const char *privilege = "privilege04";
const int resultAllow = CYNARA_ADMIN_ALLOW;
const int resultBucket = CYNARA_ADMIN_BUCKET;
- const int resultNone = CYNARA_ADMIN_NONE;
const char *resultExtra = nullptr;
checkInvalidPolicy(admin, nullptr, client, user, privilege, resultAllow, resultExtra);
checkInvalidPolicy(admin, bucket, client, user, nullptr, resultAllow, resultExtra);
checkInvalidPolicy(admin, bucket, client, user, privilege, INT_MAX, resultExtra);
checkInvalidPolicy(admin, bucket, client, user, privilege, resultBucket, nullptr );
- checkInvalidPolicy(admin, bucket, client, user, privilege, resultNone, resultExtra);
}
void tc05_admin_set_bucket_invalid_params_func()
const char *bucket = CYNARA_ADMIN_DEFAULT_BUCKET;
const int operationAllow = CYNARA_ADMIN_ALLOW;
const int operationDelete = CYNARA_ADMIN_DELETE;
- const int operationNone = CYNARA_ADMIN_NONE;
const char *extra = nullptr;
admin.setBucket(nullptr, operationAllow, extra, CYNARA_ADMIN_API_INVALID_PARAM);
admin.setBucket(bucket, INT_MAX, extra, CYNARA_ADMIN_API_INVALID_PARAM);
admin.setBucket(bucket, operationDelete, extra, CYNARA_ADMIN_API_OPERATION_NOT_ALLOWED);
- admin.setBucket(bucket, operationNone, extra, CYNARA_ADMIN_API_OPERATION_NOT_ALLOWED);
}
void tc06_cynara_check_empty_admin1_func()
admin.setBucket(bucket, CYNARA_ADMIN_ALLOW, extra);
- cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_ALLOWED);
+ cynara.check(client, session, user, privilege, CYNARA_API_SUCCESS);
admin.setBucket(bucket, CYNARA_ADMIN_DENY, extra);
cp.add(bucket, data[0][0], data[0][1], data[0][2], resultAllow, resultExtra);
admin.setPolicies(cp);
}
- cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_ALLOWED);
+ cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_SUCCESS);
cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED);
// allow second policy
cp.add(bucket, data[1][0], data[1][1], data[1][2], resultAllow, resultExtra);
admin.setPolicies(cp);
}
- cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_ALLOWED);
- cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_ALLOWED);
+ cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_SUCCESS);
+ cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_SUCCESS);
// delete first policy
{
admin.setPolicies(cp);
}
cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_DENIED);
- cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_ALLOWED);
+ cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_SUCCESS);
// delete second policy
{
cp.add(bucket, data[0][0], data[0][1], data[0][2], resultAllow, resultExtra);
admin.setPolicies(cp);
}
- cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_ALLOWED);
+ cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_SUCCESS);
cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED);
// delete first, allow second policy
admin.setPolicies(cp);
}
cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_DENIED);
- cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_ALLOWED);
+ cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_SUCCESS);
// delete second policy
{
cp.add(bucket, data[1][0], data[1][1], data[1][2], resultAllow, resultExtra);
admin.setPolicies(cp);
}
- cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_ALLOWED);
- cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_ALLOWED);
+ cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_SUCCESS);
+ cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_SUCCESS);
// delete first and second policy
{
if ((u == 0 && p == 0)
|| (c == 1 && p == 1)
|| (c == 2 && u == 2)) {
- cynara.check(data[c][0], session, data[u][1], data[p][2], CYNARA_API_ACCESS_ALLOWED);
