Add licence and copyright header to cynara test files
[platform/core/test/security-tests.git] / tests / cynara-tests / test_cases.cpp
1 /*
2  * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved
3  *
4  *    Licensed under the Apache License, Version 2.0 (the "License");
5  *    you may not use this file except in compliance with the License.
6  *    You may obtain a copy of the License at
7  *
8  *        http://www.apache.org/licenses/LICENSE-2.0
9  *
10  *    Unless required by applicable law or agreed to in writing, software
11  *    distributed under the License is distributed on an "AS IS" BASIS,
12  *    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  *    See the License for the specific language governing permissions and
14  *    limitations under the License.
15  */
16
17 /*
18  * @file        test_cases.cpp
19  * @author      Aleksander Zdyb <a.zdyb@partner.samsung.com>
20  * @author      Marcin Niesluchowski <m.niesluchow@samsung.com>
21  * @version     1.1
22  * @brief       Tests for libcynara-client and libcynara-admin
23  */
24
25 #include <dpl/exception.h>
26 #include <tests_common.h>
27 #include <cynara_test_client.h>
28 #include <cynara_test_admin.h>
29 #include <cynara_test_env.h>
30
31 #include <functional>
32 #include <climits>
33
34 void environmentWrap(const char *testName, const std::function<void(void)> &func)
35 {
36     CynaraTestEnv env(testName);
37     env.save();
38
39     try {
40         func();
41     } catch (const DPL::Test::TestRunner::TestFailed &e) {
42         env.restore();
43         throw e;
44     } catch (const DPL::Test::TestRunner::Ignored &e) {
45         env.restore();
46         throw e;
47     } catch (const DPL::Exception &e) {
48         env.restore();
49         throw e;
50     } catch (const std::exception &e) {
51         env.restore();
52         throw e;
53     } catch (...) {
54         env.restore();
55         throw std::runtime_error("Unknown exception");
56     }
57     env.restore();
58 }
59
60 #define RUN_CYNARA_TEST(Proc)                \
61     RUNNER_TEST(Proc)                        \
62     {                                        \
63         environmentWrap(#Proc, Proc##_func); \
64     }
65
66 void tc01_cynara_initialize_func()
67 {
68     CynaraTestClient();
69 }
70
71 void tc02_admin_initialize_func()
72 {
73     CynaraTestAdmin admin;
74 }
75
76 void tc03_cynara_check_invalid_params_func()
77 {
78     CynaraTestClient cynara;
79
80     const char *client = "client03";
81     const char *user = "user03";
82     const char *privilege = "privilege03";
83     const char *session = "session03";
84
85     cynara.check(nullptr, session, user,    privilege, CYNARA_API_INVALID_PARAM);
86     cynara.check(client,  nullptr, user,    privilege, CYNARA_API_INVALID_PARAM);
87     cynara.check(client,  session, nullptr, privilege, CYNARA_API_INVALID_PARAM);
88     cynara.check(client,  session, user,    nullptr,   CYNARA_API_INVALID_PARAM);
89 }
90
91 void checkInvalidPolicy(CynaraTestAdmin &admin,
92                         const char *bucket,
93                         const char *client,
94                         const char *user,
95                         const char *privilege,
96                         const int result,
97                         const char *resultExtra)
98 {
99     CynaraPoliciesContainer cp;
100     cp.add(bucket, client, user, privilege, result, resultExtra);
101
102     admin.setPolicies(cp, CYNARA_API_INVALID_PARAM);
103 }
104
105 void tc04_admin_set_policies_invalid_params_func()
106 {
107     CynaraTestAdmin admin;
108
109     const char *bucket = CYNARA_ADMIN_DEFAULT_BUCKET;
110     const char *client = "client04";
111     const char *user = "user04";
112     const char *privilege = "privilege04";
113     const int resultAllow = CYNARA_ADMIN_ALLOW;
114     const int resultBucket = CYNARA_ADMIN_BUCKET;
115     const int resultNone = CYNARA_ADMIN_NONE;
116     const char *resultExtra = nullptr;
117
118     checkInvalidPolicy(admin, nullptr, client,  user,    privilege, resultAllow,  resultExtra);
119     checkInvalidPolicy(admin, bucket,  nullptr, user,    privilege, resultAllow,  resultExtra);
120     checkInvalidPolicy(admin, bucket,  client,  nullptr, privilege, resultAllow,  resultExtra);
121     checkInvalidPolicy(admin, bucket,  client,  user,    nullptr,   resultAllow,  resultExtra);
