2 * Copyright (c) 2014 Samsung Electronics Co., Ltd
4 * Licensed under the Apache License, Version 2.0 (the License);
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an AS IS BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
18 * @file test_cases.cpp
19 * @author Aleksander Zdyb <a.zdyb@partner.samsung.com>
20 * @author Marcin Niesluchowski <m.niesluchow@samsung.com>
22 * @brief Tests for libcynara-client and libcynara-admin
25 #include <tests_common.h>
26 #include <cynara_test_client.h>
27 #include <cynara_test_admin.h>
28 #include <cynara_test_env.h>
33 void environmentWrap(const char *testName, const std::function<void(void)> &func)
35 CynaraTestEnv env(testName);
40 } catch (const DPL::Test::TestRunner::TestFailed &e) {
43 } catch (const DPL::Test::TestRunner::Ignored &e) {
46 } catch (const DPL::Exception &e) {
49 } catch (const std::exception &e) {
54 throw std::runtime_error("Unknown exception");
59 #define RUN_CYNARA_TEST(Proc) \
62 environmentWrap(#Proc, Proc##_func); \
65 void tc01_cynara_initialize_func()
70 void tc02_admin_initialize_func()
72 CynaraTestAdmin admin;
75 void tc03_cynara_check_invalid_params_func()
77 CynaraTestClient cynara;
79 const char *client = "client03";
80 const char *user = "user03";
81 const char *privilege = "privilege03";
82 const char *session = "session03";
84 cynara.check(nullptr, session, user, privilege, CYNARA_API_INVALID_PARAM);
85 cynara.check(client, nullptr, user, privilege, CYNARA_API_INVALID_PARAM);
86 cynara.check(client, session, nullptr, privilege, CYNARA_API_INVALID_PARAM);
87 cynara.check(client, session, user, nullptr, CYNARA_API_INVALID_PARAM);
90 void checkInvalidPolicy(CynaraTestAdmin &admin,
94 const char *privilege,
96 const char *resultExtra)
98 CynaraPoliciesContainer cp;
99 cp.add(bucket, client, user, privilege, result, resultExtra);
101 admin.setPolicies(cp, CYNARA_ADMIN_API_INVALID_PARAM);
104 void tc04_admin_set_policies_invalid_params_func()
106 CynaraTestAdmin admin;
108 const char *bucket = CYNARA_ADMIN_DEFAULT_BUCKET;
109 const char *client = "client04";
110 const char *user = "user04";
111 const char *privilege = "privilege04";
112 const int resultAllow = CYNARA_ADMIN_ALLOW;
113 const int resultBucket = CYNARA_ADMIN_BUCKET;
114 const char *resultExtra = nullptr;
116 checkInvalidPolicy(admin, nullptr, client, user, privilege, resultAllow, resultExtra);
117 checkInvalidPolicy(admin, bucket, nullptr, user, privilege, resultAllow, resultExtra);
118 checkInvalidPolicy(admin, bucket, client, nullptr, privilege, resultAllow, resultExtra);
119 checkInvalidPolicy(admin, bucket, client, user, nullptr, resultAllow, resultExtra);
120 checkInvalidPolicy(admin, bucket, client, user, privilege, INT_MAX, resultExtra);
121 checkInvalidPolicy(admin, bucket, client, user, privilege, resultBucket, nullptr );
124 void tc05_admin_set_bucket_invalid_params_func()
126 CynaraTestAdmin admin;
128 const char *bucket = CYNARA_ADMIN_DEFAULT_BUCKET;
129 const int operationAllow = CYNARA_ADMIN_ALLOW;
130 const int operationDelete = CYNARA_ADMIN_DELETE;
131 const char *extra = nullptr;
133 admin.setBucket(nullptr, operationAllow, extra, CYNARA_ADMIN_API_INVALID_PARAM);
134 admin.setBucket(bucket, INT_MAX, extra, CYNARA_ADMIN_API_INVALID_PARAM);
135 admin.setBucket(bucket, operationDelete, extra, CYNARA_ADMIN_API_OPERATION_NOT_ALLOWED);
138 void tc06_cynara_check_empty_admin1_func()
140 CynaraTestClient cynara;
142 const char *client = "client06_1";
143 const char *session = "session06_1";
