Add start point in Storage::checkPolicy()

Storage::checkPolicy() now accepts id of bucket to start
search with. Additional parameter (recursive) indicates,
if search should go down into encountered buckets.

Change-Id: I23ff8e044fc9ff0198183c335ffe845e75efe08b

diff --git a/src/common/types/PolicyBucket.h b/src/common/types/PolicyBucket.h
index b865d9e..c4675c2 100644 (file)
--- a/src/common/types/PolicyBucket.h
+++ b/src/common/types/PolicyBucket.h
@@ -48,12 +48,19 @@ public:
     typedef PolicyCollection::value_type value_type;
     typedef const_policy_iterator const_iterator;
 
+    // TODO: Review usefulness of ctors
     PolicyBucket() : m_defaultPolicy(PredefinedPolicyType::DENY) {}
     PolicyBucket(const PolicyBucketId &id, const PolicyResult &defaultPolicy)
         : m_defaultPolicy(defaultPolicy), m_id(id) {}
     PolicyBucket(const PolicyCollection &policies)
         : m_policyCollection(makePolicyMap(policies)),
           m_defaultPolicy(PredefinedPolicyType::DENY) {}
+    PolicyBucket(const PolicyBucketId &id,
+                 const PolicyResult &defaultPolicy,
+                 const PolicyCollection &policies)
+        : m_policyCollection(makePolicyMap(policies)),
+          m_defaultPolicy(defaultPolicy),
+          m_id(id) {}
 
     PolicyBucket filtered(const PolicyKey &key) const;
     void insertPolicy(PolicyPtr policy);

diff --git a/src/service/storage/Storage.cpp b/src/service/storage/Storage.cpp
index 7f92c34..8e81edc 100644 (file)
--- a/src/service/storage/Storage.cpp
+++ b/src/service/storage/Storage.cpp
@@ -38,12 +38,15 @@
 
 namespace Cynara {
 
-PolicyResult Storage::checkPolicy(const PolicyKey &key) {
-    auto policies = m_backend.searchDefaultBucket(key);
-    return minimalPolicy(policies, key);
+PolicyResult Storage::checkPolicy(const PolicyKey &key,
+                                  const PolicyBucketId &startBucketId /*= defaultPolicyBucketId*/,
+                                  bool recursive /*= true*/) {
+    auto policies = m_backend.searchBucket(startBucketId, key);
+    return minimalPolicy(policies, key, recursive);
 };
 
-PolicyResult Storage::minimalPolicy(const PolicyBucket &bucket, const PolicyKey &key) {
+PolicyResult Storage::minimalPolicy(const PolicyBucket &bucket, const PolicyKey &key,
+                                    bool recursive) {
     bool hasMinimal = false;
     PolicyResult minimal = bucket.defaultPolicy();
 
@@ -63,9 +66,11 @@ PolicyResult Storage::minimalPolicy(const PolicyBucket &bucket, const PolicyKey
             case PredefinedPolicyType::DENY:
                 return policyResult; // Do not expect lower value than DENY
             case PredefinedPolicyType::BUCKET: {
-                    auto bucketResults = m_backend.searchBucket(policyResult.metadata(), key);
-                    auto minimumOfBucket = minimalPolicy(bucketResults, key);
-                    proposeMinimal(minimumOfBucket);
+                    if (recursive == true) {
+                        auto bucketResults = m_backend.searchBucket(policyResult.metadata(), key);
+                        auto minimumOfBucket = minimalPolicy(bucketResults, key, true);
+                        proposeMinimal(minimumOfBucket);
+                    }
                     continue;
                 }
             case PredefinedPolicyType::ALLOW:

diff --git a/src/service/storage/Storage.h b/src/service/storage/Storage.h
index adee6ec..82052d0 100644 (file)
--- a/src/service/storage/Storage.h
+++ b/src/service/storage/Storage.h
@@ -43,7 +43,9 @@ class Storage
 public:
     Storage(StorageBackend &backend) : m_backend(backend) {}
 
-    PolicyResult checkPolicy(const PolicyKey &key);
+    PolicyResult checkPolicy(const PolicyKey &key,
+                             const PolicyBucketId &startBucketId = defaultPolicyBucketId,
+                             bool recursive = true);
 
     void insertPolicies(const std::map<PolicyBucketId, std::vector<Policy>> &policiesByBucketId);
     void deletePolicies(const std::map<PolicyBucketId, std::vector<PolicyKey>> &keysByBucketId);
@@ -55,7 +57,7 @@ public:
     void save(void);
 
 protected:
-    PolicyResult minimalPolicy(const PolicyBucket &bucket, const PolicyKey &key);
+    PolicyResult minimalPolicy(const PolicyBucket &bucket, const PolicyKey &key, bool recursive);
 
 private:
     StorageBackend &m_backend; // backend strategy

diff --git a/src/service/storage/StorageBackend.h b/src/service/storage/StorageBackend.h
index cc711f9..b015bf0 100644 (file)
--- a/src/service/storage/StorageBackend.h
+++ b/src/service/storage/StorageBackend.h
@@ -37,6 +37,7 @@ class StorageBackend {
 public:
     virtual ~StorageBackend() {}
 
