6 use Storable
qw(dclone);
9 use PVE
::AccessControl
;
11 PVE
::AccessControl
::create_roles
();
12 my $default_user_cfg = {};
13 PVE
::AccessControl
::userconfig_force_defaults
($default_user_cfg);
15 my $add_default_user_properties = sub {
18 $user->{enable
} = 1 if !defined($user->{enable
});
19 $user->{expire
} = 0 if !defined($user->{expire
});
20 $user->{email
} = undef if !defined($user->{email
});
26 my $roles = dclone
($default_user_cfg->{roles
});
30 sub default_roles_with
{
31 my ($extra_roles) = @_;
33 my $roles = default_roles
();
35 foreach my $r (@$extra_roles) {
36 my $role = dclone
($r);
37 my $roleid = delete $role->{id
};
38 $roles->{$roleid} = $role;
45 my $users = dclone
($default_user_cfg->{users
});
46 return { map { $_ => $add_default_user_properties->($users->{$_}); } keys %$users};
49 sub default_users_with
{
50 my ($extra_users) = @_;
52 my $users = default_users
();
54 foreach my $u (@$extra_users) {
55 my $user = dclone
($u);
56 my $userid = delete $user->{id
};
57 $users->{$userid} = $add_default_user_properties->($user);
67 sub default_groups_with
{
68 my ($extra_groups) = @_;
70 my $groups = default_groups
();
72 foreach my $g (@$extra_groups) {
73 my $group = dclone
($g);
74 my $groupid = delete $group->{id
};
75 $groups->{$groupid} = $group;
85 sub default_pools_with
{
86 my ($extra_pools) = @_;
88 my $pools = default_pools
();
90 foreach my $p (@$extra_pools) {
91 my $pool = dclone
($p);
92 my $poolid = delete $pool->{id
};
93 $pools->{$poolid} = $pool;
99 sub default_pool_vms_with
{
100 my ($extra_pools) = @_;
103 foreach my $pool (@$extra_pools) {
104 foreach my $vmid (keys %{$pool->{vms
}}) {
105 $vms->{$vmid} = $pool->{id
};
115 # note: does not support merging paths!
116 sub default_acls_with
{
117 my ($extra_acls) = @_;
119 my $acls = default_acls
();
121 foreach my $a (@$extra_acls) {
122 my $acl = dclone
($a);
123 my $path = delete $acl->{path
};
124 my $split_path = [ split("/", $path) ];
126 for my $p (@$split_path) {
128 $node->{children
} = {} if !$node->{children
};
129 $node->{children
}->{$p} = {} if !$node->{children
}->{$p};
130 $node = $node->{children
}->{$p};
151 test_pam_with_group
=> {
156 'groups' => { 'testgroup' => 1 },
158 test2_pam_with_group
=> {
163 'groups' => { 'testgroup' => 1 },
170 'groups' => { 'another' => 1 },
172 test_pam_with_token
=> {
184 test_pam2_with_token
=> {
204 test_group_empty
=> {
208 test_group_single_member
=> {
214 test_group_members
=> {
221 test_group_second
=> {
227 test_role_single_priv
=> {
228 'id' => 'testrolesingle',
234 'Datastore.Audit' => 1,
241 test_pool_members
=> {
243 vms
=> { 123 => 1, 1234 => 1},
244 storage
=> { 'local' => 1, 'local-zfs' => 1},
246 test_pool_duplicate_vms
=> {
247 'id' => 'test_duplicate_vms',
251 test_pool_duplicate_storages
=> {
252 'id' => 'test_duplicate_storages',
254 storage
=> { 'local' => 1, 'local-zfs' => 1},
264 acl_complex_users
=> {
265 'path' => '/storage',
268 'PVEDatastoreUser' => 1,
271 'PVEDatastoreAdmin' => 1,
275 acl_complex_missing_user
=> {
276 'path' => '/storage',
279 'PVEDatastoreUser' => 1,
282 'PVEDatastoreAdmin' => 1,
286 acl_simple_token
=> {
294 acl_complex_tokens
=> {
295 'path' => '/storage',
297 'test2@pam!privsep' => {
298 'PVEDatastoreUser' => 1,
300 'test2@pam!expired' => {
301 'PVEDatastoreAdmin' => 1,
304 'PVEDatastoreAdmin' => 1,
308 acl_complex_missing_token
=> {
309 'path' => '/storage',
311 'test2@pam!expired' => {
312 'PVEDatastoreAdmin' => 1,
314 'test2@pam!privsep' => {
