test(authz): acl file rules update

2022-03-23 21:13:57 +08:00 · 2022-03-23 21:13:57 +08:00 · d20388cf01
parent fc687bed27
commit d20388cf01
3 changed files with 31 additions and 38 deletions
--- a/apps/emqx_authz/test/emqx_authz_SUITE.erl
+++ b/apps/emqx_authz/test/emqx_authz_SUITE.erl
@ -34,6 +34,10 @@ init_per_suite(Config) ->
    meck:expect(emqx_resource, create_local, fun(_, _, _, _) -> {ok, meck_data} end),
    meck:expect(emqx_resource, remove_local, fun(_) -> ok end),
    meck:expect(emqx_resource, create_dry_run_local, fun(_, _) -> ok end),
+    meck:expect(emqx_authz, acl_conf_file,
+                fun() ->
+                        emqx_common_test_helpers:deps_path(emqx_authz, "etc/acl.conf")
+                end),

    ok = emqx_common_test_helpers:start_apps(
           [emqx_connector, emqx_conf, emqx_authz],
@ -116,7 +120,9 @@ set_special_configs(_App) ->
                  }).
 -define(SOURCE6, #{<<"type">> => <<"file">>,
                   <<"enable">> => true,
-                   <<"path">> => emqx_common_test_helpers:deps_path(emqx_authz, "etc/acl.conf")
+                   <<"rules">> =>
+<<"{allow,{username,\"^dashboard?\"},subscribe,[\"$SYS/#\"]}."
+  "\n{allow,{ipaddr,\"127.0.0.1\"},all,[\"$SYS/#\",\"#\"]}.">>
                  }).


--- a/apps/emqx_authz/test/emqx_authz_api_sources_SUITE.erl
+++ b/apps/emqx_authz/test/emqx_authz_api_sources_SUITE.erl
@ -108,6 +108,10 @@ init_per_suite(Config) ->
                end),
    meck:expect(emqx_resource, health_check, fun(St) -> {ok, St} end),
    meck:expect(emqx_resource, remove_local, fun(_) -> ok end ),
+    meck:expect(emqx_authz, acl_conf_file,
+                fun() ->
+                        emqx_common_test_helpers:deps_path(emqx_authz, "etc/acl.conf")
+                end),

    ok = emqx_common_test_helpers:start_apps(
           [emqx_conf, emqx_authz, emqx_dashboard],
--- a/apps/emqx_authz/test/emqx_authz_file_SUITE.erl
+++ b/apps/emqx_authz/test/emqx_authz_file_SUITE.erl
@ -22,6 +22,13 @@
 -include_lib("eunit/include/eunit.hrl").
 -include_lib("common_test/include/ct.hrl").

+-define(RAW_SOURCE, #{<<"type">> => <<"file">>,
+                      <<"enable">> => true,
+                      <<"rules">> =>
+<<"{allow,{username,\"^dashboard?\"},subscribe,[\"$SYS/#\"]}."
+  "\n{allow,{ipaddr,\"127.0.0.1\"},all,[\"$SYS/#\",\"#\"]}.">>
+                     }).
+
 all() ->
    emqx_common_test_helpers:all(?MODULE).

@ -32,6 +39,11 @@ init_per_suite(Config) ->
    ok = emqx_common_test_helpers:start_apps(
           [emqx_conf, emqx_authz],
           fun set_special_configs/1),
+    %% meck after authz started
+    meck:expect(emqx_authz, acl_conf_file,
+                fun() ->
+                        emqx_common_test_helpers:deps_path(emqx_authz, "etc/acl.conf")
+                end),
    Config.

 end_per_suite(_Config) ->
@ -61,8 +73,9 @@ t_ok(_Config) ->
                   listener => {tcp, default}
                  },

-    ok = setup_rules([{allow, {user, "username"}, publish, ["t"]}]),
-    ok = setup_config(#{}),
+    ok = setup_config(?RAW_SOURCE#{<<"rules">> => <<"{allow, {user, \"username\"}, publish, [\"t\"]}.">>}),
+
+    io:format("~p", [emqx_authz:acl_conf_file()]),

    ?assertEqual(
       allow,
@ -73,61 +86,31 @@ t_ok(_Config) ->
       emqx_access_control:authorize(ClientInfo, subscribe, <<"t">>)).

 t_invalid_file(_Config) ->
-    ok = file:write_file(<<"acl.conf">>, <<"{{invalid term">>),
-
    ?assertMatch(
       {error, bad_acl_file_content},
-       emqx_authz:update(?CMD_REPLACE, [raw_file_authz_config()])).
-
-t_nonexistent_file(_Config) ->
-    ?assertEqual(
-       {error, failed_to_read_acl_file},
-       emqx_authz:update(?CMD_REPLACE,
-                         [maps:merge(raw_file_authz_config(),
-                                     #{<<"path">> => <<"nonexistent.conf">>})
-                         ])).
+       emqx_authz:update(?CMD_REPLACE, [?RAW_SOURCE#{<<"rules">> => <<"{{invalid term">>}])).

 t_update(_Config) ->
-    ok = setup_rules([{allow, {user, "username"}, publish, ["t"]}]),
-    ok = setup_config(#{}),
+    ok = setup_config(?RAW_SOURCE#{<<"rules">> => <<"{allow, {user, \"username\"}, publish, [\"t\"]}.">>}),

    ?assertMatch(
       {error, _},
       emqx_authz:update(
         {?CMD_REPLACE, file},
-         maps:merge(raw_file_authz_config(),
-                    #{<<"path">> => <<"nonexistent.conf">>}))),
+         ?RAW_SOURCE#{<<"rules">> => <<"{{invalid term">>})),

    ?assertMatch(
       {ok, _},
       emqx_authz:update(
-         {?CMD_REPLACE, file},
-         raw_file_authz_config())).
+         {?CMD_REPLACE, file}, ?RAW_SOURCE)).

 %%------------------------------------------------------------------------------
 %% Helpers
 %%------------------------------------------------------------------------------

-raw_file_authz_config() ->
-    #{
-        <<"enable">> => <<"true">>,
-
-        <<"type">> => <<"file">>,
-        <<"path">> => <<"acl.conf">>
-    }.
-
-setup_rules(Rules) ->
-    {ok, F} = file:open(<<"acl.conf">>, [write]),
-    lists:foreach(
-      fun(Rule) ->
-              io:format(F, "~p.~n", [Rule])
-      end,
-      Rules),
-    ok = file:close(F).
-
 setup_config(SpecialParams) ->
    emqx_authz_test_lib:setup_config(
-      raw_file_authz_config(),
+      ?RAW_SOURCE,
      SpecialParams).

 stop_apps(Apps) ->