예제 #1
0
 public PolicyVerificationParameters(ClaimsPrincipal user, Operation operation, string stream, StorageMessage.EffectiveAcl streamAcl, bool isAuthorized, bool shouldRequestAcl)
 {
     User             = user;
     Operation        = operation;
     Stream           = stream;
     StreamAcl        = streamAcl;
     IsAuthorized     = isAuthorized;
     ShouldRequestAcl = shouldRequestAcl;
 }
예제 #2
0
 public void ExpectedAcl(string stream, StorageMessage.EffectiveAcl acl)
 {
     MessageReceived = false;
     if (stream == null)
     {
         return;
     }
     _expectedStream = SystemStreams.IsMetastream(stream) ? SystemStreams.OriginalStreamOf(stream) : stream;
     _acl            = acl;
 }
예제 #3
0
        public static IEnumerable <PolicyVerificationParameters> PolicyTests()
        {
            StorageMessage.EffectiveAcl systemStreamPermission = new StorageMessage.EffectiveAcl(
                SystemSettings.Default.SystemStreamAcl,
                SystemSettings.Default.SystemStreamAcl,
                SystemSettings.Default.SystemStreamAcl
                );

            StorageMessage.EffectiveAcl defaultUseruserStreamPermission = new StorageMessage.EffectiveAcl(
                SystemSettings.Default.UserStreamAcl,
                SystemSettings.Default.UserStreamAcl,
                SystemSettings.Default.UserStreamAcl
                );

            StorageMessage.EffectiveAcl userStreamPermission = new StorageMessage.EffectiveAcl(
                new StreamAcl("test", "test", "test", "test", "test"),
                SystemSettings.Default.UserStreamAcl,
                SystemSettings.Default.UserStreamAcl
                );

            ClaimsPrincipal admin      = CreatePrincipal("admin", SystemRoles.Admins);
            ClaimsPrincipal userAdmin  = CreatePrincipal("adminuser", SystemRoles.Admins);
            ClaimsPrincipal ops        = CreatePrincipal("ops", SystemRoles.Operations);
            ClaimsPrincipal userOps    = CreatePrincipal("opsuser", SystemRoles.Operations);
            ClaimsPrincipal user1      = CreatePrincipal("test");
            ClaimsPrincipal user2      = CreatePrincipal("test2");
            ClaimsPrincipal userSystem = SystemAccounts.System;

            var admins     = new[] { admin, userAdmin };
            var operations = new[] { ops, userOps };
            var users      = new[] { user1, user2 };
            var system     = new[] { userSystem };
            var anonymous  = new[] { new ClaimsPrincipal(), new ClaimsPrincipal(new ClaimsIdentity(new Claim[] { new Claim(ClaimTypes.Anonymous, ""), })), };

            foreach (var user in system)
            {
                foreach (var operation in SystemOperations())
                {
                    yield return(new PolicyVerificationParameters(user,
                                                                  operation.Item1, operation.Item2, operation.Item3,
                                                                  true,
                                                                  false
                                                                  ));
                }
            }
            foreach (var user in admins)
            {
                foreach (var operation in SystemOperations())
                {
                    yield return(new PolicyVerificationParameters(user,
                                                                  operation.Item1, operation.Item2, operation.Item3,
                                                                  false,
                                                                  false
                                                                  ));
                }
                foreach (var operation in AdminOperations())
                {
                    yield return(new PolicyVerificationParameters(user,
                                                                  operation.Item1, operation.Item2, operation.Item3,
                                                                  true,
                                                                  false
                                                                  ));
                }
                foreach (var operation in OpsOperations())
                {
                    yield return(new PolicyVerificationParameters(user,
                                                                  operation.Item1, operation.Item2, operation.Item3,
                                                                  true,
                                                                  false
                                                                  ));
                }

                foreach (var operation in UserOperations())
                {
                    yield return(new PolicyVerificationParameters(user,
                                                                  operation.Item1, operation.Item2, operation.Item3,
                                                                  true,
                                                                  false
                                                                  ));
                }

                foreach (var operation in AuthenticatedOperations())
                {
                    yield return(new PolicyVerificationParameters(user,
                                                                  operation.Item1, operation.Item2, operation.Item3,
                                                                  true,
                                                                  false
                                                                  ));
                }

                foreach (var operation in AnonymousOperations())
                {
                    yield return(new PolicyVerificationParameters(user,
                                                                  operation.Item1, operation.Item2, operation.Item3,
                                                                  true,
                                                                  false
                                                                  ));
                }
            }

            foreach (var user in operations)
            {
                foreach (var operation in SystemOperations())
                {
                    yield return(new PolicyVerificationParameters(user,
                                                                  operation.Item1, operation.Item2, operation.Item3,
                                                                  false,
                                                                  false
                                                                  ));
                }
                foreach (var operation in AdminOperations())
                {
                    yield return(new PolicyVerificationParameters(user,
                                                                  operation.Item1, operation.Item2, operation.Item3,
                                                                  false,
                                                                  operation.Item3 != null
                                                                  ));
                }
                foreach (var operation in OpsOperations())
                {
                    yield return(new PolicyVerificationParameters(user,
                                                                  operation.Item1, operation.Item2, operation.Item3,
                                                                  true,
                                                                  false
                                                                  ));
                }

