PageRenderTime 32ms CodeModel.GetById 1ms RepoModel.GetById 0ms app.codeStats 0ms

/test/storage/storage/check.cpp

https://gitlab.com/github-cloud-corporation/cynara
C++ | 264 lines | 149 code | 67 blank | 48 comment | 0 complexity | 8510dfef8bc52eb11cebba79e953a168 MD5 | raw file
    

  1. /*
    2. 

  2.  * Copyright (c) 2014 Samsung Electronics Co., Ltd All Rights Reserved
    3. 

  3.  *
    4. 

  4.  *    Licensed under the Apache License, Version 2.0 (the "License");
    5. 

  5.  *    you may not use this file except in compliance with the License.
    6. 

  6.  *    You may obtain a copy of the License at
    7. 

  7.  *
    8. 

  8.  *        http://www.apache.org/licenses/LICENSE-2.0
    9. 

  9.  *
    10. 

  10.  *    Unless required by applicable law or agreed to in writing, software
    11. 

  11.  *    distributed under the License is distributed on an "AS IS" BASIS,
    12. 

  12.  *    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    13. 

  13.  *    See the License for the specific language governing permissions and
    14. 

  14.  *    limitations under the License.
    15. 

  15.  */
    16. 

  16. /**
    17. 

  17.  * @file        test/storage/storage/check.cpp
    18. 

  18.  * @author      Aleksander Zdyb <a.zdyb@samsung.com>
    19. 

  19.  * @version     1.0
    20. 

  20.  * @brief       Tests of check in Storage
    21. 

  21.  */
    22. 

  22. 

  23. #include <gtest/gtest.h>
    24. 

  24. #include <gmock/gmock.h>
    25. 

  25. 

  26. #include "types/PolicyType.h"
    27. 

  27. #include "types/PolicyKey.h"
    28. 

  28. #include "types/PolicyResult.h"
    29. 

  29. #include "types/PolicyCollection.h"
    30. 

  30. #include "types/pointers.h"
    31. 

  31. #include "exceptions/DefaultBucketDeletionException.h"
    32. 

  32. #include "storage/Storage.h"
    33. 

  33. #include "storage/StorageBackend.h"
    34. 

  34. 

  35. #include "fakestoragebackend.h"
    36. 

  36. #include "../../helpers.h"
    37. 

  37. 

  38. #include <memory>
    39. 

  39. #include <tuple>
    40. 

  40. 

  41. using namespace Cynara;
    42. 

  42. 

  43. TEST(storage, checkEmpty) {
    44. 

  44.     using ::testing::ReturnPointee;
    45. 

  45. 

  46.     PolicyBucket emptyBucket("empty");
    47. 

  47. 

  48.     FakeStorageBackend backend;
    49. 

  49.     Cynara::Storage storage(backend);
    50. 

  50.     PolicyKey pk = Helpers::generatePolicyKey();
    51. 

  51. 

  52.     EXPECT_CALL(backend, searchBucket(defaultPolicyBucketId, pk))
    53. 

  53.         .WillOnce(ReturnPointee(&emptyBucket));
    54. 

  54. 

  55.     // Default bucket empty -- return DENY
    56. 

  56.     auto policyAnswer = storage.checkPolicy(pk);
    57. 

  57.     ASSERT_EQ(PredefinedPolicyType::DENY, policyAnswer.policyType());
    58. 

  58. }
    59. 

  59. 

  60. TEST(storage, checkSimple) {
    61. 

  61.     using ::testing::ReturnPointee;
    62. 

  62. 

  63.     PolicyBucket bucket(defaultPolicyBucketId);
    64. 

  64.     FakeStorageBackend backend;
    65. 

  65. 

  66.     Cynara::Storage storage(backend);
    67. 

  67.     PolicyKey pk = Helpers::generatePolicyKey();
    68. 

  68. 

  69.     EXPECT_CALL(backend, searchBucket(defaultPolicyBucketId, pk))
    70. 

  70.         .WillRepeatedly(ReturnPointee(&bucket));
    71. 

