Fix basic dynsec tests.

2025-05-09 01:01:11 +08:00 · 2020-11-05 23:48:11 +00:00 · 2020-11-05 23:48:11 +00:00 · 255ae24a6d
commit 255ae24a6d
parent c2651cf005
10 changed files with 368 additions and 186 deletions
--- a/test/broker/14-dynsec-client.py
+++ b/test/broker/14-dynsec-client.py
@ -2,6 +2,7 @@

 from mosq_test_helper import *
 import json
+import shutil

 def write_config(filename, port):
    with open(filename, 'w') as f:
@ -28,8 +29,8 @@ write_config(conf_file, port)
 add_client_command = { "commands": [{
            "command": "createClient", "username": "user_one",
            "password": "password", "clientid": "cid",
-            "textName": "Name", "textDescription": "Description",
-            "roleName": "", "correlationData": "2" }]
+            "textname": "Name", "textdescription": "Description",
+            "rolename": "", "correlationData": "2" }]
 }
 add_client_response = {'responses': [{'command': 'createClient', 'correlationData': '2'}]}
 add_client_repeat_response = {'responses':[{"command":"createClient","error":"Client already exists", "correlationData":"2"}]}
@ -37,20 +38,21 @@ add_client_repeat_response = {'responses':[{"command":"createClient","error":"Cl
 list_clients_command = { "commands": [{
            "command": "listClients", "verbose": False, "correlationData": "10"}]
 }
-list_clients_response = {'responses': [{"command": "listClients", "data":{"totalCount":1, "clients":["user_one"]},"correlationData":"10"}]}
+list_clients_response = {'responses': [{"command": "listClients", "data":{"totalCount":2, "clients":["admin", "user_one"]},"correlationData":"10"}]}

 list_clients_verbose_command = { "commands": [{
            "command": "listClients", "verbose": True, "correlationData": "20"}]
 }
-list_clients_verbose_response = {'responses':[{"command": "listClients", "data":{"totalCount":1, "clients":[
-    {"username":"user_one", "clientid":"cid", "textName":"Name", "textDescription":"Description",
-        "groups":[], "roles":[]}]}, "correlationData":"20"}]}
+list_clients_verbose_response = {'responses':[{"command": "listClients", "data":{"totalCount":2, "clients":[
+    {'username': 'admin', 'textname': 'Dynsec admin user', 'roles': [{'rolename': 'admin'}], 'groups': []},
+    {"username":"user_one", "clientid":"cid", "textname":"Name", "textdescription":"Description",
+        "roles":[], "groups":[]}]}, "correlationData":"20"}]}


 get_client_command = { "commands": [{
            "command": "getClient", "username": "user_one"}]}
 get_client_response = {'responses':[{'command': 'getClient', 'data': {'client': {'username': 'user_one', 'clientid': 'cid',
-            'textName': 'Name', 'textDescription': 'Description', 'groups': [], 'roles': []}}}]}
+            'textname': 'Name', 'textdescription': 'Description', 'groups': [], 'roles': []}}}]}

 set_client_password_command = {"commands": [{
    "command": "setClientPassword", "username": "user_one", "password": "password"}]}
@ -63,22 +65,18 @@ delete_client_response = {'responses':[{'command': 'deleteClient'}]}

 rc = 1
 keepalive = 10
-connect_packet = mosq_test.gen_connect("ctrl-test", keepalive=keepalive)
+connect_packet = mosq_test.gen_connect("ctrl-test", keepalive=keepalive, username="admin", password="admin")
 connack_packet = mosq_test.gen_connack(rc=0)

 mid = 2
-subscribe_packet = mosq_test.gen_subscribe(mid, "$CONTROL/#", 1)
+subscribe_packet = mosq_test.gen_subscribe(mid, "$CONTROL/dynamic-security/#", 1)
 suback_packet = mosq_test.gen_suback(mid, 1)

 try:
    os.mkdir(str(port))
-    with open("%d/dynamic-security.json" % port, 'w') as f:
-        f.write('{"defaultACLAction": {"publishClientSend":"allow", "publishClientReceive":"allow", "subscribe":"allow", "unsubscribe":"allow"}}')
+    shutil.copyfile("dynamic-security-init.json", "%d/dynamic-security.json" % (port))
 except FileExistsError:
-    try:
-        os.remove(f"{port}/dynamic-security.json")
-    except FileNotFoundError:
-        pass
+    pass

 broker = mosq_test.start_broker(filename=os.path.basename(__file__), use_conf=True, port=port)

