Author: rajith
Date: Tue Oct 21 20:29:32 2008
New Revision: 706850
URL: http://svn.apache.org/viewvc?rev=706850&view=rev
Log:
This is for QPID-1363
These tests creates an acl file and use the acl.reloadAclFile method to
reconfigure the broker.
The tests are run as part of make check
Added:
incubator/qpid/trunk/qpid/cpp/src/tests/acl.py (with props)
incubator/qpid/trunk/qpid/cpp/src/tests/policy.acl
incubator/qpid/trunk/qpid/cpp/src/tests/run_acl_tests (with props)
Modified:
incubator/qpid/trunk/qpid/cpp/src/tests/Makefile.am
Modified: incubator/qpid/trunk/qpid/cpp/src/tests/Makefile.am
URL:
http://svn.apache.org/viewvc/incubator/qpid/trunk/qpid/cpp/src/tests/Makefile.am?rev=706850&r1=706849&r2=706850&view=diff
==============================================================================
--- incubator/qpid/trunk/qpid/cpp/src/tests/Makefile.am (original)
+++ incubator/qpid/trunk/qpid/cpp/src/tests/Makefile.am Tue Oct 21 20:29:32 2008
@@ -131,7 +131,7 @@
TESTS_ENVIRONMENT = VALGRIND=$(VALGRIND) srcdir=$(srcdir) QPID_DATA_DIR=
$(srcdir)/run_test
system_tests = client_test quick_perftest quick_topictest
-TESTS += start_broker $(system_tests) python_tests stop_broker
run_federation_tests
+TESTS += start_broker $(system_tests) python_tests stop_broker
run_federation_tests run_acl_tests
EXTRA_DIST += \
run_test vg_check \
@@ -140,6 +140,7 @@
quick_perftest \
topictest \
run_federation_tests \
+ run_acl_tests
\
.valgrind.supp \
MessageUtils.h \
TestMessageStore.h \
Added: incubator/qpid/trunk/qpid/cpp/src/tests/acl.py
URL:
http://svn.apache.org/viewvc/incubator/qpid/trunk/qpid/cpp/src/tests/acl.py?rev=706850&view=auto
==============================================================================
--- incubator/qpid/trunk/qpid/cpp/src/tests/acl.py (added)
+++ incubator/qpid/trunk/qpid/cpp/src/tests/acl.py Tue Oct 21 20:29:32 2008
@@ -0,0 +1,459 @@
+#!/usr/bin/env python
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+
+import sys
+import qpid
+from qpid.util import connect
+from qpid.connection import Connection
+from qpid.datatypes import uuid4
+from qpid.testlib import TestBase010, testrunner
+from qpid.qmfconsole import Session
+from qpid.datatypes import Message
+
+def scan_args(name, default=None, args=sys.argv[1:]):
+ if (name in args):
+ pos = args.index(name)
+ return args[pos + 1]
+ elif default:
+ return default
+ else:
+ print "Please specify extra argument: %s" % name
+ sys.exit(2)
+
+def extract_args(name, args):
+ if (name in args):
+ pos = args.index(name)
+ del args[pos:pos+2]
+ else:
+ return None
+
+def get_broker_port():
+ return scan_args("--port", "5672")
+
+def get_session(user, passwd):
+ socket = connect('127.0.0.1', int(get_broker_port()))
+ connection = Connection (sock=socket, username=user, password=passwd)
+ connection.start()
+ return connection.session(str(uuid4()))
+
+class ACLFile:
+ def __init__(self):
+ self.f = open('data_dir/policy.acl','w');
+
+ def write(self,line):
+ self.f.write(line)
+
+ def close(self):
+ self.f.close()
+
+class ACLTests(TestBase010):
+
+ def reload_acl(self):
+ acl = self.qmf.getObjects(_class="acl")[0]
+ return acl.reloadACLFile()
+
+ def setUp(self):
+ aclf = ACLFile()
+ aclf.write('acl allow all all\n')
+ aclf.close()
+ TestBase010.setUp(self)
+ self.startQmf()
+ self.reload_acl()
+
+ #=====================================
+ # ACL general tests
+ #=====================================
+
+ def test_deny_all(self):
+ """
+ Test the deny all mode
+ """
+ aclf = ACLFile()
+ aclf.write('acl allow [EMAIL PROTECTED] all all\n')
+ aclf.write('acl allow [EMAIL PROTECTED] create queue\n')
