2 * Copyright (c) 2014-2015 Samsung Electronics Co., Ltd All Rights Reserved
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
18 * @file test_cases.cpp
19 * @author Aleksander Zdyb <a.zdyb@partner.samsung.com>
20 * @author Marcin Niesluchowski <m.niesluchow@samsung.com>
21 * @author Lukasz Wojciechowski <l.wojciechow@partner.samsung.com>
23 * @brief Tests for libcynara-client and libcynara-admin
26 #include <cynara_test_commons.h>
28 #include <tests_common.h>
29 #include <cynara_test_client.h>
30 #include <cynara_test_admin.h>
31 #include <cynara_test_env.h>
36 using namespace CynaraTestAdmin;
37 using namespace CynaraTestClient;
39 RUNNER_TEST_GROUP_INIT(cynara_tests)
41 RUN_CYNARA_TEST(tc01_cynara_initialize)
46 RUN_CYNARA_TEST(tc02_admin_initialize)
51 RUN_CYNARA_TEST(tc03_cynara_check_invalid_params)
55 const char *client = "client03";
56 const char *user = "user03";
57 const char *privilege = "privilege03";
58 const char *session = "session03";
60 cynara.check(nullptr, session, user, privilege, CYNARA_API_INVALID_PARAM);
61 cynara.check(client, nullptr, user, privilege, CYNARA_API_INVALID_PARAM);
62 cynara.check(client, session, nullptr, privilege, CYNARA_API_INVALID_PARAM);
63 cynara.check(client, session, user, nullptr, CYNARA_API_INVALID_PARAM);
66 void checkInvalidPolicy(Admin &admin,
70 const char *privilege,
72 const char *resultExtra)
74 CynaraPoliciesContainer cp;
75 cp.add(bucket, client, user, privilege, result, resultExtra);
77 admin.setPolicies(cp, CYNARA_API_INVALID_PARAM);
80 RUN_CYNARA_TEST(tc04_admin_set_policies_invalid_params)
84 const char *bucket = CYNARA_ADMIN_DEFAULT_BUCKET;
85 const char *client = "client04";
86 const char *user = "user04";
87 const char *privilege = "privilege04";
88 const int resultAllow = CYNARA_ADMIN_ALLOW;
89 const int resultBucket = CYNARA_ADMIN_BUCKET;
90 const int resultNone = CYNARA_ADMIN_NONE;
91 const char *resultExtra = nullptr;
93 checkInvalidPolicy(admin, nullptr, client, user, privilege, resultAllow, resultExtra);
94 checkInvalidPolicy(admin, bucket, nullptr, user, privilege, resultAllow, resultExtra);
95 checkInvalidPolicy(admin, bucket, client, nullptr, privilege, resultAllow, resultExtra);
96 checkInvalidPolicy(admin, bucket, client, user, nullptr, resultAllow, resultExtra);
97 checkInvalidPolicy(admin, bucket, client, user, privilege, INT_MAX, resultExtra);
98 checkInvalidPolicy(admin, bucket, client, user, privilege, resultBucket, nullptr );
99 checkInvalidPolicy(admin, bucket, client, user, privilege, resultNone, resultExtra);
102 RUN_CYNARA_TEST(tc05_admin_set_bucket_invalid_params)
106 const char *bucket = CYNARA_ADMIN_DEFAULT_BUCKET;
107 const int operationAllow = CYNARA_ADMIN_ALLOW;
108 const int operationDelete = CYNARA_ADMIN_DELETE;
109 const int operationNone = CYNARA_ADMIN_NONE;
110 const char *extra = nullptr;
112 admin.setBucket(nullptr, operationAllow, extra, CYNARA_API_INVALID_PARAM);
113 admin.setBucket(bucket, INT_MAX, extra, CYNARA_API_INVALID_PARAM);
114 admin.setBucket(bucket, operationDelete, extra, CYNARA_API_OPERATION_NOT_ALLOWED);
115 admin.setBucket(bucket, operationNone, extra, CYNARA_API_OPERATION_NOT_ALLOWED);
118 RUN_CYNARA_TEST(tc06_cynara_check_empty_admin1)
122 const char *client = "client06_1";
123 const char *session = "session06_1";
124 const char *user = "user06_1";
125 const char *privilege = "privilege06_1";
127 cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_DENIED);
130 RUN_CYNARA_TEST(tc06_cynara_check_empty_admin2)
134 const char *client = CYNARA_ADMIN_WILDCARD;
135 const char *session = "session06_2";
136 const char *user = CYNARA_ADMIN_WILDCARD;
137 const char *privilege = CYNARA_ADMIN_WILDCARD;
139 cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_DENIED);
142 RUN_CYNARA_TEST(tc07_admin_set_bucket_admin_allow_deny)
147 const char *bucket = CYNARA_ADMIN_DEFAULT_BUCKET;
148 const char *client = "client07";
149 const char *session = "session07";
150 const char *user = "user07";
151 const char *privilege = "privilege07";
152 const char *extra = nullptr;
154 admin.setBucket(bucket, CYNARA_ADMIN_ALLOW, extra);
156 cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_ALLOWED);
158 admin.setBucket(bucket, CYNARA_ADMIN_DENY, extra);
160 cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_DENIED);
163 RUN_CYNARA_TEST(tc08_admin_set_policies_allow_remove1)
168 const char *bucket = CYNARA_ADMIN_DEFAULT_BUCKET;
169 const char *session = "session08_1";
170 const int resultAllow = CYNARA_ADMIN_ALLOW;
171 const int resultDelete = CYNARA_ADMIN_DELETE;
172 const char *resultExtra = nullptr;
174 const std::vector< std::vector<const char *> > data = {
175 { "client08_1_a", "user08_1_a", "privilege08_1_a" },
176 { "client08_1_b", "user08_1_b", "privilege08_1_b" },
179 cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_DENIED);
180 cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED);
182 // allow first policy
184 CynaraPoliciesContainer cp;
185 cp.add(bucket, data[0][0], data[0][1], data[0][2], resultAllow, resultExtra);
186 admin.setPolicies(cp);
188 cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_ALLOWED);
189 cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED);
191 // allow second policy
193 CynaraPoliciesContainer cp;
194 cp.add(bucket, data[1][0], data[1][1], data[1][2], resultAllow, resultExtra);
195 admin.setPolicies(cp);
197 cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_ALLOWED);