315 'PVEDatastoreUser' => 1,
319 acl_simple_group
=> {
327 acl_complex_groups
=> {
328 'path' => '/storage',
331 'PVEDatastoreAdmin' => 1,
334 'PVEDatastoreUser' => 1,
338 acl_simple_group_noprop
=> {
346 acl_complex_groups_noprop
=> {
347 'path' => '/storage',
350 'PVEDatastoreAdmin' => 0,
353 'PVEDatastoreUser' => 0,
357 acl_complex_missing_group
=> {
358 'path' => '/storage',
361 'PVEDatastoreAdmin' => 1,
364 'PVEDatastoreUser' => 1,
368 acl_missing_role
=> {
369 'path' => '/storage',
378 $default_cfg->{'acl_complex_mixed_root'} = {
380 users
=> $default_cfg->{'acl_simple_user'}->{users
},
381 groups
=> $default_cfg->{'acl_simple_group'}->{groups
},
384 $default_cfg->{'acl_complex_mixed_storage'} = {
385 'path' => '/storage',
386 users
=> $default_cfg->{'acl_complex_users'}->{users
},
387 groups
=> $default_cfg->{'acl_complex_groups'}->{groups
},
390 $default_cfg->{'acl_complex_mixed_root_noprop'} = {
392 users
=> $default_cfg->{'acl_simple_user'}->{users
},
393 groups
=> $default_cfg->{'acl_simple_group_noprop'}->{groups
},
396 $default_cfg->{'acl_complex_mixed_storage_noprop'} = {
397 'path' => '/storage',
398 users
=> $default_cfg->{'acl_complex_users'}->{users
},
399 groups
=> $default_cfg->{'acl_complex_groups_noprop'}->{groups
},
404 'root@pam' => 'user:root@pam:1:0::::::',
405 'test_pam' => 'user:test@pam:1:0::::::',
406 'test2_pam' => 'user:test2@pam:1:0::::::',
407 'test3_pam' => 'user:test3@pam:1:0::::::',
410 'test_group_empty' => 'group:testgroup:::',
411 'test_group_single_member' => 'group:testgroup:test@pam::',
412 'test_group_members' => 'group:testgroup:test2@pam,test@pam::',
413 'test_group_members_out_of_order' => 'group:testgroup:test@pam,test2@pam::',
414 'test_group_second' => 'group:another:test3@pam::',
417 'test_token_simple' => 'token:test@pam!full:0:0::',
418 'test_token_multi_full' => 'token:test2@pam!full:0:0::',
419 'test_token_multi_privsep' => 'token:test2@pam!privsep:0:1::',
420 'test_token_multi_expired' => 'token:test2@pam!expired:1:0::',
423 'test_role_single_priv' => 'role:testrolesingle:VM.Allocate:',
424 'test_role_privs' => 'role:testrole:Datastore.Audit,VM.Allocate:',
425 'test_role_privs_out_of_order' => 'role:testrole:VM.Allocate,Datastore.Audit:',
426 'test_role_privs_duplicate' => 'role:testrole:VM.Allocate,Datastore.Audit,VM.Allocate:',
427 'test_role_privs_invalid' => 'role:testrole:VM.Invalid,Datastore.Audit,VM.Allocate:',
430 'test_pool_empty' => 'pool:testpool::::',
431 'test_pool_invalid' => 'pool:testpool::non-numeric:inval!d:',
432 'test_pool_members' => 'pool:testpool::123,1234:local,local-zfs:',
433 'test_pool_duplicate_vms' => 'pool:test_duplicate_vms::123,1234::',
434 'test_pool_duplicate_vms_expected' => 'pool:test_duplicate_vms::::',
435 'test_pool_duplicate_storages' => 'pool:test_duplicate_storages:::local,local-zfs:',
438 'acl_simple_user' => 'acl:1:/:test@pam:PVEVMAdmin:',
439 'acl_complex_users_1' => 'acl:1:/storage:test@pam:PVEDatastoreAdmin:',
440 'acl_complex_users_2' => 'acl:1:/storage:test2@pam:PVEDatastoreUser:',
441 'acl_simple_token' => 'acl:1:/:test@pam!full:PVEVMAdmin:',
442 'acl_complex_tokens_1' => 'acl:1:/storage:test2@pam!expired,test@pam!full:PVEDatastoreAdmin:',
443 'acl_complex_tokens_2' => 'acl:1:/storage:test2@pam!privsep:PVEDatastoreUser:',
444 'acl_complex_tokens_1_missing' => 'acl:1:/storage:test2@pam!expired:PVEDatastoreAdmin:',
445 'acl_simple_group' => 'acl:1:/:@testgroup:PVEVMAdmin:',
446 'acl_complex_groups_1' => 'acl:1:/storage:@testgroup:PVEDatastoreAdmin:',
