yuanbiao
/
emqx
1
0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

test(authz): acl file rules update

This commit is contained in:
JimMoen 2022-03-23 21:13:57 +08:00
parent fc687bed27
commit d20388cf01
3 changed files with 31 additions and 38 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
apps/emqx_authz/test/emqx_authz_SUITE.erl
View File

@ -34,6 +34,10 @@ init_per_suite(Config) ->
meck:expect(emqx_resource, create_local, fun(_, _, _, _) -> {ok, meck_data} end), meck:expect(emqx_resource, create_local, fun(_, _, _, _) -> {ok, meck_data} end),
meck:expect(emqx_resource, remove_local, fun(_) -> ok end), meck:expect(emqx_resource, remove_local, fun(_) -> ok end),
meck:expect(emqx_resource, create_dry_run_local, fun(_, _) -> ok end), meck:expect(emqx_resource, create_dry_run_local, fun(_, _) -> ok end),
meck:expect(emqx_authz, acl_conf_file,
fun() ->
emqx_common_test_helpers:deps_path(emqx_authz, "etc/acl.conf")
end),
ok = emqx_common_test_helpers:start_apps( ok = emqx_common_test_helpers:start_apps(
[emqx_connector, emqx_conf, emqx_authz], [emqx_connector, emqx_conf, emqx_authz],
@ -116,7 +120,9 @@ set_special_configs(_App) ->
}). }).
-define(SOURCE6, #{<<"type">> => <<"file">>, -define(SOURCE6, #{<<"type">> => <<"file">>,
<<"enable">> => true, <<"enable">> => true,
<<"path">> => emqx_common_test_helpers:deps_path(emqx_authz, "etc/acl.conf") <<"rules">> =>
<<"{allow,{username,\"^dashboard?\"},subscribe,[\"$SYS/#\"]}."
"\n{allow,{ipaddr,\"127.0.0.1\"},all,[\"$SYS/#\",\"#\"]}.">>
}). }).

4
apps/emqx_authz/test/emqx_authz_api_sources_SUITE.erl
View File

@ -108,6 +108,10 @@ init_per_suite(Config) ->
end), end),
meck:expect(emqx_resource, health_check, fun(St) -> {ok, St} end), meck:expect(emqx_resource, health_check, fun(St) -> {ok, St} end),
meck:expect(emqx_resource, remove_local, fun(_) -> ok end ), meck:expect(emqx_resource, remove_local, fun(_) -> ok end ),
meck:expect(emqx_authz, acl_conf_file,
fun() ->
emqx_common_test_helpers:deps_path(emqx_authz, "etc/acl.conf")
end),
ok = emqx_common_test_helpers:start_apps( ok = emqx_common_test_helpers:start_apps(
[emqx_conf, emqx_authz, emqx_dashboard], [emqx_conf, emqx_authz, emqx_dashboard],

57
apps/emqx_authz/test/emqx_authz_file_SUITE.erl
View File

@ -22,6 +22,13 @@
-include_lib("eunit/include/eunit.hrl"). -include_lib("eunit/include/eunit.hrl").
-include_lib("common_test/include/ct.hrl"). -include_lib("common_test/include/ct.hrl").
-define(RAW_SOURCE, #{<<"type">> => <<"file">>,
<<"enable">> => true,
<<"rules">> =>
<<"{allow,{username,\"^dashboard?\"},subscribe,[\"$SYS/#\"]}."
"\n{allow,{ipaddr,\"127.0.0.1\"},all,[\"$SYS/#\",\"#\"]}.">>
}).
all() -> all() ->
emqx_common_test_helpers:all(?MODULE). emqx_common_test_helpers:all(?MODULE).
@ -32,6 +39,11 @@ init_per_suite(Config) ->
ok = emqx_common_test_helpers:start_apps( ok = emqx_common_test_helpers:start_apps(
[emqx_conf, emqx_authz], [emqx_conf, emqx_authz],
fun set_special_configs/1), fun set_special_configs/1),
%% meck after authz started
meck:expect(emqx_authz, acl_conf_file,
fun() ->
emqx_common_test_helpers:deps_path(emqx_authz, "etc/acl.conf")
end),
Config. Config.
end_per_suite(_Config) -> end_per_suite(_Config) ->
@ -61,8 +73,9 @@ t_ok(_Config) ->
listener => {tcp, default} listener => {tcp, default}
}, },
ok = setup_rules([{allow, {user, "username"}, publish, ["t"]}]), ok = setup_config(?RAW_SOURCE#{<<"rules">> => <<"{allow, {user, \"username\"}, publish, [\"t\"]}.">>}),
ok = setup_config(#{}),
io:format("~p", [emqx_authz:acl_conf_file()]),
?assertEqual( ?assertEqual(
allow, allow,
@ -73,61 +86,31 @@ t_ok(_Config) ->
emqx_access_control:authorize(ClientInfo, subscribe, <<"t">>)). emqx_access_control:authorize(ClientInfo, subscribe, <<"t">>)).
t_invalid_file(_Config) -> t_invalid_file(_Config) ->
ok = file:write_file(<<"acl.conf">>, <<"{{invalid term">>),
?assertMatch( ?assertMatch(
{error, bad_acl_file_content}, {error, bad_acl_file_content},
emqx_authz:update(?CMD_REPLACE, [raw_file_authz_config()])). emqx_authz:update(?CMD_REPLACE, [?RAW_SOURCE#{<<"rules">> => <<"{{invalid term">>}])).
t_nonexistent_file(_Config) ->
?assertEqual(
{error, failed_to_read_acl_file},
emqx_authz:update(?CMD_REPLACE,
[maps:merge(raw_file_authz_config(),
#{<<"path">> => <<"nonexistent.conf">>})
])).
t_update(_Config) -> t_update(_Config) ->
ok = setup_rules([{allow, {user, "username"}, publish, ["t"]}]), ok = setup_config(?RAW_SOURCE#{<<"rules">> => <<"{allow, {user, \"username\"}, publish, [\"t\"]}.">>}),
ok = setup_config(#{}),
?assertMatch( ?assertMatch(
{error, _}, {error, _},
emqx_authz:update( emqx_authz:update(
{?CMD_REPLACE, file}, {?CMD_REPLACE, file},
maps:merge(raw_file_authz_config(), ?RAW_SOURCE#{<<"rules">> => <<"{{invalid term">>})),
#{<<"path">> => <<"nonexistent.conf">>}))),
?assertMatch( ?assertMatch(
{ok, _}, {ok, _},
emqx_authz:update( emqx_authz:update(
{?CMD_REPLACE, file}, {?CMD_REPLACE, file}, ?RAW_SOURCE)).
raw_file_authz_config())).
%%------------------------------------------------------------------------------ %%------------------------------------------------------------------------------
%% Helpers %% Helpers
%%------------------------------------------------------------------------------ %%------------------------------------------------------------------------------
raw_file_authz_config() ->
#{
<<"enable">> => <<"true">>,
<<"type">> => <<"file">>,
<<"path">> => <<"acl.conf">>
}.
setup_rules(Rules) ->
{ok, F} = file:open(<<"acl.conf">>, [write]),
lists:foreach(
fun(Rule) ->
io:format(F, "~p.~n", [Rule])
end,
Rules),
ok = file:close(F).
setup_config(SpecialParams) -> setup_config(SpecialParams) ->
emqx_authz_test_lib:setup_config( emqx_authz_test_lib:setup_config(
raw_file_authz_config(), ?RAW_SOURCE,
SpecialParams). SpecialParams).
stop_apps(Apps) -> stop_apps(Apps) ->