--- a/test/broker/14-dynsec-disable-client.py
+++ b/test/broker/14-dynsec-disable-client.py
@ -0,0 +1,122 @@
+#!/usr/bin/env python3
+
+from mosq_test_helper import *
+import json
+import shutil
+
+def write_config(filename, port):
+    with open(filename, 'w') as f:
+        f.write("listener %d\n" % (port))
+        f.write("allow_anonymous true\n")
+        f.write("plugin ../../plugins/dynamic-security/mosquitto_dynamic_security.so\n")
+        f.write("plugin_opt_config_file %d/dynamic-security.json\n" % (port))
+
+def command_check(sock, command_payload, expected_response):
+    command_packet = mosq_test.gen_publish(topic="$CONTROL/dynamic-security/v1", qos=0, payload=json.dumps(command_payload))
+    sock.send(command_packet)
+    response = json.loads(mosq_test.read_publish(sock))
+    if response != expected_response:
+        print(expected_response)
+        print(response)
+        raise ValueError(response)
+
+
+
+port = mosq_test.get_port()
+conf_file = os.path.basename(__file__).replace('.py', '.conf')
+write_config(conf_file, port)
+
+add_client_command = { "commands": [{
+            "command": "createClient", "username": "user_one",
+            "password": "password", "clientid": "cid",
+            "textname": "Name", "textdescription": "Description",
+            "rolename": "", "correlationData": "2" }]
+}
+add_client_response = {'responses': [{'command': 'createClient', 'correlationData': '2'}]}
+add_client_repeat_response = {'responses':[{"command":"createClient","error":"Client already exists", "correlationData":"2"}]}
+
+get_client_command = { "commands": [{
+            "command": "getClient", "username": "user_one"}]}
+get_client_response1 = {'responses':[{'command': 'getClient', 'data': {'client': {'username': 'user_one', 'clientid': 'cid',
+    'textname': 'Name', 'textdescription': 'Description', 'groups': [], 'roles': []}}}]}
+get_client_response2 = {'responses':[{'command': 'getClient', 'data': {'client': {'username': 'user_one', 'clientid': 'cid',
+    'textname': 'Name', 'textdescription': 'Description', 'disabled':True, 'groups': [], 'roles': []}}}]}
+
+disable_client_command = { "commands": [{
+            "command": "disableClient", "username": "user_one"}]}
+disable_client_response = {'responses':[{'command': 'disableClient'}]}
+
+enable_client_command = { "commands": [{
+            "command": "enableClient", "username": "user_one"}]}
+enable_client_response = {'responses':[{'command': 'enableClient'}]}
+
+rc = 1
+keepalive = 10
+connect_packet = mosq_test.gen_connect("ctrl-test", keepalive=keepalive, username="admin", password="admin")
+connack_packet = mosq_test.gen_connack(rc=0)
+
+client_connect_packet = mosq_test.gen_connect("cid", keepalive=keepalive, username="user_one", password="password")
+client_connack_packet1 = mosq_test.gen_connack(rc=5)
+client_connack_packet2 = mosq_test.gen_connack(rc=0)
+
+mid = 2
+subscribe_packet = mosq_test.gen_subscribe(mid, "$CONTROL/dynamic-security/#", 1)
+suback_packet = mosq_test.gen_suback(mid, 1)
+
+try:
+    os.mkdir(str(port))
+    shutil.copyfile("dynamic-security-init.json", "%d/dynamic-security.json" % (port))
+except FileExistsError:
+    pass
+
+broker = mosq_test.start_broker(filename=os.path.basename(__file__), use_conf=True, port=port)
+
+try:
+    sock = mosq_test.do_client_connect(connect_packet, connack_packet, timeout=5, port=port)
+    mosq_test.do_send_receive(sock, subscribe_packet, suback_packet, "suback")
+
+    # Add client
+    command_check(sock, add_client_command, add_client_response)
+
+    # Get client
+    command_check(sock, get_client_command, get_client_response1)
+
+    # Disable client
+    command_check(sock, disable_client_command, disable_client_response)
+
+    # Get client - should be disabled
+    command_check(sock, get_client_command, get_client_response2)
+
+    # Try to log in - should fail
+    client_sock = mosq_test.do_client_connect(client_connect_packet, client_connack_packet1, timeout=5, port=port)
+
+    # Enable client
+    command_check(sock, enable_client_command, enable_client_response)
+
+    # Get client - should be enabled
+    command_check(sock, get_client_command, get_client_response1)
+
+    # Try to log in - should succeed
+    client_sock = mosq_test.do_client_connect(client_connect_packet, client_connack_packet2, timeout=5, port=port)
+    client_sock.close()
+
+    rc = 0
+
+    sock.close()
+except mosq_test.TestError:
+    pass
+finally:
+    os.remove(conf_file)
+    try:
+        os.remove(f"{port}/dynamic-security.json")
+    except FileNotFoundError:
+        pass
+    os.rmdir(f"{port}")
+    broker.terminate()
+    broker.wait()
+    (stdo, stde) = broker.communicate()
+    if rc:
+        print(stde.decode('utf-8'))
+
+
+exit(rc)
--- a/test/broker/14-dynsec-group.py
+++ b/test/broker/14-dynsec-group.py
@ -2,6 +2,7 @@

 from mosq_test_helper import *
 import json
+import shutil

 def write_config(filename, port):
    with open(filename, 'w') as f:
@ -28,13 +29,13 @@ write_config(conf_file, port)
 create_client_command = { "commands": [{
            "command": "createClient", "username": "user_one",
            "password": "password", "clientid": "cid",
-            "textName": "Name", "textDescription": "Description",
+            "textname": "Name", "textdescription": "Description",
            "roleName": "", "correlationData": "2" }]}
 create_client_response = {'responses':[{"command":"createClient","correlationData":"2"}]}

 create_group_command = { "commands": [{
-            "command": "createGroup", "groupName": "group_one",
-            "textName": "Name", "textDescription": "Description",
+            "command": "createGroup", "groupname": "group_one",
+            "textname": "Name", "textdescription": "Description",
            "correlationData":"3"}]}
 create_group_response = {'responses':[{"command":"createGroup","correlationData":"3"}]}
 create_group_repeat_response = {'responses':[{"command":"createGroup","error":"Group already exists","correlationData":"3"}]}
@ -46,50 +47,47 @@ list_groups_response = {'responses':[{"command": "listGroups", "data":{"totalCou
 list_groups_verbose_command = { "commands": [{
            "command": "listGroups", "verbose": True, "correlationData": "15"}]}
 list_groups_verbose_response = {'responses':[{'command': 'listGroups', 'data': {"totalCount":1, 'groups':
-            [{'groupName': 'group_one', 'textName': 'Name', 'textDescription': 'Description', 'clients': [
+            [{'groupname': 'group_one', 'textname': 'Name', 'textdescription': 'Description', 'clients': [
                {"username":"user_one"}], "roles":[]}]},
            'correlationData': '15'}]}

 list_clients_verbose_command = { "commands": [{
            "command": "listClients", "verbose": True, "correlationData": "20"}]}
-list_clients_verbose_response = {'responses':[{"command": "listClients", "data":{"totalCount":1, "clients":[
-            {"username":"user_one", "clientid":"cid", "textName":"Name", "textDescription":"Description",
-            "groups":[{"groupName":"group_one"}], "roles":[]}]}, "correlationData":"20"}]}
+list_clients_verbose_response = {'responses':[{"command": "listClients", "data":{"totalCount":2, "clients":[
+            {'username': 'admin', 'textname': 'Dynsec admin user', 'roles': [{'rolename': 'admin'}], 'groups': []},
+            {"username":"user_one", "clientid":"cid", "textname":"Name", "textdescription":"Description",
+            "groups":[{"groupname":"group_one"}], "roles":[]}]}, "correlationData":"20"}]}

