Add tests for cynara_admin_erase

All tests try erasing policies in different scenarios and then verify
if proper policies were removed from proper buckets, but listing what
is left and comparing to expected result.

There are 7 tests added:
* tc23_admin_erase_empty_bucket - erase policies from empty bucket;
* tc24_admin_erase_no_bucket - try to erase from not existing bucket;
* tc25_admin_erase_single_bucket - check all posibilities of matching
 policies during erase;
* tc26_admin_erase_recursive_not_linked_buckets - erase with recursive
 flag set to TRUE, but in case where no policy lead to subbucket;
* tc27_admin_erase_recursive_linked_buckets - erase with recursive flag
 set to TRUE with existance of policy leading to subbucket;
* tc28_admin_erase_non_recursive_linked_buckets - erase with recursive
 flag set to FALSE with existance of policy leading to subbucket;
* tc29_admin_erase_recursive_from_sub_bucket - start erase test in
 subbucket and check if parent bucket stays unaffected by erase.

Change-Id: Ib712a028d97773e70b98de85c51aff0238bb8586

diff --git a/tests/cynara-tests/test_cases.cpp b/tests/cynara-tests/test_cases.cpp
index 321d621ee140e9b73f836475f46faa4297ecad6b..3b99263d22f3e62a46ac94c6f8c0222d2c7a9863 100644 (file)
--- a/tests/cynara-tests/test_cases.cpp
+++ b/tests/cynara-tests/test_cases.cpp
@@ -952,6 +952,311 @@ void tc22_admin_list_bucket_func()
     admin.listPolicies(bucket, client, wildcard, any, expectedPolicies);
 }
 
+void tc23_admin_erase_empty_bucket_func()
+{
+    const char *emptyBucket = "empty_bucket23";
+    const char *client = "client23";
+    const char *user = "user23";
+    const char *privilege = "privilege23";
+    const char *extra = nullptr;
+    int recursive = 1;
+
+    Admin admin;
+    admin.setBucket(emptyBucket, CYNARA_ADMIN_ALLOW, extra);
+
+    admin.erasePolicies(emptyBucket, recursive, client, user, privilege);
+}
+
+void tc24_admin_erase_no_bucket_func()
+{
+    const char *emptyBucket = "empty_bucket24";
+    const char *notExistingBucket = "not_existing_bucket24";
+    const char *client = "client24";
+    const char *user = "user24";
+    const char *privilege = "privilege24";
+    const char *extra = nullptr;
+    int recursive = 1;
+
+    Admin admin;
+    admin.setBucket(emptyBucket, CYNARA_ADMIN_ALLOW, extra);
+
+    admin.erasePolicies(notExistingBucket, recursive, client, user, privilege,
+                        CYNARA_API_BUCKET_NOT_FOUND);
+}
+
+void tc25_admin_erase_single_bucket_func()
+{
+    const char *bucket = "bucket25";
+    const char *emptyBucket = "empty_bucket25";
+    const char *client = "client25";
+    const char *user = "user25";
+    const char *privilege = "privilege25";
+    const char *client2 = "client25_2";
+    const char *user2 = "user25_2";
+    const char *privilege2 = "privilege25_2";
+    const char *wildcard = CYNARA_ADMIN_WILDCARD;
+    const char *any = CYNARA_ADMIN_ANY;
+    const char *extra = nullptr;
+    int recursive = 1;
+
+    Admin admin;
+    admin.setBucket(bucket, CYNARA_ADMIN_ALLOW, extra);
+    admin.setBucket(emptyBucket, CYNARA_ADMIN_ALLOW, extra);
+
+    {
+        CynaraPoliciesContainer cp;
+        cp.add(bucket, wildcard, wildcard, wildcard,   CYNARA_ADMIN_BUCKET, emptyBucket);
+        cp.add(bucket, wildcard, wildcard, privilege,  CYNARA_ADMIN_DENY, extra);
