diff options
| author | Gordon Sim <gsim@apache.org> | 2015-11-26 22:47:47 +0000 |
|---|---|---|
| committer | Gordon Sim <gsim@apache.org> | 2015-11-26 22:47:47 +0000 |
| commit | f33df5cc5e536ff6d22a01be971d9746c0ece38d (patch) | |
| tree | 4a67027559ec0ded238f472e67820a52bbe81905 | |
| parent | 22051c890795ac692180b88d00d481db6f009701 (diff) | |
| download | qpid-python-f33df5cc5e536ff6d22a01be971d9746c0ece38d.tar.gz | |
QPID-6754: some AMQP 1.0 based acl tests including for 'anonymous relay' pseudo-exchange
git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk@1716780 13f79535-47bb-0310-9956-ffa450edef68
| -rw-r--r-- | qpid/cpp/src/tests/acl_1.py | 378 | ||||
| -rw-r--r-- | qpid/cpp/src/tests/mgmt_1.py | 99 | ||||
| -rw-r--r-- | qpid/cpp/src/tests/policies.py | 75 | ||||
| -rwxr-xr-x | qpid/cpp/src/tests/swig_python_tests | 6 |
4 files changed, 482 insertions, 76 deletions
diff --git a/qpid/cpp/src/tests/acl_1.py b/qpid/cpp/src/tests/acl_1.py new file mode 100644 index 0000000000..5419b87372 --- /dev/null +++ b/qpid/cpp/src/tests/acl_1.py @@ -0,0 +1,378 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# + +from qpid.tests.messaging.implementation import * +from qpid.tests.messaging import VersionTest +from mgmt_1 import Mgmt + +class Policy(object): + def __init__(self): + self.lines = [] + + + def str(self): + return '\n'.join(lines) + +class AclCtrl(object): + def __init__(self, broker, path): + self.policy = path + self.original = self.read() + conn = Connection.establish(broker, protocol='amqp0-10', username='admin', password='admin', sasl_mechanism='PLAIN') + self.agent = Mgmt(conn) + self.agent.create('queue', 'acl_test_queue') + self.lines = [] + + def deny(self, user=None, *args): + self._add_rule('deny', user, *args) + return self + + def allow(self, user=None, *args): + self._add_rule('allow', user, *args) + return self + + def apply(self, allow_admin=True): + if allow_admin: + # admin users needs permission to send a qmf message to + # reload policy + self.lines.insert(0, 'acl allow admin@QPID all all') + self.specify("\n".join(self.lines)) + return self + + def dump(self): + print "\n".join(self.lines) + return self + + def clear(self): + self.lines = [] + return self + + def _add_rule(self, deny_or_allow, user=None, *args): + elements = ['acl', deny_or_allow] + if user: + elements.append("%s@QPID" % user) + else: + elements.append('all') + if len(args) > 0: + for a in args: + elements.append(a) + else: + elements.append('all') + self.lines.append(' '.join(elements)) + + def read(self): + f = open(self.policy,'r') + content = f.read() + f.close() + return content + + def specify(self, acl): + f = open(self.policy,'w') + f.write(acl) + f.close() + self.agent.reload_acl_file() + + def restore(self): + self.agent.delete('queue', 'acl_test_queue') + self.specify(self.original) + self.agent.close() + + +class Acl_AMQP1_Tests (VersionTest): + """ + Tests for acl when accessing qpidd via AMQP 1.0 + """ + def auth_session(self, user): + conn = Connection.establish(self.config.broker, protocol='amqp1.0', username=user, password=user, sasl_mechanism='PLAIN', container_id=user) + return conn.session() + + def setUp(self): + VersionTest.setup(self) + self.acl = AclCtrl(self.config.broker, self.config.defines.get("policy_file")) + self.alice = self.auth_session('alice') + self.bob = self.auth_session('bob') + + def tearDown(self): + self.bob.connection.close() + self.alice.connection.close() + self.acl.restore() + VersionTest.teardown(self) + + def test_deny_sender_to_exchange(self): + self.acl.allow('alice').deny().apply() + try: + self.ssn.sender("amq.topic") + assert False, "anonymous should not be allowed to create sender to amq.topic" + except UnauthorizedAccess: pass + try: + self.bob.sender("amq.topic") + assert False, "bob should not be allowed to create sender to amq.topic" + except UnauthorizedAccess: pass + self.alice.sender("amq.topic") + + def test_deny_sender_to_queue(self): + self.acl.allow('alice').deny().apply() + try: + self.ssn.sender("acl_test_queue") + assert False, "anonymous shound not be allowed to create sender to acl_test_queue" + except UnauthorizedAccess: pass + try: + self.bob.sender("acl_test_queue") + assert False, "bob should not be allowed to create sender to acl_test_queue" + except UnauthorizedAccess: pass + self.alice.sender("acl_test_queue") + + def test_deny_sender_to_unknown(self): + self.acl.allow('alice').deny().apply() + try: + self.ssn.sender("unknown") + assert False, "anonymous should not be allowed to create sender to non-existent node" + except UnauthorizedAccess: pass + try: + self.bob.sender("unknown") + assert False, "bob should not be allowed to create sender to unknown" + except UnauthorizedAccess: pass + try: + self.alice.sender("unknown") + except NotFound: pass + + def test_deny_receiver_to_exchange(self): + self.acl.allow('alice').deny().apply() + try: + self.ssn.receiver("amq.topic") + assert False, "anonymous should not be allowed to create receiver from amq.topic" + except UnauthorizedAccess: pass + try: + self.bob.receiver("amq.topic") + assert False, "bob should not be allowed to create receiver to amq.topic" + except UnauthorizedAccess: pass + self.alice.receiver("amq.topic") + + def test_deny_receiver_to_queue(self): + self.acl.allow('alice').deny().apply() + try: + self.ssn.receiver("acl_test_queue") + assert False, "anonymous should not be allowed to create receiver from acl_test_queue" + except UnauthorizedAccess: pass + try: + self.bob.receiver("acl_test_queue") + assert False, "bob should not be allowed to create receiver to acl_test_queue" + except UnauthorizedAccess: pass + self.alice.receiver("acl_test_queue") + + def test_deny_receiver_to_unknown(self): + self.acl.allow('alice').deny().apply() + try: + self.ssn.receiver("I_dont_exist") + assert False, "anonymous should not be allowed to create receiver from non-existent node" + except UnauthorizedAccess: pass + try: + self.bob.receiver("unknown") + assert False, "bob should not be allowed to create receiver to unknown" + except UnauthorizedAccess: pass + try: + self.alice.receiver("unknown") + except NotFound: pass + + def test_create_for_receiver_from_exchange(self): + self.acl.allow('bob', 'access', 'exchange', 'name=amq.topic') + self.acl.allow('bob', 'access', 'queue', 'name=amq.topic') + self.acl.allow('alice').deny().apply() + try: + self.ssn.receiver("amq.topic") + assert False, "anonymous should not be allowed to create receiver from amq.topic" + except UnauthorizedAccess: pass + try: + self.bob.receiver("amq.topic") + assert False, "bob should not be allowed to create receiver from amq.topic without create permission" + except UnauthorizedAccess: pass + self.alice.receiver("amq.topic") + + def test_bind_for_receiver_from_exchange(self): + self.acl.allow('bob', 'access', 'exchange', 'name=amq.topic') + self.acl.allow('bob', 'access', 'queue', 'name=amq.topic') + self.acl.allow('bob', 'create', 'queue', 'name=bob*') + self.acl.allow('alice').deny().apply() + try: + self.ssn.receiver("amq.topic") + assert False, "anonymous should not be allowed to create receiver from amq.topic" + except UnauthorizedAccess: pass + try: + self.bob.receiver("amq.topic") + assert False, "bob should not be allowed to create receiver from amq.topic without bind permission" + except UnauthorizedAccess: pass + self.alice.receiver("amq.topic") + + def test_consume_for_receiver_from_exchange(self): + self.acl.allow('bob', 'access', 'exchange', 'name=amq.topic') + self.acl.allow('bob', 'access', 