                foreach (var operation in UserOperations())
                {
                    yield return(new PolicyVerificationParameters(user,
                                                                  operation.Item1, operation.Item2, operation.Item3,
                                                                  operation.Item2 == null || operation.Item3 == defaultUseruserStreamPermission,
                                                                  operation.Item2 != null
                                                                  ));
                }

                foreach (var operation in AuthenticatedOperations())
                {
                    yield return(new PolicyVerificationParameters(user,
                                                                  operation.Item1, operation.Item2, operation.Item3,
                                                                  true,
                                                                  operation.Item2 != null
                                                                  ));
                }

                foreach (var operation in AnonymousOperations())
                {
                    yield return(new PolicyVerificationParameters(user,
                                                                  operation.Item1, operation.Item2, operation.Item3,
                                                                  true,
                                                                  operation.Item2 != null
                                                                  ));
                }
            }

            foreach (var user in users)
            {
                foreach (var operation in SystemOperations())
                {
                    yield return(new PolicyVerificationParameters(user,
                                                                  operation.Item1, operation.Item2, operation.Item3,
                                                                  false,
                                                                  false
                                                                  ));
                }
                foreach (var operation in AdminOperations())
                {
                    yield return(new PolicyVerificationParameters(user,
                                                                  operation.Item1, operation.Item2, operation.Item3,
                                                                  false,
                                                                  operation.Item3 != null
                                                                  ));
                }
                foreach (var operation in OpsOperations())
                {
                    yield return(new PolicyVerificationParameters(user,
                                                                  operation.Item1, operation.Item2, operation.Item3,
                                                                  false,
                                                                  false
                                                                  ));
                }

                foreach (var operation in UserOperations())
                {
                    yield return(new PolicyVerificationParameters(user,
                                                                  operation.Item1, operation.Item2, operation.Item3,
                                                                  operation.Item2 == null || user.Identity.Name != "test2" || operation.Item3 == defaultUseruserStreamPermission,
                                                                  operation.Item3 != null
                                                                  ));
                }

                foreach (var operation in AuthenticatedOperations())
                {
                    yield return(new PolicyVerificationParameters(user,
                                                                  operation.Item1, operation.Item2, operation.Item3,
                                                                  true,
                                                                  operation.Item3 != null
                                                                  ));
                }
                foreach (var operation in AnonymousOperations())
                {
                    yield return(new PolicyVerificationParameters(user,
                                                                  operation.Item1, operation.Item2, operation.Item3,
                                                                  true,
                                                                  operation.Item3 != null
                                                                  ));
                }
            }

            foreach (var user in anonymous)
            {
                foreach (var operation in SystemOperations())
                {
                    yield return(new PolicyVerificationParameters(user,
                                                                  operation.Item1, operation.Item2, operation.Item3,
                                                                  false,
                                                                  false
                                                                  ));
                }
                foreach (var operation in AdminOperations())
                {
                    yield return(new PolicyVerificationParameters(user,
                                                                  operation.Item1, operation.Item2, operation.Item3,
                                                                  false,
                                                                  operation.Item3 != null
                                                                  ));
                }
                foreach (var operation in OpsOperations())
                {
                    yield return(new PolicyVerificationParameters(user,
                                                                  operation.Item1, operation.Item2, operation.Item3,
                                                                  false,
                                                                  operation.Item3 != null
                                                                  ));
                }

                foreach (var operation in UserOperations())
                {
                    yield return(new PolicyVerificationParameters(user,
                                                                  operation.Item1, operation.Item2, operation.Item3,
                                                                  false,
                                                                  false
                                                                  ));
                }

                foreach (var operation in AuthenticatedOperations())
                {
                    yield return(new PolicyVerificationParameters(user,
                                                                  operation.Item1, operation.Item2, operation.Item3,
                                                                  false,
                                                                  false
                                                                  ));
                }
                foreach (var operation in AnonymousOperations())
                {
                    yield return(new PolicyVerificationParameters(user,
                                                                  operation.Item1, operation.Item2, operation.Item3,
                                                                  true,
                                                                  operation.Item3 != null
                                                                  ));
                }
            }

            IEnumerable <(Operation, string, StorageMessage.EffectiveAcl)> SystemOperations()
            {
                yield return(CreateOperation(Operations.Node.Gossip.Update));

                yield return(CreateOperation(Operations.Node.Elections.Prepare));

                yield return(CreateOperation(Operations.Node.Elections.PrepareOk));

                yield return(CreateOperation(Operations.Node.Elections.ViewChange));

                yield return(CreateOperation(Operations.Node.Elections.ViewChangeProof));

                yield return(CreateOperation(Operations.Node.Elections.Proposal));

                yield return(CreateOperation(Operations.Node.Elections.Accept));

                yield return(CreateOperation(Operations.Node.Elections.LeaderIsResigning));

                yield return(CreateOperation(Operations.Node.Elections.LeaderIsResigningOk));
            }

