示例#1
0
        public void GetEdgeHubConfig_AuthorizationValidatorReturnsError_ExpectedException()
        {
            var validator = new Mock <BrokerPropertiesValidator>();

            validator
            .Setup(v => v.ValidateAuthorizationConfig(It.IsAny <AuthorizationProperties>()))
            .Returns(new List <string> {
                "Validation error has occurred"
            });

            var routeFactory = new EdgeRouteFactory(new Mock <IEndpointFactory>().Object);
            var configParser = new EdgeHubConfigParser(routeFactory, validator.Object);

            var authzProperties = new AuthorizationProperties
            {
                new AuthorizationProperties.Statement(
                    identities: new List <string>
                {
                    "device_1",
                    "device_3"
                },
                    allow: new List <AuthorizationProperties.Rule>(),
                    deny: new List <AuthorizationProperties.Rule>())
            };

            var brokerProperties = new BrokerProperties(new BridgeConfig(), authzProperties);
            var properties       = new EdgeHubDesiredProperties_1_2(
                "1.2.0",
                new Dictionary <string, RouteSpec>(),
                new StoreAndForwardConfiguration(100),
                brokerProperties);

            // assert
            Assert.Throws <InvalidOperationException>(() => configParser.GetEdgeHubConfig(properties));
        }
示例#2
0
        public void ValidateBridgeConfig_ValidInput()
        {
            var validator = new BrokerPropertiesValidator();

            EdgeHubDesiredProperties_1_2 properties = ConfigTestData.GetTestData();

            IList <string> errors = validator.ValidateBridgeConfig(properties.BrokerConfiguration.Bridges);

            Assert.Equal(0, errors.Count);
        }
示例#3
0
        public void ValidateAuthorizationConfig_EmptyResourceAllowedForConnectOperation()
        {
            var validator = new BrokerPropertiesValidator();

            EdgeHubDesiredProperties_1_2 properties = ConfigTestData.GetTestData();

            var authzProperties = properties.BrokerConfiguration.Authorizations;

            // arrange connect op with no resources.
            authzProperties[0].Deny[0].Operations.Clear();
            authzProperties[0].Deny[0].Operations.Insert(0, "mqtt:connect");
            authzProperties[0].Deny[0].Resources.Clear();

            IList <string> errors = validator.ValidateAuthorizationConfig(authzProperties);

            Assert.Equal(0, errors.Count);
        }
示例#4
0
        public void ValidateAuthorizationConfig_InvalidTopicFilters()
        {
            var validator = new BrokerPropertiesValidator();

            EdgeHubDesiredProperties_1_2 properties = ConfigTestData.GetTestData();

            var authzProperties = properties.BrokerConfiguration.Authorizations;

            // arrange some errors
            authzProperties[0].Deny[0].Resources[0]  = "topic/#/";
            authzProperties[1].Allow[0].Resources[0] = "topic+";

            IList <string> errors = validator.ValidateAuthorizationConfig(authzProperties);

            Assert.Equal(2, errors.Count);
            Assert.Equal("Statement 0: Deny: Resource (topic filter) is invalid: topic/#/", errors[0]);
            Assert.Equal("Statement 1: Allow: Resource (topic filter) is invalid: topic+", errors[1]);
        }
示例#5
0
        public void ValidateAuthorizationConfig_InvalidVariableNames()
        {
            var validator = new BrokerPropertiesValidator();

            EdgeHubDesiredProperties_1_2 properties = ConfigTestData.GetTestData();

            var authzProperties = properties.BrokerConfiguration.Authorizations;

            // arrange some errors
            authzProperties[0].Identities[0]         = "{{anywhat}}";
            authzProperties[1].Allow[0].Resources[0] = "topic/{{invalid}}/{{myothervar}}";

            IList <string> errors = validator.ValidateAuthorizationConfig(authzProperties);

            Assert.Equal(3, errors.Count);
            Assert.Equal("Statement 0: Invalid variable name: {{anywhat}}", errors[0]);
            Assert.Equal("Statement 1: Invalid variable name: {{invalid}}", errors[1]);
            Assert.Equal("Statement 1: Invalid variable name: {{myothervar}}", errors[2]);
        }
示例#6
0
        public void ValidateAuthorizationConfig_InvalidOperation()
        {
            var validator = new BrokerPropertiesValidator();

            EdgeHubDesiredProperties_1_2 properties = ConfigTestData.GetTestData();

            var authzProperties = properties.BrokerConfiguration.Authorizations;

            // arrange some errors
            authzProperties[0].Deny[0].Operations[0] = "invalid";

            IList <string> errors = validator.ValidateAuthorizationConfig(authzProperties);

            Assert.Equal(1, errors.Count);
            Assert.Equal(
                "Statement 0: Deny: Unknown mqtt operation: invalid. "
                + "List of supported operations: mqtt:publish, mqtt:subscribe, mqtt:connect",
                errors[0]);
        }
示例#7
0
        public void ValidateAuthorizationConfig_EmptyElements()
        {
            var validator = new BrokerPropertiesValidator();

            EdgeHubDesiredProperties_1_2 properties = ConfigTestData.GetTestData();

            var authzProperties = properties.BrokerConfiguration.Authorizations;

            // arrange some errors
            authzProperties[0].Identities[0] = string.Empty;
            authzProperties[0].Deny[0].Resources.Clear();
            authzProperties[1].Identities.Clear();
            authzProperties[1].Allow[0].Operations.Clear();

            IList <string> errors = validator.ValidateAuthorizationConfig(authzProperties);