'queue', 'name=amq.topic') + self.acl.allow('bob', 'create', 'queue', 'name=bob*') + self.acl.allow('bob', 'bind', 'exchange', 'name=amq.topic') + self.acl.allow('alice').deny().apply() + try: + self.ssn.receiver("amq.topic") + assert False, "anonymous should not be allowed to create receiver from amq.topic" + except UnauthorizedAccess: pass + try: + self.bob.receiver("amq.topic") + assert False, "bob should not be allowed to create receiver from amq.topic without consume permission" + except UnauthorizedAccess: pass + self.alice.receiver("amq.topic") + + def test_required_permissions_for_receiver_from_exchange(self): + self.acl.allow('bob', 'access', 'exchange', 'name=amq.topic') + self.acl.allow('bob', 'access', 'queue', 'name=amq.topic') + self.acl.allow('bob', 'create', 'queue', 'name=bob*') + self.acl.allow('bob', 'bind', 'exchange', 'name=amq.topic') + self.acl.allow('bob', 'consume', 'queue', 'name=bob*') + self.acl.allow('alice').deny().apply() + try: + self.ssn.receiver("amq.topic") + assert False, "anonymous should not be allowed to create receiver from amq.topic" + except UnauthorizedAccess: pass + self.bob.receiver("amq.topic") + try: + self.bob.receiver("amq.direct") + assert False, "bob should not be allowed to create receiver from amq.direct" + except UnauthorizedAccess: pass + + def test_publish_to_exchange(self): + self.acl.allow('bob', 'access', 'exchange', 'name=amq.topic') + self.acl.allow('bob', 'access', 'queue', 'name=amq.topic') + self.acl.allow('bob', 'publish', 'exchange', 'name=amq.topic', 'routingkey=abc') + self.acl.allow('alice').deny().apply() + + sender = self.bob.sender("amq.topic") + sender.send(Message("a message", subject="abc"), sync=True) + try: + sender.send(Message("another", subject="def"), sync=True) + assert False, "bob should not be allowed to send message to amq.topic with subject 'def'" + except UnauthorizedAccess: pass + sender = self.alice.sender("amq.topic") + sender.send(Message("alice's message", subject="abc"), sync=True) + sender.send(Message("another from alice", subject="def"), sync=True) + + def test_publish_to_anonymous_relay(self): + self.acl.allow('bob', 'access', 'exchange', 'name=ANONYMOUS-RELAY') + self.acl.allow('bob', 'access', 'queue', 'name=acl_test_queue') + self.acl.allow('bob', 'publish', 'exchange', 'routingkey=acl_test_queue') + self.acl.allow('bob', 'access', 'exchange', 'name=amq.topic') + self.acl.allow('bob', 'publish', 'exchange', 'name=amq.topic', 'routingkey=abc') + self.acl.allow('alice').deny().apply() + + sender = self.bob.sender("<null>") + sender.send(Message("a message", properties={'x-amqp-to':'acl_test_queue'}), sync=True) + sender.send(Message("another", subject='abc', properties={'x-amqp-to':'amq.topic'}), sync=True) + try: + sender.send(Message("a third", subject='def', properties={'x-amqp-to':'amq.topic'}), sync=True) + assert False, "bob should not be allowed to send message to amq.topic with key 'def'" + except UnauthorizedAccess: pass + sender = self.bob.sender("<null>") + try: + sender.send(Message("a fourth", subject='abc', properties={'x-amqp-to':'amq.direct'}), sync=True) + assert False, "bob should not be allowed to send message to amq.direct" + except UnauthorizedAccess: pass + sender = self.alice.sender("<null>") + sender.send(Message("alice's message", properties={'x-amqp-to':'abc'}), sync=True) + sender.send(Message("another from alice", properties={'x-amqp-to':'def'}), sync=True) + + def test_resolution_for_sender_to_exchange(self): + self.acl.allow('alice', 'access', 'exchange', 'name=amq.topic') + self.acl.allow('alice', 'access', 'queue', 'name=amq.topic') + self.acl.allow('bob', 'access', 'exchange', 'name=amq.topic') + self.acl.deny().apply() + try: + self.ssn.sender("amq.topic") + assert False, "anonymous