Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Internal] PermissionTests: Adds CosmosPermissionTests Coverage #3593

Merged
merged 2 commits into from
Dec 1, 2022
Merged

[Internal] PermissionTests: Adds CosmosPermissionTests Coverage #3593

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
7850783
Enhance ComsosPermissionTests
prasadu-microsoft Nov 30, 2022
cb7c9f0
Merge branch 'master' into users/prasadu/resource-token-tests-update
prasadu-microsoft Nov 30, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
100 changes: 80 additions & 20 deletions Microsoft.Azure.Cosmos/tests/Microsoft.Azure.Cosmos.EmulatorTests/CosmosPermissionTests.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -107,8 +107,15 @@ public async Task CRUDTest()
}

[TestMethod]
public async Task ContainerResourcePermissionTest()
[DataRow(ConnectionMode.Gateway)]
[DataRow(ConnectionMode.Direct)]
public async Task ContainerResourcePermissionTest(ConnectionMode mode)
{
CosmosClientOptions cosmosClientOptions = new CosmosClientOptions()
{
ConnectionMode = mode,
};

//create user
string userId = Guid.NewGuid().ToString();
UserResponse userResponse = await this.cosmosDatabase.CreateUserAsync(userId);
Expand All @@ -121,7 +128,7 @@ public async Task ContainerResourcePermissionTest()
ContainerResponse containerResponse = await this.cosmosDatabase.CreateContainerAsync(containerId, "/id");
Assert.AreEqual(HttpStatusCode.Created, containerResponse.StatusCode);
Container container = containerResponse.Container;

//create permission
string permissionId = Guid.NewGuid().ToString();
PermissionProperties permissionProperties = new PermissionProperties(permissionId, PermissionMode.Read, container);
Expand All @@ -131,9 +138,18 @@ public async Task ContainerResourcePermissionTest()
Assert.AreEqual(permissionId, permission.Id);
Assert.AreEqual(permissionProperties.PermissionMode, permission.PermissionMode);

//delete resource with PermissionMode.Read
using (CosmosClient tokenCosmosClient = TestCommon.CreateCosmosClient(clientOptions: null, resourceToken: permission.Token))
using (CosmosClient tokenCosmosClient = TestCommon.CreateCosmosClient(cosmosClientOptions, resourceToken: permission.Token))
{
Container readContainerRef = tokenCosmosClient.GetContainer(this.cosmosDatabase.Id, containerId);

//read resource with PermissionMode.Read
using FeedIterator<dynamic> feedIterator = readContainerRef.GetItemQueryIterator<dynamic>("SELECT * FROM c");
while (feedIterator.HasMoreResults)
{
_ = await feedIterator.ReadNextAsync();
}

//delete resource with PermissionMode.Read
try
{
ContainerResponse response = await tokenCosmosClient
Expand All @@ -147,14 +163,14 @@ public async Task ContainerResourcePermissionTest()
Assert.AreEqual(HttpStatusCode.Forbidden, ex.StatusCode);
}
}

//update permission to PermissionMode.All
permissionProperties = new PermissionProperties(permissionId, PermissionMode.All, container);
permissionResponse = await user.GetPermission(permissionId).ReplaceAsync(permissionProperties);
permission = permissionResponse.Resource;

//delete resource with PermissionMode.All
using (CosmosClient tokenCosmosClient = TestCommon.CreateCosmosClient(clientOptions: null, resourceToken: permission.Token))
using (CosmosClient tokenCosmosClient = TestCommon.CreateCosmosClient(cosmosClientOptions, resourceToken: permission.Token))
{
ContainerResponse response = await tokenCosmosClient
.GetDatabase(this.cosmosDatabase.Id)
Expand Down Expand Up @@ -284,8 +300,15 @@ await container.CreateItemAsync<ToDoActivity>(
}

[TestMethod]
public async Task ItemResourcePermissionTest()
[DataRow(ConnectionMode.Gateway)]
[DataRow(ConnectionMode.Direct)]
public async Task ItemResourcePermissionTest(ConnectionMode connectionMode)
{
CosmosClientOptions cosmosClientOptions = new CosmosClientOptions()
{
ConnectionMode = connectionMode
};

//create user
string userId = Guid.NewGuid().ToString();
UserResponse userResponse = await this.cosmosDatabase.CreateUserAsync(userId);
Expand Down Expand Up @@ -313,13 +336,15 @@ public async Task ItemResourcePermissionTest()
Assert.AreEqual(permissionId, permission.Id);
Assert.AreEqual(permissionProperties.PermissionMode, permission.PermissionMode);

//delete resource with PermissionMode.Read
using (CosmosClient tokenCosmosClient = TestCommon.CreateCosmosClient(clientOptions: null, resourceToken: permission.Token))
using (CosmosClient tokenCosmosClient = TestCommon.CreateCosmosClient(clientOptions: cosmosClientOptions, resourceToken: permission.Token))
{
Container tokenContainer = tokenCosmosClient.GetContainer(this.cosmosDatabase.Id, containerId);

//read resource with PermissionMode.Read
ItemResponse<dynamic> readPermissionItem = await tokenContainer.ReadItemAsync<dynamic>(itemId, partitionKey);
Assert.AreEqual(itemId, readPermissionItem.Resource.id.ToString());

