diff --git a/test/broker/14-dynsec-client.py b/test/broker/14-dynsec-client.py index a9c165ae..6d20bd42 100755 --- a/test/broker/14-dynsec-client.py +++ b/test/broker/14-dynsec-client.py @@ -2,6 +2,7 @@ from mosq_test_helper import * import json +import shutil def write_config(filename, port): with open(filename, 'w') as f: @@ -28,8 +29,8 @@ write_config(conf_file, port) add_client_command = { "commands": [{ "command": "createClient", "username": "user_one", "password": "password", "clientid": "cid", - "textName": "Name", "textDescription": "Description", - "roleName": "", "correlationData": "2" }] + "textname": "Name", "textdescription": "Description", + "rolename": "", "correlationData": "2" }] } add_client_response = {'responses': [{'command': 'createClient', 'correlationData': '2'}]} add_client_repeat_response = {'responses':[{"command":"createClient","error":"Client already exists", "correlationData":"2"}]} @@ -37,20 +38,21 @@ add_client_repeat_response = {'responses':[{"command":"createClient","error":"Cl list_clients_command = { "commands": [{ "command": "listClients", "verbose": False, "correlationData": "10"}] } -list_clients_response = {'responses': [{"command": "listClients", "data":{"totalCount":1, "clients":["user_one"]},"correlationData":"10"}]} +list_clients_response = {'responses': [{"command": "listClients", "data":{"totalCount":2, "clients":["admin", "user_one"]},"correlationData":"10"}]} list_clients_verbose_command = { "commands": [{ "command": "listClients", "verbose": True, "correlationData": "20"}] } -list_clients_verbose_response = {'responses':[{"command": "listClients", "data":{"totalCount":1, "clients":[ - {"username":"user_one", "clientid":"cid", "textName":"Name", "textDescription":"Description", - "groups":[], "roles":[]}]}, "correlationData":"20"}]} +list_clients_verbose_response = {'responses':[{"command": "listClients", "data":{"totalCount":2, "clients":[ + {'username': 'admin', 'textname': 'Dynsec admin user', 'roles': [{'rolename': 'admin'}], 'groups': []}, + {"username":"user_one", "clientid":"cid", "textname":"Name", "textdescription":"Description", + "roles":[], "groups":[]}]}, "correlationData":"20"}]} get_client_command = { "commands": [{ "command": "getClient", "username": "user_one"}]} get_client_response = {'responses':[{'command': 'getClient', 'data': {'client': {'username': 'user_one', 'clientid': 'cid', - 'textName': 'Name', 'textDescription': 'Description', 'groups': [], 'roles': []}}}]} + 'textname': 'Name', 'textdescription': 'Description', 'groups': [], 'roles': []}}}]} set_client_password_command = {"commands": [{ "command": "setClientPassword", "username": "user_one", "password": "password"}]} @@ -63,22 +65,18 @@ delete_client_response = {'responses':[{'command': 'deleteClient'}]} rc = 1 keepalive = 10 -connect_packet = mosq_test.gen_connect("ctrl-test", keepalive=keepalive) +connect_packet = mosq_test.gen_connect("ctrl-test", keepalive=keepalive, username="admin", password="admin") connack_packet = mosq_test.gen_connack(rc=0) mid = 2 -subscribe_packet = mosq_test.gen_subscribe(mid, "$CONTROL/#", 1) +subscribe_packet = mosq_test.gen_subscribe(mid, "$CONTROL/dynamic-security/#", 1) suback_packet = mosq_test.gen_suback(mid, 1) try: os.mkdir(str(port)) - with open("%d/dynamic-security.json" % port, 'w') as f: - f.write('{"defaultACLAction": {"publishClientSend":"allow", "publishClientReceive":"allow", "subscribe":"allow", "unsubscribe":"allow"}}') + shutil.copyfile("dynamic-security-init.json", "%d/dynamic-security.json" % (port)) except FileExistsError: - try: - os.remove(f"{port}/dynamic-security.json") - except FileNotFoundError: - pass + pass broker = mosq_test.start_broker(filename=os.path.basename(__file__), use_conf=True, port=port) diff --git a/test/broker/14-dynsec-disable-client.py b/test/broker/14-dynsec-disable-client.py new file mode 100755 index 00000000..f09f780a --- /dev/null +++ b/test/broker/14-dynsec-disable-client.py @@ -0,0 +1,122 @@ +#!/usr/bin/env python3 + +from mosq_test_helper import * +import json +import shutil + +def write_config(filename, port): + with open(filename, 'w') as f: + f.write("listener %d\n" % (port)) + f.write("allow_anonymous true\n") + f.write("plugin ../../plugins/dynamic-security/mosquitto_dynamic_security.so\n") + f.write("plugin_opt_config_file %d/dynamic-security.json\n" % (port)) + +def command_check(sock, command_payload, expected_response): + command_packet = mosq_test.gen_publish(topic="$CONTROL/dynamic-security/v1", qos=0, payload=json.dumps(command_payload)) + sock.send(command_packet) + response = json.loads(mosq_test.read_publish(sock)) + if response != expected_response: + print(expected_response) + print(response) + raise ValueError(response) + + + +port = mosq_test.get_port() +conf_file = os.path.basename(__file__).replace('.py', '.conf') +write_config(conf_file, port) + +add_client_command = { "commands": [{ + "command": "createClient", "username": "user_one", + "password": "password", "clientid": "cid", + "textname": "Name", "textdescription": "Description", + "rolename": "", "correlationData": "2" }] +} +add_client_response = {'responses': [{'command': 'createClient', 'correlationData': '2'}]} +add_client_repeat_response = {'responses':[{"command":"createClient","error":"Client already exists", "correlationData":"2"}]} + +get_client_command = { "commands": [{ + "command": "getClient", "username": "user_one"}]} +get_client_response1 = {'responses':[{'command': 'getClient', 'data': {'client': {'username': 'user_one', 'clientid': 'cid', + 'textname': 'Name', 'textdescription': 'Description', 'groups': [], 'roles': []}}}]} +get_client_response2 = {'responses':[{'command': 'getClient', 'data': {'client': {'username': 'user_one', 'clientid': 'cid', + 'textname': 'Name', 'textdescription': 'Description', 'disabled':True, 'groups': [], 'roles': []}}}]} + +disable_client_command = { "commands": [{ + "command": "disableClient", "username": "user_one"}]} +disable_client_response = {'responses':[{'command': 'disableClient'}]} + +enable_client_command = { "commands": [{ + "command": "enableClient", "username": "user_one"}]} +enable_client_response = {'responses':[{'command': 'enableClient'}]} + +rc = 1 +keepalive = 10 +connect_packet = mosq_test.gen_connect("ctrl-test", keepalive=keepalive, username="admin", password="admin") +connack_packet = mosq_test.gen_connack(rc=0) + +client_connect_packet = mosq_test.gen_connect("cid", keepalive=keepalive, username="user_one", password="password") +client_connack_packet1 = mosq_test.gen_connack(rc=5) +client_connack_packet2 = mosq_test.gen_connack(rc=0) + +mid = 2 +subscribe_packet = mosq_test.gen_subscribe(mid, "$CONTROL/dynamic-security/#", 1) +suback_packet = mosq_test.gen_suback(mid, 1) + +try: + os.mkdir(str(port)) + shutil.copyfile("dynamic-security-init.json", "%d/dynamic-security.json" % (port)) +except FileExistsError: + pass + +broker = mosq_test.start_broker(filename=os.path.basename(__file__), use_conf=True, port=port) + +try: + sock = mosq_test.do_client_connect(connect_packet, connack_packet, timeout=5, port=port) + mosq_test.do_send_receive(sock, subscribe_packet, suback_packet, "suback") + + # Add client + command_check(sock, add_client_command, add_client_response) + + # Get client + command_check(sock, get_client_command, get_client_response1) + + # Disable client + command_check(sock, disable_client_command, disable_client_response) + + # Get client - should be disabled + command_check(sock, get_client_command, get_client_response2) + + # Try to log in - should fail + client_sock = mosq_test.do_client_connect(client_connect_packet, client_connack_packet1, timeout=5, port=port) + + # Enable client + command_check(sock, enable_client_command, enable_client_response) + + # Get client - should be enabled + command_check(sock, get_client_command, get_client_response1) + + # Try to log in - should succeed + client_sock = mosq_test.do_client_connect(client_connect_packet, client_connack_packet2, timeout=5, port=port) + client_sock.close() + + rc = 0 + + sock.close() +except mosq_test.TestError: + pass +finally: + os.remove(conf_file) + try: + os.remove(f"{port}/dynamic-security.json") + except FileNotFoundError: + pass + os.rmdir(f"{port}") + broker.terminate() + broker.wait() + (stdo, stde) = broker.communicate() + if rc: + print(stde.decode('utf-8')) + + +exit(rc) diff --git a/test/broker/14-dynsec-group.py b/test/broker/14-dynsec-group.py index a4350053..7a91528b 100755 --- a/test/broker/14-dynsec-group.py +++ b/test/broker/14-dynsec-group.py @@ -2,6 +2,7 @@ from mosq_test_helper import * import json +import shutil def write_config(filename, port): with open(filename, 'w') as f: @@ -28,13 +29,13 @@ write_config(conf_file, port) create_client_command = { "commands": [{ "command": "createClient", "username": "user_one", "password": "password", "clientid": "cid", - "textName": "Name", "textDescription": "Description", + "textname": "Name", "textdescription": "Description", "roleName": "", "correlationData": "2" }]} create_client_response = {'responses':[{"command":"createClient","correlationData":"2"}]} create_group_command = { "commands": [{ - "command": "createGroup", "groupName": "group_one", - "textName": "Name", "textDescription": "Description", + "command": "createGroup", "groupname": "group_one", + "textname": "Name", "textdescription": "Description", "correlationData":"3"}]} create_group_response = {'responses':[{"command":"createGroup","correlationData":"3"}]} create_group_repeat_response = {'responses':[{"command":"createGroup","error":"Group already exists","correlationData":"3"}]} @@ -46,50 +47,47 @@ list_groups_response = {'responses':[{"command": "listGroups", "data":{"totalCou list_groups_verbose_command = { "commands": [{ "command": "listGroups", "verbose": True, "correlationData": "15"}]} list_groups_verbose_response = {'responses':[{'command': 'listGroups', 'data': {"totalCount":1, 'groups': - [{'groupName': 'group_one', 'textName': 'Name', 'textDescription': 'Description', 'clients': [ + [{'groupname': 'group_one', 'textname': 'Name', 'textdescription': 'Description', 'clients': [ {"username":"user_one"}], "roles":[]}]}, 'correlationData': '15'}]} list_clients_verbose_command = { "commands": [{ "command": "listClients", "verbose": True, "correlationData": "20"}]} -list_clients_verbose_response = {'responses':[{"command": "listClients", "data":{"totalCount":1, "clients":[ - {"username":"user_one", "clientid":"cid", "textName":"Name", "textDescription":"Description", - "groups":[{"groupName":"group_one"}], "roles":[]}]}, "correlationData":"20"}]} +list_clients_verbose_response = {'responses':[{"command": "listClients", "data":{"totalCount":2, "clients":[ + {'username': 'admin', 'textname': 'Dynsec admin user', 'roles': [{'rolename': 'admin'}], 'groups': []}, + {"username":"user_one", "clientid":"cid", "textname":"Name", "textdescription":"Description", + "groups":[{"groupname":"group_one"}], "roles":[]}]}, "correlationData":"20"}]} -get_group_command = { "commands": [{"command": "getGroup", "groupName":"group_one"}]} -get_group_response = {'responses':[{'command': 'getGroup', 'data': {'group': {'groupName': 'group_one', - 'textName':'Name', 'textDescription':'Description', 'clients': [{"username":"user_one"}], 'roles': []}}}]} +get_group_command = { "commands": [{"command": "getGroup", "groupname":"group_one"}]} +get_group_response = {'responses':[{'command': 'getGroup', 'data': {'group': {'groupname': 'group_one', + 'textname':'Name', 'textdescription':'Description', 'clients': [{"username":"user_one"}], 'roles': []}}}]} add_client_to_group_command = {"commands": [{"command":"addGroupClient", "username":"user_one", - "groupName": "group_one", "correlationData":"1234"}]} + "groupname": "group_one", "correlationData":"1234"}]} add_client_to_group_response = {'responses':[{'command': 'addGroupClient', 'correlationData': '1234'}]} remove_client_from_group_command = {"commands": [{"command":"removeGroupClient", "username":"user_one", - "groupName": "group_one", "correlationData":"4321"}]} + "groupname": "group_one", "correlationData":"4321"}]} remove_client_from_group_response = {'responses':[{'command': 'removeGroupClient', 'correlationData': '4321'}]} -delete_group_command = {"commands": [{"command":"deleteGroup", "groupName":"group_one", "correlationData":"5678"}]} +delete_group_command = {"commands": [{"command":"deleteGroup", "groupname":"group_one", "correlationData":"5678"}]} delete_group_response = {'responses':[{"command":"deleteGroup", "correlationData":"5678"}]} rc = 1 keepalive = 10 -connect_packet = mosq_test.gen_connect("ctrl-test", keepalive=keepalive) +connect_packet = mosq_test.gen_connect("ctrl-test", keepalive=keepalive, username="admin", password="admin") connack_packet = mosq_test.gen_connack(rc=0) mid = 2 -subscribe_packet = mosq_test.gen_subscribe(mid, "$CONTROL/#", 1) +subscribe_packet = mosq_test.gen_subscribe(mid, "$CONTROL/dynamic-security/#", 1) suback_packet = mosq_test.gen_suback(mid, 1) try: os.mkdir(str(port)) - with open("%d/dynamic-security.json" % port, 'w') as f: - f.write('{"defaultACLAction": {"publishClientSend":"allow", "publishClientReceive":"allow", "subscribe":"allow", "unsubscribe":"allow"}}') + shutil.copyfile("dynamic-security-init.json", "%d/dynamic-security.json" % (port)) except FileExistsError: - try: - os.remove(f"{port}/dynamic-security.json") - except FileNotFoundError: - pass + pass broker = mosq_test.start_broker(filename=os.path.basename(__file__), use_conf=True, port=port) diff --git a/test/broker/14-dynsec-modify-client.py b/test/broker/14-dynsec-modify-client.py index 76e0b0b8..529a89f4 100755 --- a/test/broker/14-dynsec-modify-client.py +++ b/test/broker/14-dynsec-modify-client.py @@ -2,6 +2,7 @@ from mosq_test_helper import * import json +import shutil def write_config(filename, port): with open(filename, 'w') as f: @@ -29,20 +30,20 @@ write_config(conf_file, port) create_client_command = { "commands": [{ "command": "createClient", "username": "user_one", "password": "password", "clientid": "cid", - "textName": "Name", "textDescription": "Description", + "textname": "Name", "textdescription": "Description", "correlationData": "2" }] } create_client_response = {'responses': [{'command': 'createClient', 'correlationData': '2'}]} create_groups_command = { "commands": [ { - "command": "createGroup", "groupName": "group_one", - "textName": "Name", "textDescription": "Description", + "command": "createGroup", "groupname": "group_one", + "textname": "Name", "textdescription": "Description", "correlationData": "12" }, { - "command": "createGroup", "groupName": "group_two", - "textName": "Name", "textDescription": "Description", + "command": "createGroup", "groupname": "group_two", + "textname": "Name", "textdescription": "Description", "correlationData": "13" } ] @@ -54,18 +55,18 @@ create_groups_response = {'responses': [ create_roles_command = { "commands": [ { - "command": "createRole", "roleName": "role_one", - "textName": "Name", "textDescription": "Description", + "command": "createRole", "rolename": "role_one", + "textname": "Name", "textdescription": "Description", "acls":[], "correlationData": "21" }, { - "command": "createRole", "roleName": "role_two", - "textName": "Name", "textDescription": "Description", + "command": "createRole", "rolename": "role_two", + "textname": "Name", "textdescription": "Description", "acls":[], "correlationData": "22" }, { - "command": "createRole", "roleName": "role_three", - "textName": "Name", "textDescription": "Description", + "command": "createRole", "rolename": "role_three", + "textname": "Name", "textdescription": "Description", "acls":[], "correlationData": "23" } ] @@ -78,15 +79,15 @@ create_roles_response = {'responses': [ modify_client_command1 = { "commands": [{ "command": "modifyClient", "username": "user_one", - "textName": "Modified name", "textDescription": "Modified description", + "textname": "Modified name", "textdescription": "Modified