, extra);
139 cynara.check(client, session, user, privilege, CYNARA_API_SUCCESS);
141 admin.setBucket(bucket, CYNARA_ADMIN_DENY, extra);
143 cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_DENIED);
146 RUNNER_TEST(tc08_admin_set_policies_allow_remove1)
148 CynaraTestAdmin admin;
149 CynaraTestClient cynara;
151 const char *bucket = CYNARA_ADMIN_DEFAULT_BUCKET;
152 const char *session = "session08_1";
153 const int resultAllow = CYNARA_ADMIN_ALLOW;
154 const int resultDelete = CYNARA_ADMIN_DELETE;
155 const char *resultExtra = nullptr;
157 const std::vector< std::vector<const char *> > data = {
158 { "client08_1_a", "user08_1_a", "privilege08_1_a" },
159 { "client08_1_b", "user08_1_b", "privilege08_1_b" },
162 cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_DENIED);
163 cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED);
165 // allow first policy
167 CynaraPoliciesContainer cp;
168 cp.add(bucket, data[0][0], data[0][1], data[0][2], resultAllow, resultExtra);
169 admin.setPolicies(cp);
171 cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_SUCCESS);
172 cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED);
174 // allow second policy
176 CynaraPoliciesContainer cp;
177 cp.add(bucket, data[1][0], data[1][1], data[1][2], resultAllow, resultExtra);
178 admin.setPolicies(cp);
180 cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_SUCCESS);
181 cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_SUCCESS);
183 // delete first policy
185 CynaraPoliciesContainer cp;
186 cp.add(bucket, data[0][0], data[0][1], data[0][2], resultDelete, resultExtra);
187 admin.setPolicies(cp);
189 cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_DENIED);
190 cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_SUCCESS);
192 // delete second policy
194 CynaraPoliciesContainer cp;
195 cp.add(bucket, data[1][0], data[1][1], data[1][2], resultDelete, resultExtra);
196 admin.setPolicies(cp);
198 cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_DENIED);
199 cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED);
202 RUNNER_TEST(tc08_admin_set_policies_allow_remove2)
204 CynaraTestAdmin admin;
205 CynaraTestClient cynara;
207 const char *bucket = CYNARA_ADMIN_DEFAULT_BUCKET;
208 const char *session = "session08_2";
209 const int resultAllow = CYNARA_ADMIN_ALLOW;
210 const int resultDelete = CYNARA_ADMIN_DELETE;
211 const char *resultExtra = nullptr;
213 const std::vector< std::vector<const char *> > data = {
214 { "client08_2_a", "user08_2_a", "privilege08_2_a" },
215 { "client08_2_b", "user08_2_b", "privilege08_2_b" },
218 cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_DENIED);
219 cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED);
221 // allow first policy
223 CynaraPoliciesContainer cp;
224 cp.add(bucket, data[0][0], data[0][1], data[0][2], resultAllow, resultExtra);
225 admin.setPolicies(cp);
227 cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_SUCCESS);
228 cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED);
230 // delete first, allow second policy
232 CynaraPoliciesContainer cp;
233 cp.add(bucket, data[0][0], data[0][1], data[0][2], resultDelete, resultExtra);
234 cp.add(bucket, data[1][0], data[1][1], data[1][2], resultAllow, resultExtra);
235 admin.setPolicies(cp);
237 cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_DENIED);
238 cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_SUCCESS);
240 // delete second policy
242 CynaraPoliciesContainer cp;
243 cp.add(bucket, data[1][0], data[1][1], data[1][2], resultDelete, resultExtra);
244 admin.setPolicies(cp);
247 cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_DENIED);
248 cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED);
251 RUNNER_TEST(tc08_admin_set_policies_allow_remove3)
253 CynaraTestAdmin admin;
254 CynaraTestClient cynara;
256 const char *bucket = CYNARA_ADMIN_DEFAULT_BUCKET;
257 const char *session = "session08_3";
258 const int resultAllow = CYNARA_ADMIN_ALLOW;
259 const int resultDelete = CYNARA_ADMIN_DELETE;
260 const char *resultExtra = nullptr;
