d0kuhn/mosquitto
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix basic dynsec tests.

Browse Source
This commit is contained in:
Roger A. Light 2020-11-05 23:48:11 +00:00
parent c2651cf005
commit 255ae24a6d
10 changed files with 368 additions and 186 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
test/broker/14-dynsec-client.py
View File

@ -2,6 +2,7 @@
from mosq_test_helper import *
import json
import shutil
def write_config(filename, port):
with open(filename, 'w') as f:
@ -28,8 +29,8 @@ write_config(conf_file, port)
add_client_command = { "commands": [{
"command": "createClient", "username": "user_one",
"password": "password", "clientid": "cid",
"textName": "Name", "textDescription": "Description",
"roleName": "", "correlationData": "2" }]
"textname": "Name", "textdescription": "Description",
"rolename": "", "correlationData": "2" }]
}
add_client_response = {'responses': [{'command': 'createClient', 'correlationData': '2'}]}
add_client_repeat_response = {'responses':[{"command":"createClient","error":"Client already exists", "correlationData":"2"}]}
@ -37,20 +38,21 @@ add_client_repeat_response = {'responses':[{"command":"createClient","error":"Cl
list_clients_command = { "commands": [{
"command": "listClients", "verbose": False, "correlationData": "10"}]
}
list_clients_response = {'responses': [{"command": "listClients", "data":{"totalCount":1, "clients":["user_one"]},"correlationData":"10"}]}
list_clients_response = {'responses': [{"command": "listClients", "data":{"totalCount":2, "clients":["admin", "user_one"]},"correlationData":"10"}]}
list_clients_verbose_command = { "commands": [{
"command": "listClients", "verbose": True, "correlationData": "20"}]
}
list_clients_verbose_response = {'responses':[{"command": "listClients", "data":{"totalCount":1, "clients":[
{"username":"user_one", "clientid":"cid", "textName":"Name", "textDescription":"Description",
"groups":[], "roles":[]}]}, "correlationData":"20"}]}
list_clients_verbose_response = {'responses':[{"command": "listClients", "data":{"totalCount":2, "clients":[
{'username': 'admin', 'textname': 'Dynsec admin user', 'roles': [{'rolename': 'admin'}], 'groups': []},
{"username":"user_one", "clientid":"cid", "textname":"Name", "textdescription":"Description",
"roles":[], "groups":[]}]}, "correlationData":"20"}]}
get_client_command = { "commands": [{
"command": "getClient", "username": "user_one"}]}
get_client_response = {'responses':[{'command': 'getClient', 'data': {'client': {'username': 'user_one', 'clientid': 'cid',
'textName': 'Name', 'textDescription': 'Description', 'groups': [], 'roles': []}}}]}
'textname': 'Name', 'textdescription': 'Description', 'groups': [], 'roles': []}}}]}
set_client_password_command = {"commands": [{
"command": "setClientPassword", "username": "user_one", "password": "password"}]}
@ -63,22 +65,18 @@ delete_client_response = {'responses':[{'command': 'deleteClient'}]}
rc = 1
keepalive = 10
connect_packet = mosq_test.gen_connect("ctrl-test", keepalive=keepalive)
connect_packet = mosq_test.gen_connect("ctrl-test", keepalive=keepalive, username="admin", password="admin")
connack_packet = mosq_test.gen_connack(rc=0)
mid = 2
subscribe_packet = mosq_test.gen_subscribe(mid, "$CONTROL/#", 1)
subscribe_packet = mosq_test.gen_subscribe(mid, "$CONTROL/dynamic-security/#", 1)
suback_packet = mosq_test.gen_suback(mid, 1)
try:
os.mkdir(str(port))
with open("%d/dynamic-security.json" % port, 'w') as f:
f.write('{"defaultACLAction": {"publishClientSend":"allow", "publishClientReceive":"allow", "subscribe":"allow", "unsubscribe":"allow"}}')
shutil.copyfile("dynamic-security-init.json", "%d/dynamic-security.json" % (port))
except FileExistsError:
try:
os.remove(f"{port}/dynamic-security.json")
except FileNotFoundError:
pass
pass
broker = mosq_test.start_broker(filename=os.path.basename(__file__), use_conf=True, port=port)