description", "roles":[ - {'roleName':'role_one', 'priority':2}, - {'roleName':'role_two'}, - {'roleName':'role_three', 'priority':10} + {'rolename':'role_one', 'priority':2}, + {'rolename':'role_two'}, + {'rolename':'role_three', 'priority':10} ], "groups":[ - {'groupName':'group_one', 'priority':3}, - {'groupName':'group_two', 'priority':8} + {'groupname':'group_one', 'priority':3}, + {'groupname':'group_two', 'priority':8} ], "correlationData": "3" }] } @@ -94,7 +95,7 @@ modify_client_response1 = {'responses': [{'command': 'modifyClient', 'correlatio modify_client_command2 = { "commands": [{ "command": "modifyClient", "username": "user_one", - "textName": "Modified name", "textDescription": "Modified description", + "textname": "Modified name", "textdescription": "Modified description", "groups":[], "correlationData": "4" }] } @@ -104,41 +105,41 @@ modify_client_response2 = {'responses': [{'command': 'modifyClient', 'correlatio get_client_command1 = { "commands": [{ "command": "getClient", "username": "user_one"}]} get_client_response1 = {'responses':[{'command': 'getClient', 'data': {'client': {'username': 'user_one', 'clientid': 'cid', - 'textName': 'Name', 'textDescription': 'Description', - 'groups': [], + 'textname': 'Name', 'textdescription': 'Description', 'roles': [], + 'groups': [], }}}]} get_client_command2 = { "commands": [{ "command": "getClient", "username": "user_one"}]} get_client_response2 = {'responses':[{'command': 'getClient', 'data': {'client': {'username': 'user_one', 'clientid': 'cid', - 'textName': 'Modified name', 'textDescription': 'Modified description', - 'groups': [ - {'groupName':'group_two', 'priority':8}, - {'groupName':'group_one', 'priority':3} - ], + 'textname': 'Modified name', 'textdescription': 'Modified description', 'roles': [ - {'roleName':'role_three', 'priority':10}, - {'roleName':'role_one', 'priority':2}, - {'roleName':'role_two'} + {'rolename':'role_three', 'priority':10}, + {'rolename':'role_one', 'priority':2}, + {'rolename':'role_two'} + ], + 'groups': [ + {'groupname':'group_two', 'priority':8}, + {'groupname':'group_one', 'priority':3} ]}}}]} get_client_command3 = { "commands": [{ "command": "getClient", "username": "user_one"}]} get_client_response3 = {'responses':[{'command': 'getClient', 'data': {'client': {'username': 'user_one', 'clientid': 'cid', - 'textName': 'Modified name', 'textDescription': 'Modified description', + 'textname': 'Modified name', 'textdescription': 'Modified description', 'groups': [], 'roles': [ - {'roleName':'role_three', 'priority':10}, - {'roleName':'role_one', 'priority':2}, - {'roleName':'role_two'} + {'rolename':'role_three', 'priority':10}, + {'rolename':'role_one', 'priority':2}, + {'rolename':'role_two'} ]}}}]} rc = 1 keepalive = 10 -connect_packet = mosq_test.gen_connect("ctrl-test", keepalive=keepalive) +connect_packet = mosq_test.gen_connect("ctrl-test", keepalive=keepalive, username="admin", password="admin") connack_packet = mosq_test.gen_connack(rc=0) mid = 2 @@ -147,13 +148,9 @@ suback_packet = mosq_test.gen_suback(mid, 1) try: os.mkdir(str(port)) - with open("%d/dynamic-security.json" % port, 'w') as f: - f.write('{"defaultACLAction": {"publishClientSend":"allow", "publishClientReceive":"allow", "subscribe":"allow", "unsubscribe":"allow"}}') + shutil.copyfile("dynamic-security-init.json", "%d/dynamic-security.json" % (port)) except FileExistsError: - try: - os.remove(f"{port}/dynamic-security.json") - except FileNotFoundError: - pass + pass broker = mosq_test.start_broker(filename=os.path.basename(__file__), use_conf=True, port=port) diff --git a/test/broker/14-dynsec-modify-group.py b/test/broker/14-dynsec-modify-group.py index 1370b60e..3c0025d1 100755 --- a/test/broker/14-dynsec-modify-group.py +++ b/test/broker/14-dynsec-modify-group.py @@ -2,6 +2,7 @@ from mosq_test_helper import * import json +import shutil def write_config(filename, port): with open(filename, 'w') as f: @@ -29,27 +30,27 @@ write_config(conf_file, port) create_client_command = { "commands": [{ "command": "createClient", "username": "user_one", "password": "password", "clientid": "cid", - "textName": "Name", "textDescription": "Description", + "textname": "Name", "textdescription": "Description", "correlationData": "2" }] } create_client_response = {'responses': [{'command': 'createClient', 'correlationData': '2'}]} create_group_command = { "commands": [{ - "command": "createGroup", "groupName": "group_one", - "textName": "Name", "textDescription": "Description", - "roleName": "", "correlationData": "2" }] + "command": "createGroup", "groupname": "group_one", + "textname": "Name", "textdescription": "Description", + "rolename": "", "correlationData": "2" }] } create_group_response = {'responses': [{'command': 'createGroup', 'correlationData': '2'}]} create_role_command = { "commands": [ { - "command": "createRole", "roleName": "role_one", - "textName": "Name", "textDescription": "Description", + "command": "createRole", "rolename": "role_one", + "textname": "Name", "textdescription": "Description", "acls":[], "correlationData": "2" }, { - "command": "createRole", "roleName": "role_two", - "textName": "Name", "textDescription": "Description", + "command": "createRole", "rolename": "role_two", + "textname": "Name", "textdescription": "Description", "acls":[], "correlationData": "3" } ] @@ -60,20 +61,20 @@ create_role_response = {'responses': [ ]} modify_group_command1 = { "commands": [{ - "command": "modifyGroup", "groupName": "group_one", - "textName": "Modified name", "textDescription": "Modified description", - "roles":[{'roleName':'role_one'}], + "command": "modifyGroup", "groupname": "group_one", + "textname": "Modified name", "textdescription": "Modified description", + "roles":[{'rolename':'role_one'}], "clients":[{'username':'user_one'}], "correlationData": "3" }] } modify_group_response1 = {'responses': [{'command': 'modifyGroup', 'correlationData': '3'}]} modify_group_command2 = { "commands": [{ - "command": "modifyGroup", "groupName": "group_one", - "textName": "Modified name", "textDescription": "Modified description", + "command": "modifyGroup", "groupname": "group_one", + "textname": "Modified name", "textdescription": "Modified description", "roles":[ - {'roleName':'role_one', 'priority':99}, - {'roleName':'role_two', 'priority':87} + {'rolename':'role_one', 'priority':99}, + {'rolename':'role_two', 'priority':87} ], "clients":[], "correlationData": "3" }] @@ -81,8 +82,8 @@ modify_group_command2 = { "commands": [{ modify_group_response2 = {'responses': [{'command': 'modifyGroup', 'correlationData': '3'}]} modify_group_command3 = { "commands": [{ - "command": "modifyGroup", "groupName": "group_one", - "textName": "Modified name", "textDescription": "Modified description", + "command": "modifyGroup", "groupname": "group_one", + "textname": "Modified name", "textdescription": "Modified description", "roles":[], "clients":[], "correlationData": "3" }] @@ -91,33 +92,33 @@ modify_group_response3 = {'responses': [{'command': 'modifyGroup', 'correlationD get_group_command1 = { "commands": [{ - "command": "getGroup", "groupName": "group_one"}]} -get_group_response1 = {'responses':[{'command': 'getGroup', 'data': {'group': {'groupName': 'group_one', - 'textName': 'Name', 'textDescription': 'Description', + "command": "getGroup", "groupname": "group_one"}]} +get_group_response1 = {'responses':[{'command': 'getGroup', 'data': {'group': {'groupname': 'group_one', + 'textname': 'Name', 'textdescription': 'Description', 'clients':[], 'roles': []}}}]} get_group_command2 = { "commands": [{ - "command": "getGroup", "groupName": "group_one"}]} -get_group_response2 = {'responses':[{'command': 'getGroup', 'data': {'group': {'groupName': 'group_one', - 'textName': 'Modified name', 'textDescription': 'Modified description', + "command": "getGroup", "groupname": "group_one"}]} +get_group_response2 = {'responses':[{'command': 'getGroup', 'data': {'group': {'groupname': 'group_one', + 'textname': 'Modified name', 'textdescription': 'Modified description', 'clients':[{'username':'user_one'}], - 'roles': [{'roleName':'role_one'}]}}}]} + 'roles': [{'rolename':'role_one'}]}}}]} get_group_command3 = { "commands": [{ - "command": "getGroup", "groupName": "group_one"}]} -get_group_response3 = {'responses':[{'command': 'getGroup', 'data': {'group': {'groupName': 'group_one', - 'textName': 'Modified name', 'textDescription': 'Modified description', + "command": "getGroup", "groupname": "group_one"}]} +get_group_response3 = {'responses':[{'command': 'getGroup', 'data': {'group': {'groupname': 'group_one', + 'textname': 'Modified name', 'textdescription': 'Modified description', 'clients':[], 'roles': [ - {'roleName':'role_one', 'priority':99}, - {'roleName':'role_two', 'priority':87} + {'rolename':'role_one', 'priority':99}, + {'rolename':'role_two', 'priority':87} ]}}}]} get_group_command4 = { "commands": [{ - "command": "getGroup", "groupName": "group_one"}]} -get_group_response4 = {'responses':[{'command': 'getGroup', 'data': {'group': {'groupName': 'group_one', - 'textName': 'Modified name', 'textDescription': 'Modified description', + "command": "getGroup", "groupname": "group_one"}]} +get_group_response4 = {'responses':[{'command': 'getGroup', 'data': {'group': {'groupname': 'group_one', + 'textname': 'Modified name', 'textdescription': 'Modified description', 'clients':[], 'roles': []}}}]} @@ -125,7 +126,7 @@ get_group_response4 = {'responses':[{'command': 'getGroup', 'data': {'group': {' rc = 1 keepalive = 10 -connect_packet = mosq_test.gen_connect("ctrl-test", keepalive=keepalive) +connect_packet = mosq_test.gen_connect("ctrl-test", keepalive=keepalive, username="admin", password="admin") connack_packet = mosq_test.gen_connack(rc=0) mid = 2 @@ -134,13 +135,9 @@ suback_packet = mosq_test.gen_suback(mid, 1) try: os.mkdir(str(port)) - with open("%d/dynamic-security.json" % port, 'w') as f: - f.write('{"defaultACLAction": {"publishClientSend":"allow", "publishClientReceive":"allow", "subscribe":"allow", "unsubscribe":"allow"}}') + shutil.copyfile("dynamic-security-init.json", "%d/dynamic-security.json" % (port)) except FileExistsError: - try: - os.remove(f"{port}/dynamic-security.json") - except FileNotFoundError: - pass + pass broker = mosq_test.start_broker(filename=os.path.basename(__file__), use_conf=True, port=port) diff --git a/test/broker/14-dynsec-modify-role.py b/test/broker/14-dynsec-modify-role.py index 01ceabc8..7b7b0160 100755 --- a/test/broker/14-dynsec-modify-role.py +++ b/test/broker/14-dynsec-modify-role.py @@ -2,6 +2,7 @@ from mosq_test_helper import * import json +import shutil def write_config(filename, port): with open(filename, 