From 6bd45f0092c2bfcc46c71dae4526ed1a331c72cb Mon Sep 17 00:00:00 2001 From: "Roger A. Light" Date: Mon, 30 Nov 2020 17:15:43 +0000 Subject: [PATCH] dynsec: Better test coverage --- test/broker/14-dynsec-acl.py | 11 +- test/broker/14-dynsec-client-invalid.py | 13 +- test/broker/14-dynsec-group.py | 55 +++++++-- test/broker/14-dynsec-plugin-invalid.py | 150 ++++++++++++++++++++++++ test/broker/14-dynsec-role-invalid.py | 8 +- test/broker/14-dynsec-role.py | 50 +++++++- test/broker/Makefile | 1 + test/broker/test.py | 1 + 8 files changed, 266 insertions(+), 23 deletions(-) create mode 100755 test/broker/14-dynsec-plugin-invalid.py diff --git a/test/broker/14-dynsec-acl.py b/test/broker/14-dynsec-acl.py index e8889fd9..670be99a 100755 --- a/test/broker/14-dynsec-acl.py +++ b/test/broker/14-dynsec-acl.py @@ -58,6 +58,7 @@ add_client_group_role_response = {'responses': [ add_publish_acl_command = {"commands":[ { "command": "addRoleACL", "rolename": "myrole", "acltype": "publishClientSend", "topic": "simple/topic", "allow": True }, + { "command": "addRoleACL", "rolename": "myrole", "acltype": "publishClientSend", "topic": "single-wildcard/deny/deny", "priority":10, "allow": False }, { "command": "addRoleACL", "rolename": "myrole", "acltype": "publishClientSend", "topic": "single-wildcard/+/+", "allow": True }, { "command": "addRoleACL", "rolename": "myrole", "acltype": "publishClientSend", "topic": "multilevel-wildcard/topic/#", "allow": True }, { "command": "addRoleACL", "rolename": "myrole", "acltype": "publishClientReceive", "topic": "single-wildcard/bob/bob", "allow": False }, @@ -67,7 +68,7 @@ add_publish_acl_command = {"commands":[ add_publish_acl_response = {'responses': [ {'command': 'addRoleACL'}, {'command': 'addRoleACL'}, {'command': 'addRoleACL'}, {'command': 'addRoleACL'}, - {'command': 'addRoleACL'} + {'command': 'addRoleACL'}, {'command': 'addRoleACL'} ]} delete_role_command = {"commands":[ @@ -110,6 +111,11 @@ puback_simple_packet_fail = mosq_test.gen_puback(mid, reason_code=mqtt5_rc.MQTT_ publish_simple_packet_r = mosq_test.gen_publish(topic="simple/topic", qos=0, payload="message", proto_ver=5) +# This message is in single-wildcard/+/+ so could be allowed, but the single-wildcard/deny/deny with higher priority should override +mid = 9 +publish_single_packet_denied = mosq_test.gen_publish(mid=mid, topic="single-wildcard/deny/deny", qos=1, payload="message", proto_ver=5) +puback_single_packet_denied_fail = mosq_test.gen_puback(mid, reason_code=mqtt5_rc.MQTT_RC_NOT_AUTHORIZED, proto_ver=5) + mid = 8 publish_single_packet = mosq_test.gen_publish(mid=mid, topic="single-wildcard/bob/topic", qos=1, payload="message", proto_ver=5) puback_single_packet_success = mosq_test.gen_puback(mid, proto_ver=5) @@ -232,6 +238,9 @@ try: csock.send(publish_single_packet) mosq_test.receive_unordered(csock, publish_single_packet_r, puback_single_packet_success, "puback single 3 / publish r") + # Publish to "single-wildcard/deny/deny" - this is stillnot allowed + mosq_test.do_send_receive(csock, publish_single_packet_denied, puback_single_packet_denied_fail, "puback single denied 1") + # Publish to "multilevel-wildcard/topic/topic/allowed" - this is now allowed csock.send(publish_multi_packet) mosq_test.receive_unordered(csock, publish_multi_packet_r, puback_multi_packet_success, "puback multi 3 / publish r") diff --git a/test/broker/14-dynsec-client-invalid.py b/test/broker/14-dynsec-client-invalid.py index bc6eb599..c379eaeb 100755 --- a/test/broker/14-dynsec-client-invalid.py +++ b/test/broker/14-dynsec-client-invalid.py @@ -70,13 +70,17 @@ create_client8_response = {'responses': [{'command': 'createClient', 'error': 'I create_client9_command = { 'commands': [{'command': 'createClient', 'username': 'admin', 'password':'5'}]} create_client9_response = {'responses': [{'command': 'createClient', 'error': 'Client already exists'}]} +# Roles not an array +create_client10_command = { 'commands': [{'command': 'createClient', 'username': 'user', 