+ cynara.check(data[c][0], session, data[u][1], data[p][2], CYNARA_API_SUCCESS);
} else {
cynara.check(data[c][0], session, data[u][1], data[p][2], CYNARA_API_ACCESS_DENIED);
}
admin.setPolicies(cp);
}
- cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_ALLOWED);
+ cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_SUCCESS);
cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED);
admin.setBucket(bucket, CYNARA_ADMIN_DENY, extra);
admin.setBucket(bucket, CYNARA_ADMIN_ALLOW, extra);
- cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_ALLOWED);
+ cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_SUCCESS);
cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED);
{
CYNARA_ADMIN_BUCKET, bucket);
admin.setPolicies(cp);
}
- cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_ALLOWED);
+ cynara.check(client, session, user, privilege, CYNARA_API_SUCCESS);
admin.setBucket(bucket, CYNARA_ADMIN_DELETE, extra);
cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_DENIED);
CYNARA_ADMIN_ALLOW, extraResult);
admin.setPolicies(cp);
}
- cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_ALLOWED);
+ cynara.check(client, session, user, privilege, CYNARA_API_SUCCESS);
admin.setBucket(bucket, CYNARA_ADMIN_DELETE, extra);
cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_DENIED);
CynaraTestClient cynara;
cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_DENIED);
}
-}
-
-void tc15_admin_set_bucket_admin_none1_func()
-{
- CynaraTestAdmin admin;
- CynaraTestClient cynara;
-
- const char *bucketDefault = CYNARA_ADMIN_DEFAULT_BUCKET;
- const char *bucket = "bucket15_1";
- const char *client = "client15_1";
- const char *session = "session15_1";
- const char *user = "user15_1";
- const char *privilege = "privilege15_1";
- const char *extra = nullptr;
- const char *extraResult = nullptr;
-
- admin.setBucket(bucket, CYNARA_ADMIN_NONE, extra);
-
- {
- CynaraPoliciesContainer cp;
- cp.add(bucketDefault,
- client, user, privilege,
- CYNARA_ADMIN_BUCKET, bucket);
- cp.add(bucket,
- client, user, privilege,
- CYNARA_ADMIN_ALLOW, extraResult);
- admin.setPolicies(cp);
- }
- cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_ALLOWED);
-}
-
-void tc15_admin_set_bucket_admin_none2_func()
-{
- CynaraTestAdmin admin;
- CynaraTestClient cynara;
-
- const char *bucketDefault = CYNARA_ADMIN_DEFAULT_BUCKET;
- const char *bucket = "bucket15_2";
- const char *client = "client15_2";
- const char *session = "session15_2";
- const char *user = "user15_2";
- const char *privilege = "privilege15_2";
- const char *extra = nullptr;
-
- admin.setBucket(bucket, CYNARA_ADMIN_NONE, extra);
-
- {
- CynaraPoliciesContainer cp;
- cp.add(bucketDefault,
- client, user, privilege,
- CYNARA_ADMIN_BUCKET, bucket);
- admin.setPolicies(cp);
- }
- cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_DENIED);
-}
-
-void tc15_admin_set_bucket_admin_none3_func()
-{
- CynaraTestAdmin admin;
- CynaraTestClient cynara;
-
- const char *bucketDefault = CYNARA_ADMIN_DEFAULT_BUCKET;
- const char *bucket = "bucket15_3";
- const char *client = "client15_3";
- const char *session = "session15_3";
- const char *user = "user15_3";
- const char *privilege = "privilege15_3";
- const char *extra = nullptr;
- const char *extraResult = nullptr;
-
- admin.setBucket(bucket, CYNARA_ADMIN_NONE, extra);
-
- {
- CynaraPoliciesContainer cp;
- cp.add(bucketDefault,
- client, user, privilege,
- CYNARA_ADMIN_BUCKET, bucket);
- cp.add(bucketDefault,
- client, user, CYNARA_ADMIN_WILDCARD,
- CYNARA_ADMIN_ALLOW, extraResult);
- admin.setPolicies(cp);