+ aclf.write('acl deny all all')
+ aclf.close()
+
+ self.reload_acl()
+
+ session = get_session('bob','bob')
+ try:
+ session.queue_declare(queue="deny_queue")
+ except qpid.session.SessionException, e:
+ if (530 == e.args[0].error_code):
+ self.fail("ACL should allow queue create request");
+ self.fail("Error during queue create request");
+
+ try:
+ session.exchange_bind(exchange="amq.direct", queue="deny_queue",
binding_key="routing_key")
+ self.fail("ACL should deny queue bind request");
+ except qpid.session.SessionException, e:
+ self.assertEqual(530,e.args[0].error_code)
+
+ def test_allow_all(self):
+ """
+ Test the allow all mode
+ """
+ aclf = ACLFile()
+ aclf.write('acl deny [EMAIL PROTECTED] bind exchange\n')
+ aclf.write('acl allow all all')
+ aclf.close()
+
+ self.reload_acl()
+
+ session = get_session('bob','bob')
+ try:
+ session.queue_declare(queue="allow_queue")
+ except qpid.session.SessionException, e:
+ if (530 == e.args[0].error_code):
+ self.fail("ACL should allow queue create request");
+ self.fail("Error during queue create request");
+
+ try:
+ session.exchange_bind(exchange="amq.direct", queue="allow_queue",
binding_key="routing_key")
+ self.fail("ACL should deny queue bind request");
+ except qpid.session.SessionException, e:
+ self.assertEqual(530,e.args[0].error_code)
+
+
+ #=====================================
+ # ACL file format tests
+ #=====================================
+
+ def test_empty_groups(self):
+ """
+ Test empty groups
+ """
+ aclf = ACLFile()
+ aclf.write('acl group\n')
+ aclf.write('acl group admins [EMAIL PROTECTED] [EMAIL PROTECTED]')
+ aclf.write('acl allow all all')
+ aclf.close()
+
+ result = self.reload_acl()
+ if (result.text.find("Insufficient tokens for acl
definition",0,len(result.text)) == -1):
+ self.fail("ACL Reader should reject the acl file due to empty
group name")
+
+ def test_illegal_acl_formats(self):
+ """
+ Test illegal acl formats
+ """
+ aclf = ACLFile()
+ aclf.write('acl group admins [EMAIL PROTECTED] [EMAIL PROTECTED]')
+ aclf.write('acl allow all all')
+ aclf.close()
+
+ result = self.reload_acl()
+ if (result.text.find("Unknown ACL permission",0,len(result.text)) ==
-1):
+ self.fail(result)
+
+ def test_illegal_extension_lines(self):
+ """
+ Test illegal extension lines
+ """
+
+ aclf = ACLFile()
+ aclf.write('group admins [EMAIL PROTECTED] \ ')
+ aclf.write(' \ \n')
+ aclf.write('[EMAIL PROTECTED] \n')
+ aclf.write('acl allow all all')
+ aclf.close()
+
+ result = self.reload_acl()
+ if (result.text.find("contains illegal characters",0,len(result.text))
== -1):
+ self.fail(result)
+
+
+
+ #=====================================
+ # ACL queue tests
+ #=====================================
+
+ def test_queue_acl(self):
+ """
+ Test various modes for queue acl
+ """
+ aclf = ACLFile()
+ aclf.write('acl deny [EMAIL PROTECTED] create queue name=q1
durable=true passive=true\n')
+ aclf.write('acl deny [EMAIL PROTECTED] create queue name=q2
exclusive=true\n')
+ aclf.write('acl deny [EMAIL PROTECTED] access queue name=q3\n')
+ aclf.write('acl deny [EMAIL PROTECTED] purge queue name=q3\n')
+ aclf.write('acl deny [EMAIL PROTECTED] delete queue name=q4\n')
+ aclf.write('acl allow all all')
+ aclf.close()
+
+ self.reload_acl()
+
+ session = get_session('bob','bob')
+
+ try:
+ session.queue_declare(queue="q1", durable='true', passive='true')
+ self.fail("ACL should deny queue create request with name=q1
durable=true passive=true");
+ except qpid.session.SessionException, e:
+ self.assertEqual(530,e.args[0].error_code)
+ session = get_session('bob','bob')
+
+ try:
+ session.queue_declare(queue="q2", exclusive='true')