'password':'5', 'roles':'bad'}] } +create_client10_response = {'responses': [{'command': 'createClient', 'error': "'roles' not an array or missing/invalid rolename"}]} + # Role not found -create_client10_command = { 'commands': [{'command': 'createClient', 'username': 'user', 'password':'5', 'roles':[{'rolename':'notfound'}]}] } -create_client10_response = {'responses': [{'command': 'createClient', 'error': 'Role not found'}]} +create_client11_command = { 'commands': [{'command': 'createClient', 'username': 'user', 'password':'5', 'roles':[{'rolename':'notfound'}]}] } +create_client11_response = {'responses': [{'command': 'createClient', 'error': 'Role not found'}]} # Group not found -create_client11_command = { 'commands': [{'command': 'createClient', 'username': 'user', 'password':'5', 'groups':[{'groupname':'notfound'}]}] } -create_client11_response = {'responses': [{'command': 'createClient', 'error': 'Group not found'}]} +create_client12_command = { 'commands': [{'command': 'createClient', 'username': 'user', 'password':'5', 'groups':[{'groupname':'notfound'}]}] } +create_client12_response = {'responses': [{'command': 'createClient', 'error': 'Group not found'}]} # ========================================================================== @@ -375,6 +379,7 @@ try: command_check(sock, create_client9_command, create_client9_response, "9") command_check(sock, create_client10_command, create_client10_response, "10") command_check(sock, create_client11_command, create_client11_response, "11") + command_check(sock, create_client12_command, create_client12_response, "12") command_check(sock, delete_client1_command, delete_client1_response, "1") command_check(sock, delete_client2_command, delete_client2_response, "2") diff --git a/test/broker/14-dynsec-group.py b/test/broker/14-dynsec-group.py index d9fe855c..947f2806 100755 --- a/test/broker/14-dynsec-group.py +++ b/test/broker/14-dynsec-group.py @@ -29,42 +29,70 @@ write_config(conf_file, port) create_client_command = { "commands": [{ "command": "createClient", "username": "user_one", "password": "password", "clientid": "cid", - "textname": "Name", "textdescription": "Description", + "textname": "Name", "textdescription": "description", "rolename": "", "correlationData": "2" }]} create_client_response = {'responses':[{"command":"createClient","correlationData":"2"}]} +create_client2_command = { "commands": [{ + "command": "createClient", "username": "user_two", + "password": "password", + "textname": "Name", "textdescription": "description", + "rolename": "", "correlationData": "1" }]} +create_client2_response = {'responses':[{"command":"createClient","correlationData":"1"}]} + create_group_command = { "commands": [{ "command": "createGroup", "groupname": "group_one", - "textname": "Name", "textdescription": "Description", + "textname": "Name", "textdescription": "description", "correlationData":"3"}]} create_group_response = {'responses':[{"command":"createGroup","correlationData":"3"}]} create_group_repeat_response = {'responses':[{"command":"createGroup","error":"Group already exists","correlationData":"3"}]} +create_group2_command = { "commands": [{ + "command": "createGroup", "groupname": "group_two", + "textname": "Name", "textdescription": "description", + "correlationData":"30"}]} +create_group2_response = {'responses':[{"command":"createGroup","correlationData":"30"}]} + list_groups_command = { "commands": [{ "command": "listGroups", "verbose": False, "correlationData": "10"}]} -list_groups_response = {'responses':[{"command": "listGroups", "data":{"totalCount":1, "groups":["group_one"]},"correlationData":"10"}]} +list_groups_response = {'responses':[{"command": "listGroups", "data":{"totalCount":2, "groups":["group_one","group_two"]},"correlationData":"10"}]} list_groups_verbose_command = { "commands": [{ "command": "listGroups", "verbose": True, "correlationData": "15"}]} -list_groups_verbose_response = {'responses':[{'command': 'listGroups', 'data': {"totalCount":1, 