projects / platform / core / test / security-tests.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Add tests for cynara_admin_list_policies
[platform/core/test/security-tests.git] / tests / cynara-tests / test_cases.cpp
1 /*
2  * Copyright (c) 2014-2015 Samsung Electronics Co., Ltd All Rights Reserved
3  *
4  *    Licensed under the Apache License, Version 2.0 (the "License");
5  *    you may not use this file except in compliance with the License.
6  *    You may obtain a copy of the License at
7  *
8  *        http://www.apache.org/licenses/LICENSE-2.0
9  *
10  *    Unless required by applicable law or agreed to in writing, software
11  *    distributed under the License is distributed on an "AS IS" BASIS,
12  *    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  *    See the License for the specific language governing permissions and
14  *    limitations under the License.
15  */
16
17 /*
18  * @file        test_cases.cpp
19  * @author      Aleksander Zdyb <a.zdyb@partner.samsung.com>
20  * @author      Marcin Niesluchowski <m.niesluchow@samsung.com>
21  * @author      Lukasz Wojciechowski <l.wojciechow@partner.samsung.com>
22  * @version     1.1
23  * @brief       Tests for libcynara-client and libcynara-admin
24  */
25
26 #include <cynara_test_commons.h>
27
28 #include <tests_common.h>
29 #include <cynara_test_client.h>
30 #include <cynara_test_admin.h>
31
32 #include <climits>
33
34 using namespace CynaraTestAdmin;
35 using namespace CynaraTestClient;
36
37 void tc01_cynara_initialize_func()
38 {
39     Client();
40 }
41
42 void tc02_admin_initialize_func()
43 {
44     Admin admin;
45 }
46
47 void tc03_cynara_check_invalid_params_func()
48 {
49     Client cynara;
50
51     const char *client = "client03";
52     const char *user = "user03";
53     const char *privilege = "privilege03";
54     const char *session = "session03";
55
56     cynara.check(nullptr, session, user,    privilege, CYNARA_API_INVALID_PARAM);
57     cynara.check(client,  nullptr, user,    privilege, CYNARA_API_INVALID_PARAM);
58     cynara.check(client,  session, nullptr, privilege, CYNARA_API_INVALID_PARAM);
59     cynara.check(client,  session, user,    nullptr,   CYNARA_API_INVALID_PARAM);
60 }
61
62 void checkInvalidPolicy(Admin &admin,
63                         const char *bucket,
64                         const char *client,
65                         const char *user,
66                         const char *privilege,
67                         const int result,
68                         const char *resultExtra)
69 {
70     CynaraPoliciesContainer cp;
71     cp.add(bucket, client, user, privilege, result, resultExtra);
72
73     admin.setPolicies(cp, CYNARA_API_INVALID_PARAM);
74 }
75
76 void tc04_admin_set_policies_invalid_params_func()
77 {
78     Admin admin;
79
80     const char *bucket = CYNARA_ADMIN_DEFAULT_BUCKET;
81     const char *client = "client04";
82     const char *user = "user04";
83     const char *privilege = "privilege04";
84     const int resultAllow = CYNARA_ADMIN_ALLOW;
85     const int resultBucket = CYNARA_ADMIN_BUCKET;
86     const int resultNone = CYNARA_ADMIN_NONE;
87     const char *resultExtra = nullptr;
88
89     checkInvalidPolicy(admin, nullptr, client,  user,    privilege, resultAllow,  resultExtra);
90     checkInvalidPolicy(admin, bucket,  nullptr, user,    privilege, resultAllow,  resultExtra);
91     checkInvalidPolicy(admin, bucket,  client,  nullptr, privilege, resultAllow,  resultExtra);
92     checkInvalidPolicy(admin, bucket,  client,  user,    nullptr,   resultAllow,  resultExtra);
93     checkInvalidPolicy(admin, bucket,  client,  user,    privilege, INT_MAX,      resultExtra);
94     checkInvalidPolicy(admin, bucket,  client,  user,    privilege, resultBucket, nullptr    );
95     checkInvalidPolicy(admin, bucket,  client,  user,    privilege, resultNone,   resultExtra);
96 }
97
98 void tc05_admin_set_bucket_invalid_params_func()
99 {
100     Admin admin;
101
102     const char *bucket = CYNARA_ADMIN_DEFAULT_BUCKET;
103     const int operationAllow = CYNARA_ADMIN_ALLOW;
104     const int operationDelete = CYNARA_ADMIN_DELETE;
105     const int operationNone = CYNARA_ADMIN_NONE;
106     const char *extra = nullptr;
107
108     admin.setBucket(nullptr, operationAllow,   extra, CYNARA_API_INVALID_PARAM);
109     admin.setBucket(bucket,  INT_MAX,          extra, CYNARA_API_INVALID_PARAM);
110     admin.setBucket(bucket,  operationDelete,  extra, CYNARA_API_OPERATION_NOT_ALLOWED);
111     admin.setBucket(bucket,  operationNone,    extra, CYNARA_API_OPERATION_NOT_ALLOWED);
112 }
113
114 void tc06_cynara_check_empty_admin1_func()
115 {
116     Client cynara;
117
118     const char *client = "client06_1";
119     const char *session = "session06_1";
120     const char *user = "user06_1";
