static void ValidateRule(AuthorizationProperties.Rule rule, int order, List <string> errors, string source)
{
if (rule.Operations.Count == 0)
{
errors.Add($"Statement {order}: {source}: Operations list must not be empty");
}
if (rule.Resources.Count == 0 && !IsConnectOperation(rule))
{
errors.Add($"Statement {order}: {source}: Resources list must not be empty");
}
foreach (var operation in rule.Operations)
{
if (!validOperations.Contains(operation))
{
errors.Add($"Statement {order}: {source}: Unknown mqtt operation: {operation}. List of supported operations: mqtt:publish, mqtt:subscribe, mqtt:connect");
}
ValidateVariables(operation, order, errors);
}
foreach (var resource in rule.Resources)
{
if (string.IsNullOrEmpty(resource) ||
!IsValidTopicFilter(resource))
{
errors.Add($"Statement {order}: {source}: Resource (topic filter) is invalid: {resource}");
}
ValidateVariables(resource, order, errors);
}
}
private static bool IsConnectOperation(AuthorizationProperties.Rule rule)
{
return(rule.Operations.Count == 1 && rule.Operations[0] == "mqtt:connect");
}
