From 57da404597dc257088d930c4ec2e5e0f8538a5f6 Mon Sep 17 00:00:00 2001 From: Marcin Niesluchowski Date: Thu, 17 Jul 2014 19:06:37 +0200 Subject: [PATCH] Add extra bucket cynara tests Change-Id: I195ac63e423b79b422978003892d78b863cfc2e0 --- tests/cynara-tests/test_cases.cpp | 151 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 151 insertions(+) diff --git a/tests/cynara-tests/test_cases.cpp b/tests/cynara-tests/test_cases.cpp index 59191a2..e52332e 100644 --- a/tests/cynara-tests/test_cases.cpp +++ b/tests/cynara-tests/test_cases.cpp @@ -381,3 +381,154 @@ RUNNER_TEST(tc09_admin_set_policies_wildcard_accesses) checkAllDeny(data, session); } + +RUNNER_TEST(tc10_admin_change_extra_bucket) +{ + CynaraTestAdmin admin; + CynaraTestClient cynara; + + const char *bucketDefault = CYNARA_ADMIN_DEFAULT_BUCKET; + const char *bucket = "bucket10"; + const char *session = "session10"; + const char *extra = nullptr; + const char *extraResult = nullptr; + + + const std::vector< std::vector > data = { + { "client10_a", "user10_a", "privilege10_a" }, + { "client10_b", "user10_b", "privilege10_b" } + }; + + cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_DENIED); + cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED); + + admin.setBucket(bucket, CYNARA_ADMIN_ALLOW, extra); + + cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_DENIED); + cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED); + + { + CynaraPoliciesContainer cp; + cp.add(bucketDefault, + data[0][0], data[0][1], data[0][2], + CYNARA_ADMIN_BUCKET, bucket); + admin.setPolicies(cp); + } + + cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_SUCCESS); + cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED); + + admin.setBucket(bucket, CYNARA_ADMIN_DENY, extra); + + cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_DENIED); + cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED); + + admin.setBucket(bucket, CYNARA_ADMIN_ALLOW, extra); + + cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_SUCCESS); + cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED); + + { + CynaraPoliciesContainer cp; + cp.add(bucketDefault, + data[0][0], data[0][1], data[0][2], + CYNARA_ADMIN_DELETE, extraResult); + admin.setPolicies(cp); + } + + cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_DENIED); + cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED); + + admin.setBucket(bucket, CYNARA_ADMIN_DELETE, extra); +} + +RUNNER_TEST(tc11_admin_bucket_not_found) +{ + CynaraTestAdmin admin; + CynaraTestClient cynara; + + const char *bucketDefault = CYNARA_ADMIN_DEFAULT_BUCKET; + const char *bucket = "bucket11"; + const char *client = "client11"; + const char *session = "session11"; + const char *user = "user11"; + const char *privilege = "privilege11"; + + cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_DENIED); + + { + CynaraPoliciesContainer cp; + cp.add(bucketDefault, + client, user, privilege, + CYNARA_ADMIN_BUCKET, bucket); + admin.setPolicies(cp, CYNARA_ADMIN_API_BUCKET_NOT_FOUND); + } + cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_DENIED); +} + +RUNNER_TEST(tc12_admin_delete_bucket_with_policies_pointing_to_it) +{ + CynaraTestAdmin admin; + CynaraTestClient cynara; + + const char *bucketDefault = CYNARA_ADMIN_DEFAULT_BUCKET; + const char *bucket = "bucket12"; + const char *client = "client12"; + const char *session = "session12"; + const char *user = "user12"; + const char *privilege = "privilege12"; + const char *extra = nullptr; + + admin.setBucket(bucket, CYNARA_ADMIN_ALLOW, extra); + + { + CynaraPoliciesContainer cp; + cp.add(bucketDefault, + client, user, privilege, + CYNARA_ADMIN_BUCKET, bucket); + admin.setPolicies(cp); + } + cynara.check(client, session, user, privilege, CYNARA_API_SUCCESS); + + admin.setBucket(bucket, CYNARA_ADMIN_DELETE, extra); + cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_DENIED); + + admin.setBucket(bucket, CYNARA_ADMIN_ALLOW, extra); + cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_DENIED); + + admin.setBucket(bucket, CYNARA_ADMIN_DELETE, extra); + cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_DENIED); +} + +RUNNER_TEST(tc13_admin_set_policies_to_extra_bucket) +{ + CynaraTestAdmin admin; + CynaraTestClient cynara; + + const char *bucketDefault = CYNARA_ADMIN_DEFAULT_BUCKET; + const char *bucket = "bucket13"; + const char *client = "client13"; + const char *session = "session13"; + const char *user = "user13"; + const char *privilege = "privilege13"; + const char *extra = nullptr; + const char *extraResult = nullptr; + + admin.setBucket(bucket, CYNARA_ADMIN_DENY, extra); + cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_DENIED); + + { + CynaraPoliciesContainer cp; + cp.add(bucketDefault, + client, user, privilege, + CYNARA_ADMIN_BUCKET, bucket); + cp.add(bucket, + client, user, privilege, + CYNARA_ADMIN_ALLOW, extraResult); + admin.setPolicies(cp); + } + cynara.check(client, session, user, privilege, CYNARA_API_SUCCESS); + + admin.setBucket(bucket, CYNARA_ADMIN_DELETE, extra); + cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_DENIED); +} -- 2.7.4