- }
- cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_ALLOWED);
-}
-
-void tc16_admin_check_single_bucket_func()
-{
- const char *bucketDefault = CYNARA_ADMIN_DEFAULT_BUCKET;
- const char *client = "client16";
- const char *user = "user16";
- const char *privilege = "privilege16";
- const char *extraResult = nullptr;
- int recursive = 1;
- int notrecursive = 0;
-
- CynaraTestAdmin admin;
-
- admin.adminCheck(bucketDefault, recursive, client, user, privilege,
- CYNARA_ADMIN_DENY, nullptr, CYNARA_ADMIN_API_SUCCESS);
- admin.adminCheck(bucketDefault, notrecursive, client, user, privilege,
- CYNARA_ADMIN_DENY, nullptr, CYNARA_ADMIN_API_SUCCESS);
-
- CynaraPoliciesContainer cp;
- cp.add(bucketDefault,
- client, user, privilege,
- CYNARA_ADMIN_ALLOW, extraResult);
- admin.setPolicies(cp);
-
- admin.adminCheck(bucketDefault, recursive, client, user, privilege,
- CYNARA_ADMIN_ALLOW, nullptr, CYNARA_ADMIN_API_SUCCESS);
- admin.adminCheck(bucketDefault, notrecursive, client, user, privilege,
- CYNARA_ADMIN_ALLOW, nullptr, CYNARA_ADMIN_API_SUCCESS);
-}
-
-void tc17_admin_check_nested_bucket_func()
-{
- const char *bucketDefault = CYNARA_ADMIN_DEFAULT_BUCKET;
- const char *bucket = "bucket17";
- const char *client = "client17";
- const char *user = "user17";
- const char *privilege = "privilege17";
- const char *extra = nullptr;
- const char *extraResult = nullptr;
- int recursive = 1;
- int notrecursive = 0;
-
- CynaraTestAdmin admin;
- admin.setBucket(bucket, CYNARA_ADMIN_DENY, extra);
-
- admin.adminCheck(bucketDefault, recursive, client, user, privilege,
- CYNARA_ADMIN_DENY, nullptr, CYNARA_ADMIN_API_SUCCESS);
- admin.adminCheck(bucketDefault, notrecursive, client, user, privilege,
- CYNARA_ADMIN_DENY, nullptr, CYNARA_ADMIN_API_SUCCESS);
- admin.adminCheck(bucket, recursive, client, user, privilege,
- CYNARA_ADMIN_DENY, nullptr, CYNARA_ADMIN_API_SUCCESS);
- admin.adminCheck(bucket, notrecursive, client, user, privilege,
- CYNARA_ADMIN_DENY, nullptr, CYNARA_ADMIN_API_SUCCESS);
-
- {
- CynaraPoliciesContainer cp;
- cp.add(bucketDefault,
- client, user, privilege,
- CYNARA_ADMIN_BUCKET, bucket);
- cp.add(bucket,
- client, user, privilege,
- CYNARA_ADMIN_ALLOW, extraResult);
- admin.setPolicies(cp);
- }
-
- admin.adminCheck(bucketDefault, recursive, client, user, privilege,
- CYNARA_ADMIN_ALLOW, nullptr, CYNARA_ADMIN_API_SUCCESS);
- admin.adminCheck(bucketDefault, notrecursive, client, user, privilege,
- CYNARA_ADMIN_DENY, nullptr, CYNARA_ADMIN_API_SUCCESS);
- admin.adminCheck(bucket, recursive, client, user, privilege,
- CYNARA_ADMIN_ALLOW, nullptr, CYNARA_ADMIN_API_SUCCESS);
- admin.adminCheck(bucket, notrecursive, client, user, privilege,
- CYNARA_ADMIN_ALLOW, nullptr, CYNARA_ADMIN_API_SUCCESS);
-}
-
-void tc18_admin_check_multiple_matches_func()
-{
- const char *bucketDefault = CYNARA_ADMIN_DEFAULT_BUCKET;
- const char *client = "client18";
- const char *user = "user18";
- const char *privilege = "privilege18";
- const char *wildcard = CYNARA_ADMIN_WILDCARD;
- const char *extra = nullptr;
- const char *extraResult = nullptr;
- int recursive = 1;
- int notrecursive = 0;
-
- CynaraTestAdmin admin;
-
- auto check = [&](int expected_result)
- {
- admin.adminCheck(bucketDefault, recursive, client, user, privilege,
- expected_result, nullptr, CYNARA_ADMIN_API_SUCCESS);
- admin.adminCheck(bucketDefault, notrecursive, client, user, privilege,
- expected_result, nullptr, CYNARA_ADMIN_API_SUCCESS);
- };
-
- check(CYNARA_ADMIN_DENY);
-
- {
- CynaraPoliciesContainer cp;
- cp.add(bucketDefault,
- client, user, privilege,
