Jelajahi Sumber

test: add authz test case

zhongwencool 1 tahun lalu
induk
melakukan
059baf9ea5

+ 128 - 0
apps/emqx_auth/test/emqx_authz/emqx_authz_api_cluster_SUITE.erl

@@ -0,0 +1,128 @@
+%%--------------------------------------------------------------------
+%% Copyright (c) 2020-2024 EMQ Technologies Co., Ltd. All Rights Reserved.
+%%
+%% Licensed under the Apache License, Version 2.0 (the "License");
+%% you may not use this file except in compliance with the License.
+%% You may obtain a copy of the License at
+%% http://www.apache.org/licenses/LICENSE-2.0
+%%
+%% Unless required by applicable law or agreed to in writing, software
+%% distributed under the License is distributed on an "AS IS" BASIS,
+%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+%% See the License for the specific language governing permissions and
+%% limitations under the License.
+%%--------------------------------------------------------------------
+
+-module(emqx_authz_api_cluster_SUITE).
+
+-compile(nowarn_export_all).
+-compile(export_all).
+
+-import(emqx_mgmt_api_test_util, [uri/1]).
+
+-include_lib("eunit/include/eunit.hrl").
+-include_lib("common_test/include/ct.hrl").
+-include_lib("emqx/include/emqx_placeholder.hrl").
+
+-define(SOURCE_HTTP, #{
+    <<"type">> => <<"http">>,
+    <<"enable">> => true,
+    <<"url">> => <<"https://fake.com:443/acl?username=", ?PH_USERNAME/binary>>,
+    <<"ssl">> => #{<<"enable">> => true},
+    <<"headers">> => #{},
+    <<"method">> => <<"get">>,
+    <<"request_timeout">> => <<"5s">>
+}).
+-define(ON(NODE, BODY), erpc:call(NODE, fun() -> BODY end)).
+
+all() ->
+    emqx_common_test_helpers:all(?MODULE).
+
+init_per_suite(Config) ->
+    WorkDir = ?config(priv_dir, Config),
+    Cluster = mk_cluster_spec(#{}),
+    Nodes = [NodePrimary | _] = emqx_cth_cluster:start(Cluster, #{work_dir => WorkDir}),
+    lists:foreach(fun(N) -> ?ON(N, emqx_authz_test_lib:register_fake_sources([http])) end, Nodes),
+    {ok, App} = ?ON(NodePrimary, emqx_common_test_http:create_default_app()),
+    [{api, App}, {cluster_nodes, Nodes}, {node, NodePrimary} | Config].
+
+end_per_suite(Config) ->
+    ok = emqx_cth_cluster:stop(?config(cluster_nodes, Config)).
+
+t_api(Config) ->
+    APINode = ?config(node, Config),
+    {ok, 200, Result1} = request(get, uri(["authorization", "sources"]), [], Config),
+    ?assertEqual([], get_sources(Result1)),
+    {ok, 204, _} = request(post, uri(["authorization", "sources"]), ?SOURCE_HTTP, Config),
+    AllNodes = ?config(cluster_nodes, Config),
+    [OtherNode] = AllNodes -- [APINode],
+    lists:foreach(
+        fun(N) ->
+            ?ON(
+                N,
+                ?assertMatch(
+                    [#{<<"type">> := <<"http">>}],
+                    emqx:get_raw_config([authorization, sources])
+                )
+            )
+        end,
+        AllNodes
+    ),
+    %% delete the source from the second node.
+    ?ON(OtherNode, begin
+        {ok, _} = emqx:update_config([authorization], #{<<"sources">> => []}),
+        ?assertMatch([], emqx:get_raw_config([authorization, sources]))
+    end),
+    ?assertMatch(
+        {ok, 204, _},
+        request(
+            delete,
+            uri(["authorization", "sources", "http"]),
+            [],
+            Config
+        )
+    ),
+    lists:foreach(
+        fun(N) ->
+            ?ON(
+                N,
+                ?assertMatch(
+                    [],
+                    emqx:get_raw_config([authorization, sources])
+                )
+            )
+        end,
+        AllNodes
+    ),
+    ?assertMatch(
+        {ok, 404, _},
+        request(
+            delete,
+            uri(["authorization", "sources", "http"]),
+            [],
+            Config
+        )
+    ),
+    ok.
+
+get_sources(Result) ->
+    maps:get(<<"sources">>, emqx_utils_json:decode(Result, [return_maps])).
+
+mk_cluster_spec(Opts) ->
+    Apps = [
+        emqx,
+        {emqx_conf, "authorization {cache{enable=false},no_match=deny,sources=[]}"},
+        emqx_auth,
+        emqx_management
+    ],
+    Node1Apps = Apps ++ [{emqx_dashboard, "dashboard.listeners.http {enable=true,bind=18083}"}],
+    Node2Apps = Apps,
+    [
+        {emqx_authz_api_cluster_SUITE1, Opts#{role => core, apps => Node1Apps}},
+        {emqx_authz_api_cluster_SUITE2, Opts#{role => core, apps => Node2Apps}}
+    ].
+
+request(Method, URL, Body, Config) ->
+    AuthHeader = emqx_common_test_http:auth_header(?config(api, Config)),
+    Opts = #{compatible_mode => true, httpc_req_opts => [{body_format, binary}]},
+    emqx_mgmt_api_test_util:request_api(Method, URL, [], AuthHeader, Body, Opts).