2 * Copyright (c) 2014 Samsung Electronics Co., Ltd
4 * Licensed under the Apache License, Version 2.0 (the License);
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an AS IS BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
18 * @file test_cases.cpp
19 * @author Aleksander Zdyb <a.zdyb@partner.samsung.com>
20 * @author Marcin Niesluchowski <m.niesluchow@samsung.com>
22 * @brief Tests for libcynara-client and libcynara-admin
25 #include <dpl/exception.h>
26 #include <tests_common.h>
27 #include <cynara_test_client.h>
28 #include <cynara_test_admin.h>
29 #include <cynara_test_env.h>
34 void environmentWrap(const char *testName, const std::function<void(void)> &func)
36 CynaraTestEnv env(testName);
41 } catch (const DPL::Test::TestRunner::TestFailed &e) {
44 } catch (const DPL::Test::TestRunner::Ignored &e) {
47 } catch (const DPL::Exception &e) {
50 } catch (const std::exception &e) {
55 throw std::runtime_error("Unknown exception");
60 #define RUN_CYNARA_TEST(Proc) \
63 environmentWrap(#Proc, Proc##_func); \
66 void tc01_cynara_initialize_func()
71 void tc02_admin_initialize_func()
73 CynaraTestAdmin admin;
76 void tc03_cynara_check_invalid_params_func()
78 CynaraTestClient cynara;
80 const char *client = "client03";
81 const char *user = "user03";
82 const char *privilege = "privilege03";
83 const char *session = "session03";
85 cynara.check(nullptr, session, user, privilege, CYNARA_API_INVALID_PARAM);
86 cynara.check(client, nullptr, user, privilege, CYNARA_API_INVALID_PARAM);
87 cynara.check(client, session, nullptr, privilege, CYNARA_API_INVALID_PARAM);
88 cynara.check(client, session, user, nullptr, CYNARA_API_INVALID_PARAM);
91 void checkInvalidPolicy(CynaraTestAdmin &admin,
95 const char *privilege,
97 const char *resultExtra)
99 CynaraPoliciesContainer cp;
100 cp.add(bucket, client, user, privilege, result, resultExtra);
102 admin.setPolicies(cp, CYNARA_ADMIN_API_INVALID_PARAM);
105 void tc04_admin_set_policies_invalid_params_func()
107 CynaraTestAdmin admin;
109 const char *bucket = CYNARA_ADMIN_DEFAULT_BUCKET;
110 const char *client = "client04";
111 const char *user = "user04";
112 const char *privilege = "privilege04";
113 const int resultAllow = CYNARA_ADMIN_ALLOW;
114 const int resultBucket = CYNARA_ADMIN_BUCKET;
115 const char *resultExtra = nullptr;
117 checkInvalidPolicy(admin, nullptr, client, user, privilege, resultAllow, resultExtra);
118 checkInvalidPolicy(admin, bucket, nullptr, user, privilege, resultAllow, resultExtra);
119 checkInvalidPolicy(admin, bucket, client, nullptr, privilege, resultAllow, resultExtra);
120 checkInvalidPolicy(admin, bucket, client, user, nullptr, resultAllow, resultExtra);
121 checkInvalidPolicy(admin, bucket, client, user, privilege, INT_MAX, resultExtra);
122 checkInvalidPolicy(admin, bucket, client, user, privilege, resultBucket, nullptr );
125 void tc05_admin_set_bucket_invalid_params_func()
127 CynaraTestAdmin admin;
129 const char *bucket = CYNARA_ADMIN_DEFAULT_BUCKET;
130 const int operationAllow = CYNARA_ADMIN_ALLOW;
131 const int operationDelete = CYNARA_ADMIN_DELETE;
132 const char *extra = nullptr;
134 admin.setBucket(nullptr, operationAllow, extra, CYNARA_ADMIN_API_INVALID_PARAM);
135 admin.setBucket(bucket, INT_MAX, extra, CYNARA_ADMIN_API_INVALID_PARAM);
136 admin.setBucket(bucket, operationDelete, extra, CYNARA_ADMIN_API_OPERATION_NOT_ALLOWED);
139 void tc06_cynara_check_empty_admin1_func()
141 CynaraTestClient cynara;
143 const char *client = "client06_1";
144 const char *session = "session06_1";
