public void GetEdgeHubConfig_AuthorizationValidatorReturnsError_ExpectedException()
{
var validator = new Mock <BrokerPropertiesValidator>();
validator
.Setup(v => v.ValidateAuthorizationConfig(It.IsAny <AuthorizationProperties>()))
.Returns(new List <string> {
"Validation error has occurred"
});
var routeFactory = new EdgeRouteFactory(new Mock <IEndpointFactory>().Object);
var configParser = new EdgeHubConfigParser(routeFactory, validator.Object);
var authzProperties = new AuthorizationProperties
{
new AuthorizationProperties.Statement(
identities: new List <string>
{
"device_1",
"device_3"
},
allow: new List <AuthorizationProperties.Rule>(),
deny: new List <AuthorizationProperties.Rule>())
};
var brokerProperties = new BrokerProperties(new BridgeConfig(), authzProperties);
var properties = new EdgeHubDesiredProperties_1_2(
"1.2.0",
new Dictionary <string, RouteSpec>(),
new StoreAndForwardConfiguration(100),
brokerProperties);
// assert
Assert.Throws <InvalidOperationException>(() => configParser.GetEdgeHubConfig(properties));
}
/// <summary>
/// Important!: Validation logic should be in sync with mqtt_policy::MqttValidator in the Broker.
///
/// Validates authorization policies and returns a list of errors (if any).
/// </summary>
public virtual IList <string> ValidateAuthorizationConfig(AuthorizationProperties properties)
{
Preconditions.CheckNotNull(properties, nameof(properties));
var order = 0;
var errors = new List <string>();
foreach (var statement in properties)
{
if (statement.Identities.Count == 0)
{
errors.Add($"Statement {order}: Identities list must not be empty");
}
foreach (var identity in statement.Identities)
{
if (string.IsNullOrEmpty(identity))
{
errors.Add($"Statement {order}: Identity name is invalid: {identity}");
}
ValidateVariables(identity, order, errors);
}
foreach (var rule in statement.Allow)
{
ValidateRule(rule, order, errors, "Allow");
}
foreach (var rule in statement.Deny)
{
ValidateRule(rule, order, errors, "Deny");
}
order++;
}
return(errors);
}
public static EdgeHubDesiredProperties_1_2 GetTestData()
{
var statement1 = new AuthorizationProperties.Statement(
identities: new List <string>
{
"device_1",
"device_3"
},
allow: new List <AuthorizationProperties.Rule>
{
new AuthorizationProperties.Rule(
operations: new List <string>
{
"mqtt:publish",
"mqtt:subscribe"
},
resources: new List <string>
{
"topic/a",
"topic/b"
})
},
deny: new List <AuthorizationProperties.Rule>
{
new AuthorizationProperties.Rule(
operations: new List <string>
{
"mqtt:publish"
},
resources: new List <string>
{
"system/alerts/+",
"core/#"
})
});
var statement2 = new AuthorizationProperties.Statement(
identities: new List <string>
{
"device_2"
},
allow: new List <AuthorizationProperties.Rule>
{
new AuthorizationProperties.Rule(
operations: new List <string>
{
"mqtt:publish",
"mqtt:subscribe"
},
resources: new List <string>
{
"topic1",
"topic2"
})
},
deny: new List <AuthorizationProperties.Rule>());
var authzProperties = new AuthorizationProperties {
statement1, statement2
};
var bridgeConfig = new BridgeConfig
{
new Bridge("$upstream", new List <Settings>
{
new Settings(Direction.In, "topic/a", "local/", "remote/")
}),
new Bridge("floor2", new List <Settings>
{
new Settings(Direction.Out, "/topic/b", "local", "remote")
})
};
var brokerProperties = new BrokerProperties(bridgeConfig, authzProperties);
var properties = new EdgeHubDesiredProperties_1_2(
"1.2.0",
new Dictionary <string, RouteSpec>(),
new StoreAndForwardConfiguration(100),
brokerProperties);
return(properties);
}
public BrokerProperties(BridgeConfig bridges, AuthorizationProperties authorizations)
{
this.Bridges = bridges ?? new BridgeConfig();
this.Authorizations = authorizations ?? new AuthorizationProperties();
}
public BrokerProperties(BridgeConfig bridges, AuthorizationProperties authorizations)
{
this.Bridges = bridges;
this.Authorizations = authorizations;
}
public static EdgeHubDesiredProperties GetTestData()
{
var statement1 = new AuthorizationProperties.Statement(
identities: new List <string>
{
"device_1",
"device_3"
},
allow: new List <AuthorizationProperties.Rule>
{
new AuthorizationProperties.Rule(
operations: new List <string>
{
"mqtt:publish",
"mqtt:subscribe"
},
resources: new List <string>
{
"topic/a",
"topic/b"
})
},
deny: new List <AuthorizationProperties.Rule>
{
new AuthorizationProperties.Rule(
operations: new List <string>
{
"mqtt:publish"
},
resources: new List <string>
{
"system/alerts/+",
"core/#"
})
});
var statement2 = new AuthorizationProperties.Statement(
identities: new List <string>
{
"device_2"
},
allow: new List <AuthorizationProperties.Rule>
{
new AuthorizationProperties.Rule(
operations: new List <string>
{
"mqtt:publish",
"mqtt:subscribe"
},
resources: new List <string>
{
"topic1",
"topic2"
})
},
deny: new List <AuthorizationProperties.Rule>());
var authzProperties = new AuthorizationProperties {
statement1, statement2
};
var brokerProperties = new BrokerProperties(new BridgeConfig(), authzProperties);
var properties = new EdgeHubDesiredProperties(
"1.2.0",
new Dictionary <string, RouteConfiguration>(),
new StoreAndForwardConfiguration(100),
brokerProperties);
return(properties);
}