144 const char *user = "user06_1";
145 const char *privilege = "privilege06_1";
147 cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_DENIED);
150 void tc06_cynara_check_empty_admin2_func()
152 CynaraTestClient cynara;
154 const char *client = CYNARA_ADMIN_WILDCARD;
155 const char *session = "session06_2";
156 const char *user = CYNARA_ADMIN_WILDCARD;
157 const char *privilege = CYNARA_ADMIN_WILDCARD;
159 cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_DENIED);
162 void tc07_admin_set_bucket_admin_allow_deny_func()
164 CynaraTestAdmin admin;
165 CynaraTestClient cynara;
167 const char *bucket = CYNARA_ADMIN_DEFAULT_BUCKET;
168 const char *client = "client07";
169 const char *session = "session07";
170 const char *user = "user07";
171 const char *privilege = "privilege07";
172 const char *extra = nullptr;
174 admin.setBucket(bucket, CYNARA_ADMIN_ALLOW, extra);
176 cynara.check(client, session, user, privilege, CYNARA_API_SUCCESS);
178 admin.setBucket(bucket, CYNARA_ADMIN_DENY, extra);
180 cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_DENIED);
183 void tc08_admin_set_policies_allow_remove1_func()
185 CynaraTestAdmin admin;
186 CynaraTestClient cynara;
188 const char *bucket = CYNARA_ADMIN_DEFAULT_BUCKET;
189 const char *session = "session08_1";
190 const int resultAllow = CYNARA_ADMIN_ALLOW;
191 const int resultDelete = CYNARA_ADMIN_DELETE;
192 const char *resultExtra = nullptr;
194 const std::vector< std::vector<const char *> > data = {
195 { "client08_1_a", "user08_1_a", "privilege08_1_a" },
196 { "client08_1_b", "user08_1_b", "privilege08_1_b" },
199 cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_DENIED);
200 cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED);
202 // allow first policy
204 CynaraPoliciesContainer cp;
205 cp.add(bucket, data[0][0], data[0][1], data[0][2], resultAllow, resultExtra);
206 admin.setPolicies(cp);
208 cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_SUCCESS);
209 cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED);
211 // allow second policy
213 CynaraPoliciesContainer cp;
214 cp.add(bucket, data[1][0], data[1][1], data[1][2], resultAllow, resultExtra);
215 admin.setPolicies(cp);
217 cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_SUCCESS);
218 cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_SUCCESS);
220 // delete first policy
222 CynaraPoliciesContainer cp;
223 cp.add(bucket, data[0][0], data[0][1], data[0][2], resultDelete, resultExtra);
224 admin.setPolicies(cp);
226 cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_DENIED);
227 cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_SUCCESS);
229 // delete second policy
231 CynaraPoliciesContainer cp;
232 cp.add(bucket, data[1][0], data[1][1], data[1][2], resultDelete, resultExtra);
233 admin.setPolicies(cp);
235 cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_DENIED);
236 cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED);
239 void tc08_admin_set_policies_allow_remove2_func()
241 CynaraTestAdmin admin;
242 CynaraTestClient cynara;
244 const char *bucket = CYNARA_ADMIN_DEFAULT_BUCKET;
245 const char *session = "session08_2";
246 const int resultAllow = CYNARA_ADMIN_ALLOW;
247 const int resultDelete = CYNARA_ADMIN_DELETE;
248 const char *resultExtra = nullptr;
250 const std::vector< std::vector<const char *> > data = {
251 { "client08_2_a", "user08_2_a", "privilege08_2_a" },
252 { "client08_2_b", "user08_2_b", "privilege08_2_b" },
255 cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_DENIED);