//delete resource with PermissionMode.Read
try
{
ItemResponse<dynamic> response = await tokenContainer.DeleteItemAsync<dynamic>(
Expand All @@ -340,7 +365,7 @@ public async Task ItemResourcePermissionTest()
permission = permissionResponse.Resource;

//delete resource with PermissionMode.All
using (CosmosClient tokenCosmosClient = TestCommon.CreateCosmosClient(clientOptions: null, resourceToken: permission.Token))
using (CosmosClient tokenCosmosClient = TestCommon.CreateCosmosClient(clientOptions: cosmosClientOptions, resourceToken: permission.Token))
{
using (FeedIterator<dynamic> feed = tokenCosmosClient
.GetDatabase(this.cosmosDatabase.Id)
Expand All @@ -357,8 +382,15 @@ public async Task ItemResourcePermissionTest()
}

[TestMethod]
public async Task EnsureUnauthorized_ThrowsCosmosClientException()
[DataRow(ConnectionMode.Gateway)]
[DataRow(ConnectionMode.Direct)]
public async Task EnsureUnauthorized_ThrowsCosmosClientException(ConnectionMode connectionMode)
{
CosmosClientOptions cosmosClientOptions = new CosmosClientOptions()
{
ConnectionMode = connectionMode
};

string authKey = ConfigurationManager.AppSettings["MasterKey"];
string endpoint = ConfigurationManager.AppSettings["GatewayEndpoint"];

Expand All @@ -367,55 +399,83 @@ public async Task EnsureUnauthorized_ThrowsCosmosClientException()

using CosmosClient cosmosClient = new CosmosClient(
endpoint,
authKey);
authKey,
cosmosClientOptions);

CosmosException exception = await Assert.ThrowsExceptionAsync<CosmosException>(() => cosmosClient.GetContainer("test", "test").ReadItemAsync<dynamic>("test", new PartitionKey("test")));
Assert.AreEqual(HttpStatusCode.Unauthorized, exception.StatusCode);
}

[TestMethod]
public async Task EnsureUnauthorized_ThrowsCosmosClientException_ReadAccountAsync()
[DataRow(ConnectionMode.Gateway)]
[DataRow(ConnectionMode.Direct)]
public async Task EnsureUnauthorized_ThrowsCosmosClientException_ReadAccountAsync(ConnectionMode connectionMode)
{
CosmosClientOptions cosmosClientOptions = new CosmosClientOptions()
{
ConnectionMode = connectionMode
};

string authKey = ConfigurationManager.AppSettings["MasterKey"];
string endpoint = ConfigurationManager.AppSettings["GatewayEndpoint"];

// Take the key and change some middle character
authKey = authKey.Replace("m", "M");
CosmosClient cosmosClient = new CosmosClient(endpoint, authKey);
using CosmosClient cosmosClient = new CosmosClient(
endpoint,
authKey,
cosmosClientOptions);

CosmosException exception1 = await Assert.ThrowsExceptionAsync<CosmosException>(() => cosmosClient.ReadAccountAsync());
Assert.AreEqual(HttpStatusCode.Unauthorized, exception1.StatusCode);

}

[TestMethod]
public async Task EnsureUnauthorized_Writes_ThrowsCosmosClientException()
[DataRow(ConnectionMode.Gateway)]
[DataRow(ConnectionMode.Direct)]
public async Task EnsureUnauthorized_Writes_ThrowsCosmosClientException(ConnectionMode connectionMode)
{
CosmosClientOptions cosmosClientOptions = new CosmosClientOptions()
{
ConnectionMode = connectionMode
};

string authKey = ConfigurationManager.AppSettings["MasterKey"];
string endpoint = ConfigurationManager.AppSettings["GatewayEndpoint"];

// Take the key and change some middle character
authKey = authKey.Replace("m", "M");

using CosmosClient cosmosClient = new CosmosClient(
endpoint,
authKey);
authKey,
cosmosClientOptions);

CosmosException exception = await Assert.ThrowsExceptionAsync<CosmosException>(() => cosmosClient.GetContainer("test", "test").CreateItemAsync<dynamic>(new { id = "test" }));
Assert.AreEqual(HttpStatusCode.Unauthorized, exception.StatusCode);
}

[TestMethod]
public async Task EnsureUnauthorized_Query_ThrowsCosmosClientException()
[DataRow(ConnectionMode.Gateway)]
[DataRow(ConnectionMode.Direct)]
public async Task EnsureUnauthorized_Query_ThrowsCosmosClientException(ConnectionMode connectionMode)
{
CosmosClientOptions cosmosClientOptions = new CosmosClientOptions()
{
ConnectionMode = connectionMode
};

string authKey = ConfigurationManager.AppSettings["MasterKey"];
string endpoint = ConfigurationManager.AppSettings["GatewayEndpoint"];

// Take the key and change some middle character
authKey = authKey.Replace("m", "M");

using CosmosClient cosmosClient = new CosmosClient(
endpoint,
authKey);
authKey,
cosmosClientOptions);

using FeedIterator<dynamic> iterator = cosmosClient.GetContainer("test", "test").GetItemQueryIterator<dynamic>("SELECT * FROM c");

Expand Down