122
test/broker/14-dynsec-disable-client.py Executable file
View File

@ -0,0 +1,122 @@
#!/usr/bin/env python3
from mosq_test_helper import *
import json
import shutil
def write_config(filename, port):
with open(filename, 'w') as f:
f.write("listener %d\n" % (port))
f.write("allow_anonymous true\n")
f.write("plugin ../../plugins/dynamic-security/mosquitto_dynamic_security.so\n")
f.write("plugin_opt_config_file %d/dynamic-security.json\n" % (port))
def command_check(sock, command_payload, expected_response):
command_packet = mosq_test.gen_publish(topic="$CONTROL/dynamic-security/v1", qos=0, payload=json.dumps(command_payload))
sock.send(command_packet)
response = json.loads(mosq_test.read_publish(sock))
if response != expected_response:
print(expected_response)
print(response)
raise ValueError(response)
port = mosq_test.get_port()
conf_file = os.path.basename(__file__).replace('.py', '.conf')
write_config(conf_file, port)
add_client_command = { "commands": [{
"command": "createClient", "username": "user_one",
"password": "password", "clientid": "cid",
"textname": "Name", "textdescription": "Description",
"rolename": "", "correlationData": "2" }]
}
add_client_response = {'responses': [{'command': 'createClient', 'correlationData': '2'}]}
add_client_repeat_response = {'responses':[{"command":"createClient","error":"Client already exists", "correlationData":"2"}]}
get_client_command = { "commands": [{
"command": "getClient", "username": "user_one"}]}
get_client_response1 = {'responses':[{'command': 'getClient', 'data': {'client': {'username': 'user_one', 'clientid': 'cid',
'textname': 'Name', 'textdescription': 'Description', 'groups': [], 'roles': []}}}]}
get_client_response2 = {'responses':[{'command': 'getClient', 'data': {'client': {'username': 'user_one', 'clientid': 'cid',
'textname': 'Name', 'textdescription': 'Description', 'disabled':True, 'groups': [], 'roles': []}}}]}
disable_client_command = { "commands": [{
"command": "disableClient", "username": "user_one"}]}
disable_client_response = {'responses':[{'command': 'disableClient'}]}
enable_client_command = { "commands": [{
"command": "enableClient", "username": "user_one"}]}
enable_client_response = {'responses':[{'command': 'enableClient'}]}
rc = 1
keepalive = 10
connect_packet = mosq_test.gen_connect("ctrl-test", keepalive=keepalive, username="admin", password="admin")
connack_packet = mosq_test.gen_connack(rc=0)
client_connect_packet = mosq_test.gen_connect("cid", keepalive=keepalive, username="user_one", password="password")
client_connack_packet1 = mosq_test.gen_connack(rc=5)
client_connack_packet2 = mosq_test.gen_connack(rc=0)
mid = 2
subscribe_packet = mosq_test.gen_subscribe(mid, "$CONTROL/dynamic-security/#", 1)
suback_packet = mosq_test.gen_suback(mid, 1)
try:
os.mkdir(str(port))
shutil.copyfile("dynamic-security-init.json", "%d/dynamic-security.json" % (port))
except FileExistsError:
pass
broker = mosq_test.start_broker(filename=os.path.basename(__file__), use_conf=True, port=port)
try:
sock = mosq_test.do_client_connect(connect_packet, connack_packet, timeout=5, port=port)
mosq_test.do_send_receive(sock, subscribe_packet, suback_packet, "suback")
# Add client
command_check(sock, add_client_command, add_client_response)
# Get client
command_check(sock, get_client_command, get_client_response1)
# Disable client
command_check(sock, disable_client_command, disable_client_response)
# Get client - should be disabled
command_check(sock, get_client_command, get_client_response2)
# Try to log in - should fail
client_sock = mosq_test.do_client_connect(client_connect_packet, client_connack_packet1, timeout=5, port=port)
# Enable client
command_check(sock, enable_client_command, enable_client_response)
# Get client - should be enabled
command_check(sock, get_client_command, get_client_response1)
# Try to log in - should succeed
client_sock = mosq_test.do_client_connect(client_connect_packet, client_connack_packet2, timeout=5, port=port)
client_sock.close()
rc = 0
sock.close()
except mosq_test.TestError:
pass
finally:
os.remove(conf_file)
try:
os.remove(f"{port}/dynamic-security.json")
except FileNotFoundError:
pass
os.rmdir(f"{port}")
broker.terminate()
broker.wait()
(stdo, stde) = broker.communicate()
if rc:
print(stde.decode('utf-8'))
exit(rc)