'w') as f: @@ -26,17 +27,17 @@ conf_file = os.path.basename(__file__).replace('.py', '.conf') write_config(conf_file, port) create_role_command = { "commands": [{ - "command": "createRole", "roleName": "role_one", - "textName": "Name", "textDescription": "Description", + "command": "createRole", "rolename": "role_one", + "textname": "Name", "textdescription": "Description", "acls":[ { - "aclType": "publishClientSend", + "acltype": "publishClientSend", "allow": True, "topic": "topic/#", "priority": 8 }, { - "aclType": "publishClientSend", + "acltype": "publishClientSend", "allow": True, "topic": "topic/2/#", "priority": 9 @@ -46,25 +47,25 @@ create_role_command = { "commands": [{ create_role_response = {'responses': [{'command': 'createRole', 'correlationData': '2'}]} modify_role_command = { "commands": [{ - "command": "modifyRole", "roleName": "role_one", - "textName": "Modified name", "textDescription": "Modified description", + "command": "modifyRole", "rolename": "role_one", + "textname": "Modified name", "textdescription": "Modified description", "correlationData": "3" }] } modify_role_response = {'responses': [{'command': 'modifyRole', 'correlationData': '3'}]} -get_role_command1 = { "commands": [{"command": "getRole", "roleName": "role_one"}]} -get_role_response1 = {'responses':[{'command': 'getRole', 'data': {'role': {'roleName': 'role_one', - 'textName': 'Name', 'textDescription': 'Description', +get_role_command1 = { "commands": [{"command": "getRole", "rolename": "role_one"}]} +get_role_response1 = {'responses':[{'command': 'getRole', 'data': {'role': {'rolename': 'role_one', + 'textname': 'Name', 'textdescription': 'Description', 'acls': [ { - "aclType": "publishClientSend", + "acltype": "publishClientSend", "topic": "topic/2/#", "allow": True, "priority": 9 }, { - "aclType": "publishClientSend", + "acltype": "publishClientSend", "topic": "topic/#", "allow": True, "priority": 8 @@ -72,18 +73,18 @@ get_role_response1 = {'responses':[{'command': 'getRole', 'data': {'role': {'rol ]}}}]} get_role_command2 = { "commands": [{ - "command": "getRole", "roleName": "role_one"}]} -get_role_response2 = {'responses':[{'command': 'getRole', 'data': {'role': {'roleName': 'role_one', - 'textName': 'Modified name', 'textDescription': 'Modified description', + "command": "getRole", "rolename": "role_one"}]} +get_role_response2 = {'responses':[{'command': 'getRole', 'data': {'role': {'rolename': 'role_one', + 'textname': 'Modified name', 'textdescription': 'Modified description', 'acls': [ { - "aclType": "publishClientSend", + "acltype": "publishClientSend", "topic": "topic/2/#", "allow": True, "priority": 9 }, { - "aclType": "publishClientSend", + "acltype": "publishClientSend", "topic": "topic/#", "allow": True, "priority": 8 @@ -92,7 +93,7 @@ get_role_response2 = {'responses':[{'command': 'getRole', 'data': {'role': {'rol rc = 1 keepalive = 10 -connect_packet = mosq_test.gen_connect("ctrl-test", keepalive=keepalive) +connect_packet = mosq_test.gen_connect("ctrl-test", keepalive=keepalive, username="admin", password="admin") connack_packet = mosq_test.gen_connack(rc=0) mid = 2 @@ -101,13 +102,9 @@ suback_packet = mosq_test.gen_suback(mid, 1) try: os.mkdir(str(port)) - with open("%d/dynamic-security.json" % port, 'w') as f: - f.write('{"defaultACLAction": {"publishClientSend":"allow", "publishClientReceive":"allow", "subscribe":"allow", "unsubscribe":"allow"}}') + shutil.copyfile("dynamic-security-init.json", "%d/dynamic-security.json" % (port)) except FileExistsError: - try: - os.remove(f"{port}/dynamic-security.json") - except FileNotFoundError: - pass + pass broker = mosq_test.start_broker(filename=os.path.basename(__file__), use_conf=True, port=port) diff --git a/test/broker/14-dynsec-role.py b/test/broker/14-dynsec-role.py index e1dc2351..1bab1be0 100755 --- a/test/broker/14-dynsec-role.py +++ b/test/broker/14-dynsec-role.py @@ -2,6 +2,7 @@ from mosq_test_helper import * import json +import shutil def write_config(filename, port): with open(filename, 'w') as f: @@ -29,30 +30,30 @@ write_config(conf_file, port) create_client_command = { "commands": [{ "command": "createClient", "username": "user_one", "password": "password", "clientid": "cid", - "textName": "Name", "textDescription": "Description", - "roleName": "", "correlationData": "2" }] + "textname": "Name", "textdescription": "Description", + "rolename": "", "correlationData": "2" }] } create_client_response = {'responses': [{'command': 'createClient', 'correlationData': '2'}]} create_group_command = { "commands": [{ - "command": "createGroup", "groupName": "group_one", - "textName": "Name", "textDescription": "Description", + "command": "createGroup", "groupname": "group_one", + "textname": "Name", "textdescription": "Description", "correlationData":"3"}]} create_group_response = {'responses':[{"command":"createGroup","correlationData":"3"}]} create_role_command = { "commands": [{'command': 'createRole', 'correlationData': '3', - "roleName": "basic", "acls":[ - {"aclType":"publishClientSend", "topic": "out/#", "priority":3, "allow": True}], "textName":"name", "textDescription":"desc" + "rolename": "basic", "acls":[ + {"acltype":"publishClientSend", "topic": "out/#", "priority":3, "allow": True}], "textname":"name", "textdescription":"desc" }]} create_role_response = {'responses': [{'command': 