should not be allowed to create sender to amq.topic" + except UnauthorizedAccess: pass + self.bob.sender("amq.topic; {node:{type:topic}}") + try: + self.bob.sender("amq.topic") + assert False, "bob should not be allowed to create sender to amq.topic without specifying the node type" + except UnauthorizedAccess: pass + self.alice.sender("amq.topic; {node:{type:topic}}") + self.alice.sender("amq.topic") + try: + self.alice.sender("amq.direct") + assert False, "alice should not be allowed to create sender to amq.direct" + except UnauthorizedAccess: pass + + def test_resolution_for_sender_to_queue(self): + self.acl.allow('alice', 'access', 'exchange', 'name=acl_test_queue') + self.acl.allow('alice', 'access', 'queue', 'name=acl_test_queue') + self.acl.allow('alice', 'publish', 'exchange', 'routingkey=acl_test_queue') + self.acl.allow('bob', 'access', 'queue', 'name=acl_test_queue') + self.acl.allow('bob', 'publish', 'exchange', 'routingkey=acl_test_queue') + self.acl.deny().apply() + try: + self.ssn.sender("acl_test_queue") + assert False, "anonymous should not be allowed to create sender to acl_test_queue" + except UnauthorizedAccess: pass + self.bob.sender("acl_test_queue; {node:{type:queue}}") + try: + self.bob.sender("acl_test_queue") + assert False, "bob should not be allowed to create sender to acl_test_queue without specifying the node type" + except UnauthorizedAccess: pass + self.alice.sender("acl_test_queue; {node:{type:queue}}") + self.alice.sender("acl_test_queue") + + def test_resolution_for_receiver_from_exchange(self): + self.acl.allow('alice', 'access', 'exchange', 'name=amq.topic') + self.acl.allow('alice', 'access', 'queue', 'name=amq.topic') + self.acl.allow('alice', 'create', 'queue') + self.acl.allow('alice', 'consume', 'queue') + self.acl.allow('alice', 'bind', 'exchange', 'name=amq.topic') + self.acl.allow('bob', 'access', 'exchange', 'name=amq.topic') + self.acl.allow('bob', 'bind', 'exchange', 'name=amq.topic') + self.acl.allow('bob', 'create', 'queue', 'name=bob*', 'autodelete=true') + self.acl.allow('bob', 'consume', 'queue', 'name=bob*') + self.acl.deny().apply() + try: + self.ssn.receiver("amq.topic") + assert False, "anonymous should not be allowed to create receiver from amq.topic" + except UnauthorizedAccess: pass + self.bob.receiver("amq.topic; {node:{type:topic}}") + try: + self.bob.receiver("amq.topic") + assert False, "bob should not be allowed to create receiver from amq.topic without specifying the node type" + except UnauthorizedAccess: pass + self.alice.receiver("amq.topic; {node:{type:topic}}") + self.alice.receiver("amq.topic") + try: + self.alice.receiver("amq.direct") + assert False, "alice should not be allowed to create receiver from amq.direct" + except UnauthorizedAccess: pass + + def test_resolution_for_receiver_from_queue(self): + self.acl.allow('alice', 'access', 'exchange', 'name=acl_test_queue') + self.acl.allow('alice', 'access', 'queue', 'name=acl_test_queue') + self.acl.allow('alice', 'consume', 'queue', 'name=acl_test_queue') + self.acl.allow('bob', 'access', 'queue', 'name=acl_test_queue') + self.acl.allow('bob', 'consume', 'queue', 'name=acl_test_queue') + self.acl.deny().apply() + try: + self.ssn.receiver("acl_test_queue") + assert False, "anonymous should not be allowed to create receiver from acl_test_queue" + except UnauthorizedAccess: pass + self.bob.receiver("acl_test_queue; {node:{type:queue}}") + try: + self.bob.receiver("acl_test_queue") + assert False, "bob should not be allowed to create receiver from acl_test_queue without specifying the node type" + except UnauthorizedAccess: pass + self.alice.receiver("acl_test_queue; {node:{type:queue}}") + self.alice.receiver("acl_test_queue") diff --git a/qpid/cpp/src/tests/mgmt_1.py b/qpid/cpp/src/tests/mgmt_1.py new file mode 100644 index 0000000000..39812c2995 --- /dev/null +++ b/qpid/cpp/src/tests/mgmt_1.py @@ -0,0 +1,99 @@ +# +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# + +from qpid.tests.messaging.implementation import * + +class Mgmt: + """ + Simple QMF management utility (qpidtoollibs uses + qpid.messaging.Message rather than swigged version) + """ + def __init__(self, conn): + self.conn = conn + self.sess = self.conn.session() + self.reply_to = "qmf.default.topic/direct.