From: Lukasz Wojciechowski <l.wojciechow@partner.samsung.com>
Date: Tue, 23 Sep 2014 15:56:03 +0000 (+0200)
Subject: Add tests for cynara_admin_check function
X-Git-Tag: security-manager_5.5_testing~200
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=refs%2Fchanges%2F74%2F27974%2F3;p=platform%2Fcore%2Ftest%2Fsecurity-tests.git

Add tests for cynara_admin_check function

cynara_admin_check() function provides simmilar functionality to
cynara_check() from client's API. Differences between those two are:
* admin version can start check search in any given bucket;
* admin version can constrain search to single bucket (no recursion);
* in admin version policy types are returned without being interpreted
  by plugins in cynara service (e.g. no UI popups are launched).

There are 4 tests added:
* tc16_admin_check_single_bucket - for trivial single bucket checks;
* tc17_admin_check_nested_bucket - for testing proper check search
  scope (recursion and start bucket);
* tc18_admin_check_multiple_matches - for testing if minimum policy
  is found, when there is more than a single policy matching;
* tc19_admin_check_none_bucket - for testing proper behaviour, when
  default and only matching policy in bucket is of type NONE.

Verification:
After cynara patch https://review.tizen.org/gerrit/27971 is applied
test should pass. They can fail before due to policy types enumeration
inconsistency between external and internal caynara layers.

Change-Id: Ia37df3491fbc31beb9c638daa515ce5a6b92eb59
---

diff --git a/tests/cynara-tests/test_cases.cpp b/tests/cynara-tests/test_cases.cpp
index 4ecf525..63fcac3 100644
--- a/tests/cynara-tests/test_cases.cpp
+++ b/tests/cynara-tests/test_cases.cpp
@@ -691,6 +691,203 @@ void tc15_admin_set_bucket_admin_none3_func()
     cynara.check(client, session, user, privilege, CYNARA_API_SUCCESS);
 }
 