  71. 

  72.     // Default bucket empty -- return DENY
    73. 

  73.     ASSERT_EQ(PredefinedPolicyType::DENY, storage.checkPolicy(pk).policyType());
    74. 

  74. 

  75.     // Add ALLOW to default bucket -- return ALLOW
    76. 

  76.     bucket.insertPolicy(Policy::simpleWithKey(pk, PredefinedPolicyType::ALLOW));
    77. 

  77.     ASSERT_EQ(PredefinedPolicyType::ALLOW, storage.checkPolicy(pk).policyType());
    78. 

  78. 

  79.     // Add DENY to default bucket -- return DENY
    80. 

  80.     bucket.insertPolicy(Policy::simpleWithKey(pk, PredefinedPolicyType::DENY));
    81. 

  81.     ASSERT_EQ(PredefinedPolicyType::DENY, storage.checkPolicy(pk).policyType());
    82. 

  82. }
    83. 

  83. 

  84. // TODO: Refactorize to resemble checkNonrecursive()
    85. 

  85. TEST(storage, checkBucket) {
    86. 

  86.     using ::testing::ReturnPointee;
    87. 

  87. 

  88.     const PolicyBucketId additionalBucketId = "additional-bucket";
    89. 

  89. 

  90.     FakeStorageBackend backend;
    91. 

  91.     Cynara::Storage storage(backend);
    92. 

  92.     PolicyKey pk = Helpers::generatePolicyKey();
    93. 

  93. 

  94.     PolicyBucket defaultBucket(defaultPolicyBucketId, PolicyCollection({
    95. 

  95.         Policy::simpleWithKey(pk, PredefinedPolicyType::ALLOW),
    96. 

  96.         Policy::bucketWithKey(pk, additionalBucketId)
    97. 

  97.     }));
    98. 

  98. 

  99.     PolicyBucket additionalBucket("additional");
    100. 

  100. 

  101.     EXPECT_CALL(backend, searchBucket(defaultPolicyBucketId, pk))
    102. 

  102.         .WillRepeatedly(ReturnPointee(&defaultBucket));
    103. 

  103. 

  104.     EXPECT_CALL(backend, searchBucket(additionalBucketId, pk))
    105. 

  105.         .WillRepeatedly(ReturnPointee(&additionalBucket));
    106. 

  106. 

  107. 

  108.     // Bucket empty -- should return DENY as default bucket value
    109. 

  109.     ASSERT_EQ(PredefinedPolicyType::DENY, storage.checkPolicy(pk).policyType());
    110. 

  110. 

  111.     // Add ALLOW to bucket, so return ALLOW
    112. 

  112.     additionalBucket.insertPolicy(Policy::simpleWithKey(pk, PredefinedPolicyType::ALLOW));
    113. 

  113.     ASSERT_EQ(PredefinedPolicyType::ALLOW, storage.checkPolicy(pk).policyType());
    114. 

  114. 

  115.     // Add DENY to default bucket -- return DENY, even though ALLOW in other bucket
    116. 

  116.     defaultBucket.insertPolicy(Policy::simpleWithKey(pk, PredefinedPolicyType::DENY));
    117. 

  117.     ASSERT_EQ(PredefinedPolicyType::DENY, storage.checkPolicy(pk).policyType());
    118. 

  118. }
    119. 

  119. 

  120. // Catch a bug, where consecutive buckets were filtered with wildcard policies' keys
    121. 

  121. // instead of original key being checked
    122. 

  122. TEST(storage, checkBucketWildcard) {
    123. 

  123.     using ::testing::Return;
    124. 

  124.     using ::testing::ReturnPointee;
    125. 

  125. 

  126.     const PolicyBucketId additionalBucketId = "additional-bucket";
    127. 

  127.     const PolicyKey defaultBucketKey = PolicyKey("c", "*", "p");
    128. 

  128.     const PolicyKey checkKey = PolicyKey("c", "u1", "p");
    129. 

  129. 