40
test/broker/14-dynsec-group.py
View File

@ -2,6 +2,7 @@
from mosq_test_helper import *
import json
import shutil
def write_config(filename, port):
with open(filename, 'w') as f:
@ -28,13 +29,13 @@ write_config(conf_file, port)
create_client_command = { "commands": [{
"command": "createClient", "username": "user_one",
"password": "password", "clientid": "cid",
"textName": "Name", "textDescription": "Description",
"textname": "Name", "textdescription": "Description",
"roleName": "", "correlationData": "2" }]}
create_client_response = {'responses':[{"command":"createClient","correlationData":"2"}]}
create_group_command = { "commands": [{
"command": "createGroup", "groupName": "group_one",
"textName": "Name", "textDescription": "Description",
"command": "createGroup", "groupname": "group_one",
"textname": "Name", "textdescription": "Description",
"correlationData":"3"}]}
create_group_response = {'responses':[{"command":"createGroup","correlationData":"3"}]}
create_group_repeat_response = {'responses':[{"command":"createGroup","error":"Group already exists","correlationData":"3"}]}
@ -46,50 +47,47 @@ list_groups_response = {'responses':[{"command": "listGroups", "data":{"totalCou
list_groups_verbose_command = { "commands": [{
"command": "listGroups", "verbose": True, "correlationData": "15"}]}
list_groups_verbose_response = {'responses':[{'command': 'listGroups', 'data': {"totalCount":1, 'groups':
[{'groupName': 'group_one', 'textName': 'Name', 'textDescription': 'Description', 'clients': [
[{'groupname': 'group_one', 'textname': 'Name', 'textdescription': 'Description', 'clients': [
{"username":"user_one"}], "roles":[]}]},
'correlationData': '15'}]}
list_clients_verbose_command = { "commands": [{
"command": "listClients", "verbose": True, "correlationData": "20"}]}
list_clients_verbose_response = {'responses':[{"command": "listClients", "data":{"totalCount":1, "clients":[
{"username":"user_one", "clientid":"cid", "textName":"Name", "textDescription":"Description",
"groups":[{"groupName":"group_one"}], "roles":[]}]}, "correlationData":"20"}]}
list_clients_verbose_response = {'responses':[{"command": "listClients", "data":{"totalCount":2, "clients":[
{'username': 'admin', 'textname': 'Dynsec admin user', 'roles': [{'rolename': 'admin'}], 'groups': []},
{"username":"user_one", "clientid":"cid", "textname":"Name", "textdescription":"Description",
"groups":[{"groupname":"group_one"}], "roles":[]}]}, "correlationData":"20"}]}
get_group_command = { "commands": [{"command": "getGroup", "groupName":"group_one"}]}
get_group_response = {'responses':[{'command': 'getGroup', 'data': {'group': {'groupName': 'group_one',
'textName':'Name', 'textDescription':'Description', 'clients': [{"username":"user_one"}], 'roles': []}}}]}
get_group_command = { "commands": [{"command": "getGroup", "groupname":"group_one"}]}
get_group_response = {'responses':[{'command': 'getGroup', 'data': {'group': {'groupname': 'group_one',
'textname':'Name', 'textdescription':'Description', 'clients': [{"username":"user_one"}], 'roles': []}}}]}
add_client_to_group_command = {"commands": [{"command":"addGroupClient", "username":"user_one",
"groupName": "group_one", "correlationData":"1234"}]}
"groupname": "group_one", "correlationData":"1234"}]}
add_client_to_group_response = {'responses':[{'command': 'addGroupClient', 'correlationData': '1234'}]}
remove_client_from_group_command = {"commands": [{"command":"removeGroupClient", "username":"user_one",
"groupName": "group_one", "correlationData":"4321"}]}
"groupname": "group_one", "correlationData":"4321"}]}
remove_client_from_group_response = {'responses':[{'command': 'removeGroupClient', 'correlationData': '4321'}]}
delete_group_command = {"commands": [{"command":"deleteGroup", "groupName":"group_one", "correlationData":"5678"}]}
delete_group_command = {"commands": [{"command":"deleteGroup", "groupname":"group_one", "correlationData":"5678"}]}
delete_group_response = {'responses':[{"command":"deleteGroup", "correlationData":"5678"}]}
rc = 1
keepalive = 10
connect_packet = mosq_test.gen_connect("ctrl-test", keepalive=keepalive)
connect_packet = mosq_test.gen_connect("ctrl-test", keepalive=keepalive, username="admin", password="admin")
connack_packet = mosq_test.gen_connack(rc=0)
mid = 2
subscribe_packet = mosq_test.gen_subscribe(mid, "$CONTROL/#", 1)
subscribe_packet = mosq_test.gen_subscribe(mid, "$CONTROL/dynamic-security/#", 1)
suback_packet = mosq_test.gen_suback(mid, 1)
try:
os.mkdir(str(port))
with open("%d/dynamic-security.json" % port, 'w') as f:
f.write('{"defaultACLAction": {"publishClientSend":"allow", "publishClientReceive":"allow", "subscribe":"allow", "unsubscribe":"allow"}}')
shutil.copyfile("dynamic-security-init.json", "%d/dynamic-security.json" % (port))
except FileExistsError:
try:
os.remove(f"{port}/dynamic-security.json")
except FileNotFoundError:
pass
pass
broker = mosq_test.start_broker(filename=os.path.basename(__file__), use_conf=True, port=port)