121     const char *privilege = "privilege06_1";
122
123     cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_DENIED);
124 }
125
126 void tc06_cynara_check_empty_admin2_func()
127 {
128     Client cynara;
129
130     const char *client = CYNARA_ADMIN_WILDCARD;
131     const char *session = "session06_2";
132     const char *user = CYNARA_ADMIN_WILDCARD;
133     const char *privilege = CYNARA_ADMIN_WILDCARD;
134
135     cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_DENIED);
136 }
137
138 void tc07_admin_set_bucket_admin_allow_deny_func()
139 {
140     Admin admin;
141     Client cynara;
142
143     const char *bucket = CYNARA_ADMIN_DEFAULT_BUCKET;
144     const char *client = "client07";
145     const char *session = "session07";
146     const char *user = "user07";
147     const char *privilege = "privilege07";
148     const char *extra = nullptr;
149
150     admin.setBucket(bucket, CYNARA_ADMIN_ALLOW, extra);
151
152     cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_ALLOWED);
153
154     admin.setBucket(bucket, CYNARA_ADMIN_DENY, extra);
155
156     cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_DENIED);
157 }
158
159 void tc08_admin_set_policies_allow_remove1_func()
160 {
161     Admin admin;
162     Client cynara;
163
164     const char *bucket = CYNARA_ADMIN_DEFAULT_BUCKET;
165     const char *session = "session08_1";
166     const int resultAllow = CYNARA_ADMIN_ALLOW;
167     const int resultDelete = CYNARA_ADMIN_DELETE;
168     const char *resultExtra = nullptr;
169
170     const std::vector< std::vector<const char *> > data = {
171         { "client08_1_a", "user08_1_a", "privilege08_1_a" },
172         { "client08_1_b", "user08_1_b", "privilege08_1_b" },
173     };
174
175     cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_DENIED);
176     cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED);
177
178     // allow first policy
179     {
180         CynaraPoliciesContainer cp;
181         cp.add(bucket, data[0][0], data[0][1], data[0][2], resultAllow, resultExtra);
182         admin.setPolicies(cp);
183     }
184     cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_ALLOWED);
185     cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED);
186
187     // allow second policy
188     {
189         CynaraPoliciesContainer cp;
190         cp.add(bucket, data[1][0], data[1][1], data[1][2], resultAllow, resultExtra);
191         admin.setPolicies(cp);
192     }
193     cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_ALLOWED);
194     cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_ALLOWED);
195
196     // delete first policy
197     {
198         CynaraPoliciesContainer cp;
199         cp.add(bucket, data[0][0], data[0][1], data[0][2], resultDelete, resultExtra);
200         admin.setPolicies(cp);
201     }
202     cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_DENIED);
203     cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_ALLOWED);
204
205     // delete second policy
206     {
207         CynaraPoliciesContainer cp;
208         cp.add(bucket, data[1][0], data[1][1], data[1][2], resultDelete, resultExtra);
209         admin.setPolicies(cp);
210     }
211     cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_DENIED);
212     cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED);
213 }
214
215 void tc08_admin_set_policies_allow_remove2_func()
216 {
217     Admin admin;
218     Client cynara;
219
220     const char *bucket = CYNARA_ADMIN_DEFAULT_BUCKET;
221     const char *session = "session08_2";
222     const int resultAllow = CYNARA_ADMIN_ALLOW;
223     const int resultDelete = CYNARA_ADMIN_DELETE;
224     const char *resultExtra = nullptr;
225
226     const std::vector< std::vector<const char *> > data = {
227         { "client08_2_a", "user08_2_a", "privilege08_2_a" },
228         { "client08_2_b", "user08_2_b", "privilege08_2_b" },
229     };
230
231     cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_DENIED);
232     cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED);
233
234     // allow first policy
235     {
236         CynaraPoliciesContainer cp;
237         cp.add(bucket, data[0][0], data[0][1], data[0][2], resultAllow, resultExtra);
238         admin.setPolicies(cp);
239     }
240     cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_ALLOWED);
241     cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED);
242
243     // delete first, allow second policy
244     {
245         CynaraPoliciesContainer cp;
246         cp.add(bucket, data[0][0], data[0][1], data[0][2], resultDelete, resultExtra);
247         cp.add(bucket, data[1][0], data[1][1], data[1][2], resultAllow, resultExtra);
248         admin.setPolicies(cp);
249     }
250     cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_DENIED);
251     cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_ALLOWED);