+        cp.add(bucket, wildcard, wildcard, privilege2, CYNARA_ADMIN_BUCKET, emptyBucket);
+        cp.add(bucket, wildcard, user,     wildcard,   CYNARA_ADMIN_DENY, extra);
+        cp.add(bucket, wildcard, user2,    wildcard,   CYNARA_ADMIN_BUCKET, emptyBucket);
+        cp.add(bucket, wildcard, user,     privilege,  CYNARA_ADMIN_DENY, extra);
+        cp.add(bucket, wildcard, user,     privilege2, CYNARA_ADMIN_BUCKET, emptyBucket);
+        cp.add(bucket, wildcard, user2,    privilege,  CYNARA_ADMIN_DENY, extra);
+        cp.add(bucket, wildcard, user2,    privilege2, CYNARA_ADMIN_BUCKET, emptyBucket);
+        cp.add(bucket, client,   wildcard, wildcard,   CYNARA_ADMIN_DENY, extra);
+        cp.add(bucket, client2,  wildcard, wildcard,   CYNARA_ADMIN_BUCKET, emptyBucket);
+        cp.add(bucket, client,   wildcard, privilege,  CYNARA_ADMIN_DENY, extra);
+        cp.add(bucket, client,   wildcard, privilege2, CYNARA_ADMIN_BUCKET, emptyBucket);
+        cp.add(bucket, client2,  wildcard, privilege,  CYNARA_ADMIN_DENY, extra);
+        cp.add(bucket, client2,  wildcard, privilege2, CYNARA_ADMIN_BUCKET, emptyBucket);
+        cp.add(bucket, client,   user,     wildcard,   CYNARA_ADMIN_DENY, extra);
+        cp.add(bucket, client,   user2,    wildcard,   CYNARA_ADMIN_BUCKET, emptyBucket);
+        cp.add(bucket, client2,  user,     wildcard,   CYNARA_ADMIN_DENY, extra);
+        cp.add(bucket, client2,  user2,    wildcard,   CYNARA_ADMIN_BUCKET, emptyBucket);
+        cp.add(bucket, client,   user,     privilege,  CYNARA_ADMIN_DENY, extra);
+        cp.add(bucket, client,   user,     privilege2, CYNARA_ADMIN_BUCKET, emptyBucket);
+        cp.add(bucket, client,   user2,    privilege,  CYNARA_ADMIN_DENY, extra);
+        cp.add(bucket, client,   user2,    privilege2, CYNARA_ADMIN_BUCKET, emptyBucket);
+        cp.add(bucket, client2,  user,     privilege,  CYNARA_ADMIN_DENY, extra);
+        cp.add(bucket, client2,  user,     privilege2, CYNARA_ADMIN_BUCKET, emptyBucket);
+        cp.add(bucket, client2,  user2,    privilege,  CYNARA_ADMIN_DENY, extra);
+        cp.add(bucket, client2,  user2,    privilege2, CYNARA_ADMIN_BUCKET, emptyBucket);
+        admin.setPolicies(cp);
+    }
+
+    admin.erasePolicies(bucket, recursive, client, wildcard, any);
+
+    {
+        CynaraPoliciesContainer expPolicies;
+        expPolicies.add(bucket, wildcard, wildcard, wildcard,   CYNARA_ADMIN_BUCKET, emptyBucket);
+        expPolicies.add(bucket, wildcard, wildcard, privilege,  CYNARA_ADMIN_DENY, extra);
+        expPolicies.add(bucket, wildcard, wildcard, privilege2, CYNARA_ADMIN_BUCKET, emptyBucket);
+        expPolicies.add(bucket, wildcard, user,     wildcard,   CYNARA_ADMIN_DENY, extra);
+        expPolicies.add(bucket, wildcard, user2,    wildcard,   CYNARA_ADMIN_BUCKET, emptyBucket);
+        expPolicies.add(bucket, wildcard, user,     privilege,  CYNARA_ADMIN_DENY, extra);
+        expPolicies.add(bucket, wildcard, user,     privilege2, CYNARA_ADMIN_BUCKET, emptyBucket);
+        expPolicies.add(bucket, wildcard, user2,    privilege,  CYNARA_ADMIN_DENY, extra);
+        expPolicies.add(bucket, wildcard, user2,    privilege2, CYNARA_ADMIN_BUCKET, emptyBucket);
+        // WAS ERASED  (bucket, client,   wildcard, wildcard,   CYNARA_ADMIN_DENY, extra);
