[Internal] PermissionTests: Adds CosmosPermissionTests Coverage (#3593)

prasadu-microsoft · web-flow · commit 28318b0fe2cb · 2022-12-01T08:24:15.000-08:00
* Ensures that both Direct and Gateway connection modes are tested
* Validates that container read works with PermissionMode.Read (test was previously only validating that Delete was blocked - i.e. the negative case).
diff --git a/Microsoft.Azure.Cosmos/tests/Microsoft.Azure.Cosmos.EmulatorTests/CosmosPermissionTests.cs b/Microsoft.Azure.Cosmos/tests/Microsoft.Azure.Cosmos.EmulatorTests/CosmosPermissionTests.cs
@@ -107,8 +107,15 @@ public async Task CRUDTest()
         }
 
         [TestMethod]
-        public async Task ContainerResourcePermissionTest()
+        [DataRow(ConnectionMode.Gateway)]
+        [DataRow(ConnectionMode.Direct)]
+        public async Task ContainerResourcePermissionTest(ConnectionMode mode)
         {
+            CosmosClientOptions cosmosClientOptions = new CosmosClientOptions()
+            {
+                ConnectionMode = mode,
+            };
+
             //create user
             string userId = Guid.NewGuid().ToString();
             UserResponse userResponse = await this.cosmosDatabase.CreateUserAsync(userId);
@@ -121,7 +128,7 @@ public async Task ContainerResourcePermissionTest()
             ContainerResponse containerResponse = await this.cosmosDatabase.CreateContainerAsync(containerId, "/id");
             Assert.AreEqual(HttpStatusCode.Created, containerResponse.StatusCode);
             Container container = containerResponse.Container;
-            
+
             //create permission
             string permissionId = Guid.NewGuid().ToString();
             PermissionProperties permissionProperties = new PermissionProperties(permissionId, PermissionMode.Read, container);
@@ -131,9 +138,18 @@ public async Task ContainerResourcePermissionTest()
             Assert.AreEqual(permissionId, permission.Id);
             Assert.AreEqual(permissionProperties.PermissionMode, permission.PermissionMode);
 
-            //delete resource with PermissionMode.Read
-            using (CosmosClient tokenCosmosClient = TestCommon.CreateCosmosClient(clientOptions: null, resourceToken: permission.Token))
+            using (CosmosClient tokenCosmosClient = TestCommon.CreateCosmosClient(cosmosClientOptions, resourceToken: permission.Token))
             {
+                Container readContainerRef = tokenCosmosClient.GetContainer(this.cosmosDatabase.Id, containerId);
+
+                //read resource with PermissionMode.Read
+                using FeedIterator<dynamic> feedIterator = readContainerRef.GetItemQueryIterator<dynamic>("SELECT * FROM c");
+                while (feedIterator.HasMoreResults)
+                {
+                    _  = await feedIterator.ReadNextAsync();
+                }
+
+                //delete resource with PermissionMode.Read
                 try
                 {
                     ContainerResponse response = await tokenCosmosClient
@@ -147,14 +163,14 @@ public async Task ContainerResourcePermissionTest()
                     Assert.AreEqual(HttpStatusCode.Forbidden, ex.StatusCode);
                 }
             }
-           
+
             //update permission to PermissionMode.All
             permissionProperties = new PermissionProperties(permissionId, PermissionMode.All, container);
             permissionResponse = await user.GetPermission(permissionId).ReplaceAsync(permissionProperties);
             permission = permissionResponse.Resource;
 
             //delete resource with PermissionMode.All
-            using (CosmosClient tokenCosmosClient = TestCommon.CreateCosmosClient(clientOptions: null, resourceToken: permission.Token))
+            using (CosmosClient tokenCosmosClient = TestCommon.CreateCosmosClient(cosmosClientOptions, resourceToken: permission.Token))
             {
                 ContainerResponse response = await tokenCosmosClient
                     .GetDatabase(this.cosmosDatabase.Id)
@@ -284,8 +300,15 @@ await container.CreateItemAsync<ToDoActivity>(
         }
 
         [TestMethod]
-        public async Task ItemResourcePermissionTest()
+        [DataRow(ConnectionMode.Gateway)]
+        [DataRow(ConnectionMode.Direct)]
+        public async Task ItemResourcePermissionTest(ConnectionMode connectionMode)
         {
+            CosmosClientOptions cosmosClientOptions = new CosmosClientOptions()
+            {
+                ConnectionMode = connectionMode
+            };
+
             //create user
             string userId = Guid.NewGuid().ToString();
             UserResponse userResponse = await this.cosmosDatabase.CreateUserAsync(userId);
@@ -313,13 +336,15 @@ public async Task ItemResourcePermissionTest()
             Assert.AreEqual(permissionId, permission.Id);
             Assert.AreEqual(permissionProperties.PermissionMode, permission.PermissionMode);
 
-            //delete resource with PermissionMode.Read
-            using (CosmosClient tokenCosmosClient = TestCommon.CreateCosmosClient(clientOptions: null, resourceToken: permission.Token))
+            using (CosmosClient tokenCosmosClient = TestCommon.CreateCosmosClient(clientOptions: cosmosClientOptions, resourceToken: permission.Token))
             {
                 Container tokenContainer = tokenCosmosClient.GetContainer(this.cosmosDatabase.Id, containerId);
+
+                //read resource with PermissionMode.Read
                 ItemResponse<dynamic> readPermissionItem = await tokenContainer.ReadItemAsync<dynamic>(itemId, partitionKey);
                 Assert.AreEqual(itemId, readPermissionItem.Resource.id.ToString());
 