+ self.fail("ACL should deny queue create request with name=q2
exclusive=true");
+ except qpid.session.SessionException, e:
+ self.assertEqual(530,e.args[0].error_code)
+ session = get_session('bob','bob')
+
+ try:
+ session.queue_declare(queue="q3", exclusive='true')
+ session.queue_declare(queue="q4", durable='true')
+ except qpid.session.SessionException, e:
+ if (530 == e.args[0].error_code):
+ self.fail("ACL should allow queue create request for q3 and q4
with any parameter");
+
+ try:
+ session.queue_query(queue="q3")
+ self.fail("ACL should deny queue query request for q3");
+ except qpid.session.SessionException, e:
+ self.assertEqual(530,e.args[0].error_code)
+ session = get_session('bob','bob')
+
+ try:
+ session.queue_purge(queue="q3")
+ self.fail("ACL should deny queue purge request for q3");
+ except qpid.session.SessionException, e:
+ self.assertEqual(530,e.args[0].error_code)
+ session = get_session('bob','bob')
+
+ try:
+ session.queue_purge(queue="q4")
+ except qpid.session.SessionException, e:
+ if (530 == e.args[0].error_code):
+ self.fail("ACL should allow queue purge request for q4");
+
+ try:
+ session.queue_delete(queue="q4")
+ self.fail("ACL should deny queue delete request for q4");
+ except qpid.session.SessionException, e:
+ self.assertEqual(530,e.args[0].error_code)
+ session = get_session('bob','bob')
+
+ try:
+ session.queue_delete(queue="q3")
+ except qpid.session.SessionException, e:
+ if (530 == e.args[0].error_code):
+ self.fail("ACL should allow queue delete request for q3");
+
+ #=====================================
+ # ACL exchange tests
+ #=====================================
+
+ def test_exchange_acl(self):
+ """
+ Test various modes for exchange acl
+ """
+ aclf = ACLFile()
+ aclf.write('acl deny [EMAIL PROTECTED] create exchange name=testEx
durable=true passive=true\n')
+ aclf.write('acl deny [EMAIL PROTECTED] create exchange name=ex1
type=direct\n')
+ aclf.write('acl deny [EMAIL PROTECTED] access exchange name=myEx\n')
+ aclf.write('acl deny [EMAIL PROTECTED] bind exchange name=myEx
queuename=q1 routingkey=rk1\n')
+ aclf.write('acl deny [EMAIL PROTECTED] unbind exchange name=myEx
queuename=q1 routingkey=rk1\n')
+ aclf.write('acl deny [EMAIL PROTECTED] delete exchange name=myEx\n')
+ aclf.write('acl allow all all')
+ aclf.close()
+
+ self.reload_acl()
+
+ session = get_session('bob','bob')
+
+ try:
+ session.exchange_declare(exchange='testEx', durable='true',
passive='true')
+ self.fail("ACL should deny exchange create request with
name=testEx durable=true passive=true");
+ except qpid.session.SessionException, e:
+ self.assertEqual(530,e.args[0].error_code)
+ session = get_session('bob','bob')
+
+ try:
+ session.exchange_declare(exchange='ex1', type='direct')
+ self.fail("ACL should deny exchange create request with name=ex1
type=direct");
+ except qpid.session.SessionException, e:
+ self.assertEqual(530,e.args[0].error_code)
+ session = get_session('bob','bob')
+
+ try:
+ session.exchange_declare(exchange='myXml', type='direct')
+ session.queue_declare(queue='q1')
+ except qpid.session.SessionException, e:
+ if (530 == e.args[0].error_code):
+ self.fail("ACL should allow exchange create request for myXml
with any parameter");
+
+ try:
+ session.exchange_query(name='myEx')
+ self.fail("ACL should deny queue query request for q3");
+ except qpid.session.SessionException, e:
+ self.assertEqual(530,e.args[0].error_code)
+ session = get_session('bob','bob')
+
+ try:
+ session.exchange_bind(exchange='myEx', queue='q1',
binding_key='rk1')
+ self.fail("ACL should deny exchange bind request with