+        expPolicies.add(bucket, client2,  wildcard, wildcard,   CYNARA_ADMIN_BUCKET, emptyBucket);
+        // WAS ERASED  (bucket, client,   wildcard, privilege,  CYNARA_ADMIN_DENY, extra);
+        // WAS ERASED  (bucket, client,   wildcard, privilege2, CYNARA_ADMIN_BUCKET, emptyBucket);
+        expPolicies.add(bucket, client2,  wildcard, privilege,  CYNARA_ADMIN_DENY, extra);
+        expPolicies.add(bucket, client2,  wildcard, privilege2, CYNARA_ADMIN_BUCKET, emptyBucket);
+        expPolicies.add(bucket, client,   user,     wildcard,   CYNARA_ADMIN_DENY, extra);
+        expPolicies.add(bucket, client,   user2,    wildcard,   CYNARA_ADMIN_BUCKET, emptyBucket);
+        expPolicies.add(bucket, client2,  user,     wildcard,   CYNARA_ADMIN_DENY, extra);
+        expPolicies.add(bucket, client2,  user2,    wildcard,   CYNARA_ADMIN_BUCKET, emptyBucket);
+        expPolicies.add(bucket, client,   user,     privilege,  CYNARA_ADMIN_DENY, extra);
+        expPolicies.add(bucket, client,   user,     privilege2, CYNARA_ADMIN_BUCKET, emptyBucket);
+        expPolicies.add(bucket, client,   user2,    privilege,  CYNARA_ADMIN_DENY, extra);
+        expPolicies.add(bucket, client,   user2,    privilege2, CYNARA_ADMIN_BUCKET, emptyBucket);
+        expPolicies.add(bucket, client2,  user,     privilege,  CYNARA_ADMIN_DENY, extra);
+        expPolicies.add(bucket, client2,  user,     privilege2, CYNARA_ADMIN_BUCKET, emptyBucket);
+        expPolicies.add(bucket, client2,  user2,    privilege,  CYNARA_ADMIN_DENY, extra);
+        expPolicies.add(bucket, client2,  user2,    privilege2, CYNARA_ADMIN_BUCKET, emptyBucket);
+        admin.listPolicies(bucket, any, any, any, expPolicies);
+    }
+    {
+        CynaraPoliciesContainer expPolicies;
+        admin.listPolicies(emptyBucket, any, any, any, expPolicies);
+    }
+}
+
+void tc26_admin_erase_recursive_not_linked_buckets_func()
+{
+    const char *bucket = "bucket26";
+    const char *subBucket = "sub_bucket26";
+    const char *client = "client26";
+    const char *user = "user26";
+    const char *privilege = "privilege26";
+    const char *wildcard = CYNARA_ADMIN_WILDCARD;
+    const char *any = CYNARA_ADMIN_ANY;
+    const char *extra = nullptr;
+    int recursive = 1;
+
+    Admin admin;
+    admin.setBucket(bucket, CYNARA_ADMIN_ALLOW, extra);
+    admin.setBucket(subBucket, CYNARA_ADMIN_ALLOW, extra);
+
+    {
+        CynaraPoliciesContainer cp;
+        cp.add(bucket, client,   user, wildcard,  CYNARA_ADMIN_DENY, extra);
+        cp.add(bucket, wildcard, user, wildcard,  CYNARA_ADMIN_DENY, extra);
+        cp.add(bucket, client,   user, privilege, CYNARA_ADMIN_DENY, extra);
+
+        cp.add(subBucket, client,   user, wildcard,  CYNARA_ADMIN_DENY, extra);
+        cp.add(subBucket, wildcard, user, wildcard,  CYNARA_ADMIN_DENY, extra);
+        cp.add(subBucket, client,   user, privilege, CYNARA_ADMIN_DENY, extra);
+        admin.setPolicies(cp);
+    }
+
+    admin.erasePolicies(bucket, recursive, any, user, wildcard);
+
+    {
+        CynaraPoliciesContainer expPolicies;
+        expPolicies.add(bucket, client, user, privilege, CYNARA_ADMIN_DENY, extra);
+        admin.listPolicies(bucket, any, any, any, expPolicies);
+    }
+    {
+        CynaraPoliciesContainer expPolicies;
+        expPolicies.add(subBucket, client,   user, wildcard,  CYNARA_ADMIN_DENY, extra);