'groups': - [{'groupname': 'group_one', 'textname': 'Name', 'textdescription': 'Description', 'clients': [ - {"username":"user_one"}], "roles":[]}]}, - 'correlationData': '15'}]} +list_groups_verbose_response = {'responses':[{'command': 'listGroups', 'data': {"totalCount":2, 'groups':[ + {'groupname': 'group_one', 'textname': 'Name', 'textdescription': 'description', 'clients': [ + {"username":"user_one"}, {"username":"user_two"}], "roles":[]}, + {'groupname': 'group_two', 'textname': 'Name', 'textdescription': 'description', 'clients': [ + {"username":"user_one"}], "roles":[]} + ]}, + 'correlationData': '15'}]} list_clients_verbose_command = { "commands": [{ "command": "listClients", "verbose": True, "correlationData": "20"}]} -list_clients_verbose_response = {'responses':[{"command": "listClients", "data":{"totalCount":2, "clients":[ +list_clients_verbose_response = {'responses':[{"command": "listClients", "data":{"totalCount":3, "clients":[ {'username': 'admin', 'textname': 'Dynsec admin user', 'roles': [{'rolename': 'admin'}], 'groups': []}, - {"username":"user_one", "clientid":"cid", "textname":"Name", "textdescription":"Description", - "groups":[{"groupname":"group_one"}], "roles":[]}]}, "correlationData":"20"}]} + {"username":"user_one", "clientid":"cid", "textname":"Name", "textdescription":"description", + "groups":[{"groupname":"group_one"}, {"groupname":"group_two"}], "roles":[]}, + {"username":"user_two", "textname":"Name", "textdescription":"description", + "groups":[{"groupname":"group_one"}], "roles":[]}, + ]}, "correlationData":"20"}]} get_group_command = { "commands": [{"command": "getGroup", "groupname":"group_one"}]} get_group_response = {'responses':[{'command': 'getGroup', 'data': {'group': {'groupname': 'group_one', - 'textname':'Name', 'textdescription':'Description', 'clients': [{"username":"user_one"}], 'roles': []}}}]} + 'textname':'Name', 'textdescription':'description', 'clients': [{"username":"user_one"}, {"username":"user_two"}], 'roles': []}}}]} add_client_to_group_command = {"commands": [{"command":"addGroupClient", "username":"user_one", "groupname": "group_one", "correlationData":"1234"}]} add_client_to_group_response = {'responses':[{'command': 'addGroupClient', 'correlationData': '1234'}]} +add_duplicate_client_to_group_response = {'responses':[{'command': 'addGroupClient', 'correlationData': '1234'}]} + +add_client_to_group2_command = {"commands": [{"command":"addGroupClient", "username":"user_one", + "groupname": "group_two", "correlationData":"1234"}]} +add_client_to_group2_response = {'responses':[{'command': 'addGroupClient', 'correlationData': '1234'}]} + +add_client2_to_group_command = {"commands": [{"command":"addGroupClient", "username":"user_two", + "groupname": "group_one", "correlationData":"1235"}]} +add_client2_to_group_response = {'responses':[{'command': 'addGroupClient', 'correlationData': '1235'}]} remove_client_from_group_command = {"commands": [{"command":"removeGroupClient", "username":"user_one", "groupname": "group_one", "correlationData":"4321"}]} @@ -97,12 +125,17 @@ try: # Add client command_check(sock, create_client_command, create_client_response) + command_check(sock, create_client2_command, create_client2_response) # Add group + command_check(sock, create_group2_command, create_group2_response) command_check(sock, create_group_command, create_group_response) # Add client to group command_check(sock, add_client_to_group_command, add_client_to_group_response) + command_check(sock, add_client_to_group2_command, add_client_to_group2_response) + command_check(sock, add_client2_to_group_command, add_client2_to_group_response) + command_check(sock, add_client_to_group_command, add_duplicate_client_to_group_response) # Get group command_check(sock, get_group_command, get_group_response) diff --git a/test/broker/14-dynsec-plugin-invalid.py b/test/broker/14-dynsec-plugin-invalid.py new file mode 100755 index 00000000..7a613dcc --- /dev/null +++ b/test/broker/14-dynsec-plugin-invalid.py @@ -0,0 +1,150 @@ +#!