252
253     // delete second policy
254     {
255         CynaraPoliciesContainer cp;
256         cp.add(bucket, data[1][0], data[1][1], data[1][2], resultDelete, resultExtra);
257         admin.setPolicies(cp);
258     }
259
260     cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_DENIED);
261     cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED);
262 }
263
264 void tc08_admin_set_policies_allow_remove3_func()
265 {
266     Admin admin;
267     Client cynara;
268
269     const char *bucket = CYNARA_ADMIN_DEFAULT_BUCKET;
270     const char *session = "session08_3";
271     const int resultAllow = CYNARA_ADMIN_ALLOW;
272     const int resultDelete = CYNARA_ADMIN_DELETE;
273     const char *resultExtra = nullptr;
274
275     const std::vector< std::vector<const char *> > data = {
276         { "client08_3_a", "user08_3_a", "privilege08_3_a" },
277         { "client08_3_b", "user08_3_b", "privilege08_3_b" },
278     };
279
280     cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_DENIED);
281     cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED);
282
283     // allow first and second policy
284     {
285         CynaraPoliciesContainer cp;
286         cp.add(bucket, data[0][0], data[0][1], data[0][2], resultAllow, resultExtra);
287         cp.add(bucket, data[1][0], data[1][1], data[1][2], resultAllow, resultExtra);
288         admin.setPolicies(cp);
289     }
290     cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_ALLOWED);
291     cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_ALLOWED);
292
293     // delete first and second policy
294     {
295         CynaraPoliciesContainer cp;
296         cp.add(bucket, data[0][0], data[0][1], data[0][2], resultDelete, resultExtra);
297         cp.add(bucket, data[1][0], data[1][1], data[1][2], resultDelete, resultExtra);
298         admin.setPolicies(cp);
299     }
300
301     cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_DENIED);
302     cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED);
303 }
304
305 void checkAllDeny(const std::vector< std::vector<const char *> > &data,
306                   const char *session)
307 {
308     Client cynara;
309
310     for (auto it = data.begin(); it != data.end(); ++it) {
311         RUNNER_ASSERT_MSG(it->size() == 3, "Wrong test data size");
312     }
313
314     for (auto itClient = data.begin(); itClient != data.end(); ++itClient) {
315         for (auto itUser = data.begin(); itUser != data.end(); ++itUser) {
316             for (auto itPrivilege = data.begin(); itPrivilege != data.end(); ++itPrivilege) {
317                 cynara.check(itClient->at(0), session, itUser->at(1), itPrivilege->at(2), CYNARA_API_ACCESS_DENIED);
318             }
319         }
320     }
321 }
322
323 void checkSingleWildcardData(const std::vector< std::vector<const char *> > &data)
324 {
325     RUNNER_ASSERT_MSG(data.size() == 3, "Wrong test data size");
326     for (auto it = data.begin(); it != data.end(); ++it) {
327         RUNNER_ASSERT_MSG(it->size() == 3, "Wrong test data size");
328     }
329 }
330
331 void checkSingleWildcardAllowRestDeny(const std::vector< std::vector<const char *> > &data,
332                                       const char *session)
333 {
334     Client cynara;
335
336     checkSingleWildcardData(data);
337
338     for (size_t c = 0; c < data.size(); ++c) {
339         for (size_t u = 0; u < data.size(); ++u) {
340             for (size_t p = 0; p < data.size(); ++p) {
341                 if ((u == 0 && p == 0)
342                  || (c == 1 && p == 1)
343                  || (c == 2 && u == 2)) {
344                     cynara.check(data[c][0], session, data[u][1], data[p][2], CYNARA_API_ACCESS_ALLOWED);
345                 } else {
346                     cynara.check(data[c][0], session, data[u][1], data[p][2], CYNARA_API_ACCESS_DENIED);
347                 }
348             }
349         }
350     }
351 }
352
353 void setSingleWildcardPolicies(const char *bucket,
354                                const std::vector< std::vector<const char *> > &data,
355                                const int result, const char* resultExtra)
356 {
357     Admin admin;
358     CynaraPoliciesContainer cp;
359
360     checkSingleWildcardData(data);
361
362     cp.add(bucket,
363            CYNARA_ADMIN_WILDCARD, data[0][1], data[0][2],
364            result, resultExtra);
365     cp.add(bucket,
366            data[1][0], CYNARA_ADMIN_WILDCARD, data[1][2],
367            result, resultExtra);
368     cp.add(bucket,
369            data[2][0], data[2][1], CYNARA_ADMIN_WILDCARD,
370            result, resultExtra);
371
372     admin.setPolicies(cp);
373 }
374
375 void tc09_admin_set_policies_wildcard_accesses_func()
376 {
377     const char *bucket = CYNARA_ADMIN_DEFAULT_BUCKET;
