public void ValidateAuthorizationConfig_ValidInput()
{
var validator = new BrokerPropertiesValidator();
EdgeHubDesiredProperties properties = ConfigTestData.GetTestData();
var authzProperties = properties.BrokerConfiguration.Authorizations;
IList <string> errors = validator.ValidateAuthorizationConfig(authzProperties);
Assert.Equal(0, errors.Count);
}
public void ValidateAuthorizationConfig_EmptyResourceAllowedForConnectOperation()
{
var validator = new BrokerPropertiesValidator();
EdgeHubDesiredProperties properties = ConfigTestData.GetTestData();
var authzProperties = properties.BrokerConfiguration.Authorizations;
// arrange connect op with no resources.
authzProperties[0].Deny[0].Operations.Clear();
authzProperties[0].Deny[0].Operations.Insert(0, "mqtt:connect");
authzProperties[0].Deny[0].Resources.Clear();
IList <string> errors = validator.ValidateAuthorizationConfig(authzProperties);
Assert.Equal(0, errors.Count);
}
public void ValidateAuthorizationConfig_InvalidTopicFilters()
{
var validator = new BrokerPropertiesValidator();
EdgeHubDesiredProperties properties = ConfigTestData.GetTestData();
var authzProperties = properties.BrokerConfiguration.Authorizations;
// arrange some errors
authzProperties[0].Deny[0].Resources[0] = "topic/#/";
authzProperties[1].Allow[0].Resources[0] = "topic+";
IList <string> errors = validator.ValidateAuthorizationConfig(authzProperties);
Assert.Equal(2, errors.Count);
Assert.Equal("Statement 0: Deny: Resource (topic filter) is invalid: topic/#/", errors[0]);
Assert.Equal("Statement 1: Allow: Resource (topic filter) is invalid: topic+", errors[1]);
}
public void ValidateAuthorizationConfig_InvalidVariableNames()
{
var validator = new BrokerPropertiesValidator();
EdgeHubDesiredProperties properties = ConfigTestData.GetTestData();
var authzProperties = properties.BrokerConfiguration.Authorizations;
// arrange some errors
authzProperties[0].Identities[0] = "{{anywhat}}";
authzProperties[1].Allow[0].Resources[0] = "topic/{{invalid}}/{{myothervar}}";
IList <string> errors = validator.ValidateAuthorizationConfig(authzProperties);
Assert.Equal(3, errors.Count);
Assert.Equal("Statement 0: Invalid variable name: {{anywhat}}", errors[0]);
Assert.Equal("Statement 1: Invalid variable name: {{invalid}}", errors[1]);
Assert.Equal("Statement 1: Invalid variable name: {{myothervar}}", errors[2]);
}
public void ValidateAuthorizationConfig_InvalidOperation()
{
var validator = new BrokerPropertiesValidator();
EdgeHubDesiredProperties properties = ConfigTestData.GetTestData();
var authzProperties = properties.BrokerConfiguration.Authorizations;
// arrange some errors
authzProperties[0].Deny[0].Operations[0] = "invalid";
IList <string> errors = validator.ValidateAuthorizationConfig(authzProperties);
Assert.Equal(1, errors.Count);
Assert.Equal(
"Statement 0: Deny: Unknown mqtt operation: invalid. "
+ "List of supported operations: mqtt:publish, mqtt:subscribe, mqtt:connect",
errors[0]);
}
public void ValidateAuthorizationConfig_EmptyElements()
{
var validator = new BrokerPropertiesValidator();
EdgeHubDesiredProperties properties = ConfigTestData.GetTestData();
var authzProperties = properties.BrokerConfiguration.Authorizations;
// arrange some errors
authzProperties[0].Identities[0] = string.Empty;
authzProperties[1].Allow[0].Operations.RemoveAt(0);
authzProperties[1].Allow[0].Operations.RemoveAt(0);
IList <string> errors = validator.ValidateAuthorizationConfig(properties.BrokerConfiguration.Authorizations);
Assert.Equal(2, errors.Count);
Assert.Equal("Statement 0: Identity name is invalid: ", errors[0]);
Assert.Equal("Statement 1: Allow: Operations list must not be empty", errors[1]);
}