122     checkInvalidPolicy(admin, bucket,  client,  user,    privilege, INT_MAX,      resultExtra);
123     checkInvalidPolicy(admin, bucket,  client,  user,    privilege, resultBucket, nullptr    );
124     checkInvalidPolicy(admin, bucket,  client,  user,    privilege, resultNone,   resultExtra);
125 }
126
127 void tc05_admin_set_bucket_invalid_params_func()
128 {
129     CynaraTestAdmin admin;
130
131     const char *bucket = CYNARA_ADMIN_DEFAULT_BUCKET;
132     const int operationAllow = CYNARA_ADMIN_ALLOW;
133     const int operationDelete = CYNARA_ADMIN_DELETE;
134     const int operationNone = CYNARA_ADMIN_NONE;
135     const char *extra = nullptr;
136
137     admin.setBucket(nullptr, operationAllow,   extra, CYNARA_API_INVALID_PARAM);
138     admin.setBucket(bucket,  INT_MAX,          extra, CYNARA_API_INVALID_PARAM);
139     admin.setBucket(bucket,  operationDelete,  extra, CYNARA_API_OPERATION_NOT_ALLOWED);
140     admin.setBucket(bucket,  operationNone,    extra, CYNARA_API_OPERATION_NOT_ALLOWED);
141 }
142
143 void tc06_cynara_check_empty_admin1_func()
144 {
145     CynaraTestClient cynara;
146
147     const char *client = "client06_1";
148     const char *session = "session06_1";
149     const char *user = "user06_1";
150     const char *privilege = "privilege06_1";
151
152     cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_DENIED);
153 }
154
155 void tc06_cynara_check_empty_admin2_func()
156 {
157     CynaraTestClient cynara;
158
159     const char *client = CYNARA_ADMIN_WILDCARD;
160     const char *session = "session06_2";
161     const char *user = CYNARA_ADMIN_WILDCARD;
162     const char *privilege = CYNARA_ADMIN_WILDCARD;
163
164     cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_DENIED);
165 }
166
167 void tc07_admin_set_bucket_admin_allow_deny_func()
168 {
169     CynaraTestAdmin admin;
170     CynaraTestClient cynara;
171
172     const char *bucket = CYNARA_ADMIN_DEFAULT_BUCKET;
173     const char *client = "client07";
174     const char *session = "session07";
175     const char *user = "user07";
176     const char *privilege = "privilege07";
177     const char *extra = nullptr;
178
179     admin.setBucket(bucket, CYNARA_ADMIN_ALLOW, extra);
180
181     cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_ALLOWED);
182
183     admin.setBucket(bucket, CYNARA_ADMIN_DENY, extra);
184
185     cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_DENIED);
186 }
187
188 void tc08_admin_set_policies_allow_remove1_func()
189 {
190     CynaraTestAdmin admin;
191     CynaraTestClient cynara;
192
193     const char *bucket = CYNARA_ADMIN_DEFAULT_BUCKET;
194     const char *session = "session08_1";
195     const int resultAllow = CYNARA_ADMIN_ALLOW;
196     const int resultDelete = CYNARA_ADMIN_DELETE;
197     const char *resultExtra = nullptr;
198
199     const std::vector< std::vector<const char *> > data = {
200         { "client08_1_a", "user08_1_a", "privilege08_1_a" },
201         { "client08_1_b", "user08_1_b", "privilege08_1_b" },
202     };
203
204     cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_DENIED);
205     cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED);
206
207     // allow first policy
208     {
209         CynaraPoliciesContainer cp;
210         cp.add(bucket, data[0][0], data[0][1], data[0][2], resultAllow, resultExtra);
211         admin.setPolicies(cp);
212     }
213     cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_ALLOWED);
214     cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED);
215
216     // allow second policy
217     {
218         CynaraPoliciesContainer cp;
219         cp.add(bucket, data[1][0], data[1][1], data[1][2], resultAllow, resultExtra);
220         admin.setPolicies(cp);
221     }
222     cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_ALLOWED);
223     cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_ALLOWED);
224
225     // delete first policy
226     {
227         CynaraPoliciesContainer cp;
228         cp.add(bucket, data[0][0], data[0][1], data[0][2], resultDelete, resultExtra);
229         admin.setPolicies(cp);
230     }
231     cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_DENIED);
232     cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_ALLOWED);
233
234     // delete second policy
235     {