256 cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED);
258 // allow first policy
260 CynaraPoliciesContainer cp;
261 cp.add(bucket, data[0][0], data[0][1], data[0][2], resultAllow, resultExtra);
262 admin.setPolicies(cp);
264 cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_SUCCESS);
265 cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED);
267 // delete first, allow second policy
269 CynaraPoliciesContainer cp;
270 cp.add(bucket, data[0][0], data[0][1], data[0][2], resultDelete, resultExtra);
271 cp.add(bucket, data[1][0], data[1][1], data[1][2], resultAllow, resultExtra);
272 admin.setPolicies(cp);
274 cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_DENIED);
275 cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_SUCCESS);
277 // delete second policy
279 CynaraPoliciesContainer cp;
280 cp.add(bucket, data[1][0], data[1][1], data[1][2], resultDelete, resultExtra);
281 admin.setPolicies(cp);
284 cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_DENIED);
285 cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED);
288 void tc08_admin_set_policies_allow_remove3_func()
290 CynaraTestAdmin admin;
291 CynaraTestClient cynara;
293 const char *bucket = CYNARA_ADMIN_DEFAULT_BUCKET;
294 const char *session = "session08_3";
295 const int resultAllow = CYNARA_ADMIN_ALLOW;
296 const int resultDelete = CYNARA_ADMIN_DELETE;
297 const char *resultExtra = nullptr;
299 const std::vector< std::vector<const char *> > data = {
300 { "client08_3_a", "user08_3_a", "privilege08_3_a" },
301 { "client08_3_b", "user08_3_b", "privilege08_3_b" },
304 cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_DENIED);
305 cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED);
307 // allow first and second policy
309 CynaraPoliciesContainer cp;
310 cp.add(bucket, data[0][0], data[0][1], data[0][2], resultAllow, resultExtra);
311 cp.add(bucket, data[1][0], data[1][1], data[1][2], resultAllow, resultExtra);
312 admin.setPolicies(cp);
314 cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_SUCCESS);
315 cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_SUCCESS);
317 // delete first and second policy
319 CynaraPoliciesContainer cp;
320 cp.add(bucket, data[0][0], data[0][1], data[0][2], resultDelete, resultExtra);
321 cp.add(bucket, data[1][0], data[1][1], data[1][2], resultDelete, resultExtra);
322 admin.setPolicies(cp);
325 cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_DENIED);
326 cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED);
329 void checkAllDeny(const std::vector< std::vector<const char *> > &data,
332 CynaraTestClient cynara;
334 for (auto it = data.begin(); it != data.end(); ++it) {
335 RUNNER_ASSERT_MSG_BT(it->size() == 3, "Wrong test data size");
338 for (auto itClient = data.begin(); itClient != data.end(); ++itClient) {
339 for (auto itUser = data.begin(); itUser != data.end(); ++itUser) {
340 for (auto itPrivilege = data.begin(); itPrivilege != data.end(); ++itPrivilege) {
341 cynara.check(itClient->at(0), session, itUser->at(1), itPrivilege->at(2), CYNARA_API_ACCESS_DENIED);
347 void checkSingleWildcardData(const std::vector< std::vector<const char *> > &data)
349 RUNNER_ASSERT_MSG_BT(data.size() == 3, "Wrong test data size");
350 for (auto it = data.begin(); it != data.end(); ++it) {
351 RUNNER_ASSERT_MSG_BT(it->size() == 3, "Wrong test data size");
355 void checkSingleWildcardAllowRestDeny(const std::vector< std::vector<const char *> > &data,
358 CynaraTestClient cynara;
360 checkSingleWildcardData(data);