378     const char *session = "session09";
379     const char *resultExtra = nullptr;
380
381     const std::vector< std::vector<const char *> > data = {
382         { "client09_a", "user09_a", "privilege09_a" },
383         { "client09_b", "user09_b", "privilege09_b" },
384         { "client09_c", "user09_c", "privilege09_c" }
385     };
386
387     checkAllDeny(data, session);
388
389     setSingleWildcardPolicies(bucket, data, CYNARA_ADMIN_ALLOW, resultExtra);
390
391     checkSingleWildcardAllowRestDeny(data, session);
392
393     setSingleWildcardPolicies(bucket, data, CYNARA_ADMIN_DELETE, resultExtra);
394
395     checkAllDeny(data, session);
396 }
397
398 void tc10_admin_change_extra_bucket_func()
399 {
400     Admin admin;
401     Client cynara;
402
403     const char *bucketDefault = CYNARA_ADMIN_DEFAULT_BUCKET;
404     const char *bucket = "bucket10";
405     const char *session = "session10";
406     const char *extra = nullptr;
407     const char *extraResult = nullptr;
408
409
410     const std::vector< std::vector<const char *> > data = {
411         { "client10_a", "user10_a", "privilege10_a" },
412         { "client10_b", "user10_b", "privilege10_b" }
413     };
414
415     cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_DENIED);
416     cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED);
417
418     admin.setBucket(bucket, CYNARA_ADMIN_ALLOW, extra);
419
420     cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_DENIED);
421     cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED);
422
423     {
424         CynaraPoliciesContainer cp;
425         cp.add(bucketDefault,
426                data[0][0], data[0][1], data[0][2],
427                CYNARA_ADMIN_BUCKET, bucket);
428         admin.setPolicies(cp);
429     }
430
431     cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_ALLOWED);
432     cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED);
433
434     admin.setBucket(bucket, CYNARA_ADMIN_DENY, extra);
435
436     cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_DENIED);
437     cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED);
438
439     admin.setBucket(bucket, CYNARA_ADMIN_ALLOW, extra);
440
441     cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_ALLOWED);
442     cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED);
443
444     {
445         CynaraPoliciesContainer cp;
446         cp.add(bucketDefault,
447                data[0][0], data[0][1], data[0][2],
448                CYNARA_ADMIN_DELETE, extraResult);
449         admin.setPolicies(cp);
450     }
451
452     cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_DENIED);
453     cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED);
454
455     admin.setBucket(bucket, CYNARA_ADMIN_DELETE, extra);
456 }
457
458 void tc11_admin_bucket_not_found_func()
459 {
460     Admin admin;
461     Client cynara;
462
463     const char *bucketDefault = CYNARA_ADMIN_DEFAULT_BUCKET;
464     const char *bucket = "bucket11";
465     const char *client = "client11";
466     const char *session = "session11";
467     const char *user = "user11";
468     const char *privilege = "privilege11";
469
470     cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_DENIED);
471
472     {
473         CynaraPoliciesContainer cp;
474         cp.add(bucketDefault,
475                client, user, privilege,
476                CYNARA_ADMIN_BUCKET, bucket);
477         admin.setPolicies(cp, CYNARA_API_BUCKET_NOT_FOUND);
478     }
479     cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_DENIED);
480 }
481
482 void tc12_admin_delete_bucket_with_policies_pointing_to_it_func()
483 {
484     Admin admin;
485     Client cynara;
486
487     const char *bucketDefault = CYNARA_ADMIN_DEFAULT_BUCKET;
488     const char *bucket = "bucket12";
489     const char *client = "client12";
490     const char *session = "session12";
491     const char *user = "user12";
492     const char *privilege = "privilege12";
493     const char *extra = nullptr;
494
495     admin.setBucket(bucket, CYNARA_ADMIN_ALLOW, extra);
496
497     {
498         CynaraPoliciesContainer cp;
499         cp.add(bucketDefault,
500                client, user, privilege,
501                CYNARA_ADMIN_BUCKET, bucket);
502         admin.setPolicies(cp);
503     }
504     cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_ALLOWED);
505
506     admin.setBucket(bucket, CYNARA_ADMIN_DELETE, extra);
507     cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_DENIED);
508
509     admin.setBucket(bucket, CYNARA_ADMIN_ALLOW, extra);
510     cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_DENIED);
511
512     admin.setBucket(bucket, CYNARA_ADMIN_DELETE, extra);
513     cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_DENIED);
514 }
515
