Skip to content

Commit

Permalink
Required privileges for service device mgmt (#16850)
Browse files Browse the repository at this point in the history
This should cover the rest of the clusters in service and device
management, barring Network Commissioning Cluster and Time
Synchronization Cluster, which don't seem to be in use.

The group messaging YAML test attempted to group write an attribute
requiring administer privilege to write. This can never work, because
administer privilege is not permitted via group messaging. Therefore,
changed the test to use another attribute requiring only manage privilege,
and configured the tests to grant manage privilege to group messaging.

Part of #14419
  • Loading branch information
mlepage-google authored and pull[bot] committed Nov 29, 2023
1 parent b657fe5 commit 110205c
Show file tree
Hide file tree
Showing 23 changed files with 871 additions and 102 deletions.
41 changes: 24 additions & 17 deletions src/app/tests/suites/TestGroupMessaging.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -129,53 +129,60 @@ tests:
Subjects: null,
Targets: null,
},
# Any group can operate
# Any group can manage
{
FabricIndex: 0,
Privilege: 3, # operate
Privilege: 4, # manage
AuthMode: 3, # group
Subjects: null,
Targets: null,
},
]

# Test Pair 1 : Sends a Group Write Attribute
# Test Pair 1 : Check initial value (ensure it's not the test value)
- label: "Read initial Attribute value"
command: "readAttribute"
attribute: "nodeLabel"
response:
value: ""

# Test Pair 2 : Sends a Group Write Attribute
- label: "Group Write Attribute"
command: "writeAttribute"
attribute: "location"
attribute: "nodeLabel"
groupId: 0x0102
arguments:
value: "US"
value: "xyzzy"

# Test Pair 1 : Validates previous group write attribute with a unicast to read
# Test Pair 2 : Validates previous group write attribute with a unicast to read
- label: "Read back Attribute"
command: "readAttribute"
attribute: "location"
attribute: "nodeLabel"
response:
value: "US"
value: "xyzzy"

# Test Pair 2 : Sends a Group Write Attribute
- label: "Restore initial location value"
# Test Pair 3 : Sends a Group Write Attribute
- label: "Restore initial Attribute value"
command: "writeAttribute"
attribute: "location"
attribute: "nodeLabel"
groupId: 0x0102
arguments:
value: "XX"
value: ""

# Test Pair 2 : Validates previous group write attribute with a unicast to read
# Test Pair 3 : Validates previous group write attribute with a unicast to read
- label: "Read back Attribute"
command: "readAttribute"
attribute: "location"
attribute: "nodeLabel"
response:
value: "XX"
value: ""

# Test Pair 3 : Sends a Group command
# Test Pair 4 : Sends a Group command
- label: "Turn On the light to see attribute change"
cluster: "On/Off"
command: "On"
groupId: 0x0101

# Test Pair 3 : Validates previous group command with a unicast to read
# Test Pair 4 : Validates previous group command with a unicast to read
- label:
"Check on/off attribute value is true after on command for endpoint 1"
cluster: "On/Off"
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -49,15 +49,18 @@ limitations under the License.
<arg name="Discriminator" type="INT16U"/>
<arg name="Iterations" type="INT32U"/>
<arg name="Salt" type="OCTET_STRING"/>
<access op="invoke" privilege="administer"/>
</command>

<command source="client" code="0x01" name="OpenBasicCommissioningWindow" mustUseTimedInvoke="true" optional="false">
<description>This command is used by a current Administrator to instruct a Node to go into commissioning mode using basic commissioning method, if the node supports it.</description>
<arg name="CommissioningTimeout" type="INT16U"/>
<access op="invoke" privilege="administer"/>
</command>

<command source="client" code="0x02" name="RevokeCommissioning" mustUseTimedInvoke="true" optional="false">
<description>This command is used by a current Administrator to instruct a Node to revoke any active Open Commissioning Window or Open Basic Commissioning Window command.</description>
<access op="invoke" privilege="administer"/>
</command>