236         CynaraPoliciesContainer cp;
237         cp.add(bucket, data[1][0], data[1][1], data[1][2], resultDelete, resultExtra);
238         admin.setPolicies(cp);
239     }
240     cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_DENIED);
241     cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED);
242 }
243
244 void tc08_admin_set_policies_allow_remove2_func()
245 {
246     CynaraTestAdmin admin;
247     CynaraTestClient cynara;
248
249     const char *bucket = CYNARA_ADMIN_DEFAULT_BUCKET;
250     const char *session = "session08_2";
251     const int resultAllow = CYNARA_ADMIN_ALLOW;
252     const int resultDelete = CYNARA_ADMIN_DELETE;
253     const char *resultExtra = nullptr;
254
255     const std::vector< std::vector<const char *> > data = {
256         { "client08_2_a", "user08_2_a", "privilege08_2_a" },
257         { "client08_2_b", "user08_2_b", "privilege08_2_b" },
258     };
259
260     cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_DENIED);
261     cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED);
262
263     // allow first policy
264     {
265         CynaraPoliciesContainer cp;
266         cp.add(bucket, data[0][0], data[0][1], data[0][2], resultAllow, resultExtra);
267         admin.setPolicies(cp);
268     }
269     cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_ALLOWED);
270     cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED);
271
272     // delete first, allow second policy
273     {
274         CynaraPoliciesContainer cp;
275         cp.add(bucket, data[0][0], data[0][1], data[0][2], resultDelete, resultExtra);
276         cp.add(bucket, data[1][0], data[1][1], data[1][2], resultAllow, resultExtra);
277         admin.setPolicies(cp);
278     }
279     cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_DENIED);
280     cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_ALLOWED);
281
282     // delete second policy
283     {
284         CynaraPoliciesContainer cp;
285         cp.add(bucket, data[1][0], data[1][1], data[1][2], resultDelete, resultExtra);
286         admin.setPolicies(cp);
287     }
288
289     cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_DENIED);
290     cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED);
291 }
292
293 void tc08_admin_set_policies_allow_remove3_func()
294 {
295     CynaraTestAdmin admin;
296     CynaraTestClient cynara;
297
298     const char *bucket = CYNARA_ADMIN_DEFAULT_BUCKET;
299     const char *session = "session08_3";
300     const int resultAllow = CYNARA_ADMIN_ALLOW;
301     const int resultDelete = CYNARA_ADMIN_DELETE;
302     const char *resultExtra = nullptr;
303
304     const std::vector< std::vector<const char *> > data = {
305         { "client08_3_a", "user08_3_a", "privilege08_3_a" },
306         { "client08_3_b", "user08_3_b", "privilege08_3_b" },
307     };
308
309     cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_DENIED);
310     cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED);
311
312     // allow first and second policy
313     {
314         CynaraPoliciesContainer cp;
315         cp.add(bucket, data[0][0], data[0][1], data[0][2], resultAllow, resultExtra);
316         cp.add(bucket, data[1][0], data[1][1], data[1][2], resultAllow, resultExtra);
317         admin.setPolicies(cp);
318     }
319     cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_ALLOWED);
320     cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_ALLOWED);
321
322     // delete first and second policy
323     {
324         CynaraPoliciesContainer cp;
325         cp.add(bucket, data[0][0], data[0][1], data[0][2], resultDelete, resultExtra);
326         cp.add(bucket, data[1][0], data[1][1], data[1][2], resultDelete, resultExtra);
327         admin.setPolicies(cp);
328     }
329
330     cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_DENIED);
331     cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED);
332 }
333
334 void checkAllDeny(const std::vector< std::vector<const char *> > &data,
335                   const char *session)
336 {
337     CynaraTestClient cynara;
338
339     for (auto it = data.begin(); it != data.end(); ++it) {
340         RUNNER_ASSERT_MSG(it->size() == 3, "Wrong test data size");
341     }
342
343     for (auto itClient = data.begin(); itClient != data.end(); ++itClient) {