'createRole', 'correlationData': '3'}]} add_role_to_client_command = {"commands": [{'command': 'addClientRole', "username": "user_one", - "roleName": "basic"}]} + "rolename": "basic"}]} add_role_to_client_response = {'responses': [{'command': 'addClientRole'}]} -add_role_to_group_command = {"commands": [{'command': 'addGroupRole', "groupName": "group_one", - "roleName": "basic"}]} +add_role_to_group_command = {"commands": [{'command': 'addGroupRole', "groupname": "group_one", + "rolename": "basic"}]} add_role_to_group_response = {'responses': [{'command': 'addGroupRole'}]} @@ -60,63 +61,83 @@ list_roles_verbose_command1 = { "commands": [{ "command": "listRoles", "verbose": True, "correlationData": "21"}] } list_roles_verbose_response1 = {'responses': [{'command': 'listRoles', 'data': - {'totalCount':1, 'roles': [{'roleName': 'basic', "textName": "name", "textDescription": "desc", - 'acls': [{'aclType':'publishClientSend', 'topic': 'out/#', 'priority': 3, 'allow': True}] + {'totalCount':2, 'roles': [ + {"rolename":"admin","acls":[ + {"acltype": "publishClientSend", "topic": "$CONTROL/dynamic-security/#", "priority":0, "allow": True }, + {"acltype": "publishClientReceive", "topic": "$CONTROL/dynamic-security/#", "priority":0, "allow": True }, + {"acltype": "publishClientReceive", "topic": "$SYS/#", "priority":0, "allow": True }, + {"acltype": "publishClientReceive", "topic": "#", "priority":0, "allow": True }, + {"acltype": "subscribePattern", "topic": "$CONTROL/dynamic-security/#", "priority":0, "allow": True }, + {"acltype": "subscribePattern", "topic": "$SYS/#", "priority":0, "allow": True }, + {"acltype": "subscribePattern", "topic": "#", "priority":0, "allow": True}, + {"acltype": "unsubscribePattern", "topic": "#", "priority":0, "allow": True}]}, + {'rolename': 'basic', "textname": "name", "textdescription": "desc", + 'acls': [{'acltype':'publishClientSend', 'topic': 'out/#', 'priority': 3, 'allow': True}] }]}, 'correlationData': '21'}]} -add_acl_command = {"commands": [{'command': "addRoleACL", "roleName":"basic", "aclType":"subscribeLiteral", +add_acl_command = {"commands": [{'command': "addRoleACL", "rolename":"basic", "acltype":"subscribeLiteral", "topic":"basic/out", "priority":1, "allow":True}]} add_acl_response = {'responses': [{'command': 'addRoleACL'}]} list_roles_verbose_command2 = { "commands": [{ "command": "listRoles", "verbose": True, "correlationData": "22"}] } -list_roles_verbose_response2 = {'responses': [{'command': 'listRoles', 'data': {'totalCount':1, 'roles': - [{'roleName': 'basic', 'textName': 'name', 'textDescription': 'desc', 'acls': - [{'aclType':'publishClientSend', 'topic': 'out/#', 'priority': 3, 'allow': True}, - {'aclType':'subscribeLiteral', 'topic': 'basic/out', 'priority': 1, 'allow': True}], +list_roles_verbose_response2 = {'responses': [{'command': 'listRoles', 'data': {'totalCount':2, 'roles': + [{"rolename":"admin","acls":[ + {"acltype": "publishClientSend", "topic": "$CONTROL/dynamic-security/#", "priority":0, "allow": True }, + {"acltype": "publishClientReceive", "topic": "$CONTROL/dynamic-security/#", "priority":0, "allow": True }, + {"acltype": "publishClientReceive", "topic": "$SYS/#", "priority":0, "allow": True }, + {"acltype": "publishClientReceive", "topic": "#", "priority":0, "allow": True }, + {"acltype": "subscribePattern", "topic": "$CONTROL/dynamic-security/#", "priority":0, "allow": True }, + {"acltype": "subscribePattern", "topic": "$SYS/#", "priority":0, "allow": True }, + {"acltype": "subscribePattern", "topic": "#", "priority":0, "allow": True}, + {"acltype": "unsubscribePattern", "topic": "#", "priority":0, "allow": True}]}, + {'rolename': 'basic', 'textname': 'name', 'textdescription': 'desc', 'acls': + [{'acltype':'publishClientSend', 'topic': 'out/#', 'priority': 3, 'allow': True}, + {'acltype':'subscribeLiteral', 'topic': 'basic/out', 'priority': 1, 'allow': True}], }]}, 'correlationData': '22'}]} -get_role_command = {"commands": [{'command': "getRole", "roleName":"basic"}]} +get_role_command = {"commands": [{'command': "getRole", "rolename":"basic"}]} get_role_response = {'responses': [{'command': 'getRole', 'data': {'role': - {'roleName': 'basic', 'textName': 'name', 'textDescription': 'desc', 'acls': - [{'aclType':'publishClientSend', 'topic': 'out/#', 'priority': 3, 'allow': True}, - {'aclType':'subscribeLiteral', 'topic': 'basic/out', 'priority': 1, 'allow': True}], + {'rolename': 'basic', 'textname': 'name', 'textdescription': 'desc', 'acls': + [{'acltype':'publishClientSend', 'topic': 'out/#', 'priority': 3, 'allow': True}, + {'acltype':'subscribeLiteral', 'topic': 'basic/out', 'priority': 1, 'allow': True}], }}}]} -remove_acl_command = {"commands": [{'command': "removeRoleACL", "roleName":"basic", "aclType":"subscribeLiteral", +remove_acl_command = {"commands": [{'command': "removeRoleACL", "rolename":"basic", "acltype":"subscribeLiteral", "topic":"basic/out"}]} remove_acl_response = {'responses': [{'command': 'removeRoleACL'}]} -delete_role_command = {"commands": [{'command': "deleteRole", "roleName":"basic"}]} +delete_role_command = {"commands": [{'command': "deleteRole", "rolename":"basic"}]} delete_role_response = {"responses": [{"command": "deleteRole"}]} list_clients_verbose_command = { "commands": [{ "command": "listClients", "verbose": True, "correlationData": "20"}] } -list_clients_verbose_response = {'responses':[{"command": "listClients", "data":{'totalCount':1, "clients":[ - {"username":"user_one", "clientid":"cid", "textName":"Name", "textDescription":"Description", - "groups":[], "roles":[{'roleName':'basic'}]}]}, "correlationData":"20"}]} +list_clients_verbose_response = {'responses':[{"command": "listClients", "data":{'totalCount':2, "clients":[ + {'username': 'admin', 'textname': 'Dynsec admin user', 'roles': [{'rolename': 'admin'}], 'groups': []}, + {"username":"user_one", "clientid":"cid", "textname":"Name", "textdescription":"Description", + "groups":[], "roles":[{'rolename':'basic'}]}]}, "correlationData":"20"}]} list_groups_verbose_command = { "commands": [{ "command": "listGroups", "verbose": True, "correlationData": "20"}] } list_groups_verbose_response = {'responses':[{"command": "listGroups", "data":{'totalCount':1, "groups":[ - {"groupName":"group_one", "textName":"Name", "textDescription":"Description", - "clients":[], "roles":[{'roleName':'basic'}]}]}, "correlationData":"20"}]} + {"groupname":"group_one", "textname":"Name", "textdescription":"Description", + "clients":[], "roles":[{'rolename':'basic'}]}]}, "correlationData":"20"}]} remove_role_from_client_command = {"commands": [{'command': 'removeClientRole', "username": "user_one", - "roleName": "basic"}]} + "rolename": "basic"}]} remove_role_from_client_response = {'responses': [{'command': 'removeClientRole'}]} -remove_role_from_group_command = {"commands": [{'command': 'removeGroupRole', "groupName": "group_one", - "roleName": "basic"}]} +remove_role_from_group_command = {"commands": [{'command': 'removeGroupRole', "groupname": "group_one", + "rolename": "basic"}]} remove_role_from_group_response = {'responses': [{'command': 'removeGroupRole'}]} rc = 1 keepalive = 10 -connect_packet = mosq_test.gen_connect("ctrl-test", keepalive=keepalive) +connect_packet = mosq_test.gen_connect("ctrl-test", keepalive=keepalive, username="admin", password="admin") connack_packet = mosq_test.gen_connack(rc=0) mid = 2 @@ -125,13 +146,9 @@ suback_packet = mosq_test.gen_suback(mid, 1) try: os.mkdir(str(port)) - with open("%d/dynamic-security.json" % port, 'w') as f: - f.write('{"defaultACLAction": {"publishClientSend":"allow", "publishClientReceive":"allow", "subscribe":"allow", "unsubscribe":"allow"}}') + shutil.copyfile("dynamic-security-init.json", "%d/dynamic-security.json" % (port)) except FileExistsError: - try: - os.remove(f"{port}/dynamic-security.json") - except FileNotFoundError: - pass + pass broker = mosq_test.start_broker(filename=os.path.basename(__file__), use_conf=True, port=port) diff --git a/test/broker/Makefile b/test/broker/Makefile index 9797e942..9f6c79bd 100644 --- a/test/broker/Makefile +++ b/test/broker/Makefile @@ -221,9 +221,10 @@ endif ./13-malformed-unsubscribe-v5.py 14 : - #./14-dynsec-client.py - #./14-dynsec-group.py - #./14-dynsec-role.py - #./14-dynsec-modify-client.py - #./14-dynsec-modify-group.py - #./14-dynsec-modify-role.py + ./14-dynsec-client.py + ./14-dynsec-group.py + ./14-dynsec-role.py + ./14-dynsec-modify-client.py + ./14-dynsec-modify-group.py + ./14-dynsec-modify-role.py + ./14-dynsec-disable-client.py diff --git a/test/broker/dynamic-security-init.json b/test/broker/dynamic-security-init.json new file mode 100644 index 00000000..85d50e79 --- /dev/null +++ b/test/broker/dynamic-security-init.json @@ -0,0 +1,54 @@ +{ + "clients": [{ + "username": "admin", + "textName": "Dynsec admin user", + "password": "Rko31yHY12ryMoyZTBNIUsCPb5SDa4WmUP3Xe2+V6P+QOSW3Gj6IDmpl6zQsAjutb476zEYdBeTw9tU7WZ1new==", + "salt": "Ezuo4G1TqYtTQDL/", + "iterations": 101, + "roles": [{ + "rolename": "admin" + }] + }], + "roles": [{ + "rolename": "admin", + "acls": [{ + "acltype": "publishClientSend", + "topic": "$CONTROL/dynamic-security/#", + "allow": true + }, { + "acltype": "publishClientReceive", + "topic": "$CONTROL/dynamic-security/#", + "allow": true + }, { + "acltype": "subscribePattern", + "topic": "$CONTROL/dynamic-security/#", + "allow": true + }, { + "acltype": "publishClientReceive", + "topic": "$SYS/#", + "allow": true + }, { + "acltype": "subscribePattern", + "topic": "$SYS/#", + "allow": true + }, { + "acltype": "publishClientReceive", + "topic": "#", + "allow": true + }, { + "acltype": "subscribePattern", + "topic": "#", + "allow": true + }, { + "acltype": "unsubscribePattern", + "topic": "#", + "allow": true + }] + }], + "defaultACLAccess": { + "publishClientSend": false, + "publishClientReceive": true, + "subscribe": false, + "unsubscribe": true + } +} \ No newline at end of file diff --git a/test/broker/test.py b/test/broker/test.py index 85eb893b..003f8551 100755 --- a/test/broker/test.py +++ b/test/broker/test.py @@ -189,12 +189,13 @@ tests = [ (1, './13-malformed-subscribe-v5.py'), (1, './13-malformed-unsubscribe-v5.py'), - #(1, './14-dynsec-client.py'), - #(1, './14-dynsec-group.py'), - #(1, './14-dynsec-role.py'), - #(1, './14-dynsec-modify-client.py'), - #(1, './14-dynsec-modify-group.py'), - #(1, './14-dynsec-modify-role.py'), + (1, './14-dynsec-client.py'), + (1, './14-dynsec-group.py'), + (1, './14-dynsec-role.py'), + (1, './14-dynsec-modify-client.py'), + (1, './14-dynsec-modify-group.py'), + (1, './14-dynsec-modify-role.py'), + (1, './14-dynsec-disable-client.py'), ] ptest.run_tests(tests)