447 'acl_complex_groups_2' => 'acl:1:/storage:@another:PVEDatastoreUser:',
448 'acl_simple_group_noprop' => 'acl:0:/:@testgroup:PVEVMAdmin:',
449 'acl_complex_groups_1_noprop' => 'acl:0:/storage:@testgroup:PVEDatastoreAdmin:',
450 'acl_complex_groups_2_noprop' => 'acl:0:/storage:@another:PVEDatastoreUser:',
451 'acl_complex_mixed_1' => 'acl:1:/:@testgroup,test@pam:PVEVMAdmin:',
452 'acl_complex_mixed_2' => 'acl:1:/storage:@testgroup,test@pam:PVEDatastoreAdmin:',
453 'acl_complex_mixed_3' => 'acl:1:/storage:@another,test2@pam:PVEDatastoreUser:',
454 'acl_missing_role' => 'acl:1:/storage:test@pam:MissingRole:',
460 name
=> "empty_config",
463 acl_root
=> default_acls
(),
464 users
=> { 'root@pam' => { enable
=> 1 } },
465 roles
=> default_roles
(),
468 expected_raw
=> "\n\n\n\n",
471 name
=> "default_config",
473 acl_root
=> default_acls
(),
474 users
=> default_users
(),
475 roles
=> default_roles
(),
477 raw
=> $default_raw->{users
}->{'root@pam'}."\n\n\n\n\n",
480 name
=> "group_empty",
482 acl_root
=> default_acls
(),
483 users
=> default_users
(),
484 roles
=> default_roles
(),
485 groups
=> default_groups_with
([$default_cfg->{'test_group_empty'}]),
488 $default_raw->{users
}->{'root@pam'}."\n\n".
489 $default_raw->{groups
}->{'test_group_empty'}."\n\n".
493 name
=> "group_inexisting_member",
495 acl_root
=> default_acls
(),
496 users
=> default_users
(),
497 roles
=> default_roles
(),
498 groups
=> default_groups_with
([$default_cfg->{'test_group_empty'}]),
501 $default_raw->{users
}->{'root@pam'}."\n\n".
502 "group:testgroup:does_not_exist::".
505 $default_raw->{users
}->{'root@pam'}."\n\n".
506 $default_raw->{groups
}->{'test_group_empty'}."\n\n".
510 name
=> "group_invalid_member",
512 acl_root
=> default_acls
(),
513 users
=> default_users
(),
514 roles
=> default_roles
(),
517 $default_raw->{users
}->{'root@pam'}."\n\n".
518 'group:inval!d:root@pam:'.
522 name
=> "group_with_one_member",
524 acl_root
=> default_acls
(),
525 users
=> default_users_with
([$default_cfg->{test_pam_with_group
}]),
526 roles
=> default_roles
(),
527 groups
=> default_groups_with
([$default_cfg->{'test_group_single_member'}]),
530 $default_raw->{users
}->{'root@pam'}."\n".
531 $default_raw->{users
}->{'test_pam'}."\n\n".
532 $default_raw->{groups
}->{'test_group_single_member'}."\n\n".
536 name
=> "group_with_members",
538 acl_root
=> default_acls
(),
539 users
=> default_users_with
([$default_cfg->{test_pam_with_group
}, $default_cfg->{test2_pam_with_group
}]),
540 roles
=> default_roles
(),
541 groups
=> default_groups_with
([$default_cfg->{'test_group_members'}]),
544 $default_raw->{users
}->{'root@pam'}."\n".
545 $default_raw->{users
}->{'test2_pam'}."\n".
546 $default_raw->{users
}->{'test_pam'}."\n\n".
547 $default_raw->{groups
}->{'test_group_members'}."\n\n".
551 name
=> "token_simple",
553 acl_root
=> default_acls
(),
554 users
=> default_users_with
([$default_cfg->{test_pam_with_token
}]),
555 roles
=> default_roles
(),
558 $default_raw->{users
}->{'root@pam'}."\n".
559 $default_raw->{users
}->{'test_pam'}."\n".
560 $default_raw->{tokens
}->{'test_token_simple'}."\n\n\n\n\n",
563 name
=> "token_multi",
565 acl_root
=> default_acls
(),
566 users
=> default_users_with
([$default_cfg->{test_pam_with_token
}, $default_cfg->{test_pam2_with_token
}]),
567 roles
=> default_roles
(),
570 $default_raw->{users
}->{'root@pam'}."\n".
571 $default_raw->{users
}->{'test2_pam'}."\n".
572 $default_raw->{tokens
}->{'test_token_multi_expired'}."\n".
