public void GetEdgeHubConfig_AuthorizationValidatorReturnsError_ExpectedException()
{
var validator = new Mock <BrokerPropertiesValidator>();
validator
.Setup(v => v.ValidateAuthorizationConfig(It.IsAny <AuthorizationProperties>()))
.Returns(new List <string> {
"Validation error has occurred"
});
var routeFactory = new EdgeRouteFactory(new Mock <IEndpointFactory>().Object);
var configParser = new EdgeHubConfigParser(routeFactory, validator.Object);
var authzProperties = new AuthorizationProperties
{
new AuthorizationProperties.Statement(
identities: new List <string>
{
"device_1",
"device_3"
},
allow: new List <AuthorizationProperties.Rule>(),
deny: new List <AuthorizationProperties.Rule>())
};
var brokerProperties = new BrokerProperties(new BridgeConfig(), authzProperties);
var properties = new EdgeHubDesiredProperties_1_2(
"1.2.0",
new Dictionary <string, RouteSpec>(),
new StoreAndForwardConfiguration(100),
brokerProperties);
// assert
Assert.Throws <InvalidOperationException>(() => configParser.GetEdgeHubConfig(properties));
}
public void ValidateBridgeConfig_ValidInput()
{
var validator = new BrokerPropertiesValidator();
EdgeHubDesiredProperties_1_2 properties = ConfigTestData.GetTestData();
IList <string> errors = validator.ValidateBridgeConfig(properties.BrokerConfiguration.Bridges);
Assert.Equal(0, errors.Count);
}
public void ValidateAuthorizationConfig_EmptyResourceAllowedForConnectOperation()
{
var validator = new BrokerPropertiesValidator();
EdgeHubDesiredProperties_1_2 properties = ConfigTestData.GetTestData();
var authzProperties = properties.BrokerConfiguration.Authorizations;
// arrange connect op with no resources.
authzProperties[0].Deny[0].Operations.Clear();
authzProperties[0].Deny[0].Operations.Insert(0, "mqtt:connect");
authzProperties[0].Deny[0].Resources.Clear();
IList <string> errors = validator.ValidateAuthorizationConfig(authzProperties);
Assert.Equal(0, errors.Count);
}
public void ValidateAuthorizationConfig_InvalidTopicFilters()
{
var validator = new BrokerPropertiesValidator();
EdgeHubDesiredProperties_1_2 properties = ConfigTestData.GetTestData();
var authzProperties = properties.BrokerConfiguration.Authorizations;
// arrange some errors
authzProperties[0].Deny[0].Resources[0] = "topic/#/";
authzProperties[1].Allow[0].Resources[0] = "topic+";
IList <string> errors = validator.ValidateAuthorizationConfig(authzProperties);
Assert.Equal(2, errors.Count);
Assert.Equal("Statement 0: Deny: Resource (topic filter) is invalid: topic/#/", errors[0]);
Assert.Equal("Statement 1: Allow: Resource (topic filter) is invalid: topic+", errors[1]);
}
public void ValidateAuthorizationConfig_InvalidVariableNames()
{
var validator = new BrokerPropertiesValidator();
EdgeHubDesiredProperties_1_2 properties = ConfigTestData.GetTestData();
var authzProperties = properties.BrokerConfiguration.Authorizations;
// arrange some errors
authzProperties[0].Identities[0] = "{{anywhat}}";
authzProperties[1].Allow[0].Resources[0] = "topic/{{invalid}}/{{myothervar}}";
IList <string> errors = validator.ValidateAuthorizationConfig(authzProperties);
Assert.Equal(3, errors.Count);
Assert.Equal("Statement 0: Invalid variable name: {{anywhat}}", errors[0]);
Assert.Equal("Statement 1: Invalid variable name: {{invalid}}", errors[1]);
Assert.Equal("Statement 1: Invalid variable name: {{myothervar}}", errors[2]);
}
public void ValidateAuthorizationConfig_InvalidOperation()
{
var validator = new BrokerPropertiesValidator();
EdgeHubDesiredProperties_1_2 properties = ConfigTestData.GetTestData();
var authzProperties = properties.BrokerConfiguration.Authorizations;
// arrange some errors
authzProperties[0].Deny[0].Operations[0] = "invalid";
IList <string> errors = validator.ValidateAuthorizationConfig(authzProperties);
Assert.Equal(1, errors.Count);
Assert.Equal(
"Statement 0: Deny: Unknown mqtt operation: invalid. "
+ "List of supported operations: mqtt:publish, mqtt:subscribe, mqtt:connect",
errors[0]);
}
public void ValidateAuthorizationConfig_EmptyElements()
{
var validator = new BrokerPropertiesValidator();
EdgeHubDesiredProperties_1_2 properties = ConfigTestData.GetTestData();
var authzProperties = properties.BrokerConfiguration.Authorizations;
// arrange some errors
authzProperties[0].Identities[0] = string.Empty;
authzProperties[0].Deny[0].Resources.Clear();
authzProperties[1].Identities.Clear();
authzProperties[1].Allow[0].Operations.Clear();