            IEnumerable <(Operation, string, StorageMessage.EffectiveAcl)> AdminOperations()
            {
                yield return(new Operation(Operations.Streams.Read).WithParameter(
                                 Operations.Streams.Parameters.StreamId("$$$scavenge")),
                             "$$$scavenge",
                             systemStreamPermission);

                yield return(CreateOperation(Operations.Projections.Restart));
            }

            IEnumerable <(Operation, string, StorageMessage.EffectiveAcl)> OpsOperations()
            {
                yield return(CreateOperation(Operations.Node.Information.Subsystems));

                yield return(CreateOperation(Operations.Node.Shutdown));

                yield return(CreateOperation(Operations.Node.Scavenge.Start));

                yield return(CreateOperation(Operations.Node.Scavenge.Stop));

                yield return(CreateOperation(Operations.Node.MergeIndexes));

                yield return(CreateOperation(Operations.Node.SetPriority));

                yield return(CreateOperation(Operations.Node.Resign));

                yield return(CreateOperation(Operations.Subscriptions.Create));

                yield return(CreateOperation(Operations.Subscriptions.Update));

                yield return(CreateOperation(Operations.Subscriptions.Delete));

                yield return(CreateOperation(Operations.Node.Information.Histogram));

                yield return(CreateOperation(Operations.Node.Information.Options));

                yield return(new Operation(Operations.Subscriptions.ReplayParked).WithParameter(Operations.Subscriptions.Parameters.StreamId(_streamWithCustomPermissions)), _streamWithCustomPermissions, null);

                yield return(new Operation(Operations.Subscriptions.ReplayParked).WithParameter(Operations.Subscriptions.Parameters.StreamId(_streamWithDefaultPermissions)), _streamWithDefaultPermissions, null);

                yield return(CreateOperation(Operations.Projections.UpdateConfiguration));

                yield return(CreateOperation(Operations.Projections.ReadConfiguration));

                yield return(CreateOperation(Operations.Projections.Delete));
            }

            IEnumerable <(Operation, string, StorageMessage.EffectiveAcl)> UserOperations()
            {
                yield return(new Operation(Operations.Subscriptions.ProcessMessages).WithParameter(Operations.Subscriptions.Parameters.StreamId(_streamWithCustomPermissions)), _streamWithCustomPermissions, userStreamPermission);

                yield return(new Operation(Operations.Subscriptions.ProcessMessages).WithParameter(Operations.Subscriptions.Parameters.StreamId(_streamWithDefaultPermissions)), _streamWithDefaultPermissions, defaultUseruserStreamPermission);

                yield return(CreateOperation(Operations.Projections.List));

                yield return(CreateOperation(Operations.Projections.Abort));

                yield return(CreateOperation(Operations.Projections.Create));

                yield return(CreateOperation(Operations.Projections.DebugProjection));

                yield return(CreateOperation(Operations.Projections.Disable));

                yield return(CreateOperation(Operations.Projections.Enable));

                yield return(CreateOperation(Operations.Projections.Read));

                yield return(CreateOperation(Operations.Projections.Reset));

                yield return(CreateOperation(Operations.Projections.Update));

                yield return(CreateOperation(Operations.Projections.State));

                yield return(CreateOperation(Operations.Projections.Status));

                yield return(CreateOperation(Operations.Projections.Statistics));
            }

            IEnumerable <(Operation, string, StorageMessage.EffectiveAcl)> AuthenticatedOperations()
            {
                yield return(CreateOperation(Operations.Subscriptions.Statistics));

                yield return(CreateOperation(Operations.Projections.List));
            }

            IEnumerable <(Operation, string, StorageMessage.EffectiveAcl)> AnonymousOperations()
            {
                yield return(CreateOperation(Operations.Node.Redirect));

                yield return(CreateOperation(Operations.Node.StaticContent));

                yield return(CreateOperation(Operations.Node.Ping));

                yield return(CreateOperation(Operations.Node.Options));

                yield return(CreateOperation(Operations.Node.Information.Read));

                yield return(CreateOperation(Operations.Node.Information.Read));

                yield return(CreateOperation(Operations.Node.Statistics.Read));

                yield return(CreateOperation(Operations.Node.Statistics.Replication));

                yield return(CreateOperation(Operations.Node.Statistics.Tcp));

                yield return(CreateOperation(Operations.Node.Statistics.Custom));

                yield return(CreateOperation(Operations.Node.Gossip.Read));

                yield return(new Operation(Operations.Streams.Read).WithParameter(
                                 Operations.Streams.Parameters.StreamId(_streamWithDefaultPermissions)),
                             _streamWithDefaultPermissions, defaultUseruserStreamPermission);
            }

            (Operation, string, StorageMessage.EffectiveAcl) CreateOperation(OperationDefinition def)
            {
                return(new Operation(def), null, null);
            }

            ClaimsPrincipal CreatePrincipal(string name, params string[] roles)
            {
                var claims =
                    (new[] { new Claim(ClaimTypes.Name, name) }).Concat(roles.Select(x => new Claim(ClaimTypes.Role, x)));

                return(new ClaimsPrincipal(new ClaimsIdentity(claims)));
            }
        }