516 void tc13_admin_set_policies_to_extra_bucket_func()
517 {
518     Admin admin;
519     Client cynara;
520
521     const char *bucketDefault = CYNARA_ADMIN_DEFAULT_BUCKET;
522     const char *bucket = "bucket13";
523     const char *client = "client13";
524     const char *session = "session13";
525     const char *user = "user13";
526     const char *privilege = "privilege13";
527     const char *extra = nullptr;
528     const char *extraResult = nullptr;
529
530     admin.setBucket(bucket, CYNARA_ADMIN_DENY, extra);
531     cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_DENIED);
532
533     {
534         CynaraPoliciesContainer cp;
535         cp.add(bucketDefault,
536                client, user, privilege,
537                CYNARA_ADMIN_BUCKET, bucket);
538         cp.add(bucket,
539                client, user, privilege,
540                CYNARA_ADMIN_ALLOW, extraResult);
541         admin.setPolicies(cp);
542     }
543     cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_ALLOWED);
544
545     admin.setBucket(bucket, CYNARA_ADMIN_DELETE, extra);
546     cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_DENIED);
547 }
548
549 void tc14_admin_set_policies_integrity_func()
550 {
551     const char *bucketDefault = CYNARA_ADMIN_DEFAULT_BUCKET;
552     const char *bucket = "bucket14";
553     const char *client = "client14";
554     const char *session = "session14";
555     const char *user = "user14";
556     const char *privilege = "privilege14";
557     const char *extraResult = nullptr;
558
559     {
560         Client cynara;
561         cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_DENIED);
562     }
563
564     {
565         Admin admin;
566         CynaraPoliciesContainer cp;
567         cp.add(bucketDefault,
568                client, user, privilege,
569                CYNARA_ADMIN_ALLOW, extraResult);
570         cp.add(bucket,
571                client, user, privilege,
572                CYNARA_ADMIN_ALLOW, extraResult);
573         admin.setPolicies(cp, CYNARA_API_BUCKET_NOT_FOUND);
574     }
575
576     {
577         Client cynara;
578         cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_DENIED);
579     }
580 }
581
582 void tc15_admin_set_bucket_admin_none1_func()
583 {
584     Admin admin;
585     Client cynara;
586
587     const char *bucketDefault = CYNARA_ADMIN_DEFAULT_BUCKET;
588     const char *bucket = "bucket15_1";
589     const char *client = "client15_1";
590     const char *session = "session15_1";
591     const char *user = "user15_1";
592     const char *privilege = "privilege15_1";
593     const char *extra = nullptr;
594     const char *extraResult = nullptr;
595
596     admin.setBucket(bucket, CYNARA_ADMIN_NONE, extra);
597
598     {
599         CynaraPoliciesContainer cp;
600         cp.add(bucketDefault,
601                client, user, privilege,
602                CYNARA_ADMIN_BUCKET, bucket);
603         cp.add(bucket,
604                client, user, privilege,
605                CYNARA_ADMIN_ALLOW, extraResult);
606         admin.setPolicies(cp);
607     }
608     cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_ALLOWED);
609 }
610
611 void tc15_admin_set_bucket_admin_none2_func()
612 {
613     Admin admin;
614     Client cynara;
615
616     const char *bucketDefault = CYNARA_ADMIN_DEFAULT_BUCKET;
617     const char *bucket = "bucket15_2";
618     const char *client = "client15_2";
619     const char *session = "session15_2";
620     const char *user = "user15_2";
621     const char *privilege = "privilege15_2";
622     const char *extra = nullptr;
623
624     admin.setBucket(bucket, CYNARA_ADMIN_NONE, extra);
625
626     {
627         CynaraPoliciesContainer cp;
628         cp.add(bucketDefault,
629                client, user, privilege,
630                CYNARA_ADMIN_BUCKET, bucket);
631         admin.setPolicies(cp);
632     }
633     cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_DENIED);
634 }
635
636 void tc15_admin_set_bucket_admin_none3_func()
637 {
638     Admin admin;
639     Client cynara;
640
641     const char *bucketDefault = CYNARA_ADMIN_DEFAULT_BUCKET;
642     const char *bucket = "bucket15_3";
643     const char *client = "client15_3";
644     const char *session = "session15_3";
645     const char *user = "user15_3";
646     const char *privilege = "privilege15_3";
647     const char *extra = nullptr;
648     const char *extraResult = nullptr;
649
650     admin.setBucket(bucket, CYNARA_ADMIN_NONE, extra);
651
652     {
653         CynaraPoliciesContainer cp;
654         cp.add(bucketDefault,
655                client, user, privilege,
656                CYNARA_ADMIN_BUCKET, bucket);
657         cp.add(bucketDefault,
658                client, user, CYNARA_ADMIN_WILDCARD,
659                CYNARA_ADMIN_ALLOW, extraResult);
