deps/rabbitmq_auth_backend_http/test/auth_SUITE.erl


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62

%% This Source Code Form is subject to the terms of the Mozilla Public
%% License, v. 2.0. If a copy of the MPL was not distributed with this
%% file, You can obtain one at https://mozilla.org/MPL/2.0/.
%%
%% Copyright (c) 2017-2020 VMware, Inc. or its affiliates.  All rights reserved.

-module(auth_SUITE).

-include_lib("common_test/include/ct.hrl").
-include_lib("eunit/include/eunit.hrl").
-include_lib("rabbit_common/include/rabbit.hrl").

-compile(export_all).

-define(AUTH_PORT, 8000).
-define(USER_PATH, "/auth/user").
-define(BACKEND_CONFIG,
	[{http_method, get},
     {user_path, "http://localhost:" ++ integer_to_list(?AUTH_PORT) ++ ?USER_PATH},
	 {vhost_path, "http://localhost:" ++ integer_to_list(?AUTH_PORT) ++ "/auth/vhost"},
     {resource_path, "http://localhost:" ++ integer_to_list(?AUTH_PORT) ++ "/auth/resource"},
	 {topic_path, "http://localhost:" ++ integer_to_list(?AUTH_PORT) ++ "/auth/topic"}]).
-define(ALLOWED_USER, #{username => <<"Ala">>,
                        password => <<"Kocur">>,
                        tags => [policymaker, monitoring]}).
-define(DENIED_USER, #{username => <<"Alice">>, password => <<"Cat">>}).

all() -> [grants_access_to_user, denies_access_to_user].

init_per_suite(Config) ->
    configure_http_auth_backend(),
    #{username := Username, password := Password, tags := Tags} = ?ALLOWED_USER,
    start_http_auth_server(?AUTH_PORT, ?USER_PATH, #{Username => {Password, Tags}}),
    [{allowed_user, ?ALLOWED_USER}, {denied_user, ?DENIED_USER} | Config].

end_per_suite(_Config) ->
    stop_http_auth_server().

grants_access_to_user(Config) ->
    #{username := U, password := P, tags := T} = ?config(allowed_user, Config),
    ?assertMatch({ok, #auth_user{username = U, tags = T}},
		         rabbit_auth_backend_http:user_login_authentication(U, [{password, P}])).

denies_access_to_user(Config) ->
    #{username := U, password := P} = ?config(denied_user, Config),
    ?assertMatch({refused, "Denied by the backing HTTP service", []},
                  rabbit_auth_backend_http:user_login_authentication(U, [{password, P}])).

%%% HELPERS

configure_http_auth_backend() ->
    {ok, _} = application:ensure_all_started(inets),
    [application:set_env(rabbitmq_auth_backend_http, K, V) || {K, V} <- ?BACKEND_CONFIG].

start_http_auth_server(Port, Path, Users) ->
    application:ensure_all_started(cowboy),
    Dispatch = cowboy_router:compile([{'_', [{Path, auth_http_mock, Users}]}]),
    {ok, _} = cowboy:start_clear(
        mock_http_auth_listener, [{port, Port}], #{env => #{dispatch => Dispatch}}).

stop_http_auth_server() ->
    cowboy:stop_listener(mock_http_auth_listener).