diff options
Diffstat (limited to 'deps/rabbit/test/unit_access_control_authn_authz_context_propagation_SUITE.erl')
-rw-r--r-- | deps/rabbit/test/unit_access_control_authn_authz_context_propagation_SUITE.erl | 127 |
1 files changed, 127 insertions, 0 deletions
diff --git a/deps/rabbit/test/unit_access_control_authn_authz_context_propagation_SUITE.erl b/deps/rabbit/test/unit_access_control_authn_authz_context_propagation_SUITE.erl new file mode 100644 index 0000000000..9cb1ad7267 --- /dev/null +++ b/deps/rabbit/test/unit_access_control_authn_authz_context_propagation_SUITE.erl @@ -0,0 +1,127 @@ +%% This Source Code Form is subject to the terms of the Mozilla Public +%% License, v. 2.0. If a copy of the MPL was not distributed with this +%% file, You can obtain one at https://mozilla.org/MPL/2.0/. +%% +%% Copyright (c) 2019-2020 VMware, Inc. or its affiliates. All rights reserved. +%% + +-module(unit_access_control_authn_authz_context_propagation_SUITE). + +-include_lib("common_test/include/ct.hrl"). +-include_lib("eunit/include/eunit.hrl"). +-include_lib("amqp_client/include/amqp_client.hrl"). + +-compile(export_all). + +all() -> + [ + {group, non_parallel_tests} + ]. + +groups() -> + [ + {non_parallel_tests, [], [ + propagate_context_to_auth_backend + ]} + ]. + +%% ------------------------------------------------------------------- +%% Testsuite setup/teardown. +%% ------------------------------------------------------------------- + +init_per_suite(Config) -> + rabbit_ct_helpers:log_environment(), + rabbit_ct_helpers:run_setup_steps(Config). + +end_per_suite(Config) -> + rabbit_ct_helpers:run_teardown_steps(Config). + +init_per_group(_, Config) -> + Config. + +end_per_group(_, Config) -> + Config. + +init_per_testcase(Testcase, Config) -> + AuthConfig = {rabbit, [ + {auth_backends, [rabbit_auth_backend_context_propagation_mock]} + ] + }, + rabbit_ct_helpers:testcase_started(Config, Testcase), + Config1 = rabbit_ct_helpers:set_config(Config, [ + {rmq_nodename_suffix, Testcase} + ]), + rabbit_ct_helpers:run_setup_steps(Config1, + [ fun(Conf) -> merge_app_env(AuthConfig, Conf) end ] ++ + rabbit_ct_broker_helpers:setup_steps() ++ + rabbit_ct_client_helpers:setup_steps()). + +merge_app_env(SomeConfig, Config) -> + rabbit_ct_helpers:merge_app_env(Config, SomeConfig). + +end_per_testcase(Testcase, Config) -> + Config1 = rabbit_ct_helpers:run_steps(Config, + rabbit_ct_client_helpers:teardown_steps() ++ + rabbit_ct_broker_helpers:teardown_steps()), + rabbit_ct_helpers:testcase_finished(Config1, Testcase). + +%% ------------------------------------------------------------------- +%% Test cases +%% ------------------------------------------------------------------- + +propagate_context_to_auth_backend(Config) -> + ok = rabbit_ct_broker_helpers:add_code_path_to_all_nodes(Config, + rabbit_auth_backend_context_propagation_mock), + passed = rabbit_ct_broker_helpers:rpc(Config, 0, + ?MODULE, propagate_context_to_auth_backend1, []). + +propagate_context_to_auth_backend1() -> + rabbit_auth_backend_context_propagation_mock:init(), + AmqpParams = #amqp_params_direct{ + virtual_host = <<"/">>, + username = <<"guest">>, + password = <<"guest">>, + adapter_info = #amqp_adapter_info{additional_info = [ + {variable_map, #{<<"key1">> => <<"value1">>}} + ], + protocol = {'FOO_PROTOCOL', '1.0'} %% this will trigger a call to rabbit_foo_protocol_connection_info + } + }, + {ok, Conn} = amqp_connection:start(AmqpParams), + + %% rabbit_direct will call the rabbit_foo_protocol_connection_info module to extract information + %% this information will be propagated to the authentication backend + [{authentication, AuthProps}] = rabbit_auth_backend_context_propagation_mock:get(authentication), + ?assertEqual(<<"value1">>, proplists:get_value(key1, AuthProps)), + + %% variable_map is propagated from rabbit_direct to the authorization backend + [{vhost_access, AuthzData}] = rabbit_auth_backend_context_propagation_mock:get(vhost_access), + ?assertEqual(<<"value1">>, maps:get(<<"key1">>, AuthzData)), + + %% variable_map is extracted when the channel is created and kept in its state + {ok, Ch} = amqp_connection:open_channel(Conn), + QName = <<"channel_propagate_context_to_authz_backend-q">>, + amqp_channel:call(Ch, #'queue.declare'{queue = QName}), + + check_send_receive(Ch, <<"">>, QName, QName), + amqp_channel:call(Ch, #'queue.bind'{queue = QName, exchange = <<"amq.topic">>, routing_key = <<"a.b">>}), + %% variable_map content is propagated from rabbit_channel to the authorization backend (resource check) + [{resource_access, AuthzContext}] = rabbit_auth_backend_context_propagation_mock:get(resource_access), + ?assertEqual(<<"value1">>, maps:get(<<"key1">>, AuthzContext)), + + check_send_receive(Ch, <<"amq.topic">>, <<"a.b">>, QName), + %% variable_map is propagated from rabbit_channel to the authorization backend (topic check) + [{topic_access, TopicContext}] = rabbit_auth_backend_context_propagation_mock:get(topic_access), + VariableMap = maps:get(variable_map, TopicContext), + ?assertEqual(<<"value1">>, maps:get(<<"key1">>, VariableMap)), + + passed. + +check_send_receive(Ch, Exchange, RoutingKey, QName) -> + amqp_channel:call(Ch, + #'basic.publish'{exchange = Exchange, routing_key = RoutingKey}, + #amqp_msg{payload = <<"foo">>}), + + {#'basic.get_ok'{}, #amqp_msg{payload = <<"foo">>}} = + amqp_channel:call(Ch, #'basic.get'{queue = QName, + no_ack = true}). |