/** * Copyright (C) 2018-present MongoDB, Inc. * * This program is free software: you can redistribute it and/or modify * it under the terms of the Server Side Public License, version 1, * as published by MongoDB, Inc. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * Server Side Public License for more details. * * You should have received a copy of the Server Side Public License * along with this program. If not, see * . * * As a special exception, the copyright holders give permission to link the * code of portions of this program with the OpenSSL library under certain * conditions as described in each individual source file and distribute * linked combinations including the program with the OpenSSL library. You * must comply with the Server Side Public License in all respects for * all of the code used other than as permitted herein. If you modify file(s) * with this exception, you may extend this exception to your version of the * file(s), but you are not obligated to do so. If you do not wish to do so, * delete this exception statement from your version. If you delete this * exception statement from all source files in the program, then also delete * it in the license file. */ #include "mongo/platform/basic.h" #include "mongo/db/auth/restriction.h" #include "mongo/db/auth/restriction_environment.h" #include "mongo/db/auth/restriction_mock.h" #include "mongo/db/auth/restriction_set.h" #include "mongo/unittest/unittest.h" namespace mongo { using namespace restriction_detail; TEST(RestrictionSetTest, EmptyRestrictionSetAllValidates) { RestrictionEnvironment env{SockAddr(), SockAddr()}; RestrictionSetAll set; Status status = set.validate(env); ASSERT_OK(status); } TEST(RestrictionSetTest, RestrictionSetAllWithMetRestrictionValidates) { RestrictionEnvironment env{SockAddr(), SockAddr()}; std::vector> restrictions; restrictions.push_back(std::make_unique(true)); RestrictionSetAll set(std::move(restrictions)); ASSERT_OK(set.validate(env)); } TEST(RestrictionSetTest, RestrictionSetAllWithMetRestrictionsValidates) { RestrictionEnvironment env{SockAddr(), SockAddr()}; std::vector> restrictions; restrictions.push_back(std::make_unique(true)); restrictions.push_back(std::make_unique(true)); RestrictionSetAll set(std::move(restrictions)); ASSERT_OK(set.validate(env)); } TEST(RestrictionSetTest, RestrictionSetAllWithFailedRestrictionFails) { RestrictionEnvironment env{SockAddr(), SockAddr()}; std::vector> restrictions; restrictions.push_back(std::make_unique(false)); RestrictionSetAll set(std::move(restrictions)); ASSERT_NOT_OK(set.validate(env)); } TEST(RestrictionSetTest, RestrictionSetAllWithMetAndUnmetRestrictionsFails) { RestrictionEnvironment env{SockAddr(), SockAddr()}; std::vector> restrictions; restrictions.push_back(std::make_unique(true)); restrictions.push_back(std::make_unique(false)); RestrictionSetAll set(std::move(restrictions)); ASSERT_NOT_OK(set.validate(env)); } TEST(RestrictionSetTest, EmptyRestrictionSetAnyValidates) { RestrictionEnvironment env{SockAddr(), SockAddr()}; RestrictionSetAny set; Status status = set.validate(env); ASSERT_OK(status); } TEST(RestrictionSetTest, RestrictionSetAnyWithMetRestrictionValidates) { RestrictionEnvironment env{SockAddr(), SockAddr()}; std::vector> restrictions; restrictions.push_back(std::make_unique(true)); RestrictionSetAny set(std::move(restrictions)); ASSERT_OK(set.validate(env)); } TEST(RestrictionSetTest, RestrictionSetAnyWithFailedRestrictionFails) { RestrictionEnvironment env{SockAddr(), SockAddr()}; std::vector> restrictions; restrictions.push_back(std::make_unique(false)); RestrictionSetAny set(std::move(restrictions)); ASSERT_NOT_OK(set.validate(env)); } TEST(RestrictionSetTest, RestrictionSetAnyWithMetAndUnmetRestrictionsValidates) { RestrictionEnvironment env{SockAddr(), SockAddr()}; std::vector> restrictions; restrictions.push_back(std::make_unique(true)); restrictions.push_back(std::make_unique(false)); RestrictionSetAny set(std::move(restrictions)); ASSERT_OK(set.validate(env)); } TEST(RestrictionSetTest, SerializeRestrictionToBSON) { const auto toArray = [](const UnnamedRestriction& r) { BSONArrayBuilder b; r.appendToBuilder(&b); return b.arr(); }; const auto toObject = [](const NamedRestriction& r) { BSONObjBuilder b; r.appendToBuilder(&b); return b.obj(); }; RestrictionMock truthy(true), falsey(false); NamedRestrictionMock nTruthy("truthy", true), nFalsey("falsey", false); ASSERT_BSONOBJ_EQ(toArray(truthy), BSON_ARRAY(true)); ASSERT_BSONOBJ_EQ(toArray(falsey), BSON_ARRAY(false)); ASSERT_BSONOBJ_EQ(toObject(nTruthy), BSON("truthy" << true)); ASSERT_BSONOBJ_EQ(toObject(nFalsey), BSON("falsey" << false)); } TEST(RestrictionSetTest, SerializeRestrictionSetToBSON) { RestrictionSet<> emptySet; ASSERT_BSONOBJ_EQ(emptySet.toBSON(), BSONObj()); std::vector> restrictions; restrictions.push_back(std::make_unique("a", true)); restrictions.push_back(std::make_unique("b", false)); restrictions.push_back(std::make_unique("c", true)); RestrictionSet<> mockSet(std::move(restrictions)); ASSERT_BSONOBJ_EQ(mockSet.toBSON(), BSON("a" << true << "b" << false << "c" << true)); } TEST(RestrictionSetTest, SerializeRestrictionSetAnyToBSON) { RestrictionSetAny emptySet; ASSERT_BSONOBJ_EQ(emptySet.toBSON(), BSONArray()); std::vector> restrictions; restrictions.push_back(std::make_unique(true)); restrictions.push_back(std::make_unique(false)); restrictions.push_back(std::make_unique(true)); RestrictionSetAny mockSet(std::move(restrictions)); ASSERT_BSONOBJ_EQ(mockSet.toBSON(), BSON_ARRAY(true << false << true)); } TEST(RestrictionSetTest, SerializeRestrictionDocumentToBSON) { RestrictionDocument<> emptyDoc; ASSERT_BSONOBJ_EQ(emptyDoc.toBSON(), BSONArray()); std::vector> restrictions; restrictions.push_back(std::make_unique("truthy", true)); restrictions.push_back(std::make_unique("falsey", false)); auto mockSet = std::make_unique>(std::move(restrictions)); RestrictionDocument<> mockDoc(std::move(mockSet)); ASSERT_BSONOBJ_EQ(mockDoc.toBSON(), BSON_ARRAY(BSON("truthy" << true << "falsey" << false))); } TEST(RestrictionSetTest, SerializeRestrictionDocumentsToBSON) { RestrictionDocuments emptyDoc; ASSERT_BSONOBJ_EQ(emptyDoc.toBSON(), BSONArray()); std::vector> restrictions; restrictions.push_back(std::make_unique("truthy", true)); restrictions.push_back(std::make_unique("falsey", false)); auto mockSet = std::make_unique>(std::move(restrictions)); auto mockDoc = std::make_unique>(std::move(mockSet)); RestrictionDocuments mockDocs(std::move(mockDoc)); ASSERT_BSONOBJ_EQ(mockDocs.toBSON(), BSON_ARRAY(BSON_ARRAY(BSON("truthy" << true << "falsey" << false)))); } } // namespace mongo