75
test/broker/14-dynsec-modify-client.py
View File

@ -2,6 +2,7 @@
from mosq_test_helper import *
import json
import shutil
def write_config(filename, port):
with open(filename, 'w') as f:
@ -29,20 +30,20 @@ write_config(conf_file, port)
create_client_command = { "commands": [{
"command": "createClient", "username": "user_one",
"password": "password", "clientid": "cid",
"textName": "Name", "textDescription": "Description",
"textname": "Name", "textdescription": "Description",
"correlationData": "2" }]
}
create_client_response = {'responses': [{'command': 'createClient', 'correlationData': '2'}]}
create_groups_command = { "commands": [
{
"command": "createGroup", "groupName": "group_one",
"textName": "Name", "textDescription": "Description",
"command": "createGroup", "groupname": "group_one",
"textname": "Name", "textdescription": "Description",
"correlationData": "12"
},
{
"command": "createGroup", "groupName": "group_two",
"textName": "Name", "textDescription": "Description",
"command": "createGroup", "groupname": "group_two",
"textname": "Name", "textdescription": "Description",
"correlationData": "13"
}
]
@ -54,18 +55,18 @@ create_groups_response = {'responses': [
create_roles_command = { "commands": [
{
"command": "createRole", "roleName": "role_one",
"textName": "Name", "textDescription": "Description",
"command": "createRole", "rolename": "role_one",
"textname": "Name", "textdescription": "Description",
"acls":[], "correlationData": "21"
},
{
"command": "createRole", "roleName": "role_two",
"textName": "Name", "textDescription": "Description",
"command": "createRole", "rolename": "role_two",
"textname": "Name", "textdescription": "Description",
"acls":[], "correlationData": "22"
},
{
"command": "createRole", "roleName": "role_three",
"textName": "Name", "textDescription": "Description",
"command": "createRole", "rolename": "role_three",
"textname": "Name", "textdescription": "Description",
"acls":[], "correlationData": "23"
}
]
@ -78,15 +79,15 @@ create_roles_response = {'responses': [
modify_client_command1 = { "commands": [{
"command": "modifyClient", "username": "user_one",
"textName": "Modified name", "textDescription": "Modified description",
"textname": "Modified name", "textdescription": "Modified description",
"roles":[
{'roleName':'role_one', 'priority':2},
{'roleName':'role_two'},
{'roleName':'role_three', 'priority':10}
{'rolename':'role_one', 'priority':2},
{'rolename':'role_two'},
{'rolename':'role_three', 'priority':10}
],
"groups":[
{'groupName':'group_one', 'priority':3},
{'groupName':'group_two', 'priority':8}
{'groupname':'group_one', 'priority':3},
{'groupname':'group_two', 'priority':8}
],
"correlationData": "3" }]
}
@ -94,7 +95,7 @@ modify_client_response1 = {'responses': [{'command': 'modifyClient', 'correlatio
modify_client_command2 = { "commands": [{
"command": "modifyClient", "username": "user_one",
"textName": "Modified name", "textDescription": "Modified description",
"textname": "Modified name", "textdescription": "Modified description",
"groups":[],
"correlationData": "4" }]
}
@ -104,41 +105,41 @@ modify_client_response2 = {'responses': [{'command': 'modifyClient', 'correlatio
get_client_command1 = { "commands": [{
"command": "getClient", "username": "user_one"}]}
get_client_response1 = {'responses':[{'command': 'getClient', 'data': {'client': {'username': 'user_one', 'clientid': 'cid',
'textName': 'Name', 'textDescription': 'Description',
'groups': [],
'textname': 'Name', 'textdescription': 'Description',
'roles': [],
'groups': [],
}}}]}
get_client_command2 = { "commands": [{
"command": "getClient", "username": "user_one"}]}
get_client_response2 = {'responses':[{'command': 'getClient', 'data': {'client': {'username': 'user_one', 'clientid': 'cid',
'textName': 'Modified name', 'textDescription': 'Modified description',
'groups': [
{'groupName':'group_two', 'priority':8},
{'groupName':'group_one', 'priority':3}
],
'textname': 'Modified name', 'textdescription': 'Modified description',
'roles': [
{'roleName':'role_three', 'priority':10},
{'roleName':'role_one', 'priority':2},
{'roleName':'role_two'}
{'rolename':'role_three', 'priority':10},
{'rolename':'role_one', 'priority':2},
{'rolename':'role_two'}
],
'groups': [
{'groupname':'group_two', 'priority':8},
{'groupname':'group_one', 'priority':3}
]}}}]}
get_client_command3 = { "commands": [{
"command": "getClient", "username": "user_one"}]}
get_client_response3 = {'responses':[{'command': 'getClient', 'data': {'client': {'username': 'user_one', 'clientid': 'cid',
'textName': 'Modified name', 'textDescription': 'Modified description',
'textname': 'Modified name', 'textdescription': 'Modified description',
'groups': [],
'roles': [
{'roleName':'role_three', 'priority':10},
{'roleName':'role_one', 'priority':2},
{'roleName':'role_two'}
{'rolename':'role_three', 'priority':10},
{'rolename':'role_one', 'priority':2},
{'rolename':'role_two'}
]}}}]}
rc = 1
keepalive = 10
connect_packet = mosq_test.gen_connect("ctrl-test", keepalive=keepalive)
connect_packet = mosq_test.gen_connect("ctrl-test", keepalive=keepalive, username="admin", password="admin")
connack_packet = mosq_test.gen_connack(rc=0)
mid = 2
@ -147,13 +148,9 @@ suback_packet = mosq_test.gen_suback(mid, 1)
try:
os.mkdir(str(port))
with open("%d/dynamic-security.json" % port, 'w') as f:
f.write('{"defaultACLAction": {"publishClientSend":"allow", "publishClientReceive":"allow", "subscribe":"allow", "unsubscribe":"allow"}}')
shutil.copyfile("dynamic-security-init.json", "%d/dynamic-security.json" % (port))
except FileExistsError:
try:
os.remove(f"{port}/dynamic-security.json")
except FileNotFoundError:
pass
pass
broker = mosq_test.start_broker(filename=os.path.basename(__file__), use_conf=True, port=port)