198 cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_ALLOWED);
200 // delete first policy
202 CynaraPoliciesContainer cp;
203 cp.add(bucket, data[0][0], data[0][1], data[0][2], resultDelete, resultExtra);
204 admin.setPolicies(cp);
206 cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_DENIED);
207 cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_ALLOWED);
209 // delete second policy
211 CynaraPoliciesContainer cp;
212 cp.add(bucket, data[1][0], data[1][1], data[1][2], resultDelete, resultExtra);
213 admin.setPolicies(cp);
215 cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_DENIED);
216 cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED);
219 RUN_CYNARA_TEST(tc08_admin_set_policies_allow_remove2)
224 const char *bucket = CYNARA_ADMIN_DEFAULT_BUCKET;
225 const char *session = "session08_2";
226 const int resultAllow = CYNARA_ADMIN_ALLOW;
227 const int resultDelete = CYNARA_ADMIN_DELETE;
228 const char *resultExtra = nullptr;
230 const std::vector< std::vector<const char *> > data = {
231 { "client08_2_a", "user08_2_a", "privilege08_2_a" },
232 { "client08_2_b", "user08_2_b", "privilege08_2_b" },
235 cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_DENIED);
236 cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED);
238 // allow first policy
240 CynaraPoliciesContainer cp;
241 cp.add(bucket, data[0][0], data[0][1], data[0][2], resultAllow, resultExtra);
242 admin.setPolicies(cp);
244 cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_ALLOWED);
245 cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED);
247 // delete first, allow second policy
249 CynaraPoliciesContainer cp;
250 cp.add(bucket, data[0][0], data[0][1], data[0][2], resultDelete, resultExtra);
251 cp.add(bucket, data[1][0], data[1][1], data[1][2], resultAllow, resultExtra);
252 admin.setPolicies(cp);
254 cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_DENIED);
255 cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_ALLOWED);
257 // delete second policy
259 CynaraPoliciesContainer cp;
260 cp.add(bucket, data[1][0], data[1][1], data[1][2], resultDelete, resultExtra);
261 admin.setPolicies(cp);
264 cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_DENIED);
265 cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED);
268 RUN_CYNARA_TEST(tc08_admin_set_policies_allow_remove3)
273 const char *bucket = CYNARA_ADMIN_DEFAULT_BUCKET;
274 const char *session = "session08_3";
275 const int resultAllow = CYNARA_ADMIN_ALLOW;
276 const int resultDelete = CYNARA_ADMIN_DELETE;
277 const char *resultExtra = nullptr;
279 const std::vector< std::vector<const char *> > data = {
280 { "client08_3_a", "user08_3_a", "privilege08_3_a" },
281 { "client08_3_b", "user08_3_b", "privilege08_3_b" },
284 cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_DENIED);
285 cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED);
287 // allow first and second policy
289 CynaraPoliciesContainer cp;
290 cp.add(bucket, data[0][0], data[0][1], data[0][2], resultAllow, resultExtra);
291 cp.add(bucket, data[1][0], data[1][1], data[1][2], resultAllow, resultExtra);
292 admin.setPolicies(cp);
294 cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_ALLOWED);
295 cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_ALLOWED);
297 // delete first and second policy
299 CynaraPoliciesContainer cp;
300 cp.add(bucket, data[0][0], data[0][1], data[0][2], resultDelete, resultExtra);
301 cp.add(bucket, data[1][0], data[1][1], data[1][2], resultDelete, resultExtra);
302 admin.setPolicies(cp);
305 cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_DENIED);
306 cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED);
309 void checkAllDeny(const std::vector< std::vector<const char *> > &data,
314 for (auto it = data.begin(); it != data.end(); ++it) {
315 RUNNER_ASSERT_MSG(it->size() == 3, "Wrong test data size");
318 for (auto itClient = data.begin(); itClient != data.end(); ++itClient) {
319 for (auto itUser = data.begin(); itUser != data.end(); ++itUser) {
320 for (auto itPrivilege = data.begin(); itPrivilege != data.end(); ++itPrivilege) {
321 cynara.check(itClient->at(0), session, itUser->at(1), itPrivilege->at(2), CYNARA_API_ACCESS_DENIED);
327 void checkSingleWildcardData(const std::vector< std::vector<const char *> > &data)
329 RUNNER_ASSERT_MSG(data.size() == 3, "Wrong test data size");
330 for (auto it = data.begin(); it != data.end(); ++it) {
331 RUNNER_ASSERT_MSG(it->size() == 3, "Wrong test data size");
335 void checkSingleWildcardAllowRestDeny(const std::vector< std::vector<const char *> > &data,
340 checkSingleWildcardData(data);
342 for (size_t c = 0; c < data.size(); ++c) {
343 for (size_t u = 0; u < data.size(); ++u) {
344 for (size_t p = 0; p < data.size(); ++p) {
345 if ((u == 0 && p == 0)
346 || (c == 1 && p == 1)
347 || (c == 2 && u == 2)) {
348 cynara.check(data[c][0], session, data[u][1], data[p][2], CYNARA_API_ACCESS_ALLOWED);
350 cynara.check(data[c][0], session, data[u][1], data[p][2], CYNARA_API_ACCESS_DENIED);
357 void setSingleWildcardPolicies(const char *bucket,
358 const std::vector< std::vector<const char *> > &data,
359 const int result, const char* resultExtra)
362 CynaraPoliciesContainer cp;
364 checkSingleWildcardData(data);
367 CYNARA_ADMIN_WILDCARD, data[0][1], data[0][2],
368 result, resultExtra);
370 data[1][0], CYNARA_ADMIN_WILDCARD, data[1][2],
371 result, resultExtra);
373 data[2][0], data[2][1], CYNARA_ADMIN_WILDCARD,
