[asterisk-commits] jrose: testsuite/asterisk/trunk r3332 - in /asterisk/trunk/tests/manager: ./ ...

SVN commits to the Asterisk project asterisk-commits at lists.digium.com
Tue Jul 17 14:02:48 CDT 2012


Author: jrose
Date: Tue Jul 17 14:02:41 2012
New Revision: 3332

URL: http://svnview.digium.com/svn/testsuite?view=rev&rev=3332
Log:
named_acl: Test ACLs and the named ACL subsystem for manager logins

Provides some tests against ACLs/named ACLs/realtime named ACLs for manager
logins.

Review: https://reviewboard.asterisk.org/r/2047/

Added:
    asterisk/trunk/tests/manager/acl-login/
    asterisk/trunk/tests/manager/acl-login/configs/
    asterisk/trunk/tests/manager/acl-login/configs/ast1/
    asterisk/trunk/tests/manager/acl-login/configs/ast1/acl.conf   (with props)
    asterisk/trunk/tests/manager/acl-login/configs/ast1/manager.conf   (with props)
    asterisk/trunk/tests/manager/acl-login/run-test   (with props)
    asterisk/trunk/tests/manager/acl-login/test-config.yaml   (with props)
Modified:
    asterisk/trunk/tests/manager/tests.yaml

Added: asterisk/trunk/tests/manager/acl-login/configs/ast1/acl.conf
URL: http://svnview.digium.com/svn/testsuite/asterisk/trunk/tests/manager/acl-login/configs/ast1/acl.conf?view=auto&rev=3332
==============================================================================
--- asterisk/trunk/tests/manager/acl-login/configs/ast1/acl.conf (added)
+++ asterisk/trunk/tests/manager/acl-login/configs/ast1/acl.conf Tue Jul 17 14:02:41 2012
@@ -1,0 +1,15 @@
+[testacl1] ; Allow 127.0.0.1 only
+deny = 0.0.0.0/0.0.0.0
+permit = 127.0.0.1
+
+[testacl2] ; Disallow 127.0.0.1 only
+permit = 0.0.0.0/0.0.0.0
+deny = 127.0.0.1
+
+[testacl3] ; Disallow 127.0.0.3 only
+permit = 0.0.0.0/0.0.0.0
+deny = 127.0.0.3
+
+[testacl4] ; Disallow 127.0.0.4 only
+permit = 0.0.0.0/0.0.0.0
+deny = 127.0.0.4

Propchange: asterisk/trunk/tests/manager/acl-login/configs/ast1/acl.conf
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: asterisk/trunk/tests/manager/acl-login/configs/ast1/acl.conf
------------------------------------------------------------------------------
    svn:keywords = Author Date Id Revision

Propchange: asterisk/trunk/tests/manager/acl-login/configs/ast1/acl.conf
------------------------------------------------------------------------------
    svn:mime-type = text/plain

Added: asterisk/trunk/tests/manager/acl-login/configs/ast1/manager.conf
URL: http://svnview.digium.com/svn/testsuite/asterisk/trunk/tests/manager/acl-login/configs/ast1/manager.conf?view=auto&rev=3332
==============================================================================
--- asterisk/trunk/tests/manager/acl-login/configs/ast1/manager.conf (added)
+++ asterisk/trunk/tests/manager/acl-login/configs/ast1/manager.conf Tue Jul 17 14:02:41 2012
@@ -1,0 +1,30 @@
+;
+; Test Addresses
+;
+; 127.0.0.1
+; 127.0.0.2
+; 127.0.0.3
+; 127.0.0.4
+
+[general]
+enabled=yes
+port=5038
+
+bindaddr = 0.0.0.0
+
+[test1] ; No named ACL, login only available to 127.0.0.1
+deny = 0.0.0.0/0.0.0.0
+permit = 127.0.0.1
+secret = mysecret
+
+[test2] ; Same permissible addresses as test 1, obtained through named ACL instead.
+acl = testacl1
+secret = mysecret
+
+[test3] ; Multiple named ACL rules. Collectively only 127.0.0.2 should be allowed in.
+acl = testacl2,testacl3,testacl4
+secret = mysecret
+
+[test4] ; An undefined rule is included. This should reject all of the test addresses.
+acl = notspecified
+secret = mysecret

Propchange: asterisk/trunk/tests/manager/acl-login/configs/ast1/manager.conf
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: asterisk/trunk/tests/manager/acl-login/configs/ast1/manager.conf
------------------------------------------------------------------------------
    svn:keywords = Author Date Id Revision

Propchange: asterisk/trunk/tests/manager/acl-login/configs/ast1/manager.conf
------------------------------------------------------------------------------
    svn:mime-type = text/plain