344         for (auto itUser = data.begin(); itUser != data.end(); ++itUser) {
345             for (auto itPrivilege = data.begin(); itPrivilege != data.end(); ++itPrivilege) {
346                 cynara.check(itClient->at(0), session, itUser->at(1), itPrivilege->at(2), CYNARA_API_ACCESS_DENIED);
347             }
348         }
349     }
350 }
351
352 void checkSingleWildcardData(const std::vector< std::vector<const char *> > &data)
353 {
354     RUNNER_ASSERT_MSG(data.size() == 3, "Wrong test data size");
355     for (auto it = data.begin(); it != data.end(); ++it) {
356         RUNNER_ASSERT_MSG(it->size() == 3, "Wrong test data size");
357     }
358 }
359
360 void checkSingleWildcardAllowRestDeny(const std::vector< std::vector<const char *> > &data,
361                                       const char *session)
362 {
363     CynaraTestClient cynara;
364
365     checkSingleWildcardData(data);
366
367     for (size_t c = 0; c < data.size(); ++c) {
368         for (size_t u = 0; u < data.size(); ++u) {
369             for (size_t p = 0; p < data.size(); ++p) {
370                 if ((u == 0 && p == 0)
371                  || (c == 1 && p == 1)
372                  || (c == 2 && u == 2)) {
373                     cynara.check(data[c][0], session, data[u][1], data[p][2], CYNARA_API_ACCESS_ALLOWED);
374                 } else {
375                     cynara.check(data[c][0], session, data[u][1], data[p][2], CYNARA_API_ACCESS_DENIED);
376                 }
377             }
378         }
379     }
380 }
381
382 void setSingleWildcardPolicies(const char *bucket,
383                                const std::vector< std::vector<const char *> > &data,
384                                const int result, const char* resultExtra)
385 {
386     CynaraTestAdmin admin;
387     CynaraPoliciesContainer cp;
388
389     checkSingleWildcardData(data);
390
391     cp.add(bucket,
392            CYNARA_ADMIN_WILDCARD, data[0][1], data[0][2],
393            result, resultExtra);
394     cp.add(bucket,
395            data[1][0], CYNARA_ADMIN_WILDCARD, data[1][2],
396            result, resultExtra);
397     cp.add(bucket,
398            data[2][0], data[2][1], CYNARA_ADMIN_WILDCARD,
399            result, resultExtra);
400
401     admin.setPolicies(cp);
402 }
403
404 void tc09_admin_set_policies_wildcard_accesses_func()
405 {
406     const char *bucket = CYNARA_ADMIN_DEFAULT_BUCKET;
407     const char *session = "session09";
408     const char *resultExtra = nullptr;
409
410     const std::vector< std::vector<const char *> > data = {
411         { "client09_a", "user09_a", "privilege09_a" },
412         { "client09_b", "user09_b", "privilege09_b" },
413         { "client09_c", "user09_c", "privilege09_c" }
414     };
415
416     checkAllDeny(data, session);
417
418     setSingleWildcardPolicies(bucket, data, CYNARA_ADMIN_ALLOW, resultExtra);
419
420     checkSingleWildcardAllowRestDeny(data, session);
421
422     setSingleWildcardPolicies(bucket, data, CYNARA_ADMIN_DELETE, resultExtra);
423
424     checkAllDeny(data, session);
425 }
426
427 void tc10_admin_change_extra_bucket_func()
428 {
429     CynaraTestAdmin admin;
430     CynaraTestClient cynara;
431
432     const char *bucketDefault = CYNARA_ADMIN_DEFAULT_BUCKET;
433     const char *bucket = "bucket10";
434     const char *session = "session10";
435     const char *extra = nullptr;
436     const char *extraResult = nullptr;
437
438
439     const std::vector< std::vector<const char *> > data = {
440         { "client10_a", "user10_a", "privilege10_a" },
441         { "client10_b", "user10_b", "privilege10_b" }
442     };
443
444     cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_DENIED);
445     cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED);
446
447     admin.setBucket(bucket, CYNARA_ADMIN_ALLOW, extra);
448
449     cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_DENIED);
450     cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED);
451
452     {
453         CynaraPoliciesContainer cp;
454         cp.add(bucketDefault,
455                data[0][0], data[0][1], data[0][2],
456                CYNARA_ADMIN_BUCKET, bucket);
457         admin.setPolicies(cp);
458     }
459
460     cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_ALLOWED);
461     cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED);
462