/usr/bin/env python3 + +# Check invalid inputs for plugin commands + +from mosq_test_helper import * +import json +import shutil + +def write_config(filename, port): + with open(filename, 'w') as f: + f.write("listener %d\n" % (port)) + f.write("allow_anonymous true\n") + f.write("plugin ../../plugins/dynamic-security/mosquitto_dynamic_security.so\n") + f.write("plugin_opt_config_file %d/dynamic-security.json\n" % (port)) + +def command_check(sock, command_payload, expected_response, msg=""): + command_packet = mosq_test.gen_publish(topic="$CONTROL/dynamic-security/v1", qos=0, payload=json.dumps(command_payload)) + sock.send(command_packet) + response = json.loads(mosq_test.read_publish(sock)) + if response != expected_response: + print(expected_response) + print(response) + if msg != "": + print(msg) + raise ValueError(response) + + +def command_check_text(sock, command_payload, expected_response, msg=""): + command_packet = mosq_test.gen_publish(topic="$CONTROL/dynamic-security/v1", qos=0, payload=command_payload) + sock.send(command_packet) + response = json.loads(mosq_test.read_publish(sock)) + if response != expected_response: + print(expected_response) + print(response) + if msg != "": + print(msg) + raise ValueError(response) + + +port = mosq_test.get_port() +conf_file = os.path.basename(__file__).replace('.py', '.conf') +write_config(conf_file, port) + +# ========================================================================== +# Bad commands +# ========================================================================== + +# Invalid JSON +bad1_command = 'not json' +bad1_response = {'responses': [{'command': 'Unknown command', 'error': 'Invalid/missing commands'}]} + +# No commands +bad2_command = {} +bad2_response = {'responses': [{'command': 'Unknown command', 'error': 'Invalid/missing commands'}]} + +# Commands not an array +bad3_command = {'commands': 'test'} +bad3_response = {'responses': [{'command': 'Unknown command', 'error': 'Invalid/missing commands'}]} + +# Empty commands array +bad4_command = {'commands': []} +bad4_response = {'responses': []} + +# Empty command +bad5_command = {'commands': ['bad']} +bad5_response = {'responses': [{'command': 'Unknown command', 'error': 'Command not an object'}]} + +# Bad array type +bad6_command = {'commands': [{}]} +bad6_response = {'responses': [{'command': 'Unknown command', 'error': 'Missing command'}]} + +# Bad command type +bad7_command = {'commands': [{'command':6}]} +bad7_response = {'responses': [{'command': 'Unknown command', 'error': 'Missing command'}]} + +# Bad correlationData type +bad8_command = {'commands': [{'command':'command', 'correlationData':6}]} +bad8_response = {'responses': [{'command': 'command', 'error': 'Invalid correlationData data type.'}]} + +# Unknown command +bad9_command = {'commands': [{'command':'command'}]} +bad9_response = {'responses': [{'command': 'command', 'error': 'Unknown command'}]} + +# ========================================================================== +# setDefaultACLAccess +# ========================================================================== + +# Missing actions array +set_default1_command = {'commands': [{'command':'setDefaultACLAccess'}]} +set_default1_response = {'responses': [{'command': 'setDefaultACLAccess', 'error': 'Missing/invalid actions array'}]} + +# Actions array not an array +set_default2_command = {'commands': [{'command':'setDefaultACLAccess', 'actions':'bad'}]} +set_default2_response = {'responses': [{'command': 'setDefaultACLAccess', 'error': 'Missing/invalid actions array'}]} + + +rc = 1 +keepalive = 10 +connect_packet = mosq_test.gen_connect("ctrl-test", keepalive=keepalive, username="admin", password="admin") +connack_packet = mosq_test.gen_connack(rc=0) + +mid = 2 +subscribe_packet = mosq_test.gen_subscribe(mid, "$CONTROL/dynamic-security/#", 1) +suback_packet = mosq_test.gen_suback(mid, 1) + +try: + os.mkdir(str(port)) + shutil.copyfile("dynamic-security-init.json", "%d/dynamic-security.json" % (port)) +except FileExistsError: + pass + +broker = mosq_test.start_broker(filename=os.path.basename(__file__), use_conf=True, port=port) + +try: + sock = mosq_test.do_client_connect(connect_packet, connack_packet, timeout=5, port=port) + mosq_test.do_send_receive(sock, subscribe_packet, suback_packet, "suback") + + command_check(sock, bad1_command, bad1_response, "1") + command_check(sock, bad2_command, bad2_response, "2") + command_check(sock, bad3_command, bad3_response, "3") + command_check(sock, bad4_command, bad4_response, "4") + command_check(sock, bad5_command, bad5_response, "5") + command_check(sock, bad6_command, bad6_response, "6") + command_check(sock, bad7_command, bad7_response, "7") + command_check(sock, bad8_command, bad8_response, "8") + command_check(sock, bad9_command, bad9_response, "9") + + command_check(sock, set_default1_command, set_default1_response, "1") + command_check(sock, set_default2_command, set_default2_response, "2") + + rc = 0 + + sock.close() +except mosq_test.TestError: + pass +finally: + os.remove(conf_file) + try: + os.remove(f"{port}/dynamic-security.json") + except FileNotFoundError: + pass + os.rmdir(f"{port}") + broker.terminate() + broker.wait() + (stdo, stde) = broker.communicate() + if rc: + print(stde.decode('utf-8')) + + +exit(rc) diff --git a/test/broker/14-dynsec-role-invalid.py b/test/broker/14-dynsec-role-invalid.py index 3198e15a..20f8001c 100755 --- a/test/broker/14-dynsec-role-invalid.py +++ b/test/broker/14-dynsec-role-invalid.py @@ -144,12 +144,15 @@ add_role_acl6_response = {'responses': [{'command': 'addRoleACL', 'error': 'Unkn add_role_acl7_command = { 'commands': [{'command': 'addRoleACL', 'rolename': 'validrole', 'acltype':'unsubscribePattern' }] } add_role_acl7_response = {'responses': [{'command': 'addRoleACL', 'error': 'Invalid/missing topic'}]} -add_role_acl8_command = { 'commands': [{'command': 'addRoleACL', 'rolename': 'validrole', 'acltype':'unsubscribePattern', 'topic':5 }] } +add_role_acl8_command = { 'commands': [{'command': 'addRoleACL', 'rolename': 'validrole', 'acltype':'subscribePattern', 'topic':5 }] } add_role_acl8_response = {'responses': [{'command': 'addRoleACL', 'error': 'Invalid/missing topic'}]} -add_role_acl9_command = { 'commands': [{'command': 'addRoleACL', 'rolename': 'validrole', 'acltype':'unsubscribePattern', 'topic':'￿LO' }] } +add_role_acl9_command = { 'commands': [{'command': 'addRoleACL', 'rolename': 'validrole', 'acltype':'unsubscribeLiteral', 'topic':'￿LO' }] } add_role_acl9_response = {'responses': [{'command': 'addRoleACL', 'error': 'Topic not valid UTF-8'}]} +add_role_acl10_command = { 'commands': [{'command': 'addRoleACL', 'rolename': 'validrole', 'acltype':'unsubscribeLiteral', 'topic':'not/#/valid' }] } +add_role_acl10_response = {'responses': [{'command': 'addRoleACL', 'error': 'Invalid ACL topic'}]} + # ========================================================================== # Remove role ACL @@ -278,6 +281,7 @@ try: command_check(sock, add_role_acl7_command, add_role_acl7_response, "7") command_check(sock, add_role_acl8_command, add_role_acl8_response, "8") command_check(sock, add_role_acl9_command, add_role_acl9_response, "9") + command_check(sock, add_role_acl10_command, add_role_acl10_response, "10") command_check(sock, remove_role_acl1_command, remove_role_acl1_response, "1") command_check(sock, remove_role_acl2_command, remove_role_acl2_response, "2") diff --git a/test/broker/14-dynsec-role.py b/test/broker/14-dynsec-role.py index 1bab1be0..030667a2 100755 --- a/test/broker/14-dynsec-role.py +++ b/test/broker/14-dynsec-role.py @@ -35,6 +35,14 @@ create_client_command = { "commands": [{ } create_client_response = {'responses': [{'command': 'createClient', 'correlationData': '2'}]} +create_client2_command = { "commands": [{ + "command": "createClient", "username": "user_two", + "password": "password", + "textname": "Name", "textdescription": "Description", + "rolename": "", "correlationData": "3" }] +} +create_client2_response = {'responses': [{'command': 'createClient', 'correlationData': '3'}]} + create_group_command = { "commands": [{ "command": "createGroup", "groupname": "group_one", "textname": "Name", "textdescription": "Description", @@ -47,11 +55,21 @@ create_role_command = { "commands": [{'command': 'createRole', 'correlationData' }]} create_role_response = {'responses': [{'command': 'createRole', 'correlationData': '3'}]} +create_role2_command = { "commands": [{'command': 'createRole', 'correlationData': '3', + "rolename": "basic2", "acls":[ + {"acltype":"publishClientSend", "topic": "out/#", "priority":3, "allow": True}], "textname":"name", "textdescription":"desc" + }]} +create_role2_response = {'responses': [{'command': 'createRole', 'correlationData': '3'}]} + add_role_to_client_command = {"commands": [{'command': 'addClientRole', "username": "user_one", "rolename": "basic"}]} add_role_to_client_response = {'responses': [{'command': 'addClientRole'}]} +add_role_to_client2_command = {"commands": [{'command': 'addClientRole', "username": "user_one", + "rolename": "basic2"}]} +add_role_to_client2_response = {'responses': [{'command': 'addClientRole'}]} + add_role_to_group_command = {"commands": [{'command': 'addGroupRole', "groupname": "group_one", "rolename": "basic"}]} add_role_to_group_response = {'responses': [{'command': 'addGroupRole'}]} @@ -61,7 +79,7 @@ list_roles_verbose_command1 = { "commands": [{ "command": "listRoles", "verbose": True, "correlationData": "21"}] } list_roles_verbose_response1 = {'responses': [{'command': 'listRoles', 'data': - {'totalCount':2, 'roles': [ + {'totalCount':3, 'roles': [ {"rolename":"admin","acls":[ {"acltype": "publishClientSend", "topic": "$CONTROL/dynamic-security/#", "priority":0, "allow": True }, {"acltype": "publishClientReceive", "topic": "$CONTROL/dynamic-security/#", "priority":0, "allow": True }, @@ -72,6 +90,8 @@ list_roles_verbose_response1 = {'responses': [{'command': 'listRoles', 'data': {"acltype": "subscribePattern", "topic": "#", "priority":0, "allow": True}, {"acltype": "unsubscribePattern", "topic": "#", "priority":0, "allow": True}]}, {'rolename': 'basic', "textname": "name", "textdescription": "desc", + 'acls': [{'acltype':'publishClientSend', 'topic': 'out/#', 'priority': 3, 'allow': True}]}, + {'rolename': 'basic2', "textname": "name", "textdescription": "desc", 'acls': [{'acltype':'publishClientSend', 'topic': 'out/#', 'priority': 3, 'allow': True}] }]}, 'correlationData': '21'}]} @@ -79,10 +99,14 @@ add_acl_command = {"commands": [{'command': "addRoleACL", "rolename":"basic", "a "topic":"basic/out", "priority":1, "allow":True}]} add_acl_response = {'responses': [{'command': 'addRoleACL'}]} +add_acl2_command = {"commands": [{'command': "addRoleACL", "rolename":"basic", "acltype":"subscribeLiteral", + "topic":"basic/out", "priority":1, "allow":True}]} +add_acl2_response = {'responses': [{'command': 'addRoleACL', 'error':'ACL with this topic already exists'}]} + list_roles_verbose_command2 = { "commands": [{ "command": "listRoles", "verbose": True, "correlationData": "22"}] } -list_roles_verbose_response2 = {'responses': [{'command': 'listRoles', 'data': {'totalCount':2, 'roles': +list_roles_verbose_response2 = {'responses': [{'command': 'listRoles', 'data': {'totalCount':3, 'roles': [{"rolename":"admin","acls":[ {"acltype": "publishClientSend", "topic": "$CONTROL/dynamic-security/#", "priority":0, "allow": True }, {"acltype": "publishClientReceive", "topic": "$CONTROL/dynamic-security/#", "priority":0, "allow": True }, @@ -94,7 +118,9 @@ list_roles_verbose_response2 = {'responses': [{'command': 'listRoles', 'data': { {"acltype": "unsubscribePattern", "topic": "#", "priority":0, "allow": True}]}, {'rolename': 'basic', 'textname': 'name', 'textdescription': 'desc', 'acls': [{'acltype':'publishClientSend', 'topic': 'out/#', 'priority': 3, 'allow': True}, - {'acltype':'subscribeLiteral', 'topic': 'basic/out', 'priority': 