75
test/broker/14-dynsec-modify-group.py
View File

@ -2,6 +2,7 @@
from mosq_test_helper import *
import json
import shutil
def write_config(filename, port):
with open(filename, 'w') as f:
@ -29,27 +30,27 @@ write_config(conf_file, port)
create_client_command = { "commands": [{
"command": "createClient", "username": "user_one",
"password": "password", "clientid": "cid",
"textName": "Name", "textDescription": "Description",
"textname": "Name", "textdescription": "Description",
"correlationData": "2" }]
}
create_client_response = {'responses': [{'command': 'createClient', 'correlationData': '2'}]}
create_group_command = { "commands": [{
"command": "createGroup", "groupName": "group_one",
"textName": "Name", "textDescription": "Description",
"roleName": "", "correlationData": "2" }]
"command": "createGroup", "groupname": "group_one",
"textname": "Name", "textdescription": "Description",
"rolename": "", "correlationData": "2" }]
}
create_group_response = {'responses': [{'command': 'createGroup', 'correlationData': '2'}]}
create_role_command = { "commands": [
{
"command": "createRole", "roleName": "role_one",
"textName": "Name", "textDescription": "Description",
"command": "createRole", "rolename": "role_one",
"textname": "Name", "textdescription": "Description",
"acls":[], "correlationData": "2"
},
{
"command": "createRole", "roleName": "role_two",
"textName": "Name", "textDescription": "Description",
"command": "createRole", "rolename": "role_two",
"textname": "Name", "textdescription": "Description",
"acls":[], "correlationData": "3"
}
]
@ -60,20 +61,20 @@ create_role_response = {'responses': [
]}
modify_group_command1 = { "commands": [{
"command": "modifyGroup", "groupName": "group_one",
"textName": "Modified name", "textDescription": "Modified description",
"roles":[{'roleName':'role_one'}],
"command": "modifyGroup", "groupname": "group_one",
"textname": "Modified name", "textdescription": "Modified description",
"roles":[{'rolename':'role_one'}],
"clients":[{'username':'user_one'}],
"correlationData": "3" }]
}
modify_group_response1 = {'responses': [{'command': 'modifyGroup', 'correlationData': '3'}]}
modify_group_command2 = { "commands": [{
"command": "modifyGroup", "groupName": "group_one",
"textName": "Modified name", "textDescription": "Modified description",
"command": "modifyGroup", "groupname": "group_one",
"textname": "Modified name", "textdescription": "Modified description",
"roles":[
{'roleName':'role_one', 'priority':99},
{'roleName':'role_two', 'priority':87}
{'rolename':'role_one', 'priority':99},
{'rolename':'role_two', 'priority':87}
],
"clients":[],
"correlationData": "3" }]
@ -81,8 +82,8 @@ modify_group_command2 = { "commands": [{
modify_group_response2 = {'responses': [{'command': 'modifyGroup', 'correlationData': '3'}]}
modify_group_command3 = { "commands": [{
"command": "modifyGroup", "groupName": "group_one",
"textName": "Modified name", "textDescription": "Modified description",
"command": "modifyGroup", "groupname": "group_one",
"textname": "Modified name", "textdescription": "Modified description",
"roles":[],
"clients":[],
"correlationData": "3" }]
@ -91,33 +92,33 @@ modify_group_response3 = {'responses': [{'command': 'modifyGroup', 'correlationD
get_group_command1 = { "commands": [{
"command": "getGroup", "groupName": "group_one"}]}
get_group_response1 = {'responses':[{'command': 'getGroup', 'data': {'group': {'groupName': 'group_one',
'textName': 'Name', 'textDescription': 'Description',
"command": "getGroup", "groupname": "group_one"}]}
get_group_response1 = {'responses':[{'command': 'getGroup', 'data': {'group': {'groupname': 'group_one',
'textname': 'Name', 'textdescription': 'Description',
'clients':[],
'roles': []}}}]}
get_group_command2 = { "commands": [{
"command": "getGroup", "groupName": "group_one"}]}
get_group_response2 = {'responses':[{'command': 'getGroup', 'data': {'group': {'groupName': 'group_one',
'textName': 'Modified name', 'textDescription': 'Modified description',
"command": "getGroup", "groupname": "group_one"}]}
get_group_response2 = {'responses':[{'command': 'getGroup', 'data': {'group': {'groupname': 'group_one',
'textname': 'Modified name', 'textdescription': 'Modified description',
'clients':[{'username':'user_one'}],
'roles': [{'roleName':'role_one'}]}}}]}
'roles': [{'rolename':'role_one'}]}}}]}
get_group_command3 = { "commands": [{
"command": "getGroup", "groupName": "group_one"}]}
get_group_response3 = {'responses':[{'command': 'getGroup', 'data': {'group': {'groupName': 'group_one',
'textName': 'Modified name', 'textDescription': 'Modified description',
"command": "getGroup", "groupname": "group_one"}]}
get_group_response3 = {'responses':[{'command': 'getGroup', 'data': {'group': {'groupname': 'group_one',
'textname': 'Modified name', 'textdescription': 'Modified description',
'clients':[],
'roles': [
{'roleName':'role_one', 'priority':99},
{'roleName':'role_two', 'priority':87}
{'rolename':'role_one', 'priority':99},
{'rolename':'role_two', 'priority':87}
]}}}]}
get_group_command4 = { "commands": [{
"command": "getGroup", "groupName": "group_one"}]}
get_group_response4 = {'responses':[{'command': 'getGroup', 'data': {'group': {'groupName': 'group_one',
'textName': 'Modified name', 'textDescription': 'Modified description',
"command": "getGroup", "groupname": "group_one"}]}
get_group_response4 = {'responses':[{'command': 'getGroup', 'data': {'group': {'groupname': 'group_one',
'textname': 'Modified name', 'textdescription': 'Modified description',
'clients':[],
'roles': []}}}]}
@ -125,7 +126,7 @@ get_group_response4 = {'responses':[{'command': 'getGroup', 'data': {'group': {'
rc = 1
keepalive = 10
connect_packet = mosq_test.gen_connect("ctrl-test", keepalive=keepalive)
connect_packet = mosq_test.gen_connect("ctrl-test", keepalive=keepalive, username="admin", password="admin")
connack_packet = mosq_test.gen_connack(rc=0)
mid = 2
@ -134,13 +135,9 @@ suback_packet = mosq_test.gen_suback(mid, 1)
try:
os.mkdir(str(port))
with open("%d/dynamic-security.json" % port, 'w') as f:
f.write('{"defaultACLAction": {"publishClientSend":"allow", "publishClientReceive":"allow", "subscribe":"allow", "unsubscribe":"allow"}}')
shutil.copyfile("dynamic-security-init.json", "%d/dynamic-security.json" % (port))
except FileExistsError:
try:
os.remove(f"{port}/dynamic-security.json")
except FileNotFoundError:
pass
pass
broker = mosq_test.start_broker(filename=os.path.basename(__file__), use_conf=True, port=port)