374 result, resultExtra);
376 admin.setPolicies(cp);
379 RUN_CYNARA_TEST(tc09_admin_set_policies_wildcard_accesses)
381 const char *bucket = CYNARA_ADMIN_DEFAULT_BUCKET;
382 const char *session = "session09";
383 const char *resultExtra = nullptr;
385 const std::vector< std::vector<const char *> > data = {
386 { "client09_a", "user09_a", "privilege09_a" },
387 { "client09_b", "user09_b", "privilege09_b" },
388 { "client09_c", "user09_c", "privilege09_c" }
391 checkAllDeny(data, session);
393 setSingleWildcardPolicies(bucket, data, CYNARA_ADMIN_ALLOW, resultExtra);
395 checkSingleWildcardAllowRestDeny(data, session);
397 setSingleWildcardPolicies(bucket, data, CYNARA_ADMIN_DELETE, resultExtra);
399 checkAllDeny(data, session);
402 RUN_CYNARA_TEST(tc10_admin_change_extra_bucket)
407 const char *bucketDefault = CYNARA_ADMIN_DEFAULT_BUCKET;
408 const char *bucket = "bucket10";
409 const char *session = "session10";
410 const char *extra = nullptr;
411 const char *extraResult = nullptr;
414 const std::vector< std::vector<const char *> > data = {
415 { "client10_a", "user10_a", "privilege10_a" },
416 { "client10_b", "user10_b", "privilege10_b" }
419 cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_DENIED);
420 cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED);
422 admin.setBucket(bucket, CYNARA_ADMIN_ALLOW, extra);
424 cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_DENIED);
425 cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED);
428 CynaraPoliciesContainer cp;
429 cp.add(bucketDefault,
430 data[0][0], data[0][1], data[0][2],
431 CYNARA_ADMIN_BUCKET, bucket);
432 admin.setPolicies(cp);
435 cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_ALLOWED);
436 cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED);
438 admin.setBucket(bucket, CYNARA_ADMIN_DENY, extra);
440 cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_DENIED);
441 cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED);
443 admin.setBucket(bucket, CYNARA_ADMIN_ALLOW, extra);
445 cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_ALLOWED);
446 cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED);
449 CynaraPoliciesContainer cp;
450 cp.add(bucketDefault,
451 data[0][0], data[0][1], data[0][2],
452 CYNARA_ADMIN_DELETE, extraResult);
453 admin.setPolicies(cp);
456 cynara.check(data[0][0], session, data[0][1], data[0][2], CYNARA_API_ACCESS_DENIED);
457 cynara.check(data[1][0], session, data[1][1], data[1][2], CYNARA_API_ACCESS_DENIED);
459 admin.setBucket(bucket, CYNARA_ADMIN_DELETE, extra);
462 RUN_CYNARA_TEST(tc11_admin_bucket_not_found)
467 const char *bucketDefault = CYNARA_ADMIN_DEFAULT_BUCKET;
468 const char *bucket = "bucket11";
469 const char *client = "client11";
470 const char *session = "session11";
471 const char *user = "user11";
472 const char *privilege = "privilege11";
474 cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_DENIED);
477 CynaraPoliciesContainer cp;
478 cp.add(bucketDefault,
479 client, user, privilege,
480 CYNARA_ADMIN_BUCKET, bucket);
481 admin.setPolicies(cp, CYNARA_API_BUCKET_NOT_FOUND);
483 cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_DENIED);
486 RUN_CYNARA_TEST(tc12_admin_delete_bucket_with_policies_pointing_to_it)
491 const char *bucketDefault = CYNARA_ADMIN_DEFAULT_BUCKET;
492 const char *bucket = "bucket12";
493 const char *client = "client12";
494 const char *session = "session12";
495 const char *user = "user12";
496 const char *privilege = "privilege12";
497 const char *extra = nullptr;
499 admin.setBucket(bucket, CYNARA_ADMIN_ALLOW, extra);
502 CynaraPoliciesContainer cp;
503 cp.add(bucketDefault,
504 client, user, privilege,
505 CYNARA_ADMIN_BUCKET, bucket);
506 admin.setPolicies(cp);
508 cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_ALLOWED);
510 admin.setBucket(bucket, CYNARA_ADMIN_DELETE, extra);
511 cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_DENIED);
513 admin.setBucket(bucket, CYNARA_ADMIN_ALLOW, extra);
514 cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_DENIED);
516 admin.setBucket(bucket, CYNARA_ADMIN_DELETE, extra);
517 cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_DENIED);
520 RUN_CYNARA_TEST(tc13_admin_set_policies_to_extra_bucket)
525 const char *bucketDefault = CYNARA_ADMIN_DEFAULT_BUCKET;
526 const char *bucket = "bucket13";
527 const char *client = "client13";
528 const char *session = "session13";
529 const char *user = "user13";
530 const char *privilege = "privilege13";
531 const char *extra = nullptr;
532 const char *extraResult = nullptr;
534 admin.setBucket(bucket, CYNARA_ADMIN_DENY, extra);
535 cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_DENIED);
538 CynaraPoliciesContainer cp;
539 cp.add(bucketDefault,
540 client, user, privilege,
541 CYNARA_ADMIN_BUCKET, bucket);
543 client, user, privilege,
544 CYNARA_ADMIN_ALLOW, extraResult);
545 admin.setPolicies(cp);
547 cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_ALLOWED);
549 admin.setBucket(bucket, CYNARA_ADMIN_DELETE, extra);
550 cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_DENIED);
553 RUN_CYNARA_TEST(tc14_admin_set_policies_integrity)
555 const char *bucketDefault = CYNARA_ADMIN_DEFAULT_BUCKET;
556 const char *bucket = "bucket14";
557 const char *client = "client14";
558 const char *session = "session14";
559 const char *user = "user14";
560 const char *privilege = "privilege14";
561 const char *extraResult = nullptr;
