Skip to content
This repository has been archived by the owner on Nov 17, 2020. It is now read-only.

Commit

Permalink
Add test case for cert user/vhost mapping
Browse files Browse the repository at this point in the history 
Fixes #73
  • Loading branch information
@acogoluegnes
acogoluegnes committed Dec 13, 2016
1 parent 56ecb5d commit 455c0e7
Showing 1 changed file with 36 additions and 34 deletions.
70 changes: 36 additions & 34 deletions test/auth_SUITE.erl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,9 +16,10 @@ groups() ->
[anonymous_auth_success,
user_credentials_auth,
ssl_user_auth_success,
ssl_user_vhost_success,
ssl_user_vhost_failure,
ssl_user_vhost_not_allowed]},
ssl_user_vhost_not_allowed,
ssl_user_vhost_parameter_mapping_success,
ssl_user_vhost_parameter_mapping_not_allowed,
ssl_user_vhost_parameter_mapping_vhost_does_not_exist]},
{anonymous_no_ssl_user, [],
[anonymous_auth_success,
user_credentials_auth
Expand All @@ -28,9 +29,10 @@ groups() ->
[anonymous_auth_failure,
user_credentials_auth,
ssl_user_auth_success,
ssl_user_vhost_success,
ssl_user_vhost_failure,
ssl_user_vhost_not_allowed]},
ssl_user_vhost_not_allowed,
ssl_user_vhost_parameter_mapping_success,
ssl_user_vhost_parameter_mapping_not_allowed,
ssl_user_vhost_parameter_mapping_vhost_does_not_exist]},
{no_ssl_user, [],
[anonymous_auth_failure,
user_credentials_auth,
Expand Down Expand Up @@ -80,40 +82,47 @@ init_per_testcase(Testcase, Config) when Testcase == ssl_user_auth_success;
Testcase == ssl_user_auth_failure ->
Config1 = set_cert_user_on_default_vhost(Config),
rabbit_ct_helpers:testcase_started(Config1, Testcase);
init_per_testcase(ssl_user_vhost_success, Config) ->
init_per_testcase(ssl_user_vhost_parameter_mapping_success, Config) ->
Config1 = set_cert_user_on_default_vhost(Config),
User = ?config(temp_ssl_user, Config1),
{ok, _} = rabbit_ct_broker_helpers:rabbitmqctl(Config1, 0, ["clear_permissions", "-p", "/", User]),
ok = rabbit_ct_broker_helpers:clear_permissions(Config1, User, <<"/">>),
Config2 = set_vhost_for_cert_user(Config1, User),
rabbit_ct_helpers:testcase_started(Config2, ssl_user_vhost_success);
init_per_testcase(ssl_user_vhost_failure, Config) ->
rabbit_ct_helpers:testcase_started(Config2, ssl_user_vhost_parameter_mapping_success);
init_per_testcase(ssl_user_vhost_parameter_mapping_not_allowed, Config) ->
Config1 = set_cert_user_on_default_vhost(Config),
User = ?config(temp_ssl_user, Config1),
Config2 = set_vhost_for_cert_user(Config1, User),
VhostForCertUser = ?config(temp_vhost_for_ssl_user, Config2),
{ok, _} = rabbit_ct_broker_helpers:rabbitmqctl(Config2, 0, ["clear_permissions", "-p", VhostForCertUser, User]),
rabbit_ct_helpers:testcase_started(Config2, ssl_user_vhost_failure);
ok = rabbit_ct_broker_helpers:clear_permissions(Config2, User, VhostForCertUser),
rabbit_ct_helpers:testcase_started(Config2, ssl_user_vhost_parameter_mapping_not_allowed);
init_per_testcase(user_credentials_auth, Config) ->
User = <<"new-user">>,
Pass = <<"new-user-pass">>,
{ok,_} = rabbit_ct_broker_helpers:rabbitmqctl(Config, 0, ["add_user", User, Pass]),
{ok, _} = rabbit_ct_broker_helpers:rabbitmqctl(Config, 0, ["set_permissions", "-p", "/", User, ".*", ".*", ".*"]),
ok = rabbit_ct_broker_helpers:add_user(Config, 0, User, Pass),
ok = rabbit_ct_broker_helpers:set_full_permissions(Config, User, <<"/">>),
Config1 = rabbit_ct_helpers:set_config(Config, [{new_user, User},
{new_user_pass, Pass}]),
rabbit_ct_helpers:testcase_started(Config1, user_credentials_auth);
init_per_testcase(ssl_user_vhost_not_allowed, Config) ->
Config1 = set_cert_user_on_default_vhost(Config),
User = ?config(temp_ssl_user, Config1),
{ok, _} = rabbit_ct_broker_helpers:rabbitmqctl(Config1, 0, ["clear_permissions", "-p", "/", User]),
ok = rabbit_ct_broker_helpers:clear_permissions(Config1, User, <<"/">>),
rabbit_ct_helpers:testcase_started(Config1, ssl_user_vhost_not_allowed);
init_per_testcase(ssl_user_vhost_parameter_mapping_vhost_does_not_exist, Config) ->
Config1 = set_cert_user_on_default_vhost(Config),
User = ?config(temp_ssl_user, Config1),
Config2 = set_vhost_for_cert_user(Config1, User),
VhostForCertUser = ?config(temp_vhost_for_ssl_user, Config2),
ok = rabbit_ct_broker_helpers:delete_vhost(Config, VhostForCertUser),
rabbit_ct_helpers:testcase_started(Config1, ssl_user_vhost_parameter_mapping_vhost_does_not_exist);
init_per_testcase(Testcase, Config) ->
rabbit_ct_helpers:testcase_started(Config, Testcase).