262 const std::vector< std::vector<const char *> > data = {
263 { "client08_3_a", "user08_3_a", "privilege08_3_a" },
264 { "client08_3_b", "user08_3_b", "privilege08_3_b" },
267 cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_DENIED);
268 cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED);
270 // allow first and second policy
272 CynaraPoliciesContainer cp;
273 cp.add(bucket, data[0][0], data[0][1], data[0][2], resultAllow, resultExtra);
274 cp.add(bucket, data[1][0], data[1][1], data[1][2], resultAllow, resultExtra);
275 admin.setPolicies(cp);
277 cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_SUCCESS);
278 cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_SUCCESS);
280 // delete first and second policy
282 CynaraPoliciesContainer cp;
283 cp.add(bucket, data[0][0], data[0][1], data[0][2], resultDelete, resultExtra);
284 cp.add(bucket, data[1][0], data[1][1], data[1][2], resultDelete, resultExtra);
285 admin.setPolicies(cp);
288 cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_DENIED);
289 cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED);
292 void checkAllDeny(const std::vector< std::vector<const char *> > &data,
295 CynaraTestClient cynara;
297 for (auto it = data.begin(); it != data.end(); ++it) {
298 RUNNER_ASSERT_MSG_BT(it->size() == 3, "Wrong test data size");
301 for (auto itClient = data.begin(); itClient != data.end(); ++itClient) {
302 for (auto itUser = data.begin(); itUser != data.end(); ++itUser) {
303 for (auto itPrivilege = data.begin(); itPrivilege != data.end(); ++itPrivilege) {
304 cynara.check(itClient->at(0), session, itUser->at(1), itPrivilege->at(2), CYNARA_API_ACCESS_DENIED);
310 void checkSingleWildcardData(const std::vector< std::vector<const char *> > &data)
312 RUNNER_ASSERT_MSG_BT(data.size() == 3, "Wrong test data size");
313 for (auto it = data.begin(); it != data.end(); ++it) {
314 RUNNER_ASSERT_MSG_BT(it->size() == 3, "Wrong test data size");
318 void checkSingleWildcardAllowRestDeny(const std::vector< std::vector<const char *> > &data,
321 CynaraTestClient cynara;
323 checkSingleWildcardData(data);
325 for (size_t c = 0; c < data.size(); ++c) {
326 for (size_t u = 0; u < data.size(); ++u) {
327 for (size_t p = 0; p < data.size(); ++p) {
328 if ((u == 0 && p == 0)
329 || (c == 1 && p == 1)
330 || (c == 2 && u == 2)) {
331 cynara.check(data[c][0], session, data[u][1], data[p][2], CYNARA_API_SUCCESS);
333 cynara.check(data[c][0], session, data[u][1], data[p][2], CYNARA_API_ACCESS_DENIED);
340 void setSingleWildcardPolicies(const char *bucket,
341 const std::vector< std::vector<const char *> > &data,
342 const int result, const char* resultExtra)
344 CynaraTestAdmin admin;
345 CynaraPoliciesContainer cp;
347 checkSingleWildcardData(data);
350 CYNARA_ADMIN_WILDCARD, data[0][1], data[0][2],
351 result, resultExtra);
353 data[1][0], CYNARA_ADMIN_WILDCARD, data[1][2],
354 result, resultExtra);
356 data[2][0], data[2][1], CYNARA_ADMIN_WILDCARD,
357 result, resultExtra);
359 admin.setPolicies(cp);
362 RUNNER_TEST(tc09_admin_set_policies_wildcard_accesses)
364 const char *bucket = CYNARA_ADMIN_DEFAULT_BUCKET;
365 const char *session = "session09";
366 const char *resultExtra = nullptr;
368 const std::vector< std::vector<const char *> > data = {
369 { "client09_a", "user09_a", "privilege09_a" },
370 { "client09_b", "user09_b", "privilege09_b" },
371 { "client09_c", "user09_c", "privilege09_c" }
374 checkAllDeny(data, session);
376 setSingleWildcardPolicies(bucket, data, CYNARA_ADMIN_ALLOW, resultExtra);
378 checkSingleWildcardAllowRestDeny(data, session);
380 setSingleWildcardPolicies(bucket, data, CYNARA_ADMIN_DELETE, resultExtra);
382 checkAllDeny(data, session);
385 RUNNER_TEST(tc10_admin_change_extra_bucket)
387 CynaraTestAdmin admin;
388 CynaraTestClient cynara;
390 const char *bucketDefault = CYNARA_ADMIN_DEFAULT_BUCKET;
391 const char *bucket = "bucket10";
392 const char *session = "session10";
393 const char *extra = nullptr;
394 const char *extraResult = nullptr;
397 const std::vector< std::vector<const char *> > data = {
398 { "client10_a", "user10_a", "privilege10_a" },
