mirror of https://gitee.com/bigwinds/arangodb
155 lines
5.0 KiB
C++
155 lines
5.0 KiB
C++
////////////////////////////////////////////////////////////////////////////////
|
|
/// @brief test suite for CuckooFilter based index selectivity estimator
|
|
///
|
|
/// @file
|
|
///
|
|
/// DISCLAIMER
|
|
///
|
|
/// Copyright 2017 ArangoDB GmbH, Cologne, Germany
|
|
///
|
|
/// Licensed under the Apache License, Version 2.0 (the "License");
|
|
/// you may not use this file except in compliance with the License.
|
|
/// You may obtain a copy of the License at
|
|
///
|
|
/// http://www.apache.org/licenses/LICENSE-2.0
|
|
///
|
|
/// Unless required by applicable law or agreed to in writing, software
|
|
/// distributed under the License is distributed on an "AS IS" BASIS,
|
|
/// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
/// See the License for the specific language governing permissions and
|
|
/// limitations under the License.
|
|
///
|
|
/// Copyright holder is ArangoDB GmbH, Cologne, Germany
|
|
///
|
|
/// @author Andreas Streichardt
|
|
/// @author Copyright 2017, ArangoDB GmbH, Cologne, Germany
|
|
////////////////////////////////////////////////////////////////////////////////
|
|
|
|
#include "gtest/gtest.h"
|
|
|
|
#include "fakeit.hpp"
|
|
|
|
#include "ApplicationFeatures/ApplicationServer.h"
|
|
#include "Aql/QueryRegistry.h"
|
|
#include "Auth/Handler.h"
|
|
#include "Auth/User.h"
|
|
#include "Auth/UserManager.h"
|
|
#include "Cluster/ServerState.h"
|
|
#include "RestServer/DatabaseFeature.h"
|
|
|
|
using namespace fakeit;
|
|
using namespace arangodb;
|
|
using namespace arangodb::aql;
|
|
|
|
namespace arangodb {
|
|
namespace tests {
|
|
namespace auth_info_test {
|
|
|
|
class TestQueryRegistry : public QueryRegistry {
|
|
public:
|
|
TestQueryRegistry() : QueryRegistry(1.0){};
|
|
virtual ~TestQueryRegistry() = default;
|
|
};
|
|
|
|
class UserManagerTest : public ::testing::Test {
|
|
protected:
|
|
application_features::ApplicationServer server;
|
|
TestQueryRegistry queryRegistry;
|
|
ServerState* state;
|
|
Mock<DatabaseFeature> databaseFeatureMock;
|
|
DatabaseFeature& databaseFeature;
|
|
auth::UserManager um;
|
|
|
|
UserManagerTest()
|
|
: server(nullptr, nullptr),
|
|
state(ServerState::instance()),
|
|
databaseFeature(databaseFeatureMock.get()),
|
|
um(server) {
|
|
state->setRole(ServerState::ROLE_SINGLE);
|
|
um.setQueryRegistry(&queryRegistry);
|
|
DatabaseFeature::DATABASE = &databaseFeature;
|
|
}
|
|
|
|
~UserManagerTest() {
|
|
state->setServerMode(ServerState::Mode::DEFAULT);
|
|
state->setReadOnly(false);
|
|
}
|
|
};
|
|
|
|
TEST_F(UserManagerTest, unknown_user_will_have_no_access) {
|
|
auth::UserMap userEntryMap;
|
|
um.setAuthInfo(userEntryMap);
|
|
auth::Level authLevel = um.databaseAuthLevel("test", "test");
|
|
ASSERT_EQ(authLevel, auth::Level::NONE);
|
|
}
|
|
|
|
TEST_F(UserManagerTest, granting_rw_access_on_database_star_will_grant_to_all_databases) {
|
|
auth::UserMap userEntryMap;
|
|
auto testUser = auth::User::newUser("test", "test", auth::Source::Local);
|
|
testUser.grantDatabase("*", auth::Level::RW);
|
|
userEntryMap.emplace("test", testUser);
|
|
|
|
um.setAuthInfo(userEntryMap);
|
|
auth::Level authLevel = um.databaseAuthLevel("test", "test");
|
|
ASSERT_EQ(authLevel, auth::Level::RW);
|
|
}
|
|
|
|
TEST_F(UserManagerTest, setting_serverstate_to_readonly_will_make_all_users_effectively_ro_users) {
|
|
auth::UserMap userEntryMap;
|
|
auto testUser = auth::User::newUser("test", "test", auth::Source::Local);
|
|
testUser.grantDatabase("*", auth::Level::RW);
|
|
userEntryMap.emplace("test", testUser);
|
|
|
|
state->setReadOnly(true);
|
|
|
|
um.setAuthInfo(userEntryMap);
|
|
auth::Level authLevel = um.databaseAuthLevel("test", "test");
|
|
ASSERT_EQ(authLevel, auth::Level::RO);
|
|
}
|
|
|
|
TEST_F(UserManagerTest, in_readonly_mode_the_configured_access_level_will_still_be_accessible) {
|
|
auth::UserMap userEntryMap;
|
|
auto testUser = auth::User::newUser("test", "test", auth::Source::Local);
|
|
testUser.grantDatabase("*", auth::Level::RW);
|
|
userEntryMap.emplace("test", testUser);
|
|
|
|
state->setReadOnly(true);
|
|
|
|
um.setAuthInfo(userEntryMap);
|
|
auth::Level authLevel = um.databaseAuthLevel("test", "test", /*configured*/ true);
|
|
ASSERT_EQ(authLevel, auth::Level::RW);
|
|
}
|
|
|
|
TEST_F(UserManagerTest, setting_serverstate_to_readonly_will_make_all_users_effective_ro_users_collection_level) {
|
|
auth::UserMap userEntryMap;
|
|
auto testUser = auth::User::newUser("test", "test", auth::Source::Local);
|
|
testUser.grantDatabase("*", auth::Level::RW);
|
|
testUser.grantCollection("test", "test", auth::Level::RW);
|
|
userEntryMap.emplace("test", testUser);
|
|
|
|
state->setReadOnly(true);
|
|
|
|
um.setAuthInfo(userEntryMap);
|
|
auth::Level authLevel = um.collectionAuthLevel("test", "test", "test");
|
|
ASSERT_EQ(authLevel, auth::Level::RO);
|
|
}
|
|
|
|
TEST_F(UserManagerTest, in_readonly_mode_the_configured_access_level_will_still_be_accessible_collection_level) {
|
|
auth::UserMap userEntryMap;
|
|
auto testUser = auth::User::newUser("test", "test", auth::Source::Local);
|
|
testUser.grantDatabase("*", auth::Level::RW);
|
|
testUser.grantCollection("test", "test", auth::Level::RW);
|
|
userEntryMap.emplace("test", testUser);
|
|
|
|
state->setReadOnly(true);
|
|
|
|
um.setAuthInfo(userEntryMap);
|
|
auth::Level authLevel =
|
|
um.collectionAuthLevel("test", "test", "test", /*configured*/ true);
|
|
ASSERT_EQ(authLevel, auth::Level::RW);
|
|
}
|
|
|
|
} // namespace auth_info_test
|
|
} // namespace tests
|
|
} // namespace arangodb
|