145 const char *user = "user06_1";
146 const char *privilege = "privilege06_1";
148 cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_DENIED);
151 void tc06_cynara_check_empty_admin2_func()
153 CynaraTestClient cynara;
155 const char *client = CYNARA_ADMIN_WILDCARD;
156 const char *session = "session06_2";
157 const char *user = CYNARA_ADMIN_WILDCARD;
158 const char *privilege = CYNARA_ADMIN_WILDCARD;
160 cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_DENIED);
163 void tc07_admin_set_bucket_admin_allow_deny_func()
165 CynaraTestAdmin admin;
166 CynaraTestClient cynara;
168 const char *bucket = CYNARA_ADMIN_DEFAULT_BUCKET;
169 const char *client = "client07";
170 const char *session = "session07";
171 const char *user = "user07";
172 const char *privilege = "privilege07";
173 const char *extra = nullptr;
175 admin.setBucket(bucket, CYNARA_ADMIN_ALLOW, extra);
177 cynara.check(client, session, user, privilege, CYNARA_API_SUCCESS);
179 admin.setBucket(bucket, CYNARA_ADMIN_DENY, extra);
181 cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_DENIED);
184 void tc08_admin_set_policies_allow_remove1_func()
186 CynaraTestAdmin admin;
187 CynaraTestClient cynara;
189 const char *bucket = CYNARA_ADMIN_DEFAULT_BUCKET;
190 const char *session = "session08_1";
191 const int resultAllow = CYNARA_ADMIN_ALLOW;
192 const int resultDelete = CYNARA_ADMIN_DELETE;
193 const char *resultExtra = nullptr;
195 const std::vector< std::vector<const char *> > data = {
196 { "client08_1_a", "user08_1_a", "privilege08_1_a" },
197 { "client08_1_b", "user08_1_b", "privilege08_1_b" },
200 cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_DENIED);
201 cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED);
203 // allow first policy
205 CynaraPoliciesContainer cp;
206 cp.add(bucket, data[0][0], data[0][1], data[0][2], resultAllow, resultExtra);
207 admin.setPolicies(cp);
209 cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_SUCCESS);
210 cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED);
212 // allow second policy
214 CynaraPoliciesContainer cp;
215 cp.add(bucket, data[1][0], data[1][1], data[1][2], resultAllow, resultExtra);
216 admin.setPolicies(cp);
218 cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_SUCCESS);
219 cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_SUCCESS);
221 // delete first policy
223 CynaraPoliciesContainer cp;
224 cp.add(bucket, data[0][0], data[0][1], data[0][2], resultDelete, resultExtra);
225 admin.setPolicies(cp);
227 cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_DENIED);
228 cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_SUCCESS);
230 // delete second policy
232 CynaraPoliciesContainer cp;
233 cp.add(bucket, data[1][0], data[1][1], data[1][2], resultDelete, resultExtra);
234 admin.setPolicies(cp);
236 cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_DENIED);
237 cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED);
240 void tc08_admin_set_policies_allow_remove2_func()
242 CynaraTestAdmin admin;
243 CynaraTestClient cynara;
245 const char *bucket = CYNARA_ADMIN_DEFAULT_BUCKET;
246 const char *session = "session08_2";
247 const int resultAllow = CYNARA_ADMIN_ALLOW;
248 const int resultDelete = CYNARA_ADMIN_DELETE;
249 const char *resultExtra = nullptr;
251 const std::vector< std::vector<const char *> > data = {
252 { "client08_2_a", "user08_2_a", "privilege08_2_a" },
253 { "client08_2_b", "user08_2_b", "privilege08_2_b" },
256 cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_DENIED);