362 for (size_t c = 0; c < data.size(); ++c) {
363 for (size_t u = 0; u < data.size(); ++u) {
364 for (size_t p = 0; p < data.size(); ++p) {
365 if ((u == 0 && p == 0)
366 || (c == 1 && p == 1)
367 || (c == 2 && u == 2)) {
368 cynara.check(data[c][0], session, data[u][1], data[p][2], CYNARA_API_SUCCESS);
370 cynara.check(data[c][0], session, data[u][1], data[p][2], CYNARA_API_ACCESS_DENIED);
377 void setSingleWildcardPolicies(const char *bucket,
378 const std::vector< std::vector<const char *> > &data,
379 const int result, const char* resultExtra)
381 CynaraTestAdmin admin;
382 CynaraPoliciesContainer cp;
384 checkSingleWildcardData(data);
387 CYNARA_ADMIN_WILDCARD, data[0][1], data[0][2],
388 result, resultExtra);
390 data[1][0], CYNARA_ADMIN_WILDCARD, data[1][2],
391 result, resultExtra);
393 data[2][0], data[2][1], CYNARA_ADMIN_WILDCARD,
394 result, resultExtra);
396 admin.setPolicies(cp);
399 void tc09_admin_set_policies_wildcard_accesses_func()
401 const char *bucket = CYNARA_ADMIN_DEFAULT_BUCKET;
402 const char *session = "session09";
403 const char *resultExtra = nullptr;
405 const std::vector< std::vector<const char *> > data = {
406 { "client09_a", "user09_a", "privilege09_a" },
407 { "client09_b", "user09_b", "privilege09_b" },
408 { "client09_c", "user09_c", "privilege09_c" }
411 checkAllDeny(data, session);
413 setSingleWildcardPolicies(bucket, data, CYNARA_ADMIN_ALLOW, resultExtra);
415 checkSingleWildcardAllowRestDeny(data, session);
417 setSingleWildcardPolicies(bucket, data, CYNARA_ADMIN_DELETE, resultExtra);
419 checkAllDeny(data, session);
422 void tc10_admin_change_extra_bucket_func()
424 CynaraTestAdmin admin;
425 CynaraTestClient cynara;
427 const char *bucketDefault = CYNARA_ADMIN_DEFAULT_BUCKET;
428 const char *bucket = "bucket10";
429 const char *session = "session10";
430 const char *extra = nullptr;
431 const char *extraResult = nullptr;
434 const std::vector< std::vector<const char *> > data = {
435 { "client10_a", "user10_a", "privilege10_a" },
436 { "client10_b", "user10_b", "privilege10_b" }
439 cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_DENIED);
440 cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED);
442 admin.setBucket(bucket, CYNARA_ADMIN_ALLOW, extra);
444 cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_DENIED);
445 cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED);
448 CynaraPoliciesContainer cp;
449 cp.add(bucketDefault,
450 data[0][0], data[0][1], data[0][2],
451 CYNARA_ADMIN_BUCKET, bucket);
452 admin.setPolicies(cp);
455 cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_SUCCESS);
456 cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED);
458 admin.setBucket(bucket, CYNARA_ADMIN_DENY, extra);
460 cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_DENIED);
461 cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED);
463 admin.setBucket(bucket, CYNARA_ADMIN_ALLOW, extra);
465 cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_SUCCESS);
466 cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED);
469 CynaraPoliciesContainer cp;
470 cp.add(bucketDefault,
471 data[0][0], data[0][1], data[0][2],
472 CYNARA_ADMIN_DELETE, extraResult);
473 admin.setPolicies(cp);
476 cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_DENIED);
477 cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED);
479 admin.setBucket(bucket, CYNARA_ADMIN_DELETE, extra);
482 void tc11_admin_bucket_not_found_func()
484 CynaraTestAdmin admin;
485 CynaraTestClient cynara;