  130.     PolicyBucket defaultBucket(defaultPolicyBucketId, PolicyCollection({
    131. 

  131.         Policy::bucketWithKey(defaultBucketKey, additionalBucketId)
    132. 

  132.     }));
    133. 

  133. 

  134.     FakeStorageBackend backend;
    135. 

  135.     Cynara::Storage storage(backend);
    136. 

  136. 

  137.     EXPECT_CALL(backend, searchBucket(defaultPolicyBucketId, checkKey))
    138. 

  138.         .WillRepeatedly(ReturnPointee(&defaultBucket));
    139. 

  139. 

  140.     // Check, if next bucket is filtered with original key
    141. 

  141.     EXPECT_CALL(backend, searchBucket(additionalBucketId, checkKey))
    142. 

  142.         .WillRepeatedly(Return(PolicyBucket("id")));    // additional bucket would yield no records
    143. 

  143. 

  144.     // Should return additional bucket's default policy
    145. 

  145.     ASSERT_EQ(PredefinedPolicyType::DENY, storage.checkPolicy(checkKey));
    146. 

  146. }
    147. 

  147. 

  148. TEST(storage, checkBucketWildcardOtherDefault) {
    149. 

  149.     using ::testing::ReturnPointee;
    150. 

  150. 

  151.     const PolicyBucketId additionalBucketId = "additional-bucket";
    152. 

  152.     const PolicyKey defaultBucketKey = PolicyKey("c", "*", "p");
    153. 

  153.     const PolicyKey checkKey = PolicyKey("c", "u1", "p");
    154. 

  154. 

  155.     PolicyBucket defaultBucket(defaultPolicyBucketId, PolicyCollection({
    156. 

  156.         Policy::bucketWithKey(defaultBucketKey, additionalBucketId)
    157. 

  157.     }));
    158. 

  158. 

  159.     PolicyBucket additionalBucket(additionalBucketId, PredefinedPolicyType::ALLOW);
    160. 

  160. 

  161.     FakeStorageBackend backend;
    162. 

  162.     Cynara::Storage storage(backend);
    163. 

  163. 

  164.     EXPECT_CALL(backend, searchBucket(defaultPolicyBucketId, checkKey))
    165. 

  165.         .WillRepeatedly(ReturnPointee(&defaultBucket));
    166. 

  166. 

  167.     // Check, if next bucket is filtered with original key
    168. 

  168.     EXPECT_CALL(backend, searchBucket(additionalBucketId, checkKey))
    169. 

  169.         .WillRepeatedly(ReturnPointee(&additionalBucket));
    170. 

  170. 

  171.     // Should return additional bucket's default policy
    172. 

  172.     ASSERT_EQ(PredefinedPolicyType::ALLOW, storage.checkPolicy(checkKey));
    173. 

  173. }
    174. 

  174. 

  175. TEST(storage, checkNonrecursive) {
    176. 

  176.     using ::testing::ReturnPointee;
    177. 

  177. 

  178.     PolicyKey pk = Helpers::generatePolicyKey();
    179. 

  179.     PolicyBucketId bucketId = "a-bucket";
    180. 

  180. 

  181.     PolicyBucket bucket(bucketId, PredefinedPolicyType::ALLOW,
    182. 

  182.                                { Policy::bucketWithKey(pk, "must-not-be-touched") });
    183. 

  183.     FakeStorageBackend backend;
    184. 

  184. 

  185.     Cynara::Storage storage(backend);
    186. 

  186. 

  187.     EXPECT_CALL(backend, searchBucket(bucketId, pk))
    188. 

  188.         .WillOnce(ReturnPointee(&bucket));
    189. 

  189. 

  190.     ASSERT_EQ(PredefinedPolicyType::ALLOW, storage.checkPolicy(pk, bucketId, false));
    191. 

  191. }
    192. 

  192. 

  193. /*
    194. 

  194.  * bucket1 contains policy (with key pk) pointing to bucket2
    195. 

  195.  * bucket2 is empty and it's default policy is NONE
    196. 

