diff options
| author | Charles E. Rolke <chug@apache.org> | 2012-06-01 14:19:34 +0000 |
|---|---|---|
| committer | Charles E. Rolke <chug@apache.org> | 2012-06-01 14:19:34 +0000 |
| commit | ab2e88eba16f283a7f086de5d856da34784343b3 (patch) | |
| tree | ab3316d359d4489f950b519e912b0deb8ab1ed9d /qpid/cpp/src/tests/acl.py | |
| parent | e82126bf9dc196ec0cbe19f990a9da98b5ab9508 (diff) | |
| download | qpid-python-ab2e88eba16f283a7f086de5d856da34784343b3.tar.gz | |
QPID-4032 Broker ACL does not accept sub-groups in group declaration
Patch from Paul Colby and new self test demonstrating the fix.
Note that this patch broke the user_realm self test. That is, a naked name
like 'bob' has changed from being a username missing a domain to being
a group name. The self test used to fail and still fails but now for a
different reason.
git-svn-id: https://svn.apache.org/repos/asf/qpid/trunk@1345190 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'qpid/cpp/src/tests/acl.py')
| -rwxr-xr-x | qpid/cpp/src/tests/acl.py | 30 |
1 files changed, 29 insertions, 1 deletions
diff --git a/qpid/cpp/src/tests/acl.py b/qpid/cpp/src/tests/acl.py index 720b3b4216..663af3e8ac 100755 --- a/qpid/cpp/src/tests/acl.py +++ b/qpid/cpp/src/tests/acl.py @@ -285,10 +285,38 @@ class ACLTests(TestBase010): if (result): self.fail(result) + def test_nested_groups(self): + """ + Test nested groups + """ + + aclf = self.get_acl_file() + aclf.write('group user-consume martin@QPID ted@QPID\n') + aclf.write('group group2 kim@QPID user-consume rob@QPID \n') + aclf.write('acl allow anonymous all all \n') + aclf.write('acl allow group2 create queue \n') + aclf.write('acl deny all all') + aclf.close() + + result = self.reload_acl() + if (result): + self.fail(result) + + session = self.get_session('rob','rob') + try: + session.queue_declare(queue="rob_queue") + except qpid.session.SessionException, e: + if (403 == e.args[0].error_code): + self.fail("ACL should allow queue create request"); + self.fail("Error during queue create request"); + + + def test_user_realm(self): """ Test a user defined without a realm Ex. group admin rajith + Note: a user name without a realm is interpreted as a group name """ aclf = self.get_acl_file() aclf.write('group admin bob\n') # shouldn't be allowed @@ -297,7 +325,7 @@ class ACLTests(TestBase010): aclf.close() result = self.reload_acl() - if (result.find("Username 'bob' must contain a realm",0,len(result)) == -1): + if (result.find("not defined yet.",0,len(result)) == -1): self.fail(result) def test_allowed_chars_for_username(self): |