grpc_authorization_engine_test.cc
Go to the documentation of this file.
1 // Copyright 2021 gRPC authors.
2 //
3 // Licensed under the Apache License, Version 2.0 (the "License");
4 // you may not use this file except in compliance with the License.
5 // You may obtain a copy of the License at
6 //
7 // http://www.apache.org/licenses/LICENSE-2.0
8 //
9 // Unless required by applicable law or agreed to in writing, software
10 // distributed under the License is distributed on an "AS IS" BASIS,
11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 // See the License for the specific language governing permissions and
13 // limitations under the License.
14 
15 #include <grpc/support/port_platform.h>
16 
17 #include "src/core/lib/security/authorization/grpc_authorization_engine.h"
18 
19 #include <gmock/gmock.h>
20 #include <gtest/gtest.h>
21 
22 namespace grpc_core {
23 
24 TEST(GrpcAuthorizationEngineTest, AllowEngineWithMatchingPolicy) {
25  Rbac::Policy policy1(
26  Rbac::Permission::MakeNotPermission(
27  Rbac::Permission::MakeAnyPermission()),
28  Rbac::Principal::MakeNotPrincipal(Rbac::Principal::MakeAnyPrincipal()));
29  Rbac::Policy policy2(Rbac::Permission::MakeAnyPermission(),
30  Rbac::Principal::MakeAnyPrincipal());
31  std::map<std::string, Rbac::Policy> policies;
32  policies["policy1"] = std::move(policy1);
33  policies["policy2"] = std::move(policy2);
34  Rbac rbac(Rbac::Action::kAllow, std::move(policies));
35  GrpcAuthorizationEngine engine(std::move(rbac));
36  AuthorizationEngine::Decision decision =
37  engine.Evaluate(EvaluateArgs(nullptr, nullptr));
38  EXPECT_EQ(decision.type, AuthorizationEngine::Decision::Type::kAllow);
39  EXPECT_EQ(decision.matching_policy_name, "policy2");
40 }
41 
42 TEST(GrpcAuthorizationEngineTest, AllowEngineWithNoMatchingPolicy) {
43  Rbac::Policy policy1(
44  Rbac::Permission::MakeNotPermission(
45  Rbac::Permission::MakeAnyPermission()),
46  Rbac::Principal::MakeNotPrincipal(Rbac::Principal::MakeAnyPrincipal()));
47  std::map<std::string, Rbac::Policy> policies;
48  policies["policy1"] = std::move(policy1);
49  Rbac rbac(Rbac::Action::kAllow, std::move(policies));
50  GrpcAuthorizationEngine engine(std::move(rbac));
51  AuthorizationEngine::Decision decision =
52  engine.Evaluate(EvaluateArgs(nullptr, nullptr));
53  EXPECT_EQ(decision.type, AuthorizationEngine::Decision::Type::kDeny);
54  EXPECT_TRUE(decision.matching_policy_name.empty());
55 }
56 
57 TEST(GrpcAuthorizationEngineTest, AllowEngineWithEmptyPolicies) {
58  GrpcAuthorizationEngine engine(Rbac::Action::kAllow);
59  AuthorizationEngine::Decision decision =
60  engine.Evaluate(EvaluateArgs(nullptr, nullptr));
61  EXPECT_EQ(decision.type, AuthorizationEngine::Decision::Type::kDeny);
62  EXPECT_TRUE(decision.matching_policy_name.empty());
63 }
64 
65 TEST(GrpcAuthorizationEngineTest, DenyEngineWithMatchingPolicy) {
66  Rbac::Policy policy1(
67  Rbac::Permission::MakeNotPermission(
68  Rbac::Permission::MakeAnyPermission()),
69  Rbac::Principal::MakeNotPrincipal(Rbac::Principal::MakeAnyPrincipal()));
70  Rbac::Policy policy2(Rbac::Permission::MakeAnyPermission(),
71  Rbac::Principal::MakeAnyPrincipal());
72  std::map<std::string, Rbac::Policy> policies;
73  policies["policy1"] = std::move(policy1);
74  policies["policy2"] = std::move(policy2);
75  Rbac rbac(Rbac::Action::kDeny, std::move(policies));
76  GrpcAuthorizationEngine engine(std::move(rbac));
77  AuthorizationEngine::Decision decision =
78  engine.Evaluate(EvaluateArgs(nullptr, nullptr));
79  EXPECT_EQ(decision.type, AuthorizationEngine::Decision::Type::kDeny);
