namespace Cynara {
PolicyBucket PolicyBucket::filtered(const PolicyKey &key) const {
- PolicyBucket result;
+ PolicyBucket result(m_id + "_filtered");
const auto &policies = m_policyCollection;
const auto variants = PolicyKeyHelpers::keyVariants(key);
typedef const_policy_iterator const_iterator;
// TODO: Review usefulness of ctors
- PolicyBucket() : m_defaultPolicy(PredefinedPolicyType::DENY) {}
- PolicyBucket(const PolicyBucketId &id, const PolicyResult &defaultPolicy)
- : m_defaultPolicy(defaultPolicy), m_id(id) {}
- PolicyBucket(const PolicyCollection &policies)
+ //delete default constructor in order to prevent creation of buckets with no id
+ PolicyBucket() = delete;
+ PolicyBucket(const PolicyBucketId &id,
+ const PolicyResult &defaultPolicy = PredefinedPolicyType::DENY)
+ : m_defaultPolicy(defaultPolicy),
+ m_id(id) {}
+ PolicyBucket(const PolicyBucketId &id,
+ const PolicyCollection &policies)
: m_policyCollection(makePolicyMap(policies)),
- m_defaultPolicy(PredefinedPolicyType::DENY) {}
+ m_defaultPolicy(PredefinedPolicyType::DENY),
+ m_id(id) {}
PolicyBucket(const PolicyBucketId &id,
const PolicyResult &defaultPolicy,
const PolicyCollection &policies)
if (!hasBucket(defaultPolicyBucketId)) {
LOGN("Creating defaultBucket.");
- this->buckets().insert({ defaultPolicyBucketId, PolicyBucket() });
+ this->buckets().insert({ defaultPolicyBucketId, PolicyBucket(defaultPolicyBucketId) });
}
}
auto policyType = parsePolicyType(line, beginToken);
auto metadata = parseMetadata(line, beginToken);
- buckets[bucketId] = PolicyBucket(bucketId, PolicyResult(policyType, metadata));
+ //it's safe to simply insert; buckets were cleared earlier, all ids should be unique
+ buckets.insert({ bucketId, PolicyBucket(bucketId, PolicyResult(policyType, metadata)) });
}
}
TEST_F(PolicyBucketFixture, filtered) {
using ::testing::UnorderedElementsAre;
- PolicyBucket bucket(pkPolicies);
+ PolicyBucket bucket("filtered", pkPolicies);
bucket.setDefaultPolicy(PredefinedPolicyType::DENY);
auto filtered = bucket.filtered(pk1);
TEST_F(PolicyBucketFixture, filtered_other) {
using ::testing::IsEmpty;
- PolicyBucket bucket(pkPolicies);
+ PolicyBucket bucket("filtered_other", pkPolicies);
bucket.setDefaultPolicy(PredefinedPolicyType::DENY);
auto filtered = bucket.filtered(otherPk);
// Leave policies with given client, given user and any privilege
auto policiesToStay = Helpers::pickFromCollection(wildcardPolicies, { 0, 1, 3 });
- PolicyBucket bucket(wildcardPolicies);
+ PolicyBucket bucket("filtered_wildcard_1", wildcardPolicies);
auto filtered = bucket.filtered(PolicyKey("c1", "u1", "p2"));
ASSERT_THAT(filtered, UnorderedElementsAreArray(policiesToStay));
}
// Leave policies with given client, given user and any privilege
auto policiesToStay = Helpers::pickFromCollection(wildcardPolicies, { 2, 3 });
- PolicyBucket bucket(wildcardPolicies);
+ PolicyBucket bucket("filtered_wildcard_2", wildcardPolicies);
auto filtered = bucket.filtered(PolicyKey("cccc", "u1", "p1"));
ASSERT_THAT(filtered, UnorderedElementsAreArray(policiesToStay));
// Leave policies with given client, given user and any privilege
