typedef PolicyCollection::value_type value_type;
typedef const_policy_iterator const_iterator;
+ // TODO: Review usefulness of ctors
PolicyBucket() : m_defaultPolicy(PredefinedPolicyType::DENY) {}
PolicyBucket(const PolicyBucketId &id, const PolicyResult &defaultPolicy)
: m_defaultPolicy(defaultPolicy), m_id(id) {}
PolicyBucket(const PolicyCollection &policies)
: m_policyCollection(makePolicyMap(policies)),
m_defaultPolicy(PredefinedPolicyType::DENY) {}
+ PolicyBucket(const PolicyBucketId &id,
+ const PolicyResult &defaultPolicy,
+ const PolicyCollection &policies)
+ : m_policyCollection(makePolicyMap(policies)),
+ m_defaultPolicy(defaultPolicy),
+ m_id(id) {}
PolicyBucket filtered(const PolicyKey &key) const;
void insertPolicy(PolicyPtr policy);
namespace Cynara {
-PolicyResult Storage::checkPolicy(const PolicyKey &key) {
- auto policies = m_backend.searchDefaultBucket(key);
- return minimalPolicy(policies, key);
+PolicyResult Storage::checkPolicy(const PolicyKey &key,
+ const PolicyBucketId &startBucketId /*= defaultPolicyBucketId*/,
+ bool recursive /*= true*/) {
+ auto policies = m_backend.searchBucket(startBucketId, key);
+ return minimalPolicy(policies, key, recursive);
};
-PolicyResult Storage::minimalPolicy(const PolicyBucket &bucket, const PolicyKey &key) {
+PolicyResult Storage::minimalPolicy(const PolicyBucket &bucket, const PolicyKey &key,
+ bool recursive) {
bool hasMinimal = false;
PolicyResult minimal = bucket.defaultPolicy();
case PredefinedPolicyType::DENY:
return policyResult; // Do not expect lower value than DENY
case PredefinedPolicyType::BUCKET: {
- auto bucketResults = m_backend.searchBucket(policyResult.metadata(), key);
- auto minimumOfBucket = minimalPolicy(bucketResults, key);
- proposeMinimal(minimumOfBucket);
+ if (recursive == true) {
+ auto bucketResults = m_backend.searchBucket(policyResult.metadata(), key);
+ auto minimumOfBucket = minimalPolicy(bucketResults, key, true);
+ proposeMinimal(minimumOfBucket);
+ }
continue;
}
case PredefinedPolicyType::ALLOW:
public:
Storage(StorageBackend &backend) : m_backend(backend) {}
- PolicyResult checkPolicy(const PolicyKey &key);
+ PolicyResult checkPolicy(const PolicyKey &key,
+ const PolicyBucketId &startBucketId = defaultPolicyBucketId,
+ bool recursive = true);
void insertPolicies(const std::map<PolicyBucketId, std::vector<Policy>> &policiesByBucketId);
void deletePolicies(const std::map<PolicyBucketId, std::vector<PolicyKey>> &keysByBucketId);
void save(void);
protected:
- PolicyResult minimalPolicy(const PolicyBucket &bucket, const PolicyKey &key);
+ PolicyResult minimalPolicy(const PolicyBucket &bucket, const PolicyKey &key, bool recursive);
private:
StorageBackend &m_backend; // backend strategy
public:
virtual ~StorageBackend() {}
+ // TODO: Remove searchDefaultBucket()
virtual PolicyBucket searchDefaultBucket(const PolicyKey &key) = 0;
virtual PolicyBucket searchBucket(const PolicyBucketId &bucket, const PolicyKey &key) = 0;
Cynara::Storage storage(backend);
PolicyKey pk = Helpers::generatePolicyKey();
- EXPECT_CALL(backend, searchDefaultBucket(pk))
+ EXPECT_CALL(backend, searchBucket(defaultPolicyBucketId, pk))
.WillOnce(ReturnPointee(&emptyBucket));
// Default bucket empty -- return DENY
Cynara::Storage storage(backend);
PolicyKey pk = Helpers::generatePolicyKey();
- EXPECT_CALL(backend, searchDefaultBucket(pk))
+ EXPECT_CALL(backend, searchBucket(defaultPolicyBucketId, pk))
.WillRepeatedly(ReturnPointee(&bucket));
// Default bucket empty -- return DENY
ASSERT_EQ(PredefinedPolicyType::DENY, storage.checkPolicy(pk).policyType());
}
+// TODO: Refactorize to resemble checkNonrecursive()
TEST(storage, checkBucket) {
using ::testing::ReturnPointee;
PolicyBucket additionalBucket;
- EXPECT_CALL(backend, searchDefaultBucket(pk))
- .WillRepeatedly(ReturnPointee(&defaultBucket));
-
EXPECT_CALL(backend, searchBucket(defaultPolicyBucketId, pk))
.WillRepeatedly(ReturnPointee(&defaultBucket));
FakeStorageBackend backend;
Cynara::Storage storage(backend);
- EXPECT_CALL(backend, searchDefaultBucket(checkKey))
- .WillRepeatedly(ReturnPointee(&defaultBucket));
-
EXPECT_CALL(backend, searchBucket(defaultPolicyBucketId, checkKey))
.WillRepeatedly(ReturnPointee(&defaultBucket));
FakeStorageBackend backend;
Cynara::Storage storage(backend);
- EXPECT_CALL(backend, searchDefaultBucket(checkKey))
- .WillRepeatedly(ReturnPointee(&defaultBucket));
-
EXPECT_CALL(backend, searchBucket(defaultPolicyBucketId, checkKey))
.WillRepeatedly(ReturnPointee(&defaultBucket));
// Should return additional bucket's default policy
ASSERT_EQ(PredefinedPolicyType::ALLOW, storage.checkPolicy(checkKey));
}
+
+TEST(storage, checkNonrecursive) {
+ using ::testing::ReturnPointee;
+
+ PolicyKey pk = Helpers::generatePolicyKey();
+ PolicyBucketId bucketId = "a-bucket";
+
+ PolicyBucket bucket(bucketId, PredefinedPolicyType::ALLOW,
+ { Policy::bucketWithKey(pk, "must-not-be-touched") });
+ FakeStorageBackend backend;
+
+ Cynara::Storage storage(backend);
+
+ EXPECT_CALL(backend, searchBucket(bucketId, pk))
+ .WillOnce(ReturnPointee(&bucket));
+
+ ASSERT_EQ(PredefinedPolicyType::ALLOW, storage.checkPolicy(pk, bucketId, false));
+}