%s;{node:{type:topic}, link:{x-declare:{auto-delete:True,exclusive:True}}}" % \ + str(uuid4()) + self.reply_rx = self.sess.receiver(self.reply_to) + self.reply_rx.capacity = 10 + self.tx = self.sess.sender("qmf.default.direct/broker") + self.next_correlator = 1 + + def close(self): + self.conn.close() + + def list(self, class_name): + props = {'method' : 'request', + 'qmf.opcode' : '_query_request', + 'x-amqp-0-10.app-id' : 'qmf2'} + correlator = str(self.next_correlator) + self.next_correlator += 1 + + content = {'_what' : 'OBJECT', + '_schema_id' : {'_class_name' : class_name.lower()}} + + message = Message(content, reply_to=self.reply_to, correlation_id=correlator, + properties=props, subject="broker") + self.tx.send(message) + + + response = self.reply_rx.fetch(10) + if response.properties['qmf.opcode'] != '_query_response': + raise Exception("bad response") + items = [] + done = False + while not done: + for item in response.content: + items.append(item['_values']) + if 'partial' in response.properties: + response = self.reply_rx.fetch(10) + else: + done = True + self.sess.acknowledge() + return items + + def do_qmf_method(self, method, arguments, addr="org.apache.qpid.broker:broker:amqp-broker", timeout=10): + props = {'method' : 'request', + 'qmf.opcode' : '_method_request', + 'x-amqp-0-10.app-id' : 'qmf2'} + correlator = str(self.next_correlator) + self.next_correlator += 1 + + content = {'_object_id' : {'_object_name' : addr}, + '_method_name' : method, + '_arguments' : arguments} + + message = Message(content, reply_to=self.reply_to, correlation_id=correlator, + properties=props, subject="broker") + self.tx.send(message) + response = self.reply_rx.fetch(timeout) + self.sess.acknowledge() + if response.properties['qmf.opcode'] == '_exception': + raise Exception("Exception from Agent: %r" % response.content['_values']) + if response.properties['qmf.opcode'] != '_method_response': + raise Exception("bad response: %r" % response.properties) + return response.content['_arguments'] + + def create(self, _type, name, properties={}): + return self.do_qmf_method('create', {'type': _type, 'name': name, 'properties': properties}) + + def delete(self, _type, name): + return self.do_qmf_method('delete', {'type': _type, 'name': name}) + + def reload_acl_file(self): + self.do_qmf_method('reloadACLFile', {}, "org.apache.qpid.acl:acl:org.apache.qpid.broker:broker:amqp-broker") diff --git a/qpid/cpp/src/tests/policies.py b/qpid/cpp/src/tests/policies.py index ec0191f91e..265a04557f 100644 --- a/qpid/cpp/src/tests/policies.py +++ b/qpid/cpp/src/tests/policies.py @@ -19,80 +19,7 @@ from qpid.tests.messaging.implementation import * from qpid.tests.messaging import VersionTest - -class Mgmt: - """ - Simple QMF management utility (qpidtoollibs uses - qpid.messaging.Message rather than swigged version) - """ - def __init__(self, conn): - self.conn = conn - self.sess = self.conn.session() - self.reply_to = "qmf.default.topic/direct.