auto policiesToStay = Helpers::pickFromCollection(wildcardPolicies, { 0, 3 });
- PolicyBucket bucket(wildcardPolicies);
+ PolicyBucket bucket("filtered_wildcard_3", wildcardPolicies);
auto filtered = bucket.filtered(PolicyKey("c1", "u1", "pppp"));
ASSERT_THAT(filtered, UnorderedElementsAreArray(policiesToStay));
}
// Leave policies with given client, given user and any privilege
auto policiesToStay = Helpers::pickFromCollection(wildcardPolicies, { 3 });
- PolicyBucket bucket(wildcardPolicies);
+ PolicyBucket bucket("filtered_wildcard_4", wildcardPolicies);
auto filtered = bucket.filtered(PolicyKey("cccc", "uuuu", "pppp"));
ASSERT_THAT(filtered, UnorderedElementsAreArray(policiesToStay));
}
TEST_F(PolicyBucketFixture, filtered_wildcard_none) {
using ::testing::IsEmpty;
- PolicyBucket bucket({ wildcardPolicies.begin(), wildcardPolicies.begin() + 3 });
+ PolicyBucket bucket("filtered_wildcard_none",
+ PolicyCollection({ wildcardPolicies.begin(),
+ wildcardPolicies.begin() + 3 }));
auto filtered = bucket.filtered(PolicyKey("cccc", "uuuu", "pppp"));
ASSERT_THAT(filtered, IsEmpty());
}
.WillRepeatedly(ReturnRef(m_buckets));
PolicyBucketId bucketId = "delete-bucket";
- m_buckets.insert({ bucketId, PolicyBucket() });
+ m_buckets.insert({ bucketId, PolicyBucket(bucketId) });
backend.deleteBucket(bucketId);
.WillRepeatedly(ReturnRef(m_buckets));
PolicyBucketId bucketId = "bucket";
- m_buckets.insert({ bucketId, PolicyBucket() });
+ m_buckets.insert({ bucketId, PolicyBucket(bucketId) });
ASSERT_TRUE(backend.hasBucket(bucketId));
ASSERT_FALSE(backend.hasBucket("non-existent"));
protected:
Cynara::Buckets::mapped_type &
createBucket(const Cynara::PolicyBucketId &bucketId) {
- auto bucket = Cynara::PolicyBucket();
+ auto bucket = Cynara::PolicyBucket(bucketId);
return m_buckets.insert({ bucketId, bucket }).first->second;
}
Cynara::Buckets::mapped_type &
createBucket(const Cynara::PolicyBucketId &bucketId, const Cynara::PolicyCollection &policies) {
- auto bucket = Cynara::PolicyBucket(policies);
+ auto bucket = Cynara::PolicyBucket(bucketId, policies);
return m_buckets.insert({ bucketId, bucket }).first->second;
}
void addToBucket(Cynara::PolicyBucketId bucketId, const Cynara::PolicyCollection &policies) {
// TODO: Consider altering PolicyMap directly
for (const auto &policy : policies) {
- m_buckets[bucketId].insertPolicy(policy);
+ m_buckets.at(bucketId).insertPolicy(policy);
}
}
TEST(Performance, bucket_filtered_100000) {
using std::chrono::microseconds;
- PolicyBucket bucket;
+ PolicyBucket bucket("test");
PolicyKeyGenerator generator(100, 10);
TEST(serializer_dump, dump_empty_bucket) {
auto oss = std::make_shared<std::ostringstream>();
- PolicyBucket bucket;
+ PolicyBucket bucket("empty");
StorageSerializer serializer(oss);
serializer.dump(bucket);
PolicyKey pk1 = Helpers::generatePolicyKey("1");
PolicyKey pk2 = Helpers::generatePolicyKey("2");
- PolicyBucket bucket = {{ Policy::simpleWithKey(pk1, ALLOW),
- Policy::simpleWithKey(pk2, DENY) }};
+ PolicyBucket bucket("dump_bucket", PolicyCollection({ Policy::simpleWithKey(pk1, ALLOW),
+ Policy::simpleWithKey(pk2, DENY) }));