487 const char *bucketDefault = CYNARA_ADMIN_DEFAULT_BUCKET;
488 const char *bucket = "bucket11";
489 const char *client = "client11";
490 const char *session = "session11";
491 const char *user = "user11";
492 const char *privilege = "privilege11";
494 cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_DENIED);
497 CynaraPoliciesContainer cp;
498 cp.add(bucketDefault,
499 client, user, privilege,
500 CYNARA_ADMIN_BUCKET, bucket);
501 admin.setPolicies(cp, CYNARA_ADMIN_API_BUCKET_NOT_FOUND);
503 cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_DENIED);
506 void tc12_admin_delete_bucket_with_policies_pointing_to_it_func()
508 CynaraTestAdmin admin;
509 CynaraTestClient cynara;
511 const char *bucketDefault = CYNARA_ADMIN_DEFAULT_BUCKET;
512 const char *bucket = "bucket12";
513 const char *client = "client12";
514 const char *session = "session12";
515 const char *user = "user12";
516 const char *privilege = "privilege12";
517 const char *extra = nullptr;
519 admin.setBucket(bucket, CYNARA_ADMIN_ALLOW, extra);
522 CynaraPoliciesContainer cp;
523 cp.add(bucketDefault,
524 client, user, privilege,
525 CYNARA_ADMIN_BUCKET, bucket);
526 admin.setPolicies(cp);
528 cynara.check(client, session, user, privilege, CYNARA_API_SUCCESS);
530 admin.setBucket(bucket, CYNARA_ADMIN_DELETE, extra);
531 cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_DENIED);
533 admin.setBucket(bucket, CYNARA_ADMIN_ALLOW, extra);
534 cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_DENIED);
536 admin.setBucket(bucket, CYNARA_ADMIN_DELETE, extra);
537 cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_DENIED);
540 void tc13_admin_set_policies_to_extra_bucket_func()
542 CynaraTestAdmin admin;
543 CynaraTestClient cynara;
545 const char *bucketDefault = CYNARA_ADMIN_DEFAULT_BUCKET;
546 const char *bucket = "bucket13";
547 const char *client = "client13";
548 const char *session = "session13";
549 const char *user = "user13";
550 const char *privilege = "privilege13";
551 const char *extra = nullptr;
552 const char *extraResult = nullptr;
554 admin.setBucket(bucket, CYNARA_ADMIN_DENY, extra);
555 cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_DENIED);
558 CynaraPoliciesContainer cp;
559 cp.add(bucketDefault,
560 client, user, privilege,
561 CYNARA_ADMIN_BUCKET, bucket);
563 client, user, privilege,
564 CYNARA_ADMIN_ALLOW, extraResult);
565 admin.setPolicies(cp);
567 cynara.check(client, session, user, privilege, CYNARA_API_SUCCESS);
569 admin.setBucket(bucket, CYNARA_ADMIN_DELETE, extra);
570 cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_DENIED);
573 RUNNER_TEST_GROUP_INIT(cynara_tests)
575 RUN_CYNARA_TEST(tc01_cynara_initialize)
576 RUN_CYNARA_TEST(tc02_admin_initialize)
577 RUN_CYNARA_TEST(tc03_cynara_check_invalid_params)
578 RUN_CYNARA_TEST(tc04_admin_set_policies_invalid_params)
579 RUN_CYNARA_TEST(tc05_admin_set_bucket_invalid_params)
580 RUN_CYNARA_TEST(tc06_cynara_check_empty_admin1)
581 RUN_CYNARA_TEST(tc06_cynara_check_empty_admin2)
582 RUN_CYNARA_TEST(tc07_admin_set_bucket_admin_allow_deny)
583 RUN_CYNARA_TEST(tc08_admin_set_policies_allow_remove1)
584 RUN_CYNARA_TEST(tc08_admin_set_policies_allow_remove2)
585 RUN_CYNARA_TEST(tc08_admin_set_policies_allow_remove3)
586 RUN_CYNARA_TEST(tc09_admin_set_policies_wildcard_accesses)
587 RUN_CYNARA_TEST(tc10_admin_change_extra_bucket)
588 RUN_CYNARA_TEST(tc11_admin_bucket_not_found)
589 RUN_CYNARA_TEST(tc12_admin_delete_bucket_with_policies_pointing_to_it)
590 RUN_CYNARA_TEST(tc13_admin_set_policies_to_extra_bucket)