exchange='myEx' queuename='q1' bindingkey='rk1'");
+ except qpid.session.SessionException, e:
+ self.assertEqual(530,e.args[0].error_code)
+ session = get_session('bob','bob')
+
+ try:
+ session.exchange_bind(exchange='myXml', queue='q1',
binding_key='x')
+ except qpid.session.SessionException, e:
+ if (530 == e.args[0].error_code):
+ self.fail("ACL should allow exchange bind request for
exchange='myXml', queue='q1', binding_key='x'");
+ try:
+ session.exchange_unbind(exchange='myEx', queue='q1',
binding_key='rk1')
+ self.fail("ACL should deny exchange unbind request with
exchange='myEx' queuename='q1' bindingkey='rk1'");
+ except qpid.session.SessionException, e:
+ self.assertEqual(530,e.args[0].error_code)
+ session = get_session('bob','bob')
+
+ try:
+ session.exchange_unbind(exchange='myXml', queue='q1',
binding_key='x')
+ except qpid.session.SessionException, e:
+ if (530 == e.args[0].error_code):
+ self.fail("ACL should allow exchange unbind request for
exchange='myXml', queue='q1', binding_key='x'");
+
+ try:
+ session.exchange_delete(exchange='myEx')
+ self.fail("ACL should deny exchange delete request for myEx");
+ except qpid.session.SessionException, e:
+ self.assertEqual(530,e.args[0].error_code)
+ session = get_session('bob','bob')
+
+ try:
+ session.exchange_delete(exchange='myXml')
+ except qpid.session.SessionException, e:
+ if (530 == e.args[0].error_code):
+ self.fail("ACL should allow exchange delete request for
myXml");
+
+
+ #=====================================
+ # ACL consume tests
+ #=====================================
+
+ def test_consume_acl(self):
+ """
+ Test various consume acl
+ """
+ aclf = ACLFile()
+ aclf.write('acl deny [EMAIL PROTECTED] consume queue name=q1
durable=true\n')
+ aclf.write('acl deny [EMAIL PROTECTED] consume queue name=q2
exclusive=true\n')
+ aclf.write('acl allow all all')
+ aclf.close()
+
+ self.reload_acl()
+
+ session = get_session('bob','bob')
+
+
+ try:
+ session.queue_declare(queue='q1', durable='true')
+ session.queue_declare(queue='q2', exclusive='true')
+ session.queue_declare(queue='q3', durable='true')
+ except qpid.session.SessionException, e:
+ if (530 == e.args[0].error_code):
+ self.fail("ACL should allow create queue request");
+
+ try:
+ session.message_subscribe(queue='q1', destination='myq1')
+ self.fail("ACL should deny message subscriber request for
queue='q1'");
+ except qpid.session.SessionException, e:
+ self.assertEqual(530,e.args[0].error_code)
+ session = get_session('bob','bob')
+
+ try:
+ session.message_subscribe(queue='q2', destination='myq1')
+ self.fail("ACL should deny message subscriber request for
queue='q2'");
+ except qpid.session.SessionException, e:
+ self.assertEqual(530,e.args[0].error_code)
+ session = get_session('bob','bob')
+
+ try:
+ session.message_subscribe(queue='q3', destination='myq1')
+ except qpid.session.SessionException, e:
+ if (530 == e.args[0].error_code):
+ self.fail("ACL should allow create message subscribe");
+
+
+ #=====================================
+ # ACL publish tests
+ #=====================================
+
+ def test_publish_acl(self):
+ """
+ Test various publish acl
+ """
+ aclf = ACLFile()
+ aclf.write('acl deny [EMAIL PROTECTED] publish exchange
name=amq.direct routingkey=rk1\n')
+ aclf.write('acl deny [EMAIL PROTECTED] publish exchange
name=amq.topic\n')
+ aclf.write('acl deny [EMAIL PROTECTED] publish exchange name=myEx
routingkey=rk2\n')
+ aclf.write('acl allow all all')
+ aclf.close()
+
+ self.reload_acl()
+
+ session = get_session('bob','bob')
+
+ try:
+ session.exchange_declare(exchange='myEx', type='topic')
+ except qpid.session.SessionException, e:
