From 28318b0fe2cbfceb80276574f131f6b79f4b64ed Mon Sep 17 00:00:00 2001 From: Prasad Ullal <36418906+prasadu-microsoft@users.noreply.github.com> Date: Thu, 1 Dec 2022 08:24:15 -0800 Subject: [PATCH] [Internal] PermissionTests: Adds CosmosPermissionTests Coverage (#3593) * Ensures that both Direct and Gateway connection modes are tested * Validates that container read works with PermissionMode.Read (test was previously only validating that Delete was blocked - i.e. the negative case). --- .../CosmosPermissionTests.cs | 100 ++++++++++++++---- 1 file changed, 80 insertions(+), 20 deletions(-) diff --git a/Microsoft.Azure.Cosmos/tests/Microsoft.Azure.Cosmos.EmulatorTests/CosmosPermissionTests.cs b/Microsoft.Azure.Cosmos/tests/Microsoft.Azure.Cosmos.EmulatorTests/CosmosPermissionTests.cs index 531757c3ba..003ca8690b 100644 --- a/Microsoft.Azure.Cosmos/tests/Microsoft.Azure.Cosmos.EmulatorTests/CosmosPermissionTests.cs +++ b/Microsoft.Azure.Cosmos/tests/Microsoft.Azure.Cosmos.EmulatorTests/CosmosPermissionTests.cs @@ -107,8 +107,15 @@ public async Task CRUDTest() } [TestMethod] - public async Task ContainerResourcePermissionTest() + [DataRow(ConnectionMode.Gateway)] + [DataRow(ConnectionMode.Direct)] + public async Task ContainerResourcePermissionTest(ConnectionMode mode) { + CosmosClientOptions cosmosClientOptions = new CosmosClientOptions() + { + ConnectionMode = mode, + }; + //create user string userId = Guid.NewGuid().ToString(); UserResponse userResponse = await this.cosmosDatabase.CreateUserAsync(userId); @@ -121,7 +128,7 @@ public async Task ContainerResourcePermissionTest() ContainerResponse containerResponse = await this.cosmosDatabase.CreateContainerAsync(containerId, "/id"); Assert.AreEqual(HttpStatusCode.Created, containerResponse.StatusCode); Container container = containerResponse.Container; - + //create permission string permissionId = Guid.NewGuid().ToString(); PermissionProperties permissionProperties = new PermissionProperties(permissionId, PermissionMode.Read, container); @@ -131,9 +138,18 @@ public async Task ContainerResourcePermissionTest() Assert.AreEqual(permissionId, permission.Id); Assert.AreEqual(permissionProperties.PermissionMode, permission.PermissionMode); - //delete resource with PermissionMode.Read - using (CosmosClient tokenCosmosClient = TestCommon.CreateCosmosClient(clientOptions: null, resourceToken: permission.Token)) + using (CosmosClient tokenCosmosClient = TestCommon.CreateCosmosClient(cosmosClientOptions, resourceToken: permission.Token)) { + Container readContainerRef = tokenCosmosClient.GetContainer(this.cosmosDatabase.Id, containerId); + + //read resource with PermissionMode.Read + using FeedIterator feedIterator = readContainerRef.GetItemQueryIterator("SELECT * FROM c"); + while (feedIterator.HasMoreResults) + { + _ = await feedIterator.ReadNextAsync(); + } + + //delete resource with PermissionMode.Read try { ContainerResponse response = await tokenCosmosClient @@ -147,14 +163,14 @@ public async Task ContainerResourcePermissionTest() Assert.AreEqual(HttpStatusCode.Forbidden, ex.StatusCode); } } - + //update permission to PermissionMode.All permissionProperties = new PermissionProperties(permissionId, PermissionMode.All, container); permissionResponse = await user.GetPermission(permissionId).ReplaceAsync(permissionProperties); permission = permissionResponse.Resource; //delete resource with PermissionMode.All - using (CosmosClient tokenCosmosClient = TestCommon.CreateCosmosClient(clientOptions: null, resourceToken: permission.Token)) + using (CosmosClient tokenCosmosClient = TestCommon.CreateCosmosClient(cosmosClientOptions, resourceToken: permission.Token)) { ContainerResponse response = await tokenCosmosClient .GetDatabase(this.cosmosDatabase.Id) @@ -284,8 +300,15 @@ await container.CreateItemAsync( } [TestMethod] - public async Task ItemResourcePermissionTest() + [DataRow(ConnectionMode.Gateway)] + [DataRow(ConnectionMode.Direct)] + public async Task ItemResourcePermissionTest(ConnectionMode connectionMode) { + CosmosClientOptions cosmosClientOptions = new CosmosClientOptions() + { + ConnectionMode = connectionMode + }; + //create user string userId = Guid.NewGuid().ToString(); UserResponse userResponse = await this.cosmosDatabase.CreateUserAsync(userId); @@ -313,13 +336,15 @@ public async Task ItemResourcePermissionTest() Assert.AreEqual(permissionId, permission.Id); Assert.AreEqual(permissionProperties.PermissionMode, permission.PermissionMode); - //delete resource with PermissionMode.Read - using (CosmosClient tokenCosmosClient = TestCommon.CreateCosmosClient(clientOptions: null, resourceToken: permission.Token)) + using (CosmosClient tokenCosmosClient = TestCommon.CreateCosmosClient(clientOptions: cosmosClientOptions, resourceToken: permission.Token)) { Container tokenContainer = tokenCosmosClient.GetContainer(this.cosmosDatabase.Id, containerId); + + //read resource with PermissionMode.Read ItemResponse readPermissionItem = await tokenContainer.ReadItemAsync(itemId, partitionKey); Assert.AreEqual(itemId, readPermissionItem.Resource.id.ToString()); + //delete resource with PermissionMode.Read try { ItemResponse response = await tokenContainer.DeleteItemAsync( @@ -340,7 +365,7 @@ public async Task ItemResourcePermissionTest() permission = permissionResponse.Resource; //delete resource with PermissionMode.All - using (CosmosClient tokenCosmosClient = TestCommon.CreateCosmosClient(clientOptions: null, resourceToken: permission.Token)) + using (CosmosClient tokenCosmosClient = TestCommon.CreateCosmosClient(clientOptions: cosmosClientOptions, resourceToken: permission.Token)) { using (FeedIterator feed = tokenCosmosClient .GetDatabase(this.cosmosDatabase.Id) @@ -357,8 +382,15 @@ public async Task ItemResourcePermissionTest() } [TestMethod] - public async Task EnsureUnauthorized_ThrowsCosmosClientException() + [DataRow(ConnectionMode.Gateway)] + [DataRow(ConnectionMode.Direct)] + public async Task EnsureUnauthorized_ThrowsCosmosClientException(ConnectionMode connectionMode) { + CosmosClientOptions cosmosClientOptions = new CosmosClientOptions() + { + ConnectionMode = connectionMode + }; + string authKey = ConfigurationManager.AppSettings["MasterKey"]; string endpoint = ConfigurationManager.AppSettings["GatewayEndpoint"]; @@ -367,21 +399,32 @@ public async Task EnsureUnauthorized_ThrowsCosmosClientException() using CosmosClient cosmosClient = new CosmosClient( endpoint, - authKey); + authKey, + cosmosClientOptions); CosmosException exception = await Assert.ThrowsExceptionAsync(() => cosmosClient.GetContainer("test", "test").ReadItemAsync("test", new PartitionKey("test"))); Assert.AreEqual(HttpStatusCode.Unauthorized, exception.StatusCode); } [TestMethod] - public async Task EnsureUnauthorized_ThrowsCosmosClientException_ReadAccountAsync() + [DataRow(ConnectionMode.Gateway)] + [DataRow(ConnectionMode.Direct)] + public async Task EnsureUnauthorized_ThrowsCosmosClientException_ReadAccountAsync(ConnectionMode connectionMode) { + CosmosClientOptions cosmosClientOptions = new CosmosClientOptions() + { + ConnectionMode = connectionMode + }; + string authKey = ConfigurationManager.AppSettings["MasterKey"]; string endpoint = ConfigurationManager.AppSettings["GatewayEndpoint"]; // Take the key and change some middle character authKey = authKey.Replace("m", "M"); - CosmosClient cosmosClient = new CosmosClient(endpoint, authKey); + using CosmosClient cosmosClient = new CosmosClient( + endpoint, + authKey, + cosmosClientOptions); CosmosException exception1 = await Assert.ThrowsExceptionAsync(() => cosmosClient.ReadAccountAsync()); Assert.AreEqual(HttpStatusCode.Unauthorized, exception1.StatusCode); @@ -389,33 +432,50 @@ public async Task EnsureUnauthorized_ThrowsCosmosClientException_ReadAccountAsyn } [TestMethod] - public async Task EnsureUnauthorized_Writes_ThrowsCosmosClientException() + [DataRow(ConnectionMode.Gateway)] + [DataRow(ConnectionMode.Direct)] + public async Task EnsureUnauthorized_Writes_ThrowsCosmosClientException(ConnectionMode connectionMode) { + CosmosClientOptions cosmosClientOptions = new CosmosClientOptions() + { + ConnectionMode = connectionMode + }; + string authKey = ConfigurationManager.AppSettings["MasterKey"]; string endpoint = ConfigurationManager.AppSettings["GatewayEndpoint"]; - + // Take the key and change some middle character authKey = authKey.Replace("m", "M"); using CosmosClient cosmosClient = new CosmosClient( endpoint, - authKey); + authKey, + cosmosClientOptions); + CosmosException exception = await Assert.ThrowsExceptionAsync(() => cosmosClient.GetContainer("test", "test").CreateItemAsync(new { id = "test" })); Assert.AreEqual(HttpStatusCode.Unauthorized, exception.StatusCode); } [TestMethod] - public async Task EnsureUnauthorized_Query_ThrowsCosmosClientException() + [DataRow(ConnectionMode.Gateway)] + [DataRow(ConnectionMode.Direct)] + public async Task EnsureUnauthorized_Query_ThrowsCosmosClientException(ConnectionMode connectionMode) { + CosmosClientOptions cosmosClientOptions = new CosmosClientOptions() + { + ConnectionMode = connectionMode + }; + string authKey = ConfigurationManager.AppSettings["MasterKey"]; string endpoint = ConfigurationManager.AppSettings["GatewayEndpoint"]; - + // Take the key and change some middle character authKey = authKey.Replace("m", "M"); using CosmosClient cosmosClient = new CosmosClient( endpoint, - authKey); + authKey, + cosmosClientOptions); using FeedIterator iterator = cosmosClient.GetContainer("test", "test").GetItemQueryIterator("SELECT * FROM c");