+        expPolicies.add(subBucket, wildcard, user, wildcard,  CYNARA_ADMIN_DENY, extra);
+        expPolicies.add(subBucket, client,   user, privilege, CYNARA_ADMIN_DENY, extra);
+        admin.listPolicies(subBucket, any, any, any, expPolicies);
+    }
+}
+
+void tc27_admin_erase_recursive_linked_buckets_func()
+{
+    const char *bucket = "bucket27";
+    const char *subBucket = "sub_bucket27";
+    const char *client = "client27";
+    const char *user = "user27";
+    const char *privilege = "privilege27";
+    const char *wildcard = CYNARA_ADMIN_WILDCARD;
+    const char *any = CYNARA_ADMIN_ANY;
+    const char *extra = nullptr;
+    int recursive = 1;
+
+    Admin admin;
+    admin.setBucket(bucket, CYNARA_ADMIN_ALLOW, extra);
+    admin.setBucket(subBucket, CYNARA_ADMIN_ALLOW, extra);
+
+    {
+        CynaraPoliciesContainer cp;
+        cp.add(bucket, wildcard, wildcard, wildcard, CYNARA_ADMIN_BUCKET, subBucket);
+
+        cp.add(bucket, client,   user, wildcard,  CYNARA_ADMIN_DENY, extra);
+        cp.add(bucket, wildcard, user, wildcard,  CYNARA_ADMIN_DENY, extra);
+        cp.add(bucket, client,   user, privilege, CYNARA_ADMIN_DENY, extra);
+
+        cp.add(subBucket, client,   user, wildcard,  CYNARA_ADMIN_DENY, extra);
+        cp.add(subBucket, wildcard, user, wildcard,  CYNARA_ADMIN_DENY, extra);
+        cp.add(subBucket, client,   user, privilege, CYNARA_ADMIN_DENY, extra);
+        admin.setPolicies(cp);
+    }
+
+    admin.erasePolicies(bucket, recursive, any, user, wildcard);
+
+    {
+        CynaraPoliciesContainer expPolicies;
+        expPolicies.add(bucket, client,   user,     privilege, CYNARA_ADMIN_DENY, extra);
+        expPolicies.add(bucket, wildcard, wildcard, wildcard,  CYNARA_ADMIN_BUCKET, subBucket);
+        admin.listPolicies(bucket, any, any, any, expPolicies);
+    }
+    {
+        CynaraPoliciesContainer expPolicies;
+        expPolicies.add(subBucket, client, user, privilege, CYNARA_ADMIN_DENY, extra);
+        admin.listPolicies(subBucket, any, any, any, expPolicies);
+    }
+}
+
+void tc28_admin_erase_non_recursive_linked_buckets_func()
+{
+    const char *bucket = "bucket28";
+    const char *subBucket = "sub_bucket28";
+    const char *client = "client28";
+    const char *user = "user28";
+    const char *privilege = "privilege28";
+    const char *wildcard = CYNARA_ADMIN_WILDCARD;
+    const char *any = CYNARA_ADMIN_ANY;
+    const char *extra = nullptr;
+    int recursive = 0;
+
+    Admin admin;
+    admin.setBucket(bucket, CYNARA_ADMIN_ALLOW, extra);
+    admin.setBucket(subBucket, CYNARA_ADMIN_ALLOW, extra);
+
+    {
+        CynaraPoliciesContainer cp;
+        cp.add(bucket, wildcard, wildcard, wildcard, CYNARA_ADMIN_BUCKET, subBucket);
+
+        cp.add(bucket, client,   user, wildcard,  CYNARA_ADMIN_DENY, extra);
+        cp.add(bucket, wildcard, user, wildcard,  CYNARA_ADMIN_DENY, extra);
+        cp.add(bucket, client,   user, privilege, CYNARA_ADMIN_DENY, extra);
+
+        cp.add(subBucket, client,   user, wildcard,  CYNARA_ADMIN_DENY, extra);
+        cp.add(subBucket, wildcard, user, wildcard,  CYNARA_ADMIN_DENY, extra);
+        cp.add(subBucket, client,   user, privilege, CYNARA_ADMIN_DENY, extra);
+        admin.setPolicies(cp);
+    }
+
+    admin.erasePolicies(bucket, recursive, any, user, wildcard);
+
+    {
