diff --git a/src/access/tests/TestAccessRestrictionProvider.cpp b/src/access/tests/TestAccessRestrictionProvider.cpp index b1908a4980ae63..73ccd2cdb47cd7 100644 --- a/src/access/tests/TestAccessRestrictionProvider.cpp +++ b/src/access/tests/TestAccessRestrictionProvider.cpp @@ -296,21 +296,33 @@ TEST_F(TestAccessRestriction, InvalidRestrictionsOnEndpointOneTest) constexpr CheckData accessAttributeRestrictionTestData[] = { { .subjectDescriptor = { .fabricIndex = 1, .authMode = AuthMode::kCase, .subject = kOperationalNodeId1 }, - .requestPath = { .cluster = kWiFiNetworkManagementCluster, .endpoint = 1, .requestType = RequestType::kAttributeWriteRequest, .entityId = 1 }, - .privilege = Privilege::kAdminister, - .allow = false }, + .requestPath = { .cluster = kWiFiNetworkManagementCluster, + .endpoint = 1, + .requestType = RequestType::kAttributeWriteRequest, + .entityId = 1 }, + .privilege = Privilege::kAdminister, + .allow = false }, { .subjectDescriptor = { .fabricIndex = 1, .authMode = AuthMode::kCase, .subject = kOperationalNodeId1 }, - .requestPath = { .cluster = kWiFiNetworkManagementCluster, .endpoint = 1, .requestType = RequestType::kAttributeReadRequest, .entityId = 1 }, - .privilege = Privilege::kAdminister, - .allow = false }, + .requestPath = { .cluster = kWiFiNetworkManagementCluster, + .endpoint = 1, + .requestType = RequestType::kAttributeReadRequest, + .entityId = 1 }, + .privilege = Privilege::kAdminister, + .allow = false }, { .subjectDescriptor = { .fabricIndex = 1, .authMode = AuthMode::kCase, .subject = kOperationalNodeId1 }, - .requestPath = { .cluster = kWiFiNetworkManagementCluster, .endpoint = 1, .requestType = RequestType::kCommandInvokeRequest, .entityId = 1 }, - .privilege = Privilege::kAdminister, - .allow = true }, + .requestPath = { .cluster = kWiFiNetworkManagementCluster, + .endpoint = 1, + .requestType = RequestType::kCommandInvokeRequest, + .entityId = 1 }, + .privilege = Privilege::kAdminister, + .allow = true }, { .subjectDescriptor = { .fabricIndex = 1, .authMode = AuthMode::kCase, .subject = kOperationalNodeId1 }, - .requestPath = { .cluster = kWiFiNetworkManagementCluster, .endpoint = 1, .requestType = RequestType::kEventReadRequest, .entityId = 1 }, - .privilege = Privilege::kAdminister, - .allow = true }, + .requestPath = { .cluster = kWiFiNetworkManagementCluster, + .endpoint = 1, + .requestType = RequestType::kEventReadRequest, + .entityId = 1 }, + .privilege = Privilege::kAdminister, + .allow = true }, }; TEST_F(TestAccessRestriction, AccessAttributeRestrictionTest) @@ -337,21 +349,33 @@ TEST_F(TestAccessRestriction, AccessAttributeRestrictionTest) constexpr CheckData writeAttributeRestrictionTestData[] = { { .subjectDescriptor = { .fabricIndex = 1, .authMode = AuthMode::kCase, .subject = kOperationalNodeId1 }, - .requestPath = { .cluster = kWiFiNetworkManagementCluster, .endpoint = 1, .requestType = RequestType::kAttributeWriteRequest, .entityId = 1 }, - .privilege = Privilege::kAdminister, - .allow = false }, + .requestPath = { .cluster = kWiFiNetworkManagementCluster, + .endpoint = 1, + .requestType = RequestType::kAttributeWriteRequest, + .entityId = 1 }, + .privilege = Privilege::kAdminister, + .allow = false }, { .subjectDescriptor = { .fabricIndex = 1, .authMode = AuthMode::kCase, .subject = kOperationalNodeId1 }, - .requestPath = { .cluster = kWiFiNetworkManagementCluster, .endpoint = 1, .requestType = RequestType::kAttributeReadRequest, .entityId = 1 }, - .privilege = Privilege::kAdminister, - .allow = true }, + .requestPath = { .cluster = kWiFiNetworkManagementCluster, + .endpoint = 1, + .requestType = RequestType::kAttributeReadRequest, + .entityId = 1 }, + .privilege = Privilege::kAdminister, + .allow = true }, { .subjectDescriptor = { .fabricIndex = 1, .authMode = AuthMode::kCase, .subject = kOperationalNodeId1 }, - .requestPath = { .cluster = kWiFiNetworkManagementCluster, .endpoint = 1, .requestType = RequestType::kCommandInvokeRequest, .entityId = 1 }, - .privilege = Privilege::kAdminister, - .allow = true }, + .requestPath = { .cluster = kWiFiNetworkManagementCluster, + .endpoint = 1, + .requestType = RequestType::kCommandInvokeRequest, + .entityId = 1 }, + .privilege = Privilege::kAdminister, + .allow = true }, { .subjectDescriptor = { .fabricIndex = 1, .authMode = AuthMode::kCase, .subject = kOperationalNodeId1 }, - .requestPath = { .cluster = kWiFiNetworkManagementCluster, .endpoint = 1, .requestType = RequestType::kEventReadRequest, .entityId = 1 }, - .privilege = Privilege::kAdminister, - .allow = true }, + .requestPath = { .cluster = kWiFiNetworkManagementCluster, + .endpoint = 1, + .requestType = RequestType::kEventReadRequest, + .entityId = 1 }, + .privilege = Privilege::kAdminister, + .allow = true }, }; TEST_F(TestAccessRestriction, WriteAttributeRestrictionTest) @@ -378,21 +402,33 @@ TEST_F(TestAccessRestriction, WriteAttributeRestrictionTest) constexpr CheckData commandAttributeRestrictionTestData[] = { { .subjectDescriptor = { .fabricIndex = 1, .authMode = AuthMode::kCase, .subject = kOperationalNodeId1 }, - .requestPath = { .cluster = kWiFiNetworkManagementCluster, .endpoint = 1, .requestType = RequestType::kAttributeWriteRequest, .entityId = 1 }, - .privilege = Privilege::kAdminister, - .allow = true }, + .requestPath = { .cluster = kWiFiNetworkManagementCluster, + .endpoint = 1, + .requestType = RequestType::kAttributeWriteRequest, + .entityId = 1 }, + .privilege = Privilege::kAdminister, + .allow = true }, { .subjectDescriptor = { .fabricIndex = 1, .authMode = AuthMode::kCase, .subject = kOperationalNodeId1 }, - .requestPath = { .cluster = kWiFiNetworkManagementCluster, .endpoint = 1, .requestType = RequestType::kAttributeReadRequest, .entityId = 1 }, - .privilege = Privilege::kAdminister, - .allow = true }, + .requestPath = { .cluster = kWiFiNetworkManagementCluster, + .endpoint = 1, + .requestType = RequestType::kAttributeReadRequest, + .entityId = 1 }, + .privilege = Privilege::kAdminister, + .allow = true }, { .subjectDescriptor = { .fabricIndex = 1, .authMode = AuthMode::kCase, .subject = kOperationalNodeId1 }, - .requestPath = { .cluster = kWiFiNetworkManagementCluster, .endpoint = 1, .requestType = RequestType::kCommandInvokeRequest, .entityId = 1 }, - .privilege = Privilege::kAdminister, - .allow = false }, + .requestPath = { .cluster = kWiFiNetworkManagementCluster, + .endpoint = 1, + .requestType = RequestType::kCommandInvokeRequest, + .entityId = 1 }, + .privilege = Privilege::kAdminister, + .allow = false }, { .subjectDescriptor = { .fabricIndex = 1, .authMode = AuthMode::kCase, .subject = kOperationalNodeId1 }, - .requestPath = { .cluster = kWiFiNetworkManagementCluster, .endpoint = 1, .requestType = RequestType::kEventReadRequest, .entityId = 1 }, - .privilege = Privilege::kAdminister, - .allow = true }, + .requestPath = { .cluster = kWiFiNetworkManagementCluster, + .endpoint = 1, + .requestType = RequestType::kEventReadRequest, + .entityId = 1 }, + .privilege = Privilege::kAdminister, + .allow = true }, }; TEST_F(TestAccessRestriction, CommandRestrictionTest) @@ -419,21 +455,33 @@ TEST_F(TestAccessRestriction, CommandRestrictionTest) constexpr CheckData eventAttributeRestrictionTestData[] = { { .subjectDescriptor = { .fabricIndex = 1, .authMode = AuthMode::kCase, .subject = kOperationalNodeId1 }, - .requestPath = { .cluster = kWiFiNetworkManagementCluster, .endpoint = 1, .requestType = RequestType::kAttributeWriteRequest, .entityId = 1 }, - .privilege = Privilege::kAdminister, - .allow = true }, + .requestPath = { .cluster = kWiFiNetworkManagementCluster, + .endpoint = 1, + .requestType = RequestType::kAttributeWriteRequest, + .entityId = 1 }, + .privilege = Privilege::kAdminister, + .allow = true }, { .subjectDescriptor = { .fabricIndex = 1, .authMode = AuthMode::kCase, .subject = kOperationalNodeId1 }, - .requestPath = { .cluster = kWiFiNetworkManagementCluster, .endpoint = 1, .requestType = RequestType::kAttributeReadRequest, .entityId = 1 }, - .privilege = Privilege::kAdminister, - .allow = true }, + .requestPath = { .cluster = kWiFiNetworkManagementCluster, + .endpoint = 1, + .requestType = RequestType::kAttributeReadRequest, + .entityId = 1 }, + .privilege = Privilege::kAdminister, + .allow = true }, { .subjectDescriptor = { .fabricIndex = 1, .authMode = AuthMode::kCase, .subject = kOperationalNodeId1 }, - .requestPath = { .cluster = kWiFiNetworkManagementCluster, .endpoint = 1, .requestType = RequestType::kCommandInvokeRequest, .entityId = 1 }, - .privilege = Privilege::kAdminister, - .allow = true }, + .requestPath = { .cluster = kWiFiNetworkManagementCluster, + .endpoint = 1, + .requestType = RequestType::kCommandInvokeRequest, + .entityId = 1 }, + .privilege = Privilege::kAdminister, + .allow = true }, { .subjectDescriptor = { .fabricIndex = 1, .authMode = AuthMode::kCase, .subject = kOperationalNodeId1 }, - .requestPath = { .cluster = kWiFiNetworkManagementCluster, .endpoint = 1, .requestType = RequestType::kEventReadRequest, .entityId = 1 }, - .privilege = Privilege::kAdminister, - .allow = false }, + .requestPath = { .cluster = kWiFiNetworkManagementCluster, + .endpoint = 1, + .requestType = RequestType::kEventReadRequest, + .entityId = 1 }, + .privilege = Privilege::kAdminister, + .allow = false }, }; TEST_F(TestAccessRestriction, EventRestrictionTest) @@ -460,41 +508,68 @@ TEST_F(TestAccessRestriction, EventRestrictionTest) constexpr CheckData combinedRestrictionTestData[] = { { .subjectDescriptor = { .fabricIndex = 1, .authMode = AuthMode::kCase, .subject = kOperationalNodeId1 }, - .requestPath = { .cluster = kWiFiNetworkManagementCluster, .endpoint = 1, .requestType = RequestType::kAttributeWriteRequest, .entityId = 1 }, - .privilege = Privilege::kAdminister, - .allow = false }, + .requestPath = { .cluster = kWiFiNetworkManagementCluster, + .endpoint = 1, + .requestType = RequestType::kAttributeWriteRequest, + .entityId = 1 }, + .privilege = Privilege::kAdminister, + .allow = false }, { .subjectDescriptor = { .fabricIndex = 1, .authMode = AuthMode::kCase, .subject = kOperationalNodeId1 }, - .requestPath = { .cluster = kWiFiNetworkManagementCluster, .endpoint = 1, .requestType = RequestType::kAttributeReadRequest, .entityId = 2 }, - .privilege = Privilege::kAdminister, - .allow = false }, + .requestPath = { .cluster = kWiFiNetworkManagementCluster, + .endpoint = 1, + .requestType = RequestType::kAttributeReadRequest, + .entityId = 2 }, + .privilege = Privilege::kAdminister, + .allow = false }, { .subjectDescriptor = { .fabricIndex = 1, .authMode = AuthMode::kCase, .subject = kOperationalNodeId1 }, - .requestPath = { .cluster = kWiFiNetworkManagementCluster, .endpoint = 1, .requestType = RequestType::kAttributeWriteRequest, .entityId = 3 }, - .privilege = Privilege::kAdminister, - .allow = true }, + .requestPath = { .cluster = kWiFiNetworkManagementCluster, + .endpoint = 1, + .requestType = RequestType::kAttributeWriteRequest, + .entityId = 3 }, + .privilege = Privilege::kAdminister, + .allow = true }, { .subjectDescriptor = { .fabricIndex = 1, .authMode = AuthMode::kCase, .subject = kOperationalNodeId1 }, - .requestPath = { .cluster = kWiFiNetworkManagementCluster, .endpoint = 1, .requestType = RequestType::kAttributeReadRequest, .entityId = 4 }, - .privilege = Privilege::kAdminister, - .allow = true }, + .requestPath = { .cluster = kWiFiNetworkManagementCluster, + .endpoint = 1, + .requestType = RequestType::kAttributeReadRequest, + .entityId = 4 }, + .privilege = Privilege::kAdminister, + .allow = true }, { .subjectDescriptor = { .fabricIndex = 1, .authMode = AuthMode::kCase, .subject = kOperationalNodeId1 }, - .requestPath = { .cluster = kWiFiNetworkManagementCluster, .endpoint = 1, .requestType = RequestType::kAttributeReadRequest, .entityId = 3 }, - .privilege = Privilege::kAdminister, - .allow = true }, + .requestPath = { .cluster = kWiFiNetworkManagementCluster, + .endpoint = 1, + .requestType = RequestType::kAttributeReadRequest, + .entityId = 3 }, + .privilege = Privilege::kAdminister, + .allow = true }, { .subjectDescriptor = { .fabricIndex = 1, .authMode = AuthMode::kCase, .subject = kOperationalNodeId1 }, - .requestPath = { .cluster = kWiFiNetworkManagementCluster, .endpoint = 1, .requestType = RequestType::kCommandInvokeRequest, .entityId = 4 }, - .privilege = Privilege::kAdminister, - .allow = true }, + .requestPath = { .cluster = kWiFiNetworkManagementCluster, + .endpoint = 1, + .requestType = RequestType::kCommandInvokeRequest, + .entityId = 4 }, + .privilege = Privilege::kAdminister, + .allow = true }, { .subjectDescriptor = { .fabricIndex = 1, .authMode = AuthMode::kCase, .subject = kOperationalNodeId1 }, - .requestPath = { .cluster = kWiFiNetworkManagementCluster, .endpoint = 1, .requestType = RequestType::kEventReadRequest, .entityId = 5 }, - .privilege = Privilege::kAdminister, - .allow = true }, + .requestPath = { .cluster = kWiFiNetworkManagementCluster, + .endpoint = 1, + .requestType = RequestType::kEventReadRequest, + .entityId = 5 }, + .privilege = Privilege::kAdminister, + .allow = true }, { .subjectDescriptor = { .fabricIndex = 2, .authMode = AuthMode::kCase, .subject = kOperationalNodeId2 }, - .requestPath = { .cluster = kWiFiNetworkManagementCluster, .endpoint = 1, .requestType = RequestType::kCommandInvokeRequest, .entityId = 1 }, - .privilege = Privilege::kAdminister, - .allow = false }, + .requestPath = { .cluster = kWiFiNetworkManagementCluster, + .endpoint = 1, + .requestType = RequestType::kCommandInvokeRequest, + .entityId = 1 }, + .privilege = Privilege::kAdminister, + .allow = false }, { .subjectDescriptor = { .fabricIndex = 2, .authMode = AuthMode::kCase, .subject = kOperationalNodeId2 }, - .requestPath = { .cluster = kWiFiNetworkManagementCluster, .endpoint = 1, .requestType = RequestType::kAttributeWriteRequest, .entityId = 2 }, - .privilege = Privilege::kAdminister, - .allow = true }, + .requestPath = { .cluster = kWiFiNetworkManagementCluster, + .endpoint = 1, + .requestType = RequestType::kAttributeWriteRequest, + .entityId = 2 }, + .privilege = Privilege::kAdminister, + .allow = true }, }; TEST_F(TestAccessRestriction, CombinedRestrictionTest) @@ -563,22 +638,46 @@ TEST_F(TestAccessRestriction, AttributeStorageSeperationTest) } constexpr CheckData listSelectionDuringCommissioningData[] = { - { .subjectDescriptor = { .fabricIndex = 1, .authMode = AuthMode::kCase, .subject = kOperationalNodeId1, .isCommissioning = true }, - .requestPath = { .cluster = kWiFiNetworkManagementCluster, .endpoint = 1, .requestType = RequestType::kAttributeReadRequest, .entityId = 1 }, - .privilege = Privilege::kAdminister, - .allow = true }, - { .subjectDescriptor = { .fabricIndex = 1, .authMode = AuthMode::kCase, .subject = kOperationalNodeId1, .isCommissioning = true }, - .requestPath = { .cluster = kThreadBorderRouterMgmtCluster, .endpoint = 1, .requestType = RequestType::kAttributeReadRequest, .entityId = 1 }, - .privilege = Privilege::kAdminister, - .allow = false }, - { .subjectDescriptor = { .fabricIndex = 1, .authMode = AuthMode::kCase, .subject = kOperationalNodeId1, .isCommissioning = false }, - .requestPath = { .cluster = kWiFiNetworkManagementCluster, .endpoint = 1, .requestType = RequestType::kAttributeReadRequest, .entityId = 1 }, - .privilege = Privilege::kAdminister, - .allow = false }, - { .subjectDescriptor = { .fabricIndex = 1, .authMode = AuthMode::kCase, .subject = kOperationalNodeId1, .isCommissioning = false }, - .requestPath = { .cluster = kThreadBorderRouterMgmtCluster, .endpoint = 1, .requestType = RequestType::kAttributeReadRequest, .entityId = 1 }, - .privilege = Privilege::kAdminister, - .allow = true }, + { .subjectDescriptor = { .fabricIndex = 1, + .authMode = AuthMode::kCase, + .subject = kOperationalNodeId1, + .isCommissioning = true }, + .requestPath = { .cluster = kWiFiNetworkManagementCluster, + .endpoint = 1, + .requestType = RequestType::kAttributeReadRequest, + .entityId = 1 }, + .privilege = Privilege::kAdminister, + .allow = true }, + { .subjectDescriptor = { .fabricIndex = 1, + .authMode = AuthMode::kCase, + .subject = kOperationalNodeId1, + .isCommissioning = true }, + .requestPath = { .cluster = kThreadBorderRouterMgmtCluster, + .endpoint = 1, + .requestType = RequestType::kAttributeReadRequest, + .entityId = 1 }, + .privilege = Privilege::kAdminister, + .allow = false }, + { .subjectDescriptor = { .fabricIndex = 1, + .authMode = AuthMode::kCase, + .subject = kOperationalNodeId1, + .isCommissioning = false }, + .requestPath = { .cluster = kWiFiNetworkManagementCluster, + .endpoint = 1, + .requestType = RequestType::kAttributeReadRequest, + .entityId = 1 }, + .privilege = Privilege::kAdminister, + .allow = false }, + { .subjectDescriptor = { .fabricIndex = 1, + .authMode = AuthMode::kCase, + .subject = kOperationalNodeId1, + .isCommissioning = false }, + .requestPath = { .cluster = kThreadBorderRouterMgmtCluster, + .endpoint = 1, + .requestType = RequestType::kAttributeReadRequest, + .entityId = 1 }, + .privilege = Privilege::kAdminister, + .allow = true }, }; TEST_F(TestAccessRestriction, ListSelectiondDuringCommissioningTest)