573 $default_raw->{tokens
}->{'test_token_multi_full'}."\n".
574 $default_raw->{tokens
}->{'test_token_multi_privsep'}."\n".
575 $default_raw->{users
}->{'test_pam'}."\n".
576 $default_raw->{tokens
}->{'test_token_simple'}."\n".
580 name
=> "custom_role_with_single_priv",
582 acl_root
=> default_acls
(),
583 users
=> default_users
(),
584 roles
=> default_roles_with
([$default_cfg->{test_role_single_priv
}]),
587 $default_raw->{users
}->{'root@pam'}."\n\n\n\n".
588 $default_raw->{roles
}->{'test_role_single_priv'}."\n\n",
591 name
=> "custom_role_with_privs",
593 acl_root
=> default_acls
(),
594 users
=> default_users
(),
595 roles
=> default_roles_with
([$default_cfg->{test_role_privs
}]),
598 $default_raw->{users
}->{'root@pam'}."\n\n\n\n".
599 $default_raw->{roles
}->{'test_role_privs'}."\n\n",
602 name
=> "custom_role_with_duplicate_privs",
604 acl_root
=> default_acls
(),
605 users
=> default_users
(),
606 roles
=> default_roles_with
([$default_cfg->{test_role_privs
}]),
609 $default_raw->{users
}->{'root@pam'}."\n\n\n\n".
610 $default_raw->{roles
}->{'test_role_privs_duplicate'}."\n\n",
612 $default_raw->{users
}->{'root@pam'}."\n\n\n\n".
613 $default_raw->{roles
}->{'test_role_privs'}."\n\n",
616 name
=> "custom_role_with_invalid_priv",
618 acl_root
=> default_acls
(),
619 users
=> default_users
(),
620 roles
=> default_roles_with
([$default_cfg->{test_role_privs
}]),
623 $default_raw->{users
}->{'root@pam'}."\n\n\n\n".
624 $default_raw->{roles
}->{'test_role_privs_invalid'}."\n\n",
626 $default_raw->{users
}->{'root@pam'}."\n\n\n\n".
627 $default_raw->{roles
}->{'test_role_privs'}."\n\n",
630 name
=> "pool_empty",
632 acl_root
=> default_acls
(),
633 users
=> default_users
(),
634 roles
=> default_roles
(),
635 pools
=> default_pools_with
([$default_cfg->{test_pool_empty
}]),
638 $default_raw->{users
}->{'root@pam'}."\n\n\n".
639 $default_raw->{pools
}->{'test_pool_empty'}."\n\n\n",
642 name
=> "pool_invalid",
644 acl_root
=> default_acls
(),
645 users
=> default_users
(),
646 roles
=> default_roles
(),
647 pools
=> default_pools_with
([$default_cfg->{test_pool_empty
}]),
650 $default_raw->{users
}->{'root@pam'}."\n\n\n".
651 $default_raw->{pools
}->{'test_pool_invalid'}."\n\n\n",
653 $default_raw->{users
}->{'root@pam'}."\n\n\n".
654 $default_raw->{pools
}->{'test_pool_empty'}."\n\n\n",
657 name
=> "pool_members",
659 acl_root
=> default_acls
(),
660 users
=> default_users
(),
661 roles
=> default_roles
(),
662 pools
=> default_pools_with
([$default_cfg->{test_pool_members
}]),
663 vms
=> default_pool_vms_with
([$default_cfg->{test_pool_members
}]),
666 $default_raw->{users
}->{'root@pam'}."\n\n\n".
667 $default_raw->{pools
}->{'test_pool_members'}."\n\n\n",
670 name
=> "pool_duplicate_members",
672 acl_root
=> default_acls
(),
673 users
=> default_users
(),
674 roles
=> default_roles
(),
675 pools
=> default_pools_with
([$default_cfg->{test_pool_members
}, $default_cfg->{test_pool_duplicate_vms
}, $default_cfg->{test_pool_duplicate_storages
}]),
676 vms
=> default_pool_vms_with
([$default_cfg->{test_pool_members
}]),
679 $default_raw->{users
}->{'root@pam'}."\n\n\n".
680 $default_raw->{pools
}->{'test_pool_members'}."\n".
681 $default_raw->{pools
}->{'test_pool_duplicate_vms'}."\n".
682 $default_raw->{pools
}->{'test_pool_duplicate_storages'}."\n",
684 $default_raw->{users
}->{'root@pam'}."\n\n\n".
685 $default_raw->{pools
}->{'test_pool_duplicate_storages'}."\n".
686 $default_raw->{pools
}->{'test_pool_duplicate_vms_expected'}."\n".