+        CynaraPoliciesContainer expPolicies;
+        expPolicies.add(bucket, client,   user,     privilege, CYNARA_ADMIN_DENY, extra);
+        expPolicies.add(bucket, wildcard, wildcard, wildcard,  CYNARA_ADMIN_BUCKET, subBucket);
+        admin.listPolicies(bucket, any, any, any, expPolicies);
+    }
+    {
+        CynaraPoliciesContainer expPolicies;
+        expPolicies.add(subBucket, client,   user, wildcard,  CYNARA_ADMIN_DENY, extra);
+        expPolicies.add(subBucket, wildcard, user, wildcard,  CYNARA_ADMIN_DENY, extra);
+        expPolicies.add(subBucket, client,   user, privilege, CYNARA_ADMIN_DENY, extra);
+        admin.listPolicies(subBucket, any, any, any, expPolicies);
+    }
+}
+
+void tc29_admin_erase_recursive_from_sub_bucket_func()
+{
+    const char *bucket = "bucket29";
+    const char *subBucket = "sub_bucket29";
+    const char *client = "client29";
+    const char *user = "user29";
+    const char *privilege = "privilege29";
+    const char *wildcard = CYNARA_ADMIN_WILDCARD;
+    const char *any = CYNARA_ADMIN_ANY;
+    const char *extra = nullptr;
+    int recursive = 1;
+
+    Admin admin;
+    admin.setBucket(bucket, CYNARA_ADMIN_ALLOW, extra);
+    admin.setBucket(subBucket, CYNARA_ADMIN_ALLOW, extra);
+
+    {
+        CynaraPoliciesContainer cp;
+        cp.add(bucket, wildcard, wildcard, wildcard, CYNARA_ADMIN_BUCKET, subBucket);
+
+        cp.add(bucket, client,   user, wildcard,  CYNARA_ADMIN_DENY, extra);
+        cp.add(bucket, wildcard, user, wildcard,  CYNARA_ADMIN_DENY, extra);
+        cp.add(bucket, client,   user, privilege, CYNARA_ADMIN_DENY, extra);
+
+        cp.add(subBucket, client,   user, wildcard,  CYNARA_ADMIN_DENY, extra);
+        cp.add(subBucket, wildcard, user, wildcard,  CYNARA_ADMIN_DENY, extra);
+        cp.add(subBucket, client,   user, privilege, CYNARA_ADMIN_DENY, extra);
+        admin.setPolicies(cp);
+    }
+
+    admin.erasePolicies(subBucket, recursive, any, user, wildcard);
+
+    {
+        CynaraPoliciesContainer expPolicies;
+        expPolicies.add(bucket, wildcard, wildcard, wildcard, CYNARA_ADMIN_BUCKET, subBucket);
+        expPolicies.add(bucket, client,   user, wildcard,  CYNARA_ADMIN_DENY, extra);
+        expPolicies.add(bucket, wildcard, user, wildcard,  CYNARA_ADMIN_DENY, extra);
+        expPolicies.add(bucket, client,   user, privilege, CYNARA_ADMIN_DENY, extra);
+        admin.listPolicies(bucket, any, any, any, expPolicies);
+    }
+    {
+        CynaraPoliciesContainer expPolicies;
+        expPolicies.add(subBucket, client, user, privilege, CYNARA_ADMIN_DENY, extra);
+        admin.listPolicies(subBucket, any, any, any, expPolicies);
+    }
+}
+
 RUNNER_TEST_GROUP_INIT(cynara_tests)
 
 RUN_CYNARA_TEST(tc01_cynara_initialize)
@@ -981,3 +1286,10 @@ RUN_CYNARA_TEST(tc19_admin_check_none_bucket)
 RUN_CYNARA_TEST(tc20_admin_list_empty_bucket)
 RUN_CYNARA_TEST(tc21_admin_list_no_bucket)
 RUN_CYNARA_TEST(tc22_admin_list_bucket)
+RUN_CYNARA_TEST(tc23_admin_erase_empty_bucket)
+RUN_CYNARA_TEST(tc24_admin_erase_no_bucket)
+RUN_CYNARA_TEST(tc25_admin_erase_single_bucket)
+RUN_CYNARA_TEST(tc26_admin_erase_recursive_not_linked_buckets)
+RUN_CYNARA_TEST(tc27_admin_erase_recursive_linked_buckets)
+RUN_CYNARA_TEST(tc28_admin_erase_non_recursive_linked_buckets)
+RUN_CYNARA_TEST(tc29_admin_erase_recursive_from_sub_bucket)