43
test/broker/14-dynsec-modify-role.py
View File

@ -2,6 +2,7 @@
from mosq_test_helper import *
import json
import shutil
def write_config(filename, port):
with open(filename, 'w') as f:
@ -26,17 +27,17 @@ conf_file = os.path.basename(__file__).replace('.py', '.conf')
write_config(conf_file, port)
create_role_command = { "commands": [{
"command": "createRole", "roleName": "role_one",
"textName": "Name", "textDescription": "Description",
"command": "createRole", "rolename": "role_one",
"textname": "Name", "textdescription": "Description",
"acls":[
{
"aclType": "publishClientSend",
"acltype": "publishClientSend",
"allow": True,
"topic": "topic/#",
"priority": 8
},
{
"aclType": "publishClientSend",
"acltype": "publishClientSend",
"allow": True,
"topic": "topic/2/#",
"priority": 9
@ -46,25 +47,25 @@ create_role_command = { "commands": [{
create_role_response = {'responses': [{'command': 'createRole', 'correlationData': '2'}]}
modify_role_command = { "commands": [{
"command": "modifyRole", "roleName": "role_one",
"textName": "Modified name", "textDescription": "Modified description",
"command": "modifyRole", "rolename": "role_one",
"textname": "Modified name", "textdescription": "Modified description",
"correlationData": "3" }]
}
modify_role_response = {'responses': [{'command': 'modifyRole', 'correlationData': '3'}]}
get_role_command1 = { "commands": [{"command": "getRole", "roleName": "role_one"}]}
get_role_response1 = {'responses':[{'command': 'getRole', 'data': {'role': {'roleName': 'role_one',
'textName': 'Name', 'textDescription': 'Description',
get_role_command1 = { "commands": [{"command": "getRole", "rolename": "role_one"}]}
get_role_response1 = {'responses':[{'command': 'getRole', 'data': {'role': {'rolename': 'role_one',
'textname': 'Name', 'textdescription': 'Description',
'acls': [
{
"aclType": "publishClientSend",
"acltype": "publishClientSend",
"topic": "topic/2/#",
"allow": True,
"priority": 9
},
{
"aclType": "publishClientSend",
"acltype": "publishClientSend",
"topic": "topic/#",
"allow": True,
"priority": 8
@ -72,18 +73,18 @@ get_role_response1 = {'responses':[{'command': 'getRole', 'data': {'role': {'rol
]}}}]}
get_role_command2 = { "commands": [{
"command": "getRole", "roleName": "role_one"}]}
get_role_response2 = {'responses':[{'command': 'getRole', 'data': {'role': {'roleName': 'role_one',
'textName': 'Modified name', 'textDescription': 'Modified description',
"command": "getRole", "rolename": "role_one"}]}
get_role_response2 = {'responses':[{'command': 'getRole', 'data': {'role': {'rolename': 'role_one',
'textname': 'Modified name', 'textdescription': 'Modified description',
'acls': [
{
"aclType": "publishClientSend",
"acltype": "publishClientSend",
"topic": "topic/2/#",
"allow": True,
"priority": 9
},
{
"aclType": "publishClientSend",
"acltype": "publishClientSend",
"topic": "topic/#",
"allow": True,
"priority": 8
@ -92,7 +93,7 @@ get_role_response2 = {'responses':[{'command': 'getRole', 'data': {'role': {'rol
rc = 1
keepalive = 10
connect_packet = mosq_test.gen_connect("ctrl-test", keepalive=keepalive)
connect_packet = mosq_test.gen_connect("ctrl-test", keepalive=keepalive, username="admin", password="admin")
connack_packet = mosq_test.gen_connack(rc=0)
mid = 2
@ -101,13 +102,9 @@ suback_packet = mosq_test.gen_suback(mid, 1)
try:
os.mkdir(str(port))
with open("%d/dynamic-security.json" % port, 'w') as f:
f.write('{"defaultACLAction": {"publishClientSend":"allow", "publishClientReceive":"allow", "subscribe":"allow", "unsubscribe":"allow"}}')
shutil.copyfile("dynamic-security-init.json", "%d/dynamic-security.json" % (port))
except FileExistsError:
try:
os.remove(f"{port}/dynamic-security.json")
except FileNotFoundError:
pass
pass
broker = mosq_test.start_broker(filename=os.path.basename(__file__), use_conf=True, port=port)