-get_group_command = { "commands": [{"command": "getGroup", "groupName":"group_one"}]}
-get_group_response = {'responses':[{'command': 'getGroup', 'data': {'group': {'groupName': 'group_one',
-            'textName':'Name', 'textDescription':'Description', 'clients': [{"username":"user_one"}], 'roles': []}}}]}
+get_group_command = { "commands": [{"command": "getGroup", "groupname":"group_one"}]}
+get_group_response = {'responses':[{'command': 'getGroup', 'data': {'group': {'groupname': 'group_one',
+            'textname':'Name', 'textdescription':'Description', 'clients': [{"username":"user_one"}], 'roles': []}}}]}

 add_client_to_group_command = {"commands": [{"command":"addGroupClient", "username":"user_one",
-            "groupName": "group_one", "correlationData":"1234"}]}
+            "groupname": "group_one", "correlationData":"1234"}]}
 add_client_to_group_response = {'responses':[{'command': 'addGroupClient', 'correlationData': '1234'}]}

 remove_client_from_group_command = {"commands": [{"command":"removeGroupClient", "username":"user_one",
-            "groupName": "group_one", "correlationData":"4321"}]}
+            "groupname": "group_one", "correlationData":"4321"}]}
 remove_client_from_group_response = {'responses':[{'command': 'removeGroupClient', 'correlationData': '4321'}]}

-delete_group_command = {"commands": [{"command":"deleteGroup", "groupName":"group_one", "correlationData":"5678"}]}
+delete_group_command = {"commands": [{"command":"deleteGroup", "groupname":"group_one", "correlationData":"5678"}]}
 delete_group_response = {'responses':[{"command":"deleteGroup", "correlationData":"5678"}]}


 rc = 1
 keepalive = 10
-connect_packet = mosq_test.gen_connect("ctrl-test", keepalive=keepalive)
+connect_packet = mosq_test.gen_connect("ctrl-test", keepalive=keepalive, username="admin", password="admin")
 connack_packet = mosq_test.gen_connack(rc=0)

 mid = 2
-subscribe_packet = mosq_test.gen_subscribe(mid, "$CONTROL/#", 1)
+subscribe_packet = mosq_test.gen_subscribe(mid, "$CONTROL/dynamic-security/#", 1)
 suback_packet = mosq_test.gen_suback(mid, 1)

 try:
    os.mkdir(str(port))
-    with open("%d/dynamic-security.json" % port, 'w') as f:
-        f.write('{"defaultACLAction": {"publishClientSend":"allow", "publishClientReceive":"allow", "subscribe":"allow", "unsubscribe":"allow"}}')
+    shutil.copyfile("dynamic-security-init.json", "%d/dynamic-security.json" % (port))
 except FileExistsError:
-    try:
-        os.remove(f"{port}/dynamic-security.json")
-    except FileNotFoundError:
-        pass
+    pass

 broker = mosq_test.start_broker(filename=os.path.basename(__file__), use_conf=True, port=port)

--- a/test/broker/14-dynsec-modify-client.py
+++ b/test/broker/14-dynsec-modify-client.py
@ -2,6 +2,7 @@

 from mosq_test_helper import *
 import json
+import shutil

 def write_config(filename, port):
    with open(filename, 'w') as f:
@ -29,20 +30,20 @@ write_config(conf_file, port)
 create_client_command = { "commands": [{
            "command": "createClient", "username": "user_one",
            "password": "password", "clientid": "cid",
-            "textName": "Name", "textDescription": "Description",
+            "textname": "Name", "textdescription": "Description",
            "correlationData": "2" }]
 }
 create_client_response = {'responses': [{'command': 'createClient', 'correlationData': '2'}]}

 create_groups_command = { "commands": [
    {
-        "command": "createGroup", "groupName": "group_one",
-        "textName": "Name", "textDescription": "Description",
+        "command": "createGroup", "groupname": "group_one",
+        "textname": "Name", "textdescription": "Description",
        "correlationData": "12"
    },
    {
-        "command": "createGroup", "groupName": "group_two",
-        "textName": "Name", "textDescription": "Description",
+        "command": "createGroup", "groupname": "group_two",
+        "textname": "Name", "textdescription": "Description",
        "correlationData": "13"
    }
    ]
@ -54,18 +55,18 @@ create_groups_response = {'responses': [

 create_roles_command = { "commands": [
    {
-        "command": "createRole", "roleName": "role_one",
-        "textName": "Name", "textDescription": "Description",
+        "command": "createRole", "rolename": "role_one",
+        "textname": "Name", "textdescription": "Description",
        "acls":[], "correlationData": "21"
    },
    {
-        "command": "createRole", "roleName": "role_two",
-        "textName": "Name", "textDescription": "Description",
+        "command": "createRole", "rolename": "role_two",
+        "textname": "Name", "textdescription": "Description",
        "acls":[], "correlationData": "22"
    },
    {
-        "command": "createRole", "roleName": "role_three",
-        "textName": "Name", "textDescription": "Description",
+        "command": "createRole", "rolename": "role_three",
+        "textname": "Name", "textdescription": "Description",
        "acls":[], "correlationData": "23"
    }
    ]
@ -78,15 +79,15 @@ create_roles_response = {'responses': [

 modify_client_command1 = { "commands": [{
    "command": "modifyClient", "username": "user_one",
-    "textName": "Modified name", "textDescription": "Modified description",
+    "textname": "Modified name", "textdescription": "Modified description",
    "roles":[
-        {'roleName':'role_one', 'priority':2},
-        {'roleName':'role_two'},
-        {'roleName':'role_three', 'priority':10}
+        {'rolename':'role_one', 'priority':2},
+        {'rolename':'role_two'},
+        {'rolename':'role_three', 'priority':10}
    ],
    "groups":[
-        {'groupName':'group_one', 'priority':3},
-        {'groupName':'group_two', 'priority':8}
+        {'groupname':'group_one', 'priority':3},
+        {'groupname':'group_two', 'priority':8}
    ],
    "correlationData": "3" }]
 }
@ -94,7 +95,7 @@ modify_client_response1 = {'responses': [{'command': 'modifyClient', 'correlatio