%s;{node:{type:topic}, link:{x-declare:{auto-delete:True,exclusive:True}}}" % \ - str(uuid4()) - self.reply_rx = self.sess.receiver(self.reply_to) - self.reply_rx.capacity = 10 - self.tx = self.sess.sender("qmf.default.direct/broker") - self.next_correlator = 1 - - def list(self, class_name): - props = {'method' : 'request', - 'qmf.opcode' : '_query_request', - 'x-amqp-0-10.app-id' : 'qmf2'} - correlator = str(self.next_correlator) - self.next_correlator += 1 - - content = {'_what' : 'OBJECT', - '_schema_id' : {'_class_name' : class_name.lower()}} - - message = Message(content, reply_to=self.reply_to, correlation_id=correlator, - properties=props, subject="broker") - self.tx.send(message) - - - response = self.reply_rx.fetch(10) - if response.properties['qmf.opcode'] != '_query_response': - raise Exception("bad response") - items = [] - done = False - while not done: - for item in response.content: - items.append(item['_values']) - if 'partial' in response.properties: - response = self.reply_rx.fetch(10) - else: - done = True - self.sess.acknowledge() - return items - - def do_qmf_method(self, method, arguments, addr="org.apache.qpid.broker:broker:amqp-broker", timeout=10): - props = {'method' : 'request', - 'qmf.opcode' : '_method_request', - 'x-amqp-0-10.app-id' : 'qmf2'} - correlator = str(self.next_correlator) - self.next_correlator += 1 - - content = {'_object_id' : {'_object_name' : addr}, - '_method_name' : method, - '_arguments' : arguments} - - message = Message(content, reply_to=self.reply_to, correlation_id=correlator, - properties=props, subject="broker") - self.tx.send(message) - response = self.reply_rx.fetch(timeout) - self.sess.acknowledge() - if response.properties['qmf.opcode'] == '_exception': - raise Exception("Exception from Agent: %r" % response.content['_values']) - if response.properties['qmf.opcode'] != '_method_response': - raise Exception("bad response: %r" % response.properties) - return response.content['_arguments'] - - def create(self, _type, name, properties={}): - return self.do_qmf_method('create', {'type': _type, 'name': name, 'properties': properties}) - - def delete(self, _type, name): - return self.do_qmf_method('delete', {'type': _type, 'name': name}) - +from mgmt_1 import Mgmt class PoliciesTests (VersionTest): """ diff --git a/qpid/cpp/src/tests/swig_python_tests b/qpid/cpp/src/tests/swig_python_tests index 40c35ac0fa..c28c96e839 100755 --- a/qpid/cpp/src/tests/swig_python_tests +++ b/qpid/cpp/src/tests/swig_python_tests @@ -40,11 +40,13 @@ skip() { start_broker() { rm -f swig_python_tests.log - QPID_PORT=$($QPIDD_EXEC --daemon --port 0 --interface 127.0.0.1 --no-data-dir $MODULES --auth no --log-to-file swig_python_tests.log) || fail "Could not start broker" + cp $srcdir/policy.acl $builddir/policy.acl + QPID_PORT=$($QPIDD_EXEC --daemon --port 0 --interface 127.0.0.1 --no-data-dir $MODULES --auth no --acl-file $builddir/policy.acl --log-to-file swig_python_tests.log) || fail "Could not start broker" } stop_broker() { $QPIDD_EXEC -q --port $QPID_PORT + rm $builddir/policy.acl } test -f $PYTHONSWIGMODULE || skip "no swigged python client" @@ -57,7 +59,7 @@ export PYTHONPATH=$PYTHONPATH:$PYTHONPATH_SWIG export QPID_USE_SWIG_CLIENT=1 $QPID_PYTHON_TEST -m qpid.tests.messaging.message -m qpid_tests.broker_0_10.priority -m qpid_tests.broker_0_10.lvq -m qpid_tests.broker_0_10.new_api -b localhost:$QPID_PORT -I $srcdir/failing-amqp0-10-python-tests $* || FAILED=1 if [[ -a $AMQP_LIB ]] ; then - $QPID_PYTHON_TEST --define="protocol_version=amqp1.0" -m qpid_tests.broker_1_0 -m qpid_tests.broker_0_10.new_api -m assertions -m reject_release -m misc -m policies -b localhost:$QPID_PORT -I $srcdir/failing-amqp1.0-python-tests $* || FAILED=1 + $QPID_PYTHON_TEST --define="protocol_version=amqp1.0" --define="policy_file=$builddir/policy.acl" -m qpid_tests.broker_1_0 -m qpid_tests.broker_0_10.new_api -m assertions -m reject_release -m misc -m policies -m acl_1 -b localhost:$QPID_PORT -I $srcdir/failing-amqp1.0-python-tests $* || FAILED=1 fi stop_broker if [[ $FAILED -eq 1 ]]; then |