80  EXPECT_EQ(decision.matching_policy_name, "policy2");
81 }
82 
83 TEST(GrpcAuthorizationEngineTest, DenyEngineWithNoMatchingPolicy) {
84  Rbac::Policy policy1(
85  Rbac::Permission::MakeNotPermission(
86  Rbac::Permission::MakeAnyPermission()),
87  Rbac::Principal::MakeNotPrincipal(Rbac::Principal::MakeAnyPrincipal()));
88  std::map<std::string, Rbac::Policy> policies;
89  policies["policy1"] = std::move(policy1);
90  Rbac rbac(Rbac::Action::kDeny, std::move(policies));
91  GrpcAuthorizationEngine engine(std::move(rbac));
92  AuthorizationEngine::Decision decision =
93  engine.Evaluate(EvaluateArgs(nullptr, nullptr));
94  EXPECT_EQ(decision.type, AuthorizationEngine::Decision::Type::kAllow);
95  EXPECT_TRUE(decision.matching_policy_name.empty());
96 }
97 
98 TEST(GrpcAuthorizationEngineTest, DenyEngineWithEmptyPolicies) {
99  GrpcAuthorizationEngine engine(Rbac::Action::kDeny);
100  AuthorizationEngine::Decision decision =
101  engine.Evaluate(EvaluateArgs(nullptr, nullptr));
102  EXPECT_EQ(decision.type, AuthorizationEngine::Decision::Type::kAllow);
103  EXPECT_TRUE(decision.matching_policy_name.empty());
104 }
105 
106 } // namespace grpc_core
107 
108 int main(int argc, char** argv) {
109  ::testing::InitGoogleTest(&argc, argv);
110  return RUN_ALL_TESTS();
111 }
grpc_core::EvaluateArgs
Definition: evaluate_args.h:34
grpc_core::Rbac::Permission::MakeAnyPermission
static Permission MakeAnyPermission()
Definition: rbac_policy.cc:107
grpc_core::Rbac::Principal::MakeAnyPrincipal
static Principal MakeAnyPrincipal()
Definition: rbac_policy.cc:279
grpc_core::AuthorizationEngine::Decision::type
Type type
Definition: authorization_engine.h:35
grpc_core
Definition: call_metric_recorder.h:31
grpc_core::AuthorizationEngine::Decision
Definition: authorization_engine.h:30
grpc_core::Rbac::Action::kDeny
@ kDeny
grpc_core::AuthorizationEngine::Decision::Type::kDeny
@ kDeny
grpc_core::TEST
TEST(AvlTest, NoOp)
Definition: avl_test.cc:21
grpc_core::Rbac::Permission::MakeNotPermission
static Permission MakeNotPermission(Permission permission)
Definition: rbac_policy.cc:99
grpc_core::Rbac::Policy
Definition: rbac_policy.h:151
grpc_core::GrpcAuthorizationEngine
Definition: grpc_authorization_engine.h:39
EXPECT_EQ
#define EXPECT_EQ(a, b)
Definition: iomgr/time_averaged_stats_test.cc:27
grpc_core::Rbac::Principal::MakeNotPrincipal
static Principal MakeNotPrincipal(Principal principal)
Definition: rbac_policy.cc:271
absl::move
constexpr absl::remove_reference_t< T > && move(T &&t) noexcept
Definition: abseil-cpp/absl/utility/utility.h:221
main
int main(int argc, char **argv)
Definition: grpc_authorization_engine_test.cc:108
RUN_ALL_TESTS
int RUN_ALL_TESTS() GTEST_MUST_USE_RESULT_
Definition: bloaty/third_party/googletest/googletest/include/gtest/gtest.h:2471
grpc_core::GrpcAuthorizationEngine::Evaluate
Decision Evaluate(const EvaluateArgs &args) const override
Definition: grpc_authorization_engine.cc:49
grpc_core::Rbac
Definition: rbac_policy.h:35
grpc_authorization_engine.h
testing::InitGoogleTest
GTEST_API_ void InitGoogleTest(int *argc, char **argv)
Definition: bloaty/third_party/googletest/googletest/src/gtest.cc:6106
grpc_core::Rbac::Action::kAllow
@ kAllow
grpc_core::AuthorizationEngine::Decision::Type::kAllow
@ kAllow
EXPECT_TRUE
#define EXPECT_TRUE(condition)
Definition: bloaty/third_party/googletest/googletest/include/gtest/gtest.h:1967
grpc_core::AuthorizationEngine::Decision::matching_policy_name
std::string matching_policy_name
Definition: authorization_engine.h:36
port_platform.h

grpc
Author(s):
autogenerated on Thu Mar 13 2025 02:59:47