399 { "client10_b", "user10_b", "privilege10_b" }
402 cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_DENIED);
403 cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED);
405 admin.setBucket(bucket, CYNARA_ADMIN_ALLOW, extra);
407 cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_DENIED);
408 cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED);
411 CynaraPoliciesContainer cp;
412 cp.add(bucketDefault,
413 data[0][0], data[0][1], data[0][2],
414 CYNARA_ADMIN_BUCKET, bucket);
415 admin.setPolicies(cp);
418 cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_SUCCESS);
419 cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED);
421 admin.setBucket(bucket, CYNARA_ADMIN_DENY, extra);
423 cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_DENIED);
424 cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED);
426 admin.setBucket(bucket, CYNARA_ADMIN_ALLOW, extra);
428 cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_SUCCESS);
429 cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED);
432 CynaraPoliciesContainer cp;
433 cp.add(bucketDefault,
434 data[0][0], data[0][1], data[0][2],
435 CYNARA_ADMIN_DELETE, extraResult);
436 admin.setPolicies(cp);
439 cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_DENIED);
440 cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED);
442 admin.setBucket(bucket, CYNARA_ADMIN_DELETE, extra);
445 RUNNER_TEST(tc11_admin_bucket_not_found)
447 CynaraTestAdmin admin;
448 CynaraTestClient cynara;
450 const char *bucketDefault = CYNARA_ADMIN_DEFAULT_BUCKET;
451 const char *bucket = "bucket11";
452 const char *client = "client11";
453 const char *session = "session11";
454 const char *user = "user11";
455 const char *privilege = "privilege11";
457 cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_DENIED);
460 CynaraPoliciesContainer cp;
461 cp.add(bucketDefault,
462 client, user, privilege,
463 CYNARA_ADMIN_BUCKET, bucket);
464 admin.setPolicies(cp, CYNARA_ADMIN_API_BUCKET_NOT_FOUND);
466 cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_DENIED);
469 RUNNER_TEST(tc12_admin_delete_bucket_with_policies_pointing_to_it)
471 CynaraTestAdmin admin;
472 CynaraTestClient cynara;
474 const char *bucketDefault = CYNARA_ADMIN_DEFAULT_BUCKET;
475 const char *bucket = "bucket12";
476 const char *client = "client12";
477 const char *session = "session12";
478 const char *user = "user12";
479 const char *privilege = "privilege12";
480 const char *extra = nullptr;
482 admin.setBucket(bucket, CYNARA_ADMIN_ALLOW, extra);
485 CynaraPoliciesContainer cp;
486 cp.add(bucketDefault,
487 client, user, privilege,
488 CYNARA_ADMIN_BUCKET, bucket);
489 admin.setPolicies(cp);
491 cynara.check(client, session, user, privilege, CYNARA_API_SUCCESS);
493 admin.setBucket(bucket, CYNARA_ADMIN_DELETE, extra);
494 cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_DENIED);
496 admin.setBucket(bucket, CYNARA_ADMIN_ALLOW, extra);
497 cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_DENIED);
499 admin.setBucket(bucket, CYNARA_ADMIN_DELETE, extra);
500 cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_DENIED);
503 RUNNER_TEST(tc13_admin_set_policies_to_extra_bucket)
505 CynaraTestAdmin admin;
506 CynaraTestClient cynara;
508 const char *bucketDefault = CYNARA_ADMIN_DEFAULT_BUCKET;
509 const char *bucket = "bucket13";
510 const char *client = "client13";
511 const char *session = "session13";
512 const char *user = "user13";
513 const char *privilege = "privilege13";
514 const char *extra = nullptr;
515 const char *extraResult = nullptr;
517 admin.setBucket(bucket, CYNARA_ADMIN_DENY, extra);
518 cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_DENIED);
521 CynaraPoliciesContainer cp;
522 cp.add(bucketDefault,
523 client, user, privilege,
524 CYNARA_ADMIN_BUCKET, bucket);
526 client, user, privilege,
527 CYNARA_ADMIN_ALLOW, extraResult);
528 admin.setPolicies(cp);
530 cynara.check(client, session, user, privilege, CYNARA_API_SUCCESS);
532 admin.setBucket(bucket, CYNARA_ADMIN_DELETE, extra);
533 cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_DENIED);