 modify_client_command2 = { "commands": [{
    "command": "modifyClient", "username": "user_one",
-    "textName": "Modified name", "textDescription": "Modified description",
+    "textname": "Modified name", "textdescription": "Modified description",
    "groups":[],
    "correlationData": "4" }]
 }
@ -104,41 +105,41 @@ modify_client_response2 = {'responses': [{'command': 'modifyClient', 'correlatio
 get_client_command1 = { "commands": [{
    "command": "getClient", "username": "user_one"}]}
 get_client_response1 = {'responses':[{'command': 'getClient', 'data': {'client': {'username': 'user_one', 'clientid': 'cid',
-    'textName': 'Name', 'textDescription': 'Description',
-    'groups': [],
+    'textname': 'Name', 'textdescription': 'Description',
    'roles': [],
+    'groups': [],
    }}}]}

 get_client_command2 = { "commands": [{
    "command": "getClient", "username": "user_one"}]}
 get_client_response2 = {'responses':[{'command': 'getClient', 'data': {'client': {'username': 'user_one', 'clientid': 'cid',
-    'textName': 'Modified name', 'textDescription': 'Modified description',
-    'groups': [
-        {'groupName':'group_two', 'priority':8},
-        {'groupName':'group_one', 'priority':3}
-    ],
+    'textname': 'Modified name', 'textdescription': 'Modified description',
    'roles': [
-        {'roleName':'role_three', 'priority':10},
-        {'roleName':'role_one', 'priority':2},
-        {'roleName':'role_two'}
+        {'rolename':'role_three', 'priority':10},
+        {'rolename':'role_one', 'priority':2},
+        {'rolename':'role_two'}
+    ],
+    'groups': [
+        {'groupname':'group_two', 'priority':8},
+        {'groupname':'group_one', 'priority':3}
    ]}}}]}

 get_client_command3 = { "commands": [{
            "command": "getClient", "username": "user_one"}]}
 get_client_response3 = {'responses':[{'command': 'getClient', 'data': {'client': {'username': 'user_one', 'clientid': 'cid',
-    'textName': 'Modified name', 'textDescription': 'Modified description',
+    'textname': 'Modified name', 'textdescription': 'Modified description',
    'groups': [],
    'roles': [
-        {'roleName':'role_three', 'priority':10},
-        {'roleName':'role_one', 'priority':2},
-        {'roleName':'role_two'}
+        {'rolename':'role_three', 'priority':10},
+        {'rolename':'role_one', 'priority':2},
+        {'rolename':'role_two'}
    ]}}}]}



 rc = 1
 keepalive = 10
-connect_packet = mosq_test.gen_connect("ctrl-test", keepalive=keepalive)
+connect_packet = mosq_test.gen_connect("ctrl-test", keepalive=keepalive, username="admin", password="admin")
 connack_packet = mosq_test.gen_connack(rc=0)

 mid = 2
@ -147,13 +148,9 @@ suback_packet = mosq_test.gen_suback(mid, 1)

 try:
    os.mkdir(str(port))
-    with open("%d/dynamic-security.json" % port, 'w') as f:
-        f.write('{"defaultACLAction": {"publishClientSend":"allow", "publishClientReceive":"allow", "subscribe":"allow", "unsubscribe":"allow"}}')
+    shutil.copyfile("dynamic-security-init.json", "%d/dynamic-security.json" % (port))
 except FileExistsError:
-    try:
-        os.remove(f"{port}/dynamic-security.json")
-    except FileNotFoundError:
-        pass
+    pass

 broker = mosq_test.start_broker(filename=os.path.basename(__file__), use_conf=True, port=port)

--- a/test/broker/14-dynsec-modify-group.py
+++ b/test/broker/14-dynsec-modify-group.py
@ -2,6 +2,7 @@

 from mosq_test_helper import *
 import json
+import shutil

 def write_config(filename, port):
    with open(filename, 'w') as f:
@ -29,27 +30,27 @@ write_config(conf_file, port)
 create_client_command = { "commands": [{
            "command": "createClient", "username": "user_one",
            "password": "password", "clientid": "cid",
-            "textName": "Name", "textDescription": "Description",
+            "textname": "Name", "textdescription": "Description",
            "correlationData": "2" }]
 }
 create_client_response = {'responses': [{'command': 'createClient', 'correlationData': '2'}]}

 create_group_command = { "commands": [{
-    "command": "createGroup", "groupName": "group_one",
-    "textName": "Name", "textDescription": "Description",
-    "roleName": "", "correlationData": "2" }]
+    "command": "createGroup", "groupname": "group_one",
+    "textname": "Name", "textdescription": "Description",
+    "rolename": "", "correlationData": "2" }]
 }
 create_group_response = {'responses': [{'command': 'createGroup', 'correlationData': '2'}]}

 create_role_command = { "commands": [
    {
-        "command": "createRole", "roleName": "role_one",
-        "textName": "Name", "textDescription": "Description",
+        "command": "createRole", "rolename": "role_one",
+        "textname": "Name", "textdescription": "Description",
        "acls":[], "correlationData": "2"
    },
    {
-        "command": "createRole", "roleName": "role_two",
-        "textName": "Name", "textDescription": "Description",
+        "command": "createRole", "rolename": "role_two",
+        "textname": "Name", "textdescription": "Description",
        "acls":[], "correlationData": "3"
    }
    ]
@ -60,20 +61,20 @@ create_role_response = {'responses': [
    ]}

 modify_group_command1 = { "commands": [{
-    "command": "modifyGroup", "groupName": "group_one",
-    "textName": "Modified name", "textDescription": "Modified description",
-    "roles":[{'roleName':'role_one'}],
+    "command": "modifyGroup", "groupname": "group_one",
+    "textname": "Modified name", "textdescription": "Modified description",
+    "roles":[{'rolename':'role_one'}],
    "clients":[{'username':'user_one'}],
    "correlationData": "3" }]
 }
 modify_group_response1 = {'responses': [{'command': 'modifyGroup', 'correlationData': '3'}]}