463     admin.setBucket(bucket, CYNARA_ADMIN_DENY, extra);
464
465     cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_DENIED);
466     cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED);
467
468     admin.setBucket(bucket, CYNARA_ADMIN_ALLOW, extra);
469
470     cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_ALLOWED);
471     cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED);
472
473     {
474         CynaraPoliciesContainer cp;
475         cp.add(bucketDefault,
476                data[0][0], data[0][1], data[0][2],
477                CYNARA_ADMIN_DELETE, extraResult);
478         admin.setPolicies(cp);
479     }
480
481     cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_DENIED);
482     cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED);
483
484     admin.setBucket(bucket, CYNARA_ADMIN_DELETE, extra);
485 }
486
487 void tc11_admin_bucket_not_found_func()
488 {
489     CynaraTestAdmin admin;
490     CynaraTestClient cynara;
491
492     const char *bucketDefault = CYNARA_ADMIN_DEFAULT_BUCKET;
493     const char *bucket = "bucket11";
494     const char *client = "client11";
495     const char *session = "session11";
496     const char *user = "user11";
497     const char *privilege = "privilege11";
498
499     cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_DENIED);
500
501     {
502         CynaraPoliciesContainer cp;
503         cp.add(bucketDefault,
504                client, user, privilege,
505                CYNARA_ADMIN_BUCKET, bucket);
506         admin.setPolicies(cp, CYNARA_API_BUCKET_NOT_FOUND);
507     }
508     cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_DENIED);
509 }
510
511 void tc12_admin_delete_bucket_with_policies_pointing_to_it_func()
512 {
513     CynaraTestAdmin admin;
514     CynaraTestClient cynara;
515
516     const char *bucketDefault = CYNARA_ADMIN_DEFAULT_BUCKET;
517     const char *bucket = "bucket12";
518     const char *client = "client12";
519     const char *session = "session12";
520     const char *user = "user12";
521     const char *privilege = "privilege12";
522     const char *extra = nullptr;
523
524     admin.setBucket(bucket, CYNARA_ADMIN_ALLOW, extra);
525
526     {
527         CynaraPoliciesContainer cp;
528         cp.add(bucketDefault,
529                client, user, privilege,
530                CYNARA_ADMIN_BUCKET, bucket);
531         admin.setPolicies(cp);
532     }
533     cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_ALLOWED);
534
535     admin.setBucket(bucket, CYNARA_ADMIN_DELETE, extra);
536     cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_DENIED);
537
538     admin.setBucket(bucket, CYNARA_ADMIN_ALLOW, extra);
539     cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_DENIED);
540
541     admin.setBucket(bucket, CYNARA_ADMIN_DELETE, extra);
542     cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_DENIED);
543 }
544
545 void tc13_admin_set_policies_to_extra_bucket_func()
546 {
547     CynaraTestAdmin admin;
548     CynaraTestClient cynara;
549
550     const char *bucketDefault = CYNARA_ADMIN_DEFAULT_BUCKET;
551     const char *bucket = "bucket13";
552     const char *client = "client13";
553     const char *session = "session13";
554     const char *user = "user13";
555     const char *privilege = "privilege13";
556     const char *extra = nullptr;
557     const char *extraResult = nullptr;
558
559     admin.setBucket(bucket, CYNARA_ADMIN_DENY, extra);
560     cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_DENIED);
561
562     {
563         CynaraPoliciesContainer cp;
564         cp.add(bucketDefault,
565                client, user, privilege,
566                CYNARA_ADMIN_BUCKET, bucket);
567         cp.add(bucket,
568                client, user, privilege,
569                CYNARA_ADMIN_ALLOW, extraResult);
570         admin.setPolicies(cp);
571     }
572     cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_ALLOWED);
573
574     admin.setBucket(bucket, CYNARA_ADMIN_DELETE, extra);
575     cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_DENIED);
576 }
577
578 void tc14_admin_set_policies_integrity_func()
579 {
580     const char *bucketDefault = CYNARA_ADMIN_DEFAULT_BUCKET;
581     const char *bucket = "bucket14";
582     const char *client = "client14";
583     const char *session = "session14";
584     const char *user = "user14";
