161 lines
5.5 KiB
Erlang
161 lines
5.5 KiB
Erlang
%%--------------------------------------------------------------------
|
|
%% Copyright (c) 2020-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
|
|
%%
|
|
%% Licensed under the Apache License, Version 2.0 (the "License");
|
|
%% you may not use this file except in compliance with the License.
|
|
%% You may obtain a copy of the License at
|
|
%% http://www.apache.org/licenses/LICENSE-2.0
|
|
%%
|
|
%% Unless required by applicable law or agreed to in writing, software
|
|
%% distributed under the License is distributed on an "AS IS" BASIS,
|
|
%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
%% See the License for the specific language governing permissions and
|
|
%% limitations under the License.
|
|
%%--------------------------------------------------------------------
|
|
|
|
-module(emqx_authz_api_SUITE).
|
|
|
|
-compile(nowarn_export_all).
|
|
-compile(export_all).
|
|
|
|
% -include("emqx_authz.hrl").
|
|
% -include_lib("eunit/include/eunit.hrl").
|
|
% -include_lib("common_test/include/ct.hrl").
|
|
|
|
% -import(emqx_ct_http, [ request_api/3
|
|
% , request_api/5
|
|
% , get_http_data/1
|
|
% , create_default_app/0
|
|
% , delete_default_app/0
|
|
% , default_auth_header/0
|
|
% ]).
|
|
|
|
% -define(HOST, "http://127.0.0.1:8081/").
|
|
% -define(API_VERSION, "v4").
|
|
% -define(BASE_PATH, "api").
|
|
|
|
-define(CONF_DEFAULT, <<"""
|
|
authorization:{
|
|
rules: [
|
|
]
|
|
}
|
|
""">>).
|
|
|
|
all() ->
|
|
%% TODO: V5 API
|
|
%% emqx_ct:all(?MODULE).
|
|
[t_api_unit_test].
|
|
|
|
groups() ->
|
|
[].
|
|
|
|
init_per_suite(Config) ->
|
|
ok = emqx_config:init_load(emqx_authz_schema, ?CONF_DEFAULT),
|
|
ok = emqx_ct_helpers:start_apps([emqx_authz]),
|
|
|
|
%create_default_app(),
|
|
Config.
|
|
|
|
end_per_suite(_Config) ->
|
|
ok = emqx_authz:update(replace, []),
|
|
emqx_ct_helpers:stop_apps([emqx_authz]),
|
|
ok.
|
|
|
|
% set_special_configs(emqx) ->
|
|
% application:set_env(emqx, allow_anonymous, true),
|
|
% application:set_env(emqx, enable_authz_cache, false),
|
|
% ok;
|
|
% set_special_configs(emqx_authz) ->
|
|
% emqx_config:put([emqx_authz], #{rules => []}),
|
|
% ok;
|
|
|
|
% set_special_configs(emqx_management) ->
|
|
% emqx_config:put([emqx_management], #{listeners => [#{protocol => http, port => 8081}],
|
|
% applications =>[#{id => "admin", secret => "public"}]}),
|
|
% ok;
|
|
|
|
% set_special_configs(_App) ->
|
|
% ok.
|
|
|
|
% %%------------------------------------------------------------------------------
|
|
% %% Testcases
|
|
% %%------------------------------------------------------------------------------
|
|
|
|
t_api_unit_test(_Config) ->
|
|
%% TODO: Decode from JSON or HOCON, instead of hand-crafting decode result
|
|
Rule1 = #{<<"principal">> =>
|
|
#{<<"and">> => [#{<<"username">> => <<"^test?">>},
|
|
#{<<"clientid">> => <<"^test?">>}
|
|
]},
|
|
<<"action">> => <<"subscribe">>,
|
|
<<"topics">> => [<<"%u">>],
|
|
<<"permission">> => <<"allow">>
|
|
},
|
|
ok = emqx_authz_api:push_authz(#{}, Rule1),
|
|
[#{action := subscribe,
|
|
permission := allow,
|
|
principal :=
|
|
#{'and' := [#{username := <<"^test?">>},
|
|
#{clientid := <<"^test?">>}]},
|
|
topics := [<<"%u">>]}] = emqx_config:get([authorization, rules]).
|
|
|
|
% t_api(_Config) ->
|
|
% Rule1 = #{<<"principal">> =>
|
|
% #{<<"and">> => [#{<<"username">> => <<"^test?">>},
|
|
% #{<<"clientid">> => <<"^test?">>}
|
|
% ]},
|
|
% <<"action">> => <<"subscribe">>,
|
|
% <<"topics">> => [<<"%u">>],
|
|
% <<"permission">> => <<"allow">>
|
|
% },
|
|
% {ok, _} = request_http_rest_add(["authz/push"], #{rules => [Rule1]}),
|
|
% {ok, Result1} = request_http_rest_lookup(["authz"]),
|
|
% ?assertMatch([Rule1 | _ ], get_http_data(Result1)),
|
|
|
|
% Rule2 = #{<<"principal">> => #{<<"ipaddress">> => <<"127.0.0.1">>},
|
|
% <<"action">> => <<"publish">>,
|
|
% <<"topics">> => [#{<<"eq">> => <<"#">>},
|
|
% #{<<"eq">> => <<"+">>}
|
|
% ],
|
|
% <<"permission">> => <<"deny">>
|
|
% },
|
|
% {ok, _} = request_http_rest_add(["authz/append"], #{rules => [Rule2]}),
|
|
% {ok, Result2} = request_http_rest_lookup(["authz"]),
|
|
% ?assertEqual(Rule2#{<<"principal">> => #{<<"ipaddress">> => "127.0.0.1"}},
|
|
% lists:last(get_http_data(Result2))),
|
|
|
|
% {ok, _} = request_http_rest_update(["authz"], #{rules => []}),
|
|
% {ok, Result3} = request_http_rest_lookup(["authz"]),
|
|
% ?assertEqual([], get_http_data(Result3)),
|
|
% ok.
|
|
|
|
% %%--------------------------------------------------------------------
|
|
% %% HTTP Request
|
|
% %%--------------------------------------------------------------------
|
|
|
|
% request_http_rest_list(Path) ->
|
|
% request_api(get, uri(Path), default_auth_header()).
|
|
|
|
% request_http_rest_lookup(Path) ->
|
|
% request_api(get, uri([Path]), default_auth_header()).
|
|
|
|
% request_http_rest_add(Path, Params) ->
|
|
% request_api(post, uri(Path), [], default_auth_header(), Params).
|
|
|
|
% request_http_rest_update(Path, Params) ->
|
|
% request_api(put, uri([Path]), [], default_auth_header(), Params).
|
|
|
|
% request_http_rest_delete(Login) ->
|
|
% request_api(delete, uri([Login]), default_auth_header()).
|
|
|
|
% uri() -> uri([]).
|
|
% uri(Parts) when is_list(Parts) ->
|
|
% NParts = [b2l(E) || E <- Parts],
|
|
% ?HOST ++ filename:join([?BASE_PATH, ?API_VERSION | NParts]).
|
|
|
|
% %% @private
|
|
% b2l(B) when is_binary(B) ->
|
|
% binary_to_list(B);
|
|
% b2l(L) when is_list(L) ->
|
|
% L.
|