91
test/broker/14-dynsec-role.py
View File

@ -2,6 +2,7 @@
from mosq_test_helper import *
import json
import shutil
def write_config(filename, port):
with open(filename, 'w') as f:
@ -29,30 +30,30 @@ write_config(conf_file, port)
create_client_command = { "commands": [{
"command": "createClient", "username": "user_one",
"password": "password", "clientid": "cid",
"textName": "Name", "textDescription": "Description",
"roleName": "", "correlationData": "2" }]
"textname": "Name", "textdescription": "Description",
"rolename": "", "correlationData": "2" }]
}
create_client_response = {'responses': [{'command': 'createClient', 'correlationData': '2'}]}
create_group_command = { "commands": [{
"command": "createGroup", "groupName": "group_one",
"textName": "Name", "textDescription": "Description",
"command": "createGroup", "groupname": "group_one",
"textname": "Name", "textdescription": "Description",
"correlationData":"3"}]}
create_group_response = {'responses':[{"command":"createGroup","correlationData":"3"}]}
create_role_command = { "commands": [{'command': 'createRole', 'correlationData': '3',
"roleName": "basic", "acls":[
{"aclType":"publishClientSend", "topic": "out/#", "priority":3, "allow": True}], "textName":"name", "textDescription":"desc"
"rolename": "basic", "acls":[
{"acltype":"publishClientSend", "topic": "out/#", "priority":3, "allow": True}], "textname":"name", "textdescription":"desc"
}]}
create_role_response = {'responses': [{'command': 'createRole', 'correlationData': '3'}]}
add_role_to_client_command = {"commands": [{'command': 'addClientRole', "username": "user_one",
"roleName": "basic"}]}
"rolename": "basic"}]}
add_role_to_client_response = {'responses': [{'command': 'addClientRole'}]}
add_role_to_group_command = {"commands": [{'command': 'addGroupRole', "groupName": "group_one",
"roleName": "basic"}]}
add_role_to_group_command = {"commands": [{'command': 'addGroupRole', "groupname": "group_one",
"rolename": "basic"}]}
add_role_to_group_response = {'responses': [{'command': 'addGroupRole'}]}
@ -60,63 +61,83 @@ list_roles_verbose_command1 = { "commands": [{
"command": "listRoles", "verbose": True, "correlationData": "21"}]
}
list_roles_verbose_response1 = {'responses': [{'command': 'listRoles', 'data':
{'totalCount':1, 'roles': [{'roleName': 'basic', "textName": "name", "textDescription": "desc",
'acls': [{'aclType':'publishClientSend', 'topic': 'out/#', 'priority': 3, 'allow': True}]
{'totalCount':2, 'roles': [
{"rolename":"admin","acls":[
{"acltype": "publishClientSend", "topic": "$CONTROL/dynamic-security/#", "priority":0, "allow": True },
{"acltype": "publishClientReceive", "topic": "$CONTROL/dynamic-security/#", "priority":0, "allow": True },
{"acltype": "publishClientReceive", "topic": "$SYS/#", "priority":0, "allow": True },
{"acltype": "publishClientReceive", "topic": "#", "priority":0, "allow": True },
{"acltype": "subscribePattern", "topic": "$CONTROL/dynamic-security/#", "priority":0, "allow": True },
{"acltype": "subscribePattern", "topic": "$SYS/#", "priority":0, "allow": True },
{"acltype": "subscribePattern", "topic": "#", "priority":0, "allow": True},
{"acltype": "unsubscribePattern", "topic": "#", "priority":0, "allow": True}]},
{'rolename': 'basic', "textname": "name", "textdescription": "desc",
'acls': [{'acltype':'publishClientSend', 'topic': 'out/#', 'priority': 3, 'allow': True}]
}]}, 'correlationData': '21'}]}
add_acl_command = {"commands": [{'command': "addRoleACL", "roleName":"basic", "aclType":"subscribeLiteral",
add_acl_command = {"commands": [{'command': "addRoleACL", "rolename":"basic", "acltype":"subscribeLiteral",
"topic":"basic/out", "priority":1, "allow":True}]}
add_acl_response = {'responses': [{'command': 'addRoleACL'}]}
list_roles_verbose_command2 = { "commands": [{
"command": "listRoles", "verbose": True, "correlationData": "22"}]
}
list_roles_verbose_response2 = {'responses': [{'command': 'listRoles', 'data': {'totalCount':1, 'roles':
[{'roleName': 'basic', 'textName': 'name', 'textDescription': 'desc', 'acls':
[{'aclType':'publishClientSend', 'topic': 'out/#', 'priority': 3, 'allow': True},
{'aclType':'subscribeLiteral', 'topic': 'basic/out', 'priority': 1, 'allow': True}],
list_roles_verbose_response2 = {'responses': [{'command': 'listRoles', 'data': {'totalCount':2, 'roles':
[{"rolename":"admin","acls":[
{"acltype": "publishClientSend", "topic": "$CONTROL/dynamic-security/#", "priority":0, "allow": True },
{"acltype": "publishClientReceive", "topic": "$CONTROL/dynamic-security/#", "priority":0, "allow": True },
{"acltype": "publishClientReceive", "topic": "$SYS/#", "priority":0, "allow": True },
{"acltype": "publishClientReceive", "topic": "#", "priority":0, "allow": True },
{"acltype": "subscribePattern", "topic": "$CONTROL/dynamic-security/#", "priority":0, "allow": True },
{"acltype": "subscribePattern", "topic": "$SYS/#", "priority":0, "allow": True },
{"acltype": "subscribePattern", "topic": "#", "priority":0, "allow": True},
{"acltype": "unsubscribePattern", "topic": "#", "priority":0, "allow": True}]},
{'rolename': 'basic', 'textname': 'name', 'textdescription': 'desc', 'acls':
[{'acltype':'publishClientSend', 'topic': 'out/#', 'priority': 3, 'allow': True},
{'acltype':'subscribeLiteral', 'topic': 'basic/out', 'priority': 1, 'allow': True}],
}]}, 'correlationData': '22'}]}
get_role_command = {"commands": [{'command': "getRole", "roleName":"basic"}]}
get_role_command = {"commands": [{'command': "getRole", "rolename":"basic"}]}
get_role_response = {'responses': [{'command': 'getRole', 'data': {'role':
{'roleName': 'basic', 'textName': 'name', 'textDescription': 'desc', 'acls':
[{'aclType':'publishClientSend', 'topic': 'out/#', 'priority': 3, 'allow': True},
{'aclType':'subscribeLiteral', 'topic': 'basic/out', 'priority': 1, 'allow': True}],
{'rolename': 'basic', 'textname': 'name', 'textdescription': 'desc', 'acls':
[{'acltype':'publishClientSend', 'topic': 'out/#', 'priority': 3, 'allow': True},
{'acltype':'subscribeLiteral', 'topic': 'basic/out', 'priority': 1, 'allow': True}],
}}}]}
remove_acl_command = {"commands": [{'command': "removeRoleACL", "roleName":"basic", "aclType":"subscribeLiteral",
remove_acl_command = {"commands": [{'command': "removeRoleACL", "rolename":"basic", "acltype":"subscribeLiteral",
"topic":"basic/out"}]}
remove_acl_response = {'responses': [{'command': 'removeRoleACL'}]}
delete_role_command = {"commands": [{'command': "deleteRole", "roleName":"basic"}]}
delete_role_command = {"commands": [{'command': "deleteRole", "rolename":"basic"}]}
delete_role_response = {"responses": [{"command": "deleteRole"}]}
list_clients_verbose_command = { "commands": [{
"command": "listClients", "verbose": True, "correlationData": "20"}]
}
list_clients_verbose_response = {'responses':[{"command": "listClients", "data":{'totalCount':1, "clients":[
{"username":"user_one", "clientid":"cid", "textName":"Name", "textDescription":"Description",
"groups":[], "roles":[{'roleName':'basic'}]}]}, "correlationData":"20"}]}
list_clients_verbose_response = {'responses':[{"command": "listClients", "data":{'totalCount':2, "clients":[
{'username': 'admin', 'textname': 'Dynsec admin user', 'roles': [{'rolename': 'admin'}], 'groups': []},
{"username":"user_one", "clientid":"cid", "textname":"Name", "textdescription":"Description",
"groups":[], "roles":[{'rolename':'basic'}]}]}, "correlationData":"20"}]}
list_groups_verbose_command = { "commands": [{
"command": "listGroups", "verbose": True, "correlationData": "20"}]
}
list_groups_verbose_response = {'responses':[{"command": "listGroups", "data":{'totalCount':1, "groups":[
{"groupName":"group_one", "textName":"Name", "textDescription":"Description",
"clients":[], "roles":[{'roleName':'basic'}]}]}, "correlationData":"20"}]}
{"groupname":"group_one", "textname":"Name", "textdescription":"Description",
"clients":[], "roles":[{'rolename':'basic'}]}]}, "correlationData":"20"}]}
remove_role_from_client_command = {"commands": [{'command': 'removeClientRole', "username": "user_one",
"roleName": "basic"}]}
"rolename": "basic"}]}
remove_role_from_client_response = {'responses': [{'command': 'removeClientRole'}]}
remove_role_from_group_command = {"commands": [{'command': 'removeGroupRole', "groupName": "group_one",
"roleName": "basic"}]}
remove_role_from_group_command = {"commands": [{'command': 'removeGroupRole', "groupname": "group_one",
"rolename": "basic"}]}
remove_role_from_group_response = {'responses': [{'command': 'removeGroupRole'}]}
rc = 1
keepalive = 10
connect_packet = mosq_test.gen_connect("ctrl-test", keepalive=keepalive)
connect_packet = mosq_test.gen_connect("ctrl-test", keepalive=keepalive, username="admin", password="admin")
connack_packet = mosq_test.gen_connack(rc=0)
mid = 2
@ -125,13 +146,9 @@ suback_packet = mosq_test.gen_suback(mid, 1)
try:
os.mkdir(str(port))
with open("%d/dynamic-security.json" % port, 'w') as f:
f.write('{"defaultACLAction": {"publishClientSend":"allow", "publishClientReceive":"allow", "subscribe":"allow", "unsubscribe":"allow"}}')
shutil.copyfile("dynamic-security-init.json", "%d/dynamic-security.json" % (port))
except FileExistsError:
try:
os.remove(f"{port}/dynamic-security.json")
except FileNotFoundError:
pass
pass
broker = mosq_test.start_broker(filename=os.path.basename(__file__), use_conf=True, port=port)