257 cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED);
259 // allow first policy
261 CynaraPoliciesContainer cp;
262 cp.add(bucket, data[0][0], data[0][1], data[0][2], resultAllow, resultExtra);
263 admin.setPolicies(cp);
265 cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_SUCCESS);
266 cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED);
268 // delete first, allow second policy
270 CynaraPoliciesContainer cp;
271 cp.add(bucket, data[0][0], data[0][1], data[0][2], resultDelete, resultExtra);
272 cp.add(bucket, data[1][0], data[1][1], data[1][2], resultAllow, resultExtra);
273 admin.setPolicies(cp);
275 cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_DENIED);
276 cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_SUCCESS);
278 // delete second policy
280 CynaraPoliciesContainer cp;
281 cp.add(bucket, data[1][0], data[1][1], data[1][2], resultDelete, resultExtra);
282 admin.setPolicies(cp);
285 cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_DENIED);
286 cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED);
289 void tc08_admin_set_policies_allow_remove3_func()
291 CynaraTestAdmin admin;
292 CynaraTestClient cynara;
294 const char *bucket = CYNARA_ADMIN_DEFAULT_BUCKET;
295 const char *session = "session08_3";
296 const int resultAllow = CYNARA_ADMIN_ALLOW;
297 const int resultDelete = CYNARA_ADMIN_DELETE;
298 const char *resultExtra = nullptr;
300 const std::vector< std::vector<const char *> > data = {
301 { "client08_3_a", "user08_3_a", "privilege08_3_a" },
302 { "client08_3_b", "user08_3_b", "privilege08_3_b" },
305 cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_DENIED);
306 cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED);
308 // allow first and second policy
310 CynaraPoliciesContainer cp;
311 cp.add(bucket, data[0][0], data[0][1], data[0][2], resultAllow, resultExtra);
312 cp.add(bucket, data[1][0], data[1][1], data[1][2], resultAllow, resultExtra);
313 admin.setPolicies(cp);
315 cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_SUCCESS);
316 cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_SUCCESS);
318 // delete first and second policy
320 CynaraPoliciesContainer cp;
321 cp.add(bucket, data[0][0], data[0][1], data[0][2], resultDelete, resultExtra);
322 cp.add(bucket, data[1][0], data[1][1], data[1][2], resultDelete, resultExtra);
323 admin.setPolicies(cp);
326 cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_DENIED);
327 cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED);
330 void checkAllDeny(const std::vector< std::vector<const char *> > &data,
333 CynaraTestClient cynara;
335 for (auto it = data.begin(); it != data.end(); ++it) {
336 RUNNER_ASSERT_MSG_BT(it->size() == 3, "Wrong test data size");
339 for (auto itClient = data.begin(); itClient != data.end(); ++itClient) {
340 for (auto itUser = data.begin(); itUser != data.end(); ++itUser) {
341 for (auto itPrivilege = data.begin(); itPrivilege != data.end(); ++itPrivilege) {
342 cynara.check(itClient->at(0), session, itUser->at(1), itPrivilege->at(2), CYNARA_API_ACCESS_DENIED);
348 void checkSingleWildcardData(const std::vector< std::vector<const char *> > &data)
350 RUNNER_ASSERT_MSG_BT(data.size() == 3, "Wrong test data size");
351 for (auto it = data.begin(); it != data.end(); ++it) {
352 RUNNER_ASSERT_MSG_BT(it->size() == 3, "Wrong test data size");
356 void checkSingleWildcardAllowRestDeny(const std::vector< std::vector<const char *> > &data,
359 CynaraTestClient cynara;
361 checkSingleWildcardData(data);