565 cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_DENIED);
570 CynaraPoliciesContainer cp;
571 cp.add(bucketDefault,
572 client, user, privilege,
573 CYNARA_ADMIN_ALLOW, extraResult);
575 client, user, privilege,
576 CYNARA_ADMIN_ALLOW, extraResult);
577 admin.setPolicies(cp, CYNARA_API_BUCKET_NOT_FOUND);
582 cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_DENIED);
586 RUN_CYNARA_TEST(tc15_admin_set_bucket_admin_none1)
591 const char *bucketDefault = CYNARA_ADMIN_DEFAULT_BUCKET;
592 const char *bucket = "bucket15_1";
593 const char *client = "client15_1";
594 const char *session = "session15_1";
595 const char *user = "user15_1";
596 const char *privilege = "privilege15_1";
597 const char *extra = nullptr;
598 const char *extraResult = nullptr;
600 admin.setBucket(bucket, CYNARA_ADMIN_NONE, extra);
603 CynaraPoliciesContainer cp;
604 cp.add(bucketDefault,
605 client, user, privilege,
606 CYNARA_ADMIN_BUCKET, bucket);
608 client, user, privilege,
609 CYNARA_ADMIN_ALLOW, extraResult);
610 admin.setPolicies(cp);
612 cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_ALLOWED);
615 RUN_CYNARA_TEST(tc15_admin_set_bucket_admin_none2)
620 const char *bucketDefault = CYNARA_ADMIN_DEFAULT_BUCKET;
621 const char *bucket = "bucket15_2";
622 const char *client = "client15_2";
623 const char *session = "session15_2";
624 const char *user = "user15_2";
625 const char *privilege = "privilege15_2";
626 const char *extra = nullptr;
628 admin.setBucket(bucket, CYNARA_ADMIN_NONE, extra);
631 CynaraPoliciesContainer cp;
632 cp.add(bucketDefault,
633 client, user, privilege,
634 CYNARA_ADMIN_BUCKET, bucket);
635 admin.setPolicies(cp);
637 cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_DENIED);
640 RUN_CYNARA_TEST(tc15_admin_set_bucket_admin_none3)
645 const char *bucketDefault = CYNARA_ADMIN_DEFAULT_BUCKET;
646 const char *bucket = "bucket15_3";
647 const char *client = "client15_3";
648 const char *session = "session15_3";
649 const char *user = "user15_3";
650 const char *privilege = "privilege15_3";
651 const char *extra = nullptr;
652 const char *extraResult = nullptr;
654 admin.setBucket(bucket, CYNARA_ADMIN_NONE, extra);
657 CynaraPoliciesContainer cp;
658 cp.add(bucketDefault,
659 client, user, privilege,
660 CYNARA_ADMIN_BUCKET, bucket);
661 cp.add(bucketDefault,
662 client, user, CYNARA_ADMIN_WILDCARD,
663 CYNARA_ADMIN_ALLOW, extraResult);
664 admin.setPolicies(cp);
666 cynara.check(client, session, user, privilege, CYNARA_API_ACCESS_ALLOWED);
669 RUN_CYNARA_TEST(tc16_admin_check_single_bucket)
671 const char *bucketDefault = CYNARA_ADMIN_DEFAULT_BUCKET;
672 const char *client = "client16";
673 const char *user = "user16";
674 const char *privilege = "privilege16";
675 const char *extraResult = nullptr;
677 int notrecursive = 0;
681 admin.adminCheck(bucketDefault, recursive, client, user, privilege,
682 CYNARA_ADMIN_DENY, nullptr, CYNARA_API_SUCCESS);
683 admin.adminCheck(bucketDefault, notrecursive, client, user, privilege,
684 CYNARA_ADMIN_DENY, nullptr, CYNARA_API_SUCCESS);
686 CynaraPoliciesContainer cp;
687 cp.add(bucketDefault,
688 client, user, privilege,
689 CYNARA_ADMIN_ALLOW, extraResult);
690 admin.setPolicies(cp);
692 admin.adminCheck(bucketDefault, recursive, client, user, privilege,
693 CYNARA_ADMIN_ALLOW, nullptr, CYNARA_API_SUCCESS);
694 admin.adminCheck(bucketDefault, notrecursive, client, user, privilege,
695 CYNARA_ADMIN_ALLOW, nullptr, CYNARA_API_SUCCESS);
698 RUN_CYNARA_TEST(tc17_admin_check_nested_bucket)
700 const char *bucketDefault = CYNARA_ADMIN_DEFAULT_BUCKET;
701 const char *bucket = "bucket17";
702 const char *client = "client17";
703 const char *user = "user17";
704 const char *privilege = "privilege17";
705 const char *extra = nullptr;
706 const char *extraResult = nullptr;
708 int notrecursive = 0;
711 admin.setBucket(bucket, CYNARA_ADMIN_DENY, extra);
713 admin.adminCheck(bucketDefault, recursive, client, user, privilege,
714 CYNARA_ADMIN_DENY, nullptr, CYNARA_API_SUCCESS);
715 admin.adminCheck(bucketDefault, notrecursive, client, user, privilege,
716 CYNARA_ADMIN_DENY, nullptr, CYNARA_API_SUCCESS);
717 admin.adminCheck(bucket, recursive, client, user, privilege,
718 CYNARA_ADMIN_DENY, nullptr, CYNARA_API_SUCCESS);
719 admin.adminCheck(bucket, notrecursive, client, user, privilege,
720 CYNARA_ADMIN_DENY, nullptr, CYNARA_API_SUCCESS);
723 CynaraPoliciesContainer cp;
724 cp.add(bucketDefault,
725 client, user, privilege,
726 CYNARA_ADMIN_BUCKET, bucket);
728 client, user, privilege,
729 CYNARA_ADMIN_ALLOW, extraResult);
730 admin.setPolicies(cp);
733 admin.adminCheck(bucketDefault, recursive, client, user, privilege,
734 CYNARA_ADMIN_ALLOW, nullptr, CYNARA_API_SUCCESS);
735 admin.adminCheck(bucketDefault, notrecursive, client, user, privilege,
736 CYNARA_ADMIN_DENY, nullptr, CYNARA_API_SUCCESS);
737 admin.adminCheck(bucket, recursive, client, user, privilege,
738 CYNARA_ADMIN_ALLOW, nullptr, CYNARA_API_SUCCESS);
739 admin.adminCheck(bucket, notrecursive, client, user, privilege,
740 CYNARA_ADMIN_ALLOW, nullptr, CYNARA_API_SUCCESS);
743 RUN_CYNARA_TEST(tc18_admin_check_multiple_matches)
745 const char *bucketDefault = CYNARA_ADMIN_DEFAULT_BUCKET;
746 const char *client = "client18";
747 const char *user = "user18";
748 const char *privilege = "privilege18";
749 const char *wildcard = CYNARA_ADMIN_WILDCARD;
750 const char *extra = nullptr;
751 const char *extraResult = nullptr;