Added: asterisk/trunk/tests/manager/acl-login/run-test
URL: http://svnview.digium.com/svn/testsuite/asterisk/trunk/tests/manager/acl-login/run-test?view=auto&rev=3332
==============================================================================
--- asterisk/trunk/tests/manager/acl-login/run-test (added)
+++ asterisk/trunk/tests/manager/acl-login/run-test Tue Jul 17 14:02:41 2012
@@ -1,0 +1,169 @@
+#!/usr/bin/env python
+'''
+Copyright (C) 2012, Digium, Inc.
+Jonathan Rose <jrose at digium.com>
+
+This program is free software, distributed under the terms of
+the GNU General Public License Version 2.
+'''
+
+import sys
+import logging
+import logging.config
+from twisted.internet import reactor
+
+sys.path.append("lib/python")
+from asterisk.TestCase import TestCase
+from starpy import manager
+
+logger = logging.getLogger(__name__)
+
+"""
+This test case attempts to log in to AMI with various users from different addresses that are either accepted or rejected
+by the ACL definitions established for those AMI users. Tests include locally defined ACLs within manager.conf, Single use
+of named ACLs, use of multiple named ACLs, and use of an undefined ACL.
+"""
+
+class AMILoginACLTest(TestCase):
+
+    # Prepare test object and establish what logins should be attempted and what the expectations of those logins are.
+    def __init__(self):
+        TestCase.__init__(self)
+        self.test_components = {}
+
+        #success evaluation stuff
+        self.components_expected = 0   # total number of login attempts we expected
+        self.components_received = 0   # total number of login attempts made
+        self.successes_expected = []   # ami indices of test components that are supposed to successfully login
+        self.got_bad_event = False     # raised when a successful login occurs that defies expectations
+
+        #test1 - No named ACL, login only available to 127.0.0.1
+        self.add_test_component("test1", "127.0.0.1", "allow")
+        self.add_test_component("test1", "127.0.0.2", "deny")
+        self.add_test_component("test1", "127.0.0.3", "deny")
+        self.add_test_component("test1", "127.0.0.4", "deny")
+
+        #test2 - Same permissible addresses as test 1, obtained through named ACL instead.
+        self.add_test_component("test2", "127.0.0.1", "allow")
+        self.add_test_component("test2", "127.0.0.2", "deny")
+        self.add_test_component("test2", "127.0.0.3", "deny")
+        self.add_test_component("test2", "127.0.0.4", "deny")
+
+        #test3 - Multiple named ACL rules. Collectively only 127.0.0.2 should be allowed in.
+        self.add_test_component("test3", "127.0.0.1", "deny")
+        self.add_test_component("test3", "127.0.0.2", "allow")
+        self.add_test_component("test3", "127.0.0.3", "deny")
+        self.add_test_component("test3", "127.0.0.4", "deny")
+
+        #test4 - An undefined rule is used. This should reject all of the test addresses.
+        self.add_test_component("test4", "127.0.0.1", "deny")
+        self.add_test_component("test4", "127.0.0.2", "deny")
+        self.add_test_component("test4", "127.0.0.3", "deny")
+        self.add_test_component("test4", "127.0.0.4", "deny")
+
+        self.create_asterisk()
+
+    # Add a single login attempt to be made and what its expectation should be
+    def add_test_component(self, test, address, expectation):
+        this_tuple = address, expectation
+        this_dict_entry = self.test_components.get(test)
+        if not this_dict_entry:
+            self.test_components[test] = [this_tuple]
+        else:
+            this_dict_entry.append(this_tuple)
+
+        self.components_expected += 1
+
+    # Callback to handle AMI logoffs
+    def ami_logoff(self, ami):
+        pass
+
+    # Callback for a successful AMI Connection. This evaluates whether the connection should have been successful or not.
+    def ami_connect(self, ami):
+        success_expected = False
+        logger.info("AMI %d: login authenticated" % ami.id)
+
+        for item in self.successes_expected:
+            if item == ami.id:
+                success_expected = True
+                break
+
+        if not success_expected:
+            logger.error("AMI %d: Login was allowed and it shouldn't have been." % ami.id)
+            self.got_bad_event = True
+        else:
+            #We no longer expect this entry since we already got it
+            logger.info("AMI %d: Login successful and expected." % ami.id)
+            self.successes_expected.remove(ami.id)
+
+        self.components_received += 1
+
+        ami.logoff().addCallbacks(self.ami_logoff, self.ami_logoff_error)
+
+        if self.components_received == self.components_expected:
+            self.evaluate_success()
+            self.stop_reactor()
+
+    # Callback for handling AMI logoff failures
+    def ami_logoff_error(self, ami):
+        pass
+
+    # Callback for failed AMI Connections. This evaluates whether the conditions for finishing the test have been met as well.
+    def ami_login_error(self, ami):
+        self.components_received += 1
+
+        if self.components_received == self.components_expected:
+            self.evaluate_success()
+            self.stop_reactor()
+
+    def run(self):
+        TestCase.run(self)
+        self.ami_test_func()
+
+    # Checks the test components and passes data to the ami_factory_test_function
+    def ami_test_func(self):
+        entry = 0
+        for key in self.test_components.iterkeys():
+            this_dict_entry = self.test_components.get(key)
+            for item in this_dict_entry:
+                if item[1] == "allow":
+                    self.successes_expected.append(entry)
+                self.ami_factory_test_function(entry = entry, username = key, address = item[0])
+                entry += 1
+
+    # Receives data about test components and attempts to login to AMI using that data
+    def ami_factory_test_function(self, entry=0, username="user", secret="mysecret", port = 5038, address = "127.0.0.1"):
+        self.ami.append(None)
+        logger.info("Creating AMI %d - %s / %s" % (entry, username, address))
+        self.ami_factory = manager.AMIFactory(username, secret, entry)
+        self.ami_factory.login(address).addCallbacks(self.ami_connect, self.ami_login_error)
+
+    # Post test evaluation of success conditions
+    def evaluate_success(self):
+        self.passed = True
+        if self.components_received != self.components_expected:
+            logger.error("Did not receive expected number of login events. Received %d/%d." % (self.components_received % self.components_expected))
+            self.passed = False
+
+        if len(self.successes_expected) != 0:
+            logger.error("Not all logins that were expected to be allowed were completed. Missed: %s" % self.successes_expected)
+            self.passed = False
+
+        if self.got_bad_event:
+            logger.error("An AMI login was allowed which was not expected.")
+            self.passed = False
+
+
+def main():
+    test = AMILoginACLTest()
+    reactor.run()
+    if test.passed:
+        return 0
+    return 1
+
+
+if __name__ == "__main__":
+    sys.exit(main() or 0)
+
+
+# vim:sw=4:ts=4:expandtab:textwidth=79