1, 'allow': True}], + {'acltype':'subscribeLiteral', 'topic': 'basic/out', 'priority': 1, 'allow': True}]}, + {'rolename': 'basic2', "textname": "name", "textdescription": "desc", + 'acls': [{'acltype':'publishClientSend', 'topic': 'out/#', 'priority': 3, 'allow': True}] }]}, 'correlationData': '22'}]} get_role_command = {"commands": [{'command': "getRole", "rolename":"basic"}]} @@ -108,16 +134,25 @@ remove_acl_command = {"commands": [{'command': "removeRoleACL", "rolename":"basi "topic":"basic/out"}]} remove_acl_response = {'responses': [{'command': 'removeRoleACL'}]} +remove_acl2_command = {"commands": [{'command': "removeRoleACL", "rolename":"basic", "acltype":"subscribeLiteral", + "topic":"basic/out"}]} +remove_acl2_response = {'responses': [{'command': 'removeRoleACL', 'error':'ACL not found'}]} + delete_role_command = {"commands": [{'command': "deleteRole", "rolename":"basic"}]} delete_role_response = {"responses": [{"command": "deleteRole"}]} +delete_role2_command = {"commands": [{'command': "deleteRole", "rolename":"basic"}]} +delete_role2_response = {"responses": [{"command": "deleteRole"}]} + list_clients_verbose_command = { "commands": [{ "command": "listClients", "verbose": True, "correlationData": "20"}] } -list_clients_verbose_response = {'responses':[{"command": "listClients", "data":{'totalCount':2, "clients":[ +list_clients_verbose_response = {'responses':[{"command": "listClients", "data":{'totalCount':3, "clients":[ {'username': 'admin', 'textname': 'Dynsec admin user', 'roles': [{'rolename': 'admin'}], 'groups': []}, {"username":"user_one", "clientid":"cid", "textname":"Name", "textdescription":"Description", - "groups":[], "roles":[{'rolename':'basic'}]}]}, "correlationData":"20"}]} + "groups":[], "roles":[{'rolename':'basic'}, {'rolename':'basic2'}]}, + {"username":"user_two", "textname":"Name", "textdescription":"Description", + "groups":[], "roles":[]}]}, "correlationData":"20"}]} list_groups_verbose_command = { "commands": [{ "command": "listGroups", "verbose": True, "correlationData": "20"}] @@ -157,6 +192,7 @@ try: mosq_test.do_send_receive(sock, subscribe_packet, suback_packet, "suback") # Create client + command_check(sock, create_client2_command, create_client2_response) command_check(sock, create_client_command, create_client_response) # Create group @@ -164,8 +200,10 @@ try: # Create role command_check(sock, create_role_command, create_role_response) + command_check(sock, create_role2_command, create_role2_response) # Add role to client + command_check(sock, add_role_to_client2_command, add_role_to_client2_response) command_check(sock, add_role_to_client_command, add_role_to_client_response) # Add role to group @@ -182,6 +220,7 @@ try: # Add ACL command_check(sock, add_acl_command, add_acl_response) + command_check(sock, add_acl2_command, add_acl2_response) # List roles verbose 2 command_check(sock, list_roles_verbose_command2, list_roles_verbose_response2, "list roles verbose 2a") @@ -202,6 +241,7 @@ try: # Remove ACL command_check(sock, remove_acl_command, remove_acl_response) + command_check(sock, remove_acl2_command, remove_acl2_response) # List roles verbose 1 command_check(sock, list_roles_verbose_command1, list_roles_verbose_response1, "list roles verbose 1b") diff --git a/test/broker/Makefile b/test/broker/Makefile index 99171d5d..c139e1be 100644 --- a/test/broker/Makefile +++ b/test/broker/Makefile @@ -235,6 +235,7 @@ ifeq ($(WITH_CJSON),yes) ./14-dynsec-modify-client.py ./14-dynsec-modify-group.py ./14-dynsec-modify-role.py + ./14-dynsec-plugin-invalid.py ./14-dynsec-role.py ./14-dynsec-role-invalid.py endif diff --git a/test/broker/test.py b/test/broker/test.py index 6136a6ed..28ecc92d 100755 --- a/test/broker/test.py +++ b/test/broker/test.py @@ -201,6 +201,7 @@ tests = [ (1, './14-dynsec-modify-client.py'), (1, './14-dynsec-modify-group.py'), (1, './14-dynsec-modify-role.py'), + (1, './14-dynsec-plugin-invalid.py'), (1, './14-dynsec-role.py'), (1, './14-dynsec-role-invalid.py'), ]