auto outStream = std::make_shared<std::stringstream>();
StorageSerializer serializer(outStream);
PolicyKey pk3 = Helpers::generatePolicyKey("3");
PolicyBucketId bucketId = Helpers::generateBucketId();
- PolicyBucket bucket = {{ Policy::bucketWithKey(pk1, bucketId),
- Policy::simpleWithKey(pk2, DENY),
- Policy::bucketWithKey(pk3, bucketId) }};
+ PolicyBucket bucket = {"dump_bucket_bucket", { Policy::bucketWithKey(pk1, bucketId),
+ Policy::simpleWithKey(pk2, DENY),
+ Policy::bucketWithKey(pk3, bucketId) }};
auto outStream = std::make_shared<std::stringstream>();
StorageSerializer serializer(outStream);
PolicyKey pk2 = Helpers::generatePolicyKey("2");
PolicyKey pk3 = Helpers::generatePolicyKey("3");
PolicyBucketId bucketId = Helpers::generateBucketId();
- PolicyBucket bucket = {{ Policy::bucketWithKey(pk1, bucketId),
- Policy::simpleWithKey(pk2, PredefinedPolicyType::DENY),
- Policy::bucketWithKey(pk3, bucketId) }};
+ PolicyBucket bucket = {"bucket", { Policy::bucketWithKey(pk1, bucketId),
+ Policy::simpleWithKey(pk2, PredefinedPolicyType::DENY),
+ Policy::bucketWithKey(pk3, bucketId) }};
auto ioStream = std::make_shared<std::stringstream>();
TEST(storage, checkEmpty) {
using ::testing::ReturnPointee;
- PolicyBucket emptyBucket;
+ PolicyBucket emptyBucket("empty");
FakeStorageBackend backend;
Cynara::Storage storage(backend);
TEST(storage, checkSimple) {
using ::testing::ReturnPointee;
- PolicyBucket bucket;
+ PolicyBucket bucket(defaultPolicyBucketId);
FakeStorageBackend backend;
Cynara::Storage storage(backend);
Cynara::Storage storage(backend);
PolicyKey pk = Helpers::generatePolicyKey();
- PolicyBucket defaultBucket(PolicyCollection({
+ PolicyBucket defaultBucket(defaultPolicyBucketId, PolicyCollection({
Policy::simpleWithKey(pk, PredefinedPolicyType::ALLOW),
Policy::bucketWithKey(pk, additionalBucketId)
}));
- PolicyBucket additionalBucket;
+ PolicyBucket additionalBucket("additional");
EXPECT_CALL(backend, searchBucket(defaultPolicyBucketId, pk))
.WillRepeatedly(ReturnPointee(&defaultBucket));
const PolicyKey defaultBucketKey = PolicyKey("c", "*", "p");
const PolicyKey checkKey = PolicyKey("c", "u1", "p");
- PolicyBucket defaultBucket(PolicyCollection({
+ PolicyBucket defaultBucket(defaultPolicyBucketId, PolicyCollection({
Policy::bucketWithKey(defaultBucketKey, additionalBucketId)
}));
// Check, if next bucket is filtered with original key
EXPECT_CALL(backend, searchBucket(additionalBucketId, checkKey))
- .WillRepeatedly(Return(PolicyBucket())); // additional bucket would yield no records
+ .WillRepeatedly(Return(PolicyBucket("id"))); // additional bucket would yield no records
// Should return additional bucket's default policy
ASSERT_EQ(PredefinedPolicyType::DENY, storage.checkPolicy(checkKey));
const PolicyKey defaultBucketKey = PolicyKey("c", "*", "p");
const PolicyKey checkKey = PolicyKey("c", "u1", "p");
- PolicyBucket defaultBucket(PolicyCollection({
+ PolicyBucket defaultBucket(defaultPolicyBucketId, PolicyCollection({
Policy::bucketWithKey(defaultBucketKey, additionalBucketId)
}));
projects / platform / core / security / cynara.git / commitdiff