585     const char *privilege = "privilege14";
586     const char *extraResult = nullptr;
587
588     {
589         CynaraTestClient cynara;
590         cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_DENIED);
591     }
592
593     {
594         CynaraTestAdmin admin;
595         CynaraPoliciesContainer cp;
596         cp.add(bucketDefault,
597                client, user, privilege,
598                CYNARA_ADMIN_ALLOW, extraResult);
599         cp.add(bucket,
600                client, user, privilege,
601                CYNARA_ADMIN_ALLOW, extraResult);
602         admin.setPolicies(cp, CYNARA_API_BUCKET_NOT_FOUND);
603     }
604
605     {
606         CynaraTestClient cynara;
607         cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_DENIED);
608     }
609 }
610
611 void tc15_admin_set_bucket_admin_none1_func()
612 {
613     CynaraTestAdmin admin;
614     CynaraTestClient cynara;
615
616     const char *bucketDefault = CYNARA_ADMIN_DEFAULT_BUCKET;
617     const char *bucket = "bucket15_1";
618     const char *client = "client15_1";
619     const char *session = "session15_1";
620     const char *user = "user15_1";
621     const char *privilege = "privilege15_1";
622     const char *extra = nullptr;
623     const char *extraResult = nullptr;
624
625     admin.setBucket(bucket, CYNARA_ADMIN_NONE, extra);
626
627     {
628         CynaraPoliciesContainer cp;
629         cp.add(bucketDefault,
630                client, user, privilege,
631                CYNARA_ADMIN_BUCKET, bucket);
632         cp.add(bucket,
633                client, user, privilege,
634                CYNARA_ADMIN_ALLOW, extraResult);
635         admin.setPolicies(cp);
636     }
637     cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_ALLOWED);
638 }
639
640 void tc15_admin_set_bucket_admin_none2_func()
641 {
642     CynaraTestAdmin admin;
643     CynaraTestClient cynara;
644
645     const char *bucketDefault = CYNARA_ADMIN_DEFAULT_BUCKET;
646     const char *bucket = "bucket15_2";
647     const char *client = "client15_2";
648     const char *session = "session15_2";
649     const char *user = "user15_2";
650     const char *privilege = "privilege15_2";
651     const char *extra = nullptr;
652
653     admin.setBucket(bucket, CYNARA_ADMIN_NONE, extra);
654
655     {
656         CynaraPoliciesContainer cp;
657         cp.add(bucketDefault,
658                client, user, privilege,
659                CYNARA_ADMIN_BUCKET, bucket);
660         admin.setPolicies(cp);
661     }
662     cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_DENIED);
663 }
664
665 void tc15_admin_set_bucket_admin_none3_func()
666 {
667     CynaraTestAdmin admin;
668     CynaraTestClient cynara;
669
670     const char *bucketDefault = CYNARA_ADMIN_DEFAULT_BUCKET;
671     const char *bucket = "bucket15_3";
672     const char *client = "client15_3";
673     const char *session = "session15_3";
674     const char *user = "user15_3";
675     const char *privilege = "privilege15_3";
676     const char *extra = nullptr;
677     const char *extraResult = nullptr;
678
679     admin.setBucket(bucket, CYNARA_ADMIN_NONE, extra);
680
681     {
682         CynaraPoliciesContainer cp;
683         cp.add(bucketDefault,
684                client, user, privilege,
685                CYNARA_ADMIN_BUCKET, bucket);
686         cp.add(bucketDefault,
687                client, user, CYNARA_ADMIN_WILDCARD,
688                CYNARA_ADMIN_ALLOW, extraResult);
689         admin.setPolicies(cp);
690     }
691     cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_ALLOWED);
692 }
693
694 void tc16_admin_check_single_bucket_func()
695 {
696     const char *bucketDefault = CYNARA_ADMIN_DEFAULT_BUCKET;
697     const char *client = "client16";
698     const char *user = "user16";
699     const char *privilege = "privilege16";
700     const char *extraResult = nullptr;
701     int recursive = 1;
702     int notrecursive = 0;
703
704     CynaraTestAdmin admin;
705
706     admin.adminCheck(bucketDefault, recursive, client, user, privilege,
707                      CYNARA_ADMIN_DENY, nullptr, CYNARA_API_SUCCESS);
708     admin.adminCheck(bucketDefault, notrecursive, client, user, privilege,
709                      CYNARA_ADMIN_DENY, nullptr, CYNARA_API_SUCCESS);
710
711     CynaraPoliciesContainer cp;
712     cp.add(bucketDefault,