363 for (size_t c = 0; c < data.size(); ++c) {
364 for (size_t u = 0; u < data.size(); ++u) {
365 for (size_t p = 0; p < data.size(); ++p) {
366 if ((u == 0 && p == 0)
367 || (c == 1 && p == 1)
368 || (c == 2 && u == 2)) {
369 cynara.check(data[c][0], session, data[u][1], data[p][2], CYNARA_API_SUCCESS);
371 cynara.check(data[c][0], session, data[u][1], data[p][2], CYNARA_API_ACCESS_DENIED);
378 void setSingleWildcardPolicies(const char *bucket,
379 const std::vector< std::vector<const char *> > &data,
380 const int result, const char* resultExtra)
382 CynaraTestAdmin admin;
383 CynaraPoliciesContainer cp;
385 checkSingleWildcardData(data);
388 CYNARA_ADMIN_WILDCARD, data[0][1], data[0][2],
389 result, resultExtra);
391 data[1][0], CYNARA_ADMIN_WILDCARD, data[1][2],
392 result, resultExtra);
394 data[2][0], data[2][1], CYNARA_ADMIN_WILDCARD,
395 result, resultExtra);
397 admin.setPolicies(cp);
400 void tc09_admin_set_policies_wildcard_accesses_func()
402 const char *bucket = CYNARA_ADMIN_DEFAULT_BUCKET;
403 const char *session = "session09";
404 const char *resultExtra = nullptr;
406 const std::vector< std::vector<const char *> > data = {
407 { "client09_a", "user09_a", "privilege09_a" },
408 { "client09_b", "user09_b", "privilege09_b" },
409 { "client09_c", "user09_c", "privilege09_c" }
412 checkAllDeny(data, session);
414 setSingleWildcardPolicies(bucket, data, CYNARA_ADMIN_ALLOW, resultExtra);
416 checkSingleWildcardAllowRestDeny(data, session);
418 setSingleWildcardPolicies(bucket, data, CYNARA_ADMIN_DELETE, resultExtra);
420 checkAllDeny(data, session);
423 void tc10_admin_change_extra_bucket_func()
425 CynaraTestAdmin admin;
426 CynaraTestClient cynara;
428 const char *bucketDefault = CYNARA_ADMIN_DEFAULT_BUCKET;
429 const char *bucket = "bucket10";
430 const char *session = "session10";
431 const char *extra = nullptr;
432 const char *extraResult = nullptr;
435 const std::vector< std::vector<const char *> > data = {
436 { "client10_a", "user10_a", "privilege10_a" },
437 { "client10_b", "user10_b", "privilege10_b" }
440 cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_DENIED);
441 cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED);
443 admin.setBucket(bucket, CYNARA_ADMIN_ALLOW, extra);
445 cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_DENIED);
446 cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED);
449 CynaraPoliciesContainer cp;
450 cp.add(bucketDefault,
451 data[0][0], data[0][1], data[0][2],
452 CYNARA_ADMIN_BUCKET, bucket);
453 admin.setPolicies(cp);
456 cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_SUCCESS);
457 cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED);
459 admin.setBucket(bucket, CYNARA_ADMIN_DENY, extra);
461 cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_DENIED);
462 cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED);
464 admin.setBucket(bucket, CYNARA_ADMIN_ALLOW, extra);
466 cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_SUCCESS);
467 cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED);
470 CynaraPoliciesContainer cp;
471 cp.add(bucketDefault,
472 data[0][0], data[0][1], data[0][2],
473 CYNARA_ADMIN_DELETE, extraResult);
474 admin.setPolicies(cp);
477 cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_DENIED);
478 cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED);
480 admin.setBucket(bucket, CYNARA_ADMIN_DELETE, extra);
483 void tc11_admin_bucket_not_found_func()
485 CynaraTestAdmin admin;
486 CynaraTestClient cynara;