753 int notrecursive = 0;
757 auto check = [&](int expected_result)
759 admin.adminCheck(bucketDefault, recursive, client, user, privilege,
760 expected_result, nullptr, CYNARA_API_SUCCESS);
761 admin.adminCheck(bucketDefault, notrecursive, client, user, privilege,
762 expected_result, nullptr, CYNARA_API_SUCCESS);
765 check(CYNARA_ADMIN_DENY);
768 CynaraPoliciesContainer cp;
769 cp.add(bucketDefault,
770 client, user, privilege,
771 CYNARA_ADMIN_ALLOW, extraResult);
772 admin.setPolicies(cp);
775 check(CYNARA_ADMIN_ALLOW);
778 CynaraPoliciesContainer cp;
779 cp.add(bucketDefault,
780 wildcard, user, privilege,
781 CYNARA_ADMIN_DENY, extraResult);
782 admin.setPolicies(cp);
785 check(CYNARA_ADMIN_DENY);
787 admin.setBucket(bucketDefault, CYNARA_ADMIN_ALLOW, extra);
789 check(CYNARA_ADMIN_DENY);
792 CynaraPoliciesContainer cp;
793 cp.add(bucketDefault,
794 client, user, privilege,
795 CYNARA_ADMIN_DELETE, extraResult);
796 admin.setPolicies(cp);
799 check(CYNARA_ADMIN_DENY);
802 CynaraPoliciesContainer cp;
803 cp.add(bucketDefault,
804 wildcard, user, privilege,
805 CYNARA_ADMIN_DELETE, extraResult);
806 admin.setPolicies(cp);
809 check(CYNARA_ADMIN_ALLOW);
812 RUN_CYNARA_TEST(tc19_admin_check_none_bucket)
814 const char *bucketDefault = CYNARA_ADMIN_DEFAULT_BUCKET;
815 const char *bucket1 = "bucket19_a";
816 const char *bucket2 = "bucket19_b";
817 const char *client = "client19";
818 const char *user = "user19";
819 const char *privilege = "privilege19";
820 const char *extra = nullptr;
822 int notrecursive = 0;
825 admin.setBucket(bucket1, CYNARA_ADMIN_NONE, extra);
826 admin.setBucket(bucket2, CYNARA_ADMIN_ALLOW, extra);
828 admin.adminCheck(bucketDefault, recursive, client, user, privilege,
829 CYNARA_ADMIN_DENY, nullptr, CYNARA_API_SUCCESS);
830 admin.adminCheck(bucketDefault, notrecursive, client, user, privilege,
831 CYNARA_ADMIN_DENY, nullptr, CYNARA_API_SUCCESS);
832 admin.adminCheck(bucket1, recursive, client, user, privilege,
833 CYNARA_ADMIN_NONE, nullptr, CYNARA_API_SUCCESS);
834 admin.adminCheck(bucket1, notrecursive, client, user, privilege,
835 CYNARA_ADMIN_NONE, nullptr, CYNARA_API_SUCCESS);
836 admin.adminCheck(bucket2, recursive, client, user, privilege,
837 CYNARA_ADMIN_ALLOW, nullptr, CYNARA_API_SUCCESS);
838 admin.adminCheck(bucket2, notrecursive, client, user, privilege,
839 CYNARA_ADMIN_ALLOW, nullptr, CYNARA_API_SUCCESS);
842 CynaraPoliciesContainer cp;
843 cp.add(bucketDefault,
844 client, user, privilege,
845 CYNARA_ADMIN_BUCKET, bucket1);
847 client, user, privilege,
848 CYNARA_ADMIN_BUCKET, bucket2);
849 admin.setPolicies(cp);
852 admin.adminCheck(bucketDefault, recursive, client, user, privilege,
853 CYNARA_ADMIN_ALLOW, nullptr, CYNARA_API_SUCCESS);
854 admin.adminCheck(bucketDefault, notrecursive, client, user, privilege,
855 CYNARA_ADMIN_DENY, nullptr, CYNARA_API_SUCCESS);
856 admin.adminCheck(bucket1, recursive, client, user, privilege,
857 CYNARA_ADMIN_ALLOW, nullptr, CYNARA_API_SUCCESS);
858 admin.adminCheck(bucket1, notrecursive, client, user, privilege,
859 CYNARA_ADMIN_NONE, nullptr, CYNARA_API_SUCCESS);
860 admin.adminCheck(bucket2, recursive, client, user, privilege,
861 CYNARA_ADMIN_ALLOW, nullptr, CYNARA_API_SUCCESS);
862 admin.adminCheck(bucket2, notrecursive, client, user, privilege,
863 CYNARA_ADMIN_ALLOW, nullptr, CYNARA_API_SUCCESS);
866 RUN_CYNARA_TEST(tc20_admin_list_empty_bucket)
868 const char *emptyBucket = "empty_bucket20";
869 const char *client = "client20";
870 const char *user = "user20";
871 const char *privilege = "privilege20";
872 const char *extra = nullptr;
875 admin.setBucket(emptyBucket, CYNARA_ADMIN_ALLOW, extra);
877 CynaraPoliciesContainer emptyPolicies;
879 admin.listPolicies(emptyBucket, client, user, privilege, emptyPolicies);
882 RUN_CYNARA_TEST(tc21_admin_list_no_bucket)
884 const char *emptyBucket = "empty_bucket21";
885 const char *notExistingBucket = "not_existing_bucket21";
886 const char *client = "client21";
887 const char *user = "user21";
888 const char *privilege = "privilege21";
889 const char *extra = nullptr;
892 admin.setBucket(emptyBucket, CYNARA_ADMIN_ALLOW, extra);
894 CynaraPoliciesContainer emptyPolicies;
896 admin.listPolicies(notExistingBucket, client, user, privilege, emptyPolicies,
897 CYNARA_API_BUCKET_NOT_FOUND);
900 RUN_CYNARA_TEST(tc22_admin_list_bucket)
902 const char *bucket = "bucket22";
903 const char *emptyBucket = "empty_bucket22";
904 const char *client = "client22";
905 const char *user = "user22";
906 const char *privilege = "privilege22";
907 const char *client2 = "client22_2";
908 const char *user2 = "user22_2";
909 const char *privilege2 = "privilege22_2";
910 const char *wildcard = CYNARA_ADMIN_WILDCARD;
911 const char *any = CYNARA_ADMIN_ANY;
913 const char *extra = nullptr;
916 admin.setBucket(bucket, CYNARA_ADMIN_ALLOW, extra);
917 admin.setBucket(emptyBucket, CYNARA_ADMIN_ALLOW, extra);
920 CynaraPoliciesContainer cp;
921 cp.add(bucket, wildcard, wildcard, wildcard, CYNARA_ADMIN_BUCKET, emptyBucket);
922 cp.add(bucket, wildcard, wildcard, privilege, CYNARA_ADMIN_DENY, extra);
923 cp.add(bucket, wildcard, wildcard, privilege2, CYNARA_ADMIN_BUCKET, emptyBucket);
924 cp.add(bucket, wildcard, user, wildcard, CYNARA_ADMIN_DENY, extra);
925 cp.add(bucket, wildcard, user2, wildcard, CYNARA_ADMIN_BUCKET, emptyBucket);
926 cp.add(bucket, wildcard, user, privilege, CYNARA_ADMIN_DENY, extra);