660         admin.setPolicies(cp);
661     }
662     cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_ALLOWED);
663 }
664
665 void tc16_admin_check_single_bucket_func()
666 {
667     const char *bucketDefault = CYNARA_ADMIN_DEFAULT_BUCKET;
668     const char *client = "client16";
669     const char *user = "user16";
670     const char *privilege = "privilege16";
671     const char *extraResult = nullptr;
672     int recursive = 1;
673     int notrecursive = 0;
674
675     Admin admin;
676
677     admin.adminCheck(bucketDefault, recursive, client, user, privilege,
678                      CYNARA_ADMIN_DENY, nullptr, CYNARA_API_SUCCESS);
679     admin.adminCheck(bucketDefault, notrecursive, client, user, privilege,
680                      CYNARA_ADMIN_DENY, nullptr, CYNARA_API_SUCCESS);
681
682     CynaraPoliciesContainer cp;
683     cp.add(bucketDefault,
684            client, user, privilege,
685            CYNARA_ADMIN_ALLOW, extraResult);
686     admin.setPolicies(cp);
687
688     admin.adminCheck(bucketDefault, recursive, client, user, privilege,
689                      CYNARA_ADMIN_ALLOW, nullptr, CYNARA_API_SUCCESS);
690     admin.adminCheck(bucketDefault, notrecursive, client, user, privilege,
691                      CYNARA_ADMIN_ALLOW, nullptr, CYNARA_API_SUCCESS);
692 }
693
694 void tc17_admin_check_nested_bucket_func()
695 {
696     const char *bucketDefault = CYNARA_ADMIN_DEFAULT_BUCKET;
697     const char *bucket = "bucket17";
698     const char *client = "client17";
699     const char *user = "user17";
700     const char *privilege = "privilege17";
701     const char *extra = nullptr;
702     const char *extraResult = nullptr;
703     int recursive = 1;
704     int notrecursive = 0;
705
706     Admin admin;
707     admin.setBucket(bucket, CYNARA_ADMIN_DENY, extra);
708
709     admin.adminCheck(bucketDefault, recursive, client, user, privilege,
710                      CYNARA_ADMIN_DENY, nullptr, CYNARA_API_SUCCESS);
711     admin.adminCheck(bucketDefault, notrecursive, client, user, privilege,
712                      CYNARA_ADMIN_DENY, nullptr, CYNARA_API_SUCCESS);
713     admin.adminCheck(bucket, recursive, client, user, privilege,
714                      CYNARA_ADMIN_DENY, nullptr, CYNARA_API_SUCCESS);
715     admin.adminCheck(bucket, notrecursive, client, user, privilege,
716                      CYNARA_ADMIN_DENY, nullptr, CYNARA_API_SUCCESS);
717
718     {
719         CynaraPoliciesContainer cp;
720         cp.add(bucketDefault,
721                client, user, privilege,
722                CYNARA_ADMIN_BUCKET, bucket);
723         cp.add(bucket,
724                client, user, privilege,
725                CYNARA_ADMIN_ALLOW, extraResult);
726         admin.setPolicies(cp);
727     }
728
729     admin.adminCheck(bucketDefault, recursive, client, user, privilege,
730                      CYNARA_ADMIN_ALLOW, nullptr, CYNARA_API_SUCCESS);
731     admin.adminCheck(bucketDefault, notrecursive, client, user, privilege,
732                      CYNARA_ADMIN_DENY, nullptr, CYNARA_API_SUCCESS);
733     admin.adminCheck(bucket, recursive, client, user, privilege,
734                      CYNARA_ADMIN_ALLOW, nullptr, CYNARA_API_SUCCESS);
735     admin.adminCheck(bucket, notrecursive, client, user, privilege,
736                      CYNARA_ADMIN_ALLOW, nullptr, CYNARA_API_SUCCESS);
737 }
738
739 void tc18_admin_check_multiple_matches_func()
740 {
741     const char *bucketDefault = CYNARA_ADMIN_DEFAULT_BUCKET;
742     const char *client = "client18";
743     const char *user = "user18";
744     const char *privilege = "privilege18";
745     const char *wildcard = CYNARA_ADMIN_WILDCARD;
746     const char *extra = nullptr;
747     const char *extraResult = nullptr;
748     int recursive = 1;
749     int notrecursive = 0;
750
751     Admin admin;
752
753     auto check = [&](int expected_result)
754     {
755         admin.adminCheck(bucketDefault, recursive, client, user, privilege,
756                          expected_result, nullptr, CYNARA_API_SUCCESS);
757         admin.adminCheck(bucketDefault, notrecursive, client, user, privilege,
758                          expected_result, nullptr, CYNARA_API_SUCCESS);
759     };
760
761     check(CYNARA_ADMIN_DENY);
762
763     {
764         CynaraPoliciesContainer cp;
765         cp.add(bucketDefault,
766                client, user, privilege,
767                CYNARA_ADMIN_ALLOW, extraResult);
768         admin.setPolicies(cp);
769     }
770
771     check(CYNARA_ADMIN_ALLOW);
772
773     {
774         CynaraPoliciesContainer cp;
775         cp.add(bucketDefault,
776                wildcard, user, privilege,
777                CYNARA_ADMIN_DENY, extraResult);
778         admin.setPolicies(cp);
779     }
780
781     check(CYNARA_ADMIN_DENY);
782
783     admin.setBucket(bucketDefault, CYNARA_ADMIN_ALLOW, extra);