687 $default_raw->{pools
}->{'test_pool_members'}."\n\n\n",
690 name
=> "acl_simple_user",
692 users
=> default_users_with
([$default_cfg->{test_pam
}]),
693 roles
=> default_roles
(),
694 acl_root
=> default_acls_with
([$default_cfg->{acl_simple_user
}]),
697 $default_raw->{users
}->{'root@pam'}."\n".
698 $default_raw->{users
}->{'test_pam'}."\n\n\n\n\n".
699 $default_raw->{acl
}->{'acl_simple_user'}."\n",
702 name
=> "acl_complex_users",
704 users
=> default_users_with
([$default_cfg->{test_pam
}, $default_cfg->{'test2_pam'}]),
705 roles
=> default_roles
(),
706 acl_root
=> default_acls_with
([$default_cfg->{acl_simple_user
}, $default_cfg->{acl_complex_users
}]),
709 $default_raw->{users
}->{'root@pam'}."\n".
710 $default_raw->{users
}->{'test2_pam'}."\n".
711 $default_raw->{users
}->{'test_pam'}."\n\n\n\n\n".
712 $default_raw->{acl
}->{'acl_simple_user'}."\n".
713 $default_raw->{acl
}->{'acl_complex_users_1'}."\n".
714 $default_raw->{acl
}->{'acl_complex_users_2'}."\n",
717 name
=> "acl_complex_missing_user",
719 users
=> default_users_with
([$default_cfg->{test2_pam
}]),
720 roles
=> default_roles
(),
721 acl_root
=> default_acls_with
([$default_cfg->{acl_simple_user
}, $default_cfg->{acl_complex_missing_user
}]),
724 $default_raw->{users
}->{'root@pam'}."\n".
725 $default_raw->{users
}->{'test2_pam'}."\n\n\n\n\n".
726 $default_raw->{acl
}->{'acl_simple_user'}."\n".
727 $default_raw->{acl
}->{'acl_complex_users_1'}."\n".
728 $default_raw->{acl
}->{'acl_complex_users_2'}."\n",
731 name
=> "acl_simple_group",
733 users
=> default_users_with
([$default_cfg->{test_pam_with_group
}]),
734 groups
=> default_groups_with
([$default_cfg->{'test_group_single_member'}]),
735 roles
=> default_roles
(),
736 acl_root
=> default_acls_with
([$default_cfg->{acl_simple_group
}]),
739 $default_raw->{users
}->{'root@pam'}."\n".
740 $default_raw->{users
}->{'test_pam'}."\n\n".
741 $default_raw->{groups
}->{'test_group_single_member'}."\n\n\n\n".
742 $default_raw->{acl
}->{'acl_simple_group'}."\n",
745 name
=> "acl_complex_groups",
747 users
=> default_users_with
([$default_cfg->{test_pam_with_group
}, $default_cfg->{'test2_pam_with_group'}, $default_cfg->{'test3_pam'}]),
748 groups
=> default_groups_with
([$default_cfg->{'test_group_members'}, $default_cfg->{'test_group_second'}]),
749 roles
=> default_roles
(),
750 acl_root
=> default_acls_with
([$default_cfg->{acl_simple_group
}, $default_cfg->{acl_complex_groups
}]),
753 $default_raw->{users
}->{'root@pam'}."\n".
754 $default_raw->{users
}->{'test2_pam'}."\n".
755 $default_raw->{users
}->{'test3_pam'}."\n".
756 $default_raw->{users
}->{'test_pam'}."\n\n".
757 $default_raw->{groups
}->{'test_group_second'}."\n".
758 $default_raw->{groups
}->{'test_group_members'}."\n\n\n\n".
759 $default_raw->{acl
}->{'acl_simple_group'}."\n".
760 $default_raw->{acl
}->{'acl_complex_groups_1'}."\n".
761 $default_raw->{acl
}->{'acl_complex_groups_2'}."\n",
764 name
=> "acl_complex_missing_group",
766 users
=> default_users_with
([$default_cfg->{test_pam
}, $default_cfg->{'test2_pam'}, $default_cfg->{'test3_pam'}]),
767 groups
=> default_groups_with
([$default_cfg->{'test_group_second'}]),
768 roles
=> default_roles
(),
769 acl_root
=> default_acls_with
([$default_cfg->{acl_simple_group
}, $default_cfg->{acl_complex_missing_group
}]),
772 $default_raw->{users
}->{'root@pam'}."\n".
773 $default_raw->{users
}->{'test2_pam'}."\n".
774 $default_raw->{users
}->{'test3_pam'}."\n".
775 $default_raw->{users
}->{'test_pam'}."\n\n".