+void tc16_admin_check_single_bucket_func()
+{
+    const char *bucketDefault = CYNARA_ADMIN_DEFAULT_BUCKET;
+    const char *client = "client16";
+    const char *user = "user16";
+    const char *privilege = "privilege16";
+    const char *extraResult = nullptr;
+    int recursive = 1;
+    int notrecursive = 0;
+
+    CynaraTestAdmin admin;
+
+    admin.adminCheck(bucketDefault, recursive, client, user, privilege,
+                     CYNARA_ADMIN_DENY, nullptr, CYNARA_ADMIN_API_SUCCESS);
+    admin.adminCheck(bucketDefault, notrecursive, client, user, privilege,
+                     CYNARA_ADMIN_DENY, nullptr, CYNARA_ADMIN_API_SUCCESS);
+
+    CynaraPoliciesContainer cp;
+    cp.add(bucketDefault,
+           client, user, privilege,
+           CYNARA_ADMIN_ALLOW, extraResult);
+    admin.setPolicies(cp);
+
+    admin.adminCheck(bucketDefault, recursive, client, user, privilege,
+                     CYNARA_ADMIN_ALLOW, nullptr, CYNARA_ADMIN_API_SUCCESS);
+    admin.adminCheck(bucketDefault, notrecursive, client, user, privilege,
+                     CYNARA_ADMIN_ALLOW, nullptr, CYNARA_ADMIN_API_SUCCESS);
+}
+
+void tc17_admin_check_nested_bucket_func()
+{
+    const char *bucketDefault = CYNARA_ADMIN_DEFAULT_BUCKET;
+    const char *bucket = "bucket17";
+    const char *client = "client17";
+    const char *user = "user17";
+    const char *privilege = "privilege17";
+    const char *extra = nullptr;
+    const char *extraResult = nullptr;
+    int recursive = 1;
+    int notrecursive = 0;
+
+    CynaraTestAdmin admin;
+    admin.setBucket(bucket, CYNARA_ADMIN_DENY, extra);
+
+    admin.adminCheck(bucketDefault, recursive, client, user, privilege,
+                     CYNARA_ADMIN_DENY, nullptr, CYNARA_ADMIN_API_SUCCESS);
+    admin.adminCheck(bucketDefault, notrecursive, client, user, privilege,
+                     CYNARA_ADMIN_DENY, nullptr, CYNARA_ADMIN_API_SUCCESS);
+    admin.adminCheck(bucket, recursive, client, user, privilege,
+                     CYNARA_ADMIN_DENY, nullptr, CYNARA_ADMIN_API_SUCCESS);
+    admin.adminCheck(bucket, notrecursive, client, user, privilege,
+                     CYNARA_ADMIN_DENY, nullptr, CYNARA_ADMIN_API_SUCCESS);
+
+    {
+        CynaraPoliciesContainer cp;
+        cp.add(bucketDefault,
+               client, user, privilege,
+               CYNARA_ADMIN_BUCKET, bucket);
+        cp.add(bucket,
+               client, user, privilege,
+               CYNARA_ADMIN_ALLOW, extraResult);
+        admin.setPolicies(cp);
+    }
+
+    admin.adminCheck(bucketDefault, recursive, client, user, privilege,
+                     CYNARA_ADMIN_ALLOW, nullptr, CYNARA_ADMIN_API_SUCCESS);
+    admin.adminCheck(bucketDefault, notrecursive, client, user, privilege,
+                     CYNARA_ADMIN_DENY, nullptr, CYNARA_ADMIN_API_SUCCESS);
+    admin.adminCheck(bucket, recursive, client, user, privilege,
+                     CYNARA_ADMIN_ALLOW, nullptr, CYNARA_ADMIN_API_SUCCESS);
+    admin.adminCheck(bucket, notrecursive, client, user, privilege,
+                     CYNARA_ADMIN_ALLOW, nullptr, CYNARA_ADMIN_API_SUCCESS);
+}
+
+void tc18_admin_check_multiple_matches_func()
+{
+    const char *bucketDefault = CYNARA_ADMIN_DEFAULT_BUCKET;
+    const char *client = "client18";
+    const char *user = "user18";
+    const char *privilege = "privilege18";
+    const char *wildcard = CYNARA_ADMIN_WILDCARD;
+    const char *extra = nullptr;
+    const char *extraResult = nullptr;
+    int recursive = 1;
+    int notrecursive = 0;
+
+    CynaraTestAdmin admin;
+
+    auto check = [&](int expected_result)
+    {
+        admin.adminCheck(bucketDefault, recursive, client, user, privilege,
+                         expected_result, nullptr, CYNARA_ADMIN_API_SUCCESS);
+        admin.adminCheck(bucketDefault, notrecursive, client, user, privilege,
+                         expected_result, nullptr, CYNARA_ADMIN_API_SUCCESS);
+    };
+
+    check(CYNARA_ADMIN_DENY);
+
+    {
+        CynaraPoliciesContainer cp;
+        cp.add(bucketDefault,
+               client, user, privilege,