            Assert.Equal(4, errors.Count);
            Assert.Equal("Statement 0: Identity name is invalid: ", errors[0]);
            Assert.Equal("Statement 0: Deny: Resources list must not be empty", errors[1]);
            Assert.Equal("Statement 1: Identities list must not be empty", errors[2]);
            Assert.Equal("Statement 1: Allow: Operations list must not be empty", errors[3]);
        }
示例#8
0
        public static EdgeHubDesiredProperties_1_2 GetTestData()
        {
            var statement1 = new AuthorizationProperties.Statement(
                identities: new List <string>
            {
                "device_1",
                "device_3"
            },
                allow: new List <AuthorizationProperties.Rule>
            {
                new AuthorizationProperties.Rule(
                    operations: new List <string>
                {
                    "mqtt:publish",
                    "mqtt:subscribe"
                },
                    resources: new List <string>
                {
                    "topic/a",
                    "topic/b"
                })
            },
                deny: new List <AuthorizationProperties.Rule>
            {
                new AuthorizationProperties.Rule(
                    operations: new List <string>
                {
                    "mqtt:publish"
                },
                    resources: new List <string>
                {
                    "system/alerts/+",
                    "core/#"
                })
            });

            var statement2 = new AuthorizationProperties.Statement(
                identities: new List <string>
            {
                "device_2"
            },
                allow: new List <AuthorizationProperties.Rule>
            {
                new AuthorizationProperties.Rule(
                    operations: new List <string>
                {
                    "mqtt:publish",
                    "mqtt:subscribe"
                },
                    resources: new List <string>
                {
                    "topic1",
                    "topic2"
                })
            },
                deny: new List <AuthorizationProperties.Rule>());

            var authzProperties = new AuthorizationProperties {
                statement1, statement2
            };
            var bridgeConfig = new BridgeConfig
            {
                new Bridge("$upstream", new List <Settings>
                {
                    new Settings(Direction.In, "topic/a", "local/", "remote/")
                }),
                new Bridge("floor2", new List <Settings>
                {
                    new Settings(Direction.Out, "/topic/b", "local", "remote")
                })
            };

            var brokerProperties = new BrokerProperties(bridgeConfig, authzProperties);
            var properties       = new EdgeHubDesiredProperties_1_2(
                "1.2.0",
                new Dictionary <string, RouteSpec>(),
                new StoreAndForwardConfiguration(100),
                brokerProperties);

            return(properties);
        }
示例#9
0
        public void GetEdgeHubConfig_ValidInput_MappingIsCorrect()
        {
            var validator = new Mock <BrokerPropertiesValidator>();

            validator
            .Setup(v => v.ValidateAuthorizationConfig(It.IsAny <AuthorizationProperties>()))
            .Returns(new List <string>());
            validator
            .Setup(v => v.ValidateBridgeConfig(It.IsAny <BridgeConfig>()))
            .Returns(new List <string>());

            var routeFactory = new EdgeRouteFactory(new Mock <IEndpointFactory>().Object);
            var configParser = new EdgeHubConfigParser(routeFactory, validator.Object);

            EdgeHubDesiredProperties_1_2 properties = ConfigTestData.GetTestData();

            // act
            EdgeHubConfig result = configParser.GetEdgeHubConfig(properties);

            // assert
            validator.Verify(v => v.ValidateAuthorizationConfig(properties.BrokerConfiguration.Authorizations), Times.Once());

            Assert.Equal("1.2.0", result.SchemaVersion);
            AuthorizationConfig authzConfig = result
                                              .BrokerConfiguration
                                              .Expect(() => new InvalidOperationException("missing broker config"))
                                              .Authorizations
                                              .Expect(() => new InvalidOperationException("missing authorization config"));

            Assert.Equal(3, authzConfig.Statements.Count);

            var result0 = authzConfig.Statements[0];

            Assert.Equal(Effect.Deny, result0.Effect);
            Assert.Equal(2, result0.Identities.Count);
            Assert.Equal("device_1", result0.Identities[0]);
            Assert.Equal("device_3", result0.Identities[1]);
            Assert.Equal(1, result0.Operations.Count);
            Assert.Equal("mqtt:publish", result0.Operations[0]);
            Assert.Equal(2, result0.Resources.Count);
            Assert.Equal("system/alerts/+", result0.Resources[0]);
            Assert.Equal("core/#", result0.Resources[1]);

            var result1 = authzConfig.Statements[1];

            Assert.Equal(Effect.Allow, result1.Effect);
            Assert.Equal(2, result1.Identities.Count);
            Assert.Equal("device_1", result1.Identities[0]);
            Assert.Equal("device_3", result1.Identities[1]);
            Assert.Equal(2, result1.Operations.Count);
            Assert.Equal("mqtt:publish", result1.Operations[0]);
            Assert.Equal("mqtt:subscribe", result1.Operations[1]);
            Assert.Equal(2, result1.Resources.Count);
            Assert.Equal("topic/a", result1.Resources[0]);
            Assert.Equal("topic/b", result1.Resources[1]);

            var result2 = authzConfig.Statements[2];

            Assert.Equal(Effect.Allow, result2.Effect);
            Assert.Equal(1, result2.Identities.Count);
            Assert.Equal("device_2", result2.Identities[0]);
            Assert.Equal(2, result2.Operations.Count);
            Assert.Equal("mqtt:publish", result2.Operations[0]);
            Assert.Equal("mqtt:subscribe", result2.Operations[1]);
            Assert.Equal(2, result2.Resources.Count);
            Assert.Equal("topic1", result2.Resources[0]);
            Assert.Equal("topic2", result2.Resources[1]);
        }