776 $default_raw->{groups
}->{'test_group_second'}."\n".
777 $default_raw->{acl
}->{'acl_simple_group'}."\n".
778 $default_raw->{acl
}->{'acl_complex_groups_1'}."\n".
779 $default_raw->{acl
}->{'acl_complex_groups_2'}."\n",
781 $default_raw->{users
}->{'root@pam'}."\n".
782 $default_raw->{users
}->{'test2_pam'}."\n".
783 $default_raw->{users
}->{'test3_pam'}."\n".
784 $default_raw->{users
}->{'test_pam'}."\n\n".
785 $default_raw->{groups
}->{'test_group_second'}."\n\n\n\n".
786 $default_raw->{acl
}->{'acl_simple_group'}."\n".
787 $default_raw->{acl
}->{'acl_complex_groups_1'}."\n".
788 $default_raw->{acl
}->{'acl_complex_groups_2'}."\n",
791 name
=> "acl_simple_token",
793 users
=> default_users_with
([$default_cfg->{test_pam_with_token
}]),
794 roles
=> default_roles
(),
795 acl_root
=> default_acls_with
([$default_cfg->{acl_simple_token
}]),
798 $default_raw->{users
}->{'root@pam'}."\n".
799 $default_raw->{users
}->{'test_pam'}."\n".
800 $default_raw->{tokens
}->{'test_token_simple'}."\n\n\n\n\n".
801 $default_raw->{acl
}->{'acl_simple_token'}."\n",
804 name
=> "acl_complex_tokens",
806 users
=> default_users_with
([$default_cfg->{test_pam_with_token
}, $default_cfg->{'test_pam2_with_token'}]),
807 roles
=> default_roles
(),
808 acl_root
=> default_acls_with
([$default_cfg->{acl_simple_token
}, $default_cfg->{acl_complex_tokens
}]),
811 $default_raw->{users
}->{'root@pam'}."\n".
812 $default_raw->{users
}->{'test2_pam'}."\n".
813 $default_raw->{tokens
}->{'test_token_multi_expired'}."\n".
814 $default_raw->{tokens
}->{'test_token_multi_full'}."\n".
815 $default_raw->{tokens
}->{'test_token_multi_privsep'}."\n".
816 $default_raw->{users
}->{'test_pam'}."\n".
817 $default_raw->{tokens
}->{'test_token_simple'}."\n\n\n\n\n".
818 $default_raw->{acl
}->{'acl_simple_token'}."\n".
819 $default_raw->{acl
}->{'acl_complex_tokens_1'}."\n".
820 $default_raw->{acl
}->{'acl_complex_tokens_2'}."\n",
823 name
=> "acl_complex_missing_token",
825 users
=> default_users_with
([$default_cfg->{test_pam
}, $default_cfg->{test_pam2_with_token
}]),
826 roles
=> default_roles
(),
827 acl_root
=> default_acls_with
([$default_cfg->{acl_complex_missing_token
}]),
830 $default_raw->{users
}->{'root@pam'}."\n".
831 $default_raw->{users
}->{'test2_pam'}."\n".
832 $default_raw->{tokens
}->{'test_token_multi_expired'}."\n".
833 $default_raw->{tokens
}->{'test_token_multi_full'}."\n".
834 $default_raw->{tokens
}->{'test_token_multi_privsep'}."\n".
835 $default_raw->{users
}->{'test_pam'}."\n".
836 $default_raw->{acl
}->{'acl_simple_token'}."\n".
837 $default_raw->{acl
}->{'acl_complex_tokens_1'}."\n".
838 $default_raw->{acl
}->{'acl_complex_tokens_2'}."\n",
840 $default_raw->{users
}->{'root@pam'}."\n".
841 $default_raw->{users
}->{'test2_pam'}."\n".
842 $default_raw->{tokens
}->{'test_token_multi_expired'}."\n".
843 $default_raw->{tokens
}->{'test_token_multi_full'}."\n".
844 $default_raw->{tokens
}->{'test_token_multi_privsep'}."\n".
845 $default_raw->{users
}->{'test_pam'}."\n\n\n\n\n".
846 $default_raw->{acl
}->{'acl_complex_tokens_1_missing'}."\n".
847 $default_raw->{acl
}->{'acl_complex_tokens_2'}."\n",
850 name
=> "acl_missing_role",
852 users
=> default_users_with
([$default_cfg->{test_pam
}]),
853 roles
=> default_roles
(),
854 acl_root
=> default_acls_with
([$default_cfg->{acl_simple_user
}]),
857 $default_raw->{users
}->{'root@pam'}."\n".
858 $default_raw->{users
}->{'test_pam'}."\n\n\n\n\n".