</cluster>
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -31,8 +31,16 @@ limitations under the License.
<attribute side="server" code="2" define="VENDOR_ID" type="vendor_id" >VendorID</attribute>
<attribute side="server" code="3" define="PRODUCT_NAME" type="char_string" length="32" >ProductName</attribute>
<attribute side="server" code="4" define="PRODUCT_ID" type="int16u" >ProductID</attribute>
<attribute side="server" code="5" define="NODE_LABEL" type="char_string" length="32" default="" writable="true" >NodeLabel</attribute>
<attribute side="server" code="6" define="LOCATION" type="char_string" length="2" default="XX" writable="true" >Location</attribute>
<attribute side="server" code="5" define="NODE_LABEL" type="char_string" length="32" default="" writable="true" >
<description>NodeLabel</description>
<access op="read" privilege="view"/>
<access op="write" privilege="manage"/>
</attribute>
<attribute side="server" code="6" define="LOCATION" type="char_string" length="2" default="XX" writable="true" >
<description>Location</description>
<access op="read" privilege="view"/>
<access op="write" privilege="administer"/>
</attribute>
<attribute side="server" code="7" define="HARDWARE_VERSION" type="int16u" default="0" >HardwareVersion</attribute>
<attribute side="server" code="8" define="HARDWARE_VERSION_STRING" type="char_string" minLength="1" length="64" >HardwareVersionString</attribute>
<attribute side="server" code="9" define="SOFTWARE_VERSION" type="int32u" default="0" >SoftwareVersion</attribute>
Expand All @@ -42,7 +50,11 @@ limitations under the License.
<attribute side="server" code="13" define="PRODUCT_URL" type="long_char_string" length="256" optional="true">ProductURL</attribute>
<attribute side="server" code="14" define="PRODUCT_LABEL" type="char_string" length="64" optional="true">ProductLabel</attribute>
<attribute side="server" code="15" define="SERIAL_NUMBER" type="char_string" length="32" optional="true">SerialNumber</attribute>
<attribute side="server" code="16" define="LOCAL_CONFIG_DISABLED" type="boolean" default="0" writable="true" optional="true">LocalConfigDisabled</attribute>
<attribute side="server" code="16" define="LOCAL_CONFIG_DISABLED" type="boolean" default="0" writable="true" optional="true">
<description>LocalConfigDisabled</description>
<access op="read" privilege="view"/>
<access op="write" privilege="manage"/>
</attribute>
<attribute side="server" code="17" define="REACHABLE" type="boolean" default="1" optional="true">Reachable</attribute>
<attribute side="server" code="18" define="UNIQUE_ID" type="char_string" length="32" optional="true">UniqueID</attribute>

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -40,7 +40,11 @@ limitations under the License.
<code>0x0030</code>
<define>GENERAL_COMMISSIONING_CLUSTER</define>
<description>This cluster is used to set, remove and update fabric information on a commissionee.</description>
<attribute side="server" code="0x00" define="BREADCRUMB" type="INT64U" writable="true" default="0x0000000000000000" optional="false">Breadcrumb</attribute>
<attribute side="server" code="0x00" define="BREADCRUMB" type="INT64U" writable="true" default="0x0000000000000000" optional="false">
<description>Breadcrumb</description>
<access op="read" privilege="view"/>
<access op="write" privilege="administer"/>
</attribute>
<attribute side="server" code="0x01" define="BASICCOMMISSIONINGINFO" type="BasicCommissioningInfo" writable="false" optional="false">BasicCommissioningInfo</attribute>
<attribute side="server" code="0x02" define="REGULATORYCONFIG" type="RegulatoryLocationType" writable="false" optional="true">RegulatoryConfig</attribute>
<attribute side="server" code="0x03" define="LOCATIONCAPABILITY" type="RegulatoryLocationType" writable="false" optional="true">LocationCapability</attribute>
Expand All @@ -49,6 +53,7 @@ limitations under the License.
<arg name="expiryLengthSeconds" type="INT16U"/>
<arg name="breadcrumb" type="INT64U"/>
<arg name="timeoutMs" type="INT32U"/>
<access op="invoke" privilege="administer"/>
</command>
<command source="server" code="0x01" name="ArmFailSafeResponse" optional="false" cli="chip fabric_commissioning armfailsaferesponse">
<description>Sender expects ArmFailSafeResponse command within TimeoutMs milliseconds after sending ArmFailSafe command</description>
Expand All @@ -61,6 +66,7 @@ limitations under the License.
<arg name="countryCode" type="CHAR_STRING"/>
<arg name="breadcrumb" type="INT64U"/>
<arg name="timeoutMs" type="INT32U"/>
<access op="invoke" privilege="administer"/>
</command>
<command source="server" code="0x03" name="SetRegulatoryConfigResponse" optional="true" cli="chip fabric_commissioning setregulatoryconfigresponse">
<description>Sender expects SetRegulatoryConfigResponse command within TimeoutMs milliseconds after sending SetRegulatoryConfig command</description>
Expand All @@ -69,6 +75,7 @@ limitations under the License.
</command>
<command source="client" code="0x04" name="CommissioningComplete" response="CommissioningCompleteResponse" optional="false" cli="chip fabric_commissioning commissioningcomplete">
<description>Signals the Commissionee that the Commissioner has successfully completed all steps of commissioning</description>
<access op="invoke" privilege="administer"/>
</command>
<command source="server" code="0x05" name="CommissioningCompleteResponse" optional="false" cli="chip fabric_commissioning commissioningcompleteresponse">
<description>Sender expects CommissioningCompleteResponse command if the CommissioningComplete command was correctly received</description>
Expand Down
Loading

0 comments on commit 110205c

Please sign in to comment.