927 cp.add(bucket, wildcard, user, privilege2, CYNARA_ADMIN_BUCKET, emptyBucket);
928 cp.add(bucket, wildcard, user2, privilege, CYNARA_ADMIN_DENY, extra);
929 cp.add(bucket, wildcard, user2, privilege2, CYNARA_ADMIN_BUCKET, emptyBucket);
930 cp.add(bucket, client, wildcard, wildcard, CYNARA_ADMIN_DENY, extra);
931 cp.add(bucket, client2, wildcard, wildcard, CYNARA_ADMIN_BUCKET, emptyBucket);
932 cp.add(bucket, client, wildcard, privilege, CYNARA_ADMIN_DENY, extra);
933 cp.add(bucket, client, wildcard, privilege2, CYNARA_ADMIN_BUCKET, emptyBucket);
934 cp.add(bucket, client2, wildcard, privilege, CYNARA_ADMIN_DENY, extra);
935 cp.add(bucket, client2, wildcard, privilege2, CYNARA_ADMIN_BUCKET, emptyBucket);
936 cp.add(bucket, client, user, wildcard, CYNARA_ADMIN_DENY, extra);
937 cp.add(bucket, client, user2, wildcard, CYNARA_ADMIN_BUCKET, emptyBucket);
938 cp.add(bucket, client2, user, wildcard, CYNARA_ADMIN_DENY, extra);
939 cp.add(bucket, client2, user2, wildcard, CYNARA_ADMIN_BUCKET, emptyBucket);
940 cp.add(bucket, client, user, privilege, CYNARA_ADMIN_DENY, extra);
941 cp.add(bucket, client, user, privilege2, CYNARA_ADMIN_BUCKET, emptyBucket);
942 cp.add(bucket, client, user2, privilege, CYNARA_ADMIN_DENY, extra);
943 cp.add(bucket, client, user2, privilege2, CYNARA_ADMIN_BUCKET, emptyBucket);
944 cp.add(bucket, client2, user, privilege, CYNARA_ADMIN_DENY, extra);
945 cp.add(bucket, client2, user, privilege2, CYNARA_ADMIN_BUCKET, emptyBucket);
946 cp.add(bucket, client2, user2, privilege, CYNARA_ADMIN_DENY, extra);
947 cp.add(bucket, client2, user2, privilege2, CYNARA_ADMIN_BUCKET, emptyBucket);
948 admin.setPolicies(cp);
951 CynaraPoliciesContainer expectedPolicies;
952 expectedPolicies.add(bucket, client, wildcard, wildcard, CYNARA_ADMIN_DENY, extra);
953 expectedPolicies.add(bucket, client, wildcard, privilege, CYNARA_ADMIN_DENY, extra);
954 expectedPolicies.add(bucket, client, wildcard, privilege2, CYNARA_ADMIN_BUCKET, emptyBucket);
956 admin.listPolicies(bucket, client, wildcard, any, expectedPolicies);
959 RUN_CYNARA_TEST(tc23_admin_erase_empty_bucket)
961 const char *emptyBucket = "empty_bucket23";
962 const char *client = "client23";
963 const char *user = "user23";
964 const char *privilege = "privilege23";
965 const char *extra = nullptr;
969 admin.setBucket(emptyBucket, CYNARA_ADMIN_ALLOW, extra);
971 admin.erasePolicies(emptyBucket, recursive, client, user, privilege);
974 RUN_CYNARA_TEST(tc24_admin_erase_no_bucket)
976 const char *emptyBucket = "empty_bucket24";
977 const char *notExistingBucket = "not_existing_bucket24";
978 const char *client = "client24";
979 const char *user = "user24";
980 const char *privilege = "privilege24";
981 const char *extra = nullptr;
985 admin.setBucket(emptyBucket, CYNARA_ADMIN_ALLOW, extra);
987 admin.erasePolicies(notExistingBucket, recursive, client, user, privilege,
988 CYNARA_API_BUCKET_NOT_FOUND);
991 RUN_CYNARA_TEST(tc25_admin_erase_single_bucket)
993 const char *bucket = "bucket25";
994 const char *emptyBucket = "empty_bucket25";
995 const char *client = "client25";
996 const char *user = "user25";
997 const char *privilege = "privilege25";
998 const char *client2 = "client25_2";
999 const char *user2 = "user25_2";
1000 const char *privilege2 = "privilege25_2";
1001 const char *wildcard = CYNARA_ADMIN_WILDCARD;
1002 const char *any = CYNARA_ADMIN_ANY;
1003 const char *extra = nullptr;
1007 admin.setBucket(bucket, CYNARA_ADMIN_ALLOW, extra);
1008 admin.setBucket(emptyBucket, CYNARA_ADMIN_ALLOW, extra);
1011 CynaraPoliciesContainer cp;
1012 cp.add(bucket, wildcard, wildcard, wildcard, CYNARA_ADMIN_BUCKET, emptyBucket);
1013 cp.add(bucket, wildcard, wildcard, privilege, CYNARA_ADMIN_DENY, extra);
1014 cp.add(bucket, wildcard, wildcard, privilege2, CYNARA_ADMIN_BUCKET, emptyBucket);
1015 cp.add(bucket, wildcard, user, wildcard, CYNARA_ADMIN_DENY, extra);
1016 cp.add(bucket, wildcard, user2, wildcard, CYNARA_ADMIN_BUCKET, emptyBucket);
1017 cp.add(bucket, wildcard, user, privilege, CYNARA_ADMIN_DENY, extra);
1018 cp.add(bucket, wildcard, user, privilege2, CYNARA_ADMIN_BUCKET, emptyBucket);
1019 cp.add(bucket, wildcard, user2, privilege, CYNARA_ADMIN_DENY, extra);
1020 cp.add(bucket, wildcard, user2, privilege2, CYNARA_ADMIN_BUCKET, emptyBucket);
1021 cp.add(bucket, client, wildcard, wildcard, CYNARA_ADMIN_DENY, extra);
1022 cp.add(bucket, client2, wildcard, wildcard, CYNARA_ADMIN_BUCKET, emptyBucket);
1023 cp.add(bucket, client, wildcard, privilege, CYNARA_ADMIN_DENY, extra);
1024 cp.add(bucket, client, wildcard, privilege2, CYNARA_ADMIN_BUCKET, emptyBucket);
1025 cp.add(bucket, client2, wildcard, privilege, CYNARA_ADMIN_DENY, extra);
1026 cp.add(bucket, client2, wildcard, privilege2, CYNARA_ADMIN_BUCKET, emptyBucket);
1027 cp.add(bucket, client, user, wildcard, CYNARA_ADMIN_DENY, extra);
1028 cp.add(bucket, client, user2, wildcard, CYNARA_ADMIN_BUCKET, emptyBucket);
1029 cp.add(bucket, client2, user, wildcard, CYNARA_ADMIN_DENY, extra);
1030 cp.add(bucket, client2, user2, wildcard, CYNARA_ADMIN_BUCKET, emptyBucket);
1031 cp.add(bucket, client, user, privilege, CYNARA_ADMIN_DENY, extra);
1032 cp.add(bucket, client, user, privilege2, CYNARA_ADMIN_BUCKET, emptyBucket);
1033 cp.add(bucket, client, user2, privilege, CYNARA_ADMIN_DENY, extra);
1034 cp.add(bucket, client, user2, privilege2, CYNARA_ADMIN_BUCKET, emptyBucket);
1035 cp.add(bucket, client2, user, privilege, CYNARA_ADMIN_DENY, extra);