859 $default_raw->{acl
}->{'acl_simple_user'}."\n".
860 $default_raw->{acl
}->{'acl_missing_role'}."\n",
862 $default_raw->{users
}->{'root@pam'}."\n".
863 $default_raw->{users
}->{'test_pam'}."\n\n\n\n\n".
864 $default_raw->{acl
}->{'acl_simple_user'}."\n",
867 name
=> "acl_complex_mixed",
869 users
=> default_users_with
([$default_cfg->{test_pam_with_group
}, $default_cfg->{'test2_pam_with_group'}, $default_cfg->{'test3_pam'}]),
870 groups
=> default_groups_with
([$default_cfg->{'test_group_members'}, $default_cfg->{'test_group_second'}]),
871 roles
=> default_roles
(),
872 acl_root
=> default_acls_with
([
873 $default_cfg->{acl_complex_mixed_root
},
874 $default_cfg->{acl_complex_mixed_storage
},
878 $default_raw->{users
}->{'root@pam'}."\n".
879 $default_raw->{users
}->{'test2_pam'}."\n".
880 $default_raw->{users
}->{'test3_pam'}."\n".
881 $default_raw->{users
}->{'test_pam'}."\n\n".
882 $default_raw->{groups
}->{'test_group_second'}."\n".
883 $default_raw->{groups
}->{'test_group_members'}."\n\n\n\n".
884 $default_raw->{acl
}->{'acl_simple_group'}."\n".
885 $default_raw->{acl
}->{'acl_complex_groups_1'}."\n".
886 $default_raw->{acl
}->{'acl_complex_groups_2'}."\n".
887 $default_raw->{acl
}->{'acl_simple_user'}."\n".
888 $default_raw->{acl
}->{'acl_complex_users_1'}."\n".
889 $default_raw->{acl
}->{'acl_complex_users_2'}."\n",
891 $default_raw->{users
}->{'root@pam'}."\n".
892 $default_raw->{users
}->{'test2_pam'}."\n".
893 $default_raw->{users
}->{'test3_pam'}."\n".
894 $default_raw->{users
}->{'test_pam'}."\n\n".
895 $default_raw->{groups
}->{'test_group_second'}."\n".
896 $default_raw->{groups
}->{'test_group_members'}."\n\n\n\n".
897 $default_raw->{acl
}->{'acl_complex_mixed_1'}."\n".
898 $default_raw->{acl
}->{'acl_complex_mixed_2'}."\n".
899 $default_raw->{acl
}->{'acl_complex_mixed_3'}."\n",
902 name
=> "acl_complex_mixed_prop_noprop_no_merge_sort_by_path",
904 users
=> default_users_with
([$default_cfg->{test_pam_with_group
}, $default_cfg->{'test2_pam_with_group'}, $default_cfg->{'test3_pam'}]),
905 groups
=> default_groups_with
([$default_cfg->{'test_group_members'}, $default_cfg->{'test_group_second'}]),
906 roles
=> default_roles
(),
907 acl_root
=> default_acls_with
([
908 $default_cfg->{acl_complex_mixed_root_noprop
},
909 $default_cfg->{acl_complex_mixed_storage_noprop
},
913 $default_raw->{users
}->{'root@pam'}."\n".
914 $default_raw->{users
}->{'test2_pam'}."\n".
915 $default_raw->{users
}->{'test3_pam'}."\n".
916 $default_raw->{users
}->{'test_pam'}."\n\n".
917 $default_raw->{groups
}->{'test_group_second'}."\n".
918 $default_raw->{groups
}->{'test_group_members'}."\n\n\n\n".
919 $default_raw->{acl
}->{'acl_simple_group_noprop'}."\n".
920 $default_raw->{acl
}->{'acl_simple_user'}."\n".
921 $default_raw->{acl
}->{'acl_complex_groups_1_noprop'}."\n".
922 $default_raw->{acl
}->{'acl_complex_groups_2_noprop'}."\n".
923 $default_raw->{acl
}->{'acl_complex_users_1'}."\n".
924 $default_raw->{acl
}->{'acl_complex_users_2'}."\n",
927 name
=> "sort_roles_and_privs",
929 $default_raw->{users
}->{'root@pam'}."\n".
930 $default_raw->{roles
}->{'test_role_single_priv'}."\n\n".
931 $default_raw->{roles
}->{'test_role_privs_out_of_order'}."\n\n",
933 $default_raw->{users
}->{'root@pam'}."\n\n\n\n".
934 $default_raw->{roles
}->{'test_role_privs'}."\n".