784
785     check(CYNARA_ADMIN_DENY);
786
787     {
788         CynaraPoliciesContainer cp;
789         cp.add(bucketDefault,
790                client, user, privilege,
791                CYNARA_ADMIN_DELETE, extraResult);
792         admin.setPolicies(cp);
793     }
794
795     check(CYNARA_ADMIN_DENY);
796
797     {
798         CynaraPoliciesContainer cp;
799         cp.add(bucketDefault,
800                wildcard, user, privilege,
801                CYNARA_ADMIN_DELETE, extraResult);
802         admin.setPolicies(cp);
803     }
804
805     check(CYNARA_ADMIN_ALLOW);
806 }
807
808 void tc19_admin_check_none_bucket_func()
809 {
810     const char *bucketDefault = CYNARA_ADMIN_DEFAULT_BUCKET;
811     const char *bucket1 = "bucket19_a";
812     const char *bucket2 = "bucket19_b";
813     const char *client = "client19";
814     const char *user = "user19";
815     const char *privilege = "privilege19";
816     const char *extra = nullptr;
817     int recursive = 1;
818     int notrecursive = 0;
819
820     Admin admin;
821     admin.setBucket(bucket1, CYNARA_ADMIN_NONE, extra);
822     admin.setBucket(bucket2, CYNARA_ADMIN_ALLOW, extra);
823
824     admin.adminCheck(bucketDefault, recursive, client, user, privilege,
825                      CYNARA_ADMIN_DENY, nullptr, CYNARA_API_SUCCESS);
826     admin.adminCheck(bucketDefault, notrecursive, client, user, privilege,
827                      CYNARA_ADMIN_DENY, nullptr, CYNARA_API_SUCCESS);
828     admin.adminCheck(bucket1, recursive, client, user, privilege,
829                      CYNARA_ADMIN_NONE, nullptr, CYNARA_API_SUCCESS);
830     admin.adminCheck(bucket1, notrecursive, client, user, privilege,
831                      CYNARA_ADMIN_NONE, nullptr, CYNARA_API_SUCCESS);
832     admin.adminCheck(bucket2, recursive, client, user, privilege,
833                      CYNARA_ADMIN_ALLOW, nullptr, CYNARA_API_SUCCESS);
834     admin.adminCheck(bucket2, notrecursive, client, user, privilege,
835                      CYNARA_ADMIN_ALLOW, nullptr, CYNARA_API_SUCCESS);
836
837     {
838         CynaraPoliciesContainer cp;
839         cp.add(bucketDefault,
840                client, user, privilege,
841                CYNARA_ADMIN_BUCKET, bucket1);
842         cp.add(bucket1,
843                client, user, privilege,
844                CYNARA_ADMIN_BUCKET, bucket2);
845         admin.setPolicies(cp);
846     }
847
848     admin.adminCheck(bucketDefault, recursive, client, user, privilege,
849                      CYNARA_ADMIN_ALLOW, nullptr, CYNARA_API_SUCCESS);
850     admin.adminCheck(bucketDefault, notrecursive, client, user, privilege,
851                      CYNARA_ADMIN_DENY, nullptr, CYNARA_API_SUCCESS);
852     admin.adminCheck(bucket1, recursive, client, user, privilege,
853                      CYNARA_ADMIN_ALLOW, nullptr, CYNARA_API_SUCCESS);
854     admin.adminCheck(bucket1, notrecursive, client, user, privilege,
855                      CYNARA_ADMIN_NONE, nullptr, CYNARA_API_SUCCESS);
856     admin.adminCheck(bucket2, recursive, client, user, privilege,
857                      CYNARA_ADMIN_ALLOW, nullptr, CYNARA_API_SUCCESS);
858     admin.adminCheck(bucket2, notrecursive, client, user, privilege,
859                      CYNARA_ADMIN_ALLOW, nullptr, CYNARA_API_SUCCESS);
860 }
861
862 void tc20_admin_list_empty_bucket_func()
863 {
864     const char *emptyBucket = "empty_bucket20";
865     const char *client = "client20";
866     const char *user = "user20";
867     const char *privilege = "privilege20";
868     const char *extra = nullptr;
869
870     Admin admin;
871     admin.setBucket(emptyBucket, CYNARA_ADMIN_ALLOW, extra);
872
873     CynaraPoliciesContainer emptyPolicies;
874
875     admin.listPolicies(emptyBucket, client, user, privilege, emptyPolicies);
876 }
877
878 void tc21_admin_list_no_bucket_func()
879 {
880     const char *emptyBucket = "empty_bucket21";
881     const char *notExistingBucket = "not_existing_bucket21";
882     const char *client = "client21";
883     const char *user = "user21";
884     const char *privilege = "privilege21";
885     const char *extra = nullptr;
886
887     Admin admin;
888     admin.setBucket(emptyBucket, CYNARA_ADMIN_ALLOW, extra);
889
890     CynaraPoliciesContainer emptyPolicies;
891
892     admin.listPolicies(notExistingBucket, client, user, privilege, emptyPolicies,
893                        CYNARA_API_BUCKET_NOT_FOUND);
894 }
895
896 void tc22_admin_list_bucket_func()
897 {
898     const char *bucket = "bucket22";
899     const char *emptyBucket = "empty_bucket22";
900     const char *client = "client22";
901     const char *user = "user22";
902     const char *privilege = "privilege22";
903     const char *client2 = "client22_2";
904     const char *user2 = "user22_2";
905     const char *privilege2 = "privilege22_2";