+    // TODO: Remove searchDefaultBucket()
     virtual PolicyBucket searchDefaultBucket(const PolicyKey &key) = 0;
     virtual PolicyBucket searchBucket(const PolicyBucketId &bucket, const PolicyKey &key) = 0;
 

diff --git a/test/storage/storage/check.cpp b/test/storage/storage/check.cpp
index e71e40f..f56e7fe 100644 (file)
--- a/test/storage/storage/check.cpp
+++ b/test/storage/storage/check.cpp
@@ -49,7 +49,7 @@ TEST(storage, checkEmpty) {
     Cynara::Storage storage(backend);
     PolicyKey pk = Helpers::generatePolicyKey();
 
-    EXPECT_CALL(backend, searchDefaultBucket(pk))
+    EXPECT_CALL(backend, searchBucket(defaultPolicyBucketId, pk))
         .WillOnce(ReturnPointee(&emptyBucket));
 
     // Default bucket empty -- return DENY
@@ -66,7 +66,7 @@ TEST(storage, checkSimple) {
     Cynara::Storage storage(backend);
     PolicyKey pk = Helpers::generatePolicyKey();
 
-    EXPECT_CALL(backend, searchDefaultBucket(pk))
+    EXPECT_CALL(backend, searchBucket(defaultPolicyBucketId, pk))
         .WillRepeatedly(ReturnPointee(&bucket));
 
     // Default bucket empty -- return DENY
@@ -81,6 +81,7 @@ TEST(storage, checkSimple) {
     ASSERT_EQ(PredefinedPolicyType::DENY, storage.checkPolicy(pk).policyType());
 }
 
+// TODO: Refactorize to resemble checkNonrecursive()
 TEST(storage, checkBucket) {
     using ::testing::ReturnPointee;
 
@@ -97,9 +98,6 @@ TEST(storage, checkBucket) {
 
     PolicyBucket additionalBucket;
 
-    EXPECT_CALL(backend, searchDefaultBucket(pk))
-        .WillRepeatedly(ReturnPointee(&defaultBucket));
-
     EXPECT_CALL(backend, searchBucket(defaultPolicyBucketId, pk))
         .WillRepeatedly(ReturnPointee(&defaultBucket));
 
@@ -136,9 +134,6 @@ TEST(storage, checkBucketWildcard) {
     FakeStorageBackend backend;
     Cynara::Storage storage(backend);
 
-    EXPECT_CALL(backend, searchDefaultBucket(checkKey))
-        .WillRepeatedly(ReturnPointee(&defaultBucket));
-
     EXPECT_CALL(backend, searchBucket(defaultPolicyBucketId, checkKey))
         .WillRepeatedly(ReturnPointee(&defaultBucket));
 
@@ -166,9 +161,6 @@ TEST(storage, checkBucketWildcardOtherDefault) {
     FakeStorageBackend backend;
     Cynara::Storage storage(backend);
 
-    EXPECT_CALL(backend, searchDefaultBucket(checkKey))
-        .WillRepeatedly(ReturnPointee(&defaultBucket));
-
     EXPECT_CALL(backend, searchBucket(defaultPolicyBucketId, checkKey))
         .WillRepeatedly(ReturnPointee(&defaultBucket));
 
@@ -179,3 +171,21 @@ TEST(storage, checkBucketWildcardOtherDefault) {
     // Should return additional bucket's default policy
     ASSERT_EQ(PredefinedPolicyType::ALLOW, storage.checkPolicy(checkKey));
 }
+
+TEST(storage, checkNonrecursive) {
+    using ::testing::ReturnPointee;
+
+    PolicyKey pk = Helpers::generatePolicyKey();
+    PolicyBucketId bucketId = "a-bucket";
+
+    PolicyBucket bucket(bucketId, PredefinedPolicyType::ALLOW,
+                               { Policy::bucketWithKey(pk, "must-not-be-touched") });
+    FakeStorageBackend backend;
+
+    Cynara::Storage storage(backend);
+
+    EXPECT_CALL(backend, searchBucket(bucketId, pk))
+        .WillOnce(ReturnPointee(&bucket));
+
+    ASSERT_EQ(PredefinedPolicyType::ALLOW, storage.checkPolicy(pk, bucketId, false));
+}