1036 cp.add(bucket, client2, user, privilege2, CYNARA_ADMIN_BUCKET, emptyBucket);
1037 cp.add(bucket, client2, user2, privilege, CYNARA_ADMIN_DENY, extra);
1038 cp.add(bucket, client2, user2, privilege2, CYNARA_ADMIN_BUCKET, emptyBucket);
1039 admin.setPolicies(cp);
1042 admin.erasePolicies(bucket, recursive, client, wildcard, any);
1045 CynaraPoliciesContainer expPolicies;
1046 expPolicies.add(bucket, wildcard, wildcard, wildcard, CYNARA_ADMIN_BUCKET, emptyBucket);
1047 expPolicies.add(bucket, wildcard, wildcard, privilege, CYNARA_ADMIN_DENY, extra);
1048 expPolicies.add(bucket, wildcard, wildcard, privilege2, CYNARA_ADMIN_BUCKET, emptyBucket);
1049 expPolicies.add(bucket, wildcard, user, wildcard, CYNARA_ADMIN_DENY, extra);
1050 expPolicies.add(bucket, wildcard, user2, wildcard, CYNARA_ADMIN_BUCKET, emptyBucket);
1051 expPolicies.add(bucket, wildcard, user, privilege, CYNARA_ADMIN_DENY, extra);
1052 expPolicies.add(bucket, wildcard, user, privilege2, CYNARA_ADMIN_BUCKET, emptyBucket);
1053 expPolicies.add(bucket, wildcard, user2, privilege, CYNARA_ADMIN_DENY, extra);
1054 expPolicies.add(bucket, wildcard, user2, privilege2, CYNARA_ADMIN_BUCKET, emptyBucket);
1055 // WAS ERASED (bucket, client, wildcard, wildcard, CYNARA_ADMIN_DENY, extra);
1056 expPolicies.add(bucket, client2, wildcard, wildcard, CYNARA_ADMIN_BUCKET, emptyBucket);
1057 // WAS ERASED (bucket, client, wildcard, privilege, CYNARA_ADMIN_DENY, extra);
1058 // WAS ERASED (bucket, client, wildcard, privilege2, CYNARA_ADMIN_BUCKET, emptyBucket);
1059 expPolicies.add(bucket, client2, wildcard, privilege, CYNARA_ADMIN_DENY, extra);
1060 expPolicies.add(bucket, client2, wildcard, privilege2, CYNARA_ADMIN_BUCKET, emptyBucket);
1061 expPolicies.add(bucket, client, user, wildcard, CYNARA_ADMIN_DENY, extra);
1062 expPolicies.add(bucket, client, user2, wildcard, CYNARA_ADMIN_BUCKET, emptyBucket);
1063 expPolicies.add(bucket, client2, user, wildcard, CYNARA_ADMIN_DENY, extra);
1064 expPolicies.add(bucket, client2, user2, wildcard, CYNARA_ADMIN_BUCKET, emptyBucket);
1065 expPolicies.add(bucket, client, user, privilege, CYNARA_ADMIN_DENY, extra);
1066 expPolicies.add(bucket, client, user, privilege2, CYNARA_ADMIN_BUCKET, emptyBucket);
1067 expPolicies.add(bucket, client, user2, privilege, CYNARA_ADMIN_DENY, extra);
1068 expPolicies.add(bucket, client, user2, privilege2, CYNARA_ADMIN_BUCKET, emptyBucket);
1069 expPolicies.add(bucket, client2, user, privilege, CYNARA_ADMIN_DENY, extra);
1070 expPolicies.add(bucket, client2, user, privilege2, CYNARA_ADMIN_BUCKET, emptyBucket);
1071 expPolicies.add(bucket, client2, user2, privilege, CYNARA_ADMIN_DENY, extra);
1072 expPolicies.add(bucket, client2, user2, privilege2, CYNARA_ADMIN_BUCKET, emptyBucket);
1073 admin.listPolicies(bucket, any, any, any, expPolicies);
1076 CynaraPoliciesContainer expPolicies;
1077 admin.listPolicies(emptyBucket, any, any, any, expPolicies);
1081 RUN_CYNARA_TEST(tc26_admin_erase_recursive_not_linked_buckets)
1083 const char *bucket = "bucket26";
1084 const char *subBucket = "sub_bucket26";
1085 const char *client = "client26";
1086 const char *user = "user26";
1087 const char *privilege = "privilege26";
1088 const char *wildcard = CYNARA_ADMIN_WILDCARD;
1089 const char *any = CYNARA_ADMIN_ANY;
1090 const char *extra = nullptr;
1094 admin.setBucket(bucket, CYNARA_ADMIN_ALLOW, extra);
1095 admin.setBucket(subBucket, CYNARA_ADMIN_ALLOW, extra);
1098 CynaraPoliciesContainer cp;
1099 cp.add(bucket, client, user, wildcard, CYNARA_ADMIN_DENY, extra);
1100 cp.add(bucket, wildcard, user, wildcard, CYNARA_ADMIN_DENY, extra);
1101 cp.add(bucket, client, user, privilege, CYNARA_ADMIN_DENY, extra);
1103 cp.add(subBucket, client, user, wildcard, CYNARA_ADMIN_DENY, extra);
1104 cp.add(subBucket, wildcard, user, wildcard, CYNARA_ADMIN_DENY, extra);
1105 cp.add(subBucket, client, user, privilege, CYNARA_ADMIN_DENY, extra);
1106 admin.setPolicies(cp);
1109 admin.erasePolicies(bucket, recursive, any, user, wildcard);
1112 CynaraPoliciesContainer expPolicies;
1113 expPolicies.add(bucket, client, user, privilege, CYNARA_ADMIN_DENY, extra);
1114 admin.listPolicies(bucket, any, any, any, expPolicies);
1117 CynaraPoliciesContainer expPolicies;
1118 expPolicies.add(subBucket, client, user, wildcard, CYNARA_ADMIN_DENY, extra);
1119 expPolicies.add(subBucket, wildcard, user, wildcard, CYNARA_ADMIN_DENY, extra);
1120 expPolicies.add(subBucket, client, user, privilege, CYNARA_ADMIN_DENY, extra);
1121 admin.listPolicies(subBucket, any, any, any, expPolicies);
1125 RUN_CYNARA_TEST(tc27_admin_erase_recursive_linked_buckets)
1127 const char *bucket = "bucket27";
1128 const char *subBucket = "sub_bucket27";
1129 const char *client = "client27";
1130 const char *user = "user27";
1131 const char *privilege = "privilege27";
1132 const char *wildcard = CYNARA_ADMIN_WILDCARD;
1133 const char *any = CYNARA_ADMIN_ANY;
1134 const char *extra = nullptr;
1138 admin.setBucket(bucket, CYNARA_ADMIN_ALLOW, extra);
1139 admin.setBucket(subBucket, CYNARA_ADMIN_ALLOW, extra);
1142 CynaraPoliciesContainer cp;
1143 cp.add(bucket, wildcard, wildcard, wildcard, CYNARA_ADMIN_BUCKET, subBucket);
1145 cp.add(bucket, client, user, wildcard, CYNARA_ADMIN_DENY, extra);
1146 cp.add(bucket, wildcard, user, wildcard, CYNARA_ADMIN_DENY, extra);
1147 cp.add(bucket, client, user, privilege, CYNARA_ADMIN_DENY, extra);
1149 cp.add(subBucket, client, user, wildcard, CYNARA_ADMIN_DENY, extra);