 modify_group_command2 = { "commands": [{
-    "command": "modifyGroup", "groupName": "group_one",
-    "textName": "Modified name", "textDescription": "Modified description",
+    "command": "modifyGroup", "groupname": "group_one",
+    "textname": "Modified name", "textdescription": "Modified description",
    "roles":[
-        {'roleName':'role_one', 'priority':99},
-        {'roleName':'role_two', 'priority':87}
+        {'rolename':'role_one', 'priority':99},
+        {'rolename':'role_two', 'priority':87}
    ],
    "clients":[],
    "correlationData": "3" }]
@ -81,8 +82,8 @@ modify_group_command2 = { "commands": [{
 modify_group_response2 = {'responses': [{'command': 'modifyGroup', 'correlationData': '3'}]}

 modify_group_command3 = { "commands": [{
-    "command": "modifyGroup", "groupName": "group_one",
-    "textName": "Modified name", "textDescription": "Modified description",
+    "command": "modifyGroup", "groupname": "group_one",
+    "textname": "Modified name", "textdescription": "Modified description",
    "roles":[],
    "clients":[],
    "correlationData": "3" }]
@ -91,33 +92,33 @@ modify_group_response3 = {'responses': [{'command': 'modifyGroup', 'correlationD


 get_group_command1 = { "commands": [{
-    "command": "getGroup", "groupName": "group_one"}]}
-get_group_response1 = {'responses':[{'command': 'getGroup', 'data': {'group': {'groupName': 'group_one',
-    'textName': 'Name', 'textDescription': 'Description',
+    "command": "getGroup", "groupname": "group_one"}]}
+get_group_response1 = {'responses':[{'command': 'getGroup', 'data': {'group': {'groupname': 'group_one',
+    'textname': 'Name', 'textdescription': 'Description',
    'clients':[],
    'roles': []}}}]}

 get_group_command2 = { "commands": [{
-    "command": "getGroup", "groupName": "group_one"}]}
-get_group_response2 = {'responses':[{'command': 'getGroup', 'data': {'group': {'groupName': 'group_one',
-    'textName': 'Modified name', 'textDescription': 'Modified description',
+    "command": "getGroup", "groupname": "group_one"}]}
+get_group_response2 = {'responses':[{'command': 'getGroup', 'data': {'group': {'groupname': 'group_one',
+    'textname': 'Modified name', 'textdescription': 'Modified description',
    'clients':[{'username':'user_one'}],
-    'roles': [{'roleName':'role_one'}]}}}]}
+    'roles': [{'rolename':'role_one'}]}}}]}

 get_group_command3 = { "commands": [{
-    "command": "getGroup", "groupName": "group_one"}]}
-get_group_response3 = {'responses':[{'command': 'getGroup', 'data': {'group': {'groupName': 'group_one',
-    'textName': 'Modified name', 'textDescription': 'Modified description',
+    "command": "getGroup", "groupname": "group_one"}]}
+get_group_response3 = {'responses':[{'command': 'getGroup', 'data': {'group': {'groupname': 'group_one',
+    'textname': 'Modified name', 'textdescription': 'Modified description',
    'clients':[],
    'roles': [
-        {'roleName':'role_one', 'priority':99},
-        {'roleName':'role_two', 'priority':87}
+        {'rolename':'role_one', 'priority':99},
+        {'rolename':'role_two', 'priority':87}
    ]}}}]}

 get_group_command4 = { "commands": [{
-    "command": "getGroup", "groupName": "group_one"}]}
-get_group_response4 = {'responses':[{'command': 'getGroup', 'data': {'group': {'groupName': 'group_one',
-    'textName': 'Modified name', 'textDescription': 'Modified description',
+    "command": "getGroup", "groupname": "group_one"}]}
+get_group_response4 = {'responses':[{'command': 'getGroup', 'data': {'group': {'groupname': 'group_one',
+    'textname': 'Modified name', 'textdescription': 'Modified description',
    'clients':[],
    'roles': []}}}]}

@ -125,7 +126,7 @@ get_group_response4 = {'responses':[{'command': 'getGroup', 'data': {'group': {'

 rc = 1
 keepalive = 10
-connect_packet = mosq_test.gen_connect("ctrl-test", keepalive=keepalive)
+connect_packet = mosq_test.gen_connect("ctrl-test", keepalive=keepalive, username="admin", password="admin")
 connack_packet = mosq_test.gen_connack(rc=0)

 mid = 2
@ -134,13 +135,9 @@ suback_packet = mosq_test.gen_suback(mid, 1)

 try:
    os.mkdir(str(port))
-    with open("%d/dynamic-security.json" % port, 'w') as f:
-        f.write('{"defaultACLAction": {"publishClientSend":"allow", "publishClientReceive":"allow", "subscribe":"allow", "unsubscribe":"allow"}}')
+    shutil.copyfile("dynamic-security-init.json", "%d/dynamic-security.json" % (port))
 except FileExistsError:
-    try:
-        os.remove(f"{port}/dynamic-security.json")
-    except FileNotFoundError:
-        pass
+    pass

 broker = mosq_test.start_broker(filename=os.path.basename(__file__), use_conf=True, port=port)

--- a/test/broker/14-dynsec-modify-role.py
+++ b/test/broker/14-dynsec-modify-role.py
@ -2,6 +2,7 @@

 from mosq_test_helper import *
 import json
+import shutil

 def write_config(filename, port):
    with open(filename, 'w') as f:
@ -26,17 +27,17 @@ conf_file = os.path.basename(__file__).replace('.py', '.conf')
 write_config(conf_file, port)

 create_role_command = { "commands": [{
-    "command": "createRole", "roleName": "role_one",
-    "textName": "Name", "textDescription": "Description",
+    "command": "createRole", "rolename": "role_one",
+    "textname": "Name", "textdescription": "Description",
    "acls":[
        {
-            "aclType": "publishClientSend",
+            "acltype": "publishClientSend",
            "allow": True,
            "topic": "topic/#",
            "priority": 8
        },
        {
-            "aclType": "publishClientSend",
+            "acltype": "publishClientSend",
            "allow": True,
            "topic": "topic/2/#",
            "priority": 9
@ -46,25 +47,25 @@ create_role_command = { "commands": [{
 create_role_response = {'responses': [{'command': 'createRole', 'correlationData': '2'}]}

 modify_role_command = { "commands": [{
-    "command": "modifyRole", "roleName": "role_one",
-    "textName": "Modified name", "textDescription": "Modified description",
+    "command": "modifyRole", "rolename": "role_one",
+    "textname": "Modified name", "textdescription": "Modified description",
    "correlationData": "3" }]
 }
 modify_role_response = {'responses': [{'command': 'modifyRole', 'correlationData': '3'}]}


