From ea8f444bdab1054d0ee1169b95dcb7787e98f101 Mon Sep 17 00:00:00 2001 From: Thales Macedo Garitezi Date: Tue, 20 Sep 2022 14:55:06 -0300 Subject: [PATCH] test(mongo): add more acl tests With this commit, we reach 100 % coverage over `emqx_acl_mongo`. --- apps/emqx_auth_mongo/src/emqx_acl_mongo.erl | 1 - .../test/emqx_auth_mongo_SUITE.erl | 31 +++++++++++++++++-- 2 files changed, 29 insertions(+), 3 deletions(-) diff --git a/apps/emqx_auth_mongo/src/emqx_acl_mongo.erl b/apps/emqx_auth_mongo/src/emqx_acl_mongo.erl index 491fad9ad..19e600454 100644 --- a/apps/emqx_auth_mongo/src/emqx_acl_mongo.erl +++ b/apps/emqx_auth_mongo/src/emqx_acl_mongo.erl @@ -79,4 +79,3 @@ feedvar(Str, Var, Val) -> re:replace(Str, Var, Val, [global, {return, binary}]). description() -> "ACL with MongoDB". - diff --git a/apps/emqx_auth_mongo/test/emqx_auth_mongo_SUITE.erl b/apps/emqx_auth_mongo/test/emqx_auth_mongo_SUITE.erl index dc487891c..8b26a68fc 100644 --- a/apps/emqx_auth_mongo/test/emqx_auth_mongo_SUITE.erl +++ b/apps/emqx_auth_mongo/test/emqx_auth_mongo_SUITE.erl @@ -210,9 +210,13 @@ deinit_mongo_data() -> %%-------------------------------------------------------------------- %% for full coverage ;-) -t_description(_Config) -> +t_authn_description(_Config) -> ?assert(is_list(emqx_auth_mongo:description())). +%% for full coverage ;-) +t_acl_description(_Config) -> + ?assert(is_list(emqx_acl_mongo:description())). + t_check_auth(_) -> Plain = #{zone => external, clientid => <<"client1">>, username => <<"plain">>}, Plain1 = #{zone => external, clientid => <<"client1">>, username => <<"plain2">>}, @@ -375,7 +379,30 @@ t_check_acl(_) -> allow = emqx_access_control:check_acl(User2, subscribe, <<"$SYS/testuser/1">>), allow = emqx_access_control:check_acl(User3, publish, <<"a/b/c">>), deny = emqx_access_control:check_acl(User3, publish, <<"c">>), - deny = emqx_access_control:check_acl(User4, publish, <<"a/b/c">>). + deny = emqx_access_control:check_acl(User4, publish, <<"a/b/c">>), + %% undefined value to interpolate + User1Undef = User1#{clientid => undefined}, + allow = emqx_access_control:check_acl(User1Undef, subscribe, <<"users/testuser/1">>), + ok. + +t_acl_empty_results(_Config) -> + #aclquery{selector = Selector} = aclquery(), + User1 = #{zone => external, clientid => <<"client1">>, username => <<"testuser">>}, + try + reload({acl_query, [{selector, []}]}), + ?assertEqual(deny, emqx_access_control:check_acl(User1, subscribe, <<"users/testuser/1">>)), + ok + after + reload({acl_query, [{selector, Selector}]}) + end, + ok. + +t_acl_exception(_Config) -> + %% FIXME: is there a more authentic way to produce an exception in + %% `match'??? + User1 = #{zone => external, clientid => not_a_binary, username => <<"testuser">>}, + ?assertEqual(deny, emqx_access_control:check_acl(User1, subscribe, <<"users/testuser/1">>)), + ok. t_acl_super(_) -> reload({auth_query, [{password_hash, plain}, {password_field, [<<"password">>]}]}),