set_cert_user_on_default_vhost(Config) ->
Hostname = re:replace(os:cmd("hostname"), "\\s+", "", [global,{return,list}]),
User = "O=client,CN=" ++ Hostname,
{ok,_} = rabbit_ct_broker_helpers:rabbitmqctl(Config, 0, ["add_user", User, ""]),
{ok, _} = rabbit_ct_broker_helpers:rabbitmqctl(Config, 0, ["set_permissions", "-p", "/", User, ".*", ".*", ".*"]),
ok = rabbit_ct_broker_helpers:add_user(Config, 0, User, ""),
ok = rabbit_ct_broker_helpers:set_full_permissions(Config, User, <<"/">>),
rabbit_ct_helpers:set_config(Config, [{temp_ssl_user, User}]).

set_vhost_for_cert_user(Config, User) ->
Expand All @@ -123,31 +132,21 @@ set_vhost_for_cert_user(Config, User) ->
{<<"O=client,CN=unlikelytoexistuser">>, <<"vhost2">>}
],
ok = rabbit_ct_broker_helpers:add_vhost(Config, VhostForCertUser),
ok = rabbit_ct_broker_helpers:set_full_permissions(Config, rabbit_data_coercion:to_binary(User), VhostForCertUser),
ok = rabbit_ct_broker_helpers:rpc(
Config, 0,
rabbit_runtime_parameters, set_global,
[
mqtt_default_vhosts,
UserToVHostMappingParameter
]
),
ok = rabbit_ct_broker_helpers:set_full_permissions(Config, User, VhostForCertUser),
ok = rabbit_ct_broker_helpers:set_global_parameter(Config, mqtt_default_vhosts, UserToVHostMappingParameter),
rabbit_ct_helpers:set_config(Config, [{temp_vhost_for_ssl_user, VhostForCertUser}]).

end_per_testcase(Testcase, Config) when Testcase == ssl_user_auth_success;
Testcase == ssl_user_auth_failure;
Testcase == ssl_user_vhost_not_allowed ->
delete_cert_user(Config),
rabbit_ct_helpers:testcase_finished(Config, Testcase);
end_per_testcase(TestCase, Config) when TestCase == ssl_user_vhost_success;
TestCase == ssl_user_vhost_failure->
end_per_testcase(TestCase, Config) when TestCase == ssl_user_vhost_parameter_mapping_success;
TestCase == ssl_user_vhost_parameter_mapping_not_allowed ->
delete_cert_user(Config),
VhostForCertUser = ?config(temp_vhost_for_ssl_user, Config),
ok = rabbit_ct_broker_helpers:delete_vhost(Config, VhostForCertUser),
ok = rabbit_ct_broker_helpers:rpc(Config, 0,
rabbit_runtime_parameters, clear_global,
[mqtt_default_vhosts]
),
ok = rabbit_ct_broker_helpers:clear_global_parameter(Config, mqtt_default_vhosts),
rabbit_ct_helpers:testcase_finished(Config, TestCase);
end_per_testcase(user_credentials_auth, Config) ->
User = ?config(new_user, Config),
Expand Down Expand Up @@ -205,15 +204,18 @@ user_credentials_auth(Config) ->
fun(Conf) -> connect_user(<<"non-existing-vhost:guest">>, <<"guest">>, Conf) end,
Config).

ssl_user_vhost_success(Config) ->
ssl_user_vhost_parameter_mapping_success(Config) ->
expect_successful_connection(fun connect_ssl/1, Config).

ssl_user_vhost_failure(Config) ->
ssl_user_vhost_parameter_mapping_not_allowed(Config) ->
expect_authentication_failure(fun connect_ssl/1, Config).

ssl_user_vhost_not_allowed(Config) ->
expect_authentication_failure(fun connect_ssl/1, Config).

ssl_user_vhost_parameter_mapping_vhost_does_not_exist(Config) ->
expect_authentication_failure(fun connect_ssl/1, Config).

connect_anonymous(Config) ->
P = rabbit_ct_broker_helpers:get_node_config(Config, 0, tcp_port_mqtt),
emqttc:start_link([{host, "localhost"},
Expand Down

0 comments on commit 455c0e7

Please sign in to comment.