1150 cp.add(subBucket, wildcard, user, wildcard, CYNARA_ADMIN_DENY, extra);
1151 cp.add(subBucket, client, user, privilege, CYNARA_ADMIN_DENY, extra);
1152 admin.setPolicies(cp);
1155 admin.erasePolicies(bucket, recursive, any, user, wildcard);
1158 CynaraPoliciesContainer expPolicies;
1159 expPolicies.add(bucket, client, user, privilege, CYNARA_ADMIN_DENY, extra);
1160 expPolicies.add(bucket, wildcard, wildcard, wildcard, CYNARA_ADMIN_BUCKET, subBucket);
1161 admin.listPolicies(bucket, any, any, any, expPolicies);
1164 CynaraPoliciesContainer expPolicies;
1165 expPolicies.add(subBucket, client, user, privilege, CYNARA_ADMIN_DENY, extra);
1166 admin.listPolicies(subBucket, any, any, any, expPolicies);
1170 RUN_CYNARA_TEST(tc28_admin_erase_non_recursive_linked_buckets)
1172 const char *bucket = "bucket28";
1173 const char *subBucket = "sub_bucket28";
1174 const char *client = "client28";
1175 const char *user = "user28";
1176 const char *privilege = "privilege28";
1177 const char *wildcard = CYNARA_ADMIN_WILDCARD;
1178 const char *any = CYNARA_ADMIN_ANY;
1179 const char *extra = nullptr;
1183 admin.setBucket(bucket, CYNARA_ADMIN_ALLOW, extra);
1184 admin.setBucket(subBucket, CYNARA_ADMIN_ALLOW, extra);
1187 CynaraPoliciesContainer cp;
1188 cp.add(bucket, wildcard, wildcard, wildcard, CYNARA_ADMIN_BUCKET, subBucket);
1190 cp.add(bucket, client, user, wildcard, CYNARA_ADMIN_DENY, extra);
1191 cp.add(bucket, wildcard, user, wildcard, CYNARA_ADMIN_DENY, extra);
1192 cp.add(bucket, client, user, privilege, CYNARA_ADMIN_DENY, extra);
1194 cp.add(subBucket, client, user, wildcard, CYNARA_ADMIN_DENY, extra);
1195 cp.add(subBucket, wildcard, user, wildcard, CYNARA_ADMIN_DENY, extra);
1196 cp.add(subBucket, client, user, privilege, CYNARA_ADMIN_DENY, extra);
1197 admin.setPolicies(cp);
1200 admin.erasePolicies(bucket, recursive, any, user, wildcard);
1203 CynaraPoliciesContainer expPolicies;
1204 expPolicies.add(bucket, client, user, privilege, CYNARA_ADMIN_DENY, extra);
1205 expPolicies.add(bucket, wildcard, wildcard, wildcard, CYNARA_ADMIN_BUCKET, subBucket);
1206 admin.listPolicies(bucket, any, any, any, expPolicies);
1209 CynaraPoliciesContainer expPolicies;
1210 expPolicies.add(subBucket, client, user, wildcard, CYNARA_ADMIN_DENY, extra);
1211 expPolicies.add(subBucket, wildcard, user, wildcard, CYNARA_ADMIN_DENY, extra);
1212 expPolicies.add(subBucket, client, user, privilege, CYNARA_ADMIN_DENY, extra);
1213 admin.listPolicies(subBucket, any, any, any, expPolicies);
1217 RUN_CYNARA_TEST(tc29_admin_erase_recursive_from_sub_bucket)
1219 const char *bucket = "bucket29";
1220 const char *subBucket = "sub_bucket29";
1221 const char *client = "client29";
1222 const char *user = "user29";
1223 const char *privilege = "privilege29";
1224 const char *wildcard = CYNARA_ADMIN_WILDCARD;
1225 const char *any = CYNARA_ADMIN_ANY;
1226 const char *extra = nullptr;
1230 admin.setBucket(bucket, CYNARA_ADMIN_ALLOW, extra);
1231 admin.setBucket(subBucket, CYNARA_ADMIN_ALLOW, extra);
1234 CynaraPoliciesContainer cp;
1235 cp.add(bucket, wildcard, wildcard, wildcard, CYNARA_ADMIN_BUCKET, subBucket);
1237 cp.add(bucket, client, user, wildcard, CYNARA_ADMIN_DENY, extra);
1238 cp.add(bucket, wildcard, user, wildcard, CYNARA_ADMIN_DENY, extra);
1239 cp.add(bucket, client, user, privilege, CYNARA_ADMIN_DENY, extra);
1241 cp.add(subBucket, client, user, wildcard, CYNARA_ADMIN_DENY, extra);
1242 cp.add(subBucket, wildcard, user, wildcard, CYNARA_ADMIN_DENY, extra);
1243 cp.add(subBucket, client, user, privilege, CYNARA_ADMIN_DENY, extra);
1244 admin.setPolicies(cp);
1247 admin.erasePolicies(subBucket, recursive, any, user, wildcard);
1250 CynaraPoliciesContainer expPolicies;
1251 expPolicies.add(bucket, wildcard, wildcard, wildcard, CYNARA_ADMIN_BUCKET, subBucket);
1252 expPolicies.add(bucket, client, user, wildcard, CYNARA_ADMIN_DENY, extra);
1253 expPolicies.add(bucket, wildcard, user, wildcard, CYNARA_ADMIN_DENY, extra);
1254 expPolicies.add(bucket, client, user, privilege, CYNARA_ADMIN_DENY, extra);
1255 admin.listPolicies(bucket, any, any, any, expPolicies);
1258 CynaraPoliciesContainer expPolicies;
1259 expPolicies.add(subBucket, client, user, privilege, CYNARA_ADMIN_DENY, extra);
1260 admin.listPolicies(subBucket, any, any, any, expPolicies);
1264 void testPlugins(const std::vector<std::string> &plugins)
1266 using namespace CynaraTestPlugins;
1268 DirectoryPaths paths;
1269 Descriptions expectedDescriptions(POLICY_DESCRIPTIONS.at(DEFAULT_POLICY));
1271 for (auto &plugin : plugins) {
1272 paths.push_back(TEST_PLUGIN_PATH + plugin);
1274 const Descriptions &pluginDescriptions = POLICY_DESCRIPTIONS.at(plugin);
1275 expectedDescriptions.insert(expectedDescriptions.end(),
1276 pluginDescriptions.begin(), pluginDescriptions.end());
1279 loadServicePlugins(paths);
1282 admin.listPoliciesDescriptions(expectedDescriptions);
1285 RUN_CYNARA_TEST(tc30_admin_list_descriptions_no_plugins)
1290 RUN_CYNARA_TEST(tc31_admin_list_descriptions_1_plugin_single_policy)
1292 testPlugins({CynaraTestPlugins::SINGLE_POLICY});
1295 RUN_CYNARA_TEST(tc32_admin_list_descriptions_1_plugin_multiple_policy)
1297 testPlugins({CynaraTestPlugins::MULTIPLE_POLICY});
1300 RUN_CYNARA_TEST(tc33_admin_list_descriptions_multiple_plugins)
1302 testPlugins({CynaraTestPlugins::SINGLE_POLICY,
1303 CynaraTestPlugins::MULTIPLE_POLICY});
projects / platform / core / test / security-tests.git / blob