  196.  * Because NONE policy in bucket2, check should yield default policy of bucket1 and not of bucket2
    197. 

  197.  */
    198. 

  198. TEST(storage, noneBucket) {
    199. 

  199.     using ::testing::ReturnPointee;
    200. 

  200.     using PredefinedPolicyType::ALLOW;
    201. 

  201.     using PredefinedPolicyType::NONE;
    202. 

  202. 

  203.     auto pk = Helpers::generatePolicyKey();
    204. 

  204. 

  205.     PolicyBucket bucket2("bucket-2", NONE);
    206. 

  206.     PolicyBucket bucket1("bucket-1", ALLOW, { Policy::bucketWithKey(pk, bucket2.id()) });
    207. 

  207. 

  208.     FakeStorageBackend backend;
    209. 

  209.     Cynara::Storage storage(backend);
    210. 

  210. 

  211.     EXPECT_CALL(backend, searchBucket(bucket1.id(), pk))
    212. 

  212.         .WillOnce(ReturnPointee(&bucket1));
    213. 

  213.     EXPECT_CALL(backend, searchBucket(bucket2.id(), pk))
    214. 

  214.         .WillOnce(ReturnPointee(&bucket2));
    215. 

  215. 

  216.     ASSERT_EQ(ALLOW, storage.checkPolicy(pk, bucket1.id(), true));
    217. 

  217. }
    218. 

  218. 

  219. /*
    220. 

  220.  * Scenario similar to noneBucket, but bucket2 contains matching policy.
    221. 

  221.  * In this case this policy should be returned.
    222. 

  222.  */
    223. 

  223. TEST(storage, noneBucketNotEmpty) {
    224. 

  224.     using ::testing::ReturnPointee;
    225. 

  225.     using PredefinedPolicyType::ALLOW;
    226. 

  226.     using PredefinedPolicyType::DENY;
    227. 

  227.     using PredefinedPolicyType::NONE;
    228. 

  228. 

  229.     auto pk = Helpers::generatePolicyKey();
    230. 

  230. 

  231.     PolicyBucket bucket2("bucket-2", NONE, { Policy::simpleWithKey(pk, DENY) });
    232. 

  232.     PolicyBucket bucket1("bucket-1", ALLOW, { Policy::bucketWithKey(pk, bucket2.id()) });
    233. 

  233. 

  234.     FakeStorageBackend backend;
    235. 

  235.     Cynara::Storage storage(backend);
    236. 

  236. 

  237.     EXPECT_CALL(backend, searchBucket(bucket1.id(), pk))
    238. 

  238.         .WillOnce(ReturnPointee(&bucket1));
    239. 

  239.     EXPECT_CALL(backend, searchBucket(bucket2.id(), pk))
    240. 

  240.         .WillOnce(ReturnPointee(&bucket2));
    241. 

  241. 

  242.     ASSERT_EQ(DENY, storage.checkPolicy(pk, bucket1.id(), true));
    243. 

  243. }
    244. 

  244. 

  245. /*
    246. 

  246.  * Single empty bucket with default policy of NONE
    247. 

  247.  * -- searching for any key should yield NONE
    248. 

  248.  */
    249. 

  249. TEST(storage, singleNoneBucket) {
    250. 

  250.     using ::testing::ReturnPointee;
    251. 

  251.     using PredefinedPolicyType::NONE;
    252. 

  252. 

  253.     auto pk = Helpers::generatePolicyKey();
    254. 

  254. 

  255.     PolicyBucket bucket("bucket", NONE, {});
    256. 

  256. 

  257.     FakeStorageBackend backend;
    258. 

  258.     Cynara::Storage storage(backend);
    259. 

  259. 

  260.     EXPECT_CALL(backend, searchBucket(bucket.id(), pk))
    261. 

  261.         .WillOnce(ReturnPointee(&bucket));
    262. 

  262. 

  263.     ASSERT_EQ(NONE, storage.checkPolicy(pk, bucket.id(), true));
    264. 

  264. }
    265. 

  265.