forked from dgiot/dgiot
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathemqx_access_control_SUITE.erl
81 lines (69 loc) · 3.25 KB
/
emqx_access_control_SUITE.erl
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
%%--------------------------------------------------------------------
%% Copyright (c) 2019-2021 EMQ Technologies Co., Ltd. All Rights Reserved.
%%
%% Licensed under the Apache License, Version 2.0 (the "License");
%% you may not use this file except in compliance with the License.
%% You may obtain a copy of the License at
%%
%% http://www.apache.org/licenses/LICENSE-2.0
%%
%% Unless required by applicable law or agreed to in writing, software
%% distributed under the License is distributed on an "AS IS" BASIS,
%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
%% See the License for the specific language governing permissions and
%% limitations under the License.
%%--------------------------------------------------------------------
-module(emqx_access_control_SUITE).
-compile(export_all).
-compile(nowarn_export_all).
-include_lib("emqx/include/emqx_mqtt.hrl").
-include_lib("eunit/include/eunit.hrl").
all() -> emqx_ct:all(?MODULE).
init_per_suite(Config) ->
emqx_ct_helpers:boot_modules([router, broker]),
emqx_ct_helpers:start_apps([]),
Config.
end_per_suite(_Config) ->
emqx_ct_helpers:stop_apps([]).
t_authenticate(_) ->
emqx_zone:set_env(zone, allow_anonymous, false),
?assertMatch({error, _}, emqx_access_control:authenticate(clientinfo())),
emqx_zone:set_env(zone, allow_anonymous, true),
?assertMatch({ok, _}, emqx_access_control:authenticate(clientinfo())).
t_check_acl(_) ->
emqx_zone:set_env(zone, acl_nomatch, deny),
application:set_env(emqx, enable_acl_cache, false),
Publish = ?PUBLISH_PACKET(?QOS_0, <<"t">>, 1, <<"payload">>),
?assertEqual(deny, emqx_access_control:check_acl(clientinfo(), Publish, <<"t">>)),
emqx_zone:set_env(zone, acl_nomatch, allow),
application:set_env(emqx, enable_acl_cache, true),
Publish = ?PUBLISH_PACKET(?QOS_0, <<"t">>, 1, <<"payload">>),
?assertEqual(allow, emqx_access_control:check_acl(clientinfo(), Publish, <<"t">>)).
t_bypass_auth_plugins(_) ->
AuthFun = fun(#{zone := bypass_zone}, AuthRes) ->
{stop, AuthRes#{auth_result => password_error}};
(#{zone := _}, AuthRes) ->
{stop, AuthRes#{auth_result => success}}
end,
ClientInfo = clientinfo(),
emqx_zone:set_env(bypass_zone, allow_anonymous, true),
emqx_zone:set_env(zone, allow_anonymous, false),
emqx_zone:set_env(bypass_zone, bypass_auth_plugins, true),
emqx:hook('client.authenticate', AuthFun, []),
?assertMatch({ok, _}, emqx_access_control:authenticate(ClientInfo#{zone => bypass_zone})),
?assertMatch({ok, _}, emqx_access_control:authenticate(ClientInfo)).
%%--------------------------------------------------------------------
%% Helper functions
%%--------------------------------------------------------------------
clientinfo() -> clientinfo(#{}).
clientinfo(InitProps) ->
maps:merge(#{zone => zone,
protocol => mqtt,
peerhost => {127,0,0,1},
clientid => <<"clientid">>,
username => <<"username">>,
password => <<"passwd">>,
is_superuser => false,
peercert => undefined,
mountpoint => undefined
}, InitProps).