13
test/broker/Makefile
View File

@ -221,9 +221,10 @@ endif
./13-malformed-unsubscribe-v5.py
14 :
#./14-dynsec-client.py
#./14-dynsec-group.py
#./14-dynsec-role.py
#./14-dynsec-modify-client.py
#./14-dynsec-modify-group.py
#./14-dynsec-modify-role.py
./14-dynsec-client.py
./14-dynsec-group.py
./14-dynsec-role.py
./14-dynsec-modify-client.py
./14-dynsec-modify-group.py
./14-dynsec-modify-role.py
./14-dynsec-disable-client.py

54
test/broker/dynamic-security-init.json Normal file
View File

@ -0,0 +1,54 @@
{
"clients": [{
"username": "admin",
"textName": "Dynsec admin user",
"password": "Rko31yHY12ryMoyZTBNIUsCPb5SDa4WmUP3Xe2+V6P+QOSW3Gj6IDmpl6zQsAjutb476zEYdBeTw9tU7WZ1new==",
"salt": "Ezuo4G1TqYtTQDL/",
"iterations": 101,
"roles": [{
"rolename": "admin"
}]
}],
"roles": [{
"rolename": "admin",
"acls": [{
"acltype": "publishClientSend",
"topic": "$CONTROL/dynamic-security/#",
"allow": true
}, {
"acltype": "publishClientReceive",
"topic": "$CONTROL/dynamic-security/#",
"allow": true
}, {
"acltype": "subscribePattern",
"topic": "$CONTROL/dynamic-security/#",
"allow": true
}, {
"acltype": "publishClientReceive",
"topic": "$SYS/#",
"allow": true
}, {
"acltype": "subscribePattern",
"topic": "$SYS/#",
"allow": true
}, {
"acltype": "publishClientReceive",
"topic": "#",
"allow": true
}, {
"acltype": "subscribePattern",
"topic": "#",
"allow": true
}, {
"acltype": "unsubscribePattern",
"topic": "#",
"allow": true
}]
}],
"defaultACLAccess": {
"publishClientSend": false,
"publishClientReceive": true,
"subscribe": false,
"unsubscribe": true
}
}

13
test/broker/test.py
View File

@ -189,12 +189,13 @@ tests = [
(1, './13-malformed-subscribe-v5.py'),
(1, './13-malformed-unsubscribe-v5.py'),
#(1, './14-dynsec-client.py'),
#(1, './14-dynsec-group.py'),
#(1, './14-dynsec-role.py'),
#(1, './14-dynsec-modify-client.py'),
#(1, './14-dynsec-modify-group.py'),
#(1, './14-dynsec-modify-role.py'),
(1, './14-dynsec-client.py'),
(1, './14-dynsec-group.py'),
(1, './14-dynsec-role.py'),
(1, './14-dynsec-modify-client.py'),
(1, './14-dynsec-modify-group.py'),
(1, './14-dynsec-modify-role.py'),
(1, './14-dynsec-disable-client.py'),
]
ptest.run_tests(tests)