906     const char *wildcard = CYNARA_ADMIN_WILDCARD;
907     const char *any = CYNARA_ADMIN_ANY;
908
909     const char *extra = nullptr;
910
911     Admin admin;
912     admin.setBucket(bucket, CYNARA_ADMIN_ALLOW, extra);
913     admin.setBucket(emptyBucket, CYNARA_ADMIN_ALLOW, extra);
914
915     {
916         CynaraPoliciesContainer cp;
917         cp.add(bucket, wildcard, wildcard, wildcard,   CYNARA_ADMIN_BUCKET, emptyBucket);
918         cp.add(bucket, wildcard, wildcard, privilege,  CYNARA_ADMIN_DENY, extra);
919         cp.add(bucket, wildcard, wildcard, privilege2, CYNARA_ADMIN_BUCKET, emptyBucket);
920         cp.add(bucket, wildcard, user,     wildcard,   CYNARA_ADMIN_DENY, extra);
921         cp.add(bucket, wildcard, user2,    wildcard,   CYNARA_ADMIN_BUCKET, emptyBucket);
922         cp.add(bucket, wildcard, user,     privilege,  CYNARA_ADMIN_DENY, extra);
923         cp.add(bucket, wildcard, user,     privilege2, CYNARA_ADMIN_BUCKET, emptyBucket);
924         cp.add(bucket, wildcard, user2,    privilege,  CYNARA_ADMIN_DENY, extra);
925         cp.add(bucket, wildcard, user2,    privilege2, CYNARA_ADMIN_BUCKET, emptyBucket);
926         cp.add(bucket, client,   wildcard, wildcard,   CYNARA_ADMIN_DENY, extra);
927         cp.add(bucket, client2,  wildcard, wildcard,   CYNARA_ADMIN_BUCKET, emptyBucket);
928         cp.add(bucket, client,   wildcard, privilege,  CYNARA_ADMIN_DENY, extra);
929         cp.add(bucket, client,   wildcard, privilege2, CYNARA_ADMIN_BUCKET, emptyBucket);
930         cp.add(bucket, client2,  wildcard, privilege,  CYNARA_ADMIN_DENY, extra);
931         cp.add(bucket, client2,  wildcard, privilege2, CYNARA_ADMIN_BUCKET, emptyBucket);
932         cp.add(bucket, client,   user,     wildcard,   CYNARA_ADMIN_DENY, extra);
933         cp.add(bucket, client,   user2,    wildcard,   CYNARA_ADMIN_BUCKET, emptyBucket);
934         cp.add(bucket, client2,  user,     wildcard,   CYNARA_ADMIN_DENY, extra);
935         cp.add(bucket, client2,  user2,    wildcard,   CYNARA_ADMIN_BUCKET, emptyBucket);
936         cp.add(bucket, client,   user,     privilege,  CYNARA_ADMIN_DENY, extra);
937         cp.add(bucket, client,   user,     privilege2, CYNARA_ADMIN_BUCKET, emptyBucket);
938         cp.add(bucket, client,   user2,    privilege,  CYNARA_ADMIN_DENY, extra);
939         cp.add(bucket, client,   user2,    privilege2, CYNARA_ADMIN_BUCKET, emptyBucket);
940         cp.add(bucket, client2,  user,     privilege,  CYNARA_ADMIN_DENY, extra);
941         cp.add(bucket, client2,  user,     privilege2, CYNARA_ADMIN_BUCKET, emptyBucket);
942         cp.add(bucket, client2,  user2,    privilege,  CYNARA_ADMIN_DENY, extra);
943         cp.add(bucket, client2,  user2,    privilege2, CYNARA_ADMIN_BUCKET, emptyBucket);
944         admin.setPolicies(cp);
945     }
946
947     CynaraPoliciesContainer expectedPolicies;
948     expectedPolicies.add(bucket, client, wildcard, wildcard, CYNARA_ADMIN_DENY, extra);
949     expectedPolicies.add(bucket, client, wildcard, privilege, CYNARA_ADMIN_DENY, extra);
950     expectedPolicies.add(bucket, client, wildcard, privilege2, CYNARA_ADMIN_BUCKET, emptyBucket);
951
952     admin.listPolicies(bucket, client, wildcard, any, expectedPolicies);
953 }
954
955 RUNNER_TEST_GROUP_INIT(cynara_tests)
956
957 RUN_CYNARA_TEST(tc01_cynara_initialize)
958 RUN_CYNARA_TEST(tc02_admin_initialize)
959 RUN_CYNARA_TEST(tc03_cynara_check_invalid_params)
960 RUN_CYNARA_TEST(tc04_admin_set_policies_invalid_params)
961 RUN_CYNARA_TEST(tc05_admin_set_bucket_invalid_params)
962 RUN_CYNARA_TEST(tc06_cynara_check_empty_admin1)
963 RUN_CYNARA_TEST(tc06_cynara_check_empty_admin2)
964 RUN_CYNARA_TEST(tc07_admin_set_bucket_admin_allow_deny)
965 RUN_CYNARA_TEST(tc08_admin_set_policies_allow_remove1)
966 RUN_CYNARA_TEST(tc08_admin_set_policies_allow_remove2)
967 RUN_CYNARA_TEST(tc08_admin_set_policies_allow_remove3)
968 RUN_CYNARA_TEST(tc09_admin_set_policies_wildcard_accesses)
969 RUN_CYNARA_TEST(tc10_admin_change_extra_bucket)
970 RUN_CYNARA_TEST(tc11_admin_bucket_not_found)
971 RUN_CYNARA_TEST(tc12_admin_delete_bucket_with_policies_pointing_to_it)
972 RUN_CYNARA_TEST(tc13_admin_set_policies_to_extra_bucket)
973 RUN_CYNARA_TEST(tc14_admin_set_policies_integrity)
974 RUN_CYNARA_TEST(tc15_admin_set_bucket_admin_none1)
975 RUN_CYNARA_TEST(tc15_admin_set_bucket_admin_none2)
976 RUN_CYNARA_TEST(tc15_admin_set_bucket_admin_none3)
977 RUN_CYNARA_TEST(tc16_admin_check_single_bucket)
978 RUN_CYNARA_TEST(tc17_admin_check_nested_bucket)
979 RUN_CYNARA_TEST(tc18_admin_check_multiple_matches)
980 RUN_CYNARA_TEST(tc19_admin_check_none_bucket)
981 RUN_CYNARA_TEST(tc20_admin_list_empty_bucket)
982 RUN_CYNARA_TEST(tc21_admin_list_no_bucket)
983 RUN_CYNARA_TEST(tc22_admin_list_bucket)
Domain: Security / Uncategorized;