- CYNARA_ADMIN_ALLOW, extraResult);
- admin.setPolicies(cp);
- }
-
- check(CYNARA_ADMIN_ALLOW);
-
- {
- CynaraPoliciesContainer cp;
- cp.add(bucketDefault,
- wildcard, user, privilege,
- CYNARA_ADMIN_DENY, extraResult);
- admin.setPolicies(cp);
- }
-
- check(CYNARA_ADMIN_DENY);
-
- admin.setBucket(bucketDefault, CYNARA_ADMIN_ALLOW, extra);
-
- check(CYNARA_ADMIN_DENY);
-
- {
- CynaraPoliciesContainer cp;
- cp.add(bucketDefault,
- client, user, privilege,
- CYNARA_ADMIN_DELETE, extraResult);
- admin.setPolicies(cp);
- }
-
- check(CYNARA_ADMIN_DENY);
-
- {
- CynaraPoliciesContainer cp;
- cp.add(bucketDefault,
- wildcard, user, privilege,
- CYNARA_ADMIN_DELETE, extraResult);
- admin.setPolicies(cp);
- }
-
- check(CYNARA_ADMIN_ALLOW);
-}
-
-void tc19_admin_check_none_bucket_func()
-{
- const char *bucketDefault = CYNARA_ADMIN_DEFAULT_BUCKET;
- const char *bucket1 = "bucket19_a";
- const char *bucket2 = "bucket19_b";
- const char *client = "client19";
- const char *user = "user19";
- const char *privilege = "privilege19";
- const char *extra = nullptr;
- int recursive = 1;
- int notrecursive = 0;
-
- CynaraTestAdmin admin;
- admin.setBucket(bucket1, CYNARA_ADMIN_NONE, extra);
- admin.setBucket(bucket2, CYNARA_ADMIN_ALLOW, extra);
-
- admin.adminCheck(bucketDefault, recursive, client, user, privilege,
- CYNARA_ADMIN_DENY, nullptr, CYNARA_ADMIN_API_SUCCESS);
- admin.adminCheck(bucketDefault, notrecursive, client, user, privilege,
- CYNARA_ADMIN_DENY, nullptr, CYNARA_ADMIN_API_SUCCESS);
- admin.adminCheck(bucket1, recursive, client, user, privilege,
- CYNARA_ADMIN_NONE, nullptr, CYNARA_ADMIN_API_SUCCESS);
- admin.adminCheck(bucket1, notrecursive, client, user, privilege,
- CYNARA_ADMIN_NONE, nullptr, CYNARA_ADMIN_API_SUCCESS);
- admin.adminCheck(bucket2, recursive, client, user, privilege,
- CYNARA_ADMIN_ALLOW, nullptr, CYNARA_ADMIN_API_SUCCESS);
- admin.adminCheck(bucket2, notrecursive, client, user, privilege,
- CYNARA_ADMIN_ALLOW, nullptr, CYNARA_ADMIN_API_SUCCESS);
-
- {
- CynaraPoliciesContainer cp;
- cp.add(bucketDefault,
- client, user, privilege,
- CYNARA_ADMIN_BUCKET, bucket1);
- cp.add(bucket1,
- client, user, privilege,
- CYNARA_ADMIN_BUCKET, bucket2);
- admin.setPolicies(cp);
- }
- admin.adminCheck(bucketDefault, recursive, client, user, privilege,
- CYNARA_ADMIN_ALLOW, nullptr, CYNARA_ADMIN_API_SUCCESS);
- admin.adminCheck(bucketDefault, notrecursive, client, user, privilege,
- CYNARA_ADMIN_DENY, nullptr, CYNARA_ADMIN_API_SUCCESS);
- admin.adminCheck(bucket1, recursive, client, user, privilege,
- CYNARA_ADMIN_ALLOW, nullptr, CYNARA_ADMIN_API_SUCCESS);
- admin.adminCheck(bucket1, notrecursive, client, user, privilege,
- CYNARA_ADMIN_NONE, nullptr, CYNARA_ADMIN_API_SUCCESS);
- admin.adminCheck(bucket2, recursive, client, user, privilege,
- CYNARA_ADMIN_ALLOW, nullptr, CYNARA_ADMIN_API_SUCCESS);
- admin.adminCheck(bucket2, notrecursive, client, user, privilege,
- CYNARA_ADMIN_ALLOW, nullptr, CYNARA_ADMIN_API_SUCCESS);
}
RUNNER_TEST_GROUP_INIT(cynara_tests)
RUN_CYNARA_TEST(tc12_admin_delete_bucket_with_policies_pointing_to_it)
RUN_CYNARA_TEST(tc13_admin_set_policies_to_extra_bucket)
RUN_CYNARA_TEST(tc14_admin_set_policies_integrity)
-RUN_CYNARA_TEST(tc15_admin_set_bucket_admin_none1)
-RUN_CYNARA_TEST(tc15_admin_set_bucket_admin_none2)
-RUN_CYNARA_TEST(tc15_admin_set_bucket_admin_none3)
-RUN_CYNARA_TEST(tc16_admin_check_single_bucket)
-RUN_CYNARA_TEST(tc17_admin_check_nested_bucket)
-RUN_CYNARA_TEST(tc18_admin_check_multiple_matches)
-RUN_CYNARA_TEST(tc19_admin_check_none_bucket)
projects / platform / core / test / security-tests.git / commitdiff