121 lines
3.7 KiB
Erlang
121 lines
3.7 KiB
Erlang
%%--------------------------------------------------------------------
|
|
%% Copyright (c) 2021-2023 EMQ Technologies Co., Ltd. All Rights Reserved.
|
|
%%
|
|
%% Licensed under the Apache License, Version 2.0 (the "License");
|
|
%% you may not use this file except in compliance with the License.
|
|
%% You may obtain a copy of the License at
|
|
%%
|
|
%% http://www.apache.org/licenses/LICENSE-2.0
|
|
%%
|
|
%% Unless required by applicable law or agreed to in writing, software
|
|
%% distributed under the License is distributed on an "AS IS" BASIS,
|
|
%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
%% See the License for the specific language governing permissions and
|
|
%% limitations under the License.
|
|
%%--------------------------------------------------------------------
|
|
|
|
-module(emqx_authz_test_lib).
|
|
|
|
-include("emqx_authz.hrl").
|
|
-include_lib("eunit/include/eunit.hrl").
|
|
|
|
-compile(nowarn_export_all).
|
|
-compile(export_all).
|
|
|
|
reset_authorizers() ->
|
|
reset_authorizers(deny, false, []).
|
|
|
|
restore_authorizers() ->
|
|
reset_authorizers(allow, true, []).
|
|
|
|
reset_authorizers(Nomatch, CacheEnabled, Source) ->
|
|
{ok, _} = emqx:update_config(
|
|
[authorization],
|
|
#{
|
|
<<"no_match">> => atom_to_binary(Nomatch),
|
|
<<"cache">> => #{<<"enable">> => CacheEnabled},
|
|
<<"sources">> => Source
|
|
}
|
|
),
|
|
ok.
|
|
%% Don't reset sources
|
|
reset_authorizers(Nomatch, CacheEnabled) ->
|
|
{ok, _} = emqx:update_config([<<"authorization">>, <<"no_match">>], Nomatch),
|
|
{ok, _} = emqx:update_config([<<"authorization">>, <<"cache">>, <<"enable">>], CacheEnabled),
|
|
ok.
|
|
|
|
setup_config(BaseConfig, SpecialParams) ->
|
|
Config = maps:merge(BaseConfig, SpecialParams),
|
|
case emqx_authz:update(?CMD_REPLACE, [Config]) of
|
|
{ok, _} -> ok;
|
|
{error, Reason} -> {error, Reason}
|
|
end.
|
|
|
|
%%--------------------------------------------------------------------
|
|
%% Table-based test helpers
|
|
%%--------------------------------------------------------------------
|
|
|
|
all_with_table_case(Mod, TableCase, Cases) ->
|
|
(emqx_common_test_helpers:all(Mod) -- [TableCase]) ++
|
|
[{group, Name} || Name <- case_names(Cases)].
|
|
|
|
table_groups(TableCase, Cases) ->
|
|
[{Name, [], [TableCase]} || Name <- case_names(Cases)].
|
|
|
|
case_names(Cases) ->
|
|
lists:map(fun(Case) -> maps:get(name, Case) end, Cases).
|
|
|
|
get_case(Name, Cases) ->
|
|
[Case] = [C || C <- Cases, maps:get(name, C) =:= Name],
|
|
Case.
|
|
|
|
setup_default_permission(Case) ->
|
|
DefaultPermission = maps:get(default_permission, Case, deny),
|
|
emqx_authz_test_lib:reset_authorizers(DefaultPermission, false).
|
|
|
|
base_client_info() ->
|
|
#{
|
|
clientid => <<"clientid">>,
|
|
username => <<"username">>,
|
|
peerhost => {127, 0, 0, 1},
|
|
zone => default,
|
|
listener => {tcp, default}
|
|
}.
|
|
|
|
client_info(Overrides) ->
|
|
maps:merge(base_client_info(), Overrides).
|
|
|
|
enable_features(Case) ->
|
|
Features = maps:get(features, Case, []),
|
|
lists:foreach(
|
|
fun(Feature) ->
|
|
Enable = lists:member(Feature, Features),
|
|
emqx_authz:set_feature_available(Feature, Enable)
|
|
end,
|
|
?AUTHZ_FEATURES
|
|
).
|
|
|
|
run_checks(#{checks := Checks} = Case) ->
|
|
_ = setup_default_permission(Case),
|
|
_ = enable_features(Case),
|
|
ClientInfoOverrides = maps:get(client_info, Case, #{}),
|
|
ClientInfo = client_info(ClientInfoOverrides),
|
|
lists:foreach(
|
|
fun(Check) ->
|
|
run_check(ClientInfo, Check)
|
|
end,
|
|
Checks
|
|
).
|
|
|
|
run_check(ClientInfo, Fun) when is_function(Fun, 0) ->
|
|
run_check(ClientInfo, Fun());
|
|
run_check(ClientInfo, {ExpectedPermission, Action, Topic}) ->
|
|
?assertEqual(
|
|
ExpectedPermission,
|
|
emqx_access_control:authorize(
|
|
ClientInfo,
|
|
Action,
|
|
Topic
|
|
)
|
|
).
|