IList <string> errors = validator.ValidateAuthorizationConfig(authzProperties);
Assert.Equal(4, errors.Count);
Assert.Equal("Statement 0: Identity name is invalid: ", errors[0]);
Assert.Equal("Statement 0: Deny: Resources list must not be empty", errors[1]);
Assert.Equal("Statement 1: Identities list must not be empty", errors[2]);
Assert.Equal("Statement 1: Allow: Operations list must not be empty", errors[3]);
}
public static EdgeHubDesiredProperties_1_2 GetTestData()
{
var statement1 = new AuthorizationProperties.Statement(
identities: new List <string>
{
"device_1",
"device_3"
},
allow: new List <AuthorizationProperties.Rule>
{
new AuthorizationProperties.Rule(
operations: new List <string>
{
"mqtt:publish",
"mqtt:subscribe"
},
resources: new List <string>
{
"topic/a",
"topic/b"
})
},
deny: new List <AuthorizationProperties.Rule>
{
new AuthorizationProperties.Rule(
operations: new List <string>
{
"mqtt:publish"
},
resources: new List <string>
{
"system/alerts/+",
"core/#"
})
});
var statement2 = new AuthorizationProperties.Statement(
identities: new List <string>
{
"device_2"
},
allow: new List <AuthorizationProperties.Rule>
{
new AuthorizationProperties.Rule(
operations: new List <string>
{
"mqtt:publish",
"mqtt:subscribe"
},
resources: new List <string>
{
"topic1",
"topic2"
})
},
deny: new List <AuthorizationProperties.Rule>());
var authzProperties = new AuthorizationProperties {
statement1, statement2
};
var bridgeConfig = new BridgeConfig
{
new Bridge("$upstream", new List <Settings>
{
new Settings(Direction.In, "topic/a", "local/", "remote/")
}),
new Bridge("floor2", new List <Settings>
{
new Settings(Direction.Out, "/topic/b", "local", "remote")
})
};
var brokerProperties = new BrokerProperties(bridgeConfig, authzProperties);
var properties = new EdgeHubDesiredProperties_1_2(
"1.2.0",
new Dictionary <string, RouteSpec>(),
new StoreAndForwardConfiguration(100),
brokerProperties);
return(properties);
}
public void GetEdgeHubConfig_ValidInput_MappingIsCorrect()
{
var validator = new Mock <BrokerPropertiesValidator>();
validator
.Setup(v => v.ValidateAuthorizationConfig(It.IsAny <AuthorizationProperties>()))
.Returns(new List <string>());
validator
.Setup(v => v.ValidateBridgeConfig(It.IsAny <BridgeConfig>()))
.Returns(new List <string>());
var routeFactory = new EdgeRouteFactory(new Mock <IEndpointFactory>().Object);
var configParser = new EdgeHubConfigParser(routeFactory, validator.Object);
EdgeHubDesiredProperties_1_2 properties = ConfigTestData.GetTestData();
// act
EdgeHubConfig result = configParser.GetEdgeHubConfig(properties);
// assert
validator.Verify(v => v.ValidateAuthorizationConfig(properties.BrokerConfiguration.Authorizations), Times.Once());
Assert.Equal("1.2.0", result.SchemaVersion);
AuthorizationConfig authzConfig = result
.BrokerConfiguration
.Expect(() => new InvalidOperationException("missing broker config"))
.Authorizations
.Expect(() => new InvalidOperationException("missing authorization config"));
Assert.Equal(3, authzConfig.Statements.Count);
var result0 = authzConfig.Statements[0];
Assert.Equal(Effect.Deny, result0.Effect);
Assert.Equal(2, result0.Identities.Count);
Assert.Equal("device_1", result0.Identities[0]);
Assert.Equal("device_3", result0.Identities[1]);
Assert.Equal(1, result0.Operations.Count);
Assert.Equal("mqtt:publish", result0.Operations[0]);
Assert.Equal(2, result0.Resources.Count);
Assert.Equal("system/alerts/+", result0.Resources[0]);
Assert.Equal("core/#", result0.Resources[1]);
var result1 = authzConfig.Statements[1];
Assert.Equal(Effect.Allow, result1.Effect);
Assert.Equal(2, result1.Identities.Count);
Assert.Equal("device_1", result1.Identities[0]);
Assert.Equal("device_3", result1.Identities[1]);
Assert.Equal(2, result1.Operations.Count);
Assert.Equal("mqtt:publish", result1.Operations[0]);
Assert.Equal("mqtt:subscribe", result1.Operations[1]);
Assert.Equal(2, result1.Resources.Count);
Assert.Equal("topic/a", result1.Resources[0]);
Assert.Equal("topic/b", result1.Resources[1]);
var result2 = authzConfig.Statements[2];
Assert.Equal(Effect.Allow, result2.Effect);
Assert.Equal(1, result2.Identities.Count);
Assert.Equal("device_2", result2.Identities[0]);
Assert.Equal(2, result2.Operations.Count);
Assert.Equal("mqtt:publish", result2.Operations[0]);
Assert.Equal("mqtt:subscribe", result2.Operations[1]);
Assert.Equal(2, result2.Resources.Count);
Assert.Equal("topic1", result2.Resources[0]);
Assert.Equal("topic2", result2.Resources[1]);
}