-get_role_command1 = { "commands": [{"command": "getRole", "roleName": "role_one"}]}
-get_role_response1 = {'responses':[{'command': 'getRole', 'data': {'role': {'roleName': 'role_one',
-    'textName': 'Name', 'textDescription': 'Description',
+get_role_command1 = { "commands": [{"command": "getRole", "rolename": "role_one"}]}
+get_role_response1 = {'responses':[{'command': 'getRole', 'data': {'role': {'rolename': 'role_one',
+    'textname': 'Name', 'textdescription': 'Description',
    'acls': [
        {
-            "aclType": "publishClientSend",
+            "acltype": "publishClientSend",
            "topic": "topic/2/#",
            "allow": True,
            "priority": 9
        },
        {
-            "aclType": "publishClientSend",
+            "acltype": "publishClientSend",
            "topic": "topic/#",
            "allow": True,
            "priority": 8
@ -72,18 +73,18 @@ get_role_response1 = {'responses':[{'command': 'getRole', 'data': {'role': {'rol
    ]}}}]}

 get_role_command2 = { "commands": [{
-    "command": "getRole", "roleName": "role_one"}]}
-get_role_response2 = {'responses':[{'command': 'getRole', 'data': {'role': {'roleName': 'role_one',
-    'textName': 'Modified name', 'textDescription': 'Modified description',
+    "command": "getRole", "rolename": "role_one"}]}
+get_role_response2 = {'responses':[{'command': 'getRole', 'data': {'role': {'rolename': 'role_one',
+    'textname': 'Modified name', 'textdescription': 'Modified description',
    'acls': [
        {
-            "aclType": "publishClientSend",
+            "acltype": "publishClientSend",
            "topic": "topic/2/#",
            "allow": True,
            "priority": 9
        },
        {
-            "aclType": "publishClientSend",
+            "acltype": "publishClientSend",
            "topic": "topic/#",
            "allow": True,
            "priority": 8
@ -92,7 +93,7 @@ get_role_response2 = {'responses':[{'command': 'getRole', 'data': {'role': {'rol

 rc = 1
 keepalive = 10
-connect_packet = mosq_test.gen_connect("ctrl-test", keepalive=keepalive)
+connect_packet = mosq_test.gen_connect("ctrl-test", keepalive=keepalive, username="admin", password="admin")
 connack_packet = mosq_test.gen_connack(rc=0)

 mid = 2
@ -101,13 +102,9 @@ suback_packet = mosq_test.gen_suback(mid, 1)

 try:
    os.mkdir(str(port))
-    with open("%d/dynamic-security.json" % port, 'w') as f:
-        f.write('{"defaultACLAction": {"publishClientSend":"allow", "publishClientReceive":"allow", "subscribe":"allow", "unsubscribe":"allow"}}')
+    shutil.copyfile("dynamic-security-init.json", "%d/dynamic-security.json" % (port))
 except FileExistsError:
-    try:
-        os.remove(f"{port}/dynamic-security.json")
-    except FileNotFoundError:
-        pass
+    pass

 broker = mosq_test.start_broker(filename=os.path.basename(__file__), use_conf=True, port=port)

--- a/test/broker/14-dynsec-role.py
+++ b/test/broker/14-dynsec-role.py
@ -2,6 +2,7 @@

 from mosq_test_helper import *
 import json
+import shutil

 def write_config(filename, port):
    with open(filename, 'w') as f:
@ -29,30 +30,30 @@ write_config(conf_file, port)
 create_client_command = { "commands": [{
    "command": "createClient", "username": "user_one",
    "password": "password", "clientid": "cid",
-    "textName": "Name", "textDescription": "Description",
-    "roleName": "", "correlationData": "2" }]
+    "textname": "Name", "textdescription": "Description",
+    "rolename": "", "correlationData": "2" }]
 }
 create_client_response = {'responses': [{'command': 'createClient', 'correlationData': '2'}]}

 create_group_command = { "commands": [{
-            "command": "createGroup", "groupName": "group_one",
-            "textName": "Name", "textDescription": "Description",
+            "command": "createGroup", "groupname": "group_one",
+            "textname": "Name", "textdescription": "Description",
            "correlationData":"3"}]}
 create_group_response = {'responses':[{"command":"createGroup","correlationData":"3"}]}

 create_role_command = { "commands": [{'command': 'createRole', 'correlationData': '3',
-    "roleName": "basic", "acls":[
-    {"aclType":"publishClientSend", "topic": "out/#", "priority":3, "allow": True}], "textName":"name", "textDescription":"desc"
+    "rolename": "basic", "acls":[
+    {"acltype":"publishClientSend", "topic": "out/#", "priority":3, "allow": True}], "textname":"name", "textdescription":"desc"
    }]}
 create_role_response = {'responses': [{'command': 'createRole', 'correlationData': '3'}]}


 add_role_to_client_command = {"commands": [{'command': 'addClientRole', "username": "user_one",
-    "roleName": "basic"}]}
+    "rolename": "basic"}]}
 add_role_to_client_response = {'responses': [{'command': 'addClientRole'}]}

-add_role_to_group_command = {"commands": [{'command': 'addGroupRole', "groupName": "group_one",
-    "roleName": "basic"}]}
+add_role_to_group_command = {"commands": [{'command': 'addGroupRole', "groupname": "group_one",
+    "rolename": "basic"}]}
 add_role_to_group_response = {'responses': [{'command': 'addGroupRole'}]}