Propchange: asterisk/trunk/tests/manager/acl-login/run-test
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: asterisk/trunk/tests/manager/acl-login/run-test
------------------------------------------------------------------------------
    svn:executable = *

Propchange: asterisk/trunk/tests/manager/acl-login/run-test
------------------------------------------------------------------------------
    svn:keywords = Author Date Id Revision

Propchange: asterisk/trunk/tests/manager/acl-login/run-test
------------------------------------------------------------------------------
    svn:mime-type = text/plain

Added: asterisk/trunk/tests/manager/acl-login/test-config.yaml
URL: http://svnview.digium.com/svn/testsuite/asterisk/trunk/tests/manager/acl-login/test-config.yaml?view=auto&rev=3332
==============================================================================
--- asterisk/trunk/tests/manager/acl-login/test-config.yaml (added)
+++ asterisk/trunk/tests/manager/acl-login/test-config.yaml Tue Jul 17 14:02:41 2012
@@ -1,0 +1,15 @@
+testinfo:
+    summary:     'Test logins to the Asterisk Manager Interface when ACLs are provided'
+    description: |
+        'This test will attempt login on a number of ACL users set to accept certain addresses and reject others.
+         Primary purpose is to verify proper behavior of ACL configuration and named ACLs.'
+
+properties:
+    minversion: '11.0'
+    dependencies:
+        - python : 'twisted'
+        - python : 'starpy'
+    tags:
+        - AMI
+        - ACL
+

Propchange: asterisk/trunk/tests/manager/acl-login/test-config.yaml
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: asterisk/trunk/tests/manager/acl-login/test-config.yaml
------------------------------------------------------------------------------
    svn:keywords = Author Date Id Revision

Propchange: asterisk/trunk/tests/manager/acl-login/test-config.yaml
------------------------------------------------------------------------------
    svn:mime-type = text/plain

Modified: asterisk/trunk/tests/manager/tests.yaml
URL: http://svnview.digium.com/svn/testsuite/asterisk/trunk/tests/manager/tests.yaml?view=diff&rev=3332&r1=3331&r2=3332
==============================================================================
--- asterisk/trunk/tests/manager/tests.yaml (original)
+++ asterisk/trunk/tests/manager/tests.yaml Tue Jul 17 14:02:41 2012
@@ -4,5 +4,6 @@
     - test: 'action-events-response'
     - test: 'authlimit'
     - test: 'authtimeout'
+    - test: 'acl-login'
     # Temporarily disabled while failures are debugged
     #- test: 'response-time'




More information about the asterisk-commits mailing list