From d20388cf018f8af6a0098dbb1ab4d5800ff5f1f7 Mon Sep 17 00:00:00 2001 From: JimMoen Date: Wed, 23 Mar 2022 21:13:57 +0800 Subject: [PATCH] test(authz): acl file rules update --- apps/emqx_authz/test/emqx_authz_SUITE.erl | 8 ++- .../test/emqx_authz_api_sources_SUITE.erl | 4 ++ .../emqx_authz/test/emqx_authz_file_SUITE.erl | 57 +++++++------------ 3 files changed, 31 insertions(+), 38 deletions(-) diff --git a/apps/emqx_authz/test/emqx_authz_SUITE.erl b/apps/emqx_authz/test/emqx_authz_SUITE.erl index b37aecb1a..605a8782b 100644 --- a/apps/emqx_authz/test/emqx_authz_SUITE.erl +++ b/apps/emqx_authz/test/emqx_authz_SUITE.erl @@ -34,6 +34,10 @@ init_per_suite(Config) -> meck:expect(emqx_resource, create_local, fun(_, _, _, _) -> {ok, meck_data} end), meck:expect(emqx_resource, remove_local, fun(_) -> ok end), meck:expect(emqx_resource, create_dry_run_local, fun(_, _) -> ok end), + meck:expect(emqx_authz, acl_conf_file, + fun() -> + emqx_common_test_helpers:deps_path(emqx_authz, "etc/acl.conf") + end), ok = emqx_common_test_helpers:start_apps( [emqx_connector, emqx_conf, emqx_authz], @@ -116,7 +120,9 @@ set_special_configs(_App) -> }). -define(SOURCE6, #{<<"type">> => <<"file">>, <<"enable">> => true, - <<"path">> => emqx_common_test_helpers:deps_path(emqx_authz, "etc/acl.conf") + <<"rules">> => +<<"{allow,{username,\"^dashboard?\"},subscribe,[\"$SYS/#\"]}." + "\n{allow,{ipaddr,\"127.0.0.1\"},all,[\"$SYS/#\",\"#\"]}.">> }). diff --git a/apps/emqx_authz/test/emqx_authz_api_sources_SUITE.erl b/apps/emqx_authz/test/emqx_authz_api_sources_SUITE.erl index cd07b2435..72d43d23d 100644 --- a/apps/emqx_authz/test/emqx_authz_api_sources_SUITE.erl +++ b/apps/emqx_authz/test/emqx_authz_api_sources_SUITE.erl @@ -108,6 +108,10 @@ init_per_suite(Config) -> end), meck:expect(emqx_resource, health_check, fun(St) -> {ok, St} end), meck:expect(emqx_resource, remove_local, fun(_) -> ok end ), + meck:expect(emqx_authz, acl_conf_file, + fun() -> + emqx_common_test_helpers:deps_path(emqx_authz, "etc/acl.conf") + end), ok = emqx_common_test_helpers:start_apps( [emqx_conf, emqx_authz, emqx_dashboard], diff --git a/apps/emqx_authz/test/emqx_authz_file_SUITE.erl b/apps/emqx_authz/test/emqx_authz_file_SUITE.erl index 74bbf8a92..fb9849a26 100644 --- a/apps/emqx_authz/test/emqx_authz_file_SUITE.erl +++ b/apps/emqx_authz/test/emqx_authz_file_SUITE.erl @@ -22,6 +22,13 @@ -include_lib("eunit/include/eunit.hrl"). -include_lib("common_test/include/ct.hrl"). +-define(RAW_SOURCE, #{<<"type">> => <<"file">>, + <<"enable">> => true, + <<"rules">> => +<<"{allow,{username,\"^dashboard?\"},subscribe,[\"$SYS/#\"]}." + "\n{allow,{ipaddr,\"127.0.0.1\"},all,[\"$SYS/#\",\"#\"]}.">> + }). + all() -> emqx_common_test_helpers:all(?MODULE). @@ -32,6 +39,11 @@ init_per_suite(Config) -> ok = emqx_common_test_helpers:start_apps( [emqx_conf, emqx_authz], fun set_special_configs/1), + %% meck after authz started + meck:expect(emqx_authz, acl_conf_file, + fun() -> + emqx_common_test_helpers:deps_path(emqx_authz, "etc/acl.conf") + end), Config. end_per_suite(_Config) -> @@ -61,8 +73,9 @@ t_ok(_Config) -> listener => {tcp, default} }, - ok = setup_rules([{allow, {user, "username"}, publish, ["t"]}]), - ok = setup_config(#{}), + ok = setup_config(?RAW_SOURCE#{<<"rules">> => <<"{allow, {user, \"username\"}, publish, [\"t\"]}.">>}), + + io:format("~p", [emqx_authz:acl_conf_file()]), ?assertEqual( allow, @@ -73,61 +86,31 @@ t_ok(_Config) -> emqx_access_control:authorize(ClientInfo, subscribe, <<"t">>)). t_invalid_file(_Config) -> - ok = file:write_file(<<"acl.conf">>, <<"{{invalid term">>), - ?assertMatch( {error, bad_acl_file_content}, - emqx_authz:update(?CMD_REPLACE, [raw_file_authz_config()])). - -t_nonexistent_file(_Config) -> - ?assertEqual( - {error, failed_to_read_acl_file}, - emqx_authz:update(?CMD_REPLACE, - [maps:merge(raw_file_authz_config(), - #{<<"path">> => <<"nonexistent.conf">>}) - ])). + emqx_authz:update(?CMD_REPLACE, [?RAW_SOURCE#{<<"rules">> => <<"{{invalid term">>}])). t_update(_Config) -> - ok = setup_rules([{allow, {user, "username"}, publish, ["t"]}]), - ok = setup_config(#{}), + ok = setup_config(?RAW_SOURCE#{<<"rules">> => <<"{allow, {user, \"username\"}, publish, [\"t\"]}.">>}), ?assertMatch( {error, _}, emqx_authz:update( {?CMD_REPLACE, file}, - maps:merge(raw_file_authz_config(), - #{<<"path">> => <<"nonexistent.conf">>}))), + ?RAW_SOURCE#{<<"rules">> => <<"{{invalid term">>})), ?assertMatch( {ok, _}, emqx_authz:update( - {?CMD_REPLACE, file}, - raw_file_authz_config())). + {?CMD_REPLACE, file}, ?RAW_SOURCE)). %%------------------------------------------------------------------------------ %% Helpers %%------------------------------------------------------------------------------ -raw_file_authz_config() -> - #{ - <<"enable">> => <<"true">>, - - <<"type">> => <<"file">>, - <<"path">> => <<"acl.conf">> - }. - -setup_rules(Rules) -> - {ok, F} = file:open(<<"acl.conf">>, [write]), - lists:foreach( - fun(Rule) -> - io:format(F, "~p.~n", [Rule]) - end, - Rules), - ok = file:close(F). - setup_config(SpecialParams) -> emqx_authz_test_lib:setup_config( - raw_file_authz_config(), + ?RAW_SOURCE, SpecialParams). stop_apps(Apps) ->