@ -60,63 +61,83 @@ list_roles_verbose_command1 = { "commands": [{
    "command": "listRoles", "verbose": True, "correlationData": "21"}]
 }
 list_roles_verbose_response1 = {'responses': [{'command': 'listRoles', 'data':
-    {'totalCount':1, 'roles': [{'roleName': 'basic', "textName": "name", "textDescription": "desc",
-    'acls': [{'aclType':'publishClientSend', 'topic': 'out/#', 'priority': 3, 'allow': True}]
+    {'totalCount':2, 'roles': [
+    {"rolename":"admin","acls":[
+    {"acltype": "publishClientSend", "topic": "$CONTROL/dynamic-security/#", "priority":0, "allow": True },
+    {"acltype": "publishClientReceive", "topic": "$CONTROL/dynamic-security/#", "priority":0, "allow": True },
+    {"acltype": "publishClientReceive", "topic": "$SYS/#", "priority":0, "allow": True },
+    {"acltype": "publishClientReceive", "topic": "#", "priority":0, "allow": True },
+    {"acltype": "subscribePattern", "topic": "$CONTROL/dynamic-security/#", "priority":0, "allow": True },
+    {"acltype": "subscribePattern", "topic": "$SYS/#", "priority":0, "allow": True },
+    {"acltype": "subscribePattern", "topic": "#", "priority":0, "allow": True},
+    {"acltype": "unsubscribePattern", "topic": "#", "priority":0, "allow": True}]},
+    {'rolename': 'basic', "textname": "name", "textdescription": "desc",
+    'acls': [{'acltype':'publishClientSend', 'topic': 'out/#', 'priority': 3, 'allow': True}]
    }]}, 'correlationData': '21'}]}

-add_acl_command = {"commands": [{'command': "addRoleACL", "roleName":"basic", "aclType":"subscribeLiteral",
+add_acl_command = {"commands": [{'command': "addRoleACL", "rolename":"basic", "acltype":"subscribeLiteral",
    "topic":"basic/out", "priority":1, "allow":True}]}
 add_acl_response = {'responses': [{'command': 'addRoleACL'}]}

 list_roles_verbose_command2 = { "commands": [{
    "command": "listRoles", "verbose": True, "correlationData": "22"}]
 }
-list_roles_verbose_response2 = {'responses': [{'command': 'listRoles', 'data': {'totalCount':1, 'roles':
-    [{'roleName': 'basic', 'textName': 'name', 'textDescription': 'desc', 'acls':
-    [{'aclType':'publishClientSend', 'topic': 'out/#', 'priority': 3, 'allow': True},
-    {'aclType':'subscribeLiteral', 'topic': 'basic/out', 'priority': 1, 'allow': True}],
+list_roles_verbose_response2 = {'responses': [{'command': 'listRoles', 'data': {'totalCount':2, 'roles':
+    [{"rolename":"admin","acls":[
+    {"acltype": "publishClientSend", "topic": "$CONTROL/dynamic-security/#", "priority":0, "allow": True },
+    {"acltype": "publishClientReceive", "topic": "$CONTROL/dynamic-security/#", "priority":0, "allow": True },
+    {"acltype": "publishClientReceive", "topic": "$SYS/#", "priority":0, "allow": True },
+    {"acltype": "publishClientReceive", "topic": "#", "priority":0, "allow": True },
+    {"acltype": "subscribePattern", "topic": "$CONTROL/dynamic-security/#", "priority":0, "allow": True },
+    {"acltype": "subscribePattern", "topic": "$SYS/#", "priority":0, "allow": True },
+    {"acltype": "subscribePattern", "topic": "#", "priority":0, "allow": True},
+    {"acltype": "unsubscribePattern", "topic": "#", "priority":0, "allow": True}]},
+    {'rolename': 'basic', 'textname': 'name', 'textdescription': 'desc', 'acls':
+    [{'acltype':'publishClientSend', 'topic': 'out/#', 'priority': 3, 'allow': True},
+    {'acltype':'subscribeLiteral', 'topic': 'basic/out', 'priority': 1, 'allow': True}],
    }]}, 'correlationData': '22'}]}

-get_role_command = {"commands": [{'command': "getRole", "roleName":"basic"}]}
+get_role_command = {"commands": [{'command': "getRole", "rolename":"basic"}]}
 get_role_response = {'responses': [{'command': 'getRole', 'data': {'role':
-    {'roleName': 'basic', 'textName': 'name', 'textDescription': 'desc', 'acls':
-    [{'aclType':'publishClientSend', 'topic': 'out/#', 'priority': 3, 'allow': True},
-    {'aclType':'subscribeLiteral', 'topic': 'basic/out', 'priority': 1, 'allow': True}],
+    {'rolename': 'basic', 'textname': 'name', 'textdescription': 'desc', 'acls':
+    [{'acltype':'publishClientSend', 'topic': 'out/#', 'priority': 3, 'allow': True},
+    {'acltype':'subscribeLiteral', 'topic': 'basic/out', 'priority': 1, 'allow': True}],
    }}}]}

-remove_acl_command = {"commands": [{'command': "removeRoleACL", "roleName":"basic", "aclType":"subscribeLiteral",
+remove_acl_command = {"commands": [{'command': "removeRoleACL", "rolename":"basic", "acltype":"subscribeLiteral",
    "topic":"basic/out"}]}
 remove_acl_response = {'responses': [{'command': 'removeRoleACL'}]}

-delete_role_command = {"commands": [{'command': "deleteRole", "roleName":"basic"}]}
+delete_role_command = {"commands": [{'command': "deleteRole", "rolename":"basic"}]}
 delete_role_response = {"responses": [{"command": "deleteRole"}]}

 list_clients_verbose_command = { "commands": [{
    "command": "listClients", "verbose": True, "correlationData": "20"}]
 }
-list_clients_verbose_response = {'responses':[{"command": "listClients", "data":{'totalCount':1, "clients":[
-    {"username":"user_one", "clientid":"cid", "textName":"Name", "textDescription":"Description",
-    "groups":[], "roles":[{'roleName':'basic'}]}]}, "correlationData":"20"}]}
+list_clients_verbose_response = {'responses':[{"command": "listClients", "data":{'totalCount':2, "clients":[
+    {'username': 'admin', 'textname': 'Dynsec admin user', 'roles': [{'rolename': 'admin'}], 'groups': []},
+    {"username":"user_one", "clientid":"cid", "textname":"Name", "textdescription":"Description",
+    "groups":[], "roles":[{'rolename':'basic'}]}]}, "correlationData":"20"}]}

