public void GetEdgeHubConfig_AuthorizationValidatorReturnsError_ExpectedException() { var validator = new Mock <BrokerPropertiesValidator>(); validator .Setup(v => v.ValidateAuthorizationConfig(It.IsAny <AuthorizationProperties>())) .Returns(new List <string> { "Validation error has occurred" }); var routeFactory = new EdgeRouteFactory(new Mock <IEndpointFactory>().Object); var configParser = new EdgeHubConfigParser(routeFactory, validator.Object); var authzProperties = new AuthorizationProperties { new AuthorizationProperties.Statement( identities: new List <string> { "device_1", "device_3" }, allow: new List <AuthorizationProperties.Rule>(), deny: new List <AuthorizationProperties.Rule>()) }; var brokerProperties = new BrokerProperties(new BridgeConfig(), authzProperties); var properties = new EdgeHubDesiredProperties_1_2( "1.2.0", new Dictionary <string, RouteSpec>(), new StoreAndForwardConfiguration(100), brokerProperties); // assert Assert.Throws <InvalidOperationException>(() => configParser.GetEdgeHubConfig(properties)); }
/// <summary> /// Important!: Validation logic should be in sync with mqtt_policy::MqttValidator in the Broker. /// /// Validates authorization policies and returns a list of errors (if any). /// </summary> public virtual IList <string> ValidateAuthorizationConfig(AuthorizationProperties properties) { Preconditions.CheckNotNull(properties, nameof(properties)); var order = 0; var errors = new List <string>(); foreach (var statement in properties) { if (statement.Identities.Count == 0) { errors.Add($"Statement {order}: Identities list must not be empty"); } foreach (var identity in statement.Identities) { if (string.IsNullOrEmpty(identity)) { errors.Add($"Statement {order}: Identity name is invalid: {identity}"); } ValidateVariables(identity, order, errors); } foreach (var rule in statement.Allow) { ValidateRule(rule, order, errors, "Allow"); } foreach (var rule in statement.Deny) { ValidateRule(rule, order, errors, "Deny"); } order++; } return(errors); }
public static EdgeHubDesiredProperties_1_2 GetTestData() { var statement1 = new AuthorizationProperties.Statement( identities: new List <string> { "device_1", "device_3" }, allow: new List <AuthorizationProperties.Rule> { new AuthorizationProperties.Rule( operations: new List <string> { "mqtt:publish", "mqtt:subscribe" }, resources: new List <string> { "topic/a", "topic/b" }) }, deny: new List <AuthorizationProperties.Rule> { new AuthorizationProperties.Rule( operations: new List <string> { "mqtt:publish" }, resources: new List <string> { "system/alerts/+", "core/#" }) }); var statement2 = new AuthorizationProperties.Statement( identities: new List <string> { "device_2" }, allow: new List <AuthorizationProperties.Rule> { new AuthorizationProperties.Rule( operations: new List <string> { "mqtt:publish", "mqtt:subscribe" }, resources: new List <string> { "topic1", "topic2" }) }, deny: new List <AuthorizationProperties.Rule>()); var authzProperties = new AuthorizationProperties { statement1, statement2 }; var bridgeConfig = new BridgeConfig { new Bridge("$upstream", new List <Settings> { new Settings(Direction.In, "topic/a", "local/", "remote/") }), new Bridge("floor2", new List <Settings> { new Settings(Direction.Out, "/topic/b", "local", "remote") }) }; var brokerProperties = new BrokerProperties(bridgeConfig, authzProperties); var properties = new EdgeHubDesiredProperties_1_2( "1.2.0", new Dictionary <string, RouteSpec>(), new StoreAndForwardConfiguration(100), brokerProperties); return(properties); }
public BrokerProperties(BridgeConfig bridges, AuthorizationProperties authorizations) { this.Bridges = bridges ?? new BridgeConfig(); this.Authorizations = authorizations ?? new AuthorizationProperties(); }
public BrokerProperties(BridgeConfig bridges, AuthorizationProperties authorizations) { this.Bridges = bridges; this.Authorizations = authorizations; }
public static EdgeHubDesiredProperties GetTestData() { var statement1 = new AuthorizationProperties.Statement( identities: new List <string> { "device_1", "device_3" }, allow: new List <AuthorizationProperties.Rule> { new AuthorizationProperties.Rule( operations: new List <string> { "mqtt:publish", "mqtt:subscribe" }, resources: new List <string> { "topic/a", "topic/b" }) }, deny: new List <AuthorizationProperties.Rule> { new AuthorizationProperties.Rule( operations: new List <string> { "mqtt:publish" }, resources: new List <string> { "system/alerts/+", "core/#" }) }); var statement2 = new AuthorizationProperties.Statement( identities: new List <string> { "device_2" }, allow: new List <AuthorizationProperties.Rule> { new AuthorizationProperties.Rule( operations: new List <string> { "mqtt:publish", "mqtt:subscribe" }, resources: new List <string> { "topic1", "topic2" }) }, deny: new List <AuthorizationProperties.Rule>()); var authzProperties = new AuthorizationProperties { statement1, statement2 }; var brokerProperties = new BrokerProperties(new BridgeConfig(), authzProperties); var properties = new EdgeHubDesiredProperties( "1.2.0", new Dictionary <string, RouteConfiguration>(), new StoreAndForwardConfiguration(100), brokerProperties); return(properties); }