+                //delete resource with PermissionMode.Read
                 try
                 {
                     ItemResponse<dynamic> response = await tokenContainer.DeleteItemAsync<dynamic>(
@@ -340,7 +365,7 @@ public async Task ItemResourcePermissionTest()
             permission = permissionResponse.Resource;
 
             //delete resource with PermissionMode.All
-            using (CosmosClient tokenCosmosClient = TestCommon.CreateCosmosClient(clientOptions: null, resourceToken: permission.Token))
+            using (CosmosClient tokenCosmosClient = TestCommon.CreateCosmosClient(clientOptions: cosmosClientOptions, resourceToken: permission.Token))
             {
                 using (FeedIterator<dynamic> feed = tokenCosmosClient
                     .GetDatabase(this.cosmosDatabase.Id)
@@ -357,8 +382,15 @@ public async Task ItemResourcePermissionTest()
         }
 
         [TestMethod]
-        public async Task EnsureUnauthorized_ThrowsCosmosClientException()
+        [DataRow(ConnectionMode.Gateway)]
+        [DataRow(ConnectionMode.Direct)]
+        public async Task EnsureUnauthorized_ThrowsCosmosClientException(ConnectionMode connectionMode)
         {
+            CosmosClientOptions cosmosClientOptions = new CosmosClientOptions()
+            {
+                ConnectionMode = connectionMode
+            };
+
             string authKey = ConfigurationManager.AppSettings["MasterKey"];
             string endpoint = ConfigurationManager.AppSettings["GatewayEndpoint"];
 
@@ -367,55 +399,83 @@ public async Task EnsureUnauthorized_ThrowsCosmosClientException()
 
             using CosmosClient cosmosClient = new CosmosClient(
                 endpoint,
-                authKey);
+                authKey,
+                cosmosClientOptions);
 
             CosmosException exception = await Assert.ThrowsExceptionAsync<CosmosException>(() => cosmosClient.GetContainer("test", "test").ReadItemAsync<dynamic>("test", new PartitionKey("test")));
             Assert.AreEqual(HttpStatusCode.Unauthorized, exception.StatusCode);
         }
 
         [TestMethod]
-        public async Task EnsureUnauthorized_ThrowsCosmosClientException_ReadAccountAsync()
+        [DataRow(ConnectionMode.Gateway)]
+        [DataRow(ConnectionMode.Direct)]
+        public async Task EnsureUnauthorized_ThrowsCosmosClientException_ReadAccountAsync(ConnectionMode connectionMode)
         {
+            CosmosClientOptions cosmosClientOptions = new CosmosClientOptions()
+            {
+                ConnectionMode = connectionMode
+            };
+
             string authKey = ConfigurationManager.AppSettings["MasterKey"];
             string endpoint = ConfigurationManager.AppSettings["GatewayEndpoint"];
 
             // Take the key and change some middle character
             authKey = authKey.Replace("m", "M");
-            CosmosClient  cosmosClient = new CosmosClient(endpoint, authKey);
+            using CosmosClient  cosmosClient = new CosmosClient(
+                endpoint,
+                authKey,
+                cosmosClientOptions);
 
             CosmosException exception1 = await Assert.ThrowsExceptionAsync<CosmosException>(() => cosmosClient.ReadAccountAsync());
             Assert.AreEqual(HttpStatusCode.Unauthorized, exception1.StatusCode);
 
         }
 
         [TestMethod]
-        public async Task EnsureUnauthorized_Writes_ThrowsCosmosClientException()
+        [DataRow(ConnectionMode.Gateway)]
+        [DataRow(ConnectionMode.Direct)]
+        public async Task EnsureUnauthorized_Writes_ThrowsCosmosClientException(ConnectionMode connectionMode)
         {
+            CosmosClientOptions cosmosClientOptions = new CosmosClientOptions()
+            {
+                ConnectionMode = connectionMode
+            };
+
             string authKey = ConfigurationManager.AppSettings["MasterKey"];
             string endpoint = ConfigurationManager.AppSettings["GatewayEndpoint"];
-            
+
             // Take the key and change some middle character
             authKey = authKey.Replace("m", "M");
 
             using CosmosClient cosmosClient = new CosmosClient(
                 endpoint,
-                authKey);
+                authKey,
+                cosmosClientOptions);
+
             CosmosException exception = await Assert.ThrowsExceptionAsync<CosmosException>(() => cosmosClient.GetContainer("test", "test").CreateItemAsync<dynamic>(new { id = "test" }));
             Assert.AreEqual(HttpStatusCode.Unauthorized, exception.StatusCode);
         }
 
         [TestMethod]
-        public async Task EnsureUnauthorized_Query_ThrowsCosmosClientException()
+        [DataRow(ConnectionMode.Gateway)]
+        [DataRow(ConnectionMode.Direct)]
+        public async Task EnsureUnauthorized_Query_ThrowsCosmosClientException(ConnectionMode connectionMode)
         {
+            CosmosClientOptions cosmosClientOptions = new CosmosClientOptions()
+            {
+                ConnectionMode = connectionMode
+            };
+
             string authKey = ConfigurationManager.AppSettings["MasterKey"];
             string endpoint = ConfigurationManager.AppSettings["GatewayEndpoint"];
-            
+
             // Take the key and change some middle character
             authKey = authKey.Replace("m", "M");
 
             using CosmosClient cosmosClient = new CosmosClient(
                 endpoint,
-                authKey);
+                authKey,
+                cosmosClientOptions);
 
             using FeedIterator<dynamic> iterator = cosmosClient.GetContainer("test", "test").GetItemQueryIterator<dynamic>("SELECT * FROM c");
 