+ if (530 == e.args[0].error_code):
+ self.fail("ACL should allow exchange create request for myEx
with any parameter");
+
+ props = session.delivery_properties(routing_key="rk1")
+
+ try:
+ session.message_transfer(destination="amq.direct",
message=Message(props,"Test"))
+ self.fail("ACL should deny message transfer to name=amq.direct
routingkey=rk1");
+ except qpid.session.SessionException, e:
+ self.assertEqual(530,e.args[0].error_code)
+ session = get_session('bob','bob')
+
+ try:
+ session.message_transfer(destination="amq.topic",
message=Message(props,"Test"))
+ self.fail("ACL should deny message transfer to name=amq.topic");
+ except qpid.session.SessionException, e:
+ self.assertEqual(530,e.args[0].error_code)
+ session = get_session('bob','bob')
+
+ try:
+ session.message_transfer(destination="myEx",
message=Message(props,"Test"))
+ except qpid.session.SessionException, e:
+ if (530 == e.args[0].error_code):
+ self.fail("ACL should allow message transfer to exchange myEx
with routing key rk1");
+
+
+ props = session.delivery_properties(routing_key="rk2")
+ try:
+ session.message_transfer(destination="amq.direct",
message=Message(props,"Test"))
+ except qpid.session.SessionException, e:
+ if (530 == e.args[0].error_code):
+ self.fail("ACL should allow message transfer to exchange
amq.direct");
+
+
+if __name__ == '__main__':
+ args = sys.argv[1:]
+ #need to remove the extra options from args as test runner doesn't
recognize them
+ extract_args("--port", args)
+ args.append("acl")
+
+ if not testrunner.run(args): sys.exit(1)
\ No newline at end of file
Propchange: incubator/qpid/trunk/qpid/cpp/src/tests/acl.py
------------------------------------------------------------------------------
svn:executable = *
Added: incubator/qpid/trunk/qpid/cpp/src/tests/policy.acl
URL:
http://svn.apache.org/viewvc/incubator/qpid/trunk/qpid/cpp/src/tests/policy.acl?rev=706850&view=auto
==============================================================================
--- incubator/qpid/trunk/qpid/cpp/src/tests/policy.acl (added)
+++ incubator/qpid/trunk/qpid/cpp/src/tests/policy.acl Tue Oct 21 20:29:32 2008
@@ -0,0 +1 @@
+acl allow all all
Added: incubator/qpid/trunk/qpid/cpp/src/tests/run_acl_tests
URL:
http://svn.apache.org/viewvc/incubator/qpid/trunk/qpid/cpp/src/tests/run_acl_tests?rev=706850&view=auto
==============================================================================
--- incubator/qpid/trunk/qpid/cpp/src/tests/run_acl_tests (added)
+++ incubator/qpid/trunk/qpid/cpp/src/tests/run_acl_tests Tue Oct 21 20:29:32
2008
@@ -0,0 +1,32 @@
+#!/bin/sh
+# Run the acl tests.
+MY_DIR=`dirname \`which $0\``
+PYTHON_DIR=${MY_DIR}/../../../python
+
+trap stop_brokers INT TERM QUIT
+
+start_brokers() {
+ ../qpidd --daemon --port 0 --data-dir ${MY_DIR}/data_dir --load-module
../.libs/acl.so --enforce-acl --auth no > qpidd.port
+ LOCAL_PORT=`cat qpidd.port`
+}
+
+stop_brokers() {
+ ../qpidd -q --port $LOCAL_PORT
+}
+
+if test -d ${PYTHON_DIR} ; then
+ mkdir ${MY_DIR}/data_dir
+ cp ${MY_DIR}/policy.acl ${MY_DIR}/data_dir/
+ start_brokers
+ echo "Running acl tests using brokers on ports $LOCAL_PORT"
+ PYTHONPATH=${PYTHON_DIR}
+ export PYTHONPATH
+ ${MY_DIR}/acl.py -v -s ${MY_DIR}/../../../specs/amqp.0-10-qpid-errata.xml
-b localhost:$LOCAL_PORT --port $LOCAL_PORT
+ RETCODE=$?
+ stop_brokers
+ if test x$RETCODE != x0; then
+ echo "FAIL acl tests"; exit 1;
+ fi
+ rm -rf ${MY_DIR}/data_dir
+fi
+
Propchange: incubator/qpid/trunk/qpid/cpp/src/tests/run_acl_tests
------------------------------------------------------------------------------
svn:executable = *