713            client, user, privilege,
714            CYNARA_ADMIN_ALLOW, extraResult);
715     admin.setPolicies(cp);
716
717     admin.adminCheck(bucketDefault, recursive, client, user, privilege,
718                      CYNARA_ADMIN_ALLOW, nullptr, CYNARA_API_SUCCESS);
719     admin.adminCheck(bucketDefault, notrecursive, client, user, privilege,
720                      CYNARA_ADMIN_ALLOW, nullptr, CYNARA_API_SUCCESS);
721 }
722
723 void tc17_admin_check_nested_bucket_func()
724 {
725     const char *bucketDefault = CYNARA_ADMIN_DEFAULT_BUCKET;
726     const char *bucket = "bucket17";
727     const char *client = "client17";
728     const char *user = "user17";
729     const char *privilege = "privilege17";
730     const char *extra = nullptr;
731     const char *extraResult = nullptr;
732     int recursive = 1;
733     int notrecursive = 0;
734
735     CynaraTestAdmin admin;
736     admin.setBucket(bucket, CYNARA_ADMIN_DENY, extra);
737
738     admin.adminCheck(bucketDefault, recursive, client, user, privilege,
739                      CYNARA_ADMIN_DENY, nullptr, CYNARA_API_SUCCESS);
740     admin.adminCheck(bucketDefault, notrecursive, client, user, privilege,
741                      CYNARA_ADMIN_DENY, nullptr, CYNARA_API_SUCCESS);
742     admin.adminCheck(bucket, recursive, client, user, privilege,
743                      CYNARA_ADMIN_DENY, nullptr, CYNARA_API_SUCCESS);
744     admin.adminCheck(bucket, notrecursive, client, user, privilege,
745                      CYNARA_ADMIN_DENY, nullptr, CYNARA_API_SUCCESS);
746
747     {
748         CynaraPoliciesContainer cp;
749         cp.add(bucketDefault,
750                client, user, privilege,
751                CYNARA_ADMIN_BUCKET, bucket);
752         cp.add(bucket,
753                client, user, privilege,
754                CYNARA_ADMIN_ALLOW, extraResult);
755         admin.setPolicies(cp);
756     }
757
758     admin.adminCheck(bucketDefault, recursive, client, user, privilege,
759                      CYNARA_ADMIN_ALLOW, nullptr, CYNARA_API_SUCCESS);
760     admin.adminCheck(bucketDefault, notrecursive, client, user, privilege,
761                      CYNARA_ADMIN_DENY, nullptr, CYNARA_API_SUCCESS);
762     admin.adminCheck(bucket, recursive, client, user, privilege,
763                      CYNARA_ADMIN_ALLOW, nullptr, CYNARA_API_SUCCESS);
764     admin.adminCheck(bucket, notrecursive, client, user, privilege,
765                      CYNARA_ADMIN_ALLOW, nullptr, CYNARA_API_SUCCESS);
766 }
767
768 void tc18_admin_check_multiple_matches_func()
769 {
770     const char *bucketDefault = CYNARA_ADMIN_DEFAULT_BUCKET;
771     const char *client = "client18";
772     const char *user = "user18";
773     const char *privilege = "privilege18";
774     const char *wildcard = CYNARA_ADMIN_WILDCARD;
775     const char *extra = nullptr;
776     const char *extraResult = nullptr;
777     int recursive = 1;
778     int notrecursive = 0;
779
780     CynaraTestAdmin admin;
781
782     auto check = [&](int expected_result)
783     {
784         admin.adminCheck(bucketDefault, recursive, client, user, privilege,
785                          expected_result, nullptr, CYNARA_API_SUCCESS);
786         admin.adminCheck(bucketDefault, notrecursive, client, user, privilege,
787                          expected_result, nullptr, CYNARA_API_SUCCESS);
788     };
789
790     check(CYNARA_ADMIN_DENY);
791
792     {
793         CynaraPoliciesContainer cp;
794         cp.add(bucketDefault,
795                client, user, privilege,
796                CYNARA_ADMIN_ALLOW, extraResult);
797         admin.setPolicies(cp);
798     }
799
800     check(CYNARA_ADMIN_ALLOW);
801
802     {
803         CynaraPoliciesContainer cp;
804         cp.add(bucketDefault,
805                wildcard, user, privilege,
806                CYNARA_ADMIN_DENY, extraResult);
807         admin.setPolicies(cp);
808     }
809
810     check(CYNARA_ADMIN_DENY);
811
812     admin.setBucket(bucketDefault, CYNARA_ADMIN_ALLOW, extra);
813
814     check(CYNARA_ADMIN_DENY);
815
816     {
817         CynaraPoliciesContainer cp;
818         cp.add(bucketDefault,
819                client, user, privilege,
820                CYNARA_ADMIN_DELETE, extraResult);
821         admin.setPolicies(cp);
822     }
823
824     check(CYNARA_ADMIN_DENY);
825
826     {