+               CYNARA_ADMIN_ALLOW, extraResult);
+        admin.setPolicies(cp);
+    }
+
+    check(CYNARA_ADMIN_ALLOW);
+
+    {
+        CynaraPoliciesContainer cp;
+        cp.add(bucketDefault,
+               wildcard, user, privilege,
+               CYNARA_ADMIN_DENY, extraResult);
+        admin.setPolicies(cp);
+    }
+
+    check(CYNARA_ADMIN_DENY);
+
+    admin.setBucket(bucketDefault, CYNARA_ADMIN_ALLOW, extra);
+
+    check(CYNARA_ADMIN_DENY);
+
+    {
+        CynaraPoliciesContainer cp;
+        cp.add(bucketDefault,
+               client, user, privilege,
+               CYNARA_ADMIN_DELETE, extraResult);
+        admin.setPolicies(cp);
+    }
+
+    check(CYNARA_ADMIN_DENY);
+
+    {
+        CynaraPoliciesContainer cp;
+        cp.add(bucketDefault,
+               wildcard, user, privilege,
+               CYNARA_ADMIN_DELETE, extraResult);
+        admin.setPolicies(cp);
+    }
+
+    check(CYNARA_ADMIN_ALLOW);
+}
+
+void tc19_admin_check_none_bucket_func()
+{
+    const char *bucketDefault = CYNARA_ADMIN_DEFAULT_BUCKET;
+    const char *bucket1 = "bucket19_a";
+    const char *bucket2 = "bucket19_b";
+    const char *client = "client19";
+    const char *user = "user19";
+    const char *privilege = "privilege19";
+    const char *extra = nullptr;
+    int recursive = 1;
+    int notrecursive = 0;
+
+    CynaraTestAdmin admin;
+    admin.setBucket(bucket1, CYNARA_ADMIN_NONE, extra);
+    admin.setBucket(bucket2, CYNARA_ADMIN_ALLOW, extra);
+
+    admin.adminCheck(bucketDefault, recursive, client, user, privilege,
+                     CYNARA_ADMIN_DENY, nullptr, CYNARA_ADMIN_API_SUCCESS);
+    admin.adminCheck(bucketDefault, notrecursive, client, user, privilege,
+                     CYNARA_ADMIN_DENY, nullptr, CYNARA_ADMIN_API_SUCCESS);
+    admin.adminCheck(bucket1, recursive, client, user, privilege,
+                     CYNARA_ADMIN_NONE, nullptr, CYNARA_ADMIN_API_SUCCESS);
+    admin.adminCheck(bucket1, notrecursive, client, user, privilege,
+                     CYNARA_ADMIN_NONE, nullptr, CYNARA_ADMIN_API_SUCCESS);
+    admin.adminCheck(bucket2, recursive, client, user, privilege,
+                     CYNARA_ADMIN_ALLOW, nullptr, CYNARA_ADMIN_API_SUCCESS);
+    admin.adminCheck(bucket2, notrecursive, client, user, privilege,
+                     CYNARA_ADMIN_ALLOW, nullptr, CYNARA_ADMIN_API_SUCCESS);
+
+    {
+        CynaraPoliciesContainer cp;
+        cp.add(bucketDefault,
+               client, user, privilege,
+               CYNARA_ADMIN_BUCKET, bucket1);
+        cp.add(bucket1,
+               client, user, privilege,
+               CYNARA_ADMIN_BUCKET, bucket2);
+        admin.setPolicies(cp);
+    }
+
+    admin.adminCheck(bucketDefault, recursive, client, user, privilege,
+                     CYNARA_ADMIN_ALLOW, nullptr, CYNARA_ADMIN_API_SUCCESS);
+    admin.adminCheck(bucketDefault, notrecursive, client, user, privilege,
+                     CYNARA_ADMIN_DENY, nullptr, CYNARA_ADMIN_API_SUCCESS);
+    admin.adminCheck(bucket1, recursive, client, user, privilege,
+                     CYNARA_ADMIN_ALLOW, nullptr, CYNARA_ADMIN_API_SUCCESS);
+    admin.adminCheck(bucket1, notrecursive, client, user, privilege,
+                     CYNARA_ADMIN_NONE, nullptr, CYNARA_ADMIN_API_SUCCESS);
+    admin.adminCheck(bucket2, recursive, client, user, privilege,
+                     CYNARA_ADMIN_ALLOW, nullptr, CYNARA_ADMIN_API_SUCCESS);
+    admin.adminCheck(bucket2, notrecursive, client, user, privilege,
+                     CYNARA_ADMIN_ALLOW, nullptr, CYNARA_ADMIN_API_SUCCESS);
+}
+
 RUNNER_TEST_GROUP_INIT(cynara_tests)
 
 RUN_CYNARA_TEST(tc01_cynara_initialize)
@@ -713,3 +910,7 @@ RUN_CYNARA_TEST(tc14_admin_set_policies_integrity)
 RUN_CYNARA_TEST(tc15_admin_set_bucket_admin_none1)
 RUN_CYNARA_TEST(tc15_admin_set_bucket_admin_none2)
 RUN_CYNARA_TEST(tc15_admin_set_bucket_admin_none3)
+RUN_CYNARA_TEST(tc16_admin_check_single_bucket)
+RUN_CYNARA_TEST(tc17_admin_check_nested_bucket)
+RUN_CYNARA_TEST(tc18_admin_check_multiple_matches)
+RUN_CYNARA_TEST(tc19_admin_check_none_bucket)