488 const char *bucketDefault = CYNARA_ADMIN_DEFAULT_BUCKET;
489 const char *bucket = "bucket11";
490 const char *client = "client11";
491 const char *session = "session11";
492 const char *user = "user11";
493 const char *privilege = "privilege11";
495 cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_DENIED);
498 CynaraPoliciesContainer cp;
499 cp.add(bucketDefault,
500 client, user, privilege,
501 CYNARA_ADMIN_BUCKET, bucket);
502 admin.setPolicies(cp, CYNARA_ADMIN_API_BUCKET_NOT_FOUND);
504 cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_DENIED);
507 void tc12_admin_delete_bucket_with_policies_pointing_to_it_func()
509 CynaraTestAdmin admin;
510 CynaraTestClient cynara;
512 const char *bucketDefault = CYNARA_ADMIN_DEFAULT_BUCKET;
513 const char *bucket = "bucket12";
514 const char *client = "client12";
515 const char *session = "session12";
516 const char *user = "user12";
517 const char *privilege = "privilege12";
518 const char *extra = nullptr;
520 admin.setBucket(bucket, CYNARA_ADMIN_ALLOW, extra);
523 CynaraPoliciesContainer cp;
524 cp.add(bucketDefault,
525 client, user, privilege,
526 CYNARA_ADMIN_BUCKET, bucket);
527 admin.setPolicies(cp);
529 cynara.check(client, session, user, privilege, CYNARA_API_SUCCESS);
531 admin.setBucket(bucket, CYNARA_ADMIN_DELETE, extra);
532 cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_DENIED);
534 admin.setBucket(bucket, CYNARA_ADMIN_ALLOW, extra);
535 cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_DENIED);
537 admin.setBucket(bucket, CYNARA_ADMIN_DELETE, extra);
538 cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_DENIED);
541 void tc13_admin_set_policies_to_extra_bucket_func()
543 CynaraTestAdmin admin;
544 CynaraTestClient cynara;
546 const char *bucketDefault = CYNARA_ADMIN_DEFAULT_BUCKET;
547 const char *bucket = "bucket13";
548 const char *client = "client13";
549 const char *session = "session13";
550 const char *user = "user13";
551 const char *privilege = "privilege13";
552 const char *extra = nullptr;
553 const char *extraResult = nullptr;
555 admin.setBucket(bucket, CYNARA_ADMIN_DENY, extra);
556 cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_DENIED);
559 CynaraPoliciesContainer cp;
560 cp.add(bucketDefault,
561 client, user, privilege,
562 CYNARA_ADMIN_BUCKET, bucket);
564 client, user, privilege,
565 CYNARA_ADMIN_ALLOW, extraResult);
566 admin.setPolicies(cp);
568 cynara.check(client, session, user, privilege, CYNARA_API_SUCCESS);
570 admin.setBucket(bucket, CYNARA_ADMIN_DELETE, extra);
571 cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_DENIED);
574 RUNNER_TEST_GROUP_INIT(cynara_tests)
576 RUN_CYNARA_TEST(tc01_cynara_initialize)
577 RUN_CYNARA_TEST(tc02_admin_initialize)
578 RUN_CYNARA_TEST(tc03_cynara_check_invalid_params)
579 RUN_CYNARA_TEST(tc04_admin_set_policies_invalid_params)
580 RUN_CYNARA_TEST(tc05_admin_set_bucket_invalid_params)
581 RUN_CYNARA_TEST(tc06_cynara_check_empty_admin1)
582 RUN_CYNARA_TEST(tc06_cynara_check_empty_admin2)
583 RUN_CYNARA_TEST(tc07_admin_set_bucket_admin_allow_deny)
584 RUN_CYNARA_TEST(tc08_admin_set_policies_allow_remove1)
585 RUN_CYNARA_TEST(tc08_admin_set_policies_allow_remove2)
586 RUN_CYNARA_TEST(tc08_admin_set_policies_allow_remove3)
587 RUN_CYNARA_TEST(tc09_admin_set_policies_wildcard_accesses)
588 RUN_CYNARA_TEST(tc10_admin_change_extra_bucket)
589 RUN_CYNARA_TEST(tc11_admin_bucket_not_found)
590 RUN_CYNARA_TEST(tc12_admin_delete_bucket_with_policies_pointing_to_it)
591 RUN_CYNARA_TEST(tc13_admin_set_policies_to_extra_bucket)