827         CynaraPoliciesContainer cp;
828         cp.add(bucketDefault,
829                wildcard, user, privilege,
830                CYNARA_ADMIN_DELETE, extraResult);
831         admin.setPolicies(cp);
832     }
833
834     check(CYNARA_ADMIN_ALLOW);
835 }
836
837 void tc19_admin_check_none_bucket_func()
838 {
839     const char *bucketDefault = CYNARA_ADMIN_DEFAULT_BUCKET;
840     const char *bucket1 = "bucket19_a";
841     const char *bucket2 = "bucket19_b";
842     const char *client = "client19";
843     const char *user = "user19";
844     const char *privilege = "privilege19";
845     const char *extra = nullptr;
846     int recursive = 1;
847     int notrecursive = 0;
848
849     CynaraTestAdmin admin;
850     admin.setBucket(bucket1, CYNARA_ADMIN_NONE, extra);
851     admin.setBucket(bucket2, CYNARA_ADMIN_ALLOW, extra);
852
853     admin.adminCheck(bucketDefault, recursive, client, user, privilege,
854                      CYNARA_ADMIN_DENY, nullptr, CYNARA_API_SUCCESS);
855     admin.adminCheck(bucketDefault, notrecursive, client, user, privilege,
856                      CYNARA_ADMIN_DENY, nullptr, CYNARA_API_SUCCESS);
857     admin.adminCheck(bucket1, recursive, client, user, privilege,
858                      CYNARA_ADMIN_NONE, nullptr, CYNARA_API_SUCCESS);
859     admin.adminCheck(bucket1, notrecursive, client, user, privilege,
860                      CYNARA_ADMIN_NONE, nullptr, CYNARA_API_SUCCESS);
861     admin.adminCheck(bucket2, recursive, client, user, privilege,
862                      CYNARA_ADMIN_ALLOW, nullptr, CYNARA_API_SUCCESS);
863     admin.adminCheck(bucket2, notrecursive, client, user, privilege,
864                      CYNARA_ADMIN_ALLOW, nullptr, CYNARA_API_SUCCESS);
865
866     {
867         CynaraPoliciesContainer cp;
868         cp.add(bucketDefault,
869                client, user, privilege,
870                CYNARA_ADMIN_BUCKET, bucket1);
871         cp.add(bucket1,
872                client, user, privilege,
873                CYNARA_ADMIN_BUCKET, bucket2);
874         admin.setPolicies(cp);
875     }
876
877     admin.adminCheck(bucketDefault, recursive, client, user, privilege,
878                      CYNARA_ADMIN_ALLOW, nullptr, CYNARA_API_SUCCESS);
879     admin.adminCheck(bucketDefault, notrecursive, client, user, privilege,
880                      CYNARA_ADMIN_DENY, nullptr, CYNARA_API_SUCCESS);
881     admin.adminCheck(bucket1, recursive, client, user, privilege,
882                      CYNARA_ADMIN_ALLOW, nullptr, CYNARA_API_SUCCESS);
883     admin.adminCheck(bucket1, notrecursive, client, user, privilege,
884                      CYNARA_ADMIN_NONE, nullptr, CYNARA_API_SUCCESS);
885     admin.adminCheck(bucket2, recursive, client, user, privilege,
886                      CYNARA_ADMIN_ALLOW, nullptr, CYNARA_API_SUCCESS);
887     admin.adminCheck(bucket2, notrecursive, client, user, privilege,
888                      CYNARA_ADMIN_ALLOW, nullptr, CYNARA_API_SUCCESS);
889 }
890
891 RUNNER_TEST_GROUP_INIT(cynara_tests)
892
893 RUN_CYNARA_TEST(tc01_cynara_initialize)
894 RUN_CYNARA_TEST(tc02_admin_initialize)
895 RUN_CYNARA_TEST(tc03_cynara_check_invalid_params)
896 RUN_CYNARA_TEST(tc04_admin_set_policies_invalid_params)
897 RUN_CYNARA_TEST(tc05_admin_set_bucket_invalid_params)
898 RUN_CYNARA_TEST(tc06_cynara_check_empty_admin1)
899 RUN_CYNARA_TEST(tc06_cynara_check_empty_admin2)
900 RUN_CYNARA_TEST(tc07_admin_set_bucket_admin_allow_deny)
901 RUN_CYNARA_TEST(tc08_admin_set_policies_allow_remove1)
902 RUN_CYNARA_TEST(tc08_admin_set_policies_allow_remove2)
903 RUN_CYNARA_TEST(tc08_admin_set_policies_allow_remove3)
904 RUN_CYNARA_TEST(tc09_admin_set_policies_wildcard_accesses)
905 RUN_CYNARA_TEST(tc10_admin_change_extra_bucket)
906 RUN_CYNARA_TEST(tc11_admin_bucket_not_found)
907 RUN_CYNARA_TEST(tc12_admin_delete_bucket_with_policies_pointing_to_it)
908 RUN_CYNARA_TEST(tc13_admin_set_policies_to_extra_bucket)
909 RUN_CYNARA_TEST(tc14_admin_set_policies_integrity)
910 RUN_CYNARA_TEST(tc15_admin_set_bucket_admin_none1)
911 RUN_CYNARA_TEST(tc15_admin_set_bucket_admin_none2)
912 RUN_CYNARA_TEST(tc15_admin_set_bucket_admin_none3)
913 RUN_CYNARA_TEST(tc16_admin_check_single_bucket)
914 RUN_CYNARA_TEST(tc17_admin_check_nested_bucket)
915 RUN_CYNARA_TEST(tc18_admin_check_multiple_matches)
916 RUN_CYNARA_TEST(tc19_admin_check_none_bucket)