935 $default_raw->{roles
}->{'test_role_single_priv'}."\n\n",
938 name
=> "sort_users_and_group_members",
940 $default_raw->{users
}->{'test2_pam'}."\n".
941 $default_raw->{users
}->{'root@pam'}."\n".
942 $default_raw->{users
}->{'test_pam'}."\n\n".
943 $default_raw->{groups
}->{'test_group_members_out_of_order'}."\n\n".
946 $default_raw->{users
}->{'root@pam'}."\n".
947 $default_raw->{users
}->{'test2_pam'}."\n".
948 $default_raw->{users
}->{'test_pam'}."\n\n".
949 $default_raw->{groups
}->{'test_group_members'}."\n\n".
953 name
=> "sort_user_groups_and_acls",
955 $default_raw->{users
}->{'test2_pam'}."\n".
956 $default_raw->{users
}->{'root@pam'}."\n".
957 $default_raw->{users
}->{'test_pam'}."\n\n".
958 $default_raw->{users
}->{'test3_pam'}."\n".
959 $default_raw->{groups
}->{'test_group_members_out_of_order'}."\n\n\n\n".
960 $default_raw->{groups
}->{'test_group_second'}."\n".
961 $default_raw->{acl
}->{'acl_simple_user'}."\n".
962 $default_raw->{acl
}->{'acl_simple_group'}."\n".
963 $default_raw->{acl
}->{'acl_complex_users_1'}."\n".
964 $default_raw->{acl
}->{'acl_complex_users_2'}."\n".
965 $default_raw->{acl
}->{'acl_complex_groups_1'}."\n".
966 $default_raw->{acl
}->{'acl_complex_groups_2'}."\n",
968 $default_raw->{users
}->{'root@pam'}."\n".
969 $default_raw->{users
}->{'test2_pam'}."\n".
970 $default_raw->{users
}->{'test3_pam'}."\n".
971 $default_raw->{users
}->{'test_pam'}."\n\n".
972 $default_raw->{groups
}->{'test_group_second'}."\n".
973 $default_raw->{groups
}->{'test_group_members'}."\n\n\n\n".
974 $default_raw->{acl
}->{'acl_complex_mixed_1'}."\n".
975 $default_raw->{acl
}->{'acl_complex_mixed_2'}."\n".
976 $default_raw->{acl
}->{'acl_complex_mixed_3'}."\n",
979 name
=> 'default_values',
999 roles
=> default_roles_with
([{ id
=> 'testrole' }]),
1000 groups
=> default_groups_with
([$default_cfg->{test_group_empty
}]),
1001 pools
=> default_pools_with
([$default_cfg->{test_pool_empty
}]),
1005 'user:root@pam'."\n".
1006 'user:test@pam'."\n".
1007 'token:test@pam!test'."\n\n".
1008 'group:testgroup'."\n\n".
1009 'pool:testpool'."\n\n".
1010 'role:testrole'."\n\n".
1013 'user:root@pam:0:0::::::'."\n".
1014 'user:test@pam:0:0::::::'."\n".
1015 'token:test@pam!test:0:0::'."\n\n".
1016 'group:testgroup:::'."\n\n".
1017 'pool:testpool::::'."\n\n".
1018 'role:testrole::'."\n\n",
1023 my $number_of_tests_run = 0;
1024 foreach my $t (@$tests) {
1025 my $expected_config = $t->{expected_config
} // $t->{config
};
1026 my $expected_raw = $t->{expected_raw
} // $t->{raw
};
1027 if (defined($t->{raw
})) {
1028 my $parsed = PVE
::AccessControl
::parse_user_config
($t->{name
}, $t->{raw
});
1029 if (defined($expected_config)) {
1030 is_deeply
($parsed, $expected_config, "$t->{name}_parse");
1031 $number_of_tests_run++;
1033 if (defined($t->{expected_raw
}) && !defined($t->{config
})) {
1034 is(PVE
::AccessControl
::write_user_config
($t->{name
}, $parsed), $t->{expected_raw
}, "$t->{name}_rewrite");
1035 $number_of_tests_run++;
1039 if (defined($t->{config
})) {
1040 my $written = PVE
::AccessControl
::write_user_config
($t->{name
}, $t->{config
});
1041 if (defined($expected_raw)) {
1042 is($written, $expected_raw, "$t->{name}_write");
1043 $number_of_tests_run++;
1045 if (defined($t->{expected_config
}) && !defined($t->{raw
})) {
1046 is_deeply
(PVE
::AccessControl
::parse_user_config
($t->{name
}, $t->{written
}), $t->{expected_config
}, "$t->{name}_reparse");
1047 $number_of_tests_run++;
1052 done_testing
( $number_of_tests_run);