From: Aleksander Zdyb Date: Fri, 12 Dec 2014 12:53:25 +0000 (+0100) Subject: Add --set-policy option to Cyad X-Git-Tag: accepted/tizen/common/20150119.084431~26 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=470d42b69949640809a7c4ca179c65968a2b475d;p=platform%2Fcore%2Fsecurity%2Fcynara.git Add --set-policy option to Cyad Change-Id: I62dedb73c9f486cc071d2f80d93721fd81a07d13 --- diff --git a/src/cyad/CommandlineParser/CyadCommand.cpp b/src/cyad/CommandlineParser/CyadCommand.cpp index 8d27cf8..8ab6934 100644 --- a/src/cyad/CommandlineParser/CyadCommand.cpp +++ b/src/cyad/CommandlineParser/CyadCommand.cpp @@ -46,4 +46,8 @@ int DeleteBucketCyadCommand::run(CommandsDispatcher &dispatcher) { return dispatcher.execute(*this); } +int SetPolicyCyadCommand::run(CommandsDispatcher &dispatcher) { + return dispatcher.execute(*this); +} + } /* namespace Cynara */ diff --git a/src/cyad/CommandlineParser/CyadCommand.h b/src/cyad/CommandlineParser/CyadCommand.h index e5d3277..2870582 100644 --- a/src/cyad/CommandlineParser/CyadCommand.h +++ b/src/cyad/CommandlineParser/CyadCommand.h @@ -26,6 +26,7 @@ #include #include +#include #include namespace Cynara { @@ -108,6 +109,34 @@ private: PolicyBucketId m_bucketId; }; +class SetPolicyCyadCommand : public CyadCommand { +public: + SetPolicyCyadCommand(const PolicyBucketId &bucketId, const PolicyResult &policyResult, + const PolicyKey &policyKey) + : m_bucketId(bucketId), m_policyResult(policyResult), m_policyKey(policyKey) {} + + virtual ~SetPolicyCyadCommand() {} + + virtual int run(CommandsDispatcher &dispatcher); + + const PolicyBucketId &bucketId(void) const { + return m_bucketId; + } + + const PolicyResult &policyResult(void) const { + return m_policyResult; + } + + const PolicyKey &policyKey(void) const { + return m_policyKey; + } + +private: + PolicyBucketId m_bucketId; + PolicyResult m_policyResult; + PolicyKey m_policyKey; +}; + } /* namespace Cynara */ #endif /* SRC_CYAD_COMMANDLINEPARSER_CYADCOMMAND_H_ */ diff --git a/src/cyad/CommandsDispatcher.cpp b/src/cyad/CommandsDispatcher.cpp index b8e256c..436e144 100644 --- a/src/cyad/CommandsDispatcher.cpp +++ b/src/cyad/CommandsDispatcher.cpp @@ -24,6 +24,7 @@ #include #include +#include #include "CommandsDispatcher.h" @@ -73,4 +74,13 @@ int CommandsDispatcher::execute(SetBucketCyadCommand &result) { policyResult.policyType(), metadata); } +int CommandsDispatcher::execute(SetPolicyCyadCommand &result) { + CynaraAdminPolicies policies; + + policies.add(result.bucketId(), result.policyResult(), result.policyKey()); + policies.seal(); + + return m_adminApiWrapper.cynara_admin_set_policies(m_cynaraAdmin, policies.data()); +} + } /* namespace Cynara */ diff --git a/src/cyad/CommandsDispatcher.h b/src/cyad/CommandsDispatcher.h index 36dfc60..63d2441 100644 --- a/src/cyad/CommandsDispatcher.h +++ b/src/cyad/CommandsDispatcher.h @@ -42,6 +42,7 @@ public: virtual int execute(ErrorCyadCommand &); virtual int execute(DeleteBucketCyadCommand &); virtual int execute(SetBucketCyadCommand &); + virtual int execute(SetPolicyCyadCommand &); private: // TODO: Get argv[0] instead of hardcoded name @@ -54,6 +55,13 @@ private: "Bucket delete options (with -d or --delete-bucket)\n" " -d, --delete-bucket= name of bucket to delete\n" "\n" + "Policy set options (with -s or --set-policy)\n" + " -l, --client= client value\n" + " -u, --user= user value\n" + " -r, --privilege= privilege value\n" + " -p, --policy= policy\n" + " -m, --metadata= metadata for policy\n" + "\n" "Help options:\n" " -h, --help print help message"; BaseDispatcherIO &m_io; diff --git a/test/cyad/commands_dispatcher.cpp b/test/cyad/commands_dispatcher.cpp index 6f70770..d459dad 100644 --- a/test/cyad/commands_dispatcher.cpp +++ b/test/cyad/commands_dispatcher.cpp @@ -31,11 +31,13 @@ #include #include +#include #include #include #include "CyadCommandlineDispatcherTest.h" #include "FakeAdminApiWrapper.h" +#include "helpers.h" /** * @brief Dispatcher should not touch admin API on help or error @@ -131,3 +133,51 @@ TEST_F(CyadCommandlineDispatcherTest, setBucket) { dispatcher.execute(result); } } + +TEST_F(CyadCommandlineDispatcherTest, setPolicy) { + using ::testing::_; + using ::testing::Return; + + FakeAdminApiWrapper adminApi; + + EXPECT_CALL(adminApi, cynara_admin_initialize(_)).WillOnce(Return(CYNARA_API_SUCCESS)); + EXPECT_CALL(adminApi, cynara_admin_finish(_)).WillOnce(Return(CYNARA_API_SUCCESS)); + + Cynara::CommandsDispatcher dispatcher(m_io, adminApi); + Cynara::SetPolicyCyadCommand result("test-bucket", { CYNARA_ADMIN_ALLOW, "" }, + { "client", "user", "privilege" }); + + Cynara::CynaraAdminPolicies expectedPolicies; + expectedPolicies.add("test-bucket", { CYNARA_ADMIN_ALLOW, "" }, + { "client", "user", "privilege"} ); + expectedPolicies.seal(); + + EXPECT_CALL(adminApi, cynara_admin_set_policies(_, AdmPolicyListEq(expectedPolicies.data()))) + .WillOnce(Return(CYNARA_API_SUCCESS)); + + dispatcher.execute(result); +} + +TEST_F(CyadCommandlineDispatcherTest, setPolicyWithMetadata) { + using ::testing::_; + using ::testing::Return; + + FakeAdminApiWrapper adminApi; + + EXPECT_CALL(adminApi, cynara_admin_initialize(_)).WillOnce(Return(CYNARA_API_SUCCESS)); + EXPECT_CALL(adminApi, cynara_admin_finish(_)).WillOnce(Return(CYNARA_API_SUCCESS)); + + Cynara::CommandsDispatcher dispatcher(m_io, adminApi); + Cynara::SetPolicyCyadCommand result("test-bucket", { CYNARA_ADMIN_ALLOW, "metadata" }, + Cynara::PolicyKey("client", "user", "privilege")); + + Cynara::CynaraAdminPolicies expectedPolicies; + expectedPolicies.add("test-bucket", { CYNARA_ADMIN_ALLOW, "metadata" }, + { "client", "user", "privilege"} ); + expectedPolicies.seal(); + + EXPECT_CALL(adminApi, cynara_admin_set_policies(_, AdmPolicyListEq(expectedPolicies.data()))) + .WillOnce(Return(CYNARA_API_SUCCESS)); + + dispatcher.execute(result); +}