 list_groups_verbose_command = { "commands": [{
    "command": "listGroups", "verbose": True, "correlationData": "20"}]
 }
 list_groups_verbose_response = {'responses':[{"command": "listGroups", "data":{'totalCount':1, "groups":[
-    {"groupName":"group_one", "textName":"Name", "textDescription":"Description",
-    "clients":[], "roles":[{'roleName':'basic'}]}]}, "correlationData":"20"}]}
+    {"groupname":"group_one", "textname":"Name", "textdescription":"Description",
+    "clients":[], "roles":[{'rolename':'basic'}]}]}, "correlationData":"20"}]}

 remove_role_from_client_command = {"commands": [{'command': 'removeClientRole', "username": "user_one",
-    "roleName": "basic"}]}
+    "rolename": "basic"}]}
 remove_role_from_client_response = {'responses': [{'command': 'removeClientRole'}]}

-remove_role_from_group_command = {"commands": [{'command': 'removeGroupRole', "groupName": "group_one",
-    "roleName": "basic"}]}
+remove_role_from_group_command = {"commands": [{'command': 'removeGroupRole', "groupname": "group_one",
+    "rolename": "basic"}]}
 remove_role_from_group_response = {'responses': [{'command': 'removeGroupRole'}]}


 rc = 1
 keepalive = 10
-connect_packet = mosq_test.gen_connect("ctrl-test", keepalive=keepalive)
+connect_packet = mosq_test.gen_connect("ctrl-test", keepalive=keepalive, username="admin", password="admin")
 connack_packet = mosq_test.gen_connack(rc=0)

 mid = 2
@ -125,13 +146,9 @@ suback_packet = mosq_test.gen_suback(mid, 1)

 try:
    os.mkdir(str(port))
-    with open("%d/dynamic-security.json" % port, 'w') as f:
-        f.write('{"defaultACLAction": {"publishClientSend":"allow", "publishClientReceive":"allow", "subscribe":"allow", "unsubscribe":"allow"}}')
+    shutil.copyfile("dynamic-security-init.json", "%d/dynamic-security.json" % (port))
 except FileExistsError:
-    try:
-        os.remove(f"{port}/dynamic-security.json")
-    except FileNotFoundError:
-        pass
+    pass

 broker = mosq_test.start_broker(filename=os.path.basename(__file__), use_conf=True, port=port)

--- a/test/broker/Makefile
+++ b/test/broker/Makefile
@ -221,9 +221,10 @@ endif
 	./13-malformed-unsubscribe-v5.py

 14 :
-	#./14-dynsec-client.py
-	#./14-dynsec-group.py
-	#./14-dynsec-role.py
-	#./14-dynsec-modify-client.py
-	#./14-dynsec-modify-group.py
-	#./14-dynsec-modify-role.py
+	./14-dynsec-client.py
+	./14-dynsec-group.py
+	./14-dynsec-role.py
+	./14-dynsec-modify-client.py
+	./14-dynsec-modify-group.py
+	./14-dynsec-modify-role.py
+	./14-dynsec-disable-client.py
--- a/test/broker/dynamic-security-init.json
+++ b/test/broker/dynamic-security-init.json
@ -0,0 +1,54 @@
+{
+	"clients":	[{
+			"username":	"admin",
+			"textName":	"Dynsec admin user",
+			"password":	"Rko31yHY12ryMoyZTBNIUsCPb5SDa4WmUP3Xe2+V6P+QOSW3Gj6IDmpl6zQsAjutb476zEYdBeTw9tU7WZ1new==",
+			"salt":	"Ezuo4G1TqYtTQDL/",
+			"iterations":	101,
+			"roles":	[{
+					"rolename":	"admin"
+				}]
+		}],
+	"roles":	[{
+			"rolename":	"admin",
+			"acls":	[{
+					"acltype":	"publishClientSend",
+					"topic":	"$CONTROL/dynamic-security/#",
+					"allow":	true
+				}, {
+					"acltype":	"publishClientReceive",
+					"topic":	"$CONTROL/dynamic-security/#",
+					"allow":	true
+				}, {
+					"acltype":	"subscribePattern",
+					"topic":	"$CONTROL/dynamic-security/#",
+					"allow":	true
+				}, {
+					"acltype":	"publishClientReceive",
+					"topic":	"$SYS/#",
+					"allow":	true
+				}, {
+					"acltype":	"subscribePattern",
+					"topic":	"$SYS/#",
+					"allow":	true
+				}, {
+					"acltype":	"publishClientReceive",
+					"topic":	"#",
+					"allow":	true
+				}, {
+					"acltype":	"subscribePattern",
+					"topic":	"#",
+					"allow":	true
+				}, {
+					"acltype":	"unsubscribePattern",
+					"topic":	"#",
+					"allow":	true
+				}]
+		}],
+	"defaultACLAccess":	{
+		"publishClientSend":	false,
+		"publishClientReceive":	true,
+		"subscribe":	false,
+		"unsubscribe":	true
+	}
+}
--- a/test/broker/test.py
+++ b/test/broker/test.py
@ -189,12 +189,13 @@ tests = [
    (1, './13-malformed-subscribe-v5.py'),
    (1, './13-malformed-unsubscribe-v5.py'),

-    #(1, './14-dynsec-client.py'),
-    #(1, './14-dynsec-group.py'),
-    #(1, './14-dynsec-role.py'),
-    #(1, './14-dynsec-modify-client.py'),
-    #(1, './14-dynsec-modify-group.py'),
-    #(1, './14-dynsec-modify-role.py'),
+    (1, './14-dynsec-client.py'),
+    (1, './14-dynsec-group.py'),
+    (1, './14-dynsec-role.py'),
+    (1, './14-dynsec-modify-client.py'),
+    (1, './14-dynsec-modify-group.py'),
+    (1, './14-dynsec-modify-role.py'),
+    (1, './14-dynsec-disable-client.py'),
    ]

 ptest.run_tests(tests)